1
2
3
4
5
6#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
7
8#include "flow.h"
9#include "datapath.h"
10#include <linux/uaccess.h>
11#include <linux/netdevice.h>
12#include <linux/etherdevice.h>
13#include <linux/if_ether.h>
14#include <linux/if_vlan.h>
15#include <net/llc_pdu.h>
16#include <linux/kernel.h>
17#include <linux/jhash.h>
18#include <linux/jiffies.h>
19#include <linux/llc.h>
20#include <linux/module.h>
21#include <linux/in.h>
22#include <linux/rcupdate.h>
23#include <linux/if_arp.h>
24#include <linux/ip.h>
25#include <linux/ipv6.h>
26#include <linux/sctp.h>
27#include <linux/tcp.h>
28#include <linux/udp.h>
29#include <linux/icmp.h>
30#include <linux/icmpv6.h>
31#include <linux/rculist.h>
32#include <net/geneve.h>
33#include <net/ip.h>
34#include <net/ipv6.h>
35#include <net/ndisc.h>
36#include <net/mpls.h>
37#include <net/vxlan.h>
38#include <net/tun_proto.h>
39#include <net/erspan.h>
40
41#include "flow_netlink.h"
42
43struct ovs_len_tbl {
44 int len;
45 const struct ovs_len_tbl *next;
46};
47
48#define OVS_ATTR_NESTED -1
49#define OVS_ATTR_VARIABLE -2
50
51static bool actions_may_change_flow(const struct nlattr *actions)
52{
53 struct nlattr *nla;
54 int rem;
55
56 nla_for_each_nested(nla, actions, rem) {
57 u16 action = nla_type(nla);
58
59 switch (action) {
60 case OVS_ACTION_ATTR_OUTPUT:
61 case OVS_ACTION_ATTR_RECIRC:
62 case OVS_ACTION_ATTR_TRUNC:
63 case OVS_ACTION_ATTR_USERSPACE:
64 break;
65
66 case OVS_ACTION_ATTR_CT:
67 case OVS_ACTION_ATTR_CT_CLEAR:
68 case OVS_ACTION_ATTR_HASH:
69 case OVS_ACTION_ATTR_POP_ETH:
70 case OVS_ACTION_ATTR_POP_MPLS:
71 case OVS_ACTION_ATTR_POP_NSH:
72 case OVS_ACTION_ATTR_POP_VLAN:
73 case OVS_ACTION_ATTR_PUSH_ETH:
74 case OVS_ACTION_ATTR_PUSH_MPLS:
75 case OVS_ACTION_ATTR_PUSH_NSH:
76 case OVS_ACTION_ATTR_PUSH_VLAN:
77 case OVS_ACTION_ATTR_SAMPLE:
78 case OVS_ACTION_ATTR_SET:
79 case OVS_ACTION_ATTR_SET_MASKED:
80 case OVS_ACTION_ATTR_METER:
81 case OVS_ACTION_ATTR_CHECK_PKT_LEN:
82 case OVS_ACTION_ATTR_ADD_MPLS:
83 default:
84 return true;
85 }
86 }
87 return false;
88}
89
90static void update_range(struct sw_flow_match *match,
91 size_t offset, size_t size, bool is_mask)
92{
93 struct sw_flow_key_range *range;
94 size_t start = rounddown(offset, sizeof(long));
95 size_t end = roundup(offset + size, sizeof(long));
96
97 if (!is_mask)
98 range = &match->range;
99 else
100 range = &match->mask->range;
101
102 if (range->start == range->end) {
103 range->start = start;
104 range->end = end;
105 return;
106 }
107
108 if (range->start > start)
109 range->start = start;
110
111 if (range->end < end)
112 range->end = end;
113}
114
115#define SW_FLOW_KEY_PUT(match, field, value, is_mask) \
116 do { \
117 update_range(match, offsetof(struct sw_flow_key, field), \
118 sizeof((match)->key->field), is_mask); \
119 if (is_mask) \
120 (match)->mask->key.field = value; \
121 else \
122 (match)->key->field = value; \
123 } while (0)
124
125#define SW_FLOW_KEY_MEMCPY_OFFSET(match, offset, value_p, len, is_mask) \
126 do { \
127 update_range(match, offset, len, is_mask); \
128 if (is_mask) \
129 memcpy((u8 *)&(match)->mask->key + offset, value_p, \
130 len); \
131 else \
132 memcpy((u8 *)(match)->key + offset, value_p, len); \
133 } while (0)
134
135#define SW_FLOW_KEY_MEMCPY(match, field, value_p, len, is_mask) \
136 SW_FLOW_KEY_MEMCPY_OFFSET(match, offsetof(struct sw_flow_key, field), \
137 value_p, len, is_mask)
138
139#define SW_FLOW_KEY_MEMSET_FIELD(match, field, value, is_mask) \
140 do { \
141 update_range(match, offsetof(struct sw_flow_key, field), \
142 sizeof((match)->key->field), is_mask); \
143 if (is_mask) \
144 memset((u8 *)&(match)->mask->key.field, value, \
145 sizeof((match)->mask->key.field)); \
146 else \
147 memset((u8 *)&(match)->key->field, value, \
148 sizeof((match)->key->field)); \
149 } while (0)
150
151static bool match_validate(const struct sw_flow_match *match,
152 u64 key_attrs, u64 mask_attrs, bool log)
153{
154 u64 key_expected = 0;
155 u64 mask_allowed = key_attrs;
156
157
158
159 mask_allowed &= ~((1 << OVS_KEY_ATTR_IPV4)
160 | (1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4)
161 | (1 << OVS_KEY_ATTR_IPV6)
162 | (1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6)
163 | (1 << OVS_KEY_ATTR_TCP)
164 | (1 << OVS_KEY_ATTR_TCP_FLAGS)
165 | (1 << OVS_KEY_ATTR_UDP)
166 | (1 << OVS_KEY_ATTR_SCTP)
167 | (1 << OVS_KEY_ATTR_ICMP)
168 | (1 << OVS_KEY_ATTR_ICMPV6)
169 | (1 << OVS_KEY_ATTR_ARP)
170 | (1 << OVS_KEY_ATTR_ND)
171 | (1 << OVS_KEY_ATTR_MPLS)
172 | (1 << OVS_KEY_ATTR_NSH));
173
174
175 mask_allowed |= ((1 << OVS_KEY_ATTR_TUNNEL)
176 | (1 << OVS_KEY_ATTR_IN_PORT)
177 | (1 << OVS_KEY_ATTR_ETHERTYPE));
178
179
180 if (match->key->eth.type == htons(ETH_P_ARP)
181 || match->key->eth.type == htons(ETH_P_RARP)) {
182 key_expected |= 1 << OVS_KEY_ATTR_ARP;
183 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
184 mask_allowed |= 1 << OVS_KEY_ATTR_ARP;
185 }
186
187 if (eth_p_mpls(match->key->eth.type)) {
188 key_expected |= 1 << OVS_KEY_ATTR_MPLS;
189 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
190 mask_allowed |= 1 << OVS_KEY_ATTR_MPLS;
191 }
192
193 if (match->key->eth.type == htons(ETH_P_IP)) {
194 key_expected |= 1 << OVS_KEY_ATTR_IPV4;
195 if (match->mask && match->mask->key.eth.type == htons(0xffff)) {
196 mask_allowed |= 1 << OVS_KEY_ATTR_IPV4;
197 mask_allowed |= 1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4;
198 }
199
200 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) {
201 if (match->key->ip.proto == IPPROTO_UDP) {
202 key_expected |= 1 << OVS_KEY_ATTR_UDP;
203 if (match->mask && (match->mask->key.ip.proto == 0xff))
204 mask_allowed |= 1 << OVS_KEY_ATTR_UDP;
205 }
206
207 if (match->key->ip.proto == IPPROTO_SCTP) {
208 key_expected |= 1 << OVS_KEY_ATTR_SCTP;
209 if (match->mask && (match->mask->key.ip.proto == 0xff))
210 mask_allowed |= 1 << OVS_KEY_ATTR_SCTP;
211 }
212
213 if (match->key->ip.proto == IPPROTO_TCP) {
214 key_expected |= 1 << OVS_KEY_ATTR_TCP;
215 key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
216 if (match->mask && (match->mask->key.ip.proto == 0xff)) {
217 mask_allowed |= 1 << OVS_KEY_ATTR_TCP;
218 mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
219 }
220 }
221
222 if (match->key->ip.proto == IPPROTO_ICMP) {
223 key_expected |= 1 << OVS_KEY_ATTR_ICMP;
224 if (match->mask && (match->mask->key.ip.proto == 0xff))
225 mask_allowed |= 1 << OVS_KEY_ATTR_ICMP;
226 }
227 }
228 }
229
230 if (match->key->eth.type == htons(ETH_P_IPV6)) {
231 key_expected |= 1 << OVS_KEY_ATTR_IPV6;
232 if (match->mask && match->mask->key.eth.type == htons(0xffff)) {
233 mask_allowed |= 1 << OVS_KEY_ATTR_IPV6;
234 mask_allowed |= 1 << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6;
235 }
236
237 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) {
238 if (match->key->ip.proto == IPPROTO_UDP) {
239 key_expected |= 1 << OVS_KEY_ATTR_UDP;
240 if (match->mask && (match->mask->key.ip.proto == 0xff))
241 mask_allowed |= 1 << OVS_KEY_ATTR_UDP;
242 }
243
244 if (match->key->ip.proto == IPPROTO_SCTP) {
245 key_expected |= 1 << OVS_KEY_ATTR_SCTP;
246 if (match->mask && (match->mask->key.ip.proto == 0xff))
247 mask_allowed |= 1 << OVS_KEY_ATTR_SCTP;
248 }
249
250 if (match->key->ip.proto == IPPROTO_TCP) {
251 key_expected |= 1 << OVS_KEY_ATTR_TCP;
252 key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
253 if (match->mask && (match->mask->key.ip.proto == 0xff)) {
254 mask_allowed |= 1 << OVS_KEY_ATTR_TCP;
255 mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
256 }
257 }
258
259 if (match->key->ip.proto == IPPROTO_ICMPV6) {
260 key_expected |= 1 << OVS_KEY_ATTR_ICMPV6;
261 if (match->mask && (match->mask->key.ip.proto == 0xff))
262 mask_allowed |= 1 << OVS_KEY_ATTR_ICMPV6;
263
264 if (match->key->tp.src ==
265 htons(NDISC_NEIGHBOUR_SOLICITATION) ||
266 match->key->tp.src == htons(NDISC_NEIGHBOUR_ADVERTISEMENT)) {
267 key_expected |= 1 << OVS_KEY_ATTR_ND;
268
269
270
271
272
273 mask_allowed &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6);
274 if (match->mask && (match->mask->key.tp.src == htons(0xff)))
275 mask_allowed |= 1 << OVS_KEY_ATTR_ND;
276 }
277 }
278 }
279 }
280
281 if (match->key->eth.type == htons(ETH_P_NSH)) {
282 key_expected |= 1 << OVS_KEY_ATTR_NSH;
283 if (match->mask &&
284 match->mask->key.eth.type == htons(0xffff)) {
285 mask_allowed |= 1 << OVS_KEY_ATTR_NSH;
286 }
287 }
288
289 if ((key_attrs & key_expected) != key_expected) {
290
291 OVS_NLERR(log, "Missing key (keys=%llx, expected=%llx)",
292 (unsigned long long)key_attrs,
293 (unsigned long long)key_expected);
294 return false;
295 }
296
297 if ((mask_attrs & mask_allowed) != mask_attrs) {
298
299 OVS_NLERR(log, "Unexpected mask (mask=%llx, allowed=%llx)",
300 (unsigned long long)mask_attrs,
301 (unsigned long long)mask_allowed);
302 return false;
303 }
304
305 return true;
306}
307
308size_t ovs_tun_key_attr_size(void)
309{
310
311
312
313 return nla_total_size_64bit(8)
314 + nla_total_size(16)
315 + nla_total_size(16)
316 + nla_total_size(1)
317 + nla_total_size(1)
318 + nla_total_size(0)
319 + nla_total_size(0)
320 + nla_total_size(0)
321 + nla_total_size(256)
322
323
324
325
326 + nla_total_size(2)
327 + nla_total_size(2);
328}
329
330static size_t ovs_nsh_key_attr_size(void)
331{
332
333
334
335 return nla_total_size(NSH_BASE_HDR_LEN)
336
337
338
339
340 + nla_total_size(NSH_CTX_HDRS_MAX_LEN);
341}
342
343size_t ovs_key_attr_size(void)
344{
345
346
347
348 BUILD_BUG_ON(OVS_KEY_ATTR_TUNNEL_INFO != 29);
349
350 return nla_total_size(4)
351 + nla_total_size(0)
352 + ovs_tun_key_attr_size()
353 + nla_total_size(4)
354 + nla_total_size(4)
355 + nla_total_size(4)
356 + nla_total_size(4)
357 + nla_total_size(4)
358 + nla_total_size(2)
359 + nla_total_size(4)
360 + nla_total_size(16)
361 + nla_total_size(40)
362 + nla_total_size(0)
363 + ovs_nsh_key_attr_size()
364 + nla_total_size(12)
365 + nla_total_size(2)
366 + nla_total_size(4)
367 + nla_total_size(0)
368 + nla_total_size(2)
369 + nla_total_size(40)
370 + nla_total_size(2)
371 + nla_total_size(28);
372}
373
374static const struct ovs_len_tbl ovs_vxlan_ext_key_lens[OVS_VXLAN_EXT_MAX + 1] = {
375 [OVS_VXLAN_EXT_GBP] = { .len = sizeof(u32) },
376};
377
378static const struct ovs_len_tbl ovs_tunnel_key_lens[OVS_TUNNEL_KEY_ATTR_MAX + 1] = {
379 [OVS_TUNNEL_KEY_ATTR_ID] = { .len = sizeof(u64) },
380 [OVS_TUNNEL_KEY_ATTR_IPV4_SRC] = { .len = sizeof(u32) },
381 [OVS_TUNNEL_KEY_ATTR_IPV4_DST] = { .len = sizeof(u32) },
382 [OVS_TUNNEL_KEY_ATTR_TOS] = { .len = 1 },
383 [OVS_TUNNEL_KEY_ATTR_TTL] = { .len = 1 },
384 [OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT] = { .len = 0 },
385 [OVS_TUNNEL_KEY_ATTR_CSUM] = { .len = 0 },
386 [OVS_TUNNEL_KEY_ATTR_TP_SRC] = { .len = sizeof(u16) },
387 [OVS_TUNNEL_KEY_ATTR_TP_DST] = { .len = sizeof(u16) },
388 [OVS_TUNNEL_KEY_ATTR_OAM] = { .len = 0 },
389 [OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS] = { .len = OVS_ATTR_VARIABLE },
390 [OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS] = { .len = OVS_ATTR_NESTED,
391 .next = ovs_vxlan_ext_key_lens },
392 [OVS_TUNNEL_KEY_ATTR_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
393 [OVS_TUNNEL_KEY_ATTR_IPV6_DST] = { .len = sizeof(struct in6_addr) },
394 [OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS] = { .len = OVS_ATTR_VARIABLE },
395 [OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE] = { .len = 0 },
396};
397
398static const struct ovs_len_tbl
399ovs_nsh_key_attr_lens[OVS_NSH_KEY_ATTR_MAX + 1] = {
400 [OVS_NSH_KEY_ATTR_BASE] = { .len = sizeof(struct ovs_nsh_key_base) },
401 [OVS_NSH_KEY_ATTR_MD1] = { .len = sizeof(struct ovs_nsh_key_md1) },
402 [OVS_NSH_KEY_ATTR_MD2] = { .len = OVS_ATTR_VARIABLE },
403};
404
405
406static const struct ovs_len_tbl ovs_key_lens[OVS_KEY_ATTR_MAX + 1] = {
407 [OVS_KEY_ATTR_ENCAP] = { .len = OVS_ATTR_NESTED },
408 [OVS_KEY_ATTR_PRIORITY] = { .len = sizeof(u32) },
409 [OVS_KEY_ATTR_IN_PORT] = { .len = sizeof(u32) },
410 [OVS_KEY_ATTR_SKB_MARK] = { .len = sizeof(u32) },
411 [OVS_KEY_ATTR_ETHERNET] = { .len = sizeof(struct ovs_key_ethernet) },
412 [OVS_KEY_ATTR_VLAN] = { .len = sizeof(__be16) },
413 [OVS_KEY_ATTR_ETHERTYPE] = { .len = sizeof(__be16) },
414 [OVS_KEY_ATTR_IPV4] = { .len = sizeof(struct ovs_key_ipv4) },
415 [OVS_KEY_ATTR_IPV6] = { .len = sizeof(struct ovs_key_ipv6) },
416 [OVS_KEY_ATTR_TCP] = { .len = sizeof(struct ovs_key_tcp) },
417 [OVS_KEY_ATTR_TCP_FLAGS] = { .len = sizeof(__be16) },
418 [OVS_KEY_ATTR_UDP] = { .len = sizeof(struct ovs_key_udp) },
419 [OVS_KEY_ATTR_SCTP] = { .len = sizeof(struct ovs_key_sctp) },
420 [OVS_KEY_ATTR_ICMP] = { .len = sizeof(struct ovs_key_icmp) },
421 [OVS_KEY_ATTR_ICMPV6] = { .len = sizeof(struct ovs_key_icmpv6) },
422 [OVS_KEY_ATTR_ARP] = { .len = sizeof(struct ovs_key_arp) },
423 [OVS_KEY_ATTR_ND] = { .len = sizeof(struct ovs_key_nd) },
424 [OVS_KEY_ATTR_RECIRC_ID] = { .len = sizeof(u32) },
425 [OVS_KEY_ATTR_DP_HASH] = { .len = sizeof(u32) },
426 [OVS_KEY_ATTR_TUNNEL] = { .len = OVS_ATTR_NESTED,
427 .next = ovs_tunnel_key_lens, },
428 [OVS_KEY_ATTR_MPLS] = { .len = OVS_ATTR_VARIABLE },
429 [OVS_KEY_ATTR_CT_STATE] = { .len = sizeof(u32) },
430 [OVS_KEY_ATTR_CT_ZONE] = { .len = sizeof(u16) },
431 [OVS_KEY_ATTR_CT_MARK] = { .len = sizeof(u32) },
432 [OVS_KEY_ATTR_CT_LABELS] = { .len = sizeof(struct ovs_key_ct_labels) },
433 [OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4] = {
434 .len = sizeof(struct ovs_key_ct_tuple_ipv4) },
435 [OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6] = {
436 .len = sizeof(struct ovs_key_ct_tuple_ipv6) },
437 [OVS_KEY_ATTR_NSH] = { .len = OVS_ATTR_NESTED,
438 .next = ovs_nsh_key_attr_lens, },
439};
440
441static bool check_attr_len(unsigned int attr_len, unsigned int expected_len)
442{
443 return expected_len == attr_len ||
444 expected_len == OVS_ATTR_NESTED ||
445 expected_len == OVS_ATTR_VARIABLE;
446}
447
448static bool is_all_zero(const u8 *fp, size_t size)
449{
450 int i;
451
452 if (!fp)
453 return false;
454
455 for (i = 0; i < size; i++)
456 if (fp[i])
457 return false;
458
459 return true;
460}
461
462static int __parse_flow_nlattrs(const struct nlattr *attr,
463 const struct nlattr *a[],
464 u64 *attrsp, bool log, bool nz)
465{
466 const struct nlattr *nla;
467 u64 attrs;
468 int rem;
469
470 attrs = *attrsp;
471 nla_for_each_nested(nla, attr, rem) {
472 u16 type = nla_type(nla);
473 int expected_len;
474
475 if (type > OVS_KEY_ATTR_MAX) {
476 OVS_NLERR(log, "Key type %d is out of range max %d",
477 type, OVS_KEY_ATTR_MAX);
478 return -EINVAL;
479 }
480
481 if (attrs & (1 << type)) {
482 OVS_NLERR(log, "Duplicate key (type %d).", type);
483 return -EINVAL;
484 }
485
486 expected_len = ovs_key_lens[type].len;
487 if (!check_attr_len(nla_len(nla), expected_len)) {
488 OVS_NLERR(log, "Key %d has unexpected len %d expected %d",
489 type, nla_len(nla), expected_len);
490 return -EINVAL;
491 }
492
493 if (!nz || !is_all_zero(nla_data(nla), nla_len(nla))) {
494 attrs |= 1 << type;
495 a[type] = nla;
496 }
497 }
498 if (rem) {
499 OVS_NLERR(log, "Message has %d unknown bytes.", rem);
500 return -EINVAL;
501 }
502
503 *attrsp = attrs;
504 return 0;
505}
506
507static int parse_flow_mask_nlattrs(const struct nlattr *attr,
508 const struct nlattr *a[], u64 *attrsp,
509 bool log)
510{
511 return __parse_flow_nlattrs(attr, a, attrsp, log, true);
512}
513
514int parse_flow_nlattrs(const struct nlattr *attr, const struct nlattr *a[],
515 u64 *attrsp, bool log)
516{
517 return __parse_flow_nlattrs(attr, a, attrsp, log, false);
518}
519
520static int genev_tun_opt_from_nlattr(const struct nlattr *a,
521 struct sw_flow_match *match, bool is_mask,
522 bool log)
523{
524 unsigned long opt_key_offset;
525
526 if (nla_len(a) > sizeof(match->key->tun_opts)) {
527 OVS_NLERR(log, "Geneve option length err (len %d, max %zu).",
528 nla_len(a), sizeof(match->key->tun_opts));
529 return -EINVAL;
530 }
531
532 if (nla_len(a) % 4 != 0) {
533 OVS_NLERR(log, "Geneve opt len %d is not a multiple of 4.",
534 nla_len(a));
535 return -EINVAL;
536 }
537
538
539
540
541
542 if (!is_mask) {
543 SW_FLOW_KEY_PUT(match, tun_opts_len, nla_len(a),
544 false);
545 } else {
546
547
548
549
550
551
552
553
554
555
556 if (match->key->tun_opts_len != nla_len(a)) {
557 OVS_NLERR(log, "Geneve option len %d != mask len %d",
558 match->key->tun_opts_len, nla_len(a));
559 return -EINVAL;
560 }
561
562 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true);
563 }
564
565 opt_key_offset = TUN_METADATA_OFFSET(nla_len(a));
566 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, nla_data(a),
567 nla_len(a), is_mask);
568 return 0;
569}
570
571static int vxlan_tun_opt_from_nlattr(const struct nlattr *attr,
572 struct sw_flow_match *match, bool is_mask,
573 bool log)
574{
575 struct nlattr *a;
576 int rem;
577 unsigned long opt_key_offset;
578 struct vxlan_metadata opts;
579
580 BUILD_BUG_ON(sizeof(opts) > sizeof(match->key->tun_opts));
581
582 memset(&opts, 0, sizeof(opts));
583 nla_for_each_nested(a, attr, rem) {
584 int type = nla_type(a);
585
586 if (type > OVS_VXLAN_EXT_MAX) {
587 OVS_NLERR(log, "VXLAN extension %d out of range max %d",
588 type, OVS_VXLAN_EXT_MAX);
589 return -EINVAL;
590 }
591
592 if (!check_attr_len(nla_len(a),
593 ovs_vxlan_ext_key_lens[type].len)) {
594 OVS_NLERR(log, "VXLAN extension %d has unexpected len %d expected %d",
595 type, nla_len(a),
596 ovs_vxlan_ext_key_lens[type].len);
597 return -EINVAL;
598 }
599
600 switch (type) {
601 case OVS_VXLAN_EXT_GBP:
602 opts.gbp = nla_get_u32(a);
603 break;
604 default:
605 OVS_NLERR(log, "Unknown VXLAN extension attribute %d",
606 type);
607 return -EINVAL;
608 }
609 }
610 if (rem) {
611 OVS_NLERR(log, "VXLAN extension message has %d unknown bytes.",
612 rem);
613 return -EINVAL;
614 }
615
616 if (!is_mask)
617 SW_FLOW_KEY_PUT(match, tun_opts_len, sizeof(opts), false);
618 else
619 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true);
620
621 opt_key_offset = TUN_METADATA_OFFSET(sizeof(opts));
622 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, &opts, sizeof(opts),
623 is_mask);
624 return 0;
625}
626
627static int erspan_tun_opt_from_nlattr(const struct nlattr *a,
628 struct sw_flow_match *match, bool is_mask,
629 bool log)
630{
631 unsigned long opt_key_offset;
632
633 BUILD_BUG_ON(sizeof(struct erspan_metadata) >
634 sizeof(match->key->tun_opts));
635
636 if (nla_len(a) > sizeof(match->key->tun_opts)) {
637 OVS_NLERR(log, "ERSPAN option length err (len %d, max %zu).",
638 nla_len(a), sizeof(match->key->tun_opts));
639 return -EINVAL;
640 }
641
642 if (!is_mask)
643 SW_FLOW_KEY_PUT(match, tun_opts_len,
644 sizeof(struct erspan_metadata), false);
645 else
646 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true);
647
648 opt_key_offset = TUN_METADATA_OFFSET(nla_len(a));
649 SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, nla_data(a),
650 nla_len(a), is_mask);
651 return 0;
652}
653
654static int ip_tun_from_nlattr(const struct nlattr *attr,
655 struct sw_flow_match *match, bool is_mask,
656 bool log)
657{
658 bool ttl = false, ipv4 = false, ipv6 = false;
659 bool info_bridge_mode = false;
660 __be16 tun_flags = 0;
661 int opts_type = 0;
662 struct nlattr *a;
663 int rem;
664
665 nla_for_each_nested(a, attr, rem) {
666 int type = nla_type(a);
667 int err;
668
669 if (type > OVS_TUNNEL_KEY_ATTR_MAX) {
670 OVS_NLERR(log, "Tunnel attr %d out of range max %d",
671 type, OVS_TUNNEL_KEY_ATTR_MAX);
672 return -EINVAL;
673 }
674
675 if (!check_attr_len(nla_len(a),
676 ovs_tunnel_key_lens[type].len)) {
677 OVS_NLERR(log, "Tunnel attr %d has unexpected len %d expected %d",
678 type, nla_len(a), ovs_tunnel_key_lens[type].len);
679 return -EINVAL;
680 }
681
682 switch (type) {
683 case OVS_TUNNEL_KEY_ATTR_ID:
684 SW_FLOW_KEY_PUT(match, tun_key.tun_id,
685 nla_get_be64(a), is_mask);
686 tun_flags |= TUNNEL_KEY;
687 break;
688 case OVS_TUNNEL_KEY_ATTR_IPV4_SRC:
689 SW_FLOW_KEY_PUT(match, tun_key.u.ipv4.src,
690 nla_get_in_addr(a), is_mask);
691 ipv4 = true;
692 break;
693 case OVS_TUNNEL_KEY_ATTR_IPV4_DST:
694 SW_FLOW_KEY_PUT(match, tun_key.u.ipv4.dst,
695 nla_get_in_addr(a), is_mask);
696 ipv4 = true;
697 break;
698 case OVS_TUNNEL_KEY_ATTR_IPV6_SRC:
699 SW_FLOW_KEY_PUT(match, tun_key.u.ipv6.src,
700 nla_get_in6_addr(a), is_mask);
701 ipv6 = true;
702 break;
703 case OVS_TUNNEL_KEY_ATTR_IPV6_DST:
704 SW_FLOW_KEY_PUT(match, tun_key.u.ipv6.dst,
705 nla_get_in6_addr(a), is_mask);
706 ipv6 = true;
707 break;
708 case OVS_TUNNEL_KEY_ATTR_TOS:
709 SW_FLOW_KEY_PUT(match, tun_key.tos,
710 nla_get_u8(a), is_mask);
711 break;
712 case OVS_TUNNEL_KEY_ATTR_TTL:
713 SW_FLOW_KEY_PUT(match, tun_key.ttl,
714 nla_get_u8(a), is_mask);
715 ttl = true;
716 break;
717 case OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT:
718 tun_flags |= TUNNEL_DONT_FRAGMENT;
719 break;
720 case OVS_TUNNEL_KEY_ATTR_CSUM:
721 tun_flags |= TUNNEL_CSUM;
722 break;
723 case OVS_TUNNEL_KEY_ATTR_TP_SRC:
724 SW_FLOW_KEY_PUT(match, tun_key.tp_src,
725 nla_get_be16(a), is_mask);
726 break;
727 case OVS_TUNNEL_KEY_ATTR_TP_DST:
728 SW_FLOW_KEY_PUT(match, tun_key.tp_dst,
729 nla_get_be16(a), is_mask);
730 break;
731 case OVS_TUNNEL_KEY_ATTR_OAM:
732 tun_flags |= TUNNEL_OAM;
733 break;
734 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS:
735 if (opts_type) {
736 OVS_NLERR(log, "Multiple metadata blocks provided");
737 return -EINVAL;
738 }
739
740 err = genev_tun_opt_from_nlattr(a, match, is_mask, log);
741 if (err)
742 return err;
743
744 tun_flags |= TUNNEL_GENEVE_OPT;
745 opts_type = type;
746 break;
747 case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS:
748 if (opts_type) {
749 OVS_NLERR(log, "Multiple metadata blocks provided");
750 return -EINVAL;
751 }
752
753 err = vxlan_tun_opt_from_nlattr(a, match, is_mask, log);
754 if (err)
755 return err;
756
757 tun_flags |= TUNNEL_VXLAN_OPT;
758 opts_type = type;
759 break;
760 case OVS_TUNNEL_KEY_ATTR_PAD:
761 break;
762 case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS:
763 if (opts_type) {
764 OVS_NLERR(log, "Multiple metadata blocks provided");
765 return -EINVAL;
766 }
767
768 err = erspan_tun_opt_from_nlattr(a, match, is_mask,
769 log);
770 if (err)
771 return err;
772
773 tun_flags |= TUNNEL_ERSPAN_OPT;
774 opts_type = type;
775 break;
776 case OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE:
777 info_bridge_mode = true;
778 ipv4 = true;
779 break;
780 default:
781 OVS_NLERR(log, "Unknown IP tunnel attribute %d",
782 type);
783 return -EINVAL;
784 }
785 }
786
787 SW_FLOW_KEY_PUT(match, tun_key.tun_flags, tun_flags, is_mask);
788 if (is_mask)
789 SW_FLOW_KEY_MEMSET_FIELD(match, tun_proto, 0xff, true);
790 else
791 SW_FLOW_KEY_PUT(match, tun_proto, ipv6 ? AF_INET6 : AF_INET,
792 false);
793
794 if (rem > 0) {
795 OVS_NLERR(log, "IP tunnel attribute has %d unknown bytes.",
796 rem);
797 return -EINVAL;
798 }
799
800 if (ipv4 && ipv6) {
801 OVS_NLERR(log, "Mixed IPv4 and IPv6 tunnel attributes");
802 return -EINVAL;
803 }
804
805 if (!is_mask) {
806 if (!ipv4 && !ipv6) {
807 OVS_NLERR(log, "IP tunnel dst address not specified");
808 return -EINVAL;
809 }
810 if (ipv4) {
811 if (info_bridge_mode) {
812 if (match->key->tun_key.u.ipv4.src ||
813 match->key->tun_key.u.ipv4.dst ||
814 match->key->tun_key.tp_src ||
815 match->key->tun_key.tp_dst ||
816 match->key->tun_key.ttl ||
817 match->key->tun_key.tos ||
818 tun_flags & ~TUNNEL_KEY) {
819 OVS_NLERR(log, "IPv4 tun info is not correct");
820 return -EINVAL;
821 }
822 } else if (!match->key->tun_key.u.ipv4.dst) {
823 OVS_NLERR(log, "IPv4 tunnel dst address is zero");
824 return -EINVAL;
825 }
826 }
827 if (ipv6 && ipv6_addr_any(&match->key->tun_key.u.ipv6.dst)) {
828 OVS_NLERR(log, "IPv6 tunnel dst address is zero");
829 return -EINVAL;
830 }
831
832 if (!ttl && !info_bridge_mode) {
833 OVS_NLERR(log, "IP tunnel TTL not specified.");
834 return -EINVAL;
835 }
836 }
837
838 return opts_type;
839}
840
841static int vxlan_opt_to_nlattr(struct sk_buff *skb,
842 const void *tun_opts, int swkey_tun_opts_len)
843{
844 const struct vxlan_metadata *opts = tun_opts;
845 struct nlattr *nla;
846
847 nla = nla_nest_start_noflag(skb, OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS);
848 if (!nla)
849 return -EMSGSIZE;
850
851 if (nla_put_u32(skb, OVS_VXLAN_EXT_GBP, opts->gbp) < 0)
852 return -EMSGSIZE;
853
854 nla_nest_end(skb, nla);
855 return 0;
856}
857
858static int __ip_tun_to_nlattr(struct sk_buff *skb,
859 const struct ip_tunnel_key *output,
860 const void *tun_opts, int swkey_tun_opts_len,
861 unsigned short tun_proto, u8 mode)
862{
863 if (output->tun_flags & TUNNEL_KEY &&
864 nla_put_be64(skb, OVS_TUNNEL_KEY_ATTR_ID, output->tun_id,
865 OVS_TUNNEL_KEY_ATTR_PAD))
866 return -EMSGSIZE;
867
868 if (mode & IP_TUNNEL_INFO_BRIDGE)
869 return nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_IPV4_INFO_BRIDGE)
870 ? -EMSGSIZE : 0;
871
872 switch (tun_proto) {
873 case AF_INET:
874 if (output->u.ipv4.src &&
875 nla_put_in_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV4_SRC,
876 output->u.ipv4.src))
877 return -EMSGSIZE;
878 if (output->u.ipv4.dst &&
879 nla_put_in_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV4_DST,
880 output->u.ipv4.dst))
881 return -EMSGSIZE;
882 break;
883 case AF_INET6:
884 if (!ipv6_addr_any(&output->u.ipv6.src) &&
885 nla_put_in6_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV6_SRC,
886 &output->u.ipv6.src))
887 return -EMSGSIZE;
888 if (!ipv6_addr_any(&output->u.ipv6.dst) &&
889 nla_put_in6_addr(skb, OVS_TUNNEL_KEY_ATTR_IPV6_DST,
890 &output->u.ipv6.dst))
891 return -EMSGSIZE;
892 break;
893 }
894 if (output->tos &&
895 nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TOS, output->tos))
896 return -EMSGSIZE;
897 if (nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TTL, output->ttl))
898 return -EMSGSIZE;
899 if ((output->tun_flags & TUNNEL_DONT_FRAGMENT) &&
900 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT))
901 return -EMSGSIZE;
902 if ((output->tun_flags & TUNNEL_CSUM) &&
903 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_CSUM))
904 return -EMSGSIZE;
905 if (output->tp_src &&
906 nla_put_be16(skb, OVS_TUNNEL_KEY_ATTR_TP_SRC, output->tp_src))
907 return -EMSGSIZE;
908 if (output->tp_dst &&
909 nla_put_be16(skb, OVS_TUNNEL_KEY_ATTR_TP_DST, output->tp_dst))
910 return -EMSGSIZE;
911 if ((output->tun_flags & TUNNEL_OAM) &&
912 nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_OAM))
913 return -EMSGSIZE;
914 if (swkey_tun_opts_len) {
915 if (output->tun_flags & TUNNEL_GENEVE_OPT &&
916 nla_put(skb, OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS,
917 swkey_tun_opts_len, tun_opts))
918 return -EMSGSIZE;
919 else if (output->tun_flags & TUNNEL_VXLAN_OPT &&
920 vxlan_opt_to_nlattr(skb, tun_opts, swkey_tun_opts_len))
921 return -EMSGSIZE;
922 else if (output->tun_flags & TUNNEL_ERSPAN_OPT &&
923 nla_put(skb, OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS,
924 swkey_tun_opts_len, tun_opts))
925 return -EMSGSIZE;
926 }
927
928 return 0;
929}
930
931static int ip_tun_to_nlattr(struct sk_buff *skb,
932 const struct ip_tunnel_key *output,
933 const void *tun_opts, int swkey_tun_opts_len,
934 unsigned short tun_proto, u8 mode)
935{
936 struct nlattr *nla;
937 int err;
938
939 nla = nla_nest_start_noflag(skb, OVS_KEY_ATTR_TUNNEL);
940 if (!nla)
941 return -EMSGSIZE;
942
943 err = __ip_tun_to_nlattr(skb, output, tun_opts, swkey_tun_opts_len,
944 tun_proto, mode);
945 if (err)
946 return err;
947
948 nla_nest_end(skb, nla);
949 return 0;
950}
951
952int ovs_nla_put_tunnel_info(struct sk_buff *skb,
953 struct ip_tunnel_info *tun_info)
954{
955 return __ip_tun_to_nlattr(skb, &tun_info->key,
956 ip_tunnel_info_opts(tun_info),
957 tun_info->options_len,
958 ip_tunnel_info_af(tun_info), tun_info->mode);
959}
960
961static int encode_vlan_from_nlattrs(struct sw_flow_match *match,
962 const struct nlattr *a[],
963 bool is_mask, bool inner)
964{
965 __be16 tci = 0;
966 __be16 tpid = 0;
967
968 if (a[OVS_KEY_ATTR_VLAN])
969 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
970
971 if (a[OVS_KEY_ATTR_ETHERTYPE])
972 tpid = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
973
974 if (likely(!inner)) {
975 SW_FLOW_KEY_PUT(match, eth.vlan.tpid, tpid, is_mask);
976 SW_FLOW_KEY_PUT(match, eth.vlan.tci, tci, is_mask);
977 } else {
978 SW_FLOW_KEY_PUT(match, eth.cvlan.tpid, tpid, is_mask);
979 SW_FLOW_KEY_PUT(match, eth.cvlan.tci, tci, is_mask);
980 }
981 return 0;
982}
983
984static int validate_vlan_from_nlattrs(const struct sw_flow_match *match,
985 u64 key_attrs, bool inner,
986 const struct nlattr **a, bool log)
987{
988 __be16 tci = 0;
989
990 if (!((key_attrs & (1 << OVS_KEY_ATTR_ETHERNET)) &&
991 (key_attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) &&
992 eth_type_vlan(nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE])))) {
993
994 return 0;
995 }
996
997 if (!((key_attrs & (1 << OVS_KEY_ATTR_VLAN)) &&
998 (key_attrs & (1 << OVS_KEY_ATTR_ENCAP)))) {
999 OVS_NLERR(log, "Invalid %s frame", (inner) ? "C-VLAN" : "VLAN");
1000 return -EINVAL;
1001 }
1002
1003 if (a[OVS_KEY_ATTR_VLAN])
1004 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
1005
1006 if (!(tci & htons(VLAN_CFI_MASK))) {
1007 if (tci) {
1008 OVS_NLERR(log, "%s TCI does not have VLAN_CFI_MASK bit set.",
1009 (inner) ? "C-VLAN" : "VLAN");
1010 return -EINVAL;
1011 } else if (nla_len(a[OVS_KEY_ATTR_ENCAP])) {
1012
1013 OVS_NLERR(log, "Truncated %s header has non-zero encap attribute.",
1014 (inner) ? "C-VLAN" : "VLAN");
1015 return -EINVAL;
1016 }
1017 }
1018
1019 return 1;
1020}
1021
1022static int validate_vlan_mask_from_nlattrs(const struct sw_flow_match *match,
1023 u64 key_attrs, bool inner,
1024 const struct nlattr **a, bool log)
1025{
1026 __be16 tci = 0;
1027 __be16 tpid = 0;
1028 bool encap_valid = !!(match->key->eth.vlan.tci &
1029 htons(VLAN_CFI_MASK));
1030 bool i_encap_valid = !!(match->key->eth.cvlan.tci &
1031 htons(VLAN_CFI_MASK));
1032
1033 if (!(key_attrs & (1 << OVS_KEY_ATTR_ENCAP))) {
1034
1035 return 0;
1036 }
1037
1038 if ((!inner && !encap_valid) || (inner && !i_encap_valid)) {
1039 OVS_NLERR(log, "Encap mask attribute is set for non-%s frame.",
1040 (inner) ? "C-VLAN" : "VLAN");
1041 return -EINVAL;
1042 }
1043
1044 if (a[OVS_KEY_ATTR_VLAN])
1045 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
1046
1047 if (a[OVS_KEY_ATTR_ETHERTYPE])
1048 tpid = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
1049
1050 if (tpid != htons(0xffff)) {
1051 OVS_NLERR(log, "Must have an exact match on %s TPID (mask=%x).",
1052 (inner) ? "C-VLAN" : "VLAN", ntohs(tpid));
1053 return -EINVAL;
1054 }
1055 if (!(tci & htons(VLAN_CFI_MASK))) {
1056 OVS_NLERR(log, "%s TCI mask does not have exact match for VLAN_CFI_MASK bit.",
1057 (inner) ? "C-VLAN" : "VLAN");
1058 return -EINVAL;
1059 }
1060
1061 return 1;
1062}
1063
1064static int __parse_vlan_from_nlattrs(struct sw_flow_match *match,
1065 u64 *key_attrs, bool inner,
1066 const struct nlattr **a, bool is_mask,
1067 bool log)
1068{
1069 int err;
1070 const struct nlattr *encap;
1071
1072 if (!is_mask)
1073 err = validate_vlan_from_nlattrs(match, *key_attrs, inner,
1074 a, log);
1075 else
1076 err = validate_vlan_mask_from_nlattrs(match, *key_attrs, inner,
1077 a, log);
1078 if (err <= 0)
1079 return err;
1080
1081 err = encode_vlan_from_nlattrs(match, a, is_mask, inner);
1082 if (err)
1083 return err;
1084
1085 *key_attrs &= ~(1 << OVS_KEY_ATTR_ENCAP);
1086 *key_attrs &= ~(1 << OVS_KEY_ATTR_VLAN);
1087 *key_attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE);
1088
1089 encap = a[OVS_KEY_ATTR_ENCAP];
1090
1091 if (!is_mask)
1092 err = parse_flow_nlattrs(encap, a, key_attrs, log);
1093 else
1094 err = parse_flow_mask_nlattrs(encap, a, key_attrs, log);
1095
1096 return err;
1097}
1098
1099static int parse_vlan_from_nlattrs(struct sw_flow_match *match,
1100 u64 *key_attrs, const struct nlattr **a,
1101 bool is_mask, bool log)
1102{
1103 int err;
1104 bool encap_valid = false;
1105
1106 err = __parse_vlan_from_nlattrs(match, key_attrs, false, a,
1107 is_mask, log);
1108 if (err)
1109 return err;
1110
1111 encap_valid = !!(match->key->eth.vlan.tci & htons(VLAN_CFI_MASK));
1112 if (encap_valid) {
1113 err = __parse_vlan_from_nlattrs(match, key_attrs, true, a,
1114 is_mask, log);
1115 if (err)
1116 return err;
1117 }
1118
1119 return 0;
1120}
1121
1122static int parse_eth_type_from_nlattrs(struct sw_flow_match *match,
1123 u64 *attrs, const struct nlattr **a,
1124 bool is_mask, bool log)
1125{
1126 __be16 eth_type;
1127
1128 eth_type = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
1129 if (is_mask) {
1130
1131 eth_type = htons(0xffff);
1132 } else if (!eth_proto_is_802_3(eth_type)) {
1133 OVS_NLERR(log, "EtherType %x is less than min %x",
1134 ntohs(eth_type), ETH_P_802_3_MIN);
1135 return -EINVAL;
1136 }
1137
1138 SW_FLOW_KEY_PUT(match, eth.type, eth_type, is_mask);
1139 *attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE);
1140 return 0;
1141}
1142
1143static int metadata_from_nlattrs(struct net *net, struct sw_flow_match *match,
1144 u64 *attrs, const struct nlattr **a,
1145 bool is_mask, bool log)
1146{
1147 u8 mac_proto = MAC_PROTO_ETHERNET;
1148
1149 if (*attrs & (1 << OVS_KEY_ATTR_DP_HASH)) {
1150 u32 hash_val = nla_get_u32(a[OVS_KEY_ATTR_DP_HASH]);
1151
1152 SW_FLOW_KEY_PUT(match, ovs_flow_hash, hash_val, is_mask);
1153 *attrs &= ~(1 << OVS_KEY_ATTR_DP_HASH);
1154 }
1155
1156 if (*attrs & (1 << OVS_KEY_ATTR_RECIRC_ID)) {
1157 u32 recirc_id = nla_get_u32(a[OVS_KEY_ATTR_RECIRC_ID]);
1158
1159 SW_FLOW_KEY_PUT(match, recirc_id, recirc_id, is_mask);
1160 *attrs &= ~(1 << OVS_KEY_ATTR_RECIRC_ID);
1161 }
1162
1163 if (*attrs & (1 << OVS_KEY_ATTR_PRIORITY)) {
1164 SW_FLOW_KEY_PUT(match, phy.priority,
1165 nla_get_u32(a[OVS_KEY_ATTR_PRIORITY]), is_mask);
1166 *attrs &= ~(1 << OVS_KEY_ATTR_PRIORITY);
1167 }
1168
1169 if (*attrs & (1 << OVS_KEY_ATTR_IN_PORT)) {
1170 u32 in_port = nla_get_u32(a[OVS_KEY_ATTR_IN_PORT]);
1171
1172 if (is_mask) {
1173 in_port = 0xffffffff;
1174 } else if (in_port >= DP_MAX_PORTS) {
1175 OVS_NLERR(log, "Port %d exceeds max allowable %d",
1176 in_port, DP_MAX_PORTS);
1177 return -EINVAL;
1178 }
1179
1180 SW_FLOW_KEY_PUT(match, phy.in_port, in_port, is_mask);
1181 *attrs &= ~(1 << OVS_KEY_ATTR_IN_PORT);
1182 } else if (!is_mask) {
1183 SW_FLOW_KEY_PUT(match, phy.in_port, DP_MAX_PORTS, is_mask);
1184 }
1185
1186 if (*attrs & (1 << OVS_KEY_ATTR_SKB_MARK)) {
1187 uint32_t mark = nla_get_u32(a[OVS_KEY_ATTR_SKB_MARK]);
1188
1189 SW_FLOW_KEY_PUT(match, phy.skb_mark, mark, is_mask);
1190 *attrs &= ~(1 << OVS_KEY_ATTR_SKB_MARK);
1191 }
1192 if (*attrs & (1 << OVS_KEY_ATTR_TUNNEL)) {
1193 if (ip_tun_from_nlattr(a[OVS_KEY_ATTR_TUNNEL], match,
1194 is_mask, log) < 0)
1195 return -EINVAL;
1196 *attrs &= ~(1 << OVS_KEY_ATTR_TUNNEL);
1197 }
1198
1199 if (*attrs & (1 << OVS_KEY_ATTR_CT_STATE) &&
1200 ovs_ct_verify(net, OVS_KEY_ATTR_CT_STATE)) {
1201 u32 ct_state = nla_get_u32(a[OVS_KEY_ATTR_CT_STATE]);
1202
1203 if (ct_state & ~CT_SUPPORTED_MASK) {
1204 OVS_NLERR(log, "ct_state flags %08x unsupported",
1205 ct_state);
1206 return -EINVAL;
1207 }
1208
1209 SW_FLOW_KEY_PUT(match, ct_state, ct_state, is_mask);
1210 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_STATE);
1211 }
1212 if (*attrs & (1 << OVS_KEY_ATTR_CT_ZONE) &&
1213 ovs_ct_verify(net, OVS_KEY_ATTR_CT_ZONE)) {
1214 u16 ct_zone = nla_get_u16(a[OVS_KEY_ATTR_CT_ZONE]);
1215
1216 SW_FLOW_KEY_PUT(match, ct_zone, ct_zone, is_mask);
1217 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ZONE);
1218 }
1219 if (*attrs & (1 << OVS_KEY_ATTR_CT_MARK) &&
1220 ovs_ct_verify(net, OVS_KEY_ATTR_CT_MARK)) {
1221 u32 mark = nla_get_u32(a[OVS_KEY_ATTR_CT_MARK]);
1222
1223 SW_FLOW_KEY_PUT(match, ct.mark, mark, is_mask);
1224 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_MARK);
1225 }
1226 if (*attrs & (1 << OVS_KEY_ATTR_CT_LABELS) &&
1227 ovs_ct_verify(net, OVS_KEY_ATTR_CT_LABELS)) {
1228 const struct ovs_key_ct_labels *cl;
1229
1230 cl = nla_data(a[OVS_KEY_ATTR_CT_LABELS]);
1231 SW_FLOW_KEY_MEMCPY(match, ct.labels, cl->ct_labels,
1232 sizeof(*cl), is_mask);
1233 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_LABELS);
1234 }
1235 if (*attrs & (1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4)) {
1236 const struct ovs_key_ct_tuple_ipv4 *ct;
1237
1238 ct = nla_data(a[OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4]);
1239
1240 SW_FLOW_KEY_PUT(match, ipv4.ct_orig.src, ct->ipv4_src, is_mask);
1241 SW_FLOW_KEY_PUT(match, ipv4.ct_orig.dst, ct->ipv4_dst, is_mask);
1242 SW_FLOW_KEY_PUT(match, ct.orig_tp.src, ct->src_port, is_mask);
1243 SW_FLOW_KEY_PUT(match, ct.orig_tp.dst, ct->dst_port, is_mask);
1244 SW_FLOW_KEY_PUT(match, ct_orig_proto, ct->ipv4_proto, is_mask);
1245 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4);
1246 }
1247 if (*attrs & (1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6)) {
1248 const struct ovs_key_ct_tuple_ipv6 *ct;
1249
1250 ct = nla_data(a[OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6]);
1251
1252 SW_FLOW_KEY_MEMCPY(match, ipv6.ct_orig.src, &ct->ipv6_src,
1253 sizeof(match->key->ipv6.ct_orig.src),
1254 is_mask);
1255 SW_FLOW_KEY_MEMCPY(match, ipv6.ct_orig.dst, &ct->ipv6_dst,
1256 sizeof(match->key->ipv6.ct_orig.dst),
1257 is_mask);
1258 SW_FLOW_KEY_PUT(match, ct.orig_tp.src, ct->src_port, is_mask);
1259 SW_FLOW_KEY_PUT(match, ct.orig_tp.dst, ct->dst_port, is_mask);
1260 SW_FLOW_KEY_PUT(match, ct_orig_proto, ct->ipv6_proto, is_mask);
1261 *attrs &= ~(1ULL << OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6);
1262 }
1263
1264
1265
1266
1267 if (!(*attrs & (1ULL << OVS_KEY_ATTR_ETHERNET)) &&
1268 (*attrs & (1ULL << OVS_KEY_ATTR_ETHERTYPE)))
1269 mac_proto = MAC_PROTO_NONE;
1270
1271
1272 SW_FLOW_KEY_PUT(match, mac_proto, is_mask ? 0xff : mac_proto, is_mask);
1273
1274 if (mac_proto == MAC_PROTO_NONE)
1275 return parse_eth_type_from_nlattrs(match, attrs, a, is_mask,
1276 log);
1277
1278 return 0;
1279}
1280
1281int nsh_hdr_from_nlattr(const struct nlattr *attr,
1282 struct nshhdr *nh, size_t size)
1283{
1284 struct nlattr *a;
1285 int rem;
1286 u8 flags = 0;
1287 u8 ttl = 0;
1288 int mdlen = 0;
1289
1290
1291
1292 if (size < NSH_BASE_HDR_LEN)
1293 return -ENOBUFS;
1294
1295 nla_for_each_nested(a, attr, rem) {
1296 int type = nla_type(a);
1297
1298 switch (type) {
1299 case OVS_NSH_KEY_ATTR_BASE: {
1300 const struct ovs_nsh_key_base *base = nla_data(a);
1301
1302 flags = base->flags;
1303 ttl = base->ttl;
1304 nh->np = base->np;
1305 nh->mdtype = base->mdtype;
1306 nh->path_hdr = base->path_hdr;
1307 break;
1308 }
1309 case OVS_NSH_KEY_ATTR_MD1:
1310 mdlen = nla_len(a);
1311 if (mdlen > size - NSH_BASE_HDR_LEN)
1312 return -ENOBUFS;
1313 memcpy(&nh->md1, nla_data(a), mdlen);
1314 break;
1315
1316 case OVS_NSH_KEY_ATTR_MD2:
1317 mdlen = nla_len(a);
1318 if (mdlen > size - NSH_BASE_HDR_LEN)
1319 return -ENOBUFS;
1320 memcpy(&nh->md2, nla_data(a), mdlen);
1321 break;
1322
1323 default:
1324 return -EINVAL;
1325 }
1326 }
1327
1328
1329 nh->ver_flags_ttl_len = 0;
1330 nsh_set_flags_ttl_len(nh, flags, ttl, NSH_BASE_HDR_LEN + mdlen);
1331
1332 return 0;
1333}
1334
1335int nsh_key_from_nlattr(const struct nlattr *attr,
1336 struct ovs_key_nsh *nsh, struct ovs_key_nsh *nsh_mask)
1337{
1338 struct nlattr *a;
1339 int rem;
1340
1341
1342
1343 nla_for_each_nested(a, attr, rem) {
1344 int type = nla_type(a);
1345
1346 switch (type) {
1347 case OVS_NSH_KEY_ATTR_BASE: {
1348 const struct ovs_nsh_key_base *base = nla_data(a);
1349 const struct ovs_nsh_key_base *base_mask = base + 1;
1350
1351 nsh->base = *base;
1352 nsh_mask->base = *base_mask;
1353 break;
1354 }
1355 case OVS_NSH_KEY_ATTR_MD1: {
1356 const struct ovs_nsh_key_md1 *md1 = nla_data(a);
1357 const struct ovs_nsh_key_md1 *md1_mask = md1 + 1;
1358
1359 memcpy(nsh->context, md1->context, sizeof(*md1));
1360 memcpy(nsh_mask->context, md1_mask->context,
1361 sizeof(*md1_mask));
1362 break;
1363 }
1364 case OVS_NSH_KEY_ATTR_MD2:
1365
1366 return -ENOTSUPP;
1367 default:
1368 return -EINVAL;
1369 }
1370 }
1371
1372 return 0;
1373}
1374
1375static int nsh_key_put_from_nlattr(const struct nlattr *attr,
1376 struct sw_flow_match *match, bool is_mask,
1377 bool is_push_nsh, bool log)
1378{
1379 struct nlattr *a;
1380 int rem;
1381 bool has_base = false;
1382 bool has_md1 = false;
1383 bool has_md2 = false;
1384 u8 mdtype = 0;
1385 int mdlen = 0;
1386
1387 if (WARN_ON(is_push_nsh && is_mask))
1388 return -EINVAL;
1389
1390 nla_for_each_nested(a, attr, rem) {
1391 int type = nla_type(a);
1392 int i;
1393
1394 if (type > OVS_NSH_KEY_ATTR_MAX) {
1395 OVS_NLERR(log, "nsh attr %d is out of range max %d",
1396 type, OVS_NSH_KEY_ATTR_MAX);
1397 return -EINVAL;
1398 }
1399
1400 if (!check_attr_len(nla_len(a),
1401 ovs_nsh_key_attr_lens[type].len)) {
1402 OVS_NLERR(
1403 log,
1404 "nsh attr %d has unexpected len %d expected %d",
1405 type,
1406 nla_len(a),
1407 ovs_nsh_key_attr_lens[type].len
1408 );
1409 return -EINVAL;
1410 }
1411
1412 switch (type) {
1413 case OVS_NSH_KEY_ATTR_BASE: {
1414 const struct ovs_nsh_key_base *base = nla_data(a);
1415
1416 has_base = true;
1417 mdtype = base->mdtype;
1418 SW_FLOW_KEY_PUT(match, nsh.base.flags,
1419 base->flags, is_mask);
1420 SW_FLOW_KEY_PUT(match, nsh.base.ttl,
1421 base->ttl, is_mask);
1422 SW_FLOW_KEY_PUT(match, nsh.base.mdtype,
1423 base->mdtype, is_mask);
1424 SW_FLOW_KEY_PUT(match, nsh.base.np,
1425 base->np, is_mask);
1426 SW_FLOW_KEY_PUT(match, nsh.base.path_hdr,
1427 base->path_hdr, is_mask);
1428 break;
1429 }
1430 case OVS_NSH_KEY_ATTR_MD1: {
1431 const struct ovs_nsh_key_md1 *md1 = nla_data(a);
1432
1433 has_md1 = true;
1434 for (i = 0; i < NSH_MD1_CONTEXT_SIZE; i++)
1435 SW_FLOW_KEY_PUT(match, nsh.context[i],
1436 md1->context[i], is_mask);
1437 break;
1438 }
1439 case OVS_NSH_KEY_ATTR_MD2:
1440 if (!is_push_nsh)
1441 return -ENOTSUPP;
1442
1443 has_md2 = true;
1444 mdlen = nla_len(a);
1445 if (mdlen > NSH_CTX_HDRS_MAX_LEN || mdlen <= 0) {
1446 OVS_NLERR(
1447 log,
1448 "Invalid MD length %d for MD type %d",
1449 mdlen,
1450 mdtype
1451 );
1452 return -EINVAL;
1453 }
1454 break;
1455 default:
1456 OVS_NLERR(log, "Unknown nsh attribute %d",
1457 type);
1458 return -EINVAL;
1459 }
1460 }
1461
1462 if (rem > 0) {
1463 OVS_NLERR(log, "nsh attribute has %d unknown bytes.", rem);
1464 return -EINVAL;
1465 }
1466
1467 if (has_md1 && has_md2) {
1468 OVS_NLERR(
1469 1,
1470 "invalid nsh attribute: md1 and md2 are exclusive."
1471 );
1472 return -EINVAL;
1473 }
1474
1475 if (!is_mask) {
1476 if ((has_md1 && mdtype != NSH_M_TYPE1) ||
1477 (has_md2 && mdtype != NSH_M_TYPE2)) {
1478 OVS_NLERR(1, "nsh attribute has unmatched MD type %d.",
1479 mdtype);
1480 return -EINVAL;
1481 }
1482
1483 if (is_push_nsh &&
1484 (!has_base || (!has_md1 && !has_md2))) {
1485 OVS_NLERR(
1486 1,
1487 "push_nsh: missing base or metadata attributes"
1488 );
1489 return -EINVAL;
1490 }
1491 }
1492
1493 return 0;
1494}
1495
1496static int ovs_key_from_nlattrs(struct net *net, struct sw_flow_match *match,
1497 u64 attrs, const struct nlattr **a,
1498 bool is_mask, bool log)
1499{
1500 int err;
1501
1502 err = metadata_from_nlattrs(net, match, &attrs, a, is_mask, log);
1503 if (err)
1504 return err;
1505
1506 if (attrs & (1 << OVS_KEY_ATTR_ETHERNET)) {
1507 const struct ovs_key_ethernet *eth_key;
1508
1509 eth_key = nla_data(a[OVS_KEY_ATTR_ETHERNET]);
1510 SW_FLOW_KEY_MEMCPY(match, eth.src,
1511 eth_key->eth_src, ETH_ALEN, is_mask);
1512 SW_FLOW_KEY_MEMCPY(match, eth.dst,
1513 eth_key->eth_dst, ETH_ALEN, is_mask);
1514 attrs &= ~(1 << OVS_KEY_ATTR_ETHERNET);
1515
1516 if (attrs & (1 << OVS_KEY_ATTR_VLAN)) {
1517
1518
1519
1520 OVS_NLERR(log, "VLAN attribute unexpected.");
1521 return -EINVAL;
1522 }
1523
1524 if (attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) {
1525 err = parse_eth_type_from_nlattrs(match, &attrs, a, is_mask,
1526 log);
1527 if (err)
1528 return err;
1529 } else if (!is_mask) {
1530 SW_FLOW_KEY_PUT(match, eth.type, htons(ETH_P_802_2), is_mask);
1531 }
1532 } else if (!match->key->eth.type) {
1533 OVS_NLERR(log, "Either Ethernet header or EtherType is required.");
1534 return -EINVAL;
1535 }
1536
1537 if (attrs & (1 << OVS_KEY_ATTR_IPV4)) {
1538 const struct ovs_key_ipv4 *ipv4_key;
1539
1540 ipv4_key = nla_data(a[OVS_KEY_ATTR_IPV4]);
1541 if (!is_mask && ipv4_key->ipv4_frag > OVS_FRAG_TYPE_MAX) {
1542 OVS_NLERR(log, "IPv4 frag type %d is out of range max %d",
1543 ipv4_key->ipv4_frag, OVS_FRAG_TYPE_MAX);
1544 return -EINVAL;
1545 }
1546 SW_FLOW_KEY_PUT(match, ip.proto,
1547 ipv4_key->ipv4_proto, is_mask);
1548 SW_FLOW_KEY_PUT(match, ip.tos,
1549 ipv4_key->ipv4_tos, is_mask);
1550 SW_FLOW_KEY_PUT(match, ip.ttl,
1551 ipv4_key->ipv4_ttl, is_mask);
1552 SW_FLOW_KEY_PUT(match, ip.frag,
1553 ipv4_key->ipv4_frag, is_mask);
1554 SW_FLOW_KEY_PUT(match, ipv4.addr.src,
1555 ipv4_key->ipv4_src, is_mask);
1556 SW_FLOW_KEY_PUT(match, ipv4.addr.dst,
1557 ipv4_key->ipv4_dst, is_mask);
1558 attrs &= ~(1 << OVS_KEY_ATTR_IPV4);
1559 }
1560
1561 if (attrs & (1 << OVS_KEY_ATTR_IPV6)) {
1562 const struct ovs_key_ipv6 *ipv6_key;
1563
1564 ipv6_key = nla_data(a[OVS_KEY_ATTR_IPV6]);
1565 if (!is_mask && ipv6_key->ipv6_frag > OVS_FRAG_TYPE_MAX) {
1566 OVS_NLERR(log, "IPv6 frag type %d is out of range max %d",
1567 ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX);
1568 return -EINVAL;
1569 }
1570
1571 if (!is_mask && ipv6_key->ipv6_label & htonl(0xFFF00000)) {
1572 OVS_NLERR(log, "IPv6 flow label %x is out of range (max=%x)",
1573 ntohl(ipv6_key->ipv6_label), (1 << 20) - 1);
1574 return -EINVAL;
1575 }
1576
1577 SW_FLOW_KEY_PUT(match, ipv6.label,
1578 ipv6_key->ipv6_label, is_mask);
1579 SW_FLOW_KEY_PUT(match, ip.proto,
1580 ipv6_key->ipv6_proto, is_mask);
1581 SW_FLOW_KEY_PUT(match, ip.tos,
1582 ipv6_key->ipv6_tclass, is_mask);
1583 SW_FLOW_KEY_PUT(match, ip.ttl,
1584 ipv6_key->ipv6_hlimit, is_mask);
1585 SW_FLOW_KEY_PUT(match, ip.frag,
1586 ipv6_key->ipv6_frag, is_mask);
1587 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.src,
1588 ipv6_key->ipv6_src,
1589 sizeof(match->key->ipv6.addr.src),
1590 is_mask);
1591 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.dst,
1592 ipv6_key->ipv6_dst,
1593 sizeof(match->key->ipv6.addr.dst),
1594 is_mask);
1595
1596 attrs &= ~(1 << OVS_KEY_ATTR_IPV6);
1597 }
1598
1599 if (attrs & (1 << OVS_KEY_ATTR_ARP)) {
1600 const struct ovs_key_arp *arp_key;
1601
1602 arp_key = nla_data(a[OVS_KEY_ATTR_ARP]);
1603 if (!is_mask && (arp_key->arp_op & htons(0xff00))) {
1604 OVS_NLERR(log, "Unknown ARP opcode (opcode=%d).",
1605 arp_key->arp_op);
1606 return -EINVAL;
1607 }
1608
1609 SW_FLOW_KEY_PUT(match, ipv4.addr.src,
1610 arp_key->arp_sip, is_mask);
1611 SW_FLOW_KEY_PUT(match, ipv4.addr.dst,
1612 arp_key->arp_tip, is_mask);
1613 SW_FLOW_KEY_PUT(match, ip.proto,
1614 ntohs(arp_key->arp_op), is_mask);
1615 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.sha,
1616 arp_key->arp_sha, ETH_ALEN, is_mask);
1617 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.tha,
1618 arp_key->arp_tha, ETH_ALEN, is_mask);
1619
1620 attrs &= ~(1 << OVS_KEY_ATTR_ARP);
1621 }
1622
1623 if (attrs & (1 << OVS_KEY_ATTR_NSH)) {
1624 if (nsh_key_put_from_nlattr(a[OVS_KEY_ATTR_NSH], match,
1625 is_mask, false, log) < 0)
1626 return -EINVAL;
1627 attrs &= ~(1 << OVS_KEY_ATTR_NSH);
1628 }
1629
1630 if (attrs & (1 << OVS_KEY_ATTR_MPLS)) {
1631 const struct ovs_key_mpls *mpls_key;
1632 u32 hdr_len;
1633 u32 label_count, label_count_mask, i;
1634
1635 mpls_key = nla_data(a[OVS_KEY_ATTR_MPLS]);
1636 hdr_len = nla_len(a[OVS_KEY_ATTR_MPLS]);
1637 label_count = hdr_len / sizeof(struct ovs_key_mpls);
1638
1639 if (label_count == 0 || label_count > MPLS_LABEL_DEPTH ||
1640 hdr_len % sizeof(struct ovs_key_mpls))
1641 return -EINVAL;
1642
1643 label_count_mask = GENMASK(label_count - 1, 0);
1644
1645 for (i = 0 ; i < label_count; i++)
1646 SW_FLOW_KEY_PUT(match, mpls.lse[i],
1647 mpls_key[i].mpls_lse, is_mask);
1648
1649 SW_FLOW_KEY_PUT(match, mpls.num_labels_mask,
1650 label_count_mask, is_mask);
1651
1652 attrs &= ~(1 << OVS_KEY_ATTR_MPLS);
1653 }
1654
1655 if (attrs & (1 << OVS_KEY_ATTR_TCP)) {
1656 const struct ovs_key_tcp *tcp_key;
1657
1658 tcp_key = nla_data(a[OVS_KEY_ATTR_TCP]);
1659 SW_FLOW_KEY_PUT(match, tp.src, tcp_key->tcp_src, is_mask);
1660 SW_FLOW_KEY_PUT(match, tp.dst, tcp_key->tcp_dst, is_mask);
1661 attrs &= ~(1 << OVS_KEY_ATTR_TCP);
1662 }
1663
1664 if (attrs & (1 << OVS_KEY_ATTR_TCP_FLAGS)) {
1665 SW_FLOW_KEY_PUT(match, tp.flags,
1666 nla_get_be16(a[OVS_KEY_ATTR_TCP_FLAGS]),
1667 is_mask);
1668 attrs &= ~(1 << OVS_KEY_ATTR_TCP_FLAGS);
1669 }
1670
1671 if (attrs & (1 << OVS_KEY_ATTR_UDP)) {
1672 const struct ovs_key_udp *udp_key;
1673
1674 udp_key = nla_data(a[OVS_KEY_ATTR_UDP]);
1675 SW_FLOW_KEY_PUT(match, tp.src, udp_key->udp_src, is_mask);
1676 SW_FLOW_KEY_PUT(match, tp.dst, udp_key->udp_dst, is_mask);
1677 attrs &= ~(1 << OVS_KEY_ATTR_UDP);
1678 }
1679
1680 if (attrs & (1 << OVS_KEY_ATTR_SCTP)) {
1681 const struct ovs_key_sctp *sctp_key;
1682
1683 sctp_key = nla_data(a[OVS_KEY_ATTR_SCTP]);
1684 SW_FLOW_KEY_PUT(match, tp.src, sctp_key->sctp_src, is_mask);
1685 SW_FLOW_KEY_PUT(match, tp.dst, sctp_key->sctp_dst, is_mask);
1686 attrs &= ~(1 << OVS_KEY_ATTR_SCTP);
1687 }
1688
1689 if (attrs & (1 << OVS_KEY_ATTR_ICMP)) {
1690 const struct ovs_key_icmp *icmp_key;
1691
1692 icmp_key = nla_data(a[OVS_KEY_ATTR_ICMP]);
1693 SW_FLOW_KEY_PUT(match, tp.src,
1694 htons(icmp_key->icmp_type), is_mask);
1695 SW_FLOW_KEY_PUT(match, tp.dst,
1696 htons(icmp_key->icmp_code), is_mask);
1697 attrs &= ~(1 << OVS_KEY_ATTR_ICMP);
1698 }
1699
1700 if (attrs & (1 << OVS_KEY_ATTR_ICMPV6)) {
1701 const struct ovs_key_icmpv6 *icmpv6_key;
1702
1703 icmpv6_key = nla_data(a[OVS_KEY_ATTR_ICMPV6]);
1704 SW_FLOW_KEY_PUT(match, tp.src,
1705 htons(icmpv6_key->icmpv6_type), is_mask);
1706 SW_FLOW_KEY_PUT(match, tp.dst,
1707 htons(icmpv6_key->icmpv6_code), is_mask);
1708 attrs &= ~(1 << OVS_KEY_ATTR_ICMPV6);
1709 }
1710
1711 if (attrs & (1 << OVS_KEY_ATTR_ND)) {
1712 const struct ovs_key_nd *nd_key;
1713
1714 nd_key = nla_data(a[OVS_KEY_ATTR_ND]);
1715 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.target,
1716 nd_key->nd_target,
1717 sizeof(match->key->ipv6.nd.target),
1718 is_mask);
1719 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.sll,
1720 nd_key->nd_sll, ETH_ALEN, is_mask);
1721 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.tll,
1722 nd_key->nd_tll, ETH_ALEN, is_mask);
1723 attrs &= ~(1 << OVS_KEY_ATTR_ND);
1724 }
1725
1726 if (attrs != 0) {
1727 OVS_NLERR(log, "Unknown key attributes %llx",
1728 (unsigned long long)attrs);
1729 return -EINVAL;
1730 }
1731
1732 return 0;
1733}
1734
1735static void nlattr_set(struct nlattr *attr, u8 val,
1736 const struct ovs_len_tbl *tbl)
1737{
1738 struct nlattr *nla;
1739 int rem;
1740
1741
1742 nla_for_each_nested(nla, attr, rem) {
1743 if (tbl[nla_type(nla)].len == OVS_ATTR_NESTED)
1744 nlattr_set(nla, val, tbl[nla_type(nla)].next ? : tbl);
1745 else
1746 memset(nla_data(nla), val, nla_len(nla));
1747
1748 if (nla_type(nla) == OVS_KEY_ATTR_CT_STATE)
1749 *(u32 *)nla_data(nla) &= CT_SUPPORTED_MASK;
1750 }
1751}
1752
1753static void mask_set_nlattr(struct nlattr *attr, u8 val)
1754{
1755 nlattr_set(attr, val, ovs_key_lens);
1756}
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774int ovs_nla_get_match(struct net *net, struct sw_flow_match *match,
1775 const struct nlattr *nla_key,
1776 const struct nlattr *nla_mask,
1777 bool log)
1778{
1779 const struct nlattr *a[OVS_KEY_ATTR_MAX + 1];
1780 struct nlattr *newmask = NULL;
1781 u64 key_attrs = 0;
1782 u64 mask_attrs = 0;
1783 int err;
1784
1785 err = parse_flow_nlattrs(nla_key, a, &key_attrs, log);
1786 if (err)
1787 return err;
1788
1789 err = parse_vlan_from_nlattrs(match, &key_attrs, a, false, log);
1790 if (err)
1791 return err;
1792
1793 err = ovs_key_from_nlattrs(net, match, key_attrs, a, false, log);
1794 if (err)
1795 return err;
1796
1797 if (match->mask) {
1798 if (!nla_mask) {
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809 newmask = kmemdup(nla_key,
1810 nla_total_size(nla_len(nla_key)),
1811 GFP_KERNEL);
1812 if (!newmask)
1813 return -ENOMEM;
1814
1815 mask_set_nlattr(newmask, 0xff);
1816
1817
1818
1819
1820 if (match->key->tun_proto)
1821 SW_FLOW_KEY_MEMSET_FIELD(match, tun_key,
1822 0xff, true);
1823
1824 nla_mask = newmask;
1825 }
1826
1827 err = parse_flow_mask_nlattrs(nla_mask, a, &mask_attrs, log);
1828 if (err)
1829 goto free_newmask;
1830
1831
1832 SW_FLOW_KEY_PUT(match, eth.vlan.tci, htons(0xffff), true);
1833 SW_FLOW_KEY_PUT(match, eth.cvlan.tci, htons(0xffff), true);
1834
1835 err = parse_vlan_from_nlattrs(match, &mask_attrs, a, true, log);
1836 if (err)
1837 goto free_newmask;
1838
1839 err = ovs_key_from_nlattrs(net, match, mask_attrs, a, true,
1840 log);
1841 if (err)
1842 goto free_newmask;
1843 }
1844
1845 if (!match_validate(match, key_attrs, mask_attrs, log))
1846 err = -EINVAL;
1847
1848free_newmask:
1849 kfree(newmask);
1850 return err;
1851}
1852
1853static size_t get_ufid_len(const struct nlattr *attr, bool log)
1854{
1855 size_t len;
1856
1857 if (!attr)
1858 return 0;
1859
1860 len = nla_len(attr);
1861 if (len < 1 || len > MAX_UFID_LENGTH) {
1862 OVS_NLERR(log, "ufid size %u bytes exceeds the range (1, %d)",
1863 nla_len(attr), MAX_UFID_LENGTH);
1864 return 0;
1865 }
1866
1867 return len;
1868}
1869
1870
1871
1872
1873bool ovs_nla_get_ufid(struct sw_flow_id *sfid, const struct nlattr *attr,
1874 bool log)
1875{
1876 sfid->ufid_len = get_ufid_len(attr, log);
1877 if (sfid->ufid_len)
1878 memcpy(sfid->ufid, nla_data(attr), sfid->ufid_len);
1879
1880 return sfid->ufid_len;
1881}
1882
1883int ovs_nla_get_identifier(struct sw_flow_id *sfid, const struct nlattr *ufid,
1884 const struct sw_flow_key *key, bool log)
1885{
1886 struct sw_flow_key *new_key;
1887
1888 if (ovs_nla_get_ufid(sfid, ufid, log))
1889 return 0;
1890
1891
1892 new_key = kmalloc(sizeof(*new_key), GFP_KERNEL);
1893 if (!new_key)
1894 return -ENOMEM;
1895 memcpy(new_key, key, sizeof(*key));
1896 sfid->unmasked_key = new_key;
1897
1898 return 0;
1899}
1900
1901u32 ovs_nla_get_ufid_flags(const struct nlattr *attr)
1902{
1903 return attr ? nla_get_u32(attr) : 0;
1904}
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926int ovs_nla_get_flow_metadata(struct net *net,
1927 const struct nlattr *a[OVS_KEY_ATTR_MAX + 1],
1928 u64 attrs, struct sw_flow_key *key, bool log)
1929{
1930 struct sw_flow_match match;
1931
1932 memset(&match, 0, sizeof(match));
1933 match.key = key;
1934
1935 key->ct_state = 0;
1936 key->ct_zone = 0;
1937 key->ct_orig_proto = 0;
1938 memset(&key->ct, 0, sizeof(key->ct));
1939 memset(&key->ipv4.ct_orig, 0, sizeof(key->ipv4.ct_orig));
1940 memset(&key->ipv6.ct_orig, 0, sizeof(key->ipv6.ct_orig));
1941
1942 key->phy.in_port = DP_MAX_PORTS;
1943
1944 return metadata_from_nlattrs(net, &match, &attrs, a, false, log);
1945}
1946
1947static int ovs_nla_put_vlan(struct sk_buff *skb, const struct vlan_head *vh,
1948 bool is_mask)
1949{
1950 __be16 eth_type = !is_mask ? vh->tpid : htons(0xffff);
1951
1952 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, eth_type) ||
1953 nla_put_be16(skb, OVS_KEY_ATTR_VLAN, vh->tci))
1954 return -EMSGSIZE;
1955 return 0;
1956}
1957
1958static int nsh_key_to_nlattr(const struct ovs_key_nsh *nsh, bool is_mask,
1959 struct sk_buff *skb)
1960{
1961 struct nlattr *start;
1962
1963 start = nla_nest_start_noflag(skb, OVS_KEY_ATTR_NSH);
1964 if (!start)
1965 return -EMSGSIZE;
1966
1967 if (nla_put(skb, OVS_NSH_KEY_ATTR_BASE, sizeof(nsh->base), &nsh->base))
1968 goto nla_put_failure;
1969
1970 if (is_mask || nsh->base.mdtype == NSH_M_TYPE1) {
1971 if (nla_put(skb, OVS_NSH_KEY_ATTR_MD1,
1972 sizeof(nsh->context), nsh->context))
1973 goto nla_put_failure;
1974 }
1975
1976
1977
1978 nla_nest_end(skb, start);
1979
1980 return 0;
1981
1982nla_put_failure:
1983 return -EMSGSIZE;
1984}
1985
1986static int __ovs_nla_put_key(const struct sw_flow_key *swkey,
1987 const struct sw_flow_key *output, bool is_mask,
1988 struct sk_buff *skb)
1989{
1990 struct ovs_key_ethernet *eth_key;
1991 struct nlattr *nla;
1992 struct nlattr *encap = NULL;
1993 struct nlattr *in_encap = NULL;
1994
1995 if (nla_put_u32(skb, OVS_KEY_ATTR_RECIRC_ID, output->recirc_id))
1996 goto nla_put_failure;
1997
1998 if (nla_put_u32(skb, OVS_KEY_ATTR_DP_HASH, output->ovs_flow_hash))
1999 goto nla_put_failure;
2000
2001 if (nla_put_u32(skb, OVS_KEY_ATTR_PRIORITY, output->phy.priority))
2002 goto nla_put_failure;
2003
2004 if ((swkey->tun_proto || is_mask)) {
2005 const void *opts = NULL;
2006
2007 if (output->tun_key.tun_flags & TUNNEL_OPTIONS_PRESENT)
2008 opts = TUN_METADATA_OPTS(output, swkey->tun_opts_len);
2009
2010 if (ip_tun_to_nlattr(skb, &output->tun_key, opts,
2011 swkey->tun_opts_len, swkey->tun_proto, 0))
2012 goto nla_put_failure;
2013 }
2014
2015 if (swkey->phy.in_port == DP_MAX_PORTS) {
2016 if (is_mask && (output->phy.in_port == 0xffff))
2017 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT, 0xffffffff))
2018 goto nla_put_failure;
2019 } else {
2020 u16 upper_u16;
2021 upper_u16 = !is_mask ? 0 : 0xffff;
2022
2023 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT,
2024 (upper_u16 << 16) | output->phy.in_port))
2025 goto nla_put_failure;
2026 }
2027
2028 if (nla_put_u32(skb, OVS_KEY_ATTR_SKB_MARK, output->phy.skb_mark))
2029 goto nla_put_failure;
2030
2031 if (ovs_ct_put_key(swkey, output, skb))
2032 goto nla_put_failure;
2033
2034 if (ovs_key_mac_proto(swkey) == MAC_PROTO_ETHERNET) {
2035 nla = nla_reserve(skb, OVS_KEY_ATTR_ETHERNET, sizeof(*eth_key));
2036 if (!nla)
2037 goto nla_put_failure;
2038
2039 eth_key = nla_data(nla);
2040 ether_addr_copy(eth_key->eth_src, output->eth.src);
2041 ether_addr_copy(eth_key->eth_dst, output->eth.dst);
2042
2043 if (swkey->eth.vlan.tci || eth_type_vlan(swkey->eth.type)) {
2044 if (ovs_nla_put_vlan(skb, &output->eth.vlan, is_mask))
2045 goto nla_put_failure;
2046 encap = nla_nest_start_noflag(skb, OVS_KEY_ATTR_ENCAP);
2047 if (!swkey->eth.vlan.tci)
2048 goto unencap;
2049
2050 if (swkey->eth.cvlan.tci || eth_type_vlan(swkey->eth.type)) {
2051 if (ovs_nla_put_vlan(skb, &output->eth.cvlan, is_mask))
2052 goto nla_put_failure;
2053 in_encap = nla_nest_start_noflag(skb,
2054 OVS_KEY_ATTR_ENCAP);
2055 if (!swkey->eth.cvlan.tci)
2056 goto unencap;
2057 }
2058 }
2059
2060 if (swkey->eth.type == htons(ETH_P_802_2)) {
2061
2062
2063
2064
2065
2066
2067 if (is_mask && output->eth.type)
2068 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE,
2069 output->eth.type))
2070 goto nla_put_failure;
2071 goto unencap;
2072 }
2073 }
2074
2075 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, output->eth.type))
2076 goto nla_put_failure;
2077
2078 if (eth_type_vlan(swkey->eth.type)) {
2079
2080
2081
2082 WARN_ON_ONCE(!(encap && in_encap));
2083 goto unencap;
2084 }
2085
2086 if (swkey->eth.type == htons(ETH_P_IP)) {
2087 struct ovs_key_ipv4 *ipv4_key;
2088
2089 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV4, sizeof(*ipv4_key));
2090 if (!nla)
2091 goto nla_put_failure;
2092 ipv4_key = nla_data(nla);
2093 ipv4_key->ipv4_src = output->ipv4.addr.src;
2094 ipv4_key->ipv4_dst = output->ipv4.addr.dst;
2095 ipv4_key->ipv4_proto = output->ip.proto;
2096 ipv4_key->ipv4_tos = output->ip.tos;
2097 ipv4_key->ipv4_ttl = output->ip.ttl;
2098 ipv4_key->ipv4_frag = output->ip.frag;
2099 } else if (swkey->eth.type == htons(ETH_P_IPV6)) {
2100 struct ovs_key_ipv6 *ipv6_key;
2101
2102 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV6, sizeof(*ipv6_key));
2103 if (!nla)
2104 goto nla_put_failure;
2105 ipv6_key = nla_data(nla);
2106 memcpy(ipv6_key->ipv6_src, &output->ipv6.addr.src,
2107 sizeof(ipv6_key->ipv6_src));
2108 memcpy(ipv6_key->ipv6_dst, &output->ipv6.addr.dst,
2109 sizeof(ipv6_key->ipv6_dst));
2110 ipv6_key->ipv6_label = output->ipv6.label;
2111 ipv6_key->ipv6_proto = output->ip.proto;
2112 ipv6_key->ipv6_tclass = output->ip.tos;
2113 ipv6_key->ipv6_hlimit = output->ip.ttl;
2114 ipv6_key->ipv6_frag = output->ip.frag;
2115 } else if (swkey->eth.type == htons(ETH_P_NSH)) {
2116 if (nsh_key_to_nlattr(&output->nsh, is_mask, skb))
2117 goto nla_put_failure;
2118 } else if (swkey->eth.type == htons(ETH_P_ARP) ||
2119 swkey->eth.type == htons(ETH_P_RARP)) {
2120 struct ovs_key_arp *arp_key;
2121
2122 nla = nla_reserve(skb, OVS_KEY_ATTR_ARP, sizeof(*arp_key));
2123 if (!nla)
2124 goto nla_put_failure;
2125 arp_key = nla_data(nla);
2126 memset(arp_key, 0, sizeof(struct ovs_key_arp));
2127 arp_key->arp_sip = output->ipv4.addr.src;
2128 arp_key->arp_tip = output->ipv4.addr.dst;
2129 arp_key->arp_op = htons(output->ip.proto);
2130 ether_addr_copy(arp_key->arp_sha, output->ipv4.arp.sha);
2131 ether_addr_copy(arp_key->arp_tha, output->ipv4.arp.tha);
2132 } else if (eth_p_mpls(swkey->eth.type)) {
2133 u8 i, num_labels;
2134 struct ovs_key_mpls *mpls_key;
2135
2136 num_labels = hweight_long(output->mpls.num_labels_mask);
2137 nla = nla_reserve(skb, OVS_KEY_ATTR_MPLS,
2138 num_labels * sizeof(*mpls_key));
2139 if (!nla)
2140 goto nla_put_failure;
2141
2142 mpls_key = nla_data(nla);
2143 for (i = 0; i < num_labels; i++)
2144 mpls_key[i].mpls_lse = output->mpls.lse[i];
2145 }
2146
2147 if ((swkey->eth.type == htons(ETH_P_IP) ||
2148 swkey->eth.type == htons(ETH_P_IPV6)) &&
2149 swkey->ip.frag != OVS_FRAG_TYPE_LATER) {
2150
2151 if (swkey->ip.proto == IPPROTO_TCP) {
2152 struct ovs_key_tcp *tcp_key;
2153
2154 nla = nla_reserve(skb, OVS_KEY_ATTR_TCP, sizeof(*tcp_key));
2155 if (!nla)
2156 goto nla_put_failure;
2157 tcp_key = nla_data(nla);
2158 tcp_key->tcp_src = output->tp.src;
2159 tcp_key->tcp_dst = output->tp.dst;
2160 if (nla_put_be16(skb, OVS_KEY_ATTR_TCP_FLAGS,
2161 output->tp.flags))
2162 goto nla_put_failure;
2163 } else if (swkey->ip.proto == IPPROTO_UDP) {
2164 struct ovs_key_udp *udp_key;
2165
2166 nla = nla_reserve(skb, OVS_KEY_ATTR_UDP, sizeof(*udp_key));
2167 if (!nla)
2168 goto nla_put_failure;
2169 udp_key = nla_data(nla);
2170 udp_key->udp_src = output->tp.src;
2171 udp_key->udp_dst = output->tp.dst;
2172 } else if (swkey->ip.proto == IPPROTO_SCTP) {
2173 struct ovs_key_sctp *sctp_key;
2174
2175 nla = nla_reserve(skb, OVS_KEY_ATTR_SCTP, sizeof(*sctp_key));
2176 if (!nla)
2177 goto nla_put_failure;
2178 sctp_key = nla_data(nla);
2179 sctp_key->sctp_src = output->tp.src;
2180 sctp_key->sctp_dst = output->tp.dst;
2181 } else if (swkey->eth.type == htons(ETH_P_IP) &&
2182 swkey->ip.proto == IPPROTO_ICMP) {
2183 struct ovs_key_icmp *icmp_key;
2184
2185 nla = nla_reserve(skb, OVS_KEY_ATTR_ICMP, sizeof(*icmp_key));
2186 if (!nla)
2187 goto nla_put_failure;
2188 icmp_key = nla_data(nla);
2189 icmp_key->icmp_type = ntohs(output->tp.src);
2190 icmp_key->icmp_code = ntohs(output->tp.dst);
2191 } else if (swkey->eth.type == htons(ETH_P_IPV6) &&
2192 swkey->ip.proto == IPPROTO_ICMPV6) {
2193 struct ovs_key_icmpv6 *icmpv6_key;
2194
2195 nla = nla_reserve(skb, OVS_KEY_ATTR_ICMPV6,
2196 sizeof(*icmpv6_key));
2197 if (!nla)
2198 goto nla_put_failure;
2199 icmpv6_key = nla_data(nla);
2200 icmpv6_key->icmpv6_type = ntohs(output->tp.src);
2201 icmpv6_key->icmpv6_code = ntohs(output->tp.dst);
2202
2203 if (icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_SOLICITATION ||
2204 icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_ADVERTISEMENT) {
2205 struct ovs_key_nd *nd_key;
2206
2207 nla = nla_reserve(skb, OVS_KEY_ATTR_ND, sizeof(*nd_key));
2208 if (!nla)
2209 goto nla_put_failure;
2210 nd_key = nla_data(nla);
2211 memcpy(nd_key->nd_target, &output->ipv6.nd.target,
2212 sizeof(nd_key->nd_target));
2213 ether_addr_copy(nd_key->nd_sll, output->ipv6.nd.sll);
2214 ether_addr_copy(nd_key->nd_tll, output->ipv6.nd.tll);
2215 }
2216 }
2217 }
2218
2219unencap:
2220 if (in_encap)
2221 nla_nest_end(skb, in_encap);
2222 if (encap)
2223 nla_nest_end(skb, encap);
2224
2225 return 0;
2226
2227nla_put_failure:
2228 return -EMSGSIZE;
2229}
2230
2231int ovs_nla_put_key(const struct sw_flow_key *swkey,
2232 const struct sw_flow_key *output, int attr, bool is_mask,
2233 struct sk_buff *skb)
2234{
2235 int err;
2236 struct nlattr *nla;
2237
2238 nla = nla_nest_start_noflag(skb, attr);
2239 if (!nla)
2240 return -EMSGSIZE;
2241 err = __ovs_nla_put_key(swkey, output, is_mask, skb);
2242 if (err)
2243 return err;
2244 nla_nest_end(skb, nla);
2245
2246 return 0;
2247}
2248
2249
2250int ovs_nla_put_identifier(const struct sw_flow *flow, struct sk_buff *skb)
2251{
2252 if (ovs_identifier_is_ufid(&flow->id))
2253 return nla_put(skb, OVS_FLOW_ATTR_UFID, flow->id.ufid_len,
2254 flow->id.ufid);
2255
2256 return ovs_nla_put_key(flow->id.unmasked_key, flow->id.unmasked_key,
2257 OVS_FLOW_ATTR_KEY, false, skb);
2258}
2259
2260
2261int ovs_nla_put_masked_key(const struct sw_flow *flow, struct sk_buff *skb)
2262{
2263 return ovs_nla_put_key(&flow->key, &flow->key,
2264 OVS_FLOW_ATTR_KEY, false, skb);
2265}
2266
2267
2268int ovs_nla_put_mask(const struct sw_flow *flow, struct sk_buff *skb)
2269{
2270 return ovs_nla_put_key(&flow->key, &flow->mask->key,
2271 OVS_FLOW_ATTR_MASK, true, skb);
2272}
2273
2274#define MAX_ACTIONS_BUFSIZE (32 * 1024)
2275
2276static struct sw_flow_actions *nla_alloc_flow_actions(int size)
2277{
2278 struct sw_flow_actions *sfa;
2279
2280 WARN_ON_ONCE(size > MAX_ACTIONS_BUFSIZE);
2281
2282 sfa = kmalloc(sizeof(*sfa) + size, GFP_KERNEL);
2283 if (!sfa)
2284 return ERR_PTR(-ENOMEM);
2285
2286 sfa->actions_len = 0;
2287 return sfa;
2288}
2289
2290static void ovs_nla_free_set_action(const struct nlattr *a)
2291{
2292 const struct nlattr *ovs_key = nla_data(a);
2293 struct ovs_tunnel_info *ovs_tun;
2294
2295 switch (nla_type(ovs_key)) {
2296 case OVS_KEY_ATTR_TUNNEL_INFO:
2297 ovs_tun = nla_data(ovs_key);
2298 dst_release((struct dst_entry *)ovs_tun->tun_dst);
2299 break;
2300 }
2301}
2302
2303void ovs_nla_free_flow_actions(struct sw_flow_actions *sf_acts)
2304{
2305 const struct nlattr *a;
2306 int rem;
2307
2308 if (!sf_acts)
2309 return;
2310
2311 nla_for_each_attr(a, sf_acts->actions, sf_acts->actions_len, rem) {
2312 switch (nla_type(a)) {
2313 case OVS_ACTION_ATTR_SET:
2314 ovs_nla_free_set_action(a);
2315 break;
2316 case OVS_ACTION_ATTR_CT:
2317 ovs_ct_free_action(a);
2318 break;
2319 }
2320 }
2321
2322 kfree(sf_acts);
2323}
2324
2325static void __ovs_nla_free_flow_actions(struct rcu_head *head)
2326{
2327 ovs_nla_free_flow_actions(container_of(head, struct sw_flow_actions, rcu));
2328}
2329
2330
2331
2332void ovs_nla_free_flow_actions_rcu(struct sw_flow_actions *sf_acts)
2333{
2334 call_rcu(&sf_acts->rcu, __ovs_nla_free_flow_actions);
2335}
2336
2337static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa,
2338 int attr_len, bool log)
2339{
2340
2341 struct sw_flow_actions *acts;
2342 int new_acts_size;
2343 size_t req_size = NLA_ALIGN(attr_len);
2344 int next_offset = offsetof(struct sw_flow_actions, actions) +
2345 (*sfa)->actions_len;
2346
2347 if (req_size <= (ksize(*sfa) - next_offset))
2348 goto out;
2349
2350 new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2);
2351
2352 if (new_acts_size > MAX_ACTIONS_BUFSIZE) {
2353 if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) {
2354 OVS_NLERR(log, "Flow action size exceeds max %u",
2355 MAX_ACTIONS_BUFSIZE);
2356 return ERR_PTR(-EMSGSIZE);
2357 }
2358 new_acts_size = MAX_ACTIONS_BUFSIZE;
2359 }
2360
2361 acts = nla_alloc_flow_actions(new_acts_size);
2362 if (IS_ERR(acts))
2363 return (void *)acts;
2364
2365 memcpy(acts->actions, (*sfa)->actions, (*sfa)->actions_len);
2366 acts->actions_len = (*sfa)->actions_len;
2367 acts->orig_len = (*sfa)->orig_len;
2368 kfree(*sfa);
2369 *sfa = acts;
2370
2371out:
2372 (*sfa)->actions_len += req_size;
2373 return (struct nlattr *) ((unsigned char *)(*sfa) + next_offset);
2374}
2375
2376static struct nlattr *__add_action(struct sw_flow_actions **sfa,
2377 int attrtype, void *data, int len, bool log)
2378{
2379 struct nlattr *a;
2380
2381 a = reserve_sfa_size(sfa, nla_attr_size(len), log);
2382 if (IS_ERR(a))
2383 return a;
2384
2385 a->nla_type = attrtype;
2386 a->nla_len = nla_attr_size(len);
2387
2388 if (data)
2389 memcpy(nla_data(a), data, len);
2390 memset((unsigned char *) a + a->nla_len, 0, nla_padlen(len));
2391
2392 return a;
2393}
2394
2395int ovs_nla_add_action(struct sw_flow_actions **sfa, int attrtype, void *data,
2396 int len, bool log)
2397{
2398 struct nlattr *a;
2399
2400 a = __add_action(sfa, attrtype, data, len, log);
2401
2402 return PTR_ERR_OR_ZERO(a);
2403}
2404
2405static inline int add_nested_action_start(struct sw_flow_actions **sfa,
2406 int attrtype, bool log)
2407{
2408 int used = (*sfa)->actions_len;
2409 int err;
2410
2411 err = ovs_nla_add_action(sfa, attrtype, NULL, 0, log);
2412 if (err)
2413 return err;
2414
2415 return used;
2416}
2417
2418static inline void add_nested_action_end(struct sw_flow_actions *sfa,
2419 int st_offset)
2420{
2421 struct nlattr *a = (struct nlattr *) ((unsigned char *)sfa->actions +
2422 st_offset);
2423
2424 a->nla_len = sfa->actions_len - st_offset;
2425}
2426
2427static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
2428 const struct sw_flow_key *key,
2429 struct sw_flow_actions **sfa,
2430 __be16 eth_type, __be16 vlan_tci,
2431 u32 mpls_label_count, bool log);
2432
2433static int validate_and_copy_sample(struct net *net, const struct nlattr *attr,
2434 const struct sw_flow_key *key,
2435 struct sw_flow_actions **sfa,
2436 __be16 eth_type, __be16 vlan_tci,
2437 u32 mpls_label_count, bool log, bool last)
2438{
2439 const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1];
2440 const struct nlattr *probability, *actions;
2441 const struct nlattr *a;
2442 int rem, start, err;
2443 struct sample_arg arg;
2444
2445 memset(attrs, 0, sizeof(attrs));
2446 nla_for_each_nested(a, attr, rem) {
2447 int type = nla_type(a);
2448 if (!type || type > OVS_SAMPLE_ATTR_MAX || attrs[type])
2449 return -EINVAL;
2450 attrs[type] = a;
2451 }
2452 if (rem)
2453 return -EINVAL;
2454
2455 probability = attrs[OVS_SAMPLE_ATTR_PROBABILITY];
2456 if (!probability || nla_len(probability) != sizeof(u32))
2457 return -EINVAL;
2458
2459 actions = attrs[OVS_SAMPLE_ATTR_ACTIONS];
2460 if (!actions || (nla_len(actions) && nla_len(actions) < NLA_HDRLEN))
2461 return -EINVAL;
2462
2463
2464 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SAMPLE, log);
2465 if (start < 0)
2466 return start;
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479 arg.exec = last || !actions_may_change_flow(actions);
2480 arg.probability = nla_get_u32(probability);
2481
2482 err = ovs_nla_add_action(sfa, OVS_SAMPLE_ATTR_ARG, &arg, sizeof(arg),
2483 log);
2484 if (err)
2485 return err;
2486
2487 err = __ovs_nla_copy_actions(net, actions, key, sfa,
2488 eth_type, vlan_tci, mpls_label_count, log);
2489
2490 if (err)
2491 return err;
2492
2493 add_nested_action_end(*sfa, start);
2494
2495 return 0;
2496}
2497
2498static int validate_and_copy_clone(struct net *net,
2499 const struct nlattr *attr,
2500 const struct sw_flow_key *key,
2501 struct sw_flow_actions **sfa,
2502 __be16 eth_type, __be16 vlan_tci,
2503 u32 mpls_label_count, bool log, bool last)
2504{
2505 int start, err;
2506 u32 exec;
2507
2508 if (nla_len(attr) && nla_len(attr) < NLA_HDRLEN)
2509 return -EINVAL;
2510
2511 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_CLONE, log);
2512 if (start < 0)
2513 return start;
2514
2515 exec = last || !actions_may_change_flow(attr);
2516
2517 err = ovs_nla_add_action(sfa, OVS_CLONE_ATTR_EXEC, &exec,
2518 sizeof(exec), log);
2519 if (err)
2520 return err;
2521
2522 err = __ovs_nla_copy_actions(net, attr, key, sfa,
2523 eth_type, vlan_tci, mpls_label_count, log);
2524 if (err)
2525 return err;
2526
2527 add_nested_action_end(*sfa, start);
2528
2529 return 0;
2530}
2531
2532void ovs_match_init(struct sw_flow_match *match,
2533 struct sw_flow_key *key,
2534 bool reset_key,
2535 struct sw_flow_mask *mask)
2536{
2537 memset(match, 0, sizeof(*match));
2538 match->key = key;
2539 match->mask = mask;
2540
2541 if (reset_key)
2542 memset(key, 0, sizeof(*key));
2543
2544 if (mask) {
2545 memset(&mask->key, 0, sizeof(mask->key));
2546 mask->range.start = mask->range.end = 0;
2547 }
2548}
2549
2550static int validate_geneve_opts(struct sw_flow_key *key)
2551{
2552 struct geneve_opt *option;
2553 int opts_len = key->tun_opts_len;
2554 bool crit_opt = false;
2555
2556 option = (struct geneve_opt *)TUN_METADATA_OPTS(key, key->tun_opts_len);
2557 while (opts_len > 0) {
2558 int len;
2559
2560 if (opts_len < sizeof(*option))
2561 return -EINVAL;
2562
2563 len = sizeof(*option) + option->length * 4;
2564 if (len > opts_len)
2565 return -EINVAL;
2566
2567 crit_opt |= !!(option->type & GENEVE_CRIT_OPT_TYPE);
2568
2569 option = (struct geneve_opt *)((u8 *)option + len);
2570 opts_len -= len;
2571 }
2572
2573 key->tun_key.tun_flags |= crit_opt ? TUNNEL_CRIT_OPT : 0;
2574
2575 return 0;
2576}
2577
2578static int validate_and_copy_set_tun(const struct nlattr *attr,
2579 struct sw_flow_actions **sfa, bool log)
2580{
2581 struct sw_flow_match match;
2582 struct sw_flow_key key;
2583 struct metadata_dst *tun_dst;
2584 struct ip_tunnel_info *tun_info;
2585 struct ovs_tunnel_info *ovs_tun;
2586 struct nlattr *a;
2587 int err = 0, start, opts_type;
2588 __be16 dst_opt_type;
2589
2590 dst_opt_type = 0;
2591 ovs_match_init(&match, &key, true, NULL);
2592 opts_type = ip_tun_from_nlattr(nla_data(attr), &match, false, log);
2593 if (opts_type < 0)
2594 return opts_type;
2595
2596 if (key.tun_opts_len) {
2597 switch (opts_type) {
2598 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS:
2599 err = validate_geneve_opts(&key);
2600 if (err < 0)
2601 return err;
2602 dst_opt_type = TUNNEL_GENEVE_OPT;
2603 break;
2604 case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS:
2605 dst_opt_type = TUNNEL_VXLAN_OPT;
2606 break;
2607 case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS:
2608 dst_opt_type = TUNNEL_ERSPAN_OPT;
2609 break;
2610 }
2611 }
2612
2613 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SET, log);
2614 if (start < 0)
2615 return start;
2616
2617 tun_dst = metadata_dst_alloc(key.tun_opts_len, METADATA_IP_TUNNEL,
2618 GFP_KERNEL);
2619
2620 if (!tun_dst)
2621 return -ENOMEM;
2622
2623 err = dst_cache_init(&tun_dst->u.tun_info.dst_cache, GFP_KERNEL);
2624 if (err) {
2625 dst_release((struct dst_entry *)tun_dst);
2626 return err;
2627 }
2628
2629 a = __add_action(sfa, OVS_KEY_ATTR_TUNNEL_INFO, NULL,
2630 sizeof(*ovs_tun), log);
2631 if (IS_ERR(a)) {
2632 dst_release((struct dst_entry *)tun_dst);
2633 return PTR_ERR(a);
2634 }
2635
2636 ovs_tun = nla_data(a);
2637 ovs_tun->tun_dst = tun_dst;
2638
2639 tun_info = &tun_dst->u.tun_info;
2640 tun_info->mode = IP_TUNNEL_INFO_TX;
2641 if (key.tun_proto == AF_INET6)
2642 tun_info->mode |= IP_TUNNEL_INFO_IPV6;
2643 else if (key.tun_proto == AF_INET && key.tun_key.u.ipv4.dst == 0)
2644 tun_info->mode |= IP_TUNNEL_INFO_BRIDGE;
2645 tun_info->key = key.tun_key;
2646
2647
2648
2649
2650
2651 ip_tunnel_info_opts_set(tun_info,
2652 TUN_METADATA_OPTS(&key, key.tun_opts_len),
2653 key.tun_opts_len, dst_opt_type);
2654 add_nested_action_end(*sfa, start);
2655
2656 return err;
2657}
2658
2659static bool validate_nsh(const struct nlattr *attr, bool is_mask,
2660 bool is_push_nsh, bool log)
2661{
2662 struct sw_flow_match match;
2663 struct sw_flow_key key;
2664 int ret = 0;
2665
2666 ovs_match_init(&match, &key, true, NULL);
2667 ret = nsh_key_put_from_nlattr(attr, &match, is_mask,
2668 is_push_nsh, log);
2669 return !ret;
2670}
2671
2672
2673
2674
2675static bool validate_masked(u8 *data, int len)
2676{
2677 u8 *mask = data + len;
2678
2679 while (len--)
2680 if (*data++ & ~*mask++)
2681 return false;
2682
2683 return true;
2684}
2685
2686static int validate_set(const struct nlattr *a,
2687 const struct sw_flow_key *flow_key,
2688 struct sw_flow_actions **sfa, bool *skip_copy,
2689 u8 mac_proto, __be16 eth_type, bool masked, bool log)
2690{
2691 const struct nlattr *ovs_key = nla_data(a);
2692 int key_type = nla_type(ovs_key);
2693 size_t key_len;
2694
2695
2696 if (nla_total_size(nla_len(ovs_key)) != nla_len(a))
2697 return -EINVAL;
2698
2699 key_len = nla_len(ovs_key);
2700 if (masked)
2701 key_len /= 2;
2702
2703 if (key_type > OVS_KEY_ATTR_MAX ||
2704 !check_attr_len(key_len, ovs_key_lens[key_type].len))
2705 return -EINVAL;
2706
2707 if (masked && !validate_masked(nla_data(ovs_key), key_len))
2708 return -EINVAL;
2709
2710 switch (key_type) {
2711 case OVS_KEY_ATTR_PRIORITY:
2712 case OVS_KEY_ATTR_SKB_MARK:
2713 case OVS_KEY_ATTR_CT_MARK:
2714 case OVS_KEY_ATTR_CT_LABELS:
2715 break;
2716
2717 case OVS_KEY_ATTR_ETHERNET:
2718 if (mac_proto != MAC_PROTO_ETHERNET)
2719 return -EINVAL;
2720 break;
2721
2722 case OVS_KEY_ATTR_TUNNEL: {
2723 int err;
2724
2725 if (masked)
2726 return -EINVAL;
2727
2728 *skip_copy = true;
2729 err = validate_and_copy_set_tun(a, sfa, log);
2730 if (err)
2731 return err;
2732 break;
2733 }
2734 case OVS_KEY_ATTR_IPV4: {
2735 const struct ovs_key_ipv4 *ipv4_key;
2736
2737 if (eth_type != htons(ETH_P_IP))
2738 return -EINVAL;
2739
2740 ipv4_key = nla_data(ovs_key);
2741
2742 if (masked) {
2743 const struct ovs_key_ipv4 *mask = ipv4_key + 1;
2744
2745
2746 if (mask->ipv4_proto || mask->ipv4_frag)
2747 return -EINVAL;
2748 } else {
2749 if (ipv4_key->ipv4_proto != flow_key->ip.proto)
2750 return -EINVAL;
2751
2752 if (ipv4_key->ipv4_frag != flow_key->ip.frag)
2753 return -EINVAL;
2754 }
2755 break;
2756 }
2757 case OVS_KEY_ATTR_IPV6: {
2758 const struct ovs_key_ipv6 *ipv6_key;
2759
2760 if (eth_type != htons(ETH_P_IPV6))
2761 return -EINVAL;
2762
2763 ipv6_key = nla_data(ovs_key);
2764
2765 if (masked) {
2766 const struct ovs_key_ipv6 *mask = ipv6_key + 1;
2767
2768
2769 if (mask->ipv6_proto || mask->ipv6_frag)
2770 return -EINVAL;
2771
2772
2773 if (ntohl(mask->ipv6_label) & 0xFFF00000)
2774 return -EINVAL;
2775 } else {
2776 if (ipv6_key->ipv6_proto != flow_key->ip.proto)
2777 return -EINVAL;
2778
2779 if (ipv6_key->ipv6_frag != flow_key->ip.frag)
2780 return -EINVAL;
2781 }
2782 if (ntohl(ipv6_key->ipv6_label) & 0xFFF00000)
2783 return -EINVAL;
2784
2785 break;
2786 }
2787 case OVS_KEY_ATTR_TCP:
2788 if ((eth_type != htons(ETH_P_IP) &&
2789 eth_type != htons(ETH_P_IPV6)) ||
2790 flow_key->ip.proto != IPPROTO_TCP)
2791 return -EINVAL;
2792
2793 break;
2794
2795 case OVS_KEY_ATTR_UDP:
2796 if ((eth_type != htons(ETH_P_IP) &&
2797 eth_type != htons(ETH_P_IPV6)) ||
2798 flow_key->ip.proto != IPPROTO_UDP)
2799 return -EINVAL;
2800
2801 break;
2802
2803 case OVS_KEY_ATTR_MPLS:
2804 if (!eth_p_mpls(eth_type))
2805 return -EINVAL;
2806 break;
2807
2808 case OVS_KEY_ATTR_SCTP:
2809 if ((eth_type != htons(ETH_P_IP) &&
2810 eth_type != htons(ETH_P_IPV6)) ||
2811 flow_key->ip.proto != IPPROTO_SCTP)
2812 return -EINVAL;
2813
2814 break;
2815
2816 case OVS_KEY_ATTR_NSH:
2817 if (eth_type != htons(ETH_P_NSH))
2818 return -EINVAL;
2819 if (!validate_nsh(nla_data(a), masked, false, log))
2820 return -EINVAL;
2821 break;
2822
2823 default:
2824 return -EINVAL;
2825 }
2826
2827
2828 if (!masked && key_type != OVS_KEY_ATTR_TUNNEL) {
2829 int start, len = key_len * 2;
2830 struct nlattr *at;
2831
2832 *skip_copy = true;
2833
2834 start = add_nested_action_start(sfa,
2835 OVS_ACTION_ATTR_SET_TO_MASKED,
2836 log);
2837 if (start < 0)
2838 return start;
2839
2840 at = __add_action(sfa, key_type, NULL, len, log);
2841 if (IS_ERR(at))
2842 return PTR_ERR(at);
2843
2844 memcpy(nla_data(at), nla_data(ovs_key), key_len);
2845 memset(nla_data(at) + key_len, 0xff, key_len);
2846
2847 if (key_type == OVS_KEY_ATTR_IPV6) {
2848 struct ovs_key_ipv6 *mask = nla_data(at) + key_len;
2849
2850 mask->ipv6_label &= htonl(0x000FFFFF);
2851 }
2852 add_nested_action_end(*sfa, start);
2853 }
2854
2855 return 0;
2856}
2857
2858static int validate_userspace(const struct nlattr *attr)
2859{
2860 static const struct nla_policy userspace_policy[OVS_USERSPACE_ATTR_MAX + 1] = {
2861 [OVS_USERSPACE_ATTR_PID] = {.type = NLA_U32 },
2862 [OVS_USERSPACE_ATTR_USERDATA] = {.type = NLA_UNSPEC },
2863 [OVS_USERSPACE_ATTR_EGRESS_TUN_PORT] = {.type = NLA_U32 },
2864 };
2865 struct nlattr *a[OVS_USERSPACE_ATTR_MAX + 1];
2866 int error;
2867
2868 error = nla_parse_nested_deprecated(a, OVS_USERSPACE_ATTR_MAX, attr,
2869 userspace_policy, NULL);
2870 if (error)
2871 return error;
2872
2873 if (!a[OVS_USERSPACE_ATTR_PID] ||
2874 !nla_get_u32(a[OVS_USERSPACE_ATTR_PID]))
2875 return -EINVAL;
2876
2877 return 0;
2878}
2879
2880static const struct nla_policy cpl_policy[OVS_CHECK_PKT_LEN_ATTR_MAX + 1] = {
2881 [OVS_CHECK_PKT_LEN_ATTR_PKT_LEN] = {.type = NLA_U16 },
2882 [OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER] = {.type = NLA_NESTED },
2883 [OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL] = {.type = NLA_NESTED },
2884};
2885
2886static int validate_and_copy_check_pkt_len(struct net *net,
2887 const struct nlattr *attr,
2888 const struct sw_flow_key *key,
2889 struct sw_flow_actions **sfa,
2890 __be16 eth_type, __be16 vlan_tci,
2891 u32 mpls_label_count,
2892 bool log, bool last)
2893{
2894 const struct nlattr *acts_if_greater, *acts_if_lesser_eq;
2895 struct nlattr *a[OVS_CHECK_PKT_LEN_ATTR_MAX + 1];
2896 struct check_pkt_len_arg arg;
2897 int nested_acts_start;
2898 int start, err;
2899
2900 err = nla_parse_deprecated_strict(a, OVS_CHECK_PKT_LEN_ATTR_MAX,
2901 nla_data(attr), nla_len(attr),
2902 cpl_policy, NULL);
2903 if (err)
2904 return err;
2905
2906 if (!a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN] ||
2907 !nla_get_u16(a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN]))
2908 return -EINVAL;
2909
2910 acts_if_lesser_eq = a[OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL];
2911 acts_if_greater = a[OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER];
2912
2913
2914 if (!acts_if_greater || !acts_if_lesser_eq)
2915 return -EINVAL;
2916
2917
2918 start = add_nested_action_start(sfa, OVS_ACTION_ATTR_CHECK_PKT_LEN,
2919 log);
2920 if (start < 0)
2921 return start;
2922
2923 arg.pkt_len = nla_get_u16(a[OVS_CHECK_PKT_LEN_ATTR_PKT_LEN]);
2924 arg.exec_for_lesser_equal =
2925 last || !actions_may_change_flow(acts_if_lesser_eq);
2926 arg.exec_for_greater =
2927 last || !actions_may_change_flow(acts_if_greater);
2928
2929 err = ovs_nla_add_action(sfa, OVS_CHECK_PKT_LEN_ATTR_ARG, &arg,
2930 sizeof(arg), log);
2931 if (err)
2932 return err;
2933
2934 nested_acts_start = add_nested_action_start(sfa,
2935 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL, log);
2936 if (nested_acts_start < 0)
2937 return nested_acts_start;
2938
2939 err = __ovs_nla_copy_actions(net, acts_if_lesser_eq, key, sfa,
2940 eth_type, vlan_tci, mpls_label_count, log);
2941
2942 if (err)
2943 return err;
2944
2945 add_nested_action_end(*sfa, nested_acts_start);
2946
2947 nested_acts_start = add_nested_action_start(sfa,
2948 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER, log);
2949 if (nested_acts_start < 0)
2950 return nested_acts_start;
2951
2952 err = __ovs_nla_copy_actions(net, acts_if_greater, key, sfa,
2953 eth_type, vlan_tci, mpls_label_count, log);
2954
2955 if (err)
2956 return err;
2957
2958 add_nested_action_end(*sfa, nested_acts_start);
2959 add_nested_action_end(*sfa, start);
2960 return 0;
2961}
2962
2963static int copy_action(const struct nlattr *from,
2964 struct sw_flow_actions **sfa, bool log)
2965{
2966 int totlen = NLA_ALIGN(from->nla_len);
2967 struct nlattr *to;
2968
2969 to = reserve_sfa_size(sfa, from->nla_len, log);
2970 if (IS_ERR(to))
2971 return PTR_ERR(to);
2972
2973 memcpy(to, from, totlen);
2974 return 0;
2975}
2976
2977static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
2978 const struct sw_flow_key *key,
2979 struct sw_flow_actions **sfa,
2980 __be16 eth_type, __be16 vlan_tci,
2981 u32 mpls_label_count, bool log)
2982{
2983 u8 mac_proto = ovs_key_mac_proto(key);
2984 const struct nlattr *a;
2985 int rem, err;
2986
2987 nla_for_each_nested(a, attr, rem) {
2988
2989 static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = {
2990 [OVS_ACTION_ATTR_OUTPUT] = sizeof(u32),
2991 [OVS_ACTION_ATTR_RECIRC] = sizeof(u32),
2992 [OVS_ACTION_ATTR_USERSPACE] = (u32)-1,
2993 [OVS_ACTION_ATTR_PUSH_MPLS] = sizeof(struct ovs_action_push_mpls),
2994 [OVS_ACTION_ATTR_POP_MPLS] = sizeof(__be16),
2995 [OVS_ACTION_ATTR_PUSH_VLAN] = sizeof(struct ovs_action_push_vlan),
2996 [OVS_ACTION_ATTR_POP_VLAN] = 0,
2997 [OVS_ACTION_ATTR_SET] = (u32)-1,
2998 [OVS_ACTION_ATTR_SET_MASKED] = (u32)-1,
2999 [OVS_ACTION_ATTR_SAMPLE] = (u32)-1,
3000 [OVS_ACTION_ATTR_HASH] = sizeof(struct ovs_action_hash),
3001 [OVS_ACTION_ATTR_CT] = (u32)-1,
3002 [OVS_ACTION_ATTR_CT_CLEAR] = 0,
3003 [OVS_ACTION_ATTR_TRUNC] = sizeof(struct ovs_action_trunc),
3004 [OVS_ACTION_ATTR_PUSH_ETH] = sizeof(struct ovs_action_push_eth),
3005 [OVS_ACTION_ATTR_POP_ETH] = 0,
3006 [OVS_ACTION_ATTR_PUSH_NSH] = (u32)-1,
3007 [OVS_ACTION_ATTR_POP_NSH] = 0,
3008 [OVS_ACTION_ATTR_METER] = sizeof(u32),
3009 [OVS_ACTION_ATTR_CLONE] = (u32)-1,
3010 [OVS_ACTION_ATTR_CHECK_PKT_LEN] = (u32)-1,
3011 [OVS_ACTION_ATTR_ADD_MPLS] = sizeof(struct ovs_action_add_mpls),
3012 };
3013 const struct ovs_action_push_vlan *vlan;
3014 int type = nla_type(a);
3015 bool skip_copy;
3016
3017 if (type > OVS_ACTION_ATTR_MAX ||
3018 (action_lens[type] != nla_len(a) &&
3019 action_lens[type] != (u32)-1))
3020 return -EINVAL;
3021
3022 skip_copy = false;
3023 switch (type) {
3024 case OVS_ACTION_ATTR_UNSPEC:
3025 return -EINVAL;
3026
3027 case OVS_ACTION_ATTR_USERSPACE:
3028 err = validate_userspace(a);
3029 if (err)
3030 return err;
3031 break;
3032
3033 case OVS_ACTION_ATTR_OUTPUT:
3034 if (nla_get_u32(a) >= DP_MAX_PORTS)
3035 return -EINVAL;
3036 break;
3037
3038 case OVS_ACTION_ATTR_TRUNC: {
3039 const struct ovs_action_trunc *trunc = nla_data(a);
3040
3041 if (trunc->max_len < ETH_HLEN)
3042 return -EINVAL;
3043 break;
3044 }
3045
3046 case OVS_ACTION_ATTR_HASH: {
3047 const struct ovs_action_hash *act_hash = nla_data(a);
3048
3049 switch (act_hash->hash_alg) {
3050 case OVS_HASH_ALG_L4:
3051 break;
3052 default:
3053 return -EINVAL;
3054 }
3055
3056 break;
3057 }
3058
3059 case OVS_ACTION_ATTR_POP_VLAN:
3060 if (mac_proto != MAC_PROTO_ETHERNET)
3061 return -EINVAL;
3062 vlan_tci = htons(0);
3063 break;
3064
3065 case OVS_ACTION_ATTR_PUSH_VLAN:
3066 if (mac_proto != MAC_PROTO_ETHERNET)
3067 return -EINVAL;
3068 vlan = nla_data(a);
3069 if (!eth_type_vlan(vlan->vlan_tpid))
3070 return -EINVAL;
3071 if (!(vlan->vlan_tci & htons(VLAN_CFI_MASK)))
3072 return -EINVAL;
3073 vlan_tci = vlan->vlan_tci;
3074 break;
3075
3076 case OVS_ACTION_ATTR_RECIRC:
3077 break;
3078
3079 case OVS_ACTION_ATTR_ADD_MPLS: {
3080 const struct ovs_action_add_mpls *mpls = nla_data(a);
3081
3082 if (!eth_p_mpls(mpls->mpls_ethertype))
3083 return -EINVAL;
3084
3085 if (mpls->tun_flags & OVS_MPLS_L3_TUNNEL_FLAG_MASK) {
3086 if (vlan_tci & htons(VLAN_CFI_MASK) ||
3087 (eth_type != htons(ETH_P_IP) &&
3088 eth_type != htons(ETH_P_IPV6) &&
3089 eth_type != htons(ETH_P_ARP) &&
3090 eth_type != htons(ETH_P_RARP) &&
3091 !eth_p_mpls(eth_type)))
3092 return -EINVAL;
3093 mpls_label_count++;
3094 } else {
3095 if (mac_proto == MAC_PROTO_ETHERNET) {
3096 mpls_label_count = 1;
3097 mac_proto = MAC_PROTO_NONE;
3098 } else {
3099 mpls_label_count++;
3100 }
3101 }
3102 eth_type = mpls->mpls_ethertype;
3103 break;
3104 }
3105
3106 case OVS_ACTION_ATTR_PUSH_MPLS: {
3107 const struct ovs_action_push_mpls *mpls = nla_data(a);
3108
3109 if (!eth_p_mpls(mpls->mpls_ethertype))
3110 return -EINVAL;
3111
3112
3113
3114 if (vlan_tci & htons(VLAN_CFI_MASK) ||
3115 (eth_type != htons(ETH_P_IP) &&
3116 eth_type != htons(ETH_P_IPV6) &&
3117 eth_type != htons(ETH_P_ARP) &&
3118 eth_type != htons(ETH_P_RARP) &&
3119 !eth_p_mpls(eth_type)))
3120 return -EINVAL;
3121 eth_type = mpls->mpls_ethertype;
3122 mpls_label_count++;
3123 break;
3124 }
3125
3126 case OVS_ACTION_ATTR_POP_MPLS: {
3127 __be16 proto;
3128 if (vlan_tci & htons(VLAN_CFI_MASK) ||
3129 !eth_p_mpls(eth_type))
3130 return -EINVAL;
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142 proto = nla_get_be16(a);
3143
3144 if (proto == htons(ETH_P_TEB) &&
3145 mac_proto != MAC_PROTO_NONE)
3146 return -EINVAL;
3147
3148 mpls_label_count--;
3149
3150 if (!eth_p_mpls(proto) || !mpls_label_count)
3151 eth_type = htons(0);
3152 else
3153 eth_type = proto;
3154
3155 break;
3156 }
3157
3158 case OVS_ACTION_ATTR_SET:
3159 err = validate_set(a, key, sfa,
3160 &skip_copy, mac_proto, eth_type,
3161 false, log);
3162 if (err)
3163 return err;
3164 break;
3165
3166 case OVS_ACTION_ATTR_SET_MASKED:
3167 err = validate_set(a, key, sfa,
3168 &skip_copy, mac_proto, eth_type,
3169 true, log);
3170 if (err)
3171 return err;
3172 break;
3173
3174 case OVS_ACTION_ATTR_SAMPLE: {
3175 bool last = nla_is_last(a, rem);
3176
3177 err = validate_and_copy_sample(net, a, key, sfa,
3178 eth_type, vlan_tci,
3179 mpls_label_count,
3180 log, last);
3181 if (err)
3182 return err;
3183 skip_copy = true;
3184 break;
3185 }
3186
3187 case OVS_ACTION_ATTR_CT:
3188 err = ovs_ct_copy_action(net, a, key, sfa, log);
3189 if (err)
3190 return err;
3191 skip_copy = true;
3192 break;
3193
3194 case OVS_ACTION_ATTR_CT_CLEAR:
3195 break;
3196
3197 case OVS_ACTION_ATTR_PUSH_ETH:
3198
3199
3200 if (mac_proto != MAC_PROTO_NONE)
3201 return -EINVAL;
3202 mac_proto = MAC_PROTO_ETHERNET;
3203 break;
3204
3205 case OVS_ACTION_ATTR_POP_ETH:
3206 if (mac_proto != MAC_PROTO_ETHERNET)
3207 return -EINVAL;
3208 if (vlan_tci & htons(VLAN_CFI_MASK))
3209 return -EINVAL;
3210 mac_proto = MAC_PROTO_NONE;
3211 break;
3212
3213 case OVS_ACTION_ATTR_PUSH_NSH:
3214 if (mac_proto != MAC_PROTO_ETHERNET) {
3215 u8 next_proto;
3216
3217 next_proto = tun_p_from_eth_p(eth_type);
3218 if (!next_proto)
3219 return -EINVAL;
3220 }
3221 mac_proto = MAC_PROTO_NONE;
3222 if (!validate_nsh(nla_data(a), false, true, true))
3223 return -EINVAL;
3224 break;
3225
3226 case OVS_ACTION_ATTR_POP_NSH: {
3227 __be16 inner_proto;
3228
3229 if (eth_type != htons(ETH_P_NSH))
3230 return -EINVAL;
3231 inner_proto = tun_p_to_eth_p(key->nsh.base.np);
3232 if (!inner_proto)
3233 return -EINVAL;
3234 if (key->nsh.base.np == TUN_P_ETHERNET)
3235 mac_proto = MAC_PROTO_ETHERNET;
3236 else
3237 mac_proto = MAC_PROTO_NONE;
3238 break;
3239 }
3240
3241 case OVS_ACTION_ATTR_METER:
3242
3243 break;
3244
3245 case OVS_ACTION_ATTR_CLONE: {
3246 bool last = nla_is_last(a, rem);
3247
3248 err = validate_and_copy_clone(net, a, key, sfa,
3249 eth_type, vlan_tci,
3250 mpls_label_count,
3251 log, last);
3252 if (err)
3253 return err;
3254 skip_copy = true;
3255 break;
3256 }
3257
3258 case OVS_ACTION_ATTR_CHECK_PKT_LEN: {
3259 bool last = nla_is_last(a, rem);
3260
3261 err = validate_and_copy_check_pkt_len(net, a, key, sfa,
3262 eth_type,
3263 vlan_tci,
3264 mpls_label_count,
3265 log, last);
3266 if (err)
3267 return err;
3268 skip_copy = true;
3269 break;
3270 }
3271
3272 default:
3273 OVS_NLERR(log, "Unknown Action type %d", type);
3274 return -EINVAL;
3275 }
3276 if (!skip_copy) {
3277 err = copy_action(a, sfa, log);
3278 if (err)
3279 return err;
3280 }
3281 }
3282
3283 if (rem > 0)
3284 return -EINVAL;
3285
3286 return 0;
3287}
3288
3289
3290int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
3291 const struct sw_flow_key *key,
3292 struct sw_flow_actions **sfa, bool log)
3293{
3294 int err;
3295 u32 mpls_label_count = 0;
3296
3297 *sfa = nla_alloc_flow_actions(min(nla_len(attr), MAX_ACTIONS_BUFSIZE));
3298 if (IS_ERR(*sfa))
3299 return PTR_ERR(*sfa);
3300
3301 if (eth_p_mpls(key->eth.type))
3302 mpls_label_count = hweight_long(key->mpls.num_labels_mask);
3303
3304 (*sfa)->orig_len = nla_len(attr);
3305 err = __ovs_nla_copy_actions(net, attr, key, sfa, key->eth.type,
3306 key->eth.vlan.tci, mpls_label_count, log);
3307 if (err)
3308 ovs_nla_free_flow_actions(*sfa);
3309
3310 return err;
3311}
3312
3313static int sample_action_to_attr(const struct nlattr *attr,
3314 struct sk_buff *skb)
3315{
3316 struct nlattr *start, *ac_start = NULL, *sample_arg;
3317 int err = 0, rem = nla_len(attr);
3318 const struct sample_arg *arg;
3319 struct nlattr *actions;
3320
3321 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SAMPLE);
3322 if (!start)
3323 return -EMSGSIZE;
3324
3325 sample_arg = nla_data(attr);
3326 arg = nla_data(sample_arg);
3327 actions = nla_next(sample_arg, &rem);
3328
3329 if (nla_put_u32(skb, OVS_SAMPLE_ATTR_PROBABILITY, arg->probability)) {
3330 err = -EMSGSIZE;
3331 goto out;
3332 }
3333
3334 ac_start = nla_nest_start_noflag(skb, OVS_SAMPLE_ATTR_ACTIONS);
3335 if (!ac_start) {
3336 err = -EMSGSIZE;
3337 goto out;
3338 }
3339
3340 err = ovs_nla_put_actions(actions, rem, skb);
3341
3342out:
3343 if (err) {
3344 nla_nest_cancel(skb, ac_start);
3345 nla_nest_cancel(skb, start);
3346 } else {
3347 nla_nest_end(skb, ac_start);
3348 nla_nest_end(skb, start);
3349 }
3350
3351 return err;
3352}
3353
3354static int clone_action_to_attr(const struct nlattr *attr,
3355 struct sk_buff *skb)
3356{
3357 struct nlattr *start;
3358 int err = 0, rem = nla_len(attr);
3359
3360 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CLONE);
3361 if (!start)
3362 return -EMSGSIZE;
3363
3364 err = ovs_nla_put_actions(nla_data(attr), rem, skb);
3365
3366 if (err)
3367 nla_nest_cancel(skb, start);
3368 else
3369 nla_nest_end(skb, start);
3370
3371 return err;
3372}
3373
3374static int check_pkt_len_action_to_attr(const struct nlattr *attr,
3375 struct sk_buff *skb)
3376{
3377 struct nlattr *start, *ac_start = NULL;
3378 const struct check_pkt_len_arg *arg;
3379 const struct nlattr *a, *cpl_arg;
3380 int err = 0, rem = nla_len(attr);
3381
3382 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_CHECK_PKT_LEN);
3383 if (!start)
3384 return -EMSGSIZE;
3385
3386
3387
3388
3389 cpl_arg = nla_data(attr);
3390 arg = nla_data(cpl_arg);
3391
3392 if (nla_put_u16(skb, OVS_CHECK_PKT_LEN_ATTR_PKT_LEN, arg->pkt_len)) {
3393 err = -EMSGSIZE;
3394 goto out;
3395 }
3396
3397
3398
3399
3400 a = nla_next(cpl_arg, &rem);
3401 ac_start = nla_nest_start_noflag(skb,
3402 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL);
3403 if (!ac_start) {
3404 err = -EMSGSIZE;
3405 goto out;
3406 }
3407
3408 err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb);
3409 if (err) {
3410 nla_nest_cancel(skb, ac_start);
3411 goto out;
3412 } else {
3413 nla_nest_end(skb, ac_start);
3414 }
3415
3416
3417
3418
3419 a = nla_next(a, &rem);
3420 ac_start = nla_nest_start_noflag(skb,
3421 OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER);
3422 if (!ac_start) {
3423 err = -EMSGSIZE;
3424 goto out;
3425 }
3426
3427 err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb);
3428 if (err) {
3429 nla_nest_cancel(skb, ac_start);
3430 goto out;
3431 } else {
3432 nla_nest_end(skb, ac_start);
3433 }
3434
3435 nla_nest_end(skb, start);
3436 return 0;
3437
3438out:
3439 nla_nest_cancel(skb, start);
3440 return err;
3441}
3442
3443static int set_action_to_attr(const struct nlattr *a, struct sk_buff *skb)
3444{
3445 const struct nlattr *ovs_key = nla_data(a);
3446 int key_type = nla_type(ovs_key);
3447 struct nlattr *start;
3448 int err;
3449
3450 switch (key_type) {
3451 case OVS_KEY_ATTR_TUNNEL_INFO: {
3452 struct ovs_tunnel_info *ovs_tun = nla_data(ovs_key);
3453 struct ip_tunnel_info *tun_info = &ovs_tun->tun_dst->u.tun_info;
3454
3455 start = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SET);
3456 if (!start)
3457 return -EMSGSIZE;
3458
3459 err = ip_tun_to_nlattr(skb, &tun_info->key,
3460 ip_tunnel_info_opts(tun_info),
3461 tun_info->options_len,
3462 ip_tunnel_info_af(tun_info), tun_info->mode);
3463 if (err)
3464 return err;
3465 nla_nest_end(skb, start);
3466 break;
3467 }
3468 default:
3469 if (nla_put(skb, OVS_ACTION_ATTR_SET, nla_len(a), ovs_key))
3470 return -EMSGSIZE;
3471 break;
3472 }
3473
3474 return 0;
3475}
3476
3477static int masked_set_action_to_set_action_attr(const struct nlattr *a,
3478 struct sk_buff *skb)
3479{
3480 const struct nlattr *ovs_key = nla_data(a);
3481 struct nlattr *nla;
3482 size_t key_len = nla_len(ovs_key) / 2;
3483
3484
3485
3486
3487 nla = nla_nest_start_noflag(skb, OVS_ACTION_ATTR_SET);
3488 if (!nla)
3489 return -EMSGSIZE;
3490
3491 if (nla_put(skb, nla_type(ovs_key), key_len, nla_data(ovs_key)))
3492 return -EMSGSIZE;
3493
3494 nla_nest_end(skb, nla);
3495 return 0;
3496}
3497
3498int ovs_nla_put_actions(const struct nlattr *attr, int len, struct sk_buff *skb)
3499{
3500 const struct nlattr *a;
3501 int rem, err;
3502
3503 nla_for_each_attr(a, attr, len, rem) {
3504 int type = nla_type(a);
3505
3506 switch (type) {
3507 case OVS_ACTION_ATTR_SET:
3508 err = set_action_to_attr(a, skb);
3509 if (err)
3510 return err;
3511 break;
3512
3513 case OVS_ACTION_ATTR_SET_TO_MASKED:
3514 err = masked_set_action_to_set_action_attr(a, skb);
3515 if (err)
3516 return err;
3517 break;
3518
3519 case OVS_ACTION_ATTR_SAMPLE:
3520 err = sample_action_to_attr(a, skb);
3521 if (err)
3522 return err;
3523 break;
3524
3525 case OVS_ACTION_ATTR_CT:
3526 err = ovs_ct_action_to_attr(nla_data(a), skb);
3527 if (err)
3528 return err;
3529 break;
3530
3531 case OVS_ACTION_ATTR_CLONE:
3532 err = clone_action_to_attr(a, skb);
3533 if (err)
3534 return err;
3535 break;
3536
3537 case OVS_ACTION_ATTR_CHECK_PKT_LEN:
3538 err = check_pkt_len_action_to_attr(a, skb);
3539 if (err)
3540 return err;
3541 break;
3542
3543 default:
3544 if (nla_put(skb, type, nla_len(a), nla_data(a)))
3545 return -EMSGSIZE;
3546 break;
3547 }
3548 }
3549
3550 return 0;
3551}
3552
