X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=datapath%2Fforward.c;h=33b3a5e23896394d245839bb6a102db403f2860e;hb=304ff22391e84f100b5d9190cfe9b9a987f1b29c;hp=a154393c044db339da71b27f2ce707e09435dd68;hpb=1558120be789c9c133533aaddfbe528de0bb729c;p=sliver-openvswitch.git diff --git a/datapath/forward.c b/datapath/forward.c index a154393c0..33b3a5e23 100644 --- a/datapath/forward.c +++ b/datapath/forward.c @@ -4,288 +4,136 @@ * Stanford Junior University */ +#include +#include #include #include -#include -#include -#include -#include -#include #include #include -#include #include "forward.h" #include "datapath.h" +#include "openflow/nicira-ext.h" +#include "dp_act.h" +#include "nx_msg.h" #include "chain.h" #include "flow.h" /* FIXME: do we need to use GFP_ATOMIC everywhere here? */ -static void execute_actions(struct datapath *, struct sk_buff *, - const struct sw_flow_key *, - const struct ofp_action *, int n_actions); -static int make_writable(struct sk_buff **); static struct sk_buff *retrieve_skb(uint32_t id); static void discard_skb(uint32_t id); -/* 'skb' was received on 'in_port', a physical switch port between 0 and - * OFPP_MAX. Process it according to 'chain'. */ -void fwd_port_input(struct sw_chain *chain, struct sk_buff *skb, int in_port) +/* 'skb' was received on port 'p', which may be a physical switch port, the + * local port, or a null pointer. Process it according to 'chain'. Returns 0 + * if successful, in which case 'skb' is destroyed, or -ESRCH if there is no + * matching flow, in which case 'skb' still belongs to the caller. */ +int run_flow_through_tables(struct sw_chain *chain, struct sk_buff *skb, + struct net_bridge_port *p) { + /* Ethernet address used as the destination for STP frames. */ + static const uint8_t stp_eth_addr[ETH_ALEN] + = { 0x01, 0x80, 0xC2, 0x00, 0x00, 0x01 }; struct sw_flow_key key; struct sw_flow *flow; - flow_extract(skb, in_port, &key); + if (flow_extract(skb, p ? p->port_no : OFPP_NONE, &key) + && (chain->dp->flags & OFPC_FRAG_MASK) == OFPC_FRAG_DROP) { + /* Drop fragment. */ + kfree_skb(skb); + return 0; + } + if (p && p->config & (OFPPC_NO_RECV | OFPPC_NO_RECV_STP) && + p->config & (compare_ether_addr(key.dl_dst, stp_eth_addr) + ? OFPPC_NO_RECV : OFPPC_NO_RECV_STP)) { + kfree_skb(skb); + return 0; + } + flow = chain_lookup(chain, &key); if (likely(flow != NULL)) { + struct sw_flow_actions *sf_acts = rcu_dereference(flow->sf_acts); flow_used(flow, skb); execute_actions(chain->dp, skb, &key, - flow->actions, flow->n_actions); + sf_acts->actions, sf_acts->actions_len, 0); + return 0; } else { - dp_output_control(chain->dp, skb, fwd_save_skb(skb), - chain->dp->miss_send_len, OFPR_NO_MATCH); + return -ESRCH; } } -static int do_output(struct datapath *dp, struct sk_buff *skb, size_t max_len, - int out_port) -{ - if (!skb) - return -ENOMEM; - return (likely(out_port != OFPP_CONTROLLER) - ? dp_output_port(dp, skb, out_port) - : dp_output_control(dp, skb, fwd_save_skb(skb), - max_len, OFPR_ACTION)); -} - -static void execute_actions(struct datapath *dp, struct sk_buff *skb, - const struct sw_flow_key *key, - const struct ofp_action *actions, int n_actions) +/* 'skb' was received on port 'p', which may be a physical switch port, the + * local port, or a null pointer. Process it according to 'chain', sending it + * up to the controller if no flow matches. Takes ownership of 'skb'. */ +void fwd_port_input(struct sw_chain *chain, struct sk_buff *skb, + struct net_bridge_port *p) { - /* Every output action needs a separate clone of 'skb', but the common - * case is just a single output action, so that doing a clone and - * then freeing the original skbuff is wasteful. So the following code - * is slightly obscure just to avoid that. */ - int prev_port; - size_t max_len=0; /* Initialze to make compiler happy */ - uint16_t eth_proto; - int i; - - prev_port = -1; - eth_proto = ntohs(key->dl_type); - - for (i = 0; i < n_actions; i++) { - const struct ofp_action *a = &actions[i]; - - if (prev_port != -1) { - do_output(dp, skb_clone(skb, GFP_ATOMIC), - max_len, prev_port); - prev_port = -1; - } - - if (likely(a->type == htons(OFPAT_OUTPUT))) { - prev_port = ntohs(a->arg.output.port); - max_len = ntohs(a->arg.output.max_len); - } else { - if (!make_writable(&skb)) { - printk("make_writable failed\n"); - break; - } - skb = execute_setter(skb, eth_proto, key, a); - } - } - if (prev_port != -1) - do_output(dp, skb, max_len, prev_port); - else - kfree_skb(skb); -} - -/* Updates 'sum', which is a field in 'skb''s data, given that a 4-byte field - * covered by the sum has been changed from 'from' to 'to'. If set, - * 'pseudohdr' indicates that the field is in the TCP or UDP pseudo-header. - * Based on nf_proto_csum_replace4. */ -static void update_csum(__sum16 *sum, struct sk_buff *skb, - __be32 from, __be32 to, int pseudohdr) -{ - __be32 diff[] = { ~from, to }; - if (skb->ip_summed != CHECKSUM_PARTIAL) { - *sum = csum_fold(csum_partial((char *)diff, sizeof(diff), - ~csum_unfold(*sum))); - if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr) - skb->csum = ~csum_partial((char *)diff, sizeof(diff), - ~skb->csum); - } else if (pseudohdr) - *sum = ~csum_fold(csum_partial((char *)diff, sizeof(diff), - csum_unfold(*sum))); + WARN_ON_ONCE(skb_shared(skb)); + WARN_ON_ONCE(skb->destructor); + if (run_flow_through_tables(chain, skb, p)) + dp_output_control(chain->dp, skb, fwd_save_skb(skb), + chain->dp->miss_send_len, + OFPR_NO_MATCH); } -static void modify_nh(struct sk_buff *skb, uint16_t eth_proto, - uint8_t nw_proto, const struct ofp_action *a) +static int +recv_hello(struct sw_chain *chain, const struct sender *sender, + const void *msg) { - if (eth_proto == ETH_P_IP) { - struct iphdr *nh = ip_hdr(skb); - uint32_t new, *field; - - new = a->arg.nw_addr; - - if (a->type == htons(OFPAT_SET_NW_SRC)) - field = &nh->saddr; - else - field = &nh->daddr; - - if (nw_proto == IPPROTO_TCP) { - struct tcphdr *th = tcp_hdr(skb); - update_csum(&th->check, skb, *field, new, 1); - } else if (nw_proto == IPPROTO_UDP) { - struct udphdr *th = udp_hdr(skb); - update_csum(&th->check, skb, *field, new, 1); - } - update_csum(&nh->check, skb, *field, new, 0); - *field = new; - } + return dp_send_hello(chain->dp, sender, msg); } -static void modify_th(struct sk_buff *skb, uint16_t eth_proto, - uint8_t nw_proto, const struct ofp_action *a) -{ - if (eth_proto == ETH_P_IP) { - uint16_t new, *field; - - new = a->arg.tp; - - if (nw_proto == IPPROTO_TCP) { - struct tcphdr *th = tcp_hdr(skb); - - if (a->type == htons(OFPAT_SET_TP_SRC)) - field = &th->source; - else - field = &th->dest; - - update_csum(&th->check, skb, *field, new, 1); - *field = new; - } else if (nw_proto == IPPROTO_UDP) { - struct udphdr *th = udp_hdr(skb); - - if (a->type == htons(OFPAT_SET_TP_SRC)) - field = &th->source; - else - field = &th->dest; - - update_csum(&th->check, skb, *field, new, 1); - *field = new; - } - } -} - -static struct sk_buff *vlan_pull_tag(struct sk_buff *skb) -{ - struct vlan_ethhdr *vh = vlan_eth_hdr(skb); - struct ethhdr *eh; - - - /* Verify we were given a vlan packet */ - if (vh->h_vlan_proto != htons(ETH_P_8021Q)) - return skb; - - memmove(skb->data + VLAN_HLEN, skb->data, 2 * VLAN_ETH_ALEN); - - eh = (struct ethhdr *)skb_pull(skb, VLAN_HLEN); - - skb->protocol = eh->h_proto; - skb->mac_header += VLAN_HLEN; - - return skb; -} - -static struct sk_buff *modify_vlan(struct sk_buff *skb, - const struct sw_flow_key *key, const struct ofp_action *a) +static int +recv_features_request(struct sw_chain *chain, const struct sender *sender, + const void *msg) { - uint16_t new_id = a->arg.vlan_id; - - if (new_id != OFP_VLAN_NONE) { - if (key->dl_vlan != htons(OFP_VLAN_NONE)) { - /* Modify vlan id, but maintain other TCI values */ - struct vlan_ethhdr *vh = vlan_eth_hdr(skb); - vh->h_vlan_TCI = (vh->h_vlan_TCI - & ~(htons(VLAN_VID_MASK))) | htons(new_id); - } else { - /* Add vlan header */ - skb = vlan_put_tag(skb, new_id); - } - } else { - /* Remove an existing vlan header if it exists */ - vlan_pull_tag(skb); - } - - return skb; + return dp_send_features_reply(chain->dp, sender); } -struct sk_buff *execute_setter(struct sk_buff *skb, uint16_t eth_proto, - const struct sw_flow_key *key, const struct ofp_action *a) +static int +recv_get_config_request(struct sw_chain *chain, const struct sender *sender, + const void *msg) { - switch (ntohs(a->type)) { - case OFPAT_SET_DL_VLAN: - skb = modify_vlan(skb, key, a); - break; - - case OFPAT_SET_DL_SRC: { - struct ethhdr *eh = eth_hdr(skb); - memcpy(eh->h_source, a->arg.dl_addr, sizeof eh->h_source); - break; - } - case OFPAT_SET_DL_DST: { - struct ethhdr *eh = eth_hdr(skb); - memcpy(eh->h_dest, a->arg.dl_addr, sizeof eh->h_dest); - break; - } - - case OFPAT_SET_NW_SRC: - case OFPAT_SET_NW_DST: - modify_nh(skb, eth_proto, key->nw_proto, a); - break; - - case OFPAT_SET_TP_SRC: - case OFPAT_SET_TP_DST: - modify_th(skb, eth_proto, key->nw_proto, a); - break; - - default: - if (net_ratelimit()) - printk("execute_setter: unknown action: %d\n", ntohs(a->type)); - } - - return skb; + return dp_send_config_reply(chain->dp, sender); } static int -recv_control_hello(struct sw_chain *chain, const void *msg) +recv_set_config(struct sw_chain *chain, const struct sender *sender, + const void *msg) { - const struct ofp_control_hello *och = msg; - - printk("control_hello(version=%d)\n", ntohl(och->version)); + const struct ofp_switch_config *osc = msg; + int flags; - if (ntohs(och->miss_send_len) != OFP_MISS_SEND_LEN_UNCHANGED) { - chain->dp->miss_send_len = ntohs(och->miss_send_len); + flags = ntohs(osc->flags) & (OFPC_SEND_FLOW_EXP | OFPC_FRAG_MASK); + if ((flags & OFPC_FRAG_MASK) != OFPC_FRAG_NORMAL + && (flags & OFPC_FRAG_MASK) != OFPC_FRAG_DROP) { + flags = (flags & ~OFPC_FRAG_MASK) | OFPC_FRAG_DROP; } + chain->dp->flags = flags; - chain->dp->hello_flags = ntohs(och->flags); - - dp_send_hello(chain->dp); + chain->dp->miss_send_len = ntohs(osc->miss_send_len); return 0; } static int -recv_packet_out(struct sw_chain *chain, const void *msg) +recv_packet_out(struct sw_chain *chain, const struct sender *sender, + const void *msg) { const struct ofp_packet_out *opo = msg; struct sk_buff *skb; - struct vlan_ethhdr *mac; - int nh_ofs; + uint16_t v_code; + struct sw_flow_key key; + size_t actions_len = ntohs(opo->actions_len); + + if (actions_len > (ntohs(opo->header.length) - sizeof *opo)) { + if (net_ratelimit()) + printk("message too short for number of actions\n"); + return -EINVAL; + } if (ntohl(opo->buffer_id) == (uint32_t) -1) { - int data_len = ntohs(opo->header.length) - sizeof *opo; + int data_len = ntohs(opo->header.length) - sizeof *opo - actions_len; /* FIXME: there is likely a way to reuse the data in msg. */ skb = alloc_skb(data_len, GFP_ATOMIC); @@ -295,81 +143,103 @@ recv_packet_out(struct sw_chain *chain, const void *msg) /* FIXME? We don't reserve NET_IP_ALIGN or NET_SKB_PAD since * we're just transmitting this raw without examining anything * at those layers. */ - memcpy(skb_put(skb, data_len), opo->u.data, data_len); - dp_set_origin(chain->dp, ntohs(opo->in_port), skb); - - skb_set_mac_header(skb, 0); - mac = vlan_eth_hdr(skb); - if (likely(mac->h_vlan_proto != htons(ETH_P_8021Q))) - nh_ofs = sizeof(struct ethhdr); - else - nh_ofs = sizeof(struct vlan_ethhdr); - skb_set_network_header(skb, nh_ofs); - - dp_output_port(chain->dp, skb, ntohs(opo->out_port)); + skb_put(skb, data_len); + skb_copy_to_linear_data(skb, + (uint8_t *)opo->actions + actions_len, + data_len); + skb_reset_mac_header(skb); } else { - struct sw_flow_key key; - int n_acts; - skb = retrieve_skb(ntohl(opo->buffer_id)); if (!skb) return -ESRCH; - dp_set_origin(chain->dp, ntohs(opo->in_port), skb); + } + + dp_set_origin(chain->dp, ntohs(opo->in_port), skb); - n_acts = (ntohs(opo->header.length) - sizeof *opo) - / sizeof *opo->u.actions; - flow_extract(skb, ntohs(opo->in_port), &key); - execute_actions(chain->dp, skb, &key, opo->u.actions, n_acts); + flow_extract(skb, ntohs(opo->in_port), &key); + + v_code = validate_actions(chain->dp, &key, opo->actions, actions_len); + if (v_code != ACT_VALIDATION_OK) { + dp_send_error_msg(chain->dp, sender, OFPET_BAD_ACTION, v_code, + msg, ntohs(opo->header.length)); + goto error; } + + execute_actions(chain->dp, skb, &key, opo->actions, actions_len, 1); + return 0; + +error: + kfree_skb(skb); + return -EINVAL; } static int -recv_port_mod(struct sw_chain *chain, const void *msg) +recv_port_mod(struct sw_chain *chain, const struct sender *sender, + const void *msg) { const struct ofp_port_mod *opm = msg; - dp_update_port_flags(chain->dp, &opm->desc); + dp_update_port_flags(chain->dp, opm); return 0; } static int -add_flow(struct sw_chain *chain, const struct ofp_flow_mod *ofm) +recv_echo_request(struct sw_chain *chain, const struct sender *sender, + const void *msg) { - int error = -ENOMEM; - int n_acts; - struct sw_flow *flow; + return dp_send_echo_reply(chain->dp, sender, msg); +} +static int +recv_echo_reply(struct sw_chain *chain, const struct sender *sender, + const void *msg) +{ + return 0; +} - /* Check number of actions. */ - n_acts = (ntohs(ofm->header.length) - sizeof *ofm) / sizeof *ofm->actions; - if (n_acts > MAX_ACTIONS) { - error = -E2BIG; - goto error; - } +static int +add_flow(struct sw_chain *chain, const struct sender *sender, + const struct ofp_flow_mod *ofm) +{ + int error = -ENOMEM; + uint16_t v_code; + struct sw_flow *flow; + size_t actions_len = ntohs(ofm->header.length) - sizeof *ofm; /* Allocate memory. */ - flow = flow_alloc(n_acts, GFP_ATOMIC); + flow = flow_alloc(actions_len, GFP_ATOMIC); if (flow == NULL) goto error; - /* Fill out flow. */ flow_extract_match(&flow->key, &ofm->match); - flow->group_id = ntohl(ofm->group_id); - flow->max_idle = ntohs(ofm->max_idle); - flow->timeout = jiffies + flow->max_idle * HZ; - flow->n_actions = n_acts; + + v_code = validate_actions(chain->dp, &flow->key, ofm->actions, actions_len); + if (v_code != ACT_VALIDATION_OK) { + dp_send_error_msg(chain->dp, sender, OFPET_BAD_ACTION, v_code, + ofm, ntohs(ofm->header.length)); + goto error_free_flow; + } + + /* Fill out flow. */ + flow->priority = flow->key.wildcards ? ntohs(ofm->priority) : -1; + flow->idle_timeout = ntohs(ofm->idle_timeout); + flow->hard_timeout = ntohs(ofm->hard_timeout); + flow->used = jiffies; flow->init_time = jiffies; flow->byte_count = 0; flow->packet_count = 0; - atomic_set(&flow->deleted, 0); spin_lock_init(&flow->lock); - memcpy(flow->actions, ofm->actions, n_acts * sizeof *flow->actions); + memcpy(flow->sf_acts->actions, ofm->actions, actions_len); /* Act. */ error = chain_insert(chain, flow); - if (error) + if (error == -ENOBUFS) { + dp_send_error_msg(chain->dp, sender, OFPET_FLOW_MOD_FAILED, + OFPFMFC_ALL_TABLES_FULL, ofm, ntohs(ofm->header.length)); + goto error_free_flow; + } else if (error) goto error_free_flow; error = 0; if (ntohl(ofm->buffer_id) != (uint32_t) -1) { @@ -377,9 +247,9 @@ add_flow(struct sw_chain *chain, const struct ofp_flow_mod *ofm) if (skb) { struct sw_flow_key key; flow_used(flow, skb); + dp_set_origin(chain->dp, ntohs(ofm->match.in_port), skb); flow_extract(skb, ntohs(ofm->match.in_port), &key); - execute_actions(chain->dp, skb, &key, - ofm->actions, n_acts); + execute_actions(chain->dp, skb, &key, ofm->actions, actions_len, 0); } else error = -ESRCH; @@ -395,41 +265,135 @@ error: } static int -recv_flow(struct sw_chain *chain, const void *msg) +mod_flow(struct sw_chain *chain, const struct sender *sender, + const struct ofp_flow_mod *ofm) +{ + int error = -ENOMEM; + uint16_t v_code; + size_t actions_len; + struct sw_flow_key key; + uint16_t priority; + int strict; + + flow_extract_match(&key, &ofm->match); + + actions_len = ntohs(ofm->header.length) - sizeof *ofm; + + v_code = validate_actions(chain->dp, &key, ofm->actions, actions_len); + if (v_code != ACT_VALIDATION_OK) { + dp_send_error_msg(chain->dp, sender, OFPET_BAD_ACTION, v_code, + ofm, ntohs(ofm->header.length)); + goto error; + } + + priority = key.wildcards ? ntohs(ofm->priority) : -1; + strict = (ofm->command == htons(OFPFC_MODIFY_STRICT)) ? 1 : 0; + chain_modify(chain, &key, priority, strict, ofm->actions, actions_len); + + if (ntohl(ofm->buffer_id) != (uint32_t) -1) { + struct sk_buff *skb = retrieve_skb(ntohl(ofm->buffer_id)); + if (skb) { + struct sw_flow_key skb_key; + flow_extract(skb, ntohs(ofm->match.in_port), &skb_key); + execute_actions(chain->dp, skb, &skb_key, + ofm->actions, actions_len, 0); + } + else + error = -ESRCH; + } + return error; + +error: + if (ntohl(ofm->buffer_id) != (uint32_t) -1) + discard_skb(ntohl(ofm->buffer_id)); + return error; +} + +static int +recv_flow(struct sw_chain *chain, const struct sender *sender, const void *msg) { const struct ofp_flow_mod *ofm = msg; uint16_t command = ntohs(ofm->command); if (command == OFPFC_ADD) { - return add_flow(chain, ofm); + return add_flow(chain, sender, ofm); + } else if ((command == OFPFC_MODIFY) || (command == OFPFC_MODIFY_STRICT)) { + return mod_flow(chain, sender, ofm); } else if (command == OFPFC_DELETE) { struct sw_flow_key key; flow_extract_match(&key, &ofm->match); - return chain_delete(chain, &key, 0) ? 0 : -ESRCH; + return chain_delete(chain, &key, 0, 0) ? 0 : -ESRCH; } else if (command == OFPFC_DELETE_STRICT) { struct sw_flow_key key; + uint16_t priority; flow_extract_match(&key, &ofm->match); - return chain_delete(chain, &key, 1) ? 0 : -ESRCH; + priority = key.wildcards ? ntohs(ofm->priority) : -1; + return chain_delete(chain, &key, priority, 1) ? 0 : -ESRCH; } else { return -ENOTSUPP; } } -/* 'msg', which is 'length' bytes long, was received from the control path. - * Apply it to 'chain'. */ +static int +recv_vendor(struct sw_chain *chain, const struct sender *sender, + const void *msg) +{ + const struct ofp_vendor_header *ovh = msg; + + switch(ntohl(ovh->vendor)) + { + case NX_VENDOR_ID: + return nx_recv_msg(chain, sender, msg); + default: + if (net_ratelimit()) + printk("Uknown vendor: %#x\n", ntohl(ovh->vendor)); + dp_send_error_msg(chain->dp, sender, OFPET_BAD_REQUEST, + OFPBRC_BAD_VENDOR, msg, ntohs(ovh->header.length)); + return -EINVAL; + } +} + +/* 'msg', which is 'length' bytes long, was received across Netlink from + * 'sender'. Apply it to 'chain'. */ int -fwd_control_input(struct sw_chain *chain, const void *msg, size_t length) +fwd_control_input(struct sw_chain *chain, const struct sender *sender, + const void *msg, size_t length) { struct openflow_packet { size_t min_size; - int (*handler)(struct sw_chain *, const void *); + int (*handler)(struct sw_chain *, const struct sender *, + const void *); }; static const struct openflow_packet packets[] = { - [OFPT_CONTROL_HELLO] = { - sizeof (struct ofp_control_hello), - recv_control_hello, + [OFPT_HELLO] = { + sizeof (struct ofp_header), + recv_hello, + }, + [OFPT_ECHO_REQUEST] = { + sizeof (struct ofp_header), + recv_echo_request, + }, + [OFPT_ECHO_REPLY] = { + sizeof (struct ofp_header), + recv_echo_reply, + }, + [OFPT_VENDOR] = { + sizeof (struct ofp_vendor_header), + recv_vendor, + }, + [OFPT_FEATURES_REQUEST] = { + sizeof (struct ofp_header), + recv_features_request, + }, + [OFPT_GET_CONFIG_REQUEST] = { + sizeof (struct ofp_header), + recv_get_config_request, + }, + [OFPT_SET_CONFIG] = { + sizeof (struct ofp_switch_config), + recv_set_config, }, [OFPT_PACKET_OUT] = { sizeof (struct ofp_packet_out), @@ -442,27 +406,41 @@ fwd_control_input(struct sw_chain *chain, const void *msg, size_t length) [OFPT_PORT_MOD] = { sizeof (struct ofp_port_mod), recv_port_mod, - }, + } }; - const struct openflow_packet *pkt; struct ofp_header *oh; - if (length < sizeof(struct ofp_header)) - return -EINVAL; - oh = (struct ofp_header *) msg; - if (oh->version != 1 || oh->type >= ARRAY_SIZE(packets) - || ntohs(oh->length) > length) + if (oh->version != OFP_VERSION + && oh->type != OFPT_HELLO + && oh->type != OFPT_ERROR + && oh->type != OFPT_ECHO_REQUEST + && oh->type != OFPT_ECHO_REPLY + && oh->type != OFPT_VENDOR) + { + dp_send_error_msg(chain->dp, sender, OFPET_BAD_REQUEST, + OFPBRC_BAD_VERSION, msg, length); return -EINVAL; + } + if (ntohs(oh->length) != length) { + if (net_ratelimit()) + printk("received message length wrong: %d/%d\n", + ntohs(oh->length), length); + return -EINVAL; + } - pkt = &packets[oh->type]; - if (!pkt->handler) - return -ENOSYS; - if (length < pkt->min_size) - return -EFAULT; - - return pkt->handler(chain, msg); + if (oh->type < ARRAY_SIZE(packets)) { + const struct openflow_packet *pkt = &packets[oh->type]; + if (pkt->handler) { + if (length < pkt->min_size) + return -EFAULT; + return pkt->handler(chain, sender, msg); + } + } + dp_send_error_msg(chain->dp, sender, OFPET_BAD_REQUEST, + OFPBRC_BAD_TYPE, msg, length); + return -EINVAL; } /* Packet buffering. */ @@ -482,10 +460,16 @@ static DEFINE_SPINLOCK(buffer_lock); uint32_t fwd_save_skb(struct sk_buff *skb) { + struct sk_buff *old_skb = NULL; struct packet_buffer *p; unsigned long int flags; uint32_t id; + /* FIXME: Probably just need a skb_clone() here. */ + skb = skb_copy(skb, GFP_ATOMIC); + if (!skb) + return -1; + spin_lock_irqsave(&buffer_lock, flags); buffer_idx = (buffer_idx + 1) & PKT_BUFFER_MASK; p = &buffers[buffer_idx]; @@ -494,20 +478,28 @@ uint32_t fwd_save_skb(struct sk_buff *skb) * OVERWRITE_SECS old. */ if (time_before(jiffies, p->exp_jiffies)) { spin_unlock_irqrestore(&buffer_lock, flags); + kfree_skb(skb); return -1; - } else - kfree_skb(p->skb); + } else { + /* Defer kfree_skb() until interrupts re-enabled. + * FIXME: we only need to do that if it has a + * destructor, but it never should since we orphan + * sk_buffs on entry. */ + old_skb = p->skb; + } } /* Don't use maximum cookie value since the all-bits-1 id is * special. */ if (++p->cookie >= (1u << PKT_COOKIE_BITS) - 1) p->cookie = 0; - skb_get(skb); p->skb = skb; p->exp_jiffies = jiffies + OVERWRITE_JIFFIES; id = buffer_idx | (p->cookie << PKT_BUFFER_BITS); spin_unlock_irqrestore(&buffer_lock, flags); + if (old_skb) + kfree_skb(old_skb); + return id; } @@ -531,56 +523,44 @@ static struct sk_buff *retrieve_skb(uint32_t id) return skb; } +void fwd_discard_all(void) +{ + int i; + + for (i = 0; i < N_PKT_BUFFERS; i++) { + struct sk_buff *skb; + unsigned long int flags; + + /* Defer kfree_skb() until interrupts re-enabled. */ + spin_lock_irqsave(&buffer_lock, flags); + skb = buffers[i].skb; + buffers[i].skb = NULL; + spin_unlock_irqrestore(&buffer_lock, flags); + + kfree_skb(skb); + } +} + static void discard_skb(uint32_t id) { + struct sk_buff *old_skb = NULL; unsigned long int flags; struct packet_buffer *p; spin_lock_irqsave(&buffer_lock, flags); p = &buffers[id & PKT_BUFFER_MASK]; if (p->cookie == id >> PKT_BUFFER_BITS) { - kfree_skb(p->skb); + /* Defer kfree_skb() until interrupts re-enabled. */ + old_skb = p->skb; p->skb = NULL; } spin_unlock_irqrestore(&buffer_lock, flags); -} -void fwd_exit(void) -{ - int i; - - for (i = 0; i < N_PKT_BUFFERS; i++) - kfree_skb(buffers[i].skb); + if (old_skb) + kfree_skb(old_skb); } -/* Utility functions. */ - -/* Makes '*pskb' writable, possibly copying it and setting '*pskb' to point to - * the copy. - * Returns 1 if successful, 0 on failure. */ -static int -make_writable(struct sk_buff **pskb) +void fwd_exit(void) { - /* Based on skb_make_writable() in net/netfilter/core.c. */ - struct sk_buff *nskb; - - /* Not exclusive use of packet? Must copy. */ - if (skb_shared(*pskb) || skb_cloned(*pskb)) - goto copy_skb; - - return pskb_may_pull(*pskb, 64); /* FIXME? */ - -copy_skb: - nskb = skb_copy(*pskb, GFP_ATOMIC); - if (!nskb) - return 0; - BUG_ON(skb_is_nonlinear(nskb)); - - /* Rest of kernel will get very unhappy if we pass it a - suddenly-orphaned skbuff */ - if ((*pskb)->sk) - skb_set_owner_w(nskb, (*pskb)->sk); - kfree_skb(*pskb); - *pskb = nskb; - return 1; + fwd_discard_all(); }