media: vicodec: add V4L2_CID_MIN_BUFFERS_FOR_OUTPUT
[linux/fpc-iii.git] / net / openvswitch / flow_netlink.c
blob54eb80dd2dc6f099bd903aefe58bf97ba875be4c
1 /*
2 * Copyright (c) 2007-2017 Nicira, Inc.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of version 2 of the GNU General Public
6 * License as published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
16 * 02110-1301, USA
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
21 #include "flow.h"
22 #include "datapath.h"
23 #include <linux/uaccess.h>
24 #include <linux/netdevice.h>
25 #include <linux/etherdevice.h>
26 #include <linux/if_ether.h>
27 #include <linux/if_vlan.h>
28 #include <net/llc_pdu.h>
29 #include <linux/kernel.h>
30 #include <linux/jhash.h>
31 #include <linux/jiffies.h>
32 #include <linux/llc.h>
33 #include <linux/module.h>
34 #include <linux/in.h>
35 #include <linux/rcupdate.h>
36 #include <linux/if_arp.h>
37 #include <linux/ip.h>
38 #include <linux/ipv6.h>
39 #include <linux/sctp.h>
40 #include <linux/tcp.h>
41 #include <linux/udp.h>
42 #include <linux/icmp.h>
43 #include <linux/icmpv6.h>
44 #include <linux/rculist.h>
45 #include <net/geneve.h>
46 #include <net/ip.h>
47 #include <net/ipv6.h>
48 #include <net/ndisc.h>
49 #include <net/mpls.h>
50 #include <net/vxlan.h>
51 #include <net/tun_proto.h>
52 #include <net/erspan.h>
54 #include "flow_netlink.h"
56 struct ovs_len_tbl {
57 int len;
58 const struct ovs_len_tbl *next;
61 #define OVS_ATTR_NESTED -1
62 #define OVS_ATTR_VARIABLE -2
64 static bool actions_may_change_flow(const struct nlattr *actions)
66 struct nlattr *nla;
67 int rem;
69 nla_for_each_nested(nla, actions, rem) {
70 u16 action = nla_type(nla);
72 switch (action) {
73 case OVS_ACTION_ATTR_OUTPUT:
74 case OVS_ACTION_ATTR_RECIRC:
75 case OVS_ACTION_ATTR_TRUNC:
76 case OVS_ACTION_ATTR_USERSPACE:
77 break;
79 case OVS_ACTION_ATTR_CT:
80 case OVS_ACTION_ATTR_CT_CLEAR:
81 case OVS_ACTION_ATTR_HASH:
82 case OVS_ACTION_ATTR_POP_ETH:
83 case OVS_ACTION_ATTR_POP_MPLS:
84 case OVS_ACTION_ATTR_POP_NSH:
85 case OVS_ACTION_ATTR_POP_VLAN:
86 case OVS_ACTION_ATTR_PUSH_ETH:
87 case OVS_ACTION_ATTR_PUSH_MPLS:
88 case OVS_ACTION_ATTR_PUSH_NSH:
89 case OVS_ACTION_ATTR_PUSH_VLAN:
90 case OVS_ACTION_ATTR_SAMPLE:
91 case OVS_ACTION_ATTR_SET:
92 case OVS_ACTION_ATTR_SET_MASKED:
93 case OVS_ACTION_ATTR_METER:
94 case OVS_ACTION_ATTR_CHECK_PKT_LEN:
95 default:
96 return true;
99 return false;
102 static void update_range(struct sw_flow_match *match,
103 size_t offset, size_t size, bool is_mask)
105 struct sw_flow_key_range *range;
106 size_t start = rounddown(offset, sizeof(long));
107 size_t end = roundup(offset + size, sizeof(long));
109 if (!is_mask)
110 range = &match->range;
111 else
112 range = &match->mask->range;
114 if (range->start == range->end) {
115 range->start = start;
116 range->end = end;
117 return;
120 if (range->start > start)
121 range->start = start;
123 if (range->end < end)
124 range->end = end;
127 #define SW_FLOW_KEY_PUT(match, field, value, is_mask) \
128 do { \
129 update_range(match, offsetof(struct sw_flow_key, field), \
130 sizeof((match)->key->field), is_mask); \
131 if (is_mask) \
132 (match)->mask->key.field = value; \
133 else \
134 (match)->key->field = value; \
135 } while (0)
137 #define SW_FLOW_KEY_MEMCPY_OFFSET(match, offset, value_p, len, is_mask) \
138 do { \
139 update_range(match, offset, len, is_mask); \
140 if (is_mask) \
141 memcpy((u8 *)&(match)->mask->key + offset, value_p, \
142 len); \
143 else \
144 memcpy((u8 *)(match)->key + offset, value_p, len); \
145 } while (0)
147 #define SW_FLOW_KEY_MEMCPY(match, field, value_p, len, is_mask) \
148 SW_FLOW_KEY_MEMCPY_OFFSET(match, offsetof(struct sw_flow_key, field), \
149 value_p, len, is_mask)
151 #define SW_FLOW_KEY_MEMSET_FIELD(match, field, value, is_mask) \
152 do { \
153 update_range(match, offsetof(struct sw_flow_key, field), \
154 sizeof((match)->key->field), is_mask); \
155 if (is_mask) \
156 memset((u8 *)&(match)->mask->key.field, value, \
157 sizeof((match)->mask->key.field)); \
158 else \
159 memset((u8 *)&(match)->key->field, value, \
160 sizeof((match)->key->field)); \
161 } while (0)
163 static bool match_validate(const struct sw_flow_match *match,
164 u64 key_attrs, u64 mask_attrs, bool log)
166 u64 key_expected = 0;
167 u64 mask_allowed = key_attrs; /* At most allow all key attributes */
169 /* The following mask attributes allowed only if they
170 * pass the validation tests. */
171 mask_allowed &= ~((1 << OVS_KEY_ATTR_IPV4)
172 | (1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4)
173 | (1 << OVS_KEY_ATTR_IPV6)
174 | (1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6)
175 | (1 << OVS_KEY_ATTR_TCP)
176 | (1 << OVS_KEY_ATTR_TCP_FLAGS)
177 | (1 << OVS_KEY_ATTR_UDP)
178 | (1 << OVS_KEY_ATTR_SCTP)
179 | (1 << OVS_KEY_ATTR_ICMP)
180 | (1 << OVS_KEY_ATTR_ICMPV6)
181 | (1 << OVS_KEY_ATTR_ARP)
182 | (1 << OVS_KEY_ATTR_ND)
183 | (1 << OVS_KEY_ATTR_MPLS)
184 | (1 << OVS_KEY_ATTR_NSH));
186 /* Always allowed mask fields. */
187 mask_allowed |= ((1 << OVS_KEY_ATTR_TUNNEL)
188 | (1 << OVS_KEY_ATTR_IN_PORT)
189 | (1 << OVS_KEY_ATTR_ETHERTYPE));
191 /* Check key attributes. */
192 if (match->key->eth.type == htons(ETH_P_ARP)
193 || match->key->eth.type == htons(ETH_P_RARP)) {
194 key_expected |= 1 << OVS_KEY_ATTR_ARP;
195 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
196 mask_allowed |= 1 << OVS_KEY_ATTR_ARP;
199 if (eth_p_mpls(match->key->eth.type)) {
200 key_expected |= 1 << OVS_KEY_ATTR_MPLS;
201 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
202 mask_allowed |= 1 << OVS_KEY_ATTR_MPLS;
205 if (match->key->eth.type == htons(ETH_P_IP)) {
206 key_expected |= 1 << OVS_KEY_ATTR_IPV4;
207 if (match->mask && match->mask->key.eth.type == htons(0xffff)) {
208 mask_allowed |= 1 << OVS_KEY_ATTR_IPV4;
209 mask_allowed |= 1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4;
212 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) {
213 if (match->key->ip.proto == IPPROTO_UDP) {
214 key_expected |= 1 << OVS_KEY_ATTR_UDP;
215 if (match->mask && (match->mask->key.ip.proto == 0xff))
216 mask_allowed |= 1 << OVS_KEY_ATTR_UDP;
219 if (match->key->ip.proto == IPPROTO_SCTP) {
220 key_expected |= 1 << OVS_KEY_ATTR_SCTP;
221 if (match->mask && (match->mask->key.ip.proto == 0xff))
222 mask_allowed |= 1 << OVS_KEY_ATTR_SCTP;
225 if (match->key->ip.proto == IPPROTO_TCP) {
226 key_expected |= 1 << OVS_KEY_ATTR_TCP;
227 key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
228 if (match->mask && (match->mask->key.ip.proto == 0xff)) {
229 mask_allowed |= 1 << OVS_KEY_ATTR_TCP;
230 mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
234 if (match->key->ip.proto == IPPROTO_ICMP) {
235 key_expected |= 1 << OVS_KEY_ATTR_ICMP;
236 if (match->mask && (match->mask->key.ip.proto == 0xff))
237 mask_allowed |= 1 << OVS_KEY_ATTR_ICMP;
242 if (match->key->eth.type == htons(ETH_P_IPV6)) {
243 key_expected |= 1 << OVS_KEY_ATTR_IPV6;
244 if (match->mask && match->mask->key.eth.type == htons(0xffff)) {
245 mask_allowed |= 1 << OVS_KEY_ATTR_IPV6;
246 mask_allowed |= 1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6;
249 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) {
250 if (match->key->ip.proto == IPPROTO_UDP) {
251 key_expected |= 1 << OVS_KEY_ATTR_UDP;
252 if (match->mask && (match->mask->key.ip.proto == 0xff))
253 mask_allowed |= 1 << OVS_KEY_ATTR_UDP;
256 if (match->key->ip.proto == IPPROTO_SCTP) {
257 key_expected |= 1 << OVS_KEY_ATTR_SCTP;
258 if (match->mask && (match->mask->key.ip.proto == 0xff))
259 mask_allowed |= 1 << OVS_KEY_ATTR_SCTP;
262 if (match->key->ip.proto == IPPROTO_TCP) {
263 key_expected |= 1 << OVS_KEY_ATTR_TCP;
264 key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
265 if (match->mask && (match->mask->key.ip.proto == 0xff)) {
266 mask_allowed |= 1 << OVS_KEY_ATTR_TCP;
267 mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
271 if (match->key->ip.proto == IPPROTO_ICMPV6) {
272 key_expected |= 1 << OVS_KEY_ATTR_ICMPV6;
273 if (match->mask && (match->mask->key.ip.proto == 0xff))
274 mask_allowed |= 1 << OVS_KEY_ATTR_ICMPV6;
276 if (match->key->tp.src ==
277 htons(NDISC_NEIGHBOUR_SOLICITATION) ||
278 match->key->tp.src == htons(NDISC_NEIGHBOUR_ADVERTISEMENT)) {
279 key_expected |= 1 << OVS_KEY_ATTR_ND;
280 /* Original direction conntrack tuple
281 * uses the same space as the ND fields
282 * in the key, so both are not allowed
283 * at the same time.
285 mask_allowed &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6);
286 if (match->mask && (match->mask->key.tp.src == htons(0xff)))
287 mask_allowed |= 1 << OVS_KEY_ATTR_ND;
293 if (match->key->eth.type == htons(ETH_P_NSH)) {
294 key_expected |= 1 << OVS_KEY_ATTR_NSH;
295 if (match->mask &&
296 match->mask->key.eth.type == htons(0xffff)) {
297 mask_allowed |= 1 << OVS_KEY_ATTR_NSH;
301 if ((key_attrs & key_expected) != key_expected) {
302 /* Key attributes check failed. */
303 OVS_NLERR(log, "Missing key (keys=%llx, expected=%llx)",
304 (unsigned long long)key_attrs,
305 (unsigned long long)key_expected);
306 return false;
309 if ((mask_attrs & mask_allowed) != mask_attrs) {
310 /* Mask attributes check failed. */
311 OVS_NLERR(log, "Unexpected mask (mask=%llx, allowed=%llx)",
312 (unsigned long long)mask_attrs,
313 (unsigned long long)mask_allowed);
314 return false;
317 return true;
320 size_t ovs_tun_key_attr_size(void)
322 /* Whenever adding new OVS_TUNNEL_KEY_ FIELDS, we should consider
323 * updating this function.
325 return nla_total_size_64bit(8) /* OVS_TUNNEL_KEY_ATTR_ID */
326 + nla_total_size(16) /* OVS_TUNNEL_KEY_ATTR_IPV[46]_SRC */
327 + nla_total_size(16) /* OVS_TUNNEL_KEY_ATTR_IPV[46]_DST */
328 + nla_total_size(1) /* OVS_TUNNEL_KEY_ATTR_TOS */
329 + nla_total_size(1) /* OVS_TUNNEL_KEY_ATTR_TTL */
330 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT */
331 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_CSUM */
332 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_OAM */
333 + nla_total_size(256) /* OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS */
334 /* OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS and
335 * OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS is mutually exclusive with
336 * OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS and covered by it.
338 + nla_total_size(2) /* OVS_TUNNEL_KEY_ATTR_TP_SRC */
339 + nla_total_size(2); /* OVS_TUNNEL_KEY_ATTR_TP_DST */
342 static size_t ovs_nsh_key_attr_size(void)
344 /* Whenever adding new OVS_NSH_KEY_ FIELDS, we should consider
345 * updating this function.
347 return nla_total_size(NSH_BASE_HDR_LEN) /* OVS_NSH_KEY_ATTR_BASE */
348 /* OVS_NSH_KEY_ATTR_MD1 and OVS_NSH_KEY_ATTR_MD2 are
349 * mutually exclusive, so the bigger one can cover
350 * the small one.
352 + nla_total_size(NSH_CTX_HDRS_MAX_LEN);
355 size_t ovs_key_attr_size(void)
357 /* Whenever adding new OVS_KEY_ FIELDS, we should consider
358 * updating this function.
360 BUILD_BUG_ON(OVS_KEY_ATTR_TUNNEL_INFO != 29);
362 return nla_total_size(4) /* OVS_KEY_ATTR_PRIORITY */
363 + nla_total_size(0) /* OVS_KEY_ATTR_TUNNEL */
364 + ovs_tun_key_attr_size()
365 + nla_total_size(4) /* OVS_KEY_ATTR_IN_PORT */
366 + nla_total_size(4) /* OVS_KEY_ATTR_SKB_MARK */
367 + nla_total_size(4) /* OVS_KEY_ATTR_DP_HASH */
368 + nla_total_size(4) /* OVS_KEY_ATTR_RECIRC_ID */
369 + nla_total_size(4) /* OVS_KEY_ATTR_CT_STATE */
370 + nla_total_size(2) /* OVS_KEY_ATTR_CT_ZONE */
371 + nla_total_size(4) /* OVS_KEY_ATTR_CT_MARK */
372 + nla_total_size(16) /* OVS_KEY_ATTR_CT_LABELS */
373 + nla_total_size(40) /* OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6 */
374 + nla_total_size(0) /* OVS_KEY_ATTR_NSH */
375 + ovs_nsh_key_attr_size()
376 + nla_total_size(12) /* OVS_KEY_ATTR_ETHERNET */
377 + nla_total_size(2) /* OVS_KEY_ATTR_ETHERTYPE */
378 + nla_total_size(4) /* OVS_KEY_ATTR_VLAN */
379 + nla_total_size(0) /* OVS_KEY_ATTR_ENCAP */
380 + nla_total_size(2) /* OVS_KEY_ATTR_ETHERTYPE */
381 + nla_total_size(40) /* OVS_KEY_ATTR_IPV6 */
382 + nla_total_size(2) /* OVS_KEY_ATTR_ICMPV6 */
383 + nla_total_size(28); /* OVS_KEY_ATTR_ND */
386 static const struct ovs_len_tbl ovs_vxlan_ext_key_lens[OVS_VXLAN_EXT_MAX + 1] = {
387 [OVS_VXLAN_EXT_GBP] = { .len = sizeof(u32) },
390 static const struct ovs_len_tbl ovs_tunnel_key_lens[OVS_TUNNEL_KEY_ATTR_MAX + 1] = {
391 [OVS_TUNNEL_KEY_ATTR_ID] = { .len = sizeof(u64) },
392 [OVS_TUNNEL_KEY_ATTR_IPV4_SRC] = { .len = sizeof(u32) },
393 [OVS_TUNNEL_KEY_ATTR_IPV4_DST] = { .len = sizeof(u32) },
394 [OVS_TUNNEL_KEY_ATTR_TOS] = { .len = 1 },
395 [OVS_TUNNEL_KEY_ATTR_TTL] = { .len = 1 },
396 [OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT] = { .len = 0 },
397 [OVS_TUNNEL_KEY_ATTR_CSUM] = { .len = 0 },
398 [OVS_TUNNEL_KEY_ATTR_TP_SRC] = { .len = sizeof(u16) },
399 [OVS_TUNNEL_KEY_ATTR_TP_DST] = { .len = sizeof(u16) },
400 [OVS_TUNNEL_KEY_ATTR_OAM] = { .len = 0 },
401 [OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS] = { .len = OVS_ATTR_VARIABLE },
402 [OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS] = { .len = OVS_ATTR_NESTED,
403 .next = ovs_vxlan_ext_key_lens },
404 [OVS_TUNNEL_KEY_ATTR_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
405 [OVS_TUNNEL_KEY_ATTR_IPV6_DST] = { .len = sizeof(struct in6_addr) },
406 [OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS] = { .len = OVS_ATTR_VARIABLE },
407 [OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE] = { .len = 0 },
410 static const struct ovs_len_tbl
411 ovs_nsh_key_attr_lens[OVS_NSH_KEY_ATTR_MAX + 1] = {
412 [OVS_NSH_KEY_ATTR_BASE] = { .len = sizeof(struct ovs_nsh_key_base) },
413 [OVS_NSH_KEY_ATTR_MD1] = { .len = sizeof(struct ovs_nsh_key_md1) },
414 [OVS_NSH_KEY_ATTR_MD2] = { .len = OVS_ATTR_VARIABLE },
417 /* The size of the argument for each %OVS_KEY_ATTR_* Netlink attribute. */
418 static const struct ovs_len_tbl ovs_key_lens[OVS_KEY_ATTR_MAX + 1] = {
419 [OVS_KEY_ATTR_ENCAP] = { .len = OVS_ATTR_NESTED },
420 [OVS_KEY_ATTR_PRIORITY] = { .len = sizeof(u32) },
421 [OVS_KEY_ATTR_IN_PORT] = { .len = sizeof(u32) },
422 [OVS_KEY_ATTR_SKB_MARK] = { .len = sizeof(u32) },
423 [OVS_KEY_ATTR_ETHERNET] = { .len = sizeof(struct ovs_key_ethernet) },
424 [OVS_KEY_ATTR_VLAN] = { .len = sizeof(__be16) },
425 [OVS_KEY_ATTR_ETHERTYPE] = { .len = sizeof(__be16) },
426 [OVS_KEY_ATTR_IPV4] = { .len = sizeof(struct ovs_key_ipv4) },
427 [OVS_KEY_ATTR_IPV6] = { .len = sizeof(struct ovs_key_ipv6) },
428 [OVS_KEY_ATTR_TCP] = { .len = sizeof(struct ovs_key_tcp) },
429 [OVS_KEY_ATTR_TCP_FLAGS] = { .len = sizeof(__be16) },
430 [OVS_KEY_ATTR_UDP] = { .len = sizeof(struct ovs_key_udp) },
431 [OVS_KEY_ATTR_SCTP] = { .len = sizeof(struct ovs_key_sctp) },
432 [OVS_KEY_ATTR_ICMP] = { .len = sizeof(struct ovs_key_icmp) },
433 [OVS_KEY_ATTR_ICMPV6] = { .len = sizeof(struct ovs_key_icmpv6) },
434 [OVS_KEY_ATTR_ARP] = { .len = sizeof(struct ovs_key_arp) },
435 [OVS_KEY_ATTR_ND] = { .len = sizeof(struct ovs_key_nd) },
436 [OVS_KEY_ATTR_RECIRC_ID] = { .len = sizeof(u32) },
437 [OVS_KEY_ATTR_DP_HASH] = { .len = sizeof(u32) },
438 [OVS_KEY_ATTR_TUNNEL] = { .len = OVS_ATTR_NESTED,
439 .next = ovs_tunnel_key_lens, },
440 [OVS_KEY_ATTR_MPLS] = { .len = sizeof(struct ovs_key_mpls) },
441 [OVS_KEY_ATTR_CT_STATE] = { .len = sizeof(u32) },
442 [OVS_KEY_ATTR_CT_ZONE] = { .len = sizeof(u16) },
443 [OVS_KEY_ATTR_CT_MARK] = { .len = sizeof(u32) },
444 [OVS_KEY_ATTR_CT_LABELS] = { .len = sizeof(struct ovs_key_ct_labels) },
445 [OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4] = {
446 .len = sizeof(struct ovs_key_ct_tuple_ipv4) },
447 [OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6] = {
448 .len = sizeof(struct ovs_key_ct_tuple_ipv6) },
449 [OVS_KEY_ATTR_NSH] = { .len = OVS_ATTR_NESTED,
450 .next = ovs_nsh_key_attr_lens, },
453 static bool check_attr_len(unsigned int attr_len, unsigned int expected_len)
455 return expected_len == attr_len ||
456 expected_len == OVS_ATTR_NESTED ||
457 expected_len == OVS_ATTR_VARIABLE;
460 static bool is_all_zero(const u8 *fp, size_t size)
462 int i;
464 if (!fp)
465 return false;
467 for (i = 0; i < size; i++)
468 if (fp[i])
469 return false;
471 return true;
474 static int __parse_flow_nlattrs(const struct nlattr *attr,
475 const struct nlattr *a[],
476 u64 *attrsp, bool log, bool nz)
478 const struct nlattr *nla;
479 u64 attrs;
480 int rem;
482 attrs = *attrsp;
483 nla_for_each_nested(nla, attr, rem) {
484 u16 type = nla_type(nla);
485 int expected_len;
487 if (type > OVS_KEY_ATTR_MAX) {
488 OVS_NLERR(log, "Key type %d is out of range max %d",
489 type, OVS_KEY_ATTR_MAX);
490 return -EINVAL;
493 if (attrs & (1 << type)) {
494 OVS_NLERR(log, "Duplicate key (type %d).", type);
495 return -EINVAL;
498 expected_len = ovs_key_lens[type].len;
499 if (!check_attr_len(nla_len(nla), expected_len)) {
500 OVS_NLERR(log, "Key %d has unexpected len %d expected %d",
501 type, nla_len(nla), expected_len);
502 return -EINVAL;
505 if (!nz || !is_all_zero(nla_data(nla), nla_len(nla))) {
506 attrs |= 1 << type;
507 a[type] = nla;
510 if (rem) {
511 OVS_NLERR(log, "Message has %d unknown bytes.", rem);
512 return -EINVAL;
515 *attrsp = attrs;
516 return 0;
519 static int parse_flow_mask_nlattrs(const struct nlattr *attr,
520 const struct nlattr *a[], u64 *attrsp,
521 bool log)
523 return __parse_flow_nlattrs(attr, a, attrsp, log, true);
526 int parse_flow_nlattrs(const struct nlattr *attr, const struct nlattr *a[],
527 u64 *attrsp, bool log)
529 return __parse_flow_nlattrs(attr, a, attrsp, log, false);
532 static int genev_tun_opt_from_nlattr(const struct nlattr *a,
533 struct sw_flow_match *match, bool is_mask,
534 bool log)
536 unsigned long opt_key_offset;
538 if (nla_len(a) > sizeof(match->key->tun_opts)) {
539 OVS_NLERR(log, "Geneve option length err (len %d, max %zu).",
540 nla_len(a), sizeof(match->key->tun_opts));
541 return -EINVAL;
544 if (nla_len(a) % 4 != 0) {
545 OVS_NLERR(log, "Geneve opt len %d is not a multiple of 4.",
546 nla_len(a));
547 return -EINVAL;
550 /* We need to record the length of the options passed
551 * down, otherwise packets with the same format but
552 * additional options will be silently matched.
554 if (!is_mask) {
555 SW_FLOW_KEY_PUT(match, tun_opts_len, nla_len(a),
556 false);
557 } else {
558 /* This is somewhat unusual because it looks at
559 * both the key and mask while parsing the
560 * attributes (and by extension assumes the key
561 * is parsed first). Normally, we would verify
562 * that each is the correct length and that the
563 * attributes line up in the validate function.
564 * However, that is difficult because this is
565 * variable length and we won't have the
566 * information later.
568 if (match->key->tun_opts_len != nla_len(a)) {
569 OVS_NLERR(log, "Geneve option len %d != mask len %d",
570 match->key->tun_opts_len, nla_len(a));
571 return -EINVAL;
574 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true);
577 opt_key_offset = TUN_METADATA_OFFSET(nla_len(a));
578 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, nla_data(a),
579 nla_len(a), is_mask);
580 return 0;
583 static int vxlan_tun_opt_from_nlattr(const struct nlattr *attr,
584 struct sw_flow_match *match, bool is_mask,
585 bool log)
587 struct nlattr *a;
588 int rem;
589 unsigned long opt_key_offset;
590 struct vxlan_metadata opts;
592 BUILD_BUG_ON(sizeof(opts) > sizeof(match->key->tun_opts));
594 memset(&opts, 0, sizeof(opts));
595 nla_for_each_nested(a, attr, rem) {
596 int type = nla_type(a);
598 if (type > OVS_VXLAN_EXT_MAX) {
599 OVS_NLERR(log, "VXLAN extension %d out of range max %d",
600 type, OVS_VXLAN_EXT_MAX);
601 return -EINVAL;
604 if (!check_attr_len(nla_len(a),
605 ovs_vxlan_ext_key_lens[type].len)) {
606 OVS_NLERR(log, "VXLAN extension %d has unexpected len %d expected %d",
607 type, nla_len(a),
608 ovs_vxlan_ext_key_lens[type].len);
609 return -EINVAL;
612 switch (type) {
613 case OVS_VXLAN_EXT_GBP:
614 opts.gbp = nla_get_u32(a);
615 break;
616 default:
617 OVS_NLERR(log, "Unknown VXLAN extension attribute %d",
618 type);
619 return -EINVAL;
622 if (rem) {
623 OVS_NLERR(log, "VXLAN extension message has %d unknown bytes.",
624 rem);
625 return -EINVAL;
628 if (!is_mask)
629 SW_FLOW_KEY_PUT(match, tun_opts_len, sizeof(opts), false);
630 else
631 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true);
633 opt_key_offset = TUN_METADATA_OFFSET(sizeof(opts));
634 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, &opts, sizeof(opts),
635 is_mask);
636 return 0;
639 static int erspan_tun_opt_from_nlattr(const struct nlattr *a,
640 struct sw_flow_match *match, bool is_mask,
641 bool log)
643 unsigned long opt_key_offset;
645 BUILD_BUG_ON(sizeof(struct erspan_metadata) >
646 sizeof(match->key->tun_opts));
648 if (nla_len(a) > sizeof(match->key->tun_opts)) {
649 OVS_NLERR(log, "ERSPAN option length err (len %d, max %zu).",
650 nla_len(a), sizeof(match->key->tun_opts));
651 return -EINVAL;
654 if (!is_mask)
655 SW_FLOW_KEY_PUT(match, tun_opts_len,
656 sizeof(struct erspan_metadata), false);
657 else
658 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true);
660 opt_key_offset = TUN_METADATA_OFFSET(nla_len(a));
661 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, nla_data(a),
662 nla_len(a), is_mask);
663 return 0;
666 static int ip_tun_from_nlattr(const struct nlattr *attr,
667 struct sw_flow_match *match, bool is_mask,
668 bool log)
670 bool ttl = false, ipv4 = false, ipv6 = false;
671 bool info_bridge_mode = false;
672 __be16 tun_flags = 0;
673 int opts_type = 0;
674 struct nlattr *a;
675 int rem;
677 nla_for_each_nested(a, attr, rem) {
678 int type = nla_type(a);
679 int err;
681 if (type > OVS_TUNNEL_KEY_ATTR_MAX) {
682 OVS_NLERR(log, "Tunnel attr %d out of range max %d",
683 type, OVS_TUNNEL_KEY_ATTR_MAX);
684 return -EINVAL;
687 if (!check_attr_len(nla_len(a),
688 ovs_tunnel_key_lens[type].len)) {
689 OVS_NLERR(log, "Tunnel attr %d has unexpected len %d expected %d",
690 type, nla_len(a), ovs_tunnel_key_lens[type].len);
691 return -EINVAL;
694 switch (type) {
695 case OVS_TUNNEL_KEY_ATTR_ID:
696 SW_FLOW_KEY_PUT(match, tun_key.tun_id,
697 nla_get_be64(a), is_mask);
698 tun_flags |= TUNNEL_KEY;
699 break;
700 case OVS_TUNNEL_KEY_ATTR_IPV4_SRC:
701 SW_FLOW_KEY_PUT(match, tun_key.u.ipv4.src,
702 nla_get_in_addr(a), is_mask);
703 ipv4 = true;
704 break;
705 case OVS_TUNNEL_KEY_ATTR_IPV4_DST:
706 SW_FLOW_KEY_PUT(match, tun_key.u.ipv4.dst,
707 nla_get_in_addr(a), is_mask);
708 ipv4 = true;
709 break;
710 case OVS_TUNNEL_KEY_ATTR_IPV6_SRC:
711 SW_FLOW_KEY_PUT(match, tun_key.u.ipv6.src,
712 nla_get_in6_addr(a), is_mask);
713 ipv6 = true;
714 break;
715 case OVS_TUNNEL_KEY_ATTR_IPV6_DST:
716 SW_FLOW_KEY_PUT(match, tun_key.u.ipv6.dst,
717 nla_get_in6_addr(a), is_mask);
718 ipv6 = true;
719 break;
720 case OVS_TUNNEL_KEY_ATTR_TOS:
721 SW_FLOW_KEY_PUT(match, tun_key.tos,
722 nla_get_u8(a), is_mask);
723 break;
724 case OVS_TUNNEL_KEY_ATTR_TTL:
725 SW_FLOW_KEY_PUT(match, tun_key.ttl,
726 nla_get_u8(a), is_mask);
727 ttl = true;
728 break;
729 case OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT:
730 tun_flags |= TUNNEL_DONT_FRAGMENT;
731 break;
732 case OVS_TUNNEL_KEY_ATTR_CSUM:
733 tun_flags |= TUNNEL_CSUM;
734 break;
735 case OVS_TUNNEL_KEY_ATTR_TP_SRC:
736 SW_FLOW_KEY_PUT(match, tun_key.tp_src,
737 nla_get_be16(a), is_mask);
738 break;
739 case OVS_TUNNEL_KEY_ATTR_TP_DST:
740 SW_FLOW_KEY_PUT(match, tun_key.tp_dst,
741 nla_get_be16(a), is_mask);
742 break;
743 case OVS_TUNNEL_KEY_ATTR_OAM:
744 tun_flags |= TUNNEL_OAM;
745 break;
746 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS:
747 if (opts_type) {
748 OVS_NLERR(log, "Multiple metadata blocks provided");
749 return -EINVAL;
752 err = genev_tun_opt_from_nlattr(a, match, is_mask, log);
753 if (err)
754 return err;
756 tun_flags |= TUNNEL_GENEVE_OPT;
757 opts_type = type;
758 break;
759 case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS:
760 if (opts_type) {
761 OVS_NLERR(log, "Multiple metadata blocks provided");
762 return -EINVAL;
765 err = vxlan_tun_opt_from_nlattr(a, match, is_mask, log);
766 if (err)
767 return err;
769 tun_flags |= TUNNEL_VXLAN_OPT;
770 opts_type = type;
771 break;
772 case OVS_TUNNEL_KEY_ATTR_PAD:
773 break;
774 case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS:
775 if (opts_type) {
776 OVS_NLERR(log, "Multiple metadata blocks provided");
777 return -EINVAL;
780 err = erspan_tun_opt_from_nlattr(a, match, is_mask,
781 log);
782 if (err)
783 return err;
785 tun_flags |= TUNNEL_ERSPAN_OPT;
786 opts_type = type;
787 break;
788 case OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE:
789 info_bridge_mode = true;
790 ipv4 = true;
791 break;
792 default:
793 OVS_NLERR(log, "Unknown IP tunnel attribute %d",
794 type);
795 return -EINVAL;
799 SW_FLOW_KEY_PUT(match, tun_key.tun_flags, tun_flags, is_mask);
800 if (is_mask)
801 SW_FLOW_KEY_MEMSET_FIELD(match, tun_proto, 0xff, true);
802 else
803 SW_FLOW_KEY_PUT(match, tun_proto, ipv6 ? AF_INET6 : AF_INET,
804 false);
806 if (rem > 0) {
807 OVS_NLERR(log, "IP tunnel attribute has %d unknown bytes.",
808 rem);
809 return -EINVAL;
812 if (ipv4 && ipv6) {
813 OVS_NLERR(log, "Mixed IPv4 and IPv6 tunnel attributes");
814 return -EINVAL;
817 if (!is_mask) {
818 if (!ipv4 && !ipv6) {
819 OVS_NLERR(log, "IP tunnel dst address not specified");
820 return -EINVAL;
822 if (ipv4) {
823 if (info_bridge_mode) {
824 if (match->key->tun_key.u.ipv4.src ||
825 match->key->tun_key.u.ipv4.dst ||
826 match->key->tun_key.tp_src ||
827 match->key->tun_key.tp_dst ||
828 match->key->tun_key.ttl ||
829 match->key->tun_key.tos ||
830 tun_flags & ~TUNNEL_KEY) {
831 OVS_NLERR(log, "IPv4 tun info is not correct");
832 return -EINVAL;
834 } else if (!match->key->tun_key.u.ipv4.dst) {
835 OVS_NLERR(log, "IPv4 tunnel dst address is zero");
836 return -EINVAL;
839 if (ipv6 && ipv6_addr_any(&match->key->tun_key.u.ipv6.dst)) {
840 OVS_NLERR(log, "IPv6 tunnel dst address is zero");
841 return -EINVAL;
844 if (!ttl && !info_bridge_mode) {
845 OVS_NLERR(log, "IP tunnel TTL not specified.");
846 return -EINVAL;
850 return opts_type;
853 static int vxlan_opt_to_nlattr(struct sk_buff *skb,
854 const void *tun_opts, int swkey_tun_opts_len)
856 const struct vxlan_metadata *opts = tun_opts;
857 struct nlattr *nla;
859 nla = nla_nest_start_noflag(skb, OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS);
860 if (!nla)
861 return -EMSGSIZE;
863 if (nla_put_u32(skb, OVS_VXLAN_EXT_GBP, opts->gbp) < 0)
864 return -EMSGSIZE;
866 nla_nest_end(skb, nla);
867 return 0;
870 static int __ip_tun_to_nlattr(struct sk_buff *skb,
871 const struct ip_tunnel_key *output,
872 const void *tun_opts, int swkey_tun_opts_len,
873 unsigned short tun_proto, u8 mode)
875 if (output->tun_flags & TUNNEL_KEY &&
876 nla_put_be64(skb, OVS_TUNNEL_KEY_ATTR_ID, output->tun_id,
877 OVS_TUNNEL_KEY_ATTR_PAD))
878 return -EMSGSIZE;
880 if (mode & IP_TUNNEL_INFO_BRIDGE)
881 return nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE)
882 ? -EMSGSIZE : 0;
884 switch (tun_proto) {
885 case AF_INET:
886 if (output->u.ipv4.src &&
887 nla_put_in_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV4_SRC,
888 output->u.ipv4.src))
889 return -EMSGSIZE;
890 if (output->u.ipv4.dst &&
891 nla_put_in_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV4_DST,
892 output->u.ipv4.dst))
893 return -EMSGSIZE;
894 break;
895 case AF_INET6:
896 if (!ipv6_addr_any(&output->u.ipv6.src) &&
897 nla_put_in6_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV6_SRC,
898 &output->u.ipv6.src))
899 return -EMSGSIZE;
900 if (!ipv6_addr_any(&output->u.ipv6.dst) &&
901 nla_put_in6_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV6_DST,
902 &output->u.ipv6.dst))
903 return -EMSGSIZE;
904 break;
906 if (output->tos &&
907 nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TOS, output->tos))
908 return -EMSGSIZE;
909 if (nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TTL, output->ttl))
910 return -EMSGSIZE;
911 if ((output->tun_flags & TUNNEL_DONT_FRAGMENT) &&
912 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT))
913 return -EMSGSIZE;
914 if ((output->tun_flags & TUNNEL_CSUM) &&
915 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_CSUM))
916 return -EMSGSIZE;
917 if (output->tp_src &&
918 nla_put_be16(skb, OVS_TUNNEL_KEY_ATTR_TP_SRC, output->tp_src))
919 return -EMSGSIZE;
920 if (output->tp_dst &&
921 nla_put_be16(skb, OVS_TUNNEL_KEY_ATTR_TP_DST, output->tp_dst))
922 return -EMSGSIZE;
923 if ((output->tun_flags & TUNNEL_OAM) &&
924 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_OAM))
925 return -EMSGSIZE;
926 if (swkey_tun_opts_len) {
927 if (output->tun_flags & TUNNEL_GENEVE_OPT &&
928 nla_put(skb, OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS,
929 swkey_tun_opts_len, tun_opts))
930 return -EMSGSIZE;
931 else if (output->tun_flags & TUNNEL_VXLAN_OPT &&
932 vxlan_opt_to_nlattr(skb, tun_opts, swkey_tun_opts_len))
933 return -EMSGSIZE;
934 else if (output->tun_flags & TUNNEL_ERSPAN_OPT &&
935 nla_put(skb, OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS,
936 swkey_tun_opts_len, tun_opts))
937 return -EMSGSIZE;
940 return 0;
943 static int ip_tun_to_nlattr(struct sk_buff *skb,
944 const struct ip_tunnel_key *output,
945 const void *tun_opts, int swkey_tun_opts_len,
946 unsigned short tun_proto, u8 mode)
948 struct nlattr *nla;
949 int err;
951 nla = nla_nest_start_noflag(skb, OVS_KEY_ATTR_TUNNEL);
952 if (!nla)
953 return -EMSGSIZE;
955 err = __ip_tun_to_nlattr(skb, output, tun_opts, swkey_tun_opts_len,
956 tun_proto, mode);
957 if (err)
958 return err;
960 nla_nest_end(skb, nla);
961 return 0;
964 int ovs_nla_put_tunnel_info(struct sk_buff *skb,
965 struct ip_tunnel_info *tun_info)
967 return __ip_tun_to_nlattr(skb, &tun_info->key,
968 ip_tunnel_info_opts(tun_info),
969 tun_info->options_len,
970 ip_tunnel_info_af(tun_info), tun_info->mode);
973 static int encode_vlan_from_nlattrs(struct sw_flow_match *match,
974 const struct nlattr *a[],
975 bool is_mask, bool inner)
977 __be16 tci = 0;
978 __be16 tpid = 0;
980 if (a[OVS_KEY_ATTR_VLAN])
981 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
983 if (a[OVS_KEY_ATTR_ETHERTYPE])
984 tpid = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
986 if (likely(!inner)) {
987 SW_FLOW_KEY_PUT(match, eth.vlan.tpid, tpid, is_mask);
988 SW_FLOW_KEY_PUT(match, eth.vlan.tci, tci, is_mask);
989 } else {
990 SW_FLOW_KEY_PUT(match, eth.cvlan.tpid, tpid, is_mask);
991 SW_FLOW_KEY_PUT(match, eth.cvlan.tci, tci, is_mask);
993 return 0;
996 static int validate_vlan_from_nlattrs(const struct sw_flow_match *match,
997 u64 key_attrs, bool inner,
998 const struct nlattr **a, bool log)
1000 __be16 tci = 0;
1002 if (!((key_attrs & (1 << OVS_KEY_ATTR_ETHERNET)) &&
1003 (key_attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) &&
1004 eth_type_vlan(nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE])))) {
1005 /* Not a VLAN. */
1006 return 0;
1009 if (!((key_attrs & (1 << OVS_KEY_ATTR_VLAN)) &&
1010 (key_attrs & (1 << OVS_KEY_ATTR_ENCAP)))) {
1011 OVS_NLERR(log, "Invalid %s frame", (inner) ? "C-VLAN" : "VLAN");
1012 return -EINVAL;
1015 if (a[OVS_KEY_ATTR_VLAN])
1016 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
1018 if (!(tci & htons(VLAN_CFI_MASK))) {
1019 if (tci) {
1020 OVS_NLERR(log, "%s TCI does not have VLAN_CFI_MASK bit set.",
1021 (inner) ? "C-VLAN" : "VLAN");
1022 return -EINVAL;
1023 } else if (nla_len(a[OVS_KEY_ATTR_ENCAP])) {
1024 /* Corner case for truncated VLAN header. */
1025 OVS_NLERR(log, "Truncated %s header has non-zero encap attribute.",
1026 (inner) ? "C-VLAN" : "VLAN");
1027 return -EINVAL;
1031 return 1;
1034 static int validate_vlan_mask_from_nlattrs(const struct sw_flow_match *match,
1035 u64 key_attrs, bool inner,
1036 const struct nlattr **a, bool log)
1038 __be16 tci = 0;
1039 __be16 tpid = 0;
1040 bool encap_valid = !!(match->key->eth.vlan.tci &
1041 htons(VLAN_CFI_MASK));
1042 bool i_encap_valid = !!(match->key->eth.cvlan.tci &
1043 htons(VLAN_CFI_MASK));
1045 if (!(key_attrs & (1 << OVS_KEY_ATTR_ENCAP))) {
1046 /* Not a VLAN. */
1047 return 0;
1050 if ((!inner && !encap_valid) || (inner && !i_encap_valid)) {
1051 OVS_NLERR(log, "Encap mask attribute is set for non-%s frame.",
1052 (inner) ? "C-VLAN" : "VLAN");
1053 return -EINVAL;
1056 if (a[OVS_KEY_ATTR_VLAN])
1057 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
1059 if (a[OVS_KEY_ATTR_ETHERTYPE])
1060 tpid = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
1062 if (tpid != htons(0xffff)) {
1063 OVS_NLERR(log, "Must have an exact match on %s TPID (mask=%x).",
1064 (inner) ? "C-VLAN" : "VLAN", ntohs(tpid));
1065 return -EINVAL;
1067 if (!(tci & htons(VLAN_CFI_MASK))) {
1068 OVS_NLERR(log, "%s TCI mask does not have exact match for VLAN_CFI_MASK bit.",
1069 (inner) ? "C-VLAN" : "VLAN");
1070 return -EINVAL;
1073 return 1;
1076 static int __parse_vlan_from_nlattrs(struct sw_flow_match *match,
1077 u64 *key_attrs, bool inner,
1078 const struct nlattr **a, bool is_mask,
1079 bool log)
1081 int err;
1082 const struct nlattr *encap;
1084 if (!is_mask)
1085 err = validate_vlan_from_nlattrs(match, *key_attrs, inner,
1086 a, log);
1087 else
1088 err = validate_vlan_mask_from_nlattrs(match, *key_attrs, inner,
1089 a, log);
1090 if (err <= 0)
1091 return err;
1093 err = encode_vlan_from_nlattrs(match, a, is_mask, inner);
1094 if (err)
1095 return err;
1097 *key_attrs &= ~(1 << OVS_KEY_ATTR_ENCAP);
1098 *key_attrs &= ~(1 << OVS_KEY_ATTR_VLAN);
1099 *key_attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE);
1101 encap = a[OVS_KEY_ATTR_ENCAP];
1103 if (!is_mask)
1104 err = parse_flow_nlattrs(encap, a, key_attrs, log);
1105 else
1106 err = parse_flow_mask_nlattrs(encap, a, key_attrs, log);
1108 return err;
1111 static int parse_vlan_from_nlattrs(struct sw_flow_match *match,
1112 u64 *key_attrs, const struct nlattr **a,
1113 bool is_mask, bool log)
1115 int err;
1116 bool encap_valid = false;
1118 err = __parse_vlan_from_nlattrs(match, key_attrs, false, a,
1119 is_mask, log);
1120 if (err)
1121 return err;
1123 encap_valid = !!(match->key->eth.vlan.tci & htons(VLAN_CFI_MASK));
1124 if (encap_valid) {
1125 err = __parse_vlan_from_nlattrs(match, key_attrs, true, a,
1126 is_mask, log);
1127 if (err)
1128 return err;
1131 return 0;
1134 static int parse_eth_type_from_nlattrs(struct sw_flow_match *match,
1135 u64 *attrs, const struct nlattr **a,
1136 bool is_mask, bool log)
1138 __be16 eth_type;
1140 eth_type = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
1141 if (is_mask) {
1142 /* Always exact match EtherType. */
1143 eth_type = htons(0xffff);
1144 } else if (!eth_proto_is_802_3(eth_type)) {
1145 OVS_NLERR(log, "EtherType %x is less than min %x",
1146 ntohs(eth_type), ETH_P_802_3_MIN);
1147 return -EINVAL;
1150 SW_FLOW_KEY_PUT(match, eth.type, eth_type, is_mask);
1151 *attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE);
1152 return 0;
1155 static int metadata_from_nlattrs(struct net *net, struct sw_flow_match *match,
1156 u64 *attrs, const struct nlattr **a,
1157 bool is_mask, bool log)
1159 u8 mac_proto = MAC_PROTO_ETHERNET;
1161 if (*attrs & (1 << OVS_KEY_ATTR_DP_HASH)) {
1162 u32 hash_val = nla_get_u32(a[OVS_KEY_ATTR_DP_HASH]);
1164 SW_FLOW_KEY_PUT(match, ovs_flow_hash, hash_val, is_mask);
1165 *attrs &= ~(1 << OVS_KEY_ATTR_DP_HASH);
1168 if (*attrs & (1 << OVS_KEY_ATTR_RECIRC_ID)) {
1169 u32 recirc_id = nla_get_u32(a[OVS_KEY_ATTR_RECIRC_ID]);
1171 SW_FLOW_KEY_PUT(match, recirc_id, recirc_id, is_mask);
1172 *attrs &= ~(1 << OVS_KEY_ATTR_RECIRC_ID);
1175 if (*attrs & (1 << OVS_KEY_ATTR_PRIORITY)) {
1176 SW_FLOW_KEY_PUT(match, phy.priority,
1177 nla_get_u32(a[OVS_KEY_ATTR_PRIORITY]), is_mask);
1178 *attrs &= ~(1 << OVS_KEY_ATTR_PRIORITY);
1181 if (*attrs & (1 << OVS_KEY_ATTR_IN_PORT)) {
1182 u32 in_port = nla_get_u32(a[OVS_KEY_ATTR_IN_PORT]);
1184 if (is_mask) {
1185 in_port = 0xffffffff; /* Always exact match in_port. */
1186 } else if (in_port >= DP_MAX_PORTS) {
1187 OVS_NLERR(log, "Port %d exceeds max allowable %d",
1188 in_port, DP_MAX_PORTS);
1189 return -EINVAL;
1192 SW_FLOW_KEY_PUT(match, phy.in_port, in_port, is_mask);
1193 *attrs &= ~(1 << OVS_KEY_ATTR_IN_PORT);
1194 } else if (!is_mask) {
1195 SW_FLOW_KEY_PUT(match, phy.in_port, DP_MAX_PORTS, is_mask);
1198 if (*attrs & (1 << OVS_KEY_ATTR_SKB_MARK)) {
1199 uint32_t mark = nla_get_u32(a[OVS_KEY_ATTR_SKB_MARK]);
1201 SW_FLOW_KEY_PUT(match, phy.skb_mark, mark, is_mask);
1202 *attrs &= ~(1 << OVS_KEY_ATTR_SKB_MARK);
1204 if (*attrs & (1 << OVS_KEY_ATTR_TUNNEL)) {
1205 if (ip_tun_from_nlattr(a[OVS_KEY_ATTR_TUNNEL], match,
1206 is_mask, log) < 0)
1207 return -EINVAL;
1208 *attrs &= ~(1 << OVS_KEY_ATTR_TUNNEL);
1211 if (*attrs & (1 << OVS_KEY_ATTR_CT_STATE) &&
1212 ovs_ct_verify(net, OVS_KEY_ATTR_CT_STATE)) {
1213 u32 ct_state = nla_get_u32(a[OVS_KEY_ATTR_CT_STATE]);
1215 if (ct_state & ~CT_SUPPORTED_MASK) {
1216 OVS_NLERR(log, "ct_state flags %08x unsupported",
1217 ct_state);
1218 return -EINVAL;
1221 SW_FLOW_KEY_PUT(match, ct_state, ct_state, is_mask);
1222 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_STATE);
1224 if (*attrs & (1 << OVS_KEY_ATTR_CT_ZONE) &&
1225 ovs_ct_verify(net, OVS_KEY_ATTR_CT_ZONE)) {
1226 u16 ct_zone = nla_get_u16(a[OVS_KEY_ATTR_CT_ZONE]);
1228 SW_FLOW_KEY_PUT(match, ct_zone, ct_zone, is_mask);
1229 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ZONE);
1231 if (*attrs & (1 << OVS_KEY_ATTR_CT_MARK) &&
1232 ovs_ct_verify(net, OVS_KEY_ATTR_CT_MARK)) {
1233 u32 mark = nla_get_u32(a[OVS_KEY_ATTR_CT_MARK]);
1235 SW_FLOW_KEY_PUT(match, ct.mark, mark, is_mask);
1236 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_MARK);
1238 if (*attrs & (1 << OVS_KEY_ATTR_CT_LABELS) &&
1239 ovs_ct_verify(net, OVS_KEY_ATTR_CT_LABELS)) {
1240 const struct ovs_key_ct_labels *cl;
1242 cl = nla_data(a[OVS_KEY_ATTR_CT_LABELS]);
1243 SW_FLOW_KEY_MEMCPY(match, ct.labels, cl->ct_labels,
1244 sizeof(*cl), is_mask);
1245 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_LABELS);
1247 if (*attrs & (1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4)) {
1248 const struct ovs_key_ct_tuple_ipv4 *ct;
1250 ct = nla_data(a[OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4]);
1252 SW_FLOW_KEY_PUT(match, ipv4.ct_orig.src, ct->ipv4_src, is_mask);
1253 SW_FLOW_KEY_PUT(match, ipv4.ct_orig.dst, ct->ipv4_dst, is_mask);
1254 SW_FLOW_KEY_PUT(match, ct.orig_tp.src, ct->src_port, is_mask);
1255 SW_FLOW_KEY_PUT(match, ct.orig_tp.dst, ct->dst_port, is_mask);
1256 SW_FLOW_KEY_PUT(match, ct_orig_proto, ct->ipv4_proto, is_mask);
1257 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4);
1259 if (*attrs & (1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6)) {
1260 const struct ovs_key_ct_tuple_ipv6 *ct;
1262 ct = nla_data(a[OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6]);
1264 SW_FLOW_KEY_MEMCPY(match, ipv6.ct_orig.src, &ct->ipv6_src,
1265 sizeof(match->key->ipv6.ct_orig.src),
1266 is_mask);
1267 SW_FLOW_KEY_MEMCPY(match, ipv6.ct_orig.dst, &ct->ipv6_dst,
1268 sizeof(match->key->ipv6.ct_orig.dst),
1269 is_mask);
1270 SW_FLOW_KEY_PUT(match, ct.orig_tp.src, ct->src_port, is_mask);
1271 SW_FLOW_KEY_PUT(match, ct.orig_tp.dst, ct->dst_port, is_mask);
1272 SW_FLOW_KEY_PUT(match, ct_orig_proto, ct->ipv6_proto, is_mask);
1273 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6);
1276 /* For layer 3 packets the Ethernet type is provided
1277 * and treated as metadata but no MAC addresses are provided.
1279 if (!(*attrs & (1ULL << OVS_KEY_ATTR_ETHERNET)) &&
1280 (*attrs & (1ULL << OVS_KEY_ATTR_ETHERTYPE)))
1281 mac_proto = MAC_PROTO_NONE;
1283 /* Always exact match mac_proto */
1284 SW_FLOW_KEY_PUT(match, mac_proto, is_mask ? 0xff : mac_proto, is_mask);
1286 if (mac_proto == MAC_PROTO_NONE)
1287 return parse_eth_type_from_nlattrs(match, attrs, a, is_mask,
1288 log);
1290 return 0;
1293 int nsh_hdr_from_nlattr(const struct nlattr *attr,
1294 struct nshhdr *nh, size_t size)
1296 struct nlattr *a;
1297 int rem;
1298 u8 flags = 0;
1299 u8 ttl = 0;
1300 int mdlen = 0;
1302 /* validate_nsh has check this, so we needn't do duplicate check here
1304 if (size < NSH_BASE_HDR_LEN)
1305 return -ENOBUFS;
1307 nla_for_each_nested(a, attr, rem) {
1308 int type = nla_type(a);
1310 switch (type) {
1311 case OVS_NSH_KEY_ATTR_BASE: {
1312 const struct ovs_nsh_key_base *base = nla_data(a);
1314 flags = base->flags;
1315 ttl = base->ttl;
1316 nh->np = base->np;
1317 nh->mdtype = base->mdtype;
1318 nh->path_hdr = base->path_hdr;
1319 break;
1321 case OVS_NSH_KEY_ATTR_MD1:
1322 mdlen = nla_len(a);
1323 if (mdlen > size - NSH_BASE_HDR_LEN)
1324 return -ENOBUFS;
1325 memcpy(&nh->md1, nla_data(a), mdlen);
1326 break;
1328 case OVS_NSH_KEY_ATTR_MD2:
1329 mdlen = nla_len(a);
1330 if (mdlen > size - NSH_BASE_HDR_LEN)
1331 return -ENOBUFS;
1332 memcpy(&nh->md2, nla_data(a), mdlen);
1333 break;
1335 default:
1336 return -EINVAL;
1340 /* nsh header length = NSH_BASE_HDR_LEN + mdlen */
1341 nh->ver_flags_ttl_len = 0;
1342 nsh_set_flags_ttl_len(nh, flags, ttl, NSH_BASE_HDR_LEN + mdlen);
1344 return 0;
1347 int nsh_key_from_nlattr(const struct nlattr *attr,
1348 struct ovs_key_nsh *nsh, struct ovs_key_nsh *nsh_mask)
1350 struct nlattr *a;
1351 int rem;
1353 /* validate_nsh has check this, so we needn't do duplicate check here
1355 nla_for_each_nested(a, attr, rem) {
1356 int type = nla_type(a);
1358 switch (type) {
1359 case OVS_NSH_KEY_ATTR_BASE: {
1360 const struct ovs_nsh_key_base *base = nla_data(a);
1361 const struct ovs_nsh_key_base *base_mask = base + 1;
1363 nsh->base = *base;
1364 nsh_mask->base = *base_mask;
1365 break;
1367 case OVS_NSH_KEY_ATTR_MD1: {
1368 const struct ovs_nsh_key_md1 *md1 = nla_data(a);
1369 const struct ovs_nsh_key_md1 *md1_mask = md1 + 1;
1371 memcpy(nsh->context, md1->context, sizeof(*md1));
1372 memcpy(nsh_mask->context, md1_mask->context,
1373 sizeof(*md1_mask));
1374 break;
1376 case OVS_NSH_KEY_ATTR_MD2:
1377 /* Not supported yet */
1378 return -ENOTSUPP;
1379 default:
1380 return -EINVAL;
1384 return 0;
1387 static int nsh_key_put_from_nlattr(const struct nlattr *attr,
1388 struct sw_flow_match *match, bool is_mask,
1389 bool is_push_nsh, bool log)
1391 struct nlattr *a;
1392 int rem;
1393 bool has_base = false;
1394 bool has_md1 = false;
1395 bool has_md2 = false;
1396 u8 mdtype = 0;
1397 int mdlen = 0;
1399 if (WARN_ON(is_push_nsh && is_mask))
1400 return -EINVAL;
1402 nla_for_each_nested(a, attr, rem) {
1403 int type = nla_type(a);
1404 int i;
1406 if (type > OVS_NSH_KEY_ATTR_MAX) {
1407 OVS_NLERR(log, "nsh attr %d is out of range max %d",
1408 type, OVS_NSH_KEY_ATTR_MAX);
1409 return -EINVAL;
1412 if (!check_attr_len(nla_len(a),
1413 ovs_nsh_key_attr_lens[type].len)) {
1414 OVS_NLERR(
1415 log,
1416 "nsh attr %d has unexpected len %d expected %d",
1417 type,
1418 nla_len(a),
1419 ovs_nsh_key_attr_lens[type].len
1421 return -EINVAL;
1424 switch (type) {
1425 case OVS_NSH_KEY_ATTR_BASE: {
1426 const struct ovs_nsh_key_base *base = nla_data(a);
1428 has_base = true;
1429 mdtype = base->mdtype;
1430 SW_FLOW_KEY_PUT(match, nsh.base.flags,
1431 base->flags, is_mask);
1432 SW_FLOW_KEY_PUT(match, nsh.base.ttl,
1433 base->ttl, is_mask);
1434 SW_FLOW_KEY_PUT(match, nsh.base.mdtype,
1435 base->mdtype, is_mask);
1436 SW_FLOW_KEY_PUT(match, nsh.base.np,
1437 base->np, is_mask);
1438 SW_FLOW_KEY_PUT(match, nsh.base.path_hdr,
1439 base->path_hdr, is_mask);
1440 break;
1442 case OVS_NSH_KEY_ATTR_MD1: {
1443 const struct ovs_nsh_key_md1 *md1 = nla_data(a);
1445 has_md1 = true;
1446 for (i = 0; i < NSH_MD1_CONTEXT_SIZE; i++)
1447 SW_FLOW_KEY_PUT(match, nsh.context[i],
1448 md1->context[i], is_mask);
1449 break;
1451 case OVS_NSH_KEY_ATTR_MD2:
1452 if (!is_push_nsh) /* Not supported MD type 2 yet */
1453 return -ENOTSUPP;
1455 has_md2 = true;
1456 mdlen = nla_len(a);
1457 if (mdlen > NSH_CTX_HDRS_MAX_LEN || mdlen <= 0) {
1458 OVS_NLERR(
1459 log,
1460 "Invalid MD length %d for MD type %d",
1461 mdlen,
1462 mdtype
1464 return -EINVAL;
1466 break;
1467 default:
1468 OVS_NLERR(log, "Unknown nsh attribute %d",
1469 type);
1470 return -EINVAL;
1474 if (rem > 0) {
1475 OVS_NLERR(log, "nsh attribute has %d unknown bytes.", rem);
1476 return -EINVAL;
1479 if (has_md1 && has_md2) {
1480 OVS_NLERR(
1482 "invalid nsh attribute: md1 and md2 are exclusive."
1484 return -EINVAL;
1487 if (!is_mask) {
1488 if ((has_md1 && mdtype != NSH_M_TYPE1) ||
1489 (has_md2 && mdtype != NSH_M_TYPE2)) {
1490 OVS_NLERR(1, "nsh attribute has unmatched MD type %d.",
1491 mdtype);
1492 return -EINVAL;
1495 if (is_push_nsh &&
1496 (!has_base || (!has_md1 && !has_md2))) {
1497 OVS_NLERR(
1499 "push_nsh: missing base or metadata attributes"
1501 return -EINVAL;
1505 return 0;
1508 static int ovs_key_from_nlattrs(struct net *net, struct sw_flow_match *match,
1509 u64 attrs, const struct nlattr **a,
1510 bool is_mask, bool log)
1512 int err;
1514 err = metadata_from_nlattrs(net, match, &attrs, a, is_mask, log);
1515 if (err)
1516 return err;
1518 if (attrs & (1 << OVS_KEY_ATTR_ETHERNET)) {
1519 const struct ovs_key_ethernet *eth_key;
1521 eth_key = nla_data(a[OVS_KEY_ATTR_ETHERNET]);
1522 SW_FLOW_KEY_MEMCPY(match, eth.src,
1523 eth_key->eth_src, ETH_ALEN, is_mask);
1524 SW_FLOW_KEY_MEMCPY(match, eth.dst,
1525 eth_key->eth_dst, ETH_ALEN, is_mask);
1526 attrs &= ~(1 << OVS_KEY_ATTR_ETHERNET);
1528 if (attrs & (1 << OVS_KEY_ATTR_VLAN)) {
1529 /* VLAN attribute is always parsed before getting here since it
1530 * may occur multiple times.
1532 OVS_NLERR(log, "VLAN attribute unexpected.");
1533 return -EINVAL;
1536 if (attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) {
1537 err = parse_eth_type_from_nlattrs(match, &attrs, a, is_mask,
1538 log);
1539 if (err)
1540 return err;
1541 } else if (!is_mask) {
1542 SW_FLOW_KEY_PUT(match, eth.type, htons(ETH_P_802_2), is_mask);
1544 } else if (!match->key->eth.type) {
1545 OVS_NLERR(log, "Either Ethernet header or EtherType is required.");
1546 return -EINVAL;
1549 if (attrs & (1 << OVS_KEY_ATTR_IPV4)) {
1550 const struct ovs_key_ipv4 *ipv4_key;
1552 ipv4_key = nla_data(a[OVS_KEY_ATTR_IPV4]);
1553 if (!is_mask && ipv4_key->ipv4_frag > OVS_FRAG_TYPE_MAX) {
1554 OVS_NLERR(log, "IPv4 frag type %d is out of range max %d",
1555 ipv4_key->ipv4_frag, OVS_FRAG_TYPE_MAX);
1556 return -EINVAL;
1558 SW_FLOW_KEY_PUT(match, ip.proto,
1559 ipv4_key->ipv4_proto, is_mask);
1560 SW_FLOW_KEY_PUT(match, ip.tos,
1561 ipv4_key->ipv4_tos, is_mask);
1562 SW_FLOW_KEY_PUT(match, ip.ttl,
1563 ipv4_key->ipv4_ttl, is_mask);
1564 SW_FLOW_KEY_PUT(match, ip.frag,
1565 ipv4_key->ipv4_frag, is_mask);
1566 SW_FLOW_KEY_PUT(match, ipv4.addr.src,
1567 ipv4_key->ipv4_src, is_mask);
1568 SW_FLOW_KEY_PUT(match, ipv4.addr.dst,
1569 ipv4_key->ipv4_dst, is_mask);
1570 attrs &= ~(1 << OVS_KEY_ATTR_IPV4);
1573 if (attrs & (1 << OVS_KEY_ATTR_IPV6)) {
1574 const struct ovs_key_ipv6 *ipv6_key;
1576 ipv6_key = nla_data(a[OVS_KEY_ATTR_IPV6]);
1577 if (!is_mask && ipv6_key->ipv6_frag > OVS_FRAG_TYPE_MAX) {
1578 OVS_NLERR(log, "IPv6 frag type %d is out of range max %d",
1579 ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX);
1580 return -EINVAL;
1583 if (!is_mask && ipv6_key->ipv6_label & htonl(0xFFF00000)) {
1584 OVS_NLERR(log, "IPv6 flow label %x is out of range (max=%x)",
1585 ntohl(ipv6_key->ipv6_label), (1 << 20) - 1);
1586 return -EINVAL;
1589 SW_FLOW_KEY_PUT(match, ipv6.label,
1590 ipv6_key->ipv6_label, is_mask);
1591 SW_FLOW_KEY_PUT(match, ip.proto,
1592 ipv6_key->ipv6_proto, is_mask);
1593 SW_FLOW_KEY_PUT(match, ip.tos,
1594 ipv6_key->ipv6_tclass, is_mask);
1595 SW_FLOW_KEY_PUT(match, ip.ttl,
1596 ipv6_key->ipv6_hlimit, is_mask);
1597 SW_FLOW_KEY_PUT(match, ip.frag,
1598 ipv6_key->ipv6_frag, is_mask);
1599 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.src,
1600 ipv6_key->ipv6_src,
1601 sizeof(match->key->ipv6.addr.src),
1602 is_mask);
1603 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.dst,
1604 ipv6_key->ipv6_dst,
1605 sizeof(match->key->ipv6.addr.dst),
1606 is_mask);
1608 attrs &= ~(1 << OVS_KEY_ATTR_IPV6);
1611 if (attrs & (1 << OVS_KEY_ATTR_ARP)) {
1612 const struct ovs_key_arp *arp_key;
1614 arp_key = nla_data(a[OVS_KEY_ATTR_ARP]);
1615 if (!is_mask && (arp_key->arp_op & htons(0xff00))) {
1616 OVS_NLERR(log, "Unknown ARP opcode (opcode=%d).",
1617 arp_key->arp_op);
1618 return -EINVAL;
1621 SW_FLOW_KEY_PUT(match, ipv4.addr.src,
1622 arp_key->arp_sip, is_mask);
1623 SW_FLOW_KEY_PUT(match, ipv4.addr.dst,
1624 arp_key->arp_tip, is_mask);
1625 SW_FLOW_KEY_PUT(match, ip.proto,
1626 ntohs(arp_key->arp_op), is_mask);
1627 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.sha,
1628 arp_key->arp_sha, ETH_ALEN, is_mask);
1629 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.tha,
1630 arp_key->arp_tha, ETH_ALEN, is_mask);
1632 attrs &= ~(1 << OVS_KEY_ATTR_ARP);
1635 if (attrs & (1 << OVS_KEY_ATTR_NSH)) {
1636 if (nsh_key_put_from_nlattr(a[OVS_KEY_ATTR_NSH], match,
1637 is_mask, false, log) < 0)
1638 return -EINVAL;
1639 attrs &= ~(1 << OVS_KEY_ATTR_NSH);
1642 if (attrs & (1 << OVS_KEY_ATTR_MPLS)) {
1643 const struct ovs_key_mpls *mpls_key;
1645 mpls_key = nla_data(a[OVS_KEY_ATTR_MPLS]);
1646 SW_FLOW_KEY_PUT(match, mpls.top_lse,
1647 mpls_key->mpls_lse, is_mask);
1649 attrs &= ~(1 << OVS_KEY_ATTR_MPLS);
1652 if (attrs & (1 << OVS_KEY_ATTR_TCP)) {
1653 const struct ovs_key_tcp *tcp_key;
1655 tcp_key = nla_data(a[OVS_KEY_ATTR_TCP]);
1656 SW_FLOW_KEY_PUT(match, tp.src, tcp_key->tcp_src, is_mask);
1657 SW_FLOW_KEY_PUT(match, tp.dst, tcp_key->tcp_dst, is_mask);
1658 attrs &= ~(1 << OVS_KEY_ATTR_TCP);
1661 if (attrs & (1 << OVS_KEY_ATTR_TCP_FLAGS)) {
1662 SW_FLOW_KEY_PUT(match, tp.flags,
1663 nla_get_be16(a[OVS_KEY_ATTR_TCP_FLAGS]),
1664 is_mask);
1665 attrs &= ~(1 << OVS_KEY_ATTR_TCP_FLAGS);
1668 if (attrs & (1 << OVS_KEY_ATTR_UDP)) {
1669 const struct ovs_key_udp *udp_key;
1671 udp_key = nla_data(a[OVS_KEY_ATTR_UDP]);
1672 SW_FLOW_KEY_PUT(match, tp.src, udp_key->udp_src, is_mask);
1673 SW_FLOW_KEY_PUT(match, tp.dst, udp_key->udp_dst, is_mask);
1674 attrs &= ~(1 << OVS_KEY_ATTR_UDP);
1677 if (attrs & (1 << OVS_KEY_ATTR_SCTP)) {
1678 const struct ovs_key_sctp *sctp_key;
1680 sctp_key = nla_data(a[OVS_KEY_ATTR_SCTP]);
1681 SW_FLOW_KEY_PUT(match, tp.src, sctp_key->sctp_src, is_mask);
1682 SW_FLOW_KEY_PUT(match, tp.dst, sctp_key->sctp_dst, is_mask);
1683 attrs &= ~(1 << OVS_KEY_ATTR_SCTP);
1686 if (attrs & (1 << OVS_KEY_ATTR_ICMP)) {
1687 const struct ovs_key_icmp *icmp_key;
1689 icmp_key = nla_data(a[OVS_KEY_ATTR_ICMP]);
1690 SW_FLOW_KEY_PUT(match, tp.src,
1691 htons(icmp_key->icmp_type), is_mask);
1692 SW_FLOW_KEY_PUT(match, tp.dst,
1693 htons(icmp_key->icmp_code), is_mask);
1694 attrs &= ~(1 << OVS_KEY_ATTR_ICMP);
1697 if (attrs & (1 << OVS_KEY_ATTR_ICMPV6)) {
1698 const struct ovs_key_icmpv6 *icmpv6_key;
1700 icmpv6_key = nla_data(a[OVS_KEY_ATTR_ICMPV6]);
1701 SW_FLOW_KEY_PUT(match, tp.src,
1702 htons(icmpv6_key->icmpv6_type), is_mask);
1703 SW_FLOW_KEY_PUT(match, tp.dst,
1704 htons(icmpv6_key->icmpv6_code), is_mask);
1705 attrs &= ~(1 << OVS_KEY_ATTR_ICMPV6);
1708 if (attrs & (1 << OVS_KEY_ATTR_ND)) {
1709 const struct ovs_key_nd *nd_key;
1711 nd_key = nla_data(a[OVS_KEY_ATTR_ND]);
1712 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.target,
1713 nd_key->nd_target,
1714 sizeof(match->key->ipv6.nd.target),
1715 is_mask);
1716 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.sll,
1717 nd_key->nd_sll, ETH_ALEN, is_mask);
1718 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.tll,
1719 nd_key->nd_tll, ETH_ALEN, is_mask);
1720 attrs &= ~(1 << OVS_KEY_ATTR_ND);
1723 if (attrs != 0) {
1724 OVS_NLERR(log, "Unknown key attributes %llx",
1725 (unsigned long long)attrs);
1726 return -EINVAL;
1729 return 0;
1732 static void nlattr_set(struct nlattr *attr, u8 val,
1733 const struct ovs_len_tbl *tbl)
1735 struct nlattr *nla;
1736 int rem;
1738 /* The nlattr stream should already have been validated */
1739 nla_for_each_nested(nla, attr, rem) {
1740 if (tbl[nla_type(nla)].len == OVS_ATTR_NESTED)
1741 nlattr_set(nla, val, tbl[nla_type(nla)].next ? : tbl);
1742 else
1743 memset(nla_data(nla), val, nla_len(nla));
1745 if (nla_type(nla) == OVS_KEY_ATTR_CT_STATE)
1746 *(u32 *)nla_data(nla) &= CT_SUPPORTED_MASK;
1750 static void mask_set_nlattr(struct nlattr *attr, u8 val)
1752 nlattr_set(attr, val, ovs_key_lens);
1756 * ovs_nla_get_match - parses Netlink attributes into a flow key and
1757 * mask. In case the 'mask' is NULL, the flow is treated as exact match
1758 * flow. Otherwise, it is treated as a wildcarded flow, except the mask
1759 * does not include any don't care bit.
1760 * @net: Used to determine per-namespace field support.
1761 * @match: receives the extracted flow match information.
1762 * @key: Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink attribute
1763 * sequence. The fields should of the packet that triggered the creation
1764 * of this flow.
1765 * @mask: Optional. Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink
1766 * attribute specifies the mask field of the wildcarded flow.
1767 * @log: Boolean to allow kernel error logging. Normally true, but when
1768 * probing for feature compatibility this should be passed in as false to
1769 * suppress unnecessary error logging.
1771 int ovs_nla_get_match(struct net *net, struct sw_flow_match *match,
1772 const struct nlattr *nla_key,
1773 const struct nlattr *nla_mask,
1774 bool log)
1776 const struct nlattr *a[OVS_KEY_ATTR_MAX + 1];
1777 struct nlattr *newmask = NULL;
1778 u64 key_attrs = 0;
1779 u64 mask_attrs = 0;
1780 int err;
1782 err = parse_flow_nlattrs(nla_key, a, &key_attrs, log);
1783 if (err)
1784 return err;
1786 err = parse_vlan_from_nlattrs(match, &key_attrs, a, false, log);
1787 if (err)
1788 return err;
1790 err = ovs_key_from_nlattrs(net, match, key_attrs, a, false, log);
1791 if (err)
1792 return err;
1794 if (match->mask) {
1795 if (!nla_mask) {
1796 /* Create an exact match mask. We need to set to 0xff
1797 * all the 'match->mask' fields that have been touched
1798 * in 'match->key'. We cannot simply memset
1799 * 'match->mask', because padding bytes and fields not
1800 * specified in 'match->key' should be left to 0.
1801 * Instead, we use a stream of netlink attributes,
1802 * copied from 'key' and set to 0xff.
1803 * ovs_key_from_nlattrs() will take care of filling
1804 * 'match->mask' appropriately.
1806 newmask = kmemdup(nla_key,
1807 nla_total_size(nla_len(nla_key)),
1808 GFP_KERNEL);
1809 if (!newmask)
1810 return -ENOMEM;
1812 mask_set_nlattr(newmask, 0xff);
1814 /* The userspace does not send tunnel attributes that
1815 * are 0, but we should not wildcard them nonetheless.
1817 if (match->key->tun_proto)
1818 SW_FLOW_KEY_MEMSET_FIELD(match, tun_key,
1819 0xff, true);
1821 nla_mask = newmask;
1824 err = parse_flow_mask_nlattrs(nla_mask, a, &mask_attrs, log);
1825 if (err)
1826 goto free_newmask;
1828 /* Always match on tci. */
1829 SW_FLOW_KEY_PUT(match, eth.vlan.tci, htons(0xffff), true);
1830 SW_FLOW_KEY_PUT(match, eth.cvlan.tci, htons(0xffff), true);
1832 err = parse_vlan_from_nlattrs(match, &mask_attrs, a, true, log);
1833 if (err)
1834 goto free_newmask;
1836 err = ovs_key_from_nlattrs(net, match, mask_attrs, a, true,
1837 log);
1838 if (err)
1839 goto free_newmask;
1842 if (!match_validate(match, key_attrs, mask_attrs, log))
1843 err = -EINVAL;
1845 free_newmask:
1846 kfree(newmask);
1847 return err;
1850 static size_t get_ufid_len(const struct nlattr *attr, bool log)
1852 size_t len;
1854 if (!attr)
1855 return 0;
1857 len = nla_len(attr);
1858 if (len < 1 || len > MAX_UFID_LENGTH) {
1859 OVS_NLERR(log, "ufid size %u bytes exceeds the range (1, %d)",
1860 nla_len(attr), MAX_UFID_LENGTH);
1861 return 0;
1864 return len;
1867 /* Initializes 'flow->ufid', returning true if 'attr' contains a valid UFID,
1868 * or false otherwise.
1870 bool ovs_nla_get_ufid(struct sw_flow_id *sfid, const struct nlattr *attr,
1871 bool log)
1873 sfid->ufid_len = get_ufid_len(attr, log);
1874 if (sfid->ufid_len)
1875 memcpy(sfid->ufid, nla_data(attr), sfid->ufid_len);
1877 return sfid->ufid_len;
1880 int ovs_nla_get_identifier(struct sw_flow_id *sfid, const struct nlattr *ufid,
1881 const struct sw_flow_key *key, bool log)
1883 struct sw_flow_key *new_key;
1885 if (ovs_nla_get_ufid(sfid, ufid, log))
1886 return 0;
1888 /* If UFID was not provided, use unmasked key. */
1889 new_key = kmalloc(sizeof(*new_key), GFP_KERNEL);
1890 if (!new_key)
1891 return -ENOMEM;
1892 memcpy(new_key, key, sizeof(*key));
1893 sfid->unmasked_key = new_key;
1895 return 0;
1898 u32 ovs_nla_get_ufid_flags(const struct nlattr *attr)
1900 return attr ? nla_get_u32(attr) : 0;
1904 * ovs_nla_get_flow_metadata - parses Netlink attributes into a flow key.
1905 * @net: Network namespace.
1906 * @key: Receives extracted in_port, priority, tun_key, skb_mark and conntrack
1907 * metadata.
1908 * @a: Array of netlink attributes holding parsed %OVS_KEY_ATTR_* Netlink
1909 * attributes.
1910 * @attrs: Bit mask for the netlink attributes included in @a.
1911 * @log: Boolean to allow kernel error logging. Normally true, but when
1912 * probing for feature compatibility this should be passed in as false to
1913 * suppress unnecessary error logging.
1915 * This parses a series of Netlink attributes that form a flow key, which must
1916 * take the same form accepted by flow_from_nlattrs(), but only enough of it to
1917 * get the metadata, that is, the parts of the flow key that cannot be
1918 * extracted from the packet itself.
1920 * This must be called before the packet key fields are filled in 'key'.
1923 int ovs_nla_get_flow_metadata(struct net *net,
1924 const struct nlattr *a[OVS_KEY_ATTR_MAX + 1],
1925 u64 attrs, struct sw_flow_key *key, bool log)
1927 struct sw_flow_match match;
1929 memset(&match, 0, sizeof(match));
1930 match.key = key;
1932 key->ct_state = 0;
1933 key->ct_zone = 0;
1934 key->ct_orig_proto = 0;
1935 memset(&key->ct, 0, sizeof(key->ct));
1936 memset(&key->ipv4.ct_orig, 0, sizeof(key->ipv4.ct_orig));
1937 memset(&key->ipv6.ct_orig, 0, sizeof(key->ipv6.ct_orig));
1939 key->phy.in_port = DP_MAX_PORTS;
1941 return metadata_from_nlattrs(net, &match, &attrs, a, false, log);
1944 static int ovs_nla_put_vlan(struct sk_buff *skb, const struct vlan_head *vh,
1945 bool is_mask)
1947 __be16 eth_type = !is_mask ? vh->tpid : htons(0xffff);
1949 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, eth_type) ||
1950 nla_put_be16(skb, OVS_KEY_ATTR_VLAN, vh->tci))
1951 return -EMSGSIZE;
1952 return 0;
1955 static int nsh_key_to_nlattr(const struct ovs_key_nsh *nsh, bool is_mask,
1956 struct sk_buff *skb)
1958 struct nlattr *start;
1960 start = nla_nest_start_noflag(skb, OVS_KEY_ATTR_NSH);
1961 if (!start)
1962 return -EMSGSIZE;
1964 if (nla_put(skb, OVS_NSH_KEY_ATTR_BASE, sizeof(nsh->base), &nsh->base))
1965 goto nla_put_failure;
1967 if (is_mask || nsh->base.mdtype == NSH_M_TYPE1) {
1968 if (nla_put(skb, OVS_NSH_KEY_ATTR_MD1,
1969 sizeof(nsh->context), nsh->context))
1970 goto nla_put_failure;
1973 /* Don't support MD type 2 yet */
1975 nla_nest_end(skb, start);
1977 return 0;
1979 nla_put_failure:
1980 return -EMSGSIZE;
1983 static int __ovs_nla_put_key(const struct sw_flow_key *swkey,
1984 const struct sw_flow_key *output, bool is_mask,
1985 struct sk_buff *skb)
1987 struct ovs_key_ethernet *eth_key;
1988 struct nlattr *nla;
1989 struct nlattr *encap = NULL;
1990 struct nlattr *in_encap = NULL;
1992 if (nla_put_u32(skb, OVS_KEY_ATTR_RECIRC_ID, output->recirc_id))
1993 goto nla_put_failure;
1995 if (nla_put_u32(skb, OVS_KEY_ATTR_DP_HASH, output->ovs_flow_hash))
1996 goto nla_put_failure;
1998 if (nla_put_u32(skb, OVS_KEY_ATTR_PRIORITY, output->phy.priority))
1999 goto nla_put_failure;
2001 if ((swkey->tun_proto || is_mask)) {
2002 const void *opts = NULL;
2004 if (output->tun_key.tun_flags & TUNNEL_OPTIONS_PRESENT)
2005 opts = TUN_METADATA_OPTS(output, swkey->tun_opts_len);
2007 if (ip_tun_to_nlattr(skb, &output->tun_key, opts,
2008 swkey->tun_opts_len, swkey->tun_proto, 0))
2009 goto nla_put_failure;
2012 if (swkey->phy.in_port == DP_MAX_PORTS) {
2013 if (is_mask && (output->phy.in_port == 0xffff))
2014 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT, 0xffffffff))
2015 goto nla_put_failure;
2016 } else {
2017 u16 upper_u16;
2018 upper_u16 = !is_mask ? 0 : 0xffff;
2020 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT,
2021 (upper_u16 << 16) | output->phy.in_port))
2022 goto nla_put_failure;
2025 if (nla_put_u32(skb, OVS_KEY_ATTR_SKB_MARK, output->phy.skb_mark))
2026 goto nla_put_failure;
2028 if (ovs_ct_put_key(swkey, output, skb))
2029 goto nla_put_failure;
2031 if (ovs_key_mac_proto(swkey) == MAC_PROTO_ETHERNET) {
2032 nla = nla_reserve(skb, OVS_KEY_ATTR_ETHERNET, sizeof(*eth_key));
2033 if (!nla)
2034 goto nla_put_failure;
2036 eth_key = nla_data(nla);
2037 ether_addr_copy(eth_key->eth_src, output->eth.src);
2038 ether_addr_copy(eth_key->eth_dst, output->eth.dst);
2040 if (swkey->eth.vlan.tci || eth_type_vlan(swkey->eth.type)) {
2041 if (ovs_nla_put_vlan(skb, &output->eth.vlan, is_mask))
2042 goto nla_put_failure;
2043 encap = nla_nest_start_noflag(skb, OVS_KEY_ATTR_ENCAP);
2044 if (!swkey->eth.vlan.tci)
2045 goto unencap;
2047 if (swkey->eth.cvlan.tci || eth_type_vlan(swkey->eth.type)) {
2048 if (ovs_nla_put_vlan(skb, &output->eth.cvlan, is_mask))
2049 goto nla_put_failure;
2050 in_encap = nla_nest_start_noflag(skb,
2051 OVS_KEY_ATTR_ENCAP);
2052 if (!swkey->eth.cvlan.tci)
2053 goto unencap;
2057 if (swkey->eth.type == htons(ETH_P_802_2)) {
2059 * Ethertype 802.2 is represented in the netlink with omitted
2060 * OVS_KEY_ATTR_ETHERTYPE in the flow key attribute, and
2061 * 0xffff in the mask attribute. Ethertype can also
2062 * be wildcarded.
2064 if (is_mask && output->eth.type)
2065 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE,
2066 output->eth.type))
2067 goto nla_put_failure;
2068 goto unencap;
2072 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, output->eth.type))
2073 goto nla_put_failure;
2075 if (eth_type_vlan(swkey->eth.type)) {
2076 /* There are 3 VLAN tags, we don't know anything about the rest
2077 * of the packet, so truncate here.
2079 WARN_ON_ONCE(!(encap && in_encap));
2080 goto unencap;
2083 if (swkey->eth.type == htons(ETH_P_IP)) {
2084 struct ovs_key_ipv4 *ipv4_key;
2086 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV4, sizeof(*ipv4_key));
2087 if (!nla)
2088 goto nla_put_failure;
2089 ipv4_key = nla_data(nla);
2090 ipv4_key->ipv4_src = output->ipv4.addr.src;
2091 ipv4_key->ipv4_dst = output->ipv4.addr.dst;
2092 ipv4_key->ipv4_proto = output->ip.proto;
2093 ipv4_key->ipv4_tos = output->ip.tos;
2094 ipv4_key->ipv4_ttl = output->ip.ttl;
2095 ipv4_key->ipv4_frag = output->ip.frag;
2096 } else if (swkey->eth.type == htons(ETH_P_IPV6)) {
2097 struct ovs_key_ipv6 *ipv6_key;
2099 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV6, sizeof(*ipv6_key));
2100 if (!nla)
2101 goto nla_put_failure;
2102 ipv6_key = nla_data(nla);
2103 memcpy(ipv6_key->ipv6_src, &output->ipv6.addr.src,
2104 sizeof(ipv6_key->ipv6_src));
2105 memcpy(ipv6_key->ipv6_dst, &output->ipv6.addr.dst,
2106 sizeof(ipv6_key->ipv6_dst));
2107 ipv6_key->ipv6_label = output->ipv6.label;
2108 ipv6_key->ipv6_proto = output->ip.proto;
2109 ipv6_key->ipv6_tclass = output->ip.tos;
2110 ipv6_key->ipv6_hlimit = output->ip.ttl;
2111 ipv6_key->ipv6_frag = output->ip.frag;
2112 } else if (swkey->eth.type == htons(ETH_P_NSH)) {
2113 if (nsh_key_to_nlattr(&output->nsh, is_mask, skb))
2114 goto nla_put_failure;
2115 } else if (swkey->eth.type == htons(ETH_P_ARP) ||
2116 swkey->eth.type == htons(ETH_P_RARP)) {
2117 struct ovs_key_arp *arp_key;
2119 nla = nla_reserve(skb, OVS_KEY_ATTR_ARP, sizeof(*arp_key));
2120 if (!nla)
2121 goto nla_put_failure;
2122 arp_key = nla_data(nla);
2123 memset(arp_key, 0, sizeof(struct ovs_key_arp));
2124 arp_key->arp_sip = output->ipv4.addr.src;
2125 arp_key->arp_tip = output->ipv4.addr.dst;
2126 arp_key->arp_op = htons(output->ip.proto);
2127 ether_addr_copy(arp_key->arp_sha, output->ipv4.arp.sha);
2128 ether_addr_copy(arp_key->arp_tha, output->ipv4.arp.tha);
2129 } else if (eth_p_mpls(swkey->eth.type)) {
2130 struct ovs_key_mpls *mpls_key;
2132 nla = nla_reserve(skb, OVS_KEY_ATTR_MPLS, sizeof(*mpls_key));
2133 if (!nla)
2134 goto nla_put_failure;
2135 mpls_key = nla_data(nla);
2136 mpls_key->mpls_lse = output->mpls.top_lse;
2139 if ((swkey->eth.type == htons(ETH_P_IP) ||
2140 swkey->eth.type == htons(ETH_P_IPV6)) &&
2141 swkey->ip.frag != OVS_FRAG_TYPE_LATER) {
2143 if (swkey->ip.proto == IPPROTO_TCP) {
2144 struct ovs_key_tcp *tcp_key;
2146 nla = nla_reserve(skb, OVS_KEY_ATTR_TCP, sizeof(*tcp_key));
2147 if (!nla)
2148 goto nla_put_failure;
2149 tcp_key = nla_data(nla);
2150 tcp_key->tcp_src = output->tp.src;
2151 tcp_key->tcp_dst = output->tp.dst;
2152 if (nla_put_be16(skb, OVS_KEY_ATTR_TCP_FLAGS,
2153 output->tp.flags))
2154 goto nla_put_failure;
2155 } else if (swkey->ip.proto == IPPROTO_UDP) {
2156 struct ovs_key_udp *udp_key;
2158 nla = nla_reserve(skb, OVS_KEY_ATTR_UDP, sizeof(*udp_key));
2159 if (!nla)
2160 goto nla_put_failure;
2161 udp_key = nla_data(nla);
2162 udp_key->udp_src = output->tp.src;
2163 udp_key->udp_dst = output->tp.dst;
2164 } else if (swkey->ip.proto == IPPROTO_SCTP) {
2165 struct ovs_key_sctp *sctp_key;
2167 nla = nla_reserve(skb, OVS_KEY_ATTR_SCTP, sizeof(*sctp_key));
2168 if (!nla)
2169 goto nla_put_failure;
2170 sctp_key = nla_data(nla);
2171 sctp_key->sctp_src = output->tp.src;
2172 sctp_key->sctp_dst = output->tp.dst;
2173 } else if (swkey->eth.type == htons(ETH_P_IP) &&
2174 swkey->ip.proto == IPPROTO_ICMP) {
2175 struct ovs_key_icmp *icmp_key;
2177 nla = nla_reserve(skb, OVS_KEY_ATTR_ICMP, sizeof(*icmp_key));
2178 if (!nla)
2179 goto nla_put_failure;
2180 icmp_key = nla_data(nla);
2181 icmp_key->icmp_type = ntohs(output->tp.src);
2182 icmp_key->icmp_code = ntohs(output->tp.dst);
2183 } else if (swkey->eth.type == htons(ETH_P_IPV6) &&
2184 swkey->ip.proto == IPPROTO_ICMPV6) {
2185 struct ovs_key_icmpv6 *icmpv6_key;
2187 nla = nla_reserve(skb, OVS_KEY_ATTR_ICMPV6,
2188 sizeof(*icmpv6_key));
2189 if (!nla)
2190 goto nla_put_failure;
2191 icmpv6_key = nla_data(nla);
2192 icmpv6_key->icmpv6_type = ntohs(output->tp.src);
2193 icmpv6_key->icmpv6_code = ntohs(output->tp.dst);
2195 if (icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_SOLICITATION ||
2196 icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_ADVERTISEMENT) {
2197 struct ovs_key_nd *nd_key;
2199 nla = nla_reserve(skb, OVS_KEY_ATTR_ND, sizeof(*nd_key));
2200 if (!nla)
2201 goto nla_put_failure;
2202 nd_key = nla_data(nla);
2203 memcpy(nd_key->nd_target, &output->ipv6.nd.target,
2204 sizeof(nd_key->nd_target));
2205 ether_addr_copy(nd_key->nd_sll, output->ipv6.nd.sll);
2206 ether_addr_copy(nd_key->nd_tll, output->ipv6.nd.tll);
2211 unencap:
2212 if (in_encap)
2213 nla_nest_end(skb, in_encap);
2214 if (encap)
2215 nla_nest_end(skb, encap);
2217 return 0;
2219 nla_put_failure:
2220 return -EMSGSIZE;
2223 int ovs_nla_put_key(const struct sw_flow_key *swkey,
2224 const struct sw_flow_key *output, int attr, bool is_mask,
2225 struct sk_buff *skb)
2227 int err;
2228 struct nlattr *nla;
2230 nla = nla_nest_start_noflag(skb, attr);
2231 if (!nla)
2232 return -EMSGSIZE;
2233 err = __ovs_nla_put_key(swkey, output, is_mask, skb);
2234 if (err)
2235 return err;
2236 nla_nest_end(skb, nla);
2238 return 0;
2241 /* Called with ovs_mutex or RCU read lock. */
2242 int ovs_nla_put_identifier(const struct sw_flow *flow, struct sk_buff *skb)
2244 if (ovs_identifier_is_ufid(&flow->id))
2245 return nla_put(skb, OVS_FLOW_ATTR_UFID, flow->id.ufid_len,
2246 flow->id.ufid);
2248 return ovs_nla_put_key(flow->id.unmasked_key, flow->id.unmasked_key,
2249 OVS_FLOW_ATTR_KEY, false, skb);
2252 /* Called with ovs_mutex or RCU read lock. */
2253 int ovs_nla_put_masked_key(const struct sw_flow *flow, struct sk_buff *skb)
2255 return ovs_nla_put_key(&flow->key, &flow->key,
2256 OVS_FLOW_ATTR_KEY, false, skb);
2259 /* Called with ovs_mutex or RCU read lock. */
2260 int ovs_nla_put_mask(const struct sw_flow *flow, struct sk_buff *skb)
2262 return ovs_nla_put_key(&flow->key, &flow->mask->key,
2263 OVS_FLOW_ATTR_MASK, true, skb);
2266 #define MAX_ACTIONS_BUFSIZE (32 * 1024)
2268 static struct sw_flow_actions *nla_alloc_flow_actions(int size)
2270 struct sw_flow_actions *sfa;
2272 WARN_ON_ONCE(size > MAX_ACTIONS_BUFSIZE);
2274 sfa = kmalloc(sizeof(*sfa) + size, GFP_KERNEL);
2275 if (!sfa)
2276 return ERR_PTR(-ENOMEM);
2278 sfa->actions_len = 0;
2279 return sfa;
2282 static void ovs_nla_free_set_action(const struct nlattr *a)
2284 const struct nlattr *ovs_key = nla_data(a);
2285 struct ovs_tunnel_info *ovs_tun;
2287 switch (nla_type(ovs_key)) {
2288 case OVS_KEY_ATTR_TUNNEL_INFO:
2289 ovs_tun = nla_data(ovs_key);
2290 dst_release((struct dst_entry *)ovs_tun->tun_dst);
2291 break;
2295 void ovs_nla_free_flow_actions(struct sw_flow_actions *sf_acts)
2297 const struct nlattr *a;
2298 int rem;
2300 if (!sf_acts)
2301 return;
2303 nla_for_each_attr(a, sf_acts->actions, sf_acts->actions_len, rem) {
2304 switch (nla_type(a)) {
2305 case OVS_ACTION_ATTR_SET:
2306 ovs_nla_free_set_action(a);
2307 break;
2308 case OVS_ACTION_ATTR_CT:
2309 ovs_ct_free_action(a);
2310 break;
2314 kfree(sf_acts);
2317 static void __ovs_nla_free_flow_actions(struct rcu_head *head)
2319 ovs_nla_free_flow_actions(container_of(head, struct sw_flow_actions, rcu));
2322 /* Schedules 'sf_acts' to be freed after the next RCU grace period.
2323 * The caller must hold rcu_read_lock for this to be sensible. */
2324 void ovs_nla_free_flow_actions_rcu(struct sw_flow_actions *sf_acts)
2326 call_rcu(&sf_acts->rcu, __ovs_nla_free_flow_actions);
2329 static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa,
2330 int attr_len, bool log)
2333 struct sw_flow_actions *acts;
2334 int new_acts_size;
2335 size_t req_size = NLA_ALIGN(attr_len);
2336 int next_offset = offsetof(struct sw_flow_actions, actions) +
2337 (*sfa)->actions_len;
2339 if (req_size <= (ksize(*sfa) - next_offset))
2340 goto out;
2342 new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2);
2344 if (new_acts_size > MAX_ACTIONS_BUFSIZE) {
2345 if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) {
2346 OVS_NLERR(log, "Flow action size exceeds max %u",
2347 MAX_ACTIONS_BUFSIZE);
2348 return ERR_PTR(-EMSGSIZE);
2350 new_acts_size = MAX_ACTIONS_BUFSIZE;
2353 acts = nla_alloc_flow_actions(new_acts_size);
2354 if (IS_ERR(acts))
2355 return (void *)acts;
2357 memcpy(acts->actions, (*sfa)->actions, (*sfa)->actions_len);
2358 acts->actions_len = (*sfa)->actions_len;
2359 acts->orig_len = (*sfa)->orig_len;
2360 kfree(*sfa);
2361 *sfa = acts;
2363 out:
2364 (*sfa)->actions_len += req_size;
2365 return (struct nlattr *) ((unsigned char *)(*sfa) + next_offset);
2368 static struct nlattr *__add_action(struct sw_flow_actions **sfa,
2369 int attrtype, void *data, int len, bool log)
2371 struct nlattr *a;
2373 a = reserve_sfa_size(sfa, nla_attr_size(len), log);
2374 if (IS_ERR(a))
2375 return a;
2377 a->nla_type = attrtype;
2378 a->nla_len = nla_attr_size(len);
2380 if (data)
2381 memcpy(nla_data(a), data, len);
2382 memset((unsigned char *) a + a->nla_len, 0, nla_padlen(len));
2384 return a;
2387 int ovs_nla_add_action(struct sw_flow_actions **sfa, int attrtype, void *data,
2388 int len, bool log)
2390 struct nlattr *a;
2392 a = __add_action(sfa, attrtype, data, len, log);
2394 return PTR_ERR_OR_ZERO(a);
2397 static inline int add_nested_action_start(struct sw_flow_actions **sfa,
2398 int attrtype, bool log)
2400 int used = (*sfa)->actions_len;
2401 int err;
2403 err = ovs_nla_add_action(sfa, attrtype, NULL, 0, log);
2404 if (err)
2405 return err;
2407 return used;
2410 static inline void add_nested_action_end(struct sw_flow_actions *sfa,
2411 int st_offset)
2413 struct nlattr *a = (struct nlattr *) ((unsigned char *)sfa->actions +
2414 st_offset);
2416 a->nla_len = sfa->actions_len - st_offset;
2419 static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
2420 const struct sw_flow_key *key,
2421 struct sw_flow_actions **sfa,
2422 __be16 eth_type, __be16 vlan_tci, bool log);
2424 static int validate_and_copy_sample(struct net *net, const struct nlattr *attr,
2425 const struct sw_flow_key *key,
2426 struct sw_flow_actions **sfa,
2427 __be16 eth_type, __be16 vlan_tci,
2428 bool log, bool last)
2430 const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1];
2431 const struct nlattr *probability, *actions;
2432 const struct nlattr *a;
2433 int rem, start, err;
2434 struct sample_arg arg;
2436 memset(attrs, 0, sizeof(attrs));
2437 nla_for_each_nested(a, attr, rem) {
2438 int type = nla_type(a);
2439 if (!type || type > OVS_SAMPLE_ATTR_MAX || attrs[type])
2440 return -EINVAL;
2441 attrs[type] = a;
2443 if (rem)
2444 return -EINVAL;
2446 probability = attrs[OVS_SAMPLE_ATTR_PROBABILITY];
2447 if (!probability || nla_len(probability) != sizeof(u32))
2448 return -EINVAL;
2450 actions = attrs[OVS_SAMPLE_ATTR_ACTIONS];
2451 if (!actions || (nla_len(actions) && nla_len(actions) < NLA_HDRLEN))
2452 return -EINVAL;
2454 /* validation done, copy sample action. */
2455 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SAMPLE, log);
2456 if (start < 0)
2457 return start;
2459 /* When both skb and flow may be changed, put the sample
2460 * into a deferred fifo. On the other hand, if only skb
2461 * may be modified, the actions can be executed in place.
2463 * Do this analysis at the flow installation time.
2464 * Set 'clone_action->exec' to true if the actions can be
2465 * executed without being deferred.
2467 * If the sample is the last action, it can always be excuted
2468 * rather than deferred.
2470 arg.exec = last || !actions_may_change_flow(actions);
2471 arg.probability = nla_get_u32(probability);
2473 err = ovs_nla_add_action(sfa, OVS_SAMPLE_ATTR_ARG, &arg, sizeof(arg),
2474 log);
2475 if (err)
2476 return err;
2478 err = __ovs_nla_copy_actions(net, actions, key, sfa,
2479 eth_type, vlan_tci, log);
2481 if (err)
2482 return err;
2484 add_nested_action_end(*sfa, start);
2486 return 0;
2489 static int validate_and_copy_clone(struct net *net,
2490 const struct nlattr *attr,
2491 const struct sw_flow_key *key,
2492 struct sw_flow_actions **sfa,
2493 __be16 eth_type, __be16 vlan_tci,
2494 bool log, bool last)
2496 int start, err;
2497 u32 exec;
2499 if (nla_len(attr) && nla_len(attr) < NLA_HDRLEN)
2500 return -EINVAL;
2502 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_CLONE, log);
2503 if (start < 0)
2504 return start;
2506 exec = last || !actions_may_change_flow(attr);
2508 err = ovs_nla_add_action(sfa, OVS_CLONE_ATTR_EXEC, &exec,
2509 sizeof(exec), log);
2510 if (err)
2511 return err;
2513 err = __ovs_nla_copy_actions(net, attr, key, sfa,
2514 eth_type, vlan_tci, log);
2515 if (err)
2516 return err;
2518 add_nested_action_end(*sfa, start);
2520 return 0;
2523 void ovs_match_init(struct sw_flow_match *match,
2524 struct sw_flow_key *key,
2525 bool reset_key,
2526 struct sw_flow_mask *mask)
2528 memset(match, 0, sizeof(*match));
2529 match->key = key;
2530 match->mask = mask;
2532 if (reset_key)
2533 memset(key, 0, sizeof(*key));
2535 if (mask) {
2536 memset(&mask->key, 0, sizeof(mask->key));
2537 mask->range.start = mask->range.end = 0;
2541 static int validate_geneve_opts(struct sw_flow_key *key)
2543 struct geneve_opt *option;
2544 int opts_len = key->tun_opts_len;
2545 bool crit_opt = false;
2547 option = (struct geneve_opt *)TUN_METADATA_OPTS(key, key->tun_opts_len);
2548 while (opts_len > 0) {
2549 int len;
2551 if (opts_len < sizeof(*option))
2552 return -EINVAL;
2554 len = sizeof(*option) + option->length * 4;
2555 if (len > opts_len)
2556 return -EINVAL;
2558 crit_opt |= !!(option->type & GENEVE_CRIT_OPT_TYPE);
2560 option = (struct geneve_opt *)((u8 *)option + len);
2561 opts_len -= len;
2564 key->tun_key.tun_flags |= crit_opt ? TUNNEL_CRIT_OPT : 0;
2566 return 0;
2569 static int validate_and_copy_set_tun(const struct nlattr *attr,
2570 struct sw_flow_actions **sfa, bool log)
2572 struct sw_flow_match match;
2573 struct sw_flow_key key;
2574 struct metadata_dst *tun_dst;
2575 struct ip_tunnel_info *tun_info;
2576 struct ovs_tunnel_info *ovs_tun;
2577 struct nlattr *a;
2578 int err = 0, start, opts_type;
2579 __be16 dst_opt_type;
2581 dst_opt_type = 0;
2582 ovs_match_init(&match, &key, true, NULL);
2583 opts_type = ip_tun_from_nlattr(nla_data(attr), &match, false, log);
2584 if (opts_type < 0)
2585 return opts_type;
2587 if (key.tun_opts_len) {
2588 switch (opts_type) {
2589 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS:
2590 err = validate_geneve_opts(&key);
2591 if (err < 0)
2592 return err;
2593 dst_opt_type = TUNNEL_GENEVE_OPT;
2594 break;
2595 case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS:
2596 dst_opt_type = TUNNEL_VXLAN_OPT;
2597 break;
2598 case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS:
2599 dst_opt_type = TUNNEL_ERSPAN_OPT;
2600 break;
2604 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SET, log);
2605 if (start < 0)
2606 return start;
2608 tun_dst = metadata_dst_alloc(key.tun_opts_len, METADATA_IP_TUNNEL,
2609 GFP_KERNEL);
2611 if (!tun_dst)
2612 return -ENOMEM;
2614 err = dst_cache_init(&tun_dst->u.tun_info.dst_cache, GFP_KERNEL);
2615 if (err) {
2616 dst_release((struct dst_entry *)tun_dst);
2617 return err;
2620 a = __add_action(sfa, OVS_KEY_ATTR_TUNNEL_INFO, NULL,
2621 sizeof(*ovs_tun), log);
2622 if (IS_ERR(a)) {
2623 dst_release((struct dst_entry *)tun_dst);
2624 return PTR_ERR(a);
2627 ovs_tun = nla_data(a);
2628 ovs_tun->tun_dst = tun_dst;
2630 tun_info = &tun_dst->u.tun_info;
2631 tun_info->mode = IP_TUNNEL_INFO_TX;
2632 if (key.tun_proto == AF_INET6)
2633 tun_info->mode |= IP_TUNNEL_INFO_IPV6;
2634 else if (key.tun_proto == AF_INET && key.tun_key.u.ipv4.dst == 0)
2635 tun_info->mode |= IP_TUNNEL_INFO_BRIDGE;
2636 tun_info->key = key.tun_key;
2638 /* We need to store the options in the action itself since
2639 * everything else will go away after flow setup. We can append
2640 * it to tun_info and then point there.
2642 ip_tunnel_info_opts_set(tun_info,
2643 TUN_METADATA_OPTS(&key, key.tun_opts_len),
2644 key.tun_opts_len, dst_opt_type);
2645 add_nested_action_end(*sfa, start);
2647 return err;
2650 static bool validate_nsh(const struct nlattr *attr, bool is_mask,
2651 bool is_push_nsh, bool log)
2653 struct sw_flow_match match;
2654 struct sw_flow_key key;
2655 int ret = 0;
2657 ovs_match_init(&match, &key, true, NULL);
2658 ret = nsh_key_put_from_nlattr(attr, &match, is_mask,
2659 is_push_nsh, log);
2660 return !ret;
2663 /* Return false if there are any non-masked bits set.
2664 * Mask follows data immediately, before any netlink padding.
2666 static bool validate_masked(u8 *data, int len)
2668 u8 *mask = data + len;
2670 while (len--)
2671 if (*data++ & ~*mask++)
2672 return false;
2674 return true;
2677 static int validate_set(const struct nlattr *a,
2678 const struct sw_flow_key *flow_key,
2679 struct sw_flow_actions **sfa, bool *skip_copy,
2680 u8 mac_proto, __be16 eth_type, bool masked, bool log)
2682 const struct nlattr *ovs_key = nla_data(a);
2683 int key_type = nla_type(ovs_key);
2684 size_t key_len;
2686 /* There can be only one key in a action */
2687 if (nla_total_size(nla_len(ovs_key)) != nla_len(a))
2688 return -EINVAL;
2690 key_len = nla_len(ovs_key);
2691 if (masked)
2692 key_len /= 2;
2694 if (key_type > OVS_KEY_ATTR_MAX ||
2695 !check_attr_len(key_len, ovs_key_lens[key_type].len))
2696 return -EINVAL;
2698 if (masked && !validate_masked(nla_data(ovs_key), key_len))
2699 return -EINVAL;
2701 switch (key_type) {
2702 const struct ovs_key_ipv4 *ipv4_key;
2703 const struct ovs_key_ipv6 *ipv6_key;
2704 int err;
2706 case OVS_KEY_ATTR_PRIORITY:
2707 case OVS_KEY_ATTR_SKB_MARK:
2708 case OVS_KEY_ATTR_CT_MARK:
2709 case OVS_KEY_ATTR_CT_LABELS:
2710 break;
2712 case OVS_KEY_ATTR_ETHERNET:
2713 if (mac_proto != MAC_PROTO_ETHERNET)
2714 return -EINVAL;
2715 break;
2717 case OVS_KEY_ATTR_TUNNEL:
2718 if (masked)
2719 return -EINVAL; /* Masked tunnel set not supported. */
2721 *skip_copy = true;
2722 err = validate_and_copy_set_tun(a, sfa, log);
2723 if (err)
2724 return err;
2725 break;
2727 case OVS_KEY_ATTR_IPV4:
2728 if (eth_type != htons(ETH_P_IP))
2729 return -EINVAL;
2731 ipv4_key = nla_data(ovs_key);
2733 if (masked) {
2734 const struct ovs_key_ipv4 *mask = ipv4_key + 1;
2736 /* Non-writeable fields. */
2737 if (mask->ipv4_proto || mask->ipv4_frag)
2738 return -EINVAL;
2739 } else {
2740 if (ipv4_key->ipv4_proto != flow_key->ip.proto)
2741 return -EINVAL;
2743 if (ipv4_key->ipv4_frag != flow_key->ip.frag)
2744 return -EINVAL;
2746 break;
2748 case OVS_KEY_ATTR_IPV6:
2749 if (eth_type != htons(ETH_P_IPV6))
2750 return -EINVAL;
2752 ipv6_key = nla_data(ovs_key);
2754 if (masked) {
2755 const struct ovs_key_ipv6 *mask = ipv6_key + 1;
2757 /* Non-writeable fields. */
2758 if (mask->ipv6_proto || mask->ipv6_frag)
2759 return -EINVAL;
2761 /* Invalid bits in the flow label mask? */
2762 if (ntohl(mask->ipv6_label) & 0xFFF00000)
2763 return -EINVAL;
2764 } else {
2765 if (ipv6_key->ipv6_proto != flow_key->ip.proto)
2766 return -EINVAL;
2768 if (ipv6_key->ipv6_frag != flow_key->ip.frag)
2769 return -EINVAL;
2771 if (ntohl(ipv6_key->ipv6_label) & 0xFFF00000)
2772 return -EINVAL;
2774 break;
2776 case OVS_KEY_ATTR_TCP:
2777 if ((eth_type != htons(ETH_P_IP) &&
2778 eth_type != htons(ETH_P_IPV6)) ||
2779 flow_key->ip.proto != IPPROTO_TCP)
2780 return -EINVAL;
2782 break;
2784 case OVS_KEY_ATTR_UDP:
2785 if ((eth_type != htons(ETH_P_IP) &&
2786 eth_type != htons(ETH_P_IPV6)) ||
2787 flow_key->ip.proto != IPPROTO_UDP)
2788 return -EINVAL;
2790 break;
2792 case OVS_KEY_ATTR_MPLS:
2793 if (!eth_p_mpls(eth_type))
2794 return -EINVAL;
2795 break;
2797 case OVS_KEY_ATTR_SCTP:
2798 if ((eth_type != htons(ETH_P_IP) &&
2799 eth_type != htons(ETH_P_IPV6)) ||
2800 flow_key->ip.proto != IPPROTO_SCTP)
2801 return -EINVAL;
2803 break;
2805 case OVS_KEY_ATTR_NSH:
2806 if (eth_type != htons(ETH_P_NSH))
2807 return -EINVAL;
2808 if (!validate_nsh(nla_data(a), masked, false, log))
2809 return -EINVAL;
2810 break;
2812 default:
2813 return -EINVAL;
2816 /* Convert non-masked non-tunnel set actions to masked set actions. */
2817 if (!masked && key_type != OVS_KEY_ATTR_TUNNEL) {
2818 int start, len = key_len * 2;
2819 struct nlattr *at;
2821 *skip_copy = true;
2823 start = add_nested_action_start(sfa,
2824 OVS_ACTION_ATTR_SET_TO_MASKED,
2825 log);
2826 if (start < 0)
2827 return start;
2829 at = __add_action(sfa, key_type, NULL, len, log);
2830 if (IS_ERR(at))
2831 return PTR_ERR(at);
2833 memcpy(nla_data(at), nla_data(ovs_key), key_len); /* Key. */
2834 memset(nla_data(at) + key_len, 0xff, key_len); /* Mask. */
2835 /* Clear non-writeable bits from otherwise writeable fields. */
2836 if (key_type == OVS_KEY_ATTR_IPV6) {
2837 struct ovs_key_ipv6 *mask = nla_data(at) + key_len;
2839 mask->ipv6_label &= htonl(0x000FFFFF);
2841 add_nested_action_end(*sfa, start);
2844 return 0;
2847 static int validate_userspace(const struct nlattr *attr)
2849 static const struct nla_policy userspace_policy[OVS_USERSPACE_ATTR_MAX + 1] = {
2850 [OVS_USERSPACE_ATTR_PID] = {.type = NLA_U32 },
2851 [OVS_USERSPACE_ATTR_USERDATA] = {.type = NLA_UNSPEC },
2852 [OVS_USERSPACE_ATTR_EGRESS_TUN_PORT] = {.type = NLA_U32 },
2854 struct nlattr *a[OVS_USERSPACE_ATTR_MAX + 1];
2855 int error;
2857 error = nla_parse_nested_deprecated(a, OVS_USERSPACE_ATTR_MAX, attr,
2858 userspace_policy, NULL);
2859 if (error)
2860 return error;
2862 if (!a[OVS_USERSPACE_ATTR_PID] ||
2863 !nla_get_u32(a[OVS_USERSPACE_ATTR_PID]))
2864 return -EINVAL;
2866 return 0;
2869 static const struct nla_policy cpl_policy[OVS_CHECK_PKT_LEN_ATTR_MAX + 1] = {
2870 [OVS_CHECK_PKT_LEN_ATTR_PKT_LEN] = {.type = NLA_U16 },
2871 [OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER] = {.type = NLA_NESTED },
2872 [OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL] = {.type = NLA_NESTED },
2875 static int validate_and_copy_check_pkt_len(struct net *net,
2876 const struct nlattr *attr,
2877 const struct sw_flow_key *key,
2878 struct sw_flow_actions **sfa,
2879 __be16 eth_type, __be16 vlan_tci,
2880 bool log, bool last)
2882 const struct nlattr *acts_if_greater, *acts_if_lesser_eq;
2883 struct nlattr *a[OVS_CHECK_PKT_LEN_ATTR_MAX + 1];
2884 struct check_pkt_len_arg arg;
2885 int nested_acts_start;
2886 int start, err;
2888 err = nla_parse_deprecated_strict(a, OVS_CHECK_PKT_LEN_ATTR_MAX,
2889 nla_data(attr), nla_len(attr),
2890 cpl_policy, NULL);
2891 if (err)
2892 return err;
2894 if (!a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN] ||
2895 !nla_get_u16(a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN]))
2896 return -EINVAL;
2898 acts_if_lesser_eq = a[OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL];
2899 acts_if_greater = a[OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER];
2901 /* Both the nested action should be present. */
2902 if (!acts_if_greater || !acts_if_lesser_eq)
2903 return -EINVAL;
2905 /* validation done, copy the nested actions. */
2906 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_CHECK_PKT_LEN,
2907 log);
2908 if (start < 0)
2909 return start;
2911 arg.pkt_len = nla_get_u16(a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN]);
2912 arg.exec_for_lesser_equal =
2913 last || !actions_may_change_flow(acts_if_lesser_eq);
2914 arg.exec_for_greater =
2915 last || !actions_may_change_flow(acts_if_greater);
2917 err = ovs_nla_add_action(sfa, OVS_CHECK_PKT_LEN_ATTR_ARG, &arg,
2918 sizeof(arg), log);
2919 if (err)
2920 return err;
2922 nested_acts_start = add_nested_action_start(sfa,
2923 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL, log);
2924 if (nested_acts_start < 0)
2925 return nested_acts_start;
2927 err = __ovs_nla_copy_actions(net, acts_if_lesser_eq, key, sfa,
2928 eth_type, vlan_tci, log);
2930 if (err)
2931 return err;
2933 add_nested_action_end(*sfa, nested_acts_start);
2935 nested_acts_start = add_nested_action_start(sfa,
2936 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER, log);
2937 if (nested_acts_start < 0)
2938 return nested_acts_start;
2940 err = __ovs_nla_copy_actions(net, acts_if_greater, key, sfa,
2941 eth_type, vlan_tci, log);
2943 if (err)
2944 return err;
2946 add_nested_action_end(*sfa, nested_acts_start);
2947 add_nested_action_end(*sfa, start);
2948 return 0;
2951 static int copy_action(const struct nlattr *from,
2952 struct sw_flow_actions **sfa, bool log)
2954 int totlen = NLA_ALIGN(from->nla_len);
2955 struct nlattr *to;
2957 to = reserve_sfa_size(sfa, from->nla_len, log);
2958 if (IS_ERR(to))
2959 return PTR_ERR(to);
2961 memcpy(to, from, totlen);
2962 return 0;
2965 static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
2966 const struct sw_flow_key *key,
2967 struct sw_flow_actions **sfa,
2968 __be16 eth_type, __be16 vlan_tci, bool log)
2970 u8 mac_proto = ovs_key_mac_proto(key);
2971 const struct nlattr *a;
2972 int rem, err;
2974 nla_for_each_nested(a, attr, rem) {
2975 /* Expected argument lengths, (u32)-1 for variable length. */
2976 static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = {
2977 [OVS_ACTION_ATTR_OUTPUT] = sizeof(u32),
2978 [OVS_ACTION_ATTR_RECIRC] = sizeof(u32),
2979 [OVS_ACTION_ATTR_USERSPACE] = (u32)-1,
2980 [OVS_ACTION_ATTR_PUSH_MPLS] = sizeof(struct ovs_action_push_mpls),
2981 [OVS_ACTION_ATTR_POP_MPLS] = sizeof(__be16),
2982 [OVS_ACTION_ATTR_PUSH_VLAN] = sizeof(struct ovs_action_push_vlan),
2983 [OVS_ACTION_ATTR_POP_VLAN] = 0,
2984 [OVS_ACTION_ATTR_SET] = (u32)-1,
2985 [OVS_ACTION_ATTR_SET_MASKED] = (u32)-1,
2986 [OVS_ACTION_ATTR_SAMPLE] = (u32)-1,
2987 [OVS_ACTION_ATTR_HASH] = sizeof(struct ovs_action_hash),
2988 [OVS_ACTION_ATTR_CT] = (u32)-1,
2989 [OVS_ACTION_ATTR_CT_CLEAR] = 0,
2990 [OVS_ACTION_ATTR_TRUNC] = sizeof(struct ovs_action_trunc),
2991 [OVS_ACTION_ATTR_PUSH_ETH] = sizeof(struct ovs_action_push_eth),
2992 [OVS_ACTION_ATTR_POP_ETH] = 0,
2993 [OVS_ACTION_ATTR_PUSH_NSH] = (u32)-1,
2994 [OVS_ACTION_ATTR_POP_NSH] = 0,
2995 [OVS_ACTION_ATTR_METER] = sizeof(u32),
2996 [OVS_ACTION_ATTR_CLONE] = (u32)-1,
2997 [OVS_ACTION_ATTR_CHECK_PKT_LEN] = (u32)-1,
2999 const struct ovs_action_push_vlan *vlan;
3000 int type = nla_type(a);
3001 bool skip_copy;
3003 if (type > OVS_ACTION_ATTR_MAX ||
3004 (action_lens[type] != nla_len(a) &&
3005 action_lens[type] != (u32)-1))
3006 return -EINVAL;
3008 skip_copy = false;
3009 switch (type) {
3010 case OVS_ACTION_ATTR_UNSPEC:
3011 return -EINVAL;
3013 case OVS_ACTION_ATTR_USERSPACE:
3014 err = validate_userspace(a);
3015 if (err)
3016 return err;
3017 break;
3019 case OVS_ACTION_ATTR_OUTPUT:
3020 if (nla_get_u32(a) >= DP_MAX_PORTS)
3021 return -EINVAL;
3022 break;
3024 case OVS_ACTION_ATTR_TRUNC: {
3025 const struct ovs_action_trunc *trunc = nla_data(a);
3027 if (trunc->max_len < ETH_HLEN)
3028 return -EINVAL;
3029 break;
3032 case OVS_ACTION_ATTR_HASH: {
3033 const struct ovs_action_hash *act_hash = nla_data(a);
3035 switch (act_hash->hash_alg) {
3036 case OVS_HASH_ALG_L4:
3037 break;
3038 default:
3039 return -EINVAL;
3042 break;
3045 case OVS_ACTION_ATTR_POP_VLAN:
3046 if (mac_proto != MAC_PROTO_ETHERNET)
3047 return -EINVAL;
3048 vlan_tci = htons(0);
3049 break;
3051 case OVS_ACTION_ATTR_PUSH_VLAN:
3052 if (mac_proto != MAC_PROTO_ETHERNET)
3053 return -EINVAL;
3054 vlan = nla_data(a);
3055 if (!eth_type_vlan(vlan->vlan_tpid))
3056 return -EINVAL;
3057 if (!(vlan->vlan_tci & htons(VLAN_CFI_MASK)))
3058 return -EINVAL;
3059 vlan_tci = vlan->vlan_tci;
3060 break;
3062 case OVS_ACTION_ATTR_RECIRC:
3063 break;
3065 case OVS_ACTION_ATTR_PUSH_MPLS: {
3066 const struct ovs_action_push_mpls *mpls = nla_data(a);
3068 if (!eth_p_mpls(mpls->mpls_ethertype))
3069 return -EINVAL;
3070 /* Prohibit push MPLS other than to a white list
3071 * for packets that have a known tag order.
3073 if (vlan_tci & htons(VLAN_CFI_MASK) ||
3074 (eth_type != htons(ETH_P_IP) &&
3075 eth_type != htons(ETH_P_IPV6) &&
3076 eth_type != htons(ETH_P_ARP) &&
3077 eth_type != htons(ETH_P_RARP) &&
3078 !eth_p_mpls(eth_type)))
3079 return -EINVAL;
3080 eth_type = mpls->mpls_ethertype;
3081 break;
3084 case OVS_ACTION_ATTR_POP_MPLS:
3085 if (vlan_tci & htons(VLAN_CFI_MASK) ||
3086 !eth_p_mpls(eth_type))
3087 return -EINVAL;
3089 /* Disallow subsequent L2.5+ set and mpls_pop actions
3090 * as there is no check here to ensure that the new
3091 * eth_type is valid and thus set actions could
3092 * write off the end of the packet or otherwise
3093 * corrupt it.
3095 * Support for these actions is planned using packet
3096 * recirculation.
3098 eth_type = htons(0);
3099 break;
3101 case OVS_ACTION_ATTR_SET:
3102 err = validate_set(a, key, sfa,
3103 &skip_copy, mac_proto, eth_type,
3104 false, log);
3105 if (err)
3106 return err;
3107 break;
3109 case OVS_ACTION_ATTR_SET_MASKED:
3110 err = validate_set(a, key, sfa,
3111 &skip_copy, mac_proto, eth_type,
3112 true, log);
3113 if (err)
3114 return err;
3115 break;
3117 case OVS_ACTION_ATTR_SAMPLE: {
3118 bool last = nla_is_last(a, rem);
3120 err = validate_and_copy_sample(net, a, key, sfa,
3121 eth_type, vlan_tci,
3122 log, last);
3123 if (err)
3124 return err;
3125 skip_copy = true;
3126 break;
3129 case OVS_ACTION_ATTR_CT:
3130 err = ovs_ct_copy_action(net, a, key, sfa, log);
3131 if (err)
3132 return err;
3133 skip_copy = true;
3134 break;
3136 case OVS_ACTION_ATTR_CT_CLEAR:
3137 break;
3139 case OVS_ACTION_ATTR_PUSH_ETH:
3140 /* Disallow pushing an Ethernet header if one
3141 * is already present */
3142 if (mac_proto != MAC_PROTO_NONE)
3143 return -EINVAL;
3144 mac_proto = MAC_PROTO_ETHERNET;
3145 break;
3147 case OVS_ACTION_ATTR_POP_ETH:
3148 if (mac_proto != MAC_PROTO_ETHERNET)
3149 return -EINVAL;
3150 if (vlan_tci & htons(VLAN_CFI_MASK))
3151 return -EINVAL;
3152 mac_proto = MAC_PROTO_NONE;
3153 break;
3155 case OVS_ACTION_ATTR_PUSH_NSH:
3156 if (mac_proto != MAC_PROTO_ETHERNET) {
3157 u8 next_proto;
3159 next_proto = tun_p_from_eth_p(eth_type);
3160 if (!next_proto)
3161 return -EINVAL;
3163 mac_proto = MAC_PROTO_NONE;
3164 if (!validate_nsh(nla_data(a), false, true, true))
3165 return -EINVAL;
3166 break;
3168 case OVS_ACTION_ATTR_POP_NSH: {
3169 __be16 inner_proto;
3171 if (eth_type != htons(ETH_P_NSH))
3172 return -EINVAL;
3173 inner_proto = tun_p_to_eth_p(key->nsh.base.np);
3174 if (!inner_proto)
3175 return -EINVAL;
3176 if (key->nsh.base.np == TUN_P_ETHERNET)
3177 mac_proto = MAC_PROTO_ETHERNET;
3178 else
3179 mac_proto = MAC_PROTO_NONE;
3180 break;
3183 case OVS_ACTION_ATTR_METER:
3184 /* Non-existent meters are simply ignored. */
3185 break;
3187 case OVS_ACTION_ATTR_CLONE: {
3188 bool last = nla_is_last(a, rem);
3190 err = validate_and_copy_clone(net, a, key, sfa,
3191 eth_type, vlan_tci,
3192 log, last);
3193 if (err)
3194 return err;
3195 skip_copy = true;
3196 break;
3199 case OVS_ACTION_ATTR_CHECK_PKT_LEN: {
3200 bool last = nla_is_last(a, rem);
3202 err = validate_and_copy_check_pkt_len(net, a, key, sfa,
3203 eth_type,
3204 vlan_tci, log,
3205 last);
3206 if (err)
3207 return err;
3208 skip_copy = true;
3209 break;
3212 default:
3213 OVS_NLERR(log, "Unknown Action type %d", type);
3214 return -EINVAL;
3216 if (!skip_copy) {
3217 err = copy_action(a, sfa, log);
3218 if (err)
3219 return err;
3223 if (rem > 0)
3224 return -EINVAL;
3226 return 0;
3229 /* 'key' must be the masked key. */
3230 int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
3231 const struct sw_flow_key *key,
3232 struct sw_flow_actions **sfa, bool log)
3234 int err;
3236 *sfa = nla_alloc_flow_actions(min(nla_len(attr), MAX_ACTIONS_BUFSIZE));
3237 if (IS_ERR(*sfa))
3238 return PTR_ERR(*sfa);
3240 (*sfa)->orig_len = nla_len(attr);
3241 err = __ovs_nla_copy_actions(net, attr, key, sfa, key->eth.type,
3242 key->eth.vlan.tci, log);
3243 if (err)
3244 ovs_nla_free_flow_actions(*sfa);
3246 return err;
3249 static int sample_action_to_attr(const struct nlattr *attr,
3250 struct sk_buff *skb)
3252 struct nlattr *start, *ac_start = NULL, *sample_arg;
3253 int err = 0, rem = nla_len(attr);
3254 const struct sample_arg *arg;
3255 struct nlattr *actions;
3257 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SAMPLE);
3258 if (!start)
3259 return -EMSGSIZE;
3261 sample_arg = nla_data(attr);
3262 arg = nla_data(sample_arg);
3263 actions = nla_next(sample_arg, &rem);
3265 if (nla_put_u32(skb, OVS_SAMPLE_ATTR_PROBABILITY, arg->probability)) {
3266 err = -EMSGSIZE;
3267 goto out;
3270 ac_start = nla_nest_start_noflag(skb, OVS_SAMPLE_ATTR_ACTIONS);
3271 if (!ac_start) {
3272 err = -EMSGSIZE;
3273 goto out;
3276 err = ovs_nla_put_actions(actions, rem, skb);
3278 out:
3279 if (err) {
3280 nla_nest_cancel(skb, ac_start);
3281 nla_nest_cancel(skb, start);
3282 } else {
3283 nla_nest_end(skb, ac_start);
3284 nla_nest_end(skb, start);
3287 return err;
3290 static int clone_action_to_attr(const struct nlattr *attr,
3291 struct sk_buff *skb)
3293 struct nlattr *start;
3294 int err = 0, rem = nla_len(attr);
3296 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CLONE);
3297 if (!start)
3298 return -EMSGSIZE;
3300 err = ovs_nla_put_actions(nla_data(attr), rem, skb);
3302 if (err)
3303 nla_nest_cancel(skb, start);
3304 else
3305 nla_nest_end(skb, start);
3307 return err;
3310 static int check_pkt_len_action_to_attr(const struct nlattr *attr,
3311 struct sk_buff *skb)
3313 struct nlattr *start, *ac_start = NULL;
3314 const struct check_pkt_len_arg *arg;
3315 const struct nlattr *a, *cpl_arg;
3316 int err = 0, rem = nla_len(attr);
3318 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CHECK_PKT_LEN);
3319 if (!start)
3320 return -EMSGSIZE;
3322 /* The first nested attribute in 'attr' is always
3323 * 'OVS_CHECK_PKT_LEN_ATTR_ARG'.
3325 cpl_arg = nla_data(attr);
3326 arg = nla_data(cpl_arg);
3328 if (nla_put_u16(skb, OVS_CHECK_PKT_LEN_ATTR_PKT_LEN, arg->pkt_len)) {
3329 err = -EMSGSIZE;
3330 goto out;
3333 /* Second nested attribute in 'attr' is always
3334 * 'OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL'.
3336 a = nla_next(cpl_arg, &rem);
3337 ac_start = nla_nest_start_noflag(skb,
3338 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL);
3339 if (!ac_start) {
3340 err = -EMSGSIZE;
3341 goto out;
3344 err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb);
3345 if (err) {
3346 nla_nest_cancel(skb, ac_start);
3347 goto out;
3348 } else {
3349 nla_nest_end(skb, ac_start);
3352 /* Third nested attribute in 'attr' is always
3353 * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER.
3355 a = nla_next(a, &rem);
3356 ac_start = nla_nest_start_noflag(skb,
3357 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER);
3358 if (!ac_start) {
3359 err = -EMSGSIZE;
3360 goto out;
3363 err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb);
3364 if (err) {
3365 nla_nest_cancel(skb, ac_start);
3366 goto out;
3367 } else {
3368 nla_nest_end(skb, ac_start);
3371 nla_nest_end(skb, start);
3372 return 0;
3374 out:
3375 nla_nest_cancel(skb, start);
3376 return err;
3379 static int set_action_to_attr(const struct nlattr *a, struct sk_buff *skb)
3381 const struct nlattr *ovs_key = nla_data(a);
3382 int key_type = nla_type(ovs_key);
3383 struct nlattr *start;
3384 int err;
3386 switch (key_type) {
3387 case OVS_KEY_ATTR_TUNNEL_INFO: {
3388 struct ovs_tunnel_info *ovs_tun = nla_data(ovs_key);
3389 struct ip_tunnel_info *tun_info = &ovs_tun->tun_dst->u.tun_info;
3391 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SET);
3392 if (!start)
3393 return -EMSGSIZE;
3395 err = ip_tun_to_nlattr(skb, &tun_info->key,
3396 ip_tunnel_info_opts(tun_info),
3397 tun_info->options_len,
3398 ip_tunnel_info_af(tun_info), tun_info->mode);
3399 if (err)
3400 return err;
3401 nla_nest_end(skb, start);
3402 break;
3404 default:
3405 if (nla_put(skb, OVS_ACTION_ATTR_SET, nla_len(a), ovs_key))
3406 return -EMSGSIZE;
3407 break;
3410 return 0;
3413 static int masked_set_action_to_set_action_attr(const struct nlattr *a,
3414 struct sk_buff *skb)
3416 const struct nlattr *ovs_key = nla_data(a);
3417 struct nlattr *nla;
3418 size_t key_len = nla_len(ovs_key) / 2;
3420 /* Revert the conversion we did from a non-masked set action to
3421 * masked set action.
3423 nla = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SET);
3424 if (!nla)
3425 return -EMSGSIZE;
3427 if (nla_put(skb, nla_type(ovs_key), key_len, nla_data(ovs_key)))
3428 return -EMSGSIZE;
3430 nla_nest_end(skb, nla);
3431 return 0;
3434 int ovs_nla_put_actions(const struct nlattr *attr, int len, struct sk_buff *skb)
3436 const struct nlattr *a;
3437 int rem, err;
3439 nla_for_each_attr(a, attr, len, rem) {
3440 int type = nla_type(a);
3442 switch (type) {
3443 case OVS_ACTION_ATTR_SET:
3444 err = set_action_to_attr(a, skb);
3445 if (err)
3446 return err;
3447 break;
3449 case OVS_ACTION_ATTR_SET_TO_MASKED:
3450 err = masked_set_action_to_set_action_attr(a, skb);
3451 if (err)
3452 return err;
3453 break;
3455 case OVS_ACTION_ATTR_SAMPLE:
3456 err = sample_action_to_attr(a, skb);
3457 if (err)
3458 return err;
3459 break;
3461 case OVS_ACTION_ATTR_CT:
3462 err = ovs_ct_action_to_attr(nla_data(a), skb);
3463 if (err)
3464 return err;
3465 break;
3467 case OVS_ACTION_ATTR_CLONE:
3468 err = clone_action_to_attr(a, skb);
3469 if (err)
3470 return err;
3471 break;
3473 case OVS_ACTION_ATTR_CHECK_PKT_LEN:
3474 err = check_pkt_len_action_to_attr(a, skb);
3475 if (err)
3476 return err;
3477 break;
3479 default:
3480 if (nla_put(skb, type, nla_len(a), nla_data(a)))
3481 return -EMSGSIZE;
3482 break;
3486 return 0;