1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright (c) 2007-2017 Nicira, Inc.
6 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10 #include <linux/uaccess.h>
11 #include <linux/netdevice.h>
12 #include <linux/etherdevice.h>
13 #include <linux/if_ether.h>
14 #include <linux/if_vlan.h>
15 #include <net/llc_pdu.h>
16 #include <linux/kernel.h>
17 #include <linux/jhash.h>
18 #include <linux/jiffies.h>
19 #include <linux/llc.h>
20 #include <linux/module.h>
22 #include <linux/rcupdate.h>
23 #include <linux/if_arp.h>
25 #include <linux/ipv6.h>
26 #include <linux/sctp.h>
27 #include <linux/tcp.h>
28 #include <linux/udp.h>
29 #include <linux/icmp.h>
30 #include <linux/icmpv6.h>
31 #include <linux/rculist.h>
32 #include <net/geneve.h>
35 #include <net/ndisc.h>
37 #include <net/vxlan.h>
38 #include <net/tun_proto.h>
39 #include <net/erspan.h>
42 #include "flow_netlink.h"
46 const struct ovs_len_tbl *next;
49 #define OVS_ATTR_NESTED -1
50 #define OVS_ATTR_VARIABLE -2
52 static bool actions_may_change_flow(const struct nlattr *actions)
57 nla_for_each_nested(nla, actions, rem) {
58 u16 action = nla_type(nla);
61 case OVS_ACTION_ATTR_OUTPUT:
62 case OVS_ACTION_ATTR_RECIRC:
63 case OVS_ACTION_ATTR_TRUNC:
64 case OVS_ACTION_ATTR_USERSPACE:
65 case OVS_ACTION_ATTR_DROP:
68 case OVS_ACTION_ATTR_CT:
69 case OVS_ACTION_ATTR_CT_CLEAR:
70 case OVS_ACTION_ATTR_HASH:
71 case OVS_ACTION_ATTR_POP_ETH:
72 case OVS_ACTION_ATTR_POP_MPLS:
73 case OVS_ACTION_ATTR_POP_NSH:
74 case OVS_ACTION_ATTR_POP_VLAN:
75 case OVS_ACTION_ATTR_PUSH_ETH:
76 case OVS_ACTION_ATTR_PUSH_MPLS:
77 case OVS_ACTION_ATTR_PUSH_NSH:
78 case OVS_ACTION_ATTR_PUSH_VLAN:
79 case OVS_ACTION_ATTR_SAMPLE:
80 case OVS_ACTION_ATTR_SET:
81 case OVS_ACTION_ATTR_SET_MASKED:
82 case OVS_ACTION_ATTR_METER:
83 case OVS_ACTION_ATTR_CHECK_PKT_LEN:
84 case OVS_ACTION_ATTR_ADD_MPLS:
85 case OVS_ACTION_ATTR_DEC_TTL:
93 static void update_range(struct sw_flow_match *match,
94 size_t offset, size_t size, bool is_mask)
96 struct sw_flow_key_range *range;
97 size_t start = rounddown(offset, sizeof(long));
98 size_t end = roundup(offset + size, sizeof(long));
101 range = &match->range;
103 range = &match->mask->range;
105 if (range->start == range->end) {
106 range->start = start;
111 if (range->start > start)
112 range->start = start;
114 if (range->end < end)
118 #define SW_FLOW_KEY_PUT(match, field, value, is_mask) \
120 update_range(match, offsetof(struct sw_flow_key, field), \
121 sizeof((match)->key->field), is_mask); \
123 (match)->mask->key.field = value; \
125 (match)->key->field = value; \
128 #define SW_FLOW_KEY_MEMCPY_OFFSET(match, offset, value_p, len, is_mask) \
130 update_range(match, offset, len, is_mask); \
132 memcpy((u8 *)&(match)->mask->key + offset, value_p, \
135 memcpy((u8 *)(match)->key + offset, value_p, len); \
138 #define SW_FLOW_KEY_MEMCPY(match, field, value_p, len, is_mask) \
139 SW_FLOW_KEY_MEMCPY_OFFSET(match, offsetof(struct sw_flow_key, field), \
140 value_p, len, is_mask)
142 #define SW_FLOW_KEY_MEMSET_FIELD(match, field, value, is_mask) \
144 update_range(match, offsetof(struct sw_flow_key, field), \
145 sizeof((match)->key->field), is_mask); \
147 memset((u8 *)&(match)->mask->key.field, value, \
148 sizeof((match)->mask->key.field)); \
150 memset((u8 *)&(match)->key->field, value, \
151 sizeof((match)->key->field)); \
154 static bool match_validate(const struct sw_flow_match *match,
155 u64 key_attrs, u64 mask_attrs, bool log)
157 u64 key_expected = 0;
158 u64 mask_allowed = key_attrs; /* At most allow all key attributes */
160 /* The following mask attributes allowed only if they
161 * pass the validation tests. */
162 mask_allowed &= ~((1 << OVS_KEY_ATTR_IPV4)
163 | (1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4)
164 | (1 << OVS_KEY_ATTR_IPV6)
165 | (1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6)
166 | (1 << OVS_KEY_ATTR_TCP)
167 | (1 << OVS_KEY_ATTR_TCP_FLAGS)
168 | (1 << OVS_KEY_ATTR_UDP)
169 | (1 << OVS_KEY_ATTR_SCTP)
170 | (1 << OVS_KEY_ATTR_ICMP)
171 | (1 << OVS_KEY_ATTR_ICMPV6)
172 | (1 << OVS_KEY_ATTR_ARP)
173 | (1 << OVS_KEY_ATTR_ND)
174 | (1 << OVS_KEY_ATTR_MPLS)
175 | (1 << OVS_KEY_ATTR_NSH));
177 /* Always allowed mask fields. */
178 mask_allowed |= ((1 << OVS_KEY_ATTR_TUNNEL)
179 | (1 << OVS_KEY_ATTR_IN_PORT)
180 | (1 << OVS_KEY_ATTR_ETHERTYPE));
182 /* Check key attributes. */
183 if (match->key->eth.type == htons(ETH_P_ARP)
184 || match->key->eth.type == htons(ETH_P_RARP)) {
185 key_expected |= 1 << OVS_KEY_ATTR_ARP;
186 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
187 mask_allowed |= 1 << OVS_KEY_ATTR_ARP;
190 if (eth_p_mpls(match->key->eth.type)) {
191 key_expected |= 1 << OVS_KEY_ATTR_MPLS;
192 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
193 mask_allowed |= 1 << OVS_KEY_ATTR_MPLS;
196 if (match->key->eth.type == htons(ETH_P_IP)) {
197 key_expected |= 1 << OVS_KEY_ATTR_IPV4;
198 if (match->mask && match->mask->key.eth.type == htons(0xffff)) {
199 mask_allowed |= 1 << OVS_KEY_ATTR_IPV4;
200 mask_allowed |= 1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4;
203 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) {
204 if (match->key->ip.proto == IPPROTO_UDP) {
205 key_expected |= 1 << OVS_KEY_ATTR_UDP;
206 if (match->mask && (match->mask->key.ip.proto == 0xff))
207 mask_allowed |= 1 << OVS_KEY_ATTR_UDP;
210 if (match->key->ip.proto == IPPROTO_SCTP) {
211 key_expected |= 1 << OVS_KEY_ATTR_SCTP;
212 if (match->mask && (match->mask->key.ip.proto == 0xff))
213 mask_allowed |= 1 << OVS_KEY_ATTR_SCTP;
216 if (match->key->ip.proto == IPPROTO_TCP) {
217 key_expected |= 1 << OVS_KEY_ATTR_TCP;
218 key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
219 if (match->mask && (match->mask->key.ip.proto == 0xff)) {
220 mask_allowed |= 1 << OVS_KEY_ATTR_TCP;
221 mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
225 if (match->key->ip.proto == IPPROTO_ICMP) {
226 key_expected |= 1 << OVS_KEY_ATTR_ICMP;
227 if (match->mask && (match->mask->key.ip.proto == 0xff))
228 mask_allowed |= 1 << OVS_KEY_ATTR_ICMP;
233 if (match->key->eth.type == htons(ETH_P_IPV6)) {
234 key_expected |= 1 << OVS_KEY_ATTR_IPV6;
235 if (match->mask && match->mask->key.eth.type == htons(0xffff)) {
236 mask_allowed |= 1 << OVS_KEY_ATTR_IPV6;
237 mask_allowed |= 1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6;
240 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) {
241 if (match->key->ip.proto == IPPROTO_UDP) {
242 key_expected |= 1 << OVS_KEY_ATTR_UDP;
243 if (match->mask && (match->mask->key.ip.proto == 0xff))
244 mask_allowed |= 1 << OVS_KEY_ATTR_UDP;
247 if (match->key->ip.proto == IPPROTO_SCTP) {
248 key_expected |= 1 << OVS_KEY_ATTR_SCTP;
249 if (match->mask && (match->mask->key.ip.proto == 0xff))
250 mask_allowed |= 1 << OVS_KEY_ATTR_SCTP;
253 if (match->key->ip.proto == IPPROTO_TCP) {
254 key_expected |= 1 << OVS_KEY_ATTR_TCP;
255 key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
256 if (match->mask && (match->mask->key.ip.proto == 0xff)) {
257 mask_allowed |= 1 << OVS_KEY_ATTR_TCP;
258 mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
262 if (match->key->ip.proto == IPPROTO_ICMPV6) {
263 key_expected |= 1 << OVS_KEY_ATTR_ICMPV6;
264 if (match->mask && (match->mask->key.ip.proto == 0xff))
265 mask_allowed |= 1 << OVS_KEY_ATTR_ICMPV6;
267 if (match->key->tp.src ==
268 htons(NDISC_NEIGHBOUR_SOLICITATION) ||
269 match->key->tp.src == htons(NDISC_NEIGHBOUR_ADVERTISEMENT)) {
270 key_expected |= 1 << OVS_KEY_ATTR_ND;
271 /* Original direction conntrack tuple
272 * uses the same space as the ND fields
273 * in the key, so both are not allowed
276 mask_allowed &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6);
277 if (match->mask && (match->mask->key.tp.src == htons(0xff)))
278 mask_allowed |= 1 << OVS_KEY_ATTR_ND;
284 if (match->key->eth.type == htons(ETH_P_NSH)) {
285 key_expected |= 1 << OVS_KEY_ATTR_NSH;
287 match->mask->key.eth.type == htons(0xffff)) {
288 mask_allowed |= 1 << OVS_KEY_ATTR_NSH;
292 if ((key_attrs & key_expected) != key_expected) {
293 /* Key attributes check failed. */
294 OVS_NLERR(log, "Missing key (keys=%llx, expected=%llx)",
295 (unsigned long long)key_attrs,
296 (unsigned long long)key_expected);
300 if ((mask_attrs & mask_allowed) != mask_attrs) {
301 /* Mask attributes check failed. */
302 OVS_NLERR(log, "Unexpected mask (mask=%llx, allowed=%llx)",
303 (unsigned long long)mask_attrs,
304 (unsigned long long)mask_allowed);
311 size_t ovs_tun_key_attr_size(void)
313 /* Whenever adding new OVS_TUNNEL_KEY_ FIELDS, we should consider
314 * updating this function.
316 return nla_total_size_64bit(8) /* OVS_TUNNEL_KEY_ATTR_ID */
317 + nla_total_size(16) /* OVS_TUNNEL_KEY_ATTR_IPV[46]_SRC */
318 + nla_total_size(16) /* OVS_TUNNEL_KEY_ATTR_IPV[46]_DST */
319 + nla_total_size(1) /* OVS_TUNNEL_KEY_ATTR_TOS */
320 + nla_total_size(1) /* OVS_TUNNEL_KEY_ATTR_TTL */
321 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT */
322 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_CSUM */
323 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_OAM */
324 + nla_total_size(256) /* OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS */
325 /* OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS and
326 * OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS is mutually exclusive with
327 * OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS and covered by it.
329 + nla_total_size(2) /* OVS_TUNNEL_KEY_ATTR_TP_SRC */
330 + nla_total_size(2); /* OVS_TUNNEL_KEY_ATTR_TP_DST */
333 static size_t ovs_nsh_key_attr_size(void)
335 /* Whenever adding new OVS_NSH_KEY_ FIELDS, we should consider
336 * updating this function.
338 return nla_total_size(NSH_BASE_HDR_LEN) /* OVS_NSH_KEY_ATTR_BASE */
339 /* OVS_NSH_KEY_ATTR_MD1 and OVS_NSH_KEY_ATTR_MD2 are
340 * mutually exclusive, so the bigger one can cover
343 + nla_total_size(NSH_CTX_HDRS_MAX_LEN);
346 size_t ovs_key_attr_size(void)
348 /* Whenever adding new OVS_KEY_ FIELDS, we should consider
349 * updating this function.
351 BUILD_BUG_ON(OVS_KEY_ATTR_MAX != 32);
353 return nla_total_size(4) /* OVS_KEY_ATTR_PRIORITY */
354 + nla_total_size(0) /* OVS_KEY_ATTR_TUNNEL */
355 + ovs_tun_key_attr_size()
356 + nla_total_size(4) /* OVS_KEY_ATTR_IN_PORT */
357 + nla_total_size(4) /* OVS_KEY_ATTR_SKB_MARK */
358 + nla_total_size(4) /* OVS_KEY_ATTR_DP_HASH */
359 + nla_total_size(4) /* OVS_KEY_ATTR_RECIRC_ID */
360 + nla_total_size(4) /* OVS_KEY_ATTR_CT_STATE */
361 + nla_total_size(2) /* OVS_KEY_ATTR_CT_ZONE */
362 + nla_total_size(4) /* OVS_KEY_ATTR_CT_MARK */
363 + nla_total_size(16) /* OVS_KEY_ATTR_CT_LABELS */
364 + nla_total_size(40) /* OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6 */
365 + nla_total_size(0) /* OVS_KEY_ATTR_NSH */
366 + ovs_nsh_key_attr_size()
367 + nla_total_size(12) /* OVS_KEY_ATTR_ETHERNET */
368 + nla_total_size(2) /* OVS_KEY_ATTR_ETHERTYPE */
369 + nla_total_size(4) /* OVS_KEY_ATTR_VLAN */
370 + nla_total_size(0) /* OVS_KEY_ATTR_ENCAP */
371 + nla_total_size(2) /* OVS_KEY_ATTR_ETHERTYPE */
372 + nla_total_size(40) /* OVS_KEY_ATTR_IPV6 */
373 + nla_total_size(2) /* OVS_KEY_ATTR_ICMPV6 */
374 + nla_total_size(28) /* OVS_KEY_ATTR_ND */
375 + nla_total_size(2); /* OVS_KEY_ATTR_IPV6_EXTHDRS */
378 static const struct ovs_len_tbl ovs_vxlan_ext_key_lens[OVS_VXLAN_EXT_MAX + 1] = {
379 [OVS_VXLAN_EXT_GBP] = { .len = sizeof(u32) },
382 static const struct ovs_len_tbl ovs_tunnel_key_lens[OVS_TUNNEL_KEY_ATTR_MAX + 1] = {
383 [OVS_TUNNEL_KEY_ATTR_ID] = { .len = sizeof(u64) },
384 [OVS_TUNNEL_KEY_ATTR_IPV4_SRC] = { .len = sizeof(u32) },
385 [OVS_TUNNEL_KEY_ATTR_IPV4_DST] = { .len = sizeof(u32) },
386 [OVS_TUNNEL_KEY_ATTR_TOS] = { .len = 1 },
387 [OVS_TUNNEL_KEY_ATTR_TTL] = { .len = 1 },
388 [OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT] = { .len = 0 },
389 [OVS_TUNNEL_KEY_ATTR_CSUM] = { .len = 0 },
390 [OVS_TUNNEL_KEY_ATTR_TP_SRC] = { .len = sizeof(u16) },
391 [OVS_TUNNEL_KEY_ATTR_TP_DST] = { .len = sizeof(u16) },
392 [OVS_TUNNEL_KEY_ATTR_OAM] = { .len = 0 },
393 [OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS] = { .len = OVS_ATTR_VARIABLE },
394 [OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS] = { .len = OVS_ATTR_NESTED,
395 .next = ovs_vxlan_ext_key_lens },
396 [OVS_TUNNEL_KEY_ATTR_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
397 [OVS_TUNNEL_KEY_ATTR_IPV6_DST] = { .len = sizeof(struct in6_addr) },
398 [OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS] = { .len = OVS_ATTR_VARIABLE },
399 [OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE] = { .len = 0 },
402 static const struct ovs_len_tbl
403 ovs_nsh_key_attr_lens[OVS_NSH_KEY_ATTR_MAX + 1] = {
404 [OVS_NSH_KEY_ATTR_BASE] = { .len = sizeof(struct ovs_nsh_key_base) },
405 [OVS_NSH_KEY_ATTR_MD1] = { .len = sizeof(struct ovs_nsh_key_md1) },
406 [OVS_NSH_KEY_ATTR_MD2] = { .len = OVS_ATTR_VARIABLE },
409 /* The size of the argument for each %OVS_KEY_ATTR_* Netlink attribute. */
410 static const struct ovs_len_tbl ovs_key_lens[OVS_KEY_ATTR_MAX + 1] = {
411 [OVS_KEY_ATTR_ENCAP] = { .len = OVS_ATTR_NESTED },
412 [OVS_KEY_ATTR_PRIORITY] = { .len = sizeof(u32) },
413 [OVS_KEY_ATTR_IN_PORT] = { .len = sizeof(u32) },
414 [OVS_KEY_ATTR_SKB_MARK] = { .len = sizeof(u32) },
415 [OVS_KEY_ATTR_ETHERNET] = { .len = sizeof(struct ovs_key_ethernet) },
416 [OVS_KEY_ATTR_VLAN] = { .len = sizeof(__be16) },
417 [OVS_KEY_ATTR_ETHERTYPE] = { .len = sizeof(__be16) },
418 [OVS_KEY_ATTR_IPV4] = { .len = sizeof(struct ovs_key_ipv4) },
419 [OVS_KEY_ATTR_IPV6] = { .len = sizeof(struct ovs_key_ipv6) },
420 [OVS_KEY_ATTR_TCP] = { .len = sizeof(struct ovs_key_tcp) },
421 [OVS_KEY_ATTR_TCP_FLAGS] = { .len = sizeof(__be16) },
422 [OVS_KEY_ATTR_UDP] = { .len = sizeof(struct ovs_key_udp) },
423 [OVS_KEY_ATTR_SCTP] = { .len = sizeof(struct ovs_key_sctp) },
424 [OVS_KEY_ATTR_ICMP] = { .len = sizeof(struct ovs_key_icmp) },
425 [OVS_KEY_ATTR_ICMPV6] = { .len = sizeof(struct ovs_key_icmpv6) },
426 [OVS_KEY_ATTR_ARP] = { .len = sizeof(struct ovs_key_arp) },
427 [OVS_KEY_ATTR_ND] = { .len = sizeof(struct ovs_key_nd) },
428 [OVS_KEY_ATTR_RECIRC_ID] = { .len = sizeof(u32) },
429 [OVS_KEY_ATTR_DP_HASH] = { .len = sizeof(u32) },
430 [OVS_KEY_ATTR_TUNNEL] = { .len = OVS_ATTR_NESTED,
431 .next = ovs_tunnel_key_lens, },
432 [OVS_KEY_ATTR_MPLS] = { .len = OVS_ATTR_VARIABLE },
433 [OVS_KEY_ATTR_CT_STATE] = { .len = sizeof(u32) },
434 [OVS_KEY_ATTR_CT_ZONE] = { .len = sizeof(u16) },
435 [OVS_KEY_ATTR_CT_MARK] = { .len = sizeof(u32) },
436 [OVS_KEY_ATTR_CT_LABELS] = { .len = sizeof(struct ovs_key_ct_labels) },
437 [OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4] = {
438 .len = sizeof(struct ovs_key_ct_tuple_ipv4) },
439 [OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6] = {
440 .len = sizeof(struct ovs_key_ct_tuple_ipv6) },
441 [OVS_KEY_ATTR_NSH] = { .len = OVS_ATTR_NESTED,
442 .next = ovs_nsh_key_attr_lens, },
443 [OVS_KEY_ATTR_IPV6_EXTHDRS] = {
444 .len = sizeof(struct ovs_key_ipv6_exthdrs) },
447 static bool check_attr_len(unsigned int attr_len, unsigned int expected_len)
449 return expected_len == attr_len ||
450 expected_len == OVS_ATTR_NESTED ||
451 expected_len == OVS_ATTR_VARIABLE;
454 static bool is_all_zero(const u8 *fp, size_t size)
461 for (i = 0; i < size; i++)
468 static int __parse_flow_nlattrs(const struct nlattr *attr,
469 const struct nlattr *a[],
470 u64 *attrsp, bool log, bool nz)
472 const struct nlattr *nla;
477 nla_for_each_nested(nla, attr, rem) {
478 u16 type = nla_type(nla);
481 if (type > OVS_KEY_ATTR_MAX) {
482 OVS_NLERR(log, "Key type %d is out of range max %d",
483 type, OVS_KEY_ATTR_MAX);
487 if (type == OVS_KEY_ATTR_PACKET_TYPE ||
488 type == OVS_KEY_ATTR_ND_EXTENSIONS ||
489 type == OVS_KEY_ATTR_TUNNEL_INFO) {
490 OVS_NLERR(log, "Key type %d is not supported", type);
494 if (attrs & (1ULL << type)) {
495 OVS_NLERR(log, "Duplicate key (type %d).", type);
499 expected_len = ovs_key_lens[type].len;
500 if (!check_attr_len(nla_len(nla), expected_len)) {
501 OVS_NLERR(log, "Key %d has unexpected len %d expected %d",
502 type, nla_len(nla), expected_len);
506 if (!nz || !is_all_zero(nla_data(nla), nla_len(nla))) {
507 attrs |= 1ULL << type;
512 OVS_NLERR(log, "Message has %d unknown bytes.", rem);
520 static int parse_flow_mask_nlattrs(const struct nlattr *attr,
521 const struct nlattr *a[], u64 *attrsp,
524 return __parse_flow_nlattrs(attr, a, attrsp, log, true);
527 int parse_flow_nlattrs(const struct nlattr *attr, const struct nlattr *a[],
528 u64 *attrsp, bool log)
530 return __parse_flow_nlattrs(attr, a, attrsp, log, false);
533 static int genev_tun_opt_from_nlattr(const struct nlattr *a,
534 struct sw_flow_match *match, bool is_mask,
537 unsigned long opt_key_offset;
539 if (nla_len(a) > sizeof(match->key->tun_opts)) {
540 OVS_NLERR(log, "Geneve option length err (len %d, max %zu).",
541 nla_len(a), sizeof(match->key->tun_opts));
545 if (nla_len(a) % 4 != 0) {
546 OVS_NLERR(log, "Geneve opt len %d is not a multiple of 4.",
551 /* We need to record the length of the options passed
552 * down, otherwise packets with the same format but
553 * additional options will be silently matched.
556 SW_FLOW_KEY_PUT(match, tun_opts_len, nla_len(a),
559 /* This is somewhat unusual because it looks at
560 * both the key and mask while parsing the
561 * attributes (and by extension assumes the key
562 * is parsed first). Normally, we would verify
563 * that each is the correct length and that the
564 * attributes line up in the validate function.
565 * However, that is difficult because this is
566 * variable length and we won't have the
569 if (match->key->tun_opts_len != nla_len(a)) {
570 OVS_NLERR(log, "Geneve option len %d != mask len %d",
571 match->key->tun_opts_len, nla_len(a));
575 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true);
578 opt_key_offset = TUN_METADATA_OFFSET(nla_len(a));
579 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, nla_data(a),
580 nla_len(a), is_mask);
584 static int vxlan_tun_opt_from_nlattr(const struct nlattr *attr,
585 struct sw_flow_match *match, bool is_mask,
590 unsigned long opt_key_offset;
591 struct vxlan_metadata opts;
593 BUILD_BUG_ON(sizeof(opts) > sizeof(match->key->tun_opts));
595 memset(&opts, 0, sizeof(opts));
596 nla_for_each_nested(a, attr, rem) {
597 int type = nla_type(a);
599 if (type > OVS_VXLAN_EXT_MAX) {
600 OVS_NLERR(log, "VXLAN extension %d out of range max %d",
601 type, OVS_VXLAN_EXT_MAX);
605 if (!check_attr_len(nla_len(a),
606 ovs_vxlan_ext_key_lens[type].len)) {
607 OVS_NLERR(log, "VXLAN extension %d has unexpected len %d expected %d",
609 ovs_vxlan_ext_key_lens[type].len);
614 case OVS_VXLAN_EXT_GBP:
615 opts.gbp = nla_get_u32(a);
618 OVS_NLERR(log, "Unknown VXLAN extension attribute %d",
624 OVS_NLERR(log, "VXLAN extension message has %d unknown bytes.",
630 SW_FLOW_KEY_PUT(match, tun_opts_len, sizeof(opts), false);
632 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true);
634 opt_key_offset = TUN_METADATA_OFFSET(sizeof(opts));
635 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, &opts, sizeof(opts),
640 static int erspan_tun_opt_from_nlattr(const struct nlattr *a,
641 struct sw_flow_match *match, bool is_mask,
644 unsigned long opt_key_offset;
646 BUILD_BUG_ON(sizeof(struct erspan_metadata) >
647 sizeof(match->key->tun_opts));
649 if (nla_len(a) > sizeof(match->key->tun_opts)) {
650 OVS_NLERR(log, "ERSPAN option length err (len %d, max %zu).",
651 nla_len(a), sizeof(match->key->tun_opts));
656 SW_FLOW_KEY_PUT(match, tun_opts_len,
657 sizeof(struct erspan_metadata), false);
659 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true);
661 opt_key_offset = TUN_METADATA_OFFSET(nla_len(a));
662 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, nla_data(a),
663 nla_len(a), is_mask);
667 static int ip_tun_from_nlattr(const struct nlattr *attr,
668 struct sw_flow_match *match, bool is_mask,
671 bool ttl = false, ipv4 = false, ipv6 = false;
672 bool info_bridge_mode = false;
673 __be16 tun_flags = 0;
678 nla_for_each_nested(a, attr, rem) {
679 int type = nla_type(a);
682 if (type > OVS_TUNNEL_KEY_ATTR_MAX) {
683 OVS_NLERR(log, "Tunnel attr %d out of range max %d",
684 type, OVS_TUNNEL_KEY_ATTR_MAX);
688 if (!check_attr_len(nla_len(a),
689 ovs_tunnel_key_lens[type].len)) {
690 OVS_NLERR(log, "Tunnel attr %d has unexpected len %d expected %d",
691 type, nla_len(a), ovs_tunnel_key_lens[type].len);
696 case OVS_TUNNEL_KEY_ATTR_ID:
697 SW_FLOW_KEY_PUT(match, tun_key.tun_id,
698 nla_get_be64(a), is_mask);
699 tun_flags |= TUNNEL_KEY;
701 case OVS_TUNNEL_KEY_ATTR_IPV4_SRC:
702 SW_FLOW_KEY_PUT(match, tun_key.u.ipv4.src,
703 nla_get_in_addr(a), is_mask);
706 case OVS_TUNNEL_KEY_ATTR_IPV4_DST:
707 SW_FLOW_KEY_PUT(match, tun_key.u.ipv4.dst,
708 nla_get_in_addr(a), is_mask);
711 case OVS_TUNNEL_KEY_ATTR_IPV6_SRC:
712 SW_FLOW_KEY_PUT(match, tun_key.u.ipv6.src,
713 nla_get_in6_addr(a), is_mask);
716 case OVS_TUNNEL_KEY_ATTR_IPV6_DST:
717 SW_FLOW_KEY_PUT(match, tun_key.u.ipv6.dst,
718 nla_get_in6_addr(a), is_mask);
721 case OVS_TUNNEL_KEY_ATTR_TOS:
722 SW_FLOW_KEY_PUT(match, tun_key.tos,
723 nla_get_u8(a), is_mask);
725 case OVS_TUNNEL_KEY_ATTR_TTL:
726 SW_FLOW_KEY_PUT(match, tun_key.ttl,
727 nla_get_u8(a), is_mask);
730 case OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT:
731 tun_flags |= TUNNEL_DONT_FRAGMENT;
733 case OVS_TUNNEL_KEY_ATTR_CSUM:
734 tun_flags |= TUNNEL_CSUM;
736 case OVS_TUNNEL_KEY_ATTR_TP_SRC:
737 SW_FLOW_KEY_PUT(match, tun_key.tp_src,
738 nla_get_be16(a), is_mask);
740 case OVS_TUNNEL_KEY_ATTR_TP_DST:
741 SW_FLOW_KEY_PUT(match, tun_key.tp_dst,
742 nla_get_be16(a), is_mask);
744 case OVS_TUNNEL_KEY_ATTR_OAM:
745 tun_flags |= TUNNEL_OAM;
747 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS:
749 OVS_NLERR(log, "Multiple metadata blocks provided");
753 err = genev_tun_opt_from_nlattr(a, match, is_mask, log);
757 tun_flags |= TUNNEL_GENEVE_OPT;
760 case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS:
762 OVS_NLERR(log, "Multiple metadata blocks provided");
766 err = vxlan_tun_opt_from_nlattr(a, match, is_mask, log);
770 tun_flags |= TUNNEL_VXLAN_OPT;
773 case OVS_TUNNEL_KEY_ATTR_PAD:
775 case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS:
777 OVS_NLERR(log, "Multiple metadata blocks provided");
781 err = erspan_tun_opt_from_nlattr(a, match, is_mask,
786 tun_flags |= TUNNEL_ERSPAN_OPT;
789 case OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE:
790 info_bridge_mode = true;
794 OVS_NLERR(log, "Unknown IP tunnel attribute %d",
800 SW_FLOW_KEY_PUT(match, tun_key.tun_flags, tun_flags, is_mask);
802 SW_FLOW_KEY_MEMSET_FIELD(match, tun_proto, 0xff, true);
804 SW_FLOW_KEY_PUT(match, tun_proto, ipv6 ? AF_INET6 : AF_INET,
808 OVS_NLERR(log, "IP tunnel attribute has %d unknown bytes.",
814 OVS_NLERR(log, "Mixed IPv4 and IPv6 tunnel attributes");
819 if (!ipv4 && !ipv6) {
820 OVS_NLERR(log, "IP tunnel dst address not specified");
824 if (info_bridge_mode) {
825 if (match->key->tun_key.u.ipv4.src ||
826 match->key->tun_key.u.ipv4.dst ||
827 match->key->tun_key.tp_src ||
828 match->key->tun_key.tp_dst ||
829 match->key->tun_key.ttl ||
830 match->key->tun_key.tos ||
831 tun_flags & ~TUNNEL_KEY) {
832 OVS_NLERR(log, "IPv4 tun info is not correct");
835 } else if (!match->key->tun_key.u.ipv4.dst) {
836 OVS_NLERR(log, "IPv4 tunnel dst address is zero");
840 if (ipv6 && ipv6_addr_any(&match->key->tun_key.u.ipv6.dst)) {
841 OVS_NLERR(log, "IPv6 tunnel dst address is zero");
845 if (!ttl && !info_bridge_mode) {
846 OVS_NLERR(log, "IP tunnel TTL not specified.");
854 static int vxlan_opt_to_nlattr(struct sk_buff *skb,
855 const void *tun_opts, int swkey_tun_opts_len)
857 const struct vxlan_metadata *opts = tun_opts;
860 nla = nla_nest_start_noflag(skb, OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS);
864 if (nla_put_u32(skb, OVS_VXLAN_EXT_GBP, opts->gbp) < 0)
867 nla_nest_end(skb, nla);
871 static int __ip_tun_to_nlattr(struct sk_buff *skb,
872 const struct ip_tunnel_key *output,
873 const void *tun_opts, int swkey_tun_opts_len,
874 unsigned short tun_proto, u8 mode)
876 if (output->tun_flags & TUNNEL_KEY &&
877 nla_put_be64(skb, OVS_TUNNEL_KEY_ATTR_ID, output->tun_id,
878 OVS_TUNNEL_KEY_ATTR_PAD))
881 if (mode & IP_TUNNEL_INFO_BRIDGE)
882 return nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE)
887 if (output->u.ipv4.src &&
888 nla_put_in_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV4_SRC,
891 if (output->u.ipv4.dst &&
892 nla_put_in_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV4_DST,
897 if (!ipv6_addr_any(&output->u.ipv6.src) &&
898 nla_put_in6_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV6_SRC,
899 &output->u.ipv6.src))
901 if (!ipv6_addr_any(&output->u.ipv6.dst) &&
902 nla_put_in6_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV6_DST,
903 &output->u.ipv6.dst))
908 nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TOS, output->tos))
910 if (nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TTL, output->ttl))
912 if ((output->tun_flags & TUNNEL_DONT_FRAGMENT) &&
913 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT))
915 if ((output->tun_flags & TUNNEL_CSUM) &&
916 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_CSUM))
918 if (output->tp_src &&
919 nla_put_be16(skb, OVS_TUNNEL_KEY_ATTR_TP_SRC, output->tp_src))
921 if (output->tp_dst &&
922 nla_put_be16(skb, OVS_TUNNEL_KEY_ATTR_TP_DST, output->tp_dst))
924 if ((output->tun_flags & TUNNEL_OAM) &&
925 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_OAM))
927 if (swkey_tun_opts_len) {
928 if (output->tun_flags & TUNNEL_GENEVE_OPT &&
929 nla_put(skb, OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS,
930 swkey_tun_opts_len, tun_opts))
932 else if (output->tun_flags & TUNNEL_VXLAN_OPT &&
933 vxlan_opt_to_nlattr(skb, tun_opts, swkey_tun_opts_len))
935 else if (output->tun_flags & TUNNEL_ERSPAN_OPT &&
936 nla_put(skb, OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS,
937 swkey_tun_opts_len, tun_opts))
944 static int ip_tun_to_nlattr(struct sk_buff *skb,
945 const struct ip_tunnel_key *output,
946 const void *tun_opts, int swkey_tun_opts_len,
947 unsigned short tun_proto, u8 mode)
952 nla = nla_nest_start_noflag(skb, OVS_KEY_ATTR_TUNNEL);
956 err = __ip_tun_to_nlattr(skb, output, tun_opts, swkey_tun_opts_len,
961 nla_nest_end(skb, nla);
965 int ovs_nla_put_tunnel_info(struct sk_buff *skb,
966 struct ip_tunnel_info *tun_info)
968 return __ip_tun_to_nlattr(skb, &tun_info->key,
969 ip_tunnel_info_opts(tun_info),
970 tun_info->options_len,
971 ip_tunnel_info_af(tun_info), tun_info->mode);
974 static int encode_vlan_from_nlattrs(struct sw_flow_match *match,
975 const struct nlattr *a[],
976 bool is_mask, bool inner)
981 if (a[OVS_KEY_ATTR_VLAN])
982 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
984 if (a[OVS_KEY_ATTR_ETHERTYPE])
985 tpid = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
987 if (likely(!inner)) {
988 SW_FLOW_KEY_PUT(match, eth.vlan.tpid, tpid, is_mask);
989 SW_FLOW_KEY_PUT(match, eth.vlan.tci, tci, is_mask);
991 SW_FLOW_KEY_PUT(match, eth.cvlan.tpid, tpid, is_mask);
992 SW_FLOW_KEY_PUT(match, eth.cvlan.tci, tci, is_mask);
997 static int validate_vlan_from_nlattrs(const struct sw_flow_match *match,
998 u64 key_attrs, bool inner,
999 const struct nlattr **a, bool log)
1003 if (!((key_attrs & (1 << OVS_KEY_ATTR_ETHERNET)) &&
1004 (key_attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) &&
1005 eth_type_vlan(nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE])))) {
1010 if (!((key_attrs & (1 << OVS_KEY_ATTR_VLAN)) &&
1011 (key_attrs & (1 << OVS_KEY_ATTR_ENCAP)))) {
1012 OVS_NLERR(log, "Invalid %s frame", (inner) ? "C-VLAN" : "VLAN");
1016 if (a[OVS_KEY_ATTR_VLAN])
1017 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
1019 if (!(tci & htons(VLAN_CFI_MASK))) {
1021 OVS_NLERR(log, "%s TCI does not have VLAN_CFI_MASK bit set.",
1022 (inner) ? "C-VLAN" : "VLAN");
1024 } else if (nla_len(a[OVS_KEY_ATTR_ENCAP])) {
1025 /* Corner case for truncated VLAN header. */
1026 OVS_NLERR(log, "Truncated %s header has non-zero encap attribute.",
1027 (inner) ? "C-VLAN" : "VLAN");
1035 static int validate_vlan_mask_from_nlattrs(const struct sw_flow_match *match,
1036 u64 key_attrs, bool inner,
1037 const struct nlattr **a, bool log)
1041 bool encap_valid = !!(match->key->eth.vlan.tci &
1042 htons(VLAN_CFI_MASK));
1043 bool i_encap_valid = !!(match->key->eth.cvlan.tci &
1044 htons(VLAN_CFI_MASK));
1046 if (!(key_attrs & (1 << OVS_KEY_ATTR_ENCAP))) {
1051 if ((!inner && !encap_valid) || (inner && !i_encap_valid)) {
1052 OVS_NLERR(log, "Encap mask attribute is set for non-%s frame.",
1053 (inner) ? "C-VLAN" : "VLAN");
1057 if (a[OVS_KEY_ATTR_VLAN])
1058 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
1060 if (a[OVS_KEY_ATTR_ETHERTYPE])
1061 tpid = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
1063 if (tpid != htons(0xffff)) {
1064 OVS_NLERR(log, "Must have an exact match on %s TPID (mask=%x).",
1065 (inner) ? "C-VLAN" : "VLAN", ntohs(tpid));
1068 if (!(tci & htons(VLAN_CFI_MASK))) {
1069 OVS_NLERR(log, "%s TCI mask does not have exact match for VLAN_CFI_MASK bit.",
1070 (inner) ? "C-VLAN" : "VLAN");
1077 static int __parse_vlan_from_nlattrs(struct sw_flow_match *match,
1078 u64 *key_attrs, bool inner,
1079 const struct nlattr **a, bool is_mask,
1083 const struct nlattr *encap;
1086 err = validate_vlan_from_nlattrs(match, *key_attrs, inner,
1089 err = validate_vlan_mask_from_nlattrs(match, *key_attrs, inner,
1094 err = encode_vlan_from_nlattrs(match, a, is_mask, inner);
1098 *key_attrs &= ~(1 << OVS_KEY_ATTR_ENCAP);
1099 *key_attrs &= ~(1 << OVS_KEY_ATTR_VLAN);
1100 *key_attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE);
1102 encap = a[OVS_KEY_ATTR_ENCAP];
1105 err = parse_flow_nlattrs(encap, a, key_attrs, log);
1107 err = parse_flow_mask_nlattrs(encap, a, key_attrs, log);
1112 static int parse_vlan_from_nlattrs(struct sw_flow_match *match,
1113 u64 *key_attrs, const struct nlattr **a,
1114 bool is_mask, bool log)
1117 bool encap_valid = false;
1119 err = __parse_vlan_from_nlattrs(match, key_attrs, false, a,
1124 encap_valid = !!(match->key->eth.vlan.tci & htons(VLAN_CFI_MASK));
1126 err = __parse_vlan_from_nlattrs(match, key_attrs, true, a,
1135 static int parse_eth_type_from_nlattrs(struct sw_flow_match *match,
1136 u64 *attrs, const struct nlattr **a,
1137 bool is_mask, bool log)
1141 eth_type = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
1143 /* Always exact match EtherType. */
1144 eth_type = htons(0xffff);
1145 } else if (!eth_proto_is_802_3(eth_type)) {
1146 OVS_NLERR(log, "EtherType %x is less than min %x",
1147 ntohs(eth_type), ETH_P_802_3_MIN);
1151 SW_FLOW_KEY_PUT(match, eth.type, eth_type, is_mask);
1152 *attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE);
1156 static int metadata_from_nlattrs(struct net *net, struct sw_flow_match *match,
1157 u64 *attrs, const struct nlattr **a,
1158 bool is_mask, bool log)
1160 u8 mac_proto = MAC_PROTO_ETHERNET;
1162 if (*attrs & (1 << OVS_KEY_ATTR_DP_HASH)) {
1163 u32 hash_val = nla_get_u32(a[OVS_KEY_ATTR_DP_HASH]);
1165 SW_FLOW_KEY_PUT(match, ovs_flow_hash, hash_val, is_mask);
1166 *attrs &= ~(1 << OVS_KEY_ATTR_DP_HASH);
1169 if (*attrs & (1 << OVS_KEY_ATTR_RECIRC_ID)) {
1170 u32 recirc_id = nla_get_u32(a[OVS_KEY_ATTR_RECIRC_ID]);
1172 SW_FLOW_KEY_PUT(match, recirc_id, recirc_id, is_mask);
1173 *attrs &= ~(1 << OVS_KEY_ATTR_RECIRC_ID);
1176 if (*attrs & (1 << OVS_KEY_ATTR_PRIORITY)) {
1177 SW_FLOW_KEY_PUT(match, phy.priority,
1178 nla_get_u32(a[OVS_KEY_ATTR_PRIORITY]), is_mask);
1179 *attrs &= ~(1 << OVS_KEY_ATTR_PRIORITY);
1182 if (*attrs & (1 << OVS_KEY_ATTR_IN_PORT)) {
1183 u32 in_port = nla_get_u32(a[OVS_KEY_ATTR_IN_PORT]);
1186 in_port = 0xffffffff; /* Always exact match in_port. */
1187 } else if (in_port >= DP_MAX_PORTS) {
1188 OVS_NLERR(log, "Port %d exceeds max allowable %d",
1189 in_port, DP_MAX_PORTS);
1193 SW_FLOW_KEY_PUT(match, phy.in_port, in_port, is_mask);
1194 *attrs &= ~(1 << OVS_KEY_ATTR_IN_PORT);
1195 } else if (!is_mask) {
1196 SW_FLOW_KEY_PUT(match, phy.in_port, DP_MAX_PORTS, is_mask);
1199 if (*attrs & (1 << OVS_KEY_ATTR_SKB_MARK)) {
1200 uint32_t mark = nla_get_u32(a[OVS_KEY_ATTR_SKB_MARK]);
1202 SW_FLOW_KEY_PUT(match, phy.skb_mark, mark, is_mask);
1203 *attrs &= ~(1 << OVS_KEY_ATTR_SKB_MARK);
1205 if (*attrs & (1 << OVS_KEY_ATTR_TUNNEL)) {
1206 if (ip_tun_from_nlattr(a[OVS_KEY_ATTR_TUNNEL], match,
1209 *attrs &= ~(1 << OVS_KEY_ATTR_TUNNEL);
1212 if (*attrs & (1 << OVS_KEY_ATTR_CT_STATE) &&
1213 ovs_ct_verify(net, OVS_KEY_ATTR_CT_STATE)) {
1214 u32 ct_state = nla_get_u32(a[OVS_KEY_ATTR_CT_STATE]);
1216 if (ct_state & ~CT_SUPPORTED_MASK) {
1217 OVS_NLERR(log, "ct_state flags %08x unsupported",
1222 SW_FLOW_KEY_PUT(match, ct_state, ct_state, is_mask);
1223 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_STATE);
1225 if (*attrs & (1 << OVS_KEY_ATTR_CT_ZONE) &&
1226 ovs_ct_verify(net, OVS_KEY_ATTR_CT_ZONE)) {
1227 u16 ct_zone = nla_get_u16(a[OVS_KEY_ATTR_CT_ZONE]);
1229 SW_FLOW_KEY_PUT(match, ct_zone, ct_zone, is_mask);
1230 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ZONE);
1232 if (*attrs & (1 << OVS_KEY_ATTR_CT_MARK) &&
1233 ovs_ct_verify(net, OVS_KEY_ATTR_CT_MARK)) {
1234 u32 mark = nla_get_u32(a[OVS_KEY_ATTR_CT_MARK]);
1236 SW_FLOW_KEY_PUT(match, ct.mark, mark, is_mask);
1237 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_MARK);
1239 if (*attrs & (1 << OVS_KEY_ATTR_CT_LABELS) &&
1240 ovs_ct_verify(net, OVS_KEY_ATTR_CT_LABELS)) {
1241 const struct ovs_key_ct_labels *cl;
1243 cl = nla_data(a[OVS_KEY_ATTR_CT_LABELS]);
1244 SW_FLOW_KEY_MEMCPY(match, ct.labels, cl->ct_labels,
1245 sizeof(*cl), is_mask);
1246 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_LABELS);
1248 if (*attrs & (1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4)) {
1249 const struct ovs_key_ct_tuple_ipv4 *ct;
1251 ct = nla_data(a[OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4]);
1253 SW_FLOW_KEY_PUT(match, ipv4.ct_orig.src, ct->ipv4_src, is_mask);
1254 SW_FLOW_KEY_PUT(match, ipv4.ct_orig.dst, ct->ipv4_dst, is_mask);
1255 SW_FLOW_KEY_PUT(match, ct.orig_tp.src, ct->src_port, is_mask);
1256 SW_FLOW_KEY_PUT(match, ct.orig_tp.dst, ct->dst_port, is_mask);
1257 SW_FLOW_KEY_PUT(match, ct_orig_proto, ct->ipv4_proto, is_mask);
1258 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4);
1260 if (*attrs & (1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6)) {
1261 const struct ovs_key_ct_tuple_ipv6 *ct;
1263 ct = nla_data(a[OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6]);
1265 SW_FLOW_KEY_MEMCPY(match, ipv6.ct_orig.src, &ct->ipv6_src,
1266 sizeof(match->key->ipv6.ct_orig.src),
1268 SW_FLOW_KEY_MEMCPY(match, ipv6.ct_orig.dst, &ct->ipv6_dst,
1269 sizeof(match->key->ipv6.ct_orig.dst),
1271 SW_FLOW_KEY_PUT(match, ct.orig_tp.src, ct->src_port, is_mask);
1272 SW_FLOW_KEY_PUT(match, ct.orig_tp.dst, ct->dst_port, is_mask);
1273 SW_FLOW_KEY_PUT(match, ct_orig_proto, ct->ipv6_proto, is_mask);
1274 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6);
1277 /* For layer 3 packets the Ethernet type is provided
1278 * and treated as metadata but no MAC addresses are provided.
1280 if (!(*attrs & (1ULL << OVS_KEY_ATTR_ETHERNET)) &&
1281 (*attrs & (1ULL << OVS_KEY_ATTR_ETHERTYPE)))
1282 mac_proto = MAC_PROTO_NONE;
1284 /* Always exact match mac_proto */
1285 SW_FLOW_KEY_PUT(match, mac_proto, is_mask ? 0xff : mac_proto, is_mask);
1287 if (mac_proto == MAC_PROTO_NONE)
1288 return parse_eth_type_from_nlattrs(match, attrs, a, is_mask,
1294 int nsh_hdr_from_nlattr(const struct nlattr *attr,
1295 struct nshhdr *nh, size_t size)
1303 /* validate_nsh has check this, so we needn't do duplicate check here
1305 if (size < NSH_BASE_HDR_LEN)
1308 nla_for_each_nested(a, attr, rem) {
1309 int type = nla_type(a);
1312 case OVS_NSH_KEY_ATTR_BASE: {
1313 const struct ovs_nsh_key_base *base = nla_data(a);
1315 flags = base->flags;
1318 nh->mdtype = base->mdtype;
1319 nh->path_hdr = base->path_hdr;
1322 case OVS_NSH_KEY_ATTR_MD1:
1324 if (mdlen > size - NSH_BASE_HDR_LEN)
1326 memcpy(&nh->md1, nla_data(a), mdlen);
1329 case OVS_NSH_KEY_ATTR_MD2:
1331 if (mdlen > size - NSH_BASE_HDR_LEN)
1333 memcpy(&nh->md2, nla_data(a), mdlen);
1341 /* nsh header length = NSH_BASE_HDR_LEN + mdlen */
1342 nh->ver_flags_ttl_len = 0;
1343 nsh_set_flags_ttl_len(nh, flags, ttl, NSH_BASE_HDR_LEN + mdlen);
1348 int nsh_key_from_nlattr(const struct nlattr *attr,
1349 struct ovs_key_nsh *nsh, struct ovs_key_nsh *nsh_mask)
1354 /* validate_nsh has check this, so we needn't do duplicate check here
1356 nla_for_each_nested(a, attr, rem) {
1357 int type = nla_type(a);
1360 case OVS_NSH_KEY_ATTR_BASE: {
1361 const struct ovs_nsh_key_base *base = nla_data(a);
1362 const struct ovs_nsh_key_base *base_mask = base + 1;
1365 nsh_mask->base = *base_mask;
1368 case OVS_NSH_KEY_ATTR_MD1: {
1369 const struct ovs_nsh_key_md1 *md1 = nla_data(a);
1370 const struct ovs_nsh_key_md1 *md1_mask = md1 + 1;
1372 memcpy(nsh->context, md1->context, sizeof(*md1));
1373 memcpy(nsh_mask->context, md1_mask->context,
1377 case OVS_NSH_KEY_ATTR_MD2:
1378 /* Not supported yet */
1388 static int nsh_key_put_from_nlattr(const struct nlattr *attr,
1389 struct sw_flow_match *match, bool is_mask,
1390 bool is_push_nsh, bool log)
1394 bool has_base = false;
1395 bool has_md1 = false;
1396 bool has_md2 = false;
1400 if (WARN_ON(is_push_nsh && is_mask))
1403 nla_for_each_nested(a, attr, rem) {
1404 int type = nla_type(a);
1407 if (type > OVS_NSH_KEY_ATTR_MAX) {
1408 OVS_NLERR(log, "nsh attr %d is out of range max %d",
1409 type, OVS_NSH_KEY_ATTR_MAX);
1413 if (!check_attr_len(nla_len(a),
1414 ovs_nsh_key_attr_lens[type].len)) {
1417 "nsh attr %d has unexpected len %d expected %d",
1420 ovs_nsh_key_attr_lens[type].len
1426 case OVS_NSH_KEY_ATTR_BASE: {
1427 const struct ovs_nsh_key_base *base = nla_data(a);
1430 mdtype = base->mdtype;
1431 SW_FLOW_KEY_PUT(match, nsh.base.flags,
1432 base->flags, is_mask);
1433 SW_FLOW_KEY_PUT(match, nsh.base.ttl,
1434 base->ttl, is_mask);
1435 SW_FLOW_KEY_PUT(match, nsh.base.mdtype,
1436 base->mdtype, is_mask);
1437 SW_FLOW_KEY_PUT(match, nsh.base.np,
1439 SW_FLOW_KEY_PUT(match, nsh.base.path_hdr,
1440 base->path_hdr, is_mask);
1443 case OVS_NSH_KEY_ATTR_MD1: {
1444 const struct ovs_nsh_key_md1 *md1 = nla_data(a);
1447 for (i = 0; i < NSH_MD1_CONTEXT_SIZE; i++)
1448 SW_FLOW_KEY_PUT(match, nsh.context[i],
1449 md1->context[i], is_mask);
1452 case OVS_NSH_KEY_ATTR_MD2:
1453 if (!is_push_nsh) /* Not supported MD type 2 yet */
1458 if (mdlen > NSH_CTX_HDRS_MAX_LEN || mdlen <= 0) {
1461 "Invalid MD length %d for MD type %d",
1469 OVS_NLERR(log, "Unknown nsh attribute %d",
1476 OVS_NLERR(log, "nsh attribute has %d unknown bytes.", rem);
1480 if (has_md1 && has_md2) {
1483 "invalid nsh attribute: md1 and md2 are exclusive."
1489 if ((has_md1 && mdtype != NSH_M_TYPE1) ||
1490 (has_md2 && mdtype != NSH_M_TYPE2)) {
1491 OVS_NLERR(1, "nsh attribute has unmatched MD type %d.",
1497 (!has_base || (!has_md1 && !has_md2))) {
1500 "push_nsh: missing base or metadata attributes"
1509 static int ovs_key_from_nlattrs(struct net *net, struct sw_flow_match *match,
1510 u64 attrs, const struct nlattr **a,
1511 bool is_mask, bool log)
1515 err = metadata_from_nlattrs(net, match, &attrs, a, is_mask, log);
1519 if (attrs & (1 << OVS_KEY_ATTR_ETHERNET)) {
1520 const struct ovs_key_ethernet *eth_key;
1522 eth_key = nla_data(a[OVS_KEY_ATTR_ETHERNET]);
1523 SW_FLOW_KEY_MEMCPY(match, eth.src,
1524 eth_key->eth_src, ETH_ALEN, is_mask);
1525 SW_FLOW_KEY_MEMCPY(match, eth.dst,
1526 eth_key->eth_dst, ETH_ALEN, is_mask);
1527 attrs &= ~(1 << OVS_KEY_ATTR_ETHERNET);
1529 if (attrs & (1 << OVS_KEY_ATTR_VLAN)) {
1530 /* VLAN attribute is always parsed before getting here since it
1531 * may occur multiple times.
1533 OVS_NLERR(log, "VLAN attribute unexpected.");
1537 if (attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) {
1538 err = parse_eth_type_from_nlattrs(match, &attrs, a, is_mask,
1542 } else if (!is_mask) {
1543 SW_FLOW_KEY_PUT(match, eth.type, htons(ETH_P_802_2), is_mask);
1545 } else if (!match->key->eth.type) {
1546 OVS_NLERR(log, "Either Ethernet header or EtherType is required.");
1550 if (attrs & (1 << OVS_KEY_ATTR_IPV4)) {
1551 const struct ovs_key_ipv4 *ipv4_key;
1553 ipv4_key = nla_data(a[OVS_KEY_ATTR_IPV4]);
1554 if (!is_mask && ipv4_key->ipv4_frag > OVS_FRAG_TYPE_MAX) {
1555 OVS_NLERR(log, "IPv4 frag type %d is out of range max %d",
1556 ipv4_key->ipv4_frag, OVS_FRAG_TYPE_MAX);
1559 SW_FLOW_KEY_PUT(match, ip.proto,
1560 ipv4_key->ipv4_proto, is_mask);
1561 SW_FLOW_KEY_PUT(match, ip.tos,
1562 ipv4_key->ipv4_tos, is_mask);
1563 SW_FLOW_KEY_PUT(match, ip.ttl,
1564 ipv4_key->ipv4_ttl, is_mask);
1565 SW_FLOW_KEY_PUT(match, ip.frag,
1566 ipv4_key->ipv4_frag, is_mask);
1567 SW_FLOW_KEY_PUT(match, ipv4.addr.src,
1568 ipv4_key->ipv4_src, is_mask);
1569 SW_FLOW_KEY_PUT(match, ipv4.addr.dst,
1570 ipv4_key->ipv4_dst, is_mask);
1571 attrs &= ~(1 << OVS_KEY_ATTR_IPV4);
1574 if (attrs & (1 << OVS_KEY_ATTR_IPV6)) {
1575 const struct ovs_key_ipv6 *ipv6_key;
1577 ipv6_key = nla_data(a[OVS_KEY_ATTR_IPV6]);
1578 if (!is_mask && ipv6_key->ipv6_frag > OVS_FRAG_TYPE_MAX) {
1579 OVS_NLERR(log, "IPv6 frag type %d is out of range max %d",
1580 ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX);
1584 if (!is_mask && ipv6_key->ipv6_label & htonl(0xFFF00000)) {
1585 OVS_NLERR(log, "IPv6 flow label %x is out of range (max=%x)",
1586 ntohl(ipv6_key->ipv6_label), (1 << 20) - 1);
1590 SW_FLOW_KEY_PUT(match, ipv6.label,
1591 ipv6_key->ipv6_label, is_mask);
1592 SW_FLOW_KEY_PUT(match, ip.proto,
1593 ipv6_key->ipv6_proto, is_mask);
1594 SW_FLOW_KEY_PUT(match, ip.tos,
1595 ipv6_key->ipv6_tclass, is_mask);
1596 SW_FLOW_KEY_PUT(match, ip.ttl,
1597 ipv6_key->ipv6_hlimit, is_mask);
1598 SW_FLOW_KEY_PUT(match, ip.frag,
1599 ipv6_key->ipv6_frag, is_mask);
1600 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.src,
1602 sizeof(match->key->ipv6.addr.src),
1604 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.dst,
1606 sizeof(match->key->ipv6.addr.dst),
1609 attrs &= ~(1 << OVS_KEY_ATTR_IPV6);
1612 if (attrs & (1ULL << OVS_KEY_ATTR_IPV6_EXTHDRS)) {
1613 const struct ovs_key_ipv6_exthdrs *ipv6_exthdrs_key;
1615 ipv6_exthdrs_key = nla_data(a[OVS_KEY_ATTR_IPV6_EXTHDRS]);
1617 SW_FLOW_KEY_PUT(match, ipv6.exthdrs,
1618 ipv6_exthdrs_key->hdrs, is_mask);
1620 attrs &= ~(1ULL << OVS_KEY_ATTR_IPV6_EXTHDRS);
1623 if (attrs & (1 << OVS_KEY_ATTR_ARP)) {
1624 const struct ovs_key_arp *arp_key;
1626 arp_key = nla_data(a[OVS_KEY_ATTR_ARP]);
1627 if (!is_mask && (arp_key->arp_op & htons(0xff00))) {
1628 OVS_NLERR(log, "Unknown ARP opcode (opcode=%d).",
1633 SW_FLOW_KEY_PUT(match, ipv4.addr.src,
1634 arp_key->arp_sip, is_mask);
1635 SW_FLOW_KEY_PUT(match, ipv4.addr.dst,
1636 arp_key->arp_tip, is_mask);
1637 SW_FLOW_KEY_PUT(match, ip.proto,
1638 ntohs(arp_key->arp_op), is_mask);
1639 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.sha,
1640 arp_key->arp_sha, ETH_ALEN, is_mask);
1641 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.tha,
1642 arp_key->arp_tha, ETH_ALEN, is_mask);
1644 attrs &= ~(1 << OVS_KEY_ATTR_ARP);
1647 if (attrs & (1 << OVS_KEY_ATTR_NSH)) {
1648 if (nsh_key_put_from_nlattr(a[OVS_KEY_ATTR_NSH], match,
1649 is_mask, false, log) < 0)
1651 attrs &= ~(1 << OVS_KEY_ATTR_NSH);
1654 if (attrs & (1 << OVS_KEY_ATTR_MPLS)) {
1655 const struct ovs_key_mpls *mpls_key;
1657 u32 label_count, label_count_mask, i;
1659 mpls_key = nla_data(a[OVS_KEY_ATTR_MPLS]);
1660 hdr_len = nla_len(a[OVS_KEY_ATTR_MPLS]);
1661 label_count = hdr_len / sizeof(struct ovs_key_mpls);
1663 if (label_count == 0 || label_count > MPLS_LABEL_DEPTH ||
1664 hdr_len % sizeof(struct ovs_key_mpls))
1667 label_count_mask = GENMASK(label_count - 1, 0);
1669 for (i = 0 ; i < label_count; i++)
1670 SW_FLOW_KEY_PUT(match, mpls.lse[i],
1671 mpls_key[i].mpls_lse, is_mask);
1673 SW_FLOW_KEY_PUT(match, mpls.num_labels_mask,
1674 label_count_mask, is_mask);
1676 attrs &= ~(1 << OVS_KEY_ATTR_MPLS);
1679 if (attrs & (1 << OVS_KEY_ATTR_TCP)) {
1680 const struct ovs_key_tcp *tcp_key;
1682 tcp_key = nla_data(a[OVS_KEY_ATTR_TCP]);
1683 SW_FLOW_KEY_PUT(match, tp.src, tcp_key->tcp_src, is_mask);
1684 SW_FLOW_KEY_PUT(match, tp.dst, tcp_key->tcp_dst, is_mask);
1685 attrs &= ~(1 << OVS_KEY_ATTR_TCP);
1688 if (attrs & (1 << OVS_KEY_ATTR_TCP_FLAGS)) {
1689 SW_FLOW_KEY_PUT(match, tp.flags,
1690 nla_get_be16(a[OVS_KEY_ATTR_TCP_FLAGS]),
1692 attrs &= ~(1 << OVS_KEY_ATTR_TCP_FLAGS);
1695 if (attrs & (1 << OVS_KEY_ATTR_UDP)) {
1696 const struct ovs_key_udp *udp_key;
1698 udp_key = nla_data(a[OVS_KEY_ATTR_UDP]);
1699 SW_FLOW_KEY_PUT(match, tp.src, udp_key->udp_src, is_mask);
1700 SW_FLOW_KEY_PUT(match, tp.dst, udp_key->udp_dst, is_mask);
1701 attrs &= ~(1 << OVS_KEY_ATTR_UDP);
1704 if (attrs & (1 << OVS_KEY_ATTR_SCTP)) {
1705 const struct ovs_key_sctp *sctp_key;
1707 sctp_key = nla_data(a[OVS_KEY_ATTR_SCTP]);
1708 SW_FLOW_KEY_PUT(match, tp.src, sctp_key->sctp_src, is_mask);
1709 SW_FLOW_KEY_PUT(match, tp.dst, sctp_key->sctp_dst, is_mask);
1710 attrs &= ~(1 << OVS_KEY_ATTR_SCTP);
1713 if (attrs & (1 << OVS_KEY_ATTR_ICMP)) {
1714 const struct ovs_key_icmp *icmp_key;
1716 icmp_key = nla_data(a[OVS_KEY_ATTR_ICMP]);
1717 SW_FLOW_KEY_PUT(match, tp.src,
1718 htons(icmp_key->icmp_type), is_mask);
1719 SW_FLOW_KEY_PUT(match, tp.dst,
1720 htons(icmp_key->icmp_code), is_mask);
1721 attrs &= ~(1 << OVS_KEY_ATTR_ICMP);
1724 if (attrs & (1 << OVS_KEY_ATTR_ICMPV6)) {
1725 const struct ovs_key_icmpv6 *icmpv6_key;
1727 icmpv6_key = nla_data(a[OVS_KEY_ATTR_ICMPV6]);
1728 SW_FLOW_KEY_PUT(match, tp.src,
1729 htons(icmpv6_key->icmpv6_type), is_mask);
1730 SW_FLOW_KEY_PUT(match, tp.dst,
1731 htons(icmpv6_key->icmpv6_code), is_mask);
1732 attrs &= ~(1 << OVS_KEY_ATTR_ICMPV6);
1735 if (attrs & (1 << OVS_KEY_ATTR_ND)) {
1736 const struct ovs_key_nd *nd_key;
1738 nd_key = nla_data(a[OVS_KEY_ATTR_ND]);
1739 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.target,
1741 sizeof(match->key->ipv6.nd.target),
1743 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.sll,
1744 nd_key->nd_sll, ETH_ALEN, is_mask);
1745 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.tll,
1746 nd_key->nd_tll, ETH_ALEN, is_mask);
1747 attrs &= ~(1 << OVS_KEY_ATTR_ND);
1751 OVS_NLERR(log, "Unknown key attributes %llx",
1752 (unsigned long long)attrs);
1759 static void nlattr_set(struct nlattr *attr, u8 val,
1760 const struct ovs_len_tbl *tbl)
1765 /* The nlattr stream should already have been validated */
1766 nla_for_each_nested(nla, attr, rem) {
1767 if (tbl[nla_type(nla)].len == OVS_ATTR_NESTED)
1768 nlattr_set(nla, val, tbl[nla_type(nla)].next ? : tbl);
1770 memset(nla_data(nla), val, nla_len(nla));
1772 if (nla_type(nla) == OVS_KEY_ATTR_CT_STATE)
1773 *(u32 *)nla_data(nla) &= CT_SUPPORTED_MASK;
1777 static void mask_set_nlattr(struct nlattr *attr, u8 val)
1779 nlattr_set(attr, val, ovs_key_lens);
1783 * ovs_nla_get_match - parses Netlink attributes into a flow key and
1784 * mask. In case the 'mask' is NULL, the flow is treated as exact match
1785 * flow. Otherwise, it is treated as a wildcarded flow, except the mask
1786 * does not include any don't care bit.
1787 * @net: Used to determine per-namespace field support.
1788 * @match: receives the extracted flow match information.
1789 * @nla_key: Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink attribute
1790 * sequence. The fields should of the packet that triggered the creation
1792 * @nla_mask: Optional. Netlink attribute holding nested %OVS_KEY_ATTR_*
1793 * Netlink attribute specifies the mask field of the wildcarded flow.
1794 * @log: Boolean to allow kernel error logging. Normally true, but when
1795 * probing for feature compatibility this should be passed in as false to
1796 * suppress unnecessary error logging.
1798 int ovs_nla_get_match(struct net *net, struct sw_flow_match *match,
1799 const struct nlattr *nla_key,
1800 const struct nlattr *nla_mask,
1803 const struct nlattr *a[OVS_KEY_ATTR_MAX + 1];
1804 struct nlattr *newmask = NULL;
1809 err = parse_flow_nlattrs(nla_key, a, &key_attrs, log);
1813 err = parse_vlan_from_nlattrs(match, &key_attrs, a, false, log);
1817 err = ovs_key_from_nlattrs(net, match, key_attrs, a, false, log);
1823 /* Create an exact match mask. We need to set to 0xff
1824 * all the 'match->mask' fields that have been touched
1825 * in 'match->key'. We cannot simply memset
1826 * 'match->mask', because padding bytes and fields not
1827 * specified in 'match->key' should be left to 0.
1828 * Instead, we use a stream of netlink attributes,
1829 * copied from 'key' and set to 0xff.
1830 * ovs_key_from_nlattrs() will take care of filling
1831 * 'match->mask' appropriately.
1833 newmask = kmemdup(nla_key,
1834 nla_total_size(nla_len(nla_key)),
1839 mask_set_nlattr(newmask, 0xff);
1841 /* The userspace does not send tunnel attributes that
1842 * are 0, but we should not wildcard them nonetheless.
1844 if (match->key->tun_proto)
1845 SW_FLOW_KEY_MEMSET_FIELD(match, tun_key,
1851 err = parse_flow_mask_nlattrs(nla_mask, a, &mask_attrs, log);
1855 /* Always match on tci. */
1856 SW_FLOW_KEY_PUT(match, eth.vlan.tci, htons(0xffff), true);
1857 SW_FLOW_KEY_PUT(match, eth.cvlan.tci, htons(0xffff), true);
1859 err = parse_vlan_from_nlattrs(match, &mask_attrs, a, true, log);
1863 err = ovs_key_from_nlattrs(net, match, mask_attrs, a, true,
1869 if (!match_validate(match, key_attrs, mask_attrs, log))
1877 static size_t get_ufid_len(const struct nlattr *attr, bool log)
1884 len = nla_len(attr);
1885 if (len < 1 || len > MAX_UFID_LENGTH) {
1886 OVS_NLERR(log, "ufid size %u bytes exceeds the range (1, %d)",
1887 nla_len(attr), MAX_UFID_LENGTH);
1894 /* Initializes 'flow->ufid', returning true if 'attr' contains a valid UFID,
1895 * or false otherwise.
1897 bool ovs_nla_get_ufid(struct sw_flow_id *sfid, const struct nlattr *attr,
1900 sfid->ufid_len = get_ufid_len(attr, log);
1902 memcpy(sfid->ufid, nla_data(attr), sfid->ufid_len);
1904 return sfid->ufid_len;
1907 int ovs_nla_get_identifier(struct sw_flow_id *sfid, const struct nlattr *ufid,
1908 const struct sw_flow_key *key, bool log)
1910 struct sw_flow_key *new_key;
1912 if (ovs_nla_get_ufid(sfid, ufid, log))
1915 /* If UFID was not provided, use unmasked key. */
1916 new_key = kmalloc(sizeof(*new_key), GFP_KERNEL);
1919 memcpy(new_key, key, sizeof(*key));
1920 sfid->unmasked_key = new_key;
1925 u32 ovs_nla_get_ufid_flags(const struct nlattr *attr)
1927 return attr ? nla_get_u32(attr) : 0;
1931 * ovs_nla_get_flow_metadata - parses Netlink attributes into a flow key.
1932 * @net: Network namespace.
1933 * @key: Receives extracted in_port, priority, tun_key, skb_mark and conntrack
1935 * @a: Array of netlink attributes holding parsed %OVS_KEY_ATTR_* Netlink
1937 * @attrs: Bit mask for the netlink attributes included in @a.
1938 * @log: Boolean to allow kernel error logging. Normally true, but when
1939 * probing for feature compatibility this should be passed in as false to
1940 * suppress unnecessary error logging.
1942 * This parses a series of Netlink attributes that form a flow key, which must
1943 * take the same form accepted by flow_from_nlattrs(), but only enough of it to
1944 * get the metadata, that is, the parts of the flow key that cannot be
1945 * extracted from the packet itself.
1947 * This must be called before the packet key fields are filled in 'key'.
1950 int ovs_nla_get_flow_metadata(struct net *net,
1951 const struct nlattr *a[OVS_KEY_ATTR_MAX + 1],
1952 u64 attrs, struct sw_flow_key *key, bool log)
1954 struct sw_flow_match match;
1956 memset(&match, 0, sizeof(match));
1961 key->ct_orig_proto = 0;
1962 memset(&key->ct, 0, sizeof(key->ct));
1963 memset(&key->ipv4.ct_orig, 0, sizeof(key->ipv4.ct_orig));
1964 memset(&key->ipv6.ct_orig, 0, sizeof(key->ipv6.ct_orig));
1966 key->phy.in_port = DP_MAX_PORTS;
1968 return metadata_from_nlattrs(net, &match, &attrs, a, false, log);
1971 static int ovs_nla_put_vlan(struct sk_buff *skb, const struct vlan_head *vh,
1974 __be16 eth_type = !is_mask ? vh->tpid : htons(0xffff);
1976 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, eth_type) ||
1977 nla_put_be16(skb, OVS_KEY_ATTR_VLAN, vh->tci))
1982 static int nsh_key_to_nlattr(const struct ovs_key_nsh *nsh, bool is_mask,
1983 struct sk_buff *skb)
1985 struct nlattr *start;
1987 start = nla_nest_start_noflag(skb, OVS_KEY_ATTR_NSH);
1991 if (nla_put(skb, OVS_NSH_KEY_ATTR_BASE, sizeof(nsh->base), &nsh->base))
1992 goto nla_put_failure;
1994 if (is_mask || nsh->base.mdtype == NSH_M_TYPE1) {
1995 if (nla_put(skb, OVS_NSH_KEY_ATTR_MD1,
1996 sizeof(nsh->context), nsh->context))
1997 goto nla_put_failure;
2000 /* Don't support MD type 2 yet */
2002 nla_nest_end(skb, start);
2010 static int __ovs_nla_put_key(const struct sw_flow_key *swkey,
2011 const struct sw_flow_key *output, bool is_mask,
2012 struct sk_buff *skb)
2014 struct ovs_key_ethernet *eth_key;
2016 struct nlattr *encap = NULL;
2017 struct nlattr *in_encap = NULL;
2019 if (nla_put_u32(skb, OVS_KEY_ATTR_RECIRC_ID, output->recirc_id))
2020 goto nla_put_failure;
2022 if (nla_put_u32(skb, OVS_KEY_ATTR_DP_HASH, output->ovs_flow_hash))
2023 goto nla_put_failure;
2025 if (nla_put_u32(skb, OVS_KEY_ATTR_PRIORITY, output->phy.priority))
2026 goto nla_put_failure;
2028 if ((swkey->tun_proto || is_mask)) {
2029 const void *opts = NULL;
2031 if (output->tun_key.tun_flags & TUNNEL_OPTIONS_PRESENT)
2032 opts = TUN_METADATA_OPTS(output, swkey->tun_opts_len);
2034 if (ip_tun_to_nlattr(skb, &output->tun_key, opts,
2035 swkey->tun_opts_len, swkey->tun_proto, 0))
2036 goto nla_put_failure;
2039 if (swkey->phy.in_port == DP_MAX_PORTS) {
2040 if (is_mask && (output->phy.in_port == 0xffff))
2041 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT, 0xffffffff))
2042 goto nla_put_failure;
2045 upper_u16 = !is_mask ? 0 : 0xffff;
2047 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT,
2048 (upper_u16 << 16) | output->phy.in_port))
2049 goto nla_put_failure;
2052 if (nla_put_u32(skb, OVS_KEY_ATTR_SKB_MARK, output->phy.skb_mark))
2053 goto nla_put_failure;
2055 if (ovs_ct_put_key(swkey, output, skb))
2056 goto nla_put_failure;
2058 if (ovs_key_mac_proto(swkey) == MAC_PROTO_ETHERNET) {
2059 nla = nla_reserve(skb, OVS_KEY_ATTR_ETHERNET, sizeof(*eth_key));
2061 goto nla_put_failure;
2063 eth_key = nla_data(nla);
2064 ether_addr_copy(eth_key->eth_src, output->eth.src);
2065 ether_addr_copy(eth_key->eth_dst, output->eth.dst);
2067 if (swkey->eth.vlan.tci || eth_type_vlan(swkey->eth.type)) {
2068 if (ovs_nla_put_vlan(skb, &output->eth.vlan, is_mask))
2069 goto nla_put_failure;
2070 encap = nla_nest_start_noflag(skb, OVS_KEY_ATTR_ENCAP);
2071 if (!swkey->eth.vlan.tci)
2074 if (swkey->eth.cvlan.tci || eth_type_vlan(swkey->eth.type)) {
2075 if (ovs_nla_put_vlan(skb, &output->eth.cvlan, is_mask))
2076 goto nla_put_failure;
2077 in_encap = nla_nest_start_noflag(skb,
2078 OVS_KEY_ATTR_ENCAP);
2079 if (!swkey->eth.cvlan.tci)
2084 if (swkey->eth.type == htons(ETH_P_802_2)) {
2086 * Ethertype 802.2 is represented in the netlink with omitted
2087 * OVS_KEY_ATTR_ETHERTYPE in the flow key attribute, and
2088 * 0xffff in the mask attribute. Ethertype can also
2091 if (is_mask && output->eth.type)
2092 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE,
2094 goto nla_put_failure;
2099 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, output->eth.type))
2100 goto nla_put_failure;
2102 if (eth_type_vlan(swkey->eth.type)) {
2103 /* There are 3 VLAN tags, we don't know anything about the rest
2104 * of the packet, so truncate here.
2106 WARN_ON_ONCE(!(encap && in_encap));
2110 if (swkey->eth.type == htons(ETH_P_IP)) {
2111 struct ovs_key_ipv4 *ipv4_key;
2113 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV4, sizeof(*ipv4_key));
2115 goto nla_put_failure;
2116 ipv4_key = nla_data(nla);
2117 ipv4_key->ipv4_src = output->ipv4.addr.src;
2118 ipv4_key->ipv4_dst = output->ipv4.addr.dst;
2119 ipv4_key->ipv4_proto = output->ip.proto;
2120 ipv4_key->ipv4_tos = output->ip.tos;
2121 ipv4_key->ipv4_ttl = output->ip.ttl;
2122 ipv4_key->ipv4_frag = output->ip.frag;
2123 } else if (swkey->eth.type == htons(ETH_P_IPV6)) {
2124 struct ovs_key_ipv6 *ipv6_key;
2125 struct ovs_key_ipv6_exthdrs *ipv6_exthdrs_key;
2127 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV6, sizeof(*ipv6_key));
2129 goto nla_put_failure;
2130 ipv6_key = nla_data(nla);
2131 memcpy(ipv6_key->ipv6_src, &output->ipv6.addr.src,
2132 sizeof(ipv6_key->ipv6_src));
2133 memcpy(ipv6_key->ipv6_dst, &output->ipv6.addr.dst,
2134 sizeof(ipv6_key->ipv6_dst));
2135 ipv6_key->ipv6_label = output->ipv6.label;
2136 ipv6_key->ipv6_proto = output->ip.proto;
2137 ipv6_key->ipv6_tclass = output->ip.tos;
2138 ipv6_key->ipv6_hlimit = output->ip.ttl;
2139 ipv6_key->ipv6_frag = output->ip.frag;
2141 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV6_EXTHDRS,
2142 sizeof(*ipv6_exthdrs_key));
2144 goto nla_put_failure;
2145 ipv6_exthdrs_key = nla_data(nla);
2146 ipv6_exthdrs_key->hdrs = output->ipv6.exthdrs;
2147 } else if (swkey->eth.type == htons(ETH_P_NSH)) {
2148 if (nsh_key_to_nlattr(&output->nsh, is_mask, skb))
2149 goto nla_put_failure;
2150 } else if (swkey->eth.type == htons(ETH_P_ARP) ||
2151 swkey->eth.type == htons(ETH_P_RARP)) {
2152 struct ovs_key_arp *arp_key;
2154 nla = nla_reserve(skb, OVS_KEY_ATTR_ARP, sizeof(*arp_key));
2156 goto nla_put_failure;
2157 arp_key = nla_data(nla);
2158 memset(arp_key, 0, sizeof(struct ovs_key_arp));
2159 arp_key->arp_sip = output->ipv4.addr.src;
2160 arp_key->arp_tip = output->ipv4.addr.dst;
2161 arp_key->arp_op = htons(output->ip.proto);
2162 ether_addr_copy(arp_key->arp_sha, output->ipv4.arp.sha);
2163 ether_addr_copy(arp_key->arp_tha, output->ipv4.arp.tha);
2164 } else if (eth_p_mpls(swkey->eth.type)) {
2166 struct ovs_key_mpls *mpls_key;
2168 num_labels = hweight_long(output->mpls.num_labels_mask);
2169 nla = nla_reserve(skb, OVS_KEY_ATTR_MPLS,
2170 num_labels * sizeof(*mpls_key));
2172 goto nla_put_failure;
2174 mpls_key = nla_data(nla);
2175 for (i = 0; i < num_labels; i++)
2176 mpls_key[i].mpls_lse = output->mpls.lse[i];
2179 if ((swkey->eth.type == htons(ETH_P_IP) ||
2180 swkey->eth.type == htons(ETH_P_IPV6)) &&
2181 swkey->ip.frag != OVS_FRAG_TYPE_LATER) {
2183 if (swkey->ip.proto == IPPROTO_TCP) {
2184 struct ovs_key_tcp *tcp_key;
2186 nla = nla_reserve(skb, OVS_KEY_ATTR_TCP, sizeof(*tcp_key));
2188 goto nla_put_failure;
2189 tcp_key = nla_data(nla);
2190 tcp_key->tcp_src = output->tp.src;
2191 tcp_key->tcp_dst = output->tp.dst;
2192 if (nla_put_be16(skb, OVS_KEY_ATTR_TCP_FLAGS,
2194 goto nla_put_failure;
2195 } else if (swkey->ip.proto == IPPROTO_UDP) {
2196 struct ovs_key_udp *udp_key;
2198 nla = nla_reserve(skb, OVS_KEY_ATTR_UDP, sizeof(*udp_key));
2200 goto nla_put_failure;
2201 udp_key = nla_data(nla);
2202 udp_key->udp_src = output->tp.src;
2203 udp_key->udp_dst = output->tp.dst;
2204 } else if (swkey->ip.proto == IPPROTO_SCTP) {
2205 struct ovs_key_sctp *sctp_key;
2207 nla = nla_reserve(skb, OVS_KEY_ATTR_SCTP, sizeof(*sctp_key));
2209 goto nla_put_failure;
2210 sctp_key = nla_data(nla);
2211 sctp_key->sctp_src = output->tp.src;
2212 sctp_key->sctp_dst = output->tp.dst;
2213 } else if (swkey->eth.type == htons(ETH_P_IP) &&
2214 swkey->ip.proto == IPPROTO_ICMP) {
2215 struct ovs_key_icmp *icmp_key;
2217 nla = nla_reserve(skb, OVS_KEY_ATTR_ICMP, sizeof(*icmp_key));
2219 goto nla_put_failure;
2220 icmp_key = nla_data(nla);
2221 icmp_key->icmp_type = ntohs(output->tp.src);
2222 icmp_key->icmp_code = ntohs(output->tp.dst);
2223 } else if (swkey->eth.type == htons(ETH_P_IPV6) &&
2224 swkey->ip.proto == IPPROTO_ICMPV6) {
2225 struct ovs_key_icmpv6 *icmpv6_key;
2227 nla = nla_reserve(skb, OVS_KEY_ATTR_ICMPV6,
2228 sizeof(*icmpv6_key));
2230 goto nla_put_failure;
2231 icmpv6_key = nla_data(nla);
2232 icmpv6_key->icmpv6_type = ntohs(output->tp.src);
2233 icmpv6_key->icmpv6_code = ntohs(output->tp.dst);
2235 if (swkey->tp.src == htons(NDISC_NEIGHBOUR_SOLICITATION) ||
2236 swkey->tp.src == htons(NDISC_NEIGHBOUR_ADVERTISEMENT)) {
2237 struct ovs_key_nd *nd_key;
2239 nla = nla_reserve(skb, OVS_KEY_ATTR_ND, sizeof(*nd_key));
2241 goto nla_put_failure;
2242 nd_key = nla_data(nla);
2243 memcpy(nd_key->nd_target, &output->ipv6.nd.target,
2244 sizeof(nd_key->nd_target));
2245 ether_addr_copy(nd_key->nd_sll, output->ipv6.nd.sll);
2246 ether_addr_copy(nd_key->nd_tll, output->ipv6.nd.tll);
2253 nla_nest_end(skb, in_encap);
2255 nla_nest_end(skb, encap);
2263 int ovs_nla_put_key(const struct sw_flow_key *swkey,
2264 const struct sw_flow_key *output, int attr, bool is_mask,
2265 struct sk_buff *skb)
2270 nla = nla_nest_start_noflag(skb, attr);
2273 err = __ovs_nla_put_key(swkey, output, is_mask, skb);
2276 nla_nest_end(skb, nla);
2281 /* Called with ovs_mutex or RCU read lock. */
2282 int ovs_nla_put_identifier(const struct sw_flow *flow, struct sk_buff *skb)
2284 if (ovs_identifier_is_ufid(&flow->id))
2285 return nla_put(skb, OVS_FLOW_ATTR_UFID, flow->id.ufid_len,
2288 return ovs_nla_put_key(flow->id.unmasked_key, flow->id.unmasked_key,
2289 OVS_FLOW_ATTR_KEY, false, skb);
2292 /* Called with ovs_mutex or RCU read lock. */
2293 int ovs_nla_put_masked_key(const struct sw_flow *flow, struct sk_buff *skb)
2295 return ovs_nla_put_key(&flow->key, &flow->key,
2296 OVS_FLOW_ATTR_KEY, false, skb);
2299 /* Called with ovs_mutex or RCU read lock. */
2300 int ovs_nla_put_mask(const struct sw_flow *flow, struct sk_buff *skb)
2302 return ovs_nla_put_key(&flow->key, &flow->mask->key,
2303 OVS_FLOW_ATTR_MASK, true, skb);
2306 #define MAX_ACTIONS_BUFSIZE (32 * 1024)
2308 static struct sw_flow_actions *nla_alloc_flow_actions(int size)
2310 struct sw_flow_actions *sfa;
2312 WARN_ON_ONCE(size > MAX_ACTIONS_BUFSIZE);
2314 sfa = kmalloc(kmalloc_size_roundup(sizeof(*sfa) + size), GFP_KERNEL);
2316 return ERR_PTR(-ENOMEM);
2318 sfa->actions_len = 0;
2322 static void ovs_nla_free_nested_actions(const struct nlattr *actions, int len);
2324 static void ovs_nla_free_check_pkt_len_action(const struct nlattr *action)
2326 const struct nlattr *a;
2329 nla_for_each_nested(a, action, rem) {
2330 switch (nla_type(a)) {
2331 case OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL:
2332 case OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER:
2333 ovs_nla_free_nested_actions(nla_data(a), nla_len(a));
2339 static void ovs_nla_free_clone_action(const struct nlattr *action)
2341 const struct nlattr *a = nla_data(action);
2342 int rem = nla_len(action);
2344 switch (nla_type(a)) {
2345 case OVS_CLONE_ATTR_EXEC:
2346 /* The real list of actions follows this attribute. */
2347 a = nla_next(a, &rem);
2348 ovs_nla_free_nested_actions(a, rem);
2353 static void ovs_nla_free_dec_ttl_action(const struct nlattr *action)
2355 const struct nlattr *a = nla_data(action);
2357 switch (nla_type(a)) {
2358 case OVS_DEC_TTL_ATTR_ACTION:
2359 ovs_nla_free_nested_actions(nla_data(a), nla_len(a));
2364 static void ovs_nla_free_sample_action(const struct nlattr *action)
2366 const struct nlattr *a = nla_data(action);
2367 int rem = nla_len(action);
2369 switch (nla_type(a)) {
2370 case OVS_SAMPLE_ATTR_ARG:
2371 /* The real list of actions follows this attribute. */
2372 a = nla_next(a, &rem);
2373 ovs_nla_free_nested_actions(a, rem);
2378 static void ovs_nla_free_set_action(const struct nlattr *a)
2380 const struct nlattr *ovs_key = nla_data(a);
2381 struct ovs_tunnel_info *ovs_tun;
2383 switch (nla_type(ovs_key)) {
2384 case OVS_KEY_ATTR_TUNNEL_INFO:
2385 ovs_tun = nla_data(ovs_key);
2386 dst_release((struct dst_entry *)ovs_tun->tun_dst);
2391 static void ovs_nla_free_nested_actions(const struct nlattr *actions, int len)
2393 const struct nlattr *a;
2396 /* Whenever new actions are added, the need to update this
2397 * function should be considered.
2399 BUILD_BUG_ON(OVS_ACTION_ATTR_MAX != 24);
2404 nla_for_each_attr(a, actions, len, rem) {
2405 switch (nla_type(a)) {
2406 case OVS_ACTION_ATTR_CHECK_PKT_LEN:
2407 ovs_nla_free_check_pkt_len_action(a);
2410 case OVS_ACTION_ATTR_CLONE:
2411 ovs_nla_free_clone_action(a);
2414 case OVS_ACTION_ATTR_CT:
2415 ovs_ct_free_action(a);
2418 case OVS_ACTION_ATTR_DEC_TTL:
2419 ovs_nla_free_dec_ttl_action(a);
2422 case OVS_ACTION_ATTR_SAMPLE:
2423 ovs_nla_free_sample_action(a);
2426 case OVS_ACTION_ATTR_SET:
2427 ovs_nla_free_set_action(a);
2433 void ovs_nla_free_flow_actions(struct sw_flow_actions *sf_acts)
2438 ovs_nla_free_nested_actions(sf_acts->actions, sf_acts->actions_len);
2442 static void __ovs_nla_free_flow_actions(struct rcu_head *head)
2444 ovs_nla_free_flow_actions(container_of(head, struct sw_flow_actions, rcu));
2447 /* Schedules 'sf_acts' to be freed after the next RCU grace period.
2448 * The caller must hold rcu_read_lock for this to be sensible. */
2449 void ovs_nla_free_flow_actions_rcu(struct sw_flow_actions *sf_acts)
2451 call_rcu(&sf_acts->rcu, __ovs_nla_free_flow_actions);
2454 static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa,
2455 int attr_len, bool log)
2458 struct sw_flow_actions *acts;
2460 size_t req_size = NLA_ALIGN(attr_len);
2461 int next_offset = offsetof(struct sw_flow_actions, actions) +
2462 (*sfa)->actions_len;
2464 if (req_size <= (ksize(*sfa) - next_offset))
2467 new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2);
2469 if (new_acts_size > MAX_ACTIONS_BUFSIZE) {
2470 if ((next_offset + req_size) > MAX_ACTIONS_BUFSIZE) {
2471 OVS_NLERR(log, "Flow action size exceeds max %u",
2472 MAX_ACTIONS_BUFSIZE);
2473 return ERR_PTR(-EMSGSIZE);
2475 new_acts_size = MAX_ACTIONS_BUFSIZE;
2478 acts = nla_alloc_flow_actions(new_acts_size);
2480 return (void *)acts;
2482 memcpy(acts->actions, (*sfa)->actions, (*sfa)->actions_len);
2483 acts->actions_len = (*sfa)->actions_len;
2484 acts->orig_len = (*sfa)->orig_len;
2489 (*sfa)->actions_len += req_size;
2490 return (struct nlattr *) ((unsigned char *)(*sfa) + next_offset);
2493 static struct nlattr *__add_action(struct sw_flow_actions **sfa,
2494 int attrtype, void *data, int len, bool log)
2498 a = reserve_sfa_size(sfa, nla_attr_size(len), log);
2502 a->nla_type = attrtype;
2503 a->nla_len = nla_attr_size(len);
2506 memcpy(nla_data(a), data, len);
2507 memset((unsigned char *) a + a->nla_len, 0, nla_padlen(len));
2512 int ovs_nla_add_action(struct sw_flow_actions **sfa, int attrtype, void *data,
2517 a = __add_action(sfa, attrtype, data, len, log);
2519 return PTR_ERR_OR_ZERO(a);
2522 static inline int add_nested_action_start(struct sw_flow_actions **sfa,
2523 int attrtype, bool log)
2525 int used = (*sfa)->actions_len;
2528 err = ovs_nla_add_action(sfa, attrtype, NULL, 0, log);
2535 static inline void add_nested_action_end(struct sw_flow_actions *sfa,
2538 struct nlattr *a = (struct nlattr *) ((unsigned char *)sfa->actions +
2541 a->nla_len = sfa->actions_len - st_offset;
2544 static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
2545 const struct sw_flow_key *key,
2546 struct sw_flow_actions **sfa,
2547 __be16 eth_type, __be16 vlan_tci,
2548 u32 mpls_label_count, bool log);
2550 static int validate_and_copy_sample(struct net *net, const struct nlattr *attr,
2551 const struct sw_flow_key *key,
2552 struct sw_flow_actions **sfa,
2553 __be16 eth_type, __be16 vlan_tci,
2554 u32 mpls_label_count, bool log, bool last)
2556 const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1];
2557 const struct nlattr *probability, *actions;
2558 const struct nlattr *a;
2559 int rem, start, err;
2560 struct sample_arg arg;
2562 memset(attrs, 0, sizeof(attrs));
2563 nla_for_each_nested(a, attr, rem) {
2564 int type = nla_type(a);
2565 if (!type || type > OVS_SAMPLE_ATTR_MAX || attrs[type])
2572 probability = attrs[OVS_SAMPLE_ATTR_PROBABILITY];
2573 if (!probability || nla_len(probability) != sizeof(u32))
2576 actions = attrs[OVS_SAMPLE_ATTR_ACTIONS];
2577 if (!actions || (nla_len(actions) && nla_len(actions) < NLA_HDRLEN))
2580 /* validation done, copy sample action. */
2581 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SAMPLE, log);
2585 /* When both skb and flow may be changed, put the sample
2586 * into a deferred fifo. On the other hand, if only skb
2587 * may be modified, the actions can be executed in place.
2589 * Do this analysis at the flow installation time.
2590 * Set 'clone_action->exec' to true if the actions can be
2591 * executed without being deferred.
2593 * If the sample is the last action, it can always be excuted
2594 * rather than deferred.
2596 arg.exec = last || !actions_may_change_flow(actions);
2597 arg.probability = nla_get_u32(probability);
2599 err = ovs_nla_add_action(sfa, OVS_SAMPLE_ATTR_ARG, &arg, sizeof(arg),
2604 err = __ovs_nla_copy_actions(net, actions, key, sfa,
2605 eth_type, vlan_tci, mpls_label_count, log);
2610 add_nested_action_end(*sfa, start);
2615 static int validate_and_copy_dec_ttl(struct net *net,
2616 const struct nlattr *attr,
2617 const struct sw_flow_key *key,
2618 struct sw_flow_actions **sfa,
2619 __be16 eth_type, __be16 vlan_tci,
2620 u32 mpls_label_count, bool log)
2622 const struct nlattr *attrs[OVS_DEC_TTL_ATTR_MAX + 1];
2623 int start, action_start, err, rem;
2624 const struct nlattr *a, *actions;
2626 memset(attrs, 0, sizeof(attrs));
2627 nla_for_each_nested(a, attr, rem) {
2628 int type = nla_type(a);
2630 /* Ignore unknown attributes to be future proof. */
2631 if (type > OVS_DEC_TTL_ATTR_MAX)
2634 if (!type || attrs[type]) {
2635 OVS_NLERR(log, "Duplicate or invalid key (type %d).",
2644 OVS_NLERR(log, "Message has %d unknown bytes.", rem);
2648 actions = attrs[OVS_DEC_TTL_ATTR_ACTION];
2649 if (!actions || (nla_len(actions) && nla_len(actions) < NLA_HDRLEN)) {
2650 OVS_NLERR(log, "Missing valid actions attribute.");
2654 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_DEC_TTL, log);
2658 action_start = add_nested_action_start(sfa, OVS_DEC_TTL_ATTR_ACTION, log);
2659 if (action_start < 0)
2660 return action_start;
2662 err = __ovs_nla_copy_actions(net, actions, key, sfa, eth_type,
2663 vlan_tci, mpls_label_count, log);
2667 add_nested_action_end(*sfa, action_start);
2668 add_nested_action_end(*sfa, start);
2672 static int validate_and_copy_clone(struct net *net,
2673 const struct nlattr *attr,
2674 const struct sw_flow_key *key,
2675 struct sw_flow_actions **sfa,
2676 __be16 eth_type, __be16 vlan_tci,
2677 u32 mpls_label_count, bool log, bool last)
2682 if (nla_len(attr) && nla_len(attr) < NLA_HDRLEN)
2685 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_CLONE, log);
2689 exec = last || !actions_may_change_flow(attr);
2691 err = ovs_nla_add_action(sfa, OVS_CLONE_ATTR_EXEC, &exec,
2696 err = __ovs_nla_copy_actions(net, attr, key, sfa,
2697 eth_type, vlan_tci, mpls_label_count, log);
2701 add_nested_action_end(*sfa, start);
2706 void ovs_match_init(struct sw_flow_match *match,
2707 struct sw_flow_key *key,
2709 struct sw_flow_mask *mask)
2711 memset(match, 0, sizeof(*match));
2716 memset(key, 0, sizeof(*key));
2719 memset(&mask->key, 0, sizeof(mask->key));
2720 mask->range.start = mask->range.end = 0;
2724 static int validate_geneve_opts(struct sw_flow_key *key)
2726 struct geneve_opt *option;
2727 int opts_len = key->tun_opts_len;
2728 bool crit_opt = false;
2730 option = (struct geneve_opt *)TUN_METADATA_OPTS(key, key->tun_opts_len);
2731 while (opts_len > 0) {
2734 if (opts_len < sizeof(*option))
2737 len = sizeof(*option) + option->length * 4;
2741 crit_opt |= !!(option->type & GENEVE_CRIT_OPT_TYPE);
2743 option = (struct geneve_opt *)((u8 *)option + len);
2747 key->tun_key.tun_flags |= crit_opt ? TUNNEL_CRIT_OPT : 0;
2752 static int validate_and_copy_set_tun(const struct nlattr *attr,
2753 struct sw_flow_actions **sfa, bool log)
2755 struct sw_flow_match match;
2756 struct sw_flow_key key;
2757 struct metadata_dst *tun_dst;
2758 struct ip_tunnel_info *tun_info;
2759 struct ovs_tunnel_info *ovs_tun;
2761 int err = 0, start, opts_type;
2762 __be16 dst_opt_type;
2765 ovs_match_init(&match, &key, true, NULL);
2766 opts_type = ip_tun_from_nlattr(nla_data(attr), &match, false, log);
2770 if (key.tun_opts_len) {
2771 switch (opts_type) {
2772 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS:
2773 err = validate_geneve_opts(&key);
2776 dst_opt_type = TUNNEL_GENEVE_OPT;
2778 case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS:
2779 dst_opt_type = TUNNEL_VXLAN_OPT;
2781 case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS:
2782 dst_opt_type = TUNNEL_ERSPAN_OPT;
2787 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SET, log);
2791 tun_dst = metadata_dst_alloc(key.tun_opts_len, METADATA_IP_TUNNEL,
2797 err = dst_cache_init(&tun_dst->u.tun_info.dst_cache, GFP_KERNEL);
2799 dst_release((struct dst_entry *)tun_dst);
2803 a = __add_action(sfa, OVS_KEY_ATTR_TUNNEL_INFO, NULL,
2804 sizeof(*ovs_tun), log);
2806 dst_release((struct dst_entry *)tun_dst);
2810 ovs_tun = nla_data(a);
2811 ovs_tun->tun_dst = tun_dst;
2813 tun_info = &tun_dst->u.tun_info;
2814 tun_info->mode = IP_TUNNEL_INFO_TX;
2815 if (key.tun_proto == AF_INET6)
2816 tun_info->mode |= IP_TUNNEL_INFO_IPV6;
2817 else if (key.tun_proto == AF_INET && key.tun_key.u.ipv4.dst == 0)
2818 tun_info->mode |= IP_TUNNEL_INFO_BRIDGE;
2819 tun_info->key = key.tun_key;
2821 /* We need to store the options in the action itself since
2822 * everything else will go away after flow setup. We can append
2823 * it to tun_info and then point there.
2825 ip_tunnel_info_opts_set(tun_info,
2826 TUN_METADATA_OPTS(&key, key.tun_opts_len),
2827 key.tun_opts_len, dst_opt_type);
2828 add_nested_action_end(*sfa, start);
2833 static bool validate_nsh(const struct nlattr *attr, bool is_mask,
2834 bool is_push_nsh, bool log)
2836 struct sw_flow_match match;
2837 struct sw_flow_key key;
2840 ovs_match_init(&match, &key, true, NULL);
2841 ret = nsh_key_put_from_nlattr(attr, &match, is_mask,
2846 /* Return false if there are any non-masked bits set.
2847 * Mask follows data immediately, before any netlink padding.
2849 static bool validate_masked(u8 *data, int len)
2851 u8 *mask = data + len;
2854 if (*data++ & ~*mask++)
2860 static int validate_set(const struct nlattr *a,
2861 const struct sw_flow_key *flow_key,
2862 struct sw_flow_actions **sfa, bool *skip_copy,
2863 u8 mac_proto, __be16 eth_type, bool masked, bool log)
2865 const struct nlattr *ovs_key = nla_data(a);
2866 int key_type = nla_type(ovs_key);
2869 /* There can be only one key in a action */
2870 if (nla_total_size(nla_len(ovs_key)) != nla_len(a))
2873 key_len = nla_len(ovs_key);
2877 if (key_type > OVS_KEY_ATTR_MAX ||
2878 !check_attr_len(key_len, ovs_key_lens[key_type].len))
2881 if (masked && !validate_masked(nla_data(ovs_key), key_len))
2885 case OVS_KEY_ATTR_PRIORITY:
2886 case OVS_KEY_ATTR_SKB_MARK:
2887 case OVS_KEY_ATTR_CT_MARK:
2888 case OVS_KEY_ATTR_CT_LABELS:
2891 case OVS_KEY_ATTR_ETHERNET:
2892 if (mac_proto != MAC_PROTO_ETHERNET)
2896 case OVS_KEY_ATTR_TUNNEL: {
2900 return -EINVAL; /* Masked tunnel set not supported. */
2903 err = validate_and_copy_set_tun(a, sfa, log);
2908 case OVS_KEY_ATTR_IPV4: {
2909 const struct ovs_key_ipv4 *ipv4_key;
2911 if (eth_type != htons(ETH_P_IP))
2914 ipv4_key = nla_data(ovs_key);
2917 const struct ovs_key_ipv4 *mask = ipv4_key + 1;
2919 /* Non-writeable fields. */
2920 if (mask->ipv4_proto || mask->ipv4_frag)
2923 if (ipv4_key->ipv4_proto != flow_key->ip.proto)
2926 if (ipv4_key->ipv4_frag != flow_key->ip.frag)
2931 case OVS_KEY_ATTR_IPV6: {
2932 const struct ovs_key_ipv6 *ipv6_key;
2934 if (eth_type != htons(ETH_P_IPV6))
2937 ipv6_key = nla_data(ovs_key);
2940 const struct ovs_key_ipv6 *mask = ipv6_key + 1;
2942 /* Non-writeable fields. */
2943 if (mask->ipv6_proto || mask->ipv6_frag)
2946 /* Invalid bits in the flow label mask? */
2947 if (ntohl(mask->ipv6_label) & 0xFFF00000)
2950 if (ipv6_key->ipv6_proto != flow_key->ip.proto)
2953 if (ipv6_key->ipv6_frag != flow_key->ip.frag)
2956 if (ntohl(ipv6_key->ipv6_label) & 0xFFF00000)
2961 case OVS_KEY_ATTR_TCP:
2962 if ((eth_type != htons(ETH_P_IP) &&
2963 eth_type != htons(ETH_P_IPV6)) ||
2964 flow_key->ip.proto != IPPROTO_TCP)
2969 case OVS_KEY_ATTR_UDP:
2970 if ((eth_type != htons(ETH_P_IP) &&
2971 eth_type != htons(ETH_P_IPV6)) ||
2972 flow_key->ip.proto != IPPROTO_UDP)
2977 case OVS_KEY_ATTR_MPLS:
2978 if (!eth_p_mpls(eth_type))
2982 case OVS_KEY_ATTR_SCTP:
2983 if ((eth_type != htons(ETH_P_IP) &&
2984 eth_type != htons(ETH_P_IPV6)) ||
2985 flow_key->ip.proto != IPPROTO_SCTP)
2990 case OVS_KEY_ATTR_NSH:
2991 if (eth_type != htons(ETH_P_NSH))
2993 if (!validate_nsh(nla_data(a), masked, false, log))
3001 /* Convert non-masked non-tunnel set actions to masked set actions. */
3002 if (!masked && key_type != OVS_KEY_ATTR_TUNNEL) {
3003 int start, len = key_len * 2;
3008 start = add_nested_action_start(sfa,
3009 OVS_ACTION_ATTR_SET_TO_MASKED,
3014 at = __add_action(sfa, key_type, NULL, len, log);
3018 memcpy(nla_data(at), nla_data(ovs_key), key_len); /* Key. */
3019 memset(nla_data(at) + key_len, 0xff, key_len); /* Mask. */
3020 /* Clear non-writeable bits from otherwise writeable fields. */
3021 if (key_type == OVS_KEY_ATTR_IPV6) {
3022 struct ovs_key_ipv6 *mask = nla_data(at) + key_len;
3024 mask->ipv6_label &= htonl(0x000FFFFF);
3026 add_nested_action_end(*sfa, start);
3032 static int validate_userspace(const struct nlattr *attr)
3034 static const struct nla_policy userspace_policy[OVS_USERSPACE_ATTR_MAX + 1] = {
3035 [OVS_USERSPACE_ATTR_PID] = {.type = NLA_U32 },
3036 [OVS_USERSPACE_ATTR_USERDATA] = {.type = NLA_UNSPEC },
3037 [OVS_USERSPACE_ATTR_EGRESS_TUN_PORT] = {.type = NLA_U32 },
3039 struct nlattr *a[OVS_USERSPACE_ATTR_MAX + 1];
3042 error = nla_parse_nested_deprecated(a, OVS_USERSPACE_ATTR_MAX, attr,
3043 userspace_policy, NULL);
3047 if (!a[OVS_USERSPACE_ATTR_PID] ||
3048 !nla_get_u32(a[OVS_USERSPACE_ATTR_PID]))
3054 static const struct nla_policy cpl_policy[OVS_CHECK_PKT_LEN_ATTR_MAX + 1] = {
3055 [OVS_CHECK_PKT_LEN_ATTR_PKT_LEN] = {.type = NLA_U16 },
3056 [OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER] = {.type = NLA_NESTED },
3057 [OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL] = {.type = NLA_NESTED },
3060 static int validate_and_copy_check_pkt_len(struct net *net,
3061 const struct nlattr *attr,
3062 const struct sw_flow_key *key,
3063 struct sw_flow_actions **sfa,
3064 __be16 eth_type, __be16 vlan_tci,
3065 u32 mpls_label_count,
3066 bool log, bool last)
3068 const struct nlattr *acts_if_greater, *acts_if_lesser_eq;
3069 struct nlattr *a[OVS_CHECK_PKT_LEN_ATTR_MAX + 1];
3070 struct check_pkt_len_arg arg;
3071 int nested_acts_start;
3074 err = nla_parse_deprecated_strict(a, OVS_CHECK_PKT_LEN_ATTR_MAX,
3075 nla_data(attr), nla_len(attr),
3080 if (!a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN] ||
3081 !nla_get_u16(a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN]))
3084 acts_if_lesser_eq = a[OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL];
3085 acts_if_greater = a[OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER];
3087 /* Both the nested action should be present. */
3088 if (!acts_if_greater || !acts_if_lesser_eq)
3091 /* validation done, copy the nested actions. */
3092 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_CHECK_PKT_LEN,
3097 arg.pkt_len = nla_get_u16(a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN]);
3098 arg.exec_for_lesser_equal =
3099 last || !actions_may_change_flow(acts_if_lesser_eq);
3100 arg.exec_for_greater =
3101 last || !actions_may_change_flow(acts_if_greater);
3103 err = ovs_nla_add_action(sfa, OVS_CHECK_PKT_LEN_ATTR_ARG, &arg,
3108 nested_acts_start = add_nested_action_start(sfa,
3109 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL, log);
3110 if (nested_acts_start < 0)
3111 return nested_acts_start;
3113 err = __ovs_nla_copy_actions(net, acts_if_lesser_eq, key, sfa,
3114 eth_type, vlan_tci, mpls_label_count, log);
3119 add_nested_action_end(*sfa, nested_acts_start);
3121 nested_acts_start = add_nested_action_start(sfa,
3122 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER, log);
3123 if (nested_acts_start < 0)
3124 return nested_acts_start;
3126 err = __ovs_nla_copy_actions(net, acts_if_greater, key, sfa,
3127 eth_type, vlan_tci, mpls_label_count, log);
3132 add_nested_action_end(*sfa, nested_acts_start);
3133 add_nested_action_end(*sfa, start);
3137 static int copy_action(const struct nlattr *from,
3138 struct sw_flow_actions **sfa, bool log)
3140 int totlen = NLA_ALIGN(from->nla_len);
3143 to = reserve_sfa_size(sfa, from->nla_len, log);
3147 memcpy(to, from, totlen);
3151 static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
3152 const struct sw_flow_key *key,
3153 struct sw_flow_actions **sfa,
3154 __be16 eth_type, __be16 vlan_tci,
3155 u32 mpls_label_count, bool log)
3157 u8 mac_proto = ovs_key_mac_proto(key);
3158 const struct nlattr *a;
3161 nla_for_each_nested(a, attr, rem) {
3162 /* Expected argument lengths, (u32)-1 for variable length. */
3163 static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = {
3164 [OVS_ACTION_ATTR_OUTPUT] = sizeof(u32),
3165 [OVS_ACTION_ATTR_RECIRC] = sizeof(u32),
3166 [OVS_ACTION_ATTR_USERSPACE] = (u32)-1,
3167 [OVS_ACTION_ATTR_PUSH_MPLS] = sizeof(struct ovs_action_push_mpls),
3168 [OVS_ACTION_ATTR_POP_MPLS] = sizeof(__be16),
3169 [OVS_ACTION_ATTR_PUSH_VLAN] = sizeof(struct ovs_action_push_vlan),
3170 [OVS_ACTION_ATTR_POP_VLAN] = 0,
3171 [OVS_ACTION_ATTR_SET] = (u32)-1,
3172 [OVS_ACTION_ATTR_SET_MASKED] = (u32)-1,
3173 [OVS_ACTION_ATTR_SAMPLE] = (u32)-1,
3174 [OVS_ACTION_ATTR_HASH] = sizeof(struct ovs_action_hash),
3175 [OVS_ACTION_ATTR_CT] = (u32)-1,
3176 [OVS_ACTION_ATTR_CT_CLEAR] = 0,
3177 [OVS_ACTION_ATTR_TRUNC] = sizeof(struct ovs_action_trunc),
3178 [OVS_ACTION_ATTR_PUSH_ETH] = sizeof(struct ovs_action_push_eth),
3179 [OVS_ACTION_ATTR_POP_ETH] = 0,
3180 [OVS_ACTION_ATTR_PUSH_NSH] = (u32)-1,
3181 [OVS_ACTION_ATTR_POP_NSH] = 0,
3182 [OVS_ACTION_ATTR_METER] = sizeof(u32),
3183 [OVS_ACTION_ATTR_CLONE] = (u32)-1,
3184 [OVS_ACTION_ATTR_CHECK_PKT_LEN] = (u32)-1,
3185 [OVS_ACTION_ATTR_ADD_MPLS] = sizeof(struct ovs_action_add_mpls),
3186 [OVS_ACTION_ATTR_DEC_TTL] = (u32)-1,
3187 [OVS_ACTION_ATTR_DROP] = sizeof(u32),
3189 const struct ovs_action_push_vlan *vlan;
3190 int type = nla_type(a);
3193 if (type > OVS_ACTION_ATTR_MAX ||
3194 (action_lens[type] != nla_len(a) &&
3195 action_lens[type] != (u32)-1))
3200 case OVS_ACTION_ATTR_UNSPEC:
3203 case OVS_ACTION_ATTR_USERSPACE:
3204 err = validate_userspace(a);
3209 case OVS_ACTION_ATTR_OUTPUT:
3210 if (nla_get_u32(a) >= DP_MAX_PORTS)
3214 case OVS_ACTION_ATTR_TRUNC: {
3215 const struct ovs_action_trunc *trunc = nla_data(a);
3217 if (trunc->max_len < ETH_HLEN)
3222 case OVS_ACTION_ATTR_HASH: {
3223 const struct ovs_action_hash *act_hash = nla_data(a);
3225 switch (act_hash->hash_alg) {
3226 case OVS_HASH_ALG_L4:
3228 case OVS_HASH_ALG_SYM_L4:
3237 case OVS_ACTION_ATTR_POP_VLAN:
3238 if (mac_proto != MAC_PROTO_ETHERNET)
3240 vlan_tci = htons(0);
3243 case OVS_ACTION_ATTR_PUSH_VLAN:
3244 if (mac_proto != MAC_PROTO_ETHERNET)
3247 if (!eth_type_vlan(vlan->vlan_tpid))
3249 if (!(vlan->vlan_tci & htons(VLAN_CFI_MASK)))
3251 vlan_tci = vlan->vlan_tci;
3254 case OVS_ACTION_ATTR_RECIRC:
3257 case OVS_ACTION_ATTR_ADD_MPLS: {
3258 const struct ovs_action_add_mpls *mpls = nla_data(a);
3260 if (!eth_p_mpls(mpls->mpls_ethertype))
3263 if (mpls->tun_flags & OVS_MPLS_L3_TUNNEL_FLAG_MASK) {
3264 if (vlan_tci & htons(VLAN_CFI_MASK) ||
3265 (eth_type != htons(ETH_P_IP) &&
3266 eth_type != htons(ETH_P_IPV6) &&
3267 eth_type != htons(ETH_P_ARP) &&
3268 eth_type != htons(ETH_P_RARP) &&
3269 !eth_p_mpls(eth_type)))
3273 if (mac_proto == MAC_PROTO_ETHERNET) {
3274 mpls_label_count = 1;
3275 mac_proto = MAC_PROTO_NONE;
3280 eth_type = mpls->mpls_ethertype;
3284 case OVS_ACTION_ATTR_PUSH_MPLS: {
3285 const struct ovs_action_push_mpls *mpls = nla_data(a);
3287 if (!eth_p_mpls(mpls->mpls_ethertype))
3289 /* Prohibit push MPLS other than to a white list
3290 * for packets that have a known tag order.
3292 if (vlan_tci & htons(VLAN_CFI_MASK) ||
3293 (eth_type != htons(ETH_P_IP) &&
3294 eth_type != htons(ETH_P_IPV6) &&
3295 eth_type != htons(ETH_P_ARP) &&
3296 eth_type != htons(ETH_P_RARP) &&
3297 !eth_p_mpls(eth_type)))
3299 eth_type = mpls->mpls_ethertype;
3304 case OVS_ACTION_ATTR_POP_MPLS: {
3306 if (vlan_tci & htons(VLAN_CFI_MASK) ||
3307 !eth_p_mpls(eth_type))
3310 /* Disallow subsequent L2.5+ set actions and mpls_pop
3311 * actions once the last MPLS label in the packet is
3312 * popped as there is no check here to ensure that
3313 * the new eth type is valid and thus set actions could
3314 * write off the end of the packet or otherwise corrupt
3317 * Support for these actions is planned using packet
3320 proto = nla_get_be16(a);
3322 if (proto == htons(ETH_P_TEB) &&
3323 mac_proto != MAC_PROTO_NONE)
3328 if (!eth_p_mpls(proto) || !mpls_label_count)
3329 eth_type = htons(0);
3336 case OVS_ACTION_ATTR_SET:
3337 err = validate_set(a, key, sfa,
3338 &skip_copy, mac_proto, eth_type,
3344 case OVS_ACTION_ATTR_SET_MASKED:
3345 err = validate_set(a, key, sfa,
3346 &skip_copy, mac_proto, eth_type,
3352 case OVS_ACTION_ATTR_SAMPLE: {
3353 bool last = nla_is_last(a, rem);
3355 err = validate_and_copy_sample(net, a, key, sfa,
3365 case OVS_ACTION_ATTR_CT:
3366 err = ovs_ct_copy_action(net, a, key, sfa, log);
3372 case OVS_ACTION_ATTR_CT_CLEAR:
3375 case OVS_ACTION_ATTR_PUSH_ETH:
3376 /* Disallow pushing an Ethernet header if one
3377 * is already present */
3378 if (mac_proto != MAC_PROTO_NONE)
3380 mac_proto = MAC_PROTO_ETHERNET;
3383 case OVS_ACTION_ATTR_POP_ETH:
3384 if (mac_proto != MAC_PROTO_ETHERNET)
3386 if (vlan_tci & htons(VLAN_CFI_MASK))
3388 mac_proto = MAC_PROTO_NONE;
3391 case OVS_ACTION_ATTR_PUSH_NSH:
3392 if (mac_proto != MAC_PROTO_ETHERNET) {
3395 next_proto = tun_p_from_eth_p(eth_type);
3399 mac_proto = MAC_PROTO_NONE;
3400 if (!validate_nsh(nla_data(a), false, true, true))
3404 case OVS_ACTION_ATTR_POP_NSH: {
3407 if (eth_type != htons(ETH_P_NSH))
3409 inner_proto = tun_p_to_eth_p(key->nsh.base.np);
3412 if (key->nsh.base.np == TUN_P_ETHERNET)
3413 mac_proto = MAC_PROTO_ETHERNET;
3415 mac_proto = MAC_PROTO_NONE;
3419 case OVS_ACTION_ATTR_METER:
3420 /* Non-existent meters are simply ignored. */
3423 case OVS_ACTION_ATTR_CLONE: {
3424 bool last = nla_is_last(a, rem);
3426 err = validate_and_copy_clone(net, a, key, sfa,
3436 case OVS_ACTION_ATTR_CHECK_PKT_LEN: {
3437 bool last = nla_is_last(a, rem);
3439 err = validate_and_copy_check_pkt_len(net, a, key, sfa,
3450 case OVS_ACTION_ATTR_DEC_TTL:
3451 err = validate_and_copy_dec_ttl(net, a, key, sfa,
3453 mpls_label_count, log);
3459 case OVS_ACTION_ATTR_DROP:
3460 if (!nla_is_last(a, rem))
3465 OVS_NLERR(log, "Unknown Action type %d", type);
3469 err = copy_action(a, sfa, log);
3481 /* 'key' must be the masked key. */
3482 int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
3483 const struct sw_flow_key *key,
3484 struct sw_flow_actions **sfa, bool log)
3487 u32 mpls_label_count = 0;
3489 *sfa = nla_alloc_flow_actions(min(nla_len(attr), MAX_ACTIONS_BUFSIZE));
3491 return PTR_ERR(*sfa);
3493 if (eth_p_mpls(key->eth.type))
3494 mpls_label_count = hweight_long(key->mpls.num_labels_mask);
3496 (*sfa)->orig_len = nla_len(attr);
3497 err = __ovs_nla_copy_actions(net, attr, key, sfa, key->eth.type,
3498 key->eth.vlan.tci, mpls_label_count, log);
3500 ovs_nla_free_flow_actions(*sfa);
3505 static int sample_action_to_attr(const struct nlattr *attr,
3506 struct sk_buff *skb)
3508 struct nlattr *start, *ac_start = NULL, *sample_arg;
3509 int err = 0, rem = nla_len(attr);
3510 const struct sample_arg *arg;
3511 struct nlattr *actions;
3513 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SAMPLE);
3517 sample_arg = nla_data(attr);
3518 arg = nla_data(sample_arg);
3519 actions = nla_next(sample_arg, &rem);
3521 if (nla_put_u32(skb, OVS_SAMPLE_ATTR_PROBABILITY, arg->probability)) {
3526 ac_start = nla_nest_start_noflag(skb, OVS_SAMPLE_ATTR_ACTIONS);
3532 err = ovs_nla_put_actions(actions, rem, skb);
3536 nla_nest_cancel(skb, ac_start);
3537 nla_nest_cancel(skb, start);
3539 nla_nest_end(skb, ac_start);
3540 nla_nest_end(skb, start);
3546 static int clone_action_to_attr(const struct nlattr *attr,
3547 struct sk_buff *skb)
3549 struct nlattr *start;
3550 int err = 0, rem = nla_len(attr);
3552 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CLONE);
3556 /* Skipping the OVS_CLONE_ATTR_EXEC that is always the first attribute. */
3557 attr = nla_next(nla_data(attr), &rem);
3558 err = ovs_nla_put_actions(attr, rem, skb);
3561 nla_nest_cancel(skb, start);
3563 nla_nest_end(skb, start);
3568 static int check_pkt_len_action_to_attr(const struct nlattr *attr,
3569 struct sk_buff *skb)
3571 struct nlattr *start, *ac_start = NULL;
3572 const struct check_pkt_len_arg *arg;
3573 const struct nlattr *a, *cpl_arg;
3574 int err = 0, rem = nla_len(attr);
3576 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CHECK_PKT_LEN);
3580 /* The first nested attribute in 'attr' is always
3581 * 'OVS_CHECK_PKT_LEN_ATTR_ARG'.
3583 cpl_arg = nla_data(attr);
3584 arg = nla_data(cpl_arg);
3586 if (nla_put_u16(skb, OVS_CHECK_PKT_LEN_ATTR_PKT_LEN, arg->pkt_len)) {
3591 /* Second nested attribute in 'attr' is always
3592 * 'OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL'.
3594 a = nla_next(cpl_arg, &rem);
3595 ac_start = nla_nest_start_noflag(skb,
3596 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL);
3602 err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb);
3604 nla_nest_cancel(skb, ac_start);
3607 nla_nest_end(skb, ac_start);
3610 /* Third nested attribute in 'attr' is always
3611 * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER.
3613 a = nla_next(a, &rem);
3614 ac_start = nla_nest_start_noflag(skb,
3615 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER);
3621 err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb);
3623 nla_nest_cancel(skb, ac_start);
3626 nla_nest_end(skb, ac_start);
3629 nla_nest_end(skb, start);
3633 nla_nest_cancel(skb, start);
3637 static int dec_ttl_action_to_attr(const struct nlattr *attr,
3638 struct sk_buff *skb)
3640 struct nlattr *start, *action_start;
3641 const struct nlattr *a;
3644 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_DEC_TTL);
3648 nla_for_each_attr(a, nla_data(attr), nla_len(attr), rem) {
3649 switch (nla_type(a)) {
3650 case OVS_DEC_TTL_ATTR_ACTION:
3652 action_start = nla_nest_start_noflag(skb, OVS_DEC_TTL_ATTR_ACTION);
3653 if (!action_start) {
3658 err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb);
3662 nla_nest_end(skb, action_start);
3666 /* Ignore all other option to be future compatible */
3671 nla_nest_end(skb, start);
3675 nla_nest_cancel(skb, start);
3679 static int set_action_to_attr(const struct nlattr *a, struct sk_buff *skb)
3681 const struct nlattr *ovs_key = nla_data(a);
3682 int key_type = nla_type(ovs_key);
3683 struct nlattr *start;
3687 case OVS_KEY_ATTR_TUNNEL_INFO: {
3688 struct ovs_tunnel_info *ovs_tun = nla_data(ovs_key);
3689 struct ip_tunnel_info *tun_info = &ovs_tun->tun_dst->u.tun_info;
3691 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SET);
3695 err = ip_tun_to_nlattr(skb, &tun_info->key,
3696 ip_tunnel_info_opts(tun_info),
3697 tun_info->options_len,
3698 ip_tunnel_info_af(tun_info), tun_info->mode);
3701 nla_nest_end(skb, start);
3705 if (nla_put(skb, OVS_ACTION_ATTR_SET, nla_len(a), ovs_key))
3713 static int masked_set_action_to_set_action_attr(const struct nlattr *a,
3714 struct sk_buff *skb)
3716 const struct nlattr *ovs_key = nla_data(a);
3718 size_t key_len = nla_len(ovs_key) / 2;
3720 /* Revert the conversion we did from a non-masked set action to
3721 * masked set action.
3723 nla = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SET);
3727 if (nla_put(skb, nla_type(ovs_key), key_len, nla_data(ovs_key)))
3730 nla_nest_end(skb, nla);
3734 int ovs_nla_put_actions(const struct nlattr *attr, int len, struct sk_buff *skb)
3736 const struct nlattr *a;
3739 nla_for_each_attr(a, attr, len, rem) {
3740 int type = nla_type(a);
3743 case OVS_ACTION_ATTR_SET:
3744 err = set_action_to_attr(a, skb);
3749 case OVS_ACTION_ATTR_SET_TO_MASKED:
3750 err = masked_set_action_to_set_action_attr(a, skb);
3755 case OVS_ACTION_ATTR_SAMPLE:
3756 err = sample_action_to_attr(a, skb);
3761 case OVS_ACTION_ATTR_CT:
3762 err = ovs_ct_action_to_attr(nla_data(a), skb);
3767 case OVS_ACTION_ATTR_CLONE:
3768 err = clone_action_to_attr(a, skb);
3773 case OVS_ACTION_ATTR_CHECK_PKT_LEN:
3774 err = check_pkt_len_action_to_attr(a, skb);
3779 case OVS_ACTION_ATTR_DEC_TTL:
3780 err = dec_ttl_action_to_attr(a, skb);
3786 if (nla_put(skb, type, nla_len(a), nla_data(a)))
projects / platform / kernel / linux-rpi.git / blob