* 02110-1301, USA
*/
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include "flow.h"
#include "datapath.h"
#include <linux/uaccess.h>
mask_allowed &= ~((1ULL << OVS_KEY_ATTR_IPV4)
| (1ULL << OVS_KEY_ATTR_IPV6)
| (1ULL << OVS_KEY_ATTR_TCP)
+ | (1ULL << OVS_KEY_ATTR_TCP_FLAGS)
| (1ULL << OVS_KEY_ATTR_UDP)
| (1ULL << OVS_KEY_ATTR_SCTP)
| (1ULL << OVS_KEY_ATTR_ICMP)
if (match->key->ip.proto == IPPROTO_TCP) {
key_expected |= 1ULL << OVS_KEY_ATTR_TCP;
- if (match->mask && (match->mask->key.ip.proto == 0xff))
+ key_expected |= 1ULL << OVS_KEY_ATTR_TCP_FLAGS;
+ if (match->mask && (match->mask->key.ip.proto == 0xff)) {
mask_allowed |= 1ULL << OVS_KEY_ATTR_TCP;
+ mask_allowed |= 1ULL << OVS_KEY_ATTR_TCP_FLAGS;
+ }
}
if (match->key->ip.proto == IPPROTO_ICMP) {
if (match->key->ip.proto == IPPROTO_TCP) {
key_expected |= 1ULL << OVS_KEY_ATTR_TCP;
- if (match->mask && (match->mask->key.ip.proto == 0xff))
+ key_expected |= 1ULL << OVS_KEY_ATTR_TCP_FLAGS;
+ if (match->mask && (match->mask->key.ip.proto == 0xff)) {
mask_allowed |= 1ULL << OVS_KEY_ATTR_TCP;
+ mask_allowed |= 1ULL << OVS_KEY_ATTR_TCP_FLAGS;
+ }
}
if (match->key->ip.proto == IPPROTO_ICMPV6) {
if ((key_attrs & key_expected) != key_expected) {
/* Key attributes check failed. */
OVS_NLERR("Missing expected key attributes (key_attrs=%llx, expected=%llx).\n",
- key_attrs, key_expected);
+ (unsigned long long)key_attrs, (unsigned long long)key_expected);
return false;
}
if ((mask_attrs & mask_allowed) != mask_attrs) {
/* Mask attributes check failed. */
OVS_NLERR("Contain more than allowed mask fields (mask_attrs=%llx, mask_allowed=%llx).\n",
- mask_attrs, mask_allowed);
+ (unsigned long long)mask_attrs, (unsigned long long)mask_allowed);
return false;
}
[OVS_KEY_ATTR_IPV4] = sizeof(struct ovs_key_ipv4),
[OVS_KEY_ATTR_IPV6] = sizeof(struct ovs_key_ipv6),
[OVS_KEY_ATTR_TCP] = sizeof(struct ovs_key_tcp),
+ [OVS_KEY_ATTR_TCP_FLAGS] = sizeof(__be16),
[OVS_KEY_ATTR_UDP] = sizeof(struct ovs_key_udp),
[OVS_KEY_ATTR_SCTP] = sizeof(struct ovs_key_sctp),
[OVS_KEY_ATTR_ICMP] = sizeof(struct ovs_key_icmp),
return true;
}
+static bool is_all_set(const u8 *fp, size_t size)
+{
+ int i;
+
+ if (!fp)
+ return false;
+
+ for (i = 0; i < size; i++)
+ if (fp[i] != 0xff)
+ return false;
+
+ return true;
+}
+
static int __parse_flow_nlattrs(const struct nlattr *attr,
const struct nlattr *a[],
u64 *attrsp, bool nz)
return 0;
}
-static int ovs_key_from_nlattrs(struct sw_flow_match *match, u64 attrs,
- const struct nlattr **a, bool is_mask)
+static int ovs_key_from_nlattrs(struct sw_flow_match *match, bool *exact_5tuple,
+ u64 attrs, const struct nlattr **a,
+ bool is_mask)
{
int err;
u64 orig_attrs = attrs;
SW_FLOW_KEY_PUT(match, eth.type, htons(ETH_P_802_2), is_mask);
}
+ if (is_mask && exact_5tuple) {
+ if (match->mask->key.eth.type != htons(0xffff))
+ *exact_5tuple = false;
+ }
+
if (attrs & (1ULL << OVS_KEY_ATTR_IPV4)) {
const struct ovs_key_ipv4 *ipv4_key;
SW_FLOW_KEY_PUT(match, ipv4.addr.dst,
ipv4_key->ipv4_dst, is_mask);
attrs &= ~(1ULL << OVS_KEY_ATTR_IPV4);
+
+ if (is_mask && exact_5tuple && *exact_5tuple) {
+ if (ipv4_key->ipv4_proto != 0xff ||
+ ipv4_key->ipv4_src != htonl(0xffffffff) ||
+ ipv4_key->ipv4_dst != htonl(0xffffffff))
+ *exact_5tuple = false;
+ }
}
if (attrs & (1ULL << OVS_KEY_ATTR_IPV6)) {
is_mask);
attrs &= ~(1ULL << OVS_KEY_ATTR_IPV6);
+
+ if (is_mask && exact_5tuple && *exact_5tuple) {
+ if (ipv6_key->ipv6_proto != 0xff ||
+ !is_all_set((const u8 *)ipv6_key->ipv6_src,
+ sizeof(match->key->ipv6.addr.src)) ||
+ !is_all_set((const u8 *)ipv6_key->ipv6_dst,
+ sizeof(match->key->ipv6.addr.dst)))
+ *exact_5tuple = false;
+ }
}
if (attrs & (1ULL << OVS_KEY_ATTR_ARP)) {
tcp_key->tcp_dst, is_mask);
}
attrs &= ~(1ULL << OVS_KEY_ATTR_TCP);
+
+ if (is_mask && exact_5tuple && *exact_5tuple &&
+ (tcp_key->tcp_src != htons(0xffff) ||
+ tcp_key->tcp_dst != htons(0xffff)))
+ *exact_5tuple = false;
+ }
+
+ if (attrs & (1ULL << OVS_KEY_ATTR_TCP_FLAGS)) {
+ if (orig_attrs & (1ULL << OVS_KEY_ATTR_IPV4)) {
+ SW_FLOW_KEY_PUT(match, ipv4.tp.flags,
+ nla_get_be16(a[OVS_KEY_ATTR_TCP_FLAGS]),
+ is_mask);
+ } else {
+ SW_FLOW_KEY_PUT(match, ipv6.tp.flags,
+ nla_get_be16(a[OVS_KEY_ATTR_TCP_FLAGS]),
+ is_mask);
+ }
+ attrs &= ~(1ULL << OVS_KEY_ATTR_TCP_FLAGS);
}
if (attrs & (1ULL << OVS_KEY_ATTR_UDP)) {
udp_key->udp_dst, is_mask);
}
attrs &= ~(1ULL << OVS_KEY_ATTR_UDP);
+
+ if (is_mask && exact_5tuple && *exact_5tuple &&
+ (udp_key->udp_src != htons(0xffff) ||
+ udp_key->udp_dst != htons(0xffff)))
+ *exact_5tuple = false;
}
if (attrs & (1ULL << OVS_KEY_ATTR_SCTP)) {
* attribute specifies the mask field of the wildcarded flow.
*/
int ovs_nla_get_match(struct sw_flow_match *match,
+ bool *exact_5tuple,
const struct nlattr *key,
const struct nlattr *mask)
{
}
}
- err = ovs_key_from_nlattrs(match, key_attrs, a, false);
+ err = ovs_key_from_nlattrs(match, NULL, key_attrs, a, false);
if (err)
return err;
+ if (exact_5tuple)
+ *exact_5tuple = true;
+
if (mask) {
err = parse_flow_mask_nlattrs(mask, a, &mask_attrs);
if (err)
}
}
- err = ovs_key_from_nlattrs(match, mask_attrs, a, true);
+ err = ovs_key_from_nlattrs(match, exact_5tuple, mask_attrs, a, true);
if (err)
return err;
} else {
if (swkey->eth.type == htons(ETH_P_IP)) {
tcp_key->tcp_src = output->ipv4.tp.src;
tcp_key->tcp_dst = output->ipv4.tp.dst;
+ if (nla_put_be16(skb, OVS_KEY_ATTR_TCP_FLAGS,
+ output->ipv4.tp.flags))
+ goto nla_put_failure;
} else if (swkey->eth.type == htons(ETH_P_IPV6)) {
tcp_key->tcp_src = output->ipv6.tp.src;
tcp_key->tcp_dst = output->ipv6.tp.dst;
+ if (nla_put_be16(skb, OVS_KEY_ATTR_TCP_FLAGS,
+ output->ipv6.tp.flags))
+ goto nla_put_failure;
}
} else if (swkey->ip.proto == IPPROTO_UDP) {
struct ovs_key_udp *udp_key;