/*
- * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015 Nicira, Inc.
+ * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2017, 2019 Nicira, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <errno.h>
#include <inttypes.h>
#include <limits.h>
+#include <net/if.h>
#include <netinet/in.h>
#include <netinet/icmp6.h>
#include <netinet/ip6.h>
#include "random.h"
#include "unaligned.h"
#include "util.h"
+#include "openvswitch/nsh.h"
+#include "ovs-router.h"
+#include "lib/netdev-provider.h"
COVERAGE_DEFINE(flow_extract);
COVERAGE_DEFINE(miniflow_malloc);
* away. Some GCC versions gave warnings on ALWAYS_INLINE, so these are
* defined as macros. */
-#if (FLOW_WC_SEQ != 38)
+#if (FLOW_WC_SEQ != 42)
#define MINIFLOW_ASSERT(X) ovs_assert(X)
BUILD_MESSAGE("FLOW_WC_SEQ changed: miniflow_extract() will have runtime "
"assertions enabled. Consider updating FLOW_WC_SEQ after "
{
const ovs_be16 *eth_type;
- memset(vlan_hdrs, 0, sizeof(union flow_vlan_hdr) * FLOW_MAX_VLAN_HEADERS);
data_pull(datap, sizep, ETH_ADDR_LEN * 2);
eth_type = *datap;
break;
}
+ memset(vlan_hdrs + n, 0, sizeof(union flow_vlan_hdr));
const ovs_16aligned_be32 *qp = data_pull(datap, sizep, sizeof *qp);
vlan_hdrs[n].qtag = get_16aligned_be32(qp);
vlan_hdrs[n].tci |= htons(VLAN_CFI);
}
/* Returns 'true' if the packet is an ND packet. In that case the '*nd_target'
- * and 'arp_buf[]' are filled in. If the packet is not an ND pacet, 'false' is
- * returned and no values are filled in on '*nd_target' or 'arp_buf[]'. */
+ * and 'arp_buf[]' are filled in. If the packet is not an ND packet, 'false'
+ * is returned and no values are filled in on '*nd_target' or 'arp_buf[]'. */
static inline bool
-parse_icmpv6(const void **datap, size_t *sizep, const struct icmp6_hdr *icmp,
- const struct in6_addr **nd_target,
- struct eth_addr arp_buf[2])
-{
- if (icmp->icmp6_code != 0 ||
- (icmp->icmp6_type != ND_NEIGHBOR_SOLICIT &&
- icmp->icmp6_type != ND_NEIGHBOR_ADVERT)) {
+parse_icmpv6(const void **datap, size_t *sizep,
+ const struct icmp6_data_header *icmp6,
+ ovs_be32 *rso_flags, const struct in6_addr **nd_target,
+ struct eth_addr arp_buf[2], uint8_t *opt_type)
+{
+ if (icmp6->icmp6_base.icmp6_code != 0 ||
+ (icmp6->icmp6_base.icmp6_type != ND_NEIGHBOR_SOLICIT &&
+ icmp6->icmp6_base.icmp6_type != ND_NEIGHBOR_ADVERT)) {
return false;
}
arp_buf[0] = eth_addr_zero;
arp_buf[1] = eth_addr_zero;
+ *opt_type = 0;
+
+ *rso_flags = get_16aligned_be32(icmp6->icmp6_data.be32);
+
*nd_target = data_try_pull(datap, sizep, sizeof **nd_target);
if (OVS_UNLIKELY(!*nd_target)) {
return true;
while (*sizep >= 8) {
/* The minimum size of an option is 8 bytes, which also is
* the size of Ethernet link-layer options. */
- const struct ovs_nd_opt *nd_opt = *datap;
- int opt_len = nd_opt->nd_opt_len * ND_OPT_LEN;
+ const struct ovs_nd_lla_opt *lla_opt = *datap;
+ int opt_len = lla_opt->len * ND_LLA_OPT_LEN;
if (!opt_len || opt_len > *sizep) {
return true;
/* Store the link layer address if the appropriate option is
* provided. It is considered an error if the same link
* layer option is specified twice. */
- if (nd_opt->nd_opt_type == ND_OPT_SOURCE_LINKADDR
- && opt_len == 8) {
+ if (lla_opt->type == ND_OPT_SOURCE_LINKADDR && opt_len == 8) {
if (OVS_LIKELY(eth_addr_is_zero(arp_buf[0]))) {
- arp_buf[0] = nd_opt->nd_opt_mac;
+ arp_buf[0] = lla_opt->mac;
+ /* We use only first option type present in ND packet. */
+ if (*opt_type == 0) {
+ *opt_type = lla_opt->type;
+ }
} else {
goto invalid;
}
- } else if (nd_opt->nd_opt_type == ND_OPT_TARGET_LINKADDR
- && opt_len == 8) {
+ } else if (lla_opt->type == ND_OPT_TARGET_LINKADDR && opt_len == 8) {
if (OVS_LIKELY(eth_addr_is_zero(arp_buf[1]))) {
- arp_buf[1] = nd_opt->nd_opt_mac;
+ arp_buf[1] = lla_opt->mac;
+ /* We use only first option type present in ND packet. */
+ if (*opt_type == 0) {
+ *opt_type = lla_opt->type;
+ }
} else {
goto invalid;
}
static inline bool
parse_ipv6_ext_hdrs__(const void **datap, size_t *sizep, uint8_t *nw_proto,
- uint8_t *nw_frag)
+ uint8_t *nw_frag,
+ const struct ovs_16aligned_ip6_frag **frag_hdr)
{
+ *frag_hdr = NULL;
while (1) {
if (OVS_LIKELY((*nw_proto != IPPROTO_HOPOPTS)
&& (*nw_proto != IPPROTO_ROUTING)
return false;
}
} else if (*nw_proto == IPPROTO_FRAGMENT) {
- const struct ovs_16aligned_ip6_frag *frag_hdr = *datap;
+ *frag_hdr = *datap;
- *nw_proto = frag_hdr->ip6f_nxt;
- if (!data_try_pull(datap, sizep, sizeof *frag_hdr)) {
+ *nw_proto = (*frag_hdr)->ip6f_nxt;
+ if (!data_try_pull(datap, sizep, sizeof **frag_hdr)) {
return false;
}
/* We only process the first fragment. */
- if (frag_hdr->ip6f_offlg != htons(0)) {
+ if ((*frag_hdr)->ip6f_offlg != htons(0)) {
*nw_frag = FLOW_NW_FRAG_ANY;
- if ((frag_hdr->ip6f_offlg & IP6F_OFF_MASK) != htons(0)) {
+ if (((*frag_hdr)->ip6f_offlg & IP6F_OFF_MASK) != htons(0)) {
*nw_frag |= FLOW_NW_FRAG_LATER;
*nw_proto = IPPROTO_FRAGMENT;
return true;
}
}
+/* Parses IPv6 extension headers until a terminal header (or header we
+ * don't understand) is found. 'datap' points to the first extension
+ * header and advances as parsing occurs; 'sizep' is the remaining size
+ * and is decreased accordingly. 'nw_proto' starts as the first
+ * extension header to process and is updated as the extension headers
+ * are parsed.
+ *
+ * If a fragment header is found, '*frag_hdr' is set to the fragment
+ * header and otherwise set to NULL. If it is the first fragment,
+ * extension header parsing otherwise continues as usual. If it's not
+ * the first fragment, 'nw_proto' is set to IPPROTO_FRAGMENT and 'nw_frag'
+ * has FLOW_NW_FRAG_LATER set. Both first and later fragments have
+ * FLOW_NW_FRAG_ANY set in 'nw_frag'.
+ *
+ * A return value of false indicates that there was a problem parsing
+ * the extension headers.*/
bool
parse_ipv6_ext_hdrs(const void **datap, size_t *sizep, uint8_t *nw_proto,
- uint8_t *nw_frag)
+ uint8_t *nw_frag,
+ const struct ovs_16aligned_ip6_frag **frag_hdr)
{
- return parse_ipv6_ext_hdrs__(datap, sizep, nw_proto, nw_frag);
+ return parse_ipv6_ext_hdrs__(datap, sizep, nw_proto, nw_frag,
+ frag_hdr);
}
-/* Initializes 'flow' members from 'packet' and 'md'
- *
- * Initializes 'packet' header l2 pointer to the start of the Ethernet
- * header, and the layer offsets as follows:
- *
- * - packet->l2_5_ofs to the start of the MPLS shim header, or UINT16_MAX
- * when there is no MPLS shim header.
- *
- * - packet->l3_ofs to just past the Ethernet header, or just past the
- * vlan_header if one is present, to the first byte of the payload of the
- * Ethernet frame. UINT16_MAX if the frame is too short to contain an
- * Ethernet header.
- *
- * - packet->l4_ofs to just past the IPv4 header, if one is present and
- * has at least the content used for the fields of interest for the flow,
- * otherwise UINT16_MAX.
- */
+bool
+parse_nsh(const void **datap, size_t *sizep, struct ovs_key_nsh *key)
+{
+ const struct nsh_hdr *nsh = (const struct nsh_hdr *) *datap;
+ uint8_t version, length, flags, ttl;
+
+ /* Check if it is long enough for NSH header, doesn't support
+ * MD type 2 yet
+ */
+ if (OVS_UNLIKELY(*sizep < NSH_BASE_HDR_LEN)) {
+ return false;
+ }
+
+ version = nsh_get_ver(nsh);
+ flags = nsh_get_flags(nsh);
+ length = nsh_hdr_len(nsh);
+ ttl = nsh_get_ttl(nsh);
+
+ if (OVS_UNLIKELY(length > *sizep || version != 0)) {
+ return false;
+ }
+
+ key->flags = flags;
+ key->ttl = ttl;
+ key->mdtype = nsh->md_type;
+ key->np = nsh->next_proto;
+ key->path_hdr = nsh_get_path_hdr(nsh);
+
+ switch (key->mdtype) {
+ case NSH_M_TYPE1:
+ if (length != NSH_M_TYPE1_LEN) {
+ return false;
+ }
+ for (size_t i = 0; i < 4; i++) {
+ key->context[i] = get_16aligned_be32(&nsh->md1.context[i]);
+ }
+ break;
+ case NSH_M_TYPE2:
+ /* Don't support MD type 2 metedata parsing yet */
+ if (length < NSH_BASE_HDR_LEN) {
+ return false;
+ }
+
+ memset(key->context, 0, sizeof(key->context));
+ break;
+ default:
+ /* We don't parse other context headers yet. */
+ memset(key->context, 0, sizeof(key->context));
+ break;
+ }
+
+ data_pull(datap, sizep, length);
+
+ return true;
+}
+
+/* This does the same thing as miniflow_extract() with a full-size 'flow' as
+ * the destination. */
void
flow_extract(struct dp_packet *packet, struct flow *flow)
{
miniflow_expand(&m.mf, flow);
}
-/* Caller is responsible for initializing 'dst' with enough storage for
- * FLOW_U64S * 8 bytes. */
+static inline bool
+ipv4_sanity_check(const struct ip_header *nh, size_t size,
+ int *ip_lenp, uint16_t *tot_lenp)
+{
+ int ip_len;
+ uint16_t tot_len;
+
+ if (OVS_UNLIKELY(size < IP_HEADER_LEN)) {
+ return false;
+ }
+ ip_len = IP_IHL(nh->ip_ihl_ver) * 4;
+
+ if (OVS_UNLIKELY(ip_len < IP_HEADER_LEN || size < ip_len)) {
+ return false;
+ }
+
+ tot_len = ntohs(nh->ip_tot_len);
+ if (OVS_UNLIKELY(tot_len > size || ip_len > tot_len ||
+ size - tot_len > UINT8_MAX)) {
+ return false;
+ }
+
+ *ip_lenp = ip_len;
+ *tot_lenp = tot_len;
+
+ return true;
+}
+
+static inline uint8_t
+ipv4_get_nw_frag(const struct ip_header *nh)
+{
+ uint8_t nw_frag = 0;
+
+ if (OVS_UNLIKELY(IP_IS_FRAGMENT(nh->ip_frag_off))) {
+ nw_frag = FLOW_NW_FRAG_ANY;
+ if (nh->ip_frag_off & htons(IP_FRAG_OFF_MASK)) {
+ nw_frag |= FLOW_NW_FRAG_LATER;
+ }
+ }
+
+ return nw_frag;
+}
+
+static inline bool
+ipv6_sanity_check(const struct ovs_16aligned_ip6_hdr *nh, size_t size)
+{
+ uint16_t plen;
+
+ if (OVS_UNLIKELY(size < sizeof *nh)) {
+ return false;
+ }
+
+ plen = ntohs(nh->ip6_plen);
+ if (OVS_UNLIKELY(plen + IPV6_HEADER_LEN > size)) {
+ return false;
+ }
+ /* Jumbo Payload option not supported yet. */
+ if (OVS_UNLIKELY(size - (plen + IPV6_HEADER_LEN) > UINT8_MAX)) {
+ return false;
+ }
+
+ return true;
+}
+
+/* Initializes 'dst' from 'packet' and 'md', taking the packet type into
+ * account. 'dst' must have enough space for FLOW_U64S * 8 bytes.
+ *
+ * Initializes the layer offsets as follows:
+ *
+ * - packet->l2_5_ofs to the
+ * * the start of the MPLS shim header. Can be zero, if the
+ * packet is of type (OFPHTN_ETHERTYPE, ETH_TYPE_MPLS).
+ * * UINT16_MAX when there is no MPLS shim header.
+ *
+ * - packet->l3_ofs is set to
+ * * zero if the packet_type is in name space OFPHTN_ETHERTYPE
+ * and there is no MPLS shim header.
+ * * just past the Ethernet header, or just past the vlan_header if
+ * one is present, to the first byte of the payload of the
+ * Ethernet frame if the packet type is Ethernet and there is
+ * no MPLS shim header.
+ * * just past the MPLS label stack to the first byte of the MPLS
+ * payload if there is at least one MPLS shim header.
+ * * UINT16_MAX if the packet type is Ethernet and the frame is
+ * too short to contain an Ethernet header.
+ *
+ * - packet->l4_ofs is set to just past the IPv4 or IPv6 header, if one is
+ * present and the packet has at least the content used for the fields
+ * of interest for the flow, otherwise UINT16_MAX.
+ */
void
miniflow_extract(struct dp_packet *packet, struct miniflow *dst)
{
+ /* Add code to this function (or its callees) to extract new fields. */
+ BUILD_ASSERT_DECL(FLOW_WC_SEQ == 42);
+
const struct pkt_metadata *md = &packet->md;
const void *data = dp_packet_data(packet);
size_t size = dp_packet_size(packet);
+ ovs_be32 packet_type = packet->packet_type;
uint64_t *values = miniflow_values(dst);
struct mf_ctx mf = { FLOWMAP_EMPTY_INITIALIZER, values,
values + FLOW_U64S };
- const char *l2;
- ovs_be16 dl_type;
+ const char *frame;
+ ovs_be16 dl_type = OVS_BE16_MAX;
uint8_t nw_frag, nw_tos, nw_ttl, nw_proto;
uint8_t *ct_nw_proto_p = NULL;
ovs_be16 ct_tp_src = 0, ct_tp_dst = 0;
}
miniflow_push_uint32(mf, dp_hash, md->dp_hash);
miniflow_push_uint32(mf, in_port, odp_to_u32(md->in_port.odp_port));
- if (md->recirc_id || md->ct_state) {
+ if (md->ct_state) {
miniflow_push_uint32(mf, recirc_id, md->recirc_id);
miniflow_push_uint8(mf, ct_state, md->ct_state);
ct_nw_proto_p = miniflow_pointer(mf, ct_nw_proto);
miniflow_push_uint8(mf, ct_nw_proto, 0);
miniflow_push_uint16(mf, ct_zone, md->ct_zone);
- }
-
- if (md->ct_state) {
miniflow_push_uint32(mf, ct_mark, md->ct_mark);
- miniflow_pad_to_64(mf, ct_mark);
-
+ miniflow_push_be32(mf, packet_type, packet_type);
if (!ovs_u128_is_zero(md->ct_label)) {
miniflow_push_words(mf, ct_label, &md->ct_label,
sizeof md->ct_label / sizeof(uint64_t));
}
+ } else {
+ if (md->recirc_id) {
+ miniflow_push_uint32(mf, recirc_id, md->recirc_id);
+ miniflow_pad_to_64(mf, recirc_id);
+ }
+ miniflow_pad_from_64(mf, packet_type);
+ miniflow_push_be32(mf, packet_type, packet_type);
}
/* Initialize packet's layer pointer and offsets. */
- l2 = data;
+ frame = data;
dp_packet_reset_offsets(packet);
- /* Must have full Ethernet header to proceed. */
- if (OVS_UNLIKELY(size < sizeof(struct eth_header))) {
- goto out;
- } else {
- /* Link layer. */
- ASSERT_SEQUENTIAL(dl_dst, dl_src);
- miniflow_push_macs(mf, dl_dst, data);
-
- /* VLAN */
- union flow_vlan_hdr vlans[FLOW_MAX_VLAN_HEADERS];
- size_t num_vlans = parse_vlan(&data, &size, vlans);
+ if (packet_type == htonl(PT_ETH)) {
+ /* Must have full Ethernet header to proceed. */
+ if (OVS_UNLIKELY(size < sizeof(struct eth_header))) {
+ goto out;
+ } else {
+ /* Link layer. */
+ ASSERT_SEQUENTIAL(dl_dst, dl_src);
+ miniflow_push_macs(mf, dl_dst, data);
+
+ /* VLAN */
+ union flow_vlan_hdr vlans[FLOW_MAX_VLAN_HEADERS];
+ size_t num_vlans = parse_vlan(&data, &size, vlans);
+
+ dl_type = parse_ethertype(&data, &size);
+ miniflow_push_be16(mf, dl_type, dl_type);
+ miniflow_pad_to_64(mf, dl_type);
+ if (num_vlans > 0) {
+ miniflow_push_words_32(mf, vlans, vlans, num_vlans);
+ }
- /* dl_type */
- dl_type = parse_ethertype(&data, &size);
+ }
+ } else {
+ /* Take dl_type from packet_type. */
+ dl_type = pt_ns_type_be(packet_type);
+ miniflow_pad_from_64(mf, dl_type);
miniflow_push_be16(mf, dl_type, dl_type);
+ /* Do not push vlan_tci, pad instead */
miniflow_pad_to_64(mf, dl_type);
- if (num_vlans > 0) {
- miniflow_push_words_32(mf, vlans, vlans, num_vlans);
- }
}
/* Parse mpls. */
int count;
const void *mpls = data;
- packet->l2_5_ofs = (char *)data - l2;
+ packet->l2_5_ofs = (char *)data - frame;
count = parse_mpls(&data, &size);
miniflow_push_words_32(mf, mpls_lse, mpls, count);
}
/* Network layer. */
- packet->l3_ofs = (char *)data - l2;
+ packet->l3_ofs = (char *)data - frame;
nw_frag = 0;
if (OVS_LIKELY(dl_type == htons(ETH_TYPE_IP))) {
int ip_len;
uint16_t tot_len;
- if (OVS_UNLIKELY(size < IP_HEADER_LEN)) {
- goto out;
- }
- ip_len = IP_IHL(nh->ip_ihl_ver) * 4;
-
- if (OVS_UNLIKELY(ip_len < IP_HEADER_LEN)) {
- goto out;
- }
- if (OVS_UNLIKELY(size < ip_len)) {
- goto out;
- }
- tot_len = ntohs(nh->ip_tot_len);
- if (OVS_UNLIKELY(tot_len > size || ip_len > tot_len)) {
- goto out;
- }
- if (OVS_UNLIKELY(size - tot_len > UINT8_MAX)) {
+ if (OVS_UNLIKELY(!ipv4_sanity_check(nh, size, &ip_len, &tot_len))) {
goto out;
}
dp_packet_set_l2_pad_size(packet, size - tot_len);
nw_tos = nh->ip_tos;
nw_ttl = nh->ip_ttl;
nw_proto = nh->ip_proto;
- if (OVS_UNLIKELY(IP_IS_FRAGMENT(nh->ip_frag_off))) {
- nw_frag = FLOW_NW_FRAG_ANY;
- if (nh->ip_frag_off & htons(IP_FRAG_OFF_MASK)) {
- nw_frag |= FLOW_NW_FRAG_LATER;
- }
- }
+ nw_frag = ipv4_get_nw_frag(nh);
data_pull(&data, &size, ip_len);
} else if (dl_type == htons(ETH_TYPE_IPV6)) {
- const struct ovs_16aligned_ip6_hdr *nh;
+ const struct ovs_16aligned_ip6_hdr *nh = data;
ovs_be32 tc_flow;
uint16_t plen;
- if (OVS_UNLIKELY(size < sizeof *nh)) {
+ if (OVS_UNLIKELY(!ipv6_sanity_check(nh, size))) {
goto out;
}
- nh = data_pull(&data, &size, sizeof *nh);
+ data_pull(&data, &size, sizeof *nh);
plen = ntohs(nh->ip6_plen);
- if (OVS_UNLIKELY(plen > size)) {
- goto out;
- }
- /* Jumbo Payload option not supported yet. */
- if (OVS_UNLIKELY(size - plen > UINT8_MAX)) {
- goto out;
- }
dp_packet_set_l2_pad_size(packet, size - plen);
size = plen; /* Never pull padding. */
}
tc_flow = get_16aligned_be32(&nh->ip6_flow);
- {
- ovs_be32 label = tc_flow & htonl(IPV6_LABEL_MASK);
- miniflow_push_be32(mf, ipv6_label, label);
- }
-
nw_tos = ntohl(tc_flow) >> 20;
nw_ttl = nh->ip6_hlim;
nw_proto = nh->ip6_nxt;
- if (!parse_ipv6_ext_hdrs__(&data, &size, &nw_proto, &nw_frag)) {
+ const struct ovs_16aligned_ip6_frag *frag_hdr;
+ if (!parse_ipv6_ext_hdrs__(&data, &size, &nw_proto, &nw_frag,
+ &frag_hdr)) {
goto out;
}
+
+ /* This needs to be after the parse_ipv6_ext_hdrs__() call because it
+ * leaves the nw_frag word uninitialized. */
+ ASSERT_SEQUENTIAL(ipv6_label, nw_frag);
+ ovs_be32 label = tc_flow & htonl(IPV6_LABEL_MASK);
+ miniflow_push_be32(mf, ipv6_label, label);
} else {
if (dl_type == htons(ETH_TYPE_ARP) ||
dl_type == htons(ETH_TYPE_RARP)) {
miniflow_push_macs(mf, arp_sha, arp_buf);
miniflow_pad_to_64(mf, arp_tha);
}
+ } else if (dl_type == htons(ETH_TYPE_NSH)) {
+ struct ovs_key_nsh nsh;
+
+ if (OVS_LIKELY(parse_nsh(&data, &size, &nsh))) {
+ miniflow_push_words(mf, nsh, &nsh,
+ sizeof(struct ovs_key_nsh) /
+ sizeof(uint64_t));
+ }
}
goto out;
}
- packet->l4_ofs = (char *)data - l2;
+ packet->l4_ofs = (char *)data - frame;
miniflow_push_be32(mf, nw_frag,
- BYTES_TO_BE32(nw_frag, nw_tos, nw_ttl, nw_proto));
+ bytes_to_be32(nw_frag, nw_tos, nw_ttl, nw_proto));
if (OVS_LIKELY(!(nw_frag & FLOW_NW_FRAG_LATER))) {
if (OVS_LIKELY(nw_proto == IPPROTO_TCP)) {
miniflow_pad_to_64(mf, igmp_group_ip4);
}
} else if (OVS_LIKELY(nw_proto == IPPROTO_ICMPV6)) {
- if (OVS_LIKELY(size >= sizeof(struct icmp6_hdr))) {
+ if (OVS_LIKELY(size >= sizeof(struct icmp6_data_header))) {
const struct in6_addr *nd_target;
struct eth_addr arp_buf[2];
- const struct icmp6_hdr *icmp = data_pull(&data, &size,
- sizeof *icmp);
- if (parse_icmpv6(&data, &size, icmp, &nd_target, arp_buf)) {
+ /* This will populate whether we received Option 1
+ * or Option 2. */
+ uint8_t opt_type;
+ /* This holds the ND Reserved field. */
+ ovs_be32 rso_flags;
+ const struct icmp6_data_header *icmp6;
+
+ icmp6 = data_pull(&data, &size, sizeof *icmp6);
+ if (parse_icmpv6(&data, &size, icmp6,
+ &rso_flags, &nd_target, arp_buf, &opt_type)) {
if (nd_target) {
miniflow_push_words(mf, nd_target, nd_target,
sizeof *nd_target / sizeof(uint64_t));
}
miniflow_push_macs(mf, arp_sha, arp_buf);
- miniflow_pad_to_64(mf, arp_tha);
- miniflow_push_be16(mf, tp_src, htons(icmp->icmp6_type));
- miniflow_push_be16(mf, tp_dst, htons(icmp->icmp6_code));
+ /* Populate options field and set the padding
+ * accordingly. */
+ if (opt_type != 0) {
+ miniflow_push_be16(mf, tcp_flags, htons(opt_type));
+ /* Pad to align with 64 bits.
+ * This will zero out the pad3 field. */
+ miniflow_pad_to_64(mf, tcp_flags);
+ } else {
+ /* Pad to align with 64 bits.
+ * This will zero out the tcp_flags & pad3 field. */
+ miniflow_pad_to_64(mf, arp_tha);
+ }
+ miniflow_push_be16(mf, tp_src,
+ htons(icmp6->icmp6_base.icmp6_type));
+ miniflow_push_be16(mf, tp_dst,
+ htons(icmp6->icmp6_base.icmp6_code));
miniflow_pad_to_64(mf, tp_dst);
+ /* Fill ND reserved field. */
+ miniflow_push_be32(mf, igmp_group_ip4, rso_flags);
+ miniflow_pad_to_64(mf, igmp_group_ip4);
} else {
/* ICMPv6 but not ND. */
- miniflow_push_be16(mf, tp_src, htons(icmp->icmp6_type));
- miniflow_push_be16(mf, tp_dst, htons(icmp->icmp6_code));
+ miniflow_push_be16(mf, tp_src,
+ htons(icmp6->icmp6_base.icmp6_type));
+ miniflow_push_be16(mf, tp_dst,
+ htons(icmp6->icmp6_base.icmp6_code));
miniflow_push_be16(mf, ct_tp_src, ct_tp_src);
miniflow_push_be16(mf, ct_tp_dst, ct_tp_dst);
}
dst->map = mf.map;
}
-ovs_be16
-parse_dl_type(const struct eth_header *data_, size_t size)
+static ovs_be16
+parse_dl_type(const void **datap, size_t *sizep)
{
- const void *data = data_;
union flow_vlan_hdr vlans[FLOW_MAX_VLAN_HEADERS];
- parse_vlan(&data, &size, vlans);
+ parse_vlan(datap, sizep, vlans);
- return parse_ethertype(&data, &size);
+ return parse_ethertype(datap, sizep);
+}
+
+/* Parses and return the TCP flags in 'packet', converted to host byte order.
+ * If 'packet' is not an Ethernet packet embedding TCP, returns 0.
+ *
+ * The caller must ensure that 'packet' is at least ETH_HEADER_LEN bytes
+ * long.'*/
+uint16_t
+parse_tcp_flags(struct dp_packet *packet)
+{
+ const void *data = dp_packet_data(packet);
+ const char *frame = (const char *)data;
+ size_t size = dp_packet_size(packet);
+ ovs_be16 dl_type;
+ uint8_t nw_frag = 0, nw_proto = 0;
+
+ if (!dp_packet_is_eth(packet)) {
+ return 0;
+ }
+
+ dp_packet_reset_offsets(packet);
+
+ dl_type = parse_dl_type(&data, &size);
+ if (OVS_UNLIKELY(eth_type_mpls(dl_type))) {
+ packet->l2_5_ofs = (char *)data - frame;
+ }
+ packet->l3_ofs = (char *)data - frame;
+ if (OVS_LIKELY(dl_type == htons(ETH_TYPE_IP))) {
+ const struct ip_header *nh = data;
+ int ip_len;
+ uint16_t tot_len;
+
+ if (OVS_UNLIKELY(!ipv4_sanity_check(nh, size, &ip_len, &tot_len))) {
+ return 0;
+ }
+ dp_packet_set_l2_pad_size(packet, size - tot_len);
+ nw_proto = nh->ip_proto;
+ nw_frag = ipv4_get_nw_frag(nh);
+
+ size = tot_len; /* Never pull padding. */
+ data_pull(&data, &size, ip_len);
+ } else if (dl_type == htons(ETH_TYPE_IPV6)) {
+ const struct ovs_16aligned_ip6_hdr *nh = data;
+ uint16_t plen;
+
+ if (OVS_UNLIKELY(!ipv6_sanity_check(nh, size))) {
+ return 0;
+ }
+ data_pull(&data, &size, sizeof *nh);
+
+ plen = ntohs(nh->ip6_plen); /* Never pull padding. */
+ dp_packet_set_l2_pad_size(packet, size - plen);
+ size = plen;
+ const struct ovs_16aligned_ip6_frag *frag_hdr;
+ nw_proto = nh->ip6_nxt;
+ if (!parse_ipv6_ext_hdrs__(&data, &size, &nw_proto, &nw_frag,
+ &frag_hdr)) {
+ return 0;
+ }
+ } else {
+ return 0;
+ }
+
+ packet->l4_ofs = (uint16_t)((char *)data - frame);
+ if (!(nw_frag & FLOW_NW_FRAG_LATER) && nw_proto == IPPROTO_TCP &&
+ size >= TCP_HEADER_LEN) {
+ const struct tcp_header *tcp = data;
+
+ return TCP_FLAGS(tcp->tcp_ctl);
+ }
+
+ return 0;
}
/* For every bit of a field that is wildcarded in 'wildcards', sets the
{
int i;
- BUILD_ASSERT_DECL(FLOW_WC_SEQ == 38);
+ BUILD_ASSERT_DECL(FLOW_WC_SEQ == 42);
match_init_catchall(flow_metadata);
if (flow->tunnel.tun_id != htonll(0)) {
if (flow->tunnel.gbp_flags) {
match_set_tun_gbp_flags(flow_metadata, flow->tunnel.gbp_flags);
}
+ if (flow->tunnel.erspan_ver) {
+ match_set_tun_erspan_ver(flow_metadata, flow->tunnel.erspan_ver);
+ }
+ if (flow->tunnel.erspan_idx) {
+ match_set_tun_erspan_idx(flow_metadata, flow->tunnel.erspan_idx);
+ }
+ if (flow->tunnel.erspan_dir) {
+ match_set_tun_erspan_dir(flow_metadata, flow->tunnel.erspan_dir);
+ }
+ if (flow->tunnel.erspan_hwid) {
+ match_set_tun_erspan_hwid(flow_metadata, flow->tunnel.erspan_hwid);
+ }
+ if (flow->tunnel.gtpu_flags) {
+ match_set_tun_gtpu_flags(flow_metadata, flow->tunnel.gtpu_flags);
+ }
+ if (flow->tunnel.gtpu_msgtype) {
+ match_set_tun_gtpu_msgtype(flow_metadata, flow->tunnel.gtpu_msgtype);
+ }
tun_metadata_get_fmd(&flow->tunnel, flow_metadata);
if (flow->metadata != htonll(0)) {
match_set_metadata(flow_metadata, flow->metadata);
}
match_set_in_port(flow_metadata, flow->in_port.ofp_port);
+ if (flow->packet_type != htonl(PT_ETH)) {
+ match_set_packet_type(flow_metadata, flow->packet_type);
+ }
+
if (flow->ct_state != 0) {
match_set_ct_state(flow_metadata, flow->ct_state);
+ /* Match dl_type since it is required for the later interpretation of
+ * the conntrack metadata. */
+ match_set_dl_type(flow_metadata, flow->dl_type);
if (is_ct_valid(flow, NULL, NULL) && flow->ct_nw_proto != 0) {
if (flow->dl_type == htons(ETH_TYPE_IP)) {
match_set_ct_nw_src(flow_metadata, flow->ct_nw_src);
}
}
-const char *ct_state_to_string(uint32_t state)
+const char *
+ct_state_to_string(uint32_t state)
{
switch (state) {
- case CS_REPLY_DIR:
- return "rpl";
- case CS_TRACKED:
- return "trk";
- case CS_NEW:
- return "new";
- case CS_ESTABLISHED:
- return "est";
- case CS_RELATED:
- return "rel";
- case CS_INVALID:
- return "inv";
- case CS_SRC_NAT:
- return "snat";
- case CS_DST_NAT:
- return "dnat";
+#define CS_STATE(ENUM, INDEX, NAME) case CS_##ENUM: return NAME;
+ CS_STATES
+#undef CS_STATE
default:
return NULL;
}
}
+uint32_t
+ct_state_from_string(const char *s)
+{
+#define CS_STATE(ENUM, INDEX, NAME) \
+ if (!strcmp(s, NAME)) { \
+ return CS_##ENUM; \
+ }
+ CS_STATES
+#undef CS_STATE
+ return 0;
+}
+
+/* Parses conntrack state from 'state_str'. If it is parsed successfully,
+ * stores the parsed ct_state in 'ct_state', and returns true. Otherwise,
+ * returns false, and reports error message in 'ds'. */
+bool
+parse_ct_state(const char *state_str, uint32_t default_state,
+ uint32_t *ct_state, struct ds *ds)
+{
+ uint32_t state = default_state;
+ char *state_s = xstrdup(state_str);
+ char *save_ptr = NULL;
+
+ for (char *cs = strtok_r(state_s, ", ", &save_ptr); cs;
+ cs = strtok_r(NULL, ", ", &save_ptr)) {
+ uint32_t bit = ct_state_from_string(cs);
+ if (!bit) {
+ ds_put_format(ds, "%s: unknown connection tracking state flag",
+ cs);
+ free(state_s);
+ return false;
+ }
+ state |= bit;
+ }
+
+ *ct_state = state;
+ free(state_s);
+
+ return true;
+}
+
+/* Checks the given conntrack state 'state' according to the constraints
+ * listed in ovs-fields (7). Returns true if it is valid. Otherwise, returns
+ * false, and reports error in 'ds'. */
+bool
+validate_ct_state(uint32_t state, struct ds *ds)
+{
+ bool valid_ct_state = true;
+ struct ds d_str = DS_EMPTY_INITIALIZER;
+
+ format_flags(&d_str, ct_state_to_string, state, '|');
+
+ if (state && !(state & CS_TRACKED)) {
+ ds_put_format(ds, "%s: invalid connection state: "
+ "If \"trk\" is unset, no other flags are set\n",
+ ds_cstr(&d_str));
+ valid_ct_state = false;
+ }
+ if (state & CS_INVALID && state & ~(CS_TRACKED | CS_INVALID)) {
+ ds_put_format(ds, "%s: invalid connection state: "
+ "when \"inv\" is set, only \"trk\" may also be set\n",
+ ds_cstr(&d_str));
+ valid_ct_state = false;
+ }
+ if (state & CS_NEW && state & CS_ESTABLISHED) {
+ ds_put_format(ds, "%s: invalid connection state: "
+ "\"new\" and \"est\" are mutually exclusive\n",
+ ds_cstr(&d_str));
+ valid_ct_state = false;
+ }
+ if (state & CS_NEW && state & CS_REPLY_DIR) {
+ ds_put_format(ds, "%s: invalid connection state: "
+ "\"new\" and \"rpy\" are mutually exclusive\n",
+ ds_cstr(&d_str));
+ valid_ct_state = false;
+ }
+
+ ds_destroy(&d_str);
+ return valid_ct_state;
+}
+
+/* Clears the fields in 'flow' associated with connection tracking. */
+void
+flow_clear_conntrack(struct flow *flow)
+{
+ flow->ct_state = 0;
+ flow->ct_zone = 0;
+ flow->ct_mark = 0;
+ flow->ct_label = OVS_U128_ZERO;
+
+ flow->ct_nw_proto = 0;
+ flow->ct_tp_src = 0;
+ flow->ct_tp_dst = 0;
+ if (flow->dl_type == htons(ETH_TYPE_IP)) {
+ flow->ct_nw_src = 0;
+ flow->ct_nw_dst = 0;
+ } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
+ memset(&flow->ct_ipv6_src, 0, sizeof flow->ct_ipv6_src);
+ memset(&flow->ct_ipv6_dst, 0, sizeof flow->ct_ipv6_dst);
+ }
+}
+
char *
-flow_to_string(const struct flow *flow)
+flow_to_string(const struct flow *flow,
+ const struct ofputil_port_map *port_map)
{
struct ds ds = DS_EMPTY_INITIALIZER;
- flow_format(&ds, flow);
+ flow_format(&ds, flow, port_map);
return ds_cstr(&ds);
}
}
}
+static void
+put_u16_masked(struct ds *s, uint16_t value, uint16_t mask)
+{
+ if (!mask) {
+ ds_put_char(s, '*');
+ } else {
+ if (value > 9) {
+ ds_put_format(s, "0x%"PRIx16, value);
+ } else {
+ ds_put_format(s, "%"PRIu16, value);
+ }
+
+ if (mask != UINT16_MAX) {
+ ds_put_format(s, "/0x%"PRIx16, mask);
+ }
+ }
+}
+
+void
+format_packet_type_masked(struct ds *s, ovs_be32 value, ovs_be32 mask)
+{
+ if (value == htonl(PT_ETH) && mask == OVS_BE32_MAX) {
+ ds_put_cstr(s, "eth");
+ } else {
+ ds_put_cstr(s, "packet_type=(");
+ put_u16_masked(s, pt_ns(value), pt_ns(mask));
+ ds_put_char(s, ',');
+ put_u16_masked(s, pt_ns_type(value), pt_ns_type(mask));
+ ds_put_char(s, ')');
+ }
+}
+
/* Scans a string 's' of flags to determine their numerical value and
* returns the number of characters parsed using 'bit_to_string' to
* lookup flag names. Scanning continues until the character 'end' is
}
void
-flow_format(struct ds *ds, const struct flow *flow)
+flow_format(struct ds *ds,
+ const struct flow *flow, const struct ofputil_port_map *port_map)
{
struct match match;
struct flow_wildcards *wc = &match.wc;
WC_UNMASK_FIELD(wc, metadata);
}
- match_format(&match, ds, OFP_DEFAULT_PRIORITY);
+ match_format(&match, port_map, ds, OFP_DEFAULT_PRIORITY);
}
void
-flow_print(FILE *stream, const struct flow *flow)
+flow_print(FILE *stream,
+ const struct flow *flow, const struct ofputil_port_map *port_map)
{
- char *s = flow_to_string(flow);
+ char *s = flow_to_string(flow, port_map);
fputs(s, stream);
free(s);
}
flow_wildcards_init_for_packet(struct flow_wildcards *wc,
const struct flow *flow)
{
+ ovs_be16 dl_type = OVS_BE16_MAX;
+
memset(&wc->masks, 0x0, sizeof wc->masks);
/* Update this function whenever struct flow changes. */
- BUILD_ASSERT_DECL(FLOW_WC_SEQ == 38);
+ BUILD_ASSERT_DECL(FLOW_WC_SEQ == 42);
if (flow_tnl_dst_is_set(&flow->tunnel)) {
if (flow->tunnel.flags & FLOW_TNL_F_KEY) {
WC_MASK_FIELD(wc, tunnel.tp_dst);
WC_MASK_FIELD(wc, tunnel.gbp_id);
WC_MASK_FIELD(wc, tunnel.gbp_flags);
+ WC_MASK_FIELD(wc, tunnel.erspan_ver);
+ WC_MASK_FIELD(wc, tunnel.erspan_idx);
+ WC_MASK_FIELD(wc, tunnel.erspan_dir);
+ WC_MASK_FIELD(wc, tunnel.erspan_hwid);
+ WC_MASK_FIELD(wc, tunnel.gtpu_flags);
+ WC_MASK_FIELD(wc, tunnel.gtpu_msgtype);
if (!(flow->tunnel.flags & FLOW_TNL_F_UDPIF)) {
if (flow->tunnel.metadata.present.map) {
/* actset_output wildcarded. */
- WC_MASK_FIELD(wc, dl_dst);
- WC_MASK_FIELD(wc, dl_src);
- WC_MASK_FIELD(wc, dl_type);
-
- /* No need to set mask of inner VLANs that don't exist. */
- for (int i = 0; i < FLOW_MAX_VLAN_HEADERS; i++) {
- /* Always show the first zero VLAN. */
- WC_MASK_FIELD(wc, vlans[i]);
- if (flow->vlans[i].tci == htons(0)) {
- break;
+ WC_MASK_FIELD(wc, packet_type);
+ if (flow->packet_type == htonl(PT_ETH)) {
+ WC_MASK_FIELD(wc, dl_dst);
+ WC_MASK_FIELD(wc, dl_src);
+ WC_MASK_FIELD(wc, dl_type);
+ /* No need to set mask of inner VLANs that don't exist. */
+ for (int i = 0; i < FLOW_MAX_VLAN_HEADERS; i++) {
+ /* Always show the first zero VLAN. */
+ WC_MASK_FIELD(wc, vlans[i]);
+ if (flow->vlans[i].tci == htons(0)) {
+ break;
+ }
}
+ dl_type = flow->dl_type;
+ } else {
+ dl_type = pt_ns_type_be(flow->packet_type);
}
- if (flow->dl_type == htons(ETH_TYPE_IP)) {
+ if (dl_type == htons(ETH_TYPE_IP)) {
WC_MASK_FIELD(wc, nw_src);
WC_MASK_FIELD(wc, nw_dst);
WC_MASK_FIELD(wc, ct_nw_src);
WC_MASK_FIELD(wc, ct_nw_dst);
- } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
+ } else if (dl_type == htons(ETH_TYPE_IPV6)) {
WC_MASK_FIELD(wc, ipv6_src);
WC_MASK_FIELD(wc, ipv6_dst);
WC_MASK_FIELD(wc, ipv6_label);
WC_MASK_FIELD(wc, ct_ipv6_src);
WC_MASK_FIELD(wc, ct_ipv6_dst);
}
- } else if (flow->dl_type == htons(ETH_TYPE_ARP) ||
- flow->dl_type == htons(ETH_TYPE_RARP)) {
+ } else if (dl_type == htons(ETH_TYPE_ARP) ||
+ dl_type == htons(ETH_TYPE_RARP)) {
WC_MASK_FIELD(wc, nw_src);
WC_MASK_FIELD(wc, nw_dst);
WC_MASK_FIELD(wc, nw_proto);
WC_MASK_FIELD(wc, arp_sha);
WC_MASK_FIELD(wc, arp_tha);
return;
- } else if (eth_type_mpls(flow->dl_type)) {
+ } else if (eth_type_mpls(dl_type)) {
for (int i = 0; i < FLOW_MAX_MPLS_LABELS; i++) {
WC_MASK_FIELD(wc, mpls_lse[i]);
if (flow->mpls_lse[i] & htonl(MPLS_BOS_MASK)) {
}
}
return;
+ } else if (flow->dl_type == htons(ETH_TYPE_NSH)) {
+ WC_MASK_FIELD(wc, nsh.flags);
+ WC_MASK_FIELD(wc, nsh.ttl);
+ WC_MASK_FIELD(wc, nsh.mdtype);
+ WC_MASK_FIELD(wc, nsh.np);
+ WC_MASK_FIELD(wc, nsh.path_hdr);
+ WC_MASK_FIELD(wc, nsh.context);
} else {
return; /* Unknown ethertype. */
}
flow_wc_map(const struct flow *flow, struct flowmap *map)
{
/* Update this function whenever struct flow changes. */
- BUILD_ASSERT_DECL(FLOW_WC_SEQ == 38);
+ BUILD_ASSERT_DECL(FLOW_WC_SEQ == 42);
flowmap_init(map);
FLOWMAP_SET(map, ct_zone);
FLOWMAP_SET(map, ct_mark);
FLOWMAP_SET(map, ct_label);
+ FLOWMAP_SET(map, packet_type);
/* Ethertype-dependent fields. */
if (OVS_LIKELY(flow->dl_type == htons(ETH_TYPE_IP))) {
FLOWMAP_SET(map, nd_target);
FLOWMAP_SET(map, arp_sha);
FLOWMAP_SET(map, arp_tha);
+ FLOWMAP_SET(map, tcp_flags);
+ FLOWMAP_SET(map, igmp_group_ip4);
} else {
FLOWMAP_SET(map, ct_nw_proto);
FLOWMAP_SET(map, ct_ipv6_src);
FLOWMAP_SET(map, nw_proto);
FLOWMAP_SET(map, arp_sha);
FLOWMAP_SET(map, arp_tha);
+ } else if (flow->dl_type == htons(ETH_TYPE_NSH)) {
+ FLOWMAP_SET(map, nsh.flags);
+ FLOWMAP_SET(map, nsh.mdtype);
+ FLOWMAP_SET(map, nsh.np);
+ FLOWMAP_SET(map, nsh.path_hdr);
+ FLOWMAP_SET(map, nsh.context);
}
}
flow_wildcards_clear_non_packet_fields(struct flow_wildcards *wc)
{
/* Update this function whenever struct flow changes. */
- BUILD_ASSERT_DECL(FLOW_WC_SEQ == 38);
+ BUILD_ASSERT_DECL(FLOW_WC_SEQ == 42);
memset(&wc->masks.metadata, 0, sizeof wc->masks.metadata);
memset(&wc->masks.regs, 0, sizeof wc->masks.regs);
uint32_t
miniflow_hash_5tuple(const struct miniflow *flow, uint32_t basis)
{
- BUILD_ASSERT_DECL(FLOW_WC_SEQ == 38);
+ BUILD_ASSERT_DECL(FLOW_WC_SEQ == 42);
uint32_t hash = basis;
if (flow) {
}
/* Add both ports at once. */
- hash = hash_add(hash, MINIFLOW_GET_U32(flow, tp_src));
+ hash = hash_add(hash, (OVS_FORCE uint32_t) miniflow_get_ports(flow));
}
out:
return hash_finish(hash, 42);
uint32_t
flow_hash_5tuple(const struct flow *flow, uint32_t basis)
{
- BUILD_ASSERT_DECL(FLOW_WC_SEQ == 38);
+ BUILD_ASSERT_DECL(FLOW_WC_SEQ == 42);
uint32_t hash = basis;
if (flow) {
return jhash_bytes(&fields, sizeof fields, basis);
}
+/* Symmetrically Hashes non-IP 'flow' based on its L2 headers. */
+uint32_t
+flow_hash_symmetric_l2(const struct flow *flow, uint32_t basis)
+{
+ union {
+ struct {
+ ovs_be16 eth_type;
+ ovs_be16 vlan_tci;
+ struct eth_addr eth_addr;
+ ovs_be16 pad;
+ };
+ uint32_t word[3];
+ } fields;
+
+ uint32_t hash = basis;
+ int i;
+
+ if (flow->packet_type != htonl(PT_ETH)) {
+ /* Cannot hash non-Ethernet flows */
+ return 0;
+ }
+
+ for (i = 0; i < ARRAY_SIZE(fields.eth_addr.be16); i++) {
+ fields.eth_addr.be16[i] =
+ flow->dl_src.be16[i] ^ flow->dl_dst.be16[i];
+ }
+ fields.vlan_tci = 0;
+ for (i = 0; i < FLOW_MAX_VLAN_HEADERS; i++) {
+ fields.vlan_tci ^= flow->vlans[i].tci & htons(VLAN_VID_MASK);
+ }
+ fields.eth_type = flow->dl_type;
+ fields.pad = 0;
+
+ hash = hash_add(hash, fields.word[0]);
+ hash = hash_add(hash, fields.word[1]);
+ hash = hash_add(hash, fields.word[2]);
+ return hash_finish(hash, basis);
+}
+
/* Hashes 'flow' based on its L3 through L4 protocol information */
uint32_t
flow_hash_symmetric_l3l4(const struct flow *flow, uint32_t basis,
const uint64_t *a = ALIGNED_CAST(uint64_t *, flow->ipv6_src.s6_addr);
const uint64_t *b = ALIGNED_CAST(uint64_t *, flow->ipv6_dst.s6_addr);
- for (int i = 0; i < 4; i++) {
+ for (int i = 0; i < sizeof flow->ipv6_src / sizeof *a; i++) {
hash = hash_add64(hash, a[i] ^ b[i]);
}
} else {
- /* Cannot hash non-IP flows */
- return 0;
+ /* Revert to hashing L2 headers */
+ return flow_hash_symmetric_l2(flow, basis);
}
-
hash = hash_add(hash, flow->nw_proto);
- if (flow->nw_proto == IPPROTO_TCP || flow->nw_proto == IPPROTO_SCTP ||
- (inc_udp_ports && flow->nw_proto == IPPROTO_UDP)) {
+ if (!(flow->nw_frag & FLOW_NW_FRAG_MASK)
+ && (flow->nw_proto == IPPROTO_TCP || flow->nw_proto == IPPROTO_SCTP ||
+ (inc_udp_ports && flow->nw_proto == IPPROTO_UDP))) {
hash = hash_add(hash,
(OVS_FORCE uint16_t) (flow->tp_src ^ flow->tp_dst));
}
return hash_finish(hash, basis);
}
+/* Hashes 'flow' based on its nw_dst and nw_src for multipath. */
+uint32_t
+flow_hash_symmetric_l3(const struct flow *flow, uint32_t basis)
+{
+ struct {
+ union {
+ ovs_be32 ipv4_addr;
+ struct in6_addr ipv6_addr;
+ };
+ ovs_be16 eth_type;
+ } fields;
+
+ int i;
+
+ memset(&fields, 0, sizeof fields);
+ fields.eth_type = flow->dl_type;
+
+ if (fields.eth_type == htons(ETH_TYPE_IP)) {
+ fields.ipv4_addr = flow->nw_src ^ flow->nw_dst;
+ } else if (fields.eth_type == htons(ETH_TYPE_IPV6)) {
+ const uint8_t *a = &flow->ipv6_src.s6_addr[0];
+ const uint8_t *b = &flow->ipv6_dst.s6_addr[0];
+ uint8_t *ipv6_addr = &fields.ipv6_addr.s6_addr[0];
+
+ for (i = 0; i < 16; i++) {
+ ipv6_addr[i] = a[i] ^ b[i];
+ }
+ }
+ return jhash_bytes(&fields, sizeof fields, basis);
+}
+
/* Initialize a flow with random fields that matter for nx_hash_fields. */
void
flow_random_hash_fields(struct flow *flow)
}
if (is_ip_any(flow)) {
memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
- flow_unwildcard_tp_ports(flow, wc);
+ /* Unwildcard port only for non-UDP packets as udp port
+ * numbers are not used in hash calculations.
+ */
+ if (flow->nw_proto != IPPROTO_UDP) {
+ flow_unwildcard_tp_ports(flow, wc);
+ }
}
for (i = 0; i < FLOW_MAX_VLAN_HEADERS; i++) {
wc->masks.vlans[i].tci |= htons(VLAN_VID_MASK | VLAN_CFI);
}
break;
-
case NX_HASH_FIELDS_SYMMETRIC_L3L4_UDP:
- if (is_ip_any(flow) && flow->nw_proto == IPPROTO_UDP) {
+ if (is_ip_any(flow) && flow->nw_proto == IPPROTO_UDP
+ && !(flow->nw_frag & FLOW_NW_FRAG_MASK)) {
memset(&wc->masks.tp_src, 0xff, sizeof wc->masks.tp_src);
memset(&wc->masks.tp_dst, 0xff, sizeof wc->masks.tp_dst);
}
- /* no break */
+ /* fall through */
case NX_HASH_FIELDS_SYMMETRIC_L3L4:
if (flow->dl_type == htons(ETH_TYPE_IP)) {
memset(&wc->masks.nw_src, 0xff, sizeof wc->masks.nw_src);
} else {
break; /* non-IP flow */
}
-
memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
- if (flow->nw_proto == IPPROTO_TCP || flow->nw_proto == IPPROTO_SCTP) {
+ if ((flow->nw_proto == IPPROTO_TCP || flow->nw_proto == IPPROTO_SCTP)
+ && !(flow->nw_frag & FLOW_NW_FRAG_MASK)) {
memset(&wc->masks.tp_src, 0xff, sizeof wc->masks.tp_src);
memset(&wc->masks.tp_dst, 0xff, sizeof wc->masks.tp_dst);
}
}
break;
+ case NX_HASH_FIELDS_SYMMETRIC_L3:
+ if (flow->dl_type == htons(ETH_TYPE_IP)) {
+ memset(&wc->masks.nw_src, 0xff, sizeof wc->masks.nw_src);
+ memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst);
+ } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
+ memset(&wc->masks.ipv6_src, 0xff, sizeof wc->masks.ipv6_src);
+ memset(&wc->masks.ipv6_dst, 0xff, sizeof wc->masks.ipv6_dst);
+ }
+ break;
+
default:
OVS_NOT_REACHED();
}
return basis;
}
+ case NX_HASH_FIELDS_SYMMETRIC_L3:
+ return flow_hash_symmetric_l3(flow, basis);
}
OVS_NOT_REACHED();
case NX_HASH_FIELDS_SYMMETRIC_L3L4_UDP: return "symmetric_l3l4+udp";
case NX_HASH_FIELDS_NW_SRC: return "nw_src";
case NX_HASH_FIELDS_NW_DST: return "nw_dst";
+ case NX_HASH_FIELDS_SYMMETRIC_L3: return "symmetric_l3";
default: return "<unknown>";
}
}
|| fields == NX_HASH_FIELDS_SYMMETRIC_L3L4
|| fields == NX_HASH_FIELDS_SYMMETRIC_L3L4_UDP
|| fields == NX_HASH_FIELDS_NW_SRC
- || fields == NX_HASH_FIELDS_NW_DST;
+ || fields == NX_HASH_FIELDS_NW_DST
+ || fields == NX_HASH_FIELDS_SYMMETRIC_L3;
}
/* Returns a hash value for the bits of 'flow' that are active based on
*
* - Other values of 'vid' should not be used. */
void
-flow_set_dl_vlan(struct flow *flow, ovs_be16 vid)
+flow_set_dl_vlan(struct flow *flow, ovs_be16 vid, int id)
{
if (vid == htons(OFP10_VLAN_NONE)) {
- flow->vlans[0].tci = htons(0);
+ flow->vlans[id].tci = htons(0);
} else {
vid &= htons(VLAN_VID_MASK);
- flow->vlans[0].tci &= ~htons(VLAN_VID_MASK);
- flow->vlans[0].tci |= htons(VLAN_CFI) | vid;
+ flow->vlans[id].tci &= ~htons(VLAN_VID_MASK);
+ flow->vlans[id].tci |= htons(VLAN_CFI) | vid;
}
}
* After calling this function, 'flow' will not match packets without a VLAN
* header. */
void
-flow_set_vlan_pcp(struct flow *flow, uint8_t pcp)
+flow_set_vlan_pcp(struct flow *flow, uint8_t pcp, int id)
{
pcp &= 0x07;
- flow->vlans[0].tci &= ~htons(VLAN_PCP_MASK);
- flow->vlans[0].tci |= htons((pcp << VLAN_PCP_SHIFT) | VLAN_CFI);
+ flow->vlans[id].tci &= ~htons(VLAN_PCP_MASK);
+ flow->vlans[id].tci |= htons((pcp << VLAN_PCP_SHIFT) | VLAN_CFI);
}
/* Counts the number of VLAN headers. */
flow_pop_vlan(struct flow *flow, struct flow_wildcards *wc)
{
int n = flow_count_vlan_headers(flow);
- if (n == 0) {
- return;
+ if (n > 1) {
+ if (wc) {
+ memset(&wc->masks.vlans[1], 0xff,
+ sizeof(union flow_vlan_hdr) * (n - 1));
+ }
+ memmove(&flow->vlans[0], &flow->vlans[1],
+ sizeof(union flow_vlan_hdr) * (n - 1));
}
- if (wc) {
- memset(&wc->masks.vlans[1], 0xff,
- sizeof(union flow_vlan_hdr) * (n - 1));
+ if (n > 0) {
+ memset(&flow->vlans[n - 1], 0, sizeof(union flow_vlan_hdr));
}
- memmove(&flow->vlans[0], &flow->vlans[1],
- sizeof(union flow_vlan_hdr) * (n - 1));
- memset(&flow->vlans[n - 1], 0, sizeof(union flow_vlan_hdr));
}
void
{
if (wc) {
int n = flow_count_vlan_headers(flow);
- memset(wc->masks.vlans, 0xff, sizeof(union flow_vlan_hdr) * n);
+ if (n) {
+ memset(wc->masks.vlans, 0xff, sizeof(union flow_vlan_hdr) * n);
+ }
}
memmove(&flow->vlans[1], &flow->vlans[0],
sizeof(union flow_vlan_hdr) * (FLOW_MAX_VLAN_HEADERS - 1));
if (clear_flow_L3) {
/* Clear all L3 and L4 fields and dp_hash. */
- BUILD_ASSERT(FLOW_WC_SEQ == 38);
+ BUILD_ASSERT(FLOW_WC_SEQ == 42);
memset((char *) flow + FLOW_SEGMENT_2_ENDS_AT, 0,
sizeof(struct flow) - FLOW_SEGMENT_2_ENDS_AT);
flow->dp_hash = 0;
flow->mpls_lse[idx] = lse;
}
+static void
+flow_compose_l7(struct dp_packet *p, const void *l7, size_t l7_len)
+{
+ if (l7_len) {
+ if (l7) {
+ dp_packet_put(p, l7, l7_len);
+ } else {
+ uint8_t *payload = dp_packet_put_uninit(p, l7_len);
+ for (size_t i = 0; i < l7_len; i++) {
+ payload[i] = i;
+ }
+ }
+ }
+}
+
static size_t
-flow_compose_l4(struct dp_packet *p, const struct flow *flow)
+flow_compose_l4(struct dp_packet *p, const struct flow *flow,
+ const void *l7, size_t l7_len)
{
- size_t l4_len = 0;
+ size_t orig_len = dp_packet_size(p);
if (!(flow->nw_frag & FLOW_NW_FRAG_ANY)
|| !(flow->nw_frag & FLOW_NW_FRAG_LATER)) {
if (flow->nw_proto == IPPROTO_TCP) {
- struct tcp_header *tcp;
-
- l4_len = sizeof *tcp;
- tcp = dp_packet_put_zeros(p, l4_len);
+ struct tcp_header *tcp = dp_packet_put_zeros(p, sizeof *tcp);
tcp->tcp_src = flow->tp_src;
tcp->tcp_dst = flow->tp_dst;
tcp->tcp_ctl = TCP_CTL(ntohs(flow->tcp_flags), 5);
+ if (!(flow->tcp_flags & htons(TCP_SYN | TCP_FIN | TCP_RST))) {
+ flow_compose_l7(p, l7, l7_len);
+ }
} else if (flow->nw_proto == IPPROTO_UDP) {
- struct udp_header *udp;
-
- l4_len = sizeof *udp;
- udp = dp_packet_put_zeros(p, l4_len);
+ struct udp_header *udp = dp_packet_put_zeros(p, sizeof *udp);
udp->udp_src = flow->tp_src;
udp->udp_dst = flow->tp_dst;
- udp->udp_len = htons(l4_len);
+ udp->udp_len = htons(sizeof *udp + l7_len);
+ flow_compose_l7(p, l7, l7_len);
} else if (flow->nw_proto == IPPROTO_SCTP) {
- struct sctp_header *sctp;
-
- l4_len = sizeof *sctp;
- sctp = dp_packet_put_zeros(p, l4_len);
+ struct sctp_header *sctp = dp_packet_put_zeros(p, sizeof *sctp);
sctp->sctp_src = flow->tp_src;
sctp->sctp_dst = flow->tp_dst;
+ /* XXX Someone should figure out what L7 data to include. */
} else if (flow->nw_proto == IPPROTO_ICMP) {
- struct icmp_header *icmp;
-
- l4_len = sizeof *icmp;
- icmp = dp_packet_put_zeros(p, l4_len);
+ struct icmp_header *icmp = dp_packet_put_zeros(p, sizeof *icmp);
icmp->icmp_type = ntohs(flow->tp_src);
icmp->icmp_code = ntohs(flow->tp_dst);
+ if ((icmp->icmp_type == ICMP4_ECHO_REQUEST ||
+ icmp->icmp_type == ICMP4_ECHO_REPLY)
+ && icmp->icmp_code == 0) {
+ flow_compose_l7(p, l7, l7_len);
+ } else {
+ /* XXX Add inner IP packet for e.g. destination unreachable? */
+ }
} else if (flow->nw_proto == IPPROTO_IGMP) {
- struct igmp_header *igmp;
-
- l4_len = sizeof *igmp;
- igmp = dp_packet_put_zeros(p, l4_len);
+ struct igmp_header *igmp = dp_packet_put_zeros(p, sizeof *igmp);
igmp->igmp_type = ntohs(flow->tp_src);
igmp->igmp_code = ntohs(flow->tp_dst);
put_16aligned_be32(&igmp->group, flow->igmp_group_ip4);
} else if (flow->nw_proto == IPPROTO_ICMPV6) {
- struct icmp6_hdr *icmp;
+ struct icmp6_data_header *icmp6;
- l4_len = sizeof *icmp;
- icmp = dp_packet_put_zeros(p, l4_len);
- icmp->icmp6_type = ntohs(flow->tp_src);
- icmp->icmp6_code = ntohs(flow->tp_dst);
+ icmp6 = dp_packet_put_zeros(p, sizeof *icmp6);
+ icmp6->icmp6_base.icmp6_type = ntohs(flow->tp_src);
+ icmp6->icmp6_base.icmp6_code = ntohs(flow->tp_dst);
+ put_16aligned_be32(icmp6->icmp6_data.be32, flow->igmp_group_ip4);
- if (icmp->icmp6_code == 0 &&
- (icmp->icmp6_type == ND_NEIGHBOR_SOLICIT ||
- icmp->icmp6_type == ND_NEIGHBOR_ADVERT)) {
+ if (icmp6->icmp6_base.icmp6_code == 0 &&
+ (icmp6->icmp6_base.icmp6_type == ND_NEIGHBOR_SOLICIT ||
+ icmp6->icmp6_base.icmp6_type == ND_NEIGHBOR_ADVERT)) {
struct in6_addr *nd_target;
- struct ovs_nd_opt *nd_opt;
+ struct ovs_nd_lla_opt *lla_opt;
- l4_len += sizeof *nd_target;
nd_target = dp_packet_put_zeros(p, sizeof *nd_target);
*nd_target = flow->nd_target;
if (!eth_addr_is_zero(flow->arp_sha)) {
- l4_len += 8;
- nd_opt = dp_packet_put_zeros(p, 8);
- nd_opt->nd_opt_len = 1;
- nd_opt->nd_opt_type = ND_OPT_SOURCE_LINKADDR;
- nd_opt->nd_opt_mac = flow->arp_sha;
+ lla_opt = dp_packet_put_zeros(p, 8);
+ lla_opt->len = 1;
+ lla_opt->type = ND_OPT_SOURCE_LINKADDR;
+ lla_opt->mac = flow->arp_sha;
}
if (!eth_addr_is_zero(flow->arp_tha)) {
- l4_len += 8;
- nd_opt = dp_packet_put_zeros(p, 8);
- nd_opt->nd_opt_len = 1;
- nd_opt->nd_opt_type = ND_OPT_TARGET_LINKADDR;
- nd_opt->nd_opt_mac = flow->arp_tha;
+ lla_opt = dp_packet_put_zeros(p, 8);
+ lla_opt->len = 1;
+ lla_opt->type = ND_OPT_TARGET_LINKADDR;
+ lla_opt->mac = flow->arp_tha;
}
+ } else if (icmp6->icmp6_base.icmp6_code == 0 &&
+ (icmp6->icmp6_base.icmp6_type == ICMP6_ECHO_REQUEST ||
+ icmp6->icmp6_base.icmp6_type == ICMP6_ECHO_REPLY)) {
+ flow_compose_l7(p, l7, l7_len);
+ } else {
+ /* XXX Add inner IP packet for e.g. destination unreachable? */
}
}
}
- return l4_len;
+
+ return dp_packet_size(p) - orig_len;
}
static void
if (flow->nw_proto == IPPROTO_TCP) {
struct tcp_header *tcp = dp_packet_l4(p);
- /* Checksum has already been zeroed by put_zeros call in
- * flow_compose_l4(). */
+ tcp->tcp_csum = 0;
tcp->tcp_csum = csum_finish(csum_continue(pseudo_hdr_csum,
tcp, l4_len));
} else if (flow->nw_proto == IPPROTO_UDP) {
struct udp_header *udp = dp_packet_l4(p);
- /* Checksum has already been zeroed by put_zeros call in
- * flow_compose_l4(). */
+ udp->udp_csum = 0;
udp->udp_csum = csum_finish(csum_continue(pseudo_hdr_csum,
udp, l4_len));
+ if (!udp->udp_csum) {
+ udp->udp_csum = htons(0xffff);
+ }
} else if (flow->nw_proto == IPPROTO_ICMP) {
struct icmp_header *icmp = dp_packet_l4(p);
- /* Checksum has already been zeroed by put_zeros call in
- * flow_compose_l4(). */
+ icmp->icmp_csum = 0;
icmp->icmp_csum = csum(icmp, l4_len);
} else if (flow->nw_proto == IPPROTO_IGMP) {
struct igmp_header *igmp = dp_packet_l4(p);
- /* Checksum has already been zeroed by put_zeros call in
- * flow_compose_l4(). */
+ igmp->igmp_csum = 0;
igmp->igmp_csum = csum(igmp, l4_len);
} else if (flow->nw_proto == IPPROTO_ICMPV6) {
- struct icmp6_hdr *icmp = dp_packet_l4(p);
+ struct icmp6_data_header *icmp6 = dp_packet_l4(p);
- /* Checksum has already been zeroed by put_zeros call in
- * flow_compose_l4(). */
- icmp->icmp6_cksum = (OVS_FORCE uint16_t)
- csum_finish(csum_continue(pseudo_hdr_csum, icmp, l4_len));
+ icmp6->icmp6_base.icmp6_cksum = 0;
+ icmp6->icmp6_base.icmp6_cksum =
+ csum_finish(csum_continue(pseudo_hdr_csum, icmp6, l4_len));
}
}
}
+/* Increase the size of packet composed by 'flow_compose_minimal'
+ * up to 'size' bytes. Fixes all the required packet headers like
+ * ip/udp lengths and l3/l4 checksums.
+ *
+ * 'size' needs to be larger then the current packet size. */
+void
+packet_expand(struct dp_packet *p, const struct flow *flow, size_t size)
+{
+ size_t extra_size;
+
+ ovs_assert(size > dp_packet_size(p));
+
+ extra_size = size - dp_packet_size(p);
+ dp_packet_put_zeros(p, extra_size);
+
+ if (flow->dl_type == htons(FLOW_DL_TYPE_NONE)) {
+ struct eth_header *eth = dp_packet_eth(p);
+
+ eth->eth_type = htons(dp_packet_size(p));
+ } else if (dl_type_is_ip_any(flow->dl_type)) {
+ uint32_t pseudo_hdr_csum;
+ size_t l4_len = (char *) dp_packet_tail(p) - (char *) dp_packet_l4(p);
+
+ if (flow->dl_type == htons(ETH_TYPE_IP)) {
+ struct ip_header *ip = dp_packet_l3(p);
+
+ ip->ip_tot_len = htons(p->l4_ofs - p->l3_ofs + l4_len);
+ ip->ip_csum = 0;
+ ip->ip_csum = csum(ip, sizeof *ip);
+
+ pseudo_hdr_csum = packet_csum_pseudoheader(ip);
+ } else { /* ETH_TYPE_IPV6 */
+ struct ovs_16aligned_ip6_hdr *nh = dp_packet_l3(p);
+
+ nh->ip6_plen = htons(l4_len);
+ pseudo_hdr_csum = packet_csum_pseudoheader6(nh);
+ }
+
+ if ((!(flow->nw_frag & FLOW_NW_FRAG_ANY)
+ || !(flow->nw_frag & FLOW_NW_FRAG_LATER))
+ && flow->nw_proto == IPPROTO_UDP) {
+ struct udp_header *udp = dp_packet_l4(p);
+
+ udp->udp_len = htons(l4_len + extra_size);
+ }
+ flow_compose_l4_csum(p, flow, pseudo_hdr_csum);
+ }
+}
+
/* Puts into 'p' a packet that flow_extract() would parse as having the given
* 'flow'.
*
* (This is useful only for testing, obviously, and the packet isn't really
- * valid. Lots of fields are just zeroed.) */
+ * valid. Lots of fields are just zeroed.)
+ *
+ * For packets whose protocols can encapsulate arbitrary L7 payloads, 'l7' and
+ * 'l7_len' determine that payload:
+ *
+ * - If 'l7_len' is zero, no payload is included.
+ *
+ * - If 'l7_len' is nonzero and 'l7' is null, an arbitrary payload 'l7_len'
+ * bytes long is included.
+ *
+ * - If 'l7_len' is nonzero and 'l7' is nonnull, the payload is copied
+ * from 'l7'. */
void
-flow_compose(struct dp_packet *p, const struct flow *flow)
+flow_compose(struct dp_packet *p, const struct flow *flow,
+ const void *l7, size_t l7_len)
{
+ /* Add code to this function (or its callees) for emitting new fields or
+ * protocols. (This isn't essential, so it can be skipped for initial
+ * testing.) */
+ BUILD_ASSERT_DECL(FLOW_WC_SEQ == 42);
+
uint32_t pseudo_hdr_csum;
size_t l4_len;
/* eth_compose() sets l3 pointer and makes sure it is 32-bit aligned. */
eth_compose(p, flow->dl_dst, flow->dl_src, ntohs(flow->dl_type), 0);
if (flow->dl_type == htons(FLOW_DL_TYPE_NONE)) {
- struct eth_header *eth = dp_packet_l2(p);
+ struct eth_header *eth = dp_packet_eth(p);
eth->eth_type = htons(dp_packet_size(p));
return;
}
dp_packet_set_l4(p, dp_packet_tail(p));
- l4_len = flow_compose_l4(p, flow);
+ l4_len = flow_compose_l4(p, flow, l7, l7_len);
ip = dp_packet_l3(p);
ip->ip_tot_len = htons(p->l4_ofs - p->l3_ofs + l4_len);
dp_packet_set_l4(p, dp_packet_tail(p));
- l4_len = flow_compose_l4(p, flow);
+ l4_len = flow_compose_l4(p, flow, l7, l7_len);
nh = dp_packet_l3(p);
nh->ip6_plen = htons(l4_len);
bool
minimask_equal(const struct minimask *a, const struct minimask *b)
{
- return !memcmp(a, b, sizeof *a
- + MINIFLOW_VALUES_SIZE(miniflow_n_values(&a->masks)));
+ /* At first glance, it might seem that this can be reasonably optimized
+ * into a single memcmp() for the total size of the region. Such an
+ * optimization will work OK with most implementations of memcmp() that
+ * proceed from the start of the regions to be compared to the end in
+ * reasonably sized chunks. However, memcmp() is not required to be
+ * implemented that way, and an implementation that, for example, compares
+ * all of the bytes in both regions without early exit when it finds a
+ * difference, or one that compares, say, 64 bytes at a time, could access
+ * an unmapped region of memory if minimasks 'a' and 'b' have different
+ * lengths. By first checking that the maps are the same with the first
+ * memcmp(), we verify that 'a' and 'b' have the same length and therefore
+ * ensure that the second memcmp() is safe. */
+ return (!memcmp(a, b, sizeof *a)
+ && !memcmp(a + 1, b + 1,
+ MINIFLOW_VALUES_SIZE(miniflow_n_values(&a->masks))));
}
/* Returns true if at least one bit matched by 'b' is wildcarded by 'a',
flow_vlan_limit = MIN(vlan_limit, FLOW_MAX_VLAN_HEADERS);
}
}
+
+struct netdev *
+flow_get_tunnel_netdev(struct flow_tnl *tunnel)
+{
+ char iface[IFNAMSIZ];
+ struct in6_addr ip6;
+ struct in6_addr gw;
+
+ if (tunnel->ip_src) {
+ in6_addr_set_mapped_ipv4(&ip6, tunnel->ip_src);
+ } else if (ipv6_addr_is_set(&tunnel->ipv6_src)) {
+ ip6 = tunnel->ipv6_src;
+ } else {
+ return NULL;
+ }
+
+ if (!ovs_router_lookup(0, &ip6, iface, NULL, &gw)) {
+ return NULL;
+ }
+
+ return netdev_from_name(iface);
+}