/*
- * Copyright (c) 2010 Nicira Networks.
+ * Copyright (c) 2010, 2011, 2012, 2013, 2014 Nicira, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <errno.h>
#include <fcntl.h>
+#include <sys/socket.h>
#include <net/if.h>
#include <sys/ioctl.h>
#include "byte-order.h"
+#include "csum.h"
+#include "daemon.h"
+#include "dirs.h"
+#include "dpif.h"
+#include "dp-packet.h"
+#include "dynamic-string.h"
+#include "flow.h"
+#include "hash.h"
+#include "hmap.h"
#include "list.h"
#include "netdev-provider.h"
-#include "openvswitch/datapath-protocol.h"
-#include "openvswitch/tunnel.h"
+#include "odp-netlink.h"
+#include "dp-packet.h"
+#include "ovs-router.h"
#include "packets.h"
+#include "poll-loop.h"
+#include "route-table.h"
#include "shash.h"
#include "socket-util.h"
-#include "vlog.h"
+#include "openvswitch/vlog.h"
+#include "unaligned.h"
+#include "unixctl.h"
+#include "util.h"
VLOG_DEFINE_THIS_MODULE(netdev_vport);
+static struct vlog_rate_limit err_rl = VLOG_RATE_LIMIT_INIT(60, 5);
-struct netdev_vport_notifier {
- struct netdev_notifier notifier;
- struct list list_node;
- struct shash_node *shash_node;
-};
+#define GENEVE_DST_PORT 6081
+#define VXLAN_DST_PORT 4789
+#define LISP_DST_PORT 4341
+#define STT_DST_PORT 7471
-struct netdev_dev_vport {
- struct netdev_dev netdev_dev;
- uint64_t config[VPORT_CONFIG_SIZE / 8];
-};
+#define VXLAN_HLEN (sizeof(struct eth_header) + \
+ sizeof(struct ip_header) + \
+ sizeof(struct udp_header) + \
+ sizeof(struct vxlanhdr))
+
+#define GENEVE_BASE_HLEN (sizeof(struct eth_header) + \
+ sizeof(struct ip_header) + \
+ sizeof(struct udp_header) + \
+ sizeof(struct genevehdr))
+
+#define DEFAULT_TTL 64
struct netdev_vport {
- struct netdev netdev;
+ struct netdev up;
+
+ /* Protects all members below. */
+ struct ovs_mutex mutex;
+
+ uint8_t etheraddr[ETH_ADDR_LEN];
+ struct netdev_stats stats;
+
+ /* Tunnels. */
+ struct netdev_tunnel_config tnl_cfg;
+ char egress_iface[IFNAMSIZ];
+ bool carrier_status;
+
+ /* Patch Ports. */
+ char *peer;
};
struct vport_class {
+ const char *dpif_port;
struct netdev_class netdev_class;
- int (*parse_config)(const struct netdev_dev *, const struct shash *args,
- void *config);
};
-static struct shash netdev_vport_notifiers =
- SHASH_INITIALIZER(&netdev_vport_notifiers);
+/* Last read of the route-table's change number. */
+static uint64_t rt_change_seqno;
-static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20);
+static int netdev_vport_construct(struct netdev *);
+static int get_patch_config(const struct netdev *netdev, struct smap *args);
+static int get_tunnel_config(const struct netdev *, struct smap *args);
+static bool tunnel_check_status_change__(struct netdev_vport *);
-static int netdev_vport_do_ioctl(int cmd, void *arg);
-static int netdev_vport_create(const struct netdev_class *, const char *,
- const struct shash *, struct netdev_dev **);
-static void netdev_vport_poll_notify(const struct netdev *);
+static uint16_t tnl_udp_port_min = 32768;
+static uint16_t tnl_udp_port_max = 61000;
static bool
is_vport_class(const struct netdev_class *class)
{
- return class->create == netdev_vport_create;
+ return class->construct == netdev_vport_construct;
+}
+
+bool
+netdev_vport_is_vport_class(const struct netdev_class *class)
+{
+ return is_vport_class(class);
}
static const struct vport_class *
vport_class_cast(const struct netdev_class *class)
{
- assert(is_vport_class(class));
+ ovs_assert(is_vport_class(class));
return CONTAINER_OF(class, struct vport_class, netdev_class);
}
-static struct netdev_dev_vport *
-netdev_dev_vport_cast(const struct netdev_dev *netdev_dev)
+static struct netdev_vport *
+netdev_vport_cast(const struct netdev *netdev)
+{
+ ovs_assert(is_vport_class(netdev_get_class(netdev)));
+ return CONTAINER_OF(netdev, struct netdev_vport, up);
+}
+
+static const struct netdev_tunnel_config *
+get_netdev_tunnel_config(const struct netdev *netdev)
{
- assert(is_vport_class(netdev_dev_get_class(netdev_dev)));
- return CONTAINER_OF(netdev_dev, struct netdev_dev_vport, netdev_dev);
+ return &netdev_vport_cast(netdev)->tnl_cfg;
}
-static struct netdev_vport *
-netdev_vport_cast(const struct netdev *netdev)
+bool
+netdev_vport_is_patch(const struct netdev *netdev)
{
- struct netdev_dev *netdev_dev = netdev_get_dev(netdev);
- assert(is_vport_class(netdev_dev_get_class(netdev_dev)));
- return CONTAINER_OF(netdev, struct netdev_vport, netdev);
+ const struct netdev_class *class = netdev_get_class(netdev);
+
+ return class->get_config == get_patch_config;
}
-/* If 'netdev' is a vport netdev, copies its kernel configuration into
- * 'config'. Otherwise leaves 'config' untouched. */
-void
-netdev_vport_get_config(const struct netdev *netdev, void *config)
+bool
+netdev_vport_is_layer3(const struct netdev *dev)
{
- const struct netdev_dev *dev = netdev_get_dev(netdev);
+ const char *type = netdev_get_type(dev);
- if (is_vport_class(netdev_dev_get_class(dev))) {
- const struct netdev_dev_vport *vport = netdev_dev_vport_cast(dev);
- memcpy(config, vport->config, VPORT_CONFIG_SIZE);
- }
+ return (!strcmp("lisp", type));
}
-static int
-netdev_vport_create(const struct netdev_class *netdev_class, const char *name,
- const struct shash *args,
- struct netdev_dev **netdev_devp)
+static bool
+netdev_vport_needs_dst_port(const struct netdev *dev)
+{
+ const struct netdev_class *class = netdev_get_class(dev);
+ const char *type = netdev_get_type(dev);
+
+ return (class->get_config == get_tunnel_config &&
+ (!strcmp("geneve", type) || !strcmp("vxlan", type) ||
+ !strcmp("lisp", type) || !strcmp("stt", type)) );
+}
+
+const char *
+netdev_vport_class_get_dpif_port(const struct netdev_class *class)
{
- const struct vport_class *vport_class = vport_class_cast(netdev_class);
- struct netdev_dev_vport *dev;
- int error;
+ return is_vport_class(class) ? vport_class_cast(class)->dpif_port : NULL;
+}
- dev = xmalloc(sizeof *dev);
- *netdev_devp = &dev->netdev_dev;
- netdev_dev_init(&dev->netdev_dev, name, netdev_class);
+const char *
+netdev_vport_get_dpif_port(const struct netdev *netdev,
+ char namebuf[], size_t bufsize)
+{
+ const struct netdev_class *class = netdev_get_class(netdev);
+ const char *dpif_port = netdev_vport_class_get_dpif_port(class);
- memset(dev->config, 0, sizeof dev->config);
- error = vport_class->parse_config(&dev->netdev_dev, args, dev->config);
+ if (!dpif_port) {
+ return netdev_get_name(netdev);
+ }
- if (error) {
- netdev_dev_uninit(&dev->netdev_dev, true);
+ if (netdev_vport_needs_dst_port(netdev)) {
+ const struct netdev_vport *vport = netdev_vport_cast(netdev);
+
+ /*
+ * Note: IFNAMSIZ is 16 bytes long. Implementations should choose
+ * a dpif port name that is short enough to fit including any
+ * port numbers but assert just in case.
+ */
+ BUILD_ASSERT(NETDEV_VPORT_NAME_BUFSIZE >= IFNAMSIZ);
+ ovs_assert(strlen(dpif_port) + 6 < IFNAMSIZ);
+ snprintf(namebuf, bufsize, "%s_%d", dpif_port,
+ ntohs(vport->tnl_cfg.dst_port));
+ return namebuf;
+ } else {
+ return dpif_port;
}
- return error;
}
+char *
+netdev_vport_get_dpif_port_strdup(const struct netdev *netdev)
+{
+ char namebuf[NETDEV_VPORT_NAME_BUFSIZE];
+
+ return xstrdup(netdev_vport_get_dpif_port(netdev, namebuf,
+ sizeof namebuf));
+}
+
+/* Whenever the route-table change number is incremented,
+ * netdev_vport_route_changed() should be called to update
+ * the corresponding tunnel interface status. */
static void
-netdev_vport_destroy(struct netdev_dev *netdev_dev_)
+netdev_vport_route_changed(void)
{
- struct netdev_dev_vport *netdev_dev = netdev_dev_vport_cast(netdev_dev_);
+ struct netdev **vports;
+ size_t i, n_vports;
+
+ vports = netdev_get_vports(&n_vports);
+ for (i = 0; i < n_vports; i++) {
+ struct netdev *netdev_ = vports[i];
+ struct netdev_vport *netdev = netdev_vport_cast(netdev_);
+
+ ovs_mutex_lock(&netdev->mutex);
+ /* Finds all tunnel vports. */
+ if (netdev->tnl_cfg.ip_dst) {
+ if (tunnel_check_status_change__(netdev)) {
+ netdev_change_seq_changed(netdev_);
+ }
+ }
+ ovs_mutex_unlock(&netdev->mutex);
+
+ netdev_close(netdev_);
+ }
- free(netdev_dev);
+ free(vports);
}
-static int
-netdev_vport_open(struct netdev_dev *netdev_dev_, int ethertype OVS_UNUSED,
- struct netdev **netdevp)
+static struct netdev *
+netdev_vport_alloc(void)
{
- struct netdev_vport *netdev;
+ struct netdev_vport *netdev = xzalloc(sizeof *netdev);
+ return &netdev->up;
+}
- netdev = xmalloc(sizeof *netdev);
- netdev_init(&netdev->netdev, netdev_dev_);
+static int
+netdev_vport_construct(struct netdev *netdev_)
+{
+ struct netdev_vport *dev = netdev_vport_cast(netdev_);
+ const char *type = netdev_get_type(netdev_);
+
+ ovs_mutex_init(&dev->mutex);
+ eth_addr_random(dev->etheraddr);
+
+ /* Add a default destination port for tunnel ports if none specified. */
+ if (!strcmp(type, "geneve")) {
+ dev->tnl_cfg.dst_port = htons(GENEVE_DST_PORT);
+ } else if (!strcmp(type, "vxlan")) {
+ dev->tnl_cfg.dst_port = htons(VXLAN_DST_PORT);
+ } else if (!strcmp(type, "lisp")) {
+ dev->tnl_cfg.dst_port = htons(LISP_DST_PORT);
+ } else if (!strcmp(type, "stt")) {
+ dev->tnl_cfg.dst_port = htons(STT_DST_PORT);
+ }
- *netdevp = &netdev->netdev;
+ dev->tnl_cfg.dont_fragment = true;
+ dev->tnl_cfg.ttl = DEFAULT_TTL;
return 0;
}
static void
-netdev_vport_close(struct netdev *netdev_)
+netdev_vport_destruct(struct netdev *netdev_)
+{
+ struct netdev_vport *netdev = netdev_vport_cast(netdev_);
+
+ free(netdev->peer);
+ ovs_mutex_destroy(&netdev->mutex);
+}
+
+static void
+netdev_vport_dealloc(struct netdev *netdev_)
{
struct netdev_vport *netdev = netdev_vport_cast(netdev_);
free(netdev);
}
static int
-netdev_vport_reconfigure(struct netdev_dev *dev_,
- const struct shash *args)
-{
- const struct netdev_class *netdev_class = netdev_dev_get_class(dev_);
- const struct vport_class *vport_class = vport_class_cast(netdev_class);
- struct netdev_dev_vport *dev = netdev_dev_vport_cast(dev_);
- struct odp_port port;
- int error;
-
- memset(&port, 0, sizeof port);
- strncpy(port.devname, netdev_dev_get_name(dev_), sizeof port.devname);
- strncpy(port.type, netdev_dev_get_type(dev_), sizeof port.type);
- error = vport_class->parse_config(dev_, args, port.config);
- if (!error && memcmp(port.config, dev->config, sizeof dev->config)) {
- error = netdev_vport_do_ioctl(ODP_VPORT_MOD, &port);
- if (!error || error == ENODEV) {
- /* Either reconfiguration succeeded or this vport is not installed
- * in the kernel (e.g. it hasn't been added to a dpif yet with
- * dpif_port_add()). */
- memcpy(dev->config, port.config, sizeof dev->config);
+netdev_vport_set_etheraddr(struct netdev *netdev_,
+ const uint8_t mac[ETH_ADDR_LEN])
+{
+ struct netdev_vport *netdev = netdev_vport_cast(netdev_);
+
+ ovs_mutex_lock(&netdev->mutex);
+ memcpy(netdev->etheraddr, mac, ETH_ADDR_LEN);
+ ovs_mutex_unlock(&netdev->mutex);
+ netdev_change_seq_changed(netdev_);
+
+ return 0;
+}
+
+static int
+netdev_vport_get_etheraddr(const struct netdev *netdev_,
+ uint8_t mac[ETH_ADDR_LEN])
+{
+ struct netdev_vport *netdev = netdev_vport_cast(netdev_);
+
+ ovs_mutex_lock(&netdev->mutex);
+ memcpy(mac, netdev->etheraddr, ETH_ADDR_LEN);
+ ovs_mutex_unlock(&netdev->mutex);
+
+ return 0;
+}
+
+/* Checks if the tunnel status has changed and returns a boolean.
+ * Updates the tunnel status if it has changed. */
+static bool
+tunnel_check_status_change__(struct netdev_vport *netdev)
+ OVS_REQUIRES(netdev->mutex)
+{
+ char iface[IFNAMSIZ];
+ bool status = false;
+ ovs_be32 route;
+ ovs_be32 gw;
+
+ iface[0] = '\0';
+ route = netdev->tnl_cfg.ip_dst;
+ if (ovs_router_lookup(route, iface, &gw)) {
+ struct netdev *egress_netdev;
+
+ if (!netdev_open(iface, "system", &egress_netdev)) {
+ status = netdev_get_carrier(egress_netdev);
+ netdev_close(egress_netdev);
}
}
- return error;
+
+ if (strcmp(netdev->egress_iface, iface)
+ || netdev->carrier_status != status) {
+ ovs_strlcpy(netdev->egress_iface, iface, IFNAMSIZ);
+ netdev->carrier_status = status;
+
+ return true;
+ }
+
+ return false;
}
static int
-netdev_vport_set_etheraddr(struct netdev *netdev,
- const uint8_t mac[ETH_ADDR_LEN])
+tunnel_get_status(const struct netdev *netdev_, struct smap *smap)
{
- struct odp_vport_ether vport_ether;
- int err;
+ struct netdev_vport *netdev = netdev_vport_cast(netdev_);
- ovs_strlcpy(vport_ether.devname, netdev_get_name(netdev),
- sizeof vport_ether.devname);
+ if (netdev->egress_iface[0]) {
+ smap_add(smap, "tunnel_egress_iface", netdev->egress_iface);
- memcpy(vport_ether.ether_addr, mac, ETH_ADDR_LEN);
+ smap_add(smap, "tunnel_egress_iface_carrier",
+ netdev->carrier_status ? "up" : "down");
+ }
- err = netdev_vport_do_ioctl(ODP_VPORT_ETHER_SET, &vport_ether);
- if (err) {
- return err;
+ return 0;
+}
+
+static int
+netdev_vport_update_flags(struct netdev *netdev OVS_UNUSED,
+ enum netdev_flags off,
+ enum netdev_flags on OVS_UNUSED,
+ enum netdev_flags *old_flagsp)
+{
+ if (off & (NETDEV_UP | NETDEV_PROMISC)) {
+ return EOPNOTSUPP;
}
- netdev_vport_poll_notify(netdev);
+ *old_flagsp = NETDEV_UP | NETDEV_PROMISC;
return 0;
}
+static void
+netdev_vport_run(void)
+{
+ uint64_t seq;
+
+ route_table_run();
+ seq = route_table_get_change_seq();
+ if (rt_change_seqno != seq) {
+ rt_change_seqno = seq;
+ netdev_vport_route_changed();
+ }
+}
+
+static void
+netdev_vport_wait(void)
+{
+ uint64_t seq;
+
+ route_table_wait();
+ seq = route_table_get_change_seq();
+ if (rt_change_seqno != seq) {
+ poll_immediate_wake();
+ }
+}
+\f
+/* Code specific to tunnel types. */
+
+static ovs_be64
+parse_key(const struct smap *args, const char *name,
+ bool *present, bool *flow)
+{
+ const char *s;
+
+ *present = false;
+ *flow = false;
+
+ s = smap_get(args, name);
+ if (!s) {
+ s = smap_get(args, "key");
+ if (!s) {
+ return 0;
+ }
+ }
+
+ *present = true;
+
+ if (!strcmp(s, "flow")) {
+ *flow = true;
+ return 0;
+ } else {
+ return htonll(strtoull(s, NULL, 0));
+ }
+}
+
static int
-netdev_vport_get_etheraddr(const struct netdev *netdev,
- uint8_t mac[ETH_ADDR_LEN])
+set_tunnel_config(struct netdev *dev_, const struct smap *args)
{
- struct odp_vport_ether vport_ether;
- int err;
+ struct netdev_vport *dev = netdev_vport_cast(dev_);
+ const char *name = netdev_get_name(dev_);
+ const char *type = netdev_get_type(dev_);
+ bool ipsec_mech_set, needs_dst_port, has_csum;
+ struct netdev_tunnel_config tnl_cfg;
+ struct smap_node *node;
+
+ has_csum = strstr(type, "gre") || strstr(type, "geneve") ||
+ strstr(type, "stt") || strstr(type, "vxlan");
+ ipsec_mech_set = false;
+ memset(&tnl_cfg, 0, sizeof tnl_cfg);
+
+ /* Add a default destination port for tunnel ports if none specified. */
+ if (!strcmp(type, "geneve")) {
+ tnl_cfg.dst_port = htons(GENEVE_DST_PORT);
+ }
- ovs_strlcpy(vport_ether.devname, netdev_get_name(netdev),
- sizeof vport_ether.devname);
+ if (!strcmp(type, "vxlan")) {
+ tnl_cfg.dst_port = htons(VXLAN_DST_PORT);
+ }
- err = netdev_vport_do_ioctl(ODP_VPORT_ETHER_GET, &vport_ether);
- if (err) {
- return err;
+ if (!strcmp(type, "lisp")) {
+ tnl_cfg.dst_port = htons(LISP_DST_PORT);
+ }
+
+ if (!strcmp(type, "stt")) {
+ tnl_cfg.dst_port = htons(STT_DST_PORT);
+ }
+
+ needs_dst_port = netdev_vport_needs_dst_port(dev_);
+ tnl_cfg.ipsec = strstr(type, "ipsec");
+ tnl_cfg.dont_fragment = true;
+
+ SMAP_FOR_EACH (node, args) {
+ if (!strcmp(node->key, "remote_ip")) {
+ struct in_addr in_addr;
+ if (!strcmp(node->value, "flow")) {
+ tnl_cfg.ip_dst_flow = true;
+ tnl_cfg.ip_dst = htonl(0);
+ } else if (lookup_ip(node->value, &in_addr)) {
+ VLOG_WARN("%s: bad %s 'remote_ip'", name, type);
+ } else if (ip_is_multicast(in_addr.s_addr)) {
+ VLOG_WARN("%s: multicast remote_ip="IP_FMT" not allowed",
+ name, IP_ARGS(in_addr.s_addr));
+ return EINVAL;
+ } else {
+ tnl_cfg.ip_dst = in_addr.s_addr;
+ }
+ } else if (!strcmp(node->key, "local_ip")) {
+ struct in_addr in_addr;
+ if (!strcmp(node->value, "flow")) {
+ tnl_cfg.ip_src_flow = true;
+ tnl_cfg.ip_src = htonl(0);
+ } else if (lookup_ip(node->value, &in_addr)) {
+ VLOG_WARN("%s: bad %s 'local_ip'", name, type);
+ } else {
+ tnl_cfg.ip_src = in_addr.s_addr;
+ }
+ } else if (!strcmp(node->key, "tos")) {
+ if (!strcmp(node->value, "inherit")) {
+ tnl_cfg.tos_inherit = true;
+ } else {
+ char *endptr;
+ int tos;
+ tos = strtol(node->value, &endptr, 0);
+ if (*endptr == '\0' && tos == (tos & IP_DSCP_MASK)) {
+ tnl_cfg.tos = tos;
+ } else {
+ VLOG_WARN("%s: invalid TOS %s", name, node->value);
+ }
+ }
+ } else if (!strcmp(node->key, "ttl")) {
+ if (!strcmp(node->value, "inherit")) {
+ tnl_cfg.ttl_inherit = true;
+ } else {
+ tnl_cfg.ttl = atoi(node->value);
+ }
+ } else if (!strcmp(node->key, "dst_port") && needs_dst_port) {
+ tnl_cfg.dst_port = htons(atoi(node->value));
+ } else if (!strcmp(node->key, "csum") && has_csum) {
+ if (!strcmp(node->value, "true")) {
+ tnl_cfg.csum = true;
+ }
+ } else if (!strcmp(node->key, "df_default")) {
+ if (!strcmp(node->value, "false")) {
+ tnl_cfg.dont_fragment = false;
+ }
+ } else if (!strcmp(node->key, "peer_cert") && tnl_cfg.ipsec) {
+ if (smap_get(args, "certificate")) {
+ ipsec_mech_set = true;
+ } else {
+ const char *use_ssl_cert;
+
+ /* If the "use_ssl_cert" is true, then "certificate" and
+ * "private_key" will be pulled from the SSL table. The
+ * use of this option is strongly discouraged, since it
+ * will like be removed when multiple SSL configurations
+ * are supported by OVS.
+ */
+ use_ssl_cert = smap_get(args, "use_ssl_cert");
+ if (!use_ssl_cert || strcmp(use_ssl_cert, "true")) {
+ VLOG_ERR("%s: 'peer_cert' requires 'certificate' argument",
+ name);
+ return EINVAL;
+ }
+ ipsec_mech_set = true;
+ }
+ } else if (!strcmp(node->key, "psk") && tnl_cfg.ipsec) {
+ ipsec_mech_set = true;
+ } else if (tnl_cfg.ipsec
+ && (!strcmp(node->key, "certificate")
+ || !strcmp(node->key, "private_key")
+ || !strcmp(node->key, "use_ssl_cert"))) {
+ /* Ignore options not used by the netdev. */
+ } else if (!strcmp(node->key, "key") ||
+ !strcmp(node->key, "in_key") ||
+ !strcmp(node->key, "out_key")) {
+ /* Handled separately below. */
+ } else if (!strcmp(node->key, "exts")) {
+ char *str = xstrdup(node->value);
+ char *ext, *save_ptr = NULL;
+
+ tnl_cfg.exts = 0;
+
+ ext = strtok_r(str, ",", &save_ptr);
+ while (ext) {
+ if (!strcmp(type, "vxlan") && !strcmp(ext, "gbp")) {
+ tnl_cfg.exts |= (1 << OVS_VXLAN_EXT_GBP);
+ } else {
+ VLOG_WARN("%s: unknown extension '%s'", name, ext);
+ }
+
+ ext = strtok_r(NULL, ",", &save_ptr);
+ }
+
+ free(str);
+ } else {
+ VLOG_WARN("%s: unknown %s argument '%s'", name, type, node->key);
+ }
}
- memcpy(mac, vport_ether.ether_addr, ETH_ADDR_LEN);
+ if (tnl_cfg.ipsec) {
+ static struct ovs_mutex mutex = OVS_MUTEX_INITIALIZER;
+ static pid_t pid = 0;
+
+#ifndef _WIN32
+ ovs_mutex_lock(&mutex);
+ if (pid <= 0) {
+ char *file_name = xasprintf("%s/%s", ovs_rundir(),
+ "ovs-monitor-ipsec.pid");
+ pid = read_pidfile(file_name);
+ free(file_name);
+ }
+ ovs_mutex_unlock(&mutex);
+#endif
+
+ if (pid < 0) {
+ VLOG_ERR("%s: IPsec requires the ovs-monitor-ipsec daemon",
+ name);
+ return EINVAL;
+ }
+
+ if (smap_get(args, "peer_cert") && smap_get(args, "psk")) {
+ VLOG_ERR("%s: cannot define both 'peer_cert' and 'psk'", name);
+ return EINVAL;
+ }
+
+ if (!ipsec_mech_set) {
+ VLOG_ERR("%s: IPsec requires an 'peer_cert' or psk' argument",
+ name);
+ return EINVAL;
+ }
+ }
+
+ if (!tnl_cfg.ip_dst && !tnl_cfg.ip_dst_flow) {
+ VLOG_ERR("%s: %s type requires valid 'remote_ip' argument",
+ name, type);
+ return EINVAL;
+ }
+ if (tnl_cfg.ip_src_flow && !tnl_cfg.ip_dst_flow) {
+ VLOG_ERR("%s: %s type requires 'remote_ip=flow' with 'local_ip=flow'",
+ name, type);
+ return EINVAL;
+ }
+ if (!tnl_cfg.ttl) {
+ tnl_cfg.ttl = DEFAULT_TTL;
+ }
+
+ tnl_cfg.in_key = parse_key(args, "in_key",
+ &tnl_cfg.in_key_present,
+ &tnl_cfg.in_key_flow);
+
+ tnl_cfg.out_key = parse_key(args, "out_key",
+ &tnl_cfg.out_key_present,
+ &tnl_cfg.out_key_flow);
+
+ ovs_mutex_lock(&dev->mutex);
+ if (memcmp(&dev->tnl_cfg, &tnl_cfg, sizeof tnl_cfg)) {
+ dev->tnl_cfg = tnl_cfg;
+ tunnel_check_status_change__(dev);
+ netdev_change_seq_changed(dev_);
+ }
+ ovs_mutex_unlock(&dev->mutex);
+
return 0;
}
static int
-netdev_vport_get_mtu(const struct netdev *netdev, int *mtup)
+get_tunnel_config(const struct netdev *dev, struct smap *args)
{
- struct odp_vport_mtu vport_mtu;
- int err;
+ struct netdev_vport *netdev = netdev_vport_cast(dev);
+ struct netdev_tunnel_config tnl_cfg;
- ovs_strlcpy(vport_mtu.devname, netdev_get_name(netdev),
- sizeof vport_mtu.devname);
+ ovs_mutex_lock(&netdev->mutex);
+ tnl_cfg = netdev->tnl_cfg;
+ ovs_mutex_unlock(&netdev->mutex);
- err = netdev_vport_do_ioctl(ODP_VPORT_MTU_GET, &vport_mtu);
- if (err) {
- return err;
+ if (tnl_cfg.ip_dst) {
+ smap_add_format(args, "remote_ip", IP_FMT, IP_ARGS(tnl_cfg.ip_dst));
+ } else if (tnl_cfg.ip_dst_flow) {
+ smap_add(args, "remote_ip", "flow");
+ }
+
+ if (tnl_cfg.ip_src) {
+ smap_add_format(args, "local_ip", IP_FMT, IP_ARGS(tnl_cfg.ip_src));
+ } else if (tnl_cfg.ip_src_flow) {
+ smap_add(args, "local_ip", "flow");
+ }
+
+ if (tnl_cfg.in_key_flow && tnl_cfg.out_key_flow) {
+ smap_add(args, "key", "flow");
+ } else if (tnl_cfg.in_key_present && tnl_cfg.out_key_present
+ && tnl_cfg.in_key == tnl_cfg.out_key) {
+ smap_add_format(args, "key", "%"PRIu64, ntohll(tnl_cfg.in_key));
+ } else {
+ if (tnl_cfg.in_key_flow) {
+ smap_add(args, "in_key", "flow");
+ } else if (tnl_cfg.in_key_present) {
+ smap_add_format(args, "in_key", "%"PRIu64,
+ ntohll(tnl_cfg.in_key));
+ }
+
+ if (tnl_cfg.out_key_flow) {
+ smap_add(args, "out_key", "flow");
+ } else if (tnl_cfg.out_key_present) {
+ smap_add_format(args, "out_key", "%"PRIu64,
+ ntohll(tnl_cfg.out_key));
+ }
+ }
+
+ if (tnl_cfg.ttl_inherit) {
+ smap_add(args, "ttl", "inherit");
+ } else if (tnl_cfg.ttl != DEFAULT_TTL) {
+ smap_add_format(args, "ttl", "%"PRIu8, tnl_cfg.ttl);
+ }
+
+ if (tnl_cfg.tos_inherit) {
+ smap_add(args, "tos", "inherit");
+ } else if (tnl_cfg.tos) {
+ smap_add_format(args, "tos", "0x%x", tnl_cfg.tos);
+ }
+
+ if (tnl_cfg.dst_port) {
+ uint16_t dst_port = ntohs(tnl_cfg.dst_port);
+ const char *type = netdev_get_type(dev);
+
+ if ((!strcmp("geneve", type) && dst_port != GENEVE_DST_PORT) ||
+ (!strcmp("vxlan", type) && dst_port != VXLAN_DST_PORT) ||
+ (!strcmp("lisp", type) && dst_port != LISP_DST_PORT) ||
+ (!strcmp("stt", type) && dst_port != STT_DST_PORT)) {
+ smap_add_format(args, "dst_port", "%d", dst_port);
+ }
+ }
+
+ if (tnl_cfg.csum) {
+ smap_add(args, "csum", "true");
+ }
+
+ if (!tnl_cfg.dont_fragment) {
+ smap_add(args, "df_default", "false");
}
- *mtup = vport_mtu.mtu;
return 0;
}
+\f
+/* Code specific to patch ports. */
-int
-netdev_vport_get_stats(const struct netdev *netdev, struct netdev_stats *stats)
+/* If 'netdev' is a patch port, returns the name of its peer as a malloc()'d
+ * string that the caller must free.
+ *
+ * If 'netdev' is not a patch port, returns NULL. */
+char *
+netdev_vport_patch_peer(const struct netdev *netdev_)
{
- const char *name = netdev_get_name(netdev);
- struct odp_vport_stats_req ovsr;
- int err;
+ char *peer = NULL;
- ovs_strlcpy(ovsr.devname, name, sizeof ovsr.devname);
- err = netdev_vport_do_ioctl(ODP_VPORT_STATS_GET, &ovsr);
- if (err) {
- return err;
+ if (netdev_vport_is_patch(netdev_)) {
+ struct netdev_vport *netdev = netdev_vport_cast(netdev_);
+
+ ovs_mutex_lock(&netdev->mutex);
+ if (netdev->peer) {
+ peer = xstrdup(netdev->peer);
+ }
+ ovs_mutex_unlock(&netdev->mutex);
}
- stats->rx_packets = ovsr.stats.rx_packets;
- stats->tx_packets = ovsr.stats.tx_packets;
- stats->rx_bytes = ovsr.stats.rx_bytes;
- stats->tx_bytes = ovsr.stats.tx_bytes;
- stats->rx_errors = ovsr.stats.rx_errors;
- stats->tx_errors = ovsr.stats.tx_errors;
- stats->rx_dropped = ovsr.stats.rx_dropped;
- stats->tx_dropped = ovsr.stats.tx_dropped;
- stats->multicast = ovsr.stats.multicast;
- stats->collisions = ovsr.stats.collisions;
- stats->rx_length_errors = ovsr.stats.rx_length_errors;
- stats->rx_over_errors = ovsr.stats.rx_over_errors;
- stats->rx_crc_errors = ovsr.stats.rx_crc_errors;
- stats->rx_frame_errors = ovsr.stats.rx_frame_errors;
- stats->rx_fifo_errors = ovsr.stats.rx_fifo_errors;
- stats->rx_missed_errors = ovsr.stats.rx_missed_errors;
- stats->tx_aborted_errors = ovsr.stats.tx_aborted_errors;
- stats->tx_carrier_errors = ovsr.stats.tx_carrier_errors;
- stats->tx_fifo_errors = ovsr.stats.tx_fifo_errors;
- stats->tx_heartbeat_errors = ovsr.stats.tx_heartbeat_errors;
- stats->tx_window_errors = ovsr.stats.tx_window_errors;
+ return peer;
+}
- return 0;
+void
+netdev_vport_inc_rx(const struct netdev *netdev,
+ const struct dpif_flow_stats *stats)
+{
+ if (is_vport_class(netdev_get_class(netdev))) {
+ struct netdev_vport *dev = netdev_vport_cast(netdev);
+
+ ovs_mutex_lock(&dev->mutex);
+ dev->stats.rx_packets += stats->n_packets;
+ dev->stats.rx_bytes += stats->n_bytes;
+ ovs_mutex_unlock(&dev->mutex);
+ }
}
-int
-netdev_vport_set_stats(struct netdev *netdev, const struct netdev_stats *stats)
+void
+netdev_vport_inc_tx(const struct netdev *netdev,
+ const struct dpif_flow_stats *stats)
{
- struct odp_vport_stats_req ovsr;
- int err;
+ if (is_vport_class(netdev_get_class(netdev))) {
+ struct netdev_vport *dev = netdev_vport_cast(netdev);
- ovs_strlcpy(ovsr.devname, netdev_get_name(netdev), sizeof ovsr.devname);
-
- ovsr.stats.rx_packets = stats->rx_packets;
- ovsr.stats.tx_packets = stats->tx_packets;
- ovsr.stats.rx_bytes = stats->rx_bytes;
- ovsr.stats.tx_bytes = stats->tx_bytes;
- ovsr.stats.rx_errors = stats->rx_errors;
- ovsr.stats.tx_errors = stats->tx_errors;
- ovsr.stats.rx_dropped = stats->rx_dropped;
- ovsr.stats.tx_dropped = stats->tx_dropped;
- ovsr.stats.multicast = stats->multicast;
- ovsr.stats.collisions = stats->collisions;
- ovsr.stats.rx_length_errors = stats->rx_length_errors;
- ovsr.stats.rx_over_errors = stats->rx_over_errors;
- ovsr.stats.rx_crc_errors = stats->rx_crc_errors;
- ovsr.stats.rx_frame_errors = stats->rx_frame_errors;
- ovsr.stats.rx_fifo_errors = stats->rx_fifo_errors;
- ovsr.stats.rx_missed_errors = stats->rx_missed_errors;
- ovsr.stats.tx_aborted_errors = stats->tx_aborted_errors;
- ovsr.stats.tx_carrier_errors = stats->tx_carrier_errors;
- ovsr.stats.tx_fifo_errors = stats->tx_fifo_errors;
- ovsr.stats.tx_heartbeat_errors = stats->tx_heartbeat_errors;
- ovsr.stats.tx_window_errors = stats->tx_window_errors;
-
- err = netdev_vport_do_ioctl(ODP_VPORT_STATS_SET, &ovsr);
-
- /* If the vport layer doesn't know about the device, that doesn't mean it
- * doesn't exist (after all were able to open it when netdev_open() was
- * called), it just means that it isn't attached and we'll be getting
- * stats a different way. */
- if (err == ENODEV) {
- err = EOPNOTSUPP;
- }
-
- return err;
+ ovs_mutex_lock(&dev->mutex);
+ dev->stats.tx_packets += stats->n_packets;
+ dev->stats.tx_bytes += stats->n_bytes;
+ ovs_mutex_unlock(&dev->mutex);
+ }
}
static int
-netdev_vport_update_flags(struct netdev *netdev OVS_UNUSED,
- enum netdev_flags off, enum netdev_flags on OVS_UNUSED,
- enum netdev_flags *old_flagsp)
+get_patch_config(const struct netdev *dev_, struct smap *args)
{
- if (off & (NETDEV_UP | NETDEV_PROMISC)) {
- return EOPNOTSUPP;
+ struct netdev_vport *dev = netdev_vport_cast(dev_);
+
+ ovs_mutex_lock(&dev->mutex);
+ if (dev->peer) {
+ smap_add(args, "peer", dev->peer);
}
+ ovs_mutex_unlock(&dev->mutex);
- *old_flagsp = NETDEV_UP | NETDEV_PROMISC;
return 0;
}
-static char *
-make_poll_name(const struct netdev *netdev)
+static int
+set_patch_config(struct netdev *dev_, const struct smap *args)
{
- return xasprintf("%s:%s", netdev_get_type(netdev), netdev_get_name(netdev));
-}
+ struct netdev_vport *dev = netdev_vport_cast(dev_);
+ const char *name = netdev_get_name(dev_);
+ const char *peer;
-static int
-netdev_vport_poll_add(struct netdev *netdev,
- void (*cb)(struct netdev_notifier *), void *aux,
- struct netdev_notifier **notifierp)
-{
- char *poll_name = make_poll_name(netdev);
- struct netdev_vport_notifier *notifier;
- struct list *list;
- struct shash_node *shash_node;
-
- shash_node = shash_find_data(&netdev_vport_notifiers, poll_name);
- if (!shash_node) {
- list = xmalloc(sizeof *list);
- list_init(list);
- shash_node = shash_add(&netdev_vport_notifiers, poll_name, list);
- } else {
- list = shash_node->data;
+ peer = smap_get(args, "peer");
+ if (!peer) {
+ VLOG_ERR("%s: patch type requires valid 'peer' argument", name);
+ return EINVAL;
+ }
+
+ if (smap_count(args) > 1) {
+ VLOG_ERR("%s: patch type takes only a 'peer' argument", name);
+ return EINVAL;
+ }
+
+ if (!strcmp(name, peer)) {
+ VLOG_ERR("%s: patch peer must not be self", name);
+ return EINVAL;
}
- notifier = xmalloc(sizeof *notifier);
- netdev_notifier_init(¬ifier->notifier, netdev, cb, aux);
- list_push_back(list, ¬ifier->list_node);
- notifier->shash_node = shash_node;
+ ovs_mutex_lock(&dev->mutex);
+ if (!dev->peer || strcmp(dev->peer, peer)) {
+ free(dev->peer);
+ dev->peer = xstrdup(peer);
+ netdev_change_seq_changed(dev_);
+ }
+ ovs_mutex_unlock(&dev->mutex);
- *notifierp = ¬ifier->notifier;
- free(poll_name);
+ return 0;
+}
+
+static int
+get_stats(const struct netdev *netdev, struct netdev_stats *stats)
+{
+ struct netdev_vport *dev = netdev_vport_cast(netdev);
+
+ ovs_mutex_lock(&dev->mutex);
+ *stats = dev->stats;
+ ovs_mutex_unlock(&dev->mutex);
return 0;
}
-static void
-netdev_vport_poll_remove(struct netdev_notifier *notifier_)
+\f
+/* Tunnel push pop ops. */
+
+static struct ip_header *
+ip_hdr(void *eth)
+{
+ return (void *)((char *)eth + sizeof (struct eth_header));
+}
+
+static struct gre_base_hdr *
+gre_hdr(struct ip_header *ip)
+{
+ return (void *)((char *)ip + sizeof (struct ip_header));
+}
+
+static void *
+ip_extract_tnl_md(struct dp_packet *packet, struct flow_tnl *tnl)
{
- struct netdev_vport_notifier *notifier =
- CONTAINER_OF(notifier_, struct netdev_vport_notifier, notifier);
+ struct ip_header *nh;
+ void *l4;
- struct list *list;
+ nh = dp_packet_l3(packet);
+ l4 = dp_packet_l4(packet);
- list = list_remove(¬ifier->list_node);
- if (list_is_empty(list)) {
- shash_delete(&netdev_vport_notifiers, notifier->shash_node);
- free(list);
+ if (!nh || !l4) {
+ return NULL;
}
- free(notifier);
+ tnl->ip_src = get_16aligned_be32(&nh->ip_src);
+ tnl->ip_dst = get_16aligned_be32(&nh->ip_dst);
+ tnl->ip_tos = nh->ip_tos;
+ tnl->ip_ttl = nh->ip_ttl;
+
+ return l4;
}
-\f
-/* Helper functions. */
-static int
-netdev_vport_do_ioctl(int cmd, void *arg)
+/* Pushes the 'size' bytes of 'header' into the headroom of 'packet',
+ * reallocating the packet if necessary. 'header' should contain an Ethernet
+ * header, followed by an IPv4 header (without options), and an L4 header.
+ *
+ * This function sets the IP header's ip_tot_len field (which should be zeroed
+ * as part of 'header') and puts its value into '*ip_tot_size' as well. Also
+ * updates IP header checksum.
+ *
+ * Return pointer to the L4 header added to 'packet'. */
+static void *
+push_ip_header(struct dp_packet *packet,
+ const void *header, int size, int *ip_tot_size)
+{
+ struct eth_header *eth;
+ struct ip_header *ip;
+
+ eth = dp_packet_push_uninit(packet, size);
+ *ip_tot_size = dp_packet_size(packet) - sizeof (struct eth_header);
+
+ memcpy(eth, header, size);
+ ip = ip_hdr(eth);
+ ip->ip_tot_len = htons(*ip_tot_size);
+
+
+ ip->ip_csum = recalc_csum16(ip->ip_csum, 0, ip->ip_tot_len);
+
+ return ip + 1;
+}
+
+static void *
+udp_extract_tnl_md(struct dp_packet *packet, struct flow_tnl *tnl)
{
- static int ioctl_fd = -1;
+ struct udp_header *udp;
+
+ udp = ip_extract_tnl_md(packet, tnl);
+ if (!udp) {
+ return NULL;
+ }
+
+ if (udp->udp_csum) {
+ uint32_t csum = packet_csum_pseudoheader(dp_packet_l3(packet));
- if (ioctl_fd < 0) {
- ioctl_fd = open("/dev/net/dp0", O_RDONLY | O_NONBLOCK);
- if (ioctl_fd < 0) {
- VLOG_ERR_RL(&rl, "failed to open ioctl fd: %s", strerror(errno));
- return errno;
+ csum = csum_continue(csum, udp, dp_packet_size(packet) -
+ ((const unsigned char *)udp -
+ (const unsigned char *)dp_packet_l2(packet)));
+ if (csum_finish(csum)) {
+ return NULL;
}
+ tnl->flags |= FLOW_TNL_F_CSUM;
}
- return ioctl(ioctl_fd, cmd, arg) ? errno : 0;
+ tnl->tp_src = udp->udp_src;
+ tnl->tp_dst = udp->udp_dst;
+
+ return udp + 1;
+}
+
+static ovs_be16
+get_src_port(struct dp_packet *packet)
+{
+ uint32_t hash;
+
+ hash = dp_packet_get_rss_hash(packet);
+
+ return htons((((uint64_t) hash * (tnl_udp_port_max - tnl_udp_port_min)) >> 32) +
+ tnl_udp_port_min);
}
static void
-netdev_vport_poll_notify(const struct netdev *netdev)
+push_udp_header(struct dp_packet *packet,
+ const struct ovs_action_push_tnl *data)
{
- char *poll_name = make_poll_name(netdev);
- struct list *list = shash_find_data(&netdev_vport_notifiers,
- poll_name);
+ struct udp_header *udp;
+ int ip_tot_size;
- if (list) {
- struct netdev_vport_notifier *notifier;
+ udp = push_ip_header(packet, data->header, data->header_len, &ip_tot_size);
- LIST_FOR_EACH (notifier, list_node, list) {
- struct netdev_notifier *n = ¬ifier->notifier;
- n->cb(n);
+ /* set udp src port */
+ udp->udp_src = get_src_port(packet);
+ udp->udp_len = htons(ip_tot_size - sizeof (struct ip_header));
+
+ if (udp->udp_csum) {
+ uint32_t csum = packet_csum_pseudoheader(ip_hdr(dp_packet_data(packet)));
+
+ csum = csum_continue(csum, udp,
+ ip_tot_size - sizeof (struct ip_header));
+ udp->udp_csum = csum_finish(csum);
+
+ if (!udp->udp_csum) {
+ udp->udp_csum = htons(0xffff);
}
}
+}
+
+static void *
+udp_build_header(struct netdev_tunnel_config *tnl_cfg,
+ const struct flow *tnl_flow,
+ struct ovs_action_push_tnl *data)
+{
+ struct ip_header *ip;
+ struct udp_header *udp;
+
+ ip = ip_hdr(data->header);
+ ip->ip_proto = IPPROTO_UDP;
- free(poll_name);
+ udp = (struct udp_header *) (ip + 1);
+ udp->udp_dst = tnl_cfg->dst_port;
+
+ if (tnl_flow->tunnel.flags & FLOW_TNL_F_CSUM) {
+ /* Write a value in now to mark that we should compute the checksum
+ * later. 0xffff is handy because it is transparent to the
+ * calculation. */
+ udp->udp_csum = htons(0xffff);
+ }
+
+ return udp + 1;
}
-\f
-/* Code specific to individual vport types. */
static int
-parse_tunnel_config(const struct netdev_dev *dev, const struct shash *args,
- void *configp)
+gre_header_len(ovs_be16 flags)
{
- const char *name = netdev_dev_get_name(dev);
- const char *type = netdev_dev_get_type(dev);
- bool is_gre = false;
- bool is_ipsec = false;
- struct tnl_port_config config;
- struct shash_node *node;
- bool ipsec_mech_set = false;
+ int hlen = sizeof(struct eth_header) +
+ sizeof(struct ip_header) + 4;
- memset(&config, 0, sizeof config);
- config.flags |= TNL_F_PMTUD;
- config.flags |= TNL_F_HDR_CACHE;
+ if (flags & htons(GRE_CSUM)) {
+ hlen += 4;
+ }
+ if (flags & htons(GRE_KEY)) {
+ hlen += 4;
+ }
+ if (flags & htons(GRE_SEQ)) {
+ hlen += 4;
+ }
+ return hlen;
+}
- if (!strcmp(type, "gre")) {
- is_gre = true;
- } else if (!strcmp(type, "ipsec_gre")) {
- is_gre = true;
- is_ipsec = true;
+static int
+parse_gre_header(struct dp_packet *packet,
+ struct flow_tnl *tnl)
+{
+ const struct gre_base_hdr *greh;
+ ovs_16aligned_be32 *options;
+ int hlen;
- config.flags |= TNL_F_IPSEC;
+ greh = ip_extract_tnl_md(packet, tnl);
+ if (!greh) {
+ return -EINVAL;
+ }
- /* IPsec doesn't work when header caching is enabled. */
- config.flags &= ~TNL_F_HDR_CACHE;
+ if (greh->flags & ~(htons(GRE_CSUM | GRE_KEY | GRE_SEQ))) {
+ return -EINVAL;
}
- SHASH_FOR_EACH (node, args) {
- if (!strcmp(node->name, "remote_ip")) {
- struct in_addr in_addr;
- if (lookup_ip(node->data, &in_addr)) {
- VLOG_WARN("%s: bad %s 'remote_ip'", name, type);
- } else {
- config.daddr = in_addr.s_addr;
- }
- } else if (!strcmp(node->name, "local_ip")) {
- struct in_addr in_addr;
- if (lookup_ip(node->data, &in_addr)) {
- VLOG_WARN("%s: bad %s 'local_ip'", name, type);
- } else {
- config.saddr = in_addr.s_addr;
- }
- } else if (!strcmp(node->name, "key") && is_gre) {
- if (!strcmp(node->data, "flow")) {
- config.flags |= TNL_F_IN_KEY_MATCH;
- config.flags |= TNL_F_OUT_KEY_ACTION;
- } else {
- uint64_t key = strtoull(node->data, NULL, 0);
- config.out_key = config.in_key = htonll(key);
- }
- } else if (!strcmp(node->name, "in_key") && is_gre) {
- if (!strcmp(node->data, "flow")) {
- config.flags |= TNL_F_IN_KEY_MATCH;
- } else {
- config.in_key = htonll(strtoull(node->data, NULL, 0));
- }
- } else if (!strcmp(node->name, "out_key") && is_gre) {
- if (!strcmp(node->data, "flow")) {
- config.flags |= TNL_F_OUT_KEY_ACTION;
- } else {
- config.out_key = htonll(strtoull(node->data, NULL, 0));
- }
- } else if (!strcmp(node->name, "tos")) {
- if (!strcmp(node->data, "inherit")) {
- config.flags |= TNL_F_TOS_INHERIT;
- } else {
- config.tos = atoi(node->data);
- }
- } else if (!strcmp(node->name, "ttl")) {
- if (!strcmp(node->data, "inherit")) {
- config.flags |= TNL_F_TTL_INHERIT;
- } else {
- config.ttl = atoi(node->data);
- }
- } else if (!strcmp(node->name, "csum") && is_gre) {
- if (!strcmp(node->data, "true")) {
- config.flags |= TNL_F_CSUM;
- }
- } else if (!strcmp(node->name, "pmtud")) {
- if (!strcmp(node->data, "false")) {
- config.flags &= ~TNL_F_PMTUD;
- }
- } else if (!strcmp(node->name, "header_cache")) {
- if (!strcmp(node->data, "false")) {
- config.flags &= ~TNL_F_HDR_CACHE;
- }
- } else if ((!strcmp(node->name, "ipsec_cert")
- || !strcmp(node->name, "ipsec_psk")) && is_ipsec) {
- ipsec_mech_set = true;
- } else {
- VLOG_WARN("%s: unknown %s argument '%s'",
- name, type, node->name);
+ if (greh->protocol != htons(ETH_TYPE_TEB)) {
+ return -EINVAL;
+ }
+
+ hlen = gre_header_len(greh->flags);
+ if (hlen > dp_packet_size(packet)) {
+ return -EINVAL;
+ }
+
+ options = (ovs_16aligned_be32 *)(greh + 1);
+ if (greh->flags & htons(GRE_CSUM)) {
+ ovs_be16 pkt_csum;
+
+ pkt_csum = csum(greh, dp_packet_size(packet) -
+ ((const unsigned char *)greh -
+ (const unsigned char *)dp_packet_l2(packet)));
+ if (pkt_csum) {
+ return -EINVAL;
}
+ tnl->flags = FLOW_TNL_F_CSUM;
+ options++;
}
- if (is_ipsec && !ipsec_mech_set) {
- VLOG_WARN("%s: IPsec requires an 'ipsec_cert' or ipsec_psk' argument",
- name);
+ if (greh->flags & htons(GRE_KEY)) {
+ tnl->tun_id = (OVS_FORCE ovs_be64) ((OVS_FORCE uint64_t)(get_16aligned_be32(options)) << 32);
+ tnl->flags |= FLOW_TNL_F_KEY;
+ options++;
+ }
+
+ if (greh->flags & htons(GRE_SEQ)) {
+ options++;
+ }
+
+ return hlen;
+}
+
+static void
+pkt_metadata_init_tnl(struct pkt_metadata *md)
+{
+ memset(md, 0, offsetof(struct pkt_metadata, tunnel.metadata));
+
+ /* If 'opt_map' is zero then none of the rest of the tunnel metadata
+ * will be read, so we can skip clearing it. */
+ md->tunnel.metadata.opt_map = 0;
+}
+
+static int
+netdev_gre_pop_header(struct dp_packet *packet)
+{
+ struct pkt_metadata *md = &packet->md;
+ struct flow_tnl *tnl = &md->tunnel;
+ int hlen = sizeof(struct eth_header) +
+ sizeof(struct ip_header) + 4;
+
+ pkt_metadata_init_tnl(md);
+ if (hlen > dp_packet_size(packet)) {
+ return EINVAL;
+ }
+
+ hlen = parse_gre_header(packet, tnl);
+ if (hlen < 0) {
+ return -hlen;
+ }
+
+ dp_packet_reset_packet(packet, hlen);
+
+ return 0;
+}
+
+static void
+netdev_gre_push_header(struct dp_packet *packet,
+ const struct ovs_action_push_tnl *data)
+{
+ struct gre_base_hdr *greh;
+ int ip_tot_size;
+
+ greh = push_ip_header(packet, data->header, data->header_len, &ip_tot_size);
+
+ if (greh->flags & htons(GRE_CSUM)) {
+ ovs_be16 *csum_opt = (ovs_be16 *) (greh + 1);
+ *csum_opt = csum(greh, ip_tot_size - sizeof (struct ip_header));
+ }
+}
+
+static int
+netdev_gre_build_header(const struct netdev *netdev,
+ struct ovs_action_push_tnl *data,
+ const struct flow *tnl_flow)
+{
+ struct netdev_vport *dev = netdev_vport_cast(netdev);
+ struct netdev_tunnel_config *tnl_cfg;
+ struct ip_header *ip;
+ struct gre_base_hdr *greh;
+ ovs_16aligned_be32 *options;
+ int hlen;
+
+ /* XXX: RCUfy tnl_cfg. */
+ ovs_mutex_lock(&dev->mutex);
+ tnl_cfg = &dev->tnl_cfg;
+
+ ip = ip_hdr(data->header);
+ ip->ip_proto = IPPROTO_GRE;
+
+ greh = gre_hdr(ip);
+ greh->protocol = htons(ETH_TYPE_TEB);
+ greh->flags = 0;
+
+ options = (ovs_16aligned_be32 *) (greh + 1);
+ if (tnl_flow->tunnel.flags & FLOW_TNL_F_CSUM) {
+ greh->flags |= htons(GRE_CSUM);
+ put_16aligned_be32(options, 0);
+ options++;
+ }
+
+ if (tnl_cfg->out_key_present) {
+ greh->flags |= htons(GRE_KEY);
+ put_16aligned_be32(options, (OVS_FORCE ovs_be32)
+ ((OVS_FORCE uint64_t) tnl_flow->tunnel.tun_id >> 32));
+ options++;
+ }
+
+ ovs_mutex_unlock(&dev->mutex);
+
+ hlen = (uint8_t *) options - (uint8_t *) greh;
+
+ data->header_len = sizeof(struct eth_header) +
+ sizeof(struct ip_header) + hlen;
+ data->tnl_type = OVS_VPORT_TYPE_GRE;
+ return 0;
+}
+
+static int
+netdev_vxlan_pop_header(struct dp_packet *packet)
+{
+ struct pkt_metadata *md = &packet->md;
+ struct flow_tnl *tnl = &md->tunnel;
+ struct vxlanhdr *vxh;
+
+ pkt_metadata_init_tnl(md);
+ if (VXLAN_HLEN > dp_packet_size(packet)) {
+ return EINVAL;
+ }
+
+ vxh = udp_extract_tnl_md(packet, tnl);
+ if (!vxh) {
return EINVAL;
}
- if (!config.daddr) {
- VLOG_WARN("%s: %s type requires valid 'remote_ip' argument",
- name, type);
+ if (get_16aligned_be32(&vxh->vx_flags) != htonl(VXLAN_FLAGS) ||
+ (get_16aligned_be32(&vxh->vx_vni) & htonl(0xff))) {
+ VLOG_WARN_RL(&err_rl, "invalid vxlan flags=%#x vni=%#x\n",
+ ntohl(get_16aligned_be32(&vxh->vx_flags)),
+ ntohl(get_16aligned_be32(&vxh->vx_vni)));
return EINVAL;
}
+ tnl->tun_id = htonll(ntohl(get_16aligned_be32(&vxh->vx_vni)) >> 8);
+ tnl->flags |= FLOW_TNL_F_KEY;
+
+ dp_packet_reset_packet(packet, VXLAN_HLEN);
- BUILD_ASSERT(sizeof config <= VPORT_CONFIG_SIZE);
- memcpy(configp, &config, sizeof config);
return 0;
}
static int
-parse_patch_config(const struct netdev_dev *dev, const struct shash *args,
- void *configp)
+netdev_vxlan_build_header(const struct netdev *netdev,
+ struct ovs_action_push_tnl *data,
+ const struct flow *tnl_flow)
{
- const char *name = netdev_dev_get_name(dev);
- const char *peer;
+ struct netdev_vport *dev = netdev_vport_cast(netdev);
+ struct netdev_tunnel_config *tnl_cfg;
+ struct vxlanhdr *vxh;
- peer = shash_find_data(args, "peer");
- if (!peer) {
- VLOG_WARN("%s: patch type requires valid 'peer' argument", name);
+ /* XXX: RCUfy tnl_cfg. */
+ ovs_mutex_lock(&dev->mutex);
+ tnl_cfg = &dev->tnl_cfg;
+
+ vxh = udp_build_header(tnl_cfg, tnl_flow, data);
+
+ put_16aligned_be32(&vxh->vx_flags, htonl(VXLAN_FLAGS));
+ put_16aligned_be32(&vxh->vx_vni, htonl(ntohll(tnl_flow->tunnel.tun_id) << 8));
+
+ ovs_mutex_unlock(&dev->mutex);
+ data->header_len = VXLAN_HLEN;
+ data->tnl_type = OVS_VPORT_TYPE_VXLAN;
+ return 0;
+}
+
+static int
+netdev_geneve_pop_header(struct dp_packet *packet)
+{
+ struct pkt_metadata *md = &packet->md;
+ struct flow_tnl *tnl = &md->tunnel;
+ struct genevehdr *gnh;
+ unsigned int hlen;
+ int err;
+
+ pkt_metadata_init_tnl(md);
+ if (GENEVE_BASE_HLEN > dp_packet_size(packet)) {
+ VLOG_WARN_RL(&err_rl, "geneve packet too small: min header=%u packet size=%u\n",
+ (unsigned int)GENEVE_BASE_HLEN, dp_packet_size(packet));
return EINVAL;
}
- if (shash_count(args) > 1) {
- VLOG_WARN("%s: patch type takes only a 'peer' argument", name);
+ gnh = udp_extract_tnl_md(packet, tnl);
+ if (!gnh) {
return EINVAL;
}
- if (strlen(peer) >= MIN(IFNAMSIZ, VPORT_CONFIG_SIZE)) {
- VLOG_WARN("%s: patch 'peer' arg too long", name);
+ hlen = GENEVE_BASE_HLEN + gnh->opt_len * 4;
+ if (hlen > dp_packet_size(packet)) {
+ VLOG_WARN_RL(&err_rl, "geneve packet too small: header len=%u packet size=%u\n",
+ hlen, dp_packet_size(packet));
return EINVAL;
}
- if (!strcmp(name, peer)) {
- VLOG_WARN("%s: patch peer must not be self", name);
+ if (gnh->ver != 0) {
+ VLOG_WARN_RL(&err_rl, "unknown geneve version: %"PRIu8"\n", gnh->ver);
return EINVAL;
}
- strncpy(configp, peer, VPORT_CONFIG_SIZE);
+ if (gnh->proto_type != htons(ETH_TYPE_TEB)) {
+ VLOG_WARN_RL(&err_rl, "unknown geneve encapsulated protocol: %#x\n",
+ ntohs(gnh->proto_type));
+ return EINVAL;
+ }
+
+ tnl->flags |= gnh->oam ? FLOW_TNL_F_OAM : 0;
+ tnl->tun_id = htonll(ntohl(get_16aligned_be32(&gnh->vni)) >> 8);
+ tnl->flags |= FLOW_TNL_F_KEY;
+
+ err = tun_metadata_from_geneve_header(gnh->options, gnh->opt_len * 4,
+ &tnl->metadata);
+ if (err) {
+ VLOG_WARN_RL(&err_rl, "invalid geneve options");
+ return err;
+ }
+
+ dp_packet_reset_packet(packet, hlen);
+
+ return 0;
+}
+
+static int
+netdev_geneve_build_header(const struct netdev *netdev,
+ struct ovs_action_push_tnl *data,
+ const struct flow *tnl_flow)
+{
+ struct netdev_vport *dev = netdev_vport_cast(netdev);
+ struct netdev_tunnel_config *tnl_cfg;
+ struct genevehdr *gnh;
+ int opt_len;
+ bool crit_opt;
+
+ /* XXX: RCUfy tnl_cfg. */
+ ovs_mutex_lock(&dev->mutex);
+ tnl_cfg = &dev->tnl_cfg;
+
+ gnh = udp_build_header(tnl_cfg, tnl_flow, data);
+
+ put_16aligned_be32(&gnh->vni, htonl(ntohll(tnl_flow->tunnel.tun_id) << 8));
+ ovs_mutex_unlock(&dev->mutex);
+
+ opt_len = tun_metadata_to_geneve_header(&tnl_flow->tunnel.metadata,
+ gnh->options, &crit_opt);
+
+ gnh->opt_len = opt_len / 4;
+ gnh->oam = !!(tnl_flow->tunnel.flags & FLOW_TNL_F_OAM);
+ gnh->critical = crit_opt ? 1 : 0;
+ gnh->proto_type = htons(ETH_TYPE_TEB);
+
+ data->header_len = GENEVE_BASE_HLEN + opt_len;
+ data->tnl_type = OVS_VPORT_TYPE_GENEVE;
return 0;
}
+
+static void
+netdev_vport_range(struct unixctl_conn *conn, int argc,
+ const char *argv[], void *aux OVS_UNUSED)
+{
+ int val1, val2;
+
+ if (argc < 3) {
+ struct ds ds = DS_EMPTY_INITIALIZER;
+
+ ds_put_format(&ds, "Tunnel UDP source port range: %"PRIu16"-%"PRIu16"\n",
+ tnl_udp_port_min, tnl_udp_port_max);
+
+ unixctl_command_reply(conn, ds_cstr(&ds));
+ ds_destroy(&ds);
+ return;
+ }
+
+ if (argc != 3) {
+ return;
+ }
+
+ val1 = atoi(argv[1]);
+ if (val1 <= 0 || val1 > UINT16_MAX) {
+ unixctl_command_reply(conn, "Invalid min.");
+ return;
+ }
+ val2 = atoi(argv[2]);
+ if (val2 <= 0 || val2 > UINT16_MAX) {
+ unixctl_command_reply(conn, "Invalid max.");
+ return;
+ }
+
+ if (val1 > val2) {
+ tnl_udp_port_min = val2;
+ tnl_udp_port_max = val1;
+ } else {
+ tnl_udp_port_min = val1;
+ tnl_udp_port_max = val2;
+ }
+ seq_change(tnl_conf_seq);
+
+ unixctl_command_reply(conn, "OK");
+}
+
\f
-#define VPORT_FUNCTIONS \
- NULL, /* init */ \
- NULL, /* run */ \
- NULL, /* wait */ \
- \
- netdev_vport_create, \
- netdev_vport_destroy, \
- netdev_vport_reconfigure, \
+#define VPORT_FUNCTIONS(GET_CONFIG, SET_CONFIG, \
+ GET_TUNNEL_CONFIG, GET_STATUS, \
+ BUILD_HEADER, \
+ PUSH_HEADER, POP_HEADER) \
+ NULL, \
+ netdev_vport_run, \
+ netdev_vport_wait, \
\
- netdev_vport_open, \
- netdev_vport_close, \
- \
- NULL, /* enumerate */ \
- \
- NULL, /* recv */ \
- NULL, /* recv_wait */ \
- NULL, /* drain */ \
+ netdev_vport_alloc, \
+ netdev_vport_construct, \
+ netdev_vport_destruct, \
+ netdev_vport_dealloc, \
+ GET_CONFIG, \
+ SET_CONFIG, \
+ GET_TUNNEL_CONFIG, \
+ BUILD_HEADER, \
+ PUSH_HEADER, \
+ POP_HEADER, \
+ NULL, /* get_numa_id */ \
+ NULL, /* set_multiq */ \
\
NULL, /* send */ \
NULL, /* send_wait */ \
\
netdev_vport_set_etheraddr, \
netdev_vport_get_etheraddr, \
- netdev_vport_get_mtu, \
+ NULL, /* get_mtu */ \
+ NULL, /* set_mtu */ \
NULL, /* get_ifindex */ \
NULL, /* get_carrier */ \
- netdev_vport_get_stats, \
- netdev_vport_set_stats, \
+ NULL, /* get_carrier_resets */ \
+ NULL, /* get_miimon */ \
+ get_stats, \
\
NULL, /* get_features */ \
NULL, /* set_advertisements */ \
- NULL, /* get_vlan_vid */ \
\
NULL, /* set_policing */ \
NULL, /* get_qos_types */ \
NULL, /* set_queue */ \
NULL, /* delete_queue */ \
NULL, /* get_queue_stats */ \
- NULL, /* dump_queues */ \
+ NULL, /* queue_dump_start */ \
+ NULL, /* queue_dump_next */ \
+ NULL, /* queue_dump_done */ \
NULL, /* dump_queue_stats */ \
\
NULL, /* get_in4 */ \
NULL, /* get_in6 */ \
NULL, /* add_router */ \
NULL, /* get_next_hop */ \
+ GET_STATUS, \
NULL, /* arp_lookup */ \
\
netdev_vport_update_flags, \
\
- netdev_vport_poll_add, \
- netdev_vport_poll_remove,
+ NULL, /* rx_alloc */ \
+ NULL, /* rx_construct */ \
+ NULL, /* rx_destruct */ \
+ NULL, /* rx_dealloc */ \
+ NULL, /* rx_recv */ \
+ NULL, /* rx_wait */ \
+ NULL, /* rx_drain */
+
+
+#define TUNNEL_CLASS(NAME, DPIF_PORT, BUILD_HEADER, PUSH_HEADER, POP_HEADER) \
+ { DPIF_PORT, \
+ { NAME, VPORT_FUNCTIONS(get_tunnel_config, \
+ set_tunnel_config, \
+ get_netdev_tunnel_config, \
+ tunnel_get_status, \
+ BUILD_HEADER, PUSH_HEADER, POP_HEADER) }}
void
-netdev_vport_register(void)
+netdev_vport_tunnel_register(void)
{
+ /* The name of the dpif_port should be short enough to accomodate adding
+ * a port number to the end if one is necessary. */
static const struct vport_class vport_classes[] = {
- { { "gre", VPORT_FUNCTIONS }, parse_tunnel_config },
- { { "ipsec_gre", VPORT_FUNCTIONS }, parse_tunnel_config },
- { { "capwap", VPORT_FUNCTIONS }, parse_tunnel_config },
- { { "patch", VPORT_FUNCTIONS }, parse_patch_config }
+ TUNNEL_CLASS("geneve", "genev_sys", netdev_geneve_build_header,
+ push_udp_header,
+ netdev_geneve_pop_header),
+ TUNNEL_CLASS("gre", "gre_sys", netdev_gre_build_header,
+ netdev_gre_push_header,
+ netdev_gre_pop_header),
+ TUNNEL_CLASS("ipsec_gre", "gre_sys", NULL, NULL, NULL),
+ TUNNEL_CLASS("gre64", "gre64_sys", NULL, NULL, NULL),
+ TUNNEL_CLASS("ipsec_gre64", "gre64_sys", NULL, NULL, NULL),
+ TUNNEL_CLASS("vxlan", "vxlan_sys", netdev_vxlan_build_header,
+ push_udp_header,
+ netdev_vxlan_pop_header),
+ TUNNEL_CLASS("lisp", "lisp_sys", NULL, NULL, NULL),
+ TUNNEL_CLASS("stt", "stt_sys", NULL, NULL, NULL),
};
+ static struct ovsthread_once once = OVSTHREAD_ONCE_INITIALIZER;
+
+ if (ovsthread_once_start(&once)) {
+ int i;
- int i;
+ for (i = 0; i < ARRAY_SIZE(vport_classes); i++) {
+ netdev_register_provider(&vport_classes[i].netdev_class);
+ }
+
+ unixctl_command_register("tnl/egress_port_range", "min max", 0, 2,
+ netdev_vport_range, NULL);
- for (i = 0; i < ARRAY_SIZE(vport_classes); i++) {
- netdev_register_provider(&vport_classes[i].netdev_class);
+ ovsthread_once_done(&once);
}
}
+
+void
+netdev_vport_patch_register(void)
+{
+ static const struct vport_class patch_class =
+ { NULL,
+ { "patch", VPORT_FUNCTIONS(get_patch_config,
+ set_patch_config,
+ NULL,
+ NULL, NULL, NULL, NULL) }};
+ netdev_register_provider(&patch_class.netdev_class);
+}
projects / cascardo / ovs.git / blobdiff