]> git.proxmox.com Git - ovs.git/blob - lib/packets.c
projects / ovs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
netdev-tc-offloads: Fix vxlan tunnel offloading
[ovs.git] / lib / packets.c
1 /*
2 * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 Nicira, Inc.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <config.h>
18 #include "packets.h"
19 #include <arpa/inet.h>
20 #include <sys/socket.h>
21 #include <netinet/in.h>
22 #include <netinet/ip6.h>
23 #include <netinet/icmp6.h>
24 #include <stdlib.h>
25 #include "byte-order.h"
26 #include "csum.h"
27 #include "crc32c.h"
28 #include "flow.h"
29 #include "openvswitch/hmap.h"
30 #include "openvswitch/dynamic-string.h"
31 #include "ovs-thread.h"
32 #include "odp-util.h"
33 #include "dp-packet.h"
34 #include "unaligned.h"
35
36 const struct in6_addr in6addr_exact = IN6ADDR_EXACT_INIT;
37 const struct in6_addr in6addr_all_hosts = IN6ADDR_ALL_HOSTS_INIT;
38 const struct in6_addr in6addr_all_routers = IN6ADDR_ALL_ROUTERS_INIT;
39
40 struct in6_addr
41 flow_tnl_dst(const struct flow_tnl *tnl)
42 {
43 return tnl->ip_dst ? in6_addr_mapped_ipv4(tnl->ip_dst) : tnl->ipv6_dst;
44 }
45
46 struct in6_addr
47 flow_tnl_src(const struct flow_tnl *tnl)
48 {
49 return tnl->ip_src ? in6_addr_mapped_ipv4(tnl->ip_src) : tnl->ipv6_src;
50 }
51
52 /* Parses 's' as a 16-digit hexadecimal number representing a datapath ID. On
53 * success stores the dpid into '*dpidp' and returns true, on failure stores 0
54 * into '*dpidp' and returns false.
55 *
56 * Rejects an all-zeros dpid as invalid. */
57 bool
58 dpid_from_string(const char *s, uint64_t *dpidp)
59 {
60 *dpidp = (strlen(s) == 16 && strspn(s, "0123456789abcdefABCDEF") == 16
61 ? strtoull(s, NULL, 16)
62 : 0);
63 return *dpidp != 0;
64 }
65
66 /* Returns true if 'ea' is a reserved address, that a bridge must never
67 * forward, false otherwise.
68 *
69 * If you change this function's behavior, please update corresponding
70 * documentation in vswitch.xml at the same time. */
71 bool
72 eth_addr_is_reserved(const struct eth_addr ea)
73 {
74 struct eth_addr_node {
75 struct hmap_node hmap_node;
76 const uint64_t ea64;
77 };
78
79 static struct eth_addr_node nodes[] = {
80 /* STP, IEEE pause frames, and other reserved protocols. */
81 { HMAP_NODE_NULL_INITIALIZER, 0x0180c2000000ULL },
82 { HMAP_NODE_NULL_INITIALIZER, 0x0180c2000001ULL },
83 { HMAP_NODE_NULL_INITIALIZER, 0x0180c2000002ULL },
84 { HMAP_NODE_NULL_INITIALIZER, 0x0180c2000003ULL },
85 { HMAP_NODE_NULL_INITIALIZER, 0x0180c2000004ULL },
86 { HMAP_NODE_NULL_INITIALIZER, 0x0180c2000005ULL },
87 { HMAP_NODE_NULL_INITIALIZER, 0x0180c2000006ULL },
88 { HMAP_NODE_NULL_INITIALIZER, 0x0180c2000007ULL },
89 { HMAP_NODE_NULL_INITIALIZER, 0x0180c2000008ULL },
90 { HMAP_NODE_NULL_INITIALIZER, 0x0180c2000009ULL },
91 { HMAP_NODE_NULL_INITIALIZER, 0x0180c200000aULL },
92 { HMAP_NODE_NULL_INITIALIZER, 0x0180c200000bULL },
93 { HMAP_NODE_NULL_INITIALIZER, 0x0180c200000cULL },
94 { HMAP_NODE_NULL_INITIALIZER, 0x0180c200000dULL },
95 { HMAP_NODE_NULL_INITIALIZER, 0x0180c200000eULL },
96 { HMAP_NODE_NULL_INITIALIZER, 0x0180c200000fULL },
97
98 /* Extreme protocols. */
99 { HMAP_NODE_NULL_INITIALIZER, 0x00e02b000000ULL }, /* EDP. */
100 { HMAP_NODE_NULL_INITIALIZER, 0x00e02b000004ULL }, /* EAPS. */
101 { HMAP_NODE_NULL_INITIALIZER, 0x00e02b000006ULL }, /* EAPS. */
102
103 /* Cisco protocols. */
104 { HMAP_NODE_NULL_INITIALIZER, 0x01000c000000ULL }, /* ISL. */
105 { HMAP_NODE_NULL_INITIALIZER, 0x01000cccccccULL }, /* PAgP, UDLD, CDP,
106 * DTP, VTP. */
107 { HMAP_NODE_NULL_INITIALIZER, 0x01000ccccccdULL }, /* PVST+. */
108 { HMAP_NODE_NULL_INITIALIZER, 0x01000ccdcdcdULL }, /* STP Uplink Fast,
109 * FlexLink. */
110
111 /* Cisco CFM. */
112 { HMAP_NODE_NULL_INITIALIZER, 0x01000cccccc0ULL },
113 { HMAP_NODE_NULL_INITIALIZER, 0x01000cccccc1ULL },
114 { HMAP_NODE_NULL_INITIALIZER, 0x01000cccccc2ULL },
115 { HMAP_NODE_NULL_INITIALIZER, 0x01000cccccc3ULL },
116 { HMAP_NODE_NULL_INITIALIZER, 0x01000cccccc4ULL },
117 { HMAP_NODE_NULL_INITIALIZER, 0x01000cccccc5ULL },
118 { HMAP_NODE_NULL_INITIALIZER, 0x01000cccccc6ULL },
119 { HMAP_NODE_NULL_INITIALIZER, 0x01000cccccc7ULL },
120 };
121
122 static struct ovsthread_once once = OVSTHREAD_ONCE_INITIALIZER;
123 struct eth_addr_node *node;
124 static struct hmap addrs;
125 uint64_t ea64;
126
127 if (ovsthread_once_start(&once)) {
128 hmap_init(&addrs);
129 for (node = nodes; node < &nodes[ARRAY_SIZE(nodes)]; node++) {
130 hmap_insert(&addrs, &node->hmap_node, hash_uint64(node->ea64));
131 }
132 ovsthread_once_done(&once);
133 }
134
135 ea64 = eth_addr_to_uint64(ea);
136 HMAP_FOR_EACH_IN_BUCKET (node, hmap_node, hash_uint64(ea64), &addrs) {
137 if (node->ea64 == ea64) {
138 return true;
139 }
140 }
141 return false;
142 }
143
144 /* Attempts to parse 's' as an Ethernet address. If successful, stores the
145 * address in 'ea' and returns true, otherwise zeros 'ea' and returns
146 * false. This function checks trailing characters. */
147 bool
148 eth_addr_from_string(const char *s, struct eth_addr *ea)
149 {
150 int n = 0;
151 if (ovs_scan(s, ETH_ADDR_SCAN_FMT"%n", ETH_ADDR_SCAN_ARGS(*ea), &n)
152 && !s[n]) {
153 return true;
154 } else {
155 *ea = eth_addr_zero;
156 return false;
157 }
158 }
159
160 /* Fills 'b' with a Reverse ARP packet with Ethernet source address 'eth_src'.
161 * This function is used by Open vSwitch to compose packets in cases where
162 * context is important but content doesn't (or shouldn't) matter.
163 *
164 * The returned packet has enough headroom to insert an 802.1Q VLAN header if
165 * desired. */
166 void
167 compose_rarp(struct dp_packet *b, const struct eth_addr eth_src)
168 {
169 struct eth_header *eth;
170 struct arp_eth_header *arp;
171
172 dp_packet_clear(b);
173 dp_packet_prealloc_tailroom(b, 2 + ETH_HEADER_LEN + VLAN_HEADER_LEN
174 + ARP_ETH_HEADER_LEN);
175 dp_packet_reserve(b, 2 + VLAN_HEADER_LEN);
176 eth = dp_packet_put_uninit(b, sizeof *eth);
177 eth->eth_dst = eth_addr_broadcast;
178 eth->eth_src = eth_src;
179 eth->eth_type = htons(ETH_TYPE_RARP);
180
181 arp = dp_packet_put_uninit(b, sizeof *arp);
182 arp->ar_hrd = htons(ARP_HRD_ETHERNET);
183 arp->ar_pro = htons(ARP_PRO_IP);
184 arp->ar_hln = sizeof arp->ar_sha;
185 arp->ar_pln = sizeof arp->ar_spa;
186 arp->ar_op = htons(ARP_OP_RARP);
187 arp->ar_sha = eth_src;
188 put_16aligned_be32(&arp->ar_spa, htonl(0));
189 arp->ar_tha = eth_src;
190 put_16aligned_be32(&arp->ar_tpa, htonl(0));
191
192 dp_packet_reset_offsets(b);
193 dp_packet_set_l3(b, arp);
194 b->packet_type = htonl(PT_ETH);
195 }
196
197 /* Insert VLAN header according to given TCI. Packet passed must be Ethernet
198 * packet. Ignores the CFI bit of 'tci' using 0 instead.
199 *
200 * Also adjusts the layer offsets accordingly. */
201 void
202 eth_push_vlan(struct dp_packet *packet, ovs_be16 tpid, ovs_be16 tci)
203 {
204 struct vlan_eth_header *veh;
205
206 /* Insert new 802.1Q header. */
207 veh = dp_packet_resize_l2(packet, VLAN_HEADER_LEN);
208 memmove(veh, (char *)veh + VLAN_HEADER_LEN, 2 * ETH_ADDR_LEN);
209 veh->veth_type = tpid;
210 veh->veth_tci = tci & htons(~VLAN_CFI);
211 }
212
213 /* Removes outermost VLAN header (if any is present) from 'packet'.
214 *
215 * 'packet->l2_5' should initially point to 'packet''s outer-most VLAN header
216 * or may be NULL if there are no VLAN headers. */
217 void
218 eth_pop_vlan(struct dp_packet *packet)
219 {
220 struct vlan_eth_header *veh = dp_packet_eth(packet);
221
222 if (veh && dp_packet_size(packet) >= sizeof *veh
223 && eth_type_vlan(veh->veth_type)) {
224
225 memmove((char *)veh + VLAN_HEADER_LEN, veh, 2 * ETH_ADDR_LEN);
226 dp_packet_resize_l2(packet, -VLAN_HEADER_LEN);
227 }
228 }
229
230 /* Push Ethernet header onto 'packet' assuming it is layer 3 */
231 void
232 push_eth(struct dp_packet *packet, const struct eth_addr *dst,
233 const struct eth_addr *src)
234 {
235 struct eth_header *eh;
236
237 ovs_assert(packet->packet_type != htonl(PT_ETH));
238 eh = dp_packet_resize_l2(packet, ETH_HEADER_LEN);
239 eh->eth_dst = *dst;
240 eh->eth_src = *src;
241 eh->eth_type = pt_ns_type_be(packet->packet_type);
242 packet->packet_type = htonl(PT_ETH);
243 }
244
245 /* Removes Ethernet header, including VLAN header, from 'packet'.
246 *
247 * Previous to calling this function, 'ofpbuf_l3(packet)' must not be NULL */
248 void
249 pop_eth(struct dp_packet *packet)
250 {
251 char *l2_5 = dp_packet_l2_5(packet);
252 char *l3 = dp_packet_l3(packet);
253 ovs_be16 ethertype;
254 int increment;
255
256 ovs_assert(packet->packet_type == htonl(PT_ETH));
257 ovs_assert(l3 != NULL);
258
259 if (l2_5) {
260 increment = packet->l2_5_ofs;
261 ethertype = *(ALIGNED_CAST(ovs_be16 *, (l2_5 - 2)));
262 } else {
263 increment = packet->l3_ofs;
264 ethertype = *(ALIGNED_CAST(ovs_be16 *, (l3 - 2)));
265 }
266
267 dp_packet_resize_l2(packet, -increment);
268 packet->packet_type = PACKET_TYPE_BE(OFPHTN_ETHERTYPE, ntohs(ethertype));
269 }
270
271 /* Set ethertype of the packet. */
272 static void
273 set_ethertype(struct dp_packet *packet, ovs_be16 eth_type)
274 {
275 struct eth_header *eh = dp_packet_eth(packet);
276
277 if (!eh) {
278 return;
279 }
280
281 if (eth_type_vlan(eh->eth_type)) {
282 ovs_be16 *p;
283 char *l2_5 = dp_packet_l2_5(packet);
284
285 p = ALIGNED_CAST(ovs_be16 *,
286 (l2_5 ? l2_5 : (char *)dp_packet_l3(packet)) - 2);
287 *p = eth_type;
288 } else {
289 eh->eth_type = eth_type;
290 }
291 }
292
293 static bool is_mpls(struct dp_packet *packet)
294 {
295 return packet->l2_5_ofs != UINT16_MAX;
296 }
297
298 /* Set time to live (TTL) of an MPLS label stack entry (LSE). */
299 void
300 set_mpls_lse_ttl(ovs_be32 *lse, uint8_t ttl)
301 {
302 *lse &= ~htonl(MPLS_TTL_MASK);
303 *lse |= htonl((ttl << MPLS_TTL_SHIFT) & MPLS_TTL_MASK);
304 }
305
306 /* Set traffic class (TC) of an MPLS label stack entry (LSE). */
307 void
308 set_mpls_lse_tc(ovs_be32 *lse, uint8_t tc)
309 {
310 *lse &= ~htonl(MPLS_TC_MASK);
311 *lse |= htonl((tc << MPLS_TC_SHIFT) & MPLS_TC_MASK);
312 }
313
314 /* Set label of an MPLS label stack entry (LSE). */
315 void
316 set_mpls_lse_label(ovs_be32 *lse, ovs_be32 label)
317 {
318 *lse &= ~htonl(MPLS_LABEL_MASK);
319 *lse |= htonl((ntohl(label) << MPLS_LABEL_SHIFT) & MPLS_LABEL_MASK);
320 }
321
322 /* Set bottom of stack (BoS) bit of an MPLS label stack entry (LSE). */
323 void
324 set_mpls_lse_bos(ovs_be32 *lse, uint8_t bos)
325 {
326 *lse &= ~htonl(MPLS_BOS_MASK);
327 *lse |= htonl((bos << MPLS_BOS_SHIFT) & MPLS_BOS_MASK);
328 }
329
330 /* Compose an MPLS label stack entry (LSE) from its components:
331 * label, traffic class (TC), time to live (TTL) and
332 * bottom of stack (BoS) bit. */
333 ovs_be32
334 set_mpls_lse_values(uint8_t ttl, uint8_t tc, uint8_t bos, ovs_be32 label)
335 {
336 ovs_be32 lse = htonl(0);
337 set_mpls_lse_ttl(&lse, ttl);
338 set_mpls_lse_tc(&lse, tc);
339 set_mpls_lse_bos(&lse, bos);
340 set_mpls_lse_label(&lse, label);
341 return lse;
342 }
343
344 /* Set MPLS label stack entry to outermost MPLS header.*/
345 void
346 set_mpls_lse(struct dp_packet *packet, ovs_be32 mpls_lse)
347 {
348 /* Packet type should be MPLS to set label stack entry. */
349 if (is_mpls(packet)) {
350 struct mpls_hdr *mh = dp_packet_l2_5(packet);
351
352 /* Update mpls label stack entry. */
353 put_16aligned_be32(&mh->mpls_lse, mpls_lse);
354 }
355 }
356
357 /* Push MPLS label stack entry 'lse' onto 'packet' as the outermost MPLS
358 * header. If 'packet' does not already have any MPLS labels, then its
359 * Ethertype is changed to 'ethtype' (which must be an MPLS Ethertype). */
360 void
361 push_mpls(struct dp_packet *packet, ovs_be16 ethtype, ovs_be32 lse)
362 {
363 char * header;
364 size_t len;
365
366 if (!eth_type_mpls(ethtype)) {
367 return;
368 }
369
370 if (!is_mpls(packet)) {
371 /* Set MPLS label stack offset. */
372 packet->l2_5_ofs = packet->l3_ofs;
373 }
374
375 set_ethertype(packet, ethtype);
376
377 /* Push new MPLS shim header onto packet. */
378 len = packet->l2_5_ofs;
379 header = dp_packet_resize_l2_5(packet, MPLS_HLEN);
380 memmove(header, header + MPLS_HLEN, len);
381 memcpy(header + len, &lse, sizeof lse);
382 }
383
384 /* If 'packet' is an MPLS packet, removes its outermost MPLS label stack entry.
385 * If the label that was removed was the only MPLS label, changes 'packet''s
386 * Ethertype to 'ethtype' (which ordinarily should not be an MPLS
387 * Ethertype). */
388 void
389 pop_mpls(struct dp_packet *packet, ovs_be16 ethtype)
390 {
391 if (is_mpls(packet)) {
392 struct mpls_hdr *mh = dp_packet_l2_5(packet);
393 size_t len = packet->l2_5_ofs;
394
395 set_ethertype(packet, ethtype);
396 if (get_16aligned_be32(&mh->mpls_lse) & htonl(MPLS_BOS_MASK)) {
397 dp_packet_set_l2_5(packet, NULL);
398 }
399 /* Shift the l2 header forward. */
400 memmove((char*)dp_packet_data(packet) + MPLS_HLEN, dp_packet_data(packet), len);
401 dp_packet_resize_l2_5(packet, -MPLS_HLEN);
402 }
403 }
404
405 void
406 encap_nsh(struct dp_packet *packet, const struct ovs_action_encap_nsh *encap)
407 {
408 struct nsh_hdr *nsh;
409 size_t length = NSH_BASE_HDR_LEN + encap->mdlen;
410 uint8_t next_proto;
411
412 switch (ntohl(packet->packet_type)) {
413 case PT_ETH:
414 next_proto = NSH_P_ETHERNET;
415 break;
416 case PT_IPV4:
417 next_proto = NSH_P_IPV4;
418 break;
419 case PT_IPV6:
420 next_proto = NSH_P_IPV6;
421 break;
422 case PT_NSH:
423 next_proto = NSH_P_NSH;
424 break;
425 default:
426 OVS_NOT_REACHED();
427 }
428
429 nsh = (struct nsh_hdr *) dp_packet_push_uninit(packet, length);
430 nsh->ver_flags_len = htons(encap->flags << NSH_FLAGS_SHIFT | length >> 2);
431 nsh->next_proto = next_proto;
432 put_16aligned_be32(&nsh->path_hdr, encap->path_hdr);
433 nsh->md_type = encap->mdtype;
434 switch (nsh->md_type) {
435 case NSH_M_TYPE1:
436 nsh->md1 = *ALIGNED_CAST(struct nsh_md1_ctx *, encap->metadata);
437 break;
438 case NSH_M_TYPE2: {
439 /* The MD2 metadata in encap is already padded to 4 bytes. */
440 size_t len = ROUND_UP(encap->mdlen, 4);
441 memcpy(&nsh->md2, encap->metadata, len);
442 break;
443 }
444 default:
445 OVS_NOT_REACHED();
446 }
447
448 packet->packet_type = htonl(PT_NSH);
449 dp_packet_reset_offsets(packet);
450 packet->l3_ofs = 0;
451 }
452
453 bool
454 decap_nsh(struct dp_packet *packet)
455 {
456 struct nsh_hdr *nsh = (struct nsh_hdr *) dp_packet_l3(packet);
457 size_t length;
458 uint32_t next_pt;
459
460 if (packet->packet_type == htonl(PT_NSH) && nsh) {
461 switch (nsh->next_proto) {
462 case NSH_P_ETHERNET:
463 next_pt = PT_ETH;
464 break;
465 case NSH_P_IPV4:
466 next_pt = PT_IPV4;
467 break;
468 case NSH_P_IPV6:
469 next_pt = PT_IPV6;
470 break;
471 case NSH_P_NSH:
472 next_pt = PT_NSH;
473 break;
474 default:
475 /* Unknown inner packet type. Drop packet. */
476 return false;
477 }
478
479 length = nsh_hdr_len(nsh);
480 dp_packet_reset_packet(packet, length);
481 packet->packet_type = htonl(next_pt);
482 /* Packet must be recirculated for further processing. */
483 }
484 return true;
485 }
486
487 /* Converts hex digits in 'hex' to an Ethernet packet in '*packetp'. The
488 * caller must free '*packetp'. On success, returns NULL. On failure, returns
489 * an error message and stores NULL in '*packetp'.
490 *
491 * Aligns the L3 header of '*packetp' on a 32-bit boundary. */
492 const char *
493 eth_from_hex(const char *hex, struct dp_packet **packetp)
494 {
495 struct dp_packet *packet;
496
497 /* Use 2 bytes of headroom to 32-bit align the L3 header. */
498 packet = *packetp = dp_packet_new_with_headroom(strlen(hex) / 2, 2);
499
500 if (dp_packet_put_hex(packet, hex, NULL)[0] != '\0') {
501 dp_packet_delete(packet);
502 *packetp = NULL;
503 return "Trailing garbage in packet data";
504 }
505
506 if (dp_packet_size(packet) < ETH_HEADER_LEN) {
507 dp_packet_delete(packet);
508 *packetp = NULL;
509 return "Packet data too short for Ethernet";
510 }
511
512 return NULL;
513 }
514
515 void
516 eth_format_masked(const struct eth_addr eth,
517 const struct eth_addr *mask, struct ds *s)
518 {
519 ds_put_format(s, ETH_ADDR_FMT, ETH_ADDR_ARGS(eth));
520 if (mask && !eth_mask_is_exact(*mask)) {
521 ds_put_format(s, "/"ETH_ADDR_FMT, ETH_ADDR_ARGS(*mask));
522 }
523 }
524
525 /* Given the IP netmask 'netmask', returns the number of bits of the IP address
526 * that it specifies, that is, the number of 1-bits in 'netmask'.
527 *
528 * If 'netmask' is not a CIDR netmask (see ip_is_cidr()), the return value will
529 * still be in the valid range but isn't otherwise meaningful. */
530 int
531 ip_count_cidr_bits(ovs_be32 netmask)
532 {
533 return 32 - ctz32(ntohl(netmask));
534 }
535
536 void
537 ip_format_masked(ovs_be32 ip, ovs_be32 mask, struct ds *s)
538 {
539 ds_put_format(s, IP_FMT, IP_ARGS(ip));
540 if (mask != OVS_BE32_MAX) {
541 if (ip_is_cidr(mask)) {
542 ds_put_format(s, "/%d", ip_count_cidr_bits(mask));
543 } else {
544 ds_put_format(s, "/"IP_FMT, IP_ARGS(mask));
545 }
546 }
547 }
548
549 /* Parses string 's', which must be an IP address. Stores the IP address into
550 * '*ip'. Returns true if successful, otherwise false. */
551 bool
552 ip_parse(const char *s, ovs_be32 *ip)
553 {
554 return inet_pton(AF_INET, s, ip) == 1;
555 }
556
557 /* Parses string 's', which must be an IP address with a port number
558 * with ":" as a separator (e.g.: 192.168.1.2:80).
559 * Stores the IP address into '*ip' and port number to '*port'.
560 *
561 * Returns NULL if successful, otherwise an error message that the caller must
562 * free(). */
563 char * OVS_WARN_UNUSED_RESULT
564 ip_parse_port(const char *s, ovs_be32 *ip, ovs_be16 *port)
565 {
566 int n = 0;
567 if (ovs_scan(s, IP_PORT_SCAN_FMT"%n", IP_PORT_SCAN_ARGS(ip, port), &n)
568 && !s[n]) {
569 return NULL;
570 }
571
572 return xasprintf("%s: invalid IP address or port number", s);
573 }
574
575 /* Parses string 's', which must be an IP address with an optional netmask or
576 * CIDR prefix length. Stores the IP address into '*ip', netmask into '*mask',
577 * (255.255.255.255, if 's' lacks a netmask), and number of scanned characters
578 * into '*n'.
579 *
580 * Returns NULL if successful, otherwise an error message that the caller must
581 * free(). */
582 char * OVS_WARN_UNUSED_RESULT
583 ip_parse_masked_len(const char *s, int *n, ovs_be32 *ip,
584 ovs_be32 *mask)
585 {
586 int prefix;
587
588 if (ovs_scan_len(s, n, IP_SCAN_FMT"/"IP_SCAN_FMT,
589 IP_SCAN_ARGS(ip), IP_SCAN_ARGS(mask))) {
590 /* OK. */
591 } else if (ovs_scan_len(s, n, IP_SCAN_FMT"/%d",
592 IP_SCAN_ARGS(ip), &prefix)) {
593 if (prefix < 0 || prefix > 32) {
594 return xasprintf("%s: IPv4 network prefix bits not between 0 and "
595 "32, inclusive", s);
596 }
597 *mask = be32_prefix_mask(prefix);
598 } else if (ovs_scan_len(s, n, IP_SCAN_FMT, IP_SCAN_ARGS(ip))) {
599 *mask = OVS_BE32_MAX;
600 } else {
601 return xasprintf("%s: invalid IP address", s);
602 }
603 return NULL;
604 }
605
606 /* This function is similar to ip_parse_masked_len(), but doesn't return the
607 * number of scanned characters and expects 's' to end after the ip/(optional)
608 * mask.
609 *
610 * Returns NULL if successful, otherwise an error message that the caller must
611 * free(). */
612 char * OVS_WARN_UNUSED_RESULT
613 ip_parse_masked(const char *s, ovs_be32 *ip, ovs_be32 *mask)
614 {
615 int n = 0;
616
617 char *error = ip_parse_masked_len(s, &n, ip, mask);
618 if (!error && s[n]) {
619 return xasprintf("%s: invalid IP address", s);
620 }
621 return error;
622 }
623
624 /* Similar to ip_parse_masked_len(), but the mask, if present, must be a CIDR
625 * mask and is returned as a prefix len in '*plen'. */
626 char * OVS_WARN_UNUSED_RESULT
627 ip_parse_cidr_len(const char *s, int *n, ovs_be32 *ip, unsigned int *plen)
628 {
629 ovs_be32 mask;
630 char *error;
631
632 error = ip_parse_masked_len(s, n, ip, &mask);
633 if (error) {
634 return error;
635 }
636
637 if (!ip_is_cidr(mask)) {
638 return xasprintf("%s: CIDR network required", s);
639 }
640 *plen = ip_count_cidr_bits(mask);
641 return NULL;
642 }
643
644 /* Similar to ip_parse_cidr_len(), but doesn't return the number of scanned
645 * characters and expects 's' to be NULL terminated at the end of the
646 * ip/(optional) cidr. */
647 char * OVS_WARN_UNUSED_RESULT
648 ip_parse_cidr(const char *s, ovs_be32 *ip, unsigned int *plen)
649 {
650 int n = 0;
651
652 char *error = ip_parse_cidr_len(s, &n, ip, plen);
653 if (!error && s[n]) {
654 return xasprintf("%s: invalid IP address", s);
655 }
656 return error;
657 }
658
659 /* Parses string 's', which must be an IPv6 address. Stores the IPv6 address
660 * into '*ip'. Returns true if successful, otherwise false. */
661 bool
662 ipv6_parse(const char *s, struct in6_addr *ip)
663 {
664 return inet_pton(AF_INET6, s, ip) == 1;
665 }
666
667 /* Parses string 's', which must be an IPv6 address with an optional netmask or
668 * CIDR prefix length. Stores the IPv6 address into '*ip' and the netmask into
669 * '*mask' (if 's' does not contain a netmask, all-one-bits is assumed), and
670 * number of scanned characters into '*n'.
671 *
672 * Returns NULL if successful, otherwise an error message that the caller must
673 * free(). */
674 char * OVS_WARN_UNUSED_RESULT
675 ipv6_parse_masked_len(const char *s, int *n, struct in6_addr *ip,
676 struct in6_addr *mask)
677 {
678 char ipv6_s[IPV6_SCAN_LEN + 1];
679 int prefix;
680
681 if (ovs_scan_len(s, n, " "IPV6_SCAN_FMT, ipv6_s)
682 && ipv6_parse(ipv6_s, ip)) {
683 if (ovs_scan_len(s, n, "/%d", &prefix)) {
684 if (prefix < 0 || prefix > 128) {
685 return xasprintf("%s: IPv6 network prefix bits not between 0 "
686 "and 128, inclusive", s);
687 }
688 *mask = ipv6_create_mask(prefix);
689 } else if (ovs_scan_len(s, n, "/"IPV6_SCAN_FMT, ipv6_s)) {
690 if (!ipv6_parse(ipv6_s, mask)) {
691 return xasprintf("%s: Invalid IPv6 mask", s);
692 }
693 /* OK. */
694 } else {
695 /* OK. No mask. */
696 *mask = in6addr_exact;
697 }
698 return NULL;
699 }
700 return xasprintf("%s: invalid IPv6 address", s);
701 }
702
703 /* This function is similar to ipv6_parse_masked_len(), but doesn't return the
704 * number of scanned characters and expects 's' to end following the
705 * ipv6/(optional) mask. */
706 char * OVS_WARN_UNUSED_RESULT
707 ipv6_parse_masked(const char *s, struct in6_addr *ip, struct in6_addr *mask)
708 {
709 int n = 0;
710
711 char *error = ipv6_parse_masked_len(s, &n, ip, mask);
712 if (!error && s[n]) {
713 return xasprintf("%s: invalid IPv6 address", s);
714 }
715 return error;
716 }
717
718 /* Similar to ipv6_parse_masked_len(), but the mask, if present, must be a CIDR
719 * mask and is returned as a prefix length in '*plen'. */
720 char * OVS_WARN_UNUSED_RESULT
721 ipv6_parse_cidr_len(const char *s, int *n, struct in6_addr *ip,
722 unsigned int *plen)
723 {
724 struct in6_addr mask;
725 char *error;
726
727 error = ipv6_parse_masked_len(s, n, ip, &mask);
728 if (error) {
729 return error;
730 }
731
732 if (!ipv6_is_cidr(&mask)) {
733 return xasprintf("%s: IPv6 CIDR network required", s);
734 }
735 *plen = ipv6_count_cidr_bits(&mask);
736 return NULL;
737 }
738
739 /* Similar to ipv6_parse_cidr_len(), but doesn't return the number of scanned
740 * characters and expects 's' to end after the ipv6/(optional) cidr. */
741 char * OVS_WARN_UNUSED_RESULT
742 ipv6_parse_cidr(const char *s, struct in6_addr *ip, unsigned int *plen)
743 {
744 int n = 0;
745
746 char *error = ipv6_parse_cidr_len(s, &n, ip, plen);
747 if (!error && s[n]) {
748 return xasprintf("%s: invalid IPv6 address", s);
749 }
750 return error;
751 }
752
753 /* Stores the string representation of the IPv6 address 'addr' into the
754 * character array 'addr_str', which must be at least INET6_ADDRSTRLEN
755 * bytes long. */
756 void
757 ipv6_format_addr(const struct in6_addr *addr, struct ds *s)
758 {
759 char *dst;
760
761 ds_reserve(s, s->length + INET6_ADDRSTRLEN);
762
763 dst = s->string + s->length;
764 inet_ntop(AF_INET6, addr, dst, INET6_ADDRSTRLEN);
765 s->length += strlen(dst);
766 }
767
768 /* Same as print_ipv6_addr, but optionally encloses the address in square
769 * brackets. */
770 void
771 ipv6_format_addr_bracket(const struct in6_addr *addr, struct ds *s,
772 bool bracket)
773 {
774 if (bracket) {
775 ds_put_char(s, '[');
776 }
777 ipv6_format_addr(addr, s);
778 if (bracket) {
779 ds_put_char(s, ']');
780 }
781 }
782
783 void
784 ipv6_format_mapped(const struct in6_addr *addr, struct ds *s)
785 {
786 if (IN6_IS_ADDR_V4MAPPED(addr)) {
787 ds_put_format(s, IP_FMT, addr->s6_addr[12], addr->s6_addr[13],
788 addr->s6_addr[14], addr->s6_addr[15]);
789 } else {
790 ipv6_format_addr(addr, s);
791 }
792 }
793
794 void
795 ipv6_format_masked(const struct in6_addr *addr, const struct in6_addr *mask,
796 struct ds *s)
797 {
798 ipv6_format_addr(addr, s);
799 if (mask && !ipv6_mask_is_exact(mask)) {
800 if (ipv6_is_cidr(mask)) {
801 int cidr_bits = ipv6_count_cidr_bits(mask);
802 ds_put_format(s, "/%d", cidr_bits);
803 } else {
804 ds_put_char(s, '/');
805 ipv6_format_addr(mask, s);
806 }
807 }
808 }
809
810 /* Stores the string representation of the IPv6 address 'addr' into the
811 * character array 'addr_str', which must be at least INET6_ADDRSTRLEN
812 * bytes long. If addr is IPv4-mapped, store an IPv4 dotted-decimal string. */
813 const char *
814 ipv6_string_mapped(char *addr_str, const struct in6_addr *addr)
815 {
816 ovs_be32 ip;
817 ip = in6_addr_get_mapped_ipv4(addr);
818 if (ip) {
819 return inet_ntop(AF_INET, &ip, addr_str, INET6_ADDRSTRLEN);
820 } else {
821 return inet_ntop(AF_INET6, addr, addr_str, INET6_ADDRSTRLEN);
822 }
823 }
824
825 #ifdef s6_addr32
826 #define s6_addrX s6_addr32
827 #define IPV6_FOR_EACH(VAR) for (int VAR = 0; VAR < 4; VAR++)
828 #else
829 #define s6_addrX s6_addr
830 #define IPV6_FOR_EACH(VAR) for (int VAR = 0; VAR < 16; VAR++)
831 #endif
832
833 struct in6_addr
834 ipv6_addr_bitand(const struct in6_addr *a, const struct in6_addr *b)
835 {
836 struct in6_addr dst;
837 IPV6_FOR_EACH (i) {
838 dst.s6_addrX[i] = a->s6_addrX[i] & b->s6_addrX[i];
839 }
840 return dst;
841 }
842
843 struct in6_addr
844 ipv6_addr_bitxor(const struct in6_addr *a, const struct in6_addr *b)
845 {
846 struct in6_addr dst;
847 IPV6_FOR_EACH (i) {
848 dst.s6_addrX[i] = a->s6_addrX[i] ^ b->s6_addrX[i];
849 }
850 return dst;
851 }
852
853 bool
854 ipv6_is_zero(const struct in6_addr *a)
855 {
856 IPV6_FOR_EACH (i) {
857 if (a->s6_addrX[i]) {
858 return false;
859 }
860 }
861 return true;
862 }
863
864 /* Returns an in6_addr consisting of 'mask' high-order 1-bits and 128-N
865 * low-order 0-bits. */
866 struct in6_addr
867 ipv6_create_mask(int mask)
868 {
869 struct in6_addr netmask;
870 uint8_t *netmaskp = &netmask.s6_addr[0];
871
872 memset(&netmask, 0, sizeof netmask);
873 while (mask > 8) {
874 *netmaskp = 0xff;
875 netmaskp++;
876 mask -= 8;
877 }
878
879 if (mask) {
880 *netmaskp = 0xff << (8 - mask);
881 }
882
883 return netmask;
884 }
885
886 /* Given the IPv6 netmask 'netmask', returns the number of bits of the IPv6
887 * address that it specifies, that is, the number of 1-bits in 'netmask'.
888 * 'netmask' must be a CIDR netmask (see ipv6_is_cidr()).
889 *
890 * If 'netmask' is not a CIDR netmask (see ipv6_is_cidr()), the return value
891 * will still be in the valid range but isn't otherwise meaningful. */
892 int
893 ipv6_count_cidr_bits(const struct in6_addr *netmask)
894 {
895 int i;
896 int count = 0;
897 const uint8_t *netmaskp = &netmask->s6_addr[0];
898
899 for (i=0; i<16; i++) {
900 if (netmaskp[i] == 0xff) {
901 count += 8;
902 } else {
903 uint8_t nm;
904
905 for(nm = netmaskp[i]; nm; nm <<= 1) {
906 count++;
907 }
908 break;
909 }
910
911 }
912
913 return count;
914 }
915
916 /* Returns true if 'netmask' is a CIDR netmask, that is, if it consists of N
917 * high-order 1-bits and 128-N low-order 0-bits. */
918 bool
919 ipv6_is_cidr(const struct in6_addr *netmask)
920 {
921 const uint8_t *netmaskp = &netmask->s6_addr[0];
922 int i;
923
924 for (i=0; i<16; i++) {
925 if (netmaskp[i] != 0xff) {
926 uint8_t x = ~netmaskp[i];
927 if (x & (x + 1)) {
928 return false;
929 }
930 while (++i < 16) {
931 if (netmaskp[i]) {
932 return false;
933 }
934 }
935 }
936 }
937
938 return true;
939 }
940
941 /* Populates 'b' with an Ethernet II packet headed with the given 'eth_dst',
942 * 'eth_src' and 'eth_type' parameters. A payload of 'size' bytes is allocated
943 * in 'b' and returned. This payload may be populated with appropriate
944 * information by the caller. Sets 'b''s 'frame' pointer and 'l3' offset to
945 * the Ethernet header and payload respectively. Aligns b->l3 on a 32-bit
946 * boundary.
947 *
948 * The returned packet has enough headroom to insert an 802.1Q VLAN header if
949 * desired. */
950 void *
951 eth_compose(struct dp_packet *b, const struct eth_addr eth_dst,
952 const struct eth_addr eth_src, uint16_t eth_type,
953 size_t size)
954 {
955 void *data;
956 struct eth_header *eth;
957
958 dp_packet_clear(b);
959
960 /* The magic 2 here ensures that the L3 header (when it is added later)
961 * will be 32-bit aligned. */
962 dp_packet_prealloc_tailroom(b, 2 + ETH_HEADER_LEN + VLAN_HEADER_LEN + size);
963 dp_packet_reserve(b, 2 + VLAN_HEADER_LEN);
964 eth = dp_packet_put_uninit(b, ETH_HEADER_LEN);
965 data = dp_packet_put_zeros(b, size);
966
967 eth->eth_dst = eth_dst;
968 eth->eth_src = eth_src;
969 eth->eth_type = htons(eth_type);
970
971 b->packet_type = htonl(PT_ETH);
972 dp_packet_reset_offsets(b);
973 dp_packet_set_l3(b, data);
974
975 return data;
976 }
977
978 void
979 packet_set_ipv4_addr(struct dp_packet *packet,
980 ovs_16aligned_be32 *addr, ovs_be32 new_addr)
981 {
982 struct ip_header *nh = dp_packet_l3(packet);
983 ovs_be32 old_addr = get_16aligned_be32(addr);
984 size_t l4_size = dp_packet_l4_size(packet);
985
986 if (nh->ip_proto == IPPROTO_TCP && l4_size >= TCP_HEADER_LEN) {
987 struct tcp_header *th = dp_packet_l4(packet);
988
989 th->tcp_csum = recalc_csum32(th->tcp_csum, old_addr, new_addr);
990 } else if (nh->ip_proto == IPPROTO_UDP && l4_size >= UDP_HEADER_LEN ) {
991 struct udp_header *uh = dp_packet_l4(packet);
992
993 if (uh->udp_csum) {
994 uh->udp_csum = recalc_csum32(uh->udp_csum, old_addr, new_addr);
995 if (!uh->udp_csum) {
996 uh->udp_csum = htons(0xffff);
997 }
998 }
999 }
1000 nh->ip_csum = recalc_csum32(nh->ip_csum, old_addr, new_addr);
1001 put_16aligned_be32(addr, new_addr);
1002 }
1003
1004 /* Returns true, if packet contains at least one routing header where
1005 * segements_left > 0.
1006 *
1007 * This function assumes that L3 and L4 offsets are set in the packet. */
1008 static bool
1009 packet_rh_present(struct dp_packet *packet, uint8_t *nexthdr)
1010 {
1011 const struct ovs_16aligned_ip6_hdr *nh;
1012 size_t len;
1013 size_t remaining;
1014 uint8_t *data = dp_packet_l3(packet);
1015
1016 remaining = packet->l4_ofs - packet->l3_ofs;
1017 if (remaining < sizeof *nh) {
1018 return false;
1019 }
1020 nh = ALIGNED_CAST(struct ovs_16aligned_ip6_hdr *, data);
1021 data += sizeof *nh;
1022 remaining -= sizeof *nh;
1023 *nexthdr = nh->ip6_nxt;
1024
1025 while (1) {
1026 if ((*nexthdr != IPPROTO_HOPOPTS)
1027 && (*nexthdr != IPPROTO_ROUTING)
1028 && (*nexthdr != IPPROTO_DSTOPTS)
1029 && (*nexthdr != IPPROTO_AH)
1030 && (*nexthdr != IPPROTO_FRAGMENT)) {
1031 /* It's either a terminal header (e.g., TCP, UDP) or one we
1032 * don't understand. In either case, we're done with the
1033 * packet, so use it to fill in 'nw_proto'. */
1034 break;
1035 }
1036
1037 /* We only verify that at least 8 bytes of the next header are
1038 * available, but many of these headers are longer. Ensure that
1039 * accesses within the extension header are within those first 8
1040 * bytes. All extension headers are required to be at least 8
1041 * bytes. */
1042 if (remaining < 8) {
1043 return false;
1044 }
1045
1046 if (*nexthdr == IPPROTO_AH) {
1047 /* A standard AH definition isn't available, but the fields
1048 * we care about are in the same location as the generic
1049 * option header--only the header length is calculated
1050 * differently. */
1051 const struct ip6_ext *ext_hdr = (struct ip6_ext *)data;
1052
1053 *nexthdr = ext_hdr->ip6e_nxt;
1054 len = (ext_hdr->ip6e_len + 2) * 4;
1055 } else if (*nexthdr == IPPROTO_FRAGMENT) {
1056 const struct ovs_16aligned_ip6_frag *frag_hdr
1057 = ALIGNED_CAST(struct ovs_16aligned_ip6_frag *, data);
1058
1059 *nexthdr = frag_hdr->ip6f_nxt;
1060 len = sizeof *frag_hdr;
1061 } else if (*nexthdr == IPPROTO_ROUTING) {
1062 const struct ip6_rthdr *rh = (struct ip6_rthdr *)data;
1063
1064 if (rh->ip6r_segleft > 0) {
1065 return true;
1066 }
1067
1068 *nexthdr = rh->ip6r_nxt;
1069 len = (rh->ip6r_len + 1) * 8;
1070 } else {
1071 const struct ip6_ext *ext_hdr = (struct ip6_ext *)data;
1072
1073 *nexthdr = ext_hdr->ip6e_nxt;
1074 len = (ext_hdr->ip6e_len + 1) * 8;
1075 }
1076
1077 if (remaining < len) {
1078 return false;
1079 }
1080 remaining -= len;
1081 data += len;
1082 }
1083
1084 return false;
1085 }
1086
1087 static void
1088 packet_update_csum128(struct dp_packet *packet, uint8_t proto,
1089 ovs_16aligned_be32 addr[4],
1090 const struct in6_addr *new_addr)
1091 {
1092 size_t l4_size = dp_packet_l4_size(packet);
1093
1094 if (proto == IPPROTO_TCP && l4_size >= TCP_HEADER_LEN) {
1095 struct tcp_header *th = dp_packet_l4(packet);
1096
1097 th->tcp_csum = recalc_csum128(th->tcp_csum, addr, new_addr);
1098 } else if (proto == IPPROTO_UDP && l4_size >= UDP_HEADER_LEN) {
1099 struct udp_header *uh = dp_packet_l4(packet);
1100
1101 if (uh->udp_csum) {
1102 uh->udp_csum = recalc_csum128(uh->udp_csum, addr, new_addr);
1103 if (!uh->udp_csum) {
1104 uh->udp_csum = htons(0xffff);
1105 }
1106 }
1107 } else if (proto == IPPROTO_ICMPV6 &&
1108 l4_size >= sizeof(struct icmp6_header)) {
1109 struct icmp6_header *icmp = dp_packet_l4(packet);
1110
1111 icmp->icmp6_cksum = recalc_csum128(icmp->icmp6_cksum, addr, new_addr);
1112 }
1113 }
1114
1115 void
1116 packet_set_ipv6_addr(struct dp_packet *packet, uint8_t proto,
1117 ovs_16aligned_be32 addr[4],
1118 const struct in6_addr *new_addr,
1119 bool recalculate_csum)
1120 {
1121 if (recalculate_csum) {
1122 packet_update_csum128(packet, proto, addr, new_addr);
1123 }
1124 memcpy(addr, new_addr, sizeof(ovs_be32[4]));
1125 }
1126
1127 static void
1128 packet_set_ipv6_flow_label(ovs_16aligned_be32 *flow_label, ovs_be32 flow_key)
1129 {
1130 ovs_be32 old_label = get_16aligned_be32(flow_label);
1131 ovs_be32 new_label = (old_label & htonl(~IPV6_LABEL_MASK)) | flow_key;
1132 put_16aligned_be32(flow_label, new_label);
1133 }
1134
1135 static void
1136 packet_set_ipv6_tc(ovs_16aligned_be32 *flow_label, uint8_t tc)
1137 {
1138 ovs_be32 old_label = get_16aligned_be32(flow_label);
1139 ovs_be32 new_label = (old_label & htonl(0xF00FFFFF)) | htonl(tc << 20);
1140 put_16aligned_be32(flow_label, new_label);
1141 }
1142
1143 /* Modifies the IPv4 header fields of 'packet' to be consistent with 'src',
1144 * 'dst', 'tos', and 'ttl'. Updates 'packet''s L4 checksums as appropriate.
1145 * 'packet' must contain a valid IPv4 packet with correctly populated l[347]
1146 * markers. */
1147 void
1148 packet_set_ipv4(struct dp_packet *packet, ovs_be32 src, ovs_be32 dst,
1149 uint8_t tos, uint8_t ttl)
1150 {
1151 struct ip_header *nh = dp_packet_l3(packet);
1152
1153 if (get_16aligned_be32(&nh->ip_src) != src) {
1154 packet_set_ipv4_addr(packet, &nh->ip_src, src);
1155 }
1156
1157 if (get_16aligned_be32(&nh->ip_dst) != dst) {
1158 packet_set_ipv4_addr(packet, &nh->ip_dst, dst);
1159 }
1160
1161 if (nh->ip_tos != tos) {
1162 uint8_t *field = &nh->ip_tos;
1163
1164 nh->ip_csum = recalc_csum16(nh->ip_csum, htons((uint16_t) *field),
1165 htons((uint16_t) tos));
1166 *field = tos;
1167 }
1168
1169 if (nh->ip_ttl != ttl) {
1170 uint8_t *field = &nh->ip_ttl;
1171
1172 nh->ip_csum = recalc_csum16(nh->ip_csum, htons(*field << 8),
1173 htons(ttl << 8));
1174 *field = ttl;
1175 }
1176 }
1177
1178 /* Modifies the IPv6 header fields of 'packet' to be consistent with 'src',
1179 * 'dst', 'traffic class', and 'next hop'. Updates 'packet''s L4 checksums as
1180 * appropriate. 'packet' must contain a valid IPv6 packet with correctly
1181 * populated l[34] offsets. */
1182 void
1183 packet_set_ipv6(struct dp_packet *packet, const struct in6_addr *src,
1184 const struct in6_addr *dst, uint8_t key_tc, ovs_be32 key_fl,
1185 uint8_t key_hl)
1186 {
1187 struct ovs_16aligned_ip6_hdr *nh = dp_packet_l3(packet);
1188 uint8_t proto = 0;
1189 bool rh_present;
1190
1191 rh_present = packet_rh_present(packet, &proto);
1192
1193 if (memcmp(&nh->ip6_src, src, sizeof(ovs_be32[4]))) {
1194 packet_set_ipv6_addr(packet, proto, nh->ip6_src.be32, src, true);
1195 }
1196
1197 if (memcmp(&nh->ip6_dst, dst, sizeof(ovs_be32[4]))) {
1198 packet_set_ipv6_addr(packet, proto, nh->ip6_dst.be32, dst,
1199 !rh_present);
1200 }
1201
1202 packet_set_ipv6_tc(&nh->ip6_flow, key_tc);
1203 packet_set_ipv6_flow_label(&nh->ip6_flow, key_fl);
1204 nh->ip6_hlim = key_hl;
1205 }
1206
1207 static void
1208 packet_set_port(ovs_be16 *port, ovs_be16 new_port, ovs_be16 *csum)
1209 {
1210 if (*port != new_port) {
1211 *csum = recalc_csum16(*csum, *port, new_port);
1212 *port = new_port;
1213 }
1214 }
1215
1216 /* Sets the TCP source and destination port ('src' and 'dst' respectively) of
1217 * the TCP header contained in 'packet'. 'packet' must be a valid TCP packet
1218 * with its l4 offset properly populated. */
1219 void
1220 packet_set_tcp_port(struct dp_packet *packet, ovs_be16 src, ovs_be16 dst)
1221 {
1222 struct tcp_header *th = dp_packet_l4(packet);
1223
1224 packet_set_port(&th->tcp_src, src, &th->tcp_csum);
1225 packet_set_port(&th->tcp_dst, dst, &th->tcp_csum);
1226 }
1227
1228 /* Sets the UDP source and destination port ('src' and 'dst' respectively) of
1229 * the UDP header contained in 'packet'. 'packet' must be a valid UDP packet
1230 * with its l4 offset properly populated. */
1231 void
1232 packet_set_udp_port(struct dp_packet *packet, ovs_be16 src, ovs_be16 dst)
1233 {
1234 struct udp_header *uh = dp_packet_l4(packet);
1235
1236 if (uh->udp_csum) {
1237 packet_set_port(&uh->udp_src, src, &uh->udp_csum);
1238 packet_set_port(&uh->udp_dst, dst, &uh->udp_csum);
1239
1240 if (!uh->udp_csum) {
1241 uh->udp_csum = htons(0xffff);
1242 }
1243 } else {
1244 uh->udp_src = src;
1245 uh->udp_dst = dst;
1246 }
1247 }
1248
1249 /* Sets the SCTP source and destination port ('src' and 'dst' respectively) of
1250 * the SCTP header contained in 'packet'. 'packet' must be a valid SCTP packet
1251 * with its l4 offset properly populated. */
1252 void
1253 packet_set_sctp_port(struct dp_packet *packet, ovs_be16 src, ovs_be16 dst)
1254 {
1255 struct sctp_header *sh = dp_packet_l4(packet);
1256 ovs_be32 old_csum, old_correct_csum, new_csum;
1257 uint16_t tp_len = dp_packet_l4_size(packet);
1258
1259 old_csum = get_16aligned_be32(&sh->sctp_csum);
1260 put_16aligned_be32(&sh->sctp_csum, 0);
1261 old_correct_csum = crc32c((void *)sh, tp_len);
1262
1263 sh->sctp_src = src;
1264 sh->sctp_dst = dst;
1265
1266 new_csum = crc32c((void *)sh, tp_len);
1267 put_16aligned_be32(&sh->sctp_csum, old_csum ^ old_correct_csum ^ new_csum);
1268 }
1269
1270 /* Sets the ICMP type and code of the ICMP header contained in 'packet'.
1271 * 'packet' must be a valid ICMP packet with its l4 offset properly
1272 * populated. */
1273 void
1274 packet_set_icmp(struct dp_packet *packet, uint8_t type, uint8_t code)
1275 {
1276 struct icmp_header *ih = dp_packet_l4(packet);
1277 ovs_be16 orig_tc = htons(ih->icmp_type << 8 | ih->icmp_code);
1278 ovs_be16 new_tc = htons(type << 8 | code);
1279
1280 if (orig_tc != new_tc) {
1281 ih->icmp_type = type;
1282 ih->icmp_code = code;
1283
1284 ih->icmp_csum = recalc_csum16(ih->icmp_csum, orig_tc, new_tc);
1285 }
1286 }
1287
1288 void
1289 packet_set_nd(struct dp_packet *packet, const struct in6_addr *target,
1290 const struct eth_addr sll, const struct eth_addr tll)
1291 {
1292 struct ovs_nd_msg *ns;
1293 struct ovs_nd_lla_opt *opt;
1294 int bytes_remain = dp_packet_l4_size(packet);
1295
1296 if (OVS_UNLIKELY(bytes_remain < sizeof(*ns))) {
1297 return;
1298 }
1299
1300 ns = dp_packet_l4(packet);
1301 opt = &ns->options[0];
1302 bytes_remain -= sizeof(*ns);
1303
1304 if (memcmp(&ns->target, target, sizeof(ovs_be32[4]))) {
1305 packet_set_ipv6_addr(packet, IPPROTO_ICMPV6, ns->target.be32, target,
1306 true);
1307 }
1308
1309 while (bytes_remain >= ND_LLA_OPT_LEN && opt->len != 0) {
1310 if (opt->type == ND_OPT_SOURCE_LINKADDR && opt->len == 1) {
1311 if (!eth_addr_equals(opt->mac, sll)) {
1312 ovs_be16 *csum = &(ns->icmph.icmp6_cksum);
1313
1314 *csum = recalc_csum48(*csum, opt->mac, sll);
1315 opt->mac = sll;
1316 }
1317
1318 /* A packet can only contain one SLL or TLL option */
1319 break;
1320 } else if (opt->type == ND_OPT_TARGET_LINKADDR && opt->len == 1) {
1321 if (!eth_addr_equals(opt->mac, tll)) {
1322 ovs_be16 *csum = &(ns->icmph.icmp6_cksum);
1323
1324 *csum = recalc_csum48(*csum, opt->mac, tll);
1325 opt->mac = tll;
1326 }
1327
1328 /* A packet can only contain one SLL or TLL option */
1329 break;
1330 }
1331
1332 opt += opt->len;
1333 bytes_remain -= opt->len * ND_LLA_OPT_LEN;
1334 }
1335 }
1336
1337 const char *
1338 packet_tcp_flag_to_string(uint32_t flag)
1339 {
1340 switch (flag) {
1341 case TCP_FIN:
1342 return "fin";
1343 case TCP_SYN:
1344 return "syn";
1345 case TCP_RST:
1346 return "rst";
1347 case TCP_PSH:
1348 return "psh";
1349 case TCP_ACK:
1350 return "ack";
1351 case TCP_URG:
1352 return "urg";
1353 case TCP_ECE:
1354 return "ece";
1355 case TCP_CWR:
1356 return "cwr";
1357 case TCP_NS:
1358 return "ns";
1359 case 0x200:
1360 return "[200]";
1361 case 0x400:
1362 return "[400]";
1363 case 0x800:
1364 return "[800]";
1365 default:
1366 return NULL;
1367 }
1368 }
1369
1370 /* Appends a string representation of the TCP flags value 'tcp_flags'
1371 * (e.g. from struct flow.tcp_flags or obtained via TCP_FLAGS) to 's', in the
1372 * format used by tcpdump. */
1373 void
1374 packet_format_tcp_flags(struct ds *s, uint16_t tcp_flags)
1375 {
1376 if (!tcp_flags) {
1377 ds_put_cstr(s, "none");
1378 return;
1379 }
1380
1381 if (tcp_flags & TCP_SYN) {
1382 ds_put_char(s, 'S');
1383 }
1384 if (tcp_flags & TCP_FIN) {
1385 ds_put_char(s, 'F');
1386 }
1387 if (tcp_flags & TCP_PSH) {
1388 ds_put_char(s, 'P');
1389 }
1390 if (tcp_flags & TCP_RST) {
1391 ds_put_char(s, 'R');
1392 }
1393 if (tcp_flags & TCP_URG) {
1394 ds_put_char(s, 'U');
1395 }
1396 if (tcp_flags & TCP_ACK) {
1397 ds_put_char(s, '.');
1398 }
1399 if (tcp_flags & TCP_ECE) {
1400 ds_put_cstr(s, "E");
1401 }
1402 if (tcp_flags & TCP_CWR) {
1403 ds_put_cstr(s, "C");
1404 }
1405 if (tcp_flags & TCP_NS) {
1406 ds_put_cstr(s, "N");
1407 }
1408 if (tcp_flags & 0x200) {
1409 ds_put_cstr(s, "[200]");
1410 }
1411 if (tcp_flags & 0x400) {
1412 ds_put_cstr(s, "[400]");
1413 }
1414 if (tcp_flags & 0x800) {
1415 ds_put_cstr(s, "[800]");
1416 }
1417 }
1418
1419 #define ARP_PACKET_SIZE (2 + ETH_HEADER_LEN + VLAN_HEADER_LEN + \
1420 ARP_ETH_HEADER_LEN)
1421
1422 /* Clears 'b' and replaces its contents by an ARP frame with the specified
1423 * 'arp_op', 'arp_sha', 'arp_tha', 'arp_spa', and 'arp_tpa'. The outer
1424 * Ethernet frame is initialized with Ethernet source 'arp_sha' and destination
1425 * 'arp_tha', except that destination ff:ff:ff:ff:ff:ff is used instead if
1426 * 'broadcast' is true. Points the L3 header to the ARP header. */
1427 void
1428 compose_arp(struct dp_packet *b, uint16_t arp_op,
1429 const struct eth_addr arp_sha, const struct eth_addr arp_tha,
1430 bool broadcast, ovs_be32 arp_spa, ovs_be32 arp_tpa)
1431 {
1432 compose_arp__(b);
1433
1434 struct eth_header *eth = dp_packet_eth(b);
1435 eth->eth_dst = broadcast ? eth_addr_broadcast : arp_tha;
1436 eth->eth_src = arp_sha;
1437
1438 struct arp_eth_header *arp = dp_packet_l3(b);
1439 arp->ar_op = htons(arp_op);
1440 arp->ar_sha = arp_sha;
1441 arp->ar_tha = arp_tha;
1442 put_16aligned_be32(&arp->ar_spa, arp_spa);
1443 put_16aligned_be32(&arp->ar_tpa, arp_tpa);
1444 }
1445
1446 /* Clears 'b' and replaces its contents by an ARP frame. Sets the fields in
1447 * the Ethernet and ARP headers that are fixed for ARP frames to those fixed
1448 * values, and zeroes the other fields. Points the L3 header to the ARP
1449 * header. */
1450 void
1451 compose_arp__(struct dp_packet *b)
1452 {
1453 dp_packet_clear(b);
1454 dp_packet_prealloc_tailroom(b, ARP_PACKET_SIZE);
1455 dp_packet_reserve(b, 2 + VLAN_HEADER_LEN);
1456
1457 struct eth_header *eth = dp_packet_put_zeros(b, sizeof *eth);
1458 eth->eth_type = htons(ETH_TYPE_ARP);
1459
1460 struct arp_eth_header *arp = dp_packet_put_zeros(b, sizeof *arp);
1461 arp->ar_hrd = htons(ARP_HRD_ETHERNET);
1462 arp->ar_pro = htons(ARP_PRO_IP);
1463 arp->ar_hln = sizeof arp->ar_sha;
1464 arp->ar_pln = sizeof arp->ar_spa;
1465
1466 dp_packet_reset_offsets(b);
1467 dp_packet_set_l3(b, arp);
1468
1469 b->packet_type = htonl(PT_ETH);
1470 }
1471
1472 /* This function expects packet with ethernet header with correct
1473 * l3 pointer set. */
1474 static void *
1475 compose_ipv6(struct dp_packet *packet, uint8_t proto,
1476 const struct in6_addr *src, const struct in6_addr *dst,
1477 uint8_t key_tc, ovs_be32 key_fl, uint8_t key_hl, int size)
1478 {
1479 struct ip6_hdr *nh;
1480 void *data;
1481
1482 nh = dp_packet_l3(packet);
1483 nh->ip6_vfc = 0x60;
1484 nh->ip6_nxt = proto;
1485 nh->ip6_plen = htons(size);
1486 data = dp_packet_put_zeros(packet, size);
1487 dp_packet_set_l4(packet, data);
1488 packet_set_ipv6(packet, src, dst, key_tc, key_fl, key_hl);
1489 return data;
1490 }
1491
1492 /* Compose an IPv6 Neighbor Discovery Neighbor Solicitation message. */
1493 void
1494 compose_nd_ns(struct dp_packet *b, const struct eth_addr eth_src,
1495 const struct in6_addr *ipv6_src, const struct in6_addr *ipv6_dst)
1496 {
1497 struct in6_addr sn_addr;
1498 struct eth_addr eth_dst;
1499 struct ovs_nd_msg *ns;
1500 struct ovs_nd_lla_opt *lla_opt;
1501 uint32_t icmp_csum;
1502
1503 in6_addr_solicited_node(&sn_addr, ipv6_dst);
1504 ipv6_multicast_to_ethernet(&eth_dst, &sn_addr);
1505
1506 eth_compose(b, eth_dst, eth_src, ETH_TYPE_IPV6, IPV6_HEADER_LEN);
1507 ns = compose_ipv6(b, IPPROTO_ICMPV6, ipv6_src, &sn_addr,
1508 0, 0, 255, ND_MSG_LEN + ND_LLA_OPT_LEN);
1509
1510 ns->icmph.icmp6_type = ND_NEIGHBOR_SOLICIT;
1511 ns->icmph.icmp6_code = 0;
1512 put_16aligned_be32(&ns->rso_flags, htonl(0));
1513
1514 lla_opt = &ns->options[0];
1515 lla_opt->type = ND_OPT_SOURCE_LINKADDR;
1516 lla_opt->len = 1;
1517
1518 packet_set_nd(b, ipv6_dst, eth_src, eth_addr_zero);
1519
1520 ns->icmph.icmp6_cksum = 0;
1521 icmp_csum = packet_csum_pseudoheader6(dp_packet_l3(b));
1522 ns->icmph.icmp6_cksum = csum_finish(
1523 csum_continue(icmp_csum, ns, ND_MSG_LEN + ND_LLA_OPT_LEN));
1524 }
1525
1526 /* Compose an IPv6 Neighbor Discovery Neighbor Advertisement message. */
1527 void
1528 compose_nd_na(struct dp_packet *b,
1529 const struct eth_addr eth_src, const struct eth_addr eth_dst,
1530 const struct in6_addr *ipv6_src, const struct in6_addr *ipv6_dst,
1531 ovs_be32 rso_flags)
1532 {
1533 struct ovs_nd_msg *na;
1534 struct ovs_nd_lla_opt *lla_opt;
1535 uint32_t icmp_csum;
1536
1537 eth_compose(b, eth_dst, eth_src, ETH_TYPE_IPV6, IPV6_HEADER_LEN);
1538 na = compose_ipv6(b, IPPROTO_ICMPV6, ipv6_src, ipv6_dst,
1539 0, 0, 255, ND_MSG_LEN + ND_LLA_OPT_LEN);
1540
1541 na->icmph.icmp6_type = ND_NEIGHBOR_ADVERT;
1542 na->icmph.icmp6_code = 0;
1543 put_16aligned_be32(&na->rso_flags, rso_flags);
1544
1545 lla_opt = &na->options[0];
1546 lla_opt->type = ND_OPT_TARGET_LINKADDR;
1547 lla_opt->len = 1;
1548
1549 packet_set_nd(b, ipv6_src, eth_addr_zero, eth_src);
1550
1551 na->icmph.icmp6_cksum = 0;
1552 icmp_csum = packet_csum_pseudoheader6(dp_packet_l3(b));
1553 na->icmph.icmp6_cksum = csum_finish(csum_continue(
1554 icmp_csum, na, ND_MSG_LEN + ND_LLA_OPT_LEN));
1555 }
1556
1557 /* Compose an IPv6 Neighbor Discovery Router Advertisement message with
1558 * Source Link-layer Address Option and MTU Option.
1559 * Caller can call packet_put_ra_prefix_opt to append Prefix Information
1560 * Options to composed messags in 'b'. */
1561 void
1562 compose_nd_ra(struct dp_packet *b,
1563 const struct eth_addr eth_src, const struct eth_addr eth_dst,
1564 const struct in6_addr *ipv6_src, const struct in6_addr *ipv6_dst,
1565 uint8_t cur_hop_limit, uint8_t mo_flags,
1566 ovs_be16 router_lt, ovs_be32 reachable_time,
1567 ovs_be32 retrans_timer, ovs_be32 mtu)
1568 {
1569 /* Don't compose Router Advertisement packet with MTU Option if mtu
1570 * value is 0. */
1571 bool with_mtu = mtu != 0;
1572 size_t mtu_opt_len = with_mtu ? ND_MTU_OPT_LEN : 0;
1573
1574 eth_compose(b, eth_dst, eth_src, ETH_TYPE_IPV6, IPV6_HEADER_LEN);
1575
1576 struct ovs_ra_msg *ra = compose_ipv6(
1577 b, IPPROTO_ICMPV6, ipv6_src, ipv6_dst, 0, 0, 255,
1578 RA_MSG_LEN + ND_LLA_OPT_LEN + mtu_opt_len);
1579 ra->icmph.icmp6_type = ND_ROUTER_ADVERT;
1580 ra->icmph.icmp6_code = 0;
1581 ra->cur_hop_limit = cur_hop_limit;
1582 ra->mo_flags = mo_flags;
1583 ra->router_lifetime = router_lt;
1584 ra->reachable_time = reachable_time;
1585 ra->retrans_timer = retrans_timer;
1586
1587 struct ovs_nd_lla_opt *lla_opt = ra->options;
1588 lla_opt->type = ND_OPT_SOURCE_LINKADDR;
1589 lla_opt->len = 1;
1590 lla_opt->mac = eth_src;
1591
1592 if (with_mtu) {
1593 /* ovs_nd_mtu_opt has the same size with ovs_nd_lla_opt. */
1594 struct ovs_nd_mtu_opt *mtu_opt
1595 = (struct ovs_nd_mtu_opt *)(lla_opt + 1);
1596 mtu_opt->type = ND_OPT_MTU;
1597 mtu_opt->len = 1;
1598 mtu_opt->reserved = 0;
1599 put_16aligned_be32(&mtu_opt->mtu, mtu);
1600 }
1601
1602 ra->icmph.icmp6_cksum = 0;
1603 uint32_t icmp_csum = packet_csum_pseudoheader6(dp_packet_l3(b));
1604 ra->icmph.icmp6_cksum = csum_finish(csum_continue(
1605 icmp_csum, ra, RA_MSG_LEN + ND_LLA_OPT_LEN + mtu_opt_len));
1606 }
1607
1608 /* Append an IPv6 Neighbor Discovery Prefix Information option to a
1609 * Router Advertisement message. */
1610 void
1611 packet_put_ra_prefix_opt(struct dp_packet *b,
1612 uint8_t plen, uint8_t la_flags,
1613 ovs_be32 valid_lifetime, ovs_be32 preferred_lifetime,
1614 const ovs_be128 prefix)
1615 {
1616 size_t prev_l4_size = dp_packet_l4_size(b);
1617 struct ip6_hdr *nh = dp_packet_l3(b);
1618 nh->ip6_plen = htons(prev_l4_size + ND_PREFIX_OPT_LEN);
1619
1620 struct ovs_ra_msg *ra = dp_packet_l4(b);
1621 struct ovs_nd_prefix_opt *prefix_opt =
1622 dp_packet_put_uninit(b, sizeof *prefix_opt);
1623 prefix_opt->type = ND_OPT_PREFIX_INFORMATION;
1624 prefix_opt->len = 4;
1625 prefix_opt->prefix_len = plen;
1626 prefix_opt->la_flags = la_flags;
1627 put_16aligned_be32(&prefix_opt->valid_lifetime, valid_lifetime);
1628 put_16aligned_be32(&prefix_opt->preferred_lifetime, preferred_lifetime);
1629 put_16aligned_be32(&prefix_opt->reserved, 0);
1630 memcpy(prefix_opt->prefix.be32, prefix.be32, sizeof(ovs_be32[4]));
1631
1632 ra->icmph.icmp6_cksum = 0;
1633 uint32_t icmp_csum = packet_csum_pseudoheader6(dp_packet_l3(b));
1634 ra->icmph.icmp6_cksum = csum_finish(csum_continue(
1635 icmp_csum, ra, prev_l4_size + ND_PREFIX_OPT_LEN));
1636 }
1637
1638 uint32_t
1639 packet_csum_pseudoheader(const struct ip_header *ip)
1640 {
1641 uint32_t partial = 0;
1642
1643 partial = csum_add32(partial, get_16aligned_be32(&ip->ip_src));
1644 partial = csum_add32(partial, get_16aligned_be32(&ip->ip_dst));
1645 partial = csum_add16(partial, htons(ip->ip_proto));
1646 partial = csum_add16(partial, htons(ntohs(ip->ip_tot_len) -
1647 IP_IHL(ip->ip_ihl_ver) * 4));
1648
1649 return partial;
1650 }
1651
1652 #ifndef __CHECKER__
1653 uint32_t
1654 packet_csum_pseudoheader6(const struct ovs_16aligned_ip6_hdr *ip6)
1655 {
1656 uint32_t partial = 0;
1657
1658 partial = csum_continue(partial, &ip6->ip6_src, sizeof ip6->ip6_src);
1659 partial = csum_continue(partial, &ip6->ip6_dst, sizeof ip6->ip6_dst);
1660 partial = csum_add16(partial, htons(ip6->ip6_nxt));
1661 partial = csum_add16(partial, ip6->ip6_plen);
1662
1663 return partial;
1664 }
1665
1666 /* Calculate the IPv6 upper layer checksum according to RFC2460. We pass the
1667 ip6_nxt and ip6_plen values, so it will also work if extension headers
1668 are present. */
1669 uint16_t
1670 packet_csum_upperlayer6(const struct ovs_16aligned_ip6_hdr *ip6,
1671 const void *data, uint8_t l4_protocol,
1672 uint16_t l4_size)
1673 {
1674 uint32_t partial = 0;
1675
1676 partial = csum_continue(partial, &ip6->ip6_src, sizeof ip6->ip6_src);
1677 partial = csum_continue(partial, &ip6->ip6_dst, sizeof ip6->ip6_dst);
1678 partial = csum_add16(partial, htons(l4_protocol));
1679 partial = csum_add16(partial, htons(l4_size));
1680
1681 partial = csum_continue(partial, data, l4_size);
1682
1683 return csum_finish(partial);
1684 }
1685 #endif
1686
1687 void
1688 IP_ECN_set_ce(struct dp_packet *pkt, bool is_ipv6)
1689 {
1690 if (is_ipv6) {
1691 ovs_16aligned_be32 *ip6 = dp_packet_l3(pkt);
1692
1693 put_16aligned_be32(ip6, get_16aligned_be32(ip6) |
1694 htonl(IP_ECN_CE << 20));
1695 } else {
1696 struct ip_header *nh = dp_packet_l3(pkt);
1697 uint8_t tos = nh->ip_tos;
1698
1699 tos |= IP_ECN_CE;
1700 if (nh->ip_tos != tos) {
1701 nh->ip_csum = recalc_csum16(nh->ip_csum, htons(nh->ip_tos),
1702 htons((uint16_t) tos));
1703 nh->ip_tos = tos;
1704 }
1705 }
1706 }
openvswitch packages for PVE