2 * Distributed under the terms of the GNU GPL version 2.
3 * Copyright (c) 2007, 2008 The Board of Trustees of The Leland
4 * Stanford Junior University
7 /* Functions for executing OpenFlow actions. */
9 #include <linux/skbuff.h>
12 #include <linux/tcp.h>
13 #include <linux/udp.h>
14 #include <linux/in6.h>
15 #include <linux/if_vlan.h>
16 #include <net/checksum.h>
19 #include "nicira-ext.h"
24 validate_output(struct datapath *dp, const struct sw_flow_key *key,
25 const struct ofp_action_header *ah)
27 struct ofp_action_output *oa = (struct ofp_action_output *)ah;
29 if (oa->port == htons(OFPP_NONE) || oa->port == key->in_port)
30 return OFPBAC_BAD_OUT_PORT;
32 return ACT_VALIDATION_OK;
36 do_output(struct datapath *dp, struct sk_buff *skb, size_t max_len,
37 int out_port, int ignore_no_fwd)
41 return (likely(out_port != OFPP_CONTROLLER)
42 ? dp_output_port(dp, skb, out_port, ignore_no_fwd)
43 : dp_output_control(dp, skb, fwd_save_skb(skb),
44 max_len, OFPR_ACTION));
48 static struct sk_buff *
49 vlan_pull_tag(struct sk_buff *skb)
51 struct vlan_ethhdr *vh = vlan_eth_hdr(skb);
55 /* Verify we were given a vlan packet */
56 if (vh->h_vlan_proto != htons(ETH_P_8021Q))
59 memmove(skb->data + VLAN_HLEN, skb->data, 2 * VLAN_ETH_ALEN);
61 eh = (struct ethhdr *)skb_pull(skb, VLAN_HLEN);
63 skb->protocol = eh->h_proto;
64 skb->mac_header += VLAN_HLEN;
70 static struct sk_buff *
71 modify_vlan_tci(struct sk_buff *skb, struct sw_flow_key *key,
72 uint16_t tci, uint16_t mask)
74 struct vlan_ethhdr *vh = vlan_eth_hdr(skb);
76 if (key->dl_vlan != htons(OFP_VLAN_NONE)) {
77 /* Modify vlan id, but maintain other TCI values */
78 vh->h_vlan_TCI = (vh->h_vlan_TCI & ~(htons(mask))) | htons(tci);
82 /* xxx The vlan_put_tag function, doesn't seem to work
83 * xxx reliably when it attempts to use the hardware-accelerated
84 * xxx version. We'll directly use the software version
85 * xxx until the problem can be diagnosed.
87 skb = __vlan_put_tag(skb, tci);
88 vh = vlan_eth_hdr(skb);
90 key->dl_vlan = vh->h_vlan_TCI & htons(VLAN_VID_MASK);
95 static struct sk_buff *
96 set_vlan_vid(struct sk_buff *skb, struct sw_flow_key *key,
97 const struct ofp_action_header *ah)
99 struct ofp_action_vlan_vid *va = (struct ofp_action_vlan_vid *)ah;
100 uint16_t tci = ntohs(va->vlan_vid);
102 return modify_vlan_tci(skb, key, tci, VLAN_VID_MASK);
105 /* Mask for the priority bits in a vlan header. The kernel doesn't
106 * define this like it does for VID. */
107 #define VLAN_PCP_MASK 0xe000
109 static struct sk_buff *
110 set_vlan_pcp(struct sk_buff *skb, struct sw_flow_key *key,
111 const struct ofp_action_header *ah)
113 struct ofp_action_vlan_pcp *va = (struct ofp_action_vlan_pcp *)ah;
114 uint16_t tci = (uint16_t)va->vlan_pcp << 13;
116 return modify_vlan_tci(skb, key, tci, VLAN_PCP_MASK);
119 static struct sk_buff *
120 strip_vlan(struct sk_buff *skb, struct sw_flow_key *key,
121 const struct ofp_action_header *ah)
124 key->dl_vlan = htons(OFP_VLAN_NONE);
129 static struct sk_buff *
130 set_dl_addr(struct sk_buff *skb, struct sw_flow_key *key,
131 const struct ofp_action_header *ah)
133 struct ofp_action_dl_addr *da = (struct ofp_action_dl_addr *)ah;
134 struct ethhdr *eh = eth_hdr(skb);
136 if (da->type == htons(OFPAT_SET_DL_SRC))
137 memcpy(eh->h_source, da->dl_addr, sizeof eh->h_source);
139 memcpy(eh->h_dest, da->dl_addr, sizeof eh->h_dest);
144 /* Updates 'sum', which is a field in 'skb''s data, given that a 4-byte field
145 * covered by the sum has been changed from 'from' to 'to'. If set,
146 * 'pseudohdr' indicates that the field is in the TCP or UDP pseudo-header.
147 * Based on nf_proto_csum_replace4. */
148 static void update_csum(__sum16 *sum, struct sk_buff *skb,
149 __be32 from, __be32 to, int pseudohdr)
151 __be32 diff[] = { ~from, to };
152 if (skb->ip_summed != CHECKSUM_PARTIAL) {
153 *sum = csum_fold(csum_partial((char *)diff, sizeof(diff),
154 ~csum_unfold(*sum)));
155 if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr)
156 skb->csum = ~csum_partial((char *)diff, sizeof(diff),
158 } else if (pseudohdr)
159 *sum = ~csum_fold(csum_partial((char *)diff, sizeof(diff),
163 static struct sk_buff *
164 set_nw_addr(struct sk_buff *skb, struct sw_flow_key *key,
165 const struct ofp_action_header *ah)
167 struct ofp_action_nw_addr *na = (struct ofp_action_nw_addr *)ah;
168 uint16_t eth_proto = ntohs(key->dl_type);
170 if (eth_proto == ETH_P_IP) {
171 struct iphdr *nh = ip_hdr(skb);
172 uint32_t new, *field;
176 if (ah->type == htons(OFPAT_SET_NW_SRC))
181 if (key->nw_proto == IPPROTO_TCP) {
182 struct tcphdr *th = tcp_hdr(skb);
183 update_csum(&th->check, skb, *field, new, 1);
184 } else if (key->nw_proto == IPPROTO_UDP) {
185 struct udphdr *th = udp_hdr(skb);
186 update_csum(&th->check, skb, *field, new, 1);
188 update_csum(&nh->check, skb, *field, new, 0);
195 static struct sk_buff *
196 set_tp_port(struct sk_buff *skb, struct sw_flow_key *key,
197 const struct ofp_action_header *ah)
199 struct ofp_action_tp_port *ta = (struct ofp_action_tp_port *)ah;
200 uint16_t eth_proto = ntohs(key->dl_type);
202 if (eth_proto == ETH_P_IP) {
203 uint16_t new, *field;
207 if (key->nw_proto == IPPROTO_TCP) {
208 struct tcphdr *th = tcp_hdr(skb);
210 if (ah->type == htons(OFPAT_SET_TP_SRC))
215 update_csum(&th->check, skb, *field, new, 1);
217 } else if (key->nw_proto == IPPROTO_UDP) {
218 struct udphdr *th = udp_hdr(skb);
220 if (ah->type == htons(OFPAT_SET_TP_SRC))
225 update_csum(&th->check, skb, *field, new, 1);
233 struct openflow_action {
236 uint16_t (*validate)(struct datapath *dp,
237 const struct sw_flow_key *key,
238 const struct ofp_action_header *ah);
239 struct sk_buff *(*execute)(struct sk_buff *skb,
240 struct sw_flow_key *key,
241 const struct ofp_action_header *ah);
244 static const struct openflow_action of_actions[] = {
246 sizeof(struct ofp_action_output),
247 sizeof(struct ofp_action_output),
249 NULL /* This is optimized into execute_actions */
251 [OFPAT_SET_VLAN_VID] = {
252 sizeof(struct ofp_action_vlan_vid),
253 sizeof(struct ofp_action_vlan_vid),
257 [OFPAT_SET_VLAN_PCP] = {
258 sizeof(struct ofp_action_vlan_pcp),
259 sizeof(struct ofp_action_vlan_pcp),
263 [OFPAT_STRIP_VLAN] = {
264 sizeof(struct ofp_action_header),
265 sizeof(struct ofp_action_header),
269 [OFPAT_SET_DL_SRC] = {
270 sizeof(struct ofp_action_dl_addr),
271 sizeof(struct ofp_action_dl_addr),
275 [OFPAT_SET_DL_DST] = {
276 sizeof(struct ofp_action_dl_addr),
277 sizeof(struct ofp_action_dl_addr),
281 [OFPAT_SET_NW_SRC] = {
282 sizeof(struct ofp_action_nw_addr),
283 sizeof(struct ofp_action_nw_addr),
287 [OFPAT_SET_NW_DST] = {
288 sizeof(struct ofp_action_nw_addr),
289 sizeof(struct ofp_action_nw_addr),
293 [OFPAT_SET_TP_SRC] = {
294 sizeof(struct ofp_action_tp_port),
295 sizeof(struct ofp_action_tp_port),
299 [OFPAT_SET_TP_DST] = {
300 sizeof(struct ofp_action_tp_port),
301 sizeof(struct ofp_action_tp_port),
305 /* OFPAT_VENDOR is not here, since it would blow up the array size. */
308 /* Validate built-in OpenFlow actions. Either returns ACT_VALIDATION_OK
309 * or an OFPET_BAD_ACTION error code. */
311 validate_ofpat(struct datapath *dp, const struct sw_flow_key *key,
312 const struct ofp_action_header *ah, uint16_t type, uint16_t len)
314 int ret = ACT_VALIDATION_OK;
315 const struct openflow_action *act = &of_actions[type];
317 if ((len < act->min_size) || (len > act->max_size))
318 return OFPBAC_BAD_LEN;
321 ret = act->validate(dp, key, ah);
326 /* Validate vendor-defined actions. Either returns ACT_VALIDATION_OK
327 * or an OFPET_BAD_ACTION error code. */
329 validate_vendor(struct datapath *dp, const struct sw_flow_key *key,
330 const struct ofp_action_header *ah, uint16_t len)
332 struct ofp_action_vendor_header *avh;
333 int ret = ACT_VALIDATION_OK;
335 if (len < sizeof(struct ofp_action_vendor_header))
336 return OFPBAC_BAD_LEN;
338 avh = (struct ofp_action_vendor_header *)ah;
340 switch(ntohl(avh->vendor)) {
342 ret = nx_validate_act(dp, key, (struct nx_action_header *)avh, len);
346 return OFPBAC_BAD_VENDOR;
352 /* Validates a list of actions. If a problem is found, a code for the
353 * OFPET_BAD_ACTION error type is returned. If the action list validates,
354 * ACT_VALIDATION_OK is returned. */
356 validate_actions(struct datapath *dp, const struct sw_flow_key *key,
357 const struct ofp_action_header *actions, size_t actions_len)
359 uint8_t *p = (uint8_t *)actions;
362 while (actions_len >= sizeof(struct ofp_action_header)) {
363 struct ofp_action_header *ah = (struct ofp_action_header *)p;
364 size_t len = ntohs(ah->len);
367 /* Make there's enough remaining data for the specified length
368 * and that the action length is a multiple of 64 bits. */
369 if ((actions_len < len) || (len % 8) != 0)
370 return OFPBAC_BAD_LEN;
372 type = ntohs(ah->type);
373 if (type < ARRAY_SIZE(of_actions)) {
374 err = validate_ofpat(dp, key, ah, type, len);
375 if (err != ACT_VALIDATION_OK)
377 } else if (type == OFPAT_VENDOR) {
378 err = validate_vendor(dp, key, ah, len);
379 if (err != ACT_VALIDATION_OK)
382 return OFPBAC_BAD_TYPE;
388 /* Check if there's any trailing garbage. */
389 if (actions_len != 0)
390 return OFPBAC_BAD_LEN;
392 return ACT_VALIDATION_OK;
395 /* Execute a built-in OpenFlow action against 'skb'. */
396 static struct sk_buff *
397 execute_ofpat(struct sk_buff *skb, struct sw_flow_key *key,
398 const struct ofp_action_header *ah, uint16_t type)
400 const struct openflow_action *act = &of_actions[type];
403 if (!make_writable(&skb)) {
405 printk("make_writable failed\n");
408 skb = act->execute(skb, key, ah);
414 /* Execute a vendor-defined action against 'skb'. */
415 static struct sk_buff *
416 execute_vendor(struct sk_buff *skb, const struct sw_flow_key *key,
417 const struct ofp_action_header *ah)
419 struct ofp_action_vendor_header *avh
420 = (struct ofp_action_vendor_header *)ah;
422 /* NB: If changes need to be made to the packet, a call should be
423 * made to make_writable or its equivalent first. */
425 switch(ntohl(avh->vendor)) {
427 skb = nx_execute_act(skb, key, (struct nx_action_header *)avh);
431 /* This should not be possible due to prior validation. */
433 printk("attempt to execute action with unknown vendor: %#x\n",
441 /* Execute a list of actions against 'skb'. */
442 void execute_actions(struct datapath *dp, struct sk_buff *skb,
443 struct sw_flow_key *key,
444 const struct ofp_action_header *actions, size_t actions_len,
447 /* Every output action needs a separate clone of 'skb', but the common
448 * case is just a single output action, so that doing a clone and
449 * then freeing the original skbuff is wasteful. So the following code
450 * is slightly obscure just to avoid that. */
452 size_t max_len=0; /* Initialze to make compiler happy */
453 uint8_t *p = (uint8_t *)actions;
457 /* The action list was already validated, so we can be a bit looser
458 * in our sanity-checking. */
459 while (actions_len > 0) {
460 struct ofp_action_header *ah = (struct ofp_action_header *)p;
461 size_t len = htons(ah->len);
463 if (prev_port != -1) {
464 do_output(dp, skb_clone(skb, GFP_ATOMIC),
465 max_len, prev_port, ignore_no_fwd);
469 if (likely(ah->type == htons(OFPAT_OUTPUT))) {
470 struct ofp_action_output *oa = (struct ofp_action_output *)p;
471 prev_port = ntohs(oa->port);
472 max_len = ntohs(oa->max_len);
474 uint16_t type = ntohs(ah->type);
476 if (type < ARRAY_SIZE(of_actions))
477 skb = execute_ofpat(skb, key, ah, type);
478 else if (type == OFPAT_VENDOR)
479 skb = execute_vendor(skb, key, ah);
483 printk("execute_actions lost skb\n");
492 do_output(dp, skb, max_len, prev_port, ignore_no_fwd);
497 /* Utility functions. */
499 /* Makes '*pskb' writable, possibly copying it and setting '*pskb' to point to
501 * Returns 1 if successful, 0 on failure. */
503 make_writable(struct sk_buff **pskb)
505 /* Based on skb_make_writable() in net/netfilter/core.c. */
506 struct sk_buff *nskb;
508 /* Not exclusive use of packet? Must copy. */
509 if (skb_shared(*pskb) || skb_cloned(*pskb))
512 return pskb_may_pull(*pskb, 40); /* FIXME? */
515 nskb = skb_copy(*pskb, GFP_ATOMIC);
518 BUG_ON(skb_is_nonlinear(nskb));
520 /* Rest of kernel will get very unhappy if we pass it a
521 suddenly-orphaned skbuff */
523 skb_set_owner_w(nskb, (*pskb)->sk);