1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
20
21#include <linux/skbuff.h>
22#include <linux/in.h>
23#include <linux/ip.h>
24#include <linux/openvswitch.h>
25#include <linux/tcp.h>
26#include <linux/udp.h>
27#include <linux/in6.h>
28#include <linux/if_arp.h>
29#include <linux/if_vlan.h>
30#include <net/ip.h>
31#include <net/checksum.h>
32#include <net/dsfield.h>
33
34#include "datapath.h"
35#include "vport.h"
36
37static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
38 const struct nlattr *attr, int len, bool keep_skb);
39
40static int make_writable(struct sk_buff *skb, int write_len)
41{
42 if (!skb_cloned(skb) || skb_clone_writable(skb, write_len))
43 return 0;
44
45 return pskb_expand_head(skb, 0, 0, GFP_ATOMIC);
46}
47
48
49static int __pop_vlan_tci(struct sk_buff *skb, __be16 *current_tci)
50{
51 struct vlan_hdr *vhdr;
52 int err;
53
54 err = make_writable(skb, VLAN_ETH_HLEN);
55 if (unlikely(err))
56 return err;
57
58 if (skb->ip_summed == CHECKSUM_COMPLETE)
59 skb->csum = csum_sub(skb->csum, csum_partial(skb->data
60 + ETH_HLEN, VLAN_HLEN, 0));
61
62 vhdr = (struct vlan_hdr *)(skb->data + ETH_HLEN);
63 *current_tci = vhdr->h_vlan_TCI;
64
65 memmove(skb->data + VLAN_HLEN, skb->data, 2 * ETH_ALEN);
66 __skb_pull(skb, VLAN_HLEN);
67
68 vlan_set_encap_proto(skb, vhdr);
69 skb->mac_header += VLAN_HLEN;
70 skb_reset_mac_len(skb);
71
72 return 0;
73}
74
75static int pop_vlan(struct sk_buff *skb)
76{
77 __be16 tci;
78 int err;
79
80 if (likely(vlan_tx_tag_present(skb))) {
81 skb->vlan_tci = 0;
82 } else {
83 if (unlikely(skb->protocol != htons(ETH_P_8021Q) ||
84 skb->len < VLAN_ETH_HLEN))
85 return 0;
86
87 err = __pop_vlan_tci(skb, &tci);
88 if (err)
89 return err;
90 }
91
92 if (likely(skb->protocol != htons(ETH_P_8021Q) ||
93 skb->len < VLAN_ETH_HLEN))
94 return 0;
95
96 err = __pop_vlan_tci(skb, &tci);
97 if (unlikely(err))
98 return err;
99
100 __vlan_hwaccel_put_tag(skb, ntohs(tci));
101 return 0;
102}
103
104static int push_vlan(struct sk_buff *skb, const struct ovs_action_push_vlan *vlan)
105{
106 if (unlikely(vlan_tx_tag_present(skb))) {
107 u16 current_tag;
108
109
110 current_tag = vlan_tx_tag_get(skb);
111
112 if (!__vlan_put_tag(skb, current_tag))
113 return -ENOMEM;
114
115 if (skb->ip_summed == CHECKSUM_COMPLETE)
116 skb->csum = csum_add(skb->csum, csum_partial(skb->data
117 + ETH_HLEN, VLAN_HLEN, 0));
118
119 }
120 __vlan_hwaccel_put_tag(skb, ntohs(vlan->vlan_tci) & ~VLAN_TAG_PRESENT);
121 return 0;
122}
123
124static int set_eth_addr(struct sk_buff *skb,
125 const struct ovs_key_ethernet *eth_key)
126{
127 int err;
128 err = make_writable(skb, ETH_HLEN);
129 if (unlikely(err))
130 return err;
131
132 memcpy(eth_hdr(skb)->h_source, eth_key->eth_src, ETH_ALEN);
133 memcpy(eth_hdr(skb)->h_dest, eth_key->eth_dst, ETH_ALEN);
134
135 return 0;
136}
137
138static void set_ip_addr(struct sk_buff *skb, struct iphdr *nh,
139 __be32 *addr, __be32 new_addr)
140{
141 int transport_len = skb->len - skb_transport_offset(skb);
142
143 if (nh->protocol == IPPROTO_TCP) {
144 if (likely(transport_len >= sizeof(struct tcphdr)))
145 inet_proto_csum_replace4(&tcp_hdr(skb)->check, skb,
146 *addr, new_addr, 1);
147 } else if (nh->protocol == IPPROTO_UDP) {
148 if (likely(transport_len >= sizeof(struct udphdr))) {
149 struct udphdr *uh = udp_hdr(skb);
150
151 if (uh->check || skb->ip_summed == CHECKSUM_PARTIAL) {
152 inet_proto_csum_replace4(&uh->check, skb,
153 *addr, new_addr, 1);
154 if (!uh->check)
155 uh->check = CSUM_MANGLED_0;
156 }
157 }
158 }
159
160 csum_replace4(&nh->check, *addr, new_addr);
161 skb->rxhash = 0;
162 *addr = new_addr;
163}
164
165static void set_ip_ttl(struct sk_buff *skb, struct iphdr *nh, u8 new_ttl)
166{
167 csum_replace2(&nh->check, htons(nh->ttl << 8), htons(new_ttl << 8));
168 nh->ttl = new_ttl;
169}
170
171static int set_ipv4(struct sk_buff *skb, const struct ovs_key_ipv4 *ipv4_key)
172{
173 struct iphdr *nh;
174 int err;
175
176 err = make_writable(skb, skb_network_offset(skb) +
177 sizeof(struct iphdr));
178 if (unlikely(err))
179 return err;
180
181 nh = ip_hdr(skb);
182
183 if (ipv4_key->ipv4_src != nh->saddr)
184 set_ip_addr(skb, nh, &nh->saddr, ipv4_key->ipv4_src);
185
186 if (ipv4_key->ipv4_dst != nh->daddr)
187 set_ip_addr(skb, nh, &nh->daddr, ipv4_key->ipv4_dst);
188
189 if (ipv4_key->ipv4_tos != nh->tos)
190 ipv4_change_dsfield(nh, 0, ipv4_key->ipv4_tos);
191
192 if (ipv4_key->ipv4_ttl != nh->ttl)
193 set_ip_ttl(skb, nh, ipv4_key->ipv4_ttl);
194
195 return 0;
196}
197
198
199static void set_tp_port(struct sk_buff *skb, __be16 *port,
200 __be16 new_port, __sum16 *check)
201{
202 inet_proto_csum_replace2(check, skb, *port, new_port, 0);
203 *port = new_port;
204 skb->rxhash = 0;
205}
206
207static void set_udp_port(struct sk_buff *skb, __be16 *port, __be16 new_port)
208{
209 struct udphdr *uh = udp_hdr(skb);
210
211 if (uh->check && skb->ip_summed != CHECKSUM_PARTIAL) {
212 set_tp_port(skb, port, new_port, &uh->check);
213
214 if (!uh->check)
215 uh->check = CSUM_MANGLED_0;
216 } else {
217 *port = new_port;
218 skb->rxhash = 0;
219 }
220}
221
222static int set_udp(struct sk_buff *skb, const struct ovs_key_udp *udp_port_key)
223{
224 struct udphdr *uh;
225 int err;
226
227 err = make_writable(skb, skb_transport_offset(skb) +
228 sizeof(struct udphdr));
229 if (unlikely(err))
230 return err;
231
232 uh = udp_hdr(skb);
233 if (udp_port_key->udp_src != uh->source)
234 set_udp_port(skb, &uh->source, udp_port_key->udp_src);
235
236 if (udp_port_key->udp_dst != uh->dest)
237 set_udp_port(skb, &uh->dest, udp_port_key->udp_dst);
238
239 return 0;
240}
241
242static int set_tcp(struct sk_buff *skb, const struct ovs_key_tcp *tcp_port_key)
243{
244 struct tcphdr *th;
245 int err;
246
247 err = make_writable(skb, skb_transport_offset(skb) +
248 sizeof(struct tcphdr));
249 if (unlikely(err))
250 return err;
251
252 th = tcp_hdr(skb);
253 if (tcp_port_key->tcp_src != th->source)
254 set_tp_port(skb, &th->source, tcp_port_key->tcp_src, &th->check);
255
256 if (tcp_port_key->tcp_dst != th->dest)
257 set_tp_port(skb, &th->dest, tcp_port_key->tcp_dst, &th->check);
258
259 return 0;
260}
261
262static int do_output(struct datapath *dp, struct sk_buff *skb, int out_port)
263{
264 struct vport *vport;
265
266 if (unlikely(!skb))
267 return -ENOMEM;
268
269 vport = rcu_dereference(dp->ports[out_port]);
270 if (unlikely(!vport)) {
271 kfree_skb(skb);
272 return -ENODEV;
273 }
274
275 ovs_vport_send(vport, skb);
276 return 0;
277}
278
279static int output_userspace(struct datapath *dp, struct sk_buff *skb,
280 const struct nlattr *attr)
281{
282 struct dp_upcall_info upcall;
283 const struct nlattr *a;
284 int rem;
285
286 upcall.cmd = OVS_PACKET_CMD_ACTION;
287 upcall.key = &OVS_CB(skb)->flow->key;
288 upcall.userdata = NULL;
289 upcall.pid = 0;
290
291 for (a = nla_data(attr), rem = nla_len(attr); rem > 0;
292 a = nla_next(a, &rem)) {
293 switch (nla_type(a)) {
294 case OVS_USERSPACE_ATTR_USERDATA:
295 upcall.userdata = a;
296 break;
297
298 case OVS_USERSPACE_ATTR_PID:
299 upcall.pid = nla_get_u32(a);
300 break;
301 }
302 }
303
304 return ovs_dp_upcall(dp, skb, &upcall);
305}
306
307static int sample(struct datapath *dp, struct sk_buff *skb,
308 const struct nlattr *attr)
309{
310 const struct nlattr *acts_list = NULL;
311 const struct nlattr *a;
312 int rem;
313
314 for (a = nla_data(attr), rem = nla_len(attr); rem > 0;
315 a = nla_next(a, &rem)) {
316 switch (nla_type(a)) {
317 case OVS_SAMPLE_ATTR_PROBABILITY:
318 if (net_random() >= nla_get_u32(a))
319 return 0;
320 break;
321
322 case OVS_SAMPLE_ATTR_ACTIONS:
323 acts_list = a;
324 break;
325 }
326 }
327
328 return do_execute_actions(dp, skb, nla_data(acts_list),
329 nla_len(acts_list), true);
330}
331
332static int execute_set_action(struct sk_buff *skb,
333 const struct nlattr *nested_attr)
334{
335 int err = 0;
336
337 switch (nla_type(nested_attr)) {
338 case OVS_KEY_ATTR_PRIORITY:
339 skb->priority = nla_get_u32(nested_attr);
340 break;
341
342 case OVS_KEY_ATTR_ETHERNET:
343 err = set_eth_addr(skb, nla_data(nested_attr));
344 break;
345
346 case OVS_KEY_ATTR_IPV4:
347 err = set_ipv4(skb, nla_data(nested_attr));
348 break;
349
350 case OVS_KEY_ATTR_TCP:
351 err = set_tcp(skb, nla_data(nested_attr));
352 break;
353
354 case OVS_KEY_ATTR_UDP:
355 err = set_udp(skb, nla_data(nested_attr));
356 break;
357 }
358
359 return err;
360}
361
362
363static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
364 const struct nlattr *attr, int len, bool keep_skb)
365{
366
367
368
369
370 int prev_port = -1;
371 const struct nlattr *a;
372 int rem;
373
374 for (a = attr, rem = len; rem > 0;
375 a = nla_next(a, &rem)) {
376 int err = 0;
377
378 if (prev_port != -1) {
379 do_output(dp, skb_clone(skb, GFP_ATOMIC), prev_port);
380 prev_port = -1;
381 }
382
383 switch (nla_type(a)) {
384 case OVS_ACTION_ATTR_OUTPUT:
385 prev_port = nla_get_u32(a);
386 break;
387
388 case OVS_ACTION_ATTR_USERSPACE:
389 output_userspace(dp, skb, a);
390 break;
391
392 case OVS_ACTION_ATTR_PUSH_VLAN:
393 err = push_vlan(skb, nla_data(a));
394 if (unlikely(err))
395 return err;
396 break;
397
398 case OVS_ACTION_ATTR_POP_VLAN:
399 err = pop_vlan(skb);
400 break;
401
402 case OVS_ACTION_ATTR_SET:
403 err = execute_set_action(skb, nla_data(a));
404 break;
405
406 case OVS_ACTION_ATTR_SAMPLE:
407 err = sample(dp, skb, a);
408 break;
409 }
410
411 if (unlikely(err)) {
412 kfree_skb(skb);
413 return err;
414 }
415 }
416
417 if (prev_port != -1) {
418 if (keep_skb)
419 skb = skb_clone(skb, GFP_ATOMIC);
420
421 do_output(dp, skb, prev_port);
422 } else if (!keep_skb)
423 consume_skb(skb);
424
425 return 0;
426}
427
428
429int ovs_execute_actions(struct datapath *dp, struct sk_buff *skb)
430{
431 struct sw_flow_actions *acts = rcu_dereference(OVS_CB(skb)->flow->sf_acts);
432
433 return do_execute_actions(dp, skb, acts->actions,
434 acts->actions_len, false);
435}
436
