1
2
3
4
5
6#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
7
8#include "flow.h"
9#include "datapath.h"
10#include <linux/uaccess.h>
11#include <linux/netdevice.h>
12#include <linux/etherdevice.h>
13#include <linux/if_ether.h>
14#include <linux/if_vlan.h>
15#include <net/llc_pdu.h>
16#include <linux/kernel.h>
17#include <linux/jhash.h>
18#include <linux/jiffies.h>
19#include <linux/llc.h>
20#include <linux/module.h>
21#include <linux/in.h>
22#include <linux/rcupdate.h>
23#include <linux/if_arp.h>
24#include <linux/ip.h>
25#include <linux/ipv6.h>
26#include <linux/sctp.h>
27#include <linux/tcp.h>
28#include <linux/udp.h>
29#include <linux/icmp.h>
30#include <linux/icmpv6.h>
31#include <linux/rculist.h>
32#include <net/geneve.h>
33#include <net/ip.h>
34#include <net/ipv6.h>
35#include <net/ndisc.h>
36#include <net/mpls.h>
37#include <net/vxlan.h>
38#include <net/tun_proto.h>
39#include <net/erspan.h>
40
41#include "flow_netlink.h"
42
43struct ovs_len_tbl {
44 int len;
45 const struct ovs_len_tbl *next;
46};
47
48#define OVS_ATTR_NESTED -1
49#define OVS_ATTR_VARIABLE -2
50
51static bool actions_may_change_flow(const struct nlattr *actions)
52{
53 struct nlattr *nla;
54 int rem;
55
56 nla_for_each_nested(nla, actions, rem) {
57 u16 action = nla_type(nla);
58
59 switch (action) {
60 case OVS_ACTION_ATTR_OUTPUT:
61 case OVS_ACTION_ATTR_RECIRC:
62 case OVS_ACTION_ATTR_TRUNC:
63 case OVS_ACTION_ATTR_USERSPACE:
64 break;
65
66 case OVS_ACTION_ATTR_CT:
67 case OVS_ACTION_ATTR_CT_CLEAR:
68 case OVS_ACTION_ATTR_HASH:
69 case OVS_ACTION_ATTR_POP_ETH:
70 case OVS_ACTION_ATTR_POP_MPLS:
71 case OVS_ACTION_ATTR_POP_NSH:
72 case OVS_ACTION_ATTR_POP_VLAN:
73 case OVS_ACTION_ATTR_PUSH_ETH:
74 case OVS_ACTION_ATTR_PUSH_MPLS:
75 case OVS_ACTION_ATTR_PUSH_NSH:
76 case OVS_ACTION_ATTR_PUSH_VLAN:
77 case OVS_ACTION_ATTR_SAMPLE:
78 case OVS_ACTION_ATTR_SET:
79 case OVS_ACTION_ATTR_SET_MASKED:
80 case OVS_ACTION_ATTR_METER:
81 case OVS_ACTION_ATTR_CHECK_PKT_LEN:
82 default:
83 return true;
84 }
85 }
86 return false;
87}
88
89static void update_range(struct sw_flow_match *match,
90 size_t offset, size_t size, bool is_mask)
91{
92 struct sw_flow_key_range *range;
93 size_t start = rounddown(offset, sizeof(long));
94 size_t end = roundup(offset + size, sizeof(long));
95
96 if (!is_mask)
97 range = &match->range;
98 else
99 range = &match->mask->range;
100
101 if (range->start == range->end) {
102 range->start = start;
103 range->end = end;
104 return;
105 }
106
107 if (range->start > start)
108 range->start = start;
109
110 if (range->end < end)
111 range->end = end;
112}
113
114#define SW_FLOW_KEY_PUT(match, field, value, is_mask) \
115 do { \
116 update_range(match, offsetof(struct sw_flow_key, field), \
117 sizeof((match)->key->field), is_mask); \
118 if (is_mask) \
119 (match)->mask->key.field = value; \
120 else \
121 (match)->key->field = value; \
122 } while (0)
123
124#define SW_FLOW_KEY_MEMCPY_OFFSET(match, offset, value_p, len, is_mask) \
125 do { \
126 update_range(match, offset, len, is_mask); \
127 if (is_mask) \
128 memcpy((u8 *)&(match)->mask->key + offset, value_p, \
129 len); \
130 else \
131 memcpy((u8 *)(match)->key + offset, value_p, len); \
132 } while (0)
133
134#define SW_FLOW_KEY_MEMCPY(match, field, value_p, len, is_mask) \
135 SW_FLOW_KEY_MEMCPY_OFFSET(match, offsetof(struct sw_flow_key, field), \
136 value_p, len, is_mask)
137
138#define SW_FLOW_KEY_MEMSET_FIELD(match, field, value, is_mask) \
139 do { \
140 update_range(match, offsetof(struct sw_flow_key, field), \
141 sizeof((match)->key->field), is_mask); \
142 if (is_mask) \
143 memset((u8 *)&(match)->mask->key.field, value, \
144 sizeof((match)->mask->key.field)); \
145 else \
146 memset((u8 *)&(match)->key->field, value, \
147 sizeof((match)->key->field)); \
148 } while (0)
149
150static bool match_validate(const struct sw_flow_match *match,
151 u64 key_attrs, u64 mask_attrs, bool log)
152{
153 u64 key_expected = 0;
154 u64 mask_allowed = key_attrs;
155
156
157
158 mask_allowed &= ~((1 << OVS_KEY_ATTR_IPV4)
159 | (1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4)
160 | (1 << OVS_KEY_ATTR_IPV6)
161 | (1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6)
162 | (1 << OVS_KEY_ATTR_TCP)
163 | (1 << OVS_KEY_ATTR_TCP_FLAGS)
164 | (1 << OVS_KEY_ATTR_UDP)
165 | (1 << OVS_KEY_ATTR_SCTP)
166 | (1 << OVS_KEY_ATTR_ICMP)
167 | (1 << OVS_KEY_ATTR_ICMPV6)
168 | (1 << OVS_KEY_ATTR_ARP)
169 | (1 << OVS_KEY_ATTR_ND)
170 | (1 << OVS_KEY_ATTR_MPLS)
171 | (1 << OVS_KEY_ATTR_NSH));
172
173
174 mask_allowed |= ((1 << OVS_KEY_ATTR_TUNNEL)
175 | (1 << OVS_KEY_ATTR_IN_PORT)
176 | (1 << OVS_KEY_ATTR_ETHERTYPE));
177
178
179 if (match->key->eth.type == htons(ETH_P_ARP)
180 || match->key->eth.type == htons(ETH_P_RARP)) {
181 key_expected |= 1 << OVS_KEY_ATTR_ARP;
182 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
183 mask_allowed |= 1 << OVS_KEY_ATTR_ARP;
184 }
185
186 if (eth_p_mpls(match->key->eth.type)) {
187 key_expected |= 1 << OVS_KEY_ATTR_MPLS;
188 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
189 mask_allowed |= 1 << OVS_KEY_ATTR_MPLS;
190 }
191
192 if (match->key->eth.type == htons(ETH_P_IP)) {
193 key_expected |= 1 << OVS_KEY_ATTR_IPV4;
194 if (match->mask && match->mask->key.eth.type == htons(0xffff)) {
195 mask_allowed |= 1 << OVS_KEY_ATTR_IPV4;
196 mask_allowed |= 1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4;
197 }
198
199 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) {
200 if (match->key->ip.proto == IPPROTO_UDP) {
201 key_expected |= 1 << OVS_KEY_ATTR_UDP;
202 if (match->mask && (match->mask->key.ip.proto == 0xff))
203 mask_allowed |= 1 << OVS_KEY_ATTR_UDP;
204 }
205
206 if (match->key->ip.proto == IPPROTO_SCTP) {
207 key_expected |= 1 << OVS_KEY_ATTR_SCTP;
208 if (match->mask && (match->mask->key.ip.proto == 0xff))
209 mask_allowed |= 1 << OVS_KEY_ATTR_SCTP;
210 }
211
212 if (match->key->ip.proto == IPPROTO_TCP) {
213 key_expected |= 1 << OVS_KEY_ATTR_TCP;
214 key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
215 if (match->mask && (match->mask->key.ip.proto == 0xff)) {
216 mask_allowed |= 1 << OVS_KEY_ATTR_TCP;
217 mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
218 }
219 }
220
221 if (match->key->ip.proto == IPPROTO_ICMP) {
222 key_expected |= 1 << OVS_KEY_ATTR_ICMP;
223 if (match->mask && (match->mask->key.ip.proto == 0xff))
224 mask_allowed |= 1 << OVS_KEY_ATTR_ICMP;
225 }
226 }
227 }
228
229 if (match->key->eth.type == htons(ETH_P_IPV6)) {
230 key_expected |= 1 << OVS_KEY_ATTR_IPV6;
231 if (match->mask && match->mask->key.eth.type == htons(0xffff)) {
232 mask_allowed |= 1 << OVS_KEY_ATTR_IPV6;
233 mask_allowed |= 1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6;
234 }
235
236 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) {
237 if (match->key->ip.proto == IPPROTO_UDP) {
238 key_expected |= 1 << OVS_KEY_ATTR_UDP;
239 if (match->mask && (match->mask->key.ip.proto == 0xff))
240 mask_allowed |= 1 << OVS_KEY_ATTR_UDP;
241 }
242
243 if (match->key->ip.proto == IPPROTO_SCTP) {
244 key_expected |= 1 << OVS_KEY_ATTR_SCTP;
245 if (match->mask && (match->mask->key.ip.proto == 0xff))
246 mask_allowed |= 1 << OVS_KEY_ATTR_SCTP;
247 }
248
249 if (match->key->ip.proto == IPPROTO_TCP) {
250 key_expected |= 1 << OVS_KEY_ATTR_TCP;
251 key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
252 if (match->mask && (match->mask->key.ip.proto == 0xff)) {
253 mask_allowed |= 1 << OVS_KEY_ATTR_TCP;
254 mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
255 }
256 }
257
258 if (match->key->ip.proto == IPPROTO_ICMPV6) {
259 key_expected |= 1 << OVS_KEY_ATTR_ICMPV6;
260 if (match->mask && (match->mask->key.ip.proto == 0xff))
261 mask_allowed |= 1 << OVS_KEY_ATTR_ICMPV6;
262
263 if (match->key->tp.src ==
264 htons(NDISC_NEIGHBOUR_SOLICITATION) ||
265 match->key->tp.src == htons(NDISC_NEIGHBOUR_ADVERTISEMENT)) {
266 key_expected |= 1 << OVS_KEY_ATTR_ND;
267
268
269
270
271
272 mask_allowed &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6);
273 if (match->mask && (match->mask->key.tp.src == htons(0xff)))
274 mask_allowed |= 1 << OVS_KEY_ATTR_ND;
275 }
276 }
277 }
278 }
279
280 if (match->key->eth.type == htons(ETH_P_NSH)) {
281 key_expected |= 1 << OVS_KEY_ATTR_NSH;
282 if (match->mask &&
283 match->mask->key.eth.type == htons(0xffff)) {
284 mask_allowed |= 1 << OVS_KEY_ATTR_NSH;
285 }
286 }
287
288 if ((key_attrs & key_expected) != key_expected) {
289
290 OVS_NLERR(log, "Missing key (keys=%llx, expected=%llx)",
291 (unsigned long long)key_attrs,
292 (unsigned long long)key_expected);
293 return false;
294 }
295
296 if ((mask_attrs & mask_allowed) != mask_attrs) {
297
298 OVS_NLERR(log, "Unexpected mask (mask=%llx, allowed=%llx)",
299 (unsigned long long)mask_attrs,
300 (unsigned long long)mask_allowed);
301 return false;
302 }
303
304 return true;
305}
306
307size_t ovs_tun_key_attr_size(void)
308{
309
310
311
312 return nla_total_size_64bit(8)
313 + nla_total_size(16)
314 + nla_total_size(16)
315 + nla_total_size(1)
316 + nla_total_size(1)
317 + nla_total_size(0)
318 + nla_total_size(0)
319 + nla_total_size(0)
320 + nla_total_size(256)
321
322
323
324
325 + nla_total_size(2)
326 + nla_total_size(2);
327}
328
329static size_t ovs_nsh_key_attr_size(void)
330{
331
332
333
334 return nla_total_size(NSH_BASE_HDR_LEN)
335
336
337
338
339 + nla_total_size(NSH_CTX_HDRS_MAX_LEN);
340}
341
342size_t ovs_key_attr_size(void)
343{
344
345
346
347 BUILD_BUG_ON(OVS_KEY_ATTR_TUNNEL_INFO != 29);
348
349 return nla_total_size(4)
350 + nla_total_size(0)
351 + ovs_tun_key_attr_size()
352 + nla_total_size(4)
353 + nla_total_size(4)
354 + nla_total_size(4)
355 + nla_total_size(4)
356 + nla_total_size(4)
357 + nla_total_size(2)
358 + nla_total_size(4)
359 + nla_total_size(16)
360 + nla_total_size(40)
361 + nla_total_size(0)
362 + ovs_nsh_key_attr_size()
363 + nla_total_size(12)
364 + nla_total_size(2)
365 + nla_total_size(4)
366 + nla_total_size(0)
367 + nla_total_size(2)
368 + nla_total_size(40)
369 + nla_total_size(2)
370 + nla_total_size(28);
371}
372
373static const struct ovs_len_tbl ovs_vxlan_ext_key_lens[OVS_VXLAN_EXT_MAX + 1] = {
374 [OVS_VXLAN_EXT_GBP] = { .len = sizeof(u32) },
375};
376
377static const struct ovs_len_tbl ovs_tunnel_key_lens[OVS_TUNNEL_KEY_ATTR_MAX + 1] = {
378 [OVS_TUNNEL_KEY_ATTR_ID] = { .len = sizeof(u64) },
379 [OVS_TUNNEL_KEY_ATTR_IPV4_SRC] = { .len = sizeof(u32) },
380 [OVS_TUNNEL_KEY_ATTR_IPV4_DST] = { .len = sizeof(u32) },
381 [OVS_TUNNEL_KEY_ATTR_TOS] = { .len = 1 },
382 [OVS_TUNNEL_KEY_ATTR_TTL] = { .len = 1 },
383 [OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT] = { .len = 0 },
384 [OVS_TUNNEL_KEY_ATTR_CSUM] = { .len = 0 },
385 [OVS_TUNNEL_KEY_ATTR_TP_SRC] = { .len = sizeof(u16) },
386 [OVS_TUNNEL_KEY_ATTR_TP_DST] = { .len = sizeof(u16) },
387 [OVS_TUNNEL_KEY_ATTR_OAM] = { .len = 0 },
388 [OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS] = { .len = OVS_ATTR_VARIABLE },
389 [OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS] = { .len = OVS_ATTR_NESTED,
390 .next = ovs_vxlan_ext_key_lens },
391 [OVS_TUNNEL_KEY_ATTR_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
392 [OVS_TUNNEL_KEY_ATTR_IPV6_DST] = { .len = sizeof(struct in6_addr) },
393 [OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS] = { .len = OVS_ATTR_VARIABLE },
394 [OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE] = { .len = 0 },
395};
396
397static const struct ovs_len_tbl
398ovs_nsh_key_attr_lens[OVS_NSH_KEY_ATTR_MAX + 1] = {
399 [OVS_NSH_KEY_ATTR_BASE] = { .len = sizeof(struct ovs_nsh_key_base) },
400 [OVS_NSH_KEY_ATTR_MD1] = { .len = sizeof(struct ovs_nsh_key_md1) },
401 [OVS_NSH_KEY_ATTR_MD2] = { .len = OVS_ATTR_VARIABLE },
402};
403
404
405static const struct ovs_len_tbl ovs_key_lens[OVS_KEY_ATTR_MAX + 1] = {
406 [OVS_KEY_ATTR_ENCAP] = { .len = OVS_ATTR_NESTED },
407 [OVS_KEY_ATTR_PRIORITY] = { .len = sizeof(u32) },
408 [OVS_KEY_ATTR_IN_PORT] = { .len = sizeof(u32) },
409 [OVS_KEY_ATTR_SKB_MARK] = { .len = sizeof(u32) },
410 [OVS_KEY_ATTR_ETHERNET] = { .len = sizeof(struct ovs_key_ethernet) },
411 [OVS_KEY_ATTR_VLAN] = { .len = sizeof(__be16) },
412 [OVS_KEY_ATTR_ETHERTYPE] = { .len = sizeof(__be16) },
413 [OVS_KEY_ATTR_IPV4] = { .len = sizeof(struct ovs_key_ipv4) },
414 [OVS_KEY_ATTR_IPV6] = { .len = sizeof(struct ovs_key_ipv6) },
415 [OVS_KEY_ATTR_TCP] = { .len = sizeof(struct ovs_key_tcp) },
416 [OVS_KEY_ATTR_TCP_FLAGS] = { .len = sizeof(__be16) },
417 [OVS_KEY_ATTR_UDP] = { .len = sizeof(struct ovs_key_udp) },
418 [OVS_KEY_ATTR_SCTP] = { .len = sizeof(struct ovs_key_sctp) },
419 [OVS_KEY_ATTR_ICMP] = { .len = sizeof(struct ovs_key_icmp) },
420 [OVS_KEY_ATTR_ICMPV6] = { .len = sizeof(struct ovs_key_icmpv6) },
421 [OVS_KEY_ATTR_ARP] = { .len = sizeof(struct ovs_key_arp) },
422 [OVS_KEY_ATTR_ND] = { .len = sizeof(struct ovs_key_nd) },
423 [OVS_KEY_ATTR_RECIRC_ID] = { .len = sizeof(u32) },
424 [OVS_KEY_ATTR_DP_HASH] = { .len = sizeof(u32) },
425 [OVS_KEY_ATTR_TUNNEL] = { .len = OVS_ATTR_NESTED,
426 .next = ovs_tunnel_key_lens, },
427 [OVS_KEY_ATTR_MPLS] = { .len = sizeof(struct ovs_key_mpls) },
428 [OVS_KEY_ATTR_CT_STATE] = { .len = sizeof(u32) },
429 [OVS_KEY_ATTR_CT_ZONE] = { .len = sizeof(u16) },
430 [OVS_KEY_ATTR_CT_MARK] = { .len = sizeof(u32) },
431 [OVS_KEY_ATTR_CT_LABELS] = { .len = sizeof(struct ovs_key_ct_labels) },
432 [OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4] = {
433 .len = sizeof(struct ovs_key_ct_tuple_ipv4) },
434 [OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6] = {
435 .len = sizeof(struct ovs_key_ct_tuple_ipv6) },
436 [OVS_KEY_ATTR_NSH] = { .len = OVS_ATTR_NESTED,
437 .next = ovs_nsh_key_attr_lens, },
438};
439
440static bool check_attr_len(unsigned int attr_len, unsigned int expected_len)
441{
442 return expected_len == attr_len ||
443 expected_len == OVS_ATTR_NESTED ||
444 expected_len == OVS_ATTR_VARIABLE;
445}
446
447static bool is_all_zero(const u8 *fp, size_t size)
448{
449 int i;
450
451 if (!fp)
452 return false;
453
454 for (i = 0; i < size; i++)
455 if (fp[i])
456 return false;
457
458 return true;
459}
460
461static int __parse_flow_nlattrs(const struct nlattr *attr,
462 const struct nlattr *a[],
463 u64 *attrsp, bool log, bool nz)
464{
465 const struct nlattr *nla;
466 u64 attrs;
467 int rem;
468
469 attrs = *attrsp;
470 nla_for_each_nested(nla, attr, rem) {
471 u16 type = nla_type(nla);
472 int expected_len;
473
474 if (type > OVS_KEY_ATTR_MAX) {
475 OVS_NLERR(log, "Key type %d is out of range max %d",
476 type, OVS_KEY_ATTR_MAX);
477 return -EINVAL;
478 }
479
480 if (attrs & (1 << type)) {
481 OVS_NLERR(log, "Duplicate key (type %d).", type);
482 return -EINVAL;
483 }
484
485 expected_len = ovs_key_lens[type].len;
486 if (!check_attr_len(nla_len(nla), expected_len)) {
487 OVS_NLERR(log, "Key %d has unexpected len %d expected %d",
488 type, nla_len(nla), expected_len);
489 return -EINVAL;
490 }
491
492 if (!nz || !is_all_zero(nla_data(nla), nla_len(nla))) {
493 attrs |= 1 << type;
494 a[type] = nla;
495 }
496 }
497 if (rem) {
498 OVS_NLERR(log, "Message has %d unknown bytes.", rem);
499 return -EINVAL;
500 }
501
502 *attrsp = attrs;
503 return 0;
504}
505
506static int parse_flow_mask_nlattrs(const struct nlattr *attr,
507 const struct nlattr *a[], u64 *attrsp,
508 bool log)
509{
510 return __parse_flow_nlattrs(attr, a, attrsp, log, true);
511}
512
513int parse_flow_nlattrs(const struct nlattr *attr, const struct nlattr *a[],
514 u64 *attrsp, bool log)
515{
516 return __parse_flow_nlattrs(attr, a, attrsp, log, false);
517}
518
519static int genev_tun_opt_from_nlattr(const struct nlattr *a,
520 struct sw_flow_match *match, bool is_mask,
521 bool log)
522{
523 unsigned long opt_key_offset;
524
525 if (nla_len(a) > sizeof(match->key->tun_opts)) {
526 OVS_NLERR(log, "Geneve option length err (len %d, max %zu).",
527 nla_len(a), sizeof(match->key->tun_opts));
528 return -EINVAL;
529 }
530
531 if (nla_len(a) % 4 != 0) {
532 OVS_NLERR(log, "Geneve opt len %d is not a multiple of 4.",
533 nla_len(a));
534 return -EINVAL;
535 }
536
537
538
539
540
541 if (!is_mask) {
542 SW_FLOW_KEY_PUT(match, tun_opts_len, nla_len(a),
543 false);
544 } else {
545
546
547
548
549
550
551
552
553
554
555 if (match->key->tun_opts_len != nla_len(a)) {
556 OVS_NLERR(log, "Geneve option len %d != mask len %d",
557 match->key->tun_opts_len, nla_len(a));
558 return -EINVAL;
559 }
560
561 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true);
562 }
563
564 opt_key_offset = TUN_METADATA_OFFSET(nla_len(a));
565 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, nla_data(a),
566 nla_len(a), is_mask);
567 return 0;
568}
569
570static int vxlan_tun_opt_from_nlattr(const struct nlattr *attr,
571 struct sw_flow_match *match, bool is_mask,
572 bool log)
573{
574 struct nlattr *a;
575 int rem;
576 unsigned long opt_key_offset;
577 struct vxlan_metadata opts;
578
579 BUILD_BUG_ON(sizeof(opts) > sizeof(match->key->tun_opts));
580
581 memset(&opts, 0, sizeof(opts));
582 nla_for_each_nested(a, attr, rem) {
583 int type = nla_type(a);
584
585 if (type > OVS_VXLAN_EXT_MAX) {
586 OVS_NLERR(log, "VXLAN extension %d out of range max %d",
587 type, OVS_VXLAN_EXT_MAX);
588 return -EINVAL;
589 }
590
591 if (!check_attr_len(nla_len(a),
592 ovs_vxlan_ext_key_lens[type].len)) {
593 OVS_NLERR(log, "VXLAN extension %d has unexpected len %d expected %d",
594 type, nla_len(a),
595 ovs_vxlan_ext_key_lens[type].len);
596 return -EINVAL;
597 }
598
599 switch (type) {
600 case OVS_VXLAN_EXT_GBP:
601 opts.gbp = nla_get_u32(a);
602 break;
603 default:
604 OVS_NLERR(log, "Unknown VXLAN extension attribute %d",
605 type);
606 return -EINVAL;
607 }
608 }
609 if (rem) {
610 OVS_NLERR(log, "VXLAN extension message has %d unknown bytes.",
611 rem);
612 return -EINVAL;
613 }
614
615 if (!is_mask)
616 SW_FLOW_KEY_PUT(match, tun_opts_len, sizeof(opts), false);
617 else
618 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true);
619
620 opt_key_offset = TUN_METADATA_OFFSET(sizeof(opts));
621 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, &opts, sizeof(opts),
622 is_mask);
623 return 0;
624}
625
626static int erspan_tun_opt_from_nlattr(const struct nlattr *a,
627 struct sw_flow_match *match, bool is_mask,
628 bool log)
629{
630 unsigned long opt_key_offset;
631
632 BUILD_BUG_ON(sizeof(struct erspan_metadata) >
633 sizeof(match->key->tun_opts));
634
635 if (nla_len(a) > sizeof(match->key->tun_opts)) {
636 OVS_NLERR(log, "ERSPAN option length err (len %d, max %zu).",
637 nla_len(a), sizeof(match->key->tun_opts));
638 return -EINVAL;
639 }
640
641 if (!is_mask)
642 SW_FLOW_KEY_PUT(match, tun_opts_len,
643 sizeof(struct erspan_metadata), false);
644 else
645 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true);
646
647 opt_key_offset = TUN_METADATA_OFFSET(nla_len(a));
648 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, nla_data(a),
649 nla_len(a), is_mask);
650 return 0;
651}
652
653static int ip_tun_from_nlattr(const struct nlattr *attr,
654 struct sw_flow_match *match, bool is_mask,
655 bool log)
656{
657 bool ttl = false, ipv4 = false, ipv6 = false;
658 bool info_bridge_mode = false;
659 __be16 tun_flags = 0;
660 int opts_type = 0;
661 struct nlattr *a;
662 int rem;
663
664 nla_for_each_nested(a, attr, rem) {
665 int type = nla_type(a);
666 int err;
667
668 if (type > OVS_TUNNEL_KEY_ATTR_MAX) {
669 OVS_NLERR(log, "Tunnel attr %d out of range max %d",
670 type, OVS_TUNNEL_KEY_ATTR_MAX);
671 return -EINVAL;
672 }
673
674 if (!check_attr_len(nla_len(a),
675 ovs_tunnel_key_lens[type].len)) {
676 OVS_NLERR(log, "Tunnel attr %d has unexpected len %d expected %d",
677 type, nla_len(a), ovs_tunnel_key_lens[type].len);
678 return -EINVAL;
679 }
680
681 switch (type) {
682 case OVS_TUNNEL_KEY_ATTR_ID:
683 SW_FLOW_KEY_PUT(match, tun_key.tun_id,
684 nla_get_be64(a), is_mask);
685 tun_flags |= TUNNEL_KEY;
686 break;
687 case OVS_TUNNEL_KEY_ATTR_IPV4_SRC:
688 SW_FLOW_KEY_PUT(match, tun_key.u.ipv4.src,
689 nla_get_in_addr(a), is_mask);
690 ipv4 = true;
691 break;
692 case OVS_TUNNEL_KEY_ATTR_IPV4_DST:
693 SW_FLOW_KEY_PUT(match, tun_key.u.ipv4.dst,
694 nla_get_in_addr(a), is_mask);
695 ipv4 = true;
696 break;
697 case OVS_TUNNEL_KEY_ATTR_IPV6_SRC:
698 SW_FLOW_KEY_PUT(match, tun_key.u.ipv6.src,
699 nla_get_in6_addr(a), is_mask);
700 ipv6 = true;
701 break;
702 case OVS_TUNNEL_KEY_ATTR_IPV6_DST:
703 SW_FLOW_KEY_PUT(match, tun_key.u.ipv6.dst,
704 nla_get_in6_addr(a), is_mask);
705 ipv6 = true;
706 break;
707 case OVS_TUNNEL_KEY_ATTR_TOS:
708 SW_FLOW_KEY_PUT(match, tun_key.tos,
709 nla_get_u8(a), is_mask);
710 break;
711 case OVS_TUNNEL_KEY_ATTR_TTL:
712 SW_FLOW_KEY_PUT(match, tun_key.ttl,
713 nla_get_u8(a), is_mask);
714 ttl = true;
715 break;
716 case OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT:
717 tun_flags |= TUNNEL_DONT_FRAGMENT;
718 break;
719 case OVS_TUNNEL_KEY_ATTR_CSUM:
720 tun_flags |= TUNNEL_CSUM;
721 break;
722 case OVS_TUNNEL_KEY_ATTR_TP_SRC:
723 SW_FLOW_KEY_PUT(match, tun_key.tp_src,
724 nla_get_be16(a), is_mask);
725 break;
726 case OVS_TUNNEL_KEY_ATTR_TP_DST:
727 SW_FLOW_KEY_PUT(match, tun_key.tp_dst,
728 nla_get_be16(a), is_mask);
729 break;
730 case OVS_TUNNEL_KEY_ATTR_OAM:
731 tun_flags |= TUNNEL_OAM;
732 break;
733 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS:
734 if (opts_type) {
735 OVS_NLERR(log, "Multiple metadata blocks provided");
736 return -EINVAL;
737 }
738
739 err = genev_tun_opt_from_nlattr(a, match, is_mask, log);
740 if (err)
741 return err;
742
743 tun_flags |= TUNNEL_GENEVE_OPT;
744 opts_type = type;
745 break;
746 case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS:
747 if (opts_type) {
748 OVS_NLERR(log, "Multiple metadata blocks provided");
749 return -EINVAL;
750 }
751
752 err = vxlan_tun_opt_from_nlattr(a, match, is_mask, log);
753 if (err)
754 return err;
755
756 tun_flags |= TUNNEL_VXLAN_OPT;
757 opts_type = type;
758 break;
759 case OVS_TUNNEL_KEY_ATTR_PAD:
760 break;
761 case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS:
762 if (opts_type) {
763 OVS_NLERR(log, "Multiple metadata blocks provided");
764 return -EINVAL;
765 }
766
767 err = erspan_tun_opt_from_nlattr(a, match, is_mask,
768 log);
769 if (err)
770 return err;
771
772 tun_flags |= TUNNEL_ERSPAN_OPT;
773 opts_type = type;
774 break;
775 case OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE:
776 info_bridge_mode = true;
777 ipv4 = true;
778 break;
779 default:
780 OVS_NLERR(log, "Unknown IP tunnel attribute %d",
781 type);
782 return -EINVAL;
783 }
784 }
785
786 SW_FLOW_KEY_PUT(match, tun_key.tun_flags, tun_flags, is_mask);
787 if (is_mask)
788 SW_FLOW_KEY_MEMSET_FIELD(match, tun_proto, 0xff, true);
789 else
790 SW_FLOW_KEY_PUT(match, tun_proto, ipv6 ? AF_INET6 : AF_INET,
791 false);
792
793 if (rem > 0) {
794 OVS_NLERR(log, "IP tunnel attribute has %d unknown bytes.",
795 rem);
796 return -EINVAL;
797 }
798
799 if (ipv4 && ipv6) {
800 OVS_NLERR(log, "Mixed IPv4 and IPv6 tunnel attributes");
801 return -EINVAL;
802 }
803
804 if (!is_mask) {
805 if (!ipv4 && !ipv6) {
806 OVS_NLERR(log, "IP tunnel dst address not specified");
807 return -EINVAL;
808 }
809 if (ipv4) {
810 if (info_bridge_mode) {
811 if (match->key->tun_key.u.ipv4.src ||
812 match->key->tun_key.u.ipv4.dst ||
813 match->key->tun_key.tp_src ||
814 match->key->tun_key.tp_dst ||
815 match->key->tun_key.ttl ||
816 match->key->tun_key.tos ||
817 tun_flags & ~TUNNEL_KEY) {
818 OVS_NLERR(log, "IPv4 tun info is not correct");
819 return -EINVAL;
820 }
821 } else if (!match->key->tun_key.u.ipv4.dst) {
822 OVS_NLERR(log, "IPv4 tunnel dst address is zero");
823 return -EINVAL;
824 }
825 }
826 if (ipv6 && ipv6_addr_any(&match->key->tun_key.u.ipv6.dst)) {
827 OVS_NLERR(log, "IPv6 tunnel dst address is zero");
828 return -EINVAL;
829 }
830
831 if (!ttl && !info_bridge_mode) {
832 OVS_NLERR(log, "IP tunnel TTL not specified.");
833 return -EINVAL;
834 }
835 }
836
837 return opts_type;
838}
839
840static int vxlan_opt_to_nlattr(struct sk_buff *skb,
841 const void *tun_opts, int swkey_tun_opts_len)
842{
843 const struct vxlan_metadata *opts = tun_opts;
844 struct nlattr *nla;
845
846 nla = nla_nest_start_noflag(skb, OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS);
847 if (!nla)
848 return -EMSGSIZE;
849
850 if (nla_put_u32(skb, OVS_VXLAN_EXT_GBP, opts->gbp) < 0)
851 return -EMSGSIZE;
852
853 nla_nest_end(skb, nla);
854 return 0;
855}
856
857static int __ip_tun_to_nlattr(struct sk_buff *skb,
858 const struct ip_tunnel_key *output,
859 const void *tun_opts, int swkey_tun_opts_len,
860 unsigned short tun_proto, u8 mode)
861{
862 if (output->tun_flags & TUNNEL_KEY &&
863 nla_put_be64(skb, OVS_TUNNEL_KEY_ATTR_ID, output->tun_id,
864 OVS_TUNNEL_KEY_ATTR_PAD))
865 return -EMSGSIZE;
866
867 if (mode & IP_TUNNEL_INFO_BRIDGE)
868 return nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE)
869 ? -EMSGSIZE : 0;
870
871 switch (tun_proto) {
872 case AF_INET:
873 if (output->u.ipv4.src &&
874 nla_put_in_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV4_SRC,
875 output->u.ipv4.src))
876 return -EMSGSIZE;
877 if (output->u.ipv4.dst &&
878 nla_put_in_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV4_DST,
879 output->u.ipv4.dst))
880 return -EMSGSIZE;
881 break;
882 case AF_INET6:
883 if (!ipv6_addr_any(&output->u.ipv6.src) &&
884 nla_put_in6_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV6_SRC,
885 &output->u.ipv6.src))
886 return -EMSGSIZE;
887 if (!ipv6_addr_any(&output->u.ipv6.dst) &&
888 nla_put_in6_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV6_DST,
889 &output->u.ipv6.dst))
890 return -EMSGSIZE;
891 break;
892 }
893 if (output->tos &&
894 nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TOS, output->tos))
895 return -EMSGSIZE;
896 if (nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TTL, output->ttl))
897 return -EMSGSIZE;
898 if ((output->tun_flags & TUNNEL_DONT_FRAGMENT) &&
899 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT))
900 return -EMSGSIZE;
901 if ((output->tun_flags & TUNNEL_CSUM) &&
902 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_CSUM))
903 return -EMSGSIZE;
904 if (output->tp_src &&
905 nla_put_be16(skb, OVS_TUNNEL_KEY_ATTR_TP_SRC, output->tp_src))
906 return -EMSGSIZE;
907 if (output->tp_dst &&
908 nla_put_be16(skb, OVS_TUNNEL_KEY_ATTR_TP_DST, output->tp_dst))
909 return -EMSGSIZE;
910 if ((output->tun_flags & TUNNEL_OAM) &&
911 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_OAM))
912 return -EMSGSIZE;
913 if (swkey_tun_opts_len) {
914 if (output->tun_flags & TUNNEL_GENEVE_OPT &&
915 nla_put(skb, OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS,
916 swkey_tun_opts_len, tun_opts))
917 return -EMSGSIZE;
918 else if (output->tun_flags & TUNNEL_VXLAN_OPT &&
919 vxlan_opt_to_nlattr(skb, tun_opts, swkey_tun_opts_len))
920 return -EMSGSIZE;
921 else if (output->tun_flags & TUNNEL_ERSPAN_OPT &&
922 nla_put(skb, OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS,
923 swkey_tun_opts_len, tun_opts))
924 return -EMSGSIZE;
925 }
926
927 return 0;
928}
929
930static int ip_tun_to_nlattr(struct sk_buff *skb,
931 const struct ip_tunnel_key *output,
932 const void *tun_opts, int swkey_tun_opts_len,
933 unsigned short tun_proto, u8 mode)
934{
935 struct nlattr *nla;
936 int err;
937
938 nla = nla_nest_start_noflag(skb, OVS_KEY_ATTR_TUNNEL);
939 if (!nla)
940 return -EMSGSIZE;
941
942 err = __ip_tun_to_nlattr(skb, output, tun_opts, swkey_tun_opts_len,
943 tun_proto, mode);
944 if (err)
945 return err;
946
947 nla_nest_end(skb, nla);
948 return 0;
949}
950
951int ovs_nla_put_tunnel_info(struct sk_buff *skb,
952 struct ip_tunnel_info *tun_info)
953{
954 return __ip_tun_to_nlattr(skb, &tun_info->key,
955 ip_tunnel_info_opts(tun_info),
956 tun_info->options_len,
957 ip_tunnel_info_af(tun_info), tun_info->mode);
958}
959
960static int encode_vlan_from_nlattrs(struct sw_flow_match *match,
961 const struct nlattr *a[],
962 bool is_mask, bool inner)
963{
964 __be16 tci = 0;
965 __be16 tpid = 0;
966
967 if (a[OVS_KEY_ATTR_VLAN])
968 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
969
970 if (a[OVS_KEY_ATTR_ETHERTYPE])
971 tpid = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
972
973 if (likely(!inner)) {
974 SW_FLOW_KEY_PUT(match, eth.vlan.tpid, tpid, is_mask);
975 SW_FLOW_KEY_PUT(match, eth.vlan.tci, tci, is_mask);
976 } else {
977 SW_FLOW_KEY_PUT(match, eth.cvlan.tpid, tpid, is_mask);
978 SW_FLOW_KEY_PUT(match, eth.cvlan.tci, tci, is_mask);
979 }
980 return 0;
981}
982
983static int validate_vlan_from_nlattrs(const struct sw_flow_match *match,
984 u64 key_attrs, bool inner,
985 const struct nlattr **a, bool log)
986{
987 __be16 tci = 0;
988
989 if (!((key_attrs & (1 << OVS_KEY_ATTR_ETHERNET)) &&
990 (key_attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) &&
991 eth_type_vlan(nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE])))) {
992
993 return 0;
994 }
995
996 if (!((key_attrs & (1 << OVS_KEY_ATTR_VLAN)) &&
997 (key_attrs & (1 << OVS_KEY_ATTR_ENCAP)))) {
998 OVS_NLERR(log, "Invalid %s frame", (inner) ? "C-VLAN" : "VLAN");
999 return -EINVAL;
1000 }
1001
1002 if (a[OVS_KEY_ATTR_VLAN])
1003 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
1004
1005 if (!(tci & htons(VLAN_CFI_MASK))) {
1006 if (tci) {
1007 OVS_NLERR(log, "%s TCI does not have VLAN_CFI_MASK bit set.",
1008 (inner) ? "C-VLAN" : "VLAN");
1009 return -EINVAL;
1010 } else if (nla_len(a[OVS_KEY_ATTR_ENCAP])) {
1011
1012 OVS_NLERR(log, "Truncated %s header has non-zero encap attribute.",
1013 (inner) ? "C-VLAN" : "VLAN");
1014 return -EINVAL;
1015 }
1016 }
1017
1018 return 1;
1019}
1020
1021static int validate_vlan_mask_from_nlattrs(const struct sw_flow_match *match,
1022 u64 key_attrs, bool inner,
1023 const struct nlattr **a, bool log)
1024{
1025 __be16 tci = 0;
1026 __be16 tpid = 0;
1027 bool encap_valid = !!(match->key->eth.vlan.tci &
1028 htons(VLAN_CFI_MASK));
1029 bool i_encap_valid = !!(match->key->eth.cvlan.tci &
1030 htons(VLAN_CFI_MASK));
1031
1032 if (!(key_attrs & (1 << OVS_KEY_ATTR_ENCAP))) {
1033
1034 return 0;
1035 }
1036
1037 if ((!inner && !encap_valid) || (inner && !i_encap_valid)) {
1038 OVS_NLERR(log, "Encap mask attribute is set for non-%s frame.",
1039 (inner) ? "C-VLAN" : "VLAN");
1040 return -EINVAL;
1041 }
1042
1043 if (a[OVS_KEY_ATTR_VLAN])
1044 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
1045
1046 if (a[OVS_KEY_ATTR_ETHERTYPE])
1047 tpid = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
1048
1049 if (tpid != htons(0xffff)) {
1050 OVS_NLERR(log, "Must have an exact match on %s TPID (mask=%x).",
1051 (inner) ? "C-VLAN" : "VLAN", ntohs(tpid));
1052 return -EINVAL;
1053 }
1054 if (!(tci & htons(VLAN_CFI_MASK))) {
1055 OVS_NLERR(log, "%s TCI mask does not have exact match for VLAN_CFI_MASK bit.",
1056 (inner) ? "C-VLAN" : "VLAN");
1057 return -EINVAL;
1058 }
1059
1060 return 1;
1061}
1062
1063static int __parse_vlan_from_nlattrs(struct sw_flow_match *match,
1064 u64 *key_attrs, bool inner,
1065 const struct nlattr **a, bool is_mask,
1066 bool log)
1067{
1068 int err;
1069 const struct nlattr *encap;
1070
1071 if (!is_mask)
1072 err = validate_vlan_from_nlattrs(match, *key_attrs, inner,
1073 a, log);
1074 else
1075 err = validate_vlan_mask_from_nlattrs(match, *key_attrs, inner,
1076 a, log);
1077 if (err <= 0)
1078 return err;
1079
1080 err = encode_vlan_from_nlattrs(match, a, is_mask, inner);
1081 if (err)
1082 return err;
1083
1084 *key_attrs &= ~(1 << OVS_KEY_ATTR_ENCAP);
1085 *key_attrs &= ~(1 << OVS_KEY_ATTR_VLAN);
1086 *key_attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE);
1087
1088 encap = a[OVS_KEY_ATTR_ENCAP];
1089
1090 if (!is_mask)
1091 err = parse_flow_nlattrs(encap, a, key_attrs, log);
1092 else
1093 err = parse_flow_mask_nlattrs(encap, a, key_attrs, log);
1094
1095 return err;
1096}
1097
1098static int parse_vlan_from_nlattrs(struct sw_flow_match *match,
1099 u64 *key_attrs, const struct nlattr **a,
1100 bool is_mask, bool log)
1101{
1102 int err;
1103 bool encap_valid = false;
1104
1105 err = __parse_vlan_from_nlattrs(match, key_attrs, false, a,
1106 is_mask, log);
1107 if (err)
1108 return err;
1109
1110 encap_valid = !!(match->key->eth.vlan.tci & htons(VLAN_CFI_MASK));
1111 if (encap_valid) {
1112 err = __parse_vlan_from_nlattrs(match, key_attrs, true, a,
1113 is_mask, log);
1114 if (err)
1115 return err;
1116 }
1117
1118 return 0;
1119}
1120
1121static int parse_eth_type_from_nlattrs(struct sw_flow_match *match,
1122 u64 *attrs, const struct nlattr **a,
1123 bool is_mask, bool log)
1124{
1125 __be16 eth_type;
1126
1127 eth_type = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
1128 if (is_mask) {
1129
1130 eth_type = htons(0xffff);
1131 } else if (!eth_proto_is_802_3(eth_type)) {
1132 OVS_NLERR(log, "EtherType %x is less than min %x",
1133 ntohs(eth_type), ETH_P_802_3_MIN);
1134 return -EINVAL;
1135 }
1136
1137 SW_FLOW_KEY_PUT(match, eth.type, eth_type, is_mask);
1138 *attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE);
1139 return 0;
1140}
1141
1142static int metadata_from_nlattrs(struct net *net, struct sw_flow_match *match,
1143 u64 *attrs, const struct nlattr **a,
1144 bool is_mask, bool log)
1145{
1146 u8 mac_proto = MAC_PROTO_ETHERNET;
1147
1148 if (*attrs & (1 << OVS_KEY_ATTR_DP_HASH)) {
1149 u32 hash_val = nla_get_u32(a[OVS_KEY_ATTR_DP_HASH]);
1150
1151 SW_FLOW_KEY_PUT(match, ovs_flow_hash, hash_val, is_mask);
1152 *attrs &= ~(1 << OVS_KEY_ATTR_DP_HASH);
1153 }
1154
1155 if (*attrs & (1 << OVS_KEY_ATTR_RECIRC_ID)) {
1156 u32 recirc_id = nla_get_u32(a[OVS_KEY_ATTR_RECIRC_ID]);
1157
1158 SW_FLOW_KEY_PUT(match, recirc_id, recirc_id, is_mask);
1159 *attrs &= ~(1 << OVS_KEY_ATTR_RECIRC_ID);
1160 }
1161
1162 if (*attrs & (1 << OVS_KEY_ATTR_PRIORITY)) {
1163 SW_FLOW_KEY_PUT(match, phy.priority,
1164 nla_get_u32(a[OVS_KEY_ATTR_PRIORITY]), is_mask);
1165 *attrs &= ~(1 << OVS_KEY_ATTR_PRIORITY);
1166 }
1167
1168 if (*attrs & (1 << OVS_KEY_ATTR_IN_PORT)) {
1169 u32 in_port = nla_get_u32(a[OVS_KEY_ATTR_IN_PORT]);
1170
1171 if (is_mask) {
1172 in_port = 0xffffffff;
1173 } else if (in_port >= DP_MAX_PORTS) {
1174 OVS_NLERR(log, "Port %d exceeds max allowable %d",
1175 in_port, DP_MAX_PORTS);
1176 return -EINVAL;
1177 }
1178
1179 SW_FLOW_KEY_PUT(match, phy.in_port, in_port, is_mask);
1180 *attrs &= ~(1 << OVS_KEY_ATTR_IN_PORT);
1181 } else if (!is_mask) {
1182 SW_FLOW_KEY_PUT(match, phy.in_port, DP_MAX_PORTS, is_mask);
1183 }
1184
1185 if (*attrs & (1 << OVS_KEY_ATTR_SKB_MARK)) {
1186 uint32_t mark = nla_get_u32(a[OVS_KEY_ATTR_SKB_MARK]);
1187
1188 SW_FLOW_KEY_PUT(match, phy.skb_mark, mark, is_mask);
1189 *attrs &= ~(1 << OVS_KEY_ATTR_SKB_MARK);
1190 }
1191 if (*attrs & (1 << OVS_KEY_ATTR_TUNNEL)) {
1192 if (ip_tun_from_nlattr(a[OVS_KEY_ATTR_TUNNEL], match,
1193 is_mask, log) < 0)
1194 return -EINVAL;
1195 *attrs &= ~(1 << OVS_KEY_ATTR_TUNNEL);
1196 }
1197
1198 if (*attrs & (1 << OVS_KEY_ATTR_CT_STATE) &&
1199 ovs_ct_verify(net, OVS_KEY_ATTR_CT_STATE)) {
1200 u32 ct_state = nla_get_u32(a[OVS_KEY_ATTR_CT_STATE]);
1201
1202 if (ct_state & ~CT_SUPPORTED_MASK) {
1203 OVS_NLERR(log, "ct_state flags %08x unsupported",
1204 ct_state);
1205 return -EINVAL;
1206 }
1207
1208 SW_FLOW_KEY_PUT(match, ct_state, ct_state, is_mask);
1209 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_STATE);
1210 }
1211 if (*attrs & (1 << OVS_KEY_ATTR_CT_ZONE) &&
1212 ovs_ct_verify(net, OVS_KEY_ATTR_CT_ZONE)) {
1213 u16 ct_zone = nla_get_u16(a[OVS_KEY_ATTR_CT_ZONE]);
1214
1215 SW_FLOW_KEY_PUT(match, ct_zone, ct_zone, is_mask);
1216 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ZONE);
1217 }
1218 if (*attrs & (1 << OVS_KEY_ATTR_CT_MARK) &&
1219 ovs_ct_verify(net, OVS_KEY_ATTR_CT_MARK)) {
1220 u32 mark = nla_get_u32(a[OVS_KEY_ATTR_CT_MARK]);
1221
1222 SW_FLOW_KEY_PUT(match, ct.mark, mark, is_mask);
1223 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_MARK);
1224 }
1225 if (*attrs & (1 << OVS_KEY_ATTR_CT_LABELS) &&
1226 ovs_ct_verify(net, OVS_KEY_ATTR_CT_LABELS)) {
1227 const struct ovs_key_ct_labels *cl;
1228
1229 cl = nla_data(a[OVS_KEY_ATTR_CT_LABELS]);
1230 SW_FLOW_KEY_MEMCPY(match, ct.labels, cl->ct_labels,
1231 sizeof(*cl), is_mask);
1232 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_LABELS);
1233 }
1234 if (*attrs & (1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4)) {
1235 const struct ovs_key_ct_tuple_ipv4 *ct;
1236
1237 ct = nla_data(a[OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4]);
1238
1239 SW_FLOW_KEY_PUT(match, ipv4.ct_orig.src, ct->ipv4_src, is_mask);
1240 SW_FLOW_KEY_PUT(match, ipv4.ct_orig.dst, ct->ipv4_dst, is_mask);
1241 SW_FLOW_KEY_PUT(match, ct.orig_tp.src, ct->src_port, is_mask);
1242 SW_FLOW_KEY_PUT(match, ct.orig_tp.dst, ct->dst_port, is_mask);
1243 SW_FLOW_KEY_PUT(match, ct_orig_proto, ct->ipv4_proto, is_mask);
1244 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4);
1245 }
1246 if (*attrs & (1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6)) {
1247 const struct ovs_key_ct_tuple_ipv6 *ct;
1248
1249 ct = nla_data(a[OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6]);
1250
1251 SW_FLOW_KEY_MEMCPY(match, ipv6.ct_orig.src, &ct->ipv6_src,
1252 sizeof(match->key->ipv6.ct_orig.src),
1253 is_mask);
1254 SW_FLOW_KEY_MEMCPY(match, ipv6.ct_orig.dst, &ct->ipv6_dst,
1255 sizeof(match->key->ipv6.ct_orig.dst),
1256 is_mask);
1257 SW_FLOW_KEY_PUT(match, ct.orig_tp.src, ct->src_port, is_mask);
1258 SW_FLOW_KEY_PUT(match, ct.orig_tp.dst, ct->dst_port, is_mask);
1259 SW_FLOW_KEY_PUT(match, ct_orig_proto, ct->ipv6_proto, is_mask);
1260 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6);
1261 }
1262
1263
1264
1265
1266 if (!(*attrs & (1ULL << OVS_KEY_ATTR_ETHERNET)) &&
1267 (*attrs & (1ULL << OVS_KEY_ATTR_ETHERTYPE)))
1268 mac_proto = MAC_PROTO_NONE;
1269
1270
1271 SW_FLOW_KEY_PUT(match, mac_proto, is_mask ? 0xff : mac_proto, is_mask);
1272
1273 if (mac_proto == MAC_PROTO_NONE)
1274 return parse_eth_type_from_nlattrs(match, attrs, a, is_mask,
1275 log);
1276
1277 return 0;
1278}
1279
1280int nsh_hdr_from_nlattr(const struct nlattr *attr,
1281 struct nshhdr *nh, size_t size)
1282{
1283 struct nlattr *a;
1284 int rem;
1285 u8 flags = 0;
1286 u8 ttl = 0;
1287 int mdlen = 0;
1288
1289
1290
1291 if (size < NSH_BASE_HDR_LEN)
1292 return -ENOBUFS;
1293
1294 nla_for_each_nested(a, attr, rem) {
1295 int type = nla_type(a);
1296
1297 switch (type) {
1298 case OVS_NSH_KEY_ATTR_BASE: {
1299 const struct ovs_nsh_key_base *base = nla_data(a);
1300
1301 flags = base->flags;
1302 ttl = base->ttl;
1303 nh->np = base->np;
1304 nh->mdtype = base->mdtype;
1305 nh->path_hdr = base->path_hdr;
1306 break;
1307 }
1308 case OVS_NSH_KEY_ATTR_MD1:
1309 mdlen = nla_len(a);
1310 if (mdlen > size - NSH_BASE_HDR_LEN)
1311 return -ENOBUFS;
1312 memcpy(&nh->md1, nla_data(a), mdlen);
1313 break;
1314
1315 case OVS_NSH_KEY_ATTR_MD2:
1316 mdlen = nla_len(a);
1317 if (mdlen > size - NSH_BASE_HDR_LEN)
1318 return -ENOBUFS;
1319 memcpy(&nh->md2, nla_data(a), mdlen);
1320 break;
1321
1322 default:
1323 return -EINVAL;
1324 }
1325 }
1326
1327
1328 nh->ver_flags_ttl_len = 0;
1329 nsh_set_flags_ttl_len(nh, flags, ttl, NSH_BASE_HDR_LEN + mdlen);
1330
1331 return 0;
1332}
1333
1334int nsh_key_from_nlattr(const struct nlattr *attr,
1335 struct ovs_key_nsh *nsh, struct ovs_key_nsh *nsh_mask)
1336{
1337 struct nlattr *a;
1338 int rem;
1339
1340
1341
1342 nla_for_each_nested(a, attr, rem) {
1343 int type = nla_type(a);
1344
1345 switch (type) {
1346 case OVS_NSH_KEY_ATTR_BASE: {
1347 const struct ovs_nsh_key_base *base = nla_data(a);
1348 const struct ovs_nsh_key_base *base_mask = base + 1;
1349
1350 nsh->base = *base;
1351 nsh_mask->base = *base_mask;
1352 break;
1353 }
1354 case OVS_NSH_KEY_ATTR_MD1: {
1355 const struct ovs_nsh_key_md1 *md1 = nla_data(a);
1356 const struct ovs_nsh_key_md1 *md1_mask = md1 + 1;
1357
1358 memcpy(nsh->context, md1->context, sizeof(*md1));
1359 memcpy(nsh_mask->context, md1_mask->context,
1360 sizeof(*md1_mask));
1361 break;
1362 }
1363 case OVS_NSH_KEY_ATTR_MD2:
1364
1365 return -ENOTSUPP;
1366 default:
1367 return -EINVAL;
1368 }
1369 }
1370
1371 return 0;
1372}
1373
1374static int nsh_key_put_from_nlattr(const struct nlattr *attr,
1375 struct sw_flow_match *match, bool is_mask,
1376 bool is_push_nsh, bool log)
1377{
1378 struct nlattr *a;
1379 int rem;
1380 bool has_base = false;
1381 bool has_md1 = false;
1382 bool has_md2 = false;
1383 u8 mdtype = 0;
1384 int mdlen = 0;
1385
1386 if (WARN_ON(is_push_nsh && is_mask))
1387 return -EINVAL;
1388
1389 nla_for_each_nested(a, attr, rem) {
1390 int type = nla_type(a);
1391 int i;
1392
1393 if (type > OVS_NSH_KEY_ATTR_MAX) {
1394 OVS_NLERR(log, "nsh attr %d is out of range max %d",
1395 type, OVS_NSH_KEY_ATTR_MAX);
1396 return -EINVAL;
1397 }
1398
1399 if (!check_attr_len(nla_len(a),
1400 ovs_nsh_key_attr_lens[type].len)) {
1401 OVS_NLERR(
1402 log,
1403 "nsh attr %d has unexpected len %d expected %d",
1404 type,
1405 nla_len(a),
1406 ovs_nsh_key_attr_lens[type].len
1407 );
1408 return -EINVAL;
1409 }
1410
1411 switch (type) {
1412 case OVS_NSH_KEY_ATTR_BASE: {
1413 const struct ovs_nsh_key_base *base = nla_data(a);
1414
1415 has_base = true;
1416 mdtype = base->mdtype;
1417 SW_FLOW_KEY_PUT(match, nsh.base.flags,
1418 base->flags, is_mask);
1419 SW_FLOW_KEY_PUT(match, nsh.base.ttl,
1420 base->ttl, is_mask);
1421 SW_FLOW_KEY_PUT(match, nsh.base.mdtype,
1422 base->mdtype, is_mask);
1423 SW_FLOW_KEY_PUT(match, nsh.base.np,
1424 base->np, is_mask);
1425 SW_FLOW_KEY_PUT(match, nsh.base.path_hdr,
1426 base->path_hdr, is_mask);
1427 break;
1428 }
1429 case OVS_NSH_KEY_ATTR_MD1: {
1430 const struct ovs_nsh_key_md1 *md1 = nla_data(a);
1431
1432 has_md1 = true;
1433 for (i = 0; i < NSH_MD1_CONTEXT_SIZE; i++)
1434 SW_FLOW_KEY_PUT(match, nsh.context[i],
1435 md1->context[i], is_mask);
1436 break;
1437 }
1438 case OVS_NSH_KEY_ATTR_MD2:
1439 if (!is_push_nsh)
1440 return -ENOTSUPP;
1441
1442 has_md2 = true;
1443 mdlen = nla_len(a);
1444 if (mdlen > NSH_CTX_HDRS_MAX_LEN || mdlen <= 0) {
1445 OVS_NLERR(
1446 log,
1447 "Invalid MD length %d for MD type %d",
1448 mdlen,
1449 mdtype
1450 );
1451 return -EINVAL;
1452 }
1453 break;
1454 default:
1455 OVS_NLERR(log, "Unknown nsh attribute %d",
1456 type);
1457 return -EINVAL;
1458 }
1459 }
1460
1461 if (rem > 0) {
1462 OVS_NLERR(log, "nsh attribute has %d unknown bytes.", rem);
1463 return -EINVAL;
1464 }
1465
1466 if (has_md1 && has_md2) {
1467 OVS_NLERR(
1468 1,
1469 "invalid nsh attribute: md1 and md2 are exclusive."
1470 );
1471 return -EINVAL;
1472 }
1473
1474 if (!is_mask) {
1475 if ((has_md1 && mdtype != NSH_M_TYPE1) ||
1476 (has_md2 && mdtype != NSH_M_TYPE2)) {
1477 OVS_NLERR(1, "nsh attribute has unmatched MD type %d.",
1478 mdtype);
1479 return -EINVAL;
1480 }
1481
1482 if (is_push_nsh &&
1483 (!has_base || (!has_md1 && !has_md2))) {
1484 OVS_NLERR(
1485 1,
1486 "push_nsh: missing base or metadata attributes"
1487 );
1488 return -EINVAL;
1489 }
1490 }
1491
1492 return 0;
1493}
1494
1495static int ovs_key_from_nlattrs(struct net *net, struct sw_flow_match *match,
1496 u64 attrs, const struct nlattr **a,
1497 bool is_mask, bool log)
1498{
1499 int err;
1500
1501 err = metadata_from_nlattrs(net, match, &attrs, a, is_mask, log);
1502 if (err)
1503 return err;
1504
1505 if (attrs & (1 << OVS_KEY_ATTR_ETHERNET)) {
1506 const struct ovs_key_ethernet *eth_key;
1507
1508 eth_key = nla_data(a[OVS_KEY_ATTR_ETHERNET]);
1509 SW_FLOW_KEY_MEMCPY(match, eth.src,
1510 eth_key->eth_src, ETH_ALEN, is_mask);
1511 SW_FLOW_KEY_MEMCPY(match, eth.dst,
1512 eth_key->eth_dst, ETH_ALEN, is_mask);
1513 attrs &= ~(1 << OVS_KEY_ATTR_ETHERNET);
1514
1515 if (attrs & (1 << OVS_KEY_ATTR_VLAN)) {
1516
1517
1518
1519 OVS_NLERR(log, "VLAN attribute unexpected.");
1520 return -EINVAL;
1521 }
1522
1523 if (attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) {
1524 err = parse_eth_type_from_nlattrs(match, &attrs, a, is_mask,
1525 log);
1526 if (err)
1527 return err;
1528 } else if (!is_mask) {
1529 SW_FLOW_KEY_PUT(match, eth.type, htons(ETH_P_802_2), is_mask);
1530 }
1531 } else if (!match->key->eth.type) {
1532 OVS_NLERR(log, "Either Ethernet header or EtherType is required.");
1533 return -EINVAL;
1534 }
1535
1536 if (attrs & (1 << OVS_KEY_ATTR_IPV4)) {
1537 const struct ovs_key_ipv4 *ipv4_key;
1538
1539 ipv4_key = nla_data(a[OVS_KEY_ATTR_IPV4]);
1540 if (!is_mask && ipv4_key->ipv4_frag > OVS_FRAG_TYPE_MAX) {
1541 OVS_NLERR(log, "IPv4 frag type %d is out of range max %d",
1542 ipv4_key->ipv4_frag, OVS_FRAG_TYPE_MAX);
1543 return -EINVAL;
1544 }
1545 SW_FLOW_KEY_PUT(match, ip.proto,
1546 ipv4_key->ipv4_proto, is_mask);
1547 SW_FLOW_KEY_PUT(match, ip.tos,
1548 ipv4_key->ipv4_tos, is_mask);
1549 SW_FLOW_KEY_PUT(match, ip.ttl,
1550 ipv4_key->ipv4_ttl, is_mask);
1551 SW_FLOW_KEY_PUT(match, ip.frag,
1552 ipv4_key->ipv4_frag, is_mask);
1553 SW_FLOW_KEY_PUT(match, ipv4.addr.src,
1554 ipv4_key->ipv4_src, is_mask);
1555 SW_FLOW_KEY_PUT(match, ipv4.addr.dst,
1556 ipv4_key->ipv4_dst, is_mask);
1557 attrs &= ~(1 << OVS_KEY_ATTR_IPV4);
1558 }
1559
1560 if (attrs & (1 << OVS_KEY_ATTR_IPV6)) {
1561 const struct ovs_key_ipv6 *ipv6_key;
1562
1563 ipv6_key = nla_data(a[OVS_KEY_ATTR_IPV6]);
1564 if (!is_mask && ipv6_key->ipv6_frag > OVS_FRAG_TYPE_MAX) {
1565 OVS_NLERR(log, "IPv6 frag type %d is out of range max %d",
1566 ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX);
1567 return -EINVAL;
1568 }
1569
1570 if (!is_mask && ipv6_key->ipv6_label & htonl(0xFFF00000)) {
1571 OVS_NLERR(log, "IPv6 flow label %x is out of range (max=%x)",
1572 ntohl(ipv6_key->ipv6_label), (1 << 20) - 1);
1573 return -EINVAL;
1574 }
1575
1576 SW_FLOW_KEY_PUT(match, ipv6.label,
1577 ipv6_key->ipv6_label, is_mask);
1578 SW_FLOW_KEY_PUT(match, ip.proto,
1579 ipv6_key->ipv6_proto, is_mask);
1580 SW_FLOW_KEY_PUT(match, ip.tos,
1581 ipv6_key->ipv6_tclass, is_mask);
1582 SW_FLOW_KEY_PUT(match, ip.ttl,
1583 ipv6_key->ipv6_hlimit, is_mask);
1584 SW_FLOW_KEY_PUT(match, ip.frag,
1585 ipv6_key->ipv6_frag, is_mask);
1586 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.src,
1587 ipv6_key->ipv6_src,
1588 sizeof(match->key->ipv6.addr.src),
1589 is_mask);
1590 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.dst,
1591 ipv6_key->ipv6_dst,
1592 sizeof(match->key->ipv6.addr.dst),
1593 is_mask);
1594
1595 attrs &= ~(1 << OVS_KEY_ATTR_IPV6);
1596 }
1597
1598 if (attrs & (1 << OVS_KEY_ATTR_ARP)) {
1599 const struct ovs_key_arp *arp_key;
1600
1601 arp_key = nla_data(a[OVS_KEY_ATTR_ARP]);
1602 if (!is_mask && (arp_key->arp_op & htons(0xff00))) {
1603 OVS_NLERR(log, "Unknown ARP opcode (opcode=%d).",
1604 arp_key->arp_op);
1605 return -EINVAL;
1606 }
1607
1608 SW_FLOW_KEY_PUT(match, ipv4.addr.src,
1609 arp_key->arp_sip, is_mask);
1610 SW_FLOW_KEY_PUT(match, ipv4.addr.dst,
1611 arp_key->arp_tip, is_mask);
1612 SW_FLOW_KEY_PUT(match, ip.proto,
1613 ntohs(arp_key->arp_op), is_mask);
1614 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.sha,
1615 arp_key->arp_sha, ETH_ALEN, is_mask);
1616 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.tha,
1617 arp_key->arp_tha, ETH_ALEN, is_mask);
1618
1619 attrs &= ~(1 << OVS_KEY_ATTR_ARP);
1620 }
1621
1622 if (attrs & (1 << OVS_KEY_ATTR_NSH)) {
1623 if (nsh_key_put_from_nlattr(a[OVS_KEY_ATTR_NSH], match,
1624 is_mask, false, log) < 0)
1625 return -EINVAL;
1626 attrs &= ~(1 << OVS_KEY_ATTR_NSH);
1627 }
1628
1629 if (attrs & (1 << OVS_KEY_ATTR_MPLS)) {
1630 const struct ovs_key_mpls *mpls_key;
1631
1632 mpls_key = nla_data(a[OVS_KEY_ATTR_MPLS]);
1633 SW_FLOW_KEY_PUT(match, mpls.top_lse,
1634 mpls_key->mpls_lse, is_mask);
1635
1636 attrs &= ~(1 << OVS_KEY_ATTR_MPLS);
1637 }
1638
1639 if (attrs & (1 << OVS_KEY_ATTR_TCP)) {
1640 const struct ovs_key_tcp *tcp_key;
1641
1642 tcp_key = nla_data(a[OVS_KEY_ATTR_TCP]);
1643 SW_FLOW_KEY_PUT(match, tp.src, tcp_key->tcp_src, is_mask);
1644 SW_FLOW_KEY_PUT(match, tp.dst, tcp_key->tcp_dst, is_mask);
1645 attrs &= ~(1 << OVS_KEY_ATTR_TCP);
1646 }
1647
1648 if (attrs & (1 << OVS_KEY_ATTR_TCP_FLAGS)) {
1649 SW_FLOW_KEY_PUT(match, tp.flags,
1650 nla_get_be16(a[OVS_KEY_ATTR_TCP_FLAGS]),
1651 is_mask);
1652 attrs &= ~(1 << OVS_KEY_ATTR_TCP_FLAGS);
1653 }
1654
1655 if (attrs & (1 << OVS_KEY_ATTR_UDP)) {
1656 const struct ovs_key_udp *udp_key;
1657
1658 udp_key = nla_data(a[OVS_KEY_ATTR_UDP]);
1659 SW_FLOW_KEY_PUT(match, tp.src, udp_key->udp_src, is_mask);
1660 SW_FLOW_KEY_PUT(match, tp.dst, udp_key->udp_dst, is_mask);
1661 attrs &= ~(1 << OVS_KEY_ATTR_UDP);
1662 }
1663
1664 if (attrs & (1 << OVS_KEY_ATTR_SCTP)) {
1665 const struct ovs_key_sctp *sctp_key;
1666
1667 sctp_key = nla_data(a[OVS_KEY_ATTR_SCTP]);
1668 SW_FLOW_KEY_PUT(match, tp.src, sctp_key->sctp_src, is_mask);
1669 SW_FLOW_KEY_PUT(match, tp.dst, sctp_key->sctp_dst, is_mask);
1670 attrs &= ~(1 << OVS_KEY_ATTR_SCTP);
1671 }
1672
1673 if (attrs & (1 << OVS_KEY_ATTR_ICMP)) {
1674 const struct ovs_key_icmp *icmp_key;
1675
1676 icmp_key = nla_data(a[OVS_KEY_ATTR_ICMP]);
1677 SW_FLOW_KEY_PUT(match, tp.src,
1678 htons(icmp_key->icmp_type), is_mask);
1679 SW_FLOW_KEY_PUT(match, tp.dst,
1680 htons(icmp_key->icmp_code), is_mask);
1681 attrs &= ~(1 << OVS_KEY_ATTR_ICMP);
1682 }
1683
1684 if (attrs & (1 << OVS_KEY_ATTR_ICMPV6)) {
1685 const struct ovs_key_icmpv6 *icmpv6_key;
1686
1687 icmpv6_key = nla_data(a[OVS_KEY_ATTR_ICMPV6]);
1688 SW_FLOW_KEY_PUT(match, tp.src,
1689 htons(icmpv6_key->icmpv6_type), is_mask);
1690 SW_FLOW_KEY_PUT(match, tp.dst,
1691 htons(icmpv6_key->icmpv6_code), is_mask);
1692 attrs &= ~(1 << OVS_KEY_ATTR_ICMPV6);
1693 }
1694
1695 if (attrs & (1 << OVS_KEY_ATTR_ND)) {
1696 const struct ovs_key_nd *nd_key;
1697
1698 nd_key = nla_data(a[OVS_KEY_ATTR_ND]);
1699 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.target,
1700 nd_key->nd_target,
1701 sizeof(match->key->ipv6.nd.target),
1702 is_mask);
1703 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.sll,
1704 nd_key->nd_sll, ETH_ALEN, is_mask);
1705 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.tll,
1706 nd_key->nd_tll, ETH_ALEN, is_mask);
1707 attrs &= ~(1 << OVS_KEY_ATTR_ND);
1708 }
1709
1710 if (attrs != 0) {
1711 OVS_NLERR(log, "Unknown key attributes %llx",
1712 (unsigned long long)attrs);
1713 return -EINVAL;
1714 }
1715
1716 return 0;
1717}
1718
1719static void nlattr_set(struct nlattr *attr, u8 val,
1720 const struct ovs_len_tbl *tbl)
1721{
1722 struct nlattr *nla;
1723 int rem;
1724
1725
1726 nla_for_each_nested(nla, attr, rem) {
1727 if (tbl[nla_type(nla)].len == OVS_ATTR_NESTED)
1728 nlattr_set(nla, val, tbl[nla_type(nla)].next ? : tbl);
1729 else
1730 memset(nla_data(nla), val, nla_len(nla));
1731
1732 if (nla_type(nla) == OVS_KEY_ATTR_CT_STATE)
1733 *(u32 *)nla_data(nla) &= CT_SUPPORTED_MASK;
1734 }
1735}
1736
1737static void mask_set_nlattr(struct nlattr *attr, u8 val)
1738{
1739 nlattr_set(attr, val, ovs_key_lens);
1740}
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758int ovs_nla_get_match(struct net *net, struct sw_flow_match *match,
1759 const struct nlattr *nla_key,
1760 const struct nlattr *nla_mask,
1761 bool log)
1762{
1763 const struct nlattr *a[OVS_KEY_ATTR_MAX + 1];
1764 struct nlattr *newmask = NULL;
1765 u64 key_attrs = 0;
1766 u64 mask_attrs = 0;
1767 int err;
1768
1769 err = parse_flow_nlattrs(nla_key, a, &key_attrs, log);
1770 if (err)
1771 return err;
1772
1773 err = parse_vlan_from_nlattrs(match, &key_attrs, a, false, log);
1774 if (err)
1775 return err;
1776
1777 err = ovs_key_from_nlattrs(net, match, key_attrs, a, false, log);
1778 if (err)
1779 return err;
1780
1781 if (match->mask) {
1782 if (!nla_mask) {
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793 newmask = kmemdup(nla_key,
1794 nla_total_size(nla_len(nla_key)),
1795 GFP_KERNEL);
1796 if (!newmask)
1797 return -ENOMEM;
1798
1799 mask_set_nlattr(newmask, 0xff);
1800
1801
1802
1803
1804 if (match->key->tun_proto)
1805 SW_FLOW_KEY_MEMSET_FIELD(match, tun_key,
1806 0xff, true);
1807
1808 nla_mask = newmask;
1809 }
1810
1811 err = parse_flow_mask_nlattrs(nla_mask, a, &mask_attrs, log);
1812 if (err)
1813 goto free_newmask;
1814
1815
1816 SW_FLOW_KEY_PUT(match, eth.vlan.tci, htons(0xffff), true);
1817 SW_FLOW_KEY_PUT(match, eth.cvlan.tci, htons(0xffff), true);
1818
1819 err = parse_vlan_from_nlattrs(match, &mask_attrs, a, true, log);
1820 if (err)
1821 goto free_newmask;
1822
1823 err = ovs_key_from_nlattrs(net, match, mask_attrs, a, true,
1824 log);
1825 if (err)
1826 goto free_newmask;
1827 }
1828
1829 if (!match_validate(match, key_attrs, mask_attrs, log))
1830 err = -EINVAL;
1831
1832free_newmask:
1833 kfree(newmask);
1834 return err;
1835}
1836
1837static size_t get_ufid_len(const struct nlattr *attr, bool log)
1838{
1839 size_t len;
1840
1841 if (!attr)
1842 return 0;
1843
1844 len = nla_len(attr);
1845 if (len < 1 || len > MAX_UFID_LENGTH) {
1846 OVS_NLERR(log, "ufid size %u bytes exceeds the range (1, %d)",
1847 nla_len(attr), MAX_UFID_LENGTH);
1848 return 0;
1849 }
1850
1851 return len;
1852}
1853
1854
1855
1856
1857bool ovs_nla_get_ufid(struct sw_flow_id *sfid, const struct nlattr *attr,
1858 bool log)
1859{
1860 sfid->ufid_len = get_ufid_len(attr, log);
1861 if (sfid->ufid_len)
1862 memcpy(sfid->ufid, nla_data(attr), sfid->ufid_len);
1863
1864 return sfid->ufid_len;
1865}
1866
1867int ovs_nla_get_identifier(struct sw_flow_id *sfid, const struct nlattr *ufid,
1868 const struct sw_flow_key *key, bool log)
1869{
1870 struct sw_flow_key *new_key;
1871
1872 if (ovs_nla_get_ufid(sfid, ufid, log))
1873 return 0;
1874
1875
1876 new_key = kmalloc(sizeof(*new_key), GFP_KERNEL);
1877 if (!new_key)
1878 return -ENOMEM;
1879 memcpy(new_key, key, sizeof(*key));
1880 sfid->unmasked_key = new_key;
1881
1882 return 0;
1883}
1884
1885u32 ovs_nla_get_ufid_flags(const struct nlattr *attr)
1886{
1887 return attr ? nla_get_u32(attr) : 0;
1888}
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910int ovs_nla_get_flow_metadata(struct net *net,
1911 const struct nlattr *a[OVS_KEY_ATTR_MAX + 1],
1912 u64 attrs, struct sw_flow_key *key, bool log)
1913{
1914 struct sw_flow_match match;
1915
1916 memset(&match, 0, sizeof(match));
1917 match.key = key;
1918
1919 key->ct_state = 0;
1920 key->ct_zone = 0;
1921 key->ct_orig_proto = 0;
1922 memset(&key->ct, 0, sizeof(key->ct));
1923 memset(&key->ipv4.ct_orig, 0, sizeof(key->ipv4.ct_orig));
1924 memset(&key->ipv6.ct_orig, 0, sizeof(key->ipv6.ct_orig));
1925
1926 key->phy.in_port = DP_MAX_PORTS;
1927
1928 return metadata_from_nlattrs(net, &match, &attrs, a, false, log);
1929}
1930
1931static int ovs_nla_put_vlan(struct sk_buff *skb, const struct vlan_head *vh,
1932 bool is_mask)
1933{
1934 __be16 eth_type = !is_mask ? vh->tpid : htons(0xffff);
1935
1936 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, eth_type) ||
1937 nla_put_be16(skb, OVS_KEY_ATTR_VLAN, vh->tci))
1938 return -EMSGSIZE;
1939 return 0;
1940}
1941
1942static int nsh_key_to_nlattr(const struct ovs_key_nsh *nsh, bool is_mask,
1943 struct sk_buff *skb)
1944{
1945 struct nlattr *start;
1946
1947 start = nla_nest_start_noflag(skb, OVS_KEY_ATTR_NSH);
1948 if (!start)
1949 return -EMSGSIZE;
1950
1951 if (nla_put(skb, OVS_NSH_KEY_ATTR_BASE, sizeof(nsh->base), &nsh->base))
1952 goto nla_put_failure;
1953
1954 if (is_mask || nsh->base.mdtype == NSH_M_TYPE1) {
1955 if (nla_put(skb, OVS_NSH_KEY_ATTR_MD1,
1956 sizeof(nsh->context), nsh->context))
1957 goto nla_put_failure;
1958 }
1959
1960
1961
1962 nla_nest_end(skb, start);
1963
1964 return 0;
1965
1966nla_put_failure:
1967 return -EMSGSIZE;
1968}
1969
1970static int __ovs_nla_put_key(const struct sw_flow_key *swkey,
1971 const struct sw_flow_key *output, bool is_mask,
1972 struct sk_buff *skb)
1973{
1974 struct ovs_key_ethernet *eth_key;
1975 struct nlattr *nla;
1976 struct nlattr *encap = NULL;
1977 struct nlattr *in_encap = NULL;
1978
1979 if (nla_put_u32(skb, OVS_KEY_ATTR_RECIRC_ID, output->recirc_id))
1980 goto nla_put_failure;
1981
1982 if (nla_put_u32(skb, OVS_KEY_ATTR_DP_HASH, output->ovs_flow_hash))
1983 goto nla_put_failure;
1984
1985 if (nla_put_u32(skb, OVS_KEY_ATTR_PRIORITY, output->phy.priority))
1986 goto nla_put_failure;
1987
1988 if ((swkey->tun_proto || is_mask)) {
1989 const void *opts = NULL;
1990
1991 if (output->tun_key.tun_flags & TUNNEL_OPTIONS_PRESENT)
1992 opts = TUN_METADATA_OPTS(output, swkey->tun_opts_len);
1993
1994 if (ip_tun_to_nlattr(skb, &output->tun_key, opts,
1995 swkey->tun_opts_len, swkey->tun_proto, 0))
1996 goto nla_put_failure;
1997 }
1998
1999 if (swkey->phy.in_port == DP_MAX_PORTS) {
2000 if (is_mask && (output->phy.in_port == 0xffff))
2001 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT, 0xffffffff))
2002 goto nla_put_failure;
2003 } else {
2004 u16 upper_u16;
2005 upper_u16 = !is_mask ? 0 : 0xffff;
2006
2007 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT,
2008 (upper_u16 << 16) | output->phy.in_port))
2009 goto nla_put_failure;
2010 }
2011
2012 if (nla_put_u32(skb, OVS_KEY_ATTR_SKB_MARK, output->phy.skb_mark))
2013 goto nla_put_failure;
2014
2015 if (ovs_ct_put_key(swkey, output, skb))
2016 goto nla_put_failure;
2017
2018 if (ovs_key_mac_proto(swkey) == MAC_PROTO_ETHERNET) {
2019 nla = nla_reserve(skb, OVS_KEY_ATTR_ETHERNET, sizeof(*eth_key));
2020 if (!nla)
2021 goto nla_put_failure;
2022
2023 eth_key = nla_data(nla);
2024 ether_addr_copy(eth_key->eth_src, output->eth.src);
2025 ether_addr_copy(eth_key->eth_dst, output->eth.dst);
2026
2027 if (swkey->eth.vlan.tci || eth_type_vlan(swkey->eth.type)) {
2028 if (ovs_nla_put_vlan(skb, &output->eth.vlan, is_mask))
2029 goto nla_put_failure;
2030 encap = nla_nest_start_noflag(skb, OVS_KEY_ATTR_ENCAP);
2031 if (!swkey->eth.vlan.tci)
2032 goto unencap;
2033
2034 if (swkey->eth.cvlan.tci || eth_type_vlan(swkey->eth.type)) {
2035 if (ovs_nla_put_vlan(skb, &output->eth.cvlan, is_mask))
2036 goto nla_put_failure;
2037 in_encap = nla_nest_start_noflag(skb,
2038 OVS_KEY_ATTR_ENCAP);
2039 if (!swkey->eth.cvlan.tci)
2040 goto unencap;
2041 }
2042 }
2043
2044 if (swkey->eth.type == htons(ETH_P_802_2)) {
2045
2046
2047
2048
2049
2050
2051 if (is_mask && output->eth.type)
2052 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE,
2053 output->eth.type))
2054 goto nla_put_failure;
2055 goto unencap;
2056 }
2057 }
2058
2059 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, output->eth.type))
2060 goto nla_put_failure;
2061
2062 if (eth_type_vlan(swkey->eth.type)) {
2063
2064
2065
2066 WARN_ON_ONCE(!(encap && in_encap));
2067 goto unencap;
2068 }
2069
2070 if (swkey->eth.type == htons(ETH_P_IP)) {
2071 struct ovs_key_ipv4 *ipv4_key;
2072
2073 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV4, sizeof(*ipv4_key));
2074 if (!nla)
2075 goto nla_put_failure;
2076 ipv4_key = nla_data(nla);
2077 ipv4_key->ipv4_src = output->ipv4.addr.src;
2078 ipv4_key->ipv4_dst = output->ipv4.addr.dst;
2079 ipv4_key->ipv4_proto = output->ip.proto;
2080 ipv4_key->ipv4_tos = output->ip.tos;
2081 ipv4_key->ipv4_ttl = output->ip.ttl;
2082 ipv4_key->ipv4_frag = output->ip.frag;
2083 } else if (swkey->eth.type == htons(ETH_P_IPV6)) {
2084 struct ovs_key_ipv6 *ipv6_key;
2085
2086 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV6, sizeof(*ipv6_key));
2087 if (!nla)
2088 goto nla_put_failure;
2089 ipv6_key = nla_data(nla);
2090 memcpy(ipv6_key->ipv6_src, &output->ipv6.addr.src,
2091 sizeof(ipv6_key->ipv6_src));
2092 memcpy(ipv6_key->ipv6_dst, &output->ipv6.addr.dst,
2093 sizeof(ipv6_key->ipv6_dst));
2094 ipv6_key->ipv6_label = output->ipv6.label;
2095 ipv6_key->ipv6_proto = output->ip.proto;
2096 ipv6_key->ipv6_tclass = output->ip.tos;
2097 ipv6_key->ipv6_hlimit = output->ip.ttl;
2098 ipv6_key->ipv6_frag = output->ip.frag;
2099 } else if (swkey->eth.type == htons(ETH_P_NSH)) {
2100 if (nsh_key_to_nlattr(&output->nsh, is_mask, skb))
2101 goto nla_put_failure;
2102 } else if (swkey->eth.type == htons(ETH_P_ARP) ||
2103 swkey->eth.type == htons(ETH_P_RARP)) {
2104 struct ovs_key_arp *arp_key;
2105
2106 nla = nla_reserve(skb, OVS_KEY_ATTR_ARP, sizeof(*arp_key));
2107 if (!nla)
2108 goto nla_put_failure;
2109 arp_key = nla_data(nla);
2110 memset(arp_key, 0, sizeof(struct ovs_key_arp));
2111 arp_key->arp_sip = output->ipv4.addr.src;
2112 arp_key->arp_tip = output->ipv4.addr.dst;
2113 arp_key->arp_op = htons(output->ip.proto);
2114 ether_addr_copy(arp_key->arp_sha, output->ipv4.arp.sha);
2115 ether_addr_copy(arp_key->arp_tha, output->ipv4.arp.tha);
2116 } else if (eth_p_mpls(swkey->eth.type)) {
2117 struct ovs_key_mpls *mpls_key;
2118
2119 nla = nla_reserve(skb, OVS_KEY_ATTR_MPLS, sizeof(*mpls_key));
2120 if (!nla)
2121 goto nla_put_failure;
2122 mpls_key = nla_data(nla);
2123 mpls_key->mpls_lse = output->mpls.top_lse;
2124 }
2125
2126 if ((swkey->eth.type == htons(ETH_P_IP) ||
2127 swkey->eth.type == htons(ETH_P_IPV6)) &&
2128 swkey->ip.frag != OVS_FRAG_TYPE_LATER) {
2129
2130 if (swkey->ip.proto == IPPROTO_TCP) {
2131 struct ovs_key_tcp *tcp_key;
2132
2133 nla = nla_reserve(skb, OVS_KEY_ATTR_TCP, sizeof(*tcp_key));
2134 if (!nla)
2135 goto nla_put_failure;
2136 tcp_key = nla_data(nla);
2137 tcp_key->tcp_src = output->tp.src;
2138 tcp_key->tcp_dst = output->tp.dst;
2139 if (nla_put_be16(skb, OVS_KEY_ATTR_TCP_FLAGS,
2140 output->tp.flags))
2141 goto nla_put_failure;
2142 } else if (swkey->ip.proto == IPPROTO_UDP) {
2143 struct ovs_key_udp *udp_key;
2144
2145 nla = nla_reserve(skb, OVS_KEY_ATTR_UDP, sizeof(*udp_key));
2146 if (!nla)
2147 goto nla_put_failure;
2148 udp_key = nla_data(nla);
2149 udp_key->udp_src = output->tp.src;
2150 udp_key->udp_dst = output->tp.dst;
2151 } else if (swkey->ip.proto == IPPROTO_SCTP) {
2152 struct ovs_key_sctp *sctp_key;
2153
2154 nla = nla_reserve(skb, OVS_KEY_ATTR_SCTP, sizeof(*sctp_key));
2155 if (!nla)
2156 goto nla_put_failure;
2157 sctp_key = nla_data(nla);
2158 sctp_key->sctp_src = output->tp.src;
2159 sctp_key->sctp_dst = output->tp.dst;
2160 } else if (swkey->eth.type == htons(ETH_P_IP) &&
2161 swkey->ip.proto == IPPROTO_ICMP) {
2162 struct ovs_key_icmp *icmp_key;
2163
2164 nla = nla_reserve(skb, OVS_KEY_ATTR_ICMP, sizeof(*icmp_key));
2165 if (!nla)
2166 goto nla_put_failure;
2167 icmp_key = nla_data(nla);
2168 icmp_key->icmp_type = ntohs(output->tp.src);
2169 icmp_key->icmp_code = ntohs(output->tp.dst);
2170 } else if (swkey->eth.type == htons(ETH_P_IPV6) &&
2171 swkey->ip.proto == IPPROTO_ICMPV6) {
2172 struct ovs_key_icmpv6 *icmpv6_key;
2173
2174 nla = nla_reserve(skb, OVS_KEY_ATTR_ICMPV6,
2175 sizeof(*icmpv6_key));
2176 if (!nla)
2177 goto nla_put_failure;
2178 icmpv6_key = nla_data(nla);
2179 icmpv6_key->icmpv6_type = ntohs(output->tp.src);
2180 icmpv6_key->icmpv6_code = ntohs(output->tp.dst);
2181
2182 if (icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_SOLICITATION ||
2183 icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_ADVERTISEMENT) {
2184 struct ovs_key_nd *nd_key;
2185
2186 nla = nla_reserve(skb, OVS_KEY_ATTR_ND, sizeof(*nd_key));
2187 if (!nla)
2188 goto nla_put_failure;
2189 nd_key = nla_data(nla);
2190 memcpy(nd_key->nd_target, &output->ipv6.nd.target,
2191 sizeof(nd_key->nd_target));
2192 ether_addr_copy(nd_key->nd_sll, output->ipv6.nd.sll);
2193 ether_addr_copy(nd_key->nd_tll, output->ipv6.nd.tll);
2194 }
2195 }
2196 }
2197
2198unencap:
2199 if (in_encap)
2200 nla_nest_end(skb, in_encap);
2201 if (encap)
2202 nla_nest_end(skb, encap);
2203
2204 return 0;
2205
2206nla_put_failure:
2207 return -EMSGSIZE;
2208}
2209
2210int ovs_nla_put_key(const struct sw_flow_key *swkey,
2211 const struct sw_flow_key *output, int attr, bool is_mask,
2212 struct sk_buff *skb)
2213{
2214 int err;
2215 struct nlattr *nla;
2216
2217 nla = nla_nest_start_noflag(skb, attr);
2218 if (!nla)
2219 return -EMSGSIZE;
2220 err = __ovs_nla_put_key(swkey, output, is_mask, skb);
2221 if (err)
2222 return err;
2223 nla_nest_end(skb, nla);
2224
2225 return 0;
2226}
2227
2228
2229int ovs_nla_put_identifier(const struct sw_flow *flow, struct sk_buff *skb)
2230{
2231 if (ovs_identifier_is_ufid(&flow->id))
2232 return nla_put(skb, OVS_FLOW_ATTR_UFID, flow->id.ufid_len,
2233 flow->id.ufid);
2234
2235 return ovs_nla_put_key(flow->id.unmasked_key, flow->id.unmasked_key,
2236 OVS_FLOW_ATTR_KEY, false, skb);
2237}
2238
2239
2240int ovs_nla_put_masked_key(const struct sw_flow *flow, struct sk_buff *skb)
2241{
2242 return ovs_nla_put_key(&flow->key, &flow->key,
2243 OVS_FLOW_ATTR_KEY, false, skb);
2244}
2245
2246
2247int ovs_nla_put_mask(const struct sw_flow *flow, struct sk_buff *skb)
2248{
2249 return ovs_nla_put_key(&flow->key, &flow->mask->key,
2250 OVS_FLOW_ATTR_MASK, true, skb);
2251}
2252
2253#define MAX_ACTIONS_BUFSIZE (32 * 1024)
2254
2255static struct sw_flow_actions *nla_alloc_flow_actions(int size)
2256{
2257 struct sw_flow_actions *sfa;
2258
2259 WARN_ON_ONCE(size > MAX_ACTIONS_BUFSIZE);
2260
2261 sfa = kmalloc(sizeof(*sfa) + size, GFP_KERNEL);
2262 if (!sfa)
2263 return ERR_PTR(-ENOMEM);
2264
2265 sfa->actions_len = 0;
2266 return sfa;
2267}
2268
2269static void ovs_nla_free_set_action(const struct nlattr *a)
2270{
2271 const struct nlattr *ovs_key = nla_data(a);
2272 struct ovs_tunnel_info *ovs_tun;
2273
2274 switch (nla_type(ovs_key)) {
2275 case OVS_KEY_ATTR_TUNNEL_INFO:
2276 ovs_tun = nla_data(ovs_key);
2277 dst_release((struct dst_entry *)ovs_tun->tun_dst);
2278 break;
2279 }
2280}
2281
2282void ovs_nla_free_flow_actions(struct sw_flow_actions *sf_acts)
2283{
2284 const struct nlattr *a;
2285 int rem;
2286
2287 if (!sf_acts)
2288 return;
2289
2290 nla_for_each_attr(a, sf_acts->actions, sf_acts->actions_len, rem) {
2291 switch (nla_type(a)) {
2292 case OVS_ACTION_ATTR_SET:
2293 ovs_nla_free_set_action(a);
2294 break;
2295 case OVS_ACTION_ATTR_CT:
2296 ovs_ct_free_action(a);
2297 break;
2298 }
2299 }
2300
2301 kfree(sf_acts);
2302}
2303
2304static void __ovs_nla_free_flow_actions(struct rcu_head *head)
2305{
2306 ovs_nla_free_flow_actions(container_of(head, struct sw_flow_actions, rcu));
2307}
2308
2309
2310
2311void ovs_nla_free_flow_actions_rcu(struct sw_flow_actions *sf_acts)
2312{
2313 call_rcu(&sf_acts->rcu, __ovs_nla_free_flow_actions);
2314}
2315
2316static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa,
2317 int attr_len, bool log)
2318{
2319
2320 struct sw_flow_actions *acts;
2321 int new_acts_size;
2322 size_t req_size = NLA_ALIGN(attr_len);
2323 int next_offset = offsetof(struct sw_flow_actions, actions) +
2324 (*sfa)->actions_len;
2325
2326 if (req_size <= (ksize(*sfa) - next_offset))
2327 goto out;
2328
2329 new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2);
2330
2331 if (new_acts_size > MAX_ACTIONS_BUFSIZE) {
2332 if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) {
2333 OVS_NLERR(log, "Flow action size exceeds max %u",
2334 MAX_ACTIONS_BUFSIZE);
2335 return ERR_PTR(-EMSGSIZE);
2336 }
2337 new_acts_size = MAX_ACTIONS_BUFSIZE;
2338 }
2339
2340 acts = nla_alloc_flow_actions(new_acts_size);
2341 if (IS_ERR(acts))
2342 return (void *)acts;
2343
2344 memcpy(acts->actions, (*sfa)->actions, (*sfa)->actions_len);
2345 acts->actions_len = (*sfa)->actions_len;
2346 acts->orig_len = (*sfa)->orig_len;
2347 kfree(*sfa);
2348 *sfa = acts;
2349
2350out:
2351 (*sfa)->actions_len += req_size;
2352 return (struct nlattr *) ((unsigned char *)(*sfa) + next_offset);
2353}
2354
2355static struct nlattr *__add_action(struct sw_flow_actions **sfa,
2356 int attrtype, void *data, int len, bool log)
2357{
2358 struct nlattr *a;
2359
2360 a = reserve_sfa_size(sfa, nla_attr_size(len), log);
2361 if (IS_ERR(a))
2362 return a;
2363
2364 a->nla_type = attrtype;
2365 a->nla_len = nla_attr_size(len);
2366
2367 if (data)
2368 memcpy(nla_data(a), data, len);
2369 memset((unsigned char *) a + a->nla_len, 0, nla_padlen(len));
2370
2371 return a;
2372}
2373
2374int ovs_nla_add_action(struct sw_flow_actions **sfa, int attrtype, void *data,
2375 int len, bool log)
2376{
2377 struct nlattr *a;
2378
2379 a = __add_action(sfa, attrtype, data, len, log);
2380
2381 return PTR_ERR_OR_ZERO(a);
2382}
2383
2384static inline int add_nested_action_start(struct sw_flow_actions **sfa,
2385 int attrtype, bool log)
2386{
2387 int used = (*sfa)->actions_len;
2388 int err;
2389
2390 err = ovs_nla_add_action(sfa, attrtype, NULL, 0, log);
2391 if (err)
2392 return err;
2393
2394 return used;
2395}
2396
2397static inline void add_nested_action_end(struct sw_flow_actions *sfa,
2398 int st_offset)
2399{
2400 struct nlattr *a = (struct nlattr *) ((unsigned char *)sfa->actions +
2401 st_offset);
2402
2403 a->nla_len = sfa->actions_len - st_offset;
2404}
2405
2406static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
2407 const struct sw_flow_key *key,
2408 struct sw_flow_actions **sfa,
2409 __be16 eth_type, __be16 vlan_tci, bool log);
2410
2411static int validate_and_copy_sample(struct net *net, const struct nlattr *attr,
2412 const struct sw_flow_key *key,
2413 struct sw_flow_actions **sfa,
2414 __be16 eth_type, __be16 vlan_tci,
2415 bool log, bool last)
2416{
2417 const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1];
2418 const struct nlattr *probability, *actions;
2419 const struct nlattr *a;
2420 int rem, start, err;
2421 struct sample_arg arg;
2422
2423 memset(attrs, 0, sizeof(attrs));
2424 nla_for_each_nested(a, attr, rem) {
2425 int type = nla_type(a);
2426 if (!type || type > OVS_SAMPLE_ATTR_MAX || attrs[type])
2427 return -EINVAL;
2428 attrs[type] = a;
2429 }
2430 if (rem)
2431 return -EINVAL;
2432
2433 probability = attrs[OVS_SAMPLE_ATTR_PROBABILITY];
2434 if (!probability || nla_len(probability) != sizeof(u32))
2435 return -EINVAL;
2436
2437 actions = attrs[OVS_SAMPLE_ATTR_ACTIONS];
2438 if (!actions || (nla_len(actions) && nla_len(actions) < NLA_HDRLEN))
2439 return -EINVAL;
2440
2441
2442 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SAMPLE, log);
2443 if (start < 0)
2444 return start;
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457 arg.exec = last || !actions_may_change_flow(actions);
2458 arg.probability = nla_get_u32(probability);
2459
2460 err = ovs_nla_add_action(sfa, OVS_SAMPLE_ATTR_ARG, &arg, sizeof(arg),
2461 log);
2462 if (err)
2463 return err;
2464
2465 err = __ovs_nla_copy_actions(net, actions, key, sfa,
2466 eth_type, vlan_tci, log);
2467
2468 if (err)
2469 return err;
2470
2471 add_nested_action_end(*sfa, start);
2472
2473 return 0;
2474}
2475
2476static int validate_and_copy_clone(struct net *net,
2477 const struct nlattr *attr,
2478 const struct sw_flow_key *key,
2479 struct sw_flow_actions **sfa,
2480 __be16 eth_type, __be16 vlan_tci,
2481 bool log, bool last)
2482{
2483 int start, err;
2484 u32 exec;
2485
2486 if (nla_len(attr) && nla_len(attr) < NLA_HDRLEN)
2487 return -EINVAL;
2488
2489 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_CLONE, log);
2490 if (start < 0)
2491 return start;
2492
2493 exec = last || !actions_may_change_flow(attr);
2494
2495 err = ovs_nla_add_action(sfa, OVS_CLONE_ATTR_EXEC, &exec,
2496 sizeof(exec), log);
2497 if (err)
2498 return err;
2499
2500 err = __ovs_nla_copy_actions(net, attr, key, sfa,
2501 eth_type, vlan_tci, log);
2502 if (err)
2503 return err;
2504
2505 add_nested_action_end(*sfa, start);
2506
2507 return 0;
2508}
2509
2510void ovs_match_init(struct sw_flow_match *match,
2511 struct sw_flow_key *key,
2512 bool reset_key,
2513 struct sw_flow_mask *mask)
2514{
2515 memset(match, 0, sizeof(*match));
2516 match->key = key;
2517 match->mask = mask;
2518
2519 if (reset_key)
2520 memset(key, 0, sizeof(*key));
2521
2522 if (mask) {
2523 memset(&mask->key, 0, sizeof(mask->key));
2524 mask->range.start = mask->range.end = 0;
2525 }
2526}
2527
2528static int validate_geneve_opts(struct sw_flow_key *key)
2529{
2530 struct geneve_opt *option;
2531 int opts_len = key->tun_opts_len;
2532 bool crit_opt = false;
2533
2534 option = (struct geneve_opt *)TUN_METADATA_OPTS(key, key->tun_opts_len);
2535 while (opts_len > 0) {
2536 int len;
2537
2538 if (opts_len < sizeof(*option))
2539 return -EINVAL;
2540
2541 len = sizeof(*option) + option->length * 4;
2542 if (len > opts_len)
2543 return -EINVAL;
2544
2545 crit_opt |= !!(option->type & GENEVE_CRIT_OPT_TYPE);
2546
2547 option = (struct geneve_opt *)((u8 *)option + len);
2548 opts_len -= len;
2549 }
2550
2551 key->tun_key.tun_flags |= crit_opt ? TUNNEL_CRIT_OPT : 0;
2552
2553 return 0;
2554}
2555
2556static int validate_and_copy_set_tun(const struct nlattr *attr,
2557 struct sw_flow_actions **sfa, bool log)
2558{
2559 struct sw_flow_match match;
2560 struct sw_flow_key key;
2561 struct metadata_dst *tun_dst;
2562 struct ip_tunnel_info *tun_info;
2563 struct ovs_tunnel_info *ovs_tun;
2564 struct nlattr *a;
2565 int err = 0, start, opts_type;
2566 __be16 dst_opt_type;
2567
2568 dst_opt_type = 0;
2569 ovs_match_init(&match, &key, true, NULL);
2570 opts_type = ip_tun_from_nlattr(nla_data(attr), &match, false, log);
2571 if (opts_type < 0)
2572 return opts_type;
2573
2574 if (key.tun_opts_len) {
2575 switch (opts_type) {
2576 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS:
2577 err = validate_geneve_opts(&key);
2578 if (err < 0)
2579 return err;
2580 dst_opt_type = TUNNEL_GENEVE_OPT;
2581 break;
2582 case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS:
2583 dst_opt_type = TUNNEL_VXLAN_OPT;
2584 break;
2585 case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS:
2586 dst_opt_type = TUNNEL_ERSPAN_OPT;
2587 break;
2588 }
2589 }
2590
2591 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SET, log);
2592 if (start < 0)
2593 return start;
2594
2595 tun_dst = metadata_dst_alloc(key.tun_opts_len, METADATA_IP_TUNNEL,
2596 GFP_KERNEL);
2597
2598 if (!tun_dst)
2599 return -ENOMEM;
2600
2601 err = dst_cache_init(&tun_dst->u.tun_info.dst_cache, GFP_KERNEL);
2602 if (err) {
2603 dst_release((struct dst_entry *)tun_dst);
2604 return err;
2605 }
2606
2607 a = __add_action(sfa, OVS_KEY_ATTR_TUNNEL_INFO, NULL,
2608 sizeof(*ovs_tun), log);
2609 if (IS_ERR(a)) {
2610 dst_release((struct dst_entry *)tun_dst);
2611 return PTR_ERR(a);
2612 }
2613
2614 ovs_tun = nla_data(a);
2615 ovs_tun->tun_dst = tun_dst;
2616
2617 tun_info = &tun_dst->u.tun_info;
2618 tun_info->mode = IP_TUNNEL_INFO_TX;
2619 if (key.tun_proto == AF_INET6)
2620 tun_info->mode |= IP_TUNNEL_INFO_IPV6;
2621 else if (key.tun_proto == AF_INET && key.tun_key.u.ipv4.dst == 0)
2622 tun_info->mode |= IP_TUNNEL_INFO_BRIDGE;
2623 tun_info->key = key.tun_key;
2624
2625
2626
2627
2628
2629 ip_tunnel_info_opts_set(tun_info,
2630 TUN_METADATA_OPTS(&key, key.tun_opts_len),
2631 key.tun_opts_len, dst_opt_type);
2632 add_nested_action_end(*sfa, start);
2633
2634 return err;
2635}
2636
2637static bool validate_nsh(const struct nlattr *attr, bool is_mask,
2638 bool is_push_nsh, bool log)
2639{
2640 struct sw_flow_match match;
2641 struct sw_flow_key key;
2642 int ret = 0;
2643
2644 ovs_match_init(&match, &key, true, NULL);
2645 ret = nsh_key_put_from_nlattr(attr, &match, is_mask,
2646 is_push_nsh, log);
2647 return !ret;
2648}
2649
2650
2651
2652
2653static bool validate_masked(u8 *data, int len)
2654{
2655 u8 *mask = data + len;
2656
2657 while (len--)
2658 if (*data++ & ~*mask++)
2659 return false;
2660
2661 return true;
2662}
2663
2664static int validate_set(const struct nlattr *a,
2665 const struct sw_flow_key *flow_key,
2666 struct sw_flow_actions **sfa, bool *skip_copy,
2667 u8 mac_proto, __be16 eth_type, bool masked, bool log)
2668{
2669 const struct nlattr *ovs_key = nla_data(a);
2670 int key_type = nla_type(ovs_key);
2671 size_t key_len;
2672
2673
2674 if (nla_total_size(nla_len(ovs_key)) != nla_len(a))
2675 return -EINVAL;
2676
2677 key_len = nla_len(ovs_key);
2678 if (masked)
2679 key_len /= 2;
2680
2681 if (key_type > OVS_KEY_ATTR_MAX ||
2682 !check_attr_len(key_len, ovs_key_lens[key_type].len))
2683 return -EINVAL;
2684
2685 if (masked && !validate_masked(nla_data(ovs_key), key_len))
2686 return -EINVAL;
2687
2688 switch (key_type) {
2689 const struct ovs_key_ipv4 *ipv4_key;
2690 const struct ovs_key_ipv6 *ipv6_key;
2691 int err;
2692
2693 case OVS_KEY_ATTR_PRIORITY:
2694 case OVS_KEY_ATTR_SKB_MARK:
2695 case OVS_KEY_ATTR_CT_MARK:
2696 case OVS_KEY_ATTR_CT_LABELS:
2697 break;
2698
2699 case OVS_KEY_ATTR_ETHERNET:
2700 if (mac_proto != MAC_PROTO_ETHERNET)
2701 return -EINVAL;
2702 break;
2703
2704 case OVS_KEY_ATTR_TUNNEL:
2705 if (masked)
2706 return -EINVAL;
2707
2708 *skip_copy = true;
2709 err = validate_and_copy_set_tun(a, sfa, log);
2710 if (err)
2711 return err;
2712 break;
2713
2714 case OVS_KEY_ATTR_IPV4:
2715 if (eth_type != htons(ETH_P_IP))
2716 return -EINVAL;
2717
2718 ipv4_key = nla_data(ovs_key);
2719
2720 if (masked) {
2721 const struct ovs_key_ipv4 *mask = ipv4_key + 1;
2722
2723
2724 if (mask->ipv4_proto || mask->ipv4_frag)
2725 return -EINVAL;
2726 } else {
2727 if (ipv4_key->ipv4_proto != flow_key->ip.proto)
2728 return -EINVAL;
2729
2730 if (ipv4_key->ipv4_frag != flow_key->ip.frag)
2731 return -EINVAL;
2732 }
2733 break;
2734
2735 case OVS_KEY_ATTR_IPV6:
2736 if (eth_type != htons(ETH_P_IPV6))
2737 return -EINVAL;
2738
2739 ipv6_key = nla_data(ovs_key);
2740
2741 if (masked) {
2742 const struct ovs_key_ipv6 *mask = ipv6_key + 1;
2743
2744
2745 if (mask->ipv6_proto || mask->ipv6_frag)
2746 return -EINVAL;
2747
2748
2749 if (ntohl(mask->ipv6_label) & 0xFFF00000)
2750 return -EINVAL;
2751 } else {
2752 if (ipv6_key->ipv6_proto != flow_key->ip.proto)
2753 return -EINVAL;
2754
2755 if (ipv6_key->ipv6_frag != flow_key->ip.frag)
2756 return -EINVAL;
2757 }
2758 if (ntohl(ipv6_key->ipv6_label) & 0xFFF00000)
2759 return -EINVAL;
2760
2761 break;
2762
2763 case OVS_KEY_ATTR_TCP:
2764 if ((eth_type != htons(ETH_P_IP) &&
2765 eth_type != htons(ETH_P_IPV6)) ||
2766 flow_key->ip.proto != IPPROTO_TCP)
2767 return -EINVAL;
2768
2769 break;
2770
2771 case OVS_KEY_ATTR_UDP:
2772 if ((eth_type != htons(ETH_P_IP) &&
2773 eth_type != htons(ETH_P_IPV6)) ||
2774 flow_key->ip.proto != IPPROTO_UDP)
2775 return -EINVAL;
2776
2777 break;
2778
2779 case OVS_KEY_ATTR_MPLS:
2780 if (!eth_p_mpls(eth_type))
2781 return -EINVAL;
2782 break;
2783
2784 case OVS_KEY_ATTR_SCTP:
2785 if ((eth_type != htons(ETH_P_IP) &&
2786 eth_type != htons(ETH_P_IPV6)) ||
2787 flow_key->ip.proto != IPPROTO_SCTP)
2788 return -EINVAL;
2789
2790 break;
2791
2792 case OVS_KEY_ATTR_NSH:
2793 if (eth_type != htons(ETH_P_NSH))
2794 return -EINVAL;
2795 if (!validate_nsh(nla_data(a), masked, false, log))
2796 return -EINVAL;
2797 break;
2798
2799 default:
2800 return -EINVAL;
2801 }
2802
2803
2804 if (!masked && key_type != OVS_KEY_ATTR_TUNNEL) {
2805 int start, len = key_len * 2;
2806 struct nlattr *at;
2807
2808 *skip_copy = true;
2809
2810 start = add_nested_action_start(sfa,
2811 OVS_ACTION_ATTR_SET_TO_MASKED,
2812 log);
2813 if (start < 0)
2814 return start;
2815
2816 at = __add_action(sfa, key_type, NULL, len, log);
2817 if (IS_ERR(at))
2818 return PTR_ERR(at);
2819
2820 memcpy(nla_data(at), nla_data(ovs_key), key_len);
2821 memset(nla_data(at) + key_len, 0xff, key_len);
2822
2823 if (key_type == OVS_KEY_ATTR_IPV6) {
2824 struct ovs_key_ipv6 *mask = nla_data(at) + key_len;
2825
2826 mask->ipv6_label &= htonl(0x000FFFFF);
2827 }
2828 add_nested_action_end(*sfa, start);
2829 }
2830
2831 return 0;
2832}
2833
2834static int validate_userspace(const struct nlattr *attr)
2835{
2836 static const struct nla_policy userspace_policy[OVS_USERSPACE_ATTR_MAX + 1] = {
2837 [OVS_USERSPACE_ATTR_PID] = {.type = NLA_U32 },
2838 [OVS_USERSPACE_ATTR_USERDATA] = {.type = NLA_UNSPEC },
2839 [OVS_USERSPACE_ATTR_EGRESS_TUN_PORT] = {.type = NLA_U32 },
2840 };
2841 struct nlattr *a[OVS_USERSPACE_ATTR_MAX + 1];
2842 int error;
2843
2844 error = nla_parse_nested_deprecated(a, OVS_USERSPACE_ATTR_MAX, attr,
2845 userspace_policy, NULL);
2846 if (error)
2847 return error;
2848
2849 if (!a[OVS_USERSPACE_ATTR_PID] ||
2850 !nla_get_u32(a[OVS_USERSPACE_ATTR_PID]))
2851 return -EINVAL;
2852
2853 return 0;
2854}
2855
2856static const struct nla_policy cpl_policy[OVS_CHECK_PKT_LEN_ATTR_MAX + 1] = {
2857 [OVS_CHECK_PKT_LEN_ATTR_PKT_LEN] = {.type = NLA_U16 },
2858 [OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER] = {.type = NLA_NESTED },
2859 [OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL] = {.type = NLA_NESTED },
2860};
2861
2862static int validate_and_copy_check_pkt_len(struct net *net,
2863 const struct nlattr *attr,
2864 const struct sw_flow_key *key,
2865 struct sw_flow_actions **sfa,
2866 __be16 eth_type, __be16 vlan_tci,
2867 bool log, bool last)
2868{
2869 const struct nlattr *acts_if_greater, *acts_if_lesser_eq;
2870 struct nlattr *a[OVS_CHECK_PKT_LEN_ATTR_MAX + 1];
2871 struct check_pkt_len_arg arg;
2872 int nested_acts_start;
2873 int start, err;
2874
2875 err = nla_parse_deprecated_strict(a, OVS_CHECK_PKT_LEN_ATTR_MAX,
2876 nla_data(attr), nla_len(attr),
2877 cpl_policy, NULL);
2878 if (err)
2879 return err;
2880
2881 if (!a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN] ||
2882 !nla_get_u16(a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN]))
2883 return -EINVAL;
2884
2885 acts_if_lesser_eq = a[OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL];
2886 acts_if_greater = a[OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER];
2887
2888
2889 if (!acts_if_greater || !acts_if_lesser_eq)
2890 return -EINVAL;
2891
2892
2893 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_CHECK_PKT_LEN,
2894 log);
2895 if (start < 0)
2896 return start;
2897
2898 arg.pkt_len = nla_get_u16(a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN]);
2899 arg.exec_for_lesser_equal =
2900 last || !actions_may_change_flow(acts_if_lesser_eq);
2901 arg.exec_for_greater =
2902 last || !actions_may_change_flow(acts_if_greater);
2903
2904 err = ovs_nla_add_action(sfa, OVS_CHECK_PKT_LEN_ATTR_ARG, &arg,
2905 sizeof(arg), log);
2906 if (err)
2907 return err;
2908
2909 nested_acts_start = add_nested_action_start(sfa,
2910 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL, log);
2911 if (nested_acts_start < 0)
2912 return nested_acts_start;
2913
2914 err = __ovs_nla_copy_actions(net, acts_if_lesser_eq, key, sfa,
2915 eth_type, vlan_tci, log);
2916
2917 if (err)
2918 return err;
2919
2920 add_nested_action_end(*sfa, nested_acts_start);
2921
2922 nested_acts_start = add_nested_action_start(sfa,
2923 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER, log);
2924 if (nested_acts_start < 0)
2925 return nested_acts_start;
2926
2927 err = __ovs_nla_copy_actions(net, acts_if_greater, key, sfa,
2928 eth_type, vlan_tci, log);
2929
2930 if (err)
2931 return err;
2932
2933 add_nested_action_end(*sfa, nested_acts_start);
2934 add_nested_action_end(*sfa, start);
2935 return 0;
2936}
2937
2938static int copy_action(const struct nlattr *from,
2939 struct sw_flow_actions **sfa, bool log)
2940{
2941 int totlen = NLA_ALIGN(from->nla_len);
2942 struct nlattr *to;
2943
2944 to = reserve_sfa_size(sfa, from->nla_len, log);
2945 if (IS_ERR(to))
2946 return PTR_ERR(to);
2947
2948 memcpy(to, from, totlen);
2949 return 0;
2950}
2951
2952static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
2953 const struct sw_flow_key *key,
2954 struct sw_flow_actions **sfa,
2955 __be16 eth_type, __be16 vlan_tci, bool log)
2956{
2957 u8 mac_proto = ovs_key_mac_proto(key);
2958 const struct nlattr *a;
2959 int rem, err;
2960
2961 nla_for_each_nested(a, attr, rem) {
2962
2963 static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = {
2964 [OVS_ACTION_ATTR_OUTPUT] = sizeof(u32),
2965 [OVS_ACTION_ATTR_RECIRC] = sizeof(u32),
2966 [OVS_ACTION_ATTR_USERSPACE] = (u32)-1,
2967 [OVS_ACTION_ATTR_PUSH_MPLS] = sizeof(struct ovs_action_push_mpls),
2968 [OVS_ACTION_ATTR_POP_MPLS] = sizeof(__be16),
2969 [OVS_ACTION_ATTR_PUSH_VLAN] = sizeof(struct ovs_action_push_vlan),
2970 [OVS_ACTION_ATTR_POP_VLAN] = 0,
2971 [OVS_ACTION_ATTR_SET] = (u32)-1,
2972 [OVS_ACTION_ATTR_SET_MASKED] = (u32)-1,
2973 [OVS_ACTION_ATTR_SAMPLE] = (u32)-1,
2974 [OVS_ACTION_ATTR_HASH] = sizeof(struct ovs_action_hash),
2975 [OVS_ACTION_ATTR_CT] = (u32)-1,
2976 [OVS_ACTION_ATTR_CT_CLEAR] = 0,
2977 [OVS_ACTION_ATTR_TRUNC] = sizeof(struct ovs_action_trunc),
2978 [OVS_ACTION_ATTR_PUSH_ETH] = sizeof(struct ovs_action_push_eth),
2979 [OVS_ACTION_ATTR_POP_ETH] = 0,
2980 [OVS_ACTION_ATTR_PUSH_NSH] = (u32)-1,
2981 [OVS_ACTION_ATTR_POP_NSH] = 0,
2982 [OVS_ACTION_ATTR_METER] = sizeof(u32),
2983 [OVS_ACTION_ATTR_CLONE] = (u32)-1,
2984 [OVS_ACTION_ATTR_CHECK_PKT_LEN] = (u32)-1,
2985 };
2986 const struct ovs_action_push_vlan *vlan;
2987 int type = nla_type(a);
2988 bool skip_copy;
2989
2990 if (type > OVS_ACTION_ATTR_MAX ||
2991 (action_lens[type] != nla_len(a) &&
2992 action_lens[type] != (u32)-1))
2993 return -EINVAL;
2994
2995 skip_copy = false;
2996 switch (type) {
2997 case OVS_ACTION_ATTR_UNSPEC:
2998 return -EINVAL;
2999
3000 case OVS_ACTION_ATTR_USERSPACE:
3001 err = validate_userspace(a);
3002 if (err)
3003 return err;
3004 break;
3005
3006 case OVS_ACTION_ATTR_OUTPUT:
3007 if (nla_get_u32(a) >= DP_MAX_PORTS)
3008 return -EINVAL;
3009 break;
3010
3011 case OVS_ACTION_ATTR_TRUNC: {
3012 const struct ovs_action_trunc *trunc = nla_data(a);
3013
3014 if (trunc->max_len < ETH_HLEN)
3015 return -EINVAL;
3016 break;
3017 }
3018
3019 case OVS_ACTION_ATTR_HASH: {
3020 const struct ovs_action_hash *act_hash = nla_data(a);
3021
3022 switch (act_hash->hash_alg) {
3023 case OVS_HASH_ALG_L4:
3024 break;
3025 default:
3026 return -EINVAL;
3027 }
3028
3029 break;
3030 }
3031
3032 case OVS_ACTION_ATTR_POP_VLAN:
3033 if (mac_proto != MAC_PROTO_ETHERNET)
3034 return -EINVAL;
3035 vlan_tci = htons(0);
3036 break;
3037
3038 case OVS_ACTION_ATTR_PUSH_VLAN:
3039 if (mac_proto != MAC_PROTO_ETHERNET)
3040 return -EINVAL;
3041 vlan = nla_data(a);
3042 if (!eth_type_vlan(vlan->vlan_tpid))
3043 return -EINVAL;
3044 if (!(vlan->vlan_tci & htons(VLAN_CFI_MASK)))
3045 return -EINVAL;
3046 vlan_tci = vlan->vlan_tci;
3047 break;
3048
3049 case OVS_ACTION_ATTR_RECIRC:
3050 break;
3051
3052 case OVS_ACTION_ATTR_PUSH_MPLS: {
3053 const struct ovs_action_push_mpls *mpls = nla_data(a);
3054
3055 if (!eth_p_mpls(mpls->mpls_ethertype))
3056 return -EINVAL;
3057
3058
3059
3060 if (vlan_tci & htons(VLAN_CFI_MASK) ||
3061 (eth_type != htons(ETH_P_IP) &&
3062 eth_type != htons(ETH_P_IPV6) &&
3063 eth_type != htons(ETH_P_ARP) &&
3064 eth_type != htons(ETH_P_RARP) &&
3065 !eth_p_mpls(eth_type)))
3066 return -EINVAL;
3067 eth_type = mpls->mpls_ethertype;
3068 break;
3069 }
3070
3071 case OVS_ACTION_ATTR_POP_MPLS:
3072 if (vlan_tci & htons(VLAN_CFI_MASK) ||
3073 !eth_p_mpls(eth_type))
3074 return -EINVAL;
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085 eth_type = htons(0);
3086 break;
3087
3088 case OVS_ACTION_ATTR_SET:
3089 err = validate_set(a, key, sfa,
3090 &skip_copy, mac_proto, eth_type,
3091 false, log);
3092 if (err)
3093 return err;
3094 break;
3095
3096 case OVS_ACTION_ATTR_SET_MASKED:
3097 err = validate_set(a, key, sfa,
3098 &skip_copy, mac_proto, eth_type,
3099 true, log);
3100 if (err)
3101 return err;
3102 break;
3103
3104 case OVS_ACTION_ATTR_SAMPLE: {
3105 bool last = nla_is_last(a, rem);
3106
3107 err = validate_and_copy_sample(net, a, key, sfa,
3108 eth_type, vlan_tci,
3109 log, last);
3110 if (err)
3111 return err;
3112 skip_copy = true;
3113 break;
3114 }
3115
3116 case OVS_ACTION_ATTR_CT:
3117 err = ovs_ct_copy_action(net, a, key, sfa, log);
3118 if (err)
3119 return err;
3120 skip_copy = true;
3121 break;
3122
3123 case OVS_ACTION_ATTR_CT_CLEAR:
3124 break;
3125
3126 case OVS_ACTION_ATTR_PUSH_ETH:
3127
3128
3129 if (mac_proto != MAC_PROTO_NONE)
3130 return -EINVAL;
3131 mac_proto = MAC_PROTO_ETHERNET;
3132 break;
3133
3134 case OVS_ACTION_ATTR_POP_ETH:
3135 if (mac_proto != MAC_PROTO_ETHERNET)
3136 return -EINVAL;
3137 if (vlan_tci & htons(VLAN_CFI_MASK))
3138 return -EINVAL;
3139 mac_proto = MAC_PROTO_NONE;
3140 break;
3141
3142 case OVS_ACTION_ATTR_PUSH_NSH:
3143 if (mac_proto != MAC_PROTO_ETHERNET) {
3144 u8 next_proto;
3145
3146 next_proto = tun_p_from_eth_p(eth_type);
3147 if (!next_proto)
3148 return -EINVAL;
3149 }
3150 mac_proto = MAC_PROTO_NONE;
3151 if (!validate_nsh(nla_data(a), false, true, true))
3152 return -EINVAL;
3153 break;
3154
3155 case OVS_ACTION_ATTR_POP_NSH: {
3156 __be16 inner_proto;
3157
3158 if (eth_type != htons(ETH_P_NSH))
3159 return -EINVAL;
3160 inner_proto = tun_p_to_eth_p(key->nsh.base.np);
3161 if (!inner_proto)
3162 return -EINVAL;
3163 if (key->nsh.base.np == TUN_P_ETHERNET)
3164 mac_proto = MAC_PROTO_ETHERNET;
3165 else
3166 mac_proto = MAC_PROTO_NONE;
3167 break;
3168 }
3169
3170 case OVS_ACTION_ATTR_METER:
3171
3172 break;
3173
3174 case OVS_ACTION_ATTR_CLONE: {
3175 bool last = nla_is_last(a, rem);
3176
3177 err = validate_and_copy_clone(net, a, key, sfa,
3178 eth_type, vlan_tci,
3179 log, last);
3180 if (err)
3181 return err;
3182 skip_copy = true;
3183 break;
3184 }
3185
3186 case OVS_ACTION_ATTR_CHECK_PKT_LEN: {
3187 bool last = nla_is_last(a, rem);
3188
3189 err = validate_and_copy_check_pkt_len(net, a, key, sfa,
3190 eth_type,
3191 vlan_tci, log,
3192 last);
3193 if (err)
3194 return err;
3195 skip_copy = true;
3196 break;
3197 }
3198
3199 default:
3200 OVS_NLERR(log, "Unknown Action type %d", type);
3201 return -EINVAL;
3202 }
3203 if (!skip_copy) {
3204 err = copy_action(a, sfa, log);
3205 if (err)
3206 return err;
3207 }
3208 }
3209
3210 if (rem > 0)
3211 return -EINVAL;
3212
3213 return 0;
3214}
3215
3216
3217int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
3218 const struct sw_flow_key *key,
3219 struct sw_flow_actions **sfa, bool log)
3220{
3221 int err;
3222
3223 *sfa = nla_alloc_flow_actions(min(nla_len(attr), MAX_ACTIONS_BUFSIZE));
3224 if (IS_ERR(*sfa))
3225 return PTR_ERR(*sfa);
3226
3227 (*sfa)->orig_len = nla_len(attr);
3228 err = __ovs_nla_copy_actions(net, attr, key, sfa, key->eth.type,
3229 key->eth.vlan.tci, log);
3230 if (err)
3231 ovs_nla_free_flow_actions(*sfa);
3232
3233 return err;
3234}
3235
3236static int sample_action_to_attr(const struct nlattr *attr,
3237 struct sk_buff *skb)
3238{
3239 struct nlattr *start, *ac_start = NULL, *sample_arg;
3240 int err = 0, rem = nla_len(attr);
3241 const struct sample_arg *arg;
3242 struct nlattr *actions;
3243
3244 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SAMPLE);
3245 if (!start)
3246 return -EMSGSIZE;
3247
3248 sample_arg = nla_data(attr);
3249 arg = nla_data(sample_arg);
3250 actions = nla_next(sample_arg, &rem);
3251
3252 if (nla_put_u32(skb, OVS_SAMPLE_ATTR_PROBABILITY, arg->probability)) {
3253 err = -EMSGSIZE;
3254 goto out;
3255 }
3256
3257 ac_start = nla_nest_start_noflag(skb, OVS_SAMPLE_ATTR_ACTIONS);
3258 if (!ac_start) {
3259 err = -EMSGSIZE;
3260 goto out;
3261 }
3262
3263 err = ovs_nla_put_actions(actions, rem, skb);
3264
3265out:
3266 if (err) {
3267 nla_nest_cancel(skb, ac_start);
3268 nla_nest_cancel(skb, start);
3269 } else {
3270 nla_nest_end(skb, ac_start);
3271 nla_nest_end(skb, start);
3272 }
3273
3274 return err;
3275}
3276
3277static int clone_action_to_attr(const struct nlattr *attr,
3278 struct sk_buff *skb)
3279{
3280 struct nlattr *start;
3281 int err = 0, rem = nla_len(attr);
3282
3283 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CLONE);
3284 if (!start)
3285 return -EMSGSIZE;
3286
3287 err = ovs_nla_put_actions(nla_data(attr), rem, skb);
3288
3289 if (err)
3290 nla_nest_cancel(skb, start);
3291 else
3292 nla_nest_end(skb, start);
3293
3294 return err;
3295}
3296
3297static int check_pkt_len_action_to_attr(const struct nlattr *attr,
3298 struct sk_buff *skb)
3299{
3300 struct nlattr *start, *ac_start = NULL;
3301 const struct check_pkt_len_arg *arg;
3302 const struct nlattr *a, *cpl_arg;
3303 int err = 0, rem = nla_len(attr);
3304
3305 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CHECK_PKT_LEN);
3306 if (!start)
3307 return -EMSGSIZE;
3308
3309
3310
3311
3312 cpl_arg = nla_data(attr);
3313 arg = nla_data(cpl_arg);
3314
3315 if (nla_put_u16(skb, OVS_CHECK_PKT_LEN_ATTR_PKT_LEN, arg->pkt_len)) {
3316 err = -EMSGSIZE;
3317 goto out;
3318 }
3319
3320
3321
3322
3323 a = nla_next(cpl_arg, &rem);
3324 ac_start = nla_nest_start_noflag(skb,
3325 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL);
3326 if (!ac_start) {
3327 err = -EMSGSIZE;
3328 goto out;
3329 }
3330
3331 err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb);
3332 if (err) {
3333 nla_nest_cancel(skb, ac_start);
3334 goto out;
3335 } else {
3336 nla_nest_end(skb, ac_start);
3337 }
3338
3339
3340
3341
3342 a = nla_next(a, &rem);
3343 ac_start = nla_nest_start_noflag(skb,
3344 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER);
3345 if (!ac_start) {
3346 err = -EMSGSIZE;
3347 goto out;
3348 }
3349
3350 err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb);
3351 if (err) {
3352 nla_nest_cancel(skb, ac_start);
3353 goto out;
3354 } else {
3355 nla_nest_end(skb, ac_start);
3356 }
3357
3358 nla_nest_end(skb, start);
3359 return 0;
3360
3361out:
3362 nla_nest_cancel(skb, start);
3363 return err;
3364}
3365
3366static int set_action_to_attr(const struct nlattr *a, struct sk_buff *skb)
3367{
3368 const struct nlattr *ovs_key = nla_data(a);
3369 int key_type = nla_type(ovs_key);
3370 struct nlattr *start;
3371 int err;
3372
3373 switch (key_type) {
3374 case OVS_KEY_ATTR_TUNNEL_INFO: {
3375 struct ovs_tunnel_info *ovs_tun = nla_data(ovs_key);
3376 struct ip_tunnel_info *tun_info = &ovs_tun->tun_dst->u.tun_info;
3377
3378 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SET);
3379 if (!start)
3380 return -EMSGSIZE;
3381
3382 err = ip_tun_to_nlattr(skb, &tun_info->key,
3383 ip_tunnel_info_opts(tun_info),
3384 tun_info->options_len,
3385 ip_tunnel_info_af(tun_info), tun_info->mode);
3386 if (err)
3387 return err;
3388 nla_nest_end(skb, start);
3389 break;
3390 }
3391 default:
3392 if (nla_put(skb, OVS_ACTION_ATTR_SET, nla_len(a), ovs_key))
3393 return -EMSGSIZE;
3394 break;
3395 }
3396
3397 return 0;
3398}
3399
3400static int masked_set_action_to_set_action_attr(const struct nlattr *a,
3401 struct sk_buff *skb)
3402{
3403 const struct nlattr *ovs_key = nla_data(a);
3404 struct nlattr *nla;
3405 size_t key_len = nla_len(ovs_key) / 2;
3406
3407
3408
3409
3410 nla = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SET);
3411 if (!nla)
3412 return -EMSGSIZE;
3413
3414 if (nla_put(skb, nla_type(ovs_key), key_len, nla_data(ovs_key)))
3415 return -EMSGSIZE;
3416
3417 nla_nest_end(skb, nla);
3418 return 0;
3419}
3420
3421int ovs_nla_put_actions(const struct nlattr *attr, int len, struct sk_buff *skb)
3422{
3423 const struct nlattr *a;
3424 int rem, err;
3425
3426 nla_for_each_attr(a, attr, len, rem) {
3427 int type = nla_type(a);
3428
3429 switch (type) {
3430 case OVS_ACTION_ATTR_SET:
3431 err = set_action_to_attr(a, skb);
3432 if (err)
3433 return err;
3434 break;
3435
3436 case OVS_ACTION_ATTR_SET_TO_MASKED:
3437 err = masked_set_action_to_set_action_attr(a, skb);
3438 if (err)
3439 return err;
3440 break;
3441
3442 case OVS_ACTION_ATTR_SAMPLE:
3443 err = sample_action_to_attr(a, skb);
3444 if (err)
3445 return err;
3446 break;
3447
3448 case OVS_ACTION_ATTR_CT:
3449 err = ovs_ct_action_to_attr(nla_data(a), skb);
3450 if (err)
3451 return err;
3452 break;
3453
3454 case OVS_ACTION_ATTR_CLONE:
3455 err = clone_action_to_attr(a, skb);
3456 if (err)
3457 return err;
3458 break;
3459
3460 case OVS_ACTION_ATTR_CHECK_PKT_LEN:
3461 err = check_pkt_len_action_to_attr(a, skb);
3462 if (err)
3463 return err;
3464 break;
3465
3466 default:
3467 if (nla_put(skb, type, nla_len(a), nla_data(a)))
3468 return -EMSGSIZE;
3469 break;
3470 }
3471 }
3472
3473 return 0;
3474}
3475
