Change in Openvswitch to support MPLS label depth of 3 in ingress direction

The openvswitch was supporting a MPLS label depth of 1 in the ingress
direction though the userspace OVS supports a max depth of 3 labels.
This change enables openvswitch module to support a max depth of
3 labels in the ingress.

Signed-off-by: Martin Varghese <martin.varghese@nokia.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Martin Varghese 2019-11-04 07:27:44 +05:30 committed by David S. Miller
parent a5ec65169c
commit fbdcdd78da
4 changed files with 85 additions and 33 deletions

View File

@ -200,7 +200,7 @@ static int set_mpls(struct sk_buff *skb, struct sw_flow_key *flow_key,
if (err) if (err)
return err; return err;
flow_key->mpls.top_lse = lse; flow_key->mpls.lse[0] = lse;
return 0; return 0;
} }

View File

@ -637,27 +637,35 @@ static int key_extract_l3l4(struct sk_buff *skb, struct sw_flow_key *key)
memset(&key->ipv4, 0, sizeof(key->ipv4)); memset(&key->ipv4, 0, sizeof(key->ipv4));
} }
} else if (eth_p_mpls(key->eth.type)) { } else if (eth_p_mpls(key->eth.type)) {
size_t stack_len = MPLS_HLEN; u8 label_count = 1;
memset(&key->mpls, 0, sizeof(key->mpls));
skb_set_inner_network_header(skb, skb->mac_len); skb_set_inner_network_header(skb, skb->mac_len);
while (1) { while (1) {
__be32 lse; __be32 lse;
error = check_header(skb, skb->mac_len + stack_len); error = check_header(skb, skb->mac_len +
label_count * MPLS_HLEN);
if (unlikely(error)) if (unlikely(error))
return 0; return 0;
memcpy(&lse, skb_inner_network_header(skb), MPLS_HLEN); memcpy(&lse, skb_inner_network_header(skb), MPLS_HLEN);
if (stack_len == MPLS_HLEN) if (label_count <= MPLS_LABEL_DEPTH)
memcpy(&key->mpls.top_lse, &lse, MPLS_HLEN); memcpy(&key->mpls.lse[label_count - 1], &lse,
MPLS_HLEN);
skb_set_inner_network_header(skb, skb->mac_len + stack_len); skb_set_inner_network_header(skb, skb->mac_len +
label_count * MPLS_HLEN);
if (lse & htonl(MPLS_LS_S_MASK)) if (lse & htonl(MPLS_LS_S_MASK))
break; break;
stack_len += MPLS_HLEN; label_count++;
} }
if (label_count > MPLS_LABEL_DEPTH)
label_count = MPLS_LABEL_DEPTH;
key->mpls.num_labels_mask = GENMASK(label_count - 1, 0);
} else if (key->eth.type == htons(ETH_P_IPV6)) { } else if (key->eth.type == htons(ETH_P_IPV6)) {
int nh_len; /* IPv6 Header + Extensions */ int nh_len; /* IPv6 Header + Extensions */

View File

@ -30,6 +30,7 @@ enum sw_flow_mac_proto {
MAC_PROTO_ETHERNET, MAC_PROTO_ETHERNET,
}; };
#define SW_FLOW_KEY_INVALID 0x80 #define SW_FLOW_KEY_INVALID 0x80
#define MPLS_LABEL_DEPTH 3
/* Store options at the end of the array if they are less than the /* Store options at the end of the array if they are less than the
* maximum size. This allows us to get the benefits of variable length * maximum size. This allows us to get the benefits of variable length
@ -84,9 +85,6 @@ struct sw_flow_key {
* protocol. * protocol.
*/ */
union { union {
struct {
__be32 top_lse; /* top label stack entry */
} mpls;
struct { struct {
u8 proto; /* IP protocol or lower 8 bits of ARP opcode. */ u8 proto; /* IP protocol or lower 8 bits of ARP opcode. */
u8 tos; /* IP ToS. */ u8 tos; /* IP ToS. */
@ -135,6 +133,11 @@ struct sw_flow_key {
} nd; } nd;
}; };
} ipv6; } ipv6;
struct {
u32 num_labels_mask; /* labels present bitmap of effective length MPLS_LABEL_DEPTH */
__be32 lse[MPLS_LABEL_DEPTH]; /* label stack entry */
} mpls;
struct ovs_key_nsh nsh; /* network service header */ struct ovs_key_nsh nsh; /* network service header */
}; };
struct { struct {

View File

@ -424,7 +424,7 @@ static const struct ovs_len_tbl ovs_key_lens[OVS_KEY_ATTR_MAX + 1] = {
[OVS_KEY_ATTR_DP_HASH] = { .len = sizeof(u32) }, [OVS_KEY_ATTR_DP_HASH] = { .len = sizeof(u32) },
[OVS_KEY_ATTR_TUNNEL] = { .len = OVS_ATTR_NESTED, [OVS_KEY_ATTR_TUNNEL] = { .len = OVS_ATTR_NESTED,
.next = ovs_tunnel_key_lens, }, .next = ovs_tunnel_key_lens, },
[OVS_KEY_ATTR_MPLS] = { .len = sizeof(struct ovs_key_mpls) }, [OVS_KEY_ATTR_MPLS] = { .len = OVS_ATTR_VARIABLE },
[OVS_KEY_ATTR_CT_STATE] = { .len = sizeof(u32) }, [OVS_KEY_ATTR_CT_STATE] = { .len = sizeof(u32) },
[OVS_KEY_ATTR_CT_ZONE] = { .len = sizeof(u16) }, [OVS_KEY_ATTR_CT_ZONE] = { .len = sizeof(u16) },
[OVS_KEY_ATTR_CT_MARK] = { .len = sizeof(u32) }, [OVS_KEY_ATTR_CT_MARK] = { .len = sizeof(u32) },
@ -1628,10 +1628,25 @@ static int ovs_key_from_nlattrs(struct net *net, struct sw_flow_match *match,
if (attrs & (1 << OVS_KEY_ATTR_MPLS)) { if (attrs & (1 << OVS_KEY_ATTR_MPLS)) {
const struct ovs_key_mpls *mpls_key; const struct ovs_key_mpls *mpls_key;
u32 hdr_len;
u32 label_count, label_count_mask, i;
mpls_key = nla_data(a[OVS_KEY_ATTR_MPLS]); mpls_key = nla_data(a[OVS_KEY_ATTR_MPLS]);
SW_FLOW_KEY_PUT(match, mpls.top_lse, hdr_len = nla_len(a[OVS_KEY_ATTR_MPLS]);
mpls_key->mpls_lse, is_mask); label_count = hdr_len / sizeof(struct ovs_key_mpls);
if (label_count == 0 || label_count > MPLS_LABEL_DEPTH ||
hdr_len % sizeof(struct ovs_key_mpls))
return -EINVAL;
label_count_mask = GENMASK(label_count - 1, 0);
for (i = 0 ; i < label_count; i++)
SW_FLOW_KEY_PUT(match, mpls.lse[i],
mpls_key[i].mpls_lse, is_mask);
SW_FLOW_KEY_PUT(match, mpls.num_labels_mask,
label_count_mask, is_mask);
attrs &= ~(1 << OVS_KEY_ATTR_MPLS); attrs &= ~(1 << OVS_KEY_ATTR_MPLS);
} }
@ -2114,13 +2129,18 @@ static int __ovs_nla_put_key(const struct sw_flow_key *swkey,
ether_addr_copy(arp_key->arp_sha, output->ipv4.arp.sha); ether_addr_copy(arp_key->arp_sha, output->ipv4.arp.sha);
ether_addr_copy(arp_key->arp_tha, output->ipv4.arp.tha); ether_addr_copy(arp_key->arp_tha, output->ipv4.arp.tha);
} else if (eth_p_mpls(swkey->eth.type)) { } else if (eth_p_mpls(swkey->eth.type)) {
u8 i, num_labels;
struct ovs_key_mpls *mpls_key; struct ovs_key_mpls *mpls_key;
nla = nla_reserve(skb, OVS_KEY_ATTR_MPLS, sizeof(*mpls_key)); num_labels = hweight_long(output->mpls.num_labels_mask);
nla = nla_reserve(skb, OVS_KEY_ATTR_MPLS,
num_labels * sizeof(*mpls_key));
if (!nla) if (!nla)
goto nla_put_failure; goto nla_put_failure;
mpls_key = nla_data(nla); mpls_key = nla_data(nla);
mpls_key->mpls_lse = output->mpls.top_lse; for (i = 0; i < num_labels; i++)
mpls_key[i].mpls_lse = output->mpls.lse[i];
} }
if ((swkey->eth.type == htons(ETH_P_IP) || if ((swkey->eth.type == htons(ETH_P_IP) ||
@ -2406,13 +2426,14 @@ static inline void add_nested_action_end(struct sw_flow_actions *sfa,
static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
const struct sw_flow_key *key, const struct sw_flow_key *key,
struct sw_flow_actions **sfa, struct sw_flow_actions **sfa,
__be16 eth_type, __be16 vlan_tci, bool log); __be16 eth_type, __be16 vlan_tci,
u32 mpls_label_count, bool log);
static int validate_and_copy_sample(struct net *net, const struct nlattr *attr, static int validate_and_copy_sample(struct net *net, const struct nlattr *attr,
const struct sw_flow_key *key, const struct sw_flow_key *key,
struct sw_flow_actions **sfa, struct sw_flow_actions **sfa,
__be16 eth_type, __be16 vlan_tci, __be16 eth_type, __be16 vlan_tci,
bool log, bool last) u32 mpls_label_count, bool log, bool last)
{ {
const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1]; const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1];
const struct nlattr *probability, *actions; const struct nlattr *probability, *actions;
@ -2463,7 +2484,7 @@ static int validate_and_copy_sample(struct net *net, const struct nlattr *attr,
return err; return err;
err = __ovs_nla_copy_actions(net, actions, key, sfa, err = __ovs_nla_copy_actions(net, actions, key, sfa,
eth_type, vlan_tci, log); eth_type, vlan_tci, mpls_label_count, log);
if (err) if (err)
return err; return err;
@ -2478,7 +2499,7 @@ static int validate_and_copy_clone(struct net *net,
const struct sw_flow_key *key, const struct sw_flow_key *key,
struct sw_flow_actions **sfa, struct sw_flow_actions **sfa,
__be16 eth_type, __be16 vlan_tci, __be16 eth_type, __be16 vlan_tci,
bool log, bool last) u32 mpls_label_count, bool log, bool last)
{ {
int start, err; int start, err;
u32 exec; u32 exec;
@ -2498,7 +2519,7 @@ static int validate_and_copy_clone(struct net *net,
return err; return err;
err = __ovs_nla_copy_actions(net, attr, key, sfa, err = __ovs_nla_copy_actions(net, attr, key, sfa,
eth_type, vlan_tci, log); eth_type, vlan_tci, mpls_label_count, log);
if (err) if (err)
return err; return err;
@ -2864,6 +2885,7 @@ static int validate_and_copy_check_pkt_len(struct net *net,
const struct sw_flow_key *key, const struct sw_flow_key *key,
struct sw_flow_actions **sfa, struct sw_flow_actions **sfa,
__be16 eth_type, __be16 vlan_tci, __be16 eth_type, __be16 vlan_tci,
u32 mpls_label_count,
bool log, bool last) bool log, bool last)
{ {
const struct nlattr *acts_if_greater, *acts_if_lesser_eq; const struct nlattr *acts_if_greater, *acts_if_lesser_eq;
@ -2912,7 +2934,7 @@ static int validate_and_copy_check_pkt_len(struct net *net,
return nested_acts_start; return nested_acts_start;
err = __ovs_nla_copy_actions(net, acts_if_lesser_eq, key, sfa, err = __ovs_nla_copy_actions(net, acts_if_lesser_eq, key, sfa,
eth_type, vlan_tci, log); eth_type, vlan_tci, mpls_label_count, log);
if (err) if (err)
return err; return err;
@ -2925,7 +2947,7 @@ static int validate_and_copy_check_pkt_len(struct net *net,
return nested_acts_start; return nested_acts_start;
err = __ovs_nla_copy_actions(net, acts_if_greater, key, sfa, err = __ovs_nla_copy_actions(net, acts_if_greater, key, sfa,
eth_type, vlan_tci, log); eth_type, vlan_tci, mpls_label_count, log);
if (err) if (err)
return err; return err;
@ -2952,7 +2974,8 @@ static int copy_action(const struct nlattr *from,
static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
const struct sw_flow_key *key, const struct sw_flow_key *key,
struct sw_flow_actions **sfa, struct sw_flow_actions **sfa,
__be16 eth_type, __be16 vlan_tci, bool log) __be16 eth_type, __be16 vlan_tci,
u32 mpls_label_count, bool log)
{ {
u8 mac_proto = ovs_key_mac_proto(key); u8 mac_proto = ovs_key_mac_proto(key);
const struct nlattr *a; const struct nlattr *a;
@ -3065,25 +3088,36 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
!eth_p_mpls(eth_type))) !eth_p_mpls(eth_type)))
return -EINVAL; return -EINVAL;
eth_type = mpls->mpls_ethertype; eth_type = mpls->mpls_ethertype;
mpls_label_count++;
break; break;
} }
case OVS_ACTION_ATTR_POP_MPLS: case OVS_ACTION_ATTR_POP_MPLS: {
__be16 proto;
if (vlan_tci & htons(VLAN_CFI_MASK) || if (vlan_tci & htons(VLAN_CFI_MASK) ||
!eth_p_mpls(eth_type)) !eth_p_mpls(eth_type))
return -EINVAL; return -EINVAL;
/* Disallow subsequent L2.5+ set and mpls_pop actions /* Disallow subsequent L2.5+ set actions and mpls_pop
* as there is no check here to ensure that the new * actions once the last MPLS label in the packet is
* eth_type is valid and thus set actions could * is popped as there is no check here to ensure that
* write off the end of the packet or otherwise * the new eth type is valid and thus set actions could
* corrupt it. * write off the end of the packet or otherwise corrupt
* it.
* *
* Support for these actions is planned using packet * Support for these actions is planned using packet
* recirculation. * recirculation.
*/ */
eth_type = htons(0); proto = nla_get_be16(a);
mpls_label_count--;
if (!eth_p_mpls(proto) || !mpls_label_count)
eth_type = htons(0);
else
eth_type = proto;
break; break;
}
case OVS_ACTION_ATTR_SET: case OVS_ACTION_ATTR_SET:
err = validate_set(a, key, sfa, err = validate_set(a, key, sfa,
@ -3106,6 +3140,7 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
err = validate_and_copy_sample(net, a, key, sfa, err = validate_and_copy_sample(net, a, key, sfa,
eth_type, vlan_tci, eth_type, vlan_tci,
mpls_label_count,
log, last); log, last);
if (err) if (err)
return err; return err;
@ -3176,6 +3211,7 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
err = validate_and_copy_clone(net, a, key, sfa, err = validate_and_copy_clone(net, a, key, sfa,
eth_type, vlan_tci, eth_type, vlan_tci,
mpls_label_count,
log, last); log, last);
if (err) if (err)
return err; return err;
@ -3188,8 +3224,9 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
err = validate_and_copy_check_pkt_len(net, a, key, sfa, err = validate_and_copy_check_pkt_len(net, a, key, sfa,
eth_type, eth_type,
vlan_tci, log, vlan_tci,
last); mpls_label_count,
log, last);
if (err) if (err)
return err; return err;
skip_copy = true; skip_copy = true;
@ -3219,14 +3256,18 @@ int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
struct sw_flow_actions **sfa, bool log) struct sw_flow_actions **sfa, bool log)
{ {
int err; int err;
u32 mpls_label_count = 0;
*sfa = nla_alloc_flow_actions(min(nla_len(attr), MAX_ACTIONS_BUFSIZE)); *sfa = nla_alloc_flow_actions(min(nla_len(attr), MAX_ACTIONS_BUFSIZE));
if (IS_ERR(*sfa)) if (IS_ERR(*sfa))
return PTR_ERR(*sfa); return PTR_ERR(*sfa);
if (eth_p_mpls(key->eth.type))
mpls_label_count = hweight_long(key->mpls.num_labels_mask);
(*sfa)->orig_len = nla_len(attr); (*sfa)->orig_len = nla_len(attr);
err = __ovs_nla_copy_actions(net, attr, key, sfa, key->eth.type, err = __ovs_nla_copy_actions(net, attr, key, sfa, key->eth.type,
key->eth.vlan.tci, log); key->eth.vlan.tci, mpls_label_count, log);
if (err) if (err)
ovs_nla_free_flow_actions(*sfa); ovs_nla_free_flow_actions(*sfa);