ofp: Add support for bundles extension in OpenFlow 1.3.

[cascardo/ovs.git] / datapath / datapath.c
diff --git a/datapath/datapath.c b/datapath/datapath.c

index 40b25e5..e3d3c8c 100644 (file)
--- a/datapath/datapath.c
+++ b/datapath/datapath.c
@@ -1,5 +1,5 @@
  /*
- * Copyright (c) 2007-2012 Nicira, Inc.
+ * Copyright (c) 2007-2015 Nicira, Inc.
   *
   * This program is free software; you can redistribute it and/or
   * modify it under the terms of version 2 of the GNU General Public
@@ -52,75 +52,138 @@
  #include <net/net_namespace.h>
  #include <net/netns/generic.h>
  
-#include "checksum.h"
  #include "datapath.h"
+#include "conntrack.h"
  #include "flow.h"
-#include "genl_exec.h"
+#include "flow_table.h"
+#include "flow_netlink.h"
+#include "gso.h"
  #include "vlan.h"
-#include "tunnel.h"
  #include "vport-internal_dev.h"
+#include "vport-netdev.h"
  
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,18) || \
-    LINUX_VERSION_CODE >= KERNEL_VERSION(3,9,0)
-#error Kernels before 2.6.18 or after 3.8 are not supported by this version of Open vSwitch.
-#endif
+int ovs_net_id __read_mostly;
+EXPORT_SYMBOL_GPL(ovs_net_id);
  
-#define REHASH_FLOW_INTERVAL (10 * 60 * HZ)
-static void rehash_flow_table(struct work_struct *work);
-static DECLARE_DELAYED_WORK(rehash_flow_wq, rehash_flow_table);
+static struct genl_family dp_packet_genl_family;
+static struct genl_family dp_flow_genl_family;
+static struct genl_family dp_datapath_genl_family;
  
-int ovs_net_id __read_mostly;
+static const struct nla_policy flow_policy[];
+
+static struct genl_multicast_group ovs_dp_flow_multicast_group = {
+       .name = OVS_FLOW_MCGROUP
+};
+
+static struct genl_multicast_group ovs_dp_datapath_multicast_group = {
+       .name = OVS_DATAPATH_MCGROUP
+};
+
+struct genl_multicast_group ovs_dp_vport_multicast_group = {
+       .name = OVS_VPORT_MCGROUP
+};
+
+/* Check if need to build a reply message.
+ * OVS userspace sets the NLM_F_ECHO flag if it needs the reply.
+ */
+static bool ovs_must_notify(struct genl_family *family, struct genl_info *info,
+                           unsigned int group)
+{
+       return info->nlhdr->nlmsg_flags & NLM_F_ECHO ||
+              genl_has_listeners(family, genl_info_net(info), group);
+}
+
+static void ovs_notify(struct genl_family *family, struct genl_multicast_group *grp,
+                      struct sk_buff *skb, struct genl_info *info)
+{
+       genl_notify(family, skb, genl_info_net(info),
+                   info->snd_portid, GROUP_ID(grp), info->nlhdr, GFP_KERNEL);
+}
  
  /**
   * DOC: Locking:
   *
- * Writes to device state (add/remove datapath, port, set operations on vports,
- * etc.) are protected by RTNL.
- *
- * Writes to other state (flow table modifications, set miscellaneous datapath
- * parameters, etc.) are protected by genl_mutex.  The RTNL lock nests inside
- * genl_mutex.
+ * All writes e.g. Writes to device state (add/remove datapath, port, set
+ * operations on vports, etc.), Writes to other state (flow table
+ * modifications, set miscellaneous datapath parameters, etc.) are protected
+ * by ovs_lock.
   *
   * Reads are protected by RCU.
   *
   * There are a few special cases (mostly stats) that have their own
   * synchronization but they nest under all of above and don't interact with
   * each other.
+ *
+ * The RTNL lock nests inside ovs_mutex.
   */
  
-static struct vport *new_vport(const struct vport_parms *);
-static int queue_gso_packets(struct net *, int dp_ifindex, struct sk_buff *,
+static DEFINE_MUTEX(ovs_mutex);
+
+void ovs_lock(void)
+{
+       mutex_lock(&ovs_mutex);
+}
+
+void ovs_unlock(void)
+{
+       mutex_unlock(&ovs_mutex);
+}
+
+#ifdef CONFIG_LOCKDEP
+int lockdep_ovsl_is_held(void)
+{
+       if (debug_locks)
+               return lockdep_is_held(&ovs_mutex);
+       else
+               return 1;
+}
+EXPORT_SYMBOL_GPL(lockdep_ovsl_is_held);
+#endif
+
+static int queue_gso_packets(struct datapath *dp, struct sk_buff *,
+                            const struct sw_flow_key *,
                              const struct dp_upcall_info *);
-static int queue_userspace_packet(struct net *, int dp_ifindex,
-                                 struct sk_buff *,
+static int queue_userspace_packet(struct datapath *dp, struct sk_buff *,
+                                 const struct sw_flow_key *,
                                   const struct dp_upcall_info *);
  
-/* Must be called with rcu_read_lock, genl_mutex, or RTNL lock. */
-static struct datapath *get_dp(struct net *net, int dp_ifindex)
+/* Must be called with rcu_read_lock. */
+static struct datapath *get_dp_rcu(struct net *net, int dp_ifindex)
  {
-       struct datapath *dp = NULL;
-       struct net_device *dev;
+       struct net_device *dev = dev_get_by_index_rcu(net, dp_ifindex);
  
-       rcu_read_lock();
-       dev = dev_get_by_index_rcu(net, dp_ifindex);
         if (dev) {
                 struct vport *vport = ovs_internal_dev_get_vport(dev);
                 if (vport)
-                       dp = vport->dp;
+                       return vport->dp;
         }
+
+       return NULL;
+}
+
+/* The caller must hold either ovs_mutex or rcu_read_lock to keep the
+ * returned dp pointer valid.
+ */
+static inline struct datapath *get_dp(struct net *net, int dp_ifindex)
+{
+       struct datapath *dp;
+
+       WARN_ON_ONCE(!rcu_read_lock_held() && !lockdep_ovsl_is_held());
+       rcu_read_lock();
+       dp = get_dp_rcu(net, dp_ifindex);
         rcu_read_unlock();
  
         return dp;
  }
  
-/* Must be called with rcu_read_lock or RTNL lock. */
+/* Must be called with rcu_read_lock or ovs_mutex. */
  const char *ovs_dp_name(const struct datapath *dp)
  {
-       struct vport *vport = ovs_vport_rtnl_rcu(dp, OVSP_LOCAL);
-       return vport->ops->get_name(vport);
+       struct vport *vport = ovs_vport_ovsl_rcu(dp, OVSP_LOCAL);
+       return ovs_vport_name(vport);
  }
  
-static int get_dpifindex(struct datapath *dp)
+static int get_dpifindex(const struct datapath *dp)
  {
         struct vport *local;
         int ifindex;
@@ -129,7 +192,7 @@ static int get_dpifindex(struct datapath *dp)
  
         local = ovs_vport_rcu(dp, OVSP_LOCAL);
         if (local)
-               ifindex = local->ops->get_ifindex(local);
+               ifindex = local->dev->ifindex;
         else
                 ifindex = 0;
  
@@ -142,9 +205,8 @@ static void destroy_dp_rcu(struct rcu_head *rcu)
  {
         struct datapath *dp = container_of(rcu, struct datapath, rcu);
  
-       ovs_flow_tbl_destroy((__force struct flow_table *)dp->table);
+       ovs_flow_tbl_destroy(&dp->table);
         free_percpu(dp->stats_percpu);
-       release_net(ovs_dp_get_net(dp));
         kfree(dp->ports);
         kfree(dp);
  }
@@ -155,6 +217,7 @@ static struct hlist_head *vport_hash_bucket(const struct datapath *dp,
         return &dp->ports[port_no & (DP_VPORT_HASH_BUCKETS - 1)];
  }
  
+/* Called with ovs_mutex or RCU read lock. */
  struct vport *ovs_lookup_vport(const struct datapath *dp, u16 port_no)
  {
         struct vport *vport;
@@ -168,7 +231,7 @@ struct vport *ovs_lookup_vport(const struct datapath *dp, u16 port_no)
         return NULL;
  }
  
-/* Called with RTNL lock and genl_lock. */
+/* Called with ovs_mutex. */
  static struct vport *new_vport(const struct vport_parms *parms)
  {
         struct vport *vport;
@@ -183,10 +246,9 @@ static struct vport *new_vport(const struct vport_parms *parms)
         return vport;
  }
  
-/* Called with RTNL lock. */
  void ovs_dp_detach_port(struct vport *p)
  {
-       ASSERT_RTNL();
+       ASSERT_OVSL();
  
         /* First drop references to device. */
         hlist_del_rcu(&p->dp_hash_node);
@@ -196,67 +258,57 @@ void ovs_dp_detach_port(struct vport *p)
  }
  
  /* Must be called with rcu_read_lock. */
-void ovs_dp_process_received_packet(struct vport *p, struct sk_buff *skb)
+void ovs_dp_process_packet(struct sk_buff *skb, struct sw_flow_key *key)
  {
+       const struct vport *p = OVS_CB(skb)->input_vport;
         struct datapath *dp = p->dp;
         struct sw_flow *flow;
+       struct sw_flow_actions *sf_acts;
         struct dp_stats_percpu *stats;
-       struct sw_flow_key key;
         u64 *stats_counter;
-       int error;
-       int key_len;
+       u32 n_mask_hit;
  
         stats = this_cpu_ptr(dp->stats_percpu);
  
-       /* Extract flow from 'skb' into 'key'. */
-       error = ovs_flow_extract(skb, p->port_no, &key, &key_len);
-       if (unlikely(error)) {
-               kfree_skb(skb);
-               return;
-       }
-
         /* Look up flow. */
-       flow = ovs_flow_tbl_lookup(rcu_dereference(dp->table), &key, key_len);
+       flow = ovs_flow_tbl_lookup_stats(&dp->table, key, skb_get_hash(skb),
+                                        &n_mask_hit);
         if (unlikely(!flow)) {
                 struct dp_upcall_info upcall;
+               int error;
  
+               memset(&upcall, 0, sizeof(upcall));
                 upcall.cmd = OVS_PACKET_CMD_MISS;
-               upcall.key = &key;
-               upcall.userdata = NULL;
-               upcall.portid = p->upcall_portid;
-               ovs_dp_upcall(dp, skb, &upcall);
-               consume_skb(skb);
+               upcall.portid = ovs_vport_find_upcall_portid(p, skb);
+               upcall.mru = OVS_CB(skb)->mru;
+               error = ovs_dp_upcall(dp, skb, key, &upcall);
+               if (unlikely(error))
+                       kfree_skb(skb);
+               else
+                       consume_skb(skb);
                 stats_counter = &stats->n_missed;
                 goto out;
         }
  
-       OVS_CB(skb)->flow = flow;
+       ovs_flow_stats_update(flow, key->tp.flags, skb);
+       sf_acts = rcu_dereference(flow->sf_acts);
+       ovs_execute_actions(dp, skb, sf_acts, key);
  
         stats_counter = &stats->n_hit;
-       ovs_flow_used(OVS_CB(skb)->flow, skb);
-       ovs_execute_actions(dp, skb);
  
  out:
         /* Update datapath statistics. */
-       u64_stats_update_begin(&stats->sync);
+       u64_stats_update_begin(&stats->syncp);
         (*stats_counter)++;
-       u64_stats_update_end(&stats->sync);
+       stats->n_mask_hit += n_mask_hit;
+       u64_stats_update_end(&stats->syncp);
  }
  
-static struct genl_family dp_packet_genl_family = {
-       .id = GENL_ID_GENERATE,
-       .hdrsize = sizeof(struct ovs_header),
-       .name = OVS_PACKET_FAMILY,
-       .version = OVS_PACKET_VERSION,
-       .maxattr = OVS_PACKET_ATTR_MAX,
-        SET_NETNSOK
-};
-
  int ovs_dp_upcall(struct datapath *dp, struct sk_buff *skb,
+                 const struct sw_flow_key *key,
                   const struct dp_upcall_info *upcall_info)
  {
         struct dp_stats_percpu *stats;
-       int dp_ifindex;
         int err;
  
         if (upcall_info->portid == 0) {
@@ -264,18 +316,10 @@ int ovs_dp_upcall(struct datapath *dp, struct sk_buff *skb,
                 goto err;
         }
  
-       dp_ifindex = get_dpifindex(dp);
-       if (!dp_ifindex) {
-               err = -ENODEV;
-               goto err;
-       }
-
-       forward_ip_summed(skb, true);
-
         if (!skb_is_gso(skb))
-               err = queue_userspace_packet(ovs_dp_get_net(dp), dp_ifindex, skb, upcall_info);
+               err = queue_userspace_packet(dp, skb, key, upcall_info);
         else
-               err = queue_gso_packets(ovs_dp_get_net(dp), dp_ifindex, skb, upcall_info);
+               err = queue_gso_packets(dp, skb, key, upcall_info);
         if (err)
                 goto err;
  
@@ -284,46 +328,51 @@ int ovs_dp_upcall(struct datapath *dp, struct sk_buff *skb,
  err:
         stats = this_cpu_ptr(dp->stats_percpu);
  
-       u64_stats_update_begin(&stats->sync);
+       u64_stats_update_begin(&stats->syncp);
         stats->n_lost++;
-       u64_stats_update_end(&stats->sync);
+       u64_stats_update_end(&stats->syncp);
  
         return err;
  }
  
-static int queue_gso_packets(struct net *net, int dp_ifindex,
-                            struct sk_buff *skb,
+static int queue_gso_packets(struct datapath *dp, struct sk_buff *skb,
+                            const struct sw_flow_key *key,
                              const struct dp_upcall_info *upcall_info)
  {
         unsigned short gso_type = skb_shinfo(skb)->gso_type;
-       struct dp_upcall_info later_info;
         struct sw_flow_key later_key;
         struct sk_buff *segs, *nskb;
+       struct ovs_skb_cb ovs_cb;
         int err;
  
-       segs = __skb_gso_segment(skb, NETIF_F_SG | NETIF_F_HW_CSUM, false);
+       ovs_cb = *OVS_CB(skb);
+       segs = __skb_gso_segment(skb, NETIF_F_SG, false);
+       *OVS_CB(skb) = ovs_cb;
         if (IS_ERR(segs))
                 return PTR_ERR(segs);
+       if (segs == NULL)
+               return -EINVAL;
+
+       if (gso_type & SKB_GSO_UDP) {
+               /* The initial flow key extracted by ovs_flow_key_extract()
+                * in this case is for a first fragment, so we need to
+                * properly mark later fragments.
+                */
+               later_key = *key;
+               later_key.ip.frag = OVS_FRAG_TYPE_LATER;
+       }
  
         /* Queue all of the segments. */
         skb = segs;
         do {
-               err = queue_userspace_packet(net, dp_ifindex, skb, upcall_info);
+               *OVS_CB(skb) = ovs_cb;
+               if (gso_type & SKB_GSO_UDP && skb != segs)
+                       key = &later_key;
+
+               err = queue_userspace_packet(dp, skb, key, upcall_info);
                 if (err)
                         break;
  
-               if (skb == segs && gso_type & SKB_GSO_UDP) {
-                       /* The initial flow key extracted by ovs_flow_extract()
-                        * in this case is for a first fragment, so we need to
-                        * properly mark later fragments.
-                        */
-                       later_key = *upcall_info->key;
-                       later_key.ip.frag = OVS_FRAG_TYPE_LATER;
-
-                       later_info = *upcall_info;
-                       later_info.key = &later_key;
-                       upcall_info = &later_info;
-               }
         } while ((skb = skb->next));
  
         /* Free all of the segments. */
@@ -338,61 +387,74 @@ static int queue_gso_packets(struct net *net, int dp_ifindex,
         return err;
  }
  
-static size_t key_attr_size(void)
-{
-       return    nla_total_size(4)   /* OVS_KEY_ATTR_PRIORITY */
-               + nla_total_size(0)   /* OVS_KEY_ATTR_TUNNEL */
-                 + nla_total_size(8)   /* OVS_TUNNEL_KEY_ATTR_ID */
-                 + nla_total_size(4)   /* OVS_TUNNEL_KEY_ATTR_IPV4_SRC */
-                 + nla_total_size(4)   /* OVS_TUNNEL_KEY_ATTR_IPV4_DST */
-                 + nla_total_size(1)   /* OVS_TUNNEL_KEY_ATTR_TOS */
-                 + nla_total_size(1)   /* OVS_TUNNEL_KEY_ATTR_TTL */
-                 + nla_total_size(0)   /* OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT */
-                 + nla_total_size(0)   /* OVS_TUNNEL_KEY_ATTR_CSUM */
-               + nla_total_size(4)   /* OVS_KEY_ATTR_IN_PORT */
-               + nla_total_size(4)   /* OVS_KEY_ATTR_SKB_MARK */
-               + nla_total_size(12)  /* OVS_KEY_ATTR_ETHERNET */
-               + nla_total_size(2)   /* OVS_KEY_ATTR_ETHERTYPE */
-               + nla_total_size(4)   /* OVS_KEY_ATTR_8021Q */
-               + nla_total_size(0)   /* OVS_KEY_ATTR_ENCAP */
-               + nla_total_size(2)   /* OVS_KEY_ATTR_ETHERTYPE */
-               + nla_total_size(40)  /* OVS_KEY_ATTR_IPV6 */
-               + nla_total_size(2)   /* OVS_KEY_ATTR_ICMPV6 */
-               + nla_total_size(28); /* OVS_KEY_ATTR_ND */
-}
-
-static size_t upcall_msg_size(const struct sk_buff *skb,
-                             const struct nlattr *userdata)
+static size_t upcall_msg_size(const struct dp_upcall_info *upcall_info,
+                             unsigned int hdrlen)
  {
         size_t size = NLMSG_ALIGN(sizeof(struct ovs_header))
-               + nla_total_size(skb->len) /* OVS_PACKET_ATTR_PACKET */
-               + nla_total_size(key_attr_size()); /* OVS_PACKET_ATTR_KEY */
+               + nla_total_size(hdrlen) /* OVS_PACKET_ATTR_PACKET */
+               + nla_total_size(ovs_key_attr_size()); /* OVS_PACKET_ATTR_KEY */
  
         /* OVS_PACKET_ATTR_USERDATA */
-       if (userdata)
-               size += NLA_ALIGN(userdata->nla_len);
+       if (upcall_info->userdata)
+               size += NLA_ALIGN(upcall_info->userdata->nla_len);
+
+       /* OVS_PACKET_ATTR_EGRESS_TUN_KEY */
+       if (upcall_info->egress_tun_info)
+               size += nla_total_size(ovs_tun_key_attr_size());
+
+       /* OVS_PACKET_ATTR_ACTIONS */
+       if (upcall_info->actions_len)
+               size += nla_total_size(upcall_info->actions_len);
+
+       /* OVS_PACKET_ATTR_MRU */
+       if (upcall_info->mru)
+               size += nla_total_size(sizeof(upcall_info->mru));
  
         return size;
  }
  
-static int queue_userspace_packet(struct net *net, int dp_ifindex,
-                                 struct sk_buff *skb,
+static void pad_packet(struct datapath *dp, struct sk_buff *skb)
+{
+       if (!(dp->user_features & OVS_DP_F_UNALIGNED)) {
+               size_t plen = NLA_ALIGN(skb->len) - skb->len;
+
+               if (plen > 0)
+                       memset(skb_put(skb, plen), 0, plen);
+       }
+}
+
+static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb,
+                                 const struct sw_flow_key *key,
                                   const struct dp_upcall_info *upcall_info)
  {
         struct ovs_header *upcall;
         struct sk_buff *nskb = NULL;
-       struct sk_buff *user_skb; /* to be queued to userspace */
+       struct sk_buff *user_skb = NULL; /* to be queued to userspace */
         struct nlattr *nla;
-       int err;
+       struct genl_info info = {
+#ifdef HAVE_GENLMSG_NEW_UNICAST
+               .dst_sk = ovs_dp_get_net(dp)->genl_sock,
+#endif
+               .snd_portid = upcall_info->portid,
+       };
+       size_t len;
+       unsigned int hlen;
+       int err, dp_ifindex;
+
+       dp_ifindex = get_dpifindex(dp);
+       if (!dp_ifindex)
+               return -ENODEV;
  
-       if (vlan_tx_tag_present(skb)) {
+       if (skb_vlan_tag_present(skb)) {
                 nskb = skb_clone(skb, GFP_ATOMIC);
                 if (!nskb)
                         return -ENOMEM;
-               
-               err = vlan_deaccel_tag(nskb);
-               if (err)
-                       return err;
+
+               nskb = vlan_insert_tag_set_proto(nskb, nskb->vlan_proto, skb_vlan_tag_get(nskb));
+               if (!nskb)
+                       return -ENOMEM;
+
+               vlan_set_tci(nskb, 0);
  
                 skb = nskb;
         }
@@ -402,7 +464,22 @@ static int queue_userspace_packet(struct net *net, int dp_ifindex,
                 goto out;
         }
  
-       user_skb = genlmsg_new(upcall_msg_size(skb, upcall_info->userdata), GFP_ATOMIC);
+       /* Complete checksum if needed */
+       if (skb->ip_summed == CHECKSUM_PARTIAL &&
+           (err = skb_checksum_help(skb)))
+               goto out;
+
+       /* Older versions of OVS user space enforce alignment of the last
+        * Netlink attribute to NLA_ALIGNTO which would require extensive
+        * padding logic. Only perform zerocopy if padding is not required.
+        */
+       if (dp->user_features & OVS_DP_F_UNALIGNED)
+               hlen = skb_zerocopy_headlen(skb);
+       else
+               hlen = skb->len;
+
+       len = upcall_msg_size(upcall_info, hlen);
+       user_skb = genlmsg_new_unicast(len, &info, GFP_ATOMIC);
         if (!user_skb) {
                 err = -ENOMEM;
                 goto out;
@@ -412,910 +489,730 @@ static int queue_userspace_packet(struct net *net, int dp_ifindex,
                              0, upcall_info->cmd);
         upcall->dp_ifindex = dp_ifindex;
  
-       nla = nla_nest_start(user_skb, OVS_PACKET_ATTR_KEY);
-       ovs_flow_to_nlattrs(upcall_info->key, user_skb);
-       nla_nest_end(user_skb, nla);
+       err = ovs_nla_put_key(key, key, OVS_PACKET_ATTR_KEY, false, user_skb);
+       BUG_ON(err);
  
         if (upcall_info->userdata)
                 __nla_put(user_skb, OVS_PACKET_ATTR_USERDATA,
                           nla_len(upcall_info->userdata),
                           nla_data(upcall_info->userdata));
  
-       nla = __nla_reserve(user_skb, OVS_PACKET_ATTR_PACKET, skb->len);
  
-       skb_copy_and_csum_dev(skb, nla_data(nla));
+       if (upcall_info->egress_tun_info) {
+               nla = nla_nest_start(user_skb, OVS_PACKET_ATTR_EGRESS_TUN_KEY);
+               err = ovs_nla_put_egress_tunnel_key(user_skb,
+                                                   upcall_info->egress_tun_info,
+                                                   upcall_info->egress_tun_opts);
+               BUG_ON(err);
+               nla_nest_end(user_skb, nla);
+       }
+
+       if (upcall_info->actions_len) {
+               nla = nla_nest_start(user_skb, OVS_PACKET_ATTR_ACTIONS);
+               err = ovs_nla_put_actions(upcall_info->actions,
+                                         upcall_info->actions_len,
+                                         user_skb);
+               if (!err)
+                       nla_nest_end(user_skb, nla);
+               else
+                       nla_nest_cancel(user_skb, nla);
+       }
+
+       /* Add OVS_PACKET_ATTR_MRU */
+       if (upcall_info->mru) {
+               if (nla_put_u16(user_skb, OVS_PACKET_ATTR_MRU,
+                               upcall_info->mru)) {
+                       err = -ENOBUFS;
+                       goto out;
+               }
+               pad_packet(dp, user_skb);
+       }
+
+       /* Only reserve room for attribute header, packet data is added
+        * in skb_zerocopy()
+        */
+       if (!(nla = nla_reserve(user_skb, OVS_PACKET_ATTR_PACKET, 0))) {
+               err = -ENOBUFS;
+               goto out;
+       }
+       nla->nla_len = nla_attr_size(skb->len);
+
+       err = skb_zerocopy(user_skb, skb, skb->len, hlen);
+       if (err)
+               goto out;
+
+       /* Pad OVS_PACKET_ATTR_PACKET if linear copy was performed */
+       pad_packet(dp, user_skb);
  
-       genlmsg_end(user_skb, upcall);
-       err = genlmsg_unicast(net, user_skb, upcall_info->portid);
+       ((struct nlmsghdr *) user_skb->data)->nlmsg_len = user_skb->len;
  
+       err = genlmsg_unicast(ovs_dp_get_net(dp), user_skb, upcall_info->portid);
+       user_skb = NULL;
  out:
+       if (err)
+               skb_tx_error(skb);
+       kfree_skb(user_skb);
         kfree_skb(nskb);
         return err;
  }
  
-/* Called with genl_mutex. */
-static int flush_flows(struct datapath *dp)
+static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info)
  {
-       struct flow_table *old_table;
-       struct flow_table *new_table;
-
-       old_table = genl_dereference(dp->table);
-       new_table = ovs_flow_tbl_alloc(TBL_MIN_BUCKETS);
-       if (!new_table)
-               return -ENOMEM;
-
-       rcu_assign_pointer(dp->table, new_table);
+       struct ovs_header *ovs_header = info->userhdr;
+       struct net *net = sock_net(skb->sk);
+       struct nlattr **a = info->attrs;
+       struct sw_flow_actions *acts;
+       struct sk_buff *packet;
+       struct sw_flow *flow;
+       struct sw_flow_actions *sf_acts;
+       struct datapath *dp;
+       struct ethhdr *eth;
+       struct vport *input_vport;
+       u16 mru = 0;
+       int len;
+       int err;
+       bool log = !a[OVS_PACKET_ATTR_PROBE];
  
-       ovs_flow_tbl_deferred_destroy(old_table);
-       return 0;
-}
+       err = -EINVAL;
+       if (!a[OVS_PACKET_ATTR_PACKET] || !a[OVS_PACKET_ATTR_KEY] ||
+           !a[OVS_PACKET_ATTR_ACTIONS])
+               goto err;
  
-static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, int attr_len)
-{
+       len = nla_len(a[OVS_PACKET_ATTR_PACKET]);
+       packet = __dev_alloc_skb(NET_IP_ALIGN + len, GFP_KERNEL);
+       err = -ENOMEM;
+       if (!packet)
+               goto err;
+       skb_reserve(packet, NET_IP_ALIGN);
  
-       struct sw_flow_actions *acts;
-       int new_acts_size;
-       int req_size = NLA_ALIGN(attr_len);
-       int next_offset = offsetof(struct sw_flow_actions, actions) +
-                                       (*sfa)->actions_len;
+       nla_memcpy(__skb_put(packet, len), a[OVS_PACKET_ATTR_PACKET], len);
  
-       if (req_size <= (ksize(*sfa) - next_offset))
-               goto out;
+       skb_reset_mac_header(packet);
+       eth = eth_hdr(packet);
  
-       new_acts_size = ksize(*sfa) * 2;
+       /* Normally, setting the skb 'protocol' field would be handled by a
+        * call to eth_type_trans(), but it assumes there's a sending
+        * device, which we may not have.
+        */
+       if (eth_proto_is_802_3(eth->h_proto))
+               packet->protocol = eth->h_proto;
+       else
+               packet->protocol = htons(ETH_P_802_2);
  
-       if (new_acts_size > MAX_ACTIONS_BUFSIZE) {
-               if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size)
-                       return ERR_PTR(-EMSGSIZE);
-               new_acts_size = MAX_ACTIONS_BUFSIZE;
+       /* Set packet's mru */
+       if (a[OVS_PACKET_ATTR_MRU]) {
+               mru = nla_get_u16(a[OVS_PACKET_ATTR_MRU]);
+               packet->ignore_df = 1;
         }
+       OVS_CB(packet)->mru = mru;
  
-       acts = ovs_flow_actions_alloc(new_acts_size);
-       if (IS_ERR(acts))
-               return (void *)acts;
+       /* Build an sw_flow for sending this packet. */
+       flow = ovs_flow_alloc();
+       err = PTR_ERR(flow);
+       if (IS_ERR(flow))
+               goto err_kfree_skb;
  
-       memcpy(acts->actions, (*sfa)->actions, (*sfa)->actions_len);
-       acts->actions_len = (*sfa)->actions_len;
-       kfree(*sfa);
-       *sfa = acts;
+       err = ovs_flow_key_extract_userspace(net, a[OVS_PACKET_ATTR_KEY],
+                                            packet, &flow->key, log);
+       if (err)
+               goto err_flow_free;
  
-out:
-       (*sfa)->actions_len += req_size;
-       return  (struct nlattr *) ((unsigned char *)(*sfa) + next_offset);
-}
+       err = ovs_nla_copy_actions(net, a[OVS_PACKET_ATTR_ACTIONS],
+                                  &flow->key, &acts, log);
+       if (err)
+               goto err_flow_free;
  
-static int add_action(struct sw_flow_actions **sfa, int attrtype, void *data, int len)
-{
-       struct nlattr *a;
+       rcu_assign_pointer(flow->sf_acts, acts);
+       packet->priority = flow->key.phy.priority;
+       packet->mark = flow->key.phy.skb_mark;
  
-       a = reserve_sfa_size(sfa, nla_attr_size(len));
-       if (IS_ERR(a))
-               return PTR_ERR(a);
+       rcu_read_lock();
+       dp = get_dp_rcu(net, ovs_header->dp_ifindex);
+       err = -ENODEV;
+       if (!dp)
+               goto err_unlock;
  
-       a->nla_type = attrtype;
-       a->nla_len = nla_attr_size(len);
+       input_vport = ovs_vport_rcu(dp, flow->key.phy.in_port);
+       if (!input_vport)
+               input_vport = ovs_vport_rcu(dp, OVSP_LOCAL);
  
-       if (data)
-               memcpy(nla_data(a), data, len);
-       memset((unsigned char *) a + a->nla_len, 0, nla_padlen(len));
+       if (!input_vport)
+               goto err_unlock;
  
-       return 0;
-}
+       packet->dev = input_vport->dev;
+       OVS_CB(packet)->input_vport = input_vport;
+       sf_acts = rcu_dereference(flow->sf_acts);
  
-static inline int add_nested_action_start(struct sw_flow_actions **sfa, int attrtype)
-{
-       int used = (*sfa)->actions_len;
-       int err;
+       local_bh_disable();
+       err = ovs_execute_actions(dp, packet, sf_acts, &flow->key);
+       local_bh_enable();
+       rcu_read_unlock();
  
-       err = add_action(sfa, attrtype, NULL, 0);
-       if (err)
-               return err;
+       ovs_flow_free(flow, false);
+       return err;
  
-       return used;
+err_unlock:
+       rcu_read_unlock();
+err_flow_free:
+       ovs_flow_free(flow, false);
+err_kfree_skb:
+       kfree_skb(packet);
+err:
+       return err;
  }
  
-static inline void add_nested_action_end(struct sw_flow_actions *sfa, int st_offset)
-{
-       struct nlattr *a = (struct nlattr *) ((unsigned char *)sfa->actions + st_offset);
+static const struct nla_policy packet_policy[OVS_PACKET_ATTR_MAX + 1] = {
+       [OVS_PACKET_ATTR_PACKET] = { .len = ETH_HLEN },
+       [OVS_PACKET_ATTR_KEY] = { .type = NLA_NESTED },
+       [OVS_PACKET_ATTR_ACTIONS] = { .type = NLA_NESTED },
+       [OVS_PACKET_ATTR_PROBE] = { .type = NLA_FLAG },
+       [OVS_PACKET_ATTR_MRU] = { .type = NLA_U16 },
+};
  
-       a->nla_len = sfa->actions_len - st_offset;
-}
+static struct genl_ops dp_packet_genl_ops[] = {
+       { .cmd = OVS_PACKET_CMD_EXECUTE,
+         .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
+         .policy = packet_policy,
+         .doit = ovs_packet_cmd_execute
+       }
+};
  
-static int validate_and_copy_actions(const struct nlattr *attr,
-                               const struct sw_flow_key *key, int depth,
-                               struct sw_flow_actions **sfa);
+static struct genl_family dp_packet_genl_family = {
+       .id = GENL_ID_GENERATE,
+       .hdrsize = sizeof(struct ovs_header),
+       .name = OVS_PACKET_FAMILY,
+       .version = OVS_PACKET_VERSION,
+       .maxattr = OVS_PACKET_ATTR_MAX,
+       .netnsok = true,
+       .parallel_ops = true,
+       .ops = dp_packet_genl_ops,
+       .n_ops = ARRAY_SIZE(dp_packet_genl_ops),
+};
  
-static int validate_and_copy_sample(const struct nlattr *attr,
-                          const struct sw_flow_key *key, int depth,
-                          struct sw_flow_actions **sfa)
+static void get_dp_stats(const struct datapath *dp, struct ovs_dp_stats *stats,
+                        struct ovs_dp_megaflow_stats *mega_stats)
  {
-       const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1];
-       const struct nlattr *probability, *actions;
-       const struct nlattr *a;
-       int rem, start, err, st_acts;
+       int i;
  
-       memset(attrs, 0, sizeof(attrs));
-       nla_for_each_nested(a, attr, rem) {
-               int type = nla_type(a);
-               if (!type || type > OVS_SAMPLE_ATTR_MAX || attrs[type])
-                       return -EINVAL;
-               attrs[type] = a;
-       }
-       if (rem)
-               return -EINVAL;
+       memset(mega_stats, 0, sizeof(*mega_stats));
  
-       probability = attrs[OVS_SAMPLE_ATTR_PROBABILITY];
-       if (!probability || nla_len(probability) != sizeof(u32))
-               return -EINVAL;
+       stats->n_flows = ovs_flow_tbl_count(&dp->table);
+       mega_stats->n_masks = ovs_flow_tbl_num_masks(&dp->table);
  
-       actions = attrs[OVS_SAMPLE_ATTR_ACTIONS];
-       if (!actions || (nla_len(actions) && nla_len(actions) < NLA_HDRLEN))
-               return -EINVAL;
+       stats->n_hit = stats->n_missed = stats->n_lost = 0;
  
-       /* validation done, copy sample action. */
-       start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SAMPLE);
-       if (start < 0)
-               return start;
-       err = add_action(sfa, OVS_SAMPLE_ATTR_PROBABILITY, nla_data(probability), sizeof(u32));
-       if (err)
-               return err;
-       st_acts = add_nested_action_start(sfa, OVS_SAMPLE_ATTR_ACTIONS);
-       if (st_acts < 0)
-               return st_acts;
+       for_each_possible_cpu(i) {
+               const struct dp_stats_percpu *percpu_stats;
+               struct dp_stats_percpu local_stats;
+               unsigned int start;
  
-       err = validate_and_copy_actions(actions, key, depth + 1, sfa);
-       if (err)
-               return err;
+               percpu_stats = per_cpu_ptr(dp->stats_percpu, i);
  
-       add_nested_action_end(*sfa, st_acts);
-       add_nested_action_end(*sfa, start);
+               do {
+                       start = u64_stats_fetch_begin_irq(&percpu_stats->syncp);
+                       local_stats = *percpu_stats;
+               } while (u64_stats_fetch_retry_irq(&percpu_stats->syncp, start));
  
-       return 0;
+               stats->n_hit += local_stats.n_hit;
+               stats->n_missed += local_stats.n_missed;
+               stats->n_lost += local_stats.n_lost;
+               mega_stats->n_mask_hit += local_stats.n_mask_hit;
+       }
  }
  
-static int validate_tp_port(const struct sw_flow_key *flow_key)
+static bool should_fill_key(const struct sw_flow_id *sfid, uint32_t ufid_flags)
  {
-       if (flow_key->eth.type == htons(ETH_P_IP)) {
-               if (flow_key->ipv4.tp.src || flow_key->ipv4.tp.dst)
-                       return 0;
-       } else if (flow_key->eth.type == htons(ETH_P_IPV6)) {
-               if (flow_key->ipv6.tp.src || flow_key->ipv6.tp.dst)
-                       return 0;
-       }
+       return ovs_identifier_is_ufid(sfid) &&
+              !(ufid_flags & OVS_UFID_F_OMIT_KEY);
+}
+
+static bool should_fill_mask(uint32_t ufid_flags)
+{
+       return !(ufid_flags & OVS_UFID_F_OMIT_MASK);
+}
  
-       return -EINVAL;
+static bool should_fill_actions(uint32_t ufid_flags)
+{
+       return !(ufid_flags & OVS_UFID_F_OMIT_ACTIONS);
  }
  
-static int validate_and_copy_set_tun(const struct nlattr *attr,
-                                    struct sw_flow_actions **sfa)
+static size_t ovs_flow_cmd_msg_size(const struct sw_flow_actions *acts,
+                                   const struct sw_flow_id *sfid,
+                                   uint32_t ufid_flags)
  {
-       struct ovs_key_ipv4_tunnel tun_key;
-       int err, start;
+       size_t len = NLMSG_ALIGN(sizeof(struct ovs_header));
  
-       err = ipv4_tun_from_nlattr(nla_data(attr), &tun_key);
-       if (err)
-               return err;
+       /* OVS_FLOW_ATTR_UFID */
+       if (sfid && ovs_identifier_is_ufid(sfid))
+               len += nla_total_size(sfid->ufid_len);
  
-       start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SET);
-       if (start < 0)
-               return start;
+       /* OVS_FLOW_ATTR_KEY */
+       if (!sfid || should_fill_key(sfid, ufid_flags))
+               len += nla_total_size(ovs_key_attr_size());
  
-       err = add_action(sfa, OVS_KEY_ATTR_IPV4_TUNNEL, &tun_key, sizeof(tun_key));
-       add_nested_action_end(*sfa, start);
+       /* OVS_FLOW_ATTR_MASK */
+       if (should_fill_mask(ufid_flags))
+               len += nla_total_size(ovs_key_attr_size());
  
-       return err;
+       /* OVS_FLOW_ATTR_ACTIONS */
+       if (should_fill_actions(ufid_flags))
+               len += nla_total_size(acts->orig_len);
+
+       return len
+               + nla_total_size(sizeof(struct ovs_flow_stats)) /* OVS_FLOW_ATTR_STATS */
+               + nla_total_size(1) /* OVS_FLOW_ATTR_TCP_FLAGS */
+               + nla_total_size(8); /* OVS_FLOW_ATTR_USED */
  }
  
-static int validate_set(const struct nlattr *a,
-                       const struct sw_flow_key *flow_key,
-                       struct sw_flow_actions **sfa,
-                       bool *set_tun)
+/* Called with ovs_mutex or RCU read lock. */
+static int ovs_flow_cmd_fill_stats(const struct sw_flow *flow,
+                                  struct sk_buff *skb)
  {
-       const struct nlattr *ovs_key = nla_data(a);
-       int key_type = nla_type(ovs_key);
+       struct ovs_flow_stats stats;
+       __be16 tcp_flags;
+       unsigned long used;
  
-       /* There can be only one key in a action */
-       if (nla_total_size(nla_len(ovs_key)) != nla_len(a))
-               return -EINVAL;
+       ovs_flow_stats_get(flow, &stats, &used, &tcp_flags);
  
-       if (key_type > OVS_KEY_ATTR_MAX ||
-           (ovs_key_lens[key_type] != nla_len(ovs_key) &&
-            ovs_key_lens[key_type] != -1))
-               return -EINVAL;
+       if (used &&
+           nla_put_u64(skb, OVS_FLOW_ATTR_USED, ovs_flow_used_time(used)))
+               return -EMSGSIZE;
  
-       switch (key_type) {
-       const struct ovs_key_ipv4 *ipv4_key;
-       const struct ovs_key_ipv6 *ipv6_key;
-       int err;
-
-       case OVS_KEY_ATTR_PRIORITY:
-       case OVS_KEY_ATTR_ETHERNET:
-               break;
-
-       case OVS_KEY_ATTR_SKB_MARK:
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20) && !defined(CONFIG_NETFILTER)
-               if (nla_get_u32(ovs_key) != 0)
-                       return -EINVAL;
-#endif
-               break;
-
-       case OVS_KEY_ATTR_TUNNEL:
-               *set_tun = true;
-               err = validate_and_copy_set_tun(a, sfa);
-               if (err)
-                       return err;
-               break;
-
-       case OVS_KEY_ATTR_IPV4:
-               if (flow_key->eth.type != htons(ETH_P_IP))
-                       return -EINVAL;
-
-               if (!flow_key->ip.proto)
-                       return -EINVAL;
-
-               ipv4_key = nla_data(ovs_key);
-               if (ipv4_key->ipv4_proto != flow_key->ip.proto)
-                       return -EINVAL;
-
-               if (ipv4_key->ipv4_frag != flow_key->ip.frag)
-                       return -EINVAL;
-
-               break;
-
-       case OVS_KEY_ATTR_IPV6:
-               if (flow_key->eth.type != htons(ETH_P_IPV6))
-                       return -EINVAL;
-
-               if (!flow_key->ip.proto)
-                       return -EINVAL;
-
-               ipv6_key = nla_data(ovs_key);
-               if (ipv6_key->ipv6_proto != flow_key->ip.proto)
-                       return -EINVAL;
-
-               if (ipv6_key->ipv6_frag != flow_key->ip.frag)
-                       return -EINVAL;
-
-               if (ntohl(ipv6_key->ipv6_label) & 0xFFF00000)
-                       return -EINVAL;
-
-               break;
-
-       case OVS_KEY_ATTR_TCP:
-               if (flow_key->ip.proto != IPPROTO_TCP)
-                       return -EINVAL;
-
-               return validate_tp_port(flow_key);
-
-       case OVS_KEY_ATTR_UDP:
-               if (flow_key->ip.proto != IPPROTO_UDP)
-                       return -EINVAL;
-
-               return validate_tp_port(flow_key);
-
-       default:
-               return -EINVAL;
-       }
-
-       return 0;
-}
-
-static int validate_userspace(const struct nlattr *attr)
-{
-       static const struct nla_policy userspace_policy[OVS_USERSPACE_ATTR_MAX + 1] =   {
-               [OVS_USERSPACE_ATTR_PID] = {.type = NLA_U32 },
-               [OVS_USERSPACE_ATTR_USERDATA] = {.type = NLA_UNSPEC },
-       };
-       struct nlattr *a[OVS_USERSPACE_ATTR_MAX + 1];
-       int error;
-
-       error = nla_parse_nested(a, OVS_USERSPACE_ATTR_MAX,
-                                attr, userspace_policy);
-       if (error)
-               return error;
+       if (stats.n_packets &&
+           nla_put(skb, OVS_FLOW_ATTR_STATS, sizeof(struct ovs_flow_stats), &stats))
+               return -EMSGSIZE;
  
-       if (!a[OVS_USERSPACE_ATTR_PID] ||
-           !nla_get_u32(a[OVS_USERSPACE_ATTR_PID]))
-               return -EINVAL;
+       if ((u8)ntohs(tcp_flags) &&
+            nla_put_u8(skb, OVS_FLOW_ATTR_TCP_FLAGS, (u8)ntohs(tcp_flags)))
+               return -EMSGSIZE;
  
         return 0;
  }
  
-static int copy_action(const struct nlattr *from,
-                     struct sw_flow_actions **sfa)
+/* Called with ovs_mutex or RCU read lock. */
+static int ovs_flow_cmd_fill_actions(const struct sw_flow *flow,
+                                    struct sk_buff *skb, int skb_orig_len)
  {
-       int totlen = NLA_ALIGN(from->nla_len);
-       struct nlattr *to;
-
-       to = reserve_sfa_size(sfa, from->nla_len);
-       if (IS_ERR(to))
-               return PTR_ERR(to);
-
-       memcpy(to, from, totlen);
-       return 0;
-}
-
-static int validate_and_copy_actions(const struct nlattr *attr,
-                               const struct sw_flow_key *key,
-                               int depth,
-                               struct sw_flow_actions **sfa)
-{
-       const struct nlattr *a;
-       int rem, err;
-
-       if (depth >= SAMPLE_ACTION_DEPTH)
-               return -EOVERFLOW;
-
-       nla_for_each_nested(a, attr, rem) {
-               /* Expected argument lengths, (u32)-1 for variable length. */
-               static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = {
-                       [OVS_ACTION_ATTR_OUTPUT] = sizeof(u32),
-                       [OVS_ACTION_ATTR_USERSPACE] = (u32)-1,
-                       [OVS_ACTION_ATTR_PUSH_VLAN] = sizeof(struct ovs_action_push_vlan),
-                       [OVS_ACTION_ATTR_POP_VLAN] = 0,
-                       [OVS_ACTION_ATTR_SET] = (u32)-1,
-                       [OVS_ACTION_ATTR_SAMPLE] = (u32)-1
-               };
-               const struct ovs_action_push_vlan *vlan;
-               int type = nla_type(a);
-               bool skip_copy;
-
-               if (type > OVS_ACTION_ATTR_MAX ||
-                   (action_lens[type] != nla_len(a) &&
-                    action_lens[type] != (u32)-1))
-                       return -EINVAL;
-
-               skip_copy = false;
-               switch (type) {
-               case OVS_ACTION_ATTR_UNSPEC:
-                       return -EINVAL;
-
-               case OVS_ACTION_ATTR_USERSPACE:
-                       err = validate_userspace(a);
-                       if (err)
-                               return err;
-                       break;
-
-               case OVS_ACTION_ATTR_OUTPUT:
-                       if (nla_get_u32(a) >= DP_MAX_PORTS)
-                               return -EINVAL;
-                       break;
-
-
-               case OVS_ACTION_ATTR_POP_VLAN:
-                       break;
+       struct nlattr *start;
+       int err;
  
-               case OVS_ACTION_ATTR_PUSH_VLAN:
-                       vlan = nla_data(a);
-                       if (vlan->vlan_tpid != htons(ETH_P_8021Q))
-                               return -EINVAL;
-                       if (!(vlan->vlan_tci & htons(VLAN_TAG_PRESENT)))
-                               return -EINVAL;
-                       break;
+       /* If OVS_FLOW_ATTR_ACTIONS doesn't fit, skip dumping the actions if
+        * this is the first flow to be dumped into 'skb'.  This is unusual for
+        * Netlink but individual action lists can be longer than
+        * NLMSG_GOODSIZE and thus entirely undumpable if we didn't do this.
+        * The userspace caller can always fetch the actions separately if it
+        * really wants them.  (Most userspace callers in fact don't care.)
+        *
+        * This can only fail for dump operations because the skb is always
+        * properly sized for single flows.
+        */
+       start = nla_nest_start(skb, OVS_FLOW_ATTR_ACTIONS);
+       if (start) {
+               const struct sw_flow_actions *sf_acts;
  
-               case OVS_ACTION_ATTR_SET:
-                       err = validate_set(a, key, sfa, &skip_copy);
-                       if (err)
-                               return err;
-                       break;
+               sf_acts = rcu_dereference_ovsl(flow->sf_acts);
+               err = ovs_nla_put_actions(sf_acts->actions,
+                                         sf_acts->actions_len, skb);
  
-               case OVS_ACTION_ATTR_SAMPLE:
-                       err = validate_and_copy_sample(a, key, depth, sfa);
-                       if (err)
+               if (!err)
+                       nla_nest_end(skb, start);
+               else {
+                       if (skb_orig_len)
                                 return err;
-                       skip_copy = true;
-                       break;
  
-               default:
-                       return -EINVAL;
-               }
-               if (!skip_copy) {
-                       err = copy_action(a, sfa);
-                       if (err)
-                               return err;
+                       nla_nest_cancel(skb, start);
                 }
+       } else if (skb_orig_len) {
+               return -EMSGSIZE;
         }
  
-       if (rem > 0)
-               return -EINVAL;
-
         return 0;
  }
  
-static void clear_stats(struct sw_flow *flow)
-{
-       flow->used = 0;
-       flow->tcp_flags = 0;
-       flow->packet_count = 0;
-       flow->byte_count = 0;
-}
-
-static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info)
+/* Called with ovs_mutex or RCU read lock. */
+static int ovs_flow_cmd_fill_info(const struct sw_flow *flow, int dp_ifindex,
+                                 struct sk_buff *skb, u32 portid,
+                                 u32 seq, u32 flags, u8 cmd, u32 ufid_flags)
  {
-       struct ovs_header *ovs_header = info->userhdr;
-       struct nlattr **a = info->attrs;
-       struct sw_flow_actions *acts;
-       struct sk_buff *packet;
-       struct sw_flow *flow;
-       struct datapath *dp;
-       struct ethhdr *eth;
-       int len;
+       const int skb_orig_len = skb->len;
+       struct ovs_header *ovs_header;
         int err;
-       int key_len;
-
-       err = -EINVAL;
-       if (!a[OVS_PACKET_ATTR_PACKET] || !a[OVS_PACKET_ATTR_KEY] ||
-           !a[OVS_PACKET_ATTR_ACTIONS])
-               goto err;
-
-       len = nla_len(a[OVS_PACKET_ATTR_PACKET]);
-       packet = __dev_alloc_skb(NET_IP_ALIGN + len, GFP_KERNEL);
-       err = -ENOMEM;
-       if (!packet)
-               goto err;
-       skb_reserve(packet, NET_IP_ALIGN);
-
-       nla_memcpy(__skb_put(packet, len), a[OVS_PACKET_ATTR_PACKET], len);
-
-       skb_reset_mac_header(packet);
-       eth = eth_hdr(packet);
-
-       /* Normally, setting the skb 'protocol' field would be handled by a
-        * call to eth_type_trans(), but it assumes there's a sending
-        * device, which we may not have. */
-       if (ntohs(eth->h_proto) >= ETH_P_802_3_MIN)
-               packet->protocol = eth->h_proto;
-       else
-               packet->protocol = htons(ETH_P_802_2);
  
-       /* Build an sw_flow for sending this packet. */
-       flow = ovs_flow_alloc();
-       err = PTR_ERR(flow);
-       if (IS_ERR(flow))
-               goto err_kfree_skb;
+       ovs_header = genlmsg_put(skb, portid, seq, &dp_flow_genl_family,
+                                flags, cmd);
+       if (!ovs_header)
+               return -EMSGSIZE;
  
-       err = ovs_flow_extract(packet, -1, &flow->key, &key_len);
-       if (err)
-               goto err_flow_free;
+       ovs_header->dp_ifindex = dp_ifindex;
  
-       err = ovs_flow_metadata_from_nlattrs(flow, key_len, a[OVS_PACKET_ATTR_KEY]);
+       err = ovs_nla_put_identifier(flow, skb);
         if (err)
-               goto err_flow_free;
-       acts = ovs_flow_actions_alloc(nla_len(a[OVS_PACKET_ATTR_ACTIONS]));
-       err = PTR_ERR(acts);
-       if (IS_ERR(acts))
-               goto err_flow_free;
-
-       err = validate_and_copy_actions(a[OVS_PACKET_ATTR_ACTIONS], &flow->key, 0, &acts);
-       rcu_assign_pointer(flow->sf_acts, acts);
-       if (err)
-               goto err_flow_free;
-
-       OVS_CB(packet)->flow = flow;
-       packet->priority = flow->key.phy.priority;
-       skb_set_mark(packet, flow->key.phy.skb_mark);
-
-       rcu_read_lock();
-       dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
-       err = -ENODEV;
-       if (!dp)
-               goto err_unlock;
-
-       local_bh_disable();
-       err = ovs_execute_actions(dp, packet);
-       local_bh_enable();
-       rcu_read_unlock();
-
-       ovs_flow_free(flow);
-       return err;
-
-err_unlock:
-       rcu_read_unlock();
-err_flow_free:
-       ovs_flow_free(flow);
-err_kfree_skb:
-       kfree_skb(packet);
-err:
-       return err;
-}
-
-static const struct nla_policy packet_policy[OVS_PACKET_ATTR_MAX + 1] = {
-#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,18)
-       [OVS_PACKET_ATTR_PACKET] = { .len = ETH_HLEN },
-#else
-       [OVS_PACKET_ATTR_PACKET] = { .minlen = ETH_HLEN },
-#endif
-       [OVS_PACKET_ATTR_KEY] = { .type = NLA_NESTED },
-       [OVS_PACKET_ATTR_ACTIONS] = { .type = NLA_NESTED },
-};
+               goto error;
  
-static struct genl_ops dp_packet_genl_ops[] = {
-       { .cmd = OVS_PACKET_CMD_EXECUTE,
-         .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
-         .policy = packet_policy,
-         .doit = ovs_packet_cmd_execute
+       if (should_fill_key(&flow->id, ufid_flags)) {
+               err = ovs_nla_put_masked_key(flow, skb);
+               if (err)
+                       goto error;
         }
-};
-
-static void get_dp_stats(struct datapath *dp, struct ovs_dp_stats *stats)
-{
-       int i;
-       struct flow_table *table = genl_dereference(dp->table);
  
-       stats->n_flows = ovs_flow_tbl_count(table);
-
-       stats->n_hit = stats->n_missed = stats->n_lost = 0;
-       for_each_possible_cpu(i) {
-               const struct dp_stats_percpu *percpu_stats;
-               struct dp_stats_percpu local_stats;
-               unsigned int start;
-
-               percpu_stats = per_cpu_ptr(dp->stats_percpu, i);
-
-               do {
-                       start = u64_stats_fetch_begin_bh(&percpu_stats->sync);
-                       local_stats = *percpu_stats;
-               } while (u64_stats_fetch_retry_bh(&percpu_stats->sync, start));
-
-               stats->n_hit += local_stats.n_hit;
-               stats->n_missed += local_stats.n_missed;
-               stats->n_lost += local_stats.n_lost;
+       if (should_fill_mask(ufid_flags)) {
+               err = ovs_nla_put_mask(flow, skb);
+               if (err)
+                       goto error;
         }
-}
-
-static const struct nla_policy flow_policy[OVS_FLOW_ATTR_MAX + 1] = {
-       [OVS_FLOW_ATTR_KEY] = { .type = NLA_NESTED },
-       [OVS_FLOW_ATTR_ACTIONS] = { .type = NLA_NESTED },
-       [OVS_FLOW_ATTR_CLEAR] = { .type = NLA_FLAG },
-};
  
-static struct genl_family dp_flow_genl_family = {
-       .id = GENL_ID_GENERATE,
-       .hdrsize = sizeof(struct ovs_header),
-       .name = OVS_FLOW_FAMILY,
-       .version = OVS_FLOW_VERSION,
-       .maxattr = OVS_FLOW_ATTR_MAX,
-        SET_NETNSOK
-};
-
-static struct genl_multicast_group ovs_dp_flow_multicast_group = {
-       .name = OVS_FLOW_MCGROUP
-};
-
-static int actions_to_attr(const struct nlattr *attr, int len, struct sk_buff *skb);
-static int sample_action_to_attr(const struct nlattr *attr, struct sk_buff *skb)
-{
-       const struct nlattr *a;
-       struct nlattr *start;
-       int err = 0, rem;
-
-       start = nla_nest_start(skb, OVS_ACTION_ATTR_SAMPLE);
-       if (!start)
-               return -EMSGSIZE;
-
-       nla_for_each_nested(a, attr, rem) {
-               int type = nla_type(a);
-               struct nlattr *st_sample;
+       err = ovs_flow_cmd_fill_stats(flow, skb);
+       if (err)
+               goto error;
  
-               switch (type) {
-               case OVS_SAMPLE_ATTR_PROBABILITY:
-                       if (nla_put(skb, OVS_SAMPLE_ATTR_PROBABILITY, sizeof(u32), nla_data(a)))
-                               return -EMSGSIZE;
-                       break;
-               case OVS_SAMPLE_ATTR_ACTIONS:
-                       st_sample = nla_nest_start(skb, OVS_SAMPLE_ATTR_ACTIONS);
-                       if (!st_sample)
-                               return -EMSGSIZE;
-                       err = actions_to_attr(nla_data(a), nla_len(a), skb);
-                       if (err)
-                               return err;
-                       nla_nest_end(skb, st_sample);
-                       break;
-               }
+       if (should_fill_actions(ufid_flags)) {
+               err = ovs_flow_cmd_fill_actions(flow, skb, skb_orig_len);
+               if (err)
+                       goto error;
         }
  
-       nla_nest_end(skb, start);
+       genlmsg_end(skb, ovs_header);
+       return 0;
+
+error:
+       genlmsg_cancel(skb, ovs_header);
         return err;
  }
  
-static int set_action_to_attr(const struct nlattr *a, struct sk_buff *skb)
+/* May not be called with RCU read lock. */
+static struct sk_buff *ovs_flow_cmd_alloc_info(const struct sw_flow_actions *acts,
+                                              const struct sw_flow_id *sfid,
+                                              struct genl_info *info,
+                                              bool always,
+                                              uint32_t ufid_flags)
  {
-       const struct nlattr *ovs_key = nla_data(a);
-       int key_type = nla_type(ovs_key);
-       struct nlattr *start;
-       int err;
+       struct sk_buff *skb;
+       size_t len;
  
-       switch (key_type) {
-       case OVS_KEY_ATTR_IPV4_TUNNEL:
-               start = nla_nest_start(skb, OVS_ACTION_ATTR_SET);
-               if (!start)
-                       return -EMSGSIZE;
+       if (!always && !ovs_must_notify(&dp_flow_genl_family, info,
+                                       GROUP_ID(&ovs_dp_flow_multicast_group)))
+               return NULL;
  
-               err = ipv4_tun_to_nlattr(skb, nla_data(ovs_key));
-               if (err)
-                       return err;
-               nla_nest_end(skb, start);
-               break;
-       default:
-               if (nla_put(skb, OVS_ACTION_ATTR_SET, nla_len(a), ovs_key))
-                       return -EMSGSIZE;
-               break;
-       }
+       len = ovs_flow_cmd_msg_size(acts, sfid, ufid_flags);
+       skb = genlmsg_new_unicast(len, info, GFP_KERNEL);
+       if (!skb)
+               return ERR_PTR(-ENOMEM);
  
-       return 0;
+       return skb;
  }
  
-static int actions_to_attr(const struct nlattr *attr, int len, struct sk_buff *skb)
+/* Called with ovs_mutex. */
+static struct sk_buff *ovs_flow_cmd_build_info(const struct sw_flow *flow,
+                                              int dp_ifindex,
+                                              struct genl_info *info, u8 cmd,
+                                              bool always, u32 ufid_flags)
  {
-       const struct nlattr *a;
-       int rem, err;
+       struct sk_buff *skb;
+       int retval;
  
-       nla_for_each_attr(a, attr, len, rem) {
-               int type = nla_type(a);
+       skb = ovs_flow_cmd_alloc_info(ovsl_dereference(flow->sf_acts),
+                                     &flow->id, info, always, ufid_flags);
+       if (IS_ERR_OR_NULL(skb))
+               return skb;
  
-               switch (type) {
-               case OVS_ACTION_ATTR_SET:
-                       err = set_action_to_attr(a, skb);
-                       if (err)
-                               return err;
-                       break;
-
-               case OVS_ACTION_ATTR_SAMPLE:
-                       err = sample_action_to_attr(a, skb);
-                       if (err)
-                               return err;
-                       break;
-               default:
-                       if (nla_put(skb, type, nla_len(a), nla_data(a)))
-                               return -EMSGSIZE;
-                       break;
-               }
-       }
-
-       return 0;
+       retval = ovs_flow_cmd_fill_info(flow, dp_ifindex, skb,
+                                       info->snd_portid, info->snd_seq, 0,
+                                       cmd, ufid_flags);
+       BUG_ON(retval < 0);
+       return skb;
  }
  
-static size_t ovs_flow_cmd_msg_size(const struct sw_flow_actions *acts)
+static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
  {
-       return NLMSG_ALIGN(sizeof(struct ovs_header))
-               + nla_total_size(key_attr_size()) /* OVS_FLOW_ATTR_KEY */
-               + nla_total_size(sizeof(struct ovs_flow_stats)) /* OVS_FLOW_ATTR_STATS */
-               + nla_total_size(1) /* OVS_FLOW_ATTR_TCP_FLAGS */
-               + nla_total_size(8) /* OVS_FLOW_ATTR_USED */
-               + nla_total_size(acts->actions_len); /* OVS_FLOW_ATTR_ACTIONS */
-}
+       struct net *net = sock_net(skb->sk);
+       struct nlattr **a = info->attrs;
+       struct ovs_header *ovs_header = info->userhdr;
+       struct sw_flow *flow = NULL, *new_flow;
+       struct sw_flow_mask mask;
+       struct sk_buff *reply;
+       struct datapath *dp;
+       struct sw_flow_key key;
+       struct sw_flow_actions *acts;
+       struct sw_flow_match match;
+       u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
+       int error;
+       bool log = !a[OVS_FLOW_ATTR_PROBE];
  
-/* Called with genl_lock. */
-static int ovs_flow_cmd_fill_info(struct sw_flow *flow, struct datapath *dp,
-                                 struct sk_buff *skb, u32 portid,
-                                 u32 seq, u32 flags, u8 cmd)
-{
-       const int skb_orig_len = skb->len;
-       const struct sw_flow_actions *sf_acts;
-       struct nlattr *start;
-       struct ovs_flow_stats stats;
-       struct ovs_header *ovs_header;
-       struct nlattr *nla;
-       unsigned long used;
-       u8 tcp_flags;
-       int err;
+       /* Must have key and actions. */
+       error = -EINVAL;
+       if (!a[OVS_FLOW_ATTR_KEY]) {
+               OVS_NLERR(log, "Flow key attr not present in new flow.");
+               goto error;
+       }
+       if (!a[OVS_FLOW_ATTR_ACTIONS]) {
+               OVS_NLERR(log, "Flow actions attr not present in new flow.");
+               goto error;
+       }
  
-       sf_acts = rcu_dereference_protected(flow->sf_acts,
-                                           lockdep_genl_is_held());
+       /* Most of the time we need to allocate a new flow, do it before
+        * locking.
+        */
+       new_flow = ovs_flow_alloc();
+       if (IS_ERR(new_flow)) {
+               error = PTR_ERR(new_flow);
+               goto error;
+       }
  
-       ovs_header = genlmsg_put(skb, portid, seq, &dp_flow_genl_family, flags, cmd);
-       if (!ovs_header)
-               return -EMSGSIZE;
+       /* Extract key. */
+       ovs_match_init(&match, &key, &mask);
+       error = ovs_nla_get_match(net, &match, a[OVS_FLOW_ATTR_KEY],
+                                 a[OVS_FLOW_ATTR_MASK], log);
+       if (error)
+               goto err_kfree_flow;
  
-       ovs_header->dp_ifindex = get_dpifindex(dp);
+       ovs_flow_mask_key(&new_flow->key, &key, true, &mask);
  
-       nla = nla_nest_start(skb, OVS_FLOW_ATTR_KEY);
-       if (!nla)
-               goto nla_put_failure;
-       err = ovs_flow_to_nlattrs(&flow->key, skb);
-       if (err)
-               goto error;
-       nla_nest_end(skb, nla);
+       /* Extract flow identifier. */
+       error = ovs_nla_get_identifier(&new_flow->id, a[OVS_FLOW_ATTR_UFID],
+                                      &key, log);
+       if (error)
+               goto err_kfree_flow;
  
-       spin_lock_bh(&flow->lock);
-       used = flow->used;
-       stats.n_packets = flow->packet_count;
-       stats.n_bytes = flow->byte_count;
-       tcp_flags = flow->tcp_flags;
-       spin_unlock_bh(&flow->lock);
+       /* Validate actions. */
+       error = ovs_nla_copy_actions(net, a[OVS_FLOW_ATTR_ACTIONS],
+                                    &new_flow->key, &acts, log);
+       if (error) {
+               OVS_NLERR(log, "Flow actions may not be safe on all matching packets.");
+               goto err_kfree_flow;
+       }
  
-       if (used &&
-           nla_put_u64(skb, OVS_FLOW_ATTR_USED, ovs_flow_used_time(used)))
-               goto nla_put_failure;
+       reply = ovs_flow_cmd_alloc_info(acts, &new_flow->id, info, false,
+                                       ufid_flags);
+       if (IS_ERR(reply)) {
+               error = PTR_ERR(reply);
+               goto err_kfree_acts;
+       }
  
-       if (stats.n_packets &&
-           nla_put(skb, OVS_FLOW_ATTR_STATS,
-                   sizeof(struct ovs_flow_stats), &stats))
-               goto nla_put_failure;
+       ovs_lock();
+       dp = get_dp(net, ovs_header->dp_ifindex);
+       if (unlikely(!dp)) {
+               error = -ENODEV;
+               goto err_unlock_ovs;
+       }
  
-       if (tcp_flags &&
-           nla_put_u8(skb, OVS_FLOW_ATTR_TCP_FLAGS, tcp_flags))
-               goto nla_put_failure;
+       /* Check if this is a duplicate flow */
+       if (ovs_identifier_is_ufid(&new_flow->id))
+               flow = ovs_flow_tbl_lookup_ufid(&dp->table, &new_flow->id);
+       if (!flow)
+               flow = ovs_flow_tbl_lookup(&dp->table, &key);
+       if (likely(!flow)) {
+               rcu_assign_pointer(new_flow->sf_acts, acts);
  
-       /* If OVS_FLOW_ATTR_ACTIONS doesn't fit, skip dumping the actions if
-        * this is the first flow to be dumped into 'skb'.  This is unusual for
-        * Netlink but individual action lists can be longer than
-        * NLMSG_GOODSIZE and thus entirely undumpable if we didn't do this.
-        * The userspace caller can always fetch the actions separately if it
-        * really wants them.  (Most userspace callers in fact don't care.)
-        *
-        * This can only fail for dump operations because the skb is always
-        * properly sized for single flows.
-        */
-       start = nla_nest_start(skb, OVS_FLOW_ATTR_ACTIONS);
-       if (start) {
-               err = actions_to_attr(sf_acts->actions, sf_acts->actions_len, skb);
-               if (!err)
-                       nla_nest_end(skb, start);
-               else {
-                       if (skb_orig_len)
-                               goto error;
+               /* Put flow in bucket. */
+               error = ovs_flow_tbl_insert(&dp->table, new_flow, &mask);
+               if (unlikely(error)) {
+                       acts = NULL;
+                       goto err_unlock_ovs;
+               }
  
-                       nla_nest_cancel(skb, start);
+               if (unlikely(reply)) {
+                       error = ovs_flow_cmd_fill_info(new_flow,
+                                                      ovs_header->dp_ifindex,
+                                                      reply, info->snd_portid,
+                                                      info->snd_seq, 0,
+                                                      OVS_FLOW_CMD_NEW,
+                                                      ufid_flags);
+                       BUG_ON(error < 0);
                 }
-       } else if (skb_orig_len)
-               goto nla_put_failure;
+               ovs_unlock();
+       } else {
+               struct sw_flow_actions *old_acts;
  
-       return genlmsg_end(skb, ovs_header);
+               /* Bail out if we're not allowed to modify an existing flow.
+                * We accept NLM_F_CREATE in place of the intended NLM_F_EXCL
+                * because Generic Netlink treats the latter as a dump
+                * request.  We also accept NLM_F_EXCL in case that bug ever
+                * gets fixed.
+                */
+               if (unlikely(info->nlhdr->nlmsg_flags & (NLM_F_CREATE
+                                                        | NLM_F_EXCL))) {
+                       error = -EEXIST;
+                       goto err_unlock_ovs;
+               }
+               /* The flow identifier has to be the same for flow updates.
+                * Look for any overlapping flow.
+                */
+               if (unlikely(!ovs_flow_cmp(flow, &match))) {
+                       if (ovs_identifier_is_key(&flow->id))
+                               flow = ovs_flow_tbl_lookup_exact(&dp->table,
+                                                                &match);
+                       else /* UFID matches but key is different */
+                               flow = NULL;
+                       if (!flow) {
+                               error = -ENOENT;
+                               goto err_unlock_ovs;
+                       }
+               }
+               /* Update actions. */
+               old_acts = ovsl_dereference(flow->sf_acts);
+               rcu_assign_pointer(flow->sf_acts, acts);
  
-nla_put_failure:
-       err = -EMSGSIZE;
-error:
-       genlmsg_cancel(skb, ovs_header);
-       return err;
-}
+               if (unlikely(reply)) {
+                       error = ovs_flow_cmd_fill_info(flow,
+                                                      ovs_header->dp_ifindex,
+                                                      reply, info->snd_portid,
+                                                      info->snd_seq, 0,
+                                                      OVS_FLOW_CMD_NEW,
+                                                      ufid_flags);
+                       BUG_ON(error < 0);
+               }
+               ovs_unlock();
  
-static struct sk_buff *ovs_flow_cmd_alloc_info(struct sw_flow *flow)
-{
-       const struct sw_flow_actions *sf_acts;
+               ovs_nla_free_flow_actions_rcu(old_acts);
+               ovs_flow_free(new_flow, false);
+       }
  
-       sf_acts = rcu_dereference_protected(flow->sf_acts,
-                                           lockdep_genl_is_held());
+       if (reply)
+               ovs_notify(&dp_flow_genl_family, &ovs_dp_flow_multicast_group, reply, info);
+       return 0;
  
-       return genlmsg_new(ovs_flow_cmd_msg_size(sf_acts), GFP_KERNEL);
+err_unlock_ovs:
+       ovs_unlock();
+       kfree_skb(reply);
+err_kfree_acts:
+       ovs_nla_free_flow_actions(acts);
+err_kfree_flow:
+       ovs_flow_free(new_flow, false);
+error:
+       return error;
  }
  
-static struct sk_buff *ovs_flow_cmd_build_info(struct sw_flow *flow,
-                                              struct datapath *dp,
-                                              u32 portid, u32 seq, u8 cmd)
+/* Factor out action copy to avoid "Wframe-larger-than=1024" warning. */
+static struct sw_flow_actions *get_flow_actions(struct net *net,
+                                               const struct nlattr *a,
+                                               const struct sw_flow_key *key,
+                                               const struct sw_flow_mask *mask,
+                                               bool log)
  {
-       struct sk_buff *skb;
-       int retval;
+       struct sw_flow_actions *acts;
+       struct sw_flow_key masked_key;
+       int error;
  
-       skb = ovs_flow_cmd_alloc_info(flow);
-       if (!skb)
-               return ERR_PTR(-ENOMEM);
+       ovs_flow_mask_key(&masked_key, key, true, mask);
+       error = ovs_nla_copy_actions(net, a, &masked_key, &acts, log);
+       if (error) {
+               OVS_NLERR(log,
+                         "Actions may not be safe on all matching packets");
+               return ERR_PTR(error);
+       }
  
-       retval = ovs_flow_cmd_fill_info(flow, dp, skb, portid, seq, 0, cmd);
-       BUG_ON(retval < 0);
-       return skb;
+       return acts;
  }
  
-static int ovs_flow_cmd_new_or_set(struct sk_buff *skb, struct genl_info *info)
+static int ovs_flow_cmd_set(struct sk_buff *skb, struct genl_info *info)
  {
+       struct net *net = sock_net(skb->sk);
         struct nlattr **a = info->attrs;
         struct ovs_header *ovs_header = info->userhdr;
         struct sw_flow_key key;
         struct sw_flow *flow;
-       struct sk_buff *reply;
+       struct sw_flow_mask mask;
+       struct sk_buff *reply = NULL;
         struct datapath *dp;
-       struct flow_table *table;
-       struct sw_flow_actions *acts = NULL;
+       struct sw_flow_actions *old_acts = NULL, *acts = NULL;
+       struct sw_flow_match match;
+       struct sw_flow_id sfid;
+       u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
         int error;
-       int key_len;
+       bool log = !a[OVS_FLOW_ATTR_PROBE];
+       bool ufid_present;
  
         /* Extract key. */
         error = -EINVAL;
-       if (!a[OVS_FLOW_ATTR_KEY])
+       if (!a[OVS_FLOW_ATTR_KEY]) {
+               OVS_NLERR(log, "Flow key attribute not present in set flow.");
                 goto error;
-       error = ovs_flow_from_nlattrs(&key, &key_len, a[OVS_FLOW_ATTR_KEY]);
+       }
+
+       ufid_present = ovs_nla_get_ufid(&sfid, a[OVS_FLOW_ATTR_UFID], log);
+       ovs_match_init(&match, &key, &mask);
+       error = ovs_nla_get_match(net, &match, a[OVS_FLOW_ATTR_KEY],
+                                 a[OVS_FLOW_ATTR_MASK], log);
         if (error)
                 goto error;
  
         /* Validate actions. */
         if (a[OVS_FLOW_ATTR_ACTIONS]) {
-               acts = ovs_flow_actions_alloc(nla_len(a[OVS_FLOW_ATTR_ACTIONS]));
-               error = PTR_ERR(acts);
-               if (IS_ERR(acts))
+               acts = get_flow_actions(net, a[OVS_FLOW_ATTR_ACTIONS], &key,
+                                       &mask, log);
+               if (IS_ERR(acts)) {
+                       error = PTR_ERR(acts);
                         goto error;
+               }
  
-               error = validate_and_copy_actions(a[OVS_FLOW_ATTR_ACTIONS], &key,  0, &acts);
-               if (error)
-                       goto err_kfree;
-       } else if (info->genlhdr->cmd == OVS_FLOW_CMD_NEW) {
-               error = -EINVAL;
-               goto error;
+               /* Can allocate before locking if have acts. */
+               reply = ovs_flow_cmd_alloc_info(acts, &sfid, info, false,
+                                               ufid_flags);
+               if (IS_ERR(reply)) {
+                       error = PTR_ERR(reply);
+                       goto err_kfree_acts;
+               }
         }
  
-       dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
-       error = -ENODEV;
-       if (!dp)
-               goto err_kfree;
-
-       table = genl_dereference(dp->table);
-       flow = ovs_flow_tbl_lookup(table, &key, key_len);
-       if (!flow) {
-               /* Bail out if we're not allowed to create a new flow. */
+       ovs_lock();
+       dp = get_dp(net, ovs_header->dp_ifindex);
+       if (unlikely(!dp)) {
+               error = -ENODEV;
+               goto err_unlock_ovs;
+       }
+       /* Check that the flow exists. */
+       if (ufid_present)
+               flow = ovs_flow_tbl_lookup_ufid(&dp->table, &sfid);
+       else
+               flow = ovs_flow_tbl_lookup_exact(&dp->table, &match);
+       if (unlikely(!flow)) {
                 error = -ENOENT;
-               if (info->genlhdr->cmd == OVS_FLOW_CMD_SET)
-                       goto err_kfree;
-
-               /* Expand table, if necessary, to make room. */
-               if (ovs_flow_tbl_need_to_expand(table)) {
-                       struct flow_table *new_table;
-
-                       new_table = ovs_flow_tbl_expand(table);
-                       if (!IS_ERR(new_table)) {
-                               rcu_assign_pointer(dp->table, new_table);
-                               ovs_flow_tbl_deferred_destroy(table);
-                               table = genl_dereference(dp->table);
-                       }
-               }
-
-               /* Allocate flow. */
-               flow = ovs_flow_alloc();
-               if (IS_ERR(flow)) {
-                       error = PTR_ERR(flow);
-                       goto err_kfree;
-               }
-               clear_stats(flow);
+               goto err_unlock_ovs;
+       }
  
+       /* Update actions, if present. */
+       if (likely(acts)) {
+               old_acts = ovsl_dereference(flow->sf_acts);
                 rcu_assign_pointer(flow->sf_acts, acts);
  
-               /* Put flow in bucket. */
-               ovs_flow_tbl_insert(table, flow, &key, key_len);
-
-               reply = ovs_flow_cmd_build_info(flow, dp, info->snd_portid,
-                                               info->snd_seq,
-                                               OVS_FLOW_CMD_NEW);
+               if (unlikely(reply)) {
+                       error = ovs_flow_cmd_fill_info(flow,
+                                                      ovs_header->dp_ifindex,
+                                                      reply, info->snd_portid,
+                                                      info->snd_seq, 0,
+                                                      OVS_FLOW_CMD_NEW,
+                                                      ufid_flags);
+                       BUG_ON(error < 0);
+               }
         } else {
-               /* We found a matching flow. */
-               struct sw_flow_actions *old_acts;
-
-               /* Bail out if we're not allowed to modify an existing flow.
-                * We accept NLM_F_CREATE in place of the intended NLM_F_EXCL
-                * because Generic Netlink treats the latter as a dump
-                * request.  We also accept NLM_F_EXCL in case that bug ever
-                * gets fixed.
-                */
-               error = -EEXIST;
-               if (info->genlhdr->cmd == OVS_FLOW_CMD_NEW &&
-                   info->nlhdr->nlmsg_flags & (NLM_F_CREATE | NLM_F_EXCL))
-                       goto err_kfree;
-
-               /* Update actions. */
-               old_acts = rcu_dereference_protected(flow->sf_acts,
-                                                    lockdep_genl_is_held());
-               rcu_assign_pointer(flow->sf_acts, acts);
-               ovs_flow_deferred_free_acts(old_acts);
-
-               reply = ovs_flow_cmd_build_info(flow, dp, info->snd_portid,
-                                              info->snd_seq, OVS_FLOW_CMD_NEW);
-
-               /* Clear stats. */
-               if (a[OVS_FLOW_ATTR_CLEAR]) {
-                       spin_lock_bh(&flow->lock);
-                       clear_stats(flow);
-                       spin_unlock_bh(&flow->lock);
+               /* Could not alloc without acts before locking. */
+               reply = ovs_flow_cmd_build_info(flow, ovs_header->dp_ifindex,
+                                               info, OVS_FLOW_CMD_NEW, false,
+                                               ufid_flags);
+
+               if (unlikely(IS_ERR(reply))) {
+                       error = PTR_ERR(reply);
+                       goto err_unlock_ovs;
                 }
         }
  
-       if (!IS_ERR(reply))
-               genl_notify(reply, genl_info_net(info), info->snd_portid,
-                          ovs_dp_flow_multicast_group.id, info->nlhdr,
-                          GFP_KERNEL);
-       else
-               netlink_set_err(GENL_SOCK(sock_net(skb->sk)), 0,
-                               ovs_dp_flow_multicast_group.id, PTR_ERR(reply));
+       /* Clear stats. */
+       if (a[OVS_FLOW_ATTR_CLEAR])
+               ovs_flow_stats_clear(flow);
+       ovs_unlock();
+
+       if (reply)
+               ovs_notify(&dp_flow_genl_family, &ovs_dp_flow_multicast_group, reply, info);
+       if (old_acts)
+               ovs_nla_free_flow_actions_rcu(old_acts);
+
         return 0;
  
-err_kfree:
-       kfree(acts);
+err_unlock_ovs:
+       ovs_unlock();
+       kfree_skb(reply);
+err_kfree_acts:
+       ovs_nla_free_flow_actions(acts);
  error:
         return error;
  }
@@ -1324,121 +1221,199 @@ static int ovs_flow_cmd_get(struct sk_buff *skb, struct genl_info *info)
  {
         struct nlattr **a = info->attrs;
         struct ovs_header *ovs_header = info->userhdr;
+       struct net *net = sock_net(skb->sk);
         struct sw_flow_key key;
         struct sk_buff *reply;
         struct sw_flow *flow;
         struct datapath *dp;
-       struct flow_table *table;
-       int err;
-       int key_len;
-
-       if (!a[OVS_FLOW_ATTR_KEY])
-               return -EINVAL;
-       err = ovs_flow_from_nlattrs(&key, &key_len, a[OVS_FLOW_ATTR_KEY]);
+       struct sw_flow_match match;
+       struct sw_flow_id ufid;
+       u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
+       int err = 0;
+       bool log = !a[OVS_FLOW_ATTR_PROBE];
+       bool ufid_present;
+
+       ufid_present = ovs_nla_get_ufid(&ufid, a[OVS_FLOW_ATTR_UFID], log);
+       if (a[OVS_FLOW_ATTR_KEY]) {
+               ovs_match_init(&match, &key, NULL);
+               err = ovs_nla_get_match(net, &match, a[OVS_FLOW_ATTR_KEY], NULL,
+                                       log);
+       } else if (!ufid_present) {
+               OVS_NLERR(log,
+                         "Flow get message rejected, Key attribute missing.");
+               err = -EINVAL;
+       }
         if (err)
                 return err;
  
+       ovs_lock();
         dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
-       if (!dp)
-               return -ENODEV;
+       if (!dp) {
+               err = -ENODEV;
+               goto unlock;
+       }
  
-       table = genl_dereference(dp->table);
-       flow = ovs_flow_tbl_lookup(table, &key, key_len);
-       if (!flow)
-               return -ENOENT;
+       if (ufid_present)
+               flow = ovs_flow_tbl_lookup_ufid(&dp->table, &ufid);
+       else
+               flow = ovs_flow_tbl_lookup_exact(&dp->table, &match);
+       if (!flow) {
+               err = -ENOENT;
+               goto unlock;
+       }
  
-       reply = ovs_flow_cmd_build_info(flow, dp, info->snd_portid,
-                                       info->snd_seq, OVS_FLOW_CMD_NEW);
-       if (IS_ERR(reply))
-               return PTR_ERR(reply);
+       reply = ovs_flow_cmd_build_info(flow, ovs_header->dp_ifindex, info,
+                                       OVS_FLOW_CMD_NEW, true, ufid_flags);
+       if (IS_ERR(reply)) {
+               err = PTR_ERR(reply);
+               goto unlock;
+       }
  
+       ovs_unlock();
         return genlmsg_reply(reply, info);
+unlock:
+       ovs_unlock();
+       return err;
  }
  
  static int ovs_flow_cmd_del(struct sk_buff *skb, struct genl_info *info)
  {
         struct nlattr **a = info->attrs;
         struct ovs_header *ovs_header = info->userhdr;
+       struct net *net = sock_net(skb->sk);
         struct sw_flow_key key;
         struct sk_buff *reply;
-       struct sw_flow *flow;
+       struct sw_flow *flow = NULL;
         struct datapath *dp;
-       struct flow_table *table;
+       struct sw_flow_match match;
+       struct sw_flow_id ufid;
+       u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
         int err;
-       int key_len;
+       bool log = !a[OVS_FLOW_ATTR_PROBE];
+       bool ufid_present;
+
+       ufid_present = ovs_nla_get_ufid(&ufid, a[OVS_FLOW_ATTR_UFID], log);
+       if (a[OVS_FLOW_ATTR_KEY]) {
+               ovs_match_init(&match, &key, NULL);
+               err = ovs_nla_get_match(net, &match, a[OVS_FLOW_ATTR_KEY],
+                                       NULL, log);
+               if (unlikely(err))
+                       return err;
+       }
  
+       ovs_lock();
         dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
-       if (!dp)
-               return -ENODEV;
-
-       if (!a[OVS_FLOW_ATTR_KEY])
-               return flush_flows(dp);
-
-       err = ovs_flow_from_nlattrs(&key, &key_len, a[OVS_FLOW_ATTR_KEY]);
-       if (err)
-               return err;
-
-       table = genl_dereference(dp->table);
-       flow = ovs_flow_tbl_lookup(table, &key, key_len);
-       if (!flow)
-               return -ENOENT;
+       if (unlikely(!dp)) {
+               err = -ENODEV;
+               goto unlock;
+       }
  
-       reply = ovs_flow_cmd_alloc_info(flow);
-       if (!reply)
-               return -ENOMEM;
+       if (unlikely(!a[OVS_FLOW_ATTR_KEY] && !ufid_present)) {
+               err = ovs_flow_tbl_flush(&dp->table);
+               goto unlock;
+       }
  
-       ovs_flow_tbl_remove(table, flow);
+       if (ufid_present)
+               flow = ovs_flow_tbl_lookup_ufid(&dp->table, &ufid);
+       else
+               flow = ovs_flow_tbl_lookup_exact(&dp->table, &match);
+       if (unlikely(!flow)) {
+               err = -ENOENT;
+               goto unlock;
+       }
  
-       err = ovs_flow_cmd_fill_info(flow, dp, reply, info->snd_portid,
-                                    info->snd_seq, 0, OVS_FLOW_CMD_DEL);
-       BUG_ON(err < 0);
+       ovs_flow_tbl_remove(&dp->table, flow);
+       ovs_unlock();
+
+       reply = ovs_flow_cmd_alloc_info(rcu_dereference_raw(flow->sf_acts),
+                                       &flow->id, info, false, ufid_flags);
+
+       if (likely(reply)) {
+               if (likely(!IS_ERR(reply))) {
+                       rcu_read_lock();        /*To keep RCU checker happy. */
+                       err = ovs_flow_cmd_fill_info(flow, ovs_header->dp_ifindex,
+                                                    reply, info->snd_portid,
+                                                    info->snd_seq, 0,
+                                                    OVS_FLOW_CMD_DEL,
+                                                    ufid_flags);
+                       rcu_read_unlock();
+                       BUG_ON(err < 0);
+                       ovs_notify(&dp_flow_genl_family, &ovs_dp_flow_multicast_group, reply, info);
+               } else {
+                       genl_set_err(&dp_flow_genl_family, sock_net(skb->sk), 0,
+                                    GROUP_ID(&ovs_dp_flow_multicast_group), PTR_ERR(reply));
  
-       ovs_flow_deferred_free(flow);
+               }
+       }
  
-       genl_notify(reply, genl_info_net(info), info->snd_portid,
-                   ovs_dp_flow_multicast_group.id, info->nlhdr, GFP_KERNEL);
+       ovs_flow_free(flow, true);
         return 0;
+unlock:
+       ovs_unlock();
+       return err;
  }
  
  static int ovs_flow_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
  {
+       struct nlattr *a[__OVS_FLOW_ATTR_MAX];
         struct ovs_header *ovs_header = genlmsg_data(nlmsg_data(cb->nlh));
+       struct table_instance *ti;
         struct datapath *dp;
-       struct flow_table *table;
+       u32 ufid_flags;
+       int err;
  
-       dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
-       if (!dp)
-               return -ENODEV;
+       err = genlmsg_parse(cb->nlh, &dp_flow_genl_family, a,
+                           OVS_FLOW_ATTR_MAX, flow_policy);
+       if (err)
+               return err;
+       ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
  
-       table = genl_dereference(dp->table);
+       rcu_read_lock();
+       dp = get_dp_rcu(sock_net(skb->sk), ovs_header->dp_ifindex);
+       if (!dp) {
+               rcu_read_unlock();
+               return -ENODEV;
+       }
  
+       ti = rcu_dereference(dp->table.ti);
         for (;;) {
                 struct sw_flow *flow;
                 u32 bucket, obj;
  
                 bucket = cb->args[0];
                 obj = cb->args[1];
-               flow = ovs_flow_tbl_next(table, &bucket, &obj);
+               flow = ovs_flow_tbl_dump_next(ti, &bucket, &obj);
                 if (!flow)
                         break;
  
-               if (ovs_flow_cmd_fill_info(flow, dp, skb,
+               if (ovs_flow_cmd_fill_info(flow, ovs_header->dp_ifindex, skb,
                                            NETLINK_CB(cb->skb).portid,
                                            cb->nlh->nlmsg_seq, NLM_F_MULTI,
-                                          OVS_FLOW_CMD_NEW) < 0)
+                                          OVS_FLOW_CMD_NEW, ufid_flags) < 0)
                         break;
  
                 cb->args[0] = bucket;
                 cb->args[1] = obj;
         }
+       rcu_read_unlock();
         return skb->len;
  }
  
+static const struct nla_policy flow_policy[OVS_FLOW_ATTR_MAX + 1] = {
+       [OVS_FLOW_ATTR_KEY] = { .type = NLA_NESTED },
+       [OVS_FLOW_ATTR_MASK] = { .type = NLA_NESTED },
+       [OVS_FLOW_ATTR_ACTIONS] = { .type = NLA_NESTED },
+       [OVS_FLOW_ATTR_CLEAR] = { .type = NLA_FLAG },
+       [OVS_FLOW_ATTR_PROBE] = { .type = NLA_FLAG },
+       [OVS_FLOW_ATTR_UFID] = { .type = NLA_UNSPEC, .len = 1 },
+       [OVS_FLOW_ATTR_UFID_FLAGS] = { .type = NLA_U32 },
+};
+
  static struct genl_ops dp_flow_genl_ops[] = {
         { .cmd = OVS_FLOW_CMD_NEW,
           .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
           .policy = flow_policy,
-         .doit = ovs_flow_cmd_new_or_set
+         .doit = ovs_flow_cmd_new
         },
         { .cmd = OVS_FLOW_CMD_DEL,
           .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
@@ -1454,28 +1429,22 @@ static struct genl_ops dp_flow_genl_ops[] = {
         { .cmd = OVS_FLOW_CMD_SET,
           .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
           .policy = flow_policy,
-         .doit = ovs_flow_cmd_new_or_set,
+         .doit = ovs_flow_cmd_set,
         },
  };
  
-static const struct nla_policy datapath_policy[OVS_DP_ATTR_MAX + 1] = {
-#ifdef HAVE_NLA_NUL_STRING
-       [OVS_DP_ATTR_NAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
-#endif
-       [OVS_DP_ATTR_UPCALL_PID] = { .type = NLA_U32 },
-};
-
-static struct genl_family dp_datapath_genl_family = {
+static struct genl_family dp_flow_genl_family = {
         .id = GENL_ID_GENERATE,
         .hdrsize = sizeof(struct ovs_header),
-       .name = OVS_DATAPATH_FAMILY,
-       .version = OVS_DATAPATH_VERSION,
-       .maxattr = OVS_DP_ATTR_MAX,
-        SET_NETNSOK
-};
-
-static struct genl_multicast_group ovs_dp_datapath_multicast_group = {
-       .name = OVS_DATAPATH_MCGROUP
+       .name = OVS_FLOW_FAMILY,
+       .version = OVS_FLOW_VERSION,
+       .maxattr = OVS_FLOW_ATTR_MAX,
+       .netnsok = true,
+       .parallel_ops = true,
+       .ops = dp_flow_genl_ops,
+       .n_ops = ARRAY_SIZE(dp_flow_genl_ops),
+       .mcgrps = &ovs_dp_flow_multicast_group,
+       .n_mcgrps = 1,
  };
  
  static size_t ovs_dp_cmd_msg_size(void)
@@ -1484,15 +1453,19 @@ static size_t ovs_dp_cmd_msg_size(void)
  
         msgsize += nla_total_size(IFNAMSIZ);
         msgsize += nla_total_size(sizeof(struct ovs_dp_stats));
+       msgsize += nla_total_size(sizeof(struct ovs_dp_megaflow_stats));
+       msgsize += nla_total_size(sizeof(u32)); /* OVS_DP_ATTR_USER_FEATURES */
  
         return msgsize;
  }
  
+/* Called with ovs_mutex. */
  static int ovs_dp_cmd_fill_info(struct datapath *dp, struct sk_buff *skb,
                                 u32 portid, u32 seq, u32 flags, u8 cmd)
  {
         struct ovs_header *ovs_header;
         struct ovs_dp_stats dp_stats;
+       struct ovs_dp_megaflow_stats dp_megaflow_stats;
         int err;
  
         ovs_header = genlmsg_put(skb, portid, seq, &dp_datapath_genl_family,
@@ -1502,17 +1475,25 @@ static int ovs_dp_cmd_fill_info(struct datapath *dp, struct sk_buff *skb,
  
         ovs_header->dp_ifindex = get_dpifindex(dp);
  
-       rcu_read_lock();
         err = nla_put_string(skb, OVS_DP_ATTR_NAME, ovs_dp_name(dp));
-       rcu_read_unlock();
         if (err)
                 goto nla_put_failure;
  
-       get_dp_stats(dp, &dp_stats);
-       if (nla_put(skb, OVS_DP_ATTR_STATS, sizeof(struct ovs_dp_stats), &dp_stats))
+       get_dp_stats(dp, &dp_stats, &dp_megaflow_stats);
+       if (nla_put(skb, OVS_DP_ATTR_STATS, sizeof(struct ovs_dp_stats),
+                       &dp_stats))
+               goto nla_put_failure;
+
+       if (nla_put(skb, OVS_DP_ATTR_MEGAFLOW_STATS,
+                       sizeof(struct ovs_dp_megaflow_stats),
+                       &dp_megaflow_stats))
                 goto nla_put_failure;
  
-       return genlmsg_end(skb, ovs_header);
+       if (nla_put_u32(skb, OVS_DP_ATTR_USER_FEATURES, dp->user_features))
+               goto nla_put_failure;
+
+       genlmsg_end(skb, ovs_header);
+       return 0;
  
  nla_put_failure:
         genlmsg_cancel(skb, ovs_header);
@@ -1520,32 +1501,14 @@ error:
         return -EMSGSIZE;
  }
  
-static struct sk_buff *ovs_dp_cmd_build_info(struct datapath *dp, u32 portid,
-                                            u32 seq, u8 cmd)
-{
-       struct sk_buff *skb;
-       int retval;
-
-       skb = genlmsg_new(ovs_dp_cmd_msg_size(), GFP_KERNEL);
-       if (!skb)
-               return ERR_PTR(-ENOMEM);
-
-       retval = ovs_dp_cmd_fill_info(dp, skb, portid, seq, 0, cmd);
-       if (retval < 0) {
-               kfree_skb(skb);
-               return ERR_PTR(retval);
-       }
-       return skb;
-}
-
-static int ovs_dp_cmd_validate(struct nlattr *a[OVS_DP_ATTR_MAX + 1])
+static struct sk_buff *ovs_dp_cmd_alloc_info(struct genl_info *info)
  {
-       return CHECK_NUL_STRING(a[OVS_DP_ATTR_NAME], IFNAMSIZ - 1);
+       return genlmsg_new_unicast(ovs_dp_cmd_msg_size(), info, GFP_KERNEL);
  }
  
-/* Called with genl_mutex and optionally with RTNL lock also. */
+/* Called with rcu_read_lock or ovs_mutex. */
  static struct datapath *lookup_datapath(struct net *net,
-                                       struct ovs_header *ovs_header,
+                                       const struct ovs_header *ovs_header,
                                         struct nlattr *a[OVS_DP_ATTR_MAX + 1])
  {
         struct datapath *dp;
@@ -1555,14 +1518,30 @@ static struct datapath *lookup_datapath(struct net *net,
         else {
                 struct vport *vport;
  
-               rcu_read_lock();
                 vport = ovs_vport_locate(net, nla_data(a[OVS_DP_ATTR_NAME]));
                 dp = vport && vport->port_no == OVSP_LOCAL ? vport->dp : NULL;
-               rcu_read_unlock();
         }
         return dp ? dp : ERR_PTR(-ENODEV);
  }
  
+static void ovs_dp_reset_user_features(struct sk_buff *skb, struct genl_info *info)
+{
+       struct datapath *dp;
+
+       dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
+       if (IS_ERR(dp))
+               return;
+
+       WARN(dp->user_features, "Dropping previously announced user features\n");
+       dp->user_features = 0;
+}
+
+static void ovs_dp_change(struct datapath *dp, struct nlattr *a[])
+{
+       if (a[OVS_DP_ATTR_USER_FEATURES])
+               dp->user_features = nla_get_u32(a[OVS_DP_ATTR_USER_FEATURES]);
+}
+
  static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info)
  {
         struct nlattr **a = info->attrs;
@@ -1577,26 +1556,23 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info)
         if (!a[OVS_DP_ATTR_NAME] || !a[OVS_DP_ATTR_UPCALL_PID])
                 goto err;
  
-       err = ovs_dp_cmd_validate(a);
-       if (err)
-               goto err;
-
-       rtnl_lock();
+       reply = ovs_dp_cmd_alloc_info(info);
+       if (!reply)
+               return -ENOMEM;
  
         err = -ENOMEM;
         dp = kzalloc(sizeof(*dp), GFP_KERNEL);
         if (dp == NULL)
-               goto err_unlock_rtnl;
+               goto err_free_reply;
  
-       ovs_dp_set_net(dp, hold_net(sock_net(skb->sk)));
+       ovs_dp_set_net(dp, sock_net(skb->sk));
  
         /* Allocate table. */
-       err = -ENOMEM;
-       rcu_assign_pointer(dp->table, ovs_flow_tbl_alloc(TBL_MIN_BUCKETS));
-       if (!dp->table)
+       err = ovs_flow_tbl_init(&dp->table);
+       if (err)
                 goto err_free_dp;
  
-       dp->stats_percpu = alloc_percpu(struct dp_stats_percpu);
+       dp->stats_percpu = netdev_alloc_pcpu_stats(struct dp_stats_percpu);
         if (!dp->stats_percpu) {
                 err = -ENOMEM;
                 goto err_destroy_table;
@@ -1618,7 +1594,12 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info)
         parms.options = NULL;
         parms.dp = dp;
         parms.port_no = OVSP_LOCAL;
-       parms.upcall_portid = nla_get_u32(a[OVS_DP_ATTR_UPCALL_PID]);
+       parms.upcall_portids = a[OVS_DP_ATTR_UPCALL_PID];
+
+       ovs_dp_change(dp, a);
+
+       /* So far only local changes have been made, now need the lock. */
+       ovs_lock();
  
         vport = new_vport(&parms);
         if (IS_ERR(vport)) {
@@ -1626,49 +1607,50 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info)
                 if (err == -EBUSY)
                         err = -EEXIST;
  
+               if (err == -EEXIST) {
+                       /* An outdated user space instance that does not understand
+                        * the concept of user_features has attempted to create a new
+                        * datapath and is likely to reuse it. Drop all user features.
+                        */
+                       if (info->genlhdr->version < OVS_DP_VER_FEATURES)
+                               ovs_dp_reset_user_features(skb, info);
+               }
+
                 goto err_destroy_ports_array;
         }
  
-       reply = ovs_dp_cmd_build_info(dp, info->snd_portid,
-                                     info->snd_seq, OVS_DP_CMD_NEW);
-       err = PTR_ERR(reply);
-       if (IS_ERR(reply))
-               goto err_destroy_local_port;
+       err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
+                                  info->snd_seq, 0, OVS_DP_CMD_NEW);
+       BUG_ON(err < 0);
  
         ovs_net = net_generic(ovs_dp_get_net(dp), ovs_net_id);
-       list_add_tail(&dp->list_node, &ovs_net->dps);
+       list_add_tail_rcu(&dp->list_node, &ovs_net->dps);
  
-       rtnl_unlock();
+       ovs_unlock();
  
-       genl_notify(reply, genl_info_net(info), info->snd_portid,
-                   ovs_dp_datapath_multicast_group.id, info->nlhdr,
-                   GFP_KERNEL);
+       ovs_notify(&dp_datapath_genl_family, &ovs_dp_datapath_multicast_group, reply, info);
         return 0;
  
-err_destroy_local_port:
-       ovs_dp_detach_port(ovs_vport_rtnl(dp, OVSP_LOCAL));
  err_destroy_ports_array:
+       ovs_unlock();
         kfree(dp->ports);
  err_destroy_percpu:
         free_percpu(dp->stats_percpu);
  err_destroy_table:
-       ovs_flow_tbl_destroy(genl_dereference(dp->table));
+       ovs_flow_tbl_destroy(&dp->table);
  err_free_dp:
-       release_net(ovs_dp_get_net(dp));
         kfree(dp);
-err_unlock_rtnl:
-       rtnl_unlock();
+err_free_reply:
+       kfree_skb(reply);
  err:
         return err;
  }
  
-/* Called with genl_mutex. */
+/* Called with ovs_mutex. */
  static void __dp_destroy(struct datapath *dp)
  {
         int i;
  
-       rtnl_lock();
-
         for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++) {
                 struct vport *vport;
                 struct hlist_node *n;
@@ -1678,16 +1660,14 @@ static void __dp_destroy(struct datapath *dp)
                                 ovs_dp_detach_port(vport);
         }
  
-       list_del(&dp->list_node);
-       ovs_dp_detach_port(ovs_vport_rtnl(dp, OVSP_LOCAL));
+       list_del_rcu(&dp->list_node);
  
-       /* rtnl_unlock() will wait until all the references to devices that
-        * are pending unregistration have been dropped.  We do it here to
-        * ensure that any internal devices (which contain DP pointers) are
-        * fully destroyed before freeing the datapath.
+       /* OVSP_LOCAL is datapath internal port. We need to make sure that
+        * all ports in datapath are destroyed first before freeing datapath.
          */
-       rtnl_unlock();
+       ovs_dp_detach_port(ovs_vport_ovsl(dp, OVSP_LOCAL));
  
+       /* RCU destroy the flow table */
         call_rcu(&dp->rcu, destroy_dp_rcu);
  }
  
@@ -1697,28 +1677,30 @@ static int ovs_dp_cmd_del(struct sk_buff *skb, struct genl_info *info)
         struct datapath *dp;
         int err;
  
-       err = ovs_dp_cmd_validate(info->attrs);
-       if (err)
-               return err;
+       reply = ovs_dp_cmd_alloc_info(info);
+       if (!reply)
+               return -ENOMEM;
  
+       ovs_lock();
         dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
         err = PTR_ERR(dp);
         if (IS_ERR(dp))
-               return err;
+               goto err_unlock_free;
  
-       reply = ovs_dp_cmd_build_info(dp, info->snd_portid,
-                                     info->snd_seq, OVS_DP_CMD_DEL);
-       err = PTR_ERR(reply);
-       if (IS_ERR(reply))
-               return err;
+       err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
+                                  info->snd_seq, 0, OVS_DP_CMD_DEL);
+       BUG_ON(err < 0);
  
         __dp_destroy(dp);
+       ovs_unlock();
  
-       genl_notify(reply, genl_info_net(info), info->snd_portid,
-                   ovs_dp_datapath_multicast_group.id, info->nlhdr,
-                   GFP_KERNEL);
-
+       ovs_notify(&dp_datapath_genl_family, &ovs_dp_datapath_multicast_group, reply, info);
         return 0;
+
+err_unlock_free:
+       ovs_unlock();
+       kfree_skb(reply);
+       return err;
  }
  
  static int ovs_dp_cmd_set(struct sk_buff *skb, struct genl_info *info)
@@ -1727,28 +1709,31 @@ static int ovs_dp_cmd_set(struct sk_buff *skb, struct genl_info *info)
         struct datapath *dp;
         int err;
  
-       err = ovs_dp_cmd_validate(info->attrs);
-       if (err)
-               return err;
+       reply = ovs_dp_cmd_alloc_info(info);
+       if (!reply)
+               return -ENOMEM;
  
+       ovs_lock();
         dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
+       err = PTR_ERR(dp);
         if (IS_ERR(dp))
-               return PTR_ERR(dp);
+               goto err_unlock_free;
  
-       reply = ovs_dp_cmd_build_info(dp, info->snd_portid,
-                                     info->snd_seq, OVS_DP_CMD_NEW);
-       if (IS_ERR(reply)) {
-               err = PTR_ERR(reply);
-               netlink_set_err(GENL_SOCK(sock_net(skb->sk)), 0,
-                               ovs_dp_datapath_multicast_group.id, err);
-               return 0;
-       }
+       ovs_dp_change(dp, info->attrs);
+
+       err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
+                                  info->snd_seq, 0, OVS_DP_CMD_NEW);
+       BUG_ON(err < 0);
  
-       genl_notify(reply, genl_info_net(info), info->snd_portid,
-                   ovs_dp_datapath_multicast_group.id, info->nlhdr,
-                   GFP_KERNEL);
+       ovs_unlock();
  
+       ovs_notify(&dp_datapath_genl_family, &ovs_dp_datapath_multicast_group, reply, info);
         return 0;
+
+err_unlock_free:
+       ovs_unlock();
+       kfree_skb(reply);
+       return err;
  }
  
  static int ovs_dp_cmd_get(struct sk_buff *skb, struct genl_info *info)
@@ -1757,20 +1742,27 @@ static int ovs_dp_cmd_get(struct sk_buff *skb, struct genl_info *info)
         struct datapath *dp;
         int err;
  
-       err = ovs_dp_cmd_validate(info->attrs);
-       if (err)
-               return err;
+       reply = ovs_dp_cmd_alloc_info(info);
+       if (!reply)
+               return -ENOMEM;
  
+       ovs_lock();
         dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
-       if (IS_ERR(dp))
-               return PTR_ERR(dp);
-
-       reply = ovs_dp_cmd_build_info(dp, info->snd_portid,
-                                     info->snd_seq, OVS_DP_CMD_NEW);
-       if (IS_ERR(reply))
-               return PTR_ERR(reply);
+       if (IS_ERR(dp)) {
+               err = PTR_ERR(dp);
+               goto err_unlock_free;
+       }
+       err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
+                                  info->snd_seq, 0, OVS_DP_CMD_NEW);
+       BUG_ON(err < 0);
+       ovs_unlock();
  
         return genlmsg_reply(reply, info);
+
+err_unlock_free:
+       ovs_unlock();
+       kfree_skb(reply);
+       return err;
  }
  
  static int ovs_dp_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
@@ -1780,6 +1772,7 @@ static int ovs_dp_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
         int skip = cb->args[0];
         int i = 0;
  
+       ovs_lock();
         list_for_each_entry(dp, &ovs_net->dps, list_node) {
                 if (i >= skip &&
                     ovs_dp_cmd_fill_info(dp, skb, NETLINK_CB(cb->skb).portid,
@@ -1788,12 +1781,19 @@ static int ovs_dp_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
                         break;
                 i++;
         }
+       ovs_unlock();
  
         cb->args[0] = i;
  
         return skb->len;
  }
  
+static const struct nla_policy datapath_policy[OVS_DP_ATTR_MAX + 1] = {
+       [OVS_DP_ATTR_NAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
+       [OVS_DP_ATTR_UPCALL_PID] = { .type = NLA_U32 },
+       [OVS_DP_ATTR_USER_FEATURES] = { .type = NLA_U32 },
+};
+
  static struct genl_ops dp_datapath_genl_ops[] = {
         { .cmd = OVS_DP_CMD_NEW,
           .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
@@ -1818,33 +1818,21 @@ static struct genl_ops dp_datapath_genl_ops[] = {
         },
  };
  
-static const struct nla_policy vport_policy[OVS_VPORT_ATTR_MAX + 1] = {
-#ifdef HAVE_NLA_NUL_STRING
-       [OVS_VPORT_ATTR_NAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
-       [OVS_VPORT_ATTR_STATS] = { .len = sizeof(struct ovs_vport_stats) },
-#else
-       [OVS_VPORT_ATTR_STATS] = { .minlen = sizeof(struct ovs_vport_stats) },
-#endif
-       [OVS_VPORT_ATTR_PORT_NO] = { .type = NLA_U32 },
-       [OVS_VPORT_ATTR_TYPE] = { .type = NLA_U32 },
-       [OVS_VPORT_ATTR_UPCALL_PID] = { .type = NLA_U32 },
-       [OVS_VPORT_ATTR_OPTIONS] = { .type = NLA_NESTED },
-};
-
-static struct genl_family dp_vport_genl_family = {
+static struct genl_family dp_datapath_genl_family = {
         .id = GENL_ID_GENERATE,
         .hdrsize = sizeof(struct ovs_header),
-       .name = OVS_VPORT_FAMILY,
-       .version = OVS_VPORT_VERSION,
-       .maxattr = OVS_VPORT_ATTR_MAX,
-        SET_NETNSOK
-};
-
-struct genl_multicast_group ovs_dp_vport_multicast_group = {
-       .name = OVS_VPORT_MCGROUP
+       .name = OVS_DATAPATH_FAMILY,
+       .version = OVS_DATAPATH_VERSION,
+       .maxattr = OVS_DP_ATTR_MAX,
+       .netnsok = true,
+       .parallel_ops = true,
+       .ops = dp_datapath_genl_ops,
+       .n_ops = ARRAY_SIZE(dp_datapath_genl_ops),
+       .mcgrps = &ovs_dp_datapath_multicast_group,
+       .n_mcgrps = 1,
  };
  
-/* Called with RTNL lock or RCU read lock. */
+/* Called with ovs_mutex or RCU read lock. */
  static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb,
                                    u32 portid, u32 seq, u32 flags, u8 cmd)
  {
@@ -1861,8 +1849,8 @@ static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb,
  
         if (nla_put_u32(skb, OVS_VPORT_ATTR_PORT_NO, vport->port_no) ||
             nla_put_u32(skb, OVS_VPORT_ATTR_TYPE, vport->ops->type) ||
-           nla_put_string(skb, OVS_VPORT_ATTR_NAME, vport->ops->get_name(vport)) ||
-           nla_put_u32(skb, OVS_VPORT_ATTR_UPCALL_PID, vport->upcall_portid))
+           nla_put_string(skb, OVS_VPORT_ATTR_NAME,
+                          ovs_vport_name(vport)))
                 goto nla_put_failure;
  
         ovs_vport_get_stats(vport, &vport_stats);
@@ -1870,11 +1858,15 @@ static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb,
                     &vport_stats))
                 goto nla_put_failure;
  
+       if (ovs_vport_get_upcall_portids(vport, skb))
+               goto nla_put_failure;
+
         err = ovs_vport_get_options(vport, skb);
         if (err == -EMSGSIZE)
                 goto error;
  
-       return genlmsg_end(skb, ovs_header);
+       genlmsg_end(skb, ovs_header);
+       return 0;
  
  nla_put_failure:
         err = -EMSGSIZE;
@@ -1883,7 +1875,12 @@ error:
         return err;
  }
  
-/* Called with RTNL lock or RCU read lock. */
+static struct sk_buff *ovs_vport_cmd_alloc_info(void)
+{
+       return nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
+}
+
+/* Called with ovs_mutex, only via ovs_dp_notify_wq(). */
  struct sk_buff *ovs_vport_cmd_build_info(struct vport *vport, u32 portid,
                                          u32 seq, u8 cmd)
  {
@@ -1900,14 +1897,9 @@ struct sk_buff *ovs_vport_cmd_build_info(struct vport *vport, u32 portid,
         return skb;
  }
  
-static int ovs_vport_cmd_validate(struct nlattr *a[OVS_VPORT_ATTR_MAX + 1])
-{
-       return CHECK_NUL_STRING(a[OVS_VPORT_ATTR_NAME], IFNAMSIZ - 1);
-}
-
-/* Called with RTNL lock or RCU read lock. */
+/* Called with ovs_mutex or RCU read lock. */
  static struct vport *lookup_vport(struct net *net,
-                                 struct ovs_header *ovs_header,
+                                 const struct ovs_header *ovs_header,
                                   struct nlattr *a[OVS_VPORT_ATTR_MAX + 1])
  {
         struct datapath *dp;
@@ -1931,7 +1923,7 @@ static struct vport *lookup_vport(struct net *net,
                 if (!dp)
                         return ERR_PTR(-ENODEV);
  
-               vport = ovs_vport_rtnl_rcu(dp, port_no);
+               vport = ovs_vport_ovsl_rcu(dp, port_no);
                 if (!vport)
                         return ERR_PTR(-ENODEV);
                 return vport;
@@ -1950,39 +1942,38 @@ static int ovs_vport_cmd_new(struct sk_buff *skb, struct genl_info *info)
         u32 port_no;
         int err;
  
-       err = -EINVAL;
         if (!a[OVS_VPORT_ATTR_NAME] || !a[OVS_VPORT_ATTR_TYPE] ||
             !a[OVS_VPORT_ATTR_UPCALL_PID])
-               goto exit;
+               return -EINVAL;
  
-       err = ovs_vport_cmd_validate(a);
-       if (err)
-               goto exit;
+       port_no = a[OVS_VPORT_ATTR_PORT_NO]
+               ? nla_get_u32(a[OVS_VPORT_ATTR_PORT_NO]) : 0;
+       if (port_no >= DP_MAX_PORTS)
+               return -EFBIG;
  
-       rtnl_lock();
+       reply = ovs_vport_cmd_alloc_info();
+       if (!reply)
+               return -ENOMEM;
+
+       ovs_lock();
+restart:
         dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
         err = -ENODEV;
         if (!dp)
-               goto exit_unlock;
-
-       if (a[OVS_VPORT_ATTR_PORT_NO]) {
-               port_no = nla_get_u32(a[OVS_VPORT_ATTR_PORT_NO]);
-
-               err = -EFBIG;
-               if (port_no >= DP_MAX_PORTS)
-                       goto exit_unlock;
+               goto exit_unlock_free;
  
-               vport = ovs_vport_rtnl(dp, port_no);
+       if (port_no) {
+               vport = ovs_vport_ovsl(dp, port_no);
                 err = -EBUSY;
                 if (vport)
-                       goto exit_unlock;
+                       goto exit_unlock_free;
         } else {
                 for (port_no = 1; ; port_no++) {
                         if (port_no >= DP_MAX_PORTS) {
                                 err = -EFBIG;
-                               goto exit_unlock;
+                               goto exit_unlock_free;
                         }
-                       vport = ovs_vport_rtnl(dp, port_no);
+                       vport = ovs_vport_ovsl(dp, port_no);
                         if (!vport)
                                 break;
                 }
@@ -1993,30 +1984,27 @@ static int ovs_vport_cmd_new(struct sk_buff *skb, struct genl_info *info)
         parms.options = a[OVS_VPORT_ATTR_OPTIONS];
         parms.dp = dp;
         parms.port_no = port_no;
-       parms.upcall_portid = nla_get_u32(a[OVS_VPORT_ATTR_UPCALL_PID]);
+       parms.upcall_portids = a[OVS_VPORT_ATTR_UPCALL_PID];
  
         vport = new_vport(&parms);
         err = PTR_ERR(vport);
-       if (IS_ERR(vport))
-               goto exit_unlock;
+       if (IS_ERR(vport)) {
+               if (err == -EAGAIN)
+                       goto restart;
+               goto exit_unlock_free;
+       }
  
-       err = 0;
-       if (a[OVS_VPORT_ATTR_STATS])
-               ovs_vport_set_stats(vport, nla_data(a[OVS_VPORT_ATTR_STATS]));
+       err = ovs_vport_cmd_fill_info(vport, reply, info->snd_portid,
+                                     info->snd_seq, 0, OVS_VPORT_CMD_NEW);
+       BUG_ON(err < 0);
+       ovs_unlock();
  
-       reply = ovs_vport_cmd_build_info(vport, info->snd_portid, info->snd_seq,
-                                        OVS_VPORT_CMD_NEW);
-       if (IS_ERR(reply)) {
-               err = PTR_ERR(reply);
-               ovs_dp_detach_port(vport);
-               goto exit_unlock;
-       }
-       genl_notify(reply, genl_info_net(info), info->snd_portid,
-                   ovs_dp_vport_multicast_group.id, info->nlhdr, GFP_KERNEL);
+       ovs_notify(&dp_vport_genl_family, &ovs_dp_vport_multicast_group, reply, info);
+       return 0;
  
-exit_unlock:
-       rtnl_unlock();
-exit:
+exit_unlock_free:
+       ovs_unlock();
+       kfree_skb(reply);
         return err;
  }
  
@@ -2027,53 +2015,47 @@ static int ovs_vport_cmd_set(struct sk_buff *skb, struct genl_info *info)
         struct vport *vport;
         int err;
  
-       err = ovs_vport_cmd_validate(a);
-       if (err)
-               goto exit;
+       reply = ovs_vport_cmd_alloc_info();
+       if (!reply)
+               return -ENOMEM;
  
-       rtnl_lock();
+       ovs_lock();
         vport = lookup_vport(sock_net(skb->sk), info->userhdr, a);
         err = PTR_ERR(vport);
         if (IS_ERR(vport))
-               goto exit_unlock;
+               goto exit_unlock_free;
  
-       err = 0;
         if (a[OVS_VPORT_ATTR_TYPE] &&
-           nla_get_u32(a[OVS_VPORT_ATTR_TYPE]) != vport->ops->type)
+           nla_get_u32(a[OVS_VPORT_ATTR_TYPE]) != vport->ops->type) {
                 err = -EINVAL;
-
-       reply = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
-       if (!reply) {
-               err = -ENOMEM;
-               goto exit_unlock;
+               goto exit_unlock_free;
         }
  
-       if (!err && a[OVS_VPORT_ATTR_OPTIONS])
+       if (a[OVS_VPORT_ATTR_OPTIONS]) {
                 err = ovs_vport_set_options(vport, a[OVS_VPORT_ATTR_OPTIONS]);
-       if (err)
-               goto exit_free;
+               if (err)
+                       goto exit_unlock_free;
+       }
  
-       if (a[OVS_VPORT_ATTR_STATS])
-               ovs_vport_set_stats(vport, nla_data(a[OVS_VPORT_ATTR_STATS]));
+       if (a[OVS_VPORT_ATTR_UPCALL_PID]) {
+               struct nlattr *ids = a[OVS_VPORT_ATTR_UPCALL_PID];
  
-       if (a[OVS_VPORT_ATTR_UPCALL_PID])
-               vport->upcall_portid = nla_get_u32(a[OVS_VPORT_ATTR_UPCALL_PID]);
+               err = ovs_vport_set_upcall_portids(vport, ids);
+               if (err)
+                       goto exit_unlock_free;
+       }
  
         err = ovs_vport_cmd_fill_info(vport, reply, info->snd_portid,
                                       info->snd_seq, 0, OVS_VPORT_CMD_NEW);
         BUG_ON(err < 0);
+       ovs_unlock();
  
-       genl_notify(reply, genl_info_net(info), info->snd_portid,
-                   ovs_dp_vport_multicast_group.id, info->nlhdr, GFP_KERNEL);
-
-       rtnl_unlock();
+       ovs_notify(&dp_vport_genl_family, &ovs_dp_vport_multicast_group, reply, info);
         return 0;
  
-exit_free:
+exit_unlock_free:
+       ovs_unlock();
         kfree_skb(reply);
-exit_unlock:
-       rtnl_unlock();
-exit:
         return err;
  }
  
@@ -2084,36 +2066,33 @@ static int ovs_vport_cmd_del(struct sk_buff *skb, struct genl_info *info)
         struct vport *vport;
         int err;
  
-       err = ovs_vport_cmd_validate(a);
-       if (err)
-               goto exit;
+       reply = ovs_vport_cmd_alloc_info();
+       if (!reply)
+               return -ENOMEM;
  
-       rtnl_lock();
+       ovs_lock();
         vport = lookup_vport(sock_net(skb->sk), info->userhdr, a);
         err = PTR_ERR(vport);
         if (IS_ERR(vport))
-               goto exit_unlock;
+               goto exit_unlock_free;
  
         if (vport->port_no == OVSP_LOCAL) {
                 err = -EINVAL;
-               goto exit_unlock;
+               goto exit_unlock_free;
         }
  
-       reply = ovs_vport_cmd_build_info(vport, info->snd_portid,
-                                        info->snd_seq, OVS_VPORT_CMD_DEL);
-       err = PTR_ERR(reply);
-       if (IS_ERR(reply))
-               goto exit_unlock;
-
-       err = 0;
+       err = ovs_vport_cmd_fill_info(vport, reply, info->snd_portid,
+                                     info->snd_seq, 0, OVS_VPORT_CMD_DEL);
+       BUG_ON(err < 0);
         ovs_dp_detach_port(vport);
+       ovs_unlock();
  
-       genl_notify(reply, genl_info_net(info), info->snd_portid,
-                   ovs_dp_vport_multicast_group.id, info->nlhdr, GFP_KERNEL);
+       ovs_notify(&dp_vport_genl_family, &ovs_dp_vport_multicast_group, reply, info);
+       return 0;
  
-exit_unlock:
-       rtnl_unlock();
-exit:
+exit_unlock_free:
+       ovs_unlock();
+       kfree_skb(reply);
         return err;
  }
  
@@ -2125,29 +2104,25 @@ static int ovs_vport_cmd_get(struct sk_buff *skb, struct genl_info *info)
         struct vport *vport;
         int err;
  
-       err = ovs_vport_cmd_validate(a);
-       if (err)
-               goto exit;
+       reply = ovs_vport_cmd_alloc_info();
+       if (!reply)
+               return -ENOMEM;
  
         rcu_read_lock();
         vport = lookup_vport(sock_net(skb->sk), ovs_header, a);
         err = PTR_ERR(vport);
         if (IS_ERR(vport))
-               goto exit_unlock;
-
-       reply = ovs_vport_cmd_build_info(vport, info->snd_portid,
-                                        info->snd_seq, OVS_VPORT_CMD_NEW);
-       err = PTR_ERR(reply);
-       if (IS_ERR(reply))
-               goto exit_unlock;
-
+               goto exit_unlock_free;
+       err = ovs_vport_cmd_fill_info(vport, reply, info->snd_portid,
+                                     info->snd_seq, 0, OVS_VPORT_CMD_NEW);
+       BUG_ON(err < 0);
         rcu_read_unlock();
  
         return genlmsg_reply(reply, info);
  
-exit_unlock:
+exit_unlock_free:
         rcu_read_unlock();
-exit:
+       kfree_skb(reply);
         return err;
  }
  
@@ -2158,11 +2133,12 @@ static int ovs_vport_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
         int bucket = cb->args[0], skip = cb->args[1];
         int i, j = 0;
  
-       dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
-       if (!dp)
-               return -ENODEV;
-
         rcu_read_lock();
+       dp = get_dp_rcu(sock_net(skb->sk), ovs_header->dp_ifindex);
+       if (!dp) {
+               rcu_read_unlock();
+               return -ENODEV;
+       }
         for (i = bucket; i < DP_VPORT_HASH_BUCKETS; i++) {
                 struct vport *vport;
  
@@ -2189,6 +2165,15 @@ out:
         return skb->len;
  }
  
+static const struct nla_policy vport_policy[OVS_VPORT_ATTR_MAX + 1] = {
+       [OVS_VPORT_ATTR_NAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
+       [OVS_VPORT_ATTR_STATS] = { .len = sizeof(struct ovs_vport_stats) },
+       [OVS_VPORT_ATTR_PORT_NO] = { .type = NLA_U32 },
+       [OVS_VPORT_ATTR_TYPE] = { .type = NLA_U32 },
+       [OVS_VPORT_ATTR_UPCALL_PID] = { .type = NLA_U32 },
+       [OVS_VPORT_ATTR_OPTIONS] = { .type = NLA_NESTED },
+};
+
  static struct genl_ops dp_vport_genl_ops[] = {
         { .cmd = OVS_VPORT_CMD_NEW,
           .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
@@ -2213,26 +2198,25 @@ static struct genl_ops dp_vport_genl_ops[] = {
         },
  };
  
-struct genl_family_and_ops {
-       struct genl_family *family;
-       struct genl_ops *ops;
-       int n_ops;
-       struct genl_multicast_group *group;
+struct genl_family dp_vport_genl_family = {
+       .id = GENL_ID_GENERATE,
+       .hdrsize = sizeof(struct ovs_header),
+       .name = OVS_VPORT_FAMILY,
+       .version = OVS_VPORT_VERSION,
+       .maxattr = OVS_VPORT_ATTR_MAX,
+       .netnsok = true,
+       .parallel_ops = true,
+       .ops = dp_vport_genl_ops,
+       .n_ops = ARRAY_SIZE(dp_vport_genl_ops),
+       .mcgrps = &ovs_dp_vport_multicast_group,
+       .n_mcgrps = 1,
  };
  
-static const struct genl_family_and_ops dp_genl_families[] = {
-       { &dp_datapath_genl_family,
-         dp_datapath_genl_ops, ARRAY_SIZE(dp_datapath_genl_ops),
-         &ovs_dp_datapath_multicast_group },
-       { &dp_vport_genl_family,
-         dp_vport_genl_ops, ARRAY_SIZE(dp_vport_genl_ops),
-         &ovs_dp_vport_multicast_group },
-       { &dp_flow_genl_family,
-         dp_flow_genl_ops, ARRAY_SIZE(dp_flow_genl_ops),
-         &ovs_dp_flow_multicast_group },
-       { &dp_packet_genl_family,
-         dp_packet_genl_ops, ARRAY_SIZE(dp_packet_genl_ops),
-         NULL },
+static struct genl_family *dp_genl_families[] = {
+       &dp_datapath_genl_family,
+       &dp_vport_genl_family,
+       &dp_flow_genl_family,
+       &dp_packet_genl_family,
  };
  
  static void dp_unregister_genl(int n_families)
@@ -2240,93 +2224,89 @@ static void dp_unregister_genl(int n_families)
         int i;
  
         for (i = 0; i < n_families; i++)
-               genl_unregister_family(dp_genl_families[i].family);
+               genl_unregister_family(dp_genl_families[i]);
  }
  
  static int dp_register_genl(void)
  {
-       int n_registered;
         int err;
         int i;
  
-       n_registered = 0;
         for (i = 0; i < ARRAY_SIZE(dp_genl_families); i++) {
-               const struct genl_family_and_ops *f = &dp_genl_families[i];
  
-               err = genl_register_family_with_ops(f->family, f->ops,
-                                                   f->n_ops);
+               err = genl_register_family(dp_genl_families[i]);
                 if (err)
                         goto error;
-               n_registered++;
-
-               if (f->group) {
-                       err = genl_register_mc_group(f->family, f->group);
-                       if (err)
-                               goto error;
-               }
         }
  
         return 0;
  
  error:
-       dp_unregister_genl(n_registered);
+       dp_unregister_genl(i);
         return err;
  }
  
-static int __rehash_flow_table(void *dummy)
+static int __net_init ovs_init_net(struct net *net)
+{
+       struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
+
+       INIT_LIST_HEAD(&ovs_net->dps);
+       INIT_WORK(&ovs_net->dp_notify_work, ovs_dp_notify_wq);
+       ovs_ct_init(net);
+       return 0;
+}
+
+static void __net_exit list_vports_from_net(struct net *net, struct net *dnet,
+                                           struct list_head *head)
  {
+       struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
         struct datapath *dp;
-       struct net *net;
  
-       rtnl_lock();
-       for_each_net(net) {
-               struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
+       list_for_each_entry(dp, &ovs_net->dps, list_node) {
+               int i;
+
+               for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++) {
+                       struct vport *vport;
  
-               list_for_each_entry(dp, &ovs_net->dps, list_node) {
-                       struct flow_table *old_table = genl_dereference(dp->table);
-                       struct flow_table *new_table;
+                       hlist_for_each_entry(vport, &dp->ports[i], dp_hash_node) {
  
-                       new_table = ovs_flow_tbl_rehash(old_table);
-                       if (!IS_ERR(new_table)) {
-                               rcu_assign_pointer(dp->table, new_table);
-                               ovs_flow_tbl_deferred_destroy(old_table);
+                               if (vport->ops->type != OVS_VPORT_TYPE_INTERNAL)
+                                       continue;
+
+                               if (dev_net(vport->dev) == dnet)
+                                       list_add(&vport->detach_list, head);
                         }
                 }
         }
-       rtnl_unlock();
-       return 0;
-}
-
-static void rehash_flow_table(struct work_struct *work)
-{
-       genl_exec(__rehash_flow_table, NULL);
-       schedule_delayed_work(&rehash_flow_wq, REHASH_FLOW_INTERVAL);
  }
  
-static int dp_destroy_all(void *data)
+static void __net_exit ovs_exit_net(struct net *dnet)
  {
         struct datapath *dp, *dp_next;
-       struct ovs_net *ovs_net = data;
+       struct ovs_net *ovs_net = net_generic(dnet, ovs_net_id);
+       struct vport *vport, *vport_next;
+       struct net *net;
+       LIST_HEAD(head);
  
+       ovs_ct_exit(dnet);
+       ovs_lock();
         list_for_each_entry_safe(dp, dp_next, &ovs_net->dps, list_node)
                 __dp_destroy(dp);
  
-       return 0;
-}
-
-static int __net_init ovs_init_net(struct net *net)
-{
-       struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
+       rtnl_lock();
+       for_each_net(net)
+               list_vports_from_net(net, dnet, &head);
+       rtnl_unlock();
  
-       INIT_LIST_HEAD(&ovs_net->dps);
-       return 0;
-}
+       /* Detach all vports from given namespace. */
+       list_for_each_entry_safe(vport, vport_next, &head, detach_list) {
+               list_del(&vport->detach_list);
+               ovs_dp_detach_port(vport);
+       }
  
-static void __net_exit ovs_exit_net(struct net *net)
-{
-       struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
+       ovs_unlock();
  
-       genl_exec(dp_destroy_all, ovs_net);
+       cancel_work_sync(&ovs_net->dp_notify_work);
  }
  
  static struct pernet_operations ovs_net_ops = {
@@ -2336,26 +2316,31 @@ static struct pernet_operations ovs_net_ops = {
         .size = sizeof(struct ovs_net),
  };
  
+DEFINE_COMPAT_PNET_REG_FUNC(device);
+
  static int __init dp_init(void)
  {
         int err;
  
         BUILD_BUG_ON(sizeof(struct ovs_skb_cb) > FIELD_SIZEOF(struct sk_buff, cb));
  
-       pr_info("Open vSwitch switching datapath %s, built "__DATE__" "__TIME__"\n",
-               VERSION);
+       pr_info("Open vSwitch switching datapath %s\n", VERSION);
  
-       err = genl_exec_init();
+       err = compat_init();
         if (err)
                 goto error;
  
-       err = ovs_workqueues_init();
+       err = action_fifos_init();
+       if (err)
+               goto error_compat_exit;
+
+       err = ovs_internal_dev_rtnl_link_register();
         if (err)
-               goto error_genl_exec;
+               goto error_action_fifos_exit;
  
         err = ovs_flow_init();
         if (err)
-               goto error_wq;
+               goto error_unreg_rtnl_link;
  
         err = ovs_vport_init();
         if (err)
@@ -2369,14 +2354,18 @@ static int __init dp_init(void)
         if (err)
                 goto error_netns_exit;
  
-       err = dp_register_genl();
-       if (err < 0)
+       err = ovs_netdev_init();
+       if (err)
                 goto error_unreg_notifier;
  
-       schedule_delayed_work(&rehash_flow_wq, REHASH_FLOW_INTERVAL);
+       err = dp_register_genl();
+       if (err < 0)
+               goto error_unreg_netdev;
  
         return 0;
  
+error_unreg_netdev:
+       ovs_netdev_exit();
  error_unreg_notifier:
         unregister_netdevice_notifier(&ovs_dp_device_notifier);
  error_netns_exit:
@@ -2385,25 +2374,28 @@ error_vport_exit:
         ovs_vport_exit();
  error_flow_exit:
         ovs_flow_exit();
-error_wq:
-       ovs_workqueues_exit();
-error_genl_exec:
-       genl_exec_exit();
+error_unreg_rtnl_link:
+       ovs_internal_dev_rtnl_link_unregister();
+error_action_fifos_exit:
+       action_fifos_exit();
+error_compat_exit:
+       compat_exit();
  error:
         return err;
  }
  
  static void dp_cleanup(void)
  {
-       cancel_delayed_work_sync(&rehash_flow_wq);
         dp_unregister_genl(ARRAY_SIZE(dp_genl_families));
+       ovs_netdev_exit();
         unregister_netdevice_notifier(&ovs_dp_device_notifier);
         unregister_pernet_device(&ovs_net_ops);
         rcu_barrier();
         ovs_vport_exit();
         ovs_flow_exit();
-       ovs_workqueues_exit();
-       genl_exec_exit();
+       ovs_internal_dev_rtnl_link_unregister();
+       action_fifos_exit();
+       compat_exit();
  }
  
  module_init(dp_init);