8 Flow dissector is a routine that parses metadata out of the packets. It's
9 used in the various places in the networking subsystem (RFS, flow hash, etc).
11 BPF flow dissector is an attempt to reimplement C-based flow dissector logic
12 in BPF to gain all the benefits of BPF verifier (namely, limits on the
13 number of instructions and tail calls).
18 BPF flow dissector programs operate on an __sk_buff. However, only the
19 limited set of fields is allowed: data, data_end and flow_keys. flow_keys
20 is 'struct bpf_flow_keys' and contains flow dissector input and
24 * nhoff - initial offset of the networking header
25 * thoff - initial offset of the transport header, initialized to nhoff
26 * n_proto - L3 protocol type, parsed out of L2 header
28 Flow dissector BPF program should fill out the rest of the 'struct
29 bpf_flow_keys' fields. Input arguments nhoff/thoff/n_proto should be also
32 The return code of the BPF program is either BPF_OK to indicate successful
33 dissection, or BPF_DROP to indicate parsing error.
38 In the VLAN-less case, this is what the initial state of the BPF flow
40 +------+------+------------+-----------+
41 | DMAC | SMAC | ETHER_TYPE | L3_HEADER |
42 +------+------+------------+-----------+
45 +-- flow dissector starts here
47 skb->data + flow_keys->nhoff point to the first byte of L3_HEADER.
48 flow_keys->thoff = nhoff
49 flow_keys->n_proto = ETHER_TYPE
52 In case of VLAN, flow dissector can be called with the two different states.
55 +------+------+------+-----+-----------+-----------+
56 | DMAC | SMAC | TPID | TCI |ETHER_TYPE | L3_HEADER |
57 +------+------+------+-----+-----------+-----------+
60 +-- flow dissector starts here
62 skb->data + flow_keys->nhoff point the to first byte of TCI.
63 flow_keys->thoff = nhoff
64 flow_keys->n_proto = TPID
66 Please note that TPID can be 802.1AD and, hence, BPF program would
67 have to parse VLAN information twice for double tagged packets.
71 +------+------+------+-----+-----------+-----------+
72 | DMAC | SMAC | TPID | TCI |ETHER_TYPE | L3_HEADER |
73 +------+------+------+-----+-----------+-----------+
76 +-- flow dissector starts here
78 skb->data + flow_keys->nhoff point the to first byte of L3_HEADER.
79 flow_keys->thoff = nhoff
80 flow_keys->n_proto = ETHER_TYPE
82 In this case VLAN information has been processed before the flow dissector
83 and BPF flow dissector is not required to handle it.
86 The takeaway here is as follows: BPF flow dissector program can be called with
87 the optional VLAN header and should gracefully handle both cases: when single
88 or double VLAN is present and when it is not present. The same program
89 can be called for both cases and would have to be written carefully to
93 Reference Implementation
94 ========================
96 See tools/testing/selftests/bpf/progs/bpf_flow.c for the reference
97 implementation and tools/testing/selftests/bpf/flow_dissector_load.[hc] for
98 the loader. bpftool can be used to load BPF flow dissector program as well.
100 The reference implementation is organized as follows:
101 * jmp_table map that contains sub-programs for each supported L3 protocol
102 * _dissect routine - entry point; it does input n_proto parsing and does
103 bpf_tail_call to the appropriate L3 handler
105 Since BPF at this point doesn't support looping (or any jumping back),
106 jmp_table is used instead to handle multiple levels of encapsulation (and
112 BPF flow dissector doesn't support exporting all the metadata that in-kernel
113 C-based implementation can export. Notable example is single VLAN (802.1Q)
114 and double VLAN (802.1AD) tags. Please refer to the 'struct bpf_flow_keys'
115 for a set of information that's currently can be exported from the BPF context.
projects / linux-2.6-microblaze.git / blob