+static void
+netdev_vport_run(void)
+{
+ route_table_run();
+}
+
+static void
+netdev_vport_wait(void)
+{
+ route_table_wait();
+}
+\f
+/* get_tnl_iface() implementation. */
+static const char *
+netdev_vport_get_tnl_iface(const struct netdev *netdev)
+{
+ struct nlattr *a[OVS_TUNNEL_ATTR_MAX + 1];
+ ovs_be32 route;
+ struct netdev_dev_vport *ndv;
+ static char name[IFNAMSIZ];
+
+ ndv = netdev_dev_vport_cast(netdev_get_dev(netdev));
+ if (tnl_port_config_from_nlattr(ndv->options->data, ndv->options->size,
+ a)) {
+ return NULL;
+ }
+ route = nl_attr_get_be32(a[OVS_TUNNEL_ATTR_DST_IPV4]);
+
+ if (route_table_get_name(route, name)) {
+ return name;
+ }
+
+ return NULL;
+}
+\f
+/* Helper functions. */
+
+static void
+netdev_vport_poll_notify(const struct netdev *netdev)
+{
+ struct netdev_dev_vport *ndv;
+
+ ndv = netdev_dev_vport_cast(netdev_get_dev(netdev));
+
+ ndv->change_seq++;
+ if (!ndv->change_seq) {
+ ndv->change_seq++;
+ }
+}
+\f
+/* Code specific to individual vport types. */
+
+static void
+set_key(const struct smap *args, const char *name, uint16_t type,
+ struct ofpbuf *options)
+{
+ const char *s;
+
+ s = smap_get(args, name);
+ if (!s) {
+ s = smap_get(args, "key");
+ if (!s) {
+ s = "0";
+ }
+ }
+
+ if (!strcmp(s, "flow")) {
+ /* This is the default if no attribute is present. */
+ } else {
+ nl_msg_put_be64(options, type, htonll(strtoull(s, NULL, 0)));
+ }
+}
+
+static int
+parse_tunnel_config(const char *name, const char *type,
+ const struct smap *args, struct ofpbuf *options)
+{
+ bool is_gre = false;
+ bool is_ipsec = false;
+ struct smap_node *node;
+ bool ipsec_mech_set = false;
+ ovs_be32 daddr = htonl(0);
+ ovs_be32 saddr = htonl(0);
+ uint32_t flags;
+
+ flags = TNL_F_DF_DEFAULT | TNL_F_PMTUD | TNL_F_HDR_CACHE;
+ if (!strcmp(type, "gre")) {
+ is_gre = true;
+ } else if (!strcmp(type, "ipsec_gre")) {
+ is_gre = true;
+ is_ipsec = true;
+ flags |= TNL_F_IPSEC;
+ flags &= ~TNL_F_HDR_CACHE;
+ }
+
+ SMAP_FOR_EACH (node, args) {
+ if (!strcmp(node->key, "remote_ip")) {
+ struct in_addr in_addr;
+ if (lookup_ip(node->value, &in_addr)) {
+ VLOG_WARN("%s: bad %s 'remote_ip'", name, type);
+ } else {
+ daddr = in_addr.s_addr;
+ }
+ } else if (!strcmp(node->key, "local_ip")) {
+ struct in_addr in_addr;
+ if (lookup_ip(node->value, &in_addr)) {
+ VLOG_WARN("%s: bad %s 'local_ip'", name, type);
+ } else {
+ saddr = in_addr.s_addr;
+ }
+ } else if (!strcmp(node->key, "tos")) {
+ if (!strcmp(node->value, "inherit")) {
+ flags |= TNL_F_TOS_INHERIT;
+ } else {
+ char *endptr;
+ int tos;
+ tos = strtol(node->value, &endptr, 0);
+ if (*endptr == '\0') {
+ nl_msg_put_u8(options, OVS_TUNNEL_ATTR_TOS, tos);
+ }
+ }
+ } else if (!strcmp(node->key, "ttl")) {
+ if (!strcmp(node->value, "inherit")) {
+ flags |= TNL_F_TTL_INHERIT;
+ } else {
+ nl_msg_put_u8(options, OVS_TUNNEL_ATTR_TTL, atoi(node->value));
+ }
+ } else if (!strcmp(node->key, "csum") && is_gre) {
+ if (!strcmp(node->value, "true")) {
+ flags |= TNL_F_CSUM;
+ }
+ } else if (!strcmp(node->key, "df_inherit")) {
+ if (!strcmp(node->value, "true")) {
+ flags |= TNL_F_DF_INHERIT;
+ }
+ } else if (!strcmp(node->key, "df_default")) {
+ if (!strcmp(node->value, "false")) {
+ flags &= ~TNL_F_DF_DEFAULT;
+ }
+ } else if (!strcmp(node->key, "pmtud")) {
+ if (!strcmp(node->value, "false")) {
+ flags &= ~TNL_F_PMTUD;
+ }
+ } else if (!strcmp(node->key, "header_cache")) {
+ if (!strcmp(node->value, "false")) {
+ flags &= ~TNL_F_HDR_CACHE;
+ }
+ } else if (!strcmp(node->key, "peer_cert") && is_ipsec) {
+ if (smap_get(args, "certificate")) {
+ ipsec_mech_set = true;
+ } else {
+ const char *use_ssl_cert;
+
+ /* If the "use_ssl_cert" is true, then "certificate" and
+ * "private_key" will be pulled from the SSL table. The
+ * use of this option is strongly discouraged, since it
+ * will like be removed when multiple SSL configurations
+ * are supported by OVS.
+ */
+ use_ssl_cert = smap_get(args, "use_ssl_cert");
+ if (!use_ssl_cert || strcmp(use_ssl_cert, "true")) {
+ VLOG_ERR("%s: 'peer_cert' requires 'certificate' argument",
+ name);
+ return EINVAL;
+ }
+ ipsec_mech_set = true;
+ }
+ } else if (!strcmp(node->key, "psk") && is_ipsec) {
+ ipsec_mech_set = true;
+ } else if (is_ipsec
+ && (!strcmp(node->key, "certificate")
+ || !strcmp(node->key, "private_key")
+ || !strcmp(node->key, "use_ssl_cert"))) {
+ /* Ignore options not used by the netdev. */
+ } else if (!strcmp(node->key, "key") ||
+ !strcmp(node->key, "in_key") ||
+ !strcmp(node->key, "out_key")) {
+ /* Handled separately below. */
+ } else {
+ VLOG_WARN("%s: unknown %s argument '%s'", name, type, node->key);
+ }
+ }
+
+ if (is_ipsec) {
+ static pid_t pid = 0;
+ if (pid <= 0) {
+ char *file_name = xasprintf("%s/%s", ovs_rundir(),
+ "ovs-monitor-ipsec.pid");
+ pid = read_pidfile(file_name);
+ free(file_name);
+ }
+
+ if (pid < 0) {
+ VLOG_ERR("%s: IPsec requires the ovs-monitor-ipsec daemon",
+ name);
+ return EINVAL;
+ }
+
+ if (smap_get(args, "peer_cert") && smap_get(args, "psk")) {
+ VLOG_ERR("%s: cannot define both 'peer_cert' and 'psk'", name);
+ return EINVAL;
+ }
+
+ if (!ipsec_mech_set) {
+ VLOG_ERR("%s: IPsec requires an 'peer_cert' or psk' argument",
+ name);
+ return EINVAL;
+ }
+ }
+
+ set_key(args, "in_key", OVS_TUNNEL_ATTR_IN_KEY, options);
+ set_key(args, "out_key", OVS_TUNNEL_ATTR_OUT_KEY, options);
+
+ if (!daddr) {
+ VLOG_ERR("%s: %s type requires valid 'remote_ip' argument",
+ name, type);
+ return EINVAL;
+ }
+ nl_msg_put_be32(options, OVS_TUNNEL_ATTR_DST_IPV4, daddr);
+
+ if (saddr) {
+ if (ip_is_multicast(daddr)) {
+ VLOG_WARN("%s: remote_ip is multicast, ignoring local_ip", name);
+ } else {
+ nl_msg_put_be32(options, OVS_TUNNEL_ATTR_SRC_IPV4, saddr);
+ }
+ }
+
+ nl_msg_put_u32(options, OVS_TUNNEL_ATTR_FLAGS, flags);
+
+ return 0;
+}
+
+static int
+tnl_port_config_from_nlattr(const struct nlattr *options, size_t options_len,
+ struct nlattr *a[OVS_TUNNEL_ATTR_MAX + 1])
+{
+ static const struct nl_policy ovs_tunnel_policy[] = {
+ [OVS_TUNNEL_ATTR_FLAGS] = { .type = NL_A_U32 },
+ [OVS_TUNNEL_ATTR_DST_IPV4] = { .type = NL_A_BE32 },
+ [OVS_TUNNEL_ATTR_SRC_IPV4] = { .type = NL_A_BE32, .optional = true },
+ [OVS_TUNNEL_ATTR_IN_KEY] = { .type = NL_A_BE64, .optional = true },
+ [OVS_TUNNEL_ATTR_OUT_KEY] = { .type = NL_A_BE64, .optional = true },
+ [OVS_TUNNEL_ATTR_TOS] = { .type = NL_A_U8, .optional = true },
+ [OVS_TUNNEL_ATTR_TTL] = { .type = NL_A_U8, .optional = true },
+ };
+ struct ofpbuf buf;
+
+ ofpbuf_use_const(&buf, options, options_len);
+ if (!nl_policy_parse(&buf, 0, ovs_tunnel_policy,
+ a, ARRAY_SIZE(ovs_tunnel_policy))) {
+ return EINVAL;
+ }
+ return 0;
+}
+
+static uint64_t
+get_be64_or_zero(const struct nlattr *a)
+{
+ return a ? ntohll(nl_attr_get_be64(a)) : 0;
+}
+
+static int
+unparse_tunnel_config(const char *name OVS_UNUSED, const char *type OVS_UNUSED,
+ const struct nlattr *options, size_t options_len,
+ struct smap *args)
+{
+ struct nlattr *a[OVS_TUNNEL_ATTR_MAX + 1];
+ ovs_be32 daddr;
+ uint32_t flags;
+ int error;
+
+ error = tnl_port_config_from_nlattr(options, options_len, a);
+ if (error) {
+ return error;
+ }
+
+ flags = nl_attr_get_u32(a[OVS_TUNNEL_ATTR_FLAGS]);
+ if (!(flags & TNL_F_HDR_CACHE) == !(flags & TNL_F_IPSEC)) {
+ smap_add(args, "header_cache",
+ flags & TNL_F_HDR_CACHE ? "true" : "false");
+ }
+
+ daddr = nl_attr_get_be32(a[OVS_TUNNEL_ATTR_DST_IPV4]);
+ smap_add_format(args, "remote_ip", IP_FMT, IP_ARGS(&daddr));
+
+ if (a[OVS_TUNNEL_ATTR_SRC_IPV4]) {
+ ovs_be32 saddr = nl_attr_get_be32(a[OVS_TUNNEL_ATTR_SRC_IPV4]);
+ smap_add_format(args, "local_ip", IP_FMT, IP_ARGS(&saddr));
+ }
+
+ if (!a[OVS_TUNNEL_ATTR_IN_KEY] && !a[OVS_TUNNEL_ATTR_OUT_KEY]) {
+ smap_add(args, "key", "flow");