- static const u32 action_lens[ODP_ACTION_ATTR_MAX + 1] = {
- [ODP_ACTION_ATTR_OUTPUT] = 4,
- [ODP_ACTION_ATTR_USERSPACE] = 8,
- [ODP_ACTION_ATTR_SET_DL_TCI] = 2,
- [ODP_ACTION_ATTR_STRIP_VLAN] = 0,
- [ODP_ACTION_ATTR_SET_DL_SRC] = ETH_ALEN,
- [ODP_ACTION_ATTR_SET_DL_DST] = ETH_ALEN,
- [ODP_ACTION_ATTR_SET_NW_SRC] = 4,
- [ODP_ACTION_ATTR_SET_NW_DST] = 4,
- [ODP_ACTION_ATTR_SET_NW_TOS] = 1,
- [ODP_ACTION_ATTR_SET_TP_SRC] = 2,
- [ODP_ACTION_ATTR_SET_TP_DST] = 2,
- [ODP_ACTION_ATTR_SET_TUNNEL] = 8,
- [ODP_ACTION_ATTR_SET_PRIORITY] = 4,
- [ODP_ACTION_ATTR_POP_PRIORITY] = 0,
+ int type = nla_type(a);
+ if (!type || type > OVS_SAMPLE_ATTR_MAX || attrs[type])
+ return -EINVAL;
+ attrs[type] = a;
+ }
+ if (rem)
+ return -EINVAL;
+
+ probability = attrs[OVS_SAMPLE_ATTR_PROBABILITY];
+ if (!probability || nla_len(probability) != sizeof(u32))
+ return -EINVAL;
+
+ actions = attrs[OVS_SAMPLE_ATTR_ACTIONS];
+ if (!actions || (nla_len(actions) && nla_len(actions) < NLA_HDRLEN))
+ return -EINVAL;
+ return validate_actions(actions, key, depth + 1);
+}
+
+static int validate_action_key(const struct nlattr *a,
+ const struct sw_flow_key *flow_key)
+{
+ int act_type = nla_type(a);
+ const struct nlattr *ovs_key = nla_data(a);
+ int key_type = nla_type(ovs_key);
+
+ /* There can be only one key in a action */
+ if (nla_total_size(nla_len(ovs_key)) != nla_len(a))
+ return -EINVAL;
+
+ if (key_type > OVS_KEY_ATTR_MAX ||
+ nla_len(ovs_key) != ovs_key_lens[key_type])
+ return -EINVAL;
+
+#define ACTION(act, key) (((act) << 8) | (key))
+
+ switch (ACTION(act_type, key_type)) {
+ const struct ovs_key_ipv4 *ipv4_key;
+ const struct ovs_key_8021q *q_key;
+
+ case ACTION(OVS_ACTION_ATTR_SET, OVS_KEY_ATTR_PRIORITY):
+ case ACTION(OVS_ACTION_ATTR_SET, OVS_KEY_ATTR_TUN_ID):
+ case ACTION(OVS_ACTION_ATTR_SET, OVS_KEY_ATTR_ETHERNET):
+ break;
+
+ case ACTION(OVS_ACTION_ATTR_PUSH, OVS_KEY_ATTR_8021Q):
+ q_key = nla_data(ovs_key);
+ if (q_key->q_tpid != htons(ETH_P_8021Q))
+ return -EINVAL;
+
+ if (q_key->q_tci & htons(VLAN_TAG_PRESENT))
+ return -EINVAL;
+ break;
+
+ case ACTION(OVS_ACTION_ATTR_SET, OVS_KEY_ATTR_IPV4):
+ if (flow_key->eth.type != htons(ETH_P_IP))
+ return -EINVAL;
+
+ if (!flow_key->ipv4.addr.src || !flow_key->ipv4.addr.dst)
+ return -EINVAL;
+
+ ipv4_key = nla_data(ovs_key);
+ if (ipv4_key->ipv4_proto != flow_key->ip.proto)
+ return -EINVAL;
+
+ if (ipv4_key->ipv4_tos & INET_ECN_MASK)
+ return -EINVAL;
+
+ if (ipv4_key->ipv4_frag !=
+ (flow_key->ip.tos_frag & OVS_FRAG_TYPE_MASK))
+ return -EINVAL;
+
+ break;
+
+ case ACTION(OVS_ACTION_ATTR_SET, OVS_KEY_ATTR_TCP):
+ if (flow_key->ip.proto != IPPROTO_TCP)
+ return -EINVAL;
+
+ if (!flow_key->ipv4.tp.src || !flow_key->ipv4.tp.dst)
+ return -EINVAL;
+
+ break;
+
+ case ACTION(OVS_ACTION_ATTR_SET, OVS_KEY_ATTR_UDP):
+ if (flow_key->ip.proto != IPPROTO_UDP)
+ return -EINVAL;
+
+ if (!flow_key->ipv4.tp.src || !flow_key->ipv4.tp.dst)
+ return -EINVAL;
+ break;
+
+ default:
+ return -EINVAL;
+ }
+#undef ACTION
+ return 0;
+}
+
+static int validate_userspace(const struct nlattr *attr)
+{
+ static const struct nla_policy userspace_policy[OVS_USERSPACE_ATTR_MAX + 1] = {
+ [OVS_USERSPACE_ATTR_PID] = {.type = NLA_U32 },
+ [OVS_USERSPACE_ATTR_USERDATA] = {.type = NLA_U64 },
+ };
+ struct nlattr *a[OVS_USERSPACE_ATTR_MAX + 1];
+ int error;
+
+ error = nla_parse_nested(a, OVS_USERSPACE_ATTR_MAX,
+ attr, userspace_policy);
+ if (error)
+ return error;
+
+ if (!a[OVS_USERSPACE_ATTR_PID] ||
+ !nla_get_u32(a[OVS_USERSPACE_ATTR_PID]))
+ return -EINVAL;
+
+ return 0;
+}
+
+static int validate_actions(const struct nlattr *attr,
+ const struct sw_flow_key *key, int depth)
+{
+ const struct nlattr *a;
+ int rem, err;
+
+ if (depth >= SAMPLE_ACTION_DEPTH)
+ return -EOVERFLOW;
+
+ nla_for_each_nested(a, attr, rem) {
+ /* Expected argument lengths, (u32)-1 for variable length. */
+ static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = {
+ [OVS_ACTION_ATTR_OUTPUT] = 4,
+ [OVS_ACTION_ATTR_USERSPACE] = (u32)-1,
+ [OVS_ACTION_ATTR_PUSH] = (u32)-1,
+ [OVS_ACTION_ATTR_POP] = 2,
+ [OVS_ACTION_ATTR_SET] = (u32)-1,
+ [OVS_ACTION_ATTR_SAMPLE] = (u32)-1