datapath: Fix MPLS action validation.

Linux stack do not allow GSO for packet with multiple
encapsulations.  Therefore there was check in MPLS action
validation to detect such case, But it is better to add
such check at run time to detect such cases.
Removing this check also fixes bug in action copy to no skip
multiple set actions.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Reported-by: Srinivas Neginhal <sneginha@vmware.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Bug #1367702

diff --git a/datapath/flow_netlink.c b/datapath/flow_netlink.c
index 4aae305..c611e71 100644 (file)
--- a/datapath/flow_netlink.c
+++ b/datapath/flow_netlink.c
@@ -1764,7 +1764,6 @@ static int __ovs_nla_copy_actions(const struct nlattr *attr,
                                  __be16 eth_type, __be16 vlan_tci, bool log)
 {
        const struct nlattr *a;
-       bool out_tnl_port = false;
        int rem, err;
 
        if (depth >= SAMPLE_ACTION_DEPTH)
@@ -1807,7 +1806,6 @@ static int __ovs_nla_copy_actions(const struct nlattr *attr,
                case OVS_ACTION_ATTR_OUTPUT:
                        if (nla_get_u32(a) >= DP_MAX_PORTS)
                                return -EINVAL;
-                       out_tnl_port = false;
 
                        break;
 
@@ -1843,14 +1841,9 @@ static int __ovs_nla_copy_actions(const struct nlattr *attr,
                case OVS_ACTION_ATTR_PUSH_MPLS: {
                        const struct ovs_action_push_mpls *mpls = nla_data(a);
 
-                       /* Networking stack do not allow simultaneous Tunnel
-                        * and MPLS GSO.
-                        */
-                       if (out_tnl_port)
-                               return -EINVAL;
-
                        if (!eth_p_mpls(mpls->mpls_ethertype))
                                return -EINVAL;
+
                        /* Prohibit push MPLS other than to a white list
                         * for packets that have a known tag order.
                         */
@@ -1884,11 +1877,9 @@ static int __ovs_nla_copy_actions(const struct nlattr *attr,
 
                case OVS_ACTION_ATTR_SET:
                        err = validate_set(a, key, sfa,
-                                          &out_tnl_port, eth_type, log);
+                                          &skip_copy, eth_type, log);
                        if (err)
                                return err;
-
-                       skip_copy = out_tnl_port;
                        break;
 
                case OVS_ACTION_ATTR_SAMPLE:

diff --git a/datapath/linux/compat/include/net/gre.h b/datapath/linux/compat/include/net/gre.h
index b4bf2f1..494702e 100644 (file)
--- a/datapath/linux/compat/include/net/gre.h
+++ b/datapath/linux/compat/include/net/gre.h
@@ -107,7 +107,8 @@ static inline int ip_gre_calc_hlen(__be16 o_flags)
 static inline struct sk_buff *rpl_gre_handle_offloads(struct sk_buff *skb,
                                                  bool gre_csum)
 {
-       if (skb->encapsulation && skb_is_gso(skb)) {
+       if ((ovs_skb_get_inner_protocol(skb) || skb->encapsulation) &&
+           skb_is_gso(skb)) {
                kfree_skb(skb);
                return ERR_PTR(-ENOSYS);
        }

diff --git a/datapath/linux/compat/include/net/vxlan.h b/datapath/linux/compat/include/net/vxlan.h
index 099d824..84afe53 100644 (file)
--- a/datapath/linux/compat/include/net/vxlan.h
+++ b/datapath/linux/compat/include/net/vxlan.h
@@ -15,7 +15,8 @@ static inline int rpl_vxlan_xmit_skb(struct vxlan_sock *vs,
                    __be32 src, __be32 dst, __u8 tos, __u8 ttl, __be16 df,
                    __be16 src_port, __be16 dst_port, __be32 vni)
 {
-       if (skb->encapsulation && skb_is_gso(skb)) {
+       if ((ovs_skb_get_inner_protocol(skb) || skb->encapsulation) &&
+            skb_is_gso(skb)) {
                kfree_skb(skb);
                return -ENOSYS;
        }

diff --git a/datapath/vport-lisp.c b/datapath/vport-lisp.c
index f3d450f..1eaeddb 100644 (file)
--- a/datapath/vport-lisp.c
+++ b/datapath/vport-lisp.c
@@ -417,7 +417,8 @@ static int handle_offloads(struct sk_buff *skb)
 #else
 static int handle_offloads(struct sk_buff *skb)
 {
-       if (skb->encapsulation && skb_is_gso(skb)) {
+       if ((ovs_skb_get_inner_protocol(skb) || skb->encapsulation) &&
+           skb_is_gso(skb)) {
                kfree_skb(skb);
                return -ENOSYS;
        }