mir/openvswitch
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-10-25 15:07:05 +00:00
Code Issues Releases Wiki Activity
Files
eb3e79c09d3f9fa5507d866b62d93eb09e93d4f3
openvswitch/datapath/actions.c

441 lines
10 KiB
C
Raw Normal View History

Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
/*
* Distributed under the terms of the GNU GPL version 2.
datapath: Convert upcalls and ODP_EXECUTE to use AF_NETLINK socket layer. This commit calls genl_lock() and thus doesn't support Linux before 2.6.35, which wasn't exported before that version. That problem will be fixed once the whole userspace interface transitions to Generic Netlink a few commits from now. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-26 13:41:54 -08:00
* Copyright (c) 2007, 2008, 2009, 2010, 2011 Nicira Networks.
Update primary code license to Apache 2.0.
2009-06-15 15:11:30 -07:00
*
* Significant portions of this file may be copied from parts of the Linux
* kernel, by Linus Torvalds and others.
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
*/
/* Functions for executing flow actions. */
#include <linux/skbuff.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/udp.h>
#include <linux/in6.h>
Add Nicira extension to OpenFlow for dropping spoofed ARP packets. "ARP spoofing" is when a host claims an incorrect association between an IP address and a MAC address for deceptive purposes. OpenFlow by itself can prevent a host from sending out ARP replies from an incorrect MAC address in the Ethernet L2 header, but it cannot control the MAC addresses inside the ARP L3 packet. This commit adds a new action that can be used to drop these spoofed packets. CC: Paul Ingram <paul@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-24 16:00:27 -07:00
#include <linux/if_arp.h>
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include <linux/if_vlan.h>
datapath: Set the correct bits for OFPAT_SET_NW_TOS action. The DSCP bits are the high bits, not the low bits. Reported-by: Jean Tourrilhes <jt@hpl.hp.com>
2010-02-11 15:19:26 -08:00
#include <net/inet_ecn.h>
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include <net/ip.h>
#include <net/checksum.h>
datapath: Add generic virtual port layer. Currently the datapath directly accesses devices through their Linux functions. Obviously this doesn't work for virtual devices that are not backed by an actual Linux device. This creates a new virtual port layer which handles all interaction with devices. The existing support for Linux devices was then implemented on top of this layer as two device types. It splits out and renames dp_dev to internal_dev. There were several places where datapath devices had to handled in a special manner and this cleans that up by putting all the special casing in a single location.
2010-04-12 15:53:39 -04:00
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include "actions.h"
datapath: Consolidate checksum compatibility code. Checksum offloading has changed quite a bit across different kernel and Xen versions. Since it is part of the skb data structure it is unfortunately difficult to separate out into compatibility code. This consolidates all of the checksum code in one place which makes it easier read and remove as we prepare for upstreaming. On newer kernels it also puts everything in inline functions, eliminating the need to run through the compat code or make extra function calls. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-11-22 14:17:24 -08:00
#include "checksum.h"
datapath: Add generic virtual port layer. Currently the datapath directly accesses devices through their Linux functions. Obviously this doesn't work for virtual devices that are not backed by an actual Linux device. This creates a new virtual port layer which handles all interaction with devices. The existing support for Linux devices was then implemented on top of this layer as two device types. It splits out and renames dp_dev to internal_dev. There were several places where datapath devices had to handled in a special manner and this cleans that up by putting all the special casing in a single location.
2010-04-12 15:53:39 -04:00
#include "datapath.h"
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
#include "loop_counter.h"
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include "openvswitch/datapath-protocol.h"
datapath: Use vlan acceleration for vlan operations. Using the kernel vlan acceleration has a number of benefits: it enables hardware tagging, allows usage of TSO and checksum offloading, and is generally easier to manipulate. This switches the vlan actions to use skb->vlan_tci field for any necessary changes. In places that do not support vlan acceleration in a way that we can use (in particular kernels before 2.6.37) we perform any necessary conversions, such as tagging and GSO before the packet leaves Open vSwitch. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 22:13:15 -08:00
#include "vlan.h"
datapath: Add generic virtual port layer. Currently the datapath directly accesses devices through their Linux functions. Obviously this doesn't work for virtual devices that are not backed by an actual Linux device. This creates a new virtual port layer which handles all interaction with devices. The existing support for Linux devices was then implemented on top of this layer as two device types. It splits out and renames dp_dev to internal_dev. There were several places where datapath devices had to handled in a special manner and this cleans that up by putting all the special casing in a single location.
2010-04-12 15:53:39 -04:00
#include "vport.h"
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
static int do_execute_actions(struct datapath *, struct sk_buff *,
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
struct sw_flow_actions *acts);
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
datapath: Always use GFP_ATOMIC to execute actions. These functions run 99% of the time in atomic context and the benefit of passing along the 'gfp' argument for the other 1% doesn't seem to outweigh the cost. Suggested-by: Stephen Hemminger <shemminger@vyatta.com> Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-09-10 11:16:31 -07:00
static struct sk_buff *make_writable(struct sk_buff *skb, unsigned min_headroom)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
datapath: Remove redundant checks on SKBs. On vport ingress we already check for shared SKBs but then later warn in several other places. In a similar vein, we check every packet to see if it is LRO but only certain vports can produce these packets. Remove and consolidate checks to the places where they are needed.
2010-07-29 19:01:02 -07:00
if (skb_cloned(skb)) {
datapath: Allow minimum headroom to be set when copying buffers. If we need to copy an sk_buff in order to make it writable, allow the minimum headroom to be specified. This ensures that if we need to add additional data, such as a VLAN tag, we will not have to make a second copy. Solves bug #2197 in certain situations.
2009-11-17 19:03:27 -08:00
struct sk_buff *nskb;
unsigned headroom = max(min_headroom, skb_headroom(skb));
datapath: Always use GFP_ATOMIC to execute actions. These functions run 99% of the time in atomic context and the benefit of passing along the 'gfp' argument for the other 1% doesn't seem to outweigh the cost. Suggested-by: Stephen Hemminger <shemminger@vyatta.com> Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-09-10 11:16:31 -07:00
nskb = skb_copy_expand(skb, headroom, skb_tailroom(skb), GFP_ATOMIC);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
if (nskb) {
datapath: Add function to copy skb checksum bits. Some kernels don't copy the checksum offload state in the skb header when doing different types of copies. Xen adds even more fields, which are also not consistently copied. The result is uninitialized memory and random outcomes. This adds a function to consistently copy these bits across all kernel versions.
2010-04-07 13:55:28 -04:00
set_skb_csum_bits(skb, nskb);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
kfree_skb(skb);
return nskb;
}
} else {
unsigned int hdr_len = (skb_transport_offset(skb)
+ sizeof(struct tcphdr));
if (pskb_may_pull(skb, min(hdr_len, skb->len)))
return skb;
}
kfree_skb(skb);
return NULL;
}
datapath: Use vlan acceleration for vlan operations. Using the kernel vlan acceleration has a number of benefits: it enables hardware tagging, allows usage of TSO and checksum offloading, and is generally easier to manipulate. This switches the vlan actions to use skb->vlan_tci field for any necessary changes. In places that do not support vlan acceleration in a way that we can use (in particular kernels before 2.6.37) we perform any necessary conversions, such as tagging and GSO before the packet leaves Open vSwitch. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 22:13:15 -08:00
static struct sk_buff *strip_vlan(struct sk_buff *skb)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
struct ethhdr *eh;
datapath: Use vlan acceleration for vlan operations. Using the kernel vlan acceleration has a number of benefits: it enables hardware tagging, allows usage of TSO and checksum offloading, and is generally easier to manipulate. This switches the vlan actions to use skb->vlan_tci field for any necessary changes. In places that do not support vlan acceleration in a way that we can use (in particular kernels before 2.6.37) we perform any necessary conversions, such as tagging and GSO before the packet leaves Open vSwitch. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 22:13:15 -08:00
if (vlan_tx_tag_present(skb)) {
vlan_set_tci(skb, 0);
return skb;
}
if (unlikely(vlan_eth_hdr(skb)->h_vlan_proto != htons(ETH_P_8021Q) ||
skb->len < VLAN_ETH_HLEN))
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
return skb;
datapath: Use vlan acceleration for vlan operations. Using the kernel vlan acceleration has a number of benefits: it enables hardware tagging, allows usage of TSO and checksum offloading, and is generally easier to manipulate. This switches the vlan actions to use skb->vlan_tci field for any necessary changes. In places that do not support vlan acceleration in a way that we can use (in particular kernels before 2.6.37) we perform any necessary conversions, such as tagging and GSO before the packet leaves Open vSwitch. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 22:13:15 -08:00
skb = make_writable(skb, 0);
if (unlikely(!skb))
return NULL;
datapath: Consolidate checksum compatibility code. Checksum offloading has changed quite a bit across different kernel and Xen versions. Since it is part of the skb data structure it is unfortunately difficult to separate out into compatibility code. This consolidates all of the checksum code in one place which makes it easier read and remove as we prepare for upstreaming. On newer kernels it also puts everything in inline functions, eliminating the need to run through the compat code or make extra function calls. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-11-22 14:17:24 -08:00
if (get_ip_summed(skb) == OVS_CSUM_COMPLETE)
datapath: Update hardware computed checksum on VLAN change. The checksum computed by hardware on receive stored in skb->csum when skb->ip_summed == CHECKSUM_COMPLETE is supposed to reflect the contents of the packet starting at skb->data, which includes the VLAN tag if there is one. However, when we manipulate the VLAN tag we don't update the checksum. This leads to all kinds of nasty warnings about broken hardware, not to mention we can't take advantage of the checksum that was already computed. This also fixes some issues with our private checksum type value on some different kernels and after GSO.
2010-03-04 16:39:57 -05:00
skb->csum = csum_sub(skb->csum, csum_partial(skb->data
+ ETH_HLEN, VLAN_HLEN, 0));
datapath: Use vlan acceleration for vlan operations. Using the kernel vlan acceleration has a number of benefits: it enables hardware tagging, allows usage of TSO and checksum offloading, and is generally easier to manipulate. This switches the vlan actions to use skb->vlan_tci field for any necessary changes. In places that do not support vlan acceleration in a way that we can use (in particular kernels before 2.6.37) we perform any necessary conversions, such as tagging and GSO before the packet leaves Open vSwitch. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 22:13:15 -08:00
memmove(skb->data + VLAN_HLEN, skb->data, 2 * ETH_ALEN);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
eh = (struct ethhdr *)skb_pull(skb, VLAN_HLEN);
skb->protocol = eh->h_proto;
skb->mac_header += VLAN_HLEN;
return skb;
}
datapath: Remove unneeded modify_vlan_tci() parameters. These parameters were once needed but they are no longer used. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-03-02 10:38:14 -08:00
static struct sk_buff *modify_vlan_tci(struct sk_buff *skb, __be16 tci)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
datapath: Use vlan acceleration for vlan operations. Using the kernel vlan acceleration has a number of benefits: it enables hardware tagging, allows usage of TSO and checksum offloading, and is generally easier to manipulate. This switches the vlan actions to use skb->vlan_tci field for any necessary changes. In places that do not support vlan acceleration in a way that we can use (in particular kernels before 2.6.37) we perform any necessary conversions, such as tagging and GSO before the packet leaves Open vSwitch. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 22:13:15 -08:00
struct vlan_ethhdr *vh;
__be16 old_tci;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: Use vlan acceleration for vlan operations. Using the kernel vlan acceleration has a number of benefits: it enables hardware tagging, allows usage of TSO and checksum offloading, and is generally easier to manipulate. This switches the vlan actions to use skb->vlan_tci field for any necessary changes. In places that do not support vlan acceleration in a way that we can use (in particular kernels before 2.6.37) we perform any necessary conversions, such as tagging and GSO before the packet leaves Open vSwitch. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 22:13:15 -08:00
if (vlan_tx_tag_present(skb) || skb->protocol != htons(ETH_P_8021Q))
return __vlan_hwaccel_put_tag(skb, ntohs(tci));
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
datapath: Use vlan acceleration for vlan operations. Using the kernel vlan acceleration has a number of benefits: it enables hardware tagging, allows usage of TSO and checksum offloading, and is generally easier to manipulate. This switches the vlan actions to use skb->vlan_tci field for any necessary changes. In places that do not support vlan acceleration in a way that we can use (in particular kernels before 2.6.37) we perform any necessary conversions, such as tagging and GSO before the packet leaves Open vSwitch. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 22:13:15 -08:00
skb = make_writable(skb, 0);
if (unlikely(!skb))
return NULL;
datapath: Check vswitch_skb_checksum_setup() return code. If vswitch_skb_checksum_setup() returns an error, the checksum pointers probably haven't been set correctly which could cause a crash later. We should give up immediately on error.
2010-06-17 15:17:53 -07:00
datapath: Use vlan acceleration for vlan operations. Using the kernel vlan acceleration has a number of benefits: it enables hardware tagging, allows usage of TSO and checksum offloading, and is generally easier to manipulate. This switches the vlan actions to use skb->vlan_tci field for any necessary changes. In places that do not support vlan acceleration in a way that we can use (in particular kernels before 2.6.37) we perform any necessary conversions, such as tagging and GSO before the packet leaves Open vSwitch. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 22:13:15 -08:00
if (unlikely(skb->len < VLAN_ETH_HLEN))
return skb;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: Use vlan acceleration for vlan operations. Using the kernel vlan acceleration has a number of benefits: it enables hardware tagging, allows usage of TSO and checksum offloading, and is generally easier to manipulate. This switches the vlan actions to use skb->vlan_tci field for any necessary changes. In places that do not support vlan acceleration in a way that we can use (in particular kernels before 2.6.37) we perform any necessary conversions, such as tagging and GSO before the packet leaves Open vSwitch. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 22:13:15 -08:00
vh = vlan_eth_hdr(skb);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: Use vlan acceleration for vlan operations. Using the kernel vlan acceleration has a number of benefits: it enables hardware tagging, allows usage of TSO and checksum offloading, and is generally easier to manipulate. This switches the vlan actions to use skb->vlan_tci field for any necessary changes. In places that do not support vlan acceleration in a way that we can use (in particular kernels before 2.6.37) we perform any necessary conversions, such as tagging and GSO before the packet leaves Open vSwitch. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 22:13:15 -08:00
old_tci = vh->h_vlan_TCI;
vh->h_vlan_TCI = tci;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: Use vlan acceleration for vlan operations. Using the kernel vlan acceleration has a number of benefits: it enables hardware tagging, allows usage of TSO and checksum offloading, and is generally easier to manipulate. This switches the vlan actions to use skb->vlan_tci field for any necessary changes. In places that do not support vlan acceleration in a way that we can use (in particular kernels before 2.6.37) we perform any necessary conversions, such as tagging and GSO before the packet leaves Open vSwitch. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 22:13:15 -08:00
if (get_ip_summed(skb) == OVS_CSUM_COMPLETE) {
__be16 diff[] = { ~old_tci, vh->h_vlan_TCI };
skb->csum = ~csum_partial((char *)diff, sizeof(diff), ~skb->csum);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
return skb;
}
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
static bool is_ip(struct sk_buff *skb)
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
{
datapath: Hash and compare only the part of sw_flow_key actually used. Currently the whole flow key struct is hashed on every packet received from the network or userspace. The whole struct is also compared byte-for-byte when doing flow table lookups. This consumes a fair percentage of CPU time, and most of the time part of the structure is unused (e.g. the IPv6 fields when handling IPv4 traffic; the IPv4 fields when handling Ethernet frames). This commit reorders the fields in the flow key struct to put the least commonly used elements at the end and changes the hash and comparison functions to look only at the part that contains data. Signed-off-by: Andrew Evans <aevans@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-05-18 11:30:07 -07:00
return (OVS_CB(skb)->flow->key.eth.type == htons(ETH_P_IP) &&
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
skb->transport_header > skb->network_header);
}
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
static __sum16 *get_l4_checksum(struct sk_buff *skb)
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
{
datapath: Remove redundant nw_ prefix from fields in flow key. The fields of the kernel flow key are now grouped by protocol rather than using generic names. The containing structures describe the category, so it is no longer necessary to use prefixes. Most of these prefixes have been removed but nw_proto and nw_tos have retained them. This renames the fields for consistency and brevity. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-06-08 12:28:57 -07:00
u8 nw_proto = OVS_CB(skb)->flow->key.ip.proto;
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
int transport_len = skb->len - skb_transport_offset(skb);
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
if (nw_proto == IPPROTO_TCP) {
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
if (likely(transport_len >= sizeof(struct tcphdr)))
return &tcp_hdr(skb)->check;
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
} else if (nw_proto == IPPROTO_UDP) {
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
if (likely(transport_len >= sizeof(struct udphdr)))
return &udp_hdr(skb)->check;
}
return NULL;
}
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
static struct sk_buff *set_nw_addr(struct sk_buff *skb, const struct nlattr *a)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
__be32 new_nwaddr = nla_get_be32(a);
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
struct iphdr *nh;
__sum16 *check;
__be32 *nwaddr;
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
if (unlikely(!is_ip(skb)))
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
return skb;
datapath: Always use GFP_ATOMIC to execute actions. These functions run 99% of the time in atomic context and the benefit of passing along the 'gfp' argument for the other 1% doesn't seem to outweigh the cost. Suggested-by: Stephen Hemminger <shemminger@vyatta.com> Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-09-10 11:16:31 -07:00
skb = make_writable(skb, 0);
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
if (unlikely(!skb))
return NULL;
nh = ip_hdr(skb);
datapath: s/ODPAT_/ODP_ACTION_ATTR_/ to fit new naming scheme. Jesse suggested this naming scheme, so I'm adjusting existing names to fit it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 21:56:00 -08:00
nwaddr = nla_type(a) == ODP_ACTION_ATTR_SET_NW_SRC ? &nh->saddr : &nh->daddr;
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
check = get_l4_checksum(skb);
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
if (likely(check))
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
inet_proto_csum_replace4(check, skb, *nwaddr, new_nwaddr, 1);
csum_replace4(&nh->check, *nwaddr, new_nwaddr);
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
datapath: Clear rxhash when using an action that may affect it Signed-off-by: Simon Horman <horms@verge.net.au> [Jesse: Change version check from 2.6.37 to 2.6.35] Signed-off-by: Jesse Gross <jesse@nicira.com>
2011-02-07 11:07:14 +09:00
skb_clear_rxhash(skb);
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
*nwaddr = new_nwaddr;
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
return skb;
}
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
static struct sk_buff *set_nw_tos(struct sk_buff *skb, u8 nw_tos)
ofproto: Match VLAN PCP and rewrite ToS bits (OpenFlow 0.9) Starting in OpenFlow 0.9, it is possible to match on the VLAN PCP (priority) field and rewrite the IP ToS/DSCP bits. This check-in provides that support and bumps the wire protocol number to 0x98. NOTE: The wire changes come together over the set of OpenFlow 0.9 commits, so OVS will not be OpenFlow-compatible with any official release between this commit and the one that completes the set.
2009-11-11 14:59:49 -08:00
{
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
if (unlikely(!is_ip(skb)))
ofproto: Match VLAN PCP and rewrite ToS bits (OpenFlow 0.9) Starting in OpenFlow 0.9, it is possible to match on the VLAN PCP (priority) field and rewrite the IP ToS/DSCP bits. This check-in provides that support and bumps the wire protocol number to 0x98. NOTE: The wire changes come together over the set of OpenFlow 0.9 commits, so OVS will not be OpenFlow-compatible with any official release between this commit and the one that completes the set.
2009-11-11 14:59:49 -08:00
return skb;
datapath: Always use GFP_ATOMIC to execute actions. These functions run 99% of the time in atomic context and the benefit of passing along the 'gfp' argument for the other 1% doesn't seem to outweigh the cost. Suggested-by: Stephen Hemminger <shemminger@vyatta.com> Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-09-10 11:16:31 -07:00
skb = make_writable(skb, 0);
ofproto: Match VLAN PCP and rewrite ToS bits (OpenFlow 0.9) Starting in OpenFlow 0.9, it is possible to match on the VLAN PCP (priority) field and rewrite the IP ToS/DSCP bits. This check-in provides that support and bumps the wire protocol number to 0x98. NOTE: The wire changes come together over the set of OpenFlow 0.9 commits, so OVS will not be OpenFlow-compatible with any official release between this commit and the one that completes the set.
2009-11-11 14:59:49 -08:00
if (skb) {
struct iphdr *nh = ip_hdr(skb);
u8 *f = &nh->tos;
u8 old = *f;
datapath: Set the correct bits for OFPAT_SET_NW_TOS action. The DSCP bits are the high bits, not the low bits. Reported-by: Jean Tourrilhes <jt@hpl.hp.com>
2010-02-11 15:19:26 -08:00
u8 new;
ofproto: Match VLAN PCP and rewrite ToS bits (OpenFlow 0.9) Starting in OpenFlow 0.9, it is possible to match on the VLAN PCP (priority) field and rewrite the IP ToS/DSCP bits. This check-in provides that support and bumps the wire protocol number to 0x98. NOTE: The wire changes come together over the set of OpenFlow 0.9 commits, so OVS will not be OpenFlow-compatible with any official release between this commit and the one that completes the set.
2009-11-11 14:59:49 -08:00
datapath: Set the correct bits for OFPAT_SET_NW_TOS action. The DSCP bits are the high bits, not the low bits. Reported-by: Jean Tourrilhes <jt@hpl.hp.com>
2010-02-11 15:19:26 -08:00
/* Set the DSCP bits and preserve the ECN bits. */
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
new = nw_tos | (nh->tos & INET_ECN_MASK);
datapath: Correctly update IP checksum with actions. The update_csum() function that we currently use to update checksums on actions is really intended for L4 checksums. In particular, if the packet has a partial checksum and the field is not in the pseudo header, it doesn't do anything at all. This doesn't make sense for the IP header because Linux doesn't use hardware offload for it, so we always need to recompute the checksum. Instead, we can use the kernel function csum_replace4(), which will always do the right thing. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-06 17:51:33 -08:00
csum_replace4(&nh->check, (__force __be32)old,
(__force __be32)new);
ofproto: Match VLAN PCP and rewrite ToS bits (OpenFlow 0.9) Starting in OpenFlow 0.9, it is possible to match on the VLAN PCP (priority) field and rewrite the IP ToS/DSCP bits. This check-in provides that support and bumps the wire protocol number to 0x98. NOTE: The wire changes come together over the set of OpenFlow 0.9 commits, so OVS will not be OpenFlow-compatible with any official release between this commit and the one that completes the set.
2009-11-11 14:59:49 -08:00
*f = new;
}
return skb;
}
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
static struct sk_buff *set_tp_port(struct sk_buff *skb, const struct nlattr *a)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
struct udphdr *th;
__sum16 *check;
__be16 *port;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
if (unlikely(!is_ip(skb)))
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
return skb;
datapath: Always use GFP_ATOMIC to execute actions. These functions run 99% of the time in atomic context and the benefit of passing along the 'gfp' argument for the other 1% doesn't seem to outweigh the cost. Suggested-by: Stephen Hemminger <shemminger@vyatta.com> Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-09-10 11:16:31 -07:00
skb = make_writable(skb, 0);
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
if (unlikely(!skb))
return NULL;
/* Must follow make_writable() since that can move the skb data. */
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
check = get_l4_checksum(skb);
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
if (unlikely(!check))
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
return skb;
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
/*
* Update port and checksum.
*
* This is OK because source and destination port numbers are at the
* same offsets in both UDP and TCP headers, and get_l4_checksum() only
* supports those protocols.
*/
th = udp_hdr(skb);
datapath: s/ODPAT_/ODP_ACTION_ATTR_/ to fit new naming scheme. Jesse suggested this naming scheme, so I'm adjusting existing names to fit it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 21:56:00 -08:00
port = nla_type(a) == ODP_ACTION_ATTR_SET_TP_SRC ? &th->source : &th->dest;
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
inet_proto_csum_replace2(check, skb, *port, nla_get_be16(a), 0);
*port = nla_get_be16(a);
datapath: Clear rxhash when using an action that may affect it Signed-off-by: Simon Horman <horms@verge.net.au> [Jesse: Change version check from 2.6.37 to 2.6.35] Signed-off-by: Jesse Gross <jesse@nicira.com>
2011-02-07 11:07:14 +09:00
skb_clear_rxhash(skb);
datapath: Avoid accesses past the end of skbuff data in actions. Some of the flow actions that modify skbuff data did not check that the skbuff was long enough before doing so. This commit fixes that problem. Previously, the strategy for avoiding this was to only indicate the layer-3 nw_proto field in the flow if the corresponding layer-4 header was fully present, so that if, for example, nw_proto was IPPROTO_TCP, this meant that a TCP header was present. The original motivation for this patch was to add corresponding code to only indicate a layer-2 dl_type if the corresponding layer-3 header was fully present. But I'm now convinced that this approach is conceptually wrong, because the meaning of a layer-N header should not be affected by the meaning of a layer-(N+1) header. This commit switches to a new approach. Now, when a header is missing, its fields in the flow are simply zeroed and have no effect on the "type" field for the outer header. Responsibility for ensuring that a header is fully present is now shifted to the actions that wish to modify that header. Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-13 10:46:12 -07:00
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
return skb;
}
Add Nicira extension to OpenFlow for dropping spoofed ARP packets. "ARP spoofing" is when a host claims an incorrect association between an IP address and a MAC address for deceptive purposes. OpenFlow by itself can prevent a host from sending out ARP replies from an incorrect MAC address in the Ethernet L2 header, but it cannot control the MAC addresses inside the ARP L3 packet. This commit adds a new action that can be used to drop these spoofed packets. CC: Paul Ingram <paul@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-24 16:00:27 -07:00
/**
* is_spoofed_arp - check for invalid ARP packet
*
* @skb: skbuff containing an Ethernet packet, with network header pointing
* just past the Ethernet and optional 802.1Q header.
*
* Returns true if @skb is an invalid Ethernet+IPv4 ARP packet: one with screwy
* or truncated header fields or one whose inner and outer Ethernet address
* differ.
*/
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
static bool is_spoofed_arp(struct sk_buff *skb)
Add Nicira extension to OpenFlow for dropping spoofed ARP packets. "ARP spoofing" is when a host claims an incorrect association between an IP address and a MAC address for deceptive purposes. OpenFlow by itself can prevent a host from sending out ARP replies from an incorrect MAC address in the Ethernet L2 header, but it cannot control the MAC addresses inside the ARP L3 packet. This commit adds a new action that can be used to drop these spoofed packets. CC: Paul Ingram <paul@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-24 16:00:27 -07:00
{
struct arp_eth_header *arp;
datapath: Hash and compare only the part of sw_flow_key actually used. Currently the whole flow key struct is hashed on every packet received from the network or userspace. The whole struct is also compared byte-for-byte when doing flow table lookups. This consumes a fair percentage of CPU time, and most of the time part of the structure is unused (e.g. the IPv6 fields when handling IPv4 traffic; the IPv4 fields when handling Ethernet frames). This commit reorders the fields in the flow key struct to put the least commonly used elements at the end and changes the hash and comparison functions to look only at the part that contains data. Signed-off-by: Andrew Evans <aevans@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-05-18 11:30:07 -07:00
if (OVS_CB(skb)->flow->key.eth.type != htons(ETH_P_ARP))
Add Nicira extension to OpenFlow for dropping spoofed ARP packets. "ARP spoofing" is when a host claims an incorrect association between an IP address and a MAC address for deceptive purposes. OpenFlow by itself can prevent a host from sending out ARP replies from an incorrect MAC address in the Ethernet L2 header, but it cannot control the MAC addresses inside the ARP L3 packet. This commit adds a new action that can be used to drop these spoofed packets. CC: Paul Ingram <paul@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-24 16:00:27 -07:00
return false;
if (skb_network_offset(skb) + sizeof(struct arp_eth_header) > skb->len)
return true;
arp = (struct arp_eth_header *)skb_network_header(skb);
return (arp->ar_hrd != htons(ARPHRD_ETHER) ||
arp->ar_pro != htons(ETH_P_IP) ||
arp->ar_hln != ETH_ALEN ||
arp->ar_pln != 4 ||
compare_ether_addr(arp->ar_sha, eth_hdr(skb)->h_source));
}
datapath: Put return type on same line as arguments for functions. In some places we would put the return type on the same line as the rest of the function definition and other places we wouldn't. Reformat everything to match kernel style.
2010-07-14 19:27:18 -07:00
static void do_output(struct datapath *dp, struct sk_buff *skb, int out_port)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
datapath: Merge "struct dp_port" into "struct vport". After the previous commit, which changed the datapath to always create and attach a vport at the same time, and to always detach and delete a vport at the same time, there is no longer any real distinction between a dp_port and a vport. This commit, therefore, merges the two together to simplify code. It might even improve performance, although I have not checked. I wasn't sure at first whether the merged structure should be "struct dp_port" or "struct vport". I went with the latter since the "v" prefix sounds cool. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-03 13:09:26 -08:00
struct vport *p;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
if (!skb)
goto error;
datapath: Add generic virtual port layer. Currently the datapath directly accesses devices through their Linux functions. Obviously this doesn't work for virtual devices that are not backed by an actual Linux device. This creates a new virtual port layer which handles all interaction with devices. The existing support for Linux devices was then implemented on top of this layer as two device types. It splits out and renames dp_dev to internal_dev. There were several places where datapath devices had to handled in a special manner and this cleans that up by putting all the special casing in a single location.
2010-04-12 15:53:39 -04:00
p = rcu_dereference(dp->ports[out_port]);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
if (!p)
goto error;
datapath: Merge "struct dp_port" into "struct vport". After the previous commit, which changed the datapath to always create and attach a vport at the same time, and to always detach and delete a vport at the same time, there is no longer any real distinction between a dp_port and a vport. This commit, therefore, merges the two together to simplify code. It might even improve performance, although I have not checked. I wasn't sure at first whether the merged structure should be "struct dp_port" or "struct vport". I went with the latter since the "v" prefix sounds cool. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-03 13:09:26 -08:00
vport_send(p, skb);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
return;
error:
kfree_skb(skb);
}
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
static int output_control(struct datapath *dp, struct sk_buff *skb, u64 arg)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
datapath: Report kernel's flow key when passing packets up to userspace. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. This commit takes one step in that direction by making the kernel report its idea of the flow that a packet belongs to whenever it passes a packet up to userspace. This means that userspace can intelligently figure out what to do: - If userspace's notion of the flow for the packet matches the kernel's, then nothing special is necessary. - If the kernel has a more specific notion for the flow than userspace, for example if the kernel decoded IPv6 headers but userspace stopped at the Ethernet type (because it does not understand IPv6), then again nothing special is necessary: userspace can still set up the flow in the usual way. - If userspace has a more specific notion for the flow than the kernel, for example if userspace decoded an IPv6 header but the kernel stopped at the Ethernet type, then userspace can forward the packet manually, without setting up a flow in the kernel. (This case is bad from a performance point of view, but at least it is correct.) This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, although userspace does now have enough information to do that intelligently. This will have to wait for later commits. This commit is bigger than it would otherwise be because it is rolled together with changing "struct odp_msg" to a sequence of Netlink attributes. The alternative, to do each of those changes in a separate patch, seemed like overkill because it meant that either we would have to introduce and then kill off Netlink attributes for in_port and tun_id, if Netlink conversion went first, or shove yet another variable-length header into the stuff already after odp_msg, if adding the flow key to odp_msg went first. This commit will slow down performance of checksumming packets sent up to userspace. I'm not entirely pleased with how I did it. I considered a couple of alternatives, but none of them seemed that much better. Suggestions welcome. Not changing anything wasn't an option, unfortunately. At any rate some slowdown will become unavoidable when OVS actually starts using Netlink instead of just Netlink framing. (Actually, I thought of one option where we could avoid that: make userspace do the checksum instead, by passing csum_start and csum_offset as part of what goes to userspace. But that's not perfect either.) Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-24 14:59:57 -08:00
struct dp_upcall_info upcall;
datapath: Always use GFP_ATOMIC to execute actions. These functions run 99% of the time in atomic context and the benefit of passing along the 'gfp' argument for the other 1% doesn't seem to outweigh the cost. Suggested-by: Stephen Hemminger <shemminger@vyatta.com> Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-09-10 11:16:31 -07:00
skb = skb_clone(skb, GFP_ATOMIC);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
if (!skb)
return -ENOMEM;
datapath: Report kernel's flow key when passing packets up to userspace. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. This commit takes one step in that direction by making the kernel report its idea of the flow that a packet belongs to whenever it passes a packet up to userspace. This means that userspace can intelligently figure out what to do: - If userspace's notion of the flow for the packet matches the kernel's, then nothing special is necessary. - If the kernel has a more specific notion for the flow than userspace, for example if the kernel decoded IPv6 headers but userspace stopped at the Ethernet type (because it does not understand IPv6), then again nothing special is necessary: userspace can still set up the flow in the usual way. - If userspace has a more specific notion for the flow than the kernel, for example if userspace decoded an IPv6 header but the kernel stopped at the Ethernet type, then userspace can forward the packet manually, without setting up a flow in the kernel. (This case is bad from a performance point of view, but at least it is correct.) This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, although userspace does now have enough information to do that intelligently. This will have to wait for later commits. This commit is bigger than it would otherwise be because it is rolled together with changing "struct odp_msg" to a sequence of Netlink attributes. The alternative, to do each of those changes in a separate patch, seemed like overkill because it meant that either we would have to introduce and then kill off Netlink attributes for in_port and tun_id, if Netlink conversion went first, or shove yet another variable-length header into the stuff already after odp_msg, if adding the flow key to odp_msg went first. This commit will slow down performance of checksumming packets sent up to userspace. I'm not entirely pleased with how I did it. I considered a couple of alternatives, but none of them seemed that much better. Suggestions welcome. Not changing anything wasn't an option, unfortunately. At any rate some slowdown will become unavoidable when OVS actually starts using Netlink instead of just Netlink framing. (Actually, I thought of one option where we could avoid that: make userspace do the checksum instead, by passing csum_start and csum_offset as part of what goes to userspace. But that's not perfect either.) Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-24 14:59:57 -08:00
datapath: Convert upcalls and ODP_EXECUTE to use AF_NETLINK socket layer. This commit calls genl_lock() and thus doesn't support Linux before 2.6.35, which wasn't exported before that version. That problem will be fixed once the whole userspace interface transitions to Generic Netlink a few commits from now. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-26 13:41:54 -08:00
upcall.cmd = ODP_PACKET_CMD_ACTION;
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
upcall.key = &OVS_CB(skb)->flow->key;
datapath: Report kernel's flow key when passing packets up to userspace. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. This commit takes one step in that direction by making the kernel report its idea of the flow that a packet belongs to whenever it passes a packet up to userspace. This means that userspace can intelligently figure out what to do: - If userspace's notion of the flow for the packet matches the kernel's, then nothing special is necessary. - If the kernel has a more specific notion for the flow than userspace, for example if the kernel decoded IPv6 headers but userspace stopped at the Ethernet type (because it does not understand IPv6), then again nothing special is necessary: userspace can still set up the flow in the usual way. - If userspace has a more specific notion for the flow than the kernel, for example if userspace decoded an IPv6 header but the kernel stopped at the Ethernet type, then userspace can forward the packet manually, without setting up a flow in the kernel. (This case is bad from a performance point of view, but at least it is correct.) This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, although userspace does now have enough information to do that intelligently. This will have to wait for later commits. This commit is bigger than it would otherwise be because it is rolled together with changing "struct odp_msg" to a sequence of Netlink attributes. The alternative, to do each of those changes in a separate patch, seemed like overkill because it meant that either we would have to introduce and then kill off Netlink attributes for in_port and tun_id, if Netlink conversion went first, or shove yet another variable-length header into the stuff already after odp_msg, if adding the flow key to odp_msg went first. This commit will slow down performance of checksumming packets sent up to userspace. I'm not entirely pleased with how I did it. I considered a couple of alternatives, but none of them seemed that much better. Suggestions welcome. Not changing anything wasn't an option, unfortunately. At any rate some slowdown will become unavoidable when OVS actually starts using Netlink instead of just Netlink framing. (Actually, I thought of one option where we could avoid that: make userspace do the checksum instead, by passing csum_start and csum_offset as part of what goes to userspace. But that's not perfect either.) Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-24 14:59:57 -08:00
upcall.userdata = arg;
upcall.sample_pool = 0;
upcall.actions = NULL;
upcall.actions_len = 0;
return dp_upcall(dp, skb, &upcall);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
/* Execute a list of actions against 'skb'. */
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
struct sw_flow_actions *acts)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
/* Every output action needs a separate clone of 'skb', but the common
* case is just a single output action, so that doing a clone and
* then freeing the original skbuff is wasteful. So the following code
* is slightly obscure just to avoid that. */
int prev_port = -1;
Implement QoS framework. ovs-vswitchd doesn't declare its QoS capabilities in the database yet, so the controller has to know what they are. We can add that later. The linux-htb QoS class has been tested to the extent that I can see that it sets up the queues I expect when I run "tc qdisc show" and "tc class show". I haven't tested that the effects on flows are what we expect them to be. I am sure that there will be problems in that area that we will have to fix.
2010-06-17 15:04:12 -07:00
u32 priority = skb->priority;
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
const struct nlattr *a;
int rem, err;
Initial implementation of sFlow. Tested very slightly with "ping" and "sflowtool -t | tcpdump -r -".
2010-01-04 13:08:37 -08:00
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
for (a = acts->actions, rem = acts->actions_len; rem > 0;
a = nla_next(a, &rem)) {
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
if (prev_port != -1) {
datapath: Always use GFP_ATOMIC to execute actions. These functions run 99% of the time in atomic context and the benefit of passing along the 'gfp' argument for the other 1% doesn't seem to outweigh the cost. Suggested-by: Stephen Hemminger <shemminger@vyatta.com> Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-09-10 11:16:31 -07:00
do_output(dp, skb_clone(skb, GFP_ATOMIC), prev_port);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
prev_port = -1;
}
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
switch (nla_type(a)) {
datapath: s/ODPAT_/ODP_ACTION_ATTR_/ to fit new naming scheme. Jesse suggested this naming scheme, so I'm adjusting existing names to fit it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 21:56:00 -08:00
case ODP_ACTION_ATTR_OUTPUT:
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
prev_port = nla_get_u32(a);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
datapath: s/ODPAT_/ODP_ACTION_ATTR_/ to fit new naming scheme. Jesse suggested this naming scheme, so I'm adjusting existing names to fit it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 21:56:00 -08:00
case ODP_ACTION_ATTR_CONTROLLER:
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
err = output_control(dp, skb, nla_get_u64(a));
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
if (err) {
kfree_skb(skb);
return err;
}
break;
datapath: s/ODPAT_/ODP_ACTION_ATTR_/ to fit new naming scheme. Jesse suggested this naming scheme, so I'm adjusting existing names to fit it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 21:56:00 -08:00
case ODP_ACTION_ATTR_SET_TUNNEL:
Expand tunnel IDs from 32 to 64 bits. We have a need to identify tunnels with keys longer than 32 bits. This commit adds basic datapath and OpenFlow support for such keys. It doesn't actually add any tunnel protocols that support 64-bit keys, so this is not very useful yet. The 'arg' member of struct odp_msg had to be expanded to 64-bits also, because it sometimes contains a tunnel ID. This member also contains the argument passed to ODPAT_CONTROLLER, so I expanded that action's argument to 64 bits also so that it can use the full width of the expanded 'arg'. Userspace doesn't take advantage of the new space though (it was only using 16 bits anyhow). This commit has been tested only to the extent that it doesn't disrupt basic Open vSwitch operation. I have not tested it with tunnel traffic. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Feature #3976.
2010-12-10 10:42:42 -08:00
OVS_CB(skb)->tun_id = nla_get_be64(a);
tunneling: Add support for tunnel ID. Add a tun_id field which contains the ID of the encapsulating tunnel on which a packet was received (0 if not received on a tunnel). Also add an action which allows the tunnel ID to be set for outgoing packets. At this point there aren't any tunnel implementations so these fields don't have any effect. The matching is exposed to OpenFlow by overloading the high 32 bits of the cookie as the tunnel ID. ovs-ofctl is capable of turning on this special behavior using a new "tun-cookie" command but this command is intentially undocumented to avoid it being used without a full understanding of the consequences.
2010-04-12 11:49:16 -04:00
break;
datapath: s/ODPAT_/ODP_ACTION_ATTR_/ to fit new naming scheme. Jesse suggested this naming scheme, so I'm adjusting existing names to fit it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 21:56:00 -08:00
case ODP_ACTION_ATTR_SET_DL_TCI:
datapath: Remove unneeded modify_vlan_tci() parameters. These parameters were once needed but they are no longer used. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-03-02 10:38:14 -08:00
skb = modify_vlan_tci(skb, nla_get_be16(a));
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
datapath: s/ODPAT_/ODP_ACTION_ATTR_/ to fit new naming scheme. Jesse suggested this naming scheme, so I'm adjusting existing names to fit it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 21:56:00 -08:00
case ODP_ACTION_ATTR_STRIP_VLAN:
datapath: Always use GFP_ATOMIC to execute actions. These functions run 99% of the time in atomic context and the benefit of passing along the 'gfp' argument for the other 1% doesn't seem to outweigh the cost. Suggested-by: Stephen Hemminger <shemminger@vyatta.com> Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-09-10 11:16:31 -07:00
skb = strip_vlan(skb);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
datapath: s/ODPAT_/ODP_ACTION_ATTR_/ to fit new naming scheme. Jesse suggested this naming scheme, so I'm adjusting existing names to fit it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 21:56:00 -08:00
case ODP_ACTION_ATTR_SET_DL_SRC:
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
skb = make_writable(skb, 0);
if (!skb)
return -ENOMEM;
memcpy(eth_hdr(skb)->h_source, nla_data(a), ETH_ALEN);
break;
datapath: s/ODPAT_/ODP_ACTION_ATTR_/ to fit new naming scheme. Jesse suggested this naming scheme, so I'm adjusting existing names to fit it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 21:56:00 -08:00
case ODP_ACTION_ATTR_SET_DL_DST:
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
skb = make_writable(skb, 0);
if (!skb)
return -ENOMEM;
memcpy(eth_hdr(skb)->h_dest, nla_data(a), ETH_ALEN);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
datapath: s/ODPAT_/ODP_ACTION_ATTR_/ to fit new naming scheme. Jesse suggested this naming scheme, so I'm adjusting existing names to fit it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 21:56:00 -08:00
case ODP_ACTION_ATTR_SET_NW_SRC:
case ODP_ACTION_ATTR_SET_NW_DST:
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
skb = set_nw_addr(skb, a);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
datapath: s/ODPAT_/ODP_ACTION_ATTR_/ to fit new naming scheme. Jesse suggested this naming scheme, so I'm adjusting existing names to fit it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 21:56:00 -08:00
case ODP_ACTION_ATTR_SET_NW_TOS:
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
skb = set_nw_tos(skb, nla_get_u8(a));
ofproto: Match VLAN PCP and rewrite ToS bits (OpenFlow 0.9) Starting in OpenFlow 0.9, it is possible to match on the VLAN PCP (priority) field and rewrite the IP ToS/DSCP bits. This check-in provides that support and bumps the wire protocol number to 0x98. NOTE: The wire changes come together over the set of OpenFlow 0.9 commits, so OVS will not be OpenFlow-compatible with any official release between this commit and the one that completes the set.
2009-11-11 14:59:49 -08:00
break;
datapath: s/ODPAT_/ODP_ACTION_ATTR_/ to fit new naming scheme. Jesse suggested this naming scheme, so I'm adjusting existing names to fit it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 21:56:00 -08:00
case ODP_ACTION_ATTR_SET_TP_SRC:
case ODP_ACTION_ATTR_SET_TP_DST:
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
skb = set_tp_port(skb, a);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
Implement QoS framework. ovs-vswitchd doesn't declare its QoS capabilities in the database yet, so the controller has to know what they are. We can add that later. The linux-htb QoS class has been tested to the extent that I can see that it sets up the queues I expect when I run "tc qdisc show" and "tc class show". I haven't tested that the effects on flows are what we expect them to be. I am sure that there will be problems in that area that we will have to fix.
2010-06-17 15:04:12 -07:00
datapath: s/ODPAT_/ODP_ACTION_ATTR_/ to fit new naming scheme. Jesse suggested this naming scheme, so I'm adjusting existing names to fit it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 21:56:00 -08:00
case ODP_ACTION_ATTR_SET_PRIORITY:
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
skb->priority = nla_get_u32(a);
Implement QoS framework. ovs-vswitchd doesn't declare its QoS capabilities in the database yet, so the controller has to know what they are. We can add that later. The linux-htb QoS class has been tested to the extent that I can see that it sets up the queues I expect when I run "tc qdisc show" and "tc class show". I haven't tested that the effects on flows are what we expect them to be. I am sure that there will be problems in that area that we will have to fix.
2010-06-17 15:04:12 -07:00
break;
datapath: s/ODPAT_/ODP_ACTION_ATTR_/ to fit new naming scheme. Jesse suggested this naming scheme, so I'm adjusting existing names to fit it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 21:56:00 -08:00
case ODP_ACTION_ATTR_POP_PRIORITY:
Implement QoS framework. ovs-vswitchd doesn't declare its QoS capabilities in the database yet, so the controller has to know what they are. We can add that later. The linux-htb QoS class has been tested to the extent that I can see that it sets up the queues I expect when I run "tc qdisc show" and "tc class show". I haven't tested that the effects on flows are what we expect them to be. I am sure that there will be problems in that area that we will have to fix.
2010-06-17 15:04:12 -07:00
skb->priority = priority;
break;
Add Nicira extension to OpenFlow for dropping spoofed ARP packets. "ARP spoofing" is when a host claims an incorrect association between an IP address and a MAC address for deceptive purposes. OpenFlow by itself can prevent a host from sending out ARP replies from an incorrect MAC address in the Ethernet L2 header, but it cannot control the MAC addresses inside the ARP L3 packet. This commit adds a new action that can be used to drop these spoofed packets. CC: Paul Ingram <paul@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-24 16:00:27 -07:00
datapath: s/ODPAT_/ODP_ACTION_ATTR_/ to fit new naming scheme. Jesse suggested this naming scheme, so I'm adjusting existing names to fit it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 21:56:00 -08:00
case ODP_ACTION_ATTR_DROP_SPOOFED_ARP:
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
if (unlikely(is_spoofed_arp(skb)))
Add Nicira extension to OpenFlow for dropping spoofed ARP packets. "ARP spoofing" is when a host claims an incorrect association between an IP address and a MAC address for deceptive purposes. OpenFlow by itself can prevent a host from sending out ARP replies from an incorrect MAC address in the Ethernet L2 header, but it cannot control the MAC addresses inside the ARP L3 packet. This commit adds a new action that can be used to drop these spoofed packets. CC: Paul Ingram <paul@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-24 16:00:27 -07:00
goto exit;
break;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
if (!skb)
return -ENOMEM;
}
Add Nicira extension to OpenFlow for dropping spoofed ARP packets. "ARP spoofing" is when a host claims an incorrect association between an IP address and a MAC address for deceptive purposes. OpenFlow by itself can prevent a host from sending out ARP replies from an incorrect MAC address in the Ethernet L2 header, but it cannot control the MAC addresses inside the ARP L3 packet. This commit adds a new action that can be used to drop these spoofed packets. CC: Paul Ingram <paul@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-08-24 16:00:27 -07:00
exit:
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
if (prev_port != -1)
do_output(dp, skb, prev_port);
else
kfree_skb(skb);
datapath: Drop unneeded local variable initialization.
2009-06-19 14:03:12 -07:00
return 0;
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
static void sflow_sample(struct datapath *dp, struct sk_buff *skb,
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
struct sw_flow_actions *acts)
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
{
struct sk_buff *nskb;
datapath: Report kernel's flow key when passing packets up to userspace. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. This commit takes one step in that direction by making the kernel report its idea of the flow that a packet belongs to whenever it passes a packet up to userspace. This means that userspace can intelligently figure out what to do: - If userspace's notion of the flow for the packet matches the kernel's, then nothing special is necessary. - If the kernel has a more specific notion for the flow than userspace, for example if the kernel decoded IPv6 headers but userspace stopped at the Ethernet type (because it does not understand IPv6), then again nothing special is necessary: userspace can still set up the flow in the usual way. - If userspace has a more specific notion for the flow than the kernel, for example if userspace decoded an IPv6 header but the kernel stopped at the Ethernet type, then userspace can forward the packet manually, without setting up a flow in the kernel. (This case is bad from a performance point of view, but at least it is correct.) This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, although userspace does now have enough information to do that intelligently. This will have to wait for later commits. This commit is bigger than it would otherwise be because it is rolled together with changing "struct odp_msg" to a sequence of Netlink attributes. The alternative, to do each of those changes in a separate patch, seemed like overkill because it meant that either we would have to introduce and then kill off Netlink attributes for in_port and tun_id, if Netlink conversion went first, or shove yet another variable-length header into the stuff already after odp_msg, if adding the flow key to odp_msg went first. This commit will slow down performance of checksumming packets sent up to userspace. I'm not entirely pleased with how I did it. I considered a couple of alternatives, but none of them seemed that much better. Suggestions welcome. Not changing anything wasn't an option, unfortunately. At any rate some slowdown will become unavoidable when OVS actually starts using Netlink instead of just Netlink framing. (Actually, I thought of one option where we could avoid that: make userspace do the checksum instead, by passing csum_start and csum_offset as part of what goes to userspace. But that's not perfect either.) Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-24 14:59:57 -08:00
struct vport *p = OVS_CB(skb)->vport;
struct dp_upcall_info upcall;
if (unlikely(!p))
return;
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
datapath: Report kernel's flow key when passing packets up to userspace. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. This commit takes one step in that direction by making the kernel report its idea of the flow that a packet belongs to whenever it passes a packet up to userspace. This means that userspace can intelligently figure out what to do: - If userspace's notion of the flow for the packet matches the kernel's, then nothing special is necessary. - If the kernel has a more specific notion for the flow than userspace, for example if the kernel decoded IPv6 headers but userspace stopped at the Ethernet type (because it does not understand IPv6), then again nothing special is necessary: userspace can still set up the flow in the usual way. - If userspace has a more specific notion for the flow than the kernel, for example if userspace decoded an IPv6 header but the kernel stopped at the Ethernet type, then userspace can forward the packet manually, without setting up a flow in the kernel. (This case is bad from a performance point of view, but at least it is correct.) This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, although userspace does now have enough information to do that intelligently. This will have to wait for later commits. This commit is bigger than it would otherwise be because it is rolled together with changing "struct odp_msg" to a sequence of Netlink attributes. The alternative, to do each of those changes in a separate patch, seemed like overkill because it meant that either we would have to introduce and then kill off Netlink attributes for in_port and tun_id, if Netlink conversion went first, or shove yet another variable-length header into the stuff already after odp_msg, if adding the flow key to odp_msg went first. This commit will slow down performance of checksumming packets sent up to userspace. I'm not entirely pleased with how I did it. I considered a couple of alternatives, but none of them seemed that much better. Suggestions welcome. Not changing anything wasn't an option, unfortunately. At any rate some slowdown will become unavoidable when OVS actually starts using Netlink instead of just Netlink framing. (Actually, I thought of one option where we could avoid that: make userspace do the checksum instead, by passing csum_start and csum_offset as part of what goes to userspace. But that's not perfect either.) Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-24 14:59:57 -08:00
atomic_inc(&p->sflow_pool);
if (net_random() >= dp->sflow_probability)
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
return;
datapath: Report kernel's flow key when passing packets up to userspace. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. This commit takes one step in that direction by making the kernel report its idea of the flow that a packet belongs to whenever it passes a packet up to userspace. This means that userspace can intelligently figure out what to do: - If userspace's notion of the flow for the packet matches the kernel's, then nothing special is necessary. - If the kernel has a more specific notion for the flow than userspace, for example if the kernel decoded IPv6 headers but userspace stopped at the Ethernet type (because it does not understand IPv6), then again nothing special is necessary: userspace can still set up the flow in the usual way. - If userspace has a more specific notion for the flow than the kernel, for example if userspace decoded an IPv6 header but the kernel stopped at the Ethernet type, then userspace can forward the packet manually, without setting up a flow in the kernel. (This case is bad from a performance point of view, but at least it is correct.) This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, although userspace does now have enough information to do that intelligently. This will have to wait for later commits. This commit is bigger than it would otherwise be because it is rolled together with changing "struct odp_msg" to a sequence of Netlink attributes. The alternative, to do each of those changes in a separate patch, seemed like overkill because it meant that either we would have to introduce and then kill off Netlink attributes for in_port and tun_id, if Netlink conversion went first, or shove yet another variable-length header into the stuff already after odp_msg, if adding the flow key to odp_msg went first. This commit will slow down performance of checksumming packets sent up to userspace. I'm not entirely pleased with how I did it. I considered a couple of alternatives, but none of them seemed that much better. Suggestions welcome. Not changing anything wasn't an option, unfortunately. At any rate some slowdown will become unavoidable when OVS actually starts using Netlink instead of just Netlink framing. (Actually, I thought of one option where we could avoid that: make userspace do the checksum instead, by passing csum_start and csum_offset as part of what goes to userspace. But that's not perfect either.) Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-24 14:59:57 -08:00
nskb = skb_clone(skb, GFP_ATOMIC);
if (unlikely(!nskb))
return;
datapath: Convert upcalls and ODP_EXECUTE to use AF_NETLINK socket layer. This commit calls genl_lock() and thus doesn't support Linux before 2.6.35, which wasn't exported before that version. That problem will be fixed once the whole userspace interface transitions to Generic Netlink a few commits from now. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-26 13:41:54 -08:00
upcall.cmd = ODP_PACKET_CMD_SAMPLE;
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
upcall.key = &OVS_CB(skb)->flow->key;
datapath: Report kernel's flow key when passing packets up to userspace. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. This commit takes one step in that direction by making the kernel report its idea of the flow that a packet belongs to whenever it passes a packet up to userspace. This means that userspace can intelligently figure out what to do: - If userspace's notion of the flow for the packet matches the kernel's, then nothing special is necessary. - If the kernel has a more specific notion for the flow than userspace, for example if the kernel decoded IPv6 headers but userspace stopped at the Ethernet type (because it does not understand IPv6), then again nothing special is necessary: userspace can still set up the flow in the usual way. - If userspace has a more specific notion for the flow than the kernel, for example if userspace decoded an IPv6 header but the kernel stopped at the Ethernet type, then userspace can forward the packet manually, without setting up a flow in the kernel. (This case is bad from a performance point of view, but at least it is correct.) This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, although userspace does now have enough information to do that intelligently. This will have to wait for later commits. This commit is bigger than it would otherwise be because it is rolled together with changing "struct odp_msg" to a sequence of Netlink attributes. The alternative, to do each of those changes in a separate patch, seemed like overkill because it meant that either we would have to introduce and then kill off Netlink attributes for in_port and tun_id, if Netlink conversion went first, or shove yet another variable-length header into the stuff already after odp_msg, if adding the flow key to odp_msg went first. This commit will slow down performance of checksumming packets sent up to userspace. I'm not entirely pleased with how I did it. I considered a couple of alternatives, but none of them seemed that much better. Suggestions welcome. Not changing anything wasn't an option, unfortunately. At any rate some slowdown will become unavoidable when OVS actually starts using Netlink instead of just Netlink framing. (Actually, I thought of one option where we could avoid that: make userspace do the checksum instead, by passing csum_start and csum_offset as part of what goes to userspace. But that's not perfect either.) Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-24 14:59:57 -08:00
upcall.userdata = 0;
upcall.sample_pool = atomic_read(&p->sflow_pool);
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
upcall.actions = acts->actions;
upcall.actions_len = acts->actions_len;
datapath: Report kernel's flow key when passing packets up to userspace. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. This commit takes one step in that direction by making the kernel report its idea of the flow that a packet belongs to whenever it passes a packet up to userspace. This means that userspace can intelligently figure out what to do: - If userspace's notion of the flow for the packet matches the kernel's, then nothing special is necessary. - If the kernel has a more specific notion for the flow than userspace, for example if the kernel decoded IPv6 headers but userspace stopped at the Ethernet type (because it does not understand IPv6), then again nothing special is necessary: userspace can still set up the flow in the usual way. - If userspace has a more specific notion for the flow than the kernel, for example if userspace decoded an IPv6 header but the kernel stopped at the Ethernet type, then userspace can forward the packet manually, without setting up a flow in the kernel. (This case is bad from a performance point of view, but at least it is correct.) This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, although userspace does now have enough information to do that intelligently. This will have to wait for later commits. This commit is bigger than it would otherwise be because it is rolled together with changing "struct odp_msg" to a sequence of Netlink attributes. The alternative, to do each of those changes in a separate patch, seemed like overkill because it meant that either we would have to introduce and then kill off Netlink attributes for in_port and tun_id, if Netlink conversion went first, or shove yet another variable-length header into the stuff already after odp_msg, if adding the flow key to odp_msg went first. This commit will slow down performance of checksumming packets sent up to userspace. I'm not entirely pleased with how I did it. I considered a couple of alternatives, but none of them seemed that much better. Suggestions welcome. Not changing anything wasn't an option, unfortunately. At any rate some slowdown will become unavoidable when OVS actually starts using Netlink instead of just Netlink framing. (Actually, I thought of one option where we could avoid that: make userspace do the checksum instead, by passing csum_start and csum_offset as part of what goes to userspace. But that's not perfect either.) Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-24 14:59:57 -08:00
dp_upcall(dp, nskb, &upcall);
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
}
/* Execute a list of actions against 'skb'. */
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
int execute_actions(struct datapath *dp, struct sk_buff *skb)
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
{
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
struct sw_flow_actions *acts = rcu_dereference(OVS_CB(skb)->flow->sf_acts);
struct loop_counter *loop;
int error;
/* Check whether we've looped too much. */
loop = loop_get_counter();
if (unlikely(++loop->count > MAX_LOOPS))
loop->looping = true;
if (unlikely(loop->looping)) {
error = loop_suppress(dp, acts);
kfree_skb(skb);
goto out_loop;
}
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
/* Really execute actions. */
if (dp->sflow_probability)
sflow_sample(dp, skb, acts);
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
OVS_CB(skb)->tun_id = 0;
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
error = do_execute_actions(dp, skb, acts);
/* Check whether sub-actions looped too much. */
if (unlikely(loop->looping))
error = loop_suppress(dp, acts);
out_loop:
/* Decrement loop counter. */
if (!--loop->count)
loop->looping = false;
loop_put_counter();
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
datapath: Drop parameters from execute_actions(). It's (almost) always easier to understand a function with fewer parameters, so this removes the now-redundant sw_flow_key and actions parameters from execute_actions(), since they can be found through OVS_CB(skb)->flow now. This also necessarily moves loop detection into execute_actions(). Otherwise, the flow's actions could have changed between the time that the loop was detected and the time that it was suppressed, which would mean that the wrong (version of the) flow would get suppressed. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-04-29 10:49:06 -07:00
return error;
datapath: Don't recursively sample packets or reset their "tun_id"s. execute_actions() is called recursively when ODPAT_SET_DL_TCI adds a VLAN header to a GSO packet, but we don't want to re-sample the sub-packet or re-reset its tun_id, so break those two actions into a wrapper function. This commit mostly moves code around without modifying it. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 09:35:15 -08:00
}
Reference in New Issue Copy Permalink