1 /* 2 * Copyright (c) 2007-2014 Nicira, Inc. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of version 2 of the GNU General Public 6 * License as published by the Free Software Foundation. 7 * 8 * This program is distributed in the hope that it will be useful, but 9 * WITHOUT ANY WARRANTY; without even the implied warranty of 10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 11 * General Public License for more details. 12 * 13 * You should have received a copy of the GNU General Public License 14 * along with this program; if not, write to the Free Software 15 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 16 * 02110-1301, USA 17 */ 18 19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 20 21 #include "flow.h" 22 #include "datapath.h" 23 #include <linux/uaccess.h> 24 #include <linux/netdevice.h> 25 #include <linux/etherdevice.h> 26 #include <linux/if_ether.h> 27 #include <linux/if_vlan.h> 28 #include <net/llc_pdu.h> 29 #include <linux/kernel.h> 30 #include <linux/jhash.h> 31 #include <linux/jiffies.h> 32 #include <linux/llc.h> 33 #include <linux/module.h> 34 #include <linux/in.h> 35 #include <linux/rcupdate.h> 36 #include <linux/if_arp.h> 37 #include <linux/ip.h> 38 #include <linux/ipv6.h> 39 #include <linux/sctp.h> 40 #include <linux/tcp.h> 41 #include <linux/udp.h> 42 #include <linux/icmp.h> 43 #include <linux/icmpv6.h> 44 #include <linux/rculist.h> 45 #include <net/geneve.h> 46 #include <net/ip.h> 47 #include <net/ipv6.h> 48 #include <net/ndisc.h> 49 #include <net/mpls.h> 50 #include <net/vxlan.h> 51 52 #include "flow_netlink.h" 53 54 struct ovs_len_tbl { 55 int len; 56 const struct ovs_len_tbl *next; 57 }; 58 59 #define OVS_ATTR_NESTED -1 60 61 static void update_range(struct sw_flow_match *match, 62 size_t offset, size_t size, bool is_mask) 63 { 64 struct sw_flow_key_range *range; 65 size_t start = rounddown(offset, sizeof(long)); 66 size_t end = roundup(offset + size, sizeof(long)); 67 68 if (!is_mask) 69 range = &match->range; 70 else 71 range = &match->mask->range; 72 73 if (range->start == range->end) { 74 range->start = start; 75 range->end = end; 76 return; 77 } 78 79 if (range->start > start) 80 range->start = start; 81 82 if (range->end < end) 83 range->end = end; 84 } 85 86 #define SW_FLOW_KEY_PUT(match, field, value, is_mask) \ 87 do { \ 88 update_range(match, offsetof(struct sw_flow_key, field), \ 89 sizeof((match)->key->field), is_mask); \ 90 if (is_mask) \ 91 (match)->mask->key.field = value; \ 92 else \ 93 (match)->key->field = value; \ 94 } while (0) 95 96 #define SW_FLOW_KEY_MEMCPY_OFFSET(match, offset, value_p, len, is_mask) \ 97 do { \ 98 update_range(match, offset, len, is_mask); \ 99 if (is_mask) \ 100 memcpy((u8 *)&(match)->mask->key + offset, value_p, \ 101 len); \ 102 else \ 103 memcpy((u8 *)(match)->key + offset, value_p, len); \ 104 } while (0) 105 106 #define SW_FLOW_KEY_MEMCPY(match, field, value_p, len, is_mask) \ 107 SW_FLOW_KEY_MEMCPY_OFFSET(match, offsetof(struct sw_flow_key, field), \ 108 value_p, len, is_mask) 109 110 #define SW_FLOW_KEY_MEMSET_FIELD(match, field, value, is_mask) \ 111 do { \ 112 update_range(match, offsetof(struct sw_flow_key, field), \ 113 sizeof((match)->key->field), is_mask); \ 114 if (is_mask) \ 115 memset((u8 *)&(match)->mask->key.field, value, \ 116 sizeof((match)->mask->key.field)); \ 117 else \ 118 memset((u8 *)&(match)->key->field, value, \ 119 sizeof((match)->key->field)); \ 120 } while (0) 121 122 static bool match_validate(const struct sw_flow_match *match, 123 u64 key_attrs, u64 mask_attrs, bool log) 124 { 125 u64 key_expected = 1 << OVS_KEY_ATTR_ETHERNET; 126 u64 mask_allowed = key_attrs; /* At most allow all key attributes */ 127 128 /* The following mask attributes allowed only if they 129 * pass the validation tests. */ 130 mask_allowed &= ~((1 << OVS_KEY_ATTR_IPV4) 131 | (1 << OVS_KEY_ATTR_IPV6) 132 | (1 << OVS_KEY_ATTR_TCP) 133 | (1 << OVS_KEY_ATTR_TCP_FLAGS) 134 | (1 << OVS_KEY_ATTR_UDP) 135 | (1 << OVS_KEY_ATTR_SCTP) 136 | (1 << OVS_KEY_ATTR_ICMP) 137 | (1 << OVS_KEY_ATTR_ICMPV6) 138 | (1 << OVS_KEY_ATTR_ARP) 139 | (1 << OVS_KEY_ATTR_ND) 140 | (1 << OVS_KEY_ATTR_MPLS)); 141 142 /* Always allowed mask fields. */ 143 mask_allowed |= ((1 << OVS_KEY_ATTR_TUNNEL) 144 | (1 << OVS_KEY_ATTR_IN_PORT) 145 | (1 << OVS_KEY_ATTR_ETHERTYPE)); 146 147 /* Check key attributes. */ 148 if (match->key->eth.type == htons(ETH_P_ARP) 149 || match->key->eth.type == htons(ETH_P_RARP)) { 150 key_expected |= 1 << OVS_KEY_ATTR_ARP; 151 if (match->mask && (match->mask->key.eth.type == htons(0xffff))) 152 mask_allowed |= 1 << OVS_KEY_ATTR_ARP; 153 } 154 155 if (eth_p_mpls(match->key->eth.type)) { 156 key_expected |= 1 << OVS_KEY_ATTR_MPLS; 157 if (match->mask && (match->mask->key.eth.type == htons(0xffff))) 158 mask_allowed |= 1 << OVS_KEY_ATTR_MPLS; 159 } 160 161 if (match->key->eth.type == htons(ETH_P_IP)) { 162 key_expected |= 1 << OVS_KEY_ATTR_IPV4; 163 if (match->mask && (match->mask->key.eth.type == htons(0xffff))) 164 mask_allowed |= 1 << OVS_KEY_ATTR_IPV4; 165 166 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) { 167 if (match->key->ip.proto == IPPROTO_UDP) { 168 key_expected |= 1 << OVS_KEY_ATTR_UDP; 169 if (match->mask && (match->mask->key.ip.proto == 0xff)) 170 mask_allowed |= 1 << OVS_KEY_ATTR_UDP; 171 } 172 173 if (match->key->ip.proto == IPPROTO_SCTP) { 174 key_expected |= 1 << OVS_KEY_ATTR_SCTP; 175 if (match->mask && (match->mask->key.ip.proto == 0xff)) 176 mask_allowed |= 1 << OVS_KEY_ATTR_SCTP; 177 } 178 179 if (match->key->ip.proto == IPPROTO_TCP) { 180 key_expected |= 1 << OVS_KEY_ATTR_TCP; 181 key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS; 182 if (match->mask && (match->mask->key.ip.proto == 0xff)) { 183 mask_allowed |= 1 << OVS_KEY_ATTR_TCP; 184 mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS; 185 } 186 } 187 188 if (match->key->ip.proto == IPPROTO_ICMP) { 189 key_expected |= 1 << OVS_KEY_ATTR_ICMP; 190 if (match->mask && (match->mask->key.ip.proto == 0xff)) 191 mask_allowed |= 1 << OVS_KEY_ATTR_ICMP; 192 } 193 } 194 } 195 196 if (match->key->eth.type == htons(ETH_P_IPV6)) { 197 key_expected |= 1 << OVS_KEY_ATTR_IPV6; 198 if (match->mask && (match->mask->key.eth.type == htons(0xffff))) 199 mask_allowed |= 1 << OVS_KEY_ATTR_IPV6; 200 201 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) { 202 if (match->key->ip.proto == IPPROTO_UDP) { 203 key_expected |= 1 << OVS_KEY_ATTR_UDP; 204 if (match->mask && (match->mask->key.ip.proto == 0xff)) 205 mask_allowed |= 1 << OVS_KEY_ATTR_UDP; 206 } 207 208 if (match->key->ip.proto == IPPROTO_SCTP) { 209 key_expected |= 1 << OVS_KEY_ATTR_SCTP; 210 if (match->mask && (match->mask->key.ip.proto == 0xff)) 211 mask_allowed |= 1 << OVS_KEY_ATTR_SCTP; 212 } 213 214 if (match->key->ip.proto == IPPROTO_TCP) { 215 key_expected |= 1 << OVS_KEY_ATTR_TCP; 216 key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS; 217 if (match->mask && (match->mask->key.ip.proto == 0xff)) { 218 mask_allowed |= 1 << OVS_KEY_ATTR_TCP; 219 mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS; 220 } 221 } 222 223 if (match->key->ip.proto == IPPROTO_ICMPV6) { 224 key_expected |= 1 << OVS_KEY_ATTR_ICMPV6; 225 if (match->mask && (match->mask->key.ip.proto == 0xff)) 226 mask_allowed |= 1 << OVS_KEY_ATTR_ICMPV6; 227 228 if (match->key->tp.src == 229 htons(NDISC_NEIGHBOUR_SOLICITATION) || 230 match->key->tp.src == htons(NDISC_NEIGHBOUR_ADVERTISEMENT)) { 231 key_expected |= 1 << OVS_KEY_ATTR_ND; 232 if (match->mask && (match->mask->key.tp.src == htons(0xff))) 233 mask_allowed |= 1 << OVS_KEY_ATTR_ND; 234 } 235 } 236 } 237 } 238 239 if ((key_attrs & key_expected) != key_expected) { 240 /* Key attributes check failed. */ 241 OVS_NLERR(log, "Missing key (keys=%llx, expected=%llx)", 242 (unsigned long long)key_attrs, 243 (unsigned long long)key_expected); 244 return false; 245 } 246 247 if ((mask_attrs & mask_allowed) != mask_attrs) { 248 /* Mask attributes check failed. */ 249 OVS_NLERR(log, "Unexpected mask (mask=%llx, allowed=%llx)", 250 (unsigned long long)mask_attrs, 251 (unsigned long long)mask_allowed); 252 return false; 253 } 254 255 return true; 256 } 257 258 size_t ovs_tun_key_attr_size(void) 259 { 260 /* Whenever adding new OVS_TUNNEL_KEY_ FIELDS, we should consider 261 * updating this function. 262 */ 263 return nla_total_size(8) /* OVS_TUNNEL_KEY_ATTR_ID */ 264 + nla_total_size(4) /* OVS_TUNNEL_KEY_ATTR_IPV4_SRC */ 265 + nla_total_size(4) /* OVS_TUNNEL_KEY_ATTR_IPV4_DST */ 266 + nla_total_size(1) /* OVS_TUNNEL_KEY_ATTR_TOS */ 267 + nla_total_size(1) /* OVS_TUNNEL_KEY_ATTR_TTL */ 268 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT */ 269 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_CSUM */ 270 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_OAM */ 271 + nla_total_size(256) /* OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS */ 272 /* OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS is mutually exclusive with 273 * OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS and covered by it. 274 */ 275 + nla_total_size(2) /* OVS_TUNNEL_KEY_ATTR_TP_SRC */ 276 + nla_total_size(2); /* OVS_TUNNEL_KEY_ATTR_TP_DST */ 277 } 278 279 size_t ovs_key_attr_size(void) 280 { 281 /* Whenever adding new OVS_KEY_ FIELDS, we should consider 282 * updating this function. 283 */ 284 BUILD_BUG_ON(OVS_KEY_ATTR_TUNNEL_INFO != 26); 285 286 return nla_total_size(4) /* OVS_KEY_ATTR_PRIORITY */ 287 + nla_total_size(0) /* OVS_KEY_ATTR_TUNNEL */ 288 + ovs_tun_key_attr_size() 289 + nla_total_size(4) /* OVS_KEY_ATTR_IN_PORT */ 290 + nla_total_size(4) /* OVS_KEY_ATTR_SKB_MARK */ 291 + nla_total_size(4) /* OVS_KEY_ATTR_DP_HASH */ 292 + nla_total_size(4) /* OVS_KEY_ATTR_RECIRC_ID */ 293 + nla_total_size(1) /* OVS_KEY_ATTR_CT_STATE */ 294 + nla_total_size(2) /* OVS_KEY_ATTR_CT_ZONE */ 295 + nla_total_size(4) /* OVS_KEY_ATTR_CT_MARK */ 296 + nla_total_size(16) /* OVS_KEY_ATTR_CT_LABEL */ 297 + nla_total_size(12) /* OVS_KEY_ATTR_ETHERNET */ 298 + nla_total_size(2) /* OVS_KEY_ATTR_ETHERTYPE */ 299 + nla_total_size(4) /* OVS_KEY_ATTR_VLAN */ 300 + nla_total_size(0) /* OVS_KEY_ATTR_ENCAP */ 301 + nla_total_size(2) /* OVS_KEY_ATTR_ETHERTYPE */ 302 + nla_total_size(40) /* OVS_KEY_ATTR_IPV6 */ 303 + nla_total_size(2) /* OVS_KEY_ATTR_ICMPV6 */ 304 + nla_total_size(28); /* OVS_KEY_ATTR_ND */ 305 } 306 307 static const struct ovs_len_tbl ovs_tunnel_key_lens[OVS_TUNNEL_KEY_ATTR_MAX + 1] = { 308 [OVS_TUNNEL_KEY_ATTR_ID] = { .len = sizeof(u64) }, 309 [OVS_TUNNEL_KEY_ATTR_IPV4_SRC] = { .len = sizeof(u32) }, 310 [OVS_TUNNEL_KEY_ATTR_IPV4_DST] = { .len = sizeof(u32) }, 311 [OVS_TUNNEL_KEY_ATTR_TOS] = { .len = 1 }, 312 [OVS_TUNNEL_KEY_ATTR_TTL] = { .len = 1 }, 313 [OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT] = { .len = 0 }, 314 [OVS_TUNNEL_KEY_ATTR_CSUM] = { .len = 0 }, 315 [OVS_TUNNEL_KEY_ATTR_TP_SRC] = { .len = sizeof(u16) }, 316 [OVS_TUNNEL_KEY_ATTR_TP_DST] = { .len = sizeof(u16) }, 317 [OVS_TUNNEL_KEY_ATTR_OAM] = { .len = 0 }, 318 [OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS] = { .len = OVS_ATTR_NESTED }, 319 [OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS] = { .len = OVS_ATTR_NESTED }, 320 }; 321 322 /* The size of the argument for each %OVS_KEY_ATTR_* Netlink attribute. */ 323 static const struct ovs_len_tbl ovs_key_lens[OVS_KEY_ATTR_MAX + 1] = { 324 [OVS_KEY_ATTR_ENCAP] = { .len = OVS_ATTR_NESTED }, 325 [OVS_KEY_ATTR_PRIORITY] = { .len = sizeof(u32) }, 326 [OVS_KEY_ATTR_IN_PORT] = { .len = sizeof(u32) }, 327 [OVS_KEY_ATTR_SKB_MARK] = { .len = sizeof(u32) }, 328 [OVS_KEY_ATTR_ETHERNET] = { .len = sizeof(struct ovs_key_ethernet) }, 329 [OVS_KEY_ATTR_VLAN] = { .len = sizeof(__be16) }, 330 [OVS_KEY_ATTR_ETHERTYPE] = { .len = sizeof(__be16) }, 331 [OVS_KEY_ATTR_IPV4] = { .len = sizeof(struct ovs_key_ipv4) }, 332 [OVS_KEY_ATTR_IPV6] = { .len = sizeof(struct ovs_key_ipv6) }, 333 [OVS_KEY_ATTR_TCP] = { .len = sizeof(struct ovs_key_tcp) }, 334 [OVS_KEY_ATTR_TCP_FLAGS] = { .len = sizeof(__be16) }, 335 [OVS_KEY_ATTR_UDP] = { .len = sizeof(struct ovs_key_udp) }, 336 [OVS_KEY_ATTR_SCTP] = { .len = sizeof(struct ovs_key_sctp) }, 337 [OVS_KEY_ATTR_ICMP] = { .len = sizeof(struct ovs_key_icmp) }, 338 [OVS_KEY_ATTR_ICMPV6] = { .len = sizeof(struct ovs_key_icmpv6) }, 339 [OVS_KEY_ATTR_ARP] = { .len = sizeof(struct ovs_key_arp) }, 340 [OVS_KEY_ATTR_ND] = { .len = sizeof(struct ovs_key_nd) }, 341 [OVS_KEY_ATTR_RECIRC_ID] = { .len = sizeof(u32) }, 342 [OVS_KEY_ATTR_DP_HASH] = { .len = sizeof(u32) }, 343 [OVS_KEY_ATTR_TUNNEL] = { .len = OVS_ATTR_NESTED, 344 .next = ovs_tunnel_key_lens, }, 345 [OVS_KEY_ATTR_MPLS] = { .len = sizeof(struct ovs_key_mpls) }, 346 [OVS_KEY_ATTR_CT_STATE] = { .len = sizeof(u8) }, 347 [OVS_KEY_ATTR_CT_ZONE] = { .len = sizeof(u16) }, 348 [OVS_KEY_ATTR_CT_MARK] = { .len = sizeof(u32) }, 349 [OVS_KEY_ATTR_CT_LABEL] = { .len = sizeof(struct ovs_key_ct_label) }, 350 }; 351 352 static bool is_all_zero(const u8 *fp, size_t size) 353 { 354 int i; 355 356 if (!fp) 357 return false; 358 359 for (i = 0; i < size; i++) 360 if (fp[i]) 361 return false; 362 363 return true; 364 } 365 366 static int __parse_flow_nlattrs(const struct nlattr *attr, 367 const struct nlattr *a[], 368 u64 *attrsp, bool log, bool nz) 369 { 370 const struct nlattr *nla; 371 u64 attrs; 372 int rem; 373 374 attrs = *attrsp; 375 nla_for_each_nested(nla, attr, rem) { 376 u16 type = nla_type(nla); 377 int expected_len; 378 379 if (type > OVS_KEY_ATTR_MAX) { 380 OVS_NLERR(log, "Key type %d is out of range max %d", 381 type, OVS_KEY_ATTR_MAX); 382 return -EINVAL; 383 } 384 385 if (attrs & (1 << type)) { 386 OVS_NLERR(log, "Duplicate key (type %d).", type); 387 return -EINVAL; 388 } 389 390 expected_len = ovs_key_lens[type].len; 391 if (nla_len(nla) != expected_len && expected_len != OVS_ATTR_NESTED) { 392 OVS_NLERR(log, "Key %d has unexpected len %d expected %d", 393 type, nla_len(nla), expected_len); 394 return -EINVAL; 395 } 396 397 if (!nz || !is_all_zero(nla_data(nla), expected_len)) { 398 attrs |= 1 << type; 399 a[type] = nla; 400 } 401 } 402 if (rem) { 403 OVS_NLERR(log, "Message has %d unknown bytes.", rem); 404 return -EINVAL; 405 } 406 407 *attrsp = attrs; 408 return 0; 409 } 410 411 static int parse_flow_mask_nlattrs(const struct nlattr *attr, 412 const struct nlattr *a[], u64 *attrsp, 413 bool log) 414 { 415 return __parse_flow_nlattrs(attr, a, attrsp, log, true); 416 } 417 418 static int parse_flow_nlattrs(const struct nlattr *attr, 419 const struct nlattr *a[], u64 *attrsp, 420 bool log) 421 { 422 return __parse_flow_nlattrs(attr, a, attrsp, log, false); 423 } 424 425 static int genev_tun_opt_from_nlattr(const struct nlattr *a, 426 struct sw_flow_match *match, bool is_mask, 427 bool log) 428 { 429 unsigned long opt_key_offset; 430 431 if (nla_len(a) > sizeof(match->key->tun_opts)) { 432 OVS_NLERR(log, "Geneve option length err (len %d, max %zu).", 433 nla_len(a), sizeof(match->key->tun_opts)); 434 return -EINVAL; 435 } 436 437 if (nla_len(a) % 4 != 0) { 438 OVS_NLERR(log, "Geneve opt len %d is not a multiple of 4.", 439 nla_len(a)); 440 return -EINVAL; 441 } 442 443 /* We need to record the length of the options passed 444 * down, otherwise packets with the same format but 445 * additional options will be silently matched. 446 */ 447 if (!is_mask) { 448 SW_FLOW_KEY_PUT(match, tun_opts_len, nla_len(a), 449 false); 450 } else { 451 /* This is somewhat unusual because it looks at 452 * both the key and mask while parsing the 453 * attributes (and by extension assumes the key 454 * is parsed first). Normally, we would verify 455 * that each is the correct length and that the 456 * attributes line up in the validate function. 457 * However, that is difficult because this is 458 * variable length and we won't have the 459 * information later. 460 */ 461 if (match->key->tun_opts_len != nla_len(a)) { 462 OVS_NLERR(log, "Geneve option len %d != mask len %d", 463 match->key->tun_opts_len, nla_len(a)); 464 return -EINVAL; 465 } 466 467 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true); 468 } 469 470 opt_key_offset = TUN_METADATA_OFFSET(nla_len(a)); 471 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, nla_data(a), 472 nla_len(a), is_mask); 473 return 0; 474 } 475 476 static const struct nla_policy vxlan_opt_policy[OVS_VXLAN_EXT_MAX + 1] = { 477 [OVS_VXLAN_EXT_GBP] = { .type = NLA_U32 }, 478 }; 479 480 static int vxlan_tun_opt_from_nlattr(const struct nlattr *a, 481 struct sw_flow_match *match, bool is_mask, 482 bool log) 483 { 484 struct nlattr *tb[OVS_VXLAN_EXT_MAX+1]; 485 unsigned long opt_key_offset; 486 struct vxlan_metadata opts; 487 int err; 488 489 BUILD_BUG_ON(sizeof(opts) > sizeof(match->key->tun_opts)); 490 491 err = nla_parse_nested(tb, OVS_VXLAN_EXT_MAX, a, vxlan_opt_policy); 492 if (err < 0) 493 return err; 494 495 memset(&opts, 0, sizeof(opts)); 496 497 if (tb[OVS_VXLAN_EXT_GBP]) 498 opts.gbp = nla_get_u32(tb[OVS_VXLAN_EXT_GBP]); 499 500 if (!is_mask) 501 SW_FLOW_KEY_PUT(match, tun_opts_len, sizeof(opts), false); 502 else 503 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true); 504 505 opt_key_offset = TUN_METADATA_OFFSET(sizeof(opts)); 506 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, &opts, sizeof(opts), 507 is_mask); 508 return 0; 509 } 510 511 static int ipv4_tun_from_nlattr(const struct nlattr *attr, 512 struct sw_flow_match *match, bool is_mask, 513 bool log) 514 { 515 struct nlattr *a; 516 int rem; 517 bool ttl = false; 518 __be16 tun_flags = 0; 519 int opts_type = 0; 520 521 nla_for_each_nested(a, attr, rem) { 522 int type = nla_type(a); 523 int err; 524 525 if (type > OVS_TUNNEL_KEY_ATTR_MAX) { 526 OVS_NLERR(log, "Tunnel attr %d out of range max %d", 527 type, OVS_TUNNEL_KEY_ATTR_MAX); 528 return -EINVAL; 529 } 530 531 if (ovs_tunnel_key_lens[type].len != nla_len(a) && 532 ovs_tunnel_key_lens[type].len != OVS_ATTR_NESTED) { 533 OVS_NLERR(log, "Tunnel attr %d has unexpected len %d expected %d", 534 type, nla_len(a), ovs_tunnel_key_lens[type].len); 535 return -EINVAL; 536 } 537 538 switch (type) { 539 case OVS_TUNNEL_KEY_ATTR_ID: 540 SW_FLOW_KEY_PUT(match, tun_key.tun_id, 541 nla_get_be64(a), is_mask); 542 tun_flags |= TUNNEL_KEY; 543 break; 544 case OVS_TUNNEL_KEY_ATTR_IPV4_SRC: 545 SW_FLOW_KEY_PUT(match, tun_key.u.ipv4.src, 546 nla_get_in_addr(a), is_mask); 547 break; 548 case OVS_TUNNEL_KEY_ATTR_IPV4_DST: 549 SW_FLOW_KEY_PUT(match, tun_key.u.ipv4.dst, 550 nla_get_in_addr(a), is_mask); 551 break; 552 case OVS_TUNNEL_KEY_ATTR_TOS: 553 SW_FLOW_KEY_PUT(match, tun_key.tos, 554 nla_get_u8(a), is_mask); 555 break; 556 case OVS_TUNNEL_KEY_ATTR_TTL: 557 SW_FLOW_KEY_PUT(match, tun_key.ttl, 558 nla_get_u8(a), is_mask); 559 ttl = true; 560 break; 561 case OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT: 562 tun_flags |= TUNNEL_DONT_FRAGMENT; 563 break; 564 case OVS_TUNNEL_KEY_ATTR_CSUM: 565 tun_flags |= TUNNEL_CSUM; 566 break; 567 case OVS_TUNNEL_KEY_ATTR_TP_SRC: 568 SW_FLOW_KEY_PUT(match, tun_key.tp_src, 569 nla_get_be16(a), is_mask); 570 break; 571 case OVS_TUNNEL_KEY_ATTR_TP_DST: 572 SW_FLOW_KEY_PUT(match, tun_key.tp_dst, 573 nla_get_be16(a), is_mask); 574 break; 575 case OVS_TUNNEL_KEY_ATTR_OAM: 576 tun_flags |= TUNNEL_OAM; 577 break; 578 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS: 579 if (opts_type) { 580 OVS_NLERR(log, "Multiple metadata blocks provided"); 581 return -EINVAL; 582 } 583 584 err = genev_tun_opt_from_nlattr(a, match, is_mask, log); 585 if (err) 586 return err; 587 588 tun_flags |= TUNNEL_GENEVE_OPT; 589 opts_type = type; 590 break; 591 case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS: 592 if (opts_type) { 593 OVS_NLERR(log, "Multiple metadata blocks provided"); 594 return -EINVAL; 595 } 596 597 err = vxlan_tun_opt_from_nlattr(a, match, is_mask, log); 598 if (err) 599 return err; 600 601 tun_flags |= TUNNEL_VXLAN_OPT; 602 opts_type = type; 603 break; 604 default: 605 OVS_NLERR(log, "Unknown IPv4 tunnel attribute %d", 606 type); 607 return -EINVAL; 608 } 609 } 610 611 SW_FLOW_KEY_PUT(match, tun_key.tun_flags, tun_flags, is_mask); 612 613 if (rem > 0) { 614 OVS_NLERR(log, "IPv4 tunnel attribute has %d unknown bytes.", 615 rem); 616 return -EINVAL; 617 } 618 619 if (!is_mask) { 620 if (!match->key->tun_key.u.ipv4.dst) { 621 OVS_NLERR(log, "IPv4 tunnel dst address is zero"); 622 return -EINVAL; 623 } 624 625 if (!ttl) { 626 OVS_NLERR(log, "IPv4 tunnel TTL not specified."); 627 return -EINVAL; 628 } 629 } 630 631 return opts_type; 632 } 633 634 static int vxlan_opt_to_nlattr(struct sk_buff *skb, 635 const void *tun_opts, int swkey_tun_opts_len) 636 { 637 const struct vxlan_metadata *opts = tun_opts; 638 struct nlattr *nla; 639 640 nla = nla_nest_start(skb, OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS); 641 if (!nla) 642 return -EMSGSIZE; 643 644 if (nla_put_u32(skb, OVS_VXLAN_EXT_GBP, opts->gbp) < 0) 645 return -EMSGSIZE; 646 647 nla_nest_end(skb, nla); 648 return 0; 649 } 650 651 static int __ipv4_tun_to_nlattr(struct sk_buff *skb, 652 const struct ip_tunnel_key *output, 653 const void *tun_opts, int swkey_tun_opts_len) 654 { 655 if (output->tun_flags & TUNNEL_KEY && 656 nla_put_be64(skb, OVS_TUNNEL_KEY_ATTR_ID, output->tun_id)) 657 return -EMSGSIZE; 658 if (output->u.ipv4.src && 659 nla_put_in_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV4_SRC, 660 output->u.ipv4.src)) 661 return -EMSGSIZE; 662 if (output->u.ipv4.dst && 663 nla_put_in_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV4_DST, 664 output->u.ipv4.dst)) 665 return -EMSGSIZE; 666 if (output->tos && 667 nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TOS, output->tos)) 668 return -EMSGSIZE; 669 if (nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TTL, output->ttl)) 670 return -EMSGSIZE; 671 if ((output->tun_flags & TUNNEL_DONT_FRAGMENT) && 672 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT)) 673 return -EMSGSIZE; 674 if ((output->tun_flags & TUNNEL_CSUM) && 675 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_CSUM)) 676 return -EMSGSIZE; 677 if (output->tp_src && 678 nla_put_be16(skb, OVS_TUNNEL_KEY_ATTR_TP_SRC, output->tp_src)) 679 return -EMSGSIZE; 680 if (output->tp_dst && 681 nla_put_be16(skb, OVS_TUNNEL_KEY_ATTR_TP_DST, output->tp_dst)) 682 return -EMSGSIZE; 683 if ((output->tun_flags & TUNNEL_OAM) && 684 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_OAM)) 685 return -EMSGSIZE; 686 if (tun_opts) { 687 if (output->tun_flags & TUNNEL_GENEVE_OPT && 688 nla_put(skb, OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS, 689 swkey_tun_opts_len, tun_opts)) 690 return -EMSGSIZE; 691 else if (output->tun_flags & TUNNEL_VXLAN_OPT && 692 vxlan_opt_to_nlattr(skb, tun_opts, swkey_tun_opts_len)) 693 return -EMSGSIZE; 694 } 695 696 return 0; 697 } 698 699 static int ipv4_tun_to_nlattr(struct sk_buff *skb, 700 const struct ip_tunnel_key *output, 701 const void *tun_opts, int swkey_tun_opts_len) 702 { 703 struct nlattr *nla; 704 int err; 705 706 nla = nla_nest_start(skb, OVS_KEY_ATTR_TUNNEL); 707 if (!nla) 708 return -EMSGSIZE; 709 710 err = __ipv4_tun_to_nlattr(skb, output, tun_opts, swkey_tun_opts_len); 711 if (err) 712 return err; 713 714 nla_nest_end(skb, nla); 715 return 0; 716 } 717 718 int ovs_nla_put_egress_tunnel_key(struct sk_buff *skb, 719 const struct ip_tunnel_info *egress_tun_info, 720 const void *egress_tun_opts) 721 { 722 return __ipv4_tun_to_nlattr(skb, &egress_tun_info->key, 723 egress_tun_opts, 724 egress_tun_info->options_len); 725 } 726 727 static int metadata_from_nlattrs(struct net *net, struct sw_flow_match *match, 728 u64 *attrs, const struct nlattr **a, 729 bool is_mask, bool log) 730 { 731 if (*attrs & (1 << OVS_KEY_ATTR_DP_HASH)) { 732 u32 hash_val = nla_get_u32(a[OVS_KEY_ATTR_DP_HASH]); 733 734 SW_FLOW_KEY_PUT(match, ovs_flow_hash, hash_val, is_mask); 735 *attrs &= ~(1 << OVS_KEY_ATTR_DP_HASH); 736 } 737 738 if (*attrs & (1 << OVS_KEY_ATTR_RECIRC_ID)) { 739 u32 recirc_id = nla_get_u32(a[OVS_KEY_ATTR_RECIRC_ID]); 740 741 SW_FLOW_KEY_PUT(match, recirc_id, recirc_id, is_mask); 742 *attrs &= ~(1 << OVS_KEY_ATTR_RECIRC_ID); 743 } 744 745 if (*attrs & (1 << OVS_KEY_ATTR_PRIORITY)) { 746 SW_FLOW_KEY_PUT(match, phy.priority, 747 nla_get_u32(a[OVS_KEY_ATTR_PRIORITY]), is_mask); 748 *attrs &= ~(1 << OVS_KEY_ATTR_PRIORITY); 749 } 750 751 if (*attrs & (1 << OVS_KEY_ATTR_IN_PORT)) { 752 u32 in_port = nla_get_u32(a[OVS_KEY_ATTR_IN_PORT]); 753 754 if (is_mask) { 755 in_port = 0xffffffff; /* Always exact match in_port. */ 756 } else if (in_port >= DP_MAX_PORTS) { 757 OVS_NLERR(log, "Port %d exceeds max allowable %d", 758 in_port, DP_MAX_PORTS); 759 return -EINVAL; 760 } 761 762 SW_FLOW_KEY_PUT(match, phy.in_port, in_port, is_mask); 763 *attrs &= ~(1 << OVS_KEY_ATTR_IN_PORT); 764 } else if (!is_mask) { 765 SW_FLOW_KEY_PUT(match, phy.in_port, DP_MAX_PORTS, is_mask); 766 } 767 768 if (*attrs & (1 << OVS_KEY_ATTR_SKB_MARK)) { 769 uint32_t mark = nla_get_u32(a[OVS_KEY_ATTR_SKB_MARK]); 770 771 SW_FLOW_KEY_PUT(match, phy.skb_mark, mark, is_mask); 772 *attrs &= ~(1 << OVS_KEY_ATTR_SKB_MARK); 773 } 774 if (*attrs & (1 << OVS_KEY_ATTR_TUNNEL)) { 775 if (ipv4_tun_from_nlattr(a[OVS_KEY_ATTR_TUNNEL], match, 776 is_mask, log) < 0) 777 return -EINVAL; 778 *attrs &= ~(1 << OVS_KEY_ATTR_TUNNEL); 779 } 780 781 if (*attrs & (1 << OVS_KEY_ATTR_CT_STATE) && 782 ovs_ct_verify(net, OVS_KEY_ATTR_CT_STATE)) { 783 u8 ct_state = nla_get_u8(a[OVS_KEY_ATTR_CT_STATE]); 784 785 SW_FLOW_KEY_PUT(match, ct.state, ct_state, is_mask); 786 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_STATE); 787 } 788 if (*attrs & (1 << OVS_KEY_ATTR_CT_ZONE) && 789 ovs_ct_verify(net, OVS_KEY_ATTR_CT_ZONE)) { 790 u16 ct_zone = nla_get_u16(a[OVS_KEY_ATTR_CT_ZONE]); 791 792 SW_FLOW_KEY_PUT(match, ct.zone, ct_zone, is_mask); 793 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ZONE); 794 } 795 if (*attrs & (1 << OVS_KEY_ATTR_CT_MARK) && 796 ovs_ct_verify(net, OVS_KEY_ATTR_CT_MARK)) { 797 u32 mark = nla_get_u32(a[OVS_KEY_ATTR_CT_MARK]); 798 799 SW_FLOW_KEY_PUT(match, ct.mark, mark, is_mask); 800 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_MARK); 801 } 802 if (*attrs & (1 << OVS_KEY_ATTR_CT_LABEL) && 803 ovs_ct_verify(net, OVS_KEY_ATTR_CT_LABEL)) { 804 const struct ovs_key_ct_label *cl; 805 806 cl = nla_data(a[OVS_KEY_ATTR_CT_LABEL]); 807 SW_FLOW_KEY_MEMCPY(match, ct.label, cl->ct_label, 808 sizeof(*cl), is_mask); 809 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_LABEL); 810 } 811 return 0; 812 } 813 814 static int ovs_key_from_nlattrs(struct net *net, struct sw_flow_match *match, 815 u64 attrs, const struct nlattr **a, 816 bool is_mask, bool log) 817 { 818 int err; 819 820 err = metadata_from_nlattrs(net, match, &attrs, a, is_mask, log); 821 if (err) 822 return err; 823 824 if (attrs & (1 << OVS_KEY_ATTR_ETHERNET)) { 825 const struct ovs_key_ethernet *eth_key; 826 827 eth_key = nla_data(a[OVS_KEY_ATTR_ETHERNET]); 828 SW_FLOW_KEY_MEMCPY(match, eth.src, 829 eth_key->eth_src, ETH_ALEN, is_mask); 830 SW_FLOW_KEY_MEMCPY(match, eth.dst, 831 eth_key->eth_dst, ETH_ALEN, is_mask); 832 attrs &= ~(1 << OVS_KEY_ATTR_ETHERNET); 833 } 834 835 if (attrs & (1 << OVS_KEY_ATTR_VLAN)) { 836 __be16 tci; 837 838 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]); 839 if (!(tci & htons(VLAN_TAG_PRESENT))) { 840 if (is_mask) 841 OVS_NLERR(log, "VLAN TCI mask does not have exact match for VLAN_TAG_PRESENT bit."); 842 else 843 OVS_NLERR(log, "VLAN TCI does not have VLAN_TAG_PRESENT bit set."); 844 845 return -EINVAL; 846 } 847 848 SW_FLOW_KEY_PUT(match, eth.tci, tci, is_mask); 849 attrs &= ~(1 << OVS_KEY_ATTR_VLAN); 850 } 851 852 if (attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) { 853 __be16 eth_type; 854 855 eth_type = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]); 856 if (is_mask) { 857 /* Always exact match EtherType. */ 858 eth_type = htons(0xffff); 859 } else if (!eth_proto_is_802_3(eth_type)) { 860 OVS_NLERR(log, "EtherType %x is less than min %x", 861 ntohs(eth_type), ETH_P_802_3_MIN); 862 return -EINVAL; 863 } 864 865 SW_FLOW_KEY_PUT(match, eth.type, eth_type, is_mask); 866 attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE); 867 } else if (!is_mask) { 868 SW_FLOW_KEY_PUT(match, eth.type, htons(ETH_P_802_2), is_mask); 869 } 870 871 if (attrs & (1 << OVS_KEY_ATTR_IPV4)) { 872 const struct ovs_key_ipv4 *ipv4_key; 873 874 ipv4_key = nla_data(a[OVS_KEY_ATTR_IPV4]); 875 if (!is_mask && ipv4_key->ipv4_frag > OVS_FRAG_TYPE_MAX) { 876 OVS_NLERR(log, "IPv4 frag type %d is out of range max %d", 877 ipv4_key->ipv4_frag, OVS_FRAG_TYPE_MAX); 878 return -EINVAL; 879 } 880 SW_FLOW_KEY_PUT(match, ip.proto, 881 ipv4_key->ipv4_proto, is_mask); 882 SW_FLOW_KEY_PUT(match, ip.tos, 883 ipv4_key->ipv4_tos, is_mask); 884 SW_FLOW_KEY_PUT(match, ip.ttl, 885 ipv4_key->ipv4_ttl, is_mask); 886 SW_FLOW_KEY_PUT(match, ip.frag, 887 ipv4_key->ipv4_frag, is_mask); 888 SW_FLOW_KEY_PUT(match, ipv4.addr.src, 889 ipv4_key->ipv4_src, is_mask); 890 SW_FLOW_KEY_PUT(match, ipv4.addr.dst, 891 ipv4_key->ipv4_dst, is_mask); 892 attrs &= ~(1 << OVS_KEY_ATTR_IPV4); 893 } 894 895 if (attrs & (1 << OVS_KEY_ATTR_IPV6)) { 896 const struct ovs_key_ipv6 *ipv6_key; 897 898 ipv6_key = nla_data(a[OVS_KEY_ATTR_IPV6]); 899 if (!is_mask && ipv6_key->ipv6_frag > OVS_FRAG_TYPE_MAX) { 900 OVS_NLERR(log, "IPv6 frag type %d is out of range max %d", 901 ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX); 902 return -EINVAL; 903 } 904 905 if (!is_mask && ipv6_key->ipv6_label & htonl(0xFFF00000)) { 906 OVS_NLERR(log, "IPv6 flow label %x is out of range (max=%x).\n", 907 ntohl(ipv6_key->ipv6_label), (1 << 20) - 1); 908 return -EINVAL; 909 } 910 911 SW_FLOW_KEY_PUT(match, ipv6.label, 912 ipv6_key->ipv6_label, is_mask); 913 SW_FLOW_KEY_PUT(match, ip.proto, 914 ipv6_key->ipv6_proto, is_mask); 915 SW_FLOW_KEY_PUT(match, ip.tos, 916 ipv6_key->ipv6_tclass, is_mask); 917 SW_FLOW_KEY_PUT(match, ip.ttl, 918 ipv6_key->ipv6_hlimit, is_mask); 919 SW_FLOW_KEY_PUT(match, ip.frag, 920 ipv6_key->ipv6_frag, is_mask); 921 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.src, 922 ipv6_key->ipv6_src, 923 sizeof(match->key->ipv6.addr.src), 924 is_mask); 925 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.dst, 926 ipv6_key->ipv6_dst, 927 sizeof(match->key->ipv6.addr.dst), 928 is_mask); 929 930 attrs &= ~(1 << OVS_KEY_ATTR_IPV6); 931 } 932 933 if (attrs & (1 << OVS_KEY_ATTR_ARP)) { 934 const struct ovs_key_arp *arp_key; 935 936 arp_key = nla_data(a[OVS_KEY_ATTR_ARP]); 937 if (!is_mask && (arp_key->arp_op & htons(0xff00))) { 938 OVS_NLERR(log, "Unknown ARP opcode (opcode=%d).", 939 arp_key->arp_op); 940 return -EINVAL; 941 } 942 943 SW_FLOW_KEY_PUT(match, ipv4.addr.src, 944 arp_key->arp_sip, is_mask); 945 SW_FLOW_KEY_PUT(match, ipv4.addr.dst, 946 arp_key->arp_tip, is_mask); 947 SW_FLOW_KEY_PUT(match, ip.proto, 948 ntohs(arp_key->arp_op), is_mask); 949 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.sha, 950 arp_key->arp_sha, ETH_ALEN, is_mask); 951 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.tha, 952 arp_key->arp_tha, ETH_ALEN, is_mask); 953 954 attrs &= ~(1 << OVS_KEY_ATTR_ARP); 955 } 956 957 if (attrs & (1 << OVS_KEY_ATTR_MPLS)) { 958 const struct ovs_key_mpls *mpls_key; 959 960 mpls_key = nla_data(a[OVS_KEY_ATTR_MPLS]); 961 SW_FLOW_KEY_PUT(match, mpls.top_lse, 962 mpls_key->mpls_lse, is_mask); 963 964 attrs &= ~(1 << OVS_KEY_ATTR_MPLS); 965 } 966 967 if (attrs & (1 << OVS_KEY_ATTR_TCP)) { 968 const struct ovs_key_tcp *tcp_key; 969 970 tcp_key = nla_data(a[OVS_KEY_ATTR_TCP]); 971 SW_FLOW_KEY_PUT(match, tp.src, tcp_key->tcp_src, is_mask); 972 SW_FLOW_KEY_PUT(match, tp.dst, tcp_key->tcp_dst, is_mask); 973 attrs &= ~(1 << OVS_KEY_ATTR_TCP); 974 } 975 976 if (attrs & (1 << OVS_KEY_ATTR_TCP_FLAGS)) { 977 SW_FLOW_KEY_PUT(match, tp.flags, 978 nla_get_be16(a[OVS_KEY_ATTR_TCP_FLAGS]), 979 is_mask); 980 attrs &= ~(1 << OVS_KEY_ATTR_TCP_FLAGS); 981 } 982 983 if (attrs & (1 << OVS_KEY_ATTR_UDP)) { 984 const struct ovs_key_udp *udp_key; 985 986 udp_key = nla_data(a[OVS_KEY_ATTR_UDP]); 987 SW_FLOW_KEY_PUT(match, tp.src, udp_key->udp_src, is_mask); 988 SW_FLOW_KEY_PUT(match, tp.dst, udp_key->udp_dst, is_mask); 989 attrs &= ~(1 << OVS_KEY_ATTR_UDP); 990 } 991 992 if (attrs & (1 << OVS_KEY_ATTR_SCTP)) { 993 const struct ovs_key_sctp *sctp_key; 994 995 sctp_key = nla_data(a[OVS_KEY_ATTR_SCTP]); 996 SW_FLOW_KEY_PUT(match, tp.src, sctp_key->sctp_src, is_mask); 997 SW_FLOW_KEY_PUT(match, tp.dst, sctp_key->sctp_dst, is_mask); 998 attrs &= ~(1 << OVS_KEY_ATTR_SCTP); 999 } 1000 1001 if (attrs & (1 << OVS_KEY_ATTR_ICMP)) { 1002 const struct ovs_key_icmp *icmp_key; 1003 1004 icmp_key = nla_data(a[OVS_KEY_ATTR_ICMP]); 1005 SW_FLOW_KEY_PUT(match, tp.src, 1006 htons(icmp_key->icmp_type), is_mask); 1007 SW_FLOW_KEY_PUT(match, tp.dst, 1008 htons(icmp_key->icmp_code), is_mask); 1009 attrs &= ~(1 << OVS_KEY_ATTR_ICMP); 1010 } 1011 1012 if (attrs & (1 << OVS_KEY_ATTR_ICMPV6)) { 1013 const struct ovs_key_icmpv6 *icmpv6_key; 1014 1015 icmpv6_key = nla_data(a[OVS_KEY_ATTR_ICMPV6]); 1016 SW_FLOW_KEY_PUT(match, tp.src, 1017 htons(icmpv6_key->icmpv6_type), is_mask); 1018 SW_FLOW_KEY_PUT(match, tp.dst, 1019 htons(icmpv6_key->icmpv6_code), is_mask); 1020 attrs &= ~(1 << OVS_KEY_ATTR_ICMPV6); 1021 } 1022 1023 if (attrs & (1 << OVS_KEY_ATTR_ND)) { 1024 const struct ovs_key_nd *nd_key; 1025 1026 nd_key = nla_data(a[OVS_KEY_ATTR_ND]); 1027 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.target, 1028 nd_key->nd_target, 1029 sizeof(match->key->ipv6.nd.target), 1030 is_mask); 1031 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.sll, 1032 nd_key->nd_sll, ETH_ALEN, is_mask); 1033 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.tll, 1034 nd_key->nd_tll, ETH_ALEN, is_mask); 1035 attrs &= ~(1 << OVS_KEY_ATTR_ND); 1036 } 1037 1038 if (attrs != 0) { 1039 OVS_NLERR(log, "Unknown key attributes %llx", 1040 (unsigned long long)attrs); 1041 return -EINVAL; 1042 } 1043 1044 return 0; 1045 } 1046 1047 static void nlattr_set(struct nlattr *attr, u8 val, 1048 const struct ovs_len_tbl *tbl) 1049 { 1050 struct nlattr *nla; 1051 int rem; 1052 1053 /* The nlattr stream should already have been validated */ 1054 nla_for_each_nested(nla, attr, rem) { 1055 if (tbl && tbl[nla_type(nla)].len == OVS_ATTR_NESTED) 1056 nlattr_set(nla, val, tbl[nla_type(nla)].next); 1057 else 1058 memset(nla_data(nla), val, nla_len(nla)); 1059 } 1060 } 1061 1062 static void mask_set_nlattr(struct nlattr *attr, u8 val) 1063 { 1064 nlattr_set(attr, val, ovs_key_lens); 1065 } 1066 1067 /** 1068 * ovs_nla_get_match - parses Netlink attributes into a flow key and 1069 * mask. In case the 'mask' is NULL, the flow is treated as exact match 1070 * flow. Otherwise, it is treated as a wildcarded flow, except the mask 1071 * does not include any don't care bit. 1072 * @net: Used to determine per-namespace field support. 1073 * @match: receives the extracted flow match information. 1074 * @key: Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink attribute 1075 * sequence. The fields should of the packet that triggered the creation 1076 * of this flow. 1077 * @mask: Optional. Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink 1078 * attribute specifies the mask field of the wildcarded flow. 1079 * @log: Boolean to allow kernel error logging. Normally true, but when 1080 * probing for feature compatibility this should be passed in as false to 1081 * suppress unnecessary error logging. 1082 */ 1083 int ovs_nla_get_match(struct net *net, struct sw_flow_match *match, 1084 const struct nlattr *nla_key, 1085 const struct nlattr *nla_mask, 1086 bool log) 1087 { 1088 const struct nlattr *a[OVS_KEY_ATTR_MAX + 1]; 1089 const struct nlattr *encap; 1090 struct nlattr *newmask = NULL; 1091 u64 key_attrs = 0; 1092 u64 mask_attrs = 0; 1093 bool encap_valid = false; 1094 int err; 1095 1096 err = parse_flow_nlattrs(nla_key, a, &key_attrs, log); 1097 if (err) 1098 return err; 1099 1100 if ((key_attrs & (1 << OVS_KEY_ATTR_ETHERNET)) && 1101 (key_attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) && 1102 (nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]) == htons(ETH_P_8021Q))) { 1103 __be16 tci; 1104 1105 if (!((key_attrs & (1 << OVS_KEY_ATTR_VLAN)) && 1106 (key_attrs & (1 << OVS_KEY_ATTR_ENCAP)))) { 1107 OVS_NLERR(log, "Invalid Vlan frame."); 1108 return -EINVAL; 1109 } 1110 1111 key_attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE); 1112 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]); 1113 encap = a[OVS_KEY_ATTR_ENCAP]; 1114 key_attrs &= ~(1 << OVS_KEY_ATTR_ENCAP); 1115 encap_valid = true; 1116 1117 if (tci & htons(VLAN_TAG_PRESENT)) { 1118 err = parse_flow_nlattrs(encap, a, &key_attrs, log); 1119 if (err) 1120 return err; 1121 } else if (!tci) { 1122 /* Corner case for truncated 802.1Q header. */ 1123 if (nla_len(encap)) { 1124 OVS_NLERR(log, "Truncated 802.1Q header has non-zero encap attribute."); 1125 return -EINVAL; 1126 } 1127 } else { 1128 OVS_NLERR(log, "Encap attr is set for non-VLAN frame"); 1129 return -EINVAL; 1130 } 1131 } 1132 1133 err = ovs_key_from_nlattrs(net, match, key_attrs, a, false, log); 1134 if (err) 1135 return err; 1136 1137 if (match->mask) { 1138 if (!nla_mask) { 1139 /* Create an exact match mask. We need to set to 0xff 1140 * all the 'match->mask' fields that have been touched 1141 * in 'match->key'. We cannot simply memset 1142 * 'match->mask', because padding bytes and fields not 1143 * specified in 'match->key' should be left to 0. 1144 * Instead, we use a stream of netlink attributes, 1145 * copied from 'key' and set to 0xff. 1146 * ovs_key_from_nlattrs() will take care of filling 1147 * 'match->mask' appropriately. 1148 */ 1149 newmask = kmemdup(nla_key, 1150 nla_total_size(nla_len(nla_key)), 1151 GFP_KERNEL); 1152 if (!newmask) 1153 return -ENOMEM; 1154 1155 mask_set_nlattr(newmask, 0xff); 1156 1157 /* The userspace does not send tunnel attributes that 1158 * are 0, but we should not wildcard them nonetheless. 1159 */ 1160 if (match->key->tun_key.u.ipv4.dst) 1161 SW_FLOW_KEY_MEMSET_FIELD(match, tun_key, 1162 0xff, true); 1163 1164 nla_mask = newmask; 1165 } 1166 1167 err = parse_flow_mask_nlattrs(nla_mask, a, &mask_attrs, log); 1168 if (err) 1169 goto free_newmask; 1170 1171 /* Always match on tci. */ 1172 SW_FLOW_KEY_PUT(match, eth.tci, htons(0xffff), true); 1173 1174 if (mask_attrs & 1 << OVS_KEY_ATTR_ENCAP) { 1175 __be16 eth_type = 0; 1176 __be16 tci = 0; 1177 1178 if (!encap_valid) { 1179 OVS_NLERR(log, "Encap mask attribute is set for non-VLAN frame."); 1180 err = -EINVAL; 1181 goto free_newmask; 1182 } 1183 1184 mask_attrs &= ~(1 << OVS_KEY_ATTR_ENCAP); 1185 if (a[OVS_KEY_ATTR_ETHERTYPE]) 1186 eth_type = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]); 1187 1188 if (eth_type == htons(0xffff)) { 1189 mask_attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE); 1190 encap = a[OVS_KEY_ATTR_ENCAP]; 1191 err = parse_flow_mask_nlattrs(encap, a, 1192 &mask_attrs, log); 1193 if (err) 1194 goto free_newmask; 1195 } else { 1196 OVS_NLERR(log, "VLAN frames must have an exact match on the TPID (mask=%x).", 1197 ntohs(eth_type)); 1198 err = -EINVAL; 1199 goto free_newmask; 1200 } 1201 1202 if (a[OVS_KEY_ATTR_VLAN]) 1203 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]); 1204 1205 if (!(tci & htons(VLAN_TAG_PRESENT))) { 1206 OVS_NLERR(log, "VLAN tag present bit must have an exact match (tci_mask=%x).", 1207 ntohs(tci)); 1208 err = -EINVAL; 1209 goto free_newmask; 1210 } 1211 } 1212 1213 err = ovs_key_from_nlattrs(net, match, mask_attrs, a, true, 1214 log); 1215 if (err) 1216 goto free_newmask; 1217 } 1218 1219 if (!match_validate(match, key_attrs, mask_attrs, log)) 1220 err = -EINVAL; 1221 1222 free_newmask: 1223 kfree(newmask); 1224 return err; 1225 } 1226 1227 static size_t get_ufid_len(const struct nlattr *attr, bool log) 1228 { 1229 size_t len; 1230 1231 if (!attr) 1232 return 0; 1233 1234 len = nla_len(attr); 1235 if (len < 1 || len > MAX_UFID_LENGTH) { 1236 OVS_NLERR(log, "ufid size %u bytes exceeds the range (1, %d)", 1237 nla_len(attr), MAX_UFID_LENGTH); 1238 return 0; 1239 } 1240 1241 return len; 1242 } 1243 1244 /* Initializes 'flow->ufid', returning true if 'attr' contains a valid UFID, 1245 * or false otherwise. 1246 */ 1247 bool ovs_nla_get_ufid(struct sw_flow_id *sfid, const struct nlattr *attr, 1248 bool log) 1249 { 1250 sfid->ufid_len = get_ufid_len(attr, log); 1251 if (sfid->ufid_len) 1252 memcpy(sfid->ufid, nla_data(attr), sfid->ufid_len); 1253 1254 return sfid->ufid_len; 1255 } 1256 1257 int ovs_nla_get_identifier(struct sw_flow_id *sfid, const struct nlattr *ufid, 1258 const struct sw_flow_key *key, bool log) 1259 { 1260 struct sw_flow_key *new_key; 1261 1262 if (ovs_nla_get_ufid(sfid, ufid, log)) 1263 return 0; 1264 1265 /* If UFID was not provided, use unmasked key. */ 1266 new_key = kmalloc(sizeof(*new_key), GFP_KERNEL); 1267 if (!new_key) 1268 return -ENOMEM; 1269 memcpy(new_key, key, sizeof(*key)); 1270 sfid->unmasked_key = new_key; 1271 1272 return 0; 1273 } 1274 1275 u32 ovs_nla_get_ufid_flags(const struct nlattr *attr) 1276 { 1277 return attr ? nla_get_u32(attr) : 0; 1278 } 1279 1280 /** 1281 * ovs_nla_get_flow_metadata - parses Netlink attributes into a flow key. 1282 * @key: Receives extracted in_port, priority, tun_key and skb_mark. 1283 * @attr: Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink attribute 1284 * sequence. 1285 * @log: Boolean to allow kernel error logging. Normally true, but when 1286 * probing for feature compatibility this should be passed in as false to 1287 * suppress unnecessary error logging. 1288 * 1289 * This parses a series of Netlink attributes that form a flow key, which must 1290 * take the same form accepted by flow_from_nlattrs(), but only enough of it to 1291 * get the metadata, that is, the parts of the flow key that cannot be 1292 * extracted from the packet itself. 1293 */ 1294 1295 int ovs_nla_get_flow_metadata(struct net *net, const struct nlattr *attr, 1296 struct sw_flow_key *key, 1297 bool log) 1298 { 1299 const struct nlattr *a[OVS_KEY_ATTR_MAX + 1]; 1300 struct sw_flow_match match; 1301 u64 attrs = 0; 1302 int err; 1303 1304 err = parse_flow_nlattrs(attr, a, &attrs, log); 1305 if (err) 1306 return -EINVAL; 1307 1308 memset(&match, 0, sizeof(match)); 1309 match.key = key; 1310 1311 memset(&key->ct, 0, sizeof(key->ct)); 1312 key->phy.in_port = DP_MAX_PORTS; 1313 1314 return metadata_from_nlattrs(net, &match, &attrs, a, false, log); 1315 } 1316 1317 static int __ovs_nla_put_key(const struct sw_flow_key *swkey, 1318 const struct sw_flow_key *output, bool is_mask, 1319 struct sk_buff *skb) 1320 { 1321 struct ovs_key_ethernet *eth_key; 1322 struct nlattr *nla, *encap; 1323 1324 if (nla_put_u32(skb, OVS_KEY_ATTR_RECIRC_ID, output->recirc_id)) 1325 goto nla_put_failure; 1326 1327 if (nla_put_u32(skb, OVS_KEY_ATTR_DP_HASH, output->ovs_flow_hash)) 1328 goto nla_put_failure; 1329 1330 if (nla_put_u32(skb, OVS_KEY_ATTR_PRIORITY, output->phy.priority)) 1331 goto nla_put_failure; 1332 1333 if ((swkey->tun_key.u.ipv4.dst || is_mask)) { 1334 const void *opts = NULL; 1335 1336 if (output->tun_key.tun_flags & TUNNEL_OPTIONS_PRESENT) 1337 opts = TUN_METADATA_OPTS(output, swkey->tun_opts_len); 1338 1339 if (ipv4_tun_to_nlattr(skb, &output->tun_key, opts, 1340 swkey->tun_opts_len)) 1341 goto nla_put_failure; 1342 } 1343 1344 if (swkey->phy.in_port == DP_MAX_PORTS) { 1345 if (is_mask && (output->phy.in_port == 0xffff)) 1346 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT, 0xffffffff)) 1347 goto nla_put_failure; 1348 } else { 1349 u16 upper_u16; 1350 upper_u16 = !is_mask ? 0 : 0xffff; 1351 1352 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT, 1353 (upper_u16 << 16) | output->phy.in_port)) 1354 goto nla_put_failure; 1355 } 1356 1357 if (nla_put_u32(skb, OVS_KEY_ATTR_SKB_MARK, output->phy.skb_mark)) 1358 goto nla_put_failure; 1359 1360 if (ovs_ct_put_key(output, skb)) 1361 goto nla_put_failure; 1362 1363 nla = nla_reserve(skb, OVS_KEY_ATTR_ETHERNET, sizeof(*eth_key)); 1364 if (!nla) 1365 goto nla_put_failure; 1366 1367 eth_key = nla_data(nla); 1368 ether_addr_copy(eth_key->eth_src, output->eth.src); 1369 ether_addr_copy(eth_key->eth_dst, output->eth.dst); 1370 1371 if (swkey->eth.tci || swkey->eth.type == htons(ETH_P_8021Q)) { 1372 __be16 eth_type; 1373 eth_type = !is_mask ? htons(ETH_P_8021Q) : htons(0xffff); 1374 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, eth_type) || 1375 nla_put_be16(skb, OVS_KEY_ATTR_VLAN, output->eth.tci)) 1376 goto nla_put_failure; 1377 encap = nla_nest_start(skb, OVS_KEY_ATTR_ENCAP); 1378 if (!swkey->eth.tci) 1379 goto unencap; 1380 } else 1381 encap = NULL; 1382 1383 if (swkey->eth.type == htons(ETH_P_802_2)) { 1384 /* 1385 * Ethertype 802.2 is represented in the netlink with omitted 1386 * OVS_KEY_ATTR_ETHERTYPE in the flow key attribute, and 1387 * 0xffff in the mask attribute. Ethertype can also 1388 * be wildcarded. 1389 */ 1390 if (is_mask && output->eth.type) 1391 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, 1392 output->eth.type)) 1393 goto nla_put_failure; 1394 goto unencap; 1395 } 1396 1397 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, output->eth.type)) 1398 goto nla_put_failure; 1399 1400 if (swkey->eth.type == htons(ETH_P_IP)) { 1401 struct ovs_key_ipv4 *ipv4_key; 1402 1403 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV4, sizeof(*ipv4_key)); 1404 if (!nla) 1405 goto nla_put_failure; 1406 ipv4_key = nla_data(nla); 1407 ipv4_key->ipv4_src = output->ipv4.addr.src; 1408 ipv4_key->ipv4_dst = output->ipv4.addr.dst; 1409 ipv4_key->ipv4_proto = output->ip.proto; 1410 ipv4_key->ipv4_tos = output->ip.tos; 1411 ipv4_key->ipv4_ttl = output->ip.ttl; 1412 ipv4_key->ipv4_frag = output->ip.frag; 1413 } else if (swkey->eth.type == htons(ETH_P_IPV6)) { 1414 struct ovs_key_ipv6 *ipv6_key; 1415 1416 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV6, sizeof(*ipv6_key)); 1417 if (!nla) 1418 goto nla_put_failure; 1419 ipv6_key = nla_data(nla); 1420 memcpy(ipv6_key->ipv6_src, &output->ipv6.addr.src, 1421 sizeof(ipv6_key->ipv6_src)); 1422 memcpy(ipv6_key->ipv6_dst, &output->ipv6.addr.dst, 1423 sizeof(ipv6_key->ipv6_dst)); 1424 ipv6_key->ipv6_label = output->ipv6.label; 1425 ipv6_key->ipv6_proto = output->ip.proto; 1426 ipv6_key->ipv6_tclass = output->ip.tos; 1427 ipv6_key->ipv6_hlimit = output->ip.ttl; 1428 ipv6_key->ipv6_frag = output->ip.frag; 1429 } else if (swkey->eth.type == htons(ETH_P_ARP) || 1430 swkey->eth.type == htons(ETH_P_RARP)) { 1431 struct ovs_key_arp *arp_key; 1432 1433 nla = nla_reserve(skb, OVS_KEY_ATTR_ARP, sizeof(*arp_key)); 1434 if (!nla) 1435 goto nla_put_failure; 1436 arp_key = nla_data(nla); 1437 memset(arp_key, 0, sizeof(struct ovs_key_arp)); 1438 arp_key->arp_sip = output->ipv4.addr.src; 1439 arp_key->arp_tip = output->ipv4.addr.dst; 1440 arp_key->arp_op = htons(output->ip.proto); 1441 ether_addr_copy(arp_key->arp_sha, output->ipv4.arp.sha); 1442 ether_addr_copy(arp_key->arp_tha, output->ipv4.arp.tha); 1443 } else if (eth_p_mpls(swkey->eth.type)) { 1444 struct ovs_key_mpls *mpls_key; 1445 1446 nla = nla_reserve(skb, OVS_KEY_ATTR_MPLS, sizeof(*mpls_key)); 1447 if (!nla) 1448 goto nla_put_failure; 1449 mpls_key = nla_data(nla); 1450 mpls_key->mpls_lse = output->mpls.top_lse; 1451 } 1452 1453 if ((swkey->eth.type == htons(ETH_P_IP) || 1454 swkey->eth.type == htons(ETH_P_IPV6)) && 1455 swkey->ip.frag != OVS_FRAG_TYPE_LATER) { 1456 1457 if (swkey->ip.proto == IPPROTO_TCP) { 1458 struct ovs_key_tcp *tcp_key; 1459 1460 nla = nla_reserve(skb, OVS_KEY_ATTR_TCP, sizeof(*tcp_key)); 1461 if (!nla) 1462 goto nla_put_failure; 1463 tcp_key = nla_data(nla); 1464 tcp_key->tcp_src = output->tp.src; 1465 tcp_key->tcp_dst = output->tp.dst; 1466 if (nla_put_be16(skb, OVS_KEY_ATTR_TCP_FLAGS, 1467 output->tp.flags)) 1468 goto nla_put_failure; 1469 } else if (swkey->ip.proto == IPPROTO_UDP) { 1470 struct ovs_key_udp *udp_key; 1471 1472 nla = nla_reserve(skb, OVS_KEY_ATTR_UDP, sizeof(*udp_key)); 1473 if (!nla) 1474 goto nla_put_failure; 1475 udp_key = nla_data(nla); 1476 udp_key->udp_src = output->tp.src; 1477 udp_key->udp_dst = output->tp.dst; 1478 } else if (swkey->ip.proto == IPPROTO_SCTP) { 1479 struct ovs_key_sctp *sctp_key; 1480 1481 nla = nla_reserve(skb, OVS_KEY_ATTR_SCTP, sizeof(*sctp_key)); 1482 if (!nla) 1483 goto nla_put_failure; 1484 sctp_key = nla_data(nla); 1485 sctp_key->sctp_src = output->tp.src; 1486 sctp_key->sctp_dst = output->tp.dst; 1487 } else if (swkey->eth.type == htons(ETH_P_IP) && 1488 swkey->ip.proto == IPPROTO_ICMP) { 1489 struct ovs_key_icmp *icmp_key; 1490 1491 nla = nla_reserve(skb, OVS_KEY_ATTR_ICMP, sizeof(*icmp_key)); 1492 if (!nla) 1493 goto nla_put_failure; 1494 icmp_key = nla_data(nla); 1495 icmp_key->icmp_type = ntohs(output->tp.src); 1496 icmp_key->icmp_code = ntohs(output->tp.dst); 1497 } else if (swkey->eth.type == htons(ETH_P_IPV6) && 1498 swkey->ip.proto == IPPROTO_ICMPV6) { 1499 struct ovs_key_icmpv6 *icmpv6_key; 1500 1501 nla = nla_reserve(skb, OVS_KEY_ATTR_ICMPV6, 1502 sizeof(*icmpv6_key)); 1503 if (!nla) 1504 goto nla_put_failure; 1505 icmpv6_key = nla_data(nla); 1506 icmpv6_key->icmpv6_type = ntohs(output->tp.src); 1507 icmpv6_key->icmpv6_code = ntohs(output->tp.dst); 1508 1509 if (icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_SOLICITATION || 1510 icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_ADVERTISEMENT) { 1511 struct ovs_key_nd *nd_key; 1512 1513 nla = nla_reserve(skb, OVS_KEY_ATTR_ND, sizeof(*nd_key)); 1514 if (!nla) 1515 goto nla_put_failure; 1516 nd_key = nla_data(nla); 1517 memcpy(nd_key->nd_target, &output->ipv6.nd.target, 1518 sizeof(nd_key->nd_target)); 1519 ether_addr_copy(nd_key->nd_sll, output->ipv6.nd.sll); 1520 ether_addr_copy(nd_key->nd_tll, output->ipv6.nd.tll); 1521 } 1522 } 1523 } 1524 1525 unencap: 1526 if (encap) 1527 nla_nest_end(skb, encap); 1528 1529 return 0; 1530 1531 nla_put_failure: 1532 return -EMSGSIZE; 1533 } 1534 1535 int ovs_nla_put_key(const struct sw_flow_key *swkey, 1536 const struct sw_flow_key *output, int attr, bool is_mask, 1537 struct sk_buff *skb) 1538 { 1539 int err; 1540 struct nlattr *nla; 1541 1542 nla = nla_nest_start(skb, attr); 1543 if (!nla) 1544 return -EMSGSIZE; 1545 err = __ovs_nla_put_key(swkey, output, is_mask, skb); 1546 if (err) 1547 return err; 1548 nla_nest_end(skb, nla); 1549 1550 return 0; 1551 } 1552 1553 /* Called with ovs_mutex or RCU read lock. */ 1554 int ovs_nla_put_identifier(const struct sw_flow *flow, struct sk_buff *skb) 1555 { 1556 if (ovs_identifier_is_ufid(&flow->id)) 1557 return nla_put(skb, OVS_FLOW_ATTR_UFID, flow->id.ufid_len, 1558 flow->id.ufid); 1559 1560 return ovs_nla_put_key(flow->id.unmasked_key, flow->id.unmasked_key, 1561 OVS_FLOW_ATTR_KEY, false, skb); 1562 } 1563 1564 /* Called with ovs_mutex or RCU read lock. */ 1565 int ovs_nla_put_masked_key(const struct sw_flow *flow, struct sk_buff *skb) 1566 { 1567 return ovs_nla_put_key(&flow->key, &flow->key, 1568 OVS_FLOW_ATTR_KEY, false, skb); 1569 } 1570 1571 /* Called with ovs_mutex or RCU read lock. */ 1572 int ovs_nla_put_mask(const struct sw_flow *flow, struct sk_buff *skb) 1573 { 1574 return ovs_nla_put_key(&flow->key, &flow->mask->key, 1575 OVS_FLOW_ATTR_MASK, true, skb); 1576 } 1577 1578 #define MAX_ACTIONS_BUFSIZE (32 * 1024) 1579 1580 static struct sw_flow_actions *nla_alloc_flow_actions(int size, bool log) 1581 { 1582 struct sw_flow_actions *sfa; 1583 1584 if (size > MAX_ACTIONS_BUFSIZE) { 1585 OVS_NLERR(log, "Flow action size %u bytes exceeds max", size); 1586 return ERR_PTR(-EINVAL); 1587 } 1588 1589 sfa = kmalloc(sizeof(*sfa) + size, GFP_KERNEL); 1590 if (!sfa) 1591 return ERR_PTR(-ENOMEM); 1592 1593 sfa->actions_len = 0; 1594 return sfa; 1595 } 1596 1597 static void ovs_nla_free_set_action(const struct nlattr *a) 1598 { 1599 const struct nlattr *ovs_key = nla_data(a); 1600 struct ovs_tunnel_info *ovs_tun; 1601 1602 switch (nla_type(ovs_key)) { 1603 case OVS_KEY_ATTR_TUNNEL_INFO: 1604 ovs_tun = nla_data(ovs_key); 1605 dst_release((struct dst_entry *)ovs_tun->tun_dst); 1606 break; 1607 } 1608 } 1609 1610 void ovs_nla_free_flow_actions(struct sw_flow_actions *sf_acts) 1611 { 1612 const struct nlattr *a; 1613 int rem; 1614 1615 if (!sf_acts) 1616 return; 1617 1618 nla_for_each_attr(a, sf_acts->actions, sf_acts->actions_len, rem) { 1619 switch (nla_type(a)) { 1620 case OVS_ACTION_ATTR_SET: 1621 ovs_nla_free_set_action(a); 1622 break; 1623 case OVS_ACTION_ATTR_CT: 1624 ovs_ct_free_action(a); 1625 break; 1626 } 1627 } 1628 1629 kfree(sf_acts); 1630 } 1631 1632 static void __ovs_nla_free_flow_actions(struct rcu_head *head) 1633 { 1634 ovs_nla_free_flow_actions(container_of(head, struct sw_flow_actions, rcu)); 1635 } 1636 1637 /* Schedules 'sf_acts' to be freed after the next RCU grace period. 1638 * The caller must hold rcu_read_lock for this to be sensible. */ 1639 void ovs_nla_free_flow_actions_rcu(struct sw_flow_actions *sf_acts) 1640 { 1641 call_rcu(&sf_acts->rcu, __ovs_nla_free_flow_actions); 1642 } 1643 1644 static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, 1645 int attr_len, bool log) 1646 { 1647 1648 struct sw_flow_actions *acts; 1649 int new_acts_size; 1650 int req_size = NLA_ALIGN(attr_len); 1651 int next_offset = offsetof(struct sw_flow_actions, actions) + 1652 (*sfa)->actions_len; 1653 1654 if (req_size <= (ksize(*sfa) - next_offset)) 1655 goto out; 1656 1657 new_acts_size = ksize(*sfa) * 2; 1658 1659 if (new_acts_size > MAX_ACTIONS_BUFSIZE) { 1660 if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) 1661 return ERR_PTR(-EMSGSIZE); 1662 new_acts_size = MAX_ACTIONS_BUFSIZE; 1663 } 1664 1665 acts = nla_alloc_flow_actions(new_acts_size, log); 1666 if (IS_ERR(acts)) 1667 return (void *)acts; 1668 1669 memcpy(acts->actions, (*sfa)->actions, (*sfa)->actions_len); 1670 acts->actions_len = (*sfa)->actions_len; 1671 acts->orig_len = (*sfa)->orig_len; 1672 kfree(*sfa); 1673 *sfa = acts; 1674 1675 out: 1676 (*sfa)->actions_len += req_size; 1677 return (struct nlattr *) ((unsigned char *)(*sfa) + next_offset); 1678 } 1679 1680 static struct nlattr *__add_action(struct sw_flow_actions **sfa, 1681 int attrtype, void *data, int len, bool log) 1682 { 1683 struct nlattr *a; 1684 1685 a = reserve_sfa_size(sfa, nla_attr_size(len), log); 1686 if (IS_ERR(a)) 1687 return a; 1688 1689 a->nla_type = attrtype; 1690 a->nla_len = nla_attr_size(len); 1691 1692 if (data) 1693 memcpy(nla_data(a), data, len); 1694 memset((unsigned char *) a + a->nla_len, 0, nla_padlen(len)); 1695 1696 return a; 1697 } 1698 1699 int ovs_nla_add_action(struct sw_flow_actions **sfa, int attrtype, void *data, 1700 int len, bool log) 1701 { 1702 struct nlattr *a; 1703 1704 a = __add_action(sfa, attrtype, data, len, log); 1705 1706 return PTR_ERR_OR_ZERO(a); 1707 } 1708 1709 static inline int add_nested_action_start(struct sw_flow_actions **sfa, 1710 int attrtype, bool log) 1711 { 1712 int used = (*sfa)->actions_len; 1713 int err; 1714 1715 err = ovs_nla_add_action(sfa, attrtype, NULL, 0, log); 1716 if (err) 1717 return err; 1718 1719 return used; 1720 } 1721 1722 static inline void add_nested_action_end(struct sw_flow_actions *sfa, 1723 int st_offset) 1724 { 1725 struct nlattr *a = (struct nlattr *) ((unsigned char *)sfa->actions + 1726 st_offset); 1727 1728 a->nla_len = sfa->actions_len - st_offset; 1729 } 1730 1731 static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, 1732 const struct sw_flow_key *key, 1733 int depth, struct sw_flow_actions **sfa, 1734 __be16 eth_type, __be16 vlan_tci, bool log); 1735 1736 static int validate_and_copy_sample(struct net *net, const struct nlattr *attr, 1737 const struct sw_flow_key *key, int depth, 1738 struct sw_flow_actions **sfa, 1739 __be16 eth_type, __be16 vlan_tci, bool log) 1740 { 1741 const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1]; 1742 const struct nlattr *probability, *actions; 1743 const struct nlattr *a; 1744 int rem, start, err, st_acts; 1745 1746 memset(attrs, 0, sizeof(attrs)); 1747 nla_for_each_nested(a, attr, rem) { 1748 int type = nla_type(a); 1749 if (!type || type > OVS_SAMPLE_ATTR_MAX || attrs[type]) 1750 return -EINVAL; 1751 attrs[type] = a; 1752 } 1753 if (rem) 1754 return -EINVAL; 1755 1756 probability = attrs[OVS_SAMPLE_ATTR_PROBABILITY]; 1757 if (!probability || nla_len(probability) != sizeof(u32)) 1758 return -EINVAL; 1759 1760 actions = attrs[OVS_SAMPLE_ATTR_ACTIONS]; 1761 if (!actions || (nla_len(actions) && nla_len(actions) < NLA_HDRLEN)) 1762 return -EINVAL; 1763 1764 /* validation done, copy sample action. */ 1765 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SAMPLE, log); 1766 if (start < 0) 1767 return start; 1768 err = ovs_nla_add_action(sfa, OVS_SAMPLE_ATTR_PROBABILITY, 1769 nla_data(probability), sizeof(u32), log); 1770 if (err) 1771 return err; 1772 st_acts = add_nested_action_start(sfa, OVS_SAMPLE_ATTR_ACTIONS, log); 1773 if (st_acts < 0) 1774 return st_acts; 1775 1776 err = __ovs_nla_copy_actions(net, actions, key, depth + 1, sfa, 1777 eth_type, vlan_tci, log); 1778 if (err) 1779 return err; 1780 1781 add_nested_action_end(*sfa, st_acts); 1782 add_nested_action_end(*sfa, start); 1783 1784 return 0; 1785 } 1786 1787 void ovs_match_init(struct sw_flow_match *match, 1788 struct sw_flow_key *key, 1789 struct sw_flow_mask *mask) 1790 { 1791 memset(match, 0, sizeof(*match)); 1792 match->key = key; 1793 match->mask = mask; 1794 1795 memset(key, 0, sizeof(*key)); 1796 1797 if (mask) { 1798 memset(&mask->key, 0, sizeof(mask->key)); 1799 mask->range.start = mask->range.end = 0; 1800 } 1801 } 1802 1803 static int validate_geneve_opts(struct sw_flow_key *key) 1804 { 1805 struct geneve_opt *option; 1806 int opts_len = key->tun_opts_len; 1807 bool crit_opt = false; 1808 1809 option = (struct geneve_opt *)TUN_METADATA_OPTS(key, key->tun_opts_len); 1810 while (opts_len > 0) { 1811 int len; 1812 1813 if (opts_len < sizeof(*option)) 1814 return -EINVAL; 1815 1816 len = sizeof(*option) + option->length * 4; 1817 if (len > opts_len) 1818 return -EINVAL; 1819 1820 crit_opt |= !!(option->type & GENEVE_CRIT_OPT_TYPE); 1821 1822 option = (struct geneve_opt *)((u8 *)option + len); 1823 opts_len -= len; 1824 }; 1825 1826 key->tun_key.tun_flags |= crit_opt ? TUNNEL_CRIT_OPT : 0; 1827 1828 return 0; 1829 } 1830 1831 static int validate_and_copy_set_tun(const struct nlattr *attr, 1832 struct sw_flow_actions **sfa, bool log) 1833 { 1834 struct sw_flow_match match; 1835 struct sw_flow_key key; 1836 struct metadata_dst *tun_dst; 1837 struct ip_tunnel_info *tun_info; 1838 struct ovs_tunnel_info *ovs_tun; 1839 struct nlattr *a; 1840 int err = 0, start, opts_type; 1841 1842 ovs_match_init(&match, &key, NULL); 1843 opts_type = ipv4_tun_from_nlattr(nla_data(attr), &match, false, log); 1844 if (opts_type < 0) 1845 return opts_type; 1846 1847 if (key.tun_opts_len) { 1848 switch (opts_type) { 1849 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS: 1850 err = validate_geneve_opts(&key); 1851 if (err < 0) 1852 return err; 1853 break; 1854 case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS: 1855 break; 1856 } 1857 }; 1858 1859 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SET, log); 1860 if (start < 0) 1861 return start; 1862 1863 tun_dst = metadata_dst_alloc(key.tun_opts_len, GFP_KERNEL); 1864 if (!tun_dst) 1865 return -ENOMEM; 1866 1867 a = __add_action(sfa, OVS_KEY_ATTR_TUNNEL_INFO, NULL, 1868 sizeof(*ovs_tun), log); 1869 if (IS_ERR(a)) { 1870 dst_release((struct dst_entry *)tun_dst); 1871 return PTR_ERR(a); 1872 } 1873 1874 ovs_tun = nla_data(a); 1875 ovs_tun->tun_dst = tun_dst; 1876 1877 tun_info = &tun_dst->u.tun_info; 1878 tun_info->mode = IP_TUNNEL_INFO_TX; 1879 tun_info->key = key.tun_key; 1880 1881 /* We need to store the options in the action itself since 1882 * everything else will go away after flow setup. We can append 1883 * it to tun_info and then point there. 1884 */ 1885 ip_tunnel_info_opts_set(tun_info, 1886 TUN_METADATA_OPTS(&key, key.tun_opts_len), 1887 key.tun_opts_len); 1888 add_nested_action_end(*sfa, start); 1889 1890 return err; 1891 } 1892 1893 /* Return false if there are any non-masked bits set. 1894 * Mask follows data immediately, before any netlink padding. 1895 */ 1896 static bool validate_masked(u8 *data, int len) 1897 { 1898 u8 *mask = data + len; 1899 1900 while (len--) 1901 if (*data++ & ~*mask++) 1902 return false; 1903 1904 return true; 1905 } 1906 1907 static int validate_set(const struct nlattr *a, 1908 const struct sw_flow_key *flow_key, 1909 struct sw_flow_actions **sfa, 1910 bool *skip_copy, __be16 eth_type, bool masked, bool log) 1911 { 1912 const struct nlattr *ovs_key = nla_data(a); 1913 int key_type = nla_type(ovs_key); 1914 size_t key_len; 1915 1916 /* There can be only one key in a action */ 1917 if (nla_total_size(nla_len(ovs_key)) != nla_len(a)) 1918 return -EINVAL; 1919 1920 key_len = nla_len(ovs_key); 1921 if (masked) 1922 key_len /= 2; 1923 1924 if (key_type > OVS_KEY_ATTR_MAX || 1925 (ovs_key_lens[key_type].len != key_len && 1926 ovs_key_lens[key_type].len != OVS_ATTR_NESTED)) 1927 return -EINVAL; 1928 1929 if (masked && !validate_masked(nla_data(ovs_key), key_len)) 1930 return -EINVAL; 1931 1932 switch (key_type) { 1933 const struct ovs_key_ipv4 *ipv4_key; 1934 const struct ovs_key_ipv6 *ipv6_key; 1935 int err; 1936 1937 case OVS_KEY_ATTR_PRIORITY: 1938 case OVS_KEY_ATTR_SKB_MARK: 1939 case OVS_KEY_ATTR_CT_MARK: 1940 case OVS_KEY_ATTR_CT_LABEL: 1941 case OVS_KEY_ATTR_ETHERNET: 1942 break; 1943 1944 case OVS_KEY_ATTR_TUNNEL: 1945 if (eth_p_mpls(eth_type)) 1946 return -EINVAL; 1947 1948 if (masked) 1949 return -EINVAL; /* Masked tunnel set not supported. */ 1950 1951 *skip_copy = true; 1952 err = validate_and_copy_set_tun(a, sfa, log); 1953 if (err) 1954 return err; 1955 break; 1956 1957 case OVS_KEY_ATTR_IPV4: 1958 if (eth_type != htons(ETH_P_IP)) 1959 return -EINVAL; 1960 1961 ipv4_key = nla_data(ovs_key); 1962 1963 if (masked) { 1964 const struct ovs_key_ipv4 *mask = ipv4_key + 1; 1965 1966 /* Non-writeable fields. */ 1967 if (mask->ipv4_proto || mask->ipv4_frag) 1968 return -EINVAL; 1969 } else { 1970 if (ipv4_key->ipv4_proto != flow_key->ip.proto) 1971 return -EINVAL; 1972 1973 if (ipv4_key->ipv4_frag != flow_key->ip.frag) 1974 return -EINVAL; 1975 } 1976 break; 1977 1978 case OVS_KEY_ATTR_IPV6: 1979 if (eth_type != htons(ETH_P_IPV6)) 1980 return -EINVAL; 1981 1982 ipv6_key = nla_data(ovs_key); 1983 1984 if (masked) { 1985 const struct ovs_key_ipv6 *mask = ipv6_key + 1; 1986 1987 /* Non-writeable fields. */ 1988 if (mask->ipv6_proto || mask->ipv6_frag) 1989 return -EINVAL; 1990 1991 /* Invalid bits in the flow label mask? */ 1992 if (ntohl(mask->ipv6_label) & 0xFFF00000) 1993 return -EINVAL; 1994 } else { 1995 if (ipv6_key->ipv6_proto != flow_key->ip.proto) 1996 return -EINVAL; 1997 1998 if (ipv6_key->ipv6_frag != flow_key->ip.frag) 1999 return -EINVAL; 2000 } 2001 if (ntohl(ipv6_key->ipv6_label) & 0xFFF00000) 2002 return -EINVAL; 2003 2004 break; 2005 2006 case OVS_KEY_ATTR_TCP: 2007 if ((eth_type != htons(ETH_P_IP) && 2008 eth_type != htons(ETH_P_IPV6)) || 2009 flow_key->ip.proto != IPPROTO_TCP) 2010 return -EINVAL; 2011 2012 break; 2013 2014 case OVS_KEY_ATTR_UDP: 2015 if ((eth_type != htons(ETH_P_IP) && 2016 eth_type != htons(ETH_P_IPV6)) || 2017 flow_key->ip.proto != IPPROTO_UDP) 2018 return -EINVAL; 2019 2020 break; 2021 2022 case OVS_KEY_ATTR_MPLS: 2023 if (!eth_p_mpls(eth_type)) 2024 return -EINVAL; 2025 break; 2026 2027 case OVS_KEY_ATTR_SCTP: 2028 if ((eth_type != htons(ETH_P_IP) && 2029 eth_type != htons(ETH_P_IPV6)) || 2030 flow_key->ip.proto != IPPROTO_SCTP) 2031 return -EINVAL; 2032 2033 break; 2034 2035 default: 2036 return -EINVAL; 2037 } 2038 2039 /* Convert non-masked non-tunnel set actions to masked set actions. */ 2040 if (!masked && key_type != OVS_KEY_ATTR_TUNNEL) { 2041 int start, len = key_len * 2; 2042 struct nlattr *at; 2043 2044 *skip_copy = true; 2045 2046 start = add_nested_action_start(sfa, 2047 OVS_ACTION_ATTR_SET_TO_MASKED, 2048 log); 2049 if (start < 0) 2050 return start; 2051 2052 at = __add_action(sfa, key_type, NULL, len, log); 2053 if (IS_ERR(at)) 2054 return PTR_ERR(at); 2055 2056 memcpy(nla_data(at), nla_data(ovs_key), key_len); /* Key. */ 2057 memset(nla_data(at) + key_len, 0xff, key_len); /* Mask. */ 2058 /* Clear non-writeable bits from otherwise writeable fields. */ 2059 if (key_type == OVS_KEY_ATTR_IPV6) { 2060 struct ovs_key_ipv6 *mask = nla_data(at) + key_len; 2061 2062 mask->ipv6_label &= htonl(0x000FFFFF); 2063 } 2064 add_nested_action_end(*sfa, start); 2065 } 2066 2067 return 0; 2068 } 2069 2070 static int validate_userspace(const struct nlattr *attr) 2071 { 2072 static const struct nla_policy userspace_policy[OVS_USERSPACE_ATTR_MAX + 1] = { 2073 [OVS_USERSPACE_ATTR_PID] = {.type = NLA_U32 }, 2074 [OVS_USERSPACE_ATTR_USERDATA] = {.type = NLA_UNSPEC }, 2075 [OVS_USERSPACE_ATTR_EGRESS_TUN_PORT] = {.type = NLA_U32 }, 2076 }; 2077 struct nlattr *a[OVS_USERSPACE_ATTR_MAX + 1]; 2078 int error; 2079 2080 error = nla_parse_nested(a, OVS_USERSPACE_ATTR_MAX, 2081 attr, userspace_policy); 2082 if (error) 2083 return error; 2084 2085 if (!a[OVS_USERSPACE_ATTR_PID] || 2086 !nla_get_u32(a[OVS_USERSPACE_ATTR_PID])) 2087 return -EINVAL; 2088 2089 return 0; 2090 } 2091 2092 static int copy_action(const struct nlattr *from, 2093 struct sw_flow_actions **sfa, bool log) 2094 { 2095 int totlen = NLA_ALIGN(from->nla_len); 2096 struct nlattr *to; 2097 2098 to = reserve_sfa_size(sfa, from->nla_len, log); 2099 if (IS_ERR(to)) 2100 return PTR_ERR(to); 2101 2102 memcpy(to, from, totlen); 2103 return 0; 2104 } 2105 2106 static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, 2107 const struct sw_flow_key *key, 2108 int depth, struct sw_flow_actions **sfa, 2109 __be16 eth_type, __be16 vlan_tci, bool log) 2110 { 2111 const struct nlattr *a; 2112 int rem, err; 2113 2114 if (depth >= SAMPLE_ACTION_DEPTH) 2115 return -EOVERFLOW; 2116 2117 nla_for_each_nested(a, attr, rem) { 2118 /* Expected argument lengths, (u32)-1 for variable length. */ 2119 static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = { 2120 [OVS_ACTION_ATTR_OUTPUT] = sizeof(u32), 2121 [OVS_ACTION_ATTR_RECIRC] = sizeof(u32), 2122 [OVS_ACTION_ATTR_USERSPACE] = (u32)-1, 2123 [OVS_ACTION_ATTR_PUSH_MPLS] = sizeof(struct ovs_action_push_mpls), 2124 [OVS_ACTION_ATTR_POP_MPLS] = sizeof(__be16), 2125 [OVS_ACTION_ATTR_PUSH_VLAN] = sizeof(struct ovs_action_push_vlan), 2126 [OVS_ACTION_ATTR_POP_VLAN] = 0, 2127 [OVS_ACTION_ATTR_SET] = (u32)-1, 2128 [OVS_ACTION_ATTR_SET_MASKED] = (u32)-1, 2129 [OVS_ACTION_ATTR_SAMPLE] = (u32)-1, 2130 [OVS_ACTION_ATTR_HASH] = sizeof(struct ovs_action_hash), 2131 [OVS_ACTION_ATTR_CT] = (u32)-1, 2132 }; 2133 const struct ovs_action_push_vlan *vlan; 2134 int type = nla_type(a); 2135 bool skip_copy; 2136 2137 if (type > OVS_ACTION_ATTR_MAX || 2138 (action_lens[type] != nla_len(a) && 2139 action_lens[type] != (u32)-1)) 2140 return -EINVAL; 2141 2142 skip_copy = false; 2143 switch (type) { 2144 case OVS_ACTION_ATTR_UNSPEC: 2145 return -EINVAL; 2146 2147 case OVS_ACTION_ATTR_USERSPACE: 2148 err = validate_userspace(a); 2149 if (err) 2150 return err; 2151 break; 2152 2153 case OVS_ACTION_ATTR_OUTPUT: 2154 if (nla_get_u32(a) >= DP_MAX_PORTS) 2155 return -EINVAL; 2156 break; 2157 2158 case OVS_ACTION_ATTR_HASH: { 2159 const struct ovs_action_hash *act_hash = nla_data(a); 2160 2161 switch (act_hash->hash_alg) { 2162 case OVS_HASH_ALG_L4: 2163 break; 2164 default: 2165 return -EINVAL; 2166 } 2167 2168 break; 2169 } 2170 2171 case OVS_ACTION_ATTR_POP_VLAN: 2172 vlan_tci = htons(0); 2173 break; 2174 2175 case OVS_ACTION_ATTR_PUSH_VLAN: 2176 vlan = nla_data(a); 2177 if (vlan->vlan_tpid != htons(ETH_P_8021Q)) 2178 return -EINVAL; 2179 if (!(vlan->vlan_tci & htons(VLAN_TAG_PRESENT))) 2180 return -EINVAL; 2181 vlan_tci = vlan->vlan_tci; 2182 break; 2183 2184 case OVS_ACTION_ATTR_RECIRC: 2185 break; 2186 2187 case OVS_ACTION_ATTR_PUSH_MPLS: { 2188 const struct ovs_action_push_mpls *mpls = nla_data(a); 2189 2190 if (!eth_p_mpls(mpls->mpls_ethertype)) 2191 return -EINVAL; 2192 /* Prohibit push MPLS other than to a white list 2193 * for packets that have a known tag order. 2194 */ 2195 if (vlan_tci & htons(VLAN_TAG_PRESENT) || 2196 (eth_type != htons(ETH_P_IP) && 2197 eth_type != htons(ETH_P_IPV6) && 2198 eth_type != htons(ETH_P_ARP) && 2199 eth_type != htons(ETH_P_RARP) && 2200 !eth_p_mpls(eth_type))) 2201 return -EINVAL; 2202 eth_type = mpls->mpls_ethertype; 2203 break; 2204 } 2205 2206 case OVS_ACTION_ATTR_POP_MPLS: 2207 if (vlan_tci & htons(VLAN_TAG_PRESENT) || 2208 !eth_p_mpls(eth_type)) 2209 return -EINVAL; 2210 2211 /* Disallow subsequent L2.5+ set and mpls_pop actions 2212 * as there is no check here to ensure that the new 2213 * eth_type is valid and thus set actions could 2214 * write off the end of the packet or otherwise 2215 * corrupt it. 2216 * 2217 * Support for these actions is planned using packet 2218 * recirculation. 2219 */ 2220 eth_type = htons(0); 2221 break; 2222 2223 case OVS_ACTION_ATTR_SET: 2224 err = validate_set(a, key, sfa, 2225 &skip_copy, eth_type, false, log); 2226 if (err) 2227 return err; 2228 break; 2229 2230 case OVS_ACTION_ATTR_SET_MASKED: 2231 err = validate_set(a, key, sfa, 2232 &skip_copy, eth_type, true, log); 2233 if (err) 2234 return err; 2235 break; 2236 2237 case OVS_ACTION_ATTR_SAMPLE: 2238 err = validate_and_copy_sample(net, a, key, depth, sfa, 2239 eth_type, vlan_tci, log); 2240 if (err) 2241 return err; 2242 skip_copy = true; 2243 break; 2244 2245 case OVS_ACTION_ATTR_CT: 2246 err = ovs_ct_copy_action(net, a, key, sfa, log); 2247 if (err) 2248 return err; 2249 skip_copy = true; 2250 break; 2251 2252 default: 2253 OVS_NLERR(log, "Unknown Action type %d", type); 2254 return -EINVAL; 2255 } 2256 if (!skip_copy) { 2257 err = copy_action(a, sfa, log); 2258 if (err) 2259 return err; 2260 } 2261 } 2262 2263 if (rem > 0) 2264 return -EINVAL; 2265 2266 return 0; 2267 } 2268 2269 /* 'key' must be the masked key. */ 2270 int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, 2271 const struct sw_flow_key *key, 2272 struct sw_flow_actions **sfa, bool log) 2273 { 2274 int err; 2275 2276 *sfa = nla_alloc_flow_actions(nla_len(attr), log); 2277 if (IS_ERR(*sfa)) 2278 return PTR_ERR(*sfa); 2279 2280 (*sfa)->orig_len = nla_len(attr); 2281 err = __ovs_nla_copy_actions(net, attr, key, 0, sfa, key->eth.type, 2282 key->eth.tci, log); 2283 if (err) 2284 ovs_nla_free_flow_actions(*sfa); 2285 2286 return err; 2287 } 2288 2289 static int sample_action_to_attr(const struct nlattr *attr, struct sk_buff *skb) 2290 { 2291 const struct nlattr *a; 2292 struct nlattr *start; 2293 int err = 0, rem; 2294 2295 start = nla_nest_start(skb, OVS_ACTION_ATTR_SAMPLE); 2296 if (!start) 2297 return -EMSGSIZE; 2298 2299 nla_for_each_nested(a, attr, rem) { 2300 int type = nla_type(a); 2301 struct nlattr *st_sample; 2302 2303 switch (type) { 2304 case OVS_SAMPLE_ATTR_PROBABILITY: 2305 if (nla_put(skb, OVS_SAMPLE_ATTR_PROBABILITY, 2306 sizeof(u32), nla_data(a))) 2307 return -EMSGSIZE; 2308 break; 2309 case OVS_SAMPLE_ATTR_ACTIONS: 2310 st_sample = nla_nest_start(skb, OVS_SAMPLE_ATTR_ACTIONS); 2311 if (!st_sample) 2312 return -EMSGSIZE; 2313 err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb); 2314 if (err) 2315 return err; 2316 nla_nest_end(skb, st_sample); 2317 break; 2318 } 2319 } 2320 2321 nla_nest_end(skb, start); 2322 return err; 2323 } 2324 2325 static int set_action_to_attr(const struct nlattr *a, struct sk_buff *skb) 2326 { 2327 const struct nlattr *ovs_key = nla_data(a); 2328 int key_type = nla_type(ovs_key); 2329 struct nlattr *start; 2330 int err; 2331 2332 switch (key_type) { 2333 case OVS_KEY_ATTR_TUNNEL_INFO: { 2334 struct ovs_tunnel_info *ovs_tun = nla_data(ovs_key); 2335 struct ip_tunnel_info *tun_info = &ovs_tun->tun_dst->u.tun_info; 2336 2337 start = nla_nest_start(skb, OVS_ACTION_ATTR_SET); 2338 if (!start) 2339 return -EMSGSIZE; 2340 2341 err = ipv4_tun_to_nlattr(skb, &tun_info->key, 2342 tun_info->options_len ? 2343 ip_tunnel_info_opts(tun_info) : NULL, 2344 tun_info->options_len); 2345 if (err) 2346 return err; 2347 nla_nest_end(skb, start); 2348 break; 2349 } 2350 default: 2351 if (nla_put(skb, OVS_ACTION_ATTR_SET, nla_len(a), ovs_key)) 2352 return -EMSGSIZE; 2353 break; 2354 } 2355 2356 return 0; 2357 } 2358 2359 static int masked_set_action_to_set_action_attr(const struct nlattr *a, 2360 struct sk_buff *skb) 2361 { 2362 const struct nlattr *ovs_key = nla_data(a); 2363 struct nlattr *nla; 2364 size_t key_len = nla_len(ovs_key) / 2; 2365 2366 /* Revert the conversion we did from a non-masked set action to 2367 * masked set action. 2368 */ 2369 nla = nla_nest_start(skb, OVS_ACTION_ATTR_SET); 2370 if (!nla) 2371 return -EMSGSIZE; 2372 2373 if (nla_put(skb, nla_type(ovs_key), key_len, nla_data(ovs_key))) 2374 return -EMSGSIZE; 2375 2376 nla_nest_end(skb, nla); 2377 return 0; 2378 } 2379 2380 int ovs_nla_put_actions(const struct nlattr *attr, int len, struct sk_buff *skb) 2381 { 2382 const struct nlattr *a; 2383 int rem, err; 2384 2385 nla_for_each_attr(a, attr, len, rem) { 2386 int type = nla_type(a); 2387 2388 switch (type) { 2389 case OVS_ACTION_ATTR_SET: 2390 err = set_action_to_attr(a, skb); 2391 if (err) 2392 return err; 2393 break; 2394 2395 case OVS_ACTION_ATTR_SET_TO_MASKED: 2396 err = masked_set_action_to_set_action_attr(a, skb); 2397 if (err) 2398 return err; 2399 break; 2400 2401 case OVS_ACTION_ATTR_SAMPLE: 2402 err = sample_action_to_attr(a, skb); 2403 if (err) 2404 return err; 2405 break; 2406 2407 case OVS_ACTION_ATTR_CT: 2408 err = ovs_ct_action_to_attr(nla_data(a), skb); 2409 if (err) 2410 return err; 2411 break; 2412 2413 default: 2414 if (nla_put(skb, type, nla_len(a), nla_data(a))) 2415 return -EMSGSIZE; 2416 break; 2417 } 2418 } 2419 2420 return 0; 2421 } 2422