2 * Distributed under the terms of the GNU GPL version 2.
3 * Copyright (c) 2007, 2008, 2009, 2010 Nicira Networks.
5 * Significant portions of this file may be copied from parts of the Linux
6 * kernel, by Linus Torvalds and others.
9 /* Functions for executing flow actions. */
11 #include <linux/skbuff.h>
14 #include <linux/tcp.h>
15 #include <linux/udp.h>
16 #include <linux/in6.h>
17 #include <linux/if_vlan.h>
18 #include <net/inet_ecn.h>
20 #include <net/checksum.h>
24 #include "openvswitch/datapath-protocol.h"
27 static struct sk_buff *make_writable(struct sk_buff *skb, unsigned min_headroom, gfp_t gfp)
29 if (skb_cloned(skb)) {
31 unsigned headroom = max(min_headroom, skb_headroom(skb));
33 nskb = skb_copy_expand(skb, headroom, skb_tailroom(skb), gfp);
35 set_skb_csum_bits(skb, nskb);
40 unsigned int hdr_len = (skb_transport_offset(skb)
41 + sizeof(struct tcphdr));
42 if (pskb_may_pull(skb, min(hdr_len, skb->len)))
49 static struct sk_buff *vlan_pull_tag(struct sk_buff *skb)
51 struct vlan_ethhdr *vh = vlan_eth_hdr(skb);
54 /* Verify we were given a vlan packet */
55 if (vh->h_vlan_proto != htons(ETH_P_8021Q))
58 if (OVS_CB(skb)->ip_summed == OVS_CSUM_COMPLETE)
59 skb->csum = csum_sub(skb->csum, csum_partial(skb->data
60 + ETH_HLEN, VLAN_HLEN, 0));
62 memmove(skb->data + VLAN_HLEN, skb->data, 2 * VLAN_ETH_ALEN);
64 eh = (struct ethhdr *)skb_pull(skb, VLAN_HLEN);
66 skb->protocol = eh->h_proto;
67 skb->mac_header += VLAN_HLEN;
72 static struct sk_buff *modify_vlan_tci(struct datapath *dp, struct sk_buff *skb,
73 const struct odp_flow_key *key,
74 const union odp_action *a, int n_actions,
79 if (a->type == ODPAT_SET_VLAN_VID) {
80 tci = ntohs(a->vlan_vid.vlan_vid);
83 tci = a->vlan_pcp.vlan_pcp << VLAN_PCP_SHIFT;
87 skb = make_writable(skb, VLAN_HLEN, gfp);
89 return ERR_PTR(-ENOMEM);
91 if (skb->protocol == htons(ETH_P_8021Q)) {
92 /* Modify vlan id, but maintain other TCI values */
93 struct vlan_ethhdr *vh = vlan_eth_hdr(skb);
94 __be16 old_tci = vh->h_vlan_TCI;
96 vh->h_vlan_TCI = htons((ntohs(vh->h_vlan_TCI) & ~mask) | tci);
98 if (OVS_CB(skb)->ip_summed == OVS_CSUM_COMPLETE) {
99 __be16 diff[] = { ~old_tci, vh->h_vlan_TCI };
101 skb->csum = ~csum_partial((char *)diff, sizeof(diff),
107 /* Add vlan header */
109 /* Set up checksumming pointers for checksum-deferred packets
110 * on Xen. Otherwise, dev_queue_xmit() will try to do this
111 * when we send the packet out on the wire, and it will fail at
112 * that point because skb_checksum_setup() will not look inside
113 * an 802.1Q header. */
114 err = vswitch_skb_checksum_setup(skb);
120 /* GSO is not implemented for packets with an 802.1Q header, so
121 * we have to do segmentation before we add that header.
123 * GSO does work with hardware-accelerated VLAN tagging, but we
124 * can't use hardware-accelerated VLAN tagging since it
125 * requires the device to have a VLAN group configured (with
126 * e.g. vconfig(8)) and we don't do that.
128 * Having to do this here may be a performance loss, since we
129 * can't take advantage of TSO hardware support, although it
130 * does not make a measurable network performance difference
131 * for 1G Ethernet. Fixing that would require patching the
132 * kernel (either to add GSO support to the VLAN protocol or to
133 * support hardware-accelerated VLAN tagging without VLAN
134 * groups configured). */
135 if (skb_is_gso(skb)) {
136 struct sk_buff *segs;
138 segs = skb_gso_segment(skb, 0);
140 if (unlikely(IS_ERR(segs)))
141 return ERR_CAST(segs);
144 struct sk_buff *nskb = segs->next;
149 /* GSO can change the checksum type so update.*/
150 compute_ip_summed(segs, true);
152 segs = __vlan_put_tag(segs, tci);
155 err = execute_actions(dp, segs,
162 while ((segs = nskb)) {
171 } while (segs->next);
174 compute_ip_summed(skb, true);
177 /* The hardware-accelerated version of vlan_put_tag() works
178 * only for a device that has a VLAN group configured (with
179 * e.g. vconfig(8)), so call the software-only version
180 * __vlan_put_tag() directly instead.
182 skb = __vlan_put_tag(skb, tci);
184 return ERR_PTR(-ENOMEM);
186 /* GSO doesn't fix up the hardware computed checksum so this
187 * will only be hit in the non-GSO case. */
188 if (OVS_CB(skb)->ip_summed == OVS_CSUM_COMPLETE)
189 skb->csum = csum_add(skb->csum, csum_partial(skb->data
190 + ETH_HLEN, VLAN_HLEN, 0));
196 static struct sk_buff *strip_vlan(struct sk_buff *skb, gfp_t gfp)
198 skb = make_writable(skb, 0, gfp);
205 static struct sk_buff *set_dl_addr(struct sk_buff *skb,
206 const struct odp_action_dl_addr *a,
209 skb = make_writable(skb, 0, gfp);
211 struct ethhdr *eh = eth_hdr(skb);
212 if (a->type == ODPAT_SET_DL_SRC)
213 memcpy(eh->h_source, a->dl_addr, ETH_ALEN);
215 memcpy(eh->h_dest, a->dl_addr, ETH_ALEN);
220 /* Updates 'sum', which is a field in 'skb''s data, given that a 4-byte field
221 * covered by the sum has been changed from 'from' to 'to'. If set,
222 * 'pseudohdr' indicates that the field is in the TCP or UDP pseudo-header.
223 * Based on nf_proto_csum_replace4. */
224 static void update_csum(__sum16 *sum, struct sk_buff *skb,
225 __be32 from, __be32 to, int pseudohdr)
227 __be32 diff[] = { ~from, to };
229 if (OVS_CB(skb)->ip_summed != OVS_CSUM_PARTIAL) {
230 *sum = csum_fold(csum_partial((char *)diff, sizeof(diff),
231 ~csum_unfold(*sum)));
232 if (OVS_CB(skb)->ip_summed == OVS_CSUM_COMPLETE && pseudohdr)
233 skb->csum = ~csum_partial((char *)diff, sizeof(diff),
235 } else if (pseudohdr)
236 *sum = ~csum_fold(csum_partial((char *)diff, sizeof(diff),
240 static struct sk_buff *set_nw_addr(struct sk_buff *skb,
241 const struct odp_flow_key *key,
242 const struct odp_action_nw_addr *a,
245 if (key->dl_type != htons(ETH_P_IP))
248 skb = make_writable(skb, 0, gfp);
250 struct iphdr *nh = ip_hdr(skb);
251 u32 *f = a->type == ODPAT_SET_NW_SRC ? &nh->saddr : &nh->daddr;
253 u32 new = a->nw_addr;
255 if (key->nw_proto == IPPROTO_TCP) {
256 struct tcphdr *th = tcp_hdr(skb);
257 update_csum(&th->check, skb, old, new, 1);
258 } else if (key->nw_proto == IPPROTO_UDP) {
259 struct udphdr *th = udp_hdr(skb);
260 update_csum(&th->check, skb, old, new, 1);
262 update_csum(&nh->check, skb, old, new, 0);
268 static struct sk_buff *set_nw_tos(struct sk_buff *skb,
269 const struct odp_flow_key *key,
270 const struct odp_action_nw_tos *a,
273 if (key->dl_type != htons(ETH_P_IP))
276 skb = make_writable(skb, 0, gfp);
278 struct iphdr *nh = ip_hdr(skb);
283 /* Set the DSCP bits and preserve the ECN bits. */
284 new = a->nw_tos | (nh->tos & INET_ECN_MASK);
285 update_csum(&nh->check, skb, htons((uint16_t)old),
286 htons((uint16_t)new), 0);
292 static struct sk_buff *set_tp_port(struct sk_buff *skb,
293 const struct odp_flow_key *key,
294 const struct odp_action_tp_port *a, gfp_t gfp)
298 if (key->dl_type != htons(ETH_P_IP))
301 if (key->nw_proto == IPPROTO_TCP)
302 check_ofs = offsetof(struct tcphdr, check);
303 else if (key->nw_proto == IPPROTO_UDP)
304 check_ofs = offsetof(struct udphdr, check);
308 skb = make_writable(skb, 0, gfp);
310 struct udphdr *th = udp_hdr(skb);
311 u16 *f = a->type == ODPAT_SET_TP_SRC ? &th->source : &th->dest;
313 u16 new = a->tp_port;
314 update_csum((u16*)(skb_transport_header(skb) + check_ofs),
321 static void do_output(struct datapath *dp, struct sk_buff *skb, int out_port)
328 p = rcu_dereference(dp->ports[out_port]);
332 vport_send(p->vport, skb);
339 /* Never consumes 'skb'. Returns a port that 'skb' should be sent to, -1 if
341 static int output_group(struct datapath *dp, __u16 group,
342 struct sk_buff *skb, gfp_t gfp)
344 struct dp_port_group *g = rcu_dereference(dp->groups[group]);
350 for (i = 0; i < g->n_ports; i++) {
351 struct dp_port *p = rcu_dereference(dp->ports[g->ports[i]]);
352 if (!p || OVS_CB(skb)->dp_port == p)
354 if (prev_port != -1) {
355 struct sk_buff *clone = skb_clone(skb, gfp);
358 do_output(dp, clone, prev_port);
360 prev_port = p->port_no;
365 static int output_control(struct datapath *dp, struct sk_buff *skb, u32 arg,
368 skb = skb_clone(skb, gfp);
371 return dp_output_control(dp, skb, _ODPL_ACTION_NR, arg);
374 /* Send a copy of this packet up to the sFlow agent, along with extra
375 * information about what happened to it. */
376 static void sflow_sample(struct datapath *dp, struct sk_buff *skb,
377 const union odp_action *a, int n_actions,
378 gfp_t gfp, struct dp_port *dp_port)
380 struct odp_sflow_sample_header *hdr;
381 unsigned int actlen = n_actions * sizeof(union odp_action);
382 unsigned int hdrlen = sizeof(struct odp_sflow_sample_header);
383 struct sk_buff *nskb;
385 nskb = skb_copy_expand(skb, actlen + hdrlen, 0, gfp);
389 memcpy(__skb_push(nskb, actlen), a, actlen);
390 hdr = (struct odp_sflow_sample_header*)__skb_push(nskb, hdrlen);
391 hdr->n_actions = n_actions;
392 hdr->sample_pool = atomic_read(&dp_port->sflow_pool);
393 dp_output_control(dp, nskb, _ODPL_SFLOW_NR, 0);
396 /* Execute a list of actions against 'skb'. */
397 int execute_actions(struct datapath *dp, struct sk_buff *skb,
398 const struct odp_flow_key *key,
399 const union odp_action *a, int n_actions,
402 /* Every output action needs a separate clone of 'skb', but the common
403 * case is just a single output action, so that doing a clone and
404 * then freeing the original skbuff is wasteful. So the following code
405 * is slightly obscure just to avoid that. */
407 u32 priority = skb->priority;
410 if (dp->sflow_probability) {
411 struct dp_port *p = OVS_CB(skb)->dp_port;
413 atomic_inc(&p->sflow_pool);
414 if (dp->sflow_probability == UINT_MAX ||
415 net_random() < dp->sflow_probability)
416 sflow_sample(dp, skb, a, n_actions, gfp, p);
420 OVS_CB(skb)->tun_id = 0;
422 for (; n_actions > 0; a++, n_actions--) {
423 if (prev_port != -1) {
424 do_output(dp, skb_clone(skb, gfp), prev_port);
430 prev_port = a->output.port;
433 case ODPAT_OUTPUT_GROUP:
434 prev_port = output_group(dp, a->output_group.group,
438 case ODPAT_CONTROLLER:
439 err = output_control(dp, skb, a->controller.arg, gfp);
446 case ODPAT_SET_TUNNEL:
447 OVS_CB(skb)->tun_id = a->tunnel.tun_id;
450 case ODPAT_SET_VLAN_VID:
451 case ODPAT_SET_VLAN_PCP:
452 skb = modify_vlan_tci(dp, skb, key, a, n_actions, gfp);
457 case ODPAT_STRIP_VLAN:
458 skb = strip_vlan(skb, gfp);
461 case ODPAT_SET_DL_SRC:
462 case ODPAT_SET_DL_DST:
463 skb = set_dl_addr(skb, &a->dl_addr, gfp);
466 case ODPAT_SET_NW_SRC:
467 case ODPAT_SET_NW_DST:
468 skb = set_nw_addr(skb, key, &a->nw_addr, gfp);
471 case ODPAT_SET_NW_TOS:
472 skb = set_nw_tos(skb, key, &a->nw_tos, gfp);
475 case ODPAT_SET_TP_SRC:
476 case ODPAT_SET_TP_DST:
477 skb = set_tp_port(skb, key, &a->tp_port, gfp);
480 case ODPAT_SET_PRIORITY:
481 skb->priority = a->priority.priority;
484 case ODPAT_POP_PRIORITY:
485 skb->priority = priority;
492 do_output(dp, skb, prev_port);
git://git.onelab.eu / sliver-openvswitch.git / blob