Commit | Line | Data |
---|---|---|
e6445719 | 1 | /* |
798c1661 | 2 | * Copyright (c) 2007-2017 Nicira, Inc. |
e6445719 PS |
3 | * |
4 | * This program is free software; you can redistribute it and/or | |
5 | * modify it under the terms of version 2 of the GNU General Public | |
6 | * License as published by the Free Software Foundation. | |
7 | * | |
8 | * This program is distributed in the hope that it will be useful, but | |
9 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
11 | * General Public License for more details. | |
12 | * | |
13 | * You should have received a copy of the GNU General Public License | |
14 | * along with this program; if not, write to the Free Software | |
15 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
16 | * 02110-1301, USA | |
17 | */ | |
18 | ||
2235ad1c JP |
19 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
20 | ||
e6445719 PS |
21 | #include "flow.h" |
22 | #include "datapath.h" | |
23 | #include <linux/uaccess.h> | |
24 | #include <linux/netdevice.h> | |
25 | #include <linux/etherdevice.h> | |
26 | #include <linux/if_ether.h> | |
27 | #include <linux/if_vlan.h> | |
28 | #include <net/llc_pdu.h> | |
29 | #include <linux/kernel.h> | |
30 | #include <linux/jhash.h> | |
31 | #include <linux/jiffies.h> | |
32 | #include <linux/llc.h> | |
33 | #include <linux/module.h> | |
34 | #include <linux/in.h> | |
35 | #include <linux/rcupdate.h> | |
36 | #include <linux/if_arp.h> | |
37 | #include <linux/ip.h> | |
38 | #include <linux/ipv6.h> | |
39 | #include <linux/sctp.h> | |
40 | #include <linux/tcp.h> | |
41 | #include <linux/udp.h> | |
42 | #include <linux/icmp.h> | |
43 | #include <linux/icmpv6.h> | |
44 | #include <linux/rculist.h> | |
f5796684 | 45 | #include <net/geneve.h> |
e6445719 PS |
46 | #include <net/ip.h> |
47 | #include <net/ipv6.h> | |
48 | #include <net/ndisc.h> | |
25cd9ba0 | 49 | #include <net/mpls.h> |
614732ea | 50 | #include <net/vxlan.h> |
b2d0f5d5 | 51 | #include <net/tun_proto.h> |
fc1372f8 | 52 | #include <net/erspan.h> |
e6445719 PS |
53 | |
54 | #include "flow_netlink.h" | |
55 | ||
81bfe3c3 TG |
56 | struct ovs_len_tbl { |
57 | int len; | |
58 | const struct ovs_len_tbl *next; | |
59 | }; | |
60 | ||
61 | #define OVS_ATTR_NESTED -1 | |
982b5270 | 62 | #define OVS_ATTR_VARIABLE -2 |
81bfe3c3 | 63 | |
798c1661 | 64 | static bool actions_may_change_flow(const struct nlattr *actions) |
65 | { | |
66 | struct nlattr *nla; | |
67 | int rem; | |
68 | ||
69 | nla_for_each_nested(nla, actions, rem) { | |
70 | u16 action = nla_type(nla); | |
71 | ||
72 | switch (action) { | |
73 | case OVS_ACTION_ATTR_OUTPUT: | |
74 | case OVS_ACTION_ATTR_RECIRC: | |
75 | case OVS_ACTION_ATTR_TRUNC: | |
76 | case OVS_ACTION_ATTR_USERSPACE: | |
77 | break; | |
78 | ||
79 | case OVS_ACTION_ATTR_CT: | |
b8226962 | 80 | case OVS_ACTION_ATTR_CT_CLEAR: |
798c1661 | 81 | case OVS_ACTION_ATTR_HASH: |
82 | case OVS_ACTION_ATTR_POP_ETH: | |
83 | case OVS_ACTION_ATTR_POP_MPLS: | |
b2d0f5d5 | 84 | case OVS_ACTION_ATTR_POP_NSH: |
798c1661 | 85 | case OVS_ACTION_ATTR_POP_VLAN: |
86 | case OVS_ACTION_ATTR_PUSH_ETH: | |
87 | case OVS_ACTION_ATTR_PUSH_MPLS: | |
b2d0f5d5 | 88 | case OVS_ACTION_ATTR_PUSH_NSH: |
798c1661 | 89 | case OVS_ACTION_ATTR_PUSH_VLAN: |
90 | case OVS_ACTION_ATTR_SAMPLE: | |
91 | case OVS_ACTION_ATTR_SET: | |
92 | case OVS_ACTION_ATTR_SET_MASKED: | |
cd8a6c33 | 93 | case OVS_ACTION_ATTR_METER: |
4d5ec89f | 94 | case OVS_ACTION_ATTR_CHECK_PKT_LEN: |
798c1661 | 95 | default: |
96 | return true; | |
97 | } | |
98 | } | |
99 | return false; | |
100 | } | |
101 | ||
a85311bf PS |
102 | static void update_range(struct sw_flow_match *match, |
103 | size_t offset, size_t size, bool is_mask) | |
e6445719 | 104 | { |
a85311bf | 105 | struct sw_flow_key_range *range; |
e6445719 PS |
106 | size_t start = rounddown(offset, sizeof(long)); |
107 | size_t end = roundup(offset + size, sizeof(long)); | |
108 | ||
109 | if (!is_mask) | |
110 | range = &match->range; | |
a85311bf | 111 | else |
e6445719 PS |
112 | range = &match->mask->range; |
113 | ||
e6445719 PS |
114 | if (range->start == range->end) { |
115 | range->start = start; | |
116 | range->end = end; | |
117 | return; | |
118 | } | |
119 | ||
120 | if (range->start > start) | |
121 | range->start = start; | |
122 | ||
123 | if (range->end < end) | |
124 | range->end = end; | |
125 | } | |
126 | ||
127 | #define SW_FLOW_KEY_PUT(match, field, value, is_mask) \ | |
128 | do { \ | |
a85311bf PS |
129 | update_range(match, offsetof(struct sw_flow_key, field), \ |
130 | sizeof((match)->key->field), is_mask); \ | |
131 | if (is_mask) \ | |
132 | (match)->mask->key.field = value; \ | |
133 | else \ | |
e6445719 | 134 | (match)->key->field = value; \ |
e6445719 PS |
135 | } while (0) |
136 | ||
f5796684 JG |
137 | #define SW_FLOW_KEY_MEMCPY_OFFSET(match, offset, value_p, len, is_mask) \ |
138 | do { \ | |
a85311bf | 139 | update_range(match, offset, len, is_mask); \ |
f5796684 JG |
140 | if (is_mask) \ |
141 | memcpy((u8 *)&(match)->mask->key + offset, value_p, \ | |
a85311bf | 142 | len); \ |
f5796684 JG |
143 | else \ |
144 | memcpy((u8 *)(match)->key + offset, value_p, len); \ | |
e6445719 PS |
145 | } while (0) |
146 | ||
f5796684 JG |
147 | #define SW_FLOW_KEY_MEMCPY(match, field, value_p, len, is_mask) \ |
148 | SW_FLOW_KEY_MEMCPY_OFFSET(match, offsetof(struct sw_flow_key, field), \ | |
149 | value_p, len, is_mask) | |
150 | ||
a85311bf PS |
151 | #define SW_FLOW_KEY_MEMSET_FIELD(match, field, value, is_mask) \ |
152 | do { \ | |
153 | update_range(match, offsetof(struct sw_flow_key, field), \ | |
154 | sizeof((match)->key->field), is_mask); \ | |
155 | if (is_mask) \ | |
156 | memset((u8 *)&(match)->mask->key.field, value, \ | |
157 | sizeof((match)->mask->key.field)); \ | |
158 | else \ | |
f47de068 PS |
159 | memset((u8 *)&(match)->key->field, value, \ |
160 | sizeof((match)->key->field)); \ | |
f47de068 | 161 | } while (0) |
e6445719 PS |
162 | |
163 | static bool match_validate(const struct sw_flow_match *match, | |
05da5898 | 164 | u64 key_attrs, u64 mask_attrs, bool log) |
e6445719 | 165 | { |
0a6410fb | 166 | u64 key_expected = 0; |
e6445719 PS |
167 | u64 mask_allowed = key_attrs; /* At most allow all key attributes */ |
168 | ||
169 | /* The following mask attributes allowed only if they | |
170 | * pass the validation tests. */ | |
171 | mask_allowed &= ~((1 << OVS_KEY_ATTR_IPV4) | |
9dd7f890 | 172 | | (1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4) |
e6445719 | 173 | | (1 << OVS_KEY_ATTR_IPV6) |
9dd7f890 | 174 | | (1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6) |
e6445719 | 175 | | (1 << OVS_KEY_ATTR_TCP) |
5eb26b15 | 176 | | (1 << OVS_KEY_ATTR_TCP_FLAGS) |
e6445719 PS |
177 | | (1 << OVS_KEY_ATTR_UDP) |
178 | | (1 << OVS_KEY_ATTR_SCTP) | |
179 | | (1 << OVS_KEY_ATTR_ICMP) | |
180 | | (1 << OVS_KEY_ATTR_ICMPV6) | |
181 | | (1 << OVS_KEY_ATTR_ARP) | |
25cd9ba0 | 182 | | (1 << OVS_KEY_ATTR_ND) |
b2d0f5d5 YY |
183 | | (1 << OVS_KEY_ATTR_MPLS) |
184 | | (1 << OVS_KEY_ATTR_NSH)); | |
e6445719 PS |
185 | |
186 | /* Always allowed mask fields. */ | |
187 | mask_allowed |= ((1 << OVS_KEY_ATTR_TUNNEL) | |
188 | | (1 << OVS_KEY_ATTR_IN_PORT) | |
189 | | (1 << OVS_KEY_ATTR_ETHERTYPE)); | |
190 | ||
191 | /* Check key attributes. */ | |
192 | if (match->key->eth.type == htons(ETH_P_ARP) | |
193 | || match->key->eth.type == htons(ETH_P_RARP)) { | |
194 | key_expected |= 1 << OVS_KEY_ATTR_ARP; | |
f2a01517 | 195 | if (match->mask && (match->mask->key.eth.type == htons(0xffff))) |
e6445719 PS |
196 | mask_allowed |= 1 << OVS_KEY_ATTR_ARP; |
197 | } | |
198 | ||
25cd9ba0 SH |
199 | if (eth_p_mpls(match->key->eth.type)) { |
200 | key_expected |= 1 << OVS_KEY_ATTR_MPLS; | |
201 | if (match->mask && (match->mask->key.eth.type == htons(0xffff))) | |
202 | mask_allowed |= 1 << OVS_KEY_ATTR_MPLS; | |
203 | } | |
204 | ||
e6445719 PS |
205 | if (match->key->eth.type == htons(ETH_P_IP)) { |
206 | key_expected |= 1 << OVS_KEY_ATTR_IPV4; | |
9dd7f890 | 207 | if (match->mask && match->mask->key.eth.type == htons(0xffff)) { |
e6445719 | 208 | mask_allowed |= 1 << OVS_KEY_ATTR_IPV4; |
9dd7f890 JR |
209 | mask_allowed |= 1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4; |
210 | } | |
e6445719 PS |
211 | |
212 | if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) { | |
213 | if (match->key->ip.proto == IPPROTO_UDP) { | |
214 | key_expected |= 1 << OVS_KEY_ATTR_UDP; | |
215 | if (match->mask && (match->mask->key.ip.proto == 0xff)) | |
216 | mask_allowed |= 1 << OVS_KEY_ATTR_UDP; | |
217 | } | |
218 | ||
219 | if (match->key->ip.proto == IPPROTO_SCTP) { | |
220 | key_expected |= 1 << OVS_KEY_ATTR_SCTP; | |
221 | if (match->mask && (match->mask->key.ip.proto == 0xff)) | |
222 | mask_allowed |= 1 << OVS_KEY_ATTR_SCTP; | |
223 | } | |
224 | ||
225 | if (match->key->ip.proto == IPPROTO_TCP) { | |
226 | key_expected |= 1 << OVS_KEY_ATTR_TCP; | |
5eb26b15 JR |
227 | key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS; |
228 | if (match->mask && (match->mask->key.ip.proto == 0xff)) { | |
e6445719 | 229 | mask_allowed |= 1 << OVS_KEY_ATTR_TCP; |
5eb26b15 JR |
230 | mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS; |
231 | } | |
e6445719 PS |
232 | } |
233 | ||
234 | if (match->key->ip.proto == IPPROTO_ICMP) { | |
235 | key_expected |= 1 << OVS_KEY_ATTR_ICMP; | |
236 | if (match->mask && (match->mask->key.ip.proto == 0xff)) | |
237 | mask_allowed |= 1 << OVS_KEY_ATTR_ICMP; | |
238 | } | |
239 | } | |
240 | } | |
241 | ||
242 | if (match->key->eth.type == htons(ETH_P_IPV6)) { | |
243 | key_expected |= 1 << OVS_KEY_ATTR_IPV6; | |
9dd7f890 | 244 | if (match->mask && match->mask->key.eth.type == htons(0xffff)) { |
e6445719 | 245 | mask_allowed |= 1 << OVS_KEY_ATTR_IPV6; |
9dd7f890 JR |
246 | mask_allowed |= 1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6; |
247 | } | |
e6445719 PS |
248 | |
249 | if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) { | |
250 | if (match->key->ip.proto == IPPROTO_UDP) { | |
251 | key_expected |= 1 << OVS_KEY_ATTR_UDP; | |
252 | if (match->mask && (match->mask->key.ip.proto == 0xff)) | |
253 | mask_allowed |= 1 << OVS_KEY_ATTR_UDP; | |
254 | } | |
255 | ||
256 | if (match->key->ip.proto == IPPROTO_SCTP) { | |
257 | key_expected |= 1 << OVS_KEY_ATTR_SCTP; | |
258 | if (match->mask && (match->mask->key.ip.proto == 0xff)) | |
259 | mask_allowed |= 1 << OVS_KEY_ATTR_SCTP; | |
260 | } | |
261 | ||
262 | if (match->key->ip.proto == IPPROTO_TCP) { | |
263 | key_expected |= 1 << OVS_KEY_ATTR_TCP; | |
5eb26b15 JR |
264 | key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS; |
265 | if (match->mask && (match->mask->key.ip.proto == 0xff)) { | |
e6445719 | 266 | mask_allowed |= 1 << OVS_KEY_ATTR_TCP; |
5eb26b15 JR |
267 | mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS; |
268 | } | |
e6445719 PS |
269 | } |
270 | ||
271 | if (match->key->ip.proto == IPPROTO_ICMPV6) { | |
272 | key_expected |= 1 << OVS_KEY_ATTR_ICMPV6; | |
273 | if (match->mask && (match->mask->key.ip.proto == 0xff)) | |
274 | mask_allowed |= 1 << OVS_KEY_ATTR_ICMPV6; | |
275 | ||
1139e241 | 276 | if (match->key->tp.src == |
e6445719 | 277 | htons(NDISC_NEIGHBOUR_SOLICITATION) || |
1139e241 | 278 | match->key->tp.src == htons(NDISC_NEIGHBOUR_ADVERTISEMENT)) { |
e6445719 | 279 | key_expected |= 1 << OVS_KEY_ATTR_ND; |
9dd7f890 JR |
280 | /* Original direction conntrack tuple |
281 | * uses the same space as the ND fields | |
282 | * in the key, so both are not allowed | |
283 | * at the same time. | |
284 | */ | |
285 | mask_allowed &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6); | |
f2a01517 | 286 | if (match->mask && (match->mask->key.tp.src == htons(0xff))) |
e6445719 PS |
287 | mask_allowed |= 1 << OVS_KEY_ATTR_ND; |
288 | } | |
289 | } | |
290 | } | |
291 | } | |
292 | ||
b2d0f5d5 YY |
293 | if (match->key->eth.type == htons(ETH_P_NSH)) { |
294 | key_expected |= 1 << OVS_KEY_ATTR_NSH; | |
295 | if (match->mask && | |
296 | match->mask->key.eth.type == htons(0xffff)) { | |
297 | mask_allowed |= 1 << OVS_KEY_ATTR_NSH; | |
298 | } | |
299 | } | |
300 | ||
e6445719 PS |
301 | if ((key_attrs & key_expected) != key_expected) { |
302 | /* Key attributes check failed. */ | |
05da5898 JR |
303 | OVS_NLERR(log, "Missing key (keys=%llx, expected=%llx)", |
304 | (unsigned long long)key_attrs, | |
305 | (unsigned long long)key_expected); | |
e6445719 PS |
306 | return false; |
307 | } | |
308 | ||
309 | if ((mask_attrs & mask_allowed) != mask_attrs) { | |
310 | /* Mask attributes check failed. */ | |
05da5898 JR |
311 | OVS_NLERR(log, "Unexpected mask (mask=%llx, allowed=%llx)", |
312 | (unsigned long long)mask_attrs, | |
313 | (unsigned long long)mask_allowed); | |
e6445719 PS |
314 | return false; |
315 | } | |
316 | ||
317 | return true; | |
318 | } | |
319 | ||
8f0aad6f WZ |
320 | size_t ovs_tun_key_attr_size(void) |
321 | { | |
322 | /* Whenever adding new OVS_TUNNEL_KEY_ FIELDS, we should consider | |
323 | * updating this function. | |
324 | */ | |
b46f6ded | 325 | return nla_total_size_64bit(8) /* OVS_TUNNEL_KEY_ATTR_ID */ |
6b26ba3a JB |
326 | + nla_total_size(16) /* OVS_TUNNEL_KEY_ATTR_IPV[46]_SRC */ |
327 | + nla_total_size(16) /* OVS_TUNNEL_KEY_ATTR_IPV[46]_DST */ | |
8f0aad6f WZ |
328 | + nla_total_size(1) /* OVS_TUNNEL_KEY_ATTR_TOS */ |
329 | + nla_total_size(1) /* OVS_TUNNEL_KEY_ATTR_TTL */ | |
330 | + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT */ | |
331 | + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_CSUM */ | |
332 | + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_OAM */ | |
333 | + nla_total_size(256) /* OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS */ | |
fc1372f8 WT |
334 | /* OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS and |
335 | * OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS is mutually exclusive with | |
1dd144cf TG |
336 | * OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS and covered by it. |
337 | */ | |
8f0aad6f | 338 | + nla_total_size(2) /* OVS_TUNNEL_KEY_ATTR_TP_SRC */ |
95a33208 | 339 | + nla_total_size(2); /* OVS_TUNNEL_KEY_ATTR_TP_DST */ |
8f0aad6f WZ |
340 | } |
341 | ||
06c2351f | 342 | static size_t ovs_nsh_key_attr_size(void) |
b2d0f5d5 YY |
343 | { |
344 | /* Whenever adding new OVS_NSH_KEY_ FIELDS, we should consider | |
345 | * updating this function. | |
346 | */ | |
347 | return nla_total_size(NSH_BASE_HDR_LEN) /* OVS_NSH_KEY_ATTR_BASE */ | |
348 | /* OVS_NSH_KEY_ATTR_MD1 and OVS_NSH_KEY_ATTR_MD2 are | |
349 | * mutually exclusive, so the bigger one can cover | |
350 | * the small one. | |
351 | */ | |
352 | + nla_total_size(NSH_CTX_HDRS_MAX_LEN); | |
353 | } | |
354 | ||
41af73e9 JS |
355 | size_t ovs_key_attr_size(void) |
356 | { | |
357 | /* Whenever adding new OVS_KEY_ FIELDS, we should consider | |
358 | * updating this function. | |
359 | */ | |
b2d0f5d5 | 360 | BUILD_BUG_ON(OVS_KEY_ATTR_TUNNEL_INFO != 29); |
41af73e9 JS |
361 | |
362 | return nla_total_size(4) /* OVS_KEY_ATTR_PRIORITY */ | |
363 | + nla_total_size(0) /* OVS_KEY_ATTR_TUNNEL */ | |
8f0aad6f | 364 | + ovs_tun_key_attr_size() |
41af73e9 JS |
365 | + nla_total_size(4) /* OVS_KEY_ATTR_IN_PORT */ |
366 | + nla_total_size(4) /* OVS_KEY_ATTR_SKB_MARK */ | |
367 | + nla_total_size(4) /* OVS_KEY_ATTR_DP_HASH */ | |
368 | + nla_total_size(4) /* OVS_KEY_ATTR_RECIRC_ID */ | |
fbccce59 | 369 | + nla_total_size(4) /* OVS_KEY_ATTR_CT_STATE */ |
7f8a436e | 370 | + nla_total_size(2) /* OVS_KEY_ATTR_CT_ZONE */ |
182e3042 | 371 | + nla_total_size(4) /* OVS_KEY_ATTR_CT_MARK */ |
33db4125 | 372 | + nla_total_size(16) /* OVS_KEY_ATTR_CT_LABELS */ |
9dd7f890 | 373 | + nla_total_size(40) /* OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6 */ |
b2d0f5d5 YY |
374 | + nla_total_size(0) /* OVS_KEY_ATTR_NSH */ |
375 | + ovs_nsh_key_attr_size() | |
41af73e9 JS |
376 | + nla_total_size(12) /* OVS_KEY_ATTR_ETHERNET */ |
377 | + nla_total_size(2) /* OVS_KEY_ATTR_ETHERTYPE */ | |
378 | + nla_total_size(4) /* OVS_KEY_ATTR_VLAN */ | |
379 | + nla_total_size(0) /* OVS_KEY_ATTR_ENCAP */ | |
380 | + nla_total_size(2) /* OVS_KEY_ATTR_ETHERTYPE */ | |
381 | + nla_total_size(40) /* OVS_KEY_ATTR_IPV6 */ | |
382 | + nla_total_size(2) /* OVS_KEY_ATTR_ICMPV6 */ | |
383 | + nla_total_size(28); /* OVS_KEY_ATTR_ND */ | |
384 | } | |
385 | ||
982b5270 JG |
386 | static const struct ovs_len_tbl ovs_vxlan_ext_key_lens[OVS_VXLAN_EXT_MAX + 1] = { |
387 | [OVS_VXLAN_EXT_GBP] = { .len = sizeof(u32) }, | |
388 | }; | |
389 | ||
81bfe3c3 TG |
390 | static const struct ovs_len_tbl ovs_tunnel_key_lens[OVS_TUNNEL_KEY_ATTR_MAX + 1] = { |
391 | [OVS_TUNNEL_KEY_ATTR_ID] = { .len = sizeof(u64) }, | |
392 | [OVS_TUNNEL_KEY_ATTR_IPV4_SRC] = { .len = sizeof(u32) }, | |
393 | [OVS_TUNNEL_KEY_ATTR_IPV4_DST] = { .len = sizeof(u32) }, | |
394 | [OVS_TUNNEL_KEY_ATTR_TOS] = { .len = 1 }, | |
395 | [OVS_TUNNEL_KEY_ATTR_TTL] = { .len = 1 }, | |
396 | [OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT] = { .len = 0 }, | |
397 | [OVS_TUNNEL_KEY_ATTR_CSUM] = { .len = 0 }, | |
398 | [OVS_TUNNEL_KEY_ATTR_TP_SRC] = { .len = sizeof(u16) }, | |
399 | [OVS_TUNNEL_KEY_ATTR_TP_DST] = { .len = sizeof(u16) }, | |
400 | [OVS_TUNNEL_KEY_ATTR_OAM] = { .len = 0 }, | |
982b5270 JG |
401 | [OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS] = { .len = OVS_ATTR_VARIABLE }, |
402 | [OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS] = { .len = OVS_ATTR_NESTED, | |
403 | .next = ovs_vxlan_ext_key_lens }, | |
6b26ba3a JB |
404 | [OVS_TUNNEL_KEY_ATTR_IPV6_SRC] = { .len = sizeof(struct in6_addr) }, |
405 | [OVS_TUNNEL_KEY_ATTR_IPV6_DST] = { .len = sizeof(struct in6_addr) }, | |
fc1372f8 | 406 | [OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS] = { .len = OVS_ATTR_VARIABLE }, |
18b6f717 | 407 | [OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE] = { .len = 0 }, |
81bfe3c3 TG |
408 | }; |
409 | ||
b2d0f5d5 YY |
410 | static const struct ovs_len_tbl |
411 | ovs_nsh_key_attr_lens[OVS_NSH_KEY_ATTR_MAX + 1] = { | |
412 | [OVS_NSH_KEY_ATTR_BASE] = { .len = sizeof(struct ovs_nsh_key_base) }, | |
413 | [OVS_NSH_KEY_ATTR_MD1] = { .len = sizeof(struct ovs_nsh_key_md1) }, | |
414 | [OVS_NSH_KEY_ATTR_MD2] = { .len = OVS_ATTR_VARIABLE }, | |
415 | }; | |
416 | ||
e6445719 | 417 | /* The size of the argument for each %OVS_KEY_ATTR_* Netlink attribute. */ |
81bfe3c3 TG |
418 | static const struct ovs_len_tbl ovs_key_lens[OVS_KEY_ATTR_MAX + 1] = { |
419 | [OVS_KEY_ATTR_ENCAP] = { .len = OVS_ATTR_NESTED }, | |
420 | [OVS_KEY_ATTR_PRIORITY] = { .len = sizeof(u32) }, | |
421 | [OVS_KEY_ATTR_IN_PORT] = { .len = sizeof(u32) }, | |
422 | [OVS_KEY_ATTR_SKB_MARK] = { .len = sizeof(u32) }, | |
423 | [OVS_KEY_ATTR_ETHERNET] = { .len = sizeof(struct ovs_key_ethernet) }, | |
424 | [OVS_KEY_ATTR_VLAN] = { .len = sizeof(__be16) }, | |
425 | [OVS_KEY_ATTR_ETHERTYPE] = { .len = sizeof(__be16) }, | |
426 | [OVS_KEY_ATTR_IPV4] = { .len = sizeof(struct ovs_key_ipv4) }, | |
427 | [OVS_KEY_ATTR_IPV6] = { .len = sizeof(struct ovs_key_ipv6) }, | |
428 | [OVS_KEY_ATTR_TCP] = { .len = sizeof(struct ovs_key_tcp) }, | |
429 | [OVS_KEY_ATTR_TCP_FLAGS] = { .len = sizeof(__be16) }, | |
430 | [OVS_KEY_ATTR_UDP] = { .len = sizeof(struct ovs_key_udp) }, | |
431 | [OVS_KEY_ATTR_SCTP] = { .len = sizeof(struct ovs_key_sctp) }, | |
432 | [OVS_KEY_ATTR_ICMP] = { .len = sizeof(struct ovs_key_icmp) }, | |
433 | [OVS_KEY_ATTR_ICMPV6] = { .len = sizeof(struct ovs_key_icmpv6) }, | |
434 | [OVS_KEY_ATTR_ARP] = { .len = sizeof(struct ovs_key_arp) }, | |
435 | [OVS_KEY_ATTR_ND] = { .len = sizeof(struct ovs_key_nd) }, | |
436 | [OVS_KEY_ATTR_RECIRC_ID] = { .len = sizeof(u32) }, | |
437 | [OVS_KEY_ATTR_DP_HASH] = { .len = sizeof(u32) }, | |
438 | [OVS_KEY_ATTR_TUNNEL] = { .len = OVS_ATTR_NESTED, | |
439 | .next = ovs_tunnel_key_lens, }, | |
440 | [OVS_KEY_ATTR_MPLS] = { .len = sizeof(struct ovs_key_mpls) }, | |
fbccce59 | 441 | [OVS_KEY_ATTR_CT_STATE] = { .len = sizeof(u32) }, |
7f8a436e | 442 | [OVS_KEY_ATTR_CT_ZONE] = { .len = sizeof(u16) }, |
182e3042 | 443 | [OVS_KEY_ATTR_CT_MARK] = { .len = sizeof(u32) }, |
33db4125 | 444 | [OVS_KEY_ATTR_CT_LABELS] = { .len = sizeof(struct ovs_key_ct_labels) }, |
9dd7f890 JR |
445 | [OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4] = { |
446 | .len = sizeof(struct ovs_key_ct_tuple_ipv4) }, | |
447 | [OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6] = { | |
448 | .len = sizeof(struct ovs_key_ct_tuple_ipv6) }, | |
b2d0f5d5 YY |
449 | [OVS_KEY_ATTR_NSH] = { .len = OVS_ATTR_NESTED, |
450 | .next = ovs_nsh_key_attr_lens, }, | |
e6445719 PS |
451 | }; |
452 | ||
982b5270 JG |
453 | static bool check_attr_len(unsigned int attr_len, unsigned int expected_len) |
454 | { | |
455 | return expected_len == attr_len || | |
456 | expected_len == OVS_ATTR_NESTED || | |
457 | expected_len == OVS_ATTR_VARIABLE; | |
458 | } | |
459 | ||
e6445719 PS |
460 | static bool is_all_zero(const u8 *fp, size_t size) |
461 | { | |
462 | int i; | |
463 | ||
464 | if (!fp) | |
465 | return false; | |
466 | ||
467 | for (i = 0; i < size; i++) | |
468 | if (fp[i]) | |
469 | return false; | |
470 | ||
471 | return true; | |
472 | } | |
473 | ||
474 | static int __parse_flow_nlattrs(const struct nlattr *attr, | |
475 | const struct nlattr *a[], | |
05da5898 | 476 | u64 *attrsp, bool log, bool nz) |
e6445719 PS |
477 | { |
478 | const struct nlattr *nla; | |
479 | u64 attrs; | |
480 | int rem; | |
481 | ||
482 | attrs = *attrsp; | |
483 | nla_for_each_nested(nla, attr, rem) { | |
484 | u16 type = nla_type(nla); | |
485 | int expected_len; | |
486 | ||
487 | if (type > OVS_KEY_ATTR_MAX) { | |
05da5898 | 488 | OVS_NLERR(log, "Key type %d is out of range max %d", |
e6445719 PS |
489 | type, OVS_KEY_ATTR_MAX); |
490 | return -EINVAL; | |
491 | } | |
492 | ||
493 | if (attrs & (1 << type)) { | |
05da5898 | 494 | OVS_NLERR(log, "Duplicate key (type %d).", type); |
e6445719 PS |
495 | return -EINVAL; |
496 | } | |
497 | ||
81bfe3c3 | 498 | expected_len = ovs_key_lens[type].len; |
982b5270 | 499 | if (!check_attr_len(nla_len(nla), expected_len)) { |
05da5898 JR |
500 | OVS_NLERR(log, "Key %d has unexpected len %d expected %d", |
501 | type, nla_len(nla), expected_len); | |
e6445719 PS |
502 | return -EINVAL; |
503 | } | |
504 | ||
04a4af33 | 505 | if (!nz || !is_all_zero(nla_data(nla), nla_len(nla))) { |
e6445719 PS |
506 | attrs |= 1 << type; |
507 | a[type] = nla; | |
508 | } | |
509 | } | |
510 | if (rem) { | |
05da5898 | 511 | OVS_NLERR(log, "Message has %d unknown bytes.", rem); |
e6445719 PS |
512 | return -EINVAL; |
513 | } | |
514 | ||
515 | *attrsp = attrs; | |
516 | return 0; | |
517 | } | |
518 | ||
519 | static int parse_flow_mask_nlattrs(const struct nlattr *attr, | |
05da5898 JR |
520 | const struct nlattr *a[], u64 *attrsp, |
521 | bool log) | |
e6445719 | 522 | { |
05da5898 | 523 | return __parse_flow_nlattrs(attr, a, attrsp, log, true); |
e6445719 PS |
524 | } |
525 | ||
9dd7f890 JR |
526 | int parse_flow_nlattrs(const struct nlattr *attr, const struct nlattr *a[], |
527 | u64 *attrsp, bool log) | |
e6445719 | 528 | { |
05da5898 JR |
529 | return __parse_flow_nlattrs(attr, a, attrsp, log, false); |
530 | } | |
531 | ||
532 | static int genev_tun_opt_from_nlattr(const struct nlattr *a, | |
533 | struct sw_flow_match *match, bool is_mask, | |
534 | bool log) | |
535 | { | |
536 | unsigned long opt_key_offset; | |
537 | ||
538 | if (nla_len(a) > sizeof(match->key->tun_opts)) { | |
539 | OVS_NLERR(log, "Geneve option length err (len %d, max %zu).", | |
540 | nla_len(a), sizeof(match->key->tun_opts)); | |
541 | return -EINVAL; | |
542 | } | |
543 | ||
544 | if (nla_len(a) % 4 != 0) { | |
545 | OVS_NLERR(log, "Geneve opt len %d is not a multiple of 4.", | |
546 | nla_len(a)); | |
547 | return -EINVAL; | |
548 | } | |
549 | ||
550 | /* We need to record the length of the options passed | |
551 | * down, otherwise packets with the same format but | |
552 | * additional options will be silently matched. | |
553 | */ | |
554 | if (!is_mask) { | |
555 | SW_FLOW_KEY_PUT(match, tun_opts_len, nla_len(a), | |
556 | false); | |
557 | } else { | |
558 | /* This is somewhat unusual because it looks at | |
559 | * both the key and mask while parsing the | |
560 | * attributes (and by extension assumes the key | |
561 | * is parsed first). Normally, we would verify | |
562 | * that each is the correct length and that the | |
563 | * attributes line up in the validate function. | |
564 | * However, that is difficult because this is | |
565 | * variable length and we won't have the | |
566 | * information later. | |
567 | */ | |
568 | if (match->key->tun_opts_len != nla_len(a)) { | |
569 | OVS_NLERR(log, "Geneve option len %d != mask len %d", | |
570 | match->key->tun_opts_len, nla_len(a)); | |
571 | return -EINVAL; | |
572 | } | |
573 | ||
574 | SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true); | |
575 | } | |
576 | ||
d91641d9 | 577 | opt_key_offset = TUN_METADATA_OFFSET(nla_len(a)); |
05da5898 JR |
578 | SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, nla_data(a), |
579 | nla_len(a), is_mask); | |
580 | return 0; | |
e6445719 PS |
581 | } |
582 | ||
982b5270 | 583 | static int vxlan_tun_opt_from_nlattr(const struct nlattr *attr, |
1dd144cf TG |
584 | struct sw_flow_match *match, bool is_mask, |
585 | bool log) | |
586 | { | |
982b5270 JG |
587 | struct nlattr *a; |
588 | int rem; | |
1dd144cf | 589 | unsigned long opt_key_offset; |
614732ea | 590 | struct vxlan_metadata opts; |
1dd144cf TG |
591 | |
592 | BUILD_BUG_ON(sizeof(opts) > sizeof(match->key->tun_opts)); | |
593 | ||
1dd144cf | 594 | memset(&opts, 0, sizeof(opts)); |
982b5270 JG |
595 | nla_for_each_nested(a, attr, rem) { |
596 | int type = nla_type(a); | |
1dd144cf | 597 | |
982b5270 JG |
598 | if (type > OVS_VXLAN_EXT_MAX) { |
599 | OVS_NLERR(log, "VXLAN extension %d out of range max %d", | |
600 | type, OVS_VXLAN_EXT_MAX); | |
601 | return -EINVAL; | |
602 | } | |
603 | ||
604 | if (!check_attr_len(nla_len(a), | |
605 | ovs_vxlan_ext_key_lens[type].len)) { | |
606 | OVS_NLERR(log, "VXLAN extension %d has unexpected len %d expected %d", | |
607 | type, nla_len(a), | |
608 | ovs_vxlan_ext_key_lens[type].len); | |
609 | return -EINVAL; | |
610 | } | |
611 | ||
612 | switch (type) { | |
613 | case OVS_VXLAN_EXT_GBP: | |
614 | opts.gbp = nla_get_u32(a); | |
615 | break; | |
616 | default: | |
617 | OVS_NLERR(log, "Unknown VXLAN extension attribute %d", | |
618 | type); | |
619 | return -EINVAL; | |
620 | } | |
621 | } | |
622 | if (rem) { | |
623 | OVS_NLERR(log, "VXLAN extension message has %d unknown bytes.", | |
624 | rem); | |
625 | return -EINVAL; | |
626 | } | |
1dd144cf TG |
627 | |
628 | if (!is_mask) | |
629 | SW_FLOW_KEY_PUT(match, tun_opts_len, sizeof(opts), false); | |
630 | else | |
631 | SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true); | |
632 | ||
633 | opt_key_offset = TUN_METADATA_OFFSET(sizeof(opts)); | |
634 | SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, &opts, sizeof(opts), | |
635 | is_mask); | |
636 | return 0; | |
637 | } | |
638 | ||
fc1372f8 WT |
639 | static int erspan_tun_opt_from_nlattr(const struct nlattr *a, |
640 | struct sw_flow_match *match, bool is_mask, | |
641 | bool log) | |
642 | { | |
643 | unsigned long opt_key_offset; | |
644 | ||
645 | BUILD_BUG_ON(sizeof(struct erspan_metadata) > | |
646 | sizeof(match->key->tun_opts)); | |
647 | ||
648 | if (nla_len(a) > sizeof(match->key->tun_opts)) { | |
649 | OVS_NLERR(log, "ERSPAN option length err (len %d, max %zu).", | |
650 | nla_len(a), sizeof(match->key->tun_opts)); | |
651 | return -EINVAL; | |
652 | } | |
653 | ||
654 | if (!is_mask) | |
655 | SW_FLOW_KEY_PUT(match, tun_opts_len, | |
656 | sizeof(struct erspan_metadata), false); | |
657 | else | |
658 | SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true); | |
659 | ||
660 | opt_key_offset = TUN_METADATA_OFFSET(nla_len(a)); | |
661 | SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, nla_data(a), | |
662 | nla_len(a), is_mask); | |
663 | return 0; | |
664 | } | |
665 | ||
6b26ba3a JB |
666 | static int ip_tun_from_nlattr(const struct nlattr *attr, |
667 | struct sw_flow_match *match, bool is_mask, | |
668 | bool log) | |
e6445719 | 669 | { |
99e28f18 | 670 | bool ttl = false, ipv4 = false, ipv6 = false; |
18b6f717 | 671 | bool info_bridge_mode = false; |
99e28f18 PS |
672 | __be16 tun_flags = 0; |
673 | int opts_type = 0; | |
e6445719 PS |
674 | struct nlattr *a; |
675 | int rem; | |
e6445719 PS |
676 | |
677 | nla_for_each_nested(a, attr, rem) { | |
678 | int type = nla_type(a); | |
05da5898 JR |
679 | int err; |
680 | ||
e6445719 | 681 | if (type > OVS_TUNNEL_KEY_ATTR_MAX) { |
05da5898 JR |
682 | OVS_NLERR(log, "Tunnel attr %d out of range max %d", |
683 | type, OVS_TUNNEL_KEY_ATTR_MAX); | |
e6445719 PS |
684 | return -EINVAL; |
685 | } | |
686 | ||
982b5270 JG |
687 | if (!check_attr_len(nla_len(a), |
688 | ovs_tunnel_key_lens[type].len)) { | |
05da5898 | 689 | OVS_NLERR(log, "Tunnel attr %d has unexpected len %d expected %d", |
81bfe3c3 | 690 | type, nla_len(a), ovs_tunnel_key_lens[type].len); |
e6445719 PS |
691 | return -EINVAL; |
692 | } | |
693 | ||
694 | switch (type) { | |
695 | case OVS_TUNNEL_KEY_ATTR_ID: | |
696 | SW_FLOW_KEY_PUT(match, tun_key.tun_id, | |
697 | nla_get_be64(a), is_mask); | |
698 | tun_flags |= TUNNEL_KEY; | |
699 | break; | |
700 | case OVS_TUNNEL_KEY_ATTR_IPV4_SRC: | |
c1ea5d67 | 701 | SW_FLOW_KEY_PUT(match, tun_key.u.ipv4.src, |
67b61f6c | 702 | nla_get_in_addr(a), is_mask); |
6b26ba3a | 703 | ipv4 = true; |
e6445719 PS |
704 | break; |
705 | case OVS_TUNNEL_KEY_ATTR_IPV4_DST: | |
c1ea5d67 | 706 | SW_FLOW_KEY_PUT(match, tun_key.u.ipv4.dst, |
67b61f6c | 707 | nla_get_in_addr(a), is_mask); |
6b26ba3a JB |
708 | ipv4 = true; |
709 | break; | |
710 | case OVS_TUNNEL_KEY_ATTR_IPV6_SRC: | |
3d20f1f7 | 711 | SW_FLOW_KEY_PUT(match, tun_key.u.ipv6.src, |
6b26ba3a JB |
712 | nla_get_in6_addr(a), is_mask); |
713 | ipv6 = true; | |
714 | break; | |
715 | case OVS_TUNNEL_KEY_ATTR_IPV6_DST: | |
716 | SW_FLOW_KEY_PUT(match, tun_key.u.ipv6.dst, | |
717 | nla_get_in6_addr(a), is_mask); | |
718 | ipv6 = true; | |
e6445719 PS |
719 | break; |
720 | case OVS_TUNNEL_KEY_ATTR_TOS: | |
7c383fb2 | 721 | SW_FLOW_KEY_PUT(match, tun_key.tos, |
e6445719 PS |
722 | nla_get_u8(a), is_mask); |
723 | break; | |
724 | case OVS_TUNNEL_KEY_ATTR_TTL: | |
7c383fb2 | 725 | SW_FLOW_KEY_PUT(match, tun_key.ttl, |
e6445719 PS |
726 | nla_get_u8(a), is_mask); |
727 | ttl = true; | |
728 | break; | |
729 | case OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT: | |
730 | tun_flags |= TUNNEL_DONT_FRAGMENT; | |
731 | break; | |
732 | case OVS_TUNNEL_KEY_ATTR_CSUM: | |
733 | tun_flags |= TUNNEL_CSUM; | |
734 | break; | |
8f0aad6f WZ |
735 | case OVS_TUNNEL_KEY_ATTR_TP_SRC: |
736 | SW_FLOW_KEY_PUT(match, tun_key.tp_src, | |
737 | nla_get_be16(a), is_mask); | |
738 | break; | |
739 | case OVS_TUNNEL_KEY_ATTR_TP_DST: | |
740 | SW_FLOW_KEY_PUT(match, tun_key.tp_dst, | |
741 | nla_get_be16(a), is_mask); | |
742 | break; | |
67fa0341 JG |
743 | case OVS_TUNNEL_KEY_ATTR_OAM: |
744 | tun_flags |= TUNNEL_OAM; | |
745 | break; | |
f5796684 | 746 | case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS: |
1dd144cf TG |
747 | if (opts_type) { |
748 | OVS_NLERR(log, "Multiple metadata blocks provided"); | |
749 | return -EINVAL; | |
750 | } | |
751 | ||
05da5898 JR |
752 | err = genev_tun_opt_from_nlattr(a, match, is_mask, log); |
753 | if (err) | |
754 | return err; | |
f5796684 | 755 | |
1dd144cf TG |
756 | tun_flags |= TUNNEL_GENEVE_OPT; |
757 | opts_type = type; | |
758 | break; | |
759 | case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS: | |
760 | if (opts_type) { | |
761 | OVS_NLERR(log, "Multiple metadata blocks provided"); | |
762 | return -EINVAL; | |
763 | } | |
764 | ||
765 | err = vxlan_tun_opt_from_nlattr(a, match, is_mask, log); | |
766 | if (err) | |
767 | return err; | |
768 | ||
769 | tun_flags |= TUNNEL_VXLAN_OPT; | |
770 | opts_type = type; | |
f5796684 | 771 | break; |
8f3dbfd7 KM |
772 | case OVS_TUNNEL_KEY_ATTR_PAD: |
773 | break; | |
fc1372f8 WT |
774 | case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS: |
775 | if (opts_type) { | |
776 | OVS_NLERR(log, "Multiple metadata blocks provided"); | |
777 | return -EINVAL; | |
778 | } | |
779 | ||
780 | err = erspan_tun_opt_from_nlattr(a, match, is_mask, | |
781 | log); | |
782 | if (err) | |
783 | return err; | |
784 | ||
785 | tun_flags |= TUNNEL_ERSPAN_OPT; | |
786 | opts_type = type; | |
787 | break; | |
18b6f717 | 788 | case OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE: |
789 | info_bridge_mode = true; | |
790 | ipv4 = true; | |
791 | break; | |
e6445719 | 792 | default: |
6b26ba3a | 793 | OVS_NLERR(log, "Unknown IP tunnel attribute %d", |
f5796684 | 794 | type); |
e6445719 PS |
795 | return -EINVAL; |
796 | } | |
797 | } | |
798 | ||
799 | SW_FLOW_KEY_PUT(match, tun_key.tun_flags, tun_flags, is_mask); | |
00a93bab JB |
800 | if (is_mask) |
801 | SW_FLOW_KEY_MEMSET_FIELD(match, tun_proto, 0xff, true); | |
802 | else | |
6b26ba3a JB |
803 | SW_FLOW_KEY_PUT(match, tun_proto, ipv6 ? AF_INET6 : AF_INET, |
804 | false); | |
e6445719 PS |
805 | |
806 | if (rem > 0) { | |
6b26ba3a | 807 | OVS_NLERR(log, "IP tunnel attribute has %d unknown bytes.", |
05da5898 | 808 | rem); |
e6445719 PS |
809 | return -EINVAL; |
810 | } | |
811 | ||
6b26ba3a JB |
812 | if (ipv4 && ipv6) { |
813 | OVS_NLERR(log, "Mixed IPv4 and IPv6 tunnel attributes"); | |
814 | return -EINVAL; | |
815 | } | |
816 | ||
e6445719 | 817 | if (!is_mask) { |
6b26ba3a JB |
818 | if (!ipv4 && !ipv6) { |
819 | OVS_NLERR(log, "IP tunnel dst address not specified"); | |
820 | return -EINVAL; | |
821 | } | |
18b6f717 | 822 | if (ipv4) { |
823 | if (info_bridge_mode) { | |
824 | if (match->key->tun_key.u.ipv4.src || | |
825 | match->key->tun_key.u.ipv4.dst || | |
826 | match->key->tun_key.tp_src || | |
827 | match->key->tun_key.tp_dst || | |
828 | match->key->tun_key.ttl || | |
829 | match->key->tun_key.tos || | |
830 | tun_flags & ~TUNNEL_KEY) { | |
831 | OVS_NLERR(log, "IPv4 tun info is not correct"); | |
832 | return -EINVAL; | |
833 | } | |
834 | } else if (!match->key->tun_key.u.ipv4.dst) { | |
835 | OVS_NLERR(log, "IPv4 tunnel dst address is zero"); | |
836 | return -EINVAL; | |
837 | } | |
e6445719 | 838 | } |
6b26ba3a JB |
839 | if (ipv6 && ipv6_addr_any(&match->key->tun_key.u.ipv6.dst)) { |
840 | OVS_NLERR(log, "IPv6 tunnel dst address is zero"); | |
841 | return -EINVAL; | |
842 | } | |
e6445719 | 843 | |
18b6f717 | 844 | if (!ttl && !info_bridge_mode) { |
6b26ba3a | 845 | OVS_NLERR(log, "IP tunnel TTL not specified."); |
e6445719 PS |
846 | return -EINVAL; |
847 | } | |
848 | } | |
849 | ||
1dd144cf TG |
850 | return opts_type; |
851 | } | |
852 | ||
853 | static int vxlan_opt_to_nlattr(struct sk_buff *skb, | |
854 | const void *tun_opts, int swkey_tun_opts_len) | |
855 | { | |
614732ea | 856 | const struct vxlan_metadata *opts = tun_opts; |
1dd144cf TG |
857 | struct nlattr *nla; |
858 | ||
ae0be8de | 859 | nla = nla_nest_start_noflag(skb, OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS); |
1dd144cf TG |
860 | if (!nla) |
861 | return -EMSGSIZE; | |
862 | ||
863 | if (nla_put_u32(skb, OVS_VXLAN_EXT_GBP, opts->gbp) < 0) | |
864 | return -EMSGSIZE; | |
865 | ||
866 | nla_nest_end(skb, nla); | |
e6445719 PS |
867 | return 0; |
868 | } | |
869 | ||
6b26ba3a JB |
870 | static int __ip_tun_to_nlattr(struct sk_buff *skb, |
871 | const struct ip_tunnel_key *output, | |
872 | const void *tun_opts, int swkey_tun_opts_len, | |
18b6f717 | 873 | unsigned short tun_proto, u8 mode) |
e6445719 | 874 | { |
e6445719 | 875 | if (output->tun_flags & TUNNEL_KEY && |
b46f6ded ND |
876 | nla_put_be64(skb, OVS_TUNNEL_KEY_ATTR_ID, output->tun_id, |
877 | OVS_TUNNEL_KEY_ATTR_PAD)) | |
e6445719 | 878 | return -EMSGSIZE; |
18b6f717 | 879 | |
880 | if (mode & IP_TUNNEL_INFO_BRIDGE) | |
881 | return nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE) | |
882 | ? -EMSGSIZE : 0; | |
883 | ||
6b26ba3a JB |
884 | switch (tun_proto) { |
885 | case AF_INET: | |
886 | if (output->u.ipv4.src && | |
887 | nla_put_in_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV4_SRC, | |
888 | output->u.ipv4.src)) | |
889 | return -EMSGSIZE; | |
890 | if (output->u.ipv4.dst && | |
891 | nla_put_in_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV4_DST, | |
892 | output->u.ipv4.dst)) | |
893 | return -EMSGSIZE; | |
894 | break; | |
895 | case AF_INET6: | |
896 | if (!ipv6_addr_any(&output->u.ipv6.src) && | |
897 | nla_put_in6_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV6_SRC, | |
898 | &output->u.ipv6.src)) | |
899 | return -EMSGSIZE; | |
900 | if (!ipv6_addr_any(&output->u.ipv6.dst) && | |
901 | nla_put_in6_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV6_DST, | |
902 | &output->u.ipv6.dst)) | |
903 | return -EMSGSIZE; | |
904 | break; | |
905 | } | |
7c383fb2 JB |
906 | if (output->tos && |
907 | nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TOS, output->tos)) | |
e6445719 | 908 | return -EMSGSIZE; |
7c383fb2 | 909 | if (nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TTL, output->ttl)) |
e6445719 PS |
910 | return -EMSGSIZE; |
911 | if ((output->tun_flags & TUNNEL_DONT_FRAGMENT) && | |
67fa0341 | 912 | nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT)) |
e6445719 PS |
913 | return -EMSGSIZE; |
914 | if ((output->tun_flags & TUNNEL_CSUM) && | |
67fa0341 JG |
915 | nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_CSUM)) |
916 | return -EMSGSIZE; | |
8f0aad6f WZ |
917 | if (output->tp_src && |
918 | nla_put_be16(skb, OVS_TUNNEL_KEY_ATTR_TP_SRC, output->tp_src)) | |
919 | return -EMSGSIZE; | |
920 | if (output->tp_dst && | |
921 | nla_put_be16(skb, OVS_TUNNEL_KEY_ATTR_TP_DST, output->tp_dst)) | |
922 | return -EMSGSIZE; | |
67fa0341 JG |
923 | if ((output->tun_flags & TUNNEL_OAM) && |
924 | nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_OAM)) | |
e6445719 | 925 | return -EMSGSIZE; |
fc4099f1 | 926 | if (swkey_tun_opts_len) { |
1dd144cf TG |
927 | if (output->tun_flags & TUNNEL_GENEVE_OPT && |
928 | nla_put(skb, OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS, | |
929 | swkey_tun_opts_len, tun_opts)) | |
930 | return -EMSGSIZE; | |
931 | else if (output->tun_flags & TUNNEL_VXLAN_OPT && | |
932 | vxlan_opt_to_nlattr(skb, tun_opts, swkey_tun_opts_len)) | |
933 | return -EMSGSIZE; | |
fc1372f8 WT |
934 | else if (output->tun_flags & TUNNEL_ERSPAN_OPT && |
935 | nla_put(skb, OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS, | |
936 | swkey_tun_opts_len, tun_opts)) | |
937 | return -EMSGSIZE; | |
1dd144cf | 938 | } |
e6445719 | 939 | |
e6445719 PS |
940 | return 0; |
941 | } | |
942 | ||
6b26ba3a JB |
943 | static int ip_tun_to_nlattr(struct sk_buff *skb, |
944 | const struct ip_tunnel_key *output, | |
945 | const void *tun_opts, int swkey_tun_opts_len, | |
18b6f717 | 946 | unsigned short tun_proto, u8 mode) |
f5796684 JG |
947 | { |
948 | struct nlattr *nla; | |
949 | int err; | |
950 | ||
ae0be8de | 951 | nla = nla_nest_start_noflag(skb, OVS_KEY_ATTR_TUNNEL); |
f5796684 JG |
952 | if (!nla) |
953 | return -EMSGSIZE; | |
954 | ||
6b26ba3a | 955 | err = __ip_tun_to_nlattr(skb, output, tun_opts, swkey_tun_opts_len, |
18b6f717 | 956 | tun_proto, mode); |
f5796684 JG |
957 | if (err) |
958 | return err; | |
959 | ||
960 | nla_nest_end(skb, nla); | |
961 | return 0; | |
962 | } | |
963 | ||
fc4099f1 PS |
964 | int ovs_nla_put_tunnel_info(struct sk_buff *skb, |
965 | struct ip_tunnel_info *tun_info) | |
8f0aad6f | 966 | { |
ba3e2084 DM |
967 | return __ip_tun_to_nlattr(skb, &tun_info->key, |
968 | ip_tunnel_info_opts(tun_info), | |
969 | tun_info->options_len, | |
18b6f717 | 970 | ip_tunnel_info_af(tun_info), tun_info->mode); |
8f0aad6f WZ |
971 | } |
972 | ||
018c1dda EG |
973 | static int encode_vlan_from_nlattrs(struct sw_flow_match *match, |
974 | const struct nlattr *a[], | |
975 | bool is_mask, bool inner) | |
976 | { | |
977 | __be16 tci = 0; | |
978 | __be16 tpid = 0; | |
979 | ||
980 | if (a[OVS_KEY_ATTR_VLAN]) | |
981 | tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]); | |
982 | ||
983 | if (a[OVS_KEY_ATTR_ETHERTYPE]) | |
984 | tpid = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]); | |
985 | ||
986 | if (likely(!inner)) { | |
987 | SW_FLOW_KEY_PUT(match, eth.vlan.tpid, tpid, is_mask); | |
988 | SW_FLOW_KEY_PUT(match, eth.vlan.tci, tci, is_mask); | |
989 | } else { | |
990 | SW_FLOW_KEY_PUT(match, eth.cvlan.tpid, tpid, is_mask); | |
991 | SW_FLOW_KEY_PUT(match, eth.cvlan.tci, tci, is_mask); | |
992 | } | |
993 | return 0; | |
994 | } | |
995 | ||
996 | static int validate_vlan_from_nlattrs(const struct sw_flow_match *match, | |
997 | u64 key_attrs, bool inner, | |
998 | const struct nlattr **a, bool log) | |
999 | { | |
1000 | __be16 tci = 0; | |
1001 | ||
1002 | if (!((key_attrs & (1 << OVS_KEY_ATTR_ETHERNET)) && | |
1003 | (key_attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) && | |
1004 | eth_type_vlan(nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE])))) { | |
1005 | /* Not a VLAN. */ | |
1006 | return 0; | |
1007 | } | |
1008 | ||
1009 | if (!((key_attrs & (1 << OVS_KEY_ATTR_VLAN)) && | |
1010 | (key_attrs & (1 << OVS_KEY_ATTR_ENCAP)))) { | |
1011 | OVS_NLERR(log, "Invalid %s frame", (inner) ? "C-VLAN" : "VLAN"); | |
1012 | return -EINVAL; | |
1013 | } | |
1014 | ||
1015 | if (a[OVS_KEY_ATTR_VLAN]) | |
1016 | tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]); | |
1017 | ||
9df46aef | 1018 | if (!(tci & htons(VLAN_CFI_MASK))) { |
018c1dda | 1019 | if (tci) { |
9df46aef | 1020 | OVS_NLERR(log, "%s TCI does not have VLAN_CFI_MASK bit set.", |
018c1dda EG |
1021 | (inner) ? "C-VLAN" : "VLAN"); |
1022 | return -EINVAL; | |
1023 | } else if (nla_len(a[OVS_KEY_ATTR_ENCAP])) { | |
1024 | /* Corner case for truncated VLAN header. */ | |
1025 | OVS_NLERR(log, "Truncated %s header has non-zero encap attribute.", | |
1026 | (inner) ? "C-VLAN" : "VLAN"); | |
1027 | return -EINVAL; | |
1028 | } | |
1029 | } | |
1030 | ||
1031 | return 1; | |
1032 | } | |
1033 | ||
1034 | static int validate_vlan_mask_from_nlattrs(const struct sw_flow_match *match, | |
1035 | u64 key_attrs, bool inner, | |
1036 | const struct nlattr **a, bool log) | |
1037 | { | |
1038 | __be16 tci = 0; | |
1039 | __be16 tpid = 0; | |
1040 | bool encap_valid = !!(match->key->eth.vlan.tci & | |
9df46aef | 1041 | htons(VLAN_CFI_MASK)); |
018c1dda | 1042 | bool i_encap_valid = !!(match->key->eth.cvlan.tci & |
9df46aef | 1043 | htons(VLAN_CFI_MASK)); |
018c1dda EG |
1044 | |
1045 | if (!(key_attrs & (1 << OVS_KEY_ATTR_ENCAP))) { | |
1046 | /* Not a VLAN. */ | |
1047 | return 0; | |
1048 | } | |
1049 | ||
1050 | if ((!inner && !encap_valid) || (inner && !i_encap_valid)) { | |
1051 | OVS_NLERR(log, "Encap mask attribute is set for non-%s frame.", | |
1052 | (inner) ? "C-VLAN" : "VLAN"); | |
1053 | return -EINVAL; | |
1054 | } | |
1055 | ||
1056 | if (a[OVS_KEY_ATTR_VLAN]) | |
1057 | tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]); | |
1058 | ||
1059 | if (a[OVS_KEY_ATTR_ETHERTYPE]) | |
1060 | tpid = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]); | |
1061 | ||
1062 | if (tpid != htons(0xffff)) { | |
1063 | OVS_NLERR(log, "Must have an exact match on %s TPID (mask=%x).", | |
1064 | (inner) ? "C-VLAN" : "VLAN", ntohs(tpid)); | |
1065 | return -EINVAL; | |
1066 | } | |
9df46aef MM |
1067 | if (!(tci & htons(VLAN_CFI_MASK))) { |
1068 | OVS_NLERR(log, "%s TCI mask does not have exact match for VLAN_CFI_MASK bit.", | |
018c1dda EG |
1069 | (inner) ? "C-VLAN" : "VLAN"); |
1070 | return -EINVAL; | |
1071 | } | |
1072 | ||
1073 | return 1; | |
1074 | } | |
1075 | ||
1076 | static int __parse_vlan_from_nlattrs(struct sw_flow_match *match, | |
1077 | u64 *key_attrs, bool inner, | |
1078 | const struct nlattr **a, bool is_mask, | |
1079 | bool log) | |
1080 | { | |
1081 | int err; | |
1082 | const struct nlattr *encap; | |
1083 | ||
1084 | if (!is_mask) | |
1085 | err = validate_vlan_from_nlattrs(match, *key_attrs, inner, | |
1086 | a, log); | |
1087 | else | |
1088 | err = validate_vlan_mask_from_nlattrs(match, *key_attrs, inner, | |
1089 | a, log); | |
1090 | if (err <= 0) | |
1091 | return err; | |
1092 | ||
1093 | err = encode_vlan_from_nlattrs(match, a, is_mask, inner); | |
1094 | if (err) | |
1095 | return err; | |
1096 | ||
1097 | *key_attrs &= ~(1 << OVS_KEY_ATTR_ENCAP); | |
1098 | *key_attrs &= ~(1 << OVS_KEY_ATTR_VLAN); | |
1099 | *key_attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE); | |
1100 | ||
1101 | encap = a[OVS_KEY_ATTR_ENCAP]; | |
1102 | ||
1103 | if (!is_mask) | |
1104 | err = parse_flow_nlattrs(encap, a, key_attrs, log); | |
1105 | else | |
1106 | err = parse_flow_mask_nlattrs(encap, a, key_attrs, log); | |
1107 | ||
1108 | return err; | |
1109 | } | |
1110 | ||
1111 | static int parse_vlan_from_nlattrs(struct sw_flow_match *match, | |
1112 | u64 *key_attrs, const struct nlattr **a, | |
1113 | bool is_mask, bool log) | |
1114 | { | |
1115 | int err; | |
1116 | bool encap_valid = false; | |
1117 | ||
1118 | err = __parse_vlan_from_nlattrs(match, key_attrs, false, a, | |
1119 | is_mask, log); | |
1120 | if (err) | |
1121 | return err; | |
1122 | ||
9df46aef | 1123 | encap_valid = !!(match->key->eth.vlan.tci & htons(VLAN_CFI_MASK)); |
018c1dda EG |
1124 | if (encap_valid) { |
1125 | err = __parse_vlan_from_nlattrs(match, key_attrs, true, a, | |
1126 | is_mask, log); | |
1127 | if (err) | |
1128 | return err; | |
1129 | } | |
1130 | ||
1131 | return 0; | |
1132 | } | |
1133 | ||
0a6410fb JB |
1134 | static int parse_eth_type_from_nlattrs(struct sw_flow_match *match, |
1135 | u64 *attrs, const struct nlattr **a, | |
1136 | bool is_mask, bool log) | |
1137 | { | |
1138 | __be16 eth_type; | |
1139 | ||
1140 | eth_type = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]); | |
1141 | if (is_mask) { | |
1142 | /* Always exact match EtherType. */ | |
1143 | eth_type = htons(0xffff); | |
1144 | } else if (!eth_proto_is_802_3(eth_type)) { | |
1145 | OVS_NLERR(log, "EtherType %x is less than min %x", | |
1146 | ntohs(eth_type), ETH_P_802_3_MIN); | |
1147 | return -EINVAL; | |
1148 | } | |
1149 | ||
1150 | SW_FLOW_KEY_PUT(match, eth.type, eth_type, is_mask); | |
1151 | *attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE); | |
1152 | return 0; | |
1153 | } | |
1154 | ||
c2ac6673 JS |
1155 | static int metadata_from_nlattrs(struct net *net, struct sw_flow_match *match, |
1156 | u64 *attrs, const struct nlattr **a, | |
1157 | bool is_mask, bool log) | |
e6445719 | 1158 | { |
0a6410fb JB |
1159 | u8 mac_proto = MAC_PROTO_ETHERNET; |
1160 | ||
971427f3 AZ |
1161 | if (*attrs & (1 << OVS_KEY_ATTR_DP_HASH)) { |
1162 | u32 hash_val = nla_get_u32(a[OVS_KEY_ATTR_DP_HASH]); | |
1163 | ||
1164 | SW_FLOW_KEY_PUT(match, ovs_flow_hash, hash_val, is_mask); | |
1165 | *attrs &= ~(1 << OVS_KEY_ATTR_DP_HASH); | |
1166 | } | |
1167 | ||
1168 | if (*attrs & (1 << OVS_KEY_ATTR_RECIRC_ID)) { | |
1169 | u32 recirc_id = nla_get_u32(a[OVS_KEY_ATTR_RECIRC_ID]); | |
1170 | ||
1171 | SW_FLOW_KEY_PUT(match, recirc_id, recirc_id, is_mask); | |
1172 | *attrs &= ~(1 << OVS_KEY_ATTR_RECIRC_ID); | |
1173 | } | |
1174 | ||
e6445719 PS |
1175 | if (*attrs & (1 << OVS_KEY_ATTR_PRIORITY)) { |
1176 | SW_FLOW_KEY_PUT(match, phy.priority, | |
1177 | nla_get_u32(a[OVS_KEY_ATTR_PRIORITY]), is_mask); | |
1178 | *attrs &= ~(1 << OVS_KEY_ATTR_PRIORITY); | |
1179 | } | |
1180 | ||
1181 | if (*attrs & (1 << OVS_KEY_ATTR_IN_PORT)) { | |
1182 | u32 in_port = nla_get_u32(a[OVS_KEY_ATTR_IN_PORT]); | |
1183 | ||
426cda5c | 1184 | if (is_mask) { |
e6445719 | 1185 | in_port = 0xffffffff; /* Always exact match in_port. */ |
426cda5c | 1186 | } else if (in_port >= DP_MAX_PORTS) { |
05da5898 | 1187 | OVS_NLERR(log, "Port %d exceeds max allowable %d", |
426cda5c | 1188 | in_port, DP_MAX_PORTS); |
e6445719 | 1189 | return -EINVAL; |
426cda5c | 1190 | } |
e6445719 PS |
1191 | |
1192 | SW_FLOW_KEY_PUT(match, phy.in_port, in_port, is_mask); | |
1193 | *attrs &= ~(1 << OVS_KEY_ATTR_IN_PORT); | |
1194 | } else if (!is_mask) { | |
1195 | SW_FLOW_KEY_PUT(match, phy.in_port, DP_MAX_PORTS, is_mask); | |
1196 | } | |
1197 | ||
1198 | if (*attrs & (1 << OVS_KEY_ATTR_SKB_MARK)) { | |
1199 | uint32_t mark = nla_get_u32(a[OVS_KEY_ATTR_SKB_MARK]); | |
1200 | ||
1201 | SW_FLOW_KEY_PUT(match, phy.skb_mark, mark, is_mask); | |
1202 | *attrs &= ~(1 << OVS_KEY_ATTR_SKB_MARK); | |
1203 | } | |
1204 | if (*attrs & (1 << OVS_KEY_ATTR_TUNNEL)) { | |
6b26ba3a JB |
1205 | if (ip_tun_from_nlattr(a[OVS_KEY_ATTR_TUNNEL], match, |
1206 | is_mask, log) < 0) | |
e6445719 PS |
1207 | return -EINVAL; |
1208 | *attrs &= ~(1 << OVS_KEY_ATTR_TUNNEL); | |
1209 | } | |
7f8a436e JS |
1210 | |
1211 | if (*attrs & (1 << OVS_KEY_ATTR_CT_STATE) && | |
c2ac6673 | 1212 | ovs_ct_verify(net, OVS_KEY_ATTR_CT_STATE)) { |
fbccce59 | 1213 | u32 ct_state = nla_get_u32(a[OVS_KEY_ATTR_CT_STATE]); |
7f8a436e | 1214 | |
9e384715 | 1215 | if (ct_state & ~CT_SUPPORTED_MASK) { |
fbccce59 | 1216 | OVS_NLERR(log, "ct_state flags %08x unsupported", |
6f225952 JS |
1217 | ct_state); |
1218 | return -EINVAL; | |
1219 | } | |
7f8a436e | 1220 | |
316d4d78 | 1221 | SW_FLOW_KEY_PUT(match, ct_state, ct_state, is_mask); |
7f8a436e JS |
1222 | *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_STATE); |
1223 | } | |
1224 | if (*attrs & (1 << OVS_KEY_ATTR_CT_ZONE) && | |
c2ac6673 | 1225 | ovs_ct_verify(net, OVS_KEY_ATTR_CT_ZONE)) { |
7f8a436e JS |
1226 | u16 ct_zone = nla_get_u16(a[OVS_KEY_ATTR_CT_ZONE]); |
1227 | ||
316d4d78 | 1228 | SW_FLOW_KEY_PUT(match, ct_zone, ct_zone, is_mask); |
7f8a436e JS |
1229 | *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ZONE); |
1230 | } | |
182e3042 | 1231 | if (*attrs & (1 << OVS_KEY_ATTR_CT_MARK) && |
c2ac6673 | 1232 | ovs_ct_verify(net, OVS_KEY_ATTR_CT_MARK)) { |
182e3042 JS |
1233 | u32 mark = nla_get_u32(a[OVS_KEY_ATTR_CT_MARK]); |
1234 | ||
1235 | SW_FLOW_KEY_PUT(match, ct.mark, mark, is_mask); | |
1236 | *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_MARK); | |
1237 | } | |
33db4125 JS |
1238 | if (*attrs & (1 << OVS_KEY_ATTR_CT_LABELS) && |
1239 | ovs_ct_verify(net, OVS_KEY_ATTR_CT_LABELS)) { | |
1240 | const struct ovs_key_ct_labels *cl; | |
c2ac6673 | 1241 | |
33db4125 JS |
1242 | cl = nla_data(a[OVS_KEY_ATTR_CT_LABELS]); |
1243 | SW_FLOW_KEY_MEMCPY(match, ct.labels, cl->ct_labels, | |
c2ac6673 | 1244 | sizeof(*cl), is_mask); |
33db4125 | 1245 | *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_LABELS); |
c2ac6673 | 1246 | } |
9dd7f890 JR |
1247 | if (*attrs & (1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4)) { |
1248 | const struct ovs_key_ct_tuple_ipv4 *ct; | |
1249 | ||
1250 | ct = nla_data(a[OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4]); | |
1251 | ||
1252 | SW_FLOW_KEY_PUT(match, ipv4.ct_orig.src, ct->ipv4_src, is_mask); | |
1253 | SW_FLOW_KEY_PUT(match, ipv4.ct_orig.dst, ct->ipv4_dst, is_mask); | |
1254 | SW_FLOW_KEY_PUT(match, ct.orig_tp.src, ct->src_port, is_mask); | |
1255 | SW_FLOW_KEY_PUT(match, ct.orig_tp.dst, ct->dst_port, is_mask); | |
316d4d78 | 1256 | SW_FLOW_KEY_PUT(match, ct_orig_proto, ct->ipv4_proto, is_mask); |
9dd7f890 JR |
1257 | *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4); |
1258 | } | |
1259 | if (*attrs & (1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6)) { | |
1260 | const struct ovs_key_ct_tuple_ipv6 *ct; | |
1261 | ||
1262 | ct = nla_data(a[OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6]); | |
1263 | ||
1264 | SW_FLOW_KEY_MEMCPY(match, ipv6.ct_orig.src, &ct->ipv6_src, | |
1265 | sizeof(match->key->ipv6.ct_orig.src), | |
1266 | is_mask); | |
1267 | SW_FLOW_KEY_MEMCPY(match, ipv6.ct_orig.dst, &ct->ipv6_dst, | |
1268 | sizeof(match->key->ipv6.ct_orig.dst), | |
1269 | is_mask); | |
1270 | SW_FLOW_KEY_PUT(match, ct.orig_tp.src, ct->src_port, is_mask); | |
1271 | SW_FLOW_KEY_PUT(match, ct.orig_tp.dst, ct->dst_port, is_mask); | |
316d4d78 | 1272 | SW_FLOW_KEY_PUT(match, ct_orig_proto, ct->ipv6_proto, is_mask); |
9dd7f890 JR |
1273 | *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6); |
1274 | } | |
329f45bc | 1275 | |
0a6410fb JB |
1276 | /* For layer 3 packets the Ethernet type is provided |
1277 | * and treated as metadata but no MAC addresses are provided. | |
1278 | */ | |
1279 | if (!(*attrs & (1ULL << OVS_KEY_ATTR_ETHERNET)) && | |
1280 | (*attrs & (1ULL << OVS_KEY_ATTR_ETHERTYPE))) | |
1281 | mac_proto = MAC_PROTO_NONE; | |
1282 | ||
329f45bc | 1283 | /* Always exact match mac_proto */ |
0a6410fb JB |
1284 | SW_FLOW_KEY_PUT(match, mac_proto, is_mask ? 0xff : mac_proto, is_mask); |
1285 | ||
1286 | if (mac_proto == MAC_PROTO_NONE) | |
1287 | return parse_eth_type_from_nlattrs(match, attrs, a, is_mask, | |
1288 | log); | |
329f45bc | 1289 | |
e6445719 PS |
1290 | return 0; |
1291 | } | |
1292 | ||
b2d0f5d5 YY |
1293 | int nsh_hdr_from_nlattr(const struct nlattr *attr, |
1294 | struct nshhdr *nh, size_t size) | |
1295 | { | |
1296 | struct nlattr *a; | |
1297 | int rem; | |
1298 | u8 flags = 0; | |
1299 | u8 ttl = 0; | |
1300 | int mdlen = 0; | |
1301 | ||
1302 | /* validate_nsh has check this, so we needn't do duplicate check here | |
1303 | */ | |
1304 | if (size < NSH_BASE_HDR_LEN) | |
1305 | return -ENOBUFS; | |
1306 | ||
1307 | nla_for_each_nested(a, attr, rem) { | |
1308 | int type = nla_type(a); | |
1309 | ||
1310 | switch (type) { | |
1311 | case OVS_NSH_KEY_ATTR_BASE: { | |
1312 | const struct ovs_nsh_key_base *base = nla_data(a); | |
1313 | ||
1314 | flags = base->flags; | |
1315 | ttl = base->ttl; | |
1316 | nh->np = base->np; | |
1317 | nh->mdtype = base->mdtype; | |
1318 | nh->path_hdr = base->path_hdr; | |
1319 | break; | |
1320 | } | |
1321 | case OVS_NSH_KEY_ATTR_MD1: | |
1322 | mdlen = nla_len(a); | |
1323 | if (mdlen > size - NSH_BASE_HDR_LEN) | |
1324 | return -ENOBUFS; | |
1325 | memcpy(&nh->md1, nla_data(a), mdlen); | |
1326 | break; | |
1327 | ||
1328 | case OVS_NSH_KEY_ATTR_MD2: | |
1329 | mdlen = nla_len(a); | |
1330 | if (mdlen > size - NSH_BASE_HDR_LEN) | |
1331 | return -ENOBUFS; | |
1332 | memcpy(&nh->md2, nla_data(a), mdlen); | |
1333 | break; | |
1334 | ||
1335 | default: | |
1336 | return -EINVAL; | |
1337 | } | |
1338 | } | |
1339 | ||
1340 | /* nsh header length = NSH_BASE_HDR_LEN + mdlen */ | |
1341 | nh->ver_flags_ttl_len = 0; | |
1342 | nsh_set_flags_ttl_len(nh, flags, ttl, NSH_BASE_HDR_LEN + mdlen); | |
1343 | ||
1344 | return 0; | |
1345 | } | |
1346 | ||
1347 | int nsh_key_from_nlattr(const struct nlattr *attr, | |
1348 | struct ovs_key_nsh *nsh, struct ovs_key_nsh *nsh_mask) | |
1349 | { | |
1350 | struct nlattr *a; | |
1351 | int rem; | |
1352 | ||
1353 | /* validate_nsh has check this, so we needn't do duplicate check here | |
1354 | */ | |
1355 | nla_for_each_nested(a, attr, rem) { | |
1356 | int type = nla_type(a); | |
1357 | ||
1358 | switch (type) { | |
1359 | case OVS_NSH_KEY_ATTR_BASE: { | |
1360 | const struct ovs_nsh_key_base *base = nla_data(a); | |
1361 | const struct ovs_nsh_key_base *base_mask = base + 1; | |
1362 | ||
1363 | nsh->base = *base; | |
1364 | nsh_mask->base = *base_mask; | |
1365 | break; | |
1366 | } | |
1367 | case OVS_NSH_KEY_ATTR_MD1: { | |
1368 | const struct ovs_nsh_key_md1 *md1 = nla_data(a); | |
1369 | const struct ovs_nsh_key_md1 *md1_mask = md1 + 1; | |
1370 | ||
1371 | memcpy(nsh->context, md1->context, sizeof(*md1)); | |
1372 | memcpy(nsh_mask->context, md1_mask->context, | |
1373 | sizeof(*md1_mask)); | |
1374 | break; | |
1375 | } | |
1376 | case OVS_NSH_KEY_ATTR_MD2: | |
1377 | /* Not supported yet */ | |
1378 | return -ENOTSUPP; | |
1379 | default: | |
1380 | return -EINVAL; | |
1381 | } | |
1382 | } | |
1383 | ||
1384 | return 0; | |
1385 | } | |
1386 | ||
1387 | static int nsh_key_put_from_nlattr(const struct nlattr *attr, | |
1388 | struct sw_flow_match *match, bool is_mask, | |
1389 | bool is_push_nsh, bool log) | |
1390 | { | |
1391 | struct nlattr *a; | |
1392 | int rem; | |
1393 | bool has_base = false; | |
1394 | bool has_md1 = false; | |
1395 | bool has_md2 = false; | |
1396 | u8 mdtype = 0; | |
1397 | int mdlen = 0; | |
1398 | ||
1399 | if (WARN_ON(is_push_nsh && is_mask)) | |
1400 | return -EINVAL; | |
1401 | ||
1402 | nla_for_each_nested(a, attr, rem) { | |
1403 | int type = nla_type(a); | |
1404 | int i; | |
1405 | ||
1406 | if (type > OVS_NSH_KEY_ATTR_MAX) { | |
1407 | OVS_NLERR(log, "nsh attr %d is out of range max %d", | |
1408 | type, OVS_NSH_KEY_ATTR_MAX); | |
1409 | return -EINVAL; | |
1410 | } | |
1411 | ||
1412 | if (!check_attr_len(nla_len(a), | |
1413 | ovs_nsh_key_attr_lens[type].len)) { | |
1414 | OVS_NLERR( | |
1415 | log, | |
1416 | "nsh attr %d has unexpected len %d expected %d", | |
1417 | type, | |
1418 | nla_len(a), | |
1419 | ovs_nsh_key_attr_lens[type].len | |
1420 | ); | |
1421 | return -EINVAL; | |
1422 | } | |
1423 | ||
1424 | switch (type) { | |
1425 | case OVS_NSH_KEY_ATTR_BASE: { | |
1426 | const struct ovs_nsh_key_base *base = nla_data(a); | |
1427 | ||
1428 | has_base = true; | |
1429 | mdtype = base->mdtype; | |
1430 | SW_FLOW_KEY_PUT(match, nsh.base.flags, | |
1431 | base->flags, is_mask); | |
1432 | SW_FLOW_KEY_PUT(match, nsh.base.ttl, | |
1433 | base->ttl, is_mask); | |
1434 | SW_FLOW_KEY_PUT(match, nsh.base.mdtype, | |
1435 | base->mdtype, is_mask); | |
1436 | SW_FLOW_KEY_PUT(match, nsh.base.np, | |
1437 | base->np, is_mask); | |
1438 | SW_FLOW_KEY_PUT(match, nsh.base.path_hdr, | |
1439 | base->path_hdr, is_mask); | |
1440 | break; | |
1441 | } | |
1442 | case OVS_NSH_KEY_ATTR_MD1: { | |
1443 | const struct ovs_nsh_key_md1 *md1 = nla_data(a); | |
1444 | ||
1445 | has_md1 = true; | |
1446 | for (i = 0; i < NSH_MD1_CONTEXT_SIZE; i++) | |
1447 | SW_FLOW_KEY_PUT(match, nsh.context[i], | |
1448 | md1->context[i], is_mask); | |
1449 | break; | |
1450 | } | |
1451 | case OVS_NSH_KEY_ATTR_MD2: | |
1452 | if (!is_push_nsh) /* Not supported MD type 2 yet */ | |
1453 | return -ENOTSUPP; | |
1454 | ||
1455 | has_md2 = true; | |
1456 | mdlen = nla_len(a); | |
1457 | if (mdlen > NSH_CTX_HDRS_MAX_LEN || mdlen <= 0) { | |
1458 | OVS_NLERR( | |
1459 | log, | |
1460 | "Invalid MD length %d for MD type %d", | |
1461 | mdlen, | |
1462 | mdtype | |
1463 | ); | |
1464 | return -EINVAL; | |
1465 | } | |
1466 | break; | |
1467 | default: | |
1468 | OVS_NLERR(log, "Unknown nsh attribute %d", | |
1469 | type); | |
1470 | return -EINVAL; | |
1471 | } | |
1472 | } | |
1473 | ||
1474 | if (rem > 0) { | |
1475 | OVS_NLERR(log, "nsh attribute has %d unknown bytes.", rem); | |
1476 | return -EINVAL; | |
1477 | } | |
1478 | ||
1479 | if (has_md1 && has_md2) { | |
1480 | OVS_NLERR( | |
1481 | 1, | |
1482 | "invalid nsh attribute: md1 and md2 are exclusive." | |
1483 | ); | |
1484 | return -EINVAL; | |
1485 | } | |
1486 | ||
1487 | if (!is_mask) { | |
1488 | if ((has_md1 && mdtype != NSH_M_TYPE1) || | |
1489 | (has_md2 && mdtype != NSH_M_TYPE2)) { | |
1490 | OVS_NLERR(1, "nsh attribute has unmatched MD type %d.", | |
1491 | mdtype); | |
1492 | return -EINVAL; | |
1493 | } | |
1494 | ||
1495 | if (is_push_nsh && | |
1496 | (!has_base || (!has_md1 && !has_md2))) { | |
1497 | OVS_NLERR( | |
1498 | 1, | |
1499 | "push_nsh: missing base or metadata attributes" | |
1500 | ); | |
1501 | return -EINVAL; | |
1502 | } | |
1503 | } | |
1504 | ||
1505 | return 0; | |
1506 | } | |
1507 | ||
c2ac6673 JS |
1508 | static int ovs_key_from_nlattrs(struct net *net, struct sw_flow_match *match, |
1509 | u64 attrs, const struct nlattr **a, | |
1510 | bool is_mask, bool log) | |
e6445719 PS |
1511 | { |
1512 | int err; | |
e6445719 | 1513 | |
c2ac6673 | 1514 | err = metadata_from_nlattrs(net, match, &attrs, a, is_mask, log); |
e6445719 PS |
1515 | if (err) |
1516 | return err; | |
1517 | ||
1518 | if (attrs & (1 << OVS_KEY_ATTR_ETHERNET)) { | |
1519 | const struct ovs_key_ethernet *eth_key; | |
1520 | ||
1521 | eth_key = nla_data(a[OVS_KEY_ATTR_ETHERNET]); | |
1522 | SW_FLOW_KEY_MEMCPY(match, eth.src, | |
1523 | eth_key->eth_src, ETH_ALEN, is_mask); | |
1524 | SW_FLOW_KEY_MEMCPY(match, eth.dst, | |
1525 | eth_key->eth_dst, ETH_ALEN, is_mask); | |
1526 | attrs &= ~(1 << OVS_KEY_ATTR_ETHERNET); | |
e6445719 | 1527 | |
0a6410fb JB |
1528 | if (attrs & (1 << OVS_KEY_ATTR_VLAN)) { |
1529 | /* VLAN attribute is always parsed before getting here since it | |
1530 | * may occur multiple times. | |
1531 | */ | |
1532 | OVS_NLERR(log, "VLAN attribute unexpected."); | |
e6445719 PS |
1533 | return -EINVAL; |
1534 | } | |
1535 | ||
0a6410fb JB |
1536 | if (attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) { |
1537 | err = parse_eth_type_from_nlattrs(match, &attrs, a, is_mask, | |
1538 | log); | |
1539 | if (err) | |
1540 | return err; | |
1541 | } else if (!is_mask) { | |
1542 | SW_FLOW_KEY_PUT(match, eth.type, htons(ETH_P_802_2), is_mask); | |
1543 | } | |
1544 | } else if (!match->key->eth.type) { | |
1545 | OVS_NLERR(log, "Either Ethernet header or EtherType is required."); | |
1546 | return -EINVAL; | |
e6445719 PS |
1547 | } |
1548 | ||
1549 | if (attrs & (1 << OVS_KEY_ATTR_IPV4)) { | |
1550 | const struct ovs_key_ipv4 *ipv4_key; | |
1551 | ||
1552 | ipv4_key = nla_data(a[OVS_KEY_ATTR_IPV4]); | |
1553 | if (!is_mask && ipv4_key->ipv4_frag > OVS_FRAG_TYPE_MAX) { | |
05da5898 JR |
1554 | OVS_NLERR(log, "IPv4 frag type %d is out of range max %d", |
1555 | ipv4_key->ipv4_frag, OVS_FRAG_TYPE_MAX); | |
e6445719 PS |
1556 | return -EINVAL; |
1557 | } | |
1558 | SW_FLOW_KEY_PUT(match, ip.proto, | |
1559 | ipv4_key->ipv4_proto, is_mask); | |
1560 | SW_FLOW_KEY_PUT(match, ip.tos, | |
1561 | ipv4_key->ipv4_tos, is_mask); | |
1562 | SW_FLOW_KEY_PUT(match, ip.ttl, | |
1563 | ipv4_key->ipv4_ttl, is_mask); | |
1564 | SW_FLOW_KEY_PUT(match, ip.frag, | |
1565 | ipv4_key->ipv4_frag, is_mask); | |
1566 | SW_FLOW_KEY_PUT(match, ipv4.addr.src, | |
1567 | ipv4_key->ipv4_src, is_mask); | |
1568 | SW_FLOW_KEY_PUT(match, ipv4.addr.dst, | |
1569 | ipv4_key->ipv4_dst, is_mask); | |
1570 | attrs &= ~(1 << OVS_KEY_ATTR_IPV4); | |
1571 | } | |
1572 | ||
1573 | if (attrs & (1 << OVS_KEY_ATTR_IPV6)) { | |
1574 | const struct ovs_key_ipv6 *ipv6_key; | |
1575 | ||
1576 | ipv6_key = nla_data(a[OVS_KEY_ATTR_IPV6]); | |
1577 | if (!is_mask && ipv6_key->ipv6_frag > OVS_FRAG_TYPE_MAX) { | |
05da5898 JR |
1578 | OVS_NLERR(log, "IPv6 frag type %d is out of range max %d", |
1579 | ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX); | |
e6445719 PS |
1580 | return -EINVAL; |
1581 | } | |
fecaef85 | 1582 | |
d3052bb5 | 1583 | if (!is_mask && ipv6_key->ipv6_label & htonl(0xFFF00000)) { |
0ed80da5 | 1584 | OVS_NLERR(log, "IPv6 flow label %x is out of range (max=%x)", |
fecaef85 JR |
1585 | ntohl(ipv6_key->ipv6_label), (1 << 20) - 1); |
1586 | return -EINVAL; | |
1587 | } | |
1588 | ||
e6445719 PS |
1589 | SW_FLOW_KEY_PUT(match, ipv6.label, |
1590 | ipv6_key->ipv6_label, is_mask); | |
1591 | SW_FLOW_KEY_PUT(match, ip.proto, | |
1592 | ipv6_key->ipv6_proto, is_mask); | |
1593 | SW_FLOW_KEY_PUT(match, ip.tos, | |
1594 | ipv6_key->ipv6_tclass, is_mask); | |
1595 | SW_FLOW_KEY_PUT(match, ip.ttl, | |
1596 | ipv6_key->ipv6_hlimit, is_mask); | |
1597 | SW_FLOW_KEY_PUT(match, ip.frag, | |
1598 | ipv6_key->ipv6_frag, is_mask); | |
1599 | SW_FLOW_KEY_MEMCPY(match, ipv6.addr.src, | |
1600 | ipv6_key->ipv6_src, | |
1601 | sizeof(match->key->ipv6.addr.src), | |
1602 | is_mask); | |
1603 | SW_FLOW_KEY_MEMCPY(match, ipv6.addr.dst, | |
1604 | ipv6_key->ipv6_dst, | |
1605 | sizeof(match->key->ipv6.addr.dst), | |
1606 | is_mask); | |
1607 | ||
1608 | attrs &= ~(1 << OVS_KEY_ATTR_IPV6); | |
1609 | } | |
1610 | ||
1611 | if (attrs & (1 << OVS_KEY_ATTR_ARP)) { | |
1612 | const struct ovs_key_arp *arp_key; | |
1613 | ||
1614 | arp_key = nla_data(a[OVS_KEY_ATTR_ARP]); | |
1615 | if (!is_mask && (arp_key->arp_op & htons(0xff00))) { | |
05da5898 | 1616 | OVS_NLERR(log, "Unknown ARP opcode (opcode=%d).", |
e6445719 PS |
1617 | arp_key->arp_op); |
1618 | return -EINVAL; | |
1619 | } | |
1620 | ||
1621 | SW_FLOW_KEY_PUT(match, ipv4.addr.src, | |
1622 | arp_key->arp_sip, is_mask); | |
1623 | SW_FLOW_KEY_PUT(match, ipv4.addr.dst, | |
1624 | arp_key->arp_tip, is_mask); | |
1625 | SW_FLOW_KEY_PUT(match, ip.proto, | |
1626 | ntohs(arp_key->arp_op), is_mask); | |
1627 | SW_FLOW_KEY_MEMCPY(match, ipv4.arp.sha, | |
1628 | arp_key->arp_sha, ETH_ALEN, is_mask); | |
1629 | SW_FLOW_KEY_MEMCPY(match, ipv4.arp.tha, | |
1630 | arp_key->arp_tha, ETH_ALEN, is_mask); | |
1631 | ||
1632 | attrs &= ~(1 << OVS_KEY_ATTR_ARP); | |
1633 | } | |
1634 | ||
b2d0f5d5 YY |
1635 | if (attrs & (1 << OVS_KEY_ATTR_NSH)) { |
1636 | if (nsh_key_put_from_nlattr(a[OVS_KEY_ATTR_NSH], match, | |
1637 | is_mask, false, log) < 0) | |
1638 | return -EINVAL; | |
1639 | attrs &= ~(1 << OVS_KEY_ATTR_NSH); | |
1640 | } | |
1641 | ||
25cd9ba0 SH |
1642 | if (attrs & (1 << OVS_KEY_ATTR_MPLS)) { |
1643 | const struct ovs_key_mpls *mpls_key; | |
1644 | ||
1645 | mpls_key = nla_data(a[OVS_KEY_ATTR_MPLS]); | |
1646 | SW_FLOW_KEY_PUT(match, mpls.top_lse, | |
1647 | mpls_key->mpls_lse, is_mask); | |
1648 | ||
1649 | attrs &= ~(1 << OVS_KEY_ATTR_MPLS); | |
1650 | } | |
1651 | ||
e6445719 PS |
1652 | if (attrs & (1 << OVS_KEY_ATTR_TCP)) { |
1653 | const struct ovs_key_tcp *tcp_key; | |
1654 | ||
1655 | tcp_key = nla_data(a[OVS_KEY_ATTR_TCP]); | |
1139e241 JR |
1656 | SW_FLOW_KEY_PUT(match, tp.src, tcp_key->tcp_src, is_mask); |
1657 | SW_FLOW_KEY_PUT(match, tp.dst, tcp_key->tcp_dst, is_mask); | |
e6445719 PS |
1658 | attrs &= ~(1 << OVS_KEY_ATTR_TCP); |
1659 | } | |
1660 | ||
5eb26b15 | 1661 | if (attrs & (1 << OVS_KEY_ATTR_TCP_FLAGS)) { |
1b760fb9 JS |
1662 | SW_FLOW_KEY_PUT(match, tp.flags, |
1663 | nla_get_be16(a[OVS_KEY_ATTR_TCP_FLAGS]), | |
1664 | is_mask); | |
5eb26b15 JR |
1665 | attrs &= ~(1 << OVS_KEY_ATTR_TCP_FLAGS); |
1666 | } | |
1667 | ||
e6445719 PS |
1668 | if (attrs & (1 << OVS_KEY_ATTR_UDP)) { |
1669 | const struct ovs_key_udp *udp_key; | |
1670 | ||
1671 | udp_key = nla_data(a[OVS_KEY_ATTR_UDP]); | |
1139e241 JR |
1672 | SW_FLOW_KEY_PUT(match, tp.src, udp_key->udp_src, is_mask); |
1673 | SW_FLOW_KEY_PUT(match, tp.dst, udp_key->udp_dst, is_mask); | |
e6445719 PS |
1674 | attrs &= ~(1 << OVS_KEY_ATTR_UDP); |
1675 | } | |
1676 | ||
1677 | if (attrs & (1 << OVS_KEY_ATTR_SCTP)) { | |
1678 | const struct ovs_key_sctp *sctp_key; | |
1679 | ||
1680 | sctp_key = nla_data(a[OVS_KEY_ATTR_SCTP]); | |
1139e241 JR |
1681 | SW_FLOW_KEY_PUT(match, tp.src, sctp_key->sctp_src, is_mask); |
1682 | SW_FLOW_KEY_PUT(match, tp.dst, sctp_key->sctp_dst, is_mask); | |
e6445719 PS |
1683 | attrs &= ~(1 << OVS_KEY_ATTR_SCTP); |
1684 | } | |
1685 | ||
1686 | if (attrs & (1 << OVS_KEY_ATTR_ICMP)) { | |
1687 | const struct ovs_key_icmp *icmp_key; | |
1688 | ||
1689 | icmp_key = nla_data(a[OVS_KEY_ATTR_ICMP]); | |
1139e241 | 1690 | SW_FLOW_KEY_PUT(match, tp.src, |
e6445719 | 1691 | htons(icmp_key->icmp_type), is_mask); |
1139e241 | 1692 | SW_FLOW_KEY_PUT(match, tp.dst, |
e6445719 PS |
1693 | htons(icmp_key->icmp_code), is_mask); |
1694 | attrs &= ~(1 << OVS_KEY_ATTR_ICMP); | |
1695 | } | |
1696 | ||
1697 | if (attrs & (1 << OVS_KEY_ATTR_ICMPV6)) { | |
1698 | const struct ovs_key_icmpv6 *icmpv6_key; | |
1699 | ||
1700 | icmpv6_key = nla_data(a[OVS_KEY_ATTR_ICMPV6]); | |
1139e241 | 1701 | SW_FLOW_KEY_PUT(match, tp.src, |
e6445719 | 1702 | htons(icmpv6_key->icmpv6_type), is_mask); |
1139e241 | 1703 | SW_FLOW_KEY_PUT(match, tp.dst, |
e6445719 PS |
1704 | htons(icmpv6_key->icmpv6_code), is_mask); |
1705 | attrs &= ~(1 << OVS_KEY_ATTR_ICMPV6); | |
1706 | } | |
1707 | ||
1708 | if (attrs & (1 << OVS_KEY_ATTR_ND)) { | |
1709 | const struct ovs_key_nd *nd_key; | |
1710 | ||
1711 | nd_key = nla_data(a[OVS_KEY_ATTR_ND]); | |
1712 | SW_FLOW_KEY_MEMCPY(match, ipv6.nd.target, | |
1713 | nd_key->nd_target, | |
1714 | sizeof(match->key->ipv6.nd.target), | |
1715 | is_mask); | |
1716 | SW_FLOW_KEY_MEMCPY(match, ipv6.nd.sll, | |
1717 | nd_key->nd_sll, ETH_ALEN, is_mask); | |
1718 | SW_FLOW_KEY_MEMCPY(match, ipv6.nd.tll, | |
1719 | nd_key->nd_tll, ETH_ALEN, is_mask); | |
1720 | attrs &= ~(1 << OVS_KEY_ATTR_ND); | |
1721 | } | |
1722 | ||
426cda5c | 1723 | if (attrs != 0) { |
05da5898 | 1724 | OVS_NLERR(log, "Unknown key attributes %llx", |
426cda5c | 1725 | (unsigned long long)attrs); |
e6445719 | 1726 | return -EINVAL; |
426cda5c | 1727 | } |
e6445719 PS |
1728 | |
1729 | return 0; | |
1730 | } | |
1731 | ||
81bfe3c3 TG |
1732 | static void nlattr_set(struct nlattr *attr, u8 val, |
1733 | const struct ovs_len_tbl *tbl) | |
e6445719 | 1734 | { |
f47de068 PS |
1735 | struct nlattr *nla; |
1736 | int rem; | |
e6445719 | 1737 | |
f47de068 PS |
1738 | /* The nlattr stream should already have been validated */ |
1739 | nla_for_each_nested(nla, attr, rem) { | |
72f17baf SB |
1740 | if (tbl[nla_type(nla)].len == OVS_ATTR_NESTED) |
1741 | nlattr_set(nla, val, tbl[nla_type(nla)].next ? : tbl); | |
1742 | else | |
f47de068 | 1743 | memset(nla_data(nla), val, nla_len(nla)); |
9e384715 JS |
1744 | |
1745 | if (nla_type(nla) == OVS_KEY_ATTR_CT_STATE) | |
1746 | *(u32 *)nla_data(nla) &= CT_SUPPORTED_MASK; | |
f47de068 PS |
1747 | } |
1748 | } | |
1749 | ||
1750 | static void mask_set_nlattr(struct nlattr *attr, u8 val) | |
1751 | { | |
81bfe3c3 | 1752 | nlattr_set(attr, val, ovs_key_lens); |
e6445719 PS |
1753 | } |
1754 | ||
1755 | /** | |
1756 | * ovs_nla_get_match - parses Netlink attributes into a flow key and | |
1757 | * mask. In case the 'mask' is NULL, the flow is treated as exact match | |
1758 | * flow. Otherwise, it is treated as a wildcarded flow, except the mask | |
1759 | * does not include any don't care bit. | |
c2ac6673 | 1760 | * @net: Used to determine per-namespace field support. |
e6445719 PS |
1761 | * @match: receives the extracted flow match information. |
1762 | * @key: Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink attribute | |
1763 | * sequence. The fields should of the packet that triggered the creation | |
1764 | * of this flow. | |
1765 | * @mask: Optional. Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink | |
1766 | * attribute specifies the mask field of the wildcarded flow. | |
05da5898 JR |
1767 | * @log: Boolean to allow kernel error logging. Normally true, but when |
1768 | * probing for feature compatibility this should be passed in as false to | |
1769 | * suppress unnecessary error logging. | |
e6445719 | 1770 | */ |
c2ac6673 | 1771 | int ovs_nla_get_match(struct net *net, struct sw_flow_match *match, |
a85311bf | 1772 | const struct nlattr *nla_key, |
05da5898 JR |
1773 | const struct nlattr *nla_mask, |
1774 | bool log) | |
e6445719 PS |
1775 | { |
1776 | const struct nlattr *a[OVS_KEY_ATTR_MAX + 1]; | |
f47de068 | 1777 | struct nlattr *newmask = NULL; |
e6445719 PS |
1778 | u64 key_attrs = 0; |
1779 | u64 mask_attrs = 0; | |
e6445719 PS |
1780 | int err; |
1781 | ||
05da5898 | 1782 | err = parse_flow_nlattrs(nla_key, a, &key_attrs, log); |
e6445719 PS |
1783 | if (err) |
1784 | return err; | |
1785 | ||
018c1dda EG |
1786 | err = parse_vlan_from_nlattrs(match, &key_attrs, a, false, log); |
1787 | if (err) | |
1788 | return err; | |
e6445719 | 1789 | |
c2ac6673 | 1790 | err = ovs_key_from_nlattrs(net, match, key_attrs, a, false, log); |
e6445719 PS |
1791 | if (err) |
1792 | return err; | |
1793 | ||
a85311bf PS |
1794 | if (match->mask) { |
1795 | if (!nla_mask) { | |
1796 | /* Create an exact match mask. We need to set to 0xff | |
1797 | * all the 'match->mask' fields that have been touched | |
1798 | * in 'match->key'. We cannot simply memset | |
1799 | * 'match->mask', because padding bytes and fields not | |
1800 | * specified in 'match->key' should be left to 0. | |
1801 | * Instead, we use a stream of netlink attributes, | |
1802 | * copied from 'key' and set to 0xff. | |
1803 | * ovs_key_from_nlattrs() will take care of filling | |
1804 | * 'match->mask' appropriately. | |
1805 | */ | |
1806 | newmask = kmemdup(nla_key, | |
1807 | nla_total_size(nla_len(nla_key)), | |
1808 | GFP_KERNEL); | |
1809 | if (!newmask) | |
1810 | return -ENOMEM; | |
f47de068 | 1811 | |
a85311bf | 1812 | mask_set_nlattr(newmask, 0xff); |
f47de068 | 1813 | |
a85311bf PS |
1814 | /* The userspace does not send tunnel attributes that |
1815 | * are 0, but we should not wildcard them nonetheless. | |
1816 | */ | |
00a93bab | 1817 | if (match->key->tun_proto) |
a85311bf PS |
1818 | SW_FLOW_KEY_MEMSET_FIELD(match, tun_key, |
1819 | 0xff, true); | |
f47de068 | 1820 | |
a85311bf PS |
1821 | nla_mask = newmask; |
1822 | } | |
f47de068 | 1823 | |
05da5898 | 1824 | err = parse_flow_mask_nlattrs(nla_mask, a, &mask_attrs, log); |
e6445719 | 1825 | if (err) |
f47de068 | 1826 | goto free_newmask; |
e6445719 | 1827 | |
a85311bf | 1828 | /* Always match on tci. */ |
018c1dda EG |
1829 | SW_FLOW_KEY_PUT(match, eth.vlan.tci, htons(0xffff), true); |
1830 | SW_FLOW_KEY_PUT(match, eth.cvlan.tci, htons(0xffff), true); | |
e6445719 | 1831 | |
018c1dda EG |
1832 | err = parse_vlan_from_nlattrs(match, &mask_attrs, a, true, log); |
1833 | if (err) | |
1834 | goto free_newmask; | |
e6445719 | 1835 | |
c2ac6673 JS |
1836 | err = ovs_key_from_nlattrs(net, match, mask_attrs, a, true, |
1837 | log); | |
e6445719 | 1838 | if (err) |
f47de068 | 1839 | goto free_newmask; |
e6445719 PS |
1840 | } |
1841 | ||
05da5898 | 1842 | if (!match_validate(match, key_attrs, mask_attrs, log)) |
f47de068 | 1843 | err = -EINVAL; |
e6445719 | 1844 | |
f47de068 PS |
1845 | free_newmask: |
1846 | kfree(newmask); | |
1847 | return err; | |
e6445719 PS |
1848 | } |
1849 | ||
74ed7ab9 JS |
1850 | static size_t get_ufid_len(const struct nlattr *attr, bool log) |
1851 | { | |
1852 | size_t len; | |
1853 | ||
1854 | if (!attr) | |
1855 | return 0; | |
1856 | ||
1857 | len = nla_len(attr); | |
1858 | if (len < 1 || len > MAX_UFID_LENGTH) { | |
1859 | OVS_NLERR(log, "ufid size %u bytes exceeds the range (1, %d)", | |
1860 | nla_len(attr), MAX_UFID_LENGTH); | |
1861 | return 0; | |
1862 | } | |
1863 | ||
1864 | return len; | |
1865 | } | |
1866 | ||
1867 | /* Initializes 'flow->ufid', returning true if 'attr' contains a valid UFID, | |
1868 | * or false otherwise. | |
1869 | */ | |
1870 | bool ovs_nla_get_ufid(struct sw_flow_id *sfid, const struct nlattr *attr, | |
1871 | bool log) | |
1872 | { | |
1873 | sfid->ufid_len = get_ufid_len(attr, log); | |
1874 | if (sfid->ufid_len) | |
1875 | memcpy(sfid->ufid, nla_data(attr), sfid->ufid_len); | |
1876 | ||
1877 | return sfid->ufid_len; | |
1878 | } | |
1879 | ||
1880 | int ovs_nla_get_identifier(struct sw_flow_id *sfid, const struct nlattr *ufid, | |
1881 | const struct sw_flow_key *key, bool log) | |
1882 | { | |
1883 | struct sw_flow_key *new_key; | |
1884 | ||
1885 | if (ovs_nla_get_ufid(sfid, ufid, log)) | |
1886 | return 0; | |
1887 | ||
1888 | /* If UFID was not provided, use unmasked key. */ | |
1889 | new_key = kmalloc(sizeof(*new_key), GFP_KERNEL); | |
1890 | if (!new_key) | |
1891 | return -ENOMEM; | |
1892 | memcpy(new_key, key, sizeof(*key)); | |
1893 | sfid->unmasked_key = new_key; | |
1894 | ||
1895 | return 0; | |
1896 | } | |
1897 | ||
1898 | u32 ovs_nla_get_ufid_flags(const struct nlattr *attr) | |
1899 | { | |
1900 | return attr ? nla_get_u32(attr) : 0; | |
1901 | } | |
1902 | ||
e6445719 PS |
1903 | /** |
1904 | * ovs_nla_get_flow_metadata - parses Netlink attributes into a flow key. | |
9dd7f890 JR |
1905 | * @net: Network namespace. |
1906 | * @key: Receives extracted in_port, priority, tun_key, skb_mark and conntrack | |
1907 | * metadata. | |
1908 | * @a: Array of netlink attributes holding parsed %OVS_KEY_ATTR_* Netlink | |
1909 | * attributes. | |
1910 | * @attrs: Bit mask for the netlink attributes included in @a. | |
05da5898 JR |
1911 | * @log: Boolean to allow kernel error logging. Normally true, but when |
1912 | * probing for feature compatibility this should be passed in as false to | |
1913 | * suppress unnecessary error logging. | |
e6445719 PS |
1914 | * |
1915 | * This parses a series of Netlink attributes that form a flow key, which must | |
1916 | * take the same form accepted by flow_from_nlattrs(), but only enough of it to | |
1917 | * get the metadata, that is, the parts of the flow key that cannot be | |
1918 | * extracted from the packet itself. | |
9dd7f890 JR |
1919 | * |
1920 | * This must be called before the packet key fields are filled in 'key'. | |
e6445719 PS |
1921 | */ |
1922 | ||
9dd7f890 JR |
1923 | int ovs_nla_get_flow_metadata(struct net *net, |
1924 | const struct nlattr *a[OVS_KEY_ATTR_MAX + 1], | |
1925 | u64 attrs, struct sw_flow_key *key, bool log) | |
e6445719 | 1926 | { |
83c8df26 | 1927 | struct sw_flow_match match; |
e6445719 PS |
1928 | |
1929 | memset(&match, 0, sizeof(match)); | |
83c8df26 | 1930 | match.key = key; |
e6445719 | 1931 | |
316d4d78 JR |
1932 | key->ct_state = 0; |
1933 | key->ct_zone = 0; | |
1934 | key->ct_orig_proto = 0; | |
7f8a436e | 1935 | memset(&key->ct, 0, sizeof(key->ct)); |
9dd7f890 JR |
1936 | memset(&key->ipv4.ct_orig, 0, sizeof(key->ipv4.ct_orig)); |
1937 | memset(&key->ipv6.ct_orig, 0, sizeof(key->ipv6.ct_orig)); | |
1938 | ||
83c8df26 | 1939 | key->phy.in_port = DP_MAX_PORTS; |
e6445719 | 1940 | |
c2ac6673 | 1941 | return metadata_from_nlattrs(net, &match, &attrs, a, false, log); |
e6445719 PS |
1942 | } |
1943 | ||
018c1dda EG |
1944 | static int ovs_nla_put_vlan(struct sk_buff *skb, const struct vlan_head *vh, |
1945 | bool is_mask) | |
1946 | { | |
1947 | __be16 eth_type = !is_mask ? vh->tpid : htons(0xffff); | |
1948 | ||
1949 | if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, eth_type) || | |
1950 | nla_put_be16(skb, OVS_KEY_ATTR_VLAN, vh->tci)) | |
1951 | return -EMSGSIZE; | |
1952 | return 0; | |
1953 | } | |
1954 | ||
b2d0f5d5 YY |
1955 | static int nsh_key_to_nlattr(const struct ovs_key_nsh *nsh, bool is_mask, |
1956 | struct sk_buff *skb) | |
1957 | { | |
1958 | struct nlattr *start; | |
1959 | ||
ae0be8de | 1960 | start = nla_nest_start_noflag(skb, OVS_KEY_ATTR_NSH); |
b2d0f5d5 YY |
1961 | if (!start) |
1962 | return -EMSGSIZE; | |
1963 | ||
1964 | if (nla_put(skb, OVS_NSH_KEY_ATTR_BASE, sizeof(nsh->base), &nsh->base)) | |
1965 | goto nla_put_failure; | |
1966 | ||
1967 | if (is_mask || nsh->base.mdtype == NSH_M_TYPE1) { | |
1968 | if (nla_put(skb, OVS_NSH_KEY_ATTR_MD1, | |
1969 | sizeof(nsh->context), nsh->context)) | |
1970 | goto nla_put_failure; | |
1971 | } | |
1972 | ||
1973 | /* Don't support MD type 2 yet */ | |
1974 | ||
1975 | nla_nest_end(skb, start); | |
1976 | ||
1977 | return 0; | |
1978 | ||
1979 | nla_put_failure: | |
1980 | return -EMSGSIZE; | |
1981 | } | |
1982 | ||
5b4237bb JS |
1983 | static int __ovs_nla_put_key(const struct sw_flow_key *swkey, |
1984 | const struct sw_flow_key *output, bool is_mask, | |
1985 | struct sk_buff *skb) | |
e6445719 PS |
1986 | { |
1987 | struct ovs_key_ethernet *eth_key; | |
018c1dda EG |
1988 | struct nlattr *nla; |
1989 | struct nlattr *encap = NULL; | |
1990 | struct nlattr *in_encap = NULL; | |
e6445719 | 1991 | |
971427f3 AZ |
1992 | if (nla_put_u32(skb, OVS_KEY_ATTR_RECIRC_ID, output->recirc_id)) |
1993 | goto nla_put_failure; | |
1994 | ||
1995 | if (nla_put_u32(skb, OVS_KEY_ATTR_DP_HASH, output->ovs_flow_hash)) | |
1996 | goto nla_put_failure; | |
1997 | ||
e6445719 PS |
1998 | if (nla_put_u32(skb, OVS_KEY_ATTR_PRIORITY, output->phy.priority)) |
1999 | goto nla_put_failure; | |
2000 | ||
00a93bab | 2001 | if ((swkey->tun_proto || is_mask)) { |
d91641d9 | 2002 | const void *opts = NULL; |
f5796684 JG |
2003 | |
2004 | if (output->tun_key.tun_flags & TUNNEL_OPTIONS_PRESENT) | |
d91641d9 | 2005 | opts = TUN_METADATA_OPTS(output, swkey->tun_opts_len); |
f5796684 | 2006 | |
6b26ba3a | 2007 | if (ip_tun_to_nlattr(skb, &output->tun_key, opts, |
18b6f717 | 2008 | swkey->tun_opts_len, swkey->tun_proto, 0)) |
f5796684 JG |
2009 | goto nla_put_failure; |
2010 | } | |
e6445719 PS |
2011 | |
2012 | if (swkey->phy.in_port == DP_MAX_PORTS) { | |
2013 | if (is_mask && (output->phy.in_port == 0xffff)) | |
2014 | if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT, 0xffffffff)) | |
2015 | goto nla_put_failure; | |
2016 | } else { | |
2017 | u16 upper_u16; | |
2018 | upper_u16 = !is_mask ? 0 : 0xffff; | |
2019 | ||
2020 | if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT, | |
2021 | (upper_u16 << 16) | output->phy.in_port)) | |
2022 | goto nla_put_failure; | |
2023 | } | |
2024 | ||
2025 | if (nla_put_u32(skb, OVS_KEY_ATTR_SKB_MARK, output->phy.skb_mark)) | |
2026 | goto nla_put_failure; | |
2027 | ||
9dd7f890 | 2028 | if (ovs_ct_put_key(swkey, output, skb)) |
7f8a436e JS |
2029 | goto nla_put_failure; |
2030 | ||
0a6410fb JB |
2031 | if (ovs_key_mac_proto(swkey) == MAC_PROTO_ETHERNET) { |
2032 | nla = nla_reserve(skb, OVS_KEY_ATTR_ETHERNET, sizeof(*eth_key)); | |
2033 | if (!nla) | |
e6445719 | 2034 | goto nla_put_failure; |
018c1dda | 2035 | |
0a6410fb JB |
2036 | eth_key = nla_data(nla); |
2037 | ether_addr_copy(eth_key->eth_src, output->eth.src); | |
2038 | ether_addr_copy(eth_key->eth_dst, output->eth.dst); | |
2039 | ||
2040 | if (swkey->eth.vlan.tci || eth_type_vlan(swkey->eth.type)) { | |
2041 | if (ovs_nla_put_vlan(skb, &output->eth.vlan, is_mask)) | |
018c1dda | 2042 | goto nla_put_failure; |
ae0be8de | 2043 | encap = nla_nest_start_noflag(skb, OVS_KEY_ATTR_ENCAP); |
0a6410fb | 2044 | if (!swkey->eth.vlan.tci) |
018c1dda | 2045 | goto unencap; |
0a6410fb JB |
2046 | |
2047 | if (swkey->eth.cvlan.tci || eth_type_vlan(swkey->eth.type)) { | |
2048 | if (ovs_nla_put_vlan(skb, &output->eth.cvlan, is_mask)) | |
2049 | goto nla_put_failure; | |
ae0be8de MK |
2050 | in_encap = nla_nest_start_noflag(skb, |
2051 | OVS_KEY_ATTR_ENCAP); | |
0a6410fb JB |
2052 | if (!swkey->eth.cvlan.tci) |
2053 | goto unencap; | |
2054 | } | |
018c1dda | 2055 | } |
e6445719 | 2056 | |
0a6410fb JB |
2057 | if (swkey->eth.type == htons(ETH_P_802_2)) { |
2058 | /* | |
2059 | * Ethertype 802.2 is represented in the netlink with omitted | |
2060 | * OVS_KEY_ATTR_ETHERTYPE in the flow key attribute, and | |
2061 | * 0xffff in the mask attribute. Ethertype can also | |
2062 | * be wildcarded. | |
2063 | */ | |
2064 | if (is_mask && output->eth.type) | |
2065 | if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, | |
2066 | output->eth.type)) | |
2067 | goto nla_put_failure; | |
2068 | goto unencap; | |
2069 | } | |
e6445719 PS |
2070 | } |
2071 | ||
2072 | if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, output->eth.type)) | |
2073 | goto nla_put_failure; | |
2074 | ||
018c1dda EG |
2075 | if (eth_type_vlan(swkey->eth.type)) { |
2076 | /* There are 3 VLAN tags, we don't know anything about the rest | |
2077 | * of the packet, so truncate here. | |
2078 | */ | |
2079 | WARN_ON_ONCE(!(encap && in_encap)); | |
2080 | goto unencap; | |
2081 | } | |
2082 | ||
e6445719 PS |
2083 | if (swkey->eth.type == htons(ETH_P_IP)) { |
2084 | struct ovs_key_ipv4 *ipv4_key; | |
2085 | ||
2086 | nla = nla_reserve(skb, OVS_KEY_ATTR_IPV4, sizeof(*ipv4_key)); | |
2087 | if (!nla) | |
2088 | goto nla_put_failure; | |
2089 | ipv4_key = nla_data(nla); | |
2090 | ipv4_key->ipv4_src = output->ipv4.addr.src; | |
2091 | ipv4_key->ipv4_dst = output->ipv4.addr.dst; | |
2092 | ipv4_key->ipv4_proto = output->ip.proto; | |
2093 | ipv4_key->ipv4_tos = output->ip.tos; | |
2094 | ipv4_key->ipv4_ttl = output->ip.ttl; | |
2095 | ipv4_key->ipv4_frag = output->ip.frag; | |
2096 | } else if (swkey->eth.type == htons(ETH_P_IPV6)) { | |
2097 | struct ovs_key_ipv6 *ipv6_key; | |
2098 | ||
2099 | nla = nla_reserve(skb, OVS_KEY_ATTR_IPV6, sizeof(*ipv6_key)); | |
2100 | if (!nla) | |
2101 | goto nla_put_failure; | |
2102 | ipv6_key = nla_data(nla); | |
2103 | memcpy(ipv6_key->ipv6_src, &output->ipv6.addr.src, | |
2104 | sizeof(ipv6_key->ipv6_src)); | |
2105 | memcpy(ipv6_key->ipv6_dst, &output->ipv6.addr.dst, | |
2106 | sizeof(ipv6_key->ipv6_dst)); | |
2107 | ipv6_key->ipv6_label = output->ipv6.label; | |
2108 | ipv6_key->ipv6_proto = output->ip.proto; | |
2109 | ipv6_key->ipv6_tclass = output->ip.tos; | |
2110 | ipv6_key->ipv6_hlimit = output->ip.ttl; | |
2111 | ipv6_key->ipv6_frag = output->ip.frag; | |
b2d0f5d5 YY |
2112 | } else if (swkey->eth.type == htons(ETH_P_NSH)) { |
2113 | if (nsh_key_to_nlattr(&output->nsh, is_mask, skb)) | |
2114 | goto nla_put_failure; | |
e6445719 PS |
2115 | } else if (swkey->eth.type == htons(ETH_P_ARP) || |
2116 | swkey->eth.type == htons(ETH_P_RARP)) { | |
2117 | struct ovs_key_arp *arp_key; | |
2118 | ||
2119 | nla = nla_reserve(skb, OVS_KEY_ATTR_ARP, sizeof(*arp_key)); | |
2120 | if (!nla) | |
2121 | goto nla_put_failure; | |
2122 | arp_key = nla_data(nla); | |
2123 | memset(arp_key, 0, sizeof(struct ovs_key_arp)); | |
2124 | arp_key->arp_sip = output->ipv4.addr.src; | |
2125 | arp_key->arp_tip = output->ipv4.addr.dst; | |
2126 | arp_key->arp_op = htons(output->ip.proto); | |
8c63ff09 JP |
2127 | ether_addr_copy(arp_key->arp_sha, output->ipv4.arp.sha); |
2128 | ether_addr_copy(arp_key->arp_tha, output->ipv4.arp.tha); | |
25cd9ba0 SH |
2129 | } else if (eth_p_mpls(swkey->eth.type)) { |
2130 | struct ovs_key_mpls *mpls_key; | |
2131 | ||
2132 | nla = nla_reserve(skb, OVS_KEY_ATTR_MPLS, sizeof(*mpls_key)); | |
2133 | if (!nla) | |
2134 | goto nla_put_failure; | |
2135 | mpls_key = nla_data(nla); | |
2136 | mpls_key->mpls_lse = output->mpls.top_lse; | |
e6445719 PS |
2137 | } |
2138 | ||
2139 | if ((swkey->eth.type == htons(ETH_P_IP) || | |
2140 | swkey->eth.type == htons(ETH_P_IPV6)) && | |
2141 | swkey->ip.frag != OVS_FRAG_TYPE_LATER) { | |
2142 | ||
2143 | if (swkey->ip.proto == IPPROTO_TCP) { | |
2144 | struct ovs_key_tcp *tcp_key; | |
2145 | ||
2146 | nla = nla_reserve(skb, OVS_KEY_ATTR_TCP, sizeof(*tcp_key)); | |
2147 | if (!nla) | |
2148 | goto nla_put_failure; | |
2149 | tcp_key = nla_data(nla); | |
1139e241 JR |
2150 | tcp_key->tcp_src = output->tp.src; |
2151 | tcp_key->tcp_dst = output->tp.dst; | |
2152 | if (nla_put_be16(skb, OVS_KEY_ATTR_TCP_FLAGS, | |
2153 | output->tp.flags)) | |
2154 | goto nla_put_failure; | |
e6445719 PS |
2155 | } else if (swkey->ip.proto == IPPROTO_UDP) { |
2156 | struct ovs_key_udp *udp_key; | |
2157 | ||
2158 | nla = nla_reserve(skb, OVS_KEY_ATTR_UDP, sizeof(*udp_key)); | |
2159 | if (!nla) | |
2160 | goto nla_put_failure; | |
2161 | udp_key = nla_data(nla); | |
1139e241 JR |
2162 | udp_key->udp_src = output->tp.src; |
2163 | udp_key->udp_dst = output->tp.dst; | |
e6445719 PS |
2164 | } else if (swkey->ip.proto == IPPROTO_SCTP) { |
2165 | struct ovs_key_sctp *sctp_key; | |
2166 | ||
2167 | nla = nla_reserve(skb, OVS_KEY_ATTR_SCTP, sizeof(*sctp_key)); | |
2168 | if (!nla) | |
2169 | goto nla_put_failure; | |
2170 | sctp_key = nla_data(nla); | |
1139e241 JR |
2171 | sctp_key->sctp_src = output->tp.src; |
2172 | sctp_key->sctp_dst = output->tp.dst; | |
e6445719 PS |
2173 | } else if (swkey->eth.type == htons(ETH_P_IP) && |
2174 | swkey->ip.proto == IPPROTO_ICMP) { | |
2175 | struct ovs_key_icmp *icmp_key; | |
2176 | ||
2177 | nla = nla_reserve(skb, OVS_KEY_ATTR_ICMP, sizeof(*icmp_key)); | |
2178 | if (!nla) | |
2179 | goto nla_put_failure; | |
2180 | icmp_key = nla_data(nla); | |
1139e241 JR |
2181 | icmp_key->icmp_type = ntohs(output->tp.src); |
2182 | icmp_key->icmp_code = ntohs(output->tp.dst); | |
e6445719 PS |
2183 | } else if (swkey->eth.type == htons(ETH_P_IPV6) && |
2184 | swkey->ip.proto == IPPROTO_ICMPV6) { | |
2185 | struct ovs_key_icmpv6 *icmpv6_key; | |
2186 | ||
2187 | nla = nla_reserve(skb, OVS_KEY_ATTR_ICMPV6, | |
2188 | sizeof(*icmpv6_key)); | |
2189 | if (!nla) | |
2190 | goto nla_put_failure; | |
2191 | icmpv6_key = nla_data(nla); | |
1139e241 JR |
2192 | icmpv6_key->icmpv6_type = ntohs(output->tp.src); |
2193 | icmpv6_key->icmpv6_code = ntohs(output->tp.dst); | |
e6445719 PS |
2194 | |
2195 | if (icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_SOLICITATION || | |
2196 | icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_ADVERTISEMENT) { | |
2197 | struct ovs_key_nd *nd_key; | |
2198 | ||
2199 | nla = nla_reserve(skb, OVS_KEY_ATTR_ND, sizeof(*nd_key)); | |
2200 | if (!nla) | |
2201 | goto nla_put_failure; | |
2202 | nd_key = nla_data(nla); | |
2203 | memcpy(nd_key->nd_target, &output->ipv6.nd.target, | |
2204 | sizeof(nd_key->nd_target)); | |
8c63ff09 JP |
2205 | ether_addr_copy(nd_key->nd_sll, output->ipv6.nd.sll); |
2206 | ether_addr_copy(nd_key->nd_tll, output->ipv6.nd.tll); | |
e6445719 PS |
2207 | } |
2208 | } | |
2209 | } | |
2210 | ||
2211 | unencap: | |
018c1dda EG |
2212 | if (in_encap) |
2213 | nla_nest_end(skb, in_encap); | |
e6445719 PS |
2214 | if (encap) |
2215 | nla_nest_end(skb, encap); | |
2216 | ||
2217 | return 0; | |
2218 | ||
2219 | nla_put_failure: | |
2220 | return -EMSGSIZE; | |
2221 | } | |
2222 | ||
5b4237bb JS |
2223 | int ovs_nla_put_key(const struct sw_flow_key *swkey, |
2224 | const struct sw_flow_key *output, int attr, bool is_mask, | |
2225 | struct sk_buff *skb) | |
2226 | { | |
2227 | int err; | |
2228 | struct nlattr *nla; | |
2229 | ||
ae0be8de | 2230 | nla = nla_nest_start_noflag(skb, attr); |
5b4237bb JS |
2231 | if (!nla) |
2232 | return -EMSGSIZE; | |
2233 | err = __ovs_nla_put_key(swkey, output, is_mask, skb); | |
2234 | if (err) | |
2235 | return err; | |
2236 | nla_nest_end(skb, nla); | |
2237 | ||
2238 | return 0; | |
2239 | } | |
2240 | ||
2241 | /* Called with ovs_mutex or RCU read lock. */ | |
74ed7ab9 JS |
2242 | int ovs_nla_put_identifier(const struct sw_flow *flow, struct sk_buff *skb) |
2243 | { | |
2244 | if (ovs_identifier_is_ufid(&flow->id)) | |
2245 | return nla_put(skb, OVS_FLOW_ATTR_UFID, flow->id.ufid_len, | |
2246 | flow->id.ufid); | |
2247 | ||
2248 | return ovs_nla_put_key(flow->id.unmasked_key, flow->id.unmasked_key, | |
2249 | OVS_FLOW_ATTR_KEY, false, skb); | |
2250 | } | |
2251 | ||
2252 | /* Called with ovs_mutex or RCU read lock. */ | |
2253 | int ovs_nla_put_masked_key(const struct sw_flow *flow, struct sk_buff *skb) | |
5b4237bb | 2254 | { |
26ad0b83 | 2255 | return ovs_nla_put_key(&flow->key, &flow->key, |
5b4237bb JS |
2256 | OVS_FLOW_ATTR_KEY, false, skb); |
2257 | } | |
2258 | ||
2259 | /* Called with ovs_mutex or RCU read lock. */ | |
2260 | int ovs_nla_put_mask(const struct sw_flow *flow, struct sk_buff *skb) | |
2261 | { | |
2262 | return ovs_nla_put_key(&flow->key, &flow->mask->key, | |
2263 | OVS_FLOW_ATTR_MASK, true, skb); | |
2264 | } | |
2265 | ||
e6445719 PS |
2266 | #define MAX_ACTIONS_BUFSIZE (32 * 1024) |
2267 | ||
67c8d22a | 2268 | static struct sw_flow_actions *nla_alloc_flow_actions(int size) |
e6445719 PS |
2269 | { |
2270 | struct sw_flow_actions *sfa; | |
2271 | ||
67c8d22a | 2272 | WARN_ON_ONCE(size > MAX_ACTIONS_BUFSIZE); |
e6445719 PS |
2273 | |
2274 | sfa = kmalloc(sizeof(*sfa) + size, GFP_KERNEL); | |
2275 | if (!sfa) | |
2276 | return ERR_PTR(-ENOMEM); | |
2277 | ||
2278 | sfa->actions_len = 0; | |
2279 | return sfa; | |
2280 | } | |
2281 | ||
34ae932a TG |
2282 | static void ovs_nla_free_set_action(const struct nlattr *a) |
2283 | { | |
2284 | const struct nlattr *ovs_key = nla_data(a); | |
2285 | struct ovs_tunnel_info *ovs_tun; | |
2286 | ||
2287 | switch (nla_type(ovs_key)) { | |
2288 | case OVS_KEY_ATTR_TUNNEL_INFO: | |
2289 | ovs_tun = nla_data(ovs_key); | |
2290 | dst_release((struct dst_entry *)ovs_tun->tun_dst); | |
2291 | break; | |
2292 | } | |
2293 | } | |
2294 | ||
2295 | void ovs_nla_free_flow_actions(struct sw_flow_actions *sf_acts) | |
2296 | { | |
2297 | const struct nlattr *a; | |
2298 | int rem; | |
2299 | ||
2300 | if (!sf_acts) | |
2301 | return; | |
2302 | ||
2303 | nla_for_each_attr(a, sf_acts->actions, sf_acts->actions_len, rem) { | |
2304 | switch (nla_type(a)) { | |
2305 | case OVS_ACTION_ATTR_SET: | |
2306 | ovs_nla_free_set_action(a); | |
2307 | break; | |
7f8a436e JS |
2308 | case OVS_ACTION_ATTR_CT: |
2309 | ovs_ct_free_action(a); | |
2310 | break; | |
34ae932a TG |
2311 | } |
2312 | } | |
2313 | ||
2314 | kfree(sf_acts); | |
2315 | } | |
2316 | ||
2317 | static void __ovs_nla_free_flow_actions(struct rcu_head *head) | |
2318 | { | |
2319 | ovs_nla_free_flow_actions(container_of(head, struct sw_flow_actions, rcu)); | |
2320 | } | |
2321 | ||
e6445719 PS |
2322 | /* Schedules 'sf_acts' to be freed after the next RCU grace period. |
2323 | * The caller must hold rcu_read_lock for this to be sensible. */ | |
34ae932a | 2324 | void ovs_nla_free_flow_actions_rcu(struct sw_flow_actions *sf_acts) |
e6445719 | 2325 | { |
34ae932a | 2326 | call_rcu(&sf_acts->rcu, __ovs_nla_free_flow_actions); |
e6445719 PS |
2327 | } |
2328 | ||
2329 | static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, | |
05da5898 | 2330 | int attr_len, bool log) |
e6445719 PS |
2331 | { |
2332 | ||
2333 | struct sw_flow_actions *acts; | |
2334 | int new_acts_size; | |
f28cd2af | 2335 | size_t req_size = NLA_ALIGN(attr_len); |
e6445719 PS |
2336 | int next_offset = offsetof(struct sw_flow_actions, actions) + |
2337 | (*sfa)->actions_len; | |
2338 | ||
2339 | if (req_size <= (ksize(*sfa) - next_offset)) | |
2340 | goto out; | |
2341 | ||
f28cd2af | 2342 | new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2); |
e6445719 PS |
2343 | |
2344 | if (new_acts_size > MAX_ACTIONS_BUFSIZE) { | |
67c8d22a | 2345 | if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) { |
2346 | OVS_NLERR(log, "Flow action size exceeds max %u", | |
2347 | MAX_ACTIONS_BUFSIZE); | |
e6445719 | 2348 | return ERR_PTR(-EMSGSIZE); |
67c8d22a | 2349 | } |
e6445719 PS |
2350 | new_acts_size = MAX_ACTIONS_BUFSIZE; |
2351 | } | |
2352 | ||
67c8d22a | 2353 | acts = nla_alloc_flow_actions(new_acts_size); |
e6445719 PS |
2354 | if (IS_ERR(acts)) |
2355 | return (void *)acts; | |
2356 | ||
2357 | memcpy(acts->actions, (*sfa)->actions, (*sfa)->actions_len); | |
2358 | acts->actions_len = (*sfa)->actions_len; | |
8e2fed1c | 2359 | acts->orig_len = (*sfa)->orig_len; |
e6445719 PS |
2360 | kfree(*sfa); |
2361 | *sfa = acts; | |
2362 | ||
2363 | out: | |
2364 | (*sfa)->actions_len += req_size; | |
2365 | return (struct nlattr *) ((unsigned char *)(*sfa) + next_offset); | |
2366 | } | |
2367 | ||
f0b128c1 | 2368 | static struct nlattr *__add_action(struct sw_flow_actions **sfa, |
05da5898 | 2369 | int attrtype, void *data, int len, bool log) |
e6445719 PS |
2370 | { |
2371 | struct nlattr *a; | |
2372 | ||
05da5898 | 2373 | a = reserve_sfa_size(sfa, nla_attr_size(len), log); |
e6445719 | 2374 | if (IS_ERR(a)) |
f0b128c1 | 2375 | return a; |
e6445719 PS |
2376 | |
2377 | a->nla_type = attrtype; | |
2378 | a->nla_len = nla_attr_size(len); | |
2379 | ||
2380 | if (data) | |
2381 | memcpy(nla_data(a), data, len); | |
2382 | memset((unsigned char *) a + a->nla_len, 0, nla_padlen(len)); | |
2383 | ||
f0b128c1 JG |
2384 | return a; |
2385 | } | |
2386 | ||
7f8a436e JS |
2387 | int ovs_nla_add_action(struct sw_flow_actions **sfa, int attrtype, void *data, |
2388 | int len, bool log) | |
f0b128c1 JG |
2389 | { |
2390 | struct nlattr *a; | |
2391 | ||
05da5898 | 2392 | a = __add_action(sfa, attrtype, data, len, log); |
f0b128c1 | 2393 | |
f35423c1 | 2394 | return PTR_ERR_OR_ZERO(a); |
e6445719 PS |
2395 | } |
2396 | ||
2397 | static inline int add_nested_action_start(struct sw_flow_actions **sfa, | |
05da5898 | 2398 | int attrtype, bool log) |
e6445719 PS |
2399 | { |
2400 | int used = (*sfa)->actions_len; | |
2401 | int err; | |
2402 | ||
7f8a436e | 2403 | err = ovs_nla_add_action(sfa, attrtype, NULL, 0, log); |
e6445719 PS |
2404 | if (err) |
2405 | return err; | |
2406 | ||
2407 | return used; | |
2408 | } | |
2409 | ||
2410 | static inline void add_nested_action_end(struct sw_flow_actions *sfa, | |
2411 | int st_offset) | |
2412 | { | |
2413 | struct nlattr *a = (struct nlattr *) ((unsigned char *)sfa->actions + | |
2414 | st_offset); | |
2415 | ||
2416 | a->nla_len = sfa->actions_len - st_offset; | |
2417 | } | |
2418 | ||
7f8a436e | 2419 | static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, |
25cd9ba0 | 2420 | const struct sw_flow_key *key, |
798c1661 | 2421 | struct sw_flow_actions **sfa, |
05da5898 | 2422 | __be16 eth_type, __be16 vlan_tci, bool log); |
25cd9ba0 | 2423 | |
7f8a436e | 2424 | static int validate_and_copy_sample(struct net *net, const struct nlattr *attr, |
798c1661 | 2425 | const struct sw_flow_key *key, |
25cd9ba0 | 2426 | struct sw_flow_actions **sfa, |
798c1661 | 2427 | __be16 eth_type, __be16 vlan_tci, |
2428 | bool log, bool last) | |
e6445719 PS |
2429 | { |
2430 | const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1]; | |
2431 | const struct nlattr *probability, *actions; | |
2432 | const struct nlattr *a; | |
798c1661 | 2433 | int rem, start, err; |
2434 | struct sample_arg arg; | |
e6445719 PS |
2435 | |
2436 | memset(attrs, 0, sizeof(attrs)); | |
2437 | nla_for_each_nested(a, attr, rem) { | |
2438 | int type = nla_type(a); | |
2439 | if (!type || type > OVS_SAMPLE_ATTR_MAX || attrs[type]) | |
2440 | return -EINVAL; | |
2441 | attrs[type] = a; | |
2442 | } | |
2443 | if (rem) | |
2444 | return -EINVAL; | |
2445 | ||
2446 | probability = attrs[OVS_SAMPLE_ATTR_PROBABILITY]; | |
2447 | if (!probability || nla_len(probability) != sizeof(u32)) | |
2448 | return -EINVAL; | |
2449 | ||
2450 | actions = attrs[OVS_SAMPLE_ATTR_ACTIONS]; | |
2451 | if (!actions || (nla_len(actions) && nla_len(actions) < NLA_HDRLEN)) | |
2452 | return -EINVAL; | |
2453 | ||
2454 | /* validation done, copy sample action. */ | |
05da5898 | 2455 | start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SAMPLE, log); |
e6445719 PS |
2456 | if (start < 0) |
2457 | return start; | |
798c1661 | 2458 | |
2459 | /* When both skb and flow may be changed, put the sample | |
2460 | * into a deferred fifo. On the other hand, if only skb | |
2461 | * may be modified, the actions can be executed in place. | |
2462 | * | |
2463 | * Do this analysis at the flow installation time. | |
2464 | * Set 'clone_action->exec' to true if the actions can be | |
2465 | * executed without being deferred. | |
2466 | * | |
2467 | * If the sample is the last action, it can always be excuted | |
2468 | * rather than deferred. | |
2469 | */ | |
2470 | arg.exec = last || !actions_may_change_flow(actions); | |
2471 | arg.probability = nla_get_u32(probability); | |
2472 | ||
2473 | err = ovs_nla_add_action(sfa, OVS_SAMPLE_ATTR_ARG, &arg, sizeof(arg), | |
2474 | log); | |
e6445719 PS |
2475 | if (err) |
2476 | return err; | |
e6445719 | 2477 | |
798c1661 | 2478 | err = __ovs_nla_copy_actions(net, actions, key, sfa, |
05da5898 | 2479 | eth_type, vlan_tci, log); |
798c1661 | 2480 | |
e6445719 PS |
2481 | if (err) |
2482 | return err; | |
2483 | ||
e6445719 PS |
2484 | add_nested_action_end(*sfa, start); |
2485 | ||
2486 | return 0; | |
2487 | } | |
2488 | ||
b2335040 YS |
2489 | static int validate_and_copy_clone(struct net *net, |
2490 | const struct nlattr *attr, | |
2491 | const struct sw_flow_key *key, | |
2492 | struct sw_flow_actions **sfa, | |
2493 | __be16 eth_type, __be16 vlan_tci, | |
2494 | bool log, bool last) | |
2495 | { | |
2496 | int start, err; | |
2497 | u32 exec; | |
2498 | ||
2499 | if (nla_len(attr) && nla_len(attr) < NLA_HDRLEN) | |
2500 | return -EINVAL; | |
2501 | ||
2502 | start = add_nested_action_start(sfa, OVS_ACTION_ATTR_CLONE, log); | |
2503 | if (start < 0) | |
2504 | return start; | |
2505 | ||
2506 | exec = last || !actions_may_change_flow(attr); | |
2507 | ||
2508 | err = ovs_nla_add_action(sfa, OVS_CLONE_ATTR_EXEC, &exec, | |
2509 | sizeof(exec), log); | |
2510 | if (err) | |
2511 | return err; | |
2512 | ||
2513 | err = __ovs_nla_copy_actions(net, attr, key, sfa, | |
2514 | eth_type, vlan_tci, log); | |
2515 | if (err) | |
2516 | return err; | |
2517 | ||
2518 | add_nested_action_end(*sfa, start); | |
2519 | ||
2520 | return 0; | |
2521 | } | |
2522 | ||
e6445719 PS |
2523 | void ovs_match_init(struct sw_flow_match *match, |
2524 | struct sw_flow_key *key, | |
2279994d | 2525 | bool reset_key, |
e6445719 PS |
2526 | struct sw_flow_mask *mask) |
2527 | { | |
2528 | memset(match, 0, sizeof(*match)); | |
2529 | match->key = key; | |
2530 | match->mask = mask; | |
2531 | ||
2279994d | 2532 | if (reset_key) |
2533 | memset(key, 0, sizeof(*key)); | |
e6445719 PS |
2534 | |
2535 | if (mask) { | |
2536 | memset(&mask->key, 0, sizeof(mask->key)); | |
2537 | mask->range.start = mask->range.end = 0; | |
2538 | } | |
2539 | } | |
2540 | ||
d91641d9 TG |
2541 | static int validate_geneve_opts(struct sw_flow_key *key) |
2542 | { | |
2543 | struct geneve_opt *option; | |
2544 | int opts_len = key->tun_opts_len; | |
2545 | bool crit_opt = false; | |
2546 | ||
2547 | option = (struct geneve_opt *)TUN_METADATA_OPTS(key, key->tun_opts_len); | |
2548 | while (opts_len > 0) { | |
2549 | int len; | |
2550 | ||
2551 | if (opts_len < sizeof(*option)) | |
2552 | return -EINVAL; | |
2553 | ||
2554 | len = sizeof(*option) + option->length * 4; | |
2555 | if (len > opts_len) | |
2556 | return -EINVAL; | |
2557 | ||
2558 | crit_opt |= !!(option->type & GENEVE_CRIT_OPT_TYPE); | |
2559 | ||
2560 | option = (struct geneve_opt *)((u8 *)option + len); | |
2561 | opts_len -= len; | |
89290b83 | 2562 | } |
d91641d9 TG |
2563 | |
2564 | key->tun_key.tun_flags |= crit_opt ? TUNNEL_CRIT_OPT : 0; | |
2565 | ||
2566 | return 0; | |
2567 | } | |
2568 | ||
e6445719 | 2569 | static int validate_and_copy_set_tun(const struct nlattr *attr, |
05da5898 | 2570 | struct sw_flow_actions **sfa, bool log) |
e6445719 PS |
2571 | { |
2572 | struct sw_flow_match match; | |
2573 | struct sw_flow_key key; | |
34ae932a | 2574 | struct metadata_dst *tun_dst; |
1d8fff90 | 2575 | struct ip_tunnel_info *tun_info; |
34ae932a | 2576 | struct ovs_tunnel_info *ovs_tun; |
f0b128c1 | 2577 | struct nlattr *a; |
13101602 | 2578 | int err = 0, start, opts_type; |
256c87c1 | 2579 | __be16 dst_opt_type; |
e6445719 | 2580 | |
256c87c1 | 2581 | dst_opt_type = 0; |
2279994d | 2582 | ovs_match_init(&match, &key, true, NULL); |
6b26ba3a | 2583 | opts_type = ip_tun_from_nlattr(nla_data(attr), &match, false, log); |
1dd144cf TG |
2584 | if (opts_type < 0) |
2585 | return opts_type; | |
e6445719 | 2586 | |
f5796684 | 2587 | if (key.tun_opts_len) { |
1dd144cf TG |
2588 | switch (opts_type) { |
2589 | case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS: | |
2590 | err = validate_geneve_opts(&key); | |
2591 | if (err < 0) | |
2592 | return err; | |
256c87c1 | 2593 | dst_opt_type = TUNNEL_GENEVE_OPT; |
1dd144cf TG |
2594 | break; |
2595 | case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS: | |
256c87c1 | 2596 | dst_opt_type = TUNNEL_VXLAN_OPT; |
1dd144cf | 2597 | break; |
fc1372f8 | 2598 | case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS: |
256c87c1 | 2599 | dst_opt_type = TUNNEL_ERSPAN_OPT; |
fc1372f8 | 2600 | break; |
1dd144cf | 2601 | } |
89290b83 | 2602 | } |
f5796684 | 2603 | |
05da5898 | 2604 | start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SET, log); |
e6445719 PS |
2605 | if (start < 0) |
2606 | return start; | |
2607 | ||
3fcece12 JK |
2608 | tun_dst = metadata_dst_alloc(key.tun_opts_len, METADATA_IP_TUNNEL, |
2609 | GFP_KERNEL); | |
2610 | ||
34ae932a TG |
2611 | if (!tun_dst) |
2612 | return -ENOMEM; | |
2613 | ||
d71785ff PA |
2614 | err = dst_cache_init(&tun_dst->u.tun_info.dst_cache, GFP_KERNEL); |
2615 | if (err) { | |
2616 | dst_release((struct dst_entry *)tun_dst); | |
2617 | return err; | |
2618 | } | |
2619 | ||
f0b128c1 | 2620 | a = __add_action(sfa, OVS_KEY_ATTR_TUNNEL_INFO, NULL, |
34ae932a TG |
2621 | sizeof(*ovs_tun), log); |
2622 | if (IS_ERR(a)) { | |
2623 | dst_release((struct dst_entry *)tun_dst); | |
f0b128c1 | 2624 | return PTR_ERR(a); |
34ae932a TG |
2625 | } |
2626 | ||
2627 | ovs_tun = nla_data(a); | |
2628 | ovs_tun->tun_dst = tun_dst; | |
f0b128c1 | 2629 | |
34ae932a TG |
2630 | tun_info = &tun_dst->u.tun_info; |
2631 | tun_info->mode = IP_TUNNEL_INFO_TX; | |
00a93bab JB |
2632 | if (key.tun_proto == AF_INET6) |
2633 | tun_info->mode |= IP_TUNNEL_INFO_IPV6; | |
18b6f717 | 2634 | else if (key.tun_proto == AF_INET && key.tun_key.u.ipv4.dst == 0) |
2635 | tun_info->mode |= IP_TUNNEL_INFO_BRIDGE; | |
1d8fff90 | 2636 | tun_info->key = key.tun_key; |
f0b128c1 | 2637 | |
4c222798 PS |
2638 | /* We need to store the options in the action itself since |
2639 | * everything else will go away after flow setup. We can append | |
2640 | * it to tun_info and then point there. | |
2641 | */ | |
2642 | ip_tunnel_info_opts_set(tun_info, | |
2643 | TUN_METADATA_OPTS(&key, key.tun_opts_len), | |
256c87c1 | 2644 | key.tun_opts_len, dst_opt_type); |
e6445719 PS |
2645 | add_nested_action_end(*sfa, start); |
2646 | ||
2647 | return err; | |
2648 | } | |
2649 | ||
b2d0f5d5 YY |
2650 | static bool validate_nsh(const struct nlattr *attr, bool is_mask, |
2651 | bool is_push_nsh, bool log) | |
2652 | { | |
2653 | struct sw_flow_match match; | |
2654 | struct sw_flow_key key; | |
2655 | int ret = 0; | |
2656 | ||
2657 | ovs_match_init(&match, &key, true, NULL); | |
2658 | ret = nsh_key_put_from_nlattr(attr, &match, is_mask, | |
2659 | is_push_nsh, log); | |
2660 | return !ret; | |
2661 | } | |
2662 | ||
83d2b9ba JR |
2663 | /* Return false if there are any non-masked bits set. |
2664 | * Mask follows data immediately, before any netlink padding. | |
2665 | */ | |
2666 | static bool validate_masked(u8 *data, int len) | |
2667 | { | |
2668 | u8 *mask = data + len; | |
2669 | ||
2670 | while (len--) | |
2671 | if (*data++ & ~*mask++) | |
2672 | return false; | |
2673 | ||
2674 | return true; | |
2675 | } | |
2676 | ||
e6445719 PS |
2677 | static int validate_set(const struct nlattr *a, |
2678 | const struct sw_flow_key *flow_key, | |
0a6410fb JB |
2679 | struct sw_flow_actions **sfa, bool *skip_copy, |
2680 | u8 mac_proto, __be16 eth_type, bool masked, bool log) | |
e6445719 PS |
2681 | { |
2682 | const struct nlattr *ovs_key = nla_data(a); | |
2683 | int key_type = nla_type(ovs_key); | |
83d2b9ba | 2684 | size_t key_len; |
e6445719 PS |
2685 | |
2686 | /* There can be only one key in a action */ | |
2687 | if (nla_total_size(nla_len(ovs_key)) != nla_len(a)) | |
2688 | return -EINVAL; | |
2689 | ||
83d2b9ba JR |
2690 | key_len = nla_len(ovs_key); |
2691 | if (masked) | |
2692 | key_len /= 2; | |
2693 | ||
e6445719 | 2694 | if (key_type > OVS_KEY_ATTR_MAX || |
982b5270 | 2695 | !check_attr_len(key_len, ovs_key_lens[key_type].len)) |
e6445719 PS |
2696 | return -EINVAL; |
2697 | ||
83d2b9ba JR |
2698 | if (masked && !validate_masked(nla_data(ovs_key), key_len)) |
2699 | return -EINVAL; | |
2700 | ||
e6445719 PS |
2701 | switch (key_type) { |
2702 | const struct ovs_key_ipv4 *ipv4_key; | |
2703 | const struct ovs_key_ipv6 *ipv6_key; | |
2704 | int err; | |
2705 | ||
2706 | case OVS_KEY_ATTR_PRIORITY: | |
2707 | case OVS_KEY_ATTR_SKB_MARK: | |
182e3042 | 2708 | case OVS_KEY_ATTR_CT_MARK: |
33db4125 | 2709 | case OVS_KEY_ATTR_CT_LABELS: |
e6445719 PS |
2710 | break; |
2711 | ||
0a6410fb JB |
2712 | case OVS_KEY_ATTR_ETHERNET: |
2713 | if (mac_proto != MAC_PROTO_ETHERNET) | |
2714 | return -EINVAL; | |
87e159c5 | 2715 | break; |
0a6410fb | 2716 | |
e6445719 | 2717 | case OVS_KEY_ATTR_TUNNEL: |
83d2b9ba JR |
2718 | if (masked) |
2719 | return -EINVAL; /* Masked tunnel set not supported. */ | |
2720 | ||
2721 | *skip_copy = true; | |
05da5898 | 2722 | err = validate_and_copy_set_tun(a, sfa, log); |
e6445719 PS |
2723 | if (err) |
2724 | return err; | |
2725 | break; | |
2726 | ||
2727 | case OVS_KEY_ATTR_IPV4: | |
25cd9ba0 | 2728 | if (eth_type != htons(ETH_P_IP)) |
e6445719 PS |
2729 | return -EINVAL; |
2730 | ||
e6445719 | 2731 | ipv4_key = nla_data(ovs_key); |
e6445719 | 2732 | |
83d2b9ba JR |
2733 | if (masked) { |
2734 | const struct ovs_key_ipv4 *mask = ipv4_key + 1; | |
e6445719 | 2735 | |
83d2b9ba JR |
2736 | /* Non-writeable fields. */ |
2737 | if (mask->ipv4_proto || mask->ipv4_frag) | |
2738 | return -EINVAL; | |
2739 | } else { | |
2740 | if (ipv4_key->ipv4_proto != flow_key->ip.proto) | |
2741 | return -EINVAL; | |
2742 | ||
2743 | if (ipv4_key->ipv4_frag != flow_key->ip.frag) | |
2744 | return -EINVAL; | |
2745 | } | |
e6445719 PS |
2746 | break; |
2747 | ||
2748 | case OVS_KEY_ATTR_IPV6: | |
25cd9ba0 | 2749 | if (eth_type != htons(ETH_P_IPV6)) |
e6445719 PS |
2750 | return -EINVAL; |
2751 | ||
e6445719 | 2752 | ipv6_key = nla_data(ovs_key); |
e6445719 | 2753 | |
83d2b9ba JR |
2754 | if (masked) { |
2755 | const struct ovs_key_ipv6 *mask = ipv6_key + 1; | |
2756 | ||
2757 | /* Non-writeable fields. */ | |
2758 | if (mask->ipv6_proto || mask->ipv6_frag) | |
2759 | return -EINVAL; | |
2760 | ||
2761 | /* Invalid bits in the flow label mask? */ | |
2762 | if (ntohl(mask->ipv6_label) & 0xFFF00000) | |
2763 | return -EINVAL; | |
2764 | } else { | |
2765 | if (ipv6_key->ipv6_proto != flow_key->ip.proto) | |
2766 | return -EINVAL; | |
e6445719 | 2767 | |
83d2b9ba JR |
2768 | if (ipv6_key->ipv6_frag != flow_key->ip.frag) |
2769 | return -EINVAL; | |
2770 | } | |
e6445719 PS |
2771 | if (ntohl(ipv6_key->ipv6_label) & 0xFFF00000) |
2772 | return -EINVAL; | |
2773 | ||
2774 | break; | |
2775 | ||
2776 | case OVS_KEY_ATTR_TCP: | |
83d2b9ba JR |
2777 | if ((eth_type != htons(ETH_P_IP) && |
2778 | eth_type != htons(ETH_P_IPV6)) || | |
2779 | flow_key->ip.proto != IPPROTO_TCP) | |
e6445719 PS |
2780 | return -EINVAL; |
2781 | ||
83d2b9ba | 2782 | break; |
e6445719 PS |
2783 | |
2784 | case OVS_KEY_ATTR_UDP: | |
83d2b9ba JR |
2785 | if ((eth_type != htons(ETH_P_IP) && |
2786 | eth_type != htons(ETH_P_IPV6)) || | |
2787 | flow_key->ip.proto != IPPROTO_UDP) | |
e6445719 PS |
2788 | return -EINVAL; |
2789 | ||
83d2b9ba | 2790 | break; |
25cd9ba0 SH |
2791 | |
2792 | case OVS_KEY_ATTR_MPLS: | |
2793 | if (!eth_p_mpls(eth_type)) | |
2794 | return -EINVAL; | |
2795 | break; | |
e6445719 PS |
2796 | |
2797 | case OVS_KEY_ATTR_SCTP: | |
83d2b9ba JR |
2798 | if ((eth_type != htons(ETH_P_IP) && |
2799 | eth_type != htons(ETH_P_IPV6)) || | |
2800 | flow_key->ip.proto != IPPROTO_SCTP) | |
e6445719 PS |
2801 | return -EINVAL; |
2802 | ||
83d2b9ba | 2803 | break; |
e6445719 | 2804 | |
b2d0f5d5 YY |
2805 | case OVS_KEY_ATTR_NSH: |
2806 | if (eth_type != htons(ETH_P_NSH)) | |
2807 | return -EINVAL; | |
2808 | if (!validate_nsh(nla_data(a), masked, false, log)) | |
2809 | return -EINVAL; | |
2810 | break; | |
2811 | ||
e6445719 PS |
2812 | default: |
2813 | return -EINVAL; | |
2814 | } | |
2815 | ||
83d2b9ba JR |
2816 | /* Convert non-masked non-tunnel set actions to masked set actions. */ |
2817 | if (!masked && key_type != OVS_KEY_ATTR_TUNNEL) { | |
2818 | int start, len = key_len * 2; | |
2819 | struct nlattr *at; | |
2820 | ||
2821 | *skip_copy = true; | |
2822 | ||
2823 | start = add_nested_action_start(sfa, | |
2824 | OVS_ACTION_ATTR_SET_TO_MASKED, | |
2825 | log); | |
2826 | if (start < 0) | |
2827 | return start; | |
2828 | ||
2829 | at = __add_action(sfa, key_type, NULL, len, log); | |
2830 | if (IS_ERR(at)) | |
2831 | return PTR_ERR(at); | |
2832 | ||
2833 | memcpy(nla_data(at), nla_data(ovs_key), key_len); /* Key. */ | |
2834 | memset(nla_data(at) + key_len, 0xff, key_len); /* Mask. */ | |
2835 | /* Clear non-writeable bits from otherwise writeable fields. */ | |
2836 | if (key_type == OVS_KEY_ATTR_IPV6) { | |
2837 | struct ovs_key_ipv6 *mask = nla_data(at) + key_len; | |
2838 | ||
2839 | mask->ipv6_label &= htonl(0x000FFFFF); | |
2840 | } | |
2841 | add_nested_action_end(*sfa, start); | |
2842 | } | |
2843 | ||
e6445719 PS |
2844 | return 0; |
2845 | } | |
2846 | ||
2847 | static int validate_userspace(const struct nlattr *attr) | |
2848 | { | |
2849 | static const struct nla_policy userspace_policy[OVS_USERSPACE_ATTR_MAX + 1] = { | |
2850 | [OVS_USERSPACE_ATTR_PID] = {.type = NLA_U32 }, | |
2851 | [OVS_USERSPACE_ATTR_USERDATA] = {.type = NLA_UNSPEC }, | |
8f0aad6f | 2852 | [OVS_USERSPACE_ATTR_EGRESS_TUN_PORT] = {.type = NLA_U32 }, |
e6445719 PS |
2853 | }; |
2854 | struct nlattr *a[OVS_USERSPACE_ATTR_MAX + 1]; | |
2855 | int error; | |
2856 | ||
8cb08174 JB |
2857 | error = nla_parse_nested_deprecated(a, OVS_USERSPACE_ATTR_MAX, attr, |
2858 | userspace_policy, NULL); | |
e6445719 PS |
2859 | if (error) |
2860 | return error; | |
2861 | ||
2862 | if (!a[OVS_USERSPACE_ATTR_PID] || | |
2863 | !nla_get_u32(a[OVS_USERSPACE_ATTR_PID])) | |
2864 | return -EINVAL; | |
2865 | ||
2866 | return 0; | |
2867 | } | |
2868 | ||
4d5ec89f NS |
2869 | static const struct nla_policy cpl_policy[OVS_CHECK_PKT_LEN_ATTR_MAX + 1] = { |
2870 | [OVS_CHECK_PKT_LEN_ATTR_PKT_LEN] = {.type = NLA_U16 }, | |
2871 | [OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER] = {.type = NLA_NESTED }, | |
2872 | [OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL] = {.type = NLA_NESTED }, | |
2873 | }; | |
2874 | ||
2875 | static int validate_and_copy_check_pkt_len(struct net *net, | |
2876 | const struct nlattr *attr, | |
2877 | const struct sw_flow_key *key, | |
2878 | struct sw_flow_actions **sfa, | |
2879 | __be16 eth_type, __be16 vlan_tci, | |
2880 | bool log, bool last) | |
2881 | { | |
2882 | const struct nlattr *acts_if_greater, *acts_if_lesser_eq; | |
2883 | struct nlattr *a[OVS_CHECK_PKT_LEN_ATTR_MAX + 1]; | |
2884 | struct check_pkt_len_arg arg; | |
2885 | int nested_acts_start; | |
2886 | int start, err; | |
2887 | ||
8cb08174 JB |
2888 | err = nla_parse_deprecated_strict(a, OVS_CHECK_PKT_LEN_ATTR_MAX, |
2889 | nla_data(attr), nla_len(attr), | |
2890 | cpl_policy, NULL); | |
4d5ec89f NS |
2891 | if (err) |
2892 | return err; | |
2893 | ||
2894 | if (!a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN] || | |
2895 | !nla_get_u16(a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN])) | |
2896 | return -EINVAL; | |
2897 | ||
2898 | acts_if_lesser_eq = a[OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL]; | |
2899 | acts_if_greater = a[OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER]; | |
2900 | ||
2901 | /* Both the nested action should be present. */ | |
2902 | if (!acts_if_greater || !acts_if_lesser_eq) | |
2903 | return -EINVAL; | |
2904 | ||
2905 | /* validation done, copy the nested actions. */ | |
2906 | start = add_nested_action_start(sfa, OVS_ACTION_ATTR_CHECK_PKT_LEN, | |
2907 | log); | |
2908 | if (start < 0) | |
2909 | return start; | |
2910 | ||
2911 | arg.pkt_len = nla_get_u16(a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN]); | |
2912 | arg.exec_for_lesser_equal = | |
2913 | last || !actions_may_change_flow(acts_if_lesser_eq); | |
2914 | arg.exec_for_greater = | |
2915 | last || !actions_may_change_flow(acts_if_greater); | |
2916 | ||
2917 | err = ovs_nla_add_action(sfa, OVS_CHECK_PKT_LEN_ATTR_ARG, &arg, | |
2918 | sizeof(arg), log); | |
2919 | if (err) | |
2920 | return err; | |
2921 | ||
2922 | nested_acts_start = add_nested_action_start(sfa, | |
2923 | OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL, log); | |
2924 | if (nested_acts_start < 0) | |
2925 | return nested_acts_start; | |
2926 | ||
2927 | err = __ovs_nla_copy_actions(net, acts_if_lesser_eq, key, sfa, | |
2928 | eth_type, vlan_tci, log); | |
2929 | ||
2930 | if (err) | |
2931 | return err; | |
2932 | ||
2933 | add_nested_action_end(*sfa, nested_acts_start); | |
2934 | ||
2935 | nested_acts_start = add_nested_action_start(sfa, | |
2936 | OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER, log); | |
2937 | if (nested_acts_start < 0) | |
2938 | return nested_acts_start; | |
2939 | ||
2940 | err = __ovs_nla_copy_actions(net, acts_if_greater, key, sfa, | |
2941 | eth_type, vlan_tci, log); | |
2942 | ||
2943 | if (err) | |
2944 | return err; | |
2945 | ||
2946 | add_nested_action_end(*sfa, nested_acts_start); | |
2947 | add_nested_action_end(*sfa, start); | |
2948 | return 0; | |
2949 | } | |
2950 | ||
e6445719 | 2951 | static int copy_action(const struct nlattr *from, |
05da5898 | 2952 | struct sw_flow_actions **sfa, bool log) |
e6445719 PS |
2953 | { |
2954 | int totlen = NLA_ALIGN(from->nla_len); | |
2955 | struct nlattr *to; | |
2956 | ||
05da5898 | 2957 | to = reserve_sfa_size(sfa, from->nla_len, log); |
e6445719 PS |
2958 | if (IS_ERR(to)) |
2959 | return PTR_ERR(to); | |
2960 | ||
2961 | memcpy(to, from, totlen); | |
2962 | return 0; | |
2963 | } | |
2964 | ||
7f8a436e | 2965 | static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, |
25cd9ba0 | 2966 | const struct sw_flow_key *key, |
798c1661 | 2967 | struct sw_flow_actions **sfa, |
05da5898 | 2968 | __be16 eth_type, __be16 vlan_tci, bool log) |
e6445719 | 2969 | { |
0a6410fb | 2970 | u8 mac_proto = ovs_key_mac_proto(key); |
e6445719 PS |
2971 | const struct nlattr *a; |
2972 | int rem, err; | |
2973 | ||
e6445719 PS |
2974 | nla_for_each_nested(a, attr, rem) { |
2975 | /* Expected argument lengths, (u32)-1 for variable length. */ | |
2976 | static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = { | |
2977 | [OVS_ACTION_ATTR_OUTPUT] = sizeof(u32), | |
971427f3 | 2978 | [OVS_ACTION_ATTR_RECIRC] = sizeof(u32), |
e6445719 | 2979 | [OVS_ACTION_ATTR_USERSPACE] = (u32)-1, |
25cd9ba0 SH |
2980 | [OVS_ACTION_ATTR_PUSH_MPLS] = sizeof(struct ovs_action_push_mpls), |
2981 | [OVS_ACTION_ATTR_POP_MPLS] = sizeof(__be16), | |
e6445719 PS |
2982 | [OVS_ACTION_ATTR_PUSH_VLAN] = sizeof(struct ovs_action_push_vlan), |
2983 | [OVS_ACTION_ATTR_POP_VLAN] = 0, | |
2984 | [OVS_ACTION_ATTR_SET] = (u32)-1, | |
83d2b9ba | 2985 | [OVS_ACTION_ATTR_SET_MASKED] = (u32)-1, |
971427f3 | 2986 | [OVS_ACTION_ATTR_SAMPLE] = (u32)-1, |
7f8a436e JS |
2987 | [OVS_ACTION_ATTR_HASH] = sizeof(struct ovs_action_hash), |
2988 | [OVS_ACTION_ATTR_CT] = (u32)-1, | |
b8226962 | 2989 | [OVS_ACTION_ATTR_CT_CLEAR] = 0, |
f2a4d086 | 2990 | [OVS_ACTION_ATTR_TRUNC] = sizeof(struct ovs_action_trunc), |
91820da6 JB |
2991 | [OVS_ACTION_ATTR_PUSH_ETH] = sizeof(struct ovs_action_push_eth), |
2992 | [OVS_ACTION_ATTR_POP_ETH] = 0, | |
b2d0f5d5 YY |
2993 | [OVS_ACTION_ATTR_PUSH_NSH] = (u32)-1, |
2994 | [OVS_ACTION_ATTR_POP_NSH] = 0, | |
cd8a6c33 | 2995 | [OVS_ACTION_ATTR_METER] = sizeof(u32), |
b2335040 | 2996 | [OVS_ACTION_ATTR_CLONE] = (u32)-1, |
4d5ec89f | 2997 | [OVS_ACTION_ATTR_CHECK_PKT_LEN] = (u32)-1, |
e6445719 PS |
2998 | }; |
2999 | const struct ovs_action_push_vlan *vlan; | |
3000 | int type = nla_type(a); | |
3001 | bool skip_copy; | |
3002 | ||
3003 | if (type > OVS_ACTION_ATTR_MAX || | |
3004 | (action_lens[type] != nla_len(a) && | |
3005 | action_lens[type] != (u32)-1)) | |
3006 | return -EINVAL; | |
3007 | ||
3008 | skip_copy = false; | |
3009 | switch (type) { | |
3010 | case OVS_ACTION_ATTR_UNSPEC: | |
3011 | return -EINVAL; | |
3012 | ||
3013 | case OVS_ACTION_ATTR_USERSPACE: | |
3014 | err = validate_userspace(a); | |
3015 | if (err) | |
3016 | return err; | |
3017 | break; | |
3018 | ||
3019 | case OVS_ACTION_ATTR_OUTPUT: | |
3020 | if (nla_get_u32(a) >= DP_MAX_PORTS) | |
3021 | return -EINVAL; | |
3022 | break; | |
3023 | ||
f2a4d086 WT |
3024 | case OVS_ACTION_ATTR_TRUNC: { |
3025 | const struct ovs_action_trunc *trunc = nla_data(a); | |
3026 | ||
3027 | if (trunc->max_len < ETH_HLEN) | |
3028 | return -EINVAL; | |
3029 | break; | |
3030 | } | |
3031 | ||
971427f3 AZ |
3032 | case OVS_ACTION_ATTR_HASH: { |
3033 | const struct ovs_action_hash *act_hash = nla_data(a); | |
3034 | ||
3035 | switch (act_hash->hash_alg) { | |
3036 | case OVS_HASH_ALG_L4: | |
3037 | break; | |
3038 | default: | |
3039 | return -EINVAL; | |
3040 | } | |
3041 | ||
3042 | break; | |
3043 | } | |
e6445719 PS |
3044 | |
3045 | case OVS_ACTION_ATTR_POP_VLAN: | |
0a6410fb JB |
3046 | if (mac_proto != MAC_PROTO_ETHERNET) |
3047 | return -EINVAL; | |
25cd9ba0 | 3048 | vlan_tci = htons(0); |
e6445719 PS |
3049 | break; |
3050 | ||
3051 | case OVS_ACTION_ATTR_PUSH_VLAN: | |
0a6410fb JB |
3052 | if (mac_proto != MAC_PROTO_ETHERNET) |
3053 | return -EINVAL; | |
e6445719 | 3054 | vlan = nla_data(a); |
018c1dda | 3055 | if (!eth_type_vlan(vlan->vlan_tpid)) |
e6445719 | 3056 | return -EINVAL; |
9df46aef | 3057 | if (!(vlan->vlan_tci & htons(VLAN_CFI_MASK))) |
e6445719 | 3058 | return -EINVAL; |
25cd9ba0 | 3059 | vlan_tci = vlan->vlan_tci; |
e6445719 PS |
3060 | break; |
3061 | ||
971427f3 AZ |
3062 | case OVS_ACTION_ATTR_RECIRC: |
3063 | break; | |
3064 | ||
25cd9ba0 SH |
3065 | case OVS_ACTION_ATTR_PUSH_MPLS: { |
3066 | const struct ovs_action_push_mpls *mpls = nla_data(a); | |
3067 | ||
25cd9ba0 SH |
3068 | if (!eth_p_mpls(mpls->mpls_ethertype)) |
3069 | return -EINVAL; | |
3070 | /* Prohibit push MPLS other than to a white list | |
3071 | * for packets that have a known tag order. | |
3072 | */ | |
9df46aef | 3073 | if (vlan_tci & htons(VLAN_CFI_MASK) || |
25cd9ba0 SH |
3074 | (eth_type != htons(ETH_P_IP) && |
3075 | eth_type != htons(ETH_P_IPV6) && | |
3076 | eth_type != htons(ETH_P_ARP) && | |
3077 | eth_type != htons(ETH_P_RARP) && | |
3078 | !eth_p_mpls(eth_type))) | |
3079 | return -EINVAL; | |
3080 | eth_type = mpls->mpls_ethertype; | |
3081 | break; | |
3082 | } | |
3083 | ||
3084 | case OVS_ACTION_ATTR_POP_MPLS: | |
9df46aef | 3085 | if (vlan_tci & htons(VLAN_CFI_MASK) || |
25cd9ba0 SH |
3086 | !eth_p_mpls(eth_type)) |
3087 | return -EINVAL; | |
3088 | ||
3089 | /* Disallow subsequent L2.5+ set and mpls_pop actions | |
3090 | * as there is no check here to ensure that the new | |
3091 | * eth_type is valid and thus set actions could | |
3092 | * write off the end of the packet or otherwise | |
3093 | * corrupt it. | |
3094 | * | |
3095 | * Support for these actions is planned using packet | |
3096 | * recirculation. | |
3097 | */ | |
3098 | eth_type = htons(0); | |
3099 | break; | |
3100 | ||
e6445719 | 3101 | case OVS_ACTION_ATTR_SET: |
25cd9ba0 | 3102 | err = validate_set(a, key, sfa, |
0a6410fb JB |
3103 | &skip_copy, mac_proto, eth_type, |
3104 | false, log); | |
83d2b9ba JR |
3105 | if (err) |
3106 | return err; | |
3107 | break; | |
3108 | ||
3109 | case OVS_ACTION_ATTR_SET_MASKED: | |
3110 | err = validate_set(a, key, sfa, | |
0a6410fb JB |
3111 | &skip_copy, mac_proto, eth_type, |
3112 | true, log); | |
e6445719 PS |
3113 | if (err) |
3114 | return err; | |
3115 | break; | |
3116 | ||
798c1661 | 3117 | case OVS_ACTION_ATTR_SAMPLE: { |
3118 | bool last = nla_is_last(a, rem); | |
3119 | ||
3120 | err = validate_and_copy_sample(net, a, key, sfa, | |
3121 | eth_type, vlan_tci, | |
3122 | log, last); | |
e6445719 PS |
3123 | if (err) |
3124 | return err; | |
3125 | skip_copy = true; | |
3126 | break; | |
798c1661 | 3127 | } |
e6445719 | 3128 | |
7f8a436e JS |
3129 | case OVS_ACTION_ATTR_CT: |
3130 | err = ovs_ct_copy_action(net, a, key, sfa, log); | |
3131 | if (err) | |
3132 | return err; | |
3133 | skip_copy = true; | |
3134 | break; | |
3135 | ||
b8226962 EG |
3136 | case OVS_ACTION_ATTR_CT_CLEAR: |
3137 | break; | |
3138 | ||
91820da6 JB |
3139 | case OVS_ACTION_ATTR_PUSH_ETH: |
3140 | /* Disallow pushing an Ethernet header if one | |
3141 | * is already present */ | |
3142 | if (mac_proto != MAC_PROTO_NONE) | |
3143 | return -EINVAL; | |
46ebe283 | 3144 | mac_proto = MAC_PROTO_ETHERNET; |
91820da6 JB |
3145 | break; |
3146 | ||
3147 | case OVS_ACTION_ATTR_POP_ETH: | |
3148 | if (mac_proto != MAC_PROTO_ETHERNET) | |
3149 | return -EINVAL; | |
9df46aef | 3150 | if (vlan_tci & htons(VLAN_CFI_MASK)) |
91820da6 | 3151 | return -EINVAL; |
46ebe283 | 3152 | mac_proto = MAC_PROTO_NONE; |
91820da6 JB |
3153 | break; |
3154 | ||
b2d0f5d5 YY |
3155 | case OVS_ACTION_ATTR_PUSH_NSH: |
3156 | if (mac_proto != MAC_PROTO_ETHERNET) { | |
3157 | u8 next_proto; | |
3158 | ||
3159 | next_proto = tun_p_from_eth_p(eth_type); | |
3160 | if (!next_proto) | |
3161 | return -EINVAL; | |
3162 | } | |
3163 | mac_proto = MAC_PROTO_NONE; | |
3164 | if (!validate_nsh(nla_data(a), false, true, true)) | |
3165 | return -EINVAL; | |
3166 | break; | |
3167 | ||
3168 | case OVS_ACTION_ATTR_POP_NSH: { | |
3169 | __be16 inner_proto; | |
3170 | ||
3171 | if (eth_type != htons(ETH_P_NSH)) | |
3172 | return -EINVAL; | |
3173 | inner_proto = tun_p_to_eth_p(key->nsh.base.np); | |
3174 | if (!inner_proto) | |
3175 | return -EINVAL; | |
3176 | if (key->nsh.base.np == TUN_P_ETHERNET) | |
3177 | mac_proto = MAC_PROTO_ETHERNET; | |
3178 | else | |
3179 | mac_proto = MAC_PROTO_NONE; | |
3180 | break; | |
3181 | } | |
3182 | ||
cd8a6c33 AZ |
3183 | case OVS_ACTION_ATTR_METER: |
3184 | /* Non-existent meters are simply ignored. */ | |
3185 | break; | |
3186 | ||
b2335040 YS |
3187 | case OVS_ACTION_ATTR_CLONE: { |
3188 | bool last = nla_is_last(a, rem); | |
3189 | ||
3190 | err = validate_and_copy_clone(net, a, key, sfa, | |
3191 | eth_type, vlan_tci, | |
3192 | log, last); | |
3193 | if (err) | |
3194 | return err; | |
3195 | skip_copy = true; | |
3196 | break; | |
3197 | } | |
3198 | ||
4d5ec89f NS |
3199 | case OVS_ACTION_ATTR_CHECK_PKT_LEN: { |
3200 | bool last = nla_is_last(a, rem); | |
3201 | ||
3202 | err = validate_and_copy_check_pkt_len(net, a, key, sfa, | |
3203 | eth_type, | |
3204 | vlan_tci, log, | |
3205 | last); | |
3206 | if (err) | |
3207 | return err; | |
3208 | skip_copy = true; | |
3209 | break; | |
3210 | } | |
3211 | ||
e6445719 | 3212 | default: |
05da5898 | 3213 | OVS_NLERR(log, "Unknown Action type %d", type); |
e6445719 PS |
3214 | return -EINVAL; |
3215 | } | |
3216 | if (!skip_copy) { | |
05da5898 | 3217 | err = copy_action(a, sfa, log); |
e6445719 PS |
3218 | if (err) |
3219 | return err; | |
3220 | } | |
3221 | } | |
3222 | ||
3223 | if (rem > 0) | |
3224 | return -EINVAL; | |
3225 | ||
3226 | return 0; | |
3227 | } | |
3228 | ||
83d2b9ba | 3229 | /* 'key' must be the masked key. */ |
7f8a436e | 3230 | int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, |
25cd9ba0 | 3231 | const struct sw_flow_key *key, |
05da5898 | 3232 | struct sw_flow_actions **sfa, bool log) |
25cd9ba0 | 3233 | { |
2fdb957d PS |
3234 | int err; |
3235 | ||
67c8d22a | 3236 | *sfa = nla_alloc_flow_actions(min(nla_len(attr), MAX_ACTIONS_BUFSIZE)); |
2fdb957d PS |
3237 | if (IS_ERR(*sfa)) |
3238 | return PTR_ERR(*sfa); | |
3239 | ||
8e2fed1c | 3240 | (*sfa)->orig_len = nla_len(attr); |
798c1661 | 3241 | err = __ovs_nla_copy_actions(net, attr, key, sfa, key->eth.type, |
018c1dda | 3242 | key->eth.vlan.tci, log); |
2fdb957d | 3243 | if (err) |
34ae932a | 3244 | ovs_nla_free_flow_actions(*sfa); |
2fdb957d PS |
3245 | |
3246 | return err; | |
25cd9ba0 SH |
3247 | } |
3248 | ||
798c1661 | 3249 | static int sample_action_to_attr(const struct nlattr *attr, |
3250 | struct sk_buff *skb) | |
e6445719 | 3251 | { |
798c1661 | 3252 | struct nlattr *start, *ac_start = NULL, *sample_arg; |
3253 | int err = 0, rem = nla_len(attr); | |
3254 | const struct sample_arg *arg; | |
3255 | struct nlattr *actions; | |
e6445719 | 3256 | |
ae0be8de | 3257 | start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SAMPLE); |
e6445719 PS |
3258 | if (!start) |
3259 | return -EMSGSIZE; | |
3260 | ||
798c1661 | 3261 | sample_arg = nla_data(attr); |
3262 | arg = nla_data(sample_arg); | |
3263 | actions = nla_next(sample_arg, &rem); | |
e6445719 | 3264 | |
798c1661 | 3265 | if (nla_put_u32(skb, OVS_SAMPLE_ATTR_PROBABILITY, arg->probability)) { |
3266 | err = -EMSGSIZE; | |
3267 | goto out; | |
3268 | } | |
3269 | ||
ae0be8de | 3270 | ac_start = nla_nest_start_noflag(skb, OVS_SAMPLE_ATTR_ACTIONS); |
798c1661 | 3271 | if (!ac_start) { |
3272 | err = -EMSGSIZE; | |
3273 | goto out; | |
3274 | } | |
3275 | ||
3276 | err = ovs_nla_put_actions(actions, rem, skb); | |
3277 | ||
3278 | out: | |
3279 | if (err) { | |
3280 | nla_nest_cancel(skb, ac_start); | |
3281 | nla_nest_cancel(skb, start); | |
3282 | } else { | |
3283 | nla_nest_end(skb, ac_start); | |
3284 | nla_nest_end(skb, start); | |
e6445719 PS |
3285 | } |
3286 | ||
e6445719 PS |
3287 | return err; |
3288 | } | |
3289 | ||
b2335040 YS |
3290 | static int clone_action_to_attr(const struct nlattr *attr, |
3291 | struct sk_buff *skb) | |
3292 | { | |
3293 | struct nlattr *start; | |
3294 | int err = 0, rem = nla_len(attr); | |
3295 | ||
ae0be8de | 3296 | start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CLONE); |
b2335040 YS |
3297 | if (!start) |
3298 | return -EMSGSIZE; | |
3299 | ||
3300 | err = ovs_nla_put_actions(nla_data(attr), rem, skb); | |
3301 | ||
3302 | if (err) | |
3303 | nla_nest_cancel(skb, start); | |
3304 | else | |
3305 | nla_nest_end(skb, start); | |
3306 | ||
3307 | return err; | |
3308 | } | |
3309 | ||
4d5ec89f NS |
3310 | static int check_pkt_len_action_to_attr(const struct nlattr *attr, |
3311 | struct sk_buff *skb) | |
3312 | { | |
3313 | struct nlattr *start, *ac_start = NULL; | |
3314 | const struct check_pkt_len_arg *arg; | |
3315 | const struct nlattr *a, *cpl_arg; | |
3316 | int err = 0, rem = nla_len(attr); | |
3317 | ||
ae0be8de | 3318 | start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CHECK_PKT_LEN); |
4d5ec89f NS |
3319 | if (!start) |
3320 | return -EMSGSIZE; | |
3321 | ||
3322 | /* The first nested attribute in 'attr' is always | |
3323 | * 'OVS_CHECK_PKT_LEN_ATTR_ARG'. | |
3324 | */ | |
3325 | cpl_arg = nla_data(attr); | |
3326 | arg = nla_data(cpl_arg); | |
3327 | ||
3328 | if (nla_put_u16(skb, OVS_CHECK_PKT_LEN_ATTR_PKT_LEN, arg->pkt_len)) { | |
3329 | err = -EMSGSIZE; | |
3330 | goto out; | |
3331 | } | |
3332 | ||
3333 | /* Second nested attribute in 'attr' is always | |
3334 | * 'OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL'. | |
3335 | */ | |
3336 | a = nla_next(cpl_arg, &rem); | |
ae0be8de MK |
3337 | ac_start = nla_nest_start_noflag(skb, |
3338 | OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL); | |
4d5ec89f NS |
3339 | if (!ac_start) { |
3340 | err = -EMSGSIZE; | |
3341 | goto out; | |
3342 | } | |
3343 | ||
3344 | err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb); | |
3345 | if (err) { | |
3346 | nla_nest_cancel(skb, ac_start); | |
3347 | goto out; | |
3348 | } else { | |
3349 | nla_nest_end(skb, ac_start); | |
3350 | } | |
3351 | ||
3352 | /* Third nested attribute in 'attr' is always | |
3353 | * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER. | |
3354 | */ | |
3355 | a = nla_next(a, &rem); | |
ae0be8de MK |
3356 | ac_start = nla_nest_start_noflag(skb, |
3357 | OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER); | |
4d5ec89f NS |
3358 | if (!ac_start) { |
3359 | err = -EMSGSIZE; | |
3360 | goto out; | |
3361 | } | |
3362 | ||
3363 | err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb); | |
3364 | if (err) { | |
3365 | nla_nest_cancel(skb, ac_start); | |
3366 | goto out; | |
3367 | } else { | |
3368 | nla_nest_end(skb, ac_start); | |
3369 | } | |
3370 | ||
3371 | nla_nest_end(skb, start); | |
3372 | return 0; | |
3373 | ||
3374 | out: | |
3375 | nla_nest_cancel(skb, start); | |
3376 | return err; | |
3377 | } | |
3378 | ||
e6445719 PS |
3379 | static int set_action_to_attr(const struct nlattr *a, struct sk_buff *skb) |
3380 | { | |
3381 | const struct nlattr *ovs_key = nla_data(a); | |
3382 | int key_type = nla_type(ovs_key); | |
3383 | struct nlattr *start; | |
3384 | int err; | |
3385 | ||
3386 | switch (key_type) { | |
f0b128c1 | 3387 | case OVS_KEY_ATTR_TUNNEL_INFO: { |
34ae932a TG |
3388 | struct ovs_tunnel_info *ovs_tun = nla_data(ovs_key); |
3389 | struct ip_tunnel_info *tun_info = &ovs_tun->tun_dst->u.tun_info; | |
f0b128c1 | 3390 | |
ae0be8de | 3391 | start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SET); |
e6445719 PS |
3392 | if (!start) |
3393 | return -EMSGSIZE; | |
3394 | ||
e905eabc SH |
3395 | err = ip_tun_to_nlattr(skb, &tun_info->key, |
3396 | ip_tunnel_info_opts(tun_info), | |
3397 | tun_info->options_len, | |
18b6f717 | 3398 | ip_tunnel_info_af(tun_info), tun_info->mode); |
e6445719 PS |
3399 | if (err) |
3400 | return err; | |
3401 | nla_nest_end(skb, start); | |
3402 | break; | |
f0b128c1 | 3403 | } |
e6445719 PS |
3404 | default: |
3405 | if (nla_put(skb, OVS_ACTION_ATTR_SET, nla_len(a), ovs_key)) | |
3406 | return -EMSGSIZE; | |
3407 | break; | |
3408 | } | |
3409 | ||
3410 | return 0; | |
3411 | } | |
3412 | ||
83d2b9ba JR |
3413 | static int masked_set_action_to_set_action_attr(const struct nlattr *a, |
3414 | struct sk_buff *skb) | |
3415 | { | |
3416 | const struct nlattr *ovs_key = nla_data(a); | |
f4f8e738 | 3417 | struct nlattr *nla; |
83d2b9ba JR |
3418 | size_t key_len = nla_len(ovs_key) / 2; |
3419 | ||
3420 | /* Revert the conversion we did from a non-masked set action to | |
3421 | * masked set action. | |
3422 | */ | |
ae0be8de | 3423 | nla = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SET); |
f4f8e738 | 3424 | if (!nla) |
83d2b9ba JR |
3425 | return -EMSGSIZE; |
3426 | ||
f4f8e738 JS |
3427 | if (nla_put(skb, nla_type(ovs_key), key_len, nla_data(ovs_key))) |
3428 | return -EMSGSIZE; | |
3429 | ||
3430 | nla_nest_end(skb, nla); | |
83d2b9ba JR |
3431 | return 0; |
3432 | } | |
3433 | ||
e6445719 PS |
3434 | int ovs_nla_put_actions(const struct nlattr *attr, int len, struct sk_buff *skb) |
3435 | { | |
3436 | const struct nlattr *a; | |
3437 | int rem, err; | |
3438 | ||
3439 | nla_for_each_attr(a, attr, len, rem) { | |
3440 | int type = nla_type(a); | |
3441 | ||
3442 | switch (type) { | |
3443 | case OVS_ACTION_ATTR_SET: | |
3444 | err = set_action_to_attr(a, skb); | |
3445 | if (err) | |
3446 | return err; | |
3447 | break; | |
3448 | ||
83d2b9ba JR |
3449 | case OVS_ACTION_ATTR_SET_TO_MASKED: |
3450 | err = masked_set_action_to_set_action_attr(a, skb); | |
3451 | if (err) | |
3452 | return err; | |
3453 | break; | |
3454 | ||
e6445719 PS |
3455 | case OVS_ACTION_ATTR_SAMPLE: |
3456 | err = sample_action_to_attr(a, skb); | |
3457 | if (err) | |
3458 | return err; | |
3459 | break; | |
7f8a436e JS |
3460 | |
3461 | case OVS_ACTION_ATTR_CT: | |
3462 | err = ovs_ct_action_to_attr(nla_data(a), skb); | |
3463 | if (err) | |
3464 | return err; | |
3465 | break; | |
3466 | ||
b2335040 YS |
3467 | case OVS_ACTION_ATTR_CLONE: |
3468 | err = clone_action_to_attr(a, skb); | |
3469 | if (err) | |
3470 | return err; | |
3471 | break; | |
3472 | ||
4d5ec89f NS |
3473 | case OVS_ACTION_ATTR_CHECK_PKT_LEN: |
3474 | err = check_pkt_len_action_to_attr(a, skb); | |
3475 | if (err) | |
3476 | return err; | |
3477 | break; | |
3478 | ||
e6445719 PS |
3479 | default: |
3480 | if (nla_put(skb, type, nla_len(a), nla_data(a))) | |
3481 | return -EMSGSIZE; | |
3482 | break; | |
3483 | } | |
3484 | } | |
3485 | ||
3486 | return 0; | |
3487 | } |