2
* Copyright (c) 2007-2011 Nicira Networks.
4
* This program is free software; you can redistribute it and/or
5
* modify it under the terms of version 2 of the GNU General Public
6
* License as published by the Free Software Foundation.
8
* This program is distributed in the hope that it will be useful, but
9
* WITHOUT ANY WARRANTY; without even the implied warranty of
10
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11
* General Public License for more details.
13
* You should have received a copy of the GNU General Public License
14
* along with this program; if not, write to the Free Software
15
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21
#include <linux/uaccess.h>
22
#include <linux/netdevice.h>
23
#include <linux/etherdevice.h>
24
#include <linux/if_ether.h>
25
#include <linux/if_vlan.h>
26
#include <net/llc_pdu.h>
27
#include <linux/kernel.h>
28
#include <linux/jhash.h>
29
#include <linux/jiffies.h>
30
#include <linux/llc.h>
31
#include <linux/module.h>
33
#include <linux/rcupdate.h>
34
#include <linux/if_arp.h>
35
#include <linux/if_ether.h>
37
#include <linux/ipv6.h>
38
#include <linux/tcp.h>
39
#include <linux/udp.h>
40
#include <linux/icmp.h>
41
#include <linux/icmpv6.h>
42
#include <linux/rculist.h>
45
#include <net/ndisc.h>
49
static struct kmem_cache *flow_cache;
50
static unsigned int hash_seed __read_mostly;
52
static int check_header(struct sk_buff *skb, int len)
54
if (unlikely(skb->len < len))
56
if (unlikely(!pskb_may_pull(skb, len)))
61
static bool arphdr_ok(struct sk_buff *skb)
63
return pskb_may_pull(skb, skb_network_offset(skb) +
64
sizeof(struct arp_eth_header));
67
static int check_iphdr(struct sk_buff *skb)
69
unsigned int nh_ofs = skb_network_offset(skb);
73
err = check_header(skb, nh_ofs + sizeof(struct iphdr));
77
ip_len = ip_hdrlen(skb);
78
if (unlikely(ip_len < sizeof(struct iphdr) ||
79
skb->len < nh_ofs + ip_len))
82
skb_set_transport_header(skb, nh_ofs + ip_len);
86
static bool tcphdr_ok(struct sk_buff *skb)
88
int th_ofs = skb_transport_offset(skb);
91
if (unlikely(!pskb_may_pull(skb, th_ofs + sizeof(struct tcphdr))))
94
tcp_len = tcp_hdrlen(skb);
95
if (unlikely(tcp_len < sizeof(struct tcphdr) ||
96
skb->len < th_ofs + tcp_len))
102
static bool udphdr_ok(struct sk_buff *skb)
104
return pskb_may_pull(skb, skb_transport_offset(skb) +
105
sizeof(struct udphdr));
108
static bool icmphdr_ok(struct sk_buff *skb)
110
return pskb_may_pull(skb, skb_transport_offset(skb) +
111
sizeof(struct icmphdr));
114
u64 ovs_flow_used_time(unsigned long flow_jiffies)
116
struct timespec cur_ts;
119
ktime_get_ts(&cur_ts);
120
idle_ms = jiffies_to_msecs(jiffies - flow_jiffies);
121
cur_ms = (u64)cur_ts.tv_sec * MSEC_PER_SEC +
122
cur_ts.tv_nsec / NSEC_PER_MSEC;
124
return cur_ms - idle_ms;
127
#define SW_FLOW_KEY_OFFSET(field) \
128
(offsetof(struct sw_flow_key, field) + \
129
FIELD_SIZEOF(struct sw_flow_key, field))
131
static int parse_ipv6hdr(struct sk_buff *skb, struct sw_flow_key *key,
134
unsigned int nh_ofs = skb_network_offset(skb);
142
*key_lenp = SW_FLOW_KEY_OFFSET(ipv6.label);
144
err = check_header(skb, nh_ofs + sizeof(*nh));
149
nexthdr = nh->nexthdr;
150
payload_ofs = (u8 *)(nh + 1) - skb->data;
152
key->ip.proto = NEXTHDR_NONE;
153
key->ip.tos = ipv6_get_dsfield(nh);
154
key->ip.ttl = nh->hop_limit;
155
key->ipv6.label = *(__be32 *)nh & htonl(IPV6_FLOWINFO_FLOWLABEL);
156
key->ipv6.addr.src = nh->saddr;
157
key->ipv6.addr.dst = nh->daddr;
159
payload_ofs = ipv6_skip_exthdr(skb, payload_ofs, &nexthdr, &frag_off);
160
if (unlikely(payload_ofs < 0))
164
if (frag_off & htons(~0x7))
165
key->ip.frag = OVS_FRAG_TYPE_LATER;
167
key->ip.frag = OVS_FRAG_TYPE_FIRST;
170
nh_len = payload_ofs - nh_ofs;
171
skb_set_transport_header(skb, nh_ofs + nh_len);
172
key->ip.proto = nexthdr;
176
static bool icmp6hdr_ok(struct sk_buff *skb)
178
return pskb_may_pull(skb, skb_transport_offset(skb) +
179
sizeof(struct icmp6hdr));
182
#define TCP_FLAGS_OFFSET 13
183
#define TCP_FLAG_MASK 0x3f
185
void ovs_flow_used(struct sw_flow *flow, struct sk_buff *skb)
189
if (flow->key.eth.type == htons(ETH_P_IP) &&
190
flow->key.ip.proto == IPPROTO_TCP) {
191
u8 *tcp = (u8 *)tcp_hdr(skb);
192
tcp_flags = *(tcp + TCP_FLAGS_OFFSET) & TCP_FLAG_MASK;
195
spin_lock(&flow->lock);
196
flow->used = jiffies;
197
flow->packet_count++;
198
flow->byte_count += skb->len;
199
flow->tcp_flags |= tcp_flags;
200
spin_unlock(&flow->lock);
203
struct sw_flow_actions *ovs_flow_actions_alloc(const struct nlattr *actions)
205
int actions_len = nla_len(actions);
206
struct sw_flow_actions *sfa;
208
/* At least DP_MAX_PORTS actions are required to be able to flood a
209
* packet to every port. Factor of 2 allows for setting VLAN tags,
211
if (actions_len > 2 * DP_MAX_PORTS * nla_total_size(4))
212
return ERR_PTR(-EINVAL);
214
sfa = kmalloc(sizeof(*sfa) + actions_len, GFP_KERNEL);
216
return ERR_PTR(-ENOMEM);
218
sfa->actions_len = actions_len;
219
memcpy(sfa->actions, nla_data(actions), actions_len);
223
struct sw_flow *ovs_flow_alloc(void)
225
struct sw_flow *flow;
227
flow = kmem_cache_alloc(flow_cache, GFP_KERNEL);
229
return ERR_PTR(-ENOMEM);
231
spin_lock_init(&flow->lock);
232
atomic_set(&flow->refcnt, 1);
233
flow->sf_acts = NULL;
239
static struct hlist_head *find_bucket(struct flow_table *table, u32 hash)
241
return flex_array_get(table->buckets,
242
(hash & (table->n_buckets - 1)));
245
static struct flex_array *alloc_buckets(unsigned int n_buckets)
247
struct flex_array *buckets;
250
buckets = flex_array_alloc(sizeof(struct hlist_head *),
251
n_buckets, GFP_KERNEL);
255
err = flex_array_prealloc(buckets, 0, n_buckets, GFP_KERNEL);
257
flex_array_free(buckets);
261
for (i = 0; i < n_buckets; i++)
262
INIT_HLIST_HEAD((struct hlist_head *)
263
flex_array_get(buckets, i));
268
static void free_buckets(struct flex_array *buckets)
270
flex_array_free(buckets);
273
struct flow_table *ovs_flow_tbl_alloc(int new_size)
275
struct flow_table *table = kmalloc(sizeof(*table), GFP_KERNEL);
280
table->buckets = alloc_buckets(new_size);
282
if (!table->buckets) {
286
table->n_buckets = new_size;
292
static void flow_free(struct sw_flow *flow)
298
void ovs_flow_tbl_destroy(struct flow_table *table)
305
for (i = 0; i < table->n_buckets; i++) {
306
struct sw_flow *flow;
307
struct hlist_head *head = flex_array_get(table->buckets, i);
308
struct hlist_node *node, *n;
310
hlist_for_each_entry_safe(flow, node, n, head, hash_node) {
311
hlist_del_init_rcu(&flow->hash_node);
316
free_buckets(table->buckets);
320
static void flow_tbl_destroy_rcu_cb(struct rcu_head *rcu)
322
struct flow_table *table = container_of(rcu, struct flow_table, rcu);
324
ovs_flow_tbl_destroy(table);
327
void ovs_flow_tbl_deferred_destroy(struct flow_table *table)
332
call_rcu(&table->rcu, flow_tbl_destroy_rcu_cb);
335
struct sw_flow *ovs_flow_tbl_next(struct flow_table *table, u32 *bucket, u32 *last)
337
struct sw_flow *flow;
338
struct hlist_head *head;
339
struct hlist_node *n;
342
while (*bucket < table->n_buckets) {
344
head = flex_array_get(table->buckets, *bucket);
345
hlist_for_each_entry_rcu(flow, n, head, hash_node) {
360
struct flow_table *ovs_flow_tbl_expand(struct flow_table *table)
362
struct flow_table *new_table;
363
int n_buckets = table->n_buckets * 2;
366
new_table = ovs_flow_tbl_alloc(n_buckets);
368
return ERR_PTR(-ENOMEM);
370
for (i = 0; i < table->n_buckets; i++) {
371
struct sw_flow *flow;
372
struct hlist_head *head;
373
struct hlist_node *n, *pos;
375
head = flex_array_get(table->buckets, i);
377
hlist_for_each_entry_safe(flow, n, pos, head, hash_node) {
378
hlist_del_init_rcu(&flow->hash_node);
379
ovs_flow_tbl_insert(new_table, flow);
386
/* RCU callback used by ovs_flow_deferred_free. */
387
static void rcu_free_flow_callback(struct rcu_head *rcu)
389
struct sw_flow *flow = container_of(rcu, struct sw_flow, rcu);
395
/* Schedules 'flow' to be freed after the next RCU grace period.
396
* The caller must hold rcu_read_lock for this to be sensible. */
397
void ovs_flow_deferred_free(struct sw_flow *flow)
399
call_rcu(&flow->rcu, rcu_free_flow_callback);
402
void ovs_flow_hold(struct sw_flow *flow)
404
atomic_inc(&flow->refcnt);
407
void ovs_flow_put(struct sw_flow *flow)
412
if (atomic_dec_and_test(&flow->refcnt)) {
413
kfree((struct sf_flow_acts __force *)flow->sf_acts);
414
kmem_cache_free(flow_cache, flow);
418
/* RCU callback used by ovs_flow_deferred_free_acts. */
419
static void rcu_free_acts_callback(struct rcu_head *rcu)
421
struct sw_flow_actions *sf_acts = container_of(rcu,
422
struct sw_flow_actions, rcu);
426
/* Schedules 'sf_acts' to be freed after the next RCU grace period.
427
* The caller must hold rcu_read_lock for this to be sensible. */
428
void ovs_flow_deferred_free_acts(struct sw_flow_actions *sf_acts)
430
call_rcu(&sf_acts->rcu, rcu_free_acts_callback);
433
static int parse_vlan(struct sk_buff *skb, struct sw_flow_key *key)
436
__be16 eth_type; /* ETH_P_8021Q */
439
struct qtag_prefix *qp;
441
if (unlikely(skb->len < sizeof(struct qtag_prefix) + sizeof(__be16)))
444
if (unlikely(!pskb_may_pull(skb, sizeof(struct qtag_prefix) +
448
qp = (struct qtag_prefix *) skb->data;
449
key->eth.tci = qp->tci | htons(VLAN_TAG_PRESENT);
450
__skb_pull(skb, sizeof(struct qtag_prefix));
455
static __be16 parse_ethertype(struct sk_buff *skb)
457
struct llc_snap_hdr {
458
u8 dsap; /* Always 0xAA */
459
u8 ssap; /* Always 0xAA */
464
struct llc_snap_hdr *llc;
467
proto = *(__be16 *) skb->data;
468
__skb_pull(skb, sizeof(__be16));
470
if (ntohs(proto) >= 1536)
473
if (skb->len < sizeof(struct llc_snap_hdr))
474
return htons(ETH_P_802_2);
476
if (unlikely(!pskb_may_pull(skb, sizeof(struct llc_snap_hdr))))
479
llc = (struct llc_snap_hdr *) skb->data;
480
if (llc->dsap != LLC_SAP_SNAP ||
481
llc->ssap != LLC_SAP_SNAP ||
482
(llc->oui[0] | llc->oui[1] | llc->oui[2]) != 0)
483
return htons(ETH_P_802_2);
485
__skb_pull(skb, sizeof(struct llc_snap_hdr));
486
return llc->ethertype;
489
static int parse_icmpv6(struct sk_buff *skb, struct sw_flow_key *key,
490
int *key_lenp, int nh_len)
492
struct icmp6hdr *icmp = icmp6_hdr(skb);
496
/* The ICMPv6 type and code fields use the 16-bit transport port
497
* fields, so we need to store them in 16-bit network byte order.
499
key->ipv6.tp.src = htons(icmp->icmp6_type);
500
key->ipv6.tp.dst = htons(icmp->icmp6_code);
501
key_len = SW_FLOW_KEY_OFFSET(ipv6.tp);
503
if (icmp->icmp6_code == 0 &&
504
(icmp->icmp6_type == NDISC_NEIGHBOUR_SOLICITATION ||
505
icmp->icmp6_type == NDISC_NEIGHBOUR_ADVERTISEMENT)) {
506
int icmp_len = skb->len - skb_transport_offset(skb);
510
key_len = SW_FLOW_KEY_OFFSET(ipv6.nd);
512
/* In order to process neighbor discovery options, we need the
515
if (unlikely(icmp_len < sizeof(*nd)))
517
if (unlikely(skb_linearize(skb))) {
522
nd = (struct nd_msg *)skb_transport_header(skb);
523
key->ipv6.nd.target = nd->target;
524
key_len = SW_FLOW_KEY_OFFSET(ipv6.nd);
526
icmp_len -= sizeof(*nd);
528
while (icmp_len >= 8) {
529
struct nd_opt_hdr *nd_opt =
530
(struct nd_opt_hdr *)(nd->opt + offset);
531
int opt_len = nd_opt->nd_opt_len * 8;
533
if (unlikely(!opt_len || opt_len > icmp_len))
536
/* Store the link layer address if the appropriate
537
* option is provided. It is considered an error if
538
* the same link layer option is specified twice.
540
if (nd_opt->nd_opt_type == ND_OPT_SOURCE_LL_ADDR
542
if (unlikely(!is_zero_ether_addr(key->ipv6.nd.sll)))
544
memcpy(key->ipv6.nd.sll,
545
&nd->opt[offset+sizeof(*nd_opt)], ETH_ALEN);
546
} else if (nd_opt->nd_opt_type == ND_OPT_TARGET_LL_ADDR
548
if (unlikely(!is_zero_ether_addr(key->ipv6.nd.tll)))
550
memcpy(key->ipv6.nd.tll,
551
&nd->opt[offset+sizeof(*nd_opt)], ETH_ALEN);
562
memset(&key->ipv6.nd.target, 0, sizeof(key->ipv6.nd.target));
563
memset(key->ipv6.nd.sll, 0, sizeof(key->ipv6.nd.sll));
564
memset(key->ipv6.nd.tll, 0, sizeof(key->ipv6.nd.tll));
572
* ovs_flow_extract - extracts a flow key from an Ethernet frame.
573
* @skb: sk_buff that contains the frame, with skb->data pointing to the
575
* @in_port: port number on which @skb was received.
576
* @key: output flow key
577
* @key_lenp: length of output flow key
579
* The caller must ensure that skb->len >= ETH_HLEN.
581
* Returns 0 if successful, otherwise a negative errno value.
583
* Initializes @skb header pointers as follows:
585
* - skb->mac_header: the Ethernet header.
587
* - skb->network_header: just past the Ethernet header, or just past the
588
* VLAN header, to the first byte of the Ethernet payload.
590
* - skb->transport_header: If key->dl_type is ETH_P_IP or ETH_P_IPV6
591
* on output, then just past the IP header, if one is present and
592
* of a correct length, otherwise the same as skb->network_header.
593
* For other key->dl_type values it is left untouched.
595
int ovs_flow_extract(struct sk_buff *skb, u16 in_port, struct sw_flow_key *key,
599
int key_len = SW_FLOW_KEY_OFFSET(eth);
602
memset(key, 0, sizeof(*key));
604
key->phy.priority = skb->priority;
605
key->phy.tun_id = OVS_CB(skb)->tun_id;
606
key->phy.in_port = in_port;
608
skb_reset_mac_header(skb);
610
/* Link layer. We are guaranteed to have at least the 14 byte Ethernet
611
* header in the linear data area.
614
memcpy(key->eth.src, eth->h_source, ETH_ALEN);
615
memcpy(key->eth.dst, eth->h_dest, ETH_ALEN);
617
__skb_pull(skb, 2 * ETH_ALEN);
619
if (vlan_tx_tag_present(skb))
620
key->eth.tci = htons(vlan_get_tci(skb));
621
else if (eth->h_proto == htons(ETH_P_8021Q))
622
if (unlikely(parse_vlan(skb, key)))
625
key->eth.type = parse_ethertype(skb);
626
if (unlikely(key->eth.type == htons(0)))
629
skb_reset_network_header(skb);
630
__skb_push(skb, skb->data - skb_mac_header(skb));
633
if (key->eth.type == htons(ETH_P_IP)) {
637
key_len = SW_FLOW_KEY_OFFSET(ipv4.addr);
639
error = check_iphdr(skb);
640
if (unlikely(error)) {
641
if (error == -EINVAL) {
642
skb->transport_header = skb->network_header;
649
key->ipv4.addr.src = nh->saddr;
650
key->ipv4.addr.dst = nh->daddr;
652
key->ip.proto = nh->protocol;
653
key->ip.tos = nh->tos;
654
key->ip.ttl = nh->ttl;
656
offset = nh->frag_off & htons(IP_OFFSET);
658
key->ip.frag = OVS_FRAG_TYPE_LATER;
661
if (nh->frag_off & htons(IP_MF) ||
662
skb_shinfo(skb)->gso_type & SKB_GSO_UDP)
663
key->ip.frag = OVS_FRAG_TYPE_FIRST;
665
/* Transport layer. */
666
if (key->ip.proto == IPPROTO_TCP) {
667
key_len = SW_FLOW_KEY_OFFSET(ipv4.tp);
668
if (tcphdr_ok(skb)) {
669
struct tcphdr *tcp = tcp_hdr(skb);
670
key->ipv4.tp.src = tcp->source;
671
key->ipv4.tp.dst = tcp->dest;
673
} else if (key->ip.proto == IPPROTO_UDP) {
674
key_len = SW_FLOW_KEY_OFFSET(ipv4.tp);
675
if (udphdr_ok(skb)) {
676
struct udphdr *udp = udp_hdr(skb);
677
key->ipv4.tp.src = udp->source;
678
key->ipv4.tp.dst = udp->dest;
680
} else if (key->ip.proto == IPPROTO_ICMP) {
681
key_len = SW_FLOW_KEY_OFFSET(ipv4.tp);
682
if (icmphdr_ok(skb)) {
683
struct icmphdr *icmp = icmp_hdr(skb);
684
/* The ICMP type and code fields use the 16-bit
685
* transport port fields, so we need to store
686
* them in 16-bit network byte order. */
687
key->ipv4.tp.src = htons(icmp->type);
688
key->ipv4.tp.dst = htons(icmp->code);
692
} else if (key->eth.type == htons(ETH_P_ARP) && arphdr_ok(skb)) {
693
struct arp_eth_header *arp;
695
arp = (struct arp_eth_header *)skb_network_header(skb);
697
if (arp->ar_hrd == htons(ARPHRD_ETHER)
698
&& arp->ar_pro == htons(ETH_P_IP)
699
&& arp->ar_hln == ETH_ALEN
700
&& arp->ar_pln == 4) {
702
/* We only match on the lower 8 bits of the opcode. */
703
if (ntohs(arp->ar_op) <= 0xff)
704
key->ip.proto = ntohs(arp->ar_op);
706
if (key->ip.proto == ARPOP_REQUEST
707
|| key->ip.proto == ARPOP_REPLY) {
708
memcpy(&key->ipv4.addr.src, arp->ar_sip, sizeof(key->ipv4.addr.src));
709
memcpy(&key->ipv4.addr.dst, arp->ar_tip, sizeof(key->ipv4.addr.dst));
710
memcpy(key->ipv4.arp.sha, arp->ar_sha, ETH_ALEN);
711
memcpy(key->ipv4.arp.tha, arp->ar_tha, ETH_ALEN);
712
key_len = SW_FLOW_KEY_OFFSET(ipv4.arp);
715
} else if (key->eth.type == htons(ETH_P_IPV6)) {
716
int nh_len; /* IPv6 Header + Extensions */
718
nh_len = parse_ipv6hdr(skb, key, &key_len);
719
if (unlikely(nh_len < 0)) {
720
if (nh_len == -EINVAL)
721
skb->transport_header = skb->network_header;
727
if (key->ip.frag == OVS_FRAG_TYPE_LATER)
729
if (skb_shinfo(skb)->gso_type & SKB_GSO_UDP)
730
key->ip.frag = OVS_FRAG_TYPE_FIRST;
732
/* Transport layer. */
733
if (key->ip.proto == NEXTHDR_TCP) {
734
key_len = SW_FLOW_KEY_OFFSET(ipv6.tp);
735
if (tcphdr_ok(skb)) {
736
struct tcphdr *tcp = tcp_hdr(skb);
737
key->ipv6.tp.src = tcp->source;
738
key->ipv6.tp.dst = tcp->dest;
740
} else if (key->ip.proto == NEXTHDR_UDP) {
741
key_len = SW_FLOW_KEY_OFFSET(ipv6.tp);
742
if (udphdr_ok(skb)) {
743
struct udphdr *udp = udp_hdr(skb);
744
key->ipv6.tp.src = udp->source;
745
key->ipv6.tp.dst = udp->dest;
747
} else if (key->ip.proto == NEXTHDR_ICMP) {
748
key_len = SW_FLOW_KEY_OFFSET(ipv6.tp);
749
if (icmp6hdr_ok(skb)) {
750
error = parse_icmpv6(skb, key, &key_len, nh_len);
762
u32 ovs_flow_hash(const struct sw_flow_key *key, int key_len)
764
return jhash2((u32 *)key, DIV_ROUND_UP(key_len, sizeof(u32)), hash_seed);
767
struct sw_flow *ovs_flow_tbl_lookup(struct flow_table *table,
768
struct sw_flow_key *key, int key_len)
770
struct sw_flow *flow;
771
struct hlist_node *n;
772
struct hlist_head *head;
775
hash = ovs_flow_hash(key, key_len);
777
head = find_bucket(table, hash);
778
hlist_for_each_entry_rcu(flow, n, head, hash_node) {
780
if (flow->hash == hash &&
781
!memcmp(&flow->key, key, key_len)) {
788
void ovs_flow_tbl_insert(struct flow_table *table, struct sw_flow *flow)
790
struct hlist_head *head;
792
head = find_bucket(table, flow->hash);
793
hlist_add_head_rcu(&flow->hash_node, head);
797
void ovs_flow_tbl_remove(struct flow_table *table, struct sw_flow *flow)
799
if (!hlist_unhashed(&flow->hash_node)) {
800
hlist_del_init_rcu(&flow->hash_node);
802
BUG_ON(table->count < 0);
806
/* The size of the argument for each %OVS_KEY_ATTR_* Netlink attribute. */
807
const int ovs_key_lens[OVS_KEY_ATTR_MAX + 1] = {
808
[OVS_KEY_ATTR_ENCAP] = -1,
809
[OVS_KEY_ATTR_PRIORITY] = sizeof(u32),
810
[OVS_KEY_ATTR_IN_PORT] = sizeof(u32),
811
[OVS_KEY_ATTR_ETHERNET] = sizeof(struct ovs_key_ethernet),
812
[OVS_KEY_ATTR_VLAN] = sizeof(__be16),
813
[OVS_KEY_ATTR_ETHERTYPE] = sizeof(__be16),
814
[OVS_KEY_ATTR_IPV4] = sizeof(struct ovs_key_ipv4),
815
[OVS_KEY_ATTR_IPV6] = sizeof(struct ovs_key_ipv6),
816
[OVS_KEY_ATTR_TCP] = sizeof(struct ovs_key_tcp),
817
[OVS_KEY_ATTR_UDP] = sizeof(struct ovs_key_udp),
818
[OVS_KEY_ATTR_ICMP] = sizeof(struct ovs_key_icmp),
819
[OVS_KEY_ATTR_ICMPV6] = sizeof(struct ovs_key_icmpv6),
820
[OVS_KEY_ATTR_ARP] = sizeof(struct ovs_key_arp),
821
[OVS_KEY_ATTR_ND] = sizeof(struct ovs_key_nd),
824
[OVS_KEY_ATTR_TUN_ID] = sizeof(__be64),
827
static int ipv4_flow_from_nlattrs(struct sw_flow_key *swkey, int *key_len,
828
const struct nlattr *a[], u64 *attrs)
830
const struct ovs_key_icmp *icmp_key;
831
const struct ovs_key_tcp *tcp_key;
832
const struct ovs_key_udp *udp_key;
834
switch (swkey->ip.proto) {
836
if (!(*attrs & (1 << OVS_KEY_ATTR_TCP)))
838
*attrs &= ~(1 << OVS_KEY_ATTR_TCP);
840
*key_len = SW_FLOW_KEY_OFFSET(ipv4.tp);
841
tcp_key = nla_data(a[OVS_KEY_ATTR_TCP]);
842
swkey->ipv4.tp.src = tcp_key->tcp_src;
843
swkey->ipv4.tp.dst = tcp_key->tcp_dst;
847
if (!(*attrs & (1 << OVS_KEY_ATTR_UDP)))
849
*attrs &= ~(1 << OVS_KEY_ATTR_UDP);
851
*key_len = SW_FLOW_KEY_OFFSET(ipv4.tp);
852
udp_key = nla_data(a[OVS_KEY_ATTR_UDP]);
853
swkey->ipv4.tp.src = udp_key->udp_src;
854
swkey->ipv4.tp.dst = udp_key->udp_dst;
858
if (!(*attrs & (1 << OVS_KEY_ATTR_ICMP)))
860
*attrs &= ~(1 << OVS_KEY_ATTR_ICMP);
862
*key_len = SW_FLOW_KEY_OFFSET(ipv4.tp);
863
icmp_key = nla_data(a[OVS_KEY_ATTR_ICMP]);
864
swkey->ipv4.tp.src = htons(icmp_key->icmp_type);
865
swkey->ipv4.tp.dst = htons(icmp_key->icmp_code);
872
static int ipv6_flow_from_nlattrs(struct sw_flow_key *swkey, int *key_len,
873
const struct nlattr *a[], u64 *attrs)
875
const struct ovs_key_icmpv6 *icmpv6_key;
876
const struct ovs_key_tcp *tcp_key;
877
const struct ovs_key_udp *udp_key;
879
switch (swkey->ip.proto) {
881
if (!(*attrs & (1 << OVS_KEY_ATTR_TCP)))
883
*attrs &= ~(1 << OVS_KEY_ATTR_TCP);
885
*key_len = SW_FLOW_KEY_OFFSET(ipv6.tp);
886
tcp_key = nla_data(a[OVS_KEY_ATTR_TCP]);
887
swkey->ipv6.tp.src = tcp_key->tcp_src;
888
swkey->ipv6.tp.dst = tcp_key->tcp_dst;
892
if (!(*attrs & (1 << OVS_KEY_ATTR_UDP)))
894
*attrs &= ~(1 << OVS_KEY_ATTR_UDP);
896
*key_len = SW_FLOW_KEY_OFFSET(ipv6.tp);
897
udp_key = nla_data(a[OVS_KEY_ATTR_UDP]);
898
swkey->ipv6.tp.src = udp_key->udp_src;
899
swkey->ipv6.tp.dst = udp_key->udp_dst;
903
if (!(*attrs & (1 << OVS_KEY_ATTR_ICMPV6)))
905
*attrs &= ~(1 << OVS_KEY_ATTR_ICMPV6);
907
*key_len = SW_FLOW_KEY_OFFSET(ipv6.tp);
908
icmpv6_key = nla_data(a[OVS_KEY_ATTR_ICMPV6]);
909
swkey->ipv6.tp.src = htons(icmpv6_key->icmpv6_type);
910
swkey->ipv6.tp.dst = htons(icmpv6_key->icmpv6_code);
912
if (swkey->ipv6.tp.src == htons(NDISC_NEIGHBOUR_SOLICITATION) ||
913
swkey->ipv6.tp.src == htons(NDISC_NEIGHBOUR_ADVERTISEMENT)) {
914
const struct ovs_key_nd *nd_key;
916
if (!(*attrs & (1 << OVS_KEY_ATTR_ND)))
918
*attrs &= ~(1 << OVS_KEY_ATTR_ND);
920
*key_len = SW_FLOW_KEY_OFFSET(ipv6.nd);
921
nd_key = nla_data(a[OVS_KEY_ATTR_ND]);
922
memcpy(&swkey->ipv6.nd.target, nd_key->nd_target,
923
sizeof(swkey->ipv6.nd.target));
924
memcpy(swkey->ipv6.nd.sll, nd_key->nd_sll, ETH_ALEN);
925
memcpy(swkey->ipv6.nd.tll, nd_key->nd_tll, ETH_ALEN);
933
static int parse_flow_nlattrs(const struct nlattr *attr,
934
const struct nlattr *a[], u64 *attrsp)
936
const struct nlattr *nla;
941
nla_for_each_nested(nla, attr, rem) {
942
u16 type = nla_type(nla);
945
if (type > OVS_KEY_ATTR_MAX || attrs & (1ULL << type))
948
expected_len = ovs_key_lens[type];
949
if (nla_len(nla) != expected_len && expected_len != -1)
952
attrs |= 1ULL << type;
963
* ovs_flow_from_nlattrs - parses Netlink attributes into a flow key.
964
* @swkey: receives the extracted flow key.
965
* @key_lenp: number of bytes used in @swkey.
966
* @attr: Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink attribute
969
int ovs_flow_from_nlattrs(struct sw_flow_key *swkey, int *key_lenp,
970
const struct nlattr *attr)
972
const struct nlattr *a[OVS_KEY_ATTR_MAX + 1];
973
const struct ovs_key_ethernet *eth_key;
978
memset(swkey, 0, sizeof(struct sw_flow_key));
979
key_len = SW_FLOW_KEY_OFFSET(eth);
981
err = parse_flow_nlattrs(attr, a, &attrs);
985
/* Metadata attributes. */
986
if (attrs & (1 << OVS_KEY_ATTR_PRIORITY)) {
987
swkey->phy.priority = nla_get_u32(a[OVS_KEY_ATTR_PRIORITY]);
988
attrs &= ~(1 << OVS_KEY_ATTR_PRIORITY);
990
if (attrs & (1 << OVS_KEY_ATTR_IN_PORT)) {
991
u32 in_port = nla_get_u32(a[OVS_KEY_ATTR_IN_PORT]);
992
if (in_port >= DP_MAX_PORTS)
994
swkey->phy.in_port = in_port;
995
attrs &= ~(1 << OVS_KEY_ATTR_IN_PORT);
997
swkey->phy.in_port = USHRT_MAX;
1000
if (attrs & (1ULL << OVS_KEY_ATTR_TUN_ID)) {
1001
swkey->phy.tun_id = nla_get_be64(a[OVS_KEY_ATTR_TUN_ID]);
1002
attrs &= ~(1ULL << OVS_KEY_ATTR_TUN_ID);
1005
/* Data attributes. */
1006
if (!(attrs & (1 << OVS_KEY_ATTR_ETHERNET)))
1008
attrs &= ~(1 << OVS_KEY_ATTR_ETHERNET);
1010
eth_key = nla_data(a[OVS_KEY_ATTR_ETHERNET]);
1011
memcpy(swkey->eth.src, eth_key->eth_src, ETH_ALEN);
1012
memcpy(swkey->eth.dst, eth_key->eth_dst, ETH_ALEN);
1014
if (attrs & (1u << OVS_KEY_ATTR_ETHERTYPE) &&
1015
nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]) == htons(ETH_P_8021Q)) {
1016
const struct nlattr *encap;
1019
if (attrs != ((1 << OVS_KEY_ATTR_VLAN) |
1020
(1 << OVS_KEY_ATTR_ETHERTYPE) |
1021
(1 << OVS_KEY_ATTR_ENCAP)))
1024
encap = a[OVS_KEY_ATTR_ENCAP];
1025
tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
1026
if (tci & htons(VLAN_TAG_PRESENT)) {
1027
swkey->eth.tci = tci;
1029
err = parse_flow_nlattrs(encap, a, &attrs);
1033
/* Corner case for truncated 802.1Q header. */
1037
swkey->eth.type = htons(ETH_P_8021Q);
1038
*key_lenp = key_len;
1045
if (attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) {
1046
swkey->eth.type = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
1047
if (ntohs(swkey->eth.type) < 1536)
1049
attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE);
1051
swkey->eth.type = htons(ETH_P_802_2);
1054
if (swkey->eth.type == htons(ETH_P_IP)) {
1055
const struct ovs_key_ipv4 *ipv4_key;
1057
if (!(attrs & (1 << OVS_KEY_ATTR_IPV4)))
1059
attrs &= ~(1 << OVS_KEY_ATTR_IPV4);
1061
key_len = SW_FLOW_KEY_OFFSET(ipv4.addr);
1062
ipv4_key = nla_data(a[OVS_KEY_ATTR_IPV4]);
1063
if (ipv4_key->ipv4_frag > OVS_FRAG_TYPE_MAX)
1065
swkey->ip.proto = ipv4_key->ipv4_proto;
1066
swkey->ip.tos = ipv4_key->ipv4_tos;
1067
swkey->ip.ttl = ipv4_key->ipv4_ttl;
1068
swkey->ip.frag = ipv4_key->ipv4_frag;
1069
swkey->ipv4.addr.src = ipv4_key->ipv4_src;
1070
swkey->ipv4.addr.dst = ipv4_key->ipv4_dst;
1072
if (swkey->ip.frag != OVS_FRAG_TYPE_LATER) {
1073
err = ipv4_flow_from_nlattrs(swkey, &key_len, a, &attrs);
1077
} else if (swkey->eth.type == htons(ETH_P_IPV6)) {
1078
const struct ovs_key_ipv6 *ipv6_key;
1080
if (!(attrs & (1 << OVS_KEY_ATTR_IPV6)))
1082
attrs &= ~(1 << OVS_KEY_ATTR_IPV6);
1084
key_len = SW_FLOW_KEY_OFFSET(ipv6.label);
1085
ipv6_key = nla_data(a[OVS_KEY_ATTR_IPV6]);
1086
if (ipv6_key->ipv6_frag > OVS_FRAG_TYPE_MAX)
1088
swkey->ipv6.label = ipv6_key->ipv6_label;
1089
swkey->ip.proto = ipv6_key->ipv6_proto;
1090
swkey->ip.tos = ipv6_key->ipv6_tclass;
1091
swkey->ip.ttl = ipv6_key->ipv6_hlimit;
1092
swkey->ip.frag = ipv6_key->ipv6_frag;
1093
memcpy(&swkey->ipv6.addr.src, ipv6_key->ipv6_src,
1094
sizeof(swkey->ipv6.addr.src));
1095
memcpy(&swkey->ipv6.addr.dst, ipv6_key->ipv6_dst,
1096
sizeof(swkey->ipv6.addr.dst));
1098
if (swkey->ip.frag != OVS_FRAG_TYPE_LATER) {
1099
err = ipv6_flow_from_nlattrs(swkey, &key_len, a, &attrs);
1103
} else if (swkey->eth.type == htons(ETH_P_ARP)) {
1104
const struct ovs_key_arp *arp_key;
1106
if (!(attrs & (1 << OVS_KEY_ATTR_ARP)))
1108
attrs &= ~(1 << OVS_KEY_ATTR_ARP);
1110
key_len = SW_FLOW_KEY_OFFSET(ipv4.arp);
1111
arp_key = nla_data(a[OVS_KEY_ATTR_ARP]);
1112
swkey->ipv4.addr.src = arp_key->arp_sip;
1113
swkey->ipv4.addr.dst = arp_key->arp_tip;
1114
if (arp_key->arp_op & htons(0xff00))
1116
swkey->ip.proto = ntohs(arp_key->arp_op);
1117
memcpy(swkey->ipv4.arp.sha, arp_key->arp_sha, ETH_ALEN);
1118
memcpy(swkey->ipv4.arp.tha, arp_key->arp_tha, ETH_ALEN);
1123
*key_lenp = key_len;
1129
* ovs_flow_metadata_from_nlattrs - parses Netlink attributes into a flow key.
1130
* @in_port: receives the extracted input port.
1131
* @tun_id: receives the extracted tunnel ID.
1132
* @key: Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink attribute
1135
* This parses a series of Netlink attributes that form a flow key, which must
1136
* take the same form accepted by flow_from_nlattrs(), but only enough of it to
1137
* get the metadata, that is, the parts of the flow key that cannot be
1138
* extracted from the packet itself.
1140
int ovs_flow_metadata_from_nlattrs(u32 *priority, u16 *in_port, __be64 *tun_id,
1141
const struct nlattr *attr)
1143
const struct nlattr *nla;
1146
*in_port = USHRT_MAX;
1150
nla_for_each_nested(nla, attr, rem) {
1151
int type = nla_type(nla);
1153
if (type <= OVS_KEY_ATTR_MAX && ovs_key_lens[type] > 0) {
1154
if (nla_len(nla) != ovs_key_lens[type])
1158
case OVS_KEY_ATTR_PRIORITY:
1159
*priority = nla_get_u32(nla);
1162
case OVS_KEY_ATTR_TUN_ID:
1163
*tun_id = nla_get_be64(nla);
1166
case OVS_KEY_ATTR_IN_PORT:
1167
if (nla_get_u32(nla) >= DP_MAX_PORTS)
1169
*in_port = nla_get_u32(nla);
1179
int ovs_flow_to_nlattrs(const struct sw_flow_key *swkey, struct sk_buff *skb)
1181
struct ovs_key_ethernet *eth_key;
1182
struct nlattr *nla, *encap;
1184
if (swkey->phy.priority)
1185
NLA_PUT_U32(skb, OVS_KEY_ATTR_PRIORITY, swkey->phy.priority);
1187
if (swkey->phy.tun_id != cpu_to_be64(0))
1188
NLA_PUT_BE64(skb, OVS_KEY_ATTR_TUN_ID, swkey->phy.tun_id);
1190
if (swkey->phy.in_port != USHRT_MAX)
1191
NLA_PUT_U32(skb, OVS_KEY_ATTR_IN_PORT, swkey->phy.in_port);
1193
nla = nla_reserve(skb, OVS_KEY_ATTR_ETHERNET, sizeof(*eth_key));
1195
goto nla_put_failure;
1196
eth_key = nla_data(nla);
1197
memcpy(eth_key->eth_src, swkey->eth.src, ETH_ALEN);
1198
memcpy(eth_key->eth_dst, swkey->eth.dst, ETH_ALEN);
1200
if (swkey->eth.tci || swkey->eth.type == htons(ETH_P_8021Q)) {
1201
NLA_PUT_BE16(skb, OVS_KEY_ATTR_ETHERTYPE, htons(ETH_P_8021Q));
1202
NLA_PUT_BE16(skb, OVS_KEY_ATTR_VLAN, swkey->eth.tci);
1203
encap = nla_nest_start(skb, OVS_KEY_ATTR_ENCAP);
1204
if (!swkey->eth.tci)
1210
if (swkey->eth.type == htons(ETH_P_802_2))
1213
NLA_PUT_BE16(skb, OVS_KEY_ATTR_ETHERTYPE, swkey->eth.type);
1215
if (swkey->eth.type == htons(ETH_P_IP)) {
1216
struct ovs_key_ipv4 *ipv4_key;
1218
nla = nla_reserve(skb, OVS_KEY_ATTR_IPV4, sizeof(*ipv4_key));
1220
goto nla_put_failure;
1221
ipv4_key = nla_data(nla);
1222
ipv4_key->ipv4_src = swkey->ipv4.addr.src;
1223
ipv4_key->ipv4_dst = swkey->ipv4.addr.dst;
1224
ipv4_key->ipv4_proto = swkey->ip.proto;
1225
ipv4_key->ipv4_tos = swkey->ip.tos;
1226
ipv4_key->ipv4_ttl = swkey->ip.ttl;
1227
ipv4_key->ipv4_frag = swkey->ip.frag;
1228
} else if (swkey->eth.type == htons(ETH_P_IPV6)) {
1229
struct ovs_key_ipv6 *ipv6_key;
1231
nla = nla_reserve(skb, OVS_KEY_ATTR_IPV6, sizeof(*ipv6_key));
1233
goto nla_put_failure;
1234
ipv6_key = nla_data(nla);
1235
memcpy(ipv6_key->ipv6_src, &swkey->ipv6.addr.src,
1236
sizeof(ipv6_key->ipv6_src));
1237
memcpy(ipv6_key->ipv6_dst, &swkey->ipv6.addr.dst,
1238
sizeof(ipv6_key->ipv6_dst));
1239
ipv6_key->ipv6_label = swkey->ipv6.label;
1240
ipv6_key->ipv6_proto = swkey->ip.proto;
1241
ipv6_key->ipv6_tclass = swkey->ip.tos;
1242
ipv6_key->ipv6_hlimit = swkey->ip.ttl;
1243
ipv6_key->ipv6_frag = swkey->ip.frag;
1244
} else if (swkey->eth.type == htons(ETH_P_ARP)) {
1245
struct ovs_key_arp *arp_key;
1247
nla = nla_reserve(skb, OVS_KEY_ATTR_ARP, sizeof(*arp_key));
1249
goto nla_put_failure;
1250
arp_key = nla_data(nla);
1251
memset(arp_key, 0, sizeof(struct ovs_key_arp));
1252
arp_key->arp_sip = swkey->ipv4.addr.src;
1253
arp_key->arp_tip = swkey->ipv4.addr.dst;
1254
arp_key->arp_op = htons(swkey->ip.proto);
1255
memcpy(arp_key->arp_sha, swkey->ipv4.arp.sha, ETH_ALEN);
1256
memcpy(arp_key->arp_tha, swkey->ipv4.arp.tha, ETH_ALEN);
1259
if ((swkey->eth.type == htons(ETH_P_IP) ||
1260
swkey->eth.type == htons(ETH_P_IPV6)) &&
1261
swkey->ip.frag != OVS_FRAG_TYPE_LATER) {
1263
if (swkey->ip.proto == IPPROTO_TCP) {
1264
struct ovs_key_tcp *tcp_key;
1266
nla = nla_reserve(skb, OVS_KEY_ATTR_TCP, sizeof(*tcp_key));
1268
goto nla_put_failure;
1269
tcp_key = nla_data(nla);
1270
if (swkey->eth.type == htons(ETH_P_IP)) {
1271
tcp_key->tcp_src = swkey->ipv4.tp.src;
1272
tcp_key->tcp_dst = swkey->ipv4.tp.dst;
1273
} else if (swkey->eth.type == htons(ETH_P_IPV6)) {
1274
tcp_key->tcp_src = swkey->ipv6.tp.src;
1275
tcp_key->tcp_dst = swkey->ipv6.tp.dst;
1277
} else if (swkey->ip.proto == IPPROTO_UDP) {
1278
struct ovs_key_udp *udp_key;
1280
nla = nla_reserve(skb, OVS_KEY_ATTR_UDP, sizeof(*udp_key));
1282
goto nla_put_failure;
1283
udp_key = nla_data(nla);
1284
if (swkey->eth.type == htons(ETH_P_IP)) {
1285
udp_key->udp_src = swkey->ipv4.tp.src;
1286
udp_key->udp_dst = swkey->ipv4.tp.dst;
1287
} else if (swkey->eth.type == htons(ETH_P_IPV6)) {
1288
udp_key->udp_src = swkey->ipv6.tp.src;
1289
udp_key->udp_dst = swkey->ipv6.tp.dst;
1291
} else if (swkey->eth.type == htons(ETH_P_IP) &&
1292
swkey->ip.proto == IPPROTO_ICMP) {
1293
struct ovs_key_icmp *icmp_key;
1295
nla = nla_reserve(skb, OVS_KEY_ATTR_ICMP, sizeof(*icmp_key));
1297
goto nla_put_failure;
1298
icmp_key = nla_data(nla);
1299
icmp_key->icmp_type = ntohs(swkey->ipv4.tp.src);
1300
icmp_key->icmp_code = ntohs(swkey->ipv4.tp.dst);
1301
} else if (swkey->eth.type == htons(ETH_P_IPV6) &&
1302
swkey->ip.proto == IPPROTO_ICMPV6) {
1303
struct ovs_key_icmpv6 *icmpv6_key;
1305
nla = nla_reserve(skb, OVS_KEY_ATTR_ICMPV6,
1306
sizeof(*icmpv6_key));
1308
goto nla_put_failure;
1309
icmpv6_key = nla_data(nla);
1310
icmpv6_key->icmpv6_type = ntohs(swkey->ipv6.tp.src);
1311
icmpv6_key->icmpv6_code = ntohs(swkey->ipv6.tp.dst);
1313
if (icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_SOLICITATION ||
1314
icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_ADVERTISEMENT) {
1315
struct ovs_key_nd *nd_key;
1317
nla = nla_reserve(skb, OVS_KEY_ATTR_ND, sizeof(*nd_key));
1319
goto nla_put_failure;
1320
nd_key = nla_data(nla);
1321
memcpy(nd_key->nd_target, &swkey->ipv6.nd.target,
1322
sizeof(nd_key->nd_target));
1323
memcpy(nd_key->nd_sll, swkey->ipv6.nd.sll, ETH_ALEN);
1324
memcpy(nd_key->nd_tll, swkey->ipv6.nd.tll, ETH_ALEN);
1331
nla_nest_end(skb, encap);
1339
/* Initializes the flow module.
1340
* Returns zero if successful or a negative error code. */
1341
int ovs_flow_init(void)
1343
flow_cache = kmem_cache_create("sw_flow", sizeof(struct sw_flow), 0,
1345
if (flow_cache == NULL)
1348
get_random_bytes(&hash_seed, sizeof(hash_seed));
1353
/* Uninitializes the flow module. */
1354
void ovs_flow_exit(void)
1356
kmem_cache_destroy(flow_cache);