]> git.proxmox.com Git - mirror_ovs.git/blob - datapath/flow_netlink.c
projects / mirror_ovs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
datapath: Remove redundant tcp_flags code.
[mirror_ovs.git] / datapath / flow_netlink.c
1 /*
2 * Copyright (c) 2007-2013 Nicira, Inc.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of version 2 of the GNU General Public
6 * License as published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
16 * 02110-1301, USA
17 */
18
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
20
21 #include "flow.h"
22 #include "datapath.h"
23 #include "mpls.h"
24 #include <linux/uaccess.h>
25 #include <linux/netdevice.h>
26 #include <linux/etherdevice.h>
27 #include <linux/if_ether.h>
28 #include <linux/if_vlan.h>
29 #include <net/llc_pdu.h>
30 #include <linux/kernel.h>
31 #include <linux/jhash.h>
32 #include <linux/jiffies.h>
33 #include <linux/llc.h>
34 #include <linux/module.h>
35 #include <linux/in.h>
36 #include <linux/rcupdate.h>
37 #include <linux/if_arp.h>
38 #include <linux/ip.h>
39 #include <linux/ipv6.h>
40 #include <linux/sctp.h>
41 #include <linux/tcp.h>
42 #include <linux/udp.h>
43 #include <linux/icmp.h>
44 #include <linux/icmpv6.h>
45 #include <linux/rculist.h>
46 #include <net/geneve.h>
47 #include <net/ip.h>
48 #include <net/ip_tunnels.h>
49 #include <net/ipv6.h>
50 #include <net/ndisc.h>
51
52 #include "flow_netlink.h"
53
54 static void update_range__(struct sw_flow_match *match,
55 size_t offset, size_t size, bool is_mask)
56 {
57 struct sw_flow_key_range *range = NULL;
58 size_t start = rounddown(offset, sizeof(long));
59 size_t end = roundup(offset + size, sizeof(long));
60
61 if (!is_mask)
62 range = &match->range;
63 else if (match->mask)
64 range = &match->mask->range;
65
66 if (!range)
67 return;
68
69 if (range->start == range->end) {
70 range->start = start;
71 range->end = end;
72 return;
73 }
74
75 if (range->start > start)
76 range->start = start;
77
78 if (range->end < end)
79 range->end = end;
80 }
81
82 #define SW_FLOW_KEY_PUT(match, field, value, is_mask) \
83 do { \
84 update_range__(match, offsetof(struct sw_flow_key, field), \
85 sizeof((match)->key->field), is_mask); \
86 if (is_mask) { \
87 if ((match)->mask) \
88 (match)->mask->key.field = value; \
89 } else { \
90 (match)->key->field = value; \
91 } \
92 } while (0)
93
94 #define SW_FLOW_KEY_MEMCPY_OFFSET(match, offset, value_p, len, is_mask) \
95 do { \
96 update_range__(match, offset, len, is_mask); \
97 if (is_mask) { \
98 if ((match)->mask) \
99 memcpy((u8 *)&(match)->mask->key + offset, value_p, len);\
100 } else { \
101 memcpy((u8 *)(match)->key + offset, value_p, len); \
102 } \
103 } while (0)
104
105 #define SW_FLOW_KEY_MEMCPY(match, field, value_p, len, is_mask) \
106 SW_FLOW_KEY_MEMCPY_OFFSET(match, offsetof(struct sw_flow_key, field), \
107 value_p, len, is_mask)
108
109 static u16 range_n_bytes(const struct sw_flow_key_range *range)
110 {
111 return range->end - range->start;
112 }
113
114 static bool match_validate(const struct sw_flow_match *match,
115 u64 key_attrs, u64 mask_attrs)
116 {
117 u64 key_expected = 1ULL << OVS_KEY_ATTR_ETHERNET;
118 u64 mask_allowed = key_attrs; /* At most allow all key attributes */
119
120 /* The following mask attributes allowed only if they
121 * pass the validation tests. */
122 mask_allowed &= ~((1ULL << OVS_KEY_ATTR_IPV4)
123 | (1ULL << OVS_KEY_ATTR_IPV6)
124 | (1ULL << OVS_KEY_ATTR_TCP)
125 | (1ULL << OVS_KEY_ATTR_TCP_FLAGS)
126 | (1ULL << OVS_KEY_ATTR_UDP)
127 | (1ULL << OVS_KEY_ATTR_SCTP)
128 | (1ULL << OVS_KEY_ATTR_ICMP)
129 | (1ULL << OVS_KEY_ATTR_ICMPV6)
130 | (1ULL << OVS_KEY_ATTR_ARP)
131 | (1ULL << OVS_KEY_ATTR_ND)
132 | (1ULL << OVS_KEY_ATTR_MPLS));
133
134 /* Always allowed mask fields. */
135 mask_allowed |= ((1ULL << OVS_KEY_ATTR_TUNNEL)
136 | (1ULL << OVS_KEY_ATTR_IN_PORT)
137 | (1ULL << OVS_KEY_ATTR_ETHERTYPE));
138
139 /* Check key attributes. */
140 if (match->key->eth.type == htons(ETH_P_ARP)
141 || match->key->eth.type == htons(ETH_P_RARP)) {
142 key_expected |= 1ULL << OVS_KEY_ATTR_ARP;
143 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
144 mask_allowed |= 1ULL << OVS_KEY_ATTR_ARP;
145 }
146
147
148 if (eth_p_mpls(match->key->eth.type)) {
149 key_expected |= 1ULL << OVS_KEY_ATTR_MPLS;
150 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
151 mask_allowed |= 1ULL << OVS_KEY_ATTR_MPLS;
152 }
153
154 if (match->key->eth.type == htons(ETH_P_IP)) {
155 key_expected |= 1ULL << OVS_KEY_ATTR_IPV4;
156 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
157 mask_allowed |= 1ULL << OVS_KEY_ATTR_IPV4;
158
159 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) {
160 if (match->key->ip.proto == IPPROTO_UDP) {
161 key_expected |= 1ULL << OVS_KEY_ATTR_UDP;
162 if (match->mask && (match->mask->key.ip.proto == 0xff))
163 mask_allowed |= 1ULL << OVS_KEY_ATTR_UDP;
164 }
165
166 if (match->key->ip.proto == IPPROTO_SCTP) {
167 key_expected |= 1ULL << OVS_KEY_ATTR_SCTP;
168 if (match->mask && (match->mask->key.ip.proto == 0xff))
169 mask_allowed |= 1ULL << OVS_KEY_ATTR_SCTP;
170 }
171
172 if (match->key->ip.proto == IPPROTO_TCP) {
173 key_expected |= 1ULL << OVS_KEY_ATTR_TCP;
174 key_expected |= 1ULL << OVS_KEY_ATTR_TCP_FLAGS;
175 if (match->mask && (match->mask->key.ip.proto == 0xff)) {
176 mask_allowed |= 1ULL << OVS_KEY_ATTR_TCP;
177 mask_allowed |= 1ULL << OVS_KEY_ATTR_TCP_FLAGS;
178 }
179 }
180
181 if (match->key->ip.proto == IPPROTO_ICMP) {
182 key_expected |= 1ULL << OVS_KEY_ATTR_ICMP;
183 if (match->mask && (match->mask->key.ip.proto == 0xff))
184 mask_allowed |= 1ULL << OVS_KEY_ATTR_ICMP;
185 }
186 }
187 }
188
189 if (match->key->eth.type == htons(ETH_P_IPV6)) {
190 key_expected |= 1ULL << OVS_KEY_ATTR_IPV6;
191 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
192 mask_allowed |= 1ULL << OVS_KEY_ATTR_IPV6;
193
194 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) {
195 if (match->key->ip.proto == IPPROTO_UDP) {
196 key_expected |= 1ULL << OVS_KEY_ATTR_UDP;
197 if (match->mask && (match->mask->key.ip.proto == 0xff))
198 mask_allowed |= 1ULL << OVS_KEY_ATTR_UDP;
199 }
200
201 if (match->key->ip.proto == IPPROTO_SCTP) {
202 key_expected |= 1ULL << OVS_KEY_ATTR_SCTP;
203 if (match->mask && (match->mask->key.ip.proto == 0xff))
204 mask_allowed |= 1ULL << OVS_KEY_ATTR_SCTP;
205 }
206
207 if (match->key->ip.proto == IPPROTO_TCP) {
208 key_expected |= 1ULL << OVS_KEY_ATTR_TCP;
209 key_expected |= 1ULL << OVS_KEY_ATTR_TCP_FLAGS;
210 if (match->mask && (match->mask->key.ip.proto == 0xff)) {
211 mask_allowed |= 1ULL << OVS_KEY_ATTR_TCP;
212 mask_allowed |= 1ULL << OVS_KEY_ATTR_TCP_FLAGS;
213 }
214 }
215
216 if (match->key->ip.proto == IPPROTO_ICMPV6) {
217 key_expected |= 1ULL << OVS_KEY_ATTR_ICMPV6;
218 if (match->mask && (match->mask->key.ip.proto == 0xff))
219 mask_allowed |= 1ULL << OVS_KEY_ATTR_ICMPV6;
220
221 if (match->key->tp.src ==
222 htons(NDISC_NEIGHBOUR_SOLICITATION) ||
223 match->key->tp.src == htons(NDISC_NEIGHBOUR_ADVERTISEMENT)) {
224 key_expected |= 1ULL << OVS_KEY_ATTR_ND;
225 if (match->mask && (match->mask->key.tp.src == htons(0xffff)))
226 mask_allowed |= 1ULL << OVS_KEY_ATTR_ND;
227 }
228 }
229 }
230 }
231
232 if ((key_attrs & key_expected) != key_expected) {
233 /* Key attributes check failed. */
234 OVS_NLERR("Missing expected key attributes (key_attrs=%llx, expected=%llx).\n",
235 (unsigned long long)key_attrs, (unsigned long long)key_expected);
236 return false;
237 }
238
239 if ((mask_attrs & mask_allowed) != mask_attrs) {
240 /* Mask attributes check failed. */
241 OVS_NLERR("Contain more than allowed mask fields (mask_attrs=%llx, mask_allowed=%llx).\n",
242 (unsigned long long)mask_attrs, (unsigned long long)mask_allowed);
243 return false;
244 }
245
246 return true;
247 }
248
249 /* The size of the argument for each %OVS_KEY_ATTR_* Netlink attribute. */
250 static const int ovs_key_lens[OVS_KEY_ATTR_MAX + 1] = {
251 [OVS_KEY_ATTR_ENCAP] = -1,
252 [OVS_KEY_ATTR_PRIORITY] = sizeof(u32),
253 [OVS_KEY_ATTR_IN_PORT] = sizeof(u32),
254 [OVS_KEY_ATTR_SKB_MARK] = sizeof(u32),
255 [OVS_KEY_ATTR_ETHERNET] = sizeof(struct ovs_key_ethernet),
256 [OVS_KEY_ATTR_VLAN] = sizeof(__be16),
257 [OVS_KEY_ATTR_ETHERTYPE] = sizeof(__be16),
258 [OVS_KEY_ATTR_IPV4] = sizeof(struct ovs_key_ipv4),
259 [OVS_KEY_ATTR_IPV6] = sizeof(struct ovs_key_ipv6),
260 [OVS_KEY_ATTR_TCP] = sizeof(struct ovs_key_tcp),
261 [OVS_KEY_ATTR_TCP_FLAGS] = sizeof(__be16),
262 [OVS_KEY_ATTR_UDP] = sizeof(struct ovs_key_udp),
263 [OVS_KEY_ATTR_SCTP] = sizeof(struct ovs_key_sctp),
264 [OVS_KEY_ATTR_ICMP] = sizeof(struct ovs_key_icmp),
265 [OVS_KEY_ATTR_ICMPV6] = sizeof(struct ovs_key_icmpv6),
266 [OVS_KEY_ATTR_ARP] = sizeof(struct ovs_key_arp),
267 [OVS_KEY_ATTR_ND] = sizeof(struct ovs_key_nd),
268 [OVS_KEY_ATTR_DP_HASH] = sizeof(u32),
269 [OVS_KEY_ATTR_RECIRC_ID] = sizeof(u32),
270 [OVS_KEY_ATTR_TUNNEL] = -1,
271 [OVS_KEY_ATTR_MPLS] = sizeof(struct ovs_key_mpls),
272 };
273
274 static bool is_all_zero(const u8 *fp, size_t size)
275 {
276 int i;
277
278 if (!fp)
279 return false;
280
281 for (i = 0; i < size; i++)
282 if (fp[i])
283 return false;
284
285 return true;
286 }
287
288 static int __parse_flow_nlattrs(const struct nlattr *attr,
289 const struct nlattr *a[],
290 u64 *attrsp, bool nz)
291 {
292 const struct nlattr *nla;
293 u64 attrs;
294 int rem;
295
296 attrs = *attrsp;
297 nla_for_each_nested(nla, attr, rem) {
298 u16 type = nla_type(nla);
299 int expected_len;
300
301 if (type > OVS_KEY_ATTR_MAX) {
302 OVS_NLERR("Unknown key attribute (type=%d, max=%d).\n",
303 type, OVS_KEY_ATTR_MAX);
304 return -EINVAL;
305 }
306
307 if (attrs & (1ULL << type)) {
308 OVS_NLERR("Duplicate key attribute (type %d).\n", type);
309 return -EINVAL;
310 }
311
312 expected_len = ovs_key_lens[type];
313 if (nla_len(nla) != expected_len && expected_len != -1) {
314 OVS_NLERR("Key attribute has unexpected length (type=%d"
315 ", length=%d, expected=%d).\n", type,
316 nla_len(nla), expected_len);
317 return -EINVAL;
318 }
319
320 if (!nz || !is_all_zero(nla_data(nla), expected_len)) {
321 attrs |= 1ULL << type;
322 a[type] = nla;
323 }
324 }
325 if (rem) {
326 OVS_NLERR("Message has %d unknown bytes.\n", rem);
327 return -EINVAL;
328 }
329
330 *attrsp = attrs;
331 return 0;
332 }
333
334 static int parse_flow_mask_nlattrs(const struct nlattr *attr,
335 const struct nlattr *a[], u64 *attrsp)
336 {
337 return __parse_flow_nlattrs(attr, a, attrsp, true);
338 }
339
340 static int parse_flow_nlattrs(const struct nlattr *attr,
341 const struct nlattr *a[], u64 *attrsp)
342 {
343 return __parse_flow_nlattrs(attr, a, attrsp, false);
344 }
345
346 static int ipv4_tun_from_nlattr(const struct nlattr *attr,
347 struct sw_flow_match *match, bool is_mask)
348 {
349 struct nlattr *a;
350 int rem;
351 bool ttl = false;
352 __be16 tun_flags = 0;
353
354 nla_for_each_nested(a, attr, rem) {
355 int type = nla_type(a);
356 static const u32 ovs_tunnel_key_lens[OVS_TUNNEL_KEY_ATTR_MAX + 1] = {
357 [OVS_TUNNEL_KEY_ATTR_ID] = sizeof(u64),
358 [OVS_TUNNEL_KEY_ATTR_IPV4_SRC] = sizeof(u32),
359 [OVS_TUNNEL_KEY_ATTR_IPV4_DST] = sizeof(u32),
360 [OVS_TUNNEL_KEY_ATTR_TOS] = 1,
361 [OVS_TUNNEL_KEY_ATTR_TTL] = 1,
362 [OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT] = 0,
363 [OVS_TUNNEL_KEY_ATTR_CSUM] = 0,
364 [OVS_TUNNEL_KEY_ATTR_OAM] = 0,
365 [OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS] = -1,
366 };
367
368 if (type > OVS_TUNNEL_KEY_ATTR_MAX) {
369 OVS_NLERR("Unknown IPv4 tunnel attribute (type=%d, max=%d).\n",
370 type, OVS_TUNNEL_KEY_ATTR_MAX);
371 return -EINVAL;
372 }
373
374 if (ovs_tunnel_key_lens[type] != nla_len(a) &&
375 ovs_tunnel_key_lens[type] != -1) {
376 OVS_NLERR("IPv4 tunnel attribute type has unexpected "
377 " length (type=%d, length=%d, expected=%d).\n",
378 type, nla_len(a), ovs_tunnel_key_lens[type]);
379 return -EINVAL;
380 }
381
382 switch (type) {
383 case OVS_TUNNEL_KEY_ATTR_ID:
384 SW_FLOW_KEY_PUT(match, tun_key.tun_id,
385 nla_get_be64(a), is_mask);
386 tun_flags |= TUNNEL_KEY;
387 break;
388 case OVS_TUNNEL_KEY_ATTR_IPV4_SRC:
389 SW_FLOW_KEY_PUT(match, tun_key.ipv4_src,
390 nla_get_be32(a), is_mask);
391 break;
392 case OVS_TUNNEL_KEY_ATTR_IPV4_DST:
393 SW_FLOW_KEY_PUT(match, tun_key.ipv4_dst,
394 nla_get_be32(a), is_mask);
395 break;
396 case OVS_TUNNEL_KEY_ATTR_TOS:
397 SW_FLOW_KEY_PUT(match, tun_key.ipv4_tos,
398 nla_get_u8(a), is_mask);
399 break;
400 case OVS_TUNNEL_KEY_ATTR_TTL:
401 SW_FLOW_KEY_PUT(match, tun_key.ipv4_ttl,
402 nla_get_u8(a), is_mask);
403 ttl = true;
404 break;
405 case OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT:
406 tun_flags |= TUNNEL_DONT_FRAGMENT;
407 break;
408 case OVS_TUNNEL_KEY_ATTR_CSUM:
409 tun_flags |= TUNNEL_CSUM;
410 break;
411 case OVS_TUNNEL_KEY_ATTR_OAM:
412 tun_flags |= TUNNEL_OAM;
413 break;
414 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS:
415 if (nla_len(a) > sizeof(match->key->tun_opts)) {
416 OVS_NLERR("Geneve option length exceeds "
417 "maximum size (len %d, max %zu).\n",
418 nla_len(a),
419 sizeof(match->key->tun_opts));
420 return -EINVAL;
421 }
422
423 if (nla_len(a) % 4 != 0) {
424 OVS_NLERR("Geneve option length is not "
425 "a multiple of 4 (len %d).\n",
426 nla_len(a));
427 return -EINVAL;
428 }
429
430 /* We need to record the length of the options passed
431 * down, otherwise packets with the same format but
432 * additional options will be silently matched.
433 */
434 if (!is_mask) {
435 SW_FLOW_KEY_PUT(match, tun_opts_len, nla_len(a),
436 false);
437 } else {
438 /* This is somewhat unusual because it looks at
439 * both the key and mask while parsing the
440 * attributes (and by extension assumes the key
441 * is parsed first). Normally, we would verify
442 * that each is the correct length and that the
443 * attributes line up in the validate function.
444 * However, that is difficult because this is
445 * variable length and we won't have the
446 * information later.
447 */
448 if (match->key->tun_opts_len != nla_len(a)) {
449 OVS_NLERR("Geneve option key length (%d)"
450 " is different from mask length (%d).",
451 match->key->tun_opts_len, nla_len(a));
452 return -EINVAL;
453 }
454
455 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff,
456 true);
457 }
458
459 SW_FLOW_KEY_MEMCPY_OFFSET(match,
460 (unsigned long)GENEVE_OPTS((struct sw_flow_key *)0,
461 nla_len(a)),
462 nla_data(a), nla_len(a), is_mask);
463 break;
464 default:
465 return -EINVAL;
466 }
467 }
468
469 SW_FLOW_KEY_PUT(match, tun_key.tun_flags, tun_flags, is_mask);
470
471 if (rem > 0) {
472 OVS_NLERR("IPv4 tunnel attribute has %d unknown bytes.\n", rem);
473 return -EINVAL;
474 }
475
476 if (!is_mask) {
477 if (!match->key->tun_key.ipv4_dst) {
478 OVS_NLERR("IPv4 tunnel destination address is zero.\n");
479 return -EINVAL;
480 }
481
482 if (!ttl) {
483 OVS_NLERR("IPv4 tunnel TTL not specified.\n");
484 return -EINVAL;
485 }
486 }
487
488 return 0;
489 }
490
491 static int ipv4_tun_to_nlattr(struct sk_buff *skb,
492 const struct ovs_key_ipv4_tunnel *output,
493 const struct geneve_opt *tun_opts,
494 int swkey_tun_opts_len)
495 {
496 struct nlattr *nla;
497
498 nla = nla_nest_start(skb, OVS_KEY_ATTR_TUNNEL);
499 if (!nla)
500 return -EMSGSIZE;
501
502 if (output->tun_flags & TUNNEL_KEY &&
503 nla_put_be64(skb, OVS_TUNNEL_KEY_ATTR_ID, output->tun_id))
504 return -EMSGSIZE;
505 if (output->ipv4_src &&
506 nla_put_be32(skb, OVS_TUNNEL_KEY_ATTR_IPV4_SRC, output->ipv4_src))
507 return -EMSGSIZE;
508 if (output->ipv4_dst &&
509 nla_put_be32(skb, OVS_TUNNEL_KEY_ATTR_IPV4_DST, output->ipv4_dst))
510 return -EMSGSIZE;
511 if (output->ipv4_tos &&
512 nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TOS, output->ipv4_tos))
513 return -EMSGSIZE;
514 if (nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TTL, output->ipv4_ttl))
515 return -EMSGSIZE;
516 if ((output->tun_flags & TUNNEL_DONT_FRAGMENT) &&
517 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT))
518 return -EMSGSIZE;
519 if ((output->tun_flags & TUNNEL_CSUM) &&
520 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_CSUM))
521 return -EMSGSIZE;
522 if ((output->tun_flags & TUNNEL_OAM) &&
523 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_OAM))
524 return -EMSGSIZE;
525 if (tun_opts &&
526 nla_put(skb, OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS,
527 swkey_tun_opts_len, tun_opts));
528
529 nla_nest_end(skb, nla);
530 return 0;
531 }
532
533
534 static int metadata_from_nlattrs(struct sw_flow_match *match, u64 *attrs,
535 const struct nlattr **a, bool is_mask)
536 {
537 if (*attrs & (1ULL << OVS_KEY_ATTR_DP_HASH)) {
538 u32 hash_val = nla_get_u32(a[OVS_KEY_ATTR_DP_HASH]);
539
540 SW_FLOW_KEY_PUT(match, ovs_flow_hash, hash_val, is_mask);
541 *attrs &= ~(1ULL << OVS_KEY_ATTR_DP_HASH);
542 }
543
544 if (*attrs & (1ULL << OVS_KEY_ATTR_RECIRC_ID)) {
545 u32 recirc_id = nla_get_u32(a[OVS_KEY_ATTR_RECIRC_ID]);
546
547 SW_FLOW_KEY_PUT(match, recirc_id, recirc_id, is_mask);
548 *attrs &= ~(1ULL << OVS_KEY_ATTR_RECIRC_ID);
549 }
550
551 if (*attrs & (1ULL << OVS_KEY_ATTR_PRIORITY)) {
552 SW_FLOW_KEY_PUT(match, phy.priority,
553 nla_get_u32(a[OVS_KEY_ATTR_PRIORITY]), is_mask);
554 *attrs &= ~(1ULL << OVS_KEY_ATTR_PRIORITY);
555 }
556
557 if (*attrs & (1ULL << OVS_KEY_ATTR_IN_PORT)) {
558 u32 in_port = nla_get_u32(a[OVS_KEY_ATTR_IN_PORT]);
559
560 if (is_mask)
561 in_port = 0xffffffff; /* Always exact match in_port. */
562 else if (in_port >= DP_MAX_PORTS)
563 return -EINVAL;
564
565 SW_FLOW_KEY_PUT(match, phy.in_port, in_port, is_mask);
566 *attrs &= ~(1ULL << OVS_KEY_ATTR_IN_PORT);
567 } else if (!is_mask) {
568 SW_FLOW_KEY_PUT(match, phy.in_port, DP_MAX_PORTS, is_mask);
569 }
570
571 if (*attrs & (1ULL << OVS_KEY_ATTR_SKB_MARK)) {
572 uint32_t mark = nla_get_u32(a[OVS_KEY_ATTR_SKB_MARK]);
573
574 SW_FLOW_KEY_PUT(match, phy.skb_mark, mark, is_mask);
575 *attrs &= ~(1ULL << OVS_KEY_ATTR_SKB_MARK);
576 }
577 if (*attrs & (1ULL << OVS_KEY_ATTR_TUNNEL)) {
578 if (ipv4_tun_from_nlattr(a[OVS_KEY_ATTR_TUNNEL], match,
579 is_mask))
580 return -EINVAL;
581 *attrs &= ~(1ULL << OVS_KEY_ATTR_TUNNEL);
582 }
583 return 0;
584 }
585
586 static int ovs_key_from_nlattrs(struct sw_flow_match *match, u64 attrs,
587 const struct nlattr **a, bool is_mask)
588 {
589 int err;
590
591 err = metadata_from_nlattrs(match, &attrs, a, is_mask);
592 if (err)
593 return err;
594
595 if (attrs & (1ULL << OVS_KEY_ATTR_ETHERNET)) {
596 const struct ovs_key_ethernet *eth_key;
597
598 eth_key = nla_data(a[OVS_KEY_ATTR_ETHERNET]);
599 SW_FLOW_KEY_MEMCPY(match, eth.src,
600 eth_key->eth_src, ETH_ALEN, is_mask);
601 SW_FLOW_KEY_MEMCPY(match, eth.dst,
602 eth_key->eth_dst, ETH_ALEN, is_mask);
603 attrs &= ~(1ULL << OVS_KEY_ATTR_ETHERNET);
604 }
605
606 if (attrs & (1ULL << OVS_KEY_ATTR_VLAN)) {
607 __be16 tci;
608
609 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
610 if (!(tci & htons(VLAN_TAG_PRESENT))) {
611 if (is_mask)
612 OVS_NLERR("VLAN TCI mask does not have exact match for VLAN_TAG_PRESENT bit.\n");
613 else
614 OVS_NLERR("VLAN TCI does not have VLAN_TAG_PRESENT bit set.\n");
615
616 return -EINVAL;
617 }
618
619 SW_FLOW_KEY_PUT(match, eth.tci, tci, is_mask);
620 attrs &= ~(1ULL << OVS_KEY_ATTR_VLAN);
621 } else if (!is_mask)
622 SW_FLOW_KEY_PUT(match, eth.tci, htons(0xffff), true);
623
624 if (attrs & (1ULL << OVS_KEY_ATTR_ETHERTYPE)) {
625 __be16 eth_type;
626
627 eth_type = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
628 if (is_mask) {
629 /* Always exact match EtherType. */
630 eth_type = htons(0xffff);
631 } else if (ntohs(eth_type) < ETH_P_802_3_MIN) {
632 OVS_NLERR("EtherType is less than minimum (type=%x, min=%x).\n",
633 ntohs(eth_type), ETH_P_802_3_MIN);
634 return -EINVAL;
635 }
636
637 SW_FLOW_KEY_PUT(match, eth.type, eth_type, is_mask);
638 attrs &= ~(1ULL << OVS_KEY_ATTR_ETHERTYPE);
639 } else if (!is_mask) {
640 SW_FLOW_KEY_PUT(match, eth.type, htons(ETH_P_802_2), is_mask);
641 }
642
643 if (attrs & (1ULL << OVS_KEY_ATTR_IPV4)) {
644 const struct ovs_key_ipv4 *ipv4_key;
645
646 ipv4_key = nla_data(a[OVS_KEY_ATTR_IPV4]);
647 if (!is_mask && ipv4_key->ipv4_frag > OVS_FRAG_TYPE_MAX) {
648 OVS_NLERR("Unknown IPv4 fragment type (value=%d, max=%d).\n",
649 ipv4_key->ipv4_frag, OVS_FRAG_TYPE_MAX);
650 return -EINVAL;
651 }
652 SW_FLOW_KEY_PUT(match, ip.proto,
653 ipv4_key->ipv4_proto, is_mask);
654 SW_FLOW_KEY_PUT(match, ip.tos,
655 ipv4_key->ipv4_tos, is_mask);
656 SW_FLOW_KEY_PUT(match, ip.ttl,
657 ipv4_key->ipv4_ttl, is_mask);
658 SW_FLOW_KEY_PUT(match, ip.frag,
659 ipv4_key->ipv4_frag, is_mask);
660 SW_FLOW_KEY_PUT(match, ipv4.addr.src,
661 ipv4_key->ipv4_src, is_mask);
662 SW_FLOW_KEY_PUT(match, ipv4.addr.dst,
663 ipv4_key->ipv4_dst, is_mask);
664 attrs &= ~(1ULL << OVS_KEY_ATTR_IPV4);
665 }
666
667 if (attrs & (1ULL << OVS_KEY_ATTR_IPV6)) {
668 const struct ovs_key_ipv6 *ipv6_key;
669
670 ipv6_key = nla_data(a[OVS_KEY_ATTR_IPV6]);
671 if (!is_mask && ipv6_key->ipv6_frag > OVS_FRAG_TYPE_MAX) {
672 OVS_NLERR("Unknown IPv6 fragment type (value=%d, max=%d).\n",
673 ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX);
674 return -EINVAL;
675 }
676 SW_FLOW_KEY_PUT(match, ipv6.label,
677 ipv6_key->ipv6_label, is_mask);
678 SW_FLOW_KEY_PUT(match, ip.proto,
679 ipv6_key->ipv6_proto, is_mask);
680 SW_FLOW_KEY_PUT(match, ip.tos,
681 ipv6_key->ipv6_tclass, is_mask);
682 SW_FLOW_KEY_PUT(match, ip.ttl,
683 ipv6_key->ipv6_hlimit, is_mask);
684 SW_FLOW_KEY_PUT(match, ip.frag,
685 ipv6_key->ipv6_frag, is_mask);
686 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.src,
687 ipv6_key->ipv6_src,
688 sizeof(match->key->ipv6.addr.src),
689 is_mask);
690 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.dst,
691 ipv6_key->ipv6_dst,
692 sizeof(match->key->ipv6.addr.dst),
693 is_mask);
694
695 attrs &= ~(1ULL << OVS_KEY_ATTR_IPV6);
696 }
697
698 if (attrs & (1ULL << OVS_KEY_ATTR_ARP)) {
699 const struct ovs_key_arp *arp_key;
700
701 arp_key = nla_data(a[OVS_KEY_ATTR_ARP]);
702 if (!is_mask && (arp_key->arp_op & htons(0xff00))) {
703 OVS_NLERR("Unknown ARP opcode (opcode=%d).\n",
704 arp_key->arp_op);
705 return -EINVAL;
706 }
707
708 SW_FLOW_KEY_PUT(match, ipv4.addr.src,
709 arp_key->arp_sip, is_mask);
710 SW_FLOW_KEY_PUT(match, ipv4.addr.dst,
711 arp_key->arp_tip, is_mask);
712 SW_FLOW_KEY_PUT(match, ip.proto,
713 ntohs(arp_key->arp_op), is_mask);
714 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.sha,
715 arp_key->arp_sha, ETH_ALEN, is_mask);
716 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.tha,
717 arp_key->arp_tha, ETH_ALEN, is_mask);
718
719 attrs &= ~(1ULL << OVS_KEY_ATTR_ARP);
720 }
721
722 if (attrs & (1ULL << OVS_KEY_ATTR_MPLS)) {
723 const struct ovs_key_mpls *mpls_key;
724
725 mpls_key = nla_data(a[OVS_KEY_ATTR_MPLS]);
726 SW_FLOW_KEY_PUT(match, mpls.top_lse,
727 mpls_key->mpls_lse, is_mask);
728
729 attrs &= ~(1ULL << OVS_KEY_ATTR_MPLS);
730 }
731
732 if (attrs & (1ULL << OVS_KEY_ATTR_TCP)) {
733 const struct ovs_key_tcp *tcp_key;
734
735 tcp_key = nla_data(a[OVS_KEY_ATTR_TCP]);
736 SW_FLOW_KEY_PUT(match, tp.src, tcp_key->tcp_src, is_mask);
737 SW_FLOW_KEY_PUT(match, tp.dst, tcp_key->tcp_dst, is_mask);
738 attrs &= ~(1ULL << OVS_KEY_ATTR_TCP);
739 }
740
741 if (attrs & (1ULL << OVS_KEY_ATTR_TCP_FLAGS)) {
742 SW_FLOW_KEY_PUT(match, tp.flags,
743 nla_get_be16(a[OVS_KEY_ATTR_TCP_FLAGS]),
744 is_mask);
745 attrs &= ~(1ULL << OVS_KEY_ATTR_TCP_FLAGS);
746 }
747
748 if (attrs & (1ULL << OVS_KEY_ATTR_UDP)) {
749 const struct ovs_key_udp *udp_key;
750
751 udp_key = nla_data(a[OVS_KEY_ATTR_UDP]);
752 SW_FLOW_KEY_PUT(match, tp.src, udp_key->udp_src, is_mask);
753 SW_FLOW_KEY_PUT(match, tp.dst, udp_key->udp_dst, is_mask);
754 attrs &= ~(1ULL << OVS_KEY_ATTR_UDP);
755 }
756
757 if (attrs & (1ULL << OVS_KEY_ATTR_SCTP)) {
758 const struct ovs_key_sctp *sctp_key;
759
760 sctp_key = nla_data(a[OVS_KEY_ATTR_SCTP]);
761 SW_FLOW_KEY_PUT(match, tp.src, sctp_key->sctp_src, is_mask);
762 SW_FLOW_KEY_PUT(match, tp.dst, sctp_key->sctp_dst, is_mask);
763 attrs &= ~(1ULL << OVS_KEY_ATTR_SCTP);
764 }
765
766 if (attrs & (1ULL << OVS_KEY_ATTR_ICMP)) {
767 const struct ovs_key_icmp *icmp_key;
768
769 icmp_key = nla_data(a[OVS_KEY_ATTR_ICMP]);
770 SW_FLOW_KEY_PUT(match, tp.src,
771 htons(icmp_key->icmp_type), is_mask);
772 SW_FLOW_KEY_PUT(match, tp.dst,
773 htons(icmp_key->icmp_code), is_mask);
774 attrs &= ~(1ULL << OVS_KEY_ATTR_ICMP);
775 }
776
777 if (attrs & (1ULL << OVS_KEY_ATTR_ICMPV6)) {
778 const struct ovs_key_icmpv6 *icmpv6_key;
779
780 icmpv6_key = nla_data(a[OVS_KEY_ATTR_ICMPV6]);
781 SW_FLOW_KEY_PUT(match, tp.src,
782 htons(icmpv6_key->icmpv6_type), is_mask);
783 SW_FLOW_KEY_PUT(match, tp.dst,
784 htons(icmpv6_key->icmpv6_code), is_mask);
785 attrs &= ~(1ULL << OVS_KEY_ATTR_ICMPV6);
786 }
787
788 if (attrs & (1ULL << OVS_KEY_ATTR_ND)) {
789 const struct ovs_key_nd *nd_key;
790
791 nd_key = nla_data(a[OVS_KEY_ATTR_ND]);
792 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.target,
793 nd_key->nd_target,
794 sizeof(match->key->ipv6.nd.target),
795 is_mask);
796 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.sll,
797 nd_key->nd_sll, ETH_ALEN, is_mask);
798 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.tll,
799 nd_key->nd_tll, ETH_ALEN, is_mask);
800 attrs &= ~(1ULL << OVS_KEY_ATTR_ND);
801 }
802
803 if (attrs != 0)
804 return -EINVAL;
805
806 return 0;
807 }
808
809 static void sw_flow_mask_set(struct sw_flow_mask *mask,
810 struct sw_flow_key_range *range, u8 val)
811 {
812 u8 *m = (u8 *)&mask->key + range->start;
813
814 mask->range = *range;
815 memset(m, val, range_n_bytes(range));
816 }
817
818 /**
819 * ovs_nla_get_match - parses Netlink attributes into a flow key and
820 * mask. In case the 'mask' is NULL, the flow is treated as exact match
821 * flow. Otherwise, it is treated as a wildcarded flow, except the mask
822 * does not include any don't care bit.
823 * @match: receives the extracted flow match information.
824 * @key: Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink attribute
825 * sequence. The fields should of the packet that triggered the creation
826 * of this flow.
827 * @mask: Optional. Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink
828 * attribute specifies the mask field of the wildcarded flow.
829 */
830 int ovs_nla_get_match(struct sw_flow_match *match,
831 const struct nlattr *key,
832 const struct nlattr *mask)
833 {
834 const struct nlattr *a[OVS_KEY_ATTR_MAX + 1];
835 const struct nlattr *encap;
836 u64 key_attrs = 0;
837 u64 mask_attrs = 0;
838 bool encap_valid = false;
839 int err;
840
841 err = parse_flow_nlattrs(key, a, &key_attrs);
842 if (err)
843 return err;
844
845 if ((key_attrs & (1ULL << OVS_KEY_ATTR_ETHERNET)) &&
846 (key_attrs & (1ULL << OVS_KEY_ATTR_ETHERTYPE)) &&
847 (nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]) == htons(ETH_P_8021Q))) {
848 __be16 tci;
849
850 if (!((key_attrs & (1ULL << OVS_KEY_ATTR_VLAN)) &&
851 (key_attrs & (1ULL << OVS_KEY_ATTR_ENCAP)))) {
852 OVS_NLERR("Invalid Vlan frame.\n");
853 return -EINVAL;
854 }
855
856 key_attrs &= ~(1ULL << OVS_KEY_ATTR_ETHERTYPE);
857 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
858 encap = a[OVS_KEY_ATTR_ENCAP];
859 key_attrs &= ~(1ULL << OVS_KEY_ATTR_ENCAP);
860 encap_valid = true;
861
862 if (tci & htons(VLAN_TAG_PRESENT)) {
863 err = parse_flow_nlattrs(encap, a, &key_attrs);
864 if (err)
865 return err;
866 } else if (!tci) {
867 /* Corner case for truncated 802.1Q header. */
868 if (nla_len(encap)) {
869 OVS_NLERR("Truncated 802.1Q header has non-zero encap attribute.\n");
870 return -EINVAL;
871 }
872 } else {
873 OVS_NLERR("Encap attribute is set for a non-VLAN frame.\n");
874 return -EINVAL;
875 }
876 }
877
878 err = ovs_key_from_nlattrs(match, key_attrs, a, false);
879 if (err)
880 return err;
881
882 if (mask) {
883 err = parse_flow_mask_nlattrs(mask, a, &mask_attrs);
884 if (err)
885 return err;
886
887 if (mask_attrs & 1ULL << OVS_KEY_ATTR_ENCAP) {
888 __be16 eth_type = 0;
889 __be16 tci = 0;
890
891 if (!encap_valid) {
892 OVS_NLERR("Encap mask attribute is set for non-VLAN frame.\n");
893 return -EINVAL;
894 }
895
896 mask_attrs &= ~(1ULL << OVS_KEY_ATTR_ENCAP);
897 if (a[OVS_KEY_ATTR_ETHERTYPE])
898 eth_type = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
899
900 if (eth_type == htons(0xffff)) {
901 mask_attrs &= ~(1ULL << OVS_KEY_ATTR_ETHERTYPE);
902 encap = a[OVS_KEY_ATTR_ENCAP];
903 err = parse_flow_mask_nlattrs(encap, a, &mask_attrs);
904 } else {
905 OVS_NLERR("VLAN frames must have an exact match on the TPID (mask=%x).\n",
906 ntohs(eth_type));
907 return -EINVAL;
908 }
909
910 if (a[OVS_KEY_ATTR_VLAN])
911 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
912
913 if (!(tci & htons(VLAN_TAG_PRESENT))) {
914 OVS_NLERR("VLAN tag present bit must have an exact match (tci_mask=%x).\n", ntohs(tci));
915 return -EINVAL;
916 }
917 }
918
919 err = ovs_key_from_nlattrs(match, mask_attrs, a, true);
920 if (err)
921 return err;
922 } else {
923 /* Populate exact match flow's key mask. */
924 if (match->mask)
925 sw_flow_mask_set(match->mask, &match->range, 0xff);
926 }
927
928 if (!match_validate(match, key_attrs, mask_attrs))
929 return -EINVAL;
930
931 return 0;
932 }
933
934 /**
935 * ovs_nla_get_flow_metadata - parses Netlink attributes into a flow key.
936 * @flow: Receives extracted in_port, priority, tun_key and skb_mark.
937 * @attr: Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink attribute
938 * sequence.
939 *
940 * This parses a series of Netlink attributes that form a flow key, which must
941 * take the same form accepted by flow_from_nlattrs(), but only enough of it to
942 * get the metadata, that is, the parts of the flow key that cannot be
943 * extracted from the packet itself.
944 */
945
946 int ovs_nla_get_flow_metadata(struct sw_flow *flow,
947 const struct nlattr *attr)
948 {
949 struct ovs_key_ipv4_tunnel *tun_key = &flow->key.tun_key;
950 const struct nlattr *a[OVS_KEY_ATTR_MAX + 1];
951 u64 attrs = 0;
952 int err;
953 struct sw_flow_match match;
954
955 flow->key.phy.in_port = DP_MAX_PORTS;
956 flow->key.phy.priority = 0;
957 flow->key.phy.skb_mark = 0;
958 flow->key.ovs_flow_hash = 0;
959 flow->key.recirc_id = 0;
960 memset(tun_key, 0, sizeof(flow->key.tun_key));
961
962 err = parse_flow_nlattrs(attr, a, &attrs);
963 if (err)
964 return -EINVAL;
965
966 memset(&match, 0, sizeof(match));
967 match.key = &flow->key;
968
969 err = metadata_from_nlattrs(&match, &attrs, a, false);
970 if (err)
971 return err;
972
973 return 0;
974 }
975
976 int ovs_nla_put_flow(struct datapath *dp, const struct sw_flow_key *swkey,
977 const struct sw_flow_key *output, struct sk_buff *skb)
978 {
979 struct ovs_key_ethernet *eth_key;
980 struct nlattr *nla, *encap;
981 bool is_mask = (swkey != output);
982
983 if (nla_put_u32(skb, OVS_KEY_ATTR_DP_HASH, output->ovs_flow_hash))
984 goto nla_put_failure;
985
986 if (nla_put_u32(skb, OVS_KEY_ATTR_RECIRC_ID, output->recirc_id))
987 goto nla_put_failure;
988
989 if (nla_put_u32(skb, OVS_KEY_ATTR_PRIORITY, output->phy.priority))
990 goto nla_put_failure;
991
992 if ((swkey->tun_key.ipv4_dst || is_mask)) {
993 const struct geneve_opt *opts = NULL;
994
995 if (!is_mask) {
996 struct vport *in_port;
997
998 in_port = ovs_vport_ovsl_rcu(dp, swkey->phy.in_port);
999 if (in_port->ops->type == OVS_VPORT_TYPE_GENEVE)
1000 opts = GENEVE_OPTS(output, swkey->tun_opts_len);
1001 } else {
1002 if (output->tun_opts_len)
1003 opts = GENEVE_OPTS(output, swkey->tun_opts_len);
1004 }
1005
1006 if (ipv4_tun_to_nlattr(skb, &output->tun_key, opts,
1007 swkey->tun_opts_len))
1008 goto nla_put_failure;
1009 }
1010
1011 if (swkey->phy.in_port == DP_MAX_PORTS) {
1012 if (is_mask && (output->phy.in_port == 0xffff))
1013 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT, 0xffffffff))
1014 goto nla_put_failure;
1015 } else {
1016 u16 upper_u16;
1017 upper_u16 = !is_mask ? 0 : 0xffff;
1018
1019 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT,
1020 (upper_u16 << 16) | output->phy.in_port))
1021 goto nla_put_failure;
1022 }
1023
1024 if (nla_put_u32(skb, OVS_KEY_ATTR_SKB_MARK, output->phy.skb_mark))
1025 goto nla_put_failure;
1026
1027 nla = nla_reserve(skb, OVS_KEY_ATTR_ETHERNET, sizeof(*eth_key));
1028 if (!nla)
1029 goto nla_put_failure;
1030
1031 eth_key = nla_data(nla);
1032 ether_addr_copy(eth_key->eth_src, output->eth.src);
1033 ether_addr_copy(eth_key->eth_dst, output->eth.dst);
1034
1035 if (swkey->eth.tci || swkey->eth.type == htons(ETH_P_8021Q)) {
1036 __be16 eth_type;
1037 eth_type = !is_mask ? htons(ETH_P_8021Q) : htons(0xffff);
1038 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, eth_type) ||
1039 nla_put_be16(skb, OVS_KEY_ATTR_VLAN, output->eth.tci))
1040 goto nla_put_failure;
1041 encap = nla_nest_start(skb, OVS_KEY_ATTR_ENCAP);
1042 if (!swkey->eth.tci)
1043 goto unencap;
1044 } else
1045 encap = NULL;
1046
1047 if (swkey->eth.type == htons(ETH_P_802_2)) {
1048 /*
1049 * Ethertype 802.2 is represented in the netlink with omitted
1050 * OVS_KEY_ATTR_ETHERTYPE in the flow key attribute, and
1051 * 0xffff in the mask attribute. Ethertype can also
1052 * be wildcarded.
1053 */
1054 if (is_mask && output->eth.type)
1055 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE,
1056 output->eth.type))
1057 goto nla_put_failure;
1058 goto unencap;
1059 }
1060
1061 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, output->eth.type))
1062 goto nla_put_failure;
1063
1064 if (swkey->eth.type == htons(ETH_P_IP)) {
1065 struct ovs_key_ipv4 *ipv4_key;
1066
1067 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV4, sizeof(*ipv4_key));
1068 if (!nla)
1069 goto nla_put_failure;
1070 ipv4_key = nla_data(nla);
1071 ipv4_key->ipv4_src = output->ipv4.addr.src;
1072 ipv4_key->ipv4_dst = output->ipv4.addr.dst;
1073 ipv4_key->ipv4_proto = output->ip.proto;
1074 ipv4_key->ipv4_tos = output->ip.tos;
1075 ipv4_key->ipv4_ttl = output->ip.ttl;
1076 ipv4_key->ipv4_frag = output->ip.frag;
1077 } else if (swkey->eth.type == htons(ETH_P_IPV6)) {
1078 struct ovs_key_ipv6 *ipv6_key;
1079
1080 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV6, sizeof(*ipv6_key));
1081 if (!nla)
1082 goto nla_put_failure;
1083 ipv6_key = nla_data(nla);
1084 memcpy(ipv6_key->ipv6_src, &output->ipv6.addr.src,
1085 sizeof(ipv6_key->ipv6_src));
1086 memcpy(ipv6_key->ipv6_dst, &output->ipv6.addr.dst,
1087 sizeof(ipv6_key->ipv6_dst));
1088 ipv6_key->ipv6_label = output->ipv6.label;
1089 ipv6_key->ipv6_proto = output->ip.proto;
1090 ipv6_key->ipv6_tclass = output->ip.tos;
1091 ipv6_key->ipv6_hlimit = output->ip.ttl;
1092 ipv6_key->ipv6_frag = output->ip.frag;
1093 } else if (swkey->eth.type == htons(ETH_P_ARP) ||
1094 swkey->eth.type == htons(ETH_P_RARP)) {
1095 struct ovs_key_arp *arp_key;
1096
1097 nla = nla_reserve(skb, OVS_KEY_ATTR_ARP, sizeof(*arp_key));
1098 if (!nla)
1099 goto nla_put_failure;
1100 arp_key = nla_data(nla);
1101 memset(arp_key, 0, sizeof(struct ovs_key_arp));
1102 arp_key->arp_sip = output->ipv4.addr.src;
1103 arp_key->arp_tip = output->ipv4.addr.dst;
1104 arp_key->arp_op = htons(output->ip.proto);
1105 ether_addr_copy(arp_key->arp_sha, output->ipv4.arp.sha);
1106 ether_addr_copy(arp_key->arp_tha, output->ipv4.arp.tha);
1107 } else if (eth_p_mpls(swkey->eth.type)) {
1108 struct ovs_key_mpls *mpls_key;
1109
1110 nla = nla_reserve(skb, OVS_KEY_ATTR_MPLS, sizeof(*mpls_key));
1111 if (!nla)
1112 goto nla_put_failure;
1113 mpls_key = nla_data(nla);
1114 mpls_key->mpls_lse = output->mpls.top_lse;
1115 }
1116
1117 if ((swkey->eth.type == htons(ETH_P_IP) ||
1118 swkey->eth.type == htons(ETH_P_IPV6)) &&
1119 swkey->ip.frag != OVS_FRAG_TYPE_LATER) {
1120
1121 if (swkey->ip.proto == IPPROTO_TCP) {
1122 struct ovs_key_tcp *tcp_key;
1123
1124 nla = nla_reserve(skb, OVS_KEY_ATTR_TCP, sizeof(*tcp_key));
1125 if (!nla)
1126 goto nla_put_failure;
1127 tcp_key = nla_data(nla);
1128 tcp_key->tcp_src = output->tp.src;
1129 tcp_key->tcp_dst = output->tp.dst;
1130 if (nla_put_be16(skb, OVS_KEY_ATTR_TCP_FLAGS,
1131 output->tp.flags))
1132 goto nla_put_failure;
1133 } else if (swkey->ip.proto == IPPROTO_UDP) {
1134 struct ovs_key_udp *udp_key;
1135
1136 nla = nla_reserve(skb, OVS_KEY_ATTR_UDP, sizeof(*udp_key));
1137 if (!nla)
1138 goto nla_put_failure;
1139 udp_key = nla_data(nla);
1140 udp_key->udp_src = output->tp.src;
1141 udp_key->udp_dst = output->tp.dst;
1142 } else if (swkey->ip.proto == IPPROTO_SCTP) {
1143 struct ovs_key_sctp *sctp_key;
1144
1145 nla = nla_reserve(skb, OVS_KEY_ATTR_SCTP, sizeof(*sctp_key));
1146 if (!nla)
1147 goto nla_put_failure;
1148 sctp_key = nla_data(nla);
1149 sctp_key->sctp_src = output->tp.src;
1150 sctp_key->sctp_dst = output->tp.dst;
1151 } else if (swkey->eth.type == htons(ETH_P_IP) &&
1152 swkey->ip.proto == IPPROTO_ICMP) {
1153 struct ovs_key_icmp *icmp_key;
1154
1155 nla = nla_reserve(skb, OVS_KEY_ATTR_ICMP, sizeof(*icmp_key));
1156 if (!nla)
1157 goto nla_put_failure;
1158 icmp_key = nla_data(nla);
1159 icmp_key->icmp_type = ntohs(output->tp.src);
1160 icmp_key->icmp_code = ntohs(output->tp.dst);
1161 } else if (swkey->eth.type == htons(ETH_P_IPV6) &&
1162 swkey->ip.proto == IPPROTO_ICMPV6) {
1163 struct ovs_key_icmpv6 *icmpv6_key;
1164
1165 nla = nla_reserve(skb, OVS_KEY_ATTR_ICMPV6,
1166 sizeof(*icmpv6_key));
1167 if (!nla)
1168 goto nla_put_failure;
1169 icmpv6_key = nla_data(nla);
1170 icmpv6_key->icmpv6_type = ntohs(output->tp.src);
1171 icmpv6_key->icmpv6_code = ntohs(output->tp.dst);
1172
1173 if (icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_SOLICITATION ||
1174 icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_ADVERTISEMENT) {
1175 struct ovs_key_nd *nd_key;
1176
1177 nla = nla_reserve(skb, OVS_KEY_ATTR_ND, sizeof(*nd_key));
1178 if (!nla)
1179 goto nla_put_failure;
1180 nd_key = nla_data(nla);
1181 memcpy(nd_key->nd_target, &output->ipv6.nd.target,
1182 sizeof(nd_key->nd_target));
1183 ether_addr_copy(nd_key->nd_sll, output->ipv6.nd.sll);
1184 ether_addr_copy(nd_key->nd_tll, output->ipv6.nd.tll);
1185 }
1186 }
1187 }
1188
1189 unencap:
1190 if (encap)
1191 nla_nest_end(skb, encap);
1192
1193 return 0;
1194
1195 nla_put_failure:
1196 return -EMSGSIZE;
1197 }
1198
1199 #define MAX_ACTIONS_BUFSIZE (32 * 1024)
1200
1201 struct sw_flow_actions *ovs_nla_alloc_flow_actions(int size)
1202 {
1203 struct sw_flow_actions *sfa;
1204
1205 if (size > MAX_ACTIONS_BUFSIZE)
1206 return ERR_PTR(-EINVAL);
1207
1208 sfa = kmalloc(sizeof(*sfa) + size, GFP_KERNEL);
1209 if (!sfa)
1210 return ERR_PTR(-ENOMEM);
1211
1212 sfa->actions_len = 0;
1213 return sfa;
1214 }
1215
1216 /* RCU callback used by ovs_nla_free_flow_actions. */
1217 static void rcu_free_acts_callback(struct rcu_head *rcu)
1218 {
1219 struct sw_flow_actions *sf_acts = container_of(rcu,
1220 struct sw_flow_actions, rcu);
1221 kfree(sf_acts);
1222 }
1223
1224 /* Schedules 'sf_acts' to be freed after the next RCU grace period.
1225 * The caller must hold rcu_read_lock for this to be sensible. */
1226 void ovs_nla_free_flow_actions(struct sw_flow_actions *sf_acts)
1227 {
1228 call_rcu(&sf_acts->rcu, rcu_free_acts_callback);
1229 }
1230
1231 static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa,
1232 int attr_len)
1233 {
1234
1235 struct sw_flow_actions *acts;
1236 int new_acts_size;
1237 int req_size = NLA_ALIGN(attr_len);
1238 int next_offset = offsetof(struct sw_flow_actions, actions) +
1239 (*sfa)->actions_len;
1240
1241 if (req_size <= (ksize(*sfa) - next_offset))
1242 goto out;
1243
1244 new_acts_size = ksize(*sfa) * 2;
1245
1246 if (new_acts_size > MAX_ACTIONS_BUFSIZE) {
1247 if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size)
1248 return ERR_PTR(-EMSGSIZE);
1249 new_acts_size = MAX_ACTIONS_BUFSIZE;
1250 }
1251
1252 acts = ovs_nla_alloc_flow_actions(new_acts_size);
1253 if (IS_ERR(acts))
1254 return (void *)acts;
1255
1256 memcpy(acts->actions, (*sfa)->actions, (*sfa)->actions_len);
1257 acts->actions_len = (*sfa)->actions_len;
1258 kfree(*sfa);
1259 *sfa = acts;
1260
1261 out:
1262 (*sfa)->actions_len += req_size;
1263 return (struct nlattr *) ((unsigned char *)(*sfa) + next_offset);
1264 }
1265
1266 static struct nlattr *__add_action(struct sw_flow_actions **sfa, int attrtype,
1267 void *data, int len)
1268 {
1269 struct nlattr *a;
1270
1271 a = reserve_sfa_size(sfa, nla_attr_size(len));
1272 if (IS_ERR(a))
1273 return a;
1274
1275 a->nla_type = attrtype;
1276 a->nla_len = nla_attr_size(len);
1277
1278 if (data)
1279 memcpy(nla_data(a), data, len);
1280 memset((unsigned char *) a + a->nla_len, 0, nla_padlen(len));
1281
1282 return a;
1283 }
1284
1285 static int add_action(struct sw_flow_actions **sfa, int attrtype,
1286 void *data, int len)
1287 {
1288 struct nlattr *a;
1289
1290 a = __add_action(sfa, attrtype, data, len);
1291 if (IS_ERR(a))
1292 return PTR_ERR(a);
1293
1294 return 0;
1295 }
1296
1297 static inline int add_nested_action_start(struct sw_flow_actions **sfa,
1298 int attrtype)
1299 {
1300 int used = (*sfa)->actions_len;
1301 int err;
1302
1303 err = add_action(sfa, attrtype, NULL, 0);
1304 if (err)
1305 return err;
1306
1307 return used;
1308 }
1309
1310 static inline void add_nested_action_end(struct sw_flow_actions *sfa,
1311 int st_offset)
1312 {
1313 struct nlattr *a = (struct nlattr *) ((unsigned char *)sfa->actions +
1314 st_offset);
1315
1316 a->nla_len = sfa->actions_len - st_offset;
1317 }
1318
1319 static int ovs_nla_copy_actions__(const struct nlattr *attr,
1320 const struct sw_flow_key *key,
1321 int depth, struct sw_flow_actions **sfa,
1322 __be16 eth_type, __be16 vlan_tci);
1323
1324 static int validate_and_copy_sample(const struct nlattr *attr,
1325 const struct sw_flow_key *key, int depth,
1326 struct sw_flow_actions **sfa,
1327 __be16 eth_type, __be16 vlan_tci)
1328 {
1329 const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1];
1330 const struct nlattr *probability, *actions;
1331 const struct nlattr *a;
1332 int rem, start, err, st_acts;
1333
1334 memset(attrs, 0, sizeof(attrs));
1335 nla_for_each_nested(a, attr, rem) {
1336 int type = nla_type(a);
1337 if (!type || type > OVS_SAMPLE_ATTR_MAX || attrs[type])
1338 return -EINVAL;
1339 attrs[type] = a;
1340 }
1341 if (rem)
1342 return -EINVAL;
1343
1344 probability = attrs[OVS_SAMPLE_ATTR_PROBABILITY];
1345 if (!probability || nla_len(probability) != sizeof(u32))
1346 return -EINVAL;
1347
1348 actions = attrs[OVS_SAMPLE_ATTR_ACTIONS];
1349 if (!actions || (nla_len(actions) && nla_len(actions) < NLA_HDRLEN))
1350 return -EINVAL;
1351
1352 /* validation done, copy sample action. */
1353 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SAMPLE);
1354 if (start < 0)
1355 return start;
1356 err = add_action(sfa, OVS_SAMPLE_ATTR_PROBABILITY,
1357 nla_data(probability), sizeof(u32));
1358 if (err)
1359 return err;
1360 st_acts = add_nested_action_start(sfa, OVS_SAMPLE_ATTR_ACTIONS);
1361 if (st_acts < 0)
1362 return st_acts;
1363
1364 err = ovs_nla_copy_actions__(actions, key, depth + 1, sfa,
1365 eth_type, vlan_tci);
1366 if (err)
1367 return err;
1368
1369 add_nested_action_end(*sfa, st_acts);
1370 add_nested_action_end(*sfa, start);
1371
1372 return 0;
1373 }
1374
1375 static int validate_tp_port(const struct sw_flow_key *flow_key,
1376 __be16 eth_type)
1377 {
1378 if ((eth_type == htons(ETH_P_IP) || eth_type == htons(ETH_P_IPV6)) &&
1379 (flow_key->tp.src || flow_key->tp.dst))
1380 return 0;
1381
1382 return -EINVAL;
1383 }
1384
1385 void ovs_match_init(struct sw_flow_match *match,
1386 struct sw_flow_key *key,
1387 struct sw_flow_mask *mask)
1388 {
1389 memset(match, 0, sizeof(*match));
1390 match->key = key;
1391 match->mask = mask;
1392
1393 memset(key, 0, sizeof(*key));
1394
1395 if (mask) {
1396 memset(&mask->key, 0, sizeof(mask->key));
1397 mask->range.start = mask->range.end = 0;
1398 }
1399 }
1400
1401 static int validate_and_copy_set_tun(const struct nlattr *attr,
1402 struct sw_flow_actions **sfa)
1403 {
1404 struct sw_flow_match match;
1405 struct sw_flow_key key;
1406 struct ovs_tunnel_info *tun_info;
1407 struct nlattr *a;
1408 int err, start;
1409
1410 ovs_match_init(&match, &key, NULL);
1411 err = ipv4_tun_from_nlattr(nla_data(attr), &match, false);
1412 if (err)
1413 return err;
1414
1415 if (key.tun_opts_len) {
1416 struct geneve_opt *option = GENEVE_OPTS(&key,
1417 key.tun_opts_len);
1418 int opts_len = key.tun_opts_len;
1419 bool crit_opt = false;
1420
1421 while (opts_len > 0) {
1422 int len;
1423
1424 if (opts_len < sizeof(*option))
1425 return -EINVAL;
1426
1427 len = sizeof(*option) + option->length * 4;
1428 if (len > opts_len)
1429 return -EINVAL;
1430
1431 crit_opt |= !!(option->type & GENEVE_CRIT_OPT_TYPE);
1432
1433 option = (struct geneve_opt *)((u8 *)option + len);
1434 opts_len -= len;
1435 };
1436
1437 key.tun_key.tun_flags |= crit_opt ? TUNNEL_CRIT_OPT : 0;
1438 };
1439
1440 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SET);
1441 if (start < 0)
1442 return start;
1443
1444 a = __add_action(sfa, OVS_KEY_ATTR_TUNNEL_INFO, NULL,
1445 sizeof(*tun_info) + key.tun_opts_len);
1446 if (IS_ERR(a))
1447 return PTR_ERR(a);
1448
1449 tun_info = nla_data(a);
1450 tun_info->tunnel = key.tun_key;
1451 tun_info->options_len = key.tun_opts_len;
1452
1453 if (tun_info->options_len) {
1454 /* We need to store the options in the action itself since
1455 * everything else will go away after flow setup. We can append
1456 * it to tun_info and then point there.
1457 */
1458 tun_info->options = (struct geneve_opt *)(tun_info + 1);
1459 memcpy(tun_info->options, GENEVE_OPTS(&key, key.tun_opts_len),
1460 key.tun_opts_len);
1461 } else {
1462 tun_info->options = NULL;
1463 }
1464
1465 add_nested_action_end(*sfa, start);
1466
1467 return err;
1468 }
1469
1470 static int validate_set(const struct nlattr *a,
1471 const struct sw_flow_key *flow_key,
1472 struct sw_flow_actions **sfa,
1473 bool *set_tun, __be16 eth_type)
1474 {
1475 const struct nlattr *ovs_key = nla_data(a);
1476 int key_type = nla_type(ovs_key);
1477
1478 /* There can be only one key in a action */
1479 if (nla_total_size(nla_len(ovs_key)) != nla_len(a))
1480 return -EINVAL;
1481
1482 if (key_type > OVS_KEY_ATTR_MAX ||
1483 (ovs_key_lens[key_type] != nla_len(ovs_key) &&
1484 ovs_key_lens[key_type] != -1))
1485 return -EINVAL;
1486
1487 switch (key_type) {
1488 const struct ovs_key_ipv4 *ipv4_key;
1489 const struct ovs_key_ipv6 *ipv6_key;
1490 int err;
1491
1492 case OVS_KEY_ATTR_PRIORITY:
1493 case OVS_KEY_ATTR_SKB_MARK:
1494 case OVS_KEY_ATTR_ETHERNET:
1495 break;
1496
1497 case OVS_KEY_ATTR_TUNNEL:
1498 *set_tun = true;
1499 err = validate_and_copy_set_tun(a, sfa);
1500 if (err)
1501 return err;
1502 break;
1503
1504 case OVS_KEY_ATTR_IPV4:
1505 if (eth_type != htons(ETH_P_IP))
1506 return -EINVAL;
1507
1508 if (!flow_key->ip.proto)
1509 return -EINVAL;
1510
1511 ipv4_key = nla_data(ovs_key);
1512 if (ipv4_key->ipv4_proto != flow_key->ip.proto)
1513 return -EINVAL;
1514
1515 if (ipv4_key->ipv4_frag != flow_key->ip.frag)
1516 return -EINVAL;
1517
1518 break;
1519
1520 case OVS_KEY_ATTR_IPV6:
1521 if (eth_type != htons(ETH_P_IPV6))
1522 return -EINVAL;
1523
1524 if (!flow_key->ip.proto)
1525 return -EINVAL;
1526
1527 ipv6_key = nla_data(ovs_key);
1528 if (ipv6_key->ipv6_proto != flow_key->ip.proto)
1529 return -EINVAL;
1530
1531 if (ipv6_key->ipv6_frag != flow_key->ip.frag)
1532 return -EINVAL;
1533
1534 if (ntohl(ipv6_key->ipv6_label) & 0xFFF00000)
1535 return -EINVAL;
1536
1537 break;
1538
1539 case OVS_KEY_ATTR_TCP:
1540 if (flow_key->ip.proto != IPPROTO_TCP)
1541 return -EINVAL;
1542
1543 return validate_tp_port(flow_key, eth_type);
1544
1545 case OVS_KEY_ATTR_UDP:
1546 if (flow_key->ip.proto != IPPROTO_UDP)
1547 return -EINVAL;
1548
1549 return validate_tp_port(flow_key, eth_type);
1550
1551 case OVS_KEY_ATTR_MPLS:
1552 if (!eth_p_mpls(eth_type))
1553 return -EINVAL;
1554 break;
1555
1556 case OVS_KEY_ATTR_SCTP:
1557 if (flow_key->ip.proto != IPPROTO_SCTP)
1558 return -EINVAL;
1559
1560 return validate_tp_port(flow_key, eth_type);
1561
1562 default:
1563 return -EINVAL;
1564 }
1565
1566 return 0;
1567 }
1568
1569 static int validate_userspace(const struct nlattr *attr)
1570 {
1571 static const struct nla_policy userspace_policy[OVS_USERSPACE_ATTR_MAX + 1] = {
1572 [OVS_USERSPACE_ATTR_PID] = {.type = NLA_U32 },
1573 [OVS_USERSPACE_ATTR_USERDATA] = {.type = NLA_UNSPEC },
1574 };
1575 struct nlattr *a[OVS_USERSPACE_ATTR_MAX + 1];
1576 int error;
1577
1578 error = nla_parse_nested(a, OVS_USERSPACE_ATTR_MAX,
1579 attr, userspace_policy);
1580 if (error)
1581 return error;
1582
1583 if (!a[OVS_USERSPACE_ATTR_PID] ||
1584 !nla_get_u32(a[OVS_USERSPACE_ATTR_PID]))
1585 return -EINVAL;
1586
1587 return 0;
1588 }
1589
1590 static int copy_action(const struct nlattr *from,
1591 struct sw_flow_actions **sfa)
1592 {
1593 int totlen = NLA_ALIGN(from->nla_len);
1594 struct nlattr *to;
1595
1596 to = reserve_sfa_size(sfa, from->nla_len);
1597 if (IS_ERR(to))
1598 return PTR_ERR(to);
1599
1600 memcpy(to, from, totlen);
1601 return 0;
1602 }
1603
1604 static int ovs_nla_copy_actions__(const struct nlattr *attr,
1605 const struct sw_flow_key *key,
1606 int depth, struct sw_flow_actions **sfa,
1607 __be16 eth_type, __be16 vlan_tci)
1608 {
1609 const struct nlattr *a;
1610 int rem, err;
1611
1612 if (depth >= SAMPLE_ACTION_DEPTH)
1613 return -EOVERFLOW;
1614
1615 nla_for_each_nested(a, attr, rem) {
1616 /* Expected argument lengths, (u32)-1 for variable length. */
1617 static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = {
1618 [OVS_ACTION_ATTR_OUTPUT] = sizeof(u32),
1619 [OVS_ACTION_ATTR_RECIRC] = sizeof(u32),
1620 [OVS_ACTION_ATTR_USERSPACE] = (u32)-1,
1621 [OVS_ACTION_ATTR_PUSH_MPLS] = sizeof(struct ovs_action_push_mpls),
1622 [OVS_ACTION_ATTR_POP_MPLS] = sizeof(__be16),
1623 [OVS_ACTION_ATTR_PUSH_VLAN] = sizeof(struct ovs_action_push_vlan),
1624 [OVS_ACTION_ATTR_POP_VLAN] = 0,
1625 [OVS_ACTION_ATTR_SET] = (u32)-1,
1626 [OVS_ACTION_ATTR_SAMPLE] = (u32)-1,
1627 [OVS_ACTION_ATTR_HASH] = sizeof(struct ovs_action_hash)
1628 };
1629 const struct ovs_action_push_vlan *vlan;
1630 int type = nla_type(a);
1631 bool skip_copy;
1632
1633 if (type > OVS_ACTION_ATTR_MAX ||
1634 (action_lens[type] != nla_len(a) &&
1635 action_lens[type] != (u32)-1))
1636 return -EINVAL;
1637
1638 skip_copy = false;
1639 switch (type) {
1640 case OVS_ACTION_ATTR_UNSPEC:
1641 return -EINVAL;
1642
1643 case OVS_ACTION_ATTR_USERSPACE:
1644 err = validate_userspace(a);
1645 if (err)
1646 return err;
1647 break;
1648
1649 case OVS_ACTION_ATTR_OUTPUT:
1650 if (nla_get_u32(a) >= DP_MAX_PORTS)
1651 return -EINVAL;
1652 break;
1653
1654 case OVS_ACTION_ATTR_HASH: {
1655 const struct ovs_action_hash *act_hash = nla_data(a);
1656
1657 switch (act_hash->hash_alg) {
1658 case OVS_HASH_ALG_L4:
1659 break;
1660 default:
1661 return -EINVAL;
1662 }
1663
1664 break;
1665 }
1666
1667 case OVS_ACTION_ATTR_POP_VLAN:
1668 break;
1669
1670 case OVS_ACTION_ATTR_PUSH_VLAN:
1671 vlan = nla_data(a);
1672 if (vlan->vlan_tpid != htons(ETH_P_8021Q))
1673 return -EINVAL;
1674 if (!(vlan->vlan_tci & htons(VLAN_TAG_PRESENT)))
1675 return -EINVAL;
1676 vlan_tci = vlan->vlan_tci;
1677 break;
1678
1679 case OVS_ACTION_ATTR_RECIRC:
1680 break;
1681
1682 case OVS_ACTION_ATTR_PUSH_MPLS: {
1683 const struct ovs_action_push_mpls *mpls = nla_data(a);
1684
1685 if (!eth_p_mpls(mpls->mpls_ethertype))
1686 return -EINVAL;
1687 /* Prohibit push MPLS other than to a white list
1688 * for packets that have a known tag order.
1689 *
1690 * vlan_tci indicates that the packet at one
1691 * point had a VLAN. It may have been subsequently
1692 * removed using pop VLAN so this rule is stricter
1693 * than necessary. This is because it is not
1694 * possible to know if a VLAN is still present
1695 * after a pop VLAN action. */
1696 if (vlan_tci & htons(VLAN_TAG_PRESENT) ||
1697 (eth_type != htons(ETH_P_IP) &&
1698 eth_type != htons(ETH_P_IPV6) &&
1699 eth_type != htons(ETH_P_ARP) &&
1700 eth_type != htons(ETH_P_RARP) &&
1701 !eth_p_mpls(eth_type)))
1702 return -EINVAL;
1703 eth_type = mpls->mpls_ethertype;
1704 break;
1705 }
1706
1707 case OVS_ACTION_ATTR_POP_MPLS:
1708 if (vlan_tci & htons(VLAN_TAG_PRESENT) ||
1709 !eth_p_mpls(eth_type))
1710 return -EINVAL;
1711
1712 /* Disallow subsequent L2.5+ set and mpls_pop actions
1713 * as there is no check here to ensure that the new
1714 * eth_type is valid and thus set actions could
1715 * write off the end of the packet or otherwise
1716 * corrupt it.
1717 *
1718 * Support for these actions is planned using packet
1719 * recirculation.
1720 */
1721 eth_type = htons(0);
1722 break;
1723
1724 case OVS_ACTION_ATTR_SET:
1725 err = validate_set(a, key, sfa, &skip_copy, eth_type);
1726 if (err)
1727 return err;
1728 break;
1729
1730 case OVS_ACTION_ATTR_SAMPLE:
1731 err = validate_and_copy_sample(a, key, depth, sfa,
1732 eth_type, vlan_tci);
1733 if (err)
1734 return err;
1735 skip_copy = true;
1736 break;
1737
1738 default:
1739 return -EINVAL;
1740 }
1741 if (!skip_copy) {
1742 err = copy_action(a, sfa);
1743 if (err)
1744 return err;
1745 }
1746 }
1747
1748 if (rem > 0)
1749 return -EINVAL;
1750
1751 return 0;
1752 }
1753
1754 int ovs_nla_copy_actions(const struct nlattr *attr,
1755 const struct sw_flow_key *key,
1756 struct sw_flow_actions **sfa)
1757 {
1758 return ovs_nla_copy_actions__(attr, key, 0, sfa, key->eth.type,
1759 key->eth.tci);
1760 }
1761
1762 static int sample_action_to_attr(const struct nlattr *attr, struct sk_buff *skb)
1763 {
1764 const struct nlattr *a;
1765 struct nlattr *start;
1766 int err = 0, rem;
1767
1768 start = nla_nest_start(skb, OVS_ACTION_ATTR_SAMPLE);
1769 if (!start)
1770 return -EMSGSIZE;
1771
1772 nla_for_each_nested(a, attr, rem) {
1773 int type = nla_type(a);
1774 struct nlattr *st_sample;
1775
1776 switch (type) {
1777 case OVS_SAMPLE_ATTR_PROBABILITY:
1778 if (nla_put(skb, OVS_SAMPLE_ATTR_PROBABILITY,
1779 sizeof(u32), nla_data(a)))
1780 return -EMSGSIZE;
1781 break;
1782 case OVS_SAMPLE_ATTR_ACTIONS:
1783 st_sample = nla_nest_start(skb, OVS_SAMPLE_ATTR_ACTIONS);
1784 if (!st_sample)
1785 return -EMSGSIZE;
1786 err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb);
1787 if (err)
1788 return err;
1789 nla_nest_end(skb, st_sample);
1790 break;
1791 }
1792 }
1793
1794 nla_nest_end(skb, start);
1795 return err;
1796 }
1797
1798 static int set_action_to_attr(const struct nlattr *a, struct sk_buff *skb)
1799 {
1800 const struct nlattr *ovs_key = nla_data(a);
1801 int key_type = nla_type(ovs_key);
1802 struct nlattr *start;
1803 int err;
1804
1805 switch (key_type) {
1806 case OVS_KEY_ATTR_TUNNEL_INFO: {
1807 struct ovs_tunnel_info *tun_info = nla_data(ovs_key);
1808
1809 start = nla_nest_start(skb, OVS_ACTION_ATTR_SET);
1810 if (!start)
1811 return -EMSGSIZE;
1812
1813 err = ipv4_tun_to_nlattr(skb, &tun_info->tunnel,
1814 tun_info->options_len ?
1815 tun_info->options : NULL,
1816 tun_info->options_len);
1817 if (err)
1818 return err;
1819 nla_nest_end(skb, start);
1820 break;
1821 }
1822 default:
1823 if (nla_put(skb, OVS_ACTION_ATTR_SET, nla_len(a), ovs_key))
1824 return -EMSGSIZE;
1825 break;
1826 }
1827
1828 return 0;
1829 }
1830
1831 int ovs_nla_put_actions(const struct nlattr *attr, int len, struct sk_buff *skb)
1832 {
1833 const struct nlattr *a;
1834 int rem, err;
1835
1836 nla_for_each_attr(a, attr, len, rem) {
1837 int type = nla_type(a);
1838
1839 switch (type) {
1840 case OVS_ACTION_ATTR_SET:
1841 err = set_action_to_attr(a, skb);
1842 if (err)
1843 return err;
1844 break;
1845
1846 case OVS_ACTION_ATTR_SAMPLE:
1847 err = sample_action_to_attr(a, skb);
1848 if (err)
1849 return err;
1850 break;
1851 default:
1852 if (nla_put(skb, type, nla_len(a), nla_data(a)))
1853 return -EMSGSIZE;
1854 break;
1855 }
1856 }
1857
1858 return 0;
1859 }
openvswitch mirror