2 * Distributed under the terms of the GNU GPL version 2.
3 * Copyright (c) 2007, 2008 The Board of Trustees of The Leland
4 * Stanford Junior University
7 /* Functions for executing OpenFlow actions. */
9 #include <linux/skbuff.h>
12 #include <linux/tcp.h>
13 #include <linux/udp.h>
14 #include <linux/in6.h>
15 #include <linux/if_vlan.h>
16 #include <net/checksum.h>
19 #include "openflow/nicira-ext.h"
24 validate_output(struct datapath *dp, const struct sw_flow_key *key,
25 const struct ofp_action_header *ah)
27 struct ofp_action_output *oa = (struct ofp_action_output *)ah;
29 if (oa->port == htons(OFPP_NONE) ||
30 (!(key->wildcards & OFPFW_IN_PORT) && oa->port == key->in_port))
31 return OFPBAC_BAD_OUT_PORT;
33 return ACT_VALIDATION_OK;
37 do_output(struct datapath *dp, struct sk_buff *skb, size_t max_len,
38 int out_port, int ignore_no_fwd)
42 return (likely(out_port != OFPP_CONTROLLER)
43 ? dp_output_port(dp, skb, out_port, ignore_no_fwd)
44 : dp_output_control(dp, skb, fwd_save_skb(skb),
45 max_len, OFPR_ACTION));
49 static struct sk_buff *
50 vlan_pull_tag(struct sk_buff *skb)
52 struct vlan_ethhdr *vh = vlan_eth_hdr(skb);
56 /* Verify we were given a vlan packet */
57 if (vh->h_vlan_proto != htons(ETH_P_8021Q))
60 memmove(skb->data + VLAN_HLEN, skb->data, 2 * VLAN_ETH_ALEN);
62 eh = (struct ethhdr *)skb_pull(skb, VLAN_HLEN);
64 skb->protocol = eh->h_proto;
65 skb->mac_header += VLAN_HLEN;
71 static struct sk_buff *
72 modify_vlan_tci(struct sk_buff *skb, struct sw_flow_key *key,
73 uint16_t tci, uint16_t mask)
75 struct vlan_ethhdr *vh = vlan_eth_hdr(skb);
77 if (key->dl_vlan != htons(OFP_VLAN_NONE)) {
78 /* Modify vlan id, but maintain other TCI values */
79 vh->h_vlan_TCI = (vh->h_vlan_TCI & ~(htons(mask))) | htons(tci);
83 /* xxx The vlan_put_tag function, doesn't seem to work
84 * xxx reliably when it attempts to use the hardware-accelerated
85 * xxx version. We'll directly use the software version
86 * xxx until the problem can be diagnosed.
88 skb = __vlan_put_tag(skb, tci);
89 vh = vlan_eth_hdr(skb);
91 key->dl_vlan = vh->h_vlan_TCI & htons(VLAN_VID_MASK);
96 static struct sk_buff *
97 set_vlan_vid(struct sk_buff *skb, struct sw_flow_key *key,
98 const struct ofp_action_header *ah)
100 struct ofp_action_vlan_vid *va = (struct ofp_action_vlan_vid *)ah;
101 uint16_t tci = ntohs(va->vlan_vid);
103 return modify_vlan_tci(skb, key, tci, VLAN_VID_MASK);
106 /* Mask for the priority bits in a vlan header. The kernel doesn't
107 * define this like it does for VID. */
108 #define VLAN_PCP_MASK 0xe000
110 static struct sk_buff *
111 set_vlan_pcp(struct sk_buff *skb, struct sw_flow_key *key,
112 const struct ofp_action_header *ah)
114 struct ofp_action_vlan_pcp *va = (struct ofp_action_vlan_pcp *)ah;
115 uint16_t tci = (uint16_t)va->vlan_pcp << 13;
117 return modify_vlan_tci(skb, key, tci, VLAN_PCP_MASK);
120 static struct sk_buff *
121 strip_vlan(struct sk_buff *skb, struct sw_flow_key *key,
122 const struct ofp_action_header *ah)
125 key->dl_vlan = htons(OFP_VLAN_NONE);
130 static struct sk_buff *
131 set_dl_addr(struct sk_buff *skb, struct sw_flow_key *key,
132 const struct ofp_action_header *ah)
134 struct ofp_action_dl_addr *da = (struct ofp_action_dl_addr *)ah;
135 struct ethhdr *eh = eth_hdr(skb);
137 if (da->type == htons(OFPAT_SET_DL_SRC))
138 memcpy(eh->h_source, da->dl_addr, sizeof eh->h_source);
140 memcpy(eh->h_dest, da->dl_addr, sizeof eh->h_dest);
145 /* Updates 'sum', which is a field in 'skb''s data, given that a 4-byte field
146 * covered by the sum has been changed from 'from' to 'to'. If set,
147 * 'pseudohdr' indicates that the field is in the TCP or UDP pseudo-header.
148 * Based on nf_proto_csum_replace4. */
149 static void update_csum(__sum16 *sum, struct sk_buff *skb,
150 __be32 from, __be32 to, int pseudohdr)
152 __be32 diff[] = { ~from, to };
153 if (skb->ip_summed != CHECKSUM_PARTIAL) {
154 *sum = csum_fold(csum_partial((char *)diff, sizeof(diff),
155 ~csum_unfold(*sum)));
156 if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr)
157 skb->csum = ~csum_partial((char *)diff, sizeof(diff),
159 } else if (pseudohdr)
160 *sum = ~csum_fold(csum_partial((char *)diff, sizeof(diff),
164 static struct sk_buff *
165 set_nw_addr(struct sk_buff *skb, struct sw_flow_key *key,
166 const struct ofp_action_header *ah)
168 struct ofp_action_nw_addr *na = (struct ofp_action_nw_addr *)ah;
169 uint16_t eth_proto = ntohs(key->dl_type);
171 if (eth_proto == ETH_P_IP) {
172 struct iphdr *nh = ip_hdr(skb);
173 uint32_t new, *field;
177 if (ah->type == htons(OFPAT_SET_NW_SRC))
182 if (key->nw_proto == IPPROTO_TCP) {
183 struct tcphdr *th = tcp_hdr(skb);
184 update_csum(&th->check, skb, *field, new, 1);
185 } else if (key->nw_proto == IPPROTO_UDP) {
186 struct udphdr *th = udp_hdr(skb);
187 update_csum(&th->check, skb, *field, new, 1);
189 update_csum(&nh->check, skb, *field, new, 0);
196 static struct sk_buff *
197 set_tp_port(struct sk_buff *skb, struct sw_flow_key *key,
198 const struct ofp_action_header *ah)
200 struct ofp_action_tp_port *ta = (struct ofp_action_tp_port *)ah;
201 uint16_t eth_proto = ntohs(key->dl_type);
203 if (eth_proto == ETH_P_IP) {
204 uint16_t new, *field;
208 if (key->nw_proto == IPPROTO_TCP) {
209 struct tcphdr *th = tcp_hdr(skb);
211 if (ah->type == htons(OFPAT_SET_TP_SRC))
216 update_csum(&th->check, skb, *field, new, 1);
218 } else if (key->nw_proto == IPPROTO_UDP) {
219 struct udphdr *th = udp_hdr(skb);
221 if (ah->type == htons(OFPAT_SET_TP_SRC))
226 update_csum(&th->check, skb, *field, new, 1);
234 struct openflow_action {
237 uint16_t (*validate)(struct datapath *dp,
238 const struct sw_flow_key *key,
239 const struct ofp_action_header *ah);
240 struct sk_buff *(*execute)(struct sk_buff *skb,
241 struct sw_flow_key *key,
242 const struct ofp_action_header *ah);
245 static const struct openflow_action of_actions[] = {
247 sizeof(struct ofp_action_output),
248 sizeof(struct ofp_action_output),
250 NULL /* This is optimized into execute_actions */
252 [OFPAT_SET_VLAN_VID] = {
253 sizeof(struct ofp_action_vlan_vid),
254 sizeof(struct ofp_action_vlan_vid),
258 [OFPAT_SET_VLAN_PCP] = {
259 sizeof(struct ofp_action_vlan_pcp),
260 sizeof(struct ofp_action_vlan_pcp),
264 [OFPAT_STRIP_VLAN] = {
265 sizeof(struct ofp_action_header),
266 sizeof(struct ofp_action_header),
270 [OFPAT_SET_DL_SRC] = {
271 sizeof(struct ofp_action_dl_addr),
272 sizeof(struct ofp_action_dl_addr),
276 [OFPAT_SET_DL_DST] = {
277 sizeof(struct ofp_action_dl_addr),
278 sizeof(struct ofp_action_dl_addr),
282 [OFPAT_SET_NW_SRC] = {
283 sizeof(struct ofp_action_nw_addr),
284 sizeof(struct ofp_action_nw_addr),
288 [OFPAT_SET_NW_DST] = {
289 sizeof(struct ofp_action_nw_addr),
290 sizeof(struct ofp_action_nw_addr),
294 [OFPAT_SET_TP_SRC] = {
295 sizeof(struct ofp_action_tp_port),
296 sizeof(struct ofp_action_tp_port),
300 [OFPAT_SET_TP_DST] = {
301 sizeof(struct ofp_action_tp_port),
302 sizeof(struct ofp_action_tp_port),
306 /* OFPAT_VENDOR is not here, since it would blow up the array size. */
309 /* Validate built-in OpenFlow actions. Either returns ACT_VALIDATION_OK
310 * or an OFPET_BAD_ACTION error code. */
312 validate_ofpat(struct datapath *dp, const struct sw_flow_key *key,
313 const struct ofp_action_header *ah, uint16_t type, uint16_t len)
315 int ret = ACT_VALIDATION_OK;
316 const struct openflow_action *act = &of_actions[type];
318 if ((len < act->min_size) || (len > act->max_size))
319 return OFPBAC_BAD_LEN;
322 ret = act->validate(dp, key, ah);
327 /* Validate vendor-defined actions. Either returns ACT_VALIDATION_OK
328 * or an OFPET_BAD_ACTION error code. */
330 validate_vendor(struct datapath *dp, const struct sw_flow_key *key,
331 const struct ofp_action_header *ah, uint16_t len)
333 struct ofp_action_vendor_header *avh;
334 int ret = ACT_VALIDATION_OK;
336 if (len < sizeof(struct ofp_action_vendor_header))
337 return OFPBAC_BAD_LEN;
339 avh = (struct ofp_action_vendor_header *)ah;
341 switch(ntohl(avh->vendor)) {
343 ret = nx_validate_act(dp, key, (struct nx_action_header *)avh, len);
347 return OFPBAC_BAD_VENDOR;
353 /* Validates a list of actions. If a problem is found, a code for the
354 * OFPET_BAD_ACTION error type is returned. If the action list validates,
355 * ACT_VALIDATION_OK is returned. */
357 validate_actions(struct datapath *dp, const struct sw_flow_key *key,
358 const struct ofp_action_header *actions, size_t actions_len)
360 uint8_t *p = (uint8_t *)actions;
363 while (actions_len >= sizeof(struct ofp_action_header)) {
364 struct ofp_action_header *ah = (struct ofp_action_header *)p;
365 size_t len = ntohs(ah->len);
368 /* Make there's enough remaining data for the specified length
369 * and that the action length is a multiple of 64 bits. */
370 if ((actions_len < len) || (len % 8) != 0)
371 return OFPBAC_BAD_LEN;
373 type = ntohs(ah->type);
374 if (type < ARRAY_SIZE(of_actions)) {
375 err = validate_ofpat(dp, key, ah, type, len);
376 if (err != ACT_VALIDATION_OK)
378 } else if (type == OFPAT_VENDOR) {
379 err = validate_vendor(dp, key, ah, len);
380 if (err != ACT_VALIDATION_OK)
383 return OFPBAC_BAD_TYPE;
389 /* Check if there's any trailing garbage. */
390 if (actions_len != 0)
391 return OFPBAC_BAD_LEN;
393 return ACT_VALIDATION_OK;
396 /* Execute a built-in OpenFlow action against 'skb'. */
397 static struct sk_buff *
398 execute_ofpat(struct sk_buff *skb, struct sw_flow_key *key,
399 const struct ofp_action_header *ah, uint16_t type)
401 const struct openflow_action *act = &of_actions[type];
404 if (!make_writable(&skb)) {
406 printk("make_writable failed\n");
409 skb = act->execute(skb, key, ah);
415 /* Execute a vendor-defined action against 'skb'. */
416 static struct sk_buff *
417 execute_vendor(struct sk_buff *skb, const struct sw_flow_key *key,
418 const struct ofp_action_header *ah)
420 struct ofp_action_vendor_header *avh
421 = (struct ofp_action_vendor_header *)ah;
423 /* NB: If changes need to be made to the packet, a call should be
424 * made to make_writable or its equivalent first. */
426 switch(ntohl(avh->vendor)) {
428 skb = nx_execute_act(skb, key, (struct nx_action_header *)avh);
432 /* This should not be possible due to prior validation. */
434 printk("attempt to execute action with unknown vendor: %#x\n",
442 /* Execute a list of actions against 'skb'. */
443 void execute_actions(struct datapath *dp, struct sk_buff *skb,
444 struct sw_flow_key *key,
445 const struct ofp_action_header *actions, size_t actions_len,
448 /* Every output action needs a separate clone of 'skb', but the common
449 * case is just a single output action, so that doing a clone and
450 * then freeing the original skbuff is wasteful. So the following code
451 * is slightly obscure just to avoid that. */
453 size_t max_len=0; /* Initialze to make compiler happy */
454 uint8_t *p = (uint8_t *)actions;
458 /* The action list was already validated, so we can be a bit looser
459 * in our sanity-checking. */
460 while (actions_len > 0) {
461 struct ofp_action_header *ah = (struct ofp_action_header *)p;
462 size_t len = htons(ah->len);
464 WARN_ON_ONCE(skb_shared(skb));
465 if (prev_port != -1) {
466 do_output(dp, skb_clone(skb, GFP_ATOMIC),
467 max_len, prev_port, ignore_no_fwd);
471 if (likely(ah->type == htons(OFPAT_OUTPUT))) {
472 struct ofp_action_output *oa = (struct ofp_action_output *)p;
473 prev_port = ntohs(oa->port);
474 max_len = ntohs(oa->max_len);
476 uint16_t type = ntohs(ah->type);
478 if (type < ARRAY_SIZE(of_actions))
479 skb = execute_ofpat(skb, key, ah, type);
480 else if (type == OFPAT_VENDOR)
481 skb = execute_vendor(skb, key, ah);
485 printk("execute_actions lost skb\n");
494 do_output(dp, skb, max_len, prev_port, ignore_no_fwd);
499 /* Utility functions. */
501 /* Makes '*pskb' writable, possibly copying it and setting '*pskb' to point to
503 * Returns 1 if successful, 0 on failure. */
505 make_writable(struct sk_buff **pskb)
507 struct sk_buff *skb = *pskb;
508 if (skb_shared(skb) || skb_cloned(skb)) {
509 struct sk_buff *nskb = skb_copy(skb, GFP_ATOMIC);
516 unsigned int hdr_len = (skb_transport_offset(skb)
517 + sizeof(struct tcphdr));
518 return pskb_may_pull(skb, min(hdr_len, skb->len));