openvswitch: Add basic MPLS support to kernel
authorSimon Horman <horms@verge.net.au>
Mon, 6 Oct 2014 12:05:13 +0000 (05:05 -0700)
committerPravin B Shelar <pshelar@nicira.com>
Thu, 6 Nov 2014 07:52:33 +0000 (23:52 -0800)
Allow datapath to recognize and extract MPLS labels into flow keys
and execute actions which push, pop, and set labels on packets.

Based heavily on work by Leo Alterman, Ravi K, Isaku Yamahata and Joe Stringer.

Cc: Ravi K <rkerur@gmail.com>
Cc: Leo Alterman <lalterman@nicira.com>
Cc: Isaku Yamahata <yamahata@valinux.co.jp>
Cc: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
include/net/mpls.h [new file with mode: 0644]
include/uapi/linux/openvswitch.h
net/core/dev.c
net/openvswitch/Kconfig
net/openvswitch/actions.c
net/openvswitch/datapath.c
net/openvswitch/flow.c
net/openvswitch/flow.h
net/openvswitch/flow_netlink.c
net/openvswitch/flow_netlink.h

diff --git a/include/net/mpls.h b/include/net/mpls.h
new file mode 100644 (file)
index 0000000..5b3b5ad
--- /dev/null
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2014 Nicira, Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ */
+
+#ifndef _NET_MPLS_H
+#define _NET_MPLS_H 1
+
+#include <linux/if_ether.h>
+#include <linux/netdevice.h>
+
+#define MPLS_HLEN 4
+
+static inline bool eth_p_mpls(__be16 eth_type)
+{
+       return eth_type == htons(ETH_P_MPLS_UC) ||
+               eth_type == htons(ETH_P_MPLS_MC);
+}
+
+/*
+ * For non-MPLS skbs this will correspond to the network header.
+ * For MPLS skbs it will be before the network_header as the MPLS
+ * label stack lies between the end of the mac header and the network
+ * header. That is, for MPLS skbs the end of the mac header
+ * is the top of the MPLS label stack.
+ */
+static inline unsigned char *skb_mpls_header(struct sk_buff *skb)
+{
+       return skb_mac_header(skb) + skb->mac_len;
+}
+#endif
index 435eabc5ffaadb9e9e5d3dcfa554331065d430a6..631056b66f809d0627a69dffe443ca8c4e7c01fd 100644 (file)
@@ -293,6 +293,9 @@ enum ovs_key_attr {
        OVS_KEY_ATTR_DP_HASH,      /* u32 hash value. Value 0 indicates the hash
                                   is not computed by the datapath. */
        OVS_KEY_ATTR_RECIRC_ID, /* u32 recirc id */
+       OVS_KEY_ATTR_MPLS,      /* array of struct ovs_key_mpls.
+                                * The implementation may restrict
+                                * the accepted length of the array. */
 
 #ifdef __KERNEL__
        OVS_KEY_ATTR_TUNNEL_INFO,  /* struct ovs_tunnel_info */
@@ -340,6 +343,10 @@ struct ovs_key_ethernet {
        __u8     eth_dst[ETH_ALEN];
 };
 
+struct ovs_key_mpls {
+       __be32 mpls_lse;
+};
+
 struct ovs_key_ipv4 {
        __be32 ipv4_src;
        __be32 ipv4_dst;
@@ -483,6 +490,19 @@ enum ovs_userspace_attr {
 
 #define OVS_USERSPACE_ATTR_MAX (__OVS_USERSPACE_ATTR_MAX - 1)
 
+/**
+ * struct ovs_action_push_mpls - %OVS_ACTION_ATTR_PUSH_MPLS action argument.
+ * @mpls_lse: MPLS label stack entry to push.
+ * @mpls_ethertype: Ethertype to set in the encapsulating ethernet frame.
+ *
+ * The only values @mpls_ethertype should ever be given are %ETH_P_MPLS_UC and
+ * %ETH_P_MPLS_MC, indicating MPLS unicast or multicast. Other are rejected.
+ */
+struct ovs_action_push_mpls {
+       __be32 mpls_lse;
+       __be16 mpls_ethertype; /* Either %ETH_P_MPLS_UC or %ETH_P_MPLS_MC */
+};
+
 /**
  * struct ovs_action_push_vlan - %OVS_ACTION_ATTR_PUSH_VLAN action argument.
  * @vlan_tpid: Tag protocol identifier (TPID) to push.
@@ -534,6 +554,15 @@ struct ovs_action_hash {
  * @OVS_ACTION_ATTR_POP_VLAN: Pop the outermost 802.1Q header off the packet.
  * @OVS_ACTION_ATTR_SAMPLE: Probabilitically executes actions, as specified in
  * the nested %OVS_SAMPLE_ATTR_* attributes.
+ * @OVS_ACTION_ATTR_PUSH_MPLS: Push a new MPLS label stack entry onto the
+ * top of the packets MPLS label stack.  Set the ethertype of the
+ * encapsulating frame to either %ETH_P_MPLS_UC or %ETH_P_MPLS_MC to
+ * indicate the new packet contents.
+ * @OVS_ACTION_ATTR_POP_MPLS: Pop an MPLS label stack entry off of the
+ * packet's MPLS label stack.  Set the encapsulating frame's ethertype to
+ * indicate the new packet contents. This could potentially still be
+ * %ETH_P_MPLS if the resulting MPLS label stack is not empty.  If there
+ * is no MPLS label stack, as determined by ethertype, no action is taken.
  *
  * Only a single header can be set with a single %OVS_ACTION_ATTR_SET.  Not all
  * fields within a header are modifiable, e.g. the IPv4 protocol and fragment
@@ -550,6 +579,9 @@ enum ovs_action_attr {
        OVS_ACTION_ATTR_SAMPLE,       /* Nested OVS_SAMPLE_ATTR_*. */
        OVS_ACTION_ATTR_RECIRC,       /* u32 recirc_id. */
        OVS_ACTION_ATTR_HASH,         /* struct ovs_action_hash. */
+       OVS_ACTION_ATTR_PUSH_MPLS,    /* struct ovs_action_push_mpls. */
+       OVS_ACTION_ATTR_POP_MPLS,     /* __be16 ethertype. */
+
        __OVS_ACTION_ATTR_MAX
 };
 
index 40be481268deed4832b8a32d9ad6de2d59b4e4e1..70bb609c283d54a396553fd19faeef8c4e4ae820 100644 (file)
 #include <linux/if_vlan.h>
 #include <linux/ip.h>
 #include <net/ip.h>
+#include <net/mpls.h>
 #include <linux/ipv6.h>
 #include <linux/in.h>
 #include <linux/jhash.h>
@@ -2530,7 +2531,7 @@ static netdev_features_t net_mpls_features(struct sk_buff *skb,
                                           netdev_features_t features,
                                           __be16 type)
 {
-       if (type == htons(ETH_P_MPLS_UC) || type == htons(ETH_P_MPLS_MC))
+       if (eth_p_mpls(type))
                features &= skb->dev->mpls_features;
 
        return features;
index 2a9673e39ca116d0d01d34e6a56e174f5fb7513f..454ce12efbbf7da7cb68fa180df3237de2434949 100644 (file)
@@ -30,6 +30,7 @@ config OPENVSWITCH
 
 config OPENVSWITCH_GRE
        tristate "Open vSwitch GRE tunneling support"
+       select NET_MPLS_GSO
        depends on INET
        depends on OPENVSWITCH
        depends on NET_IPGRE_DEMUX
index 922c133b1933c9cad99f45629b70d5165ec91f91..930b1b6e4cef26a1569ba284e3d6818a8ff63069 100644 (file)
 #include <linux/in6.h>
 #include <linux/if_arp.h>
 #include <linux/if_vlan.h>
+
 #include <net/ip.h>
 #include <net/ipv6.h>
 #include <net/checksum.h>
 #include <net/dsfield.h>
+#include <net/mpls.h>
 #include <net/sctp/checksum.h>
 
 #include "datapath.h"
@@ -118,6 +120,92 @@ static int make_writable(struct sk_buff *skb, int write_len)
        return pskb_expand_head(skb, 0, 0, GFP_ATOMIC);
 }
 
+static int push_mpls(struct sk_buff *skb,
+                    const struct ovs_action_push_mpls *mpls)
+{
+       __be32 *new_mpls_lse;
+       struct ethhdr *hdr;
+
+       /* Networking stack do not allow simultaneous Tunnel and MPLS GSO. */
+       if (skb->encapsulation)
+               return -ENOTSUPP;
+
+       if (skb_cow_head(skb, MPLS_HLEN) < 0)
+               return -ENOMEM;
+
+       skb_push(skb, MPLS_HLEN);
+       memmove(skb_mac_header(skb) - MPLS_HLEN, skb_mac_header(skb),
+               skb->mac_len);
+       skb_reset_mac_header(skb);
+
+       new_mpls_lse = (__be32 *)skb_mpls_header(skb);
+       *new_mpls_lse = mpls->mpls_lse;
+
+       if (skb->ip_summed == CHECKSUM_COMPLETE)
+               skb->csum = csum_add(skb->csum, csum_partial(new_mpls_lse,
+                                                            MPLS_HLEN, 0));
+
+       hdr = eth_hdr(skb);
+       hdr->h_proto = mpls->mpls_ethertype;
+
+       skb_set_inner_protocol(skb, skb->protocol);
+       skb->protocol = mpls->mpls_ethertype;
+
+       return 0;
+}
+
+static int pop_mpls(struct sk_buff *skb, const __be16 ethertype)
+{
+       struct ethhdr *hdr;
+       int err;
+
+       err = make_writable(skb, skb->mac_len + MPLS_HLEN);
+       if (unlikely(err))
+               return err;
+
+       if (skb->ip_summed == CHECKSUM_COMPLETE)
+               skb->csum = csum_sub(skb->csum,
+                                    csum_partial(skb_mpls_header(skb),
+                                                 MPLS_HLEN, 0));
+
+       memmove(skb_mac_header(skb) + MPLS_HLEN, skb_mac_header(skb),
+               skb->mac_len);
+
+       __skb_pull(skb, MPLS_HLEN);
+       skb_reset_mac_header(skb);
+
+       /* skb_mpls_header() is used to locate the ethertype
+        * field correctly in the presence of VLAN tags.
+        */
+       hdr = (struct ethhdr *)(skb_mpls_header(skb) - ETH_HLEN);
+       hdr->h_proto = ethertype;
+       if (eth_p_mpls(skb->protocol))
+               skb->protocol = ethertype;
+       return 0;
+}
+
+static int set_mpls(struct sk_buff *skb, const __be32 *mpls_lse)
+{
+       __be32 *stack;
+       int err;
+
+       err = make_writable(skb, skb->mac_len + MPLS_HLEN);
+       if (unlikely(err))
+               return err;
+
+       stack = (__be32 *)skb_mpls_header(skb);
+       if (skb->ip_summed == CHECKSUM_COMPLETE) {
+               __be32 diff[] = { ~(*stack), *mpls_lse };
+
+               skb->csum = ~csum_partial((char *)diff, sizeof(diff),
+                                         ~skb->csum);
+       }
+
+       *stack = *mpls_lse;
+
+       return 0;
+}
+
 /* remove VLAN header from packet and update csum accordingly. */
 static int __pop_vlan_tci(struct sk_buff *skb, __be16 *current_tci)
 {
@@ -140,10 +228,12 @@ static int __pop_vlan_tci(struct sk_buff *skb, __be16 *current_tci)
 
        vlan_set_encap_proto(skb, vhdr);
        skb->mac_header += VLAN_HLEN;
+
        if (skb_network_offset(skb) < ETH_HLEN)
                skb_set_network_header(skb, ETH_HLEN);
-       skb_reset_mac_len(skb);
 
+       /* Update mac_len for subsequent MPLS actions */
+       skb_reset_mac_len(skb);
        return 0;
 }
 
@@ -186,6 +276,8 @@ static int push_vlan(struct sk_buff *skb, const struct ovs_action_push_vlan *vla
 
                if (!__vlan_put_tag(skb, skb->vlan_proto, current_tag))
                        return -ENOMEM;
+               /* Update mac_len for subsequent MPLS actions */
+               skb->mac_len += VLAN_HLEN;
 
                if (skb->ip_summed == CHECKSUM_COMPLETE)
                        skb->csum = csum_add(skb->csum, csum_partial(skb->data
@@ -612,6 +704,10 @@ static int execute_set_action(struct sk_buff *skb,
        case OVS_KEY_ATTR_SCTP:
                err = set_sctp(skb, nla_data(nested_attr));
                break;
+
+       case OVS_KEY_ATTR_MPLS:
+               err = set_mpls(skb, nla_data(nested_attr));
+               break;
        }
 
        return err;
@@ -690,6 +786,14 @@ static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
                        execute_hash(skb, key, a);
                        break;
 
+               case OVS_ACTION_ATTR_PUSH_MPLS:
+                       err = push_mpls(skb, nla_data(a));
+                       break;
+
+               case OVS_ACTION_ATTR_POP_MPLS:
+                       err = pop_mpls(skb, nla_get_be16(a));
+                       break;
+
                case OVS_ACTION_ATTR_PUSH_VLAN:
                        err = push_vlan(skb, nla_data(a));
                        if (unlikely(err)) /* skb already freed. */
index f18302f3204900d5f3ba20f2ff99423682c324d8..688cb9bc0ef143e125e23754bbcfe80bfbe5a8c1 100644 (file)
@@ -560,7 +560,7 @@ static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info)
                goto err_flow_free;
 
        err = ovs_nla_copy_actions(a[OVS_PACKET_ATTR_ACTIONS],
-                                  &flow->key, 0, &acts);
+                                  &flow->key, &acts);
        if (err)
                goto err_flow_free;
 
@@ -846,7 +846,7 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
                goto err_kfree_flow;
 
        error = ovs_nla_copy_actions(a[OVS_FLOW_ATTR_ACTIONS], &new_flow->key,
-                                    0, &acts);
+                                    &acts);
        if (error) {
                OVS_NLERR("Flow actions may not be safe on all matching packets.\n");
                goto err_kfree_acts;
@@ -953,7 +953,7 @@ static struct sw_flow_actions *get_flow_actions(const struct nlattr *a,
                return acts;
 
        ovs_flow_mask_key(&masked_key, key, mask);
-       error = ovs_nla_copy_actions(a, &masked_key, 0, &acts);
+       error = ovs_nla_copy_actions(a, &masked_key, &acts);
        if (error) {
                OVS_NLERR("Flow actions may not be safe on all matching packets.\n");
                kfree(acts);
index 2b78789ea7c5aa93afce5fe923d1af849547428c..90a21010fc8f7e5f6bb6f60d175ce8a5e9e7a465 100644 (file)
@@ -32,6 +32,7 @@
 #include <linux/if_arp.h>
 #include <linux/ip.h>
 #include <linux/ipv6.h>
+#include <linux/mpls.h>
 #include <linux/sctp.h>
 #include <linux/smp.h>
 #include <linux/tcp.h>
@@ -42,6 +43,7 @@
 #include <net/ip.h>
 #include <net/ip_tunnels.h>
 #include <net/ipv6.h>
+#include <net/mpls.h>
 #include <net/ndisc.h>
 
 #include "datapath.h"
@@ -480,6 +482,7 @@ static int key_extract(struct sk_buff *skb, struct sw_flow_key *key)
                return -ENOMEM;
 
        skb_reset_network_header(skb);
+       skb_reset_mac_len(skb);
        __skb_push(skb, skb->data - skb_mac_header(skb));
 
        /* Network layer. */
@@ -584,6 +587,33 @@ static int key_extract(struct sk_buff *skb, struct sw_flow_key *key)
                        memset(&key->ip, 0, sizeof(key->ip));
                        memset(&key->ipv4, 0, sizeof(key->ipv4));
                }
+       } else if (eth_p_mpls(key->eth.type)) {
+               size_t stack_len = MPLS_HLEN;
+
+               /* In the presence of an MPLS label stack the end of the L2
+                * header and the beginning of the L3 header differ.
+                *
+                * Advance network_header to the beginning of the L3
+                * header. mac_len corresponds to the end of the L2 header.
+                */
+               while (1) {
+                       __be32 lse;
+
+                       error = check_header(skb, skb->mac_len + stack_len);
+                       if (unlikely(error))
+                               return 0;
+
+                       memcpy(&lse, skb_network_header(skb), MPLS_HLEN);
+
+                       if (stack_len == MPLS_HLEN)
+                               memcpy(&key->mpls.top_lse, &lse, MPLS_HLEN);
+
+                       skb_set_network_header(skb, skb->mac_len + stack_len);
+                       if (lse & htonl(MPLS_LS_S_MASK))
+                               break;
+
+                       stack_len += MPLS_HLEN;
+               }
        } else if (key->eth.type == htons(ETH_P_IPV6)) {
                int nh_len;             /* IPv6 Header + Extensions */
 
index 71813318c8c73ef1efb27f8a22bcb062ac81a89a..4962bee81a117c253cfa0e5c4fbb8e864d960bd1 100644 (file)
@@ -102,12 +102,17 @@ struct sw_flow_key {
                __be16 tci;             /* 0 if no VLAN, VLAN_TAG_PRESENT set otherwise. */
                __be16 type;            /* Ethernet frame type. */
        } eth;
-       struct {
-               u8     proto;           /* IP protocol or lower 8 bits of ARP opcode. */
-               u8     tos;             /* IP ToS. */
-               u8     ttl;             /* IP TTL/hop limit. */
-               u8     frag;            /* One of OVS_FRAG_TYPE_*. */
-       } ip;
+       union {
+               struct {
+                       __be32 top_lse; /* top label stack entry */
+               } mpls;
+               struct {
+                       u8     proto;   /* IP protocol or lower 8 bits of ARP opcode. */
+                       u8     tos;         /* IP ToS. */
+                       u8     ttl;         /* IP TTL/hop limit. */
+                       u8     frag;    /* One of OVS_FRAG_TYPE_*. */
+               } ip;
+       };
        struct {
                __be16 src;             /* TCP/UDP/SCTP source port. */
                __be16 dst;             /* TCP/UDP/SCTP destination port. */
index 939bcb32100fe861b4ad94255d191ee281f83ed3..569309c49cc0bb4284582fe80964f2be52599424 100644 (file)
@@ -46,6 +46,7 @@
 #include <net/ip.h>
 #include <net/ipv6.h>
 #include <net/ndisc.h>
+#include <net/mpls.h>
 
 #include "flow_netlink.h"
 
@@ -134,7 +135,8 @@ static bool match_validate(const struct sw_flow_match *match,
                        | (1 << OVS_KEY_ATTR_ICMP)
                        | (1 << OVS_KEY_ATTR_ICMPV6)
                        | (1 << OVS_KEY_ATTR_ARP)
-                       | (1 << OVS_KEY_ATTR_ND));
+                       | (1 << OVS_KEY_ATTR_ND)
+                       | (1 << OVS_KEY_ATTR_MPLS));
 
        /* Always allowed mask fields. */
        mask_allowed |= ((1 << OVS_KEY_ATTR_TUNNEL)
@@ -149,6 +151,12 @@ static bool match_validate(const struct sw_flow_match *match,
                        mask_allowed |= 1 << OVS_KEY_ATTR_ARP;
        }
 
+       if (eth_p_mpls(match->key->eth.type)) {
+               key_expected |= 1 << OVS_KEY_ATTR_MPLS;
+               if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
+                       mask_allowed |= 1 << OVS_KEY_ATTR_MPLS;
+       }
+
        if (match->key->eth.type == htons(ETH_P_IP)) {
                key_expected |= 1 << OVS_KEY_ATTR_IPV4;
                if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
@@ -266,6 +274,7 @@ static const int ovs_key_lens[OVS_KEY_ATTR_MAX + 1] = {
        [OVS_KEY_ATTR_RECIRC_ID] = sizeof(u32),
        [OVS_KEY_ATTR_DP_HASH] = sizeof(u32),
        [OVS_KEY_ATTR_TUNNEL] = -1,
+       [OVS_KEY_ATTR_MPLS] = sizeof(struct ovs_key_mpls),
 };
 
 static bool is_all_zero(const u8 *fp, size_t size)
@@ -735,6 +744,16 @@ static int ovs_key_from_nlattrs(struct sw_flow_match *match, u64 attrs,
                attrs &= ~(1 << OVS_KEY_ATTR_ARP);
        }
 
+       if (attrs & (1 << OVS_KEY_ATTR_MPLS)) {
+               const struct ovs_key_mpls *mpls_key;
+
+               mpls_key = nla_data(a[OVS_KEY_ATTR_MPLS]);
+               SW_FLOW_KEY_PUT(match, mpls.top_lse,
+                               mpls_key->mpls_lse, is_mask);
+
+               attrs &= ~(1 << OVS_KEY_ATTR_MPLS);
+        }
+
        if (attrs & (1 << OVS_KEY_ATTR_TCP)) {
                const struct ovs_key_tcp *tcp_key;
 
@@ -1140,6 +1159,14 @@ int ovs_nla_put_flow(const struct sw_flow_key *swkey,
                arp_key->arp_op = htons(output->ip.proto);
                ether_addr_copy(arp_key->arp_sha, output->ipv4.arp.sha);
                ether_addr_copy(arp_key->arp_tha, output->ipv4.arp.tha);
+       } else if (eth_p_mpls(swkey->eth.type)) {
+               struct ovs_key_mpls *mpls_key;
+
+               nla = nla_reserve(skb, OVS_KEY_ATTR_MPLS, sizeof(*mpls_key));
+               if (!nla)
+                       goto nla_put_failure;
+               mpls_key = nla_data(nla);
+               mpls_key->mpls_lse = output->mpls.top_lse;
        }
 
        if ((swkey->eth.type == htons(ETH_P_IP) ||
@@ -1336,9 +1363,15 @@ static inline void add_nested_action_end(struct sw_flow_actions *sfa,
        a->nla_len = sfa->actions_len - st_offset;
 }
 
+static int ovs_nla_copy_actions__(const struct nlattr *attr,
+                                 const struct sw_flow_key *key,
+                                 int depth, struct sw_flow_actions **sfa,
+                                 __be16 eth_type, __be16 vlan_tci);
+
 static int validate_and_copy_sample(const struct nlattr *attr,
                                    const struct sw_flow_key *key, int depth,
-                                   struct sw_flow_actions **sfa)
+                                   struct sw_flow_actions **sfa,
+                                   __be16 eth_type, __be16 vlan_tci)
 {
        const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1];
        const struct nlattr *probability, *actions;
@@ -1375,7 +1408,8 @@ static int validate_and_copy_sample(const struct nlattr *attr,
        if (st_acts < 0)
                return st_acts;
 
-       err = ovs_nla_copy_actions(actions, key, depth + 1, sfa);
+       err = ovs_nla_copy_actions__(actions, key, depth + 1, sfa,
+                                    eth_type, vlan_tci);
        if (err)
                return err;
 
@@ -1385,10 +1419,10 @@ static int validate_and_copy_sample(const struct nlattr *attr,
        return 0;
 }
 
-static int validate_tp_port(const struct sw_flow_key *flow_key)
+static int validate_tp_port(const struct sw_flow_key *flow_key,
+                           __be16 eth_type)
 {
-       if ((flow_key->eth.type == htons(ETH_P_IP) ||
-            flow_key->eth.type == htons(ETH_P_IPV6)) &&
+       if ((eth_type == htons(ETH_P_IP) || eth_type == htons(ETH_P_IPV6)) &&
            (flow_key->tp.src || flow_key->tp.dst))
                return 0;
 
@@ -1483,7 +1517,7 @@ static int validate_and_copy_set_tun(const struct nlattr *attr,
 static int validate_set(const struct nlattr *a,
                        const struct sw_flow_key *flow_key,
                        struct sw_flow_actions **sfa,
-                       bool *set_tun)
+                       bool *set_tun, __be16 eth_type)
 {
        const struct nlattr *ovs_key = nla_data(a);
        int key_type = nla_type(ovs_key);
@@ -1508,6 +1542,9 @@ static int validate_set(const struct nlattr *a,
                break;
 
        case OVS_KEY_ATTR_TUNNEL:
+               if (eth_p_mpls(eth_type))
+                       return -EINVAL;
+
                *set_tun = true;
                err = validate_and_copy_set_tun(a, sfa);
                if (err)
@@ -1515,7 +1552,7 @@ static int validate_set(const struct nlattr *a,
                break;
 
        case OVS_KEY_ATTR_IPV4:
-               if (flow_key->eth.type != htons(ETH_P_IP))
+               if (eth_type != htons(ETH_P_IP))
                        return -EINVAL;
 
                if (!flow_key->ip.proto)
@@ -1531,7 +1568,7 @@ static int validate_set(const struct nlattr *a,
                break;
 
        case OVS_KEY_ATTR_IPV6:
-               if (flow_key->eth.type != htons(ETH_P_IPV6))
+               if (eth_type != htons(ETH_P_IPV6))
                        return -EINVAL;
 
                if (!flow_key->ip.proto)
@@ -1553,19 +1590,24 @@ static int validate_set(const struct nlattr *a,
                if (flow_key->ip.proto != IPPROTO_TCP)
                        return -EINVAL;
 
-               return validate_tp_port(flow_key);
+               return validate_tp_port(flow_key, eth_type);
 
        case OVS_KEY_ATTR_UDP:
                if (flow_key->ip.proto != IPPROTO_UDP)
                        return -EINVAL;
 
-               return validate_tp_port(flow_key);
+               return validate_tp_port(flow_key, eth_type);
+
+       case OVS_KEY_ATTR_MPLS:
+               if (!eth_p_mpls(eth_type))
+                       return -EINVAL;
+               break;
 
        case OVS_KEY_ATTR_SCTP:
                if (flow_key->ip.proto != IPPROTO_SCTP)
                        return -EINVAL;
 
-               return validate_tp_port(flow_key);
+               return validate_tp_port(flow_key, eth_type);
 
        default:
                return -EINVAL;
@@ -1609,12 +1651,13 @@ static int copy_action(const struct nlattr *from,
        return 0;
 }
 
-int ovs_nla_copy_actions(const struct nlattr *attr,
-                        const struct sw_flow_key *key,
-                        int depth,
-                        struct sw_flow_actions **sfa)
+static int ovs_nla_copy_actions__(const struct nlattr *attr,
+                                 const struct sw_flow_key *key,
+                                 int depth, struct sw_flow_actions **sfa,
+                                 __be16 eth_type, __be16 vlan_tci)
 {
        const struct nlattr *a;
+       bool out_tnl_port = false;
        int rem, err;
 
        if (depth >= SAMPLE_ACTION_DEPTH)
@@ -1626,6 +1669,8 @@ int ovs_nla_copy_actions(const struct nlattr *attr,
                        [OVS_ACTION_ATTR_OUTPUT] = sizeof(u32),
                        [OVS_ACTION_ATTR_RECIRC] = sizeof(u32),
                        [OVS_ACTION_ATTR_USERSPACE] = (u32)-1,
+                       [OVS_ACTION_ATTR_PUSH_MPLS] = sizeof(struct ovs_action_push_mpls),
+                       [OVS_ACTION_ATTR_POP_MPLS] = sizeof(__be16),
                        [OVS_ACTION_ATTR_PUSH_VLAN] = sizeof(struct ovs_action_push_vlan),
                        [OVS_ACTION_ATTR_POP_VLAN] = 0,
                        [OVS_ACTION_ATTR_SET] = (u32)-1,
@@ -1655,6 +1700,8 @@ int ovs_nla_copy_actions(const struct nlattr *attr,
                case OVS_ACTION_ATTR_OUTPUT:
                        if (nla_get_u32(a) >= DP_MAX_PORTS)
                                return -EINVAL;
+                       out_tnl_port = false;
+
                        break;
 
                case OVS_ACTION_ATTR_HASH: {
@@ -1671,6 +1718,7 @@ int ovs_nla_copy_actions(const struct nlattr *attr,
                }
 
                case OVS_ACTION_ATTR_POP_VLAN:
+                       vlan_tci = htons(0);
                        break;
 
                case OVS_ACTION_ATTR_PUSH_VLAN:
@@ -1679,19 +1727,66 @@ int ovs_nla_copy_actions(const struct nlattr *attr,
                                return -EINVAL;
                        if (!(vlan->vlan_tci & htons(VLAN_TAG_PRESENT)))
                                return -EINVAL;
+                       vlan_tci = vlan->vlan_tci;
                        break;
 
                case OVS_ACTION_ATTR_RECIRC:
                        break;
 
+               case OVS_ACTION_ATTR_PUSH_MPLS: {
+                       const struct ovs_action_push_mpls *mpls = nla_data(a);
+
+                       /* Networking stack do not allow simultaneous Tunnel
+                        * and MPLS GSO.
+                        */
+                       if (out_tnl_port)
+                               return -EINVAL;
+
+                       if (!eth_p_mpls(mpls->mpls_ethertype))
+                               return -EINVAL;
+                       /* Prohibit push MPLS other than to a white list
+                        * for packets that have a known tag order.
+                        */
+                       if (vlan_tci & htons(VLAN_TAG_PRESENT) ||
+                           (eth_type != htons(ETH_P_IP) &&
+                            eth_type != htons(ETH_P_IPV6) &&
+                            eth_type != htons(ETH_P_ARP) &&
+                            eth_type != htons(ETH_P_RARP) &&
+                            !eth_p_mpls(eth_type)))
+                               return -EINVAL;
+                       eth_type = mpls->mpls_ethertype;
+                       break;
+               }
+
+               case OVS_ACTION_ATTR_POP_MPLS:
+                       if (vlan_tci & htons(VLAN_TAG_PRESENT) ||
+                           !eth_p_mpls(eth_type))
+                               return -EINVAL;
+
+                       /* Disallow subsequent L2.5+ set and mpls_pop actions
+                        * as there is no check here to ensure that the new
+                        * eth_type is valid and thus set actions could
+                        * write off the end of the packet or otherwise
+                        * corrupt it.
+                        *
+                        * Support for these actions is planned using packet
+                        * recirculation.
+                        */
+                       eth_type = htons(0);
+                       break;
+
                case OVS_ACTION_ATTR_SET:
-                       err = validate_set(a, key, sfa, &skip_copy);
+                       err = validate_set(a, key, sfa,
+                                          &out_tnl_port, eth_type);
                        if (err)
                                return err;
+
+                       skip_copy = out_tnl_port;
                        break;
 
                case OVS_ACTION_ATTR_SAMPLE:
-                       err = validate_and_copy_sample(a, key, depth, sfa);
+                       err = validate_and_copy_sample(a, key, depth, sfa,
+                                                      eth_type, vlan_tci);
                        if (err)
                                return err;
                        skip_copy = true;
@@ -1713,6 +1808,14 @@ int ovs_nla_copy_actions(const struct nlattr *attr,
        return 0;
 }
 
+int ovs_nla_copy_actions(const struct nlattr *attr,
+                        const struct sw_flow_key *key,
+                        struct sw_flow_actions **sfa)
+{
+       return ovs_nla_copy_actions__(attr, key, 0, sfa, key->eth.type,
+                                     key->eth.tci);
+}
+
 static int sample_action_to_attr(const struct nlattr *attr, struct sk_buff *skb)
 {
        const struct nlattr *a;
index 206e45add8882540b56426c9e57fdca86a0e20a5..6355b1d01329c6073db9c307748cabee985e825d 100644 (file)
@@ -49,7 +49,7 @@ int ovs_nla_get_match(struct sw_flow_match *match,
                      const struct nlattr *);
 
 int ovs_nla_copy_actions(const struct nlattr *attr,
-                        const struct sw_flow_key *key, int depth,
+                        const struct sw_flow_key *key,
                         struct sw_flow_actions **sfa);
 int ovs_nla_put_actions(const struct nlattr *attr,
                        int len, struct sk_buff *skb);