2 * Distributed under the terms of the GNU GPL version 2.
3 * Copyright (c) 2007, 2008 The Board of Trustees of The Leland
4 * Stanford Junior University
7 /* Functions for executing OpenFlow actions. */
9 #include <linux/skbuff.h>
12 #include <linux/tcp.h>
13 #include <linux/udp.h>
14 #include <linux/in6.h>
15 #include <linux/if_vlan.h>
16 #include <net/checksum.h>
19 #include "nicira-ext.h"
22 static int make_writable(struct sk_buff **);
26 validate_output(struct datapath *dp, const struct sw_flow_key *key,
27 const struct ofp_action_header *ah)
29 struct ofp_action_output *oa = (struct ofp_action_output *)ah;
31 if (oa->port == htons(OFPP_NONE) || oa->port == key->in_port)
32 return OFPBAC_BAD_OUT_PORT;
34 return ACT_VALIDATION_OK;
38 do_output(struct datapath *dp, struct sk_buff *skb, size_t max_len,
39 int out_port, int ignore_no_fwd)
43 return (likely(out_port != OFPP_CONTROLLER)
44 ? dp_output_port(dp, skb, out_port, ignore_no_fwd)
45 : dp_output_control(dp, skb, fwd_save_skb(skb),
46 max_len, OFPR_ACTION));
50 static struct sk_buff *
51 vlan_pull_tag(struct sk_buff *skb)
53 struct vlan_ethhdr *vh = vlan_eth_hdr(skb);
57 /* Verify we were given a vlan packet */
58 if (vh->h_vlan_proto != htons(ETH_P_8021Q))
61 memmove(skb->data + VLAN_HLEN, skb->data, 2 * VLAN_ETH_ALEN);
63 eh = (struct ethhdr *)skb_pull(skb, VLAN_HLEN);
65 skb->protocol = eh->h_proto;
66 skb->mac_header += VLAN_HLEN;
72 static struct sk_buff *
73 modify_vlan_tci(struct sk_buff *skb, struct sw_flow_key *key,
74 uint16_t tci, uint16_t mask)
76 struct vlan_ethhdr *vh = vlan_eth_hdr(skb);
78 if (key->dl_vlan != htons(OFP_VLAN_NONE)) {
79 /* Modify vlan id, but maintain other TCI values */
80 vh->h_vlan_TCI = (vh->h_vlan_TCI & ~(htons(mask))) | htons(tci);
84 /* xxx The vlan_put_tag function, doesn't seem to work
85 * xxx reliably when it attempts to use the hardware-accelerated
86 * xxx version. We'll directly use the software version
87 * xxx until the problem can be diagnosed.
89 skb = __vlan_put_tag(skb, tci);
90 vh = vlan_eth_hdr(skb);
92 key->dl_vlan = vh->h_vlan_TCI & htons(VLAN_VID_MASK);
97 static struct sk_buff *
98 set_vlan_vid(struct sk_buff *skb, struct sw_flow_key *key,
99 const struct ofp_action_header *ah)
101 struct ofp_action_vlan_vid *va = (struct ofp_action_vlan_vid *)ah;
102 uint16_t tci = ntohs(va->vlan_vid);
104 return modify_vlan_tci(skb, key, tci, VLAN_VID_MASK);
107 /* Mask for the priority bits in a vlan header. The kernel doesn't
108 * define this like it does for VID. */
109 #define VLAN_PCP_MASK 0xe000
111 static struct sk_buff *
112 set_vlan_pcp(struct sk_buff *skb, struct sw_flow_key *key,
113 const struct ofp_action_header *ah)
115 struct ofp_action_vlan_pcp *va = (struct ofp_action_vlan_pcp *)ah;
116 uint16_t tci = (uint16_t)va->vlan_pcp << 13;
118 return modify_vlan_tci(skb, key, tci, VLAN_PCP_MASK);
121 static struct sk_buff *
122 strip_vlan(struct sk_buff *skb, struct sw_flow_key *key,
123 const struct ofp_action_header *ah)
126 key->dl_vlan = htons(OFP_VLAN_NONE);
131 static struct sk_buff *
132 set_dl_addr(struct sk_buff *skb, struct sw_flow_key *key,
133 const struct ofp_action_header *ah)
135 struct ofp_action_dl_addr *da = (struct ofp_action_dl_addr *)ah;
136 struct ethhdr *eh = eth_hdr(skb);
138 if (da->type == htons(OFPAT_SET_DL_SRC))
139 memcpy(eh->h_source, da->dl_addr, sizeof eh->h_source);
141 memcpy(eh->h_dest, da->dl_addr, sizeof eh->h_dest);
146 /* Updates 'sum', which is a field in 'skb''s data, given that a 4-byte field
147 * covered by the sum has been changed from 'from' to 'to'. If set,
148 * 'pseudohdr' indicates that the field is in the TCP or UDP pseudo-header.
149 * Based on nf_proto_csum_replace4. */
150 static void update_csum(__sum16 *sum, struct sk_buff *skb,
151 __be32 from, __be32 to, int pseudohdr)
153 __be32 diff[] = { ~from, to };
154 if (skb->ip_summed != CHECKSUM_PARTIAL) {
155 *sum = csum_fold(csum_partial((char *)diff, sizeof(diff),
156 ~csum_unfold(*sum)));
157 if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr)
158 skb->csum = ~csum_partial((char *)diff, sizeof(diff),
160 } else if (pseudohdr)
161 *sum = ~csum_fold(csum_partial((char *)diff, sizeof(diff),
165 static struct sk_buff *
166 set_nw_addr(struct sk_buff *skb, struct sw_flow_key *key,
167 const struct ofp_action_header *ah)
169 struct ofp_action_nw_addr *na = (struct ofp_action_nw_addr *)ah;
170 uint16_t eth_proto = ntohs(key->dl_type);
172 if (eth_proto == ETH_P_IP) {
173 struct iphdr *nh = ip_hdr(skb);
174 uint32_t new, *field;
178 if (ah->type == htons(OFPAT_SET_NW_SRC))
183 if (key->nw_proto == IPPROTO_TCP) {
184 struct tcphdr *th = tcp_hdr(skb);
185 update_csum(&th->check, skb, *field, new, 1);
186 } else if (key->nw_proto == IPPROTO_UDP) {
187 struct udphdr *th = udp_hdr(skb);
188 update_csum(&th->check, skb, *field, new, 1);
190 update_csum(&nh->check, skb, *field, new, 0);
197 static struct sk_buff *
198 set_tp_port(struct sk_buff *skb, struct sw_flow_key *key,
199 const struct ofp_action_header *ah)
201 struct ofp_action_tp_port *ta = (struct ofp_action_tp_port *)ah;
202 uint16_t eth_proto = ntohs(key->dl_type);
204 if (eth_proto == ETH_P_IP) {
205 uint16_t new, *field;
209 if (key->nw_proto == IPPROTO_TCP) {
210 struct tcphdr *th = tcp_hdr(skb);
212 if (ah->type == htons(OFPAT_SET_TP_SRC))
217 update_csum(&th->check, skb, *field, new, 1);
219 } else if (key->nw_proto == IPPROTO_UDP) {
220 struct udphdr *th = udp_hdr(skb);
222 if (ah->type == htons(OFPAT_SET_TP_SRC))
227 update_csum(&th->check, skb, *field, new, 1);
235 struct openflow_action {
238 uint16_t (*validate)(struct datapath *dp,
239 const struct sw_flow_key *key,
240 const struct ofp_action_header *ah);
241 struct sk_buff *(*execute)(struct sk_buff *skb,
242 struct sw_flow_key *key,
243 const struct ofp_action_header *ah);
246 static const struct openflow_action of_actions[] = {
248 sizeof(struct ofp_action_output),
249 sizeof(struct ofp_action_output),
251 NULL /* This is optimized into execute_actions */
253 [OFPAT_SET_VLAN_VID] = {
254 sizeof(struct ofp_action_vlan_vid),
255 sizeof(struct ofp_action_vlan_vid),
259 [OFPAT_SET_VLAN_PCP] = {
260 sizeof(struct ofp_action_vlan_pcp),
261 sizeof(struct ofp_action_vlan_pcp),
265 [OFPAT_STRIP_VLAN] = {
266 sizeof(struct ofp_action_header),
267 sizeof(struct ofp_action_header),
271 [OFPAT_SET_DL_SRC] = {
272 sizeof(struct ofp_action_dl_addr),
273 sizeof(struct ofp_action_dl_addr),
277 [OFPAT_SET_DL_DST] = {
278 sizeof(struct ofp_action_dl_addr),
279 sizeof(struct ofp_action_dl_addr),
283 [OFPAT_SET_NW_SRC] = {
284 sizeof(struct ofp_action_nw_addr),
285 sizeof(struct ofp_action_nw_addr),
289 [OFPAT_SET_NW_DST] = {
290 sizeof(struct ofp_action_nw_addr),
291 sizeof(struct ofp_action_nw_addr),
295 [OFPAT_SET_TP_SRC] = {
296 sizeof(struct ofp_action_tp_port),
297 sizeof(struct ofp_action_tp_port),
301 [OFPAT_SET_TP_DST] = {
302 sizeof(struct ofp_action_tp_port),
303 sizeof(struct ofp_action_tp_port),
307 /* OFPAT_VENDOR is not here, since it would blow up the array size. */
310 /* Validate built-in OpenFlow actions. Either returns ACT_VALIDATION_OK
311 * or an OFPET_BAD_ACTION error code. */
313 validate_ofpat(struct datapath *dp, const struct sw_flow_key *key,
314 const struct ofp_action_header *ah, uint16_t type, uint16_t len)
316 int ret = ACT_VALIDATION_OK;
317 const struct openflow_action *act = &of_actions[type];
319 if ((len < act->min_size) || (len > act->max_size))
320 return OFPBAC_BAD_LEN;
323 ret = act->validate(dp, key, ah);
328 /* Validate vendor-defined actions. Either returns ACT_VALIDATION_OK
329 * or an OFPET_BAD_ACTION error code. */
331 validate_vendor(struct datapath *dp, const struct sw_flow_key *key,
332 const struct ofp_action_header *ah, uint16_t len)
334 struct ofp_action_vendor_header *avh;
335 int ret = ACT_VALIDATION_OK;
337 if (len < sizeof(struct ofp_action_vendor_header))
338 return OFPBAC_BAD_LEN;
340 avh = (struct ofp_action_vendor_header *)ah;
342 switch(ntohl(avh->vendor)) {
344 ret = nx_validate_act(dp, key, avh, len);
348 return OFPBAC_BAD_VENDOR;
354 /* Validates a list of actions. If a problem is found, a code for the
355 * OFPET_BAD_ACTION error type is returned. If the action list validates,
356 * ACT_VALIDATION_OK is returned. */
358 validate_actions(struct datapath *dp, const struct sw_flow_key *key,
359 const struct ofp_action_header *actions, size_t actions_len)
361 uint8_t *p = (uint8_t *)actions;
364 while (actions_len >= sizeof(struct ofp_action_header)) {
365 struct ofp_action_header *ah = (struct ofp_action_header *)p;
366 size_t len = ntohs(ah->len);
369 /* Make there's enough remaining data for the specified length
370 * and that the action length is a multiple of 64 bits. */
371 if ((actions_len < len) || (len % 8) != 0)
372 return OFPBAC_BAD_LEN;
374 type = ntohs(ah->type);
375 if (type < ARRAY_SIZE(of_actions)) {
376 err = validate_ofpat(dp, key, ah, type, len);
377 if (err != ACT_VALIDATION_OK)
379 } else if (type == OFPAT_VENDOR) {
380 err = validate_vendor(dp, key, ah, len);
381 if (err != ACT_VALIDATION_OK)
384 return OFPBAC_BAD_TYPE;
390 /* Check if there's any trailing garbage. */
391 if (actions_len != 0)
392 return OFPBAC_BAD_LEN;
394 return ACT_VALIDATION_OK;
397 /* Execute a built-in OpenFlow action against 'skb'. */
398 static struct sk_buff *
399 execute_ofpat(struct sk_buff *skb, struct sw_flow_key *key,
400 const struct ofp_action_header *ah, uint16_t type)
402 const struct openflow_action *act = &of_actions[type];
405 if (!make_writable(&skb)) {
407 printk("make_writable failed\n");
410 skb = act->execute(skb, key, ah);
416 /* Execute a vendor-defined action against 'skb'. */
417 static struct sk_buff *
418 execute_vendor(struct sk_buff *skb, const struct sw_flow_key *key,
419 const struct ofp_action_header *ah)
421 struct ofp_action_vendor_header *avh
422 = (struct ofp_action_vendor_header *)ah;
424 /* NB: If changes need to be made to the packet, a call should be
425 * made to make_writable or its equivalent first. */
427 switch(ntohl(avh->vendor)) {
429 skb = nx_execute_act(skb, key, avh);
433 /* This should not be possible due to prior validation. */
435 printk("attempt to execute action with unknown vendor: %#x\n",
443 /* Execute a list of actions against 'skb'. */
444 void execute_actions(struct datapath *dp, struct sk_buff *skb,
445 struct sw_flow_key *key,
446 const struct ofp_action_header *actions, size_t actions_len,
449 /* Every output action needs a separate clone of 'skb', but the common
450 * case is just a single output action, so that doing a clone and
451 * then freeing the original skbuff is wasteful. So the following code
452 * is slightly obscure just to avoid that. */
454 size_t max_len=0; /* Initialze to make compiler happy */
455 uint8_t *p = (uint8_t *)actions;
459 /* The action list was already validated, so we can be a bit looser
460 * in our sanity-checking. */
461 while (actions_len > 0) {
462 struct ofp_action_header *ah = (struct ofp_action_header *)p;
463 size_t len = htons(ah->len);
465 if (prev_port != -1) {
466 do_output(dp, skb_clone(skb, GFP_ATOMIC),
467 max_len, prev_port, ignore_no_fwd);
471 if (likely(ah->type == htons(OFPAT_OUTPUT))) {
472 struct ofp_action_output *oa = (struct ofp_action_output *)p;
473 prev_port = ntohs(oa->port);
474 max_len = ntohs(oa->max_len);
476 uint16_t type = ntohs(ah->type);
478 if (type < ARRAY_SIZE(of_actions))
479 skb = execute_ofpat(skb, key, ah, type);
480 else if (type == OFPAT_VENDOR)
481 skb = execute_vendor(skb, key, ah);
485 printk("execute_actions lost skb\n");
494 do_output(dp, skb, max_len, prev_port, ignore_no_fwd);
499 /* Utility functions. */
501 /* Makes '*pskb' writable, possibly copying it and setting '*pskb' to point to
503 * Returns 1 if successful, 0 on failure. */
505 make_writable(struct sk_buff **pskb)
507 /* Based on skb_make_writable() in net/netfilter/core.c. */
508 struct sk_buff *nskb;
510 /* Not exclusive use of packet? Must copy. */
511 if (skb_shared(*pskb) || skb_cloned(*pskb))
514 return pskb_may_pull(*pskb, 40); /* FIXME? */
517 nskb = skb_copy(*pskb, GFP_ATOMIC);
520 BUG_ON(skb_is_nonlinear(nskb));
522 /* Rest of kernel will get very unhappy if we pass it a
523 suddenly-orphaned skbuff */
525 skb_set_owner_w(nskb, (*pskb)->sk);