2 * Copyright (c) 2007-2017 Nicira, Inc.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of version 2 of the GNU General Public
6 * License as published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
23 #include <linux/uaccess.h>
24 #include <linux/netdevice.h>
25 #include <linux/etherdevice.h>
26 #include <linux/if_ether.h>
27 #include <linux/if_vlan.h>
28 #include <net/llc_pdu.h>
29 #include <linux/kernel.h>
30 #include <linux/jhash.h>
31 #include <linux/jiffies.h>
32 #include <linux/llc.h>
33 #include <linux/module.h>
35 #include <linux/rcupdate.h>
36 #include <linux/if_arp.h>
38 #include <linux/ipv6.h>
39 #include <linux/sctp.h>
40 #include <linux/tcp.h>
41 #include <linux/udp.h>
42 #include <linux/icmp.h>
43 #include <linux/icmpv6.h>
44 #include <linux/rculist.h>
45 #include <net/geneve.h>
48 #include <net/ndisc.h>
50 #include <net/vxlan.h>
51 #include <net/tun_proto.h>
52 #include <net/erspan.h>
54 #include "flow_netlink.h"
58 const struct ovs_len_tbl
*next
;
61 #define OVS_ATTR_NESTED -1
62 #define OVS_ATTR_VARIABLE -2
64 static bool actions_may_change_flow(const struct nlattr
*actions
)
69 nla_for_each_nested(nla
, actions
, rem
) {
70 u16 action
= nla_type(nla
);
73 case OVS_ACTION_ATTR_OUTPUT
:
74 case OVS_ACTION_ATTR_RECIRC
:
75 case OVS_ACTION_ATTR_TRUNC
:
76 case OVS_ACTION_ATTR_USERSPACE
:
79 case OVS_ACTION_ATTR_CT
:
80 case OVS_ACTION_ATTR_CT_CLEAR
:
81 case OVS_ACTION_ATTR_HASH
:
82 case OVS_ACTION_ATTR_POP_ETH
:
83 case OVS_ACTION_ATTR_POP_MPLS
:
84 case OVS_ACTION_ATTR_POP_NSH
:
85 case OVS_ACTION_ATTR_POP_VLAN
:
86 case OVS_ACTION_ATTR_PUSH_ETH
:
87 case OVS_ACTION_ATTR_PUSH_MPLS
:
88 case OVS_ACTION_ATTR_PUSH_NSH
:
89 case OVS_ACTION_ATTR_PUSH_VLAN
:
90 case OVS_ACTION_ATTR_SAMPLE
:
91 case OVS_ACTION_ATTR_SET
:
92 case OVS_ACTION_ATTR_SET_MASKED
:
93 case OVS_ACTION_ATTR_METER
:
94 case OVS_ACTION_ATTR_CHECK_PKT_LEN
:
102 static void update_range(struct sw_flow_match
*match
,
103 size_t offset
, size_t size
, bool is_mask
)
105 struct sw_flow_key_range
*range
;
106 size_t start
= rounddown(offset
, sizeof(long));
107 size_t end
= roundup(offset
+ size
, sizeof(long));
110 range
= &match
->range
;
112 range
= &match
->mask
->range
;
114 if (range
->start
== range
->end
) {
115 range
->start
= start
;
120 if (range
->start
> start
)
121 range
->start
= start
;
123 if (range
->end
< end
)
127 #define SW_FLOW_KEY_PUT(match, field, value, is_mask) \
129 update_range(match, offsetof(struct sw_flow_key, field), \
130 sizeof((match)->key->field), is_mask); \
132 (match)->mask->key.field = value; \
134 (match)->key->field = value; \
137 #define SW_FLOW_KEY_MEMCPY_OFFSET(match, offset, value_p, len, is_mask) \
139 update_range(match, offset, len, is_mask); \
141 memcpy((u8 *)&(match)->mask->key + offset, value_p, \
144 memcpy((u8 *)(match)->key + offset, value_p, len); \
147 #define SW_FLOW_KEY_MEMCPY(match, field, value_p, len, is_mask) \
148 SW_FLOW_KEY_MEMCPY_OFFSET(match, offsetof(struct sw_flow_key, field), \
149 value_p, len, is_mask)
151 #define SW_FLOW_KEY_MEMSET_FIELD(match, field, value, is_mask) \
153 update_range(match, offsetof(struct sw_flow_key, field), \
154 sizeof((match)->key->field), is_mask); \
156 memset((u8 *)&(match)->mask->key.field, value, \
157 sizeof((match)->mask->key.field)); \
159 memset((u8 *)&(match)->key->field, value, \
160 sizeof((match)->key->field)); \
163 static bool match_validate(const struct sw_flow_match
*match
,
164 u64 key_attrs
, u64 mask_attrs
, bool log
)
166 u64 key_expected
= 0;
167 u64 mask_allowed
= key_attrs
; /* At most allow all key attributes */
169 /* The following mask attributes allowed only if they
170 * pass the validation tests. */
171 mask_allowed
&= ~((1 << OVS_KEY_ATTR_IPV4
)
172 | (1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4
)
173 | (1 << OVS_KEY_ATTR_IPV6
)
174 | (1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6
)
175 | (1 << OVS_KEY_ATTR_TCP
)
176 | (1 << OVS_KEY_ATTR_TCP_FLAGS
)
177 | (1 << OVS_KEY_ATTR_UDP
)
178 | (1 << OVS_KEY_ATTR_SCTP
)
179 | (1 << OVS_KEY_ATTR_ICMP
)
180 | (1 << OVS_KEY_ATTR_ICMPV6
)
181 | (1 << OVS_KEY_ATTR_ARP
)
182 | (1 << OVS_KEY_ATTR_ND
)
183 | (1 << OVS_KEY_ATTR_MPLS
)
184 | (1 << OVS_KEY_ATTR_NSH
));
186 /* Always allowed mask fields. */
187 mask_allowed
|= ((1 << OVS_KEY_ATTR_TUNNEL
)
188 | (1 << OVS_KEY_ATTR_IN_PORT
)
189 | (1 << OVS_KEY_ATTR_ETHERTYPE
));
191 /* Check key attributes. */
192 if (match
->key
->eth
.type
== htons(ETH_P_ARP
)
193 || match
->key
->eth
.type
== htons(ETH_P_RARP
)) {
194 key_expected
|= 1 << OVS_KEY_ATTR_ARP
;
195 if (match
->mask
&& (match
->mask
->key
.eth
.type
== htons(0xffff)))
196 mask_allowed
|= 1 << OVS_KEY_ATTR_ARP
;
199 if (eth_p_mpls(match
->key
->eth
.type
)) {
200 key_expected
|= 1 << OVS_KEY_ATTR_MPLS
;
201 if (match
->mask
&& (match
->mask
->key
.eth
.type
== htons(0xffff)))
202 mask_allowed
|= 1 << OVS_KEY_ATTR_MPLS
;
205 if (match
->key
->eth
.type
== htons(ETH_P_IP
)) {
206 key_expected
|= 1 << OVS_KEY_ATTR_IPV4
;
207 if (match
->mask
&& match
->mask
->key
.eth
.type
== htons(0xffff)) {
208 mask_allowed
|= 1 << OVS_KEY_ATTR_IPV4
;
209 mask_allowed
|= 1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4
;
212 if (match
->key
->ip
.frag
!= OVS_FRAG_TYPE_LATER
) {
213 if (match
->key
->ip
.proto
== IPPROTO_UDP
) {
214 key_expected
|= 1 << OVS_KEY_ATTR_UDP
;
215 if (match
->mask
&& (match
->mask
->key
.ip
.proto
== 0xff))
216 mask_allowed
|= 1 << OVS_KEY_ATTR_UDP
;
219 if (match
->key
->ip
.proto
== IPPROTO_SCTP
) {
220 key_expected
|= 1 << OVS_KEY_ATTR_SCTP
;
221 if (match
->mask
&& (match
->mask
->key
.ip
.proto
== 0xff))
222 mask_allowed
|= 1 << OVS_KEY_ATTR_SCTP
;
225 if (match
->key
->ip
.proto
== IPPROTO_TCP
) {
226 key_expected
|= 1 << OVS_KEY_ATTR_TCP
;
227 key_expected
|= 1 << OVS_KEY_ATTR_TCP_FLAGS
;
228 if (match
->mask
&& (match
->mask
->key
.ip
.proto
== 0xff)) {
229 mask_allowed
|= 1 << OVS_KEY_ATTR_TCP
;
230 mask_allowed
|= 1 << OVS_KEY_ATTR_TCP_FLAGS
;
234 if (match
->key
->ip
.proto
== IPPROTO_ICMP
) {
235 key_expected
|= 1 << OVS_KEY_ATTR_ICMP
;
236 if (match
->mask
&& (match
->mask
->key
.ip
.proto
== 0xff))
237 mask_allowed
|= 1 << OVS_KEY_ATTR_ICMP
;
242 if (match
->key
->eth
.type
== htons(ETH_P_IPV6
)) {
243 key_expected
|= 1 << OVS_KEY_ATTR_IPV6
;
244 if (match
->mask
&& match
->mask
->key
.eth
.type
== htons(0xffff)) {
245 mask_allowed
|= 1 << OVS_KEY_ATTR_IPV6
;
246 mask_allowed
|= 1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6
;
249 if (match
->key
->ip
.frag
!= OVS_FRAG_TYPE_LATER
) {
250 if (match
->key
->ip
.proto
== IPPROTO_UDP
) {
251 key_expected
|= 1 << OVS_KEY_ATTR_UDP
;
252 if (match
->mask
&& (match
->mask
->key
.ip
.proto
== 0xff))
253 mask_allowed
|= 1 << OVS_KEY_ATTR_UDP
;
256 if (match
->key
->ip
.proto
== IPPROTO_SCTP
) {
257 key_expected
|= 1 << OVS_KEY_ATTR_SCTP
;
258 if (match
->mask
&& (match
->mask
->key
.ip
.proto
== 0xff))
259 mask_allowed
|= 1 << OVS_KEY_ATTR_SCTP
;
262 if (match
->key
->ip
.proto
== IPPROTO_TCP
) {
263 key_expected
|= 1 << OVS_KEY_ATTR_TCP
;
264 key_expected
|= 1 << OVS_KEY_ATTR_TCP_FLAGS
;
265 if (match
->mask
&& (match
->mask
->key
.ip
.proto
== 0xff)) {
266 mask_allowed
|= 1 << OVS_KEY_ATTR_TCP
;
267 mask_allowed
|= 1 << OVS_KEY_ATTR_TCP_FLAGS
;
271 if (match
->key
->ip
.proto
== IPPROTO_ICMPV6
) {
272 key_expected
|= 1 << OVS_KEY_ATTR_ICMPV6
;
273 if (match
->mask
&& (match
->mask
->key
.ip
.proto
== 0xff))
274 mask_allowed
|= 1 << OVS_KEY_ATTR_ICMPV6
;
276 if (match
->key
->tp
.src
==
277 htons(NDISC_NEIGHBOUR_SOLICITATION
) ||
278 match
->key
->tp
.src
== htons(NDISC_NEIGHBOUR_ADVERTISEMENT
)) {
279 key_expected
|= 1 << OVS_KEY_ATTR_ND
;
280 /* Original direction conntrack tuple
281 * uses the same space as the ND fields
282 * in the key, so both are not allowed
285 mask_allowed
&= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6
);
286 if (match
->mask
&& (match
->mask
->key
.tp
.src
== htons(0xff)))
287 mask_allowed
|= 1 << OVS_KEY_ATTR_ND
;
293 if (match
->key
->eth
.type
== htons(ETH_P_NSH
)) {
294 key_expected
|= 1 << OVS_KEY_ATTR_NSH
;
296 match
->mask
->key
.eth
.type
== htons(0xffff)) {
297 mask_allowed
|= 1 << OVS_KEY_ATTR_NSH
;
301 if ((key_attrs
& key_expected
) != key_expected
) {
302 /* Key attributes check failed. */
303 OVS_NLERR(log
, "Missing key (keys=%llx, expected=%llx)",
304 (unsigned long long)key_attrs
,
305 (unsigned long long)key_expected
);
309 if ((mask_attrs
& mask_allowed
) != mask_attrs
) {
310 /* Mask attributes check failed. */
311 OVS_NLERR(log
, "Unexpected mask (mask=%llx, allowed=%llx)",
312 (unsigned long long)mask_attrs
,
313 (unsigned long long)mask_allowed
);
320 size_t ovs_tun_key_attr_size(void)
322 /* Whenever adding new OVS_TUNNEL_KEY_ FIELDS, we should consider
323 * updating this function.
325 return nla_total_size_64bit(8) /* OVS_TUNNEL_KEY_ATTR_ID */
326 + nla_total_size(16) /* OVS_TUNNEL_KEY_ATTR_IPV[46]_SRC */
327 + nla_total_size(16) /* OVS_TUNNEL_KEY_ATTR_IPV[46]_DST */
328 + nla_total_size(1) /* OVS_TUNNEL_KEY_ATTR_TOS */
329 + nla_total_size(1) /* OVS_TUNNEL_KEY_ATTR_TTL */
330 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT */
331 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_CSUM */
332 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_OAM */
333 + nla_total_size(256) /* OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS */
334 /* OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS and
335 * OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS is mutually exclusive with
336 * OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS and covered by it.
338 + nla_total_size(2) /* OVS_TUNNEL_KEY_ATTR_TP_SRC */
339 + nla_total_size(2); /* OVS_TUNNEL_KEY_ATTR_TP_DST */
342 static size_t ovs_nsh_key_attr_size(void)
344 /* Whenever adding new OVS_NSH_KEY_ FIELDS, we should consider
345 * updating this function.
347 return nla_total_size(NSH_BASE_HDR_LEN
) /* OVS_NSH_KEY_ATTR_BASE */
348 /* OVS_NSH_KEY_ATTR_MD1 and OVS_NSH_KEY_ATTR_MD2 are
349 * mutually exclusive, so the bigger one can cover
352 + nla_total_size(NSH_CTX_HDRS_MAX_LEN
);
355 size_t ovs_key_attr_size(void)
357 /* Whenever adding new OVS_KEY_ FIELDS, we should consider
358 * updating this function.
360 BUILD_BUG_ON(OVS_KEY_ATTR_TUNNEL_INFO
!= 29);
362 return nla_total_size(4) /* OVS_KEY_ATTR_PRIORITY */
363 + nla_total_size(0) /* OVS_KEY_ATTR_TUNNEL */
364 + ovs_tun_key_attr_size()
365 + nla_total_size(4) /* OVS_KEY_ATTR_IN_PORT */
366 + nla_total_size(4) /* OVS_KEY_ATTR_SKB_MARK */
367 + nla_total_size(4) /* OVS_KEY_ATTR_DP_HASH */
368 + nla_total_size(4) /* OVS_KEY_ATTR_RECIRC_ID */
369 + nla_total_size(4) /* OVS_KEY_ATTR_CT_STATE */
370 + nla_total_size(2) /* OVS_KEY_ATTR_CT_ZONE */
371 + nla_total_size(4) /* OVS_KEY_ATTR_CT_MARK */
372 + nla_total_size(16) /* OVS_KEY_ATTR_CT_LABELS */
373 + nla_total_size(40) /* OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6 */
374 + nla_total_size(0) /* OVS_KEY_ATTR_NSH */
375 + ovs_nsh_key_attr_size()
376 + nla_total_size(12) /* OVS_KEY_ATTR_ETHERNET */
377 + nla_total_size(2) /* OVS_KEY_ATTR_ETHERTYPE */
378 + nla_total_size(4) /* OVS_KEY_ATTR_VLAN */
379 + nla_total_size(0) /* OVS_KEY_ATTR_ENCAP */
380 + nla_total_size(2) /* OVS_KEY_ATTR_ETHERTYPE */
381 + nla_total_size(40) /* OVS_KEY_ATTR_IPV6 */
382 + nla_total_size(2) /* OVS_KEY_ATTR_ICMPV6 */
383 + nla_total_size(28); /* OVS_KEY_ATTR_ND */
386 static const struct ovs_len_tbl ovs_vxlan_ext_key_lens
[OVS_VXLAN_EXT_MAX
+ 1] = {
387 [OVS_VXLAN_EXT_GBP
] = { .len
= sizeof(u32
) },
390 static const struct ovs_len_tbl ovs_tunnel_key_lens
[OVS_TUNNEL_KEY_ATTR_MAX
+ 1] = {
391 [OVS_TUNNEL_KEY_ATTR_ID
] = { .len
= sizeof(u64
) },
392 [OVS_TUNNEL_KEY_ATTR_IPV4_SRC
] = { .len
= sizeof(u32
) },
393 [OVS_TUNNEL_KEY_ATTR_IPV4_DST
] = { .len
= sizeof(u32
) },
394 [OVS_TUNNEL_KEY_ATTR_TOS
] = { .len
= 1 },
395 [OVS_TUNNEL_KEY_ATTR_TTL
] = { .len
= 1 },
396 [OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT
] = { .len
= 0 },
397 [OVS_TUNNEL_KEY_ATTR_CSUM
] = { .len
= 0 },
398 [OVS_TUNNEL_KEY_ATTR_TP_SRC
] = { .len
= sizeof(u16
) },
399 [OVS_TUNNEL_KEY_ATTR_TP_DST
] = { .len
= sizeof(u16
) },
400 [OVS_TUNNEL_KEY_ATTR_OAM
] = { .len
= 0 },
401 [OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS
] = { .len
= OVS_ATTR_VARIABLE
},
402 [OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS
] = { .len
= OVS_ATTR_NESTED
,
403 .next
= ovs_vxlan_ext_key_lens
},
404 [OVS_TUNNEL_KEY_ATTR_IPV6_SRC
] = { .len
= sizeof(struct in6_addr
) },
405 [OVS_TUNNEL_KEY_ATTR_IPV6_DST
] = { .len
= sizeof(struct in6_addr
) },
406 [OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS
] = { .len
= OVS_ATTR_VARIABLE
},
407 [OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE
] = { .len
= 0 },
410 static const struct ovs_len_tbl
411 ovs_nsh_key_attr_lens
[OVS_NSH_KEY_ATTR_MAX
+ 1] = {
412 [OVS_NSH_KEY_ATTR_BASE
] = { .len
= sizeof(struct ovs_nsh_key_base
) },
413 [OVS_NSH_KEY_ATTR_MD1
] = { .len
= sizeof(struct ovs_nsh_key_md1
) },
414 [OVS_NSH_KEY_ATTR_MD2
] = { .len
= OVS_ATTR_VARIABLE
},
417 /* The size of the argument for each %OVS_KEY_ATTR_* Netlink attribute. */
418 static const struct ovs_len_tbl ovs_key_lens
[OVS_KEY_ATTR_MAX
+ 1] = {
419 [OVS_KEY_ATTR_ENCAP
] = { .len
= OVS_ATTR_NESTED
},
420 [OVS_KEY_ATTR_PRIORITY
] = { .len
= sizeof(u32
) },
421 [OVS_KEY_ATTR_IN_PORT
] = { .len
= sizeof(u32
) },
422 [OVS_KEY_ATTR_SKB_MARK
] = { .len
= sizeof(u32
) },
423 [OVS_KEY_ATTR_ETHERNET
] = { .len
= sizeof(struct ovs_key_ethernet
) },
424 [OVS_KEY_ATTR_VLAN
] = { .len
= sizeof(__be16
) },
425 [OVS_KEY_ATTR_ETHERTYPE
] = { .len
= sizeof(__be16
) },
426 [OVS_KEY_ATTR_IPV4
] = { .len
= sizeof(struct ovs_key_ipv4
) },
427 [OVS_KEY_ATTR_IPV6
] = { .len
= sizeof(struct ovs_key_ipv6
) },
428 [OVS_KEY_ATTR_TCP
] = { .len
= sizeof(struct ovs_key_tcp
) },
429 [OVS_KEY_ATTR_TCP_FLAGS
] = { .len
= sizeof(__be16
) },
430 [OVS_KEY_ATTR_UDP
] = { .len
= sizeof(struct ovs_key_udp
) },
431 [OVS_KEY_ATTR_SCTP
] = { .len
= sizeof(struct ovs_key_sctp
) },
432 [OVS_KEY_ATTR_ICMP
] = { .len
= sizeof(struct ovs_key_icmp
) },
433 [OVS_KEY_ATTR_ICMPV6
] = { .len
= sizeof(struct ovs_key_icmpv6
) },
434 [OVS_KEY_ATTR_ARP
] = { .len
= sizeof(struct ovs_key_arp
) },
435 [OVS_KEY_ATTR_ND
] = { .len
= sizeof(struct ovs_key_nd
) },
436 [OVS_KEY_ATTR_RECIRC_ID
] = { .len
= sizeof(u32
) },
437 [OVS_KEY_ATTR_DP_HASH
] = { .len
= sizeof(u32
) },
438 [OVS_KEY_ATTR_TUNNEL
] = { .len
= OVS_ATTR_NESTED
,
439 .next
= ovs_tunnel_key_lens
, },
440 [OVS_KEY_ATTR_MPLS
] = { .len
= sizeof(struct ovs_key_mpls
) },
441 [OVS_KEY_ATTR_CT_STATE
] = { .len
= sizeof(u32
) },
442 [OVS_KEY_ATTR_CT_ZONE
] = { .len
= sizeof(u16
) },
443 [OVS_KEY_ATTR_CT_MARK
] = { .len
= sizeof(u32
) },
444 [OVS_KEY_ATTR_CT_LABELS
] = { .len
= sizeof(struct ovs_key_ct_labels
) },
445 [OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4
] = {
446 .len
= sizeof(struct ovs_key_ct_tuple_ipv4
) },
447 [OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6
] = {
448 .len
= sizeof(struct ovs_key_ct_tuple_ipv6
) },
449 [OVS_KEY_ATTR_NSH
] = { .len
= OVS_ATTR_NESTED
,
450 .next
= ovs_nsh_key_attr_lens
, },
453 static bool check_attr_len(unsigned int attr_len
, unsigned int expected_len
)
455 return expected_len
== attr_len
||
456 expected_len
== OVS_ATTR_NESTED
||
457 expected_len
== OVS_ATTR_VARIABLE
;
460 static bool is_all_zero(const u8
*fp
, size_t size
)
467 for (i
= 0; i
< size
; i
++)
474 static int __parse_flow_nlattrs(const struct nlattr
*attr
,
475 const struct nlattr
*a
[],
476 u64
*attrsp
, bool log
, bool nz
)
478 const struct nlattr
*nla
;
483 nla_for_each_nested(nla
, attr
, rem
) {
484 u16 type
= nla_type(nla
);
487 if (type
> OVS_KEY_ATTR_MAX
) {
488 OVS_NLERR(log
, "Key type %d is out of range max %d",
489 type
, OVS_KEY_ATTR_MAX
);
493 if (attrs
& (1 << type
)) {
494 OVS_NLERR(log
, "Duplicate key (type %d).", type
);
498 expected_len
= ovs_key_lens
[type
].len
;
499 if (!check_attr_len(nla_len(nla
), expected_len
)) {
500 OVS_NLERR(log
, "Key %d has unexpected len %d expected %d",
501 type
, nla_len(nla
), expected_len
);
505 if (!nz
|| !is_all_zero(nla_data(nla
), nla_len(nla
))) {
511 OVS_NLERR(log
, "Message has %d unknown bytes.", rem
);
519 static int parse_flow_mask_nlattrs(const struct nlattr
*attr
,
520 const struct nlattr
*a
[], u64
*attrsp
,
523 return __parse_flow_nlattrs(attr
, a
, attrsp
, log
, true);
526 int parse_flow_nlattrs(const struct nlattr
*attr
, const struct nlattr
*a
[],
527 u64
*attrsp
, bool log
)
529 return __parse_flow_nlattrs(attr
, a
, attrsp
, log
, false);
532 static int genev_tun_opt_from_nlattr(const struct nlattr
*a
,
533 struct sw_flow_match
*match
, bool is_mask
,
536 unsigned long opt_key_offset
;
538 if (nla_len(a
) > sizeof(match
->key
->tun_opts
)) {
539 OVS_NLERR(log
, "Geneve option length err (len %d, max %zu).",
540 nla_len(a
), sizeof(match
->key
->tun_opts
));
544 if (nla_len(a
) % 4 != 0) {
545 OVS_NLERR(log
, "Geneve opt len %d is not a multiple of 4.",
550 /* We need to record the length of the options passed
551 * down, otherwise packets with the same format but
552 * additional options will be silently matched.
555 SW_FLOW_KEY_PUT(match
, tun_opts_len
, nla_len(a
),
558 /* This is somewhat unusual because it looks at
559 * both the key and mask while parsing the
560 * attributes (and by extension assumes the key
561 * is parsed first). Normally, we would verify
562 * that each is the correct length and that the
563 * attributes line up in the validate function.
564 * However, that is difficult because this is
565 * variable length and we won't have the
568 if (match
->key
->tun_opts_len
!= nla_len(a
)) {
569 OVS_NLERR(log
, "Geneve option len %d != mask len %d",
570 match
->key
->tun_opts_len
, nla_len(a
));
574 SW_FLOW_KEY_PUT(match
, tun_opts_len
, 0xff, true);
577 opt_key_offset
= TUN_METADATA_OFFSET(nla_len(a
));
578 SW_FLOW_KEY_MEMCPY_OFFSET(match
, opt_key_offset
, nla_data(a
),
579 nla_len(a
), is_mask
);
583 static int vxlan_tun_opt_from_nlattr(const struct nlattr
*attr
,
584 struct sw_flow_match
*match
, bool is_mask
,
589 unsigned long opt_key_offset
;
590 struct vxlan_metadata opts
;
592 BUILD_BUG_ON(sizeof(opts
) > sizeof(match
->key
->tun_opts
));
594 memset(&opts
, 0, sizeof(opts
));
595 nla_for_each_nested(a
, attr
, rem
) {
596 int type
= nla_type(a
);
598 if (type
> OVS_VXLAN_EXT_MAX
) {
599 OVS_NLERR(log
, "VXLAN extension %d out of range max %d",
600 type
, OVS_VXLAN_EXT_MAX
);
604 if (!check_attr_len(nla_len(a
),
605 ovs_vxlan_ext_key_lens
[type
].len
)) {
606 OVS_NLERR(log
, "VXLAN extension %d has unexpected len %d expected %d",
608 ovs_vxlan_ext_key_lens
[type
].len
);
613 case OVS_VXLAN_EXT_GBP
:
614 opts
.gbp
= nla_get_u32(a
);
617 OVS_NLERR(log
, "Unknown VXLAN extension attribute %d",
623 OVS_NLERR(log
, "VXLAN extension message has %d unknown bytes.",
629 SW_FLOW_KEY_PUT(match
, tun_opts_len
, sizeof(opts
), false);
631 SW_FLOW_KEY_PUT(match
, tun_opts_len
, 0xff, true);
633 opt_key_offset
= TUN_METADATA_OFFSET(sizeof(opts
));
634 SW_FLOW_KEY_MEMCPY_OFFSET(match
, opt_key_offset
, &opts
, sizeof(opts
),
639 static int erspan_tun_opt_from_nlattr(const struct nlattr
*a
,
640 struct sw_flow_match
*match
, bool is_mask
,
643 unsigned long opt_key_offset
;
645 BUILD_BUG_ON(sizeof(struct erspan_metadata
) >
646 sizeof(match
->key
->tun_opts
));
648 if (nla_len(a
) > sizeof(match
->key
->tun_opts
)) {
649 OVS_NLERR(log
, "ERSPAN option length err (len %d, max %zu).",
650 nla_len(a
), sizeof(match
->key
->tun_opts
));
655 SW_FLOW_KEY_PUT(match
, tun_opts_len
,
656 sizeof(struct erspan_metadata
), false);
658 SW_FLOW_KEY_PUT(match
, tun_opts_len
, 0xff, true);
660 opt_key_offset
= TUN_METADATA_OFFSET(nla_len(a
));
661 SW_FLOW_KEY_MEMCPY_OFFSET(match
, opt_key_offset
, nla_data(a
),
662 nla_len(a
), is_mask
);
666 static int ip_tun_from_nlattr(const struct nlattr
*attr
,
667 struct sw_flow_match
*match
, bool is_mask
,
670 bool ttl
= false, ipv4
= false, ipv6
= false;
671 bool info_bridge_mode
= false;
672 __be16 tun_flags
= 0;
677 nla_for_each_nested(a
, attr
, rem
) {
678 int type
= nla_type(a
);
681 if (type
> OVS_TUNNEL_KEY_ATTR_MAX
) {
682 OVS_NLERR(log
, "Tunnel attr %d out of range max %d",
683 type
, OVS_TUNNEL_KEY_ATTR_MAX
);
687 if (!check_attr_len(nla_len(a
),
688 ovs_tunnel_key_lens
[type
].len
)) {
689 OVS_NLERR(log
, "Tunnel attr %d has unexpected len %d expected %d",
690 type
, nla_len(a
), ovs_tunnel_key_lens
[type
].len
);
695 case OVS_TUNNEL_KEY_ATTR_ID
:
696 SW_FLOW_KEY_PUT(match
, tun_key
.tun_id
,
697 nla_get_be64(a
), is_mask
);
698 tun_flags
|= TUNNEL_KEY
;
700 case OVS_TUNNEL_KEY_ATTR_IPV4_SRC
:
701 SW_FLOW_KEY_PUT(match
, tun_key
.u
.ipv4
.src
,
702 nla_get_in_addr(a
), is_mask
);
705 case OVS_TUNNEL_KEY_ATTR_IPV4_DST
:
706 SW_FLOW_KEY_PUT(match
, tun_key
.u
.ipv4
.dst
,
707 nla_get_in_addr(a
), is_mask
);
710 case OVS_TUNNEL_KEY_ATTR_IPV6_SRC
:
711 SW_FLOW_KEY_PUT(match
, tun_key
.u
.ipv6
.src
,
712 nla_get_in6_addr(a
), is_mask
);
715 case OVS_TUNNEL_KEY_ATTR_IPV6_DST
:
716 SW_FLOW_KEY_PUT(match
, tun_key
.u
.ipv6
.dst
,
717 nla_get_in6_addr(a
), is_mask
);
720 case OVS_TUNNEL_KEY_ATTR_TOS
:
721 SW_FLOW_KEY_PUT(match
, tun_key
.tos
,
722 nla_get_u8(a
), is_mask
);
724 case OVS_TUNNEL_KEY_ATTR_TTL
:
725 SW_FLOW_KEY_PUT(match
, tun_key
.ttl
,
726 nla_get_u8(a
), is_mask
);
729 case OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT
:
730 tun_flags
|= TUNNEL_DONT_FRAGMENT
;
732 case OVS_TUNNEL_KEY_ATTR_CSUM
:
733 tun_flags
|= TUNNEL_CSUM
;
735 case OVS_TUNNEL_KEY_ATTR_TP_SRC
:
736 SW_FLOW_KEY_PUT(match
, tun_key
.tp_src
,
737 nla_get_be16(a
), is_mask
);
739 case OVS_TUNNEL_KEY_ATTR_TP_DST
:
740 SW_FLOW_KEY_PUT(match
, tun_key
.tp_dst
,
741 nla_get_be16(a
), is_mask
);
743 case OVS_TUNNEL_KEY_ATTR_OAM
:
744 tun_flags
|= TUNNEL_OAM
;
746 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS
:
748 OVS_NLERR(log
, "Multiple metadata blocks provided");
752 err
= genev_tun_opt_from_nlattr(a
, match
, is_mask
, log
);
756 tun_flags
|= TUNNEL_GENEVE_OPT
;
759 case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS
:
761 OVS_NLERR(log
, "Multiple metadata blocks provided");
765 err
= vxlan_tun_opt_from_nlattr(a
, match
, is_mask
, log
);
769 tun_flags
|= TUNNEL_VXLAN_OPT
;
772 case OVS_TUNNEL_KEY_ATTR_PAD
:
774 case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS
:
776 OVS_NLERR(log
, "Multiple metadata blocks provided");
780 err
= erspan_tun_opt_from_nlattr(a
, match
, is_mask
,
785 tun_flags
|= TUNNEL_ERSPAN_OPT
;
788 case OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE
:
789 info_bridge_mode
= true;
793 OVS_NLERR(log
, "Unknown IP tunnel attribute %d",
799 SW_FLOW_KEY_PUT(match
, tun_key
.tun_flags
, tun_flags
, is_mask
);
801 SW_FLOW_KEY_MEMSET_FIELD(match
, tun_proto
, 0xff, true);
803 SW_FLOW_KEY_PUT(match
, tun_proto
, ipv6
? AF_INET6
: AF_INET
,
807 OVS_NLERR(log
, "IP tunnel attribute has %d unknown bytes.",
813 OVS_NLERR(log
, "Mixed IPv4 and IPv6 tunnel attributes");
818 if (!ipv4
&& !ipv6
) {
819 OVS_NLERR(log
, "IP tunnel dst address not specified");
823 if (info_bridge_mode
) {
824 if (match
->key
->tun_key
.u
.ipv4
.src
||
825 match
->key
->tun_key
.u
.ipv4
.dst
||
826 match
->key
->tun_key
.tp_src
||
827 match
->key
->tun_key
.tp_dst
||
828 match
->key
->tun_key
.ttl
||
829 match
->key
->tun_key
.tos
||
830 tun_flags
& ~TUNNEL_KEY
) {
831 OVS_NLERR(log
, "IPv4 tun info is not correct");
834 } else if (!match
->key
->tun_key
.u
.ipv4
.dst
) {
835 OVS_NLERR(log
, "IPv4 tunnel dst address is zero");
839 if (ipv6
&& ipv6_addr_any(&match
->key
->tun_key
.u
.ipv6
.dst
)) {
840 OVS_NLERR(log
, "IPv6 tunnel dst address is zero");
844 if (!ttl
&& !info_bridge_mode
) {
845 OVS_NLERR(log
, "IP tunnel TTL not specified.");
853 static int vxlan_opt_to_nlattr(struct sk_buff
*skb
,
854 const void *tun_opts
, int swkey_tun_opts_len
)
856 const struct vxlan_metadata
*opts
= tun_opts
;
859 nla
= nla_nest_start_noflag(skb
, OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS
);
863 if (nla_put_u32(skb
, OVS_VXLAN_EXT_GBP
, opts
->gbp
) < 0)
866 nla_nest_end(skb
, nla
);
870 static int __ip_tun_to_nlattr(struct sk_buff
*skb
,
871 const struct ip_tunnel_key
*output
,
872 const void *tun_opts
, int swkey_tun_opts_len
,
873 unsigned short tun_proto
, u8 mode
)
875 if (output
->tun_flags
& TUNNEL_KEY
&&
876 nla_put_be64(skb
, OVS_TUNNEL_KEY_ATTR_ID
, output
->tun_id
,
877 OVS_TUNNEL_KEY_ATTR_PAD
))
880 if (mode
& IP_TUNNEL_INFO_BRIDGE
)
881 return nla_put_flag(skb
, OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE
)
886 if (output
->u
.ipv4
.src
&&
887 nla_put_in_addr(skb
, OVS_TUNNEL_KEY_ATTR_IPV4_SRC
,
890 if (output
->u
.ipv4
.dst
&&
891 nla_put_in_addr(skb
, OVS_TUNNEL_KEY_ATTR_IPV4_DST
,
896 if (!ipv6_addr_any(&output
->u
.ipv6
.src
) &&
897 nla_put_in6_addr(skb
, OVS_TUNNEL_KEY_ATTR_IPV6_SRC
,
898 &output
->u
.ipv6
.src
))
900 if (!ipv6_addr_any(&output
->u
.ipv6
.dst
) &&
901 nla_put_in6_addr(skb
, OVS_TUNNEL_KEY_ATTR_IPV6_DST
,
902 &output
->u
.ipv6
.dst
))
907 nla_put_u8(skb
, OVS_TUNNEL_KEY_ATTR_TOS
, output
->tos
))
909 if (nla_put_u8(skb
, OVS_TUNNEL_KEY_ATTR_TTL
, output
->ttl
))
911 if ((output
->tun_flags
& TUNNEL_DONT_FRAGMENT
) &&
912 nla_put_flag(skb
, OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT
))
914 if ((output
->tun_flags
& TUNNEL_CSUM
) &&
915 nla_put_flag(skb
, OVS_TUNNEL_KEY_ATTR_CSUM
))
917 if (output
->tp_src
&&
918 nla_put_be16(skb
, OVS_TUNNEL_KEY_ATTR_TP_SRC
, output
->tp_src
))
920 if (output
->tp_dst
&&
921 nla_put_be16(skb
, OVS_TUNNEL_KEY_ATTR_TP_DST
, output
->tp_dst
))
923 if ((output
->tun_flags
& TUNNEL_OAM
) &&
924 nla_put_flag(skb
, OVS_TUNNEL_KEY_ATTR_OAM
))
926 if (swkey_tun_opts_len
) {
927 if (output
->tun_flags
& TUNNEL_GENEVE_OPT
&&
928 nla_put(skb
, OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS
,
929 swkey_tun_opts_len
, tun_opts
))
931 else if (output
->tun_flags
& TUNNEL_VXLAN_OPT
&&
932 vxlan_opt_to_nlattr(skb
, tun_opts
, swkey_tun_opts_len
))
934 else if (output
->tun_flags
& TUNNEL_ERSPAN_OPT
&&
935 nla_put(skb
, OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS
,
936 swkey_tun_opts_len
, tun_opts
))
943 static int ip_tun_to_nlattr(struct sk_buff
*skb
,
944 const struct ip_tunnel_key
*output
,
945 const void *tun_opts
, int swkey_tun_opts_len
,
946 unsigned short tun_proto
, u8 mode
)
951 nla
= nla_nest_start_noflag(skb
, OVS_KEY_ATTR_TUNNEL
);
955 err
= __ip_tun_to_nlattr(skb
, output
, tun_opts
, swkey_tun_opts_len
,
960 nla_nest_end(skb
, nla
);
964 int ovs_nla_put_tunnel_info(struct sk_buff
*skb
,
965 struct ip_tunnel_info
*tun_info
)
967 return __ip_tun_to_nlattr(skb
, &tun_info
->key
,
968 ip_tunnel_info_opts(tun_info
),
969 tun_info
->options_len
,
970 ip_tunnel_info_af(tun_info
), tun_info
->mode
);
973 static int encode_vlan_from_nlattrs(struct sw_flow_match
*match
,
974 const struct nlattr
*a
[],
975 bool is_mask
, bool inner
)
980 if (a
[OVS_KEY_ATTR_VLAN
])
981 tci
= nla_get_be16(a
[OVS_KEY_ATTR_VLAN
]);
983 if (a
[OVS_KEY_ATTR_ETHERTYPE
])
984 tpid
= nla_get_be16(a
[OVS_KEY_ATTR_ETHERTYPE
]);
986 if (likely(!inner
)) {
987 SW_FLOW_KEY_PUT(match
, eth
.vlan
.tpid
, tpid
, is_mask
);
988 SW_FLOW_KEY_PUT(match
, eth
.vlan
.tci
, tci
, is_mask
);
990 SW_FLOW_KEY_PUT(match
, eth
.cvlan
.tpid
, tpid
, is_mask
);
991 SW_FLOW_KEY_PUT(match
, eth
.cvlan
.tci
, tci
, is_mask
);
996 static int validate_vlan_from_nlattrs(const struct sw_flow_match
*match
,
997 u64 key_attrs
, bool inner
,
998 const struct nlattr
**a
, bool log
)
1002 if (!((key_attrs
& (1 << OVS_KEY_ATTR_ETHERNET
)) &&
1003 (key_attrs
& (1 << OVS_KEY_ATTR_ETHERTYPE
)) &&
1004 eth_type_vlan(nla_get_be16(a
[OVS_KEY_ATTR_ETHERTYPE
])))) {
1009 if (!((key_attrs
& (1 << OVS_KEY_ATTR_VLAN
)) &&
1010 (key_attrs
& (1 << OVS_KEY_ATTR_ENCAP
)))) {
1011 OVS_NLERR(log
, "Invalid %s frame", (inner
) ? "C-VLAN" : "VLAN");
1015 if (a
[OVS_KEY_ATTR_VLAN
])
1016 tci
= nla_get_be16(a
[OVS_KEY_ATTR_VLAN
]);
1018 if (!(tci
& htons(VLAN_CFI_MASK
))) {
1020 OVS_NLERR(log
, "%s TCI does not have VLAN_CFI_MASK bit set.",
1021 (inner
) ? "C-VLAN" : "VLAN");
1023 } else if (nla_len(a
[OVS_KEY_ATTR_ENCAP
])) {
1024 /* Corner case for truncated VLAN header. */
1025 OVS_NLERR(log
, "Truncated %s header has non-zero encap attribute.",
1026 (inner
) ? "C-VLAN" : "VLAN");
1034 static int validate_vlan_mask_from_nlattrs(const struct sw_flow_match
*match
,
1035 u64 key_attrs
, bool inner
,
1036 const struct nlattr
**a
, bool log
)
1040 bool encap_valid
= !!(match
->key
->eth
.vlan
.tci
&
1041 htons(VLAN_CFI_MASK
));
1042 bool i_encap_valid
= !!(match
->key
->eth
.cvlan
.tci
&
1043 htons(VLAN_CFI_MASK
));
1045 if (!(key_attrs
& (1 << OVS_KEY_ATTR_ENCAP
))) {
1050 if ((!inner
&& !encap_valid
) || (inner
&& !i_encap_valid
)) {
1051 OVS_NLERR(log
, "Encap mask attribute is set for non-%s frame.",
1052 (inner
) ? "C-VLAN" : "VLAN");
1056 if (a
[OVS_KEY_ATTR_VLAN
])
1057 tci
= nla_get_be16(a
[OVS_KEY_ATTR_VLAN
]);
1059 if (a
[OVS_KEY_ATTR_ETHERTYPE
])
1060 tpid
= nla_get_be16(a
[OVS_KEY_ATTR_ETHERTYPE
]);
1062 if (tpid
!= htons(0xffff)) {
1063 OVS_NLERR(log
, "Must have an exact match on %s TPID (mask=%x).",
1064 (inner
) ? "C-VLAN" : "VLAN", ntohs(tpid
));
1067 if (!(tci
& htons(VLAN_CFI_MASK
))) {
1068 OVS_NLERR(log
, "%s TCI mask does not have exact match for VLAN_CFI_MASK bit.",
1069 (inner
) ? "C-VLAN" : "VLAN");
1076 static int __parse_vlan_from_nlattrs(struct sw_flow_match
*match
,
1077 u64
*key_attrs
, bool inner
,
1078 const struct nlattr
**a
, bool is_mask
,
1082 const struct nlattr
*encap
;
1085 err
= validate_vlan_from_nlattrs(match
, *key_attrs
, inner
,
1088 err
= validate_vlan_mask_from_nlattrs(match
, *key_attrs
, inner
,
1093 err
= encode_vlan_from_nlattrs(match
, a
, is_mask
, inner
);
1097 *key_attrs
&= ~(1 << OVS_KEY_ATTR_ENCAP
);
1098 *key_attrs
&= ~(1 << OVS_KEY_ATTR_VLAN
);
1099 *key_attrs
&= ~(1 << OVS_KEY_ATTR_ETHERTYPE
);
1101 encap
= a
[OVS_KEY_ATTR_ENCAP
];
1104 err
= parse_flow_nlattrs(encap
, a
, key_attrs
, log
);
1106 err
= parse_flow_mask_nlattrs(encap
, a
, key_attrs
, log
);
1111 static int parse_vlan_from_nlattrs(struct sw_flow_match
*match
,
1112 u64
*key_attrs
, const struct nlattr
**a
,
1113 bool is_mask
, bool log
)
1116 bool encap_valid
= false;
1118 err
= __parse_vlan_from_nlattrs(match
, key_attrs
, false, a
,
1123 encap_valid
= !!(match
->key
->eth
.vlan
.tci
& htons(VLAN_CFI_MASK
));
1125 err
= __parse_vlan_from_nlattrs(match
, key_attrs
, true, a
,
1134 static int parse_eth_type_from_nlattrs(struct sw_flow_match
*match
,
1135 u64
*attrs
, const struct nlattr
**a
,
1136 bool is_mask
, bool log
)
1140 eth_type
= nla_get_be16(a
[OVS_KEY_ATTR_ETHERTYPE
]);
1142 /* Always exact match EtherType. */
1143 eth_type
= htons(0xffff);
1144 } else if (!eth_proto_is_802_3(eth_type
)) {
1145 OVS_NLERR(log
, "EtherType %x is less than min %x",
1146 ntohs(eth_type
), ETH_P_802_3_MIN
);
1150 SW_FLOW_KEY_PUT(match
, eth
.type
, eth_type
, is_mask
);
1151 *attrs
&= ~(1 << OVS_KEY_ATTR_ETHERTYPE
);
1155 static int metadata_from_nlattrs(struct net
*net
, struct sw_flow_match
*match
,
1156 u64
*attrs
, const struct nlattr
**a
,
1157 bool is_mask
, bool log
)
1159 u8 mac_proto
= MAC_PROTO_ETHERNET
;
1161 if (*attrs
& (1 << OVS_KEY_ATTR_DP_HASH
)) {
1162 u32 hash_val
= nla_get_u32(a
[OVS_KEY_ATTR_DP_HASH
]);
1164 SW_FLOW_KEY_PUT(match
, ovs_flow_hash
, hash_val
, is_mask
);
1165 *attrs
&= ~(1 << OVS_KEY_ATTR_DP_HASH
);
1168 if (*attrs
& (1 << OVS_KEY_ATTR_RECIRC_ID
)) {
1169 u32 recirc_id
= nla_get_u32(a
[OVS_KEY_ATTR_RECIRC_ID
]);
1171 SW_FLOW_KEY_PUT(match
, recirc_id
, recirc_id
, is_mask
);
1172 *attrs
&= ~(1 << OVS_KEY_ATTR_RECIRC_ID
);
1175 if (*attrs
& (1 << OVS_KEY_ATTR_PRIORITY
)) {
1176 SW_FLOW_KEY_PUT(match
, phy
.priority
,
1177 nla_get_u32(a
[OVS_KEY_ATTR_PRIORITY
]), is_mask
);
1178 *attrs
&= ~(1 << OVS_KEY_ATTR_PRIORITY
);
1181 if (*attrs
& (1 << OVS_KEY_ATTR_IN_PORT
)) {
1182 u32 in_port
= nla_get_u32(a
[OVS_KEY_ATTR_IN_PORT
]);
1185 in_port
= 0xffffffff; /* Always exact match in_port. */
1186 } else if (in_port
>= DP_MAX_PORTS
) {
1187 OVS_NLERR(log
, "Port %d exceeds max allowable %d",
1188 in_port
, DP_MAX_PORTS
);
1192 SW_FLOW_KEY_PUT(match
, phy
.in_port
, in_port
, is_mask
);
1193 *attrs
&= ~(1 << OVS_KEY_ATTR_IN_PORT
);
1194 } else if (!is_mask
) {
1195 SW_FLOW_KEY_PUT(match
, phy
.in_port
, DP_MAX_PORTS
, is_mask
);
1198 if (*attrs
& (1 << OVS_KEY_ATTR_SKB_MARK
)) {
1199 uint32_t mark
= nla_get_u32(a
[OVS_KEY_ATTR_SKB_MARK
]);
1201 SW_FLOW_KEY_PUT(match
, phy
.skb_mark
, mark
, is_mask
);
1202 *attrs
&= ~(1 << OVS_KEY_ATTR_SKB_MARK
);
1204 if (*attrs
& (1 << OVS_KEY_ATTR_TUNNEL
)) {
1205 if (ip_tun_from_nlattr(a
[OVS_KEY_ATTR_TUNNEL
], match
,
1208 *attrs
&= ~(1 << OVS_KEY_ATTR_TUNNEL
);
1211 if (*attrs
& (1 << OVS_KEY_ATTR_CT_STATE
) &&
1212 ovs_ct_verify(net
, OVS_KEY_ATTR_CT_STATE
)) {
1213 u32 ct_state
= nla_get_u32(a
[OVS_KEY_ATTR_CT_STATE
]);
1215 if (ct_state
& ~CT_SUPPORTED_MASK
) {
1216 OVS_NLERR(log
, "ct_state flags %08x unsupported",
1221 SW_FLOW_KEY_PUT(match
, ct_state
, ct_state
, is_mask
);
1222 *attrs
&= ~(1ULL << OVS_KEY_ATTR_CT_STATE
);
1224 if (*attrs
& (1 << OVS_KEY_ATTR_CT_ZONE
) &&
1225 ovs_ct_verify(net
, OVS_KEY_ATTR_CT_ZONE
)) {
1226 u16 ct_zone
= nla_get_u16(a
[OVS_KEY_ATTR_CT_ZONE
]);
1228 SW_FLOW_KEY_PUT(match
, ct_zone
, ct_zone
, is_mask
);
1229 *attrs
&= ~(1ULL << OVS_KEY_ATTR_CT_ZONE
);
1231 if (*attrs
& (1 << OVS_KEY_ATTR_CT_MARK
) &&
1232 ovs_ct_verify(net
, OVS_KEY_ATTR_CT_MARK
)) {
1233 u32 mark
= nla_get_u32(a
[OVS_KEY_ATTR_CT_MARK
]);
1235 SW_FLOW_KEY_PUT(match
, ct
.mark
, mark
, is_mask
);
1236 *attrs
&= ~(1ULL << OVS_KEY_ATTR_CT_MARK
);
1238 if (*attrs
& (1 << OVS_KEY_ATTR_CT_LABELS
) &&
1239 ovs_ct_verify(net
, OVS_KEY_ATTR_CT_LABELS
)) {
1240 const struct ovs_key_ct_labels
*cl
;
1242 cl
= nla_data(a
[OVS_KEY_ATTR_CT_LABELS
]);
1243 SW_FLOW_KEY_MEMCPY(match
, ct
.labels
, cl
->ct_labels
,
1244 sizeof(*cl
), is_mask
);
1245 *attrs
&= ~(1ULL << OVS_KEY_ATTR_CT_LABELS
);
1247 if (*attrs
& (1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4
)) {
1248 const struct ovs_key_ct_tuple_ipv4
*ct
;
1250 ct
= nla_data(a
[OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4
]);
1252 SW_FLOW_KEY_PUT(match
, ipv4
.ct_orig
.src
, ct
->ipv4_src
, is_mask
);
1253 SW_FLOW_KEY_PUT(match
, ipv4
.ct_orig
.dst
, ct
->ipv4_dst
, is_mask
);
1254 SW_FLOW_KEY_PUT(match
, ct
.orig_tp
.src
, ct
->src_port
, is_mask
);
1255 SW_FLOW_KEY_PUT(match
, ct
.orig_tp
.dst
, ct
->dst_port
, is_mask
);
1256 SW_FLOW_KEY_PUT(match
, ct_orig_proto
, ct
->ipv4_proto
, is_mask
);
1257 *attrs
&= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4
);
1259 if (*attrs
& (1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6
)) {
1260 const struct ovs_key_ct_tuple_ipv6
*ct
;
1262 ct
= nla_data(a
[OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6
]);
1264 SW_FLOW_KEY_MEMCPY(match
, ipv6
.ct_orig
.src
, &ct
->ipv6_src
,
1265 sizeof(match
->key
->ipv6
.ct_orig
.src
),
1267 SW_FLOW_KEY_MEMCPY(match
, ipv6
.ct_orig
.dst
, &ct
->ipv6_dst
,
1268 sizeof(match
->key
->ipv6
.ct_orig
.dst
),
1270 SW_FLOW_KEY_PUT(match
, ct
.orig_tp
.src
, ct
->src_port
, is_mask
);
1271 SW_FLOW_KEY_PUT(match
, ct
.orig_tp
.dst
, ct
->dst_port
, is_mask
);
1272 SW_FLOW_KEY_PUT(match
, ct_orig_proto
, ct
->ipv6_proto
, is_mask
);
1273 *attrs
&= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6
);
1276 /* For layer 3 packets the Ethernet type is provided
1277 * and treated as metadata but no MAC addresses are provided.
1279 if (!(*attrs
& (1ULL << OVS_KEY_ATTR_ETHERNET
)) &&
1280 (*attrs
& (1ULL << OVS_KEY_ATTR_ETHERTYPE
)))
1281 mac_proto
= MAC_PROTO_NONE
;
1283 /* Always exact match mac_proto */
1284 SW_FLOW_KEY_PUT(match
, mac_proto
, is_mask
? 0xff : mac_proto
, is_mask
);
1286 if (mac_proto
== MAC_PROTO_NONE
)
1287 return parse_eth_type_from_nlattrs(match
, attrs
, a
, is_mask
,
1293 int nsh_hdr_from_nlattr(const struct nlattr
*attr
,
1294 struct nshhdr
*nh
, size_t size
)
1302 /* validate_nsh has check this, so we needn't do duplicate check here
1304 if (size
< NSH_BASE_HDR_LEN
)
1307 nla_for_each_nested(a
, attr
, rem
) {
1308 int type
= nla_type(a
);
1311 case OVS_NSH_KEY_ATTR_BASE
: {
1312 const struct ovs_nsh_key_base
*base
= nla_data(a
);
1314 flags
= base
->flags
;
1317 nh
->mdtype
= base
->mdtype
;
1318 nh
->path_hdr
= base
->path_hdr
;
1321 case OVS_NSH_KEY_ATTR_MD1
:
1323 if (mdlen
> size
- NSH_BASE_HDR_LEN
)
1325 memcpy(&nh
->md1
, nla_data(a
), mdlen
);
1328 case OVS_NSH_KEY_ATTR_MD2
:
1330 if (mdlen
> size
- NSH_BASE_HDR_LEN
)
1332 memcpy(&nh
->md2
, nla_data(a
), mdlen
);
1340 /* nsh header length = NSH_BASE_HDR_LEN + mdlen */
1341 nh
->ver_flags_ttl_len
= 0;
1342 nsh_set_flags_ttl_len(nh
, flags
, ttl
, NSH_BASE_HDR_LEN
+ mdlen
);
1347 int nsh_key_from_nlattr(const struct nlattr
*attr
,
1348 struct ovs_key_nsh
*nsh
, struct ovs_key_nsh
*nsh_mask
)
1353 /* validate_nsh has check this, so we needn't do duplicate check here
1355 nla_for_each_nested(a
, attr
, rem
) {
1356 int type
= nla_type(a
);
1359 case OVS_NSH_KEY_ATTR_BASE
: {
1360 const struct ovs_nsh_key_base
*base
= nla_data(a
);
1361 const struct ovs_nsh_key_base
*base_mask
= base
+ 1;
1364 nsh_mask
->base
= *base_mask
;
1367 case OVS_NSH_KEY_ATTR_MD1
: {
1368 const struct ovs_nsh_key_md1
*md1
= nla_data(a
);
1369 const struct ovs_nsh_key_md1
*md1_mask
= md1
+ 1;
1371 memcpy(nsh
->context
, md1
->context
, sizeof(*md1
));
1372 memcpy(nsh_mask
->context
, md1_mask
->context
,
1376 case OVS_NSH_KEY_ATTR_MD2
:
1377 /* Not supported yet */
1387 static int nsh_key_put_from_nlattr(const struct nlattr
*attr
,
1388 struct sw_flow_match
*match
, bool is_mask
,
1389 bool is_push_nsh
, bool log
)
1393 bool has_base
= false;
1394 bool has_md1
= false;
1395 bool has_md2
= false;
1399 if (WARN_ON(is_push_nsh
&& is_mask
))
1402 nla_for_each_nested(a
, attr
, rem
) {
1403 int type
= nla_type(a
);
1406 if (type
> OVS_NSH_KEY_ATTR_MAX
) {
1407 OVS_NLERR(log
, "nsh attr %d is out of range max %d",
1408 type
, OVS_NSH_KEY_ATTR_MAX
);
1412 if (!check_attr_len(nla_len(a
),
1413 ovs_nsh_key_attr_lens
[type
].len
)) {
1416 "nsh attr %d has unexpected len %d expected %d",
1419 ovs_nsh_key_attr_lens
[type
].len
1425 case OVS_NSH_KEY_ATTR_BASE
: {
1426 const struct ovs_nsh_key_base
*base
= nla_data(a
);
1429 mdtype
= base
->mdtype
;
1430 SW_FLOW_KEY_PUT(match
, nsh
.base
.flags
,
1431 base
->flags
, is_mask
);
1432 SW_FLOW_KEY_PUT(match
, nsh
.base
.ttl
,
1433 base
->ttl
, is_mask
);
1434 SW_FLOW_KEY_PUT(match
, nsh
.base
.mdtype
,
1435 base
->mdtype
, is_mask
);
1436 SW_FLOW_KEY_PUT(match
, nsh
.base
.np
,
1438 SW_FLOW_KEY_PUT(match
, nsh
.base
.path_hdr
,
1439 base
->path_hdr
, is_mask
);
1442 case OVS_NSH_KEY_ATTR_MD1
: {
1443 const struct ovs_nsh_key_md1
*md1
= nla_data(a
);
1446 for (i
= 0; i
< NSH_MD1_CONTEXT_SIZE
; i
++)
1447 SW_FLOW_KEY_PUT(match
, nsh
.context
[i
],
1448 md1
->context
[i
], is_mask
);
1451 case OVS_NSH_KEY_ATTR_MD2
:
1452 if (!is_push_nsh
) /* Not supported MD type 2 yet */
1457 if (mdlen
> NSH_CTX_HDRS_MAX_LEN
|| mdlen
<= 0) {
1460 "Invalid MD length %d for MD type %d",
1468 OVS_NLERR(log
, "Unknown nsh attribute %d",
1475 OVS_NLERR(log
, "nsh attribute has %d unknown bytes.", rem
);
1479 if (has_md1
&& has_md2
) {
1482 "invalid nsh attribute: md1 and md2 are exclusive."
1488 if ((has_md1
&& mdtype
!= NSH_M_TYPE1
) ||
1489 (has_md2
&& mdtype
!= NSH_M_TYPE2
)) {
1490 OVS_NLERR(1, "nsh attribute has unmatched MD type %d.",
1496 (!has_base
|| (!has_md1
&& !has_md2
))) {
1499 "push_nsh: missing base or metadata attributes"
1508 static int ovs_key_from_nlattrs(struct net
*net
, struct sw_flow_match
*match
,
1509 u64 attrs
, const struct nlattr
**a
,
1510 bool is_mask
, bool log
)
1514 err
= metadata_from_nlattrs(net
, match
, &attrs
, a
, is_mask
, log
);
1518 if (attrs
& (1 << OVS_KEY_ATTR_ETHERNET
)) {
1519 const struct ovs_key_ethernet
*eth_key
;
1521 eth_key
= nla_data(a
[OVS_KEY_ATTR_ETHERNET
]);
1522 SW_FLOW_KEY_MEMCPY(match
, eth
.src
,
1523 eth_key
->eth_src
, ETH_ALEN
, is_mask
);
1524 SW_FLOW_KEY_MEMCPY(match
, eth
.dst
,
1525 eth_key
->eth_dst
, ETH_ALEN
, is_mask
);
1526 attrs
&= ~(1 << OVS_KEY_ATTR_ETHERNET
);
1528 if (attrs
& (1 << OVS_KEY_ATTR_VLAN
)) {
1529 /* VLAN attribute is always parsed before getting here since it
1530 * may occur multiple times.
1532 OVS_NLERR(log
, "VLAN attribute unexpected.");
1536 if (attrs
& (1 << OVS_KEY_ATTR_ETHERTYPE
)) {
1537 err
= parse_eth_type_from_nlattrs(match
, &attrs
, a
, is_mask
,
1541 } else if (!is_mask
) {
1542 SW_FLOW_KEY_PUT(match
, eth
.type
, htons(ETH_P_802_2
), is_mask
);
1544 } else if (!match
->key
->eth
.type
) {
1545 OVS_NLERR(log
, "Either Ethernet header or EtherType is required.");
1549 if (attrs
& (1 << OVS_KEY_ATTR_IPV4
)) {
1550 const struct ovs_key_ipv4
*ipv4_key
;
1552 ipv4_key
= nla_data(a
[OVS_KEY_ATTR_IPV4
]);
1553 if (!is_mask
&& ipv4_key
->ipv4_frag
> OVS_FRAG_TYPE_MAX
) {
1554 OVS_NLERR(log
, "IPv4 frag type %d is out of range max %d",
1555 ipv4_key
->ipv4_frag
, OVS_FRAG_TYPE_MAX
);
1558 SW_FLOW_KEY_PUT(match
, ip
.proto
,
1559 ipv4_key
->ipv4_proto
, is_mask
);
1560 SW_FLOW_KEY_PUT(match
, ip
.tos
,
1561 ipv4_key
->ipv4_tos
, is_mask
);
1562 SW_FLOW_KEY_PUT(match
, ip
.ttl
,
1563 ipv4_key
->ipv4_ttl
, is_mask
);
1564 SW_FLOW_KEY_PUT(match
, ip
.frag
,
1565 ipv4_key
->ipv4_frag
, is_mask
);
1566 SW_FLOW_KEY_PUT(match
, ipv4
.addr
.src
,
1567 ipv4_key
->ipv4_src
, is_mask
);
1568 SW_FLOW_KEY_PUT(match
, ipv4
.addr
.dst
,
1569 ipv4_key
->ipv4_dst
, is_mask
);
1570 attrs
&= ~(1 << OVS_KEY_ATTR_IPV4
);
1573 if (attrs
& (1 << OVS_KEY_ATTR_IPV6
)) {
1574 const struct ovs_key_ipv6
*ipv6_key
;
1576 ipv6_key
= nla_data(a
[OVS_KEY_ATTR_IPV6
]);
1577 if (!is_mask
&& ipv6_key
->ipv6_frag
> OVS_FRAG_TYPE_MAX
) {
1578 OVS_NLERR(log
, "IPv6 frag type %d is out of range max %d",
1579 ipv6_key
->ipv6_frag
, OVS_FRAG_TYPE_MAX
);
1583 if (!is_mask
&& ipv6_key
->ipv6_label
& htonl(0xFFF00000)) {
1584 OVS_NLERR(log
, "IPv6 flow label %x is out of range (max=%x)",
1585 ntohl(ipv6_key
->ipv6_label
), (1 << 20) - 1);
1589 SW_FLOW_KEY_PUT(match
, ipv6
.label
,
1590 ipv6_key
->ipv6_label
, is_mask
);
1591 SW_FLOW_KEY_PUT(match
, ip
.proto
,
1592 ipv6_key
->ipv6_proto
, is_mask
);
1593 SW_FLOW_KEY_PUT(match
, ip
.tos
,
1594 ipv6_key
->ipv6_tclass
, is_mask
);
1595 SW_FLOW_KEY_PUT(match
, ip
.ttl
,
1596 ipv6_key
->ipv6_hlimit
, is_mask
);
1597 SW_FLOW_KEY_PUT(match
, ip
.frag
,
1598 ipv6_key
->ipv6_frag
, is_mask
);
1599 SW_FLOW_KEY_MEMCPY(match
, ipv6
.addr
.src
,
1601 sizeof(match
->key
->ipv6
.addr
.src
),
1603 SW_FLOW_KEY_MEMCPY(match
, ipv6
.addr
.dst
,
1605 sizeof(match
->key
->ipv6
.addr
.dst
),
1608 attrs
&= ~(1 << OVS_KEY_ATTR_IPV6
);
1611 if (attrs
& (1 << OVS_KEY_ATTR_ARP
)) {
1612 const struct ovs_key_arp
*arp_key
;
1614 arp_key
= nla_data(a
[OVS_KEY_ATTR_ARP
]);
1615 if (!is_mask
&& (arp_key
->arp_op
& htons(0xff00))) {
1616 OVS_NLERR(log
, "Unknown ARP opcode (opcode=%d).",
1621 SW_FLOW_KEY_PUT(match
, ipv4
.addr
.src
,
1622 arp_key
->arp_sip
, is_mask
);
1623 SW_FLOW_KEY_PUT(match
, ipv4
.addr
.dst
,
1624 arp_key
->arp_tip
, is_mask
);
1625 SW_FLOW_KEY_PUT(match
, ip
.proto
,
1626 ntohs(arp_key
->arp_op
), is_mask
);
1627 SW_FLOW_KEY_MEMCPY(match
, ipv4
.arp
.sha
,
1628 arp_key
->arp_sha
, ETH_ALEN
, is_mask
);
1629 SW_FLOW_KEY_MEMCPY(match
, ipv4
.arp
.tha
,
1630 arp_key
->arp_tha
, ETH_ALEN
, is_mask
);
1632 attrs
&= ~(1 << OVS_KEY_ATTR_ARP
);
1635 if (attrs
& (1 << OVS_KEY_ATTR_NSH
)) {
1636 if (nsh_key_put_from_nlattr(a
[OVS_KEY_ATTR_NSH
], match
,
1637 is_mask
, false, log
) < 0)
1639 attrs
&= ~(1 << OVS_KEY_ATTR_NSH
);
1642 if (attrs
& (1 << OVS_KEY_ATTR_MPLS
)) {
1643 const struct ovs_key_mpls
*mpls_key
;
1645 mpls_key
= nla_data(a
[OVS_KEY_ATTR_MPLS
]);
1646 SW_FLOW_KEY_PUT(match
, mpls
.top_lse
,
1647 mpls_key
->mpls_lse
, is_mask
);
1649 attrs
&= ~(1 << OVS_KEY_ATTR_MPLS
);
1652 if (attrs
& (1 << OVS_KEY_ATTR_TCP
)) {
1653 const struct ovs_key_tcp
*tcp_key
;
1655 tcp_key
= nla_data(a
[OVS_KEY_ATTR_TCP
]);
1656 SW_FLOW_KEY_PUT(match
, tp
.src
, tcp_key
->tcp_src
, is_mask
);
1657 SW_FLOW_KEY_PUT(match
, tp
.dst
, tcp_key
->tcp_dst
, is_mask
);
1658 attrs
&= ~(1 << OVS_KEY_ATTR_TCP
);
1661 if (attrs
& (1 << OVS_KEY_ATTR_TCP_FLAGS
)) {
1662 SW_FLOW_KEY_PUT(match
, tp
.flags
,
1663 nla_get_be16(a
[OVS_KEY_ATTR_TCP_FLAGS
]),
1665 attrs
&= ~(1 << OVS_KEY_ATTR_TCP_FLAGS
);
1668 if (attrs
& (1 << OVS_KEY_ATTR_UDP
)) {
1669 const struct ovs_key_udp
*udp_key
;
1671 udp_key
= nla_data(a
[OVS_KEY_ATTR_UDP
]);
1672 SW_FLOW_KEY_PUT(match
, tp
.src
, udp_key
->udp_src
, is_mask
);
1673 SW_FLOW_KEY_PUT(match
, tp
.dst
, udp_key
->udp_dst
, is_mask
);
1674 attrs
&= ~(1 << OVS_KEY_ATTR_UDP
);
1677 if (attrs
& (1 << OVS_KEY_ATTR_SCTP
)) {
1678 const struct ovs_key_sctp
*sctp_key
;
1680 sctp_key
= nla_data(a
[OVS_KEY_ATTR_SCTP
]);
1681 SW_FLOW_KEY_PUT(match
, tp
.src
, sctp_key
->sctp_src
, is_mask
);
1682 SW_FLOW_KEY_PUT(match
, tp
.dst
, sctp_key
->sctp_dst
, is_mask
);
1683 attrs
&= ~(1 << OVS_KEY_ATTR_SCTP
);
1686 if (attrs
& (1 << OVS_KEY_ATTR_ICMP
)) {
1687 const struct ovs_key_icmp
*icmp_key
;
1689 icmp_key
= nla_data(a
[OVS_KEY_ATTR_ICMP
]);
1690 SW_FLOW_KEY_PUT(match
, tp
.src
,
1691 htons(icmp_key
->icmp_type
), is_mask
);
1692 SW_FLOW_KEY_PUT(match
, tp
.dst
,
1693 htons(icmp_key
->icmp_code
), is_mask
);
1694 attrs
&= ~(1 << OVS_KEY_ATTR_ICMP
);
1697 if (attrs
& (1 << OVS_KEY_ATTR_ICMPV6
)) {
1698 const struct ovs_key_icmpv6
*icmpv6_key
;
1700 icmpv6_key
= nla_data(a
[OVS_KEY_ATTR_ICMPV6
]);
1701 SW_FLOW_KEY_PUT(match
, tp
.src
,
1702 htons(icmpv6_key
->icmpv6_type
), is_mask
);
1703 SW_FLOW_KEY_PUT(match
, tp
.dst
,
1704 htons(icmpv6_key
->icmpv6_code
), is_mask
);
1705 attrs
&= ~(1 << OVS_KEY_ATTR_ICMPV6
);
1708 if (attrs
& (1 << OVS_KEY_ATTR_ND
)) {
1709 const struct ovs_key_nd
*nd_key
;
1711 nd_key
= nla_data(a
[OVS_KEY_ATTR_ND
]);
1712 SW_FLOW_KEY_MEMCPY(match
, ipv6
.nd
.target
,
1714 sizeof(match
->key
->ipv6
.nd
.target
),
1716 SW_FLOW_KEY_MEMCPY(match
, ipv6
.nd
.sll
,
1717 nd_key
->nd_sll
, ETH_ALEN
, is_mask
);
1718 SW_FLOW_KEY_MEMCPY(match
, ipv6
.nd
.tll
,
1719 nd_key
->nd_tll
, ETH_ALEN
, is_mask
);
1720 attrs
&= ~(1 << OVS_KEY_ATTR_ND
);
1724 OVS_NLERR(log
, "Unknown key attributes %llx",
1725 (unsigned long long)attrs
);
1732 static void nlattr_set(struct nlattr
*attr
, u8 val
,
1733 const struct ovs_len_tbl
*tbl
)
1738 /* The nlattr stream should already have been validated */
1739 nla_for_each_nested(nla
, attr
, rem
) {
1740 if (tbl
[nla_type(nla
)].len
== OVS_ATTR_NESTED
)
1741 nlattr_set(nla
, val
, tbl
[nla_type(nla
)].next
? : tbl
);
1743 memset(nla_data(nla
), val
, nla_len(nla
));
1745 if (nla_type(nla
) == OVS_KEY_ATTR_CT_STATE
)
1746 *(u32
*)nla_data(nla
) &= CT_SUPPORTED_MASK
;
1750 static void mask_set_nlattr(struct nlattr
*attr
, u8 val
)
1752 nlattr_set(attr
, val
, ovs_key_lens
);
1756 * ovs_nla_get_match - parses Netlink attributes into a flow key and
1757 * mask. In case the 'mask' is NULL, the flow is treated as exact match
1758 * flow. Otherwise, it is treated as a wildcarded flow, except the mask
1759 * does not include any don't care bit.
1760 * @net: Used to determine per-namespace field support.
1761 * @match: receives the extracted flow match information.
1762 * @key: Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink attribute
1763 * sequence. The fields should of the packet that triggered the creation
1765 * @mask: Optional. Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink
1766 * attribute specifies the mask field of the wildcarded flow.
1767 * @log: Boolean to allow kernel error logging. Normally true, but when
1768 * probing for feature compatibility this should be passed in as false to
1769 * suppress unnecessary error logging.
1771 int ovs_nla_get_match(struct net
*net
, struct sw_flow_match
*match
,
1772 const struct nlattr
*nla_key
,
1773 const struct nlattr
*nla_mask
,
1776 const struct nlattr
*a
[OVS_KEY_ATTR_MAX
+ 1];
1777 struct nlattr
*newmask
= NULL
;
1782 err
= parse_flow_nlattrs(nla_key
, a
, &key_attrs
, log
);
1786 err
= parse_vlan_from_nlattrs(match
, &key_attrs
, a
, false, log
);
1790 err
= ovs_key_from_nlattrs(net
, match
, key_attrs
, a
, false, log
);
1796 /* Create an exact match mask. We need to set to 0xff
1797 * all the 'match->mask' fields that have been touched
1798 * in 'match->key'. We cannot simply memset
1799 * 'match->mask', because padding bytes and fields not
1800 * specified in 'match->key' should be left to 0.
1801 * Instead, we use a stream of netlink attributes,
1802 * copied from 'key' and set to 0xff.
1803 * ovs_key_from_nlattrs() will take care of filling
1804 * 'match->mask' appropriately.
1806 newmask
= kmemdup(nla_key
,
1807 nla_total_size(nla_len(nla_key
)),
1812 mask_set_nlattr(newmask
, 0xff);
1814 /* The userspace does not send tunnel attributes that
1815 * are 0, but we should not wildcard them nonetheless.
1817 if (match
->key
->tun_proto
)
1818 SW_FLOW_KEY_MEMSET_FIELD(match
, tun_key
,
1824 err
= parse_flow_mask_nlattrs(nla_mask
, a
, &mask_attrs
, log
);
1828 /* Always match on tci. */
1829 SW_FLOW_KEY_PUT(match
, eth
.vlan
.tci
, htons(0xffff), true);
1830 SW_FLOW_KEY_PUT(match
, eth
.cvlan
.tci
, htons(0xffff), true);
1832 err
= parse_vlan_from_nlattrs(match
, &mask_attrs
, a
, true, log
);
1836 err
= ovs_key_from_nlattrs(net
, match
, mask_attrs
, a
, true,
1842 if (!match_validate(match
, key_attrs
, mask_attrs
, log
))
1850 static size_t get_ufid_len(const struct nlattr
*attr
, bool log
)
1857 len
= nla_len(attr
);
1858 if (len
< 1 || len
> MAX_UFID_LENGTH
) {
1859 OVS_NLERR(log
, "ufid size %u bytes exceeds the range (1, %d)",
1860 nla_len(attr
), MAX_UFID_LENGTH
);
1867 /* Initializes 'flow->ufid', returning true if 'attr' contains a valid UFID,
1868 * or false otherwise.
1870 bool ovs_nla_get_ufid(struct sw_flow_id
*sfid
, const struct nlattr
*attr
,
1873 sfid
->ufid_len
= get_ufid_len(attr
, log
);
1875 memcpy(sfid
->ufid
, nla_data(attr
), sfid
->ufid_len
);
1877 return sfid
->ufid_len
;
1880 int ovs_nla_get_identifier(struct sw_flow_id
*sfid
, const struct nlattr
*ufid
,
1881 const struct sw_flow_key
*key
, bool log
)
1883 struct sw_flow_key
*new_key
;
1885 if (ovs_nla_get_ufid(sfid
, ufid
, log
))
1888 /* If UFID was not provided, use unmasked key. */
1889 new_key
= kmalloc(sizeof(*new_key
), GFP_KERNEL
);
1892 memcpy(new_key
, key
, sizeof(*key
));
1893 sfid
->unmasked_key
= new_key
;
1898 u32
ovs_nla_get_ufid_flags(const struct nlattr
*attr
)
1900 return attr
? nla_get_u32(attr
) : 0;
1904 * ovs_nla_get_flow_metadata - parses Netlink attributes into a flow key.
1905 * @net: Network namespace.
1906 * @key: Receives extracted in_port, priority, tun_key, skb_mark and conntrack
1908 * @a: Array of netlink attributes holding parsed %OVS_KEY_ATTR_* Netlink
1910 * @attrs: Bit mask for the netlink attributes included in @a.
1911 * @log: Boolean to allow kernel error logging. Normally true, but when
1912 * probing for feature compatibility this should be passed in as false to
1913 * suppress unnecessary error logging.
1915 * This parses a series of Netlink attributes that form a flow key, which must
1916 * take the same form accepted by flow_from_nlattrs(), but only enough of it to
1917 * get the metadata, that is, the parts of the flow key that cannot be
1918 * extracted from the packet itself.
1920 * This must be called before the packet key fields are filled in 'key'.
1923 int ovs_nla_get_flow_metadata(struct net
*net
,
1924 const struct nlattr
*a
[OVS_KEY_ATTR_MAX
+ 1],
1925 u64 attrs
, struct sw_flow_key
*key
, bool log
)
1927 struct sw_flow_match match
;
1929 memset(&match
, 0, sizeof(match
));
1934 key
->ct_orig_proto
= 0;
1935 memset(&key
->ct
, 0, sizeof(key
->ct
));
1936 memset(&key
->ipv4
.ct_orig
, 0, sizeof(key
->ipv4
.ct_orig
));
1937 memset(&key
->ipv6
.ct_orig
, 0, sizeof(key
->ipv6
.ct_orig
));
1939 key
->phy
.in_port
= DP_MAX_PORTS
;
1941 return metadata_from_nlattrs(net
, &match
, &attrs
, a
, false, log
);
1944 static int ovs_nla_put_vlan(struct sk_buff
*skb
, const struct vlan_head
*vh
,
1947 __be16 eth_type
= !is_mask
? vh
->tpid
: htons(0xffff);
1949 if (nla_put_be16(skb
, OVS_KEY_ATTR_ETHERTYPE
, eth_type
) ||
1950 nla_put_be16(skb
, OVS_KEY_ATTR_VLAN
, vh
->tci
))
1955 static int nsh_key_to_nlattr(const struct ovs_key_nsh
*nsh
, bool is_mask
,
1956 struct sk_buff
*skb
)
1958 struct nlattr
*start
;
1960 start
= nla_nest_start_noflag(skb
, OVS_KEY_ATTR_NSH
);
1964 if (nla_put(skb
, OVS_NSH_KEY_ATTR_BASE
, sizeof(nsh
->base
), &nsh
->base
))
1965 goto nla_put_failure
;
1967 if (is_mask
|| nsh
->base
.mdtype
== NSH_M_TYPE1
) {
1968 if (nla_put(skb
, OVS_NSH_KEY_ATTR_MD1
,
1969 sizeof(nsh
->context
), nsh
->context
))
1970 goto nla_put_failure
;
1973 /* Don't support MD type 2 yet */
1975 nla_nest_end(skb
, start
);
1983 static int __ovs_nla_put_key(const struct sw_flow_key
*swkey
,
1984 const struct sw_flow_key
*output
, bool is_mask
,
1985 struct sk_buff
*skb
)
1987 struct ovs_key_ethernet
*eth_key
;
1989 struct nlattr
*encap
= NULL
;
1990 struct nlattr
*in_encap
= NULL
;
1992 if (nla_put_u32(skb
, OVS_KEY_ATTR_RECIRC_ID
, output
->recirc_id
))
1993 goto nla_put_failure
;
1995 if (nla_put_u32(skb
, OVS_KEY_ATTR_DP_HASH
, output
->ovs_flow_hash
))
1996 goto nla_put_failure
;
1998 if (nla_put_u32(skb
, OVS_KEY_ATTR_PRIORITY
, output
->phy
.priority
))
1999 goto nla_put_failure
;
2001 if ((swkey
->tun_proto
|| is_mask
)) {
2002 const void *opts
= NULL
;
2004 if (output
->tun_key
.tun_flags
& TUNNEL_OPTIONS_PRESENT
)
2005 opts
= TUN_METADATA_OPTS(output
, swkey
->tun_opts_len
);
2007 if (ip_tun_to_nlattr(skb
, &output
->tun_key
, opts
,
2008 swkey
->tun_opts_len
, swkey
->tun_proto
, 0))
2009 goto nla_put_failure
;
2012 if (swkey
->phy
.in_port
== DP_MAX_PORTS
) {
2013 if (is_mask
&& (output
->phy
.in_port
== 0xffff))
2014 if (nla_put_u32(skb
, OVS_KEY_ATTR_IN_PORT
, 0xffffffff))
2015 goto nla_put_failure
;
2018 upper_u16
= !is_mask
? 0 : 0xffff;
2020 if (nla_put_u32(skb
, OVS_KEY_ATTR_IN_PORT
,
2021 (upper_u16
<< 16) | output
->phy
.in_port
))
2022 goto nla_put_failure
;
2025 if (nla_put_u32(skb
, OVS_KEY_ATTR_SKB_MARK
, output
->phy
.skb_mark
))
2026 goto nla_put_failure
;
2028 if (ovs_ct_put_key(swkey
, output
, skb
))
2029 goto nla_put_failure
;
2031 if (ovs_key_mac_proto(swkey
) == MAC_PROTO_ETHERNET
) {
2032 nla
= nla_reserve(skb
, OVS_KEY_ATTR_ETHERNET
, sizeof(*eth_key
));
2034 goto nla_put_failure
;
2036 eth_key
= nla_data(nla
);
2037 ether_addr_copy(eth_key
->eth_src
, output
->eth
.src
);
2038 ether_addr_copy(eth_key
->eth_dst
, output
->eth
.dst
);
2040 if (swkey
->eth
.vlan
.tci
|| eth_type_vlan(swkey
->eth
.type
)) {
2041 if (ovs_nla_put_vlan(skb
, &output
->eth
.vlan
, is_mask
))
2042 goto nla_put_failure
;
2043 encap
= nla_nest_start_noflag(skb
, OVS_KEY_ATTR_ENCAP
);
2044 if (!swkey
->eth
.vlan
.tci
)
2047 if (swkey
->eth
.cvlan
.tci
|| eth_type_vlan(swkey
->eth
.type
)) {
2048 if (ovs_nla_put_vlan(skb
, &output
->eth
.cvlan
, is_mask
))
2049 goto nla_put_failure
;
2050 in_encap
= nla_nest_start_noflag(skb
,
2051 OVS_KEY_ATTR_ENCAP
);
2052 if (!swkey
->eth
.cvlan
.tci
)
2057 if (swkey
->eth
.type
== htons(ETH_P_802_2
)) {
2059 * Ethertype 802.2 is represented in the netlink with omitted
2060 * OVS_KEY_ATTR_ETHERTYPE in the flow key attribute, and
2061 * 0xffff in the mask attribute. Ethertype can also
2064 if (is_mask
&& output
->eth
.type
)
2065 if (nla_put_be16(skb
, OVS_KEY_ATTR_ETHERTYPE
,
2067 goto nla_put_failure
;
2072 if (nla_put_be16(skb
, OVS_KEY_ATTR_ETHERTYPE
, output
->eth
.type
))
2073 goto nla_put_failure
;
2075 if (eth_type_vlan(swkey
->eth
.type
)) {
2076 /* There are 3 VLAN tags, we don't know anything about the rest
2077 * of the packet, so truncate here.
2079 WARN_ON_ONCE(!(encap
&& in_encap
));
2083 if (swkey
->eth
.type
== htons(ETH_P_IP
)) {
2084 struct ovs_key_ipv4
*ipv4_key
;
2086 nla
= nla_reserve(skb
, OVS_KEY_ATTR_IPV4
, sizeof(*ipv4_key
));
2088 goto nla_put_failure
;
2089 ipv4_key
= nla_data(nla
);
2090 ipv4_key
->ipv4_src
= output
->ipv4
.addr
.src
;
2091 ipv4_key
->ipv4_dst
= output
->ipv4
.addr
.dst
;
2092 ipv4_key
->ipv4_proto
= output
->ip
.proto
;
2093 ipv4_key
->ipv4_tos
= output
->ip
.tos
;
2094 ipv4_key
->ipv4_ttl
= output
->ip
.ttl
;
2095 ipv4_key
->ipv4_frag
= output
->ip
.frag
;
2096 } else if (swkey
->eth
.type
== htons(ETH_P_IPV6
)) {
2097 struct ovs_key_ipv6
*ipv6_key
;
2099 nla
= nla_reserve(skb
, OVS_KEY_ATTR_IPV6
, sizeof(*ipv6_key
));
2101 goto nla_put_failure
;
2102 ipv6_key
= nla_data(nla
);
2103 memcpy(ipv6_key
->ipv6_src
, &output
->ipv6
.addr
.src
,
2104 sizeof(ipv6_key
->ipv6_src
));
2105 memcpy(ipv6_key
->ipv6_dst
, &output
->ipv6
.addr
.dst
,
2106 sizeof(ipv6_key
->ipv6_dst
));
2107 ipv6_key
->ipv6_label
= output
->ipv6
.label
;
2108 ipv6_key
->ipv6_proto
= output
->ip
.proto
;
2109 ipv6_key
->ipv6_tclass
= output
->ip
.tos
;
2110 ipv6_key
->ipv6_hlimit
= output
->ip
.ttl
;
2111 ipv6_key
->ipv6_frag
= output
->ip
.frag
;
2112 } else if (swkey
->eth
.type
== htons(ETH_P_NSH
)) {
2113 if (nsh_key_to_nlattr(&output
->nsh
, is_mask
, skb
))
2114 goto nla_put_failure
;
2115 } else if (swkey
->eth
.type
== htons(ETH_P_ARP
) ||
2116 swkey
->eth
.type
== htons(ETH_P_RARP
)) {
2117 struct ovs_key_arp
*arp_key
;
2119 nla
= nla_reserve(skb
, OVS_KEY_ATTR_ARP
, sizeof(*arp_key
));
2121 goto nla_put_failure
;
2122 arp_key
= nla_data(nla
);
2123 memset(arp_key
, 0, sizeof(struct ovs_key_arp
));
2124 arp_key
->arp_sip
= output
->ipv4
.addr
.src
;
2125 arp_key
->arp_tip
= output
->ipv4
.addr
.dst
;
2126 arp_key
->arp_op
= htons(output
->ip
.proto
);
2127 ether_addr_copy(arp_key
->arp_sha
, output
->ipv4
.arp
.sha
);
2128 ether_addr_copy(arp_key
->arp_tha
, output
->ipv4
.arp
.tha
);
2129 } else if (eth_p_mpls(swkey
->eth
.type
)) {
2130 struct ovs_key_mpls
*mpls_key
;
2132 nla
= nla_reserve(skb
, OVS_KEY_ATTR_MPLS
, sizeof(*mpls_key
));
2134 goto nla_put_failure
;
2135 mpls_key
= nla_data(nla
);
2136 mpls_key
->mpls_lse
= output
->mpls
.top_lse
;
2139 if ((swkey
->eth
.type
== htons(ETH_P_IP
) ||
2140 swkey
->eth
.type
== htons(ETH_P_IPV6
)) &&
2141 swkey
->ip
.frag
!= OVS_FRAG_TYPE_LATER
) {
2143 if (swkey
->ip
.proto
== IPPROTO_TCP
) {
2144 struct ovs_key_tcp
*tcp_key
;
2146 nla
= nla_reserve(skb
, OVS_KEY_ATTR_TCP
, sizeof(*tcp_key
));
2148 goto nla_put_failure
;
2149 tcp_key
= nla_data(nla
);
2150 tcp_key
->tcp_src
= output
->tp
.src
;
2151 tcp_key
->tcp_dst
= output
->tp
.dst
;
2152 if (nla_put_be16(skb
, OVS_KEY_ATTR_TCP_FLAGS
,
2154 goto nla_put_failure
;
2155 } else if (swkey
->ip
.proto
== IPPROTO_UDP
) {
2156 struct ovs_key_udp
*udp_key
;
2158 nla
= nla_reserve(skb
, OVS_KEY_ATTR_UDP
, sizeof(*udp_key
));
2160 goto nla_put_failure
;
2161 udp_key
= nla_data(nla
);
2162 udp_key
->udp_src
= output
->tp
.src
;
2163 udp_key
->udp_dst
= output
->tp
.dst
;
2164 } else if (swkey
->ip
.proto
== IPPROTO_SCTP
) {
2165 struct ovs_key_sctp
*sctp_key
;
2167 nla
= nla_reserve(skb
, OVS_KEY_ATTR_SCTP
, sizeof(*sctp_key
));
2169 goto nla_put_failure
;
2170 sctp_key
= nla_data(nla
);
2171 sctp_key
->sctp_src
= output
->tp
.src
;
2172 sctp_key
->sctp_dst
= output
->tp
.dst
;
2173 } else if (swkey
->eth
.type
== htons(ETH_P_IP
) &&
2174 swkey
->ip
.proto
== IPPROTO_ICMP
) {
2175 struct ovs_key_icmp
*icmp_key
;
2177 nla
= nla_reserve(skb
, OVS_KEY_ATTR_ICMP
, sizeof(*icmp_key
));
2179 goto nla_put_failure
;
2180 icmp_key
= nla_data(nla
);
2181 icmp_key
->icmp_type
= ntohs(output
->tp
.src
);
2182 icmp_key
->icmp_code
= ntohs(output
->tp
.dst
);
2183 } else if (swkey
->eth
.type
== htons(ETH_P_IPV6
) &&
2184 swkey
->ip
.proto
== IPPROTO_ICMPV6
) {
2185 struct ovs_key_icmpv6
*icmpv6_key
;
2187 nla
= nla_reserve(skb
, OVS_KEY_ATTR_ICMPV6
,
2188 sizeof(*icmpv6_key
));
2190 goto nla_put_failure
;
2191 icmpv6_key
= nla_data(nla
);
2192 icmpv6_key
->icmpv6_type
= ntohs(output
->tp
.src
);
2193 icmpv6_key
->icmpv6_code
= ntohs(output
->tp
.dst
);
2195 if (icmpv6_key
->icmpv6_type
== NDISC_NEIGHBOUR_SOLICITATION
||
2196 icmpv6_key
->icmpv6_type
== NDISC_NEIGHBOUR_ADVERTISEMENT
) {
2197 struct ovs_key_nd
*nd_key
;
2199 nla
= nla_reserve(skb
, OVS_KEY_ATTR_ND
, sizeof(*nd_key
));
2201 goto nla_put_failure
;
2202 nd_key
= nla_data(nla
);
2203 memcpy(nd_key
->nd_target
, &output
->ipv6
.nd
.target
,
2204 sizeof(nd_key
->nd_target
));
2205 ether_addr_copy(nd_key
->nd_sll
, output
->ipv6
.nd
.sll
);
2206 ether_addr_copy(nd_key
->nd_tll
, output
->ipv6
.nd
.tll
);
2213 nla_nest_end(skb
, in_encap
);
2215 nla_nest_end(skb
, encap
);
2223 int ovs_nla_put_key(const struct sw_flow_key
*swkey
,
2224 const struct sw_flow_key
*output
, int attr
, bool is_mask
,
2225 struct sk_buff
*skb
)
2230 nla
= nla_nest_start_noflag(skb
, attr
);
2233 err
= __ovs_nla_put_key(swkey
, output
, is_mask
, skb
);
2236 nla_nest_end(skb
, nla
);
2241 /* Called with ovs_mutex or RCU read lock. */
2242 int ovs_nla_put_identifier(const struct sw_flow
*flow
, struct sk_buff
*skb
)
2244 if (ovs_identifier_is_ufid(&flow
->id
))
2245 return nla_put(skb
, OVS_FLOW_ATTR_UFID
, flow
->id
.ufid_len
,
2248 return ovs_nla_put_key(flow
->id
.unmasked_key
, flow
->id
.unmasked_key
,
2249 OVS_FLOW_ATTR_KEY
, false, skb
);
2252 /* Called with ovs_mutex or RCU read lock. */
2253 int ovs_nla_put_masked_key(const struct sw_flow
*flow
, struct sk_buff
*skb
)
2255 return ovs_nla_put_key(&flow
->key
, &flow
->key
,
2256 OVS_FLOW_ATTR_KEY
, false, skb
);
2259 /* Called with ovs_mutex or RCU read lock. */
2260 int ovs_nla_put_mask(const struct sw_flow
*flow
, struct sk_buff
*skb
)
2262 return ovs_nla_put_key(&flow
->key
, &flow
->mask
->key
,
2263 OVS_FLOW_ATTR_MASK
, true, skb
);
2266 #define MAX_ACTIONS_BUFSIZE (32 * 1024)
2268 static struct sw_flow_actions
*nla_alloc_flow_actions(int size
)
2270 struct sw_flow_actions
*sfa
;
2272 WARN_ON_ONCE(size
> MAX_ACTIONS_BUFSIZE
);
2274 sfa
= kmalloc(sizeof(*sfa
) + size
, GFP_KERNEL
);
2276 return ERR_PTR(-ENOMEM
);
2278 sfa
->actions_len
= 0;
2282 static void ovs_nla_free_set_action(const struct nlattr
*a
)
2284 const struct nlattr
*ovs_key
= nla_data(a
);
2285 struct ovs_tunnel_info
*ovs_tun
;
2287 switch (nla_type(ovs_key
)) {
2288 case OVS_KEY_ATTR_TUNNEL_INFO
:
2289 ovs_tun
= nla_data(ovs_key
);
2290 dst_release((struct dst_entry
*)ovs_tun
->tun_dst
);
2295 void ovs_nla_free_flow_actions(struct sw_flow_actions
*sf_acts
)
2297 const struct nlattr
*a
;
2303 nla_for_each_attr(a
, sf_acts
->actions
, sf_acts
->actions_len
, rem
) {
2304 switch (nla_type(a
)) {
2305 case OVS_ACTION_ATTR_SET
:
2306 ovs_nla_free_set_action(a
);
2308 case OVS_ACTION_ATTR_CT
:
2309 ovs_ct_free_action(a
);
2317 static void __ovs_nla_free_flow_actions(struct rcu_head
*head
)
2319 ovs_nla_free_flow_actions(container_of(head
, struct sw_flow_actions
, rcu
));
2322 /* Schedules 'sf_acts' to be freed after the next RCU grace period.
2323 * The caller must hold rcu_read_lock for this to be sensible. */
2324 void ovs_nla_free_flow_actions_rcu(struct sw_flow_actions
*sf_acts
)
2326 call_rcu(&sf_acts
->rcu
, __ovs_nla_free_flow_actions
);
2329 static struct nlattr
*reserve_sfa_size(struct sw_flow_actions
**sfa
,
2330 int attr_len
, bool log
)
2333 struct sw_flow_actions
*acts
;
2335 size_t req_size
= NLA_ALIGN(attr_len
);
2336 int next_offset
= offsetof(struct sw_flow_actions
, actions
) +
2337 (*sfa
)->actions_len
;
2339 if (req_size
<= (ksize(*sfa
) - next_offset
))
2342 new_acts_size
= max(next_offset
+ req_size
, ksize(*sfa
) * 2);
2344 if (new_acts_size
> MAX_ACTIONS_BUFSIZE
) {
2345 if ((MAX_ACTIONS_BUFSIZE
- next_offset
) < req_size
) {
2346 OVS_NLERR(log
, "Flow action size exceeds max %u",
2347 MAX_ACTIONS_BUFSIZE
);
2348 return ERR_PTR(-EMSGSIZE
);
2350 new_acts_size
= MAX_ACTIONS_BUFSIZE
;
2353 acts
= nla_alloc_flow_actions(new_acts_size
);
2355 return (void *)acts
;
2357 memcpy(acts
->actions
, (*sfa
)->actions
, (*sfa
)->actions_len
);
2358 acts
->actions_len
= (*sfa
)->actions_len
;
2359 acts
->orig_len
= (*sfa
)->orig_len
;
2364 (*sfa
)->actions_len
+= req_size
;
2365 return (struct nlattr
*) ((unsigned char *)(*sfa
) + next_offset
);
2368 static struct nlattr
*__add_action(struct sw_flow_actions
**sfa
,
2369 int attrtype
, void *data
, int len
, bool log
)
2373 a
= reserve_sfa_size(sfa
, nla_attr_size(len
), log
);
2377 a
->nla_type
= attrtype
;
2378 a
->nla_len
= nla_attr_size(len
);
2381 memcpy(nla_data(a
), data
, len
);
2382 memset((unsigned char *) a
+ a
->nla_len
, 0, nla_padlen(len
));
2387 int ovs_nla_add_action(struct sw_flow_actions
**sfa
, int attrtype
, void *data
,
2392 a
= __add_action(sfa
, attrtype
, data
, len
, log
);
2394 return PTR_ERR_OR_ZERO(a
);
2397 static inline int add_nested_action_start(struct sw_flow_actions
**sfa
,
2398 int attrtype
, bool log
)
2400 int used
= (*sfa
)->actions_len
;
2403 err
= ovs_nla_add_action(sfa
, attrtype
, NULL
, 0, log
);
2410 static inline void add_nested_action_end(struct sw_flow_actions
*sfa
,
2413 struct nlattr
*a
= (struct nlattr
*) ((unsigned char *)sfa
->actions
+
2416 a
->nla_len
= sfa
->actions_len
- st_offset
;
2419 static int __ovs_nla_copy_actions(struct net
*net
, const struct nlattr
*attr
,
2420 const struct sw_flow_key
*key
,
2421 struct sw_flow_actions
**sfa
,
2422 __be16 eth_type
, __be16 vlan_tci
, bool log
);
2424 static int validate_and_copy_sample(struct net
*net
, const struct nlattr
*attr
,
2425 const struct sw_flow_key
*key
,
2426 struct sw_flow_actions
**sfa
,
2427 __be16 eth_type
, __be16 vlan_tci
,
2428 bool log
, bool last
)
2430 const struct nlattr
*attrs
[OVS_SAMPLE_ATTR_MAX
+ 1];
2431 const struct nlattr
*probability
, *actions
;
2432 const struct nlattr
*a
;
2433 int rem
, start
, err
;
2434 struct sample_arg arg
;
2436 memset(attrs
, 0, sizeof(attrs
));
2437 nla_for_each_nested(a
, attr
, rem
) {
2438 int type
= nla_type(a
);
2439 if (!type
|| type
> OVS_SAMPLE_ATTR_MAX
|| attrs
[type
])
2446 probability
= attrs
[OVS_SAMPLE_ATTR_PROBABILITY
];
2447 if (!probability
|| nla_len(probability
) != sizeof(u32
))
2450 actions
= attrs
[OVS_SAMPLE_ATTR_ACTIONS
];
2451 if (!actions
|| (nla_len(actions
) && nla_len(actions
) < NLA_HDRLEN
))
2454 /* validation done, copy sample action. */
2455 start
= add_nested_action_start(sfa
, OVS_ACTION_ATTR_SAMPLE
, log
);
2459 /* When both skb and flow may be changed, put the sample
2460 * into a deferred fifo. On the other hand, if only skb
2461 * may be modified, the actions can be executed in place.
2463 * Do this analysis at the flow installation time.
2464 * Set 'clone_action->exec' to true if the actions can be
2465 * executed without being deferred.
2467 * If the sample is the last action, it can always be excuted
2468 * rather than deferred.
2470 arg
.exec
= last
|| !actions_may_change_flow(actions
);
2471 arg
.probability
= nla_get_u32(probability
);
2473 err
= ovs_nla_add_action(sfa
, OVS_SAMPLE_ATTR_ARG
, &arg
, sizeof(arg
),
2478 err
= __ovs_nla_copy_actions(net
, actions
, key
, sfa
,
2479 eth_type
, vlan_tci
, log
);
2484 add_nested_action_end(*sfa
, start
);
2489 static int validate_and_copy_clone(struct net
*net
,
2490 const struct nlattr
*attr
,
2491 const struct sw_flow_key
*key
,
2492 struct sw_flow_actions
**sfa
,
2493 __be16 eth_type
, __be16 vlan_tci
,
2494 bool log
, bool last
)
2499 if (nla_len(attr
) && nla_len(attr
) < NLA_HDRLEN
)
2502 start
= add_nested_action_start(sfa
, OVS_ACTION_ATTR_CLONE
, log
);
2506 exec
= last
|| !actions_may_change_flow(attr
);
2508 err
= ovs_nla_add_action(sfa
, OVS_CLONE_ATTR_EXEC
, &exec
,
2513 err
= __ovs_nla_copy_actions(net
, attr
, key
, sfa
,
2514 eth_type
, vlan_tci
, log
);
2518 add_nested_action_end(*sfa
, start
);
2523 void ovs_match_init(struct sw_flow_match
*match
,
2524 struct sw_flow_key
*key
,
2526 struct sw_flow_mask
*mask
)
2528 memset(match
, 0, sizeof(*match
));
2533 memset(key
, 0, sizeof(*key
));
2536 memset(&mask
->key
, 0, sizeof(mask
->key
));
2537 mask
->range
.start
= mask
->range
.end
= 0;
2541 static int validate_geneve_opts(struct sw_flow_key
*key
)
2543 struct geneve_opt
*option
;
2544 int opts_len
= key
->tun_opts_len
;
2545 bool crit_opt
= false;
2547 option
= (struct geneve_opt
*)TUN_METADATA_OPTS(key
, key
->tun_opts_len
);
2548 while (opts_len
> 0) {
2551 if (opts_len
< sizeof(*option
))
2554 len
= sizeof(*option
) + option
->length
* 4;
2558 crit_opt
|= !!(option
->type
& GENEVE_CRIT_OPT_TYPE
);
2560 option
= (struct geneve_opt
*)((u8
*)option
+ len
);
2564 key
->tun_key
.tun_flags
|= crit_opt
? TUNNEL_CRIT_OPT
: 0;
2569 static int validate_and_copy_set_tun(const struct nlattr
*attr
,
2570 struct sw_flow_actions
**sfa
, bool log
)
2572 struct sw_flow_match match
;
2573 struct sw_flow_key key
;
2574 struct metadata_dst
*tun_dst
;
2575 struct ip_tunnel_info
*tun_info
;
2576 struct ovs_tunnel_info
*ovs_tun
;
2578 int err
= 0, start
, opts_type
;
2579 __be16 dst_opt_type
;
2582 ovs_match_init(&match
, &key
, true, NULL
);
2583 opts_type
= ip_tun_from_nlattr(nla_data(attr
), &match
, false, log
);
2587 if (key
.tun_opts_len
) {
2588 switch (opts_type
) {
2589 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS
:
2590 err
= validate_geneve_opts(&key
);
2593 dst_opt_type
= TUNNEL_GENEVE_OPT
;
2595 case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS
:
2596 dst_opt_type
= TUNNEL_VXLAN_OPT
;
2598 case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS
:
2599 dst_opt_type
= TUNNEL_ERSPAN_OPT
;
2604 start
= add_nested_action_start(sfa
, OVS_ACTION_ATTR_SET
, log
);
2608 tun_dst
= metadata_dst_alloc(key
.tun_opts_len
, METADATA_IP_TUNNEL
,
2614 err
= dst_cache_init(&tun_dst
->u
.tun_info
.dst_cache
, GFP_KERNEL
);
2616 dst_release((struct dst_entry
*)tun_dst
);
2620 a
= __add_action(sfa
, OVS_KEY_ATTR_TUNNEL_INFO
, NULL
,
2621 sizeof(*ovs_tun
), log
);
2623 dst_release((struct dst_entry
*)tun_dst
);
2627 ovs_tun
= nla_data(a
);
2628 ovs_tun
->tun_dst
= tun_dst
;
2630 tun_info
= &tun_dst
->u
.tun_info
;
2631 tun_info
->mode
= IP_TUNNEL_INFO_TX
;
2632 if (key
.tun_proto
== AF_INET6
)
2633 tun_info
->mode
|= IP_TUNNEL_INFO_IPV6
;
2634 else if (key
.tun_proto
== AF_INET
&& key
.tun_key
.u
.ipv4
.dst
== 0)
2635 tun_info
->mode
|= IP_TUNNEL_INFO_BRIDGE
;
2636 tun_info
->key
= key
.tun_key
;
2638 /* We need to store the options in the action itself since
2639 * everything else will go away after flow setup. We can append
2640 * it to tun_info and then point there.
2642 ip_tunnel_info_opts_set(tun_info
,
2643 TUN_METADATA_OPTS(&key
, key
.tun_opts_len
),
2644 key
.tun_opts_len
, dst_opt_type
);
2645 add_nested_action_end(*sfa
, start
);
2650 static bool validate_nsh(const struct nlattr
*attr
, bool is_mask
,
2651 bool is_push_nsh
, bool log
)
2653 struct sw_flow_match match
;
2654 struct sw_flow_key key
;
2657 ovs_match_init(&match
, &key
, true, NULL
);
2658 ret
= nsh_key_put_from_nlattr(attr
, &match
, is_mask
,
2663 /* Return false if there are any non-masked bits set.
2664 * Mask follows data immediately, before any netlink padding.
2666 static bool validate_masked(u8
*data
, int len
)
2668 u8
*mask
= data
+ len
;
2671 if (*data
++ & ~*mask
++)
2677 static int validate_set(const struct nlattr
*a
,
2678 const struct sw_flow_key
*flow_key
,
2679 struct sw_flow_actions
**sfa
, bool *skip_copy
,
2680 u8 mac_proto
, __be16 eth_type
, bool masked
, bool log
)
2682 const struct nlattr
*ovs_key
= nla_data(a
);
2683 int key_type
= nla_type(ovs_key
);
2686 /* There can be only one key in a action */
2687 if (nla_total_size(nla_len(ovs_key
)) != nla_len(a
))
2690 key_len
= nla_len(ovs_key
);
2694 if (key_type
> OVS_KEY_ATTR_MAX
||
2695 !check_attr_len(key_len
, ovs_key_lens
[key_type
].len
))
2698 if (masked
&& !validate_masked(nla_data(ovs_key
), key_len
))
2702 const struct ovs_key_ipv4
*ipv4_key
;
2703 const struct ovs_key_ipv6
*ipv6_key
;
2706 case OVS_KEY_ATTR_PRIORITY
:
2707 case OVS_KEY_ATTR_SKB_MARK
:
2708 case OVS_KEY_ATTR_CT_MARK
:
2709 case OVS_KEY_ATTR_CT_LABELS
:
2712 case OVS_KEY_ATTR_ETHERNET
:
2713 if (mac_proto
!= MAC_PROTO_ETHERNET
)
2717 case OVS_KEY_ATTR_TUNNEL
:
2719 return -EINVAL
; /* Masked tunnel set not supported. */
2722 err
= validate_and_copy_set_tun(a
, sfa
, log
);
2727 case OVS_KEY_ATTR_IPV4
:
2728 if (eth_type
!= htons(ETH_P_IP
))
2731 ipv4_key
= nla_data(ovs_key
);
2734 const struct ovs_key_ipv4
*mask
= ipv4_key
+ 1;
2736 /* Non-writeable fields. */
2737 if (mask
->ipv4_proto
|| mask
->ipv4_frag
)
2740 if (ipv4_key
->ipv4_proto
!= flow_key
->ip
.proto
)
2743 if (ipv4_key
->ipv4_frag
!= flow_key
->ip
.frag
)
2748 case OVS_KEY_ATTR_IPV6
:
2749 if (eth_type
!= htons(ETH_P_IPV6
))
2752 ipv6_key
= nla_data(ovs_key
);
2755 const struct ovs_key_ipv6
*mask
= ipv6_key
+ 1;
2757 /* Non-writeable fields. */
2758 if (mask
->ipv6_proto
|| mask
->ipv6_frag
)
2761 /* Invalid bits in the flow label mask? */
2762 if (ntohl(mask
->ipv6_label
) & 0xFFF00000)
2765 if (ipv6_key
->ipv6_proto
!= flow_key
->ip
.proto
)
2768 if (ipv6_key
->ipv6_frag
!= flow_key
->ip
.frag
)
2771 if (ntohl(ipv6_key
->ipv6_label
) & 0xFFF00000)
2776 case OVS_KEY_ATTR_TCP
:
2777 if ((eth_type
!= htons(ETH_P_IP
) &&
2778 eth_type
!= htons(ETH_P_IPV6
)) ||
2779 flow_key
->ip
.proto
!= IPPROTO_TCP
)
2784 case OVS_KEY_ATTR_UDP
:
2785 if ((eth_type
!= htons(ETH_P_IP
) &&
2786 eth_type
!= htons(ETH_P_IPV6
)) ||
2787 flow_key
->ip
.proto
!= IPPROTO_UDP
)
2792 case OVS_KEY_ATTR_MPLS
:
2793 if (!eth_p_mpls(eth_type
))
2797 case OVS_KEY_ATTR_SCTP
:
2798 if ((eth_type
!= htons(ETH_P_IP
) &&
2799 eth_type
!= htons(ETH_P_IPV6
)) ||
2800 flow_key
->ip
.proto
!= IPPROTO_SCTP
)
2805 case OVS_KEY_ATTR_NSH
:
2806 if (eth_type
!= htons(ETH_P_NSH
))
2808 if (!validate_nsh(nla_data(a
), masked
, false, log
))
2816 /* Convert non-masked non-tunnel set actions to masked set actions. */
2817 if (!masked
&& key_type
!= OVS_KEY_ATTR_TUNNEL
) {
2818 int start
, len
= key_len
* 2;
2823 start
= add_nested_action_start(sfa
,
2824 OVS_ACTION_ATTR_SET_TO_MASKED
,
2829 at
= __add_action(sfa
, key_type
, NULL
, len
, log
);
2833 memcpy(nla_data(at
), nla_data(ovs_key
), key_len
); /* Key. */
2834 memset(nla_data(at
) + key_len
, 0xff, key_len
); /* Mask. */
2835 /* Clear non-writeable bits from otherwise writeable fields. */
2836 if (key_type
== OVS_KEY_ATTR_IPV6
) {
2837 struct ovs_key_ipv6
*mask
= nla_data(at
) + key_len
;
2839 mask
->ipv6_label
&= htonl(0x000FFFFF);
2841 add_nested_action_end(*sfa
, start
);
2847 static int validate_userspace(const struct nlattr
*attr
)
2849 static const struct nla_policy userspace_policy
[OVS_USERSPACE_ATTR_MAX
+ 1] = {
2850 [OVS_USERSPACE_ATTR_PID
] = {.type
= NLA_U32
},
2851 [OVS_USERSPACE_ATTR_USERDATA
] = {.type
= NLA_UNSPEC
},
2852 [OVS_USERSPACE_ATTR_EGRESS_TUN_PORT
] = {.type
= NLA_U32
},
2854 struct nlattr
*a
[OVS_USERSPACE_ATTR_MAX
+ 1];
2857 error
= nla_parse_nested_deprecated(a
, OVS_USERSPACE_ATTR_MAX
, attr
,
2858 userspace_policy
, NULL
);
2862 if (!a
[OVS_USERSPACE_ATTR_PID
] ||
2863 !nla_get_u32(a
[OVS_USERSPACE_ATTR_PID
]))
2869 static const struct nla_policy cpl_policy
[OVS_CHECK_PKT_LEN_ATTR_MAX
+ 1] = {
2870 [OVS_CHECK_PKT_LEN_ATTR_PKT_LEN
] = {.type
= NLA_U16
},
2871 [OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER
] = {.type
= NLA_NESTED
},
2872 [OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL
] = {.type
= NLA_NESTED
},
2875 static int validate_and_copy_check_pkt_len(struct net
*net
,
2876 const struct nlattr
*attr
,
2877 const struct sw_flow_key
*key
,
2878 struct sw_flow_actions
**sfa
,
2879 __be16 eth_type
, __be16 vlan_tci
,
2880 bool log
, bool last
)
2882 const struct nlattr
*acts_if_greater
, *acts_if_lesser_eq
;
2883 struct nlattr
*a
[OVS_CHECK_PKT_LEN_ATTR_MAX
+ 1];
2884 struct check_pkt_len_arg arg
;
2885 int nested_acts_start
;
2888 err
= nla_parse_deprecated_strict(a
, OVS_CHECK_PKT_LEN_ATTR_MAX
,
2889 nla_data(attr
), nla_len(attr
),
2894 if (!a
[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN
] ||
2895 !nla_get_u16(a
[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN
]))
2898 acts_if_lesser_eq
= a
[OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL
];
2899 acts_if_greater
= a
[OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER
];
2901 /* Both the nested action should be present. */
2902 if (!acts_if_greater
|| !acts_if_lesser_eq
)
2905 /* validation done, copy the nested actions. */
2906 start
= add_nested_action_start(sfa
, OVS_ACTION_ATTR_CHECK_PKT_LEN
,
2911 arg
.pkt_len
= nla_get_u16(a
[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN
]);
2912 arg
.exec_for_lesser_equal
=
2913 last
|| !actions_may_change_flow(acts_if_lesser_eq
);
2914 arg
.exec_for_greater
=
2915 last
|| !actions_may_change_flow(acts_if_greater
);
2917 err
= ovs_nla_add_action(sfa
, OVS_CHECK_PKT_LEN_ATTR_ARG
, &arg
,
2922 nested_acts_start
= add_nested_action_start(sfa
,
2923 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL
, log
);
2924 if (nested_acts_start
< 0)
2925 return nested_acts_start
;
2927 err
= __ovs_nla_copy_actions(net
, acts_if_lesser_eq
, key
, sfa
,
2928 eth_type
, vlan_tci
, log
);
2933 add_nested_action_end(*sfa
, nested_acts_start
);
2935 nested_acts_start
= add_nested_action_start(sfa
,
2936 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER
, log
);
2937 if (nested_acts_start
< 0)
2938 return nested_acts_start
;
2940 err
= __ovs_nla_copy_actions(net
, acts_if_greater
, key
, sfa
,
2941 eth_type
, vlan_tci
, log
);
2946 add_nested_action_end(*sfa
, nested_acts_start
);
2947 add_nested_action_end(*sfa
, start
);
2951 static int copy_action(const struct nlattr
*from
,
2952 struct sw_flow_actions
**sfa
, bool log
)
2954 int totlen
= NLA_ALIGN(from
->nla_len
);
2957 to
= reserve_sfa_size(sfa
, from
->nla_len
, log
);
2961 memcpy(to
, from
, totlen
);
2965 static int __ovs_nla_copy_actions(struct net
*net
, const struct nlattr
*attr
,
2966 const struct sw_flow_key
*key
,
2967 struct sw_flow_actions
**sfa
,
2968 __be16 eth_type
, __be16 vlan_tci
, bool log
)
2970 u8 mac_proto
= ovs_key_mac_proto(key
);
2971 const struct nlattr
*a
;
2974 nla_for_each_nested(a
, attr
, rem
) {
2975 /* Expected argument lengths, (u32)-1 for variable length. */
2976 static const u32 action_lens
[OVS_ACTION_ATTR_MAX
+ 1] = {
2977 [OVS_ACTION_ATTR_OUTPUT
] = sizeof(u32
),
2978 [OVS_ACTION_ATTR_RECIRC
] = sizeof(u32
),
2979 [OVS_ACTION_ATTR_USERSPACE
] = (u32
)-1,
2980 [OVS_ACTION_ATTR_PUSH_MPLS
] = sizeof(struct ovs_action_push_mpls
),
2981 [OVS_ACTION_ATTR_POP_MPLS
] = sizeof(__be16
),
2982 [OVS_ACTION_ATTR_PUSH_VLAN
] = sizeof(struct ovs_action_push_vlan
),
2983 [OVS_ACTION_ATTR_POP_VLAN
] = 0,
2984 [OVS_ACTION_ATTR_SET
] = (u32
)-1,
2985 [OVS_ACTION_ATTR_SET_MASKED
] = (u32
)-1,
2986 [OVS_ACTION_ATTR_SAMPLE
] = (u32
)-1,
2987 [OVS_ACTION_ATTR_HASH
] = sizeof(struct ovs_action_hash
),
2988 [OVS_ACTION_ATTR_CT
] = (u32
)-1,
2989 [OVS_ACTION_ATTR_CT_CLEAR
] = 0,
2990 [OVS_ACTION_ATTR_TRUNC
] = sizeof(struct ovs_action_trunc
),
2991 [OVS_ACTION_ATTR_PUSH_ETH
] = sizeof(struct ovs_action_push_eth
),
2992 [OVS_ACTION_ATTR_POP_ETH
] = 0,
2993 [OVS_ACTION_ATTR_PUSH_NSH
] = (u32
)-1,
2994 [OVS_ACTION_ATTR_POP_NSH
] = 0,
2995 [OVS_ACTION_ATTR_METER
] = sizeof(u32
),
2996 [OVS_ACTION_ATTR_CLONE
] = (u32
)-1,
2997 [OVS_ACTION_ATTR_CHECK_PKT_LEN
] = (u32
)-1,
2999 const struct ovs_action_push_vlan
*vlan
;
3000 int type
= nla_type(a
);
3003 if (type
> OVS_ACTION_ATTR_MAX
||
3004 (action_lens
[type
] != nla_len(a
) &&
3005 action_lens
[type
] != (u32
)-1))
3010 case OVS_ACTION_ATTR_UNSPEC
:
3013 case OVS_ACTION_ATTR_USERSPACE
:
3014 err
= validate_userspace(a
);
3019 case OVS_ACTION_ATTR_OUTPUT
:
3020 if (nla_get_u32(a
) >= DP_MAX_PORTS
)
3024 case OVS_ACTION_ATTR_TRUNC
: {
3025 const struct ovs_action_trunc
*trunc
= nla_data(a
);
3027 if (trunc
->max_len
< ETH_HLEN
)
3032 case OVS_ACTION_ATTR_HASH
: {
3033 const struct ovs_action_hash
*act_hash
= nla_data(a
);
3035 switch (act_hash
->hash_alg
) {
3036 case OVS_HASH_ALG_L4
:
3045 case OVS_ACTION_ATTR_POP_VLAN
:
3046 if (mac_proto
!= MAC_PROTO_ETHERNET
)
3048 vlan_tci
= htons(0);
3051 case OVS_ACTION_ATTR_PUSH_VLAN
:
3052 if (mac_proto
!= MAC_PROTO_ETHERNET
)
3055 if (!eth_type_vlan(vlan
->vlan_tpid
))
3057 if (!(vlan
->vlan_tci
& htons(VLAN_CFI_MASK
)))
3059 vlan_tci
= vlan
->vlan_tci
;
3062 case OVS_ACTION_ATTR_RECIRC
:
3065 case OVS_ACTION_ATTR_PUSH_MPLS
: {
3066 const struct ovs_action_push_mpls
*mpls
= nla_data(a
);
3068 if (!eth_p_mpls(mpls
->mpls_ethertype
))
3070 /* Prohibit push MPLS other than to a white list
3071 * for packets that have a known tag order.
3073 if (vlan_tci
& htons(VLAN_CFI_MASK
) ||
3074 (eth_type
!= htons(ETH_P_IP
) &&
3075 eth_type
!= htons(ETH_P_IPV6
) &&
3076 eth_type
!= htons(ETH_P_ARP
) &&
3077 eth_type
!= htons(ETH_P_RARP
) &&
3078 !eth_p_mpls(eth_type
)))
3080 eth_type
= mpls
->mpls_ethertype
;
3084 case OVS_ACTION_ATTR_POP_MPLS
:
3085 if (vlan_tci
& htons(VLAN_CFI_MASK
) ||
3086 !eth_p_mpls(eth_type
))
3089 /* Disallow subsequent L2.5+ set and mpls_pop actions
3090 * as there is no check here to ensure that the new
3091 * eth_type is valid and thus set actions could
3092 * write off the end of the packet or otherwise
3095 * Support for these actions is planned using packet
3098 eth_type
= htons(0);
3101 case OVS_ACTION_ATTR_SET
:
3102 err
= validate_set(a
, key
, sfa
,
3103 &skip_copy
, mac_proto
, eth_type
,
3109 case OVS_ACTION_ATTR_SET_MASKED
:
3110 err
= validate_set(a
, key
, sfa
,
3111 &skip_copy
, mac_proto
, eth_type
,
3117 case OVS_ACTION_ATTR_SAMPLE
: {
3118 bool last
= nla_is_last(a
, rem
);
3120 err
= validate_and_copy_sample(net
, a
, key
, sfa
,
3129 case OVS_ACTION_ATTR_CT
:
3130 err
= ovs_ct_copy_action(net
, a
, key
, sfa
, log
);
3136 case OVS_ACTION_ATTR_CT_CLEAR
:
3139 case OVS_ACTION_ATTR_PUSH_ETH
:
3140 /* Disallow pushing an Ethernet header if one
3141 * is already present */
3142 if (mac_proto
!= MAC_PROTO_NONE
)
3144 mac_proto
= MAC_PROTO_ETHERNET
;
3147 case OVS_ACTION_ATTR_POP_ETH
:
3148 if (mac_proto
!= MAC_PROTO_ETHERNET
)
3150 if (vlan_tci
& htons(VLAN_CFI_MASK
))
3152 mac_proto
= MAC_PROTO_NONE
;
3155 case OVS_ACTION_ATTR_PUSH_NSH
:
3156 if (mac_proto
!= MAC_PROTO_ETHERNET
) {
3159 next_proto
= tun_p_from_eth_p(eth_type
);
3163 mac_proto
= MAC_PROTO_NONE
;
3164 if (!validate_nsh(nla_data(a
), false, true, true))
3168 case OVS_ACTION_ATTR_POP_NSH
: {
3171 if (eth_type
!= htons(ETH_P_NSH
))
3173 inner_proto
= tun_p_to_eth_p(key
->nsh
.base
.np
);
3176 if (key
->nsh
.base
.np
== TUN_P_ETHERNET
)
3177 mac_proto
= MAC_PROTO_ETHERNET
;
3179 mac_proto
= MAC_PROTO_NONE
;
3183 case OVS_ACTION_ATTR_METER
:
3184 /* Non-existent meters are simply ignored. */
3187 case OVS_ACTION_ATTR_CLONE
: {
3188 bool last
= nla_is_last(a
, rem
);
3190 err
= validate_and_copy_clone(net
, a
, key
, sfa
,
3199 case OVS_ACTION_ATTR_CHECK_PKT_LEN
: {
3200 bool last
= nla_is_last(a
, rem
);
3202 err
= validate_and_copy_check_pkt_len(net
, a
, key
, sfa
,
3213 OVS_NLERR(log
, "Unknown Action type %d", type
);
3217 err
= copy_action(a
, sfa
, log
);
3229 /* 'key' must be the masked key. */
3230 int ovs_nla_copy_actions(struct net
*net
, const struct nlattr
*attr
,
3231 const struct sw_flow_key
*key
,
3232 struct sw_flow_actions
**sfa
, bool log
)
3236 *sfa
= nla_alloc_flow_actions(min(nla_len(attr
), MAX_ACTIONS_BUFSIZE
));
3238 return PTR_ERR(*sfa
);
3240 (*sfa
)->orig_len
= nla_len(attr
);
3241 err
= __ovs_nla_copy_actions(net
, attr
, key
, sfa
, key
->eth
.type
,
3242 key
->eth
.vlan
.tci
, log
);
3244 ovs_nla_free_flow_actions(*sfa
);
3249 static int sample_action_to_attr(const struct nlattr
*attr
,
3250 struct sk_buff
*skb
)
3252 struct nlattr
*start
, *ac_start
= NULL
, *sample_arg
;
3253 int err
= 0, rem
= nla_len(attr
);
3254 const struct sample_arg
*arg
;
3255 struct nlattr
*actions
;
3257 start
= nla_nest_start_noflag(skb
, OVS_ACTION_ATTR_SAMPLE
);
3261 sample_arg
= nla_data(attr
);
3262 arg
= nla_data(sample_arg
);
3263 actions
= nla_next(sample_arg
, &rem
);
3265 if (nla_put_u32(skb
, OVS_SAMPLE_ATTR_PROBABILITY
, arg
->probability
)) {
3270 ac_start
= nla_nest_start_noflag(skb
, OVS_SAMPLE_ATTR_ACTIONS
);
3276 err
= ovs_nla_put_actions(actions
, rem
, skb
);
3280 nla_nest_cancel(skb
, ac_start
);
3281 nla_nest_cancel(skb
, start
);
3283 nla_nest_end(skb
, ac_start
);
3284 nla_nest_end(skb
, start
);
3290 static int clone_action_to_attr(const struct nlattr
*attr
,
3291 struct sk_buff
*skb
)
3293 struct nlattr
*start
;
3294 int err
= 0, rem
= nla_len(attr
);
3296 start
= nla_nest_start_noflag(skb
, OVS_ACTION_ATTR_CLONE
);
3300 err
= ovs_nla_put_actions(nla_data(attr
), rem
, skb
);
3303 nla_nest_cancel(skb
, start
);
3305 nla_nest_end(skb
, start
);
3310 static int check_pkt_len_action_to_attr(const struct nlattr
*attr
,
3311 struct sk_buff
*skb
)
3313 struct nlattr
*start
, *ac_start
= NULL
;
3314 const struct check_pkt_len_arg
*arg
;
3315 const struct nlattr
*a
, *cpl_arg
;
3316 int err
= 0, rem
= nla_len(attr
);
3318 start
= nla_nest_start_noflag(skb
, OVS_ACTION_ATTR_CHECK_PKT_LEN
);
3322 /* The first nested attribute in 'attr' is always
3323 * 'OVS_CHECK_PKT_LEN_ATTR_ARG'.
3325 cpl_arg
= nla_data(attr
);
3326 arg
= nla_data(cpl_arg
);
3328 if (nla_put_u16(skb
, OVS_CHECK_PKT_LEN_ATTR_PKT_LEN
, arg
->pkt_len
)) {
3333 /* Second nested attribute in 'attr' is always
3334 * 'OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL'.
3336 a
= nla_next(cpl_arg
, &rem
);
3337 ac_start
= nla_nest_start_noflag(skb
,
3338 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL
);
3344 err
= ovs_nla_put_actions(nla_data(a
), nla_len(a
), skb
);
3346 nla_nest_cancel(skb
, ac_start
);
3349 nla_nest_end(skb
, ac_start
);
3352 /* Third nested attribute in 'attr' is always
3353 * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER.
3355 a
= nla_next(a
, &rem
);
3356 ac_start
= nla_nest_start_noflag(skb
,
3357 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER
);
3363 err
= ovs_nla_put_actions(nla_data(a
), nla_len(a
), skb
);
3365 nla_nest_cancel(skb
, ac_start
);
3368 nla_nest_end(skb
, ac_start
);
3371 nla_nest_end(skb
, start
);
3375 nla_nest_cancel(skb
, start
);
3379 static int set_action_to_attr(const struct nlattr
*a
, struct sk_buff
*skb
)
3381 const struct nlattr
*ovs_key
= nla_data(a
);
3382 int key_type
= nla_type(ovs_key
);
3383 struct nlattr
*start
;
3387 case OVS_KEY_ATTR_TUNNEL_INFO
: {
3388 struct ovs_tunnel_info
*ovs_tun
= nla_data(ovs_key
);
3389 struct ip_tunnel_info
*tun_info
= &ovs_tun
->tun_dst
->u
.tun_info
;
3391 start
= nla_nest_start_noflag(skb
, OVS_ACTION_ATTR_SET
);
3395 err
= ip_tun_to_nlattr(skb
, &tun_info
->key
,
3396 ip_tunnel_info_opts(tun_info
),
3397 tun_info
->options_len
,
3398 ip_tunnel_info_af(tun_info
), tun_info
->mode
);
3401 nla_nest_end(skb
, start
);
3405 if (nla_put(skb
, OVS_ACTION_ATTR_SET
, nla_len(a
), ovs_key
))
3413 static int masked_set_action_to_set_action_attr(const struct nlattr
*a
,
3414 struct sk_buff
*skb
)
3416 const struct nlattr
*ovs_key
= nla_data(a
);
3418 size_t key_len
= nla_len(ovs_key
) / 2;
3420 /* Revert the conversion we did from a non-masked set action to
3421 * masked set action.
3423 nla
= nla_nest_start_noflag(skb
, OVS_ACTION_ATTR_SET
);
3427 if (nla_put(skb
, nla_type(ovs_key
), key_len
, nla_data(ovs_key
)))
3430 nla_nest_end(skb
, nla
);
3434 int ovs_nla_put_actions(const struct nlattr
*attr
, int len
, struct sk_buff
*skb
)
3436 const struct nlattr
*a
;
3439 nla_for_each_attr(a
, attr
, len
, rem
) {
3440 int type
= nla_type(a
);
3443 case OVS_ACTION_ATTR_SET
:
3444 err
= set_action_to_attr(a
, skb
);
3449 case OVS_ACTION_ATTR_SET_TO_MASKED
:
3450 err
= masked_set_action_to_set_action_attr(a
, skb
);
3455 case OVS_ACTION_ATTR_SAMPLE
:
3456 err
= sample_action_to_attr(a
, skb
);
3461 case OVS_ACTION_ATTR_CT
:
3462 err
= ovs_ct_action_to_attr(nla_data(a
), skb
);
3467 case OVS_ACTION_ATTR_CLONE
:
3468 err
= clone_action_to_attr(a
, skb
);
3473 case OVS_ACTION_ATTR_CHECK_PKT_LEN
:
3474 err
= check_pkt_len_action_to_attr(a
, skb
);
3480 if (nla_put(skb
, type
, nla_len(a
), nla_data(a
)))