From: Pravin B Shelar Date: Mon, 1 Jul 2013 21:38:33 +0000 (-0700) Subject: datapath: Restructure vxlan tunneling. X-Git-Tag: v2.0~386 X-Git-Url: http://git.cascardo.eti.br/?a=commitdiff_plain;h=1b7ee51f9d340aa6c9f6a5772f4e79cbfd17565d;p=cascardo%2Fovs.git datapath: Restructure vxlan tunneling. Following patch restructures vxlan tunneling so that it is more in sync with upstream vxlan tunneling code. Signed-off-by: Pravin Shelar Acked-by: Jesse Gross --- diff --git a/datapath/compat.h b/datapath/compat.h index a6a01d57c..4dfd1926d 100644 --- a/datapath/compat.h +++ b/datapath/compat.h @@ -100,4 +100,10 @@ static inline void skb_set_mark(struct sk_buff *skb, u32 mark) #define rt_dst(rt) (rt->u.dst) #endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,33) +#define inet_sport(sk) (inet_sk(sk)->sport) +#else +#define inet_sport(sk) (inet_sk(sk)->inet_sport) +#endif + #endif /* compat.h */ diff --git a/datapath/linux/Modules.mk b/datapath/linux/Modules.mk index dcacc791f..edaeabbd9 100644 --- a/datapath/linux/Modules.mk +++ b/datapath/linux/Modules.mk @@ -3,6 +3,7 @@ openvswitch_sources += \ linux/compat/dev-openvswitch.c \ linux/compat/exthdrs_core.c \ linux/compat/flex_array.c \ + linux/compat/flow_dissector.c \ linux/compat/gre.c \ linux/compat/gso.c \ linux/compat/genetlink-openvswitch.c \ @@ -14,6 +15,7 @@ openvswitch_sources += \ linux/compat/reciprocal_div.c \ linux/compat/skbuff-openvswitch.c \ linux/compat/time.c \ + linux/compat/vxlan.c \ linux/compat/workqueue.c openvswitch_headers += \ linux/compat/gso.h \ @@ -65,6 +67,7 @@ openvswitch_headers += \ linux/compat/include/linux/workqueue.h \ linux/compat/include/net/checksum.h \ linux/compat/include/net/dst.h \ + linux/compat/include/net/flow_keys.h \ linux/compat/include/net/genetlink.h \ linux/compat/include/net/gre.h \ linux/compat/include/net/inet_frag.h \ @@ -76,4 +79,5 @@ openvswitch_headers += \ linux/compat/include/net/protocol.h \ linux/compat/include/net/route.h \ linux/compat/include/net/sock.h \ - linux/compat/include/net/netns/generic.h + linux/compat/include/net/netns/generic.h \ + linux/compat/include/net/vxlan.h diff --git a/datapath/linux/compat/flow_dissector.c b/datapath/linux/compat/flow_dissector.c new file mode 100644 index 000000000..8592ca9fb --- /dev/null +++ b/datapath/linux/compat/flow_dissector.c @@ -0,0 +1,222 @@ +/* + * Copyright (c) 2007-2013 Nicira, Inc. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of version 2 of the GNU General Public + * License as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA + * + * This code is derived from kernel flow_dissector.c + */ + +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,37) +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +/* copy saddr & daddr, possibly using 64bit load/store + * Equivalent to : flow->src = iph->saddr; + * flow->dst = iph->daddr; + */ +static void iph_to_flow_copy_addrs(struct flow_keys *flow, const struct iphdr *iph) +{ + BUILD_BUG_ON(offsetof(typeof(*flow), dst) != + offsetof(typeof(*flow), src) + sizeof(flow->src)); + memcpy(&flow->src, &iph->saddr, sizeof(flow->src) + sizeof(flow->dst)); +} + +static bool skb_flow_dissect(const struct sk_buff *skb, struct flow_keys *flow) +{ + int poff, nhoff = skb_network_offset(skb); + u8 ip_proto; + __be16 proto = skb->protocol; + + memset(flow, 0, sizeof(*flow)); + +again: + switch (proto) { + case __constant_htons(ETH_P_IP): { + const struct iphdr *iph; + struct iphdr _iph; +ip: + iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph); + if (!iph) + return false; + + if (ip_is_fragment(iph)) + ip_proto = 0; + else + ip_proto = iph->protocol; + iph_to_flow_copy_addrs(flow, iph); + nhoff += iph->ihl * 4; + break; + } + case __constant_htons(ETH_P_IPV6): { + const struct ipv6hdr *iph; + struct ipv6hdr _iph; +ipv6: + iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph); + if (!iph) + return false; + + ip_proto = iph->nexthdr; + flow->src = (__force __be32)ipv6_addr_hash(&iph->saddr); + flow->dst = (__force __be32)ipv6_addr_hash(&iph->daddr); + nhoff += sizeof(struct ipv6hdr); + break; + } + case __constant_htons(ETH_P_8021Q): { + const struct vlan_hdr *vlan; + struct vlan_hdr _vlan; + + vlan = skb_header_pointer(skb, nhoff, sizeof(_vlan), &_vlan); + if (!vlan) + return false; + + proto = vlan->h_vlan_encapsulated_proto; + nhoff += sizeof(*vlan); + goto again; + } + case __constant_htons(ETH_P_PPP_SES): { + struct { + struct pppoe_hdr hdr; + __be16 proto; + } *hdr, _hdr; + hdr = skb_header_pointer(skb, nhoff, sizeof(_hdr), &_hdr); + if (!hdr) + return false; + proto = hdr->proto; + nhoff += PPPOE_SES_HLEN; + switch (proto) { + case __constant_htons(PPP_IP): + goto ip; + case __constant_htons(PPP_IPV6): + goto ipv6; + default: + return false; + } + } + default: + return false; + } + + switch (ip_proto) { + case IPPROTO_GRE: { + struct gre_hdr { + __be16 flags; + __be16 proto; + } *hdr, _hdr; + + hdr = skb_header_pointer(skb, nhoff, sizeof(_hdr), &_hdr); + if (!hdr) + return false; + /* + * Only look inside GRE if version zero and no + * routing + */ + if (!(hdr->flags & (GRE_VERSION|GRE_ROUTING))) { + proto = hdr->proto; + nhoff += 4; + if (hdr->flags & GRE_CSUM) + nhoff += 4; + if (hdr->flags & GRE_KEY) + nhoff += 4; + if (hdr->flags & GRE_SEQ) + nhoff += 4; + if (proto == htons(ETH_P_TEB)) { + const struct ethhdr *eth; + struct ethhdr _eth; + + eth = skb_header_pointer(skb, nhoff, + sizeof(_eth), &_eth); + if (!eth) + return false; + proto = eth->h_proto; + nhoff += sizeof(*eth); + } + goto again; + } + break; + } + case IPPROTO_IPIP: + goto again; + default: + break; + } + + flow->ip_proto = ip_proto; + poff = proto_ports_offset(ip_proto); + if (poff >= 0) { + __be32 *ports, _ports; + + nhoff += poff; + ports = skb_header_pointer(skb, nhoff, sizeof(_ports), &_ports); + if (ports) + flow->ports = *ports; + } + + flow->thoff = (u16) nhoff; + + return true; +} + +static u32 hashrnd __read_mostly; + +static void init_hashrnd(void) +{ + if (likely(hashrnd)) + return; + get_random_bytes(&hashrnd, sizeof(hashrnd)); +} + +u32 __skb_get_rxhash(struct sk_buff *skb) +{ + struct flow_keys keys; + u32 hash; + + if (!skb_flow_dissect(skb, &keys)) + return 0; + + /* get a consistent hash (same value on both flow directions) */ + if (((__force u32)keys.dst < (__force u32)keys.src) || + (((__force u32)keys.dst == (__force u32)keys.src) && + ((__force u16)keys.port16[1] < (__force u16)keys.port16[0]))) { + swap(keys.dst, keys.src); + swap(keys.port16[0], keys.port16[1]); + } + + init_hashrnd(); + + hash = jhash_3words((__force u32)keys.dst, + (__force u32)keys.src, + (__force u32)keys.ports, hashrnd); + if (!hash) + hash = 1; + +#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,34) + skb->rxhash = hash; +#endif + return hash; +} +#endif diff --git a/datapath/linux/compat/include/linux/in.h b/datapath/linux/compat/include/linux/in.h index f91a832a7..fa2e02641 100644 --- a/datapath/linux/compat/include/linux/in.h +++ b/datapath/linux/compat/include/linux/in.h @@ -3,6 +3,26 @@ #include_next +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,37) +static inline int proto_ports_offset(int proto) +{ + switch (proto) { + case IPPROTO_TCP: + case IPPROTO_UDP: + case IPPROTO_DCCP: + case IPPROTO_ESP: /* SPI */ + case IPPROTO_SCTP: + case IPPROTO_UDPLITE: + return 0; + case IPPROTO_AH: /* SPI */ + return 4; + default: + return -EINVAL; + } +} +#endif + #ifndef HAVE_IPV4_IS_MULTICAST static inline bool ipv4_is_loopback(__be32 addr) diff --git a/datapath/linux/compat/include/linux/skbuff.h b/datapath/linux/compat/include/linux/skbuff.h index d485b39a5..c9c103d0c 100644 --- a/datapath/linux/compat/include/linux/skbuff.h +++ b/datapath/linux/compat/include/linux/skbuff.h @@ -251,4 +251,26 @@ static inline void skb_reset_mac_len(struct sk_buff *skb) skb->mac_len = skb->network_header - skb->mac_header; } #endif + +static inline int skb_unclone(struct sk_buff *skb, gfp_t pri) +{ + might_sleep_if(pri & __GFP_WAIT); + + if (skb_cloned(skb)) + return pskb_expand_head(skb, 0, 0, pri); + + return 0; +} + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,37) +extern u32 __skb_get_rxhash(struct sk_buff *skb); +static inline __u32 skb_get_rxhash(struct sk_buff *skb) +{ +#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,34) + if (!skb->rxhash) +#endif + return __skb_get_rxhash(skb); +} +#endif + #endif diff --git a/datapath/linux/compat/include/net/flow_keys.h b/datapath/linux/compat/include/net/flow_keys.h new file mode 100644 index 000000000..4de17d12f --- /dev/null +++ b/datapath/linux/compat/include/net/flow_keys.h @@ -0,0 +1,22 @@ +#ifndef _NET_FLOW_KEYS_WRAPPER_H +#define _NET_FLOW_KEYS_WRAPPER_H + +#include + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,3,0) +#include_next +#else +struct flow_keys { + /* (src,dst) must be grouped, in the same way than in IP header */ + __be32 src; + __be32 dst; + union { + __be32 ports; + __be16 port16[2]; + }; + u16 thoff; + u8 ip_proto; +}; +#endif + +#endif diff --git a/datapath/linux/compat/include/net/ip.h b/datapath/linux/compat/include/net/ip.h index b18b968b6..1dccdea1a 100644 --- a/datapath/linux/compat/include/net/ip.h +++ b/datapath/linux/compat/include/net/ip.h @@ -11,4 +11,11 @@ extern int ip_local_out(struct sk_buff *skb); #endif /* linux kernel < 2.6.25 */ +#if LINUX_VERSION_CODE < KERNEL_VERSION(3,1,0) +static inline bool ip_is_fragment(const struct iphdr *iph) +{ + return (iph->frag_off & htons(IP_MF | IP_OFFSET)) != 0; +} +#endif + #endif diff --git a/datapath/linux/compat/include/net/ipv6.h b/datapath/linux/compat/include/net/ipv6.h index d1e32485a..7ab234acb 100644 --- a/datapath/linux/compat/include/net/ipv6.h +++ b/datapath/linux/compat/include/net/ipv6.h @@ -23,4 +23,19 @@ enum { extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, int target, unsigned short *fragoff, int *fragflg); +#if LINUX_VERSION_CODE < KERNEL_VERSION(3,4,0) +static inline u32 ipv6_addr_hash(const struct in6_addr *a) +{ +#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 + const unsigned long *ul = (const unsigned long *)a; + unsigned long x = ul[0] ^ ul[1]; + + return (u32)(x ^ (x >> 32)); +#else + return (__force u32)(a->s6_addr32[0] ^ a->s6_addr32[1] ^ + a->s6_addr32[2] ^ a->s6_addr32[3]); +#endif +} +#endif + #endif diff --git a/datapath/linux/compat/include/net/vxlan.h b/datapath/linux/compat/include/net/vxlan.h new file mode 100644 index 000000000..102bc0c60 --- /dev/null +++ b/datapath/linux/compat/include/net/vxlan.h @@ -0,0 +1,43 @@ +#ifndef __NET_VXLAN_WRAPPER_H +#define __NET_VXLAN_WRAPPER_H 1 + +#include +#include +#include + +/* per UDP socket information */ +struct vxlan_sock { + struct hlist_node hlist; + struct rcu_head rcu; + struct socket *sock; + struct list_head handler_list; +}; + +struct vxlan_handler; +typedef int (vxlan_rcv_t)(struct vxlan_handler *vh, struct sk_buff *skb, __be32 key); + +struct vxlan_handler { + vxlan_rcv_t *rcv; + struct list_head node; + void *data; + struct vxlan_sock *vs; + atomic_t refcnt; + struct rcu_head rcu; + struct work_struct del_work; + int priority; +}; + +void vxlan_handler_put(struct vxlan_handler *vh); + +struct vxlan_handler *vxlan_handler_add(struct net *net, + __be16 portno, vxlan_rcv_t *rcv, + void *data, int priority, bool create); + +int vxlan_xmit_skb(struct net *net, struct vxlan_handler *vh, + struct rtable *rt, struct sk_buff *skb, + __be32 src, __be32 dst, __u8 tos, __u8 ttl, __be16 df, + __be16 src_port, __be16 dst_port, __be32 vni); + +__be16 vxlan_src_port(__u16 port_min, __u16 port_max, struct sk_buff *skb); + +#endif diff --git a/datapath/linux/compat/vxlan.c b/datapath/linux/compat/vxlan.c new file mode 100644 index 000000000..6e6b94500 --- /dev/null +++ b/datapath/linux/compat/vxlan.c @@ -0,0 +1,479 @@ +/* + * Copyright (c) 2007-2013 Nicira, Inc. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of version 2 of the GNU General Public + * License as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA + * + * This code is derived from kernel vxlan module. + */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "checksum.h" +#include "compat.h" +#include "gso.h" +#include "vlan.h" + +#define PORT_HASH_BITS 8 +#define PORT_HASH_SIZE (1<sock_list[hash_32(ntohs(port), PORT_HASH_BITS)]; +} + +/* Find VXLAN socket based on network namespace and UDP port */ +static struct vxlan_sock *vxlan_find_port(struct net *net, __be16 port) +{ + struct vxlan_sock *vs; + + hlist_for_each_entry_rcu(vs, vs_head(net, port), hlist) { + if (inet_sport(vs->sock->sk) == port) + return vs; + } + return NULL; +} + +/* Callback from net/ipv4/udp.c to receive packets */ +static int vxlan_udp_encap_recv(struct sock *sk, struct sk_buff *skb) +{ + struct vxlan_handler *vh; + struct vxlan_sock *vs; + struct vxlanhdr *vxh; + + /* Need Vxlan and inner Ethernet header to be present */ + if (!pskb_may_pull(skb, VXLAN_HLEN)) + goto error; + + /* Return packets with reserved bits set */ + vxh = (struct vxlanhdr *)(udp_hdr(skb) + 1); + if (vxh->vx_flags != htonl(VXLAN_FLAGS) || + (vxh->vx_vni & htonl(0xff))) { + pr_warn("invalid vxlan flags=%#x vni=%#x\n", + ntohl(vxh->vx_flags), ntohl(vxh->vx_vni)); + goto error; + } + + if (iptunnel_pull_header(skb, VXLAN_HLEN, htons(ETH_P_TEB))) + goto drop; + + vs = vxlan_find_port(sock_net(sk), inet_sport(sk)); + if (!vs) + goto drop; + + list_for_each_entry_rcu(vh, &vs->handler_list, node) { + if (vh->rcv(vh, skb, vxh->vx_vni) == PACKET_RCVD) + return 0; + } + +drop: + /* Consume bad packet */ + kfree_skb(skb); + return 0; + +error: + /* Return non vxlan pkt */ + return 1; +} + +static void vxlan_sock_put(struct sk_buff *skb) +{ + sock_put(skb->sk); +} + +/* On transmit, associate with the tunnel socket */ +static void vxlan_set_owner(struct sock *sk, struct sk_buff *skb) +{ + skb_orphan(skb); + sock_hold(sk); + skb->sk = sk; + skb->destructor = vxlan_sock_put; +} + +/* Compute source port for outgoing packet + * first choice to use L4 flow hash since it will spread + * better and maybe available from hardware + * secondary choice is to use jhash on the Ethernet header + */ +__be16 vxlan_src_port(__u16 port_min, __u16 port_max, struct sk_buff *skb) +{ + unsigned int range = (port_max - port_min) + 1; + u32 hash; + + hash = skb_get_rxhash(skb); + if (!hash) + hash = jhash(skb->data, 2 * ETH_ALEN, + (__force u32) skb->protocol); + + return htons((((u64) hash * range) >> 32) + port_min); +} + +static void vxlan_gso(struct sk_buff *skb) +{ + int udp_offset = skb_transport_offset(skb); + struct udphdr *uh; + + uh = udp_hdr(skb); + uh->len = htons(skb->len - udp_offset); + + /* csum segment if tunnel sets skb with csum. */ + if (unlikely(uh->check)) { + struct iphdr *iph = ip_hdr(skb); + + uh->check = ~csum_tcpudp_magic(iph->saddr, iph->daddr, + skb->len - udp_offset, + IPPROTO_UDP, 0); + uh->check = csum_fold(skb_checksum(skb, udp_offset, + skb->len - udp_offset, 0)); + + if (uh->check == 0) + uh->check = CSUM_MANGLED_0; + + } + skb->ip_summed = CHECKSUM_NONE; +} + +static int handle_offloads(struct sk_buff *skb) +{ + if (skb_is_gso(skb)) { + OVS_GSO_CB(skb)->fix_segment = vxlan_gso; + } else { + if (skb->ip_summed != CHECKSUM_PARTIAL) + skb->ip_summed = CHECKSUM_NONE; + } + return 0; +} + +int vxlan_xmit_skb(struct net *net, struct vxlan_handler *vh, + struct rtable *rt, struct sk_buff *skb, + __be32 src, __be32 dst, __u8 tos, __u8 ttl, __be16 df, + __be16 src_port, __be16 dst_port, __be32 vni) +{ + struct vxlanhdr *vxh; + struct udphdr *uh; + int min_headroom; + int err; + + skb_reset_inner_headers(skb); + + min_headroom = LL_RESERVED_SPACE(rt_dst(rt).dev) + rt_dst(rt).header_len + + VXLAN_HLEN + sizeof(struct iphdr) + + (vlan_tx_tag_present(skb) ? VLAN_HLEN : 0); + + /* Need space for new headers (invalidates iph ptr) */ + err = skb_cow_head(skb, min_headroom); + if (unlikely(err)) + return err; + + if (unlikely(vlan_deaccel_tag(skb))) + return -ENOMEM; + + vxh = (struct vxlanhdr *) __skb_push(skb, sizeof(*vxh)); + vxh->vx_flags = htonl(VXLAN_FLAGS); + vxh->vx_vni = vni; + + __skb_push(skb, sizeof(*uh)); + skb_reset_transport_header(skb); + uh = udp_hdr(skb); + + uh->dest = dst_port; + uh->source = src_port; + + uh->len = htons(skb->len); + uh->check = 0; + + vxlan_set_owner(vh->vs->sock->sk, skb); + + err = handle_offloads(skb); + if (err) + return err; + + return iptunnel_xmit(net, rt, skb, src, dst, + IPPROTO_UDP, tos, ttl, df); +} + +static struct vxlan_sock *vxlan_socket_create(struct net *net, __be16 port) +{ + struct vxlan_sock *vs; + struct sock *sk; + struct sockaddr_in vxlan_addr = { + .sin_family = AF_INET, + .sin_addr.s_addr = htonl(INADDR_ANY), + .sin_port = port, + }; + int rc; + + vs = kmalloc(sizeof(*vs), GFP_KERNEL); + if (!vs) + return ERR_PTR(-ENOMEM); + + /* Create UDP socket for encapsulation receive. */ + rc = sock_create_kern(AF_INET, SOCK_DGRAM, IPPROTO_UDP, &vs->sock); + if (rc < 0) { + pr_debug("UDP socket create failed\n"); + kfree(vs); + return ERR_PTR(rc); + } + + /* Put in proper namespace */ + sk = vs->sock->sk; + sk_change_net(sk, net); + + rc = kernel_bind(vs->sock, (struct sockaddr *) &vxlan_addr, + sizeof(vxlan_addr)); + if (rc < 0) { + pr_debug("bind for UDP socket %pI4:%u (%d)\n", + &vxlan_addr.sin_addr, ntohs(vxlan_addr.sin_port), rc); + sk_release_kernel(sk); + kfree(vs); + return ERR_PTR(rc); + } + + /* Disable multicast loopback */ + inet_sk(sk)->mc_loop = 0; + INIT_LIST_HEAD(&vs->handler_list); + hlist_add_head_rcu(&vs->hlist, vs_head(net, port)); + + /* Mark socket as an encapsulation socket. */ + udp_sk(sk)->encap_type = 1; + udp_sk(sk)->encap_rcv = vxlan_udp_encap_recv; + udp_encap_enable(); + + return vs; +} + +static void rcu_free_vs_callback(struct rcu_head *rcu) +{ + struct vxlan_sock *vs = container_of(rcu, struct vxlan_sock, rcu); + + kfree(vs); +} + +static void vxlan_socket_del(struct vxlan_sock *vs) +{ + if (list_empty(&vs->handler_list)) { + hlist_del_rcu(&vs->hlist); + + sk_release_kernel(vs->sock->sk); + call_rcu(&vs->rcu, rcu_free_vs_callback); + } +} + +static int vxlan_init_module(void); +static void vxlan_cleanup_module(void); + +static void rcu_free_vh_callback(struct rcu_head *rcu) +{ + struct vxlan_handler *vh = container_of(rcu, struct vxlan_handler, rcu); + + kfree(vh); +} + +static void vh_del_work(struct work_struct *work) +{ + struct vxlan_handler *vh = container_of(work, struct vxlan_handler, del_work); + struct vxlan_sock *vs = vh->vs; + struct net *net = sock_net(vs->sock->sk); + struct vxlan_net *vn = net_generic(net, vxlan_net_id); + + mutex_lock(&vn->sock_lock); + + list_del_rcu(&vh->node); + call_rcu(&vh->rcu, rcu_free_vh_callback); + vxlan_socket_del(vs); + + mutex_unlock(&vn->sock_lock); + + vxlan_cleanup_module(); +} + +struct vxlan_handler *vxlan_handler_add(struct net *net, + __be16 portno, vxlan_rcv_t *rcv, + void *data, int priority, bool create) +{ + struct vxlan_net *vn; + struct vxlan_sock *vs; + struct vxlan_handler *vh; + struct vxlan_handler *new; + int err; + + err = vxlan_init_module(); + if (err) + return ERR_PTR(err); + + vn = net_generic(net, vxlan_net_id); + mutex_lock(&vn->sock_lock); + /* Look to see if can reuse socket */ + vs = vxlan_find_port(net, portno); + if (!vs) { + vs = vxlan_socket_create(net, portno); + if (IS_ERR(vs)) { + new = (void *) vs; + goto out; + } + } + + /* Try existing vxlan hanlders for this socket. */ + list_for_each_entry(vh, &vs->handler_list, node) { + if (vh->rcv == rcv) { + if (create) { + vxlan_socket_del(vs); + new = ERR_PTR(-EEXIST); + goto out; + } + atomic_inc(&vh->refcnt); + new = vh; + goto out; + } + } + + new = kzalloc(sizeof(*new), GFP_KERNEL); + if (!new) { + vxlan_socket_del(vs); + new = ERR_PTR(-ENOMEM); + goto out; + } + + new->rcv = rcv; + new->vs = vs; + atomic_set(&new->refcnt, 1); + INIT_WORK(&new->del_work, vh_del_work); + new->data = data; + new->priority = priority; + + list_for_each_entry(vh, &vs->handler_list, node) { + if (vh->priority > priority) { + list_add_tail_rcu(&new->node, &vh->node); + goto out; + } + } + + list_add_tail_rcu(&new->node, &vs->handler_list); +out: + mutex_unlock(&vn->sock_lock); + return new; +} + +void vxlan_handler_put(struct vxlan_handler *vh) +{ + BUG_ON(!vh->vs); + + if (atomic_dec_and_test(&vh->refcnt)) + queue_work(&vh->del_work); +} + +static __net_init int vxlan_init_net(struct net *net) +{ + struct vxlan_net *vn = net_generic(net, vxlan_net_id); + unsigned int h; + + mutex_init(&vn->sock_lock); + + for (h = 0; h < PORT_HASH_SIZE; ++h) + INIT_HLIST_HEAD(&vn->sock_list[h]); + + return 0; +} + +static struct pernet_operations vxlan_net_ops = { + .init = vxlan_init_net, + .id = &vxlan_net_id, + .size = sizeof(struct vxlan_net), +}; + +static int refcnt; +static DEFINE_MUTEX(init_lock); +DEFINE_COMPAT_PNET_REG_FUNC(device); + +static int vxlan_init_module(void) +{ + int err = 0; + + mutex_lock(&init_lock); + if (refcnt) + goto out; + err = register_pernet_device(&vxlan_net_ops); +out: + if (!err) + refcnt++; + mutex_unlock(&init_lock); + return err; +} + +static void vxlan_cleanup_module(void) +{ + mutex_lock(&init_lock); + refcnt--; + if (refcnt) + goto out; + unregister_pernet_device(&vxlan_net_ops); +out: + mutex_unlock(&init_lock); +} diff --git a/datapath/vport-vxlan.c b/datapath/vport-vxlan.c index 7ff51fdda..5546820e6 100644 --- a/datapath/vport-vxlan.c +++ b/datapath/vport-vxlan.c @@ -31,164 +31,60 @@ #include #include #include +#include +#include +#include +#include +#include +#include +#include +#include +#include #include "datapath.h" #include "tunnel.h" #include "vport.h" -#define VXLAN_FLAGS 0x08000000 /* struct vxlanhdr.vx_flags required value. */ - -/** - * struct vxlanhdr - VXLAN header - * @vx_flags: Must have the exact value %VXLAN_FLAGS. - * @vx_vni: VXLAN Network Identifier (VNI) in top 24 bits, low 8 bits zeroed. - */ -struct vxlanhdr { - __be32 vx_flags; - __be32 vx_vni; -}; - -#define VXLAN_HLEN (sizeof(struct udphdr) + sizeof(struct vxlanhdr)) +#define OVS_VXLAN_RCV_PRIORITY 8 /** * struct vxlan_port - Keeps track of open UDP ports - * @dst_port: vxlan UDP port no. - * @list: list element in @vxlan_ports. - * @vxlan_rcv_socket: The socket created for this port number. + * @vh: vxlan_handler created for the port. * @name: vport name. */ struct vxlan_port { - __be16 dst_port; - struct list_head list; - struct socket *vxlan_rcv_socket; + struct vxlan_handler *vh; char name[IFNAMSIZ]; }; -static LIST_HEAD(vxlan_ports); - static inline struct vxlan_port *vxlan_vport(const struct vport *vport) { return vport_priv(vport); } -static struct vxlan_port *vxlan_find_port(struct net *net, __be16 port) -{ - struct vxlan_port *vxlan_port; - - list_for_each_entry_rcu(vxlan_port, &vxlan_ports, list) { - - if (vxlan_port->dst_port == port && - net_eq(sock_net(vxlan_port->vxlan_rcv_socket->sk), net)) - return vxlan_port; - } - - return NULL; -} - -static inline struct vxlanhdr *vxlan_hdr(const struct sk_buff *skb) -{ - return (struct vxlanhdr *)(udp_hdr(skb) + 1); -} - -static void vxlan_build_header(const struct vport *vport, - struct sk_buff *skb, - int tunnel_hlen) -{ - struct vxlan_port *vxlan_port = vxlan_vport(vport); - struct udphdr *udph = udp_hdr(skb); - struct vxlanhdr *vxh = (struct vxlanhdr *)(udph + 1); - const struct ovs_key_ipv4_tunnel *tun_key = OVS_CB(skb)->tun_key; - - udph->dest = vxlan_port->dst_port; - udph->source = htons(ovs_tnl_get_src_port(skb)); - udph->check = 0; - udph->len = htons(skb->len - skb_transport_offset(skb)); - - vxh->vx_flags = htonl(VXLAN_FLAGS); - vxh->vx_vni = htonl(be64_to_cpu(tun_key->tun_id) << 8); -} - /* Called with rcu_read_lock and BH disabled. */ -static int vxlan_rcv(struct sock *sk, struct sk_buff *skb) +static int vxlan_rcv(struct vxlan_handler *vh, struct sk_buff *skb, __be32 vx_vni) { - struct vxlan_port *vxlan_vport; - struct vxlanhdr *vxh; + struct vport *vport = vh->data; struct iphdr *iph; struct ovs_key_ipv4_tunnel tun_key; __be64 key; - vxlan_vport = vxlan_find_port(dev_net(skb->dev), udp_hdr(skb)->dest); - if (unlikely(!vxlan_vport)) - goto error; - - if (unlikely(!pskb_may_pull(skb, VXLAN_HLEN + ETH_HLEN))) - goto error; - - vxh = vxlan_hdr(skb); - if (unlikely(vxh->vx_flags != htonl(VXLAN_FLAGS) || - vxh->vx_vni & htonl(0xff))) - goto error; - - skb_pull_rcsum(skb, VXLAN_HLEN); - - key = cpu_to_be64(ntohl(vxh->vx_vni) >> 8); - /* Save outer tunnel values */ iph = ip_hdr(skb); + key = cpu_to_be64(ntohl(vx_vni) >> 8); tnl_tun_key_init(&tun_key, iph, key, TUNNEL_KEY); - ovs_tnl_rcv(vport_from_priv(vxlan_vport), skb, &tun_key); - goto out; - -error: - kfree_skb(skb); -out: - return 0; -} - -/* Random value. Irrelevant as long as it's not 0 since we set the handler. */ -#define UDP_ENCAP_VXLAN 1 -static int vxlan_socket_init(struct vxlan_port *vxlan_port, struct net *net) -{ - struct sockaddr_in sin; - int err; - - err = sock_create_kern(AF_INET, SOCK_DGRAM, 0, - &vxlan_port->vxlan_rcv_socket); - if (err) - goto error; - - /* release net ref. */ - sk_change_net(vxlan_port->vxlan_rcv_socket->sk, net); - - sin.sin_family = AF_INET; - sin.sin_addr.s_addr = htonl(INADDR_ANY); - sin.sin_port = vxlan_port->dst_port; - - err = kernel_bind(vxlan_port->vxlan_rcv_socket, (struct sockaddr *)&sin, - sizeof(struct sockaddr_in)); - if (err) - goto error_sock; - - udp_sk(vxlan_port->vxlan_rcv_socket->sk)->encap_type = UDP_ENCAP_VXLAN; - udp_sk(vxlan_port->vxlan_rcv_socket->sk)->encap_rcv = vxlan_rcv; - - udp_encap_enable(); - - return 0; - -error_sock: - sk_release_kernel(vxlan_port->vxlan_rcv_socket->sk); -error: - pr_warn("cannot register vxlan protocol handler\n"); - return err; + ovs_vport_receive(vport, skb, &tun_key); + return PACKET_RCVD; } static int vxlan_get_options(const struct vport *vport, struct sk_buff *skb) { struct vxlan_port *vxlan_port = vxlan_vport(vport); + __be16 dst_port = inet_sport(vxlan_port->vh->vs->sock->sk); - if (nla_put_u16(skb, OVS_TUNNEL_ATTR_DST_PORT, ntohs(vxlan_port->dst_port))) + if (nla_put_u16(skb, OVS_TUNNEL_ATTR_DST_PORT, ntohs(dst_port))) return -EMSGSIZE; return 0; } @@ -197,9 +93,7 @@ static void vxlan_tnl_destroy(struct vport *vport) { struct vxlan_port *vxlan_port = vxlan_vport(vport); - list_del_rcu(&vxlan_port->list); - /* Release socket */ - sk_release_kernel(vxlan_port->vxlan_rcv_socket->sk); + vxlan_handler_put(vxlan_port->vh); ovs_vport_deferred_free(vport); } @@ -209,10 +103,11 @@ static struct vport *vxlan_tnl_create(const struct vport_parms *parms) struct net *net = ovs_dp_get_net(parms->dp); struct nlattr *options = parms->options; struct vxlan_port *vxlan_port; + struct vxlan_handler *vh; struct vport *vport; struct nlattr *a; - int err; u16 dst_port; + int err; if (!options) { err = -EINVAL; @@ -227,41 +122,79 @@ static struct vport *vxlan_tnl_create(const struct vport_parms *parms) goto error; } - /* Verify if we already have a socket created for this port */ - if (vxlan_find_port(net, htons(dst_port))) { - err = -EEXIST; - goto error; - } - vport = ovs_vport_alloc(sizeof(struct vxlan_port), &ovs_vxlan_vport_ops, parms); if (IS_ERR(vport)) return vport; vxlan_port = vxlan_vport(vport); - vxlan_port->dst_port = htons(dst_port); strncpy(vxlan_port->name, parms->name, IFNAMSIZ); - err = vxlan_socket_init(vxlan_port, net); - if (err) - goto error_free; + vh = vxlan_handler_add(net, htons(dst_port), vxlan_rcv, + vport, OVS_VXLAN_RCV_PRIORITY, true); + if (IS_ERR(vh)) { + ovs_vport_free(vport); + return (void *)vh; + } + vxlan_port->vh = vh; - list_add_tail_rcu(&vxlan_port->list, &vxlan_ports); return vport; -error_free: - ovs_vport_free(vport); error: return ERR_PTR(err); } static int vxlan_tnl_send(struct vport *vport, struct sk_buff *skb) { - if (unlikely(!OVS_CB(skb)->tun_key)) - return -EINVAL; + struct vxlan_port *vxlan_port = vxlan_vport(vport); + __be16 dst_port = inet_sport(vxlan_port->vh->vs->sock->sk); + struct net *net = ovs_dp_get_net(vport->dp); + struct rtable *rt; + __be16 src_port; + __be32 saddr; + __be16 df; + int port_min; + int port_max; + int err; + + if (unlikely(!OVS_CB(skb)->tun_key)) { + err = -EINVAL; + goto error; + } - return ovs_tnl_send(vport, skb, IPPROTO_UDP, - VXLAN_HLEN, vxlan_build_header); + forward_ip_summed(skb, true); + + /* Route lookup */ + saddr = OVS_CB(skb)->tun_key->ipv4_src; + rt = find_route(ovs_dp_get_net(vport->dp), + &saddr, + OVS_CB(skb)->tun_key->ipv4_dst, + IPPROTO_UDP, + OVS_CB(skb)->tun_key->ipv4_tos, + skb_get_mark(skb)); + if (IS_ERR(rt)) { + err = PTR_ERR(rt); + goto error; + } + + df = OVS_CB(skb)->tun_key->tun_flags & TUNNEL_DONT_FRAGMENT ? + htons(IP_DF) : 0; + + skb->local_df = 1; + + inet_get_local_port_range(&port_min, &port_max); + src_port = vxlan_src_port(port_min, port_max, skb); + + err = vxlan_xmit_skb(net, vxlan_port->vh, rt, skb, + saddr, OVS_CB(skb)->tun_key->ipv4_dst, + OVS_CB(skb)->tun_key->ipv4_tos, + OVS_CB(skb)->tun_key->ipv4_ttl, df, + src_port, dst_port, + htonl(be64_to_cpu(OVS_CB(skb)->tun_key->tun_id) << 8)); + if (err < 0) + ip_rt_put(rt); +error: + return err; } static const char *vxlan_get_name(const struct vport *vport)