]> git.proxmox.com Git - mirror_ovs.git/blob - datapath/actions.c
projects / mirror_ovs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge "master" into "next".
[mirror_ovs.git] / datapath / actions.c
1 /*
2 * Distributed under the terms of the GNU GPL version 2.
3 * Copyright (c) 2007, 2008, 2009, 2010 Nicira Networks.
4 *
5 * Significant portions of this file may be copied from parts of the Linux
6 * kernel, by Linus Torvalds and others.
7 */
8
9 /* Functions for executing flow actions. */
10
11 #include <linux/skbuff.h>
12 #include <linux/in.h>
13 #include <linux/ip.h>
14 #include <linux/tcp.h>
15 #include <linux/udp.h>
16 #include <linux/in6.h>
17 #include <linux/if_vlan.h>
18 #include <net/inet_ecn.h>
19 #include <net/ip.h>
20 #include <net/checksum.h>
21 #include "datapath.h"
22 #include "dp_dev.h"
23 #include "actions.h"
24 #include "openvswitch/datapath-protocol.h"
25
26 static struct sk_buff *
27 make_writable(struct sk_buff *skb, unsigned min_headroom, gfp_t gfp)
28 {
29 if (skb_shared(skb) || skb_cloned(skb)) {
30 struct sk_buff *nskb;
31 unsigned headroom = max(min_headroom, skb_headroom(skb));
32
33 nskb = skb_copy_expand(skb, headroom, skb_tailroom(skb), gfp);
34 if (nskb) {
35 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
36 /* Before 2.6.24 these fields were not copied when
37 * doing an skb_copy_expand. */
38 nskb->ip_summed = skb->ip_summed;
39 nskb->csum = skb->csum;
40 #endif
41 #if defined(CONFIG_XEN) && defined(HAVE_PROTO_DATA_VALID)
42 /* These fields are copied in skb_clone but not in
43 * skb_copy or related functions. We need to manually
44 * copy them over here. */
45 nskb->proto_data_valid = skb->proto_data_valid;
46 nskb->proto_csum_blank = skb->proto_csum_blank;
47 #endif
48 kfree_skb(skb);
49 return nskb;
50 }
51 } else {
52 unsigned int hdr_len = (skb_transport_offset(skb)
53 + sizeof(struct tcphdr));
54 if (pskb_may_pull(skb, min(hdr_len, skb->len)))
55 return skb;
56 }
57 kfree_skb(skb);
58 return NULL;
59 }
60
61
62 static struct sk_buff *
63 vlan_pull_tag(struct sk_buff *skb)
64 {
65 struct vlan_ethhdr *vh = vlan_eth_hdr(skb);
66 struct ethhdr *eh;
67
68
69 /* Verify we were given a vlan packet */
70 if (vh->h_vlan_proto != htons(ETH_P_8021Q))
71 return skb;
72
73 memmove(skb->data + VLAN_HLEN, skb->data, 2 * VLAN_ETH_ALEN);
74
75 eh = (struct ethhdr *)skb_pull(skb, VLAN_HLEN);
76
77 skb->protocol = eh->h_proto;
78 skb->mac_header += VLAN_HLEN;
79
80 return skb;
81 }
82
83
84 static struct sk_buff *
85 modify_vlan_tci(struct datapath *dp, struct sk_buff *skb,
86 struct odp_flow_key *key, const union odp_action *a,
87 int n_actions, gfp_t gfp)
88 {
89 u16 tci, mask;
90
91 if (a->type == ODPAT_SET_VLAN_VID) {
92 tci = ntohs(a->vlan_vid.vlan_vid);
93 mask = VLAN_VID_MASK;
94 key->dl_vlan = htons(tci & mask);
95 } else {
96 tci = a->vlan_pcp.vlan_pcp << VLAN_PCP_SHIFT;
97 mask = VLAN_PCP_MASK;
98 }
99
100 skb = make_writable(skb, VLAN_HLEN, gfp);
101 if (!skb)
102 return ERR_PTR(-ENOMEM);
103
104 if (skb->protocol == htons(ETH_P_8021Q)) {
105 /* Modify vlan id, but maintain other TCI values */
106 struct vlan_ethhdr *vh = vlan_eth_hdr(skb);
107 vh->h_vlan_TCI = htons((ntohs(vh->h_vlan_TCI) & ~mask) | tci);
108 } else {
109 /* Add vlan header */
110
111 /* Set up checksumming pointers for checksum-deferred packets
112 * on Xen. Otherwise, dev_queue_xmit() will try to do this
113 * when we send the packet out on the wire, and it will fail at
114 * that point because skb_checksum_setup() will not look inside
115 * an 802.1Q header. */
116 vswitch_skb_checksum_setup(skb);
117
118 /* GSO is not implemented for packets with an 802.1Q header, so
119 * we have to do segmentation before we add that header.
120 *
121 * GSO does work with hardware-accelerated VLAN tagging, but we
122 * can't use hardware-accelerated VLAN tagging since it
123 * requires the device to have a VLAN group configured (with
124 * e.g. vconfig(8)) and we don't do that.
125 *
126 * Having to do this here may be a performance loss, since we
127 * can't take advantage of TSO hardware support, although it
128 * does not make a measurable network performance difference
129 * for 1G Ethernet. Fixing that would require patching the
130 * kernel (either to add GSO support to the VLAN protocol or to
131 * support hardware-accelerated VLAN tagging without VLAN
132 * groups configured). */
133 if (skb_is_gso(skb)) {
134 struct sk_buff *segs;
135
136 segs = skb_gso_segment(skb, 0);
137 kfree_skb(skb);
138 if (unlikely(IS_ERR(segs)))
139 return ERR_CAST(segs);
140
141 do {
142 struct sk_buff *nskb = segs->next;
143 int err;
144
145 segs->next = NULL;
146
147 segs = __vlan_put_tag(segs, tci);
148 err = -ENOMEM;
149 if (segs) {
150 struct odp_flow_key segkey = *key;
151 err = execute_actions(dp, segs,
152 &segkey, a + 1,
153 n_actions - 1,
154 gfp);
155 }
156
157 if (unlikely(err)) {
158 while ((segs = nskb)) {
159 nskb = segs->next;
160 segs->next = NULL;
161 kfree_skb(segs);
162 }
163 return ERR_PTR(err);
164 }
165
166 segs = nskb;
167 } while (segs->next);
168
169 skb = segs;
170 }
171
172 /* The hardware-accelerated version of vlan_put_tag() works
173 * only for a device that has a VLAN group configured (with
174 * e.g. vconfig(8)), so call the software-only version
175 * __vlan_put_tag() directly instead.
176 */
177 skb = __vlan_put_tag(skb, tci);
178 if (!skb)
179 return ERR_PTR(-ENOMEM);
180 }
181
182 return skb;
183 }
184
185 static struct sk_buff *strip_vlan(struct sk_buff *skb,
186 struct odp_flow_key *key, gfp_t gfp)
187 {
188 skb = make_writable(skb, 0, gfp);
189 if (skb) {
190 vlan_pull_tag(skb);
191 key->dl_vlan = htons(ODP_VLAN_NONE);
192 }
193 return skb;
194 }
195
196 static struct sk_buff *set_dl_addr(struct sk_buff *skb,
197 const struct odp_action_dl_addr *a,
198 gfp_t gfp)
199 {
200 skb = make_writable(skb, 0, gfp);
201 if (skb) {
202 struct ethhdr *eh = eth_hdr(skb);
203 memcpy(a->type == ODPAT_SET_DL_SRC ? eh->h_source : eh->h_dest,
204 a->dl_addr, ETH_ALEN);
205 }
206 return skb;
207 }
208
209 /* Updates 'sum', which is a field in 'skb''s data, given that a 4-byte field
210 * covered by the sum has been changed from 'from' to 'to'. If set,
211 * 'pseudohdr' indicates that the field is in the TCP or UDP pseudo-header.
212 * Based on nf_proto_csum_replace4. */
213 static void update_csum(__sum16 *sum, struct sk_buff *skb,
214 __be32 from, __be32 to, int pseudohdr)
215 {
216 __be32 diff[] = { ~from, to };
217
218 /* On older kernels, CHECKSUM_PARTIAL and CHECKSUM_COMPLETE are both defined
219 * as CHECKSUM_HW. However, we can make some inferences so that we can update
220 * the checksums appropriately. */
221 enum {
222 CSUM_PARTIAL, /* Partial checksum, skb->csum undefined. */
223 CSUM_PACKET, /* In-packet checksum, skb->csum undefined. */
224 CSUM_COMPLETE, /* In-packet checksum, skb->csum valid. */
225 } csum_type;
226
227 csum_type = CSUM_PACKET;
228 #ifndef CHECKSUM_HW
229 /* Newer kernel, just map between kernel types and ours. */
230 if (skb->ip_summed == CHECKSUM_PARTIAL)
231 csum_type = CSUM_PARTIAL;
232 else if (skb->ip_summed == CHECKSUM_COMPLETE)
233 csum_type = CSUM_COMPLETE;
234 #else
235 /* In theory this could be either CHECKSUM_PARTIAL or CHECKSUM_COMPLETE.
236 * However, we should only get CHECKSUM_PARTIAL packets from Xen, which
237 * uses some special fields to represent this (see below). Since we
238 * can only make one type work, pick the one that actually happens in
239 * practice. */
240 if (skb->ip_summed == CHECKSUM_HW)
241 csum_type = CSUM_COMPLETE;
242 #endif
243 #if defined(CONFIG_XEN) && defined(HAVE_PROTO_DATA_VALID)
244 /* Xen has a special way of representing CHECKSUM_PARTIAL on older
245 * kernels. */
246 if (skb->proto_csum_blank)
247 csum_type = CSUM_PARTIAL;
248 #endif
249
250 if (csum_type != CSUM_PARTIAL) {
251 *sum = csum_fold(csum_partial((char *)diff, sizeof(diff),
252 ~csum_unfold(*sum)));
253 if (csum_type == CSUM_COMPLETE && pseudohdr)
254 skb->csum = ~csum_partial((char *)diff, sizeof(diff),
255 ~skb->csum);
256 } else if (pseudohdr)
257 *sum = ~csum_fold(csum_partial((char *)diff, sizeof(diff),
258 csum_unfold(*sum)));
259 }
260
261 static struct sk_buff *set_nw_addr(struct sk_buff *skb,
262 struct odp_flow_key *key,
263 const struct odp_action_nw_addr *a,
264 gfp_t gfp)
265 {
266 if (key->dl_type != htons(ETH_P_IP))
267 return skb;
268
269 skb = make_writable(skb, 0, gfp);
270 if (skb) {
271 struct iphdr *nh = ip_hdr(skb);
272 u32 *f = a->type == ODPAT_SET_NW_SRC ? &nh->saddr : &nh->daddr;
273 u32 old = *f;
274 u32 new = a->nw_addr;
275
276 if (key->nw_proto == IPPROTO_TCP) {
277 struct tcphdr *th = tcp_hdr(skb);
278 update_csum(&th->check, skb, old, new, 1);
279 } else if (key->nw_proto == IPPROTO_UDP) {
280 struct udphdr *th = udp_hdr(skb);
281 update_csum(&th->check, skb, old, new, 1);
282 }
283 update_csum(&nh->check, skb, old, new, 0);
284 *f = new;
285 }
286 return skb;
287 }
288
289 static struct sk_buff *set_nw_tos(struct sk_buff *skb,
290 struct odp_flow_key *key,
291 const struct odp_action_nw_tos *a,
292 gfp_t gfp)
293 {
294 if (key->dl_type != htons(ETH_P_IP))
295 return skb;
296
297 skb = make_writable(skb, 0, gfp);
298 if (skb) {
299 struct iphdr *nh = ip_hdr(skb);
300 u8 *f = &nh->tos;
301 u8 old = *f;
302 u8 new;
303
304 /* Set the DSCP bits and preserve the ECN bits. */
305 new = (a->nw_tos & ~INET_ECN_MASK) | (nh->tos & INET_ECN_MASK);
306 update_csum(&nh->check, skb, htons((uint16_t)old),
307 htons((uint16_t)new), 0);
308 *f = new;
309 }
310 return skb;
311 }
312
313 static struct sk_buff *
314 set_tp_port(struct sk_buff *skb, struct odp_flow_key *key,
315 const struct odp_action_tp_port *a,
316 gfp_t gfp)
317 {
318 int check_ofs;
319
320 if (key->dl_type != htons(ETH_P_IP))
321 return skb;
322
323 if (key->nw_proto == IPPROTO_TCP)
324 check_ofs = offsetof(struct tcphdr, check);
325 else if (key->nw_proto == IPPROTO_UDP)
326 check_ofs = offsetof(struct udphdr, check);
327 else
328 return skb;
329
330 skb = make_writable(skb, 0, gfp);
331 if (skb) {
332 struct udphdr *th = udp_hdr(skb);
333 u16 *f = a->type == ODPAT_SET_TP_SRC ? &th->source : &th->dest;
334 u16 old = *f;
335 u16 new = a->tp_port;
336 update_csum((u16*)(skb_transport_header(skb) + check_ofs),
337 skb, old, new, 0);
338 *f = new;
339 }
340 return skb;
341 }
342
343 static inline unsigned packet_length(const struct sk_buff *skb)
344 {
345 unsigned length = skb->len - ETH_HLEN;
346 if (skb->protocol == htons(ETH_P_8021Q))
347 length -= VLAN_HLEN;
348 return length;
349 }
350
351 int dp_xmit_skb(struct sk_buff *skb)
352 {
353 struct datapath *dp = skb->dev->br_port->dp;
354 int len = skb->len;
355
356 if (packet_length(skb) > skb->dev->mtu && !skb_is_gso(skb)) {
357 printk(KERN_WARNING "%s: dropped over-mtu packet: %d > %d\n",
358 dp_name(dp), packet_length(skb), skb->dev->mtu);
359 kfree_skb(skb);
360 return -E2BIG;
361 }
362
363 forward_ip_summed(skb);
364 dev_queue_xmit(skb);
365
366 return len;
367 }
368
369 static void
370 do_output(struct datapath *dp, struct sk_buff *skb, int out_port)
371 {
372 struct net_bridge_port *p;
373 struct net_device *dev;
374
375 if (!skb)
376 goto error;
377
378 p = dp->ports[out_port];
379 if (!p)
380 goto error;
381
382 dev = skb->dev = p->dev;
383 if (is_dp_dev(dev))
384 dp_dev_recv(dev, skb);
385 else
386 dp_xmit_skb(skb);
387 return;
388
389 error:
390 kfree_skb(skb);
391 }
392
393 /* Never consumes 'skb'. Returns a port that 'skb' should be sent to, -1 if
394 * none. */
395 static int output_group(struct datapath *dp, __u16 group,
396 struct sk_buff *skb, gfp_t gfp)
397 {
398 struct dp_port_group *g = rcu_dereference(dp->groups[group]);
399 int prev_port = -1;
400 int i;
401
402 if (!g)
403 return -1;
404 for (i = 0; i < g->n_ports; i++) {
405 struct net_bridge_port *p = dp->ports[g->ports[i]];
406 if (!p || skb->dev == p->dev)
407 continue;
408 if (prev_port != -1) {
409 struct sk_buff *clone = skb_clone(skb, gfp);
410 if (!clone)
411 return -1;
412 do_output(dp, clone, prev_port);
413 }
414 prev_port = p->port_no;
415 }
416 return prev_port;
417 }
418
419 static int
420 output_control(struct datapath *dp, struct sk_buff *skb, u32 arg, gfp_t gfp)
421 {
422 skb = skb_clone(skb, gfp);
423 if (!skb)
424 return -ENOMEM;
425 return dp_output_control(dp, skb, _ODPL_ACTION_NR, arg);
426 }
427
428 /* Send a copy of this packet up to the sFlow agent, along with extra
429 * information about what happened to it. */
430 static void sflow_sample(struct datapath *dp, struct sk_buff *skb,
431 const union odp_action *a, int n_actions,
432 gfp_t gfp, struct net_bridge_port *nbp)
433 {
434 struct odp_sflow_sample_header *hdr;
435 unsigned int actlen = n_actions * sizeof(union odp_action);
436 unsigned int hdrlen = sizeof(struct odp_sflow_sample_header);
437 struct sk_buff *nskb;
438
439 nskb = skb_copy_expand(skb, actlen + hdrlen, 0, gfp);
440 if (!nskb)
441 return;
442
443 memcpy(__skb_push(nskb, actlen), a, actlen);
444 hdr = (struct odp_sflow_sample_header*)__skb_push(nskb, hdrlen);
445 hdr->n_actions = n_actions;
446 hdr->sample_pool = atomic_read(&nbp->sflow_pool);
447 dp_output_control(dp, nskb, _ODPL_SFLOW_NR, 0);
448 }
449
450 /* Execute a list of actions against 'skb'. */
451 int execute_actions(struct datapath *dp, struct sk_buff *skb,
452 struct odp_flow_key *key,
453 const union odp_action *a, int n_actions,
454 gfp_t gfp)
455 {
456 /* Every output action needs a separate clone of 'skb', but the common
457 * case is just a single output action, so that doing a clone and
458 * then freeing the original skbuff is wasteful. So the following code
459 * is slightly obscure just to avoid that. */
460 int prev_port = -1;
461 int err;
462
463 if (dp->sflow_probability) {
464 struct net_bridge_port *p = skb->dev->br_port;
465 if (p) {
466 atomic_inc(&p->sflow_pool);
467 if (dp->sflow_probability == UINT_MAX ||
468 net_random() < dp->sflow_probability)
469 sflow_sample(dp, skb, a, n_actions, gfp, p);
470 }
471 }
472
473 for (; n_actions > 0; a++, n_actions--) {
474 WARN_ON_ONCE(skb_shared(skb));
475 if (prev_port != -1) {
476 do_output(dp, skb_clone(skb, gfp), prev_port);
477 prev_port = -1;
478 }
479
480 switch (a->type) {
481 case ODPAT_OUTPUT:
482 prev_port = a->output.port;
483 break;
484
485 case ODPAT_OUTPUT_GROUP:
486 prev_port = output_group(dp, a->output_group.group,
487 skb, gfp);
488 break;
489
490 case ODPAT_CONTROLLER:
491 err = output_control(dp, skb, a->controller.arg, gfp);
492 if (err) {
493 kfree_skb(skb);
494 return err;
495 }
496 break;
497
498 case ODPAT_SET_VLAN_VID:
499 case ODPAT_SET_VLAN_PCP:
500 skb = modify_vlan_tci(dp, skb, key, a, n_actions, gfp);
501 if (IS_ERR(skb))
502 return PTR_ERR(skb);
503 break;
504
505 case ODPAT_STRIP_VLAN:
506 skb = strip_vlan(skb, key, gfp);
507 break;
508
509 case ODPAT_SET_DL_SRC:
510 case ODPAT_SET_DL_DST:
511 skb = set_dl_addr(skb, &a->dl_addr, gfp);
512 break;
513
514 case ODPAT_SET_NW_SRC:
515 case ODPAT_SET_NW_DST:
516 skb = set_nw_addr(skb, key, &a->nw_addr, gfp);
517 break;
518
519 case ODPAT_SET_NW_TOS:
520 skb = set_nw_tos(skb, key, &a->nw_tos, gfp);
521 break;
522
523 case ODPAT_SET_TP_SRC:
524 case ODPAT_SET_TP_DST:
525 skb = set_tp_port(skb, key, &a->tp_port, gfp);
526 break;
527 }
528 if (!skb)
529 return -ENOMEM;
530 }
531 if (prev_port != -1)
532 do_output(dp, skb, prev_port);
533 else
534 kfree_skb(skb);
535 return 0;
536 }
openvswitch mirror