Add support for Source-NAT to Linux 2.6 datapaths.
[sliver-openvswitch.git] / datapath / forward.c
1 /*
2  * Distributed under the terms of the GNU GPL version 2.
3  * Copyright (c) 2007, 2008 The Board of Trustees of The Leland 
4  * Stanford Junior University
5  */
6
7 #include <linux/netdevice.h>
8 #include <linux/etherdevice.h>
9 #include <linux/if_ether.h>
10 #include <linux/if_vlan.h>
11 #include <asm/uaccess.h>
12 #include <linux/types.h>
13 #include "forward.h"
14 #include "datapath.h"
15 #include "nicira-ext.h"
16 #include "dp_act.h"
17 #include "nx_msg.h"
18 #include "chain.h"
19 #include "flow.h"
20
21 /* FIXME: do we need to use GFP_ATOMIC everywhere here? */
22
23
24 static struct sk_buff *retrieve_skb(uint32_t id);
25 static void discard_skb(uint32_t id);
26
27 /* 'skb' was received on port 'p', which may be a physical switch port, the
28  * local port, or a null pointer.  Process it according to 'chain'.  Returns 0
29  * if successful, in which case 'skb' is destroyed, or -ESRCH if there is no
30  * matching flow, in which case 'skb' still belongs to the caller. */
31 int run_flow_through_tables(struct sw_chain *chain, struct sk_buff *skb,
32                             struct net_bridge_port *p)
33 {
34         /* Ethernet address used as the destination for STP frames. */
35         static const uint8_t stp_eth_addr[ETH_ALEN]
36                 = { 0x01, 0x80, 0xC2, 0x00, 0x00, 0x01 };
37         struct sw_flow_key key;
38         struct sw_flow *flow;
39
40         if (flow_extract(skb, p ? p->port_no : OFPP_NONE, &key)
41             && (chain->dp->flags & OFPC_FRAG_MASK) == OFPC_FRAG_DROP) {
42                 /* Drop fragment. */
43                 kfree_skb(skb);
44                 return 0;
45         }
46         if (p && p->config & (OFPPC_NO_RECV | OFPPC_NO_RECV_STP) &&
47             p->config & (compare_ether_addr(key.dl_dst, stp_eth_addr)
48                         ? OFPPC_NO_RECV : OFPPC_NO_RECV_STP)) {
49                 kfree_skb(skb);
50                 return 0;
51         }
52
53         flow = chain_lookup(chain, &key);
54         if (likely(flow != NULL)) {
55                 struct sw_flow_actions *sf_acts = rcu_dereference(flow->sf_acts);
56                 flow_used(flow, skb);
57                 execute_actions(chain->dp, skb, &key,
58                                 sf_acts->actions, sf_acts->actions_len, 0);
59                 return 0;
60         } else {
61                 return -ESRCH;
62         }
63 }
64
65 /* 'skb' was received on port 'p', which may be a physical switch port, the
66  * local port, or a null pointer.  Process it according to 'chain', sending it
67  * up to the controller if no flow matches.  Takes ownership of 'skb'. */
68 void fwd_port_input(struct sw_chain *chain, struct sk_buff *skb,
69                     struct net_bridge_port *p)
70 {
71         if (run_flow_through_tables(chain, skb, p))
72                 dp_output_control(chain->dp, skb, fwd_save_skb(skb), 
73                                   chain->dp->miss_send_len,
74                                   OFPR_NO_MATCH);
75 }
76
77 static int
78 recv_hello(struct sw_chain *chain, const struct sender *sender,
79            const void *msg)
80 {
81         return dp_send_hello(chain->dp, sender, msg);
82 }
83
84 static int
85 recv_features_request(struct sw_chain *chain, const struct sender *sender,
86                       const void *msg) 
87 {
88         return dp_send_features_reply(chain->dp, sender);
89 }
90
91 static int
92 recv_get_config_request(struct sw_chain *chain, const struct sender *sender,
93                         const void *msg)
94 {
95         return dp_send_config_reply(chain->dp, sender);
96 }
97
98 static int
99 recv_set_config(struct sw_chain *chain, const struct sender *sender,
100                 const void *msg)
101 {
102         const struct ofp_switch_config *osc = msg;
103         int flags;
104
105         flags = ntohs(osc->flags) & (OFPC_SEND_FLOW_EXP | OFPC_FRAG_MASK);
106         if ((flags & OFPC_FRAG_MASK) != OFPC_FRAG_NORMAL
107             && (flags & OFPC_FRAG_MASK) != OFPC_FRAG_DROP) {
108                 flags = (flags & ~OFPC_FRAG_MASK) | OFPC_FRAG_DROP;
109         }
110         chain->dp->flags = flags;
111
112         chain->dp->miss_send_len = ntohs(osc->miss_send_len);
113
114         return 0;
115 }
116
117 static int
118 recv_packet_out(struct sw_chain *chain, const struct sender *sender,
119                 const void *msg)
120 {
121         const struct ofp_packet_out *opo = msg;
122         struct sk_buff *skb;
123         struct vlan_ethhdr *mac;
124         int nh_ofs;
125         uint16_t v_code;
126         struct sw_flow_key key;
127         size_t actions_len = ntohs(opo->actions_len);
128
129         if (actions_len > (ntohs(opo->header.length) - sizeof *opo)) {
130                 if (net_ratelimit()) 
131                         printk("message too short for number of actions\n");
132                 return -EINVAL;
133         }
134
135         if (ntohl(opo->buffer_id) == (uint32_t) -1) {
136                 int data_len = ntohs(opo->header.length) - sizeof *opo - actions_len;
137
138                 /* FIXME: there is likely a way to reuse the data in msg. */
139                 skb = alloc_skb(data_len, GFP_ATOMIC);
140                 if (!skb)
141                         return -ENOMEM;
142
143                 /* FIXME?  We don't reserve NET_IP_ALIGN or NET_SKB_PAD since
144                  * we're just transmitting this raw without examining anything
145                  * at those layers. */
146                 memcpy(skb_put(skb, data_len), (uint8_t *)opo->actions + actions_len, 
147                                 data_len);
148
149                 skb_set_mac_header(skb, 0);
150                 mac = vlan_eth_hdr(skb);
151                 if (likely(mac->h_vlan_proto != htons(ETH_P_8021Q)))
152                         nh_ofs = sizeof(struct ethhdr);
153                 else
154                         nh_ofs = sizeof(struct vlan_ethhdr);
155                 skb_set_network_header(skb, nh_ofs);
156         } else {
157                 skb = retrieve_skb(ntohl(opo->buffer_id));
158                 if (!skb)
159                         return -ESRCH;
160         }
161
162         dp_set_origin(chain->dp, ntohs(opo->in_port), skb);
163
164         flow_extract(skb, ntohs(opo->in_port), &key);
165
166         v_code = validate_actions(chain->dp, &key, opo->actions, actions_len);
167         if (v_code != ACT_VALIDATION_OK) {
168                 dp_send_error_msg(chain->dp, sender, OFPET_BAD_ACTION, v_code,
169                                   msg, ntohs(opo->header.length));
170                 goto error;
171         }
172
173         execute_actions(chain->dp, skb, &key, opo->actions, actions_len, 1);
174
175         return 0;
176
177 error:
178         kfree_skb(skb);
179         return -EINVAL;
180 }
181
182 static int
183 recv_port_mod(struct sw_chain *chain, const struct sender *sender,
184               const void *msg)
185 {
186         const struct ofp_port_mod *opm = msg;
187
188         dp_update_port_flags(chain->dp, opm);
189
190         return 0;
191 }
192
193 static int
194 recv_echo_request(struct sw_chain *chain, const struct sender *sender,
195                   const void *msg) 
196 {
197         return dp_send_echo_reply(chain->dp, sender, msg);
198 }
199
200 static int
201 recv_echo_reply(struct sw_chain *chain, const struct sender *sender,
202                   const void *msg) 
203 {
204         return 0;
205 }
206
207 static int
208 add_flow(struct sw_chain *chain, const struct sender *sender, 
209                 const struct ofp_flow_mod *ofm)
210 {
211         int error = -ENOMEM;
212         uint16_t v_code;
213         struct sw_flow *flow;
214         size_t actions_len = ntohs(ofm->header.length) - sizeof *ofm;
215
216         /* Allocate memory. */
217         flow = flow_alloc(actions_len, GFP_ATOMIC);
218         if (flow == NULL)
219                 goto error;
220
221         flow_extract_match(&flow->key, &ofm->match);
222
223         v_code = validate_actions(chain->dp, &flow->key, ofm->actions, actions_len);
224         if (v_code != ACT_VALIDATION_OK) {
225                 dp_send_error_msg(chain->dp, sender, OFPET_BAD_ACTION, v_code,
226                                   ofm, ntohs(ofm->header.length));
227                 goto error;
228         }
229
230         /* Fill out flow. */
231         flow->priority = flow->key.wildcards ? ntohs(ofm->priority) : -1;
232         flow->idle_timeout = ntohs(ofm->idle_timeout);
233         flow->hard_timeout = ntohs(ofm->hard_timeout);
234         flow->used = jiffies;
235         flow->init_time = jiffies;
236         flow->byte_count = 0;
237         flow->packet_count = 0;
238         spin_lock_init(&flow->lock);
239         memcpy(flow->sf_acts->actions, ofm->actions, actions_len);
240
241         /* Act. */
242         error = chain_insert(chain, flow);
243         if (error)
244                 goto error_free_flow;
245         error = 0;
246         if (ntohl(ofm->buffer_id) != (uint32_t) -1) {
247                 struct sk_buff *skb = retrieve_skb(ntohl(ofm->buffer_id));
248                 if (skb) {
249                         struct sw_flow_key key;
250                         flow_used(flow, skb);
251                         dp_set_origin(chain->dp, ntohs(ofm->match.in_port), skb);
252                         flow_extract(skb, ntohs(ofm->match.in_port), &key);
253                         execute_actions(chain->dp, skb, &key, ofm->actions, actions_len, 0);
254                 }
255                 else
256                         error = -ESRCH;
257         }
258         return error;
259
260 error_free_flow:
261         flow_free(flow);
262 error:
263         if (ntohl(ofm->buffer_id) != (uint32_t) -1)
264                 discard_skb(ntohl(ofm->buffer_id));
265         return error;
266 }
267
268 static int
269 mod_flow(struct sw_chain *chain, const struct sender *sender,
270                 const struct ofp_flow_mod *ofm)
271 {
272         int error = -ENOMEM;
273         uint16_t v_code;
274         size_t actions_len;
275         struct sw_flow_key key;
276         uint16_t priority;
277         int strict;
278
279         flow_extract_match(&key, &ofm->match);
280
281         actions_len = ntohs(ofm->header.length) - sizeof *ofm;
282
283         v_code = validate_actions(chain->dp, &key, ofm->actions, actions_len);
284         if (v_code != ACT_VALIDATION_OK) {
285                 dp_send_error_msg(chain->dp, sender, OFPET_BAD_ACTION, v_code,
286                                   ofm, ntohs(ofm->header.length));
287                 goto error;
288         }
289
290         priority = key.wildcards ? ntohs(ofm->priority) : -1;
291         strict = (ofm->command == htons(OFPFC_MODIFY_STRICT)) ? 1 : 0;
292         chain_modify(chain, &key, priority, strict, ofm->actions, actions_len);
293
294         if (ntohl(ofm->buffer_id) != (uint32_t) -1) {
295                 struct sk_buff *skb = retrieve_skb(ntohl(ofm->buffer_id));
296                 if (skb) {
297                         struct sw_flow_key skb_key;
298                         flow_extract(skb, ntohs(ofm->match.in_port), &skb_key);
299                         execute_actions(chain->dp, skb, &skb_key, 
300                                         ofm->actions, actions_len, 0);
301                 }
302                 else
303                         error = -ESRCH;
304         }
305         return error;
306
307 error:
308         if (ntohl(ofm->buffer_id) != (uint32_t) -1)
309                 discard_skb(ntohl(ofm->buffer_id));
310         return error;
311 }
312
313 static int
314 recv_flow(struct sw_chain *chain, const struct sender *sender, const void *msg)
315 {
316         const struct ofp_flow_mod *ofm = msg;
317         uint16_t command = ntohs(ofm->command);
318
319         if (command == OFPFC_ADD) {
320                 return add_flow(chain, sender, ofm);
321         } else if ((command == OFPFC_MODIFY) || (command == OFPFC_MODIFY_STRICT)) {
322                 return mod_flow(chain, sender, ofm);
323         }  else if (command == OFPFC_DELETE) {
324                 struct sw_flow_key key;
325                 flow_extract_match(&key, &ofm->match);
326                 return chain_delete(chain, &key, 0, 0) ? 0 : -ESRCH;
327         } else if (command == OFPFC_DELETE_STRICT) {
328                 struct sw_flow_key key;
329                 uint16_t priority;
330                 flow_extract_match(&key, &ofm->match);
331                 priority = key.wildcards ? ntohs(ofm->priority) : -1;
332                 return chain_delete(chain, &key, priority, 1) ? 0 : -ESRCH;
333         } else {
334                 return -ENOTSUPP;
335         }
336 }
337
338 static int
339 recv_vendor(struct sw_chain *chain, const struct sender *sender, 
340                 const void *msg)
341 {
342         const struct ofp_vendor_header *ovh = msg;
343
344         switch(ntohl(ovh->vendor))
345         {
346         case NX_VENDOR_ID:
347                 return nx_recv_msg(chain, sender, msg);
348         default:
349                 if (net_ratelimit())
350                         printk("Uknown vendor: %#x\n", ntohl(ovh->vendor));
351                 dp_send_error_msg(chain->dp, sender, OFPET_BAD_REQUEST,
352                                   OFPBRC_BAD_VENDOR, msg, ovh->header.length);
353                 return -EINVAL;
354         }
355 }
356
357 /* 'msg', which is 'length' bytes long, was received across Netlink from
358  * 'sender'.  Apply it to 'chain'. */
359 int
360 fwd_control_input(struct sw_chain *chain, const struct sender *sender,
361                   const void *msg, size_t length)
362 {
363
364         struct openflow_packet {
365                 size_t min_size;
366                 int (*handler)(struct sw_chain *, const struct sender *,
367                                const void *);
368         };
369
370         static const struct openflow_packet packets[] = {
371                 [OFPT_HELLO] = {
372                         sizeof (struct ofp_header),
373                         recv_hello,
374                 },
375                 [OFPT_ECHO_REQUEST] = {
376                         sizeof (struct ofp_header),
377                         recv_echo_request,
378                 },
379                 [OFPT_ECHO_REPLY] = {
380                         sizeof (struct ofp_header),
381                         recv_echo_reply,
382                 },
383                 [OFPT_VENDOR] = {
384                         sizeof (struct ofp_vendor_header),
385                         recv_vendor,
386                 },
387                 [OFPT_FEATURES_REQUEST] = {
388                         sizeof (struct ofp_header),
389                         recv_features_request,
390                 },
391                 [OFPT_GET_CONFIG_REQUEST] = {
392                         sizeof (struct ofp_header),
393                         recv_get_config_request,
394                 },
395                 [OFPT_SET_CONFIG] = {
396                         sizeof (struct ofp_switch_config),
397                         recv_set_config,
398                 },
399                 [OFPT_PACKET_OUT] = {
400                         sizeof (struct ofp_packet_out),
401                         recv_packet_out,
402                 },
403                 [OFPT_FLOW_MOD] = {
404                         sizeof (struct ofp_flow_mod),
405                         recv_flow,
406                 },
407                 [OFPT_PORT_MOD] = {
408                         sizeof (struct ofp_port_mod),
409                         recv_port_mod,
410                 }
411         };
412
413         struct ofp_header *oh;
414
415         oh = (struct ofp_header *) msg;
416         if (oh->version != OFP_VERSION
417             && oh->type != OFPT_HELLO
418             && oh->type != OFPT_ERROR
419             && oh->type != OFPT_ECHO_REQUEST
420             && oh->type != OFPT_ECHO_REPLY
421             && oh->type != OFPT_VENDOR)
422         {
423                 dp_send_error_msg(chain->dp, sender, OFPET_BAD_REQUEST,
424                                   OFPBRC_BAD_VERSION, msg, length);
425                 return -EINVAL;
426         }
427         if (ntohs(oh->length) != length) {
428                 if (net_ratelimit())
429                         printk("received message length wrong: %d/%d\n", 
430                                 ntohs(oh->length), length);
431                 return -EINVAL;
432         }
433
434         if (oh->type < ARRAY_SIZE(packets)) {
435                 const struct openflow_packet *pkt = &packets[oh->type];
436                 if (pkt->handler) {
437                         if (length < pkt->min_size)
438                                 return -EFAULT;
439                         return pkt->handler(chain, sender, msg);
440                 }
441         }
442         dp_send_error_msg(chain->dp, sender, OFPET_BAD_REQUEST,
443                           OFPBRC_BAD_TYPE, msg, length);
444         return -EINVAL;
445 }
446
447 /* Packet buffering. */
448
449 #define OVERWRITE_SECS  1
450 #define OVERWRITE_JIFFIES (OVERWRITE_SECS * HZ)
451
452 struct packet_buffer {
453         struct sk_buff *skb;
454         uint32_t cookie;
455         unsigned long exp_jiffies;
456 };
457
458 static struct packet_buffer buffers[N_PKT_BUFFERS];
459 static unsigned int buffer_idx;
460 static DEFINE_SPINLOCK(buffer_lock);
461
462 uint32_t fwd_save_skb(struct sk_buff *skb)
463 {
464         struct sk_buff *old_skb = NULL;
465         struct packet_buffer *p;
466         unsigned long int flags;
467         uint32_t id;
468
469         spin_lock_irqsave(&buffer_lock, flags);
470         buffer_idx = (buffer_idx + 1) & PKT_BUFFER_MASK;
471         p = &buffers[buffer_idx];
472         if (p->skb) {
473                 /* Don't buffer packet if existing entry is less than
474                  * OVERWRITE_SECS old. */
475                 if (time_before(jiffies, p->exp_jiffies)) {
476                         spin_unlock_irqrestore(&buffer_lock, flags);
477                         return -1;
478                 } else {
479                         /* Defer kfree_skb() until interrupts re-enabled. */
480                         old_skb = p->skb;
481                 }
482         }
483         /* Don't use maximum cookie value since the all-bits-1 id is
484          * special. */
485         if (++p->cookie >= (1u << PKT_COOKIE_BITS) - 1)
486                 p->cookie = 0;
487         skb_get(skb);
488         p->skb = skb;
489         p->exp_jiffies = jiffies + OVERWRITE_JIFFIES;
490         id = buffer_idx | (p->cookie << PKT_BUFFER_BITS);
491         spin_unlock_irqrestore(&buffer_lock, flags);
492
493         if (old_skb)
494                 kfree_skb(old_skb);
495
496         return id;
497 }
498
499 static struct sk_buff *retrieve_skb(uint32_t id)
500 {
501         unsigned long int flags;
502         struct sk_buff *skb = NULL;
503         struct packet_buffer *p;
504
505         spin_lock_irqsave(&buffer_lock, flags);
506         p = &buffers[id & PKT_BUFFER_MASK];
507         if (p->cookie == id >> PKT_BUFFER_BITS) {
508                 skb = p->skb;
509                 p->skb = NULL;
510         } else {
511                 printk("cookie mismatch: %x != %x\n",
512                                 id >> PKT_BUFFER_BITS, p->cookie);
513         }
514         spin_unlock_irqrestore(&buffer_lock, flags);
515
516         return skb;
517 }
518
519 void fwd_discard_all(void) 
520 {
521         int i;
522
523         for (i = 0; i < N_PKT_BUFFERS; i++) {
524                 struct sk_buff *skb;
525                 unsigned long int flags;
526
527                 /* Defer kfree_skb() until interrupts re-enabled. */
528                 spin_lock_irqsave(&buffer_lock, flags);
529                 skb = buffers[i].skb;
530                 buffers[i].skb = NULL;
531                 spin_unlock_irqrestore(&buffer_lock, flags);
532
533                 kfree_skb(skb);
534         }
535 }
536
537 static void discard_skb(uint32_t id)
538 {
539         struct sk_buff *old_skb = NULL;
540         unsigned long int flags;
541         struct packet_buffer *p;
542
543         spin_lock_irqsave(&buffer_lock, flags);
544         p = &buffers[id & PKT_BUFFER_MASK];
545         if (p->cookie == id >> PKT_BUFFER_BITS) {
546                 /* Defer kfree_skb() until interrupts re-enabled. */
547                 old_skb = p->skb;
548                 p->skb = NULL;
549         }
550         spin_unlock_irqrestore(&buffer_lock, flags);
551
552         if (old_skb)
553                 kfree_skb(old_skb);
554 }
555
556 void fwd_exit(void)
557 {
558         fwd_discard_all();
559 }