net/openvswitch/flow.h

0001 /* SPDX-License-Identifier: GPL-2.0-only */
0002 /*
0003  * Copyright (c) 2007-2017 Nicira, Inc.
0004  */
0005
0006 #ifndef FLOW_H
0007 #define FLOW_H 1
0008
0009 #include <linux/cache.h>
0010 #include <linux/kernel.h>
0011 #include <linux/netlink.h>
0012 #include <linux/openvswitch.h>
0013 #include <linux/spinlock.h>
0014 #include <linux/types.h>
0015 #include <linux/rcupdate.h>
0016 #include <linux/if_ether.h>
0017 #include <linux/in6.h>
0018 #include <linux/jiffies.h>
0019 #include <linux/time.h>
0020 #include <linux/cpumask.h>
0021 #include <net/inet_ecn.h>
0022 #include <net/ip_tunnels.h>
0023 #include <net/dst_metadata.h>
0024 #include <net/nsh.h>
0025
0026 struct sk_buff;
0027
0028 enum sw_flow_mac_proto {
0029     MAC_PROTO_NONE = 0,
0030     MAC_PROTO_ETHERNET,
0031 };
0032 #define SW_FLOW_KEY_INVALID 0x80
0033 #define MPLS_LABEL_DEPTH       3
0034
0035 /* Bit definitions for IPv6 Extension Header pseudo-field. */
0036 enum ofp12_ipv6exthdr_flags {
0037     OFPIEH12_NONEXT = 1 << 0,   /* "No next header" encountered. */
0038     OFPIEH12_ESP    = 1 << 1,   /* Encrypted Sec Payload header present. */
0039     OFPIEH12_AUTH   = 1 << 2,   /* Authentication header present. */
0040     OFPIEH12_DEST   = 1 << 3,   /* 1 or 2 dest headers present. */
0041     OFPIEH12_FRAG   = 1 << 4,   /* Fragment header present. */
0042     OFPIEH12_ROUTER = 1 << 5,   /* Router header present. */
0043     OFPIEH12_HOP    = 1 << 6,   /* Hop-by-hop header present. */
0044     OFPIEH12_UNREP  = 1 << 7,   /* Unexpected repeats encountered. */
0045     OFPIEH12_UNSEQ  = 1 << 8    /* Unexpected sequencing encountered. */
0046 };
0047
0048 /* Store options at the end of the array if they are less than the
0049  * maximum size. This allows us to get the benefits of variable length
0050  * matching for small options.
0051  */
0052 #define TUN_METADATA_OFFSET(opt_len) \
0053     (sizeof_field(struct sw_flow_key, tun_opts) - opt_len)
0054 #define TUN_METADATA_OPTS(flow_key, opt_len) \
0055     ((void *)((flow_key)->tun_opts + TUN_METADATA_OFFSET(opt_len)))
0056
0057 struct ovs_tunnel_info {
0058     struct metadata_dst *tun_dst;
0059 };
0060
0061 struct vlan_head {
0062     __be16 tpid; /* Vlan type. Generally 802.1q or 802.1ad.*/
0063     __be16 tci;  /* 0 if no VLAN, VLAN_CFI_MASK set otherwise. */
0064 };
0065
0066 #define OVS_SW_FLOW_KEY_METADATA_SIZE           \
0067     (offsetof(struct sw_flow_key, recirc_id) +  \
0068     sizeof_field(struct sw_flow_key, recirc_id))
0069
0070 struct ovs_key_nsh {
0071     struct ovs_nsh_key_base base;
0072     __be32 context[NSH_MD1_CONTEXT_SIZE];
0073 };
0074
0075 struct sw_flow_key {
0076     u8 tun_opts[IP_TUNNEL_OPTS_MAX];
0077     u8 tun_opts_len;
0078     struct ip_tunnel_key tun_key;   /* Encapsulating tunnel key. */
0079     struct {
0080         u32 priority;   /* Packet QoS priority. */
0081         u32 skb_mark;   /* SKB mark. */
0082         u16 in_port;    /* Input switch port (or DP_MAX_PORTS). */
0083     } __packed phy; /* Safe when right after 'tun_key'. */
0084     u8 mac_proto;           /* MAC layer protocol (e.g. Ethernet). */
0085     u8 tun_proto;           /* Protocol of encapsulating tunnel. */
0086     u32 ovs_flow_hash;      /* Datapath computed hash value.  */
0087     u32 recirc_id;          /* Recirculation ID.  */
0088     struct {
0089         u8     src[ETH_ALEN];   /* Ethernet source address. */
0090         u8     dst[ETH_ALEN];   /* Ethernet destination address. */
0091         struct vlan_head vlan;
0092         struct vlan_head cvlan;
0093         __be16 type;        /* Ethernet frame type. */
0094     } eth;
0095     /* Filling a hole of two bytes. */
0096     u8 ct_state;
0097     u8 ct_orig_proto;       /* CT original direction tuple IP
0098                      * protocol.
0099                      */
0100     union {
0101         struct {
0102             u8     proto;   /* IP protocol or lower 8 bits of ARP opcode. */
0103             u8     tos;     /* IP ToS. */
0104             u8     ttl;     /* IP TTL/hop limit. */
0105             u8     frag;    /* One of OVS_FRAG_TYPE_*. */
0106         } ip;
0107     };
0108     u16 ct_zone;            /* Conntrack zone. */
0109     struct {
0110         __be16 src;     /* TCP/UDP/SCTP source port. */
0111         __be16 dst;     /* TCP/UDP/SCTP destination port. */
0112         __be16 flags;       /* TCP flags. */
0113     } tp;
0114     union {
0115         struct {
0116             struct {
0117                 __be32 src; /* IP source address. */
0118                 __be32 dst; /* IP destination address. */
0119             } addr;
0120             union {
0121                 struct {
0122                     __be32 src;
0123                     __be32 dst;
0124                 } ct_orig;  /* Conntrack original direction fields. */
0125                 struct {
0126                     u8 sha[ETH_ALEN];   /* ARP source hardware address. */
0127                     u8 tha[ETH_ALEN];   /* ARP target hardware address. */
0128                 } arp;
0129             };
0130         } ipv4;
0131         struct {
0132             struct {
0133                 struct in6_addr src;    /* IPv6 source address. */
0134                 struct in6_addr dst;    /* IPv6 destination address. */
0135             } addr;
0136             __be32 label;           /* IPv6 flow label. */
0137             u16 exthdrs;    /* IPv6 extension header flags */
0138             union {
0139                 struct {
0140                     struct in6_addr src;
0141                     struct in6_addr dst;
0142                 } ct_orig;  /* Conntrack original direction fields. */
0143                 struct {
0144                     struct in6_addr target; /* ND target address. */
0145                     u8 sll[ETH_ALEN];   /* ND source link layer address. */
0146                     u8 tll[ETH_ALEN];   /* ND target link layer address. */
0147                 } nd;
0148             };
0149         } ipv6;
0150         struct {
0151             u32 num_labels_mask;    /* labels present bitmap of effective length MPLS_LABEL_DEPTH */
0152             __be32 lse[MPLS_LABEL_DEPTH];     /* label stack entry  */
0153         } mpls;
0154
0155         struct ovs_key_nsh nsh;         /* network service header */
0156     };
0157     struct {
0158         /* Connection tracking fields not packed above. */
0159         struct {
0160             __be16 src; /* CT orig tuple tp src port. */
0161             __be16 dst; /* CT orig tuple tp dst port. */
0162         } orig_tp;
0163         u32 mark;
0164         struct ovs_key_ct_labels labels;
0165     } ct;
0166
0167 } __aligned(BITS_PER_LONG/8); /* Ensure that we can do comparisons as longs. */
0168
0169 static inline bool sw_flow_key_is_nd(const struct sw_flow_key *key)
0170 {
0171     return key->eth.type == htons(ETH_P_IPV6) &&
0172         key->ip.proto == NEXTHDR_ICMP &&
0173         key->tp.dst == 0 &&
0174         (key->tp.src == htons(NDISC_NEIGHBOUR_SOLICITATION) ||
0175          key->tp.src == htons(NDISC_NEIGHBOUR_ADVERTISEMENT));
0176 }
0177
0178 struct sw_flow_key_range {
0179     unsigned short int start;
0180     unsigned short int end;
0181 };
0182
0183 struct sw_flow_mask {
0184     int ref_count;
0185     struct rcu_head rcu;
0186     struct sw_flow_key_range range;
0187     struct sw_flow_key key;
0188 };
0189
0190 struct sw_flow_match {
0191     struct sw_flow_key *key;
0192     struct sw_flow_key_range range;
0193     struct sw_flow_mask *mask;
0194 };
0195
0196 #define MAX_UFID_LENGTH 16 /* 128 bits */
0197
0198 struct sw_flow_id {
0199     u32 ufid_len;
0200     union {
0201         u32 ufid[MAX_UFID_LENGTH / 4];
0202         struct sw_flow_key *unmasked_key;
0203     };
0204 };
0205
0206 struct sw_flow_actions {
0207     struct rcu_head rcu;
0208     size_t orig_len;    /* From flow_cmd_new netlink actions size */
0209     u32 actions_len;
0210     struct nlattr actions[];
0211 };
0212
0213 struct sw_flow_stats {
0214     u64 packet_count;       /* Number of packets matched. */
0215     u64 byte_count;         /* Number of bytes matched. */
0216     unsigned long used;     /* Last used time (in jiffies). */
0217     spinlock_t lock;        /* Lock for atomic stats update. */
0218     __be16 tcp_flags;       /* Union of seen TCP flags. */
0219 };
0220
0221 struct sw_flow {
0222     struct rcu_head rcu;
0223     struct {
0224         struct hlist_node node[2];
0225         u32 hash;
0226     } flow_table, ufid_table;
0227     int stats_last_writer;      /* CPU id of the last writer on
0228                      * 'stats[0]'.
0229                      */
0230     struct sw_flow_key key;
0231     struct sw_flow_id id;
0232     struct cpumask cpu_used_mask;
0233     struct sw_flow_mask *mask;
0234     struct sw_flow_actions __rcu *sf_acts;
0235     struct sw_flow_stats __rcu *stats[]; /* One for each CPU.  First one
0236                        * is allocated at flow creation time,
0237                        * the rest are allocated on demand
0238                        * while holding the 'stats[0].lock'.
0239                        */
0240 };
0241
0242 struct arp_eth_header {
0243     __be16      ar_hrd; /* format of hardware address   */
0244     __be16      ar_pro; /* format of protocol address   */
0245     unsigned char   ar_hln; /* length of hardware address   */
0246     unsigned char   ar_pln; /* length of protocol address   */
0247     __be16      ar_op;  /* ARP opcode (command)     */
0248
0249     /* Ethernet+IPv4 specific members. */
0250     unsigned char       ar_sha[ETH_ALEN];   /* sender hardware address  */
0251     unsigned char       ar_sip[4];      /* sender IP address        */
0252     unsigned char       ar_tha[ETH_ALEN];   /* target hardware address  */
0253     unsigned char       ar_tip[4];      /* target IP address        */
0254 } __packed;
0255
0256 static inline u8 ovs_key_mac_proto(const struct sw_flow_key *key)
0257 {
0258     return key->mac_proto & ~SW_FLOW_KEY_INVALID;
0259 }
0260
0261 static inline u16 __ovs_mac_header_len(u8 mac_proto)
0262 {
0263     return mac_proto == MAC_PROTO_ETHERNET ? ETH_HLEN : 0;
0264 }
0265
0266 static inline u16 ovs_mac_header_len(const struct sw_flow_key *key)
0267 {
0268     return __ovs_mac_header_len(ovs_key_mac_proto(key));
0269 }
0270
0271 static inline bool ovs_identifier_is_ufid(const struct sw_flow_id *sfid)
0272 {
0273     return sfid->ufid_len;
0274 }
0275
0276 static inline bool ovs_identifier_is_key(const struct sw_flow_id *sfid)
0277 {
0278     return !ovs_identifier_is_ufid(sfid);
0279 }
0280
0281 void ovs_flow_stats_update(struct sw_flow *, __be16 tcp_flags,
0282                const struct sk_buff *);
0283 void ovs_flow_stats_get(const struct sw_flow *, struct ovs_flow_stats *,
0284             unsigned long *used, __be16 *tcp_flags);
0285 void ovs_flow_stats_clear(struct sw_flow *);
0286 u64 ovs_flow_used_time(unsigned long flow_jiffies);
0287
0288 int ovs_flow_key_update(struct sk_buff *skb, struct sw_flow_key *key);
0289 int ovs_flow_key_update_l3l4(struct sk_buff *skb, struct sw_flow_key *key);
0290 int ovs_flow_key_extract(const struct ip_tunnel_info *tun_info,
0291              struct sk_buff *skb,
0292              struct sw_flow_key *key);
0293 /* Extract key from packet coming from userspace. */
0294 int ovs_flow_key_extract_userspace(struct net *net, const struct nlattr *attr,
0295                    struct sk_buff *skb,
0296                    struct sw_flow_key *key, bool log);
0297
0298 #endif /* flow.h */