2 * Copyright (c) 2007-2014 Nicira, Inc.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of version 2 of the GNU General Public
6 * License as published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
21 #include <linux/init.h>
22 #include <linux/module.h>
23 #include <linux/if_arp.h>
24 #include <linux/if_vlan.h>
27 #include <linux/jhash.h>
28 #include <linux/delay.h>
29 #include <linux/time.h>
30 #include <linux/etherdevice.h>
31 #include <linux/genetlink.h>
32 #include <linux/kernel.h>
33 #include <linux/kthread.h>
34 #include <linux/mutex.h>
35 #include <linux/percpu.h>
36 #include <linux/rcupdate.h>
37 #include <linux/tcp.h>
38 #include <linux/udp.h>
39 #include <linux/version.h>
40 #include <linux/ethtool.h>
41 #include <linux/wait.h>
42 #include <asm/div64.h>
43 #include <linux/highmem.h>
44 #include <linux/netfilter_bridge.h>
45 #include <linux/netfilter_ipv4.h>
46 #include <linux/inetdevice.h>
47 #include <linux/list.h>
48 #include <linux/openvswitch.h>
49 #include <linux/rculist.h>
50 #include <linux/dmi.h>
51 #include <net/genetlink.h>
52 #include <net/net_namespace.h>
53 #include <net/netns/generic.h>
57 #include "flow_table.h"
58 #include "flow_netlink.h"
60 #include "vport-internal_dev.h"
61 #include "vport-netdev.h"
63 int ovs_net_id __read_mostly;
64 EXPORT_SYMBOL_GPL(ovs_net_id);
66 static struct genl_family dp_packet_genl_family;
67 static struct genl_family dp_flow_genl_family;
68 static struct genl_family dp_datapath_genl_family;
70 static const struct nla_policy flow_policy[];
72 static struct genl_multicast_group ovs_dp_flow_multicast_group = {
73 .name = OVS_FLOW_MCGROUP
76 static struct genl_multicast_group ovs_dp_datapath_multicast_group = {
77 .name = OVS_DATAPATH_MCGROUP
80 struct genl_multicast_group ovs_dp_vport_multicast_group = {
81 .name = OVS_VPORT_MCGROUP
84 /* Check if need to build a reply message.
85 * OVS userspace sets the NLM_F_ECHO flag if it needs the reply.
87 static bool ovs_must_notify(struct genl_family *family, struct genl_info *info,
90 return info->nlhdr->nlmsg_flags & NLM_F_ECHO ||
91 genl_has_listeners(family, genl_info_net(info), group);
94 static void ovs_notify(struct genl_family *family, struct genl_multicast_group *grp,
95 struct sk_buff *skb, struct genl_info *info)
97 genl_notify(family, skb, genl_info_net(info),
98 info->snd_portid, GROUP_ID(grp), info->nlhdr, GFP_KERNEL);
104 * All writes e.g. Writes to device state (add/remove datapath, port, set
105 * operations on vports, etc.), Writes to other state (flow table
106 * modifications, set miscellaneous datapath parameters, etc.) are protected
109 * Reads are protected by RCU.
111 * There are a few special cases (mostly stats) that have their own
112 * synchronization but they nest under all of above and don't interact with
115 * The RTNL lock nests inside ovs_mutex.
118 static DEFINE_MUTEX(ovs_mutex);
122 mutex_lock(&ovs_mutex);
125 void ovs_unlock(void)
127 mutex_unlock(&ovs_mutex);
130 #ifdef CONFIG_LOCKDEP
131 int lockdep_ovsl_is_held(void)
134 return lockdep_is_held(&ovs_mutex);
138 EXPORT_SYMBOL_GPL(lockdep_ovsl_is_held);
141 static int queue_gso_packets(struct datapath *dp, struct sk_buff *,
142 const struct sw_flow_key *,
143 const struct dp_upcall_info *);
144 static int queue_userspace_packet(struct datapath *dp, struct sk_buff *,
145 const struct sw_flow_key *,
146 const struct dp_upcall_info *);
148 /* Must be called with rcu_read_lock. */
149 static struct datapath *get_dp_rcu(struct net *net, int dp_ifindex)
151 struct net_device *dev = dev_get_by_index_rcu(net, dp_ifindex);
154 struct vport *vport = ovs_internal_dev_get_vport(dev);
162 /* The caller must hold either ovs_mutex or rcu_read_lock to keep the
163 * returned dp pointer valid.
165 static inline struct datapath *get_dp(struct net *net, int dp_ifindex)
169 WARN_ON_ONCE(!rcu_read_lock_held() && !lockdep_ovsl_is_held());
171 dp = get_dp_rcu(net, dp_ifindex);
177 /* Must be called with rcu_read_lock or ovs_mutex. */
178 const char *ovs_dp_name(const struct datapath *dp)
180 struct vport *vport = ovs_vport_ovsl_rcu(dp, OVSP_LOCAL);
181 return vport->ops->get_name(vport);
184 static int get_dpifindex(const struct datapath *dp)
191 local = ovs_vport_rcu(dp, OVSP_LOCAL);
193 ifindex = netdev_vport_priv(local)->dev->ifindex;
202 static void destroy_dp_rcu(struct rcu_head *rcu)
204 struct datapath *dp = container_of(rcu, struct datapath, rcu);
206 ovs_flow_tbl_destroy(&dp->table);
207 free_percpu(dp->stats_percpu);
208 release_net(ovs_dp_get_net(dp));
213 static struct hlist_head *vport_hash_bucket(const struct datapath *dp,
216 return &dp->ports[port_no & (DP_VPORT_HASH_BUCKETS - 1)];
219 /* Called with ovs_mutex or RCU read lock. */
220 struct vport *ovs_lookup_vport(const struct datapath *dp, u16 port_no)
223 struct hlist_head *head;
225 head = vport_hash_bucket(dp, port_no);
226 hlist_for_each_entry_rcu(vport, head, dp_hash_node) {
227 if (vport->port_no == port_no)
233 /* Called with ovs_mutex. */
234 static struct vport *new_vport(const struct vport_parms *parms)
238 vport = ovs_vport_add(parms);
239 if (!IS_ERR(vport)) {
240 struct datapath *dp = parms->dp;
241 struct hlist_head *head = vport_hash_bucket(dp, vport->port_no);
243 hlist_add_head_rcu(&vport->dp_hash_node, head);
248 void ovs_dp_detach_port(struct vport *p)
252 /* First drop references to device. */
253 hlist_del_rcu(&p->dp_hash_node);
255 /* Then destroy it. */
259 /* Must be called with rcu_read_lock. */
260 void ovs_dp_process_packet(struct sk_buff *skb, struct sw_flow_key *key)
262 const struct vport *p = OVS_CB(skb)->input_vport;
263 struct datapath *dp = p->dp;
264 struct sw_flow *flow;
265 struct sw_flow_actions *sf_acts;
266 struct dp_stats_percpu *stats;
270 stats = this_cpu_ptr(dp->stats_percpu);
273 flow = ovs_flow_tbl_lookup_stats(&dp->table, key, skb_get_hash(skb),
275 if (unlikely(!flow)) {
276 struct dp_upcall_info upcall;
279 memset(&upcall, 0, sizeof(upcall));
280 upcall.cmd = OVS_PACKET_CMD_MISS;
281 upcall.portid = ovs_vport_find_upcall_portid(p, skb);
282 error = ovs_dp_upcall(dp, skb, key, &upcall);
287 stats_counter = &stats->n_missed;
291 ovs_flow_stats_update(flow, key->tp.flags, skb);
292 sf_acts = rcu_dereference(flow->sf_acts);
293 ovs_execute_actions(dp, skb, sf_acts, key);
295 stats_counter = &stats->n_hit;
298 /* Update datapath statistics. */
299 u64_stats_update_begin(&stats->syncp);
301 stats->n_mask_hit += n_mask_hit;
302 u64_stats_update_end(&stats->syncp);
305 int ovs_dp_upcall(struct datapath *dp, struct sk_buff *skb,
306 const struct sw_flow_key *key,
307 const struct dp_upcall_info *upcall_info)
309 struct dp_stats_percpu *stats;
312 if (upcall_info->portid == 0) {
317 if (!skb_is_gso(skb))
318 err = queue_userspace_packet(dp, skb, key, upcall_info);
320 err = queue_gso_packets(dp, skb, key, upcall_info);
327 stats = this_cpu_ptr(dp->stats_percpu);
329 u64_stats_update_begin(&stats->syncp);
331 u64_stats_update_end(&stats->syncp);
336 static int queue_gso_packets(struct datapath *dp, struct sk_buff *skb,
337 const struct sw_flow_key *key,
338 const struct dp_upcall_info *upcall_info)
340 unsigned short gso_type = skb_shinfo(skb)->gso_type;
341 struct sw_flow_key later_key;
342 struct sk_buff *segs, *nskb;
343 struct ovs_skb_cb ovs_cb;
346 ovs_cb = *OVS_CB(skb);
347 segs = __skb_gso_segment(skb, NETIF_F_SG, false);
348 *OVS_CB(skb) = ovs_cb;
350 return PTR_ERR(segs);
354 if (gso_type & SKB_GSO_UDP) {
355 /* The initial flow key extracted by ovs_flow_key_extract()
356 * in this case is for a first fragment, so we need to
357 * properly mark later fragments.
360 later_key.ip.frag = OVS_FRAG_TYPE_LATER;
363 /* Queue all of the segments. */
366 *OVS_CB(skb) = ovs_cb;
367 if (gso_type & SKB_GSO_UDP && skb != segs)
370 err = queue_userspace_packet(dp, skb, key, upcall_info);
374 } while ((skb = skb->next));
376 /* Free all of the segments. */
384 } while ((skb = nskb));
388 static size_t upcall_msg_size(const struct dp_upcall_info *upcall_info,
391 size_t size = NLMSG_ALIGN(sizeof(struct ovs_header))
392 + nla_total_size(hdrlen) /* OVS_PACKET_ATTR_PACKET */
393 + nla_total_size(ovs_key_attr_size()); /* OVS_PACKET_ATTR_KEY */
395 /* OVS_PACKET_ATTR_USERDATA */
396 if (upcall_info->userdata)
397 size += NLA_ALIGN(upcall_info->userdata->nla_len);
399 /* OVS_PACKET_ATTR_EGRESS_TUN_KEY */
400 if (upcall_info->egress_tun_info)
401 size += nla_total_size(ovs_tun_key_attr_size());
403 /* OVS_PACKET_ATTR_ACTIONS */
404 if (upcall_info->actions_len)
405 size += nla_total_size(upcall_info->actions_len);
410 static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb,
411 const struct sw_flow_key *key,
412 const struct dp_upcall_info *upcall_info)
414 struct ovs_header *upcall;
415 struct sk_buff *nskb = NULL;
416 struct sk_buff *user_skb = NULL; /* to be queued to userspace */
418 struct genl_info info = {
419 #ifdef HAVE_GENLMSG_NEW_UNICAST
420 .dst_sk = ovs_dp_get_net(dp)->genl_sock,
422 .snd_portid = upcall_info->portid,
428 dp_ifindex = get_dpifindex(dp);
432 if (skb_vlan_tag_present(skb)) {
433 nskb = skb_clone(skb, GFP_ATOMIC);
437 nskb = vlan_insert_tag_set_proto(nskb, nskb->vlan_proto, skb_vlan_tag_get(nskb));
441 vlan_set_tci(nskb, 0);
446 if (nla_attr_size(skb->len) > USHRT_MAX) {
451 /* Complete checksum if needed */
452 if (skb->ip_summed == CHECKSUM_PARTIAL &&
453 (err = skb_checksum_help(skb)))
456 /* Older versions of OVS user space enforce alignment of the last
457 * Netlink attribute to NLA_ALIGNTO which would require extensive
458 * padding logic. Only perform zerocopy if padding is not required.
460 if (dp->user_features & OVS_DP_F_UNALIGNED)
461 hlen = skb_zerocopy_headlen(skb);
465 len = upcall_msg_size(upcall_info, hlen);
466 user_skb = genlmsg_new_unicast(len, &info, GFP_ATOMIC);
472 upcall = genlmsg_put(user_skb, 0, 0, &dp_packet_genl_family,
473 0, upcall_info->cmd);
474 upcall->dp_ifindex = dp_ifindex;
476 err = ovs_nla_put_key(key, key, OVS_PACKET_ATTR_KEY, false, user_skb);
479 if (upcall_info->userdata)
480 __nla_put(user_skb, OVS_PACKET_ATTR_USERDATA,
481 nla_len(upcall_info->userdata),
482 nla_data(upcall_info->userdata));
484 if (upcall_info->egress_tun_info) {
485 nla = nla_nest_start(user_skb, OVS_PACKET_ATTR_EGRESS_TUN_KEY);
486 err = ovs_nla_put_egress_tunnel_key(user_skb,
487 upcall_info->egress_tun_info);
489 nla_nest_end(user_skb, nla);
492 if (upcall_info->actions_len) {
493 nla = nla_nest_start(user_skb, OVS_PACKET_ATTR_ACTIONS);
494 err = ovs_nla_put_actions(upcall_info->actions,
495 upcall_info->actions_len,
498 nla_nest_end(user_skb, nla);
500 nla_nest_cancel(user_skb, nla);
503 /* Only reserve room for attribute header, packet data is added
506 if (!(nla = nla_reserve(user_skb, OVS_PACKET_ATTR_PACKET, 0))) {
510 nla->nla_len = nla_attr_size(skb->len);
512 err = skb_zerocopy(user_skb, skb, skb->len, hlen);
516 /* Pad OVS_PACKET_ATTR_PACKET if linear copy was performed */
517 if (!(dp->user_features & OVS_DP_F_UNALIGNED)) {
518 size_t plen = NLA_ALIGN(user_skb->len) - user_skb->len;
521 memset(skb_put(user_skb, plen), 0, plen);
524 ((struct nlmsghdr *) user_skb->data)->nlmsg_len = user_skb->len;
526 err = genlmsg_unicast(ovs_dp_get_net(dp), user_skb, upcall_info->portid);
536 static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info)
538 struct ovs_header *ovs_header = info->userhdr;
539 struct nlattr **a = info->attrs;
540 struct sw_flow_actions *acts;
541 struct sk_buff *packet;
542 struct sw_flow *flow;
543 struct sw_flow_actions *sf_acts;
546 struct vport *input_vport;
549 bool log = !a[OVS_PACKET_ATTR_PROBE];
552 if (!a[OVS_PACKET_ATTR_PACKET] || !a[OVS_PACKET_ATTR_KEY] ||
553 !a[OVS_PACKET_ATTR_ACTIONS])
556 len = nla_len(a[OVS_PACKET_ATTR_PACKET]);
557 packet = __dev_alloc_skb(NET_IP_ALIGN + len, GFP_KERNEL);
561 skb_reserve(packet, NET_IP_ALIGN);
563 nla_memcpy(__skb_put(packet, len), a[OVS_PACKET_ATTR_PACKET], len);
565 skb_reset_mac_header(packet);
566 eth = eth_hdr(packet);
568 /* Normally, setting the skb 'protocol' field would be handled by a
569 * call to eth_type_trans(), but it assumes there's a sending
570 * device, which we may not have.
572 if (ntohs(eth->h_proto) >= ETH_P_802_3_MIN)
573 packet->protocol = eth->h_proto;
575 packet->protocol = htons(ETH_P_802_2);
577 /* Build an sw_flow for sending this packet. */
578 flow = ovs_flow_alloc();
583 err = ovs_flow_key_extract_userspace(a[OVS_PACKET_ATTR_KEY], packet,
588 err = ovs_nla_copy_actions(a[OVS_PACKET_ATTR_ACTIONS],
589 &flow->key, &acts, log);
593 rcu_assign_pointer(flow->sf_acts, acts);
594 OVS_CB(packet)->egress_tun_info = NULL;
595 packet->priority = flow->key.phy.priority;
596 packet->mark = flow->key.phy.skb_mark;
599 dp = get_dp_rcu(sock_net(skb->sk), ovs_header->dp_ifindex);
604 input_vport = ovs_vport_rcu(dp, flow->key.phy.in_port);
606 input_vport = ovs_vport_rcu(dp, OVSP_LOCAL);
611 OVS_CB(packet)->input_vport = input_vport;
612 sf_acts = rcu_dereference(flow->sf_acts);
615 err = ovs_execute_actions(dp, packet, sf_acts, &flow->key);
619 ovs_flow_free(flow, false);
625 ovs_flow_free(flow, false);
632 static const struct nla_policy packet_policy[OVS_PACKET_ATTR_MAX + 1] = {
633 [OVS_PACKET_ATTR_PACKET] = { .len = ETH_HLEN },
634 [OVS_PACKET_ATTR_KEY] = { .type = NLA_NESTED },
635 [OVS_PACKET_ATTR_ACTIONS] = { .type = NLA_NESTED },
636 [OVS_PACKET_ATTR_PROBE] = { .type = NLA_FLAG },
639 static struct genl_ops dp_packet_genl_ops[] = {
640 { .cmd = OVS_PACKET_CMD_EXECUTE,
641 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
642 .policy = packet_policy,
643 .doit = ovs_packet_cmd_execute
647 static struct genl_family dp_packet_genl_family = {
648 .id = GENL_ID_GENERATE,
649 .hdrsize = sizeof(struct ovs_header),
650 .name = OVS_PACKET_FAMILY,
651 .version = OVS_PACKET_VERSION,
652 .maxattr = OVS_PACKET_ATTR_MAX,
654 .parallel_ops = true,
655 .ops = dp_packet_genl_ops,
656 .n_ops = ARRAY_SIZE(dp_packet_genl_ops),
659 static void get_dp_stats(const struct datapath *dp, struct ovs_dp_stats *stats,
660 struct ovs_dp_megaflow_stats *mega_stats)
664 memset(mega_stats, 0, sizeof(*mega_stats));
666 stats->n_flows = ovs_flow_tbl_count(&dp->table);
667 mega_stats->n_masks = ovs_flow_tbl_num_masks(&dp->table);
669 stats->n_hit = stats->n_missed = stats->n_lost = 0;
671 for_each_possible_cpu(i) {
672 const struct dp_stats_percpu *percpu_stats;
673 struct dp_stats_percpu local_stats;
676 percpu_stats = per_cpu_ptr(dp->stats_percpu, i);
679 start = u64_stats_fetch_begin_irq(&percpu_stats->syncp);
680 local_stats = *percpu_stats;
681 } while (u64_stats_fetch_retry_irq(&percpu_stats->syncp, start));
683 stats->n_hit += local_stats.n_hit;
684 stats->n_missed += local_stats.n_missed;
685 stats->n_lost += local_stats.n_lost;
686 mega_stats->n_mask_hit += local_stats.n_mask_hit;
690 static bool should_fill_key(const struct sw_flow_id *sfid, uint32_t ufid_flags)
692 return ovs_identifier_is_ufid(sfid) &&
693 !(ufid_flags & OVS_UFID_F_OMIT_KEY);
696 static bool should_fill_mask(uint32_t ufid_flags)
698 return !(ufid_flags & OVS_UFID_F_OMIT_MASK);
701 static bool should_fill_actions(uint32_t ufid_flags)
703 return !(ufid_flags & OVS_UFID_F_OMIT_ACTIONS);
706 static size_t ovs_flow_cmd_msg_size(const struct sw_flow_actions *acts,
707 const struct sw_flow_id *sfid,
710 size_t len = NLMSG_ALIGN(sizeof(struct ovs_header));
712 /* OVS_FLOW_ATTR_UFID */
713 if (sfid && ovs_identifier_is_ufid(sfid))
714 len += nla_total_size(sfid->ufid_len);
716 /* OVS_FLOW_ATTR_KEY */
717 if (!sfid || should_fill_key(sfid, ufid_flags))
718 len += nla_total_size(ovs_key_attr_size());
720 /* OVS_FLOW_ATTR_MASK */
721 if (should_fill_mask(ufid_flags))
722 len += nla_total_size(ovs_key_attr_size());
724 /* OVS_FLOW_ATTR_ACTIONS */
725 if (should_fill_actions(ufid_flags))
726 len += nla_total_size(acts->actions_len);
729 + nla_total_size(sizeof(struct ovs_flow_stats)) /* OVS_FLOW_ATTR_STATS */
730 + nla_total_size(1) /* OVS_FLOW_ATTR_TCP_FLAGS */
731 + nla_total_size(8); /* OVS_FLOW_ATTR_USED */
734 /* Called with ovs_mutex or RCU read lock. */
735 static int ovs_flow_cmd_fill_stats(const struct sw_flow *flow,
738 struct ovs_flow_stats stats;
742 ovs_flow_stats_get(flow, &stats, &used, &tcp_flags);
745 nla_put_u64(skb, OVS_FLOW_ATTR_USED, ovs_flow_used_time(used)))
748 if (stats.n_packets &&
749 nla_put(skb, OVS_FLOW_ATTR_STATS, sizeof(struct ovs_flow_stats), &stats))
752 if ((u8)ntohs(tcp_flags) &&
753 nla_put_u8(skb, OVS_FLOW_ATTR_TCP_FLAGS, (u8)ntohs(tcp_flags)))
759 /* Called with ovs_mutex or RCU read lock. */
760 static int ovs_flow_cmd_fill_actions(const struct sw_flow *flow,
761 struct sk_buff *skb, int skb_orig_len)
763 struct nlattr *start;
766 /* If OVS_FLOW_ATTR_ACTIONS doesn't fit, skip dumping the actions if
767 * this is the first flow to be dumped into 'skb'. This is unusual for
768 * Netlink but individual action lists can be longer than
769 * NLMSG_GOODSIZE and thus entirely undumpable if we didn't do this.
770 * The userspace caller can always fetch the actions separately if it
771 * really wants them. (Most userspace callers in fact don't care.)
773 * This can only fail for dump operations because the skb is always
774 * properly sized for single flows.
776 start = nla_nest_start(skb, OVS_FLOW_ATTR_ACTIONS);
778 const struct sw_flow_actions *sf_acts;
780 sf_acts = rcu_dereference_ovsl(flow->sf_acts);
781 err = ovs_nla_put_actions(sf_acts->actions,
782 sf_acts->actions_len, skb);
785 nla_nest_end(skb, start);
790 nla_nest_cancel(skb, start);
792 } else if (skb_orig_len) {
799 /* Called with ovs_mutex or RCU read lock. */
800 static int ovs_flow_cmd_fill_info(const struct sw_flow *flow, int dp_ifindex,
801 struct sk_buff *skb, u32 portid,
802 u32 seq, u32 flags, u8 cmd, u32 ufid_flags)
804 const int skb_orig_len = skb->len;
805 struct ovs_header *ovs_header;
808 ovs_header = genlmsg_put(skb, portid, seq, &dp_flow_genl_family,
813 ovs_header->dp_ifindex = dp_ifindex;
815 err = ovs_nla_put_identifier(flow, skb);
819 if (should_fill_key(&flow->id, ufid_flags)) {
820 err = ovs_nla_put_masked_key(flow, skb);
825 if (should_fill_mask(ufid_flags)) {
826 err = ovs_nla_put_mask(flow, skb);
831 err = ovs_flow_cmd_fill_stats(flow, skb);
835 if (should_fill_actions(ufid_flags)) {
836 err = ovs_flow_cmd_fill_actions(flow, skb, skb_orig_len);
841 genlmsg_end(skb, ovs_header);
845 genlmsg_cancel(skb, ovs_header);
849 /* May not be called with RCU read lock. */
850 static struct sk_buff *ovs_flow_cmd_alloc_info(const struct sw_flow_actions *acts,
851 const struct sw_flow_id *sfid,
852 struct genl_info *info,
859 if (!always && !ovs_must_notify(&dp_flow_genl_family, info,
860 GROUP_ID(&ovs_dp_flow_multicast_group)))
863 len = ovs_flow_cmd_msg_size(acts, sfid, ufid_flags);
864 skb = genlmsg_new_unicast(len, info, GFP_KERNEL);
866 return ERR_PTR(-ENOMEM);
871 /* Called with ovs_mutex. */
872 static struct sk_buff *ovs_flow_cmd_build_info(const struct sw_flow *flow,
874 struct genl_info *info, u8 cmd,
875 bool always, u32 ufid_flags)
880 skb = ovs_flow_cmd_alloc_info(ovsl_dereference(flow->sf_acts),
881 &flow->id, info, always, ufid_flags);
882 if (IS_ERR_OR_NULL(skb))
885 retval = ovs_flow_cmd_fill_info(flow, dp_ifindex, skb,
886 info->snd_portid, info->snd_seq, 0,
892 static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
894 struct nlattr **a = info->attrs;
895 struct ovs_header *ovs_header = info->userhdr;
896 struct sw_flow *flow = NULL, *new_flow;
897 struct sw_flow_mask mask;
898 struct sk_buff *reply;
900 struct sw_flow_key key;
901 struct sw_flow_actions *acts;
902 struct sw_flow_match match;
903 u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
905 bool log = !a[OVS_FLOW_ATTR_PROBE];
907 /* Must have key and actions. */
909 if (!a[OVS_FLOW_ATTR_KEY]) {
910 OVS_NLERR(log, "Flow key attr not present in new flow.");
913 if (!a[OVS_FLOW_ATTR_ACTIONS]) {
914 OVS_NLERR(log, "Flow actions attr not present in new flow.");
918 /* Most of the time we need to allocate a new flow, do it before
921 new_flow = ovs_flow_alloc();
922 if (IS_ERR(new_flow)) {
923 error = PTR_ERR(new_flow);
928 ovs_match_init(&match, &key, &mask);
929 error = ovs_nla_get_match(&match, a[OVS_FLOW_ATTR_KEY],
930 a[OVS_FLOW_ATTR_MASK], log);
934 ovs_flow_mask_key(&new_flow->key, &key, &mask);
936 /* Extract flow identifier. */
937 error = ovs_nla_get_identifier(&new_flow->id, a[OVS_FLOW_ATTR_UFID],
942 /* Validate actions. */
943 error = ovs_nla_copy_actions(a[OVS_FLOW_ATTR_ACTIONS], &new_flow->key,
946 OVS_NLERR(log, "Flow actions may not be safe on all matching packets.");
950 reply = ovs_flow_cmd_alloc_info(acts, &new_flow->id, info, false,
953 error = PTR_ERR(reply);
958 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
964 /* Check if this is a duplicate flow */
965 if (ovs_identifier_is_ufid(&new_flow->id))
966 flow = ovs_flow_tbl_lookup_ufid(&dp->table, &new_flow->id);
968 flow = ovs_flow_tbl_lookup(&dp->table, &key);
970 rcu_assign_pointer(new_flow->sf_acts, acts);
972 /* Put flow in bucket. */
973 error = ovs_flow_tbl_insert(&dp->table, new_flow, &mask);
974 if (unlikely(error)) {
979 if (unlikely(reply)) {
980 error = ovs_flow_cmd_fill_info(new_flow,
981 ovs_header->dp_ifindex,
982 reply, info->snd_portid,
990 struct sw_flow_actions *old_acts;
992 /* Bail out if we're not allowed to modify an existing flow.
993 * We accept NLM_F_CREATE in place of the intended NLM_F_EXCL
994 * because Generic Netlink treats the latter as a dump
995 * request. We also accept NLM_F_EXCL in case that bug ever
998 if (unlikely(info->nlhdr->nlmsg_flags & (NLM_F_CREATE
1001 goto err_unlock_ovs;
1003 /* The flow identifier has to be the same for flow updates.
1004 * Look for any overlapping flow.
1006 if (unlikely(!ovs_flow_cmp(flow, &match))) {
1007 if (ovs_identifier_is_key(&flow->id))
1008 flow = ovs_flow_tbl_lookup_exact(&dp->table,
1010 else /* UFID matches but key is different */
1014 goto err_unlock_ovs;
1017 /* Update actions. */
1018 old_acts = ovsl_dereference(flow->sf_acts);
1019 rcu_assign_pointer(flow->sf_acts, acts);
1021 if (unlikely(reply)) {
1022 error = ovs_flow_cmd_fill_info(flow,
1023 ovs_header->dp_ifindex,
1024 reply, info->snd_portid,
1032 ovs_nla_free_flow_actions(old_acts);
1033 ovs_flow_free(new_flow, false);
1037 ovs_notify(&dp_flow_genl_family, &ovs_dp_flow_multicast_group, reply, info);
1046 ovs_flow_free(new_flow, false);
1051 /* Factor out action copy to avoid "Wframe-larger-than=1024" warning. */
1052 static struct sw_flow_actions *get_flow_actions(const struct nlattr *a,
1053 const struct sw_flow_key *key,
1054 const struct sw_flow_mask *mask,
1057 struct sw_flow_actions *acts;
1058 struct sw_flow_key masked_key;
1061 ovs_flow_mask_key(&masked_key, key, mask);
1062 error = ovs_nla_copy_actions(a, &masked_key, &acts, log);
1065 "Actions may not be safe on all matching packets");
1066 return ERR_PTR(error);
1072 static int ovs_flow_cmd_set(struct sk_buff *skb, struct genl_info *info)
1074 struct nlattr **a = info->attrs;
1075 struct ovs_header *ovs_header = info->userhdr;
1076 struct sw_flow_key key;
1077 struct sw_flow *flow;
1078 struct sw_flow_mask mask;
1079 struct sk_buff *reply = NULL;
1080 struct datapath *dp;
1081 struct sw_flow_actions *old_acts = NULL, *acts = NULL;
1082 struct sw_flow_match match;
1083 struct sw_flow_id sfid;
1084 u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
1086 bool log = !a[OVS_FLOW_ATTR_PROBE];
1091 if (!a[OVS_FLOW_ATTR_KEY]) {
1092 OVS_NLERR(log, "Flow key attribute not present in set flow.");
1096 ufid_present = ovs_nla_get_ufid(&sfid, a[OVS_FLOW_ATTR_UFID], log);
1097 ovs_match_init(&match, &key, &mask);
1098 error = ovs_nla_get_match(&match, a[OVS_FLOW_ATTR_KEY],
1099 a[OVS_FLOW_ATTR_MASK], log);
1103 /* Validate actions. */
1104 if (a[OVS_FLOW_ATTR_ACTIONS]) {
1105 acts = get_flow_actions(a[OVS_FLOW_ATTR_ACTIONS], &key, &mask,
1108 error = PTR_ERR(acts);
1112 /* Can allocate before locking if have acts. */
1113 reply = ovs_flow_cmd_alloc_info(acts, &sfid, info, false,
1115 if (IS_ERR(reply)) {
1116 error = PTR_ERR(reply);
1117 goto err_kfree_acts;
1122 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
1123 if (unlikely(!dp)) {
1125 goto err_unlock_ovs;
1127 /* Check that the flow exists. */
1129 flow = ovs_flow_tbl_lookup_ufid(&dp->table, &sfid);
1131 flow = ovs_flow_tbl_lookup_exact(&dp->table, &match);
1132 if (unlikely(!flow)) {
1134 goto err_unlock_ovs;
1137 /* Update actions, if present. */
1139 old_acts = ovsl_dereference(flow->sf_acts);
1140 rcu_assign_pointer(flow->sf_acts, acts);
1142 if (unlikely(reply)) {
1143 error = ovs_flow_cmd_fill_info(flow,
1144 ovs_header->dp_ifindex,
1145 reply, info->snd_portid,
1152 /* Could not alloc without acts before locking. */
1153 reply = ovs_flow_cmd_build_info(flow, ovs_header->dp_ifindex,
1154 info, OVS_FLOW_CMD_NEW, false,
1157 if (unlikely(IS_ERR(reply))) {
1158 error = PTR_ERR(reply);
1159 goto err_unlock_ovs;
1164 if (a[OVS_FLOW_ATTR_CLEAR])
1165 ovs_flow_stats_clear(flow);
1169 ovs_notify(&dp_flow_genl_family, &ovs_dp_flow_multicast_group, reply, info);
1171 ovs_nla_free_flow_actions(old_acts);
1184 static int ovs_flow_cmd_get(struct sk_buff *skb, struct genl_info *info)
1186 struct nlattr **a = info->attrs;
1187 struct ovs_header *ovs_header = info->userhdr;
1188 struct sw_flow_key key;
1189 struct sk_buff *reply;
1190 struct sw_flow *flow;
1191 struct datapath *dp;
1192 struct sw_flow_match match;
1193 struct sw_flow_id ufid;
1194 u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
1196 bool log = !a[OVS_FLOW_ATTR_PROBE];
1199 ufid_present = ovs_nla_get_ufid(&ufid, a[OVS_FLOW_ATTR_UFID], log);
1200 if (a[OVS_FLOW_ATTR_KEY]) {
1201 ovs_match_init(&match, &key, NULL);
1202 err = ovs_nla_get_match(&match, a[OVS_FLOW_ATTR_KEY], NULL,
1204 } else if (!ufid_present) {
1206 "Flow get message rejected, Key attribute missing.");
1213 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
1220 flow = ovs_flow_tbl_lookup_ufid(&dp->table, &ufid);
1222 flow = ovs_flow_tbl_lookup_exact(&dp->table, &match);
1228 reply = ovs_flow_cmd_build_info(flow, ovs_header->dp_ifindex, info,
1229 OVS_FLOW_CMD_NEW, true, ufid_flags);
1230 if (IS_ERR(reply)) {
1231 err = PTR_ERR(reply);
1236 return genlmsg_reply(reply, info);
1242 static int ovs_flow_cmd_del(struct sk_buff *skb, struct genl_info *info)
1244 struct nlattr **a = info->attrs;
1245 struct ovs_header *ovs_header = info->userhdr;
1246 struct sw_flow_key key;
1247 struct sk_buff *reply;
1248 struct sw_flow *flow = NULL;
1249 struct datapath *dp;
1250 struct sw_flow_match match;
1251 struct sw_flow_id ufid;
1252 u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
1254 bool log = !a[OVS_FLOW_ATTR_PROBE];
1257 ufid_present = ovs_nla_get_ufid(&ufid, a[OVS_FLOW_ATTR_UFID], log);
1258 if (a[OVS_FLOW_ATTR_KEY]) {
1259 ovs_match_init(&match, &key, NULL);
1260 err = ovs_nla_get_match(&match, a[OVS_FLOW_ATTR_KEY], NULL,
1267 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
1268 if (unlikely(!dp)) {
1273 if (unlikely(!a[OVS_FLOW_ATTR_KEY] && !ufid_present)) {
1274 err = ovs_flow_tbl_flush(&dp->table);
1279 flow = ovs_flow_tbl_lookup_ufid(&dp->table, &ufid);
1281 flow = ovs_flow_tbl_lookup_exact(&dp->table, &match);
1282 if (unlikely(!flow)) {
1287 ovs_flow_tbl_remove(&dp->table, flow);
1290 reply = ovs_flow_cmd_alloc_info(rcu_dereference_raw(flow->sf_acts),
1291 &flow->id, info, false, ufid_flags);
1293 if (likely(reply)) {
1294 if (likely(!IS_ERR(reply))) {
1295 rcu_read_lock(); /*To keep RCU checker happy. */
1296 err = ovs_flow_cmd_fill_info(flow, ovs_header->dp_ifindex,
1297 reply, info->snd_portid,
1303 ovs_notify(&dp_flow_genl_family, &ovs_dp_flow_multicast_group, reply, info);
1305 genl_set_err(&dp_flow_genl_family, sock_net(skb->sk), 0,
1306 GROUP_ID(&ovs_dp_flow_multicast_group), PTR_ERR(reply));
1311 ovs_flow_free(flow, true);
1318 static int ovs_flow_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
1320 struct nlattr *a[__OVS_FLOW_ATTR_MAX];
1321 struct ovs_header *ovs_header = genlmsg_data(nlmsg_data(cb->nlh));
1322 struct table_instance *ti;
1323 struct datapath *dp;
1327 err = genlmsg_parse(cb->nlh, &dp_flow_genl_family, a,
1328 OVS_FLOW_ATTR_MAX, flow_policy);
1331 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
1334 dp = get_dp_rcu(sock_net(skb->sk), ovs_header->dp_ifindex);
1340 ti = rcu_dereference(dp->table.ti);
1342 struct sw_flow *flow;
1345 bucket = cb->args[0];
1347 flow = ovs_flow_tbl_dump_next(ti, &bucket, &obj);
1351 if (ovs_flow_cmd_fill_info(flow, ovs_header->dp_ifindex, skb,
1352 NETLINK_CB(cb->skb).portid,
1353 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1354 OVS_FLOW_CMD_NEW, ufid_flags) < 0)
1357 cb->args[0] = bucket;
1364 static const struct nla_policy flow_policy[OVS_FLOW_ATTR_MAX + 1] = {
1365 [OVS_FLOW_ATTR_KEY] = { .type = NLA_NESTED },
1366 [OVS_FLOW_ATTR_MASK] = { .type = NLA_NESTED },
1367 [OVS_FLOW_ATTR_ACTIONS] = { .type = NLA_NESTED },
1368 [OVS_FLOW_ATTR_CLEAR] = { .type = NLA_FLAG },
1369 [OVS_FLOW_ATTR_PROBE] = { .type = NLA_FLAG },
1370 [OVS_FLOW_ATTR_UFID] = { .type = NLA_UNSPEC, .len = 1 },
1371 [OVS_FLOW_ATTR_UFID_FLAGS] = { .type = NLA_U32 },
1374 static struct genl_ops dp_flow_genl_ops[] = {
1375 { .cmd = OVS_FLOW_CMD_NEW,
1376 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1377 .policy = flow_policy,
1378 .doit = ovs_flow_cmd_new
1380 { .cmd = OVS_FLOW_CMD_DEL,
1381 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1382 .policy = flow_policy,
1383 .doit = ovs_flow_cmd_del
1385 { .cmd = OVS_FLOW_CMD_GET,
1386 .flags = 0, /* OK for unprivileged users. */
1387 .policy = flow_policy,
1388 .doit = ovs_flow_cmd_get,
1389 .dumpit = ovs_flow_cmd_dump
1391 { .cmd = OVS_FLOW_CMD_SET,
1392 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1393 .policy = flow_policy,
1394 .doit = ovs_flow_cmd_set,
1398 static struct genl_family dp_flow_genl_family = {
1399 .id = GENL_ID_GENERATE,
1400 .hdrsize = sizeof(struct ovs_header),
1401 .name = OVS_FLOW_FAMILY,
1402 .version = OVS_FLOW_VERSION,
1403 .maxattr = OVS_FLOW_ATTR_MAX,
1405 .parallel_ops = true,
1406 .ops = dp_flow_genl_ops,
1407 .n_ops = ARRAY_SIZE(dp_flow_genl_ops),
1408 .mcgrps = &ovs_dp_flow_multicast_group,
1412 static size_t ovs_dp_cmd_msg_size(void)
1414 size_t msgsize = NLMSG_ALIGN(sizeof(struct ovs_header));
1416 msgsize += nla_total_size(IFNAMSIZ);
1417 msgsize += nla_total_size(sizeof(struct ovs_dp_stats));
1418 msgsize += nla_total_size(sizeof(struct ovs_dp_megaflow_stats));
1419 msgsize += nla_total_size(sizeof(u32)); /* OVS_DP_ATTR_USER_FEATURES */
1424 /* Called with ovs_mutex. */
1425 static int ovs_dp_cmd_fill_info(struct datapath *dp, struct sk_buff *skb,
1426 u32 portid, u32 seq, u32 flags, u8 cmd)
1428 struct ovs_header *ovs_header;
1429 struct ovs_dp_stats dp_stats;
1430 struct ovs_dp_megaflow_stats dp_megaflow_stats;
1433 ovs_header = genlmsg_put(skb, portid, seq, &dp_datapath_genl_family,
1438 ovs_header->dp_ifindex = get_dpifindex(dp);
1440 err = nla_put_string(skb, OVS_DP_ATTR_NAME, ovs_dp_name(dp));
1442 goto nla_put_failure;
1444 get_dp_stats(dp, &dp_stats, &dp_megaflow_stats);
1445 if (nla_put(skb, OVS_DP_ATTR_STATS, sizeof(struct ovs_dp_stats),
1447 goto nla_put_failure;
1449 if (nla_put(skb, OVS_DP_ATTR_MEGAFLOW_STATS,
1450 sizeof(struct ovs_dp_megaflow_stats),
1451 &dp_megaflow_stats))
1452 goto nla_put_failure;
1454 if (nla_put_u32(skb, OVS_DP_ATTR_USER_FEATURES, dp->user_features))
1455 goto nla_put_failure;
1457 genlmsg_end(skb, ovs_header);
1461 genlmsg_cancel(skb, ovs_header);
1466 static struct sk_buff *ovs_dp_cmd_alloc_info(struct genl_info *info)
1468 return genlmsg_new_unicast(ovs_dp_cmd_msg_size(), info, GFP_KERNEL);
1471 /* Called with rcu_read_lock or ovs_mutex. */
1472 static struct datapath *lookup_datapath(struct net *net,
1473 const struct ovs_header *ovs_header,
1474 struct nlattr *a[OVS_DP_ATTR_MAX + 1])
1476 struct datapath *dp;
1478 if (!a[OVS_DP_ATTR_NAME])
1479 dp = get_dp(net, ovs_header->dp_ifindex);
1481 struct vport *vport;
1483 vport = ovs_vport_locate(net, nla_data(a[OVS_DP_ATTR_NAME]));
1484 dp = vport && vport->port_no == OVSP_LOCAL ? vport->dp : NULL;
1486 return dp ? dp : ERR_PTR(-ENODEV);
1489 static void ovs_dp_reset_user_features(struct sk_buff *skb, struct genl_info *info)
1491 struct datapath *dp;
1493 dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
1497 WARN(dp->user_features, "Dropping previously announced user features\n");
1498 dp->user_features = 0;
1501 static void ovs_dp_change(struct datapath *dp, struct nlattr *a[])
1503 if (a[OVS_DP_ATTR_USER_FEATURES])
1504 dp->user_features = nla_get_u32(a[OVS_DP_ATTR_USER_FEATURES]);
1507 static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info)
1509 struct nlattr **a = info->attrs;
1510 struct vport_parms parms;
1511 struct sk_buff *reply;
1512 struct datapath *dp;
1513 struct vport *vport;
1514 struct ovs_net *ovs_net;
1518 if (!a[OVS_DP_ATTR_NAME] || !a[OVS_DP_ATTR_UPCALL_PID])
1521 reply = ovs_dp_cmd_alloc_info(info);
1526 dp = kzalloc(sizeof(*dp), GFP_KERNEL);
1528 goto err_free_reply;
1530 ovs_dp_set_net(dp, hold_net(sock_net(skb->sk)));
1532 /* Allocate table. */
1533 err = ovs_flow_tbl_init(&dp->table);
1537 dp->stats_percpu = netdev_alloc_pcpu_stats(struct dp_stats_percpu);
1538 if (!dp->stats_percpu) {
1540 goto err_destroy_table;
1543 dp->ports = kmalloc(DP_VPORT_HASH_BUCKETS * sizeof(struct hlist_head),
1547 goto err_destroy_percpu;
1550 for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++)
1551 INIT_HLIST_HEAD(&dp->ports[i]);
1553 /* Set up our datapath device. */
1554 parms.name = nla_data(a[OVS_DP_ATTR_NAME]);
1555 parms.type = OVS_VPORT_TYPE_INTERNAL;
1556 parms.options = NULL;
1558 parms.port_no = OVSP_LOCAL;
1559 parms.upcall_portids = a[OVS_DP_ATTR_UPCALL_PID];
1561 ovs_dp_change(dp, a);
1563 /* So far only local changes have been made, now need the lock. */
1566 vport = new_vport(&parms);
1567 if (IS_ERR(vport)) {
1568 err = PTR_ERR(vport);
1572 if (err == -EEXIST) {
1573 /* An outdated user space instance that does not understand
1574 * the concept of user_features has attempted to create a new
1575 * datapath and is likely to reuse it. Drop all user features.
1577 if (info->genlhdr->version < OVS_DP_VER_FEATURES)
1578 ovs_dp_reset_user_features(skb, info);
1581 goto err_destroy_ports_array;
1584 err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
1585 info->snd_seq, 0, OVS_DP_CMD_NEW);
1588 ovs_net = net_generic(ovs_dp_get_net(dp), ovs_net_id);
1589 list_add_tail_rcu(&dp->list_node, &ovs_net->dps);
1592 ovs_notify(&dp_datapath_genl_family, &ovs_dp_datapath_multicast_group, reply, info);
1595 err_destroy_ports_array:
1599 free_percpu(dp->stats_percpu);
1601 ovs_flow_tbl_destroy(&dp->table);
1603 release_net(ovs_dp_get_net(dp));
1611 /* Called with ovs_mutex. */
1612 static void __dp_destroy(struct datapath *dp)
1616 for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++) {
1617 struct vport *vport;
1618 struct hlist_node *n;
1620 hlist_for_each_entry_safe(vport, n, &dp->ports[i], dp_hash_node)
1621 if (vport->port_no != OVSP_LOCAL)
1622 ovs_dp_detach_port(vport);
1625 list_del_rcu(&dp->list_node);
1627 /* OVSP_LOCAL is datapath internal port. We need to make sure that
1628 * all ports in datapath are destroyed first before freeing datapath.
1630 ovs_dp_detach_port(ovs_vport_ovsl(dp, OVSP_LOCAL));
1632 /* RCU destroy the flow table */
1633 call_rcu(&dp->rcu, destroy_dp_rcu);
1636 static int ovs_dp_cmd_del(struct sk_buff *skb, struct genl_info *info)
1638 struct sk_buff *reply;
1639 struct datapath *dp;
1642 reply = ovs_dp_cmd_alloc_info(info);
1647 dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
1650 goto err_unlock_free;
1652 err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
1653 info->snd_seq, 0, OVS_DP_CMD_DEL);
1659 ovs_notify(&dp_datapath_genl_family, &ovs_dp_datapath_multicast_group, reply, info);
1668 static int ovs_dp_cmd_set(struct sk_buff *skb, struct genl_info *info)
1670 struct sk_buff *reply;
1671 struct datapath *dp;
1674 reply = ovs_dp_cmd_alloc_info(info);
1679 dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
1682 goto err_unlock_free;
1684 ovs_dp_change(dp, info->attrs);
1686 err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
1687 info->snd_seq, 0, OVS_DP_CMD_NEW);
1691 ovs_notify(&dp_datapath_genl_family, &ovs_dp_datapath_multicast_group, reply, info);
1700 static int ovs_dp_cmd_get(struct sk_buff *skb, struct genl_info *info)
1702 struct sk_buff *reply;
1703 struct datapath *dp;
1706 reply = ovs_dp_cmd_alloc_info(info);
1711 dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
1714 goto err_unlock_free;
1716 err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
1717 info->snd_seq, 0, OVS_DP_CMD_NEW);
1721 return genlmsg_reply(reply, info);
1729 static int ovs_dp_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
1731 struct ovs_net *ovs_net = net_generic(sock_net(skb->sk), ovs_net_id);
1732 struct datapath *dp;
1733 int skip = cb->args[0];
1737 list_for_each_entry(dp, &ovs_net->dps, list_node) {
1739 ovs_dp_cmd_fill_info(dp, skb, NETLINK_CB(cb->skb).portid,
1740 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1741 OVS_DP_CMD_NEW) < 0)
1752 static const struct nla_policy datapath_policy[OVS_DP_ATTR_MAX + 1] = {
1753 [OVS_DP_ATTR_NAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
1754 [OVS_DP_ATTR_UPCALL_PID] = { .type = NLA_U32 },
1755 [OVS_DP_ATTR_USER_FEATURES] = { .type = NLA_U32 },
1758 static struct genl_ops dp_datapath_genl_ops[] = {
1759 { .cmd = OVS_DP_CMD_NEW,
1760 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1761 .policy = datapath_policy,
1762 .doit = ovs_dp_cmd_new
1764 { .cmd = OVS_DP_CMD_DEL,
1765 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1766 .policy = datapath_policy,
1767 .doit = ovs_dp_cmd_del
1769 { .cmd = OVS_DP_CMD_GET,
1770 .flags = 0, /* OK for unprivileged users. */
1771 .policy = datapath_policy,
1772 .doit = ovs_dp_cmd_get,
1773 .dumpit = ovs_dp_cmd_dump
1775 { .cmd = OVS_DP_CMD_SET,
1776 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1777 .policy = datapath_policy,
1778 .doit = ovs_dp_cmd_set,
1782 static struct genl_family dp_datapath_genl_family = {
1783 .id = GENL_ID_GENERATE,
1784 .hdrsize = sizeof(struct ovs_header),
1785 .name = OVS_DATAPATH_FAMILY,
1786 .version = OVS_DATAPATH_VERSION,
1787 .maxattr = OVS_DP_ATTR_MAX,
1789 .parallel_ops = true,
1790 .ops = dp_datapath_genl_ops,
1791 .n_ops = ARRAY_SIZE(dp_datapath_genl_ops),
1792 .mcgrps = &ovs_dp_datapath_multicast_group,
1796 /* Called with ovs_mutex or RCU read lock. */
1797 static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb,
1798 u32 portid, u32 seq, u32 flags, u8 cmd)
1800 struct ovs_header *ovs_header;
1801 struct ovs_vport_stats vport_stats;
1804 ovs_header = genlmsg_put(skb, portid, seq, &dp_vport_genl_family,
1809 ovs_header->dp_ifindex = get_dpifindex(vport->dp);
1811 if (nla_put_u32(skb, OVS_VPORT_ATTR_PORT_NO, vport->port_no) ||
1812 nla_put_u32(skb, OVS_VPORT_ATTR_TYPE, vport->ops->type) ||
1813 nla_put_string(skb, OVS_VPORT_ATTR_NAME, vport->ops->get_name(vport)))
1814 goto nla_put_failure;
1816 ovs_vport_get_stats(vport, &vport_stats);
1817 if (nla_put(skb, OVS_VPORT_ATTR_STATS, sizeof(struct ovs_vport_stats),
1819 goto nla_put_failure;
1821 if (ovs_vport_get_upcall_portids(vport, skb))
1822 goto nla_put_failure;
1824 err = ovs_vport_get_options(vport, skb);
1825 if (err == -EMSGSIZE)
1828 genlmsg_end(skb, ovs_header);
1834 genlmsg_cancel(skb, ovs_header);
1838 static struct sk_buff *ovs_vport_cmd_alloc_info(void)
1840 return nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1843 /* Called with ovs_mutex, only via ovs_dp_notify_wq(). */
1844 struct sk_buff *ovs_vport_cmd_build_info(struct vport *vport, u32 portid,
1847 struct sk_buff *skb;
1850 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
1852 return ERR_PTR(-ENOMEM);
1854 retval = ovs_vport_cmd_fill_info(vport, skb, portid, seq, 0, cmd);
1860 /* Called with ovs_mutex or RCU read lock. */
1861 static struct vport *lookup_vport(struct net *net,
1862 const struct ovs_header *ovs_header,
1863 struct nlattr *a[OVS_VPORT_ATTR_MAX + 1])
1865 struct datapath *dp;
1866 struct vport *vport;
1868 if (a[OVS_VPORT_ATTR_NAME]) {
1869 vport = ovs_vport_locate(net, nla_data(a[OVS_VPORT_ATTR_NAME]));
1871 return ERR_PTR(-ENODEV);
1872 if (ovs_header->dp_ifindex &&
1873 ovs_header->dp_ifindex != get_dpifindex(vport->dp))
1874 return ERR_PTR(-ENODEV);
1876 } else if (a[OVS_VPORT_ATTR_PORT_NO]) {
1877 u32 port_no = nla_get_u32(a[OVS_VPORT_ATTR_PORT_NO]);
1879 if (port_no >= DP_MAX_PORTS)
1880 return ERR_PTR(-EFBIG);
1882 dp = get_dp(net, ovs_header->dp_ifindex);
1884 return ERR_PTR(-ENODEV);
1886 vport = ovs_vport_ovsl_rcu(dp, port_no);
1888 return ERR_PTR(-ENODEV);
1891 return ERR_PTR(-EINVAL);
1894 static int ovs_vport_cmd_new(struct sk_buff *skb, struct genl_info *info)
1896 struct nlattr **a = info->attrs;
1897 struct ovs_header *ovs_header = info->userhdr;
1898 struct vport_parms parms;
1899 struct sk_buff *reply;
1900 struct vport *vport;
1901 struct datapath *dp;
1905 if (!a[OVS_VPORT_ATTR_NAME] || !a[OVS_VPORT_ATTR_TYPE] ||
1906 !a[OVS_VPORT_ATTR_UPCALL_PID])
1909 port_no = a[OVS_VPORT_ATTR_PORT_NO]
1910 ? nla_get_u32(a[OVS_VPORT_ATTR_PORT_NO]) : 0;
1911 if (port_no >= DP_MAX_PORTS)
1914 reply = ovs_vport_cmd_alloc_info();
1920 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
1923 goto exit_unlock_free;
1926 vport = ovs_vport_ovsl(dp, port_no);
1929 goto exit_unlock_free;
1931 for (port_no = 1; ; port_no++) {
1932 if (port_no >= DP_MAX_PORTS) {
1934 goto exit_unlock_free;
1936 vport = ovs_vport_ovsl(dp, port_no);
1942 parms.name = nla_data(a[OVS_VPORT_ATTR_NAME]);
1943 parms.type = nla_get_u32(a[OVS_VPORT_ATTR_TYPE]);
1944 parms.options = a[OVS_VPORT_ATTR_OPTIONS];
1946 parms.port_no = port_no;
1947 parms.upcall_portids = a[OVS_VPORT_ATTR_UPCALL_PID];
1949 vport = new_vport(&parms);
1950 err = PTR_ERR(vport);
1951 if (IS_ERR(vport)) {
1954 goto exit_unlock_free;
1957 err = ovs_vport_cmd_fill_info(vport, reply, info->snd_portid,
1958 info->snd_seq, 0, OVS_VPORT_CMD_NEW);
1962 ovs_notify(&dp_vport_genl_family, &ovs_dp_vport_multicast_group, reply, info);
1971 static int ovs_vport_cmd_set(struct sk_buff *skb, struct genl_info *info)
1973 struct nlattr **a = info->attrs;
1974 struct sk_buff *reply;
1975 struct vport *vport;
1978 reply = ovs_vport_cmd_alloc_info();
1983 vport = lookup_vport(sock_net(skb->sk), info->userhdr, a);
1984 err = PTR_ERR(vport);
1986 goto exit_unlock_free;
1988 if (a[OVS_VPORT_ATTR_TYPE] &&
1989 nla_get_u32(a[OVS_VPORT_ATTR_TYPE]) != vport->ops->type) {
1991 goto exit_unlock_free;
1994 if (a[OVS_VPORT_ATTR_OPTIONS]) {
1995 err = ovs_vport_set_options(vport, a[OVS_VPORT_ATTR_OPTIONS]);
1997 goto exit_unlock_free;
2000 if (a[OVS_VPORT_ATTR_UPCALL_PID]) {
2001 struct nlattr *ids = a[OVS_VPORT_ATTR_UPCALL_PID];
2003 err = ovs_vport_set_upcall_portids(vport, ids);
2005 goto exit_unlock_free;
2008 err = ovs_vport_cmd_fill_info(vport, reply, info->snd_portid,
2009 info->snd_seq, 0, OVS_VPORT_CMD_NEW);
2013 ovs_notify(&dp_vport_genl_family, &ovs_dp_vport_multicast_group, reply, info);
2022 static int ovs_vport_cmd_del(struct sk_buff *skb, struct genl_info *info)
2024 struct nlattr **a = info->attrs;
2025 struct sk_buff *reply;
2026 struct vport *vport;
2029 reply = ovs_vport_cmd_alloc_info();
2034 vport = lookup_vport(sock_net(skb->sk), info->userhdr, a);
2035 err = PTR_ERR(vport);
2037 goto exit_unlock_free;
2039 if (vport->port_no == OVSP_LOCAL) {
2041 goto exit_unlock_free;
2044 err = ovs_vport_cmd_fill_info(vport, reply, info->snd_portid,
2045 info->snd_seq, 0, OVS_VPORT_CMD_DEL);
2047 ovs_dp_detach_port(vport);
2050 ovs_notify(&dp_vport_genl_family, &ovs_dp_vport_multicast_group, reply, info);
2059 static int ovs_vport_cmd_get(struct sk_buff *skb, struct genl_info *info)
2061 struct nlattr **a = info->attrs;
2062 struct ovs_header *ovs_header = info->userhdr;
2063 struct sk_buff *reply;
2064 struct vport *vport;
2067 reply = ovs_vport_cmd_alloc_info();
2072 vport = lookup_vport(sock_net(skb->sk), ovs_header, a);
2073 err = PTR_ERR(vport);
2075 goto exit_unlock_free;
2076 err = ovs_vport_cmd_fill_info(vport, reply, info->snd_portid,
2077 info->snd_seq, 0, OVS_VPORT_CMD_NEW);
2081 return genlmsg_reply(reply, info);
2089 static int ovs_vport_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
2091 struct ovs_header *ovs_header = genlmsg_data(nlmsg_data(cb->nlh));
2092 struct datapath *dp;
2093 int bucket = cb->args[0], skip = cb->args[1];
2097 dp = get_dp_rcu(sock_net(skb->sk), ovs_header->dp_ifindex);
2102 for (i = bucket; i < DP_VPORT_HASH_BUCKETS; i++) {
2103 struct vport *vport;
2106 hlist_for_each_entry_rcu(vport, &dp->ports[i], dp_hash_node) {
2108 ovs_vport_cmd_fill_info(vport, skb,
2109 NETLINK_CB(cb->skb).portid,
2112 OVS_VPORT_CMD_NEW) < 0)
2128 static const struct nla_policy vport_policy[OVS_VPORT_ATTR_MAX + 1] = {
2129 [OVS_VPORT_ATTR_NAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
2130 [OVS_VPORT_ATTR_STATS] = { .len = sizeof(struct ovs_vport_stats) },
2131 [OVS_VPORT_ATTR_PORT_NO] = { .type = NLA_U32 },
2132 [OVS_VPORT_ATTR_TYPE] = { .type = NLA_U32 },
2133 [OVS_VPORT_ATTR_UPCALL_PID] = { .type = NLA_U32 },
2134 [OVS_VPORT_ATTR_OPTIONS] = { .type = NLA_NESTED },
2137 static struct genl_ops dp_vport_genl_ops[] = {
2138 { .cmd = OVS_VPORT_CMD_NEW,
2139 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
2140 .policy = vport_policy,
2141 .doit = ovs_vport_cmd_new
2143 { .cmd = OVS_VPORT_CMD_DEL,
2144 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
2145 .policy = vport_policy,
2146 .doit = ovs_vport_cmd_del
2148 { .cmd = OVS_VPORT_CMD_GET,
2149 .flags = 0, /* OK for unprivileged users. */
2150 .policy = vport_policy,
2151 .doit = ovs_vport_cmd_get,
2152 .dumpit = ovs_vport_cmd_dump
2154 { .cmd = OVS_VPORT_CMD_SET,
2155 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
2156 .policy = vport_policy,
2157 .doit = ovs_vport_cmd_set,
2161 struct genl_family dp_vport_genl_family = {
2162 .id = GENL_ID_GENERATE,
2163 .hdrsize = sizeof(struct ovs_header),
2164 .name = OVS_VPORT_FAMILY,
2165 .version = OVS_VPORT_VERSION,
2166 .maxattr = OVS_VPORT_ATTR_MAX,
2168 .parallel_ops = true,
2169 .ops = dp_vport_genl_ops,
2170 .n_ops = ARRAY_SIZE(dp_vport_genl_ops),
2171 .mcgrps = &ovs_dp_vport_multicast_group,
2175 static struct genl_family *dp_genl_families[] = {
2176 &dp_datapath_genl_family,
2177 &dp_vport_genl_family,
2178 &dp_flow_genl_family,
2179 &dp_packet_genl_family,
2182 static void dp_unregister_genl(int n_families)
2186 for (i = 0; i < n_families; i++)
2187 genl_unregister_family(dp_genl_families[i]);
2190 static int dp_register_genl(void)
2195 for (i = 0; i < ARRAY_SIZE(dp_genl_families); i++) {
2197 err = genl_register_family(dp_genl_families[i]);
2205 dp_unregister_genl(i);
2209 static int __net_init ovs_init_net(struct net *net)
2211 struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
2213 INIT_LIST_HEAD(&ovs_net->dps);
2214 INIT_WORK(&ovs_net->dp_notify_work, ovs_dp_notify_wq);
2218 static void __net_exit list_vports_from_net(struct net *net, struct net *dnet,
2219 struct list_head *head)
2221 struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
2222 struct datapath *dp;
2224 list_for_each_entry(dp, &ovs_net->dps, list_node) {
2227 for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++) {
2228 struct vport *vport;
2230 hlist_for_each_entry(vport, &dp->ports[i], dp_hash_node) {
2231 struct netdev_vport *netdev_vport;
2233 if (vport->ops->type != OVS_VPORT_TYPE_INTERNAL)
2236 netdev_vport = netdev_vport_priv(vport);
2237 if (dev_net(netdev_vport->dev) == dnet)
2238 list_add(&vport->detach_list, head);
2244 static void __net_exit ovs_exit_net(struct net *dnet)
2246 struct datapath *dp, *dp_next;
2247 struct ovs_net *ovs_net = net_generic(dnet, ovs_net_id);
2248 struct vport *vport, *vport_next;
2253 list_for_each_entry_safe(dp, dp_next, &ovs_net->dps, list_node)
2258 list_vports_from_net(net, dnet, &head);
2261 /* Detach all vports from given namespace. */
2262 list_for_each_entry_safe(vport, vport_next, &head, detach_list) {
2263 list_del(&vport->detach_list);
2264 ovs_dp_detach_port(vport);
2269 cancel_work_sync(&ovs_net->dp_notify_work);
2272 static struct pernet_operations ovs_net_ops = {
2273 .init = ovs_init_net,
2274 .exit = ovs_exit_net,
2276 .size = sizeof(struct ovs_net),
2279 DEFINE_COMPAT_PNET_REG_FUNC(device);
2281 static int __init dp_init(void)
2285 BUILD_BUG_ON(sizeof(struct ovs_skb_cb) > FIELD_SIZEOF(struct sk_buff, cb));
2287 pr_info("Open vSwitch switching datapath %s\n", VERSION);
2289 err = action_fifos_init();
2293 err = ovs_internal_dev_rtnl_link_register();
2295 goto error_action_fifos_exit;
2297 err = ovs_flow_init();
2299 goto error_unreg_rtnl_link;
2301 err = ovs_vport_init();
2303 goto error_flow_exit;
2305 err = register_pernet_device(&ovs_net_ops);
2307 goto error_vport_exit;
2309 err = register_netdevice_notifier(&ovs_dp_device_notifier);
2311 goto error_netns_exit;
2313 err = ovs_netdev_init();
2315 goto error_unreg_notifier;
2317 err = dp_register_genl();
2319 goto error_unreg_netdev;
2325 error_unreg_notifier:
2326 unregister_netdevice_notifier(&ovs_dp_device_notifier);
2328 unregister_pernet_device(&ovs_net_ops);
2333 error_unreg_rtnl_link:
2334 ovs_internal_dev_rtnl_link_unregister();
2335 error_action_fifos_exit:
2336 action_fifos_exit();
2341 static void dp_cleanup(void)
2343 dp_unregister_genl(ARRAY_SIZE(dp_genl_families));
2345 unregister_netdevice_notifier(&ovs_dp_device_notifier);
2346 unregister_pernet_device(&ovs_net_ops);
2350 ovs_internal_dev_rtnl_link_unregister();
2351 action_fifos_exit();
2354 module_init(dp_init);
2355 module_exit(dp_cleanup);
2357 MODULE_DESCRIPTION("Open vSwitch switching datapath");
2358 MODULE_LICENSE("GPL");
2359 MODULE_VERSION(VERSION);
projects / cascardo / ovs.git / blob