datapath: Move table destroy to dp-rcu callback.

[sliver-openvswitch.git] / datapath / datapath.c
diff --git a/datapath/datapath.c b/datapath/datapath.c

index 5964789..fcaafd1 100644 (file)
--- a/datapath/datapath.c
+++ b/datapath/datapath.c
@@ -1,5 +1,5 @@
  /*
- * Copyright (c) 2007-2012 Nicira, Inc.
+ * Copyright (c) 2007-2014 Nicira, Inc.
   *
   * This program is free software; you can redistribute it and/or
   * modify it under the terms of version 2 of the GNU General Public
@@ -48,54 +48,99 @@
  #include <linux/openvswitch.h>
  #include <linux/rculist.h>
  #include <linux/dmi.h>
+#include <linux/genetlink.h>
+#include <net/genetlink.h>
  #include <net/genetlink.h>
  #include <net/net_namespace.h>
  #include <net/netns/generic.h>
  
-#include "checksum.h"
  #include "datapath.h"
  #include "flow.h"
-#include "genl_exec.h"
+#include "flow_table.h"
+#include "flow_netlink.h"
  #include "vlan.h"
-#include "tunnel.h"
  #include "vport-internal_dev.h"
+#include "vport-netdev.h"
  
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,18) || \
-    LINUX_VERSION_CODE >= KERNEL_VERSION(3,9,0)
-#error Kernels before 2.6.18 or after 3.8 are not supported by this version of Open vSwitch.
-#endif
+int ovs_net_id __read_mostly;
  
-#define REHASH_FLOW_INTERVAL (10 * 60 * HZ)
-static void rehash_flow_table(struct work_struct *work);
-static DECLARE_DELAYED_WORK(rehash_flow_wq, rehash_flow_table);
+static struct genl_family dp_packet_genl_family;
+static struct genl_family dp_flow_genl_family;
+static struct genl_family dp_datapath_genl_family;
  
-int ovs_net_id __read_mostly;
+static struct genl_multicast_group ovs_dp_flow_multicast_group = {
+       .name = OVS_FLOW_MCGROUP
+};
+
+static struct genl_multicast_group ovs_dp_datapath_multicast_group = {
+       .name = OVS_DATAPATH_MCGROUP
+};
+
+struct genl_multicast_group ovs_dp_vport_multicast_group = {
+       .name = OVS_VPORT_MCGROUP
+};
+
+/* Check if need to build a reply message.
+ * OVS userspace sets the NLM_F_ECHO flag if it needs the reply. */
+static bool ovs_must_notify(struct genl_info *info,
+                           const struct genl_multicast_group *grp)
+{
+       return info->nlhdr->nlmsg_flags & NLM_F_ECHO ||
+               netlink_has_listeners(genl_info_net(info)->genl_sock, GROUP_ID(grp));
+}
+
+static void ovs_notify(struct genl_family *family, struct genl_multicast_group *grp,
+                      struct sk_buff *skb, struct genl_info *info)
+{
+       genl_notify(family, skb, genl_info_net(info),
+                   info->snd_portid, GROUP_ID(grp), info->nlhdr, GFP_KERNEL);
+}
  
  /**
   * DOC: Locking:
   *
- * Writes to device state (add/remove datapath, port, set operations on vports,
- * etc.) are protected by RTNL.
- *
- * Writes to other state (flow table modifications, set miscellaneous datapath
- * parameters, etc.) are protected by genl_mutex.  The RTNL lock nests inside
- * genl_mutex.
+ * All writes e.g. Writes to device state (add/remove datapath, port, set
+ * operations on vports, etc.), Writes to other state (flow table
+ * modifications, set miscellaneous datapath parameters, etc.) are protected
+ * by ovs_lock.
   *
   * Reads are protected by RCU.
   *
   * There are a few special cases (mostly stats) that have their own
   * synchronization but they nest under all of above and don't interact with
   * each other.
+ *
+ * The RTNL lock nests inside ovs_mutex.
   */
  
-static struct vport *new_vport(const struct vport_parms *);
-static int queue_gso_packets(struct net *, int dp_ifindex, struct sk_buff *,
+static DEFINE_MUTEX(ovs_mutex);
+
+void ovs_lock(void)
+{
+       mutex_lock(&ovs_mutex);
+}
+
+void ovs_unlock(void)
+{
+       mutex_unlock(&ovs_mutex);
+}
+
+#ifdef CONFIG_LOCKDEP
+int lockdep_ovsl_is_held(void)
+{
+       if (debug_locks)
+               return lockdep_is_held(&ovs_mutex);
+       else
+               return 1;
+}
+#endif
+
+static int queue_gso_packets(struct datapath *dp, struct sk_buff *,
                              const struct dp_upcall_info *);
-static int queue_userspace_packet(struct net *, int dp_ifindex,
-                                 struct sk_buff *,
+static int queue_userspace_packet(struct datapath *dp, struct sk_buff *,
                                   const struct dp_upcall_info *);
  
-/* Must be called with rcu_read_lock, genl_mutex, or RTNL lock. */
+/* Must be called with rcu_read_lock or ovs_mutex. */
  static struct datapath *get_dp(struct net *net, int dp_ifindex)
  {
         struct datapath *dp = NULL;
@@ -113,10 +158,10 @@ static struct datapath *get_dp(struct net *net, int dp_ifindex)
         return dp;
  }
  
-/* Must be called with rcu_read_lock or RTNL lock. */
+/* Must be called with rcu_read_lock or ovs_mutex. */
  const char *ovs_dp_name(const struct datapath *dp)
  {
-       struct vport *vport = ovs_vport_rtnl_rcu(dp, OVSP_LOCAL);
+       struct vport *vport = ovs_vport_ovsl_rcu(dp, OVSP_LOCAL);
         return vport->ops->get_name(vport);
  }
  
@@ -129,7 +174,7 @@ static int get_dpifindex(struct datapath *dp)
  
         local = ovs_vport_rcu(dp, OVSP_LOCAL);
         if (local)
-               ifindex = local->ops->get_ifindex(local);
+               ifindex = netdev_vport_priv(local)->dev->ifindex;
         else
                 ifindex = 0;
  
@@ -142,7 +187,7 @@ static void destroy_dp_rcu(struct rcu_head *rcu)
  {
         struct datapath *dp = container_of(rcu, struct datapath, rcu);
  
-       ovs_flow_tbl_destroy((__force struct flow_table *)dp->table);
+       ovs_flow_tbl_destroy(&dp->table);
         free_percpu(dp->stats_percpu);
         release_net(ovs_dp_get_net(dp));
         kfree(dp->ports);
@@ -155,6 +200,7 @@ static struct hlist_head *vport_hash_bucket(const struct datapath *dp,
         return &dp->ports[port_no & (DP_VPORT_HASH_BUCKETS - 1)];
  }
  
+/* Called with ovs_mutex or RCU read lock. */
  struct vport *ovs_lookup_vport(const struct datapath *dp, u16 port_no)
  {
         struct vport *vport;
@@ -168,7 +214,7 @@ struct vport *ovs_lookup_vport(const struct datapath *dp, u16 port_no)
         return NULL;
  }
  
-/* Called with RTNL lock and genl_lock. */
+/* Called with ovs_mutex. */
  static struct vport *new_vport(const struct vport_parms *parms)
  {
         struct vport *vport;
@@ -183,10 +229,9 @@ static struct vport *new_vport(const struct vport_parms *parms)
         return vport;
  }
  
-/* Called with RTNL lock. */
  void ovs_dp_detach_port(struct vport *p)
  {
-       ASSERT_RTNL();
+       ASSERT_OVSL();
  
         /* First drop references to device. */
         hlist_del_rcu(&p->dp_hash_node);
@@ -195,68 +240,70 @@ void ovs_dp_detach_port(struct vport *p)
         ovs_vport_del(p);
  }
  
-/* Must be called with rcu_read_lock. */
-void ovs_dp_process_received_packet(struct vport *p, struct sk_buff *skb)
+void ovs_dp_process_packet_with_key(struct sk_buff *skb,
+               struct sw_flow_key *pkt_key)
  {
+       const struct vport *p = OVS_CB(skb)->input_vport;
         struct datapath *dp = p->dp;
         struct sw_flow *flow;
         struct dp_stats_percpu *stats;
-       struct sw_flow_key key;
         u64 *stats_counter;
-       int error;
-       int key_len;
+       u32 n_mask_hit;
  
         stats = this_cpu_ptr(dp->stats_percpu);
  
-       /* Extract flow from 'skb' into 'key'. */
-       error = ovs_flow_extract(skb, p->port_no, &key, &key_len);
-       if (unlikely(error)) {
-               kfree_skb(skb);
-               return;
-       }
-
         /* Look up flow. */
-       flow = ovs_flow_tbl_lookup(rcu_dereference(dp->table), &key, key_len);
+       flow = ovs_flow_tbl_lookup_stats(&dp->table, pkt_key, &n_mask_hit);
         if (unlikely(!flow)) {
                 struct dp_upcall_info upcall;
  
                 upcall.cmd = OVS_PACKET_CMD_MISS;
-               upcall.key = &key;
+               upcall.key = pkt_key;
                 upcall.userdata = NULL;
-               upcall.portid = p->upcall_portid;
+               upcall.portid = ovs_vport_find_upcall_portid(p, skb);
                 ovs_dp_upcall(dp, skb, &upcall);
                 consume_skb(skb);
                 stats_counter = &stats->n_missed;
                 goto out;
         }
  
+       OVS_CB(skb)->pkt_key = pkt_key;
         OVS_CB(skb)->flow = flow;
  
-       stats_counter = &stats->n_hit;
-       ovs_flow_used(OVS_CB(skb)->flow, skb);
+       ovs_flow_stats_update(OVS_CB(skb)->flow, pkt_key->tp.flags, skb);
         ovs_execute_actions(dp, skb);
+       stats_counter = &stats->n_hit;
  
  out:
         /* Update datapath statistics. */
         u64_stats_update_begin(&stats->sync);
         (*stats_counter)++;
+       stats->n_mask_hit += n_mask_hit;
         u64_stats_update_end(&stats->sync);
  }
  
-static struct genl_family dp_packet_genl_family = {
-       .id = GENL_ID_GENERATE,
-       .hdrsize = sizeof(struct ovs_header),
-       .name = OVS_PACKET_FAMILY,
-       .version = OVS_PACKET_VERSION,
-       .maxattr = OVS_PACKET_ATTR_MAX,
-        SET_NETNSOK
-};
+/* Must be called with rcu_read_lock. */
+void ovs_dp_process_received_packet(struct vport *p, struct sk_buff *skb)
+{
+       int error;
+       struct sw_flow_key key;
+
+       OVS_CB(skb)->input_vport = p;
+
+       /* Extract flow from 'skb' into 'key'. */
+       error = ovs_flow_extract(skb, p->port_no, &key);
+       if (unlikely(error)) {
+               kfree_skb(skb);
+               return;
+       }
+
+       ovs_dp_process_packet_with_key(skb, &key);
+}
  
  int ovs_dp_upcall(struct datapath *dp, struct sk_buff *skb,
                   const struct dp_upcall_info *upcall_info)
  {
         struct dp_stats_percpu *stats;
-       int dp_ifindex;
         int err;
  
         if (upcall_info->portid == 0) {
@@ -264,18 +311,10 @@ int ovs_dp_upcall(struct datapath *dp, struct sk_buff *skb,
                 goto err;
         }
  
-       dp_ifindex = get_dpifindex(dp);
-       if (!dp_ifindex) {
-               err = -ENODEV;
-               goto err;
-       }
-
-       forward_ip_summed(skb, true);
-
         if (!skb_is_gso(skb))
-               err = queue_userspace_packet(ovs_dp_get_net(dp), dp_ifindex, skb, upcall_info);
+               err = queue_userspace_packet(dp, skb, upcall_info);
         else
-               err = queue_gso_packets(ovs_dp_get_net(dp), dp_ifindex, skb, upcall_info);
+               err = queue_gso_packets(dp, skb, upcall_info);
         if (err)
                 goto err;
  
@@ -291,8 +330,7 @@ err:
         return err;
  }
  
-static int queue_gso_packets(struct net *net, int dp_ifindex,
-                            struct sk_buff *skb,
+static int queue_gso_packets(struct datapath *dp, struct sk_buff *skb,
                              const struct dp_upcall_info *upcall_info)
  {
         unsigned short gso_type = skb_shinfo(skb)->gso_type;
@@ -301,14 +339,14 @@ static int queue_gso_packets(struct net *net, int dp_ifindex,
         struct sk_buff *segs, *nskb;
         int err;
  
-       segs = __skb_gso_segment(skb, NETIF_F_SG | NETIF_F_HW_CSUM, false);
+       segs = __skb_gso_segment(skb, NETIF_F_SG, false);
         if (IS_ERR(segs))
                 return PTR_ERR(segs);
  
         /* Queue all of the segments. */
         skb = segs;
         do {
-               err = queue_userspace_packet(net, dp_ifindex, skb, upcall_info);
+               err = queue_userspace_packet(dp, skb, upcall_info);
                 if (err)
                         break;
  
@@ -338,25 +376,74 @@ static int queue_gso_packets(struct net *net, int dp_ifindex,
         return err;
  }
  
-static int queue_userspace_packet(struct net *net, int dp_ifindex,
-                                 struct sk_buff *skb,
+static size_t key_attr_size(void)
+{
+       return    nla_total_size(4)   /* OVS_KEY_ATTR_PRIORITY */
+               + nla_total_size(0)   /* OVS_KEY_ATTR_TUNNEL */
+                 + nla_total_size(8)   /* OVS_TUNNEL_KEY_ATTR_ID */
+                 + nla_total_size(4)   /* OVS_TUNNEL_KEY_ATTR_IPV4_SRC */
+                 + nla_total_size(4)   /* OVS_TUNNEL_KEY_ATTR_IPV4_DST */
+                 + nla_total_size(1)   /* OVS_TUNNEL_KEY_ATTR_TOS */
+                 + nla_total_size(1)   /* OVS_TUNNEL_KEY_ATTR_TTL */
+                 + nla_total_size(0)   /* OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT */
+                 + nla_total_size(0)   /* OVS_TUNNEL_KEY_ATTR_CSUM */
+               + nla_total_size(4)   /* OVS_KEY_ATTR_IN_PORT */
+               + nla_total_size(4)   /* OVS_KEY_ATTR_SKB_MARK */
+               + nla_total_size(12)  /* OVS_KEY_ATTR_ETHERNET */
+               + nla_total_size(2)   /* OVS_KEY_ATTR_ETHERTYPE */
+               + nla_total_size(4)   /* OVS_KEY_ATTR_8021Q */
+               + nla_total_size(0)   /* OVS_KEY_ATTR_ENCAP */
+               + nla_total_size(2)   /* OVS_KEY_ATTR_ETHERTYPE */
+               + nla_total_size(40)  /* OVS_KEY_ATTR_IPV6 */
+               + nla_total_size(2)   /* OVS_KEY_ATTR_ICMPV6 */
+               + nla_total_size(28); /* OVS_KEY_ATTR_ND */
+}
+
+static size_t upcall_msg_size(const struct nlattr *userdata,
+                             unsigned int hdrlen)
+{
+       size_t size = NLMSG_ALIGN(sizeof(struct ovs_header))
+               + nla_total_size(hdrlen) /* OVS_PACKET_ATTR_PACKET */
+               + nla_total_size(key_attr_size()); /* OVS_PACKET_ATTR_KEY */
+
+       /* OVS_PACKET_ATTR_USERDATA */
+       if (userdata)
+               size += NLA_ALIGN(userdata->nla_len);
+
+       return size;
+}
+
+static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb,
                                   const struct dp_upcall_info *upcall_info)
  {
         struct ovs_header *upcall;
         struct sk_buff *nskb = NULL;
         struct sk_buff *user_skb; /* to be queued to userspace */
         struct nlattr *nla;
-       unsigned int len;
-       int err;
+       struct genl_info info = {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)
+               .dst_sk = ovs_dp_get_net(dp)->genl_sock,
+#endif
+               .snd_portid = upcall_info->portid,
+       };
+       size_t len;
+       unsigned int hlen;
+       int err, dp_ifindex;
+
+       dp_ifindex = get_dpifindex(dp);
+       if (!dp_ifindex)
+               return -ENODEV;
  
         if (vlan_tx_tag_present(skb)) {
                 nskb = skb_clone(skb, GFP_ATOMIC);
                 if (!nskb)
                         return -ENOMEM;
-               
-               err = vlan_deaccel_tag(nskb);
-               if (err)
-                       return err;
+
+               nskb = __vlan_put_tag(nskb, nskb->vlan_proto, vlan_tx_tag_get(nskb));
+               if (!nskb)
+                       return -ENOMEM;
+
+               vlan_set_tci(nskb, 0);
  
                 skb = nskb;
         }
@@ -366,13 +453,22 @@ static int queue_userspace_packet(struct net *net, int dp_ifindex,
                 goto out;
         }
  
-       len = sizeof(struct ovs_header);
-       len += nla_total_size(skb->len);
-       len += nla_total_size(FLOW_BUFSIZE);
-       if (upcall_info->userdata)
-               len += NLA_ALIGN(upcall_info->userdata->nla_len);
+       /* Complete checksum if needed */
+       if (skb->ip_summed == CHECKSUM_PARTIAL &&
+           (err = skb_checksum_help(skb)))
+               goto out;
  
-       user_skb = genlmsg_new(len, GFP_ATOMIC);
+       /* Older versions of OVS user space enforce alignment of the last
+        * Netlink attribute to NLA_ALIGNTO which would require extensive
+        * padding logic. Only perform zerocopy if padding is not required.
+        */
+       if (dp->user_features & OVS_DP_F_UNALIGNED)
+               hlen = skb_zerocopy_headlen(skb);
+       else
+               hlen = skb->len;
+
+       len = upcall_msg_size(upcall_info->userdata, hlen);
+       user_skb = genlmsg_new_unicast(len, &info, GFP_ATOMIC);
         if (!user_skb) {
                 err = -ENOMEM;
                 goto out;
@@ -383,7 +479,7 @@ static int queue_userspace_packet(struct net *net, int dp_ifindex,
         upcall->dp_ifindex = dp_ifindex;
  
         nla = nla_nest_start(user_skb, OVS_PACKET_ATTR_KEY);
-       ovs_flow_to_nlattrs(upcall_info->key, user_skb);
+       ovs_nla_put_flow(upcall_info->key, upcall_info->key, user_skb);
         nla_nest_end(user_skb, nla);
  
         if (upcall_info->userdata)
@@ -391,415 +487,36 @@ static int queue_userspace_packet(struct net *net, int dp_ifindex,
                           nla_len(upcall_info->userdata),
                           nla_data(upcall_info->userdata));
  
-       nla = __nla_reserve(user_skb, OVS_PACKET_ATTR_PACKET, skb->len);
-
-       skb_copy_and_csum_dev(skb, nla_data(nla));
-
-       genlmsg_end(user_skb, upcall);
-       err = genlmsg_unicast(net, user_skb, upcall_info->portid);
-
-out:
-       kfree_skb(nskb);
-       return err;
-}
-
-/* Called with genl_mutex. */
-static int flush_flows(struct datapath *dp)
-{
-       struct flow_table *old_table;
-       struct flow_table *new_table;
-
-       old_table = genl_dereference(dp->table);
-       new_table = ovs_flow_tbl_alloc(TBL_MIN_BUCKETS);
-       if (!new_table)
-               return -ENOMEM;
-
-       rcu_assign_pointer(dp->table, new_table);
-
-       ovs_flow_tbl_deferred_destroy(old_table);
-       return 0;
-}
-
-static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, int attr_len)
-{
-
-       struct sw_flow_actions *acts;
-       int new_acts_size;
-       int req_size = NLA_ALIGN(attr_len);
-       int next_offset = offsetof(struct sw_flow_actions, actions) +
-                                       (*sfa)->actions_len;
-
-       if (req_size <= (ksize(*sfa) - next_offset))
+       /* Only reserve room for attribute header, packet data is added
+        * in skb_zerocopy() */
+       if (!(nla = nla_reserve(user_skb, OVS_PACKET_ATTR_PACKET, 0))) {
+               err = -ENOBUFS;
                 goto out;
-
-       new_acts_size = ksize(*sfa) * 2;
-
-       if (new_acts_size > MAX_ACTIONS_BUFSIZE) {
-               if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size)
-                       return ERR_PTR(-EMSGSIZE);
-               new_acts_size = MAX_ACTIONS_BUFSIZE;
         }
+       nla->nla_len = nla_attr_size(skb->len);
  
-       acts = ovs_flow_actions_alloc(new_acts_size);
-       if (IS_ERR(acts))
-               return (void *)acts;
-
-       memcpy(acts->actions, (*sfa)->actions, (*sfa)->actions_len);
-       acts->actions_len = (*sfa)->actions_len;
-       kfree(*sfa);
-       *sfa = acts;
-
-out:
-       (*sfa)->actions_len += req_size;
-       return  (struct nlattr *) ((unsigned char *)(*sfa) + next_offset);
-}
-
-static int add_action(struct sw_flow_actions **sfa, int attrtype, void *data, int len)
-{
-       struct nlattr *a;
-
-       a = reserve_sfa_size(sfa, nla_attr_size(len));
-       if (IS_ERR(a))
-               return PTR_ERR(a);
-
-       a->nla_type = attrtype;
-       a->nla_len = nla_attr_size(len);
-
-       if (data)
-               memcpy(nla_data(a), data, len);
-       memset((unsigned char *) a + a->nla_len, 0, nla_padlen(len));
-
-       return 0;
-}
-
-static inline int add_nested_action_start(struct sw_flow_actions **sfa, int attrtype)
-{
-       int used = (*sfa)->actions_len;
-       int err;
-
-       err = add_action(sfa, attrtype, NULL, 0);
+       err = skb_zerocopy(user_skb, skb, skb->len, hlen);
         if (err)
-               return err;
-
-       return used;
-}
-
-static inline void add_nested_action_end(struct sw_flow_actions *sfa, int st_offset)
-{
-       struct nlattr *a = (struct nlattr *) ((unsigned char *)sfa->actions + st_offset);
-
-       a->nla_len = sfa->actions_len - st_offset;
-}
-
-static int validate_and_copy_actions(const struct nlattr *attr,
-                               const struct sw_flow_key *key, int depth,
-                               struct sw_flow_actions **sfa);
-
-static int validate_and_copy_sample(const struct nlattr *attr,
-                          const struct sw_flow_key *key, int depth,
-                          struct sw_flow_actions **sfa)
-{
-       const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1];
-       const struct nlattr *probability, *actions;
-       const struct nlattr *a;
-       int rem, start, err, st_acts;
-
-       memset(attrs, 0, sizeof(attrs));
-       nla_for_each_nested(a, attr, rem) {
-               int type = nla_type(a);
-               if (!type || type > OVS_SAMPLE_ATTR_MAX || attrs[type])
-                       return -EINVAL;
-               attrs[type] = a;
-       }
-       if (rem)
-               return -EINVAL;
-
-       probability = attrs[OVS_SAMPLE_ATTR_PROBABILITY];
-       if (!probability || nla_len(probability) != sizeof(u32))
-               return -EINVAL;
-
-       actions = attrs[OVS_SAMPLE_ATTR_ACTIONS];
-       if (!actions || (nla_len(actions) && nla_len(actions) < NLA_HDRLEN))
-               return -EINVAL;
-
-       /* validation done, copy sample action. */
-       start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SAMPLE);
-       if (start < 0)
-               return start;
-       err = add_action(sfa, OVS_SAMPLE_ATTR_PROBABILITY, nla_data(probability), sizeof(u32));
-       if (err)
-               return err;
-       st_acts = add_nested_action_start(sfa, OVS_SAMPLE_ATTR_ACTIONS);
-       if (st_acts < 0)
-               return st_acts;
-
-       err = validate_and_copy_actions(actions, key, depth + 1, sfa);
-       if (err)
-               return err;
+               goto out;
  
-       add_nested_action_end(*sfa, st_acts);
-       add_nested_action_end(*sfa, start);
+       /* Pad OVS_PACKET_ATTR_PACKET if linear copy was performed */
+       if (!(dp->user_features & OVS_DP_F_UNALIGNED)) {
+               size_t plen = NLA_ALIGN(user_skb->len) - user_skb->len;
  
-       return 0;
-}
-
-static int validate_tp_port(const struct sw_flow_key *flow_key)
-{
-       if (flow_key->eth.type == htons(ETH_P_IP)) {
-               if (flow_key->ipv4.tp.src || flow_key->ipv4.tp.dst)
-                       return 0;
-       } else if (flow_key->eth.type == htons(ETH_P_IPV6)) {
-               if (flow_key->ipv6.tp.src || flow_key->ipv6.tp.dst)
-                       return 0;
+               if (plen > 0)
+                       memset(skb_put(user_skb, plen), 0, plen);
         }
  
-       return -EINVAL;
-}
+       ((struct nlmsghdr *) user_skb->data)->nlmsg_len = user_skb->len;
  
-static int validate_and_copy_set_tun(const struct nlattr *attr,
-                                    struct sw_flow_actions **sfa)
-{
-       struct ovs_key_ipv4_tunnel tun_key;
-       int err, start;
-
-       err = ipv4_tun_from_nlattr(nla_data(attr), &tun_key);
+       err = genlmsg_unicast(ovs_dp_get_net(dp), user_skb, upcall_info->portid);
+out:
         if (err)
-               return err;
-
-       start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SET);
-       if (start < 0)
-               return start;
-
-       err = add_action(sfa, OVS_KEY_ATTR_IPV4_TUNNEL, &tun_key, sizeof(tun_key));
-       add_nested_action_end(*sfa, start);
-
+               skb_tx_error(skb);
+       kfree_skb(nskb);
         return err;
  }
  
-static int validate_set(const struct nlattr *a,
-                       const struct sw_flow_key *flow_key,
-                       struct sw_flow_actions **sfa,
-                       bool *set_tun)
-{
-       const struct nlattr *ovs_key = nla_data(a);
-       int key_type = nla_type(ovs_key);
-
-       /* There can be only one key in a action */
-       if (nla_total_size(nla_len(ovs_key)) != nla_len(a))
-               return -EINVAL;
-
-       if (key_type > OVS_KEY_ATTR_MAX ||
-           (ovs_key_lens[key_type] != nla_len(ovs_key) &&
-            ovs_key_lens[key_type] != -1))
-               return -EINVAL;
-
-       switch (key_type) {
-       const struct ovs_key_ipv4 *ipv4_key;
-       const struct ovs_key_ipv6 *ipv6_key;
-       int err;
-
-       case OVS_KEY_ATTR_PRIORITY:
-       case OVS_KEY_ATTR_ETHERNET:
-               break;
-
-       case OVS_KEY_ATTR_SKB_MARK:
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20) && !defined(CONFIG_NETFILTER)
-               if (nla_get_u32(ovs_key) != 0)
-                       return -EINVAL;
-#endif
-               break;
-
-       case OVS_KEY_ATTR_TUNNEL:
-               *set_tun = true;
-               err = validate_and_copy_set_tun(a, sfa);
-               if (err)
-                       return err;
-               break;
-
-       case OVS_KEY_ATTR_IPV4:
-               if (flow_key->eth.type != htons(ETH_P_IP))
-                       return -EINVAL;
-
-               if (!flow_key->ip.proto)
-                       return -EINVAL;
-
-               ipv4_key = nla_data(ovs_key);
-               if (ipv4_key->ipv4_proto != flow_key->ip.proto)
-                       return -EINVAL;
-
-               if (ipv4_key->ipv4_frag != flow_key->ip.frag)
-                       return -EINVAL;
-
-               break;
-
-       case OVS_KEY_ATTR_IPV6:
-               if (flow_key->eth.type != htons(ETH_P_IPV6))
-                       return -EINVAL;
-
-               if (!flow_key->ip.proto)
-                       return -EINVAL;
-
-               ipv6_key = nla_data(ovs_key);
-               if (ipv6_key->ipv6_proto != flow_key->ip.proto)
-                       return -EINVAL;
-
-               if (ipv6_key->ipv6_frag != flow_key->ip.frag)
-                       return -EINVAL;
-
-               if (ntohl(ipv6_key->ipv6_label) & 0xFFF00000)
-                       return -EINVAL;
-
-               break;
-
-       case OVS_KEY_ATTR_TCP:
-               if (flow_key->ip.proto != IPPROTO_TCP)
-                       return -EINVAL;
-
-               return validate_tp_port(flow_key);
-
-       case OVS_KEY_ATTR_UDP:
-               if (flow_key->ip.proto != IPPROTO_UDP)
-                       return -EINVAL;
-
-               return validate_tp_port(flow_key);
-
-       default:
-               return -EINVAL;
-       }
-
-       return 0;
-}
-
-static int validate_userspace(const struct nlattr *attr)
-{
-       static const struct nla_policy userspace_policy[OVS_USERSPACE_ATTR_MAX + 1] =   {
-               [OVS_USERSPACE_ATTR_PID] = {.type = NLA_U32 },
-               [OVS_USERSPACE_ATTR_USERDATA] = {.type = NLA_UNSPEC },
-       };
-       struct nlattr *a[OVS_USERSPACE_ATTR_MAX + 1];
-       int error;
-
-       error = nla_parse_nested(a, OVS_USERSPACE_ATTR_MAX,
-                                attr, userspace_policy);
-       if (error)
-               return error;
-
-       if (!a[OVS_USERSPACE_ATTR_PID] ||
-           !nla_get_u32(a[OVS_USERSPACE_ATTR_PID]))
-               return -EINVAL;
-
-       return 0;
-}
-
-static int copy_action(const struct nlattr *from,
-                     struct sw_flow_actions **sfa)
-{
-       int totlen = NLA_ALIGN(from->nla_len);
-       struct nlattr *to;
-
-       to = reserve_sfa_size(sfa, from->nla_len);
-       if (IS_ERR(to))
-               return PTR_ERR(to);
-
-       memcpy(to, from, totlen);
-       return 0;
-}
-
-static int validate_and_copy_actions(const struct nlattr *attr,
-                               const struct sw_flow_key *key,
-                               int depth,
-                               struct sw_flow_actions **sfa)
-{
-       const struct nlattr *a;
-       int rem, err;
-
-       if (depth >= SAMPLE_ACTION_DEPTH)
-               return -EOVERFLOW;
-
-       nla_for_each_nested(a, attr, rem) {
-               /* Expected argument lengths, (u32)-1 for variable length. */
-               static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = {
-                       [OVS_ACTION_ATTR_OUTPUT] = sizeof(u32),
-                       [OVS_ACTION_ATTR_USERSPACE] = (u32)-1,
-                       [OVS_ACTION_ATTR_PUSH_VLAN] = sizeof(struct ovs_action_push_vlan),
-                       [OVS_ACTION_ATTR_POP_VLAN] = 0,
-                       [OVS_ACTION_ATTR_SET] = (u32)-1,
-                       [OVS_ACTION_ATTR_SAMPLE] = (u32)-1
-               };
-               const struct ovs_action_push_vlan *vlan;
-               int type = nla_type(a);
-               bool skip_copy;
-
-               if (type > OVS_ACTION_ATTR_MAX ||
-                   (action_lens[type] != nla_len(a) &&
-                    action_lens[type] != (u32)-1))
-                       return -EINVAL;
-
-               skip_copy = false;
-               switch (type) {
-               case OVS_ACTION_ATTR_UNSPEC:
-                       return -EINVAL;
-
-               case OVS_ACTION_ATTR_USERSPACE:
-                       err = validate_userspace(a);
-                       if (err)
-                               return err;
-                       break;
-
-               case OVS_ACTION_ATTR_OUTPUT:
-                       if (nla_get_u32(a) >= DP_MAX_PORTS)
-                               return -EINVAL;
-                       break;
-
-
-               case OVS_ACTION_ATTR_POP_VLAN:
-                       break;
-
-               case OVS_ACTION_ATTR_PUSH_VLAN:
-                       vlan = nla_data(a);
-                       if (vlan->vlan_tpid != htons(ETH_P_8021Q))
-                               return -EINVAL;
-                       if (!(vlan->vlan_tci & htons(VLAN_TAG_PRESENT)))
-                               return -EINVAL;
-                       break;
-
-               case OVS_ACTION_ATTR_SET:
-                       err = validate_set(a, key, sfa, &skip_copy);
-                       if (err)
-                               return err;
-                       break;
-
-               case OVS_ACTION_ATTR_SAMPLE:
-                       err = validate_and_copy_sample(a, key, depth, sfa);
-                       if (err)
-                               return err;
-                       skip_copy = true;
-                       break;
-
-               default:
-                       return -EINVAL;
-               }
-               if (!skip_copy) {
-                       err = copy_action(a, sfa);
-                       if (err)
-                               return err;
-               }
-       }
-
-       if (rem > 0)
-               return -EINVAL;
-
-       return 0;
-}
-
-static void clear_stats(struct sw_flow *flow)
-{
-       flow->used = 0;
-       flow->tcp_flags = 0;
-       flow->packet_count = 0;
-       flow->byte_count = 0;
-}
-
  static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info)
  {
         struct ovs_header *ovs_header = info->userhdr;
@@ -809,14 +526,13 @@ static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info)
         struct sw_flow *flow;
         struct datapath *dp;
         struct ethhdr *eth;
+       struct vport *input_vport;
         int len;
         int err;
-       int key_len;
  
         err = -EINVAL;
         if (!a[OVS_PACKET_ATTR_PACKET] || !a[OVS_PACKET_ATTR_KEY] ||
-           !a[OVS_PACKET_ATTR_ACTIONS] ||
-           nla_len(a[OVS_PACKET_ATTR_PACKET]) < ETH_HLEN)
+           !a[OVS_PACKET_ATTR_ACTIONS])
                 goto err;
  
         len = nla_len(a[OVS_PACKET_ATTR_PACKET]);
@@ -826,7 +542,7 @@ static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info)
                 goto err;
         skb_reserve(packet, NET_IP_ALIGN);
  
-       memcpy(__skb_put(packet, len), nla_data(a[OVS_PACKET_ATTR_PACKET]), len);
+       nla_memcpy(__skb_put(packet, len), a[OVS_PACKET_ATTR_PACKET], len);
  
         skb_reset_mac_header(packet);
         eth = eth_hdr(packet);
@@ -834,7 +550,7 @@ static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info)
         /* Normally, setting the skb 'protocol' field would be handled by a
          * call to eth_type_trans(), but it assumes there's a sending
          * device, which we may not have. */
-       if (ntohs(eth->h_proto) >= 1536)
+       if (ntohs(eth->h_proto) >= ETH_P_802_3_MIN)
                 packet->protocol = eth->h_proto;
         else
                 packet->protocol = htons(ETH_P_802_2);
@@ -845,26 +561,28 @@ static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info)
         if (IS_ERR(flow))
                 goto err_kfree_skb;
  
-       err = ovs_flow_extract(packet, -1, &flow->key, &key_len);
+       err = ovs_flow_extract(packet, -1, &flow->key);
         if (err)
                 goto err_flow_free;
  
-       err = ovs_flow_metadata_from_nlattrs(flow, key_len, a[OVS_PACKET_ATTR_KEY]);
+       err = ovs_nla_get_flow_metadata(flow, a[OVS_PACKET_ATTR_KEY]);
         if (err)
                 goto err_flow_free;
-       acts = ovs_flow_actions_alloc(nla_len(a[OVS_PACKET_ATTR_ACTIONS]));
+       acts = ovs_nla_alloc_flow_actions(nla_len(a[OVS_PACKET_ATTR_ACTIONS]));
         err = PTR_ERR(acts);
         if (IS_ERR(acts))
                 goto err_flow_free;
  
-       err = validate_and_copy_actions(a[OVS_PACKET_ATTR_ACTIONS], &flow->key, 0, &acts);
+       err = ovs_nla_copy_actions(a[OVS_PACKET_ATTR_ACTIONS],
+                                  &flow->key, 0, &acts);
         rcu_assign_pointer(flow->sf_acts, acts);
         if (err)
                 goto err_flow_free;
  
         OVS_CB(packet)->flow = flow;
+       OVS_CB(packet)->pkt_key = &flow->key;
         packet->priority = flow->key.phy.priority;
-       skb_set_mark(packet, flow->key.phy.skb_mark);
+       packet->mark = flow->key.phy.skb_mark;
  
         rcu_read_lock();
         dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
@@ -872,18 +590,27 @@ static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info)
         if (!dp)
                 goto err_unlock;
  
+       input_vport = ovs_vport_rcu(dp, flow->key.phy.in_port);
+       if (!input_vport)
+               input_vport = ovs_vport_rcu(dp, OVSP_LOCAL);
+
+       if (!input_vport)
+               goto err_unlock;
+
+       OVS_CB(packet)->input_vport = input_vport;
+
         local_bh_disable();
         err = ovs_execute_actions(dp, packet);
         local_bh_enable();
         rcu_read_unlock();
  
-       ovs_flow_free(flow);
+       ovs_flow_free(flow, false);
         return err;
  
  err_unlock:
         rcu_read_unlock();
  err_flow_free:
-       ovs_flow_free(flow);
+       ovs_flow_free(flow, false);
  err_kfree_skb:
         kfree_skb(packet);
  err:
@@ -891,7 +618,7 @@ err:
  }
  
  static const struct nla_policy packet_policy[OVS_PACKET_ATTR_MAX + 1] = {
-       [OVS_PACKET_ATTR_PACKET] = { .type = NLA_UNSPEC },
+       [OVS_PACKET_ATTR_PACKET] = { .len = ETH_HLEN },
         [OVS_PACKET_ATTR_KEY] = { .type = NLA_NESTED },
         [OVS_PACKET_ATTR_ACTIONS] = { .type = NLA_NESTED },
  };
@@ -904,14 +631,30 @@ static struct genl_ops dp_packet_genl_ops[] = {
         }
  };
  
-static void get_dp_stats(struct datapath *dp, struct ovs_dp_stats *stats)
+static struct genl_family dp_packet_genl_family = {
+       .id = GENL_ID_GENERATE,
+       .hdrsize = sizeof(struct ovs_header),
+       .name = OVS_PACKET_FAMILY,
+       .version = OVS_PACKET_VERSION,
+       .maxattr = OVS_PACKET_ATTR_MAX,
+       .netnsok = true,
+       .parallel_ops = true,
+       .ops = dp_packet_genl_ops,
+       .n_ops = ARRAY_SIZE(dp_packet_genl_ops),
+};
+
+static void get_dp_stats(struct datapath *dp, struct ovs_dp_stats *stats,
+                        struct ovs_dp_megaflow_stats *mega_stats)
  {
         int i;
-       struct flow_table *table = genl_dereference(dp->table);
  
-       stats->n_flows = ovs_flow_tbl_count(table);
+       memset(mega_stats, 0, sizeof(*mega_stats));
+
+       stats->n_flows = ovs_flow_tbl_count(&dp->table);
+       mega_stats->n_masks = ovs_flow_tbl_num_masks(&dp->table);
  
         stats->n_hit = stats->n_missed = stats->n_lost = 0;
+
         for_each_possible_cpu(i) {
                 const struct dp_stats_percpu *percpu_stats;
                 struct dp_stats_percpu local_stats;
@@ -927,171 +670,73 @@ static void get_dp_stats(struct datapath *dp, struct ovs_dp_stats *stats)
                 stats->n_hit += local_stats.n_hit;
                 stats->n_missed += local_stats.n_missed;
                 stats->n_lost += local_stats.n_lost;
+               mega_stats->n_mask_hit += local_stats.n_mask_hit;
         }
  }
  
-static const struct nla_policy flow_policy[OVS_FLOW_ATTR_MAX + 1] = {
-       [OVS_FLOW_ATTR_KEY] = { .type = NLA_NESTED },
-       [OVS_FLOW_ATTR_ACTIONS] = { .type = NLA_NESTED },
-       [OVS_FLOW_ATTR_CLEAR] = { .type = NLA_FLAG },
-};
-
-static struct genl_family dp_flow_genl_family = {
-       .id = GENL_ID_GENERATE,
-       .hdrsize = sizeof(struct ovs_header),
-       .name = OVS_FLOW_FAMILY,
-       .version = OVS_FLOW_VERSION,
-       .maxattr = OVS_FLOW_ATTR_MAX,
-        SET_NETNSOK
-};
-
-static struct genl_multicast_group ovs_dp_flow_multicast_group = {
-       .name = OVS_FLOW_MCGROUP
-};
-
-static int actions_to_attr(const struct nlattr *attr, int len, struct sk_buff *skb);
-static int sample_action_to_attr(const struct nlattr *attr, struct sk_buff *skb)
-{
-       const struct nlattr *a;
-       struct nlattr *start;
-       int err = 0, rem;
-
-       start = nla_nest_start(skb, OVS_ACTION_ATTR_SAMPLE);
-       if (!start)
-               return -EMSGSIZE;
-
-       nla_for_each_nested(a, attr, rem) {
-               int type = nla_type(a);
-               struct nlattr *st_sample;
-
-               switch (type) {
-               case OVS_SAMPLE_ATTR_PROBABILITY:
-                       if (nla_put(skb, OVS_SAMPLE_ATTR_PROBABILITY, sizeof(u32), nla_data(a)))
-                               return -EMSGSIZE;
-                       break;
-               case OVS_SAMPLE_ATTR_ACTIONS:
-                       st_sample = nla_nest_start(skb, OVS_SAMPLE_ATTR_ACTIONS);
-                       if (!st_sample)
-                               return -EMSGSIZE;
-                       err = actions_to_attr(nla_data(a), nla_len(a), skb);
-                       if (err)
-                               return err;
-                       nla_nest_end(skb, st_sample);
-                       break;
-               }
-       }
-
-       nla_nest_end(skb, start);
-       return err;
-}
-
-static int set_action_to_attr(const struct nlattr *a, struct sk_buff *skb)
-{
-       const struct nlattr *ovs_key = nla_data(a);
-       int key_type = nla_type(ovs_key);
-       struct nlattr *start;
-       int err;
-
-       switch (key_type) {
-       case OVS_KEY_ATTR_IPV4_TUNNEL:
-               start = nla_nest_start(skb, OVS_ACTION_ATTR_SET);
-               if (!start)
-                       return -EMSGSIZE;
-
-               err = ipv4_tun_to_nlattr(skb, nla_data(ovs_key));
-               if (err)
-                       return err;
-               nla_nest_end(skb, start);
-               break;
-       default:
-               if (nla_put(skb, OVS_ACTION_ATTR_SET, nla_len(a), ovs_key))
-                       return -EMSGSIZE;
-               break;
-       }
-
-       return 0;
-}
-
-static int actions_to_attr(const struct nlattr *attr, int len, struct sk_buff *skb)
+static size_t ovs_flow_cmd_msg_size(const struct sw_flow_actions *acts)
  {
-       const struct nlattr *a;
-       int rem, err;
-
-       nla_for_each_attr(a, attr, len, rem) {
-               int type = nla_type(a);
-
-               switch (type) {
-               case OVS_ACTION_ATTR_SET:
-                       err = set_action_to_attr(a, skb);
-                       if (err)
-                               return err;
-                       break;
-
-               case OVS_ACTION_ATTR_SAMPLE:
-                       err = sample_action_to_attr(a, skb);
-                       if (err)
-                               return err;
-                       break;
-               default:
-                       if (nla_put(skb, type, nla_len(a), nla_data(a)))
-                               return -EMSGSIZE;
-                       break;
-               }
-       }
-
-       return 0;
+       return NLMSG_ALIGN(sizeof(struct ovs_header))
+               + nla_total_size(key_attr_size()) /* OVS_FLOW_ATTR_KEY */
+               + nla_total_size(key_attr_size()) /* OVS_FLOW_ATTR_MASK */
+               + nla_total_size(sizeof(struct ovs_flow_stats)) /* OVS_FLOW_ATTR_STATS */
+               + nla_total_size(1) /* OVS_FLOW_ATTR_TCP_FLAGS */
+               + nla_total_size(8) /* OVS_FLOW_ATTR_USED */
+               + nla_total_size(acts->actions_len); /* OVS_FLOW_ATTR_ACTIONS */
  }
  
-/* Called with genl_lock. */
-static int ovs_flow_cmd_fill_info(struct sw_flow *flow, struct datapath *dp,
+/* Called with ovs_mutex or RCU read lock. */
+static int ovs_flow_cmd_fill_info(const struct sw_flow *flow, int dp_ifindex,
                                   struct sk_buff *skb, u32 portid,
                                   u32 seq, u32 flags, u8 cmd)
  {
         const int skb_orig_len = skb->len;
-       const struct sw_flow_actions *sf_acts;
         struct nlattr *start;
         struct ovs_flow_stats stats;
+       __be16 tcp_flags;
+       unsigned long used;
         struct ovs_header *ovs_header;
         struct nlattr *nla;
-       unsigned long used;
-       u8 tcp_flags;
         int err;
  
-       sf_acts = rcu_dereference_protected(flow->sf_acts,
-                                           lockdep_genl_is_held());
-
         ovs_header = genlmsg_put(skb, portid, seq, &dp_flow_genl_family, flags, cmd);
         if (!ovs_header)
                 return -EMSGSIZE;
  
-       ovs_header->dp_ifindex = get_dpifindex(dp);
+       ovs_header->dp_ifindex = dp_ifindex;
  
+       /* Fill flow key. */
         nla = nla_nest_start(skb, OVS_FLOW_ATTR_KEY);
         if (!nla)
                 goto nla_put_failure;
-       err = ovs_flow_to_nlattrs(&flow->key, skb);
+
+       err = ovs_nla_put_flow(&flow->unmasked_key, &flow->unmasked_key, skb);
         if (err)
                 goto error;
         nla_nest_end(skb, nla);
  
-       spin_lock_bh(&flow->lock);
-       used = flow->used;
-       stats.n_packets = flow->packet_count;
-       stats.n_bytes = flow->byte_count;
-       tcp_flags = flow->tcp_flags;
-       spin_unlock_bh(&flow->lock);
+       nla = nla_nest_start(skb, OVS_FLOW_ATTR_MASK);
+       if (!nla)
+               goto nla_put_failure;
+
+       err = ovs_nla_put_flow(&flow->key, &flow->mask->key, skb);
+       if (err)
+               goto error;
+
+       nla_nest_end(skb, nla);
+
+       ovs_flow_stats_get(flow, &stats, &used, &tcp_flags);
  
         if (used &&
             nla_put_u64(skb, OVS_FLOW_ATTR_USED, ovs_flow_used_time(used)))
                 goto nla_put_failure;
  
         if (stats.n_packets &&
-           nla_put(skb, OVS_FLOW_ATTR_STATS,
-                   sizeof(struct ovs_flow_stats), &stats))
+           nla_put(skb, OVS_FLOW_ATTR_STATS, sizeof(struct ovs_flow_stats), &stats))
                 goto nla_put_failure;
  
-       if (tcp_flags &&
-           nla_put_u8(skb, OVS_FLOW_ATTR_TCP_FLAGS, tcp_flags))
+       if ((u8)ntohs(tcp_flags) &&
+            nla_put_u8(skb, OVS_FLOW_ATTR_TCP_FLAGS, (u8)ntohs(tcp_flags)))
                 goto nla_put_failure;
  
         /* If OVS_FLOW_ATTR_ACTIONS doesn't fit, skip dumping the actions if
@@ -1106,7 +751,12 @@ static int ovs_flow_cmd_fill_info(struct sw_flow *flow, struct datapath *dp,
          */
         start = nla_nest_start(skb, OVS_FLOW_ATTR_ACTIONS);
         if (start) {
-               err = actions_to_attr(sf_acts->actions, sf_acts->actions_len, skb);
+               const struct sw_flow_actions *sf_acts;
+
+               sf_acts = rcu_dereference_ovsl(flow->sf_acts);
+               err = ovs_nla_put_actions(sf_acts->actions,
+                                         sf_acts->actions_len, skb);
+
                 if (!err)
                         nla_nest_end(skb, start);
                 else {
@@ -1127,125 +777,128 @@ error:
         return err;
  }
  
-static struct sk_buff *ovs_flow_cmd_alloc_info(struct sw_flow *flow)
+/* May not be called with RCU read lock. */
+static struct sk_buff *ovs_flow_cmd_alloc_info(const struct sw_flow_actions *acts,
+                                              struct genl_info *info,
+                                              bool always)
  {
-       const struct sw_flow_actions *sf_acts;
-       int len;
+       struct sk_buff *skb;
  
-       sf_acts = rcu_dereference_protected(flow->sf_acts,
-                                           lockdep_genl_is_held());
+       if (!always && !ovs_must_notify(info, &ovs_dp_flow_multicast_group))
+               return NULL;
  
-       /* OVS_FLOW_ATTR_KEY */
-       len = nla_total_size(FLOW_BUFSIZE);
-       /* OVS_FLOW_ATTR_ACTIONS */
-       len += nla_total_size(sf_acts->actions_len);
-       /* OVS_FLOW_ATTR_STATS */
-       len += nla_total_size(sizeof(struct ovs_flow_stats));
-       /* OVS_FLOW_ATTR_TCP_FLAGS */
-       len += nla_total_size(1);
-       /* OVS_FLOW_ATTR_USED */
-       len += nla_total_size(8);
+       skb = genlmsg_new_unicast(ovs_flow_cmd_msg_size(acts), info, GFP_KERNEL);
  
-       len += NLMSG_ALIGN(sizeof(struct ovs_header));
+       if (!skb)
+               return ERR_PTR(-ENOMEM);
  
-       return genlmsg_new(len, GFP_KERNEL);
+       return skb;
  }
  
-static struct sk_buff *ovs_flow_cmd_build_info(struct sw_flow *flow,
-                                              struct datapath *dp,
-                                              u32 portid, u32 seq, u8 cmd)
+/* Called with ovs_mutex. */
+static struct sk_buff *ovs_flow_cmd_build_info(const struct sw_flow *flow,
+                                              int dp_ifindex,
+                                              struct genl_info *info, u8 cmd,
+                                              bool always)
  {
         struct sk_buff *skb;
         int retval;
  
-       skb = ovs_flow_cmd_alloc_info(flow);
-       if (!skb)
-               return ERR_PTR(-ENOMEM);
+       skb = ovs_flow_cmd_alloc_info(ovsl_dereference(flow->sf_acts), info,
+                                     always);
+       if (!skb || IS_ERR(skb))
+               return skb;
  
-       retval = ovs_flow_cmd_fill_info(flow, dp, skb, portid, seq, 0, cmd);
+       retval = ovs_flow_cmd_fill_info(flow, dp_ifindex, skb,
+                                       info->snd_portid, info->snd_seq, 0,
+                                       cmd);
         BUG_ON(retval < 0);
         return skb;
  }
  
-static int ovs_flow_cmd_new_or_set(struct sk_buff *skb, struct genl_info *info)
+static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
  {
         struct nlattr **a = info->attrs;
         struct ovs_header *ovs_header = info->userhdr;
-       struct sw_flow_key key;
-       struct sw_flow *flow;
+       struct sw_flow *flow, *new_flow;
+       struct sw_flow_mask mask;
         struct sk_buff *reply;
         struct datapath *dp;
-       struct flow_table *table;
-       struct sw_flow_actions *acts = NULL;
+       struct sw_flow_actions *acts;
+       struct sw_flow_match match;
         int error;
-       int key_len;
  
-       /* Extract key. */
+       /* Must have key and actions. */
         error = -EINVAL;
         if (!a[OVS_FLOW_ATTR_KEY])
                 goto error;
-       error = ovs_flow_from_nlattrs(&key, &key_len, a[OVS_FLOW_ATTR_KEY]);
-       if (error)
+       if (!a[OVS_FLOW_ATTR_ACTIONS])
                 goto error;
  
-       /* Validate actions. */
-       if (a[OVS_FLOW_ATTR_ACTIONS]) {
-               acts = ovs_flow_actions_alloc(nla_len(a[OVS_FLOW_ATTR_ACTIONS]));
-               error = PTR_ERR(acts);
-               if (IS_ERR(acts))
-                       goto error;
-
-               error = validate_and_copy_actions(a[OVS_FLOW_ATTR_ACTIONS], &key,  0, &acts);
-               if (error)
-                       goto err_kfree;
-       } else if (info->genlhdr->cmd == OVS_FLOW_CMD_NEW) {
-               error = -EINVAL;
+       /* Most of the time we need to allocate a new flow, do it before
+        * locking. */
+       new_flow = ovs_flow_alloc();
+       if (IS_ERR(new_flow)) {
+               error = PTR_ERR(new_flow);
                 goto error;
         }
  
-       dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
-       error = -ENODEV;
-       if (!dp)
-               goto err_kfree;
+       /* Extract key. */
+       ovs_match_init(&match, &new_flow->unmasked_key, &mask);
+       error = ovs_nla_get_match(&match,
+                                 a[OVS_FLOW_ATTR_KEY], a[OVS_FLOW_ATTR_MASK]);
+       if (error)
+               goto err_kfree_flow;
  
-       table = genl_dereference(dp->table);
-       flow = ovs_flow_tbl_lookup(table, &key, key_len);
-       if (!flow) {
-               /* Bail out if we're not allowed to create a new flow. */
-               error = -ENOENT;
-               if (info->genlhdr->cmd == OVS_FLOW_CMD_SET)
-                       goto err_kfree;
-
-               /* Expand table, if necessary, to make room. */
-               if (ovs_flow_tbl_need_to_expand(table)) {
-                       struct flow_table *new_table;
-
-                       new_table = ovs_flow_tbl_expand(table);
-                       if (!IS_ERR(new_table)) {
-                               rcu_assign_pointer(dp->table, new_table);
-                               ovs_flow_tbl_deferred_destroy(table);
-                               table = genl_dereference(dp->table);
-                       }
-               }
+       ovs_flow_mask_key(&new_flow->key, &new_flow->unmasked_key, &mask);
  
-               /* Allocate flow. */
-               flow = ovs_flow_alloc();
-               if (IS_ERR(flow)) {
-                       error = PTR_ERR(flow);
-                       goto err_kfree;
-               }
-               clear_stats(flow);
+       /* Validate actions. */
+       acts = ovs_nla_alloc_flow_actions(nla_len(a[OVS_FLOW_ATTR_ACTIONS]));
+       error = PTR_ERR(acts);
+       if (IS_ERR(acts))
+               goto err_kfree_flow;
  
-               rcu_assign_pointer(flow->sf_acts, acts);
+       error = ovs_nla_copy_actions(a[OVS_FLOW_ATTR_ACTIONS], &new_flow->key,
+                                    0, &acts);
+       if (error) {
+               OVS_NLERR("Flow actions may not be safe on all matching packets.\n");
+               goto err_kfree_acts;
+       }
+
+       reply = ovs_flow_cmd_alloc_info(acts, info, false);
+       if (IS_ERR(reply)) {
+               error = PTR_ERR(reply);
+               goto err_kfree_acts;
+       }
+
+       ovs_lock();
+       dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
+       if (unlikely(!dp)) {
+               error = -ENODEV;
+               goto err_unlock_ovs;
+       }
+       /* Check if this is a duplicate flow */
+       flow = ovs_flow_tbl_lookup(&dp->table, &new_flow->unmasked_key);
+       if (likely(!flow)) {
+               rcu_assign_pointer(new_flow->sf_acts, acts);
  
                 /* Put flow in bucket. */
-               ovs_flow_tbl_insert(table, flow, &key, key_len);
+               error = ovs_flow_tbl_insert(&dp->table, new_flow, &mask);
+               if (unlikely(error)) {
+                       acts = NULL;
+                       goto err_unlock_ovs;
+               }
  
-               reply = ovs_flow_cmd_build_info(flow, dp, info->snd_portid,
-                                               info->snd_seq,
-                                               OVS_FLOW_CMD_NEW);
+               if (unlikely(reply)) {
+                       error = ovs_flow_cmd_fill_info(new_flow,
+                                                      ovs_header->dp_ifindex,
+                                                      reply, info->snd_portid,
+                                                      info->snd_seq, 0,
+                                                      OVS_FLOW_CMD_NEW);
+                       BUG_ON(error < 0);
+               }
+               ovs_unlock();
         } else {
-               /* We found a matching flow. */
                 struct sw_flow_actions *old_acts;
  
                 /* Bail out if we're not allowed to modify an existing flow.
@@ -1254,38 +907,153 @@ static int ovs_flow_cmd_new_or_set(struct sk_buff *skb, struct genl_info *info)
                  * request.  We also accept NLM_F_EXCL in case that bug ever
                  * gets fixed.
                  */
-               error = -EEXIST;
-               if (info->genlhdr->cmd == OVS_FLOW_CMD_NEW &&
-                   info->nlhdr->nlmsg_flags & (NLM_F_CREATE | NLM_F_EXCL))
-                       goto err_kfree;
-
+               if (unlikely(info->nlhdr->nlmsg_flags & (NLM_F_CREATE
+                                                        | NLM_F_EXCL))) {
+                       error = -EEXIST;
+                       goto err_unlock_ovs;
+               }
+               /* The unmasked key has to be the same for flow updates. */
+               if (unlikely(!ovs_flow_cmp_unmasked_key(flow, &match))) {
+                       error = -EEXIST;
+                       goto err_unlock_ovs;
+               }
                 /* Update actions. */
-               old_acts = rcu_dereference_protected(flow->sf_acts,
-                                                    lockdep_genl_is_held());
+               old_acts = ovsl_dereference(flow->sf_acts);
                 rcu_assign_pointer(flow->sf_acts, acts);
-               ovs_flow_deferred_free_acts(old_acts);
  
-               reply = ovs_flow_cmd_build_info(flow, dp, info->snd_portid,
-                                              info->snd_seq, OVS_FLOW_CMD_NEW);
+               if (unlikely(reply)) {
+                       error = ovs_flow_cmd_fill_info(flow,
+                                                      ovs_header->dp_ifindex,
+                                                      reply, info->snd_portid,
+                                                      info->snd_seq, 0,
+                                                      OVS_FLOW_CMD_NEW);
+                       BUG_ON(error < 0);
+               }
+               ovs_unlock();
+
+               ovs_nla_free_flow_actions(old_acts);
+               ovs_flow_free(new_flow, false);
+       }
  
-               /* Clear stats. */
-               if (a[OVS_FLOW_ATTR_CLEAR]) {
-                       spin_lock_bh(&flow->lock);
-                       clear_stats(flow);
-                       spin_unlock_bh(&flow->lock);
+       if (reply)
+               ovs_notify(&dp_flow_genl_family, &ovs_dp_flow_multicast_group, reply, info);
+       return 0;
+
+err_unlock_ovs:
+       ovs_unlock();
+       kfree_skb(reply);
+err_kfree_acts:
+       kfree(acts);
+err_kfree_flow:
+       ovs_flow_free(new_flow, false);
+error:
+       return error;
+}
+
+static int ovs_flow_cmd_set(struct sk_buff *skb, struct genl_info *info)
+{
+       struct nlattr **a = info->attrs;
+       struct ovs_header *ovs_header = info->userhdr;
+       struct sw_flow_key key, masked_key;
+       struct sw_flow *flow;
+       struct sw_flow_mask mask;
+       struct sk_buff *reply = NULL;
+       struct datapath *dp;
+       struct sw_flow_actions *old_acts = NULL, *acts = NULL;
+       struct sw_flow_match match;
+       int error;
+
+       /* Extract key. */
+       error = -EINVAL;
+       if (!a[OVS_FLOW_ATTR_KEY])
+               goto error;
+
+       ovs_match_init(&match, &key, &mask);
+       error = ovs_nla_get_match(&match,
+                                 a[OVS_FLOW_ATTR_KEY], a[OVS_FLOW_ATTR_MASK]);
+       if (error)
+               goto error;
+
+       /* Validate actions. */
+       if (a[OVS_FLOW_ATTR_ACTIONS]) {
+               acts = ovs_nla_alloc_flow_actions(nla_len(a[OVS_FLOW_ATTR_ACTIONS]));
+               error = PTR_ERR(acts);
+               if (IS_ERR(acts))
+                       goto error;
+
+               ovs_flow_mask_key(&masked_key, &key, &mask);
+               error = ovs_nla_copy_actions(a[OVS_FLOW_ATTR_ACTIONS],
+                                            &masked_key, 0, &acts);
+               if (error) {
+                       OVS_NLERR("Flow actions may not be safe on all matching packets.\n");
+                       goto err_kfree_acts;
                 }
         }
  
-       if (!IS_ERR(reply))
-               genl_notify(reply, genl_info_net(info), info->snd_portid,
-                          ovs_dp_flow_multicast_group.id, info->nlhdr,
-                          GFP_KERNEL);
-       else
-               netlink_set_err(GENL_SOCK(sock_net(skb->sk)), 0,
-                               ovs_dp_flow_multicast_group.id, PTR_ERR(reply));
+       /* Can allocate before locking if have acts. */
+       if (acts) {
+               reply = ovs_flow_cmd_alloc_info(acts, info, false);
+               if (IS_ERR(reply)) {
+                       error = PTR_ERR(reply);
+                       goto err_kfree_acts;
+               }
+       }
+
+       ovs_lock();
+       dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
+       if (unlikely(!dp)) {
+               error = -ENODEV;
+               goto err_unlock_ovs;
+       }
+       /* Check that the flow exists. */
+       flow = ovs_flow_tbl_lookup(&dp->table, &key);
+       if (unlikely(!flow)) {
+               error = -ENOENT;
+               goto err_unlock_ovs;
+       }
+       /* The unmasked key has to be the same for flow updates. */
+       if (unlikely(!ovs_flow_cmp_unmasked_key(flow, &match))) {
+               error = -EEXIST;
+               goto err_unlock_ovs;
+       }
+       /* Update actions, if present. */
+       if (likely(acts)) {
+               old_acts = ovsl_dereference(flow->sf_acts);
+               rcu_assign_pointer(flow->sf_acts, acts);
+
+               if (unlikely(reply)) {
+                       error = ovs_flow_cmd_fill_info(flow,
+                                                      ovs_header->dp_ifindex,
+                                                      reply, info->snd_portid,
+                                                      info->snd_seq, 0,
+                                                      OVS_FLOW_CMD_NEW);
+                       BUG_ON(error < 0);
+               }
+       } else {
+               /* Could not alloc without acts before locking. */
+               reply = ovs_flow_cmd_build_info(flow, ovs_header->dp_ifindex,
+                                               info, OVS_FLOW_CMD_NEW, false);
+               if (unlikely(IS_ERR(reply))) {
+                       error = PTR_ERR(reply);
+                       goto err_unlock_ovs;
+               }
+       }
+
+       /* Clear stats. */
+       if (a[OVS_FLOW_ATTR_CLEAR])
+               ovs_flow_stats_clear(flow);
+       ovs_unlock();
+
+       if (reply)
+               ovs_notify(&dp_flow_genl_family, &ovs_dp_flow_multicast_group, reply, info);
+       if (old_acts)
+               ovs_nla_free_flow_actions(old_acts);
         return 0;
  
-err_kfree:
+err_unlock_ovs:
+       ovs_unlock();
+       kfree_skb(reply);
+err_kfree_acts:
         kfree(acts);
  error:
         return error;
@@ -1299,31 +1067,44 @@ static int ovs_flow_cmd_get(struct sk_buff *skb, struct genl_info *info)
         struct sk_buff *reply;
         struct sw_flow *flow;
         struct datapath *dp;
-       struct flow_table *table;
+       struct sw_flow_match match;
         int err;
-       int key_len;
  
-       if (!a[OVS_FLOW_ATTR_KEY])
+       if (!a[OVS_FLOW_ATTR_KEY]) {
+               OVS_NLERR("Flow get message rejected, Key attribute missing.\n");
                 return -EINVAL;
-       err = ovs_flow_from_nlattrs(&key, &key_len, a[OVS_FLOW_ATTR_KEY]);
+       }
+
+       ovs_match_init(&match, &key, NULL);
+       err = ovs_nla_get_match(&match, a[OVS_FLOW_ATTR_KEY], NULL);
         if (err)
                 return err;
  
+       ovs_lock();
         dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
-       if (!dp)
-               return -ENODEV;
+       if (!dp) {
+               err = -ENODEV;
+               goto unlock;
+       }
  
-       table = genl_dereference(dp->table);
-       flow = ovs_flow_tbl_lookup(table, &key, key_len);
-       if (!flow)
-               return -ENOENT;
+       flow = ovs_flow_tbl_lookup(&dp->table, &key);
+       if (!flow || !ovs_flow_cmp_unmasked_key(flow, &match)) {
+               err = -ENOENT;
+               goto unlock;
+       }
  
-       reply = ovs_flow_cmd_build_info(flow, dp, info->snd_portid,
-                                       info->snd_seq, OVS_FLOW_CMD_NEW);
-       if (IS_ERR(reply))
-               return PTR_ERR(reply);
+       reply = ovs_flow_cmd_build_info(flow, ovs_header->dp_ifindex, info,
+                                       OVS_FLOW_CMD_NEW, true);
+       if (IS_ERR(reply)) {
+               err = PTR_ERR(reply);
+               goto unlock;
+       }
  
+       ovs_unlock();
         return genlmsg_reply(reply, info);
+unlock:
+       ovs_unlock();
+       return err;
  }
  
  static int ovs_flow_cmd_del(struct sk_buff *skb, struct genl_info *info)
@@ -1334,66 +1115,88 @@ static int ovs_flow_cmd_del(struct sk_buff *skb, struct genl_info *info)
         struct sk_buff *reply;
         struct sw_flow *flow;
         struct datapath *dp;
-       struct flow_table *table;
+       struct sw_flow_match match;
         int err;
-       int key_len;
  
-       dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
-       if (!dp)
-               return -ENODEV;
-
-       if (!a[OVS_FLOW_ATTR_KEY])
-               return flush_flows(dp);
-
-       err = ovs_flow_from_nlattrs(&key, &key_len, a[OVS_FLOW_ATTR_KEY]);
-       if (err)
-               return err;
-
-       table = genl_dereference(dp->table);
-       flow = ovs_flow_tbl_lookup(table, &key, key_len);
-       if (!flow)
-               return -ENOENT;
-
-       reply = ovs_flow_cmd_alloc_info(flow);
-       if (!reply)
-               return -ENOMEM;
+       if (likely(a[OVS_FLOW_ATTR_KEY])) {
+               ovs_match_init(&match, &key, NULL);
+               err = ovs_nla_get_match(&match, a[OVS_FLOW_ATTR_KEY], NULL);
+               if (unlikely(err))
+                       return err;
+       }
  
-       ovs_flow_tbl_remove(table, flow);
+       ovs_lock();
+       dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
+       if (unlikely(!dp)) {
+               err = -ENODEV;
+               goto unlock;
+       }
+       if (unlikely(!a[OVS_FLOW_ATTR_KEY])) {
+               err = ovs_flow_tbl_flush(&dp->table);
+               goto unlock;
+       }
+       flow = ovs_flow_tbl_lookup(&dp->table, &key);
+       if (unlikely(!flow || !ovs_flow_cmp_unmasked_key(flow, &match))) {
+               err = -ENOENT;
+               goto unlock;
+       }
  
-       err = ovs_flow_cmd_fill_info(flow, dp, reply, info->snd_portid,
-                                    info->snd_seq, 0, OVS_FLOW_CMD_DEL);
-       BUG_ON(err < 0);
+       ovs_flow_tbl_remove(&dp->table, flow);
+       ovs_unlock();
+
+       reply = ovs_flow_cmd_alloc_info((const struct sw_flow_actions __force *)flow->sf_acts,
+                                       info, false);
+
+       if (likely(reply)) {
+               if (likely(!IS_ERR(reply))) {
+                       rcu_read_lock(); /* Keep RCU checker happy. */
+                       err = ovs_flow_cmd_fill_info(flow,
+                                                    ovs_header->dp_ifindex,
+                                                    reply, info->snd_portid,
+                                                    info->snd_seq, 0,
+                                                    OVS_FLOW_CMD_DEL);
+                       rcu_read_unlock();
+                       BUG_ON(err < 0);
+                       ovs_notify(&dp_flow_genl_family, &ovs_dp_flow_multicast_group, reply, info);
+               } else {
+                       genl_set_err(&dp_flow_genl_family, sock_net(skb->sk), 0,
+                                    GROUP_ID(&ovs_dp_flow_multicast_group), PTR_ERR(reply));
  
-       ovs_flow_deferred_free(flow);
+               }
+       }
  
-       genl_notify(reply, genl_info_net(info), info->snd_portid,
-                   ovs_dp_flow_multicast_group.id, info->nlhdr, GFP_KERNEL);
+       ovs_flow_free(flow, true);
         return 0;
+unlock:
+       ovs_unlock();
+       return err;
  }
  
  static int ovs_flow_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
  {
         struct ovs_header *ovs_header = genlmsg_data(nlmsg_data(cb->nlh));
+       struct table_instance *ti;
         struct datapath *dp;
-       struct flow_table *table;
  
+       rcu_read_lock();
         dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
-       if (!dp)
+       if (!dp) {
+               rcu_read_unlock();
                 return -ENODEV;
+       }
  
-       table = genl_dereference(dp->table);
-
+       ti = rcu_dereference(dp->table.ti);
         for (;;) {
                 struct sw_flow *flow;
                 u32 bucket, obj;
  
                 bucket = cb->args[0];
                 obj = cb->args[1];
-               flow = ovs_flow_tbl_next(table, &bucket, &obj);
+               flow = ovs_flow_tbl_dump_next(ti, &bucket, &obj);
                 if (!flow)
                         break;
  
-               if (ovs_flow_cmd_fill_info(flow, dp, skb,
+               if (ovs_flow_cmd_fill_info(flow, ovs_header->dp_ifindex, skb,
                                            NETLINK_CB(cb->skb).portid,
                                            cb->nlh->nlmsg_seq, NLM_F_MULTI,
                                            OVS_FLOW_CMD_NEW) < 0)
@@ -1402,14 +1205,21 @@ static int ovs_flow_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
                 cb->args[0] = bucket;
                 cb->args[1] = obj;
         }
+       rcu_read_unlock();
         return skb->len;
  }
  
+static const struct nla_policy flow_policy[OVS_FLOW_ATTR_MAX + 1] = {
+       [OVS_FLOW_ATTR_KEY] = { .type = NLA_NESTED },
+       [OVS_FLOW_ATTR_ACTIONS] = { .type = NLA_NESTED },
+       [OVS_FLOW_ATTR_CLEAR] = { .type = NLA_FLAG },
+};
+
  static struct genl_ops dp_flow_genl_ops[] = {
         { .cmd = OVS_FLOW_CMD_NEW,
           .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
           .policy = flow_policy,
-         .doit = ovs_flow_cmd_new_or_set
+         .doit = ovs_flow_cmd_new
         },
         { .cmd = OVS_FLOW_CMD_DEL,
           .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
@@ -1425,35 +1235,43 @@ static struct genl_ops dp_flow_genl_ops[] = {
         { .cmd = OVS_FLOW_CMD_SET,
           .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
           .policy = flow_policy,
-         .doit = ovs_flow_cmd_new_or_set,
+         .doit = ovs_flow_cmd_set,
         },
  };
  
-static const struct nla_policy datapath_policy[OVS_DP_ATTR_MAX + 1] = {
-#ifdef HAVE_NLA_NUL_STRING
-       [OVS_DP_ATTR_NAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
-#endif
-       [OVS_DP_ATTR_UPCALL_PID] = { .type = NLA_U32 },
-};
-
-static struct genl_family dp_datapath_genl_family = {
+static struct genl_family dp_flow_genl_family = {
         .id = GENL_ID_GENERATE,
         .hdrsize = sizeof(struct ovs_header),
-       .name = OVS_DATAPATH_FAMILY,
-       .version = OVS_DATAPATH_VERSION,
-       .maxattr = OVS_DP_ATTR_MAX,
-        SET_NETNSOK
+       .name = OVS_FLOW_FAMILY,
+       .version = OVS_FLOW_VERSION,
+       .maxattr = OVS_FLOW_ATTR_MAX,
+       .netnsok = true,
+       .parallel_ops = true,
+       .ops = dp_flow_genl_ops,
+       .n_ops = ARRAY_SIZE(dp_flow_genl_ops),
+       .mcgrps = &ovs_dp_flow_multicast_group,
+       .n_mcgrps = 1,
  };
  
-static struct genl_multicast_group ovs_dp_datapath_multicast_group = {
-       .name = OVS_DATAPATH_MCGROUP
-};
+static size_t ovs_dp_cmd_msg_size(void)
+{
+       size_t msgsize = NLMSG_ALIGN(sizeof(struct ovs_header));
+
+       msgsize += nla_total_size(IFNAMSIZ);
+       msgsize += nla_total_size(sizeof(struct ovs_dp_stats));
+       msgsize += nla_total_size(sizeof(struct ovs_dp_megaflow_stats));
+       msgsize += nla_total_size(sizeof(u32)); /* OVS_DP_ATTR_USER_FEATURES */
  
+       return msgsize;
+}
+
+/* Called with ovs_mutex or RCU read lock. */
  static int ovs_dp_cmd_fill_info(struct datapath *dp, struct sk_buff *skb,
                                 u32 portid, u32 seq, u32 flags, u8 cmd)
  {
         struct ovs_header *ovs_header;
         struct ovs_dp_stats dp_stats;
+       struct ovs_dp_megaflow_stats dp_megaflow_stats;
         int err;
  
         ovs_header = genlmsg_put(skb, portid, seq, &dp_datapath_genl_family,
@@ -1463,14 +1281,21 @@ static int ovs_dp_cmd_fill_info(struct datapath *dp, struct sk_buff *skb,
  
         ovs_header->dp_ifindex = get_dpifindex(dp);
  
-       rcu_read_lock();
         err = nla_put_string(skb, OVS_DP_ATTR_NAME, ovs_dp_name(dp));
-       rcu_read_unlock();
         if (err)
                 goto nla_put_failure;
  
-       get_dp_stats(dp, &dp_stats);
-       if (nla_put(skb, OVS_DP_ATTR_STATS, sizeof(struct ovs_dp_stats), &dp_stats))
+       get_dp_stats(dp, &dp_stats, &dp_megaflow_stats);
+       if (nla_put(skb, OVS_DP_ATTR_STATS, sizeof(struct ovs_dp_stats),
+                       &dp_stats))
+               goto nla_put_failure;
+
+       if (nla_put(skb, OVS_DP_ATTR_MEGAFLOW_STATS,
+                       sizeof(struct ovs_dp_megaflow_stats),
+                       &dp_megaflow_stats))
+               goto nla_put_failure;
+
+       if (nla_put_u32(skb, OVS_DP_ATTR_USER_FEATURES, dp->user_features))
                 goto nla_put_failure;
  
         return genlmsg_end(skb, ovs_header);
@@ -1481,30 +1306,12 @@ error:
         return -EMSGSIZE;
  }
  
-static struct sk_buff *ovs_dp_cmd_build_info(struct datapath *dp, u32 portid,
-                                            u32 seq, u8 cmd)
+static struct sk_buff *ovs_dp_cmd_alloc_info(struct genl_info *info)
  {
-       struct sk_buff *skb;
-       int retval;
-
-       skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
-       if (!skb)
-               return ERR_PTR(-ENOMEM);
-
-       retval = ovs_dp_cmd_fill_info(dp, skb, portid, seq, 0, cmd);
-       if (retval < 0) {
-               kfree_skb(skb);
-               return ERR_PTR(retval);
-       }
-       return skb;
-}
-
-static int ovs_dp_cmd_validate(struct nlattr *a[OVS_DP_ATTR_MAX + 1])
-{
-       return CHECK_NUL_STRING(a[OVS_DP_ATTR_NAME], IFNAMSIZ - 1);
+       return genlmsg_new_unicast(ovs_dp_cmd_msg_size(), info, GFP_KERNEL);
  }
  
-/* Called with genl_mutex and optionally with RTNL lock also. */
+/* Called with rcu_read_lock or ovs_mutex. */
  static struct datapath *lookup_datapath(struct net *net,
                                         struct ovs_header *ovs_header,
                                         struct nlattr *a[OVS_DP_ATTR_MAX + 1])
@@ -1516,14 +1323,30 @@ static struct datapath *lookup_datapath(struct net *net,
         else {
                 struct vport *vport;
  
-               rcu_read_lock();
                 vport = ovs_vport_locate(net, nla_data(a[OVS_DP_ATTR_NAME]));
                 dp = vport && vport->port_no == OVSP_LOCAL ? vport->dp : NULL;
-               rcu_read_unlock();
         }
         return dp ? dp : ERR_PTR(-ENODEV);
  }
  
+static void ovs_dp_reset_user_features(struct sk_buff *skb, struct genl_info *info)
+{
+       struct datapath *dp;
+
+       dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
+       if (IS_ERR(dp))
+               return;
+
+       WARN(dp->user_features, "Dropping previously announced user features\n");
+       dp->user_features = 0;
+}
+
+static void ovs_dp_change(struct datapath *dp, struct nlattr **a)
+{
+       if (a[OVS_DP_ATTR_USER_FEATURES])
+               dp->user_features = nla_get_u32(a[OVS_DP_ATTR_USER_FEATURES]);
+}
+
  static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info)
  {
         struct nlattr **a = info->attrs;
@@ -1538,23 +1361,20 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info)
         if (!a[OVS_DP_ATTR_NAME] || !a[OVS_DP_ATTR_UPCALL_PID])
                 goto err;
  
-       err = ovs_dp_cmd_validate(a);
-       if (err)
-               goto err;
-
-       rtnl_lock();
+       reply = ovs_dp_cmd_alloc_info(info);
+       if (!reply)
+               return -ENOMEM;
  
         err = -ENOMEM;
         dp = kzalloc(sizeof(*dp), GFP_KERNEL);
         if (dp == NULL)
-               goto err_unlock_rtnl;
+               goto err_free_reply;
  
         ovs_dp_set_net(dp, hold_net(sock_net(skb->sk)));
  
         /* Allocate table. */
-       err = -ENOMEM;
-       rcu_assign_pointer(dp->table, ovs_flow_tbl_alloc(TBL_MIN_BUCKETS));
-       if (!dp->table)
+       err = ovs_flow_tbl_init(&dp->table);
+       if (err)
                 goto err_free_dp;
  
         dp->stats_percpu = alloc_percpu(struct dp_stats_percpu);
@@ -1563,6 +1383,12 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info)
                 goto err_destroy_table;
         }
  
+       for_each_possible_cpu(i) {
+               struct dp_stats_percpu *dpath_stats;
+               dpath_stats = per_cpu_ptr(dp->stats_percpu, i);
+               u64_stats_init(&dpath_stats->sync);
+       }
+
         dp->ports = kmalloc(DP_VPORT_HASH_BUCKETS * sizeof(struct hlist_head),
                             GFP_KERNEL);
         if (!dp->ports) {
@@ -1579,7 +1405,12 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info)
         parms.options = NULL;
         parms.dp = dp;
         parms.port_no = OVSP_LOCAL;
-       parms.upcall_portid = nla_get_u32(a[OVS_DP_ATTR_UPCALL_PID]);
+       parms.upcall_portids = a[OVS_DP_ATTR_UPCALL_PID];
+
+       ovs_dp_change(dp, a);
+
+       /* So far only local changes have been made, now need the lock. */
+       ovs_lock();
  
         vport = new_vport(&parms);
         if (IS_ERR(vport)) {
@@ -1587,49 +1418,51 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info)
                 if (err == -EBUSY)
                         err = -EEXIST;
  
+               if (err == -EEXIST) {
+                       /* An outdated user space instance that does not understand
+                        * the concept of user_features has attempted to create a new
+                        * datapath and is likely to reuse it. Drop all user features.
+                        */
+                       if (info->genlhdr->version < OVS_DP_VER_FEATURES)
+                               ovs_dp_reset_user_features(skb, info);
+               }
+
                 goto err_destroy_ports_array;
         }
  
-       reply = ovs_dp_cmd_build_info(dp, info->snd_portid,
-                                     info->snd_seq, OVS_DP_CMD_NEW);
-       err = PTR_ERR(reply);
-       if (IS_ERR(reply))
-               goto err_destroy_local_port;
+       err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
+                                  info->snd_seq, 0, OVS_DP_CMD_NEW);
+       BUG_ON(err < 0);
  
         ovs_net = net_generic(ovs_dp_get_net(dp), ovs_net_id);
-       list_add_tail(&dp->list_node, &ovs_net->dps);
+       list_add_tail_rcu(&dp->list_node, &ovs_net->dps);
  
-       rtnl_unlock();
+       ovs_unlock();
  
-       genl_notify(reply, genl_info_net(info), info->snd_portid,
-                   ovs_dp_datapath_multicast_group.id, info->nlhdr,
-                   GFP_KERNEL);
+       ovs_notify(&dp_datapath_genl_family, &ovs_dp_datapath_multicast_group, reply, info);
         return 0;
  
-err_destroy_local_port:
-       ovs_dp_detach_port(ovs_vport_rtnl(dp, OVSP_LOCAL));
  err_destroy_ports_array:
+       ovs_unlock();
         kfree(dp->ports);
  err_destroy_percpu:
         free_percpu(dp->stats_percpu);
  err_destroy_table:
-       ovs_flow_tbl_destroy(genl_dereference(dp->table));
+       ovs_flow_tbl_destroy(&dp->table);
  err_free_dp:
         release_net(ovs_dp_get_net(dp));
         kfree(dp);
-err_unlock_rtnl:
-       rtnl_unlock();
+err_free_reply:
+       kfree_skb(reply);
  err:
         return err;
  }
  
-/* Called with genl_mutex. */
+/* Called with ovs_mutex. */
  static void __dp_destroy(struct datapath *dp)
  {
         int i;
  
-       rtnl_lock();
-
         for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++) {
                 struct vport *vport;
                 struct hlist_node *n;
@@ -1639,16 +1472,14 @@ static void __dp_destroy(struct datapath *dp)
                                 ovs_dp_detach_port(vport);
         }
  
-       list_del(&dp->list_node);
-       ovs_dp_detach_port(ovs_vport_rtnl(dp, OVSP_LOCAL));
+       list_del_rcu(&dp->list_node);
  
-       /* rtnl_unlock() will wait until all the references to devices that
-        * are pending unregistration have been dropped.  We do it here to
-        * ensure that any internal devices (which contain DP pointers) are
-        * fully destroyed before freeing the datapath.
+       /* OVSP_LOCAL is datapath internal port. We need to make sure that
+        * all ports in datapath are destroyed first before freeing datapath.
          */
-       rtnl_unlock();
+       ovs_dp_detach_port(ovs_vport_ovsl(dp, OVSP_LOCAL));
  
+       /* RCU destroy the flow table */
         call_rcu(&dp->rcu, destroy_dp_rcu);
  }
  
@@ -1658,28 +1489,30 @@ static int ovs_dp_cmd_del(struct sk_buff *skb, struct genl_info *info)
         struct datapath *dp;
         int err;
  
-       err = ovs_dp_cmd_validate(info->attrs);
-       if (err)
-               return err;
+       reply = ovs_dp_cmd_alloc_info(info);
+       if (!reply)
+               return -ENOMEM;
  
+       ovs_lock();
         dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
         err = PTR_ERR(dp);
         if (IS_ERR(dp))
-               return err;
+               goto err_unlock_free;
  
-       reply = ovs_dp_cmd_build_info(dp, info->snd_portid,
-                                     info->snd_seq, OVS_DP_CMD_DEL);
-       err = PTR_ERR(reply);
-       if (IS_ERR(reply))
-               return err;
+       err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
+                                  info->snd_seq, 0, OVS_DP_CMD_DEL);
+       BUG_ON(err < 0);
  
         __dp_destroy(dp);
  
-       genl_notify(reply, genl_info_net(info), info->snd_portid,
-                   ovs_dp_datapath_multicast_group.id, info->nlhdr,
-                   GFP_KERNEL);
-
+       ovs_unlock();
+       ovs_notify(&dp_datapath_genl_family, &ovs_dp_datapath_multicast_group, reply, info);
         return 0;
+
+err_unlock_free:
+       ovs_unlock();
+       kfree_skb(reply);
+       return err;
  }
  
  static int ovs_dp_cmd_set(struct sk_buff *skb, struct genl_info *info)
@@ -1688,28 +1521,30 @@ static int ovs_dp_cmd_set(struct sk_buff *skb, struct genl_info *info)
         struct datapath *dp;
         int err;
  
-       err = ovs_dp_cmd_validate(info->attrs);
-       if (err)
-               return err;
+       reply = ovs_dp_cmd_alloc_info(info);
+       if (!reply)
+               return -ENOMEM;
  
+       ovs_lock();
         dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
+       err = PTR_ERR(dp);
         if (IS_ERR(dp))
-               return PTR_ERR(dp);
+               goto err_unlock_free;
  
-       reply = ovs_dp_cmd_build_info(dp, info->snd_portid,
-                                     info->snd_seq, OVS_DP_CMD_NEW);
-       if (IS_ERR(reply)) {
-               err = PTR_ERR(reply);
-               netlink_set_err(GENL_SOCK(sock_net(skb->sk)), 0,
-                               ovs_dp_datapath_multicast_group.id, err);
-               return 0;
-       }
+       ovs_dp_change(dp, info->attrs);
  
-       genl_notify(reply, genl_info_net(info), info->snd_portid,
-                   ovs_dp_datapath_multicast_group.id, info->nlhdr,
-                   GFP_KERNEL);
+       err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
+                                  info->snd_seq, 0, OVS_DP_CMD_NEW);
+       BUG_ON(err < 0);
  
+       ovs_unlock();
+       ovs_notify(&dp_datapath_genl_family, &ovs_dp_datapath_multicast_group, reply, info);
         return 0;
+
+err_unlock_free:
+       ovs_unlock();
+       kfree_skb(reply);
+       return err;
  }
  
  static int ovs_dp_cmd_get(struct sk_buff *skb, struct genl_info *info)
@@ -1718,20 +1553,27 @@ static int ovs_dp_cmd_get(struct sk_buff *skb, struct genl_info *info)
         struct datapath *dp;
         int err;
  
-       err = ovs_dp_cmd_validate(info->attrs);
-       if (err)
-               return err;
+       reply = ovs_dp_cmd_alloc_info(info);
+       if (!reply)
+               return -ENOMEM;
  
+       rcu_read_lock();
         dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
-       if (IS_ERR(dp))
-               return PTR_ERR(dp);
-
-       reply = ovs_dp_cmd_build_info(dp, info->snd_portid,
-                                     info->snd_seq, OVS_DP_CMD_NEW);
-       if (IS_ERR(reply))
-               return PTR_ERR(reply);
+       if (IS_ERR(dp)) {
+               err = PTR_ERR(dp);
+               goto err_unlock_free;
+       }
+       err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
+                                  info->snd_seq, 0, OVS_DP_CMD_NEW);
+       BUG_ON(err < 0);
+       rcu_read_unlock();
  
         return genlmsg_reply(reply, info);
+
+err_unlock_free:
+       rcu_read_unlock();
+       kfree_skb(reply);
+       return err;
  }
  
  static int ovs_dp_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
@@ -1741,7 +1583,8 @@ static int ovs_dp_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
         int skip = cb->args[0];
         int i = 0;
  
-       list_for_each_entry(dp, &ovs_net->dps, list_node) {
+       rcu_read_lock();
+       list_for_each_entry_rcu(dp, &ovs_net->dps, list_node) {
                 if (i >= skip &&
                     ovs_dp_cmd_fill_info(dp, skb, NETLINK_CB(cb->skb).portid,
                                          cb->nlh->nlmsg_seq, NLM_F_MULTI,
@@ -1749,12 +1592,19 @@ static int ovs_dp_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
                         break;
                 i++;
         }
+       rcu_read_unlock();
  
         cb->args[0] = i;
  
         return skb->len;
  }
  
+static const struct nla_policy datapath_policy[OVS_DP_ATTR_MAX + 1] = {
+       [OVS_DP_ATTR_NAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
+       [OVS_DP_ATTR_UPCALL_PID] = { .type = NLA_U32 },
+       [OVS_DP_ATTR_USER_FEATURES] = { .type = NLA_U32 },
+};
+
  static struct genl_ops dp_datapath_genl_ops[] = {
         { .cmd = OVS_DP_CMD_NEW,
           .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
@@ -1779,33 +1629,21 @@ static struct genl_ops dp_datapath_genl_ops[] = {
         },
  };
  
-static const struct nla_policy vport_policy[OVS_VPORT_ATTR_MAX + 1] = {
-#ifdef HAVE_NLA_NUL_STRING
-       [OVS_VPORT_ATTR_NAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
-       [OVS_VPORT_ATTR_STATS] = { .len = sizeof(struct ovs_vport_stats) },
-#else
-       [OVS_VPORT_ATTR_STATS] = { .minlen = sizeof(struct ovs_vport_stats) },
-#endif
-       [OVS_VPORT_ATTR_PORT_NO] = { .type = NLA_U32 },
-       [OVS_VPORT_ATTR_TYPE] = { .type = NLA_U32 },
-       [OVS_VPORT_ATTR_UPCALL_PID] = { .type = NLA_U32 },
-       [OVS_VPORT_ATTR_OPTIONS] = { .type = NLA_NESTED },
-};
-
-static struct genl_family dp_vport_genl_family = {
+static struct genl_family dp_datapath_genl_family = {
         .id = GENL_ID_GENERATE,
         .hdrsize = sizeof(struct ovs_header),
-       .name = OVS_VPORT_FAMILY,
-       .version = OVS_VPORT_VERSION,
-       .maxattr = OVS_VPORT_ATTR_MAX,
-        SET_NETNSOK
-};
-
-struct genl_multicast_group ovs_dp_vport_multicast_group = {
-       .name = OVS_VPORT_MCGROUP
+       .name = OVS_DATAPATH_FAMILY,
+       .version = OVS_DATAPATH_VERSION,
+       .maxattr = OVS_DP_ATTR_MAX,
+       .netnsok = true,
+       .parallel_ops = true,
+       .ops = dp_datapath_genl_ops,
+       .n_ops = ARRAY_SIZE(dp_datapath_genl_ops),
+       .mcgrps = &ovs_dp_datapath_multicast_group,
+       .n_mcgrps = 1,
  };
  
-/* Called with RTNL lock or RCU read lock. */
+/* Called with ovs_mutex or RCU read lock. */
  static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb,
                                    u32 portid, u32 seq, u32 flags, u8 cmd)
  {
@@ -1822,8 +1660,7 @@ static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb,
  
         if (nla_put_u32(skb, OVS_VPORT_ATTR_PORT_NO, vport->port_no) ||
             nla_put_u32(skb, OVS_VPORT_ATTR_TYPE, vport->ops->type) ||
-           nla_put_string(skb, OVS_VPORT_ATTR_NAME, vport->ops->get_name(vport)) ||
-           nla_put_u32(skb, OVS_VPORT_ATTR_UPCALL_PID, vport->upcall_portid))
+           nla_put_string(skb, OVS_VPORT_ATTR_NAME, vport->ops->get_name(vport)))
                 goto nla_put_failure;
  
         ovs_vport_get_stats(vport, &vport_stats);
@@ -1831,6 +1668,9 @@ static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb,
                     &vport_stats))
                 goto nla_put_failure;
  
+       if (ovs_vport_get_upcall_portids(vport, skb))
+               goto nla_put_failure;
+
         err = ovs_vport_get_options(vport, skb);
         if (err == -EMSGSIZE)
                 goto error;
@@ -1844,7 +1684,12 @@ error:
         return err;
  }
  
-/* Called with RTNL lock or RCU read lock. */
+static struct sk_buff *ovs_vport_cmd_alloc_info(void)
+{
+       return nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
+}
+
+/* Called with ovs_mutex, only via ovs_dp_notify_wq(). */
  struct sk_buff *ovs_vport_cmd_build_info(struct vport *vport, u32 portid,
                                          u32 seq, u8 cmd)
  {
@@ -1861,12 +1706,7 @@ struct sk_buff *ovs_vport_cmd_build_info(struct vport *vport, u32 portid,
         return skb;
  }
  
-static int ovs_vport_cmd_validate(struct nlattr *a[OVS_VPORT_ATTR_MAX + 1])
-{
-       return CHECK_NUL_STRING(a[OVS_VPORT_ATTR_NAME], IFNAMSIZ - 1);
-}
-
-/* Called with RTNL lock or RCU read lock. */
+/* Called with ovs_mutex or RCU read lock. */
  static struct vport *lookup_vport(struct net *net,
                                   struct ovs_header *ovs_header,
                                   struct nlattr *a[OVS_VPORT_ATTR_MAX + 1])
@@ -1892,7 +1732,7 @@ static struct vport *lookup_vport(struct net *net,
                 if (!dp)
                         return ERR_PTR(-ENODEV);
  
-               vport = ovs_vport_rtnl_rcu(dp, port_no);
+               vport = ovs_vport_ovsl_rcu(dp, port_no);
                 if (!vport)
                         return ERR_PTR(-ENODEV);
                 return vport;
@@ -1911,39 +1751,37 @@ static int ovs_vport_cmd_new(struct sk_buff *skb, struct genl_info *info)
         u32 port_no;
         int err;
  
-       err = -EINVAL;
         if (!a[OVS_VPORT_ATTR_NAME] || !a[OVS_VPORT_ATTR_TYPE] ||
             !a[OVS_VPORT_ATTR_UPCALL_PID])
-               goto exit;
+               return -EINVAL;
  
-       err = ovs_vport_cmd_validate(a);
-       if (err)
-               goto exit;
+       port_no = a[OVS_VPORT_ATTR_PORT_NO]
+               ? nla_get_u32(a[OVS_VPORT_ATTR_PORT_NO]) : 0;
+       if (port_no >= DP_MAX_PORTS)
+               return -EFBIG;
+
+       reply = ovs_vport_cmd_alloc_info();
+       if (!reply)
+               return -ENOMEM;
  
-       rtnl_lock();
+       ovs_lock();
         dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
         err = -ENODEV;
         if (!dp)
-               goto exit_unlock;
-
-       if (a[OVS_VPORT_ATTR_PORT_NO]) {
-               port_no = nla_get_u32(a[OVS_VPORT_ATTR_PORT_NO]);
-
-               err = -EFBIG;
-               if (port_no >= DP_MAX_PORTS)
-                       goto exit_unlock;
+               goto exit_unlock_free;
  
-               vport = ovs_vport_rtnl(dp, port_no);
+       if (port_no) {
+               vport = ovs_vport_ovsl(dp, port_no);
                 err = -EBUSY;
                 if (vport)
-                       goto exit_unlock;
+                       goto exit_unlock_free;
         } else {
                 for (port_no = 1; ; port_no++) {
                         if (port_no >= DP_MAX_PORTS) {
                                 err = -EFBIG;
-                               goto exit_unlock;
+                               goto exit_unlock_free;
                         }
-                       vport = ovs_vport_rtnl(dp, port_no);
+                       vport = ovs_vport_ovsl(dp, port_no);
                         if (!vport)
                                 break;
                 }
@@ -1954,30 +1792,28 @@ static int ovs_vport_cmd_new(struct sk_buff *skb, struct genl_info *info)
         parms.options = a[OVS_VPORT_ATTR_OPTIONS];
         parms.dp = dp;
         parms.port_no = port_no;
-       parms.upcall_portid = nla_get_u32(a[OVS_VPORT_ATTR_UPCALL_PID]);
+       parms.upcall_portids = a[OVS_VPORT_ATTR_UPCALL_PID];
  
         vport = new_vport(&parms);
         err = PTR_ERR(vport);
         if (IS_ERR(vport))
-               goto exit_unlock;
+               goto exit_unlock_free;
  
         err = 0;
         if (a[OVS_VPORT_ATTR_STATS])
                 ovs_vport_set_stats(vport, nla_data(a[OVS_VPORT_ATTR_STATS]));
  
-       reply = ovs_vport_cmd_build_info(vport, info->snd_portid, info->snd_seq,
-                                        OVS_VPORT_CMD_NEW);
-       if (IS_ERR(reply)) {
-               err = PTR_ERR(reply);
-               ovs_dp_detach_port(vport);
-               goto exit_unlock;
-       }
-       genl_notify(reply, genl_info_net(info), info->snd_portid,
-                   ovs_dp_vport_multicast_group.id, info->nlhdr, GFP_KERNEL);
+       err = ovs_vport_cmd_fill_info(vport, reply, info->snd_portid,
+                                     info->snd_seq, 0, OVS_VPORT_CMD_NEW);
+       BUG_ON(err < 0);
+       ovs_unlock();
  
-exit_unlock:
-       rtnl_unlock();
-exit:
+       ovs_notify(&dp_vport_genl_family, &ovs_dp_vport_multicast_group, reply, info);
+       return 0;
+
+exit_unlock_free:
+       ovs_unlock();
+       kfree_skb(reply);
         return err;
  }
  
@@ -1988,53 +1824,50 @@ static int ovs_vport_cmd_set(struct sk_buff *skb, struct genl_info *info)
         struct vport *vport;
         int err;
  
-       err = ovs_vport_cmd_validate(a);
-       if (err)
-               goto exit;
+       reply = ovs_vport_cmd_alloc_info();
+       if (!reply)
+               return -ENOMEM;
  
-       rtnl_lock();
+       ovs_lock();
         vport = lookup_vport(sock_net(skb->sk), info->userhdr, a);
         err = PTR_ERR(vport);
         if (IS_ERR(vport))
-               goto exit_unlock;
+               goto exit_unlock_free;
  
-       err = 0;
         if (a[OVS_VPORT_ATTR_TYPE] &&
-           nla_get_u32(a[OVS_VPORT_ATTR_TYPE]) != vport->ops->type)
+           nla_get_u32(a[OVS_VPORT_ATTR_TYPE]) != vport->ops->type) {
                 err = -EINVAL;
-
-       reply = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
-       if (!reply) {
-               err = -ENOMEM;
-               goto exit_unlock;
+               goto exit_unlock_free;
         }
  
-       if (!err && a[OVS_VPORT_ATTR_OPTIONS])
+       if (a[OVS_VPORT_ATTR_OPTIONS]) {
                 err = ovs_vport_set_options(vport, a[OVS_VPORT_ATTR_OPTIONS]);
-       if (err)
-               goto exit_free;
+               if (err)
+                       goto exit_unlock_free;
+       }
  
         if (a[OVS_VPORT_ATTR_STATS])
                 ovs_vport_set_stats(vport, nla_data(a[OVS_VPORT_ATTR_STATS]));
  
-       if (a[OVS_VPORT_ATTR_UPCALL_PID])
-               vport->upcall_portid = nla_get_u32(a[OVS_VPORT_ATTR_UPCALL_PID]);
+
+       if (a[OVS_VPORT_ATTR_UPCALL_PID]) {
+               err = ovs_vport_set_upcall_portids(vport,
+                                                  a[OVS_VPORT_ATTR_UPCALL_PID]);
+               if (err)
+                       goto exit_unlock_free;
+       }
  
         err = ovs_vport_cmd_fill_info(vport, reply, info->snd_portid,
                                       info->snd_seq, 0, OVS_VPORT_CMD_NEW);
         BUG_ON(err < 0);
+       ovs_unlock();
  
-       genl_notify(reply, genl_info_net(info), info->snd_portid,
-                   ovs_dp_vport_multicast_group.id, info->nlhdr, GFP_KERNEL);
-
-       rtnl_unlock();
+       ovs_notify(&dp_vport_genl_family, &ovs_dp_vport_multicast_group, reply, info);
         return 0;
  
-exit_free:
+exit_unlock_free:
+       ovs_unlock();
         kfree_skb(reply);
-exit_unlock:
-       rtnl_unlock();
-exit:
         return err;
  }
  
@@ -2045,36 +1878,33 @@ static int ovs_vport_cmd_del(struct sk_buff *skb, struct genl_info *info)
         struct vport *vport;
         int err;
  
-       err = ovs_vport_cmd_validate(a);
-       if (err)
-               goto exit;
+       reply = ovs_vport_cmd_alloc_info();
+       if (!reply)
+               return -ENOMEM;
  
-       rtnl_lock();
+       ovs_lock();
         vport = lookup_vport(sock_net(skb->sk), info->userhdr, a);
         err = PTR_ERR(vport);
         if (IS_ERR(vport))
-               goto exit_unlock;
+               goto exit_unlock_free;
  
         if (vport->port_no == OVSP_LOCAL) {
                 err = -EINVAL;
-               goto exit_unlock;
+               goto exit_unlock_free;
         }
  
-       reply = ovs_vport_cmd_build_info(vport, info->snd_portid,
-                                        info->snd_seq, OVS_VPORT_CMD_DEL);
-       err = PTR_ERR(reply);
-       if (IS_ERR(reply))
-               goto exit_unlock;
-
-       err = 0;
+       err = ovs_vport_cmd_fill_info(vport, reply, info->snd_portid,
+                                     info->snd_seq, 0, OVS_VPORT_CMD_DEL);
+       BUG_ON(err < 0);
         ovs_dp_detach_port(vport);
+       ovs_unlock();
  
-       genl_notify(reply, genl_info_net(info), info->snd_portid,
-                   ovs_dp_vport_multicast_group.id, info->nlhdr, GFP_KERNEL);
+       ovs_notify(&dp_vport_genl_family, &ovs_dp_vport_multicast_group, reply, info);
+       return 0;
  
-exit_unlock:
-       rtnl_unlock();
-exit:
+exit_unlock_free:
+       ovs_unlock();
+       kfree_skb(reply);
         return err;
  }
  
@@ -2086,29 +1916,25 @@ static int ovs_vport_cmd_get(struct sk_buff *skb, struct genl_info *info)
         struct vport *vport;
         int err;
  
-       err = ovs_vport_cmd_validate(a);
-       if (err)
-               goto exit;
+       reply = ovs_vport_cmd_alloc_info();
+       if (!reply)
+               return -ENOMEM;
  
         rcu_read_lock();
         vport = lookup_vport(sock_net(skb->sk), ovs_header, a);
         err = PTR_ERR(vport);
         if (IS_ERR(vport))
-               goto exit_unlock;
-
-       reply = ovs_vport_cmd_build_info(vport, info->snd_portid,
-                                        info->snd_seq, OVS_VPORT_CMD_NEW);
-       err = PTR_ERR(reply);
-       if (IS_ERR(reply))
-               goto exit_unlock;
-
+               goto exit_unlock_free;
+       err = ovs_vport_cmd_fill_info(vport, reply, info->snd_portid,
+                                     info->snd_seq, 0, OVS_VPORT_CMD_NEW);
+       BUG_ON(err < 0);
         rcu_read_unlock();
  
         return genlmsg_reply(reply, info);
  
-exit_unlock:
+exit_unlock_free:
         rcu_read_unlock();
-exit:
+       kfree_skb(reply);
         return err;
  }
  
@@ -2119,11 +1945,12 @@ static int ovs_vport_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
         int bucket = cb->args[0], skip = cb->args[1];
         int i, j = 0;
  
+       rcu_read_lock();
         dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
-       if (!dp)
+       if (!dp) {
+               rcu_read_unlock();
                 return -ENODEV;
-
-       rcu_read_lock();
+       }
         for (i = bucket; i < DP_VPORT_HASH_BUCKETS; i++) {
                 struct vport *vport;
  
@@ -2150,6 +1977,15 @@ out:
         return skb->len;
  }
  
+static const struct nla_policy vport_policy[OVS_VPORT_ATTR_MAX + 1] = {
+       [OVS_VPORT_ATTR_NAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
+       [OVS_VPORT_ATTR_STATS] = { .len = sizeof(struct ovs_vport_stats) },
+       [OVS_VPORT_ATTR_PORT_NO] = { .type = NLA_U32 },
+       [OVS_VPORT_ATTR_TYPE] = { .type = NLA_U32 },
+       [OVS_VPORT_ATTR_UPCALL_PID] = { .type = NLA_U32 },
+       [OVS_VPORT_ATTR_OPTIONS] = { .type = NLA_NESTED },
+};
+
  static struct genl_ops dp_vport_genl_ops[] = {
         { .cmd = OVS_VPORT_CMD_NEW,
           .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
@@ -2174,26 +2010,25 @@ static struct genl_ops dp_vport_genl_ops[] = {
         },
  };
  
-struct genl_family_and_ops {
-       struct genl_family *family;
-       struct genl_ops *ops;
-       int n_ops;
-       struct genl_multicast_group *group;
+struct genl_family dp_vport_genl_family = {
+       .id = GENL_ID_GENERATE,
+       .hdrsize = sizeof(struct ovs_header),
+       .name = OVS_VPORT_FAMILY,
+       .version = OVS_VPORT_VERSION,
+       .maxattr = OVS_VPORT_ATTR_MAX,
+       .netnsok = true,
+       .parallel_ops = true,
+       .ops = dp_vport_genl_ops,
+       .n_ops = ARRAY_SIZE(dp_vport_genl_ops),
+       .mcgrps = &ovs_dp_vport_multicast_group,
+       .n_mcgrps = 1,
  };
  
-static const struct genl_family_and_ops dp_genl_families[] = {
-       { &dp_datapath_genl_family,
-         dp_datapath_genl_ops, ARRAY_SIZE(dp_datapath_genl_ops),
-         &ovs_dp_datapath_multicast_group },
-       { &dp_vport_genl_family,
-         dp_vport_genl_ops, ARRAY_SIZE(dp_vport_genl_ops),
-         &ovs_dp_vport_multicast_group },
-       { &dp_flow_genl_family,
-         dp_flow_genl_ops, ARRAY_SIZE(dp_flow_genl_ops),
-         &ovs_dp_flow_multicast_group },
-       { &dp_packet_genl_family,
-         dp_packet_genl_ops, ARRAY_SIZE(dp_packet_genl_ops),
-         NULL },
+static struct genl_family *dp_genl_families[] = {
+       &dp_datapath_genl_family,
+       &dp_vport_genl_family,
+       &dp_flow_genl_family,
+       &dp_packet_genl_family,
  };
  
  static void dp_unregister_genl(int n_families)
@@ -2201,93 +2036,48 @@ static void dp_unregister_genl(int n_families)
         int i;
  
         for (i = 0; i < n_families; i++)
-               genl_unregister_family(dp_genl_families[i].family);
+               genl_unregister_family(dp_genl_families[i]);
  }
  
  static int dp_register_genl(void)
  {
-       int n_registered;
         int err;
         int i;
  
-       n_registered = 0;
         for (i = 0; i < ARRAY_SIZE(dp_genl_families); i++) {
-               const struct genl_family_and_ops *f = &dp_genl_families[i];
  
-               err = genl_register_family_with_ops(f->family, f->ops,
-                                                   f->n_ops);
+               err = genl_register_family(dp_genl_families[i]);
                 if (err)
                         goto error;
-               n_registered++;
-
-               if (f->group) {
-                       err = genl_register_mc_group(f->family, f->group);
-                       if (err)
-                               goto error;
-               }
         }
  
         return 0;
  
  error:
-       dp_unregister_genl(n_registered);
+       dp_unregister_genl(i);
         return err;
  }
  
-static int __rehash_flow_table(void *dummy)
-{
-       struct datapath *dp;
-       struct net *net;
-
-       rtnl_lock();
-       for_each_net(net) {
-               struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
-
-               list_for_each_entry(dp, &ovs_net->dps, list_node) {
-                       struct flow_table *old_table = genl_dereference(dp->table);
-                       struct flow_table *new_table;
-
-                       new_table = ovs_flow_tbl_rehash(old_table);
-                       if (!IS_ERR(new_table)) {
-                               rcu_assign_pointer(dp->table, new_table);
-                               ovs_flow_tbl_deferred_destroy(old_table);
-                       }
-               }
-       }
-       rtnl_unlock();
-       return 0;
-}
-
-static void rehash_flow_table(struct work_struct *work)
-{
-       genl_exec(__rehash_flow_table, NULL);
-       schedule_delayed_work(&rehash_flow_wq, REHASH_FLOW_INTERVAL);
-}
-
-static int dp_destroy_all(void *data)
-{
-       struct datapath *dp, *dp_next;
-       struct ovs_net *ovs_net = data;
-
-       list_for_each_entry_safe(dp, dp_next, &ovs_net->dps, list_node)
-               __dp_destroy(dp);
-
-       return 0;
-}
-
  static int __net_init ovs_init_net(struct net *net)
  {
         struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
  
         INIT_LIST_HEAD(&ovs_net->dps);
+       INIT_WORK(&ovs_net->dp_notify_work, ovs_dp_notify_wq);
         return 0;
  }
  
  static void __net_exit ovs_exit_net(struct net *net)
  {
+       struct datapath *dp, *dp_next;
         struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
  
-       genl_exec(dp_destroy_all, ovs_net);
+       ovs_lock();
+       list_for_each_entry_safe(dp, dp_next, &ovs_net->dps, list_node)
+               __dp_destroy(dp);
+       ovs_unlock();
+
+       cancel_work_sync(&ovs_net->dp_notify_work);
  }
  
  static struct pernet_operations ovs_net_ops = {
@@ -2297,6 +2087,8 @@ static struct pernet_operations ovs_net_ops = {
         .size = sizeof(struct ovs_net),
  };
  
+DEFINE_COMPAT_PNET_REG_FUNC(device);
+
  static int __init dp_init(void)
  {
         int err;
@@ -2306,17 +2098,9 @@ static int __init dp_init(void)
         pr_info("Open vSwitch switching datapath %s, built "__DATE__" "__TIME__"\n",
                 VERSION);
  
-       err = genl_exec_init();
-       if (err)
-               goto error;
-
-       err = ovs_workqueues_init();
-       if (err)
-               goto error_genl_exec;
-
         err = ovs_flow_init();
         if (err)
-               goto error_wq;
+               goto error;
  
         err = ovs_vport_init();
         if (err)
@@ -2334,8 +2118,6 @@ static int __init dp_init(void)
         if (err < 0)
                 goto error_unreg_notifier;
  
-       schedule_delayed_work(&rehash_flow_wq, REHASH_FLOW_INTERVAL);
-
         return 0;
  
  error_unreg_notifier:
@@ -2346,25 +2128,18 @@ error_vport_exit:
         ovs_vport_exit();
  error_flow_exit:
         ovs_flow_exit();
-error_wq:
-       ovs_workqueues_exit();
-error_genl_exec:
-       genl_exec_exit();
  error:
         return err;
  }
  
  static void dp_cleanup(void)
  {
-       cancel_delayed_work_sync(&rehash_flow_wq);
         dp_unregister_genl(ARRAY_SIZE(dp_genl_families));
         unregister_netdevice_notifier(&ovs_dp_device_notifier);
         unregister_pernet_device(&ovs_net_ops);
         rcu_barrier();
         ovs_vport_exit();
         ovs_flow_exit();
-       ovs_workqueues_exit();
-       genl_exec_exit();
  }
  
  module_init(dp_init);