X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=datapath%2Fflow.c;h=5f122bb5b8f3099eb14dfe4d22f452699583c972;hb=7d0ab001dbc7bd4285aaf1dbcb881312ec32608c;hp=a9c742208d6401942ad49cc8c14bef0e958115ef;hpb=b4a7d61582ef3a09a666106a926c8912201dfe72;p=openvswitch diff --git a/datapath/flow.c b/datapath/flow.c index a9c74220..5f122bb5 100644 --- a/datapath/flow.c +++ b/datapath/flow.c @@ -34,59 +34,53 @@ struct kmem_cache *flow_cache; static unsigned int hash_seed; -struct arp_eth_header +static inline bool arphdr_ok(struct sk_buff *skb) { - __be16 ar_hrd; /* format of hardware address */ - __be16 ar_pro; /* format of protocol address */ - unsigned char ar_hln; /* length of hardware address */ - unsigned char ar_pln; /* length of protocol address */ - __be16 ar_op; /* ARP opcode (command) */ - - /* Ethernet+IPv4 specific members. */ - unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */ - unsigned char ar_sip[4]; /* sender IP address */ - unsigned char ar_tha[ETH_ALEN]; /* target hardware address */ - unsigned char ar_tip[4]; /* target IP address */ -} __attribute__((packed)); - -static inline int arphdr_ok(struct sk_buff *skb) -{ - int nh_ofs = skb_network_offset(skb); - return pskb_may_pull(skb, nh_ofs + sizeof(struct arp_eth_header)); + return skb->len >= skb_network_offset(skb) + sizeof(struct arp_eth_header); } -static inline int iphdr_ok(struct sk_buff *skb) +static inline int check_iphdr(struct sk_buff *skb) { - int nh_ofs = skb_network_offset(skb); - if (skb->len >= nh_ofs + sizeof(struct iphdr)) { - int ip_len = ip_hdrlen(skb); - return (ip_len >= sizeof(struct iphdr) - && pskb_may_pull(skb, nh_ofs + ip_len)); - } + unsigned int nh_ofs = skb_network_offset(skb); + unsigned int ip_len; + + if (skb->len < nh_ofs + sizeof(struct iphdr)) + return -EINVAL; + + ip_len = ip_hdrlen(skb); + if (ip_len < sizeof(struct iphdr) || skb->len < nh_ofs + ip_len) + return -EINVAL; + + /* + * Pull enough header bytes to account for the IP header plus the + * longest transport header that we parse, currently 20 bytes for TCP. + */ + if (!pskb_may_pull(skb, min(nh_ofs + ip_len + 20, skb->len))) + return -ENOMEM; + + skb_set_transport_header(skb, nh_ofs + ip_len); return 0; } -static inline int tcphdr_ok(struct sk_buff *skb) +static inline bool tcphdr_ok(struct sk_buff *skb) { int th_ofs = skb_transport_offset(skb); - if (pskb_may_pull(skb, th_ofs + sizeof(struct tcphdr))) { + if (skb->len >= th_ofs + sizeof(struct tcphdr)) { int tcp_len = tcp_hdrlen(skb); return (tcp_len >= sizeof(struct tcphdr) && skb->len >= th_ofs + tcp_len); } - return 0; + return false; } -static inline int udphdr_ok(struct sk_buff *skb) +static inline bool udphdr_ok(struct sk_buff *skb) { - int th_ofs = skb_transport_offset(skb); - return pskb_may_pull(skb, th_ofs + sizeof(struct udphdr)); + return skb->len >= skb_transport_offset(skb) + sizeof(struct udphdr); } -static inline int icmphdr_ok(struct sk_buff *skb) +static inline bool icmphdr_ok(struct sk_buff *skb) { - int th_ofs = skb_transport_offset(skb); - return pskb_may_pull(skb, th_ofs + sizeof(struct icmphdr)); + return skb->len >= skb_transport_offset(skb) + sizeof(struct icmphdr); } #define TCP_FLAGS_OFFSET 13 @@ -96,13 +90,10 @@ void flow_used(struct sw_flow *flow, struct sk_buff *skb) { u8 tcp_flags = 0; - if (flow->key.dl_type == htons(ETH_P_IP) && iphdr_ok(skb)) { - struct iphdr *nh = ip_hdr(skb); - flow->ip_tos = nh->tos; - if (flow->key.nw_proto == IPPROTO_TCP && tcphdr_ok(skb)) { - u8 *tcp = (u8 *)tcp_hdr(skb); - tcp_flags = *(tcp + TCP_FLAGS_OFFSET) & TCP_FLAG_MASK; - } + if (flow->key.dl_type == htons(ETH_P_IP) && + flow->key.nw_proto == IPPROTO_TCP) { + u8 *tcp = (u8 *)tcp_hdr(skb); + tcp_flags = *(tcp + TCP_FLAGS_OFFSET) & TCP_FLAG_MASK; } spin_lock_bh(&flow->lock); @@ -174,84 +165,132 @@ void flow_deferred_free_acts(struct sw_flow_actions *sf_acts) call_rcu(&sf_acts->rcu, rcu_free_acts_callback); } -#define SNAP_OUI_LEN 3 - -struct eth_snap_hdr +static void parse_vlan(struct sk_buff *skb, struct odp_flow_key *key) { - struct ethhdr eth; - u8 dsap; /* Always 0xAA */ - u8 ssap; /* Always 0xAA */ - u8 ctrl; - u8 oui[SNAP_OUI_LEN]; - u16 ethertype; -} __attribute__ ((packed)); - -static int is_snap(const struct eth_snap_hdr *esh) + struct qtag_prefix { + __be16 eth_type; /* ETH_P_8021Q */ + __be16 tci; + }; + struct qtag_prefix *qp; + + if (skb->len < sizeof(struct qtag_prefix) + sizeof(__be16)) + return; + + qp = (struct qtag_prefix *) skb->data; + key->dl_vlan = qp->tci & htons(VLAN_VID_MASK); + key->dl_vlan_pcp = (ntohs(qp->tci) & VLAN_PCP_MASK) >> VLAN_PCP_SHIFT; + __skb_pull(skb, sizeof(struct qtag_prefix)); +} + +static __be16 parse_ethertype(struct sk_buff *skb) { - return (esh->dsap == LLC_SAP_SNAP - && esh->ssap == LLC_SAP_SNAP - && !memcmp(esh->oui, "\0\0\0", 3)); + struct llc_snap_hdr { + u8 dsap; /* Always 0xAA */ + u8 ssap; /* Always 0xAA */ + u8 ctrl; + u8 oui[3]; + u16 ethertype; + }; + struct llc_snap_hdr *llc; + __be16 proto; + + proto = *(__be16 *) skb->data; + __skb_pull(skb, sizeof(__be16)); + + if (ntohs(proto) >= ODP_DL_TYPE_ETH2_CUTOFF) + return proto; + + if (unlikely(skb->len < sizeof(struct llc_snap_hdr))) + return htons(ODP_DL_TYPE_NOT_ETH_TYPE); + + llc = (struct llc_snap_hdr *) skb->data; + if (llc->dsap != LLC_SAP_SNAP || + llc->ssap != LLC_SAP_SNAP || + (llc->oui[0] | llc->oui[1] | llc->oui[2]) != 0) + return htons(ODP_DL_TYPE_NOT_ETH_TYPE); + + __skb_pull(skb, sizeof(struct llc_snap_hdr)); + return llc->ethertype; } -/* Parses the Ethernet frame in 'skb', which was received on 'in_port', - * and initializes 'key' to match. Returns 1 if 'skb' contains an IP - * fragment, 0 otherwise. */ +/** + * flow_extract - extracts a flow key from an Ethernet frame. + * @skb: sk_buff that contains the frame, with skb->data pointing to the + * Ethernet header + * @in_port: port number on which @skb was received. + * @key: output flow key + * + * The caller must ensure that skb->len >= ETH_HLEN. + * + * Returns 0 if successful, otherwise a negative errno value. + * + * Sets OVS_CB(skb)->is_frag to %true if @skb is an IPv4 fragment, otherwise to + * %false. + */ int flow_extract(struct sk_buff *skb, u16 in_port, struct odp_flow_key *key) { struct ethhdr *eth; - struct eth_snap_hdr *esh; - int retval = 0; - int nh_ofs; memset(key, 0, sizeof *key); key->tun_id = OVS_CB(skb)->tun_id; key->in_port = in_port; key->dl_vlan = htons(ODP_VLAN_NONE); - - if (skb->len < sizeof *eth) - return 0; - if (!pskb_may_pull(skb, skb->len >= 64 ? 64 : skb->len)) { - return 0; - } + OVS_CB(skb)->is_frag = false; + + /* + * We would really like to pull as many bytes as we could possibly + * want to parse into the linear data area. Currently that is: + * + * 14 Ethernet header + * 4 VLAN header + * 60 max IP header with options + * 20 max TCP/UDP/ICMP header (don't care about options) + * -- + * 98 + * + * But Xen only allocates 64 or 72 bytes for the linear data area in + * netback, which means that we would reallocate and copy the skb's + * linear data on every packet if we did that. So instead just pull 64 + * bytes, which is always sufficient without IP options, and then check + * whether we need to pull more later when we look at the IP header. + */ + if (!pskb_may_pull(skb, min(skb->len, 64u))) + return -ENOMEM; skb_reset_mac_header(skb); - eth = eth_hdr(skb); - esh = (struct eth_snap_hdr *) eth; - nh_ofs = sizeof *eth; - if (likely(ntohs(eth->h_proto) >= ODP_DL_TYPE_ETH2_CUTOFF)) - key->dl_type = eth->h_proto; - else if (skb->len >= sizeof *esh && is_snap(esh)) { - key->dl_type = esh->ethertype; - nh_ofs = sizeof *esh; - } else { - key->dl_type = htons(ODP_DL_TYPE_NOT_ETH_TYPE); - if (skb->len >= nh_ofs + sizeof(struct llc_pdu_un)) { - nh_ofs += sizeof(struct llc_pdu_un); - } - } - /* Check for a VLAN tag */ - if (key->dl_type == htons(ETH_P_8021Q) && - skb->len >= nh_ofs + sizeof(struct vlan_hdr)) { - struct vlan_hdr *vh = (struct vlan_hdr*)(skb->data + nh_ofs); - key->dl_type = vh->h_vlan_encapsulated_proto; - key->dl_vlan = vh->h_vlan_TCI & htons(VLAN_VID_MASK); - key->dl_vlan_pcp = (ntohs(vh->h_vlan_TCI) & VLAN_PCP_MASK) >> VLAN_PCP_SHIFT; - nh_ofs += sizeof(struct vlan_hdr); - } + /* Link layer. */ + eth = eth_hdr(skb); memcpy(key->dl_src, eth->h_source, ETH_ALEN); memcpy(key->dl_dst, eth->h_dest, ETH_ALEN); - skb_set_network_header(skb, nh_ofs); + + /* dl_type, dl_vlan, dl_vlan_pcp. */ + __skb_pull(skb, 2 * ETH_ALEN); + if (eth->h_proto == htons(ETH_P_8021Q)) + parse_vlan(skb, key); + key->dl_type = parse_ethertype(skb); + skb_reset_network_header(skb); + __skb_push(skb, skb->data - (unsigned char *)eth); /* Network layer. */ - if (key->dl_type == htons(ETH_P_IP) && iphdr_ok(skb)) { - struct iphdr *nh = ip_hdr(skb); - int th_ofs = nh_ofs + nh->ihl * 4; + if (key->dl_type == htons(ETH_P_IP)) { + struct iphdr *nh; + int error; + + error = check_iphdr(skb); + if (unlikely(error)) { + if (error == -EINVAL) { + skb->transport_header = skb->network_header; + return 0; + } + return error; + } + + nh = ip_hdr(skb); key->nw_src = nh->saddr; key->nw_dst = nh->daddr; key->nw_tos = nh->tos & ~INET_ECN_MASK; key->nw_proto = nh->protocol; - skb_set_transport_header(skb, th_ofs); /* Transport layer. */ if (!(nh->frag_off & htons(IP_MF | IP_OFFSET))) { @@ -293,7 +332,7 @@ int flow_extract(struct sk_buff *skb, u16 in_port, struct odp_flow_key *key) } } } else { - retval = 1; + OVS_CB(skb)->is_frag = true; } } else if (key->dl_type == htons(ETH_P_ARP) && arphdr_ok(skb)) { struct arp_eth_header *arp; @@ -319,12 +358,7 @@ int flow_extract(struct sk_buff *skb, u16 in_port, struct odp_flow_key *key) } else { skb_reset_transport_header(skb); } - return retval; -} - -struct sw_flow *flow_cast(const struct tbl_node *node) -{ - return container_of(node, struct sw_flow, tbl_node); + return 0; } u32 flow_hash(const struct odp_flow_key *key)