]>
Commit | Line | Data |
---|---|---|
c1c5c723 | 1 | /* |
ef3767f5 | 2 | * Copyright (c) 2009-2017 Nicira, Inc. |
f98e418f | 3 | * Copyright (c) 2016 Mellanox Technologies, Ltd. |
c1c5c723 PB |
4 | * |
5 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
6 | * you may not use this file except in compliance with the License. | |
7 | * You may obtain a copy of the License at: | |
8 | * | |
9 | * http://www.apache.org/licenses/LICENSE-2.0 | |
10 | * | |
11 | * Unless required by applicable law or agreed to in writing, software | |
12 | * distributed under the License is distributed on an "AS IS" BASIS, | |
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
14 | * See the License for the specific language governing permissions and | |
15 | * limitations under the License. | |
16 | */ | |
17 | ||
18 | #include <config.h> | |
19 | #include "tc.h" | |
ef3767f5 | 20 | |
c1c5c723 | 21 | #include <errno.h> |
f98e418f RD |
22 | #include <linux/if_ether.h> |
23 | #include <linux/rtnetlink.h> | |
8ada482b | 24 | #include <linux/tc_act/tc_csum.h> |
f98e418f RD |
25 | #include <linux/tc_act/tc_gact.h> |
26 | #include <linux/tc_act/tc_mirred.h> | |
8ada482b | 27 | #include <linux/tc_act/tc_pedit.h> |
f98e418f RD |
28 | #include <linux/tc_act/tc_tunnel_key.h> |
29 | #include <linux/tc_act/tc_vlan.h> | |
30 | #include <linux/gen_stats.h> | |
31 | #include <net/if.h> | |
8c1e74d1 | 32 | #include <unistd.h> |
ef3767f5 | 33 | |
f98e418f | 34 | #include "byte-order.h" |
c1c5c723 PB |
35 | #include "netlink-socket.h" |
36 | #include "netlink.h" | |
37 | #include "openvswitch/ofpbuf.h" | |
8ada482b | 38 | #include "openvswitch/util.h" |
c1c5c723 | 39 | #include "openvswitch/vlog.h" |
f98e418f RD |
40 | #include "packets.h" |
41 | #include "timeval.h" | |
ef3767f5 | 42 | #include "unaligned.h" |
c1c5c723 | 43 | |
8ada482b PB |
44 | #define MAX_PEDIT_OFFSETS 32 |
45 | ||
c1c5c723 PB |
46 | VLOG_DEFINE_THIS_MODULE(tc); |
47 | ||
f98e418f RD |
48 | static struct vlog_rate_limit error_rl = VLOG_RATE_LIMIT_INIT(60, 5); |
49 | ||
691d20cb PB |
50 | enum tc_offload_policy { |
51 | TC_POLICY_NONE, | |
52 | TC_POLICY_SKIP_SW, | |
53 | TC_POLICY_SKIP_HW | |
54 | }; | |
55 | ||
56 | static enum tc_offload_policy tc_policy = TC_POLICY_NONE; | |
57 | ||
8ada482b PB |
58 | struct tc_pedit_key_ex { |
59 | enum pedit_header_type htype; | |
60 | enum pedit_cmd cmd; | |
61 | }; | |
62 | ||
63 | struct flower_key_to_pedit { | |
64 | enum pedit_header_type htype; | |
8ada482b | 65 | int offset; |
fbaf1bf9 | 66 | int flower_offset; |
8ada482b PB |
67 | int size; |
68 | }; | |
69 | ||
70 | static struct flower_key_to_pedit flower_pedit_map[] = { | |
71 | { | |
72 | TCA_PEDIT_KEY_EX_HDR_TYPE_IP4, | |
73 | 12, | |
74 | offsetof(struct tc_flower_key, ipv4.ipv4_src), | |
75 | MEMBER_SIZEOF(struct tc_flower_key, ipv4.ipv4_src) | |
76 | }, { | |
77 | TCA_PEDIT_KEY_EX_HDR_TYPE_IP4, | |
78 | 16, | |
79 | offsetof(struct tc_flower_key, ipv4.ipv4_dst), | |
80 | MEMBER_SIZEOF(struct tc_flower_key, ipv4.ipv4_dst) | |
81 | }, { | |
82 | TCA_PEDIT_KEY_EX_HDR_TYPE_IP4, | |
83 | 8, | |
84 | offsetof(struct tc_flower_key, ipv4.rewrite_ttl), | |
85 | MEMBER_SIZEOF(struct tc_flower_key, ipv4.rewrite_ttl) | |
86 | }, { | |
87 | TCA_PEDIT_KEY_EX_HDR_TYPE_IP6, | |
88 | 8, | |
89 | offsetof(struct tc_flower_key, ipv6.ipv6_src), | |
90 | MEMBER_SIZEOF(struct tc_flower_key, ipv6.ipv6_src) | |
91 | }, { | |
92 | TCA_PEDIT_KEY_EX_HDR_TYPE_IP6, | |
93 | 24, | |
94 | offsetof(struct tc_flower_key, ipv6.ipv6_dst), | |
95 | MEMBER_SIZEOF(struct tc_flower_key, ipv6.ipv6_dst) | |
96 | }, { | |
97 | TCA_PEDIT_KEY_EX_HDR_TYPE_ETH, | |
98 | 6, | |
99 | offsetof(struct tc_flower_key, src_mac), | |
100 | MEMBER_SIZEOF(struct tc_flower_key, src_mac) | |
101 | }, { | |
102 | TCA_PEDIT_KEY_EX_HDR_TYPE_ETH, | |
103 | 0, | |
104 | offsetof(struct tc_flower_key, dst_mac), | |
105 | MEMBER_SIZEOF(struct tc_flower_key, dst_mac) | |
106 | }, { | |
107 | TCA_PEDIT_KEY_EX_HDR_TYPE_ETH, | |
108 | 12, | |
109 | offsetof(struct tc_flower_key, eth_type), | |
110 | MEMBER_SIZEOF(struct tc_flower_key, eth_type) | |
111 | }, { | |
112 | TCA_PEDIT_KEY_EX_HDR_TYPE_TCP, | |
113 | 0, | |
114 | offsetof(struct tc_flower_key, tcp_src), | |
115 | MEMBER_SIZEOF(struct tc_flower_key, tcp_src) | |
116 | }, { | |
117 | TCA_PEDIT_KEY_EX_HDR_TYPE_TCP, | |
118 | 2, | |
119 | offsetof(struct tc_flower_key, tcp_dst), | |
120 | MEMBER_SIZEOF(struct tc_flower_key, tcp_dst) | |
121 | }, { | |
122 | TCA_PEDIT_KEY_EX_HDR_TYPE_UDP, | |
123 | 0, | |
124 | offsetof(struct tc_flower_key, udp_src), | |
125 | MEMBER_SIZEOF(struct tc_flower_key, udp_src) | |
126 | }, { | |
127 | TCA_PEDIT_KEY_EX_HDR_TYPE_UDP, | |
128 | 2, | |
129 | offsetof(struct tc_flower_key, udp_dst), | |
130 | MEMBER_SIZEOF(struct tc_flower_key, udp_dst) | |
131 | }, | |
132 | }; | |
133 | ||
d6118e62 PB |
134 | static inline int |
135 | csum_update_flag(struct tc_flower *flower, | |
136 | enum pedit_header_type htype); | |
137 | ||
c1c5c723 PB |
138 | struct tcmsg * |
139 | tc_make_request(int ifindex, int type, unsigned int flags, | |
140 | struct ofpbuf *request) | |
141 | { | |
142 | struct tcmsg *tcmsg; | |
143 | ||
144 | ofpbuf_init(request, 512); | |
145 | nl_msg_put_nlmsghdr(request, sizeof *tcmsg, type, NLM_F_REQUEST | flags); | |
146 | tcmsg = ofpbuf_put_zeros(request, sizeof *tcmsg); | |
147 | tcmsg->tcm_family = AF_UNSPEC; | |
148 | tcmsg->tcm_ifindex = ifindex; | |
149 | /* Caller should fill in tcmsg->tcm_handle. */ | |
150 | /* Caller should fill in tcmsg->tcm_parent. */ | |
151 | ||
152 | return tcmsg; | |
153 | } | |
154 | ||
155 | int | |
156 | tc_transact(struct ofpbuf *request, struct ofpbuf **replyp) | |
157 | { | |
158 | int error = nl_transact(NETLINK_ROUTE, request, replyp); | |
159 | ofpbuf_uninit(request); | |
160 | return error; | |
161 | } | |
162 | ||
163 | /* Adds or deletes a root ingress qdisc on device with specified ifindex. | |
164 | * | |
165 | * This function is equivalent to running the following when 'add' is true: | |
166 | * /sbin/tc qdisc add dev <devname> handle ffff: ingress | |
167 | * | |
168 | * This function is equivalent to running the following when 'add' is false: | |
169 | * /sbin/tc qdisc del dev <devname> handle ffff: ingress | |
170 | * | |
171 | * Where dev <devname> is the device with specified ifindex name. | |
172 | * | |
173 | * The configuration and stats may be seen with the following command: | |
174 | * /sbin/tc -s qdisc show dev <devname> | |
175 | * | |
176 | * Returns 0 if successful, otherwise a positive errno value. | |
177 | */ | |
178 | int | |
179 | tc_add_del_ingress_qdisc(int ifindex, bool add) | |
180 | { | |
181 | struct ofpbuf request; | |
182 | struct tcmsg *tcmsg; | |
183 | int error; | |
184 | int type = add ? RTM_NEWQDISC : RTM_DELQDISC; | |
185 | int flags = add ? NLM_F_EXCL | NLM_F_CREATE : 0; | |
186 | ||
187 | tcmsg = tc_make_request(ifindex, type, flags, &request); | |
209832d5 | 188 | tcmsg->tcm_handle = TC_H_MAKE(TC_H_INGRESS, 0); |
c1c5c723 PB |
189 | tcmsg->tcm_parent = TC_H_INGRESS; |
190 | nl_msg_put_string(&request, TCA_KIND, "ingress"); | |
191 | nl_msg_put_unspec(&request, TCA_OPTIONS, NULL, 0); | |
192 | ||
193 | error = tc_transact(&request, NULL); | |
194 | if (error) { | |
195 | /* If we're deleting the qdisc, don't worry about some of the | |
196 | * error conditions. */ | |
197 | if (!add && (error == ENOENT || error == EINVAL)) { | |
198 | return 0; | |
199 | } | |
200 | return error; | |
201 | } | |
202 | ||
203 | return 0; | |
204 | } | |
f98e418f RD |
205 | |
206 | static const struct nl_policy tca_policy[] = { | |
207 | [TCA_KIND] = { .type = NL_A_STRING, .optional = false, }, | |
208 | [TCA_OPTIONS] = { .type = NL_A_NESTED, .optional = false, }, | |
209 | [TCA_STATS] = { .type = NL_A_UNSPEC, | |
210 | .min_len = sizeof(struct tc_stats), .optional = true, }, | |
211 | [TCA_STATS2] = { .type = NL_A_NESTED, .optional = true, }, | |
212 | }; | |
213 | ||
214 | static const struct nl_policy tca_flower_policy[] = { | |
215 | [TCA_FLOWER_CLASSID] = { .type = NL_A_U32, .optional = true, }, | |
216 | [TCA_FLOWER_INDEV] = { .type = NL_A_STRING, .max_len = IFNAMSIZ, | |
217 | .optional = true, }, | |
218 | [TCA_FLOWER_KEY_ETH_SRC] = { .type = NL_A_UNSPEC, | |
219 | .min_len = ETH_ALEN, .optional = true, }, | |
220 | [TCA_FLOWER_KEY_ETH_DST] = { .type = NL_A_UNSPEC, | |
221 | .min_len = ETH_ALEN, .optional = true, }, | |
222 | [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .type = NL_A_UNSPEC, | |
223 | .min_len = ETH_ALEN, | |
224 | .optional = true, }, | |
225 | [TCA_FLOWER_KEY_ETH_DST_MASK] = { .type = NL_A_UNSPEC, | |
226 | .min_len = ETH_ALEN, | |
227 | .optional = true, }, | |
228 | [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NL_A_U16, .optional = false, }, | |
229 | [TCA_FLOWER_FLAGS] = { .type = NL_A_U32, .optional = false, }, | |
230 | [TCA_FLOWER_ACT] = { .type = NL_A_NESTED, .optional = false, }, | |
231 | [TCA_FLOWER_KEY_IP_PROTO] = { .type = NL_A_U8, .optional = true, }, | |
232 | [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NL_A_U32, .optional = true, }, | |
233 | [TCA_FLOWER_KEY_IPV4_DST] = {.type = NL_A_U32, .optional = true, }, | |
234 | [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NL_A_U32, .optional = true, }, | |
235 | [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NL_A_U32, .optional = true, }, | |
236 | [TCA_FLOWER_KEY_IPV6_SRC] = { .type = NL_A_UNSPEC, | |
237 | .min_len = sizeof(struct in6_addr), | |
238 | .optional = true, }, | |
239 | [TCA_FLOWER_KEY_IPV6_DST] = { .type = NL_A_UNSPEC, | |
240 | .min_len = sizeof(struct in6_addr), | |
241 | .optional = true, }, | |
242 | [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .type = NL_A_UNSPEC, | |
243 | .min_len = sizeof(struct in6_addr), | |
244 | .optional = true, }, | |
245 | [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .type = NL_A_UNSPEC, | |
246 | .min_len = sizeof(struct in6_addr), | |
247 | .optional = true, }, | |
248 | [TCA_FLOWER_KEY_TCP_SRC] = { .type = NL_A_U16, .optional = true, }, | |
249 | [TCA_FLOWER_KEY_TCP_DST] = { .type = NL_A_U16, .optional = true, }, | |
250 | [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NL_A_U16, .optional = true, }, | |
251 | [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NL_A_U16, .optional = true, }, | |
252 | [TCA_FLOWER_KEY_UDP_SRC] = { .type = NL_A_U16, .optional = true, }, | |
253 | [TCA_FLOWER_KEY_UDP_DST] = { .type = NL_A_U16, .optional = true, }, | |
254 | [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NL_A_U16, .optional = true, }, | |
255 | [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NL_A_U16, .optional = true, }, | |
4862b4e5 VB |
256 | [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NL_A_U16, .optional = true, }, |
257 | [TCA_FLOWER_KEY_SCTP_DST] = { .type = NL_A_U16, .optional = true, }, | |
258 | [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NL_A_U16, .optional = true, }, | |
259 | [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NL_A_U16, .optional = true, }, | |
f98e418f RD |
260 | [TCA_FLOWER_KEY_VLAN_ID] = { .type = NL_A_U16, .optional = true, }, |
261 | [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NL_A_U8, .optional = true, }, | |
262 | [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NL_A_U16, .optional = true, }, | |
263 | [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NL_A_U32, .optional = true, }, | |
264 | [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NL_A_U32, .optional = true, }, | |
265 | [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NL_A_U32, .optional = true, }, | |
266 | [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NL_A_U32, | |
267 | .optional = true, }, | |
268 | [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NL_A_U32, | |
269 | .optional = true, }, | |
270 | [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .type = NL_A_UNSPEC, | |
271 | .min_len = sizeof(struct in6_addr), | |
272 | .optional = true, }, | |
273 | [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .type = NL_A_UNSPEC, | |
274 | .min_len = sizeof(struct in6_addr), | |
275 | .optional = true, }, | |
276 | [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .type = NL_A_UNSPEC, | |
277 | .min_len = sizeof(struct in6_addr), | |
278 | .optional = true, }, | |
279 | [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .type = NL_A_UNSPEC, | |
280 | .min_len = sizeof(struct in6_addr), | |
281 | .optional = true, }, | |
282 | [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NL_A_U16, | |
283 | .optional = true, }, | |
83e86606 RD |
284 | [TCA_FLOWER_KEY_FLAGS] = { .type = NL_A_BE32, .optional = true, }, |
285 | [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NL_A_BE32, .optional = true, }, | |
0b4b5203 PB |
286 | [TCA_FLOWER_KEY_IP_TTL] = { .type = NL_A_U8, |
287 | .optional = true, }, | |
288 | [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NL_A_U8, | |
289 | .optional = true, }, | |
cd081043 PB |
290 | [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NL_A_U16, |
291 | .optional = true, }, | |
292 | [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NL_A_U16, | |
293 | .optional = true, }, | |
f98e418f RD |
294 | }; |
295 | ||
296 | static void | |
297 | nl_parse_flower_eth(struct nlattr **attrs, struct tc_flower *flower) | |
298 | { | |
299 | const struct eth_addr *eth; | |
300 | ||
301 | if (attrs[TCA_FLOWER_KEY_ETH_SRC_MASK]) { | |
302 | eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_SRC], ETH_ALEN); | |
303 | memcpy(&flower->key.src_mac, eth, sizeof flower->key.src_mac); | |
304 | ||
305 | eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_SRC_MASK], ETH_ALEN); | |
306 | memcpy(&flower->mask.src_mac, eth, sizeof flower->mask.src_mac); | |
307 | } | |
308 | if (attrs[TCA_FLOWER_KEY_ETH_DST_MASK]) { | |
309 | eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_DST], ETH_ALEN); | |
310 | memcpy(&flower->key.dst_mac, eth, sizeof flower->key.dst_mac); | |
311 | ||
312 | eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_DST_MASK], ETH_ALEN); | |
313 | memcpy(&flower->mask.dst_mac, eth, sizeof flower->mask.dst_mac); | |
314 | } | |
315 | } | |
316 | ||
317 | static void | |
318 | nl_parse_flower_vlan(struct nlattr **attrs, struct tc_flower *flower) | |
319 | { | |
320 | if (flower->key.eth_type != htons(ETH_TYPE_VLAN)) { | |
321 | return; | |
322 | } | |
323 | ||
324 | flower->key.encap_eth_type = | |
325 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_ETH_TYPE]); | |
326 | ||
327 | if (attrs[TCA_FLOWER_KEY_VLAN_ID]) { | |
328 | flower->key.vlan_id = | |
329 | nl_attr_get_u16(attrs[TCA_FLOWER_KEY_VLAN_ID]); | |
330 | } | |
331 | if (attrs[TCA_FLOWER_KEY_VLAN_PRIO]) { | |
332 | flower->key.vlan_prio = | |
333 | nl_attr_get_u8(attrs[TCA_FLOWER_KEY_VLAN_PRIO]); | |
334 | } | |
335 | } | |
336 | ||
337 | static void | |
338 | nl_parse_flower_tunnel(struct nlattr **attrs, struct tc_flower *flower) | |
339 | { | |
340 | if (attrs[TCA_FLOWER_KEY_ENC_KEY_ID]) { | |
341 | ovs_be32 id = nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_KEY_ID]); | |
342 | ||
343 | flower->tunnel.id = be32_to_be64(id); | |
344 | } | |
345 | if (attrs[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK]) { | |
346 | flower->tunnel.ipv4.ipv4_src = | |
347 | nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_IPV4_SRC]); | |
348 | } | |
349 | if (attrs[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK]) { | |
350 | flower->tunnel.ipv4.ipv4_dst = | |
351 | nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_IPV4_DST]); | |
352 | } | |
353 | if (attrs[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK]) { | |
354 | flower->tunnel.ipv6.ipv6_src = | |
355 | nl_attr_get_in6_addr(attrs[TCA_FLOWER_KEY_ENC_IPV6_SRC]); | |
356 | } | |
357 | if (attrs[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK]) { | |
358 | flower->tunnel.ipv6.ipv6_dst = | |
359 | nl_attr_get_in6_addr(attrs[TCA_FLOWER_KEY_ENC_IPV6_DST]); | |
360 | } | |
361 | if (attrs[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]) { | |
362 | flower->tunnel.tp_dst = | |
363 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]); | |
364 | } | |
365 | } | |
366 | ||
367 | static void | |
368 | nl_parse_flower_ip(struct nlattr **attrs, struct tc_flower *flower) { | |
369 | uint8_t ip_proto = 0; | |
370 | struct tc_flower_key *key = &flower->key; | |
371 | struct tc_flower_key *mask = &flower->mask; | |
372 | ||
373 | if (attrs[TCA_FLOWER_KEY_IP_PROTO]) { | |
374 | ip_proto = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_PROTO]); | |
375 | key->ip_proto = ip_proto; | |
376 | mask->ip_proto = UINT8_MAX; | |
377 | } | |
378 | ||
83e86606 | 379 | if (attrs[TCA_FLOWER_KEY_FLAGS_MASK]) { |
7e0f69b5 IS |
380 | key->flags = ntohl(nl_attr_get_be32(attrs[TCA_FLOWER_KEY_FLAGS])); |
381 | mask->flags = | |
382 | ntohl(nl_attr_get_be32(attrs[TCA_FLOWER_KEY_FLAGS_MASK])); | |
83e86606 RD |
383 | } |
384 | ||
f98e418f RD |
385 | if (attrs[TCA_FLOWER_KEY_IPV4_SRC_MASK]) { |
386 | key->ipv4.ipv4_src = | |
387 | nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_SRC]); | |
388 | mask->ipv4.ipv4_src = | |
389 | nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_SRC_MASK]); | |
390 | } | |
391 | if (attrs[TCA_FLOWER_KEY_IPV4_DST_MASK]) { | |
392 | key->ipv4.ipv4_dst = | |
393 | nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_DST]); | |
394 | mask->ipv4.ipv4_dst = | |
395 | nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_DST_MASK]); | |
396 | } | |
397 | if (attrs[TCA_FLOWER_KEY_IPV6_SRC_MASK]) { | |
398 | struct nlattr *attr = attrs[TCA_FLOWER_KEY_IPV6_SRC]; | |
399 | struct nlattr *attr_mask = attrs[TCA_FLOWER_KEY_IPV6_SRC_MASK]; | |
400 | ||
401 | key->ipv6.ipv6_src = nl_attr_get_in6_addr(attr); | |
402 | mask->ipv6.ipv6_src = nl_attr_get_in6_addr(attr_mask); | |
403 | } | |
404 | if (attrs[TCA_FLOWER_KEY_IPV6_DST_MASK]) { | |
405 | struct nlattr *attr = attrs[TCA_FLOWER_KEY_IPV6_DST]; | |
406 | struct nlattr *attr_mask = attrs[TCA_FLOWER_KEY_IPV6_DST_MASK]; | |
407 | ||
408 | key->ipv6.ipv6_dst = nl_attr_get_in6_addr(attr); | |
409 | mask->ipv6.ipv6_dst = nl_attr_get_in6_addr(attr_mask); | |
410 | } | |
411 | ||
412 | if (ip_proto == IPPROTO_TCP) { | |
413 | if (attrs[TCA_FLOWER_KEY_TCP_SRC_MASK]) { | |
2b1d9fa9 | 414 | key->tcp_src = |
f98e418f | 415 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_SRC]); |
2b1d9fa9 | 416 | mask->tcp_src = |
f98e418f RD |
417 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_SRC_MASK]); |
418 | } | |
419 | if (attrs[TCA_FLOWER_KEY_TCP_DST_MASK]) { | |
2b1d9fa9 | 420 | key->tcp_dst = |
f98e418f | 421 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_DST]); |
2b1d9fa9 | 422 | mask->tcp_dst = |
f98e418f RD |
423 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_DST_MASK]); |
424 | } | |
cd081043 PB |
425 | if (attrs[TCA_FLOWER_KEY_TCP_FLAGS_MASK]) { |
426 | key->tcp_flags = | |
427 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_FLAGS]); | |
428 | mask->tcp_flags = | |
429 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_FLAGS_MASK]); | |
430 | } | |
f98e418f RD |
431 | } else if (ip_proto == IPPROTO_UDP) { |
432 | if (attrs[TCA_FLOWER_KEY_UDP_SRC_MASK]) { | |
2b1d9fa9 PB |
433 | key->udp_src = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_SRC]); |
434 | mask->udp_src = | |
f98e418f RD |
435 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_SRC_MASK]); |
436 | } | |
437 | if (attrs[TCA_FLOWER_KEY_UDP_DST_MASK]) { | |
2b1d9fa9 PB |
438 | key->udp_dst = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_DST]); |
439 | mask->udp_dst = | |
f98e418f RD |
440 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_DST_MASK]); |
441 | } | |
4862b4e5 VB |
442 | } else if (ip_proto == IPPROTO_SCTP) { |
443 | if (attrs[TCA_FLOWER_KEY_SCTP_SRC_MASK]) { | |
2b1d9fa9 PB |
444 | key->sctp_src = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_SRC]); |
445 | mask->sctp_src = | |
4862b4e5 VB |
446 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_SRC_MASK]); |
447 | } | |
448 | if (attrs[TCA_FLOWER_KEY_SCTP_DST_MASK]) { | |
2b1d9fa9 PB |
449 | key->sctp_dst = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_DST]); |
450 | mask->sctp_dst = | |
4862b4e5 VB |
451 | nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_DST_MASK]); |
452 | } | |
f98e418f | 453 | } |
0b4b5203 PB |
454 | |
455 | if (attrs[TCA_FLOWER_KEY_IP_TTL_MASK]) { | |
456 | key->ip_ttl = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_TTL]); | |
457 | mask->ip_ttl = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_TTL_MASK]); | |
458 | } | |
f98e418f RD |
459 | } |
460 | ||
d63ca532 GT |
461 | static enum tc_offloaded_state |
462 | nl_get_flower_offloaded_state(struct nlattr **attrs) | |
463 | { | |
464 | uint32_t flower_flags = 0; | |
465 | ||
466 | if (attrs[TCA_FLOWER_FLAGS]) { | |
467 | flower_flags = nl_attr_get_u32(attrs[TCA_FLOWER_FLAGS]); | |
468 | if (flower_flags & TCA_CLS_FLAGS_NOT_IN_HW) { | |
469 | return TC_OFFLOADED_STATE_NOT_IN_HW; | |
470 | } else if (flower_flags & TCA_CLS_FLAGS_IN_HW) { | |
471 | return TC_OFFLOADED_STATE_IN_HW; | |
472 | } | |
473 | } | |
474 | return TC_OFFLOADED_STATE_UNDEFINED; | |
475 | } | |
476 | ||
477 | static void | |
478 | nl_parse_flower_flags(struct nlattr **attrs, struct tc_flower *flower) | |
479 | { | |
480 | flower->offloaded_state = nl_get_flower_offloaded_state(attrs); | |
481 | } | |
482 | ||
8ada482b PB |
483 | static const struct nl_policy pedit_policy[] = { |
484 | [TCA_PEDIT_PARMS_EX] = { .type = NL_A_UNSPEC, | |
485 | .min_len = sizeof(struct tc_pedit), | |
486 | .optional = false, }, | |
487 | [TCA_PEDIT_KEYS_EX] = { .type = NL_A_NESTED, | |
488 | .optional = false, }, | |
489 | }; | |
490 | ||
491 | static int | |
492 | nl_parse_act_pedit(struct nlattr *options, struct tc_flower *flower) | |
493 | { | |
0c70132c | 494 | struct tc_action *action; |
8ada482b PB |
495 | struct nlattr *pe_attrs[ARRAY_SIZE(pedit_policy)]; |
496 | const struct tc_pedit *pe; | |
497 | const struct tc_pedit_key *keys; | |
498 | const struct nlattr *nla, *keys_ex, *ex_type; | |
499 | const void *keys_attr; | |
500 | char *rewrite_key = (void *) &flower->rewrite.key; | |
501 | char *rewrite_mask = (void *) &flower->rewrite.mask; | |
502 | size_t keys_ex_size, left; | |
d6118e62 | 503 | int type, i = 0, err; |
8ada482b PB |
504 | |
505 | if (!nl_parse_nested(options, pedit_policy, pe_attrs, | |
506 | ARRAY_SIZE(pedit_policy))) { | |
507 | VLOG_ERR_RL(&error_rl, "failed to parse pedit action options"); | |
508 | return EPROTO; | |
509 | } | |
510 | ||
511 | pe = nl_attr_get_unspec(pe_attrs[TCA_PEDIT_PARMS_EX], sizeof *pe); | |
512 | keys = pe->keys; | |
513 | keys_attr = pe_attrs[TCA_PEDIT_KEYS_EX]; | |
514 | keys_ex = nl_attr_get(keys_attr); | |
515 | keys_ex_size = nl_attr_get_size(keys_attr); | |
516 | ||
517 | NL_ATTR_FOR_EACH (nla, left, keys_ex, keys_ex_size) { | |
518 | if (i >= pe->nkeys) { | |
519 | break; | |
520 | } | |
521 | ||
408671c4 | 522 | if (nl_attr_type(nla) != TCA_PEDIT_KEY_EX) { |
8ada482b PB |
523 | VLOG_ERR_RL(&error_rl, "unable to parse legacy pedit type: %d", |
524 | nl_attr_type(nla)); | |
525 | return EOPNOTSUPP; | |
526 | } | |
527 | ||
528 | ex_type = nl_attr_find_nested(nla, TCA_PEDIT_KEY_EX_HTYPE); | |
529 | type = nl_attr_get_u16(ex_type); | |
530 | ||
d6118e62 PB |
531 | err = csum_update_flag(flower, type); |
532 | if (err) { | |
533 | return err; | |
534 | } | |
535 | ||
8ada482b PB |
536 | for (int j = 0; j < ARRAY_SIZE(flower_pedit_map); j++) { |
537 | struct flower_key_to_pedit *m = &flower_pedit_map[j]; | |
538 | int flower_off = m->flower_offset; | |
539 | int sz = m->size; | |
540 | int mf = m->offset; | |
541 | ||
542 | if (m->htype != type) { | |
543 | continue; | |
544 | } | |
545 | ||
546 | /* check overlap between current pedit key, which is always | |
547 | * 4 bytes (range [off, off + 3]), and a map entry in | |
548 | * flower_pedit_map (range [mf, mf + sz - 1]) */ | |
549 | if ((keys->off >= mf && keys->off < mf + sz) | |
550 | || (keys->off + 3 >= mf && keys->off + 3 < mf + sz)) { | |
551 | int diff = flower_off + (keys->off - mf); | |
552 | uint32_t *dst = (void *) (rewrite_key + diff); | |
553 | uint32_t *dst_m = (void *) (rewrite_mask + diff); | |
554 | uint32_t mask = ~(keys->mask); | |
555 | uint32_t zero_bits; | |
556 | ||
557 | if (keys->off < mf) { | |
558 | zero_bits = 8 * (mf - keys->off); | |
559 | mask &= UINT32_MAX << zero_bits; | |
560 | } else if (keys->off + 4 > mf + m->size) { | |
561 | zero_bits = 8 * (keys->off + 4 - mf - m->size); | |
562 | mask &= UINT32_MAX >> zero_bits; | |
563 | } | |
564 | ||
565 | *dst_m |= mask; | |
566 | *dst |= keys->val & mask; | |
567 | } | |
568 | } | |
569 | ||
570 | keys++; | |
571 | i++; | |
572 | } | |
573 | ||
0c70132c CM |
574 | action = &flower->actions[flower->action_count++]; |
575 | action->type = TC_ACT_PEDIT; | |
8ada482b PB |
576 | |
577 | return 0; | |
578 | } | |
579 | ||
f98e418f RD |
580 | static const struct nl_policy tunnel_key_policy[] = { |
581 | [TCA_TUNNEL_KEY_PARMS] = { .type = NL_A_UNSPEC, | |
582 | .min_len = sizeof(struct tc_tunnel_key), | |
583 | .optional = false, }, | |
584 | [TCA_TUNNEL_KEY_ENC_IPV4_SRC] = { .type = NL_A_U32, .optional = true, }, | |
585 | [TCA_TUNNEL_KEY_ENC_IPV4_DST] = { .type = NL_A_U32, .optional = true, }, | |
586 | [TCA_TUNNEL_KEY_ENC_IPV6_SRC] = { .type = NL_A_UNSPEC, | |
587 | .min_len = sizeof(struct in6_addr), | |
588 | .optional = true, }, | |
589 | [TCA_TUNNEL_KEY_ENC_IPV6_DST] = { .type = NL_A_UNSPEC, | |
590 | .min_len = sizeof(struct in6_addr), | |
591 | .optional = true, }, | |
592 | [TCA_TUNNEL_KEY_ENC_KEY_ID] = { .type = NL_A_U32, .optional = true, }, | |
593 | [TCA_TUNNEL_KEY_ENC_DST_PORT] = { .type = NL_A_U16, .optional = true, }, | |
594 | }; | |
595 | ||
596 | static int | |
597 | nl_parse_act_tunnel_key(struct nlattr *options, struct tc_flower *flower) | |
598 | { | |
599 | struct nlattr *tun_attrs[ARRAY_SIZE(tunnel_key_policy)]; | |
600 | const struct nlattr *tun_parms; | |
601 | const struct tc_tunnel_key *tun; | |
0c70132c | 602 | struct tc_action *action; |
f98e418f RD |
603 | |
604 | if (!nl_parse_nested(options, tunnel_key_policy, tun_attrs, | |
605 | ARRAY_SIZE(tunnel_key_policy))) { | |
606 | VLOG_ERR_RL(&error_rl, "failed to parse tunnel_key action options"); | |
607 | return EPROTO; | |
608 | } | |
609 | ||
610 | tun_parms = tun_attrs[TCA_TUNNEL_KEY_PARMS]; | |
611 | tun = nl_attr_get_unspec(tun_parms, sizeof *tun); | |
612 | if (tun->t_action == TCA_TUNNEL_KEY_ACT_SET) { | |
613 | struct nlattr *id = tun_attrs[TCA_TUNNEL_KEY_ENC_KEY_ID]; | |
614 | struct nlattr *dst_port = tun_attrs[TCA_TUNNEL_KEY_ENC_DST_PORT]; | |
615 | struct nlattr *ipv4_src = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV4_SRC]; | |
616 | struct nlattr *ipv4_dst = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV4_DST]; | |
617 | struct nlattr *ipv6_src = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV6_SRC]; | |
618 | struct nlattr *ipv6_dst = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV6_DST]; | |
619 | ||
0c70132c CM |
620 | action = &flower->actions[flower->action_count++]; |
621 | action->type = TC_ACT_ENCAP; | |
622 | action->encap.ipv4.ipv4_src = ipv4_src ? nl_attr_get_be32(ipv4_src) : 0; | |
623 | action->encap.ipv4.ipv4_dst = ipv4_dst ? nl_attr_get_be32(ipv4_dst) : 0; | |
f98e418f | 624 | if (ipv6_src) { |
0c70132c | 625 | action->encap.ipv6.ipv6_src = nl_attr_get_in6_addr(ipv6_src); |
f98e418f RD |
626 | } |
627 | if (ipv6_dst) { | |
0c70132c | 628 | action->encap.ipv6.ipv6_dst = nl_attr_get_in6_addr(ipv6_dst); |
f98e418f | 629 | } |
0c70132c CM |
630 | action->encap.id = id ? be32_to_be64(nl_attr_get_be32(id)) : 0; |
631 | action->encap.tp_dst = dst_port ? nl_attr_get_be16(dst_port) : 0; | |
f98e418f RD |
632 | } else if (tun->t_action == TCA_TUNNEL_KEY_ACT_RELEASE) { |
633 | flower->tunnel.tunnel = true; | |
634 | } else { | |
635 | VLOG_ERR_RL(&error_rl, "unknown tunnel actions: %d, %d", | |
636 | tun->action, tun->t_action); | |
637 | return EINVAL; | |
638 | } | |
639 | return 0; | |
640 | } | |
641 | ||
642 | static const struct nl_policy gact_policy[] = { | |
643 | [TCA_GACT_PARMS] = { .type = NL_A_UNSPEC, | |
644 | .min_len = sizeof(struct tc_gact), | |
645 | .optional = false, }, | |
646 | [TCA_GACT_TM] = { .type = NL_A_UNSPEC, | |
647 | .min_len = sizeof(struct tcf_t), | |
648 | .optional = false, }, | |
649 | }; | |
650 | ||
8c1e74d1 PB |
651 | static int |
652 | get_user_hz(void) | |
653 | { | |
654 | static struct ovsthread_once once = OVSTHREAD_ONCE_INITIALIZER; | |
655 | static int user_hz = 100; | |
656 | ||
657 | if (ovsthread_once_start(&once)) { | |
658 | user_hz = sysconf(_SC_CLK_TCK); | |
659 | ovsthread_once_done(&once); | |
660 | } | |
661 | ||
662 | return user_hz; | |
663 | } | |
f98e418f RD |
664 | |
665 | static void | |
666 | nl_parse_tcf(const struct tcf_t *tm, struct tc_flower *flower) | |
667 | { | |
8c1e74d1 | 668 | flower->lastused = time_msec() - (tm->lastuse * 1000 / get_user_hz()); |
f98e418f RD |
669 | } |
670 | ||
671 | static int | |
672 | nl_parse_act_drop(struct nlattr *options, struct tc_flower *flower) | |
673 | { | |
674 | struct nlattr *gact_attrs[ARRAY_SIZE(gact_policy)]; | |
675 | const struct tc_gact *p; | |
676 | struct nlattr *gact_parms; | |
677 | const struct tcf_t *tm; | |
678 | ||
679 | if (!nl_parse_nested(options, gact_policy, gact_attrs, | |
680 | ARRAY_SIZE(gact_policy))) { | |
681 | VLOG_ERR_RL(&error_rl, "failed to parse gact action options"); | |
682 | return EPROTO; | |
683 | } | |
684 | ||
685 | gact_parms = gact_attrs[TCA_GACT_PARMS]; | |
686 | p = nl_attr_get_unspec(gact_parms, sizeof *p); | |
687 | ||
688 | if (p->action != TC_ACT_SHOT) { | |
689 | VLOG_ERR_RL(&error_rl, "unknown gact action: %d", p->action); | |
690 | return EINVAL; | |
691 | } | |
692 | ||
693 | tm = nl_attr_get_unspec(gact_attrs[TCA_GACT_TM], sizeof *tm); | |
694 | nl_parse_tcf(tm, flower); | |
695 | ||
696 | return 0; | |
697 | } | |
698 | ||
699 | static const struct nl_policy mirred_policy[] = { | |
700 | [TCA_MIRRED_PARMS] = { .type = NL_A_UNSPEC, | |
701 | .min_len = sizeof(struct tc_mirred), | |
702 | .optional = false, }, | |
703 | [TCA_MIRRED_TM] = { .type = NL_A_UNSPEC, | |
704 | .min_len = sizeof(struct tcf_t), | |
705 | .optional = false, }, | |
706 | }; | |
707 | ||
708 | static int | |
709 | nl_parse_act_mirred(struct nlattr *options, struct tc_flower *flower) | |
710 | { | |
711 | ||
712 | struct nlattr *mirred_attrs[ARRAY_SIZE(mirred_policy)]; | |
713 | const struct tc_mirred *m; | |
714 | const struct nlattr *mirred_parms; | |
715 | const struct tcf_t *tm; | |
716 | struct nlattr *mirred_tm; | |
0c70132c | 717 | struct tc_action *action; |
f98e418f RD |
718 | |
719 | if (!nl_parse_nested(options, mirred_policy, mirred_attrs, | |
720 | ARRAY_SIZE(mirred_policy))) { | |
721 | VLOG_ERR_RL(&error_rl, "failed to parse mirred action options"); | |
722 | return EPROTO; | |
723 | } | |
724 | ||
725 | mirred_parms = mirred_attrs[TCA_MIRRED_PARMS]; | |
726 | m = nl_attr_get_unspec(mirred_parms, sizeof *m); | |
727 | ||
0c70132c | 728 | if (m->eaction != TCA_EGRESS_REDIR && m->eaction != TCA_EGRESS_MIRROR) { |
f98e418f | 729 | VLOG_ERR_RL(&error_rl, "unknown mirred action: %d, %d, %d", |
0c70132c | 730 | m->action, m->eaction, m->ifindex); |
f98e418f RD |
731 | return EINVAL; |
732 | } | |
733 | ||
0c70132c CM |
734 | action = &flower->actions[flower->action_count++]; |
735 | action->ifindex_out = m->ifindex; | |
736 | action->type = TC_ACT_OUTPUT; | |
f98e418f RD |
737 | |
738 | mirred_tm = mirred_attrs[TCA_MIRRED_TM]; | |
739 | tm = nl_attr_get_unspec(mirred_tm, sizeof *tm); | |
740 | nl_parse_tcf(tm, flower); | |
741 | ||
742 | return 0; | |
743 | } | |
744 | ||
745 | static const struct nl_policy vlan_policy[] = { | |
746 | [TCA_VLAN_PARMS] = { .type = NL_A_UNSPEC, | |
747 | .min_len = sizeof(struct tc_vlan), | |
748 | .optional = false, }, | |
749 | [TCA_VLAN_PUSH_VLAN_ID] = { .type = NL_A_U16, .optional = true, }, | |
750 | [TCA_VLAN_PUSH_VLAN_PROTOCOL] = { .type = NL_A_U16, .optional = true, }, | |
751 | [TCA_VLAN_PUSH_VLAN_PRIORITY] = { .type = NL_A_U8, .optional = true, }, | |
752 | }; | |
753 | ||
754 | static int | |
755 | nl_parse_act_vlan(struct nlattr *options, struct tc_flower *flower) | |
756 | { | |
757 | struct nlattr *vlan_attrs[ARRAY_SIZE(vlan_policy)]; | |
758 | const struct tc_vlan *v; | |
759 | const struct nlattr *vlan_parms; | |
0c70132c | 760 | struct tc_action *action; |
f98e418f RD |
761 | |
762 | if (!nl_parse_nested(options, vlan_policy, vlan_attrs, | |
763 | ARRAY_SIZE(vlan_policy))) { | |
764 | VLOG_ERR_RL(&error_rl, "failed to parse vlan action options"); | |
765 | return EPROTO; | |
766 | } | |
767 | ||
0c70132c | 768 | action = &flower->actions[flower->action_count++]; |
f98e418f RD |
769 | vlan_parms = vlan_attrs[TCA_VLAN_PARMS]; |
770 | v = nl_attr_get_unspec(vlan_parms, sizeof *v); | |
771 | if (v->v_action == TCA_VLAN_ACT_PUSH) { | |
772 | struct nlattr *vlan_id = vlan_attrs[TCA_VLAN_PUSH_VLAN_ID]; | |
773 | struct nlattr *vlan_prio = vlan_attrs[TCA_VLAN_PUSH_VLAN_PRIORITY]; | |
774 | ||
0c70132c CM |
775 | action->vlan.vlan_push_id = nl_attr_get_u16(vlan_id); |
776 | action->vlan.vlan_push_prio = vlan_prio ? nl_attr_get_u8(vlan_prio) : 0; | |
777 | action->type = TC_ACT_VLAN_PUSH; | |
f98e418f | 778 | } else if (v->v_action == TCA_VLAN_ACT_POP) { |
0c70132c | 779 | action->type = TC_ACT_VLAN_POP; |
f98e418f RD |
780 | } else { |
781 | VLOG_ERR_RL(&error_rl, "unknown vlan action: %d, %d", | |
782 | v->action, v->v_action); | |
783 | return EINVAL; | |
784 | } | |
785 | return 0; | |
786 | } | |
787 | ||
d6118e62 PB |
788 | static const struct nl_policy csum_policy[] = { |
789 | [TCA_CSUM_PARMS] = { .type = NL_A_UNSPEC, | |
790 | .min_len = sizeof(struct tc_csum), | |
791 | .optional = false, }, | |
792 | }; | |
793 | ||
794 | static int | |
795 | nl_parse_act_csum(struct nlattr *options, struct tc_flower *flower) | |
796 | { | |
797 | struct nlattr *csum_attrs[ARRAY_SIZE(csum_policy)]; | |
798 | const struct tc_csum *c; | |
799 | const struct nlattr *csum_parms; | |
800 | ||
801 | if (!nl_parse_nested(options, csum_policy, csum_attrs, | |
802 | ARRAY_SIZE(csum_policy))) { | |
803 | VLOG_ERR_RL(&error_rl, "failed to parse csum action options"); | |
804 | return EPROTO; | |
805 | } | |
806 | ||
807 | csum_parms = csum_attrs[TCA_CSUM_PARMS]; | |
808 | c = nl_attr_get_unspec(csum_parms, sizeof *c); | |
809 | ||
810 | /* sanity checks */ | |
811 | if (c->update_flags != flower->csum_update_flags) { | |
812 | VLOG_WARN_RL(&error_rl, | |
813 | "expected different act csum flags: 0x%x != 0x%x", | |
814 | flower->csum_update_flags, c->update_flags); | |
815 | return EINVAL; | |
816 | } | |
817 | flower->csum_update_flags = 0; /* so we know csum was handled */ | |
818 | ||
819 | if (flower->needs_full_ip_proto_mask | |
820 | && flower->mask.ip_proto != UINT8_MAX) { | |
821 | VLOG_WARN_RL(&error_rl, "expected full matching on flower ip_proto"); | |
822 | return EINVAL; | |
823 | } | |
824 | ||
825 | return 0; | |
826 | } | |
827 | ||
f98e418f RD |
828 | static const struct nl_policy act_policy[] = { |
829 | [TCA_ACT_KIND] = { .type = NL_A_STRING, .optional = false, }, | |
830 | [TCA_ACT_COOKIE] = { .type = NL_A_UNSPEC, .optional = true, }, | |
831 | [TCA_ACT_OPTIONS] = { .type = NL_A_NESTED, .optional = false, }, | |
832 | [TCA_ACT_STATS] = { .type = NL_A_NESTED, .optional = false, }, | |
833 | }; | |
834 | ||
835 | static const struct nl_policy stats_policy[] = { | |
836 | [TCA_STATS_BASIC] = { .type = NL_A_UNSPEC, | |
837 | .min_len = sizeof(struct gnet_stats_basic), | |
838 | .optional = false, }, | |
839 | }; | |
840 | ||
841 | static int | |
842 | nl_parse_single_action(struct nlattr *action, struct tc_flower *flower) | |
843 | { | |
844 | struct nlattr *act_options; | |
845 | struct nlattr *act_stats; | |
846 | struct nlattr *act_cookie; | |
847 | const char *act_kind; | |
848 | struct nlattr *action_attrs[ARRAY_SIZE(act_policy)]; | |
849 | struct nlattr *stats_attrs[ARRAY_SIZE(stats_policy)]; | |
850 | struct ovs_flow_stats *stats = &flower->stats; | |
851 | const struct gnet_stats_basic *bs; | |
40c5aa11 | 852 | int err = 0; |
f98e418f RD |
853 | |
854 | if (!nl_parse_nested(action, act_policy, action_attrs, | |
855 | ARRAY_SIZE(act_policy))) { | |
856 | VLOG_ERR_RL(&error_rl, "failed to parse single action options"); | |
857 | return EPROTO; | |
858 | } | |
859 | ||
860 | act_kind = nl_attr_get_string(action_attrs[TCA_ACT_KIND]); | |
861 | act_options = action_attrs[TCA_ACT_OPTIONS]; | |
862 | act_cookie = action_attrs[TCA_ACT_COOKIE]; | |
863 | ||
864 | if (!strcmp(act_kind, "gact")) { | |
40c5aa11 | 865 | err = nl_parse_act_drop(act_options, flower); |
f98e418f | 866 | } else if (!strcmp(act_kind, "mirred")) { |
40c5aa11 | 867 | err = nl_parse_act_mirred(act_options, flower); |
f98e418f | 868 | } else if (!strcmp(act_kind, "vlan")) { |
40c5aa11 | 869 | err = nl_parse_act_vlan(act_options, flower); |
f98e418f | 870 | } else if (!strcmp(act_kind, "tunnel_key")) { |
40c5aa11 | 871 | err = nl_parse_act_tunnel_key(act_options, flower); |
8ada482b | 872 | } else if (!strcmp(act_kind, "pedit")) { |
40c5aa11 | 873 | err = nl_parse_act_pedit(act_options, flower); |
8ada482b | 874 | } else if (!strcmp(act_kind, "csum")) { |
d6118e62 | 875 | nl_parse_act_csum(act_options, flower); |
f98e418f RD |
876 | } else { |
877 | VLOG_ERR_RL(&error_rl, "unknown tc action kind: %s", act_kind); | |
40c5aa11 RD |
878 | err = EINVAL; |
879 | } | |
880 | ||
881 | if (err) { | |
882 | return err; | |
f98e418f RD |
883 | } |
884 | ||
885 | if (act_cookie) { | |
886 | flower->act_cookie.data = nl_attr_get(act_cookie); | |
887 | flower->act_cookie.len = nl_attr_get_size(act_cookie); | |
888 | } | |
889 | ||
890 | act_stats = action_attrs[TCA_ACT_STATS]; | |
891 | ||
892 | if (!nl_parse_nested(act_stats, stats_policy, stats_attrs, | |
893 | ARRAY_SIZE(stats_policy))) { | |
894 | VLOG_ERR_RL(&error_rl, "failed to parse action stats policy"); | |
895 | return EPROTO; | |
896 | } | |
897 | ||
898 | bs = nl_attr_get_unspec(stats_attrs[TCA_STATS_BASIC], sizeof *bs); | |
899 | put_32aligned_u64(&stats->n_packets, bs->packets); | |
900 | put_32aligned_u64(&stats->n_bytes, bs->bytes); | |
901 | ||
902 | return 0; | |
903 | } | |
904 | ||
905 | #define TCA_ACT_MIN_PRIO 1 | |
906 | ||
907 | static int | |
908 | nl_parse_flower_actions(struct nlattr **attrs, struct tc_flower *flower) | |
909 | { | |
910 | const struct nlattr *actions = attrs[TCA_FLOWER_ACT]; | |
911 | static struct nl_policy actions_orders_policy[TCA_ACT_MAX_PRIO + 1] = {}; | |
912 | struct nlattr *actions_orders[ARRAY_SIZE(actions_orders_policy)]; | |
913 | const int max_size = ARRAY_SIZE(actions_orders_policy); | |
914 | ||
915 | for (int i = TCA_ACT_MIN_PRIO; i < max_size; i++) { | |
916 | actions_orders_policy[i].type = NL_A_NESTED; | |
917 | actions_orders_policy[i].optional = true; | |
918 | } | |
919 | ||
920 | if (!nl_parse_nested(actions, actions_orders_policy, actions_orders, | |
921 | ARRAY_SIZE(actions_orders_policy))) { | |
922 | VLOG_ERR_RL(&error_rl, "failed to parse flower order of actions"); | |
923 | return EPROTO; | |
924 | } | |
925 | ||
926 | for (int i = TCA_ACT_MIN_PRIO; i < max_size; i++) { | |
927 | if (actions_orders[i]) { | |
0c70132c CM |
928 | int err; |
929 | ||
930 | if (flower->action_count >= TCA_ACT_MAX_PRIO) { | |
931 | VLOG_DBG_RL(&error_rl, "Can only support %d actions", flower->action_count); | |
932 | return EOPNOTSUPP; | |
933 | } | |
934 | err = nl_parse_single_action(actions_orders[i], flower); | |
f98e418f RD |
935 | |
936 | if (err) { | |
937 | return err; | |
938 | } | |
939 | } | |
940 | } | |
941 | ||
d6118e62 PB |
942 | if (flower->csum_update_flags) { |
943 | VLOG_WARN_RL(&error_rl, | |
944 | "expected act csum with flags: 0x%x", | |
945 | flower->csum_update_flags); | |
946 | return EINVAL; | |
947 | } | |
948 | ||
f98e418f RD |
949 | return 0; |
950 | } | |
951 | ||
952 | static int | |
953 | nl_parse_flower_options(struct nlattr *nl_options, struct tc_flower *flower) | |
954 | { | |
955 | struct nlattr *attrs[ARRAY_SIZE(tca_flower_policy)]; | |
956 | ||
957 | if (!nl_parse_nested(nl_options, tca_flower_policy, | |
958 | attrs, ARRAY_SIZE(tca_flower_policy))) { | |
959 | VLOG_ERR_RL(&error_rl, "failed to parse flower classifier options"); | |
960 | return EPROTO; | |
961 | } | |
962 | ||
963 | nl_parse_flower_eth(attrs, flower); | |
964 | nl_parse_flower_vlan(attrs, flower); | |
965 | nl_parse_flower_ip(attrs, flower); | |
966 | nl_parse_flower_tunnel(attrs, flower); | |
d63ca532 | 967 | nl_parse_flower_flags(attrs, flower); |
f98e418f RD |
968 | return nl_parse_flower_actions(attrs, flower); |
969 | } | |
970 | ||
971 | int | |
972 | parse_netlink_to_tc_flower(struct ofpbuf *reply, struct tc_flower *flower) | |
973 | { | |
974 | struct tcmsg *tc; | |
975 | struct nlattr *ta[ARRAY_SIZE(tca_policy)]; | |
976 | const char *kind; | |
977 | ||
978 | if (NLMSG_HDRLEN + sizeof *tc > reply->size) { | |
979 | return EPROTO; | |
980 | } | |
981 | ||
982 | memset(flower, 0, sizeof *flower); | |
983 | ||
984 | tc = ofpbuf_at_assert(reply, NLMSG_HDRLEN, sizeof *tc); | |
985 | flower->handle = tc->tcm_handle; | |
986 | flower->key.eth_type = (OVS_FORCE ovs_be16) tc_get_minor(tc->tcm_info); | |
987 | flower->mask.eth_type = OVS_BE16_MAX; | |
988 | flower->prio = tc_get_major(tc->tcm_info); | |
989 | ||
990 | if (!flower->handle) { | |
991 | return EAGAIN; | |
992 | } | |
993 | ||
994 | if (!nl_policy_parse(reply, NLMSG_HDRLEN + sizeof *tc, | |
995 | tca_policy, ta, ARRAY_SIZE(ta))) { | |
996 | VLOG_ERR_RL(&error_rl, "failed to parse tca policy"); | |
997 | return EPROTO; | |
998 | } | |
999 | ||
1000 | kind = nl_attr_get_string(ta[TCA_KIND]); | |
1001 | if (strcmp(kind, "flower")) { | |
763e120d | 1002 | VLOG_DBG_ONCE("Unsupported filter: %s", kind); |
f98e418f RD |
1003 | return EPROTO; |
1004 | } | |
1005 | ||
1006 | return nl_parse_flower_options(ta[TCA_OPTIONS], flower); | |
1007 | } | |
1008 | ||
1009 | int | |
1010 | tc_dump_flower_start(int ifindex, struct nl_dump *dump) | |
1011 | { | |
1012 | struct ofpbuf request; | |
1013 | struct tcmsg *tcmsg; | |
1014 | ||
1015 | tcmsg = tc_make_request(ifindex, RTM_GETTFILTER, NLM_F_DUMP, &request); | |
1016 | tcmsg->tcm_parent = TC_INGRESS_PARENT; | |
1017 | tcmsg->tcm_info = TC_H_UNSPEC; | |
1018 | tcmsg->tcm_handle = 0; | |
1019 | ||
1020 | nl_dump_start(dump, NETLINK_ROUTE, &request); | |
1021 | ofpbuf_uninit(&request); | |
1022 | ||
1023 | return 0; | |
1024 | } | |
1025 | ||
1026 | int | |
1027 | tc_flush(int ifindex) | |
1028 | { | |
1029 | struct ofpbuf request; | |
1030 | struct tcmsg *tcmsg; | |
1031 | ||
1032 | tcmsg = tc_make_request(ifindex, RTM_DELTFILTER, NLM_F_ACK, &request); | |
1033 | tcmsg->tcm_parent = TC_INGRESS_PARENT; | |
1034 | tcmsg->tcm_info = TC_H_UNSPEC; | |
1035 | ||
1036 | return tc_transact(&request, NULL); | |
1037 | } | |
1038 | ||
1039 | int | |
1040 | tc_del_filter(int ifindex, int prio, int handle) | |
1041 | { | |
1042 | struct ofpbuf request; | |
1043 | struct tcmsg *tcmsg; | |
1044 | struct ofpbuf *reply; | |
1045 | int error; | |
1046 | ||
1047 | tcmsg = tc_make_request(ifindex, RTM_DELTFILTER, NLM_F_ECHO, &request); | |
1048 | tcmsg->tcm_parent = TC_INGRESS_PARENT; | |
1049 | tcmsg->tcm_info = tc_make_handle(prio, 0); | |
1050 | tcmsg->tcm_handle = handle; | |
1051 | ||
1052 | error = tc_transact(&request, &reply); | |
1053 | if (!error) { | |
1054 | ofpbuf_delete(reply); | |
1055 | } | |
1056 | return error; | |
1057 | } | |
1058 | ||
1059 | int | |
1060 | tc_get_flower(int ifindex, int prio, int handle, struct tc_flower *flower) | |
1061 | { | |
1062 | struct ofpbuf request; | |
1063 | struct tcmsg *tcmsg; | |
1064 | struct ofpbuf *reply; | |
1065 | int error; | |
1066 | ||
1067 | tcmsg = tc_make_request(ifindex, RTM_GETTFILTER, NLM_F_ECHO, &request); | |
1068 | tcmsg->tcm_parent = TC_INGRESS_PARENT; | |
1069 | tcmsg->tcm_info = tc_make_handle(prio, 0); | |
1070 | tcmsg->tcm_handle = handle; | |
1071 | ||
1072 | error = tc_transact(&request, &reply); | |
1073 | if (error) { | |
1074 | return error; | |
1075 | } | |
1076 | ||
1077 | error = parse_netlink_to_tc_flower(reply, flower); | |
1078 | ofpbuf_delete(reply); | |
1079 | return error; | |
1080 | } | |
1081 | ||
691d20cb PB |
1082 | static int |
1083 | tc_get_tc_cls_policy(enum tc_offload_policy policy) | |
1084 | { | |
1085 | if (policy == TC_POLICY_SKIP_HW) { | |
1086 | return TCA_CLS_FLAGS_SKIP_HW; | |
1087 | } else if (policy == TC_POLICY_SKIP_SW) { | |
1088 | return TCA_CLS_FLAGS_SKIP_SW; | |
1089 | } | |
1090 | ||
1091 | return 0; | |
1092 | } | |
1093 | ||
8ada482b PB |
1094 | static void |
1095 | nl_msg_put_act_csum(struct ofpbuf *request, uint32_t flags) | |
1096 | { | |
1097 | size_t offset; | |
1098 | ||
1099 | nl_msg_put_string(request, TCA_ACT_KIND, "csum"); | |
1100 | offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS); | |
1101 | { | |
1102 | struct tc_csum parm = { .action = TC_ACT_PIPE, | |
1103 | .update_flags = flags }; | |
1104 | ||
1105 | nl_msg_put_unspec(request, TCA_CSUM_PARMS, &parm, sizeof parm); | |
1106 | } | |
1107 | nl_msg_end_nested(request, offset); | |
1108 | } | |
1109 | ||
1110 | static void | |
1111 | nl_msg_put_act_pedit(struct ofpbuf *request, struct tc_pedit *parm, | |
1112 | struct tc_pedit_key_ex *ex) | |
1113 | { | |
e13bbbab | 1114 | size_t ksize = sizeof *parm + parm->nkeys * sizeof(struct tc_pedit_key); |
8ada482b PB |
1115 | size_t offset, offset_keys_ex, offset_key; |
1116 | int i; | |
1117 | ||
1118 | nl_msg_put_string(request, TCA_ACT_KIND, "pedit"); | |
1119 | offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS); | |
1120 | { | |
1121 | parm->action = TC_ACT_PIPE; | |
1122 | ||
1123 | nl_msg_put_unspec(request, TCA_PEDIT_PARMS_EX, parm, ksize); | |
1124 | offset_keys_ex = nl_msg_start_nested(request, TCA_PEDIT_KEYS_EX); | |
1125 | for (i = 0; i < parm->nkeys; i++, ex++) { | |
1126 | offset_key = nl_msg_start_nested(request, TCA_PEDIT_KEY_EX); | |
1127 | nl_msg_put_u16(request, TCA_PEDIT_KEY_EX_HTYPE, ex->htype); | |
1128 | nl_msg_put_u16(request, TCA_PEDIT_KEY_EX_CMD, ex->cmd); | |
1129 | nl_msg_end_nested(request, offset_key); | |
1130 | } | |
1131 | nl_msg_end_nested(request, offset_keys_ex); | |
1132 | } | |
1133 | nl_msg_end_nested(request, offset); | |
1134 | } | |
1135 | ||
f98e418f RD |
1136 | static void |
1137 | nl_msg_put_act_push_vlan(struct ofpbuf *request, uint16_t vid, uint8_t prio) | |
1138 | { | |
1139 | size_t offset; | |
1140 | ||
1141 | nl_msg_put_string(request, TCA_ACT_KIND, "vlan"); | |
1142 | offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS); | |
1143 | { | |
1144 | struct tc_vlan parm = { .action = TC_ACT_PIPE, | |
1145 | .v_action = TCA_VLAN_ACT_PUSH }; | |
1146 | ||
1147 | nl_msg_put_unspec(request, TCA_VLAN_PARMS, &parm, sizeof parm); | |
1148 | nl_msg_put_u16(request, TCA_VLAN_PUSH_VLAN_ID, vid); | |
1149 | nl_msg_put_u8(request, TCA_VLAN_PUSH_VLAN_PRIORITY, prio); | |
1150 | } | |
1151 | nl_msg_end_nested(request, offset); | |
1152 | } | |
1153 | ||
1154 | static void | |
1155 | nl_msg_put_act_pop_vlan(struct ofpbuf *request) | |
1156 | { | |
1157 | size_t offset; | |
1158 | ||
1159 | nl_msg_put_string(request, TCA_ACT_KIND, "vlan"); | |
1160 | offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS); | |
1161 | { | |
1162 | struct tc_vlan parm = { .action = TC_ACT_PIPE, | |
1163 | .v_action = TCA_VLAN_ACT_POP }; | |
1164 | ||
1165 | nl_msg_put_unspec(request, TCA_VLAN_PARMS, &parm, sizeof parm); | |
1166 | } | |
1167 | nl_msg_end_nested(request, offset); | |
1168 | } | |
1169 | ||
1170 | static void | |
1171 | nl_msg_put_act_tunnel_key_release(struct ofpbuf *request) | |
1172 | { | |
1173 | size_t offset; | |
1174 | ||
1175 | nl_msg_put_string(request, TCA_ACT_KIND, "tunnel_key"); | |
1176 | offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS); | |
1177 | { | |
1178 | struct tc_tunnel_key tun = { .action = TC_ACT_PIPE, | |
1179 | .t_action = TCA_TUNNEL_KEY_ACT_RELEASE }; | |
1180 | ||
1181 | nl_msg_put_unspec(request, TCA_TUNNEL_KEY_PARMS, &tun, sizeof tun); | |
1182 | } | |
1183 | nl_msg_end_nested(request, offset); | |
1184 | } | |
1185 | ||
1186 | static void | |
1187 | nl_msg_put_act_tunnel_key_set(struct ofpbuf *request, ovs_be64 id, | |
1188 | ovs_be32 ipv4_src, ovs_be32 ipv4_dst, | |
1189 | struct in6_addr *ipv6_src, | |
1190 | struct in6_addr *ipv6_dst, | |
1191 | ovs_be16 tp_dst) | |
1192 | { | |
1193 | size_t offset; | |
1194 | ||
1195 | nl_msg_put_string(request, TCA_ACT_KIND, "tunnel_key"); | |
1196 | offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS); | |
1197 | { | |
1198 | struct tc_tunnel_key tun = { .action = TC_ACT_PIPE, | |
1199 | .t_action = TCA_TUNNEL_KEY_ACT_SET }; | |
1200 | ||
1201 | nl_msg_put_unspec(request, TCA_TUNNEL_KEY_PARMS, &tun, sizeof tun); | |
1202 | ||
1203 | ovs_be32 id32 = be64_to_be32(id); | |
1204 | nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_KEY_ID, id32); | |
1205 | if (ipv4_dst) { | |
1206 | nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_IPV4_SRC, ipv4_src); | |
1207 | nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_IPV4_DST, ipv4_dst); | |
1208 | } else if (!is_all_zeros(ipv6_dst, sizeof *ipv6_dst)) { | |
1209 | nl_msg_put_in6_addr(request, TCA_TUNNEL_KEY_ENC_IPV6_DST, | |
1210 | ipv6_dst); | |
1211 | nl_msg_put_in6_addr(request, TCA_TUNNEL_KEY_ENC_IPV6_SRC, | |
1212 | ipv6_src); | |
1213 | } | |
1214 | nl_msg_put_be16(request, TCA_TUNNEL_KEY_ENC_DST_PORT, tp_dst); | |
1215 | } | |
1216 | nl_msg_end_nested(request, offset); | |
1217 | } | |
1218 | ||
1219 | static void | |
1220 | nl_msg_put_act_drop(struct ofpbuf *request) | |
1221 | { | |
1222 | size_t offset; | |
1223 | ||
1224 | nl_msg_put_string(request, TCA_ACT_KIND, "gact"); | |
1225 | offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS); | |
1226 | { | |
1227 | struct tc_gact p = { .action = TC_ACT_SHOT }; | |
1228 | ||
1229 | nl_msg_put_unspec(request, TCA_GACT_PARMS, &p, sizeof p); | |
1230 | } | |
1231 | nl_msg_end_nested(request, offset); | |
1232 | } | |
1233 | ||
1234 | static void | |
00a0a011 CM |
1235 | nl_msg_put_act_mirred(struct ofpbuf *request, int ifindex, int action, |
1236 | int eaction) | |
f98e418f RD |
1237 | { |
1238 | size_t offset; | |
1239 | ||
1240 | nl_msg_put_string(request, TCA_ACT_KIND, "mirred"); | |
1241 | offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS); | |
1242 | { | |
00a0a011 CM |
1243 | struct tc_mirred m = { .action = action, |
1244 | .eaction = eaction, | |
f98e418f RD |
1245 | .ifindex = ifindex }; |
1246 | ||
1247 | nl_msg_put_unspec(request, TCA_MIRRED_PARMS, &m, sizeof m); | |
1248 | } | |
1249 | nl_msg_end_nested(request, offset); | |
1250 | } | |
1251 | ||
1252 | static inline void | |
1253 | nl_msg_put_act_cookie(struct ofpbuf *request, struct tc_cookie *ck) { | |
1254 | if (ck->len) { | |
1255 | nl_msg_put_unspec(request, TCA_ACT_COOKIE, ck->data, ck->len); | |
1256 | } | |
1257 | } | |
1258 | ||
8ada482b PB |
1259 | /* Given flower, a key_to_pedit map entry, calculates the rest, |
1260 | * where: | |
1261 | * | |
1262 | * mask, data - pointers of where read the first word of flower->key/mask. | |
1263 | * current_offset - which offset to use for the first pedit action. | |
1264 | * cnt - max pedits actions to use. | |
1265 | * first_word_mask/last_word_mask - the mask to use for the first/last read | |
1266 | * (as we read entire words). */ | |
f98e418f | 1267 | static void |
8ada482b PB |
1268 | calc_offsets(struct tc_flower *flower, struct flower_key_to_pedit *m, |
1269 | int *cur_offset, int *cnt, uint32_t *last_word_mask, | |
1270 | uint32_t *first_word_mask, uint32_t **mask, uint32_t **data) | |
1271 | { | |
1272 | int start_offset, max_offset, total_size; | |
1273 | int diff, right_zero_bits, left_zero_bits; | |
1274 | char *rewrite_key = (void *) &flower->rewrite.key; | |
1275 | char *rewrite_mask = (void *) &flower->rewrite.mask; | |
1276 | ||
1277 | max_offset = m->offset + m->size; | |
1278 | start_offset = ROUND_DOWN(m->offset, 4); | |
1279 | diff = m->offset - start_offset; | |
1280 | total_size = max_offset - start_offset; | |
1281 | right_zero_bits = 8 * (4 - (max_offset % 4)); | |
1282 | left_zero_bits = 8 * (m->offset - start_offset); | |
1283 | ||
1284 | *cur_offset = start_offset; | |
1285 | *cnt = (total_size / 4) + (total_size % 4 ? 1 : 0); | |
1286 | *last_word_mask = UINT32_MAX >> right_zero_bits; | |
1287 | *first_word_mask = UINT32_MAX << left_zero_bits; | |
1288 | *data = (void *) (rewrite_key + m->flower_offset - diff); | |
1289 | *mask = (void *) (rewrite_mask + m->flower_offset - diff); | |
1290 | } | |
1291 | ||
d6118e62 | 1292 | static inline int |
8ada482b PB |
1293 | csum_update_flag(struct tc_flower *flower, |
1294 | enum pedit_header_type htype) { | |
d6118e62 PB |
1295 | /* Explictily specifiy the csum flags so HW can return EOPNOTSUPP |
1296 | * if it doesn't support a checksum recalculation of some headers. | |
1297 | * And since OVS allows a flow such as | |
1298 | * eth(dst=<mac>),eth_type(0x0800) actions=set(ipv4(src=<new_ip>)) | |
1299 | * we need to force a more specific flow as this can, for example, | |
1300 | * need a recalculation of icmp checksum if the packet that passes | |
d5ac6458 | 1301 | * is ICMPv6 and tcp checksum if its tcp. */ |
d6118e62 PB |
1302 | |
1303 | switch (htype) { | |
1304 | case TCA_PEDIT_KEY_EX_HDR_TYPE_IP4: | |
8ada482b | 1305 | flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_IPV4HDR; |
eeb0ca88 | 1306 | /* Fall through. */ |
d6118e62 PB |
1307 | case TCA_PEDIT_KEY_EX_HDR_TYPE_IP6: |
1308 | case TCA_PEDIT_KEY_EX_HDR_TYPE_TCP: | |
1309 | case TCA_PEDIT_KEY_EX_HDR_TYPE_UDP: | |
8ada482b | 1310 | if (flower->key.ip_proto == IPPROTO_TCP) { |
d6118e62 | 1311 | flower->needs_full_ip_proto_mask = true; |
8ada482b PB |
1312 | flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_TCP; |
1313 | } else if (flower->key.ip_proto == IPPROTO_UDP) { | |
d6118e62 | 1314 | flower->needs_full_ip_proto_mask = true; |
8ada482b | 1315 | flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_UDP; |
d5ac6458 JL |
1316 | } else if (flower->key.ip_proto == IPPROTO_ICMP) { |
1317 | flower->needs_full_ip_proto_mask = true; | |
1318 | } else if (flower->key.ip_proto == IPPROTO_ICMPV6) { | |
d6118e62 | 1319 | flower->needs_full_ip_proto_mask = true; |
8ada482b | 1320 | flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_ICMP; |
d6118e62 PB |
1321 | } else { |
1322 | VLOG_WARN_RL(&error_rl, | |
1323 | "can't offload rewrite of IP/IPV6 with ip_proto: %d", | |
1324 | flower->key.ip_proto); | |
1325 | break; | |
8ada482b | 1326 | } |
eeb0ca88 | 1327 | /* Fall through. */ |
d6118e62 PB |
1328 | case TCA_PEDIT_KEY_EX_HDR_TYPE_ETH: |
1329 | return 0; /* success */ | |
1330 | ||
1331 | case TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK: | |
1332 | case __PEDIT_HDR_TYPE_MAX: | |
1333 | default: | |
1334 | break; | |
8ada482b | 1335 | } |
d6118e62 PB |
1336 | |
1337 | return EOPNOTSUPP; | |
8ada482b PB |
1338 | } |
1339 | ||
1340 | static int | |
1341 | nl_msg_put_flower_rewrite_pedits(struct ofpbuf *request, | |
1342 | struct tc_flower *flower) | |
1343 | { | |
1344 | struct { | |
1345 | struct tc_pedit sel; | |
1346 | struct tc_pedit_key keys[MAX_PEDIT_OFFSETS]; | |
1347 | struct tc_pedit_key_ex keys_ex[MAX_PEDIT_OFFSETS]; | |
1348 | } sel = { | |
1349 | .sel = { | |
1350 | .nkeys = 0 | |
1351 | } | |
1352 | }; | |
d6118e62 | 1353 | int i, j, err; |
8ada482b PB |
1354 | |
1355 | for (i = 0; i < ARRAY_SIZE(flower_pedit_map); i++) { | |
1356 | struct flower_key_to_pedit *m = &flower_pedit_map[i]; | |
1357 | struct tc_pedit_key *pedit_key = NULL; | |
1358 | struct tc_pedit_key_ex *pedit_key_ex = NULL; | |
1359 | uint32_t *mask, *data, first_word_mask, last_word_mask; | |
1360 | int cnt = 0, cur_offset = 0; | |
1361 | ||
1362 | if (!m->size) { | |
1363 | continue; | |
1364 | } | |
1365 | ||
1366 | calc_offsets(flower, m, &cur_offset, &cnt, &last_word_mask, | |
1367 | &first_word_mask, &mask, &data); | |
1368 | ||
1369 | for (j = 0; j < cnt; j++, mask++, data++, cur_offset += 4) { | |
1370 | uint32_t mask_word = *mask; | |
1371 | ||
1372 | if (j == 0) { | |
1373 | mask_word &= first_word_mask; | |
1374 | } | |
1375 | if (j == cnt - 1) { | |
1376 | mask_word &= last_word_mask; | |
1377 | } | |
1378 | if (!mask_word) { | |
1379 | continue; | |
1380 | } | |
1381 | if (sel.sel.nkeys == MAX_PEDIT_OFFSETS) { | |
1382 | VLOG_WARN_RL(&error_rl, "reached too many pedit offsets: %d", | |
1383 | MAX_PEDIT_OFFSETS); | |
1384 | return EOPNOTSUPP; | |
1385 | } | |
1386 | ||
1387 | pedit_key = &sel.keys[sel.sel.nkeys]; | |
1388 | pedit_key_ex = &sel.keys_ex[sel.sel.nkeys]; | |
1389 | pedit_key_ex->cmd = TCA_PEDIT_KEY_EX_CMD_SET; | |
1390 | pedit_key_ex->htype = m->htype; | |
1391 | pedit_key->off = cur_offset; | |
1392 | pedit_key->mask = ~mask_word; | |
1393 | pedit_key->val = *data & mask_word; | |
1394 | sel.sel.nkeys++; | |
d6118e62 PB |
1395 | |
1396 | err = csum_update_flag(flower, m->htype); | |
1397 | if (err) { | |
1398 | return err; | |
1399 | } | |
1400 | ||
1401 | if (flower->needs_full_ip_proto_mask) { | |
1402 | flower->mask.ip_proto = UINT8_MAX; | |
1403 | } | |
8ada482b PB |
1404 | } |
1405 | } | |
1406 | nl_msg_put_act_pedit(request, &sel.sel, sel.keys_ex); | |
1407 | ||
1408 | return 0; | |
1409 | } | |
1410 | ||
1411 | static int | |
f98e418f RD |
1412 | nl_msg_put_flower_acts(struct ofpbuf *request, struct tc_flower *flower) |
1413 | { | |
1414 | size_t offset; | |
1415 | size_t act_offset; | |
0c70132c CM |
1416 | uint16_t act_index = 1; |
1417 | struct tc_action *action; | |
1418 | int i, ifindex = 0; | |
f98e418f RD |
1419 | |
1420 | offset = nl_msg_start_nested(request, TCA_FLOWER_ACT); | |
1421 | { | |
8ada482b PB |
1422 | int error; |
1423 | ||
0c70132c | 1424 | if (flower->tunnel.tunnel) { |
8ada482b | 1425 | act_offset = nl_msg_start_nested(request, act_index++); |
0c70132c | 1426 | nl_msg_put_act_tunnel_key_release(request); |
8ada482b | 1427 | nl_msg_end_nested(request, act_offset); |
0c70132c | 1428 | } |
f98e418f | 1429 | |
0c70132c CM |
1430 | action = flower->actions; |
1431 | for (i = 0; i < flower->action_count; i++, action++) { | |
1432 | switch (action->type) { | |
1433 | case TC_ACT_PEDIT: { | |
a7ce5b85 | 1434 | act_offset = nl_msg_start_nested(request, act_index++); |
0c70132c CM |
1435 | error = nl_msg_put_flower_rewrite_pedits(request, flower); |
1436 | if (error) { | |
1437 | return error; | |
1438 | } | |
a7ce5b85 | 1439 | nl_msg_end_nested(request, act_offset); |
0c70132c CM |
1440 | |
1441 | if (flower->csum_update_flags) { | |
1442 | act_offset = nl_msg_start_nested(request, act_index++); | |
1443 | nl_msg_put_act_csum(request, flower->csum_update_flags); | |
1444 | nl_msg_end_nested(request, act_offset); | |
1445 | } | |
1446 | } | |
1447 | break; | |
1448 | case TC_ACT_ENCAP: { | |
1449 | act_offset = nl_msg_start_nested(request, act_index++); | |
1450 | nl_msg_put_act_tunnel_key_set(request, action->encap.id, | |
1451 | action->encap.ipv4.ipv4_src, | |
1452 | action->encap.ipv4.ipv4_dst, | |
1453 | &action->encap.ipv6.ipv6_src, | |
1454 | &action->encap.ipv6.ipv6_dst, | |
1455 | action->encap.tp_dst); | |
1456 | nl_msg_end_nested(request, act_offset); | |
1457 | } | |
1458 | break; | |
1459 | case TC_ACT_VLAN_POP: { | |
1460 | act_offset = nl_msg_start_nested(request, act_index++); | |
1461 | nl_msg_put_act_pop_vlan(request); | |
1462 | nl_msg_end_nested(request, act_offset); | |
1463 | } | |
1464 | break; | |
1465 | case TC_ACT_VLAN_PUSH: { | |
1466 | act_offset = nl_msg_start_nested(request, act_index++); | |
1467 | nl_msg_put_act_push_vlan(request, | |
1468 | action->vlan.vlan_push_id, | |
1469 | action->vlan.vlan_push_prio); | |
1470 | nl_msg_end_nested(request, act_offset); | |
1471 | } | |
1472 | break; | |
1473 | case TC_ACT_OUTPUT: { | |
1474 | ifindex = action->ifindex_out; | |
1475 | if (ifindex < 1) { | |
1476 | VLOG_ERR_RL(&error_rl, "%s: invalid ifindex: %d, type: %d", | |
1477 | __func__, ifindex, action->type); | |
1478 | return EINVAL; | |
1479 | } | |
1480 | act_offset = nl_msg_start_nested(request, act_index++); | |
00a0a011 CM |
1481 | if (i == flower->action_count - 1) { |
1482 | nl_msg_put_act_mirred(request, ifindex, TC_ACT_STOLEN, | |
1483 | TCA_EGRESS_REDIR); | |
1484 | } else { | |
1485 | nl_msg_put_act_mirred(request, ifindex, TC_ACT_PIPE, | |
1486 | TCA_EGRESS_MIRROR); | |
1487 | } | |
0c70132c CM |
1488 | nl_msg_put_act_cookie(request, &flower->act_cookie); |
1489 | nl_msg_end_nested(request, act_offset); | |
1490 | } | |
1491 | break; | |
a7ce5b85 | 1492 | } |
8ada482b | 1493 | } |
0c70132c CM |
1494 | } |
1495 | if (!ifindex) { | |
1496 | act_offset = nl_msg_start_nested(request, act_index++); | |
1497 | nl_msg_put_act_drop(request); | |
1498 | nl_msg_put_act_cookie(request, &flower->act_cookie); | |
1499 | nl_msg_end_nested(request, act_offset); | |
f98e418f RD |
1500 | } |
1501 | nl_msg_end_nested(request, offset); | |
8ada482b PB |
1502 | |
1503 | return 0; | |
f98e418f RD |
1504 | } |
1505 | ||
1506 | static void | |
1507 | nl_msg_put_masked_value(struct ofpbuf *request, uint16_t type, | |
1508 | uint16_t mask_type, const void *data, | |
1509 | const void *mask_data, size_t len) | |
1510 | { | |
1511 | if (mask_type != TCA_FLOWER_UNSPEC) { | |
1512 | if (is_all_zeros(mask_data, len)) { | |
1513 | return; | |
1514 | } | |
1515 | nl_msg_put_unspec(request, mask_type, mask_data, len); | |
1516 | } | |
1517 | nl_msg_put_unspec(request, type, data, len); | |
1518 | } | |
1519 | ||
1520 | static void | |
1521 | nl_msg_put_flower_tunnel(struct ofpbuf *request, struct tc_flower *flower) | |
1522 | { | |
1523 | ovs_be32 ipv4_src = flower->tunnel.ipv4.ipv4_src; | |
1524 | ovs_be32 ipv4_dst = flower->tunnel.ipv4.ipv4_dst; | |
1525 | struct in6_addr *ipv6_src = &flower->tunnel.ipv6.ipv6_src; | |
1526 | struct in6_addr *ipv6_dst = &flower->tunnel.ipv6.ipv6_dst; | |
1527 | ovs_be16 tp_dst = flower->tunnel.tp_dst; | |
1528 | ovs_be32 id = be64_to_be32(flower->tunnel.id); | |
1529 | ||
1530 | nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_KEY_ID, id); | |
1531 | if (ipv4_dst) { | |
1532 | nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_IPV4_SRC, ipv4_src); | |
1533 | nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_IPV4_DST, ipv4_dst); | |
1534 | } else if (!is_all_zeros(ipv6_dst, sizeof *ipv6_dst)) { | |
1535 | nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_SRC, ipv6_src); | |
1536 | nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_DST, ipv6_dst); | |
1537 | } | |
1538 | nl_msg_put_be16(request, TCA_FLOWER_KEY_ENC_UDP_DST_PORT, tp_dst); | |
1539 | } | |
1540 | ||
bb170644 PB |
1541 | #define FLOWER_PUT_MASKED_VALUE(member, type) \ |
1542 | nl_msg_put_masked_value(request, type, type##_MASK, &flower->key.member, \ | |
1543 | &flower->mask.member, sizeof flower->key.member) | |
1544 | ||
8ada482b | 1545 | static int |
f98e418f RD |
1546 | nl_msg_put_flower_options(struct ofpbuf *request, struct tc_flower *flower) |
1547 | { | |
8ada482b | 1548 | |
f98e418f RD |
1549 | uint16_t host_eth_type = ntohs(flower->key.eth_type); |
1550 | bool is_vlan = (host_eth_type == ETH_TYPE_VLAN); | |
8ada482b PB |
1551 | int err; |
1552 | ||
d6118e62 PB |
1553 | /* need to parse acts first as some acts require changing the matching |
1554 | * see csum_update_flag() */ | |
8ada482b PB |
1555 | err = nl_msg_put_flower_acts(request, flower); |
1556 | if (err) { | |
1557 | return err; | |
1558 | } | |
f98e418f RD |
1559 | |
1560 | if (is_vlan) { | |
1561 | host_eth_type = ntohs(flower->key.encap_eth_type); | |
1562 | } | |
1563 | ||
bb170644 PB |
1564 | FLOWER_PUT_MASKED_VALUE(dst_mac, TCA_FLOWER_KEY_ETH_DST); |
1565 | FLOWER_PUT_MASKED_VALUE(src_mac, TCA_FLOWER_KEY_ETH_SRC); | |
f98e418f RD |
1566 | |
1567 | if (host_eth_type == ETH_P_IP || host_eth_type == ETH_P_IPV6) { | |
1568 | if (flower->mask.ip_proto && flower->key.ip_proto) { | |
1569 | nl_msg_put_u8(request, TCA_FLOWER_KEY_IP_PROTO, | |
1570 | flower->key.ip_proto); | |
1571 | } | |
1572 | ||
83e86606 | 1573 | if (flower->mask.flags) { |
7e0f69b5 | 1574 | nl_msg_put_be32(request, TCA_FLOWER_KEY_FLAGS, |
83e86606 | 1575 | htonl(flower->key.flags)); |
7e0f69b5 | 1576 | nl_msg_put_be32(request, TCA_FLOWER_KEY_FLAGS_MASK, |
83e86606 RD |
1577 | htonl(flower->mask.flags)); |
1578 | } | |
1579 | ||
f98e418f | 1580 | if (flower->key.ip_proto == IPPROTO_UDP) { |
2b1d9fa9 PB |
1581 | FLOWER_PUT_MASKED_VALUE(udp_src, TCA_FLOWER_KEY_UDP_SRC); |
1582 | FLOWER_PUT_MASKED_VALUE(udp_dst, TCA_FLOWER_KEY_UDP_DST); | |
f98e418f | 1583 | } else if (flower->key.ip_proto == IPPROTO_TCP) { |
2b1d9fa9 PB |
1584 | FLOWER_PUT_MASKED_VALUE(tcp_src, TCA_FLOWER_KEY_TCP_SRC); |
1585 | FLOWER_PUT_MASKED_VALUE(tcp_dst, TCA_FLOWER_KEY_TCP_DST); | |
cd081043 | 1586 | FLOWER_PUT_MASKED_VALUE(tcp_flags, TCA_FLOWER_KEY_TCP_FLAGS); |
4862b4e5 | 1587 | } else if (flower->key.ip_proto == IPPROTO_SCTP) { |
2b1d9fa9 PB |
1588 | FLOWER_PUT_MASKED_VALUE(sctp_src, TCA_FLOWER_KEY_SCTP_SRC); |
1589 | FLOWER_PUT_MASKED_VALUE(sctp_dst, TCA_FLOWER_KEY_SCTP_DST); | |
f98e418f RD |
1590 | } |
1591 | } | |
1592 | ||
1593 | if (host_eth_type == ETH_P_IP) { | |
bb170644 PB |
1594 | FLOWER_PUT_MASKED_VALUE(ipv4.ipv4_src, TCA_FLOWER_KEY_IPV4_SRC); |
1595 | FLOWER_PUT_MASKED_VALUE(ipv4.ipv4_dst, TCA_FLOWER_KEY_IPV4_DST); | |
0b4b5203 | 1596 | FLOWER_PUT_MASKED_VALUE(ip_ttl, TCA_FLOWER_KEY_IP_TTL); |
f98e418f | 1597 | } else if (host_eth_type == ETH_P_IPV6) { |
bb170644 PB |
1598 | FLOWER_PUT_MASKED_VALUE(ipv6.ipv6_src, TCA_FLOWER_KEY_IPV6_SRC); |
1599 | FLOWER_PUT_MASKED_VALUE(ipv6.ipv6_dst, TCA_FLOWER_KEY_IPV6_DST); | |
f98e418f RD |
1600 | } |
1601 | ||
1602 | nl_msg_put_be16(request, TCA_FLOWER_KEY_ETH_TYPE, flower->key.eth_type); | |
1603 | ||
1604 | if (is_vlan) { | |
1605 | if (flower->key.vlan_id || flower->key.vlan_prio) { | |
1606 | nl_msg_put_u16(request, TCA_FLOWER_KEY_VLAN_ID, | |
1607 | flower->key.vlan_id); | |
1608 | nl_msg_put_u8(request, TCA_FLOWER_KEY_VLAN_PRIO, | |
1609 | flower->key.vlan_prio); | |
1610 | } | |
1611 | if (flower->key.encap_eth_type) { | |
1612 | nl_msg_put_be16(request, TCA_FLOWER_KEY_VLAN_ETH_TYPE, | |
1613 | flower->key.encap_eth_type); | |
1614 | } | |
1615 | } | |
1616 | ||
691d20cb | 1617 | nl_msg_put_u32(request, TCA_FLOWER_FLAGS, tc_get_tc_cls_policy(tc_policy)); |
f98e418f RD |
1618 | |
1619 | if (flower->tunnel.tunnel) { | |
1620 | nl_msg_put_flower_tunnel(request, flower); | |
1621 | } | |
1622 | ||
8ada482b | 1623 | return 0; |
f98e418f RD |
1624 | } |
1625 | ||
1626 | int | |
1627 | tc_replace_flower(int ifindex, uint16_t prio, uint32_t handle, | |
1628 | struct tc_flower *flower) | |
1629 | { | |
1630 | struct ofpbuf request; | |
1631 | struct tcmsg *tcmsg; | |
1632 | struct ofpbuf *reply; | |
1633 | int error = 0; | |
1634 | size_t basic_offset; | |
1635 | uint16_t eth_type = (OVS_FORCE uint16_t) flower->key.eth_type; | |
1636 | ||
1637 | tcmsg = tc_make_request(ifindex, RTM_NEWTFILTER, | |
1638 | NLM_F_CREATE | NLM_F_ECHO, &request); | |
1639 | tcmsg->tcm_parent = TC_INGRESS_PARENT; | |
1640 | tcmsg->tcm_info = tc_make_handle(prio, eth_type); | |
1641 | tcmsg->tcm_handle = handle; | |
1642 | ||
1643 | nl_msg_put_string(&request, TCA_KIND, "flower"); | |
1644 | basic_offset = nl_msg_start_nested(&request, TCA_OPTIONS); | |
1645 | { | |
8ada482b PB |
1646 | error = nl_msg_put_flower_options(&request, flower); |
1647 | ||
1648 | if (error) { | |
1649 | ofpbuf_uninit(&request); | |
1650 | return error; | |
1651 | } | |
f98e418f RD |
1652 | } |
1653 | nl_msg_end_nested(&request, basic_offset); | |
1654 | ||
1655 | error = tc_transact(&request, &reply); | |
1656 | if (!error) { | |
1657 | struct tcmsg *tc = | |
1658 | ofpbuf_at_assert(reply, NLMSG_HDRLEN, sizeof *tc); | |
1659 | ||
1660 | flower->prio = tc_get_major(tc->tcm_info); | |
1661 | flower->handle = tc->tcm_handle; | |
1662 | ofpbuf_delete(reply); | |
1663 | } | |
1664 | ||
1665 | return error; | |
1666 | } | |
691d20cb PB |
1667 | |
1668 | void | |
1669 | tc_set_policy(const char *policy) | |
1670 | { | |
1671 | if (!policy) { | |
1672 | return; | |
1673 | } | |
1674 | ||
1675 | if (!strcmp(policy, "skip_sw")) { | |
1676 | tc_policy = TC_POLICY_SKIP_SW; | |
1677 | } else if (!strcmp(policy, "skip_hw")) { | |
1678 | tc_policy = TC_POLICY_SKIP_HW; | |
1679 | } else if (!strcmp(policy, "none")) { | |
1680 | tc_policy = TC_POLICY_NONE; | |
1681 | } else { | |
1682 | VLOG_WARN("tc: Invalid policy '%s'", policy); | |
1683 | return; | |
1684 | } | |
1685 | ||
1686 | VLOG_INFO("tc: Using policy '%s'", policy); | |
1687 | } |