[ovs-dev,net-next,v11,5/6] openvswitch: add layer 3 flow/port support

Message ID	1467827996-32547-6-git-send-email-simon.horman@netronome.com
State	Not Applicable
Headers	show Return-Path: <dev-bounces@openvswitch.org> Received-SPF: neutral (mx1-pf1.cudamail.com: 74.125.82.49 is neither permitted nor denied by SPF record at mktomail.com) From: Simon Horman <simon.horman@netronome.com> To: netdev@vger.kernel.org Date: Wed, 6 Jul 2016 19:59:55 +0200 openvswitch: add layer 3 flow/port support Message-Id: <1467827996-32547-6-git-send-email-simon.horman@netronome.com> In-Reply-To: <1467827996-32547-1-git-send-email-simon.horman@netronome.com> References: <1467827996-32547-1-git-send-email-simon.horman@netronome.com> Mail: message has a signature 0.50 BSF_RULE7568M Custom Rule 7568M 0.10 RDNS_NONE Delivered to trusted network by a host with no rDNS 0.50 BSF_SC5_MJ1963 Custom Rule MJ1963 Cc: dev@openvswitch.org Subject: [ovs-dev] [PATCH net-next v11 5/6] openvswitch: add layer 3 flow/port support Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: dev-bounces@openvswitch.org Sender: "dev" <dev-bounces@openvswitch.org>

On Wed, Jul 6, 2016 at 10:59 AM, Simon Horman <simon.horman@netronome.com> wrote: > From: Lorand Jakab <lojakab@cisco.com> > > Implementation of the pop_eth and push_eth actions in the kernel, and > layer 3 flow support. > > This doesn't actually do anything yet as no layer 2 tunnel ports are > supported yet. The original patch by Lorand was against the Open vSwitch > tree which has L2 LISP tunnels but that is not supported in mainline Linux. > I (Simon) plan to follow up with support for non-TEB GRE ports based on > work by Thomas Morin. > > Cc: Thomas Morin <thomas.morin@orange.com> > Signed-off-by: Lorand Jakab <lojakab@cisco.com> > Signed-off-by: Simon Horman <simon.horman@netronome.com> > > --- .... > --- > include/uapi/linux/openvswitch.h | 11 ++ > net/openvswitch/actions.c | 45 ++++++++ > net/openvswitch/datapath.c | 13 +-- > net/openvswitch/flow.c | 65 +++++++---- > net/openvswitch/flow.h | 4 +- > net/openvswitch/flow_netlink.c | 213 ++++++++++++++++++++++++----------- > net/openvswitch/vport-geneve.c | 2 +- > net/openvswitch/vport-gre.c | 2 +- > net/openvswitch/vport-internal_dev.c | 6 + > net/openvswitch/vport-netdev.c | 19 +++- > net/openvswitch/vport-netdev.h | 2 + > net/openvswitch/vport-vxlan.c | 2 +- > 12 files changed, 279 insertions(+), 105 deletions(-) > > diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h > index 5cde501433eb..6f505e486e93 100644 > --- a/include/uapi/linux/openvswitch.h > +++ b/include/uapi/linux/openvswitch.h ... > diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c > index 12e8a8942a42..0001f651c934 100644 > --- a/net/openvswitch/actions.c > +++ b/net/openvswitch/actions.c > @@ -301,6 +301,43 @@ static int set_eth_addr(struct sk_buff *skb, struct sw_flow_key *flow_key, > return 0; > } > > +/* pop_eth does not support VLAN packets as this action is never called > + * for them. > + */ > +static int pop_eth(struct sk_buff *skb, struct sw_flow_key *key) > +{ > + skb_pull_rcsum(skb, ETH_HLEN); > + skb_reset_mac_header(skb); > + skb->mac_len -= ETH_HLEN; > + > + invalidate_flow_key(key); > + return 0; > +} This is changing l2 packet to l3 packet by reseting mac header. We need to unset mac header so that OVS key-extract can identify this packet later on, for example after recirc action. Other option would be keeping key is_layer3 consistent with packet. Push ethernet and pop ethernet action can unset and set the flag in flow key. So that OVS can keep track of packet headers by looking at packet key. When packet leaves OVS (in netdev-send) we can unset mac header according to this flag. > + > +static int push_eth(struct sk_buff *skb, struct sw_flow_key *key, > + const struct ovs_action_push_eth *ethh) > +{ > + struct ethhdr *hdr; > + > + /* Add the new Ethernet header */ > + if (skb_cow_head(skb, ETH_HLEN) < 0) > + return -ENOMEM; > + > + skb_push(skb, ETH_HLEN); > + skb_reset_mac_header(skb); > + skb->mac_len += ETH_HLEN; > + > + hdr = eth_hdr(skb); > + ether_addr_copy(hdr->h_source, ethh->addresses.eth_src); > + ether_addr_copy(hdr->h_dest, ethh->addresses.eth_dst); > + hdr->h_proto = skb->protocol; > + > + skb_postpush_rcsum(skb, hdr, ETH_HLEN); > + > + invalidate_flow_key(key); > + return 0; > +} > + .... > diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c > index 0ea128eeeab2..86f2cfb19de3 100644 > --- a/net/openvswitch/flow.c > +++ b/net/openvswitch/flow.c ... > @@ -723,9 +729,17 @@ int ovs_flow_key_extract(const struct ip_tunnel_info *tun_info, > key->phy.skb_mark = skb->mark; > ovs_ct_fill_key(skb, key); > key->ovs_flow_hash = 0; > + key->phy.is_layer3 = skb->mac_len == 0; I do not think mac_len can be used. mac_header needs to be checked. ... > diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c > index c78a6a1476fb..fc94fbe1ddc3 100644 > --- a/net/openvswitch/flow_netlink.c > +++ b/net/openvswitch/flow_netlink.c ... > @@ -898,20 +922,33 @@ static int metadata_from_nlattrs(struct net *net, struct sw_flow_match *match, > sizeof(*cl), is_mask); > *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_LABELS); > } > - return 0; > -} > > -static int ovs_key_from_nlattrs(struct net *net, struct sw_flow_match *match, > - u64 attrs, const struct nlattr **a, > - bool is_mask, bool log) > -{ > - int err; > + /* For layer 3 packets the ethernet type is provided > + * and treated as metadata but no MAC addresses are provided. > + */ > + if (*attrs & (1ULL << OVS_KEY_ATTR_ETHERTYPE) && > + !(*attrs & (1 << OVS_KEY_ATTR_ETHERNET))) { > + int err; > Here attr_ethertype can be processed irrespective of attr_ethernet. is_layer3 can be derived independently. This way there is no need to again process attr_ethertyp in l2_from_nlattrs(). > - err = metadata_from_nlattrs(net, match, &attrs, a, is_mask, log); > - if (err) > - return err; > + err = ethertype_from_nlattrs(net, match, attrs, a, is_mask, > + log); > + if (err) > + return err; > + > + is_layer3 = true; > + } > > - if (attrs & (1 << OVS_KEY_ATTR_ETHERNET)) { > + /* Always exact match is_layer3 */ > + SW_FLOW_KEY_PUT(match, phy.is_layer3, is_mask ? true : is_layer3, > + is_mask); > + return is_layer3; > +} > + .... > + if (*attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) { > + int err; > > - SW_FLOW_KEY_PUT(match, eth.type, eth_type, is_mask); > - attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE); > + err = ethertype_from_nlattrs(net, match, attrs, a, is_mask, > + log); > + if (err) > + return err; > } else if (!is_mask) { > SW_FLOW_KEY_PUT(match, eth.type, htons(ETH_P_802_2), is_mask); > } > > + return 0; > +} > + > +static int ovs_key_from_nlattrs(struct net *net, struct sw_flow_match *match, > + u64 attrs, const struct nlattr **a, > + bool is_mask, bool log) > +{ > + int err; > + bool is_layer3; > + > + err = metadata_from_nlattrs(net, match, &attrs, a, is_mask, log); > + if (err < 0) > + return err; > + is_layer3 = err != 0; > + > + if (!is_layer3) { > + err = l2_from_nlattrs(net, match, &attrs, a, is_mask, log); > + if (err < 0) > + return err; > + } > + ... > diff --git a/net/openvswitch/vport-internal_dev.c b/net/openvswitch/vport-internal_dev.c > index 32d8e94d9bff..adc364161626 100644 > --- a/net/openvswitch/vport-internal_dev.c > +++ b/net/openvswitch/vport-internal_dev.c > @@ -257,6 +257,12 @@ static netdev_tx_t internal_dev_recv(struct sk_buff *skb) > struct net_device *netdev = skb->dev; > struct pcpu_sw_netstats *stats; > > + /* Only send/receive L2 packets */ > + if (!skb->mac_len) { > + kfree_skb(skb); > + return -EINVAL; > + } > + Is mac_len consistent? I thought we decided to use skb_mac_header_was_set() to detect l3 packets. > if (unlikely(!(netdev->flags & IFF_UP))) { > kfree_skb(skb); > netdev->stats.rx_dropped++; > diff --git a/net/openvswitch/vport-netdev.c b/net/openvswitch/vport-netdev.c > index 4e3972344aa6..733e7914f6bd 100644 > --- a/net/openvswitch/vport-netdev.c > +++ b/net/openvswitch/vport-netdev.c > @@ -57,8 +57,10 @@ static void netdev_port_receive(struct sk_buff *skb) > if (unlikely(!skb)) > return; > > - skb_push(skb, ETH_HLEN); > - skb_postpush_rcsum(skb, skb->data, ETH_HLEN); > + if (vport->dev->type == ARPHRD_ETHER) { > + skb_push(skb, ETH_HLEN); > + skb_postpush_rcsum(skb, skb->data, ETH_HLEN); > + } This is still required for tunnel device of ARPHRD_NONE which can handle l2 packets. > ovs_vport_receive(vport, skb, skb_tunnel_info(skb)); > return; > error: > @@ -194,6 +196,17 @@ void ovs_netdev_tunnel_destroy(struct vport *vport) > } > EXPORT_SYMBOL_GPL(ovs_netdev_tunnel_destroy); > > +int ovs_netdev_send(struct sk_buff *skb) > +{ > + /* Only send L2 packets */ > + if (skb->mac_len) > + return dev_queue_xmit(skb); > + As commented in earlier, we can send is_layer3 flag from flow key. If it is l3 packet then unset mac header before sending it out to keep the packet metadata consistent.

diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h index 5cde501433eb..6f505e486e93 100644 --- a/include/uapi/linux/openvswitch.h +++ b/include/uapi/linux/openvswitch.h @@ -705,6 +705,15 @@ enum ovs_nat_attr { #define OVS_NAT_ATTR_MAX (__OVS_NAT_ATTR_MAX - 1) +/* + * struct ovs_action_push_eth - %OVS_ACTION_ATTR_PUSH_ETH action argument. + * @addresses: Source and destination MAC addresses. + * @eth_type: Ethernet type + */ +struct ovs_action_push_eth { + struct ovs_key_ethernet addresses; +}; + /** * enum ovs_action_attr - Action types. * @@ -766,6 +775,8 @@ enum ovs_action_attr { * bits. */ OVS_ACTION_ATTR_CT, /* Nested OVS_CT_ATTR_* . */ OVS_ACTION_ATTR_TRUNC, /* u32 struct ovs_action_trunc. */ + OVS_ACTION_ATTR_PUSH_ETH, /* struct ovs_action_push_eth. */ + OVS_ACTION_ATTR_POP_ETH, /* No argument. */ __OVS_ACTION_ATTR_MAX, /* Nothing past this will be accepted * from userspace. */ diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c index 12e8a8942a42..0001f651c934 100644 --- a/net/openvswitch/actions.c +++ b/net/openvswitch/actions.c @@ -301,6 +301,43 @@ static int set_eth_addr(struct sk_buff *skb, struct sw_flow_key *flow_key, return 0; } +/* pop_eth does not support VLAN packets as this action is never called + * for them. + */ +static int pop_eth(struct sk_buff *skb, struct sw_flow_key *key) +{ + skb_pull_rcsum(skb, ETH_HLEN); + skb_reset_mac_header(skb); + skb->mac_len -= ETH_HLEN; + + invalidate_flow_key(key); + return 0; +} + +static int push_eth(struct sk_buff *skb, struct sw_flow_key *key, + const struct ovs_action_push_eth *ethh) +{ + struct ethhdr *hdr; + + /* Add the new Ethernet header */ + if (skb_cow_head(skb, ETH_HLEN) < 0) + return -ENOMEM; + + skb_push(skb, ETH_HLEN); + skb_reset_mac_header(skb); + skb->mac_len += ETH_HLEN; + + hdr = eth_hdr(skb); + ether_addr_copy(hdr->h_source, ethh->addresses.eth_src); + ether_addr_copy(hdr->h_dest, ethh->addresses.eth_dst); + hdr->h_proto = skb->protocol; + + skb_postpush_rcsum(skb, hdr, ETH_HLEN); + + invalidate_flow_key(key); + return 0; +} + static void update_ip_l4_checksum(struct sk_buff *skb, struct iphdr *nh, __be32 addr, __be32 new_addr) { @@ -1121,6 +1158,14 @@ static int do_execute_actions(struct datapath *dp, struct sk_buff *skb, err = pop_vlan(skb, key); break; + case OVS_ACTION_ATTR_PUSH_ETH: + err = push_eth(skb, key, nla_data(a)); + break; + + case OVS_ACTION_ATTR_POP_ETH: + err = pop_eth(skb, key); + break; + case OVS_ACTION_ATTR_RECIRC: err = execute_recirc(dp, skb, key, a, rem); if (nla_is_last(a, rem)) { diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c index 524c0fd3078e..277f4f5ffea8 100644 --- a/net/openvswitch/datapath.c +++ b/net/openvswitch/datapath.c @@ -562,7 +562,6 @@ static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info) struct sw_flow *flow; struct sw_flow_actions *sf_acts; struct datapath *dp; - struct ethhdr *eth; struct vport *input_vport; u16 mru = 0; int len; @@ -583,17 +582,6 @@ static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info) nla_memcpy(__skb_put(packet, len), a[OVS_PACKET_ATTR_PACKET], len); - skb_reset_mac_header(packet); - eth = eth_hdr(packet); - - /* Normally, setting the skb 'protocol' field would be handled by a - * call to eth_type_trans(), but it assumes there's a sending - * device, which we may not have. */ - if (eth_proto_is_802_3(eth->h_proto)) - packet->protocol = eth->h_proto; - else - packet->protocol = htons(ETH_P_802_2); - /* Set packet's mru */ if (a[OVS_PACKET_ATTR_MRU]) { mru = nla_get_u16(a[OVS_PACKET_ATTR_MRU]); @@ -620,6 +608,7 @@ static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info) rcu_assign_pointer(flow->sf_acts, acts); packet->priority = flow->key.phy.priority; packet->mark = flow->key.phy.skb_mark; + packet->protocol = flow->key.eth.type; rcu_read_lock(); dp = get_dp_rcu(net, ovs_header->dp_ifindex); diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c index 0ea128eeeab2..86f2cfb19de3 100644 --- a/net/openvswitch/flow.c +++ b/net/openvswitch/flow.c @@ -461,35 +461,39 @@ invalid: static int key_extract(struct sk_buff *skb, struct sw_flow_key *key) { int error; - struct ethhdr *eth; /* Flags are always used as part of stats */ key->tp.flags = 0; skb_reset_mac_header(skb); - /* Link layer. We are guaranteed to have at least the 14 byte Ethernet - * header in the linear data area. - */ - eth = eth_hdr(skb); - ether_addr_copy(key->eth.src, eth->h_source); - ether_addr_copy(key->eth.dst, eth->h_dest); + /* Link layer. */ + key->eth.tci = 0; + if (key->phy.is_layer3) { + if (skb_vlan_tag_present(skb)) + key->eth.tci = htons(skb->vlan_tci); + key->eth.type = skb->protocol; + } else { + struct ethhdr *eth = eth_hdr(skb); - __skb_pull(skb, 2 * ETH_ALEN); - /* We are going to push all headers that we pull, so no need to - * update skb->csum here. - */ + ether_addr_copy(key->eth.src, eth->h_source); + ether_addr_copy(key->eth.dst, eth->h_dest); - key->eth.tci = 0; - if (skb_vlan_tag_present(skb)) - key->eth.tci = htons(skb->vlan_tci); - else if (eth->h_proto == htons(ETH_P_8021Q)) - if (unlikely(parse_vlan(skb, key))) - return -ENOMEM; + __skb_pull(skb, 2 * ETH_ALEN); + /* We are going to push all headers that we pull, so no need to + * update skb->csum here. + */ - key->eth.type = parse_ethertype(skb); - if (unlikely(key->eth.type == htons(0))) - return -ENOMEM; + if (skb_vlan_tag_present(skb)) + key->eth.tci = htons(skb->vlan_tci); + else if (eth->h_proto == htons(ETH_P_8021Q)) + if (unlikely(parse_vlan(skb, key))) + return -ENOMEM; + + key->eth.type = parse_ethertype(skb); + if (unlikely(key->eth.type == htons(0))) + return -ENOMEM; + } skb_reset_network_header(skb); skb_reset_mac_len(skb); @@ -696,6 +700,8 @@ int ovs_flow_key_update(struct sk_buff *skb, struct sw_flow_key *key) int ovs_flow_key_extract(const struct ip_tunnel_info *tun_info, struct sk_buff *skb, struct sw_flow_key *key) { + int err; + /* Extract metadata from packet. */ if (tun_info) { key->tun_proto = ip_tunnel_info_af(tun_info); @@ -723,9 +729,17 @@ int ovs_flow_key_extract(const struct ip_tunnel_info *tun_info, key->phy.skb_mark = skb->mark; ovs_ct_fill_key(skb, key); key->ovs_flow_hash = 0; + key->phy.is_layer3 = skb->mac_len == 0; key->recirc_id = 0; - return key_extract(skb, key); + err = key_extract(skb, key); + if (err < 0) + return err; + + if (tun_info && skb->protocol == htons(ETH_P_TEB)) + skb->protocol = key->eth.type; + + return err; } int ovs_flow_key_extract_userspace(struct net *net, const struct nlattr *attr, @@ -741,5 +755,14 @@ int ovs_flow_key_extract_userspace(struct net *net, const struct nlattr *attr, if (err) return err; + /* key_extract assumes that skb->protocol is set-up for + * layer 3 packets which is the case for other callers, + * in particular packets recieved from the network stack. + * Here the correct value can be set from the metadata + * extracted above. + */ + if (key->phy.is_layer3) + skb->protocol = key->eth.type; + return key_extract(skb, key); } diff --git a/net/openvswitch/flow.h b/net/openvswitch/flow.h index 03378e75a67c..5395ec0c3c13 100644 --- a/net/openvswitch/flow.h +++ b/net/openvswitch/flow.h @@ -62,6 +62,7 @@ struct sw_flow_key { u32 priority; /* Packet QoS priority. */ u32 skb_mark; /* SKB mark. */ u16 in_port; /* Input switch port (or DP_MAX_PORTS). */ + bool is_layer3; /* Packet has no Ethernet header */ } __packed phy; /* Safe when right after 'tun_key'. */ u8 tun_proto; /* Protocol of encapsulating tunnel. */ u32 ovs_flow_hash; /* Datapath computed hash value. */ @@ -219,8 +220,7 @@ u64 ovs_flow_used_time(unsigned long flow_jiffies); int ovs_flow_key_update(struct sk_buff *skb, struct sw_flow_key *key); int ovs_flow_key_extract(const struct ip_tunnel_info *tun_info, - struct sk_buff *skb, - struct sw_flow_key *key); + struct sk_buff *skb, struct sw_flow_key *key); /* Extract key from packet coming from userspace. */ int ovs_flow_key_extract_userspace(struct net *net, const struct nlattr *attr, struct sk_buff *skb, diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c index c78a6a1476fb..fc94fbe1ddc3 100644 --- a/net/openvswitch/flow_netlink.c +++ b/net/openvswitch/flow_netlink.c @@ -123,7 +123,7 @@ static void update_range(struct sw_flow_match *match, static bool match_validate(const struct sw_flow_match *match, u64 key_attrs, u64 mask_attrs, bool log) { - u64 key_expected = 1 << OVS_KEY_ATTR_ETHERNET; + u64 key_expected = 0; u64 mask_allowed = key_attrs; /* At most allow all key attributes */ /* The following mask attributes allowed only if they @@ -808,10 +808,34 @@ int ovs_nla_put_tunnel_info(struct sk_buff *skb, ip_tunnel_info_af(tun_info)); } +static int ethertype_from_nlattrs(struct net *net, struct sw_flow_match *match, + u64 *attrs, const struct nlattr **a, + bool is_mask, bool log) +{ + __be16 eth_type; + + eth_type = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]); + if (is_mask) { + /* Always exact match EtherType. */ + eth_type = htons(0xffff); + } else if (!eth_proto_is_802_3(eth_type)) { + OVS_NLERR(log, "EtherType %x is less than min %x", + ntohs(eth_type), ETH_P_802_3_MIN); + return -EINVAL; + } + + SW_FLOW_KEY_PUT(match, eth.type, eth_type, is_mask); + *attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE); + + return 0; +} + static int metadata_from_nlattrs(struct net *net, struct sw_flow_match *match, u64 *attrs, const struct nlattr **a, bool is_mask, bool log) { + bool is_layer3 = false; + if (*attrs & (1 << OVS_KEY_ATTR_DP_HASH)) { u32 hash_val = nla_get_u32(a[OVS_KEY_ATTR_DP_HASH]); @@ -898,20 +922,33 @@ static int metadata_from_nlattrs(struct net *net, struct sw_flow_match *match, sizeof(*cl), is_mask); *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_LABELS); } - return 0; -} -static int ovs_key_from_nlattrs(struct net *net, struct sw_flow_match *match, - u64 attrs, const struct nlattr **a, - bool is_mask, bool log) -{ - int err; + /* For layer 3 packets the ethernet type is provided + * and treated as metadata but no MAC addresses are provided. + */ + if (*attrs & (1ULL << OVS_KEY_ATTR_ETHERTYPE) && + !(*attrs & (1 << OVS_KEY_ATTR_ETHERNET))) { + int err; - err = metadata_from_nlattrs(net, match, &attrs, a, is_mask, log); - if (err) - return err; + err = ethertype_from_nlattrs(net, match, attrs, a, is_mask, + log); + if (err) + return err; + + is_layer3 = true; + } - if (attrs & (1 << OVS_KEY_ATTR_ETHERNET)) { + /* Always exact match is_layer3 */ + SW_FLOW_KEY_PUT(match, phy.is_layer3, is_mask ? true : is_layer3, + is_mask); + return is_layer3; +} + +static int l2_from_nlattrs(struct net *net, struct sw_flow_match *match, + u64 *attrs, const struct nlattr **a, + bool is_mask, bool log) +{ + if (*attrs & (1 << OVS_KEY_ATTR_ETHERNET)) { const struct ovs_key_ethernet *eth_key; eth_key = nla_data(a[OVS_KEY_ATTR_ETHERNET]); @@ -919,10 +956,10 @@ static int ovs_key_from_nlattrs(struct net *net, struct sw_flow_match *match, eth_key->eth_src, ETH_ALEN, is_mask); SW_FLOW_KEY_MEMCPY(match, eth.dst, eth_key->eth_dst, ETH_ALEN, is_mask); - attrs &= ~(1 << OVS_KEY_ATTR_ETHERNET); + *attrs &= ~(1 << OVS_KEY_ATTR_ETHERNET); } - if (attrs & (1 << OVS_KEY_ATTR_VLAN)) { + if (*attrs & (1 << OVS_KEY_ATTR_VLAN)) { __be16 tci; tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]); @@ -936,28 +973,41 @@ static int ovs_key_from_nlattrs(struct net *net, struct sw_flow_match *match, } SW_FLOW_KEY_PUT(match, eth.tci, tci, is_mask); - attrs &= ~(1 << OVS_KEY_ATTR_VLAN); + *attrs &= ~(1 << OVS_KEY_ATTR_VLAN); } - if (attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) { - __be16 eth_type; - - eth_type = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]); - if (is_mask) { - /* Always exact match EtherType. */ - eth_type = htons(0xffff); - } else if (!eth_proto_is_802_3(eth_type)) { - OVS_NLERR(log, "EtherType %x is less than min %x", - ntohs(eth_type), ETH_P_802_3_MIN); - return -EINVAL; - } + if (*attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) { + int err; - SW_FLOW_KEY_PUT(match, eth.type, eth_type, is_mask); - attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE); + err = ethertype_from_nlattrs(net, match, attrs, a, is_mask, + log); + if (err) + return err; } else if (!is_mask) { SW_FLOW_KEY_PUT(match, eth.type, htons(ETH_P_802_2), is_mask); } + return 0; +} + +static int ovs_key_from_nlattrs(struct net *net, struct sw_flow_match *match, + u64 attrs, const struct nlattr **a, + bool is_mask, bool log) +{ + int err; + bool is_layer3; + + err = metadata_from_nlattrs(net, match, &attrs, a, is_mask, log); + if (err < 0) + return err; + is_layer3 = err != 0; + + if (!is_layer3) { + err = l2_from_nlattrs(net, match, &attrs, a, is_mask, log); + if (err < 0) + return err; + } + if (attrs & (1 << OVS_KEY_ATTR_IPV4)) { const struct ovs_key_ipv4 *ipv4_key; @@ -1407,7 +1457,11 @@ int ovs_nla_get_flow_metadata(struct net *net, const struct nlattr *attr, memset(&key->ct, 0, sizeof(key->ct)); key->phy.in_port = DP_MAX_PORTS; - return metadata_from_nlattrs(net, &match, &attrs, a, false, log); + err = metadata_from_nlattrs(net, &match, &attrs, a, false, log); + if (err < 0) + return err; + + return 0; } static int __ovs_nla_put_key(const struct sw_flow_key *swkey, @@ -1415,7 +1469,7 @@ static int __ovs_nla_put_key(const struct sw_flow_key *swkey, struct sk_buff *skb) { struct ovs_key_ethernet *eth_key; - struct nlattr *nla, *encap; + struct nlattr *nla, *encap = NULL; if (nla_put_u32(skb, OVS_KEY_ATTR_RECIRC_ID, output->recirc_id)) goto nla_put_failure; @@ -1456,38 +1510,40 @@ static int __ovs_nla_put_key(const struct sw_flow_key *swkey, if (ovs_ct_put_key(output, skb)) goto nla_put_failure; - nla = nla_reserve(skb, OVS_KEY_ATTR_ETHERNET, sizeof(*eth_key)); - if (!nla) - goto nla_put_failure; + if (!swkey->phy.is_layer3) { + nla = nla_reserve(skb, OVS_KEY_ATTR_ETHERNET, sizeof(*eth_key)); + if (!nla) + goto nla_put_failure; - eth_key = nla_data(nla); - ether_addr_copy(eth_key->eth_src, output->eth.src); - ether_addr_copy(eth_key->eth_dst, output->eth.dst); + eth_key = nla_data(nla); + ether_addr_copy(eth_key->eth_src, output->eth.src); + ether_addr_copy(eth_key->eth_dst, output->eth.dst); - if (swkey->eth.tci || swkey->eth.type == htons(ETH_P_8021Q)) { - __be16 eth_type; - eth_type = !is_mask ? htons(ETH_P_8021Q) : htons(0xffff); - if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, eth_type) || - nla_put_be16(skb, OVS_KEY_ATTR_VLAN, output->eth.tci)) - goto nla_put_failure; - encap = nla_nest_start(skb, OVS_KEY_ATTR_ENCAP); - if (!swkey->eth.tci) - goto unencap; - } else - encap = NULL; - - if (swkey->eth.type == htons(ETH_P_802_2)) { - /* - * Ethertype 802.2 is represented in the netlink with omitted - * OVS_KEY_ATTR_ETHERTYPE in the flow key attribute, and - * 0xffff in the mask attribute. Ethertype can also - * be wildcarded. - */ - if (is_mask && output->eth.type) - if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, - output->eth.type)) + if (swkey->eth.tci || swkey->eth.type == htons(ETH_P_8021Q)) { + __be16 eth_type; + eth_type = !is_mask ? htons(ETH_P_8021Q) : htons(0xffff); + if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, eth_type) || + nla_put_be16(skb, OVS_KEY_ATTR_VLAN, + output->eth.tci)) goto nla_put_failure; - goto unencap; + encap = nla_nest_start(skb, OVS_KEY_ATTR_ENCAP); + if (!swkey->eth.tci) + goto unencap; + } + + if (swkey->eth.type == htons(ETH_P_802_2)) { + /* + * Ethertype 802.2 is represented in the netlink + * with omitted OVS_KEY_ATTR_ETHERTYPE in the flow + * key attribute, and 0xffff in the mask attribute. + * Ethertype can also be wildcarded. + */ + if (is_mask && output->eth.type) + if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, + output->eth.type)) + goto nla_put_failure; + goto unencap; + } } if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, output->eth.type)) @@ -2010,8 +2066,8 @@ static bool validate_masked(u8 *data, int len) static int validate_set(const struct nlattr *a, const struct sw_flow_key *flow_key, - struct sw_flow_actions **sfa, - bool *skip_copy, __be16 eth_type, bool masked, bool log) + struct sw_flow_actions **sfa, bool *skip_copy, + __be16 eth_type, bool masked, bool log, bool is_layer3) { const struct nlattr *ovs_key = nla_data(a); int key_type = nla_type(ovs_key); @@ -2041,7 +2097,11 @@ static int validate_set(const struct nlattr *a, case OVS_KEY_ATTR_SKB_MARK: case OVS_KEY_ATTR_CT_MARK: case OVS_KEY_ATTR_CT_LABELS: + break; + case OVS_KEY_ATTR_ETHERNET: + if (is_layer3) + return -EINVAL; break; case OVS_KEY_ATTR_TUNNEL: @@ -2208,6 +2268,7 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, int depth, struct sw_flow_actions **sfa, __be16 eth_type, __be16 vlan_tci, bool log) { + bool is_layer3 = key->phy.is_layer3; const struct nlattr *a; int rem, err; @@ -2230,6 +2291,8 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, [OVS_ACTION_ATTR_HASH] = sizeof(struct ovs_action_hash), [OVS_ACTION_ATTR_CT] = (u32)-1, [OVS_ACTION_ATTR_TRUNC] = sizeof(struct ovs_action_trunc), + [OVS_ACTION_ATTR_PUSH_ETH] = sizeof(struct ovs_action_push_eth), + [OVS_ACTION_ATTR_POP_ETH] = 0, }; const struct ovs_action_push_vlan *vlan; int type = nla_type(a); @@ -2278,10 +2341,14 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, } case OVS_ACTION_ATTR_POP_VLAN: + if (is_layer3) + return -EINVAL; vlan_tci = htons(0); break; case OVS_ACTION_ATTR_PUSH_VLAN: + if (is_layer3) + return -EINVAL; vlan = nla_data(a); if (vlan->vlan_tpid != htons(ETH_P_8021Q)) return -EINVAL; @@ -2331,14 +2398,16 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, case OVS_ACTION_ATTR_SET: err = validate_set(a, key, sfa, - &skip_copy, eth_type, false, log); + &skip_copy, eth_type, false, log, + is_layer3); if (err) return err; break; case OVS_ACTION_ATTR_SET_MASKED: err = validate_set(a, key, sfa, - &skip_copy, eth_type, true, log); + &skip_copy, eth_type, true, log, + is_layer3); if (err) return err; break; @@ -2358,6 +2427,22 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, skip_copy = true; break; + case OVS_ACTION_ATTR_POP_ETH: + if (is_layer3) + return -EINVAL; + if (vlan_tci & htons(VLAN_TAG_PRESENT)) + return -EINVAL; + is_layer3 = true; + break; + + case OVS_ACTION_ATTR_PUSH_ETH: + /* For now disallow pushing an Ethernet header if one + * is already present */ + if (!is_layer3) + return -EINVAL; + is_layer3 = false; + break; + default: OVS_NLERR(log, "Unknown Action type %d", type); return -EINVAL; diff --git a/net/openvswitch/vport-geneve.c b/net/openvswitch/vport-geneve.c index 1a1fcec88695..7a06e19f5279 100644 --- a/net/openvswitch/vport-geneve.c +++ b/net/openvswitch/vport-geneve.c @@ -116,7 +116,7 @@ static struct vport_ops ovs_geneve_vport_ops = { .create = geneve_create, .destroy = ovs_netdev_tunnel_destroy, .get_options = geneve_get_options, - .send = dev_queue_xmit, + .send = ovs_netdev_send, }; static int __init ovs_geneve_tnl_init(void) diff --git a/net/openvswitch/vport-gre.c b/net/openvswitch/vport-gre.c index 7f8897f33a67..bcbc91b8b077 100644 --- a/net/openvswitch/vport-gre.c +++ b/net/openvswitch/vport-gre.c @@ -87,7 +87,7 @@ static struct vport *gre_create(const struct vport_parms *parms) static struct vport_ops ovs_gre_vport_ops = { .type = OVS_VPORT_TYPE_GRE, .create = gre_create, - .send = dev_queue_xmit, + .send = ovs_netdev_send, .destroy = ovs_netdev_tunnel_destroy, }; diff --git a/net/openvswitch/vport-internal_dev.c b/net/openvswitch/vport-internal_dev.c index 32d8e94d9bff..adc364161626 100644 --- a/net/openvswitch/vport-internal_dev.c +++ b/net/openvswitch/vport-internal_dev.c @@ -257,6 +257,12 @@ static netdev_tx_t internal_dev_recv(struct sk_buff *skb) struct net_device *netdev = skb->dev; struct pcpu_sw_netstats *stats; + /* Only send/receive L2 packets */ + if (!skb->mac_len) { + kfree_skb(skb); + return -EINVAL; + } + if (unlikely(!(netdev->flags & IFF_UP))) { kfree_skb(skb); netdev->stats.rx_dropped++; diff --git a/net/openvswitch/vport-netdev.c b/net/openvswitch/vport-netdev.c index 4e3972344aa6..733e7914f6bd 100644 --- a/net/openvswitch/vport-netdev.c +++ b/net/openvswitch/vport-netdev.c @@ -57,8 +57,10 @@ static void netdev_port_receive(struct sk_buff *skb) if (unlikely(!skb)) return; - skb_push(skb, ETH_HLEN); - skb_postpush_rcsum(skb, skb->data, ETH_HLEN); + if (vport->dev->type == ARPHRD_ETHER) { + skb_push(skb, ETH_HLEN); + skb_postpush_rcsum(skb, skb->data, ETH_HLEN); + } ovs_vport_receive(vport, skb, skb_tunnel_info(skb)); return; error: @@ -194,6 +196,17 @@ void ovs_netdev_tunnel_destroy(struct vport *vport) } EXPORT_SYMBOL_GPL(ovs_netdev_tunnel_destroy); +int ovs_netdev_send(struct sk_buff *skb) +{ + /* Only send L2 packets */ + if (skb->mac_len) + return dev_queue_xmit(skb); + + kfree_skb(skb); + return -EINVAL; +} +EXPORT_SYMBOL_GPL(ovs_netdev_send); + /* Returns null if this device is not attached to a datapath. */ struct vport *ovs_netdev_get_vport(struct net_device *dev) { @@ -208,7 +221,7 @@ static struct vport_ops ovs_netdev_vport_ops = { .type = OVS_VPORT_TYPE_NETDEV, .create = netdev_create, .destroy = netdev_destroy, - .send = dev_queue_xmit, + .send = ovs_netdev_send, }; int __init ovs_netdev_init(void) diff --git a/net/openvswitch/vport-netdev.h b/net/openvswitch/vport-netdev.h index 19e29c12adcc..637b14a9963c 100644 --- a/net/openvswitch/vport-netdev.h +++ b/net/openvswitch/vport-netdev.h @@ -33,4 +33,6 @@ int __init ovs_netdev_init(void); void ovs_netdev_exit(void); void ovs_netdev_tunnel_destroy(struct vport *vport); + +int ovs_netdev_send(struct sk_buff *skb); #endif /* vport_netdev.h */ diff --git a/net/openvswitch/vport-vxlan.c b/net/openvswitch/vport-vxlan.c index 5eb7694348b5..13f11ad7e35a 100644 --- a/net/openvswitch/vport-vxlan.c +++ b/net/openvswitch/vport-vxlan.c @@ -153,7 +153,7 @@ static struct vport_ops ovs_vxlan_netdev_vport_ops = { .create = vxlan_create, .destroy = ovs_netdev_tunnel_destroy, .get_options = vxlan_get_options, - .send = dev_queue_xmit, + .send = ovs_netdev_send, }; static int __init ovs_vxlan_tnl_init(void)

[ovs-dev,net-next,v11,5/6] openvswitch: add layer 3 flow/port support

Commit Message

Comments

Patch