]> git.proxmox.com Git - ovs.git/blob - lib/flow.c
projects / ovs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
flow: Fix null pointer dereference in flow_from_match().
[ovs.git] / lib / flow.c
1 /*
2 * Copyright (c) 2008, 2009, 2010 Nicira Networks.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 #include <config.h>
17 #include <sys/types.h>
18 #include "flow.h"
19 #include <inttypes.h>
20 #include <netinet/in.h>
21 #include <stdlib.h>
22 #include <string.h>
23 #include "coverage.h"
24 #include "dynamic-string.h"
25 #include "hash.h"
26 #include "ofpbuf.h"
27 #include "openflow/openflow.h"
28 #include "openvswitch/datapath-protocol.h"
29 #include "packets.h"
30
31 #include "vlog.h"
32 #define THIS_MODULE VLM_flow
33
34 static struct arp_eth_header *
35 pull_arp(struct ofpbuf *packet)
36 {
37 return ofpbuf_try_pull(packet, ARP_ETH_HEADER_LEN);
38 }
39
40 static struct ip_header *
41 pull_ip(struct ofpbuf *packet)
42 {
43 if (packet->size >= IP_HEADER_LEN) {
44 struct ip_header *ip = packet->data;
45 int ip_len = IP_IHL(ip->ip_ihl_ver) * 4;
46 if (ip_len >= IP_HEADER_LEN && packet->size >= ip_len) {
47 return ofpbuf_pull(packet, ip_len);
48 }
49 }
50 return NULL;
51 }
52
53 static struct tcp_header *
54 pull_tcp(struct ofpbuf *packet)
55 {
56 if (packet->size >= TCP_HEADER_LEN) {
57 struct tcp_header *tcp = packet->data;
58 int tcp_len = TCP_OFFSET(tcp->tcp_ctl) * 4;
59 if (tcp_len >= TCP_HEADER_LEN && packet->size >= tcp_len) {
60 return ofpbuf_pull(packet, tcp_len);
61 }
62 }
63 return NULL;
64 }
65
66 static struct udp_header *
67 pull_udp(struct ofpbuf *packet)
68 {
69 return ofpbuf_try_pull(packet, UDP_HEADER_LEN);
70 }
71
72 static struct icmp_header *
73 pull_icmp(struct ofpbuf *packet)
74 {
75 return ofpbuf_try_pull(packet, ICMP_HEADER_LEN);
76 }
77
78 static struct eth_header *
79 pull_eth(struct ofpbuf *packet)
80 {
81 return ofpbuf_try_pull(packet, ETH_HEADER_LEN);
82 }
83
84 static struct vlan_header *
85 pull_vlan(struct ofpbuf *packet)
86 {
87 return ofpbuf_try_pull(packet, VLAN_HEADER_LEN);
88 }
89
90 /* Returns 1 if 'packet' is an IP fragment, 0 otherwise. */
91 int
92 flow_extract(struct ofpbuf *packet, uint16_t in_port, flow_t *flow)
93 {
94 struct ofpbuf b = *packet;
95 struct eth_header *eth;
96 int retval = 0;
97
98 COVERAGE_INC(flow_extract);
99
100 memset(flow, 0, sizeof *flow);
101 flow->dl_vlan = htons(OFP_VLAN_NONE);
102 flow->in_port = in_port;
103
104 packet->l2 = b.data;
105 packet->l3 = NULL;
106 packet->l4 = NULL;
107 packet->l7 = NULL;
108
109 eth = pull_eth(&b);
110 if (eth) {
111 if (ntohs(eth->eth_type) >= OFP_DL_TYPE_ETH2_CUTOFF) {
112 /* This is an Ethernet II frame */
113 flow->dl_type = eth->eth_type;
114 } else {
115 /* This is an 802.2 frame */
116 struct llc_header *llc = ofpbuf_at(&b, 0, sizeof *llc);
117 struct snap_header *snap = ofpbuf_at(&b, sizeof *llc,
118 sizeof *snap);
119 if (llc == NULL) {
120 return 0;
121 }
122 if (snap
123 && llc->llc_dsap == LLC_DSAP_SNAP
124 && llc->llc_ssap == LLC_SSAP_SNAP
125 && llc->llc_cntl == LLC_CNTL_SNAP
126 && !memcmp(snap->snap_org, SNAP_ORG_ETHERNET,
127 sizeof snap->snap_org)) {
128 flow->dl_type = snap->snap_type;
129 ofpbuf_pull(&b, LLC_SNAP_HEADER_LEN);
130 } else {
131 flow->dl_type = htons(OFP_DL_TYPE_NOT_ETH_TYPE);
132 ofpbuf_pull(&b, sizeof(struct llc_header));
133 }
134 }
135
136 /* Check for a VLAN tag */
137 if (flow->dl_type == htons(ETH_TYPE_VLAN)) {
138 struct vlan_header *vh = pull_vlan(&b);
139 if (vh) {
140 flow->dl_type = vh->vlan_next_type;
141 flow->dl_vlan = vh->vlan_tci & htons(VLAN_VID_MASK);
142 }
143 }
144 memcpy(flow->dl_src, eth->eth_src, ETH_ADDR_LEN);
145 memcpy(flow->dl_dst, eth->eth_dst, ETH_ADDR_LEN);
146
147 packet->l3 = b.data;
148 if (flow->dl_type == htons(ETH_TYPE_IP)) {
149 const struct ip_header *nh = pull_ip(&b);
150 if (nh) {
151 flow->nw_src = nh->ip_src;
152 flow->nw_dst = nh->ip_dst;
153 flow->nw_proto = nh->ip_proto;
154 packet->l4 = b.data;
155 if (!IP_IS_FRAGMENT(nh->ip_frag_off)) {
156 if (flow->nw_proto == IP_TYPE_TCP) {
157 const struct tcp_header *tcp = pull_tcp(&b);
158 if (tcp) {
159 flow->tp_src = tcp->tcp_src;
160 flow->tp_dst = tcp->tcp_dst;
161 packet->l7 = b.data;
162 } else {
163 /* Avoid tricking other code into thinking that
164 * this packet has an L4 header. */
165 flow->nw_proto = 0;
166 }
167 } else if (flow->nw_proto == IP_TYPE_UDP) {
168 const struct udp_header *udp = pull_udp(&b);
169 if (udp) {
170 flow->tp_src = udp->udp_src;
171 flow->tp_dst = udp->udp_dst;
172 packet->l7 = b.data;
173 } else {
174 /* Avoid tricking other code into thinking that
175 * this packet has an L4 header. */
176 flow->nw_proto = 0;
177 }
178 } else if (flow->nw_proto == IP_TYPE_ICMP) {
179 const struct icmp_header *icmp = pull_icmp(&b);
180 if (icmp) {
181 flow->icmp_type = htons(icmp->icmp_type);
182 flow->icmp_code = htons(icmp->icmp_code);
183 packet->l7 = b.data;
184 } else {
185 /* Avoid tricking other code into thinking that
186 * this packet has an L4 header. */
187 flow->nw_proto = 0;
188 }
189 }
190 } else {
191 retval = 1;
192 }
193 }
194 } else if (flow->dl_type == htons(ETH_TYPE_ARP)) {
195 const struct arp_eth_header *arp = pull_arp(&b);
196 if (arp && arp->ar_hrd == htons(1)
197 && arp->ar_pro == htons(ETH_TYPE_IP)
198 && arp->ar_hln == ETH_ADDR_LEN
199 && arp->ar_pln == 4) {
200 /* We only match on the lower 8 bits of the opcode. */
201 if (ntohs(arp->ar_op) <= 0xff) {
202 flow->nw_proto = ntohs(arp->ar_op);
203 }
204
205 if ((flow->nw_proto == ARP_OP_REQUEST)
206 || (flow->nw_proto == ARP_OP_REPLY)) {
207 flow->nw_src = arp->ar_spa;
208 flow->nw_dst = arp->ar_tpa;
209 }
210 }
211 }
212 }
213 return retval;
214 }
215
216 /* Extracts the flow stats for a packet. The 'flow' and 'packet'
217 * arguments must have been initialized through a call to flow_extract().
218 */
219 void
220 flow_extract_stats(const flow_t *flow, struct ofpbuf *packet,
221 struct odp_flow_stats *stats)
222 {
223 memset(stats, '\0', sizeof(*stats));
224
225 if ((flow->dl_type == htons(ETH_TYPE_IP)) && packet->l4) {
226 struct ip_header *ip = packet->l3;
227 stats->ip_tos = ip->ip_tos;
228 if ((flow->nw_proto == IP_TYPE_TCP) && packet->l7) {
229 struct tcp_header *tcp = packet->l4;
230 stats->tcp_flags = TCP_FLAGS(tcp->tcp_ctl);
231 }
232 }
233
234 stats->n_bytes = packet->size;
235 stats->n_packets = 1;
236 }
237
238 /* The Open vSwitch datapath supports matching on ARP payloads, which
239 * OpenFlow does not. This function is identical to 'flow_to_match',
240 * but does not hide the datapath's ability to match on ARP. */
241 void
242 flow_to_ovs_match(const flow_t *flow, uint32_t wildcards,
243 struct ofp_match *match)
244 {
245 match->wildcards = htonl(wildcards);
246 match->in_port = htons(flow->in_port == ODPP_LOCAL ? OFPP_LOCAL
247 : flow->in_port);
248 match->dl_vlan = flow->dl_vlan;
249 memcpy(match->dl_src, flow->dl_src, ETH_ADDR_LEN);
250 memcpy(match->dl_dst, flow->dl_dst, ETH_ADDR_LEN);
251 match->dl_type = flow->dl_type;
252 match->nw_src = flow->nw_src;
253 match->nw_dst = flow->nw_dst;
254 match->nw_proto = flow->nw_proto;
255 match->tp_src = flow->tp_src;
256 match->tp_dst = flow->tp_dst;
257 match->pad = 0;
258 }
259
260 /* Extract 'flow' with 'wildcards' into the OpenFlow match structure
261 * 'match'. */
262 void
263 flow_to_match(const flow_t *flow, uint32_t wildcards, struct ofp_match *match)
264 {
265 flow_to_ovs_match(flow, wildcards, match);
266
267 /* The datapath supports matching on an ARP's opcode and IP addresses,
268 * but OpenFlow does not. We wildcard and zero out the appropriate
269 * fields so that OpenFlow is unaware of our trickery. */
270 if (flow->dl_type == htons(ETH_TYPE_ARP)) {
271 wildcards |= (OFPFW_NW_PROTO | OFPFW_NW_SRC_ALL | OFPFW_NW_DST_ALL);
272 match->nw_src = 0;
273 match->nw_dst = 0;
274 match->nw_proto = 0;
275 }
276 match->wildcards = htonl(wildcards);
277 }
278
279
280 void
281 flow_from_match(flow_t *flow, uint32_t *wildcards,
282 const struct ofp_match *match)
283 {
284 if (wildcards) {
285 *wildcards = ntohl(match->wildcards);
286
287 /* The datapath supports matching on an ARP's opcode and IP addresses,
288 * but OpenFlow does not. In case the controller hasn't, we need to
289 * set the appropriate wildcard bits so that we're externally
290 * OpenFlow-compliant. */
291 if (match->dl_type == htons(ETH_TYPE_ARP)) {
292 *wildcards |= OFPFW_NW_PROTO | OFPFW_NW_SRC_ALL | OFPFW_NW_DST_ALL;
293 }
294 }
295
296 flow->nw_src = match->nw_src;
297 flow->nw_dst = match->nw_dst;
298 flow->in_port = (match->in_port == htons(OFPP_LOCAL) ? ODPP_LOCAL
299 : ntohs(match->in_port));
300 flow->dl_vlan = match->dl_vlan;
301 flow->dl_type = match->dl_type;
302 flow->tp_src = match->tp_src;
303 flow->tp_dst = match->tp_dst;
304 memcpy(flow->dl_src, match->dl_src, ETH_ADDR_LEN);
305 memcpy(flow->dl_dst, match->dl_dst, ETH_ADDR_LEN);
306 flow->nw_proto = match->nw_proto;
307 flow->reserved = 0;
308 }
309
310 char *
311 flow_to_string(const flow_t *flow)
312 {
313 struct ds ds = DS_EMPTY_INITIALIZER;
314 flow_format(&ds, flow);
315 return ds_cstr(&ds);
316 }
317
318 void
319 flow_format(struct ds *ds, const flow_t *flow)
320 {
321 ds_put_format(ds, "in_port%04x:vlan%d mac"ETH_ADDR_FMT"->"ETH_ADDR_FMT" "
322 "type%04x proto%"PRId8" ip"IP_FMT"->"IP_FMT" port%d->%d",
323 flow->in_port, ntohs(flow->dl_vlan),
324 ETH_ADDR_ARGS(flow->dl_src), ETH_ADDR_ARGS(flow->dl_dst),
325 ntohs(flow->dl_type), flow->nw_proto,
326 IP_ARGS(&flow->nw_src), IP_ARGS(&flow->nw_dst),
327 ntohs(flow->tp_src), ntohs(flow->tp_dst));
328 }
329
330 void
331 flow_print(FILE *stream, const flow_t *flow)
332 {
333 char *s = flow_to_string(flow);
334 fputs(s, stream);
335 free(s);
336 }
openvswitch packages for PVE