mir/openvswitch
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-10-25 15:07:05 +00:00
Code Issues Releases Wiki Activity
Files
8a5d84f621f23ea2594248410641c037e9bc919d
openvswitch/datapath/actions.c

416 lines
9.3 KiB
C
Raw Normal View History

Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
/*
* Distributed under the terms of the GNU GPL version 2.
datapath: Convert upcalls and ODP_EXECUTE to use AF_NETLINK socket layer. This commit calls genl_lock() and thus doesn't support Linux before 2.6.35, which wasn't exported before that version. That problem will be fixed once the whole userspace interface transitions to Generic Netlink a few commits from now. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-26 13:41:54 -08:00
* Copyright (c) 2007, 2008, 2009, 2010, 2011 Nicira Networks.
Update primary code license to Apache 2.0.
2009-06-15 15:11:30 -07:00
*
* Significant portions of this file may be copied from parts of the Linux
* kernel, by Linus Torvalds and others.
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
*/
/* Functions for executing flow actions. */
#include <linux/skbuff.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/udp.h>
#include <linux/in6.h>
Add Nicira extension to OpenFlow for dropping spoofed ARP packets. "ARP spoofing" is when a host claims an incorrect association between an IP address and a MAC address for deceptive purposes. OpenFlow by itself can prevent a host from sending out ARP replies from an incorrect MAC address in the Ethernet L2 header, but it cannot control the MAC addresses inside the ARP L3 packet. This commit adds a new action that can be used to drop these spoofed packets. CC: Paul Ingram <paul@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-24 16:00:27 -07:00
#include <linux/if_arp.h>
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include <linux/if_vlan.h>
datapath: Set the correct bits for OFPAT_SET_NW_TOS action. The DSCP bits are the high bits, not the low bits. Reported-by: Jean Tourrilhes <jt@hpl.hp.com>
2010-02-11 15:19:26 -08:00
#include <net/inet_ecn.h>
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include <net/ip.h>
#include <net/checksum.h>
datapath: Add generic virtual port layer. Currently the datapath directly accesses devices through their Linux functions. Obviously this doesn't work for virtual devices that are not backed by an actual Linux device. This creates a new virtual port layer which handles all interaction with devices. The existing support for Linux devices was then implemented on top of this layer as two device types. It splits out and renames dp_dev to internal_dev. There were several places where datapath devices had to handled in a special manner and this cleans that up by putting all the special casing in a single location.
2010-04-12 15:53:39 -04:00
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include "actions.h"
datapath: Consolidate checksum compatibility code. Checksum offloading has changed quite a bit across different kernel and Xen versions. Since it is part of the skb data structure it is unfortunately difficult to separate out into compatibility code. This consolidates all of the checksum code in one place which makes it easier read and remove as we prepare for upstreaming. On newer kernels it also puts everything in inline functions, eliminating the need to run through the compat code or make extra function calls. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-11-22 14:17:24 -08:00
#include "checksum.h"
datapath: Add generic virtual port layer. Currently the datapath directly accesses devices through their Linux functions. Obviously this doesn't work for virtual devices that are not backed by an actual Linux device. This creates a new virtual port layer which handles all interaction with devices. The existing support for Linux devices was then implemented on top of this layer as two device types. It splits out and renames dp_dev to internal_dev. There were several places where datapath devices had to handled in a special manner and this cleans that up by putting all the special casing in a single location.
2010-04-12 15:53:39 -04:00
#include "datapath.h"
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
#include "loop_counter.h"
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include "openvswitch/datapath-protocol.h"
datapath: Use vlan acceleration for vlan operations. Using the kernel vlan acceleration has a number of benefits: it enables hardware tagging, allows usage of TSO and checksum offloading, and is generally easier to manipulate. This switches the vlan actions to use skb->vlan_tci field for any necessary changes. In places that do not support vlan acceleration in a way that we can use (in particular kernels before 2.6.37) we perform any necessary conversions, such as tagging and GSO before the packet leaves Open vSwitch. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 22:13:15 -08:00
#include "vlan.h"
datapath: Add generic virtual port layer. Currently the datapath directly accesses devices through their Linux functions. Obviously this doesn't work for virtual devices that are not backed by an actual Linux device. This creates a new virtual port layer which handles all interaction with devices. The existing support for Linux devices was then implemented on top of this layer as two device types. It splits out and renames dp_dev to internal_dev. There were several places where datapath devices had to handled in a special manner and this cleans that up by putting all the special casing in a single location.
2010-04-12 15:53:39 -04:00
#include "vport.h"
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
sFlow: Genericize/simplify kernel sFlow implementation Following patch adds sampling action which takes probability and set of actions as arguments. When probability is hit, actions are executed for given packet. USERSPACE action's userdata (u64) is used to store struct user_action_cookie as cookie. CONTROLLER action is fixed accordingly. Now we can remove sFlow code from kernel and implement sFlow generically as SAMPLE action. sFlow is defined as SAMPLE Action with probability (sFlow sampling rate) and USERSPACE action as argument. USERSPACE action's data is used as cookie. sFlow uses this cookie to store output-port, number of output ports and vlan-id. sample-pool is calculated by using vport stats. Signed-off-by: Pravin Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-28 10:43:07 -07:00
static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
const struct nlattr *attr, int len, bool keep_skb);
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
static int make_writable(struct sk_buff *skb, int write_len)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
if (!skb_cloned(skb) || skb_clone_writable(skb, write_len))
return 0;
datapath: Allow minimum headroom to be set when copying buffers. If we need to copy an sk_buff in order to make it writable, allow the minimum headroom to be specified. This ensures that if we need to add additional data, such as a VLAN tag, we will not have to make a second copy. Solves bug #2197 in certain situations.
2009-11-17 19:03:27 -08:00
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
return pskb_expand_head(skb, 0, 0, GFP_ATOMIC);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
datapath: VLAN actions should use push/pop semantics Currently the kernel vlan actions mirror those used by OpenFlow 1.0. i.e. MODIFY and STRIP. More flexible approach is to have an action to push a tag and pop a tag off, so that it can handle multiple levels of vlan tags. Plus it aligns with newer version of OpenFlow. As this patch replaces MODIFY with PUSH semantic, action mapping done in userpace is fixed accordingly. GSO handling for multiple levels of vlan tags is also added as Jesse suggested before. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-09-09 18:13:26 -07:00
/* remove VLAN header from packet and update csum accrodingly. */
static int __pop_vlan_tci(struct sk_buff *skb, __be16 *current_tci)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
struct ethhdr *eh;
datapath: VLAN actions should use push/pop semantics Currently the kernel vlan actions mirror those used by OpenFlow 1.0. i.e. MODIFY and STRIP. More flexible approach is to have an action to push a tag and pop a tag off, so that it can handle multiple levels of vlan tags. Plus it aligns with newer version of OpenFlow. As this patch replaces MODIFY with PUSH semantic, action mapping done in userpace is fixed accordingly. GSO handling for multiple levels of vlan tags is also added as Jesse suggested before. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-09-09 18:13:26 -07:00
struct vlan_ethhdr *veth;
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
int err;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
err = make_writable(skb, VLAN_ETH_HLEN);
if (unlikely(err))
return err;
datapath: Use vlan acceleration for vlan operations. Using the kernel vlan acceleration has a number of benefits: it enables hardware tagging, allows usage of TSO and checksum offloading, and is generally easier to manipulate. This switches the vlan actions to use skb->vlan_tci field for any necessary changes. In places that do not support vlan acceleration in a way that we can use (in particular kernels before 2.6.37) we perform any necessary conversions, such as tagging and GSO before the packet leaves Open vSwitch. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 22:13:15 -08:00
datapath: Consolidate checksum compatibility code. Checksum offloading has changed quite a bit across different kernel and Xen versions. Since it is part of the skb data structure it is unfortunately difficult to separate out into compatibility code. This consolidates all of the checksum code in one place which makes it easier read and remove as we prepare for upstreaming. On newer kernels it also puts everything in inline functions, eliminating the need to run through the compat code or make extra function calls. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-11-22 14:17:24 -08:00
if (get_ip_summed(skb) == OVS_CSUM_COMPLETE)
datapath: Update hardware computed checksum on VLAN change. The checksum computed by hardware on receive stored in skb->csum when skb->ip_summed == CHECKSUM_COMPLETE is supposed to reflect the contents of the packet starting at skb->data, which includes the VLAN tag if there is one. However, when we manipulate the VLAN tag we don't update the checksum. This leads to all kinds of nasty warnings about broken hardware, not to mention we can't take advantage of the checksum that was already computed. This also fixes some issues with our private checksum type value on some different kernels and after GSO.
2010-03-04 16:39:57 -05:00
skb->csum = csum_sub(skb->csum, csum_partial(skb->data
+ ETH_HLEN, VLAN_HLEN, 0));
datapath: VLAN actions should use push/pop semantics Currently the kernel vlan actions mirror those used by OpenFlow 1.0. i.e. MODIFY and STRIP. More flexible approach is to have an action to push a tag and pop a tag off, so that it can handle multiple levels of vlan tags. Plus it aligns with newer version of OpenFlow. As this patch replaces MODIFY with PUSH semantic, action mapping done in userpace is fixed accordingly. GSO handling for multiple levels of vlan tags is also added as Jesse suggested before. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-09-09 18:13:26 -07:00
veth = (struct vlan_ethhdr *) skb->data;
*current_tci = veth->h_vlan_TCI;
datapath: Use vlan acceleration for vlan operations. Using the kernel vlan acceleration has a number of benefits: it enables hardware tagging, allows usage of TSO and checksum offloading, and is generally easier to manipulate. This switches the vlan actions to use skb->vlan_tci field for any necessary changes. In places that do not support vlan acceleration in a way that we can use (in particular kernels before 2.6.37) we perform any necessary conversions, such as tagging and GSO before the packet leaves Open vSwitch. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 22:13:15 -08:00
memmove(skb->data + VLAN_HLEN, skb->data, 2 * ETH_ALEN);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: VLAN actions should use push/pop semantics Currently the kernel vlan actions mirror those used by OpenFlow 1.0. i.e. MODIFY and STRIP. More flexible approach is to have an action to push a tag and pop a tag off, so that it can handle multiple levels of vlan tags. Plus it aligns with newer version of OpenFlow. As this patch replaces MODIFY with PUSH semantic, action mapping done in userpace is fixed accordingly. GSO handling for multiple levels of vlan tags is also added as Jesse suggested before. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-09-09 18:13:26 -07:00
eh = (struct ethhdr *)__skb_pull(skb, VLAN_HLEN);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
skb->protocol = eh->h_proto;
skb->mac_header += VLAN_HLEN;
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
return 0;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
datapath: VLAN actions should use push/pop semantics Currently the kernel vlan actions mirror those used by OpenFlow 1.0. i.e. MODIFY and STRIP. More flexible approach is to have an action to push a tag and pop a tag off, so that it can handle multiple levels of vlan tags. Plus it aligns with newer version of OpenFlow. As this patch replaces MODIFY with PUSH semantic, action mapping done in userpace is fixed accordingly. GSO handling for multiple levels of vlan tags is also added as Jesse suggested before. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-09-09 18:13:26 -07:00
static int pop_vlan(struct sk_buff *skb)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
datapath: VLAN actions should use push/pop semantics Currently the kernel vlan actions mirror those used by OpenFlow 1.0. i.e. MODIFY and STRIP. More flexible approach is to have an action to push a tag and pop a tag off, so that it can handle multiple levels of vlan tags. Plus it aligns with newer version of OpenFlow. As this patch replaces MODIFY with PUSH semantic, action mapping done in userpace is fixed accordingly. GSO handling for multiple levels of vlan tags is also added as Jesse suggested before. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-09-09 18:13:26 -07:00
__be16 tci;
int err;
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
datapath: VLAN actions should use push/pop semantics Currently the kernel vlan actions mirror those used by OpenFlow 1.0. i.e. MODIFY and STRIP. More flexible approach is to have an action to push a tag and pop a tag off, so that it can handle multiple levels of vlan tags. Plus it aligns with newer version of OpenFlow. As this patch replaces MODIFY with PUSH semantic, action mapping done in userpace is fixed accordingly. GSO handling for multiple levels of vlan tags is also added as Jesse suggested before. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-09-09 18:13:26 -07:00
if (likely(vlan_tx_tag_present(skb))) {
vlan_set_tci(skb, 0);
} else {
if (unlikely(skb->protocol != htons(ETH_P_8021Q) ||
skb->len < VLAN_ETH_HLEN))
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
return 0;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: VLAN actions should use push/pop semantics Currently the kernel vlan actions mirror those used by OpenFlow 1.0. i.e. MODIFY and STRIP. More flexible approach is to have an action to push a tag and pop a tag off, so that it can handle multiple levels of vlan tags. Plus it aligns with newer version of OpenFlow. As this patch replaces MODIFY with PUSH semantic, action mapping done in userpace is fixed accordingly. GSO handling for multiple levels of vlan tags is also added as Jesse suggested before. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-09-09 18:13:26 -07:00
err = __pop_vlan_tci(skb, &tci);
if (err)
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
return err;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
datapath: VLAN actions should use push/pop semantics Currently the kernel vlan actions mirror those used by OpenFlow 1.0. i.e. MODIFY and STRIP. More flexible approach is to have an action to push a tag and pop a tag off, so that it can handle multiple levels of vlan tags. Plus it aligns with newer version of OpenFlow. As this patch replaces MODIFY with PUSH semantic, action mapping done in userpace is fixed accordingly. GSO handling for multiple levels of vlan tags is also added as Jesse suggested before. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-09-09 18:13:26 -07:00
/* move next vlan tag to hw accel tag */
if (likely(skb->protocol != htons(ETH_P_8021Q) ||
skb->len < VLAN_ETH_HLEN))
return 0;
err = __pop_vlan_tci(skb, &tci);
if (unlikely(err))
return err;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
__vlan_hwaccel_put_tag(skb, ntohs(tci));
datapath: VLAN actions should use push/pop semantics Currently the kernel vlan actions mirror those used by OpenFlow 1.0. i.e. MODIFY and STRIP. More flexible approach is to have an action to push a tag and pop a tag off, so that it can handle multiple levels of vlan tags. Plus it aligns with newer version of OpenFlow. As this patch replaces MODIFY with PUSH semantic, action mapping done in userpace is fixed accordingly. GSO handling for multiple levels of vlan tags is also added as Jesse suggested before. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-09-09 18:13:26 -07:00
return 0;
}
static int push_vlan(struct sk_buff *skb, __be16 new_tci)
{
if (unlikely(vlan_tx_tag_present(skb))) {
u16 current_tag;
/* push down current VLAN tag */
current_tag = vlan_tx_tag_get(skb);
if (!__vlan_put_tag(skb, current_tag))
return -ENOMEM;
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
datapath: VLAN actions should use push/pop semantics Currently the kernel vlan actions mirror those used by OpenFlow 1.0. i.e. MODIFY and STRIP. More flexible approach is to have an action to push a tag and pop a tag off, so that it can handle multiple levels of vlan tags. Plus it aligns with newer version of OpenFlow. As this patch replaces MODIFY with PUSH semantic, action mapping done in userpace is fixed accordingly. GSO handling for multiple levels of vlan tags is also added as Jesse suggested before. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-09-09 18:13:26 -07:00
if (get_ip_summed(skb) == OVS_CSUM_COMPLETE)
skb->csum = csum_add(skb->csum, csum_partial(skb->data
+ ETH_HLEN, VLAN_HLEN, 0));
}
__vlan_hwaccel_put_tag(skb, ntohs(new_tci));
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
return 0;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
static bool is_ip(struct sk_buff *skb)
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
{
datapath: Hash and compare only the part of sw_flow_key actually used. Currently the whole flow key struct is hashed on every packet received from the network or userspace. The whole struct is also compared byte-for-byte when doing flow table lookups. This consumes a fair percentage of CPU time, and most of the time part of the structure is unused (e.g. the IPv6 fields when handling IPv4 traffic; the IPv4 fields when handling Ethernet frames). This commit reorders the fields in the flow key struct to put the least commonly used elements at the end and changes the hash and comparison functions to look only at the part that contains data. Signed-off-by: Andrew Evans <aevans@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-05-18 11:30:07 -07:00
return (OVS_CB(skb)->flow->key.eth.type == htons(ETH_P_IP) &&
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
skb->transport_header > skb->network_header);
}
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
static __sum16 *get_l4_checksum(struct sk_buff *skb)
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
{
datapath: Remove redundant nw_ prefix from fields in flow key. The fields of the kernel flow key are now grouped by protocol rather than using generic names. The containing structures describe the category, so it is no longer necessary to use prefixes. Most of these prefixes have been removed but nw_proto and nw_tos have retained them. This renames the fields for consistency and brevity. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-08 12:28:57 -07:00
u8 nw_proto = OVS_CB(skb)->flow->key.ip.proto;
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
int transport_len = skb->len - skb_transport_offset(skb);
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
if (nw_proto == IPPROTO_TCP) {
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
if (likely(transport_len >= sizeof(struct tcphdr)))
return &tcp_hdr(skb)->check;
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
} else if (nw_proto == IPPROTO_UDP) {
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
if (likely(transport_len >= sizeof(struct udphdr)))
return &udp_hdr(skb)->check;
}
return NULL;
}
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
static int set_nw_addr(struct sk_buff *skb, const struct nlattr *a)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
__be32 new_nwaddr = nla_get_be32(a);
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
struct iphdr *nh;
__sum16 *check;
__be32 *nwaddr;
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
int err;
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
if (unlikely(!is_ip(skb)))
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
return 0;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
err = make_writable(skb, skb_network_offset(skb) +
sizeof(struct iphdr));
if (unlikely(err))
return err;
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
nh = ip_hdr(skb);
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
nwaddr = nla_type(a) == OVS_ACTION_ATTR_SET_NW_SRC ? &nh->saddr : &nh->daddr;
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
check = get_l4_checksum(skb);
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
if (likely(check))
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
inet_proto_csum_replace4(check, skb, *nwaddr, new_nwaddr, 1);
csum_replace4(&nh->check, *nwaddr, new_nwaddr);
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
datapath: Clear rxhash when using an action that may affect it Signed-off-by: Simon Horman <horms@verge.net.au> [Jesse: Change version check from 2.6.37 to 2.6.35] Signed-off-by: Jesse Gross <jesse@nicira.com>
2011-02-07 11:07:14 +09:00
skb_clear_rxhash(skb);
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
*nwaddr = new_nwaddr;
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
return 0;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
static int set_nw_tos(struct sk_buff *skb, u8 nw_tos)
ofproto: Match VLAN PCP and rewrite ToS bits (OpenFlow 0.9) Starting in OpenFlow 0.9, it is possible to match on the VLAN PCP (priority) field and rewrite the IP ToS/DSCP bits. This check-in provides that support and bumps the wire protocol number to 0x98. NOTE: The wire changes come together over the set of OpenFlow 0.9 commits, so OVS will not be OpenFlow-compatible with any official release between this commit and the one that completes the set.
2009-11-11 14:59:49 -08:00
{
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
struct iphdr *nh = ip_hdr(skb);
u8 old, new;
int err;
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
if (unlikely(!is_ip(skb)))
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
return 0;
err = make_writable(skb, skb_network_offset(skb) +
sizeof(struct iphdr));
if (unlikely(err))
return err;
/* Set the DSCP bits and preserve the ECN bits. */
old = nh->tos;
new = nw_tos | (nh->tos & INET_ECN_MASK);
csum_replace4(&nh->check, (__force __be32)old,
(__force __be32)new);
nh->tos = new;
return 0;
ofproto: Match VLAN PCP and rewrite ToS bits (OpenFlow 0.9) Starting in OpenFlow 0.9, it is possible to match on the VLAN PCP (priority) field and rewrite the IP ToS/DSCP bits. This check-in provides that support and bumps the wire protocol number to 0x98. NOTE: The wire changes come together over the set of OpenFlow 0.9 commits, so OVS will not be OpenFlow-compatible with any official release between this commit and the one that completes the set.
2009-11-11 14:59:49 -08:00
}
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
static int set_tp_port(struct sk_buff *skb, const struct nlattr *a)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
struct udphdr *th;
__sum16 *check;
__be16 *port;
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
int err;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
if (unlikely(!is_ip(skb)))
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
return 0;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
err = make_writable(skb, skb_transport_offset(skb) +
sizeof(struct tcphdr));
if (unlikely(err))
return err;
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
/* Must follow make_writable() since that can move the skb data. */
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
check = get_l4_checksum(skb);
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
if (unlikely(!check))
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
return 0;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
/*
* Update port and checksum.
*
* This is OK because source and destination port numbers are at the
* same offsets in both UDP and TCP headers, and get_l4_checksum() only
* supports those protocols.
*/
th = udp_hdr(skb);
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
port = nla_type(a) == OVS_ACTION_ATTR_SET_TP_SRC ? &th->source : &th->dest;
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
inet_proto_csum_replace2(check, skb, *port, nla_get_be16(a), 0);
*port = nla_get_be16(a);
datapath: Clear rxhash when using an action that may affect it Signed-off-by: Simon Horman <horms@verge.net.au> [Jesse: Change version check from 2.6.37 to 2.6.35] Signed-off-by: Jesse Gross <jesse@nicira.com>
2011-02-07 11:07:14 +09:00
skb_clear_rxhash(skb);
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
return 0;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
datapath: Cleanup actions.c:do_output(). The code for outputting a packet can be simplified a little and also modernized. There is no functional change. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-20 16:44:46 -07:00
static int do_output(struct datapath *dp, struct sk_buff *skb, int out_port)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
datapath: Cleanup actions.c:do_output(). The code for outputting a packet can be simplified a little and also modernized. There is no functional change. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-20 16:44:46 -07:00
struct vport *vport;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: Cleanup actions.c:do_output(). The code for outputting a packet can be simplified a little and also modernized. There is no functional change. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-20 16:44:46 -07:00
if (unlikely(!skb))
return -ENOMEM;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: Cleanup actions.c:do_output(). The code for outputting a packet can be simplified a little and also modernized. There is no functional change. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-20 16:44:46 -07:00
vport = rcu_dereference(dp->ports[out_port]);
if (unlikely(!vport)) {
kfree_skb(skb);
return -ENODEV;
}
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: Cleanup actions.c:do_output(). The code for outputting a packet can be simplified a little and also modernized. There is no functional change. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-20 16:44:46 -07:00
vport_send(vport, skb);
return 0;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
Datapath action should not refer to controller ODP_ACTION_ATTR_CONTROLLER in the kernel actually sends packets to userspace, not the controller. To make it generic rename this action to ODP_ACTION_ATTR_USERSPACE. Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2011-07-28 09:05:25 -07:00
static int output_userspace(struct datapath *dp, struct sk_buff *skb, u64 arg)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
datapath: Report kernel's flow key when passing packets up to userspace. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. This commit takes one step in that direction by making the kernel report its idea of the flow that a packet belongs to whenever it passes a packet up to userspace. This means that userspace can intelligently figure out what to do: - If userspace's notion of the flow for the packet matches the kernel's, then nothing special is necessary. - If the kernel has a more specific notion for the flow than userspace, for example if the kernel decoded IPv6 headers but userspace stopped at the Ethernet type (because it does not understand IPv6), then again nothing special is necessary: userspace can still set up the flow in the usual way. - If userspace has a more specific notion for the flow than the kernel, for example if userspace decoded an IPv6 header but the kernel stopped at the Ethernet type, then userspace can forward the packet manually, without setting up a flow in the kernel. (This case is bad from a performance point of view, but at least it is correct.) This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, although userspace does now have enough information to do that intelligently. This will have to wait for later commits. This commit is bigger than it would otherwise be because it is rolled together with changing "struct odp_msg" to a sequence of Netlink attributes. The alternative, to do each of those changes in a separate patch, seemed like overkill because it meant that either we would have to introduce and then kill off Netlink attributes for in_port and tun_id, if Netlink conversion went first, or shove yet another variable-length header into the stuff already after odp_msg, if adding the flow key to odp_msg went first. This commit will slow down performance of checksumming packets sent up to userspace. I'm not entirely pleased with how I did it. I considered a couple of alternatives, but none of them seemed that much better. Suggestions welcome. Not changing anything wasn't an option, unfortunately. At any rate some slowdown will become unavoidable when OVS actually starts using Netlink instead of just Netlink framing. (Actually, I thought of one option where we could avoid that: make userspace do the checksum instead, by passing csum_start and csum_offset as part of what goes to userspace. But that's not perfect either.) Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-24 14:59:57 -08:00
struct dp_upcall_info upcall;
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
upcall.cmd = OVS_PACKET_CMD_ACTION;
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
upcall.key = &OVS_CB(skb)->flow->key;
datapath: Report kernel's flow key when passing packets up to userspace. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. This commit takes one step in that direction by making the kernel report its idea of the flow that a packet belongs to whenever it passes a packet up to userspace. This means that userspace can intelligently figure out what to do: - If userspace's notion of the flow for the packet matches the kernel's, then nothing special is necessary. - If the kernel has a more specific notion for the flow than userspace, for example if the kernel decoded IPv6 headers but userspace stopped at the Ethernet type (because it does not understand IPv6), then again nothing special is necessary: userspace can still set up the flow in the usual way. - If userspace has a more specific notion for the flow than the kernel, for example if userspace decoded an IPv6 header but the kernel stopped at the Ethernet type, then userspace can forward the packet manually, without setting up a flow in the kernel. (This case is bad from a performance point of view, but at least it is correct.) This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, although userspace does now have enough information to do that intelligently. This will have to wait for later commits. This commit is bigger than it would otherwise be because it is rolled together with changing "struct odp_msg" to a sequence of Netlink attributes. The alternative, to do each of those changes in a separate patch, seemed like overkill because it meant that either we would have to introduce and then kill off Netlink attributes for in_port and tun_id, if Netlink conversion went first, or shove yet another variable-length header into the stuff already after odp_msg, if adding the flow key to odp_msg went first. This commit will slow down performance of checksumming packets sent up to userspace. I'm not entirely pleased with how I did it. I considered a couple of alternatives, but none of them seemed that much better. Suggestions welcome. Not changing anything wasn't an option, unfortunately. At any rate some slowdown will become unavoidable when OVS actually starts using Netlink instead of just Netlink framing. (Actually, I thought of one option where we could avoid that: make userspace do the checksum instead, by passing csum_start and csum_offset as part of what goes to userspace. But that's not perfect either.) Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-24 14:59:57 -08:00
upcall.userdata = arg;
return dp_upcall(dp, skb, &upcall);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
sFlow: Genericize/simplify kernel sFlow implementation Following patch adds sampling action which takes probability and set of actions as arguments. When probability is hit, actions are executed for given packet. USERSPACE action's userdata (u64) is used to store struct user_action_cookie as cookie. CONTROLLER action is fixed accordingly. Now we can remove sFlow code from kernel and implement sFlow generically as SAMPLE action. sFlow is defined as SAMPLE Action with probability (sFlow sampling rate) and USERSPACE action as argument. USERSPACE action's data is used as cookie. sFlow uses this cookie to store output-port, number of output ports and vlan-id. sample-pool is calculated by using vport stats. Signed-off-by: Pravin Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-28 10:43:07 -07:00
static int sample(struct datapath *dp, struct sk_buff *skb,
const struct nlattr *attr)
{
const struct nlattr *acts_list = NULL;
const struct nlattr *a;
int rem;
for (a = nla_data(attr), rem = nla_len(attr); rem > 0;
a = nla_next(a, &rem)) {
switch (nla_type(a)) {
case OVS_SAMPLE_ATTR_PROBABILITY:
if (net_random() >= nla_get_u32(a))
return 0;
break;
case OVS_SAMPLE_ATTR_ACTIONS:
acts_list = a;
break;
}
}
return do_execute_actions(dp, skb, nla_data(acts_list),
nla_len(acts_list), true);
}
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
/* Execute a list of actions against 'skb'. */
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
sFlow: Genericize/simplify kernel sFlow implementation Following patch adds sampling action which takes probability and set of actions as arguments. When probability is hit, actions are executed for given packet. USERSPACE action's userdata (u64) is used to store struct user_action_cookie as cookie. CONTROLLER action is fixed accordingly. Now we can remove sFlow code from kernel and implement sFlow generically as SAMPLE action. sFlow is defined as SAMPLE Action with probability (sFlow sampling rate) and USERSPACE action as argument. USERSPACE action's data is used as cookie. sFlow uses this cookie to store output-port, number of output ports and vlan-id. sample-pool is calculated by using vport stats. Signed-off-by: Pravin Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-28 10:43:07 -07:00
const struct nlattr *attr, int len, bool keep_skb)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
/* Every output action needs a separate clone of 'skb', but the common
* case is just a single output action, so that doing a clone and
* then freeing the original skbuff is wasteful. So the following code
* is slightly obscure just to avoid that. */
int prev_port = -1;
Implement QoS framework. ovs-vswitchd doesn't declare its QoS capabilities in the database yet, so the controller has to know what they are. We can add that later. The linux-htb QoS class has been tested to the extent that I can see that it sets up the queues I expect when I run "tc qdisc show" and "tc class show". I haven't tested that the effects on flows are what we expect them to be. I am sure that there will be problems in that area that we will have to fix.
2010-06-17 15:04:12 -07:00
u32 priority = skb->priority;
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
const struct nlattr *a;
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
int rem;
Initial implementation of sFlow. Tested very slightly with "ping" and "sflowtool -t | tcpdump -r -".
2010-01-04 13:08:37 -08:00
sFlow: Genericize/simplify kernel sFlow implementation Following patch adds sampling action which takes probability and set of actions as arguments. When probability is hit, actions are executed for given packet. USERSPACE action's userdata (u64) is used to store struct user_action_cookie as cookie. CONTROLLER action is fixed accordingly. Now we can remove sFlow code from kernel and implement sFlow generically as SAMPLE action. sFlow is defined as SAMPLE Action with probability (sFlow sampling rate) and USERSPACE action as argument. USERSPACE action's data is used as cookie. sFlow uses this cookie to store output-port, number of output ports and vlan-id. sample-pool is calculated by using vport stats. Signed-off-by: Pravin Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-28 10:43:07 -07:00
for (a = attr, rem = len; rem > 0;
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
a = nla_next(a, &rem)) {
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
int err = 0;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
if (prev_port != -1) {
datapath: Always use GFP_ATOMIC to execute actions. These functions run 99% of the time in atomic context and the benefit of passing along the 'gfp' argument for the other 1% doesn't seem to outweigh the cost. Suggested-by: Stephen Hemminger <shemminger@vyatta.com> Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-09-10 11:16:31 -07:00
do_output(dp, skb_clone(skb, GFP_ATOMIC), prev_port);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
prev_port = -1;
}
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
switch (nla_type(a)) {
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_ACTION_ATTR_OUTPUT:
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
prev_port = nla_get_u32(a);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_ACTION_ATTR_USERSPACE:
datapath: Send to userspace errors shouldn't halt processing. If we encounter an error when sending a packet to userspace due to an explicit action we stop processing further actions. This makes sense for things like push vlan, where to continue means outputting an incorrect packet. However, sending to userspace is more akin to outputting to a port, which does not halt further processing. For consistency, ignore errors in this case as well. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-20 16:29:38 -07:00
output_userspace(dp, skb, nla_get_u64(a));
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_ACTION_ATTR_SET_TUNNEL:
Expand tunnel IDs from 32 to 64 bits. We have a need to identify tunnels with keys longer than 32 bits. This commit adds basic datapath and OpenFlow support for such keys. It doesn't actually add any tunnel protocols that support 64-bit keys, so this is not very useful yet. The 'arg' member of struct odp_msg had to be expanded to 64-bits also, because it sometimes contains a tunnel ID. This member also contains the argument passed to ODPAT_CONTROLLER, so I expanded that action's argument to 64 bits also so that it can use the full width of the expanded 'arg'. Userspace doesn't take advantage of the new space though (it was only using 16 bits anyhow). This commit has been tested only to the extent that it doesn't disrupt basic Open vSwitch operation. I have not tested it with tunnel traffic. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Feature #3976.
2010-12-10 10:42:42 -08:00
OVS_CB(skb)->tun_id = nla_get_be64(a);
tunneling: Add support for tunnel ID. Add a tun_id field which contains the ID of the encapsulating tunnel on which a packet was received (0 if not received on a tunnel). Also add an action which allows the tunnel ID to be set for outgoing packets. At this point there aren't any tunnel implementations so these fields don't have any effect. The matching is exposed to OpenFlow by overloading the high 32 bits of the cookie as the tunnel ID. ovs-ofctl is capable of turning on this special behavior using a new "tun-cookie" command but this command is intentially undocumented to avoid it being used without a full understanding of the consequences.
2010-04-12 11:49:16 -04:00
break;
datapath: VLAN actions should use push/pop semantics Currently the kernel vlan actions mirror those used by OpenFlow 1.0. i.e. MODIFY and STRIP. More flexible approach is to have an action to push a tag and pop a tag off, so that it can handle multiple levels of vlan tags. Plus it aligns with newer version of OpenFlow. As this patch replaces MODIFY with PUSH semantic, action mapping done in userpace is fixed accordingly. GSO handling for multiple levels of vlan tags is also added as Jesse suggested before. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-09-09 18:13:26 -07:00
case OVS_ACTION_ATTR_PUSH_VLAN:
err = push_vlan(skb, nla_get_be16(a));
if (unlikely(err)) /* skb already freed */
return err;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
datapath: VLAN actions should use push/pop semantics Currently the kernel vlan actions mirror those used by OpenFlow 1.0. i.e. MODIFY and STRIP. More flexible approach is to have an action to push a tag and pop a tag off, so that it can handle multiple levels of vlan tags. Plus it aligns with newer version of OpenFlow. As this patch replaces MODIFY with PUSH semantic, action mapping done in userpace is fixed accordingly. GSO handling for multiple levels of vlan tags is also added as Jesse suggested before. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-09-09 18:13:26 -07:00
case OVS_ACTION_ATTR_POP_VLAN:
err = pop_vlan(skb);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_ACTION_ATTR_SET_DL_SRC:
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
err = make_writable(skb, ETH_HLEN);
if (likely(!err))
memcpy(eth_hdr(skb)->h_source, nla_data(a), ETH_ALEN);
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
break;
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_ACTION_ATTR_SET_DL_DST:
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
err = make_writable(skb, ETH_HLEN);
if (likely(!err))
memcpy(eth_hdr(skb)->h_dest, nla_data(a), ETH_ALEN);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_ACTION_ATTR_SET_NW_SRC:
case OVS_ACTION_ATTR_SET_NW_DST:
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
err = set_nw_addr(skb, a);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_ACTION_ATTR_SET_NW_TOS:
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
err = set_nw_tos(skb, nla_get_u8(a));
ofproto: Match VLAN PCP and rewrite ToS bits (OpenFlow 0.9) Starting in OpenFlow 0.9, it is possible to match on the VLAN PCP (priority) field and rewrite the IP ToS/DSCP bits. This check-in provides that support and bumps the wire protocol number to 0x98. NOTE: The wire changes come together over the set of OpenFlow 0.9 commits, so OVS will not be OpenFlow-compatible with any official release between this commit and the one that completes the set.
2009-11-11 14:59:49 -08:00
break;
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_ACTION_ATTR_SET_TP_SRC:
case OVS_ACTION_ATTR_SET_TP_DST:
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
err = set_tp_port(skb, a);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
Implement QoS framework. ovs-vswitchd doesn't declare its QoS capabilities in the database yet, so the controller has to know what they are. We can add that later. The linux-htb QoS class has been tested to the extent that I can see that it sets up the queues I expect when I run "tc qdisc show" and "tc class show". I haven't tested that the effects on flows are what we expect them to be. I am sure that there will be problems in that area that we will have to fix.
2010-06-17 15:04:12 -07:00
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_ACTION_ATTR_SET_PRIORITY:
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
skb->priority = nla_get_u32(a);
Implement QoS framework. ovs-vswitchd doesn't declare its QoS capabilities in the database yet, so the controller has to know what they are. We can add that later. The linux-htb QoS class has been tested to the extent that I can see that it sets up the queues I expect when I run "tc qdisc show" and "tc class show". I haven't tested that the effects on flows are what we expect them to be. I am sure that there will be problems in that area that we will have to fix.
2010-06-17 15:04:12 -07:00
break;
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_ACTION_ATTR_POP_PRIORITY:
Implement QoS framework. ovs-vswitchd doesn't declare its QoS capabilities in the database yet, so the controller has to know what they are. We can add that later. The linux-htb QoS class has been tested to the extent that I can see that it sets up the queues I expect when I run "tc qdisc show" and "tc class show". I haven't tested that the effects on flows are what we expect them to be. I am sure that there will be problems in that area that we will have to fix.
2010-06-17 15:04:12 -07:00
skb->priority = priority;
break;
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
sFlow: Genericize/simplify kernel sFlow implementation Following patch adds sampling action which takes probability and set of actions as arguments. When probability is hit, actions are executed for given packet. USERSPACE action's userdata (u64) is used to store struct user_action_cookie as cookie. CONTROLLER action is fixed accordingly. Now we can remove sFlow code from kernel and implement sFlow generically as SAMPLE action. sFlow is defined as SAMPLE Action with probability (sFlow sampling rate) and USERSPACE action as argument. USERSPACE action's data is used as cookie. sFlow uses this cookie to store output-port, number of output ports and vlan-id. sample-pool is calculated by using vport stats. Signed-off-by: Pravin Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-28 10:43:07 -07:00
case OVS_ACTION_ATTR_SAMPLE:
err = sample(dp, skb, a);
break;
}
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
if (unlikely(err)) {
kfree_skb(skb);
return err;
}
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
Remove NXAST_DROP_SPOOFED_ARP action. The NXAST_DROP_SPOOFED_ARP action has been deprecated in favor of defining flows using the NXM_NX_ARP_SHA flow match for a while. This commit removes it. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-06-09 15:43:18 -07:00
sFlow: Genericize/simplify kernel sFlow implementation Following patch adds sampling action which takes probability and set of actions as arguments. When probability is hit, actions are executed for given packet. USERSPACE action's userdata (u64) is used to store struct user_action_cookie as cookie. CONTROLLER action is fixed accordingly. Now we can remove sFlow code from kernel and implement sFlow generically as SAMPLE action. sFlow is defined as SAMPLE Action with probability (sFlow sampling rate) and USERSPACE action as argument. USERSPACE action's data is used as cookie. sFlow uses this cookie to store output-port, number of output ports and vlan-id. sample-pool is calculated by using vport stats. Signed-off-by: Pravin Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-28 10:43:07 -07:00
if (prev_port != -1) {
if (keep_skb)
skb = skb_clone(skb, GFP_ATOMIC);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
do_output(dp, skb, prev_port);
sFlow: Genericize/simplify kernel sFlow implementation Following patch adds sampling action which takes probability and set of actions as arguments. When probability is hit, actions are executed for given packet. USERSPACE action's userdata (u64) is used to store struct user_action_cookie as cookie. CONTROLLER action is fixed accordingly. Now we can remove sFlow code from kernel and implement sFlow generically as SAMPLE action. sFlow is defined as SAMPLE Action with probability (sFlow sampling rate) and USERSPACE action as argument. USERSPACE action's data is used as cookie. sFlow uses this cookie to store output-port, number of output ports and vlan-id. sample-pool is calculated by using vport stats. Signed-off-by: Pravin Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-28 10:43:07 -07:00
} else if (!keep_skb)
datapath: Use consume_skb() on non-errors. It's possible to trace kfree_skb() call sites to find out where packets are getting dropped. Situations where kfree_skb() does not actually indicate an error adds additional noise, so use consume_skb() instead to avoid tracing non-errors. Suggested-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-16 15:32:26 -07:00
consume_skb(skb);
datapath: Simplify make_writable(). The current implementation of make_writable() is both overly complex and unnecessarily aggressive about copying data. We can improve performance by only making a copy of the data if someone else holds a reference to the portion of the data that we want to modify. This means that if a clone is held by the TCP stack for retransmission then we do not need to make a copy if we are changing the IP header because it will get regenerated on retransmit anyways. Even when it is necessary to copy we avoid duplicating struct sk_buff. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-06 19:17:25 -07:00
datapath: Drop unneeded local variable initialization.
2009-06-19 14:03:12 -07:00
return 0;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
/* Execute a list of actions against 'skb'. */
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
int execute_actions(struct datapath *dp, struct sk_buff *skb)
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
{
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
struct sw_flow_actions *acts = rcu_dereference(OVS_CB(skb)->flow->sf_acts);
struct loop_counter *loop;
int error;
/* Check whether we've looped too much. */
loop = loop_get_counter();
if (unlikely(++loop->count > MAX_LOOPS))
loop->looping = true;
if (unlikely(loop->looping)) {
error = loop_suppress(dp, acts);
kfree_skb(skb);
goto out_loop;
}
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
OVS_CB(skb)->tun_id = 0;
sFlow: Genericize/simplify kernel sFlow implementation Following patch adds sampling action which takes probability and set of actions as arguments. When probability is hit, actions are executed for given packet. USERSPACE action's userdata (u64) is used to store struct user_action_cookie as cookie. CONTROLLER action is fixed accordingly. Now we can remove sFlow code from kernel and implement sFlow generically as SAMPLE action. sFlow is defined as SAMPLE Action with probability (sFlow sampling rate) and USERSPACE action as argument. USERSPACE action's data is used as cookie. sFlow uses this cookie to store output-port, number of output ports and vlan-id. sample-pool is calculated by using vport stats. Signed-off-by: Pravin Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-28 10:43:07 -07:00
error = do_execute_actions(dp, skb, acts->actions,
acts->actions_len, false);
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
/* Check whether sub-actions looped too much. */
if (unlikely(loop->looping))
error = loop_suppress(dp, acts);
out_loop:
/* Decrement loop counter. */
if (!--loop->count)
loop->looping = false;
loop_put_counter();
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
return error;
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
}
Reference in New Issue Copy Permalink