]> git.proxmox.com Git - mirror_ovs.git/blame - lib/tc.c
projects / mirror_ovs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
netdev-tc-offloads: Add support to match on 802.1AD ethertype
[mirror_ovs.git] / lib / tc.c
CommitLineData
c1c5c723 1/*
ef3767f5 2 * Copyright (c) 2009-2017 Nicira, Inc.
f98e418f 3 * Copyright (c) 2016 Mellanox Technologies, Ltd.
c1c5c723
PB		 4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18#include <config.h>
19#include "tc.h"
ef3767f5 20
c1c5c723 21#include <errno.h>
f98e418f
RD		 22#include <linux/if_ether.h>
23#include <linux/rtnetlink.h>
8ada482b 24#include <linux/tc_act/tc_csum.h>
f98e418f
RD		 25#include <linux/tc_act/tc_gact.h>
26#include <linux/tc_act/tc_mirred.h>
8ada482b 27#include <linux/tc_act/tc_pedit.h>
f98e418f
RD		 28#include <linux/tc_act/tc_tunnel_key.h>
29#include <linux/tc_act/tc_vlan.h>
30#include <linux/gen_stats.h>
31#include <net/if.h>
8c1e74d1 32#include <unistd.h>
ef3767f5 33
f98e418f 34#include "byte-order.h"
c1c5c723
PB		 35#include "netlink-socket.h"
36#include "netlink.h"
37#include "openvswitch/ofpbuf.h"
8ada482b 38#include "openvswitch/util.h"
c1c5c723 39#include "openvswitch/vlog.h"
f98e418f
RD		 40#include "packets.h"
41#include "timeval.h"
ef3767f5 42#include "unaligned.h"
c1c5c723 43
8ada482b
PB		 44#define MAX_PEDIT_OFFSETS 32
45
093c9458
JH		 46#ifndef TCM_IFINDEX_MAGIC_BLOCK
47#define TCM_IFINDEX_MAGIC_BLOCK (0xFFFFFFFFU)
48#endif
49
50#if TCA_MAX < 14
51#define TCA_INGRESS_BLOCK 13
52#endif
53
c1c5c723
PB		 54VLOG_DEFINE_THIS_MODULE(tc);
55
f98e418f
RD		 56static struct vlog_rate_limit error_rl = VLOG_RATE_LIMIT_INIT(60, 5);
57
691d20cb
PB		 58enum tc_offload_policy {
59 TC_POLICY_NONE,
60 TC_POLICY_SKIP_SW,
61 TC_POLICY_SKIP_HW
62};
63
64static enum tc_offload_policy tc_policy = TC_POLICY_NONE;
65
8ada482b
PB		 66struct tc_pedit_key_ex {
67 enum pedit_header_type htype;
68 enum pedit_cmd cmd;
69};
70
71struct flower_key_to_pedit {
72 enum pedit_header_type htype;
8ada482b 73 int offset;
fbaf1bf9 74 int flower_offset;
8ada482b
PB		 75 int size;
76};
77
78static struct flower_key_to_pedit flower_pedit_map[] = {
79 {
80 TCA_PEDIT_KEY_EX_HDR_TYPE_IP4,
81 12,
82 offsetof(struct tc_flower_key, ipv4.ipv4_src),
83 MEMBER_SIZEOF(struct tc_flower_key, ipv4.ipv4_src)
84 }, {
85 TCA_PEDIT_KEY_EX_HDR_TYPE_IP4,
86 16,
87 offsetof(struct tc_flower_key, ipv4.ipv4_dst),
88 MEMBER_SIZEOF(struct tc_flower_key, ipv4.ipv4_dst)
89 }, {
90 TCA_PEDIT_KEY_EX_HDR_TYPE_IP4,
91 8,
92 offsetof(struct tc_flower_key, ipv4.rewrite_ttl),
93 MEMBER_SIZEOF(struct tc_flower_key, ipv4.rewrite_ttl)
94 }, {
95 TCA_PEDIT_KEY_EX_HDR_TYPE_IP6,
96 8,
97 offsetof(struct tc_flower_key, ipv6.ipv6_src),
98 MEMBER_SIZEOF(struct tc_flower_key, ipv6.ipv6_src)
99 }, {
100 TCA_PEDIT_KEY_EX_HDR_TYPE_IP6,
101 24,
102 offsetof(struct tc_flower_key, ipv6.ipv6_dst),
103 MEMBER_SIZEOF(struct tc_flower_key, ipv6.ipv6_dst)
104 }, {
105 TCA_PEDIT_KEY_EX_HDR_TYPE_ETH,
106 6,
107 offsetof(struct tc_flower_key, src_mac),
108 MEMBER_SIZEOF(struct tc_flower_key, src_mac)
109 }, {
110 TCA_PEDIT_KEY_EX_HDR_TYPE_ETH,
111 0,
112 offsetof(struct tc_flower_key, dst_mac),
113 MEMBER_SIZEOF(struct tc_flower_key, dst_mac)
114 }, {
115 TCA_PEDIT_KEY_EX_HDR_TYPE_ETH,
116 12,
117 offsetof(struct tc_flower_key, eth_type),
118 MEMBER_SIZEOF(struct tc_flower_key, eth_type)
119 }, {
120 TCA_PEDIT_KEY_EX_HDR_TYPE_TCP,
121 0,
122 offsetof(struct tc_flower_key, tcp_src),
123 MEMBER_SIZEOF(struct tc_flower_key, tcp_src)
124 }, {
125 TCA_PEDIT_KEY_EX_HDR_TYPE_TCP,
126 2,
127 offsetof(struct tc_flower_key, tcp_dst),
128 MEMBER_SIZEOF(struct tc_flower_key, tcp_dst)
129 }, {
130 TCA_PEDIT_KEY_EX_HDR_TYPE_UDP,
131 0,
132 offsetof(struct tc_flower_key, udp_src),
133 MEMBER_SIZEOF(struct tc_flower_key, udp_src)
134 }, {
135 TCA_PEDIT_KEY_EX_HDR_TYPE_UDP,
136 2,
137 offsetof(struct tc_flower_key, udp_dst),
138 MEMBER_SIZEOF(struct tc_flower_key, udp_dst)
139 },
140};
141
d6118e62
PB		 142static inline int
143csum_update_flag(struct tc_flower *flower,
144 enum pedit_header_type htype);
145
c1c5c723
PB		 146struct tcmsg *
147tc_make_request(int ifindex, int type, unsigned int flags,
148 struct ofpbuf *request)
149{
150 struct tcmsg *tcmsg;
151
152 ofpbuf_init(request, 512);
153 nl_msg_put_nlmsghdr(request, sizeof *tcmsg, type, NLM_F_REQUEST | flags);
154 tcmsg = ofpbuf_put_zeros(request, sizeof *tcmsg);
155 tcmsg->tcm_family = AF_UNSPEC;
156 tcmsg->tcm_ifindex = ifindex;
157 /* Caller should fill in tcmsg->tcm_handle. */
158 /* Caller should fill in tcmsg->tcm_parent. */
159
160 return tcmsg;
161}
162
163int
164tc_transact(struct ofpbuf *request, struct ofpbuf **replyp)
165{
166 int error = nl_transact(NETLINK_ROUTE, request, replyp);
167 ofpbuf_uninit(request);
168 return error;
169}
170
171/* Adds or deletes a root ingress qdisc on device with specified ifindex.
172 *
173 * This function is equivalent to running the following when 'add' is true:
174 * /sbin/tc qdisc add dev <devname> handle ffff: ingress
175 *
176 * This function is equivalent to running the following when 'add' is false:
177 * /sbin/tc qdisc del dev <devname> handle ffff: ingress
178 *
179 * Where dev <devname> is the device with specified ifindex name.
180 *
181 * The configuration and stats may be seen with the following command:
182 * /sbin/tc -s qdisc show dev <devname>
183 *
093c9458
JH		 184 * If block_id is greater than 0, then the ingress qdisc is added to a block.
185 * In this case, it is equivalent to running (when 'add' is true):
186 * /sbin/tc qdisc add dev <devname> ingress_block <block_id> ingress
187 *
c1c5c723
PB		 188 * Returns 0 if successful, otherwise a positive errno value.
189 */
190int
093c9458 191tc_add_del_ingress_qdisc(int ifindex, bool add, uint32_t block_id)
c1c5c723
PB		 192{
193 struct ofpbuf request;
194 struct tcmsg *tcmsg;
195 int error;
196 int type = add ? RTM_NEWQDISC : RTM_DELQDISC;
197 int flags = add ? NLM_F_EXCL | NLM_F_CREATE : 0;
198
199 tcmsg = tc_make_request(ifindex, type, flags, &request);
209832d5 200 tcmsg->tcm_handle = TC_H_MAKE(TC_H_INGRESS, 0);
c1c5c723
PB		 201 tcmsg->tcm_parent = TC_H_INGRESS;
202 nl_msg_put_string(&request, TCA_KIND, "ingress");
203 nl_msg_put_unspec(&request, TCA_OPTIONS, NULL, 0);
093c9458
JH		 204 if (block_id) {
205 nl_msg_put_u32(&request, TCA_INGRESS_BLOCK, block_id);
206 }
c1c5c723
PB		 207
208 error = tc_transact(&request, NULL);
209 if (error) {
210 /* If we're deleting the qdisc, don't worry about some of the
211 * error conditions. */
212 if (!add && (error == ENOENT || error == EINVAL)) {
213 return 0;
214 }
215 return error;
216 }
217
218 return 0;
219}
f98e418f
RD		 220
221static const struct nl_policy tca_policy[] = {
222 [TCA_KIND] = { .type = NL_A_STRING, .optional = false, },
223 [TCA_OPTIONS] = { .type = NL_A_NESTED, .optional = false, },
224 [TCA_STATS] = { .type = NL_A_UNSPEC,
225 .min_len = sizeof(struct tc_stats), .optional = true, },
226 [TCA_STATS2] = { .type = NL_A_NESTED, .optional = true, },
227};
228
229static const struct nl_policy tca_flower_policy[] = {
230 [TCA_FLOWER_CLASSID] = { .type = NL_A_U32, .optional = true, },
231 [TCA_FLOWER_INDEV] = { .type = NL_A_STRING, .max_len = IFNAMSIZ,
232 .optional = true, },
233 [TCA_FLOWER_KEY_ETH_SRC] = { .type = NL_A_UNSPEC,
234 .min_len = ETH_ALEN, .optional = true, },
235 [TCA_FLOWER_KEY_ETH_DST] = { .type = NL_A_UNSPEC,
236 .min_len = ETH_ALEN, .optional = true, },
237 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .type = NL_A_UNSPEC,
238 .min_len = ETH_ALEN,
239 .optional = true, },
240 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .type = NL_A_UNSPEC,
241 .min_len = ETH_ALEN,
242 .optional = true, },
243 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NL_A_U16, .optional = false, },
244 [TCA_FLOWER_FLAGS] = { .type = NL_A_U32, .optional = false, },
245 [TCA_FLOWER_ACT] = { .type = NL_A_NESTED, .optional = false, },
246 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NL_A_U8, .optional = true, },
247 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NL_A_U32, .optional = true, },
248 [TCA_FLOWER_KEY_IPV4_DST] = {.type = NL_A_U32, .optional = true, },
249 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NL_A_U32, .optional = true, },
250 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NL_A_U32, .optional = true, },
251 [TCA_FLOWER_KEY_IPV6_SRC] = { .type = NL_A_UNSPEC,
252 .min_len = sizeof(struct in6_addr),
253 .optional = true, },
254 [TCA_FLOWER_KEY_IPV6_DST] = { .type = NL_A_UNSPEC,
255 .min_len = sizeof(struct in6_addr),
256 .optional = true, },
257 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .type = NL_A_UNSPEC,
258 .min_len = sizeof(struct in6_addr),
259 .optional = true, },
260 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .type = NL_A_UNSPEC,
261 .min_len = sizeof(struct in6_addr),
262 .optional = true, },
263 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NL_A_U16, .optional = true, },
264 [TCA_FLOWER_KEY_TCP_DST] = { .type = NL_A_U16, .optional = true, },
265 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NL_A_U16, .optional = true, },
266 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NL_A_U16, .optional = true, },
267 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NL_A_U16, .optional = true, },
268 [TCA_FLOWER_KEY_UDP_DST] = { .type = NL_A_U16, .optional = true, },
269 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NL_A_U16, .optional = true, },
270 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NL_A_U16, .optional = true, },
4862b4e5
VB		 271 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NL_A_U16, .optional = true, },
272 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NL_A_U16, .optional = true, },
273 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NL_A_U16, .optional = true, },
274 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NL_A_U16, .optional = true, },
f98e418f
RD		 275 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NL_A_U16, .optional = true, },
276 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NL_A_U8, .optional = true, },
277 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NL_A_U16, .optional = true, },
278 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NL_A_U32, .optional = true, },
279 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NL_A_U32, .optional = true, },
280 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NL_A_U32, .optional = true, },
281 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NL_A_U32,
282 .optional = true, },
283 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NL_A_U32,
284 .optional = true, },
285 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .type = NL_A_UNSPEC,
286 .min_len = sizeof(struct in6_addr),
287 .optional = true, },
288 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .type = NL_A_UNSPEC,
289 .min_len = sizeof(struct in6_addr),
290 .optional = true, },
291 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .type = NL_A_UNSPEC,
292 .min_len = sizeof(struct in6_addr),
293 .optional = true, },
294 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .type = NL_A_UNSPEC,
295 .min_len = sizeof(struct in6_addr),
296 .optional = true, },
297 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NL_A_U16,
298 .optional = true, },
83e86606
RD		 299 [TCA_FLOWER_KEY_FLAGS] = { .type = NL_A_BE32, .optional = true, },
300 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NL_A_BE32, .optional = true, },
0b4b5203
PB		 301 [TCA_FLOWER_KEY_IP_TTL] = { .type = NL_A_U8,
302 .optional = true, },
303 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NL_A_U8,
304 .optional = true, },
cd081043
PB		 305 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NL_A_U16,
306 .optional = true, },
307 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NL_A_U16,
308 .optional = true, },
f98e418f
RD		 309};
310
311static void
312nl_parse_flower_eth(struct nlattr **attrs, struct tc_flower *flower)
313{
314 const struct eth_addr *eth;
315
316 if (attrs[TCA_FLOWER_KEY_ETH_SRC_MASK]) {
317 eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_SRC], ETH_ALEN);
318 memcpy(&flower->key.src_mac, eth, sizeof flower->key.src_mac);
319
320 eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_SRC_MASK], ETH_ALEN);
321 memcpy(&flower->mask.src_mac, eth, sizeof flower->mask.src_mac);
322 }
323 if (attrs[TCA_FLOWER_KEY_ETH_DST_MASK]) {
324 eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_DST], ETH_ALEN);
325 memcpy(&flower->key.dst_mac, eth, sizeof flower->key.dst_mac);
326
327 eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_DST_MASK], ETH_ALEN);
328 memcpy(&flower->mask.dst_mac, eth, sizeof flower->mask.dst_mac);
329 }
330}
331
332static void
333nl_parse_flower_vlan(struct nlattr **attrs, struct tc_flower *flower)
334{
b5ad40a9 335 if (!eth_type_vlan(flower->key.eth_type)) {
f98e418f
RD		 336 return;
337 }
338
339 flower->key.encap_eth_type =
340 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_ETH_TYPE]);
341
342 if (attrs[TCA_FLOWER_KEY_VLAN_ID]) {
343 flower->key.vlan_id =
344 nl_attr_get_u16(attrs[TCA_FLOWER_KEY_VLAN_ID]);
345 }
346 if (attrs[TCA_FLOWER_KEY_VLAN_PRIO]) {
347 flower->key.vlan_prio =
348 nl_attr_get_u8(attrs[TCA_FLOWER_KEY_VLAN_PRIO]);
349 }
350}
351
352static void
353nl_parse_flower_tunnel(struct nlattr **attrs, struct tc_flower *flower)
354{
355 if (attrs[TCA_FLOWER_KEY_ENC_KEY_ID]) {
356 ovs_be32 id = nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_KEY_ID]);
357
358 flower->tunnel.id = be32_to_be64(id);
359 }
360 if (attrs[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK]) {
361 flower->tunnel.ipv4.ipv4_src =
362 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_IPV4_SRC]);
363 }
364 if (attrs[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK]) {
365 flower->tunnel.ipv4.ipv4_dst =
366 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_IPV4_DST]);
367 }
368 if (attrs[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK]) {
369 flower->tunnel.ipv6.ipv6_src =
370 nl_attr_get_in6_addr(attrs[TCA_FLOWER_KEY_ENC_IPV6_SRC]);
371 }
372 if (attrs[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK]) {
373 flower->tunnel.ipv6.ipv6_dst =
374 nl_attr_get_in6_addr(attrs[TCA_FLOWER_KEY_ENC_IPV6_DST]);
375 }
376 if (attrs[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]) {
377 flower->tunnel.tp_dst =
378 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]);
379 }
380}
381
382static void
383nl_parse_flower_ip(struct nlattr **attrs, struct tc_flower *flower) {
384 uint8_t ip_proto = 0;
385 struct tc_flower_key *key = &flower->key;
386 struct tc_flower_key *mask = &flower->mask;
387
388 if (attrs[TCA_FLOWER_KEY_IP_PROTO]) {
389 ip_proto = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_PROTO]);
390 key->ip_proto = ip_proto;
391 mask->ip_proto = UINT8_MAX;
392 }
393
83e86606 394 if (attrs[TCA_FLOWER_KEY_FLAGS_MASK]) {
7e0f69b5
IS		 395 key->flags = ntohl(nl_attr_get_be32(attrs[TCA_FLOWER_KEY_FLAGS]));
396 mask->flags =
397 ntohl(nl_attr_get_be32(attrs[TCA_FLOWER_KEY_FLAGS_MASK]));
83e86606
RD		 398 }
399
f98e418f
RD		 400 if (attrs[TCA_FLOWER_KEY_IPV4_SRC_MASK]) {
401 key->ipv4.ipv4_src =
402 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_SRC]);
403 mask->ipv4.ipv4_src =
404 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_SRC_MASK]);
405 }
406 if (attrs[TCA_FLOWER_KEY_IPV4_DST_MASK]) {
407 key->ipv4.ipv4_dst =
408 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_DST]);
409 mask->ipv4.ipv4_dst =
410 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_DST_MASK]);
411 }
412 if (attrs[TCA_FLOWER_KEY_IPV6_SRC_MASK]) {
413 struct nlattr *attr = attrs[TCA_FLOWER_KEY_IPV6_SRC];
414 struct nlattr *attr_mask = attrs[TCA_FLOWER_KEY_IPV6_SRC_MASK];
415
416 key->ipv6.ipv6_src = nl_attr_get_in6_addr(attr);
417 mask->ipv6.ipv6_src = nl_attr_get_in6_addr(attr_mask);
418 }
419 if (attrs[TCA_FLOWER_KEY_IPV6_DST_MASK]) {
420 struct nlattr *attr = attrs[TCA_FLOWER_KEY_IPV6_DST];
421 struct nlattr *attr_mask = attrs[TCA_FLOWER_KEY_IPV6_DST_MASK];
422
423 key->ipv6.ipv6_dst = nl_attr_get_in6_addr(attr);
424 mask->ipv6.ipv6_dst = nl_attr_get_in6_addr(attr_mask);
425 }
426
427 if (ip_proto == IPPROTO_TCP) {
428 if (attrs[TCA_FLOWER_KEY_TCP_SRC_MASK]) {
2b1d9fa9 429 key->tcp_src =
f98e418f 430 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_SRC]);
2b1d9fa9 431 mask->tcp_src =
f98e418f
RD		 432 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_SRC_MASK]);
433 }
434 if (attrs[TCA_FLOWER_KEY_TCP_DST_MASK]) {
2b1d9fa9 435 key->tcp_dst =
f98e418f 436 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_DST]);
2b1d9fa9 437 mask->tcp_dst =
f98e418f
RD		 438 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_DST_MASK]);
439 }
cd081043
PB		 440 if (attrs[TCA_FLOWER_KEY_TCP_FLAGS_MASK]) {
441 key->tcp_flags =
442 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_FLAGS]);
443 mask->tcp_flags =
444 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_FLAGS_MASK]);
445 }
f98e418f
RD		 446 } else if (ip_proto == IPPROTO_UDP) {
447 if (attrs[TCA_FLOWER_KEY_UDP_SRC_MASK]) {
2b1d9fa9
PB		 448 key->udp_src = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_SRC]);
449 mask->udp_src =
f98e418f
RD		 450 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_SRC_MASK]);
451 }
452 if (attrs[TCA_FLOWER_KEY_UDP_DST_MASK]) {
2b1d9fa9
PB		 453 key->udp_dst = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_DST]);
454 mask->udp_dst =
f98e418f
RD		 455 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_DST_MASK]);
456 }
4862b4e5
VB		 457 } else if (ip_proto == IPPROTO_SCTP) {
458 if (attrs[TCA_FLOWER_KEY_SCTP_SRC_MASK]) {
2b1d9fa9
PB		 459 key->sctp_src = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_SRC]);
460 mask->sctp_src =
4862b4e5
VB		 461 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_SRC_MASK]);
462 }
463 if (attrs[TCA_FLOWER_KEY_SCTP_DST_MASK]) {
2b1d9fa9
PB		 464 key->sctp_dst = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_DST]);
465 mask->sctp_dst =
4862b4e5
VB		 466 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_DST_MASK]);
467 }
f98e418f 468 }
0b4b5203
PB		 469
470 if (attrs[TCA_FLOWER_KEY_IP_TTL_MASK]) {
471 key->ip_ttl = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_TTL]);
472 mask->ip_ttl = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_TTL_MASK]);
473 }
f98e418f
RD		 474}
475
d63ca532
GT		 476static enum tc_offloaded_state
477nl_get_flower_offloaded_state(struct nlattr **attrs)
478{
479 uint32_t flower_flags = 0;
480
481 if (attrs[TCA_FLOWER_FLAGS]) {
482 flower_flags = nl_attr_get_u32(attrs[TCA_FLOWER_FLAGS]);
483 if (flower_flags & TCA_CLS_FLAGS_NOT_IN_HW) {
484 return TC_OFFLOADED_STATE_NOT_IN_HW;
485 } else if (flower_flags & TCA_CLS_FLAGS_IN_HW) {
486 return TC_OFFLOADED_STATE_IN_HW;
487 }
488 }
489 return TC_OFFLOADED_STATE_UNDEFINED;
490}
491
492static void
493nl_parse_flower_flags(struct nlattr **attrs, struct tc_flower *flower)
494{
495 flower->offloaded_state = nl_get_flower_offloaded_state(attrs);
496}
497
8ada482b
PB		 498static const struct nl_policy pedit_policy[] = {
499 [TCA_PEDIT_PARMS_EX] = { .type = NL_A_UNSPEC,
500 .min_len = sizeof(struct tc_pedit),
501 .optional = false, },
502 [TCA_PEDIT_KEYS_EX] = { .type = NL_A_NESTED,
503 .optional = false, },
504};
505
506static int
507nl_parse_act_pedit(struct nlattr *options, struct tc_flower *flower)
508{
0c70132c 509 struct tc_action *action;
8ada482b
PB		 510 struct nlattr *pe_attrs[ARRAY_SIZE(pedit_policy)];
511 const struct tc_pedit *pe;
512 const struct tc_pedit_key *keys;
513 const struct nlattr *nla, *keys_ex, *ex_type;
514 const void *keys_attr;
515 char *rewrite_key = (void *) &flower->rewrite.key;
516 char *rewrite_mask = (void *) &flower->rewrite.mask;
517 size_t keys_ex_size, left;
d6118e62 518 int type, i = 0, err;
8ada482b
PB		 519
520 if (!nl_parse_nested(options, pedit_policy, pe_attrs,
521 ARRAY_SIZE(pedit_policy))) {
522 VLOG_ERR_RL(&error_rl, "failed to parse pedit action options");
523 return EPROTO;
524 }
525
526 pe = nl_attr_get_unspec(pe_attrs[TCA_PEDIT_PARMS_EX], sizeof *pe);
527 keys = pe->keys;
528 keys_attr = pe_attrs[TCA_PEDIT_KEYS_EX];
529 keys_ex = nl_attr_get(keys_attr);
530 keys_ex_size = nl_attr_get_size(keys_attr);
531
532 NL_ATTR_FOR_EACH (nla, left, keys_ex, keys_ex_size) {
533 if (i >= pe->nkeys) {
534 break;
535 }
536
408671c4 537 if (nl_attr_type(nla) != TCA_PEDIT_KEY_EX) {
8ada482b
PB		 538 VLOG_ERR_RL(&error_rl, "unable to parse legacy pedit type: %d",
539 nl_attr_type(nla));
540 return EOPNOTSUPP;
541 }
542
543 ex_type = nl_attr_find_nested(nla, TCA_PEDIT_KEY_EX_HTYPE);
544 type = nl_attr_get_u16(ex_type);
545
d6118e62
PB		 546 err = csum_update_flag(flower, type);
547 if (err) {
548 return err;
549 }
550
8ada482b
PB		 551 for (int j = 0; j < ARRAY_SIZE(flower_pedit_map); j++) {
552 struct flower_key_to_pedit *m = &flower_pedit_map[j];
553 int flower_off = m->flower_offset;
554 int sz = m->size;
555 int mf = m->offset;
556
557 if (m->htype != type) {
558 continue;
559 }
560
561 /* check overlap between current pedit key, which is always
562 * 4 bytes (range [off, off + 3]), and a map entry in
563 * flower_pedit_map (range [mf, mf + sz - 1]) */
564 if ((keys->off >= mf && keys->off < mf + sz)
565 || (keys->off + 3 >= mf && keys->off + 3 < mf + sz)) {
566 int diff = flower_off + (keys->off - mf);
567 uint32_t *dst = (void *) (rewrite_key + diff);
568 uint32_t *dst_m = (void *) (rewrite_mask + diff);
569 uint32_t mask = ~(keys->mask);
570 uint32_t zero_bits;
571
572 if (keys->off < mf) {
573 zero_bits = 8 * (mf - keys->off);
574 mask &= UINT32_MAX << zero_bits;
575 } else if (keys->off + 4 > mf + m->size) {
576 zero_bits = 8 * (keys->off + 4 - mf - m->size);
577 mask &= UINT32_MAX >> zero_bits;
578 }
579
580 *dst_m |= mask;
581 *dst |= keys->val & mask;
582 }
583 }
584
585 keys++;
586 i++;
587 }
588
0c70132c
CM		 589 action = &flower->actions[flower->action_count++];
590 action->type = TC_ACT_PEDIT;
8ada482b
PB		 591
592 return 0;
593}
594
f98e418f
RD		 595static const struct nl_policy tunnel_key_policy[] = {
596 [TCA_TUNNEL_KEY_PARMS] = { .type = NL_A_UNSPEC,
597 .min_len = sizeof(struct tc_tunnel_key),
598 .optional = false, },
599 [TCA_TUNNEL_KEY_ENC_IPV4_SRC] = { .type = NL_A_U32, .optional = true, },
600 [TCA_TUNNEL_KEY_ENC_IPV4_DST] = { .type = NL_A_U32, .optional = true, },
601 [TCA_TUNNEL_KEY_ENC_IPV6_SRC] = { .type = NL_A_UNSPEC,
602 .min_len = sizeof(struct in6_addr),
603 .optional = true, },
604 [TCA_TUNNEL_KEY_ENC_IPV6_DST] = { .type = NL_A_UNSPEC,
605 .min_len = sizeof(struct in6_addr),
606 .optional = true, },
607 [TCA_TUNNEL_KEY_ENC_KEY_ID] = { .type = NL_A_U32, .optional = true, },
608 [TCA_TUNNEL_KEY_ENC_DST_PORT] = { .type = NL_A_U16, .optional = true, },
609};
610
611static int
612nl_parse_act_tunnel_key(struct nlattr *options, struct tc_flower *flower)
613{
614 struct nlattr *tun_attrs[ARRAY_SIZE(tunnel_key_policy)];
615 const struct nlattr *tun_parms;
616 const struct tc_tunnel_key *tun;
0c70132c 617 struct tc_action *action;
f98e418f
RD		 618
619 if (!nl_parse_nested(options, tunnel_key_policy, tun_attrs,
620 ARRAY_SIZE(tunnel_key_policy))) {
621 VLOG_ERR_RL(&error_rl, "failed to parse tunnel_key action options");
622 return EPROTO;
623 }
624
625 tun_parms = tun_attrs[TCA_TUNNEL_KEY_PARMS];
626 tun = nl_attr_get_unspec(tun_parms, sizeof *tun);
627 if (tun->t_action == TCA_TUNNEL_KEY_ACT_SET) {
628 struct nlattr *id = tun_attrs[TCA_TUNNEL_KEY_ENC_KEY_ID];
629 struct nlattr *dst_port = tun_attrs[TCA_TUNNEL_KEY_ENC_DST_PORT];
630 struct nlattr *ipv4_src = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV4_SRC];
631 struct nlattr *ipv4_dst = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV4_DST];
632 struct nlattr *ipv6_src = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV6_SRC];
633 struct nlattr *ipv6_dst = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV6_DST];
634
0c70132c
CM		 635 action = &flower->actions[flower->action_count++];
636 action->type = TC_ACT_ENCAP;
637 action->encap.ipv4.ipv4_src = ipv4_src ? nl_attr_get_be32(ipv4_src) : 0;
638 action->encap.ipv4.ipv4_dst = ipv4_dst ? nl_attr_get_be32(ipv4_dst) : 0;
f98e418f 639 if (ipv6_src) {
0c70132c 640 action->encap.ipv6.ipv6_src = nl_attr_get_in6_addr(ipv6_src);
f98e418f
RD		 641 }
642 if (ipv6_dst) {
0c70132c 643 action->encap.ipv6.ipv6_dst = nl_attr_get_in6_addr(ipv6_dst);
f98e418f 644 }
0c70132c
CM		 645 action->encap.id = id ? be32_to_be64(nl_attr_get_be32(id)) : 0;
646 action->encap.tp_dst = dst_port ? nl_attr_get_be16(dst_port) : 0;
f98e418f
RD		 647 } else if (tun->t_action == TCA_TUNNEL_KEY_ACT_RELEASE) {
648 flower->tunnel.tunnel = true;
649 } else {
650 VLOG_ERR_RL(&error_rl, "unknown tunnel actions: %d, %d",
651 tun->action, tun->t_action);
652 return EINVAL;
653 }
654 return 0;
655}
656
657static const struct nl_policy gact_policy[] = {
658 [TCA_GACT_PARMS] = { .type = NL_A_UNSPEC,
659 .min_len = sizeof(struct tc_gact),
660 .optional = false, },
661 [TCA_GACT_TM] = { .type = NL_A_UNSPEC,
662 .min_len = sizeof(struct tcf_t),
663 .optional = false, },
664};
665
8c1e74d1
PB		 666static int
667get_user_hz(void)
668{
669 static struct ovsthread_once once = OVSTHREAD_ONCE_INITIALIZER;
670 static int user_hz = 100;
671
672 if (ovsthread_once_start(&once)) {
673 user_hz = sysconf(_SC_CLK_TCK);
674 ovsthread_once_done(&once);
675 }
676
677 return user_hz;
678}
f98e418f
RD		 679
680static void
681nl_parse_tcf(const struct tcf_t *tm, struct tc_flower *flower)
682{
8c1e74d1 683 flower->lastused = time_msec() - (tm->lastuse * 1000 / get_user_hz());
f98e418f
RD		 684}
685
686static int
687nl_parse_act_drop(struct nlattr *options, struct tc_flower *flower)
688{
689 struct nlattr *gact_attrs[ARRAY_SIZE(gact_policy)];
690 const struct tc_gact *p;
691 struct nlattr *gact_parms;
692 const struct tcf_t *tm;
693
694 if (!nl_parse_nested(options, gact_policy, gact_attrs,
695 ARRAY_SIZE(gact_policy))) {
696 VLOG_ERR_RL(&error_rl, "failed to parse gact action options");
697 return EPROTO;
698 }
699
700 gact_parms = gact_attrs[TCA_GACT_PARMS];
701 p = nl_attr_get_unspec(gact_parms, sizeof *p);
702
703 if (p->action != TC_ACT_SHOT) {
704 VLOG_ERR_RL(&error_rl, "unknown gact action: %d", p->action);
705 return EINVAL;
706 }
707
708 tm = nl_attr_get_unspec(gact_attrs[TCA_GACT_TM], sizeof *tm);
709 nl_parse_tcf(tm, flower);
710
711 return 0;
712}
713
714static const struct nl_policy mirred_policy[] = {
715 [TCA_MIRRED_PARMS] = { .type = NL_A_UNSPEC,
716 .min_len = sizeof(struct tc_mirred),
717 .optional = false, },
718 [TCA_MIRRED_TM] = { .type = NL_A_UNSPEC,
719 .min_len = sizeof(struct tcf_t),
720 .optional = false, },
721};
722
723static int
724nl_parse_act_mirred(struct nlattr *options, struct tc_flower *flower)
725{
726
727 struct nlattr *mirred_attrs[ARRAY_SIZE(mirred_policy)];
728 const struct tc_mirred *m;
729 const struct nlattr *mirred_parms;
730 const struct tcf_t *tm;
731 struct nlattr *mirred_tm;
0c70132c 732 struct tc_action *action;
f98e418f
RD		 733
734 if (!nl_parse_nested(options, mirred_policy, mirred_attrs,
735 ARRAY_SIZE(mirred_policy))) {
736 VLOG_ERR_RL(&error_rl, "failed to parse mirred action options");
737 return EPROTO;
738 }
739
740 mirred_parms = mirred_attrs[TCA_MIRRED_PARMS];
741 m = nl_attr_get_unspec(mirred_parms, sizeof *m);
742
0c70132c 743 if (m->eaction != TCA_EGRESS_REDIR && m->eaction != TCA_EGRESS_MIRROR) {
f98e418f 744 VLOG_ERR_RL(&error_rl, "unknown mirred action: %d, %d, %d",
0c70132c 745 m->action, m->eaction, m->ifindex);
f98e418f
RD		 746 return EINVAL;
747 }
748
0c70132c
CM		 749 action = &flower->actions[flower->action_count++];
750 action->ifindex_out = m->ifindex;
751 action->type = TC_ACT_OUTPUT;
f98e418f
RD		 752
753 mirred_tm = mirred_attrs[TCA_MIRRED_TM];
754 tm = nl_attr_get_unspec(mirred_tm, sizeof *tm);
755 nl_parse_tcf(tm, flower);
756
757 return 0;
758}
759
760static const struct nl_policy vlan_policy[] = {
761 [TCA_VLAN_PARMS] = { .type = NL_A_UNSPEC,
762 .min_len = sizeof(struct tc_vlan),
763 .optional = false, },
764 [TCA_VLAN_PUSH_VLAN_ID] = { .type = NL_A_U16, .optional = true, },
765 [TCA_VLAN_PUSH_VLAN_PROTOCOL] = { .type = NL_A_U16, .optional = true, },
766 [TCA_VLAN_PUSH_VLAN_PRIORITY] = { .type = NL_A_U8, .optional = true, },
767};
768
769static int
770nl_parse_act_vlan(struct nlattr *options, struct tc_flower *flower)
771{
772 struct nlattr *vlan_attrs[ARRAY_SIZE(vlan_policy)];
773 const struct tc_vlan *v;
774 const struct nlattr *vlan_parms;
0c70132c 775 struct tc_action *action;
f98e418f
RD		 776
777 if (!nl_parse_nested(options, vlan_policy, vlan_attrs,
778 ARRAY_SIZE(vlan_policy))) {
779 VLOG_ERR_RL(&error_rl, "failed to parse vlan action options");
780 return EPROTO;
781 }
782
0c70132c 783 action = &flower->actions[flower->action_count++];
f98e418f
RD		 784 vlan_parms = vlan_attrs[TCA_VLAN_PARMS];
785 v = nl_attr_get_unspec(vlan_parms, sizeof *v);
786 if (v->v_action == TCA_VLAN_ACT_PUSH) {
61e8655c 787 struct nlattr *vlan_tpid = vlan_attrs[TCA_VLAN_PUSH_VLAN_PROTOCOL];
f98e418f
RD		 788 struct nlattr *vlan_id = vlan_attrs[TCA_VLAN_PUSH_VLAN_ID];
789 struct nlattr *vlan_prio = vlan_attrs[TCA_VLAN_PUSH_VLAN_PRIORITY];
790
61e8655c 791 action->vlan.vlan_push_tpid = nl_attr_get_u16(vlan_tpid);
0c70132c
CM		 792 action->vlan.vlan_push_id = nl_attr_get_u16(vlan_id);
793 action->vlan.vlan_push_prio = vlan_prio ? nl_attr_get_u8(vlan_prio) : 0;
794 action->type = TC_ACT_VLAN_PUSH;
f98e418f 795 } else if (v->v_action == TCA_VLAN_ACT_POP) {
0c70132c 796 action->type = TC_ACT_VLAN_POP;
f98e418f
RD		 797 } else {
798 VLOG_ERR_RL(&error_rl, "unknown vlan action: %d, %d",
799 v->action, v->v_action);
800 return EINVAL;
801 }
802 return 0;
803}
804
d6118e62
PB		 805static const struct nl_policy csum_policy[] = {
806 [TCA_CSUM_PARMS] = { .type = NL_A_UNSPEC,
807 .min_len = sizeof(struct tc_csum),
808 .optional = false, },
809};
810
811static int
812nl_parse_act_csum(struct nlattr *options, struct tc_flower *flower)
813{
814 struct nlattr *csum_attrs[ARRAY_SIZE(csum_policy)];
815 const struct tc_csum *c;
816 const struct nlattr *csum_parms;
817
818 if (!nl_parse_nested(options, csum_policy, csum_attrs,
819 ARRAY_SIZE(csum_policy))) {
820 VLOG_ERR_RL(&error_rl, "failed to parse csum action options");
821 return EPROTO;
822 }
823
824 csum_parms = csum_attrs[TCA_CSUM_PARMS];
825 c = nl_attr_get_unspec(csum_parms, sizeof *c);
826
827 /* sanity checks */
828 if (c->update_flags != flower->csum_update_flags) {
829 VLOG_WARN_RL(&error_rl,
830 "expected different act csum flags: 0x%x != 0x%x",
831 flower->csum_update_flags, c->update_flags);
832 return EINVAL;
833 }
834 flower->csum_update_flags = 0; /* so we know csum was handled */
835
836 if (flower->needs_full_ip_proto_mask
837 && flower->mask.ip_proto != UINT8_MAX) {
838 VLOG_WARN_RL(&error_rl, "expected full matching on flower ip_proto");
839 return EINVAL;
840 }
841
842 return 0;
843}
844
f98e418f
RD		 845static const struct nl_policy act_policy[] = {
846 [TCA_ACT_KIND] = { .type = NL_A_STRING, .optional = false, },
847 [TCA_ACT_COOKIE] = { .type = NL_A_UNSPEC, .optional = true, },
848 [TCA_ACT_OPTIONS] = { .type = NL_A_NESTED, .optional = false, },
849 [TCA_ACT_STATS] = { .type = NL_A_NESTED, .optional = false, },
850};
851
852static const struct nl_policy stats_policy[] = {
853 [TCA_STATS_BASIC] = { .type = NL_A_UNSPEC,
854 .min_len = sizeof(struct gnet_stats_basic),
855 .optional = false, },
856};
857
858static int
859nl_parse_single_action(struct nlattr *action, struct tc_flower *flower)
860{
861 struct nlattr *act_options;
862 struct nlattr *act_stats;
863 struct nlattr *act_cookie;
864 const char *act_kind;
865 struct nlattr *action_attrs[ARRAY_SIZE(act_policy)];
866 struct nlattr *stats_attrs[ARRAY_SIZE(stats_policy)];
867 struct ovs_flow_stats *stats = &flower->stats;
868 const struct gnet_stats_basic *bs;
40c5aa11 869 int err = 0;
f98e418f
RD		 870
871 if (!nl_parse_nested(action, act_policy, action_attrs,
872 ARRAY_SIZE(act_policy))) {
873 VLOG_ERR_RL(&error_rl, "failed to parse single action options");
874 return EPROTO;
875 }
876
877 act_kind = nl_attr_get_string(action_attrs[TCA_ACT_KIND]);
878 act_options = action_attrs[TCA_ACT_OPTIONS];
879 act_cookie = action_attrs[TCA_ACT_COOKIE];
880
881 if (!strcmp(act_kind, "gact")) {
40c5aa11 882 err = nl_parse_act_drop(act_options, flower);
f98e418f 883 } else if (!strcmp(act_kind, "mirred")) {
40c5aa11 884 err = nl_parse_act_mirred(act_options, flower);
f98e418f 885 } else if (!strcmp(act_kind, "vlan")) {
40c5aa11 886 err = nl_parse_act_vlan(act_options, flower);
f98e418f 887 } else if (!strcmp(act_kind, "tunnel_key")) {
40c5aa11 888 err = nl_parse_act_tunnel_key(act_options, flower);
8ada482b 889 } else if (!strcmp(act_kind, "pedit")) {
40c5aa11 890 err = nl_parse_act_pedit(act_options, flower);
8ada482b 891 } else if (!strcmp(act_kind, "csum")) {
d6118e62 892 nl_parse_act_csum(act_options, flower);
f98e418f
RD		 893 } else {
894 VLOG_ERR_RL(&error_rl, "unknown tc action kind: %s", act_kind);
40c5aa11
RD		 895 err = EINVAL;
896 }
897
898 if (err) {
899 return err;
f98e418f
RD		 900 }
901
902 if (act_cookie) {
903 flower->act_cookie.data = nl_attr_get(act_cookie);
904 flower->act_cookie.len = nl_attr_get_size(act_cookie);
905 }
906
907 act_stats = action_attrs[TCA_ACT_STATS];
908
909 if (!nl_parse_nested(act_stats, stats_policy, stats_attrs,
910 ARRAY_SIZE(stats_policy))) {
911 VLOG_ERR_RL(&error_rl, "failed to parse action stats policy");
912 return EPROTO;
913 }
914
915 bs = nl_attr_get_unspec(stats_attrs[TCA_STATS_BASIC], sizeof *bs);
916 put_32aligned_u64(&stats->n_packets, bs->packets);
917 put_32aligned_u64(&stats->n_bytes, bs->bytes);
918
919 return 0;
920}
921
922#define TCA_ACT_MIN_PRIO 1
923
924static int
925nl_parse_flower_actions(struct nlattr **attrs, struct tc_flower *flower)
926{
927 const struct nlattr *actions = attrs[TCA_FLOWER_ACT];
928 static struct nl_policy actions_orders_policy[TCA_ACT_MAX_PRIO + 1] = {};
929 struct nlattr *actions_orders[ARRAY_SIZE(actions_orders_policy)];
930 const int max_size = ARRAY_SIZE(actions_orders_policy);
931
932 for (int i = TCA_ACT_MIN_PRIO; i < max_size; i++) {
933 actions_orders_policy[i].type = NL_A_NESTED;
934 actions_orders_policy[i].optional = true;
935 }
936
937 if (!nl_parse_nested(actions, actions_orders_policy, actions_orders,
938 ARRAY_SIZE(actions_orders_policy))) {
939 VLOG_ERR_RL(&error_rl, "failed to parse flower order of actions");
940 return EPROTO;
941 }
942
943 for (int i = TCA_ACT_MIN_PRIO; i < max_size; i++) {
944 if (actions_orders[i]) {
0c70132c
CM		 945 int err;
946
947 if (flower->action_count >= TCA_ACT_MAX_PRIO) {
948 VLOG_DBG_RL(&error_rl, "Can only support %d actions", flower->action_count);
949 return EOPNOTSUPP;
950 }
951 err = nl_parse_single_action(actions_orders[i], flower);
f98e418f
RD		 952
953 if (err) {
954 return err;
955 }
956 }
957 }
958
d6118e62
PB		 959 if (flower->csum_update_flags) {
960 VLOG_WARN_RL(&error_rl,
961 "expected act csum with flags: 0x%x",
962 flower->csum_update_flags);
963 return EINVAL;
964 }
965
f98e418f
RD		 966 return 0;
967}
968
969static int
970nl_parse_flower_options(struct nlattr *nl_options, struct tc_flower *flower)
971{
972 struct nlattr *attrs[ARRAY_SIZE(tca_flower_policy)];
973
974 if (!nl_parse_nested(nl_options, tca_flower_policy,
975 attrs, ARRAY_SIZE(tca_flower_policy))) {
976 VLOG_ERR_RL(&error_rl, "failed to parse flower classifier options");
977 return EPROTO;
978 }
979
980 nl_parse_flower_eth(attrs, flower);
981 nl_parse_flower_vlan(attrs, flower);
982 nl_parse_flower_ip(attrs, flower);
983 nl_parse_flower_tunnel(attrs, flower);
d63ca532 984 nl_parse_flower_flags(attrs, flower);
f98e418f
RD		 985 return nl_parse_flower_actions(attrs, flower);
986}
987
988int
989parse_netlink_to_tc_flower(struct ofpbuf *reply, struct tc_flower *flower)
990{
991 struct tcmsg *tc;
992 struct nlattr *ta[ARRAY_SIZE(tca_policy)];
993 const char *kind;
994
995 if (NLMSG_HDRLEN + sizeof *tc > reply->size) {
996 return EPROTO;
997 }
998
999 memset(flower, 0, sizeof *flower);
1000
1001 tc = ofpbuf_at_assert(reply, NLMSG_HDRLEN, sizeof *tc);
1002 flower->handle = tc->tcm_handle;
1003 flower->key.eth_type = (OVS_FORCE ovs_be16) tc_get_minor(tc->tcm_info);
1004 flower->mask.eth_type = OVS_BE16_MAX;
1005 flower->prio = tc_get_major(tc->tcm_info);
1006
1007 if (!flower->handle) {
1008 return EAGAIN;
1009 }
1010
1011 if (!nl_policy_parse(reply, NLMSG_HDRLEN + sizeof *tc,
1012 tca_policy, ta, ARRAY_SIZE(ta))) {
1013 VLOG_ERR_RL(&error_rl, "failed to parse tca policy");
1014 return EPROTO;
1015 }
1016
1017 kind = nl_attr_get_string(ta[TCA_KIND]);
1018 if (strcmp(kind, "flower")) {
763e120d 1019 VLOG_DBG_ONCE("Unsupported filter: %s", kind);
f98e418f
RD		 1020 return EPROTO;
1021 }
1022
1023 return nl_parse_flower_options(ta[TCA_OPTIONS], flower);
1024}
1025
1026int
093c9458 1027tc_dump_flower_start(int ifindex, struct nl_dump *dump, uint32_t block_id)
f98e418f
RD		 1028{
1029 struct ofpbuf request;
1030 struct tcmsg *tcmsg;
093c9458 1031 int index;
f98e418f 1032
093c9458
JH		 1033 index = block_id ? TCM_IFINDEX_MAGIC_BLOCK : ifindex;
1034 tcmsg = tc_make_request(index, RTM_GETTFILTER, NLM_F_DUMP, &request);
1035 tcmsg->tcm_parent = block_id ? : TC_INGRESS_PARENT;
f98e418f
RD		 1036 tcmsg->tcm_info = TC_H_UNSPEC;
1037 tcmsg->tcm_handle = 0;
1038
1039 nl_dump_start(dump, NETLINK_ROUTE, &request);
1040 ofpbuf_uninit(&request);
1041
1042 return 0;
1043}
1044
1045int
093c9458 1046tc_flush(int ifindex, uint32_t block_id)
f98e418f
RD		 1047{
1048 struct ofpbuf request;
1049 struct tcmsg *tcmsg;
093c9458 1050 int index;
f98e418f 1051
093c9458
JH		 1052 index = block_id ? TCM_IFINDEX_MAGIC_BLOCK : ifindex;
1053 tcmsg = tc_make_request(index, RTM_DELTFILTER, NLM_F_ACK, &request);
1054 tcmsg->tcm_parent = block_id ? : TC_INGRESS_PARENT;
f98e418f
RD		 1055 tcmsg->tcm_info = TC_H_UNSPEC;
1056
1057 return tc_transact(&request, NULL);
1058}
1059
1060int
093c9458 1061tc_del_filter(int ifindex, int prio, int handle, uint32_t block_id)
f98e418f
RD		 1062{
1063 struct ofpbuf request;
1064 struct tcmsg *tcmsg;
1065 struct ofpbuf *reply;
1066 int error;
093c9458 1067 int index;
f98e418f 1068
093c9458
JH		 1069 index = block_id ? TCM_IFINDEX_MAGIC_BLOCK : ifindex;
1070 tcmsg = tc_make_request(index, RTM_DELTFILTER, NLM_F_ECHO, &request);
1071 tcmsg->tcm_parent = block_id ? : TC_INGRESS_PARENT;
f98e418f
RD		 1072 tcmsg->tcm_info = tc_make_handle(prio, 0);
1073 tcmsg->tcm_handle = handle;
1074
1075 error = tc_transact(&request, &reply);
1076 if (!error) {
1077 ofpbuf_delete(reply);
1078 }
1079 return error;
1080}
1081
1082int
093c9458
JH		 1083tc_get_flower(int ifindex, int prio, int handle, struct tc_flower *flower,
1084 uint32_t block_id)
f98e418f
RD		 1085{
1086 struct ofpbuf request;
1087 struct tcmsg *tcmsg;
1088 struct ofpbuf *reply;
1089 int error;
093c9458 1090 int index;
f98e418f 1091
093c9458
JH		 1092 index = block_id ? TCM_IFINDEX_MAGIC_BLOCK : ifindex;
1093 tcmsg = tc_make_request(index, RTM_GETTFILTER, NLM_F_ECHO, &request);
1094 tcmsg->tcm_parent = block_id ? : TC_INGRESS_PARENT;
f98e418f
RD		 1095 tcmsg->tcm_info = tc_make_handle(prio, 0);
1096 tcmsg->tcm_handle = handle;
1097
1098 error = tc_transact(&request, &reply);
1099 if (error) {
1100 return error;
1101 }
1102
1103 error = parse_netlink_to_tc_flower(reply, flower);
1104 ofpbuf_delete(reply);
1105 return error;
1106}
1107
691d20cb
PB		 1108static int
1109tc_get_tc_cls_policy(enum tc_offload_policy policy)
1110{
1111 if (policy == TC_POLICY_SKIP_HW) {
1112 return TCA_CLS_FLAGS_SKIP_HW;
1113 } else if (policy == TC_POLICY_SKIP_SW) {
1114 return TCA_CLS_FLAGS_SKIP_SW;
1115 }
1116
1117 return 0;
1118}
1119
8ada482b
PB		 1120static void
1121nl_msg_put_act_csum(struct ofpbuf *request, uint32_t flags)
1122{
1123 size_t offset;
1124
1125 nl_msg_put_string(request, TCA_ACT_KIND, "csum");
1126 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1127 {
1128 struct tc_csum parm = { .action = TC_ACT_PIPE,
1129 .update_flags = flags };
1130
1131 nl_msg_put_unspec(request, TCA_CSUM_PARMS, &parm, sizeof parm);
1132 }
1133 nl_msg_end_nested(request, offset);
1134}
1135
1136static void
1137nl_msg_put_act_pedit(struct ofpbuf *request, struct tc_pedit *parm,
1138 struct tc_pedit_key_ex *ex)
1139{
e13bbbab 1140 size_t ksize = sizeof *parm + parm->nkeys * sizeof(struct tc_pedit_key);
8ada482b
PB		 1141 size_t offset, offset_keys_ex, offset_key;
1142 int i;
1143
1144 nl_msg_put_string(request, TCA_ACT_KIND, "pedit");
1145 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1146 {
1147 parm->action = TC_ACT_PIPE;
1148
1149 nl_msg_put_unspec(request, TCA_PEDIT_PARMS_EX, parm, ksize);
1150 offset_keys_ex = nl_msg_start_nested(request, TCA_PEDIT_KEYS_EX);
1151 for (i = 0; i < parm->nkeys; i++, ex++) {
1152 offset_key = nl_msg_start_nested(request, TCA_PEDIT_KEY_EX);
1153 nl_msg_put_u16(request, TCA_PEDIT_KEY_EX_HTYPE, ex->htype);
1154 nl_msg_put_u16(request, TCA_PEDIT_KEY_EX_CMD, ex->cmd);
1155 nl_msg_end_nested(request, offset_key);
1156 }
1157 nl_msg_end_nested(request, offset_keys_ex);
1158 }
1159 nl_msg_end_nested(request, offset);
1160}
1161
f98e418f 1162static void
61e8655c
JL		 1163nl_msg_put_act_push_vlan(struct ofpbuf *request, uint16_t tpid,
1164 uint16_t vid, uint8_t prio)
f98e418f
RD		 1165{
1166 size_t offset;
1167
1168 nl_msg_put_string(request, TCA_ACT_KIND, "vlan");
1169 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1170 {
1171 struct tc_vlan parm = { .action = TC_ACT_PIPE,
1172 .v_action = TCA_VLAN_ACT_PUSH };
1173
1174 nl_msg_put_unspec(request, TCA_VLAN_PARMS, &parm, sizeof parm);
61e8655c 1175 nl_msg_put_u16(request, TCA_VLAN_PUSH_VLAN_PROTOCOL, tpid);
f98e418f
RD		 1176 nl_msg_put_u16(request, TCA_VLAN_PUSH_VLAN_ID, vid);
1177 nl_msg_put_u8(request, TCA_VLAN_PUSH_VLAN_PRIORITY, prio);
1178 }
1179 nl_msg_end_nested(request, offset);
1180}
1181
1182static void
1183nl_msg_put_act_pop_vlan(struct ofpbuf *request)
1184{
1185 size_t offset;
1186
1187 nl_msg_put_string(request, TCA_ACT_KIND, "vlan");
1188 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1189 {
1190 struct tc_vlan parm = { .action = TC_ACT_PIPE,
1191 .v_action = TCA_VLAN_ACT_POP };
1192
1193 nl_msg_put_unspec(request, TCA_VLAN_PARMS, &parm, sizeof parm);
1194 }
1195 nl_msg_end_nested(request, offset);
1196}
1197
1198static void
1199nl_msg_put_act_tunnel_key_release(struct ofpbuf *request)
1200{
1201 size_t offset;
1202
1203 nl_msg_put_string(request, TCA_ACT_KIND, "tunnel_key");
1204 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1205 {
1206 struct tc_tunnel_key tun = { .action = TC_ACT_PIPE,
1207 .t_action = TCA_TUNNEL_KEY_ACT_RELEASE };
1208
1209 nl_msg_put_unspec(request, TCA_TUNNEL_KEY_PARMS, &tun, sizeof tun);
1210 }
1211 nl_msg_end_nested(request, offset);
1212}
1213
1214static void
1215nl_msg_put_act_tunnel_key_set(struct ofpbuf *request, ovs_be64 id,
1216 ovs_be32 ipv4_src, ovs_be32 ipv4_dst,
1217 struct in6_addr *ipv6_src,
1218 struct in6_addr *ipv6_dst,
1219 ovs_be16 tp_dst)
1220{
1221 size_t offset;
1222
1223 nl_msg_put_string(request, TCA_ACT_KIND, "tunnel_key");
1224 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1225 {
1226 struct tc_tunnel_key tun = { .action = TC_ACT_PIPE,
1227 .t_action = TCA_TUNNEL_KEY_ACT_SET };
1228
1229 nl_msg_put_unspec(request, TCA_TUNNEL_KEY_PARMS, &tun, sizeof tun);
1230
1231 ovs_be32 id32 = be64_to_be32(id);
1232 nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_KEY_ID, id32);
1233 if (ipv4_dst) {
1234 nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_IPV4_SRC, ipv4_src);
1235 nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_IPV4_DST, ipv4_dst);
1236 } else if (!is_all_zeros(ipv6_dst, sizeof *ipv6_dst)) {
1237 nl_msg_put_in6_addr(request, TCA_TUNNEL_KEY_ENC_IPV6_DST,
1238 ipv6_dst);
1239 nl_msg_put_in6_addr(request, TCA_TUNNEL_KEY_ENC_IPV6_SRC,
1240 ipv6_src);
1241 }
1242 nl_msg_put_be16(request, TCA_TUNNEL_KEY_ENC_DST_PORT, tp_dst);
1243 }
1244 nl_msg_end_nested(request, offset);
1245}
1246
1247static void
1248nl_msg_put_act_drop(struct ofpbuf *request)
1249{
1250 size_t offset;
1251
1252 nl_msg_put_string(request, TCA_ACT_KIND, "gact");
1253 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1254 {
1255 struct tc_gact p = { .action = TC_ACT_SHOT };
1256
1257 nl_msg_put_unspec(request, TCA_GACT_PARMS, &p, sizeof p);
1258 }
1259 nl_msg_end_nested(request, offset);
1260}
1261
1262static void
00a0a011
CM		 1263nl_msg_put_act_mirred(struct ofpbuf *request, int ifindex, int action,
1264 int eaction)
f98e418f
RD		 1265{
1266 size_t offset;
1267
1268 nl_msg_put_string(request, TCA_ACT_KIND, "mirred");
1269 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1270 {
00a0a011
CM		 1271 struct tc_mirred m = { .action = action,
1272 .eaction = eaction,
f98e418f
RD		 1273 .ifindex = ifindex };
1274
1275 nl_msg_put_unspec(request, TCA_MIRRED_PARMS, &m, sizeof m);
1276 }
1277 nl_msg_end_nested(request, offset);
1278}
1279
1280static inline void
1281nl_msg_put_act_cookie(struct ofpbuf *request, struct tc_cookie *ck) {
1282 if (ck->len) {
1283 nl_msg_put_unspec(request, TCA_ACT_COOKIE, ck->data, ck->len);
1284 }
1285}
1286
8ada482b
PB		 1287/* Given flower, a key_to_pedit map entry, calculates the rest,
1288 * where:
1289 *
1290 * mask, data - pointers of where read the first word of flower->key/mask.
1291 * current_offset - which offset to use for the first pedit action.
1292 * cnt - max pedits actions to use.
1293 * first_word_mask/last_word_mask - the mask to use for the first/last read
1294 * (as we read entire words). */
f98e418f 1295static void
8ada482b
PB		 1296calc_offsets(struct tc_flower *flower, struct flower_key_to_pedit *m,
1297 int *cur_offset, int *cnt, uint32_t *last_word_mask,
1298 uint32_t *first_word_mask, uint32_t **mask, uint32_t **data)
1299{
1300 int start_offset, max_offset, total_size;
1301 int diff, right_zero_bits, left_zero_bits;
1302 char *rewrite_key = (void *) &flower->rewrite.key;
1303 char *rewrite_mask = (void *) &flower->rewrite.mask;
1304
1305 max_offset = m->offset + m->size;
1306 start_offset = ROUND_DOWN(m->offset, 4);
1307 diff = m->offset - start_offset;
1308 total_size = max_offset - start_offset;
1309 right_zero_bits = 8 * (4 - (max_offset % 4));
1310 left_zero_bits = 8 * (m->offset - start_offset);
1311
1312 *cur_offset = start_offset;
1313 *cnt = (total_size / 4) + (total_size % 4 ? 1 : 0);
1314 *last_word_mask = UINT32_MAX >> right_zero_bits;
1315 *first_word_mask = UINT32_MAX << left_zero_bits;
1316 *data = (void *) (rewrite_key + m->flower_offset - diff);
1317 *mask = (void *) (rewrite_mask + m->flower_offset - diff);
1318}
1319
d6118e62 1320static inline int
8ada482b
PB		 1321csum_update_flag(struct tc_flower *flower,
1322 enum pedit_header_type htype) {
d6118e62
PB		 1323 /* Explictily specifiy the csum flags so HW can return EOPNOTSUPP
1324 * if it doesn't support a checksum recalculation of some headers.
1325 * And since OVS allows a flow such as
1326 * eth(dst=<mac>),eth_type(0x0800) actions=set(ipv4(src=<new_ip>))
1327 * we need to force a more specific flow as this can, for example,
1328 * need a recalculation of icmp checksum if the packet that passes
d5ac6458 1329 * is ICMPv6 and tcp checksum if its tcp. */
d6118e62
PB		 1330
1331 switch (htype) {
1332 case TCA_PEDIT_KEY_EX_HDR_TYPE_IP4:
8ada482b 1333 flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_IPV4HDR;
eeb0ca88 1334 /* Fall through. */
d6118e62
PB		 1335 case TCA_PEDIT_KEY_EX_HDR_TYPE_IP6:
1336 case TCA_PEDIT_KEY_EX_HDR_TYPE_TCP:
1337 case TCA_PEDIT_KEY_EX_HDR_TYPE_UDP:
8ada482b 1338 if (flower->key.ip_proto == IPPROTO_TCP) {
d6118e62 1339 flower->needs_full_ip_proto_mask = true;
8ada482b
PB		 1340 flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_TCP;
1341 } else if (flower->key.ip_proto == IPPROTO_UDP) {
d6118e62 1342 flower->needs_full_ip_proto_mask = true;
8ada482b 1343 flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_UDP;
d5ac6458
JL		 1344 } else if (flower->key.ip_proto == IPPROTO_ICMP) {
1345 flower->needs_full_ip_proto_mask = true;
1346 } else if (flower->key.ip_proto == IPPROTO_ICMPV6) {
d6118e62 1347 flower->needs_full_ip_proto_mask = true;
8ada482b 1348 flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_ICMP;
d6118e62
PB		 1349 } else {
1350 VLOG_WARN_RL(&error_rl,
1351 "can't offload rewrite of IP/IPV6 with ip_proto: %d",
1352 flower->key.ip_proto);
1353 break;
8ada482b 1354 }
eeb0ca88 1355 /* Fall through. */
d6118e62
PB		 1356 case TCA_PEDIT_KEY_EX_HDR_TYPE_ETH:
1357 return 0; /* success */
1358
1359 case TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK:
1360 case __PEDIT_HDR_TYPE_MAX:
1361 default:
1362 break;
8ada482b 1363 }
d6118e62
PB		 1364
1365 return EOPNOTSUPP;
8ada482b
PB		 1366}
1367
1368static int
1369nl_msg_put_flower_rewrite_pedits(struct ofpbuf *request,
1370 struct tc_flower *flower)
1371{
1372 struct {
1373 struct tc_pedit sel;
1374 struct tc_pedit_key keys[MAX_PEDIT_OFFSETS];
1375 struct tc_pedit_key_ex keys_ex[MAX_PEDIT_OFFSETS];
1376 } sel = {
1377 .sel = {
1378 .nkeys = 0
1379 }
1380 };
d6118e62 1381 int i, j, err;
8ada482b
PB		 1382
1383 for (i = 0; i < ARRAY_SIZE(flower_pedit_map); i++) {
1384 struct flower_key_to_pedit *m = &flower_pedit_map[i];
1385 struct tc_pedit_key *pedit_key = NULL;
1386 struct tc_pedit_key_ex *pedit_key_ex = NULL;
1387 uint32_t *mask, *data, first_word_mask, last_word_mask;
1388 int cnt = 0, cur_offset = 0;
1389
1390 if (!m->size) {
1391 continue;
1392 }
1393
1394 calc_offsets(flower, m, &cur_offset, &cnt, &last_word_mask,
1395 &first_word_mask, &mask, &data);
1396
1397 for (j = 0; j < cnt; j++, mask++, data++, cur_offset += 4) {
1398 uint32_t mask_word = *mask;
1399
1400 if (j == 0) {
1401 mask_word &= first_word_mask;
1402 }
1403 if (j == cnt - 1) {
1404 mask_word &= last_word_mask;
1405 }
1406 if (!mask_word) {
1407 continue;
1408 }
1409 if (sel.sel.nkeys == MAX_PEDIT_OFFSETS) {
1410 VLOG_WARN_RL(&error_rl, "reached too many pedit offsets: %d",
1411 MAX_PEDIT_OFFSETS);
1412 return EOPNOTSUPP;
1413 }
1414
1415 pedit_key = &sel.keys[sel.sel.nkeys];
1416 pedit_key_ex = &sel.keys_ex[sel.sel.nkeys];
1417 pedit_key_ex->cmd = TCA_PEDIT_KEY_EX_CMD_SET;
1418 pedit_key_ex->htype = m->htype;
1419 pedit_key->off = cur_offset;
1420 pedit_key->mask = ~mask_word;
1421 pedit_key->val = *data & mask_word;
1422 sel.sel.nkeys++;
d6118e62
PB		 1423
1424 err = csum_update_flag(flower, m->htype);
1425 if (err) {
1426 return err;
1427 }
1428
1429 if (flower->needs_full_ip_proto_mask) {
1430 flower->mask.ip_proto = UINT8_MAX;
1431 }
8ada482b
PB		 1432 }
1433 }
1434 nl_msg_put_act_pedit(request, &sel.sel, sel.keys_ex);
1435
1436 return 0;
1437}
1438
1439static int
f98e418f
RD		 1440nl_msg_put_flower_acts(struct ofpbuf *request, struct tc_flower *flower)
1441{
1442 size_t offset;
1443 size_t act_offset;
0c70132c
CM		 1444 uint16_t act_index = 1;
1445 struct tc_action *action;
1446 int i, ifindex = 0;
f98e418f
RD		 1447
1448 offset = nl_msg_start_nested(request, TCA_FLOWER_ACT);
1449 {
8ada482b
PB		 1450 int error;
1451
0c70132c 1452 if (flower->tunnel.tunnel) {
8ada482b 1453 act_offset = nl_msg_start_nested(request, act_index++);
0c70132c 1454 nl_msg_put_act_tunnel_key_release(request);
8ada482b 1455 nl_msg_end_nested(request, act_offset);
0c70132c 1456 }
f98e418f 1457
0c70132c
CM		 1458 action = flower->actions;
1459 for (i = 0; i < flower->action_count; i++, action++) {
1460 switch (action->type) {
1461 case TC_ACT_PEDIT: {
a7ce5b85 1462 act_offset = nl_msg_start_nested(request, act_index++);
0c70132c
CM		 1463 error = nl_msg_put_flower_rewrite_pedits(request, flower);
1464 if (error) {
1465 return error;
1466 }
a7ce5b85 1467 nl_msg_end_nested(request, act_offset);
0c70132c
CM		 1468
1469 if (flower->csum_update_flags) {
1470 act_offset = nl_msg_start_nested(request, act_index++);
1471 nl_msg_put_act_csum(request, flower->csum_update_flags);
1472 nl_msg_end_nested(request, act_offset);
1473 }
1474 }
1475 break;
1476 case TC_ACT_ENCAP: {
1477 act_offset = nl_msg_start_nested(request, act_index++);
1478 nl_msg_put_act_tunnel_key_set(request, action->encap.id,
1479 action->encap.ipv4.ipv4_src,
1480 action->encap.ipv4.ipv4_dst,
1481 &action->encap.ipv6.ipv6_src,
1482 &action->encap.ipv6.ipv6_dst,
1483 action->encap.tp_dst);
1484 nl_msg_end_nested(request, act_offset);
1485 }
1486 break;
1487 case TC_ACT_VLAN_POP: {
1488 act_offset = nl_msg_start_nested(request, act_index++);
1489 nl_msg_put_act_pop_vlan(request);
1490 nl_msg_end_nested(request, act_offset);
1491 }
1492 break;
1493 case TC_ACT_VLAN_PUSH: {
1494 act_offset = nl_msg_start_nested(request, act_index++);
1495 nl_msg_put_act_push_vlan(request,
61e8655c 1496 action->vlan.vlan_push_tpid,
0c70132c
CM		 1497 action->vlan.vlan_push_id,
1498 action->vlan.vlan_push_prio);
1499 nl_msg_end_nested(request, act_offset);
1500 }
1501 break;
1502 case TC_ACT_OUTPUT: {
1503 ifindex = action->ifindex_out;
1504 if (ifindex < 1) {
1505 VLOG_ERR_RL(&error_rl, "%s: invalid ifindex: %d, type: %d",
1506 __func__, ifindex, action->type);
1507 return EINVAL;
1508 }
1509 act_offset = nl_msg_start_nested(request, act_index++);
00a0a011
CM		 1510 if (i == flower->action_count - 1) {
1511 nl_msg_put_act_mirred(request, ifindex, TC_ACT_STOLEN,
1512 TCA_EGRESS_REDIR);
1513 } else {
1514 nl_msg_put_act_mirred(request, ifindex, TC_ACT_PIPE,
1515 TCA_EGRESS_MIRROR);
1516 }
0c70132c
CM		 1517 nl_msg_put_act_cookie(request, &flower->act_cookie);
1518 nl_msg_end_nested(request, act_offset);
1519 }
1520 break;
a7ce5b85 1521 }
8ada482b 1522 }
0c70132c
CM		 1523 }
1524 if (!ifindex) {
1525 act_offset = nl_msg_start_nested(request, act_index++);
1526 nl_msg_put_act_drop(request);
1527 nl_msg_put_act_cookie(request, &flower->act_cookie);
1528 nl_msg_end_nested(request, act_offset);
f98e418f
RD		 1529 }
1530 nl_msg_end_nested(request, offset);
8ada482b
PB		 1531
1532 return 0;
f98e418f
RD		 1533}
1534
1535static void
1536nl_msg_put_masked_value(struct ofpbuf *request, uint16_t type,
1537 uint16_t mask_type, const void *data,
1538 const void *mask_data, size_t len)
1539{
1540 if (mask_type != TCA_FLOWER_UNSPEC) {
1541 if (is_all_zeros(mask_data, len)) {
1542 return;
1543 }
1544 nl_msg_put_unspec(request, mask_type, mask_data, len);
1545 }
1546 nl_msg_put_unspec(request, type, data, len);
1547}
1548
1549static void
1550nl_msg_put_flower_tunnel(struct ofpbuf *request, struct tc_flower *flower)
1551{
1552 ovs_be32 ipv4_src = flower->tunnel.ipv4.ipv4_src;
1553 ovs_be32 ipv4_dst = flower->tunnel.ipv4.ipv4_dst;
1554 struct in6_addr *ipv6_src = &flower->tunnel.ipv6.ipv6_src;
1555 struct in6_addr *ipv6_dst = &flower->tunnel.ipv6.ipv6_dst;
1556 ovs_be16 tp_dst = flower->tunnel.tp_dst;
1557 ovs_be32 id = be64_to_be32(flower->tunnel.id);
1558
1559 nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_KEY_ID, id);
1560 if (ipv4_dst) {
1561 nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_IPV4_SRC, ipv4_src);
1562 nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_IPV4_DST, ipv4_dst);
1563 } else if (!is_all_zeros(ipv6_dst, sizeof *ipv6_dst)) {
1564 nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_SRC, ipv6_src);
1565 nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_DST, ipv6_dst);
1566 }
1567 nl_msg_put_be16(request, TCA_FLOWER_KEY_ENC_UDP_DST_PORT, tp_dst);
1568}
1569
bb170644
PB		 1570#define FLOWER_PUT_MASKED_VALUE(member, type) \
1571 nl_msg_put_masked_value(request, type, type##_MASK, &flower->key.member, \
1572 &flower->mask.member, sizeof flower->key.member)
1573
8ada482b 1574static int
f98e418f
RD		 1575nl_msg_put_flower_options(struct ofpbuf *request, struct tc_flower *flower)
1576{
8ada482b 1577
f98e418f 1578 uint16_t host_eth_type = ntohs(flower->key.eth_type);
b5ad40a9 1579 bool is_vlan = eth_type_vlan(flower->key.eth_type);
8ada482b
PB		 1580 int err;
1581
d6118e62
PB		 1582 /* need to parse acts first as some acts require changing the matching
1583 * see csum_update_flag() */
8ada482b
PB		 1584 err = nl_msg_put_flower_acts(request, flower);
1585 if (err) {
1586 return err;
1587 }
f98e418f
RD		 1588
1589 if (is_vlan) {
1590 host_eth_type = ntohs(flower->key.encap_eth_type);
1591 }
1592
bb170644
PB		 1593 FLOWER_PUT_MASKED_VALUE(dst_mac, TCA_FLOWER_KEY_ETH_DST);
1594 FLOWER_PUT_MASKED_VALUE(src_mac, TCA_FLOWER_KEY_ETH_SRC);
f98e418f
RD		 1595
1596 if (host_eth_type == ETH_P_IP || host_eth_type == ETH_P_IPV6) {
1597 if (flower->mask.ip_proto && flower->key.ip_proto) {
1598 nl_msg_put_u8(request, TCA_FLOWER_KEY_IP_PROTO,
1599 flower->key.ip_proto);
1600 }
1601
83e86606 1602 if (flower->mask.flags) {
7e0f69b5 1603 nl_msg_put_be32(request, TCA_FLOWER_KEY_FLAGS,
83e86606 1604 htonl(flower->key.flags));
7e0f69b5 1605 nl_msg_put_be32(request, TCA_FLOWER_KEY_FLAGS_MASK,
83e86606
RD		 1606 htonl(flower->mask.flags));
1607 }
1608
f98e418f 1609 if (flower->key.ip_proto == IPPROTO_UDP) {
2b1d9fa9
PB		 1610 FLOWER_PUT_MASKED_VALUE(udp_src, TCA_FLOWER_KEY_UDP_SRC);
1611 FLOWER_PUT_MASKED_VALUE(udp_dst, TCA_FLOWER_KEY_UDP_DST);
f98e418f 1612 } else if (flower->key.ip_proto == IPPROTO_TCP) {
2b1d9fa9
PB		 1613 FLOWER_PUT_MASKED_VALUE(tcp_src, TCA_FLOWER_KEY_TCP_SRC);
1614 FLOWER_PUT_MASKED_VALUE(tcp_dst, TCA_FLOWER_KEY_TCP_DST);
cd081043 1615 FLOWER_PUT_MASKED_VALUE(tcp_flags, TCA_FLOWER_KEY_TCP_FLAGS);
4862b4e5 1616 } else if (flower->key.ip_proto == IPPROTO_SCTP) {
2b1d9fa9
PB		 1617 FLOWER_PUT_MASKED_VALUE(sctp_src, TCA_FLOWER_KEY_SCTP_SRC);
1618 FLOWER_PUT_MASKED_VALUE(sctp_dst, TCA_FLOWER_KEY_SCTP_DST);
f98e418f
RD		 1619 }
1620 }
1621
1622 if (host_eth_type == ETH_P_IP) {
bb170644
PB		 1623 FLOWER_PUT_MASKED_VALUE(ipv4.ipv4_src, TCA_FLOWER_KEY_IPV4_SRC);
1624 FLOWER_PUT_MASKED_VALUE(ipv4.ipv4_dst, TCA_FLOWER_KEY_IPV4_DST);
0b4b5203 1625 FLOWER_PUT_MASKED_VALUE(ip_ttl, TCA_FLOWER_KEY_IP_TTL);
f98e418f 1626 } else if (host_eth_type == ETH_P_IPV6) {
bb170644
PB		 1627 FLOWER_PUT_MASKED_VALUE(ipv6.ipv6_src, TCA_FLOWER_KEY_IPV6_SRC);
1628 FLOWER_PUT_MASKED_VALUE(ipv6.ipv6_dst, TCA_FLOWER_KEY_IPV6_DST);
f98e418f
RD		 1629 }
1630
1631 nl_msg_put_be16(request, TCA_FLOWER_KEY_ETH_TYPE, flower->key.eth_type);
1632
1633 if (is_vlan) {
1634 if (flower->key.vlan_id || flower->key.vlan_prio) {
1635 nl_msg_put_u16(request, TCA_FLOWER_KEY_VLAN_ID,
1636 flower->key.vlan_id);
1637 nl_msg_put_u8(request, TCA_FLOWER_KEY_VLAN_PRIO,
1638 flower->key.vlan_prio);
1639 }
1640 if (flower->key.encap_eth_type) {
1641 nl_msg_put_be16(request, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
1642 flower->key.encap_eth_type);
1643 }
1644 }
1645
691d20cb 1646 nl_msg_put_u32(request, TCA_FLOWER_FLAGS, tc_get_tc_cls_policy(tc_policy));
f98e418f
RD		 1647
1648 if (flower->tunnel.tunnel) {
1649 nl_msg_put_flower_tunnel(request, flower);
1650 }
1651
8ada482b 1652 return 0;
f98e418f
RD		 1653}
1654
1655int
1656tc_replace_flower(int ifindex, uint16_t prio, uint32_t handle,
093c9458 1657 struct tc_flower *flower, uint32_t block_id)
f98e418f
RD		 1658{
1659 struct ofpbuf request;
1660 struct tcmsg *tcmsg;
1661 struct ofpbuf *reply;
1662 int error = 0;
1663 size_t basic_offset;
1664 uint16_t eth_type = (OVS_FORCE uint16_t) flower->key.eth_type;
093c9458 1665 int index;
f98e418f 1666
093c9458
JH		 1667 index = block_id ? TCM_IFINDEX_MAGIC_BLOCK : ifindex;
1668 tcmsg = tc_make_request(index, RTM_NEWTFILTER, NLM_F_CREATE | NLM_F_ECHO,
1669 &request);
1670 tcmsg->tcm_parent = block_id ? : TC_INGRESS_PARENT;
f98e418f
RD		 1671 tcmsg->tcm_info = tc_make_handle(prio, eth_type);
1672 tcmsg->tcm_handle = handle;
1673
1674 nl_msg_put_string(&request, TCA_KIND, "flower");
1675 basic_offset = nl_msg_start_nested(&request, TCA_OPTIONS);
1676 {
8ada482b
PB		 1677 error = nl_msg_put_flower_options(&request, flower);
1678
1679 if (error) {
1680 ofpbuf_uninit(&request);
1681 return error;
1682 }
f98e418f
RD		 1683 }
1684 nl_msg_end_nested(&request, basic_offset);
1685
1686 error = tc_transact(&request, &reply);
1687 if (!error) {
1688 struct tcmsg *tc =
1689 ofpbuf_at_assert(reply, NLMSG_HDRLEN, sizeof *tc);
1690
1691 flower->prio = tc_get_major(tc->tcm_info);
1692 flower->handle = tc->tcm_handle;
1693 ofpbuf_delete(reply);
1694 }
1695
1696 return error;
1697}
691d20cb
PB		 1698
1699void
1700tc_set_policy(const char *policy)
1701{
1702 if (!policy) {
1703 return;
1704 }
1705
1706 if (!strcmp(policy, "skip_sw")) {
1707 tc_policy = TC_POLICY_SKIP_SW;
1708 } else if (!strcmp(policy, "skip_hw")) {
1709 tc_policy = TC_POLICY_SKIP_HW;
1710 } else if (!strcmp(policy, "none")) {
1711 tc_policy = TC_POLICY_NONE;
1712 } else {
1713 VLOG_WARN("tc: Invalid policy '%s'", policy);
1714 return;
1715 }
1716
1717 VLOG_INFO("tc: Using policy '%s'", policy);
1718}
openvswitch mirror