]>
Commit | Line | Data |
---|---|---|
c1c5c723 | 1 | /* |
ef3767f5 | 2 | * Copyright (c) 2009-2017 Nicira, Inc. |
f98e418f | 3 | * Copyright (c) 2016 Mellanox Technologies, Ltd. |
c1c5c723 PB |
4 | * |
5 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
6 | * you may not use this file except in compliance with the License. | |
7 | * You may obtain a copy of the License at: | |
8 | * | |
9 | * http://www.apache.org/licenses/LICENSE-2.0 | |
10 | * | |
11 | * Unless required by applicable law or agreed to in writing, software | |
12 | * distributed under the License is distributed on an "AS IS" BASIS, | |
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
14 | * See the License for the specific language governing permissions and | |
15 | * limitations under the License. | |
16 | */ | |
17 | ||
18 | #include <config.h> | |
19 | #include "tc.h" | |
ef3767f5 | 20 | |
c1c5c723 | 21 | #include <errno.h> |
f98e418f RD |
22 | #include <linux/if_ether.h> |
23 | #include <linux/rtnetlink.h> | |
8ada482b | 24 | #include <linux/tc_act/tc_csum.h> |
f98e418f RD |
25 | #include <linux/tc_act/tc_gact.h> |
26 | #include <linux/tc_act/tc_mirred.h> | |
8ada482b | 27 | #include <linux/tc_act/tc_pedit.h> |
f98e418f RD |
28 | #include <linux/tc_act/tc_tunnel_key.h> |
29 | #include <linux/tc_act/tc_vlan.h> | |
30 | #include <linux/gen_stats.h> | |
31 | #include <net/if.h> | |
8c1e74d1 | 32 | #include <unistd.h> |
ef3767f5 | 33 | |
f98e418f | 34 | #include "byte-order.h" |
c1c5c723 PB |
35 | #include "netlink-socket.h" |
36 | #include "netlink.h" | |
37 | #include "openvswitch/ofpbuf.h" | |
8ada482b | 38 | #include "openvswitch/util.h" |
c1c5c723 | 39 | #include "openvswitch/vlog.h" |
f98e418f RD |
40 | #include "packets.h" |
41 | #include "timeval.h" | |
ef3767f5 | 42 | #include "unaligned.h" |
c1c5c723 | 43 | |
8ada482b PB |
44 | #define MAX_PEDIT_OFFSETS 32 |
45 | ||
c1c5c723 PB |
46 | VLOG_DEFINE_THIS_MODULE(tc); |
47 | ||
f98e418f RD |
48 | static struct vlog_rate_limit error_rl = VLOG_RATE_LIMIT_INIT(60, 5); |
49 | ||
691d20cb PB |
50 | enum tc_offload_policy { |
51 | TC_POLICY_NONE, | |
52 | TC_POLICY_SKIP_SW, | |
53 | TC_POLICY_SKIP_HW | |
54 | }; | |
55 | ||
56 | static enum tc_offload_policy tc_policy = TC_POLICY_NONE; | |
57 | ||
8ada482b PB |
58 | struct tc_pedit_key_ex { |
59 | enum pedit_header_type htype; | |
60 | enum pedit_cmd cmd; | |
61 | }; | |
62 | ||
63 | struct flower_key_to_pedit { | |
64 | enum pedit_header_type htype; | |
8ada482b | 65 | int offset; |
fbaf1bf9 | 66 | int flower_offset; |
8ada482b PB |
67 | int size; |
68 | }; | |
69 | ||
70 | static struct flower_key_to_pedit flower_pedit_map[] = { | |
71 | { | |
72 | TCA_PEDIT_KEY_EX_HDR_TYPE_IP4, | |
73 | 12, | |
74 | offsetof(struct tc_flower_key, ipv4.ipv4_src), | |
75 | MEMBER_SIZEOF(struct tc_flower_key, ipv4.ipv4_src) | |
76 | }, { | |
77 | TCA_PEDIT_KEY_EX_HDR_TYPE_IP4, | |
78 | 16, | |
79 | offsetof(struct tc_flower_key, ipv4.ipv4_dst), | |
80 | MEMBER_SIZEOF(struct tc_flower_key, ipv4.ipv4_dst) | |
81 | }, { | |
82 | TCA_PEDIT_KEY_EX_HDR_TYPE_IP4, | |
83 | 8, | |
84 | offsetof(struct tc_flower_key, ipv4.rewrite_ttl), | |
85 | MEMBER_SIZEOF(struct tc_flower_key, ipv4.rewrite_ttl) | |
86 | }, { | |
87 | TCA_PEDIT_KEY_EX_HDR_TYPE_IP6, | |
88 | 8, | |
89 | offsetof(struct tc_flower_key, ipv6.ipv6_src), | |
90 | MEMBER_SIZEOF(struct tc_flower_key, ipv6.ipv6_src) | |
91 | }, { | |
92 | TCA_PEDIT_KEY_EX_HDR_TYPE_IP6, | |
93 | 24, | |
94 | offsetof(struct tc_flower_key, ipv6.ipv6_dst), | |
95 | MEMBER_SIZEOF(struct tc_flower_key, ipv6.ipv6_dst) | |
96 | }, { | |
97 | TCA_PEDIT_KEY_EX_HDR_TYPE_ETH, | |
98 | 6, | |
99 | offsetof(struct tc_flower_key, src_mac), | |
100 | MEMBER_SIZEOF(struct tc_flower_key, src_mac) | |
101 | }, { | |
102 | TCA_PEDIT_KEY_EX_HDR_TYPE_ETH, | |
103 | 0, | |
104 | offsetof(struct tc_flower_key, dst_mac), | |
105 | MEMBER_SIZEOF(struct tc_flower_key, dst_mac) | |
106 | }, { | |
107 | TCA_PEDIT_KEY_EX_HDR_TYPE_ETH, | |
108 | 12, | |
109 | offsetof(struct tc_flower_key, eth_type), | |
110 | MEMBER_SIZEOF(struct tc_flower_key, eth_type) | |
111 | }, { | |
112 | TCA_PEDIT_KEY_EX_HDR_TYPE_TCP, | |
113 | 0, | |
114 | offsetof(struct tc_flower_key, tcp_src), | |
115 | MEMBER_SIZEOF(struct tc_flower_key, tcp_src) | |
116 | }, { | |
117 | TCA_PEDIT_KEY_EX_HDR_TYPE_TCP, | |
118 | 2, | |
119 | offsetof(struct tc_flower_key, tcp_dst), | |
120 | MEMBER_SIZEOF(struct tc_flower_key, tcp_dst) | |
121 | }, { | |
122 | TCA_PEDIT_KEY_EX_HDR_TYPE_UDP, | |
123 | 0, | |
124 | offsetof(struct tc_flower_key, udp_src), | |
125 | MEMBER_SIZEOF(struct tc_flower_key, udp_src) | |
126 | }, { | |
127 | TCA_PEDIT_KEY_EX_HDR_TYPE_UDP, | |
128 | 2, | |
129 | offsetof(struct tc_flower_key, udp_dst), | |
130 | MEMBER_SIZEOF(struct tc_flower_key, udp_dst) | |
131 | }, | |
132 | }; | |
133 | ||
d6118e62 PB |
134 | static inline int |
135 | csum_update_flag(struct tc_flower *flower, | |
136 | enum pedit_header_type htype); | |
137 | ||
c1c5c723 PB |
138 | struct tcmsg * |
139 | tc_make_request(int ifindex, int type, unsigned int flags, | |
140 | struct ofpbuf *request) | |
141 | { | |
142 | struct tcmsg *tcmsg; | |
143 | ||
144 | ofpbuf_init(request, 512); | |
145 | nl_msg_put_nlmsghdr(request, sizeof *tcmsg, type, NLM_F_REQUEST | flags); | |
146 | tcmsg = ofpbuf_put_zeros(request, sizeof *tcmsg); | |
147 | tcmsg->tcm_family = AF_UNSPEC; | |
148 | tcmsg->tcm_ifindex = ifindex; | |
149 | /* Caller should fill in tcmsg->tcm_handle. */ | |
150 | /* Caller should fill in tcmsg->tcm_parent. */ | |
151 | ||
152 | return tcmsg; | |
153 | } | |
154 | ||
155 | int | |
156 | tc_transact(struct ofpbuf *request, struct ofpbuf **replyp) | |
157 | { | |
158 | int error = nl_transact(NETLINK_ROUTE, request, replyp); | |
159 | ofpbuf_uninit(request); | |
160 | return error; | |
161 | } | |
162 | ||
163 | /* Adds or deletes a root ingress qdisc on device with specified ifindex. | |
164 | * | |
165 | * This function is equivalent to running the following when 'add' is true: | |
166 | * /sbin/tc qdisc add dev <devname> handle ffff: ingress | |
167 | * | |
168 | * This function is equivalent to running the following when 'add' is false: | |
169 | * /sbin/tc qdisc del dev <devname> handle ffff: ingress | |
170 | * | |
171 | * Where dev <devname> is the device with specified ifindex name. | |
172 | * | |
173 | * The configuration and stats may be seen with the following command: | |
174 | * /sbin/tc -s qdisc show dev <devname> | |
175 | * | |
176 | * Returns 0 if successful, otherwise a positive errno value. | |
177 | */ | |
178 | int | |
179 | tc_add_del_ingress_qdisc(int ifindex, bool add) | |
180 | { | |
181 | struct ofpbuf request; | |
182 | struct tcmsg *tcmsg; | |
183 | int error; | |
184 | int type = add ? RTM_NEWQDISC : RTM_DELQDISC; | |
185 | int flags = add ? NLM_F_EXCL | NLM_F_CREATE : 0; | |
186 | ||
187 | tcmsg = tc_make_request(ifindex, type, flags, &request); | |
209832d5 | 188 | tcmsg->tcm_handle = TC_H_MAKE(TC_H_INGRESS, 0); |
c1c5c723 PB |
189 | tcmsg->tcm_parent = TC_H_INGRESS; |
190 | nl_msg_put_string(&request, TCA_KIND, "ingress"); | |
191 | nl_msg_put_unspec(&request, TCA_OPTIONS, NULL, 0); | |
192 | ||
193 | error = tc_transact(&request, NULL); | |
194 | if (error) { | |
195 | /* If we're deleting the qdisc, don't worry about some of the | |
196 | * error conditions. */ | |
197 | if (!add && (error == ENOENT || error == EINVAL)) { | |
198 | return 0; | |
199 | } | |
200 | return error; | |
201 | } | |
202 | ||
203 | return 0; | |
204 | } | |
f98e418f RD |
205 | |
206 | static const struct nl_policy tca_policy[] = { | |
207 | [TCA_KIND] = { .type = NL_A_STRING, .optional = false, }, | |
208 | [TCA_OPTIONS] = { .type = NL_A_NESTED, .optional = false, }, | |
209 | [TCA_STATS] = { .type = NL_A_UNSPEC, | |
210 | .min_len = sizeof(struct tc_stats), .optional = true, }, | |
211 | [TCA_STATS2] = { .type = NL_A_NESTED, .optional = true, }, | |
212 | }; | |
213 | ||
214 | static const struct nl_policy tca_flower_policy[] = { | |
215 | [TCA_FLOWER_CLASSID] = { .type = NL_A_U32, .optional = true, }, | |
216 | [TCA_FLOWER_INDEV] = { .type = NL_A_STRING, .max_len = IFNAMSIZ, | |
217 | .optional = true, }, | |
218 | [TCA_FLOWER_KEY_ETH_SRC] = { .type = NL_A_UNSPEC, | |
219 | .min_len = ETH_ALEN, .optional = true, }, | |
220 | [TCA_FLOWER_KEY_ETH_DST] = { .type = NL_A_UNSPEC, | |
221 | .min_len = ETH_ALEN, .optional = true, }, | |
222 | [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .type = NL_A_UNSPEC, | |
223 | .min_len = ETH_ALEN, | |
224 | .optional = true, }, | |
225 | [TCA_FLOWER_KEY_ETH_DST_MASK] = { .type = NL_A_UNSPEC, | |
226 | .min_len = ETH_ALEN, | |
227 | .optional = true, }, | |
228 | [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NL_A_U16, .optional = false, }, | |
229 | [TCA_FLOWER_FLAGS] = { .type = NL_A_U32, .optional = false, }, | |
230 | [TCA_FLOWER_ACT] = { .type = NL_A_NESTED, .optional = false, }, | |
231 | [TCA_FLOWER_KEY_IP_PROTO] = { .type = NL_A_U8, .optional = true, }, | |
232 | [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NL_A_U32, .optional = true, }, | |
233 | [TCA_FLOWER_KEY_IPV4_DST] = {.type = NL_A_U32, .optional = true, }, | |
234 | [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NL_A_U32, .optional = true, }, | |
235 | [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NL_A_U32, .optional = true, }, | |
236 | [TCA_FLOWER_KEY_IPV6_SRC] = { .type = NL_A_UNSPEC, | |
237 | .min_len = sizeof(struct in6_addr), | |
238 | .optional = true, }, | |
239 | [TCA_FLOWER_KEY_IPV6_DST] = { .type = NL_A_UNSPEC, | |
240 | .min_len = sizeof(struct in6_addr), | |
241 | .optional = true, }, | |
242 | [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .type = NL_A_UNSPEC, | |
243 | .min_len = sizeof(struct in6_addr), | |
244 | .optional = true, }, | |
245 | [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .type = NL_A_UNSPEC, | |
246 | .min_len = sizeof(struct in6_addr), | |
247 | .optional = true, }, | |
248 | [TCA_FLOWER_KEY_TCP_SRC] = { .type = NL_A_U16, .optional = true, }, | |
249 | [TCA_FLOWER_KEY_TCP_DST] = { .type = NL_A_U16, .optional = true, }, | |
250 | [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NL_A_U16, .optional = true, }, | |
251 | [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NL_A_U16, .optional = true, }, | |
252 | [TCA_FLOWER_KEY_UDP_SRC] = { .type = NL_A_U16, .optional = true, }, | |
253 | [TCA_FLOWER_KEY_UDP_DST] = { .type = NL_A_U16, .optional = true, }, | |
254 | [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NL_A_U16, .optional = true, }, | |
255 | [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NL_A_U16, .optional = true, }, | |
4862b4e5 VB |
256 | [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NL_A_U16, .optional = true, }, |
257 | [TCA_FLOWER_KEY_SCTP_DST] = { .type = NL_A_U16, .optional = true, }, | |
258 | [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NL_A_U16, .optional = true, }, | |
259 | [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NL_A_U16, .optional = true, }, | |
f98e418f RD |
260 | [TCA_FLOWER_KEY_VLAN_ID] = { .type = NL_A_U16, .optional = true, }, |
261 | [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NL_A_U8, .optional = true, }, | |
262 | [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NL_A_U16, .optional = true, }, | |
263 | [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NL_A_U32, .optional = true, }, | |
264 | [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NL_A_U32, .optional = true, }, | |
265 | [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NL_A_U32, .optional = true, }, | |
266 | [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NL_A_U32, | |
267 | .optional = true, }, | |
268 | [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NL_A_U32, | |
269 | .optional = true, }, | |
270 | [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .type = NL_A_UNSPEC, | |
271 | .min_len = sizeof(struct in6_addr), | |
272 | .optional = true, }, | |
273 | [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .type = NL_A_UNSPEC, | |
274 | .min_len = sizeof(struct in6_addr), | |
275 | .optional = true, }, | |
276 | [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .type = NL_A_UNSPEC, | |
277 | .min_len = sizeof(struct in6_addr), | |
278 | .optional = true, }, | |
279 | [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .type = NL_A_UNSPEC, | |
280 | .min_len = sizeof(struct in6_addr), | |
281 | .optional = true, }, | |
282 | [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NL_A_U16, | |
283 | .optional = true, }, | |
83e86606 RD |
284 | [TCA_FLOWER_KEY_FLAGS] = { .type = NL_A_BE32, .optional = true, }, |
285 | [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NL_A_BE32, .optional = true, }, | |
0b4b5203 PB |
286 | [TCA_FLOWER_KEY_IP_TTL] = { .type = NL_A_U8, |
287 | .optional = true, }, | |
288 | [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NL_A_U8, | |
289 | .optional = true, }, | |
cd081043 PB |
290 | [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NL_A_U16, |
291 | .optional = true, }, | |
292 | [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NL_A_U16, | |
293 | .optional = true, }, | |
f98e418f RD |
294 | }; |
295 | ||
296 | static void | |
297 | nl_parse_flower_eth(struct nlattr **attrs, struct tc_flower *flower) | |
298 | { | |
299 | const struct eth_addr *eth; | |
300 | ||
301 | if (attrs[TCA_FLOWER_KEY_ETH_SRC_MASK]) { | |
302 | eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_SRC], ETH_ALEN); | |
303 | memcpy(&flower->key.src_mac, eth, sizeof flower->key.src_mac); | |
304 | ||
305 | eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_SRC_MASK], ETH_ALEN); | |
306 | memcpy(&flower->mask.src_mac, eth, sizeof flower->mask.src_mac); | |
307 | } | |
308 | if (attrs[TCA_FLOWER_KEY_ETH_DST_MASK]) { | |
309 | eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_DST], ETH_ALEN); | |
310 | memcpy(&flower->key.dst_mac, eth, sizeof flower->key.dst_mac); | |
311 | ||
312 | eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_DST_MASK], ETH_ALEN); | |
313 | memcpy(&flower->mask.dst_mac, eth, sizeof flower->mask.dst_mac); | |
314 | } | |
315 | } | |
316 | ||
317 | static void | |
318 | nl_parse_flower_vlan(struct nlattr **attrs, struct tc_flower *flower) | |
319 | { | |
320 | if (flower->key.eth_type != htons(ETH_TYPE_VLAN)) { | |
321 | return; | |
322 | } | |
323 | ||
324 | flower->key.encap_eth_type = | |
325 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_ETH_TYPE]); | |
326 | ||
327 | if (attrs[TCA_FLOWER_KEY_VLAN_ID]) { | |
328 | flower->key.vlan_id = | |
329 | nl_attr_get_u16(attrs[TCA_FLOWER_KEY_VLAN_ID]); | |
330 | } | |
331 | if (attrs[TCA_FLOWER_KEY_VLAN_PRIO]) { | |
332 | flower->key.vlan_prio = | |
333 | nl_attr_get_u8(attrs[TCA_FLOWER_KEY_VLAN_PRIO]); | |
334 | } | |
335 | } | |
336 | ||
337 | static void | |
338 | nl_parse_flower_tunnel(struct nlattr **attrs, struct tc_flower *flower) | |
339 | { | |
340 | if (attrs[TCA_FLOWER_KEY_ENC_KEY_ID]) { | |
341 | ovs_be32 id = nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_KEY_ID]); | |
342 | ||
343 | flower->tunnel.id = be32_to_be64(id); | |
344 | } | |
345 | if (attrs[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK]) { | |
346 | flower->tunnel.ipv4.ipv4_src = | |
347 | nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_IPV4_SRC]); | |
348 | } | |
349 | if (attrs[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK]) { | |
350 | flower->tunnel.ipv4.ipv4_dst = | |
351 | nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_IPV4_DST]); | |
352 | } | |
353 | if (attrs[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK]) { | |
354 | flower->tunnel.ipv6.ipv6_src = | |
355 | nl_attr_get_in6_addr(attrs[TCA_FLOWER_KEY_ENC_IPV6_SRC]); | |
356 | } | |
357 | if (attrs[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK]) { | |
358 | flower->tunnel.ipv6.ipv6_dst = | |
359 | nl_attr_get_in6_addr(attrs[TCA_FLOWER_KEY_ENC_IPV6_DST]); | |
360 | } | |
361 | if (attrs[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]) { | |
362 | flower->tunnel.tp_dst = | |
363 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]); | |
364 | } | |
365 | } | |
366 | ||
367 | static void | |
368 | nl_parse_flower_ip(struct nlattr **attrs, struct tc_flower *flower) { | |
369 | uint8_t ip_proto = 0; | |
370 | struct tc_flower_key *key = &flower->key; | |
371 | struct tc_flower_key *mask = &flower->mask; | |
372 | ||
373 | if (attrs[TCA_FLOWER_KEY_IP_PROTO]) { | |
374 | ip_proto = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_PROTO]); | |
375 | key->ip_proto = ip_proto; | |
376 | mask->ip_proto = UINT8_MAX; | |
377 | } | |
378 | ||
83e86606 | 379 | if (attrs[TCA_FLOWER_KEY_FLAGS_MASK]) { |
7e0f69b5 IS |
380 | key->flags = ntohl(nl_attr_get_be32(attrs[TCA_FLOWER_KEY_FLAGS])); |
381 | mask->flags = | |
382 | ntohl(nl_attr_get_be32(attrs[TCA_FLOWER_KEY_FLAGS_MASK])); | |
83e86606 RD |
383 | } |
384 | ||
f98e418f RD |
385 | if (attrs[TCA_FLOWER_KEY_IPV4_SRC_MASK]) { |
386 | key->ipv4.ipv4_src = | |
387 | nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_SRC]); | |
388 | mask->ipv4.ipv4_src = | |
389 | nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_SRC_MASK]); | |
390 | } | |
391 | if (attrs[TCA_FLOWER_KEY_IPV4_DST_MASK]) { | |
392 | key->ipv4.ipv4_dst = | |
393 | nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_DST]); | |
394 | mask->ipv4.ipv4_dst = | |
395 | nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_DST_MASK]); | |
396 | } | |
397 | if (attrs[TCA_FLOWER_KEY_IPV6_SRC_MASK]) { | |
398 | struct nlattr *attr = attrs[TCA_FLOWER_KEY_IPV6_SRC]; | |
399 | struct nlattr *attr_mask = attrs[TCA_FLOWER_KEY_IPV6_SRC_MASK]; | |
400 | ||
401 | key->ipv6.ipv6_src = nl_attr_get_in6_addr(attr); | |
402 | mask->ipv6.ipv6_src = nl_attr_get_in6_addr(attr_mask); | |
403 | } | |
404 | if (attrs[TCA_FLOWER_KEY_IPV6_DST_MASK]) { | |
405 | struct nlattr *attr = attrs[TCA_FLOWER_KEY_IPV6_DST]; | |
406 | struct nlattr *attr_mask = attrs[TCA_FLOWER_KEY_IPV6_DST_MASK]; | |
407 | ||
408 | key->ipv6.ipv6_dst = nl_attr_get_in6_addr(attr); | |
409 | mask->ipv6.ipv6_dst = nl_attr_get_in6_addr(attr_mask); | |
410 | } | |
411 | ||
412 | if (ip_proto == IPPROTO_TCP) { | |
413 | if (attrs[TCA_FLOWER_KEY_TCP_SRC_MASK]) { | |
2b1d9fa9 | 414 | key->tcp_src = |
f98e418f | 415 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_SRC]); |
2b1d9fa9 | 416 | mask->tcp_src = |
f98e418f RD |
417 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_SRC_MASK]); |
418 | } | |
419 | if (attrs[TCA_FLOWER_KEY_TCP_DST_MASK]) { | |
2b1d9fa9 | 420 | key->tcp_dst = |
f98e418f | 421 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_DST]); |
2b1d9fa9 | 422 | mask->tcp_dst = |
f98e418f RD |
423 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_DST_MASK]); |
424 | } | |
cd081043 PB |
425 | if (attrs[TCA_FLOWER_KEY_TCP_FLAGS_MASK]) { |
426 | key->tcp_flags = | |
427 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_FLAGS]); | |
428 | mask->tcp_flags = | |
429 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_FLAGS_MASK]); | |
430 | } | |
f98e418f RD |
431 | } else if (ip_proto == IPPROTO_UDP) { |
432 | if (attrs[TCA_FLOWER_KEY_UDP_SRC_MASK]) { | |
2b1d9fa9 PB |
433 | key->udp_src = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_SRC]); |
434 | mask->udp_src = | |
f98e418f RD |
435 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_SRC_MASK]); |
436 | } | |
437 | if (attrs[TCA_FLOWER_KEY_UDP_DST_MASK]) { | |
2b1d9fa9 PB |
438 | key->udp_dst = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_DST]); |
439 | mask->udp_dst = | |
f98e418f RD |
440 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_DST_MASK]); |
441 | } | |
4862b4e5 VB |
442 | } else if (ip_proto == IPPROTO_SCTP) { |
443 | if (attrs[TCA_FLOWER_KEY_SCTP_SRC_MASK]) { | |
2b1d9fa9 PB |
444 | key->sctp_src = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_SRC]); |
445 | mask->sctp_src = | |
4862b4e5 VB |
446 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_SRC_MASK]); |
447 | } | |
448 | if (attrs[TCA_FLOWER_KEY_SCTP_DST_MASK]) { | |
2b1d9fa9 PB |
449 | key->sctp_dst = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_DST]); |
450 | mask->sctp_dst = | |
4862b4e5 VB |
451 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_DST_MASK]); |
452 | } | |
f98e418f | 453 | } |
0b4b5203 PB |
454 | |
455 | if (attrs[TCA_FLOWER_KEY_IP_TTL_MASK]) { | |
456 | key->ip_ttl = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_TTL]); | |
457 | mask->ip_ttl = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_TTL_MASK]); | |
458 | } | |
f98e418f RD |
459 | } |
460 | ||
8ada482b PB |
461 | static const struct nl_policy pedit_policy[] = { |
462 | [TCA_PEDIT_PARMS_EX] = { .type = NL_A_UNSPEC, | |
463 | .min_len = sizeof(struct tc_pedit), | |
464 | .optional = false, }, | |
465 | [TCA_PEDIT_KEYS_EX] = { .type = NL_A_NESTED, | |
466 | .optional = false, }, | |
467 | }; | |
468 | ||
469 | static int | |
470 | nl_parse_act_pedit(struct nlattr *options, struct tc_flower *flower) | |
471 | { | |
0c70132c | 472 | struct tc_action *action; |
8ada482b PB |
473 | struct nlattr *pe_attrs[ARRAY_SIZE(pedit_policy)]; |
474 | const struct tc_pedit *pe; | |
475 | const struct tc_pedit_key *keys; | |
476 | const struct nlattr *nla, *keys_ex, *ex_type; | |
477 | const void *keys_attr; | |
478 | char *rewrite_key = (void *) &flower->rewrite.key; | |
479 | char *rewrite_mask = (void *) &flower->rewrite.mask; | |
480 | size_t keys_ex_size, left; | |
d6118e62 | 481 | int type, i = 0, err; |
8ada482b PB |
482 | |
483 | if (!nl_parse_nested(options, pedit_policy, pe_attrs, | |
484 | ARRAY_SIZE(pedit_policy))) { | |
485 | VLOG_ERR_RL(&error_rl, "failed to parse pedit action options"); | |
486 | return EPROTO; | |
487 | } | |
488 | ||
489 | pe = nl_attr_get_unspec(pe_attrs[TCA_PEDIT_PARMS_EX], sizeof *pe); | |
490 | keys = pe->keys; | |
491 | keys_attr = pe_attrs[TCA_PEDIT_KEYS_EX]; | |
492 | keys_ex = nl_attr_get(keys_attr); | |
493 | keys_ex_size = nl_attr_get_size(keys_attr); | |
494 | ||
495 | NL_ATTR_FOR_EACH (nla, left, keys_ex, keys_ex_size) { | |
496 | if (i >= pe->nkeys) { | |
497 | break; | |
498 | } | |
499 | ||
408671c4 | 500 | if (nl_attr_type(nla) != TCA_PEDIT_KEY_EX) { |
8ada482b PB |
501 | VLOG_ERR_RL(&error_rl, "unable to parse legacy pedit type: %d", |
502 | nl_attr_type(nla)); | |
503 | return EOPNOTSUPP; | |
504 | } | |
505 | ||
506 | ex_type = nl_attr_find_nested(nla, TCA_PEDIT_KEY_EX_HTYPE); | |
507 | type = nl_attr_get_u16(ex_type); | |
508 | ||
d6118e62 PB |
509 | err = csum_update_flag(flower, type); |
510 | if (err) { | |
511 | return err; | |
512 | } | |
513 | ||
8ada482b PB |
514 | for (int j = 0; j < ARRAY_SIZE(flower_pedit_map); j++) { |
515 | struct flower_key_to_pedit *m = &flower_pedit_map[j]; | |
516 | int flower_off = m->flower_offset; | |
517 | int sz = m->size; | |
518 | int mf = m->offset; | |
519 | ||
520 | if (m->htype != type) { | |
521 | continue; | |
522 | } | |
523 | ||
524 | /* check overlap between current pedit key, which is always | |
525 | * 4 bytes (range [off, off + 3]), and a map entry in | |
526 | * flower_pedit_map (range [mf, mf + sz - 1]) */ | |
527 | if ((keys->off >= mf && keys->off < mf + sz) | |
528 | || (keys->off + 3 >= mf && keys->off + 3 < mf + sz)) { | |
529 | int diff = flower_off + (keys->off - mf); | |
530 | uint32_t *dst = (void *) (rewrite_key + diff); | |
531 | uint32_t *dst_m = (void *) (rewrite_mask + diff); | |
532 | uint32_t mask = ~(keys->mask); | |
533 | uint32_t zero_bits; | |
534 | ||
535 | if (keys->off < mf) { | |
536 | zero_bits = 8 * (mf - keys->off); | |
537 | mask &= UINT32_MAX << zero_bits; | |
538 | } else if (keys->off + 4 > mf + m->size) { | |
539 | zero_bits = 8 * (keys->off + 4 - mf - m->size); | |
540 | mask &= UINT32_MAX >> zero_bits; | |
541 | } | |
542 | ||
543 | *dst_m |= mask; | |
544 | *dst |= keys->val & mask; | |
545 | } | |
546 | } | |
547 | ||
548 | keys++; | |
549 | i++; | |
550 | } | |
551 | ||
0c70132c CM |
552 | action = &flower->actions[flower->action_count++]; |
553 | action->type = TC_ACT_PEDIT; | |
8ada482b PB |
554 | |
555 | return 0; | |
556 | } | |
557 | ||
f98e418f RD |
558 | static const struct nl_policy tunnel_key_policy[] = { |
559 | [TCA_TUNNEL_KEY_PARMS] = { .type = NL_A_UNSPEC, | |
560 | .min_len = sizeof(struct tc_tunnel_key), | |
561 | .optional = false, }, | |
562 | [TCA_TUNNEL_KEY_ENC_IPV4_SRC] = { .type = NL_A_U32, .optional = true, }, | |
563 | [TCA_TUNNEL_KEY_ENC_IPV4_DST] = { .type = NL_A_U32, .optional = true, }, | |
564 | [TCA_TUNNEL_KEY_ENC_IPV6_SRC] = { .type = NL_A_UNSPEC, | |
565 | .min_len = sizeof(struct in6_addr), | |
566 | .optional = true, }, | |
567 | [TCA_TUNNEL_KEY_ENC_IPV6_DST] = { .type = NL_A_UNSPEC, | |
568 | .min_len = sizeof(struct in6_addr), | |
569 | .optional = true, }, | |
570 | [TCA_TUNNEL_KEY_ENC_KEY_ID] = { .type = NL_A_U32, .optional = true, }, | |
571 | [TCA_TUNNEL_KEY_ENC_DST_PORT] = { .type = NL_A_U16, .optional = true, }, | |
572 | }; | |
573 | ||
574 | static int | |
575 | nl_parse_act_tunnel_key(struct nlattr *options, struct tc_flower *flower) | |
576 | { | |
577 | struct nlattr *tun_attrs[ARRAY_SIZE(tunnel_key_policy)]; | |
578 | const struct nlattr *tun_parms; | |
579 | const struct tc_tunnel_key *tun; | |
0c70132c | 580 | struct tc_action *action; |
f98e418f RD |
581 | |
582 | if (!nl_parse_nested(options, tunnel_key_policy, tun_attrs, | |
583 | ARRAY_SIZE(tunnel_key_policy))) { | |
584 | VLOG_ERR_RL(&error_rl, "failed to parse tunnel_key action options"); | |
585 | return EPROTO; | |
586 | } | |
587 | ||
588 | tun_parms = tun_attrs[TCA_TUNNEL_KEY_PARMS]; | |
589 | tun = nl_attr_get_unspec(tun_parms, sizeof *tun); | |
590 | if (tun->t_action == TCA_TUNNEL_KEY_ACT_SET) { | |
591 | struct nlattr *id = tun_attrs[TCA_TUNNEL_KEY_ENC_KEY_ID]; | |
592 | struct nlattr *dst_port = tun_attrs[TCA_TUNNEL_KEY_ENC_DST_PORT]; | |
593 | struct nlattr *ipv4_src = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV4_SRC]; | |
594 | struct nlattr *ipv4_dst = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV4_DST]; | |
595 | struct nlattr *ipv6_src = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV6_SRC]; | |
596 | struct nlattr *ipv6_dst = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV6_DST]; | |
597 | ||
0c70132c CM |
598 | action = &flower->actions[flower->action_count++]; |
599 | action->type = TC_ACT_ENCAP; | |
600 | action->encap.ipv4.ipv4_src = ipv4_src ? nl_attr_get_be32(ipv4_src) : 0; | |
601 | action->encap.ipv4.ipv4_dst = ipv4_dst ? nl_attr_get_be32(ipv4_dst) : 0; | |
f98e418f | 602 | if (ipv6_src) { |
0c70132c | 603 | action->encap.ipv6.ipv6_src = nl_attr_get_in6_addr(ipv6_src); |
f98e418f RD |
604 | } |
605 | if (ipv6_dst) { | |
0c70132c | 606 | action->encap.ipv6.ipv6_dst = nl_attr_get_in6_addr(ipv6_dst); |
f98e418f | 607 | } |
0c70132c CM |
608 | action->encap.id = id ? be32_to_be64(nl_attr_get_be32(id)) : 0; |
609 | action->encap.tp_dst = dst_port ? nl_attr_get_be16(dst_port) : 0; | |
f98e418f RD |
610 | } else if (tun->t_action == TCA_TUNNEL_KEY_ACT_RELEASE) { |
611 | flower->tunnel.tunnel = true; | |
612 | } else { | |
613 | VLOG_ERR_RL(&error_rl, "unknown tunnel actions: %d, %d", | |
614 | tun->action, tun->t_action); | |
615 | return EINVAL; | |
616 | } | |
617 | return 0; | |
618 | } | |
619 | ||
620 | static const struct nl_policy gact_policy[] = { | |
621 | [TCA_GACT_PARMS] = { .type = NL_A_UNSPEC, | |
622 | .min_len = sizeof(struct tc_gact), | |
623 | .optional = false, }, | |
624 | [TCA_GACT_TM] = { .type = NL_A_UNSPEC, | |
625 | .min_len = sizeof(struct tcf_t), | |
626 | .optional = false, }, | |
627 | }; | |
628 | ||
8c1e74d1 PB |
629 | static int |
630 | get_user_hz(void) | |
631 | { | |
632 | static struct ovsthread_once once = OVSTHREAD_ONCE_INITIALIZER; | |
633 | static int user_hz = 100; | |
634 | ||
635 | if (ovsthread_once_start(&once)) { | |
636 | user_hz = sysconf(_SC_CLK_TCK); | |
637 | ovsthread_once_done(&once); | |
638 | } | |
639 | ||
640 | return user_hz; | |
641 | } | |
f98e418f RD |
642 | |
643 | static void | |
644 | nl_parse_tcf(const struct tcf_t *tm, struct tc_flower *flower) | |
645 | { | |
8c1e74d1 | 646 | flower->lastused = time_msec() - (tm->lastuse * 1000 / get_user_hz()); |
f98e418f RD |
647 | } |
648 | ||
649 | static int | |
650 | nl_parse_act_drop(struct nlattr *options, struct tc_flower *flower) | |
651 | { | |
652 | struct nlattr *gact_attrs[ARRAY_SIZE(gact_policy)]; | |
653 | const struct tc_gact *p; | |
654 | struct nlattr *gact_parms; | |
655 | const struct tcf_t *tm; | |
656 | ||
657 | if (!nl_parse_nested(options, gact_policy, gact_attrs, | |
658 | ARRAY_SIZE(gact_policy))) { | |
659 | VLOG_ERR_RL(&error_rl, "failed to parse gact action options"); | |
660 | return EPROTO; | |
661 | } | |
662 | ||
663 | gact_parms = gact_attrs[TCA_GACT_PARMS]; | |
664 | p = nl_attr_get_unspec(gact_parms, sizeof *p); | |
665 | ||
666 | if (p->action != TC_ACT_SHOT) { | |
667 | VLOG_ERR_RL(&error_rl, "unknown gact action: %d", p->action); | |
668 | return EINVAL; | |
669 | } | |
670 | ||
671 | tm = nl_attr_get_unspec(gact_attrs[TCA_GACT_TM], sizeof *tm); | |
672 | nl_parse_tcf(tm, flower); | |
673 | ||
674 | return 0; | |
675 | } | |
676 | ||
677 | static const struct nl_policy mirred_policy[] = { | |
678 | [TCA_MIRRED_PARMS] = { .type = NL_A_UNSPEC, | |
679 | .min_len = sizeof(struct tc_mirred), | |
680 | .optional = false, }, | |
681 | [TCA_MIRRED_TM] = { .type = NL_A_UNSPEC, | |
682 | .min_len = sizeof(struct tcf_t), | |
683 | .optional = false, }, | |
684 | }; | |
685 | ||
686 | static int | |
687 | nl_parse_act_mirred(struct nlattr *options, struct tc_flower *flower) | |
688 | { | |
689 | ||
690 | struct nlattr *mirred_attrs[ARRAY_SIZE(mirred_policy)]; | |
691 | const struct tc_mirred *m; | |
692 | const struct nlattr *mirred_parms; | |
693 | const struct tcf_t *tm; | |
694 | struct nlattr *mirred_tm; | |
0c70132c | 695 | struct tc_action *action; |
f98e418f RD |
696 | |
697 | if (!nl_parse_nested(options, mirred_policy, mirred_attrs, | |
698 | ARRAY_SIZE(mirred_policy))) { | |
699 | VLOG_ERR_RL(&error_rl, "failed to parse mirred action options"); | |
700 | return EPROTO; | |
701 | } | |
702 | ||
703 | mirred_parms = mirred_attrs[TCA_MIRRED_PARMS]; | |
704 | m = nl_attr_get_unspec(mirred_parms, sizeof *m); | |
705 | ||
0c70132c | 706 | if (m->eaction != TCA_EGRESS_REDIR && m->eaction != TCA_EGRESS_MIRROR) { |
f98e418f | 707 | VLOG_ERR_RL(&error_rl, "unknown mirred action: %d, %d, %d", |
0c70132c | 708 | m->action, m->eaction, m->ifindex); |
f98e418f RD |
709 | return EINVAL; |
710 | } | |
711 | ||
0c70132c CM |
712 | action = &flower->actions[flower->action_count++]; |
713 | action->ifindex_out = m->ifindex; | |
714 | action->type = TC_ACT_OUTPUT; | |
f98e418f RD |
715 | |
716 | mirred_tm = mirred_attrs[TCA_MIRRED_TM]; | |
717 | tm = nl_attr_get_unspec(mirred_tm, sizeof *tm); | |
718 | nl_parse_tcf(tm, flower); | |
719 | ||
720 | return 0; | |
721 | } | |
722 | ||
723 | static const struct nl_policy vlan_policy[] = { | |
724 | [TCA_VLAN_PARMS] = { .type = NL_A_UNSPEC, | |
725 | .min_len = sizeof(struct tc_vlan), | |
726 | .optional = false, }, | |
727 | [TCA_VLAN_PUSH_VLAN_ID] = { .type = NL_A_U16, .optional = true, }, | |
728 | [TCA_VLAN_PUSH_VLAN_PROTOCOL] = { .type = NL_A_U16, .optional = true, }, | |
729 | [TCA_VLAN_PUSH_VLAN_PRIORITY] = { .type = NL_A_U8, .optional = true, }, | |
730 | }; | |
731 | ||
732 | static int | |
733 | nl_parse_act_vlan(struct nlattr *options, struct tc_flower *flower) | |
734 | { | |
735 | struct nlattr *vlan_attrs[ARRAY_SIZE(vlan_policy)]; | |
736 | const struct tc_vlan *v; | |
737 | const struct nlattr *vlan_parms; | |
0c70132c | 738 | struct tc_action *action; |
f98e418f RD |
739 | |
740 | if (!nl_parse_nested(options, vlan_policy, vlan_attrs, | |
741 | ARRAY_SIZE(vlan_policy))) { | |
742 | VLOG_ERR_RL(&error_rl, "failed to parse vlan action options"); | |
743 | return EPROTO; | |
744 | } | |
745 | ||
0c70132c | 746 | action = &flower->actions[flower->action_count++]; |
f98e418f RD |
747 | vlan_parms = vlan_attrs[TCA_VLAN_PARMS]; |
748 | v = nl_attr_get_unspec(vlan_parms, sizeof *v); | |
749 | if (v->v_action == TCA_VLAN_ACT_PUSH) { | |
750 | struct nlattr *vlan_id = vlan_attrs[TCA_VLAN_PUSH_VLAN_ID]; | |
751 | struct nlattr *vlan_prio = vlan_attrs[TCA_VLAN_PUSH_VLAN_PRIORITY]; | |
752 | ||
0c70132c CM |
753 | action->vlan.vlan_push_id = nl_attr_get_u16(vlan_id); |
754 | action->vlan.vlan_push_prio = vlan_prio ? nl_attr_get_u8(vlan_prio) : 0; | |
755 | action->type = TC_ACT_VLAN_PUSH; | |
f98e418f | 756 | } else if (v->v_action == TCA_VLAN_ACT_POP) { |
0c70132c | 757 | action->type = TC_ACT_VLAN_POP; |
f98e418f RD |
758 | } else { |
759 | VLOG_ERR_RL(&error_rl, "unknown vlan action: %d, %d", | |
760 | v->action, v->v_action); | |
761 | return EINVAL; | |
762 | } | |
763 | return 0; | |
764 | } | |
765 | ||
d6118e62 PB |
766 | static const struct nl_policy csum_policy[] = { |
767 | [TCA_CSUM_PARMS] = { .type = NL_A_UNSPEC, | |
768 | .min_len = sizeof(struct tc_csum), | |
769 | .optional = false, }, | |
770 | }; | |
771 | ||
772 | static int | |
773 | nl_parse_act_csum(struct nlattr *options, struct tc_flower *flower) | |
774 | { | |
775 | struct nlattr *csum_attrs[ARRAY_SIZE(csum_policy)]; | |
776 | const struct tc_csum *c; | |
777 | const struct nlattr *csum_parms; | |
778 | ||
779 | if (!nl_parse_nested(options, csum_policy, csum_attrs, | |
780 | ARRAY_SIZE(csum_policy))) { | |
781 | VLOG_ERR_RL(&error_rl, "failed to parse csum action options"); | |
782 | return EPROTO; | |
783 | } | |
784 | ||
785 | csum_parms = csum_attrs[TCA_CSUM_PARMS]; | |
786 | c = nl_attr_get_unspec(csum_parms, sizeof *c); | |
787 | ||
788 | /* sanity checks */ | |
789 | if (c->update_flags != flower->csum_update_flags) { | |
790 | VLOG_WARN_RL(&error_rl, | |
791 | "expected different act csum flags: 0x%x != 0x%x", | |
792 | flower->csum_update_flags, c->update_flags); | |
793 | return EINVAL; | |
794 | } | |
795 | flower->csum_update_flags = 0; /* so we know csum was handled */ | |
796 | ||
797 | if (flower->needs_full_ip_proto_mask | |
798 | && flower->mask.ip_proto != UINT8_MAX) { | |
799 | VLOG_WARN_RL(&error_rl, "expected full matching on flower ip_proto"); | |
800 | return EINVAL; | |
801 | } | |
802 | ||
803 | return 0; | |
804 | } | |
805 | ||
f98e418f RD |
806 | static const struct nl_policy act_policy[] = { |
807 | [TCA_ACT_KIND] = { .type = NL_A_STRING, .optional = false, }, | |
808 | [TCA_ACT_COOKIE] = { .type = NL_A_UNSPEC, .optional = true, }, | |
809 | [TCA_ACT_OPTIONS] = { .type = NL_A_NESTED, .optional = false, }, | |
810 | [TCA_ACT_STATS] = { .type = NL_A_NESTED, .optional = false, }, | |
811 | }; | |
812 | ||
813 | static const struct nl_policy stats_policy[] = { | |
814 | [TCA_STATS_BASIC] = { .type = NL_A_UNSPEC, | |
815 | .min_len = sizeof(struct gnet_stats_basic), | |
816 | .optional = false, }, | |
817 | }; | |
818 | ||
819 | static int | |
820 | nl_parse_single_action(struct nlattr *action, struct tc_flower *flower) | |
821 | { | |
822 | struct nlattr *act_options; | |
823 | struct nlattr *act_stats; | |
824 | struct nlattr *act_cookie; | |
825 | const char *act_kind; | |
826 | struct nlattr *action_attrs[ARRAY_SIZE(act_policy)]; | |
827 | struct nlattr *stats_attrs[ARRAY_SIZE(stats_policy)]; | |
828 | struct ovs_flow_stats *stats = &flower->stats; | |
829 | const struct gnet_stats_basic *bs; | |
40c5aa11 | 830 | int err = 0; |
f98e418f RD |
831 | |
832 | if (!nl_parse_nested(action, act_policy, action_attrs, | |
833 | ARRAY_SIZE(act_policy))) { | |
834 | VLOG_ERR_RL(&error_rl, "failed to parse single action options"); | |
835 | return EPROTO; | |
836 | } | |
837 | ||
838 | act_kind = nl_attr_get_string(action_attrs[TCA_ACT_KIND]); | |
839 | act_options = action_attrs[TCA_ACT_OPTIONS]; | |
840 | act_cookie = action_attrs[TCA_ACT_COOKIE]; | |
841 | ||
842 | if (!strcmp(act_kind, "gact")) { | |
40c5aa11 | 843 | err = nl_parse_act_drop(act_options, flower); |
f98e418f | 844 | } else if (!strcmp(act_kind, "mirred")) { |
40c5aa11 | 845 | err = nl_parse_act_mirred(act_options, flower); |
f98e418f | 846 | } else if (!strcmp(act_kind, "vlan")) { |
40c5aa11 | 847 | err = nl_parse_act_vlan(act_options, flower); |
f98e418f | 848 | } else if (!strcmp(act_kind, "tunnel_key")) { |
40c5aa11 | 849 | err = nl_parse_act_tunnel_key(act_options, flower); |
8ada482b | 850 | } else if (!strcmp(act_kind, "pedit")) { |
40c5aa11 | 851 | err = nl_parse_act_pedit(act_options, flower); |
8ada482b | 852 | } else if (!strcmp(act_kind, "csum")) { |
d6118e62 | 853 | nl_parse_act_csum(act_options, flower); |
f98e418f RD |
854 | } else { |
855 | VLOG_ERR_RL(&error_rl, "unknown tc action kind: %s", act_kind); | |
40c5aa11 RD |
856 | err = EINVAL; |
857 | } | |
858 | ||
859 | if (err) { | |
860 | return err; | |
f98e418f RD |
861 | } |
862 | ||
863 | if (act_cookie) { | |
864 | flower->act_cookie.data = nl_attr_get(act_cookie); | |
865 | flower->act_cookie.len = nl_attr_get_size(act_cookie); | |
866 | } | |
867 | ||
868 | act_stats = action_attrs[TCA_ACT_STATS]; | |
869 | ||
870 | if (!nl_parse_nested(act_stats, stats_policy, stats_attrs, | |
871 | ARRAY_SIZE(stats_policy))) { | |
872 | VLOG_ERR_RL(&error_rl, "failed to parse action stats policy"); | |
873 | return EPROTO; | |
874 | } | |
875 | ||
876 | bs = nl_attr_get_unspec(stats_attrs[TCA_STATS_BASIC], sizeof *bs); | |
877 | put_32aligned_u64(&stats->n_packets, bs->packets); | |
878 | put_32aligned_u64(&stats->n_bytes, bs->bytes); | |
879 | ||
880 | return 0; | |
881 | } | |
882 | ||
883 | #define TCA_ACT_MIN_PRIO 1 | |
884 | ||
885 | static int | |
886 | nl_parse_flower_actions(struct nlattr **attrs, struct tc_flower *flower) | |
887 | { | |
888 | const struct nlattr *actions = attrs[TCA_FLOWER_ACT]; | |
889 | static struct nl_policy actions_orders_policy[TCA_ACT_MAX_PRIO + 1] = {}; | |
890 | struct nlattr *actions_orders[ARRAY_SIZE(actions_orders_policy)]; | |
891 | const int max_size = ARRAY_SIZE(actions_orders_policy); | |
892 | ||
893 | for (int i = TCA_ACT_MIN_PRIO; i < max_size; i++) { | |
894 | actions_orders_policy[i].type = NL_A_NESTED; | |
895 | actions_orders_policy[i].optional = true; | |
896 | } | |
897 | ||
898 | if (!nl_parse_nested(actions, actions_orders_policy, actions_orders, | |
899 | ARRAY_SIZE(actions_orders_policy))) { | |
900 | VLOG_ERR_RL(&error_rl, "failed to parse flower order of actions"); | |
901 | return EPROTO; | |
902 | } | |
903 | ||
904 | for (int i = TCA_ACT_MIN_PRIO; i < max_size; i++) { | |
905 | if (actions_orders[i]) { | |
0c70132c CM |
906 | int err; |
907 | ||
908 | if (flower->action_count >= TCA_ACT_MAX_PRIO) { | |
909 | VLOG_DBG_RL(&error_rl, "Can only support %d actions", flower->action_count); | |
910 | return EOPNOTSUPP; | |
911 | } | |
912 | err = nl_parse_single_action(actions_orders[i], flower); | |
f98e418f RD |
913 | |
914 | if (err) { | |
915 | return err; | |
916 | } | |
917 | } | |
918 | } | |
919 | ||
d6118e62 PB |
920 | if (flower->csum_update_flags) { |
921 | VLOG_WARN_RL(&error_rl, | |
922 | "expected act csum with flags: 0x%x", | |
923 | flower->csum_update_flags); | |
924 | return EINVAL; | |
925 | } | |
926 | ||
f98e418f RD |
927 | return 0; |
928 | } | |
929 | ||
930 | static int | |
931 | nl_parse_flower_options(struct nlattr *nl_options, struct tc_flower *flower) | |
932 | { | |
933 | struct nlattr *attrs[ARRAY_SIZE(tca_flower_policy)]; | |
934 | ||
935 | if (!nl_parse_nested(nl_options, tca_flower_policy, | |
936 | attrs, ARRAY_SIZE(tca_flower_policy))) { | |
937 | VLOG_ERR_RL(&error_rl, "failed to parse flower classifier options"); | |
938 | return EPROTO; | |
939 | } | |
940 | ||
941 | nl_parse_flower_eth(attrs, flower); | |
942 | nl_parse_flower_vlan(attrs, flower); | |
943 | nl_parse_flower_ip(attrs, flower); | |
944 | nl_parse_flower_tunnel(attrs, flower); | |
945 | return nl_parse_flower_actions(attrs, flower); | |
946 | } | |
947 | ||
948 | int | |
949 | parse_netlink_to_tc_flower(struct ofpbuf *reply, struct tc_flower *flower) | |
950 | { | |
951 | struct tcmsg *tc; | |
952 | struct nlattr *ta[ARRAY_SIZE(tca_policy)]; | |
953 | const char *kind; | |
954 | ||
955 | if (NLMSG_HDRLEN + sizeof *tc > reply->size) { | |
956 | return EPROTO; | |
957 | } | |
958 | ||
959 | memset(flower, 0, sizeof *flower); | |
960 | ||
961 | tc = ofpbuf_at_assert(reply, NLMSG_HDRLEN, sizeof *tc); | |
962 | flower->handle = tc->tcm_handle; | |
963 | flower->key.eth_type = (OVS_FORCE ovs_be16) tc_get_minor(tc->tcm_info); | |
964 | flower->mask.eth_type = OVS_BE16_MAX; | |
965 | flower->prio = tc_get_major(tc->tcm_info); | |
966 | ||
967 | if (!flower->handle) { | |
968 | return EAGAIN; | |
969 | } | |
970 | ||
971 | if (!nl_policy_parse(reply, NLMSG_HDRLEN + sizeof *tc, | |
972 | tca_policy, ta, ARRAY_SIZE(ta))) { | |
973 | VLOG_ERR_RL(&error_rl, "failed to parse tca policy"); | |
974 | return EPROTO; | |
975 | } | |
976 | ||
977 | kind = nl_attr_get_string(ta[TCA_KIND]); | |
978 | if (strcmp(kind, "flower")) { | |
763e120d | 979 | VLOG_DBG_ONCE("Unsupported filter: %s", kind); |
f98e418f RD |
980 | return EPROTO; |
981 | } | |
982 | ||
983 | return nl_parse_flower_options(ta[TCA_OPTIONS], flower); | |
984 | } | |
985 | ||
986 | int | |
987 | tc_dump_flower_start(int ifindex, struct nl_dump *dump) | |
988 | { | |
989 | struct ofpbuf request; | |
990 | struct tcmsg *tcmsg; | |
991 | ||
992 | tcmsg = tc_make_request(ifindex, RTM_GETTFILTER, NLM_F_DUMP, &request); | |
993 | tcmsg->tcm_parent = TC_INGRESS_PARENT; | |
994 | tcmsg->tcm_info = TC_H_UNSPEC; | |
995 | tcmsg->tcm_handle = 0; | |
996 | ||
997 | nl_dump_start(dump, NETLINK_ROUTE, &request); | |
998 | ofpbuf_uninit(&request); | |
999 | ||
1000 | return 0; | |
1001 | } | |
1002 | ||
1003 | int | |
1004 | tc_flush(int ifindex) | |
1005 | { | |
1006 | struct ofpbuf request; | |
1007 | struct tcmsg *tcmsg; | |
1008 | ||
1009 | tcmsg = tc_make_request(ifindex, RTM_DELTFILTER, NLM_F_ACK, &request); | |
1010 | tcmsg->tcm_parent = TC_INGRESS_PARENT; | |
1011 | tcmsg->tcm_info = TC_H_UNSPEC; | |
1012 | ||
1013 | return tc_transact(&request, NULL); | |
1014 | } | |
1015 | ||
1016 | int | |
1017 | tc_del_filter(int ifindex, int prio, int handle) | |
1018 | { | |
1019 | struct ofpbuf request; | |
1020 | struct tcmsg *tcmsg; | |
1021 | struct ofpbuf *reply; | |
1022 | int error; | |
1023 | ||
1024 | tcmsg = tc_make_request(ifindex, RTM_DELTFILTER, NLM_F_ECHO, &request); | |
1025 | tcmsg->tcm_parent = TC_INGRESS_PARENT; | |
1026 | tcmsg->tcm_info = tc_make_handle(prio, 0); | |
1027 | tcmsg->tcm_handle = handle; | |
1028 | ||
1029 | error = tc_transact(&request, &reply); | |
1030 | if (!error) { | |
1031 | ofpbuf_delete(reply); | |
1032 | } | |
1033 | return error; | |
1034 | } | |
1035 | ||
1036 | int | |
1037 | tc_get_flower(int ifindex, int prio, int handle, struct tc_flower *flower) | |
1038 | { | |
1039 | struct ofpbuf request; | |
1040 | struct tcmsg *tcmsg; | |
1041 | struct ofpbuf *reply; | |
1042 | int error; | |
1043 | ||
1044 | tcmsg = tc_make_request(ifindex, RTM_GETTFILTER, NLM_F_ECHO, &request); | |
1045 | tcmsg->tcm_parent = TC_INGRESS_PARENT; | |
1046 | tcmsg->tcm_info = tc_make_handle(prio, 0); | |
1047 | tcmsg->tcm_handle = handle; | |
1048 | ||
1049 | error = tc_transact(&request, &reply); | |
1050 | if (error) { | |
1051 | return error; | |
1052 | } | |
1053 | ||
1054 | error = parse_netlink_to_tc_flower(reply, flower); | |
1055 | ofpbuf_delete(reply); | |
1056 | return error; | |
1057 | } | |
1058 | ||
691d20cb PB |
1059 | static int |
1060 | tc_get_tc_cls_policy(enum tc_offload_policy policy) | |
1061 | { | |
1062 | if (policy == TC_POLICY_SKIP_HW) { | |
1063 | return TCA_CLS_FLAGS_SKIP_HW; | |
1064 | } else if (policy == TC_POLICY_SKIP_SW) { | |
1065 | return TCA_CLS_FLAGS_SKIP_SW; | |
1066 | } | |
1067 | ||
1068 | return 0; | |
1069 | } | |
1070 | ||
8ada482b PB |
1071 | static void |
1072 | nl_msg_put_act_csum(struct ofpbuf *request, uint32_t flags) | |
1073 | { | |
1074 | size_t offset; | |
1075 | ||
1076 | nl_msg_put_string(request, TCA_ACT_KIND, "csum"); | |
1077 | offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS); | |
1078 | { | |
1079 | struct tc_csum parm = { .action = TC_ACT_PIPE, | |
1080 | .update_flags = flags }; | |
1081 | ||
1082 | nl_msg_put_unspec(request, TCA_CSUM_PARMS, &parm, sizeof parm); | |
1083 | } | |
1084 | nl_msg_end_nested(request, offset); | |
1085 | } | |
1086 | ||
1087 | static void | |
1088 | nl_msg_put_act_pedit(struct ofpbuf *request, struct tc_pedit *parm, | |
1089 | struct tc_pedit_key_ex *ex) | |
1090 | { | |
e13bbbab | 1091 | size_t ksize = sizeof *parm + parm->nkeys * sizeof(struct tc_pedit_key); |
8ada482b PB |
1092 | size_t offset, offset_keys_ex, offset_key; |
1093 | int i; | |
1094 | ||
1095 | nl_msg_put_string(request, TCA_ACT_KIND, "pedit"); | |
1096 | offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS); | |
1097 | { | |
1098 | parm->action = TC_ACT_PIPE; | |
1099 | ||
1100 | nl_msg_put_unspec(request, TCA_PEDIT_PARMS_EX, parm, ksize); | |
1101 | offset_keys_ex = nl_msg_start_nested(request, TCA_PEDIT_KEYS_EX); | |
1102 | for (i = 0; i < parm->nkeys; i++, ex++) { | |
1103 | offset_key = nl_msg_start_nested(request, TCA_PEDIT_KEY_EX); | |
1104 | nl_msg_put_u16(request, TCA_PEDIT_KEY_EX_HTYPE, ex->htype); | |
1105 | nl_msg_put_u16(request, TCA_PEDIT_KEY_EX_CMD, ex->cmd); | |
1106 | nl_msg_end_nested(request, offset_key); | |
1107 | } | |
1108 | nl_msg_end_nested(request, offset_keys_ex); | |
1109 | } | |
1110 | nl_msg_end_nested(request, offset); | |
1111 | } | |
1112 | ||
f98e418f RD |
1113 | static void |
1114 | nl_msg_put_act_push_vlan(struct ofpbuf *request, uint16_t vid, uint8_t prio) | |
1115 | { | |
1116 | size_t offset; | |
1117 | ||
1118 | nl_msg_put_string(request, TCA_ACT_KIND, "vlan"); | |
1119 | offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS); | |
1120 | { | |
1121 | struct tc_vlan parm = { .action = TC_ACT_PIPE, | |
1122 | .v_action = TCA_VLAN_ACT_PUSH }; | |
1123 | ||
1124 | nl_msg_put_unspec(request, TCA_VLAN_PARMS, &parm, sizeof parm); | |
1125 | nl_msg_put_u16(request, TCA_VLAN_PUSH_VLAN_ID, vid); | |
1126 | nl_msg_put_u8(request, TCA_VLAN_PUSH_VLAN_PRIORITY, prio); | |
1127 | } | |
1128 | nl_msg_end_nested(request, offset); | |
1129 | } | |
1130 | ||
1131 | static void | |
1132 | nl_msg_put_act_pop_vlan(struct ofpbuf *request) | |
1133 | { | |
1134 | size_t offset; | |
1135 | ||
1136 | nl_msg_put_string(request, TCA_ACT_KIND, "vlan"); | |
1137 | offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS); | |
1138 | { | |
1139 | struct tc_vlan parm = { .action = TC_ACT_PIPE, | |
1140 | .v_action = TCA_VLAN_ACT_POP }; | |
1141 | ||
1142 | nl_msg_put_unspec(request, TCA_VLAN_PARMS, &parm, sizeof parm); | |
1143 | } | |
1144 | nl_msg_end_nested(request, offset); | |
1145 | } | |
1146 | ||
1147 | static void | |
1148 | nl_msg_put_act_tunnel_key_release(struct ofpbuf *request) | |
1149 | { | |
1150 | size_t offset; | |
1151 | ||
1152 | nl_msg_put_string(request, TCA_ACT_KIND, "tunnel_key"); | |
1153 | offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS); | |
1154 | { | |
1155 | struct tc_tunnel_key tun = { .action = TC_ACT_PIPE, | |
1156 | .t_action = TCA_TUNNEL_KEY_ACT_RELEASE }; | |
1157 | ||
1158 | nl_msg_put_unspec(request, TCA_TUNNEL_KEY_PARMS, &tun, sizeof tun); | |
1159 | } | |
1160 | nl_msg_end_nested(request, offset); | |
1161 | } | |
1162 | ||
1163 | static void | |
1164 | nl_msg_put_act_tunnel_key_set(struct ofpbuf *request, ovs_be64 id, | |
1165 | ovs_be32 ipv4_src, ovs_be32 ipv4_dst, | |
1166 | struct in6_addr *ipv6_src, | |
1167 | struct in6_addr *ipv6_dst, | |
1168 | ovs_be16 tp_dst) | |
1169 | { | |
1170 | size_t offset; | |
1171 | ||
1172 | nl_msg_put_string(request, TCA_ACT_KIND, "tunnel_key"); | |
1173 | offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS); | |
1174 | { | |
1175 | struct tc_tunnel_key tun = { .action = TC_ACT_PIPE, | |
1176 | .t_action = TCA_TUNNEL_KEY_ACT_SET }; | |
1177 | ||
1178 | nl_msg_put_unspec(request, TCA_TUNNEL_KEY_PARMS, &tun, sizeof tun); | |
1179 | ||
1180 | ovs_be32 id32 = be64_to_be32(id); | |
1181 | nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_KEY_ID, id32); | |
1182 | if (ipv4_dst) { | |
1183 | nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_IPV4_SRC, ipv4_src); | |
1184 | nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_IPV4_DST, ipv4_dst); | |
1185 | } else if (!is_all_zeros(ipv6_dst, sizeof *ipv6_dst)) { | |
1186 | nl_msg_put_in6_addr(request, TCA_TUNNEL_KEY_ENC_IPV6_DST, | |
1187 | ipv6_dst); | |
1188 | nl_msg_put_in6_addr(request, TCA_TUNNEL_KEY_ENC_IPV6_SRC, | |
1189 | ipv6_src); | |
1190 | } | |
1191 | nl_msg_put_be16(request, TCA_TUNNEL_KEY_ENC_DST_PORT, tp_dst); | |
1192 | } | |
1193 | nl_msg_end_nested(request, offset); | |
1194 | } | |
1195 | ||
1196 | static void | |
1197 | nl_msg_put_act_drop(struct ofpbuf *request) | |
1198 | { | |
1199 | size_t offset; | |
1200 | ||
1201 | nl_msg_put_string(request, TCA_ACT_KIND, "gact"); | |
1202 | offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS); | |
1203 | { | |
1204 | struct tc_gact p = { .action = TC_ACT_SHOT }; | |
1205 | ||
1206 | nl_msg_put_unspec(request, TCA_GACT_PARMS, &p, sizeof p); | |
1207 | } | |
1208 | nl_msg_end_nested(request, offset); | |
1209 | } | |
1210 | ||
1211 | static void | |
1212 | nl_msg_put_act_redirect(struct ofpbuf *request, int ifindex) | |
1213 | { | |
1214 | size_t offset; | |
1215 | ||
1216 | nl_msg_put_string(request, TCA_ACT_KIND, "mirred"); | |
1217 | offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS); | |
1218 | { | |
1219 | struct tc_mirred m = { .action = TC_ACT_STOLEN, | |
1220 | .eaction = TCA_EGRESS_REDIR, | |
1221 | .ifindex = ifindex }; | |
1222 | ||
1223 | nl_msg_put_unspec(request, TCA_MIRRED_PARMS, &m, sizeof m); | |
1224 | } | |
1225 | nl_msg_end_nested(request, offset); | |
1226 | } | |
1227 | ||
1228 | static inline void | |
1229 | nl_msg_put_act_cookie(struct ofpbuf *request, struct tc_cookie *ck) { | |
1230 | if (ck->len) { | |
1231 | nl_msg_put_unspec(request, TCA_ACT_COOKIE, ck->data, ck->len); | |
1232 | } | |
1233 | } | |
1234 | ||
8ada482b PB |
1235 | /* Given flower, a key_to_pedit map entry, calculates the rest, |
1236 | * where: | |
1237 | * | |
1238 | * mask, data - pointers of where read the first word of flower->key/mask. | |
1239 | * current_offset - which offset to use for the first pedit action. | |
1240 | * cnt - max pedits actions to use. | |
1241 | * first_word_mask/last_word_mask - the mask to use for the first/last read | |
1242 | * (as we read entire words). */ | |
f98e418f | 1243 | static void |
8ada482b PB |
1244 | calc_offsets(struct tc_flower *flower, struct flower_key_to_pedit *m, |
1245 | int *cur_offset, int *cnt, uint32_t *last_word_mask, | |
1246 | uint32_t *first_word_mask, uint32_t **mask, uint32_t **data) | |
1247 | { | |
1248 | int start_offset, max_offset, total_size; | |
1249 | int diff, right_zero_bits, left_zero_bits; | |
1250 | char *rewrite_key = (void *) &flower->rewrite.key; | |
1251 | char *rewrite_mask = (void *) &flower->rewrite.mask; | |
1252 | ||
1253 | max_offset = m->offset + m->size; | |
1254 | start_offset = ROUND_DOWN(m->offset, 4); | |
1255 | diff = m->offset - start_offset; | |
1256 | total_size = max_offset - start_offset; | |
1257 | right_zero_bits = 8 * (4 - (max_offset % 4)); | |
1258 | left_zero_bits = 8 * (m->offset - start_offset); | |
1259 | ||
1260 | *cur_offset = start_offset; | |
1261 | *cnt = (total_size / 4) + (total_size % 4 ? 1 : 0); | |
1262 | *last_word_mask = UINT32_MAX >> right_zero_bits; | |
1263 | *first_word_mask = UINT32_MAX << left_zero_bits; | |
1264 | *data = (void *) (rewrite_key + m->flower_offset - diff); | |
1265 | *mask = (void *) (rewrite_mask + m->flower_offset - diff); | |
1266 | } | |
1267 | ||
d6118e62 | 1268 | static inline int |
8ada482b PB |
1269 | csum_update_flag(struct tc_flower *flower, |
1270 | enum pedit_header_type htype) { | |
d6118e62 PB |
1271 | /* Explictily specifiy the csum flags so HW can return EOPNOTSUPP |
1272 | * if it doesn't support a checksum recalculation of some headers. | |
1273 | * And since OVS allows a flow such as | |
1274 | * eth(dst=<mac>),eth_type(0x0800) actions=set(ipv4(src=<new_ip>)) | |
1275 | * we need to force a more specific flow as this can, for example, | |
1276 | * need a recalculation of icmp checksum if the packet that passes | |
1277 | * is icmp and tcp checksum if its tcp. */ | |
1278 | ||
1279 | switch (htype) { | |
1280 | case TCA_PEDIT_KEY_EX_HDR_TYPE_IP4: | |
8ada482b | 1281 | flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_IPV4HDR; |
eeb0ca88 | 1282 | /* Fall through. */ |
d6118e62 PB |
1283 | case TCA_PEDIT_KEY_EX_HDR_TYPE_IP6: |
1284 | case TCA_PEDIT_KEY_EX_HDR_TYPE_TCP: | |
1285 | case TCA_PEDIT_KEY_EX_HDR_TYPE_UDP: | |
8ada482b | 1286 | if (flower->key.ip_proto == IPPROTO_TCP) { |
d6118e62 | 1287 | flower->needs_full_ip_proto_mask = true; |
8ada482b PB |
1288 | flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_TCP; |
1289 | } else if (flower->key.ip_proto == IPPROTO_UDP) { | |
d6118e62 | 1290 | flower->needs_full_ip_proto_mask = true; |
8ada482b PB |
1291 | flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_UDP; |
1292 | } else if (flower->key.ip_proto == IPPROTO_ICMP | |
1293 | || flower->key.ip_proto == IPPROTO_ICMPV6) { | |
d6118e62 | 1294 | flower->needs_full_ip_proto_mask = true; |
8ada482b | 1295 | flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_ICMP; |
d6118e62 PB |
1296 | } else { |
1297 | VLOG_WARN_RL(&error_rl, | |
1298 | "can't offload rewrite of IP/IPV6 with ip_proto: %d", | |
1299 | flower->key.ip_proto); | |
1300 | break; | |
8ada482b | 1301 | } |
eeb0ca88 | 1302 | /* Fall through. */ |
d6118e62 PB |
1303 | case TCA_PEDIT_KEY_EX_HDR_TYPE_ETH: |
1304 | return 0; /* success */ | |
1305 | ||
1306 | case TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK: | |
1307 | case __PEDIT_HDR_TYPE_MAX: | |
1308 | default: | |
1309 | break; | |
8ada482b | 1310 | } |
d6118e62 PB |
1311 | |
1312 | return EOPNOTSUPP; | |
8ada482b PB |
1313 | } |
1314 | ||
1315 | static int | |
1316 | nl_msg_put_flower_rewrite_pedits(struct ofpbuf *request, | |
1317 | struct tc_flower *flower) | |
1318 | { | |
1319 | struct { | |
1320 | struct tc_pedit sel; | |
1321 | struct tc_pedit_key keys[MAX_PEDIT_OFFSETS]; | |
1322 | struct tc_pedit_key_ex keys_ex[MAX_PEDIT_OFFSETS]; | |
1323 | } sel = { | |
1324 | .sel = { | |
1325 | .nkeys = 0 | |
1326 | } | |
1327 | }; | |
d6118e62 | 1328 | int i, j, err; |
8ada482b PB |
1329 | |
1330 | for (i = 0; i < ARRAY_SIZE(flower_pedit_map); i++) { | |
1331 | struct flower_key_to_pedit *m = &flower_pedit_map[i]; | |
1332 | struct tc_pedit_key *pedit_key = NULL; | |
1333 | struct tc_pedit_key_ex *pedit_key_ex = NULL; | |
1334 | uint32_t *mask, *data, first_word_mask, last_word_mask; | |
1335 | int cnt = 0, cur_offset = 0; | |
1336 | ||
1337 | if (!m->size) { | |
1338 | continue; | |
1339 | } | |
1340 | ||
1341 | calc_offsets(flower, m, &cur_offset, &cnt, &last_word_mask, | |
1342 | &first_word_mask, &mask, &data); | |
1343 | ||
1344 | for (j = 0; j < cnt; j++, mask++, data++, cur_offset += 4) { | |
1345 | uint32_t mask_word = *mask; | |
1346 | ||
1347 | if (j == 0) { | |
1348 | mask_word &= first_word_mask; | |
1349 | } | |
1350 | if (j == cnt - 1) { | |
1351 | mask_word &= last_word_mask; | |
1352 | } | |
1353 | if (!mask_word) { | |
1354 | continue; | |
1355 | } | |
1356 | if (sel.sel.nkeys == MAX_PEDIT_OFFSETS) { | |
1357 | VLOG_WARN_RL(&error_rl, "reached too many pedit offsets: %d", | |
1358 | MAX_PEDIT_OFFSETS); | |
1359 | return EOPNOTSUPP; | |
1360 | } | |
1361 | ||
1362 | pedit_key = &sel.keys[sel.sel.nkeys]; | |
1363 | pedit_key_ex = &sel.keys_ex[sel.sel.nkeys]; | |
1364 | pedit_key_ex->cmd = TCA_PEDIT_KEY_EX_CMD_SET; | |
1365 | pedit_key_ex->htype = m->htype; | |
1366 | pedit_key->off = cur_offset; | |
1367 | pedit_key->mask = ~mask_word; | |
1368 | pedit_key->val = *data & mask_word; | |
1369 | sel.sel.nkeys++; | |
d6118e62 PB |
1370 | |
1371 | err = csum_update_flag(flower, m->htype); | |
1372 | if (err) { | |
1373 | return err; | |
1374 | } | |
1375 | ||
1376 | if (flower->needs_full_ip_proto_mask) { | |
1377 | flower->mask.ip_proto = UINT8_MAX; | |
1378 | } | |
8ada482b PB |
1379 | } |
1380 | } | |
1381 | nl_msg_put_act_pedit(request, &sel.sel, sel.keys_ex); | |
1382 | ||
1383 | return 0; | |
1384 | } | |
1385 | ||
1386 | static int | |
f98e418f RD |
1387 | nl_msg_put_flower_acts(struct ofpbuf *request, struct tc_flower *flower) |
1388 | { | |
1389 | size_t offset; | |
1390 | size_t act_offset; | |
0c70132c CM |
1391 | uint16_t act_index = 1; |
1392 | struct tc_action *action; | |
1393 | int i, ifindex = 0; | |
f98e418f RD |
1394 | |
1395 | offset = nl_msg_start_nested(request, TCA_FLOWER_ACT); | |
1396 | { | |
8ada482b PB |
1397 | int error; |
1398 | ||
0c70132c | 1399 | if (flower->tunnel.tunnel) { |
8ada482b | 1400 | act_offset = nl_msg_start_nested(request, act_index++); |
0c70132c | 1401 | nl_msg_put_act_tunnel_key_release(request); |
8ada482b | 1402 | nl_msg_end_nested(request, act_offset); |
0c70132c | 1403 | } |
f98e418f | 1404 | |
0c70132c CM |
1405 | action = flower->actions; |
1406 | for (i = 0; i < flower->action_count; i++, action++) { | |
1407 | switch (action->type) { | |
1408 | case TC_ACT_PEDIT: { | |
a7ce5b85 | 1409 | act_offset = nl_msg_start_nested(request, act_index++); |
0c70132c CM |
1410 | error = nl_msg_put_flower_rewrite_pedits(request, flower); |
1411 | if (error) { | |
1412 | return error; | |
1413 | } | |
a7ce5b85 | 1414 | nl_msg_end_nested(request, act_offset); |
0c70132c CM |
1415 | |
1416 | if (flower->csum_update_flags) { | |
1417 | act_offset = nl_msg_start_nested(request, act_index++); | |
1418 | nl_msg_put_act_csum(request, flower->csum_update_flags); | |
1419 | nl_msg_end_nested(request, act_offset); | |
1420 | } | |
1421 | } | |
1422 | break; | |
1423 | case TC_ACT_ENCAP: { | |
1424 | act_offset = nl_msg_start_nested(request, act_index++); | |
1425 | nl_msg_put_act_tunnel_key_set(request, action->encap.id, | |
1426 | action->encap.ipv4.ipv4_src, | |
1427 | action->encap.ipv4.ipv4_dst, | |
1428 | &action->encap.ipv6.ipv6_src, | |
1429 | &action->encap.ipv6.ipv6_dst, | |
1430 | action->encap.tp_dst); | |
1431 | nl_msg_end_nested(request, act_offset); | |
1432 | } | |
1433 | break; | |
1434 | case TC_ACT_VLAN_POP: { | |
1435 | act_offset = nl_msg_start_nested(request, act_index++); | |
1436 | nl_msg_put_act_pop_vlan(request); | |
1437 | nl_msg_end_nested(request, act_offset); | |
1438 | } | |
1439 | break; | |
1440 | case TC_ACT_VLAN_PUSH: { | |
1441 | act_offset = nl_msg_start_nested(request, act_index++); | |
1442 | nl_msg_put_act_push_vlan(request, | |
1443 | action->vlan.vlan_push_id, | |
1444 | action->vlan.vlan_push_prio); | |
1445 | nl_msg_end_nested(request, act_offset); | |
1446 | } | |
1447 | break; | |
1448 | case TC_ACT_OUTPUT: { | |
1449 | ifindex = action->ifindex_out; | |
1450 | if (ifindex < 1) { | |
1451 | VLOG_ERR_RL(&error_rl, "%s: invalid ifindex: %d, type: %d", | |
1452 | __func__, ifindex, action->type); | |
1453 | return EINVAL; | |
1454 | } | |
1455 | act_offset = nl_msg_start_nested(request, act_index++); | |
1456 | nl_msg_put_act_redirect(request, ifindex); | |
1457 | nl_msg_put_act_cookie(request, &flower->act_cookie); | |
1458 | nl_msg_end_nested(request, act_offset); | |
1459 | } | |
1460 | break; | |
a7ce5b85 | 1461 | } |
8ada482b | 1462 | } |
0c70132c CM |
1463 | } |
1464 | if (!ifindex) { | |
1465 | act_offset = nl_msg_start_nested(request, act_index++); | |
1466 | nl_msg_put_act_drop(request); | |
1467 | nl_msg_put_act_cookie(request, &flower->act_cookie); | |
1468 | nl_msg_end_nested(request, act_offset); | |
f98e418f RD |
1469 | } |
1470 | nl_msg_end_nested(request, offset); | |
8ada482b PB |
1471 | |
1472 | return 0; | |
f98e418f RD |
1473 | } |
1474 | ||
1475 | static void | |
1476 | nl_msg_put_masked_value(struct ofpbuf *request, uint16_t type, | |
1477 | uint16_t mask_type, const void *data, | |
1478 | const void *mask_data, size_t len) | |
1479 | { | |
1480 | if (mask_type != TCA_FLOWER_UNSPEC) { | |
1481 | if (is_all_zeros(mask_data, len)) { | |
1482 | return; | |
1483 | } | |
1484 | nl_msg_put_unspec(request, mask_type, mask_data, len); | |
1485 | } | |
1486 | nl_msg_put_unspec(request, type, data, len); | |
1487 | } | |
1488 | ||
1489 | static void | |
1490 | nl_msg_put_flower_tunnel(struct ofpbuf *request, struct tc_flower *flower) | |
1491 | { | |
1492 | ovs_be32 ipv4_src = flower->tunnel.ipv4.ipv4_src; | |
1493 | ovs_be32 ipv4_dst = flower->tunnel.ipv4.ipv4_dst; | |
1494 | struct in6_addr *ipv6_src = &flower->tunnel.ipv6.ipv6_src; | |
1495 | struct in6_addr *ipv6_dst = &flower->tunnel.ipv6.ipv6_dst; | |
1496 | ovs_be16 tp_dst = flower->tunnel.tp_dst; | |
1497 | ovs_be32 id = be64_to_be32(flower->tunnel.id); | |
1498 | ||
1499 | nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_KEY_ID, id); | |
1500 | if (ipv4_dst) { | |
1501 | nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_IPV4_SRC, ipv4_src); | |
1502 | nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_IPV4_DST, ipv4_dst); | |
1503 | } else if (!is_all_zeros(ipv6_dst, sizeof *ipv6_dst)) { | |
1504 | nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_SRC, ipv6_src); | |
1505 | nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_DST, ipv6_dst); | |
1506 | } | |
1507 | nl_msg_put_be16(request, TCA_FLOWER_KEY_ENC_UDP_DST_PORT, tp_dst); | |
1508 | } | |
1509 | ||
bb170644 PB |
1510 | #define FLOWER_PUT_MASKED_VALUE(member, type) \ |
1511 | nl_msg_put_masked_value(request, type, type##_MASK, &flower->key.member, \ | |
1512 | &flower->mask.member, sizeof flower->key.member) | |
1513 | ||
8ada482b | 1514 | static int |
f98e418f RD |
1515 | nl_msg_put_flower_options(struct ofpbuf *request, struct tc_flower *flower) |
1516 | { | |
8ada482b | 1517 | |
f98e418f RD |
1518 | uint16_t host_eth_type = ntohs(flower->key.eth_type); |
1519 | bool is_vlan = (host_eth_type == ETH_TYPE_VLAN); | |
8ada482b PB |
1520 | int err; |
1521 | ||
d6118e62 PB |
1522 | /* need to parse acts first as some acts require changing the matching |
1523 | * see csum_update_flag() */ | |
8ada482b PB |
1524 | err = nl_msg_put_flower_acts(request, flower); |
1525 | if (err) { | |
1526 | return err; | |
1527 | } | |
f98e418f RD |
1528 | |
1529 | if (is_vlan) { | |
1530 | host_eth_type = ntohs(flower->key.encap_eth_type); | |
1531 | } | |
1532 | ||
bb170644 PB |
1533 | FLOWER_PUT_MASKED_VALUE(dst_mac, TCA_FLOWER_KEY_ETH_DST); |
1534 | FLOWER_PUT_MASKED_VALUE(src_mac, TCA_FLOWER_KEY_ETH_SRC); | |
f98e418f RD |
1535 | |
1536 | if (host_eth_type == ETH_P_IP || host_eth_type == ETH_P_IPV6) { | |
1537 | if (flower->mask.ip_proto && flower->key.ip_proto) { | |
1538 | nl_msg_put_u8(request, TCA_FLOWER_KEY_IP_PROTO, | |
1539 | flower->key.ip_proto); | |
1540 | } | |
1541 | ||
83e86606 | 1542 | if (flower->mask.flags) { |
7e0f69b5 | 1543 | nl_msg_put_be32(request, TCA_FLOWER_KEY_FLAGS, |
83e86606 | 1544 | htonl(flower->key.flags)); |
7e0f69b5 | 1545 | nl_msg_put_be32(request, TCA_FLOWER_KEY_FLAGS_MASK, |
83e86606 RD |
1546 | htonl(flower->mask.flags)); |
1547 | } | |
1548 | ||
f98e418f | 1549 | if (flower->key.ip_proto == IPPROTO_UDP) { |
2b1d9fa9 PB |
1550 | FLOWER_PUT_MASKED_VALUE(udp_src, TCA_FLOWER_KEY_UDP_SRC); |
1551 | FLOWER_PUT_MASKED_VALUE(udp_dst, TCA_FLOWER_KEY_UDP_DST); | |
f98e418f | 1552 | } else if (flower->key.ip_proto == IPPROTO_TCP) { |
2b1d9fa9 PB |
1553 | FLOWER_PUT_MASKED_VALUE(tcp_src, TCA_FLOWER_KEY_TCP_SRC); |
1554 | FLOWER_PUT_MASKED_VALUE(tcp_dst, TCA_FLOWER_KEY_TCP_DST); | |
cd081043 | 1555 | FLOWER_PUT_MASKED_VALUE(tcp_flags, TCA_FLOWER_KEY_TCP_FLAGS); |
4862b4e5 | 1556 | } else if (flower->key.ip_proto == IPPROTO_SCTP) { |
2b1d9fa9 PB |
1557 | FLOWER_PUT_MASKED_VALUE(sctp_src, TCA_FLOWER_KEY_SCTP_SRC); |
1558 | FLOWER_PUT_MASKED_VALUE(sctp_dst, TCA_FLOWER_KEY_SCTP_DST); | |
f98e418f RD |
1559 | } |
1560 | } | |
1561 | ||
1562 | if (host_eth_type == ETH_P_IP) { | |
bb170644 PB |
1563 | FLOWER_PUT_MASKED_VALUE(ipv4.ipv4_src, TCA_FLOWER_KEY_IPV4_SRC); |
1564 | FLOWER_PUT_MASKED_VALUE(ipv4.ipv4_dst, TCA_FLOWER_KEY_IPV4_DST); | |
0b4b5203 | 1565 | FLOWER_PUT_MASKED_VALUE(ip_ttl, TCA_FLOWER_KEY_IP_TTL); |
f98e418f | 1566 | } else if (host_eth_type == ETH_P_IPV6) { |
bb170644 PB |
1567 | FLOWER_PUT_MASKED_VALUE(ipv6.ipv6_src, TCA_FLOWER_KEY_IPV6_SRC); |
1568 | FLOWER_PUT_MASKED_VALUE(ipv6.ipv6_dst, TCA_FLOWER_KEY_IPV6_DST); | |
f98e418f RD |
1569 | } |
1570 | ||
1571 | nl_msg_put_be16(request, TCA_FLOWER_KEY_ETH_TYPE, flower->key.eth_type); | |
1572 | ||
1573 | if (is_vlan) { | |
1574 | if (flower->key.vlan_id || flower->key.vlan_prio) { | |
1575 | nl_msg_put_u16(request, TCA_FLOWER_KEY_VLAN_ID, | |
1576 | flower->key.vlan_id); | |
1577 | nl_msg_put_u8(request, TCA_FLOWER_KEY_VLAN_PRIO, | |
1578 | flower->key.vlan_prio); | |
1579 | } | |
1580 | if (flower->key.encap_eth_type) { | |
1581 | nl_msg_put_be16(request, TCA_FLOWER_KEY_VLAN_ETH_TYPE, | |
1582 | flower->key.encap_eth_type); | |
1583 | } | |
1584 | } | |
1585 | ||
691d20cb | 1586 | nl_msg_put_u32(request, TCA_FLOWER_FLAGS, tc_get_tc_cls_policy(tc_policy)); |
f98e418f RD |
1587 | |
1588 | if (flower->tunnel.tunnel) { | |
1589 | nl_msg_put_flower_tunnel(request, flower); | |
1590 | } | |
1591 | ||
8ada482b | 1592 | return 0; |
f98e418f RD |
1593 | } |
1594 | ||
1595 | int | |
1596 | tc_replace_flower(int ifindex, uint16_t prio, uint32_t handle, | |
1597 | struct tc_flower *flower) | |
1598 | { | |
1599 | struct ofpbuf request; | |
1600 | struct tcmsg *tcmsg; | |
1601 | struct ofpbuf *reply; | |
1602 | int error = 0; | |
1603 | size_t basic_offset; | |
1604 | uint16_t eth_type = (OVS_FORCE uint16_t) flower->key.eth_type; | |
1605 | ||
1606 | tcmsg = tc_make_request(ifindex, RTM_NEWTFILTER, | |
1607 | NLM_F_CREATE | NLM_F_ECHO, &request); | |
1608 | tcmsg->tcm_parent = TC_INGRESS_PARENT; | |
1609 | tcmsg->tcm_info = tc_make_handle(prio, eth_type); | |
1610 | tcmsg->tcm_handle = handle; | |
1611 | ||
1612 | nl_msg_put_string(&request, TCA_KIND, "flower"); | |
1613 | basic_offset = nl_msg_start_nested(&request, TCA_OPTIONS); | |
1614 | { | |
8ada482b PB |
1615 | error = nl_msg_put_flower_options(&request, flower); |
1616 | ||
1617 | if (error) { | |
1618 | ofpbuf_uninit(&request); | |
1619 | return error; | |
1620 | } | |
f98e418f RD |
1621 | } |
1622 | nl_msg_end_nested(&request, basic_offset); | |
1623 | ||
1624 | error = tc_transact(&request, &reply); | |
1625 | if (!error) { | |
1626 | struct tcmsg *tc = | |
1627 | ofpbuf_at_assert(reply, NLMSG_HDRLEN, sizeof *tc); | |
1628 | ||
1629 | flower->prio = tc_get_major(tc->tcm_info); | |
1630 | flower->handle = tc->tcm_handle; | |
1631 | ofpbuf_delete(reply); | |
1632 | } | |
1633 | ||
1634 | return error; | |
1635 | } | |
691d20cb PB |
1636 | |
1637 | void | |
1638 | tc_set_policy(const char *policy) | |
1639 | { | |
1640 | if (!policy) { | |
1641 | return; | |
1642 | } | |
1643 | ||
1644 | if (!strcmp(policy, "skip_sw")) { | |
1645 | tc_policy = TC_POLICY_SKIP_SW; | |
1646 | } else if (!strcmp(policy, "skip_hw")) { | |
1647 | tc_policy = TC_POLICY_SKIP_HW; | |
1648 | } else if (!strcmp(policy, "none")) { | |
1649 | tc_policy = TC_POLICY_NONE; | |
1650 | } else { | |
1651 | VLOG_WARN("tc: Invalid policy '%s'", policy); | |
1652 | return; | |
1653 | } | |
1654 | ||
1655 | VLOG_INFO("tc: Using policy '%s'", policy); | |
1656 | } |