]> git.proxmox.com Git - mirror_ovs.git/blame - lib/tc.c
projects / mirror_ovs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tc: Make the actions order consistent
[mirror_ovs.git] / lib / tc.c
CommitLineData
c1c5c723 1/*
ef3767f5 2 * Copyright (c) 2009-2017 Nicira, Inc.
f98e418f 3 * Copyright (c) 2016 Mellanox Technologies, Ltd.
c1c5c723
PB		 4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18#include <config.h>
19#include "tc.h"
ef3767f5 20
c1c5c723 21#include <errno.h>
f98e418f
RD		 22#include <linux/if_ether.h>
23#include <linux/rtnetlink.h>
8ada482b 24#include <linux/tc_act/tc_csum.h>
f98e418f
RD		 25#include <linux/tc_act/tc_gact.h>
26#include <linux/tc_act/tc_mirred.h>
8ada482b 27#include <linux/tc_act/tc_pedit.h>
f98e418f
RD		 28#include <linux/tc_act/tc_tunnel_key.h>
29#include <linux/tc_act/tc_vlan.h>
30#include <linux/gen_stats.h>
31#include <net/if.h>
8c1e74d1 32#include <unistd.h>
ef3767f5 33
f98e418f 34#include "byte-order.h"
c1c5c723
PB		 35#include "netlink-socket.h"
36#include "netlink.h"
37#include "openvswitch/ofpbuf.h"
8ada482b 38#include "openvswitch/util.h"
c1c5c723 39#include "openvswitch/vlog.h"
f98e418f
RD		 40#include "packets.h"
41#include "timeval.h"
ef3767f5 42#include "unaligned.h"
c1c5c723 43
8ada482b
PB		 44#define MAX_PEDIT_OFFSETS 32
45
c1c5c723
PB		 46VLOG_DEFINE_THIS_MODULE(tc);
47
f98e418f
RD		 48static struct vlog_rate_limit error_rl = VLOG_RATE_LIMIT_INIT(60, 5);
49
691d20cb
PB		 50enum tc_offload_policy {
51 TC_POLICY_NONE,
52 TC_POLICY_SKIP_SW,
53 TC_POLICY_SKIP_HW
54};
55
56static enum tc_offload_policy tc_policy = TC_POLICY_NONE;
57
8ada482b
PB		 58struct tc_pedit_key_ex {
59 enum pedit_header_type htype;
60 enum pedit_cmd cmd;
61};
62
63struct flower_key_to_pedit {
64 enum pedit_header_type htype;
8ada482b 65 int offset;
fbaf1bf9 66 int flower_offset;
8ada482b
PB		 67 int size;
68};
69
70static struct flower_key_to_pedit flower_pedit_map[] = {
71 {
72 TCA_PEDIT_KEY_EX_HDR_TYPE_IP4,
73 12,
74 offsetof(struct tc_flower_key, ipv4.ipv4_src),
75 MEMBER_SIZEOF(struct tc_flower_key, ipv4.ipv4_src)
76 }, {
77 TCA_PEDIT_KEY_EX_HDR_TYPE_IP4,
78 16,
79 offsetof(struct tc_flower_key, ipv4.ipv4_dst),
80 MEMBER_SIZEOF(struct tc_flower_key, ipv4.ipv4_dst)
81 }, {
82 TCA_PEDIT_KEY_EX_HDR_TYPE_IP4,
83 8,
84 offsetof(struct tc_flower_key, ipv4.rewrite_ttl),
85 MEMBER_SIZEOF(struct tc_flower_key, ipv4.rewrite_ttl)
86 }, {
87 TCA_PEDIT_KEY_EX_HDR_TYPE_IP6,
88 8,
89 offsetof(struct tc_flower_key, ipv6.ipv6_src),
90 MEMBER_SIZEOF(struct tc_flower_key, ipv6.ipv6_src)
91 }, {
92 TCA_PEDIT_KEY_EX_HDR_TYPE_IP6,
93 24,
94 offsetof(struct tc_flower_key, ipv6.ipv6_dst),
95 MEMBER_SIZEOF(struct tc_flower_key, ipv6.ipv6_dst)
96 }, {
97 TCA_PEDIT_KEY_EX_HDR_TYPE_ETH,
98 6,
99 offsetof(struct tc_flower_key, src_mac),
100 MEMBER_SIZEOF(struct tc_flower_key, src_mac)
101 }, {
102 TCA_PEDIT_KEY_EX_HDR_TYPE_ETH,
103 0,
104 offsetof(struct tc_flower_key, dst_mac),
105 MEMBER_SIZEOF(struct tc_flower_key, dst_mac)
106 }, {
107 TCA_PEDIT_KEY_EX_HDR_TYPE_ETH,
108 12,
109 offsetof(struct tc_flower_key, eth_type),
110 MEMBER_SIZEOF(struct tc_flower_key, eth_type)
111 }, {
112 TCA_PEDIT_KEY_EX_HDR_TYPE_TCP,
113 0,
114 offsetof(struct tc_flower_key, tcp_src),
115 MEMBER_SIZEOF(struct tc_flower_key, tcp_src)
116 }, {
117 TCA_PEDIT_KEY_EX_HDR_TYPE_TCP,
118 2,
119 offsetof(struct tc_flower_key, tcp_dst),
120 MEMBER_SIZEOF(struct tc_flower_key, tcp_dst)
121 }, {
122 TCA_PEDIT_KEY_EX_HDR_TYPE_UDP,
123 0,
124 offsetof(struct tc_flower_key, udp_src),
125 MEMBER_SIZEOF(struct tc_flower_key, udp_src)
126 }, {
127 TCA_PEDIT_KEY_EX_HDR_TYPE_UDP,
128 2,
129 offsetof(struct tc_flower_key, udp_dst),
130 MEMBER_SIZEOF(struct tc_flower_key, udp_dst)
131 },
132};
133
d6118e62
PB		 134static inline int
135csum_update_flag(struct tc_flower *flower,
136 enum pedit_header_type htype);
137
c1c5c723
PB		 138struct tcmsg *
139tc_make_request(int ifindex, int type, unsigned int flags,
140 struct ofpbuf *request)
141{
142 struct tcmsg *tcmsg;
143
144 ofpbuf_init(request, 512);
145 nl_msg_put_nlmsghdr(request, sizeof *tcmsg, type, NLM_F_REQUEST | flags);
146 tcmsg = ofpbuf_put_zeros(request, sizeof *tcmsg);
147 tcmsg->tcm_family = AF_UNSPEC;
148 tcmsg->tcm_ifindex = ifindex;
149 /* Caller should fill in tcmsg->tcm_handle. */
150 /* Caller should fill in tcmsg->tcm_parent. */
151
152 return tcmsg;
153}
154
155int
156tc_transact(struct ofpbuf *request, struct ofpbuf **replyp)
157{
158 int error = nl_transact(NETLINK_ROUTE, request, replyp);
159 ofpbuf_uninit(request);
160 return error;
161}
162
163/* Adds or deletes a root ingress qdisc on device with specified ifindex.
164 *
165 * This function is equivalent to running the following when 'add' is true:
166 * /sbin/tc qdisc add dev <devname> handle ffff: ingress
167 *
168 * This function is equivalent to running the following when 'add' is false:
169 * /sbin/tc qdisc del dev <devname> handle ffff: ingress
170 *
171 * Where dev <devname> is the device with specified ifindex name.
172 *
173 * The configuration and stats may be seen with the following command:
174 * /sbin/tc -s qdisc show dev <devname>
175 *
176 * Returns 0 if successful, otherwise a positive errno value.
177 */
178int
179tc_add_del_ingress_qdisc(int ifindex, bool add)
180{
181 struct ofpbuf request;
182 struct tcmsg *tcmsg;
183 int error;
184 int type = add ? RTM_NEWQDISC : RTM_DELQDISC;
185 int flags = add ? NLM_F_EXCL | NLM_F_CREATE : 0;
186
187 tcmsg = tc_make_request(ifindex, type, flags, &request);
209832d5 188 tcmsg->tcm_handle = TC_H_MAKE(TC_H_INGRESS, 0);
c1c5c723
PB		 189 tcmsg->tcm_parent = TC_H_INGRESS;
190 nl_msg_put_string(&request, TCA_KIND, "ingress");
191 nl_msg_put_unspec(&request, TCA_OPTIONS, NULL, 0);
192
193 error = tc_transact(&request, NULL);
194 if (error) {
195 /* If we're deleting the qdisc, don't worry about some of the
196 * error conditions. */
197 if (!add && (error == ENOENT || error == EINVAL)) {
198 return 0;
199 }
200 return error;
201 }
202
203 return 0;
204}
f98e418f
RD		 205
206static const struct nl_policy tca_policy[] = {
207 [TCA_KIND] = { .type = NL_A_STRING, .optional = false, },
208 [TCA_OPTIONS] = { .type = NL_A_NESTED, .optional = false, },
209 [TCA_STATS] = { .type = NL_A_UNSPEC,
210 .min_len = sizeof(struct tc_stats), .optional = true, },
211 [TCA_STATS2] = { .type = NL_A_NESTED, .optional = true, },
212};
213
214static const struct nl_policy tca_flower_policy[] = {
215 [TCA_FLOWER_CLASSID] = { .type = NL_A_U32, .optional = true, },
216 [TCA_FLOWER_INDEV] = { .type = NL_A_STRING, .max_len = IFNAMSIZ,
217 .optional = true, },
218 [TCA_FLOWER_KEY_ETH_SRC] = { .type = NL_A_UNSPEC,
219 .min_len = ETH_ALEN, .optional = true, },
220 [TCA_FLOWER_KEY_ETH_DST] = { .type = NL_A_UNSPEC,
221 .min_len = ETH_ALEN, .optional = true, },
222 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .type = NL_A_UNSPEC,
223 .min_len = ETH_ALEN,
224 .optional = true, },
225 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .type = NL_A_UNSPEC,
226 .min_len = ETH_ALEN,
227 .optional = true, },
228 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NL_A_U16, .optional = false, },
229 [TCA_FLOWER_FLAGS] = { .type = NL_A_U32, .optional = false, },
230 [TCA_FLOWER_ACT] = { .type = NL_A_NESTED, .optional = false, },
231 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NL_A_U8, .optional = true, },
232 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NL_A_U32, .optional = true, },
233 [TCA_FLOWER_KEY_IPV4_DST] = {.type = NL_A_U32, .optional = true, },
234 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NL_A_U32, .optional = true, },
235 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NL_A_U32, .optional = true, },
236 [TCA_FLOWER_KEY_IPV6_SRC] = { .type = NL_A_UNSPEC,
237 .min_len = sizeof(struct in6_addr),
238 .optional = true, },
239 [TCA_FLOWER_KEY_IPV6_DST] = { .type = NL_A_UNSPEC,
240 .min_len = sizeof(struct in6_addr),
241 .optional = true, },
242 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .type = NL_A_UNSPEC,
243 .min_len = sizeof(struct in6_addr),
244 .optional = true, },
245 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .type = NL_A_UNSPEC,
246 .min_len = sizeof(struct in6_addr),
247 .optional = true, },
248 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NL_A_U16, .optional = true, },
249 [TCA_FLOWER_KEY_TCP_DST] = { .type = NL_A_U16, .optional = true, },
250 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NL_A_U16, .optional = true, },
251 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NL_A_U16, .optional = true, },
252 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NL_A_U16, .optional = true, },
253 [TCA_FLOWER_KEY_UDP_DST] = { .type = NL_A_U16, .optional = true, },
254 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NL_A_U16, .optional = true, },
255 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NL_A_U16, .optional = true, },
4862b4e5
VB		 256 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NL_A_U16, .optional = true, },
257 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NL_A_U16, .optional = true, },
258 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NL_A_U16, .optional = true, },
259 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NL_A_U16, .optional = true, },
f98e418f
RD		 260 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NL_A_U16, .optional = true, },
261 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NL_A_U8, .optional = true, },
262 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NL_A_U16, .optional = true, },
263 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NL_A_U32, .optional = true, },
264 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NL_A_U32, .optional = true, },
265 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NL_A_U32, .optional = true, },
266 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NL_A_U32,
267 .optional = true, },
268 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NL_A_U32,
269 .optional = true, },
270 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .type = NL_A_UNSPEC,
271 .min_len = sizeof(struct in6_addr),
272 .optional = true, },
273 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .type = NL_A_UNSPEC,
274 .min_len = sizeof(struct in6_addr),
275 .optional = true, },
276 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .type = NL_A_UNSPEC,
277 .min_len = sizeof(struct in6_addr),
278 .optional = true, },
279 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .type = NL_A_UNSPEC,
280 .min_len = sizeof(struct in6_addr),
281 .optional = true, },
282 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NL_A_U16,
283 .optional = true, },
83e86606
RD		 284 [TCA_FLOWER_KEY_FLAGS] = { .type = NL_A_BE32, .optional = true, },
285 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NL_A_BE32, .optional = true, },
0b4b5203
PB		 286 [TCA_FLOWER_KEY_IP_TTL] = { .type = NL_A_U8,
287 .optional = true, },
288 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NL_A_U8,
289 .optional = true, },
cd081043
PB		 290 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NL_A_U16,
291 .optional = true, },
292 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NL_A_U16,
293 .optional = true, },
f98e418f
RD		 294};
295
296static void
297nl_parse_flower_eth(struct nlattr **attrs, struct tc_flower *flower)
298{
299 const struct eth_addr *eth;
300
301 if (attrs[TCA_FLOWER_KEY_ETH_SRC_MASK]) {
302 eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_SRC], ETH_ALEN);
303 memcpy(&flower->key.src_mac, eth, sizeof flower->key.src_mac);
304
305 eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_SRC_MASK], ETH_ALEN);
306 memcpy(&flower->mask.src_mac, eth, sizeof flower->mask.src_mac);
307 }
308 if (attrs[TCA_FLOWER_KEY_ETH_DST_MASK]) {
309 eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_DST], ETH_ALEN);
310 memcpy(&flower->key.dst_mac, eth, sizeof flower->key.dst_mac);
311
312 eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_DST_MASK], ETH_ALEN);
313 memcpy(&flower->mask.dst_mac, eth, sizeof flower->mask.dst_mac);
314 }
315}
316
317static void
318nl_parse_flower_vlan(struct nlattr **attrs, struct tc_flower *flower)
319{
320 if (flower->key.eth_type != htons(ETH_TYPE_VLAN)) {
321 return;
322 }
323
324 flower->key.encap_eth_type =
325 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_ETH_TYPE]);
326
327 if (attrs[TCA_FLOWER_KEY_VLAN_ID]) {
328 flower->key.vlan_id =
329 nl_attr_get_u16(attrs[TCA_FLOWER_KEY_VLAN_ID]);
330 }
331 if (attrs[TCA_FLOWER_KEY_VLAN_PRIO]) {
332 flower->key.vlan_prio =
333 nl_attr_get_u8(attrs[TCA_FLOWER_KEY_VLAN_PRIO]);
334 }
335}
336
337static void
338nl_parse_flower_tunnel(struct nlattr **attrs, struct tc_flower *flower)
339{
340 if (attrs[TCA_FLOWER_KEY_ENC_KEY_ID]) {
341 ovs_be32 id = nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_KEY_ID]);
342
343 flower->tunnel.id = be32_to_be64(id);
344 }
345 if (attrs[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK]) {
346 flower->tunnel.ipv4.ipv4_src =
347 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_IPV4_SRC]);
348 }
349 if (attrs[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK]) {
350 flower->tunnel.ipv4.ipv4_dst =
351 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_IPV4_DST]);
352 }
353 if (attrs[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK]) {
354 flower->tunnel.ipv6.ipv6_src =
355 nl_attr_get_in6_addr(attrs[TCA_FLOWER_KEY_ENC_IPV6_SRC]);
356 }
357 if (attrs[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK]) {
358 flower->tunnel.ipv6.ipv6_dst =
359 nl_attr_get_in6_addr(attrs[TCA_FLOWER_KEY_ENC_IPV6_DST]);
360 }
361 if (attrs[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]) {
362 flower->tunnel.tp_dst =
363 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]);
364 }
365}
366
367static void
368nl_parse_flower_ip(struct nlattr **attrs, struct tc_flower *flower) {
369 uint8_t ip_proto = 0;
370 struct tc_flower_key *key = &flower->key;
371 struct tc_flower_key *mask = &flower->mask;
372
373 if (attrs[TCA_FLOWER_KEY_IP_PROTO]) {
374 ip_proto = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_PROTO]);
375 key->ip_proto = ip_proto;
376 mask->ip_proto = UINT8_MAX;
377 }
378
83e86606 379 if (attrs[TCA_FLOWER_KEY_FLAGS_MASK]) {
7e0f69b5
IS		 380 key->flags = ntohl(nl_attr_get_be32(attrs[TCA_FLOWER_KEY_FLAGS]));
381 mask->flags =
382 ntohl(nl_attr_get_be32(attrs[TCA_FLOWER_KEY_FLAGS_MASK]));
83e86606
RD		 383 }
384
f98e418f
RD		 385 if (attrs[TCA_FLOWER_KEY_IPV4_SRC_MASK]) {
386 key->ipv4.ipv4_src =
387 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_SRC]);
388 mask->ipv4.ipv4_src =
389 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_SRC_MASK]);
390 }
391 if (attrs[TCA_FLOWER_KEY_IPV4_DST_MASK]) {
392 key->ipv4.ipv4_dst =
393 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_DST]);
394 mask->ipv4.ipv4_dst =
395 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_DST_MASK]);
396 }
397 if (attrs[TCA_FLOWER_KEY_IPV6_SRC_MASK]) {
398 struct nlattr *attr = attrs[TCA_FLOWER_KEY_IPV6_SRC];
399 struct nlattr *attr_mask = attrs[TCA_FLOWER_KEY_IPV6_SRC_MASK];
400
401 key->ipv6.ipv6_src = nl_attr_get_in6_addr(attr);
402 mask->ipv6.ipv6_src = nl_attr_get_in6_addr(attr_mask);
403 }
404 if (attrs[TCA_FLOWER_KEY_IPV6_DST_MASK]) {
405 struct nlattr *attr = attrs[TCA_FLOWER_KEY_IPV6_DST];
406 struct nlattr *attr_mask = attrs[TCA_FLOWER_KEY_IPV6_DST_MASK];
407
408 key->ipv6.ipv6_dst = nl_attr_get_in6_addr(attr);
409 mask->ipv6.ipv6_dst = nl_attr_get_in6_addr(attr_mask);
410 }
411
412 if (ip_proto == IPPROTO_TCP) {
413 if (attrs[TCA_FLOWER_KEY_TCP_SRC_MASK]) {
2b1d9fa9 414 key->tcp_src =
f98e418f 415 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_SRC]);
2b1d9fa9 416 mask->tcp_src =
f98e418f
RD		 417 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_SRC_MASK]);
418 }
419 if (attrs[TCA_FLOWER_KEY_TCP_DST_MASK]) {
2b1d9fa9 420 key->tcp_dst =
f98e418f 421 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_DST]);
2b1d9fa9 422 mask->tcp_dst =
f98e418f
RD		 423 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_DST_MASK]);
424 }
cd081043
PB		 425 if (attrs[TCA_FLOWER_KEY_TCP_FLAGS_MASK]) {
426 key->tcp_flags =
427 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_FLAGS]);
428 mask->tcp_flags =
429 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_FLAGS_MASK]);
430 }
f98e418f
RD		 431 } else if (ip_proto == IPPROTO_UDP) {
432 if (attrs[TCA_FLOWER_KEY_UDP_SRC_MASK]) {
2b1d9fa9
PB		 433 key->udp_src = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_SRC]);
434 mask->udp_src =
f98e418f
RD		 435 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_SRC_MASK]);
436 }
437 if (attrs[TCA_FLOWER_KEY_UDP_DST_MASK]) {
2b1d9fa9
PB		 438 key->udp_dst = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_DST]);
439 mask->udp_dst =
f98e418f
RD		 440 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_DST_MASK]);
441 }
4862b4e5
VB		 442 } else if (ip_proto == IPPROTO_SCTP) {
443 if (attrs[TCA_FLOWER_KEY_SCTP_SRC_MASK]) {
2b1d9fa9
PB		 444 key->sctp_src = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_SRC]);
445 mask->sctp_src =
4862b4e5
VB		 446 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_SRC_MASK]);
447 }
448 if (attrs[TCA_FLOWER_KEY_SCTP_DST_MASK]) {
2b1d9fa9
PB		 449 key->sctp_dst = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_DST]);
450 mask->sctp_dst =
4862b4e5
VB		 451 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_DST_MASK]);
452 }
f98e418f 453 }
0b4b5203
PB		 454
455 if (attrs[TCA_FLOWER_KEY_IP_TTL_MASK]) {
456 key->ip_ttl = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_TTL]);
457 mask->ip_ttl = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_TTL_MASK]);
458 }
f98e418f
RD		 459}
460
8ada482b
PB		 461static const struct nl_policy pedit_policy[] = {
462 [TCA_PEDIT_PARMS_EX] = { .type = NL_A_UNSPEC,
463 .min_len = sizeof(struct tc_pedit),
464 .optional = false, },
465 [TCA_PEDIT_KEYS_EX] = { .type = NL_A_NESTED,
466 .optional = false, },
467};
468
469static int
470nl_parse_act_pedit(struct nlattr *options, struct tc_flower *flower)
471{
0c70132c 472 struct tc_action *action;
8ada482b
PB		 473 struct nlattr *pe_attrs[ARRAY_SIZE(pedit_policy)];
474 const struct tc_pedit *pe;
475 const struct tc_pedit_key *keys;
476 const struct nlattr *nla, *keys_ex, *ex_type;
477 const void *keys_attr;
478 char *rewrite_key = (void *) &flower->rewrite.key;
479 char *rewrite_mask = (void *) &flower->rewrite.mask;
480 size_t keys_ex_size, left;
d6118e62 481 int type, i = 0, err;
8ada482b
PB		 482
483 if (!nl_parse_nested(options, pedit_policy, pe_attrs,
484 ARRAY_SIZE(pedit_policy))) {
485 VLOG_ERR_RL(&error_rl, "failed to parse pedit action options");
486 return EPROTO;
487 }
488
489 pe = nl_attr_get_unspec(pe_attrs[TCA_PEDIT_PARMS_EX], sizeof *pe);
490 keys = pe->keys;
491 keys_attr = pe_attrs[TCA_PEDIT_KEYS_EX];
492 keys_ex = nl_attr_get(keys_attr);
493 keys_ex_size = nl_attr_get_size(keys_attr);
494
495 NL_ATTR_FOR_EACH (nla, left, keys_ex, keys_ex_size) {
496 if (i >= pe->nkeys) {
497 break;
498 }
499
408671c4 500 if (nl_attr_type(nla) != TCA_PEDIT_KEY_EX) {
8ada482b
PB		 501 VLOG_ERR_RL(&error_rl, "unable to parse legacy pedit type: %d",
502 nl_attr_type(nla));
503 return EOPNOTSUPP;
504 }
505
506 ex_type = nl_attr_find_nested(nla, TCA_PEDIT_KEY_EX_HTYPE);
507 type = nl_attr_get_u16(ex_type);
508
d6118e62
PB		 509 err = csum_update_flag(flower, type);
510 if (err) {
511 return err;
512 }
513
8ada482b
PB		 514 for (int j = 0; j < ARRAY_SIZE(flower_pedit_map); j++) {
515 struct flower_key_to_pedit *m = &flower_pedit_map[j];
516 int flower_off = m->flower_offset;
517 int sz = m->size;
518 int mf = m->offset;
519
520 if (m->htype != type) {
521 continue;
522 }
523
524 /* check overlap between current pedit key, which is always
525 * 4 bytes (range [off, off + 3]), and a map entry in
526 * flower_pedit_map (range [mf, mf + sz - 1]) */
527 if ((keys->off >= mf && keys->off < mf + sz)
528 || (keys->off + 3 >= mf && keys->off + 3 < mf + sz)) {
529 int diff = flower_off + (keys->off - mf);
530 uint32_t *dst = (void *) (rewrite_key + diff);
531 uint32_t *dst_m = (void *) (rewrite_mask + diff);
532 uint32_t mask = ~(keys->mask);
533 uint32_t zero_bits;
534
535 if (keys->off < mf) {
536 zero_bits = 8 * (mf - keys->off);
537 mask &= UINT32_MAX << zero_bits;
538 } else if (keys->off + 4 > mf + m->size) {
539 zero_bits = 8 * (keys->off + 4 - mf - m->size);
540 mask &= UINT32_MAX >> zero_bits;
541 }
542
543 *dst_m |= mask;
544 *dst |= keys->val & mask;
545 }
546 }
547
548 keys++;
549 i++;
550 }
551
0c70132c
CM		 552 action = &flower->actions[flower->action_count++];
553 action->type = TC_ACT_PEDIT;
8ada482b
PB		 554
555 return 0;
556}
557
f98e418f
RD		 558static const struct nl_policy tunnel_key_policy[] = {
559 [TCA_TUNNEL_KEY_PARMS] = { .type = NL_A_UNSPEC,
560 .min_len = sizeof(struct tc_tunnel_key),
561 .optional = false, },
562 [TCA_TUNNEL_KEY_ENC_IPV4_SRC] = { .type = NL_A_U32, .optional = true, },
563 [TCA_TUNNEL_KEY_ENC_IPV4_DST] = { .type = NL_A_U32, .optional = true, },
564 [TCA_TUNNEL_KEY_ENC_IPV6_SRC] = { .type = NL_A_UNSPEC,
565 .min_len = sizeof(struct in6_addr),
566 .optional = true, },
567 [TCA_TUNNEL_KEY_ENC_IPV6_DST] = { .type = NL_A_UNSPEC,
568 .min_len = sizeof(struct in6_addr),
569 .optional = true, },
570 [TCA_TUNNEL_KEY_ENC_KEY_ID] = { .type = NL_A_U32, .optional = true, },
571 [TCA_TUNNEL_KEY_ENC_DST_PORT] = { .type = NL_A_U16, .optional = true, },
572};
573
574static int
575nl_parse_act_tunnel_key(struct nlattr *options, struct tc_flower *flower)
576{
577 struct nlattr *tun_attrs[ARRAY_SIZE(tunnel_key_policy)];
578 const struct nlattr *tun_parms;
579 const struct tc_tunnel_key *tun;
0c70132c 580 struct tc_action *action;
f98e418f
RD		 581
582 if (!nl_parse_nested(options, tunnel_key_policy, tun_attrs,
583 ARRAY_SIZE(tunnel_key_policy))) {
584 VLOG_ERR_RL(&error_rl, "failed to parse tunnel_key action options");
585 return EPROTO;
586 }
587
588 tun_parms = tun_attrs[TCA_TUNNEL_KEY_PARMS];
589 tun = nl_attr_get_unspec(tun_parms, sizeof *tun);
590 if (tun->t_action == TCA_TUNNEL_KEY_ACT_SET) {
591 struct nlattr *id = tun_attrs[TCA_TUNNEL_KEY_ENC_KEY_ID];
592 struct nlattr *dst_port = tun_attrs[TCA_TUNNEL_KEY_ENC_DST_PORT];
593 struct nlattr *ipv4_src = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV4_SRC];
594 struct nlattr *ipv4_dst = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV4_DST];
595 struct nlattr *ipv6_src = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV6_SRC];
596 struct nlattr *ipv6_dst = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV6_DST];
597
0c70132c
CM		 598 action = &flower->actions[flower->action_count++];
599 action->type = TC_ACT_ENCAP;
600 action->encap.ipv4.ipv4_src = ipv4_src ? nl_attr_get_be32(ipv4_src) : 0;
601 action->encap.ipv4.ipv4_dst = ipv4_dst ? nl_attr_get_be32(ipv4_dst) : 0;
f98e418f 602 if (ipv6_src) {
0c70132c 603 action->encap.ipv6.ipv6_src = nl_attr_get_in6_addr(ipv6_src);
f98e418f
RD		 604 }
605 if (ipv6_dst) {
0c70132c 606 action->encap.ipv6.ipv6_dst = nl_attr_get_in6_addr(ipv6_dst);
f98e418f 607 }
0c70132c
CM		 608 action->encap.id = id ? be32_to_be64(nl_attr_get_be32(id)) : 0;
609 action->encap.tp_dst = dst_port ? nl_attr_get_be16(dst_port) : 0;
f98e418f
RD		 610 } else if (tun->t_action == TCA_TUNNEL_KEY_ACT_RELEASE) {
611 flower->tunnel.tunnel = true;
612 } else {
613 VLOG_ERR_RL(&error_rl, "unknown tunnel actions: %d, %d",
614 tun->action, tun->t_action);
615 return EINVAL;
616 }
617 return 0;
618}
619
620static const struct nl_policy gact_policy[] = {
621 [TCA_GACT_PARMS] = { .type = NL_A_UNSPEC,
622 .min_len = sizeof(struct tc_gact),
623 .optional = false, },
624 [TCA_GACT_TM] = { .type = NL_A_UNSPEC,
625 .min_len = sizeof(struct tcf_t),
626 .optional = false, },
627};
628
8c1e74d1
PB		 629static int
630get_user_hz(void)
631{
632 static struct ovsthread_once once = OVSTHREAD_ONCE_INITIALIZER;
633 static int user_hz = 100;
634
635 if (ovsthread_once_start(&once)) {
636 user_hz = sysconf(_SC_CLK_TCK);
637 ovsthread_once_done(&once);
638 }
639
640 return user_hz;
641}
f98e418f
RD		 642
643static void
644nl_parse_tcf(const struct tcf_t *tm, struct tc_flower *flower)
645{
8c1e74d1 646 flower->lastused = time_msec() - (tm->lastuse * 1000 / get_user_hz());
f98e418f
RD		 647}
648
649static int
650nl_parse_act_drop(struct nlattr *options, struct tc_flower *flower)
651{
652 struct nlattr *gact_attrs[ARRAY_SIZE(gact_policy)];
653 const struct tc_gact *p;
654 struct nlattr *gact_parms;
655 const struct tcf_t *tm;
656
657 if (!nl_parse_nested(options, gact_policy, gact_attrs,
658 ARRAY_SIZE(gact_policy))) {
659 VLOG_ERR_RL(&error_rl, "failed to parse gact action options");
660 return EPROTO;
661 }
662
663 gact_parms = gact_attrs[TCA_GACT_PARMS];
664 p = nl_attr_get_unspec(gact_parms, sizeof *p);
665
666 if (p->action != TC_ACT_SHOT) {
667 VLOG_ERR_RL(&error_rl, "unknown gact action: %d", p->action);
668 return EINVAL;
669 }
670
671 tm = nl_attr_get_unspec(gact_attrs[TCA_GACT_TM], sizeof *tm);
672 nl_parse_tcf(tm, flower);
673
674 return 0;
675}
676
677static const struct nl_policy mirred_policy[] = {
678 [TCA_MIRRED_PARMS] = { .type = NL_A_UNSPEC,
679 .min_len = sizeof(struct tc_mirred),
680 .optional = false, },
681 [TCA_MIRRED_TM] = { .type = NL_A_UNSPEC,
682 .min_len = sizeof(struct tcf_t),
683 .optional = false, },
684};
685
686static int
687nl_parse_act_mirred(struct nlattr *options, struct tc_flower *flower)
688{
689
690 struct nlattr *mirred_attrs[ARRAY_SIZE(mirred_policy)];
691 const struct tc_mirred *m;
692 const struct nlattr *mirred_parms;
693 const struct tcf_t *tm;
694 struct nlattr *mirred_tm;
0c70132c 695 struct tc_action *action;
f98e418f
RD		 696
697 if (!nl_parse_nested(options, mirred_policy, mirred_attrs,
698 ARRAY_SIZE(mirred_policy))) {
699 VLOG_ERR_RL(&error_rl, "failed to parse mirred action options");
700 return EPROTO;
701 }
702
703 mirred_parms = mirred_attrs[TCA_MIRRED_PARMS];
704 m = nl_attr_get_unspec(mirred_parms, sizeof *m);
705
0c70132c 706 if (m->eaction != TCA_EGRESS_REDIR && m->eaction != TCA_EGRESS_MIRROR) {
f98e418f 707 VLOG_ERR_RL(&error_rl, "unknown mirred action: %d, %d, %d",
0c70132c 708 m->action, m->eaction, m->ifindex);
f98e418f
RD		 709 return EINVAL;
710 }
711
0c70132c
CM		 712 action = &flower->actions[flower->action_count++];
713 action->ifindex_out = m->ifindex;
714 action->type = TC_ACT_OUTPUT;
f98e418f
RD		 715
716 mirred_tm = mirred_attrs[TCA_MIRRED_TM];
717 tm = nl_attr_get_unspec(mirred_tm, sizeof *tm);
718 nl_parse_tcf(tm, flower);
719
720 return 0;
721}
722
723static const struct nl_policy vlan_policy[] = {
724 [TCA_VLAN_PARMS] = { .type = NL_A_UNSPEC,
725 .min_len = sizeof(struct tc_vlan),
726 .optional = false, },
727 [TCA_VLAN_PUSH_VLAN_ID] = { .type = NL_A_U16, .optional = true, },
728 [TCA_VLAN_PUSH_VLAN_PROTOCOL] = { .type = NL_A_U16, .optional = true, },
729 [TCA_VLAN_PUSH_VLAN_PRIORITY] = { .type = NL_A_U8, .optional = true, },
730};
731
732static int
733nl_parse_act_vlan(struct nlattr *options, struct tc_flower *flower)
734{
735 struct nlattr *vlan_attrs[ARRAY_SIZE(vlan_policy)];
736 const struct tc_vlan *v;
737 const struct nlattr *vlan_parms;
0c70132c 738 struct tc_action *action;
f98e418f
RD		 739
740 if (!nl_parse_nested(options, vlan_policy, vlan_attrs,
741 ARRAY_SIZE(vlan_policy))) {
742 VLOG_ERR_RL(&error_rl, "failed to parse vlan action options");
743 return EPROTO;
744 }
745
0c70132c 746 action = &flower->actions[flower->action_count++];
f98e418f
RD		 747 vlan_parms = vlan_attrs[TCA_VLAN_PARMS];
748 v = nl_attr_get_unspec(vlan_parms, sizeof *v);
749 if (v->v_action == TCA_VLAN_ACT_PUSH) {
750 struct nlattr *vlan_id = vlan_attrs[TCA_VLAN_PUSH_VLAN_ID];
751 struct nlattr *vlan_prio = vlan_attrs[TCA_VLAN_PUSH_VLAN_PRIORITY];
752
0c70132c
CM		 753 action->vlan.vlan_push_id = nl_attr_get_u16(vlan_id);
754 action->vlan.vlan_push_prio = vlan_prio ? nl_attr_get_u8(vlan_prio) : 0;
755 action->type = TC_ACT_VLAN_PUSH;
f98e418f 756 } else if (v->v_action == TCA_VLAN_ACT_POP) {
0c70132c 757 action->type = TC_ACT_VLAN_POP;
f98e418f
RD		 758 } else {
759 VLOG_ERR_RL(&error_rl, "unknown vlan action: %d, %d",
760 v->action, v->v_action);
761 return EINVAL;
762 }
763 return 0;
764}
765
d6118e62
PB		 766static const struct nl_policy csum_policy[] = {
767 [TCA_CSUM_PARMS] = { .type = NL_A_UNSPEC,
768 .min_len = sizeof(struct tc_csum),
769 .optional = false, },
770};
771
772static int
773nl_parse_act_csum(struct nlattr *options, struct tc_flower *flower)
774{
775 struct nlattr *csum_attrs[ARRAY_SIZE(csum_policy)];
776 const struct tc_csum *c;
777 const struct nlattr *csum_parms;
778
779 if (!nl_parse_nested(options, csum_policy, csum_attrs,
780 ARRAY_SIZE(csum_policy))) {
781 VLOG_ERR_RL(&error_rl, "failed to parse csum action options");
782 return EPROTO;
783 }
784
785 csum_parms = csum_attrs[TCA_CSUM_PARMS];
786 c = nl_attr_get_unspec(csum_parms, sizeof *c);
787
788 /* sanity checks */
789 if (c->update_flags != flower->csum_update_flags) {
790 VLOG_WARN_RL(&error_rl,
791 "expected different act csum flags: 0x%x != 0x%x",
792 flower->csum_update_flags, c->update_flags);
793 return EINVAL;
794 }
795 flower->csum_update_flags = 0; /* so we know csum was handled */
796
797 if (flower->needs_full_ip_proto_mask
798 && flower->mask.ip_proto != UINT8_MAX) {
799 VLOG_WARN_RL(&error_rl, "expected full matching on flower ip_proto");
800 return EINVAL;
801 }
802
803 return 0;
804}
805
f98e418f
RD		 806static const struct nl_policy act_policy[] = {
807 [TCA_ACT_KIND] = { .type = NL_A_STRING, .optional = false, },
808 [TCA_ACT_COOKIE] = { .type = NL_A_UNSPEC, .optional = true, },
809 [TCA_ACT_OPTIONS] = { .type = NL_A_NESTED, .optional = false, },
810 [TCA_ACT_STATS] = { .type = NL_A_NESTED, .optional = false, },
811};
812
813static const struct nl_policy stats_policy[] = {
814 [TCA_STATS_BASIC] = { .type = NL_A_UNSPEC,
815 .min_len = sizeof(struct gnet_stats_basic),
816 .optional = false, },
817};
818
819static int
820nl_parse_single_action(struct nlattr *action, struct tc_flower *flower)
821{
822 struct nlattr *act_options;
823 struct nlattr *act_stats;
824 struct nlattr *act_cookie;
825 const char *act_kind;
826 struct nlattr *action_attrs[ARRAY_SIZE(act_policy)];
827 struct nlattr *stats_attrs[ARRAY_SIZE(stats_policy)];
828 struct ovs_flow_stats *stats = &flower->stats;
829 const struct gnet_stats_basic *bs;
40c5aa11 830 int err = 0;
f98e418f
RD		 831
832 if (!nl_parse_nested(action, act_policy, action_attrs,
833 ARRAY_SIZE(act_policy))) {
834 VLOG_ERR_RL(&error_rl, "failed to parse single action options");
835 return EPROTO;
836 }
837
838 act_kind = nl_attr_get_string(action_attrs[TCA_ACT_KIND]);
839 act_options = action_attrs[TCA_ACT_OPTIONS];
840 act_cookie = action_attrs[TCA_ACT_COOKIE];
841
842 if (!strcmp(act_kind, "gact")) {
40c5aa11 843 err = nl_parse_act_drop(act_options, flower);
f98e418f 844 } else if (!strcmp(act_kind, "mirred")) {
40c5aa11 845 err = nl_parse_act_mirred(act_options, flower);
f98e418f 846 } else if (!strcmp(act_kind, "vlan")) {
40c5aa11 847 err = nl_parse_act_vlan(act_options, flower);
f98e418f 848 } else if (!strcmp(act_kind, "tunnel_key")) {
40c5aa11 849 err = nl_parse_act_tunnel_key(act_options, flower);
8ada482b 850 } else if (!strcmp(act_kind, "pedit")) {
40c5aa11 851 err = nl_parse_act_pedit(act_options, flower);
8ada482b 852 } else if (!strcmp(act_kind, "csum")) {
d6118e62 853 nl_parse_act_csum(act_options, flower);
f98e418f
RD		 854 } else {
855 VLOG_ERR_RL(&error_rl, "unknown tc action kind: %s", act_kind);
40c5aa11
RD		 856 err = EINVAL;
857 }
858
859 if (err) {
860 return err;
f98e418f
RD		 861 }
862
863 if (act_cookie) {
864 flower->act_cookie.data = nl_attr_get(act_cookie);
865 flower->act_cookie.len = nl_attr_get_size(act_cookie);
866 }
867
868 act_stats = action_attrs[TCA_ACT_STATS];
869
870 if (!nl_parse_nested(act_stats, stats_policy, stats_attrs,
871 ARRAY_SIZE(stats_policy))) {
872 VLOG_ERR_RL(&error_rl, "failed to parse action stats policy");
873 return EPROTO;
874 }
875
876 bs = nl_attr_get_unspec(stats_attrs[TCA_STATS_BASIC], sizeof *bs);
877 put_32aligned_u64(&stats->n_packets, bs->packets);
878 put_32aligned_u64(&stats->n_bytes, bs->bytes);
879
880 return 0;
881}
882
883#define TCA_ACT_MIN_PRIO 1
884
885static int
886nl_parse_flower_actions(struct nlattr **attrs, struct tc_flower *flower)
887{
888 const struct nlattr *actions = attrs[TCA_FLOWER_ACT];
889 static struct nl_policy actions_orders_policy[TCA_ACT_MAX_PRIO + 1] = {};
890 struct nlattr *actions_orders[ARRAY_SIZE(actions_orders_policy)];
891 const int max_size = ARRAY_SIZE(actions_orders_policy);
892
893 for (int i = TCA_ACT_MIN_PRIO; i < max_size; i++) {
894 actions_orders_policy[i].type = NL_A_NESTED;
895 actions_orders_policy[i].optional = true;
896 }
897
898 if (!nl_parse_nested(actions, actions_orders_policy, actions_orders,
899 ARRAY_SIZE(actions_orders_policy))) {
900 VLOG_ERR_RL(&error_rl, "failed to parse flower order of actions");
901 return EPROTO;
902 }
903
904 for (int i = TCA_ACT_MIN_PRIO; i < max_size; i++) {
905 if (actions_orders[i]) {
0c70132c
CM		 906 int err;
907
908 if (flower->action_count >= TCA_ACT_MAX_PRIO) {
909 VLOG_DBG_RL(&error_rl, "Can only support %d actions", flower->action_count);
910 return EOPNOTSUPP;
911 }
912 err = nl_parse_single_action(actions_orders[i], flower);
f98e418f
RD		 913
914 if (err) {
915 return err;
916 }
917 }
918 }
919
d6118e62
PB		 920 if (flower->csum_update_flags) {
921 VLOG_WARN_RL(&error_rl,
922 "expected act csum with flags: 0x%x",
923 flower->csum_update_flags);
924 return EINVAL;
925 }
926
f98e418f
RD		 927 return 0;
928}
929
930static int
931nl_parse_flower_options(struct nlattr *nl_options, struct tc_flower *flower)
932{
933 struct nlattr *attrs[ARRAY_SIZE(tca_flower_policy)];
934
935 if (!nl_parse_nested(nl_options, tca_flower_policy,
936 attrs, ARRAY_SIZE(tca_flower_policy))) {
937 VLOG_ERR_RL(&error_rl, "failed to parse flower classifier options");
938 return EPROTO;
939 }
940
941 nl_parse_flower_eth(attrs, flower);
942 nl_parse_flower_vlan(attrs, flower);
943 nl_parse_flower_ip(attrs, flower);
944 nl_parse_flower_tunnel(attrs, flower);
945 return nl_parse_flower_actions(attrs, flower);
946}
947
948int
949parse_netlink_to_tc_flower(struct ofpbuf *reply, struct tc_flower *flower)
950{
951 struct tcmsg *tc;
952 struct nlattr *ta[ARRAY_SIZE(tca_policy)];
953 const char *kind;
954
955 if (NLMSG_HDRLEN + sizeof *tc > reply->size) {
956 return EPROTO;
957 }
958
959 memset(flower, 0, sizeof *flower);
960
961 tc = ofpbuf_at_assert(reply, NLMSG_HDRLEN, sizeof *tc);
962 flower->handle = tc->tcm_handle;
963 flower->key.eth_type = (OVS_FORCE ovs_be16) tc_get_minor(tc->tcm_info);
964 flower->mask.eth_type = OVS_BE16_MAX;
965 flower->prio = tc_get_major(tc->tcm_info);
966
967 if (!flower->handle) {
968 return EAGAIN;
969 }
970
971 if (!nl_policy_parse(reply, NLMSG_HDRLEN + sizeof *tc,
972 tca_policy, ta, ARRAY_SIZE(ta))) {
973 VLOG_ERR_RL(&error_rl, "failed to parse tca policy");
974 return EPROTO;
975 }
976
977 kind = nl_attr_get_string(ta[TCA_KIND]);
978 if (strcmp(kind, "flower")) {
763e120d 979 VLOG_DBG_ONCE("Unsupported filter: %s", kind);
f98e418f
RD		 980 return EPROTO;
981 }
982
983 return nl_parse_flower_options(ta[TCA_OPTIONS], flower);
984}
985
986int
987tc_dump_flower_start(int ifindex, struct nl_dump *dump)
988{
989 struct ofpbuf request;
990 struct tcmsg *tcmsg;
991
992 tcmsg = tc_make_request(ifindex, RTM_GETTFILTER, NLM_F_DUMP, &request);
993 tcmsg->tcm_parent = TC_INGRESS_PARENT;
994 tcmsg->tcm_info = TC_H_UNSPEC;
995 tcmsg->tcm_handle = 0;
996
997 nl_dump_start(dump, NETLINK_ROUTE, &request);
998 ofpbuf_uninit(&request);
999
1000 return 0;
1001}
1002
1003int
1004tc_flush(int ifindex)
1005{
1006 struct ofpbuf request;
1007 struct tcmsg *tcmsg;
1008
1009 tcmsg = tc_make_request(ifindex, RTM_DELTFILTER, NLM_F_ACK, &request);
1010 tcmsg->tcm_parent = TC_INGRESS_PARENT;
1011 tcmsg->tcm_info = TC_H_UNSPEC;
1012
1013 return tc_transact(&request, NULL);
1014}
1015
1016int
1017tc_del_filter(int ifindex, int prio, int handle)
1018{
1019 struct ofpbuf request;
1020 struct tcmsg *tcmsg;
1021 struct ofpbuf *reply;
1022 int error;
1023
1024 tcmsg = tc_make_request(ifindex, RTM_DELTFILTER, NLM_F_ECHO, &request);
1025 tcmsg->tcm_parent = TC_INGRESS_PARENT;
1026 tcmsg->tcm_info = tc_make_handle(prio, 0);
1027 tcmsg->tcm_handle = handle;
1028
1029 error = tc_transact(&request, &reply);
1030 if (!error) {
1031 ofpbuf_delete(reply);
1032 }
1033 return error;
1034}
1035
1036int
1037tc_get_flower(int ifindex, int prio, int handle, struct tc_flower *flower)
1038{
1039 struct ofpbuf request;
1040 struct tcmsg *tcmsg;
1041 struct ofpbuf *reply;
1042 int error;
1043
1044 tcmsg = tc_make_request(ifindex, RTM_GETTFILTER, NLM_F_ECHO, &request);
1045 tcmsg->tcm_parent = TC_INGRESS_PARENT;
1046 tcmsg->tcm_info = tc_make_handle(prio, 0);
1047 tcmsg->tcm_handle = handle;
1048
1049 error = tc_transact(&request, &reply);
1050 if (error) {
1051 return error;
1052 }
1053
1054 error = parse_netlink_to_tc_flower(reply, flower);
1055 ofpbuf_delete(reply);
1056 return error;
1057}
1058
691d20cb
PB		 1059static int
1060tc_get_tc_cls_policy(enum tc_offload_policy policy)
1061{
1062 if (policy == TC_POLICY_SKIP_HW) {
1063 return TCA_CLS_FLAGS_SKIP_HW;
1064 } else if (policy == TC_POLICY_SKIP_SW) {
1065 return TCA_CLS_FLAGS_SKIP_SW;
1066 }
1067
1068 return 0;
1069}
1070
8ada482b
PB		 1071static void
1072nl_msg_put_act_csum(struct ofpbuf *request, uint32_t flags)
1073{
1074 size_t offset;
1075
1076 nl_msg_put_string(request, TCA_ACT_KIND, "csum");
1077 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1078 {
1079 struct tc_csum parm = { .action = TC_ACT_PIPE,
1080 .update_flags = flags };
1081
1082 nl_msg_put_unspec(request, TCA_CSUM_PARMS, &parm, sizeof parm);
1083 }
1084 nl_msg_end_nested(request, offset);
1085}
1086
1087static void
1088nl_msg_put_act_pedit(struct ofpbuf *request, struct tc_pedit *parm,
1089 struct tc_pedit_key_ex *ex)
1090{
e13bbbab 1091 size_t ksize = sizeof *parm + parm->nkeys * sizeof(struct tc_pedit_key);
8ada482b
PB		 1092 size_t offset, offset_keys_ex, offset_key;
1093 int i;
1094
1095 nl_msg_put_string(request, TCA_ACT_KIND, "pedit");
1096 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1097 {
1098 parm->action = TC_ACT_PIPE;
1099
1100 nl_msg_put_unspec(request, TCA_PEDIT_PARMS_EX, parm, ksize);
1101 offset_keys_ex = nl_msg_start_nested(request, TCA_PEDIT_KEYS_EX);
1102 for (i = 0; i < parm->nkeys; i++, ex++) {
1103 offset_key = nl_msg_start_nested(request, TCA_PEDIT_KEY_EX);
1104 nl_msg_put_u16(request, TCA_PEDIT_KEY_EX_HTYPE, ex->htype);
1105 nl_msg_put_u16(request, TCA_PEDIT_KEY_EX_CMD, ex->cmd);
1106 nl_msg_end_nested(request, offset_key);
1107 }
1108 nl_msg_end_nested(request, offset_keys_ex);
1109 }
1110 nl_msg_end_nested(request, offset);
1111}
1112
f98e418f
RD		 1113static void
1114nl_msg_put_act_push_vlan(struct ofpbuf *request, uint16_t vid, uint8_t prio)
1115{
1116 size_t offset;
1117
1118 nl_msg_put_string(request, TCA_ACT_KIND, "vlan");
1119 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1120 {
1121 struct tc_vlan parm = { .action = TC_ACT_PIPE,
1122 .v_action = TCA_VLAN_ACT_PUSH };
1123
1124 nl_msg_put_unspec(request, TCA_VLAN_PARMS, &parm, sizeof parm);
1125 nl_msg_put_u16(request, TCA_VLAN_PUSH_VLAN_ID, vid);
1126 nl_msg_put_u8(request, TCA_VLAN_PUSH_VLAN_PRIORITY, prio);
1127 }
1128 nl_msg_end_nested(request, offset);
1129}
1130
1131static void
1132nl_msg_put_act_pop_vlan(struct ofpbuf *request)
1133{
1134 size_t offset;
1135
1136 nl_msg_put_string(request, TCA_ACT_KIND, "vlan");
1137 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1138 {
1139 struct tc_vlan parm = { .action = TC_ACT_PIPE,
1140 .v_action = TCA_VLAN_ACT_POP };
1141
1142 nl_msg_put_unspec(request, TCA_VLAN_PARMS, &parm, sizeof parm);
1143 }
1144 nl_msg_end_nested(request, offset);
1145}
1146
1147static void
1148nl_msg_put_act_tunnel_key_release(struct ofpbuf *request)
1149{
1150 size_t offset;
1151
1152 nl_msg_put_string(request, TCA_ACT_KIND, "tunnel_key");
1153 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1154 {
1155 struct tc_tunnel_key tun = { .action = TC_ACT_PIPE,
1156 .t_action = TCA_TUNNEL_KEY_ACT_RELEASE };
1157
1158 nl_msg_put_unspec(request, TCA_TUNNEL_KEY_PARMS, &tun, sizeof tun);
1159 }
1160 nl_msg_end_nested(request, offset);
1161}
1162
1163static void
1164nl_msg_put_act_tunnel_key_set(struct ofpbuf *request, ovs_be64 id,
1165 ovs_be32 ipv4_src, ovs_be32 ipv4_dst,
1166 struct in6_addr *ipv6_src,
1167 struct in6_addr *ipv6_dst,
1168 ovs_be16 tp_dst)
1169{
1170 size_t offset;
1171
1172 nl_msg_put_string(request, TCA_ACT_KIND, "tunnel_key");
1173 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1174 {
1175 struct tc_tunnel_key tun = { .action = TC_ACT_PIPE,
1176 .t_action = TCA_TUNNEL_KEY_ACT_SET };
1177
1178 nl_msg_put_unspec(request, TCA_TUNNEL_KEY_PARMS, &tun, sizeof tun);
1179
1180 ovs_be32 id32 = be64_to_be32(id);
1181 nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_KEY_ID, id32);
1182 if (ipv4_dst) {
1183 nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_IPV4_SRC, ipv4_src);
1184 nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_IPV4_DST, ipv4_dst);
1185 } else if (!is_all_zeros(ipv6_dst, sizeof *ipv6_dst)) {
1186 nl_msg_put_in6_addr(request, TCA_TUNNEL_KEY_ENC_IPV6_DST,
1187 ipv6_dst);
1188 nl_msg_put_in6_addr(request, TCA_TUNNEL_KEY_ENC_IPV6_SRC,
1189 ipv6_src);
1190 }
1191 nl_msg_put_be16(request, TCA_TUNNEL_KEY_ENC_DST_PORT, tp_dst);
1192 }
1193 nl_msg_end_nested(request, offset);
1194}
1195
1196static void
1197nl_msg_put_act_drop(struct ofpbuf *request)
1198{
1199 size_t offset;
1200
1201 nl_msg_put_string(request, TCA_ACT_KIND, "gact");
1202 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1203 {
1204 struct tc_gact p = { .action = TC_ACT_SHOT };
1205
1206 nl_msg_put_unspec(request, TCA_GACT_PARMS, &p, sizeof p);
1207 }
1208 nl_msg_end_nested(request, offset);
1209}
1210
1211static void
1212nl_msg_put_act_redirect(struct ofpbuf *request, int ifindex)
1213{
1214 size_t offset;
1215
1216 nl_msg_put_string(request, TCA_ACT_KIND, "mirred");
1217 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1218 {
1219 struct tc_mirred m = { .action = TC_ACT_STOLEN,
1220 .eaction = TCA_EGRESS_REDIR,
1221 .ifindex = ifindex };
1222
1223 nl_msg_put_unspec(request, TCA_MIRRED_PARMS, &m, sizeof m);
1224 }
1225 nl_msg_end_nested(request, offset);
1226}
1227
1228static inline void
1229nl_msg_put_act_cookie(struct ofpbuf *request, struct tc_cookie *ck) {
1230 if (ck->len) {
1231 nl_msg_put_unspec(request, TCA_ACT_COOKIE, ck->data, ck->len);
1232 }
1233}
1234
8ada482b
PB		 1235/* Given flower, a key_to_pedit map entry, calculates the rest,
1236 * where:
1237 *
1238 * mask, data - pointers of where read the first word of flower->key/mask.
1239 * current_offset - which offset to use for the first pedit action.
1240 * cnt - max pedits actions to use.
1241 * first_word_mask/last_word_mask - the mask to use for the first/last read
1242 * (as we read entire words). */
f98e418f 1243static void
8ada482b
PB		 1244calc_offsets(struct tc_flower *flower, struct flower_key_to_pedit *m,
1245 int *cur_offset, int *cnt, uint32_t *last_word_mask,
1246 uint32_t *first_word_mask, uint32_t **mask, uint32_t **data)
1247{
1248 int start_offset, max_offset, total_size;
1249 int diff, right_zero_bits, left_zero_bits;
1250 char *rewrite_key = (void *) &flower->rewrite.key;
1251 char *rewrite_mask = (void *) &flower->rewrite.mask;
1252
1253 max_offset = m->offset + m->size;
1254 start_offset = ROUND_DOWN(m->offset, 4);
1255 diff = m->offset - start_offset;
1256 total_size = max_offset - start_offset;
1257 right_zero_bits = 8 * (4 - (max_offset % 4));
1258 left_zero_bits = 8 * (m->offset - start_offset);
1259
1260 *cur_offset = start_offset;
1261 *cnt = (total_size / 4) + (total_size % 4 ? 1 : 0);
1262 *last_word_mask = UINT32_MAX >> right_zero_bits;
1263 *first_word_mask = UINT32_MAX << left_zero_bits;
1264 *data = (void *) (rewrite_key + m->flower_offset - diff);
1265 *mask = (void *) (rewrite_mask + m->flower_offset - diff);
1266}
1267
d6118e62 1268static inline int
8ada482b
PB		 1269csum_update_flag(struct tc_flower *flower,
1270 enum pedit_header_type htype) {
d6118e62
PB		 1271 /* Explictily specifiy the csum flags so HW can return EOPNOTSUPP
1272 * if it doesn't support a checksum recalculation of some headers.
1273 * And since OVS allows a flow such as
1274 * eth(dst=<mac>),eth_type(0x0800) actions=set(ipv4(src=<new_ip>))
1275 * we need to force a more specific flow as this can, for example,
1276 * need a recalculation of icmp checksum if the packet that passes
1277 * is icmp and tcp checksum if its tcp. */
1278
1279 switch (htype) {
1280 case TCA_PEDIT_KEY_EX_HDR_TYPE_IP4:
8ada482b 1281 flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_IPV4HDR;
eeb0ca88 1282 /* Fall through. */
d6118e62
PB		 1283 case TCA_PEDIT_KEY_EX_HDR_TYPE_IP6:
1284 case TCA_PEDIT_KEY_EX_HDR_TYPE_TCP:
1285 case TCA_PEDIT_KEY_EX_HDR_TYPE_UDP:
8ada482b 1286 if (flower->key.ip_proto == IPPROTO_TCP) {
d6118e62 1287 flower->needs_full_ip_proto_mask = true;
8ada482b
PB		 1288 flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_TCP;
1289 } else if (flower->key.ip_proto == IPPROTO_UDP) {
d6118e62 1290 flower->needs_full_ip_proto_mask = true;
8ada482b
PB		 1291 flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_UDP;
1292 } else if (flower->key.ip_proto == IPPROTO_ICMP
1293 || flower->key.ip_proto == IPPROTO_ICMPV6) {
d6118e62 1294 flower->needs_full_ip_proto_mask = true;
8ada482b 1295 flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_ICMP;
d6118e62
PB		 1296 } else {
1297 VLOG_WARN_RL(&error_rl,
1298 "can't offload rewrite of IP/IPV6 with ip_proto: %d",
1299 flower->key.ip_proto);
1300 break;
8ada482b 1301 }
eeb0ca88 1302 /* Fall through. */
d6118e62
PB		 1303 case TCA_PEDIT_KEY_EX_HDR_TYPE_ETH:
1304 return 0; /* success */
1305
1306 case TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK:
1307 case __PEDIT_HDR_TYPE_MAX:
1308 default:
1309 break;
8ada482b 1310 }
d6118e62
PB		 1311
1312 return EOPNOTSUPP;
8ada482b
PB		 1313}
1314
1315static int
1316nl_msg_put_flower_rewrite_pedits(struct ofpbuf *request,
1317 struct tc_flower *flower)
1318{
1319 struct {
1320 struct tc_pedit sel;
1321 struct tc_pedit_key keys[MAX_PEDIT_OFFSETS];
1322 struct tc_pedit_key_ex keys_ex[MAX_PEDIT_OFFSETS];
1323 } sel = {
1324 .sel = {
1325 .nkeys = 0
1326 }
1327 };
d6118e62 1328 int i, j, err;
8ada482b
PB		 1329
1330 for (i = 0; i < ARRAY_SIZE(flower_pedit_map); i++) {
1331 struct flower_key_to_pedit *m = &flower_pedit_map[i];
1332 struct tc_pedit_key *pedit_key = NULL;
1333 struct tc_pedit_key_ex *pedit_key_ex = NULL;
1334 uint32_t *mask, *data, first_word_mask, last_word_mask;
1335 int cnt = 0, cur_offset = 0;
1336
1337 if (!m->size) {
1338 continue;
1339 }
1340
1341 calc_offsets(flower, m, &cur_offset, &cnt, &last_word_mask,
1342 &first_word_mask, &mask, &data);
1343
1344 for (j = 0; j < cnt; j++, mask++, data++, cur_offset += 4) {
1345 uint32_t mask_word = *mask;
1346
1347 if (j == 0) {
1348 mask_word &= first_word_mask;
1349 }
1350 if (j == cnt - 1) {
1351 mask_word &= last_word_mask;
1352 }
1353 if (!mask_word) {
1354 continue;
1355 }
1356 if (sel.sel.nkeys == MAX_PEDIT_OFFSETS) {
1357 VLOG_WARN_RL(&error_rl, "reached too many pedit offsets: %d",
1358 MAX_PEDIT_OFFSETS);
1359 return EOPNOTSUPP;
1360 }
1361
1362 pedit_key = &sel.keys[sel.sel.nkeys];
1363 pedit_key_ex = &sel.keys_ex[sel.sel.nkeys];
1364 pedit_key_ex->cmd = TCA_PEDIT_KEY_EX_CMD_SET;
1365 pedit_key_ex->htype = m->htype;
1366 pedit_key->off = cur_offset;
1367 pedit_key->mask = ~mask_word;
1368 pedit_key->val = *data & mask_word;
1369 sel.sel.nkeys++;
d6118e62
PB		 1370
1371 err = csum_update_flag(flower, m->htype);
1372 if (err) {
1373 return err;
1374 }
1375
1376 if (flower->needs_full_ip_proto_mask) {
1377 flower->mask.ip_proto = UINT8_MAX;
1378 }
8ada482b
PB		 1379 }
1380 }
1381 nl_msg_put_act_pedit(request, &sel.sel, sel.keys_ex);
1382
1383 return 0;
1384}
1385
1386static int
f98e418f
RD		 1387nl_msg_put_flower_acts(struct ofpbuf *request, struct tc_flower *flower)
1388{
1389 size_t offset;
1390 size_t act_offset;
0c70132c
CM		 1391 uint16_t act_index = 1;
1392 struct tc_action *action;
1393 int i, ifindex = 0;
f98e418f
RD		 1394
1395 offset = nl_msg_start_nested(request, TCA_FLOWER_ACT);
1396 {
8ada482b
PB		 1397 int error;
1398
0c70132c 1399 if (flower->tunnel.tunnel) {
8ada482b 1400 act_offset = nl_msg_start_nested(request, act_index++);
0c70132c 1401 nl_msg_put_act_tunnel_key_release(request);
8ada482b 1402 nl_msg_end_nested(request, act_offset);
0c70132c 1403 }
f98e418f 1404
0c70132c
CM		 1405 action = flower->actions;
1406 for (i = 0; i < flower->action_count; i++, action++) {
1407 switch (action->type) {
1408 case TC_ACT_PEDIT: {
a7ce5b85 1409 act_offset = nl_msg_start_nested(request, act_index++);
0c70132c
CM		 1410 error = nl_msg_put_flower_rewrite_pedits(request, flower);
1411 if (error) {
1412 return error;
1413 }
a7ce5b85 1414 nl_msg_end_nested(request, act_offset);
0c70132c
CM		 1415
1416 if (flower->csum_update_flags) {
1417 act_offset = nl_msg_start_nested(request, act_index++);
1418 nl_msg_put_act_csum(request, flower->csum_update_flags);
1419 nl_msg_end_nested(request, act_offset);
1420 }
1421 }
1422 break;
1423 case TC_ACT_ENCAP: {
1424 act_offset = nl_msg_start_nested(request, act_index++);
1425 nl_msg_put_act_tunnel_key_set(request, action->encap.id,
1426 action->encap.ipv4.ipv4_src,
1427 action->encap.ipv4.ipv4_dst,
1428 &action->encap.ipv6.ipv6_src,
1429 &action->encap.ipv6.ipv6_dst,
1430 action->encap.tp_dst);
1431 nl_msg_end_nested(request, act_offset);
1432 }
1433 break;
1434 case TC_ACT_VLAN_POP: {
1435 act_offset = nl_msg_start_nested(request, act_index++);
1436 nl_msg_put_act_pop_vlan(request);
1437 nl_msg_end_nested(request, act_offset);
1438 }
1439 break;
1440 case TC_ACT_VLAN_PUSH: {
1441 act_offset = nl_msg_start_nested(request, act_index++);
1442 nl_msg_put_act_push_vlan(request,
1443 action->vlan.vlan_push_id,
1444 action->vlan.vlan_push_prio);
1445 nl_msg_end_nested(request, act_offset);
1446 }
1447 break;
1448 case TC_ACT_OUTPUT: {
1449 ifindex = action->ifindex_out;
1450 if (ifindex < 1) {
1451 VLOG_ERR_RL(&error_rl, "%s: invalid ifindex: %d, type: %d",
1452 __func__, ifindex, action->type);
1453 return EINVAL;
1454 }
1455 act_offset = nl_msg_start_nested(request, act_index++);
1456 nl_msg_put_act_redirect(request, ifindex);
1457 nl_msg_put_act_cookie(request, &flower->act_cookie);
1458 nl_msg_end_nested(request, act_offset);
1459 }
1460 break;
a7ce5b85 1461 }
8ada482b 1462 }
0c70132c
CM		 1463 }
1464 if (!ifindex) {
1465 act_offset = nl_msg_start_nested(request, act_index++);
1466 nl_msg_put_act_drop(request);
1467 nl_msg_put_act_cookie(request, &flower->act_cookie);
1468 nl_msg_end_nested(request, act_offset);
f98e418f
RD		 1469 }
1470 nl_msg_end_nested(request, offset);
8ada482b
PB		 1471
1472 return 0;
f98e418f
RD		 1473}
1474
1475static void
1476nl_msg_put_masked_value(struct ofpbuf *request, uint16_t type,
1477 uint16_t mask_type, const void *data,
1478 const void *mask_data, size_t len)
1479{
1480 if (mask_type != TCA_FLOWER_UNSPEC) {
1481 if (is_all_zeros(mask_data, len)) {
1482 return;
1483 }
1484 nl_msg_put_unspec(request, mask_type, mask_data, len);
1485 }
1486 nl_msg_put_unspec(request, type, data, len);
1487}
1488
1489static void
1490nl_msg_put_flower_tunnel(struct ofpbuf *request, struct tc_flower *flower)
1491{
1492 ovs_be32 ipv4_src = flower->tunnel.ipv4.ipv4_src;
1493 ovs_be32 ipv4_dst = flower->tunnel.ipv4.ipv4_dst;
1494 struct in6_addr *ipv6_src = &flower->tunnel.ipv6.ipv6_src;
1495 struct in6_addr *ipv6_dst = &flower->tunnel.ipv6.ipv6_dst;
1496 ovs_be16 tp_dst = flower->tunnel.tp_dst;
1497 ovs_be32 id = be64_to_be32(flower->tunnel.id);
1498
1499 nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_KEY_ID, id);
1500 if (ipv4_dst) {
1501 nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_IPV4_SRC, ipv4_src);
1502 nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_IPV4_DST, ipv4_dst);
1503 } else if (!is_all_zeros(ipv6_dst, sizeof *ipv6_dst)) {
1504 nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_SRC, ipv6_src);
1505 nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_DST, ipv6_dst);
1506 }
1507 nl_msg_put_be16(request, TCA_FLOWER_KEY_ENC_UDP_DST_PORT, tp_dst);
1508}
1509
bb170644
PB		 1510#define FLOWER_PUT_MASKED_VALUE(member, type) \
1511 nl_msg_put_masked_value(request, type, type##_MASK, &flower->key.member, \
1512 &flower->mask.member, sizeof flower->key.member)
1513
8ada482b 1514static int
f98e418f
RD		 1515nl_msg_put_flower_options(struct ofpbuf *request, struct tc_flower *flower)
1516{
8ada482b 1517
f98e418f
RD		 1518 uint16_t host_eth_type = ntohs(flower->key.eth_type);
1519 bool is_vlan = (host_eth_type == ETH_TYPE_VLAN);
8ada482b
PB		 1520 int err;
1521
d6118e62
PB		 1522 /* need to parse acts first as some acts require changing the matching
1523 * see csum_update_flag() */
8ada482b
PB		 1524 err = nl_msg_put_flower_acts(request, flower);
1525 if (err) {
1526 return err;
1527 }
f98e418f
RD		 1528
1529 if (is_vlan) {
1530 host_eth_type = ntohs(flower->key.encap_eth_type);
1531 }
1532
bb170644
PB		 1533 FLOWER_PUT_MASKED_VALUE(dst_mac, TCA_FLOWER_KEY_ETH_DST);
1534 FLOWER_PUT_MASKED_VALUE(src_mac, TCA_FLOWER_KEY_ETH_SRC);
f98e418f
RD		 1535
1536 if (host_eth_type == ETH_P_IP || host_eth_type == ETH_P_IPV6) {
1537 if (flower->mask.ip_proto && flower->key.ip_proto) {
1538 nl_msg_put_u8(request, TCA_FLOWER_KEY_IP_PROTO,
1539 flower->key.ip_proto);
1540 }
1541
83e86606 1542 if (flower->mask.flags) {
7e0f69b5 1543 nl_msg_put_be32(request, TCA_FLOWER_KEY_FLAGS,
83e86606 1544 htonl(flower->key.flags));
7e0f69b5 1545 nl_msg_put_be32(request, TCA_FLOWER_KEY_FLAGS_MASK,
83e86606
RD		 1546 htonl(flower->mask.flags));
1547 }
1548
f98e418f 1549 if (flower->key.ip_proto == IPPROTO_UDP) {
2b1d9fa9
PB		 1550 FLOWER_PUT_MASKED_VALUE(udp_src, TCA_FLOWER_KEY_UDP_SRC);
1551 FLOWER_PUT_MASKED_VALUE(udp_dst, TCA_FLOWER_KEY_UDP_DST);
f98e418f 1552 } else if (flower->key.ip_proto == IPPROTO_TCP) {
2b1d9fa9
PB		 1553 FLOWER_PUT_MASKED_VALUE(tcp_src, TCA_FLOWER_KEY_TCP_SRC);
1554 FLOWER_PUT_MASKED_VALUE(tcp_dst, TCA_FLOWER_KEY_TCP_DST);
cd081043 1555 FLOWER_PUT_MASKED_VALUE(tcp_flags, TCA_FLOWER_KEY_TCP_FLAGS);
4862b4e5 1556 } else if (flower->key.ip_proto == IPPROTO_SCTP) {
2b1d9fa9
PB		 1557 FLOWER_PUT_MASKED_VALUE(sctp_src, TCA_FLOWER_KEY_SCTP_SRC);
1558 FLOWER_PUT_MASKED_VALUE(sctp_dst, TCA_FLOWER_KEY_SCTP_DST);
f98e418f
RD		 1559 }
1560 }
1561
1562 if (host_eth_type == ETH_P_IP) {
bb170644
PB		 1563 FLOWER_PUT_MASKED_VALUE(ipv4.ipv4_src, TCA_FLOWER_KEY_IPV4_SRC);
1564 FLOWER_PUT_MASKED_VALUE(ipv4.ipv4_dst, TCA_FLOWER_KEY_IPV4_DST);
0b4b5203 1565 FLOWER_PUT_MASKED_VALUE(ip_ttl, TCA_FLOWER_KEY_IP_TTL);
f98e418f 1566 } else if (host_eth_type == ETH_P_IPV6) {
bb170644
PB		 1567 FLOWER_PUT_MASKED_VALUE(ipv6.ipv6_src, TCA_FLOWER_KEY_IPV6_SRC);
1568 FLOWER_PUT_MASKED_VALUE(ipv6.ipv6_dst, TCA_FLOWER_KEY_IPV6_DST);
f98e418f
RD		 1569 }
1570
1571 nl_msg_put_be16(request, TCA_FLOWER_KEY_ETH_TYPE, flower->key.eth_type);
1572
1573 if (is_vlan) {
1574 if (flower->key.vlan_id || flower->key.vlan_prio) {
1575 nl_msg_put_u16(request, TCA_FLOWER_KEY_VLAN_ID,
1576 flower->key.vlan_id);
1577 nl_msg_put_u8(request, TCA_FLOWER_KEY_VLAN_PRIO,
1578 flower->key.vlan_prio);
1579 }
1580 if (flower->key.encap_eth_type) {
1581 nl_msg_put_be16(request, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
1582 flower->key.encap_eth_type);
1583 }
1584 }
1585
691d20cb 1586 nl_msg_put_u32(request, TCA_FLOWER_FLAGS, tc_get_tc_cls_policy(tc_policy));
f98e418f
RD		 1587
1588 if (flower->tunnel.tunnel) {
1589 nl_msg_put_flower_tunnel(request, flower);
1590 }
1591
8ada482b 1592 return 0;
f98e418f
RD		 1593}
1594
1595int
1596tc_replace_flower(int ifindex, uint16_t prio, uint32_t handle,
1597 struct tc_flower *flower)
1598{
1599 struct ofpbuf request;
1600 struct tcmsg *tcmsg;
1601 struct ofpbuf *reply;
1602 int error = 0;
1603 size_t basic_offset;
1604 uint16_t eth_type = (OVS_FORCE uint16_t) flower->key.eth_type;
1605
1606 tcmsg = tc_make_request(ifindex, RTM_NEWTFILTER,
1607 NLM_F_CREATE | NLM_F_ECHO, &request);
1608 tcmsg->tcm_parent = TC_INGRESS_PARENT;
1609 tcmsg->tcm_info = tc_make_handle(prio, eth_type);
1610 tcmsg->tcm_handle = handle;
1611
1612 nl_msg_put_string(&request, TCA_KIND, "flower");
1613 basic_offset = nl_msg_start_nested(&request, TCA_OPTIONS);
1614 {
8ada482b
PB		 1615 error = nl_msg_put_flower_options(&request, flower);
1616
1617 if (error) {
1618 ofpbuf_uninit(&request);
1619 return error;
1620 }
f98e418f
RD		 1621 }
1622 nl_msg_end_nested(&request, basic_offset);
1623
1624 error = tc_transact(&request, &reply);
1625 if (!error) {
1626 struct tcmsg *tc =
1627 ofpbuf_at_assert(reply, NLMSG_HDRLEN, sizeof *tc);
1628
1629 flower->prio = tc_get_major(tc->tcm_info);
1630 flower->handle = tc->tcm_handle;
1631 ofpbuf_delete(reply);
1632 }
1633
1634 return error;
1635}
691d20cb
PB		 1636
1637void
1638tc_set_policy(const char *policy)
1639{
1640 if (!policy) {
1641 return;
1642 }
1643
1644 if (!strcmp(policy, "skip_sw")) {
1645 tc_policy = TC_POLICY_SKIP_SW;
1646 } else if (!strcmp(policy, "skip_hw")) {
1647 tc_policy = TC_POLICY_SKIP_HW;
1648 } else if (!strcmp(policy, "none")) {
1649 tc_policy = TC_POLICY_NONE;
1650 } else {
1651 VLOG_WARN("tc: Invalid policy '%s'", policy);
1652 return;
1653 }
1654
1655 VLOG_INFO("tc: Using policy '%s'", policy);
1656}
openvswitch mirror