net/openvswitch/flow_netlink.c

   1 /*
   2  * Copyright (c) 2007-2014 Nicira, Inc.
   3  *
   4  * This program is free software; you can redistribute it and/or
   5  * modify it under the terms of version 2 of the GNU General Public
   6  * License as published by the Free Software Foundation.
   7  *
   8  * This program is distributed in the hope that it will be useful, but
   9  * WITHOUT ANY WARRANTY; without even the implied warranty of
  10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  11  * General Public License for more details.
  12  *
  13  * You should have received a copy of the GNU General Public License
  14  * along with this program; if not, write to the Free Software
  15  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  16  * 02110-1301, USA
  17  */
  18
  19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  20
  21 #include "flow.h"
  22 #include "datapath.h"
  23 #include <linux/uaccess.h>
  24 #include <linux/netdevice.h>
  25 #include <linux/etherdevice.h>
  26 #include <linux/if_ether.h>
  27 #include <linux/if_vlan.h>
  28 #include <net/llc_pdu.h>
  29 #include <linux/kernel.h>
  30 #include <linux/jhash.h>
  31 #include <linux/jiffies.h>
  32 #include <linux/llc.h>
  33 #include <linux/module.h>
  34 #include <linux/in.h>
  35 #include <linux/rcupdate.h>
  36 #include <linux/if_arp.h>
  37 #include <linux/ip.h>
  38 #include <linux/ipv6.h>
  39 #include <linux/sctp.h>
  40 #include <linux/tcp.h>
  41 #include <linux/udp.h>
  42 #include <linux/icmp.h>
  43 #include <linux/icmpv6.h>
  44 #include <linux/rculist.h>
  45 #include <net/geneve.h>
  46 #include <net/ip.h>
  47 #include <net/ipv6.h>
  48 #include <net/ndisc.h>
  49
  50 #include "flow_netlink.h"
  51
  52 static void update_range__(struct sw_flow_match *match,
  53                            size_t offset, size_t size, bool is_mask)
  54 {
  55         struct sw_flow_key_range *range = NULL;
  56         size_t start = rounddown(offset, sizeof(long));
  57         size_t end = roundup(offset + size, sizeof(long));
  58
  59         if (!is_mask)
  60                 range = &match->range;
  61         else if (match->mask)
  62                 range = &match->mask->range;
  63
  64         if (!range)
  65                 return;
  66
  67         if (range->start == range->end) {
  68                 range->start = start;
  69                 range->end = end;
  70                 return;
  71         }
  72
  73         if (range->start > start)
  74                 range->start = start;
  75
  76         if (range->end < end)
  77                 range->end = end;
  78 }
  79
  80 #define SW_FLOW_KEY_PUT(match, field, value, is_mask) \
  81         do { \
  82                 update_range__(match, offsetof(struct sw_flow_key, field),  \
  83                                      sizeof((match)->key->field), is_mask); \
  84                 if (is_mask) {                                              \
  85                         if ((match)->mask)                                  \
  86                                 (match)->mask->key.field = value;           \
  87                 } else {                                                    \
  88                         (match)->key->field = value;                        \
  89                 }                                                           \
  90         } while (0)
  91
  92 #define SW_FLOW_KEY_MEMCPY_OFFSET(match, offset, value_p, len, is_mask)     \
  93         do {                                                                \
  94                 update_range__(match, offset, len, is_mask);                \
  95                 if (is_mask)                                                \
  96                         memcpy((u8 *)&(match)->mask->key + offset, value_p, \
  97                                len);                                        \
  98                 else                                                        \
  99                         memcpy((u8 *)(match)->key + offset, value_p, len);  \
 100         } while (0)
 101
 102 #define SW_FLOW_KEY_MEMCPY(match, field, value_p, len, is_mask)               \
 103         SW_FLOW_KEY_MEMCPY_OFFSET(match, offsetof(struct sw_flow_key, field), \
 104                                   value_p, len, is_mask)
 105
 106 static u16 range_n_bytes(const struct sw_flow_key_range *range)
 107 {
 108         return range->end - range->start;
 109 }
 110
 111 static bool match_validate(const struct sw_flow_match *match,
 112                            u64 key_attrs, u64 mask_attrs)
 113 {
 114         u64 key_expected = 1 << OVS_KEY_ATTR_ETHERNET;
 115         u64 mask_allowed = key_attrs;  /* At most allow all key attributes */
 116
 117         /* The following mask attributes allowed only if they
 118          * pass the validation tests. */
 119         mask_allowed &= ~((1 << OVS_KEY_ATTR_IPV4)
 120                         | (1 << OVS_KEY_ATTR_IPV6)
 121                         | (1 << OVS_KEY_ATTR_TCP)
 122                         | (1 << OVS_KEY_ATTR_TCP_FLAGS)
 123                         | (1 << OVS_KEY_ATTR_UDP)
 124                         | (1 << OVS_KEY_ATTR_SCTP)
 125                         | (1 << OVS_KEY_ATTR_ICMP)
 126                         | (1 << OVS_KEY_ATTR_ICMPV6)
 127                         | (1 << OVS_KEY_ATTR_ARP)
 128                         | (1 << OVS_KEY_ATTR_ND));
 129
 130         /* Always allowed mask fields. */
 131         mask_allowed |= ((1 << OVS_KEY_ATTR_TUNNEL)
 132                        | (1 << OVS_KEY_ATTR_IN_PORT)
 133                        | (1 << OVS_KEY_ATTR_ETHERTYPE));
 134
 135         /* Check key attributes. */
 136         if (match->key->eth.type == htons(ETH_P_ARP)
 137                         || match->key->eth.type == htons(ETH_P_RARP)) {
 138                 key_expected |= 1 << OVS_KEY_ATTR_ARP;
 139                 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
 140                         mask_allowed |= 1 << OVS_KEY_ATTR_ARP;
 141         }
 142
 143         if (match->key->eth.type == htons(ETH_P_IP)) {
 144                 key_expected |= 1 << OVS_KEY_ATTR_IPV4;
 145                 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
 146                         mask_allowed |= 1 << OVS_KEY_ATTR_IPV4;
 147
 148                 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) {
 149                         if (match->key->ip.proto == IPPROTO_UDP) {
 150                                 key_expected |= 1 << OVS_KEY_ATTR_UDP;
 151                                 if (match->mask && (match->mask->key.ip.proto == 0xff))
 152                                         mask_allowed |= 1 << OVS_KEY_ATTR_UDP;
 153                         }
 154
 155                         if (match->key->ip.proto == IPPROTO_SCTP) {
 156                                 key_expected |= 1 << OVS_KEY_ATTR_SCTP;
 157                                 if (match->mask && (match->mask->key.ip.proto == 0xff))
 158                                         mask_allowed |= 1 << OVS_KEY_ATTR_SCTP;
 159                         }
 160
 161                         if (match->key->ip.proto == IPPROTO_TCP) {
 162                                 key_expected |= 1 << OVS_KEY_ATTR_TCP;
 163                                 key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
 164                                 if (match->mask && (match->mask->key.ip.proto == 0xff)) {
 165                                         mask_allowed |= 1 << OVS_KEY_ATTR_TCP;
 166                                         mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
 167                                 }
 168                         }
 169
 170                         if (match->key->ip.proto == IPPROTO_ICMP) {
 171                                 key_expected |= 1 << OVS_KEY_ATTR_ICMP;
 172                                 if (match->mask && (match->mask->key.ip.proto == 0xff))
 173                                         mask_allowed |= 1 << OVS_KEY_ATTR_ICMP;
 174                         }
 175                 }
 176         }
 177
 178         if (match->key->eth.type == htons(ETH_P_IPV6)) {
 179                 key_expected |= 1 << OVS_KEY_ATTR_IPV6;
 180                 if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
 181                         mask_allowed |= 1 << OVS_KEY_ATTR_IPV6;
 182
 183                 if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) {
 184                         if (match->key->ip.proto == IPPROTO_UDP) {
 185                                 key_expected |= 1 << OVS_KEY_ATTR_UDP;
 186                                 if (match->mask && (match->mask->key.ip.proto == 0xff))
 187                                         mask_allowed |= 1 << OVS_KEY_ATTR_UDP;
 188                         }
 189
 190                         if (match->key->ip.proto == IPPROTO_SCTP) {
 191                                 key_expected |= 1 << OVS_KEY_ATTR_SCTP;
 192                                 if (match->mask && (match->mask->key.ip.proto == 0xff))
 193                                         mask_allowed |= 1 << OVS_KEY_ATTR_SCTP;
 194                         }
 195
 196                         if (match->key->ip.proto == IPPROTO_TCP) {
 197                                 key_expected |= 1 << OVS_KEY_ATTR_TCP;
 198                                 key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
 199                                 if (match->mask && (match->mask->key.ip.proto == 0xff)) {
 200                                         mask_allowed |= 1 << OVS_KEY_ATTR_TCP;
 201                                         mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
 202                                 }
 203                         }
 204
 205                         if (match->key->ip.proto == IPPROTO_ICMPV6) {
 206                                 key_expected |= 1 << OVS_KEY_ATTR_ICMPV6;
 207                                 if (match->mask && (match->mask->key.ip.proto == 0xff))
 208                                         mask_allowed |= 1 << OVS_KEY_ATTR_ICMPV6;
 209
 210                                 if (match->key->tp.src ==
 211                                                 htons(NDISC_NEIGHBOUR_SOLICITATION) ||
 212                                     match->key->tp.src == htons(NDISC_NEIGHBOUR_ADVERTISEMENT)) {
 213                                         key_expected |= 1 << OVS_KEY_ATTR_ND;
 214                                         if (match->mask && (match->mask->key.tp.src == htons(0xffff)))
 215                                                 mask_allowed |= 1 << OVS_KEY_ATTR_ND;
 216                                 }
 217                         }
 218                 }
 219         }
 220
 221         if ((key_attrs & key_expected) != key_expected) {
 222                 /* Key attributes check failed. */
 223                 OVS_NLERR("Missing expected key attributes (key_attrs=%llx, expected=%llx).\n",
 224                                 (unsigned long long)key_attrs, (unsigned long long)key_expected);
 225                 return false;
 226         }
 227
 228         if ((mask_attrs & mask_allowed) != mask_attrs) {
 229                 /* Mask attributes check failed. */
 230                 OVS_NLERR("Contain more than allowed mask fields (mask_attrs=%llx, mask_allowed=%llx).\n",
 231                                 (unsigned long long)mask_attrs, (unsigned long long)mask_allowed);
 232                 return false;
 233         }
 234
 235         return true;
 236 }
 237
 238 /* The size of the argument for each %OVS_KEY_ATTR_* Netlink attribute.  */
 239 static const int ovs_key_lens[OVS_KEY_ATTR_MAX + 1] = {
 240         [OVS_KEY_ATTR_ENCAP] = -1,
 241         [OVS_KEY_ATTR_PRIORITY] = sizeof(u32),
 242         [OVS_KEY_ATTR_IN_PORT] = sizeof(u32),
 243         [OVS_KEY_ATTR_SKB_MARK] = sizeof(u32),
 244         [OVS_KEY_ATTR_ETHERNET] = sizeof(struct ovs_key_ethernet),
 245         [OVS_KEY_ATTR_VLAN] = sizeof(__be16),
 246         [OVS_KEY_ATTR_ETHERTYPE] = sizeof(__be16),
 247         [OVS_KEY_ATTR_IPV4] = sizeof(struct ovs_key_ipv4),
 248         [OVS_KEY_ATTR_IPV6] = sizeof(struct ovs_key_ipv6),
 249         [OVS_KEY_ATTR_TCP] = sizeof(struct ovs_key_tcp),
 250         [OVS_KEY_ATTR_TCP_FLAGS] = sizeof(__be16),
 251         [OVS_KEY_ATTR_UDP] = sizeof(struct ovs_key_udp),
 252         [OVS_KEY_ATTR_SCTP] = sizeof(struct ovs_key_sctp),
 253         [OVS_KEY_ATTR_ICMP] = sizeof(struct ovs_key_icmp),
 254         [OVS_KEY_ATTR_ICMPV6] = sizeof(struct ovs_key_icmpv6),
 255         [OVS_KEY_ATTR_ARP] = sizeof(struct ovs_key_arp),
 256         [OVS_KEY_ATTR_ND] = sizeof(struct ovs_key_nd),
 257         [OVS_KEY_ATTR_RECIRC_ID] = sizeof(u32),
 258         [OVS_KEY_ATTR_DP_HASH] = sizeof(u32),
 259         [OVS_KEY_ATTR_TUNNEL] = -1,
 260 };
 261
 262 static bool is_all_zero(const u8 *fp, size_t size)
 263 {
 264         int i;
 265
 266         if (!fp)
 267                 return false;
 268
 269         for (i = 0; i < size; i++)
 270                 if (fp[i])
 271                         return false;
 272
 273         return true;
 274 }
 275
 276 static int __parse_flow_nlattrs(const struct nlattr *attr,
 277                                 const struct nlattr *a[],
 278                                 u64 *attrsp, bool nz)
 279 {
 280         const struct nlattr *nla;
 281         u64 attrs;
 282         int rem;
 283
 284         attrs = *attrsp;
 285         nla_for_each_nested(nla, attr, rem) {
 286                 u16 type = nla_type(nla);
 287                 int expected_len;
 288
 289                 if (type > OVS_KEY_ATTR_MAX) {
 290                         OVS_NLERR("Unknown key attribute (type=%d, max=%d).\n",
 291                                   type, OVS_KEY_ATTR_MAX);
 292                         return -EINVAL;
 293                 }
 294
 295                 if (attrs & (1 << type)) {
 296                         OVS_NLERR("Duplicate key attribute (type %d).\n", type);
 297                         return -EINVAL;
 298                 }
 299
 300                 expected_len = ovs_key_lens[type];
 301                 if (nla_len(nla) != expected_len && expected_len != -1) {
 302                         OVS_NLERR("Key attribute has unexpected length (type=%d"
 303                                   ", length=%d, expected=%d).\n", type,
 304                                   nla_len(nla), expected_len);
 305                         return -EINVAL;
 306                 }
 307
 308                 if (!nz || !is_all_zero(nla_data(nla), expected_len)) {
 309                         attrs |= 1 << type;
 310                         a[type] = nla;
 311                 }
 312         }
 313         if (rem) {
 314                 OVS_NLERR("Message has %d unknown bytes.\n", rem);
 315                 return -EINVAL;
 316         }
 317
 318         *attrsp = attrs;
 319         return 0;
 320 }
 321
 322 static int parse_flow_mask_nlattrs(const struct nlattr *attr,
 323                                    const struct nlattr *a[], u64 *attrsp)
 324 {
 325         return __parse_flow_nlattrs(attr, a, attrsp, true);
 326 }
 327
 328 static int parse_flow_nlattrs(const struct nlattr *attr,
 329                               const struct nlattr *a[], u64 *attrsp)
 330 {
 331         return __parse_flow_nlattrs(attr, a, attrsp, false);
 332 }
 333
 334 static int ipv4_tun_from_nlattr(const struct nlattr *attr,
 335                                 struct sw_flow_match *match, bool is_mask)
 336 {
 337         struct nlattr *a;
 338         int rem;
 339         bool ttl = false;
 340         __be16 tun_flags = 0;
 341         unsigned long opt_key_offset;
 342
 343         nla_for_each_nested(a, attr, rem) {
 344                 int type = nla_type(a);
 345                 static const u32 ovs_tunnel_key_lens[OVS_TUNNEL_KEY_ATTR_MAX + 1] = {
 346                         [OVS_TUNNEL_KEY_ATTR_ID] = sizeof(u64),
 347                         [OVS_TUNNEL_KEY_ATTR_IPV4_SRC] = sizeof(u32),
 348                         [OVS_TUNNEL_KEY_ATTR_IPV4_DST] = sizeof(u32),
 349                         [OVS_TUNNEL_KEY_ATTR_TOS] = 1,
 350                         [OVS_TUNNEL_KEY_ATTR_TTL] = 1,
 351                         [OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT] = 0,
 352                         [OVS_TUNNEL_KEY_ATTR_CSUM] = 0,
 353                         [OVS_TUNNEL_KEY_ATTR_OAM] = 0,
 354                         [OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS] = -1,
 355                 };
 356
 357                 if (type > OVS_TUNNEL_KEY_ATTR_MAX) {
 358                         OVS_NLERR("Unknown IPv4 tunnel attribute (type=%d, max=%d).\n",
 359                         type, OVS_TUNNEL_KEY_ATTR_MAX);
 360                         return -EINVAL;
 361                 }
 362
 363                 if (ovs_tunnel_key_lens[type] != nla_len(a) &&
 364                     ovs_tunnel_key_lens[type] != -1) {
 365                         OVS_NLERR("IPv4 tunnel attribute type has unexpected "
 366                                   " length (type=%d, length=%d, expected=%d).\n",
 367                                   type, nla_len(a), ovs_tunnel_key_lens[type]);
 368                         return -EINVAL;
 369                 }
 370
 371                 switch (type) {
 372                 case OVS_TUNNEL_KEY_ATTR_ID:
 373                         SW_FLOW_KEY_PUT(match, tun_key.tun_id,
 374                                         nla_get_be64(a), is_mask);
 375                         tun_flags |= TUNNEL_KEY;
 376                         break;
 377                 case OVS_TUNNEL_KEY_ATTR_IPV4_SRC:
 378                         SW_FLOW_KEY_PUT(match, tun_key.ipv4_src,
 379                                         nla_get_be32(a), is_mask);
 380                         break;
 381                 case OVS_TUNNEL_KEY_ATTR_IPV4_DST:
 382                         SW_FLOW_KEY_PUT(match, tun_key.ipv4_dst,
 383                                         nla_get_be32(a), is_mask);
 384                         break;
 385                 case OVS_TUNNEL_KEY_ATTR_TOS:
 386                         SW_FLOW_KEY_PUT(match, tun_key.ipv4_tos,
 387                                         nla_get_u8(a), is_mask);
 388                         break;
 389                 case OVS_TUNNEL_KEY_ATTR_TTL:
 390                         SW_FLOW_KEY_PUT(match, tun_key.ipv4_ttl,
 391                                         nla_get_u8(a), is_mask);
 392                         ttl = true;
 393                         break;
 394                 case OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT:
 395                         tun_flags |= TUNNEL_DONT_FRAGMENT;
 396                         break;
 397                 case OVS_TUNNEL_KEY_ATTR_CSUM:
 398                         tun_flags |= TUNNEL_CSUM;
 399                         break;
 400                 case OVS_TUNNEL_KEY_ATTR_OAM:
 401                         tun_flags |= TUNNEL_OAM;
 402                         break;
 403                 case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS:
 404                         tun_flags |= TUNNEL_OPTIONS_PRESENT;
 405                         if (nla_len(a) > sizeof(match->key->tun_opts)) {
 406                                 OVS_NLERR("Geneve option length exceeds maximum size (len %d, max %zu).\n",
 407                                           nla_len(a),
 408                                           sizeof(match->key->tun_opts));
 409                                 return -EINVAL;
 410                         }
 411
 412                         if (nla_len(a) % 4 != 0) {
 413                                 OVS_NLERR("Geneve option length is not a multiple of 4 (len %d).\n",
 414                                           nla_len(a));
 415                                 return -EINVAL;
 416                         }
 417
 418                         /* We need to record the length of the options passed
 419                          * down, otherwise packets with the same format but
 420                          * additional options will be silently matched.
 421                          */
 422                         if (!is_mask) {
 423                                 SW_FLOW_KEY_PUT(match, tun_opts_len, nla_len(a),
 424                                                 false);
 425                         } else {
 426                                 /* This is somewhat unusual because it looks at
 427                                  * both the key and mask while parsing the
 428                                  * attributes (and by extension assumes the key
 429                                  * is parsed first). Normally, we would verify
 430                                  * that each is the correct length and that the
 431                                  * attributes line up in the validate function.
 432                                  * However, that is difficult because this is
 433                                  * variable length and we won't have the
 434                                  * information later.
 435                                  */
 436                                 if (match->key->tun_opts_len != nla_len(a)) {
 437                                         OVS_NLERR("Geneve option key length (%d) is different from mask length (%d).",
 438                                                   match->key->tun_opts_len,
 439                                                   nla_len(a));
 440                                         return -EINVAL;
 441                                 }
 442
 443                                 SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff,
 444                                                 true);
 445                         }
 446
 447                         opt_key_offset = (unsigned long)GENEVE_OPTS(
 448                                           (struct sw_flow_key *)0,
 449                                           nla_len(a));
 450                         SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset,
 451                                                   nla_data(a), nla_len(a),
 452                                                   is_mask);
 453                         break;
 454                 default:
 455                         OVS_NLERR("Unknown IPv4 tunnel attribute (%d).\n",
 456                                   type);
 457                         return -EINVAL;
 458                 }
 459         }
 460
 461         SW_FLOW_KEY_PUT(match, tun_key.tun_flags, tun_flags, is_mask);
 462
 463         if (rem > 0) {
 464                 OVS_NLERR("IPv4 tunnel attribute has %d unknown bytes.\n", rem);
 465                 return -EINVAL;
 466         }
 467
 468         if (!is_mask) {
 469                 if (!match->key->tun_key.ipv4_dst) {
 470                         OVS_NLERR("IPv4 tunnel destination address is zero.\n");
 471                         return -EINVAL;
 472                 }
 473
 474                 if (!ttl) {
 475                         OVS_NLERR("IPv4 tunnel TTL not specified.\n");
 476                         return -EINVAL;
 477                 }
 478         }
 479
 480         return 0;
 481 }
 482
 483 static int __ipv4_tun_to_nlattr(struct sk_buff *skb,
 484                                 const struct ovs_key_ipv4_tunnel *output,
 485                                 const struct geneve_opt *tun_opts,
 486                                 int swkey_tun_opts_len)
 487 {
 488         if (output->tun_flags & TUNNEL_KEY &&
 489             nla_put_be64(skb, OVS_TUNNEL_KEY_ATTR_ID, output->tun_id))
 490                 return -EMSGSIZE;
 491         if (output->ipv4_src &&
 492             nla_put_be32(skb, OVS_TUNNEL_KEY_ATTR_IPV4_SRC, output->ipv4_src))
 493                 return -EMSGSIZE;
 494         if (output->ipv4_dst &&
 495             nla_put_be32(skb, OVS_TUNNEL_KEY_ATTR_IPV4_DST, output->ipv4_dst))
 496                 return -EMSGSIZE;
 497         if (output->ipv4_tos &&
 498             nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TOS, output->ipv4_tos))
 499                 return -EMSGSIZE;
 500         if (nla_put_u8(skb, OVS_TUNNEL_KEY_ATTR_TTL, output->ipv4_ttl))
 501                 return -EMSGSIZE;
 502         if ((output->tun_flags & TUNNEL_DONT_FRAGMENT) &&
 503             nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT))
 504                 return -EMSGSIZE;
 505         if ((output->tun_flags & TUNNEL_CSUM) &&
 506             nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_CSUM))
 507                 return -EMSGSIZE;
 508         if ((output->tun_flags & TUNNEL_OAM) &&
 509             nla_put_flag(skb, OVS_TUNNEL_KEY_ATTR_OAM))
 510                 return -EMSGSIZE;
 511         if (tun_opts &&
 512             nla_put(skb, OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS,
 513                     swkey_tun_opts_len, tun_opts))
 514                 return -EMSGSIZE;
 515
 516         return 0;
 517 }
 518
 519
 520 static int ipv4_tun_to_nlattr(struct sk_buff *skb,
 521                               const struct ovs_key_ipv4_tunnel *output,
 522                               const struct geneve_opt *tun_opts,
 523                               int swkey_tun_opts_len)
 524 {
 525         struct nlattr *nla;
 526         int err;
 527
 528         nla = nla_nest_start(skb, OVS_KEY_ATTR_TUNNEL);
 529         if (!nla)
 530                 return -EMSGSIZE;
 531
 532         err = __ipv4_tun_to_nlattr(skb, output, tun_opts, swkey_tun_opts_len);
 533         if (err)
 534                 return err;
 535
 536         nla_nest_end(skb, nla);
 537         return 0;
 538 }
 539
 540 static int metadata_from_nlattrs(struct sw_flow_match *match,  u64 *attrs,
 541                                  const struct nlattr **a, bool is_mask)
 542 {
 543         if (*attrs & (1 << OVS_KEY_ATTR_DP_HASH)) {
 544                 u32 hash_val = nla_get_u32(a[OVS_KEY_ATTR_DP_HASH]);
 545
 546                 SW_FLOW_KEY_PUT(match, ovs_flow_hash, hash_val, is_mask);
 547                 *attrs &= ~(1 << OVS_KEY_ATTR_DP_HASH);
 548         }
 549
 550         if (*attrs & (1 << OVS_KEY_ATTR_RECIRC_ID)) {
 551                 u32 recirc_id = nla_get_u32(a[OVS_KEY_ATTR_RECIRC_ID]);
 552
 553                 SW_FLOW_KEY_PUT(match, recirc_id, recirc_id, is_mask);
 554                 *attrs &= ~(1 << OVS_KEY_ATTR_RECIRC_ID);
 555         }
 556
 557         if (*attrs & (1 << OVS_KEY_ATTR_PRIORITY)) {
 558                 SW_FLOW_KEY_PUT(match, phy.priority,
 559                           nla_get_u32(a[OVS_KEY_ATTR_PRIORITY]), is_mask);
 560                 *attrs &= ~(1 << OVS_KEY_ATTR_PRIORITY);
 561         }
 562
 563         if (*attrs & (1 << OVS_KEY_ATTR_IN_PORT)) {
 564                 u32 in_port = nla_get_u32(a[OVS_KEY_ATTR_IN_PORT]);
 565
 566                 if (is_mask)
 567                         in_port = 0xffffffff; /* Always exact match in_port. */
 568                 else if (in_port >= DP_MAX_PORTS)
 569                         return -EINVAL;
 570
 571                 SW_FLOW_KEY_PUT(match, phy.in_port, in_port, is_mask);
 572                 *attrs &= ~(1 << OVS_KEY_ATTR_IN_PORT);
 573         } else if (!is_mask) {
 574                 SW_FLOW_KEY_PUT(match, phy.in_port, DP_MAX_PORTS, is_mask);
 575         }
 576
 577         if (*attrs & (1 << OVS_KEY_ATTR_SKB_MARK)) {
 578                 uint32_t mark = nla_get_u32(a[OVS_KEY_ATTR_SKB_MARK]);
 579
 580                 SW_FLOW_KEY_PUT(match, phy.skb_mark, mark, is_mask);
 581                 *attrs &= ~(1 << OVS_KEY_ATTR_SKB_MARK);
 582         }
 583         if (*attrs & (1 << OVS_KEY_ATTR_TUNNEL)) {
 584                 if (ipv4_tun_from_nlattr(a[OVS_KEY_ATTR_TUNNEL], match,
 585                                          is_mask))
 586                         return -EINVAL;
 587                 *attrs &= ~(1 << OVS_KEY_ATTR_TUNNEL);
 588         }
 589         return 0;
 590 }
 591
 592 static int ovs_key_from_nlattrs(struct sw_flow_match *match, u64 attrs,
 593                                 const struct nlattr **a, bool is_mask)
 594 {
 595         int err;
 596         u64 orig_attrs = attrs;
 597
 598         err = metadata_from_nlattrs(match, &attrs, a, is_mask);
 599         if (err)
 600                 return err;
 601
 602         if (attrs & (1 << OVS_KEY_ATTR_ETHERNET)) {
 603                 const struct ovs_key_ethernet *eth_key;
 604
 605                 eth_key = nla_data(a[OVS_KEY_ATTR_ETHERNET]);
 606                 SW_FLOW_KEY_MEMCPY(match, eth.src,
 607                                 eth_key->eth_src, ETH_ALEN, is_mask);
 608                 SW_FLOW_KEY_MEMCPY(match, eth.dst,
 609                                 eth_key->eth_dst, ETH_ALEN, is_mask);
 610                 attrs &= ~(1 << OVS_KEY_ATTR_ETHERNET);
 611         }
 612
 613         if (attrs & (1 << OVS_KEY_ATTR_VLAN)) {
 614                 __be16 tci;
 615
 616                 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
 617                 if (!(tci & htons(VLAN_TAG_PRESENT))) {
 618                         if (is_mask)
 619                                 OVS_NLERR("VLAN TCI mask does not have exact match for VLAN_TAG_PRESENT bit.\n");
 620                         else
 621                                 OVS_NLERR("VLAN TCI does not have VLAN_TAG_PRESENT bit set.\n");
 622
 623                         return -EINVAL;
 624                 }
 625
 626                 SW_FLOW_KEY_PUT(match, eth.tci, tci, is_mask);
 627                 attrs &= ~(1 << OVS_KEY_ATTR_VLAN);
 628         } else if (!is_mask)
 629                 SW_FLOW_KEY_PUT(match, eth.tci, htons(0xffff), true);
 630
 631         if (attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) {
 632                 __be16 eth_type;
 633
 634                 eth_type = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
 635                 if (is_mask) {
 636                         /* Always exact match EtherType. */
 637                         eth_type = htons(0xffff);
 638                 } else if (ntohs(eth_type) < ETH_P_802_3_MIN) {
 639                         OVS_NLERR("EtherType is less than minimum (type=%x, min=%x).\n",
 640                                         ntohs(eth_type), ETH_P_802_3_MIN);
 641                         return -EINVAL;
 642                 }
 643
 644                 SW_FLOW_KEY_PUT(match, eth.type, eth_type, is_mask);
 645                 attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE);
 646         } else if (!is_mask) {
 647                 SW_FLOW_KEY_PUT(match, eth.type, htons(ETH_P_802_2), is_mask);
 648         }
 649
 650         if (attrs & (1 << OVS_KEY_ATTR_IPV4)) {
 651                 const struct ovs_key_ipv4 *ipv4_key;
 652
 653                 ipv4_key = nla_data(a[OVS_KEY_ATTR_IPV4]);
 654                 if (!is_mask && ipv4_key->ipv4_frag > OVS_FRAG_TYPE_MAX) {
 655                         OVS_NLERR("Unknown IPv4 fragment type (value=%d, max=%d).\n",
 656                                 ipv4_key->ipv4_frag, OVS_FRAG_TYPE_MAX);
 657                         return -EINVAL;
 658                 }
 659                 SW_FLOW_KEY_PUT(match, ip.proto,
 660                                 ipv4_key->ipv4_proto, is_mask);
 661                 SW_FLOW_KEY_PUT(match, ip.tos,
 662                                 ipv4_key->ipv4_tos, is_mask);
 663                 SW_FLOW_KEY_PUT(match, ip.ttl,
 664                                 ipv4_key->ipv4_ttl, is_mask);
 665                 SW_FLOW_KEY_PUT(match, ip.frag,
 666                                 ipv4_key->ipv4_frag, is_mask);
 667                 SW_FLOW_KEY_PUT(match, ipv4.addr.src,
 668                                 ipv4_key->ipv4_src, is_mask);
 669                 SW_FLOW_KEY_PUT(match, ipv4.addr.dst,
 670                                 ipv4_key->ipv4_dst, is_mask);
 671                 attrs &= ~(1 << OVS_KEY_ATTR_IPV4);
 672         }
 673
 674         if (attrs & (1 << OVS_KEY_ATTR_IPV6)) {
 675                 const struct ovs_key_ipv6 *ipv6_key;
 676
 677                 ipv6_key = nla_data(a[OVS_KEY_ATTR_IPV6]);
 678                 if (!is_mask && ipv6_key->ipv6_frag > OVS_FRAG_TYPE_MAX) {
 679                         OVS_NLERR("Unknown IPv6 fragment type (value=%d, max=%d).\n",
 680                                 ipv6_key->ipv6_frag, OVS_FRAG_TYPE_MAX);
 681                         return -EINVAL;
 682                 }
 683                 SW_FLOW_KEY_PUT(match, ipv6.label,
 684                                 ipv6_key->ipv6_label, is_mask);
 685                 SW_FLOW_KEY_PUT(match, ip.proto,
 686                                 ipv6_key->ipv6_proto, is_mask);
 687                 SW_FLOW_KEY_PUT(match, ip.tos,
 688                                 ipv6_key->ipv6_tclass, is_mask);
 689                 SW_FLOW_KEY_PUT(match, ip.ttl,
 690                                 ipv6_key->ipv6_hlimit, is_mask);
 691                 SW_FLOW_KEY_PUT(match, ip.frag,
 692                                 ipv6_key->ipv6_frag, is_mask);
 693                 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.src,
 694                                 ipv6_key->ipv6_src,
 695                                 sizeof(match->key->ipv6.addr.src),
 696                                 is_mask);
 697                 SW_FLOW_KEY_MEMCPY(match, ipv6.addr.dst,
 698                                 ipv6_key->ipv6_dst,
 699                                 sizeof(match->key->ipv6.addr.dst),
 700                                 is_mask);
 701
 702                 attrs &= ~(1 << OVS_KEY_ATTR_IPV6);
 703         }
 704
 705         if (attrs & (1 << OVS_KEY_ATTR_ARP)) {
 706                 const struct ovs_key_arp *arp_key;
 707
 708                 arp_key = nla_data(a[OVS_KEY_ATTR_ARP]);
 709                 if (!is_mask && (arp_key->arp_op & htons(0xff00))) {
 710                         OVS_NLERR("Unknown ARP opcode (opcode=%d).\n",
 711                                   arp_key->arp_op);
 712                         return -EINVAL;
 713                 }
 714
 715                 SW_FLOW_KEY_PUT(match, ipv4.addr.src,
 716                                 arp_key->arp_sip, is_mask);
 717                 SW_FLOW_KEY_PUT(match, ipv4.addr.dst,
 718                         arp_key->arp_tip, is_mask);
 719                 SW_FLOW_KEY_PUT(match, ip.proto,
 720                                 ntohs(arp_key->arp_op), is_mask);
 721                 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.sha,
 722                                 arp_key->arp_sha, ETH_ALEN, is_mask);
 723                 SW_FLOW_KEY_MEMCPY(match, ipv4.arp.tha,
 724                                 arp_key->arp_tha, ETH_ALEN, is_mask);
 725
 726                 attrs &= ~(1 << OVS_KEY_ATTR_ARP);
 727         }
 728
 729         if (attrs & (1 << OVS_KEY_ATTR_TCP)) {
 730                 const struct ovs_key_tcp *tcp_key;
 731
 732                 tcp_key = nla_data(a[OVS_KEY_ATTR_TCP]);
 733                 SW_FLOW_KEY_PUT(match, tp.src, tcp_key->tcp_src, is_mask);
 734                 SW_FLOW_KEY_PUT(match, tp.dst, tcp_key->tcp_dst, is_mask);
 735                 attrs &= ~(1 << OVS_KEY_ATTR_TCP);
 736         }
 737
 738         if (attrs & (1 << OVS_KEY_ATTR_TCP_FLAGS)) {
 739                 if (orig_attrs & (1 << OVS_KEY_ATTR_IPV4)) {
 740                         SW_FLOW_KEY_PUT(match, tp.flags,
 741                                         nla_get_be16(a[OVS_KEY_ATTR_TCP_FLAGS]),
 742                                         is_mask);
 743                 } else {
 744                         SW_FLOW_KEY_PUT(match, tp.flags,
 745                                         nla_get_be16(a[OVS_KEY_ATTR_TCP_FLAGS]),
 746                                         is_mask);
 747                 }
 748                 attrs &= ~(1 << OVS_KEY_ATTR_TCP_FLAGS);
 749         }
 750
 751         if (attrs & (1 << OVS_KEY_ATTR_UDP)) {
 752                 const struct ovs_key_udp *udp_key;
 753
 754                 udp_key = nla_data(a[OVS_KEY_ATTR_UDP]);
 755                 SW_FLOW_KEY_PUT(match, tp.src, udp_key->udp_src, is_mask);
 756                 SW_FLOW_KEY_PUT(match, tp.dst, udp_key->udp_dst, is_mask);
 757                 attrs &= ~(1 << OVS_KEY_ATTR_UDP);
 758         }
 759
 760         if (attrs & (1 << OVS_KEY_ATTR_SCTP)) {
 761                 const struct ovs_key_sctp *sctp_key;
 762
 763                 sctp_key = nla_data(a[OVS_KEY_ATTR_SCTP]);
 764                 SW_FLOW_KEY_PUT(match, tp.src, sctp_key->sctp_src, is_mask);
 765                 SW_FLOW_KEY_PUT(match, tp.dst, sctp_key->sctp_dst, is_mask);
 766                 attrs &= ~(1 << OVS_KEY_ATTR_SCTP);
 767         }
 768
 769         if (attrs & (1 << OVS_KEY_ATTR_ICMP)) {
 770                 const struct ovs_key_icmp *icmp_key;
 771
 772                 icmp_key = nla_data(a[OVS_KEY_ATTR_ICMP]);
 773                 SW_FLOW_KEY_PUT(match, tp.src,
 774                                 htons(icmp_key->icmp_type), is_mask);
 775                 SW_FLOW_KEY_PUT(match, tp.dst,
 776                                 htons(icmp_key->icmp_code), is_mask);
 777                 attrs &= ~(1 << OVS_KEY_ATTR_ICMP);
 778         }
 779
 780         if (attrs & (1 << OVS_KEY_ATTR_ICMPV6)) {
 781                 const struct ovs_key_icmpv6 *icmpv6_key;
 782
 783                 icmpv6_key = nla_data(a[OVS_KEY_ATTR_ICMPV6]);
 784                 SW_FLOW_KEY_PUT(match, tp.src,
 785                                 htons(icmpv6_key->icmpv6_type), is_mask);
 786                 SW_FLOW_KEY_PUT(match, tp.dst,
 787                                 htons(icmpv6_key->icmpv6_code), is_mask);
 788                 attrs &= ~(1 << OVS_KEY_ATTR_ICMPV6);
 789         }
 790
 791         if (attrs & (1 << OVS_KEY_ATTR_ND)) {
 792                 const struct ovs_key_nd *nd_key;
 793
 794                 nd_key = nla_data(a[OVS_KEY_ATTR_ND]);
 795                 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.target,
 796                         nd_key->nd_target,
 797                         sizeof(match->key->ipv6.nd.target),
 798                         is_mask);
 799                 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.sll,
 800                         nd_key->nd_sll, ETH_ALEN, is_mask);
 801                 SW_FLOW_KEY_MEMCPY(match, ipv6.nd.tll,
 802                                 nd_key->nd_tll, ETH_ALEN, is_mask);
 803                 attrs &= ~(1 << OVS_KEY_ATTR_ND);
 804         }
 805
 806         if (attrs != 0)
 807                 return -EINVAL;
 808
 809         return 0;
 810 }
 811
 812 static void sw_flow_mask_set(struct sw_flow_mask *mask,
 813                              struct sw_flow_key_range *range, u8 val)
 814 {
 815         u8 *m = (u8 *)&mask->key + range->start;
 816
 817         mask->range = *range;
 818         memset(m, val, range_n_bytes(range));
 819 }
 820
 821 /**
 822  * ovs_nla_get_match - parses Netlink attributes into a flow key and
 823  * mask. In case the 'mask' is NULL, the flow is treated as exact match
 824  * flow. Otherwise, it is treated as a wildcarded flow, except the mask
 825  * does not include any don't care bit.
 826  * @match: receives the extracted flow match information.
 827  * @key: Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink attribute
 828  * sequence. The fields should of the packet that triggered the creation
 829  * of this flow.
 830  * @mask: Optional. Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink
 831  * attribute specifies the mask field of the wildcarded flow.
 832  */
 833 int ovs_nla_get_match(struct sw_flow_match *match,
 834                       const struct nlattr *key,
 835                       const struct nlattr *mask)
 836 {
 837         const struct nlattr *a[OVS_KEY_ATTR_MAX + 1];
 838         const struct nlattr *encap;
 839         u64 key_attrs = 0;
 840         u64 mask_attrs = 0;
 841         bool encap_valid = false;
 842         int err;
 843
 844         err = parse_flow_nlattrs(key, a, &key_attrs);
 845         if (err)
 846                 return err;
 847
 848         if ((key_attrs & (1 << OVS_KEY_ATTR_ETHERNET)) &&
 849             (key_attrs & (1 << OVS_KEY_ATTR_ETHERTYPE)) &&
 850             (nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]) == htons(ETH_P_8021Q))) {
 851                 __be16 tci;
 852
 853                 if (!((key_attrs & (1 << OVS_KEY_ATTR_VLAN)) &&
 854                       (key_attrs & (1 << OVS_KEY_ATTR_ENCAP)))) {
 855                         OVS_NLERR("Invalid Vlan frame.\n");
 856                         return -EINVAL;
 857                 }
 858
 859                 key_attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE);
 860                 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
 861                 encap = a[OVS_KEY_ATTR_ENCAP];
 862                 key_attrs &= ~(1 << OVS_KEY_ATTR_ENCAP);
 863                 encap_valid = true;
 864
 865                 if (tci & htons(VLAN_TAG_PRESENT)) {
 866                         err = parse_flow_nlattrs(encap, a, &key_attrs);
 867                         if (err)
 868                                 return err;
 869                 } else if (!tci) {
 870                         /* Corner case for truncated 802.1Q header. */
 871                         if (nla_len(encap)) {
 872                                 OVS_NLERR("Truncated 802.1Q header has non-zero encap attribute.\n");
 873                                 return -EINVAL;
 874                         }
 875                 } else {
 876                         OVS_NLERR("Encap attribute is set for a non-VLAN frame.\n");
 877                         return  -EINVAL;
 878                 }
 879         }
 880
 881         err = ovs_key_from_nlattrs(match, key_attrs, a, false);
 882         if (err)
 883                 return err;
 884
 885         if (mask) {
 886                 err = parse_flow_mask_nlattrs(mask, a, &mask_attrs);
 887                 if (err)
 888                         return err;
 889
 890                 if (mask_attrs & 1 << OVS_KEY_ATTR_ENCAP)  {
 891                         __be16 eth_type = 0;
 892                         __be16 tci = 0;
 893
 894                         if (!encap_valid) {
 895                                 OVS_NLERR("Encap mask attribute is set for non-VLAN frame.\n");
 896                                 return  -EINVAL;
 897                         }
 898
 899                         mask_attrs &= ~(1 << OVS_KEY_ATTR_ENCAP);
 900                         if (a[OVS_KEY_ATTR_ETHERTYPE])
 901                                 eth_type = nla_get_be16(a[OVS_KEY_ATTR_ETHERTYPE]);
 902
 903                         if (eth_type == htons(0xffff)) {
 904                                 mask_attrs &= ~(1 << OVS_KEY_ATTR_ETHERTYPE);
 905                                 encap = a[OVS_KEY_ATTR_ENCAP];
 906                                 err = parse_flow_mask_nlattrs(encap, a, &mask_attrs);
 907                         } else {
 908                                 OVS_NLERR("VLAN frames must have an exact match on the TPID (mask=%x).\n",
 909                                                 ntohs(eth_type));
 910                                 return -EINVAL;
 911                         }
 912
 913                         if (a[OVS_KEY_ATTR_VLAN])
 914                                 tci = nla_get_be16(a[OVS_KEY_ATTR_VLAN]);
 915
 916                         if (!(tci & htons(VLAN_TAG_PRESENT))) {
 917                                 OVS_NLERR("VLAN tag present bit must have an exact match (tci_mask=%x).\n", ntohs(tci));
 918                                 return -EINVAL;
 919                         }
 920                 }
 921
 922                 err = ovs_key_from_nlattrs(match, mask_attrs, a, true);
 923                 if (err)
 924                         return err;
 925         } else {
 926                 /* Populate exact match flow's key mask. */
 927                 if (match->mask)
 928                         sw_flow_mask_set(match->mask, &match->range, 0xff);
 929         }
 930
 931         if (!match_validate(match, key_attrs, mask_attrs))
 932                 return -EINVAL;
 933
 934         return 0;
 935 }
 936
 937 /**
 938  * ovs_nla_get_flow_metadata - parses Netlink attributes into a flow key.
 939  * @key: Receives extracted in_port, priority, tun_key and skb_mark.
 940  * @attr: Netlink attribute holding nested %OVS_KEY_ATTR_* Netlink attribute
 941  * sequence.
 942  *
 943  * This parses a series of Netlink attributes that form a flow key, which must
 944  * take the same form accepted by flow_from_nlattrs(), but only enough of it to
 945  * get the metadata, that is, the parts of the flow key that cannot be
 946  * extracted from the packet itself.
 947  */
 948
 949 int ovs_nla_get_flow_metadata(const struct nlattr *attr,
 950                               struct sw_flow_key *key)
 951 {
 952         const struct nlattr *a[OVS_KEY_ATTR_MAX + 1];
 953         struct sw_flow_match match;
 954         u64 attrs = 0;
 955         int err;
 956
 957         err = parse_flow_nlattrs(attr, a, &attrs);
 958         if (err)
 959                 return -EINVAL;
 960
 961         memset(&match, 0, sizeof(match));
 962         match.key = key;
 963
 964         key->phy.in_port = DP_MAX_PORTS;
 965
 966         return metadata_from_nlattrs(&match, &attrs, a, false);
 967 }
 968
 969 int ovs_nla_put_flow(const struct sw_flow_key *swkey,
 970                      const struct sw_flow_key *output, struct sk_buff *skb)
 971 {
 972         struct ovs_key_ethernet *eth_key;
 973         struct nlattr *nla, *encap;
 974         bool is_mask = (swkey != output);
 975
 976         if (nla_put_u32(skb, OVS_KEY_ATTR_RECIRC_ID, output->recirc_id))
 977                 goto nla_put_failure;
 978
 979         if (nla_put_u32(skb, OVS_KEY_ATTR_DP_HASH, output->ovs_flow_hash))
 980                 goto nla_put_failure;
 981
 982         if (nla_put_u32(skb, OVS_KEY_ATTR_PRIORITY, output->phy.priority))
 983                 goto nla_put_failure;
 984
 985         if ((swkey->tun_key.ipv4_dst || is_mask)) {
 986                 const struct geneve_opt *opts = NULL;
 987
 988                 if (output->tun_key.tun_flags & TUNNEL_OPTIONS_PRESENT)
 989                         opts = GENEVE_OPTS(output, swkey->tun_opts_len);
 990
 991                 if (ipv4_tun_to_nlattr(skb, &output->tun_key, opts,
 992                                        swkey->tun_opts_len))
 993                         goto nla_put_failure;
 994         }
 995
 996         if (swkey->phy.in_port == DP_MAX_PORTS) {
 997                 if (is_mask && (output->phy.in_port == 0xffff))
 998                         if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT, 0xffffffff))
 999                                 goto nla_put_failure;
1000         } else {
1001                 u16 upper_u16;
1002                 upper_u16 = !is_mask ? 0 : 0xffff;
1003
1004                 if (nla_put_u32(skb, OVS_KEY_ATTR_IN_PORT,
1005                                 (upper_u16 << 16) | output->phy.in_port))
1006                         goto nla_put_failure;
1007         }
1008
1009         if (nla_put_u32(skb, OVS_KEY_ATTR_SKB_MARK, output->phy.skb_mark))
1010                 goto nla_put_failure;
1011
1012         nla = nla_reserve(skb, OVS_KEY_ATTR_ETHERNET, sizeof(*eth_key));
1013         if (!nla)
1014                 goto nla_put_failure;
1015
1016         eth_key = nla_data(nla);
1017         ether_addr_copy(eth_key->eth_src, output->eth.src);
1018         ether_addr_copy(eth_key->eth_dst, output->eth.dst);
1019
1020         if (swkey->eth.tci || swkey->eth.type == htons(ETH_P_8021Q)) {
1021                 __be16 eth_type;
1022                 eth_type = !is_mask ? htons(ETH_P_8021Q) : htons(0xffff);
1023                 if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, eth_type) ||
1024                     nla_put_be16(skb, OVS_KEY_ATTR_VLAN, output->eth.tci))
1025                         goto nla_put_failure;
1026                 encap = nla_nest_start(skb, OVS_KEY_ATTR_ENCAP);
1027                 if (!swkey->eth.tci)
1028                         goto unencap;
1029         } else
1030                 encap = NULL;
1031
1032         if (swkey->eth.type == htons(ETH_P_802_2)) {
1033                 /*
1034                  * Ethertype 802.2 is represented in the netlink with omitted
1035                  * OVS_KEY_ATTR_ETHERTYPE in the flow key attribute, and
1036                  * 0xffff in the mask attribute.  Ethertype can also
1037                  * be wildcarded.
1038                  */
1039                 if (is_mask && output->eth.type)
1040                         if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE,
1041                                                 output->eth.type))
1042                                 goto nla_put_failure;
1043                 goto unencap;
1044         }
1045
1046         if (nla_put_be16(skb, OVS_KEY_ATTR_ETHERTYPE, output->eth.type))
1047                 goto nla_put_failure;
1048
1049         if (swkey->eth.type == htons(ETH_P_IP)) {
1050                 struct ovs_key_ipv4 *ipv4_key;
1051
1052                 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV4, sizeof(*ipv4_key));
1053                 if (!nla)
1054                         goto nla_put_failure;
1055                 ipv4_key = nla_data(nla);
1056                 ipv4_key->ipv4_src = output->ipv4.addr.src;
1057                 ipv4_key->ipv4_dst = output->ipv4.addr.dst;
1058                 ipv4_key->ipv4_proto = output->ip.proto;
1059                 ipv4_key->ipv4_tos = output->ip.tos;
1060                 ipv4_key->ipv4_ttl = output->ip.ttl;
1061                 ipv4_key->ipv4_frag = output->ip.frag;
1062         } else if (swkey->eth.type == htons(ETH_P_IPV6)) {
1063                 struct ovs_key_ipv6 *ipv6_key;
1064
1065                 nla = nla_reserve(skb, OVS_KEY_ATTR_IPV6, sizeof(*ipv6_key));
1066                 if (!nla)
1067                         goto nla_put_failure;
1068                 ipv6_key = nla_data(nla);
1069                 memcpy(ipv6_key->ipv6_src, &output->ipv6.addr.src,
1070                                 sizeof(ipv6_key->ipv6_src));
1071                 memcpy(ipv6_key->ipv6_dst, &output->ipv6.addr.dst,
1072                                 sizeof(ipv6_key->ipv6_dst));
1073                 ipv6_key->ipv6_label = output->ipv6.label;
1074                 ipv6_key->ipv6_proto = output->ip.proto;
1075                 ipv6_key->ipv6_tclass = output->ip.tos;
1076                 ipv6_key->ipv6_hlimit = output->ip.ttl;
1077                 ipv6_key->ipv6_frag = output->ip.frag;
1078         } else if (swkey->eth.type == htons(ETH_P_ARP) ||
1079                    swkey->eth.type == htons(ETH_P_RARP)) {
1080                 struct ovs_key_arp *arp_key;
1081
1082                 nla = nla_reserve(skb, OVS_KEY_ATTR_ARP, sizeof(*arp_key));
1083                 if (!nla)
1084                         goto nla_put_failure;
1085                 arp_key = nla_data(nla);
1086                 memset(arp_key, 0, sizeof(struct ovs_key_arp));
1087                 arp_key->arp_sip = output->ipv4.addr.src;
1088                 arp_key->arp_tip = output->ipv4.addr.dst;
1089                 arp_key->arp_op = htons(output->ip.proto);
1090                 ether_addr_copy(arp_key->arp_sha, output->ipv4.arp.sha);
1091                 ether_addr_copy(arp_key->arp_tha, output->ipv4.arp.tha);
1092         }
1093
1094         if ((swkey->eth.type == htons(ETH_P_IP) ||
1095              swkey->eth.type == htons(ETH_P_IPV6)) &&
1096              swkey->ip.frag != OVS_FRAG_TYPE_LATER) {
1097
1098                 if (swkey->ip.proto == IPPROTO_TCP) {
1099                         struct ovs_key_tcp *tcp_key;
1100
1101                         nla = nla_reserve(skb, OVS_KEY_ATTR_TCP, sizeof(*tcp_key));
1102                         if (!nla)
1103                                 goto nla_put_failure;
1104                         tcp_key = nla_data(nla);
1105                         tcp_key->tcp_src = output->tp.src;
1106                         tcp_key->tcp_dst = output->tp.dst;
1107                         if (nla_put_be16(skb, OVS_KEY_ATTR_TCP_FLAGS,
1108                                          output->tp.flags))
1109                                 goto nla_put_failure;
1110                 } else if (swkey->ip.proto == IPPROTO_UDP) {
1111                         struct ovs_key_udp *udp_key;
1112
1113                         nla = nla_reserve(skb, OVS_KEY_ATTR_UDP, sizeof(*udp_key));
1114                         if (!nla)
1115                                 goto nla_put_failure;
1116                         udp_key = nla_data(nla);
1117                         udp_key->udp_src = output->tp.src;
1118                         udp_key->udp_dst = output->tp.dst;
1119                 } else if (swkey->ip.proto == IPPROTO_SCTP) {
1120                         struct ovs_key_sctp *sctp_key;
1121
1122                         nla = nla_reserve(skb, OVS_KEY_ATTR_SCTP, sizeof(*sctp_key));
1123                         if (!nla)
1124                                 goto nla_put_failure;
1125                         sctp_key = nla_data(nla);
1126                         sctp_key->sctp_src = output->tp.src;
1127                         sctp_key->sctp_dst = output->tp.dst;
1128                 } else if (swkey->eth.type == htons(ETH_P_IP) &&
1129                            swkey->ip.proto == IPPROTO_ICMP) {
1130                         struct ovs_key_icmp *icmp_key;
1131
1132                         nla = nla_reserve(skb, OVS_KEY_ATTR_ICMP, sizeof(*icmp_key));
1133                         if (!nla)
1134                                 goto nla_put_failure;
1135                         icmp_key = nla_data(nla);
1136                         icmp_key->icmp_type = ntohs(output->tp.src);
1137                         icmp_key->icmp_code = ntohs(output->tp.dst);
1138                 } else if (swkey->eth.type == htons(ETH_P_IPV6) &&
1139                            swkey->ip.proto == IPPROTO_ICMPV6) {
1140                         struct ovs_key_icmpv6 *icmpv6_key;
1141
1142                         nla = nla_reserve(skb, OVS_KEY_ATTR_ICMPV6,
1143                                                 sizeof(*icmpv6_key));
1144                         if (!nla)
1145                                 goto nla_put_failure;
1146                         icmpv6_key = nla_data(nla);
1147                         icmpv6_key->icmpv6_type = ntohs(output->tp.src);
1148                         icmpv6_key->icmpv6_code = ntohs(output->tp.dst);
1149
1150                         if (icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_SOLICITATION ||
1151                             icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_ADVERTISEMENT) {
1152                                 struct ovs_key_nd *nd_key;
1153
1154                                 nla = nla_reserve(skb, OVS_KEY_ATTR_ND, sizeof(*nd_key));
1155                                 if (!nla)
1156                                         goto nla_put_failure;
1157                                 nd_key = nla_data(nla);
1158                                 memcpy(nd_key->nd_target, &output->ipv6.nd.target,
1159                                                         sizeof(nd_key->nd_target));
1160                                 ether_addr_copy(nd_key->nd_sll, output->ipv6.nd.sll);
1161                                 ether_addr_copy(nd_key->nd_tll, output->ipv6.nd.tll);
1162                         }
1163                 }
1164         }
1165
1166 unencap:
1167         if (encap)
1168                 nla_nest_end(skb, encap);
1169
1170         return 0;
1171
1172 nla_put_failure:
1173         return -EMSGSIZE;
1174 }
1175
1176 #define MAX_ACTIONS_BUFSIZE     (32 * 1024)
1177
1178 struct sw_flow_actions *ovs_nla_alloc_flow_actions(int size)
1179 {
1180         struct sw_flow_actions *sfa;
1181
1182         if (size > MAX_ACTIONS_BUFSIZE)
1183                 return ERR_PTR(-EINVAL);
1184
1185         sfa = kmalloc(sizeof(*sfa) + size, GFP_KERNEL);
1186         if (!sfa)
1187                 return ERR_PTR(-ENOMEM);
1188
1189         sfa->actions_len = 0;
1190         return sfa;
1191 }
1192
1193 /* Schedules 'sf_acts' to be freed after the next RCU grace period.
1194  * The caller must hold rcu_read_lock for this to be sensible. */
1195 void ovs_nla_free_flow_actions(struct sw_flow_actions *sf_acts)
1196 {
1197         kfree_rcu(sf_acts, rcu);
1198 }
1199
1200 static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa,
1201                                        int attr_len)
1202 {
1203
1204         struct sw_flow_actions *acts;
1205         int new_acts_size;
1206         int req_size = NLA_ALIGN(attr_len);
1207         int next_offset = offsetof(struct sw_flow_actions, actions) +
1208                                         (*sfa)->actions_len;
1209
1210         if (req_size <= (ksize(*sfa) - next_offset))
1211                 goto out;
1212
1213         new_acts_size = ksize(*sfa) * 2;
1214
1215         if (new_acts_size > MAX_ACTIONS_BUFSIZE) {
1216                 if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size)
1217                         return ERR_PTR(-EMSGSIZE);
1218                 new_acts_size = MAX_ACTIONS_BUFSIZE;
1219         }
1220
1221         acts = ovs_nla_alloc_flow_actions(new_acts_size);
1222         if (IS_ERR(acts))
1223                 return (void *)acts;
1224
1225         memcpy(acts->actions, (*sfa)->actions, (*sfa)->actions_len);
1226         acts->actions_len = (*sfa)->actions_len;
1227         kfree(*sfa);
1228         *sfa = acts;
1229
1230 out:
1231         (*sfa)->actions_len += req_size;
1232         return  (struct nlattr *) ((unsigned char *)(*sfa) + next_offset);
1233 }
1234
1235 static struct nlattr *__add_action(struct sw_flow_actions **sfa,
1236                                    int attrtype, void *data, int len)
1237 {
1238         struct nlattr *a;
1239
1240         a = reserve_sfa_size(sfa, nla_attr_size(len));
1241         if (IS_ERR(a))
1242                 return a;
1243
1244         a->nla_type = attrtype;
1245         a->nla_len = nla_attr_size(len);
1246
1247         if (data)
1248                 memcpy(nla_data(a), data, len);
1249         memset((unsigned char *) a + a->nla_len, 0, nla_padlen(len));
1250
1251         return a;
1252 }
1253
1254 static int add_action(struct sw_flow_actions **sfa, int attrtype,
1255                       void *data, int len)
1256 {
1257         struct nlattr *a;
1258
1259         a = __add_action(sfa, attrtype, data, len);
1260         if (IS_ERR(a))
1261                 return PTR_ERR(a);
1262
1263         return 0;
1264 }
1265
1266 static inline int add_nested_action_start(struct sw_flow_actions **sfa,
1267                                           int attrtype)
1268 {
1269         int used = (*sfa)->actions_len;
1270         int err;
1271
1272         err = add_action(sfa, attrtype, NULL, 0);
1273         if (err)
1274                 return err;
1275
1276         return used;
1277 }
1278
1279 static inline void add_nested_action_end(struct sw_flow_actions *sfa,
1280                                          int st_offset)
1281 {
1282         struct nlattr *a = (struct nlattr *) ((unsigned char *)sfa->actions +
1283                                                                st_offset);
1284
1285         a->nla_len = sfa->actions_len - st_offset;
1286 }
1287
1288 static int validate_and_copy_sample(const struct nlattr *attr,
1289                                     const struct sw_flow_key *key, int depth,
1290                                     struct sw_flow_actions **sfa)
1291 {
1292         const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1];
1293         const struct nlattr *probability, *actions;
1294         const struct nlattr *a;
1295         int rem, start, err, st_acts;
1296
1297         memset(attrs, 0, sizeof(attrs));
1298         nla_for_each_nested(a, attr, rem) {
1299                 int type = nla_type(a);
1300                 if (!type || type > OVS_SAMPLE_ATTR_MAX || attrs[type])
1301                         return -EINVAL;
1302                 attrs[type] = a;
1303         }
1304         if (rem)
1305                 return -EINVAL;
1306
1307         probability = attrs[OVS_SAMPLE_ATTR_PROBABILITY];
1308         if (!probability || nla_len(probability) != sizeof(u32))
1309                 return -EINVAL;
1310
1311         actions = attrs[OVS_SAMPLE_ATTR_ACTIONS];
1312         if (!actions || (nla_len(actions) && nla_len(actions) < NLA_HDRLEN))
1313                 return -EINVAL;
1314
1315         /* validation done, copy sample action. */
1316         start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SAMPLE);
1317         if (start < 0)
1318                 return start;
1319         err = add_action(sfa, OVS_SAMPLE_ATTR_PROBABILITY,
1320                          nla_data(probability), sizeof(u32));
1321         if (err)
1322                 return err;
1323         st_acts = add_nested_action_start(sfa, OVS_SAMPLE_ATTR_ACTIONS);
1324         if (st_acts < 0)
1325                 return st_acts;
1326
1327         err = ovs_nla_copy_actions(actions, key, depth + 1, sfa);
1328         if (err)
1329                 return err;
1330
1331         add_nested_action_end(*sfa, st_acts);
1332         add_nested_action_end(*sfa, start);
1333
1334         return 0;
1335 }
1336
1337 static int validate_tp_port(const struct sw_flow_key *flow_key)
1338 {
1339         if ((flow_key->eth.type == htons(ETH_P_IP) ||
1340              flow_key->eth.type == htons(ETH_P_IPV6)) &&
1341             (flow_key->tp.src || flow_key->tp.dst))
1342                 return 0;
1343
1344         return -EINVAL;
1345 }
1346
1347 void ovs_match_init(struct sw_flow_match *match,
1348                     struct sw_flow_key *key,
1349                     struct sw_flow_mask *mask)
1350 {
1351         memset(match, 0, sizeof(*match));
1352         match->key = key;
1353         match->mask = mask;
1354
1355         memset(key, 0, sizeof(*key));
1356
1357         if (mask) {
1358                 memset(&mask->key, 0, sizeof(mask->key));
1359                 mask->range.start = mask->range.end = 0;
1360         }
1361 }
1362
1363 static int validate_and_copy_set_tun(const struct nlattr *attr,
1364                                      struct sw_flow_actions **sfa)
1365 {
1366         struct sw_flow_match match;
1367         struct sw_flow_key key;
1368         struct ovs_tunnel_info *tun_info;
1369         struct nlattr *a;
1370         int err, start;
1371
1372         ovs_match_init(&match, &key, NULL);
1373         err = ipv4_tun_from_nlattr(nla_data(attr), &match, false);
1374         if (err)
1375                 return err;
1376
1377         if (key.tun_opts_len) {
1378                 struct geneve_opt *option = GENEVE_OPTS(&key,
1379                                                         key.tun_opts_len);
1380                 int opts_len = key.tun_opts_len;
1381                 bool crit_opt = false;
1382
1383                 while (opts_len > 0) {
1384                         int len;
1385
1386                         if (opts_len < sizeof(*option))
1387                                 return -EINVAL;
1388
1389                         len = sizeof(*option) + option->length * 4;
1390                         if (len > opts_len)
1391                                 return -EINVAL;
1392
1393                         crit_opt |= !!(option->type & GENEVE_CRIT_OPT_TYPE);
1394
1395                         option = (struct geneve_opt *)((u8 *)option + len);
1396                         opts_len -= len;
1397                 };
1398
1399                 key.tun_key.tun_flags |= crit_opt ? TUNNEL_CRIT_OPT : 0;
1400         };
1401
1402         start = add_nested_action_start(sfa, OVS_ACTION_ATTR_SET);
1403         if (start < 0)
1404                 return start;
1405
1406         a = __add_action(sfa, OVS_KEY_ATTR_TUNNEL_INFO, NULL,
1407                          sizeof(*tun_info) + key.tun_opts_len);
1408         if (IS_ERR(a))
1409                 return PTR_ERR(a);
1410
1411         tun_info = nla_data(a);
1412         tun_info->tunnel = key.tun_key;
1413         tun_info->options_len = key.tun_opts_len;
1414
1415         if (tun_info->options_len) {
1416                 /* We need to store the options in the action itself since
1417                  * everything else will go away after flow setup. We can append
1418                  * it to tun_info and then point there.
1419                  */
1420                 memcpy((tun_info + 1), GENEVE_OPTS(&key, key.tun_opts_len),
1421                        key.tun_opts_len);
1422                 tun_info->options = (struct geneve_opt *)(tun_info + 1);
1423         } else {
1424                 tun_info->options = NULL;
1425         }
1426
1427         add_nested_action_end(*sfa, start);
1428
1429         return err;
1430 }
1431
1432 static int validate_set(const struct nlattr *a,
1433                         const struct sw_flow_key *flow_key,
1434                         struct sw_flow_actions **sfa,
1435                         bool *set_tun)
1436 {
1437         const struct nlattr *ovs_key = nla_data(a);
1438         int key_type = nla_type(ovs_key);
1439
1440         /* There can be only one key in a action */
1441         if (nla_total_size(nla_len(ovs_key)) != nla_len(a))
1442                 return -EINVAL;
1443
1444         if (key_type > OVS_KEY_ATTR_MAX ||
1445             (ovs_key_lens[key_type] != nla_len(ovs_key) &&
1446              ovs_key_lens[key_type] != -1))
1447                 return -EINVAL;
1448
1449         switch (key_type) {
1450         const struct ovs_key_ipv4 *ipv4_key;
1451         const struct ovs_key_ipv6 *ipv6_key;
1452         int err;
1453
1454         case OVS_KEY_ATTR_PRIORITY:
1455         case OVS_KEY_ATTR_SKB_MARK:
1456         case OVS_KEY_ATTR_ETHERNET:
1457                 break;
1458
1459         case OVS_KEY_ATTR_TUNNEL:
1460                 *set_tun = true;
1461                 err = validate_and_copy_set_tun(a, sfa);
1462                 if (err)
1463                         return err;
1464                 break;
1465
1466         case OVS_KEY_ATTR_IPV4:
1467                 if (flow_key->eth.type != htons(ETH_P_IP))
1468                         return -EINVAL;
1469
1470                 if (!flow_key->ip.proto)
1471                         return -EINVAL;
1472
1473                 ipv4_key = nla_data(ovs_key);
1474                 if (ipv4_key->ipv4_proto != flow_key->ip.proto)
1475                         return -EINVAL;
1476
1477                 if (ipv4_key->ipv4_frag != flow_key->ip.frag)
1478                         return -EINVAL;
1479
1480                 break;
1481
1482         case OVS_KEY_ATTR_IPV6:
1483                 if (flow_key->eth.type != htons(ETH_P_IPV6))
1484                         return -EINVAL;
1485
1486                 if (!flow_key->ip.proto)
1487                         return -EINVAL;
1488
1489                 ipv6_key = nla_data(ovs_key);
1490                 if (ipv6_key->ipv6_proto != flow_key->ip.proto)
1491                         return -EINVAL;
1492
1493                 if (ipv6_key->ipv6_frag != flow_key->ip.frag)
1494                         return -EINVAL;
1495
1496                 if (ntohl(ipv6_key->ipv6_label) & 0xFFF00000)
1497                         return -EINVAL;
1498
1499                 break;
1500
1501         case OVS_KEY_ATTR_TCP:
1502                 if (flow_key->ip.proto != IPPROTO_TCP)
1503                         return -EINVAL;
1504
1505                 return validate_tp_port(flow_key);
1506
1507         case OVS_KEY_ATTR_UDP:
1508                 if (flow_key->ip.proto != IPPROTO_UDP)
1509                         return -EINVAL;
1510
1511                 return validate_tp_port(flow_key);
1512
1513         case OVS_KEY_ATTR_SCTP:
1514                 if (flow_key->ip.proto != IPPROTO_SCTP)
1515                         return -EINVAL;
1516
1517                 return validate_tp_port(flow_key);
1518
1519         default:
1520                 return -EINVAL;
1521         }
1522
1523         return 0;
1524 }
1525
1526 static int validate_userspace(const struct nlattr *attr)
1527 {
1528         static const struct nla_policy userspace_policy[OVS_USERSPACE_ATTR_MAX + 1] = {
1529                 [OVS_USERSPACE_ATTR_PID] = {.type = NLA_U32 },
1530                 [OVS_USERSPACE_ATTR_USERDATA] = {.type = NLA_UNSPEC },
1531         };
1532         struct nlattr *a[OVS_USERSPACE_ATTR_MAX + 1];
1533         int error;
1534
1535         error = nla_parse_nested(a, OVS_USERSPACE_ATTR_MAX,
1536                                  attr, userspace_policy);
1537         if (error)
1538                 return error;
1539
1540         if (!a[OVS_USERSPACE_ATTR_PID] ||
1541             !nla_get_u32(a[OVS_USERSPACE_ATTR_PID]))
1542                 return -EINVAL;
1543
1544         return 0;
1545 }
1546
1547 static int copy_action(const struct nlattr *from,
1548                        struct sw_flow_actions **sfa)
1549 {
1550         int totlen = NLA_ALIGN(from->nla_len);
1551         struct nlattr *to;
1552
1553         to = reserve_sfa_size(sfa, from->nla_len);
1554         if (IS_ERR(to))
1555                 return PTR_ERR(to);
1556
1557         memcpy(to, from, totlen);
1558         return 0;
1559 }
1560
1561 int ovs_nla_copy_actions(const struct nlattr *attr,
1562                          const struct sw_flow_key *key,
1563                          int depth,
1564                          struct sw_flow_actions **sfa)
1565 {
1566         const struct nlattr *a;
1567         int rem, err;
1568
1569         if (depth >= SAMPLE_ACTION_DEPTH)
1570                 return -EOVERFLOW;
1571
1572         nla_for_each_nested(a, attr, rem) {
1573                 /* Expected argument lengths, (u32)-1 for variable length. */
1574                 static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = {
1575                         [OVS_ACTION_ATTR_OUTPUT] = sizeof(u32),
1576                         [OVS_ACTION_ATTR_RECIRC] = sizeof(u32),
1577                         [OVS_ACTION_ATTR_USERSPACE] = (u32)-1,
1578                         [OVS_ACTION_ATTR_PUSH_VLAN] = sizeof(struct ovs_action_push_vlan),
1579                         [OVS_ACTION_ATTR_POP_VLAN] = 0,
1580                         [OVS_ACTION_ATTR_SET] = (u32)-1,
1581                         [OVS_ACTION_ATTR_SAMPLE] = (u32)-1,
1582                         [OVS_ACTION_ATTR_HASH] = sizeof(struct ovs_action_hash)
1583                 };
1584                 const struct ovs_action_push_vlan *vlan;
1585                 int type = nla_type(a);
1586                 bool skip_copy;
1587
1588                 if (type > OVS_ACTION_ATTR_MAX ||
1589                     (action_lens[type] != nla_len(a) &&
1590                      action_lens[type] != (u32)-1))
1591                         return -EINVAL;
1592
1593                 skip_copy = false;
1594                 switch (type) {
1595                 case OVS_ACTION_ATTR_UNSPEC:
1596                         return -EINVAL;
1597
1598                 case OVS_ACTION_ATTR_USERSPACE:
1599                         err = validate_userspace(a);
1600                         if (err)
1601                                 return err;
1602                         break;
1603
1604                 case OVS_ACTION_ATTR_OUTPUT:
1605                         if (nla_get_u32(a) >= DP_MAX_PORTS)
1606                                 return -EINVAL;
1607                         break;
1608
1609                 case OVS_ACTION_ATTR_HASH: {
1610                         const struct ovs_action_hash *act_hash = nla_data(a);
1611
1612                         switch (act_hash->hash_alg) {
1613                         case OVS_HASH_ALG_L4:
1614                                 break;
1615                         default:
1616                                 return  -EINVAL;
1617                         }
1618
1619                         break;
1620                 }
1621
1622                 case OVS_ACTION_ATTR_POP_VLAN:
1623                         break;
1624
1625                 case OVS_ACTION_ATTR_PUSH_VLAN:
1626                         vlan = nla_data(a);
1627                         if (vlan->vlan_tpid != htons(ETH_P_8021Q))
1628                                 return -EINVAL;
1629                         if (!(vlan->vlan_tci & htons(VLAN_TAG_PRESENT)))
1630                                 return -EINVAL;
1631                         break;
1632
1633                 case OVS_ACTION_ATTR_RECIRC:
1634                         break;
1635
1636                 case OVS_ACTION_ATTR_SET:
1637                         err = validate_set(a, key, sfa, &skip_copy);
1638                         if (err)
1639                                 return err;
1640                         break;
1641
1642                 case OVS_ACTION_ATTR_SAMPLE:
1643                         err = validate_and_copy_sample(a, key, depth, sfa);
1644                         if (err)
1645                                 return err;
1646                         skip_copy = true;
1647                         break;
1648
1649                 default:
1650                         return -EINVAL;
1651                 }
1652                 if (!skip_copy) {
1653                         err = copy_action(a, sfa);
1654                         if (err)
1655                                 return err;
1656                 }
1657         }
1658
1659         if (rem > 0)
1660                 return -EINVAL;
1661
1662         return 0;
1663 }
1664
1665 static int sample_action_to_attr(const struct nlattr *attr, struct sk_buff *skb)
1666 {
1667         const struct nlattr *a;
1668         struct nlattr *start;
1669         int err = 0, rem;
1670
1671         start = nla_nest_start(skb, OVS_ACTION_ATTR_SAMPLE);
1672         if (!start)
1673                 return -EMSGSIZE;
1674
1675         nla_for_each_nested(a, attr, rem) {
1676                 int type = nla_type(a);
1677                 struct nlattr *st_sample;
1678
1679                 switch (type) {
1680                 case OVS_SAMPLE_ATTR_PROBABILITY:
1681                         if (nla_put(skb, OVS_SAMPLE_ATTR_PROBABILITY,
1682                                     sizeof(u32), nla_data(a)))
1683                                 return -EMSGSIZE;
1684                         break;
1685                 case OVS_SAMPLE_ATTR_ACTIONS:
1686                         st_sample = nla_nest_start(skb, OVS_SAMPLE_ATTR_ACTIONS);
1687                         if (!st_sample)
1688                                 return -EMSGSIZE;
1689                         err = ovs_nla_put_actions(nla_data(a), nla_len(a), skb);
1690                         if (err)
1691                                 return err;
1692                         nla_nest_end(skb, st_sample);
1693                         break;
1694                 }
1695         }
1696
1697         nla_nest_end(skb, start);
1698         return err;
1699 }
1700
1701 static int set_action_to_attr(const struct nlattr *a, struct sk_buff *skb)
1702 {
1703         const struct nlattr *ovs_key = nla_data(a);
1704         int key_type = nla_type(ovs_key);
1705         struct nlattr *start;
1706         int err;
1707
1708         switch (key_type) {
1709         case OVS_KEY_ATTR_TUNNEL_INFO: {
1710                 struct ovs_tunnel_info *tun_info = nla_data(ovs_key);
1711
1712                 start = nla_nest_start(skb, OVS_ACTION_ATTR_SET);
1713                 if (!start)
1714                         return -EMSGSIZE;
1715
1716                 err = ipv4_tun_to_nlattr(skb, &tun_info->tunnel,
1717                                          tun_info->options_len ?
1718                                                 tun_info->options : NULL,
1719                                          tun_info->options_len);
1720                 if (err)
1721                         return err;
1722                 nla_nest_end(skb, start);
1723                 break;
1724         }
1725         default:
1726                 if (nla_put(skb, OVS_ACTION_ATTR_SET, nla_len(a), ovs_key))
1727                         return -EMSGSIZE;
1728                 break;
1729         }
1730
1731         return 0;
1732 }
1733
1734 int ovs_nla_put_actions(const struct nlattr *attr, int len, struct sk_buff *skb)
1735 {
1736         const struct nlattr *a;
1737         int rem, err;
1738
1739         nla_for_each_attr(a, attr, len, rem) {
1740                 int type = nla_type(a);
1741
1742                 switch (type) {
1743                 case OVS_ACTION_ATTR_SET:
1744                         err = set_action_to_attr(a, skb);
1745                         if (err)
1746                                 return err;
1747                         break;
1748
1749                 case OVS_ACTION_ATTR_SAMPLE:
1750                         err = sample_action_to_attr(a, skb);
1751                         if (err)
1752                                 return err;
1753                         break;
1754                 default:
1755                         if (nla_put(skb, type, nla_len(a), nla_data(a)))
1756                                 return -EMSGSIZE;
1757                         break;
1758                 }
1759         }
1760
1761         return 0;
1762 }