1c9422999SThomas Gleixner // SPDX-License-Identifier: GPL-2.0-only
2ccb1352eSJesse Gross /*
34572ef52Sandy zhou * Copyright (c) 2007-2017 Nicira, Inc.
4ccb1352eSJesse Gross */
5ccb1352eSJesse Gross
6ccb1352eSJesse Gross #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
7ccb1352eSJesse Gross
8ccb1352eSJesse Gross #include <linux/skbuff.h>
9ccb1352eSJesse Gross #include <linux/in.h>
10ccb1352eSJesse Gross #include <linux/ip.h>
11ccb1352eSJesse Gross #include <linux/openvswitch.h>
12a175a723SJoe Stringer #include <linux/sctp.h>
13ccb1352eSJesse Gross #include <linux/tcp.h>
14ccb1352eSJesse Gross #include <linux/udp.h>
15ccb1352eSJesse Gross #include <linux/in6.h>
16ccb1352eSJesse Gross #include <linux/if_arp.h>
17ccb1352eSJesse Gross #include <linux/if_vlan.h>
1825cd9ba0SSimon Horman
197f8a436eSJoe Stringer #include <net/dst.h>
20d457a0e3SEric Dumazet #include <net/gso.h>
21ccb1352eSJesse Gross #include <net/ip.h>
223fdbd1ceSAnsis Atteka #include <net/ipv6.h>
237b85b4dfSJoe Stringer #include <net/ip6_fib.h>
24ccb1352eSJesse Gross #include <net/checksum.h>
25ccb1352eSJesse Gross #include <net/dsfield.h>
2625cd9ba0SSimon Horman #include <net/mpls.h>
27a175a723SJoe Stringer #include <net/sctp/checksum.h>
28ccb1352eSJesse Gross
29ccb1352eSJesse Gross #include "datapath.h"
309d802da4SAdrian Moreno #include "drop.h"
31971427f3SAndy Zhou #include "flow.h"
327f8a436eSJoe Stringer #include "conntrack.h"
33ccb1352eSJesse Gross #include "vport.h"
34b2d0f5d5SYi Yang #include "flow_netlink.h"
35c4ab7b56SAaron Conole #include "openvswitch_trace.h"
36ccb1352eSJesse Gross
37971427f3SAndy Zhou struct deferred_action {
38971427f3SAndy Zhou struct sk_buff *skb;
39971427f3SAndy Zhou const struct nlattr *actions;
4047c697aaSandy zhou int actions_len;
41971427f3SAndy Zhou
42971427f3SAndy Zhou /* Store pkt_key clone when creating deferred action. */
43971427f3SAndy Zhou struct sw_flow_key pkt_key;
44971427f3SAndy Zhou };
45971427f3SAndy Zhou
467f8a436eSJoe Stringer #define MAX_L2_LEN (VLAN_ETH_HLEN + 3 * MPLS_HLEN)
477f8a436eSJoe Stringer struct ovs_frag_data {
487f8a436eSJoe Stringer unsigned long dst;
497f8a436eSJoe Stringer struct vport *vport;
507f8a436eSJoe Stringer struct ovs_skb_cb cb;
517f8a436eSJoe Stringer __be16 inner_protocol;
52c66549ffSJiri Benc u16 network_offset; /* valid only for MPLS */
53c66549ffSJiri Benc u16 vlan_tci;
547f8a436eSJoe Stringer __be16 vlan_proto;
557f8a436eSJoe Stringer unsigned int l2_len;
56e2d9d835SJiri Benc u8 mac_proto;
577f8a436eSJoe Stringer u8 l2_data[MAX_L2_LEN];
587f8a436eSJoe Stringer };
597f8a436eSJoe Stringer
607f8a436eSJoe Stringer static DEFINE_PER_CPU(struct ovs_frag_data, ovs_frag_data_storage);
617f8a436eSJoe Stringer
62971427f3SAndy Zhou #define DEFERRED_ACTION_FIFO_SIZE 10
632679d040SLance Richardson #define OVS_RECURSION_LIMIT 5
642679d040SLance Richardson #define OVS_DEFERRED_ACTION_THRESHOLD (OVS_RECURSION_LIMIT - 2)
65971427f3SAndy Zhou struct action_fifo {
66971427f3SAndy Zhou int head;
67971427f3SAndy Zhou int tail;
68971427f3SAndy Zhou /* Deferred action fifo queue storage. */
69971427f3SAndy Zhou struct deferred_action fifo[DEFERRED_ACTION_FIFO_SIZE];
70971427f3SAndy Zhou };
71971427f3SAndy Zhou
724572ef52Sandy zhou struct action_flow_keys {
732679d040SLance Richardson struct sw_flow_key key[OVS_DEFERRED_ACTION_THRESHOLD];
742679d040SLance Richardson };
752679d040SLance Richardson
76971427f3SAndy Zhou static struct action_fifo __percpu *action_fifos;
774572ef52Sandy zhou static struct action_flow_keys __percpu *flow_keys;
78971427f3SAndy Zhou static DEFINE_PER_CPU(int, exec_actions_level);
79971427f3SAndy Zhou
804572ef52Sandy zhou /* Make a clone of the 'key', using the pre-allocated percpu 'flow_keys'
814572ef52Sandy zhou * space. Return NULL if out of key spaces.
824572ef52Sandy zhou */
clone_key(const struct sw_flow_key * key_)834572ef52Sandy zhou static struct sw_flow_key *clone_key(const struct sw_flow_key *key_)
844572ef52Sandy zhou {
854572ef52Sandy zhou struct action_flow_keys *keys = this_cpu_ptr(flow_keys);
864572ef52Sandy zhou int level = this_cpu_read(exec_actions_level);
874572ef52Sandy zhou struct sw_flow_key *key = NULL;
884572ef52Sandy zhou
894572ef52Sandy zhou if (level <= OVS_DEFERRED_ACTION_THRESHOLD) {
904572ef52Sandy zhou key = &keys->key[level - 1];
914572ef52Sandy zhou *key = *key_;
924572ef52Sandy zhou }
934572ef52Sandy zhou
944572ef52Sandy zhou return key;
954572ef52Sandy zhou }
964572ef52Sandy zhou
action_fifo_init(struct action_fifo * fifo)97971427f3SAndy Zhou static void action_fifo_init(struct action_fifo *fifo)
98971427f3SAndy Zhou {
99971427f3SAndy Zhou fifo->head = 0;
100971427f3SAndy Zhou fifo->tail = 0;
101971427f3SAndy Zhou }
102971427f3SAndy Zhou
action_fifo_is_empty(const struct action_fifo * fifo)10312eb18f7SThomas Graf static bool action_fifo_is_empty(const struct action_fifo *fifo)
104971427f3SAndy Zhou {
105971427f3SAndy Zhou return (fifo->head == fifo->tail);
106971427f3SAndy Zhou }
107971427f3SAndy Zhou
action_fifo_get(struct action_fifo * fifo)108971427f3SAndy Zhou static struct deferred_action *action_fifo_get(struct action_fifo *fifo)
109971427f3SAndy Zhou {
110971427f3SAndy Zhou if (action_fifo_is_empty(fifo))
111971427f3SAndy Zhou return NULL;
112971427f3SAndy Zhou
113971427f3SAndy Zhou return &fifo->fifo[fifo->tail++];
114971427f3SAndy Zhou }
115971427f3SAndy Zhou
action_fifo_put(struct action_fifo * fifo)116971427f3SAndy Zhou static struct deferred_action *action_fifo_put(struct action_fifo *fifo)
117971427f3SAndy Zhou {
118971427f3SAndy Zhou if (fifo->head >= DEFERRED_ACTION_FIFO_SIZE - 1)
119971427f3SAndy Zhou return NULL;
120971427f3SAndy Zhou
121971427f3SAndy Zhou return &fifo->fifo[fifo->head++];
122971427f3SAndy Zhou }
123971427f3SAndy Zhou
124971427f3SAndy Zhou /* Return true if fifo is not full */
add_deferred_actions(struct sk_buff * skb,const struct sw_flow_key * key,const struct nlattr * actions,const int actions_len)125971427f3SAndy Zhou static struct deferred_action *add_deferred_actions(struct sk_buff *skb,
12612eb18f7SThomas Graf const struct sw_flow_key *key,
12747c697aaSandy zhou const struct nlattr *actions,
12847c697aaSandy zhou const int actions_len)
129971427f3SAndy Zhou {
130971427f3SAndy Zhou struct action_fifo *fifo;
131971427f3SAndy Zhou struct deferred_action *da;
132971427f3SAndy Zhou
133971427f3SAndy Zhou fifo = this_cpu_ptr(action_fifos);
134971427f3SAndy Zhou da = action_fifo_put(fifo);
135971427f3SAndy Zhou if (da) {
136971427f3SAndy Zhou da->skb = skb;
13747c697aaSandy zhou da->actions = actions;
13847c697aaSandy zhou da->actions_len = actions_len;
139971427f3SAndy Zhou da->pkt_key = *key;
140971427f3SAndy Zhou }
141971427f3SAndy Zhou
142971427f3SAndy Zhou return da;
143971427f3SAndy Zhou }
144971427f3SAndy Zhou
invalidate_flow_key(struct sw_flow_key * key)145fff06c36SPravin B Shelar static void invalidate_flow_key(struct sw_flow_key *key)
146fff06c36SPravin B Shelar {
147329f45bcSJiri Benc key->mac_proto |= SW_FLOW_KEY_INVALID;
148fff06c36SPravin B Shelar }
149fff06c36SPravin B Shelar
is_flow_key_valid(const struct sw_flow_key * key)150fff06c36SPravin B Shelar static bool is_flow_key_valid(const struct sw_flow_key *key)
151fff06c36SPravin B Shelar {
152329f45bcSJiri Benc return !(key->mac_proto & SW_FLOW_KEY_INVALID);
153fff06c36SPravin B Shelar }
154fff06c36SPravin B Shelar
155bef7f756Sandy zhou static int clone_execute(struct datapath *dp, struct sk_buff *skb,
156bef7f756Sandy zhou struct sw_flow_key *key,
157bef7f756Sandy zhou u32 recirc_id,
158bef7f756Sandy zhou const struct nlattr *actions, int len,
159bef7f756Sandy zhou bool last, bool clone_flow_key);
160bef7f756Sandy zhou
1614d5ec89fSNuman Siddique static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
1624d5ec89fSNuman Siddique struct sw_flow_key *key,
1634d5ec89fSNuman Siddique const struct nlattr *attr, int len);
1644d5ec89fSNuman Siddique
push_mpls(struct sk_buff * skb,struct sw_flow_key * key,__be32 mpls_lse,__be16 mpls_ethertype,__u16 mac_len)165fff06c36SPravin B Shelar static int push_mpls(struct sk_buff *skb, struct sw_flow_key *key,
166f66b53fdSMartin Varghese __be32 mpls_lse, __be16 mpls_ethertype, __u16 mac_len)
16725cd9ba0SSimon Horman {
1688822e270SJohn Hurley int err;
16925cd9ba0SSimon Horman
170f66b53fdSMartin Varghese err = skb_mpls_push(skb, mpls_lse, mpls_ethertype, mac_len, !!mac_len);
1718822e270SJohn Hurley if (err)
1728822e270SJohn Hurley return err;
17325cd9ba0SSimon Horman
174f66b53fdSMartin Varghese if (!mac_len)
175f66b53fdSMartin Varghese key->mac_proto = MAC_PROTO_NONE;
176f66b53fdSMartin Varghese
177fff06c36SPravin B Shelar invalidate_flow_key(key);
17825cd9ba0SSimon Horman return 0;
17925cd9ba0SSimon Horman }
18025cd9ba0SSimon Horman
pop_mpls(struct sk_buff * skb,struct sw_flow_key * key,const __be16 ethertype)181fff06c36SPravin B Shelar static int pop_mpls(struct sk_buff *skb, struct sw_flow_key *key,
182fff06c36SPravin B Shelar const __be16 ethertype)
18325cd9ba0SSimon Horman {
18425cd9ba0SSimon Horman int err;
18525cd9ba0SSimon Horman
186040b5cfbSMartin Varghese err = skb_mpls_pop(skb, ethertype, skb->mac_len,
187040b5cfbSMartin Varghese ovs_key_mac_proto(key) == MAC_PROTO_ETHERNET);
188ed246ceeSJohn Hurley if (err)
18925cd9ba0SSimon Horman return err;
19025cd9ba0SSimon Horman
191f66b53fdSMartin Varghese if (ethertype == htons(ETH_P_TEB))
192f66b53fdSMartin Varghese key->mac_proto = MAC_PROTO_ETHERNET;
193f66b53fdSMartin Varghese
194fff06c36SPravin B Shelar invalidate_flow_key(key);
19525cd9ba0SSimon Horman return 0;
19625cd9ba0SSimon Horman }
19725cd9ba0SSimon Horman
set_mpls(struct sk_buff * skb,struct sw_flow_key * flow_key,const __be32 * mpls_lse,const __be32 * mask)19883d2b9baSJarno Rajahalme static int set_mpls(struct sk_buff *skb, struct sw_flow_key *flow_key,
19983d2b9baSJarno Rajahalme const __be32 *mpls_lse, const __be32 *mask)
20025cd9ba0SSimon Horman {
20185de4a21SJiri Benc struct mpls_shim_hdr *stack;
20283d2b9baSJarno Rajahalme __be32 lse;
20325cd9ba0SSimon Horman int err;
20425cd9ba0SSimon Horman
20543c13605SDavide Caratti if (!pskb_may_pull(skb, skb_network_offset(skb) + MPLS_HLEN))
20643c13605SDavide Caratti return -ENOMEM;
20743c13605SDavide Caratti
20885de4a21SJiri Benc stack = mpls_hdr(skb);
20985de4a21SJiri Benc lse = OVS_MASKED(stack->label_stack_entry, *mpls_lse, *mask);
210d27cf5c5SJohn Hurley err = skb_mpls_update_lse(skb, lse);
211d27cf5c5SJohn Hurley if (err)
212d27cf5c5SJohn Hurley return err;
21383d2b9baSJarno Rajahalme
214fbdcdd78SMartin Varghese flow_key->mpls.lse[0] = lse;
21525cd9ba0SSimon Horman return 0;
21625cd9ba0SSimon Horman }
21725cd9ba0SSimon Horman
pop_vlan(struct sk_buff * skb,struct sw_flow_key * key)218fff06c36SPravin B Shelar static int pop_vlan(struct sk_buff *skb, struct sw_flow_key *key)
219ccb1352eSJesse Gross {
220ccb1352eSJesse Gross int err;
221ccb1352eSJesse Gross
22293515d53SJiri Pirko err = skb_vlan_pop(skb);
223018c1ddaSEric Garver if (skb_vlan_tag_present(skb)) {
224fff06c36SPravin B Shelar invalidate_flow_key(key);
225018c1ddaSEric Garver } else {
226018c1ddaSEric Garver key->eth.vlan.tci = 0;
227018c1ddaSEric Garver key->eth.vlan.tpid = 0;
228018c1ddaSEric Garver }
229ccb1352eSJesse Gross return err;
230ccb1352eSJesse Gross }
231ccb1352eSJesse Gross
push_vlan(struct sk_buff * skb,struct sw_flow_key * key,const struct ovs_action_push_vlan * vlan)232fff06c36SPravin B Shelar static int push_vlan(struct sk_buff *skb, struct sw_flow_key *key,
233fff06c36SPravin B Shelar const struct ovs_action_push_vlan *vlan)
234ccb1352eSJesse Gross {
235018c1ddaSEric Garver if (skb_vlan_tag_present(skb)) {
236fff06c36SPravin B Shelar invalidate_flow_key(key);
237018c1ddaSEric Garver } else {
238018c1ddaSEric Garver key->eth.vlan.tci = vlan->vlan_tci;
239018c1ddaSEric Garver key->eth.vlan.tpid = vlan->vlan_tpid;
240018c1ddaSEric Garver }
24193515d53SJiri Pirko return skb_vlan_push(skb, vlan->vlan_tpid,
2429df46aefSMichał Mirosław ntohs(vlan->vlan_tci) & ~VLAN_CFI_MASK);
243ccb1352eSJesse Gross }
244ccb1352eSJesse Gross
24583d2b9baSJarno Rajahalme /* 'src' is already properly masked. */
ether_addr_copy_masked(u8 * dst_,const u8 * src_,const u8 * mask_)24683d2b9baSJarno Rajahalme static void ether_addr_copy_masked(u8 *dst_, const u8 *src_, const u8 *mask_)
24783d2b9baSJarno Rajahalme {
24883d2b9baSJarno Rajahalme u16 *dst = (u16 *)dst_;
24983d2b9baSJarno Rajahalme const u16 *src = (const u16 *)src_;
25083d2b9baSJarno Rajahalme const u16 *mask = (const u16 *)mask_;
25183d2b9baSJarno Rajahalme
252be26b9a8SJoe Stringer OVS_SET_MASKED(dst[0], src[0], mask[0]);
253be26b9a8SJoe Stringer OVS_SET_MASKED(dst[1], src[1], mask[1]);
254be26b9a8SJoe Stringer OVS_SET_MASKED(dst[2], src[2], mask[2]);
25583d2b9baSJarno Rajahalme }
25683d2b9baSJarno Rajahalme
set_eth_addr(struct sk_buff * skb,struct sw_flow_key * flow_key,const struct ovs_key_ethernet * key,const struct ovs_key_ethernet * mask)25783d2b9baSJarno Rajahalme static int set_eth_addr(struct sk_buff *skb, struct sw_flow_key *flow_key,
25883d2b9baSJarno Rajahalme const struct ovs_key_ethernet *key,
25983d2b9baSJarno Rajahalme const struct ovs_key_ethernet *mask)
260ccb1352eSJesse Gross {
261ccb1352eSJesse Gross int err;
26283d2b9baSJarno Rajahalme
263e2195121SJiri Pirko err = skb_ensure_writable(skb, ETH_HLEN);
264ccb1352eSJesse Gross if (unlikely(err))
265ccb1352eSJesse Gross return err;
266ccb1352eSJesse Gross
267b34df5e8SPravin B Shelar skb_postpull_rcsum(skb, eth_hdr(skb), ETH_ALEN * 2);
268b34df5e8SPravin B Shelar
26983d2b9baSJarno Rajahalme ether_addr_copy_masked(eth_hdr(skb)->h_source, key->eth_src,
27083d2b9baSJarno Rajahalme mask->eth_src);
27183d2b9baSJarno Rajahalme ether_addr_copy_masked(eth_hdr(skb)->h_dest, key->eth_dst,
27283d2b9baSJarno Rajahalme mask->eth_dst);
273ccb1352eSJesse Gross
2746b83d28aSDaniel Borkmann skb_postpush_rcsum(skb, eth_hdr(skb), ETH_ALEN * 2);
275b34df5e8SPravin B Shelar
27683d2b9baSJarno Rajahalme ether_addr_copy(flow_key->eth.src, eth_hdr(skb)->h_source);
27783d2b9baSJarno Rajahalme ether_addr_copy(flow_key->eth.dst, eth_hdr(skb)->h_dest);
278ccb1352eSJesse Gross return 0;
279ccb1352eSJesse Gross }
280ccb1352eSJesse Gross
28191820da6SJiri Benc /* pop_eth does not support VLAN packets as this action is never called
28291820da6SJiri Benc * for them.
28391820da6SJiri Benc */
pop_eth(struct sk_buff * skb,struct sw_flow_key * key)28491820da6SJiri Benc static int pop_eth(struct sk_buff *skb, struct sw_flow_key *key)
28591820da6SJiri Benc {
28619fbcb36SGuillaume Nault int err;
28719fbcb36SGuillaume Nault
28819fbcb36SGuillaume Nault err = skb_eth_pop(skb);
28919fbcb36SGuillaume Nault if (err)
29019fbcb36SGuillaume Nault return err;
29191820da6SJiri Benc
29291820da6SJiri Benc /* safe right before invalidate_flow_key */
29391820da6SJiri Benc key->mac_proto = MAC_PROTO_NONE;
29491820da6SJiri Benc invalidate_flow_key(key);
29591820da6SJiri Benc return 0;
29691820da6SJiri Benc }
29791820da6SJiri Benc
push_eth(struct sk_buff * skb,struct sw_flow_key * key,const struct ovs_action_push_eth * ethh)29891820da6SJiri Benc static int push_eth(struct sk_buff *skb, struct sw_flow_key *key,
29991820da6SJiri Benc const struct ovs_action_push_eth *ethh)
30091820da6SJiri Benc {
30119fbcb36SGuillaume Nault int err;
30291820da6SJiri Benc
30319fbcb36SGuillaume Nault err = skb_eth_push(skb, ethh->addresses.eth_dst,
30419fbcb36SGuillaume Nault ethh->addresses.eth_src);
30519fbcb36SGuillaume Nault if (err)
30619fbcb36SGuillaume Nault return err;
30791820da6SJiri Benc
30891820da6SJiri Benc /* safe right before invalidate_flow_key */
30991820da6SJiri Benc key->mac_proto = MAC_PROTO_ETHERNET;
31091820da6SJiri Benc invalidate_flow_key(key);
31191820da6SJiri Benc return 0;
31291820da6SJiri Benc }
31391820da6SJiri Benc
push_nsh(struct sk_buff * skb,struct sw_flow_key * key,const struct nshhdr * nh)314b2d0f5d5SYi Yang static int push_nsh(struct sk_buff *skb, struct sw_flow_key *key,
315b2d0f5d5SYi Yang const struct nshhdr *nh)
316b2d0f5d5SYi Yang {
317b2d0f5d5SYi Yang int err;
318b2d0f5d5SYi Yang
319b2d0f5d5SYi Yang err = nsh_push(skb, nh);
320b2d0f5d5SYi Yang if (err)
321b2d0f5d5SYi Yang return err;
322b2d0f5d5SYi Yang
323b2d0f5d5SYi Yang /* safe right before invalidate_flow_key */
324b2d0f5d5SYi Yang key->mac_proto = MAC_PROTO_NONE;
325b2d0f5d5SYi Yang invalidate_flow_key(key);
326b2d0f5d5SYi Yang return 0;
327b2d0f5d5SYi Yang }
328b2d0f5d5SYi Yang
pop_nsh(struct sk_buff * skb,struct sw_flow_key * key)329b2d0f5d5SYi Yang static int pop_nsh(struct sk_buff *skb, struct sw_flow_key *key)
330b2d0f5d5SYi Yang {
331b2d0f5d5SYi Yang int err;
332b2d0f5d5SYi Yang
333b2d0f5d5SYi Yang err = nsh_pop(skb);
334b2d0f5d5SYi Yang if (err)
335b2d0f5d5SYi Yang return err;
336b2d0f5d5SYi Yang
337b2d0f5d5SYi Yang /* safe right before invalidate_flow_key */
338b2d0f5d5SYi Yang if (skb->protocol == htons(ETH_P_TEB))
339b2d0f5d5SYi Yang key->mac_proto = MAC_PROTO_ETHERNET;
340b2d0f5d5SYi Yang else
341b2d0f5d5SYi Yang key->mac_proto = MAC_PROTO_NONE;
342b2d0f5d5SYi Yang invalidate_flow_key(key);
343b2d0f5d5SYi Yang return 0;
344b2d0f5d5SYi Yang }
345b2d0f5d5SYi Yang
update_ip_l4_checksum(struct sk_buff * skb,struct iphdr * nh,__be32 addr,__be32 new_addr)3463576fd79SGlenn Griffin static void update_ip_l4_checksum(struct sk_buff *skb, struct iphdr *nh,
3473576fd79SGlenn Griffin __be32 addr, __be32 new_addr)
348ccb1352eSJesse Gross {
349ccb1352eSJesse Gross int transport_len = skb->len - skb_transport_offset(skb);
350ccb1352eSJesse Gross
3513576fd79SGlenn Griffin if (nh->frag_off & htons(IP_OFFSET))
3523576fd79SGlenn Griffin return;
3533576fd79SGlenn Griffin
354ccb1352eSJesse Gross if (nh->protocol == IPPROTO_TCP) {
355ccb1352eSJesse Gross if (likely(transport_len >= sizeof(struct tcphdr)))
356ccb1352eSJesse Gross inet_proto_csum_replace4(&tcp_hdr(skb)->check, skb,
3574b048d6dSTom Herbert addr, new_addr, true);
358ccb1352eSJesse Gross } else if (nh->protocol == IPPROTO_UDP) {
35981e5d41dSJesse Gross if (likely(transport_len >= sizeof(struct udphdr))) {
36081e5d41dSJesse Gross struct udphdr *uh = udp_hdr(skb);
36181e5d41dSJesse Gross
36281e5d41dSJesse Gross if (uh->check || skb->ip_summed == CHECKSUM_PARTIAL) {
36381e5d41dSJesse Gross inet_proto_csum_replace4(&uh->check, skb,
3644b048d6dSTom Herbert addr, new_addr, true);
36581e5d41dSJesse Gross if (!uh->check)
36681e5d41dSJesse Gross uh->check = CSUM_MANGLED_0;
36781e5d41dSJesse Gross }
36881e5d41dSJesse Gross }
369ccb1352eSJesse Gross }
3703576fd79SGlenn Griffin }
371ccb1352eSJesse Gross
set_ip_addr(struct sk_buff * skb,struct iphdr * nh,__be32 * addr,__be32 new_addr)3723576fd79SGlenn Griffin static void set_ip_addr(struct sk_buff *skb, struct iphdr *nh,
3733576fd79SGlenn Griffin __be32 *addr, __be32 new_addr)
3743576fd79SGlenn Griffin {
3753576fd79SGlenn Griffin update_ip_l4_checksum(skb, nh, *addr, new_addr);
376ccb1352eSJesse Gross csum_replace4(&nh->check, *addr, new_addr);
3777539fadcSTom Herbert skb_clear_hash(skb);
3782061ecfdSIlya Maximets ovs_ct_clear(skb, NULL);
379ccb1352eSJesse Gross *addr = new_addr;
380ccb1352eSJesse Gross }
381ccb1352eSJesse Gross
update_ipv6_checksum(struct sk_buff * skb,u8 l4_proto,__be32 addr[4],const __be32 new_addr[4])3823fdbd1ceSAnsis Atteka static void update_ipv6_checksum(struct sk_buff *skb, u8 l4_proto,
3833fdbd1ceSAnsis Atteka __be32 addr[4], const __be32 new_addr[4])
3843fdbd1ceSAnsis Atteka {
3853fdbd1ceSAnsis Atteka int transport_len = skb->len - skb_transport_offset(skb);
3863fdbd1ceSAnsis Atteka
387856447d0SJesse Gross if (l4_proto == NEXTHDR_TCP) {
3883fdbd1ceSAnsis Atteka if (likely(transport_len >= sizeof(struct tcphdr)))
3893fdbd1ceSAnsis Atteka inet_proto_csum_replace16(&tcp_hdr(skb)->check, skb,
3904b048d6dSTom Herbert addr, new_addr, true);
391856447d0SJesse Gross } else if (l4_proto == NEXTHDR_UDP) {
3923fdbd1ceSAnsis Atteka if (likely(transport_len >= sizeof(struct udphdr))) {
3933fdbd1ceSAnsis Atteka struct udphdr *uh = udp_hdr(skb);
3943fdbd1ceSAnsis Atteka
3953fdbd1ceSAnsis Atteka if (uh->check || skb->ip_summed == CHECKSUM_PARTIAL) {
3963fdbd1ceSAnsis Atteka inet_proto_csum_replace16(&uh->check, skb,
3974b048d6dSTom Herbert addr, new_addr, true);
3983fdbd1ceSAnsis Atteka if (!uh->check)
3993fdbd1ceSAnsis Atteka uh->check = CSUM_MANGLED_0;
4003fdbd1ceSAnsis Atteka }
4013fdbd1ceSAnsis Atteka }
402856447d0SJesse Gross } else if (l4_proto == NEXTHDR_ICMP) {
403856447d0SJesse Gross if (likely(transport_len >= sizeof(struct icmp6hdr)))
404856447d0SJesse Gross inet_proto_csum_replace16(&icmp6_hdr(skb)->icmp6_cksum,
4054b048d6dSTom Herbert skb, addr, new_addr, true);
4063fdbd1ceSAnsis Atteka }
4073fdbd1ceSAnsis Atteka }
4083fdbd1ceSAnsis Atteka
mask_ipv6_addr(const __be32 old[4],const __be32 addr[4],const __be32 mask[4],__be32 masked[4])40983d2b9baSJarno Rajahalme static void mask_ipv6_addr(const __be32 old[4], const __be32 addr[4],
41083d2b9baSJarno Rajahalme const __be32 mask[4], __be32 masked[4])
41183d2b9baSJarno Rajahalme {
412be26b9a8SJoe Stringer masked[0] = OVS_MASKED(old[0], addr[0], mask[0]);
413be26b9a8SJoe Stringer masked[1] = OVS_MASKED(old[1], addr[1], mask[1]);
414be26b9a8SJoe Stringer masked[2] = OVS_MASKED(old[2], addr[2], mask[2]);
415be26b9a8SJoe Stringer masked[3] = OVS_MASKED(old[3], addr[3], mask[3]);
41683d2b9baSJarno Rajahalme }
41783d2b9baSJarno Rajahalme
set_ipv6_addr(struct sk_buff * skb,u8 l4_proto,__be32 addr[4],const __be32 new_addr[4],bool recalculate_csum)4183fdbd1ceSAnsis Atteka static void set_ipv6_addr(struct sk_buff *skb, u8 l4_proto,
4193fdbd1ceSAnsis Atteka __be32 addr[4], const __be32 new_addr[4],
4203fdbd1ceSAnsis Atteka bool recalculate_csum)
4213fdbd1ceSAnsis Atteka {
4223fdbd1ceSAnsis Atteka if (recalculate_csum)
4233fdbd1ceSAnsis Atteka update_ipv6_checksum(skb, l4_proto, addr, new_addr);
4243fdbd1ceSAnsis Atteka
4257539fadcSTom Herbert skb_clear_hash(skb);
4262061ecfdSIlya Maximets ovs_ct_clear(skb, NULL);
4273fdbd1ceSAnsis Atteka memcpy(addr, new_addr, sizeof(__be32[4]));
4283fdbd1ceSAnsis Atteka }
4293fdbd1ceSAnsis Atteka
set_ipv6_dsfield(struct sk_buff * skb,struct ipv6hdr * nh,u8 ipv6_tclass,u8 mask)430d9b5ae5cSPaul Blakey static void set_ipv6_dsfield(struct sk_buff *skb, struct ipv6hdr *nh, u8 ipv6_tclass, u8 mask)
4313fdbd1ceSAnsis Atteka {
432d9b5ae5cSPaul Blakey u8 old_ipv6_tclass = ipv6_get_dsfield(nh);
433d9b5ae5cSPaul Blakey
434d9b5ae5cSPaul Blakey ipv6_tclass = OVS_MASKED(old_ipv6_tclass, ipv6_tclass, mask);
435d9b5ae5cSPaul Blakey
436d9b5ae5cSPaul Blakey if (skb->ip_summed == CHECKSUM_COMPLETE)
437d9b5ae5cSPaul Blakey csum_replace(&skb->csum, (__force __wsum)(old_ipv6_tclass << 12),
438d9b5ae5cSPaul Blakey (__force __wsum)(ipv6_tclass << 12));
439d9b5ae5cSPaul Blakey
440d9b5ae5cSPaul Blakey ipv6_change_dsfield(nh, ~mask, ipv6_tclass);
441d9b5ae5cSPaul Blakey }
442d9b5ae5cSPaul Blakey
set_ipv6_fl(struct sk_buff * skb,struct ipv6hdr * nh,u32 fl,u32 mask)443d9b5ae5cSPaul Blakey static void set_ipv6_fl(struct sk_buff *skb, struct ipv6hdr *nh, u32 fl, u32 mask)
444d9b5ae5cSPaul Blakey {
445d9b5ae5cSPaul Blakey u32 ofl;
446d9b5ae5cSPaul Blakey
447d9b5ae5cSPaul Blakey ofl = nh->flow_lbl[0] << 16 | nh->flow_lbl[1] << 8 | nh->flow_lbl[2];
448d9b5ae5cSPaul Blakey fl = OVS_MASKED(ofl, fl, mask);
449d9b5ae5cSPaul Blakey
45083d2b9baSJarno Rajahalme /* Bits 21-24 are always unmasked, so this retains their values. */
451d9b5ae5cSPaul Blakey nh->flow_lbl[0] = (u8)(fl >> 16);
452d9b5ae5cSPaul Blakey nh->flow_lbl[1] = (u8)(fl >> 8);
453d9b5ae5cSPaul Blakey nh->flow_lbl[2] = (u8)fl;
454d9b5ae5cSPaul Blakey
455d9b5ae5cSPaul Blakey if (skb->ip_summed == CHECKSUM_COMPLETE)
456d9b5ae5cSPaul Blakey csum_replace(&skb->csum, (__force __wsum)htonl(ofl), (__force __wsum)htonl(fl));
457d9b5ae5cSPaul Blakey }
458d9b5ae5cSPaul Blakey
set_ipv6_ttl(struct sk_buff * skb,struct ipv6hdr * nh,u8 new_ttl,u8 mask)459d9b5ae5cSPaul Blakey static void set_ipv6_ttl(struct sk_buff *skb, struct ipv6hdr *nh, u8 new_ttl, u8 mask)
460d9b5ae5cSPaul Blakey {
461d9b5ae5cSPaul Blakey new_ttl = OVS_MASKED(nh->hop_limit, new_ttl, mask);
462d9b5ae5cSPaul Blakey
463d9b5ae5cSPaul Blakey if (skb->ip_summed == CHECKSUM_COMPLETE)
464d9b5ae5cSPaul Blakey csum_replace(&skb->csum, (__force __wsum)(nh->hop_limit << 8),
465d9b5ae5cSPaul Blakey (__force __wsum)(new_ttl << 8));
466d9b5ae5cSPaul Blakey nh->hop_limit = new_ttl;
4673fdbd1ceSAnsis Atteka }
4683fdbd1ceSAnsis Atteka
set_ip_ttl(struct sk_buff * skb,struct iphdr * nh,u8 new_ttl,u8 mask)46983d2b9baSJarno Rajahalme static void set_ip_ttl(struct sk_buff *skb, struct iphdr *nh, u8 new_ttl,
47083d2b9baSJarno Rajahalme u8 mask)
4713fdbd1ceSAnsis Atteka {
472be26b9a8SJoe Stringer new_ttl = OVS_MASKED(nh->ttl, new_ttl, mask);
4733fdbd1ceSAnsis Atteka
474ccb1352eSJesse Gross csum_replace2(&nh->check, htons(nh->ttl << 8), htons(new_ttl << 8));
475ccb1352eSJesse Gross nh->ttl = new_ttl;
476ccb1352eSJesse Gross }
477ccb1352eSJesse Gross
set_ipv4(struct sk_buff * skb,struct sw_flow_key * flow_key,const struct ovs_key_ipv4 * key,const struct ovs_key_ipv4 * mask)47883d2b9baSJarno Rajahalme static int set_ipv4(struct sk_buff *skb, struct sw_flow_key *flow_key,
47983d2b9baSJarno Rajahalme const struct ovs_key_ipv4 *key,
48083d2b9baSJarno Rajahalme const struct ovs_key_ipv4 *mask)
481ccb1352eSJesse Gross {
482ccb1352eSJesse Gross struct iphdr *nh;
48383d2b9baSJarno Rajahalme __be32 new_addr;
484ccb1352eSJesse Gross int err;
485ccb1352eSJesse Gross
486e2195121SJiri Pirko err = skb_ensure_writable(skb, skb_network_offset(skb) +
487ccb1352eSJesse Gross sizeof(struct iphdr));
488ccb1352eSJesse Gross if (unlikely(err))
489ccb1352eSJesse Gross return err;
490ccb1352eSJesse Gross
491ccb1352eSJesse Gross nh = ip_hdr(skb);
492ccb1352eSJesse Gross
49383d2b9baSJarno Rajahalme /* Setting an IP addresses is typically only a side effect of
49483d2b9baSJarno Rajahalme * matching on them in the current userspace implementation, so it
49583d2b9baSJarno Rajahalme * makes sense to check if the value actually changed.
49683d2b9baSJarno Rajahalme */
49783d2b9baSJarno Rajahalme if (mask->ipv4_src) {
498be26b9a8SJoe Stringer new_addr = OVS_MASKED(nh->saddr, key->ipv4_src, mask->ipv4_src);
499ccb1352eSJesse Gross
50083d2b9baSJarno Rajahalme if (unlikely(new_addr != nh->saddr)) {
50183d2b9baSJarno Rajahalme set_ip_addr(skb, nh, &nh->saddr, new_addr);
50283d2b9baSJarno Rajahalme flow_key->ipv4.addr.src = new_addr;
503fff06c36SPravin B Shelar }
504fff06c36SPravin B Shelar }
50583d2b9baSJarno Rajahalme if (mask->ipv4_dst) {
506be26b9a8SJoe Stringer new_addr = OVS_MASKED(nh->daddr, key->ipv4_dst, mask->ipv4_dst);
507ccb1352eSJesse Gross
50883d2b9baSJarno Rajahalme if (unlikely(new_addr != nh->daddr)) {
50983d2b9baSJarno Rajahalme set_ip_addr(skb, nh, &nh->daddr, new_addr);
51083d2b9baSJarno Rajahalme flow_key->ipv4.addr.dst = new_addr;
51183d2b9baSJarno Rajahalme }
51283d2b9baSJarno Rajahalme }
51383d2b9baSJarno Rajahalme if (mask->ipv4_tos) {
51483d2b9baSJarno Rajahalme ipv4_change_dsfield(nh, ~mask->ipv4_tos, key->ipv4_tos);
51583d2b9baSJarno Rajahalme flow_key->ip.tos = nh->tos;
51683d2b9baSJarno Rajahalme }
51783d2b9baSJarno Rajahalme if (mask->ipv4_ttl) {
51883d2b9baSJarno Rajahalme set_ip_ttl(skb, nh, key->ipv4_ttl, mask->ipv4_ttl);
51983d2b9baSJarno Rajahalme flow_key->ip.ttl = nh->ttl;
520fff06c36SPravin B Shelar }
521ccb1352eSJesse Gross
522ccb1352eSJesse Gross return 0;
523ccb1352eSJesse Gross }
524ccb1352eSJesse Gross
is_ipv6_mask_nonzero(const __be32 addr[4])52583d2b9baSJarno Rajahalme static bool is_ipv6_mask_nonzero(const __be32 addr[4])
52683d2b9baSJarno Rajahalme {
52783d2b9baSJarno Rajahalme return !!(addr[0] | addr[1] | addr[2] | addr[3]);
52883d2b9baSJarno Rajahalme }
52983d2b9baSJarno Rajahalme
set_ipv6(struct sk_buff * skb,struct sw_flow_key * flow_key,const struct ovs_key_ipv6 * key,const struct ovs_key_ipv6 * mask)53083d2b9baSJarno Rajahalme static int set_ipv6(struct sk_buff *skb, struct sw_flow_key *flow_key,
53183d2b9baSJarno Rajahalme const struct ovs_key_ipv6 *key,
53283d2b9baSJarno Rajahalme const struct ovs_key_ipv6 *mask)
5333fdbd1ceSAnsis Atteka {
5343fdbd1ceSAnsis Atteka struct ipv6hdr *nh;
5353fdbd1ceSAnsis Atteka int err;
5363fdbd1ceSAnsis Atteka
537e2195121SJiri Pirko err = skb_ensure_writable(skb, skb_network_offset(skb) +
5383fdbd1ceSAnsis Atteka sizeof(struct ipv6hdr));
5393fdbd1ceSAnsis Atteka if (unlikely(err))
5403fdbd1ceSAnsis Atteka return err;
5413fdbd1ceSAnsis Atteka
5423fdbd1ceSAnsis Atteka nh = ipv6_hdr(skb);
5433fdbd1ceSAnsis Atteka
54483d2b9baSJarno Rajahalme /* Setting an IP addresses is typically only a side effect of
54583d2b9baSJarno Rajahalme * matching on them in the current userspace implementation, so it
54683d2b9baSJarno Rajahalme * makes sense to check if the value actually changed.
54783d2b9baSJarno Rajahalme */
54883d2b9baSJarno Rajahalme if (is_ipv6_mask_nonzero(mask->ipv6_src)) {
54983d2b9baSJarno Rajahalme __be32 *saddr = (__be32 *)&nh->saddr;
55083d2b9baSJarno Rajahalme __be32 masked[4];
55183d2b9baSJarno Rajahalme
55283d2b9baSJarno Rajahalme mask_ipv6_addr(saddr, key->ipv6_src, mask->ipv6_src, masked);
55383d2b9baSJarno Rajahalme
55483d2b9baSJarno Rajahalme if (unlikely(memcmp(saddr, masked, sizeof(masked)))) {
555b4f70527SSimon Horman set_ipv6_addr(skb, flow_key->ip.proto, saddr, masked,
55683d2b9baSJarno Rajahalme true);
55783d2b9baSJarno Rajahalme memcpy(&flow_key->ipv6.addr.src, masked,
55883d2b9baSJarno Rajahalme sizeof(flow_key->ipv6.addr.src));
559fff06c36SPravin B Shelar }
56083d2b9baSJarno Rajahalme }
56183d2b9baSJarno Rajahalme if (is_ipv6_mask_nonzero(mask->ipv6_dst)) {
5623fdbd1ceSAnsis Atteka unsigned int offset = 0;
5633fdbd1ceSAnsis Atteka int flags = IP6_FH_F_SKIP_RH;
5643fdbd1ceSAnsis Atteka bool recalc_csum = true;
56583d2b9baSJarno Rajahalme __be32 *daddr = (__be32 *)&nh->daddr;
56683d2b9baSJarno Rajahalme __be32 masked[4];
5673fdbd1ceSAnsis Atteka
56883d2b9baSJarno Rajahalme mask_ipv6_addr(daddr, key->ipv6_dst, mask->ipv6_dst, masked);
56983d2b9baSJarno Rajahalme
57083d2b9baSJarno Rajahalme if (unlikely(memcmp(daddr, masked, sizeof(masked)))) {
5713fdbd1ceSAnsis Atteka if (ipv6_ext_hdr(nh->nexthdr))
57283d2b9baSJarno Rajahalme recalc_csum = (ipv6_find_hdr(skb, &offset,
57383d2b9baSJarno Rajahalme NEXTHDR_ROUTING,
57483d2b9baSJarno Rajahalme NULL, &flags)
57583d2b9baSJarno Rajahalme != NEXTHDR_ROUTING);
5763fdbd1ceSAnsis Atteka
577b4f70527SSimon Horman set_ipv6_addr(skb, flow_key->ip.proto, daddr, masked,
57883d2b9baSJarno Rajahalme recalc_csum);
57983d2b9baSJarno Rajahalme memcpy(&flow_key->ipv6.addr.dst, masked,
58083d2b9baSJarno Rajahalme sizeof(flow_key->ipv6.addr.dst));
5813fdbd1ceSAnsis Atteka }
58283d2b9baSJarno Rajahalme }
58383d2b9baSJarno Rajahalme if (mask->ipv6_tclass) {
584d9b5ae5cSPaul Blakey set_ipv6_dsfield(skb, nh, key->ipv6_tclass, mask->ipv6_tclass);
58583d2b9baSJarno Rajahalme flow_key->ip.tos = ipv6_get_dsfield(nh);
58683d2b9baSJarno Rajahalme }
58783d2b9baSJarno Rajahalme if (mask->ipv6_label) {
588d9b5ae5cSPaul Blakey set_ipv6_fl(skb, nh, ntohl(key->ipv6_label),
58983d2b9baSJarno Rajahalme ntohl(mask->ipv6_label));
59083d2b9baSJarno Rajahalme flow_key->ipv6.label =
59183d2b9baSJarno Rajahalme *(__be32 *)nh & htonl(IPV6_FLOWINFO_FLOWLABEL);
59283d2b9baSJarno Rajahalme }
59383d2b9baSJarno Rajahalme if (mask->ipv6_hlimit) {
594d9b5ae5cSPaul Blakey set_ipv6_ttl(skb, nh, key->ipv6_hlimit, mask->ipv6_hlimit);
59583d2b9baSJarno Rajahalme flow_key->ip.ttl = nh->hop_limit;
59683d2b9baSJarno Rajahalme }
5973fdbd1ceSAnsis Atteka return 0;
5983fdbd1ceSAnsis Atteka }
5993fdbd1ceSAnsis Atteka
set_nsh(struct sk_buff * skb,struct sw_flow_key * flow_key,const struct nlattr * a)600b2d0f5d5SYi Yang static int set_nsh(struct sk_buff *skb, struct sw_flow_key *flow_key,
601b2d0f5d5SYi Yang const struct nlattr *a)
602b2d0f5d5SYi Yang {
603b2d0f5d5SYi Yang struct nshhdr *nh;
604b2d0f5d5SYi Yang size_t length;
605b2d0f5d5SYi Yang int err;
606b2d0f5d5SYi Yang u8 flags;
607b2d0f5d5SYi Yang u8 ttl;
608b2d0f5d5SYi Yang int i;
609b2d0f5d5SYi Yang
610b2d0f5d5SYi Yang struct ovs_key_nsh key;
611b2d0f5d5SYi Yang struct ovs_key_nsh mask;
612b2d0f5d5SYi Yang
613b2d0f5d5SYi Yang err = nsh_key_from_nlattr(a, &key, &mask);
614b2d0f5d5SYi Yang if (err)
615b2d0f5d5SYi Yang return err;
616b2d0f5d5SYi Yang
617b2d0f5d5SYi Yang /* Make sure the NSH base header is there */
618b2d0f5d5SYi Yang if (!pskb_may_pull(skb, skb_network_offset(skb) + NSH_BASE_HDR_LEN))
619b2d0f5d5SYi Yang return -ENOMEM;
620b2d0f5d5SYi Yang
621b2d0f5d5SYi Yang nh = nsh_hdr(skb);
622b2d0f5d5SYi Yang length = nsh_hdr_len(nh);
623b2d0f5d5SYi Yang
624b2d0f5d5SYi Yang /* Make sure the whole NSH header is there */
625b2d0f5d5SYi Yang err = skb_ensure_writable(skb, skb_network_offset(skb) +
626b2d0f5d5SYi Yang length);
627b2d0f5d5SYi Yang if (unlikely(err))
628b2d0f5d5SYi Yang return err;
629b2d0f5d5SYi Yang
630b2d0f5d5SYi Yang nh = nsh_hdr(skb);
631b2d0f5d5SYi Yang skb_postpull_rcsum(skb, nh, length);
632b2d0f5d5SYi Yang flags = nsh_get_flags(nh);
633b2d0f5d5SYi Yang flags = OVS_MASKED(flags, key.base.flags, mask.base.flags);
634b2d0f5d5SYi Yang flow_key->nsh.base.flags = flags;
635b2d0f5d5SYi Yang ttl = nsh_get_ttl(nh);
636b2d0f5d5SYi Yang ttl = OVS_MASKED(ttl, key.base.ttl, mask.base.ttl);
637b2d0f5d5SYi Yang flow_key->nsh.base.ttl = ttl;
638b2d0f5d5SYi Yang nsh_set_flags_and_ttl(nh, flags, ttl);
639b2d0f5d5SYi Yang nh->path_hdr = OVS_MASKED(nh->path_hdr, key.base.path_hdr,
640b2d0f5d5SYi Yang mask.base.path_hdr);
641b2d0f5d5SYi Yang flow_key->nsh.base.path_hdr = nh->path_hdr;
642b2d0f5d5SYi Yang switch (nh->mdtype) {
643b2d0f5d5SYi Yang case NSH_M_TYPE1:
644b2d0f5d5SYi Yang for (i = 0; i < NSH_MD1_CONTEXT_SIZE; i++) {
645b2d0f5d5SYi Yang nh->md1.context[i] =
646b2d0f5d5SYi Yang OVS_MASKED(nh->md1.context[i], key.context[i],
647b2d0f5d5SYi Yang mask.context[i]);
648b2d0f5d5SYi Yang }
649b2d0f5d5SYi Yang memcpy(flow_key->nsh.context, nh->md1.context,
650b2d0f5d5SYi Yang sizeof(nh->md1.context));
651b2d0f5d5SYi Yang break;
652b2d0f5d5SYi Yang case NSH_M_TYPE2:
653b2d0f5d5SYi Yang memset(flow_key->nsh.context, 0,
654b2d0f5d5SYi Yang sizeof(flow_key->nsh.context));
655b2d0f5d5SYi Yang break;
656b2d0f5d5SYi Yang default:
657b2d0f5d5SYi Yang return -EINVAL;
658b2d0f5d5SYi Yang }
659b2d0f5d5SYi Yang skb_postpush_rcsum(skb, nh, length);
660b2d0f5d5SYi Yang return 0;
661b2d0f5d5SYi Yang }
662b2d0f5d5SYi Yang
663e2195121SJiri Pirko /* Must follow skb_ensure_writable() since that can move the skb data. */
set_tp_port(struct sk_buff * skb,__be16 * port,__be16 new_port,__sum16 * check)664ccb1352eSJesse Gross static void set_tp_port(struct sk_buff *skb, __be16 *port,
665ccb1352eSJesse Gross __be16 new_port, __sum16 *check)
666ccb1352eSJesse Gross {
6672061ecfdSIlya Maximets ovs_ct_clear(skb, NULL);
6684b048d6dSTom Herbert inet_proto_csum_replace2(check, skb, *port, new_port, false);
669ccb1352eSJesse Gross *port = new_port;
670ccb1352eSJesse Gross }
671ccb1352eSJesse Gross
set_udp(struct sk_buff * skb,struct sw_flow_key * flow_key,const struct ovs_key_udp * key,const struct ovs_key_udp * mask)67283d2b9baSJarno Rajahalme static int set_udp(struct sk_buff *skb, struct sw_flow_key *flow_key,
67383d2b9baSJarno Rajahalme const struct ovs_key_udp *key,
67483d2b9baSJarno Rajahalme const struct ovs_key_udp *mask)
675ccb1352eSJesse Gross {
676ccb1352eSJesse Gross struct udphdr *uh;
67783d2b9baSJarno Rajahalme __be16 src, dst;
678ccb1352eSJesse Gross int err;
679ccb1352eSJesse Gross
680e2195121SJiri Pirko err = skb_ensure_writable(skb, skb_transport_offset(skb) +
681ccb1352eSJesse Gross sizeof(struct udphdr));
682ccb1352eSJesse Gross if (unlikely(err))
683ccb1352eSJesse Gross return err;
684ccb1352eSJesse Gross
685ccb1352eSJesse Gross uh = udp_hdr(skb);
68683d2b9baSJarno Rajahalme /* Either of the masks is non-zero, so do not bother checking them. */
687be26b9a8SJoe Stringer src = OVS_MASKED(uh->source, key->udp_src, mask->udp_src);
688be26b9a8SJoe Stringer dst = OVS_MASKED(uh->dest, key->udp_dst, mask->udp_dst);
68983d2b9baSJarno Rajahalme
69083d2b9baSJarno Rajahalme if (uh->check && skb->ip_summed != CHECKSUM_PARTIAL) {
69183d2b9baSJarno Rajahalme if (likely(src != uh->source)) {
69283d2b9baSJarno Rajahalme set_tp_port(skb, &uh->source, src, &uh->check);
69383d2b9baSJarno Rajahalme flow_key->tp.src = src;
69483d2b9baSJarno Rajahalme }
69583d2b9baSJarno Rajahalme if (likely(dst != uh->dest)) {
69683d2b9baSJarno Rajahalme set_tp_port(skb, &uh->dest, dst, &uh->check);
69783d2b9baSJarno Rajahalme flow_key->tp.dst = dst;
698fff06c36SPravin B Shelar }
699ccb1352eSJesse Gross
70083d2b9baSJarno Rajahalme if (unlikely(!uh->check))
70183d2b9baSJarno Rajahalme uh->check = CSUM_MANGLED_0;
70283d2b9baSJarno Rajahalme } else {
70383d2b9baSJarno Rajahalme uh->source = src;
70483d2b9baSJarno Rajahalme uh->dest = dst;
70583d2b9baSJarno Rajahalme flow_key->tp.src = src;
70683d2b9baSJarno Rajahalme flow_key->tp.dst = dst;
7072061ecfdSIlya Maximets ovs_ct_clear(skb, NULL);
708fff06c36SPravin B Shelar }
709ccb1352eSJesse Gross
71083d2b9baSJarno Rajahalme skb_clear_hash(skb);
71183d2b9baSJarno Rajahalme
712ccb1352eSJesse Gross return 0;
713ccb1352eSJesse Gross }
714ccb1352eSJesse Gross
set_tcp(struct sk_buff * skb,struct sw_flow_key * flow_key,const struct ovs_key_tcp * key,const struct ovs_key_tcp * mask)71583d2b9baSJarno Rajahalme static int set_tcp(struct sk_buff *skb, struct sw_flow_key *flow_key,
71683d2b9baSJarno Rajahalme const struct ovs_key_tcp *key,
71783d2b9baSJarno Rajahalme const struct ovs_key_tcp *mask)
718ccb1352eSJesse Gross {
719ccb1352eSJesse Gross struct tcphdr *th;
72083d2b9baSJarno Rajahalme __be16 src, dst;
721ccb1352eSJesse Gross int err;
722ccb1352eSJesse Gross
723e2195121SJiri Pirko err = skb_ensure_writable(skb, skb_transport_offset(skb) +
724ccb1352eSJesse Gross sizeof(struct tcphdr));
725ccb1352eSJesse Gross if (unlikely(err))
726ccb1352eSJesse Gross return err;
727ccb1352eSJesse Gross
728ccb1352eSJesse Gross th = tcp_hdr(skb);
729be26b9a8SJoe Stringer src = OVS_MASKED(th->source, key->tcp_src, mask->tcp_src);
73083d2b9baSJarno Rajahalme if (likely(src != th->source)) {
73183d2b9baSJarno Rajahalme set_tp_port(skb, &th->source, src, &th->check);
73283d2b9baSJarno Rajahalme flow_key->tp.src = src;
733fff06c36SPravin B Shelar }
734be26b9a8SJoe Stringer dst = OVS_MASKED(th->dest, key->tcp_dst, mask->tcp_dst);
73583d2b9baSJarno Rajahalme if (likely(dst != th->dest)) {
73683d2b9baSJarno Rajahalme set_tp_port(skb, &th->dest, dst, &th->check);
73783d2b9baSJarno Rajahalme flow_key->tp.dst = dst;
738fff06c36SPravin B Shelar }
73983d2b9baSJarno Rajahalme skb_clear_hash(skb);
740ccb1352eSJesse Gross
741ccb1352eSJesse Gross return 0;
742ccb1352eSJesse Gross }
743ccb1352eSJesse Gross
set_sctp(struct sk_buff * skb,struct sw_flow_key * flow_key,const struct ovs_key_sctp * key,const struct ovs_key_sctp * mask)74483d2b9baSJarno Rajahalme static int set_sctp(struct sk_buff *skb, struct sw_flow_key *flow_key,
74583d2b9baSJarno Rajahalme const struct ovs_key_sctp *key,
74683d2b9baSJarno Rajahalme const struct ovs_key_sctp *mask)
747a175a723SJoe Stringer {
748a175a723SJoe Stringer unsigned int sctphoff = skb_transport_offset(skb);
74983d2b9baSJarno Rajahalme struct sctphdr *sh;
75083d2b9baSJarno Rajahalme __le32 old_correct_csum, new_csum, old_csum;
75183d2b9baSJarno Rajahalme int err;
752a175a723SJoe Stringer
753e2195121SJiri Pirko err = skb_ensure_writable(skb, sctphoff + sizeof(struct sctphdr));
754a175a723SJoe Stringer if (unlikely(err))
755a175a723SJoe Stringer return err;
756a175a723SJoe Stringer
757a175a723SJoe Stringer sh = sctp_hdr(skb);
758a175a723SJoe Stringer old_csum = sh->checksum;
759a175a723SJoe Stringer old_correct_csum = sctp_compute_cksum(skb, sctphoff);
760a175a723SJoe Stringer
761be26b9a8SJoe Stringer sh->source = OVS_MASKED(sh->source, key->sctp_src, mask->sctp_src);
762be26b9a8SJoe Stringer sh->dest = OVS_MASKED(sh->dest, key->sctp_dst, mask->sctp_dst);
763a175a723SJoe Stringer
764a175a723SJoe Stringer new_csum = sctp_compute_cksum(skb, sctphoff);
765a175a723SJoe Stringer
766a175a723SJoe Stringer /* Carry any checksum errors through. */
767a175a723SJoe Stringer sh->checksum = old_csum ^ old_correct_csum ^ new_csum;
768a175a723SJoe Stringer
7697539fadcSTom Herbert skb_clear_hash(skb);
7702061ecfdSIlya Maximets ovs_ct_clear(skb, NULL);
7712061ecfdSIlya Maximets
77283d2b9baSJarno Rajahalme flow_key->tp.src = sh->source;
77383d2b9baSJarno Rajahalme flow_key->tp.dst = sh->dest;
774a175a723SJoe Stringer
775a175a723SJoe Stringer return 0;
776a175a723SJoe Stringer }
777a175a723SJoe Stringer
ovs_vport_output(struct net * net,struct sock * sk,struct sk_buff * skb)778cf3266adSTonghao Zhang static int ovs_vport_output(struct net *net, struct sock *sk,
779cf3266adSTonghao Zhang struct sk_buff *skb)
7807f8a436eSJoe Stringer {
7817f8a436eSJoe Stringer struct ovs_frag_data *data = this_cpu_ptr(&ovs_frag_data_storage);
7827f8a436eSJoe Stringer struct vport *vport = data->vport;
7837f8a436eSJoe Stringer
7847f8a436eSJoe Stringer if (skb_cow_head(skb, data->l2_len) < 0) {
78543d95b30SAdrian Moreno kfree_skb_reason(skb, SKB_DROP_REASON_NOMEM);
7867f8a436eSJoe Stringer return -ENOMEM;
7877f8a436eSJoe Stringer }
7887f8a436eSJoe Stringer
7897f8a436eSJoe Stringer __skb_dst_copy(skb, data->dst);
7907f8a436eSJoe Stringer *OVS_CB(skb) = data->cb;
7917f8a436eSJoe Stringer skb->inner_protocol = data->inner_protocol;
7929df46aefSMichał Mirosław if (data->vlan_tci & VLAN_CFI_MASK)
7939df46aefSMichał Mirosław __vlan_hwaccel_put_tag(skb, data->vlan_proto, data->vlan_tci & ~VLAN_CFI_MASK);
7949df46aefSMichał Mirosław else
7959df46aefSMichał Mirosław __vlan_hwaccel_clear_tag(skb);
7967f8a436eSJoe Stringer
7977f8a436eSJoe Stringer /* Reconstruct the MAC header. */
7987f8a436eSJoe Stringer skb_push(skb, data->l2_len);
7997f8a436eSJoe Stringer memcpy(skb->data, &data->l2_data, data->l2_len);
8006b83d28aSDaniel Borkmann skb_postpush_rcsum(skb, skb->data, data->l2_len);
8017f8a436eSJoe Stringer skb_reset_mac_header(skb);
8027f8a436eSJoe Stringer
803c66549ffSJiri Benc if (eth_p_mpls(skb->protocol)) {
804c66549ffSJiri Benc skb->inner_network_header = skb->network_header;
805c66549ffSJiri Benc skb_set_network_header(skb, data->network_offset);
806c66549ffSJiri Benc skb_reset_mac_len(skb);
807c66549ffSJiri Benc }
808c66549ffSJiri Benc
809e2d9d835SJiri Benc ovs_vport_send(vport, skb, data->mac_proto);
8107f8a436eSJoe Stringer return 0;
8117f8a436eSJoe Stringer }
8127f8a436eSJoe Stringer
8137f8a436eSJoe Stringer static unsigned int
ovs_dst_get_mtu(const struct dst_entry * dst)8147f8a436eSJoe Stringer ovs_dst_get_mtu(const struct dst_entry *dst)
8157f8a436eSJoe Stringer {
8167f8a436eSJoe Stringer return dst->dev->mtu;
8177f8a436eSJoe Stringer }
8187f8a436eSJoe Stringer
8197f8a436eSJoe Stringer static struct dst_ops ovs_dst_ops = {
8207f8a436eSJoe Stringer .family = AF_UNSPEC,
8217f8a436eSJoe Stringer .mtu = ovs_dst_get_mtu,
8227f8a436eSJoe Stringer };
8237f8a436eSJoe Stringer
8247f8a436eSJoe Stringer /* prepare_frag() is called once per (larger-than-MTU) frame; its inverse is
8257f8a436eSJoe Stringer * ovs_vport_output(), which is called once per fragmented packet.
8267f8a436eSJoe Stringer */
prepare_frag(struct vport * vport,struct sk_buff * skb,u16 orig_network_offset,u8 mac_proto)827c66549ffSJiri Benc static void prepare_frag(struct vport *vport, struct sk_buff *skb,
828e2d9d835SJiri Benc u16 orig_network_offset, u8 mac_proto)
8297f8a436eSJoe Stringer {
8307f8a436eSJoe Stringer unsigned int hlen = skb_network_offset(skb);
8317f8a436eSJoe Stringer struct ovs_frag_data *data;
8327f8a436eSJoe Stringer
8337f8a436eSJoe Stringer data = this_cpu_ptr(&ovs_frag_data_storage);
8347f8a436eSJoe Stringer data->dst = skb->_skb_refdst;
8357f8a436eSJoe Stringer data->vport = vport;
8367f8a436eSJoe Stringer data->cb = *OVS_CB(skb);
8377f8a436eSJoe Stringer data->inner_protocol = skb->inner_protocol;
838c66549ffSJiri Benc data->network_offset = orig_network_offset;
8399df46aefSMichał Mirosław if (skb_vlan_tag_present(skb))
8409df46aefSMichał Mirosław data->vlan_tci = skb_vlan_tag_get(skb) | VLAN_CFI_MASK;
8419df46aefSMichał Mirosław else
8429df46aefSMichał Mirosław data->vlan_tci = 0;
8437f8a436eSJoe Stringer data->vlan_proto = skb->vlan_proto;
844e2d9d835SJiri Benc data->mac_proto = mac_proto;
8457f8a436eSJoe Stringer data->l2_len = hlen;
8467f8a436eSJoe Stringer memcpy(&data->l2_data, skb->data, hlen);
8477f8a436eSJoe Stringer
8487f8a436eSJoe Stringer memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
8497f8a436eSJoe Stringer skb_pull(skb, hlen);
8507f8a436eSJoe Stringer }
8517f8a436eSJoe Stringer
ovs_fragment(struct net * net,struct vport * vport,struct sk_buff * skb,u16 mru,struct sw_flow_key * key)852c559cd3aSEric W. Biederman static void ovs_fragment(struct net *net, struct vport *vport,
853e2d9d835SJiri Benc struct sk_buff *skb, u16 mru,
854e2d9d835SJiri Benc struct sw_flow_key *key)
8557f8a436eSJoe Stringer {
85643d95b30SAdrian Moreno enum ovs_drop_reason reason;
857c66549ffSJiri Benc u16 orig_network_offset = 0;
858c66549ffSJiri Benc
859c66549ffSJiri Benc if (eth_p_mpls(skb->protocol)) {
860c66549ffSJiri Benc orig_network_offset = skb_network_offset(skb);
861c66549ffSJiri Benc skb->network_header = skb->inner_network_header;
862c66549ffSJiri Benc }
863c66549ffSJiri Benc
8647f8a436eSJoe Stringer if (skb_network_offset(skb) > MAX_L2_LEN) {
8657f8a436eSJoe Stringer OVS_NLERR(1, "L2 header too long to fragment");
86643d95b30SAdrian Moreno reason = OVS_DROP_FRAG_L2_TOO_LONG;
867b8f22570SJoe Stringer goto err;
8687f8a436eSJoe Stringer }
8697f8a436eSJoe Stringer
870e2d9d835SJiri Benc if (key->eth.type == htons(ETH_P_IP)) {
8717c0ea593SDavide Caratti struct rtable ovs_rt = { 0 };
8727f8a436eSJoe Stringer unsigned long orig_dst;
8737f8a436eSJoe Stringer
874e2d9d835SJiri Benc prepare_frag(vport, skb, orig_network_offset,
875e2d9d835SJiri Benc ovs_key_mac_proto(key));
8767c0ea593SDavide Caratti dst_init(&ovs_rt.dst, &ovs_dst_ops, NULL, 1,
8777f8a436eSJoe Stringer DST_OBSOLETE_NONE, DST_NOCOUNT);
8787c0ea593SDavide Caratti ovs_rt.dst.dev = vport->dev;
8797f8a436eSJoe Stringer
8807f8a436eSJoe Stringer orig_dst = skb->_skb_refdst;
8817c0ea593SDavide Caratti skb_dst_set_noref(skb, &ovs_rt.dst);
8827f8a436eSJoe Stringer IPCB(skb)->frag_max_size = mru;
8837f8a436eSJoe Stringer
884694869b3SEric W. Biederman ip_do_fragment(net, skb->sk, skb, ovs_vport_output);
8857f8a436eSJoe Stringer refdst_drop(orig_dst);
886e2d9d835SJiri Benc } else if (key->eth.type == htons(ETH_P_IPV6)) {
8877f8a436eSJoe Stringer unsigned long orig_dst;
8887f8a436eSJoe Stringer struct rt6_info ovs_rt;
8897f8a436eSJoe Stringer
890e2d9d835SJiri Benc prepare_frag(vport, skb, orig_network_offset,
891e2d9d835SJiri Benc ovs_key_mac_proto(key));
8927f8a436eSJoe Stringer memset(&ovs_rt, 0, sizeof(ovs_rt));
8937f8a436eSJoe Stringer dst_init(&ovs_rt.dst, &ovs_dst_ops, NULL, 1,
8947f8a436eSJoe Stringer DST_OBSOLETE_NONE, DST_NOCOUNT);
8957f8a436eSJoe Stringer ovs_rt.dst.dev = vport->dev;
8967f8a436eSJoe Stringer
8977f8a436eSJoe Stringer orig_dst = skb->_skb_refdst;
8987f8a436eSJoe Stringer skb_dst_set_noref(skb, &ovs_rt.dst);
8997f8a436eSJoe Stringer IP6CB(skb)->frag_max_size = mru;
9007f8a436eSJoe Stringer
901a7c978c6Swenxu ipv6_stub->ipv6_fragment(net, skb->sk, skb, ovs_vport_output);
9027f8a436eSJoe Stringer refdst_drop(orig_dst);
9037f8a436eSJoe Stringer } else {
9047f8a436eSJoe Stringer WARN_ONCE(1, "Failed fragment ->%s: eth=%04x, MRU=%d, MTU=%d.",
905e2d9d835SJiri Benc ovs_vport_name(vport), ntohs(key->eth.type), mru,
9067f8a436eSJoe Stringer vport->dev->mtu);
90743d95b30SAdrian Moreno reason = OVS_DROP_FRAG_INVALID_PROTO;
908b8f22570SJoe Stringer goto err;
9097f8a436eSJoe Stringer }
910b8f22570SJoe Stringer
911b8f22570SJoe Stringer return;
912b8f22570SJoe Stringer err:
91343d95b30SAdrian Moreno ovs_kfree_skb_reason(skb, reason);
9147f8a436eSJoe Stringer }
9157f8a436eSJoe Stringer
do_output(struct datapath * dp,struct sk_buff * skb,int out_port,struct sw_flow_key * key)9167f8a436eSJoe Stringer static void do_output(struct datapath *dp, struct sk_buff *skb, int out_port,
9177f8a436eSJoe Stringer struct sw_flow_key *key)
918ccb1352eSJesse Gross {
919738967b8SAndy Zhou struct vport *vport = ovs_vport_rcu(dp, out_port);
920ccb1352eSJesse Gross
921066b8678SFelix Huettner if (likely(vport && netif_carrier_ok(vport->dev))) {
9227f8a436eSJoe Stringer u16 mru = OVS_CB(skb)->mru;
923f2a4d086SWilliam Tu u32 cutlen = OVS_CB(skb)->cutlen;
924f2a4d086SWilliam Tu
925f2a4d086SWilliam Tu if (unlikely(cutlen > 0)) {
926e2d9d835SJiri Benc if (skb->len - cutlen > ovs_mac_header_len(key))
927f2a4d086SWilliam Tu pskb_trim(skb, skb->len - cutlen);
928f2a4d086SWilliam Tu else
929e2d9d835SJiri Benc pskb_trim(skb, ovs_mac_header_len(key));
930f2a4d086SWilliam Tu }
9317f8a436eSJoe Stringer
93269c47b37SAaron Conole /* Need to set the pkt_type to involve the routing layer. The
93369c47b37SAaron Conole * packet movement through the OVS datapath doesn't generally
93469c47b37SAaron Conole * use routing, but this is needed for tunnel cases.
93569c47b37SAaron Conole */
93669c47b37SAaron Conole skb->pkt_type = PACKET_OUTGOING;
93769c47b37SAaron Conole
938738314a0SJiri Benc if (likely(!mru ||
939738314a0SJiri Benc (skb->len <= mru + vport->dev->hard_header_len))) {
940e2d9d835SJiri Benc ovs_vport_send(vport, skb, ovs_key_mac_proto(key));
9417f8a436eSJoe Stringer } else if (mru <= vport->dev->mtu) {
942c559cd3aSEric W. Biederman struct net *net = read_pnet(&dp->net);
9437f8a436eSJoe Stringer
944e2d9d835SJiri Benc ovs_fragment(net, vport, skb, mru, key);
9457f8a436eSJoe Stringer } else {
94643d95b30SAdrian Moreno kfree_skb_reason(skb, SKB_DROP_REASON_PKT_TOO_BIG);
947ccb1352eSJesse Gross }
9487f8a436eSJoe Stringer } else {
94943d95b30SAdrian Moreno kfree_skb_reason(skb, SKB_DROP_REASON_DEV_READY);
9507f8a436eSJoe Stringer }
9517f8a436eSJoe Stringer }
952ccb1352eSJesse Gross
output_userspace(struct datapath * dp,struct sk_buff * skb,struct sw_flow_key * key,const struct nlattr * attr,const struct nlattr * actions,int actions_len,uint32_t cutlen)953ccb1352eSJesse Gross static int output_userspace(struct datapath *dp, struct sk_buff *skb,
954ccea7445SNeil McKee struct sw_flow_key *key, const struct nlattr *attr,
955f2a4d086SWilliam Tu const struct nlattr *actions, int actions_len,
956f2a4d086SWilliam Tu uint32_t cutlen)
957ccb1352eSJesse Gross {
958ccb1352eSJesse Gross struct dp_upcall_info upcall;
959ccb1352eSJesse Gross const struct nlattr *a;
960ccb1352eSJesse Gross int rem;
961ccb1352eSJesse Gross
962ccea7445SNeil McKee memset(&upcall, 0, sizeof(upcall));
963ccb1352eSJesse Gross upcall.cmd = OVS_PACKET_CMD_ACTION;
9647f8a436eSJoe Stringer upcall.mru = OVS_CB(skb)->mru;
965ccb1352eSJesse Gross
966ccb1352eSJesse Gross for (a = nla_data(attr), rem = nla_len(attr); rem > 0;
967ccb1352eSJesse Gross a = nla_next(a, &rem)) {
968ccb1352eSJesse Gross switch (nla_type(a)) {
969ccb1352eSJesse Gross case OVS_USERSPACE_ATTR_USERDATA:
970ccb1352eSJesse Gross upcall.userdata = a;
971ccb1352eSJesse Gross break;
972ccb1352eSJesse Gross
973ccb1352eSJesse Gross case OVS_USERSPACE_ATTR_PID:
974784dcfa5SMark Gray if (dp->user_features &
975784dcfa5SMark Gray OVS_DP_F_DISPATCH_UPCALL_PER_CPU)
976b83d23a2SMark Gray upcall.portid =
977784dcfa5SMark Gray ovs_dp_get_upcall_portid(dp,
978784dcfa5SMark Gray smp_processor_id());
979b83d23a2SMark Gray else
98015e47304SEric W. Biederman upcall.portid = nla_get_u32(a);
981ccb1352eSJesse Gross break;
9828f0aad6fSWenyu Zhang
9838f0aad6fSWenyu Zhang case OVS_USERSPACE_ATTR_EGRESS_TUN_PORT: {
9848f0aad6fSWenyu Zhang /* Get out tunnel info. */
9858f0aad6fSWenyu Zhang struct vport *vport;
9868f0aad6fSWenyu Zhang
9878f0aad6fSWenyu Zhang vport = ovs_vport_rcu(dp, nla_get_u32(a));
9888f0aad6fSWenyu Zhang if (vport) {
9898f0aad6fSWenyu Zhang int err;
9908f0aad6fSWenyu Zhang
991fc4099f1SPravin B Shelar err = dev_fill_metadata_dst(vport->dev, skb);
992fc4099f1SPravin B Shelar if (!err)
993fc4099f1SPravin B Shelar upcall.egress_tun_info = skb_tunnel_info(skb);
994ccb1352eSJesse Gross }
9954c222798SPravin B Shelar
9968f0aad6fSWenyu Zhang break;
9978f0aad6fSWenyu Zhang }
9988f0aad6fSWenyu Zhang
999ccea7445SNeil McKee case OVS_USERSPACE_ATTR_ACTIONS: {
1000ccea7445SNeil McKee /* Include actions. */
1001ccea7445SNeil McKee upcall.actions = actions;
1002ccea7445SNeil McKee upcall.actions_len = actions_len;
1003ccea7445SNeil McKee break;
1004ccea7445SNeil McKee }
1005ccea7445SNeil McKee
10068f0aad6fSWenyu Zhang } /* End of switch. */
1007ccb1352eSJesse Gross }
1008ccb1352eSJesse Gross
1009f2a4d086SWilliam Tu return ovs_dp_upcall(dp, skb, key, &upcall, cutlen);
1010ccb1352eSJesse Gross }
1011ccb1352eSJesse Gross
dec_ttl_exception_handler(struct datapath * dp,struct sk_buff * skb,struct sw_flow_key * key,const struct nlattr * attr)1012744676e7SMatteo Croce static int dec_ttl_exception_handler(struct datapath *dp, struct sk_buff *skb,
1013744676e7SMatteo Croce struct sw_flow_key *key,
1014a5317f3bSEelco Chaudron const struct nlattr *attr)
1015744676e7SMatteo Croce {
101609d62172SEelco Chaudron /* The first attribute is always 'OVS_DEC_TTL_ATTR_ACTION'. */
101709d62172SEelco Chaudron struct nlattr *actions = nla_data(attr);
1018744676e7SMatteo Croce
101909d62172SEelco Chaudron if (nla_len(actions))
102069929d4cSEelco Chaudron return clone_execute(dp, skb, key, 0, nla_data(actions),
1021a5317f3bSEelco Chaudron nla_len(actions), true, false);
102209d62172SEelco Chaudron
102343d95b30SAdrian Moreno ovs_kfree_skb_reason(skb, OVS_DROP_IP_TTL);
1024744676e7SMatteo Croce return 0;
1025744676e7SMatteo Croce }
1026744676e7SMatteo Croce
1027798c1661Sandy zhou /* When 'last' is true, sample() should always consume the 'skb'.
1028798c1661Sandy zhou * Otherwise, sample() should keep 'skb' intact regardless what
1029798c1661Sandy zhou * actions are executed within sample().
1030798c1661Sandy zhou */
sample(struct datapath * dp,struct sk_buff * skb,struct sw_flow_key * key,const struct nlattr * attr,bool last)1031ccb1352eSJesse Gross static int sample(struct datapath *dp, struct sk_buff *skb,
1032ccea7445SNeil McKee struct sw_flow_key *key, const struct nlattr *attr,
1033798c1661Sandy zhou bool last)
1034ccb1352eSJesse Gross {
1035798c1661Sandy zhou struct nlattr *actions;
1036798c1661Sandy zhou struct nlattr *sample_arg;
1037798c1661Sandy zhou int rem = nla_len(attr);
1038798c1661Sandy zhou const struct sample_arg *arg;
1039bef7f756Sandy zhou bool clone_flow_key;
1040ccb1352eSJesse Gross
1041798c1661Sandy zhou /* The first action is always 'OVS_SAMPLE_ATTR_ARG'. */
1042798c1661Sandy zhou sample_arg = nla_data(attr);
1043798c1661Sandy zhou arg = nla_data(sample_arg);
1044798c1661Sandy zhou actions = nla_next(sample_arg, &rem);
1045e05176a3SWenyu Zhang
1046798c1661Sandy zhou if ((arg->probability != U32_MAX) &&
1047a251c17aSJason A. Donenfeld (!arg->probability || get_random_u32() > arg->probability)) {
1048798c1661Sandy zhou if (last)
10499d802da4SAdrian Moreno ovs_kfree_skb_reason(skb, OVS_DROP_LAST_ACTION);
1050ccb1352eSJesse Gross return 0;
1051ccb1352eSJesse Gross }
1052ccb1352eSJesse Gross
1053bef7f756Sandy zhou clone_flow_key = !arg->exec;
1054bef7f756Sandy zhou return clone_execute(dp, skb, key, 0, actions, rem, last,
1055bef7f756Sandy zhou clone_flow_key);
1056971427f3SAndy Zhou }
1057971427f3SAndy Zhou
1058b2335040SYifeng Sun /* When 'last' is true, clone() should always consume the 'skb'.
1059b2335040SYifeng Sun * Otherwise, clone() should keep 'skb' intact regardless what
1060b2335040SYifeng Sun * actions are executed within clone().
1061b2335040SYifeng Sun */
clone(struct datapath * dp,struct sk_buff * skb,struct sw_flow_key * key,const struct nlattr * attr,bool last)1062b2335040SYifeng Sun static int clone(struct datapath *dp, struct sk_buff *skb,
1063b2335040SYifeng Sun struct sw_flow_key *key, const struct nlattr *attr,
1064b2335040SYifeng Sun bool last)
1065b2335040SYifeng Sun {
1066b2335040SYifeng Sun struct nlattr *actions;
1067b2335040SYifeng Sun struct nlattr *clone_arg;
1068b2335040SYifeng Sun int rem = nla_len(attr);
1069b2335040SYifeng Sun bool dont_clone_flow_key;
1070b2335040SYifeng Sun
10713f2a3050SIlya Maximets /* The first action is always 'OVS_CLONE_ATTR_EXEC'. */
1072b2335040SYifeng Sun clone_arg = nla_data(attr);
1073b2335040SYifeng Sun dont_clone_flow_key = nla_get_u32(clone_arg);
1074b2335040SYifeng Sun actions = nla_next(clone_arg, &rem);
1075b2335040SYifeng Sun
1076b2335040SYifeng Sun return clone_execute(dp, skb, key, 0, actions, rem, last,
1077b2335040SYifeng Sun !dont_clone_flow_key);
1078b2335040SYifeng Sun }
1079b2335040SYifeng Sun
execute_hash(struct sk_buff * skb,struct sw_flow_key * key,const struct nlattr * attr)1080971427f3SAndy Zhou static void execute_hash(struct sk_buff *skb, struct sw_flow_key *key,
1081971427f3SAndy Zhou const struct nlattr *attr)
1082971427f3SAndy Zhou {
1083971427f3SAndy Zhou struct ovs_action_hash *hash_act = nla_data(attr);
1084971427f3SAndy Zhou u32 hash = 0;
1085971427f3SAndy Zhou
1086e069ba07SAaron Conole if (hash_act->hash_alg == OVS_HASH_ALG_L4) {
1087e069ba07SAaron Conole /* OVS_HASH_ALG_L4 hasing type. */
1088971427f3SAndy Zhou hash = skb_get_hash(skb);
1089e069ba07SAaron Conole } else if (hash_act->hash_alg == OVS_HASH_ALG_SYM_L4) {
1090e069ba07SAaron Conole /* OVS_HASH_ALG_SYM_L4 hashing type. NOTE: this doesn't
1091e069ba07SAaron Conole * extend past an encapsulated header.
1092e069ba07SAaron Conole */
1093e069ba07SAaron Conole hash = __skb_get_hash_symmetric(skb);
1094e069ba07SAaron Conole }
1095e069ba07SAaron Conole
1096971427f3SAndy Zhou hash = jhash_1word(hash, hash_act->hash_basis);
1097971427f3SAndy Zhou if (!hash)
1098971427f3SAndy Zhou hash = 0x1;
1099971427f3SAndy Zhou
1100971427f3SAndy Zhou key->ovs_flow_hash = hash;
1101ccb1352eSJesse Gross }
1102ccb1352eSJesse Gross
execute_set_action(struct sk_buff * skb,struct sw_flow_key * flow_key,const struct nlattr * a)110383d2b9baSJarno Rajahalme static int execute_set_action(struct sk_buff *skb,
110483d2b9baSJarno Rajahalme struct sw_flow_key *flow_key,
110583d2b9baSJarno Rajahalme const struct nlattr *a)
110683d2b9baSJarno Rajahalme {
110783d2b9baSJarno Rajahalme /* Only tunnel set execution is supported without a mask. */
110883d2b9baSJarno Rajahalme if (nla_type(a) == OVS_KEY_ATTR_TUNNEL_INFO) {
110934ae932aSThomas Graf struct ovs_tunnel_info *tun = nla_data(a);
111034ae932aSThomas Graf
111134ae932aSThomas Graf skb_dst_drop(skb);
111234ae932aSThomas Graf dst_hold((struct dst_entry *)tun->tun_dst);
111334ae932aSThomas Graf skb_dst_set(skb, (struct dst_entry *)tun->tun_dst);
111483d2b9baSJarno Rajahalme return 0;
111583d2b9baSJarno Rajahalme }
111683d2b9baSJarno Rajahalme
111783d2b9baSJarno Rajahalme return -EINVAL;
111883d2b9baSJarno Rajahalme }
111983d2b9baSJarno Rajahalme
112083d2b9baSJarno Rajahalme /* Mask is at the midpoint of the data. */
112183d2b9baSJarno Rajahalme #define get_mask(a, type) ((const type)nla_data(a) + 1)
112283d2b9baSJarno Rajahalme
execute_masked_set_action(struct sk_buff * skb,struct sw_flow_key * flow_key,const struct nlattr * a)112383d2b9baSJarno Rajahalme static int execute_masked_set_action(struct sk_buff *skb,
112483d2b9baSJarno Rajahalme struct sw_flow_key *flow_key,
112583d2b9baSJarno Rajahalme const struct nlattr *a)
1126ccb1352eSJesse Gross {
1127ccb1352eSJesse Gross int err = 0;
1128ccb1352eSJesse Gross
112983d2b9baSJarno Rajahalme switch (nla_type(a)) {
1130ccb1352eSJesse Gross case OVS_KEY_ATTR_PRIORITY:
1131be26b9a8SJoe Stringer OVS_SET_MASKED(skb->priority, nla_get_u32(a),
1132be26b9a8SJoe Stringer *get_mask(a, u32 *));
113383d2b9baSJarno Rajahalme flow_key->phy.priority = skb->priority;
1134ccb1352eSJesse Gross break;
1135ccb1352eSJesse Gross
113639c7caebSAnsis Atteka case OVS_KEY_ATTR_SKB_MARK:
1137be26b9a8SJoe Stringer OVS_SET_MASKED(skb->mark, nla_get_u32(a), *get_mask(a, u32 *));
113883d2b9baSJarno Rajahalme flow_key->phy.skb_mark = skb->mark;
113939c7caebSAnsis Atteka break;
114039c7caebSAnsis Atteka
1141f0b128c1SJesse Gross case OVS_KEY_ATTR_TUNNEL_INFO:
114283d2b9baSJarno Rajahalme /* Masked data not supported for tunnel. */
114383d2b9baSJarno Rajahalme err = -EINVAL;
11447d5437c7SPravin B Shelar break;
11457d5437c7SPravin B Shelar
1146ccb1352eSJesse Gross case OVS_KEY_ATTR_ETHERNET:
114783d2b9baSJarno Rajahalme err = set_eth_addr(skb, flow_key, nla_data(a),
114883d2b9baSJarno Rajahalme get_mask(a, struct ovs_key_ethernet *));
1149ccb1352eSJesse Gross break;
1150ccb1352eSJesse Gross
1151b2d0f5d5SYi Yang case OVS_KEY_ATTR_NSH:
1152b2d0f5d5SYi Yang err = set_nsh(skb, flow_key, a);
1153b2d0f5d5SYi Yang break;
1154b2d0f5d5SYi Yang
1155ccb1352eSJesse Gross case OVS_KEY_ATTR_IPV4:
115683d2b9baSJarno Rajahalme err = set_ipv4(skb, flow_key, nla_data(a),
115783d2b9baSJarno Rajahalme get_mask(a, struct ovs_key_ipv4 *));
1158ccb1352eSJesse Gross break;
1159ccb1352eSJesse Gross
11603fdbd1ceSAnsis Atteka case OVS_KEY_ATTR_IPV6:
116183d2b9baSJarno Rajahalme err = set_ipv6(skb, flow_key, nla_data(a),
116283d2b9baSJarno Rajahalme get_mask(a, struct ovs_key_ipv6 *));
11633fdbd1ceSAnsis Atteka break;
11643fdbd1ceSAnsis Atteka
1165ccb1352eSJesse Gross case OVS_KEY_ATTR_TCP:
116683d2b9baSJarno Rajahalme err = set_tcp(skb, flow_key, nla_data(a),
116783d2b9baSJarno Rajahalme get_mask(a, struct ovs_key_tcp *));
1168ccb1352eSJesse Gross break;
1169ccb1352eSJesse Gross
1170ccb1352eSJesse Gross case OVS_KEY_ATTR_UDP:
117183d2b9baSJarno Rajahalme err = set_udp(skb, flow_key, nla_data(a),
117283d2b9baSJarno Rajahalme get_mask(a, struct ovs_key_udp *));
1173ccb1352eSJesse Gross break;
1174a175a723SJoe Stringer
1175a175a723SJoe Stringer case OVS_KEY_ATTR_SCTP:
117683d2b9baSJarno Rajahalme err = set_sctp(skb, flow_key, nla_data(a),
117783d2b9baSJarno Rajahalme get_mask(a, struct ovs_key_sctp *));
1178a175a723SJoe Stringer break;
117925cd9ba0SSimon Horman
118025cd9ba0SSimon Horman case OVS_KEY_ATTR_MPLS:
118183d2b9baSJarno Rajahalme err = set_mpls(skb, flow_key, nla_data(a), get_mask(a,
118283d2b9baSJarno Rajahalme __be32 *));
118325cd9ba0SSimon Horman break;
11847f8a436eSJoe Stringer
11857f8a436eSJoe Stringer case OVS_KEY_ATTR_CT_STATE:
11867f8a436eSJoe Stringer case OVS_KEY_ATTR_CT_ZONE:
1187182e3042SJoe Stringer case OVS_KEY_ATTR_CT_MARK:
118833db4125SJoe Stringer case OVS_KEY_ATTR_CT_LABELS:
11899dd7f890SJarno Rajahalme case OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4:
11909dd7f890SJarno Rajahalme case OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6:
11917f8a436eSJoe Stringer err = -EINVAL;
11927f8a436eSJoe Stringer break;
1193ccb1352eSJesse Gross }
1194ccb1352eSJesse Gross
1195ccb1352eSJesse Gross return err;
1196ccb1352eSJesse Gross }
1197ccb1352eSJesse Gross
execute_recirc(struct datapath * dp,struct sk_buff * skb,struct sw_flow_key * key,const struct nlattr * a,bool last)1198971427f3SAndy Zhou static int execute_recirc(struct datapath *dp, struct sk_buff *skb,
1199971427f3SAndy Zhou struct sw_flow_key *key,
1200bef7f756Sandy zhou const struct nlattr *a, bool last)
1201971427f3SAndy Zhou {
1202bef7f756Sandy zhou u32 recirc_id;
1203fff06c36SPravin B Shelar
1204fff06c36SPravin B Shelar if (!is_flow_key_valid(key)) {
1205971427f3SAndy Zhou int err;
1206971427f3SAndy Zhou
1207971427f3SAndy Zhou err = ovs_flow_key_update(skb, key);
1208971427f3SAndy Zhou if (err)
1209971427f3SAndy Zhou return err;
1210fff06c36SPravin B Shelar }
1211fff06c36SPravin B Shelar BUG_ON(!is_flow_key_valid(key));
1212971427f3SAndy Zhou
1213bef7f756Sandy zhou recirc_id = nla_get_u32(a);
1214bef7f756Sandy zhou return clone_execute(dp, skb, key, recirc_id, NULL, 0, last, true);
1215971427f3SAndy Zhou }
1216971427f3SAndy Zhou
execute_check_pkt_len(struct datapath * dp,struct sk_buff * skb,struct sw_flow_key * key,const struct nlattr * attr,bool last)12174d5ec89fSNuman Siddique static int execute_check_pkt_len(struct datapath *dp, struct sk_buff *skb,
12184d5ec89fSNuman Siddique struct sw_flow_key *key,
12194d5ec89fSNuman Siddique const struct nlattr *attr, bool last)
12204d5ec89fSNuman Siddique {
122117843655SLorenzo Bianconi struct ovs_skb_cb *ovs_cb = OVS_CB(skb);
12224d5ec89fSNuman Siddique const struct nlattr *actions, *cpl_arg;
122317843655SLorenzo Bianconi int len, max_len, rem = nla_len(attr);
12244d5ec89fSNuman Siddique const struct check_pkt_len_arg *arg;
12254d5ec89fSNuman Siddique bool clone_flow_key;
12264d5ec89fSNuman Siddique
12274d5ec89fSNuman Siddique /* The first netlink attribute in 'attr' is always
12284d5ec89fSNuman Siddique * 'OVS_CHECK_PKT_LEN_ATTR_ARG'.
12294d5ec89fSNuman Siddique */
12304d5ec89fSNuman Siddique cpl_arg = nla_data(attr);
12314d5ec89fSNuman Siddique arg = nla_data(cpl_arg);
12324d5ec89fSNuman Siddique
123317843655SLorenzo Bianconi len = ovs_cb->mru ? ovs_cb->mru + skb->mac_len : skb->len;
123417843655SLorenzo Bianconi max_len = arg->pkt_len;
123517843655SLorenzo Bianconi
123617843655SLorenzo Bianconi if ((skb_is_gso(skb) && skb_gso_validate_mac_len(skb, max_len)) ||
123717843655SLorenzo Bianconi len <= max_len) {
12384d5ec89fSNuman Siddique /* Second netlink attribute in 'attr' is always
12394d5ec89fSNuman Siddique * 'OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL'.
12404d5ec89fSNuman Siddique */
12414d5ec89fSNuman Siddique actions = nla_next(cpl_arg, &rem);
12424d5ec89fSNuman Siddique clone_flow_key = !arg->exec_for_lesser_equal;
12434d5ec89fSNuman Siddique } else {
12444d5ec89fSNuman Siddique /* Third netlink attribute in 'attr' is always
12454d5ec89fSNuman Siddique * 'OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER'.
12464d5ec89fSNuman Siddique */
12474d5ec89fSNuman Siddique actions = nla_next(cpl_arg, &rem);
12484d5ec89fSNuman Siddique actions = nla_next(actions, &rem);
12494d5ec89fSNuman Siddique clone_flow_key = !arg->exec_for_greater;
12504d5ec89fSNuman Siddique }
12514d5ec89fSNuman Siddique
12524d5ec89fSNuman Siddique return clone_execute(dp, skb, key, 0, nla_data(actions),
12534d5ec89fSNuman Siddique nla_len(actions), last, clone_flow_key);
12544d5ec89fSNuman Siddique }
12554d5ec89fSNuman Siddique
execute_dec_ttl(struct sk_buff * skb,struct sw_flow_key * key)1256744676e7SMatteo Croce static int execute_dec_ttl(struct sk_buff *skb, struct sw_flow_key *key)
1257744676e7SMatteo Croce {
1258744676e7SMatteo Croce int err;
1259744676e7SMatteo Croce
1260744676e7SMatteo Croce if (skb->protocol == htons(ETH_P_IPV6)) {
1261744676e7SMatteo Croce struct ipv6hdr *nh;
1262744676e7SMatteo Croce
1263744676e7SMatteo Croce err = skb_ensure_writable(skb, skb_network_offset(skb) +
1264744676e7SMatteo Croce sizeof(*nh));
1265744676e7SMatteo Croce if (unlikely(err))
1266744676e7SMatteo Croce return err;
1267744676e7SMatteo Croce
1268744676e7SMatteo Croce nh = ipv6_hdr(skb);
1269744676e7SMatteo Croce
1270744676e7SMatteo Croce if (nh->hop_limit <= 1)
1271744676e7SMatteo Croce return -EHOSTUNREACH;
1272744676e7SMatteo Croce
1273744676e7SMatteo Croce key->ip.ttl = --nh->hop_limit;
127409d62172SEelco Chaudron } else if (skb->protocol == htons(ETH_P_IP)) {
1275744676e7SMatteo Croce struct iphdr *nh;
1276744676e7SMatteo Croce u8 old_ttl;
1277744676e7SMatteo Croce
1278744676e7SMatteo Croce err = skb_ensure_writable(skb, skb_network_offset(skb) +
1279744676e7SMatteo Croce sizeof(*nh));
1280744676e7SMatteo Croce if (unlikely(err))
1281744676e7SMatteo Croce return err;
1282744676e7SMatteo Croce
1283744676e7SMatteo Croce nh = ip_hdr(skb);
1284744676e7SMatteo Croce if (nh->ttl <= 1)
1285744676e7SMatteo Croce return -EHOSTUNREACH;
1286744676e7SMatteo Croce
1287744676e7SMatteo Croce old_ttl = nh->ttl--;
1288744676e7SMatteo Croce csum_replace2(&nh->check, htons(old_ttl << 8),
1289744676e7SMatteo Croce htons(nh->ttl << 8));
1290744676e7SMatteo Croce key->ip.ttl = nh->ttl;
1291744676e7SMatteo Croce }
1292744676e7SMatteo Croce return 0;
1293744676e7SMatteo Croce }
1294744676e7SMatteo Croce
1295ccb1352eSJesse Gross /* Execute a list of actions against 'skb'. */
do_execute_actions(struct datapath * dp,struct sk_buff * skb,struct sw_flow_key * key,const struct nlattr * attr,int len)1296ccb1352eSJesse Gross static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
12972ff3e4e4SPravin B Shelar struct sw_flow_key *key,
1298651887b0SSimon Horman const struct nlattr *attr, int len)
1299ccb1352eSJesse Gross {
1300ccb1352eSJesse Gross const struct nlattr *a;
1301ccb1352eSJesse Gross int rem;
1302ccb1352eSJesse Gross
1303ccb1352eSJesse Gross for (a = attr, rem = len; rem > 0;
1304ccb1352eSJesse Gross a = nla_next(a, &rem)) {
1305ccb1352eSJesse Gross int err = 0;
1306ccb1352eSJesse Gross
1307c4ab7b56SAaron Conole if (trace_ovs_do_execute_action_enabled())
1308c4ab7b56SAaron Conole trace_ovs_do_execute_action(dp, skb, key, a, rem);
1309c4ab7b56SAaron Conole
13109d802da4SAdrian Moreno /* Actions that rightfully have to consume the skb should do it
13119d802da4SAdrian Moreno * and return directly.
13129d802da4SAdrian Moreno */
13135b8784aaSandy zhou switch (nla_type(a)) {
13145b8784aaSandy zhou case OVS_ACTION_ATTR_OUTPUT: {
13155b8784aaSandy zhou int port = nla_get_u32(a);
13165b8784aaSandy zhou struct sk_buff *clone;
1317738967b8SAndy Zhou
13185b8784aaSandy zhou /* Every output action needs a separate clone
13195b8784aaSandy zhou * of 'skb', In case the output action is the
13205b8784aaSandy zhou * last action, cloning can be avoided.
13215b8784aaSandy zhou */
13225b8784aaSandy zhou if (nla_is_last(a, rem)) {
13235b8784aaSandy zhou do_output(dp, skb, port, key);
13245b8784aaSandy zhou /* 'skb' has been used for output.
13255b8784aaSandy zhou */
13265b8784aaSandy zhou return 0;
1327ccb1352eSJesse Gross }
1328ccb1352eSJesse Gross
13295b8784aaSandy zhou clone = skb_clone(skb, GFP_ATOMIC);
13305b8784aaSandy zhou if (clone)
13315b8784aaSandy zhou do_output(dp, clone, port, key);
13325b8784aaSandy zhou OVS_CB(skb)->cutlen = 0;
1333ccb1352eSJesse Gross break;
13345b8784aaSandy zhou }
1335ccb1352eSJesse Gross
1336f2a4d086SWilliam Tu case OVS_ACTION_ATTR_TRUNC: {
1337f2a4d086SWilliam Tu struct ovs_action_trunc *trunc = nla_data(a);
1338f2a4d086SWilliam Tu
1339f2a4d086SWilliam Tu if (skb->len > trunc->max_len)
1340f2a4d086SWilliam Tu OVS_CB(skb)->cutlen = skb->len - trunc->max_len;
1341f2a4d086SWilliam Tu break;
1342f2a4d086SWilliam Tu }
1343f2a4d086SWilliam Tu
1344ccb1352eSJesse Gross case OVS_ACTION_ATTR_USERSPACE:
1345f2a4d086SWilliam Tu output_userspace(dp, skb, key, a, attr,
1346f2a4d086SWilliam Tu len, OVS_CB(skb)->cutlen);
1347f2a4d086SWilliam Tu OVS_CB(skb)->cutlen = 0;
13489d802da4SAdrian Moreno if (nla_is_last(a, rem)) {
13499d802da4SAdrian Moreno consume_skb(skb);
13509d802da4SAdrian Moreno return 0;
13519d802da4SAdrian Moreno }
1352ccb1352eSJesse Gross break;
1353ccb1352eSJesse Gross
1354971427f3SAndy Zhou case OVS_ACTION_ATTR_HASH:
1355971427f3SAndy Zhou execute_hash(skb, key, a);
1356971427f3SAndy Zhou break;
1357971427f3SAndy Zhou
1358f66b53fdSMartin Varghese case OVS_ACTION_ATTR_PUSH_MPLS: {
1359f66b53fdSMartin Varghese struct ovs_action_push_mpls *mpls = nla_data(a);
136025cd9ba0SSimon Horman
1361f66b53fdSMartin Varghese err = push_mpls(skb, key, mpls->mpls_lse,
1362f66b53fdSMartin Varghese mpls->mpls_ethertype, skb->mac_len);
1363f66b53fdSMartin Varghese break;
1364f66b53fdSMartin Varghese }
1365f66b53fdSMartin Varghese case OVS_ACTION_ATTR_ADD_MPLS: {
1366f66b53fdSMartin Varghese struct ovs_action_add_mpls *mpls = nla_data(a);
1367f66b53fdSMartin Varghese __u16 mac_len = 0;
1368f66b53fdSMartin Varghese
1369f66b53fdSMartin Varghese if (mpls->tun_flags & OVS_MPLS_L3_TUNNEL_FLAG_MASK)
1370f66b53fdSMartin Varghese mac_len = skb->mac_len;
1371f66b53fdSMartin Varghese
1372f66b53fdSMartin Varghese err = push_mpls(skb, key, mpls->mpls_lse,
1373f66b53fdSMartin Varghese mpls->mpls_ethertype, mac_len);
1374f66b53fdSMartin Varghese break;
1375f66b53fdSMartin Varghese }
137625cd9ba0SSimon Horman case OVS_ACTION_ATTR_POP_MPLS:
1377fff06c36SPravin B Shelar err = pop_mpls(skb, key, nla_get_be16(a));
137825cd9ba0SSimon Horman break;
137925cd9ba0SSimon Horman
1380ccb1352eSJesse Gross case OVS_ACTION_ATTR_PUSH_VLAN:
1381fff06c36SPravin B Shelar err = push_vlan(skb, key, nla_data(a));
1382ccb1352eSJesse Gross break;
1383ccb1352eSJesse Gross
1384ccb1352eSJesse Gross case OVS_ACTION_ATTR_POP_VLAN:
1385fff06c36SPravin B Shelar err = pop_vlan(skb, key);
1386ccb1352eSJesse Gross break;
1387ccb1352eSJesse Gross
1388bef7f756Sandy zhou case OVS_ACTION_ATTR_RECIRC: {
1389bef7f756Sandy zhou bool last = nla_is_last(a, rem);
1390bef7f756Sandy zhou
1391bef7f756Sandy zhou err = execute_recirc(dp, skb, key, a, last);
1392bef7f756Sandy zhou if (last) {
1393971427f3SAndy Zhou /* If this is the last action, the skb has
1394971427f3SAndy Zhou * been consumed or freed.
1395971427f3SAndy Zhou * Return immediately.
1396971427f3SAndy Zhou */
1397971427f3SAndy Zhou return err;
1398971427f3SAndy Zhou }
1399971427f3SAndy Zhou break;
1400bef7f756Sandy zhou }
1401971427f3SAndy Zhou
1402ccb1352eSJesse Gross case OVS_ACTION_ATTR_SET:
1403fff06c36SPravin B Shelar err = execute_set_action(skb, key, nla_data(a));
1404ccb1352eSJesse Gross break;
1405ccb1352eSJesse Gross
140683d2b9baSJarno Rajahalme case OVS_ACTION_ATTR_SET_MASKED:
140783d2b9baSJarno Rajahalme case OVS_ACTION_ATTR_SET_TO_MASKED:
140883d2b9baSJarno Rajahalme err = execute_masked_set_action(skb, key, nla_data(a));
140983d2b9baSJarno Rajahalme break;
141083d2b9baSJarno Rajahalme
1411798c1661Sandy zhou case OVS_ACTION_ATTR_SAMPLE: {
1412798c1661Sandy zhou bool last = nla_is_last(a, rem);
1413798c1661Sandy zhou
1414798c1661Sandy zhou err = sample(dp, skb, key, a, last);
1415798c1661Sandy zhou if (last)
1416798c1661Sandy zhou return err;
1417798c1661Sandy zhou
1418ccb1352eSJesse Gross break;
1419798c1661Sandy zhou }
14207f8a436eSJoe Stringer
14217f8a436eSJoe Stringer case OVS_ACTION_ATTR_CT:
1422ec0d043dSJoe Stringer if (!is_flow_key_valid(key)) {
1423ec0d043dSJoe Stringer err = ovs_flow_key_update(skb, key);
1424ec0d043dSJoe Stringer if (err)
1425ec0d043dSJoe Stringer return err;
1426ec0d043dSJoe Stringer }
1427ec0d043dSJoe Stringer
14287f8a436eSJoe Stringer err = ovs_ct_execute(ovs_dp_get_net(dp), skb, key,
14297f8a436eSJoe Stringer nla_data(a));
14307f8a436eSJoe Stringer
14317f8a436eSJoe Stringer /* Hide stolen IP fragments from user space. */
143274c16618SJoe Stringer if (err)
143374c16618SJoe Stringer return err == -EINPROGRESS ? 0 : err;
14347f8a436eSJoe Stringer break;
143591820da6SJiri Benc
1436b8226962SEric Garver case OVS_ACTION_ATTR_CT_CLEAR:
1437b8226962SEric Garver err = ovs_ct_clear(skb, key);
1438b8226962SEric Garver break;
1439b8226962SEric Garver
144091820da6SJiri Benc case OVS_ACTION_ATTR_PUSH_ETH:
144191820da6SJiri Benc err = push_eth(skb, key, nla_data(a));
144291820da6SJiri Benc break;
144391820da6SJiri Benc
144491820da6SJiri Benc case OVS_ACTION_ATTR_POP_ETH:
144591820da6SJiri Benc err = pop_eth(skb, key);
144691820da6SJiri Benc break;
1447b2d0f5d5SYi Yang
1448b2d0f5d5SYi Yang case OVS_ACTION_ATTR_PUSH_NSH: {
1449b2d0f5d5SYi Yang u8 buffer[NSH_HDR_MAX_LEN];
1450b2d0f5d5SYi Yang struct nshhdr *nh = (struct nshhdr *)buffer;
1451b2d0f5d5SYi Yang
1452b2d0f5d5SYi Yang err = nsh_hdr_from_nlattr(nla_data(a), nh,
1453b2d0f5d5SYi Yang NSH_HDR_MAX_LEN);
1454b2d0f5d5SYi Yang if (unlikely(err))
1455b2d0f5d5SYi Yang break;
1456b2d0f5d5SYi Yang err = push_nsh(skb, key, nh);
1457b2d0f5d5SYi Yang break;
1458b2d0f5d5SYi Yang }
1459b2d0f5d5SYi Yang
1460b2d0f5d5SYi Yang case OVS_ACTION_ATTR_POP_NSH:
1461b2d0f5d5SYi Yang err = pop_nsh(skb, key);
1462b2d0f5d5SYi Yang break;
1463cd8a6c33SAndy Zhou
1464cd8a6c33SAndy Zhou case OVS_ACTION_ATTR_METER:
1465cd8a6c33SAndy Zhou if (ovs_meter_execute(dp, skb, key, nla_get_u32(a))) {
1466f329d1bcSAdrian Moreno ovs_kfree_skb_reason(skb, OVS_DROP_METER);
1467cd8a6c33SAndy Zhou return 0;
1468cd8a6c33SAndy Zhou }
1469b2335040SYifeng Sun break;
1470b2335040SYifeng Sun
1471b2335040SYifeng Sun case OVS_ACTION_ATTR_CLONE: {
1472b2335040SYifeng Sun bool last = nla_is_last(a, rem);
1473b2335040SYifeng Sun
1474b2335040SYifeng Sun err = clone(dp, skb, key, a, last);
1475b2335040SYifeng Sun if (last)
1476b2335040SYifeng Sun return err;
1477b2335040SYifeng Sun
1478b2335040SYifeng Sun break;
1479b2335040SYifeng Sun }
14804d5ec89fSNuman Siddique
14814d5ec89fSNuman Siddique case OVS_ACTION_ATTR_CHECK_PKT_LEN: {
14824d5ec89fSNuman Siddique bool last = nla_is_last(a, rem);
14834d5ec89fSNuman Siddique
14844d5ec89fSNuman Siddique err = execute_check_pkt_len(dp, skb, key, a, last);
14854d5ec89fSNuman Siddique if (last)
14864d5ec89fSNuman Siddique return err;
14874d5ec89fSNuman Siddique
14884d5ec89fSNuman Siddique break;
14894d5ec89fSNuman Siddique }
1490744676e7SMatteo Croce
1491744676e7SMatteo Croce case OVS_ACTION_ATTR_DEC_TTL:
1492744676e7SMatteo Croce err = execute_dec_ttl(skb, key);
1493a5317f3bSEelco Chaudron if (err == -EHOSTUNREACH)
1494a5317f3bSEelco Chaudron return dec_ttl_exception_handler(dp, skb,
1495a5317f3bSEelco Chaudron key, a);
1496744676e7SMatteo Croce break;
1497e7bc7db9SEric Garver
1498e7bc7db9SEric Garver case OVS_ACTION_ATTR_DROP: {
1499e7bc7db9SEric Garver enum ovs_drop_reason reason = nla_get_u32(a)
1500e7bc7db9SEric Garver ? OVS_DROP_EXPLICIT_WITH_ERROR
1501e7bc7db9SEric Garver : OVS_DROP_EXPLICIT;
1502e7bc7db9SEric Garver
1503e7bc7db9SEric Garver ovs_kfree_skb_reason(skb, reason);
1504e7bc7db9SEric Garver return 0;
1505e7bc7db9SEric Garver }
1506ccb1352eSJesse Gross }
1507ccb1352eSJesse Gross
1508ccb1352eSJesse Gross if (unlikely(err)) {
1509ec7bfb5eSAdrian Moreno ovs_kfree_skb_reason(skb, OVS_DROP_ACTION_ERROR);
1510ccb1352eSJesse Gross return err;
1511ccb1352eSJesse Gross }
1512ccb1352eSJesse Gross }
1513ccb1352eSJesse Gross
15149d802da4SAdrian Moreno ovs_kfree_skb_reason(skb, OVS_DROP_LAST_ACTION);
1515ccb1352eSJesse Gross return 0;
1516ccb1352eSJesse Gross }
1517ccb1352eSJesse Gross
1518bef7f756Sandy zhou /* Execute the actions on the clone of the packet. The effect of the
1519bef7f756Sandy zhou * execution does not affect the original 'skb' nor the original 'key'.
1520bef7f756Sandy zhou *
1521bef7f756Sandy zhou * The execution may be deferred in case the actions can not be executed
1522bef7f756Sandy zhou * immediately.
1523bef7f756Sandy zhou */
clone_execute(struct datapath * dp,struct sk_buff * skb,struct sw_flow_key * key,u32 recirc_id,const struct nlattr * actions,int len,bool last,bool clone_flow_key)1524bef7f756Sandy zhou static int clone_execute(struct datapath *dp, struct sk_buff *skb,
1525bef7f756Sandy zhou struct sw_flow_key *key, u32 recirc_id,
1526bef7f756Sandy zhou const struct nlattr *actions, int len,
1527bef7f756Sandy zhou bool last, bool clone_flow_key)
1528bef7f756Sandy zhou {
1529bef7f756Sandy zhou struct deferred_action *da;
1530bef7f756Sandy zhou struct sw_flow_key *clone;
1531bef7f756Sandy zhou
1532bef7f756Sandy zhou skb = last ? skb : skb_clone(skb, GFP_ATOMIC);
1533bef7f756Sandy zhou if (!skb) {
1534bef7f756Sandy zhou /* Out of memory, skip this action.
1535bef7f756Sandy zhou */
1536bef7f756Sandy zhou return 0;
1537bef7f756Sandy zhou }
1538bef7f756Sandy zhou
1539bef7f756Sandy zhou /* When clone_flow_key is false, the 'key' will not be change
1540bef7f756Sandy zhou * by the actions, then the 'key' can be used directly.
1541bef7f756Sandy zhou * Otherwise, try to clone key from the next recursion level of
1542bef7f756Sandy zhou * 'flow_keys'. If clone is successful, execute the actions
1543bef7f756Sandy zhou * without deferring.
1544bef7f756Sandy zhou */
1545bef7f756Sandy zhou clone = clone_flow_key ? clone_key(key) : key;
1546bef7f756Sandy zhou if (clone) {
1547bef7f756Sandy zhou int err = 0;
1548bef7f756Sandy zhou
1549bef7f756Sandy zhou if (actions) { /* Sample action */
1550bef7f756Sandy zhou if (clone_flow_key)
1551bef7f756Sandy zhou __this_cpu_inc(exec_actions_level);
1552bef7f756Sandy zhou
1553bef7f756Sandy zhou err = do_execute_actions(dp, skb, clone,
1554bef7f756Sandy zhou actions, len);
1555bef7f756Sandy zhou
1556bef7f756Sandy zhou if (clone_flow_key)
1557bef7f756Sandy zhou __this_cpu_dec(exec_actions_level);
1558bef7f756Sandy zhou } else { /* Recirc action */
1559bef7f756Sandy zhou clone->recirc_id = recirc_id;
1560bef7f756Sandy zhou ovs_dp_process_packet(skb, clone);
1561bef7f756Sandy zhou }
1562bef7f756Sandy zhou return err;
1563bef7f756Sandy zhou }
1564bef7f756Sandy zhou
1565bef7f756Sandy zhou /* Out of 'flow_keys' space. Defer actions */
1566bef7f756Sandy zhou da = add_deferred_actions(skb, key, actions, len);
1567bef7f756Sandy zhou if (da) {
1568bef7f756Sandy zhou if (!actions) { /* Recirc action */
1569bef7f756Sandy zhou key = &da->pkt_key;
1570bef7f756Sandy zhou key->recirc_id = recirc_id;
1571bef7f756Sandy zhou }
1572bef7f756Sandy zhou } else {
1573bef7f756Sandy zhou /* Out of per CPU action FIFO space. Drop the 'skb' and
1574bef7f756Sandy zhou * log an error.
1575bef7f756Sandy zhou */
157643d95b30SAdrian Moreno ovs_kfree_skb_reason(skb, OVS_DROP_DEFERRED_LIMIT);
1577bef7f756Sandy zhou
1578bef7f756Sandy zhou if (net_ratelimit()) {
1579bef7f756Sandy zhou if (actions) { /* Sample action */
1580bef7f756Sandy zhou pr_warn("%s: deferred action limit reached, drop sample action\n",
1581bef7f756Sandy zhou ovs_dp_name(dp));
1582bef7f756Sandy zhou } else { /* Recirc action */
1583ea07af2eSStéphane Graber pr_warn("%s: deferred action limit reached, drop recirc action (recirc_id=%#x)\n",
1584ea07af2eSStéphane Graber ovs_dp_name(dp), recirc_id);
1585bef7f756Sandy zhou }
1586bef7f756Sandy zhou }
1587bef7f756Sandy zhou }
1588bef7f756Sandy zhou return 0;
1589bef7f756Sandy zhou }
1590bef7f756Sandy zhou
process_deferred_actions(struct datapath * dp)1591971427f3SAndy Zhou static void process_deferred_actions(struct datapath *dp)
1592971427f3SAndy Zhou {
1593971427f3SAndy Zhou struct action_fifo *fifo = this_cpu_ptr(action_fifos);
1594971427f3SAndy Zhou
1595971427f3SAndy Zhou /* Do not touch the FIFO in case there is no deferred actions. */
1596971427f3SAndy Zhou if (action_fifo_is_empty(fifo))
1597971427f3SAndy Zhou return;
1598971427f3SAndy Zhou
1599971427f3SAndy Zhou /* Finishing executing all deferred actions. */
1600971427f3SAndy Zhou do {
1601971427f3SAndy Zhou struct deferred_action *da = action_fifo_get(fifo);
1602971427f3SAndy Zhou struct sk_buff *skb = da->skb;
1603971427f3SAndy Zhou struct sw_flow_key *key = &da->pkt_key;
1604971427f3SAndy Zhou const struct nlattr *actions = da->actions;
160547c697aaSandy zhou int actions_len = da->actions_len;
1606971427f3SAndy Zhou
1607971427f3SAndy Zhou if (actions)
160847c697aaSandy zhou do_execute_actions(dp, skb, key, actions, actions_len);
1609971427f3SAndy Zhou else
1610971427f3SAndy Zhou ovs_dp_process_packet(skb, key);
1611971427f3SAndy Zhou } while (!action_fifo_is_empty(fifo));
1612971427f3SAndy Zhou
1613971427f3SAndy Zhou /* Reset FIFO for the next packet. */
1614971427f3SAndy Zhou action_fifo_init(fifo);
1615971427f3SAndy Zhou }
1616971427f3SAndy Zhou
1617ccb1352eSJesse Gross /* Execute a list of actions against 'skb'. */
ovs_execute_actions(struct datapath * dp,struct sk_buff * skb,const struct sw_flow_actions * acts,struct sw_flow_key * key)16182ff3e4e4SPravin B Shelar int ovs_execute_actions(struct datapath *dp, struct sk_buff *skb,
161912eb18f7SThomas Graf const struct sw_flow_actions *acts,
162012eb18f7SThomas Graf struct sw_flow_key *key)
1621ccb1352eSJesse Gross {
1622b064d0d8SHannes Frederic Sowa int err, level;
1623ccb1352eSJesse Gross
1624b064d0d8SHannes Frederic Sowa level = __this_cpu_inc_return(exec_actions_level);
16252679d040SLance Richardson if (unlikely(level > OVS_RECURSION_LIMIT)) {
1626b064d0d8SHannes Frederic Sowa net_crit_ratelimited("ovs: recursion limit reached on datapath %s, probable configuration error\n",
1627b064d0d8SHannes Frederic Sowa ovs_dp_name(dp));
162843d95b30SAdrian Moreno ovs_kfree_skb_reason(skb, OVS_DROP_RECURSION_LIMIT);
1629b064d0d8SHannes Frederic Sowa err = -ENETDOWN;
1630b064d0d8SHannes Frederic Sowa goto out;
1631b064d0d8SHannes Frederic Sowa }
1632b064d0d8SHannes Frederic Sowa
1633494bea39SLiping Zhang OVS_CB(skb)->acts_origlen = acts->orig_len;
1634971427f3SAndy Zhou err = do_execute_actions(dp, skb, key,
16352ff3e4e4SPravin B Shelar acts->actions, acts->actions_len);
1636971427f3SAndy Zhou
1637b064d0d8SHannes Frederic Sowa if (level == 1)
1638971427f3SAndy Zhou process_deferred_actions(dp);
1639971427f3SAndy Zhou
1640b064d0d8SHannes Frederic Sowa out:
1641b064d0d8SHannes Frederic Sowa __this_cpu_dec(exec_actions_level);
1642971427f3SAndy Zhou return err;
1643971427f3SAndy Zhou }
1644971427f3SAndy Zhou
action_fifos_init(void)1645971427f3SAndy Zhou int action_fifos_init(void)
1646971427f3SAndy Zhou {
1647971427f3SAndy Zhou action_fifos = alloc_percpu(struct action_fifo);
1648971427f3SAndy Zhou if (!action_fifos)
1649971427f3SAndy Zhou return -ENOMEM;
1650971427f3SAndy Zhou
16514572ef52Sandy zhou flow_keys = alloc_percpu(struct action_flow_keys);
16524572ef52Sandy zhou if (!flow_keys) {
16532679d040SLance Richardson free_percpu(action_fifos);
16542679d040SLance Richardson return -ENOMEM;
16552679d040SLance Richardson }
16562679d040SLance Richardson
1657971427f3SAndy Zhou return 0;
1658971427f3SAndy Zhou }
1659971427f3SAndy Zhou
action_fifos_exit(void)1660971427f3SAndy Zhou void action_fifos_exit(void)
1661971427f3SAndy Zhou {
1662971427f3SAndy Zhou free_percpu(action_fifos);
16634572ef52Sandy zhou free_percpu(flow_keys);
1664ccb1352eSJesse Gross }
1665