From patchwork Thu Sep 24 18:25:53 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas F Herbert X-Patchwork-Id: 522484 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (li376-54.members.linode.com [96.126.127.54]) by ozlabs.org (Postfix) with ESMTP id 8A1D5140271 for ; Fri, 25 Sep 2015 04:26:11 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b=A+rMtUAR; dkim-atps=neutral Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id ADF9010B1B; Thu, 24 Sep 2015 11:25:59 -0700 (PDT) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx1e4.cudamail.com (mx1.cudamail.com [69.90.118.67]) by archives.nicira.com (Postfix) with ESMTPS id 21CC210B10 for ; Thu, 24 Sep 2015 11:25:58 -0700 (PDT) Received: from bar5.cudamail.com (unknown [192.168.21.12]) by mx1e4.cudamail.com (Postfix) with ESMTPS id 89ABE1E0528 for ; Thu, 24 Sep 2015 12:25:57 -0600 (MDT) X-ASG-Debug-ID: 1443119156-09eadd11dc3f3e30001-byXFYA Received: from mx1-pf1.cudamail.com ([192.168.24.1]) by bar5.cudamail.com with ESMTP id zIc28Db4iOLTqJmK (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 24 Sep 2015 12:25:56 -0600 (MDT) X-Barracuda-Envelope-From: thomasfherbert@gmail.com X-Barracuda-RBL-Trusted-Forwarder: 192.168.24.1 Received: from unknown (HELO mail-qg0-f41.google.com) (209.85.192.41) by mx1-pf1.cudamail.com with ESMTPS (RC4-SHA encrypted); 24 Sep 2015 18:25:56 -0000 Received-SPF: pass (mx1-pf1.cudamail.com: SPF record at _netblocks.google.com designates 209.85.192.41 as permitted sender) X-Barracuda-Apparent-Source-IP: 209.85.192.41 X-Barracuda-RBL-IP: 209.85.192.41 Received: by qgt47 with SMTP id 47so51423168qgt.2 for ; Thu, 24 Sep 2015 11:25:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:reply-to:references:to:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type:content-transfer-encoding; bh=o828bEDsXyPof5S2F+lBGl1fhE2wvlmHYTcXA05HKF8=; b=A+rMtUARcRgeSoUmY9JdKAw8k7SpjqrpDtRWF/Uu1qcp8MfERfnENraz0W3y57IyuY ugrWv92aXKTh6sVR6orwYeCoLTXtP1pFPJL5ehUjSo4TTQA+6EhU382rx1ghLlRv6YYn sa/uLFQ2XJ6Nij2VYx/1DBTwvzA3DMHypBd81w7I35CbSN5i3KvaV1PrRsgS8IHLPF9r kfTbYLkAY9xMs6APikkLwqi9wirGCzYpAucHnsHPjWqtU8WYGexpyVPDvOYdobGnyuER 3jni/J/RRC8PtBROcncL75GB5jrX1vumEXa4cmZBYAissKJbT76VSAOg+h2tv3JwPTwG mZsw== X-Received: by 10.140.16.161 with SMTP id 30mr1391342qgb.95.1443119155127; Thu, 24 Sep 2015 11:25:55 -0700 (PDT) Received: from tfherb-2.local (pool-173-53-26-105.rcmdva.fios.verizon.net. [173.53.26.105]) by smtp.googlemail.com with ESMTPSA id y187sm1808302qky.8.2015.09.24.11.25.54 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 24 Sep 2015 11:25:54 -0700 (PDT) X-CudaMail-MID: CM-E1-923084117 X-CudaMail-DTE: 092415 X-CudaMail-Originating-IP: 209.85.192.41 X-ASG-Orig-Subj: [##CM-E1-923084117##]Re: [PATCH 3/3] 802.1AD: Flow handling, actions, vlan parsing and netlink attributes References: <1443117498-19123-4-git-send-email-thomasfherbert@gmail.com> To: Pravin Shelar X-CudaMail-Envelope-Sender: thomasfherbert@gmail.com From: Thomas F Herbert X-Forwarded-Message-Id: <1443117498-19123-4-git-send-email-thomasfherbert@gmail.com> Message-ID: <56044031.5000303@gmail.com> Date: Thu, 24 Sep 2015 14:25:53 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <1443117498-19123-4-git-send-email-thomasfherbert@gmail.com> X-GBUdb-Analysis: 0, 209.85.192.41, Ugly c=0.434822 p=-0.5 Source Normal X-MessageSniffer-Rules: 0-0-0-25783-c X-Barracuda-Connect: UNKNOWN[192.168.24.1] X-Barracuda-Start-Time: 1443119156 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 X-Barracuda-Spam-Score: 0.10 X-Barracuda-Spam-Status: No, SCORE=0.10 using per-user scores of TAG_LEVEL=3.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=3.0 tests=DKIM_SIGNED, RDNS_NONE X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.22863 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 DKIM_SIGNED Domain Keys Identified Mail: message has a signature 0.10 RDNS_NONE Delivered to trusted network by a host with no rDNS Cc: "dev@openvswitch.org" Subject: Re: [ovs-dev] [PATCH 3/3] 802.1AD: Flow handling, actions, vlan parsing and netlink attributes X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list Reply-To: thomasfherbert@gmail.com List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@openvswitch.org Sender: "dev" Pravin, I am you hoping you can take a look at a potential problem with my kernel module patch submitted to net-dev today. I decided to submit it anyway because that is the best way to get eyes on it. I am still seeing a problem where the 4 conntrak attributes show up in an upcall when a double tagged packet is received. The attribute lengths for the 4 unknown attributes should be -1 but are showing up as odd lengths. I can't see where my patch below is causing this problem but I don't see similar errors with missed upcall in either single tagged or untagged packets. I have applied my companion patch to the user space for 802.1ad so the problem could be in that patch with de-serializing "unknown" attributes. Also, this may not be a problem at all because the kernel module includes the conntrak patches but the user space does not as yet. I am running ovs commit ca92d173 with my user space 802.1ad patch. The error message is below: Sep 24 14:01:34 Centos7Bld ovs-vswitchd[2666]: recirc_id(0),dp_hash(0),skb_priority(0),in_port(3),skb_mark(0),key22(bad key length 1, expected -1)(00),key23(bad key length 2, expected -1)(00 00),key24(bad key length 4, expected -1)(00 00 00 00),key25(bad key length 16, expected -1)(00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00),eth(src=52:f6:ef:24:b6:4e,dst=08:00:27:7f:8f:e1),eth_type(0x88a8), vlan(vid=100,pcp=0),encap(eth_type(0x8100),vlan(vid=999,pcp=0),encap(eth_type(0x0800), ipv4(src=192.168.1.3,dst=192.168.1.2,proto=1,tos=0,ttl=64,frag=no),icmp(type=0,code=0))) Thanks in advance, Tom Herbert Red Hat -------- Forwarded Message -------- Subject: [PATCH 3/3] 802.1AD: Flow handling, actions, vlan parsing and netlink attributes Date: Thu, 24 Sep 2015 13:58:18 -0400 From: Thomas F Herbert To: netdev@vger.kernel.org, pshelar@nicira.com CC: therbert@redhat.com, dev@openvswitch.org, Thomas F Herbert Add support for 802.1ad including the ability to push and pop double tagged vlans. Add support for 802.1ad to netlink parsing and flow conversion. Uses double nested encap attributes to represent double tagged vlan. Inner TPID encoded along with ctci in nested attributes. Signed-off-by: Thomas F Herbert --- net/openvswitch/flow.c | 83 +++++++++++++++++---- net/openvswitch/flow.h | 5 ++ net/openvswitch/flow_netlink.c | 166 ++++++++++++++++++++++++++++++++++++++--- 3 files changed, 230 insertions(+), 24 deletions(-) *match, u64 attrs, const struct nlattr **a, bool is_mask, bool log) @@ -1064,6 +1085,80 @@ static void mask_set_nlattr(struct nlattr *attr, u8 val) nlattr_set(attr, val, ovs_key_lens); } +static int parse_vlan_from_nlattrs(const struct nlattr **nla, + struct sw_flow_match *match, + u64 *key_attrs, bool *ie_valid, + const struct nlattr **a, bool is_mask, + bool log) +{ + int err; + const struct nlattr *encap; + + *ie_valid = false; + if (!is_mask) { + u64 v_attrs = 0; + + err = parse_flow_nlattrs(*nla, a, &v_attrs, log); + if (err) + return err; + /* Another encap attribute here indicates + * the presence of a double tagged vlan. + */ + if ((v_attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) && + eth_type_vlan(nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]))) { + if (!((v_attrs & (1ULL << OVS_KEY_ATTR_VLAN)) && + (v_attrs & (1ULL << OVS_KEY_ATTR_ENCAP)))) { + OVS_NLERR(log, "Invalid Inner VLAN frame"); + return -EINVAL; + } + encap = a[OVS_KEY_ATTR_ENCAP]; + v_attrs &= ~(1 << OVS_KEY_ATTR_ENCAP); + + err = cust_vlan_from_nlattrs(match, a, is_mask, log); + if (err) + return err; + *ie_valid = true; + *nla = encap; + + /* Insure that tci key attribute isn't + * overwritten by encapsulated customer tci. + * Ethertype is cleared because it is c_tpid. + */ + v_attrs &= ~(1 << OVS_KEY_ATTR_VLAN); + v_attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE); + } + *key_attrs |= v_attrs; + + } else { + u64 mask_v_attrs = 0; + + err = parse_flow_mask_nlattrs(*nla, a, &mask_v_attrs, log); + if (err) + return err; + + if (mask_v_attrs & 1 << OVS_KEY_ATTR_ENCAP) { + if (!*ie_valid) { + OVS_NLERR(log, "Encap mask attribute is set for non-CVLAN frame."); + err = -EINVAL; + return err; + } + encap = a[OVS_KEY_ATTR_ENCAP]; + mask_v_attrs &= ~(1 << OVS_KEY_ATTR_ENCAP); + + err = cust_vlan_from_nlattrs(match, a, is_mask, log); + if (err) + return err; + *nla = encap; + + mask_v_attrs &= ~(1ULL << OVS_KEY_ATTR_VLAN); + mask_v_attrs &= ~(1ULL << OVS_KEY_ATTR_ETHERTYPE); + } + + *key_attrs |= mask_v_attrs; + } + return 0; +} + /** * ovs_nla_get_match - parses Netlink attributes into a flow key and * mask. In case the 'mask' is NULL, the flow is treated as exact match @@ -1091,6 +1186,7 @@ int ovs_nla_get_match(struct net *net, struct sw_flow_match *match, u64 key_attrs = 0; u64 mask_attrs = 0; bool encap_valid = false; + bool i_encap_valid = false; int err; err = parse_flow_nlattrs(nla_key, a, &key_attrs, log); @@ -1099,11 +1195,11 @@ int ovs_nla_get_match(struct net *net, struct sw_flow_match *match, if ((key_attrs & (1 << OVS_KEY_ATTR_ETHERNET)) && (key_attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) && - (nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]) == htons(ETH_P_8021Q))) { + eth_type_vlan(nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]))) { __be16 tci; - if (!((key_attrs & (1 << OVS_KEY_ATTR_VLAN)) && - (key_attrs & (1 << OVS_KEY_ATTR_ENCAP)))) { + if (!((key_attrs & (1ULL << OVS_KEY_ATTR_VLAN)) && + (key_attrs & (1ULL << OVS_KEY_ATTR_ENCAP)))) { OVS_NLERR(log, "Invalid Vlan frame."); return -EINVAL; } @@ -1115,9 +1211,19 @@ int ovs_nla_get_match(struct net *net, struct sw_flow_match *match, encap_valid = true; if (tci & htons(VLAN_TAG_PRESENT)) { - err = parse_flow_nlattrs(encap, a, &key_attrs, log); + err = parse_vlan_from_nlattrs(&encap, match, &key_attrs, + &i_encap_valid, a, false, + log); if (err) return err; + + if (i_encap_valid) { + err = parse_flow_nlattrs(encap, a, + &key_attrs, + log); + if (err) + return err; + } } else if (!tci) { /* Corner case for truncated 802.1Q header. */ if (nla_len(encap)) { @@ -1188,10 +1294,21 @@ int ovs_nla_get_match(struct net *net, struct sw_flow_match *match, if (eth_type == htons(0xffff)) { mask_attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE); encap = a[OVS_KEY_ATTR_ENCAP]; - err = parse_flow_mask_nlattrs(encap, a, - &mask_attrs, log); + err = parse_vlan_from_nlattrs(&encap, match, + &mask_attrs, + &i_encap_valid, + a, true, log); if (err) goto free_newmask; + + if (i_encap_valid) { + err = + parse_flow_mask_nlattrs(encap, a, + &mask_attrs, + log); + if (err) + goto free_newmask; + } } else { OVS_NLERR(log, "VLAN frames must have an exact match on the TPID (mask=%x).", ntohs(eth_type)); @@ -1320,6 +1437,7 @@ static int __ovs_nla_put_key(const struct sw_flow_key *swkey, { struct ovs_key_ethernet *eth_key; struct nlattr *nla, *encap; + struct nlattr *in_encap = NULL; if (nla_put_u32(skb, OVS_KEY_ATTR_RECIRC_ID, output->recirc_id)) goto nla_put_failure; @@ -1368,17 +1486,42 @@ static int __ovs_nla_put_key(const struct sw_flow_key *swkey, ether_addr_copy(eth_key->eth_src, output->eth.src); ether_addr_copy(eth_key->eth_dst, output->eth.dst); - if (swkey->eth.tci || swkey->eth.type == htons(ETH_P_8021Q)) { + if (swkey->eth.tci || eth_type_vlan(swkey->eth.type)) { __be16 eth_type; - eth_type = !is_mask ? htons(ETH_P_8021Q) : htons(0xffff); + + if (swkey->eth.cvlan.ctci || + eth_type_vlan(swkey->eth.cvlan.c_tpid)) + eth_type = !is_mask ? htons(ETH_P_8021AD) : + htons(0xffff); + else + eth_type = !is_mask ? htons(ETH_P_8021Q) : + htons(0xffff); + if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, eth_type) || nla_put_be16(skb, OVS_KEY_ATTR_VLAN, output->eth.tci)) goto nla_put_failure; encap = nla_nest_start(skb, OVS_KEY_ATTR_ENCAP); if (!swkey->eth.tci) goto unencap; - } else + if (swkey->eth.cvlan.ctci || eth_type_vlan(swkey->eth.type)) { + __be16 eth_type; + + /* Customer tci is nested but uses same key attribute. + */ + eth_type = !is_mask ? htons(ETH_P_8021Q) : + htons(0xffff); + if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, + eth_type) || + nla_put_be16(skb, OVS_KEY_ATTR_VLAN, + output->eth.cvlan.ctci)) + goto nla_put_failure; + in_encap = nla_nest_start(skb, OVS_KEY_ATTR_ENCAP); + if (!swkey->eth.cvlan.ctci) + goto unencap; + } + } else { encap = NULL; + } if (swkey->eth.type == htons(ETH_P_802_2)) { /* @@ -1525,6 +1668,8 @@ static int __ovs_nla_put_key(const struct sw_flow_key *swkey, unencap: if (encap) nla_nest_end(skb, encap); + if (in_encap) + nla_nest_end(skb, in_encap); return 0; @@ -2174,7 +2319,8 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, case OVS_ACTION_ATTR_PUSH_VLAN: vlan = nla_data(a); - if (vlan->vlan_tpid != htons(ETH_P_8021Q)) + if ((vlan->vlan_tpid != htons(ETH_P_8021Q)) && + (vlan->vlan_tpid != htons(ETH_P_8021AD))) return -EINVAL; if (!(vlan->vlan_tci & htons(VLAN_TAG_PRESENT))) return -EINVAL; diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c index c8db44a..db58e47 100644 --- a/net/openvswitch/flow.c +++ b/net/openvswitch/flow.c @@ -305,21 +305,77 @@ static bool icmp6hdr_ok(struct sk_buff *skb) static int parse_vlan(struct sk_buff *skb, struct sw_flow_key *key) { struct qtag_prefix { - __be16 eth_type; /* ETH_P_8021Q */ + __be16 eth_type; /* ETH_P_8021Q or ETH_P_8021AD */ __be16 tci; }; - struct qtag_prefix *qp; + struct qtag_prefix *qp = (struct qtag_prefix *)skb->data; - if (unlikely(skb->len < sizeof(struct qtag_prefix) + sizeof(__be16))) + struct qinqtag_prefix { + __be16 eth_type; /* ETH_P_8021Q or ETH_P_8021AD */ + __be16 tci; + __be16 inner_tpid; /* ETH_P_8021Q */ + __be16 ctci; + }; + + if (likely(skb_vlan_tag_present(skb))) { + key->eth.tci = htons(skb->vlan_tci); + + /* Case where upstream + * processing has already stripped the outer vlan tag. + */ + if (unlikely(skb->vlan_proto == htons(ETH_P_8021AD))) { + if (unlikely(skb->len < sizeof(struct qtag_prefix) + + sizeof(__be16))) { + key->eth.tci = 0; + return 0; + } + + if (unlikely(!pskb_may_pull(skb, + sizeof(struct qtag_prefix) + + sizeof(__be16)))) + return -ENOMEM; + + key->eth.cvlan.ctci = + qp->tci | htons(VLAN_TAG_PRESENT); + key->eth.cvlan.c_tpid = qp->eth_type; + + __skb_pull(skb, sizeof(struct qtag_prefix)); + } return 0; + } - if (unlikely(!pskb_may_pull(skb, sizeof(struct qtag_prefix) + - sizeof(__be16)))) - return -ENOMEM; - qp = (struct qtag_prefix *) skb->data; - key->eth.tci = qp->tci | htons(VLAN_TAG_PRESENT); - __skb_pull(skb, sizeof(struct qtag_prefix)); + if (qp->eth_type == htons(ETH_P_8021AD)) { + struct qinqtag_prefix *qinqp = + (struct qinqtag_prefix *)skb->data; + + if (unlikely(skb->len < sizeof(struct qinqtag_prefix) + + sizeof(__be16))) + return 0; + + if (unlikely(!pskb_may_pull(skb, sizeof(struct qinqtag_prefix) + + sizeof(__be16)))) + return -ENOMEM; + key->eth.tci = qinqp->tci | htons(VLAN_TAG_PRESENT); + key->eth.cvlan.ctci = qinqp->ctci | htons(VLAN_TAG_PRESENT); + key->eth.cvlan.c_tpid = qinqp->inner_tpid; + + __skb_pull(skb, sizeof(struct qinqtag_prefix)); + + return 0; + } + if (qp->eth_type == htons(ETH_P_8021Q)) { + if (unlikely(skb->len < sizeof(struct qtag_prefix) + + sizeof(__be16))) + return -ENOMEM; + + if (unlikely(!pskb_may_pull(skb, sizeof(struct qtag_prefix) + + sizeof(__be16)))) + return 0; + key->eth.tci = qp->tci | htons(VLAN_TAG_PRESENT); + + __skb_pull(skb, sizeof(struct qtag_prefix)); + } return 0; } @@ -481,11 +537,10 @@ static int key_extract(struct sk_buff *skb, struct sw_flow_key *key) */ key->eth.tci = 0; - if (skb_vlan_tag_present(skb)) - key->eth.tci = htons(skb->vlan_tci); - else if (eth->h_proto == htons(ETH_P_8021Q)) - if (unlikely(parse_vlan(skb, key))) - return -ENOMEM; + key->eth.cvlan.ctci = 0; + key->eth.cvlan.c_tpid = 0; + if (unlikely(parse_vlan(skb, key))) + return -ENOMEM; key->eth.type = parse_ethertype(skb); if (unlikely(key->eth.type == htons(0))) diff --git a/net/openvswitch/flow.h b/net/openvswitch/flow.h index fe527d2..2c491e8 100644 --- a/net/openvswitch/flow.h +++ b/net/openvswitch/flow.h @@ -69,6 +69,11 @@ struct sw_flow_key { u8 src[ETH_ALEN]; /* Ethernet source address. */ u8 dst[ETH_ALEN]; /* Ethernet destination address. */ __be16 tci; /* 0 if no VLAN, VLAN_TAG_PRESENT set otherwise. */ + struct { + __be16 c_tpid; /* Vlan DL_type 802.1q or 802.1ad */ + __be16 ctci; /* 0 if no CVLAN, VLAN_TAG_PRESENT */ + /* set otherwise. */ + } cvlan; __be16 type; /* Ethernet frame type. */ } eth; union { diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c index c92d6a2..5fe415d 100644 --- a/net/openvswitch/flow_netlink.c +++ b/net/openvswitch/flow_netlink.c @@ -811,6 +811,27 @@ static int metadata_from_nlattrs(struct net *net, struct sw_flow_match *match, return 0; } +static int cust_vlan_from_nlattrs(struct sw_flow_match *match, + const struct nlattr *a[], + bool is_mask, bool log) +{ + __be16 ctci = 0; + __be16 c_tpid = 0; + + ctci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]); + if (!(ctci & htons(VLAN_TAG_PRESENT))) { + if (is_mask) + OVS_NLERR(log, "VLAN CTCI mask does not have exact match for VLAN_TAG_PRESENT bit."); + else + OVS_NLERR(log, "VLAN CTCI does not have VLAN_TAG_PRESENT bit set."); + return -EINVAL; + } + c_tpid = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]); + SW_FLOW_KEY_PUT(match, eth.cvlan.c_tpid, c_tpid, is_mask); + SW_FLOW_KEY_PUT(match, eth.cvlan.ctci, ctci, is_mask); + return 0; +} + static int ovs_key_from_nlattrs(struct net *net, struct sw_flow_match