2 * Copyright (c) 2007-2015 Nicira, Inc.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of version 2 of the GNU General Public
6 * License as published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
21 #include <linux/init.h>
22 #include <linux/module.h>
23 #include <linux/if_arp.h>
24 #include <linux/if_vlan.h>
27 #include <linux/jhash.h>
28 #include <linux/delay.h>
29 #include <linux/time.h>
30 #include <linux/etherdevice.h>
31 #include <linux/genetlink.h>
32 #include <linux/kernel.h>
33 #include <linux/kthread.h>
34 #include <linux/mutex.h>
35 #include <linux/percpu.h>
36 #include <linux/rcupdate.h>
37 #include <linux/tcp.h>
38 #include <linux/udp.h>
39 #include <linux/version.h>
40 #include <linux/ethtool.h>
41 #include <linux/wait.h>
42 #include <asm/div64.h>
43 #include <linux/highmem.h>
44 #include <linux/netfilter_bridge.h>
45 #include <linux/netfilter_ipv4.h>
46 #include <linux/inetdevice.h>
47 #include <linux/list.h>
48 #include <linux/openvswitch.h>
49 #include <linux/rculist.h>
50 #include <linux/dmi.h>
51 #include <net/genetlink.h>
52 #include <net/net_namespace.h>
53 #include <net/netns/generic.h>
56 #include "conntrack.h"
58 #include "flow_table.h"
59 #include "flow_netlink.h"
61 #include "vport-internal_dev.h"
62 #include "vport-netdev.h"
64 int ovs_net_id __read_mostly;
65 EXPORT_SYMBOL_GPL(ovs_net_id);
67 static struct genl_family dp_packet_genl_family;
68 static struct genl_family dp_flow_genl_family;
69 static struct genl_family dp_datapath_genl_family;
71 static const struct nla_policy flow_policy[];
73 static struct genl_multicast_group ovs_dp_flow_multicast_group = {
74 .name = OVS_FLOW_MCGROUP
77 static struct genl_multicast_group ovs_dp_datapath_multicast_group = {
78 .name = OVS_DATAPATH_MCGROUP
81 struct genl_multicast_group ovs_dp_vport_multicast_group = {
82 .name = OVS_VPORT_MCGROUP
85 /* Check if need to build a reply message.
86 * OVS userspace sets the NLM_F_ECHO flag if it needs the reply.
88 static bool ovs_must_notify(struct genl_family *family, struct genl_info *info,
91 return info->nlhdr->nlmsg_flags & NLM_F_ECHO ||
92 genl_has_listeners(family, genl_info_net(info), group);
95 static void ovs_notify(struct genl_family *family, struct genl_multicast_group *grp,
96 struct sk_buff *skb, struct genl_info *info)
98 genl_notify(family, skb, genl_info_net(info),
99 info->snd_portid, GROUP_ID(grp), info->nlhdr, GFP_KERNEL);
105 * All writes e.g. Writes to device state (add/remove datapath, port, set
106 * operations on vports, etc.), Writes to other state (flow table
107 * modifications, set miscellaneous datapath parameters, etc.) are protected
110 * Reads are protected by RCU.
112 * There are a few special cases (mostly stats) that have their own
113 * synchronization but they nest under all of above and don't interact with
116 * The RTNL lock nests inside ovs_mutex.
119 static DEFINE_MUTEX(ovs_mutex);
123 mutex_lock(&ovs_mutex);
126 void ovs_unlock(void)
128 mutex_unlock(&ovs_mutex);
131 #ifdef CONFIG_LOCKDEP
132 int lockdep_ovsl_is_held(void)
135 return lockdep_is_held(&ovs_mutex);
139 EXPORT_SYMBOL_GPL(lockdep_ovsl_is_held);
142 static int queue_gso_packets(struct datapath *dp, struct sk_buff *,
143 const struct sw_flow_key *,
144 const struct dp_upcall_info *,
146 static int queue_userspace_packet(struct datapath *dp, struct sk_buff *,
147 const struct sw_flow_key *,
148 const struct dp_upcall_info *,
151 /* Must be called with rcu_read_lock. */
152 static struct datapath *get_dp_rcu(struct net *net, int dp_ifindex)
154 struct net_device *dev = dev_get_by_index_rcu(net, dp_ifindex);
157 struct vport *vport = ovs_internal_dev_get_vport(dev);
165 /* The caller must hold either ovs_mutex or rcu_read_lock to keep the
166 * returned dp pointer valid.
168 static inline struct datapath *get_dp(struct net *net, int dp_ifindex)
172 WARN_ON_ONCE(!rcu_read_lock_held() && !lockdep_ovsl_is_held());
174 dp = get_dp_rcu(net, dp_ifindex);
180 /* Must be called with rcu_read_lock or ovs_mutex. */
181 const char *ovs_dp_name(const struct datapath *dp)
183 struct vport *vport = ovs_vport_ovsl_rcu(dp, OVSP_LOCAL);
184 return ovs_vport_name(vport);
187 static int get_dpifindex(const struct datapath *dp)
194 local = ovs_vport_rcu(dp, OVSP_LOCAL);
196 ifindex = local->dev->ifindex;
205 static void destroy_dp_rcu(struct rcu_head *rcu)
207 struct datapath *dp = container_of(rcu, struct datapath, rcu);
209 ovs_flow_tbl_destroy(&dp->table);
210 free_percpu(dp->stats_percpu);
215 static struct hlist_head *vport_hash_bucket(const struct datapath *dp,
218 return &dp->ports[port_no & (DP_VPORT_HASH_BUCKETS - 1)];
221 /* Called with ovs_mutex or RCU read lock. */
222 struct vport *ovs_lookup_vport(const struct datapath *dp, u16 port_no)
225 struct hlist_head *head;
227 head = vport_hash_bucket(dp, port_no);
228 hlist_for_each_entry_rcu(vport, head, dp_hash_node) {
229 if (vport->port_no == port_no)
235 /* Called with ovs_mutex. */
236 static struct vport *new_vport(const struct vport_parms *parms)
240 vport = ovs_vport_add(parms);
241 if (!IS_ERR(vport)) {
242 struct datapath *dp = parms->dp;
243 struct hlist_head *head = vport_hash_bucket(dp, vport->port_no);
245 hlist_add_head_rcu(&vport->dp_hash_node, head);
250 void ovs_dp_detach_port(struct vport *p)
254 /* First drop references to device. */
255 hlist_del_rcu(&p->dp_hash_node);
257 /* Then destroy it. */
261 /* Must be called with rcu_read_lock. */
262 void ovs_dp_process_packet(struct sk_buff *skb, struct sw_flow_key *key)
264 const struct vport *p = OVS_CB(skb)->input_vport;
265 struct datapath *dp = p->dp;
266 struct sw_flow *flow;
267 struct sw_flow_actions *sf_acts;
268 struct dp_stats_percpu *stats;
272 stats = this_cpu_ptr(dp->stats_percpu);
275 flow = ovs_flow_tbl_lookup_stats(&dp->table, key, skb_get_hash(skb),
277 if (unlikely(!flow)) {
278 struct dp_upcall_info upcall;
281 memset(&upcall, 0, sizeof(upcall));
282 upcall.cmd = OVS_PACKET_CMD_MISS;
283 upcall.portid = ovs_vport_find_upcall_portid(p, skb);
284 upcall.mru = OVS_CB(skb)->mru;
285 error = ovs_dp_upcall(dp, skb, key, &upcall, 0);
290 stats_counter = &stats->n_missed;
294 ovs_flow_stats_update(flow, key->tp.flags, skb);
295 sf_acts = rcu_dereference(flow->sf_acts);
296 ovs_execute_actions(dp, skb, sf_acts, key);
298 stats_counter = &stats->n_hit;
301 /* Update datapath statistics. */
302 u64_stats_update_begin(&stats->syncp);
304 stats->n_mask_hit += n_mask_hit;
305 u64_stats_update_end(&stats->syncp);
308 int ovs_dp_upcall(struct datapath *dp, struct sk_buff *skb,
309 const struct sw_flow_key *key,
310 const struct dp_upcall_info *upcall_info,
313 struct dp_stats_percpu *stats;
316 if (upcall_info->portid == 0) {
321 if (!skb_is_gso(skb))
322 err = queue_userspace_packet(dp, skb, key, upcall_info, cutlen);
324 err = queue_gso_packets(dp, skb, key, upcall_info, cutlen);
331 stats = this_cpu_ptr(dp->stats_percpu);
333 u64_stats_update_begin(&stats->syncp);
335 u64_stats_update_end(&stats->syncp);
340 static int queue_gso_packets(struct datapath *dp, struct sk_buff *skb,
341 const struct sw_flow_key *key,
342 const struct dp_upcall_info *upcall_info,
345 unsigned short gso_type = skb_shinfo(skb)->gso_type;
346 struct sw_flow_key later_key;
347 struct sk_buff *segs, *nskb;
348 struct ovs_skb_cb ovs_cb;
351 ovs_cb = *OVS_CB(skb);
352 segs = __skb_gso_segment(skb, NETIF_F_SG, false);
353 *OVS_CB(skb) = ovs_cb;
355 return PTR_ERR(segs);
359 if (gso_type & SKB_GSO_UDP) {
360 /* The initial flow key extracted by ovs_flow_key_extract()
361 * in this case is for a first fragment, so we need to
362 * properly mark later fragments.
365 later_key.ip.frag = OVS_FRAG_TYPE_LATER;
368 /* Queue all of the segments. */
371 *OVS_CB(skb) = ovs_cb;
372 if (gso_type & SKB_GSO_UDP && skb != segs)
375 err = queue_userspace_packet(dp, skb, key, upcall_info, cutlen);
379 } while ((skb = skb->next));
381 /* Free all of the segments. */
389 } while ((skb = nskb));
393 static size_t upcall_msg_size(const struct dp_upcall_info *upcall_info,
396 size_t size = NLMSG_ALIGN(sizeof(struct ovs_header))
397 + nla_total_size(hdrlen) /* OVS_PACKET_ATTR_PACKET */
398 + nla_total_size(ovs_key_attr_size()) /* OVS_PACKET_ATTR_KEY */
399 + nla_total_size(sizeof(unsigned int)); /* OVS_PACKET_ATTR_LEN */
401 /* OVS_PACKET_ATTR_USERDATA */
402 if (upcall_info->userdata)
403 size += NLA_ALIGN(upcall_info->userdata->nla_len);
405 /* OVS_PACKET_ATTR_EGRESS_TUN_KEY */
406 if (upcall_info->egress_tun_info)
407 size += nla_total_size(ovs_tun_key_attr_size());
409 /* OVS_PACKET_ATTR_ACTIONS */
410 if (upcall_info->actions_len)
411 size += nla_total_size(upcall_info->actions_len);
413 /* OVS_PACKET_ATTR_MRU */
414 if (upcall_info->mru)
415 size += nla_total_size(sizeof(upcall_info->mru));
420 static void pad_packet(struct datapath *dp, struct sk_buff *skb)
422 if (!(dp->user_features & OVS_DP_F_UNALIGNED)) {
423 size_t plen = NLA_ALIGN(skb->len) - skb->len;
426 memset(skb_put(skb, plen), 0, plen);
430 static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb,
431 const struct sw_flow_key *key,
432 const struct dp_upcall_info *upcall_info,
435 struct ovs_header *upcall;
436 struct sk_buff *nskb = NULL;
437 struct sk_buff *user_skb = NULL; /* to be queued to userspace */
439 struct genl_info info = {
440 #ifdef HAVE_GENLMSG_NEW_UNICAST
441 .dst_sk = ovs_dp_get_net(dp)->genl_sock,
443 .snd_portid = upcall_info->portid,
449 dp_ifindex = get_dpifindex(dp);
453 if (skb_vlan_tag_present(skb)) {
454 nskb = skb_clone(skb, GFP_ATOMIC);
458 nskb = __vlan_hwaccel_push_inside(nskb);
465 if (nla_attr_size(skb->len) > USHRT_MAX) {
470 /* Complete checksum if needed */
471 if (skb->ip_summed == CHECKSUM_PARTIAL &&
472 (err = skb_checksum_help(skb)))
475 /* Older versions of OVS user space enforce alignment of the last
476 * Netlink attribute to NLA_ALIGNTO which would require extensive
477 * padding logic. Only perform zerocopy if padding is not required.
479 if (dp->user_features & OVS_DP_F_UNALIGNED)
480 hlen = skb_zerocopy_headlen(skb);
484 len = upcall_msg_size(upcall_info, hlen - cutlen);
485 user_skb = genlmsg_new_unicast(len, &info, GFP_ATOMIC);
491 upcall = genlmsg_put(user_skb, 0, 0, &dp_packet_genl_family,
492 0, upcall_info->cmd);
493 upcall->dp_ifindex = dp_ifindex;
495 err = ovs_nla_put_key(key, key, OVS_PACKET_ATTR_KEY, false, user_skb);
498 if (upcall_info->userdata)
499 __nla_put(user_skb, OVS_PACKET_ATTR_USERDATA,
500 nla_len(upcall_info->userdata),
501 nla_data(upcall_info->userdata));
504 if (upcall_info->egress_tun_info) {
505 nla = nla_nest_start(user_skb, OVS_PACKET_ATTR_EGRESS_TUN_KEY);
506 err = ovs_nla_put_tunnel_info(user_skb,
507 upcall_info->egress_tun_info);
509 nla_nest_end(user_skb, nla);
512 if (upcall_info->actions_len) {
513 nla = nla_nest_start(user_skb, OVS_PACKET_ATTR_ACTIONS);
514 err = ovs_nla_put_actions(upcall_info->actions,
515 upcall_info->actions_len,
518 nla_nest_end(user_skb, nla);
520 nla_nest_cancel(user_skb, nla);
523 /* Add OVS_PACKET_ATTR_MRU */
524 if (upcall_info->mru) {
525 if (nla_put_u16(user_skb, OVS_PACKET_ATTR_MRU,
530 pad_packet(dp, user_skb);
533 /* Add OVS_PACKET_ATTR_LEN when packet is truncated */
535 if (nla_put_u32(user_skb, OVS_PACKET_ATTR_LEN,
540 pad_packet(dp, user_skb);
543 /* Only reserve room for attribute header, packet data is added
546 if (!(nla = nla_reserve(user_skb, OVS_PACKET_ATTR_PACKET, 0))) {
550 nla->nla_len = nla_attr_size(skb->len - cutlen);
552 err = skb_zerocopy(user_skb, skb, skb->len - cutlen, hlen);
556 /* Pad OVS_PACKET_ATTR_PACKET if linear copy was performed */
557 pad_packet(dp, user_skb);
559 ((struct nlmsghdr *) user_skb->data)->nlmsg_len = user_skb->len;
561 err = genlmsg_unicast(ovs_dp_get_net(dp), user_skb, upcall_info->portid);
571 static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info)
573 struct ovs_header *ovs_header = info->userhdr;
574 struct net *net = sock_net(skb->sk);
575 struct nlattr **a = info->attrs;
576 struct sw_flow_actions *acts;
577 struct sk_buff *packet;
578 struct sw_flow *flow;
579 struct sw_flow_actions *sf_acts;
582 struct vport *input_vport;
586 bool log = !a[OVS_PACKET_ATTR_PROBE];
589 if (!a[OVS_PACKET_ATTR_PACKET] || !a[OVS_PACKET_ATTR_KEY] ||
590 !a[OVS_PACKET_ATTR_ACTIONS])
593 len = nla_len(a[OVS_PACKET_ATTR_PACKET]);
594 packet = __dev_alloc_skb(NET_IP_ALIGN + len, GFP_KERNEL);
598 skb_reserve(packet, NET_IP_ALIGN);
600 nla_memcpy(__skb_put(packet, len), a[OVS_PACKET_ATTR_PACKET], len);
602 skb_reset_mac_header(packet);
603 eth = eth_hdr(packet);
605 /* Normally, setting the skb 'protocol' field would be handled by a
606 * call to eth_type_trans(), but it assumes there's a sending
607 * device, which we may not have.
609 if (eth_proto_is_802_3(eth->h_proto))
610 packet->protocol = eth->h_proto;
612 packet->protocol = htons(ETH_P_802_2);
614 /* Set packet's mru */
615 if (a[OVS_PACKET_ATTR_MRU]) {
616 mru = nla_get_u16(a[OVS_PACKET_ATTR_MRU]);
617 packet->ignore_df = 1;
619 OVS_CB(packet)->mru = mru;
621 /* Build an sw_flow for sending this packet. */
622 flow = ovs_flow_alloc();
627 err = ovs_flow_key_extract_userspace(net, a[OVS_PACKET_ATTR_KEY],
628 packet, &flow->key, log);
632 err = ovs_nla_copy_actions(net, a[OVS_PACKET_ATTR_ACTIONS],
633 &flow->key, &acts, log);
637 rcu_assign_pointer(flow->sf_acts, acts);
638 packet->priority = flow->key.phy.priority;
639 packet->mark = flow->key.phy.skb_mark;
642 dp = get_dp_rcu(net, ovs_header->dp_ifindex);
647 input_vport = ovs_vport_rcu(dp, flow->key.phy.in_port);
649 input_vport = ovs_vport_rcu(dp, OVSP_LOCAL);
654 packet->dev = input_vport->dev;
655 OVS_CB(packet)->input_vport = input_vport;
656 sf_acts = rcu_dereference(flow->sf_acts);
659 err = ovs_execute_actions(dp, packet, sf_acts, &flow->key);
663 ovs_flow_free(flow, false);
669 ovs_flow_free(flow, false);
676 static const struct nla_policy packet_policy[OVS_PACKET_ATTR_MAX + 1] = {
677 [OVS_PACKET_ATTR_PACKET] = { .len = ETH_HLEN },
678 [OVS_PACKET_ATTR_KEY] = { .type = NLA_NESTED },
679 [OVS_PACKET_ATTR_ACTIONS] = { .type = NLA_NESTED },
680 [OVS_PACKET_ATTR_PROBE] = { .type = NLA_FLAG },
681 [OVS_PACKET_ATTR_MRU] = { .type = NLA_U16 },
684 static struct genl_ops dp_packet_genl_ops[] = {
685 { .cmd = OVS_PACKET_CMD_EXECUTE,
686 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
687 .policy = packet_policy,
688 .doit = ovs_packet_cmd_execute
692 static struct genl_family dp_packet_genl_family = {
693 .id = GENL_ID_GENERATE,
694 .hdrsize = sizeof(struct ovs_header),
695 .name = OVS_PACKET_FAMILY,
696 .version = OVS_PACKET_VERSION,
697 .maxattr = OVS_PACKET_ATTR_MAX,
699 .parallel_ops = true,
700 .ops = dp_packet_genl_ops,
701 .n_ops = ARRAY_SIZE(dp_packet_genl_ops),
704 static void get_dp_stats(const struct datapath *dp, struct ovs_dp_stats *stats,
705 struct ovs_dp_megaflow_stats *mega_stats)
709 memset(mega_stats, 0, sizeof(*mega_stats));
711 stats->n_flows = ovs_flow_tbl_count(&dp->table);
712 mega_stats->n_masks = ovs_flow_tbl_num_masks(&dp->table);
714 stats->n_hit = stats->n_missed = stats->n_lost = 0;
716 for_each_possible_cpu(i) {
717 const struct dp_stats_percpu *percpu_stats;
718 struct dp_stats_percpu local_stats;
721 percpu_stats = per_cpu_ptr(dp->stats_percpu, i);
724 start = u64_stats_fetch_begin_irq(&percpu_stats->syncp);
725 local_stats = *percpu_stats;
726 } while (u64_stats_fetch_retry_irq(&percpu_stats->syncp, start));
728 stats->n_hit += local_stats.n_hit;
729 stats->n_missed += local_stats.n_missed;
730 stats->n_lost += local_stats.n_lost;
731 mega_stats->n_mask_hit += local_stats.n_mask_hit;
735 static bool should_fill_key(const struct sw_flow_id *sfid, uint32_t ufid_flags)
737 return ovs_identifier_is_ufid(sfid) &&
738 !(ufid_flags & OVS_UFID_F_OMIT_KEY);
741 static bool should_fill_mask(uint32_t ufid_flags)
743 return !(ufid_flags & OVS_UFID_F_OMIT_MASK);
746 static bool should_fill_actions(uint32_t ufid_flags)
748 return !(ufid_flags & OVS_UFID_F_OMIT_ACTIONS);
751 static size_t ovs_flow_cmd_msg_size(const struct sw_flow_actions *acts,
752 const struct sw_flow_id *sfid,
755 size_t len = NLMSG_ALIGN(sizeof(struct ovs_header));
757 /* OVS_FLOW_ATTR_UFID */
758 if (sfid && ovs_identifier_is_ufid(sfid))
759 len += nla_total_size(sfid->ufid_len);
761 /* OVS_FLOW_ATTR_KEY */
762 if (!sfid || should_fill_key(sfid, ufid_flags))
763 len += nla_total_size(ovs_key_attr_size());
765 /* OVS_FLOW_ATTR_MASK */
766 if (should_fill_mask(ufid_flags))
767 len += nla_total_size(ovs_key_attr_size());
769 /* OVS_FLOW_ATTR_ACTIONS */
770 if (should_fill_actions(ufid_flags))
771 len += nla_total_size(acts->orig_len);
774 + nla_total_size(sizeof(struct ovs_flow_stats)) /* OVS_FLOW_ATTR_STATS */
775 + nla_total_size(1) /* OVS_FLOW_ATTR_TCP_FLAGS */
776 + nla_total_size(8); /* OVS_FLOW_ATTR_USED */
779 /* Called with ovs_mutex or RCU read lock. */
780 static int ovs_flow_cmd_fill_stats(const struct sw_flow *flow,
783 struct ovs_flow_stats stats;
787 ovs_flow_stats_get(flow, &stats, &used, &tcp_flags);
790 nla_put_u64(skb, OVS_FLOW_ATTR_USED, ovs_flow_used_time(used)))
793 if (stats.n_packets &&
794 nla_put(skb, OVS_FLOW_ATTR_STATS, sizeof(struct ovs_flow_stats), &stats))
797 if ((u8)ntohs(tcp_flags) &&
798 nla_put_u8(skb, OVS_FLOW_ATTR_TCP_FLAGS, (u8)ntohs(tcp_flags)))
804 /* Called with ovs_mutex or RCU read lock. */
805 static int ovs_flow_cmd_fill_actions(const struct sw_flow *flow,
806 struct sk_buff *skb, int skb_orig_len)
808 struct nlattr *start;
811 /* If OVS_FLOW_ATTR_ACTIONS doesn't fit, skip dumping the actions if
812 * this is the first flow to be dumped into 'skb'. This is unusual for
813 * Netlink but individual action lists can be longer than
814 * NLMSG_GOODSIZE and thus entirely undumpable if we didn't do this.
815 * The userspace caller can always fetch the actions separately if it
816 * really wants them. (Most userspace callers in fact don't care.)
818 * This can only fail for dump operations because the skb is always
819 * properly sized for single flows.
821 start = nla_nest_start(skb, OVS_FLOW_ATTR_ACTIONS);
823 const struct sw_flow_actions *sf_acts;
825 sf_acts = rcu_dereference_ovsl(flow->sf_acts);
826 err = ovs_nla_put_actions(sf_acts->actions,
827 sf_acts->actions_len, skb);
830 nla_nest_end(skb, start);
835 nla_nest_cancel(skb, start);
837 } else if (skb_orig_len) {
844 /* Called with ovs_mutex or RCU read lock. */
845 static int ovs_flow_cmd_fill_info(const struct sw_flow *flow, int dp_ifindex,
846 struct sk_buff *skb, u32 portid,
847 u32 seq, u32 flags, u8 cmd, u32 ufid_flags)
849 const int skb_orig_len = skb->len;
850 struct ovs_header *ovs_header;
853 ovs_header = genlmsg_put(skb, portid, seq, &dp_flow_genl_family,
858 ovs_header->dp_ifindex = dp_ifindex;
860 err = ovs_nla_put_identifier(flow, skb);
864 if (should_fill_key(&flow->id, ufid_flags)) {
865 err = ovs_nla_put_masked_key(flow, skb);
870 if (should_fill_mask(ufid_flags)) {
871 err = ovs_nla_put_mask(flow, skb);
876 err = ovs_flow_cmd_fill_stats(flow, skb);
880 if (should_fill_actions(ufid_flags)) {
881 err = ovs_flow_cmd_fill_actions(flow, skb, skb_orig_len);
886 genlmsg_end(skb, ovs_header);
890 genlmsg_cancel(skb, ovs_header);
894 /* May not be called with RCU read lock. */
895 static struct sk_buff *ovs_flow_cmd_alloc_info(const struct sw_flow_actions *acts,
896 const struct sw_flow_id *sfid,
897 struct genl_info *info,
904 if (!always && !ovs_must_notify(&dp_flow_genl_family, info,
905 GROUP_ID(&ovs_dp_flow_multicast_group)))
908 len = ovs_flow_cmd_msg_size(acts, sfid, ufid_flags);
909 skb = genlmsg_new_unicast(len, info, GFP_KERNEL);
911 return ERR_PTR(-ENOMEM);
916 /* Called with ovs_mutex. */
917 static struct sk_buff *ovs_flow_cmd_build_info(const struct sw_flow *flow,
919 struct genl_info *info, u8 cmd,
920 bool always, u32 ufid_flags)
925 skb = ovs_flow_cmd_alloc_info(ovsl_dereference(flow->sf_acts),
926 &flow->id, info, always, ufid_flags);
927 if (IS_ERR_OR_NULL(skb))
930 retval = ovs_flow_cmd_fill_info(flow, dp_ifindex, skb,
931 info->snd_portid, info->snd_seq, 0,
937 static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
939 struct net *net = sock_net(skb->sk);
940 struct nlattr **a = info->attrs;
941 struct ovs_header *ovs_header = info->userhdr;
942 struct sw_flow *flow = NULL, *new_flow;
943 struct sw_flow_mask mask;
944 struct sk_buff *reply;
946 struct sw_flow_key key;
947 struct sw_flow_actions *acts;
948 struct sw_flow_match match;
949 u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
951 bool log = !a[OVS_FLOW_ATTR_PROBE];
953 /* Must have key and actions. */
955 if (!a[OVS_FLOW_ATTR_KEY]) {
956 OVS_NLERR(log, "Flow key attr not present in new flow.");
959 if (!a[OVS_FLOW_ATTR_ACTIONS]) {
960 OVS_NLERR(log, "Flow actions attr not present in new flow.");
964 /* Most of the time we need to allocate a new flow, do it before
967 new_flow = ovs_flow_alloc();
968 if (IS_ERR(new_flow)) {
969 error = PTR_ERR(new_flow);
974 ovs_match_init(&match, &key, &mask);
975 error = ovs_nla_get_match(net, &match, a[OVS_FLOW_ATTR_KEY],
976 a[OVS_FLOW_ATTR_MASK], log);
980 ovs_flow_mask_key(&new_flow->key, &key, true, &mask);
982 /* Extract flow identifier. */
983 error = ovs_nla_get_identifier(&new_flow->id, a[OVS_FLOW_ATTR_UFID],
988 /* Validate actions. */
989 error = ovs_nla_copy_actions(net, a[OVS_FLOW_ATTR_ACTIONS],
990 &new_flow->key, &acts, log);
992 OVS_NLERR(log, "Flow actions may not be safe on all matching packets.");
996 reply = ovs_flow_cmd_alloc_info(acts, &new_flow->id, info, false,
999 error = PTR_ERR(reply);
1000 goto err_kfree_acts;
1004 dp = get_dp(net, ovs_header->dp_ifindex);
1005 if (unlikely(!dp)) {
1007 goto err_unlock_ovs;
1010 /* Check if this is a duplicate flow */
1011 if (ovs_identifier_is_ufid(&new_flow->id))
1012 flow = ovs_flow_tbl_lookup_ufid(&dp->table, &new_flow->id);
1014 flow = ovs_flow_tbl_lookup(&dp->table, &key);
1015 if (likely(!flow)) {
1016 rcu_assign_pointer(new_flow->sf_acts, acts);
1018 /* Put flow in bucket. */
1019 error = ovs_flow_tbl_insert(&dp->table, new_flow, &mask);
1020 if (unlikely(error)) {
1022 goto err_unlock_ovs;
1025 if (unlikely(reply)) {
1026 error = ovs_flow_cmd_fill_info(new_flow,
1027 ovs_header->dp_ifindex,
1028 reply, info->snd_portid,
1036 struct sw_flow_actions *old_acts;
1038 /* Bail out if we're not allowed to modify an existing flow.
1039 * We accept NLM_F_CREATE in place of the intended NLM_F_EXCL
1040 * because Generic Netlink treats the latter as a dump
1041 * request. We also accept NLM_F_EXCL in case that bug ever
1044 if (unlikely(info->nlhdr->nlmsg_flags & (NLM_F_CREATE
1047 goto err_unlock_ovs;
1049 /* The flow identifier has to be the same for flow updates.
1050 * Look for any overlapping flow.
1052 if (unlikely(!ovs_flow_cmp(flow, &match))) {
1053 if (ovs_identifier_is_key(&flow->id))
1054 flow = ovs_flow_tbl_lookup_exact(&dp->table,
1056 else /* UFID matches but key is different */
1060 goto err_unlock_ovs;
1063 /* Update actions. */
1064 old_acts = ovsl_dereference(flow->sf_acts);
1065 rcu_assign_pointer(flow->sf_acts, acts);
1067 if (unlikely(reply)) {
1068 error = ovs_flow_cmd_fill_info(flow,
1069 ovs_header->dp_ifindex,
1070 reply, info->snd_portid,
1078 ovs_nla_free_flow_actions_rcu(old_acts);
1079 ovs_flow_free(new_flow, false);
1083 ovs_notify(&dp_flow_genl_family, &ovs_dp_flow_multicast_group, reply, info);
1090 ovs_nla_free_flow_actions(acts);
1092 ovs_flow_free(new_flow, false);
1097 /* Factor out action copy to avoid "Wframe-larger-than=1024" warning. */
1098 static struct sw_flow_actions *get_flow_actions(struct net *net,
1099 const struct nlattr *a,
1100 const struct sw_flow_key *key,
1101 const struct sw_flow_mask *mask,
1104 struct sw_flow_actions *acts;
1105 struct sw_flow_key masked_key;
1108 ovs_flow_mask_key(&masked_key, key, true, mask);
1109 error = ovs_nla_copy_actions(net, a, &masked_key, &acts, log);
1112 "Actions may not be safe on all matching packets");
1113 return ERR_PTR(error);
1119 static int ovs_flow_cmd_set(struct sk_buff *skb, struct genl_info *info)
1121 struct net *net = sock_net(skb->sk);
1122 struct nlattr **a = info->attrs;
1123 struct ovs_header *ovs_header = info->userhdr;
1124 struct sw_flow_key key;
1125 struct sw_flow *flow;
1126 struct sw_flow_mask mask;
1127 struct sk_buff *reply = NULL;
1128 struct datapath *dp;
1129 struct sw_flow_actions *old_acts = NULL, *acts = NULL;
1130 struct sw_flow_match match;
1131 struct sw_flow_id sfid;
1132 u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
1134 bool log = !a[OVS_FLOW_ATTR_PROBE];
1139 if (!a[OVS_FLOW_ATTR_KEY]) {
1140 OVS_NLERR(log, "Flow key attribute not present in set flow.");
1144 ufid_present = ovs_nla_get_ufid(&sfid, a[OVS_FLOW_ATTR_UFID], log);
1145 ovs_match_init(&match, &key, &mask);
1146 error = ovs_nla_get_match(net, &match, a[OVS_FLOW_ATTR_KEY],
1147 a[OVS_FLOW_ATTR_MASK], log);
1151 /* Validate actions. */
1152 if (a[OVS_FLOW_ATTR_ACTIONS]) {
1153 acts = get_flow_actions(net, a[OVS_FLOW_ATTR_ACTIONS], &key,
1156 error = PTR_ERR(acts);
1160 /* Can allocate before locking if have acts. */
1161 reply = ovs_flow_cmd_alloc_info(acts, &sfid, info, false,
1163 if (IS_ERR(reply)) {
1164 error = PTR_ERR(reply);
1165 goto err_kfree_acts;
1170 dp = get_dp(net, ovs_header->dp_ifindex);
1171 if (unlikely(!dp)) {
1173 goto err_unlock_ovs;
1175 /* Check that the flow exists. */
1177 flow = ovs_flow_tbl_lookup_ufid(&dp->table, &sfid);
1179 flow = ovs_flow_tbl_lookup_exact(&dp->table, &match);
1180 if (unlikely(!flow)) {
1182 goto err_unlock_ovs;
1185 /* Update actions, if present. */
1187 old_acts = ovsl_dereference(flow->sf_acts);
1188 rcu_assign_pointer(flow->sf_acts, acts);
1190 if (unlikely(reply)) {
1191 error = ovs_flow_cmd_fill_info(flow,
1192 ovs_header->dp_ifindex,
1193 reply, info->snd_portid,
1200 /* Could not alloc without acts before locking. */
1201 reply = ovs_flow_cmd_build_info(flow, ovs_header->dp_ifindex,
1202 info, OVS_FLOW_CMD_NEW, false,
1205 if (unlikely(IS_ERR(reply))) {
1206 error = PTR_ERR(reply);
1207 goto err_unlock_ovs;
1212 if (a[OVS_FLOW_ATTR_CLEAR])
1213 ovs_flow_stats_clear(flow);
1217 ovs_notify(&dp_flow_genl_family, &ovs_dp_flow_multicast_group, reply, info);
1219 ovs_nla_free_flow_actions_rcu(old_acts);
1227 ovs_nla_free_flow_actions(acts);
1232 static int ovs_flow_cmd_get(struct sk_buff *skb, struct genl_info *info)
1234 struct nlattr **a = info->attrs;
1235 struct ovs_header *ovs_header = info->userhdr;
1236 struct net *net = sock_net(skb->sk);
1237 struct sw_flow_key key;
1238 struct sk_buff *reply;
1239 struct sw_flow *flow;
1240 struct datapath *dp;
1241 struct sw_flow_match match;
1242 struct sw_flow_id ufid;
1243 u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
1245 bool log = !a[OVS_FLOW_ATTR_PROBE];
1248 ufid_present = ovs_nla_get_ufid(&ufid, a[OVS_FLOW_ATTR_UFID], log);
1249 if (a[OVS_FLOW_ATTR_KEY]) {
1250 ovs_match_init(&match, &key, NULL);
1251 err = ovs_nla_get_match(net, &match, a[OVS_FLOW_ATTR_KEY], NULL,
1253 } else if (!ufid_present) {
1255 "Flow get message rejected, Key attribute missing.");
1262 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
1269 flow = ovs_flow_tbl_lookup_ufid(&dp->table, &ufid);
1271 flow = ovs_flow_tbl_lookup_exact(&dp->table, &match);
1277 reply = ovs_flow_cmd_build_info(flow, ovs_header->dp_ifindex, info,
1278 OVS_FLOW_CMD_NEW, true, ufid_flags);
1279 if (IS_ERR(reply)) {
1280 err = PTR_ERR(reply);
1285 return genlmsg_reply(reply, info);
1291 static int ovs_flow_cmd_del(struct sk_buff *skb, struct genl_info *info)
1293 struct nlattr **a = info->attrs;
1294 struct ovs_header *ovs_header = info->userhdr;
1295 struct net *net = sock_net(skb->sk);
1296 struct sw_flow_key key;
1297 struct sk_buff *reply;
1298 struct sw_flow *flow = NULL;
1299 struct datapath *dp;
1300 struct sw_flow_match match;
1301 struct sw_flow_id ufid;
1302 u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
1304 bool log = !a[OVS_FLOW_ATTR_PROBE];
1307 ufid_present = ovs_nla_get_ufid(&ufid, a[OVS_FLOW_ATTR_UFID], log);
1308 if (a[OVS_FLOW_ATTR_KEY]) {
1309 ovs_match_init(&match, &key, NULL);
1310 err = ovs_nla_get_match(net, &match, a[OVS_FLOW_ATTR_KEY],
1317 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
1318 if (unlikely(!dp)) {
1323 if (unlikely(!a[OVS_FLOW_ATTR_KEY] && !ufid_present)) {
1324 err = ovs_flow_tbl_flush(&dp->table);
1329 flow = ovs_flow_tbl_lookup_ufid(&dp->table, &ufid);
1331 flow = ovs_flow_tbl_lookup_exact(&dp->table, &match);
1332 if (unlikely(!flow)) {
1337 ovs_flow_tbl_remove(&dp->table, flow);
1340 reply = ovs_flow_cmd_alloc_info(rcu_dereference_raw(flow->sf_acts),
1341 &flow->id, info, false, ufid_flags);
1343 if (likely(reply)) {
1344 if (likely(!IS_ERR(reply))) {
1345 rcu_read_lock(); /*To keep RCU checker happy. */
1346 err = ovs_flow_cmd_fill_info(flow, ovs_header->dp_ifindex,
1347 reply, info->snd_portid,
1353 ovs_notify(&dp_flow_genl_family, &ovs_dp_flow_multicast_group, reply, info);
1355 genl_set_err(&dp_flow_genl_family, sock_net(skb->sk), 0,
1356 GROUP_ID(&ovs_dp_flow_multicast_group), PTR_ERR(reply));
1361 ovs_flow_free(flow, true);
1368 static int ovs_flow_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
1370 struct nlattr *a[__OVS_FLOW_ATTR_MAX];
1371 struct ovs_header *ovs_header = genlmsg_data(nlmsg_data(cb->nlh));
1372 struct table_instance *ti;
1373 struct datapath *dp;
1377 err = genlmsg_parse(cb->nlh, &dp_flow_genl_family, a,
1378 OVS_FLOW_ATTR_MAX, flow_policy);
1381 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
1384 dp = get_dp_rcu(sock_net(skb->sk), ovs_header->dp_ifindex);
1390 ti = rcu_dereference(dp->table.ti);
1392 struct sw_flow *flow;
1395 bucket = cb->args[0];
1397 flow = ovs_flow_tbl_dump_next(ti, &bucket, &obj);
1401 if (ovs_flow_cmd_fill_info(flow, ovs_header->dp_ifindex, skb,
1402 NETLINK_CB(cb->skb).portid,
1403 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1404 OVS_FLOW_CMD_NEW, ufid_flags) < 0)
1407 cb->args[0] = bucket;
1414 static const struct nla_policy flow_policy[OVS_FLOW_ATTR_MAX + 1] = {
1415 [OVS_FLOW_ATTR_KEY] = { .type = NLA_NESTED },
1416 [OVS_FLOW_ATTR_MASK] = { .type = NLA_NESTED },
1417 [OVS_FLOW_ATTR_ACTIONS] = { .type = NLA_NESTED },
1418 [OVS_FLOW_ATTR_CLEAR] = { .type = NLA_FLAG },
1419 [OVS_FLOW_ATTR_PROBE] = { .type = NLA_FLAG },
1420 [OVS_FLOW_ATTR_UFID] = { .type = NLA_UNSPEC, .len = 1 },
1421 [OVS_FLOW_ATTR_UFID_FLAGS] = { .type = NLA_U32 },
1424 static struct genl_ops dp_flow_genl_ops[] = {
1425 { .cmd = OVS_FLOW_CMD_NEW,
1426 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1427 .policy = flow_policy,
1428 .doit = ovs_flow_cmd_new
1430 { .cmd = OVS_FLOW_CMD_DEL,
1431 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1432 .policy = flow_policy,
1433 .doit = ovs_flow_cmd_del
1435 { .cmd = OVS_FLOW_CMD_GET,
1436 .flags = 0, /* OK for unprivileged users. */
1437 .policy = flow_policy,
1438 .doit = ovs_flow_cmd_get,
1439 .dumpit = ovs_flow_cmd_dump
1441 { .cmd = OVS_FLOW_CMD_SET,
1442 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1443 .policy = flow_policy,
1444 .doit = ovs_flow_cmd_set,
1448 static struct genl_family dp_flow_genl_family = {
1449 .id = GENL_ID_GENERATE,
1450 .hdrsize = sizeof(struct ovs_header),
1451 .name = OVS_FLOW_FAMILY,
1452 .version = OVS_FLOW_VERSION,
1453 .maxattr = OVS_FLOW_ATTR_MAX,
1455 .parallel_ops = true,
1456 .ops = dp_flow_genl_ops,
1457 .n_ops = ARRAY_SIZE(dp_flow_genl_ops),
1458 .mcgrps = &ovs_dp_flow_multicast_group,
1462 static size_t ovs_dp_cmd_msg_size(void)
1464 size_t msgsize = NLMSG_ALIGN(sizeof(struct ovs_header));
1466 msgsize += nla_total_size(IFNAMSIZ);
1467 msgsize += nla_total_size(sizeof(struct ovs_dp_stats));
1468 msgsize += nla_total_size(sizeof(struct ovs_dp_megaflow_stats));
1469 msgsize += nla_total_size(sizeof(u32)); /* OVS_DP_ATTR_USER_FEATURES */
1474 /* Called with ovs_mutex. */
1475 static int ovs_dp_cmd_fill_info(struct datapath *dp, struct sk_buff *skb,
1476 u32 portid, u32 seq, u32 flags, u8 cmd)
1478 struct ovs_header *ovs_header;
1479 struct ovs_dp_stats dp_stats;
1480 struct ovs_dp_megaflow_stats dp_megaflow_stats;
1483 ovs_header = genlmsg_put(skb, portid, seq, &dp_datapath_genl_family,
1488 ovs_header->dp_ifindex = get_dpifindex(dp);
1490 err = nla_put_string(skb, OVS_DP_ATTR_NAME, ovs_dp_name(dp));
1492 goto nla_put_failure;
1494 get_dp_stats(dp, &dp_stats, &dp_megaflow_stats);
1495 if (nla_put(skb, OVS_DP_ATTR_STATS, sizeof(struct ovs_dp_stats),
1497 goto nla_put_failure;
1499 if (nla_put(skb, OVS_DP_ATTR_MEGAFLOW_STATS,
1500 sizeof(struct ovs_dp_megaflow_stats),
1501 &dp_megaflow_stats))
1502 goto nla_put_failure;
1504 if (nla_put_u32(skb, OVS_DP_ATTR_USER_FEATURES, dp->user_features))
1505 goto nla_put_failure;
1507 genlmsg_end(skb, ovs_header);
1511 genlmsg_cancel(skb, ovs_header);
1516 static struct sk_buff *ovs_dp_cmd_alloc_info(struct genl_info *info)
1518 return genlmsg_new_unicast(ovs_dp_cmd_msg_size(), info, GFP_KERNEL);
1521 /* Called with rcu_read_lock or ovs_mutex. */
1522 static struct datapath *lookup_datapath(struct net *net,
1523 const struct ovs_header *ovs_header,
1524 struct nlattr *a[OVS_DP_ATTR_MAX + 1])
1526 struct datapath *dp;
1528 if (!a[OVS_DP_ATTR_NAME])
1529 dp = get_dp(net, ovs_header->dp_ifindex);
1531 struct vport *vport;
1533 vport = ovs_vport_locate(net, nla_data(a[OVS_DP_ATTR_NAME]));
1534 dp = vport && vport->port_no == OVSP_LOCAL ? vport->dp : NULL;
1536 return dp ? dp : ERR_PTR(-ENODEV);
1539 static void ovs_dp_reset_user_features(struct sk_buff *skb, struct genl_info *info)
1541 struct datapath *dp;
1543 dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
1547 WARN(dp->user_features, "Dropping previously announced user features\n");
1548 dp->user_features = 0;
1551 static void ovs_dp_change(struct datapath *dp, struct nlattr *a[])
1553 if (a[OVS_DP_ATTR_USER_FEATURES])
1554 dp->user_features = nla_get_u32(a[OVS_DP_ATTR_USER_FEATURES]);
1557 static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info)
1559 struct nlattr **a = info->attrs;
1560 struct vport_parms parms;
1561 struct sk_buff *reply;
1562 struct datapath *dp;
1563 struct vport *vport;
1564 struct ovs_net *ovs_net;
1568 if (!a[OVS_DP_ATTR_NAME] || !a[OVS_DP_ATTR_UPCALL_PID])
1571 reply = ovs_dp_cmd_alloc_info(info);
1576 dp = kzalloc(sizeof(*dp), GFP_KERNEL);
1578 goto err_free_reply;
1580 ovs_dp_set_net(dp, sock_net(skb->sk));
1582 /* Allocate table. */
1583 err = ovs_flow_tbl_init(&dp->table);
1587 dp->stats_percpu = netdev_alloc_pcpu_stats(struct dp_stats_percpu);
1588 if (!dp->stats_percpu) {
1590 goto err_destroy_table;
1593 dp->ports = kmalloc(DP_VPORT_HASH_BUCKETS * sizeof(struct hlist_head),
1597 goto err_destroy_percpu;
1600 for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++)
1601 INIT_HLIST_HEAD(&dp->ports[i]);
1603 /* Set up our datapath device. */
1604 parms.name = nla_data(a[OVS_DP_ATTR_NAME]);
1605 parms.type = OVS_VPORT_TYPE_INTERNAL;
1606 parms.options = NULL;
1608 parms.port_no = OVSP_LOCAL;
1609 parms.upcall_portids = a[OVS_DP_ATTR_UPCALL_PID];
1611 ovs_dp_change(dp, a);
1613 /* So far only local changes have been made, now need the lock. */
1616 vport = new_vport(&parms);
1617 if (IS_ERR(vport)) {
1618 err = PTR_ERR(vport);
1622 if (err == -EEXIST) {
1623 /* An outdated user space instance that does not understand
1624 * the concept of user_features has attempted to create a new
1625 * datapath and is likely to reuse it. Drop all user features.
1627 if (info->genlhdr->version < OVS_DP_VER_FEATURES)
1628 ovs_dp_reset_user_features(skb, info);
1631 goto err_destroy_ports_array;
1634 err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
1635 info->snd_seq, 0, OVS_DP_CMD_NEW);
1638 ovs_net = net_generic(ovs_dp_get_net(dp), ovs_net_id);
1639 list_add_tail_rcu(&dp->list_node, &ovs_net->dps);
1643 ovs_notify(&dp_datapath_genl_family, &ovs_dp_datapath_multicast_group, reply, info);
1646 err_destroy_ports_array:
1650 free_percpu(dp->stats_percpu);
1652 ovs_flow_tbl_destroy(&dp->table);
1661 /* Called with ovs_mutex. */
1662 static void __dp_destroy(struct datapath *dp)
1666 for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++) {
1667 struct vport *vport;
1668 struct hlist_node *n;
1670 hlist_for_each_entry_safe(vport, n, &dp->ports[i], dp_hash_node)
1671 if (vport->port_no != OVSP_LOCAL)
1672 ovs_dp_detach_port(vport);
1675 list_del_rcu(&dp->list_node);
1677 /* OVSP_LOCAL is datapath internal port. We need to make sure that
1678 * all ports in datapath are destroyed first before freeing datapath.
1680 ovs_dp_detach_port(ovs_vport_ovsl(dp, OVSP_LOCAL));
1682 /* RCU destroy the flow table */
1683 call_rcu(&dp->rcu, destroy_dp_rcu);
1686 static int ovs_dp_cmd_del(struct sk_buff *skb, struct genl_info *info)
1688 struct sk_buff *reply;
1689 struct datapath *dp;
1692 reply = ovs_dp_cmd_alloc_info(info);
1697 dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
1700 goto err_unlock_free;
1702 err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
1703 info->snd_seq, 0, OVS_DP_CMD_DEL);
1709 ovs_notify(&dp_datapath_genl_family, &ovs_dp_datapath_multicast_group, reply, info);
1718 static int ovs_dp_cmd_set(struct sk_buff *skb, struct genl_info *info)
1720 struct sk_buff *reply;
1721 struct datapath *dp;
1724 reply = ovs_dp_cmd_alloc_info(info);
1729 dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
1732 goto err_unlock_free;
1734 ovs_dp_change(dp, info->attrs);
1736 err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
1737 info->snd_seq, 0, OVS_DP_CMD_NEW);
1742 ovs_notify(&dp_datapath_genl_family, &ovs_dp_datapath_multicast_group, reply, info);
1751 static int ovs_dp_cmd_get(struct sk_buff *skb, struct genl_info *info)
1753 struct sk_buff *reply;
1754 struct datapath *dp;
1757 reply = ovs_dp_cmd_alloc_info(info);
1762 dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
1765 goto err_unlock_free;
1767 err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
1768 info->snd_seq, 0, OVS_DP_CMD_NEW);
1772 return genlmsg_reply(reply, info);
1780 static int ovs_dp_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
1782 struct ovs_net *ovs_net = net_generic(sock_net(skb->sk), ovs_net_id);
1783 struct datapath *dp;
1784 int skip = cb->args[0];
1788 list_for_each_entry(dp, &ovs_net->dps, list_node) {
1790 ovs_dp_cmd_fill_info(dp, skb, NETLINK_CB(cb->skb).portid,
1791 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1792 OVS_DP_CMD_NEW) < 0)
1803 static const struct nla_policy datapath_policy[OVS_DP_ATTR_MAX + 1] = {
1804 [OVS_DP_ATTR_NAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
1805 [OVS_DP_ATTR_UPCALL_PID] = { .type = NLA_U32 },
1806 [OVS_DP_ATTR_USER_FEATURES] = { .type = NLA_U32 },
1809 static struct genl_ops dp_datapath_genl_ops[] = {
1810 { .cmd = OVS_DP_CMD_NEW,
1811 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1812 .policy = datapath_policy,
1813 .doit = ovs_dp_cmd_new
1815 { .cmd = OVS_DP_CMD_DEL,
1816 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1817 .policy = datapath_policy,
1818 .doit = ovs_dp_cmd_del
1820 { .cmd = OVS_DP_CMD_GET,
1821 .flags = 0, /* OK for unprivileged users. */
1822 .policy = datapath_policy,
1823 .doit = ovs_dp_cmd_get,
1824 .dumpit = ovs_dp_cmd_dump
1826 { .cmd = OVS_DP_CMD_SET,
1827 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1828 .policy = datapath_policy,
1829 .doit = ovs_dp_cmd_set,
1833 static struct genl_family dp_datapath_genl_family = {
1834 .id = GENL_ID_GENERATE,
1835 .hdrsize = sizeof(struct ovs_header),
1836 .name = OVS_DATAPATH_FAMILY,
1837 .version = OVS_DATAPATH_VERSION,
1838 .maxattr = OVS_DP_ATTR_MAX,
1840 .parallel_ops = true,
1841 .ops = dp_datapath_genl_ops,
1842 .n_ops = ARRAY_SIZE(dp_datapath_genl_ops),
1843 .mcgrps = &ovs_dp_datapath_multicast_group,
1847 /* Called with ovs_mutex or RCU read lock. */
1848 static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb,
1849 u32 portid, u32 seq, u32 flags, u8 cmd)
1851 struct ovs_header *ovs_header;
1852 struct ovs_vport_stats vport_stats;
1855 ovs_header = genlmsg_put(skb, portid, seq, &dp_vport_genl_family,
1860 ovs_header->dp_ifindex = get_dpifindex(vport->dp);
1862 if (nla_put_u32(skb, OVS_VPORT_ATTR_PORT_NO, vport->port_no) ||
1863 nla_put_u32(skb, OVS_VPORT_ATTR_TYPE, vport->ops->type) ||
1864 nla_put_string(skb, OVS_VPORT_ATTR_NAME,
1865 ovs_vport_name(vport)))
1866 goto nla_put_failure;
1868 ovs_vport_get_stats(vport, &vport_stats);
1869 if (nla_put(skb, OVS_VPORT_ATTR_STATS, sizeof(struct ovs_vport_stats),
1871 goto nla_put_failure;
1873 if (ovs_vport_get_upcall_portids(vport, skb))
1874 goto nla_put_failure;
1876 err = ovs_vport_get_options(vport, skb);
1877 if (err == -EMSGSIZE)
1880 genlmsg_end(skb, ovs_header);
1886 genlmsg_cancel(skb, ovs_header);
1890 static struct sk_buff *ovs_vport_cmd_alloc_info(void)
1892 return nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1895 /* Called with ovs_mutex, only via ovs_dp_notify_wq(). */
1896 struct sk_buff *ovs_vport_cmd_build_info(struct vport *vport, u32 portid,
1899 struct sk_buff *skb;
1902 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
1904 return ERR_PTR(-ENOMEM);
1906 retval = ovs_vport_cmd_fill_info(vport, skb, portid, seq, 0, cmd);
1912 /* Called with ovs_mutex or RCU read lock. */
1913 static struct vport *lookup_vport(struct net *net,
1914 const struct ovs_header *ovs_header,
1915 struct nlattr *a[OVS_VPORT_ATTR_MAX + 1])
1917 struct datapath *dp;
1918 struct vport *vport;
1920 if (a[OVS_VPORT_ATTR_NAME]) {
1921 vport = ovs_vport_locate(net, nla_data(a[OVS_VPORT_ATTR_NAME]));
1923 return ERR_PTR(-ENODEV);
1924 if (ovs_header->dp_ifindex &&
1925 ovs_header->dp_ifindex != get_dpifindex(vport->dp))
1926 return ERR_PTR(-ENODEV);
1928 } else if (a[OVS_VPORT_ATTR_PORT_NO]) {
1929 u32 port_no = nla_get_u32(a[OVS_VPORT_ATTR_PORT_NO]);
1931 if (port_no >= DP_MAX_PORTS)
1932 return ERR_PTR(-EFBIG);
1934 dp = get_dp(net, ovs_header->dp_ifindex);
1936 return ERR_PTR(-ENODEV);
1938 vport = ovs_vport_ovsl_rcu(dp, port_no);
1940 return ERR_PTR(-ENODEV);
1943 return ERR_PTR(-EINVAL);
1946 static int ovs_vport_cmd_new(struct sk_buff *skb, struct genl_info *info)
1948 struct nlattr **a = info->attrs;
1949 struct ovs_header *ovs_header = info->userhdr;
1950 struct vport_parms parms;
1951 struct sk_buff *reply;
1952 struct vport *vport;
1953 struct datapath *dp;
1957 if (!a[OVS_VPORT_ATTR_NAME] || !a[OVS_VPORT_ATTR_TYPE] ||
1958 !a[OVS_VPORT_ATTR_UPCALL_PID])
1961 port_no = a[OVS_VPORT_ATTR_PORT_NO]
1962 ? nla_get_u32(a[OVS_VPORT_ATTR_PORT_NO]) : 0;
1963 if (port_no >= DP_MAX_PORTS)
1966 reply = ovs_vport_cmd_alloc_info();
1972 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
1975 goto exit_unlock_free;
1978 vport = ovs_vport_ovsl(dp, port_no);
1981 goto exit_unlock_free;
1983 for (port_no = 1; ; port_no++) {
1984 if (port_no >= DP_MAX_PORTS) {
1986 goto exit_unlock_free;
1988 vport = ovs_vport_ovsl(dp, port_no);
1994 parms.name = nla_data(a[OVS_VPORT_ATTR_NAME]);
1995 parms.type = nla_get_u32(a[OVS_VPORT_ATTR_TYPE]);
1996 parms.options = a[OVS_VPORT_ATTR_OPTIONS];
1998 parms.port_no = port_no;
1999 parms.upcall_portids = a[OVS_VPORT_ATTR_UPCALL_PID];
2001 vport = new_vport(&parms);
2002 err = PTR_ERR(vport);
2003 if (IS_ERR(vport)) {
2006 goto exit_unlock_free;
2009 err = ovs_vport_cmd_fill_info(vport, reply, info->snd_portid,
2010 info->snd_seq, 0, OVS_VPORT_CMD_NEW);
2014 ovs_notify(&dp_vport_genl_family, &ovs_dp_vport_multicast_group, reply, info);
2023 static int ovs_vport_cmd_set(struct sk_buff *skb, struct genl_info *info)
2025 struct nlattr **a = info->attrs;
2026 struct sk_buff *reply;
2027 struct vport *vport;
2030 reply = ovs_vport_cmd_alloc_info();
2035 vport = lookup_vport(sock_net(skb->sk), info->userhdr, a);
2036 err = PTR_ERR(vport);
2038 goto exit_unlock_free;
2040 if (a[OVS_VPORT_ATTR_TYPE] &&
2041 nla_get_u32(a[OVS_VPORT_ATTR_TYPE]) != vport->ops->type) {
2043 goto exit_unlock_free;
2046 if (a[OVS_VPORT_ATTR_OPTIONS]) {
2047 err = ovs_vport_set_options(vport, a[OVS_VPORT_ATTR_OPTIONS]);
2049 goto exit_unlock_free;
2052 if (a[OVS_VPORT_ATTR_UPCALL_PID]) {
2053 struct nlattr *ids = a[OVS_VPORT_ATTR_UPCALL_PID];
2055 err = ovs_vport_set_upcall_portids(vport, ids);
2057 goto exit_unlock_free;
2060 err = ovs_vport_cmd_fill_info(vport, reply, info->snd_portid,
2061 info->snd_seq, 0, OVS_VPORT_CMD_NEW);
2065 ovs_notify(&dp_vport_genl_family, &ovs_dp_vport_multicast_group, reply, info);
2074 static int ovs_vport_cmd_del(struct sk_buff *skb, struct genl_info *info)
2076 struct nlattr **a = info->attrs;
2077 struct sk_buff *reply;
2078 struct vport *vport;
2081 reply = ovs_vport_cmd_alloc_info();
2086 vport = lookup_vport(sock_net(skb->sk), info->userhdr, a);
2087 err = PTR_ERR(vport);
2089 goto exit_unlock_free;
2091 if (vport->port_no == OVSP_LOCAL) {
2093 goto exit_unlock_free;
2096 err = ovs_vport_cmd_fill_info(vport, reply, info->snd_portid,
2097 info->snd_seq, 0, OVS_VPORT_CMD_DEL);
2099 ovs_dp_detach_port(vport);
2102 ovs_notify(&dp_vport_genl_family, &ovs_dp_vport_multicast_group, reply, info);
2111 static int ovs_vport_cmd_get(struct sk_buff *skb, struct genl_info *info)
2113 struct nlattr **a = info->attrs;
2114 struct ovs_header *ovs_header = info->userhdr;
2115 struct sk_buff *reply;
2116 struct vport *vport;
2119 reply = ovs_vport_cmd_alloc_info();
2124 vport = lookup_vport(sock_net(skb->sk), ovs_header, a);
2125 err = PTR_ERR(vport);
2127 goto exit_unlock_free;
2128 err = ovs_vport_cmd_fill_info(vport, reply, info->snd_portid,
2129 info->snd_seq, 0, OVS_VPORT_CMD_NEW);
2133 return genlmsg_reply(reply, info);
2141 static int ovs_vport_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
2143 struct ovs_header *ovs_header = genlmsg_data(nlmsg_data(cb->nlh));
2144 struct datapath *dp;
2145 int bucket = cb->args[0], skip = cb->args[1];
2149 dp = get_dp_rcu(sock_net(skb->sk), ovs_header->dp_ifindex);
2154 for (i = bucket; i < DP_VPORT_HASH_BUCKETS; i++) {
2155 struct vport *vport;
2158 hlist_for_each_entry_rcu(vport, &dp->ports[i], dp_hash_node) {
2160 ovs_vport_cmd_fill_info(vport, skb,
2161 NETLINK_CB(cb->skb).portid,
2164 OVS_VPORT_CMD_NEW) < 0)
2180 static const struct nla_policy vport_policy[OVS_VPORT_ATTR_MAX + 1] = {
2181 [OVS_VPORT_ATTR_NAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
2182 [OVS_VPORT_ATTR_STATS] = { .len = sizeof(struct ovs_vport_stats) },
2183 [OVS_VPORT_ATTR_PORT_NO] = { .type = NLA_U32 },
2184 [OVS_VPORT_ATTR_TYPE] = { .type = NLA_U32 },
2185 [OVS_VPORT_ATTR_UPCALL_PID] = { .type = NLA_U32 },
2186 [OVS_VPORT_ATTR_OPTIONS] = { .type = NLA_NESTED },
2189 static struct genl_ops dp_vport_genl_ops[] = {
2190 { .cmd = OVS_VPORT_CMD_NEW,
2191 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
2192 .policy = vport_policy,
2193 .doit = ovs_vport_cmd_new
2195 { .cmd = OVS_VPORT_CMD_DEL,
2196 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
2197 .policy = vport_policy,
2198 .doit = ovs_vport_cmd_del
2200 { .cmd = OVS_VPORT_CMD_GET,
2201 .flags = 0, /* OK for unprivileged users. */
2202 .policy = vport_policy,
2203 .doit = ovs_vport_cmd_get,
2204 .dumpit = ovs_vport_cmd_dump
2206 { .cmd = OVS_VPORT_CMD_SET,
2207 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
2208 .policy = vport_policy,
2209 .doit = ovs_vport_cmd_set,
2213 struct genl_family dp_vport_genl_family = {
2214 .id = GENL_ID_GENERATE,
2215 .hdrsize = sizeof(struct ovs_header),
2216 .name = OVS_VPORT_FAMILY,
2217 .version = OVS_VPORT_VERSION,
2218 .maxattr = OVS_VPORT_ATTR_MAX,
2220 .parallel_ops = true,
2221 .ops = dp_vport_genl_ops,
2222 .n_ops = ARRAY_SIZE(dp_vport_genl_ops),
2223 .mcgrps = &ovs_dp_vport_multicast_group,
2227 static struct genl_family *dp_genl_families[] = {
2228 &dp_datapath_genl_family,
2229 &dp_vport_genl_family,
2230 &dp_flow_genl_family,
2231 &dp_packet_genl_family,
2234 static void dp_unregister_genl(int n_families)
2238 for (i = 0; i < n_families; i++)
2239 genl_unregister_family(dp_genl_families[i]);
2242 static int dp_register_genl(void)
2247 for (i = 0; i < ARRAY_SIZE(dp_genl_families); i++) {
2249 err = genl_register_family(dp_genl_families[i]);
2257 dp_unregister_genl(i);
2261 static int __net_init ovs_init_net(struct net *net)
2263 struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
2265 INIT_LIST_HEAD(&ovs_net->dps);
2266 INIT_WORK(&ovs_net->dp_notify_work, ovs_dp_notify_wq);
2271 static void __net_exit list_vports_from_net(struct net *net, struct net *dnet,
2272 struct list_head *head)
2274 struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
2275 struct datapath *dp;
2277 list_for_each_entry(dp, &ovs_net->dps, list_node) {
2280 for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++) {
2281 struct vport *vport;
2283 hlist_for_each_entry(vport, &dp->ports[i], dp_hash_node) {
2285 if (vport->ops->type != OVS_VPORT_TYPE_INTERNAL)
2288 if (dev_net(vport->dev) == dnet)
2289 list_add(&vport->detach_list, head);
2295 static void __net_exit ovs_exit_net(struct net *dnet)
2297 struct datapath *dp, *dp_next;
2298 struct ovs_net *ovs_net = net_generic(dnet, ovs_net_id);
2299 struct vport *vport, *vport_next;
2305 list_for_each_entry_safe(dp, dp_next, &ovs_net->dps, list_node)
2310 list_vports_from_net(net, dnet, &head);
2313 /* Detach all vports from given namespace. */
2314 list_for_each_entry_safe(vport, vport_next, &head, detach_list) {
2315 list_del(&vport->detach_list);
2316 ovs_dp_detach_port(vport);
2321 cancel_work_sync(&ovs_net->dp_notify_work);
2324 static struct pernet_operations ovs_net_ops = {
2325 .init = ovs_init_net,
2326 .exit = ovs_exit_net,
2328 .size = sizeof(struct ovs_net),
2331 static int __init dp_init(void)
2335 BUILD_BUG_ON(sizeof(struct ovs_skb_cb) > FIELD_SIZEOF(struct sk_buff, cb));
2337 pr_info("Open vSwitch switching datapath %s\n", VERSION);
2339 err = compat_init();
2343 err = action_fifos_init();
2345 goto error_compat_exit;
2347 err = ovs_internal_dev_rtnl_link_register();
2349 goto error_action_fifos_exit;
2351 err = ovs_flow_init();
2353 goto error_unreg_rtnl_link;
2355 err = ovs_vport_init();
2357 goto error_flow_exit;
2359 err = register_pernet_device(&ovs_net_ops);
2361 goto error_vport_exit;
2363 err = register_netdevice_notifier(&ovs_dp_device_notifier);
2365 goto error_netns_exit;
2367 err = ovs_netdev_init();
2369 goto error_unreg_notifier;
2371 err = dp_register_genl();
2373 goto error_unreg_netdev;
2379 error_unreg_notifier:
2380 unregister_netdevice_notifier(&ovs_dp_device_notifier);
2382 unregister_pernet_device(&ovs_net_ops);
2387 error_unreg_rtnl_link:
2388 ovs_internal_dev_rtnl_link_unregister();
2389 error_action_fifos_exit:
2390 action_fifos_exit();
2397 static void dp_cleanup(void)
2399 dp_unregister_genl(ARRAY_SIZE(dp_genl_families));
2401 unregister_netdevice_notifier(&ovs_dp_device_notifier);
2402 unregister_pernet_device(&ovs_net_ops);
2406 ovs_internal_dev_rtnl_link_unregister();
2407 action_fifos_exit();
2411 module_init(dp_init);
2412 module_exit(dp_cleanup);
2414 MODULE_DESCRIPTION("Open vSwitch switching datapath");
2415 MODULE_LICENSE("GPL");
2416 MODULE_VERSION(VERSION);
projects / cascardo / ovs.git / blob