From e0b8f73f17263e156988a45ebb6aa2e67fd70cc4 Mon Sep 17 00:00:00 2001
From: Simon Horman <horms@verge.net.au>
Date: Mon, 30 Jun 2014 13:20:14 +0900
Subject: [PATCH] datapath: Allow pop and push MPLS actions after pop VLAN

This patch loosens the restrictions surrounding push and pop MPLS actions
such that they will be allowed after a pop VLAN action if the inner
ethernet type is acceptable for pop and push MPLS actions. This implies
that there is only one VLAN tag present.

Some analysis of logic of this change is as follows:

    The purpose of tracking vlan_tci is to allow prohibition of push
    and pop MPLS actions in the presence of a VLAN. In this scenario
    the VLAN_TAG_PRESENT bit of vlan_tci is set and eth_type is that of
    the packet with the outermost VLAN tag removed.

    A pop VLAN action may clear vlan_tci as it removes the outermost
    VLAN tag and the push and pop MPLS logic may rely on eth_type for
    their prohibition logic.

    This will not allow push and pop MPLS on packets with multiple VLAN
    tags, regardless of if they are all remove using POP VLAN, as there
    is no mechanism to expose the inner ethernet type beyond that of
    the outermost VLAN tag.

Suggested-by: Jesse Gross <jgross@nicira.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
---
 datapath/flow_netlink.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/datapath/flow_netlink.c b/datapath/flow_netlink.c
index 5ee315080..925e9fbd7 100644
--- a/datapath/flow_netlink.c
+++ b/datapath/flow_netlink.c
@@ -1666,6 +1666,7 @@ static int ovs_nla_copy_actions__(const struct nlattr *attr,
 		}
 
 		case OVS_ACTION_ATTR_POP_VLAN:
+			vlan_tci = htons(0);
 			break;
 
 		case OVS_ACTION_ATTR_PUSH_VLAN:
@@ -1687,13 +1688,7 @@ static int ovs_nla_copy_actions__(const struct nlattr *attr,
 				return -EINVAL;
 			/* Prohibit push MPLS other than to a white list
 			 * for packets that have a known tag order.
-			 *
-			 * vlan_tci indicates that the packet at one
-			 * point had a VLAN. It may have been subsequently
-			 * removed using pop VLAN so this rule is stricter
-			 * than necessary. This is because it is not
-			 * possible to know if a VLAN is still present
-			 * after a pop VLAN action. */
+			 */
 			if (vlan_tci & htons(VLAN_TAG_PRESENT) ||
 			    (eth_type != htons(ETH_P_IP) &&
 			     eth_type != htons(ETH_P_IPV6) &&