]> git.proxmox.com Git - ovs.git/blob - lib/tc.c
projects / ovs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ovs-tc: offload MPLS set actions to TC datapath
[ovs.git] / lib / tc.c
1 /*
2 * Copyright (c) 2009-2017 Nicira, Inc.
3 * Copyright (c) 2016 Mellanox Technologies, Ltd.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18 #include <config.h>
19 #include "tc.h"
20
21 #include <errno.h>
22 #include <linux/if_ether.h>
23 #include <linux/if_packet.h>
24 #include <linux/rtnetlink.h>
25 #include <linux/tc_act/tc_csum.h>
26 #include <linux/tc_act/tc_gact.h>
27 #include <linux/tc_act/tc_mirred.h>
28 #include <linux/tc_act/tc_mpls.h>
29 #include <linux/tc_act/tc_pedit.h>
30 #include <linux/tc_act/tc_skbedit.h>
31 #include <linux/tc_act/tc_tunnel_key.h>
32 #include <linux/tc_act/tc_vlan.h>
33 #include <linux/gen_stats.h>
34 #include <net/if.h>
35 #include <unistd.h>
36
37 #include "byte-order.h"
38 #include "netlink-socket.h"
39 #include "netlink.h"
40 #include "openvswitch/ofpbuf.h"
41 #include "openvswitch/util.h"
42 #include "openvswitch/vlog.h"
43 #include "packets.h"
44 #include "timeval.h"
45 #include "unaligned.h"
46
47 #define MAX_PEDIT_OFFSETS 32
48
49 #ifndef TCM_IFINDEX_MAGIC_BLOCK
50 #define TCM_IFINDEX_MAGIC_BLOCK (0xFFFFFFFFU)
51 #endif
52
53 #if TCA_MAX < 14
54 #define TCA_INGRESS_BLOCK 13
55 #endif
56
57 VLOG_DEFINE_THIS_MODULE(tc);
58
59 static struct vlog_rate_limit error_rl = VLOG_RATE_LIMIT_INIT(60, 5);
60
61 enum tc_offload_policy {
62 TC_POLICY_NONE,
63 TC_POLICY_SKIP_SW,
64 TC_POLICY_SKIP_HW
65 };
66
67 static enum tc_offload_policy tc_policy = TC_POLICY_NONE;
68
69 struct tc_pedit_key_ex {
70 enum pedit_header_type htype;
71 enum pedit_cmd cmd;
72 };
73
74 struct flower_key_to_pedit {
75 enum pedit_header_type htype;
76 int offset;
77 int flower_offset;
78 int size;
79 int boundary_shift;
80 };
81
82 static struct flower_key_to_pedit flower_pedit_map[] = {
83 {
84 TCA_PEDIT_KEY_EX_HDR_TYPE_IP4,
85 12,
86 offsetof(struct tc_flower_key, ipv4.ipv4_src),
87 MEMBER_SIZEOF(struct tc_flower_key, ipv4.ipv4_src),
88 0
89 }, {
90 TCA_PEDIT_KEY_EX_HDR_TYPE_IP4,
91 16,
92 offsetof(struct tc_flower_key, ipv4.ipv4_dst),
93 MEMBER_SIZEOF(struct tc_flower_key, ipv4.ipv4_dst),
94 0
95 }, {
96 TCA_PEDIT_KEY_EX_HDR_TYPE_IP4,
97 8,
98 offsetof(struct tc_flower_key, ipv4.rewrite_ttl),
99 MEMBER_SIZEOF(struct tc_flower_key, ipv4.rewrite_ttl),
100 0
101 }, {
102 TCA_PEDIT_KEY_EX_HDR_TYPE_IP4,
103 1,
104 offsetof(struct tc_flower_key, ipv4.rewrite_tos),
105 MEMBER_SIZEOF(struct tc_flower_key, ipv4.rewrite_tos),
106 0
107 }, {
108 TCA_PEDIT_KEY_EX_HDR_TYPE_IP6,
109 7,
110 offsetof(struct tc_flower_key, ipv6.rewrite_hlimit),
111 MEMBER_SIZEOF(struct tc_flower_key, ipv6.rewrite_hlimit),
112 0
113 }, {
114 TCA_PEDIT_KEY_EX_HDR_TYPE_IP6,
115 8,
116 offsetof(struct tc_flower_key, ipv6.ipv6_src),
117 MEMBER_SIZEOF(struct tc_flower_key, ipv6.ipv6_src),
118 0
119 }, {
120 TCA_PEDIT_KEY_EX_HDR_TYPE_IP6,
121 24,
122 offsetof(struct tc_flower_key, ipv6.ipv6_dst),
123 MEMBER_SIZEOF(struct tc_flower_key, ipv6.ipv6_dst),
124 0
125 }, {
126 TCA_PEDIT_KEY_EX_HDR_TYPE_IP6,
127 0,
128 offsetof(struct tc_flower_key, ipv6.rewrite_tclass),
129 MEMBER_SIZEOF(struct tc_flower_key, ipv6.rewrite_tclass),
130 4
131 }, {
132 TCA_PEDIT_KEY_EX_HDR_TYPE_ETH,
133 6,
134 offsetof(struct tc_flower_key, src_mac),
135 MEMBER_SIZEOF(struct tc_flower_key, src_mac),
136 0
137 }, {
138 TCA_PEDIT_KEY_EX_HDR_TYPE_ETH,
139 0,
140 offsetof(struct tc_flower_key, dst_mac),
141 MEMBER_SIZEOF(struct tc_flower_key, dst_mac),
142 0
143 }, {
144 TCA_PEDIT_KEY_EX_HDR_TYPE_ETH,
145 12,
146 offsetof(struct tc_flower_key, eth_type),
147 MEMBER_SIZEOF(struct tc_flower_key, eth_type),
148 0
149 }, {
150 TCA_PEDIT_KEY_EX_HDR_TYPE_TCP,
151 0,
152 offsetof(struct tc_flower_key, tcp_src),
153 MEMBER_SIZEOF(struct tc_flower_key, tcp_src),
154 0
155 }, {
156 TCA_PEDIT_KEY_EX_HDR_TYPE_TCP,
157 2,
158 offsetof(struct tc_flower_key, tcp_dst),
159 MEMBER_SIZEOF(struct tc_flower_key, tcp_dst),
160 0
161 }, {
162 TCA_PEDIT_KEY_EX_HDR_TYPE_UDP,
163 0,
164 offsetof(struct tc_flower_key, udp_src),
165 MEMBER_SIZEOF(struct tc_flower_key, udp_src),
166 0
167 }, {
168 TCA_PEDIT_KEY_EX_HDR_TYPE_UDP,
169 2,
170 offsetof(struct tc_flower_key, udp_dst),
171 MEMBER_SIZEOF(struct tc_flower_key, udp_dst),
172 0
173 },
174 };
175
176 static inline int
177 csum_update_flag(struct tc_flower *flower,
178 enum pedit_header_type htype);
179
180 struct tcmsg *
181 tc_make_request(int ifindex, int type, unsigned int flags,
182 struct ofpbuf *request)
183 {
184 struct tcmsg *tcmsg;
185
186 ofpbuf_init(request, 512);
187 nl_msg_put_nlmsghdr(request, sizeof *tcmsg, type, NLM_F_REQUEST | flags);
188 tcmsg = ofpbuf_put_zeros(request, sizeof *tcmsg);
189 tcmsg->tcm_family = AF_UNSPEC;
190 tcmsg->tcm_ifindex = ifindex;
191 /* Caller should fill in tcmsg->tcm_handle. */
192 /* Caller should fill in tcmsg->tcm_parent. */
193
194 return tcmsg;
195 }
196
197 int
198 tc_transact(struct ofpbuf *request, struct ofpbuf **replyp)
199 {
200 int error = nl_transact(NETLINK_ROUTE, request, replyp);
201 ofpbuf_uninit(request);
202 return error;
203 }
204
205 /* Adds or deletes a root qdisc on device with specified ifindex.
206 *
207 * The tc_qdisc_hook parameter determines if the qdisc is added on device
208 * ingress or egress.
209 *
210 * If tc_qdisc_hook is TC_INGRESS, this function is equivalent to running the
211 * following when 'add' is true:
212 * /sbin/tc qdisc add dev <devname> handle ffff: ingress
213 *
214 * This function is equivalent to running the following when 'add' is false:
215 * /sbin/tc qdisc del dev <devname> handle ffff: ingress
216 *
217 * If tc_qdisc_hook is TC_EGRESS, this function is equivalent to:
218 * /sbin/tc qdisc (add|del) dev <devname> handle ffff: clsact
219 *
220 * Where dev <devname> is the device with specified ifindex name.
221 *
222 * The configuration and stats may be seen with the following command:
223 * /sbin/tc -s qdisc show dev <devname>
224 *
225 * If block_id is greater than 0, then the ingress qdisc is added to a block.
226 * In this case, it is equivalent to running (when 'add' is true):
227 * /sbin/tc qdisc add dev <devname> ingress_block <block_id> ingress
228 *
229 * Returns 0 if successful, otherwise a positive errno value.
230 */
231 int
232 tc_add_del_qdisc(int ifindex, bool add, uint32_t block_id,
233 enum tc_qdisc_hook hook)
234 {
235 struct ofpbuf request;
236 struct tcmsg *tcmsg;
237 int error;
238 int type = add ? RTM_NEWQDISC : RTM_DELQDISC;
239 int flags = add ? NLM_F_EXCL | NLM_F_CREATE : 0;
240
241 tcmsg = tc_make_request(ifindex, type, flags, &request);
242
243 if (hook == TC_EGRESS) {
244 tcmsg->tcm_handle = TC_H_MAKE(TC_H_CLSACT, 0);
245 tcmsg->tcm_parent = TC_H_CLSACT;
246 nl_msg_put_string(&request, TCA_KIND, "clsact");
247 } else {
248 tcmsg->tcm_handle = TC_H_MAKE(TC_H_INGRESS, 0);
249 tcmsg->tcm_parent = TC_H_INGRESS;
250 nl_msg_put_string(&request, TCA_KIND, "ingress");
251 }
252
253 nl_msg_put_unspec(&request, TCA_OPTIONS, NULL, 0);
254 if (hook == TC_INGRESS && block_id) {
255 nl_msg_put_u32(&request, TCA_INGRESS_BLOCK, block_id);
256 }
257
258 error = tc_transact(&request, NULL);
259 if (error) {
260 /* If we're deleting the qdisc, don't worry about some of the
261 * error conditions. */
262 if (!add && (error == ENOENT || error == EINVAL)) {
263 return 0;
264 }
265 return error;
266 }
267
268 return 0;
269 }
270
271 static const struct nl_policy tca_policy[] = {
272 [TCA_KIND] = { .type = NL_A_STRING, .optional = false, },
273 [TCA_OPTIONS] = { .type = NL_A_NESTED, .optional = false, },
274 [TCA_STATS] = { .type = NL_A_UNSPEC,
275 .min_len = sizeof(struct tc_stats), .optional = true, },
276 [TCA_STATS2] = { .type = NL_A_NESTED, .optional = true, },
277 };
278
279 static const struct nl_policy tca_flower_policy[] = {
280 [TCA_FLOWER_CLASSID] = { .type = NL_A_U32, .optional = true, },
281 [TCA_FLOWER_INDEV] = { .type = NL_A_STRING, .max_len = IFNAMSIZ,
282 .optional = true, },
283 [TCA_FLOWER_KEY_ETH_SRC] = { .type = NL_A_UNSPEC,
284 .min_len = ETH_ALEN, .optional = true, },
285 [TCA_FLOWER_KEY_ETH_DST] = { .type = NL_A_UNSPEC,
286 .min_len = ETH_ALEN, .optional = true, },
287 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .type = NL_A_UNSPEC,
288 .min_len = ETH_ALEN,
289 .optional = true, },
290 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .type = NL_A_UNSPEC,
291 .min_len = ETH_ALEN,
292 .optional = true, },
293 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NL_A_U16, .optional = false, },
294 [TCA_FLOWER_FLAGS] = { .type = NL_A_U32, .optional = false, },
295 [TCA_FLOWER_ACT] = { .type = NL_A_NESTED, .optional = false, },
296 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NL_A_U8, .optional = true, },
297 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NL_A_U32, .optional = true, },
298 [TCA_FLOWER_KEY_IPV4_DST] = {.type = NL_A_U32, .optional = true, },
299 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NL_A_U32, .optional = true, },
300 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NL_A_U32, .optional = true, },
301 [TCA_FLOWER_KEY_IPV6_SRC] = { .type = NL_A_UNSPEC,
302 .min_len = sizeof(struct in6_addr),
303 .optional = true, },
304 [TCA_FLOWER_KEY_IPV6_DST] = { .type = NL_A_UNSPEC,
305 .min_len = sizeof(struct in6_addr),
306 .optional = true, },
307 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .type = NL_A_UNSPEC,
308 .min_len = sizeof(struct in6_addr),
309 .optional = true, },
310 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .type = NL_A_UNSPEC,
311 .min_len = sizeof(struct in6_addr),
312 .optional = true, },
313 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NL_A_U16, .optional = true, },
314 [TCA_FLOWER_KEY_TCP_DST] = { .type = NL_A_U16, .optional = true, },
315 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NL_A_U16, .optional = true, },
316 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NL_A_U16, .optional = true, },
317 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NL_A_U16, .optional = true, },
318 [TCA_FLOWER_KEY_UDP_DST] = { .type = NL_A_U16, .optional = true, },
319 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NL_A_U16, .optional = true, },
320 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NL_A_U16, .optional = true, },
321 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NL_A_U16, .optional = true, },
322 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NL_A_U16, .optional = true, },
323 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NL_A_U16, .optional = true, },
324 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NL_A_U16, .optional = true, },
325 [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NL_A_U8, .optional = true, },
326 [TCA_FLOWER_KEY_MPLS_TC] = { .type = NL_A_U8, .optional = true, },
327 [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NL_A_U8, .optional = true, },
328 [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NL_A_U32, .optional = true, },
329 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NL_A_U16, .optional = true, },
330 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NL_A_U8, .optional = true, },
331 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NL_A_U16, .optional = true, },
332 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NL_A_U32, .optional = true, },
333 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NL_A_U32, .optional = true, },
334 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NL_A_U32, .optional = true, },
335 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NL_A_U32,
336 .optional = true, },
337 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NL_A_U32,
338 .optional = true, },
339 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .type = NL_A_UNSPEC,
340 .min_len = sizeof(struct in6_addr),
341 .optional = true, },
342 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .type = NL_A_UNSPEC,
343 .min_len = sizeof(struct in6_addr),
344 .optional = true, },
345 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .type = NL_A_UNSPEC,
346 .min_len = sizeof(struct in6_addr),
347 .optional = true, },
348 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .type = NL_A_UNSPEC,
349 .min_len = sizeof(struct in6_addr),
350 .optional = true, },
351 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NL_A_U16,
352 .optional = true, },
353 [TCA_FLOWER_KEY_FLAGS] = { .type = NL_A_BE32, .optional = true, },
354 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NL_A_BE32, .optional = true, },
355 [TCA_FLOWER_KEY_IP_TTL] = { .type = NL_A_U8,
356 .optional = true, },
357 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NL_A_U8,
358 .optional = true, },
359 [TCA_FLOWER_KEY_IP_TOS] = { .type = NL_A_U8,
360 .optional = true, },
361 [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NL_A_U8,
362 .optional = true, },
363 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NL_A_U16,
364 .optional = true, },
365 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NL_A_U16,
366 .optional = true, },
367 [TCA_FLOWER_KEY_CVLAN_ID] = { .type = NL_A_U16, .optional = true, },
368 [TCA_FLOWER_KEY_CVLAN_PRIO] = { .type = NL_A_U8, .optional = true, },
369 [TCA_FLOWER_KEY_CVLAN_ETH_TYPE] = { .type = NL_A_U16, .optional = true, },
370 [TCA_FLOWER_KEY_ENC_IP_TOS] = { .type = NL_A_U8,
371 .optional = true, },
372 [TCA_FLOWER_KEY_ENC_IP_TOS_MASK] = { .type = NL_A_U8,
373 .optional = true, },
374 [TCA_FLOWER_KEY_ENC_IP_TTL] = { .type = NL_A_U8,
375 .optional = true, },
376 [TCA_FLOWER_KEY_ENC_IP_TTL_MASK] = { .type = NL_A_U8,
377 .optional = true, },
378 [TCA_FLOWER_KEY_ENC_OPTS] = { .type = NL_A_NESTED, .optional = true, },
379 [TCA_FLOWER_KEY_ENC_OPTS_MASK] = { .type = NL_A_NESTED,
380 .optional = true, },
381 };
382
383 static void
384 nl_parse_flower_eth(struct nlattr **attrs, struct tc_flower *flower)
385 {
386 const struct eth_addr *eth;
387
388 if (attrs[TCA_FLOWER_KEY_ETH_SRC_MASK]) {
389 eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_SRC], ETH_ALEN);
390 memcpy(&flower->key.src_mac, eth, sizeof flower->key.src_mac);
391
392 eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_SRC_MASK], ETH_ALEN);
393 memcpy(&flower->mask.src_mac, eth, sizeof flower->mask.src_mac);
394 }
395 if (attrs[TCA_FLOWER_KEY_ETH_DST_MASK]) {
396 eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_DST], ETH_ALEN);
397 memcpy(&flower->key.dst_mac, eth, sizeof flower->key.dst_mac);
398
399 eth = nl_attr_get_unspec(attrs[TCA_FLOWER_KEY_ETH_DST_MASK], ETH_ALEN);
400 memcpy(&flower->mask.dst_mac, eth, sizeof flower->mask.dst_mac);
401 }
402 }
403
404 static void
405 nl_parse_flower_mpls(struct nlattr **attrs, struct tc_flower *flower)
406 {
407 uint8_t ttl, tc, bos;
408 uint32_t label;
409
410 if (!eth_type_mpls(flower->key.eth_type)) {
411 return;
412 }
413
414 flower->key.encap_eth_type[0] =
415 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_ETH_TYPE]);
416 flower->key.mpls_lse = 0;
417 flower->mask.mpls_lse = 0;
418
419 if (attrs[TCA_FLOWER_KEY_MPLS_TTL]) {
420 ttl = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_MPLS_TTL]);
421 set_mpls_lse_ttl(&flower->key.mpls_lse, ttl);
422 set_mpls_lse_ttl(&flower->mask.mpls_lse, 0xff);
423 }
424
425 if (attrs[TCA_FLOWER_KEY_MPLS_BOS]) {
426 bos = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_MPLS_BOS]);
427 set_mpls_lse_bos(&flower->key.mpls_lse, bos);
428 set_mpls_lse_ttl(&flower->mask.mpls_lse, 0xff);
429 }
430
431 if (attrs[TCA_FLOWER_KEY_MPLS_TC]) {
432 tc = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_MPLS_TC]);
433 set_mpls_lse_tc(&flower->key.mpls_lse, tc);
434 set_mpls_lse_tc(&flower->mask.mpls_lse, 0xff);
435 }
436
437 if (attrs[TCA_FLOWER_KEY_MPLS_LABEL]) {
438 label = nl_attr_get_u32(attrs[TCA_FLOWER_KEY_MPLS_LABEL]);
439 set_mpls_lse_label(&flower->key.mpls_lse, htonl(label));
440 set_mpls_lse_label(&flower->mask.mpls_lse, OVS_BE32_MAX);
441 }
442 }
443
444 static void
445 nl_parse_flower_vlan(struct nlattr **attrs, struct tc_flower *flower)
446 {
447 ovs_be16 encap_ethtype;
448
449 if (!eth_type_vlan(flower->key.eth_type)) {
450 return;
451 }
452
453 flower->key.encap_eth_type[0] =
454 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_ETH_TYPE]);
455
456 if (attrs[TCA_FLOWER_KEY_VLAN_ID]) {
457 flower->key.vlan_id[0] =
458 nl_attr_get_u16(attrs[TCA_FLOWER_KEY_VLAN_ID]);
459 flower->mask.vlan_id[0] = 0xffff;
460 }
461 if (attrs[TCA_FLOWER_KEY_VLAN_PRIO]) {
462 flower->key.vlan_prio[0] =
463 nl_attr_get_u8(attrs[TCA_FLOWER_KEY_VLAN_PRIO]);
464 flower->mask.vlan_prio[0] = 0xff;
465 }
466
467 if (!attrs[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
468 return;
469 }
470
471 encap_ethtype = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_VLAN_ETH_TYPE]);
472 if (!eth_type_vlan(encap_ethtype)) {
473 return;
474 }
475
476 flower->key.encap_eth_type[1] = flower->key.encap_eth_type[0];
477 flower->key.encap_eth_type[0] = encap_ethtype;
478
479 if (attrs[TCA_FLOWER_KEY_CVLAN_ID]) {
480 flower->key.vlan_id[1] =
481 nl_attr_get_u16(attrs[TCA_FLOWER_KEY_CVLAN_ID]);
482 flower->mask.vlan_id[1] = 0xffff;
483 }
484 if (attrs[TCA_FLOWER_KEY_CVLAN_PRIO]) {
485 flower->key.vlan_prio[1] =
486 nl_attr_get_u8(attrs[TCA_FLOWER_KEY_CVLAN_PRIO]);
487 flower->mask.vlan_prio[1] = 0xff;
488 }
489 }
490
491 static int
492 nl_parse_geneve_key(const struct nlattr *in_nlattr,
493 struct tun_metadata *metadata)
494 {
495 struct geneve_opt *opt = NULL;
496 const struct ofpbuf *msg;
497 uint16_t last_opt_type;
498 struct nlattr *nla;
499 struct ofpbuf buf;
500 size_t left;
501 int cnt;
502
503 nl_attr_get_nested(in_nlattr, &buf);
504 msg = &buf;
505
506 last_opt_type = TCA_FLOWER_KEY_ENC_OPT_GENEVE_UNSPEC;
507 cnt = 0;
508 NL_ATTR_FOR_EACH (nla, left, ofpbuf_at(msg, 0, 0), msg->size) {
509 uint16_t type = nl_attr_type(nla);
510
511 switch (type) {
512 case TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS:
513 if (cnt && last_opt_type != TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA) {
514 VLOG_ERR_RL(&error_rl, "failed to parse tun options class");
515 return EINVAL;
516 }
517
518 opt = &metadata->opts.gnv[cnt];
519 opt->opt_class = nl_attr_get_be16(nla);
520 cnt += sizeof(struct geneve_opt) / 4;
521 metadata->present.len += sizeof(struct geneve_opt);
522 last_opt_type = TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS;
523 break;
524 case TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE:
525 if (last_opt_type != TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS) {
526 VLOG_ERR_RL(&error_rl, "failed to parse tun options type");
527 return EINVAL;
528 }
529
530 opt->type = nl_attr_get_u8(nla);
531 last_opt_type = TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE;
532 break;
533 case TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA:
534 if (last_opt_type != TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE) {
535 VLOG_ERR_RL(&error_rl, "failed to parse tun options data");
536 return EINVAL;
537 }
538
539 opt->length = nl_attr_get_size(nla) / 4;
540 memcpy(opt + 1, nl_attr_get_unspec(nla, 1), opt->length * 4);
541 cnt += opt->length;
542 metadata->present.len += opt->length * 4;
543 last_opt_type = TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA;
544 break;
545 }
546 }
547
548 if (last_opt_type != TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA) {
549 VLOG_ERR_RL(&error_rl, "failed to parse tun options without data");
550 return EINVAL;
551 }
552
553 return 0;
554 }
555
556 static int
557 nl_parse_flower_tunnel_opts(struct nlattr *options,
558 struct tun_metadata *metadata)
559 {
560 const struct ofpbuf *msg;
561 struct nlattr *nla;
562 struct ofpbuf buf;
563 size_t left;
564 int err;
565
566 nl_attr_get_nested(options, &buf);
567 msg = &buf;
568
569 NL_ATTR_FOR_EACH (nla, left, ofpbuf_at(msg, 0, 0), msg->size) {
570 uint16_t type = nl_attr_type(nla);
571 switch (type) {
572 case TCA_FLOWER_KEY_ENC_OPTS_GENEVE:
573 err = nl_parse_geneve_key(nla, metadata);
574 if (err) {
575 return err;
576 }
577
578 break;
579 }
580 }
581
582 return 0;
583 }
584
585 static int
586 flower_tun_geneve_opt_check_len(struct tun_metadata *key,
587 struct tun_metadata *mask)
588 {
589 const struct geneve_opt *opt, *opt_mask;
590 int len, cnt = 0;
591
592 len = key->present.len;
593 while (len) {
594 opt = &key->opts.gnv[cnt];
595 opt_mask = &mask->opts.gnv[cnt];
596
597 if (opt->length != opt_mask->length) {
598 VLOG_ERR_RL(&error_rl,
599 "failed to parse tun options; key/mask length differ");
600 return EINVAL;
601 }
602
603 cnt += sizeof(struct geneve_opt) / 4 + opt->length;
604 len -= sizeof(struct geneve_opt) + opt->length * 4;
605 }
606
607 return 0;
608 }
609
610 static int
611 nl_parse_flower_tunnel(struct nlattr **attrs, struct tc_flower *flower)
612 {
613 int err;
614
615 if (attrs[TCA_FLOWER_KEY_ENC_KEY_ID]) {
616 ovs_be32 id = nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_KEY_ID]);
617
618 flower->key.tunnel.id = be32_to_be64(id);
619 flower->mask.tunnel.id = OVS_BE64_MAX;
620 }
621 if (attrs[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK]) {
622 flower->key.tunnel.ipv4.ipv4_src =
623 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_IPV4_SRC]);
624 }
625 if (attrs[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK]) {
626 flower->key.tunnel.ipv4.ipv4_dst =
627 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_IPV4_DST]);
628 }
629 if (attrs[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK]) {
630 flower->key.tunnel.ipv6.ipv6_src =
631 nl_attr_get_in6_addr(attrs[TCA_FLOWER_KEY_ENC_IPV6_SRC]);
632 }
633 if (attrs[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK]) {
634 flower->key.tunnel.ipv6.ipv6_dst =
635 nl_attr_get_in6_addr(attrs[TCA_FLOWER_KEY_ENC_IPV6_DST]);
636 }
637 if (attrs[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]) {
638 flower->key.tunnel.tp_dst =
639 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]);
640 }
641 if (attrs[TCA_FLOWER_KEY_ENC_IP_TOS_MASK]) {
642 flower->key.tunnel.tos =
643 nl_attr_get_u8(attrs[TCA_FLOWER_KEY_ENC_IP_TOS]);
644 flower->mask.tunnel.tos =
645 nl_attr_get_u8(attrs[TCA_FLOWER_KEY_ENC_IP_TOS_MASK]);
646 }
647 if (attrs[TCA_FLOWER_KEY_ENC_IP_TTL_MASK]) {
648 flower->key.tunnel.ttl =
649 nl_attr_get_u8(attrs[TCA_FLOWER_KEY_ENC_IP_TTL]);
650 flower->mask.tunnel.ttl =
651 nl_attr_get_u8(attrs[TCA_FLOWER_KEY_ENC_IP_TTL_MASK]);
652 }
653 if (attrs[TCA_FLOWER_KEY_ENC_OPTS] &&
654 attrs[TCA_FLOWER_KEY_ENC_OPTS_MASK]) {
655 err = nl_parse_flower_tunnel_opts(attrs[TCA_FLOWER_KEY_ENC_OPTS],
656 &flower->key.tunnel.metadata);
657 if (err) {
658 return err;
659 }
660
661 err = nl_parse_flower_tunnel_opts(attrs[TCA_FLOWER_KEY_ENC_OPTS_MASK],
662 &flower->mask.tunnel.metadata);
663 if (err) {
664 return err;
665 }
666
667 err = flower_tun_geneve_opt_check_len(&flower->key.tunnel.metadata,
668 &flower->mask.tunnel.metadata);
669 if (err) {
670 return err;
671 }
672 } else if (attrs[TCA_FLOWER_KEY_ENC_OPTS]) {
673 VLOG_ERR_RL(&error_rl,
674 "failed to parse tun options; no mask supplied");
675 return EINVAL;
676 } else if (attrs[TCA_FLOWER_KEY_ENC_OPTS_MASK]) {
677 VLOG_ERR_RL(&error_rl, "failed to parse tun options; no key supplied");
678 return EINVAL;
679 }
680
681 return 0;
682 }
683
684 static void
685 nl_parse_flower_ip(struct nlattr **attrs, struct tc_flower *flower) {
686 uint8_t ip_proto = 0;
687 struct tc_flower_key *key = &flower->key;
688 struct tc_flower_key *mask = &flower->mask;
689
690 if (attrs[TCA_FLOWER_KEY_IP_PROTO]) {
691 ip_proto = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_PROTO]);
692 key->ip_proto = ip_proto;
693 mask->ip_proto = UINT8_MAX;
694 }
695
696 if (attrs[TCA_FLOWER_KEY_FLAGS_MASK]) {
697 key->flags = ntohl(nl_attr_get_be32(attrs[TCA_FLOWER_KEY_FLAGS]));
698 mask->flags =
699 ntohl(nl_attr_get_be32(attrs[TCA_FLOWER_KEY_FLAGS_MASK]));
700 }
701
702 if (attrs[TCA_FLOWER_KEY_IPV4_SRC_MASK]) {
703 key->ipv4.ipv4_src =
704 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_SRC]);
705 mask->ipv4.ipv4_src =
706 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_SRC_MASK]);
707 }
708 if (attrs[TCA_FLOWER_KEY_IPV4_DST_MASK]) {
709 key->ipv4.ipv4_dst =
710 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_DST]);
711 mask->ipv4.ipv4_dst =
712 nl_attr_get_be32(attrs[TCA_FLOWER_KEY_IPV4_DST_MASK]);
713 }
714 if (attrs[TCA_FLOWER_KEY_IPV6_SRC_MASK]) {
715 struct nlattr *attr = attrs[TCA_FLOWER_KEY_IPV6_SRC];
716 struct nlattr *attr_mask = attrs[TCA_FLOWER_KEY_IPV6_SRC_MASK];
717
718 key->ipv6.ipv6_src = nl_attr_get_in6_addr(attr);
719 mask->ipv6.ipv6_src = nl_attr_get_in6_addr(attr_mask);
720 }
721 if (attrs[TCA_FLOWER_KEY_IPV6_DST_MASK]) {
722 struct nlattr *attr = attrs[TCA_FLOWER_KEY_IPV6_DST];
723 struct nlattr *attr_mask = attrs[TCA_FLOWER_KEY_IPV6_DST_MASK];
724
725 key->ipv6.ipv6_dst = nl_attr_get_in6_addr(attr);
726 mask->ipv6.ipv6_dst = nl_attr_get_in6_addr(attr_mask);
727 }
728
729 if (ip_proto == IPPROTO_TCP) {
730 if (attrs[TCA_FLOWER_KEY_TCP_SRC_MASK]) {
731 key->tcp_src =
732 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_SRC]);
733 mask->tcp_src =
734 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_SRC_MASK]);
735 }
736 if (attrs[TCA_FLOWER_KEY_TCP_DST_MASK]) {
737 key->tcp_dst =
738 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_DST]);
739 mask->tcp_dst =
740 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_DST_MASK]);
741 }
742 if (attrs[TCA_FLOWER_KEY_TCP_FLAGS_MASK]) {
743 key->tcp_flags =
744 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_FLAGS]);
745 mask->tcp_flags =
746 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_TCP_FLAGS_MASK]);
747 }
748 } else if (ip_proto == IPPROTO_UDP) {
749 if (attrs[TCA_FLOWER_KEY_UDP_SRC_MASK]) {
750 key->udp_src = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_SRC]);
751 mask->udp_src =
752 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_SRC_MASK]);
753 }
754 if (attrs[TCA_FLOWER_KEY_UDP_DST_MASK]) {
755 key->udp_dst = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_DST]);
756 mask->udp_dst =
757 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_UDP_DST_MASK]);
758 }
759 } else if (ip_proto == IPPROTO_SCTP) {
760 if (attrs[TCA_FLOWER_KEY_SCTP_SRC_MASK]) {
761 key->sctp_src = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_SRC]);
762 mask->sctp_src =
763 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_SRC_MASK]);
764 }
765 if (attrs[TCA_FLOWER_KEY_SCTP_DST_MASK]) {
766 key->sctp_dst = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_DST]);
767 mask->sctp_dst =
768 nl_attr_get_be16(attrs[TCA_FLOWER_KEY_SCTP_DST_MASK]);
769 }
770 }
771
772 if (attrs[TCA_FLOWER_KEY_IP_TTL_MASK]) {
773 key->ip_ttl = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_TTL]);
774 mask->ip_ttl = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_TTL_MASK]);
775 }
776
777 if (attrs[TCA_FLOWER_KEY_IP_TOS_MASK]) {
778 key->ip_tos = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_TOS]);
779 mask->ip_tos = nl_attr_get_u8(attrs[TCA_FLOWER_KEY_IP_TOS_MASK]);
780 }
781 }
782
783 static enum tc_offloaded_state
784 nl_get_flower_offloaded_state(struct nlattr **attrs)
785 {
786 uint32_t flower_flags = 0;
787
788 if (attrs[TCA_FLOWER_FLAGS]) {
789 flower_flags = nl_attr_get_u32(attrs[TCA_FLOWER_FLAGS]);
790 if (flower_flags & TCA_CLS_FLAGS_NOT_IN_HW) {
791 return TC_OFFLOADED_STATE_NOT_IN_HW;
792 } else if (flower_flags & TCA_CLS_FLAGS_IN_HW) {
793 return TC_OFFLOADED_STATE_IN_HW;
794 }
795 }
796 return TC_OFFLOADED_STATE_UNDEFINED;
797 }
798
799 static void
800 nl_parse_flower_flags(struct nlattr **attrs, struct tc_flower *flower)
801 {
802 flower->offloaded_state = nl_get_flower_offloaded_state(attrs);
803 }
804
805 static const struct nl_policy pedit_policy[] = {
806 [TCA_PEDIT_PARMS_EX] = { .type = NL_A_UNSPEC,
807 .min_len = sizeof(struct tc_pedit),
808 .optional = false, },
809 [TCA_PEDIT_KEYS_EX] = { .type = NL_A_NESTED,
810 .optional = false, },
811 };
812
813 static int
814 nl_parse_act_pedit(struct nlattr *options, struct tc_flower *flower)
815 {
816 struct tc_action *action;
817 struct nlattr *pe_attrs[ARRAY_SIZE(pedit_policy)];
818 const struct tc_pedit *pe;
819 const struct tc_pedit_key *keys;
820 const struct nlattr *nla, *keys_ex, *ex_type;
821 const void *keys_attr;
822 char *rewrite_key = (void *) &flower->rewrite.key;
823 char *rewrite_mask = (void *) &flower->rewrite.mask;
824 size_t keys_ex_size, left;
825 int type, i = 0, err;
826
827 if (!nl_parse_nested(options, pedit_policy, pe_attrs,
828 ARRAY_SIZE(pedit_policy))) {
829 VLOG_ERR_RL(&error_rl, "failed to parse pedit action options");
830 return EPROTO;
831 }
832
833 pe = nl_attr_get_unspec(pe_attrs[TCA_PEDIT_PARMS_EX], sizeof *pe);
834 keys = pe->keys;
835 keys_attr = pe_attrs[TCA_PEDIT_KEYS_EX];
836 keys_ex = nl_attr_get(keys_attr);
837 keys_ex_size = nl_attr_get_size(keys_attr);
838
839 NL_ATTR_FOR_EACH (nla, left, keys_ex, keys_ex_size) {
840 if (i >= pe->nkeys) {
841 break;
842 }
843
844 if (nl_attr_type(nla) != TCA_PEDIT_KEY_EX) {
845 VLOG_ERR_RL(&error_rl, "unable to parse legacy pedit type: %d",
846 nl_attr_type(nla));
847 return EOPNOTSUPP;
848 }
849
850 ex_type = nl_attr_find_nested(nla, TCA_PEDIT_KEY_EX_HTYPE);
851 type = nl_attr_get_u16(ex_type);
852
853 err = csum_update_flag(flower, type);
854 if (err) {
855 return err;
856 }
857
858 for (int j = 0; j < ARRAY_SIZE(flower_pedit_map); j++) {
859 struct flower_key_to_pedit *m = &flower_pedit_map[j];
860 int flower_off = m->flower_offset;
861 int sz = m->size;
862 int mf = m->offset;
863
864 if (m->htype != type) {
865 continue;
866 }
867
868 /* check overlap between current pedit key, which is always
869 * 4 bytes (range [off, off + 3]), and a map entry in
870 * flower_pedit_map (range [mf, mf + sz - 1]) */
871 if ((keys->off >= mf && keys->off < mf + sz)
872 || (keys->off + 3 >= mf && keys->off + 3 < mf + sz)) {
873 int diff = flower_off + (keys->off - mf);
874 ovs_be32 *dst = (void *) (rewrite_key + diff);
875 ovs_be32 *dst_m = (void *) (rewrite_mask + diff);
876 ovs_be32 mask, mask_word, data_word;
877 uint32_t zero_bits;
878
879 mask_word = htonl(ntohl(keys->mask) << m->boundary_shift);
880 data_word = htonl(ntohl(keys->val) << m->boundary_shift);
881 mask = ~(mask_word);
882
883 if (keys->off < mf) {
884 zero_bits = 8 * (mf - keys->off);
885 mask &= htonl(UINT32_MAX >> zero_bits);
886 } else if (keys->off + 4 > mf + m->size) {
887 zero_bits = 8 * (keys->off + 4 - mf - m->size);
888 mask &= htonl(UINT32_MAX << zero_bits);
889 }
890
891 *dst_m |= mask;
892 *dst |= data_word & mask;
893 }
894 }
895
896 keys++;
897 i++;
898 }
899
900 action = &flower->actions[flower->action_count++];
901 action->type = TC_ACT_PEDIT;
902
903 return 0;
904 }
905
906 static const struct nl_policy tunnel_key_policy[] = {
907 [TCA_TUNNEL_KEY_PARMS] = { .type = NL_A_UNSPEC,
908 .min_len = sizeof(struct tc_tunnel_key),
909 .optional = false, },
910 [TCA_TUNNEL_KEY_ENC_IPV4_SRC] = { .type = NL_A_U32, .optional = true, },
911 [TCA_TUNNEL_KEY_ENC_IPV4_DST] = { .type = NL_A_U32, .optional = true, },
912 [TCA_TUNNEL_KEY_ENC_IPV6_SRC] = { .type = NL_A_UNSPEC,
913 .min_len = sizeof(struct in6_addr),
914 .optional = true, },
915 [TCA_TUNNEL_KEY_ENC_IPV6_DST] = { .type = NL_A_UNSPEC,
916 .min_len = sizeof(struct in6_addr),
917 .optional = true, },
918 [TCA_TUNNEL_KEY_ENC_KEY_ID] = { .type = NL_A_U32, .optional = true, },
919 [TCA_TUNNEL_KEY_ENC_DST_PORT] = { .type = NL_A_U16, .optional = true, },
920 [TCA_TUNNEL_KEY_ENC_TOS] = { .type = NL_A_U8, .optional = true, },
921 [TCA_TUNNEL_KEY_ENC_TTL] = { .type = NL_A_U8, .optional = true, },
922 [TCA_TUNNEL_KEY_ENC_OPTS] = { .type = NL_A_NESTED, .optional = true, },
923 [TCA_TUNNEL_KEY_NO_CSUM] = { .type = NL_A_U8, .optional = true, },
924 };
925
926 static int
927 nl_parse_act_geneve_opts(const struct nlattr *in_nlattr,
928 struct tc_action *action)
929 {
930 struct geneve_opt *opt = NULL;
931 const struct ofpbuf *msg;
932 uint16_t last_opt_type;
933 struct nlattr *nla;
934 struct ofpbuf buf;
935 size_t left;
936 int cnt;
937
938 nl_attr_get_nested(in_nlattr, &buf);
939 msg = &buf;
940
941 last_opt_type = TCA_TUNNEL_KEY_ENC_OPT_GENEVE_UNSPEC;
942 cnt = 0;
943 NL_ATTR_FOR_EACH (nla, left, ofpbuf_at(msg, 0, 0), msg->size) {
944 uint16_t type = nl_attr_type(nla);
945
946 switch (type) {
947 case TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS:
948 if (cnt && last_opt_type != TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA) {
949 VLOG_ERR_RL(&error_rl,
950 "failed to parse action geneve options class");
951 return EINVAL;
952 }
953
954 opt = &action->encap.data.opts.gnv[cnt];
955 opt->opt_class = nl_attr_get_be16(nla);
956 cnt += sizeof(struct geneve_opt) / 4;
957 action->encap.data.present.len += sizeof(struct geneve_opt);
958 last_opt_type = TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS;
959 break;
960 case TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE:
961 if (last_opt_type != TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS) {
962 VLOG_ERR_RL(&error_rl,
963 "failed to parse action geneve options type");
964 return EINVAL;
965 }
966
967 opt->type = nl_attr_get_u8(nla);
968 last_opt_type = TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE;
969 break;
970 case TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA:
971 if (last_opt_type != TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE) {
972 VLOG_ERR_RL(&error_rl,
973 "failed to parse action geneve options data");
974 return EINVAL;
975 }
976
977 opt->length = nl_attr_get_size(nla) / 4;
978 memcpy(opt + 1, nl_attr_get_unspec(nla, 1), opt->length * 4);
979 cnt += opt->length;
980 action->encap.data.present.len += opt->length * 4;
981 last_opt_type = TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA;
982 break;
983 }
984 }
985
986 if (last_opt_type != TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA) {
987 VLOG_ERR_RL(&error_rl,
988 "failed to parse action geneve options without data");
989 return EINVAL;
990 }
991
992 return 0;
993 }
994
995 static int
996 nl_parse_act_tunnel_opts(struct nlattr *options, struct tc_action *action)
997 {
998 const struct ofpbuf *msg;
999 struct nlattr *nla;
1000 struct ofpbuf buf;
1001 size_t left;
1002 int err;
1003
1004 if (!options) {
1005 return 0;
1006 }
1007
1008 nl_attr_get_nested(options, &buf);
1009 msg = &buf;
1010
1011 NL_ATTR_FOR_EACH (nla, left, ofpbuf_at(msg, 0, 0), msg->size) {
1012 uint16_t type = nl_attr_type(nla);
1013 switch (type) {
1014 case TCA_TUNNEL_KEY_ENC_OPTS_GENEVE:
1015 err = nl_parse_act_geneve_opts(nla, action);
1016 if (err) {
1017 return err;
1018 }
1019
1020 break;
1021 }
1022 }
1023
1024 return 0;
1025 }
1026
1027 static int
1028 nl_parse_act_tunnel_key(struct nlattr *options, struct tc_flower *flower)
1029 {
1030 struct nlattr *tun_attrs[ARRAY_SIZE(tunnel_key_policy)];
1031 const struct nlattr *tun_parms;
1032 const struct tc_tunnel_key *tun;
1033 struct tc_action *action;
1034 int err;
1035
1036 if (!nl_parse_nested(options, tunnel_key_policy, tun_attrs,
1037 ARRAY_SIZE(tunnel_key_policy))) {
1038 VLOG_ERR_RL(&error_rl, "failed to parse tunnel_key action options");
1039 return EPROTO;
1040 }
1041
1042 tun_parms = tun_attrs[TCA_TUNNEL_KEY_PARMS];
1043 tun = nl_attr_get_unspec(tun_parms, sizeof *tun);
1044 if (tun->t_action == TCA_TUNNEL_KEY_ACT_SET) {
1045 struct nlattr *id = tun_attrs[TCA_TUNNEL_KEY_ENC_KEY_ID];
1046 struct nlattr *dst_port = tun_attrs[TCA_TUNNEL_KEY_ENC_DST_PORT];
1047 struct nlattr *ipv4_src = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV4_SRC];
1048 struct nlattr *ipv4_dst = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV4_DST];
1049 struct nlattr *ipv6_src = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV6_SRC];
1050 struct nlattr *ipv6_dst = tun_attrs[TCA_TUNNEL_KEY_ENC_IPV6_DST];
1051 struct nlattr *tos = tun_attrs[TCA_TUNNEL_KEY_ENC_TOS];
1052 struct nlattr *ttl = tun_attrs[TCA_TUNNEL_KEY_ENC_TTL];
1053 struct nlattr *tun_opt = tun_attrs[TCA_TUNNEL_KEY_ENC_OPTS];
1054 struct nlattr *no_csum = tun_attrs[TCA_TUNNEL_KEY_NO_CSUM];
1055
1056 action = &flower->actions[flower->action_count++];
1057 action->type = TC_ACT_ENCAP;
1058 action->encap.ipv4.ipv4_src = ipv4_src ? nl_attr_get_be32(ipv4_src) : 0;
1059 action->encap.ipv4.ipv4_dst = ipv4_dst ? nl_attr_get_be32(ipv4_dst) : 0;
1060 if (ipv6_src) {
1061 action->encap.ipv6.ipv6_src = nl_attr_get_in6_addr(ipv6_src);
1062 }
1063 if (ipv6_dst) {
1064 action->encap.ipv6.ipv6_dst = nl_attr_get_in6_addr(ipv6_dst);
1065 }
1066 action->encap.id = id ? be32_to_be64(nl_attr_get_be32(id)) : 0;
1067 action->encap.id_present = id ? true : false;
1068 action->encap.tp_dst = dst_port ? nl_attr_get_be16(dst_port) : 0;
1069 action->encap.tos = tos ? nl_attr_get_u8(tos) : 0;
1070 action->encap.ttl = ttl ? nl_attr_get_u8(ttl) : 0;
1071 action->encap.no_csum = no_csum ? nl_attr_get_u8(no_csum) : 0;
1072
1073 err = nl_parse_act_tunnel_opts(tun_opt, action);
1074 if (err) {
1075 return err;
1076 }
1077 } else if (tun->t_action == TCA_TUNNEL_KEY_ACT_RELEASE) {
1078 flower->tunnel = true;
1079 } else {
1080 VLOG_ERR_RL(&error_rl, "unknown tunnel actions: %d, %d",
1081 tun->action, tun->t_action);
1082 return EINVAL;
1083 }
1084 return 0;
1085 }
1086
1087 static const struct nl_policy gact_policy[] = {
1088 [TCA_GACT_PARMS] = { .type = NL_A_UNSPEC,
1089 .min_len = sizeof(struct tc_gact),
1090 .optional = false, },
1091 [TCA_GACT_TM] = { .type = NL_A_UNSPEC,
1092 .min_len = sizeof(struct tcf_t),
1093 .optional = false, },
1094 };
1095
1096 static int
1097 get_user_hz(void)
1098 {
1099 static struct ovsthread_once once = OVSTHREAD_ONCE_INITIALIZER;
1100 static int user_hz = 100;
1101
1102 if (ovsthread_once_start(&once)) {
1103 user_hz = sysconf(_SC_CLK_TCK);
1104 ovsthread_once_done(&once);
1105 }
1106
1107 return user_hz;
1108 }
1109
1110 static void
1111 nl_parse_tcf(const struct tcf_t *tm, struct tc_flower *flower)
1112 {
1113 flower->lastused = time_msec() - (tm->lastuse * 1000 / get_user_hz());
1114 }
1115
1116 static int
1117 nl_parse_act_drop(struct nlattr *options, struct tc_flower *flower)
1118 {
1119 struct nlattr *gact_attrs[ARRAY_SIZE(gact_policy)];
1120 const struct tc_gact *p;
1121 struct nlattr *gact_parms;
1122 const struct tcf_t *tm;
1123
1124 if (!nl_parse_nested(options, gact_policy, gact_attrs,
1125 ARRAY_SIZE(gact_policy))) {
1126 VLOG_ERR_RL(&error_rl, "failed to parse gact action options");
1127 return EPROTO;
1128 }
1129
1130 gact_parms = gact_attrs[TCA_GACT_PARMS];
1131 p = nl_attr_get_unspec(gact_parms, sizeof *p);
1132
1133 if (p->action != TC_ACT_SHOT) {
1134 VLOG_ERR_RL(&error_rl, "unknown gact action: %d", p->action);
1135 return EINVAL;
1136 }
1137
1138 tm = nl_attr_get_unspec(gact_attrs[TCA_GACT_TM], sizeof *tm);
1139 nl_parse_tcf(tm, flower);
1140
1141 return 0;
1142 }
1143
1144 static const struct nl_policy mirred_policy[] = {
1145 [TCA_MIRRED_PARMS] = { .type = NL_A_UNSPEC,
1146 .min_len = sizeof(struct tc_mirred),
1147 .optional = false, },
1148 [TCA_MIRRED_TM] = { .type = NL_A_UNSPEC,
1149 .min_len = sizeof(struct tcf_t),
1150 .optional = false, },
1151 };
1152
1153 static int
1154 nl_parse_act_mirred(struct nlattr *options, struct tc_flower *flower)
1155 {
1156
1157 struct nlattr *mirred_attrs[ARRAY_SIZE(mirred_policy)];
1158 const struct tc_mirred *m;
1159 const struct nlattr *mirred_parms;
1160 const struct tcf_t *tm;
1161 struct nlattr *mirred_tm;
1162 struct tc_action *action;
1163
1164 if (!nl_parse_nested(options, mirred_policy, mirred_attrs,
1165 ARRAY_SIZE(mirred_policy))) {
1166 VLOG_ERR_RL(&error_rl, "failed to parse mirred action options");
1167 return EPROTO;
1168 }
1169
1170 mirred_parms = mirred_attrs[TCA_MIRRED_PARMS];
1171 m = nl_attr_get_unspec(mirred_parms, sizeof *m);
1172
1173 if (m->eaction != TCA_EGRESS_REDIR && m->eaction != TCA_EGRESS_MIRROR &&
1174 m->eaction != TCA_INGRESS_REDIR && m->eaction != TCA_INGRESS_MIRROR) {
1175 VLOG_ERR_RL(&error_rl, "unknown mirred action: %d, %d, %d",
1176 m->action, m->eaction, m->ifindex);
1177 return EINVAL;
1178 }
1179
1180 action = &flower->actions[flower->action_count++];
1181 action->out.ifindex_out = m->ifindex;
1182 if (m->eaction == TCA_INGRESS_REDIR || m->eaction == TCA_INGRESS_MIRROR) {
1183 action->out.ingress = true;
1184 } else {
1185 action->out.ingress = false;
1186 }
1187 action->type = TC_ACT_OUTPUT;
1188
1189 mirred_tm = mirred_attrs[TCA_MIRRED_TM];
1190 tm = nl_attr_get_unspec(mirred_tm, sizeof *tm);
1191 nl_parse_tcf(tm, flower);
1192
1193 return 0;
1194 }
1195
1196 static const struct nl_policy vlan_policy[] = {
1197 [TCA_VLAN_PARMS] = { .type = NL_A_UNSPEC,
1198 .min_len = sizeof(struct tc_vlan),
1199 .optional = false, },
1200 [TCA_VLAN_PUSH_VLAN_ID] = { .type = NL_A_U16, .optional = true, },
1201 [TCA_VLAN_PUSH_VLAN_PROTOCOL] = { .type = NL_A_U16, .optional = true, },
1202 [TCA_VLAN_PUSH_VLAN_PRIORITY] = { .type = NL_A_U8, .optional = true, },
1203 };
1204
1205 static int
1206 nl_parse_act_vlan(struct nlattr *options, struct tc_flower *flower)
1207 {
1208 struct nlattr *vlan_attrs[ARRAY_SIZE(vlan_policy)];
1209 const struct tc_vlan *v;
1210 const struct nlattr *vlan_parms;
1211 struct tc_action *action;
1212
1213 if (!nl_parse_nested(options, vlan_policy, vlan_attrs,
1214 ARRAY_SIZE(vlan_policy))) {
1215 VLOG_ERR_RL(&error_rl, "failed to parse vlan action options");
1216 return EPROTO;
1217 }
1218
1219 action = &flower->actions[flower->action_count++];
1220 vlan_parms = vlan_attrs[TCA_VLAN_PARMS];
1221 v = nl_attr_get_unspec(vlan_parms, sizeof *v);
1222 if (v->v_action == TCA_VLAN_ACT_PUSH) {
1223 struct nlattr *vlan_tpid = vlan_attrs[TCA_VLAN_PUSH_VLAN_PROTOCOL];
1224 struct nlattr *vlan_id = vlan_attrs[TCA_VLAN_PUSH_VLAN_ID];
1225 struct nlattr *vlan_prio = vlan_attrs[TCA_VLAN_PUSH_VLAN_PRIORITY];
1226
1227 action->vlan.vlan_push_tpid = nl_attr_get_be16(vlan_tpid);
1228 action->vlan.vlan_push_id = nl_attr_get_u16(vlan_id);
1229 action->vlan.vlan_push_prio = vlan_prio ? nl_attr_get_u8(vlan_prio) : 0;
1230 action->type = TC_ACT_VLAN_PUSH;
1231 } else if (v->v_action == TCA_VLAN_ACT_POP) {
1232 action->type = TC_ACT_VLAN_POP;
1233 } else {
1234 VLOG_ERR_RL(&error_rl, "unknown vlan action: %d, %d",
1235 v->action, v->v_action);
1236 return EINVAL;
1237 }
1238 return 0;
1239 }
1240
1241 static const struct nl_policy mpls_policy[] = {
1242 [TCA_MPLS_PARMS] = { .type = NL_A_UNSPEC,
1243 .min_len = sizeof(struct tc_mpls),
1244 .optional = false, },
1245 [TCA_MPLS_PROTO] = { .type = NL_A_U16, .optional = true, },
1246 [TCA_MPLS_LABEL] = { .type = NL_A_U32, .optional = true, },
1247 [TCA_MPLS_TC] = { .type = NL_A_U8, .optional = true, },
1248 [TCA_MPLS_TTL] = { .type = NL_A_U8, .optional = true, },
1249 [TCA_MPLS_BOS] = { .type = NL_A_U8, .optional = true, },
1250 };
1251
1252 static int
1253 nl_parse_act_mpls(struct nlattr *options, struct tc_flower *flower)
1254 {
1255 struct nlattr *mpls_attrs[ARRAY_SIZE(mpls_policy)];
1256 const struct nlattr *mpls_parms;
1257 struct nlattr *mpls_proto;
1258 struct nlattr *mpls_label;
1259 struct tc_action *action;
1260 const struct tc_mpls *m;
1261 struct nlattr *mpls_ttl;
1262 struct nlattr *mpls_bos;
1263 struct nlattr *mpls_tc;
1264
1265 if (!nl_parse_nested(options, mpls_policy, mpls_attrs,
1266 ARRAY_SIZE(mpls_policy))) {
1267 VLOG_ERR_RL(&error_rl, "failed to parse mpls action options");
1268 return EPROTO;
1269 }
1270
1271 action = &flower->actions[flower->action_count++];
1272 mpls_parms = mpls_attrs[TCA_MPLS_PARMS];
1273 m = nl_attr_get_unspec(mpls_parms, sizeof *m);
1274
1275 switch (m->m_action) {
1276 case TCA_MPLS_ACT_POP:
1277 mpls_proto = mpls_attrs[TCA_MPLS_PROTO];
1278 if (mpls_proto) {
1279 action->mpls.proto = nl_attr_get_be16(mpls_proto);
1280 }
1281 action->type = TC_ACT_MPLS_POP;
1282 break;
1283 case TCA_MPLS_ACT_PUSH:
1284 mpls_proto = mpls_attrs[TCA_MPLS_PROTO];
1285 if (mpls_proto) {
1286 action->mpls.proto = nl_attr_get_be16(mpls_proto);
1287 }
1288 mpls_label = mpls_attrs[TCA_MPLS_LABEL];
1289 if (mpls_label) {
1290 action->mpls.label = nl_attr_get_u32(mpls_label);
1291 }
1292 mpls_tc = mpls_attrs[TCA_MPLS_TC];
1293 if (mpls_tc) {
1294 action->mpls.tc = nl_attr_get_u8(mpls_tc);
1295 }
1296 mpls_ttl = mpls_attrs[TCA_MPLS_TTL];
1297 if (mpls_ttl) {
1298 action->mpls.ttl = nl_attr_get_u8(mpls_ttl);
1299 }
1300 mpls_bos = mpls_attrs[TCA_MPLS_BOS];
1301 if (mpls_bos) {
1302 action->mpls.bos = nl_attr_get_u8(mpls_bos);
1303 }
1304 action->type = TC_ACT_MPLS_PUSH;
1305 break;
1306 case TCA_MPLS_ACT_MODIFY:
1307 mpls_label = mpls_attrs[TCA_MPLS_LABEL];
1308 if (mpls_label) {
1309 action->mpls.label = nl_attr_get_u32(mpls_label);
1310 }
1311 mpls_tc = mpls_attrs[TCA_MPLS_TC];
1312 if (mpls_tc) {
1313 action->mpls.tc = nl_attr_get_u8(mpls_tc);
1314 }
1315 mpls_ttl = mpls_attrs[TCA_MPLS_TTL];
1316 if (mpls_ttl) {
1317 action->mpls.ttl = nl_attr_get_u8(mpls_ttl);
1318 }
1319 mpls_bos = mpls_attrs[TCA_MPLS_BOS];
1320 if (mpls_bos) {
1321 action->mpls.bos = nl_attr_get_u8(mpls_bos);
1322 }
1323 action->type = TC_ACT_MPLS_SET;
1324 break;
1325 default:
1326 VLOG_ERR_RL(&error_rl, "unknown mpls action: %d, %d",
1327 m->action, m->m_action);
1328 return EINVAL;
1329 }
1330
1331 return 0;
1332 }
1333
1334 static const struct nl_policy csum_policy[] = {
1335 [TCA_CSUM_PARMS] = { .type = NL_A_UNSPEC,
1336 .min_len = sizeof(struct tc_csum),
1337 .optional = false, },
1338 };
1339
1340 static int
1341 nl_parse_act_csum(struct nlattr *options, struct tc_flower *flower)
1342 {
1343 struct nlattr *csum_attrs[ARRAY_SIZE(csum_policy)];
1344 const struct tc_csum *c;
1345 const struct nlattr *csum_parms;
1346
1347 if (!nl_parse_nested(options, csum_policy, csum_attrs,
1348 ARRAY_SIZE(csum_policy))) {
1349 VLOG_ERR_RL(&error_rl, "failed to parse csum action options");
1350 return EPROTO;
1351 }
1352
1353 csum_parms = csum_attrs[TCA_CSUM_PARMS];
1354 c = nl_attr_get_unspec(csum_parms, sizeof *c);
1355
1356 /* sanity checks */
1357 if (c->update_flags != flower->csum_update_flags) {
1358 VLOG_WARN_RL(&error_rl,
1359 "expected different act csum flags: 0x%x != 0x%x",
1360 flower->csum_update_flags, c->update_flags);
1361 return EINVAL;
1362 }
1363 flower->csum_update_flags = 0; /* so we know csum was handled */
1364
1365 if (flower->needs_full_ip_proto_mask
1366 && flower->mask.ip_proto != UINT8_MAX) {
1367 VLOG_WARN_RL(&error_rl, "expected full matching on flower ip_proto");
1368 return EINVAL;
1369 }
1370
1371 return 0;
1372 }
1373
1374 static const struct nl_policy act_policy[] = {
1375 [TCA_ACT_KIND] = { .type = NL_A_STRING, .optional = false, },
1376 [TCA_ACT_COOKIE] = { .type = NL_A_UNSPEC, .optional = true, },
1377 [TCA_ACT_OPTIONS] = { .type = NL_A_NESTED, .optional = false, },
1378 [TCA_ACT_STATS] = { .type = NL_A_NESTED, .optional = false, },
1379 };
1380
1381 static const struct nl_policy stats_policy[] = {
1382 [TCA_STATS_BASIC] = { .type = NL_A_UNSPEC,
1383 .min_len = sizeof(struct gnet_stats_basic),
1384 .optional = false, },
1385 };
1386
1387 static int
1388 nl_parse_single_action(struct nlattr *action, struct tc_flower *flower)
1389 {
1390 struct nlattr *act_options;
1391 struct nlattr *act_stats;
1392 struct nlattr *act_cookie;
1393 const char *act_kind;
1394 struct nlattr *action_attrs[ARRAY_SIZE(act_policy)];
1395 struct nlattr *stats_attrs[ARRAY_SIZE(stats_policy)];
1396 struct ovs_flow_stats *stats = &flower->stats;
1397 const struct gnet_stats_basic *bs;
1398 int err = 0;
1399
1400 if (!nl_parse_nested(action, act_policy, action_attrs,
1401 ARRAY_SIZE(act_policy))) {
1402 VLOG_ERR_RL(&error_rl, "failed to parse single action options");
1403 return EPROTO;
1404 }
1405
1406 act_kind = nl_attr_get_string(action_attrs[TCA_ACT_KIND]);
1407 act_options = action_attrs[TCA_ACT_OPTIONS];
1408 act_cookie = action_attrs[TCA_ACT_COOKIE];
1409
1410 if (!strcmp(act_kind, "gact")) {
1411 err = nl_parse_act_drop(act_options, flower);
1412 } else if (!strcmp(act_kind, "mirred")) {
1413 err = nl_parse_act_mirred(act_options, flower);
1414 } else if (!strcmp(act_kind, "vlan")) {
1415 err = nl_parse_act_vlan(act_options, flower);
1416 } else if (!strcmp(act_kind, "mpls")) {
1417 err = nl_parse_act_mpls(act_options, flower);
1418 } else if (!strcmp(act_kind, "tunnel_key")) {
1419 err = nl_parse_act_tunnel_key(act_options, flower);
1420 } else if (!strcmp(act_kind, "pedit")) {
1421 err = nl_parse_act_pedit(act_options, flower);
1422 } else if (!strcmp(act_kind, "csum")) {
1423 nl_parse_act_csum(act_options, flower);
1424 } else if (!strcmp(act_kind, "skbedit")) {
1425 /* Added for TC rule only (not in OvS rule) so ignore. */
1426 } else {
1427 VLOG_ERR_RL(&error_rl, "unknown tc action kind: %s", act_kind);
1428 err = EINVAL;
1429 }
1430
1431 if (err) {
1432 return err;
1433 }
1434
1435 if (act_cookie) {
1436 flower->act_cookie.data = nl_attr_get(act_cookie);
1437 flower->act_cookie.len = nl_attr_get_size(act_cookie);
1438 }
1439
1440 act_stats = action_attrs[TCA_ACT_STATS];
1441
1442 if (!nl_parse_nested(act_stats, stats_policy, stats_attrs,
1443 ARRAY_SIZE(stats_policy))) {
1444 VLOG_ERR_RL(&error_rl, "failed to parse action stats policy");
1445 return EPROTO;
1446 }
1447
1448 bs = nl_attr_get_unspec(stats_attrs[TCA_STATS_BASIC], sizeof *bs);
1449 put_32aligned_u64(&stats->n_packets, bs->packets);
1450 put_32aligned_u64(&stats->n_bytes, bs->bytes);
1451
1452 return 0;
1453 }
1454
1455 #define TCA_ACT_MIN_PRIO 1
1456
1457 static int
1458 nl_parse_flower_actions(struct nlattr **attrs, struct tc_flower *flower)
1459 {
1460 const struct nlattr *actions = attrs[TCA_FLOWER_ACT];
1461 static struct nl_policy actions_orders_policy[TCA_ACT_MAX_PRIO + 1] = {};
1462 struct nlattr *actions_orders[ARRAY_SIZE(actions_orders_policy)];
1463 const int max_size = ARRAY_SIZE(actions_orders_policy);
1464
1465 for (int i = TCA_ACT_MIN_PRIO; i < max_size; i++) {
1466 actions_orders_policy[i].type = NL_A_NESTED;
1467 actions_orders_policy[i].optional = true;
1468 }
1469
1470 if (!nl_parse_nested(actions, actions_orders_policy, actions_orders,
1471 ARRAY_SIZE(actions_orders_policy))) {
1472 VLOG_ERR_RL(&error_rl, "failed to parse flower order of actions");
1473 return EPROTO;
1474 }
1475
1476 for (int i = TCA_ACT_MIN_PRIO; i < max_size; i++) {
1477 if (actions_orders[i]) {
1478 int err;
1479
1480 if (flower->action_count >= TCA_ACT_MAX_PRIO) {
1481 VLOG_DBG_RL(&error_rl, "Can only support %d actions", flower->action_count);
1482 return EOPNOTSUPP;
1483 }
1484 err = nl_parse_single_action(actions_orders[i], flower);
1485
1486 if (err) {
1487 return err;
1488 }
1489 }
1490 }
1491
1492 if (flower->csum_update_flags) {
1493 VLOG_WARN_RL(&error_rl,
1494 "expected act csum with flags: 0x%x",
1495 flower->csum_update_flags);
1496 return EINVAL;
1497 }
1498
1499 return 0;
1500 }
1501
1502 static int
1503 nl_parse_flower_options(struct nlattr *nl_options, struct tc_flower *flower)
1504 {
1505 struct nlattr *attrs[ARRAY_SIZE(tca_flower_policy)];
1506 int err;
1507
1508 if (!nl_parse_nested(nl_options, tca_flower_policy,
1509 attrs, ARRAY_SIZE(tca_flower_policy))) {
1510 VLOG_ERR_RL(&error_rl, "failed to parse flower classifier options");
1511 return EPROTO;
1512 }
1513
1514 nl_parse_flower_eth(attrs, flower);
1515 nl_parse_flower_mpls(attrs, flower);
1516 nl_parse_flower_vlan(attrs, flower);
1517 nl_parse_flower_ip(attrs, flower);
1518 err = nl_parse_flower_tunnel(attrs, flower);
1519 if (err) {
1520 return err;
1521 }
1522
1523 nl_parse_flower_flags(attrs, flower);
1524 return nl_parse_flower_actions(attrs, flower);
1525 }
1526
1527 int
1528 parse_netlink_to_tc_flower(struct ofpbuf *reply, struct tc_flower *flower)
1529 {
1530 struct tcmsg *tc;
1531 struct nlattr *ta[ARRAY_SIZE(tca_policy)];
1532 const char *kind;
1533
1534 if (NLMSG_HDRLEN + sizeof *tc > reply->size) {
1535 return EPROTO;
1536 }
1537
1538 memset(flower, 0, sizeof *flower);
1539
1540 tc = ofpbuf_at_assert(reply, NLMSG_HDRLEN, sizeof *tc);
1541 flower->handle = tc->tcm_handle;
1542 flower->key.eth_type = (OVS_FORCE ovs_be16) tc_get_minor(tc->tcm_info);
1543 flower->mask.eth_type = OVS_BE16_MAX;
1544 flower->prio = tc_get_major(tc->tcm_info);
1545
1546 if (flower->prio == TC_RESERVED_PRIORITY_POLICE) {
1547 return 0;
1548 }
1549
1550 if (!flower->handle) {
1551 return EAGAIN;
1552 }
1553
1554 if (!nl_policy_parse(reply, NLMSG_HDRLEN + sizeof *tc,
1555 tca_policy, ta, ARRAY_SIZE(ta))) {
1556 VLOG_ERR_RL(&error_rl, "failed to parse tca policy");
1557 return EPROTO;
1558 }
1559
1560 kind = nl_attr_get_string(ta[TCA_KIND]);
1561 if (strcmp(kind, "flower")) {
1562 VLOG_DBG_ONCE("Unsupported filter: %s", kind);
1563 return EPROTO;
1564 }
1565
1566 return nl_parse_flower_options(ta[TCA_OPTIONS], flower);
1567 }
1568
1569 int
1570 tc_dump_flower_start(int ifindex, struct nl_dump *dump, uint32_t block_id,
1571 enum tc_qdisc_hook hook)
1572 {
1573 struct ofpbuf request;
1574 struct tcmsg *tcmsg;
1575 int index;
1576
1577 index = block_id ? TCM_IFINDEX_MAGIC_BLOCK : ifindex;
1578 tcmsg = tc_make_request(index, RTM_GETTFILTER, NLM_F_DUMP, &request);
1579 tcmsg->tcm_parent = (hook == TC_EGRESS) ?
1580 TC_EGRESS_PARENT : (block_id ? : TC_INGRESS_PARENT);
1581 tcmsg->tcm_info = TC_H_UNSPEC;
1582 tcmsg->tcm_handle = 0;
1583
1584 nl_dump_start(dump, NETLINK_ROUTE, &request);
1585 ofpbuf_uninit(&request);
1586
1587 return 0;
1588 }
1589
1590 int
1591 tc_flush(int ifindex, uint32_t block_id, enum tc_qdisc_hook hook)
1592 {
1593 struct ofpbuf request;
1594 struct tcmsg *tcmsg;
1595 int index;
1596
1597 index = block_id ? TCM_IFINDEX_MAGIC_BLOCK : ifindex;
1598 tcmsg = tc_make_request(index, RTM_DELTFILTER, NLM_F_ACK, &request);
1599 tcmsg->tcm_parent = (hook == TC_EGRESS) ?
1600 TC_EGRESS_PARENT : (block_id ? : TC_INGRESS_PARENT);
1601 tcmsg->tcm_info = TC_H_UNSPEC;
1602
1603 return tc_transact(&request, NULL);
1604 }
1605
1606 int
1607 tc_del_filter(int ifindex, int prio, int handle, uint32_t block_id,
1608 enum tc_qdisc_hook hook)
1609 {
1610 struct ofpbuf request;
1611 struct tcmsg *tcmsg;
1612 struct ofpbuf *reply;
1613 int error;
1614 int index;
1615
1616 index = block_id ? TCM_IFINDEX_MAGIC_BLOCK : ifindex;
1617 tcmsg = tc_make_request(index, RTM_DELTFILTER, NLM_F_ECHO, &request);
1618 tcmsg->tcm_parent = (hook == TC_EGRESS) ?
1619 TC_EGRESS_PARENT : (block_id ? : TC_INGRESS_PARENT);
1620 tcmsg->tcm_info = tc_make_handle(prio, 0);
1621 tcmsg->tcm_handle = handle;
1622
1623 error = tc_transact(&request, &reply);
1624 if (!error) {
1625 ofpbuf_delete(reply);
1626 }
1627 return error;
1628 }
1629
1630 int
1631 tc_get_flower(int ifindex, int prio, int handle, struct tc_flower *flower,
1632 uint32_t block_id, enum tc_qdisc_hook hook)
1633 {
1634 struct ofpbuf request;
1635 struct tcmsg *tcmsg;
1636 struct ofpbuf *reply;
1637 int error;
1638 int index;
1639
1640 index = block_id ? TCM_IFINDEX_MAGIC_BLOCK : ifindex;
1641 tcmsg = tc_make_request(index, RTM_GETTFILTER, NLM_F_ECHO, &request);
1642 tcmsg->tcm_parent = (hook == TC_EGRESS) ?
1643 TC_EGRESS_PARENT : (block_id ? : TC_INGRESS_PARENT);
1644 tcmsg->tcm_info = tc_make_handle(prio, 0);
1645 tcmsg->tcm_handle = handle;
1646
1647 error = tc_transact(&request, &reply);
1648 if (error) {
1649 return error;
1650 }
1651
1652 error = parse_netlink_to_tc_flower(reply, flower);
1653 ofpbuf_delete(reply);
1654 return error;
1655 }
1656
1657 static int
1658 tc_get_tc_cls_policy(enum tc_offload_policy policy)
1659 {
1660 if (policy == TC_POLICY_SKIP_HW) {
1661 return TCA_CLS_FLAGS_SKIP_HW;
1662 } else if (policy == TC_POLICY_SKIP_SW) {
1663 return TCA_CLS_FLAGS_SKIP_SW;
1664 }
1665
1666 return 0;
1667 }
1668
1669 static void
1670 nl_msg_put_act_csum(struct ofpbuf *request, uint32_t flags)
1671 {
1672 size_t offset;
1673
1674 nl_msg_put_string(request, TCA_ACT_KIND, "csum");
1675 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1676 {
1677 struct tc_csum parm = { .action = TC_ACT_PIPE,
1678 .update_flags = flags };
1679
1680 nl_msg_put_unspec(request, TCA_CSUM_PARMS, &parm, sizeof parm);
1681 }
1682 nl_msg_end_nested(request, offset);
1683 }
1684
1685 static void
1686 nl_msg_put_act_pedit(struct ofpbuf *request, struct tc_pedit *parm,
1687 struct tc_pedit_key_ex *ex)
1688 {
1689 size_t ksize = sizeof *parm + parm->nkeys * sizeof(struct tc_pedit_key);
1690 size_t offset, offset_keys_ex, offset_key;
1691 int i;
1692
1693 nl_msg_put_string(request, TCA_ACT_KIND, "pedit");
1694 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1695 {
1696 parm->action = TC_ACT_PIPE;
1697
1698 nl_msg_put_unspec(request, TCA_PEDIT_PARMS_EX, parm, ksize);
1699 offset_keys_ex = nl_msg_start_nested(request, TCA_PEDIT_KEYS_EX);
1700 for (i = 0; i < parm->nkeys; i++, ex++) {
1701 offset_key = nl_msg_start_nested(request, TCA_PEDIT_KEY_EX);
1702 nl_msg_put_u16(request, TCA_PEDIT_KEY_EX_HTYPE, ex->htype);
1703 nl_msg_put_u16(request, TCA_PEDIT_KEY_EX_CMD, ex->cmd);
1704 nl_msg_end_nested(request, offset_key);
1705 }
1706 nl_msg_end_nested(request, offset_keys_ex);
1707 }
1708 nl_msg_end_nested(request, offset);
1709 }
1710
1711 static void
1712 nl_msg_put_act_push_vlan(struct ofpbuf *request, ovs_be16 tpid,
1713 uint16_t vid, uint8_t prio)
1714 {
1715 size_t offset;
1716
1717 nl_msg_put_string(request, TCA_ACT_KIND, "vlan");
1718 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1719 {
1720 struct tc_vlan parm = { .action = TC_ACT_PIPE,
1721 .v_action = TCA_VLAN_ACT_PUSH };
1722
1723 nl_msg_put_unspec(request, TCA_VLAN_PARMS, &parm, sizeof parm);
1724 nl_msg_put_be16(request, TCA_VLAN_PUSH_VLAN_PROTOCOL, tpid);
1725 nl_msg_put_u16(request, TCA_VLAN_PUSH_VLAN_ID, vid);
1726 nl_msg_put_u8(request, TCA_VLAN_PUSH_VLAN_PRIORITY, prio);
1727 }
1728 nl_msg_end_nested(request, offset);
1729 }
1730
1731 static void
1732 nl_msg_put_act_pop_vlan(struct ofpbuf *request)
1733 {
1734 size_t offset;
1735
1736 nl_msg_put_string(request, TCA_ACT_KIND, "vlan");
1737 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1738 {
1739 struct tc_vlan parm = { .action = TC_ACT_PIPE,
1740 .v_action = TCA_VLAN_ACT_POP };
1741
1742 nl_msg_put_unspec(request, TCA_VLAN_PARMS, &parm, sizeof parm);
1743 }
1744 nl_msg_end_nested(request, offset);
1745 }
1746
1747 static void
1748 nl_msg_put_act_pop_mpls(struct ofpbuf *request, ovs_be16 proto)
1749 {
1750 size_t offset;
1751
1752 nl_msg_put_string(request, TCA_ACT_KIND, "mpls");
1753 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS | NLA_F_NESTED);
1754 {
1755 struct tc_mpls parm = { .action = TC_ACT_PIPE,
1756 .m_action = TCA_MPLS_ACT_POP };
1757
1758 nl_msg_put_unspec(request, TCA_MPLS_PARMS, &parm, sizeof parm);
1759 nl_msg_put_be16(request, TCA_MPLS_PROTO, proto);
1760 }
1761 nl_msg_end_nested(request, offset);
1762 }
1763
1764 static void
1765 nl_msg_put_act_push_mpls(struct ofpbuf *request, ovs_be16 proto,
1766 uint32_t label, uint8_t tc, uint8_t ttl, uint8_t bos)
1767 {
1768 size_t offset;
1769
1770 nl_msg_put_string(request, TCA_ACT_KIND, "mpls");
1771 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS | NLA_F_NESTED);
1772 {
1773 struct tc_mpls parm = { .action = TC_ACT_PIPE,
1774 .m_action = TCA_MPLS_ACT_PUSH };
1775
1776 nl_msg_put_unspec(request, TCA_MPLS_PARMS, &parm, sizeof parm);
1777 nl_msg_put_be16(request, TCA_MPLS_PROTO, proto);
1778 nl_msg_put_u32(request, TCA_MPLS_LABEL, label);
1779 nl_msg_put_u8(request, TCA_MPLS_TC, tc);
1780 nl_msg_put_u8(request, TCA_MPLS_TTL, ttl);
1781 nl_msg_put_u8(request, TCA_MPLS_BOS, bos);
1782 }
1783 nl_msg_end_nested(request, offset);
1784 }
1785
1786 static void
1787 nl_msg_put_act_set_mpls(struct ofpbuf *request, uint32_t label, uint8_t tc,
1788 uint8_t ttl, uint8_t bos)
1789 {
1790 size_t offset;
1791
1792 nl_msg_put_string(request, TCA_ACT_KIND, "mpls");
1793 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS | NLA_F_NESTED);
1794 {
1795 struct tc_mpls parm = { .action = TC_ACT_PIPE,
1796 .m_action = TCA_MPLS_ACT_MODIFY };
1797
1798 nl_msg_put_unspec(request, TCA_MPLS_PARMS, &parm, sizeof parm);
1799 nl_msg_put_u32(request, TCA_MPLS_LABEL, label);
1800 nl_msg_put_u8(request, TCA_MPLS_TC, tc);
1801 nl_msg_put_u8(request, TCA_MPLS_TTL, ttl);
1802 nl_msg_put_u8(request, TCA_MPLS_BOS, bos);
1803 }
1804 nl_msg_end_nested(request, offset);
1805 }
1806
1807 static void
1808 nl_msg_put_act_tunnel_key_release(struct ofpbuf *request)
1809 {
1810 size_t offset;
1811
1812 nl_msg_put_string(request, TCA_ACT_KIND, "tunnel_key");
1813 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1814 {
1815 struct tc_tunnel_key tun = { .action = TC_ACT_PIPE,
1816 .t_action = TCA_TUNNEL_KEY_ACT_RELEASE };
1817
1818 nl_msg_put_unspec(request, TCA_TUNNEL_KEY_PARMS, &tun, sizeof tun);
1819 }
1820 nl_msg_end_nested(request, offset);
1821 }
1822
1823 static void
1824 nl_msg_put_act_tunnel_geneve_option(struct ofpbuf *request,
1825 struct tun_metadata tun_metadata)
1826 {
1827 const struct geneve_opt *opt;
1828 size_t outer, inner;
1829 int len, cnt = 0;
1830
1831 len = tun_metadata.present.len;
1832 if (!len) {
1833 return;
1834 }
1835
1836 outer = nl_msg_start_nested(request, TCA_TUNNEL_KEY_ENC_OPTS);
1837
1838 while (len) {
1839 opt = &tun_metadata.opts.gnv[cnt];
1840 inner = nl_msg_start_nested(request, TCA_TUNNEL_KEY_ENC_OPTS_GENEVE);
1841
1842 nl_msg_put_be16(request, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS,
1843 opt->opt_class);
1844 nl_msg_put_u8(request, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE, opt->type);
1845 nl_msg_put_unspec(request, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA, opt + 1,
1846 opt->length * 4);
1847
1848 cnt += sizeof(struct geneve_opt) / 4 + opt->length;
1849 len -= sizeof(struct geneve_opt) + opt->length * 4;
1850
1851 nl_msg_end_nested(request, inner);
1852 }
1853
1854 nl_msg_end_nested(request, outer);
1855 }
1856
1857 static void
1858 nl_msg_put_act_tunnel_key_set(struct ofpbuf *request, bool id_present,
1859 ovs_be64 id, ovs_be32 ipv4_src,
1860 ovs_be32 ipv4_dst, struct in6_addr *ipv6_src,
1861 struct in6_addr *ipv6_dst,
1862 ovs_be16 tp_dst, uint8_t tos, uint8_t ttl,
1863 struct tun_metadata tun_metadata,
1864 uint8_t no_csum)
1865 {
1866 size_t offset;
1867
1868 nl_msg_put_string(request, TCA_ACT_KIND, "tunnel_key");
1869 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1870 {
1871 struct tc_tunnel_key tun = { .action = TC_ACT_PIPE,
1872 .t_action = TCA_TUNNEL_KEY_ACT_SET };
1873
1874 nl_msg_put_unspec(request, TCA_TUNNEL_KEY_PARMS, &tun, sizeof tun);
1875
1876 ovs_be32 id32 = be64_to_be32(id);
1877 if (id_present) {
1878 nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_KEY_ID, id32);
1879 }
1880 if (ipv4_dst) {
1881 nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_IPV4_SRC, ipv4_src);
1882 nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_IPV4_DST, ipv4_dst);
1883 } else if (!is_all_zeros(ipv6_dst, sizeof *ipv6_dst)) {
1884 nl_msg_put_in6_addr(request, TCA_TUNNEL_KEY_ENC_IPV6_DST,
1885 ipv6_dst);
1886 nl_msg_put_in6_addr(request, TCA_TUNNEL_KEY_ENC_IPV6_SRC,
1887 ipv6_src);
1888 }
1889 if (tos) {
1890 nl_msg_put_u8(request, TCA_TUNNEL_KEY_ENC_TOS, tos);
1891 }
1892 if (ttl) {
1893 nl_msg_put_u8(request, TCA_TUNNEL_KEY_ENC_TTL, ttl);
1894 }
1895 if (tp_dst) {
1896 nl_msg_put_be16(request, TCA_TUNNEL_KEY_ENC_DST_PORT, tp_dst);
1897 }
1898 nl_msg_put_act_tunnel_geneve_option(request, tun_metadata);
1899 nl_msg_put_u8(request, TCA_TUNNEL_KEY_NO_CSUM, no_csum);
1900 }
1901 nl_msg_end_nested(request, offset);
1902 }
1903
1904 static void
1905 nl_msg_put_act_drop(struct ofpbuf *request)
1906 {
1907 size_t offset;
1908
1909 nl_msg_put_string(request, TCA_ACT_KIND, "gact");
1910 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1911 {
1912 struct tc_gact p = { .action = TC_ACT_SHOT };
1913
1914 nl_msg_put_unspec(request, TCA_GACT_PARMS, &p, sizeof p);
1915 }
1916 nl_msg_end_nested(request, offset);
1917 }
1918
1919 static void
1920 nl_msg_put_act_skbedit_to_host(struct ofpbuf *request)
1921 {
1922 size_t offset;
1923
1924 nl_msg_put_string(request, TCA_ACT_KIND, "skbedit");
1925 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1926 {
1927 struct tc_skbedit s = { .action = TC_ACT_PIPE };
1928
1929 nl_msg_put_unspec(request, TCA_SKBEDIT_PARMS, &s, sizeof s);
1930 nl_msg_put_be16(request, TCA_SKBEDIT_PTYPE, PACKET_HOST);
1931 }
1932 nl_msg_end_nested(request, offset);
1933 }
1934
1935 static void
1936 nl_msg_put_act_mirred(struct ofpbuf *request, int ifindex, int action,
1937 int eaction)
1938 {
1939 size_t offset;
1940
1941 nl_msg_put_string(request, TCA_ACT_KIND, "mirred");
1942 offset = nl_msg_start_nested(request, TCA_ACT_OPTIONS);
1943 {
1944 struct tc_mirred m = { .action = action,
1945 .eaction = eaction,
1946 .ifindex = ifindex };
1947
1948 nl_msg_put_unspec(request, TCA_MIRRED_PARMS, &m, sizeof m);
1949 }
1950 nl_msg_end_nested(request, offset);
1951 }
1952
1953 static inline void
1954 nl_msg_put_act_cookie(struct ofpbuf *request, struct tc_cookie *ck) {
1955 if (ck->len) {
1956 nl_msg_put_unspec(request, TCA_ACT_COOKIE, ck->data, ck->len);
1957 }
1958 }
1959
1960 /* Given flower, a key_to_pedit map entry, calculates the rest,
1961 * where:
1962 *
1963 * mask, data - pointers of where read the first word of flower->key/mask.
1964 * current_offset - which offset to use for the first pedit action.
1965 * cnt - max pedits actions to use.
1966 * first_word_mask/last_word_mask - the mask to use for the first/last read
1967 * (as we read entire words). */
1968 static void
1969 calc_offsets(struct tc_flower *flower, struct flower_key_to_pedit *m,
1970 int *cur_offset, int *cnt, ovs_be32 *last_word_mask,
1971 ovs_be32 *first_word_mask, ovs_be32 **mask, ovs_be32 **data)
1972 {
1973 int start_offset, max_offset, total_size;
1974 int diff, right_zero_bits, left_zero_bits;
1975 char *rewrite_key = (void *) &flower->rewrite.key;
1976 char *rewrite_mask = (void *) &flower->rewrite.mask;
1977
1978 max_offset = m->offset + m->size;
1979 start_offset = ROUND_DOWN(m->offset, 4);
1980 diff = m->offset - start_offset;
1981 total_size = max_offset - start_offset;
1982 right_zero_bits = 8 * (4 - ((max_offset % 4) ? : 4));
1983 left_zero_bits = 8 * (m->offset - start_offset);
1984
1985 *cur_offset = start_offset;
1986 *cnt = (total_size / 4) + (total_size % 4 ? 1 : 0);
1987 *last_word_mask = htonl(UINT32_MAX << right_zero_bits);
1988 *first_word_mask = htonl(UINT32_MAX >> left_zero_bits);
1989 *data = (void *) (rewrite_key + m->flower_offset - diff);
1990 *mask = (void *) (rewrite_mask + m->flower_offset - diff);
1991 }
1992
1993 static inline int
1994 csum_update_flag(struct tc_flower *flower,
1995 enum pedit_header_type htype) {
1996 /* Explictily specifiy the csum flags so HW can return EOPNOTSUPP
1997 * if it doesn't support a checksum recalculation of some headers.
1998 * And since OVS allows a flow such as
1999 * eth(dst=<mac>),eth_type(0x0800) actions=set(ipv4(src=<new_ip>))
2000 * we need to force a more specific flow as this can, for example,
2001 * need a recalculation of icmp checksum if the packet that passes
2002 * is ICMPv6 and tcp checksum if its tcp. */
2003
2004 switch (htype) {
2005 case TCA_PEDIT_KEY_EX_HDR_TYPE_IP4:
2006 flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_IPV4HDR;
2007 /* Fall through. */
2008 case TCA_PEDIT_KEY_EX_HDR_TYPE_IP6:
2009 case TCA_PEDIT_KEY_EX_HDR_TYPE_TCP:
2010 case TCA_PEDIT_KEY_EX_HDR_TYPE_UDP:
2011 if (flower->key.ip_proto == IPPROTO_TCP) {
2012 flower->needs_full_ip_proto_mask = true;
2013 flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_TCP;
2014 } else if (flower->key.ip_proto == IPPROTO_UDP) {
2015 flower->needs_full_ip_proto_mask = true;
2016 flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_UDP;
2017 } else if (flower->key.ip_proto == IPPROTO_ICMP) {
2018 flower->needs_full_ip_proto_mask = true;
2019 } else if (flower->key.ip_proto == IPPROTO_ICMPV6) {
2020 flower->needs_full_ip_proto_mask = true;
2021 flower->csum_update_flags |= TCA_CSUM_UPDATE_FLAG_ICMP;
2022 } else {
2023 VLOG_WARN_RL(&error_rl,
2024 "can't offload rewrite of IP/IPV6 with ip_proto: %d",
2025 flower->key.ip_proto);
2026 break;
2027 }
2028 /* Fall through. */
2029 case TCA_PEDIT_KEY_EX_HDR_TYPE_ETH:
2030 return 0; /* success */
2031
2032 case TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK:
2033 case __PEDIT_HDR_TYPE_MAX:
2034 default:
2035 break;
2036 }
2037
2038 return EOPNOTSUPP;
2039 }
2040
2041 static int
2042 nl_msg_put_flower_rewrite_pedits(struct ofpbuf *request,
2043 struct tc_flower *flower)
2044 {
2045 struct {
2046 struct tc_pedit sel;
2047 struct tc_pedit_key keys[MAX_PEDIT_OFFSETS];
2048 struct tc_pedit_key_ex keys_ex[MAX_PEDIT_OFFSETS];
2049 } sel = {
2050 .sel = {
2051 .nkeys = 0
2052 }
2053 };
2054 int i, j, err;
2055
2056 for (i = 0; i < ARRAY_SIZE(flower_pedit_map); i++) {
2057 struct flower_key_to_pedit *m = &flower_pedit_map[i];
2058 struct tc_pedit_key *pedit_key = NULL;
2059 struct tc_pedit_key_ex *pedit_key_ex = NULL;
2060 ovs_be32 *mask, *data, first_word_mask, last_word_mask;
2061 int cnt = 0, cur_offset = 0;
2062
2063 if (!m->size) {
2064 continue;
2065 }
2066
2067 calc_offsets(flower, m, &cur_offset, &cnt, &last_word_mask,
2068 &first_word_mask, &mask, &data);
2069
2070 for (j = 0; j < cnt; j++, mask++, data++, cur_offset += 4) {
2071 ovs_be32 mask_word = *mask;
2072 ovs_be32 data_word = *data;
2073
2074 if (j == 0) {
2075 mask_word &= first_word_mask;
2076 }
2077 if (j == cnt - 1) {
2078 mask_word &= last_word_mask;
2079 }
2080 if (!mask_word) {
2081 continue;
2082 }
2083 if (sel.sel.nkeys == MAX_PEDIT_OFFSETS) {
2084 VLOG_WARN_RL(&error_rl, "reached too many pedit offsets: %d",
2085 MAX_PEDIT_OFFSETS);
2086 return EOPNOTSUPP;
2087 }
2088
2089 pedit_key = &sel.keys[sel.sel.nkeys];
2090 pedit_key_ex = &sel.keys_ex[sel.sel.nkeys];
2091 pedit_key_ex->cmd = TCA_PEDIT_KEY_EX_CMD_SET;
2092 pedit_key_ex->htype = m->htype;
2093 pedit_key->off = cur_offset;
2094 mask_word = htonl(ntohl(mask_word) >> m->boundary_shift);
2095 data_word = htonl(ntohl(data_word) >> m->boundary_shift);
2096 pedit_key->mask = ~mask_word;
2097 pedit_key->val = data_word & mask_word;
2098 sel.sel.nkeys++;
2099
2100 err = csum_update_flag(flower, m->htype);
2101 if (err) {
2102 return err;
2103 }
2104
2105 if (flower->needs_full_ip_proto_mask) {
2106 flower->mask.ip_proto = UINT8_MAX;
2107 }
2108 }
2109 }
2110 nl_msg_put_act_pedit(request, &sel.sel, sel.keys_ex);
2111
2112 return 0;
2113 }
2114
2115 static int
2116 nl_msg_put_flower_acts(struct ofpbuf *request, struct tc_flower *flower)
2117 {
2118 size_t offset;
2119 size_t act_offset;
2120 uint16_t act_index = 1;
2121 struct tc_action *action;
2122 int i, ifindex = 0;
2123 bool ingress;
2124
2125 offset = nl_msg_start_nested(request, TCA_FLOWER_ACT);
2126 {
2127 int error;
2128
2129 if (flower->tunnel) {
2130 act_offset = nl_msg_start_nested(request, act_index++);
2131 nl_msg_put_act_tunnel_key_release(request);
2132 nl_msg_end_nested(request, act_offset);
2133 }
2134
2135 action = flower->actions;
2136 for (i = 0; i < flower->action_count; i++, action++) {
2137 switch (action->type) {
2138 case TC_ACT_PEDIT: {
2139 act_offset = nl_msg_start_nested(request, act_index++);
2140 error = nl_msg_put_flower_rewrite_pedits(request, flower);
2141 if (error) {
2142 return error;
2143 }
2144 nl_msg_end_nested(request, act_offset);
2145
2146 if (flower->csum_update_flags) {
2147 act_offset = nl_msg_start_nested(request, act_index++);
2148 nl_msg_put_act_csum(request, flower->csum_update_flags);
2149 nl_msg_end_nested(request, act_offset);
2150 }
2151 }
2152 break;
2153 case TC_ACT_ENCAP: {
2154 act_offset = nl_msg_start_nested(request, act_index++);
2155 nl_msg_put_act_tunnel_key_set(request, action->encap.id_present,
2156 action->encap.id,
2157 action->encap.ipv4.ipv4_src,
2158 action->encap.ipv4.ipv4_dst,
2159 &action->encap.ipv6.ipv6_src,
2160 &action->encap.ipv6.ipv6_dst,
2161 action->encap.tp_dst,
2162 action->encap.tos,
2163 action->encap.ttl,
2164 action->encap.data,
2165 action->encap.no_csum);
2166 nl_msg_end_nested(request, act_offset);
2167 }
2168 break;
2169 case TC_ACT_VLAN_POP: {
2170 act_offset = nl_msg_start_nested(request, act_index++);
2171 nl_msg_put_act_pop_vlan(request);
2172 nl_msg_end_nested(request, act_offset);
2173 }
2174 break;
2175 case TC_ACT_VLAN_PUSH: {
2176 act_offset = nl_msg_start_nested(request, act_index++);
2177 nl_msg_put_act_push_vlan(request,
2178 action->vlan.vlan_push_tpid,
2179 action->vlan.vlan_push_id,
2180 action->vlan.vlan_push_prio);
2181 nl_msg_end_nested(request, act_offset);
2182 }
2183 break;
2184 case TC_ACT_MPLS_POP: {
2185 act_offset = nl_msg_start_nested(request, act_index++);
2186 nl_msg_put_act_pop_mpls(request, action->mpls.proto);
2187 nl_msg_end_nested(request, act_offset);
2188 }
2189 break;
2190 case TC_ACT_MPLS_PUSH: {
2191 act_offset = nl_msg_start_nested(request, act_index++);
2192 nl_msg_put_act_push_mpls(request, action->mpls.proto,
2193 action->mpls.label, action->mpls.tc,
2194 action->mpls.ttl, action->mpls.bos);
2195 nl_msg_end_nested(request, act_offset);
2196 }
2197 break;
2198 case TC_ACT_MPLS_SET: {
2199 act_offset = nl_msg_start_nested(request, act_index++);
2200 nl_msg_put_act_set_mpls(request, action->mpls.label,
2201 action->mpls.tc, action->mpls.ttl,
2202 action->mpls.bos);
2203 nl_msg_end_nested(request, act_offset);
2204 }
2205 break;
2206 case TC_ACT_OUTPUT: {
2207 ingress = action->out.ingress;
2208 ifindex = action->out.ifindex_out;
2209 if (ifindex < 1) {
2210 VLOG_ERR_RL(&error_rl, "%s: invalid ifindex: %d, type: %d",
2211 __func__, ifindex, action->type);
2212 return EINVAL;
2213 }
2214
2215 if (ingress) {
2216 /* If redirecting to ingress (internal port) ensure
2217 * pkt_type on skb is set to PACKET_HOST. */
2218 act_offset = nl_msg_start_nested(request, act_index++);
2219 nl_msg_put_act_skbedit_to_host(request);
2220 nl_msg_end_nested(request, act_offset);
2221 }
2222
2223 act_offset = nl_msg_start_nested(request, act_index++);
2224 if (i == flower->action_count - 1) {
2225 if (ingress) {
2226 nl_msg_put_act_mirred(request, ifindex, TC_ACT_STOLEN,
2227 TCA_INGRESS_REDIR);
2228 } else {
2229 nl_msg_put_act_mirred(request, ifindex, TC_ACT_STOLEN,
2230 TCA_EGRESS_REDIR);
2231 }
2232 } else {
2233 if (ingress) {
2234 nl_msg_put_act_mirred(request, ifindex, TC_ACT_PIPE,
2235 TCA_INGRESS_MIRROR);
2236 } else {
2237 nl_msg_put_act_mirred(request, ifindex, TC_ACT_PIPE,
2238 TCA_EGRESS_MIRROR);
2239 }
2240 }
2241 nl_msg_put_act_cookie(request, &flower->act_cookie);
2242 nl_msg_end_nested(request, act_offset);
2243 }
2244 break;
2245 }
2246 }
2247 }
2248 if (!ifindex) {
2249 act_offset = nl_msg_start_nested(request, act_index++);
2250 nl_msg_put_act_drop(request);
2251 nl_msg_put_act_cookie(request, &flower->act_cookie);
2252 nl_msg_end_nested(request, act_offset);
2253 }
2254 nl_msg_end_nested(request, offset);
2255
2256 return 0;
2257 }
2258
2259 static void
2260 nl_msg_put_masked_value(struct ofpbuf *request, uint16_t type,
2261 uint16_t mask_type, const void *data,
2262 const void *mask_data, size_t len)
2263 {
2264 if (mask_type != TCA_FLOWER_UNSPEC) {
2265 if (is_all_zeros(mask_data, len)) {
2266 return;
2267 }
2268 nl_msg_put_unspec(request, mask_type, mask_data, len);
2269 }
2270 nl_msg_put_unspec(request, type, data, len);
2271 }
2272
2273 static void
2274 nl_msg_put_flower_tunnel_opts(struct ofpbuf *request, uint16_t type,
2275 struct tun_metadata metadata)
2276 {
2277 struct geneve_opt *opt;
2278 size_t outer, inner;
2279 int len, cnt = 0;
2280
2281 len = metadata.present.len;
2282 if (!len) {
2283 return;
2284 }
2285
2286 outer = nl_msg_start_nested(request, type);
2287 while (len) {
2288 opt = &metadata.opts.gnv[cnt];
2289 inner = nl_msg_start_nested(request, TCA_FLOWER_KEY_ENC_OPTS_GENEVE);
2290
2291 nl_msg_put_be16(request, TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS,
2292 opt->opt_class);
2293 nl_msg_put_u8(request, TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE, opt->type);
2294 nl_msg_put_unspec(request, TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA, opt + 1,
2295 opt->length * 4);
2296
2297 cnt += sizeof(struct geneve_opt) / 4 + opt->length;
2298 len -= sizeof(struct geneve_opt) + opt->length * 4;
2299
2300 nl_msg_end_nested(request, inner);
2301 }
2302 nl_msg_end_nested(request, outer);
2303 }
2304
2305 static void
2306 nl_msg_put_flower_tunnel(struct ofpbuf *request, struct tc_flower *flower)
2307 {
2308 ovs_be32 ipv4_src = flower->key.tunnel.ipv4.ipv4_src;
2309 ovs_be32 ipv4_dst = flower->key.tunnel.ipv4.ipv4_dst;
2310 struct in6_addr *ipv6_src = &flower->key.tunnel.ipv6.ipv6_src;
2311 struct in6_addr *ipv6_dst = &flower->key.tunnel.ipv6.ipv6_dst;
2312 ovs_be16 tp_dst = flower->key.tunnel.tp_dst;
2313 ovs_be32 id = be64_to_be32(flower->key.tunnel.id);
2314 uint8_t tos = flower->key.tunnel.tos;
2315 uint8_t ttl = flower->key.tunnel.ttl;
2316 uint8_t tos_mask = flower->mask.tunnel.tos;
2317 uint8_t ttl_mask = flower->mask.tunnel.ttl;
2318 ovs_be64 id_mask = flower->mask.tunnel.id;
2319
2320 if (ipv4_dst) {
2321 nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_IPV4_SRC, ipv4_src);
2322 nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_IPV4_DST, ipv4_dst);
2323 } else if (!is_all_zeros(ipv6_dst, sizeof *ipv6_dst)) {
2324 nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_SRC, ipv6_src);
2325 nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_DST, ipv6_dst);
2326 }
2327 if (tos_mask) {
2328 nl_msg_put_u8(request, TCA_FLOWER_KEY_ENC_IP_TOS, tos);
2329 nl_msg_put_u8(request, TCA_FLOWER_KEY_ENC_IP_TOS_MASK, tos_mask);
2330 }
2331 if (ttl_mask) {
2332 nl_msg_put_u8(request, TCA_FLOWER_KEY_ENC_IP_TTL, ttl);
2333 nl_msg_put_u8(request, TCA_FLOWER_KEY_ENC_IP_TTL_MASK, ttl_mask);
2334 }
2335 if (tp_dst) {
2336 nl_msg_put_be16(request, TCA_FLOWER_KEY_ENC_UDP_DST_PORT, tp_dst);
2337 }
2338 if (id_mask) {
2339 nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_KEY_ID, id);
2340 }
2341 nl_msg_put_flower_tunnel_opts(request, TCA_FLOWER_KEY_ENC_OPTS,
2342 flower->key.tunnel.metadata);
2343 nl_msg_put_flower_tunnel_opts(request, TCA_FLOWER_KEY_ENC_OPTS_MASK,
2344 flower->mask.tunnel.metadata);
2345 }
2346
2347 #define FLOWER_PUT_MASKED_VALUE(member, type) \
2348 nl_msg_put_masked_value(request, type, type##_MASK, &flower->key.member, \
2349 &flower->mask.member, sizeof flower->key.member)
2350
2351 static int
2352 nl_msg_put_flower_options(struct ofpbuf *request, struct tc_flower *flower)
2353 {
2354
2355 uint16_t host_eth_type = ntohs(flower->key.eth_type);
2356 bool is_vlan = eth_type_vlan(flower->key.eth_type);
2357 bool is_qinq = is_vlan && eth_type_vlan(flower->key.encap_eth_type[0]);
2358 bool is_mpls = eth_type_mpls(flower->key.eth_type);
2359 int err;
2360
2361 /* need to parse acts first as some acts require changing the matching
2362 * see csum_update_flag() */
2363 err = nl_msg_put_flower_acts(request, flower);
2364 if (err) {
2365 return err;
2366 }
2367
2368 if (is_vlan) {
2369 if (is_qinq) {
2370 host_eth_type = ntohs(flower->key.encap_eth_type[1]);
2371 } else {
2372 host_eth_type = ntohs(flower->key.encap_eth_type[0]);
2373 }
2374 }
2375
2376 if (is_mpls) {
2377 host_eth_type = ntohs(flower->key.encap_eth_type[0]);
2378 }
2379
2380 FLOWER_PUT_MASKED_VALUE(dst_mac, TCA_FLOWER_KEY_ETH_DST);
2381 FLOWER_PUT_MASKED_VALUE(src_mac, TCA_FLOWER_KEY_ETH_SRC);
2382
2383 if (host_eth_type == ETH_P_IP || host_eth_type == ETH_P_IPV6) {
2384 FLOWER_PUT_MASKED_VALUE(ip_ttl, TCA_FLOWER_KEY_IP_TTL);
2385 FLOWER_PUT_MASKED_VALUE(ip_tos, TCA_FLOWER_KEY_IP_TOS);
2386
2387 if (flower->mask.ip_proto && flower->key.ip_proto) {
2388 nl_msg_put_u8(request, TCA_FLOWER_KEY_IP_PROTO,
2389 flower->key.ip_proto);
2390 }
2391
2392 if (flower->mask.flags) {
2393 nl_msg_put_be32(request, TCA_FLOWER_KEY_FLAGS,
2394 htonl(flower->key.flags));
2395 nl_msg_put_be32(request, TCA_FLOWER_KEY_FLAGS_MASK,
2396 htonl(flower->mask.flags));
2397 }
2398
2399 if (flower->key.ip_proto == IPPROTO_UDP) {
2400 FLOWER_PUT_MASKED_VALUE(udp_src, TCA_FLOWER_KEY_UDP_SRC);
2401 FLOWER_PUT_MASKED_VALUE(udp_dst, TCA_FLOWER_KEY_UDP_DST);
2402 } else if (flower->key.ip_proto == IPPROTO_TCP) {
2403 FLOWER_PUT_MASKED_VALUE(tcp_src, TCA_FLOWER_KEY_TCP_SRC);
2404 FLOWER_PUT_MASKED_VALUE(tcp_dst, TCA_FLOWER_KEY_TCP_DST);
2405 FLOWER_PUT_MASKED_VALUE(tcp_flags, TCA_FLOWER_KEY_TCP_FLAGS);
2406 } else if (flower->key.ip_proto == IPPROTO_SCTP) {
2407 FLOWER_PUT_MASKED_VALUE(sctp_src, TCA_FLOWER_KEY_SCTP_SRC);
2408 FLOWER_PUT_MASKED_VALUE(sctp_dst, TCA_FLOWER_KEY_SCTP_DST);
2409 }
2410 }
2411
2412 if (host_eth_type == ETH_P_IP) {
2413 FLOWER_PUT_MASKED_VALUE(ipv4.ipv4_src, TCA_FLOWER_KEY_IPV4_SRC);
2414 FLOWER_PUT_MASKED_VALUE(ipv4.ipv4_dst, TCA_FLOWER_KEY_IPV4_DST);
2415 } else if (host_eth_type == ETH_P_IPV6) {
2416 FLOWER_PUT_MASKED_VALUE(ipv6.ipv6_src, TCA_FLOWER_KEY_IPV6_SRC);
2417 FLOWER_PUT_MASKED_VALUE(ipv6.ipv6_dst, TCA_FLOWER_KEY_IPV6_DST);
2418 }
2419
2420 nl_msg_put_be16(request, TCA_FLOWER_KEY_ETH_TYPE, flower->key.eth_type);
2421
2422 if (is_mpls) {
2423 if (mpls_lse_to_ttl(flower->mask.mpls_lse)) {
2424 nl_msg_put_u8(request, TCA_FLOWER_KEY_MPLS_TTL,
2425 mpls_lse_to_ttl(flower->key.mpls_lse));
2426 }
2427 if (mpls_lse_to_tc(flower->mask.mpls_lse)) {
2428 nl_msg_put_u8(request, TCA_FLOWER_KEY_MPLS_TC,
2429 mpls_lse_to_tc(flower->key.mpls_lse));
2430 }
2431 if (mpls_lse_to_bos(flower->mask.mpls_lse)) {
2432 nl_msg_put_u8(request, TCA_FLOWER_KEY_MPLS_BOS,
2433 mpls_lse_to_bos(flower->key.mpls_lse));
2434 }
2435 if (mpls_lse_to_label(flower->mask.mpls_lse)) {
2436 nl_msg_put_u32(request, TCA_FLOWER_KEY_MPLS_LABEL,
2437 mpls_lse_to_label(flower->key.mpls_lse));
2438 }
2439 }
2440
2441 if (is_vlan) {
2442 if (flower->mask.vlan_id[0]) {
2443 nl_msg_put_u16(request, TCA_FLOWER_KEY_VLAN_ID,
2444 flower->key.vlan_id[0]);
2445 }
2446 if (flower->mask.vlan_prio[0]) {
2447 nl_msg_put_u8(request, TCA_FLOWER_KEY_VLAN_PRIO,
2448 flower->key.vlan_prio[0]);
2449 }
2450 if (flower->key.encap_eth_type[0]) {
2451 nl_msg_put_be16(request, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
2452 flower->key.encap_eth_type[0]);
2453 }
2454
2455 if (is_qinq) {
2456 if (flower->mask.vlan_id[1]) {
2457 nl_msg_put_u16(request, TCA_FLOWER_KEY_CVLAN_ID,
2458 flower->key.vlan_id[1]);
2459 }
2460 if (flower->mask.vlan_prio[1]) {
2461 nl_msg_put_u8(request, TCA_FLOWER_KEY_CVLAN_PRIO,
2462 flower->key.vlan_prio[1]);
2463 }
2464 if (flower->key.encap_eth_type[1]) {
2465 nl_msg_put_be16(request, TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
2466 flower->key.encap_eth_type[1]);
2467 }
2468 }
2469 }
2470
2471 nl_msg_put_u32(request, TCA_FLOWER_FLAGS, tc_get_tc_cls_policy(tc_policy));
2472
2473 if (flower->tunnel) {
2474 nl_msg_put_flower_tunnel(request, flower);
2475 }
2476
2477 return 0;
2478 }
2479
2480 int
2481 tc_replace_flower(int ifindex, uint16_t prio, uint32_t handle,
2482 struct tc_flower *flower, uint32_t block_id,
2483 enum tc_qdisc_hook hook)
2484 {
2485 struct ofpbuf request;
2486 struct tcmsg *tcmsg;
2487 struct ofpbuf *reply;
2488 int error = 0;
2489 size_t basic_offset;
2490 uint16_t eth_type = (OVS_FORCE uint16_t) flower->key.eth_type;
2491 int index;
2492
2493 index = block_id ? TCM_IFINDEX_MAGIC_BLOCK : ifindex;
2494 tcmsg = tc_make_request(index, RTM_NEWTFILTER, NLM_F_CREATE | NLM_F_ECHO,
2495 &request);
2496 tcmsg->tcm_parent = (hook == TC_EGRESS) ?
2497 TC_EGRESS_PARENT : (block_id ? : TC_INGRESS_PARENT);
2498 tcmsg->tcm_info = tc_make_handle(prio, eth_type);
2499 tcmsg->tcm_handle = handle;
2500
2501 nl_msg_put_string(&request, TCA_KIND, "flower");
2502 basic_offset = nl_msg_start_nested(&request, TCA_OPTIONS);
2503 {
2504 error = nl_msg_put_flower_options(&request, flower);
2505
2506 if (error) {
2507 ofpbuf_uninit(&request);
2508 return error;
2509 }
2510 }
2511 nl_msg_end_nested(&request, basic_offset);
2512
2513 error = tc_transact(&request, &reply);
2514 if (!error) {
2515 struct tcmsg *tc =
2516 ofpbuf_at_assert(reply, NLMSG_HDRLEN, sizeof *tc);
2517
2518 flower->prio = tc_get_major(tc->tcm_info);
2519 flower->handle = tc->tcm_handle;
2520 ofpbuf_delete(reply);
2521 }
2522
2523 return error;
2524 }
2525
2526 void
2527 tc_set_policy(const char *policy)
2528 {
2529 if (!policy) {
2530 return;
2531 }
2532
2533 if (!strcmp(policy, "skip_sw")) {
2534 tc_policy = TC_POLICY_SKIP_SW;
2535 } else if (!strcmp(policy, "skip_hw")) {
2536 tc_policy = TC_POLICY_SKIP_HW;
2537 } else if (!strcmp(policy, "none")) {
2538 tc_policy = TC_POLICY_NONE;
2539 } else {
2540 VLOG_WARN("tc: Invalid policy '%s'", policy);
2541 return;
2542 }
2543
2544 VLOG_INFO("tc: Using policy '%s'", policy);
2545 }
openvswitch packages for PVE