2 * Copyright (c) 2007-2014 Nicira, Inc.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of version 2 of the GNU General Public
6 * License as published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
21 #include <linux/skbuff.h>
24 #include <linux/openvswitch.h>
25 #include <linux/sctp.h>
26 #include <linux/tcp.h>
27 #include <linux/udp.h>
28 #include <linux/in6.h>
29 #include <linux/if_arp.h>
30 #include <linux/if_vlan.h>
33 #include <net/checksum.h>
34 #include <net/dsfield.h>
35 #include <net/sctp/checksum.h>
43 static void flow_key_set_priority(struct sk_buff
*skb
, u32 priority
)
45 OVS_CB(skb
)->pkt_key
->phy
.priority
= priority
;
48 static void flow_key_set_skb_mark(struct sk_buff
*skb
, u32 skb_mark
)
50 OVS_CB(skb
)->pkt_key
->phy
.skb_mark
= skb_mark
;
53 static void flow_key_set_eth_src(struct sk_buff
*skb
, const u8 addr
[])
55 ether_addr_copy(OVS_CB(skb
)->pkt_key
->eth
.src
, addr
);
58 static void flow_key_set_eth_dst(struct sk_buff
*skb
, const u8 addr
[])
60 ether_addr_copy(OVS_CB(skb
)->pkt_key
->eth
.dst
, addr
);
63 static void flow_key_set_vlan_tci(struct sk_buff
*skb
, __be16 tci
)
65 OVS_CB(skb
)->pkt_key
->eth
.tci
= tci
;
68 static void flow_key_set_mpls_top_lse(struct sk_buff
*skb
, __be32 top_lse
)
70 OVS_CB(skb
)->pkt_key
->mpls
.top_lse
= top_lse
;
73 static void flow_key_set_ipv4_src(struct sk_buff
*skb
, __be32 addr
)
75 OVS_CB(skb
)->pkt_key
->ipv4
.addr
.src
= addr
;
78 static void flow_key_set_ipv4_dst(struct sk_buff
*skb
, __be32 addr
)
80 OVS_CB(skb
)->pkt_key
->ipv4
.addr
.src
= addr
;
83 static void flow_key_set_ip_tos(struct sk_buff
*skb
, u8 tos
)
85 OVS_CB(skb
)->pkt_key
->ip
.tos
= tos
;
88 static void flow_key_set_ip_ttl(struct sk_buff
*skb
, u8 ttl
)
90 OVS_CB(skb
)->pkt_key
->ip
.ttl
= ttl
;
93 static void flow_key_set_ipv6_src(struct sk_buff
*skb
,
96 memcpy(&OVS_CB(skb
)->pkt_key
->ipv6
.addr
.src
, addr
, sizeof(__be32
[4]));
99 static void flow_key_set_ipv6_dst(struct sk_buff
*skb
,
100 const __be32 addr
[4])
102 memcpy(&OVS_CB(skb
)->pkt_key
->ipv6
.addr
.dst
, addr
, sizeof(__be32
[4]));
105 static void flow_key_set_ipv6_fl(struct sk_buff
*skb
,
106 const struct ipv6hdr
*nh
)
108 OVS_CB(skb
)->pkt_key
->ipv6
.label
= *(__be32
*)nh
&
109 htonl(IPV6_FLOWINFO_FLOWLABEL
);
112 static void flow_key_set_tp_src(struct sk_buff
*skb
, __be16 port
)
114 OVS_CB(skb
)->pkt_key
->tp
.src
= port
;
117 static void flow_key_set_tp_dst(struct sk_buff
*skb
, __be16 port
)
119 OVS_CB(skb
)->pkt_key
->tp
.dst
= port
;
122 static void invalidate_skb_flow_key(struct sk_buff
*skb
)
124 OVS_CB(skb
)->pkt_key
->eth
.type
= htons(0);
127 static bool is_skb_flow_key_valid(struct sk_buff
*skb
)
129 return !!OVS_CB(skb
)->pkt_key
->eth
.type
;
132 static int do_execute_actions(struct datapath
*dp
, struct sk_buff
*skb
,
133 const struct nlattr
*attr
, int len
);
135 static int make_writable(struct sk_buff
*skb
, int write_len
)
137 if (!skb_cloned(skb
) || skb_clone_writable(skb
, write_len
))
140 return pskb_expand_head(skb
, 0, 0, GFP_ATOMIC
);
143 /* The end of the mac header.
145 * For non-MPLS skbs this will correspond to the network header.
146 * For MPLS skbs it will be before the network_header as the MPLS
147 * label stack lies between the end of the mac header and the network
148 * header. That is, for MPLS skbs the end of the mac header
149 * is the top of the MPLS label stack.
151 static unsigned char *mac_header_end(const struct sk_buff
*skb
)
153 return skb_mac_header(skb
) + skb
->mac_len
;
156 static int push_mpls(struct sk_buff
*skb
,
157 const struct ovs_action_push_mpls
*mpls
)
159 __be32
*new_mpls_lse
;
162 if (skb_cow_head(skb
, MPLS_HLEN
) < 0)
165 skb_push(skb
, MPLS_HLEN
);
166 memmove(skb_mac_header(skb
) - MPLS_HLEN
, skb_mac_header(skb
),
168 skb_reset_mac_header(skb
);
170 new_mpls_lse
= (__be32
*)mac_header_end(skb
);
171 *new_mpls_lse
= mpls
->mpls_lse
;
173 if (skb
->ip_summed
== CHECKSUM_COMPLETE
)
174 skb
->csum
= csum_add(skb
->csum
, csum_partial(new_mpls_lse
,
178 hdr
->h_proto
= mpls
->mpls_ethertype
;
179 if (!ovs_skb_get_inner_protocol(skb
))
180 ovs_skb_set_inner_protocol(skb
, skb
->protocol
);
181 skb
->protocol
= mpls
->mpls_ethertype
;
182 invalidate_skb_flow_key(skb
);
186 static int pop_mpls(struct sk_buff
*skb
, const __be16 ethertype
)
191 err
= make_writable(skb
, skb
->mac_len
+ MPLS_HLEN
);
195 if (skb
->ip_summed
== CHECKSUM_COMPLETE
)
196 skb
->csum
= csum_sub(skb
->csum
,
197 csum_partial(mac_header_end(skb
),
200 memmove(skb_mac_header(skb
) + MPLS_HLEN
, skb_mac_header(skb
),
203 __skb_pull(skb
, MPLS_HLEN
);
204 skb_reset_mac_header(skb
);
206 /* mac_header_end() is used to locate the ethertype
207 * field correctly in the presence of VLAN tags.
209 hdr
= (struct ethhdr
*)(mac_header_end(skb
) - ETH_HLEN
);
210 hdr
->h_proto
= ethertype
;
211 if (eth_p_mpls(skb
->protocol
))
212 skb
->protocol
= ethertype
;
213 invalidate_skb_flow_key(skb
);
217 static int set_mpls(struct sk_buff
*skb
, const __be32
*mpls_lse
)
219 __be32
*stack
= (__be32
*)mac_header_end(skb
);
222 err
= make_writable(skb
, skb
->mac_len
+ MPLS_HLEN
);
226 if (skb
->ip_summed
== CHECKSUM_COMPLETE
) {
227 __be32 diff
[] = { ~(*stack
), *mpls_lse
};
228 skb
->csum
= ~csum_partial((char *)diff
, sizeof(diff
),
233 flow_key_set_mpls_top_lse(skb
, *stack
);
237 /* remove VLAN header from packet and update csum accordingly. */
238 static int __pop_vlan_tci(struct sk_buff
*skb
, __be16
*current_tci
)
240 struct vlan_hdr
*vhdr
;
243 err
= make_writable(skb
, VLAN_ETH_HLEN
);
247 if (skb
->ip_summed
== CHECKSUM_COMPLETE
)
248 skb
->csum
= csum_sub(skb
->csum
, csum_partial(skb
->data
249 + (2 * ETH_ALEN
), VLAN_HLEN
, 0));
251 vhdr
= (struct vlan_hdr
*)(skb
->data
+ ETH_HLEN
);
252 *current_tci
= vhdr
->h_vlan_TCI
;
254 memmove(skb
->data
+ VLAN_HLEN
, skb
->data
, 2 * ETH_ALEN
);
255 __skb_pull(skb
, VLAN_HLEN
);
257 vlan_set_encap_proto(skb
, vhdr
);
258 skb
->mac_header
+= VLAN_HLEN
;
259 /* Update mac_len for subsequent MPLS actions */
260 skb
->mac_len
-= VLAN_HLEN
;
265 static int pop_vlan(struct sk_buff
*skb
)
270 if (likely(vlan_tx_tag_present(skb
))) {
271 vlan_set_tci(skb
, 0);
273 if (unlikely(skb
->protocol
!= htons(ETH_P_8021Q
) ||
274 skb
->len
< VLAN_ETH_HLEN
))
277 err
= __pop_vlan_tci(skb
, &tci
);
281 /* move next vlan tag to hw accel tag */
282 if (likely(skb
->protocol
!= htons(ETH_P_8021Q
) ||
283 skb
->len
< VLAN_ETH_HLEN
)) {
284 flow_key_set_vlan_tci(skb
, 0);
288 invalidate_skb_flow_key(skb
);
289 err
= __pop_vlan_tci(skb
, &tci
);
293 __vlan_hwaccel_put_tag(skb
, htons(ETH_P_8021Q
), ntohs(tci
));
297 static int push_vlan(struct sk_buff
*skb
, const struct ovs_action_push_vlan
*vlan
)
299 if (unlikely(vlan_tx_tag_present(skb
))) {
302 /* push down current VLAN tag */
303 current_tag
= vlan_tx_tag_get(skb
);
305 if (!__vlan_put_tag(skb
, skb
->vlan_proto
, current_tag
))
308 /* Update mac_len for subsequent MPLS actions */
309 skb
->mac_len
+= VLAN_HLEN
;
311 if (skb
->ip_summed
== CHECKSUM_COMPLETE
)
312 skb
->csum
= csum_add(skb
->csum
, csum_partial(skb
->data
313 + (2 * ETH_ALEN
), VLAN_HLEN
, 0));
315 invalidate_skb_flow_key(skb
);
317 flow_key_set_vlan_tci(skb
, vlan
->vlan_tci
);
319 __vlan_hwaccel_put_tag(skb
, vlan
->vlan_tpid
, ntohs(vlan
->vlan_tci
) & ~VLAN_TAG_PRESENT
);
323 static int set_eth_addr(struct sk_buff
*skb
,
324 const struct ovs_key_ethernet
*eth_key
)
327 err
= make_writable(skb
, ETH_HLEN
);
331 skb_postpull_rcsum(skb
, eth_hdr(skb
), ETH_ALEN
* 2);
333 ether_addr_copy(eth_hdr(skb
)->h_source
, eth_key
->eth_src
);
334 ether_addr_copy(eth_hdr(skb
)->h_dest
, eth_key
->eth_dst
);
336 ovs_skb_postpush_rcsum(skb
, eth_hdr(skb
), ETH_ALEN
* 2);
338 flow_key_set_eth_src(skb
, eth_key
->eth_src
);
339 flow_key_set_eth_dst(skb
, eth_key
->eth_dst
);
343 static void set_ip_addr(struct sk_buff
*skb
, struct iphdr
*nh
,
344 __be32
*addr
, __be32 new_addr
)
346 int transport_len
= skb
->len
- skb_transport_offset(skb
);
348 if (nh
->protocol
== IPPROTO_TCP
) {
349 if (likely(transport_len
>= sizeof(struct tcphdr
)))
350 inet_proto_csum_replace4(&tcp_hdr(skb
)->check
, skb
,
352 } else if (nh
->protocol
== IPPROTO_UDP
) {
353 if (likely(transport_len
>= sizeof(struct udphdr
))) {
354 struct udphdr
*uh
= udp_hdr(skb
);
356 if (uh
->check
|| skb
->ip_summed
== CHECKSUM_PARTIAL
) {
357 inet_proto_csum_replace4(&uh
->check
, skb
,
360 uh
->check
= CSUM_MANGLED_0
;
365 csum_replace4(&nh
->check
, *addr
, new_addr
);
370 static void update_ipv6_checksum(struct sk_buff
*skb
, u8 l4_proto
,
371 __be32 addr
[4], const __be32 new_addr
[4])
373 int transport_len
= skb
->len
- skb_transport_offset(skb
);
375 if (l4_proto
== IPPROTO_TCP
) {
376 if (likely(transport_len
>= sizeof(struct tcphdr
)))
377 inet_proto_csum_replace16(&tcp_hdr(skb
)->check
, skb
,
379 } else if (l4_proto
== IPPROTO_UDP
) {
380 if (likely(transport_len
>= sizeof(struct udphdr
))) {
381 struct udphdr
*uh
= udp_hdr(skb
);
383 if (uh
->check
|| skb
->ip_summed
== CHECKSUM_PARTIAL
) {
384 inet_proto_csum_replace16(&uh
->check
, skb
,
387 uh
->check
= CSUM_MANGLED_0
;
393 static void set_ipv6_addr(struct sk_buff
*skb
, u8 l4_proto
,
394 __be32 addr
[4], const __be32 new_addr
[4],
395 bool recalculate_csum
)
397 if (likely(recalculate_csum
))
398 update_ipv6_checksum(skb
, l4_proto
, addr
, new_addr
);
401 memcpy(addr
, new_addr
, sizeof(__be32
[4]));
404 static void set_ipv6_tc(struct ipv6hdr
*nh
, u8 tc
)
406 nh
->priority
= tc
>> 4;
407 nh
->flow_lbl
[0] = (nh
->flow_lbl
[0] & 0x0F) | ((tc
& 0x0F) << 4);
410 static void set_ipv6_fl(struct ipv6hdr
*nh
, u32 fl
)
412 nh
->flow_lbl
[0] = (nh
->flow_lbl
[0] & 0xF0) | (fl
& 0x000F0000) >> 16;
413 nh
->flow_lbl
[1] = (fl
& 0x0000FF00) >> 8;
414 nh
->flow_lbl
[2] = fl
& 0x000000FF;
417 static void set_ip_ttl(struct sk_buff
*skb
, struct iphdr
*nh
, u8 new_ttl
)
419 csum_replace2(&nh
->check
, htons(nh
->ttl
<< 8), htons(new_ttl
<< 8));
423 static int set_ipv4(struct sk_buff
*skb
, const struct ovs_key_ipv4
*ipv4_key
)
428 err
= make_writable(skb
, skb_network_offset(skb
) +
429 sizeof(struct iphdr
));
435 if (ipv4_key
->ipv4_src
!= nh
->saddr
) {
436 set_ip_addr(skb
, nh
, &nh
->saddr
, ipv4_key
->ipv4_src
);
437 flow_key_set_ipv4_src(skb
, ipv4_key
->ipv4_src
);
440 if (ipv4_key
->ipv4_dst
!= nh
->daddr
) {
441 set_ip_addr(skb
, nh
, &nh
->daddr
, ipv4_key
->ipv4_dst
);
442 flow_key_set_ipv4_dst(skb
, ipv4_key
->ipv4_dst
);
445 if (ipv4_key
->ipv4_tos
!= nh
->tos
) {
446 ipv4_change_dsfield(nh
, 0, ipv4_key
->ipv4_tos
);
447 flow_key_set_ip_tos(skb
, nh
->tos
);
450 if (ipv4_key
->ipv4_ttl
!= nh
->ttl
) {
451 set_ip_ttl(skb
, nh
, ipv4_key
->ipv4_ttl
);
452 flow_key_set_ip_ttl(skb
, ipv4_key
->ipv4_ttl
);
458 static int set_ipv6(struct sk_buff
*skb
, const struct ovs_key_ipv6
*ipv6_key
)
465 err
= make_writable(skb
, skb_network_offset(skb
) +
466 sizeof(struct ipv6hdr
));
471 saddr
= (__be32
*)&nh
->saddr
;
472 daddr
= (__be32
*)&nh
->daddr
;
474 if (memcmp(ipv6_key
->ipv6_src
, saddr
, sizeof(ipv6_key
->ipv6_src
))) {
475 set_ipv6_addr(skb
, ipv6_key
->ipv6_proto
, saddr
,
476 ipv6_key
->ipv6_src
, true);
477 flow_key_set_ipv6_src(skb
, ipv6_key
->ipv6_src
);
480 if (memcmp(ipv6_key
->ipv6_dst
, daddr
, sizeof(ipv6_key
->ipv6_dst
))) {
481 unsigned int offset
= 0;
482 int flags
= OVS_IP6T_FH_F_SKIP_RH
;
483 bool recalc_csum
= true;
485 if (ipv6_ext_hdr(nh
->nexthdr
))
486 recalc_csum
= ipv6_find_hdr(skb
, &offset
,
487 NEXTHDR_ROUTING
, NULL
,
488 &flags
) != NEXTHDR_ROUTING
;
490 set_ipv6_addr(skb
, ipv6_key
->ipv6_proto
, daddr
,
491 ipv6_key
->ipv6_dst
, recalc_csum
);
492 flow_key_set_ipv6_dst(skb
, ipv6_key
->ipv6_dst
);
495 set_ipv6_tc(nh
, ipv6_key
->ipv6_tclass
);
496 flow_key_set_ip_tos(skb
, ipv6_get_dsfield(nh
));
498 set_ipv6_fl(nh
, ntohl(ipv6_key
->ipv6_label
));
499 flow_key_set_ipv6_fl(skb
, nh
);
501 nh
->hop_limit
= ipv6_key
->ipv6_hlimit
;
502 flow_key_set_ip_ttl(skb
, ipv6_key
->ipv6_hlimit
);
506 /* Must follow make_writable() since that can move the skb data. */
507 static void set_tp_port(struct sk_buff
*skb
, __be16
*port
,
508 __be16 new_port
, __sum16
*check
)
510 inet_proto_csum_replace2(check
, skb
, *port
, new_port
, 0);
515 static void set_udp_port(struct sk_buff
*skb
, __be16
*port
, __be16 new_port
)
517 struct udphdr
*uh
= udp_hdr(skb
);
519 if (uh
->check
&& skb
->ip_summed
!= CHECKSUM_PARTIAL
) {
520 set_tp_port(skb
, port
, new_port
, &uh
->check
);
523 uh
->check
= CSUM_MANGLED_0
;
530 static int set_udp(struct sk_buff
*skb
, const struct ovs_key_udp
*udp_port_key
)
535 err
= make_writable(skb
, skb_transport_offset(skb
) +
536 sizeof(struct udphdr
));
541 if (udp_port_key
->udp_src
!= uh
->source
) {
542 set_udp_port(skb
, &uh
->source
, udp_port_key
->udp_src
);
543 flow_key_set_tp_src(skb
, udp_port_key
->udp_src
);
546 if (udp_port_key
->udp_dst
!= uh
->dest
) {
547 set_udp_port(skb
, &uh
->dest
, udp_port_key
->udp_dst
);
548 flow_key_set_tp_dst(skb
, udp_port_key
->udp_dst
);
554 static int set_tcp(struct sk_buff
*skb
, const struct ovs_key_tcp
*tcp_port_key
)
559 err
= make_writable(skb
, skb_transport_offset(skb
) +
560 sizeof(struct tcphdr
));
565 if (tcp_port_key
->tcp_src
!= th
->source
) {
566 set_tp_port(skb
, &th
->source
, tcp_port_key
->tcp_src
, &th
->check
);
567 flow_key_set_tp_src(skb
, tcp_port_key
->tcp_src
);
570 if (tcp_port_key
->tcp_dst
!= th
->dest
) {
571 set_tp_port(skb
, &th
->dest
, tcp_port_key
->tcp_dst
, &th
->check
);
572 flow_key_set_tp_dst(skb
, tcp_port_key
->tcp_dst
);
578 static int set_sctp(struct sk_buff
*skb
,
579 const struct ovs_key_sctp
*sctp_port_key
)
583 unsigned int sctphoff
= skb_transport_offset(skb
);
585 err
= make_writable(skb
, sctphoff
+ sizeof(struct sctphdr
));
590 if (sctp_port_key
->sctp_src
!= sh
->source
||
591 sctp_port_key
->sctp_dst
!= sh
->dest
) {
592 __le32 old_correct_csum
, new_csum
, old_csum
;
594 old_csum
= sh
->checksum
;
595 old_correct_csum
= sctp_compute_cksum(skb
, sctphoff
);
597 sh
->source
= sctp_port_key
->sctp_src
;
598 sh
->dest
= sctp_port_key
->sctp_dst
;
600 new_csum
= sctp_compute_cksum(skb
, sctphoff
);
602 /* Carry any checksum errors through. */
603 sh
->checksum
= old_csum
^ old_correct_csum
^ new_csum
;
606 flow_key_set_tp_src(skb
, sctp_port_key
->sctp_src
);
607 flow_key_set_tp_dst(skb
, sctp_port_key
->sctp_dst
);
613 static void do_output(struct datapath
*dp
, struct sk_buff
*skb
, int out_port
)
615 struct vport
*vport
= ovs_vport_rcu(dp
, out_port
);
618 ovs_vport_send(vport
, skb
);
623 static int output_userspace(struct datapath
*dp
, struct sk_buff
*skb
,
624 const struct nlattr
*attr
)
626 struct dp_upcall_info upcall
;
627 const struct nlattr
*a
;
630 upcall
.cmd
= OVS_PACKET_CMD_ACTION
;
631 upcall
.userdata
= NULL
;
634 for (a
= nla_data(attr
), rem
= nla_len(attr
); rem
> 0;
635 a
= nla_next(a
, &rem
)) {
636 switch (nla_type(a
)) {
637 case OVS_USERSPACE_ATTR_USERDATA
:
641 case OVS_USERSPACE_ATTR_PID
:
642 upcall
.portid
= nla_get_u32(a
);
647 return ovs_dp_upcall(dp
, skb
, &upcall
);
650 static bool last_action(const struct nlattr
*a
, int rem
)
652 return a
->nla_len
== rem
;
655 static int sample(struct datapath
*dp
, struct sk_buff
*skb
,
656 const struct nlattr
*attr
)
658 struct sw_flow_key sample_key
;
659 const struct nlattr
*acts_list
= NULL
;
660 const struct nlattr
*a
;
661 struct sk_buff
*sample_skb
;
664 for (a
= nla_data(attr
), rem
= nla_len(attr
); rem
> 0;
665 a
= nla_next(a
, &rem
)) {
666 switch (nla_type(a
)) {
667 case OVS_SAMPLE_ATTR_PROBABILITY
:
668 if (prandom_u32() >= nla_get_u32(a
))
672 case OVS_SAMPLE_ATTR_ACTIONS
:
678 rem
= nla_len(acts_list
);
679 a
= nla_data(acts_list
);
681 /* Actions list is either empty or only contains a single user-space
682 * action, the latter being a special case as it is the only known
683 * usage of the sample action.
684 * In these special cases don't clone the skb as there are no
685 * side-effects in the nested actions.
686 * Otherwise, clone in case the nested actions have side effects. */
687 if (likely(rem
== 0 ||
688 (nla_type(a
) == OVS_ACTION_ATTR_USERSPACE
&&
689 last_action(a
, rem
)))) {
693 sample_skb
= skb_clone(skb
, GFP_ATOMIC
);
695 /* Skip the sample action when out of memory. */
698 sample_key
= *OVS_CB(skb
)->pkt_key
;
699 OVS_CB(sample_skb
)->pkt_key
= &sample_key
;
702 /* Note that do_execute_actions() never consumes skb.
703 * In the case where skb has been cloned above it is the clone that
704 * is consumed. Otherwise the skb_get(skb) call prevents
705 * consumption by do_execute_actions(). Thus, it is safe to simply
706 * return the error code and let the caller (also
707 * do_execute_actions()) free skb on error. */
708 return do_execute_actions(dp
, sample_skb
, a
, rem
);
711 static void execute_hash(struct sk_buff
*skb
, const struct nlattr
*attr
)
713 struct sw_flow_key
*key
= OVS_CB(skb
)->pkt_key
;
714 struct ovs_action_hash
*hash_act
= nla_data(attr
);
717 /* OVS_HASH_ALG_L4 is the only possible hash algorithm. */
718 hash
= skb_get_hash(skb
);
719 hash
= jhash_1word(hash
, hash_act
->hash_basis
);
723 key
->ovs_flow_hash
= hash
;
726 static int execute_set_action(struct sk_buff
*skb
,
727 const struct nlattr
*nested_attr
)
731 switch (nla_type(nested_attr
)) {
732 case OVS_KEY_ATTR_PRIORITY
:
733 skb
->priority
= nla_get_u32(nested_attr
);
734 flow_key_set_priority(skb
, skb
->priority
);
737 case OVS_KEY_ATTR_SKB_MARK
:
738 skb
->mark
= nla_get_u32(nested_attr
);
739 flow_key_set_skb_mark(skb
, skb
->mark
);
742 case OVS_KEY_ATTR_TUNNEL_INFO
:
743 OVS_CB(skb
)->egress_tun_info
= nla_data(nested_attr
);
746 case OVS_KEY_ATTR_ETHERNET
:
747 err
= set_eth_addr(skb
, nla_data(nested_attr
));
750 case OVS_KEY_ATTR_IPV4
:
751 err
= set_ipv4(skb
, nla_data(nested_attr
));
754 case OVS_KEY_ATTR_IPV6
:
755 err
= set_ipv6(skb
, nla_data(nested_attr
));
758 case OVS_KEY_ATTR_TCP
:
759 err
= set_tcp(skb
, nla_data(nested_attr
));
762 case OVS_KEY_ATTR_UDP
:
763 err
= set_udp(skb
, nla_data(nested_attr
));
766 case OVS_KEY_ATTR_SCTP
:
767 err
= set_sctp(skb
, nla_data(nested_attr
));
770 case OVS_KEY_ATTR_MPLS
:
771 err
= set_mpls(skb
, nla_data(nested_attr
));
778 static void flow_key_clone_recirc(struct sk_buff
*skb
, u32 recirc_id
,
779 struct sw_flow_key
*recirc_key
)
781 *recirc_key
= *OVS_CB(skb
)->pkt_key
;
782 recirc_key
->recirc_id
= recirc_id
;
783 OVS_CB(skb
)->pkt_key
= recirc_key
;
786 static void flow_key_set_recirc_id(struct sk_buff
*skb
, u32 recirc_id
)
788 OVS_CB(skb
)->pkt_key
->recirc_id
= recirc_id
;
791 static int execute_recirc(struct datapath
*dp
, struct sk_buff
*skb
,
792 const struct nlattr
*a
, int rem
)
794 struct sw_flow_key recirc_key
;
797 if (!last_action(a
, rem
)) {
798 /* Recirc action is the not the last action
799 * of the action list. */
800 skb
= skb_clone(skb
, GFP_ATOMIC
);
802 /* Skip the recirc action when out of memory, but
803 * continue on with the rest of the action list. */
808 if (is_skb_flow_key_valid(skb
)) {
809 if (!last_action(a
, rem
))
810 flow_key_clone_recirc(skb
, nla_get_u32(a
), &recirc_key
);
812 flow_key_set_recirc_id(skb
, nla_get_u32(a
));
814 struct sw_flow_key
*pkt_key
= OVS_CB(skb
)->pkt_key
;
816 err
= ovs_flow_key_extract_recirc(nla_get_u32(a
), pkt_key
,
824 ovs_dp_process_packet(skb
, true);
828 /* Execute a list of actions against 'skb'. */
829 static int do_execute_actions(struct datapath
*dp
, struct sk_buff
*skb
,
830 const struct nlattr
*attr
, int len
)
832 /* Every output action needs a separate clone of 'skb', but the common
833 * case is just a single output action, so that doing a clone and
834 * then freeing the original skbuff is wasteful. So the following code
835 * is slightly obscure just to avoid that. */
837 const struct nlattr
*a
;
840 for (a
= attr
, rem
= len
; rem
> 0;
841 a
= nla_next(a
, &rem
)) {
844 if (unlikely(prev_port
!= -1)) {
845 struct sk_buff
*out_skb
= skb_clone(skb
, GFP_ATOMIC
);
848 do_output(dp
, out_skb
, prev_port
);
853 switch (nla_type(a
)) {
854 case OVS_ACTION_ATTR_OUTPUT
:
855 prev_port
= nla_get_u32(a
);
858 case OVS_ACTION_ATTR_USERSPACE
:
859 output_userspace(dp
, skb
, a
);
862 case OVS_ACTION_ATTR_HASH
:
863 execute_hash(skb
, a
);
866 case OVS_ACTION_ATTR_PUSH_MPLS
:
867 err
= push_mpls(skb
, nla_data(a
));
870 case OVS_ACTION_ATTR_POP_MPLS
:
871 err
= pop_mpls(skb
, nla_get_be16(a
));
874 case OVS_ACTION_ATTR_PUSH_VLAN
:
875 err
= push_vlan(skb
, nla_data(a
));
876 if (unlikely(err
)) /* skb already freed. */
880 case OVS_ACTION_ATTR_POP_VLAN
:
884 case OVS_ACTION_ATTR_RECIRC
:
885 err
= execute_recirc(dp
, skb
, a
, rem
);
888 case OVS_ACTION_ATTR_SET
:
889 err
= execute_set_action(skb
, nla_data(a
));
892 case OVS_ACTION_ATTR_SAMPLE
:
893 err
= sample(dp
, skb
, a
);
904 do_output(dp
, skb
, prev_port
);
911 /* We limit the number of times that we pass into execute_actions()
912 * to avoid blowing out the stack in the event that we have a loop.
914 * Each loop adds some (estimated) cost to the kernel stack.
915 * The loop terminates when the max cost is exceeded.
917 #define RECIRC_STACK_COST 1
918 #define DEFAULT_STACK_COST 4
919 /* Allow up to 4 regular services, and up to 3 recirculations */
920 #define MAX_STACK_COST (DEFAULT_STACK_COST * 4 + RECIRC_STACK_COST * 3)
922 struct loop_counter
{
923 u8 stack_cost
; /* loop stack cost. */
924 bool looping
; /* Loop detected? */
927 static DEFINE_PER_CPU(struct loop_counter
, loop_counters
);
929 static int loop_suppress(struct datapath
*dp
, struct sw_flow_actions
*actions
)
932 pr_warn("%s: flow loop detected, dropping\n",
934 actions
->actions_len
= 0;
938 /* Execute a list of actions against 'skb'. */
939 int ovs_execute_actions(struct datapath
*dp
, struct sk_buff
*skb
, bool recirc
)
941 struct sw_flow_actions
*acts
= rcu_dereference(OVS_CB(skb
)->flow
->sf_acts
);
942 const u8 stack_cost
= recirc
? RECIRC_STACK_COST
: DEFAULT_STACK_COST
;
943 struct loop_counter
*loop
;
946 /* Check whether we've looped too much. */
947 loop
= &__get_cpu_var(loop_counters
);
948 loop
->stack_cost
+= stack_cost
;
949 if (unlikely(loop
->stack_cost
> MAX_STACK_COST
))
950 loop
->looping
= true;
951 if (unlikely(loop
->looping
)) {
952 error
= loop_suppress(dp
, acts
);
957 error
= do_execute_actions(dp
, skb
, acts
->actions
, acts
->actions_len
);
959 /* Check whether sub-actions looped too much. */
960 if (unlikely(loop
->looping
))
961 error
= loop_suppress(dp
, acts
);
964 /* Decrement loop stack cost. */
965 loop
->stack_cost
-= stack_cost
;
966 if (!loop
->stack_cost
)
967 loop
->looping
= false;