mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-09-01 14:55:18 +00:00
Code Issues Releases Wiki Activity

tunnel: set skb mark for IPsec tunnel packets

Browse Source 
The new ovs-monitor-ipsec implementation will use skb marks in
IPsec policies. This patch will configure datapath to use these
skb marks for IPsec tunnel packets.

Issue: 14870
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
This commit is contained in:
Ansis Atteka
2013-02-13 16:48:46 -08:00
parent 4b5fbf854d
commit 09a0d2e7c5
4 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/odp-util.c
View File

@@ -2183,6 +2183,14 @@ commit_set_action(struct ofpbuf *odp_actions, enum ovs_key_attr key_type,
nl_msg_end_nested(odp_actions, offset); nl_msg_end_nested(odp_actions, offset);
} }
void
odp_put_skb_mark_action(const uint32_t skb_mark,
struct ofpbuf *odp_actions)
{
commit_set_action(odp_actions, OVS_KEY_ATTR_SKB_MARK, &skb_mark,
sizeof(skb_mark));
}
/* If any of the flow key data that ODP actions can modify are different in /* If any of the flow key data that ODP actions can modify are different in
* 'base->tunnel' and 'flow->tunnel', appends a set_tunnel ODP action to * 'base->tunnel' and 'flow->tunnel', appends a set_tunnel ODP action to
* 'odp_actions' that change the flow tunneling information in key from * 'odp_actions' that change the flow tunneling information in key from
@@ -2423,8 +2431,7 @@ commit_set_skb_mark_action(const struct flow *flow, struct flow *base,
} }
base->skb_mark = flow->skb_mark; base->skb_mark = flow->skb_mark;
commit_set_action(odp_actions, OVS_KEY_ATTR_SKB_MARK, odp_put_skb_mark_action(base->skb_mark, odp_actions);
&base->skb_mark, sizeof(base->skb_mark));
} }
/* If any of the flow key data that ODP actions can modify are different in /* If any of the flow key data that ODP actions can modify are different in
* 'base' and 'flow', appends ODP actions to 'odp_actions' that change the flow * 'base' and 'flow', appends ODP actions to 'odp_actions' that change the flow

2
lib/odp-util.h
View File

@@ -156,6 +156,8 @@ size_t odp_put_userspace_action(uint32_t pid,
struct ofpbuf *odp_actions); struct ofpbuf *odp_actions);
void odp_put_tunnel_action(const struct flow_tnl *tunnel, void odp_put_tunnel_action(const struct flow_tnl *tunnel,
struct ofpbuf *odp_actions); struct ofpbuf *odp_actions);
void odp_put_skb_mark_action(const uint32_t skb_mark,
struct ofpbuf *odp_actions);
/* Reasons why a subfacet might not be fast-pathable. */ /* Reasons why a subfacet might not be fast-pathable. */
enum slow_path_reason { enum slow_path_reason {

1
ofproto/ofproto-dpif.c
View File

@@ -5525,6 +5525,7 @@ send_packet(const struct ofport_dpif *ofport, struct ofpbuf *packet)
dpif_flow_stats_extract(&flow, packet, time_msec(), &stats); dpif_flow_stats_extract(&flow, packet, time_msec(), &stats);
netdev_vport_inc_tx(ofport->up.netdev, &stats); netdev_vport_inc_tx(ofport->up.netdev, &stats);
odp_put_tunnel_action(&flow.tunnel, &odp_actions); odp_put_tunnel_action(&flow.tunnel, &odp_actions);
odp_put_skb_mark_action(flow.skb_mark, &odp_actions);
} else { } else {
odp_port = vsp_realdev_to_vlandev(ofproto, ofport->odp_port, odp_port = vsp_realdev_to_vlandev(ofproto, ofport->odp_port,
flow.vlan_tci); flow.vlan_tci);

9
ofproto/tunnel.c
View File

@@ -34,18 +34,21 @@
* *
* Ability to generate actions on input for ECN * Ability to generate actions on input for ECN
* Ability to generate metadata for packet-outs * Ability to generate metadata for packet-outs
* IPsec using skb mark.
* VXLAN. * VXLAN.
* Multicast group management (possibly). * Multicast group management (possibly).
* Disallow netdevs with names like "gre64_system" to prevent collisions. */ * Disallow netdevs with names like "gre64_system" to prevent collisions. */
VLOG_DEFINE_THIS_MODULE(tunnel); VLOG_DEFINE_THIS_MODULE(tunnel);
/* skb mark used for IPsec tunnel packets */
#define IPSEC_MARK 1
struct tnl_match { struct tnl_match {
ovs_be64 in_key; ovs_be64 in_key;
ovs_be32 ip_src; ovs_be32 ip_src;
ovs_be32 ip_dst; ovs_be32 ip_dst;
uint32_t odp_port; uint32_t odp_port;
uint32_t skb_mark;
bool in_key_flow; bool in_key_flow;
}; };
@@ -94,6 +97,7 @@ tnl_port_add__(const struct ofport *ofport, uint32_t odp_port,
tnl_port->match.in_key = cfg->in_key; tnl_port->match.in_key = cfg->in_key;
tnl_port->match.ip_src = cfg->ip_src; tnl_port->match.ip_src = cfg->ip_src;
tnl_port->match.ip_dst = cfg->ip_dst; tnl_port->match.ip_dst = cfg->ip_dst;
tnl_port->match.skb_mark = cfg->ipsec ? IPSEC_MARK : 0;
tnl_port->match.in_key_flow = cfg->in_key_flow; tnl_port->match.in_key_flow = cfg->in_key_flow;
tnl_port->match.odp_port = odp_port; tnl_port->match.odp_port = odp_port;
@@ -183,6 +187,7 @@ tnl_port_receive(struct flow *flow)
match.ip_src = flow->tunnel.ip_dst; match.ip_src = flow->tunnel.ip_dst;
match.ip_dst = flow->tunnel.ip_src; match.ip_dst = flow->tunnel.ip_src;
match.in_key = flow->tunnel.tun_id; match.in_key = flow->tunnel.tun_id;
match.skb_mark = flow->skb_mark;
tnl_port = tnl_find(&match); tnl_port = tnl_find(&match);
if (!tnl_port) { if (!tnl_port) {
@@ -248,6 +253,7 @@ tnl_port_send(const struct tnl_port *tnl_port, struct flow *flow)
flow->tunnel.ip_src = tnl_port->match.ip_src; flow->tunnel.ip_src = tnl_port->match.ip_src;
flow->tunnel.ip_dst = tnl_port->match.ip_dst; flow->tunnel.ip_dst = tnl_port->match.ip_dst;
flow->skb_mark = tnl_port->match.skb_mark;
if (!cfg->out_key_flow) { if (!cfg->out_key_flow) {
flow->tunnel.tun_id = cfg->out_key; flow->tunnel.tun_id = cfg->out_key;
@@ -393,6 +399,7 @@ tnl_match_fmt(const struct tnl_match *match, struct ds *ds)
} }
ds_put_format(ds, ", dp port=%"PRIu32, match->odp_port); ds_put_format(ds, ", dp port=%"PRIu32, match->odp_port);
ds_put_format(ds, ", skb mark=%"PRIu32, match->skb_mark);
} }
static void static void