From 09a0d2e7c5d080343a304b79697829a53d69db3d Mon Sep 17 00:00:00 2001
From: Ansis Atteka <aatteka@nicira.com>
Date: Wed, 13 Feb 2013 16:48:46 -0800
Subject: [PATCH] tunnel: set skb mark for IPsec tunnel packets

The new ovs-monitor-ipsec implementation will use skb marks in
IPsec policies. This patch will configure datapath to use these
skb marks for IPsec tunnel packets.

Issue: 14870
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
---
 lib/odp-util.c         | 11 +++++++++--
 lib/odp-util.h         |  2 ++
 ofproto/ofproto-dpif.c |  1 +
 ofproto/tunnel.c       |  9 ++++++++-
 4 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/lib/odp-util.c b/lib/odp-util.c
index 54a240873..7bc1f6c9a 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -2183,6 +2183,14 @@ commit_set_action(struct ofpbuf *odp_actions, enum ovs_key_attr key_type,
     nl_msg_end_nested(odp_actions, offset);
 }
 
+void
+odp_put_skb_mark_action(const uint32_t skb_mark,
+                        struct ofpbuf *odp_actions)
+{
+    commit_set_action(odp_actions, OVS_KEY_ATTR_SKB_MARK, &skb_mark,
+                      sizeof(skb_mark));
+}
+
 /* If any of the flow key data that ODP actions can modify are different in
  * 'base->tunnel' and 'flow->tunnel', appends a set_tunnel ODP action to
  * 'odp_actions' that change the flow tunneling information in key from
@@ -2423,8 +2431,7 @@ commit_set_skb_mark_action(const struct flow *flow, struct flow *base,
     }
     base->skb_mark = flow->skb_mark;
 
-    commit_set_action(odp_actions, OVS_KEY_ATTR_SKB_MARK,
-                      &base->skb_mark, sizeof(base->skb_mark));
+    odp_put_skb_mark_action(base->skb_mark, odp_actions);
 }
 /* If any of the flow key data that ODP actions can modify are different in
  * 'base' and 'flow', appends ODP actions to 'odp_actions' that change the flow
diff --git a/lib/odp-util.h b/lib/odp-util.h
index 62401fc56..1b13e6403 100644
--- a/lib/odp-util.h
+++ b/lib/odp-util.h
@@ -156,6 +156,8 @@ size_t odp_put_userspace_action(uint32_t pid,
                                 struct ofpbuf *odp_actions);
 void odp_put_tunnel_action(const struct flow_tnl *tunnel,
                            struct ofpbuf *odp_actions);
+void odp_put_skb_mark_action(const uint32_t skb_mark,
+                             struct ofpbuf *odp_actions);
 
 /* Reasons why a subfacet might not be fast-pathable. */
 enum slow_path_reason {
diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index 2078685d9..f54f9ffda 100644
--- a/ofproto/ofproto-dpif.c
+++ b/ofproto/ofproto-dpif.c
@@ -5525,6 +5525,7 @@ send_packet(const struct ofport_dpif *ofport, struct ofpbuf *packet)
         dpif_flow_stats_extract(&flow, packet, time_msec(), &stats);
         netdev_vport_inc_tx(ofport->up.netdev, &stats);
         odp_put_tunnel_action(&flow.tunnel, &odp_actions);
+        odp_put_skb_mark_action(flow.skb_mark, &odp_actions);
     } else {
         odp_port = vsp_realdev_to_vlandev(ofproto, ofport->odp_port,
                                           flow.vlan_tci);
diff --git a/ofproto/tunnel.c b/ofproto/tunnel.c
index 5a4607e73..7d45930b3 100644
--- a/ofproto/tunnel.c
+++ b/ofproto/tunnel.c
@@ -34,18 +34,21 @@
  *
  * Ability to generate actions on input for ECN
  * Ability to generate metadata for packet-outs
- * IPsec using skb mark.
  * VXLAN.
  * Multicast group management (possibly).
  * Disallow netdevs with names like "gre64_system" to prevent collisions. */
 
 VLOG_DEFINE_THIS_MODULE(tunnel);
 
+/* skb mark used for IPsec tunnel packets */
+#define IPSEC_MARK 1
+
 struct tnl_match {
     ovs_be64 in_key;
     ovs_be32 ip_src;
     ovs_be32 ip_dst;
     uint32_t odp_port;
+    uint32_t skb_mark;
     bool in_key_flow;
 };
 
@@ -94,6 +97,7 @@ tnl_port_add__(const struct ofport *ofport, uint32_t odp_port,
     tnl_port->match.in_key = cfg->in_key;
     tnl_port->match.ip_src = cfg->ip_src;
     tnl_port->match.ip_dst = cfg->ip_dst;
+    tnl_port->match.skb_mark = cfg->ipsec ? IPSEC_MARK : 0;
     tnl_port->match.in_key_flow = cfg->in_key_flow;
     tnl_port->match.odp_port = odp_port;
 
@@ -183,6 +187,7 @@ tnl_port_receive(struct flow *flow)
     match.ip_src = flow->tunnel.ip_dst;
     match.ip_dst = flow->tunnel.ip_src;
     match.in_key = flow->tunnel.tun_id;
+    match.skb_mark = flow->skb_mark;
 
     tnl_port = tnl_find(&match);
     if (!tnl_port) {
@@ -248,6 +253,7 @@ tnl_port_send(const struct tnl_port *tnl_port, struct flow *flow)
 
     flow->tunnel.ip_src = tnl_port->match.ip_src;
     flow->tunnel.ip_dst = tnl_port->match.ip_dst;
+    flow->skb_mark = tnl_port->match.skb_mark;
 
     if (!cfg->out_key_flow) {
         flow->tunnel.tun_id = cfg->out_key;
@@ -393,6 +399,7 @@ tnl_match_fmt(const struct tnl_match *match, struct ds *ds)
     }
 
     ds_put_format(ds, ", dp port=%"PRIu32, match->odp_port);
+    ds_put_format(ds, ", skb mark=%"PRIu32, match->skb_mark);
 }
 
 static void
-- 
2.43.0