]> git.proxmox.com Git - mirror_ovs.git/blob - datapath/actions.c
projects / mirror_ovs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
datapath: simplify sample action implementation
[mirror_ovs.git] / datapath / actions.c
1 /*
2 * Copyright (c) 2007-2014 Nicira, Inc.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of version 2 of the GNU General Public
6 * License as published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
16 * 02110-1301, USA
17 */
18
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
20
21 #include <linux/skbuff.h>
22 #include <linux/in.h>
23 #include <linux/ip.h>
24 #include <linux/openvswitch.h>
25 #include <linux/sctp.h>
26 #include <linux/tcp.h>
27 #include <linux/udp.h>
28 #include <linux/in6.h>
29 #include <linux/if_arp.h>
30 #include <linux/if_vlan.h>
31 #include <net/ip.h>
32 #include <net/ipv6.h>
33 #include <net/checksum.h>
34 #include <net/dsfield.h>
35 #include <net/sctp/checksum.h>
36
37 #include "datapath.h"
38 #include "gso.h"
39 #include "mpls.h"
40 #include "vlan.h"
41 #include "vport.h"
42
43 static void flow_key_clone(struct sk_buff *skb, struct sw_flow_key *new_key)
44 {
45 *new_key = *OVS_CB(skb)->pkt_key;
46 OVS_CB(skb)->pkt_key = new_key;
47 }
48
49 static void flow_key_set_recirc_id(struct sk_buff *skb, u32 recirc_id)
50 {
51 OVS_CB(skb)->pkt_key->recirc_id = recirc_id;
52 }
53
54 static void flow_key_set_priority(struct sk_buff *skb, u32 priority)
55 {
56 OVS_CB(skb)->pkt_key->phy.priority = priority;
57 }
58
59 static void flow_key_set_skb_mark(struct sk_buff *skb, u32 skb_mark)
60 {
61 OVS_CB(skb)->pkt_key->phy.skb_mark = skb_mark;
62 }
63
64 static void flow_key_set_eth_src(struct sk_buff *skb, const u8 addr[])
65 {
66 ether_addr_copy(OVS_CB(skb)->pkt_key->eth.src, addr);
67 }
68
69 static void flow_key_set_eth_dst(struct sk_buff *skb, const u8 addr[])
70 {
71 ether_addr_copy(OVS_CB(skb)->pkt_key->eth.dst, addr);
72 }
73
74 static void flow_key_set_vlan_tci(struct sk_buff *skb, __be16 tci)
75 {
76 OVS_CB(skb)->pkt_key->eth.tci = tci;
77 }
78
79 static void flow_key_set_mpls_top_lse(struct sk_buff *skb, __be32 top_lse)
80 {
81 OVS_CB(skb)->pkt_key->mpls.top_lse = top_lse;
82 }
83
84 static void flow_key_set_ipv4_src(struct sk_buff *skb, __be32 addr)
85 {
86 OVS_CB(skb)->pkt_key->ipv4.addr.src = addr;
87 }
88
89 static void flow_key_set_ipv4_dst(struct sk_buff *skb, __be32 addr)
90 {
91 OVS_CB(skb)->pkt_key->ipv4.addr.src = addr;
92 }
93
94 static void flow_key_set_ip_tos(struct sk_buff *skb, u8 tos)
95 {
96 OVS_CB(skb)->pkt_key->ip.tos = tos;
97 }
98
99 static void flow_key_set_ip_ttl(struct sk_buff *skb, u8 ttl)
100 {
101 OVS_CB(skb)->pkt_key->ip.ttl = ttl;
102 }
103
104 static void flow_key_set_ipv6_src(struct sk_buff *skb,
105 const __be32 addr[4])
106 {
107 memcpy(&OVS_CB(skb)->pkt_key->ipv6.addr.src, addr, sizeof(__be32[4]));
108 }
109
110 static void flow_key_set_ipv6_dst(struct sk_buff *skb,
111 const __be32 addr[4])
112 {
113 memcpy(&OVS_CB(skb)->pkt_key->ipv6.addr.dst, addr, sizeof(__be32[4]));
114 }
115
116 static void flow_key_set_ipv6_fl(struct sk_buff *skb,
117 const struct ipv6hdr *nh)
118 {
119 OVS_CB(skb)->pkt_key->ipv6.label = *(__be32 *)nh &
120 htonl(IPV6_FLOWINFO_FLOWLABEL);
121 }
122
123 static void flow_key_set_tp_src(struct sk_buff *skb, __be16 port)
124 {
125 OVS_CB(skb)->pkt_key->tp.src = port;
126 }
127
128 static void flow_key_set_tp_dst(struct sk_buff *skb, __be16 port)
129 {
130 OVS_CB(skb)->pkt_key->tp.dst = port;
131 }
132
133 static void invalidate_skb_flow_key(struct sk_buff *skb)
134 {
135 OVS_CB(skb)->pkt_key->eth.type = htons(0);
136 }
137
138 static bool is_skb_flow_key_valid(struct sk_buff *skb)
139 {
140 return !!OVS_CB(skb)->pkt_key->eth.type;
141 }
142
143 static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
144 const struct nlattr *attr, int len);
145
146 static int make_writable(struct sk_buff *skb, int write_len)
147 {
148 if (!skb_cloned(skb) || skb_clone_writable(skb, write_len))
149 return 0;
150
151 return pskb_expand_head(skb, 0, 0, GFP_ATOMIC);
152 }
153
154 /* The end of the mac header.
155 *
156 * For non-MPLS skbs this will correspond to the network header.
157 * For MPLS skbs it will be before the network_header as the MPLS
158 * label stack lies between the end of the mac header and the network
159 * header. That is, for MPLS skbs the end of the mac header
160 * is the top of the MPLS label stack.
161 */
162 static unsigned char *mac_header_end(const struct sk_buff *skb)
163 {
164 return skb_mac_header(skb) + skb->mac_len;
165 }
166
167 static int push_mpls(struct sk_buff *skb,
168 const struct ovs_action_push_mpls *mpls)
169 {
170 __be32 *new_mpls_lse;
171 struct ethhdr *hdr;
172
173 if (skb_cow_head(skb, MPLS_HLEN) < 0)
174 return -ENOMEM;
175
176 skb_push(skb, MPLS_HLEN);
177 memmove(skb_mac_header(skb) - MPLS_HLEN, skb_mac_header(skb),
178 skb->mac_len);
179 skb_reset_mac_header(skb);
180
181 new_mpls_lse = (__be32 *)mac_header_end(skb);
182 *new_mpls_lse = mpls->mpls_lse;
183
184 if (skb->ip_summed == CHECKSUM_COMPLETE)
185 skb->csum = csum_add(skb->csum, csum_partial(new_mpls_lse,
186 MPLS_HLEN, 0));
187
188 hdr = eth_hdr(skb);
189 hdr->h_proto = mpls->mpls_ethertype;
190 if (!ovs_skb_get_inner_protocol(skb))
191 ovs_skb_set_inner_protocol(skb, skb->protocol);
192 skb->protocol = mpls->mpls_ethertype;
193 invalidate_skb_flow_key(skb);
194 return 0;
195 }
196
197 static int pop_mpls(struct sk_buff *skb, const __be16 ethertype)
198 {
199 struct ethhdr *hdr;
200 int err;
201
202 err = make_writable(skb, skb->mac_len + MPLS_HLEN);
203 if (unlikely(err))
204 return err;
205
206 if (skb->ip_summed == CHECKSUM_COMPLETE)
207 skb->csum = csum_sub(skb->csum,
208 csum_partial(mac_header_end(skb),
209 MPLS_HLEN, 0));
210
211 memmove(skb_mac_header(skb) + MPLS_HLEN, skb_mac_header(skb),
212 skb->mac_len);
213
214 __skb_pull(skb, MPLS_HLEN);
215 skb_reset_mac_header(skb);
216
217 /* mac_header_end() is used to locate the ethertype
218 * field correctly in the presence of VLAN tags.
219 */
220 hdr = (struct ethhdr *)(mac_header_end(skb) - ETH_HLEN);
221 hdr->h_proto = ethertype;
222 if (eth_p_mpls(skb->protocol))
223 skb->protocol = ethertype;
224 invalidate_skb_flow_key(skb);
225 return 0;
226 }
227
228 static int set_mpls(struct sk_buff *skb, const __be32 *mpls_lse)
229 {
230 __be32 *stack = (__be32 *)mac_header_end(skb);
231 int err;
232
233 err = make_writable(skb, skb->mac_len + MPLS_HLEN);
234 if (unlikely(err))
235 return err;
236
237 if (skb->ip_summed == CHECKSUM_COMPLETE) {
238 __be32 diff[] = { ~(*stack), *mpls_lse };
239 skb->csum = ~csum_partial((char *)diff, sizeof(diff),
240 ~skb->csum);
241 }
242
243 *stack = *mpls_lse;
244 flow_key_set_mpls_top_lse(skb, *stack);
245 return 0;
246 }
247
248 /* remove VLAN header from packet and update csum accordingly. */
249 static int __pop_vlan_tci(struct sk_buff *skb, __be16 *current_tci)
250 {
251 struct vlan_hdr *vhdr;
252 int err;
253
254 err = make_writable(skb, VLAN_ETH_HLEN);
255 if (unlikely(err))
256 return err;
257
258 if (skb->ip_summed == CHECKSUM_COMPLETE)
259 skb->csum = csum_sub(skb->csum, csum_partial(skb->data
260 + (2 * ETH_ALEN), VLAN_HLEN, 0));
261
262 vhdr = (struct vlan_hdr *)(skb->data + ETH_HLEN);
263 *current_tci = vhdr->h_vlan_TCI;
264
265 memmove(skb->data + VLAN_HLEN, skb->data, 2 * ETH_ALEN);
266 __skb_pull(skb, VLAN_HLEN);
267
268 vlan_set_encap_proto(skb, vhdr);
269 skb->mac_header += VLAN_HLEN;
270 /* Update mac_len for subsequent MPLS actions */
271 skb->mac_len -= VLAN_HLEN;
272
273 return 0;
274 }
275
276 static int pop_vlan(struct sk_buff *skb)
277 {
278 __be16 tci;
279 int err;
280
281 if (likely(vlan_tx_tag_present(skb))) {
282 vlan_set_tci(skb, 0);
283 } else {
284 if (unlikely(skb->protocol != htons(ETH_P_8021Q) ||
285 skb->len < VLAN_ETH_HLEN))
286 return 0;
287
288 err = __pop_vlan_tci(skb, &tci);
289 if (err)
290 return err;
291 }
292 /* move next vlan tag to hw accel tag */
293 if (likely(skb->protocol != htons(ETH_P_8021Q) ||
294 skb->len < VLAN_ETH_HLEN)) {
295 flow_key_set_vlan_tci(skb, 0);
296 return 0;
297 }
298
299 invalidate_skb_flow_key(skb);
300 err = __pop_vlan_tci(skb, &tci);
301 if (unlikely(err))
302 return err;
303
304 __vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q), ntohs(tci));
305 return 0;
306 }
307
308 static int push_vlan(struct sk_buff *skb, const struct ovs_action_push_vlan *vlan)
309 {
310 if (unlikely(vlan_tx_tag_present(skb))) {
311 u16 current_tag;
312
313 /* push down current VLAN tag */
314 current_tag = vlan_tx_tag_get(skb);
315
316 if (!__vlan_put_tag(skb, skb->vlan_proto, current_tag))
317 return -ENOMEM;
318
319 /* Update mac_len for subsequent MPLS actions */
320 skb->mac_len += VLAN_HLEN;
321
322 if (skb->ip_summed == CHECKSUM_COMPLETE)
323 skb->csum = csum_add(skb->csum, csum_partial(skb->data
324 + (2 * ETH_ALEN), VLAN_HLEN, 0));
325
326 invalidate_skb_flow_key(skb);
327 } else {
328 flow_key_set_vlan_tci(skb, vlan->vlan_tci);
329 }
330 __vlan_hwaccel_put_tag(skb, vlan->vlan_tpid, ntohs(vlan->vlan_tci) & ~VLAN_TAG_PRESENT);
331 return 0;
332 }
333
334 static int set_eth_addr(struct sk_buff *skb,
335 const struct ovs_key_ethernet *eth_key)
336 {
337 int err;
338 err = make_writable(skb, ETH_HLEN);
339 if (unlikely(err))
340 return err;
341
342 skb_postpull_rcsum(skb, eth_hdr(skb), ETH_ALEN * 2);
343
344 ether_addr_copy(eth_hdr(skb)->h_source, eth_key->eth_src);
345 ether_addr_copy(eth_hdr(skb)->h_dest, eth_key->eth_dst);
346
347 ovs_skb_postpush_rcsum(skb, eth_hdr(skb), ETH_ALEN * 2);
348
349 flow_key_set_eth_src(skb, eth_key->eth_src);
350 flow_key_set_eth_dst(skb, eth_key->eth_dst);
351 return 0;
352 }
353
354 static void set_ip_addr(struct sk_buff *skb, struct iphdr *nh,
355 __be32 *addr, __be32 new_addr)
356 {
357 int transport_len = skb->len - skb_transport_offset(skb);
358
359 if (nh->protocol == IPPROTO_TCP) {
360 if (likely(transport_len >= sizeof(struct tcphdr)))
361 inet_proto_csum_replace4(&tcp_hdr(skb)->check, skb,
362 *addr, new_addr, 1);
363 } else if (nh->protocol == IPPROTO_UDP) {
364 if (likely(transport_len >= sizeof(struct udphdr))) {
365 struct udphdr *uh = udp_hdr(skb);
366
367 if (uh->check || skb->ip_summed == CHECKSUM_PARTIAL) {
368 inet_proto_csum_replace4(&uh->check, skb,
369 *addr, new_addr, 1);
370 if (!uh->check)
371 uh->check = CSUM_MANGLED_0;
372 }
373 }
374 }
375
376 csum_replace4(&nh->check, *addr, new_addr);
377 skb_clear_hash(skb);
378 *addr = new_addr;
379 }
380
381 static void update_ipv6_checksum(struct sk_buff *skb, u8 l4_proto,
382 __be32 addr[4], const __be32 new_addr[4])
383 {
384 int transport_len = skb->len - skb_transport_offset(skb);
385
386 if (l4_proto == NEXTHDR_TCP) {
387 if (likely(transport_len >= sizeof(struct tcphdr)))
388 inet_proto_csum_replace16(&tcp_hdr(skb)->check, skb,
389 addr, new_addr, 1);
390 } else if (l4_proto == NEXTHDR_UDP) {
391 if (likely(transport_len >= sizeof(struct udphdr))) {
392 struct udphdr *uh = udp_hdr(skb);
393
394 if (uh->check || skb->ip_summed == CHECKSUM_PARTIAL) {
395 inet_proto_csum_replace16(&uh->check, skb,
396 addr, new_addr, 1);
397 if (!uh->check)
398 uh->check = CSUM_MANGLED_0;
399 }
400 }
401 } else if (l4_proto == NEXTHDR_ICMP) {
402 if (likely(transport_len >= sizeof(struct icmp6hdr)))
403 inet_proto_csum_replace16(&icmp6_hdr(skb)->icmp6_cksum,
404 skb, addr, new_addr, 1);
405 }
406 }
407
408 static void set_ipv6_addr(struct sk_buff *skb, u8 l4_proto,
409 __be32 addr[4], const __be32 new_addr[4],
410 bool recalculate_csum)
411 {
412 if (likely(recalculate_csum))
413 update_ipv6_checksum(skb, l4_proto, addr, new_addr);
414
415 skb_clear_hash(skb);
416 memcpy(addr, new_addr, sizeof(__be32[4]));
417 }
418
419 static void set_ipv6_tc(struct ipv6hdr *nh, u8 tc)
420 {
421 nh->priority = tc >> 4;
422 nh->flow_lbl[0] = (nh->flow_lbl[0] & 0x0F) | ((tc & 0x0F) << 4);
423 }
424
425 static void set_ipv6_fl(struct ipv6hdr *nh, u32 fl)
426 {
427 nh->flow_lbl[0] = (nh->flow_lbl[0] & 0xF0) | (fl & 0x000F0000) >> 16;
428 nh->flow_lbl[1] = (fl & 0x0000FF00) >> 8;
429 nh->flow_lbl[2] = fl & 0x000000FF;
430 }
431
432 static void set_ip_ttl(struct sk_buff *skb, struct iphdr *nh, u8 new_ttl)
433 {
434 csum_replace2(&nh->check, htons(nh->ttl << 8), htons(new_ttl << 8));
435 nh->ttl = new_ttl;
436 }
437
438 static int set_ipv4(struct sk_buff *skb, const struct ovs_key_ipv4 *ipv4_key)
439 {
440 struct iphdr *nh;
441 int err;
442
443 err = make_writable(skb, skb_network_offset(skb) +
444 sizeof(struct iphdr));
445 if (unlikely(err))
446 return err;
447
448 nh = ip_hdr(skb);
449
450 if (ipv4_key->ipv4_src != nh->saddr) {
451 set_ip_addr(skb, nh, &nh->saddr, ipv4_key->ipv4_src);
452 flow_key_set_ipv4_src(skb, ipv4_key->ipv4_src);
453 }
454
455 if (ipv4_key->ipv4_dst != nh->daddr) {
456 set_ip_addr(skb, nh, &nh->daddr, ipv4_key->ipv4_dst);
457 flow_key_set_ipv4_dst(skb, ipv4_key->ipv4_dst);
458 }
459
460 if (ipv4_key->ipv4_tos != nh->tos) {
461 ipv4_change_dsfield(nh, 0, ipv4_key->ipv4_tos);
462 flow_key_set_ip_tos(skb, nh->tos);
463 }
464
465 if (ipv4_key->ipv4_ttl != nh->ttl) {
466 set_ip_ttl(skb, nh, ipv4_key->ipv4_ttl);
467 flow_key_set_ip_ttl(skb, ipv4_key->ipv4_ttl);
468 }
469
470 return 0;
471 }
472
473 static int set_ipv6(struct sk_buff *skb, const struct ovs_key_ipv6 *ipv6_key)
474 {
475 struct ipv6hdr *nh;
476 int err;
477 __be32 *saddr;
478 __be32 *daddr;
479
480 err = make_writable(skb, skb_network_offset(skb) +
481 sizeof(struct ipv6hdr));
482 if (unlikely(err))
483 return err;
484
485 nh = ipv6_hdr(skb);
486 saddr = (__be32 *)&nh->saddr;
487 daddr = (__be32 *)&nh->daddr;
488
489 if (memcmp(ipv6_key->ipv6_src, saddr, sizeof(ipv6_key->ipv6_src))) {
490 set_ipv6_addr(skb, ipv6_key->ipv6_proto, saddr,
491 ipv6_key->ipv6_src, true);
492 flow_key_set_ipv6_src(skb, ipv6_key->ipv6_src);
493 }
494
495 if (memcmp(ipv6_key->ipv6_dst, daddr, sizeof(ipv6_key->ipv6_dst))) {
496 unsigned int offset = 0;
497 int flags = OVS_IP6T_FH_F_SKIP_RH;
498 bool recalc_csum = true;
499
500 if (ipv6_ext_hdr(nh->nexthdr))
501 recalc_csum = ipv6_find_hdr(skb, &offset,
502 NEXTHDR_ROUTING, NULL,
503 &flags) != NEXTHDR_ROUTING;
504
505 set_ipv6_addr(skb, ipv6_key->ipv6_proto, daddr,
506 ipv6_key->ipv6_dst, recalc_csum);
507 flow_key_set_ipv6_dst(skb, ipv6_key->ipv6_dst);
508 }
509
510 set_ipv6_tc(nh, ipv6_key->ipv6_tclass);
511 flow_key_set_ip_tos(skb, ipv6_get_dsfield(nh));
512
513 set_ipv6_fl(nh, ntohl(ipv6_key->ipv6_label));
514 flow_key_set_ipv6_fl(skb, nh);
515
516 nh->hop_limit = ipv6_key->ipv6_hlimit;
517 flow_key_set_ip_ttl(skb, ipv6_key->ipv6_hlimit);
518 return 0;
519 }
520
521 /* Must follow make_writable() since that can move the skb data. */
522 static void set_tp_port(struct sk_buff *skb, __be16 *port,
523 __be16 new_port, __sum16 *check)
524 {
525 inet_proto_csum_replace2(check, skb, *port, new_port, 0);
526 *port = new_port;
527 skb_clear_hash(skb);
528 }
529
530 static void set_udp_port(struct sk_buff *skb, __be16 *port, __be16 new_port)
531 {
532 struct udphdr *uh = udp_hdr(skb);
533
534 if (uh->check && skb->ip_summed != CHECKSUM_PARTIAL) {
535 set_tp_port(skb, port, new_port, &uh->check);
536
537 if (!uh->check)
538 uh->check = CSUM_MANGLED_0;
539 } else {
540 *port = new_port;
541 skb_clear_hash(skb);
542 }
543 }
544
545 static int set_udp(struct sk_buff *skb, const struct ovs_key_udp *udp_port_key)
546 {
547 struct udphdr *uh;
548 int err;
549
550 err = make_writable(skb, skb_transport_offset(skb) +
551 sizeof(struct udphdr));
552 if (unlikely(err))
553 return err;
554
555 uh = udp_hdr(skb);
556 if (udp_port_key->udp_src != uh->source) {
557 set_udp_port(skb, &uh->source, udp_port_key->udp_src);
558 flow_key_set_tp_src(skb, udp_port_key->udp_src);
559 }
560
561 if (udp_port_key->udp_dst != uh->dest) {
562 set_udp_port(skb, &uh->dest, udp_port_key->udp_dst);
563 flow_key_set_tp_dst(skb, udp_port_key->udp_dst);
564 }
565
566 return 0;
567 }
568
569 static int set_tcp(struct sk_buff *skb, const struct ovs_key_tcp *tcp_port_key)
570 {
571 struct tcphdr *th;
572 int err;
573
574 err = make_writable(skb, skb_transport_offset(skb) +
575 sizeof(struct tcphdr));
576 if (unlikely(err))
577 return err;
578
579 th = tcp_hdr(skb);
580 if (tcp_port_key->tcp_src != th->source) {
581 set_tp_port(skb, &th->source, tcp_port_key->tcp_src, &th->check);
582 flow_key_set_tp_src(skb, tcp_port_key->tcp_src);
583 }
584
585 if (tcp_port_key->tcp_dst != th->dest) {
586 set_tp_port(skb, &th->dest, tcp_port_key->tcp_dst, &th->check);
587 flow_key_set_tp_dst(skb, tcp_port_key->tcp_dst);
588 }
589
590 return 0;
591 }
592
593 static int set_sctp(struct sk_buff *skb,
594 const struct ovs_key_sctp *sctp_port_key)
595 {
596 struct sctphdr *sh;
597 int err;
598 unsigned int sctphoff = skb_transport_offset(skb);
599
600 err = make_writable(skb, sctphoff + sizeof(struct sctphdr));
601 if (unlikely(err))
602 return err;
603
604 sh = sctp_hdr(skb);
605 if (sctp_port_key->sctp_src != sh->source ||
606 sctp_port_key->sctp_dst != sh->dest) {
607 __le32 old_correct_csum, new_csum, old_csum;
608
609 old_csum = sh->checksum;
610 old_correct_csum = sctp_compute_cksum(skb, sctphoff);
611
612 sh->source = sctp_port_key->sctp_src;
613 sh->dest = sctp_port_key->sctp_dst;
614
615 new_csum = sctp_compute_cksum(skb, sctphoff);
616
617 /* Carry any checksum errors through. */
618 sh->checksum = old_csum ^ old_correct_csum ^ new_csum;
619
620 skb_clear_hash(skb);
621 flow_key_set_tp_src(skb, sctp_port_key->sctp_src);
622 flow_key_set_tp_dst(skb, sctp_port_key->sctp_dst);
623 }
624
625 return 0;
626 }
627
628 static void do_output(struct datapath *dp, struct sk_buff *skb, int out_port)
629 {
630 struct vport *vport = ovs_vport_rcu(dp, out_port);
631
632 if (likely(vport))
633 ovs_vport_send(vport, skb);
634 else
635 kfree_skb(skb);
636 }
637
638 static int output_userspace(struct datapath *dp, struct sk_buff *skb,
639 const struct nlattr *attr)
640 {
641 struct dp_upcall_info upcall;
642 const struct nlattr *a;
643 int rem;
644 struct ovs_tunnel_info info;
645
646 upcall.cmd = OVS_PACKET_CMD_ACTION;
647 upcall.userdata = NULL;
648 upcall.portid = 0;
649 upcall.egress_tun_info = NULL;
650
651 for (a = nla_data(attr), rem = nla_len(attr); rem > 0;
652 a = nla_next(a, &rem)) {
653 switch (nla_type(a)) {
654 case OVS_USERSPACE_ATTR_USERDATA:
655 upcall.userdata = a;
656 break;
657
658 case OVS_USERSPACE_ATTR_PID:
659 upcall.portid = nla_get_u32(a);
660 break;
661
662 case OVS_USERSPACE_ATTR_EGRESS_TUN_PORT: {
663 /* Get out tunnel info. */
664 struct vport *vport;
665
666 vport = ovs_vport_rcu(dp, nla_get_u32(a));
667 if (vport) {
668 int err;
669
670 err = ovs_vport_get_egress_tun_info(vport, skb,
671 &info);
672 if (!err)
673 upcall.egress_tun_info = &info;
674 }
675 break;
676 }
677
678 } /* End of switch. */
679 }
680
681 return ovs_dp_upcall(dp, skb, &upcall);
682 }
683
684 static bool last_action(const struct nlattr *a, int rem)
685 {
686 return a->nla_len == rem;
687 }
688
689 static int sample(struct datapath *dp, struct sk_buff *skb,
690 const struct nlattr *attr)
691 {
692 struct sw_flow_key sample_key;
693 const struct nlattr *acts_list = NULL;
694 const struct nlattr *a;
695 int rem;
696
697 for (a = nla_data(attr), rem = nla_len(attr); rem > 0;
698 a = nla_next(a, &rem)) {
699 switch (nla_type(a)) {
700 case OVS_SAMPLE_ATTR_PROBABILITY:
701 if (prandom_u32() >= nla_get_u32(a))
702 return 0;
703 break;
704
705 case OVS_SAMPLE_ATTR_ACTIONS:
706 acts_list = a;
707 break;
708 }
709 }
710
711 rem = nla_len(acts_list);
712 a = nla_data(acts_list);
713
714 /* Actions list is empty, do nothing */
715 if (unlikely(!rem))
716 return 0;
717
718 /* The only known usage of sample action is having a single user-space
719 * action. Treat this usage as a special case.
720 * The output_userspace() should clone the skb to be sent to the
721 * user space. This skb will be consumed by its caller. */
722 if (likely(nla_type(a) == OVS_ACTION_ATTR_USERSPACE &&
723 last_action(a, rem)))
724 return output_userspace(dp, skb, a);
725
726 skb = skb_clone(skb, GFP_ATOMIC);
727 if (!skb)
728 /* Skip the sample action when out of memory. */
729 return 0;
730
731 flow_key_clone(skb, &sample_key);
732
733 /* do_execute_actions() will consume the cloned skb. */
734 return do_execute_actions(dp, skb, a, rem);
735 }
736
737 static void execute_hash(struct sk_buff *skb, const struct nlattr *attr)
738 {
739 struct sw_flow_key *key = OVS_CB(skb)->pkt_key;
740 struct ovs_action_hash *hash_act = nla_data(attr);
741 u32 hash = 0;
742
743 /* OVS_HASH_ALG_L4 is the only possible hash algorithm. */
744 hash = skb_get_hash(skb);
745 hash = jhash_1word(hash, hash_act->hash_basis);
746 if (!hash)
747 hash = 0x1;
748
749 key->ovs_flow_hash = hash;
750 }
751
752 static int execute_set_action(struct sk_buff *skb,
753 const struct nlattr *nested_attr)
754 {
755 int err = 0;
756
757 switch (nla_type(nested_attr)) {
758 case OVS_KEY_ATTR_PRIORITY:
759 skb->priority = nla_get_u32(nested_attr);
760 flow_key_set_priority(skb, skb->priority);
761 break;
762
763 case OVS_KEY_ATTR_SKB_MARK:
764 skb->mark = nla_get_u32(nested_attr);
765 flow_key_set_skb_mark(skb, skb->mark);
766 break;
767
768 case OVS_KEY_ATTR_TUNNEL_INFO:
769 OVS_CB(skb)->egress_tun_info = nla_data(nested_attr);
770 break;
771
772 case OVS_KEY_ATTR_ETHERNET:
773 err = set_eth_addr(skb, nla_data(nested_attr));
774 break;
775
776 case OVS_KEY_ATTR_IPV4:
777 err = set_ipv4(skb, nla_data(nested_attr));
778 break;
779
780 case OVS_KEY_ATTR_IPV6:
781 err = set_ipv6(skb, nla_data(nested_attr));
782 break;
783
784 case OVS_KEY_ATTR_TCP:
785 err = set_tcp(skb, nla_data(nested_attr));
786 break;
787
788 case OVS_KEY_ATTR_UDP:
789 err = set_udp(skb, nla_data(nested_attr));
790 break;
791
792 case OVS_KEY_ATTR_SCTP:
793 err = set_sctp(skb, nla_data(nested_attr));
794 break;
795
796 case OVS_KEY_ATTR_MPLS:
797 err = set_mpls(skb, nla_data(nested_attr));
798 break;
799 }
800
801 return err;
802 }
803
804
805 static int execute_recirc(struct datapath *dp, struct sk_buff *skb,
806 const struct nlattr *a, int rem)
807 {
808 struct sw_flow_key recirc_key;
809
810 if (!is_skb_flow_key_valid(skb)) {
811 int err;
812
813 err = ovs_flow_key_update(skb, OVS_CB(skb)->pkt_key);
814 if (err)
815 return err;
816
817 }
818 BUG_ON(!is_skb_flow_key_valid(skb));
819
820 if (!last_action(a, rem)) {
821 /* Recirc action is the not the last action
822 * of the action list. */
823 skb = skb_clone(skb, GFP_ATOMIC);
824
825 /* Skip the recirc action when out of memory, but
826 * continue on with the rest of the action list. */
827 if (!skb)
828 return 0;
829
830 flow_key_clone(skb, &recirc_key);
831 }
832
833 flow_key_set_recirc_id(skb, nla_get_u32(a));
834 ovs_dp_process_packet(skb, true);
835 return 0;
836 }
837
838 /* Execute a list of actions against 'skb'. */
839 static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
840 const struct nlattr *attr, int len)
841 {
842 /* Every output action needs a separate clone of 'skb', but the common
843 * case is just a single output action, so that doing a clone and
844 * then freeing the original skbuff is wasteful. So the following code
845 * is slightly obscure just to avoid that. */
846 int prev_port = -1;
847 const struct nlattr *a;
848 int rem;
849
850 for (a = attr, rem = len; rem > 0;
851 a = nla_next(a, &rem)) {
852 int err = 0;
853
854 if (unlikely(prev_port != -1)) {
855 struct sk_buff *out_skb = skb_clone(skb, GFP_ATOMIC);
856
857 if (out_skb)
858 do_output(dp, out_skb, prev_port);
859
860 prev_port = -1;
861 }
862
863 switch (nla_type(a)) {
864 case OVS_ACTION_ATTR_OUTPUT:
865 prev_port = nla_get_u32(a);
866 break;
867
868 case OVS_ACTION_ATTR_USERSPACE:
869 output_userspace(dp, skb, a);
870 break;
871
872 case OVS_ACTION_ATTR_HASH:
873 execute_hash(skb, a);
874 break;
875
876 case OVS_ACTION_ATTR_PUSH_MPLS:
877 err = push_mpls(skb, nla_data(a));
878 break;
879
880 case OVS_ACTION_ATTR_POP_MPLS:
881 err = pop_mpls(skb, nla_get_be16(a));
882 break;
883
884 case OVS_ACTION_ATTR_PUSH_VLAN:
885 err = push_vlan(skb, nla_data(a));
886 if (unlikely(err)) /* skb already freed. */
887 return err;
888 break;
889
890 case OVS_ACTION_ATTR_POP_VLAN:
891 err = pop_vlan(skb);
892 break;
893
894 case OVS_ACTION_ATTR_RECIRC:
895 err = execute_recirc(dp, skb, a, rem);
896 if (last_action(a, rem)) {
897 /* If this is the last action, the skb has
898 * been consumed or freed.
899 * Return immediately. */
900 return err;
901 }
902 break;
903
904 case OVS_ACTION_ATTR_SET:
905 err = execute_set_action(skb, nla_data(a));
906 break;
907
908 case OVS_ACTION_ATTR_SAMPLE:
909 err = sample(dp, skb, a);
910 break;
911 }
912
913 if (unlikely(err)) {
914 kfree_skb(skb);
915 return err;
916 }
917 }
918
919 if (prev_port != -1)
920 do_output(dp, skb, prev_port);
921 else
922 consume_skb(skb);
923
924 return 0;
925 }
926
927 /* We limit the number of times that we pass into execute_actions()
928 * to avoid blowing out the stack in the event that we have a loop.
929 *
930 * Each loop adds some (estimated) cost to the kernel stack.
931 * The loop terminates when the max cost is exceeded.
932 * */
933 #define RECIRC_STACK_COST 1
934 #define DEFAULT_STACK_COST 4
935 /* Allow up to 4 regular services, and up to 3 recirculations */
936 #define MAX_STACK_COST (DEFAULT_STACK_COST * 4 + RECIRC_STACK_COST * 3)
937
938 struct loop_counter {
939 u8 stack_cost; /* loop stack cost. */
940 bool looping; /* Loop detected? */
941 };
942
943 static DEFINE_PER_CPU(struct loop_counter, loop_counters);
944
945 static int loop_suppress(struct datapath *dp, struct sw_flow_actions *actions)
946 {
947 if (net_ratelimit())
948 pr_warn("%s: flow loop detected, dropping\n",
949 ovs_dp_name(dp));
950 actions->actions_len = 0;
951 return -ELOOP;
952 }
953
954 /* Execute a list of actions against 'skb'. */
955 int ovs_execute_actions(struct datapath *dp, struct sk_buff *skb,
956 struct sw_flow_actions *acts, bool recirc)
957 {
958 const u8 stack_cost = recirc ? RECIRC_STACK_COST : DEFAULT_STACK_COST;
959 struct loop_counter *loop;
960 int error;
961
962 /* Check whether we've looped too much. */
963 loop = &__get_cpu_var(loop_counters);
964 loop->stack_cost += stack_cost;
965 if (unlikely(loop->stack_cost > MAX_STACK_COST))
966 loop->looping = true;
967 if (unlikely(loop->looping)) {
968 error = loop_suppress(dp, acts);
969 kfree_skb(skb);
970 goto out_loop;
971 }
972
973 error = do_execute_actions(dp, skb, acts->actions, acts->actions_len);
974
975 /* Check whether sub-actions looped too much. */
976 if (unlikely(loop->looping))
977 error = loop_suppress(dp, acts);
978
979 out_loop:
980 /* Decrement loop stack cost. */
981 loop->stack_cost -= stack_cost;
982 if (!loop->stack_cost)
983 loop->looping = false;
984
985 return error;
986 }
openvswitch mirror