1 /* 2 * Copyright (c) 2007-2014 Nicira, Inc. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of version 2 of the GNU General Public 6 * License as published by the Free Software Foundation. 7 * 8 * This program is distributed in the hope that it will be useful, but 9 * WITHOUT ANY WARRANTY; without even the implied warranty of 10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 11 * General Public License for more details. 12 * 13 * You should have received a copy of the GNU General Public License 14 * along with this program; if not, write to the Free Software 15 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 16 * 02110-1301, USA 17 */ 18 19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 20 21 #include <linux/skbuff.h> 22 #include <linux/in.h> 23 #include <linux/ip.h> 24 #include <linux/openvswitch.h> 25 #include <linux/sctp.h> 26 #include <linux/tcp.h> 27 #include <linux/udp.h> 28 #include <linux/in6.h> 29 #include <linux/if_arp.h> 30 #include <linux/if_vlan.h> 31 #include <net/ip.h> 32 #include <net/ipv6.h> 33 #include <net/checksum.h> 34 #include <net/dsfield.h> 35 #include <net/sctp/checksum.h> 36 37 #include "datapath.h" 38 #include "flow.h" 39 #include "vport.h" 40 41 static int do_execute_actions(struct datapath *dp, struct sk_buff *skb, 42 struct sw_flow_key *key, 43 const struct nlattr *attr, int len); 44 45 struct deferred_action { 46 struct sk_buff *skb; 47 const struct nlattr *actions; 48 49 /* Store pkt_key clone when creating deferred action. */ 50 struct sw_flow_key pkt_key; 51 }; 52 53 #define DEFERRED_ACTION_FIFO_SIZE 10 54 struct action_fifo { 55 int head; 56 int tail; 57 /* Deferred action fifo queue storage. */ 58 struct deferred_action fifo[DEFERRED_ACTION_FIFO_SIZE]; 59 }; 60 61 static struct action_fifo __percpu *action_fifos; 62 static DEFINE_PER_CPU(int, exec_actions_level); 63 64 static void action_fifo_init(struct action_fifo *fifo) 65 { 66 fifo->head = 0; 67 fifo->tail = 0; 68 } 69 70 static bool action_fifo_is_empty(struct action_fifo *fifo) 71 { 72 return (fifo->head == fifo->tail); 73 } 74 75 static struct deferred_action *action_fifo_get(struct action_fifo *fifo) 76 { 77 if (action_fifo_is_empty(fifo)) 78 return NULL; 79 80 return &fifo->fifo[fifo->tail++]; 81 } 82 83 static struct deferred_action *action_fifo_put(struct action_fifo *fifo) 84 { 85 if (fifo->head >= DEFERRED_ACTION_FIFO_SIZE - 1) 86 return NULL; 87 88 return &fifo->fifo[fifo->head++]; 89 } 90 91 /* Return true if fifo is not full */ 92 static struct deferred_action *add_deferred_actions(struct sk_buff *skb, 93 struct sw_flow_key *key, 94 const struct nlattr *attr) 95 { 96 struct action_fifo *fifo; 97 struct deferred_action *da; 98 99 fifo = this_cpu_ptr(action_fifos); 100 da = action_fifo_put(fifo); 101 if (da) { 102 da->skb = skb; 103 da->actions = attr; 104 da->pkt_key = *key; 105 } 106 107 return da; 108 } 109 110 static int make_writable(struct sk_buff *skb, int write_len) 111 { 112 if (!pskb_may_pull(skb, write_len)) 113 return -ENOMEM; 114 115 if (!skb_cloned(skb) || skb_clone_writable(skb, write_len)) 116 return 0; 117 118 return pskb_expand_head(skb, 0, 0, GFP_ATOMIC); 119 } 120 121 /* remove VLAN header from packet and update csum accordingly. */ 122 static int __pop_vlan_tci(struct sk_buff *skb, __be16 *current_tci) 123 { 124 struct vlan_hdr *vhdr; 125 int err; 126 127 err = make_writable(skb, VLAN_ETH_HLEN); 128 if (unlikely(err)) 129 return err; 130 131 if (skb->ip_summed == CHECKSUM_COMPLETE) 132 skb->csum = csum_sub(skb->csum, csum_partial(skb->data 133 + (2 * ETH_ALEN), VLAN_HLEN, 0)); 134 135 vhdr = (struct vlan_hdr *)(skb->data + ETH_HLEN); 136 *current_tci = vhdr->h_vlan_TCI; 137 138 memmove(skb->data + VLAN_HLEN, skb->data, 2 * ETH_ALEN); 139 __skb_pull(skb, VLAN_HLEN); 140 141 vlan_set_encap_proto(skb, vhdr); 142 skb->mac_header += VLAN_HLEN; 143 if (skb_network_offset(skb) < ETH_HLEN) 144 skb_set_network_header(skb, ETH_HLEN); 145 skb_reset_mac_len(skb); 146 147 return 0; 148 } 149 150 static int pop_vlan(struct sk_buff *skb) 151 { 152 __be16 tci; 153 int err; 154 155 if (likely(vlan_tx_tag_present(skb))) { 156 skb->vlan_tci = 0; 157 } else { 158 if (unlikely(skb->protocol != htons(ETH_P_8021Q) || 159 skb->len < VLAN_ETH_HLEN)) 160 return 0; 161 162 err = __pop_vlan_tci(skb, &tci); 163 if (err) 164 return err; 165 } 166 /* move next vlan tag to hw accel tag */ 167 if (likely(skb->protocol != htons(ETH_P_8021Q) || 168 skb->len < VLAN_ETH_HLEN)) 169 return 0; 170 171 err = __pop_vlan_tci(skb, &tci); 172 if (unlikely(err)) 173 return err; 174 175 __vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q), ntohs(tci)); 176 return 0; 177 } 178 179 static int push_vlan(struct sk_buff *skb, const struct ovs_action_push_vlan *vlan) 180 { 181 if (unlikely(vlan_tx_tag_present(skb))) { 182 u16 current_tag; 183 184 /* push down current VLAN tag */ 185 current_tag = vlan_tx_tag_get(skb); 186 187 if (!__vlan_put_tag(skb, skb->vlan_proto, current_tag)) 188 return -ENOMEM; 189 190 if (skb->ip_summed == CHECKSUM_COMPLETE) 191 skb->csum = csum_add(skb->csum, csum_partial(skb->data 192 + (2 * ETH_ALEN), VLAN_HLEN, 0)); 193 194 } 195 __vlan_hwaccel_put_tag(skb, vlan->vlan_tpid, ntohs(vlan->vlan_tci) & ~VLAN_TAG_PRESENT); 196 return 0; 197 } 198 199 static int set_eth_addr(struct sk_buff *skb, 200 const struct ovs_key_ethernet *eth_key) 201 { 202 int err; 203 err = make_writable(skb, ETH_HLEN); 204 if (unlikely(err)) 205 return err; 206 207 skb_postpull_rcsum(skb, eth_hdr(skb), ETH_ALEN * 2); 208 209 ether_addr_copy(eth_hdr(skb)->h_source, eth_key->eth_src); 210 ether_addr_copy(eth_hdr(skb)->h_dest, eth_key->eth_dst); 211 212 ovs_skb_postpush_rcsum(skb, eth_hdr(skb), ETH_ALEN * 2); 213 214 return 0; 215 } 216 217 static void set_ip_addr(struct sk_buff *skb, struct iphdr *nh, 218 __be32 *addr, __be32 new_addr) 219 { 220 int transport_len = skb->len - skb_transport_offset(skb); 221 222 if (nh->protocol == IPPROTO_TCP) { 223 if (likely(transport_len >= sizeof(struct tcphdr))) 224 inet_proto_csum_replace4(&tcp_hdr(skb)->check, skb, 225 *addr, new_addr, 1); 226 } else if (nh->protocol == IPPROTO_UDP) { 227 if (likely(transport_len >= sizeof(struct udphdr))) { 228 struct udphdr *uh = udp_hdr(skb); 229 230 if (uh->check || skb->ip_summed == CHECKSUM_PARTIAL) { 231 inet_proto_csum_replace4(&uh->check, skb, 232 *addr, new_addr, 1); 233 if (!uh->check) 234 uh->check = CSUM_MANGLED_0; 235 } 236 } 237 } 238 239 csum_replace4(&nh->check, *addr, new_addr); 240 skb_clear_hash(skb); 241 *addr = new_addr; 242 } 243 244 static void update_ipv6_checksum(struct sk_buff *skb, u8 l4_proto, 245 __be32 addr[4], const __be32 new_addr[4]) 246 { 247 int transport_len = skb->len - skb_transport_offset(skb); 248 249 if (l4_proto == IPPROTO_TCP) { 250 if (likely(transport_len >= sizeof(struct tcphdr))) 251 inet_proto_csum_replace16(&tcp_hdr(skb)->check, skb, 252 addr, new_addr, 1); 253 } else if (l4_proto == IPPROTO_UDP) { 254 if (likely(transport_len >= sizeof(struct udphdr))) { 255 struct udphdr *uh = udp_hdr(skb); 256 257 if (uh->check || skb->ip_summed == CHECKSUM_PARTIAL) { 258 inet_proto_csum_replace16(&uh->check, skb, 259 addr, new_addr, 1); 260 if (!uh->check) 261 uh->check = CSUM_MANGLED_0; 262 } 263 } 264 } 265 } 266 267 static void set_ipv6_addr(struct sk_buff *skb, u8 l4_proto, 268 __be32 addr[4], const __be32 new_addr[4], 269 bool recalculate_csum) 270 { 271 if (recalculate_csum) 272 update_ipv6_checksum(skb, l4_proto, addr, new_addr); 273 274 skb_clear_hash(skb); 275 memcpy(addr, new_addr, sizeof(__be32[4])); 276 } 277 278 static void set_ipv6_tc(struct ipv6hdr *nh, u8 tc) 279 { 280 nh->priority = tc >> 4; 281 nh->flow_lbl[0] = (nh->flow_lbl[0] & 0x0F) | ((tc & 0x0F) << 4); 282 } 283 284 static void set_ipv6_fl(struct ipv6hdr *nh, u32 fl) 285 { 286 nh->flow_lbl[0] = (nh->flow_lbl[0] & 0xF0) | (fl & 0x000F0000) >> 16; 287 nh->flow_lbl[1] = (fl & 0x0000FF00) >> 8; 288 nh->flow_lbl[2] = fl & 0x000000FF; 289 } 290 291 static void set_ip_ttl(struct sk_buff *skb, struct iphdr *nh, u8 new_ttl) 292 { 293 csum_replace2(&nh->check, htons(nh->ttl << 8), htons(new_ttl << 8)); 294 nh->ttl = new_ttl; 295 } 296 297 static int set_ipv4(struct sk_buff *skb, const struct ovs_key_ipv4 *ipv4_key) 298 { 299 struct iphdr *nh; 300 int err; 301 302 err = make_writable(skb, skb_network_offset(skb) + 303 sizeof(struct iphdr)); 304 if (unlikely(err)) 305 return err; 306 307 nh = ip_hdr(skb); 308 309 if (ipv4_key->ipv4_src != nh->saddr) 310 set_ip_addr(skb, nh, &nh->saddr, ipv4_key->ipv4_src); 311 312 if (ipv4_key->ipv4_dst != nh->daddr) 313 set_ip_addr(skb, nh, &nh->daddr, ipv4_key->ipv4_dst); 314 315 if (ipv4_key->ipv4_tos != nh->tos) 316 ipv4_change_dsfield(nh, 0, ipv4_key->ipv4_tos); 317 318 if (ipv4_key->ipv4_ttl != nh->ttl) 319 set_ip_ttl(skb, nh, ipv4_key->ipv4_ttl); 320 321 return 0; 322 } 323 324 static int set_ipv6(struct sk_buff *skb, const struct ovs_key_ipv6 *ipv6_key) 325 { 326 struct ipv6hdr *nh; 327 int err; 328 __be32 *saddr; 329 __be32 *daddr; 330 331 err = make_writable(skb, skb_network_offset(skb) + 332 sizeof(struct ipv6hdr)); 333 if (unlikely(err)) 334 return err; 335 336 nh = ipv6_hdr(skb); 337 saddr = (__be32 *)&nh->saddr; 338 daddr = (__be32 *)&nh->daddr; 339 340 if (memcmp(ipv6_key->ipv6_src, saddr, sizeof(ipv6_key->ipv6_src))) 341 set_ipv6_addr(skb, ipv6_key->ipv6_proto, saddr, 342 ipv6_key->ipv6_src, true); 343 344 if (memcmp(ipv6_key->ipv6_dst, daddr, sizeof(ipv6_key->ipv6_dst))) { 345 unsigned int offset = 0; 346 int flags = IP6_FH_F_SKIP_RH; 347 bool recalc_csum = true; 348 349 if (ipv6_ext_hdr(nh->nexthdr)) 350 recalc_csum = ipv6_find_hdr(skb, &offset, 351 NEXTHDR_ROUTING, NULL, 352 &flags) != NEXTHDR_ROUTING; 353 354 set_ipv6_addr(skb, ipv6_key->ipv6_proto, daddr, 355 ipv6_key->ipv6_dst, recalc_csum); 356 } 357 358 set_ipv6_tc(nh, ipv6_key->ipv6_tclass); 359 set_ipv6_fl(nh, ntohl(ipv6_key->ipv6_label)); 360 nh->hop_limit = ipv6_key->ipv6_hlimit; 361 362 return 0; 363 } 364 365 /* Must follow make_writable() since that can move the skb data. */ 366 static void set_tp_port(struct sk_buff *skb, __be16 *port, 367 __be16 new_port, __sum16 *check) 368 { 369 inet_proto_csum_replace2(check, skb, *port, new_port, 0); 370 *port = new_port; 371 skb_clear_hash(skb); 372 } 373 374 static void set_udp_port(struct sk_buff *skb, __be16 *port, __be16 new_port) 375 { 376 struct udphdr *uh = udp_hdr(skb); 377 378 if (uh->check && skb->ip_summed != CHECKSUM_PARTIAL) { 379 set_tp_port(skb, port, new_port, &uh->check); 380 381 if (!uh->check) 382 uh->check = CSUM_MANGLED_0; 383 } else { 384 *port = new_port; 385 skb_clear_hash(skb); 386 } 387 } 388 389 static int set_udp(struct sk_buff *skb, const struct ovs_key_udp *udp_port_key) 390 { 391 struct udphdr *uh; 392 int err; 393 394 err = make_writable(skb, skb_transport_offset(skb) + 395 sizeof(struct udphdr)); 396 if (unlikely(err)) 397 return err; 398 399 uh = udp_hdr(skb); 400 if (udp_port_key->udp_src != uh->source) 401 set_udp_port(skb, &uh->source, udp_port_key->udp_src); 402 403 if (udp_port_key->udp_dst != uh->dest) 404 set_udp_port(skb, &uh->dest, udp_port_key->udp_dst); 405 406 return 0; 407 } 408 409 static int set_tcp(struct sk_buff *skb, const struct ovs_key_tcp *tcp_port_key) 410 { 411 struct tcphdr *th; 412 int err; 413 414 err = make_writable(skb, skb_transport_offset(skb) + 415 sizeof(struct tcphdr)); 416 if (unlikely(err)) 417 return err; 418 419 th = tcp_hdr(skb); 420 if (tcp_port_key->tcp_src != th->source) 421 set_tp_port(skb, &th->source, tcp_port_key->tcp_src, &th->check); 422 423 if (tcp_port_key->tcp_dst != th->dest) 424 set_tp_port(skb, &th->dest, tcp_port_key->tcp_dst, &th->check); 425 426 return 0; 427 } 428 429 static int set_sctp(struct sk_buff *skb, 430 const struct ovs_key_sctp *sctp_port_key) 431 { 432 struct sctphdr *sh; 433 int err; 434 unsigned int sctphoff = skb_transport_offset(skb); 435 436 err = make_writable(skb, sctphoff + sizeof(struct sctphdr)); 437 if (unlikely(err)) 438 return err; 439 440 sh = sctp_hdr(skb); 441 if (sctp_port_key->sctp_src != sh->source || 442 sctp_port_key->sctp_dst != sh->dest) { 443 __le32 old_correct_csum, new_csum, old_csum; 444 445 old_csum = sh->checksum; 446 old_correct_csum = sctp_compute_cksum(skb, sctphoff); 447 448 sh->source = sctp_port_key->sctp_src; 449 sh->dest = sctp_port_key->sctp_dst; 450 451 new_csum = sctp_compute_cksum(skb, sctphoff); 452 453 /* Carry any checksum errors through. */ 454 sh->checksum = old_csum ^ old_correct_csum ^ new_csum; 455 456 skb_clear_hash(skb); 457 } 458 459 return 0; 460 } 461 462 static int do_output(struct datapath *dp, struct sk_buff *skb, int out_port) 463 { 464 struct vport *vport; 465 466 if (unlikely(!skb)) 467 return -ENOMEM; 468 469 vport = ovs_vport_rcu(dp, out_port); 470 if (unlikely(!vport)) { 471 kfree_skb(skb); 472 return -ENODEV; 473 } 474 475 ovs_vport_send(vport, skb); 476 return 0; 477 } 478 479 static int output_userspace(struct datapath *dp, struct sk_buff *skb, 480 struct sw_flow_key *key, const struct nlattr *attr) 481 { 482 struct dp_upcall_info upcall; 483 const struct nlattr *a; 484 int rem; 485 486 upcall.cmd = OVS_PACKET_CMD_ACTION; 487 upcall.key = key; 488 upcall.userdata = NULL; 489 upcall.portid = 0; 490 491 for (a = nla_data(attr), rem = nla_len(attr); rem > 0; 492 a = nla_next(a, &rem)) { 493 switch (nla_type(a)) { 494 case OVS_USERSPACE_ATTR_USERDATA: 495 upcall.userdata = a; 496 break; 497 498 case OVS_USERSPACE_ATTR_PID: 499 upcall.portid = nla_get_u32(a); 500 break; 501 } 502 } 503 504 return ovs_dp_upcall(dp, skb, &upcall); 505 } 506 507 static bool last_action(const struct nlattr *a, int rem) 508 { 509 return a->nla_len == rem; 510 } 511 512 static int sample(struct datapath *dp, struct sk_buff *skb, 513 struct sw_flow_key *key, const struct nlattr *attr) 514 { 515 const struct nlattr *acts_list = NULL; 516 const struct nlattr *a; 517 int rem; 518 519 for (a = nla_data(attr), rem = nla_len(attr); rem > 0; 520 a = nla_next(a, &rem)) { 521 switch (nla_type(a)) { 522 case OVS_SAMPLE_ATTR_PROBABILITY: 523 if (prandom_u32() >= nla_get_u32(a)) 524 return 0; 525 break; 526 527 case OVS_SAMPLE_ATTR_ACTIONS: 528 acts_list = a; 529 break; 530 } 531 } 532 533 rem = nla_len(acts_list); 534 a = nla_data(acts_list); 535 536 /* Actions list is empty, do nothing */ 537 if (unlikely(!rem)) 538 return 0; 539 540 /* The only known usage of sample action is having a single user-space 541 * action. Treat this usage as a special case. 542 * The output_userspace() should clone the skb to be sent to the 543 * user space. This skb will be consumed by its caller. 544 */ 545 if (likely(nla_type(a) == OVS_ACTION_ATTR_USERSPACE && 546 last_action(a, rem))) 547 return output_userspace(dp, skb, key, a); 548 549 skb = skb_clone(skb, GFP_ATOMIC); 550 if (!skb) 551 /* Skip the sample action when out of memory. */ 552 return 0; 553 554 if (!add_deferred_actions(skb, key, a)) { 555 if (net_ratelimit()) 556 pr_warn("%s: deferred actions limit reached, dropping sample action\n", 557 ovs_dp_name(dp)); 558 559 kfree_skb(skb); 560 } 561 return 0; 562 } 563 564 static void execute_hash(struct sk_buff *skb, struct sw_flow_key *key, 565 const struct nlattr *attr) 566 { 567 struct ovs_action_hash *hash_act = nla_data(attr); 568 u32 hash = 0; 569 570 /* OVS_HASH_ALG_L4 is the only possible hash algorithm. */ 571 hash = skb_get_hash(skb); 572 hash = jhash_1word(hash, hash_act->hash_basis); 573 if (!hash) 574 hash = 0x1; 575 576 key->ovs_flow_hash = hash; 577 } 578 579 static int execute_set_action(struct sk_buff *skb, 580 const struct nlattr *nested_attr) 581 { 582 int err = 0; 583 584 switch (nla_type(nested_attr)) { 585 case OVS_KEY_ATTR_PRIORITY: 586 skb->priority = nla_get_u32(nested_attr); 587 break; 588 589 case OVS_KEY_ATTR_SKB_MARK: 590 skb->mark = nla_get_u32(nested_attr); 591 break; 592 593 case OVS_KEY_ATTR_TUNNEL_INFO: 594 OVS_CB(skb)->egress_tun_info = nla_data(nested_attr); 595 break; 596 597 case OVS_KEY_ATTR_ETHERNET: 598 err = set_eth_addr(skb, nla_data(nested_attr)); 599 break; 600 601 case OVS_KEY_ATTR_IPV4: 602 err = set_ipv4(skb, nla_data(nested_attr)); 603 break; 604 605 case OVS_KEY_ATTR_IPV6: 606 err = set_ipv6(skb, nla_data(nested_attr)); 607 break; 608 609 case OVS_KEY_ATTR_TCP: 610 err = set_tcp(skb, nla_data(nested_attr)); 611 break; 612 613 case OVS_KEY_ATTR_UDP: 614 err = set_udp(skb, nla_data(nested_attr)); 615 break; 616 617 case OVS_KEY_ATTR_SCTP: 618 err = set_sctp(skb, nla_data(nested_attr)); 619 break; 620 } 621 622 return err; 623 } 624 625 static int execute_recirc(struct datapath *dp, struct sk_buff *skb, 626 struct sw_flow_key *key, 627 const struct nlattr *a, int rem) 628 { 629 struct deferred_action *da; 630 int err; 631 632 err = ovs_flow_key_update(skb, key); 633 if (err) 634 return err; 635 636 if (!last_action(a, rem)) { 637 /* Recirc action is the not the last action 638 * of the action list, need to clone the skb. 639 */ 640 skb = skb_clone(skb, GFP_ATOMIC); 641 642 /* Skip the recirc action when out of memory, but 643 * continue on with the rest of the action list. 644 */ 645 if (!skb) 646 return 0; 647 } 648 649 da = add_deferred_actions(skb, key, NULL); 650 if (da) { 651 da->pkt_key.recirc_id = nla_get_u32(a); 652 } else { 653 kfree_skb(skb); 654 655 if (net_ratelimit()) 656 pr_warn("%s: deferred action limit reached, drop recirc action\n", 657 ovs_dp_name(dp)); 658 } 659 660 return 0; 661 } 662 663 /* Execute a list of actions against 'skb'. */ 664 static int do_execute_actions(struct datapath *dp, struct sk_buff *skb, 665 struct sw_flow_key *key, 666 const struct nlattr *attr, int len) 667 { 668 /* Every output action needs a separate clone of 'skb', but the common 669 * case is just a single output action, so that doing a clone and 670 * then freeing the original skbuff is wasteful. So the following code 671 * is slightly obscure just to avoid that. */ 672 int prev_port = -1; 673 const struct nlattr *a; 674 int rem; 675 676 for (a = attr, rem = len; rem > 0; 677 a = nla_next(a, &rem)) { 678 int err = 0; 679 680 if (prev_port != -1) { 681 do_output(dp, skb_clone(skb, GFP_ATOMIC), prev_port); 682 prev_port = -1; 683 } 684 685 switch (nla_type(a)) { 686 case OVS_ACTION_ATTR_OUTPUT: 687 prev_port = nla_get_u32(a); 688 break; 689 690 case OVS_ACTION_ATTR_USERSPACE: 691 output_userspace(dp, skb, key, a); 692 break; 693 694 case OVS_ACTION_ATTR_HASH: 695 execute_hash(skb, key, a); 696 break; 697 698 case OVS_ACTION_ATTR_PUSH_VLAN: 699 err = push_vlan(skb, nla_data(a)); 700 if (unlikely(err)) /* skb already freed. */ 701 return err; 702 break; 703 704 case OVS_ACTION_ATTR_POP_VLAN: 705 err = pop_vlan(skb); 706 break; 707 708 case OVS_ACTION_ATTR_RECIRC: 709 err = execute_recirc(dp, skb, key, a, rem); 710 if (last_action(a, rem)) { 711 /* If this is the last action, the skb has 712 * been consumed or freed. 713 * Return immediately. 714 */ 715 return err; 716 } 717 break; 718 719 case OVS_ACTION_ATTR_SET: 720 err = execute_set_action(skb, nla_data(a)); 721 break; 722 723 case OVS_ACTION_ATTR_SAMPLE: 724 err = sample(dp, skb, key, a); 725 if (unlikely(err)) /* skb already freed. */ 726 return err; 727 break; 728 } 729 730 if (unlikely(err)) { 731 kfree_skb(skb); 732 return err; 733 } 734 } 735 736 if (prev_port != -1) 737 do_output(dp, skb, prev_port); 738 else 739 consume_skb(skb); 740 741 return 0; 742 } 743 744 static void process_deferred_actions(struct datapath *dp) 745 { 746 struct action_fifo *fifo = this_cpu_ptr(action_fifos); 747 748 /* Do not touch the FIFO in case there is no deferred actions. */ 749 if (action_fifo_is_empty(fifo)) 750 return; 751 752 /* Finishing executing all deferred actions. */ 753 do { 754 struct deferred_action *da = action_fifo_get(fifo); 755 struct sk_buff *skb = da->skb; 756 struct sw_flow_key *key = &da->pkt_key; 757 const struct nlattr *actions = da->actions; 758 759 if (actions) 760 do_execute_actions(dp, skb, key, actions, 761 nla_len(actions)); 762 else 763 ovs_dp_process_packet(skb, key); 764 } while (!action_fifo_is_empty(fifo)); 765 766 /* Reset FIFO for the next packet. */ 767 action_fifo_init(fifo); 768 } 769 770 /* Execute a list of actions against 'skb'. */ 771 int ovs_execute_actions(struct datapath *dp, struct sk_buff *skb, 772 struct sw_flow_key *key) 773 { 774 int level = this_cpu_read(exec_actions_level); 775 struct sw_flow_actions *acts; 776 int err; 777 778 acts = rcu_dereference(OVS_CB(skb)->flow->sf_acts); 779 780 this_cpu_inc(exec_actions_level); 781 OVS_CB(skb)->egress_tun_info = NULL; 782 err = do_execute_actions(dp, skb, key, 783 acts->actions, acts->actions_len); 784 785 if (!level) 786 process_deferred_actions(dp); 787 788 this_cpu_dec(exec_actions_level); 789 return err; 790 } 791 792 int action_fifos_init(void) 793 { 794 action_fifos = alloc_percpu(struct action_fifo); 795 if (!action_fifos) 796 return -ENOMEM; 797 798 return 0; 799 } 800 801 void action_fifos_exit(void) 802 { 803 free_percpu(action_fifos); 804 } 805