]> git.proxmox.com Git - ovs.git/blob - datapath/datapath.c
projects / ovs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Revert "datapath: Avoid null deref when GSO is for verifying header integrity only."
[ovs.git] / datapath / datapath.c
1 /*
2 * Copyright (c) 2007-2012 Nicira, Inc.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of version 2 of the GNU General Public
6 * License as published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
16 * 02110-1301, USA
17 */
18
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
20
21 #include <linux/init.h>
22 #include <linux/module.h>
23 #include <linux/if_arp.h>
24 #include <linux/if_vlan.h>
25 #include <linux/in.h>
26 #include <linux/ip.h>
27 #include <linux/jhash.h>
28 #include <linux/delay.h>
29 #include <linux/time.h>
30 #include <linux/etherdevice.h>
31 #include <linux/genetlink.h>
32 #include <linux/kernel.h>
33 #include <linux/kthread.h>
34 #include <linux/mutex.h>
35 #include <linux/percpu.h>
36 #include <linux/rcupdate.h>
37 #include <linux/tcp.h>
38 #include <linux/udp.h>
39 #include <linux/version.h>
40 #include <linux/ethtool.h>
41 #include <linux/wait.h>
42 #include <asm/div64.h>
43 #include <linux/highmem.h>
44 #include <linux/netfilter_bridge.h>
45 #include <linux/netfilter_ipv4.h>
46 #include <linux/inetdevice.h>
47 #include <linux/list.h>
48 #include <linux/openvswitch.h>
49 #include <linux/rculist.h>
50 #include <linux/dmi.h>
51 #include <net/genetlink.h>
52 #include <net/net_namespace.h>
53 #include <net/netns/generic.h>
54
55 #include "checksum.h"
56 #include "datapath.h"
57 #include "flow.h"
58 #include "genl_exec.h"
59 #include "vlan.h"
60 #include "tunnel.h"
61 #include "vport-internal_dev.h"
62
63 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,18) || \
64 LINUX_VERSION_CODE >= KERNEL_VERSION(3,9,0)
65 #error Kernels before 2.6.18 or after 3.8 are not supported by this version of Open vSwitch.
66 #endif
67
68 #define REHASH_FLOW_INTERVAL (10 * 60 * HZ)
69 static void rehash_flow_table(struct work_struct *work);
70 static DECLARE_DELAYED_WORK(rehash_flow_wq, rehash_flow_table);
71
72 int ovs_net_id __read_mostly;
73
74 /**
75 * DOC: Locking:
76 *
77 * Writes to device state (add/remove datapath, port, set operations on vports,
78 * etc.) are protected by RTNL.
79 *
80 * Writes to other state (flow table modifications, set miscellaneous datapath
81 * parameters, etc.) are protected by genl_mutex. The RTNL lock nests inside
82 * genl_mutex.
83 *
84 * Reads are protected by RCU.
85 *
86 * There are a few special cases (mostly stats) that have their own
87 * synchronization but they nest under all of above and don't interact with
88 * each other.
89 */
90
91 static struct vport *new_vport(const struct vport_parms *);
92 static int queue_gso_packets(struct net *, int dp_ifindex, struct sk_buff *,
93 const struct dp_upcall_info *);
94 static int queue_userspace_packet(struct net *, int dp_ifindex,
95 struct sk_buff *,
96 const struct dp_upcall_info *);
97
98 /* Must be called with rcu_read_lock, genl_mutex, or RTNL lock. */
99 static struct datapath *get_dp(struct net *net, int dp_ifindex)
100 {
101 struct datapath *dp = NULL;
102 struct net_device *dev;
103
104 rcu_read_lock();
105 dev = dev_get_by_index_rcu(net, dp_ifindex);
106 if (dev) {
107 struct vport *vport = ovs_internal_dev_get_vport(dev);
108 if (vport)
109 dp = vport->dp;
110 }
111 rcu_read_unlock();
112
113 return dp;
114 }
115
116 /* Must be called with rcu_read_lock or RTNL lock. */
117 const char *ovs_dp_name(const struct datapath *dp)
118 {
119 struct vport *vport = ovs_vport_rtnl_rcu(dp, OVSP_LOCAL);
120 return vport->ops->get_name(vport);
121 }
122
123 static int get_dpifindex(struct datapath *dp)
124 {
125 struct vport *local;
126 int ifindex;
127
128 rcu_read_lock();
129
130 local = ovs_vport_rcu(dp, OVSP_LOCAL);
131 if (local)
132 ifindex = local->ops->get_ifindex(local);
133 else
134 ifindex = 0;
135
136 rcu_read_unlock();
137
138 return ifindex;
139 }
140
141 static void destroy_dp_rcu(struct rcu_head *rcu)
142 {
143 struct datapath *dp = container_of(rcu, struct datapath, rcu);
144
145 ovs_flow_tbl_destroy((__force struct flow_table *)dp->table);
146 free_percpu(dp->stats_percpu);
147 release_net(ovs_dp_get_net(dp));
148 kfree(dp->ports);
149 kfree(dp);
150 }
151
152 static struct hlist_head *vport_hash_bucket(const struct datapath *dp,
153 u16 port_no)
154 {
155 return &dp->ports[port_no & (DP_VPORT_HASH_BUCKETS - 1)];
156 }
157
158 struct vport *ovs_lookup_vport(const struct datapath *dp, u16 port_no)
159 {
160 struct vport *vport;
161 struct hlist_node *n;
162 struct hlist_head *head;
163
164 head = vport_hash_bucket(dp, port_no);
165 hlist_for_each_entry_rcu(vport, n, head, dp_hash_node) {
166 if (vport->port_no == port_no)
167 return vport;
168 }
169 return NULL;
170 }
171
172 /* Called with RTNL lock and genl_lock. */
173 static struct vport *new_vport(const struct vport_parms *parms)
174 {
175 struct vport *vport;
176
177 vport = ovs_vport_add(parms);
178 if (!IS_ERR(vport)) {
179 struct datapath *dp = parms->dp;
180 struct hlist_head *head = vport_hash_bucket(dp, vport->port_no);
181
182 hlist_add_head_rcu(&vport->dp_hash_node, head);
183 }
184 return vport;
185 }
186
187 /* Called with RTNL lock. */
188 void ovs_dp_detach_port(struct vport *p)
189 {
190 ASSERT_RTNL();
191
192 /* First drop references to device. */
193 hlist_del_rcu(&p->dp_hash_node);
194
195 /* Then destroy it. */
196 ovs_vport_del(p);
197 }
198
199 /* Must be called with rcu_read_lock. */
200 void ovs_dp_process_received_packet(struct vport *p, struct sk_buff *skb)
201 {
202 struct datapath *dp = p->dp;
203 struct sw_flow *flow;
204 struct dp_stats_percpu *stats;
205 u64 *stats_counter;
206 int error;
207
208 stats = this_cpu_ptr(dp->stats_percpu);
209
210 if (!OVS_CB(skb)->flow) {
211 struct sw_flow_key key;
212 int key_len;
213
214 /* Extract flow from 'skb' into 'key'. */
215 error = ovs_flow_extract(skb, p->port_no, &key, &key_len);
216 if (unlikely(error)) {
217 kfree_skb(skb);
218 return;
219 }
220
221 /* Look up flow. */
222 flow = ovs_flow_tbl_lookup(rcu_dereference(dp->table),
223 &key, key_len);
224 if (unlikely(!flow)) {
225 struct dp_upcall_info upcall;
226
227 upcall.cmd = OVS_PACKET_CMD_MISS;
228 upcall.key = &key;
229 upcall.userdata = NULL;
230 upcall.portid = p->upcall_portid;
231 ovs_dp_upcall(dp, skb, &upcall);
232 consume_skb(skb);
233 stats_counter = &stats->n_missed;
234 goto out;
235 }
236
237 OVS_CB(skb)->flow = flow;
238 }
239
240 stats_counter = &stats->n_hit;
241 ovs_flow_used(OVS_CB(skb)->flow, skb);
242 ovs_execute_actions(dp, skb);
243
244 out:
245 /* Update datapath statistics. */
246 u64_stats_update_begin(&stats->sync);
247 (*stats_counter)++;
248 u64_stats_update_end(&stats->sync);
249 }
250
251 static struct genl_family dp_packet_genl_family = {
252 .id = GENL_ID_GENERATE,
253 .hdrsize = sizeof(struct ovs_header),
254 .name = OVS_PACKET_FAMILY,
255 .version = OVS_PACKET_VERSION,
256 .maxattr = OVS_PACKET_ATTR_MAX,
257 SET_NETNSOK
258 };
259
260 int ovs_dp_upcall(struct datapath *dp, struct sk_buff *skb,
261 const struct dp_upcall_info *upcall_info)
262 {
263 struct dp_stats_percpu *stats;
264 int dp_ifindex;
265 int err;
266
267 if (upcall_info->portid == 0) {
268 err = -ENOTCONN;
269 goto err;
270 }
271
272 dp_ifindex = get_dpifindex(dp);
273 if (!dp_ifindex) {
274 err = -ENODEV;
275 goto err;
276 }
277
278 forward_ip_summed(skb, true);
279
280 if (!skb_is_gso(skb))
281 err = queue_userspace_packet(ovs_dp_get_net(dp), dp_ifindex, skb, upcall_info);
282 else
283 err = queue_gso_packets(ovs_dp_get_net(dp), dp_ifindex, skb, upcall_info);
284 if (err)
285 goto err;
286
287 return 0;
288
289 err:
290 stats = this_cpu_ptr(dp->stats_percpu);
291
292 u64_stats_update_begin(&stats->sync);
293 stats->n_lost++;
294 u64_stats_update_end(&stats->sync);
295
296 return err;
297 }
298
299 static int queue_gso_packets(struct net *net, int dp_ifindex,
300 struct sk_buff *skb,
301 const struct dp_upcall_info *upcall_info)
302 {
303 unsigned short gso_type = skb_shinfo(skb)->gso_type;
304 struct dp_upcall_info later_info;
305 struct sw_flow_key later_key;
306 struct sk_buff *segs, *nskb;
307 int err;
308
309 segs = skb_gso_segment(skb, NETIF_F_SG | NETIF_F_HW_CSUM);
310 if (IS_ERR(segs))
311 return PTR_ERR(segs);
312
313 /* Queue all of the segments. */
314 skb = segs;
315 do {
316 err = queue_userspace_packet(net, dp_ifindex, skb, upcall_info);
317 if (err)
318 break;
319
320 if (skb == segs && gso_type & SKB_GSO_UDP) {
321 /* The initial flow key extracted by ovs_flow_extract()
322 * in this case is for a first fragment, so we need to
323 * properly mark later fragments.
324 */
325 later_key = *upcall_info->key;
326 later_key.ip.frag = OVS_FRAG_TYPE_LATER;
327
328 later_info = *upcall_info;
329 later_info.key = &later_key;
330 upcall_info = &later_info;
331 }
332 } while ((skb = skb->next));
333
334 /* Free all of the segments. */
335 skb = segs;
336 do {
337 nskb = skb->next;
338 if (err)
339 kfree_skb(skb);
340 else
341 consume_skb(skb);
342 } while ((skb = nskb));
343 return err;
344 }
345
346 static int queue_userspace_packet(struct net *net, int dp_ifindex,
347 struct sk_buff *skb,
348 const struct dp_upcall_info *upcall_info)
349 {
350 struct ovs_header *upcall;
351 struct sk_buff *nskb = NULL;
352 struct sk_buff *user_skb; /* to be queued to userspace */
353 struct nlattr *nla;
354 unsigned int len;
355 int err;
356
357 if (vlan_tx_tag_present(skb)) {
358 nskb = skb_clone(skb, GFP_ATOMIC);
359 if (!nskb)
360 return -ENOMEM;
361
362 err = vlan_deaccel_tag(nskb);
363 if (err)
364 return err;
365
366 skb = nskb;
367 }
368
369 if (nla_attr_size(skb->len) > USHRT_MAX) {
370 err = -EFBIG;
371 goto out;
372 }
373
374 len = sizeof(struct ovs_header);
375 len += nla_total_size(skb->len);
376 len += nla_total_size(FLOW_BUFSIZE);
377 if (upcall_info->cmd == OVS_PACKET_CMD_ACTION)
378 len += nla_total_size(8);
379
380 user_skb = genlmsg_new(len, GFP_ATOMIC);
381 if (!user_skb) {
382 err = -ENOMEM;
383 goto out;
384 }
385
386 upcall = genlmsg_put(user_skb, 0, 0, &dp_packet_genl_family,
387 0, upcall_info->cmd);
388 upcall->dp_ifindex = dp_ifindex;
389
390 nla = nla_nest_start(user_skb, OVS_PACKET_ATTR_KEY);
391 ovs_flow_to_nlattrs(upcall_info->key, user_skb);
392 nla_nest_end(user_skb, nla);
393
394 if (upcall_info->userdata)
395 nla_put_u64(user_skb, OVS_PACKET_ATTR_USERDATA,
396 nla_get_u64(upcall_info->userdata));
397
398 nla = __nla_reserve(user_skb, OVS_PACKET_ATTR_PACKET, skb->len);
399
400 skb_copy_and_csum_dev(skb, nla_data(nla));
401
402 err = genlmsg_unicast(net, user_skb, upcall_info->portid);
403
404 out:
405 kfree_skb(nskb);
406 return err;
407 }
408
409 /* Called with genl_mutex. */
410 static int flush_flows(struct datapath *dp)
411 {
412 struct flow_table *old_table;
413 struct flow_table *new_table;
414
415 old_table = genl_dereference(dp->table);
416 new_table = ovs_flow_tbl_alloc(TBL_MIN_BUCKETS);
417 if (!new_table)
418 return -ENOMEM;
419
420 rcu_assign_pointer(dp->table, new_table);
421
422 ovs_flow_tbl_deferred_destroy(old_table);
423 return 0;
424 }
425
426 static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, int attr_len)
427 {
428
429 struct sw_flow_actions *acts;
430 int new_acts_size;
431 int req_size = NLA_ALIGN(attr_len);
432 int next_offset = offsetof(struct sw_flow_actions, actions) +
433 (*sfa)->actions_len;
434
435 if (req_size <= (ksize(*sfa) - next_offset))
436 goto out;
437
438 new_acts_size = ksize(*sfa) * 2;
439
440 if (new_acts_size > MAX_ACTIONS_BUFSIZE) {
441 if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size)
442 return ERR_PTR(-EMSGSIZE);
443 new_acts_size = MAX_ACTIONS_BUFSIZE;
444 }
445
446 acts = ovs_flow_actions_alloc(new_acts_size);
447 if (IS_ERR(acts))
448 return (void *)acts;
449
450 memcpy(acts->actions, (*sfa)->actions, (*sfa)->actions_len);
451 acts->actions_len = (*sfa)->actions_len;
452 kfree(*sfa);
453 *sfa = acts;
454
455 out:
456 (*sfa)->actions_len += req_size;
457 return (struct nlattr *) ((unsigned char *)(*sfa) + next_offset);
458 }
459
460 static int add_action(struct sw_flow_actions **sfa, int attrtype, void *data, int len)
461 {
462 struct nlattr *a;
463
464 a = reserve_sfa_size(sfa, nla_attr_size(len));
465 if (IS_ERR(a))
466 return PTR_ERR(a);
467
468 a->nla_type = attrtype;
469 a->nla_len = nla_attr_size(len);
470
471 if (data)
472 memcpy(nla_data(a), data, len);
473 memset((unsigned char *) a + a->nla_len, 0, nla_padlen(len));
474
475 return 0;
476 }
477
478 static inline int add_nested_action_start(struct sw_flow_actions **sfa, int attrtype)
479 {
480 int used = (*sfa)->actions_len;
481 int err;
482
483 err = add_action(sfa, attrtype, NULL, 0);
484 if (err)
485 return err;
486
487 return used;
488 }
489
490 static inline void add_nested_action_end(struct sw_flow_actions *sfa, int st_offset)
491 {
492 struct nlattr *a = (struct nlattr *) ((unsigned char *)sfa->actions + st_offset);
493
494 a->nla_len = sfa->actions_len - st_offset;
495 }
496
497 static int validate_and_copy_actions(const struct nlattr *attr,
498 const struct sw_flow_key *key, int depth,
499 struct sw_flow_actions **sfa);
500
501 static int validate_and_copy_sample(const struct nlattr *attr,
502 const struct sw_flow_key *key, int depth,
503 struct sw_flow_actions **sfa)
504 {
505 const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1];
506 const struct nlattr *probability, *actions;
507 const struct nlattr *a;
508 int rem, start, err, st_acts;
509
510 memset(attrs, 0, sizeof(attrs));
511 nla_for_each_nested(a, attr, rem) {
512 int type = nla_type(a);
513 if (!type || type > OVS_SAMPLE_ATTR_MAX || attrs[type])
514 return -EINVAL;
515 attrs[type] = a;
516 }
517 if (rem)
518 return -EINVAL;
519
520 probability = attrs[OVS_SAMPLE_ATTR_PROBABILITY];
521 if (!probability || nla_len(probability) != sizeof(u32))
522 return -EINVAL;
523
524 actions = attrs[OVS_SAMPLE_ATTR_ACTIONS];
525 if (!actions || (nla_len(actions) && nla_len(actions) < NLA_HDRLEN))
526 return -EINVAL;
527
528 /* validation done, copy sample action. */
529 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SAMPLE);
530 if (start < 0)
531 return start;
532 err = add_action(sfa, OVS_SAMPLE_ATTR_PROBABILITY, nla_data(probability), sizeof(u32));
533 if (err)
534 return err;
535 st_acts = add_nested_action_start(sfa, OVS_SAMPLE_ATTR_ACTIONS);
536 if (st_acts < 0)
537 return st_acts;
538
539 err = validate_and_copy_actions(actions, key, depth + 1, sfa);
540 if (err)
541 return err;
542
543 add_nested_action_end(*sfa, st_acts);
544 add_nested_action_end(*sfa, start);
545
546 return 0;
547 }
548
549 static int validate_tp_port(const struct sw_flow_key *flow_key)
550 {
551 if (flow_key->eth.type == htons(ETH_P_IP)) {
552 if (flow_key->ipv4.tp.src || flow_key->ipv4.tp.dst)
553 return 0;
554 } else if (flow_key->eth.type == htons(ETH_P_IPV6)) {
555 if (flow_key->ipv6.tp.src || flow_key->ipv6.tp.dst)
556 return 0;
557 }
558
559 return -EINVAL;
560 }
561
562 static int validate_and_copy_set_tun(const struct nlattr *attr,
563 struct sw_flow_actions **sfa)
564 {
565 struct ovs_key_ipv4_tunnel tun_key;
566 int err, start;
567
568 err = ipv4_tun_from_nlattr(nla_data(attr), &tun_key);
569 if (err)
570 return err;
571
572 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SET);
573 if (start < 0)
574 return start;
575
576 err = add_action(sfa, OVS_KEY_ATTR_IPV4_TUNNEL, &tun_key, sizeof(tun_key));
577 add_nested_action_end(*sfa, start);
578
579 return err;
580 }
581
582 static int validate_set(const struct nlattr *a,
583 const struct sw_flow_key *flow_key,
584 struct sw_flow_actions **sfa,
585 bool *set_tun)
586 {
587 const struct nlattr *ovs_key = nla_data(a);
588 int key_type = nla_type(ovs_key);
589
590 /* There can be only one key in a action */
591 if (nla_total_size(nla_len(ovs_key)) != nla_len(a))
592 return -EINVAL;
593
594 if (key_type > OVS_KEY_ATTR_MAX ||
595 (ovs_key_lens[key_type] != nla_len(ovs_key) &&
596 ovs_key_lens[key_type] != -1))
597 return -EINVAL;
598
599 switch (key_type) {
600 const struct ovs_key_ipv4 *ipv4_key;
601 const struct ovs_key_ipv6 *ipv6_key;
602 int err;
603
604 case OVS_KEY_ATTR_PRIORITY:
605 case OVS_KEY_ATTR_TUN_ID:
606 case OVS_KEY_ATTR_ETHERNET:
607 break;
608
609 case OVS_KEY_ATTR_SKB_MARK:
610 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20) && !defined(CONFIG_NETFILTER)
611 if (nla_get_u32(ovs_key) != 0)
612 return -EINVAL;
613 #endif
614 break;
615
616 case OVS_KEY_ATTR_TUNNEL:
617 *set_tun = true;
618 err = validate_and_copy_set_tun(a, sfa);
619 if (err)
620 return err;
621 break;
622
623 case OVS_KEY_ATTR_IPV4:
624 if (flow_key->eth.type != htons(ETH_P_IP))
625 return -EINVAL;
626
627 if (!flow_key->ip.proto)
628 return -EINVAL;
629
630 ipv4_key = nla_data(ovs_key);
631 if (ipv4_key->ipv4_proto != flow_key->ip.proto)
632 return -EINVAL;
633
634 if (ipv4_key->ipv4_frag != flow_key->ip.frag)
635 return -EINVAL;
636
637 break;
638
639 case OVS_KEY_ATTR_IPV6:
640 if (flow_key->eth.type != htons(ETH_P_IPV6))
641 return -EINVAL;
642
643 if (!flow_key->ip.proto)
644 return -EINVAL;
645
646 ipv6_key = nla_data(ovs_key);
647 if (ipv6_key->ipv6_proto != flow_key->ip.proto)
648 return -EINVAL;
649
650 if (ipv6_key->ipv6_frag != flow_key->ip.frag)
651 return -EINVAL;
652
653 if (ntohl(ipv6_key->ipv6_label) & 0xFFF00000)
654 return -EINVAL;
655
656 break;
657
658 case OVS_KEY_ATTR_TCP:
659 if (flow_key->ip.proto != IPPROTO_TCP)
660 return -EINVAL;
661
662 return validate_tp_port(flow_key);
663
664 case OVS_KEY_ATTR_UDP:
665 if (flow_key->ip.proto != IPPROTO_UDP)
666 return -EINVAL;
667
668 return validate_tp_port(flow_key);
669
670 default:
671 return -EINVAL;
672 }
673
674 return 0;
675 }
676
677 static int validate_userspace(const struct nlattr *attr)
678 {
679 static const struct nla_policy userspace_policy[OVS_USERSPACE_ATTR_MAX + 1] = {
680 [OVS_USERSPACE_ATTR_PID] = {.type = NLA_U32 },
681 [OVS_USERSPACE_ATTR_USERDATA] = {.type = NLA_U64 },
682 };
683 struct nlattr *a[OVS_USERSPACE_ATTR_MAX + 1];
684 int error;
685
686 error = nla_parse_nested(a, OVS_USERSPACE_ATTR_MAX,
687 attr, userspace_policy);
688 if (error)
689 return error;
690
691 if (!a[OVS_USERSPACE_ATTR_PID] ||
692 !nla_get_u32(a[OVS_USERSPACE_ATTR_PID]))
693 return -EINVAL;
694
695 return 0;
696 }
697
698 static int copy_action(const struct nlattr *from,
699 struct sw_flow_actions **sfa)
700 {
701 int totlen = NLA_ALIGN(from->nla_len);
702 struct nlattr *to;
703
704 to = reserve_sfa_size(sfa, from->nla_len);
705 if (IS_ERR(to))
706 return PTR_ERR(to);
707
708 memcpy(to, from, totlen);
709 return 0;
710 }
711
712 static int validate_and_copy_actions(const struct nlattr *attr,
713 const struct sw_flow_key *key,
714 int depth,
715 struct sw_flow_actions **sfa)
716 {
717 const struct nlattr *a;
718 int rem, err;
719
720 if (depth >= SAMPLE_ACTION_DEPTH)
721 return -EOVERFLOW;
722
723 nla_for_each_nested(a, attr, rem) {
724 /* Expected argument lengths, (u32)-1 for variable length. */
725 static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = {
726 [OVS_ACTION_ATTR_OUTPUT] = sizeof(u32),
727 [OVS_ACTION_ATTR_USERSPACE] = (u32)-1,
728 [OVS_ACTION_ATTR_PUSH_VLAN] = sizeof(struct ovs_action_push_vlan),
729 [OVS_ACTION_ATTR_POP_VLAN] = 0,
730 [OVS_ACTION_ATTR_SET] = (u32)-1,
731 [OVS_ACTION_ATTR_SAMPLE] = (u32)-1
732 };
733 const struct ovs_action_push_vlan *vlan;
734 int type = nla_type(a);
735 bool skip_copy;
736
737 if (type > OVS_ACTION_ATTR_MAX ||
738 (action_lens[type] != nla_len(a) &&
739 action_lens[type] != (u32)-1))
740 return -EINVAL;
741
742 skip_copy = false;
743 switch (type) {
744 case OVS_ACTION_ATTR_UNSPEC:
745 return -EINVAL;
746
747 case OVS_ACTION_ATTR_USERSPACE:
748 err = validate_userspace(a);
749 if (err)
750 return err;
751 break;
752
753 case OVS_ACTION_ATTR_OUTPUT:
754 if (nla_get_u32(a) >= DP_MAX_PORTS)
755 return -EINVAL;
756 break;
757
758
759 case OVS_ACTION_ATTR_POP_VLAN:
760 break;
761
762 case OVS_ACTION_ATTR_PUSH_VLAN:
763 vlan = nla_data(a);
764 if (vlan->vlan_tpid != htons(ETH_P_8021Q))
765 return -EINVAL;
766 if (!(vlan->vlan_tci & htons(VLAN_TAG_PRESENT)))
767 return -EINVAL;
768 break;
769
770 case OVS_ACTION_ATTR_SET:
771 err = validate_set(a, key, sfa, &skip_copy);
772 if (err)
773 return err;
774 break;
775
776 case OVS_ACTION_ATTR_SAMPLE:
777 err = validate_and_copy_sample(a, key, depth, sfa);
778 if (err)
779 return err;
780 skip_copy = true;
781 break;
782
783 default:
784 return -EINVAL;
785 }
786 if (!skip_copy) {
787 err = copy_action(a, sfa);
788 if (err)
789 return err;
790 }
791 }
792
793 if (rem > 0)
794 return -EINVAL;
795
796 return 0;
797 }
798
799 static void clear_stats(struct sw_flow *flow)
800 {
801 flow->used = 0;
802 flow->tcp_flags = 0;
803 flow->packet_count = 0;
804 flow->byte_count = 0;
805 }
806
807 static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info)
808 {
809 struct ovs_header *ovs_header = info->userhdr;
810 struct nlattr **a = info->attrs;
811 struct sw_flow_actions *acts;
812 struct sk_buff *packet;
813 struct sw_flow *flow;
814 struct datapath *dp;
815 struct ethhdr *eth;
816 int len;
817 int err;
818 int key_len;
819
820 err = -EINVAL;
821 if (!a[OVS_PACKET_ATTR_PACKET] || !a[OVS_PACKET_ATTR_KEY] ||
822 !a[OVS_PACKET_ATTR_ACTIONS] ||
823 nla_len(a[OVS_PACKET_ATTR_PACKET]) < ETH_HLEN)
824 goto err;
825
826 len = nla_len(a[OVS_PACKET_ATTR_PACKET]);
827 packet = __dev_alloc_skb(NET_IP_ALIGN + len, GFP_KERNEL);
828 err = -ENOMEM;
829 if (!packet)
830 goto err;
831 skb_reserve(packet, NET_IP_ALIGN);
832
833 memcpy(__skb_put(packet, len), nla_data(a[OVS_PACKET_ATTR_PACKET]), len);
834
835 skb_reset_mac_header(packet);
836 eth = eth_hdr(packet);
837
838 /* Normally, setting the skb 'protocol' field would be handled by a
839 * call to eth_type_trans(), but it assumes there's a sending
840 * device, which we may not have. */
841 if (ntohs(eth->h_proto) >= 1536)
842 packet->protocol = eth->h_proto;
843 else
844 packet->protocol = htons(ETH_P_802_2);
845
846 /* Build an sw_flow for sending this packet. */
847 flow = ovs_flow_alloc();
848 err = PTR_ERR(flow);
849 if (IS_ERR(flow))
850 goto err_kfree_skb;
851
852 err = ovs_flow_extract(packet, -1, &flow->key, &key_len);
853 if (err)
854 goto err_flow_free;
855
856 err = ovs_flow_metadata_from_nlattrs(flow, key_len, a[OVS_PACKET_ATTR_KEY]);
857 if (err)
858 goto err_flow_free;
859 acts = ovs_flow_actions_alloc(nla_len(a[OVS_PACKET_ATTR_ACTIONS]));
860 err = PTR_ERR(acts);
861 if (IS_ERR(acts))
862 goto err_flow_free;
863
864 err = validate_and_copy_actions(a[OVS_PACKET_ATTR_ACTIONS], &flow->key, 0, &acts);
865 rcu_assign_pointer(flow->sf_acts, acts);
866 if (err)
867 goto err_flow_free;
868
869 OVS_CB(packet)->flow = flow;
870 packet->priority = flow->key.phy.priority;
871 skb_set_mark(packet, flow->key.phy.skb_mark);
872
873 rcu_read_lock();
874 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
875 err = -ENODEV;
876 if (!dp)
877 goto err_unlock;
878
879 local_bh_disable();
880 err = ovs_execute_actions(dp, packet);
881 local_bh_enable();
882 rcu_read_unlock();
883
884 ovs_flow_free(flow);
885 return err;
886
887 err_unlock:
888 rcu_read_unlock();
889 err_flow_free:
890 ovs_flow_free(flow);
891 err_kfree_skb:
892 kfree_skb(packet);
893 err:
894 return err;
895 }
896
897 static const struct nla_policy packet_policy[OVS_PACKET_ATTR_MAX + 1] = {
898 [OVS_PACKET_ATTR_PACKET] = { .type = NLA_UNSPEC },
899 [OVS_PACKET_ATTR_KEY] = { .type = NLA_NESTED },
900 [OVS_PACKET_ATTR_ACTIONS] = { .type = NLA_NESTED },
901 };
902
903 static struct genl_ops dp_packet_genl_ops[] = {
904 { .cmd = OVS_PACKET_CMD_EXECUTE,
905 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
906 .policy = packet_policy,
907 .doit = ovs_packet_cmd_execute
908 }
909 };
910
911 static void get_dp_stats(struct datapath *dp, struct ovs_dp_stats *stats)
912 {
913 int i;
914 struct flow_table *table = genl_dereference(dp->table);
915
916 stats->n_flows = ovs_flow_tbl_count(table);
917
918 stats->n_hit = stats->n_missed = stats->n_lost = 0;
919 for_each_possible_cpu(i) {
920 const struct dp_stats_percpu *percpu_stats;
921 struct dp_stats_percpu local_stats;
922 unsigned int start;
923
924 percpu_stats = per_cpu_ptr(dp->stats_percpu, i);
925
926 do {
927 start = u64_stats_fetch_begin_bh(&percpu_stats->sync);
928 local_stats = *percpu_stats;
929 } while (u64_stats_fetch_retry_bh(&percpu_stats->sync, start));
930
931 stats->n_hit += local_stats.n_hit;
932 stats->n_missed += local_stats.n_missed;
933 stats->n_lost += local_stats.n_lost;
934 }
935 }
936
937 static const struct nla_policy flow_policy[OVS_FLOW_ATTR_MAX + 1] = {
938 [OVS_FLOW_ATTR_KEY] = { .type = NLA_NESTED },
939 [OVS_FLOW_ATTR_ACTIONS] = { .type = NLA_NESTED },
940 [OVS_FLOW_ATTR_CLEAR] = { .type = NLA_FLAG },
941 };
942
943 static struct genl_family dp_flow_genl_family = {
944 .id = GENL_ID_GENERATE,
945 .hdrsize = sizeof(struct ovs_header),
946 .name = OVS_FLOW_FAMILY,
947 .version = OVS_FLOW_VERSION,
948 .maxattr = OVS_FLOW_ATTR_MAX,
949 SET_NETNSOK
950 };
951
952 static struct genl_multicast_group ovs_dp_flow_multicast_group = {
953 .name = OVS_FLOW_MCGROUP
954 };
955
956 static int actions_to_attr(const struct nlattr *attr, int len, struct sk_buff *skb);
957 static int sample_action_to_attr(const struct nlattr *attr, struct sk_buff *skb)
958 {
959 const struct nlattr *a;
960 struct nlattr *start;
961 int err = 0, rem;
962
963 start = nla_nest_start(skb, OVS_ACTION_ATTR_SAMPLE);
964 if (!start)
965 return -EMSGSIZE;
966
967 nla_for_each_nested(a, attr, rem) {
968 int type = nla_type(a);
969 struct nlattr *st_sample;
970
971 switch (type) {
972 case OVS_SAMPLE_ATTR_PROBABILITY:
973 if (nla_put(skb, OVS_SAMPLE_ATTR_PROBABILITY, sizeof(u32), nla_data(a)))
974 return -EMSGSIZE;
975 break;
976 case OVS_SAMPLE_ATTR_ACTIONS:
977 st_sample = nla_nest_start(skb, OVS_SAMPLE_ATTR_ACTIONS);
978 if (!st_sample)
979 return -EMSGSIZE;
980 err = actions_to_attr(nla_data(a), nla_len(a), skb);
981 if (err)
982 return err;
983 nla_nest_end(skb, st_sample);
984 break;
985 }
986 }
987
988 nla_nest_end(skb, start);
989 return err;
990 }
991
992 static int set_action_to_attr(const struct nlattr *a, struct sk_buff *skb)
993 {
994 const struct nlattr *ovs_key = nla_data(a);
995 int key_type = nla_type(ovs_key);
996 struct nlattr *start;
997 int err;
998
999 switch (key_type) {
1000 case OVS_KEY_ATTR_IPV4_TUNNEL:
1001 start = nla_nest_start(skb, OVS_ACTION_ATTR_SET);
1002 if (!start)
1003 return -EMSGSIZE;
1004
1005 err = ipv4_tun_to_nlattr(skb, nla_data(ovs_key));
1006 if (err)
1007 return err;
1008 nla_nest_end(skb, start);
1009 break;
1010 default:
1011 if (nla_put(skb, OVS_ACTION_ATTR_SET, nla_len(a), ovs_key))
1012 return -EMSGSIZE;
1013 break;
1014 }
1015
1016 return 0;
1017 }
1018
1019 static int actions_to_attr(const struct nlattr *attr, int len, struct sk_buff *skb)
1020 {
1021 const struct nlattr *a;
1022 int rem, err;
1023
1024 nla_for_each_attr(a, attr, len, rem) {
1025 int type = nla_type(a);
1026
1027 switch (type) {
1028 case OVS_ACTION_ATTR_SET:
1029 err = set_action_to_attr(a, skb);
1030 if (err)
1031 return err;
1032 break;
1033
1034 case OVS_ACTION_ATTR_SAMPLE:
1035 err = sample_action_to_attr(a, skb);
1036 if (err)
1037 return err;
1038 break;
1039 default:
1040 if (nla_put(skb, type, nla_len(a), nla_data(a)))
1041 return -EMSGSIZE;
1042 break;
1043 }
1044 }
1045
1046 return 0;
1047 }
1048
1049 /* Called with genl_lock. */
1050 static int ovs_flow_cmd_fill_info(struct sw_flow *flow, struct datapath *dp,
1051 struct sk_buff *skb, u32 portid,
1052 u32 seq, u32 flags, u8 cmd)
1053 {
1054 const int skb_orig_len = skb->len;
1055 const struct sw_flow_actions *sf_acts;
1056 struct nlattr *start;
1057 struct ovs_flow_stats stats;
1058 struct ovs_header *ovs_header;
1059 struct nlattr *nla;
1060 unsigned long used;
1061 u8 tcp_flags;
1062 int err;
1063
1064 sf_acts = rcu_dereference_protected(flow->sf_acts,
1065 lockdep_genl_is_held());
1066
1067 ovs_header = genlmsg_put(skb, portid, seq, &dp_flow_genl_family, flags, cmd);
1068 if (!ovs_header)
1069 return -EMSGSIZE;
1070
1071 ovs_header->dp_ifindex = get_dpifindex(dp);
1072
1073 nla = nla_nest_start(skb, OVS_FLOW_ATTR_KEY);
1074 if (!nla)
1075 goto nla_put_failure;
1076 err = ovs_flow_to_nlattrs(&flow->key, skb);
1077 if (err)
1078 goto error;
1079 nla_nest_end(skb, nla);
1080
1081 spin_lock_bh(&flow->lock);
1082 used = flow->used;
1083 stats.n_packets = flow->packet_count;
1084 stats.n_bytes = flow->byte_count;
1085 tcp_flags = flow->tcp_flags;
1086 spin_unlock_bh(&flow->lock);
1087
1088 if (used &&
1089 nla_put_u64(skb, OVS_FLOW_ATTR_USED, ovs_flow_used_time(used)))
1090 goto nla_put_failure;
1091
1092 if (stats.n_packets &&
1093 nla_put(skb, OVS_FLOW_ATTR_STATS,
1094 sizeof(struct ovs_flow_stats), &stats))
1095 goto nla_put_failure;
1096
1097 if (tcp_flags &&
1098 nla_put_u8(skb, OVS_FLOW_ATTR_TCP_FLAGS, tcp_flags))
1099 goto nla_put_failure;
1100
1101 /* If OVS_FLOW_ATTR_ACTIONS doesn't fit, skip dumping the actions if
1102 * this is the first flow to be dumped into 'skb'. This is unusual for
1103 * Netlink but individual action lists can be longer than
1104 * NLMSG_GOODSIZE and thus entirely undumpable if we didn't do this.
1105 * The userspace caller can always fetch the actions separately if it
1106 * really wants them. (Most userspace callers in fact don't care.)
1107 *
1108 * This can only fail for dump operations because the skb is always
1109 * properly sized for single flows.
1110 */
1111 start = nla_nest_start(skb, OVS_FLOW_ATTR_ACTIONS);
1112 if (start) {
1113 err = actions_to_attr(sf_acts->actions, sf_acts->actions_len, skb);
1114 if (err < 0 && skb_orig_len)
1115 goto error;
1116 nla_nest_end(skb, start);
1117 } else if (skb_orig_len) {
1118 err = -ENOMEM;
1119 goto error;
1120 }
1121
1122 return genlmsg_end(skb, ovs_header);
1123
1124 nla_put_failure:
1125 err = -EMSGSIZE;
1126 error:
1127 genlmsg_cancel(skb, ovs_header);
1128 return err;
1129 }
1130
1131 static struct sk_buff *ovs_flow_cmd_alloc_info(struct sw_flow *flow)
1132 {
1133 const struct sw_flow_actions *sf_acts;
1134 int len;
1135
1136 sf_acts = rcu_dereference_protected(flow->sf_acts,
1137 lockdep_genl_is_held());
1138
1139 /* OVS_FLOW_ATTR_KEY */
1140 len = nla_total_size(FLOW_BUFSIZE);
1141 /* OVS_FLOW_ATTR_ACTIONS */
1142 len += nla_total_size(sf_acts->actions_len);
1143 /* OVS_FLOW_ATTR_STATS */
1144 len += nla_total_size(sizeof(struct ovs_flow_stats));
1145 /* OVS_FLOW_ATTR_TCP_FLAGS */
1146 len += nla_total_size(1);
1147 /* OVS_FLOW_ATTR_USED */
1148 len += nla_total_size(8);
1149
1150 len += NLMSG_ALIGN(sizeof(struct ovs_header));
1151
1152 return genlmsg_new(len, GFP_KERNEL);
1153 }
1154
1155 static struct sk_buff *ovs_flow_cmd_build_info(struct sw_flow *flow,
1156 struct datapath *dp,
1157 u32 portid, u32 seq, u8 cmd)
1158 {
1159 struct sk_buff *skb;
1160 int retval;
1161
1162 skb = ovs_flow_cmd_alloc_info(flow);
1163 if (!skb)
1164 return ERR_PTR(-ENOMEM);
1165
1166 retval = ovs_flow_cmd_fill_info(flow, dp, skb, portid, seq, 0, cmd);
1167 BUG_ON(retval < 0);
1168 return skb;
1169 }
1170
1171 static int ovs_flow_cmd_new_or_set(struct sk_buff *skb, struct genl_info *info)
1172 {
1173 struct nlattr **a = info->attrs;
1174 struct ovs_header *ovs_header = info->userhdr;
1175 struct sw_flow_key key;
1176 struct sw_flow *flow;
1177 struct sk_buff *reply;
1178 struct datapath *dp;
1179 struct flow_table *table;
1180 struct sw_flow_actions *acts = NULL;
1181 int error;
1182 int key_len;
1183
1184 /* Extract key. */
1185 error = -EINVAL;
1186 if (!a[OVS_FLOW_ATTR_KEY])
1187 goto error;
1188 error = ovs_flow_from_nlattrs(&key, &key_len, a[OVS_FLOW_ATTR_KEY]);
1189 if (error)
1190 goto error;
1191
1192 /* Validate actions. */
1193 if (a[OVS_FLOW_ATTR_ACTIONS]) {
1194 acts = ovs_flow_actions_alloc(nla_len(a[OVS_FLOW_ATTR_ACTIONS]));
1195 error = PTR_ERR(acts);
1196 if (IS_ERR(acts))
1197 goto error;
1198
1199 error = validate_and_copy_actions(a[OVS_FLOW_ATTR_ACTIONS], &key, 0, &acts);
1200 if (error)
1201 goto err_kfree;
1202 } else if (info->genlhdr->cmd == OVS_FLOW_CMD_NEW) {
1203 error = -EINVAL;
1204 goto error;
1205 }
1206
1207 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
1208 error = -ENODEV;
1209 if (!dp)
1210 goto err_kfree;
1211
1212 table = genl_dereference(dp->table);
1213 flow = ovs_flow_tbl_lookup(table, &key, key_len);
1214 if (!flow) {
1215 /* Bail out if we're not allowed to create a new flow. */
1216 error = -ENOENT;
1217 if (info->genlhdr->cmd == OVS_FLOW_CMD_SET)
1218 goto err_kfree;
1219
1220 /* Expand table, if necessary, to make room. */
1221 if (ovs_flow_tbl_need_to_expand(table)) {
1222 struct flow_table *new_table;
1223
1224 new_table = ovs_flow_tbl_expand(table);
1225 if (!IS_ERR(new_table)) {
1226 rcu_assign_pointer(dp->table, new_table);
1227 ovs_flow_tbl_deferred_destroy(table);
1228 table = genl_dereference(dp->table);
1229 }
1230 }
1231
1232 /* Allocate flow. */
1233 flow = ovs_flow_alloc();
1234 if (IS_ERR(flow)) {
1235 error = PTR_ERR(flow);
1236 goto err_kfree;
1237 }
1238 clear_stats(flow);
1239
1240 rcu_assign_pointer(flow->sf_acts, acts);
1241
1242 /* Put flow in bucket. */
1243 ovs_flow_tbl_insert(table, flow, &key, key_len);
1244
1245 reply = ovs_flow_cmd_build_info(flow, dp, info->snd_portid,
1246 info->snd_seq,
1247 OVS_FLOW_CMD_NEW);
1248 } else {
1249 /* We found a matching flow. */
1250 struct sw_flow_actions *old_acts;
1251
1252 /* Bail out if we're not allowed to modify an existing flow.
1253 * We accept NLM_F_CREATE in place of the intended NLM_F_EXCL
1254 * because Generic Netlink treats the latter as a dump
1255 * request. We also accept NLM_F_EXCL in case that bug ever
1256 * gets fixed.
1257 */
1258 error = -EEXIST;
1259 if (info->genlhdr->cmd == OVS_FLOW_CMD_NEW &&
1260 info->nlhdr->nlmsg_flags & (NLM_F_CREATE | NLM_F_EXCL))
1261 goto err_kfree;
1262
1263 /* Update actions. */
1264 old_acts = rcu_dereference_protected(flow->sf_acts,
1265 lockdep_genl_is_held());
1266 rcu_assign_pointer(flow->sf_acts, acts);
1267 ovs_flow_deferred_free_acts(old_acts);
1268
1269 reply = ovs_flow_cmd_build_info(flow, dp, info->snd_portid,
1270 info->snd_seq, OVS_FLOW_CMD_NEW);
1271
1272 /* Clear stats. */
1273 if (a[OVS_FLOW_ATTR_CLEAR]) {
1274 spin_lock_bh(&flow->lock);
1275 clear_stats(flow);
1276 spin_unlock_bh(&flow->lock);
1277 }
1278 }
1279
1280 if (!IS_ERR(reply))
1281 genl_notify(reply, genl_info_net(info), info->snd_portid,
1282 ovs_dp_flow_multicast_group.id, info->nlhdr,
1283 GFP_KERNEL);
1284 else
1285 netlink_set_err(GENL_SOCK(sock_net(skb->sk)), 0,
1286 ovs_dp_flow_multicast_group.id, PTR_ERR(reply));
1287 return 0;
1288
1289 err_kfree:
1290 kfree(acts);
1291 error:
1292 return error;
1293 }
1294
1295 static int ovs_flow_cmd_get(struct sk_buff *skb, struct genl_info *info)
1296 {
1297 struct nlattr **a = info->attrs;
1298 struct ovs_header *ovs_header = info->userhdr;
1299 struct sw_flow_key key;
1300 struct sk_buff *reply;
1301 struct sw_flow *flow;
1302 struct datapath *dp;
1303 struct flow_table *table;
1304 int err;
1305 int key_len;
1306
1307 if (!a[OVS_FLOW_ATTR_KEY])
1308 return -EINVAL;
1309 err = ovs_flow_from_nlattrs(&key, &key_len, a[OVS_FLOW_ATTR_KEY]);
1310 if (err)
1311 return err;
1312
1313 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
1314 if (!dp)
1315 return -ENODEV;
1316
1317 table = genl_dereference(dp->table);
1318 flow = ovs_flow_tbl_lookup(table, &key, key_len);
1319 if (!flow)
1320 return -ENOENT;
1321
1322 reply = ovs_flow_cmd_build_info(flow, dp, info->snd_portid,
1323 info->snd_seq, OVS_FLOW_CMD_NEW);
1324 if (IS_ERR(reply))
1325 return PTR_ERR(reply);
1326
1327 return genlmsg_reply(reply, info);
1328 }
1329
1330 static int ovs_flow_cmd_del(struct sk_buff *skb, struct genl_info *info)
1331 {
1332 struct nlattr **a = info->attrs;
1333 struct ovs_header *ovs_header = info->userhdr;
1334 struct sw_flow_key key;
1335 struct sk_buff *reply;
1336 struct sw_flow *flow;
1337 struct datapath *dp;
1338 struct flow_table *table;
1339 int err;
1340 int key_len;
1341
1342 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
1343 if (!dp)
1344 return -ENODEV;
1345
1346 if (!a[OVS_FLOW_ATTR_KEY])
1347 return flush_flows(dp);
1348
1349 err = ovs_flow_from_nlattrs(&key, &key_len, a[OVS_FLOW_ATTR_KEY]);
1350 if (err)
1351 return err;
1352
1353 table = genl_dereference(dp->table);
1354 flow = ovs_flow_tbl_lookup(table, &key, key_len);
1355 if (!flow)
1356 return -ENOENT;
1357
1358 reply = ovs_flow_cmd_alloc_info(flow);
1359 if (!reply)
1360 return -ENOMEM;
1361
1362 ovs_flow_tbl_remove(table, flow);
1363
1364 err = ovs_flow_cmd_fill_info(flow, dp, reply, info->snd_portid,
1365 info->snd_seq, 0, OVS_FLOW_CMD_DEL);
1366 BUG_ON(err < 0);
1367
1368 ovs_flow_deferred_free(flow);
1369
1370 genl_notify(reply, genl_info_net(info), info->snd_portid,
1371 ovs_dp_flow_multicast_group.id, info->nlhdr, GFP_KERNEL);
1372 return 0;
1373 }
1374
1375 static int ovs_flow_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
1376 {
1377 struct ovs_header *ovs_header = genlmsg_data(nlmsg_data(cb->nlh));
1378 struct datapath *dp;
1379 struct flow_table *table;
1380
1381 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
1382 if (!dp)
1383 return -ENODEV;
1384
1385 table = genl_dereference(dp->table);
1386
1387 for (;;) {
1388 struct sw_flow *flow;
1389 u32 bucket, obj;
1390
1391 bucket = cb->args[0];
1392 obj = cb->args[1];
1393 flow = ovs_flow_tbl_next(table, &bucket, &obj);
1394 if (!flow)
1395 break;
1396
1397 if (ovs_flow_cmd_fill_info(flow, dp, skb,
1398 NETLINK_CB(cb->skb).portid,
1399 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1400 OVS_FLOW_CMD_NEW) < 0)
1401 break;
1402
1403 cb->args[0] = bucket;
1404 cb->args[1] = obj;
1405 }
1406 return skb->len;
1407 }
1408
1409 static struct genl_ops dp_flow_genl_ops[] = {
1410 { .cmd = OVS_FLOW_CMD_NEW,
1411 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1412 .policy = flow_policy,
1413 .doit = ovs_flow_cmd_new_or_set
1414 },
1415 { .cmd = OVS_FLOW_CMD_DEL,
1416 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1417 .policy = flow_policy,
1418 .doit = ovs_flow_cmd_del
1419 },
1420 { .cmd = OVS_FLOW_CMD_GET,
1421 .flags = 0, /* OK for unprivileged users. */
1422 .policy = flow_policy,
1423 .doit = ovs_flow_cmd_get,
1424 .dumpit = ovs_flow_cmd_dump
1425 },
1426 { .cmd = OVS_FLOW_CMD_SET,
1427 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1428 .policy = flow_policy,
1429 .doit = ovs_flow_cmd_new_or_set,
1430 },
1431 };
1432
1433 static const struct nla_policy datapath_policy[OVS_DP_ATTR_MAX + 1] = {
1434 #ifdef HAVE_NLA_NUL_STRING
1435 [OVS_DP_ATTR_NAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
1436 #endif
1437 [OVS_DP_ATTR_UPCALL_PID] = { .type = NLA_U32 },
1438 };
1439
1440 static struct genl_family dp_datapath_genl_family = {
1441 .id = GENL_ID_GENERATE,
1442 .hdrsize = sizeof(struct ovs_header),
1443 .name = OVS_DATAPATH_FAMILY,
1444 .version = OVS_DATAPATH_VERSION,
1445 .maxattr = OVS_DP_ATTR_MAX,
1446 SET_NETNSOK
1447 };
1448
1449 static struct genl_multicast_group ovs_dp_datapath_multicast_group = {
1450 .name = OVS_DATAPATH_MCGROUP
1451 };
1452
1453 static int ovs_dp_cmd_fill_info(struct datapath *dp, struct sk_buff *skb,
1454 u32 portid, u32 seq, u32 flags, u8 cmd)
1455 {
1456 struct ovs_header *ovs_header;
1457 struct ovs_dp_stats dp_stats;
1458 int err;
1459
1460 ovs_header = genlmsg_put(skb, portid, seq, &dp_datapath_genl_family,
1461 flags, cmd);
1462 if (!ovs_header)
1463 goto error;
1464
1465 ovs_header->dp_ifindex = get_dpifindex(dp);
1466
1467 rcu_read_lock();
1468 err = nla_put_string(skb, OVS_DP_ATTR_NAME, ovs_dp_name(dp));
1469 rcu_read_unlock();
1470 if (err)
1471 goto nla_put_failure;
1472
1473 get_dp_stats(dp, &dp_stats);
1474 if (nla_put(skb, OVS_DP_ATTR_STATS, sizeof(struct ovs_dp_stats), &dp_stats))
1475 goto nla_put_failure;
1476
1477 return genlmsg_end(skb, ovs_header);
1478
1479 nla_put_failure:
1480 genlmsg_cancel(skb, ovs_header);
1481 error:
1482 return -EMSGSIZE;
1483 }
1484
1485 static struct sk_buff *ovs_dp_cmd_build_info(struct datapath *dp, u32 portid,
1486 u32 seq, u8 cmd)
1487 {
1488 struct sk_buff *skb;
1489 int retval;
1490
1491 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1492 if (!skb)
1493 return ERR_PTR(-ENOMEM);
1494
1495 retval = ovs_dp_cmd_fill_info(dp, skb, portid, seq, 0, cmd);
1496 if (retval < 0) {
1497 kfree_skb(skb);
1498 return ERR_PTR(retval);
1499 }
1500 return skb;
1501 }
1502
1503 static int ovs_dp_cmd_validate(struct nlattr *a[OVS_DP_ATTR_MAX + 1])
1504 {
1505 return CHECK_NUL_STRING(a[OVS_DP_ATTR_NAME], IFNAMSIZ - 1);
1506 }
1507
1508 /* Called with genl_mutex and optionally with RTNL lock also. */
1509 static struct datapath *lookup_datapath(struct net *net,
1510 struct ovs_header *ovs_header,
1511 struct nlattr *a[OVS_DP_ATTR_MAX + 1])
1512 {
1513 struct datapath *dp;
1514
1515 if (!a[OVS_DP_ATTR_NAME])
1516 dp = get_dp(net, ovs_header->dp_ifindex);
1517 else {
1518 struct vport *vport;
1519
1520 rcu_read_lock();
1521 vport = ovs_vport_locate(net, nla_data(a[OVS_DP_ATTR_NAME]));
1522 dp = vport && vport->port_no == OVSP_LOCAL ? vport->dp : NULL;
1523 rcu_read_unlock();
1524 }
1525 return dp ? dp : ERR_PTR(-ENODEV);
1526 }
1527
1528 static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info)
1529 {
1530 struct nlattr **a = info->attrs;
1531 struct vport_parms parms;
1532 struct sk_buff *reply;
1533 struct datapath *dp;
1534 struct vport *vport;
1535 struct ovs_net *ovs_net;
1536 int err, i;
1537
1538 err = -EINVAL;
1539 if (!a[OVS_DP_ATTR_NAME] || !a[OVS_DP_ATTR_UPCALL_PID])
1540 goto err;
1541
1542 err = ovs_dp_cmd_validate(a);
1543 if (err)
1544 goto err;
1545
1546 rtnl_lock();
1547
1548 err = -ENOMEM;
1549 dp = kzalloc(sizeof(*dp), GFP_KERNEL);
1550 if (dp == NULL)
1551 goto err_unlock_rtnl;
1552
1553 ovs_dp_set_net(dp, hold_net(sock_net(skb->sk)));
1554
1555 /* Allocate table. */
1556 err = -ENOMEM;
1557 rcu_assign_pointer(dp->table, ovs_flow_tbl_alloc(TBL_MIN_BUCKETS));
1558 if (!dp->table)
1559 goto err_free_dp;
1560
1561 dp->stats_percpu = alloc_percpu(struct dp_stats_percpu);
1562 if (!dp->stats_percpu) {
1563 err = -ENOMEM;
1564 goto err_destroy_table;
1565 }
1566
1567 dp->ports = kmalloc(DP_VPORT_HASH_BUCKETS * sizeof(struct hlist_head),
1568 GFP_KERNEL);
1569 if (!dp->ports) {
1570 err = -ENOMEM;
1571 goto err_destroy_percpu;
1572 }
1573
1574 for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++)
1575 INIT_HLIST_HEAD(&dp->ports[i]);
1576
1577 /* Set up our datapath device. */
1578 parms.name = nla_data(a[OVS_DP_ATTR_NAME]);
1579 parms.type = OVS_VPORT_TYPE_INTERNAL;
1580 parms.options = NULL;
1581 parms.dp = dp;
1582 parms.port_no = OVSP_LOCAL;
1583 parms.upcall_portid = nla_get_u32(a[OVS_DP_ATTR_UPCALL_PID]);
1584
1585 vport = new_vport(&parms);
1586 if (IS_ERR(vport)) {
1587 err = PTR_ERR(vport);
1588 if (err == -EBUSY)
1589 err = -EEXIST;
1590
1591 goto err_destroy_ports_array;
1592 }
1593
1594 reply = ovs_dp_cmd_build_info(dp, info->snd_portid,
1595 info->snd_seq, OVS_DP_CMD_NEW);
1596 err = PTR_ERR(reply);
1597 if (IS_ERR(reply))
1598 goto err_destroy_local_port;
1599
1600 ovs_net = net_generic(ovs_dp_get_net(dp), ovs_net_id);
1601 list_add_tail(&dp->list_node, &ovs_net->dps);
1602
1603 rtnl_unlock();
1604
1605 genl_notify(reply, genl_info_net(info), info->snd_portid,
1606 ovs_dp_datapath_multicast_group.id, info->nlhdr,
1607 GFP_KERNEL);
1608 return 0;
1609
1610 err_destroy_local_port:
1611 ovs_dp_detach_port(ovs_vport_rtnl(dp, OVSP_LOCAL));
1612 err_destroy_ports_array:
1613 kfree(dp->ports);
1614 err_destroy_percpu:
1615 free_percpu(dp->stats_percpu);
1616 err_destroy_table:
1617 ovs_flow_tbl_destroy(genl_dereference(dp->table));
1618 err_free_dp:
1619 release_net(ovs_dp_get_net(dp));
1620 kfree(dp);
1621 err_unlock_rtnl:
1622 rtnl_unlock();
1623 err:
1624 return err;
1625 }
1626
1627 /* Called with genl_mutex. */
1628 static void __dp_destroy(struct datapath *dp)
1629 {
1630 int i;
1631
1632 rtnl_lock();
1633
1634 for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++) {
1635 struct vport *vport;
1636 struct hlist_node *node, *n;
1637
1638 hlist_for_each_entry_safe(vport, node, n, &dp->ports[i], dp_hash_node)
1639 if (vport->port_no != OVSP_LOCAL)
1640 ovs_dp_detach_port(vport);
1641 }
1642
1643 list_del(&dp->list_node);
1644 ovs_dp_detach_port(ovs_vport_rtnl(dp, OVSP_LOCAL));
1645
1646 /* rtnl_unlock() will wait until all the references to devices that
1647 * are pending unregistration have been dropped. We do it here to
1648 * ensure that any internal devices (which contain DP pointers) are
1649 * fully destroyed before freeing the datapath.
1650 */
1651 rtnl_unlock();
1652
1653 call_rcu(&dp->rcu, destroy_dp_rcu);
1654 }
1655
1656 static int ovs_dp_cmd_del(struct sk_buff *skb, struct genl_info *info)
1657 {
1658 struct sk_buff *reply;
1659 struct datapath *dp;
1660 int err;
1661
1662 err = ovs_dp_cmd_validate(info->attrs);
1663 if (err)
1664 return err;
1665
1666 dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
1667 err = PTR_ERR(dp);
1668 if (IS_ERR(dp))
1669 return err;
1670
1671 reply = ovs_dp_cmd_build_info(dp, info->snd_portid,
1672 info->snd_seq, OVS_DP_CMD_DEL);
1673 err = PTR_ERR(reply);
1674 if (IS_ERR(reply))
1675 return err;
1676
1677 __dp_destroy(dp);
1678
1679 genl_notify(reply, genl_info_net(info), info->snd_portid,
1680 ovs_dp_datapath_multicast_group.id, info->nlhdr,
1681 GFP_KERNEL);
1682
1683 return 0;
1684 }
1685
1686 static int ovs_dp_cmd_set(struct sk_buff *skb, struct genl_info *info)
1687 {
1688 struct sk_buff *reply;
1689 struct datapath *dp;
1690 int err;
1691
1692 err = ovs_dp_cmd_validate(info->attrs);
1693 if (err)
1694 return err;
1695
1696 dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
1697 if (IS_ERR(dp))
1698 return PTR_ERR(dp);
1699
1700 reply = ovs_dp_cmd_build_info(dp, info->snd_portid,
1701 info->snd_seq, OVS_DP_CMD_NEW);
1702 if (IS_ERR(reply)) {
1703 err = PTR_ERR(reply);
1704 netlink_set_err(GENL_SOCK(sock_net(skb->sk)), 0,
1705 ovs_dp_datapath_multicast_group.id, err);
1706 return 0;
1707 }
1708
1709 genl_notify(reply, genl_info_net(info), info->snd_portid,
1710 ovs_dp_datapath_multicast_group.id, info->nlhdr,
1711 GFP_KERNEL);
1712
1713 return 0;
1714 }
1715
1716 static int ovs_dp_cmd_get(struct sk_buff *skb, struct genl_info *info)
1717 {
1718 struct sk_buff *reply;
1719 struct datapath *dp;
1720 int err;
1721
1722 err = ovs_dp_cmd_validate(info->attrs);
1723 if (err)
1724 return err;
1725
1726 dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
1727 if (IS_ERR(dp))
1728 return PTR_ERR(dp);
1729
1730 reply = ovs_dp_cmd_build_info(dp, info->snd_portid,
1731 info->snd_seq, OVS_DP_CMD_NEW);
1732 if (IS_ERR(reply))
1733 return PTR_ERR(reply);
1734
1735 return genlmsg_reply(reply, info);
1736 }
1737
1738 static int ovs_dp_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
1739 {
1740 struct ovs_net *ovs_net = net_generic(sock_net(skb->sk), ovs_net_id);
1741 struct datapath *dp;
1742 int skip = cb->args[0];
1743 int i = 0;
1744
1745 list_for_each_entry(dp, &ovs_net->dps, list_node) {
1746 if (i >= skip &&
1747 ovs_dp_cmd_fill_info(dp, skb, NETLINK_CB(cb->skb).portid,
1748 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1749 OVS_DP_CMD_NEW) < 0)
1750 break;
1751 i++;
1752 }
1753
1754 cb->args[0] = i;
1755
1756 return skb->len;
1757 }
1758
1759 static struct genl_ops dp_datapath_genl_ops[] = {
1760 { .cmd = OVS_DP_CMD_NEW,
1761 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1762 .policy = datapath_policy,
1763 .doit = ovs_dp_cmd_new
1764 },
1765 { .cmd = OVS_DP_CMD_DEL,
1766 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1767 .policy = datapath_policy,
1768 .doit = ovs_dp_cmd_del
1769 },
1770 { .cmd = OVS_DP_CMD_GET,
1771 .flags = 0, /* OK for unprivileged users. */
1772 .policy = datapath_policy,
1773 .doit = ovs_dp_cmd_get,
1774 .dumpit = ovs_dp_cmd_dump
1775 },
1776 { .cmd = OVS_DP_CMD_SET,
1777 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1778 .policy = datapath_policy,
1779 .doit = ovs_dp_cmd_set,
1780 },
1781 };
1782
1783 static const struct nla_policy vport_policy[OVS_VPORT_ATTR_MAX + 1] = {
1784 #ifdef HAVE_NLA_NUL_STRING
1785 [OVS_VPORT_ATTR_NAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
1786 [OVS_VPORT_ATTR_STATS] = { .len = sizeof(struct ovs_vport_stats) },
1787 [OVS_VPORT_ATTR_ADDRESS] = { .len = ETH_ALEN },
1788 #else
1789 [OVS_VPORT_ATTR_STATS] = { .minlen = sizeof(struct ovs_vport_stats) },
1790 [OVS_VPORT_ATTR_ADDRESS] = { .minlen = ETH_ALEN },
1791 #endif
1792 [OVS_VPORT_ATTR_PORT_NO] = { .type = NLA_U32 },
1793 [OVS_VPORT_ATTR_TYPE] = { .type = NLA_U32 },
1794 [OVS_VPORT_ATTR_UPCALL_PID] = { .type = NLA_U32 },
1795 [OVS_VPORT_ATTR_OPTIONS] = { .type = NLA_NESTED },
1796 };
1797
1798 static struct genl_family dp_vport_genl_family = {
1799 .id = GENL_ID_GENERATE,
1800 .hdrsize = sizeof(struct ovs_header),
1801 .name = OVS_VPORT_FAMILY,
1802 .version = OVS_VPORT_VERSION,
1803 .maxattr = OVS_VPORT_ATTR_MAX,
1804 SET_NETNSOK
1805 };
1806
1807 struct genl_multicast_group ovs_dp_vport_multicast_group = {
1808 .name = OVS_VPORT_MCGROUP
1809 };
1810
1811 /* Called with RTNL lock or RCU read lock. */
1812 static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb,
1813 u32 portid, u32 seq, u32 flags, u8 cmd)
1814 {
1815 struct ovs_header *ovs_header;
1816 struct ovs_vport_stats vport_stats;
1817 int err;
1818
1819 ovs_header = genlmsg_put(skb, portid, seq, &dp_vport_genl_family,
1820 flags, cmd);
1821 if (!ovs_header)
1822 return -EMSGSIZE;
1823
1824 ovs_header->dp_ifindex = get_dpifindex(vport->dp);
1825
1826 if (nla_put_u32(skb, OVS_VPORT_ATTR_PORT_NO, vport->port_no) ||
1827 nla_put_u32(skb, OVS_VPORT_ATTR_TYPE, vport->ops->type) ||
1828 nla_put_string(skb, OVS_VPORT_ATTR_NAME, vport->ops->get_name(vport)) ||
1829 nla_put_u32(skb, OVS_VPORT_ATTR_UPCALL_PID, vport->upcall_portid))
1830 goto nla_put_failure;
1831
1832 ovs_vport_get_stats(vport, &vport_stats);
1833 if (nla_put(skb, OVS_VPORT_ATTR_STATS, sizeof(struct ovs_vport_stats),
1834 &vport_stats))
1835 goto nla_put_failure;
1836
1837 if (nla_put(skb, OVS_VPORT_ATTR_ADDRESS, ETH_ALEN,
1838 vport->ops->get_addr(vport)))
1839 goto nla_put_failure;
1840
1841 err = ovs_vport_get_options(vport, skb);
1842 if (err == -EMSGSIZE)
1843 goto error;
1844
1845 return genlmsg_end(skb, ovs_header);
1846
1847 nla_put_failure:
1848 err = -EMSGSIZE;
1849 error:
1850 genlmsg_cancel(skb, ovs_header);
1851 return err;
1852 }
1853
1854 /* Called with RTNL lock or RCU read lock. */
1855 struct sk_buff *ovs_vport_cmd_build_info(struct vport *vport, u32 portid,
1856 u32 seq, u8 cmd)
1857 {
1858 struct sk_buff *skb;
1859 int retval;
1860
1861 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
1862 if (!skb)
1863 return ERR_PTR(-ENOMEM);
1864
1865 retval = ovs_vport_cmd_fill_info(vport, skb, portid, seq, 0, cmd);
1866 if (retval < 0) {
1867 kfree_skb(skb);
1868 return ERR_PTR(retval);
1869 }
1870 return skb;
1871 }
1872
1873 static int ovs_vport_cmd_validate(struct nlattr *a[OVS_VPORT_ATTR_MAX + 1])
1874 {
1875 return CHECK_NUL_STRING(a[OVS_VPORT_ATTR_NAME], IFNAMSIZ - 1);
1876 }
1877
1878 /* Called with RTNL lock or RCU read lock. */
1879 static struct vport *lookup_vport(struct net *net,
1880 struct ovs_header *ovs_header,
1881 struct nlattr *a[OVS_VPORT_ATTR_MAX + 1])
1882 {
1883 struct datapath *dp;
1884 struct vport *vport;
1885
1886 if (a[OVS_VPORT_ATTR_NAME]) {
1887 vport = ovs_vport_locate(net, nla_data(a[OVS_VPORT_ATTR_NAME]));
1888 if (!vport)
1889 return ERR_PTR(-ENODEV);
1890 if (ovs_header->dp_ifindex &&
1891 ovs_header->dp_ifindex != get_dpifindex(vport->dp))
1892 return ERR_PTR(-ENODEV);
1893 return vport;
1894 } else if (a[OVS_VPORT_ATTR_PORT_NO]) {
1895 u32 port_no = nla_get_u32(a[OVS_VPORT_ATTR_PORT_NO]);
1896
1897 if (port_no >= DP_MAX_PORTS)
1898 return ERR_PTR(-EFBIG);
1899
1900 dp = get_dp(net, ovs_header->dp_ifindex);
1901 if (!dp)
1902 return ERR_PTR(-ENODEV);
1903
1904 vport = ovs_vport_rtnl_rcu(dp, port_no);
1905 if (!vport)
1906 return ERR_PTR(-ENODEV);
1907 return vport;
1908 } else
1909 return ERR_PTR(-EINVAL);
1910 }
1911
1912 /* Called with RTNL lock. */
1913 static int change_vport(struct vport *vport,
1914 struct nlattr *a[OVS_VPORT_ATTR_MAX + 1])
1915 {
1916 int err = 0;
1917
1918 if (a[OVS_VPORT_ATTR_STATS])
1919 ovs_vport_set_stats(vport, nla_data(a[OVS_VPORT_ATTR_STATS]));
1920
1921 if (a[OVS_VPORT_ATTR_ADDRESS])
1922 err = ovs_vport_set_addr(vport, nla_data(a[OVS_VPORT_ATTR_ADDRESS]));
1923
1924 return err;
1925 }
1926
1927 static int ovs_vport_cmd_new(struct sk_buff *skb, struct genl_info *info)
1928 {
1929 struct nlattr **a = info->attrs;
1930 struct ovs_header *ovs_header = info->userhdr;
1931 struct vport_parms parms;
1932 struct sk_buff *reply;
1933 struct vport *vport;
1934 struct datapath *dp;
1935 u32 port_no;
1936 int err;
1937
1938 err = -EINVAL;
1939 if (!a[OVS_VPORT_ATTR_NAME] || !a[OVS_VPORT_ATTR_TYPE] ||
1940 !a[OVS_VPORT_ATTR_UPCALL_PID])
1941 goto exit;
1942
1943 err = ovs_vport_cmd_validate(a);
1944 if (err)
1945 goto exit;
1946
1947 rtnl_lock();
1948 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
1949 err = -ENODEV;
1950 if (!dp)
1951 goto exit_unlock;
1952
1953 if (a[OVS_VPORT_ATTR_PORT_NO]) {
1954 port_no = nla_get_u32(a[OVS_VPORT_ATTR_PORT_NO]);
1955
1956 err = -EFBIG;
1957 if (port_no >= DP_MAX_PORTS)
1958 goto exit_unlock;
1959
1960 vport = ovs_vport_rtnl(dp, port_no);
1961 err = -EBUSY;
1962 if (vport)
1963 goto exit_unlock;
1964 } else {
1965 for (port_no = 1; ; port_no++) {
1966 if (port_no >= DP_MAX_PORTS) {
1967 err = -EFBIG;
1968 goto exit_unlock;
1969 }
1970 vport = ovs_vport_rtnl(dp, port_no);
1971 if (!vport)
1972 break;
1973 }
1974 }
1975
1976 parms.name = nla_data(a[OVS_VPORT_ATTR_NAME]);
1977 parms.type = nla_get_u32(a[OVS_VPORT_ATTR_TYPE]);
1978 parms.options = a[OVS_VPORT_ATTR_OPTIONS];
1979 parms.dp = dp;
1980 parms.port_no = port_no;
1981 parms.upcall_portid = nla_get_u32(a[OVS_VPORT_ATTR_UPCALL_PID]);
1982
1983 vport = new_vport(&parms);
1984 err = PTR_ERR(vport);
1985 if (IS_ERR(vport))
1986 goto exit_unlock;
1987
1988 err = change_vport(vport, a);
1989 if (!err) {
1990 reply = ovs_vport_cmd_build_info(vport, info->snd_portid,
1991 info->snd_seq,
1992 OVS_VPORT_CMD_NEW);
1993 if (IS_ERR(reply))
1994 err = PTR_ERR(reply);
1995 }
1996 if (err) {
1997 ovs_dp_detach_port(vport);
1998 goto exit_unlock;
1999 }
2000 genl_notify(reply, genl_info_net(info), info->snd_portid,
2001 ovs_dp_vport_multicast_group.id, info->nlhdr, GFP_KERNEL);
2002
2003 exit_unlock:
2004 rtnl_unlock();
2005 exit:
2006 return err;
2007 }
2008
2009 static int ovs_vport_cmd_set(struct sk_buff *skb, struct genl_info *info)
2010 {
2011 struct nlattr **a = info->attrs;
2012 struct sk_buff *reply;
2013 struct vport *vport;
2014 int err;
2015
2016 err = ovs_vport_cmd_validate(a);
2017 if (err)
2018 goto exit;
2019
2020 rtnl_lock();
2021 vport = lookup_vport(sock_net(skb->sk), info->userhdr, a);
2022 err = PTR_ERR(vport);
2023 if (IS_ERR(vport))
2024 goto exit_unlock;
2025
2026 err = 0;
2027 if (a[OVS_VPORT_ATTR_TYPE] &&
2028 nla_get_u32(a[OVS_VPORT_ATTR_TYPE]) != vport->ops->type)
2029 err = -EINVAL;
2030
2031 if (!err && a[OVS_VPORT_ATTR_OPTIONS])
2032 err = ovs_vport_set_options(vport, a[OVS_VPORT_ATTR_OPTIONS]);
2033 if (!err)
2034 err = change_vport(vport, a);
2035 else
2036 goto exit_unlock;
2037 if (!err && a[OVS_VPORT_ATTR_UPCALL_PID])
2038 vport->upcall_portid = nla_get_u32(a[OVS_VPORT_ATTR_UPCALL_PID]);
2039
2040 reply = ovs_vport_cmd_build_info(vport, info->snd_portid,
2041 info->snd_seq, OVS_VPORT_CMD_NEW);
2042 if (IS_ERR(reply)) {
2043 netlink_set_err(GENL_SOCK(sock_net(skb->sk)), 0,
2044 ovs_dp_vport_multicast_group.id, PTR_ERR(reply));
2045 goto exit_unlock;
2046 }
2047
2048 genl_notify(reply, genl_info_net(info), info->snd_portid,
2049 ovs_dp_vport_multicast_group.id, info->nlhdr, GFP_KERNEL);
2050
2051 exit_unlock:
2052 rtnl_unlock();
2053 exit:
2054 return err;
2055 }
2056
2057 static int ovs_vport_cmd_del(struct sk_buff *skb, struct genl_info *info)
2058 {
2059 struct nlattr **a = info->attrs;
2060 struct sk_buff *reply;
2061 struct vport *vport;
2062 int err;
2063
2064 err = ovs_vport_cmd_validate(a);
2065 if (err)
2066 goto exit;
2067
2068 rtnl_lock();
2069 vport = lookup_vport(sock_net(skb->sk), info->userhdr, a);
2070 err = PTR_ERR(vport);
2071 if (IS_ERR(vport))
2072 goto exit_unlock;
2073
2074 if (vport->port_no == OVSP_LOCAL) {
2075 err = -EINVAL;
2076 goto exit_unlock;
2077 }
2078
2079 reply = ovs_vport_cmd_build_info(vport, info->snd_portid,
2080 info->snd_seq, OVS_VPORT_CMD_DEL);
2081 err = PTR_ERR(reply);
2082 if (IS_ERR(reply))
2083 goto exit_unlock;
2084
2085 ovs_dp_detach_port(vport);
2086
2087 genl_notify(reply, genl_info_net(info), info->snd_portid,
2088 ovs_dp_vport_multicast_group.id, info->nlhdr, GFP_KERNEL);
2089
2090 exit_unlock:
2091 rtnl_unlock();
2092 exit:
2093 return err;
2094 }
2095
2096 static int ovs_vport_cmd_get(struct sk_buff *skb, struct genl_info *info)
2097 {
2098 struct nlattr **a = info->attrs;
2099 struct ovs_header *ovs_header = info->userhdr;
2100 struct sk_buff *reply;
2101 struct vport *vport;
2102 int err;
2103
2104 err = ovs_vport_cmd_validate(a);
2105 if (err)
2106 goto exit;
2107
2108 rcu_read_lock();
2109 vport = lookup_vport(sock_net(skb->sk), ovs_header, a);
2110 err = PTR_ERR(vport);
2111 if (IS_ERR(vport))
2112 goto exit_unlock;
2113
2114 reply = ovs_vport_cmd_build_info(vport, info->snd_portid,
2115 info->snd_seq, OVS_VPORT_CMD_NEW);
2116 err = PTR_ERR(reply);
2117 if (IS_ERR(reply))
2118 goto exit_unlock;
2119
2120 rcu_read_unlock();
2121
2122 return genlmsg_reply(reply, info);
2123
2124 exit_unlock:
2125 rcu_read_unlock();
2126 exit:
2127 return err;
2128 }
2129
2130 static int ovs_vport_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
2131 {
2132 struct ovs_header *ovs_header = genlmsg_data(nlmsg_data(cb->nlh));
2133 struct datapath *dp;
2134 int bucket = cb->args[0], skip = cb->args[1];
2135 int i, j = 0;
2136
2137 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
2138 if (!dp)
2139 return -ENODEV;
2140
2141 rcu_read_lock();
2142 for (i = bucket; i < DP_VPORT_HASH_BUCKETS; i++) {
2143 struct vport *vport;
2144 struct hlist_node *n;
2145
2146 j = 0;
2147 hlist_for_each_entry_rcu(vport, n, &dp->ports[i], dp_hash_node) {
2148 if (j >= skip &&
2149 ovs_vport_cmd_fill_info(vport, skb,
2150 NETLINK_CB(cb->skb).portid,
2151 cb->nlh->nlmsg_seq,
2152 NLM_F_MULTI,
2153 OVS_VPORT_CMD_NEW) < 0)
2154 goto out;
2155
2156 j++;
2157 }
2158 skip = 0;
2159 }
2160 out:
2161 rcu_read_unlock();
2162
2163 cb->args[0] = i;
2164 cb->args[1] = j;
2165
2166 return skb->len;
2167 }
2168
2169 static struct genl_ops dp_vport_genl_ops[] = {
2170 { .cmd = OVS_VPORT_CMD_NEW,
2171 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
2172 .policy = vport_policy,
2173 .doit = ovs_vport_cmd_new
2174 },
2175 { .cmd = OVS_VPORT_CMD_DEL,
2176 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
2177 .policy = vport_policy,
2178 .doit = ovs_vport_cmd_del
2179 },
2180 { .cmd = OVS_VPORT_CMD_GET,
2181 .flags = 0, /* OK for unprivileged users. */
2182 .policy = vport_policy,
2183 .doit = ovs_vport_cmd_get,
2184 .dumpit = ovs_vport_cmd_dump
2185 },
2186 { .cmd = OVS_VPORT_CMD_SET,
2187 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
2188 .policy = vport_policy,
2189 .doit = ovs_vport_cmd_set,
2190 },
2191 };
2192
2193 struct genl_family_and_ops {
2194 struct genl_family *family;
2195 struct genl_ops *ops;
2196 int n_ops;
2197 struct genl_multicast_group *group;
2198 };
2199
2200 static const struct genl_family_and_ops dp_genl_families[] = {
2201 { &dp_datapath_genl_family,
2202 dp_datapath_genl_ops, ARRAY_SIZE(dp_datapath_genl_ops),
2203 &ovs_dp_datapath_multicast_group },
2204 { &dp_vport_genl_family,
2205 dp_vport_genl_ops, ARRAY_SIZE(dp_vport_genl_ops),
2206 &ovs_dp_vport_multicast_group },
2207 { &dp_flow_genl_family,
2208 dp_flow_genl_ops, ARRAY_SIZE(dp_flow_genl_ops),
2209 &ovs_dp_flow_multicast_group },
2210 { &dp_packet_genl_family,
2211 dp_packet_genl_ops, ARRAY_SIZE(dp_packet_genl_ops),
2212 NULL },
2213 };
2214
2215 static void dp_unregister_genl(int n_families)
2216 {
2217 int i;
2218
2219 for (i = 0; i < n_families; i++)
2220 genl_unregister_family(dp_genl_families[i].family);
2221 }
2222
2223 static int dp_register_genl(void)
2224 {
2225 int n_registered;
2226 int err;
2227 int i;
2228
2229 n_registered = 0;
2230 for (i = 0; i < ARRAY_SIZE(dp_genl_families); i++) {
2231 const struct genl_family_and_ops *f = &dp_genl_families[i];
2232
2233 err = genl_register_family_with_ops(f->family, f->ops,
2234 f->n_ops);
2235 if (err)
2236 goto error;
2237 n_registered++;
2238
2239 if (f->group) {
2240 err = genl_register_mc_group(f->family, f->group);
2241 if (err)
2242 goto error;
2243 }
2244 }
2245
2246 return 0;
2247
2248 error:
2249 dp_unregister_genl(n_registered);
2250 return err;
2251 }
2252
2253 static int __rehash_flow_table(void *dummy)
2254 {
2255 struct datapath *dp;
2256 struct net *net;
2257
2258 rtnl_lock();
2259 for_each_net(net) {
2260 struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
2261
2262 list_for_each_entry(dp, &ovs_net->dps, list_node) {
2263 struct flow_table *old_table = genl_dereference(dp->table);
2264 struct flow_table *new_table;
2265
2266 new_table = ovs_flow_tbl_rehash(old_table);
2267 if (!IS_ERR(new_table)) {
2268 rcu_assign_pointer(dp->table, new_table);
2269 ovs_flow_tbl_deferred_destroy(old_table);
2270 }
2271 }
2272 }
2273 rtnl_unlock();
2274 return 0;
2275 }
2276
2277 static void rehash_flow_table(struct work_struct *work)
2278 {
2279 genl_exec(__rehash_flow_table, NULL);
2280 schedule_delayed_work(&rehash_flow_wq, REHASH_FLOW_INTERVAL);
2281 }
2282
2283 static int dp_destroy_all(void *data)
2284 {
2285 struct datapath *dp, *dp_next;
2286 struct ovs_net *ovs_net = data;
2287
2288 list_for_each_entry_safe(dp, dp_next, &ovs_net->dps, list_node)
2289 __dp_destroy(dp);
2290
2291 return 0;
2292 }
2293
2294 static int __net_init ovs_init_net(struct net *net)
2295 {
2296 struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
2297
2298 INIT_LIST_HEAD(&ovs_net->dps);
2299 return 0;
2300 }
2301
2302 static void __net_exit ovs_exit_net(struct net *net)
2303 {
2304 struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
2305
2306 genl_exec(dp_destroy_all, ovs_net);
2307 }
2308
2309 static struct pernet_operations ovs_net_ops = {
2310 .init = ovs_init_net,
2311 .exit = ovs_exit_net,
2312 .id = &ovs_net_id,
2313 .size = sizeof(struct ovs_net),
2314 };
2315
2316 static int __init dp_init(void)
2317 {
2318 int err;
2319
2320 BUILD_BUG_ON(sizeof(struct ovs_skb_cb) > FIELD_SIZEOF(struct sk_buff, cb));
2321
2322 pr_info("Open vSwitch switching datapath %s, built "__DATE__" "__TIME__"\n",
2323 VERSION);
2324
2325 err = genl_exec_init();
2326 if (err)
2327 goto error;
2328
2329 err = ovs_workqueues_init();
2330 if (err)
2331 goto error_genl_exec;
2332
2333 err = ovs_tnl_init();
2334 if (err)
2335 goto error_wq;
2336
2337 err = ovs_flow_init();
2338 if (err)
2339 goto error_tnl_exit;
2340
2341 err = ovs_vport_init();
2342 if (err)
2343 goto error_flow_exit;
2344
2345 err = register_pernet_device(&ovs_net_ops);
2346 if (err)
2347 goto error_vport_exit;
2348
2349 err = register_netdevice_notifier(&ovs_dp_device_notifier);
2350 if (err)
2351 goto error_netns_exit;
2352
2353 err = dp_register_genl();
2354 if (err < 0)
2355 goto error_unreg_notifier;
2356
2357 schedule_delayed_work(&rehash_flow_wq, REHASH_FLOW_INTERVAL);
2358
2359 return 0;
2360
2361 error_unreg_notifier:
2362 unregister_netdevice_notifier(&ovs_dp_device_notifier);
2363 error_netns_exit:
2364 unregister_pernet_device(&ovs_net_ops);
2365 error_vport_exit:
2366 ovs_vport_exit();
2367 error_flow_exit:
2368 ovs_flow_exit();
2369 error_tnl_exit:
2370 ovs_tnl_exit();
2371 error_wq:
2372 ovs_workqueues_exit();
2373 error_genl_exec:
2374 genl_exec_exit();
2375 error:
2376 return err;
2377 }
2378
2379 static void dp_cleanup(void)
2380 {
2381 cancel_delayed_work_sync(&rehash_flow_wq);
2382 dp_unregister_genl(ARRAY_SIZE(dp_genl_families));
2383 unregister_netdevice_notifier(&ovs_dp_device_notifier);
2384 unregister_pernet_device(&ovs_net_ops);
2385 rcu_barrier();
2386 ovs_vport_exit();
2387 ovs_flow_exit();
2388 ovs_tnl_exit();
2389 ovs_workqueues_exit();
2390 genl_exec_exit();
2391 }
2392
2393 module_init(dp_init);
2394 module_exit(dp_cleanup);
2395
2396 MODULE_DESCRIPTION("Open vSwitch switching datapath");
2397 MODULE_LICENSE("GPL");
2398 MODULE_VERSION(VERSION);
openvswitch packages for PVE