1 /* 2 * Copyright (c) 2007-2017 Nicira, Inc. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of version 2 of the GNU General Public 6 * License as published by the Free Software Foundation. 7 * 8 * This program is distributed in the hope that it will be useful, but 9 * WITHOUT ANY WARRANTY; without even the implied warranty of 10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 11 * General Public License for more details. 12 * 13 * You should have received a copy of the GNU General Public License 14 * along with this program; if not, write to the Free Software 15 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 16 * 02110-1301, USA 17 */ 18 19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 20 21 #include "flow.h" 22 #include "datapath.h" 23 #include <linux/uaccess.h> 24 #include <linux/netdevice.h> 25 #include <linux/etherdevice.h> 26 #include <linux/if_ether.h> 27 #include <linux/if_vlan.h> 28 #include <net/llc_pdu.h> 29 #include <linux/kernel.h> 30 #include <linux/jhash.h> 31 #include <linux/jiffies.h> 32 #include <linux/llc.h> 33 #include <linux/module.h> 34 #include <linux/in.h> 35 #include <linux/rcupdate.h> 36 #include <linux/if_arp.h> 37 #include <linux/ip.h> 38 #include <linux/ipv6.h> 39 #include <linux/sctp.h> 40 #include <linux/tcp.h> 41 #include <linux/udp.h> 42 #include <linux/icmp.h> 43 #include <linux/icmpv6.h> 44 #include <linux/rculist.h> 45 #include <net/geneve.h> 46 #include <net/ip.h> 47 #include <net/ipv6.h> 48 #include <net/ndisc.h> 49 #include <net/mpls.h> 50 #include <net/vxlan.h> 51 #include <net/tun_proto.h> 52 #include <net/erspan.h> 53 54 #include "flow_netlink.h" 55 56 struct ovs_len_tbl { 57 int len; 58 const struct ovs_len_tbl *next; 59 }; 60 61 #define OVS_ATTR_NESTED -1 62 #define OVS_ATTR_VARIABLE -2 63 64 static bool actions_may_change_flow(const struct nlattr *actions) 65 { 66 struct nlattr *nla; 67 int rem; 68 69 nla_for_each_nested(nla, actions, rem) { 70 u16 action = nla_type(nla); 71 72 switch (action) { 73 case OVS_ACTION_ATTR_OUTPUT: 74 case OVS_ACTION_ATTR_RECIRC: 75 case OVS_ACTION_ATTR_TRUNC: 76 case OVS_ACTION_ATTR_USERSPACE: 77 break; 78 79 case OVS_ACTION_ATTR_CT: 80 case OVS_ACTION_ATTR_CT_CLEAR: 81 case OVS_ACTION_ATTR_HASH: 82 case OVS_ACTION_ATTR_POP_ETH: 83 case OVS_ACTION_ATTR_POP_MPLS: 84 case OVS_ACTION_ATTR_POP_NSH: 85 case OVS_ACTION_ATTR_POP_VLAN: 86 case OVS_ACTION_ATTR_PUSH_ETH: 87 case OVS_ACTION_ATTR_PUSH_MPLS: 88 case OVS_ACTION_ATTR_PUSH_NSH: 89 case OVS_ACTION_ATTR_PUSH_VLAN: 90 case OVS_ACTION_ATTR_SAMPLE: 91 case OVS_ACTION_ATTR_SET: 92 case OVS_ACTION_ATTR_SET_MASKED: 93 case OVS_ACTION_ATTR_METER: 94 case OVS_ACTION_ATTR_CHECK_PKT_LEN: 95 default: 96 return true; 97 } 98 } 99 return false; 100 } 101 102 static void update_range(struct sw_flow_match *match, 103 size_t offset, size_t size, bool is_mask) 104 { 105 struct sw_flow_key_range *range; 106 size_t start = rounddown(offset, sizeof(long)); 107 size_t end = roundup(offset + size, sizeof(long)); 108 109 if (!is_mask) 110 range = &match->range; 111 else 112 range = &match->mask->range; 113 114 if (range->start == range->end) { 115 range->start = start; 116 range->end = end; 117 return; 118 } 119 120 if (range->start > start) 121 range->start = start; 122 123 if (range->end < end) 124 range->end = end; 125 } 126 127 #define SW_FLOW_KEY_PUT(match, field, value, is_mask) \ 128 do { \ 129 update_range(match, offsetof(struct sw_flow_key, field), \ 130 sizeof((match)->key->field), is_mask); \ 131 if (is_mask) \ 132 (match)->mask->key.field = value; \ 133 else \ 134 (match)->key->field = value; \ 135 } while (0) 136 137 #define SW_FLOW_KEY_MEMCPY_OFFSET(match, offset, value_p, len, is_mask) \ 138 do { \ 139 update_range(match, offset, len, is_mask); \ 140 if (is_mask) \ 141 memcpy((u8 *)&(match)->mask->key + offset, value_p, \ 142 len); \ 143 else \ 144 memcpy((u8 *)(match)->key + offset, value_p, len); \ 145 } while (0) 146 147 #define SW_FLOW_KEY_MEMCPY(match, field, value_p, len, is_mask) \ 148 SW_FLOW_KEY_MEMCPY_OFFSET(match, offsetof(struct sw_flow_key, field), \ 149 value_p, len, is_mask) 150 151 #define SW_FLOW_KEY_MEMSET_FIELD(match, field, value, is_mask) \ 152 do { \ 153 update_range(match, offsetof(struct sw_flow_key, field), \ 154 sizeof((match)->key->field), is_mask); \ 155 if (is_mask) \ 156 memset((u8 *)&(match)->mask->key.field, value, \ 157 sizeof((match)->mask->key.field)); \ 158 else \ 159 memset((u8 *)&(match)->key->field, value, \ 160 sizeof((match)->key->field)); \ 161 } while (0) 162 163 static bool match_validate(const struct sw_flow_match *match, 164 u64 key_attrs, u64 mask_attrs, bool log) 165 { 166 u64 key_expected = 0; 167 u64 mask_allowed = key_attrs; /* At most allow all key attributes */ 168 169 /* The following mask attributes allowed only if they 170 * pass the validation tests. */ 171 mask_allowed &= ~((1 << OVS_KEY_ATTR_IPV4) 172 | (1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4) 173 | (1 << OVS_KEY_ATTR_IPV6) 174 | (1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6) 175 | (1 << OVS_KEY_ATTR_TCP) 176 | (1 << OVS_KEY_ATTR_TCP_FLAGS) 177 | (1 << OVS_KEY_ATTR_UDP) 178 | (1 << OVS_KEY_ATTR_SCTP) 179 | (1 << OVS_KEY_ATTR_ICMP) 180 | (1 << OVS_KEY_ATTR_ICMPV6) 181 | (1 << OVS_KEY_ATTR_ARP) 182 | (1 << OVS_KEY_ATTR_ND) 183 | (1 << OVS_KEY_ATTR_MPLS) 184 | (1 << OVS_KEY_ATTR_NSH)); 185 186 /* Always allowed mask fields. */ 187 mask_allowed |= ((1 << OVS_KEY_ATTR_TUNNEL) 188 | (1 << OVS_KEY_ATTR_IN_PORT) 189 | (1 << OVS_KEY_ATTR_ETHERTYPE)); 190 191 /* Check key attributes. */ 192 if (match->key->eth.type == htons(ETH_P_ARP) 193 || match->key->eth.type == htons(ETH_P_RARP)) { 194 key_expected |= 1 << OVS_KEY_ATTR_ARP; 195 if (match->mask && (match->mask->key.eth.type == htons(0xffff))) 196 mask_allowed |= 1 << OVS_KEY_ATTR_ARP; 197 } 198 199 if (eth_p_mpls(match->key->eth.type)) { 200 key_expected |= 1 << OVS_KEY_ATTR_MPLS; 201 if (match->mask && (match->mask->key.eth.type == htons(0xffff))) 202 mask_allowed |= 1 << OVS_KEY_ATTR_MPLS; 203 } 204 205 if (match->key->eth.type == htons(ETH_P_IP)) { 206 key_expected |= 1 << OVS_KEY_ATTR_IPV4; 207 if (match->mask && match->mask->key.eth.type == htons(0xffff)) { 208 mask_allowed |= 1 << OVS_KEY_ATTR_IPV4; 209 mask_allowed |= 1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4; 210 } 211 212 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) { 213 if (match->key->ip.proto == IPPROTO_UDP) { 214 key_expected |= 1 << OVS_KEY_ATTR_UDP; 215 if (match->mask && (match->mask->key.ip.proto == 0xff)) 216 mask_allowed |= 1 << OVS_KEY_ATTR_UDP; 217 } 218 219 if (match->key->ip.proto == IPPROTO_SCTP) { 220 key_expected |= 1 << OVS_KEY_ATTR_SCTP; 221 if (match->mask && (match->mask->key.ip.proto == 0xff)) 222 mask_allowed |= 1 << OVS_KEY_ATTR_SCTP; 223 } 224 225 if (match->key->ip.proto == IPPROTO_TCP) { 226 key_expected |= 1 << OVS_KEY_ATTR_TCP; 227 key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS; 228 if (match->mask && (match->mask->key.ip.proto == 0xff)) { 229 mask_allowed |= 1 << OVS_KEY_ATTR_TCP; 230 mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS; 231 } 232 } 233 234 if (match->key->ip.proto == IPPROTO_ICMP) { 235 key_expected |= 1 << OVS_KEY_ATTR_ICMP; 236 if (match->mask && (match->mask->key.ip.proto == 0xff)) 237 mask_allowed |= 1 << OVS_KEY_ATTR_ICMP; 238 } 239 } 240 } 241 242 if (match->key->eth.type == htons(ETH_P_IPV6)) { 243 key_expected |= 1 << OVS_KEY_ATTR_IPV6; 244 if (match->mask && match->mask->key.eth.type == htons(0xffff)) { 245 mask_allowed |= 1 << OVS_KEY_ATTR_IPV6; 246 mask_allowed |= 1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6; 247 } 248 249 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) { 250 if (match->key->ip.proto == IPPROTO_UDP) { 251 key_expected |= 1 << OVS_KEY_ATTR_UDP; 252 if (match->mask && (match->mask->key.ip.proto == 0xff)) 253 mask_allowed |= 1 << OVS_KEY_ATTR_UDP; 254 } 255 256 if (match->key->ip.proto == IPPROTO_SCTP) { 257 key_expected |= 1 << OVS_KEY_ATTR_SCTP; 258 if (match->mask && (match->mask->key.ip.proto == 0xff)) 259 mask_allowed |= 1 << OVS_KEY_ATTR_SCTP; 260 } 261 262 if (match->key->ip.proto == IPPROTO_TCP) { 263 key_expected |= 1 << OVS_KEY_ATTR_TCP; 264 key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS; 265 if (match->mask && (match->mask->key.ip.proto == 0xff)) { 266 mask_allowed |= 1 << OVS_KEY_ATTR_TCP; 267 mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS; 268 } 269 } 270 271 if (match->key->ip.proto == IPPROTO_ICMPV6) { 272 key_expected |= 1 << OVS_KEY_ATTR_ICMPV6; 273 if (match->mask && (match->mask->key.ip.proto == 0xff)) 274 mask_allowed |= 1 << OVS_KEY_ATTR_ICMPV6; 275 276 if (match->key->tp.src == 277 htons(NDISC_NEIGHBOUR_SOLICITATION) || 278 match->key->tp.src == htons(NDISC_NEIGHBOUR_ADVERTISEMENT)) { 279 key_expected |= 1 << OVS_KEY_ATTR_ND; 280 /* Original direction conntrack tuple 281 * uses the same space as the ND fields 282 * in the key, so both are not allowed 283 * at the same time. 284 */ 285 mask_allowed &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6); 286 if (match->mask && (match->mask->key.tp.src == htons(0xff))) 287 mask_allowed |= 1 << OVS_KEY_ATTR_ND; 288 } 289 } 290 } 291 } 292 293 if (match->key->eth.type == htons(ETH_P_NSH)) { 294 key_expected |= 1 << OVS_KEY_ATTR_NSH; 295 if (match->mask && 296 match->mask->key.eth.type == htons(0xffff)) { 297 mask_allowed |= 1 << OVS_KEY_ATTR_NSH; 298 } 299 } 300 301 if ((key_attrs & key_expected) != key_expected) { 302 /* Key attributes check failed. */ 303 OVS_NLERR(log, "Missing key (keys=%llx, expected=%llx)", 304 (unsigned long long)key_attrs, 305 (unsigned long long)key_expected); 306 return false; 307 } 308 309 if ((mask_attrs & mask_allowed) != mask_attrs) { 310 /* Mask attributes check failed. */ 311 OVS_NLERR(log, "Unexpected mask (mask=%llx, allowed=%llx)", 312 (unsigned long long)mask_attrs, 313 (unsigned long long)mask_allowed); 314 return false; 315 } 316 317 return true; 318 } 319 320 size_t ovs_tun_key_attr_size(void) 321 { 322 /* Whenever adding new OVS_TUNNEL_KEY_ FIELDS, we should consider 323 * updating this function. 324 */ 325 return nla_total_size_64bit(8) /* OVS_TUNNEL_KEY_ATTR_ID */ 326 + nla_total_size(16) /* OVS_TUNNEL_KEY_ATTR_IPV[46]_SRC */ 327 + nla_total_size(16) /* OVS_TUNNEL_KEY_ATTR_IPV[46]_DST */ 328 + nla_total_size(1) /* OVS_TUNNEL_KEY_ATTR_TOS */ 329 + nla_total_size(1) /* OVS_TUNNEL_KEY_ATTR_TTL */ 330 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT */ 331 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_CSUM */ 332 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_OAM */ 333 + nla_total_size(256) /* OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS */ 334 /* OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS and 335 * OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS is mutually exclusive with 336 * OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS and covered by it. 337 */ 338 + nla_total_size(2) /* OVS_TUNNEL_KEY_ATTR_TP_SRC */ 339 + nla_total_size(2); /* OVS_TUNNEL_KEY_ATTR_TP_DST */ 340 } 341 342 static size_t ovs_nsh_key_attr_size(void) 343 { 344 /* Whenever adding new OVS_NSH_KEY_ FIELDS, we should consider 345 * updating this function. 346 */ 347 return nla_total_size(NSH_BASE_HDR_LEN) /* OVS_NSH_KEY_ATTR_BASE */ 348 /* OVS_NSH_KEY_ATTR_MD1 and OVS_NSH_KEY_ATTR_MD2 are 349 * mutually exclusive, so the bigger one can cover 350 * the small one. 351 */ 352 + nla_total_size(NSH_CTX_HDRS_MAX_LEN); 353 } 354 355 size_t ovs_key_attr_size(void) 356 { 357 /* Whenever adding new OVS_KEY_ FIELDS, we should consider 358 * updating this function. 359 */ 360 BUILD_BUG_ON(OVS_KEY_ATTR_TUNNEL_INFO != 29); 361 362 return nla_total_size(4) /* OVS_KEY_ATTR_PRIORITY */ 363 + nla_total_size(0) /* OVS_KEY_ATTR_TUNNEL */ 364 + ovs_tun_key_attr_size() 365 + nla_total_size(4) /* OVS_KEY_ATTR_IN_PORT */ 366 + nla_total_size(4) /* OVS_KEY_ATTR_SKB_MARK */ 367 + nla_total_size(4) /* OVS_KEY_ATTR_DP_HASH */ 368 + nla_total_size(4) /* OVS_KEY_ATTR_RECIRC_ID */ 369 + nla_total_size(4) /* OVS_KEY_ATTR_CT_STATE */ 370 + nla_total_size(2) /* OVS_KEY_ATTR_CT_ZONE */ 371 + nla_total_size(4) /* OVS_KEY_ATTR_CT_MARK */ 372 + nla_total_size(16) /* OVS_KEY_ATTR_CT_LABELS */ 373 + nla_total_size(40) /* OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6 */ 374 + nla_total_size(0) /* OVS_KEY_ATTR_NSH */ 375 + ovs_nsh_key_attr_size() 376 + nla_total_size(12) /* OVS_KEY_ATTR_ETHERNET */ 377 + nla_total_size(2) /* OVS_KEY_ATTR_ETHERTYPE */ 378 + nla_total_size(4) /* OVS_KEY_ATTR_VLAN */ 379 + nla_total_size(0) /* OVS_KEY_ATTR_ENCAP */ 380 + nla_total_size(2) /* OVS_KEY_ATTR_ETHERTYPE */ 381 + nla_total_size(40) /* OVS_KEY_ATTR_IPV6 */ 382 + nla_total_size(2) /* OVS_KEY_ATTR_ICMPV6 */ 383 + nla_total_size(28); /* OVS_KEY_ATTR_ND */ 384 } 385 386 static const struct ovs_len_tbl ovs_vxlan_ext_key_lens[OVS_VXLAN_EXT_MAX + 1] = { 387 [OVS_VXLAN_EXT_GBP] = { .len = sizeof(u32) }, 388 }; 389 390 static const struct ovs_len_tbl ovs_tunnel_key_lens[OVS_TUNNEL_KEY_ATTR_MAX + 1] = { 391 [OVS_TUNNEL_KEY_ATTR_ID] = { .len = sizeof(u64) }, 392 [OVS_TUNNEL_KEY_ATTR_IPV4_SRC] = { .len = sizeof(u32) }, 393 [OVS_TUNNEL_KEY_ATTR_IPV4_DST] = { .len = sizeof(u32) }, 394 [OVS_TUNNEL_KEY_ATTR_TOS] = { .len = 1 }, 395 [OVS_TUNNEL_KEY_ATTR_TTL] = { .len = 1 }, 396 [OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT] = { .len = 0 }, 397 [OVS_TUNNEL_KEY_ATTR_CSUM] = { .len = 0 }, 398 [OVS_TUNNEL_KEY_ATTR_TP_SRC] = { .len = sizeof(u16) }, 399 [OVS_TUNNEL_KEY_ATTR_TP_DST] = { .len = sizeof(u16) }, 400 [OVS_TUNNEL_KEY_ATTR_OAM] = { .len = 0 }, 401 [OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS] = { .len = OVS_ATTR_VARIABLE }, 402 [OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS] = { .len = OVS_ATTR_NESTED, 403 .next = ovs_vxlan_ext_key_lens }, 404 [OVS_TUNNEL_KEY_ATTR_IPV6_SRC] = { .len = sizeof(struct in6_addr) }, 405 [OVS_TUNNEL_KEY_ATTR_IPV6_DST] = { .len = sizeof(struct in6_addr) }, 406 [OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS] = { .len = OVS_ATTR_VARIABLE }, 407 [OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE] = { .len = 0 }, 408 }; 409 410 static const struct ovs_len_tbl 411 ovs_nsh_key_attr_lens[OVS_NSH_KEY_ATTR_MAX + 1] = { 412 [OVS_NSH_KEY_ATTR_BASE] = { .len = sizeof(struct ovs_nsh_key_base) }, 413 [OVS_NSH_KEY_ATTR_MD1] = { .len = sizeof(struct ovs_nsh_key_md1) }, 414 [OVS_NSH_KEY_ATTR_MD2] = { .len = OVS_ATTR_VARIABLE }, 415 }; 416 417 /* The size of the argument for each %OVS_KEY_ATTR_* Netlink attribute. */ 418 static const struct ovs_len_tbl ovs_key_lens[OVS_KEY_ATTR_MAX + 1] = { 419 [OVS_KEY_ATTR_ENCAP] = { .len = OVS_ATTR_NESTED }, 420 [OVS_KEY_ATTR_PRIORITY] = { .len = sizeof(u32) }, 421 [OVS_KEY_ATTR_IN_PORT] = { .len = sizeof(u32) }, 422 [OVS_KEY_ATTR_SKB_MARK] = { .len = sizeof(u32) }, 423 [OVS_KEY_ATTR_ETHERNET] = { .len = sizeof(struct ovs_key_ethernet) }, 424 [OVS_KEY_ATTR_VLAN] = { .len = sizeof(__be16) }, 425 [OVS_KEY_ATTR_ETHERTYPE] = { .len = sizeof(__be16) }, 426 [OVS_KEY_ATTR_IPV4] = { .len = sizeof(struct ovs_key_ipv4) }, 427 [OVS_KEY_ATTR_IPV6] = { .len = sizeof(struct ovs_key_ipv6) }, 428 [OVS_KEY_ATTR_TCP] = { .len = sizeof(struct ovs_key_tcp) }, 429 [OVS_KEY_ATTR_TCP_FLAGS] = { .len = sizeof(__be16) }, 430 [OVS_KEY_ATTR_UDP] = { .len = sizeof(struct ovs_key_udp) }, 431 [OVS_KEY_ATTR_SCTP] = { .len = sizeof(struct ovs_key_sctp) }, 432 [OVS_KEY_ATTR_ICMP] = { .len = sizeof(struct ovs_key_icmp) }, 433 [OVS_KEY_ATTR_ICMPV6] = { .len = sizeof(struct ovs_key_icmpv6) }, 434 [OVS_KEY_ATTR_ARP] = { .len = sizeof(struct ovs_key_arp) }, 435 [OVS_KEY_ATTR_ND] = { .len = sizeof(struct ovs_key_nd) }, 436 [OVS_KEY_ATTR_RECIRC_ID] = { .len = sizeof(u32) }, 437 [OVS_KEY_ATTR_DP_HASH] = { .len = sizeof(u32) }, 438 [OVS_KEY_ATTR_TUNNEL] = { .len = OVS_ATTR_NESTED, 439 .next = ovs_tunnel_key_lens, }, 440 [OVS_KEY_ATTR_MPLS] = { .len = sizeof(struct ovs_key_mpls) }, 441 [OVS_KEY_ATTR_CT_STATE] = { .len = sizeof(u32) }, 442 [OVS_KEY_ATTR_CT_ZONE] = { .len = sizeof(u16) }, 443 [OVS_KEY_ATTR_CT_MARK] = { .len = sizeof(u32) }, 444 [OVS_KEY_ATTR_CT_LABELS] = { .len = sizeof(struct ovs_key_ct_labels) }, 445 [OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4] = { 446 .len = sizeof(struct ovs_key_ct_tuple_ipv4) }, 447 [OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6] = { 448 .len = sizeof(struct ovs_key_ct_tuple_ipv6) }, 449 [OVS_KEY_ATTR_NSH] = { .len = OVS_ATTR_NESTED, 450 .next = ovs_nsh_key_attr_lens, }, 451 }; 452 453 static bool check_attr_len(unsigned int attr_len, unsigned int expected_len) 454 { 455 return expected_len == attr_len || 456 expected_len == OVS_ATTR_NESTED || 457 expected_len == OVS_ATTR_VARIABLE; 458 } 459 460 static bool is_all_zero(const u8 *fp, size_t size) 461 { 462 int i; 463 464 if (!fp) 465 return false; 466 467 for (i = 0; i < size; i++) 468 if (fp[i]) 469 return false; 470 471 return true; 472 } 473 474 static int __parse_flow_nlattrs(const struct nlattr *attr, 475 const struct nlattr *a[], 476 u64 *attrsp, bool log, bool nz) 477 { 478 const struct nlattr *nla; 479 u64 attrs; 480 int rem; 481 482 attrs = *attrsp; 483 nla_for_each_nested(nla, attr, rem) { 484 u16 type = nla_type(nla); 485 int expected_len; 486 487 if (type > OVS_KEY_ATTR_MAX) { 488 OVS_NLERR(log, "Key type %d is out of range max %d", 489 type, OVS_KEY_ATTR_MAX); 490 return -EINVAL; 491 } 492 493 if (attrs & (1 << type)) { 494 OVS_NLERR(log, "Duplicate key (type %d).", type); 495 return -EINVAL; 496 } 497 498 expected_len = ovs_key_lens[type].len; 499 if (!check_attr_len(nla_len(nla), expected_len)) { 500 OVS_NLERR(log, "Key %d has unexpected len %d expected %d", 501 type, nla_len(nla), expected_len); 502 return -EINVAL; 503 } 504 505 if (!nz || !is_all_zero(nla_data(nla), nla_len(nla))) { 506 attrs |= 1 << type; 507 a[type] = nla; 508 } 509 } 510 if (rem) { 511 OVS_NLERR(log, "Message has %d unknown bytes.", rem); 512 return -EINVAL; 513 } 514 515 *attrsp = attrs; 516 return 0; 517 } 518 519 static int parse_flow_mask_nlattrs(const struct nlattr *attr, 520 const struct nlattr *a[], u64 *attrsp, 521 bool log) 522 { 523 return __parse_flow_nlattrs(attr, a, attrsp, log, true); 524 } 525 526 int parse_flow_nlattrs(const struct nlattr *attr, const struct nlattr *a[], 527 u64 *attrsp, bool log) 528 { 529 return __parse_flow_nlattrs(attr, a, attrsp, log, false); 530 } 531 532 static int genev_tun_opt_from_nlattr(const struct nlattr *a, 533 struct sw_flow_match *match, bool is_mask, 534 bool log) 535 { 536 unsigned long opt_key_offset; 537 538 if (nla_len(a) > sizeof(match->key->tun_opts)) { 539 OVS_NLERR(log, "Geneve option length err (len %d, max %zu).", 540 nla_len(a), sizeof(match->key->tun_opts)); 541 return -EINVAL; 542 } 543 544 if (nla_len(a) % 4 != 0) { 545 OVS_NLERR(log, "Geneve opt len %d is not a multiple of 4.", 546 nla_len(a)); 547 return -EINVAL; 548 } 549 550 /* We need to record the length of the options passed 551 * down, otherwise packets with the same format but 552 * additional options will be silently matched. 553 */ 554 if (!is_mask) { 555 SW_FLOW_KEY_PUT(match, tun_opts_len, nla_len(a), 556 false); 557 } else { 558 /* This is somewhat unusual because it looks at 559 * both the key and mask while parsing the 560 * attributes (and by extension assumes the key 561 * is parsed first). Normally, we would verify 562 * that each is the correct length and that the 563 * attributes line up in the validate function. 564 * However, that is difficult because this is 565 * variable length and we won't have the 566 * information later. 567 */ 568 if (match->key->tun_opts_len != nla_len(a)) { 569 OVS_NLERR(log, "Geneve option len %d != mask len %d", 570 match->key->tun_opts_len, nla_len(a)); 571 return -EINVAL; 572 } 573 574 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true); 575 } 576 577 opt_key_offset = TUN_METADATA_OFFSET(nla_len(a)); 578 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, nla_data(a), 579 nla_len(a), is_mask); 580 return 0; 581 } 582 583 static int vxlan_tun_opt_from_nlattr(const struct nlattr *attr, 584 struct sw_flow_match *match, bool is_mask, 585 bool log) 586 { 587 struct nlattr *a; 588 int rem; 589 unsigned long opt_key_offset; 590 struct vxlan_metadata opts; 591 592 BUILD_BUG_ON(sizeof(opts) > sizeof(match->key->tun_opts)); 593 594 memset(&opts, 0, sizeof(opts)); 595 nla_for_each_nested(a, attr, rem) { 596 int type = nla_type(a); 597 598 if (type > OVS_VXLAN_EXT_MAX) { 599 OVS_NLERR(log, "VXLAN extension %d out of range max %d", 600 type, OVS_VXLAN_EXT_MAX); 601 return -EINVAL; 602 } 603 604 if (!check_attr_len(nla_len(a), 605 ovs_vxlan_ext_key_lens[type].len)) { 606 OVS_NLERR(log, "VXLAN extension %d has unexpected len %d expected %d", 607 type, nla_len(a), 608 ovs_vxlan_ext_key_lens[type].len); 609 return -EINVAL; 610 } 611 612 switch (type) { 613 case OVS_VXLAN_EXT_GBP: 614 opts.gbp = nla_get_u32(a); 615 break; 616 default: 617 OVS_NLERR(log, "Unknown VXLAN extension attribute %d", 618 type); 619 return -EINVAL; 620 } 621 } 622 if (rem) { 623 OVS_NLERR(log, "VXLAN extension message has %d unknown bytes.", 624 rem); 625 return -EINVAL; 626 } 627 628 if (!is_mask) 629 SW_FLOW_KEY_PUT(match, tun_opts_len, sizeof(opts), false); 630 else 631 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true); 632 633 opt_key_offset = TUN_METADATA_OFFSET(sizeof(opts)); 634 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, &opts, sizeof(opts), 635 is_mask); 636 return 0; 637 } 638 639 static int erspan_tun_opt_from_nlattr(const struct nlattr *a, 640 struct sw_flow_match *match, bool is_mask, 641 bool log) 642 { 643 unsigned long opt_key_offset; 644 645 BUILD_BUG_ON(sizeof(struct erspan_metadata) > 646 sizeof(match->key->tun_opts)); 647 648 if (nla_len(a) > sizeof(match->key->tun_opts)) { 649 OVS_NLERR(log, "ERSPAN option length err (len %d, max %zu).", 650 nla_len(a), sizeof(match->key->tun_opts)); 651 return -EINVAL; 652 } 653 654 if (!is_mask) 655 SW_FLOW_KEY_PUT(match, tun_opts_len, 656 sizeof(struct erspan_metadata), false); 657 else 658 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true); 659 660 opt_key_offset = TUN_METADATA_OFFSET(nla_len(a)); 661 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, nla_data(a), 662 nla_len(a), is_mask); 663 return 0; 664 } 665 666 static int ip_tun_from_nlattr(const struct nlattr *attr, 667 struct sw_flow_match *match, bool is_mask, 668 bool log) 669 { 670 bool ttl = false, ipv4 = false, ipv6 = false; 671 bool info_bridge_mode = false; 672 __be16 tun_flags = 0; 673 int opts_type = 0; 674 struct nlattr *a; 675 int rem; 676 677 nla_for_each_nested(a, attr, rem) { 678 int type = nla_type(a); 679 int err; 680 681 if (type > OVS_TUNNEL_KEY_ATTR_MAX) { 682 OVS_NLERR(log, "Tunnel attr %d out of range max %d", 683 type, OVS_TUNNEL_KEY_ATTR_MAX); 684 return -EINVAL; 685 } 686 687 if (!check_attr_len(nla_len(a), 688 ovs_tunnel_key_lens[type].len)) { 689 OVS_NLERR(log, "Tunnel attr %d has unexpected len %d expected %d", 690 type, nla_len(a), ovs_tunnel_key_lens[type].len); 691 return -EINVAL; 692 } 693 694 switch (type) { 695 case OVS_TUNNEL_KEY_ATTR_ID: 696 SW_FLOW_KEY_PUT(match, tun_key.tun_id, 697 nla_get_be64(a), is_mask); 698 tun_flags |= TUNNEL_KEY; 699 break; 700 case OVS_TUNNEL_KEY_ATTR_IPV4_SRC: 701 SW_FLOW_KEY_PUT(match, tun_key.u.ipv4.src, 702 nla_get_in_addr(a), is_mask); 703 ipv4 = true; 704 break; 705 case OVS_TUNNEL_KEY_ATTR_IPV4_DST: 706 SW_FLOW_KEY_PUT(match, tun_key.u.ipv4.dst, 707 nla_get_in_addr(a), is_mask); 708 ipv4 = true; 709 break; 710 case OVS_TUNNEL_KEY_ATTR_IPV6_SRC: 711 SW_FLOW_KEY_PUT(match, tun_key.u.ipv6.src, 712 nla_get_in6_addr(a), is_mask); 713 ipv6 = true; 714 break; 715 case OVS_TUNNEL_KEY_ATTR_IPV6_DST: 716 SW_FLOW_KEY_PUT(match, tun_key.u.ipv6.dst, 717 nla_get_in6_addr(a), is_mask); 718 ipv6 = true; 719 break; 720 case OVS_TUNNEL_KEY_ATTR_TOS: 721 SW_FLOW_KEY_PUT(match, tun_key.tos, 722 nla_get_u8(a), is_mask); 723 break; 724 case OVS_TUNNEL_KEY_ATTR_TTL: 725 SW_FLOW_KEY_PUT(match, tun_key.ttl, 726 nla_get_u8(a), is_mask); 727 ttl = true; 728 break; 729 case OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT: 730 tun_flags |= TUNNEL_DONT_FRAGMENT; 731 break; 732 case OVS_TUNNEL_KEY_ATTR_CSUM: 733 tun_flags |= TUNNEL_CSUM; 734 break; 735 case OVS_TUNNEL_KEY_ATTR_TP_SRC: 736 SW_FLOW_KEY_PUT(match, tun_key.tp_src, 737 nla_get_be16(a), is_mask); 738 break; 739 case OVS_TUNNEL_KEY_ATTR_TP_DST: 740 SW_FLOW_KEY_PUT(match, tun_key.tp_dst, 741 nla_get_be16(a), is_mask); 742 break; 743 case OVS_TUNNEL_KEY_ATTR_OAM: 744 tun_flags |= TUNNEL_OAM; 745 break; 746 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS: 747 if (opts_type) { 748 OVS_NLERR(log, "Multiple metadata blocks provided"); 749 return -EINVAL; 750 } 751 752 err = genev_tun_opt_from_nlattr(a, match, is_mask, log); 753 if (err) 754 return err; 755 756 tun_flags |= TUNNEL_GENEVE_OPT; 757 opts_type = type; 758 break; 759 case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS: 760 if (opts_type) { 761 OVS_NLERR(log, "Multiple metadata blocks provided"); 762 return -EINVAL; 763 } 764 765 err = vxlan_tun_opt_from_nlattr(a, match, is_mask, log); 766 if (err) 767 return err; 768 769 tun_flags |= TUNNEL_VXLAN_OPT; 770 opts_type = type; 771 break; 772 case OVS_TUNNEL_KEY_ATTR_PAD: 773 break; 774 case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS: 775 if (opts_type) { 776 OVS_NLERR(log, "Multiple metadata blocks provided"); 777 return -EINVAL; 778 } 779 780 err = erspan_tun_opt_from_nlattr(a, match, is_mask, 781 log); 782 if (err) 783 return err; 784 785 tun_flags |= TUNNEL_ERSPAN_OPT; 786 opts_type = type; 787 break; 788 case OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE: 789 info_bridge_mode = true; 790 ipv4 = true; 791 break; 792 default: 793 OVS_NLERR(log, "Unknown IP tunnel attribute %d", 794 type); 795 return -EINVAL; 796 } 797 } 798 799 SW_FLOW_KEY_PUT(match, tun_key.tun_flags, tun_flags, is_mask); 800 if (is_mask) 801 SW_FLOW_KEY_MEMSET_FIELD(match, tun_proto, 0xff, true); 802 else 803 SW_FLOW_KEY_PUT(match, tun_proto, ipv6 ? AF_INET6 : AF_INET, 804 false); 805 806 if (rem > 0) { 807 OVS_NLERR(log, "IP tunnel attribute has %d unknown bytes.", 808 rem); 809 return -EINVAL; 810 } 811 812 if (ipv4 && ipv6) { 813 OVS_NLERR(log, "Mixed IPv4 and IPv6 tunnel attributes"); 814 return -EINVAL; 815 } 816 817 if (!is_mask) { 818 if (!ipv4 && !ipv6) { 819 OVS_NLERR(log, "IP tunnel dst address not specified"); 820 return -EINVAL; 821 } 822 if (ipv4) { 823 if (info_bridge_mode) { 824 if (match->key->tun_key.u.ipv4.src || 825 match->key->tun_key.u.ipv4.dst || 826 match->key->tun_key.tp_src || 827 match->key->tun_key.tp_dst || 828 match->key->tun_key.ttl || 829 match->key->tun_key.tos || 830 tun_flags & ~TUNNEL_KEY) { 831 OVS_NLERR(log, "IPv4 tun info is not correct"); 832 return -EINVAL; 833 } 834 } else if (!match->key->tun_key.u.ipv4.dst) { 835 OVS_NLERR(log, "IPv4 tunnel dst address is zero"); 836 return -EINVAL; 837 } 838 } 839 if (ipv6 && ipv6_addr_any(&match->key->tun_key.u.ipv6.dst)) { 840 OVS_NLERR(log, "IPv6 tunnel dst address is zero"); 841 return -EINVAL; 842 } 843 844 if (!ttl && !info_bridge_mode) { 845 OVS_NLERR(log, "IP tunnel TTL not specified."); 846 return -EINVAL; 847 } 848 } 849 850 return opts_type; 851 } 852 853 static int vxlan_opt_to_nlattr(struct sk_buff *skb, 854 const void *tun_opts, int swkey_tun_opts_len) 855 { 856 const struct vxlan_metadata *opts = tun_opts; 857 struct nlattr *nla; 858 859 nla = nla_nest_start_noflag(skb, OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS); 860 if (!nla) 861 return -EMSGSIZE; 862 863 if (nla_put_u32(skb, OVS_VXLAN_EXT_GBP, opts->gbp) < 0) 864 return -EMSGSIZE; 865 866 nla_nest_end(skb, nla); 867 return 0; 868 } 869 870 static int __ip_tun_to_nlattr(struct sk_buff *skb, 871 const struct ip_tunnel_key *output, 872 const void *tun_opts, int swkey_tun_opts_len, 873 unsigned short tun_proto, u8 mode) 874 { 875 if (output->tun_flags & TUNNEL_KEY && 876 nla_put_be64(skb, OVS_TUNNEL_KEY_ATTR_ID, output->tun_id, 877 OVS_TUNNEL_KEY_ATTR_PAD)) 878 return -EMSGSIZE; 879 880 if (mode & IP_TUNNEL_INFO_BRIDGE) 881 return nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE) 882 ? -EMSGSIZE : 0; 883 884 switch (tun_proto) { 885 case AF_INET: 886 if (output->u.ipv4.src && 887 nla_put_in_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV4_SRC, 888 output->u.ipv4.src)) 889 return -EMSGSIZE; 890 if (output->u.ipv4.dst && 891 nla_put_in_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV4_DST, 892 output->u.ipv4.dst)) 893 return -EMSGSIZE; 894 break; 895 case AF_INET6: 896 if (!ipv6_addr_any(&output->u.ipv6.src) && 897 nla_put_in6_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV6_SRC, 898 &output->u.ipv6.src)) 899 return -EMSGSIZE; 900 if (!ipv6_addr_any(&output->u.ipv6.dst) && 901 nla_put_in6_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV6_DST, 902 &output->u.ipv6.dst)) 903 return -EMSGSIZE; 904 break; 905 } 906 if (output->tos && 907 nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TOS, output->tos)) 908 return -EMSGSIZE; 909 if (nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TTL, output->ttl)) 910 return -EMSGSIZE; 911 if ((output->tun_flags & TUNNEL_DONT_FRAGMENT) && 912 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT)) 913 return -EMSGSIZE; 914 if ((output->tun_flags & TUNNEL_CSUM) && 915 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_CSUM)) 916 return -EMSGSIZE; 917 if (output->tp_src && 918 nla_put_be16(skb, OVS_TUNNEL_KEY_ATTR_TP_SRC, output->tp_src)) 919 return -EMSGSIZE; 920 if (output->tp_dst && 921 nla_put_be16(skb, OVS_TUNNEL_KEY_ATTR_TP_DST, output->tp_dst)) 922 return -EMSGSIZE; 923 if ((output->tun_flags & TUNNEL_OAM) && 924 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_OAM)) 925 return -EMSGSIZE; 926 if (swkey_tun_opts_len) { 927 if (output->tun_flags & TUNNEL_GENEVE_OPT && 928 nla_put(skb, OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS, 929 swkey_tun_opts_len, tun_opts)) 930 return -EMSGSIZE; 931 else if (output->tun_flags & TUNNEL_VXLAN_OPT && 932 vxlan_opt_to_nlattr(skb, tun_opts, swkey_tun_opts_len)) 933 return -EMSGSIZE; 934 else if (output->tun_flags & TUNNEL_ERSPAN_OPT && 935 nla_put(skb, OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS, 936 swkey_tun_opts_len, tun_opts)) 937 return -EMSGSIZE; 938 } 939 940 return 0; 941 } 942 943 static int ip_tun_to_nlattr(struct sk_buff *skb, 944 const struct ip_tunnel_key *output, 945 const void *tun_opts, int swkey_tun_opts_len, 946 unsigned short tun_proto, u8 mode) 947 { 948 struct nlattr *nla; 949 int err; 950 951 nla = nla_nest_start_noflag(skb, OVS_KEY_ATTR_TUNNEL); 952 if (!nla) 953 return -EMSGSIZE; 954 955 err = __ip_tun_to_nlattr(skb, output, tun_opts, swkey_tun_opts_len, 956 tun_proto, mode); 957 if (err) 958 return err; 959 960 nla_nest_end(skb, nla); 961 return 0; 962 } 963 964 int ovs_nla_put_tunnel_info(struct sk_buff *skb, 965 struct ip_tunnel_info *tun_info) 966 { 967 return __ip_tun_to_nlattr(skb, &tun_info->key, 968 ip_tunnel_info_opts(tun_info), 969 tun_info->options_len, 970 ip_tunnel_info_af(tun_info), tun_info->mode); 971 } 972 973 static int encode_vlan_from_nlattrs(struct sw_flow_match *match, 974 const struct nlattr *a[], 975 bool is_mask, bool inner) 976 { 977 __be16 tci = 0; 978 __be16 tpid = 0; 979 980 if (a[OVS_KEY_ATTR_VLAN]) 981 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]); 982 983 if (a[OVS_KEY_ATTR_ETHERTYPE]) 984 tpid = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]); 985 986 if (likely(!inner)) { 987 SW_FLOW_KEY_PUT(match, eth.vlan.tpid, tpid, is_mask); 988 SW_FLOW_KEY_PUT(match, eth.vlan.tci, tci, is_mask); 989 } else { 990 SW_FLOW_KEY_PUT(match, eth.cvlan.tpid, tpid, is_mask); 991 SW_FLOW_KEY_PUT(match, eth.cvlan.tci, tci, is_mask); 992 } 993 return 0; 994 } 995 996 static int validate_vlan_from_nlattrs(const struct sw_flow_match *match, 997 u64 key_attrs, bool inner, 998 const struct nlattr **a, bool log) 999 { 1000 __be16 tci = 0; 1001 1002 if (!((key_attrs & (1 << OVS_KEY_ATTR_ETHERNET)) && 1003 (key_attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) && 1004 eth_type_vlan(nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE])))) { 1005 /* Not a VLAN. */ 1006 return 0; 1007 } 1008 1009 if (!((key_attrs & (1 << OVS_KEY_ATTR_VLAN)) && 1010 (key_attrs & (1 << OVS_KEY_ATTR_ENCAP)))) { 1011 OVS_NLERR(log, "Invalid %s frame", (inner) ? "C-VLAN" : "VLAN"); 1012 return -EINVAL; 1013 } 1014 1015 if (a[OVS_KEY_ATTR_VLAN]) 1016 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]); 1017 1018 if (!(tci & htons(VLAN_CFI_MASK))) { 1019 if (tci) { 1020 OVS_NLERR(log, "%s TCI does not have VLAN_CFI_MASK bit set.", 1021 (inner) ? "C-VLAN" : "VLAN"); 1022 return -EINVAL; 1023 } else if (nla_len(a[OVS_KEY_ATTR_ENCAP])) { 1024 /* Corner case for truncated VLAN header. */ 1025 OVS_NLERR(log, "Truncated %s header has non-zero encap attribute.", 1026 (inner) ? "C-VLAN" : "VLAN"); 1027 return -EINVAL; 1028 } 1029 } 1030 1031 return 1; 1032 } 1033 1034 static int validate_vlan_mask_from_nlattrs(const struct sw_flow_match *match, 1035 u64 key_attrs, bool inner, 1036 const struct nlattr **a, bool log) 1037 { 1038 __be16 tci = 0; 1039 __be16 tpid = 0; 1040 bool encap_valid = !!(match->key->eth.vlan.tci & 1041 htons(VLAN_CFI_MASK)); 1042 bool i_encap_valid = !!(match->key->eth.cvlan.tci & 1043 htons(VLAN_CFI_MASK)); 1044 1045 if (!(key_attrs & (1 << OVS_KEY_ATTR_ENCAP))) { 1046 /* Not a VLAN. */ 1047 return 0; 1048 } 1049 1050 if ((!inner && !encap_valid) || (inner && !i_encap_valid)) { 1051 OVS_NLERR(log, "Encap mask attribute is set for non-%s frame.", 1052 (inner) ? "C-VLAN" : "VLAN"); 1053 return -EINVAL; 1054 } 1055 1056 if (a[OVS_KEY_ATTR_VLAN]) 1057 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]); 1058 1059 if (a[OVS_KEY_ATTR_ETHERTYPE]) 1060 tpid = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]); 1061 1062 if (tpid != htons(0xffff)) { 1063 OVS_NLERR(log, "Must have an exact match on %s TPID (mask=%x).", 1064 (inner) ? "C-VLAN" : "VLAN", ntohs(tpid)); 1065 return -EINVAL; 1066 } 1067 if (!(tci & htons(VLAN_CFI_MASK))) { 1068 OVS_NLERR(log, "%s TCI mask does not have exact match for VLAN_CFI_MASK bit.", 1069 (inner) ? "C-VLAN" : "VLAN"); 1070 return -EINVAL; 1071 } 1072 1073 return 1; 1074 } 1075 1076 static int __parse_vlan_from_nlattrs(struct sw_flow_match *match, 1077 u64 *key_attrs, bool inner, 1078 const struct nlattr **a, bool is_mask, 1079 bool log) 1080 { 1081 int err; 1082 const struct nlattr *encap; 1083 1084 if (!is_mask) 1085 err = validate_vlan_from_nlattrs(match, *key_attrs, inner, 1086 a, log); 1087 else 1088 err = validate_vlan_mask_from_nlattrs(match, *key_attrs, inner, 1089 a, log); 1090 if (err <= 0) 1091 return err; 1092 1093 err = encode_vlan_from_nlattrs(match, a, is_mask, inner); 1094 if (err) 1095 return err; 1096 1097 *key_attrs &= ~(1 << OVS_KEY_ATTR_ENCAP); 1098 *key_attrs &= ~(1 << OVS_KEY_ATTR_VLAN); 1099 *key_attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE); 1100 1101 encap = a[OVS_KEY_ATTR_ENCAP]; 1102 1103 if (!is_mask) 1104 err = parse_flow_nlattrs(encap, a, key_attrs, log); 1105 else 1106 err = parse_flow_mask_nlattrs(encap, a, key_attrs, log); 1107 1108 return err; 1109 } 1110 1111 static int parse_vlan_from_nlattrs(struct sw_flow_match *match, 1112 u64 *key_attrs, const struct nlattr **a, 1113 bool is_mask, bool log) 1114 { 1115 int err; 1116 bool encap_valid = false; 1117 1118 err = __parse_vlan_from_nlattrs(match, key_attrs, false, a, 1119 is_mask, log); 1120 if (err) 1121 return err; 1122 1123 encap_valid = !!(match->key->eth.vlan.tci & htons(VLAN_CFI_MASK)); 1124 if (encap_valid) { 1125 err = __parse_vlan_from_nlattrs(match, key_attrs, true, a, 1126 is_mask, log); 1127 if (err) 1128 return err; 1129 } 1130 1131 return 0; 1132 } 1133 1134 static int parse_eth_type_from_nlattrs(struct sw_flow_match *match, 1135 u64 *attrs, const struct nlattr **a, 1136 bool is_mask, bool log) 1137 { 1138 __be16 eth_type; 1139 1140 eth_type = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]); 1141 if (is_mask) { 1142 /* Always exact match EtherType. */ 1143 eth_type = htons(0xffff); 1144 } else if (!eth_proto_is_802_3(eth_type)) { 1145 OVS_NLERR(log, "EtherType %x is less than min %x", 1146 ntohs(eth_type), ETH_P_802_3_MIN); 1147 return -EINVAL; 1148 } 1149 1150 SW_FLOW_KEY_PUT(match, eth.type, eth_type, is_mask); 1151 *attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE); 1152 return 0; 1153 } 1154 1155 static int metadata_from_nlattrs(struct net *net, struct sw_flow_match *match, 1156 u64 *attrs, const struct nlattr **a, 1157 bool is_mask, bool log) 1158 { 1159 u8 mac_proto = MAC_PROTO_ETHERNET; 1160 1161 if (*attrs & (1 << OVS_KEY_ATTR_DP_HASH)) { 1162 u32 hash_val = nla_get_u32(a[OVS_KEY_ATTR_DP_HASH]); 1163 1164 SW_FLOW_KEY_PUT(match, ovs_flow_hash, hash_val, is_mask); 1165 *attrs &= ~(1 << OVS_KEY_ATTR_DP_HASH); 1166 } 1167 1168 if (*attrs & (1 << OVS_KEY_ATTR_RECIRC_ID)) { 1169 u32 recirc_id = nla_get_u32(a[OVS_KEY_ATTR_RECIRC_ID]); 1170 1171 SW_FLOW_KEY_PUT(match, recirc_id, recirc_id, is_mask); 1172 *attrs &= ~(1 << OVS_KEY_ATTR_RECIRC_ID); 1173 } 1174 1175 if (*attrs & (1 << OVS_KEY_ATTR_PRIORITY)) { 1176 SW_FLOW_KEY_PUT(match, phy.priority, 1177 nla_get_u32(a[OVS_KEY_ATTR_PRIORITY]), is_mask); 1178 *attrs &= ~(1 << OVS_KEY_ATTR_PRIORITY); 1179 } 1180 1181 if (*attrs & (1 << OVS_KEY_ATTR_IN_PORT)) { 1182 u32 in_port = nla_get_u32(a[OVS_KEY_ATTR_IN_PORT]); 1183 1184 if (is_mask) { 1185 in_port = 0xffffffff; /* Always exact match in_port. */ 1186 } else if (in_port >= DP_MAX_PORTS) { 1187 OVS_NLERR(log, "Port %d exceeds max allowable %d", 1188 in_port, DP_MAX_PORTS); 1189 return -EINVAL; 1190 } 1191 1192 SW_FLOW_KEY_PUT(match, phy.in_port, in_port, is_mask); 1193 *attrs &= ~(1 << OVS_KEY_ATTR_IN_PORT); 1194 } else if (!is_mask) { 1195 SW_FLOW_KEY_PUT(match, phy.in_port, DP_MAX_PORTS, is_mask); 1196 } 1197 1198 if (*attrs & (1 << OVS_KEY_ATTR_SKB_MARK)) { 1199 uint32_t mark = nla_get_u32(a[OVS_KEY_ATTR_SKB_MARK]); 1200 1201 SW_FLOW_KEY_PUT(match, phy.skb_mark, mark, is_mask); 1202 *attrs &= ~(1 << OVS_KEY_ATTR_SKB_MARK); 1203 } 1204 if (*attrs & (1 << OVS_KEY_ATTR_TUNNEL)) { 1205 if (ip_tun_from_nlattr(a[OVS_KEY_ATTR_TUNNEL], match, 1206 is_mask, log) < 0) 1207 return -EINVAL; 1208 *attrs &= ~(1 << OVS_KEY_ATTR_TUNNEL); 1209 } 1210 1211 if (*attrs & (1 << OVS_KEY_ATTR_CT_STATE) && 1212 ovs_ct_verify(net, OVS_KEY_ATTR_CT_STATE)) { 1213 u32 ct_state = nla_get_u32(a[OVS_KEY_ATTR_CT_STATE]); 1214 1215 if (ct_state & ~CT_SUPPORTED_MASK) { 1216 OVS_NLERR(log, "ct_state flags %08x unsupported", 1217 ct_state); 1218 return -EINVAL; 1219 } 1220 1221 SW_FLOW_KEY_PUT(match, ct_state, ct_state, is_mask); 1222 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_STATE); 1223 } 1224 if (*attrs & (1 << OVS_KEY_ATTR_CT_ZONE) && 1225 ovs_ct_verify(net, OVS_KEY_ATTR_CT_ZONE)) { 1226 u16 ct_zone = nla_get_u16(a[OVS_KEY_ATTR_CT_ZONE]); 1227 1228 SW_FLOW_KEY_PUT(match, ct_zone, ct_zone, is_mask); 1229 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ZONE); 1230 } 1231 if (*attrs & (1 << OVS_KEY_ATTR_CT_MARK) && 1232 ovs_ct_verify(net, OVS_KEY_ATTR_CT_MARK)) { 1233 u32 mark = nla_get_u32(a[OVS_KEY_ATTR_CT_MARK]); 1234 1235 SW_FLOW_KEY_PUT(match, ct.mark, mark, is_mask); 1236 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_MARK); 1237 } 1238 if (*attrs & (1 << OVS_KEY_ATTR_CT_LABELS) && 1239 ovs_ct_verify(net, OVS_KEY_ATTR_CT_LABELS)) { 1240 const struct ovs_key_ct_labels *cl; 1241 1242 cl = nla_data(a[OVS_KEY_ATTR_CT_LABELS]); 1243 SW_FLOW_KEY_MEMCPY(match, ct.labels, cl->ct_labels, 1244 sizeof(*cl), is_mask); 1245 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_LABELS); 1246 } 1247 if (*attrs & (1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4)) { 1248 const struct ovs_key_ct_tuple_ipv4 *ct; 1249 1250 ct = nla_data(a[OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4]); 1251 1252 SW_FLOW_KEY_PUT(match, ipv4.ct_orig.src, ct->ipv4_src, is_mask); 1253 SW_FLOW_KEY_PUT(match, ipv4.ct_orig.dst, ct->ipv4_dst, is_mask); 1254 SW_FLOW_KEY_PUT(match, ct.orig_tp.src, ct->src_port, is_mask); 1255 SW_FLOW_KEY_PUT(match, ct.orig_tp.dst, ct->dst_port, is_mask); 1256 SW_FLOW_KEY_PUT(match, ct_orig_proto, ct->ipv4_proto, is_mask); 1257 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4); 1258 } 1259 if (*attrs & (1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6)) { 1260 const struct ovs_key_ct_tuple_ipv6 *ct; 1261 1262 ct = nla_data(a[OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6]); 1263 1264 SW_FLOW_KEY_MEMCPY(match, ipv6.ct_orig.src, &ct->ipv6_src, 1265 sizeof(match->key->ipv6.ct_orig.src), 1266 is_mask); 1267 SW_FLOW_KEY_MEMCPY(match, ipv6.ct_orig.dst, &ct->ipv6_dst, 1268 sizeof(match->key->ipv6.ct_orig.dst), 1269 is_mask); 1270 SW_FLOW_KEY_PUT(match, ct.orig_tp.src, ct->src_port, is_mask); 1271 SW_FLOW_KEY_PUT(match, ct.orig_tp.dst, ct->dst_port, is_mask); 1272 SW_FLOW_KEY_PUT(match, ct_orig_proto, ct->ipv6_proto, is_mask); 1273 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6); 1274 } 1275 1276 /* For layer 3 packets the Ethernet type is provided 1277 * and treated as metadata but no MAC addresses are provided. 1278 */ 1279 if (!(*attrs & (1ULL << OVS_KEY_ATTR_ETHERNET)) && 1280 (*attrs & (1ULL << OVS_KEY_ATTR_ETHERTYPE))) 1281 mac_proto = MAC_PROTO_NONE; 1282 1283 /* Always exact match mac_proto */ 1284 SW_FLOW_KEY_PUT(match, mac_proto, is_mask ? 0xff : mac_proto, is_mask); 1285 1286 if (mac_proto == MAC_PROTO_NONE) 1287 return parse_eth_type_from_nlattrs(match, attrs, a, is_mask, 1288 log); 1289 1290 return 0; 1291 } 1292 1293 int nsh_hdr_from_nlattr(const struct nlattr *attr, 1294 struct nshhdr *nh, size_t size) 1295 { 1296 struct nlattr *a; 1297 int rem; 1298 u8 flags = 0; 1299 u8 ttl = 0; 1300 int mdlen = 0; 1301 1302 /* validate_nsh has check this, so we needn't do duplicate check here 1303 */ 1304 if (size < NSH_BASE_HDR_LEN) 1305 return -ENOBUFS; 1306 1307 nla_for_each_nested(a, attr, rem) { 1308 int type = nla_type(a); 1309 1310 switch (type) { 1311 case OVS_NSH_KEY_ATTR_BASE: { 1312 const struct ovs_nsh_key_base *base = nla_data(a); 1313 1314 flags = base->flags; 1315 ttl = base->ttl; 1316 nh->np = base->np; 1317 nh->mdtype = base->mdtype; 1318 nh->path_hdr = base->path_hdr; 1319 break; 1320 } 1321 case OVS_NSH_KEY_ATTR_MD1: 1322 mdlen = nla_len(a); 1323 if (mdlen > size - NSH_BASE_HDR_LEN) 1324 return -ENOBUFS; 1325 memcpy(&nh->md1, nla_data(a), mdlen); 1326 break; 1327 1328 case OVS_NSH_KEY_ATTR_MD2: 1329 mdlen = nla_len(a); 1330 if (mdlen > size - NSH_BASE_HDR_LEN) 1331 return -ENOBUFS; 1332 memcpy(&nh->md2, nla_data(a), mdlen); 1333 break; 1334 1335 default: 1336 return -EINVAL; 1337 } 1338 } 1339 1340 /* nsh header length = NSH_BASE_HDR_LEN + mdlen */ 1341 nh->ver_flags_ttl_len = 0; 1342 nsh_set_flags_ttl_len(nh, flags, ttl, NSH_BASE_HDR_LEN + mdlen); 1343 1344 return 0; 1345 } 1346 1347 int nsh_key_from_nlattr(const struct nlattr *attr, 1348 struct ovs_key_nsh *nsh, struct ovs_key_nsh *nsh_mask) 1349 { 1350 struct nlattr *a; 1351 int rem; 1352 1353 /* validate_nsh has check this, so we needn't do duplicate check here 1354 */ 1355 nla_for_each_nested(a, attr, rem) { 1356 int type = nla_type(a); 1357 1358 switch (type) { 1359 case OVS_NSH_KEY_ATTR_BASE: { 1360 const struct ovs_nsh_key_base *base = nla_data(a); 1361 const struct ovs_nsh_key_base *base_mask = base + 1; 1362 1363 nsh->base = *base; 1364 nsh_mask->base = *base_mask; 1365 break; 1366 } 1367 case OVS_NSH_KEY_ATTR_MD1: { 1368 const struct ovs_nsh_key_md1 *md1 = nla_data(a); 1369 const struct ovs_nsh_key_md1 *md1_mask = md1 + 1; 1370 1371 memcpy(nsh->context, md1->context, sizeof(*md1)); 1372 memcpy(nsh_mask->context, md1_mask->context, 1373 sizeof(*md1_mask)); 1374 break; 1375 } 1376 case OVS_NSH_KEY_ATTR_MD2: 1377 /* Not supported yet */ 1378 return -ENOTSUPP; 1379 default: 1380 return -EINVAL; 1381 } 1382 } 1383 1384 return 0; 1385 } 1386 1387 static int nsh_key_put_from_nlattr(const struct nlattr *attr, 1388 struct sw_flow_match *match, bool is_mask, 1389 bool is_push_nsh, bool log) 1390 { 1391 struct nlattr *a; 1392 int rem; 1393 bool has_base = false; 1394 bool has_md1 = false; 1395 bool has_md2 = false; 1396 u8 mdtype = 0; 1397 int mdlen = 0; 1398 1399 if (WARN_ON(is_push_nsh && is_mask)) 1400 return -EINVAL; 1401 1402 nla_for_each_nested(a, attr, rem) { 1403 int type = nla_type(a); 1404 int i; 1405 1406 if (type > OVS_NSH_KEY_ATTR_MAX) { 1407 OVS_NLERR(log, "nsh attr %d is out of range max %d", 1408 type, OVS_NSH_KEY_ATTR_MAX); 1409 return -EINVAL; 1410 } 1411 1412 if (!check_attr_len(nla_len(a), 1413 ovs_nsh_key_attr_lens[type].len)) { 1414 OVS_NLERR( 1415 log, 1416 "nsh attr %d has unexpected len %d expected %d", 1417 type, 1418 nla_len(a), 1419 ovs_nsh_key_attr_lens[type].len 1420 ); 1421 return -EINVAL; 1422 } 1423 1424 switch (type) { 1425 case OVS_NSH_KEY_ATTR_BASE: { 1426 const struct ovs_nsh_key_base *base = nla_data(a); 1427 1428 has_base = true; 1429 mdtype = base->mdtype; 1430 SW_FLOW_KEY_PUT(match, nsh.base.flags, 1431 base->flags, is_mask); 1432 SW_FLOW_KEY_PUT(match, nsh.base.ttl, 1433 base->ttl, is_mask); 1434 SW_FLOW_KEY_PUT(match, nsh.base.mdtype, 1435 base->mdtype, is_mask); 1436 SW_FLOW_KEY_PUT(match, nsh.base.np, 1437 base->np, is_mask); 1438 SW_FLOW_KEY_PUT(match, nsh.base.path_hdr, 1439 base->path_hdr, is_mask); 1440 break; 1441 } 1442 case OVS_NSH_KEY_ATTR_MD1: { 1443 const struct ovs_nsh_key_md1 *md1 = nla_data(a); 1444 1445 has_md1 = true; 1446 for (i = 0; i < NSH_MD1_CONTEXT_SIZE; i++) 1447 SW_FLOW_KEY_PUT(match, nsh.context[i], 1448 md1->context[i], is_mask); 1449 break; 1450 } 1451 case OVS_NSH_KEY_ATTR_MD2: 1452 if (!is_push_nsh) /* Not supported MD type 2 yet */ 1453 return -ENOTSUPP; 1454 1455 has_md2 = true; 1456 mdlen = nla_len(a); 1457 if (mdlen > NSH_CTX_HDRS_MAX_LEN || mdlen <= 0) { 1458 OVS_NLERR( 1459 log, 1460 "Invalid MD length %d for MD type %d", 1461 mdlen, 1462 mdtype 1463 ); 1464 return -EINVAL; 1465 } 1466 break; 1467 default: 1468 OVS_NLERR(log, "Unknown nsh attribute %d", 1469 type); 1470 return -EINVAL; 1471 } 1472 } 1473 1474 if (rem > 0) { 1475 OVS_NLERR(log, "nsh attribute has %d unknown bytes.", rem); 1476 return -EINVAL; 1477 } 1478 1479 if (has_md1 && has_md2) { 1480 OVS_NLERR( 1481 1, 1482 "invalid nsh attribute: md1 and md2 are exclusive." 1483 ); 1484 return -EINVAL; 1485 } 1486 1487 if (!is_mask) { 1488 if ((has_md1 && mdtype != NSH_M_TYPE1) || 1489 (has_md2 && mdtype != NSH_M_TYPE2)) { 1490 OVS_NLERR(1, "nsh attribute has unmatched MD type %d.", 1491 mdtype); 1492 return -EINVAL; 1493 } 1494 1495 if (is_push_nsh && 1496 (!has_base || (!has_md1 && !has_md2))) { 1497 OVS_NLERR( 1498 1, 1499 "push_nsh: missing base or metadata attributes" 1500 ); 1501 return -EINVAL; 1502 } 1503 } 1504 1505 return 0; 1506 } 1507 1508 static int ovs_key_from_nlattrs(struct net *net, struct sw_flow_match *match, 1509 u64 attrs, const struct nlattr **a, 1510 bool is_mask, bool log) 1511 { 1512 int err; 1513 1514 err = metadata_from_nlattrs(net, match, &attrs, a, is_mask, log); 1515 if (err) 1516 return err; 1517 1518 if (attrs & (1 << OVS_KEY_ATTR_ETHERNET)) { 1519 const struct ovs_key_ethernet *eth_key; 1520 1521 eth_key = nla_data(a[OVS_KEY_ATTR_ETHERNET]); 1522 SW_FLOW_KEY_MEMCPY(match, eth.src, 1523 eth_key->eth_src, ETH_ALEN, is_mask); 1524 SW_FLOW_KEY_MEMCPY(match, eth.dst, 1525 eth_key->eth_dst, ETH_ALEN, is_mask); 1526 attrs &= ~(1 << OVS_KEY_ATTR_ETHERNET); 1527 1528 if (attrs & (1 << OVS_KEY_ATTR_VLAN)) { 1529 /* VLAN attribute is always parsed before getting here since it 1530 * may occur multiple times. 1531 */ 1532 OVS_NLERR(log, "VLAN attribute unexpected."); 1533 return -EINVAL; 1534 } 1535 1536 if (attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) { 1537 err = parse_eth_type_from_nlattrs(match, &attrs, a, is_mask, 1538 log); 1539 if (err) 1540 return err; 1541 } else if (!is_mask) { 1542 SW_FLOW_KEY_PUT(match, eth.type, htons(ETH_P_802_2), is_mask); 1543 } 1544 } else if (!match->key->eth.type) { 1545 OVS_NLERR(log, "Either Ethernet header or EtherType is required."); 1546 return -EINVAL; 1547 } 1548 1549 if (attrs & (1 << OVS_KEY_ATTR_IPV4)) { 1550 const struct ovs_key_ipv4 *ipv4_key; 1551 1552 ipv4_key = nla_data(a[OVS_KEY_ATTR_IPV4]); 1553 if (!is_mask && ipv4_key->ipv4_frag > OVS_FRAG_TYPE_MAX) { 1554 OVS_NLERR(log, "IPv4 frag type %d is out of range max %d", 1555 ipv4_key->ipv4_frag, OVS_FRAG_TYPE_MAX); 1556 return -EINVAL; 1557 } 1558 SW_FLOW_KEY_PUT(match, ip.proto, 1559 ipv4_key->ipv4_proto, is_mask); 1560 SW_FLOW_KEY_PUT(match, ip.tos, 1561 ipv4_key->ipv4_tos, is_mask); 1562 SW_FLOW_KEY_PUT(match, ip.ttl, 1563 ipv4_key->ipv4_ttl, is_mask); 1564 SW_FLOW_KEY_PUT(match, ip.frag, 1565 ipv4_key->ipv4_frag, is_mask); 1566 SW_FLOW_KEY_PUT(match, ipv4.addr.src, 1567 ipv4_key->ipv4_src, is_mask); 1568 SW_FLOW_KEY_PUT(match, ipv4.addr.dst, 1569 ipv4_key->ipv4_dst, is_mask); 1570 attrs &= ~(1 << OVS_KEY_ATTR_IPV4); 1571 } 1572 1573 if (attrs & (1 << OVS_KEY_ATTR_IPV6)) { 1574 const struct ovs_key_ipv6 *ipv6_key; 1575 1576 ipv6_key = nla_data(a[OVS_KEY_ATTR_IPV6]); 1577 if (!is_mask && ipv6_key->ipv6_frag > OVS_FRAG_TYPE_MAX) { 1578 OVS_NLERR(log, "IPv6 frag type %d is out of range max %d", 1579 ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX); 1580 return -EINVAL; 1581 } 1582 1583 if (!is_mask && ipv6_key->ipv6_label & htonl(0xFFF00000)) { 1584 OVS_NLERR(log, "IPv6 flow label %x is out of range (max=%x)", 1585 ntohl(ipv6_key->ipv6_label), (1 << 20) - 1); 1586 return -EINVAL; 1587 } 1588 1589 SW_FLOW_KEY_PUT(match, ipv6.label, 1590 ipv6_key->ipv6_label, is_mask); 1591 SW_FLOW_KEY_PUT(match, ip.proto, 1592 ipv6_key->ipv6_proto, is_mask); 1593 SW_FLOW_KEY_PUT(match, ip.tos, 1594 ipv6_key->ipv6_tclass, is_mask); 1595 SW_FLOW_KEY_PUT(match, ip.ttl, 1596 ipv6_key->ipv6_hlimit, is_mask); 1597 SW_FLOW_KEY_PUT(match, ip.frag, 1598 ipv6_key->ipv6_frag, is_mask); 1599 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.src, 1600 ipv6_key->ipv6_src, 1601 sizeof(match->key->ipv6.addr.src), 1602 is_mask); 1603 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.dst, 1604 ipv6_key->ipv6_dst, 1605 sizeof(match->key->ipv6.addr.dst), 1606 is_mask); 1607 1608 attrs &= ~(1 << OVS_KEY_ATTR_IPV6); 1609 } 1610 1611 if (attrs & (1 << OVS_KEY_ATTR_ARP)) { 1612 const struct ovs_key_arp *arp_key; 1613 1614 arp_key = nla_data(a[OVS_KEY_ATTR_ARP]); 1615 if (!is_mask && (arp_key->arp_op & htons(0xff00))) { 1616 OVS_NLERR(log, "Unknown ARP opcode (opcode=%d).", 1617 arp_key->arp_op); 1618 return -EINVAL; 1619 } 1620 1621 SW_FLOW_KEY_PUT(match, ipv4.addr.src, 1622 arp_key->arp_sip, is_mask); 1623 SW_FLOW_KEY_PUT(match, ipv4.addr.dst, 1624 arp_key->arp_tip, is_mask); 1625 SW_FLOW_KEY_PUT(match, ip.proto, 1626 ntohs(arp_key->arp_op), is_mask); 1627 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.sha, 1628 arp_key->arp_sha, ETH_ALEN, is_mask); 1629 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.tha, 1630 arp_key->arp_tha, ETH_ALEN, is_mask); 1631 1632 attrs &= ~(1 << OVS_KEY_ATTR_ARP); 1633 } 1634 1635 if (attrs & (1 << OVS_KEY_ATTR_NSH)) { 1636 if (nsh_key_put_from_nlattr(a[OVS_KEY_ATTR_NSH], match, 1637 is_mask, false, log) < 0) 1638 return -EINVAL; 1639 attrs &= ~(1 << OVS_KEY_ATTR_NSH); 1640 } 1641 1642 if (attrs & (1 << OVS_KEY_ATTR_MPLS)) { 1643 const struct ovs_key_mpls *mpls_key; 1644 1645 mpls_key = nla_data(a[OVS_KEY_ATTR_MPLS]); 1646 SW_FLOW_KEY_PUT(match, mpls.top_lse, 1647 mpls_key->mpls_lse, is_mask); 1648 1649 attrs &= ~(1 << OVS_KEY_ATTR_MPLS); 1650 } 1651 1652 if (attrs & (1 << OVS_KEY_ATTR_TCP)) { 1653 const struct ovs_key_tcp *tcp_key; 1654 1655 tcp_key = nla_data(a[OVS_KEY_ATTR_TCP]); 1656 SW_FLOW_KEY_PUT(match, tp.src, tcp_key->tcp_src, is_mask); 1657 SW_FLOW_KEY_PUT(match, tp.dst, tcp_key->tcp_dst, is_mask); 1658 attrs &= ~(1 << OVS_KEY_ATTR_TCP); 1659 } 1660 1661 if (attrs & (1 << OVS_KEY_ATTR_TCP_FLAGS)) { 1662 SW_FLOW_KEY_PUT(match, tp.flags, 1663 nla_get_be16(a[OVS_KEY_ATTR_TCP_FLAGS]), 1664 is_mask); 1665 attrs &= ~(1 << OVS_KEY_ATTR_TCP_FLAGS); 1666 } 1667 1668 if (attrs & (1 << OVS_KEY_ATTR_UDP)) { 1669 const struct ovs_key_udp *udp_key; 1670 1671 udp_key = nla_data(a[OVS_KEY_ATTR_UDP]); 1672 SW_FLOW_KEY_PUT(match, tp.src, udp_key->udp_src, is_mask); 1673 SW_FLOW_KEY_PUT(match, tp.dst, udp_key->udp_dst, is_mask); 1674 attrs &= ~(1 << OVS_KEY_ATTR_UDP); 1675 } 1676 1677 if (attrs & (1 << OVS_KEY_ATTR_SCTP)) { 1678 const struct ovs_key_sctp *sctp_key; 1679 1680 sctp_key = nla_data(a[OVS_KEY_ATTR_SCTP]); 1681 SW_FLOW_KEY_PUT(match, tp.src, sctp_key->sctp_src, is_mask); 1682 SW_FLOW_KEY_PUT(match, tp.dst, sctp_key->sctp_dst, is_mask); 1683 attrs &= ~(1 << OVS_KEY_ATTR_SCTP); 1684 } 1685 1686 if (attrs & (1 << OVS_KEY_ATTR_ICMP)) { 1687 const struct ovs_key_icmp *icmp_key; 1688 1689 icmp_key = nla_data(a[OVS_KEY_ATTR_ICMP]); 1690 SW_FLOW_KEY_PUT(match, tp.src, 1691 htons(icmp_key->icmp_type), is_mask); 1692 SW_FLOW_KEY_PUT(match, tp.dst, 1693 htons(icmp_key->icmp_code), is_mask); 1694 attrs &= ~(1 << OVS_KEY_ATTR_ICMP); 1695 } 1696 1697 if (attrs & (1 << OVS_KEY_ATTR_ICMPV6)) { 1698 const struct ovs_key_icmpv6 *icmpv6_key; 1699 1700 icmpv6_key = nla_data(a[OVS_KEY_ATTR_ICMPV6]); 1701 SW_FLOW_KEY_PUT(match, tp.src, 1702 htons(icmpv6_key->icmpv6_type), is_mask); 1703 SW_FLOW_KEY_PUT(match, tp.dst, 1704 htons(icmpv6_key->icmpv6_code), is_mask); 1705 attrs &= ~(1 << OVS_KEY_ATTR_ICMPV6); 1706 } 1707 1708 if (attrs & (1 << OVS_KEY_ATTR_ND)) { 1709 const struct ovs_key_nd *nd_key; 1710 1711 nd_key = nla_data(a[OVS_KEY_ATTR_ND]); 1712 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.target, 1713 nd_key->nd_target, 1714 sizeof(match->key->ipv6.nd.target), 1715 is_mask); 1716 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.sll, 1717 nd_key->nd_sll, ETH_ALEN, is_mask); 1718 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.tll, 1719 nd_key->nd_tll, ETH_ALEN, is_mask); 1720 attrs &= ~(1 << OVS_KEY_ATTR_ND); 1721 } 1722 1723 if (attrs != 0) { 1724 OVS_NLERR(log, "Unknown key attributes %llx", 1725 (unsigned long long)attrs); 1726 return -EINVAL; 1727 } 1728 1729 return 0; 1730 } 1731 1732 static void nlattr_set(struct nlattr *attr, u8 val, 1733 const struct ovs_len_tbl *tbl) 1734 { 1735 struct nlattr *nla; 1736 int rem; 1737 1738 /* The nlattr stream should already have been validated */ 1739 nla_for_each_nested(nla, attr, rem) { 1740 if (tbl[nla_type(nla)].len == OVS_ATTR_NESTED) 1741 nlattr_set(nla, val, tbl[nla_type(nla)].next ? : tbl); 1742 else 1743 memset(nla_data(nla), val, nla_len(nla)); 1744 1745 if (nla_type(nla) == OVS_KEY_ATTR_CT_STATE) 1746 *(u32 *)nla_data(nla) &= CT_SUPPORTED_MASK; 1747 } 1748 } 1749 1750 static void mask_set_nlattr(struct nlattr *attr, u8 val) 1751 { 1752 nlattr_set(attr, val, ovs_key_lens); 1753 } 1754 1755 /** 1756 * ovs_nla_get_match - parses Netlink attributes into a flow key and 1757 * mask. In case the 'mask' is NULL, the flow is treated as exact match 1758 * flow. Otherwise, it is treated as a wildcarded flow, except the mask 1759 * does not include any don't care bit. 1760 * @net: Used to determine per-namespace field support. 1761 * @match: receives the extracted flow match information. 1762 * @key: Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink attribute 1763 * sequence. The fields should of the packet that triggered the creation 1764 * of this flow. 1765 * @mask: Optional. Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink 1766 * attribute specifies the mask field of the wildcarded flow. 1767 * @log: Boolean to allow kernel error logging. Normally true, but when 1768 * probing for feature compatibility this should be passed in as false to 1769 * suppress unnecessary error logging. 1770 */ 1771 int ovs_nla_get_match(struct net *net, struct sw_flow_match *match, 1772 const struct nlattr *nla_key, 1773 const struct nlattr *nla_mask, 1774 bool log) 1775 { 1776 const struct nlattr *a[OVS_KEY_ATTR_MAX + 1]; 1777 struct nlattr *newmask = NULL; 1778 u64 key_attrs = 0; 1779 u64 mask_attrs = 0; 1780 int err; 1781 1782 err = parse_flow_nlattrs(nla_key, a, &key_attrs, log); 1783 if (err) 1784 return err; 1785 1786 err = parse_vlan_from_nlattrs(match, &key_attrs, a, false, log); 1787 if (err) 1788 return err; 1789 1790 err = ovs_key_from_nlattrs(net, match, key_attrs, a, false, log); 1791 if (err) 1792 return err; 1793 1794 if (match->mask) { 1795 if (!nla_mask) { 1796 /* Create an exact match mask. We need to set to 0xff 1797 * all the 'match->mask' fields that have been touched 1798 * in 'match->key'. We cannot simply memset 1799 * 'match->mask', because padding bytes and fields not 1800 * specified in 'match->key' should be left to 0. 1801 * Instead, we use a stream of netlink attributes, 1802 * copied from 'key' and set to 0xff. 1803 * ovs_key_from_nlattrs() will take care of filling 1804 * 'match->mask' appropriately. 1805 */ 1806 newmask = kmemdup(nla_key, 1807 nla_total_size(nla_len(nla_key)), 1808 GFP_KERNEL); 1809 if (!newmask) 1810 return -ENOMEM; 1811 1812 mask_set_nlattr(newmask, 0xff); 1813 1814 /* The userspace does not send tunnel attributes that 1815 * are 0, but we should not wildcard them nonetheless. 1816 */ 1817 if (match->key->tun_proto) 1818 SW_FLOW_KEY_MEMSET_FIELD(match, tun_key, 1819 0xff, true); 1820 1821 nla_mask = newmask; 1822 } 1823 1824 err = parse_flow_mask_nlattrs(nla_mask, a, &mask_attrs, log); 1825 if (err) 1826 goto free_newmask; 1827 1828 /* Always match on tci. */ 1829 SW_FLOW_KEY_PUT(match, eth.vlan.tci, htons(0xffff), true); 1830 SW_FLOW_KEY_PUT(match, eth.cvlan.tci, htons(0xffff), true); 1831 1832 err = parse_vlan_from_nlattrs(match, &mask_attrs, a, true, log); 1833 if (err) 1834 goto free_newmask; 1835 1836 err = ovs_key_from_nlattrs(net, match, mask_attrs, a, true, 1837 log); 1838 if (err) 1839 goto free_newmask; 1840 } 1841 1842 if (!match_validate(match, key_attrs, mask_attrs, log)) 1843 err = -EINVAL; 1844 1845 free_newmask: 1846 kfree(newmask); 1847 return err; 1848 } 1849 1850 static size_t get_ufid_len(const struct nlattr *attr, bool log) 1851 { 1852 size_t len; 1853 1854 if (!attr) 1855 return 0; 1856 1857 len = nla_len(attr); 1858 if (len < 1 || len > MAX_UFID_LENGTH) { 1859 OVS_NLERR(log, "ufid size %u bytes exceeds the range (1, %d)", 1860 nla_len(attr), MAX_UFID_LENGTH); 1861 return 0; 1862 } 1863 1864 return len; 1865 } 1866 1867 /* Initializes 'flow->ufid', returning true if 'attr' contains a valid UFID, 1868 * or false otherwise. 1869 */ 1870 bool ovs_nla_get_ufid(struct sw_flow_id *sfid, const struct nlattr *attr, 1871 bool log) 1872 { 1873 sfid->ufid_len = get_ufid_len(attr, log); 1874 if (sfid->ufid_len) 1875 memcpy(sfid->ufid, nla_data(attr), sfid->ufid_len); 1876 1877 return sfid->ufid_len; 1878 } 1879 1880 int ovs_nla_get_identifier(struct sw_flow_id *sfid, const struct nlattr *ufid, 1881 const struct sw_flow_key *key, bool log) 1882 { 1883 struct sw_flow_key *new_key; 1884 1885 if (ovs_nla_get_ufid(sfid, ufid, log)) 1886 return 0; 1887 1888 /* If UFID was not provided, use unmasked key. */ 1889 new_key = kmalloc(sizeof(*new_key), GFP_KERNEL); 1890 if (!new_key) 1891 return -ENOMEM; 1892 memcpy(new_key, key, sizeof(*key)); 1893 sfid->unmasked_key = new_key; 1894 1895 return 0; 1896 } 1897 1898 u32 ovs_nla_get_ufid_flags(const struct nlattr *attr) 1899 { 1900 return attr ? nla_get_u32(attr) : 0; 1901 } 1902 1903 /** 1904 * ovs_nla_get_flow_metadata - parses Netlink attributes into a flow key. 1905 * @net: Network namespace. 1906 * @key: Receives extracted in_port, priority, tun_key, skb_mark and conntrack 1907 * metadata. 1908 * @a: Array of netlink attributes holding parsed %OVS_KEY_ATTR_* Netlink 1909 * attributes. 1910 * @attrs: Bit mask for the netlink attributes included in @a. 1911 * @log: Boolean to allow kernel error logging. Normally true, but when 1912 * probing for feature compatibility this should be passed in as false to 1913 * suppress unnecessary error logging. 1914 * 1915 * This parses a series of Netlink attributes that form a flow key, which must 1916 * take the same form accepted by flow_from_nlattrs(), but only enough of it to 1917 * get the metadata, that is, the parts of the flow key that cannot be 1918 * extracted from the packet itself. 1919 * 1920 * This must be called before the packet key fields are filled in 'key'. 1921 */ 1922 1923 int ovs_nla_get_flow_metadata(struct net *net, 1924 const struct nlattr *a[OVS_KEY_ATTR_MAX + 1], 1925 u64 attrs, struct sw_flow_key *key, bool log) 1926 { 1927 struct sw_flow_match match; 1928 1929 memset(&match, 0, sizeof(match)); 1930 match.key = key; 1931 1932 key->ct_state = 0; 1933 key->ct_zone = 0; 1934 key->ct_orig_proto = 0; 1935 memset(&key->ct, 0, sizeof(key->ct)); 1936 memset(&key->ipv4.ct_orig, 0, sizeof(key->ipv4.ct_orig)); 1937 memset(&key->ipv6.ct_orig, 0, sizeof(key->ipv6.ct_orig)); 1938 1939 key->phy.in_port = DP_MAX_PORTS; 1940 1941 return metadata_from_nlattrs(net, &match, &attrs, a, false, log); 1942 } 1943 1944 static int ovs_nla_put_vlan(struct sk_buff *skb, const struct vlan_head *vh, 1945 bool is_mask) 1946 { 1947 __be16 eth_type = !is_mask ? vh->tpid : htons(0xffff); 1948 1949 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, eth_type) || 1950 nla_put_be16(skb, OVS_KEY_ATTR_VLAN, vh->tci)) 1951 return -EMSGSIZE; 1952 return 0; 1953 } 1954 1955 static int nsh_key_to_nlattr(const struct ovs_key_nsh *nsh, bool is_mask, 1956 struct sk_buff *skb) 1957 { 1958 struct nlattr *start; 1959 1960 start = nla_nest_start_noflag(skb, OVS_KEY_ATTR_NSH); 1961 if (!start) 1962 return -EMSGSIZE; 1963 1964 if (nla_put(skb, OVS_NSH_KEY_ATTR_BASE, sizeof(nsh->base), &nsh->base)) 1965 goto nla_put_failure; 1966 1967 if (is_mask || nsh->base.mdtype == NSH_M_TYPE1) { 1968 if (nla_put(skb, OVS_NSH_KEY_ATTR_MD1, 1969 sizeof(nsh->context), nsh->context)) 1970 goto nla_put_failure; 1971 } 1972 1973 /* Don't support MD type 2 yet */ 1974 1975 nla_nest_end(skb, start); 1976 1977 return 0; 1978 1979 nla_put_failure: 1980 return -EMSGSIZE; 1981 } 1982 1983 static int __ovs_nla_put_key(const struct sw_flow_key *swkey, 1984 const struct sw_flow_key *output, bool is_mask, 1985 struct sk_buff *skb) 1986 { 1987 struct ovs_key_ethernet *eth_key; 1988 struct nlattr *nla; 1989 struct nlattr *encap = NULL; 1990 struct nlattr *in_encap = NULL; 1991 1992 if (nla_put_u32(skb, OVS_KEY_ATTR_RECIRC_ID, output->recirc_id)) 1993 goto nla_put_failure; 1994 1995 if (nla_put_u32(skb, OVS_KEY_ATTR_DP_HASH, output->ovs_flow_hash)) 1996 goto nla_put_failure; 1997 1998 if (nla_put_u32(skb, OVS_KEY_ATTR_PRIORITY, output->phy.priority)) 1999 goto nla_put_failure; 2000 2001 if ((swkey->tun_proto || is_mask)) { 2002 const void *opts = NULL; 2003 2004 if (output->tun_key.tun_flags & TUNNEL_OPTIONS_PRESENT) 2005 opts = TUN_METADATA_OPTS(output, swkey->tun_opts_len); 2006 2007 if (ip_tun_to_nlattr(skb, &output->tun_key, opts, 2008 swkey->tun_opts_len, swkey->tun_proto, 0)) 2009 goto nla_put_failure; 2010 } 2011 2012 if (swkey->phy.in_port == DP_MAX_PORTS) { 2013 if (is_mask && (output->phy.in_port == 0xffff)) 2014 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT, 0xffffffff)) 2015 goto nla_put_failure; 2016 } else { 2017 u16 upper_u16; 2018 upper_u16 = !is_mask ? 0 : 0xffff; 2019 2020 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT, 2021 (upper_u16 << 16) | output->phy.in_port)) 2022 goto nla_put_failure; 2023 } 2024 2025 if (nla_put_u32(skb, OVS_KEY_ATTR_SKB_MARK, output->phy.skb_mark)) 2026 goto nla_put_failure; 2027 2028 if (ovs_ct_put_key(swkey, output, skb)) 2029 goto nla_put_failure; 2030 2031 if (ovs_key_mac_proto(swkey) == MAC_PROTO_ETHERNET) { 2032 nla = nla_reserve(skb, OVS_KEY_ATTR_ETHERNET, sizeof(*eth_key)); 2033 if (!nla) 2034 goto nla_put_failure; 2035 2036 eth_key = nla_data(nla); 2037 ether_addr_copy(eth_key->eth_src, output->eth.src); 2038 ether_addr_copy(eth_key->eth_dst, output->eth.dst); 2039 2040 if (swkey->eth.vlan.tci || eth_type_vlan(swkey->eth.type)) { 2041 if (ovs_nla_put_vlan(skb, &output->eth.vlan, is_mask)) 2042 goto nla_put_failure; 2043 encap = nla_nest_start_noflag(skb, OVS_KEY_ATTR_ENCAP); 2044 if (!swkey->eth.vlan.tci) 2045 goto unencap; 2046 2047 if (swkey->eth.cvlan.tci || eth_type_vlan(swkey->eth.type)) { 2048 if (ovs_nla_put_vlan(skb, &output->eth.cvlan, is_mask)) 2049 goto nla_put_failure; 2050 in_encap = nla_nest_start_noflag(skb, 2051 OVS_KEY_ATTR_ENCAP); 2052 if (!swkey->eth.cvlan.tci) 2053 goto unencap; 2054 } 2055 } 2056 2057 if (swkey->eth.type == htons(ETH_P_802_2)) { 2058 /* 2059 * Ethertype 802.2 is represented in the netlink with omitted 2060 * OVS_KEY_ATTR_ETHERTYPE in the flow key attribute, and 2061 * 0xffff in the mask attribute. Ethertype can also 2062 * be wildcarded. 2063 */ 2064 if (is_mask && output->eth.type) 2065 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, 2066 output->eth.type)) 2067 goto nla_put_failure; 2068 goto unencap; 2069 } 2070 } 2071 2072 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, output->eth.type)) 2073 goto nla_put_failure; 2074 2075 if (eth_type_vlan(swkey->eth.type)) { 2076 /* There are 3 VLAN tags, we don't know anything about the rest 2077 * of the packet, so truncate here. 2078 */ 2079 WARN_ON_ONCE(!(encap && in_encap)); 2080 goto unencap; 2081 } 2082 2083 if (swkey->eth.type == htons(ETH_P_IP)) { 2084 struct ovs_key_ipv4 *ipv4_key; 2085 2086 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV4, sizeof(*ipv4_key)); 2087 if (!nla) 2088 goto nla_put_failure; 2089 ipv4_key = nla_data(nla); 2090 ipv4_key->ipv4_src = output->ipv4.addr.src; 2091 ipv4_key->ipv4_dst = output->ipv4.addr.dst; 2092 ipv4_key->ipv4_proto = output->ip.proto; 2093 ipv4_key->ipv4_tos = output->ip.tos; 2094 ipv4_key->ipv4_ttl = output->ip.ttl; 2095 ipv4_key->ipv4_frag = output->ip.frag; 2096 } else if (swkey->eth.type == htons(ETH_P_IPV6)) { 2097 struct ovs_key_ipv6 *ipv6_key; 2098 2099 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV6, sizeof(*ipv6_key)); 2100 if (!nla) 2101 goto nla_put_failure; 2102 ipv6_key = nla_data(nla); 2103 memcpy(ipv6_key->ipv6_src, &output->ipv6.addr.src, 2104 sizeof(ipv6_key->ipv6_src)); 2105 memcpy(ipv6_key->ipv6_dst, &output->ipv6.addr.dst, 2106 sizeof(ipv6_key->ipv6_dst)); 2107 ipv6_key->ipv6_label = output->ipv6.label; 2108 ipv6_key->ipv6_proto = output->ip.proto; 2109 ipv6_key->ipv6_tclass = output->ip.tos; 2110 ipv6_key->ipv6_hlimit = output->ip.ttl; 2111 ipv6_key->ipv6_frag = output->ip.frag; 2112 } else if (swkey->eth.type == htons(ETH_P_NSH)) { 2113 if (nsh_key_to_nlattr(&output->nsh, is_mask, skb)) 2114 goto nla_put_failure; 2115 } else if (swkey->eth.type == htons(ETH_P_ARP) || 2116 swkey->eth.type == htons(ETH_P_RARP)) { 2117 struct ovs_key_arp *arp_key; 2118 2119 nla = nla_reserve(skb, OVS_KEY_ATTR_ARP, sizeof(*arp_key)); 2120 if (!nla) 2121 goto nla_put_failure; 2122 arp_key = nla_data(nla); 2123 memset(arp_key, 0, sizeof(struct ovs_key_arp)); 2124 arp_key->arp_sip = output->ipv4.addr.src; 2125 arp_key->arp_tip = output->ipv4.addr.dst; 2126 arp_key->arp_op = htons(output->ip.proto); 2127 ether_addr_copy(arp_key->arp_sha, output->ipv4.arp.sha); 2128 ether_addr_copy(arp_key->arp_tha, output->ipv4.arp.tha); 2129 } else if (eth_p_mpls(swkey->eth.type)) { 2130 struct ovs_key_mpls *mpls_key; 2131 2132 nla = nla_reserve(skb, OVS_KEY_ATTR_MPLS, sizeof(*mpls_key)); 2133 if (!nla) 2134 goto nla_put_failure; 2135 mpls_key = nla_data(nla); 2136 mpls_key->mpls_lse = output->mpls.top_lse; 2137 } 2138 2139 if ((swkey->eth.type == htons(ETH_P_IP) || 2140 swkey->eth.type == htons(ETH_P_IPV6)) && 2141 swkey->ip.frag != OVS_FRAG_TYPE_LATER) { 2142 2143 if (swkey->ip.proto == IPPROTO_TCP) { 2144 struct ovs_key_tcp *tcp_key; 2145 2146 nla = nla_reserve(skb, OVS_KEY_ATTR_TCP, sizeof(*tcp_key)); 2147 if (!nla) 2148 goto nla_put_failure; 2149 tcp_key = nla_data(nla); 2150 tcp_key->tcp_src = output->tp.src; 2151 tcp_key->tcp_dst = output->tp.dst; 2152 if (nla_put_be16(skb, OVS_KEY_ATTR_TCP_FLAGS, 2153 output->tp.flags)) 2154 goto nla_put_failure; 2155 } else if (swkey->ip.proto == IPPROTO_UDP) { 2156 struct ovs_key_udp *udp_key; 2157 2158 nla = nla_reserve(skb, OVS_KEY_ATTR_UDP, sizeof(*udp_key)); 2159 if (!nla) 2160 goto nla_put_failure; 2161 udp_key = nla_data(nla); 2162 udp_key->udp_src = output->tp.src; 2163 udp_key->udp_dst = output->tp.dst; 2164 } else if (swkey->ip.proto == IPPROTO_SCTP) { 2165 struct ovs_key_sctp *sctp_key; 2166 2167 nla = nla_reserve(skb, OVS_KEY_ATTR_SCTP, sizeof(*sctp_key)); 2168 if (!nla) 2169 goto nla_put_failure; 2170 sctp_key = nla_data(nla); 2171 sctp_key->sctp_src = output->tp.src; 2172 sctp_key->sctp_dst = output->tp.dst; 2173 } else if (swkey->eth.type == htons(ETH_P_IP) && 2174 swkey->ip.proto == IPPROTO_ICMP) { 2175 struct ovs_key_icmp *icmp_key; 2176 2177 nla = nla_reserve(skb, OVS_KEY_ATTR_ICMP, sizeof(*icmp_key)); 2178 if (!nla) 2179 goto nla_put_failure; 2180 icmp_key = nla_data(nla); 2181 icmp_key->icmp_type = ntohs(output->tp.src); 2182 icmp_key->icmp_code = ntohs(output->tp.dst); 2183 } else if (swkey->eth.type == htons(ETH_P_IPV6) && 2184 swkey->ip.proto == IPPROTO_ICMPV6) { 2185 struct ovs_key_icmpv6 *icmpv6_key; 2186 2187 nla = nla_reserve(skb, OVS_KEY_ATTR_ICMPV6, 2188 sizeof(*icmpv6_key)); 2189 if (!nla) 2190 goto nla_put_failure; 2191 icmpv6_key = nla_data(nla); 2192 icmpv6_key->icmpv6_type = ntohs(output->tp.src); 2193 icmpv6_key->icmpv6_code = ntohs(output->tp.dst); 2194 2195 if (icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_SOLICITATION || 2196 icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_ADVERTISEMENT) { 2197 struct ovs_key_nd *nd_key; 2198 2199 nla = nla_reserve(skb, OVS_KEY_ATTR_ND, sizeof(*nd_key)); 2200 if (!nla) 2201 goto nla_put_failure; 2202 nd_key = nla_data(nla); 2203 memcpy(nd_key->nd_target, &output->ipv6.nd.target, 2204 sizeof(nd_key->nd_target)); 2205 ether_addr_copy(nd_key->nd_sll, output->ipv6.nd.sll); 2206 ether_addr_copy(nd_key->nd_tll, output->ipv6.nd.tll); 2207 } 2208 } 2209 } 2210 2211 unencap: 2212 if (in_encap) 2213 nla_nest_end(skb, in_encap); 2214 if (encap) 2215 nla_nest_end(skb, encap); 2216 2217 return 0; 2218 2219 nla_put_failure: 2220 return -EMSGSIZE; 2221 } 2222 2223 int ovs_nla_put_key(const struct sw_flow_key *swkey, 2224 const struct sw_flow_key *output, int attr, bool is_mask, 2225 struct sk_buff *skb) 2226 { 2227 int err; 2228 struct nlattr *nla; 2229 2230 nla = nla_nest_start_noflag(skb, attr); 2231 if (!nla) 2232 return -EMSGSIZE; 2233 err = __ovs_nla_put_key(swkey, output, is_mask, skb); 2234 if (err) 2235 return err; 2236 nla_nest_end(skb, nla); 2237 2238 return 0; 2239 } 2240 2241 /* Called with ovs_mutex or RCU read lock. */ 2242 int ovs_nla_put_identifier(const struct sw_flow *flow, struct sk_buff *skb) 2243 { 2244 if (ovs_identifier_is_ufid(&flow->id)) 2245 return nla_put(skb, OVS_FLOW_ATTR_UFID, flow->id.ufid_len, 2246 flow->id.ufid); 2247 2248 return ovs_nla_put_key(flow->id.unmasked_key, flow->id.unmasked_key, 2249 OVS_FLOW_ATTR_KEY, false, skb); 2250 } 2251 2252 /* Called with ovs_mutex or RCU read lock. */ 2253 int ovs_nla_put_masked_key(const struct sw_flow *flow, struct sk_buff *skb) 2254 { 2255 return ovs_nla_put_key(&flow->key, &flow->key, 2256 OVS_FLOW_ATTR_KEY, false, skb); 2257 } 2258 2259 /* Called with ovs_mutex or RCU read lock. */ 2260 int ovs_nla_put_mask(const struct sw_flow *flow, struct sk_buff *skb) 2261 { 2262 return ovs_nla_put_key(&flow->key, &flow->mask->key, 2263 OVS_FLOW_ATTR_MASK, true, skb); 2264 } 2265 2266 #define MAX_ACTIONS_BUFSIZE (32 * 1024) 2267 2268 static struct sw_flow_actions *nla_alloc_flow_actions(int size) 2269 { 2270 struct sw_flow_actions *sfa; 2271 2272 WARN_ON_ONCE(size > MAX_ACTIONS_BUFSIZE); 2273 2274 sfa = kmalloc(sizeof(*sfa) + size, GFP_KERNEL); 2275 if (!sfa) 2276 return ERR_PTR(-ENOMEM); 2277 2278 sfa->actions_len = 0; 2279 return sfa; 2280 } 2281 2282 static void ovs_nla_free_set_action(const struct nlattr *a) 2283 { 2284 const struct nlattr *ovs_key = nla_data(a); 2285 struct ovs_tunnel_info *ovs_tun; 2286 2287 switch (nla_type(ovs_key)) { 2288 case OVS_KEY_ATTR_TUNNEL_INFO: 2289 ovs_tun = nla_data(ovs_key); 2290 dst_release((struct dst_entry *)ovs_tun->tun_dst); 2291 break; 2292 } 2293 } 2294 2295 void ovs_nla_free_flow_actions(struct sw_flow_actions *sf_acts) 2296 { 2297 const struct nlattr *a; 2298 int rem; 2299 2300 if (!sf_acts) 2301 return; 2302 2303 nla_for_each_attr(a, sf_acts->actions, sf_acts->actions_len, rem) { 2304 switch (nla_type(a)) { 2305 case OVS_ACTION_ATTR_SET: 2306 ovs_nla_free_set_action(a); 2307 break; 2308 case OVS_ACTION_ATTR_CT: 2309 ovs_ct_free_action(a); 2310 break; 2311 } 2312 } 2313 2314 kfree(sf_acts); 2315 } 2316 2317 static void __ovs_nla_free_flow_actions(struct rcu_head *head) 2318 { 2319 ovs_nla_free_flow_actions(container_of(head, struct sw_flow_actions, rcu)); 2320 } 2321 2322 /* Schedules 'sf_acts' to be freed after the next RCU grace period. 2323 * The caller must hold rcu_read_lock for this to be sensible. */ 2324 void ovs_nla_free_flow_actions_rcu(struct sw_flow_actions *sf_acts) 2325 { 2326 call_rcu(&sf_acts->rcu, __ovs_nla_free_flow_actions); 2327 } 2328 2329 static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, 2330 int attr_len, bool log) 2331 { 2332 2333 struct sw_flow_actions *acts; 2334 int new_acts_size; 2335 size_t req_size = NLA_ALIGN(attr_len); 2336 int next_offset = offsetof(struct sw_flow_actions, actions) + 2337 (*sfa)->actions_len; 2338 2339 if (req_size <= (ksize(*sfa) - next_offset)) 2340 goto out; 2341 2342 new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2); 2343 2344 if (new_acts_size > MAX_ACTIONS_BUFSIZE) { 2345 if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) { 2346 OVS_NLERR(log, "Flow action size exceeds max %u", 2347 MAX_ACTIONS_BUFSIZE); 2348 return ERR_PTR(-EMSGSIZE); 2349 } 2350 new_acts_size = MAX_ACTIONS_BUFSIZE; 2351 } 2352 2353 acts = nla_alloc_flow_actions(new_acts_size); 2354 if (IS_ERR(acts)) 2355 return (void *)acts; 2356 2357 memcpy(acts->actions, (*sfa)->actions, (*sfa)->actions_len); 2358 acts->actions_len = (*sfa)->actions_len; 2359 acts->orig_len = (*sfa)->orig_len; 2360 kfree(*sfa); 2361 *sfa = acts; 2362 2363 out: 2364 (*sfa)->actions_len += req_size; 2365 return (struct nlattr *) ((unsigned char *)(*sfa) + next_offset); 2366 } 2367 2368 static struct nlattr *__add_action(struct sw_flow_actions **sfa, 2369 int attrtype, void *data, int len, bool log) 2370 { 2371 struct nlattr *a; 2372 2373 a = reserve_sfa_size(sfa, nla_attr_size(len), log); 2374 if (IS_ERR(a)) 2375 return a; 2376 2377 a->nla_type = attrtype; 2378 a->nla_len = nla_attr_size(len); 2379 2380 if (data) 2381 memcpy(nla_data(a), data, len); 2382 memset((unsigned char *) a + a->nla_len, 0, nla_padlen(len)); 2383 2384 return a; 2385 } 2386 2387 int ovs_nla_add_action(struct sw_flow_actions **sfa, int attrtype, void *data, 2388 int len, bool log) 2389 { 2390 struct nlattr *a; 2391 2392 a = __add_action(sfa, attrtype, data, len, log); 2393 2394 return PTR_ERR_OR_ZERO(a); 2395 } 2396 2397 static inline int add_nested_action_start(struct sw_flow_actions **sfa, 2398 int attrtype, bool log) 2399 { 2400 int used = (*sfa)->actions_len; 2401 int err; 2402 2403 err = ovs_nla_add_action(sfa, attrtype, NULL, 0, log); 2404 if (err) 2405 return err; 2406 2407 return used; 2408 } 2409 2410 static inline void add_nested_action_end(struct sw_flow_actions *sfa, 2411 int st_offset) 2412 { 2413 struct nlattr *a = (struct nlattr *) ((unsigned char *)sfa->actions + 2414 st_offset); 2415 2416 a->nla_len = sfa->actions_len - st_offset; 2417 } 2418 2419 static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, 2420 const struct sw_flow_key *key, 2421 struct sw_flow_actions **sfa, 2422 __be16 eth_type, __be16 vlan_tci, bool log); 2423 2424 static int validate_and_copy_sample(struct net *net, const struct nlattr *attr, 2425 const struct sw_flow_key *key, 2426 struct sw_flow_actions **sfa, 2427 __be16 eth_type, __be16 vlan_tci, 2428 bool log, bool last) 2429 { 2430 const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1]; 2431 const struct nlattr *probability, *actions; 2432 const struct nlattr *a; 2433 int rem, start, err; 2434 struct sample_arg arg; 2435 2436 memset(attrs, 0, sizeof(attrs)); 2437 nla_for_each_nested(a, attr, rem) { 2438 int type = nla_type(a); 2439 if (!type || type > OVS_SAMPLE_ATTR_MAX || attrs[type]) 2440 return -EINVAL; 2441 attrs[type] = a; 2442 } 2443 if (rem) 2444 return -EINVAL; 2445 2446 probability = attrs[OVS_SAMPLE_ATTR_PROBABILITY]; 2447 if (!probability || nla_len(probability) != sizeof(u32)) 2448 return -EINVAL; 2449 2450 actions = attrs[OVS_SAMPLE_ATTR_ACTIONS]; 2451 if (!actions || (nla_len(actions) && nla_len(actions) < NLA_HDRLEN)) 2452 return -EINVAL; 2453 2454 /* validation done, copy sample action. */ 2455 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SAMPLE, log); 2456 if (start < 0) 2457 return start; 2458 2459 /* When both skb and flow may be changed, put the sample 2460 * into a deferred fifo. On the other hand, if only skb 2461 * may be modified, the actions can be executed in place. 2462 * 2463 * Do this analysis at the flow installation time. 2464 * Set 'clone_action->exec' to true if the actions can be 2465 * executed without being deferred. 2466 * 2467 * If the sample is the last action, it can always be excuted 2468 * rather than deferred. 2469 */ 2470 arg.exec = last || !actions_may_change_flow(actions); 2471 arg.probability = nla_get_u32(probability); 2472 2473 err = ovs_nla_add_action(sfa, OVS_SAMPLE_ATTR_ARG, &arg, sizeof(arg), 2474 log); 2475 if (err) 2476 return err; 2477 2478 err = __ovs_nla_copy_actions(net, actions, key, sfa, 2479 eth_type, vlan_tci, log); 2480 2481 if (err) 2482 return err; 2483 2484 add_nested_action_end(*sfa, start); 2485 2486 return 0; 2487 } 2488 2489 static int validate_and_copy_clone(struct net *net, 2490 const struct nlattr *attr, 2491 const struct sw_flow_key *key, 2492 struct sw_flow_actions **sfa, 2493 __be16 eth_type, __be16 vlan_tci, 2494 bool log, bool last) 2495 { 2496 int start, err; 2497 u32 exec; 2498 2499 if (nla_len(attr) && nla_len(attr) < NLA_HDRLEN) 2500 return -EINVAL; 2501 2502 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_CLONE, log); 2503 if (start < 0) 2504 return start; 2505 2506 exec = last || !actions_may_change_flow(attr); 2507 2508 err = ovs_nla_add_action(sfa, OVS_CLONE_ATTR_EXEC, &exec, 2509 sizeof(exec), log); 2510 if (err) 2511 return err; 2512 2513 err = __ovs_nla_copy_actions(net, attr, key, sfa, 2514 eth_type, vlan_tci, log); 2515 if (err) 2516 return err; 2517 2518 add_nested_action_end(*sfa, start); 2519 2520 return 0; 2521 } 2522 2523 void ovs_match_init(struct sw_flow_match *match, 2524 struct sw_flow_key *key, 2525 bool reset_key, 2526 struct sw_flow_mask *mask) 2527 { 2528 memset(match, 0, sizeof(*match)); 2529 match->key = key; 2530 match->mask = mask; 2531 2532 if (reset_key) 2533 memset(key, 0, sizeof(*key)); 2534 2535 if (mask) { 2536 memset(&mask->key, 0, sizeof(mask->key)); 2537 mask->range.start = mask->range.end = 0; 2538 } 2539 } 2540 2541 static int validate_geneve_opts(struct sw_flow_key *key) 2542 { 2543 struct geneve_opt *option; 2544 int opts_len = key->tun_opts_len; 2545 bool crit_opt = false; 2546 2547 option = (struct geneve_opt *)TUN_METADATA_OPTS(key, key->tun_opts_len); 2548 while (opts_len > 0) { 2549 int len; 2550 2551 if (opts_len < sizeof(*option)) 2552 return -EINVAL; 2553 2554 len = sizeof(*option) + option->length * 4; 2555 if (len > opts_len) 2556 return -EINVAL; 2557 2558 crit_opt |= !!(option->type & GENEVE_CRIT_OPT_TYPE); 2559 2560 option = (struct geneve_opt *)((u8 *)option + len); 2561 opts_len -= len; 2562 } 2563 2564 key->tun_key.tun_flags |= crit_opt ? TUNNEL_CRIT_OPT : 0; 2565 2566 return 0; 2567 } 2568 2569 static int validate_and_copy_set_tun(const struct nlattr *attr, 2570 struct sw_flow_actions **sfa, bool log) 2571 { 2572 struct sw_flow_match match; 2573 struct sw_flow_key key; 2574 struct metadata_dst *tun_dst; 2575 struct ip_tunnel_info *tun_info; 2576 struct ovs_tunnel_info *ovs_tun; 2577 struct nlattr *a; 2578 int err = 0, start, opts_type; 2579 __be16 dst_opt_type; 2580 2581 dst_opt_type = 0; 2582 ovs_match_init(&match, &key, true, NULL); 2583 opts_type = ip_tun_from_nlattr(nla_data(attr), &match, false, log); 2584 if (opts_type < 0) 2585 return opts_type; 2586 2587 if (key.tun_opts_len) { 2588 switch (opts_type) { 2589 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS: 2590 err = validate_geneve_opts(&key); 2591 if (err < 0) 2592 return err; 2593 dst_opt_type = TUNNEL_GENEVE_OPT; 2594 break; 2595 case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS: 2596 dst_opt_type = TUNNEL_VXLAN_OPT; 2597 break; 2598 case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS: 2599 dst_opt_type = TUNNEL_ERSPAN_OPT; 2600 break; 2601 } 2602 } 2603 2604 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SET, log); 2605 if (start < 0) 2606 return start; 2607 2608 tun_dst = metadata_dst_alloc(key.tun_opts_len, METADATA_IP_TUNNEL, 2609 GFP_KERNEL); 2610 2611 if (!tun_dst) 2612 return -ENOMEM; 2613 2614 err = dst_cache_init(&tun_dst->u.tun_info.dst_cache, GFP_KERNEL); 2615 if (err) { 2616 dst_release((struct dst_entry *)tun_dst); 2617 return err; 2618 } 2619 2620 a = __add_action(sfa, OVS_KEY_ATTR_TUNNEL_INFO, NULL, 2621 sizeof(*ovs_tun), log); 2622 if (IS_ERR(a)) { 2623 dst_release((struct dst_entry *)tun_dst); 2624 return PTR_ERR(a); 2625 } 2626 2627 ovs_tun = nla_data(a); 2628 ovs_tun->tun_dst = tun_dst; 2629 2630 tun_info = &tun_dst->u.tun_info; 2631 tun_info->mode = IP_TUNNEL_INFO_TX; 2632 if (key.tun_proto == AF_INET6) 2633 tun_info->mode |= IP_TUNNEL_INFO_IPV6; 2634 else if (key.tun_proto == AF_INET && key.tun_key.u.ipv4.dst == 0) 2635 tun_info->mode |= IP_TUNNEL_INFO_BRIDGE; 2636 tun_info->key = key.tun_key; 2637 2638 /* We need to store the options in the action itself since 2639 * everything else will go away after flow setup. We can append 2640 * it to tun_info and then point there. 2641 */ 2642 ip_tunnel_info_opts_set(tun_info, 2643 TUN_METADATA_OPTS(&key, key.tun_opts_len), 2644 key.tun_opts_len, dst_opt_type); 2645 add_nested_action_end(*sfa, start); 2646 2647 return err; 2648 } 2649 2650 static bool validate_nsh(const struct nlattr *attr, bool is_mask, 2651 bool is_push_nsh, bool log) 2652 { 2653 struct sw_flow_match match; 2654 struct sw_flow_key key; 2655 int ret = 0; 2656 2657 ovs_match_init(&match, &key, true, NULL); 2658 ret = nsh_key_put_from_nlattr(attr, &match, is_mask, 2659 is_push_nsh, log); 2660 return !ret; 2661 } 2662 2663 /* Return false if there are any non-masked bits set. 2664 * Mask follows data immediately, before any netlink padding. 2665 */ 2666 static bool validate_masked(u8 *data, int len) 2667 { 2668 u8 *mask = data + len; 2669 2670 while (len--) 2671 if (*data++ & ~*mask++) 2672 return false; 2673 2674 return true; 2675 } 2676 2677 static int validate_set(const struct nlattr *a, 2678 const struct sw_flow_key *flow_key, 2679 struct sw_flow_actions **sfa, bool *skip_copy, 2680 u8 mac_proto, __be16 eth_type, bool masked, bool log) 2681 { 2682 const struct nlattr *ovs_key = nla_data(a); 2683 int key_type = nla_type(ovs_key); 2684 size_t key_len; 2685 2686 /* There can be only one key in a action */ 2687 if (nla_total_size(nla_len(ovs_key)) != nla_len(a)) 2688 return -EINVAL; 2689 2690 key_len = nla_len(ovs_key); 2691 if (masked) 2692 key_len /= 2; 2693 2694 if (key_type > OVS_KEY_ATTR_MAX || 2695 !check_attr_len(key_len, ovs_key_lens[key_type].len)) 2696 return -EINVAL; 2697 2698 if (masked && !validate_masked(nla_data(ovs_key), key_len)) 2699 return -EINVAL; 2700 2701 switch (key_type) { 2702 const struct ovs_key_ipv4 *ipv4_key; 2703 const struct ovs_key_ipv6 *ipv6_key; 2704 int err; 2705 2706 case OVS_KEY_ATTR_PRIORITY: 2707 case OVS_KEY_ATTR_SKB_MARK: 2708 case OVS_KEY_ATTR_CT_MARK: 2709 case OVS_KEY_ATTR_CT_LABELS: 2710 break; 2711 2712 case OVS_KEY_ATTR_ETHERNET: 2713 if (mac_proto != MAC_PROTO_ETHERNET) 2714 return -EINVAL; 2715 break; 2716 2717 case OVS_KEY_ATTR_TUNNEL: 2718 if (masked) 2719 return -EINVAL; /* Masked tunnel set not supported. */ 2720 2721 *skip_copy = true; 2722 err = validate_and_copy_set_tun(a, sfa, log); 2723 if (err) 2724 return err; 2725 break; 2726 2727 case OVS_KEY_ATTR_IPV4: 2728 if (eth_type != htons(ETH_P_IP)) 2729 return -EINVAL; 2730 2731 ipv4_key = nla_data(ovs_key); 2732 2733 if (masked) { 2734 const struct ovs_key_ipv4 *mask = ipv4_key + 1; 2735 2736 /* Non-writeable fields. */ 2737 if (mask->ipv4_proto || mask->ipv4_frag) 2738 return -EINVAL; 2739 } else { 2740 if (ipv4_key->ipv4_proto != flow_key->ip.proto) 2741 return -EINVAL; 2742 2743 if (ipv4_key->ipv4_frag != flow_key->ip.frag) 2744 return -EINVAL; 2745 } 2746 break; 2747 2748 case OVS_KEY_ATTR_IPV6: 2749 if (eth_type != htons(ETH_P_IPV6)) 2750 return -EINVAL; 2751 2752 ipv6_key = nla_data(ovs_key); 2753 2754 if (masked) { 2755 const struct ovs_key_ipv6 *mask = ipv6_key + 1; 2756 2757 /* Non-writeable fields. */ 2758 if (mask->ipv6_proto || mask->ipv6_frag) 2759 return -EINVAL; 2760 2761 /* Invalid bits in the flow label mask? */ 2762 if (ntohl(mask->ipv6_label) & 0xFFF00000) 2763 return -EINVAL; 2764 } else { 2765 if (ipv6_key->ipv6_proto != flow_key->ip.proto) 2766 return -EINVAL; 2767 2768 if (ipv6_key->ipv6_frag != flow_key->ip.frag) 2769 return -EINVAL; 2770 } 2771 if (ntohl(ipv6_key->ipv6_label) & 0xFFF00000) 2772 return -EINVAL; 2773 2774 break; 2775 2776 case OVS_KEY_ATTR_TCP: 2777 if ((eth_type != htons(ETH_P_IP) && 2778 eth_type != htons(ETH_P_IPV6)) || 2779 flow_key->ip.proto != IPPROTO_TCP) 2780 return -EINVAL; 2781 2782 break; 2783 2784 case OVS_KEY_ATTR_UDP: 2785 if ((eth_type != htons(ETH_P_IP) && 2786 eth_type != htons(ETH_P_IPV6)) || 2787 flow_key->ip.proto != IPPROTO_UDP) 2788 return -EINVAL; 2789 2790 break; 2791 2792 case OVS_KEY_ATTR_MPLS: 2793 if (!eth_p_mpls(eth_type)) 2794 return -EINVAL; 2795 break; 2796 2797 case OVS_KEY_ATTR_SCTP: 2798 if ((eth_type != htons(ETH_P_IP) && 2799 eth_type != htons(ETH_P_IPV6)) || 2800 flow_key->ip.proto != IPPROTO_SCTP) 2801 return -EINVAL; 2802 2803 break; 2804 2805 case OVS_KEY_ATTR_NSH: 2806 if (eth_type != htons(ETH_P_NSH)) 2807 return -EINVAL; 2808 if (!validate_nsh(nla_data(a), masked, false, log)) 2809 return -EINVAL; 2810 break; 2811 2812 default: 2813 return -EINVAL; 2814 } 2815 2816 /* Convert non-masked non-tunnel set actions to masked set actions. */ 2817 if (!masked && key_type != OVS_KEY_ATTR_TUNNEL) { 2818 int start, len = key_len * 2; 2819 struct nlattr *at; 2820 2821 *skip_copy = true; 2822 2823 start = add_nested_action_start(sfa, 2824 OVS_ACTION_ATTR_SET_TO_MASKED, 2825 log); 2826 if (start < 0) 2827 return start; 2828 2829 at = __add_action(sfa, key_type, NULL, len, log); 2830 if (IS_ERR(at)) 2831 return PTR_ERR(at); 2832 2833 memcpy(nla_data(at), nla_data(ovs_key), key_len); /* Key. */ 2834 memset(nla_data(at) + key_len, 0xff, key_len); /* Mask. */ 2835 /* Clear non-writeable bits from otherwise writeable fields. */ 2836 if (key_type == OVS_KEY_ATTR_IPV6) { 2837 struct ovs_key_ipv6 *mask = nla_data(at) + key_len; 2838 2839 mask->ipv6_label &= htonl(0x000FFFFF); 2840 } 2841 add_nested_action_end(*sfa, start); 2842 } 2843 2844 return 0; 2845 } 2846 2847 static int validate_userspace(const struct nlattr *attr) 2848 { 2849 static const struct nla_policy userspace_policy[OVS_USERSPACE_ATTR_MAX + 1] = { 2850 [OVS_USERSPACE_ATTR_PID] = {.type = NLA_U32 }, 2851 [OVS_USERSPACE_ATTR_USERDATA] = {.type = NLA_UNSPEC }, 2852 [OVS_USERSPACE_ATTR_EGRESS_TUN_PORT] = {.type = NLA_U32 }, 2853 }; 2854 struct nlattr *a[OVS_USERSPACE_ATTR_MAX + 1]; 2855 int error; 2856 2857 error = nla_parse_nested_deprecated(a, OVS_USERSPACE_ATTR_MAX, attr, 2858 userspace_policy, NULL); 2859 if (error) 2860 return error; 2861 2862 if (!a[OVS_USERSPACE_ATTR_PID] || 2863 !nla_get_u32(a[OVS_USERSPACE_ATTR_PID])) 2864 return -EINVAL; 2865 2866 return 0; 2867 } 2868 2869 static const struct nla_policy cpl_policy[OVS_CHECK_PKT_LEN_ATTR_MAX + 1] = { 2870 [OVS_CHECK_PKT_LEN_ATTR_PKT_LEN] = {.type = NLA_U16 }, 2871 [OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER] = {.type = NLA_NESTED }, 2872 [OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL] = {.type = NLA_NESTED }, 2873 }; 2874 2875 static int validate_and_copy_check_pkt_len(struct net *net, 2876 const struct nlattr *attr, 2877 const struct sw_flow_key *key, 2878 struct sw_flow_actions **sfa, 2879 __be16 eth_type, __be16 vlan_tci, 2880 bool log, bool last) 2881 { 2882 const struct nlattr *acts_if_greater, *acts_if_lesser_eq; 2883 struct nlattr *a[OVS_CHECK_PKT_LEN_ATTR_MAX + 1]; 2884 struct check_pkt_len_arg arg; 2885 int nested_acts_start; 2886 int start, err; 2887 2888 err = nla_parse_deprecated_strict(a, OVS_CHECK_PKT_LEN_ATTR_MAX, 2889 nla_data(attr), nla_len(attr), 2890 cpl_policy, NULL); 2891 if (err) 2892 return err; 2893 2894 if (!a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN] || 2895 !nla_get_u16(a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN])) 2896 return -EINVAL; 2897 2898 acts_if_lesser_eq = a[OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL]; 2899 acts_if_greater = a[OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER]; 2900 2901 /* Both the nested action should be present. */ 2902 if (!acts_if_greater || !acts_if_lesser_eq) 2903 return -EINVAL; 2904 2905 /* validation done, copy the nested actions. */ 2906 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_CHECK_PKT_LEN, 2907 log); 2908 if (start < 0) 2909 return start; 2910 2911 arg.pkt_len = nla_get_u16(a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN]); 2912 arg.exec_for_lesser_equal = 2913 last || !actions_may_change_flow(acts_if_lesser_eq); 2914 arg.exec_for_greater = 2915 last || !actions_may_change_flow(acts_if_greater); 2916 2917 err = ovs_nla_add_action(sfa, OVS_CHECK_PKT_LEN_ATTR_ARG, &arg, 2918 sizeof(arg), log); 2919 if (err) 2920 return err; 2921 2922 nested_acts_start = add_nested_action_start(sfa, 2923 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL, log); 2924 if (nested_acts_start < 0) 2925 return nested_acts_start; 2926 2927 err = __ovs_nla_copy_actions(net, acts_if_lesser_eq, key, sfa, 2928 eth_type, vlan_tci, log); 2929 2930 if (err) 2931 return err; 2932 2933 add_nested_action_end(*sfa, nested_acts_start); 2934 2935 nested_acts_start = add_nested_action_start(sfa, 2936 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER, log); 2937 if (nested_acts_start < 0) 2938 return nested_acts_start; 2939 2940 err = __ovs_nla_copy_actions(net, acts_if_greater, key, sfa, 2941 eth_type, vlan_tci, log); 2942 2943 if (err) 2944 return err; 2945 2946 add_nested_action_end(*sfa, nested_acts_start); 2947 add_nested_action_end(*sfa, start); 2948 return 0; 2949 } 2950 2951 static int copy_action(const struct nlattr *from, 2952 struct sw_flow_actions **sfa, bool log) 2953 { 2954 int totlen = NLA_ALIGN(from->nla_len); 2955 struct nlattr *to; 2956 2957 to = reserve_sfa_size(sfa, from->nla_len, log); 2958 if (IS_ERR(to)) 2959 return PTR_ERR(to); 2960 2961 memcpy(to, from, totlen); 2962 return 0; 2963 } 2964 2965 static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, 2966 const struct sw_flow_key *key, 2967 struct sw_flow_actions **sfa, 2968 __be16 eth_type, __be16 vlan_tci, bool log) 2969 { 2970 u8 mac_proto = ovs_key_mac_proto(key); 2971 const struct nlattr *a; 2972 int rem, err; 2973 2974 nla_for_each_nested(a, attr, rem) { 2975 /* Expected argument lengths, (u32)-1 for variable length. */ 2976 static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = { 2977 [OVS_ACTION_ATTR_OUTPUT] = sizeof(u32), 2978 [OVS_ACTION_ATTR_RECIRC] = sizeof(u32), 2979 [OVS_ACTION_ATTR_USERSPACE] = (u32)-1, 2980 [OVS_ACTION_ATTR_PUSH_MPLS] = sizeof(struct ovs_action_push_mpls), 2981 [OVS_ACTION_ATTR_POP_MPLS] = sizeof(__be16), 2982 [OVS_ACTION_ATTR_PUSH_VLAN] = sizeof(struct ovs_action_push_vlan), 2983 [OVS_ACTION_ATTR_POP_VLAN] = 0, 2984 [OVS_ACTION_ATTR_SET] = (u32)-1, 2985 [OVS_ACTION_ATTR_SET_MASKED] = (u32)-1, 2986 [OVS_ACTION_ATTR_SAMPLE] = (u32)-1, 2987 [OVS_ACTION_ATTR_HASH] = sizeof(struct ovs_action_hash), 2988 [OVS_ACTION_ATTR_CT] = (u32)-1, 2989 [OVS_ACTION_ATTR_CT_CLEAR] = 0, 2990 [OVS_ACTION_ATTR_TRUNC] = sizeof(struct ovs_action_trunc), 2991 [OVS_ACTION_ATTR_PUSH_ETH] = sizeof(struct ovs_action_push_eth), 2992 [OVS_ACTION_ATTR_POP_ETH] = 0, 2993 [OVS_ACTION_ATTR_PUSH_NSH] = (u32)-1, 2994 [OVS_ACTION_ATTR_POP_NSH] = 0, 2995 [OVS_ACTION_ATTR_METER] = sizeof(u32), 2996 [OVS_ACTION_ATTR_CLONE] = (u32)-1, 2997 [OVS_ACTION_ATTR_CHECK_PKT_LEN] = (u32)-1, 2998 }; 2999 const struct ovs_action_push_vlan *vlan; 3000 int type = nla_type(a); 3001 bool skip_copy; 3002 3003 if (type > OVS_ACTION_ATTR_MAX || 3004 (action_lens[type] != nla_len(a) && 3005 action_lens[type] != (u32)-1)) 3006 return -EINVAL; 3007 3008 skip_copy = false; 3009 switch (type) { 3010 case OVS_ACTION_ATTR_UNSPEC: 3011 return -EINVAL; 3012 3013 case OVS_ACTION_ATTR_USERSPACE: 3014 err = validate_userspace(a); 3015 if (err) 3016 return err; 3017 break; 3018 3019 case OVS_ACTION_ATTR_OUTPUT: 3020 if (nla_get_u32(a) >= DP_MAX_PORTS) 3021 return -EINVAL; 3022 break; 3023 3024 case OVS_ACTION_ATTR_TRUNC: { 3025 const struct ovs_action_trunc *trunc = nla_data(a); 3026 3027 if (trunc->max_len < ETH_HLEN) 3028 return -EINVAL; 3029 break; 3030 } 3031 3032 case OVS_ACTION_ATTR_HASH: { 3033 const struct ovs_action_hash *act_hash = nla_data(a); 3034 3035 switch (act_hash->hash_alg) { 3036 case OVS_HASH_ALG_L4: 3037 break; 3038 default: 3039 return -EINVAL; 3040 } 3041 3042 break; 3043 } 3044 3045 case OVS_ACTION_ATTR_POP_VLAN: 3046 if (mac_proto != MAC_PROTO_ETHERNET) 3047 return -EINVAL; 3048 vlan_tci = htons(0); 3049 break; 3050 3051 case OVS_ACTION_ATTR_PUSH_VLAN: 3052 if (mac_proto != MAC_PROTO_ETHERNET) 3053 return -EINVAL; 3054 vlan = nla_data(a); 3055 if (!eth_type_vlan(vlan->vlan_tpid)) 3056 return -EINVAL; 3057 if (!(vlan->vlan_tci & htons(VLAN_CFI_MASK))) 3058 return -EINVAL; 3059 vlan_tci = vlan->vlan_tci; 3060 break; 3061 3062 case OVS_ACTION_ATTR_RECIRC: 3063 break; 3064 3065 case OVS_ACTION_ATTR_PUSH_MPLS: { 3066 const struct ovs_action_push_mpls *mpls = nla_data(a); 3067 3068 if (!eth_p_mpls(mpls->mpls_ethertype)) 3069 return -EINVAL; 3070 /* Prohibit push MPLS other than to a white list 3071 * for packets that have a known tag order. 3072 */ 3073 if (vlan_tci & htons(VLAN_CFI_MASK) || 3074 (eth_type != htons(ETH_P_IP) && 3075 eth_type != htons(ETH_P_IPV6) && 3076 eth_type != htons(ETH_P_ARP) && 3077 eth_type != htons(ETH_P_RARP) && 3078 !eth_p_mpls(eth_type))) 3079 return -EINVAL; 3080 eth_type = mpls->mpls_ethertype; 3081 break; 3082 } 3083 3084 case OVS_ACTION_ATTR_POP_MPLS: 3085 if (vlan_tci & htons(VLAN_CFI_MASK) || 3086 !eth_p_mpls(eth_type)) 3087 return -EINVAL; 3088 3089 /* Disallow subsequent L2.5+ set and mpls_pop actions 3090 * as there is no check here to ensure that the new 3091 * eth_type is valid and thus set actions could 3092 * write off the end of the packet or otherwise 3093 * corrupt it. 3094 * 3095 * Support for these actions is planned using packet 3096 * recirculation. 3097 */ 3098 eth_type = htons(0); 3099 break; 3100 3101 case OVS_ACTION_ATTR_SET: 3102 err = validate_set(a, key, sfa, 3103 &skip_copy, mac_proto, eth_type, 3104 false, log); 3105 if (err) 3106 return err; 3107 break; 3108 3109 case OVS_ACTION_ATTR_SET_MASKED: 3110 err = validate_set(a, key, sfa, 3111 &skip_copy, mac_proto, eth_type, 3112 true, log); 3113 if (err) 3114 return err; 3115 break; 3116 3117 case OVS_ACTION_ATTR_SAMPLE: { 3118 bool last = nla_is_last(a, rem); 3119 3120 err = validate_and_copy_sample(net, a, key, sfa, 3121 eth_type, vlan_tci, 3122 log, last); 3123 if (err) 3124 return err; 3125 skip_copy = true; 3126 break; 3127 } 3128 3129 case OVS_ACTION_ATTR_CT: 3130 err = ovs_ct_copy_action(net, a, key, sfa, log); 3131 if (err) 3132 return err; 3133 skip_copy = true; 3134 break; 3135 3136 case OVS_ACTION_ATTR_CT_CLEAR: 3137 break; 3138 3139 case OVS_ACTION_ATTR_PUSH_ETH: 3140 /* Disallow pushing an Ethernet header if one 3141 * is already present */ 3142 if (mac_proto != MAC_PROTO_NONE) 3143 return -EINVAL; 3144 mac_proto = MAC_PROTO_ETHERNET; 3145 break; 3146 3147 case OVS_ACTION_ATTR_POP_ETH: 3148 if (mac_proto != MAC_PROTO_ETHERNET) 3149 return -EINVAL; 3150 if (vlan_tci & htons(VLAN_CFI_MASK)) 3151 return -EINVAL; 3152 mac_proto = MAC_PROTO_NONE; 3153 break; 3154 3155 case OVS_ACTION_ATTR_PUSH_NSH: 3156 if (mac_proto != MAC_PROTO_ETHERNET) { 3157 u8 next_proto; 3158 3159 next_proto = tun_p_from_eth_p(eth_type); 3160 if (!next_proto) 3161 return -EINVAL; 3162 } 3163 mac_proto = MAC_PROTO_NONE; 3164 if (!validate_nsh(nla_data(a), false, true, true)) 3165 return -EINVAL; 3166 break; 3167 3168 case OVS_ACTION_ATTR_POP_NSH: { 3169 __be16 inner_proto; 3170 3171 if (eth_type != htons(ETH_P_NSH)) 3172 return -EINVAL; 3173 inner_proto = tun_p_to_eth_p(key->nsh.base.np); 3174 if (!inner_proto) 3175 return -EINVAL; 3176 if (key->nsh.base.np == TUN_P_ETHERNET) 3177 mac_proto = MAC_PROTO_ETHERNET; 3178 else 3179 mac_proto = MAC_PROTO_NONE; 3180 break; 3181 } 3182 3183 case OVS_ACTION_ATTR_METER: 3184 /* Non-existent meters are simply ignored. */ 3185 break; 3186 3187 case OVS_ACTION_ATTR_CLONE: { 3188 bool last = nla_is_last(a, rem); 3189 3190 err = validate_and_copy_clone(net, a, key, sfa, 3191 eth_type, vlan_tci, 3192 log, last); 3193 if (err) 3194 return err; 3195 skip_copy = true; 3196 break; 3197 } 3198 3199 case OVS_ACTION_ATTR_CHECK_PKT_LEN: { 3200 bool last = nla_is_last(a, rem); 3201 3202 err = validate_and_copy_check_pkt_len(net, a, key, sfa, 3203 eth_type, 3204 vlan_tci, log, 3205 last); 3206 if (err) 3207 return err; 3208 skip_copy = true; 3209 break; 3210 } 3211 3212 default: 3213 OVS_NLERR(log, "Unknown Action type %d", type); 3214 return -EINVAL; 3215 } 3216 if (!skip_copy) { 3217 err = copy_action(a, sfa, log); 3218 if (err) 3219 return err; 3220 } 3221 } 3222 3223 if (rem > 0) 3224 return -EINVAL; 3225 3226 return 0; 3227 } 3228 3229 /* 'key' must be the masked key. */ 3230 int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, 3231 const struct sw_flow_key *key, 3232 struct sw_flow_actions **sfa, bool log) 3233 { 3234 int err; 3235 3236 *sfa = nla_alloc_flow_actions(min(nla_len(attr), MAX_ACTIONS_BUFSIZE)); 3237 if (IS_ERR(*sfa)) 3238 return PTR_ERR(*sfa); 3239 3240 (*sfa)->orig_len = nla_len(attr); 3241 err = __ovs_nla_copy_actions(net, attr, key, sfa, key->eth.type, 3242 key->eth.vlan.tci, log); 3243 if (err) 3244 ovs_nla_free_flow_actions(*sfa); 3245 3246 return err; 3247 } 3248 3249 static int sample_action_to_attr(const struct nlattr *attr, 3250 struct sk_buff *skb) 3251 { 3252 struct nlattr *start, *ac_start = NULL, *sample_arg; 3253 int err = 0, rem = nla_len(attr); 3254 const struct sample_arg *arg; 3255 struct nlattr *actions; 3256 3257 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SAMPLE); 3258 if (!start) 3259 return -EMSGSIZE; 3260 3261 sample_arg = nla_data(attr); 3262 arg = nla_data(sample_arg); 3263 actions = nla_next(sample_arg, &rem); 3264 3265 if (nla_put_u32(skb, OVS_SAMPLE_ATTR_PROBABILITY, arg->probability)) { 3266 err = -EMSGSIZE; 3267 goto out; 3268 } 3269 3270 ac_start = nla_nest_start_noflag(skb, OVS_SAMPLE_ATTR_ACTIONS); 3271 if (!ac_start) { 3272 err = -EMSGSIZE; 3273 goto out; 3274 } 3275 3276 err = ovs_nla_put_actions(actions, rem, skb); 3277 3278 out: 3279 if (err) { 3280 nla_nest_cancel(skb, ac_start); 3281 nla_nest_cancel(skb, start); 3282 } else { 3283 nla_nest_end(skb, ac_start); 3284 nla_nest_end(skb, start); 3285 } 3286 3287 return err; 3288 } 3289 3290 static int clone_action_to_attr(const struct nlattr *attr, 3291 struct sk_buff *skb) 3292 { 3293 struct nlattr *start; 3294 int err = 0, rem = nla_len(attr); 3295 3296 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CLONE); 3297 if (!start) 3298 return -EMSGSIZE; 3299 3300 err = ovs_nla_put_actions(nla_data(attr), rem, skb); 3301 3302 if (err) 3303 nla_nest_cancel(skb, start); 3304 else 3305 nla_nest_end(skb, start); 3306 3307 return err; 3308 } 3309 3310 static int check_pkt_len_action_to_attr(const struct nlattr *attr, 3311 struct sk_buff *skb) 3312 { 3313 struct nlattr *start, *ac_start = NULL; 3314 const struct check_pkt_len_arg *arg; 3315 const struct nlattr *a, *cpl_arg; 3316 int err = 0, rem = nla_len(attr); 3317 3318 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CHECK_PKT_LEN); 3319 if (!start) 3320 return -EMSGSIZE; 3321 3322 /* The first nested attribute in 'attr' is always 3323 * 'OVS_CHECK_PKT_LEN_ATTR_ARG'. 3324 */ 3325 cpl_arg = nla_data(attr); 3326 arg = nla_data(cpl_arg); 3327 3328 if (nla_put_u16(skb, OVS_CHECK_PKT_LEN_ATTR_PKT_LEN, arg->pkt_len)) { 3329 err = -EMSGSIZE; 3330 goto out; 3331 } 3332 3333 /* Second nested attribute in 'attr' is always 3334 * 'OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL'. 3335 */ 3336 a = nla_next(cpl_arg, &rem); 3337 ac_start = nla_nest_start_noflag(skb, 3338 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL); 3339 if (!ac_start) { 3340 err = -EMSGSIZE; 3341 goto out; 3342 } 3343 3344 err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb); 3345 if (err) { 3346 nla_nest_cancel(skb, ac_start); 3347 goto out; 3348 } else { 3349 nla_nest_end(skb, ac_start); 3350 } 3351 3352 /* Third nested attribute in 'attr' is always 3353 * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER. 3354 */ 3355 a = nla_next(a, &rem); 3356 ac_start = nla_nest_start_noflag(skb, 3357 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER); 3358 if (!ac_start) { 3359 err = -EMSGSIZE; 3360 goto out; 3361 } 3362 3363 err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb); 3364 if (err) { 3365 nla_nest_cancel(skb, ac_start); 3366 goto out; 3367 } else { 3368 nla_nest_end(skb, ac_start); 3369 } 3370 3371 nla_nest_end(skb, start); 3372 return 0; 3373 3374 out: 3375 nla_nest_cancel(skb, start); 3376 return err; 3377 } 3378 3379 static int set_action_to_attr(const struct nlattr *a, struct sk_buff *skb) 3380 { 3381 const struct nlattr *ovs_key = nla_data(a); 3382 int key_type = nla_type(ovs_key); 3383 struct nlattr *start; 3384 int err; 3385 3386 switch (key_type) { 3387 case OVS_KEY_ATTR_TUNNEL_INFO: { 3388 struct ovs_tunnel_info *ovs_tun = nla_data(ovs_key); 3389 struct ip_tunnel_info *tun_info = &ovs_tun->tun_dst->u.tun_info; 3390 3391 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SET); 3392 if (!start) 3393 return -EMSGSIZE; 3394 3395 err = ip_tun_to_nlattr(skb, &tun_info->key, 3396 ip_tunnel_info_opts(tun_info), 3397 tun_info->options_len, 3398 ip_tunnel_info_af(tun_info), tun_info->mode); 3399 if (err) 3400 return err; 3401 nla_nest_end(skb, start); 3402 break; 3403 } 3404 default: 3405 if (nla_put(skb, OVS_ACTION_ATTR_SET, nla_len(a), ovs_key)) 3406 return -EMSGSIZE; 3407 break; 3408 } 3409 3410 return 0; 3411 } 3412 3413 static int masked_set_action_to_set_action_attr(const struct nlattr *a, 3414 struct sk_buff *skb) 3415 { 3416 const struct nlattr *ovs_key = nla_data(a); 3417 struct nlattr *nla; 3418 size_t key_len = nla_len(ovs_key) / 2; 3419 3420 /* Revert the conversion we did from a non-masked set action to 3421 * masked set action. 3422 */ 3423 nla = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SET); 3424 if (!nla) 3425 return -EMSGSIZE; 3426 3427 if (nla_put(skb, nla_type(ovs_key), key_len, nla_data(ovs_key))) 3428 return -EMSGSIZE; 3429 3430 nla_nest_end(skb, nla); 3431 return 0; 3432 } 3433 3434 int ovs_nla_put_actions(const struct nlattr *attr, int len, struct sk_buff *skb) 3435 { 3436 const struct nlattr *a; 3437 int rem, err; 3438 3439 nla_for_each_attr(a, attr, len, rem) { 3440 int type = nla_type(a); 3441 3442 switch (type) { 3443 case OVS_ACTION_ATTR_SET: 3444 err = set_action_to_attr(a, skb); 3445 if (err) 3446 return err; 3447 break; 3448 3449 case OVS_ACTION_ATTR_SET_TO_MASKED: 3450 err = masked_set_action_to_set_action_attr(a, skb); 3451 if (err) 3452 return err; 3453 break; 3454 3455 case OVS_ACTION_ATTR_SAMPLE: 3456 err = sample_action_to_attr(a, skb); 3457 if (err) 3458 return err; 3459 break; 3460 3461 case OVS_ACTION_ATTR_CT: 3462 err = ovs_ct_action_to_attr(nla_data(a), skb); 3463 if (err) 3464 return err; 3465 break; 3466 3467 case OVS_ACTION_ATTR_CLONE: 3468 err = clone_action_to_attr(a, skb); 3469 if (err) 3470 return err; 3471 break; 3472 3473 case OVS_ACTION_ATTR_CHECK_PKT_LEN: 3474 err = check_pkt_len_action_to_attr(a, skb); 3475 if (err) 3476 return err; 3477 break; 3478 3479 default: 3480 if (nla_put(skb, type, nla_len(a), nla_data(a))) 3481 return -EMSGSIZE; 3482 break; 3483 } 3484 } 3485 3486 return 0; 3487 } 3488