2 * Copyright (c) 2007-2013 Nicira, Inc.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of version 2 of the GNU General Public
6 * License as published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
24 #include <linux/uaccess.h>
25 #include <linux/netdevice.h>
26 #include <linux/etherdevice.h>
27 #include <linux/if_ether.h>
28 #include <linux/if_vlan.h>
29 #include <net/llc_pdu.h>
30 #include <linux/kernel.h>
31 #include <linux/jhash.h>
32 #include <linux/jiffies.h>
33 #include <linux/llc.h>
34 #include <linux/module.h>
36 #include <linux/rcupdate.h>
37 #include <linux/if_arp.h>
39 #include <linux/ipv6.h>
40 #include <linux/sctp.h>
41 #include <linux/tcp.h>
42 #include <linux/udp.h>
43 #include <linux/icmp.h>
44 #include <linux/icmpv6.h>
45 #include <linux/rculist.h>
46 #include <net/geneve.h>
48 #include <net/ip_tunnels.h>
50 #include <net/ndisc.h>
52 #include "flow_netlink.h"
54 static void update_range__(struct sw_flow_match
*match
,
55 size_t offset
, size_t size
, bool is_mask
)
57 struct sw_flow_key_range
*range
= NULL
;
58 size_t start
= rounddown(offset
, sizeof(long));
59 size_t end
= roundup(offset
+ size
, sizeof(long));
62 range
= &match
->range
;
64 range
= &match
->mask
->range
;
69 if (range
->start
== range
->end
) {
75 if (range
->start
> start
)
82 #define SW_FLOW_KEY_PUT(match, field, value, is_mask) \
84 update_range__(match, offsetof(struct sw_flow_key, field), \
85 sizeof((match)->key->field), is_mask); \
88 (match)->mask->key.field = value; \
90 (match)->key->field = value; \
94 #define SW_FLOW_KEY_MEMCPY_OFFSET(match, offset, value_p, len, is_mask) \
96 update_range__(match, offset, len, is_mask); \
99 memcpy((u8 *)&(match)->mask->key + offset, value_p, len);\
101 memcpy((u8 *)(match)->key + offset, value_p, len); \
105 #define SW_FLOW_KEY_MEMCPY(match, field, value_p, len, is_mask) \
106 SW_FLOW_KEY_MEMCPY_OFFSET(match, offsetof(struct sw_flow_key, field), \
107 value_p, len, is_mask)
109 static u16
range_n_bytes(const struct sw_flow_key_range
*range
)
111 return range
->end
- range
->start
;
114 static bool match_validate(const struct sw_flow_match
*match
,
115 u64 key_attrs
, u64 mask_attrs
)
117 u64 key_expected
= 1ULL << OVS_KEY_ATTR_ETHERNET
;
118 u64 mask_allowed
= key_attrs
; /* At most allow all key attributes */
120 /* The following mask attributes allowed only if they
121 * pass the validation tests. */
122 mask_allowed
&= ~((1ULL << OVS_KEY_ATTR_IPV4
)
123 | (1ULL << OVS_KEY_ATTR_IPV6
)
124 | (1ULL << OVS_KEY_ATTR_TCP
)
125 | (1ULL << OVS_KEY_ATTR_TCP_FLAGS
)
126 | (1ULL << OVS_KEY_ATTR_UDP
)
127 | (1ULL << OVS_KEY_ATTR_SCTP
)
128 | (1ULL << OVS_KEY_ATTR_ICMP
)
129 | (1ULL << OVS_KEY_ATTR_ICMPV6
)
130 | (1ULL << OVS_KEY_ATTR_ARP
)
131 | (1ULL << OVS_KEY_ATTR_ND
)
132 | (1ULL << OVS_KEY_ATTR_MPLS
));
134 /* Always allowed mask fields. */
135 mask_allowed
|= ((1ULL << OVS_KEY_ATTR_TUNNEL
)
136 | (1ULL << OVS_KEY_ATTR_IN_PORT
)
137 | (1ULL << OVS_KEY_ATTR_ETHERTYPE
));
139 /* Check key attributes. */
140 if (match
->key
->eth
.type
== htons(ETH_P_ARP
)
141 || match
->key
->eth
.type
== htons(ETH_P_RARP
)) {
142 key_expected
|= 1ULL << OVS_KEY_ATTR_ARP
;
143 if (match
->mask
&& (match
->mask
->key
.eth
.type
== htons(0xffff)))
144 mask_allowed
|= 1ULL << OVS_KEY_ATTR_ARP
;
148 if (eth_p_mpls(match
->key
->eth
.type
)) {
149 key_expected
|= 1ULL << OVS_KEY_ATTR_MPLS
;
150 if (match
->mask
&& (match
->mask
->key
.eth
.type
== htons(0xffff)))
151 mask_allowed
|= 1ULL << OVS_KEY_ATTR_MPLS
;
154 if (match
->key
->eth
.type
== htons(ETH_P_IP
)) {
155 key_expected
|= 1ULL << OVS_KEY_ATTR_IPV4
;
156 if (match
->mask
&& (match
->mask
->key
.eth
.type
== htons(0xffff)))
157 mask_allowed
|= 1ULL << OVS_KEY_ATTR_IPV4
;
159 if (match
->key
->ip
.frag
!= OVS_FRAG_TYPE_LATER
) {
160 if (match
->key
->ip
.proto
== IPPROTO_UDP
) {
161 key_expected
|= 1ULL << OVS_KEY_ATTR_UDP
;
162 if (match
->mask
&& (match
->mask
->key
.ip
.proto
== 0xff))
163 mask_allowed
|= 1ULL << OVS_KEY_ATTR_UDP
;
166 if (match
->key
->ip
.proto
== IPPROTO_SCTP
) {
167 key_expected
|= 1ULL << OVS_KEY_ATTR_SCTP
;
168 if (match
->mask
&& (match
->mask
->key
.ip
.proto
== 0xff))
169 mask_allowed
|= 1ULL << OVS_KEY_ATTR_SCTP
;
172 if (match
->key
->ip
.proto
== IPPROTO_TCP
) {
173 key_expected
|= 1ULL << OVS_KEY_ATTR_TCP
;
174 key_expected
|= 1ULL << OVS_KEY_ATTR_TCP_FLAGS
;
175 if (match
->mask
&& (match
->mask
->key
.ip
.proto
== 0xff)) {
176 mask_allowed
|= 1ULL << OVS_KEY_ATTR_TCP
;
177 mask_allowed
|= 1ULL << OVS_KEY_ATTR_TCP_FLAGS
;
181 if (match
->key
->ip
.proto
== IPPROTO_ICMP
) {
182 key_expected
|= 1ULL << OVS_KEY_ATTR_ICMP
;
183 if (match
->mask
&& (match
->mask
->key
.ip
.proto
== 0xff))
184 mask_allowed
|= 1ULL << OVS_KEY_ATTR_ICMP
;
189 if (match
->key
->eth
.type
== htons(ETH_P_IPV6
)) {
190 key_expected
|= 1ULL << OVS_KEY_ATTR_IPV6
;
191 if (match
->mask
&& (match
->mask
->key
.eth
.type
== htons(0xffff)))
192 mask_allowed
|= 1ULL << OVS_KEY_ATTR_IPV6
;
194 if (match
->key
->ip
.frag
!= OVS_FRAG_TYPE_LATER
) {
195 if (match
->key
->ip
.proto
== IPPROTO_UDP
) {
196 key_expected
|= 1ULL << OVS_KEY_ATTR_UDP
;
197 if (match
->mask
&& (match
->mask
->key
.ip
.proto
== 0xff))
198 mask_allowed
|= 1ULL << OVS_KEY_ATTR_UDP
;
201 if (match
->key
->ip
.proto
== IPPROTO_SCTP
) {
202 key_expected
|= 1ULL << OVS_KEY_ATTR_SCTP
;
203 if (match
->mask
&& (match
->mask
->key
.ip
.proto
== 0xff))
204 mask_allowed
|= 1ULL << OVS_KEY_ATTR_SCTP
;
207 if (match
->key
->ip
.proto
== IPPROTO_TCP
) {
208 key_expected
|= 1ULL << OVS_KEY_ATTR_TCP
;
209 key_expected
|= 1ULL << OVS_KEY_ATTR_TCP_FLAGS
;
210 if (match
->mask
&& (match
->mask
->key
.ip
.proto
== 0xff)) {
211 mask_allowed
|= 1ULL << OVS_KEY_ATTR_TCP
;
212 mask_allowed
|= 1ULL << OVS_KEY_ATTR_TCP_FLAGS
;
216 if (match
->key
->ip
.proto
== IPPROTO_ICMPV6
) {
217 key_expected
|= 1ULL << OVS_KEY_ATTR_ICMPV6
;
218 if (match
->mask
&& (match
->mask
->key
.ip
.proto
== 0xff))
219 mask_allowed
|= 1ULL << OVS_KEY_ATTR_ICMPV6
;
221 if (match
->key
->tp
.src
==
222 htons(NDISC_NEIGHBOUR_SOLICITATION
) ||
223 match
->key
->tp
.src
== htons(NDISC_NEIGHBOUR_ADVERTISEMENT
)) {
224 key_expected
|= 1ULL << OVS_KEY_ATTR_ND
;
225 if (match
->mask
&& (match
->mask
->key
.tp
.src
== htons(0xffff)))
226 mask_allowed
|= 1ULL << OVS_KEY_ATTR_ND
;
232 if ((key_attrs
& key_expected
) != key_expected
) {
233 /* Key attributes check failed. */
234 OVS_NLERR("Missing expected key attributes (key_attrs=%llx, expected=%llx).\n",
235 (unsigned long long)key_attrs
, (unsigned long long)key_expected
);
239 if ((mask_attrs
& mask_allowed
) != mask_attrs
) {
240 /* Mask attributes check failed. */
241 OVS_NLERR("Contain more than allowed mask fields (mask_attrs=%llx, mask_allowed=%llx).\n",
242 (unsigned long long)mask_attrs
, (unsigned long long)mask_allowed
);
249 /* The size of the argument for each %OVS_KEY_ATTR_* Netlink attribute. */
250 static const int ovs_key_lens
[OVS_KEY_ATTR_MAX
+ 1] = {
251 [OVS_KEY_ATTR_ENCAP
] = -1,
252 [OVS_KEY_ATTR_PRIORITY
] = sizeof(u32
),
253 [OVS_KEY_ATTR_IN_PORT
] = sizeof(u32
),
254 [OVS_KEY_ATTR_SKB_MARK
] = sizeof(u32
),
255 [OVS_KEY_ATTR_ETHERNET
] = sizeof(struct ovs_key_ethernet
),
256 [OVS_KEY_ATTR_VLAN
] = sizeof(__be16
),
257 [OVS_KEY_ATTR_ETHERTYPE
] = sizeof(__be16
),
258 [OVS_KEY_ATTR_IPV4
] = sizeof(struct ovs_key_ipv4
),
259 [OVS_KEY_ATTR_IPV6
] = sizeof(struct ovs_key_ipv6
),
260 [OVS_KEY_ATTR_TCP
] = sizeof(struct ovs_key_tcp
),
261 [OVS_KEY_ATTR_TCP_FLAGS
] = sizeof(__be16
),
262 [OVS_KEY_ATTR_UDP
] = sizeof(struct ovs_key_udp
),
263 [OVS_KEY_ATTR_SCTP
] = sizeof(struct ovs_key_sctp
),
264 [OVS_KEY_ATTR_ICMP
] = sizeof(struct ovs_key_icmp
),
265 [OVS_KEY_ATTR_ICMPV6
] = sizeof(struct ovs_key_icmpv6
),
266 [OVS_KEY_ATTR_ARP
] = sizeof(struct ovs_key_arp
),
267 [OVS_KEY_ATTR_ND
] = sizeof(struct ovs_key_nd
),
268 [OVS_KEY_ATTR_DP_HASH
] = sizeof(u32
),
269 [OVS_KEY_ATTR_RECIRC_ID
] = sizeof(u32
),
270 [OVS_KEY_ATTR_TUNNEL
] = -1,
271 [OVS_KEY_ATTR_MPLS
] = sizeof(struct ovs_key_mpls
),
274 static bool is_all_zero(const u8
*fp
, size_t size
)
281 for (i
= 0; i
< size
; i
++)
288 static int __parse_flow_nlattrs(const struct nlattr
*attr
,
289 const struct nlattr
*a
[],
290 u64
*attrsp
, bool nz
)
292 const struct nlattr
*nla
;
297 nla_for_each_nested(nla
, attr
, rem
) {
298 u16 type
= nla_type(nla
);
301 if (type
> OVS_KEY_ATTR_MAX
) {
302 OVS_NLERR("Unknown key attribute (type=%d, max=%d).\n",
303 type
, OVS_KEY_ATTR_MAX
);
307 if (attrs
& (1ULL << type
)) {
308 OVS_NLERR("Duplicate key attribute (type %d).\n", type
);
312 expected_len
= ovs_key_lens
[type
];
313 if (nla_len(nla
) != expected_len
&& expected_len
!= -1) {
314 OVS_NLERR("Key attribute has unexpected length (type=%d"
315 ", length=%d, expected=%d).\n", type
,
316 nla_len(nla
), expected_len
);
320 if (!nz
|| !is_all_zero(nla_data(nla
), expected_len
)) {
321 attrs
|= 1ULL << type
;
326 OVS_NLERR("Message has %d unknown bytes.\n", rem
);
334 static int parse_flow_mask_nlattrs(const struct nlattr
*attr
,
335 const struct nlattr
*a
[], u64
*attrsp
)
337 return __parse_flow_nlattrs(attr
, a
, attrsp
, true);
340 static int parse_flow_nlattrs(const struct nlattr
*attr
,
341 const struct nlattr
*a
[], u64
*attrsp
)
343 return __parse_flow_nlattrs(attr
, a
, attrsp
, false);
346 static int ipv4_tun_from_nlattr(const struct nlattr
*attr
,
347 struct sw_flow_match
*match
, bool is_mask
)
352 __be16 tun_flags
= 0;
354 nla_for_each_nested(a
, attr
, rem
) {
355 int type
= nla_type(a
);
356 static const u32 ovs_tunnel_key_lens
[OVS_TUNNEL_KEY_ATTR_MAX
+ 1] = {
357 [OVS_TUNNEL_KEY_ATTR_ID
] = sizeof(u64
),
358 [OVS_TUNNEL_KEY_ATTR_IPV4_SRC
] = sizeof(u32
),
359 [OVS_TUNNEL_KEY_ATTR_IPV4_DST
] = sizeof(u32
),
360 [OVS_TUNNEL_KEY_ATTR_TOS
] = 1,
361 [OVS_TUNNEL_KEY_ATTR_TTL
] = 1,
362 [OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT
] = 0,
363 [OVS_TUNNEL_KEY_ATTR_CSUM
] = 0,
364 [OVS_TUNNEL_KEY_ATTR_OAM
] = 0,
365 [OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS
] = -1,
368 if (type
> OVS_TUNNEL_KEY_ATTR_MAX
) {
369 OVS_NLERR("Unknown IPv4 tunnel attribute (type=%d, max=%d).\n",
370 type
, OVS_TUNNEL_KEY_ATTR_MAX
);
374 if (ovs_tunnel_key_lens
[type
] != nla_len(a
) &&
375 ovs_tunnel_key_lens
[type
] != -1) {
376 OVS_NLERR("IPv4 tunnel attribute type has unexpected "
377 " length (type=%d, length=%d, expected=%d).\n",
378 type
, nla_len(a
), ovs_tunnel_key_lens
[type
]);
383 case OVS_TUNNEL_KEY_ATTR_ID
:
384 SW_FLOW_KEY_PUT(match
, tun_key
.tun_id
,
385 nla_get_be64(a
), is_mask
);
386 tun_flags
|= TUNNEL_KEY
;
388 case OVS_TUNNEL_KEY_ATTR_IPV4_SRC
:
389 SW_FLOW_KEY_PUT(match
, tun_key
.ipv4_src
,
390 nla_get_be32(a
), is_mask
);
392 case OVS_TUNNEL_KEY_ATTR_IPV4_DST
:
393 SW_FLOW_KEY_PUT(match
, tun_key
.ipv4_dst
,
394 nla_get_be32(a
), is_mask
);
396 case OVS_TUNNEL_KEY_ATTR_TOS
:
397 SW_FLOW_KEY_PUT(match
, tun_key
.ipv4_tos
,
398 nla_get_u8(a
), is_mask
);
400 case OVS_TUNNEL_KEY_ATTR_TTL
:
401 SW_FLOW_KEY_PUT(match
, tun_key
.ipv4_ttl
,
402 nla_get_u8(a
), is_mask
);
405 case OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT
:
406 tun_flags
|= TUNNEL_DONT_FRAGMENT
;
408 case OVS_TUNNEL_KEY_ATTR_CSUM
:
409 tun_flags
|= TUNNEL_CSUM
;
411 case OVS_TUNNEL_KEY_ATTR_OAM
:
412 tun_flags
|= TUNNEL_OAM
;
414 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS
:
415 if (nla_len(a
) > sizeof(match
->key
->tun_opts
)) {
416 OVS_NLERR("Geneve option length exceeds "
417 "maximum size (len %d, max %zu).\n",
419 sizeof(match
->key
->tun_opts
));
423 if (nla_len(a
) % 4 != 0) {
424 OVS_NLERR("Geneve option length is not "
425 "a multiple of 4 (len %d).\n",
430 /* We need to record the length of the options passed
431 * down, otherwise packets with the same format but
432 * additional options will be silently matched.
435 SW_FLOW_KEY_PUT(match
, tun_opts_len
, nla_len(a
),
438 /* This is somewhat unusual because it looks at
439 * both the key and mask while parsing the
440 * attributes (and by extension assumes the key
441 * is parsed first). Normally, we would verify
442 * that each is the correct length and that the
443 * attributes line up in the validate function.
444 * However, that is difficult because this is
445 * variable length and we won't have the
448 if (match
->key
->tun_opts_len
!= nla_len(a
)) {
449 OVS_NLERR("Geneve option key length (%d)"
450 " is different from mask length (%d).",
451 match
->key
->tun_opts_len
, nla_len(a
));
455 SW_FLOW_KEY_PUT(match
, tun_opts_len
, 0xff,
459 SW_FLOW_KEY_MEMCPY_OFFSET(match
,
460 (unsigned long)GENEVE_OPTS((struct sw_flow_key
*)0,
462 nla_data(a
), nla_len(a
), is_mask
);
469 SW_FLOW_KEY_PUT(match
, tun_key
.tun_flags
, tun_flags
, is_mask
);
472 OVS_NLERR("IPv4 tunnel attribute has %d unknown bytes.\n", rem
);
477 if (!match
->key
->tun_key
.ipv4_dst
) {
478 OVS_NLERR("IPv4 tunnel destination address is zero.\n");
483 OVS_NLERR("IPv4 tunnel TTL not specified.\n");
491 static int ipv4_tun_to_nlattr(struct sk_buff
*skb
,
492 const struct ovs_key_ipv4_tunnel
*output
,
493 const struct geneve_opt
*tun_opts
,
494 int swkey_tun_opts_len
)
498 nla
= nla_nest_start(skb
, OVS_KEY_ATTR_TUNNEL
);
502 if (output
->tun_flags
& TUNNEL_KEY
&&
503 nla_put_be64(skb
, OVS_TUNNEL_KEY_ATTR_ID
, output
->tun_id
))
505 if (output
->ipv4_src
&&
506 nla_put_be32(skb
, OVS_TUNNEL_KEY_ATTR_IPV4_SRC
, output
->ipv4_src
))
508 if (output
->ipv4_dst
&&
509 nla_put_be32(skb
, OVS_TUNNEL_KEY_ATTR_IPV4_DST
, output
->ipv4_dst
))
511 if (output
->ipv4_tos
&&
512 nla_put_u8(skb
, OVS_TUNNEL_KEY_ATTR_TOS
, output
->ipv4_tos
))
514 if (nla_put_u8(skb
, OVS_TUNNEL_KEY_ATTR_TTL
, output
->ipv4_ttl
))
516 if ((output
->tun_flags
& TUNNEL_DONT_FRAGMENT
) &&
517 nla_put_flag(skb
, OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT
))
519 if ((output
->tun_flags
& TUNNEL_CSUM
) &&
520 nla_put_flag(skb
, OVS_TUNNEL_KEY_ATTR_CSUM
))
522 if ((output
->tun_flags
& TUNNEL_OAM
) &&
523 nla_put_flag(skb
, OVS_TUNNEL_KEY_ATTR_OAM
))
526 nla_put(skb
, OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS
,
527 swkey_tun_opts_len
, tun_opts
));
529 nla_nest_end(skb
, nla
);
534 static int metadata_from_nlattrs(struct sw_flow_match
*match
, u64
*attrs
,
535 const struct nlattr
**a
, bool is_mask
)
537 if (*attrs
& (1ULL << OVS_KEY_ATTR_DP_HASH
)) {
538 u32 hash_val
= nla_get_u32(a
[OVS_KEY_ATTR_DP_HASH
]);
540 SW_FLOW_KEY_PUT(match
, ovs_flow_hash
, hash_val
, is_mask
);
541 *attrs
&= ~(1ULL << OVS_KEY_ATTR_DP_HASH
);
544 if (*attrs
& (1ULL << OVS_KEY_ATTR_RECIRC_ID
)) {
545 u32 recirc_id
= nla_get_u32(a
[OVS_KEY_ATTR_RECIRC_ID
]);
547 SW_FLOW_KEY_PUT(match
, recirc_id
, recirc_id
, is_mask
);
548 *attrs
&= ~(1ULL << OVS_KEY_ATTR_RECIRC_ID
);
551 if (*attrs
& (1ULL << OVS_KEY_ATTR_PRIORITY
)) {
552 SW_FLOW_KEY_PUT(match
, phy
.priority
,
553 nla_get_u32(a
[OVS_KEY_ATTR_PRIORITY
]), is_mask
);
554 *attrs
&= ~(1ULL << OVS_KEY_ATTR_PRIORITY
);
557 if (*attrs
& (1ULL << OVS_KEY_ATTR_IN_PORT
)) {
558 u32 in_port
= nla_get_u32(a
[OVS_KEY_ATTR_IN_PORT
]);
561 in_port
= 0xffffffff; /* Always exact match in_port. */
562 else if (in_port
>= DP_MAX_PORTS
)
565 SW_FLOW_KEY_PUT(match
, phy
.in_port
, in_port
, is_mask
);
566 *attrs
&= ~(1ULL << OVS_KEY_ATTR_IN_PORT
);
567 } else if (!is_mask
) {
568 SW_FLOW_KEY_PUT(match
, phy
.in_port
, DP_MAX_PORTS
, is_mask
);
571 if (*attrs
& (1ULL << OVS_KEY_ATTR_SKB_MARK
)) {
572 uint32_t mark
= nla_get_u32(a
[OVS_KEY_ATTR_SKB_MARK
]);
574 SW_FLOW_KEY_PUT(match
, phy
.skb_mark
, mark
, is_mask
);
575 *attrs
&= ~(1ULL << OVS_KEY_ATTR_SKB_MARK
);
577 if (*attrs
& (1ULL << OVS_KEY_ATTR_TUNNEL
)) {
578 if (ipv4_tun_from_nlattr(a
[OVS_KEY_ATTR_TUNNEL
], match
,
581 *attrs
&= ~(1ULL << OVS_KEY_ATTR_TUNNEL
);
586 static int ovs_key_from_nlattrs(struct sw_flow_match
*match
, u64 attrs
,
587 const struct nlattr
**a
, bool is_mask
)
591 err
= metadata_from_nlattrs(match
, &attrs
, a
, is_mask
);
595 if (attrs
& (1ULL << OVS_KEY_ATTR_ETHERNET
)) {
596 const struct ovs_key_ethernet
*eth_key
;
598 eth_key
= nla_data(a
[OVS_KEY_ATTR_ETHERNET
]);
599 SW_FLOW_KEY_MEMCPY(match
, eth
.src
,
600 eth_key
->eth_src
, ETH_ALEN
, is_mask
);
601 SW_FLOW_KEY_MEMCPY(match
, eth
.dst
,
602 eth_key
->eth_dst
, ETH_ALEN
, is_mask
);
603 attrs
&= ~(1ULL << OVS_KEY_ATTR_ETHERNET
);
606 if (attrs
& (1ULL << OVS_KEY_ATTR_VLAN
)) {
609 tci
= nla_get_be16(a
[OVS_KEY_ATTR_VLAN
]);
610 if (!(tci
& htons(VLAN_TAG_PRESENT
))) {
612 OVS_NLERR("VLAN TCI mask does not have exact match for VLAN_TAG_PRESENT bit.\n");
614 OVS_NLERR("VLAN TCI does not have VLAN_TAG_PRESENT bit set.\n");
619 SW_FLOW_KEY_PUT(match
, eth
.tci
, tci
, is_mask
);
620 attrs
&= ~(1ULL << OVS_KEY_ATTR_VLAN
);
622 SW_FLOW_KEY_PUT(match
, eth
.tci
, htons(0xffff), true);
624 if (attrs
& (1ULL << OVS_KEY_ATTR_ETHERTYPE
)) {
627 eth_type
= nla_get_be16(a
[OVS_KEY_ATTR_ETHERTYPE
]);
629 /* Always exact match EtherType. */
630 eth_type
= htons(0xffff);
631 } else if (ntohs(eth_type
) < ETH_P_802_3_MIN
) {
632 OVS_NLERR("EtherType is less than minimum (type=%x, min=%x).\n",
633 ntohs(eth_type
), ETH_P_802_3_MIN
);
637 SW_FLOW_KEY_PUT(match
, eth
.type
, eth_type
, is_mask
);
638 attrs
&= ~(1ULL << OVS_KEY_ATTR_ETHERTYPE
);
639 } else if (!is_mask
) {
640 SW_FLOW_KEY_PUT(match
, eth
.type
, htons(ETH_P_802_2
), is_mask
);
643 if (attrs
& (1ULL << OVS_KEY_ATTR_IPV4
)) {
644 const struct ovs_key_ipv4
*ipv4_key
;
646 ipv4_key
= nla_data(a
[OVS_KEY_ATTR_IPV4
]);
647 if (!is_mask
&& ipv4_key
->ipv4_frag
> OVS_FRAG_TYPE_MAX
) {
648 OVS_NLERR("Unknown IPv4 fragment type (value=%d, max=%d).\n",
649 ipv4_key
->ipv4_frag
, OVS_FRAG_TYPE_MAX
);
652 SW_FLOW_KEY_PUT(match
, ip
.proto
,
653 ipv4_key
->ipv4_proto
, is_mask
);
654 SW_FLOW_KEY_PUT(match
, ip
.tos
,
655 ipv4_key
->ipv4_tos
, is_mask
);
656 SW_FLOW_KEY_PUT(match
, ip
.ttl
,
657 ipv4_key
->ipv4_ttl
, is_mask
);
658 SW_FLOW_KEY_PUT(match
, ip
.frag
,
659 ipv4_key
->ipv4_frag
, is_mask
);
660 SW_FLOW_KEY_PUT(match
, ipv4
.addr
.src
,
661 ipv4_key
->ipv4_src
, is_mask
);
662 SW_FLOW_KEY_PUT(match
, ipv4
.addr
.dst
,
663 ipv4_key
->ipv4_dst
, is_mask
);
664 attrs
&= ~(1ULL << OVS_KEY_ATTR_IPV4
);
667 if (attrs
& (1ULL << OVS_KEY_ATTR_IPV6
)) {
668 const struct ovs_key_ipv6
*ipv6_key
;
670 ipv6_key
= nla_data(a
[OVS_KEY_ATTR_IPV6
]);
671 if (!is_mask
&& ipv6_key
->ipv6_frag
> OVS_FRAG_TYPE_MAX
) {
672 OVS_NLERR("Unknown IPv6 fragment type (value=%d, max=%d).\n",
673 ipv6_key
->ipv6_frag
, OVS_FRAG_TYPE_MAX
);
676 SW_FLOW_KEY_PUT(match
, ipv6
.label
,
677 ipv6_key
->ipv6_label
, is_mask
);
678 SW_FLOW_KEY_PUT(match
, ip
.proto
,
679 ipv6_key
->ipv6_proto
, is_mask
);
680 SW_FLOW_KEY_PUT(match
, ip
.tos
,
681 ipv6_key
->ipv6_tclass
, is_mask
);
682 SW_FLOW_KEY_PUT(match
, ip
.ttl
,
683 ipv6_key
->ipv6_hlimit
, is_mask
);
684 SW_FLOW_KEY_PUT(match
, ip
.frag
,
685 ipv6_key
->ipv6_frag
, is_mask
);
686 SW_FLOW_KEY_MEMCPY(match
, ipv6
.addr
.src
,
688 sizeof(match
->key
->ipv6
.addr
.src
),
690 SW_FLOW_KEY_MEMCPY(match
, ipv6
.addr
.dst
,
692 sizeof(match
->key
->ipv6
.addr
.dst
),
695 attrs
&= ~(1ULL << OVS_KEY_ATTR_IPV6
);
698 if (attrs
& (1ULL << OVS_KEY_ATTR_ARP
)) {
699 const struct ovs_key_arp
*arp_key
;
701 arp_key
= nla_data(a
[OVS_KEY_ATTR_ARP
]);
702 if (!is_mask
&& (arp_key
->arp_op
& htons(0xff00))) {
703 OVS_NLERR("Unknown ARP opcode (opcode=%d).\n",
708 SW_FLOW_KEY_PUT(match
, ipv4
.addr
.src
,
709 arp_key
->arp_sip
, is_mask
);
710 SW_FLOW_KEY_PUT(match
, ipv4
.addr
.dst
,
711 arp_key
->arp_tip
, is_mask
);
712 SW_FLOW_KEY_PUT(match
, ip
.proto
,
713 ntohs(arp_key
->arp_op
), is_mask
);
714 SW_FLOW_KEY_MEMCPY(match
, ipv4
.arp
.sha
,
715 arp_key
->arp_sha
, ETH_ALEN
, is_mask
);
716 SW_FLOW_KEY_MEMCPY(match
, ipv4
.arp
.tha
,
717 arp_key
->arp_tha
, ETH_ALEN
, is_mask
);
719 attrs
&= ~(1ULL << OVS_KEY_ATTR_ARP
);
722 if (attrs
& (1ULL << OVS_KEY_ATTR_MPLS
)) {
723 const struct ovs_key_mpls
*mpls_key
;
725 mpls_key
= nla_data(a
[OVS_KEY_ATTR_MPLS
]);
726 SW_FLOW_KEY_PUT(match
, mpls
.top_lse
,
727 mpls_key
->mpls_lse
, is_mask
);
729 attrs
&= ~(1ULL << OVS_KEY_ATTR_MPLS
);
732 if (attrs
& (1ULL << OVS_KEY_ATTR_TCP
)) {
733 const struct ovs_key_tcp
*tcp_key
;
735 tcp_key
= nla_data(a
[OVS_KEY_ATTR_TCP
]);
736 SW_FLOW_KEY_PUT(match
, tp
.src
, tcp_key
->tcp_src
, is_mask
);
737 SW_FLOW_KEY_PUT(match
, tp
.dst
, tcp_key
->tcp_dst
, is_mask
);
738 attrs
&= ~(1ULL << OVS_KEY_ATTR_TCP
);
741 if (attrs
& (1ULL << OVS_KEY_ATTR_TCP_FLAGS
)) {
742 SW_FLOW_KEY_PUT(match
, tp
.flags
,
743 nla_get_be16(a
[OVS_KEY_ATTR_TCP_FLAGS
]),
745 attrs
&= ~(1ULL << OVS_KEY_ATTR_TCP_FLAGS
);
748 if (attrs
& (1ULL << OVS_KEY_ATTR_UDP
)) {
749 const struct ovs_key_udp
*udp_key
;
751 udp_key
= nla_data(a
[OVS_KEY_ATTR_UDP
]);
752 SW_FLOW_KEY_PUT(match
, tp
.src
, udp_key
->udp_src
, is_mask
);
753 SW_FLOW_KEY_PUT(match
, tp
.dst
, udp_key
->udp_dst
, is_mask
);
754 attrs
&= ~(1ULL << OVS_KEY_ATTR_UDP
);
757 if (attrs
& (1ULL << OVS_KEY_ATTR_SCTP
)) {
758 const struct ovs_key_sctp
*sctp_key
;
760 sctp_key
= nla_data(a
[OVS_KEY_ATTR_SCTP
]);
761 SW_FLOW_KEY_PUT(match
, tp
.src
, sctp_key
->sctp_src
, is_mask
);
762 SW_FLOW_KEY_PUT(match
, tp
.dst
, sctp_key
->sctp_dst
, is_mask
);
763 attrs
&= ~(1ULL << OVS_KEY_ATTR_SCTP
);
766 if (attrs
& (1ULL << OVS_KEY_ATTR_ICMP
)) {
767 const struct ovs_key_icmp
*icmp_key
;
769 icmp_key
= nla_data(a
[OVS_KEY_ATTR_ICMP
]);
770 SW_FLOW_KEY_PUT(match
, tp
.src
,
771 htons(icmp_key
->icmp_type
), is_mask
);
772 SW_FLOW_KEY_PUT(match
, tp
.dst
,
773 htons(icmp_key
->icmp_code
), is_mask
);
774 attrs
&= ~(1ULL << OVS_KEY_ATTR_ICMP
);
777 if (attrs
& (1ULL << OVS_KEY_ATTR_ICMPV6
)) {
778 const struct ovs_key_icmpv6
*icmpv6_key
;
780 icmpv6_key
= nla_data(a
[OVS_KEY_ATTR_ICMPV6
]);
781 SW_FLOW_KEY_PUT(match
, tp
.src
,
782 htons(icmpv6_key
->icmpv6_type
), is_mask
);
783 SW_FLOW_KEY_PUT(match
, tp
.dst
,
784 htons(icmpv6_key
->icmpv6_code
), is_mask
);
785 attrs
&= ~(1ULL << OVS_KEY_ATTR_ICMPV6
);
788 if (attrs
& (1ULL << OVS_KEY_ATTR_ND
)) {
789 const struct ovs_key_nd
*nd_key
;
791 nd_key
= nla_data(a
[OVS_KEY_ATTR_ND
]);
792 SW_FLOW_KEY_MEMCPY(match
, ipv6
.nd
.target
,
794 sizeof(match
->key
->ipv6
.nd
.target
),
796 SW_FLOW_KEY_MEMCPY(match
, ipv6
.nd
.sll
,
797 nd_key
->nd_sll
, ETH_ALEN
, is_mask
);
798 SW_FLOW_KEY_MEMCPY(match
, ipv6
.nd
.tll
,
799 nd_key
->nd_tll
, ETH_ALEN
, is_mask
);
800 attrs
&= ~(1ULL << OVS_KEY_ATTR_ND
);
809 static void sw_flow_mask_set(struct sw_flow_mask
*mask
,
810 struct sw_flow_key_range
*range
, u8 val
)
812 u8
*m
= (u8
*)&mask
->key
+ range
->start
;
814 mask
->range
= *range
;
815 memset(m
, val
, range_n_bytes(range
));
819 * ovs_nla_get_match - parses Netlink attributes into a flow key and
820 * mask. In case the 'mask' is NULL, the flow is treated as exact match
821 * flow. Otherwise, it is treated as a wildcarded flow, except the mask
822 * does not include any don't care bit.
823 * @match: receives the extracted flow match information.
824 * @key: Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink attribute
825 * sequence. The fields should of the packet that triggered the creation
827 * @mask: Optional. Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink
828 * attribute specifies the mask field of the wildcarded flow.
830 int ovs_nla_get_match(struct sw_flow_match
*match
,
831 const struct nlattr
*key
,
832 const struct nlattr
*mask
)
834 const struct nlattr
*a
[OVS_KEY_ATTR_MAX
+ 1];
835 const struct nlattr
*encap
;
838 bool encap_valid
= false;
841 err
= parse_flow_nlattrs(key
, a
, &key_attrs
);
845 if ((key_attrs
& (1ULL << OVS_KEY_ATTR_ETHERNET
)) &&
846 (key_attrs
& (1ULL << OVS_KEY_ATTR_ETHERTYPE
)) &&
847 (nla_get_be16(a
[OVS_KEY_ATTR_ETHERTYPE
]) == htons(ETH_P_8021Q
))) {
850 if (!((key_attrs
& (1ULL << OVS_KEY_ATTR_VLAN
)) &&
851 (key_attrs
& (1ULL << OVS_KEY_ATTR_ENCAP
)))) {
852 OVS_NLERR("Invalid Vlan frame.\n");
856 key_attrs
&= ~(1ULL << OVS_KEY_ATTR_ETHERTYPE
);
857 tci
= nla_get_be16(a
[OVS_KEY_ATTR_VLAN
]);
858 encap
= a
[OVS_KEY_ATTR_ENCAP
];
859 key_attrs
&= ~(1ULL << OVS_KEY_ATTR_ENCAP
);
862 if (tci
& htons(VLAN_TAG_PRESENT
)) {
863 err
= parse_flow_nlattrs(encap
, a
, &key_attrs
);
867 /* Corner case for truncated 802.1Q header. */
868 if (nla_len(encap
)) {
869 OVS_NLERR("Truncated 802.1Q header has non-zero encap attribute.\n");
873 OVS_NLERR("Encap attribute is set for a non-VLAN frame.\n");
878 err
= ovs_key_from_nlattrs(match
, key_attrs
, a
, false);
883 err
= parse_flow_mask_nlattrs(mask
, a
, &mask_attrs
);
887 if (mask_attrs
& 1ULL << OVS_KEY_ATTR_ENCAP
) {
892 OVS_NLERR("Encap mask attribute is set for non-VLAN frame.\n");
896 mask_attrs
&= ~(1ULL << OVS_KEY_ATTR_ENCAP
);
897 if (a
[OVS_KEY_ATTR_ETHERTYPE
])
898 eth_type
= nla_get_be16(a
[OVS_KEY_ATTR_ETHERTYPE
]);
900 if (eth_type
== htons(0xffff)) {
901 mask_attrs
&= ~(1ULL << OVS_KEY_ATTR_ETHERTYPE
);
902 encap
= a
[OVS_KEY_ATTR_ENCAP
];
903 err
= parse_flow_mask_nlattrs(encap
, a
, &mask_attrs
);
905 OVS_NLERR("VLAN frames must have an exact match on the TPID (mask=%x).\n",
910 if (a
[OVS_KEY_ATTR_VLAN
])
911 tci
= nla_get_be16(a
[OVS_KEY_ATTR_VLAN
]);
913 if (!(tci
& htons(VLAN_TAG_PRESENT
))) {
914 OVS_NLERR("VLAN tag present bit must have an exact match (tci_mask=%x).\n", ntohs(tci
));
919 err
= ovs_key_from_nlattrs(match
, mask_attrs
, a
, true);
923 /* Populate exact match flow's key mask. */
925 sw_flow_mask_set(match
->mask
, &match
->range
, 0xff);
928 if (!match_validate(match
, key_attrs
, mask_attrs
))
935 * ovs_nla_get_flow_metadata - parses Netlink attributes into a flow key.
936 * @flow: Receives extracted in_port, priority, tun_key and skb_mark.
937 * @attr: Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink attribute
940 * This parses a series of Netlink attributes that form a flow key, which must
941 * take the same form accepted by flow_from_nlattrs(), but only enough of it to
942 * get the metadata, that is, the parts of the flow key that cannot be
943 * extracted from the packet itself.
946 int ovs_nla_get_flow_metadata(struct sw_flow
*flow
,
947 const struct nlattr
*attr
)
949 struct ovs_key_ipv4_tunnel
*tun_key
= &flow
->key
.tun_key
;
950 const struct nlattr
*a
[OVS_KEY_ATTR_MAX
+ 1];
953 struct sw_flow_match match
;
955 flow
->key
.phy
.in_port
= DP_MAX_PORTS
;
956 flow
->key
.phy
.priority
= 0;
957 flow
->key
.phy
.skb_mark
= 0;
958 flow
->key
.ovs_flow_hash
= 0;
959 flow
->key
.recirc_id
= 0;
960 memset(tun_key
, 0, sizeof(flow
->key
.tun_key
));
962 err
= parse_flow_nlattrs(attr
, a
, &attrs
);
966 memset(&match
, 0, sizeof(match
));
967 match
.key
= &flow
->key
;
969 err
= metadata_from_nlattrs(&match
, &attrs
, a
, false);
976 int ovs_nla_put_flow(struct datapath
*dp
, const struct sw_flow_key
*swkey
,
977 const struct sw_flow_key
*output
, struct sk_buff
*skb
)
979 struct ovs_key_ethernet
*eth_key
;
980 struct nlattr
*nla
, *encap
;
981 bool is_mask
= (swkey
!= output
);
983 if (nla_put_u32(skb
, OVS_KEY_ATTR_DP_HASH
, output
->ovs_flow_hash
))
984 goto nla_put_failure
;
986 if (nla_put_u32(skb
, OVS_KEY_ATTR_RECIRC_ID
, output
->recirc_id
))
987 goto nla_put_failure
;
989 if (nla_put_u32(skb
, OVS_KEY_ATTR_PRIORITY
, output
->phy
.priority
))
990 goto nla_put_failure
;
992 if ((swkey
->tun_key
.ipv4_dst
|| is_mask
)) {
993 const struct geneve_opt
*opts
= NULL
;
996 struct vport
*in_port
;
998 in_port
= ovs_vport_ovsl_rcu(dp
, swkey
->phy
.in_port
);
999 if (in_port
->ops
->type
== OVS_VPORT_TYPE_GENEVE
)
1000 opts
= GENEVE_OPTS(output
, swkey
->tun_opts_len
);
1002 if (output
->tun_opts_len
)
1003 opts
= GENEVE_OPTS(output
, swkey
->tun_opts_len
);
1006 if (ipv4_tun_to_nlattr(skb
, &output
->tun_key
, opts
,
1007 swkey
->tun_opts_len
))
1008 goto nla_put_failure
;
1011 if (swkey
->phy
.in_port
== DP_MAX_PORTS
) {
1012 if (is_mask
&& (output
->phy
.in_port
== 0xffff))
1013 if (nla_put_u32(skb
, OVS_KEY_ATTR_IN_PORT
, 0xffffffff))
1014 goto nla_put_failure
;
1017 upper_u16
= !is_mask
? 0 : 0xffff;
1019 if (nla_put_u32(skb
, OVS_KEY_ATTR_IN_PORT
,
1020 (upper_u16
<< 16) | output
->phy
.in_port
))
1021 goto nla_put_failure
;
1024 if (nla_put_u32(skb
, OVS_KEY_ATTR_SKB_MARK
, output
->phy
.skb_mark
))
1025 goto nla_put_failure
;
1027 nla
= nla_reserve(skb
, OVS_KEY_ATTR_ETHERNET
, sizeof(*eth_key
));
1029 goto nla_put_failure
;
1031 eth_key
= nla_data(nla
);
1032 ether_addr_copy(eth_key
->eth_src
, output
->eth
.src
);
1033 ether_addr_copy(eth_key
->eth_dst
, output
->eth
.dst
);
1035 if (swkey
->eth
.tci
|| swkey
->eth
.type
== htons(ETH_P_8021Q
)) {
1037 eth_type
= !is_mask
? htons(ETH_P_8021Q
) : htons(0xffff);
1038 if (nla_put_be16(skb
, OVS_KEY_ATTR_ETHERTYPE
, eth_type
) ||
1039 nla_put_be16(skb
, OVS_KEY_ATTR_VLAN
, output
->eth
.tci
))
1040 goto nla_put_failure
;
1041 encap
= nla_nest_start(skb
, OVS_KEY_ATTR_ENCAP
);
1042 if (!swkey
->eth
.tci
)
1047 if (swkey
->eth
.type
== htons(ETH_P_802_2
)) {
1049 * Ethertype 802.2 is represented in the netlink with omitted
1050 * OVS_KEY_ATTR_ETHERTYPE in the flow key attribute, and
1051 * 0xffff in the mask attribute. Ethertype can also
1054 if (is_mask
&& output
->eth
.type
)
1055 if (nla_put_be16(skb
, OVS_KEY_ATTR_ETHERTYPE
,
1057 goto nla_put_failure
;
1061 if (nla_put_be16(skb
, OVS_KEY_ATTR_ETHERTYPE
, output
->eth
.type
))
1062 goto nla_put_failure
;
1064 if (swkey
->eth
.type
== htons(ETH_P_IP
)) {
1065 struct ovs_key_ipv4
*ipv4_key
;
1067 nla
= nla_reserve(skb
, OVS_KEY_ATTR_IPV4
, sizeof(*ipv4_key
));
1069 goto nla_put_failure
;
1070 ipv4_key
= nla_data(nla
);
1071 ipv4_key
->ipv4_src
= output
->ipv4
.addr
.src
;
1072 ipv4_key
->ipv4_dst
= output
->ipv4
.addr
.dst
;
1073 ipv4_key
->ipv4_proto
= output
->ip
.proto
;
1074 ipv4_key
->ipv4_tos
= output
->ip
.tos
;
1075 ipv4_key
->ipv4_ttl
= output
->ip
.ttl
;
1076 ipv4_key
->ipv4_frag
= output
->ip
.frag
;
1077 } else if (swkey
->eth
.type
== htons(ETH_P_IPV6
)) {
1078 struct ovs_key_ipv6
*ipv6_key
;
1080 nla
= nla_reserve(skb
, OVS_KEY_ATTR_IPV6
, sizeof(*ipv6_key
));
1082 goto nla_put_failure
;
1083 ipv6_key
= nla_data(nla
);
1084 memcpy(ipv6_key
->ipv6_src
, &output
->ipv6
.addr
.src
,
1085 sizeof(ipv6_key
->ipv6_src
));
1086 memcpy(ipv6_key
->ipv6_dst
, &output
->ipv6
.addr
.dst
,
1087 sizeof(ipv6_key
->ipv6_dst
));
1088 ipv6_key
->ipv6_label
= output
->ipv6
.label
;
1089 ipv6_key
->ipv6_proto
= output
->ip
.proto
;
1090 ipv6_key
->ipv6_tclass
= output
->ip
.tos
;
1091 ipv6_key
->ipv6_hlimit
= output
->ip
.ttl
;
1092 ipv6_key
->ipv6_frag
= output
->ip
.frag
;
1093 } else if (swkey
->eth
.type
== htons(ETH_P_ARP
) ||
1094 swkey
->eth
.type
== htons(ETH_P_RARP
)) {
1095 struct ovs_key_arp
*arp_key
;
1097 nla
= nla_reserve(skb
, OVS_KEY_ATTR_ARP
, sizeof(*arp_key
));
1099 goto nla_put_failure
;
1100 arp_key
= nla_data(nla
);
1101 memset(arp_key
, 0, sizeof(struct ovs_key_arp
));
1102 arp_key
->arp_sip
= output
->ipv4
.addr
.src
;
1103 arp_key
->arp_tip
= output
->ipv4
.addr
.dst
;
1104 arp_key
->arp_op
= htons(output
->ip
.proto
);
1105 ether_addr_copy(arp_key
->arp_sha
, output
->ipv4
.arp
.sha
);
1106 ether_addr_copy(arp_key
->arp_tha
, output
->ipv4
.arp
.tha
);
1107 } else if (eth_p_mpls(swkey
->eth
.type
)) {
1108 struct ovs_key_mpls
*mpls_key
;
1110 nla
= nla_reserve(skb
, OVS_KEY_ATTR_MPLS
, sizeof(*mpls_key
));
1112 goto nla_put_failure
;
1113 mpls_key
= nla_data(nla
);
1114 mpls_key
->mpls_lse
= output
->mpls
.top_lse
;
1117 if ((swkey
->eth
.type
== htons(ETH_P_IP
) ||
1118 swkey
->eth
.type
== htons(ETH_P_IPV6
)) &&
1119 swkey
->ip
.frag
!= OVS_FRAG_TYPE_LATER
) {
1121 if (swkey
->ip
.proto
== IPPROTO_TCP
) {
1122 struct ovs_key_tcp
*tcp_key
;
1124 nla
= nla_reserve(skb
, OVS_KEY_ATTR_TCP
, sizeof(*tcp_key
));
1126 goto nla_put_failure
;
1127 tcp_key
= nla_data(nla
);
1128 tcp_key
->tcp_src
= output
->tp
.src
;
1129 tcp_key
->tcp_dst
= output
->tp
.dst
;
1130 if (nla_put_be16(skb
, OVS_KEY_ATTR_TCP_FLAGS
,
1132 goto nla_put_failure
;
1133 } else if (swkey
->ip
.proto
== IPPROTO_UDP
) {
1134 struct ovs_key_udp
*udp_key
;
1136 nla
= nla_reserve(skb
, OVS_KEY_ATTR_UDP
, sizeof(*udp_key
));
1138 goto nla_put_failure
;
1139 udp_key
= nla_data(nla
);
1140 udp_key
->udp_src
= output
->tp
.src
;
1141 udp_key
->udp_dst
= output
->tp
.dst
;
1142 } else if (swkey
->ip
.proto
== IPPROTO_SCTP
) {
1143 struct ovs_key_sctp
*sctp_key
;
1145 nla
= nla_reserve(skb
, OVS_KEY_ATTR_SCTP
, sizeof(*sctp_key
));
1147 goto nla_put_failure
;
1148 sctp_key
= nla_data(nla
);
1149 sctp_key
->sctp_src
= output
->tp
.src
;
1150 sctp_key
->sctp_dst
= output
->tp
.dst
;
1151 } else if (swkey
->eth
.type
== htons(ETH_P_IP
) &&
1152 swkey
->ip
.proto
== IPPROTO_ICMP
) {
1153 struct ovs_key_icmp
*icmp_key
;
1155 nla
= nla_reserve(skb
, OVS_KEY_ATTR_ICMP
, sizeof(*icmp_key
));
1157 goto nla_put_failure
;
1158 icmp_key
= nla_data(nla
);
1159 icmp_key
->icmp_type
= ntohs(output
->tp
.src
);
1160 icmp_key
->icmp_code
= ntohs(output
->tp
.dst
);
1161 } else if (swkey
->eth
.type
== htons(ETH_P_IPV6
) &&
1162 swkey
->ip
.proto
== IPPROTO_ICMPV6
) {
1163 struct ovs_key_icmpv6
*icmpv6_key
;
1165 nla
= nla_reserve(skb
, OVS_KEY_ATTR_ICMPV6
,
1166 sizeof(*icmpv6_key
));
1168 goto nla_put_failure
;
1169 icmpv6_key
= nla_data(nla
);
1170 icmpv6_key
->icmpv6_type
= ntohs(output
->tp
.src
);
1171 icmpv6_key
->icmpv6_code
= ntohs(output
->tp
.dst
);
1173 if (icmpv6_key
->icmpv6_type
== NDISC_NEIGHBOUR_SOLICITATION
||
1174 icmpv6_key
->icmpv6_type
== NDISC_NEIGHBOUR_ADVERTISEMENT
) {
1175 struct ovs_key_nd
*nd_key
;
1177 nla
= nla_reserve(skb
, OVS_KEY_ATTR_ND
, sizeof(*nd_key
));
1179 goto nla_put_failure
;
1180 nd_key
= nla_data(nla
);
1181 memcpy(nd_key
->nd_target
, &output
->ipv6
.nd
.target
,
1182 sizeof(nd_key
->nd_target
));
1183 ether_addr_copy(nd_key
->nd_sll
, output
->ipv6
.nd
.sll
);
1184 ether_addr_copy(nd_key
->nd_tll
, output
->ipv6
.nd
.tll
);
1191 nla_nest_end(skb
, encap
);
1199 #define MAX_ACTIONS_BUFSIZE (32 * 1024)
1201 struct sw_flow_actions
*ovs_nla_alloc_flow_actions(int size
)
1203 struct sw_flow_actions
*sfa
;
1205 if (size
> MAX_ACTIONS_BUFSIZE
)
1206 return ERR_PTR(-EINVAL
);
1208 sfa
= kmalloc(sizeof(*sfa
) + size
, GFP_KERNEL
);
1210 return ERR_PTR(-ENOMEM
);
1212 sfa
->actions_len
= 0;
1216 /* RCU callback used by ovs_nla_free_flow_actions. */
1217 static void rcu_free_acts_callback(struct rcu_head
*rcu
)
1219 struct sw_flow_actions
*sf_acts
= container_of(rcu
,
1220 struct sw_flow_actions
, rcu
);
1224 /* Schedules 'sf_acts' to be freed after the next RCU grace period.
1225 * The caller must hold rcu_read_lock for this to be sensible. */
1226 void ovs_nla_free_flow_actions(struct sw_flow_actions
*sf_acts
)
1228 call_rcu(&sf_acts
->rcu
, rcu_free_acts_callback
);
1231 static struct nlattr
*reserve_sfa_size(struct sw_flow_actions
**sfa
,
1235 struct sw_flow_actions
*acts
;
1237 int req_size
= NLA_ALIGN(attr_len
);
1238 int next_offset
= offsetof(struct sw_flow_actions
, actions
) +
1239 (*sfa
)->actions_len
;
1241 if (req_size
<= (ksize(*sfa
) - next_offset
))
1244 new_acts_size
= ksize(*sfa
) * 2;
1246 if (new_acts_size
> MAX_ACTIONS_BUFSIZE
) {
1247 if ((MAX_ACTIONS_BUFSIZE
- next_offset
) < req_size
)
1248 return ERR_PTR(-EMSGSIZE
);
1249 new_acts_size
= MAX_ACTIONS_BUFSIZE
;
1252 acts
= ovs_nla_alloc_flow_actions(new_acts_size
);
1254 return (void *)acts
;
1256 memcpy(acts
->actions
, (*sfa
)->actions
, (*sfa
)->actions_len
);
1257 acts
->actions_len
= (*sfa
)->actions_len
;
1262 (*sfa
)->actions_len
+= req_size
;
1263 return (struct nlattr
*) ((unsigned char *)(*sfa
) + next_offset
);
1266 static struct nlattr
*__add_action(struct sw_flow_actions
**sfa
, int attrtype
,
1267 void *data
, int len
)
1271 a
= reserve_sfa_size(sfa
, nla_attr_size(len
));
1275 a
->nla_type
= attrtype
;
1276 a
->nla_len
= nla_attr_size(len
);
1279 memcpy(nla_data(a
), data
, len
);
1280 memset((unsigned char *) a
+ a
->nla_len
, 0, nla_padlen(len
));
1285 static int add_action(struct sw_flow_actions
**sfa
, int attrtype
,
1286 void *data
, int len
)
1290 a
= __add_action(sfa
, attrtype
, data
, len
);
1297 static inline int add_nested_action_start(struct sw_flow_actions
**sfa
,
1300 int used
= (*sfa
)->actions_len
;
1303 err
= add_action(sfa
, attrtype
, NULL
, 0);
1310 static inline void add_nested_action_end(struct sw_flow_actions
*sfa
,
1313 struct nlattr
*a
= (struct nlattr
*) ((unsigned char *)sfa
->actions
+
1316 a
->nla_len
= sfa
->actions_len
- st_offset
;
1319 static int ovs_nla_copy_actions__(const struct nlattr
*attr
,
1320 const struct sw_flow_key
*key
,
1321 int depth
, struct sw_flow_actions
**sfa
,
1322 __be16 eth_type
, __be16 vlan_tci
);
1324 static int validate_and_copy_sample(const struct nlattr
*attr
,
1325 const struct sw_flow_key
*key
, int depth
,
1326 struct sw_flow_actions
**sfa
,
1327 __be16 eth_type
, __be16 vlan_tci
)
1329 const struct nlattr
*attrs
[OVS_SAMPLE_ATTR_MAX
+ 1];
1330 const struct nlattr
*probability
, *actions
;
1331 const struct nlattr
*a
;
1332 int rem
, start
, err
, st_acts
;
1334 memset(attrs
, 0, sizeof(attrs
));
1335 nla_for_each_nested(a
, attr
, rem
) {
1336 int type
= nla_type(a
);
1337 if (!type
|| type
> OVS_SAMPLE_ATTR_MAX
|| attrs
[type
])
1344 probability
= attrs
[OVS_SAMPLE_ATTR_PROBABILITY
];
1345 if (!probability
|| nla_len(probability
) != sizeof(u32
))
1348 actions
= attrs
[OVS_SAMPLE_ATTR_ACTIONS
];
1349 if (!actions
|| (nla_len(actions
) && nla_len(actions
) < NLA_HDRLEN
))
1352 /* validation done, copy sample action. */
1353 start
= add_nested_action_start(sfa
, OVS_ACTION_ATTR_SAMPLE
);
1356 err
= add_action(sfa
, OVS_SAMPLE_ATTR_PROBABILITY
,
1357 nla_data(probability
), sizeof(u32
));
1360 st_acts
= add_nested_action_start(sfa
, OVS_SAMPLE_ATTR_ACTIONS
);
1364 err
= ovs_nla_copy_actions__(actions
, key
, depth
+ 1, sfa
,
1365 eth_type
, vlan_tci
);
1369 add_nested_action_end(*sfa
, st_acts
);
1370 add_nested_action_end(*sfa
, start
);
1375 static int validate_tp_port(const struct sw_flow_key
*flow_key
,
1378 if ((eth_type
== htons(ETH_P_IP
) || eth_type
== htons(ETH_P_IPV6
)) &&
1379 (flow_key
->tp
.src
|| flow_key
->tp
.dst
))
1385 void ovs_match_init(struct sw_flow_match
*match
,
1386 struct sw_flow_key
*key
,
1387 struct sw_flow_mask
*mask
)
1389 memset(match
, 0, sizeof(*match
));
1393 memset(key
, 0, sizeof(*key
));
1396 memset(&mask
->key
, 0, sizeof(mask
->key
));
1397 mask
->range
.start
= mask
->range
.end
= 0;
1401 static int validate_and_copy_set_tun(const struct nlattr
*attr
,
1402 struct sw_flow_actions
**sfa
)
1404 struct sw_flow_match match
;
1405 struct sw_flow_key key
;
1406 struct ovs_tunnel_info
*tun_info
;
1410 ovs_match_init(&match
, &key
, NULL
);
1411 err
= ipv4_tun_from_nlattr(nla_data(attr
), &match
, false);
1415 if (key
.tun_opts_len
) {
1416 struct geneve_opt
*option
= GENEVE_OPTS(&key
,
1418 int opts_len
= key
.tun_opts_len
;
1419 bool crit_opt
= false;
1421 while (opts_len
> 0) {
1424 if (opts_len
< sizeof(*option
))
1427 len
= sizeof(*option
) + option
->length
* 4;
1431 crit_opt
|= !!(option
->type
& GENEVE_CRIT_OPT_TYPE
);
1433 option
= (struct geneve_opt
*)((u8
*)option
+ len
);
1437 key
.tun_key
.tun_flags
|= crit_opt
? TUNNEL_CRIT_OPT
: 0;
1440 start
= add_nested_action_start(sfa
, OVS_ACTION_ATTR_SET
);
1444 a
= __add_action(sfa
, OVS_KEY_ATTR_TUNNEL_INFO
, NULL
,
1445 sizeof(*tun_info
) + key
.tun_opts_len
);
1449 tun_info
= nla_data(a
);
1450 tun_info
->tunnel
= key
.tun_key
;
1451 tun_info
->options_len
= key
.tun_opts_len
;
1453 if (tun_info
->options_len
) {
1454 /* We need to store the options in the action itself since
1455 * everything else will go away after flow setup. We can append
1456 * it to tun_info and then point there.
1458 tun_info
->options
= (struct geneve_opt
*)(tun_info
+ 1);
1459 memcpy(tun_info
->options
, GENEVE_OPTS(&key
, key
.tun_opts_len
),
1462 tun_info
->options
= NULL
;
1465 add_nested_action_end(*sfa
, start
);
1470 static int validate_set(const struct nlattr
*a
,
1471 const struct sw_flow_key
*flow_key
,
1472 struct sw_flow_actions
**sfa
,
1473 bool *set_tun
, __be16 eth_type
)
1475 const struct nlattr
*ovs_key
= nla_data(a
);
1476 int key_type
= nla_type(ovs_key
);
1478 /* There can be only one key in a action */
1479 if (nla_total_size(nla_len(ovs_key
)) != nla_len(a
))
1482 if (key_type
> OVS_KEY_ATTR_MAX
||
1483 (ovs_key_lens
[key_type
] != nla_len(ovs_key
) &&
1484 ovs_key_lens
[key_type
] != -1))
1488 const struct ovs_key_ipv4
*ipv4_key
;
1489 const struct ovs_key_ipv6
*ipv6_key
;
1492 case OVS_KEY_ATTR_PRIORITY
:
1493 case OVS_KEY_ATTR_SKB_MARK
:
1494 case OVS_KEY_ATTR_ETHERNET
:
1497 case OVS_KEY_ATTR_TUNNEL
:
1499 err
= validate_and_copy_set_tun(a
, sfa
);
1504 case OVS_KEY_ATTR_IPV4
:
1505 if (eth_type
!= htons(ETH_P_IP
))
1508 if (!flow_key
->ip
.proto
)
1511 ipv4_key
= nla_data(ovs_key
);
1512 if (ipv4_key
->ipv4_proto
!= flow_key
->ip
.proto
)
1515 if (ipv4_key
->ipv4_frag
!= flow_key
->ip
.frag
)
1520 case OVS_KEY_ATTR_IPV6
:
1521 if (eth_type
!= htons(ETH_P_IPV6
))
1524 if (!flow_key
->ip
.proto
)
1527 ipv6_key
= nla_data(ovs_key
);
1528 if (ipv6_key
->ipv6_proto
!= flow_key
->ip
.proto
)
1531 if (ipv6_key
->ipv6_frag
!= flow_key
->ip
.frag
)
1534 if (ntohl(ipv6_key
->ipv6_label
) & 0xFFF00000)
1539 case OVS_KEY_ATTR_TCP
:
1540 if (flow_key
->ip
.proto
!= IPPROTO_TCP
)
1543 return validate_tp_port(flow_key
, eth_type
);
1545 case OVS_KEY_ATTR_UDP
:
1546 if (flow_key
->ip
.proto
!= IPPROTO_UDP
)
1549 return validate_tp_port(flow_key
, eth_type
);
1551 case OVS_KEY_ATTR_MPLS
:
1552 if (!eth_p_mpls(eth_type
))
1556 case OVS_KEY_ATTR_SCTP
:
1557 if (flow_key
->ip
.proto
!= IPPROTO_SCTP
)
1560 return validate_tp_port(flow_key
, eth_type
);
1569 static int validate_userspace(const struct nlattr
*attr
)
1571 static const struct nla_policy userspace_policy
[OVS_USERSPACE_ATTR_MAX
+ 1] = {
1572 [OVS_USERSPACE_ATTR_PID
] = {.type
= NLA_U32
},
1573 [OVS_USERSPACE_ATTR_USERDATA
] = {.type
= NLA_UNSPEC
},
1575 struct nlattr
*a
[OVS_USERSPACE_ATTR_MAX
+ 1];
1578 error
= nla_parse_nested(a
, OVS_USERSPACE_ATTR_MAX
,
1579 attr
, userspace_policy
);
1583 if (!a
[OVS_USERSPACE_ATTR_PID
] ||
1584 !nla_get_u32(a
[OVS_USERSPACE_ATTR_PID
]))
1590 static int copy_action(const struct nlattr
*from
,
1591 struct sw_flow_actions
**sfa
)
1593 int totlen
= NLA_ALIGN(from
->nla_len
);
1596 to
= reserve_sfa_size(sfa
, from
->nla_len
);
1600 memcpy(to
, from
, totlen
);
1604 static int ovs_nla_copy_actions__(const struct nlattr
*attr
,
1605 const struct sw_flow_key
*key
,
1606 int depth
, struct sw_flow_actions
**sfa
,
1607 __be16 eth_type
, __be16 vlan_tci
)
1609 const struct nlattr
*a
;
1612 if (depth
>= SAMPLE_ACTION_DEPTH
)
1615 nla_for_each_nested(a
, attr
, rem
) {
1616 /* Expected argument lengths, (u32)-1 for variable length. */
1617 static const u32 action_lens
[OVS_ACTION_ATTR_MAX
+ 1] = {
1618 [OVS_ACTION_ATTR_OUTPUT
] = sizeof(u32
),
1619 [OVS_ACTION_ATTR_RECIRC
] = sizeof(u32
),
1620 [OVS_ACTION_ATTR_USERSPACE
] = (u32
)-1,
1621 [OVS_ACTION_ATTR_PUSH_MPLS
] = sizeof(struct ovs_action_push_mpls
),
1622 [OVS_ACTION_ATTR_POP_MPLS
] = sizeof(__be16
),
1623 [OVS_ACTION_ATTR_PUSH_VLAN
] = sizeof(struct ovs_action_push_vlan
),
1624 [OVS_ACTION_ATTR_POP_VLAN
] = 0,
1625 [OVS_ACTION_ATTR_SET
] = (u32
)-1,
1626 [OVS_ACTION_ATTR_SAMPLE
] = (u32
)-1,
1627 [OVS_ACTION_ATTR_HASH
] = sizeof(struct ovs_action_hash
)
1629 const struct ovs_action_push_vlan
*vlan
;
1630 int type
= nla_type(a
);
1633 if (type
> OVS_ACTION_ATTR_MAX
||
1634 (action_lens
[type
] != nla_len(a
) &&
1635 action_lens
[type
] != (u32
)-1))
1640 case OVS_ACTION_ATTR_UNSPEC
:
1643 case OVS_ACTION_ATTR_USERSPACE
:
1644 err
= validate_userspace(a
);
1649 case OVS_ACTION_ATTR_OUTPUT
:
1650 if (nla_get_u32(a
) >= DP_MAX_PORTS
)
1654 case OVS_ACTION_ATTR_HASH
: {
1655 const struct ovs_action_hash
*act_hash
= nla_data(a
);
1657 switch (act_hash
->hash_alg
) {
1658 case OVS_HASH_ALG_L4
:
1667 case OVS_ACTION_ATTR_POP_VLAN
:
1670 case OVS_ACTION_ATTR_PUSH_VLAN
:
1672 if (vlan
->vlan_tpid
!= htons(ETH_P_8021Q
))
1674 if (!(vlan
->vlan_tci
& htons(VLAN_TAG_PRESENT
)))
1676 vlan_tci
= vlan
->vlan_tci
;
1679 case OVS_ACTION_ATTR_RECIRC
:
1682 case OVS_ACTION_ATTR_PUSH_MPLS
: {
1683 const struct ovs_action_push_mpls
*mpls
= nla_data(a
);
1685 if (!eth_p_mpls(mpls
->mpls_ethertype
))
1687 /* Prohibit push MPLS other than to a white list
1688 * for packets that have a known tag order.
1690 * vlan_tci indicates that the packet at one
1691 * point had a VLAN. It may have been subsequently
1692 * removed using pop VLAN so this rule is stricter
1693 * than necessary. This is because it is not
1694 * possible to know if a VLAN is still present
1695 * after a pop VLAN action. */
1696 if (vlan_tci
& htons(VLAN_TAG_PRESENT
) ||
1697 (eth_type
!= htons(ETH_P_IP
) &&
1698 eth_type
!= htons(ETH_P_IPV6
) &&
1699 eth_type
!= htons(ETH_P_ARP
) &&
1700 eth_type
!= htons(ETH_P_RARP
) &&
1701 !eth_p_mpls(eth_type
)))
1703 eth_type
= mpls
->mpls_ethertype
;
1707 case OVS_ACTION_ATTR_POP_MPLS
:
1708 if (vlan_tci
& htons(VLAN_TAG_PRESENT
) ||
1709 !eth_p_mpls(eth_type
))
1712 /* Disallow subsequent L2.5+ set and mpls_pop actions
1713 * as there is no check here to ensure that the new
1714 * eth_type is valid and thus set actions could
1715 * write off the end of the packet or otherwise
1718 * Support for these actions is planned using packet
1721 eth_type
= htons(0);
1724 case OVS_ACTION_ATTR_SET
:
1725 err
= validate_set(a
, key
, sfa
, &skip_copy
, eth_type
);
1730 case OVS_ACTION_ATTR_SAMPLE
:
1731 err
= validate_and_copy_sample(a
, key
, depth
, sfa
,
1732 eth_type
, vlan_tci
);
1742 err
= copy_action(a
, sfa
);
1754 int ovs_nla_copy_actions(const struct nlattr
*attr
,
1755 const struct sw_flow_key
*key
,
1756 struct sw_flow_actions
**sfa
)
1758 return ovs_nla_copy_actions__(attr
, key
, 0, sfa
, key
->eth
.type
,
1762 static int sample_action_to_attr(const struct nlattr
*attr
, struct sk_buff
*skb
)
1764 const struct nlattr
*a
;
1765 struct nlattr
*start
;
1768 start
= nla_nest_start(skb
, OVS_ACTION_ATTR_SAMPLE
);
1772 nla_for_each_nested(a
, attr
, rem
) {
1773 int type
= nla_type(a
);
1774 struct nlattr
*st_sample
;
1777 case OVS_SAMPLE_ATTR_PROBABILITY
:
1778 if (nla_put(skb
, OVS_SAMPLE_ATTR_PROBABILITY
,
1779 sizeof(u32
), nla_data(a
)))
1782 case OVS_SAMPLE_ATTR_ACTIONS
:
1783 st_sample
= nla_nest_start(skb
, OVS_SAMPLE_ATTR_ACTIONS
);
1786 err
= ovs_nla_put_actions(nla_data(a
), nla_len(a
), skb
);
1789 nla_nest_end(skb
, st_sample
);
1794 nla_nest_end(skb
, start
);
1798 static int set_action_to_attr(const struct nlattr
*a
, struct sk_buff
*skb
)
1800 const struct nlattr
*ovs_key
= nla_data(a
);
1801 int key_type
= nla_type(ovs_key
);
1802 struct nlattr
*start
;
1806 case OVS_KEY_ATTR_TUNNEL_INFO
: {
1807 struct ovs_tunnel_info
*tun_info
= nla_data(ovs_key
);
1809 start
= nla_nest_start(skb
, OVS_ACTION_ATTR_SET
);
1813 err
= ipv4_tun_to_nlattr(skb
, &tun_info
->tunnel
,
1814 tun_info
->options_len
?
1815 tun_info
->options
: NULL
,
1816 tun_info
->options_len
);
1819 nla_nest_end(skb
, start
);
1823 if (nla_put(skb
, OVS_ACTION_ATTR_SET
, nla_len(a
), ovs_key
))
1831 int ovs_nla_put_actions(const struct nlattr
*attr
, int len
, struct sk_buff
*skb
)
1833 const struct nlattr
*a
;
1836 nla_for_each_attr(a
, attr
, len
, rem
) {
1837 int type
= nla_type(a
);
1840 case OVS_ACTION_ATTR_SET
:
1841 err
= set_action_to_attr(a
, skb
);
1846 case OVS_ACTION_ATTR_SAMPLE
:
1847 err
= sample_action_to_attr(a
, skb
);
1852 if (nla_put(skb
, type
, nla_len(a
), nla_data(a
)))