From: Simon Horman <horms@verge.net.au>
Date: Wed, 20 Mar 2013 13:18:42 +0000 (+0900)
Subject: mpls: Allow l3 and l4 actions to prior to a push_mpls action
X-Git-Tag: sliver-openvswitch-1.10.90-1~10^2~46
X-Git-Url: http://git.onelab.eu/?p=sliver-openvswitch.git;a=commitdiff_plain;h=1b035ef20084e14b90537fb3873af99f45d40e34

mpls: Allow l3 and l4 actions to prior to a push_mpls action

* Update the order in which actions are committed and thus
  appear in the datapath such that MPLS actions appear after
  l3 and l4 (nw and port) actions.

  In the case where an mpls_push action is present it should ensure
  that l3 and l4 actions occur first, which seems logical as
  once a mpls_push has occur the frame will be MPLS rather
  than IPv4 or IPv6.

  In the case where there is an mpls_pop action is present this should
  not make any difference as the frame will have been MPLS to start with
  and thus not satisfy the pre-requisites for  l3 or l4 actions.

* Update commit_set_nw_action() to use the base ethertype when considering
  eligibility to commit l3 (nw) actions. This allows l3 actions to be
  applied so long as the frame was originally IPv4 or IPv6, even if
  an mpls_push action will be applied and thus flow indicates the
  frame will be MPLS.

* Make actions that may modify port or network information conditional on
  the flow's ethernet type being an IP ethernet type. This is to ensure
  that actions that modify network and port information do not occur
  on non IP packets, for example if an mpls_push action has changed a
  packet from IP to MPLS.

  Note that modification of network data is already prevented by
  virtue of commit_set_nw_action() only having cases for when the
  ethernet type of the flow is  IPV4 or IPV6. The conditionality
  of network actions on the ethernet type has been added to
  do_xlate_actions() to make it explicit.

* Add a check to commit_set_port_action() to ensure that the base
  flow is IP. This protects against the case where move_reg is used
  to change transport ports after an MPLS header is pushed.

Signed-off-by: Simon Horman <horms@verge.net.au>
[jesse: Add check for an IP protocol when committing L4 actions.]
Signed-off-by: Jesse Gross <jesse@nicira.com>
---

diff --git a/lib/odp-util.c b/lib/odp-util.c
index 54e5b1287..f9e9321ba 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -2323,9 +2323,9 @@ commit_set_nw_action(const struct flow *flow, struct flow *base,
         return;
     }
 
-    if (flow->dl_type == htons(ETH_TYPE_IP)) {
+    if (base->dl_type == htons(ETH_TYPE_IP)) {
         commit_set_ipv4_action(flow, base, odp_actions);
-    } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
+    } else if (base->dl_type == htons(ETH_TYPE_IPV6)) {
         commit_set_ipv6_action(flow, base, odp_actions);
     }
 }
@@ -2334,7 +2334,7 @@ static void
 commit_set_port_action(const struct flow *flow, struct flow *base,
                        struct ofpbuf *odp_actions)
 {
-    if (!base->tp_src && !base->tp_dst) {
+    if (!is_ip_any(base) || (!base->tp_src && !base->tp_dst)) {
         return;
     }
 
@@ -2398,9 +2398,13 @@ commit_odp_actions(const struct flow *flow, struct flow *base,
 {
     commit_set_ether_addr_action(flow, base, odp_actions);
     commit_vlan_action(flow, base, odp_actions);
-    commit_mpls_action(flow, base, odp_actions);
     commit_set_nw_action(flow, base, odp_actions);
     commit_set_port_action(flow, base, odp_actions);
+    /* Commiting MPLS actions should occur after committing nw and port
+     * actions. This is because committing MPLS actions may alter a packet so
+     * that it is no longer IP and thus nw and port actions are no longer valid.
+     */
+    commit_mpls_action(flow, base, odp_actions);
     commit_set_priority_action(flow, base, odp_actions);
     commit_set_skb_mark_action(flow, base, odp_actions);
 }
diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index d1b9f349f..6e9023a10 100644
--- a/ofproto/ofproto-dpif.c
+++ b/ofproto/ofproto-dpif.c
@@ -6450,11 +6450,15 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len,
             break;
 
         case OFPACT_SET_IPV4_SRC:
-            ctx->flow.nw_src = ofpact_get_SET_IPV4_SRC(a)->ipv4;
+            if (ctx->flow.dl_type == htons(ETH_TYPE_IP)) {
+                ctx->flow.nw_src = ofpact_get_SET_IPV4_SRC(a)->ipv4;
+            }
             break;
 
         case OFPACT_SET_IPV4_DST:
-            ctx->flow.nw_dst = ofpact_get_SET_IPV4_DST(a)->ipv4;
+            if (ctx->flow.dl_type == htons(ETH_TYPE_IP)) {
+                ctx->flow.nw_dst = ofpact_get_SET_IPV4_DST(a)->ipv4;
+            }
             break;
 
         case OFPACT_SET_IPV4_DSCP:
@@ -6466,11 +6470,15 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len,
             break;
 
         case OFPACT_SET_L4_SRC_PORT:
-            ctx->flow.tp_src = htons(ofpact_get_SET_L4_SRC_PORT(a)->port);
+            if (is_ip_any(&ctx->flow)) {
+                ctx->flow.tp_src = htons(ofpact_get_SET_L4_SRC_PORT(a)->port);
+            }
             break;
 
         case OFPACT_SET_L4_DST_PORT:
-            ctx->flow.tp_dst = htons(ofpact_get_SET_L4_DST_PORT(a)->port);
+            if (is_ip_any(&ctx->flow)) {
+                ctx->flow.tp_dst = htons(ofpact_get_SET_L4_DST_PORT(a)->port);
+            }
             break;
 
         case OFPACT_RESUBMIT: