xref: /openbmc/linux/net/openvswitch/actions.c (revision 6774def6)
1 /*
2  * Copyright (c) 2007-2014 Nicira, Inc.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of version 2 of the GNU General Public
6  * License as published by the Free Software Foundation.
7  *
8  * This program is distributed in the hope that it will be useful, but
9  * WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11  * General Public License for more details.
12  *
13  * You should have received a copy of the GNU General Public License
14  * along with this program; if not, write to the Free Software
15  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
16  * 02110-1301, USA
17  */
18 
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
20 
21 #include <linux/skbuff.h>
22 #include <linux/in.h>
23 #include <linux/ip.h>
24 #include <linux/openvswitch.h>
25 #include <linux/sctp.h>
26 #include <linux/tcp.h>
27 #include <linux/udp.h>
28 #include <linux/in6.h>
29 #include <linux/if_arp.h>
30 #include <linux/if_vlan.h>
31 #include <net/ip.h>
32 #include <net/ipv6.h>
33 #include <net/checksum.h>
34 #include <net/dsfield.h>
35 #include <net/sctp/checksum.h>
36 
37 #include "datapath.h"
38 #include "flow.h"
39 #include "vport.h"
40 
41 static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
42 			      struct sw_flow_key *key,
43 			      const struct nlattr *attr, int len);
44 
45 struct deferred_action {
46 	struct sk_buff *skb;
47 	const struct nlattr *actions;
48 
49 	/* Store pkt_key clone when creating deferred action. */
50 	struct sw_flow_key pkt_key;
51 };
52 
53 #define DEFERRED_ACTION_FIFO_SIZE 10
54 struct action_fifo {
55 	int head;
56 	int tail;
57 	/* Deferred action fifo queue storage. */
58 	struct deferred_action fifo[DEFERRED_ACTION_FIFO_SIZE];
59 };
60 
61 static struct action_fifo __percpu *action_fifos;
62 static DEFINE_PER_CPU(int, exec_actions_level);
63 
64 static void action_fifo_init(struct action_fifo *fifo)
65 {
66 	fifo->head = 0;
67 	fifo->tail = 0;
68 }
69 
70 static bool action_fifo_is_empty(struct action_fifo *fifo)
71 {
72 	return (fifo->head == fifo->tail);
73 }
74 
75 static struct deferred_action *action_fifo_get(struct action_fifo *fifo)
76 {
77 	if (action_fifo_is_empty(fifo))
78 		return NULL;
79 
80 	return &fifo->fifo[fifo->tail++];
81 }
82 
83 static struct deferred_action *action_fifo_put(struct action_fifo *fifo)
84 {
85 	if (fifo->head >= DEFERRED_ACTION_FIFO_SIZE - 1)
86 		return NULL;
87 
88 	return &fifo->fifo[fifo->head++];
89 }
90 
91 /* Return true if fifo is not full */
92 static struct deferred_action *add_deferred_actions(struct sk_buff *skb,
93 						    struct sw_flow_key *key,
94 						    const struct nlattr *attr)
95 {
96 	struct action_fifo *fifo;
97 	struct deferred_action *da;
98 
99 	fifo = this_cpu_ptr(action_fifos);
100 	da = action_fifo_put(fifo);
101 	if (da) {
102 		da->skb = skb;
103 		da->actions = attr;
104 		da->pkt_key = *key;
105 	}
106 
107 	return da;
108 }
109 
110 static int make_writable(struct sk_buff *skb, int write_len)
111 {
112 	if (!pskb_may_pull(skb, write_len))
113 		return -ENOMEM;
114 
115 	if (!skb_cloned(skb) || skb_clone_writable(skb, write_len))
116 		return 0;
117 
118 	return pskb_expand_head(skb, 0, 0, GFP_ATOMIC);
119 }
120 
121 /* remove VLAN header from packet and update csum accordingly. */
122 static int __pop_vlan_tci(struct sk_buff *skb, __be16 *current_tci)
123 {
124 	struct vlan_hdr *vhdr;
125 	int err;
126 
127 	err = make_writable(skb, VLAN_ETH_HLEN);
128 	if (unlikely(err))
129 		return err;
130 
131 	if (skb->ip_summed == CHECKSUM_COMPLETE)
132 		skb->csum = csum_sub(skb->csum, csum_partial(skb->data
133 					+ (2 * ETH_ALEN), VLAN_HLEN, 0));
134 
135 	vhdr = (struct vlan_hdr *)(skb->data + ETH_HLEN);
136 	*current_tci = vhdr->h_vlan_TCI;
137 
138 	memmove(skb->data + VLAN_HLEN, skb->data, 2 * ETH_ALEN);
139 	__skb_pull(skb, VLAN_HLEN);
140 
141 	vlan_set_encap_proto(skb, vhdr);
142 	skb->mac_header += VLAN_HLEN;
143 	if (skb_network_offset(skb) < ETH_HLEN)
144 		skb_set_network_header(skb, ETH_HLEN);
145 	skb_reset_mac_len(skb);
146 
147 	return 0;
148 }
149 
150 static int pop_vlan(struct sk_buff *skb)
151 {
152 	__be16 tci;
153 	int err;
154 
155 	if (likely(vlan_tx_tag_present(skb))) {
156 		skb->vlan_tci = 0;
157 	} else {
158 		if (unlikely(skb->protocol != htons(ETH_P_8021Q) ||
159 			     skb->len < VLAN_ETH_HLEN))
160 			return 0;
161 
162 		err = __pop_vlan_tci(skb, &tci);
163 		if (err)
164 			return err;
165 	}
166 	/* move next vlan tag to hw accel tag */
167 	if (likely(skb->protocol != htons(ETH_P_8021Q) ||
168 		   skb->len < VLAN_ETH_HLEN))
169 		return 0;
170 
171 	err = __pop_vlan_tci(skb, &tci);
172 	if (unlikely(err))
173 		return err;
174 
175 	__vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q), ntohs(tci));
176 	return 0;
177 }
178 
179 static int push_vlan(struct sk_buff *skb, const struct ovs_action_push_vlan *vlan)
180 {
181 	if (unlikely(vlan_tx_tag_present(skb))) {
182 		u16 current_tag;
183 
184 		/* push down current VLAN tag */
185 		current_tag = vlan_tx_tag_get(skb);
186 
187 		if (!__vlan_put_tag(skb, skb->vlan_proto, current_tag))
188 			return -ENOMEM;
189 
190 		if (skb->ip_summed == CHECKSUM_COMPLETE)
191 			skb->csum = csum_add(skb->csum, csum_partial(skb->data
192 					+ (2 * ETH_ALEN), VLAN_HLEN, 0));
193 
194 	}
195 	__vlan_hwaccel_put_tag(skb, vlan->vlan_tpid, ntohs(vlan->vlan_tci) & ~VLAN_TAG_PRESENT);
196 	return 0;
197 }
198 
199 static int set_eth_addr(struct sk_buff *skb,
200 			const struct ovs_key_ethernet *eth_key)
201 {
202 	int err;
203 	err = make_writable(skb, ETH_HLEN);
204 	if (unlikely(err))
205 		return err;
206 
207 	skb_postpull_rcsum(skb, eth_hdr(skb), ETH_ALEN * 2);
208 
209 	ether_addr_copy(eth_hdr(skb)->h_source, eth_key->eth_src);
210 	ether_addr_copy(eth_hdr(skb)->h_dest, eth_key->eth_dst);
211 
212 	ovs_skb_postpush_rcsum(skb, eth_hdr(skb), ETH_ALEN * 2);
213 
214 	return 0;
215 }
216 
217 static void set_ip_addr(struct sk_buff *skb, struct iphdr *nh,
218 				__be32 *addr, __be32 new_addr)
219 {
220 	int transport_len = skb->len - skb_transport_offset(skb);
221 
222 	if (nh->protocol == IPPROTO_TCP) {
223 		if (likely(transport_len >= sizeof(struct tcphdr)))
224 			inet_proto_csum_replace4(&tcp_hdr(skb)->check, skb,
225 						 *addr, new_addr, 1);
226 	} else if (nh->protocol == IPPROTO_UDP) {
227 		if (likely(transport_len >= sizeof(struct udphdr))) {
228 			struct udphdr *uh = udp_hdr(skb);
229 
230 			if (uh->check || skb->ip_summed == CHECKSUM_PARTIAL) {
231 				inet_proto_csum_replace4(&uh->check, skb,
232 							 *addr, new_addr, 1);
233 				if (!uh->check)
234 					uh->check = CSUM_MANGLED_0;
235 			}
236 		}
237 	}
238 
239 	csum_replace4(&nh->check, *addr, new_addr);
240 	skb_clear_hash(skb);
241 	*addr = new_addr;
242 }
243 
244 static void update_ipv6_checksum(struct sk_buff *skb, u8 l4_proto,
245 				 __be32 addr[4], const __be32 new_addr[4])
246 {
247 	int transport_len = skb->len - skb_transport_offset(skb);
248 
249 	if (l4_proto == IPPROTO_TCP) {
250 		if (likely(transport_len >= sizeof(struct tcphdr)))
251 			inet_proto_csum_replace16(&tcp_hdr(skb)->check, skb,
252 						  addr, new_addr, 1);
253 	} else if (l4_proto == IPPROTO_UDP) {
254 		if (likely(transport_len >= sizeof(struct udphdr))) {
255 			struct udphdr *uh = udp_hdr(skb);
256 
257 			if (uh->check || skb->ip_summed == CHECKSUM_PARTIAL) {
258 				inet_proto_csum_replace16(&uh->check, skb,
259 							  addr, new_addr, 1);
260 				if (!uh->check)
261 					uh->check = CSUM_MANGLED_0;
262 			}
263 		}
264 	}
265 }
266 
267 static void set_ipv6_addr(struct sk_buff *skb, u8 l4_proto,
268 			  __be32 addr[4], const __be32 new_addr[4],
269 			  bool recalculate_csum)
270 {
271 	if (recalculate_csum)
272 		update_ipv6_checksum(skb, l4_proto, addr, new_addr);
273 
274 	skb_clear_hash(skb);
275 	memcpy(addr, new_addr, sizeof(__be32[4]));
276 }
277 
278 static void set_ipv6_tc(struct ipv6hdr *nh, u8 tc)
279 {
280 	nh->priority = tc >> 4;
281 	nh->flow_lbl[0] = (nh->flow_lbl[0] & 0x0F) | ((tc & 0x0F) << 4);
282 }
283 
284 static void set_ipv6_fl(struct ipv6hdr *nh, u32 fl)
285 {
286 	nh->flow_lbl[0] = (nh->flow_lbl[0] & 0xF0) | (fl & 0x000F0000) >> 16;
287 	nh->flow_lbl[1] = (fl & 0x0000FF00) >> 8;
288 	nh->flow_lbl[2] = fl & 0x000000FF;
289 }
290 
291 static void set_ip_ttl(struct sk_buff *skb, struct iphdr *nh, u8 new_ttl)
292 {
293 	csum_replace2(&nh->check, htons(nh->ttl << 8), htons(new_ttl << 8));
294 	nh->ttl = new_ttl;
295 }
296 
297 static int set_ipv4(struct sk_buff *skb, const struct ovs_key_ipv4 *ipv4_key)
298 {
299 	struct iphdr *nh;
300 	int err;
301 
302 	err = make_writable(skb, skb_network_offset(skb) +
303 				 sizeof(struct iphdr));
304 	if (unlikely(err))
305 		return err;
306 
307 	nh = ip_hdr(skb);
308 
309 	if (ipv4_key->ipv4_src != nh->saddr)
310 		set_ip_addr(skb, nh, &nh->saddr, ipv4_key->ipv4_src);
311 
312 	if (ipv4_key->ipv4_dst != nh->daddr)
313 		set_ip_addr(skb, nh, &nh->daddr, ipv4_key->ipv4_dst);
314 
315 	if (ipv4_key->ipv4_tos != nh->tos)
316 		ipv4_change_dsfield(nh, 0, ipv4_key->ipv4_tos);
317 
318 	if (ipv4_key->ipv4_ttl != nh->ttl)
319 		set_ip_ttl(skb, nh, ipv4_key->ipv4_ttl);
320 
321 	return 0;
322 }
323 
324 static int set_ipv6(struct sk_buff *skb, const struct ovs_key_ipv6 *ipv6_key)
325 {
326 	struct ipv6hdr *nh;
327 	int err;
328 	__be32 *saddr;
329 	__be32 *daddr;
330 
331 	err = make_writable(skb, skb_network_offset(skb) +
332 			    sizeof(struct ipv6hdr));
333 	if (unlikely(err))
334 		return err;
335 
336 	nh = ipv6_hdr(skb);
337 	saddr = (__be32 *)&nh->saddr;
338 	daddr = (__be32 *)&nh->daddr;
339 
340 	if (memcmp(ipv6_key->ipv6_src, saddr, sizeof(ipv6_key->ipv6_src)))
341 		set_ipv6_addr(skb, ipv6_key->ipv6_proto, saddr,
342 			      ipv6_key->ipv6_src, true);
343 
344 	if (memcmp(ipv6_key->ipv6_dst, daddr, sizeof(ipv6_key->ipv6_dst))) {
345 		unsigned int offset = 0;
346 		int flags = IP6_FH_F_SKIP_RH;
347 		bool recalc_csum = true;
348 
349 		if (ipv6_ext_hdr(nh->nexthdr))
350 			recalc_csum = ipv6_find_hdr(skb, &offset,
351 						    NEXTHDR_ROUTING, NULL,
352 						    &flags) != NEXTHDR_ROUTING;
353 
354 		set_ipv6_addr(skb, ipv6_key->ipv6_proto, daddr,
355 			      ipv6_key->ipv6_dst, recalc_csum);
356 	}
357 
358 	set_ipv6_tc(nh, ipv6_key->ipv6_tclass);
359 	set_ipv6_fl(nh, ntohl(ipv6_key->ipv6_label));
360 	nh->hop_limit = ipv6_key->ipv6_hlimit;
361 
362 	return 0;
363 }
364 
365 /* Must follow make_writable() since that can move the skb data. */
366 static void set_tp_port(struct sk_buff *skb, __be16 *port,
367 			 __be16 new_port, __sum16 *check)
368 {
369 	inet_proto_csum_replace2(check, skb, *port, new_port, 0);
370 	*port = new_port;
371 	skb_clear_hash(skb);
372 }
373 
374 static void set_udp_port(struct sk_buff *skb, __be16 *port, __be16 new_port)
375 {
376 	struct udphdr *uh = udp_hdr(skb);
377 
378 	if (uh->check && skb->ip_summed != CHECKSUM_PARTIAL) {
379 		set_tp_port(skb, port, new_port, &uh->check);
380 
381 		if (!uh->check)
382 			uh->check = CSUM_MANGLED_0;
383 	} else {
384 		*port = new_port;
385 		skb_clear_hash(skb);
386 	}
387 }
388 
389 static int set_udp(struct sk_buff *skb, const struct ovs_key_udp *udp_port_key)
390 {
391 	struct udphdr *uh;
392 	int err;
393 
394 	err = make_writable(skb, skb_transport_offset(skb) +
395 				 sizeof(struct udphdr));
396 	if (unlikely(err))
397 		return err;
398 
399 	uh = udp_hdr(skb);
400 	if (udp_port_key->udp_src != uh->source)
401 		set_udp_port(skb, &uh->source, udp_port_key->udp_src);
402 
403 	if (udp_port_key->udp_dst != uh->dest)
404 		set_udp_port(skb, &uh->dest, udp_port_key->udp_dst);
405 
406 	return 0;
407 }
408 
409 static int set_tcp(struct sk_buff *skb, const struct ovs_key_tcp *tcp_port_key)
410 {
411 	struct tcphdr *th;
412 	int err;
413 
414 	err = make_writable(skb, skb_transport_offset(skb) +
415 				 sizeof(struct tcphdr));
416 	if (unlikely(err))
417 		return err;
418 
419 	th = tcp_hdr(skb);
420 	if (tcp_port_key->tcp_src != th->source)
421 		set_tp_port(skb, &th->source, tcp_port_key->tcp_src, &th->check);
422 
423 	if (tcp_port_key->tcp_dst != th->dest)
424 		set_tp_port(skb, &th->dest, tcp_port_key->tcp_dst, &th->check);
425 
426 	return 0;
427 }
428 
429 static int set_sctp(struct sk_buff *skb,
430 		     const struct ovs_key_sctp *sctp_port_key)
431 {
432 	struct sctphdr *sh;
433 	int err;
434 	unsigned int sctphoff = skb_transport_offset(skb);
435 
436 	err = make_writable(skb, sctphoff + sizeof(struct sctphdr));
437 	if (unlikely(err))
438 		return err;
439 
440 	sh = sctp_hdr(skb);
441 	if (sctp_port_key->sctp_src != sh->source ||
442 	    sctp_port_key->sctp_dst != sh->dest) {
443 		__le32 old_correct_csum, new_csum, old_csum;
444 
445 		old_csum = sh->checksum;
446 		old_correct_csum = sctp_compute_cksum(skb, sctphoff);
447 
448 		sh->source = sctp_port_key->sctp_src;
449 		sh->dest = sctp_port_key->sctp_dst;
450 
451 		new_csum = sctp_compute_cksum(skb, sctphoff);
452 
453 		/* Carry any checksum errors through. */
454 		sh->checksum = old_csum ^ old_correct_csum ^ new_csum;
455 
456 		skb_clear_hash(skb);
457 	}
458 
459 	return 0;
460 }
461 
462 static int do_output(struct datapath *dp, struct sk_buff *skb, int out_port)
463 {
464 	struct vport *vport;
465 
466 	if (unlikely(!skb))
467 		return -ENOMEM;
468 
469 	vport = ovs_vport_rcu(dp, out_port);
470 	if (unlikely(!vport)) {
471 		kfree_skb(skb);
472 		return -ENODEV;
473 	}
474 
475 	ovs_vport_send(vport, skb);
476 	return 0;
477 }
478 
479 static int output_userspace(struct datapath *dp, struct sk_buff *skb,
480 			    struct sw_flow_key *key, const struct nlattr *attr)
481 {
482 	struct dp_upcall_info upcall;
483 	const struct nlattr *a;
484 	int rem;
485 
486 	upcall.cmd = OVS_PACKET_CMD_ACTION;
487 	upcall.key = key;
488 	upcall.userdata = NULL;
489 	upcall.portid = 0;
490 
491 	for (a = nla_data(attr), rem = nla_len(attr); rem > 0;
492 		 a = nla_next(a, &rem)) {
493 		switch (nla_type(a)) {
494 		case OVS_USERSPACE_ATTR_USERDATA:
495 			upcall.userdata = a;
496 			break;
497 
498 		case OVS_USERSPACE_ATTR_PID:
499 			upcall.portid = nla_get_u32(a);
500 			break;
501 		}
502 	}
503 
504 	return ovs_dp_upcall(dp, skb, &upcall);
505 }
506 
507 static bool last_action(const struct nlattr *a, int rem)
508 {
509 	return a->nla_len == rem;
510 }
511 
512 static int sample(struct datapath *dp, struct sk_buff *skb,
513 		  struct sw_flow_key *key, const struct nlattr *attr)
514 {
515 	const struct nlattr *acts_list = NULL;
516 	const struct nlattr *a;
517 	int rem;
518 
519 	for (a = nla_data(attr), rem = nla_len(attr); rem > 0;
520 		 a = nla_next(a, &rem)) {
521 		switch (nla_type(a)) {
522 		case OVS_SAMPLE_ATTR_PROBABILITY:
523 			if (prandom_u32() >= nla_get_u32(a))
524 				return 0;
525 			break;
526 
527 		case OVS_SAMPLE_ATTR_ACTIONS:
528 			acts_list = a;
529 			break;
530 		}
531 	}
532 
533 	rem = nla_len(acts_list);
534 	a = nla_data(acts_list);
535 
536 	/* Actions list is empty, do nothing */
537 	if (unlikely(!rem))
538 		return 0;
539 
540 	/* The only known usage of sample action is having a single user-space
541 	 * action. Treat this usage as a special case.
542 	 * The output_userspace() should clone the skb to be sent to the
543 	 * user space. This skb will be consumed by its caller.
544 	 */
545 	if (likely(nla_type(a) == OVS_ACTION_ATTR_USERSPACE &&
546 		   last_action(a, rem)))
547 		return output_userspace(dp, skb, key, a);
548 
549 	skb = skb_clone(skb, GFP_ATOMIC);
550 	if (!skb)
551 		/* Skip the sample action when out of memory. */
552 		return 0;
553 
554 	if (!add_deferred_actions(skb, key, a)) {
555 		if (net_ratelimit())
556 			pr_warn("%s: deferred actions limit reached, dropping sample action\n",
557 				ovs_dp_name(dp));
558 
559 		kfree_skb(skb);
560 	}
561 	return 0;
562 }
563 
564 static void execute_hash(struct sk_buff *skb, struct sw_flow_key *key,
565 			 const struct nlattr *attr)
566 {
567 	struct ovs_action_hash *hash_act = nla_data(attr);
568 	u32 hash = 0;
569 
570 	/* OVS_HASH_ALG_L4 is the only possible hash algorithm.  */
571 	hash = skb_get_hash(skb);
572 	hash = jhash_1word(hash, hash_act->hash_basis);
573 	if (!hash)
574 		hash = 0x1;
575 
576 	key->ovs_flow_hash = hash;
577 }
578 
579 static int execute_set_action(struct sk_buff *skb,
580 				 const struct nlattr *nested_attr)
581 {
582 	int err = 0;
583 
584 	switch (nla_type(nested_attr)) {
585 	case OVS_KEY_ATTR_PRIORITY:
586 		skb->priority = nla_get_u32(nested_attr);
587 		break;
588 
589 	case OVS_KEY_ATTR_SKB_MARK:
590 		skb->mark = nla_get_u32(nested_attr);
591 		break;
592 
593 	case OVS_KEY_ATTR_TUNNEL_INFO:
594 		OVS_CB(skb)->egress_tun_info = nla_data(nested_attr);
595 		break;
596 
597 	case OVS_KEY_ATTR_ETHERNET:
598 		err = set_eth_addr(skb, nla_data(nested_attr));
599 		break;
600 
601 	case OVS_KEY_ATTR_IPV4:
602 		err = set_ipv4(skb, nla_data(nested_attr));
603 		break;
604 
605 	case OVS_KEY_ATTR_IPV6:
606 		err = set_ipv6(skb, nla_data(nested_attr));
607 		break;
608 
609 	case OVS_KEY_ATTR_TCP:
610 		err = set_tcp(skb, nla_data(nested_attr));
611 		break;
612 
613 	case OVS_KEY_ATTR_UDP:
614 		err = set_udp(skb, nla_data(nested_attr));
615 		break;
616 
617 	case OVS_KEY_ATTR_SCTP:
618 		err = set_sctp(skb, nla_data(nested_attr));
619 		break;
620 	}
621 
622 	return err;
623 }
624 
625 static int execute_recirc(struct datapath *dp, struct sk_buff *skb,
626 			  struct sw_flow_key *key,
627 			  const struct nlattr *a, int rem)
628 {
629 	struct deferred_action *da;
630 	int err;
631 
632 	err = ovs_flow_key_update(skb, key);
633 	if (err)
634 		return err;
635 
636 	if (!last_action(a, rem)) {
637 		/* Recirc action is the not the last action
638 		 * of the action list, need to clone the skb.
639 		 */
640 		skb = skb_clone(skb, GFP_ATOMIC);
641 
642 		/* Skip the recirc action when out of memory, but
643 		 * continue on with the rest of the action list.
644 		 */
645 		if (!skb)
646 			return 0;
647 	}
648 
649 	da = add_deferred_actions(skb, key, NULL);
650 	if (da) {
651 		da->pkt_key.recirc_id = nla_get_u32(a);
652 	} else {
653 		kfree_skb(skb);
654 
655 		if (net_ratelimit())
656 			pr_warn("%s: deferred action limit reached, drop recirc action\n",
657 				ovs_dp_name(dp));
658 	}
659 
660 	return 0;
661 }
662 
663 /* Execute a list of actions against 'skb'. */
664 static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
665 			      struct sw_flow_key *key,
666 			      const struct nlattr *attr, int len)
667 {
668 	/* Every output action needs a separate clone of 'skb', but the common
669 	 * case is just a single output action, so that doing a clone and
670 	 * then freeing the original skbuff is wasteful.  So the following code
671 	 * is slightly obscure just to avoid that. */
672 	int prev_port = -1;
673 	const struct nlattr *a;
674 	int rem;
675 
676 	for (a = attr, rem = len; rem > 0;
677 	     a = nla_next(a, &rem)) {
678 		int err = 0;
679 
680 		if (prev_port != -1) {
681 			do_output(dp, skb_clone(skb, GFP_ATOMIC), prev_port);
682 			prev_port = -1;
683 		}
684 
685 		switch (nla_type(a)) {
686 		case OVS_ACTION_ATTR_OUTPUT:
687 			prev_port = nla_get_u32(a);
688 			break;
689 
690 		case OVS_ACTION_ATTR_USERSPACE:
691 			output_userspace(dp, skb, key, a);
692 			break;
693 
694 		case OVS_ACTION_ATTR_HASH:
695 			execute_hash(skb, key, a);
696 			break;
697 
698 		case OVS_ACTION_ATTR_PUSH_VLAN:
699 			err = push_vlan(skb, nla_data(a));
700 			if (unlikely(err)) /* skb already freed. */
701 				return err;
702 			break;
703 
704 		case OVS_ACTION_ATTR_POP_VLAN:
705 			err = pop_vlan(skb);
706 			break;
707 
708 		case OVS_ACTION_ATTR_RECIRC:
709 			err = execute_recirc(dp, skb, key, a, rem);
710 			if (last_action(a, rem)) {
711 				/* If this is the last action, the skb has
712 				 * been consumed or freed.
713 				 * Return immediately.
714 				 */
715 				return err;
716 			}
717 			break;
718 
719 		case OVS_ACTION_ATTR_SET:
720 			err = execute_set_action(skb, nla_data(a));
721 			break;
722 
723 		case OVS_ACTION_ATTR_SAMPLE:
724 			err = sample(dp, skb, key, a);
725 			if (unlikely(err)) /* skb already freed. */
726 				return err;
727 			break;
728 		}
729 
730 		if (unlikely(err)) {
731 			kfree_skb(skb);
732 			return err;
733 		}
734 	}
735 
736 	if (prev_port != -1)
737 		do_output(dp, skb, prev_port);
738 	else
739 		consume_skb(skb);
740 
741 	return 0;
742 }
743 
744 static void process_deferred_actions(struct datapath *dp)
745 {
746 	struct action_fifo *fifo = this_cpu_ptr(action_fifos);
747 
748 	/* Do not touch the FIFO in case there is no deferred actions. */
749 	if (action_fifo_is_empty(fifo))
750 		return;
751 
752 	/* Finishing executing all deferred actions. */
753 	do {
754 		struct deferred_action *da = action_fifo_get(fifo);
755 		struct sk_buff *skb = da->skb;
756 		struct sw_flow_key *key = &da->pkt_key;
757 		const struct nlattr *actions = da->actions;
758 
759 		if (actions)
760 			do_execute_actions(dp, skb, key, actions,
761 					   nla_len(actions));
762 		else
763 			ovs_dp_process_packet(skb, key);
764 	} while (!action_fifo_is_empty(fifo));
765 
766 	/* Reset FIFO for the next packet.  */
767 	action_fifo_init(fifo);
768 }
769 
770 /* Execute a list of actions against 'skb'. */
771 int ovs_execute_actions(struct datapath *dp, struct sk_buff *skb,
772 			struct sw_flow_key *key)
773 {
774 	int level = this_cpu_read(exec_actions_level);
775 	struct sw_flow_actions *acts;
776 	int err;
777 
778 	acts = rcu_dereference(OVS_CB(skb)->flow->sf_acts);
779 
780 	this_cpu_inc(exec_actions_level);
781 	OVS_CB(skb)->egress_tun_info = NULL;
782 	err = do_execute_actions(dp, skb, key,
783 				 acts->actions, acts->actions_len);
784 
785 	if (!level)
786 		process_deferred_actions(dp);
787 
788 	this_cpu_dec(exec_actions_level);
789 	return err;
790 }
791 
792 int action_fifos_init(void)
793 {
794 	action_fifos = alloc_percpu(struct action_fifo);
795 	if (!action_fifos)
796 		return -ENOMEM;
797 
798 	return 0;
799 }
800 
801 void action_fifos_exit(void)
802 {
803 	free_percpu(action_fifos);
804 }
805