projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'gcc-plugins-v5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel...
[linux-2.6-block.git] / net / openvswitch / flow_netlink.c
CommitLineData
e6445719 1/*
798c1661 2 * Copyright (c) 2007-2017 Nicira, Inc.
e6445719
PS		 3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of version 2 of the GNU General Public
6 * License as published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
16 * 02110-1301, USA
17 */
18
2235ad1c
JP		 19#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
20
e6445719
PS		 21#include "flow.h"
22#include "datapath.h"
23#include <linux/uaccess.h>
24#include <linux/netdevice.h>
25#include <linux/etherdevice.h>
26#include <linux/if_ether.h>
27#include <linux/if_vlan.h>
28#include <net/llc_pdu.h>
29#include <linux/kernel.h>
30#include <linux/jhash.h>
31#include <linux/jiffies.h>
32#include <linux/llc.h>
33#include <linux/module.h>
34#include <linux/in.h>
35#include <linux/rcupdate.h>
36#include <linux/if_arp.h>
37#include <linux/ip.h>
38#include <linux/ipv6.h>
39#include <linux/sctp.h>
40#include <linux/tcp.h>
41#include <linux/udp.h>
42#include <linux/icmp.h>
43#include <linux/icmpv6.h>
44#include <linux/rculist.h>
f5796684 45#include <net/geneve.h>
e6445719
PS		 46#include <net/ip.h>
47#include <net/ipv6.h>
48#include <net/ndisc.h>
25cd9ba0 49#include <net/mpls.h>
614732ea 50#include <net/vxlan.h>
b2d0f5d5 51#include <net/tun_proto.h>
fc1372f8 52#include <net/erspan.h>
e6445719
PS		 53
54#include "flow_netlink.h"
55
81bfe3c3
TG		 56struct ovs_len_tbl {
57 int len;
58 const struct ovs_len_tbl *next;
59};
60
61#define OVS_ATTR_NESTED -1
982b5270 62#define OVS_ATTR_VARIABLE -2
81bfe3c3 63
798c1661 64static bool actions_may_change_flow(const struct nlattr *actions)
65{
66 struct nlattr *nla;
67 int rem;
68
69 nla_for_each_nested(nla, actions, rem) {
70 u16 action = nla_type(nla);
71
72 switch (action) {
73 case OVS_ACTION_ATTR_OUTPUT:
74 case OVS_ACTION_ATTR_RECIRC:
75 case OVS_ACTION_ATTR_TRUNC:
76 case OVS_ACTION_ATTR_USERSPACE:
77 break;
78
79 case OVS_ACTION_ATTR_CT:
b8226962 80 case OVS_ACTION_ATTR_CT_CLEAR:
798c1661 81 case OVS_ACTION_ATTR_HASH:
82 case OVS_ACTION_ATTR_POP_ETH:
83 case OVS_ACTION_ATTR_POP_MPLS:
b2d0f5d5 84 case OVS_ACTION_ATTR_POP_NSH:
798c1661 85 case OVS_ACTION_ATTR_POP_VLAN:
86 case OVS_ACTION_ATTR_PUSH_ETH:
87 case OVS_ACTION_ATTR_PUSH_MPLS:
b2d0f5d5 88 case OVS_ACTION_ATTR_PUSH_NSH:
798c1661 89 case OVS_ACTION_ATTR_PUSH_VLAN:
90 case OVS_ACTION_ATTR_SAMPLE:
91 case OVS_ACTION_ATTR_SET:
92 case OVS_ACTION_ATTR_SET_MASKED:
cd8a6c33 93 case OVS_ACTION_ATTR_METER:
4d5ec89f 94 case OVS_ACTION_ATTR_CHECK_PKT_LEN:
798c1661 95 default:
96 return true;
97 }
98 }
99 return false;
100}
101
a85311bf
PS		 102static void update_range(struct sw_flow_match *match,
103 size_t offset, size_t size, bool is_mask)
e6445719 104{
a85311bf 105 struct sw_flow_key_range *range;
e6445719
PS		 106 size_t start = rounddown(offset, sizeof(long));
107 size_t end = roundup(offset + size, sizeof(long));
108
109 if (!is_mask)
110 range = &match->range;
a85311bf 111 else
e6445719
PS		 112 range = &match->mask->range;
113
e6445719
PS		 114 if (range->start == range->end) {
115 range->start = start;
116 range->end = end;
117 return;
118 }
119
120 if (range->start > start)
121 range->start = start;
122
123 if (range->end < end)
124 range->end = end;
125}
126
127#define SW_FLOW_KEY_PUT(match, field, value, is_mask) \
128 do { \
a85311bf
PS		 129 update_range(match, offsetof(struct sw_flow_key, field), \
130 sizeof((match)->key->field), is_mask); \
131 if (is_mask) \
132 (match)->mask->key.field = value; \
133 else \
e6445719 134 (match)->key->field = value; \
e6445719
PS		 135 } while (0)
136
f5796684
JG		 137#define SW_FLOW_KEY_MEMCPY_OFFSET(match, offset, value_p, len, is_mask) \
138 do { \
a85311bf 139 update_range(match, offset, len, is_mask); \
f5796684
JG		 140 if (is_mask) \
141 memcpy((u8 *)&(match)->mask->key + offset, value_p, \
a85311bf 142 len); \
f5796684
JG		 143 else \
144 memcpy((u8 *)(match)->key + offset, value_p, len); \
e6445719
PS		 145 } while (0)
146
f5796684
JG		 147#define SW_FLOW_KEY_MEMCPY(match, field, value_p, len, is_mask) \
148 SW_FLOW_KEY_MEMCPY_OFFSET(match, offsetof(struct sw_flow_key, field), \
149 value_p, len, is_mask)
150
a85311bf
PS		 151#define SW_FLOW_KEY_MEMSET_FIELD(match, field, value, is_mask) \
152 do { \
153 update_range(match, offsetof(struct sw_flow_key, field), \
154 sizeof((match)->key->field), is_mask); \
155 if (is_mask) \
156 memset((u8 *)&(match)->mask->key.field, value, \
157 sizeof((match)->mask->key.field)); \
158 else \
f47de068
PS		 159 memset((u8 *)&(match)->key->field, value, \
160 sizeof((match)->key->field)); \
f47de068 161 } while (0)
e6445719
PS		 162
163static bool match_validate(const struct sw_flow_match *match,
05da5898 164 u64 key_attrs, u64 mask_attrs, bool log)
e6445719 165{
0a6410fb 166 u64 key_expected = 0;
e6445719
PS		 167 u64 mask_allowed = key_attrs; /* At most allow all key attributes */
168
169 /* The following mask attributes allowed only if they
170 * pass the validation tests. */
171 mask_allowed &= ~((1 << OVS_KEY_ATTR_IPV4)
9dd7f890 172 | (1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4)
e6445719 173 | (1 << OVS_KEY_ATTR_IPV6)
9dd7f890 174 | (1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6)
e6445719 175 | (1 << OVS_KEY_ATTR_TCP)
5eb26b15 176 | (1 << OVS_KEY_ATTR_TCP_FLAGS)
e6445719
PS		 177 | (1 << OVS_KEY_ATTR_UDP)
178 | (1 << OVS_KEY_ATTR_SCTP)
179 | (1 << OVS_KEY_ATTR_ICMP)
180 | (1 << OVS_KEY_ATTR_ICMPV6)
181 | (1 << OVS_KEY_ATTR_ARP)
25cd9ba0 182 | (1 << OVS_KEY_ATTR_ND)
b2d0f5d5
YY		 183 | (1 << OVS_KEY_ATTR_MPLS)
184 | (1 << OVS_KEY_ATTR_NSH));
e6445719
PS		 185
186 /* Always allowed mask fields. */
187 mask_allowed |= ((1 << OVS_KEY_ATTR_TUNNEL)
188 | (1 << OVS_KEY_ATTR_IN_PORT)
189 | (1 << OVS_KEY_ATTR_ETHERTYPE));
190
191 /* Check key attributes. */
192 if (match->key->eth.type == htons(ETH_P_ARP)
193 || match->key->eth.type == htons(ETH_P_RARP)) {
194 key_expected |= 1 << OVS_KEY_ATTR_ARP;
f2a01517 195 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
e6445719
PS		 196 mask_allowed |= 1 << OVS_KEY_ATTR_ARP;
197 }
198
25cd9ba0
SH		 199 if (eth_p_mpls(match->key->eth.type)) {
200 key_expected |= 1 << OVS_KEY_ATTR_MPLS;
201 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
202 mask_allowed |= 1 << OVS_KEY_ATTR_MPLS;
203 }
204
e6445719
PS		 205 if (match->key->eth.type == htons(ETH_P_IP)) {
206 key_expected |= 1 << OVS_KEY_ATTR_IPV4;
9dd7f890 207 if (match->mask && match->mask->key.eth.type == htons(0xffff)) {
e6445719 208 mask_allowed |= 1 << OVS_KEY_ATTR_IPV4;
9dd7f890
JR		 209 mask_allowed |= 1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4;
210 }
e6445719
PS		 211
212 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) {
213 if (match->key->ip.proto == IPPROTO_UDP) {
214 key_expected |= 1 << OVS_KEY_ATTR_UDP;
215 if (match->mask && (match->mask->key.ip.proto == 0xff))
216 mask_allowed |= 1 << OVS_KEY_ATTR_UDP;
217 }
218
219 if (match->key->ip.proto == IPPROTO_SCTP) {
220 key_expected |= 1 << OVS_KEY_ATTR_SCTP;
221 if (match->mask && (match->mask->key.ip.proto == 0xff))
222 mask_allowed |= 1 << OVS_KEY_ATTR_SCTP;
223 }
224
225 if (match->key->ip.proto == IPPROTO_TCP) {
226 key_expected |= 1 << OVS_KEY_ATTR_TCP;
5eb26b15
JR		 227 key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
228 if (match->mask && (match->mask->key.ip.proto == 0xff)) {
e6445719 229 mask_allowed |= 1 << OVS_KEY_ATTR_TCP;
5eb26b15
JR		 230 mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
231 }
e6445719
PS		 232 }
233
234 if (match->key->ip.proto == IPPROTO_ICMP) {
235 key_expected |= 1 << OVS_KEY_ATTR_ICMP;
236 if (match->mask && (match->mask->key.ip.proto == 0xff))
237 mask_allowed |= 1 << OVS_KEY_ATTR_ICMP;
238 }
239 }
240 }
241
242 if (match->key->eth.type == htons(ETH_P_IPV6)) {
243 key_expected |= 1 << OVS_KEY_ATTR_IPV6;
9dd7f890 244 if (match->mask && match->mask->key.eth.type == htons(0xffff)) {
e6445719 245 mask_allowed |= 1 << OVS_KEY_ATTR_IPV6;
9dd7f890
JR		 246 mask_allowed |= 1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6;
247 }
e6445719
PS		 248
249 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) {
250 if (match->key->ip.proto == IPPROTO_UDP) {
251 key_expected |= 1 << OVS_KEY_ATTR_UDP;
252 if (match->mask && (match->mask->key.ip.proto == 0xff))
253 mask_allowed |= 1 << OVS_KEY_ATTR_UDP;
254 }
255
256 if (match->key->ip.proto == IPPROTO_SCTP) {
257 key_expected |= 1 << OVS_KEY_ATTR_SCTP;
258 if (match->mask && (match->mask->key.ip.proto == 0xff))
259 mask_allowed |= 1 << OVS_KEY_ATTR_SCTP;
260 }
261
262 if (match->key->ip.proto == IPPROTO_TCP) {
263 key_expected |= 1 << OVS_KEY_ATTR_TCP;
5eb26b15
JR		 264 key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
265 if (match->mask && (match->mask->key.ip.proto == 0xff)) {
e6445719 266 mask_allowed |= 1 << OVS_KEY_ATTR_TCP;
5eb26b15
JR		 267 mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
268 }
e6445719
PS		 269 }
270
271 if (match->key->ip.proto == IPPROTO_ICMPV6) {
272 key_expected |= 1 << OVS_KEY_ATTR_ICMPV6;
273 if (match->mask && (match->mask->key.ip.proto == 0xff))
274 mask_allowed |= 1 << OVS_KEY_ATTR_ICMPV6;
275
1139e241 276 if (match->key->tp.src ==
e6445719 277 htons(NDISC_NEIGHBOUR_SOLICITATION) ||
1139e241 278 match->key->tp.src == htons(NDISC_NEIGHBOUR_ADVERTISEMENT)) {
e6445719 279 key_expected |= 1 << OVS_KEY_ATTR_ND;
9dd7f890
JR		 280 /* Original direction conntrack tuple
281 * uses the same space as the ND fields
282 * in the key, so both are not allowed
283 * at the same time.
284 */
285 mask_allowed &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6);
f2a01517 286 if (match->mask && (match->mask->key.tp.src == htons(0xff)))
e6445719
PS		 287 mask_allowed |= 1 << OVS_KEY_ATTR_ND;
288 }
289 }
290 }
291 }
292
b2d0f5d5
YY		 293 if (match->key->eth.type == htons(ETH_P_NSH)) {
294 key_expected |= 1 << OVS_KEY_ATTR_NSH;
295 if (match->mask &&
296 match->mask->key.eth.type == htons(0xffff)) {
297 mask_allowed |= 1 << OVS_KEY_ATTR_NSH;
298 }
299 }
300
e6445719
PS		 301 if ((key_attrs & key_expected) != key_expected) {
302 /* Key attributes check failed. */
05da5898
JR		 303 OVS_NLERR(log, "Missing key (keys=%llx, expected=%llx)",
304 (unsigned long long)key_attrs,
305 (unsigned long long)key_expected);
e6445719
PS		 306 return false;
307 }
308
309 if ((mask_attrs & mask_allowed) != mask_attrs) {
310 /* Mask attributes check failed. */
05da5898
JR		 311 OVS_NLERR(log, "Unexpected mask (mask=%llx, allowed=%llx)",
312 (unsigned long long)mask_attrs,
313 (unsigned long long)mask_allowed);
e6445719
PS		 314 return false;
315 }
316
317 return true;
318}
319
8f0aad6f
WZ		 320size_t ovs_tun_key_attr_size(void)
321{
322 /* Whenever adding new OVS_TUNNEL_KEY_ FIELDS, we should consider
323 * updating this function.
324 */
b46f6ded 325 return nla_total_size_64bit(8) /* OVS_TUNNEL_KEY_ATTR_ID */
6b26ba3a
JB		 326 + nla_total_size(16) /* OVS_TUNNEL_KEY_ATTR_IPV[46]_SRC */
327 + nla_total_size(16) /* OVS_TUNNEL_KEY_ATTR_IPV[46]_DST */
8f0aad6f
WZ		 328 + nla_total_size(1) /* OVS_TUNNEL_KEY_ATTR_TOS */
329 + nla_total_size(1) /* OVS_TUNNEL_KEY_ATTR_TTL */
330 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT */
331 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_CSUM */
332 + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_OAM */
333 + nla_total_size(256) /* OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS */
fc1372f8
WT		 334 /* OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS and
335 * OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS is mutually exclusive with
1dd144cf
TG		 336 * OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS and covered by it.
337 */
8f0aad6f 338 + nla_total_size(2) /* OVS_TUNNEL_KEY_ATTR_TP_SRC */
95a33208 339 + nla_total_size(2); /* OVS_TUNNEL_KEY_ATTR_TP_DST */
8f0aad6f
WZ		 340}
341
06c2351f 342static size_t ovs_nsh_key_attr_size(void)
b2d0f5d5
YY		 343{
344 /* Whenever adding new OVS_NSH_KEY_ FIELDS, we should consider
345 * updating this function.
346 */
347 return nla_total_size(NSH_BASE_HDR_LEN) /* OVS_NSH_KEY_ATTR_BASE */
348 /* OVS_NSH_KEY_ATTR_MD1 and OVS_NSH_KEY_ATTR_MD2 are
349 * mutually exclusive, so the bigger one can cover
350 * the small one.
351 */
352 + nla_total_size(NSH_CTX_HDRS_MAX_LEN);
353}
354
41af73e9
JS		 355size_t ovs_key_attr_size(void)
356{
357 /* Whenever adding new OVS_KEY_ FIELDS, we should consider
358 * updating this function.
359 */
b2d0f5d5 360 BUILD_BUG_ON(OVS_KEY_ATTR_TUNNEL_INFO != 29);
41af73e9
JS		 361
362 return nla_total_size(4) /* OVS_KEY_ATTR_PRIORITY */
363 + nla_total_size(0) /* OVS_KEY_ATTR_TUNNEL */
8f0aad6f 364 + ovs_tun_key_attr_size()
41af73e9
JS		 365 + nla_total_size(4) /* OVS_KEY_ATTR_IN_PORT */
366 + nla_total_size(4) /* OVS_KEY_ATTR_SKB_MARK */
367 + nla_total_size(4) /* OVS_KEY_ATTR_DP_HASH */
368 + nla_total_size(4) /* OVS_KEY_ATTR_RECIRC_ID */
fbccce59 369 + nla_total_size(4) /* OVS_KEY_ATTR_CT_STATE */
7f8a436e 370 + nla_total_size(2) /* OVS_KEY_ATTR_CT_ZONE */
182e3042 371 + nla_total_size(4) /* OVS_KEY_ATTR_CT_MARK */
33db4125 372 + nla_total_size(16) /* OVS_KEY_ATTR_CT_LABELS */
9dd7f890 373 + nla_total_size(40) /* OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6 */
b2d0f5d5
YY		 374 + nla_total_size(0) /* OVS_KEY_ATTR_NSH */
375 + ovs_nsh_key_attr_size()
41af73e9
JS		 376 + nla_total_size(12) /* OVS_KEY_ATTR_ETHERNET */
377 + nla_total_size(2) /* OVS_KEY_ATTR_ETHERTYPE */
378 + nla_total_size(4) /* OVS_KEY_ATTR_VLAN */
379 + nla_total_size(0) /* OVS_KEY_ATTR_ENCAP */
380 + nla_total_size(2) /* OVS_KEY_ATTR_ETHERTYPE */
381 + nla_total_size(40) /* OVS_KEY_ATTR_IPV6 */
382 + nla_total_size(2) /* OVS_KEY_ATTR_ICMPV6 */
383 + nla_total_size(28); /* OVS_KEY_ATTR_ND */
384}
385
982b5270
JG		 386static const struct ovs_len_tbl ovs_vxlan_ext_key_lens[OVS_VXLAN_EXT_MAX + 1] = {
387 [OVS_VXLAN_EXT_GBP] = { .len = sizeof(u32) },
388};
389
81bfe3c3
TG		 390static const struct ovs_len_tbl ovs_tunnel_key_lens[OVS_TUNNEL_KEY_ATTR_MAX + 1] = {
391 [OVS_TUNNEL_KEY_ATTR_ID] = { .len = sizeof(u64) },
392 [OVS_TUNNEL_KEY_ATTR_IPV4_SRC] = { .len = sizeof(u32) },
393 [OVS_TUNNEL_KEY_ATTR_IPV4_DST] = { .len = sizeof(u32) },
394 [OVS_TUNNEL_KEY_ATTR_TOS] = { .len = 1 },
395 [OVS_TUNNEL_KEY_ATTR_TTL] = { .len = 1 },
396 [OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT] = { .len = 0 },
397 [OVS_TUNNEL_KEY_ATTR_CSUM] = { .len = 0 },
398 [OVS_TUNNEL_KEY_ATTR_TP_SRC] = { .len = sizeof(u16) },
399 [OVS_TUNNEL_KEY_ATTR_TP_DST] = { .len = sizeof(u16) },
400 [OVS_TUNNEL_KEY_ATTR_OAM] = { .len = 0 },
982b5270
JG		 401 [OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS] = { .len = OVS_ATTR_VARIABLE },
402 [OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS] = { .len = OVS_ATTR_NESTED,
403 .next = ovs_vxlan_ext_key_lens },
6b26ba3a
JB		 404 [OVS_TUNNEL_KEY_ATTR_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
405 [OVS_TUNNEL_KEY_ATTR_IPV6_DST] = { .len = sizeof(struct in6_addr) },
fc1372f8 406 [OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS] = { .len = OVS_ATTR_VARIABLE },
18b6f717 407 [OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE] = { .len = 0 },
81bfe3c3
TG		 408};
409
b2d0f5d5
YY		 410static const struct ovs_len_tbl
411ovs_nsh_key_attr_lens[OVS_NSH_KEY_ATTR_MAX + 1] = {
412 [OVS_NSH_KEY_ATTR_BASE] = { .len = sizeof(struct ovs_nsh_key_base) },
413 [OVS_NSH_KEY_ATTR_MD1] = { .len = sizeof(struct ovs_nsh_key_md1) },
414 [OVS_NSH_KEY_ATTR_MD2] = { .len = OVS_ATTR_VARIABLE },
415};
416
e6445719 417/* The size of the argument for each %OVS_KEY_ATTR_* Netlink attribute. */
81bfe3c3
TG		 418static const struct ovs_len_tbl ovs_key_lens[OVS_KEY_ATTR_MAX + 1] = {
419 [OVS_KEY_ATTR_ENCAP] = { .len = OVS_ATTR_NESTED },
420 [OVS_KEY_ATTR_PRIORITY] = { .len = sizeof(u32) },
421 [OVS_KEY_ATTR_IN_PORT] = { .len = sizeof(u32) },
422 [OVS_KEY_ATTR_SKB_MARK] = { .len = sizeof(u32) },
423 [OVS_KEY_ATTR_ETHERNET] = { .len = sizeof(struct ovs_key_ethernet) },
424 [OVS_KEY_ATTR_VLAN] = { .len = sizeof(__be16) },
425 [OVS_KEY_ATTR_ETHERTYPE] = { .len = sizeof(__be16) },
426 [OVS_KEY_ATTR_IPV4] = { .len = sizeof(struct ovs_key_ipv4) },
427 [OVS_KEY_ATTR_IPV6] = { .len = sizeof(struct ovs_key_ipv6) },
428 [OVS_KEY_ATTR_TCP] = { .len = sizeof(struct ovs_key_tcp) },
429 [OVS_KEY_ATTR_TCP_FLAGS] = { .len = sizeof(__be16) },
430 [OVS_KEY_ATTR_UDP] = { .len = sizeof(struct ovs_key_udp) },
431 [OVS_KEY_ATTR_SCTP] = { .len = sizeof(struct ovs_key_sctp) },
432 [OVS_KEY_ATTR_ICMP] = { .len = sizeof(struct ovs_key_icmp) },
433 [OVS_KEY_ATTR_ICMPV6] = { .len = sizeof(struct ovs_key_icmpv6) },
434 [OVS_KEY_ATTR_ARP] = { .len = sizeof(struct ovs_key_arp) },
435 [OVS_KEY_ATTR_ND] = { .len = sizeof(struct ovs_key_nd) },
436 [OVS_KEY_ATTR_RECIRC_ID] = { .len = sizeof(u32) },
437 [OVS_KEY_ATTR_DP_HASH] = { .len = sizeof(u32) },
438 [OVS_KEY_ATTR_TUNNEL] = { .len = OVS_ATTR_NESTED,
439 .next = ovs_tunnel_key_lens, },
440 [OVS_KEY_ATTR_MPLS] = { .len = sizeof(struct ovs_key_mpls) },
fbccce59 441 [OVS_KEY_ATTR_CT_STATE] = { .len = sizeof(u32) },
7f8a436e 442 [OVS_KEY_ATTR_CT_ZONE] = { .len = sizeof(u16) },
182e3042 443 [OVS_KEY_ATTR_CT_MARK] = { .len = sizeof(u32) },
33db4125 444 [OVS_KEY_ATTR_CT_LABELS] = { .len = sizeof(struct ovs_key_ct_labels) },
9dd7f890
JR		 445 [OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4] = {
446 .len = sizeof(struct ovs_key_ct_tuple_ipv4) },
447 [OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6] = {
448 .len = sizeof(struct ovs_key_ct_tuple_ipv6) },
b2d0f5d5
YY		 449 [OVS_KEY_ATTR_NSH] = { .len = OVS_ATTR_NESTED,
450 .next = ovs_nsh_key_attr_lens, },
e6445719
PS		 451};
452
982b5270
JG		 453static bool check_attr_len(unsigned int attr_len, unsigned int expected_len)
454{
455 return expected_len == attr_len ||
456 expected_len == OVS_ATTR_NESTED ||
457 expected_len == OVS_ATTR_VARIABLE;
458}
459
e6445719
PS		 460static bool is_all_zero(const u8 *fp, size_t size)
461{
462 int i;
463
464 if (!fp)
465 return false;
466
467 for (i = 0; i < size; i++)
468 if (fp[i])
469 return false;
470
471 return true;
472}
473
474static int __parse_flow_nlattrs(const struct nlattr *attr,
475 const struct nlattr *a[],
05da5898 476 u64 *attrsp, bool log, bool nz)
e6445719
PS		 477{
478 const struct nlattr *nla;
479 u64 attrs;
480 int rem;
481
482 attrs = *attrsp;
483 nla_for_each_nested(nla, attr, rem) {
484 u16 type = nla_type(nla);
485 int expected_len;
486
487 if (type > OVS_KEY_ATTR_MAX) {
05da5898 488 OVS_NLERR(log, "Key type %d is out of range max %d",
e6445719
PS		 489 type, OVS_KEY_ATTR_MAX);
490 return -EINVAL;
491 }
492
493 if (attrs & (1 << type)) {
05da5898 494 OVS_NLERR(log, "Duplicate key (type %d).", type);
e6445719
PS		 495 return -EINVAL;
496 }
497
81bfe3c3 498 expected_len = ovs_key_lens[type].len;
982b5270 499 if (!check_attr_len(nla_len(nla), expected_len)) {
05da5898
JR		 500 OVS_NLERR(log, "Key %d has unexpected len %d expected %d",
501 type, nla_len(nla), expected_len);
e6445719
PS		 502 return -EINVAL;
503 }
504
04a4af33 505 if (!nz || !is_all_zero(nla_data(nla), nla_len(nla))) {
e6445719
PS		 506 attrs |= 1 << type;
507 a[type] = nla;
508 }
509 }
510 if (rem) {
05da5898 511 OVS_NLERR(log, "Message has %d unknown bytes.", rem);
e6445719
PS		 512 return -EINVAL;
513 }
514
515 *attrsp = attrs;
516 return 0;
517}
518
519static int parse_flow_mask_nlattrs(const struct nlattr *attr,
05da5898
JR		 520 const struct nlattr *a[], u64 *attrsp,
521 bool log)
e6445719 522{
05da5898 523 return __parse_flow_nlattrs(attr, a, attrsp, log, true);
e6445719
PS		 524}
525
9dd7f890
JR		 526int parse_flow_nlattrs(const struct nlattr *attr, const struct nlattr *a[],
527 u64 *attrsp, bool log)
e6445719 528{
05da5898
JR		 529 return __parse_flow_nlattrs(attr, a, attrsp, log, false);
530}
531
532static int genev_tun_opt_from_nlattr(const struct nlattr *a,
533 struct sw_flow_match *match, bool is_mask,
534 bool log)
535{
536 unsigned long opt_key_offset;
537
538 if (nla_len(a) > sizeof(match->key->tun_opts)) {
539 OVS_NLERR(log, "Geneve option length err (len %d, max %zu).",
540 nla_len(a), sizeof(match->key->tun_opts));
541 return -EINVAL;
542 }
543
544 if (nla_len(a) % 4 != 0) {
545 OVS_NLERR(log, "Geneve opt len %d is not a multiple of 4.",
546 nla_len(a));
547 return -EINVAL;
548 }
549
550 /* We need to record the length of the options passed
551 * down, otherwise packets with the same format but
552 * additional options will be silently matched.
553 */
554 if (!is_mask) {
555 SW_FLOW_KEY_PUT(match, tun_opts_len, nla_len(a),
556 false);
557 } else {
558 /* This is somewhat unusual because it looks at
559 * both the key and mask while parsing the
560 * attributes (and by extension assumes the key
561 * is parsed first). Normally, we would verify
562 * that each is the correct length and that the
563 * attributes line up in the validate function.
564 * However, that is difficult because this is
565 * variable length and we won't have the
566 * information later.
567 */
568 if (match->key->tun_opts_len != nla_len(a)) {
569 OVS_NLERR(log, "Geneve option len %d != mask len %d",
570 match->key->tun_opts_len, nla_len(a));
571 return -EINVAL;
572 }
573
574 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true);
575 }
576
d91641d9 577 opt_key_offset = TUN_METADATA_OFFSET(nla_len(a));
05da5898
JR		 578 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, nla_data(a),
579 nla_len(a), is_mask);
580 return 0;
e6445719
PS		 581}
582
982b5270 583static int vxlan_tun_opt_from_nlattr(const struct nlattr *attr,
1dd144cf
TG		 584 struct sw_flow_match *match, bool is_mask,
585 bool log)
586{
982b5270
JG		 587 struct nlattr *a;
588 int rem;
1dd144cf 589 unsigned long opt_key_offset;
614732ea 590 struct vxlan_metadata opts;
1dd144cf
TG		 591
592 BUILD_BUG_ON(sizeof(opts) > sizeof(match->key->tun_opts));
593
1dd144cf 594 memset(&opts, 0, sizeof(opts));
982b5270
JG		 595 nla_for_each_nested(a, attr, rem) {
596 int type = nla_type(a);
1dd144cf 597
982b5270
JG		 598 if (type > OVS_VXLAN_EXT_MAX) {
599 OVS_NLERR(log, "VXLAN extension %d out of range max %d",
600 type, OVS_VXLAN_EXT_MAX);
601 return -EINVAL;
602 }
603
604 if (!check_attr_len(nla_len(a),
605 ovs_vxlan_ext_key_lens[type].len)) {
606 OVS_NLERR(log, "VXLAN extension %d has unexpected len %d expected %d",
607 type, nla_len(a),
608 ovs_vxlan_ext_key_lens[type].len);
609 return -EINVAL;
610 }
611
612 switch (type) {
613 case OVS_VXLAN_EXT_GBP:
614 opts.gbp = nla_get_u32(a);
615 break;
616 default:
617 OVS_NLERR(log, "Unknown VXLAN extension attribute %d",
618 type);
619 return -EINVAL;
620 }
621 }
622 if (rem) {
623 OVS_NLERR(log, "VXLAN extension message has %d unknown bytes.",
624 rem);
625 return -EINVAL;
626 }
1dd144cf
TG		 627
628 if (!is_mask)
629 SW_FLOW_KEY_PUT(match, tun_opts_len, sizeof(opts), false);
630 else
631 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true);
632
633 opt_key_offset = TUN_METADATA_OFFSET(sizeof(opts));
634 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, &opts, sizeof(opts),
635 is_mask);
636 return 0;
637}
638
fc1372f8
WT		 639static int erspan_tun_opt_from_nlattr(const struct nlattr *a,
640 struct sw_flow_match *match, bool is_mask,
641 bool log)
642{
643 unsigned long opt_key_offset;
644
645 BUILD_BUG_ON(sizeof(struct erspan_metadata) >
646 sizeof(match->key->tun_opts));
647
648 if (nla_len(a) > sizeof(match->key->tun_opts)) {
649 OVS_NLERR(log, "ERSPAN option length err (len %d, max %zu).",
650 nla_len(a), sizeof(match->key->tun_opts));
651 return -EINVAL;
652 }
653
654 if (!is_mask)
655 SW_FLOW_KEY_PUT(match, tun_opts_len,
656 sizeof(struct erspan_metadata), false);
657 else
658 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true);
659
660 opt_key_offset = TUN_METADATA_OFFSET(nla_len(a));
661 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, nla_data(a),
662 nla_len(a), is_mask);
663 return 0;
664}
665
6b26ba3a
JB		 666static int ip_tun_from_nlattr(const struct nlattr *attr,
667 struct sw_flow_match *match, bool is_mask,
668 bool log)
e6445719 669{
99e28f18 670 bool ttl = false, ipv4 = false, ipv6 = false;
18b6f717 671 bool info_bridge_mode = false;
99e28f18
PS		 672 __be16 tun_flags = 0;
673 int opts_type = 0;
e6445719
PS		 674 struct nlattr *a;
675 int rem;
e6445719
PS		 676
677 nla_for_each_nested(a, attr, rem) {
678 int type = nla_type(a);
05da5898
JR		 679 int err;
680
e6445719 681 if (type > OVS_TUNNEL_KEY_ATTR_MAX) {
05da5898
JR		 682 OVS_NLERR(log, "Tunnel attr %d out of range max %d",
683 type, OVS_TUNNEL_KEY_ATTR_MAX);
e6445719
PS		 684 return -EINVAL;
685 }
686
982b5270
JG		 687 if (!check_attr_len(nla_len(a),
688 ovs_tunnel_key_lens[type].len)) {
05da5898 689 OVS_NLERR(log, "Tunnel attr %d has unexpected len %d expected %d",
81bfe3c3 690 type, nla_len(a), ovs_tunnel_key_lens[type].len);
e6445719
PS		 691 return -EINVAL;
692 }
693
694 switch (type) {
695 case OVS_TUNNEL_KEY_ATTR_ID:
696 SW_FLOW_KEY_PUT(match, tun_key.tun_id,
697 nla_get_be64(a), is_mask);
698 tun_flags |= TUNNEL_KEY;
699 break;
700 case OVS_TUNNEL_KEY_ATTR_IPV4_SRC:
c1ea5d67 701 SW_FLOW_KEY_PUT(match, tun_key.u.ipv4.src,
67b61f6c 702 nla_get_in_addr(a), is_mask);
6b26ba3a 703 ipv4 = true;
e6445719
PS		 704 break;
705 case OVS_TUNNEL_KEY_ATTR_IPV4_DST:
c1ea5d67 706 SW_FLOW_KEY_PUT(match, tun_key.u.ipv4.dst,
67b61f6c 707 nla_get_in_addr(a), is_mask);
6b26ba3a
JB		 708 ipv4 = true;
709 break;
710 case OVS_TUNNEL_KEY_ATTR_IPV6_SRC:
3d20f1f7 711 SW_FLOW_KEY_PUT(match, tun_key.u.ipv6.src,
6b26ba3a
JB		 712 nla_get_in6_addr(a), is_mask);
713 ipv6 = true;
714 break;
715 case OVS_TUNNEL_KEY_ATTR_IPV6_DST:
716 SW_FLOW_KEY_PUT(match, tun_key.u.ipv6.dst,
717 nla_get_in6_addr(a), is_mask);
718 ipv6 = true;
e6445719
PS		 719 break;
720 case OVS_TUNNEL_KEY_ATTR_TOS:
7c383fb2 721 SW_FLOW_KEY_PUT(match, tun_key.tos,
e6445719
PS		 722 nla_get_u8(a), is_mask);
723 break;
724 case OVS_TUNNEL_KEY_ATTR_TTL:
7c383fb2 725 SW_FLOW_KEY_PUT(match, tun_key.ttl,
e6445719
PS		 726 nla_get_u8(a), is_mask);
727 ttl = true;
728 break;
729 case OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT:
730 tun_flags |= TUNNEL_DONT_FRAGMENT;
731 break;
732 case OVS_TUNNEL_KEY_ATTR_CSUM:
733 tun_flags |= TUNNEL_CSUM;
734 break;
8f0aad6f
WZ		 735 case OVS_TUNNEL_KEY_ATTR_TP_SRC:
736 SW_FLOW_KEY_PUT(match, tun_key.tp_src,
737 nla_get_be16(a), is_mask);
738 break;
739 case OVS_TUNNEL_KEY_ATTR_TP_DST:
740 SW_FLOW_KEY_PUT(match, tun_key.tp_dst,
741 nla_get_be16(a), is_mask);
742 break;
67fa0341
JG		 743 case OVS_TUNNEL_KEY_ATTR_OAM:
744 tun_flags |= TUNNEL_OAM;
745 break;
f5796684 746 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS:
1dd144cf
TG		 747 if (opts_type) {
748 OVS_NLERR(log, "Multiple metadata blocks provided");
749 return -EINVAL;
750 }
751
05da5898
JR		 752 err = genev_tun_opt_from_nlattr(a, match, is_mask, log);
753 if (err)
754 return err;
f5796684 755
1dd144cf
TG		 756 tun_flags |= TUNNEL_GENEVE_OPT;
757 opts_type = type;
758 break;
759 case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS:
760 if (opts_type) {
761 OVS_NLERR(log, "Multiple metadata blocks provided");
762 return -EINVAL;
763 }
764
765 err = vxlan_tun_opt_from_nlattr(a, match, is_mask, log);
766 if (err)
767 return err;
768
769 tun_flags |= TUNNEL_VXLAN_OPT;
770 opts_type = type;
f5796684 771 break;
8f3dbfd7
KM		 772 case OVS_TUNNEL_KEY_ATTR_PAD:
773 break;
fc1372f8
WT		 774 case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS:
775 if (opts_type) {
776 OVS_NLERR(log, "Multiple metadata blocks provided");
777 return -EINVAL;
778 }
779
780 err = erspan_tun_opt_from_nlattr(a, match, is_mask,
781 log);
782 if (err)
783 return err;
784
785 tun_flags |= TUNNEL_ERSPAN_OPT;
786 opts_type = type;
787 break;
18b6f717 788 case OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE:
789 info_bridge_mode = true;
790 ipv4 = true;
791 break;
e6445719 792 default:
6b26ba3a 793 OVS_NLERR(log, "Unknown IP tunnel attribute %d",
f5796684 794 type);
e6445719
PS		 795 return -EINVAL;
796 }
797 }
798
799 SW_FLOW_KEY_PUT(match, tun_key.tun_flags, tun_flags, is_mask);
00a93bab
JB		 800 if (is_mask)
801 SW_FLOW_KEY_MEMSET_FIELD(match, tun_proto, 0xff, true);
802 else
6b26ba3a
JB		 803 SW_FLOW_KEY_PUT(match, tun_proto, ipv6 ? AF_INET6 : AF_INET,
804 false);
e6445719
PS		 805
806 if (rem > 0) {
6b26ba3a 807 OVS_NLERR(log, "IP tunnel attribute has %d unknown bytes.",
05da5898 808 rem);
e6445719
PS		 809 return -EINVAL;
810 }
811
6b26ba3a
JB		 812 if (ipv4 && ipv6) {
813 OVS_NLERR(log, "Mixed IPv4 and IPv6 tunnel attributes");
814 return -EINVAL;
815 }
816
e6445719 817 if (!is_mask) {
6b26ba3a
JB		 818 if (!ipv4 && !ipv6) {
819 OVS_NLERR(log, "IP tunnel dst address not specified");
820 return -EINVAL;
821 }
18b6f717 822 if (ipv4) {
823 if (info_bridge_mode) {
824 if (match->key->tun_key.u.ipv4.src ||
825 match->key->tun_key.u.ipv4.dst ||
826 match->key->tun_key.tp_src ||
827 match->key->tun_key.tp_dst ||
828 match->key->tun_key.ttl ||
829 match->key->tun_key.tos ||
830 tun_flags & ~TUNNEL_KEY) {
831 OVS_NLERR(log, "IPv4 tun info is not correct");
832 return -EINVAL;
833 }
834 } else if (!match->key->tun_key.u.ipv4.dst) {
835 OVS_NLERR(log, "IPv4 tunnel dst address is zero");
836 return -EINVAL;
837 }
e6445719 838 }
6b26ba3a
JB		 839 if (ipv6 && ipv6_addr_any(&match->key->tun_key.u.ipv6.dst)) {
840 OVS_NLERR(log, "IPv6 tunnel dst address is zero");
841 return -EINVAL;
842 }
e6445719 843
18b6f717 844 if (!ttl && !info_bridge_mode) {
6b26ba3a 845 OVS_NLERR(log, "IP tunnel TTL not specified.");
e6445719
PS		 846 return -EINVAL;
847 }
848 }
849
1dd144cf
TG		 850 return opts_type;
851}
852
853static int vxlan_opt_to_nlattr(struct sk_buff *skb,
854 const void *tun_opts, int swkey_tun_opts_len)
855{
614732ea 856 const struct vxlan_metadata *opts = tun_opts;
1dd144cf
TG		 857 struct nlattr *nla;
858
ae0be8de 859 nla = nla_nest_start_noflag(skb, OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS);
1dd144cf
TG		 860 if (!nla)
861 return -EMSGSIZE;
862
863 if (nla_put_u32(skb, OVS_VXLAN_EXT_GBP, opts->gbp) < 0)
864 return -EMSGSIZE;
865
866 nla_nest_end(skb, nla);
e6445719
PS		 867 return 0;
868}
869
6b26ba3a
JB		 870static int __ip_tun_to_nlattr(struct sk_buff *skb,
871 const struct ip_tunnel_key *output,
872 const void *tun_opts, int swkey_tun_opts_len,
18b6f717 873 unsigned short tun_proto, u8 mode)
e6445719 874{
e6445719 875 if (output->tun_flags & TUNNEL_KEY &&
b46f6ded
ND		 876 nla_put_be64(skb, OVS_TUNNEL_KEY_ATTR_ID, output->tun_id,
877 OVS_TUNNEL_KEY_ATTR_PAD))
e6445719 878 return -EMSGSIZE;
18b6f717 879
880 if (mode & IP_TUNNEL_INFO_BRIDGE)
881 return nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE)
882 ? -EMSGSIZE : 0;
883
6b26ba3a
JB		 884 switch (tun_proto) {
885 case AF_INET:
886 if (output->u.ipv4.src &&
887 nla_put_in_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV4_SRC,
888 output->u.ipv4.src))
889 return -EMSGSIZE;
890 if (output->u.ipv4.dst &&
891 nla_put_in_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV4_DST,
892 output->u.ipv4.dst))
893 return -EMSGSIZE;
894 break;
895 case AF_INET6:
896 if (!ipv6_addr_any(&output->u.ipv6.src) &&
897 nla_put_in6_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV6_SRC,
898 &output->u.ipv6.src))
899 return -EMSGSIZE;
900 if (!ipv6_addr_any(&output->u.ipv6.dst) &&
901 nla_put_in6_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV6_DST,
902 &output->u.ipv6.dst))
903 return -EMSGSIZE;
904 break;
905 }
7c383fb2
JB		 906 if (output->tos &&
907 nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TOS, output->tos))
e6445719 908 return -EMSGSIZE;
7c383fb2 909 if (nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TTL, output->ttl))
e6445719
PS		 910 return -EMSGSIZE;
911 if ((output->tun_flags & TUNNEL_DONT_FRAGMENT) &&
67fa0341 912 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT))
e6445719
PS		 913 return -EMSGSIZE;
914 if ((output->tun_flags & TUNNEL_CSUM) &&
67fa0341
JG		 915 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_CSUM))
916 return -EMSGSIZE;
8f0aad6f
WZ		 917 if (output->tp_src &&
918 nla_put_be16(skb, OVS_TUNNEL_KEY_ATTR_TP_SRC, output->tp_src))
919 return -EMSGSIZE;
920 if (output->tp_dst &&
921 nla_put_be16(skb, OVS_TUNNEL_KEY_ATTR_TP_DST, output->tp_dst))
922 return -EMSGSIZE;
67fa0341
JG		 923 if ((output->tun_flags & TUNNEL_OAM) &&
924 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_OAM))
e6445719 925 return -EMSGSIZE;
fc4099f1 926 if (swkey_tun_opts_len) {
1dd144cf
TG		 927 if (output->tun_flags & TUNNEL_GENEVE_OPT &&
928 nla_put(skb, OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS,
929 swkey_tun_opts_len, tun_opts))
930 return -EMSGSIZE;
931 else if (output->tun_flags & TUNNEL_VXLAN_OPT &&
932 vxlan_opt_to_nlattr(skb, tun_opts, swkey_tun_opts_len))
933 return -EMSGSIZE;
fc1372f8
WT		 934 else if (output->tun_flags & TUNNEL_ERSPAN_OPT &&
935 nla_put(skb, OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS,
936 swkey_tun_opts_len, tun_opts))
937 return -EMSGSIZE;
1dd144cf 938 }
e6445719 939
e6445719
PS		 940 return 0;
941}
942
6b26ba3a
JB		 943static int ip_tun_to_nlattr(struct sk_buff *skb,
944 const struct ip_tunnel_key *output,
945 const void *tun_opts, int swkey_tun_opts_len,
18b6f717 946 unsigned short tun_proto, u8 mode)
f5796684
JG		 947{
948 struct nlattr *nla;
949 int err;
950
ae0be8de 951 nla = nla_nest_start_noflag(skb, OVS_KEY_ATTR_TUNNEL);
f5796684
JG		 952 if (!nla)
953 return -EMSGSIZE;
954
6b26ba3a 955 err = __ip_tun_to_nlattr(skb, output, tun_opts, swkey_tun_opts_len,
18b6f717 956 tun_proto, mode);
f5796684
JG		 957 if (err)
958 return err;
959
960 nla_nest_end(skb, nla);
961 return 0;
962}
963
fc4099f1
PS		 964int ovs_nla_put_tunnel_info(struct sk_buff *skb,
965 struct ip_tunnel_info *tun_info)
8f0aad6f 966{
ba3e2084
DM		 967 return __ip_tun_to_nlattr(skb, &tun_info->key,
968 ip_tunnel_info_opts(tun_info),
969 tun_info->options_len,
18b6f717 970 ip_tunnel_info_af(tun_info), tun_info->mode);
8f0aad6f
WZ		 971}
972
018c1dda
EG		 973static int encode_vlan_from_nlattrs(struct sw_flow_match *match,
974 const struct nlattr *a[],
975 bool is_mask, bool inner)
976{
977 __be16 tci = 0;
978 __be16 tpid = 0;
979
980 if (a[OVS_KEY_ATTR_VLAN])
981 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
982
983 if (a[OVS_KEY_ATTR_ETHERTYPE])
984 tpid = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
985
986 if (likely(!inner)) {
987 SW_FLOW_KEY_PUT(match, eth.vlan.tpid, tpid, is_mask);
988 SW_FLOW_KEY_PUT(match, eth.vlan.tci, tci, is_mask);
989 } else {
990 SW_FLOW_KEY_PUT(match, eth.cvlan.tpid, tpid, is_mask);
991 SW_FLOW_KEY_PUT(match, eth.cvlan.tci, tci, is_mask);
992 }
993 return 0;
994}
995
996static int validate_vlan_from_nlattrs(const struct sw_flow_match *match,
997 u64 key_attrs, bool inner,
998 const struct nlattr **a, bool log)
999{
1000 __be16 tci = 0;
1001
1002 if (!((key_attrs & (1 << OVS_KEY_ATTR_ETHERNET)) &&
1003 (key_attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) &&
1004 eth_type_vlan(nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE])))) {
1005 /* Not a VLAN. */
1006 return 0;
1007 }
1008
1009 if (!((key_attrs & (1 << OVS_KEY_ATTR_VLAN)) &&
1010 (key_attrs & (1 << OVS_KEY_ATTR_ENCAP)))) {
1011 OVS_NLERR(log, "Invalid %s frame", (inner) ? "C-VLAN" : "VLAN");
1012 return -EINVAL;
1013 }
1014
1015 if (a[OVS_KEY_ATTR_VLAN])
1016 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
1017
9df46aef 1018 if (!(tci & htons(VLAN_CFI_MASK))) {
018c1dda 1019 if (tci) {
9df46aef 1020 OVS_NLERR(log, "%s TCI does not have VLAN_CFI_MASK bit set.",
018c1dda
EG		 1021 (inner) ? "C-VLAN" : "VLAN");
1022 return -EINVAL;
1023 } else if (nla_len(a[OVS_KEY_ATTR_ENCAP])) {
1024 /* Corner case for truncated VLAN header. */
1025 OVS_NLERR(log, "Truncated %s header has non-zero encap attribute.",
1026 (inner) ? "C-VLAN" : "VLAN");
1027 return -EINVAL;
1028 }
1029 }
1030
1031 return 1;
1032}
1033
1034static int validate_vlan_mask_from_nlattrs(const struct sw_flow_match *match,
1035 u64 key_attrs, bool inner,
1036 const struct nlattr **a, bool log)
1037{
1038 __be16 tci = 0;
1039 __be16 tpid = 0;
1040 bool encap_valid = !!(match->key->eth.vlan.tci &
9df46aef 1041 htons(VLAN_CFI_MASK));
018c1dda 1042 bool i_encap_valid = !!(match->key->eth.cvlan.tci &
9df46aef 1043 htons(VLAN_CFI_MASK));
018c1dda
EG		 1044
1045 if (!(key_attrs & (1 << OVS_KEY_ATTR_ENCAP))) {
1046 /* Not a VLAN. */
1047 return 0;
1048 }
1049
1050 if ((!inner && !encap_valid) || (inner && !i_encap_valid)) {
1051 OVS_NLERR(log, "Encap mask attribute is set for non-%s frame.",
1052 (inner) ? "C-VLAN" : "VLAN");
1053 return -EINVAL;
1054 }
1055
1056 if (a[OVS_KEY_ATTR_VLAN])
1057 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
1058
1059 if (a[OVS_KEY_ATTR_ETHERTYPE])
1060 tpid = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
1061
1062 if (tpid != htons(0xffff)) {
1063 OVS_NLERR(log, "Must have an exact match on %s TPID (mask=%x).",
1064 (inner) ? "C-VLAN" : "VLAN", ntohs(tpid));
1065 return -EINVAL;
1066 }
9df46aef
MM		 1067 if (!(tci & htons(VLAN_CFI_MASK))) {
1068 OVS_NLERR(log, "%s TCI mask does not have exact match for VLAN_CFI_MASK bit.",
018c1dda
EG		 1069 (inner) ? "C-VLAN" : "VLAN");
1070 return -EINVAL;
1071 }
1072
1073 return 1;
1074}
1075
1076static int __parse_vlan_from_nlattrs(struct sw_flow_match *match,
1077 u64 *key_attrs, bool inner,
1078 const struct nlattr **a, bool is_mask,
1079 bool log)
1080{
1081 int err;
1082 const struct nlattr *encap;
1083
1084 if (!is_mask)
1085 err = validate_vlan_from_nlattrs(match, *key_attrs, inner,
1086 a, log);
1087 else
1088 err = validate_vlan_mask_from_nlattrs(match, *key_attrs, inner,
1089 a, log);
1090 if (err <= 0)
1091 return err;
1092
1093 err = encode_vlan_from_nlattrs(match, a, is_mask, inner);
1094 if (err)
1095 return err;
1096
1097 *key_attrs &= ~(1 << OVS_KEY_ATTR_ENCAP);
1098 *key_attrs &= ~(1 << OVS_KEY_ATTR_VLAN);
1099 *key_attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE);
1100
1101 encap = a[OVS_KEY_ATTR_ENCAP];
1102
1103 if (!is_mask)
1104 err = parse_flow_nlattrs(encap, a, key_attrs, log);
1105 else
1106 err = parse_flow_mask_nlattrs(encap, a, key_attrs, log);
1107
1108 return err;
1109}
1110
1111static int parse_vlan_from_nlattrs(struct sw_flow_match *match,
1112 u64 *key_attrs, const struct nlattr **a,
1113 bool is_mask, bool log)
1114{
1115 int err;
1116 bool encap_valid = false;
1117
1118 err = __parse_vlan_from_nlattrs(match, key_attrs, false, a,
1119 is_mask, log);
1120 if (err)
1121 return err;
1122
9df46aef 1123 encap_valid = !!(match->key->eth.vlan.tci & htons(VLAN_CFI_MASK));
018c1dda
EG		 1124 if (encap_valid) {
1125 err = __parse_vlan_from_nlattrs(match, key_attrs, true, a,
1126 is_mask, log);
1127 if (err)
1128 return err;
1129 }
1130
1131 return 0;
1132}
1133
0a6410fb
JB		 1134static int parse_eth_type_from_nlattrs(struct sw_flow_match *match,
1135 u64 *attrs, const struct nlattr **a,
1136 bool is_mask, bool log)
1137{
1138 __be16 eth_type;
1139
1140 eth_type = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
1141 if (is_mask) {
1142 /* Always exact match EtherType. */
1143 eth_type = htons(0xffff);
1144 } else if (!eth_proto_is_802_3(eth_type)) {
1145 OVS_NLERR(log, "EtherType %x is less than min %x",
1146 ntohs(eth_type), ETH_P_802_3_MIN);
1147 return -EINVAL;
1148 }
1149
1150 SW_FLOW_KEY_PUT(match, eth.type, eth_type, is_mask);
1151 *attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE);
1152 return 0;
1153}
1154
c2ac6673
JS		 1155static int metadata_from_nlattrs(struct net *net, struct sw_flow_match *match,
1156 u64 *attrs, const struct nlattr **a,
1157 bool is_mask, bool log)
e6445719 1158{
0a6410fb
JB		 1159 u8 mac_proto = MAC_PROTO_ETHERNET;
1160
971427f3
AZ		 1161 if (*attrs & (1 << OVS_KEY_ATTR_DP_HASH)) {
1162 u32 hash_val = nla_get_u32(a[OVS_KEY_ATTR_DP_HASH]);
1163
1164 SW_FLOW_KEY_PUT(match, ovs_flow_hash, hash_val, is_mask);
1165 *attrs &= ~(1 << OVS_KEY_ATTR_DP_HASH);
1166 }
1167
1168 if (*attrs & (1 << OVS_KEY_ATTR_RECIRC_ID)) {
1169 u32 recirc_id = nla_get_u32(a[OVS_KEY_ATTR_RECIRC_ID]);
1170
1171 SW_FLOW_KEY_PUT(match, recirc_id, recirc_id, is_mask);
1172 *attrs &= ~(1 << OVS_KEY_ATTR_RECIRC_ID);
1173 }
1174
e6445719
PS		 1175 if (*attrs & (1 << OVS_KEY_ATTR_PRIORITY)) {
1176 SW_FLOW_KEY_PUT(match, phy.priority,
1177 nla_get_u32(a[OVS_KEY_ATTR_PRIORITY]), is_mask);
1178 *attrs &= ~(1 << OVS_KEY_ATTR_PRIORITY);
1179 }
1180
1181 if (*attrs & (1 << OVS_KEY_ATTR_IN_PORT)) {
1182 u32 in_port = nla_get_u32(a[OVS_KEY_ATTR_IN_PORT]);
1183
426cda5c 1184 if (is_mask) {
e6445719 1185 in_port = 0xffffffff; /* Always exact match in_port. */
426cda5c 1186 } else if (in_port >= DP_MAX_PORTS) {
05da5898 1187 OVS_NLERR(log, "Port %d exceeds max allowable %d",
426cda5c 1188 in_port, DP_MAX_PORTS);
e6445719 1189 return -EINVAL;
426cda5c 1190 }
e6445719
PS		 1191
1192 SW_FLOW_KEY_PUT(match, phy.in_port, in_port, is_mask);
1193 *attrs &= ~(1 << OVS_KEY_ATTR_IN_PORT);
1194 } else if (!is_mask) {
1195 SW_FLOW_KEY_PUT(match, phy.in_port, DP_MAX_PORTS, is_mask);
1196 }
1197
1198 if (*attrs & (1 << OVS_KEY_ATTR_SKB_MARK)) {
1199 uint32_t mark = nla_get_u32(a[OVS_KEY_ATTR_SKB_MARK]);
1200
1201 SW_FLOW_KEY_PUT(match, phy.skb_mark, mark, is_mask);
1202 *attrs &= ~(1 << OVS_KEY_ATTR_SKB_MARK);
1203 }
1204 if (*attrs & (1 << OVS_KEY_ATTR_TUNNEL)) {
6b26ba3a
JB		 1205 if (ip_tun_from_nlattr(a[OVS_KEY_ATTR_TUNNEL], match,
1206 is_mask, log) < 0)
e6445719
PS		 1207 return -EINVAL;
1208 *attrs &= ~(1 << OVS_KEY_ATTR_TUNNEL);
1209 }
7f8a436e
JS		 1210
1211 if (*attrs & (1 << OVS_KEY_ATTR_CT_STATE) &&
c2ac6673 1212 ovs_ct_verify(net, OVS_KEY_ATTR_CT_STATE)) {
fbccce59 1213 u32 ct_state = nla_get_u32(a[OVS_KEY_ATTR_CT_STATE]);
7f8a436e 1214
9e384715 1215 if (ct_state & ~CT_SUPPORTED_MASK) {
fbccce59 1216 OVS_NLERR(log, "ct_state flags %08x unsupported",
6f225952
JS		 1217 ct_state);
1218 return -EINVAL;
1219 }
7f8a436e 1220
316d4d78 1221 SW_FLOW_KEY_PUT(match, ct_state, ct_state, is_mask);
7f8a436e
JS		 1222 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_STATE);
1223 }
1224 if (*attrs & (1 << OVS_KEY_ATTR_CT_ZONE) &&
c2ac6673 1225 ovs_ct_verify(net, OVS_KEY_ATTR_CT_ZONE)) {
7f8a436e
JS		 1226 u16 ct_zone = nla_get_u16(a[OVS_KEY_ATTR_CT_ZONE]);
1227
316d4d78 1228 SW_FLOW_KEY_PUT(match, ct_zone, ct_zone, is_mask);
7f8a436e
JS		 1229 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ZONE);
1230 }
182e3042 1231 if (*attrs & (1 << OVS_KEY_ATTR_CT_MARK) &&
c2ac6673 1232 ovs_ct_verify(net, OVS_KEY_ATTR_CT_MARK)) {
182e3042
JS		 1233 u32 mark = nla_get_u32(a[OVS_KEY_ATTR_CT_MARK]);
1234
1235 SW_FLOW_KEY_PUT(match, ct.mark, mark, is_mask);
1236 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_MARK);
1237 }
33db4125
JS		 1238 if (*attrs & (1 << OVS_KEY_ATTR_CT_LABELS) &&
1239 ovs_ct_verify(net, OVS_KEY_ATTR_CT_LABELS)) {
1240 const struct ovs_key_ct_labels *cl;
c2ac6673 1241
33db4125
JS		 1242 cl = nla_data(a[OVS_KEY_ATTR_CT_LABELS]);
1243 SW_FLOW_KEY_MEMCPY(match, ct.labels, cl->ct_labels,
c2ac6673 1244 sizeof(*cl), is_mask);
33db4125 1245 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_LABELS);
c2ac6673 1246 }
9dd7f890
JR		 1247 if (*attrs & (1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4)) {
1248 const struct ovs_key_ct_tuple_ipv4 *ct;
1249
1250 ct = nla_data(a[OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4]);
1251
1252 SW_FLOW_KEY_PUT(match, ipv4.ct_orig.src, ct->ipv4_src, is_mask);
1253 SW_FLOW_KEY_PUT(match, ipv4.ct_orig.dst, ct->ipv4_dst, is_mask);
1254 SW_FLOW_KEY_PUT(match, ct.orig_tp.src, ct->src_port, is_mask);
1255 SW_FLOW_KEY_PUT(match, ct.orig_tp.dst, ct->dst_port, is_mask);
316d4d78 1256 SW_FLOW_KEY_PUT(match, ct_orig_proto, ct->ipv4_proto, is_mask);
9dd7f890
JR		 1257 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4);
1258 }
1259 if (*attrs & (1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6)) {
1260 const struct ovs_key_ct_tuple_ipv6 *ct;
1261
1262 ct = nla_data(a[OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6]);
1263
1264 SW_FLOW_KEY_MEMCPY(match, ipv6.ct_orig.src, &ct->ipv6_src,
1265 sizeof(match->key->ipv6.ct_orig.src),
1266 is_mask);
1267 SW_FLOW_KEY_MEMCPY(match, ipv6.ct_orig.dst, &ct->ipv6_dst,
1268 sizeof(match->key->ipv6.ct_orig.dst),
1269 is_mask);
1270 SW_FLOW_KEY_PUT(match, ct.orig_tp.src, ct->src_port, is_mask);
1271 SW_FLOW_KEY_PUT(match, ct.orig_tp.dst, ct->dst_port, is_mask);
316d4d78 1272 SW_FLOW_KEY_PUT(match, ct_orig_proto, ct->ipv6_proto, is_mask);
9dd7f890
JR		 1273 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6);
1274 }
329f45bc 1275
0a6410fb
JB		 1276 /* For layer 3 packets the Ethernet type is provided
1277 * and treated as metadata but no MAC addresses are provided.
1278 */
1279 if (!(*attrs & (1ULL << OVS_KEY_ATTR_ETHERNET)) &&
1280 (*attrs & (1ULL << OVS_KEY_ATTR_ETHERTYPE)))
1281 mac_proto = MAC_PROTO_NONE;
1282
329f45bc 1283 /* Always exact match mac_proto */
0a6410fb
JB		 1284 SW_FLOW_KEY_PUT(match, mac_proto, is_mask ? 0xff : mac_proto, is_mask);
1285
1286 if (mac_proto == MAC_PROTO_NONE)
1287 return parse_eth_type_from_nlattrs(match, attrs, a, is_mask,
1288 log);
329f45bc 1289
e6445719
PS		 1290 return 0;
1291}
1292
b2d0f5d5
YY		 1293int nsh_hdr_from_nlattr(const struct nlattr *attr,
1294 struct nshhdr *nh, size_t size)
1295{
1296 struct nlattr *a;
1297 int rem;
1298 u8 flags = 0;
1299 u8 ttl = 0;
1300 int mdlen = 0;
1301
1302 /* validate_nsh has check this, so we needn't do duplicate check here
1303 */
1304 if (size < NSH_BASE_HDR_LEN)
1305 return -ENOBUFS;
1306
1307 nla_for_each_nested(a, attr, rem) {
1308 int type = nla_type(a);
1309
1310 switch (type) {
1311 case OVS_NSH_KEY_ATTR_BASE: {
1312 const struct ovs_nsh_key_base *base = nla_data(a);
1313
1314 flags = base->flags;
1315 ttl = base->ttl;
1316 nh->np = base->np;
1317 nh->mdtype = base->mdtype;
1318 nh->path_hdr = base->path_hdr;
1319 break;
1320 }
1321 case OVS_NSH_KEY_ATTR_MD1:
1322 mdlen = nla_len(a);
1323 if (mdlen > size - NSH_BASE_HDR_LEN)
1324 return -ENOBUFS;
1325 memcpy(&nh->md1, nla_data(a), mdlen);
1326 break;
1327
1328 case OVS_NSH_KEY_ATTR_MD2:
1329 mdlen = nla_len(a);
1330 if (mdlen > size - NSH_BASE_HDR_LEN)
1331 return -ENOBUFS;
1332 memcpy(&nh->md2, nla_data(a), mdlen);
1333 break;
1334
1335 default:
1336 return -EINVAL;
1337 }
1338 }
1339
1340 /* nsh header length = NSH_BASE_HDR_LEN + mdlen */
1341 nh->ver_flags_ttl_len = 0;
1342 nsh_set_flags_ttl_len(nh, flags, ttl, NSH_BASE_HDR_LEN + mdlen);
1343
1344 return 0;
1345}
1346
1347int nsh_key_from_nlattr(const struct nlattr *attr,
1348 struct ovs_key_nsh *nsh, struct ovs_key_nsh *nsh_mask)
1349{
1350 struct nlattr *a;
1351 int rem;
1352
1353 /* validate_nsh has check this, so we needn't do duplicate check here
1354 */
1355 nla_for_each_nested(a, attr, rem) {
1356 int type = nla_type(a);
1357
1358 switch (type) {
1359 case OVS_NSH_KEY_ATTR_BASE: {
1360 const struct ovs_nsh_key_base *base = nla_data(a);
1361 const struct ovs_nsh_key_base *base_mask = base + 1;
1362
1363 nsh->base = *base;
1364 nsh_mask->base = *base_mask;
1365 break;
1366 }
1367 case OVS_NSH_KEY_ATTR_MD1: {
1368 const struct ovs_nsh_key_md1 *md1 = nla_data(a);
1369 const struct ovs_nsh_key_md1 *md1_mask = md1 + 1;
1370
1371 memcpy(nsh->context, md1->context, sizeof(*md1));
1372 memcpy(nsh_mask->context, md1_mask->context,
1373 sizeof(*md1_mask));
1374 break;
1375 }
1376 case OVS_NSH_KEY_ATTR_MD2:
1377 /* Not supported yet */
1378 return -ENOTSUPP;
1379 default:
1380 return -EINVAL;
1381 }
1382 }
1383
1384 return 0;
1385}
1386
1387static int nsh_key_put_from_nlattr(const struct nlattr *attr,
1388 struct sw_flow_match *match, bool is_mask,
1389 bool is_push_nsh, bool log)
1390{
1391 struct nlattr *a;
1392 int rem;
1393 bool has_base = false;
1394 bool has_md1 = false;
1395 bool has_md2 = false;
1396 u8 mdtype = 0;
1397 int mdlen = 0;
1398
1399 if (WARN_ON(is_push_nsh && is_mask))
1400 return -EINVAL;
1401
1402 nla_for_each_nested(a, attr, rem) {
1403 int type = nla_type(a);
1404 int i;
1405
1406 if (type > OVS_NSH_KEY_ATTR_MAX) {
1407 OVS_NLERR(log, "nsh attr %d is out of range max %d",
1408 type, OVS_NSH_KEY_ATTR_MAX);
1409 return -EINVAL;
1410 }
1411
1412 if (!check_attr_len(nla_len(a),
1413 ovs_nsh_key_attr_lens[type].len)) {
1414 OVS_NLERR(
1415 log,
1416 "nsh attr %d has unexpected len %d expected %d",
1417 type,
1418 nla_len(a),
1419 ovs_nsh_key_attr_lens[type].len
1420 );
1421 return -EINVAL;
1422 }
1423
1424 switch (type) {
1425 case OVS_NSH_KEY_ATTR_BASE: {
1426 const struct ovs_nsh_key_base *base = nla_data(a);
1427
1428 has_base = true;
1429 mdtype = base->mdtype;
1430 SW_FLOW_KEY_PUT(match, nsh.base.flags,
1431 base->flags, is_mask);
1432 SW_FLOW_KEY_PUT(match, nsh.base.ttl,
1433 base->ttl, is_mask);
1434 SW_FLOW_KEY_PUT(match, nsh.base.mdtype,
1435 base->mdtype, is_mask);
1436 SW_FLOW_KEY_PUT(match, nsh.base.np,
1437 base->np, is_mask);
1438 SW_FLOW_KEY_PUT(match, nsh.base.path_hdr,
1439 base->path_hdr, is_mask);
1440 break;
1441 }
1442 case OVS_NSH_KEY_ATTR_MD1: {
1443 const struct ovs_nsh_key_md1 *md1 = nla_data(a);
1444
1445 has_md1 = true;
1446 for (i = 0; i < NSH_MD1_CONTEXT_SIZE; i++)
1447 SW_FLOW_KEY_PUT(match, nsh.context[i],
1448 md1->context[i], is_mask);
1449 break;
1450 }
1451 case OVS_NSH_KEY_ATTR_MD2:
1452 if (!is_push_nsh) /* Not supported MD type 2 yet */
1453 return -ENOTSUPP;
1454
1455 has_md2 = true;
1456 mdlen = nla_len(a);
1457 if (mdlen > NSH_CTX_HDRS_MAX_LEN || mdlen <= 0) {
1458 OVS_NLERR(
1459 log,
1460 "Invalid MD length %d for MD type %d",
1461 mdlen,
1462 mdtype
1463 );
1464 return -EINVAL;
1465 }
1466 break;
1467 default:
1468 OVS_NLERR(log, "Unknown nsh attribute %d",
1469 type);
1470 return -EINVAL;
1471 }
1472 }
1473
1474 if (rem > 0) {
1475 OVS_NLERR(log, "nsh attribute has %d unknown bytes.", rem);
1476 return -EINVAL;
1477 }
1478
1479 if (has_md1 && has_md2) {
1480 OVS_NLERR(
1481 1,
1482 "invalid nsh attribute: md1 and md2 are exclusive."
1483 );
1484 return -EINVAL;
1485 }
1486
1487 if (!is_mask) {
1488 if ((has_md1 && mdtype != NSH_M_TYPE1) ||
1489 (has_md2 && mdtype != NSH_M_TYPE2)) {
1490 OVS_NLERR(1, "nsh attribute has unmatched MD type %d.",
1491 mdtype);
1492 return -EINVAL;
1493 }
1494
1495 if (is_push_nsh &&
1496 (!has_base || (!has_md1 && !has_md2))) {
1497 OVS_NLERR(
1498 1,
1499 "push_nsh: missing base or metadata attributes"
1500 );
1501 return -EINVAL;
1502 }
1503 }
1504
1505 return 0;
1506}
1507
c2ac6673
JS		 1508static int ovs_key_from_nlattrs(struct net *net, struct sw_flow_match *match,
1509 u64 attrs, const struct nlattr **a,
1510 bool is_mask, bool log)
e6445719
PS		 1511{
1512 int err;
e6445719 1513
c2ac6673 1514 err = metadata_from_nlattrs(net, match, &attrs, a, is_mask, log);
e6445719
PS		 1515 if (err)
1516 return err;
1517
1518 if (attrs & (1 << OVS_KEY_ATTR_ETHERNET)) {
1519 const struct ovs_key_ethernet *eth_key;
1520
1521 eth_key = nla_data(a[OVS_KEY_ATTR_ETHERNET]);
1522 SW_FLOW_KEY_MEMCPY(match, eth.src,
1523 eth_key->eth_src, ETH_ALEN, is_mask);
1524 SW_FLOW_KEY_MEMCPY(match, eth.dst,
1525 eth_key->eth_dst, ETH_ALEN, is_mask);
1526 attrs &= ~(1 << OVS_KEY_ATTR_ETHERNET);
e6445719 1527
0a6410fb
JB		 1528 if (attrs & (1 << OVS_KEY_ATTR_VLAN)) {
1529 /* VLAN attribute is always parsed before getting here since it
1530 * may occur multiple times.
1531 */
1532 OVS_NLERR(log, "VLAN attribute unexpected.");
e6445719
PS		 1533 return -EINVAL;
1534 }
1535
0a6410fb
JB		 1536 if (attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) {
1537 err = parse_eth_type_from_nlattrs(match, &attrs, a, is_mask,
1538 log);
1539 if (err)
1540 return err;
1541 } else if (!is_mask) {
1542 SW_FLOW_KEY_PUT(match, eth.type, htons(ETH_P_802_2), is_mask);
1543 }
1544 } else if (!match->key->eth.type) {
1545 OVS_NLERR(log, "Either Ethernet header or EtherType is required.");
1546 return -EINVAL;
e6445719
PS		 1547 }
1548
1549 if (attrs & (1 << OVS_KEY_ATTR_IPV4)) {
1550 const struct ovs_key_ipv4 *ipv4_key;
1551
1552 ipv4_key = nla_data(a[OVS_KEY_ATTR_IPV4]);
1553 if (!is_mask && ipv4_key->ipv4_frag > OVS_FRAG_TYPE_MAX) {
05da5898
JR		 1554 OVS_NLERR(log, "IPv4 frag type %d is out of range max %d",
1555 ipv4_key->ipv4_frag, OVS_FRAG_TYPE_MAX);
e6445719
PS		 1556 return -EINVAL;
1557 }
1558 SW_FLOW_KEY_PUT(match, ip.proto,
1559 ipv4_key->ipv4_proto, is_mask);
1560 SW_FLOW_KEY_PUT(match, ip.tos,
1561 ipv4_key->ipv4_tos, is_mask);
1562 SW_FLOW_KEY_PUT(match, ip.ttl,
1563 ipv4_key->ipv4_ttl, is_mask);
1564 SW_FLOW_KEY_PUT(match, ip.frag,
1565 ipv4_key->ipv4_frag, is_mask);
1566 SW_FLOW_KEY_PUT(match, ipv4.addr.src,
1567 ipv4_key->ipv4_src, is_mask);
1568 SW_FLOW_KEY_PUT(match, ipv4.addr.dst,
1569 ipv4_key->ipv4_dst, is_mask);
1570 attrs &= ~(1 << OVS_KEY_ATTR_IPV4);
1571 }
1572
1573 if (attrs & (1 << OVS_KEY_ATTR_IPV6)) {
1574 const struct ovs_key_ipv6 *ipv6_key;
1575
1576 ipv6_key = nla_data(a[OVS_KEY_ATTR_IPV6]);
1577 if (!is_mask && ipv6_key->ipv6_frag > OVS_FRAG_TYPE_MAX) {
05da5898
JR		 1578 OVS_NLERR(log, "IPv6 frag type %d is out of range max %d",
1579 ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX);
e6445719
PS		 1580 return -EINVAL;
1581 }
fecaef85 1582
d3052bb5 1583 if (!is_mask && ipv6_key->ipv6_label & htonl(0xFFF00000)) {
0ed80da5 1584 OVS_NLERR(log, "IPv6 flow label %x is out of range (max=%x)",
fecaef85
JR		 1585 ntohl(ipv6_key->ipv6_label), (1 << 20) - 1);
1586 return -EINVAL;
1587 }
1588
e6445719
PS		 1589 SW_FLOW_KEY_PUT(match, ipv6.label,
1590 ipv6_key->ipv6_label, is_mask);
1591 SW_FLOW_KEY_PUT(match, ip.proto,
1592 ipv6_key->ipv6_proto, is_mask);
1593 SW_FLOW_KEY_PUT(match, ip.tos,
1594 ipv6_key->ipv6_tclass, is_mask);
1595 SW_FLOW_KEY_PUT(match, ip.ttl,
1596 ipv6_key->ipv6_hlimit, is_mask);
1597 SW_FLOW_KEY_PUT(match, ip.frag,
1598 ipv6_key->ipv6_frag, is_mask);
1599 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.src,
1600 ipv6_key->ipv6_src,
1601 sizeof(match->key->ipv6.addr.src),
1602 is_mask);
1603 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.dst,
1604 ipv6_key->ipv6_dst,
1605 sizeof(match->key->ipv6.addr.dst),
1606 is_mask);
1607
1608 attrs &= ~(1 << OVS_KEY_ATTR_IPV6);
1609 }
1610
1611 if (attrs & (1 << OVS_KEY_ATTR_ARP)) {
1612 const struct ovs_key_arp *arp_key;
1613
1614 arp_key = nla_data(a[OVS_KEY_ATTR_ARP]);
1615 if (!is_mask && (arp_key->arp_op & htons(0xff00))) {
05da5898 1616 OVS_NLERR(log, "Unknown ARP opcode (opcode=%d).",
e6445719
PS		 1617 arp_key->arp_op);
1618 return -EINVAL;
1619 }
1620
1621 SW_FLOW_KEY_PUT(match, ipv4.addr.src,
1622 arp_key->arp_sip, is_mask);
1623 SW_FLOW_KEY_PUT(match, ipv4.addr.dst,
1624 arp_key->arp_tip, is_mask);
1625 SW_FLOW_KEY_PUT(match, ip.proto,
1626 ntohs(arp_key->arp_op), is_mask);
1627 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.sha,
1628 arp_key->arp_sha, ETH_ALEN, is_mask);
1629 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.tha,
1630 arp_key->arp_tha, ETH_ALEN, is_mask);
1631
1632 attrs &= ~(1 << OVS_KEY_ATTR_ARP);
1633 }
1634
b2d0f5d5
YY		 1635 if (attrs & (1 << OVS_KEY_ATTR_NSH)) {
1636 if (nsh_key_put_from_nlattr(a[OVS_KEY_ATTR_NSH], match,
1637 is_mask, false, log) < 0)
1638 return -EINVAL;
1639 attrs &= ~(1 << OVS_KEY_ATTR_NSH);
1640 }
1641
25cd9ba0
SH		 1642 if (attrs & (1 << OVS_KEY_ATTR_MPLS)) {
1643 const struct ovs_key_mpls *mpls_key;
1644
1645 mpls_key = nla_data(a[OVS_KEY_ATTR_MPLS]);
1646 SW_FLOW_KEY_PUT(match, mpls.top_lse,
1647 mpls_key->mpls_lse, is_mask);
1648
1649 attrs &= ~(1 << OVS_KEY_ATTR_MPLS);
1650 }
1651
e6445719
PS		 1652 if (attrs & (1 << OVS_KEY_ATTR_TCP)) {
1653 const struct ovs_key_tcp *tcp_key;
1654
1655 tcp_key = nla_data(a[OVS_KEY_ATTR_TCP]);
1139e241
JR		 1656 SW_FLOW_KEY_PUT(match, tp.src, tcp_key->tcp_src, is_mask);
1657 SW_FLOW_KEY_PUT(match, tp.dst, tcp_key->tcp_dst, is_mask);
e6445719
PS		 1658 attrs &= ~(1 << OVS_KEY_ATTR_TCP);
1659 }
1660
5eb26b15 1661 if (attrs & (1 << OVS_KEY_ATTR_TCP_FLAGS)) {
1b760fb9
JS		 1662 SW_FLOW_KEY_PUT(match, tp.flags,
1663 nla_get_be16(a[OVS_KEY_ATTR_TCP_FLAGS]),
1664 is_mask);
5eb26b15
JR		 1665 attrs &= ~(1 << OVS_KEY_ATTR_TCP_FLAGS);
1666 }
1667
e6445719
PS		 1668 if (attrs & (1 << OVS_KEY_ATTR_UDP)) {
1669 const struct ovs_key_udp *udp_key;
1670
1671 udp_key = nla_data(a[OVS_KEY_ATTR_UDP]);
1139e241
JR		 1672 SW_FLOW_KEY_PUT(match, tp.src, udp_key->udp_src, is_mask);
1673 SW_FLOW_KEY_PUT(match, tp.dst, udp_key->udp_dst, is_mask);
e6445719
PS		 1674 attrs &= ~(1 << OVS_KEY_ATTR_UDP);
1675 }
1676
1677 if (attrs & (1 << OVS_KEY_ATTR_SCTP)) {
1678 const struct ovs_key_sctp *sctp_key;
1679
1680 sctp_key = nla_data(a[OVS_KEY_ATTR_SCTP]);
1139e241
JR		 1681 SW_FLOW_KEY_PUT(match, tp.src, sctp_key->sctp_src, is_mask);
1682 SW_FLOW_KEY_PUT(match, tp.dst, sctp_key->sctp_dst, is_mask);
e6445719
PS		 1683 attrs &= ~(1 << OVS_KEY_ATTR_SCTP);
1684 }
1685
1686 if (attrs & (1 << OVS_KEY_ATTR_ICMP)) {
1687 const struct ovs_key_icmp *icmp_key;
1688
1689 icmp_key = nla_data(a[OVS_KEY_ATTR_ICMP]);
1139e241 1690 SW_FLOW_KEY_PUT(match, tp.src,
e6445719 1691 htons(icmp_key->icmp_type), is_mask);
1139e241 1692 SW_FLOW_KEY_PUT(match, tp.dst,
e6445719
PS		 1693 htons(icmp_key->icmp_code), is_mask);
1694 attrs &= ~(1 << OVS_KEY_ATTR_ICMP);
1695 }
1696
1697 if (attrs & (1 << OVS_KEY_ATTR_ICMPV6)) {
1698 const struct ovs_key_icmpv6 *icmpv6_key;
1699
1700 icmpv6_key = nla_data(a[OVS_KEY_ATTR_ICMPV6]);
1139e241 1701 SW_FLOW_KEY_PUT(match, tp.src,
e6445719 1702 htons(icmpv6_key->icmpv6_type), is_mask);
1139e241 1703 SW_FLOW_KEY_PUT(match, tp.dst,
e6445719
PS		 1704 htons(icmpv6_key->icmpv6_code), is_mask);
1705 attrs &= ~(1 << OVS_KEY_ATTR_ICMPV6);
1706 }
1707
1708 if (attrs & (1 << OVS_KEY_ATTR_ND)) {
1709 const struct ovs_key_nd *nd_key;
1710
1711 nd_key = nla_data(a[OVS_KEY_ATTR_ND]);
1712 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.target,
1713 nd_key->nd_target,
1714 sizeof(match->key->ipv6.nd.target),
1715 is_mask);
1716 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.sll,
1717 nd_key->nd_sll, ETH_ALEN, is_mask);
1718 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.tll,
1719 nd_key->nd_tll, ETH_ALEN, is_mask);
1720 attrs &= ~(1 << OVS_KEY_ATTR_ND);
1721 }
1722
426cda5c 1723 if (attrs != 0) {
05da5898 1724 OVS_NLERR(log, "Unknown key attributes %llx",
426cda5c 1725 (unsigned long long)attrs);
e6445719 1726 return -EINVAL;
426cda5c 1727 }
e6445719
PS		 1728
1729 return 0;
1730}
1731
81bfe3c3
TG		 1732static void nlattr_set(struct nlattr *attr, u8 val,
1733 const struct ovs_len_tbl *tbl)
e6445719 1734{
f47de068
PS		 1735 struct nlattr *nla;
1736 int rem;
e6445719 1737
f47de068
PS		 1738 /* The nlattr stream should already have been validated */
1739 nla_for_each_nested(nla, attr, rem) {
72f17baf
SB		 1740 if (tbl[nla_type(nla)].len == OVS_ATTR_NESTED)
1741 nlattr_set(nla, val, tbl[nla_type(nla)].next ? : tbl);
1742 else
f47de068 1743 memset(nla_data(nla), val, nla_len(nla));
9e384715
JS		 1744
1745 if (nla_type(nla) == OVS_KEY_ATTR_CT_STATE)
1746 *(u32 *)nla_data(nla) &= CT_SUPPORTED_MASK;
f47de068
PS		 1747 }
1748}
1749
1750static void mask_set_nlattr(struct nlattr *attr, u8 val)
1751{
81bfe3c3 1752 nlattr_set(attr, val, ovs_key_lens);
e6445719
PS		 1753}
1754
1755/**
1756 * ovs_nla_get_match - parses Netlink attributes into a flow key and
1757 * mask. In case the 'mask' is NULL, the flow is treated as exact match
1758 * flow. Otherwise, it is treated as a wildcarded flow, except the mask
1759 * does not include any don't care bit.
c2ac6673 1760 * @net: Used to determine per-namespace field support.
e6445719
PS		 1761 * @match: receives the extracted flow match information.
1762 * @key: Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink attribute
1763 * sequence. The fields should of the packet that triggered the creation
1764 * of this flow.
1765 * @mask: Optional. Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink
1766 * attribute specifies the mask field of the wildcarded flow.
05da5898
JR		 1767 * @log: Boolean to allow kernel error logging. Normally true, but when
1768 * probing for feature compatibility this should be passed in as false to
1769 * suppress unnecessary error logging.
e6445719 1770 */
c2ac6673 1771int ovs_nla_get_match(struct net *net, struct sw_flow_match *match,
a85311bf 1772 const struct nlattr *nla_key,
05da5898
JR		 1773 const struct nlattr *nla_mask,
1774 bool log)
e6445719
PS		 1775{
1776 const struct nlattr *a[OVS_KEY_ATTR_MAX + 1];
f47de068 1777 struct nlattr *newmask = NULL;
e6445719
PS		 1778 u64 key_attrs = 0;
1779 u64 mask_attrs = 0;
e6445719
PS		 1780 int err;
1781
05da5898 1782 err = parse_flow_nlattrs(nla_key, a, &key_attrs, log);
e6445719
PS		 1783 if (err)
1784 return err;
1785
018c1dda
EG		 1786 err = parse_vlan_from_nlattrs(match, &key_attrs, a, false, log);
1787 if (err)
1788 return err;
e6445719 1789
c2ac6673 1790 err = ovs_key_from_nlattrs(net, match, key_attrs, a, false, log);
e6445719
PS		 1791 if (err)
1792 return err;
1793
a85311bf
PS		 1794 if (match->mask) {
1795 if (!nla_mask) {
1796 /* Create an exact match mask. We need to set to 0xff
1797 * all the 'match->mask' fields that have been touched
1798 * in 'match->key'. We cannot simply memset
1799 * 'match->mask', because padding bytes and fields not
1800 * specified in 'match->key' should be left to 0.
1801 * Instead, we use a stream of netlink attributes,
1802 * copied from 'key' and set to 0xff.
1803 * ovs_key_from_nlattrs() will take care of filling
1804 * 'match->mask' appropriately.
1805 */
1806 newmask = kmemdup(nla_key,
1807 nla_total_size(nla_len(nla_key)),
1808 GFP_KERNEL);
1809 if (!newmask)
1810 return -ENOMEM;
f47de068 1811
a85311bf 1812 mask_set_nlattr(newmask, 0xff);
f47de068 1813
a85311bf
PS		 1814 /* The userspace does not send tunnel attributes that
1815 * are 0, but we should not wildcard them nonetheless.
1816 */
00a93bab 1817 if (match->key->tun_proto)
a85311bf
PS		 1818 SW_FLOW_KEY_MEMSET_FIELD(match, tun_key,
1819 0xff, true);
f47de068 1820
a85311bf
PS		 1821 nla_mask = newmask;
1822 }
f47de068 1823
05da5898 1824 err = parse_flow_mask_nlattrs(nla_mask, a, &mask_attrs, log);
e6445719 1825 if (err)
f47de068 1826 goto free_newmask;
e6445719 1827
a85311bf 1828 /* Always match on tci. */
018c1dda
EG		 1829 SW_FLOW_KEY_PUT(match, eth.vlan.tci, htons(0xffff), true);
1830 SW_FLOW_KEY_PUT(match, eth.cvlan.tci, htons(0xffff), true);
e6445719 1831
018c1dda
EG		 1832 err = parse_vlan_from_nlattrs(match, &mask_attrs, a, true, log);
1833 if (err)
1834 goto free_newmask;
e6445719 1835
c2ac6673
JS		 1836 err = ovs_key_from_nlattrs(net, match, mask_attrs, a, true,
1837 log);
e6445719 1838 if (err)
f47de068 1839 goto free_newmask;
e6445719
PS		 1840 }
1841
05da5898 1842 if (!match_validate(match, key_attrs, mask_attrs, log))
f47de068 1843 err = -EINVAL;
e6445719 1844
f47de068
PS		 1845free_newmask:
1846 kfree(newmask);
1847 return err;
e6445719
PS		 1848}
1849
74ed7ab9
JS		 1850static size_t get_ufid_len(const struct nlattr *attr, bool log)
1851{
1852 size_t len;
1853
1854 if (!attr)
1855 return 0;
1856
1857 len = nla_len(attr);
1858 if (len < 1 || len > MAX_UFID_LENGTH) {
1859 OVS_NLERR(log, "ufid size %u bytes exceeds the range (1, %d)",
1860 nla_len(attr), MAX_UFID_LENGTH);
1861 return 0;
1862 }
1863
1864 return len;
1865}
1866
1867/* Initializes 'flow->ufid', returning true if 'attr' contains a valid UFID,
1868 * or false otherwise.
1869 */
1870bool ovs_nla_get_ufid(struct sw_flow_id *sfid, const struct nlattr *attr,
1871 bool log)
1872{
1873 sfid->ufid_len = get_ufid_len(attr, log);
1874 if (sfid->ufid_len)
1875 memcpy(sfid->ufid, nla_data(attr), sfid->ufid_len);
1876
1877 return sfid->ufid_len;
1878}
1879
1880int ovs_nla_get_identifier(struct sw_flow_id *sfid, const struct nlattr *ufid,
1881 const struct sw_flow_key *key, bool log)
1882{
1883 struct sw_flow_key *new_key;
1884
1885 if (ovs_nla_get_ufid(sfid, ufid, log))
1886 return 0;
1887
1888 /* If UFID was not provided, use unmasked key. */
1889 new_key = kmalloc(sizeof(*new_key), GFP_KERNEL);
1890 if (!new_key)
1891 return -ENOMEM;
1892 memcpy(new_key, key, sizeof(*key));
1893 sfid->unmasked_key = new_key;
1894
1895 return 0;
1896}
1897
1898u32 ovs_nla_get_ufid_flags(const struct nlattr *attr)
1899{
1900 return attr ? nla_get_u32(attr) : 0;
1901}
1902
e6445719
PS		 1903/**
1904 * ovs_nla_get_flow_metadata - parses Netlink attributes into a flow key.
9dd7f890
JR		 1905 * @net: Network namespace.
1906 * @key: Receives extracted in_port, priority, tun_key, skb_mark and conntrack
1907 * metadata.
1908 * @a: Array of netlink attributes holding parsed %OVS_KEY_ATTR_* Netlink
1909 * attributes.
1910 * @attrs: Bit mask for the netlink attributes included in @a.
05da5898
JR		 1911 * @log: Boolean to allow kernel error logging. Normally true, but when
1912 * probing for feature compatibility this should be passed in as false to
1913 * suppress unnecessary error logging.
e6445719
PS		 1914 *
1915 * This parses a series of Netlink attributes that form a flow key, which must
1916 * take the same form accepted by flow_from_nlattrs(), but only enough of it to
1917 * get the metadata, that is, the parts of the flow key that cannot be
1918 * extracted from the packet itself.
9dd7f890
JR		 1919 *
1920 * This must be called before the packet key fields are filled in 'key'.
e6445719
PS		 1921 */
1922
9dd7f890
JR		 1923int ovs_nla_get_flow_metadata(struct net *net,
1924 const struct nlattr *a[OVS_KEY_ATTR_MAX + 1],
1925 u64 attrs, struct sw_flow_key *key, bool log)
e6445719 1926{
83c8df26 1927 struct sw_flow_match match;
e6445719
PS		 1928
1929 memset(&match, 0, sizeof(match));
83c8df26 1930 match.key = key;
e6445719 1931
316d4d78
JR		 1932 key->ct_state = 0;
1933 key->ct_zone = 0;
1934 key->ct_orig_proto = 0;
7f8a436e 1935 memset(&key->ct, 0, sizeof(key->ct));
9dd7f890
JR		 1936 memset(&key->ipv4.ct_orig, 0, sizeof(key->ipv4.ct_orig));
1937 memset(&key->ipv6.ct_orig, 0, sizeof(key->ipv6.ct_orig));
1938
83c8df26 1939 key->phy.in_port = DP_MAX_PORTS;
e6445719 1940
c2ac6673 1941 return metadata_from_nlattrs(net, &match, &attrs, a, false, log);
e6445719
PS		 1942}
1943
018c1dda
EG		 1944static int ovs_nla_put_vlan(struct sk_buff *skb, const struct vlan_head *vh,
1945 bool is_mask)
1946{
1947 __be16 eth_type = !is_mask ? vh->tpid : htons(0xffff);
1948
1949 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, eth_type) ||
1950 nla_put_be16(skb, OVS_KEY_ATTR_VLAN, vh->tci))
1951 return -EMSGSIZE;
1952 return 0;
1953}
1954
b2d0f5d5
YY		 1955static int nsh_key_to_nlattr(const struct ovs_key_nsh *nsh, bool is_mask,
1956 struct sk_buff *skb)
1957{
1958 struct nlattr *start;
1959
ae0be8de 1960 start = nla_nest_start_noflag(skb, OVS_KEY_ATTR_NSH);
b2d0f5d5
YY		 1961 if (!start)
1962 return -EMSGSIZE;
1963
1964 if (nla_put(skb, OVS_NSH_KEY_ATTR_BASE, sizeof(nsh->base), &nsh->base))
1965 goto nla_put_failure;
1966
1967 if (is_mask || nsh->base.mdtype == NSH_M_TYPE1) {
1968 if (nla_put(skb, OVS_NSH_KEY_ATTR_MD1,
1969 sizeof(nsh->context), nsh->context))
1970 goto nla_put_failure;
1971 }
1972
1973 /* Don't support MD type 2 yet */
1974
1975 nla_nest_end(skb, start);
1976
1977 return 0;
1978
1979nla_put_failure:
1980 return -EMSGSIZE;
1981}
1982
5b4237bb
JS		 1983static int __ovs_nla_put_key(const struct sw_flow_key *swkey,
1984 const struct sw_flow_key *output, bool is_mask,
1985 struct sk_buff *skb)
e6445719
PS		 1986{
1987 struct ovs_key_ethernet *eth_key;
018c1dda
EG		 1988 struct nlattr *nla;
1989 struct nlattr *encap = NULL;
1990 struct nlattr *in_encap = NULL;
e6445719 1991
971427f3
AZ		 1992 if (nla_put_u32(skb, OVS_KEY_ATTR_RECIRC_ID, output->recirc_id))
1993 goto nla_put_failure;
1994
1995 if (nla_put_u32(skb, OVS_KEY_ATTR_DP_HASH, output->ovs_flow_hash))
1996 goto nla_put_failure;
1997
e6445719
PS		 1998 if (nla_put_u32(skb, OVS_KEY_ATTR_PRIORITY, output->phy.priority))
1999 goto nla_put_failure;
2000
00a93bab 2001 if ((swkey->tun_proto || is_mask)) {
d91641d9 2002 const void *opts = NULL;
f5796684
JG		 2003
2004 if (output->tun_key.tun_flags & TUNNEL_OPTIONS_PRESENT)
d91641d9 2005 opts = TUN_METADATA_OPTS(output, swkey->tun_opts_len);
f5796684 2006
6b26ba3a 2007 if (ip_tun_to_nlattr(skb, &output->tun_key, opts,
18b6f717 2008 swkey->tun_opts_len, swkey->tun_proto, 0))
f5796684
JG		 2009 goto nla_put_failure;
2010 }
e6445719
PS		 2011
2012 if (swkey->phy.in_port == DP_MAX_PORTS) {
2013 if (is_mask && (output->phy.in_port == 0xffff))
2014 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT, 0xffffffff))
2015 goto nla_put_failure;
2016 } else {
2017 u16 upper_u16;
2018 upper_u16 = !is_mask ? 0 : 0xffff;
2019
2020 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT,
2021 (upper_u16 << 16) | output->phy.in_port))
2022 goto nla_put_failure;
2023 }
2024
2025 if (nla_put_u32(skb, OVS_KEY_ATTR_SKB_MARK, output->phy.skb_mark))
2026 goto nla_put_failure;
2027
9dd7f890 2028 if (ovs_ct_put_key(swkey, output, skb))
7f8a436e
JS		 2029 goto nla_put_failure;
2030
0a6410fb
JB		 2031 if (ovs_key_mac_proto(swkey) == MAC_PROTO_ETHERNET) {
2032 nla = nla_reserve(skb, OVS_KEY_ATTR_ETHERNET, sizeof(*eth_key));
2033 if (!nla)
e6445719 2034 goto nla_put_failure;
018c1dda 2035
0a6410fb
JB		 2036 eth_key = nla_data(nla);
2037 ether_addr_copy(eth_key->eth_src, output->eth.src);
2038 ether_addr_copy(eth_key->eth_dst, output->eth.dst);
2039
2040 if (swkey->eth.vlan.tci || eth_type_vlan(swkey->eth.type)) {
2041 if (ovs_nla_put_vlan(skb, &output->eth.vlan, is_mask))
018c1dda 2042 goto nla_put_failure;
ae0be8de 2043 encap = nla_nest_start_noflag(skb, OVS_KEY_ATTR_ENCAP);
0a6410fb 2044 if (!swkey->eth.vlan.tci)
018c1dda 2045 goto unencap;
0a6410fb
JB		 2046
2047 if (swkey->eth.cvlan.tci || eth_type_vlan(swkey->eth.type)) {
2048 if (ovs_nla_put_vlan(skb, &output->eth.cvlan, is_mask))
2049 goto nla_put_failure;
ae0be8de
MK		 2050 in_encap = nla_nest_start_noflag(skb,
2051 OVS_KEY_ATTR_ENCAP);
0a6410fb
JB		 2052 if (!swkey->eth.cvlan.tci)
2053 goto unencap;
2054 }
018c1dda 2055 }
e6445719 2056
0a6410fb
JB		 2057 if (swkey->eth.type == htons(ETH_P_802_2)) {
2058 /*
2059 * Ethertype 802.2 is represented in the netlink with omitted
2060 * OVS_KEY_ATTR_ETHERTYPE in the flow key attribute, and
2061 * 0xffff in the mask attribute. Ethertype can also
2062 * be wildcarded.
2063 */
2064 if (is_mask && output->eth.type)
2065 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE,
2066 output->eth.type))
2067 goto nla_put_failure;
2068 goto unencap;
2069 }
e6445719
PS		 2070 }
2071
2072 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, output->eth.type))
2073 goto nla_put_failure;
2074
018c1dda
EG		 2075 if (eth_type_vlan(swkey->eth.type)) {
2076 /* There are 3 VLAN tags, we don't know anything about the rest
2077 * of the packet, so truncate here.
2078 */
2079 WARN_ON_ONCE(!(encap && in_encap));
2080 goto unencap;
2081 }
2082
e6445719
PS		 2083 if (swkey->eth.type == htons(ETH_P_IP)) {
2084 struct ovs_key_ipv4 *ipv4_key;
2085
2086 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV4, sizeof(*ipv4_key));
2087 if (!nla)
2088 goto nla_put_failure;
2089 ipv4_key = nla_data(nla);
2090 ipv4_key->ipv4_src = output->ipv4.addr.src;
2091 ipv4_key->ipv4_dst = output->ipv4.addr.dst;
2092 ipv4_key->ipv4_proto = output->ip.proto;
2093 ipv4_key->ipv4_tos = output->ip.tos;
2094 ipv4_key->ipv4_ttl = output->ip.ttl;
2095 ipv4_key->ipv4_frag = output->ip.frag;
2096 } else if (swkey->eth.type == htons(ETH_P_IPV6)) {
2097 struct ovs_key_ipv6 *ipv6_key;
2098
2099 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV6, sizeof(*ipv6_key));
2100 if (!nla)
2101 goto nla_put_failure;
2102 ipv6_key = nla_data(nla);
2103 memcpy(ipv6_key->ipv6_src, &output->ipv6.addr.src,
2104 sizeof(ipv6_key->ipv6_src));
2105 memcpy(ipv6_key->ipv6_dst, &output->ipv6.addr.dst,
2106 sizeof(ipv6_key->ipv6_dst));
2107 ipv6_key->ipv6_label = output->ipv6.label;
2108 ipv6_key->ipv6_proto = output->ip.proto;
2109 ipv6_key->ipv6_tclass = output->ip.tos;
2110 ipv6_key->ipv6_hlimit = output->ip.ttl;
2111 ipv6_key->ipv6_frag = output->ip.frag;
b2d0f5d5
YY		 2112 } else if (swkey->eth.type == htons(ETH_P_NSH)) {
2113 if (nsh_key_to_nlattr(&output->nsh, is_mask, skb))
2114 goto nla_put_failure;
e6445719
PS		 2115 } else if (swkey->eth.type == htons(ETH_P_ARP) ||
2116 swkey->eth.type == htons(ETH_P_RARP)) {
2117 struct ovs_key_arp *arp_key;
2118
2119 nla = nla_reserve(skb, OVS_KEY_ATTR_ARP, sizeof(*arp_key));
2120 if (!nla)
2121 goto nla_put_failure;
2122 arp_key = nla_data(nla);
2123 memset(arp_key, 0, sizeof(struct ovs_key_arp));
2124 arp_key->arp_sip = output->ipv4.addr.src;
2125 arp_key->arp_tip = output->ipv4.addr.dst;
2126 arp_key->arp_op = htons(output->ip.proto);
8c63ff09
JP		 2127 ether_addr_copy(arp_key->arp_sha, output->ipv4.arp.sha);
2128 ether_addr_copy(arp_key->arp_tha, output->ipv4.arp.tha);
25cd9ba0
SH		 2129 } else if (eth_p_mpls(swkey->eth.type)) {
2130 struct ovs_key_mpls *mpls_key;
2131
2132 nla = nla_reserve(skb, OVS_KEY_ATTR_MPLS, sizeof(*mpls_key));
2133 if (!nla)
2134 goto nla_put_failure;
2135 mpls_key = nla_data(nla);
2136 mpls_key->mpls_lse = output->mpls.top_lse;
e6445719
PS		 2137 }
2138
2139 if ((swkey->eth.type == htons(ETH_P_IP) ||
2140 swkey->eth.type == htons(ETH_P_IPV6)) &&
2141 swkey->ip.frag != OVS_FRAG_TYPE_LATER) {
2142
2143 if (swkey->ip.proto == IPPROTO_TCP) {
2144 struct ovs_key_tcp *tcp_key;
2145
2146 nla = nla_reserve(skb, OVS_KEY_ATTR_TCP, sizeof(*tcp_key));
2147 if (!nla)
2148 goto nla_put_failure;
2149 tcp_key = nla_data(nla);
1139e241
JR		 2150 tcp_key->tcp_src = output->tp.src;
2151 tcp_key->tcp_dst = output->tp.dst;
2152 if (nla_put_be16(skb, OVS_KEY_ATTR_TCP_FLAGS,
2153 output->tp.flags))
2154 goto nla_put_failure;
e6445719
PS		 2155 } else if (swkey->ip.proto == IPPROTO_UDP) {
2156 struct ovs_key_udp *udp_key;
2157
2158 nla = nla_reserve(skb, OVS_KEY_ATTR_UDP, sizeof(*udp_key));
2159 if (!nla)
2160 goto nla_put_failure;
2161 udp_key = nla_data(nla);
1139e241
JR		 2162 udp_key->udp_src = output->tp.src;
2163 udp_key->udp_dst = output->tp.dst;
e6445719
PS		 2164 } else if (swkey->ip.proto == IPPROTO_SCTP) {
2165 struct ovs_key_sctp *sctp_key;
2166
2167 nla = nla_reserve(skb, OVS_KEY_ATTR_SCTP, sizeof(*sctp_key));
2168 if (!nla)
2169 goto nla_put_failure;
2170 sctp_key = nla_data(nla);
1139e241
JR		 2171 sctp_key->sctp_src = output->tp.src;
2172 sctp_key->sctp_dst = output->tp.dst;
e6445719
PS		 2173 } else if (swkey->eth.type == htons(ETH_P_IP) &&
2174 swkey->ip.proto == IPPROTO_ICMP) {
2175 struct ovs_key_icmp *icmp_key;
2176
2177 nla = nla_reserve(skb, OVS_KEY_ATTR_ICMP, sizeof(*icmp_key));
2178 if (!nla)
2179 goto nla_put_failure;
2180 icmp_key = nla_data(nla);
1139e241
JR		 2181 icmp_key->icmp_type = ntohs(output->tp.src);
2182 icmp_key->icmp_code = ntohs(output->tp.dst);
e6445719
PS		 2183 } else if (swkey->eth.type == htons(ETH_P_IPV6) &&
2184 swkey->ip.proto == IPPROTO_ICMPV6) {
2185 struct ovs_key_icmpv6 *icmpv6_key;
2186
2187 nla = nla_reserve(skb, OVS_KEY_ATTR_ICMPV6,
2188 sizeof(*icmpv6_key));
2189 if (!nla)
2190 goto nla_put_failure;
2191 icmpv6_key = nla_data(nla);
1139e241
JR		 2192 icmpv6_key->icmpv6_type = ntohs(output->tp.src);
2193 icmpv6_key->icmpv6_code = ntohs(output->tp.dst);
e6445719
PS		 2194
2195 if (icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_SOLICITATION ||
2196 icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_ADVERTISEMENT) {
2197 struct ovs_key_nd *nd_key;
2198
2199 nla = nla_reserve(skb, OVS_KEY_ATTR_ND, sizeof(*nd_key));
2200 if (!nla)
2201 goto nla_put_failure;
2202 nd_key = nla_data(nla);
2203 memcpy(nd_key->nd_target, &output->ipv6.nd.target,
2204 sizeof(nd_key->nd_target));
8c63ff09
JP		 2205 ether_addr_copy(nd_key->nd_sll, output->ipv6.nd.sll);
2206 ether_addr_copy(nd_key->nd_tll, output->ipv6.nd.tll);
e6445719
PS		 2207 }
2208 }
2209 }
2210
2211unencap:
018c1dda
EG		 2212 if (in_encap)
2213 nla_nest_end(skb, in_encap);
e6445719
PS		 2214 if (encap)
2215 nla_nest_end(skb, encap);
2216
2217 return 0;
2218
2219nla_put_failure:
2220 return -EMSGSIZE;
2221}
2222
5b4237bb
JS		 2223int ovs_nla_put_key(const struct sw_flow_key *swkey,
2224 const struct sw_flow_key *output, int attr, bool is_mask,
2225 struct sk_buff *skb)
2226{
2227 int err;
2228 struct nlattr *nla;
2229
ae0be8de 2230 nla = nla_nest_start_noflag(skb, attr);
5b4237bb
JS		 2231 if (!nla)
2232 return -EMSGSIZE;
2233 err = __ovs_nla_put_key(swkey, output, is_mask, skb);
2234 if (err)
2235 return err;
2236 nla_nest_end(skb, nla);
2237
2238 return 0;
2239}
2240
2241/* Called with ovs_mutex or RCU read lock. */
74ed7ab9
JS		 2242int ovs_nla_put_identifier(const struct sw_flow *flow, struct sk_buff *skb)
2243{
2244 if (ovs_identifier_is_ufid(&flow->id))
2245 return nla_put(skb, OVS_FLOW_ATTR_UFID, flow->id.ufid_len,
2246 flow->id.ufid);
2247
2248 return ovs_nla_put_key(flow->id.unmasked_key, flow->id.unmasked_key,
2249 OVS_FLOW_ATTR_KEY, false, skb);
2250}
2251
2252/* Called with ovs_mutex or RCU read lock. */
2253int ovs_nla_put_masked_key(const struct sw_flow *flow, struct sk_buff *skb)
5b4237bb 2254{
26ad0b83 2255 return ovs_nla_put_key(&flow->key, &flow->key,
5b4237bb
JS		 2256 OVS_FLOW_ATTR_KEY, false, skb);
2257}
2258
2259/* Called with ovs_mutex or RCU read lock. */
2260int ovs_nla_put_mask(const struct sw_flow *flow, struct sk_buff *skb)
2261{
2262 return ovs_nla_put_key(&flow->key, &flow->mask->key,
2263 OVS_FLOW_ATTR_MASK, true, skb);
2264}
2265
e6445719
PS		 2266#define MAX_ACTIONS_BUFSIZE (32 * 1024)
2267
67c8d22a 2268static struct sw_flow_actions *nla_alloc_flow_actions(int size)
e6445719
PS		 2269{
2270 struct sw_flow_actions *sfa;
2271
67c8d22a 2272 WARN_ON_ONCE(size > MAX_ACTIONS_BUFSIZE);
e6445719
PS		 2273
2274 sfa = kmalloc(sizeof(*sfa) + size, GFP_KERNEL);
2275 if (!sfa)
2276 return ERR_PTR(-ENOMEM);
2277
2278 sfa->actions_len = 0;
2279 return sfa;
2280}
2281
34ae932a
TG		 2282static void ovs_nla_free_set_action(const struct nlattr *a)
2283{
2284 const struct nlattr *ovs_key = nla_data(a);
2285 struct ovs_tunnel_info *ovs_tun;
2286
2287 switch (nla_type(ovs_key)) {
2288 case OVS_KEY_ATTR_TUNNEL_INFO:
2289 ovs_tun = nla_data(ovs_key);
2290 dst_release((struct dst_entry *)ovs_tun->tun_dst);
2291 break;
2292 }
2293}
2294
2295void ovs_nla_free_flow_actions(struct sw_flow_actions *sf_acts)
2296{
2297 const struct nlattr *a;
2298 int rem;
2299
2300 if (!sf_acts)
2301 return;
2302
2303 nla_for_each_attr(a, sf_acts->actions, sf_acts->actions_len, rem) {
2304 switch (nla_type(a)) {
2305 case OVS_ACTION_ATTR_SET:
2306 ovs_nla_free_set_action(a);
2307 break;
7f8a436e
JS		 2308 case OVS_ACTION_ATTR_CT:
2309 ovs_ct_free_action(a);
2310 break;
34ae932a
TG		 2311 }
2312 }
2313
2314 kfree(sf_acts);
2315}
2316
2317static void __ovs_nla_free_flow_actions(struct rcu_head *head)
2318{
2319 ovs_nla_free_flow_actions(container_of(head, struct sw_flow_actions, rcu));
2320}
2321
e6445719
PS		 2322/* Schedules 'sf_acts' to be freed after the next RCU grace period.
2323 * The caller must hold rcu_read_lock for this to be sensible. */
34ae932a 2324void ovs_nla_free_flow_actions_rcu(struct sw_flow_actions *sf_acts)
e6445719 2325{
34ae932a 2326 call_rcu(&sf_acts->rcu, __ovs_nla_free_flow_actions);
e6445719
PS		 2327}
2328
2329static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa,
05da5898 2330 int attr_len, bool log)
e6445719
PS		 2331{
2332
2333 struct sw_flow_actions *acts;
2334 int new_acts_size;
f28cd2af 2335 size_t req_size = NLA_ALIGN(attr_len);
e6445719
PS		 2336 int next_offset = offsetof(struct sw_flow_actions, actions) +
2337 (*sfa)->actions_len;
2338
2339 if (req_size <= (ksize(*sfa) - next_offset))
2340 goto out;
2341
f28cd2af 2342 new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2);
e6445719
PS		 2343
2344 if (new_acts_size > MAX_ACTIONS_BUFSIZE) {
67c8d22a 2345 if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) {
2346 OVS_NLERR(log, "Flow action size exceeds max %u",
2347 MAX_ACTIONS_BUFSIZE);
e6445719 2348 return ERR_PTR(-EMSGSIZE);
67c8d22a 2349 }
e6445719
PS		 2350 new_acts_size = MAX_ACTIONS_BUFSIZE;
2351 }
2352
67c8d22a 2353 acts = nla_alloc_flow_actions(new_acts_size);
e6445719
PS		 2354 if (IS_ERR(acts))
2355 return (void *)acts;
2356
2357 memcpy(acts->actions, (*sfa)->actions, (*sfa)->actions_len);
2358 acts->actions_len = (*sfa)->actions_len;
8e2fed1c 2359 acts->orig_len = (*sfa)->orig_len;
e6445719
PS		 2360 kfree(*sfa);
2361 *sfa = acts;
2362
2363out:
2364 (*sfa)->actions_len += req_size;
2365 return (struct nlattr *) ((unsigned char *)(*sfa) + next_offset);
2366}
2367
f0b128c1 2368static struct nlattr *__add_action(struct sw_flow_actions **sfa,
05da5898 2369 int attrtype, void *data, int len, bool log)
e6445719
PS		 2370{
2371 struct nlattr *a;
2372
05da5898 2373 a = reserve_sfa_size(sfa, nla_attr_size(len), log);
e6445719 2374 if (IS_ERR(a))
f0b128c1 2375 return a;
e6445719
PS		 2376
2377 a->nla_type = attrtype;
2378 a->nla_len = nla_attr_size(len);
2379
2380 if (data)
2381 memcpy(nla_data(a), data, len);
2382 memset((unsigned char *) a + a->nla_len, 0, nla_padlen(len));
2383
f0b128c1
JG		 2384 return a;
2385}
2386
7f8a436e
JS		 2387int ovs_nla_add_action(struct sw_flow_actions **sfa, int attrtype, void *data,
2388 int len, bool log)
f0b128c1
JG		 2389{
2390 struct nlattr *a;
2391
05da5898 2392 a = __add_action(sfa, attrtype, data, len, log);
f0b128c1 2393
f35423c1 2394 return PTR_ERR_OR_ZERO(a);
e6445719
PS		 2395}
2396
2397static inline int add_nested_action_start(struct sw_flow_actions **sfa,
05da5898 2398 int attrtype, bool log)
e6445719
PS		 2399{
2400 int used = (*sfa)->actions_len;
2401 int err;
2402
7f8a436e 2403 err = ovs_nla_add_action(sfa, attrtype, NULL, 0, log);
e6445719
PS		 2404 if (err)
2405 return err;
2406
2407 return used;
2408}
2409
2410static inline void add_nested_action_end(struct sw_flow_actions *sfa,
2411 int st_offset)
2412{
2413 struct nlattr *a = (struct nlattr *) ((unsigned char *)sfa->actions +
2414 st_offset);
2415
2416 a->nla_len = sfa->actions_len - st_offset;
2417}
2418
7f8a436e 2419static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
25cd9ba0 2420 const struct sw_flow_key *key,
798c1661 2421 struct sw_flow_actions **sfa,
05da5898 2422 __be16 eth_type, __be16 vlan_tci, bool log);
25cd9ba0 2423
7f8a436e 2424static int validate_and_copy_sample(struct net *net, const struct nlattr *attr,
798c1661 2425 const struct sw_flow_key *key,
25cd9ba0 2426 struct sw_flow_actions **sfa,
798c1661 2427 __be16 eth_type, __be16 vlan_tci,
2428 bool log, bool last)
e6445719
PS		 2429{
2430 const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1];
2431 const struct nlattr *probability, *actions;
2432 const struct nlattr *a;
798c1661 2433 int rem, start, err;
2434 struct sample_arg arg;
e6445719
PS		 2435
2436 memset(attrs, 0, sizeof(attrs));
2437 nla_for_each_nested(a, attr, rem) {
2438 int type = nla_type(a);
2439 if (!type || type > OVS_SAMPLE_ATTR_MAX || attrs[type])
2440 return -EINVAL;
2441 attrs[type] = a;
2442 }
2443 if (rem)
2444 return -EINVAL;
2445
2446 probability = attrs[OVS_SAMPLE_ATTR_PROBABILITY];
2447 if (!probability || nla_len(probability) != sizeof(u32))
2448 return -EINVAL;
2449
2450 actions = attrs[OVS_SAMPLE_ATTR_ACTIONS];
2451 if (!actions || (nla_len(actions) && nla_len(actions) < NLA_HDRLEN))
2452 return -EINVAL;
2453
2454 /* validation done, copy sample action. */
05da5898 2455 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SAMPLE, log);
e6445719
PS		 2456 if (start < 0)
2457 return start;
798c1661 2458
2459 /* When both skb and flow may be changed, put the sample
2460 * into a deferred fifo. On the other hand, if only skb
2461 * may be modified, the actions can be executed in place.
2462 *
2463 * Do this analysis at the flow installation time.
2464 * Set 'clone_action->exec' to true if the actions can be
2465 * executed without being deferred.
2466 *
2467 * If the sample is the last action, it can always be excuted
2468 * rather than deferred.
2469 */
2470 arg.exec = last || !actions_may_change_flow(actions);
2471 arg.probability = nla_get_u32(probability);
2472
2473 err = ovs_nla_add_action(sfa, OVS_SAMPLE_ATTR_ARG, &arg, sizeof(arg),
2474 log);
e6445719
PS		 2475 if (err)
2476 return err;
e6445719 2477
798c1661 2478 err = __ovs_nla_copy_actions(net, actions, key, sfa,
05da5898 2479 eth_type, vlan_tci, log);
798c1661 2480
e6445719
PS		 2481 if (err)
2482 return err;
2483
e6445719
PS		 2484 add_nested_action_end(*sfa, start);
2485
2486 return 0;
2487}
2488
b2335040
YS		 2489static int validate_and_copy_clone(struct net *net,
2490 const struct nlattr *attr,
2491 const struct sw_flow_key *key,
2492 struct sw_flow_actions **sfa,
2493 __be16 eth_type, __be16 vlan_tci,
2494 bool log, bool last)
2495{
2496 int start, err;
2497 u32 exec;
2498
2499 if (nla_len(attr) && nla_len(attr) < NLA_HDRLEN)
2500 return -EINVAL;
2501
2502 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_CLONE, log);
2503 if (start < 0)
2504 return start;
2505
2506 exec = last || !actions_may_change_flow(attr);
2507
2508 err = ovs_nla_add_action(sfa, OVS_CLONE_ATTR_EXEC, &exec,
2509 sizeof(exec), log);
2510 if (err)
2511 return err;
2512
2513 err = __ovs_nla_copy_actions(net, attr, key, sfa,
2514 eth_type, vlan_tci, log);
2515 if (err)
2516 return err;
2517
2518 add_nested_action_end(*sfa, start);
2519
2520 return 0;
2521}
2522
e6445719
PS		 2523void ovs_match_init(struct sw_flow_match *match,
2524 struct sw_flow_key *key,
2279994d 2525 bool reset_key,
e6445719
PS		 2526 struct sw_flow_mask *mask)
2527{
2528 memset(match, 0, sizeof(*match));
2529 match->key = key;
2530 match->mask = mask;
2531
2279994d 2532 if (reset_key)
2533 memset(key, 0, sizeof(*key));
e6445719
PS		 2534
2535 if (mask) {
2536 memset(&mask->key, 0, sizeof(mask->key));
2537 mask->range.start = mask->range.end = 0;
2538 }
2539}
2540
d91641d9
TG		 2541static int validate_geneve_opts(struct sw_flow_key *key)
2542{
2543 struct geneve_opt *option;
2544 int opts_len = key->tun_opts_len;
2545 bool crit_opt = false;
2546
2547 option = (struct geneve_opt *)TUN_METADATA_OPTS(key, key->tun_opts_len);
2548 while (opts_len > 0) {
2549 int len;
2550
2551 if (opts_len < sizeof(*option))
2552 return -EINVAL;
2553
2554 len = sizeof(*option) + option->length * 4;
2555 if (len > opts_len)
2556 return -EINVAL;
2557
2558 crit_opt |= !!(option->type & GENEVE_CRIT_OPT_TYPE);
2559
2560 option = (struct geneve_opt *)((u8 *)option + len);
2561 opts_len -= len;
89290b83 2562 }
d91641d9
TG		 2563
2564 key->tun_key.tun_flags |= crit_opt ? TUNNEL_CRIT_OPT : 0;
2565
2566 return 0;
2567}
2568
e6445719 2569static int validate_and_copy_set_tun(const struct nlattr *attr,
05da5898 2570 struct sw_flow_actions **sfa, bool log)
e6445719
PS		 2571{
2572 struct sw_flow_match match;
2573 struct sw_flow_key key;
34ae932a 2574 struct metadata_dst *tun_dst;
1d8fff90 2575 struct ip_tunnel_info *tun_info;
34ae932a 2576 struct ovs_tunnel_info *ovs_tun;
f0b128c1 2577 struct nlattr *a;
13101602 2578 int err = 0, start, opts_type;
256c87c1 2579 __be16 dst_opt_type;
e6445719 2580
256c87c1 2581 dst_opt_type = 0;
2279994d 2582 ovs_match_init(&match, &key, true, NULL);
6b26ba3a 2583 opts_type = ip_tun_from_nlattr(nla_data(attr), &match, false, log);
1dd144cf
TG		 2584 if (opts_type < 0)
2585 return opts_type;
e6445719 2586
f5796684 2587 if (key.tun_opts_len) {
1dd144cf
TG		 2588 switch (opts_type) {
2589 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS:
2590 err = validate_geneve_opts(&key);
2591 if (err < 0)
2592 return err;
256c87c1 2593 dst_opt_type = TUNNEL_GENEVE_OPT;
1dd144cf
TG		 2594 break;
2595 case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS:
256c87c1 2596 dst_opt_type = TUNNEL_VXLAN_OPT;
1dd144cf 2597 break;
fc1372f8 2598 case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS:
256c87c1 2599 dst_opt_type = TUNNEL_ERSPAN_OPT;
fc1372f8 2600 break;
1dd144cf 2601 }
89290b83 2602 }
f5796684 2603
05da5898 2604 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SET, log);
e6445719
PS		 2605 if (start < 0)
2606 return start;
2607
3fcece12
JK		 2608 tun_dst = metadata_dst_alloc(key.tun_opts_len, METADATA_IP_TUNNEL,
2609 GFP_KERNEL);
2610
34ae932a
TG		 2611 if (!tun_dst)
2612 return -ENOMEM;
2613
d71785ff
PA		 2614 err = dst_cache_init(&tun_dst->u.tun_info.dst_cache, GFP_KERNEL);
2615 if (err) {
2616 dst_release((struct dst_entry *)tun_dst);
2617 return err;
2618 }
2619
f0b128c1 2620 a = __add_action(sfa, OVS_KEY_ATTR_TUNNEL_INFO, NULL,
34ae932a
TG		 2621 sizeof(*ovs_tun), log);
2622 if (IS_ERR(a)) {
2623 dst_release((struct dst_entry *)tun_dst);
f0b128c1 2624 return PTR_ERR(a);
34ae932a
TG		 2625 }
2626
2627 ovs_tun = nla_data(a);
2628 ovs_tun->tun_dst = tun_dst;
f0b128c1 2629
34ae932a
TG		 2630 tun_info = &tun_dst->u.tun_info;
2631 tun_info->mode = IP_TUNNEL_INFO_TX;
00a93bab
JB		 2632 if (key.tun_proto == AF_INET6)
2633 tun_info->mode |= IP_TUNNEL_INFO_IPV6;
18b6f717 2634 else if (key.tun_proto == AF_INET && key.tun_key.u.ipv4.dst == 0)
2635 tun_info->mode |= IP_TUNNEL_INFO_BRIDGE;
1d8fff90 2636 tun_info->key = key.tun_key;
f0b128c1 2637
4c222798
PS		 2638 /* We need to store the options in the action itself since
2639 * everything else will go away after flow setup. We can append
2640 * it to tun_info and then point there.
2641 */
2642 ip_tunnel_info_opts_set(tun_info,
2643 TUN_METADATA_OPTS(&key, key.tun_opts_len),
256c87c1 2644 key.tun_opts_len, dst_opt_type);
e6445719
PS		 2645 add_nested_action_end(*sfa, start);
2646
2647 return err;
2648}
2649
b2d0f5d5
YY		 2650static bool validate_nsh(const struct nlattr *attr, bool is_mask,
2651 bool is_push_nsh, bool log)
2652{
2653 struct sw_flow_match match;
2654 struct sw_flow_key key;
2655 int ret = 0;
2656
2657 ovs_match_init(&match, &key, true, NULL);
2658 ret = nsh_key_put_from_nlattr(attr, &match, is_mask,
2659 is_push_nsh, log);
2660 return !ret;
2661}
2662
83d2b9ba
JR		 2663/* Return false if there are any non-masked bits set.
2664 * Mask follows data immediately, before any netlink padding.
2665 */
2666static bool validate_masked(u8 *data, int len)
2667{
2668 u8 *mask = data + len;
2669
2670 while (len--)
2671 if (*data++ & ~*mask++)
2672 return false;
2673
2674 return true;
2675}
2676
e6445719
PS		 2677static int validate_set(const struct nlattr *a,
2678 const struct sw_flow_key *flow_key,
0a6410fb
JB		 2679 struct sw_flow_actions **sfa, bool *skip_copy,
2680 u8 mac_proto, __be16 eth_type, bool masked, bool log)
e6445719
PS		 2681{
2682 const struct nlattr *ovs_key = nla_data(a);
2683 int key_type = nla_type(ovs_key);
83d2b9ba 2684 size_t key_len;
e6445719
PS		 2685
2686 /* There can be only one key in a action */
2687 if (nla_total_size(nla_len(ovs_key)) != nla_len(a))
2688 return -EINVAL;
2689
83d2b9ba
JR		 2690 key_len = nla_len(ovs_key);
2691 if (masked)
2692 key_len /= 2;
2693
e6445719 2694 if (key_type > OVS_KEY_ATTR_MAX ||
982b5270 2695 !check_attr_len(key_len, ovs_key_lens[key_type].len))
e6445719
PS		 2696 return -EINVAL;
2697
83d2b9ba
JR		 2698 if (masked && !validate_masked(nla_data(ovs_key), key_len))
2699 return -EINVAL;
2700
e6445719
PS		 2701 switch (key_type) {
2702 const struct ovs_key_ipv4 *ipv4_key;
2703 const struct ovs_key_ipv6 *ipv6_key;
2704 int err;
2705
2706 case OVS_KEY_ATTR_PRIORITY:
2707 case OVS_KEY_ATTR_SKB_MARK:
182e3042 2708 case OVS_KEY_ATTR_CT_MARK:
33db4125 2709 case OVS_KEY_ATTR_CT_LABELS:
e6445719
PS		 2710 break;
2711
0a6410fb
JB		 2712 case OVS_KEY_ATTR_ETHERNET:
2713 if (mac_proto != MAC_PROTO_ETHERNET)
2714 return -EINVAL;
87e159c5 2715 break;
0a6410fb 2716
e6445719 2717 case OVS_KEY_ATTR_TUNNEL:
83d2b9ba
JR		 2718 if (masked)
2719 return -EINVAL; /* Masked tunnel set not supported. */
2720
2721 *skip_copy = true;
05da5898 2722 err = validate_and_copy_set_tun(a, sfa, log);
e6445719
PS		 2723 if (err)
2724 return err;
2725 break;
2726
2727 case OVS_KEY_ATTR_IPV4:
25cd9ba0 2728 if (eth_type != htons(ETH_P_IP))
e6445719
PS		 2729 return -EINVAL;
2730
e6445719 2731 ipv4_key = nla_data(ovs_key);
e6445719 2732
83d2b9ba
JR		 2733 if (masked) {
2734 const struct ovs_key_ipv4 *mask = ipv4_key + 1;
e6445719 2735
83d2b9ba
JR		 2736 /* Non-writeable fields. */
2737 if (mask->ipv4_proto || mask->ipv4_frag)
2738 return -EINVAL;
2739 } else {
2740 if (ipv4_key->ipv4_proto != flow_key->ip.proto)
2741 return -EINVAL;
2742
2743 if (ipv4_key->ipv4_frag != flow_key->ip.frag)
2744 return -EINVAL;
2745 }
e6445719
PS		 2746 break;
2747
2748 case OVS_KEY_ATTR_IPV6:
25cd9ba0 2749 if (eth_type != htons(ETH_P_IPV6))
e6445719
PS		 2750 return -EINVAL;
2751
e6445719 2752 ipv6_key = nla_data(ovs_key);
e6445719 2753
83d2b9ba
JR		 2754 if (masked) {
2755 const struct ovs_key_ipv6 *mask = ipv6_key + 1;
2756
2757 /* Non-writeable fields. */
2758 if (mask->ipv6_proto || mask->ipv6_frag)
2759 return -EINVAL;
2760
2761 /* Invalid bits in the flow label mask? */
2762 if (ntohl(mask->ipv6_label) & 0xFFF00000)
2763 return -EINVAL;
2764 } else {
2765 if (ipv6_key->ipv6_proto != flow_key->ip.proto)
2766 return -EINVAL;
e6445719 2767
83d2b9ba
JR		 2768 if (ipv6_key->ipv6_frag != flow_key->ip.frag)
2769 return -EINVAL;
2770 }
e6445719
PS		 2771 if (ntohl(ipv6_key->ipv6_label) & 0xFFF00000)
2772 return -EINVAL;
2773
2774 break;
2775
2776 case OVS_KEY_ATTR_TCP:
83d2b9ba
JR		 2777 if ((eth_type != htons(ETH_P_IP) &&
2778 eth_type != htons(ETH_P_IPV6)) ||
2779 flow_key->ip.proto != IPPROTO_TCP)
e6445719
PS		 2780 return -EINVAL;
2781
83d2b9ba 2782 break;
e6445719
PS		 2783
2784 case OVS_KEY_ATTR_UDP:
83d2b9ba
JR		 2785 if ((eth_type != htons(ETH_P_IP) &&
2786 eth_type != htons(ETH_P_IPV6)) ||
2787 flow_key->ip.proto != IPPROTO_UDP)
e6445719
PS		 2788 return -EINVAL;
2789
83d2b9ba 2790 break;
25cd9ba0
SH		 2791
2792 case OVS_KEY_ATTR_MPLS:
2793 if (!eth_p_mpls(eth_type))
2794 return -EINVAL;
2795 break;
e6445719
PS		 2796
2797 case OVS_KEY_ATTR_SCTP:
83d2b9ba
JR		 2798 if ((eth_type != htons(ETH_P_IP) &&
2799 eth_type != htons(ETH_P_IPV6)) ||
2800 flow_key->ip.proto != IPPROTO_SCTP)
e6445719
PS		 2801 return -EINVAL;
2802
83d2b9ba 2803 break;
e6445719 2804
b2d0f5d5
YY		 2805 case OVS_KEY_ATTR_NSH:
2806 if (eth_type != htons(ETH_P_NSH))
2807 return -EINVAL;
2808 if (!validate_nsh(nla_data(a), masked, false, log))
2809 return -EINVAL;
2810 break;
2811
e6445719
PS		 2812 default:
2813 return -EINVAL;
2814 }
2815
83d2b9ba
JR		 2816 /* Convert non-masked non-tunnel set actions to masked set actions. */
2817 if (!masked && key_type != OVS_KEY_ATTR_TUNNEL) {
2818 int start, len = key_len * 2;
2819 struct nlattr *at;
2820
2821 *skip_copy = true;
2822
2823 start = add_nested_action_start(sfa,
2824 OVS_ACTION_ATTR_SET_TO_MASKED,
2825 log);
2826 if (start < 0)
2827 return start;
2828
2829 at = __add_action(sfa, key_type, NULL, len, log);
2830 if (IS_ERR(at))
2831 return PTR_ERR(at);
2832
2833 memcpy(nla_data(at), nla_data(ovs_key), key_len); /* Key. */
2834 memset(nla_data(at) + key_len, 0xff, key_len); /* Mask. */
2835 /* Clear non-writeable bits from otherwise writeable fields. */
2836 if (key_type == OVS_KEY_ATTR_IPV6) {
2837 struct ovs_key_ipv6 *mask = nla_data(at) + key_len;
2838
2839 mask->ipv6_label &= htonl(0x000FFFFF);
2840 }
2841 add_nested_action_end(*sfa, start);
2842 }
2843
e6445719
PS		 2844 return 0;
2845}
2846
2847static int validate_userspace(const struct nlattr *attr)
2848{
2849 static const struct nla_policy userspace_policy[OVS_USERSPACE_ATTR_MAX + 1] = {
2850 [OVS_USERSPACE_ATTR_PID] = {.type = NLA_U32 },
2851 [OVS_USERSPACE_ATTR_USERDATA] = {.type = NLA_UNSPEC },
8f0aad6f 2852 [OVS_USERSPACE_ATTR_EGRESS_TUN_PORT] = {.type = NLA_U32 },
e6445719
PS		 2853 };
2854 struct nlattr *a[OVS_USERSPACE_ATTR_MAX + 1];
2855 int error;
2856
8cb08174
JB		 2857 error = nla_parse_nested_deprecated(a, OVS_USERSPACE_ATTR_MAX, attr,
2858 userspace_policy, NULL);
e6445719
PS		 2859 if (error)
2860 return error;
2861
2862 if (!a[OVS_USERSPACE_ATTR_PID] ||
2863 !nla_get_u32(a[OVS_USERSPACE_ATTR_PID]))
2864 return -EINVAL;
2865
2866 return 0;
2867}
2868
4d5ec89f
NS		 2869static const struct nla_policy cpl_policy[OVS_CHECK_PKT_LEN_ATTR_MAX + 1] = {
2870 [OVS_CHECK_PKT_LEN_ATTR_PKT_LEN] = {.type = NLA_U16 },
2871 [OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER] = {.type = NLA_NESTED },
2872 [OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL] = {.type = NLA_NESTED },
2873};
2874
2875static int validate_and_copy_check_pkt_len(struct net *net,
2876 const struct nlattr *attr,
2877 const struct sw_flow_key *key,
2878 struct sw_flow_actions **sfa,
2879 __be16 eth_type, __be16 vlan_tci,
2880 bool log, bool last)
2881{
2882 const struct nlattr *acts_if_greater, *acts_if_lesser_eq;
2883 struct nlattr *a[OVS_CHECK_PKT_LEN_ATTR_MAX + 1];
2884 struct check_pkt_len_arg arg;
2885 int nested_acts_start;
2886 int start, err;
2887
8cb08174
JB		 2888 err = nla_parse_deprecated_strict(a, OVS_CHECK_PKT_LEN_ATTR_MAX,
2889 nla_data(attr), nla_len(attr),
2890 cpl_policy, NULL);
4d5ec89f
NS		 2891 if (err)
2892 return err;
2893
2894 if (!a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN] ||
2895 !nla_get_u16(a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN]))
2896 return -EINVAL;
2897
2898 acts_if_lesser_eq = a[OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL];
2899 acts_if_greater = a[OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER];
2900
2901 /* Both the nested action should be present. */
2902 if (!acts_if_greater || !acts_if_lesser_eq)
2903 return -EINVAL;
2904
2905 /* validation done, copy the nested actions. */
2906 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_CHECK_PKT_LEN,
2907 log);
2908 if (start < 0)
2909 return start;
2910
2911 arg.pkt_len = nla_get_u16(a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN]);
2912 arg.exec_for_lesser_equal =
2913 last || !actions_may_change_flow(acts_if_lesser_eq);
2914 arg.exec_for_greater =
2915 last || !actions_may_change_flow(acts_if_greater);
2916
2917 err = ovs_nla_add_action(sfa, OVS_CHECK_PKT_LEN_ATTR_ARG, &arg,
2918 sizeof(arg), log);
2919 if (err)
2920 return err;
2921
2922 nested_acts_start = add_nested_action_start(sfa,
2923 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL, log);
2924 if (nested_acts_start < 0)
2925 return nested_acts_start;
2926
2927 err = __ovs_nla_copy_actions(net, acts_if_lesser_eq, key, sfa,
2928 eth_type, vlan_tci, log);
2929
2930 if (err)
2931 return err;
2932
2933 add_nested_action_end(*sfa, nested_acts_start);
2934
2935 nested_acts_start = add_nested_action_start(sfa,
2936 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER, log);
2937 if (nested_acts_start < 0)
2938 return nested_acts_start;
2939
2940 err = __ovs_nla_copy_actions(net, acts_if_greater, key, sfa,
2941 eth_type, vlan_tci, log);
2942
2943 if (err)
2944 return err;
2945
2946 add_nested_action_end(*sfa, nested_acts_start);
2947 add_nested_action_end(*sfa, start);
2948 return 0;
2949}
2950
e6445719 2951static int copy_action(const struct nlattr *from,
05da5898 2952 struct sw_flow_actions **sfa, bool log)
e6445719
PS		 2953{
2954 int totlen = NLA_ALIGN(from->nla_len);
2955 struct nlattr *to;
2956
05da5898 2957 to = reserve_sfa_size(sfa, from->nla_len, log);
e6445719
PS		 2958 if (IS_ERR(to))
2959 return PTR_ERR(to);
2960
2961 memcpy(to, from, totlen);
2962 return 0;
2963}
2964
7f8a436e 2965static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
25cd9ba0 2966 const struct sw_flow_key *key,
798c1661 2967 struct sw_flow_actions **sfa,
05da5898 2968 __be16 eth_type, __be16 vlan_tci, bool log)
e6445719 2969{
0a6410fb 2970 u8 mac_proto = ovs_key_mac_proto(key);
e6445719
PS		 2971 const struct nlattr *a;
2972 int rem, err;
2973
e6445719
PS		 2974 nla_for_each_nested(a, attr, rem) {
2975 /* Expected argument lengths, (u32)-1 for variable length. */
2976 static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = {
2977 [OVS_ACTION_ATTR_OUTPUT] = sizeof(u32),
971427f3 2978 [OVS_ACTION_ATTR_RECIRC] = sizeof(u32),
e6445719 2979 [OVS_ACTION_ATTR_USERSPACE] = (u32)-1,
25cd9ba0
SH		 2980 [OVS_ACTION_ATTR_PUSH_MPLS] = sizeof(struct ovs_action_push_mpls),
2981 [OVS_ACTION_ATTR_POP_MPLS] = sizeof(__be16),
e6445719
PS		 2982 [OVS_ACTION_ATTR_PUSH_VLAN] = sizeof(struct ovs_action_push_vlan),
2983 [OVS_ACTION_ATTR_POP_VLAN] = 0,
2984 [OVS_ACTION_ATTR_SET] = (u32)-1,
83d2b9ba 2985 [OVS_ACTION_ATTR_SET_MASKED] = (u32)-1,
971427f3 2986 [OVS_ACTION_ATTR_SAMPLE] = (u32)-1,
7f8a436e
JS		 2987 [OVS_ACTION_ATTR_HASH] = sizeof(struct ovs_action_hash),
2988 [OVS_ACTION_ATTR_CT] = (u32)-1,
b8226962 2989 [OVS_ACTION_ATTR_CT_CLEAR] = 0,
f2a4d086 2990 [OVS_ACTION_ATTR_TRUNC] = sizeof(struct ovs_action_trunc),
91820da6
JB		 2991 [OVS_ACTION_ATTR_PUSH_ETH] = sizeof(struct ovs_action_push_eth),
2992 [OVS_ACTION_ATTR_POP_ETH] = 0,
b2d0f5d5
YY		 2993 [OVS_ACTION_ATTR_PUSH_NSH] = (u32)-1,
2994 [OVS_ACTION_ATTR_POP_NSH] = 0,
cd8a6c33 2995 [OVS_ACTION_ATTR_METER] = sizeof(u32),
b2335040 2996 [OVS_ACTION_ATTR_CLONE] = (u32)-1,
4d5ec89f 2997 [OVS_ACTION_ATTR_CHECK_PKT_LEN] = (u32)-1,
e6445719
PS		 2998 };
2999 const struct ovs_action_push_vlan *vlan;
3000 int type = nla_type(a);
3001 bool skip_copy;
3002
3003 if (type > OVS_ACTION_ATTR_MAX ||
3004 (action_lens[type] != nla_len(a) &&
3005 action_lens[type] != (u32)-1))
3006 return -EINVAL;
3007
3008 skip_copy = false;
3009 switch (type) {
3010 case OVS_ACTION_ATTR_UNSPEC:
3011 return -EINVAL;
3012
3013 case OVS_ACTION_ATTR_USERSPACE:
3014 err = validate_userspace(a);
3015 if (err)
3016 return err;
3017 break;
3018
3019 case OVS_ACTION_ATTR_OUTPUT:
3020 if (nla_get_u32(a) >= DP_MAX_PORTS)
3021 return -EINVAL;
3022 break;
3023
f2a4d086
WT		 3024 case OVS_ACTION_ATTR_TRUNC: {
3025 const struct ovs_action_trunc *trunc = nla_data(a);
3026
3027 if (trunc->max_len < ETH_HLEN)
3028 return -EINVAL;
3029 break;
3030 }
3031
971427f3
AZ		 3032 case OVS_ACTION_ATTR_HASH: {
3033 const struct ovs_action_hash *act_hash = nla_data(a);
3034
3035 switch (act_hash->hash_alg) {
3036 case OVS_HASH_ALG_L4:
3037 break;
3038 default:
3039 return -EINVAL;
3040 }
3041
3042 break;
3043 }
e6445719
PS		 3044
3045 case OVS_ACTION_ATTR_POP_VLAN:
0a6410fb
JB		 3046 if (mac_proto != MAC_PROTO_ETHERNET)
3047 return -EINVAL;
25cd9ba0 3048 vlan_tci = htons(0);
e6445719
PS		 3049 break;
3050
3051 case OVS_ACTION_ATTR_PUSH_VLAN:
0a6410fb
JB		 3052 if (mac_proto != MAC_PROTO_ETHERNET)
3053 return -EINVAL;
e6445719 3054 vlan = nla_data(a);
018c1dda 3055 if (!eth_type_vlan(vlan->vlan_tpid))
e6445719 3056 return -EINVAL;
9df46aef 3057 if (!(vlan->vlan_tci & htons(VLAN_CFI_MASK)))
e6445719 3058 return -EINVAL;
25cd9ba0 3059 vlan_tci = vlan->vlan_tci;
e6445719
PS		 3060 break;
3061
971427f3
AZ		 3062 case OVS_ACTION_ATTR_RECIRC:
3063 break;
3064
25cd9ba0
SH		 3065 case OVS_ACTION_ATTR_PUSH_MPLS: {
3066 const struct ovs_action_push_mpls *mpls = nla_data(a);
3067
25cd9ba0
SH		 3068 if (!eth_p_mpls(mpls->mpls_ethertype))
3069 return -EINVAL;
3070 /* Prohibit push MPLS other than to a white list
3071 * for packets that have a known tag order.
3072 */
9df46aef 3073 if (vlan_tci & htons(VLAN_CFI_MASK) ||
25cd9ba0
SH		 3074 (eth_type != htons(ETH_P_IP) &&
3075 eth_type != htons(ETH_P_IPV6) &&
3076 eth_type != htons(ETH_P_ARP) &&
3077 eth_type != htons(ETH_P_RARP) &&
3078 !eth_p_mpls(eth_type)))
3079 return -EINVAL;
3080 eth_type = mpls->mpls_ethertype;
3081 break;
3082 }
3083
3084 case OVS_ACTION_ATTR_POP_MPLS:
9df46aef 3085 if (vlan_tci & htons(VLAN_CFI_MASK) ||
25cd9ba0
SH		 3086 !eth_p_mpls(eth_type))
3087 return -EINVAL;
3088
3089 /* Disallow subsequent L2.5+ set and mpls_pop actions
3090 * as there is no check here to ensure that the new
3091 * eth_type is valid and thus set actions could
3092 * write off the end of the packet or otherwise
3093 * corrupt it.
3094 *
3095 * Support for these actions is planned using packet
3096 * recirculation.
3097 */
3098 eth_type = htons(0);
3099 break;
3100
e6445719 3101 case OVS_ACTION_ATTR_SET:
25cd9ba0 3102 err = validate_set(a, key, sfa,
0a6410fb
JB		 3103 &skip_copy, mac_proto, eth_type,
3104 false, log);
83d2b9ba
JR		 3105 if (err)
3106 return err;
3107 break;
3108
3109 case OVS_ACTION_ATTR_SET_MASKED:
3110 err = validate_set(a, key, sfa,
0a6410fb
JB		 3111 &skip_copy, mac_proto, eth_type,
3112 true, log);
e6445719
PS		 3113 if (err)
3114 return err;
3115 break;
3116
798c1661 3117 case OVS_ACTION_ATTR_SAMPLE: {
3118 bool last = nla_is_last(a, rem);
3119
3120 err = validate_and_copy_sample(net, a, key, sfa,
3121 eth_type, vlan_tci,
3122 log, last);
e6445719
PS		 3123 if (err)
3124 return err;
3125 skip_copy = true;
3126 break;
798c1661 3127 }
e6445719 3128
7f8a436e
JS		 3129 case OVS_ACTION_ATTR_CT:
3130 err = ovs_ct_copy_action(net, a, key, sfa, log);
3131 if (err)
3132 return err;
3133 skip_copy = true;
3134 break;
3135
b8226962
EG		 3136 case OVS_ACTION_ATTR_CT_CLEAR:
3137 break;
3138
91820da6
JB		 3139 case OVS_ACTION_ATTR_PUSH_ETH:
3140 /* Disallow pushing an Ethernet header if one
3141 * is already present */
3142 if (mac_proto != MAC_PROTO_NONE)
3143 return -EINVAL;
46ebe283 3144 mac_proto = MAC_PROTO_ETHERNET;
91820da6
JB		 3145 break;
3146
3147 case OVS_ACTION_ATTR_POP_ETH:
3148 if (mac_proto != MAC_PROTO_ETHERNET)
3149 return -EINVAL;
9df46aef 3150 if (vlan_tci & htons(VLAN_CFI_MASK))
91820da6 3151 return -EINVAL;
46ebe283 3152 mac_proto = MAC_PROTO_NONE;
91820da6
JB		 3153 break;
3154
b2d0f5d5
YY		 3155 case OVS_ACTION_ATTR_PUSH_NSH:
3156 if (mac_proto != MAC_PROTO_ETHERNET) {
3157 u8 next_proto;
3158
3159 next_proto = tun_p_from_eth_p(eth_type);
3160 if (!next_proto)
3161 return -EINVAL;
3162 }
3163 mac_proto = MAC_PROTO_NONE;
3164 if (!validate_nsh(nla_data(a), false, true, true))
3165 return -EINVAL;
3166 break;
3167
3168 case OVS_ACTION_ATTR_POP_NSH: {
3169 __be16 inner_proto;
3170
3171 if (eth_type != htons(ETH_P_NSH))
3172 return -EINVAL;
3173 inner_proto = tun_p_to_eth_p(key->nsh.base.np);
3174 if (!inner_proto)
3175 return -EINVAL;
3176 if (key->nsh.base.np == TUN_P_ETHERNET)
3177 mac_proto = MAC_PROTO_ETHERNET;
3178 else
3179 mac_proto = MAC_PROTO_NONE;
3180 break;
3181 }
3182
cd8a6c33
AZ		 3183 case OVS_ACTION_ATTR_METER:
3184 /* Non-existent meters are simply ignored. */
3185 break;
3186
b2335040
YS		 3187 case OVS_ACTION_ATTR_CLONE: {
3188 bool last = nla_is_last(a, rem);
3189
3190 err = validate_and_copy_clone(net, a, key, sfa,
3191 eth_type, vlan_tci,
3192 log, last);
3193 if (err)
3194 return err;
3195 skip_copy = true;
3196 break;
3197 }
3198
4d5ec89f
NS		 3199 case OVS_ACTION_ATTR_CHECK_PKT_LEN: {
3200 bool last = nla_is_last(a, rem);
3201
3202 err = validate_and_copy_check_pkt_len(net, a, key, sfa,
3203 eth_type,
3204 vlan_tci, log,
3205 last);
3206 if (err)
3207 return err;
3208 skip_copy = true;
3209 break;
3210 }
3211
e6445719 3212 default:
05da5898 3213 OVS_NLERR(log, "Unknown Action type %d", type);
e6445719
PS		 3214 return -EINVAL;
3215 }
3216 if (!skip_copy) {
05da5898 3217 err = copy_action(a, sfa, log);
e6445719
PS		 3218 if (err)
3219 return err;
3220 }
3221 }
3222
3223 if (rem > 0)
3224 return -EINVAL;
3225
3226 return 0;
3227}
3228
83d2b9ba 3229/* 'key' must be the masked key. */
7f8a436e 3230int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
25cd9ba0 3231 const struct sw_flow_key *key,
05da5898 3232 struct sw_flow_actions **sfa, bool log)
25cd9ba0 3233{
2fdb957d
PS		 3234 int err;
3235
67c8d22a 3236 *sfa = nla_alloc_flow_actions(min(nla_len(attr), MAX_ACTIONS_BUFSIZE));
2fdb957d
PS		 3237 if (IS_ERR(*sfa))
3238 return PTR_ERR(*sfa);
3239
8e2fed1c 3240 (*sfa)->orig_len = nla_len(attr);
798c1661 3241 err = __ovs_nla_copy_actions(net, attr, key, sfa, key->eth.type,
018c1dda 3242 key->eth.vlan.tci, log);
2fdb957d 3243 if (err)
34ae932a 3244 ovs_nla_free_flow_actions(*sfa);
2fdb957d
PS		 3245
3246 return err;
25cd9ba0
SH		 3247}
3248
798c1661 3249static int sample_action_to_attr(const struct nlattr *attr,
3250 struct sk_buff *skb)
e6445719 3251{
798c1661 3252 struct nlattr *start, *ac_start = NULL, *sample_arg;
3253 int err = 0, rem = nla_len(attr);
3254 const struct sample_arg *arg;
3255 struct nlattr *actions;
e6445719 3256
ae0be8de 3257 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SAMPLE);
e6445719
PS		 3258 if (!start)
3259 return -EMSGSIZE;
3260
798c1661 3261 sample_arg = nla_data(attr);
3262 arg = nla_data(sample_arg);
3263 actions = nla_next(sample_arg, &rem);
e6445719 3264
798c1661 3265 if (nla_put_u32(skb, OVS_SAMPLE_ATTR_PROBABILITY, arg->probability)) {
3266 err = -EMSGSIZE;
3267 goto out;
3268 }
3269
ae0be8de 3270 ac_start = nla_nest_start_noflag(skb, OVS_SAMPLE_ATTR_ACTIONS);
798c1661 3271 if (!ac_start) {
3272 err = -EMSGSIZE;
3273 goto out;
3274 }
3275
3276 err = ovs_nla_put_actions(actions, rem, skb);
3277
3278out:
3279 if (err) {
3280 nla_nest_cancel(skb, ac_start);
3281 nla_nest_cancel(skb, start);
3282 } else {
3283 nla_nest_end(skb, ac_start);
3284 nla_nest_end(skb, start);
e6445719
PS		 3285 }
3286
e6445719
PS		 3287 return err;
3288}
3289
b2335040
YS		 3290static int clone_action_to_attr(const struct nlattr *attr,
3291 struct sk_buff *skb)
3292{
3293 struct nlattr *start;
3294 int err = 0, rem = nla_len(attr);
3295
ae0be8de 3296 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CLONE);
b2335040
YS		 3297 if (!start)
3298 return -EMSGSIZE;
3299
3300 err = ovs_nla_put_actions(nla_data(attr), rem, skb);
3301
3302 if (err)
3303 nla_nest_cancel(skb, start);
3304 else
3305 nla_nest_end(skb, start);
3306
3307 return err;
3308}
3309
4d5ec89f
NS		 3310static int check_pkt_len_action_to_attr(const struct nlattr *attr,
3311 struct sk_buff *skb)
3312{
3313 struct nlattr *start, *ac_start = NULL;
3314 const struct check_pkt_len_arg *arg;
3315 const struct nlattr *a, *cpl_arg;
3316 int err = 0, rem = nla_len(attr);
3317
ae0be8de 3318 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CHECK_PKT_LEN);
4d5ec89f
NS		 3319 if (!start)
3320 return -EMSGSIZE;
3321
3322 /* The first nested attribute in 'attr' is always
3323 * 'OVS_CHECK_PKT_LEN_ATTR_ARG'.
3324 */
3325 cpl_arg = nla_data(attr);
3326 arg = nla_data(cpl_arg);
3327
3328 if (nla_put_u16(skb, OVS_CHECK_PKT_LEN_ATTR_PKT_LEN, arg->pkt_len)) {
3329 err = -EMSGSIZE;
3330 goto out;
3331 }
3332
3333 /* Second nested attribute in 'attr' is always
3334 * 'OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL'.
3335 */
3336 a = nla_next(cpl_arg, &rem);
ae0be8de
MK		 3337 ac_start = nla_nest_start_noflag(skb,
3338 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL);
4d5ec89f
NS		 3339 if (!ac_start) {
3340 err = -EMSGSIZE;
3341 goto out;
3342 }
3343
3344 err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb);
3345 if (err) {
3346 nla_nest_cancel(skb, ac_start);
3347 goto out;
3348 } else {
3349 nla_nest_end(skb, ac_start);
3350 }
3351
3352 /* Third nested attribute in 'attr' is always
3353 * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER.
3354 */
3355 a = nla_next(a, &rem);
ae0be8de
MK		 3356 ac_start = nla_nest_start_noflag(skb,
3357 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER);
4d5ec89f
NS		 3358 if (!ac_start) {
3359 err = -EMSGSIZE;
3360 goto out;
3361 }
3362
3363 err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb);
3364 if (err) {
3365 nla_nest_cancel(skb, ac_start);
3366 goto out;
3367 } else {
3368 nla_nest_end(skb, ac_start);
3369 }
3370
3371 nla_nest_end(skb, start);
3372 return 0;
3373
3374out:
3375 nla_nest_cancel(skb, start);
3376 return err;
3377}
3378
e6445719
PS		 3379static int set_action_to_attr(const struct nlattr *a, struct sk_buff *skb)
3380{
3381 const struct nlattr *ovs_key = nla_data(a);
3382 int key_type = nla_type(ovs_key);
3383 struct nlattr *start;
3384 int err;
3385
3386 switch (key_type) {
f0b128c1 3387 case OVS_KEY_ATTR_TUNNEL_INFO: {
34ae932a
TG		 3388 struct ovs_tunnel_info *ovs_tun = nla_data(ovs_key);
3389 struct ip_tunnel_info *tun_info = &ovs_tun->tun_dst->u.tun_info;
f0b128c1 3390
ae0be8de 3391 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SET);
e6445719
PS		 3392 if (!start)
3393 return -EMSGSIZE;
3394
e905eabc
SH		 3395 err = ip_tun_to_nlattr(skb, &tun_info->key,
3396 ip_tunnel_info_opts(tun_info),
3397 tun_info->options_len,
18b6f717 3398 ip_tunnel_info_af(tun_info), tun_info->mode);
e6445719
PS		 3399 if (err)
3400 return err;
3401 nla_nest_end(skb, start);
3402 break;
f0b128c1 3403 }
e6445719
PS		 3404 default:
3405 if (nla_put(skb, OVS_ACTION_ATTR_SET, nla_len(a), ovs_key))
3406 return -EMSGSIZE;
3407 break;
3408 }
3409
3410 return 0;
3411}
3412
83d2b9ba
JR		 3413static int masked_set_action_to_set_action_attr(const struct nlattr *a,
3414 struct sk_buff *skb)
3415{
3416 const struct nlattr *ovs_key = nla_data(a);
f4f8e738 3417 struct nlattr *nla;
83d2b9ba
JR		 3418 size_t key_len = nla_len(ovs_key) / 2;
3419
3420 /* Revert the conversion we did from a non-masked set action to
3421 * masked set action.
3422 */
ae0be8de 3423 nla = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SET);
f4f8e738 3424 if (!nla)
83d2b9ba
JR		 3425 return -EMSGSIZE;
3426
f4f8e738
JS		 3427 if (nla_put(skb, nla_type(ovs_key), key_len, nla_data(ovs_key)))
3428 return -EMSGSIZE;
3429
3430 nla_nest_end(skb, nla);
83d2b9ba
JR		 3431 return 0;
3432}
3433
e6445719
PS		 3434int ovs_nla_put_actions(const struct nlattr *attr, int len, struct sk_buff *skb)
3435{
3436 const struct nlattr *a;
3437 int rem, err;
3438
3439 nla_for_each_attr(a, attr, len, rem) {
3440 int type = nla_type(a);
3441
3442 switch (type) {
3443 case OVS_ACTION_ATTR_SET:
3444 err = set_action_to_attr(a, skb);
3445 if (err)
3446 return err;
3447 break;
3448
83d2b9ba
JR		 3449 case OVS_ACTION_ATTR_SET_TO_MASKED:
3450 err = masked_set_action_to_set_action_attr(a, skb);
3451 if (err)
3452 return err;
3453 break;
3454
e6445719
PS		 3455 case OVS_ACTION_ATTR_SAMPLE:
3456 err = sample_action_to_attr(a, skb);
3457 if (err)
3458 return err;
3459 break;
7f8a436e
JS		 3460
3461 case OVS_ACTION_ATTR_CT:
3462 err = ovs_ct_action_to_attr(nla_data(a), skb);
3463 if (err)
3464 return err;
3465 break;
3466
b2335040
YS		 3467 case OVS_ACTION_ATTR_CLONE:
3468 err = clone_action_to_attr(a, skb);
3469 if (err)
3470 return err;
3471 break;
3472
4d5ec89f
NS		 3473 case OVS_ACTION_ATTR_CHECK_PKT_LEN:
3474 err = check_pkt_len_action_to_attr(a, skb);
3475 if (err)
3476 return err;
3477 break;
3478
e6445719
PS		 3479 default:
3480 if (nla_put(skb, type, nla_len(a), nla_data(a)))
3481 return -EMSGSIZE;
3482 break;
3483 }
3484 }
3485
3486 return 0;
3487}
Linux 6.x block layer and io_uring tree(s)