[ovs-dev] [PATCH net-next v2 2/2] datapath: Restructure vxlan tunneling.

Pravin B Shelar pshelar at nicira.com
Tue Jul 16 16:06:31 UTC 2013


Following patch restructures vxlan tunneling so that it is more
in sync with upstream vxlan tunneling code.

Signed-off-by: Pravin Shelar <pshelar at nicira.com>
---
v1-v2:
 - Added create flag to vxlan-port add.
 - Moved rxhash functions to flow_dissector.c
---
 datapath/compat.h                             |    6 +
 datapath/linux/Modules.mk                     |    6 +-
 datapath/linux/compat/flow_dissector.c        |  202 +++++++++++
 datapath/linux/compat/include/linux/in.h      |   20 ++
 datapath/linux/compat/include/linux/skbuff.h  |   22 ++
 datapath/linux/compat/include/net/flow_keys.h |   22 ++
 datapath/linux/compat/include/net/ip.h        |    7 +
 datapath/linux/compat/include/net/ipv6.h      |   15 +
 datapath/linux/compat/include/net/vxlan.h     |   43 +++
 datapath/linux/compat/vxlan.c                 |  457 +++++++++++++++++++++++++
 datapath/vport-vxlan.c                        |  222 +++++--------
 11 files changed, 877 insertions(+), 145 deletions(-)
 create mode 100644 datapath/linux/compat/flow_dissector.c
 create mode 100644 datapath/linux/compat/include/net/flow_keys.h
 create mode 100644 datapath/linux/compat/include/net/vxlan.h
 create mode 100644 datapath/linux/compat/vxlan.c

diff --git a/datapath/compat.h b/datapath/compat.h
index a6a01d5..4dfd192 100644
--- a/datapath/compat.h
+++ b/datapath/compat.h
@@ -100,4 +100,10 @@ static inline void skb_set_mark(struct sk_buff *skb, u32 mark)
 #define rt_dst(rt) (rt->u.dst)
 #endif
 
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,33)
+#define inet_sport(sk)	(inet_sk(sk)->sport)
+#else
+#define inet_sport(sk)	(inet_sk(sk)->inet_sport)
+#endif
+
 #endif /* compat.h */
diff --git a/datapath/linux/Modules.mk b/datapath/linux/Modules.mk
index dcacc79..edaeabb 100644
--- a/datapath/linux/Modules.mk
+++ b/datapath/linux/Modules.mk
@@ -3,6 +3,7 @@ openvswitch_sources += \
 	linux/compat/dev-openvswitch.c \
 	linux/compat/exthdrs_core.c \
 	linux/compat/flex_array.c \
+	linux/compat/flow_dissector.c \
 	linux/compat/gre.c \
 	linux/compat/gso.c \
 	linux/compat/genetlink-openvswitch.c \
@@ -14,6 +15,7 @@ openvswitch_sources += \
 	linux/compat/reciprocal_div.c \
 	linux/compat/skbuff-openvswitch.c \
 	linux/compat/time.c	\
+	linux/compat/vxlan.c	\
 	linux/compat/workqueue.c
 openvswitch_headers += \
 	linux/compat/gso.h \
@@ -65,6 +67,7 @@ openvswitch_headers += \
 	linux/compat/include/linux/workqueue.h \
 	linux/compat/include/net/checksum.h \
 	linux/compat/include/net/dst.h \
+	linux/compat/include/net/flow_keys.h \
 	linux/compat/include/net/genetlink.h \
 	linux/compat/include/net/gre.h \
 	linux/compat/include/net/inet_frag.h \
@@ -76,4 +79,5 @@ openvswitch_headers += \
 	linux/compat/include/net/protocol.h \
 	linux/compat/include/net/route.h \
 	linux/compat/include/net/sock.h \
-	linux/compat/include/net/netns/generic.h
+	linux/compat/include/net/netns/generic.h \
+	linux/compat/include/net/vxlan.h
diff --git a/datapath/linux/compat/flow_dissector.c b/datapath/linux/compat/flow_dissector.c
new file mode 100644
index 0000000..f5fca26
--- /dev/null
+++ b/datapath/linux/compat/flow_dissector.c
@@ -0,0 +1,202 @@
+
+#include <linux/ip.h>
+#include <linux/ipv6.h>
+#include <linux/if_vlan.h>
+#include <net/ip.h>
+#include <net/ipv6.h>
+#include <linux/igmp.h>
+#include <linux/icmp.h>
+#include <linux/sctp.h>
+#include <linux/dccp.h>
+#include <linux/if_tunnel.h>
+#include <linux/if_pppox.h>
+#include <linux/ppp_defs.h>
+#include <net/flow_keys.h>
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,37)
+
+/* copy saddr & daddr, possibly using 64bit load/store
+ * Equivalent to :	flow->src = iph->saddr;
+ *			flow->dst = iph->daddr;
+ */
+static void iph_to_flow_copy_addrs(struct flow_keys *flow, const struct iphdr *iph)
+{
+	BUILD_BUG_ON(offsetof(typeof(*flow), dst) !=
+		     offsetof(typeof(*flow), src) + sizeof(flow->src));
+	memcpy(&flow->src, &iph->saddr, sizeof(flow->src) + sizeof(flow->dst));
+}
+
+static bool skb_flow_dissect(const struct sk_buff *skb, struct flow_keys *flow)
+{
+	int poff, nhoff = skb_network_offset(skb);
+	u8 ip_proto;
+	__be16 proto = skb->protocol;
+
+	memset(flow, 0, sizeof(*flow));
+
+again:
+	switch (proto) {
+	case __constant_htons(ETH_P_IP): {
+		const struct iphdr *iph;
+		struct iphdr _iph;
+ip:
+		iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
+		if (!iph)
+			return false;
+
+		if (ip_is_fragment(iph))
+			ip_proto = 0;
+		else
+			ip_proto = iph->protocol;
+		iph_to_flow_copy_addrs(flow, iph);
+		nhoff += iph->ihl * 4;
+		break;
+	}
+	case __constant_htons(ETH_P_IPV6): {
+		const struct ipv6hdr *iph;
+		struct ipv6hdr _iph;
+ipv6:
+		iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
+		if (!iph)
+			return false;
+
+		ip_proto = iph->nexthdr;
+		flow->src = (__force __be32)ipv6_addr_hash(&iph->saddr);
+		flow->dst = (__force __be32)ipv6_addr_hash(&iph->daddr);
+		nhoff += sizeof(struct ipv6hdr);
+		break;
+	}
+	case __constant_htons(ETH_P_8021Q): {
+		const struct vlan_hdr *vlan;
+		struct vlan_hdr _vlan;
+
+		vlan = skb_header_pointer(skb, nhoff, sizeof(_vlan), &_vlan);
+		if (!vlan)
+			return false;
+
+		proto = vlan->h_vlan_encapsulated_proto;
+		nhoff += sizeof(*vlan);
+		goto again;
+	}
+	case __constant_htons(ETH_P_PPP_SES): {
+		struct {
+			struct pppoe_hdr hdr;
+			__be16 proto;
+		} *hdr, _hdr;
+		hdr = skb_header_pointer(skb, nhoff, sizeof(_hdr), &_hdr);
+		if (!hdr)
+			return false;
+		proto = hdr->proto;
+		nhoff += PPPOE_SES_HLEN;
+		switch (proto) {
+		case __constant_htons(PPP_IP):
+			goto ip;
+		case __constant_htons(PPP_IPV6):
+			goto ipv6;
+		default:
+			return false;
+		}
+	}
+	default:
+		return false;
+	}
+
+	switch (ip_proto) {
+	case IPPROTO_GRE: {
+		struct gre_hdr {
+			__be16 flags;
+			__be16 proto;
+		} *hdr, _hdr;
+
+		hdr = skb_header_pointer(skb, nhoff, sizeof(_hdr), &_hdr);
+		if (!hdr)
+			return false;
+		/*
+		 * Only look inside GRE if version zero and no
+		 * routing
+		 */
+		if (!(hdr->flags & (GRE_VERSION|GRE_ROUTING))) {
+			proto = hdr->proto;
+			nhoff += 4;
+			if (hdr->flags & GRE_CSUM)
+				nhoff += 4;
+			if (hdr->flags & GRE_KEY)
+				nhoff += 4;
+			if (hdr->flags & GRE_SEQ)
+				nhoff += 4;
+			if (proto == htons(ETH_P_TEB)) {
+				const struct ethhdr *eth;
+				struct ethhdr _eth;
+
+				eth = skb_header_pointer(skb, nhoff,
+							 sizeof(_eth), &_eth);
+				if (!eth)
+					return false;
+				proto = eth->h_proto;
+				nhoff += sizeof(*eth);
+			}
+			goto again;
+		}
+		break;
+	}
+	case IPPROTO_IPIP:
+		goto again;
+	default:
+		break;
+	}
+
+	flow->ip_proto = ip_proto;
+	poff = proto_ports_offset(ip_proto);
+	if (poff >= 0) {
+		__be32 *ports, _ports;
+
+		nhoff += poff;
+		ports = skb_header_pointer(skb, nhoff, sizeof(_ports), &_ports);
+		if (ports)
+			flow->ports = *ports;
+	}
+
+	flow->thoff = (u16) nhoff;
+
+	return true;
+}
+
+static u32 hashrnd __read_mostly;
+
+static void init_hashrnd(void)
+{
+	if (likely(hashrnd))
+		return;
+	get_random_bytes(&hashrnd, sizeof(hashrnd));
+}
+
+u32 __skb_get_rxhash(struct sk_buff *skb)
+{
+	struct flow_keys keys;
+	u32 hash;
+
+	if (!skb_flow_dissect(skb, &keys))
+		return 0;
+
+	/* get a consistent hash (same value on both flow directions) */
+	if (((__force u32)keys.dst < (__force u32)keys.src) ||
+	    (((__force u32)keys.dst == (__force u32)keys.src) &&
+	     ((__force u16)keys.port16[1] < (__force u16)keys.port16[0]))) {
+		swap(keys.dst, keys.src);
+		swap(keys.port16[0], keys.port16[1]);
+	}
+
+	init_hashrnd();
+
+	hash = jhash_3words((__force u32)keys.dst,
+			    (__force u32)keys.src,
+			    (__force u32)keys.ports, hashrnd);
+	if (!hash)
+		hash = 1;
+
+#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,34)
+	skb->rxhash = hash;
+#endif
+	return hash;
+}
+#endif
diff --git a/datapath/linux/compat/include/linux/in.h b/datapath/linux/compat/include/linux/in.h
index f91a832..fa2e026 100644
--- a/datapath/linux/compat/include/linux/in.h
+++ b/datapath/linux/compat/include/linux/in.h
@@ -3,6 +3,26 @@
 
 #include_next <linux/in.h>
 
+#include <linux/module.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,37)
+static inline int proto_ports_offset(int proto)
+{
+	switch (proto) {
+	case IPPROTO_TCP:
+	case IPPROTO_UDP:
+	case IPPROTO_DCCP:
+	case IPPROTO_ESP:	/* SPI */
+	case IPPROTO_SCTP:
+	case IPPROTO_UDPLITE:
+		return 0;
+	case IPPROTO_AH:	/* SPI */
+		return 4;
+	default:
+		return -EINVAL;
+	}
+}
+#endif
+
 #ifndef HAVE_IPV4_IS_MULTICAST
 
 static inline bool ipv4_is_loopback(__be32 addr)
diff --git a/datapath/linux/compat/include/linux/skbuff.h b/datapath/linux/compat/include/linux/skbuff.h
index d485b39..c9c103d 100644
--- a/datapath/linux/compat/include/linux/skbuff.h
+++ b/datapath/linux/compat/include/linux/skbuff.h
@@ -251,4 +251,26 @@ static inline void skb_reset_mac_len(struct sk_buff *skb)
 	skb->mac_len = skb->network_header - skb->mac_header;
 }
 #endif
+
+static inline int skb_unclone(struct sk_buff *skb, gfp_t pri)
+{
+	might_sleep_if(pri & __GFP_WAIT);
+
+	if (skb_cloned(skb))
+		return pskb_expand_head(skb, 0, 0, pri);
+
+	return 0;
+}
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,37)
+extern u32 __skb_get_rxhash(struct sk_buff *skb);
+static inline __u32 skb_get_rxhash(struct sk_buff *skb)
+{
+#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,34)
+	if (!skb->rxhash)
+#endif
+	return __skb_get_rxhash(skb);
+}
+#endif
+
 #endif
diff --git a/datapath/linux/compat/include/net/flow_keys.h b/datapath/linux/compat/include/net/flow_keys.h
new file mode 100644
index 0000000..4de17d1
--- /dev/null
+++ b/datapath/linux/compat/include/net/flow_keys.h
@@ -0,0 +1,22 @@
+#ifndef _NET_FLOW_KEYS_WRAPPER_H
+#define _NET_FLOW_KEYS_WRAPPER_H
+
+#include <linux/version.h>
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,3,0)
+#include_next <net/flow_keys.h>
+#else
+struct flow_keys {
+	/* (src,dst) must be grouped, in the same way than in IP header */
+	__be32 src;
+	__be32 dst;
+	union {
+		__be32 ports;
+		__be16 port16[2];
+	};
+	u16 thoff;
+	u8 ip_proto;
+};
+#endif
+
+#endif
diff --git a/datapath/linux/compat/include/net/ip.h b/datapath/linux/compat/include/net/ip.h
index b18b968..1dccdea 100644
--- a/datapath/linux/compat/include/net/ip.h
+++ b/datapath/linux/compat/include/net/ip.h
@@ -11,4 +11,11 @@ extern int		ip_local_out(struct sk_buff *skb);
 
 #endif /* linux kernel < 2.6.25 */
 
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3,1,0)
+static inline bool ip_is_fragment(const struct iphdr *iph)
+{
+	return (iph->frag_off & htons(IP_MF | IP_OFFSET)) != 0;
+}
+#endif
+
 #endif
diff --git a/datapath/linux/compat/include/net/ipv6.h b/datapath/linux/compat/include/net/ipv6.h
index d1e3248..7ab234a 100644
--- a/datapath/linux/compat/include/net/ipv6.h
+++ b/datapath/linux/compat/include/net/ipv6.h
@@ -23,4 +23,19 @@ enum {
 extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
 			 int target, unsigned short *fragoff, int *fragflg);
 
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3,4,0)
+static inline u32 ipv6_addr_hash(const struct in6_addr *a)
+{
+#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
+	const unsigned long *ul = (const unsigned long *)a;
+	unsigned long x = ul[0] ^ ul[1];
+
+	return (u32)(x ^ (x >> 32));
+#else
+	return (__force u32)(a->s6_addr32[0] ^ a->s6_addr32[1] ^
+			     a->s6_addr32[2] ^ a->s6_addr32[3]);
+#endif
+}
+#endif
+
 #endif
diff --git a/datapath/linux/compat/include/net/vxlan.h b/datapath/linux/compat/include/net/vxlan.h
new file mode 100644
index 0000000..102bc0c
--- /dev/null
+++ b/datapath/linux/compat/include/net/vxlan.h
@@ -0,0 +1,43 @@
+#ifndef __NET_VXLAN_WRAPPER_H
+#define __NET_VXLAN_WRAPPER_H  1
+
+#include <linux/skbuff.h>
+#include <linux/netdevice.h>
+#include <linux/udp.h>
+
+/* per UDP socket information */
+struct vxlan_sock {
+	struct hlist_node hlist;
+	struct rcu_head	  rcu;
+	struct socket	  *sock;
+	struct list_head  handler_list;
+};
+
+struct vxlan_handler;
+typedef int (vxlan_rcv_t)(struct vxlan_handler *vh, struct sk_buff *skb, __be32 key);
+
+struct vxlan_handler {
+	vxlan_rcv_t	  *rcv;
+	struct list_head   node;
+	void		  *data;
+	struct vxlan_sock *vs;
+	atomic_t	   refcnt;
+	struct rcu_head    rcu;
+	struct work_struct del_work;
+	int		   priority;
+};
+
+void vxlan_handler_put(struct vxlan_handler *vh);
+
+struct vxlan_handler *vxlan_handler_add(struct net *net,
+					__be16 portno, vxlan_rcv_t *rcv,
+					void *data, int priority, bool create);
+
+int vxlan_xmit_skb(struct net *net, struct vxlan_handler *vh,
+		   struct rtable *rt, struct sk_buff *skb,
+		   __be32 src, __be32 dst, __u8 tos, __u8 ttl, __be16 df,
+		   __be16 src_port, __be16 dst_port, __be32 vni);
+
+__be16 vxlan_src_port(__u16 port_min, __u16 port_max, struct sk_buff *skb);
+
+#endif
diff --git a/datapath/linux/compat/vxlan.c b/datapath/linux/compat/vxlan.c
new file mode 100644
index 0000000..b41ecc2
--- /dev/null
+++ b/datapath/linux/compat/vxlan.c
@@ -0,0 +1,457 @@
+#include <linux/kernel.h>
+#include <linux/types.h>
+#include <linux/module.h>
+#include <linux/errno.h>
+#include <linux/slab.h>
+#include <linux/skbuff.h>
+#include <linux/rculist.h>
+#include <linux/netdevice.h>
+#include <linux/in.h>
+#include <linux/ip.h>
+#include <linux/udp.h>
+#include <linux/igmp.h>
+#include <linux/etherdevice.h>
+#include <linux/if_ether.h>
+#include <linux/if_vlan.h>
+#include <linux/hash.h>
+#include <linux/ethtool.h>
+#include <net/arp.h>
+#include <net/ndisc.h>
+#include <net/ip.h>
+#include <net/ip_tunnels.h>
+#include <net/icmp.h>
+#include <net/udp.h>
+#include <net/rtnetlink.h>
+#include <net/route.h>
+#include <net/dsfield.h>
+#include <net/inet_ecn.h>
+#include <net/net_namespace.h>
+#include <net/netns/generic.h>
+#include <net/vxlan.h>
+
+#include "checksum.h"
+#include "compat.h"
+#include "gso.h"
+#include "vlan.h"
+
+#define PORT_HASH_BITS	8
+#define PORT_HASH_SIZE  (1<<PORT_HASH_BITS)
+
+#define VXLAN_N_VID	(1u << 24)
+#define VXLAN_VID_MASK	(VXLAN_N_VID - 1)
+/* IP header + UDP + VXLAN + Ethernet header */
+#define VXLAN_HEADROOM (20 + 8 + 8 + 14)
+#define VXLAN_HLEN (sizeof(struct udphdr) + sizeof(struct vxlanhdr))
+
+#define VXLAN_FLAGS 0x08000000	/* struct vxlanhdr.vx_flags required value. */
+
+/* VXLAN protocol header */
+struct vxlanhdr {
+	__be32 vx_flags;
+	__be32 vx_vni;
+};
+
+static int vxlan_net_id;
+
+/* per-network namespace private data for this module */
+struct vxlan_net {
+	struct hlist_head sock_list[PORT_HASH_SIZE];
+	struct mutex	  sock_lock;	/* RTNL lock nests inside this lock. */
+};
+
+/* Socket hash table head */
+static inline struct hlist_head *vs_head(struct net *net, __be16 port)
+{
+	struct vxlan_net *vn = net_generic(net, vxlan_net_id);
+
+	return &vn->sock_list[hash_32(ntohs(port), PORT_HASH_BITS)];
+}
+
+/* Find VXLAN socket based on network namespace and UDP port */
+static struct vxlan_sock *vxlan_find_port(struct net *net, __be16 port)
+{
+	struct vxlan_sock *vs;
+
+	hlist_for_each_entry_rcu(vs, vs_head(net, port), hlist) {
+		if (inet_sport(vs->sock->sk) == port)
+			return vs;
+	}
+	return NULL;
+}
+
+/* Callback from net/ipv4/udp.c to receive packets */
+static int vxlan_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
+{
+	struct vxlan_handler *vh;
+	struct vxlan_sock *vs;
+	struct vxlanhdr *vxh;
+
+	/* Need Vxlan and inner Ethernet header to be present */
+	if (!pskb_may_pull(skb, VXLAN_HLEN))
+		goto error;
+
+	/* Return packets with reserved bits set */
+	vxh = (struct vxlanhdr *)(udp_hdr(skb) + 1);
+	if (vxh->vx_flags != htonl(VXLAN_FLAGS) ||
+	    (vxh->vx_vni & htonl(0xff))) {
+		printk("invalid vxlan flags=%#x vni=%#x\n",
+			ntohl(vxh->vx_flags), ntohl(vxh->vx_vni));
+		goto error;
+	}
+
+	if (iptunnel_pull_header(skb, VXLAN_HLEN, htons(ETH_P_TEB)))
+		goto drop;
+
+	vs = vxlan_find_port(sock_net(sk), inet_sport(sk));
+	if (!vs)
+		goto drop;
+
+	list_for_each_entry_rcu(vh, &vs->handler_list, node) {
+		if (vh->rcv(vh, skb, vxh->vx_vni) == PACKET_RCVD)
+			return 0;
+	}
+
+drop:
+	/* Consume bad packet */
+	kfree_skb(skb);
+	return 0;
+
+error:
+	/* Return non vxlan pkt */
+	return 1;
+}
+
+static void vxlan_sock_put(struct sk_buff *skb)
+{
+	sock_put(skb->sk);
+}
+
+/* On transmit, associate with the tunnel socket */
+static void vxlan_set_owner(struct sock *sk, struct sk_buff *skb)
+{
+	skb_orphan(skb);
+	sock_hold(sk);
+	skb->sk = sk;
+	skb->destructor = vxlan_sock_put;
+}
+
+/* Compute source port for outgoing packet
+ *   first choice to use L4 flow hash since it will spread
+ *     better and maybe available from hardware
+ *   secondary choice is to use jhash on the Ethernet header
+ */
+__be16 vxlan_src_port(__u16 port_min, __u16 port_max, struct sk_buff *skb)
+{
+	unsigned int range = (port_max - port_min) + 1;
+	u32 hash;
+
+	hash = skb_get_rxhash(skb);
+	if (!hash)
+		hash = jhash(skb->data, 2 * ETH_ALEN,
+			     (__force u32) skb->protocol);
+
+	return htons((((u64) hash * range) >> 32) + port_min);
+}
+
+static void vxlan_gso(struct sk_buff *skb)
+{
+	int udp_offset = skb_transport_offset(skb);
+	struct udphdr *uh;
+
+	uh = udp_hdr(skb);
+	uh->len = htons(skb->len - udp_offset);
+
+	/* csum segment if tunnel sets skb with csum. */
+	if (unlikely(uh->check)) {
+		struct iphdr *iph = ip_hdr(skb);
+
+		uh->check = ~csum_tcpudp_magic(iph->saddr, iph->daddr,
+					       skb->len - udp_offset,
+					       IPPROTO_UDP, 0);
+		uh->check = csum_fold(skb_checksum(skb, udp_offset,
+				      skb->len - udp_offset, 0));
+
+		if (uh->check == 0)
+			uh->check = CSUM_MANGLED_0;
+
+	}
+	skb->ip_summed = CHECKSUM_NONE;
+}
+
+static int handle_offloads(struct sk_buff *skb)
+{
+	if (skb_is_gso(skb)) {
+		OVS_GSO_CB(skb)->fix_segment = vxlan_gso;
+	} else {
+		if (skb->ip_summed != CHECKSUM_PARTIAL)
+			skb->ip_summed = CHECKSUM_NONE;
+	}
+	return 0;
+}
+
+int vxlan_xmit_skb(struct net *net, struct vxlan_handler *vh,
+		   struct rtable *rt, struct sk_buff *skb,
+		   __be32 src, __be32 dst, __u8 tos, __u8 ttl, __be16 df,
+		   __be16 src_port, __be16 dst_port, __be32 vni)
+{
+	struct vxlanhdr *vxh;
+	struct udphdr *uh;
+	int min_headroom;
+	int err;
+
+	skb_reset_inner_headers(skb);
+
+	min_headroom = LL_RESERVED_SPACE(rt_dst(rt).dev) + rt_dst(rt).header_len
+			+ VXLAN_HLEN + sizeof(struct iphdr)
+			+ (vlan_tx_tag_present(skb) ? VLAN_HLEN : 0);
+
+	/* Need space for new headers (invalidates iph ptr) */
+	err = skb_cow_head(skb, min_headroom);
+	if (unlikely(err))
+		return err;
+
+	if (unlikely(vlan_deaccel_tag(skb)))
+		return -ENOMEM;
+
+	vxh = (struct vxlanhdr *) __skb_push(skb, sizeof(*vxh));
+	vxh->vx_flags = htonl(VXLAN_FLAGS);
+	vxh->vx_vni = vni;
+
+	__skb_push(skb, sizeof(*uh));
+	skb_reset_transport_header(skb);
+	uh = udp_hdr(skb);
+
+	uh->dest = dst_port;
+	uh->source = src_port;
+
+	uh->len = htons(skb->len);
+	uh->check = 0;
+
+	vxlan_set_owner(vh->vs->sock->sk, skb);
+
+	err = handle_offloads(skb);
+	if (err)
+		return err;
+
+	return iptunnel_xmit(net, rt, skb, src, dst,
+			IPPROTO_UDP, tos, ttl, df);
+}
+
+static struct vxlan_sock *vxlan_socket_create(struct net *net, __be16 port)
+{
+	struct vxlan_sock *vs;
+	struct sock *sk;
+	struct sockaddr_in vxlan_addr = {
+		.sin_family = AF_INET,
+		.sin_addr.s_addr = htonl(INADDR_ANY),
+		.sin_port = port,
+	};
+	int rc;
+
+	vs = kmalloc(sizeof(*vs), GFP_KERNEL);
+	if (!vs)
+		return ERR_PTR(-ENOMEM);
+
+	/* Create UDP socket for encapsulation receive. */
+	rc = sock_create_kern(AF_INET, SOCK_DGRAM, IPPROTO_UDP, &vs->sock);
+	if (rc < 0) {
+		pr_debug("UDP socket create failed\n");
+		kfree(vs);
+		return ERR_PTR(rc);
+	}
+
+	/* Put in proper namespace */
+	sk = vs->sock->sk;
+	sk_change_net(sk, net);
+
+	rc = kernel_bind(vs->sock, (struct sockaddr *) &vxlan_addr,
+			 sizeof(vxlan_addr));
+	if (rc < 0) {
+		pr_debug("bind for UDP socket %pI4:%u (%d)\n",
+			 &vxlan_addr.sin_addr, ntohs(vxlan_addr.sin_port), rc);
+		sk_release_kernel(sk);
+		kfree(vs);
+		return ERR_PTR(rc);
+	}
+
+	/* Disable multicast loopback */
+	inet_sk(sk)->mc_loop = 0;
+	INIT_LIST_HEAD(&vs->handler_list);
+	hlist_add_head_rcu(&vs->hlist, vs_head(net, port));
+
+	/* Mark socket as an encapsulation socket. */
+	udp_sk(sk)->encap_type = 1;
+	udp_sk(sk)->encap_rcv = vxlan_udp_encap_recv;
+	udp_encap_enable();
+
+	return vs;
+}
+
+static void rcu_free_vs_callback(struct rcu_head *rcu)
+{
+	struct vxlan_sock *vs = container_of(rcu, struct vxlan_sock, rcu);
+
+	kfree(vs);
+}
+
+static void vxlan_socket_del(struct vxlan_sock *vs)
+{
+	if (list_empty(&vs->handler_list)) {
+		hlist_del_rcu(&vs->hlist);
+
+		sk_release_kernel(vs->sock->sk);
+		call_rcu(&vs->rcu, rcu_free_vs_callback);
+	}
+}
+
+static int vxlan_init_module(void);
+static void vxlan_cleanup_module(void);
+
+static void rcu_free_vh_callback(struct rcu_head *rcu)
+{
+	struct vxlan_handler *vh = container_of(rcu, struct vxlan_handler, rcu);
+
+	kfree(vh);
+}
+
+static void vh_del_work(struct work_struct *work)
+{
+	struct vxlan_handler *vh = container_of(work, struct vxlan_handler, del_work);
+	struct vxlan_sock *vs = vh->vs;
+	struct net *net = sock_net(vs->sock->sk);
+	struct vxlan_net *vn = net_generic(net, vxlan_net_id);
+
+	mutex_lock(&vn->sock_lock);
+
+	list_del_rcu(&vh->node);
+	call_rcu(&vh->rcu, rcu_free_vh_callback);
+	vxlan_socket_del(vs);
+
+	mutex_unlock(&vn->sock_lock);
+
+	vxlan_cleanup_module();
+}
+
+struct vxlan_handler *vxlan_handler_add(struct net *net,
+					__be16 portno, vxlan_rcv_t *rcv,
+					void *data, int priority, bool create)
+{
+	struct vxlan_net *vn;
+	struct vxlan_sock *vs;
+	struct vxlan_handler *vh;
+	struct vxlan_handler *new;
+	int err;
+
+	err = vxlan_init_module();
+	if (err)
+		return ERR_PTR(err);
+
+	vn = net_generic(net, vxlan_net_id);
+	mutex_lock(&vn->sock_lock);
+	/* Look to see if can reuse socket */
+	vs = vxlan_find_port(net, portno);
+	if (!vs) {
+		vs = vxlan_socket_create(net, portno);
+		if (IS_ERR(vs)) {
+			new = (void *) vs;
+			goto out;
+		}
+	}
+
+	/* Try existing vxlan hanlders for this socket. */
+	list_for_each_entry(vh, &vs->handler_list, node) {
+		if (vh->rcv == rcv) {
+			if (create) {
+				vxlan_socket_del(vs);
+				new = ERR_PTR(-EEXIST);
+				goto out;
+			}
+			atomic_inc(&vh->refcnt);
+			new = vh;
+			goto out;
+		}
+	}
+
+	new = kzalloc(sizeof(*new), GFP_KERNEL);
+	if (!new) {
+		vxlan_socket_del(vs);
+		new = ERR_PTR(-ENOMEM);
+		goto out;
+	}
+
+	new->rcv = rcv;
+	new->vs = vs;
+	atomic_set(&new->refcnt, 1);
+	INIT_WORK(&new->del_work, vh_del_work);
+	new->data = data;
+	new->priority = priority;
+
+	list_for_each_entry(vh, &vs->handler_list, node) {
+		if (vh->priority > priority) {
+			list_add_tail_rcu(&new->node, &vh->node);
+			goto out;
+		}
+	}
+
+	list_add_tail_rcu(&new->node, &vs->handler_list);
+out:
+	mutex_unlock(&vn->sock_lock);
+	return new;
+}
+
+void vxlan_handler_put(struct vxlan_handler *vh)
+{
+	BUG_ON(!vh->vs);
+
+	if (atomic_dec_and_test(&vh->refcnt))
+		queue_work(&vh->del_work);
+}
+
+static __net_init int vxlan_init_net(struct net *net)
+{
+	struct vxlan_net *vn = net_generic(net, vxlan_net_id);
+	unsigned int h;
+
+	mutex_init(&vn->sock_lock);
+
+	for (h = 0; h < PORT_HASH_SIZE; ++h)
+		INIT_HLIST_HEAD(&vn->sock_list[h]);
+
+	return 0;
+}
+
+static struct pernet_operations vxlan_net_ops = {
+	.init = vxlan_init_net,
+	.id   = &vxlan_net_id,
+	.size = sizeof(struct vxlan_net),
+};
+
+static int refcnt;
+static DEFINE_MUTEX(init_lock);
+DEFINE_COMPAT_PNET_REG_FUNC(gen_device);
+
+static int vxlan_init_module(void)
+{
+	int err = 0;
+
+	mutex_lock(&init_lock);
+	if (refcnt)
+		goto out;
+	err = register_pernet_device(&vxlan_net_ops);
+out:
+	if (!err)
+		refcnt++;
+	mutex_unlock(&init_lock);
+	return err;
+}
+
+static void vxlan_cleanup_module(void)
+{
+	mutex_lock(&init_lock);
+	refcnt--;
+	if (refcnt)
+		goto out;
+	unregister_pernet_device(&vxlan_net_ops);
+out:
+	mutex_unlock(&init_lock);
+}
diff --git a/datapath/vport-vxlan.c b/datapath/vport-vxlan.c
index 7ff51fd..eea5803 100644
--- a/datapath/vport-vxlan.c
+++ b/datapath/vport-vxlan.c
@@ -31,164 +31,60 @@
 #include <net/icmp.h>
 #include <net/ip.h>
 #include <net/udp.h>
+#include <net/ip_tunnels.h>
+#include <net/udp.h>
+#include <net/rtnetlink.h>
+#include <net/route.h>
+#include <net/dsfield.h>
+#include <net/inet_ecn.h>
+#include <net/net_namespace.h>
+#include <net/netns/generic.h>
+#include <net/vxlan.h>
 
 #include "datapath.h"
 #include "tunnel.h"
 #include "vport.h"
 
-#define VXLAN_FLAGS 0x08000000  /* struct vxlanhdr.vx_flags required value. */
-
-/**
- * struct vxlanhdr - VXLAN header
- * @vx_flags: Must have the exact value %VXLAN_FLAGS.
- * @vx_vni: VXLAN Network Identifier (VNI) in top 24 bits, low 8 bits zeroed.
- */
-struct vxlanhdr {
-	__be32 vx_flags;
-	__be32 vx_vni;
-};
-
-#define VXLAN_HLEN (sizeof(struct udphdr) + sizeof(struct vxlanhdr))
+#define OVS_VXLAN_RCV_PRIORITY		8
 
 /**
  * struct vxlan_port - Keeps track of open UDP ports
- * @dst_port: vxlan UDP port no.
- * @list: list element in @vxlan_ports.
- * @vxlan_rcv_socket: The socket created for this port number.
+ * @vh: vxlan_handler created for the port.
  * @name: vport name.
  */
 struct vxlan_port {
-	__be16 dst_port;
-	struct list_head list;
-	struct socket *vxlan_rcv_socket;
+	struct vxlan_handler *vh;
 	char name[IFNAMSIZ];
 };
 
-static LIST_HEAD(vxlan_ports);
-
 static inline struct vxlan_port *vxlan_vport(const struct vport *vport)
 {
 	return vport_priv(vport);
 }
 
-static struct vxlan_port *vxlan_find_port(struct net *net, __be16 port)
-{
-	struct vxlan_port *vxlan_port;
-
-	list_for_each_entry_rcu(vxlan_port, &vxlan_ports, list) {
-
-		if (vxlan_port->dst_port == port &&
-			net_eq(sock_net(vxlan_port->vxlan_rcv_socket->sk), net))
-			return vxlan_port;
-	}
-
-	return NULL;
-}
-
-static inline struct vxlanhdr *vxlan_hdr(const struct sk_buff *skb)
-{
-	return (struct vxlanhdr *)(udp_hdr(skb) + 1);
-}
-
-static void vxlan_build_header(const struct vport *vport,
-			       struct sk_buff *skb,
-			       int tunnel_hlen)
-{
-	struct vxlan_port *vxlan_port = vxlan_vport(vport);
-	struct udphdr *udph = udp_hdr(skb);
-	struct vxlanhdr *vxh = (struct vxlanhdr *)(udph + 1);
-	const struct ovs_key_ipv4_tunnel *tun_key = OVS_CB(skb)->tun_key;
-
-	udph->dest = vxlan_port->dst_port;
-	udph->source = htons(ovs_tnl_get_src_port(skb));
-	udph->check = 0;
-	udph->len = htons(skb->len - skb_transport_offset(skb));
-
-	vxh->vx_flags = htonl(VXLAN_FLAGS);
-	vxh->vx_vni = htonl(be64_to_cpu(tun_key->tun_id) << 8);
-}
-
 /* Called with rcu_read_lock and BH disabled. */
-static int vxlan_rcv(struct sock *sk, struct sk_buff *skb)
+static int vxlan_rcv(struct vxlan_handler *vh, struct sk_buff *skb, __be32 vx_vni)
 {
-	struct vxlan_port *vxlan_vport;
-	struct vxlanhdr *vxh;
+	struct vport *vport = vh->data;
 	struct iphdr *iph;
 	struct ovs_key_ipv4_tunnel tun_key;
 	__be64 key;
 
-	vxlan_vport = vxlan_find_port(dev_net(skb->dev), udp_hdr(skb)->dest);
-	if (unlikely(!vxlan_vport))
-		goto error;
-
-	if (unlikely(!pskb_may_pull(skb, VXLAN_HLEN + ETH_HLEN)))
-		goto error;
-
-	vxh = vxlan_hdr(skb);
-	if (unlikely(vxh->vx_flags != htonl(VXLAN_FLAGS) ||
-		     vxh->vx_vni & htonl(0xff)))
-		goto error;
-
-	skb_pull_rcsum(skb, VXLAN_HLEN);
-
-	key = cpu_to_be64(ntohl(vxh->vx_vni) >> 8);
-
 	/* Save outer tunnel values */
 	iph = ip_hdr(skb);
+	key = cpu_to_be64(ntohl(vx_vni) >> 8);
 	tnl_tun_key_init(&tun_key, iph, key, TUNNEL_KEY);
 
-	ovs_tnl_rcv(vport_from_priv(vxlan_vport), skb, &tun_key);
-	goto out;
-
-error:
-	kfree_skb(skb);
-out:
-	return 0;
-}
-
-/* Random value.  Irrelevant as long as it's not 0 since we set the handler. */
-#define UDP_ENCAP_VXLAN 1
-static int vxlan_socket_init(struct vxlan_port *vxlan_port, struct net *net)
-{
-	struct sockaddr_in sin;
-	int err;
-
-	err = sock_create_kern(AF_INET, SOCK_DGRAM, 0,
-			       &vxlan_port->vxlan_rcv_socket);
-	if (err)
-		goto error;
-
-	/* release net ref. */
-	sk_change_net(vxlan_port->vxlan_rcv_socket->sk, net);
-
-	sin.sin_family = AF_INET;
-	sin.sin_addr.s_addr = htonl(INADDR_ANY);
-	sin.sin_port = vxlan_port->dst_port;
-
-	err = kernel_bind(vxlan_port->vxlan_rcv_socket, (struct sockaddr *)&sin,
-			  sizeof(struct sockaddr_in));
-	if (err)
-		goto error_sock;
-
-	udp_sk(vxlan_port->vxlan_rcv_socket->sk)->encap_type = UDP_ENCAP_VXLAN;
-	udp_sk(vxlan_port->vxlan_rcv_socket->sk)->encap_rcv = vxlan_rcv;
-
-	udp_encap_enable();
-
-	return 0;
-
-error_sock:
-	sk_release_kernel(vxlan_port->vxlan_rcv_socket->sk);
-error:
-	pr_warn("cannot register vxlan protocol handler\n");
-	return err;
+	ovs_vport_receive(vport, skb, &tun_key);
+	return PACKET_RCVD;
 }
 
 static int vxlan_get_options(const struct vport *vport, struct sk_buff *skb)
 {
 	struct vxlan_port *vxlan_port = vxlan_vport(vport);
+	__be16 dst_port = inet_sport(vxlan_port->vh->vs->sock->sk);
 
-	if (nla_put_u16(skb, OVS_TUNNEL_ATTR_DST_PORT, ntohs(vxlan_port->dst_port)))
+	if (nla_put_u16(skb, OVS_TUNNEL_ATTR_DST_PORT, ntohs(dst_port)))
 		return -EMSGSIZE;
 	return 0;
 }
@@ -197,9 +93,7 @@ static void vxlan_tnl_destroy(struct vport *vport)
 {
 	struct vxlan_port *vxlan_port = vxlan_vport(vport);
 
-	list_del_rcu(&vxlan_port->list);
-	/* Release socket */
-	sk_release_kernel(vxlan_port->vxlan_rcv_socket->sk);
+	vxlan_handler_put(vxlan_port->vh);
 
 	ovs_vport_deferred_free(vport);
 }
@@ -209,10 +103,12 @@ static struct vport *vxlan_tnl_create(const struct vport_parms *parms)
 	struct net *net = ovs_dp_get_net(parms->dp);
 	struct nlattr *options = parms->options;
 	struct vxlan_port *vxlan_port;
+	struct vxlan_handler *vh;
 	struct vport *vport;
+	bool create = true;
 	struct nlattr *a;
-	int err;
 	u16 dst_port;
+	int err;
 
 	if (!options) {
 		err = -EINVAL;
@@ -227,41 +123,79 @@ static struct vport *vxlan_tnl_create(const struct vport_parms *parms)
 		goto error;
 	}
 
-	/* Verify if we already have a socket created for this port */
-	if (vxlan_find_port(net, htons(dst_port))) {
-		err = -EEXIST;
-		goto error;
-	}
-
 	vport = ovs_vport_alloc(sizeof(struct vxlan_port),
 				&ovs_vxlan_vport_ops, parms);
 	if (IS_ERR(vport))
 		return vport;
 
 	vxlan_port = vxlan_vport(vport);
-	vxlan_port->dst_port = htons(dst_port);
 	strncpy(vxlan_port->name, parms->name, IFNAMSIZ);
 
-	err = vxlan_socket_init(vxlan_port, net);
-	if (err)
-		goto error_free;
+	vh = vxlan_handler_add(net, htons(dst_port), vxlan_rcv,
+			       vport, OVS_VXLAN_RCV_PRIORITY, create);
+	if (IS_ERR(vh)) {
+		ovs_vport_free(vport);
+		return (void *)vh;
+	}
+	vxlan_port->vh = vh;
 
-	list_add_tail_rcu(&vxlan_port->list, &vxlan_ports);
 	return vport;
 
-error_free:
-	ovs_vport_free(vport);
 error:
 	return ERR_PTR(err);
 }
 
 static int vxlan_tnl_send(struct vport *vport, struct sk_buff *skb)
 {
-	if (unlikely(!OVS_CB(skb)->tun_key))
-		return -EINVAL;
+	struct vxlan_port *vxlan_port = vxlan_vport(vport);
+	__be16 dst_port = inet_sport(vxlan_port->vh->vs->sock->sk);
+	struct net *net = ovs_dp_get_net(vport->dp);
+	struct rtable *rt;
+	__be16 src_port;
+	__be32 saddr;
+	__be16 df;
+	int port_min;
+	int port_max;
+	int err;
+
+	if (unlikely(!OVS_CB(skb)->tun_key)) {
+		err = -EINVAL;
+		goto error;
+	}
 
-	return ovs_tnl_send(vport, skb, IPPROTO_UDP,
-			VXLAN_HLEN, vxlan_build_header);
+	forward_ip_summed(skb, true);
+
+	/* Route lookup */
+	saddr = OVS_CB(skb)->tun_key->ipv4_src;
+	rt = find_route(ovs_dp_get_net(vport->dp),
+			&saddr,
+			OVS_CB(skb)->tun_key->ipv4_dst,
+			IPPROTO_UDP,
+			OVS_CB(skb)->tun_key->ipv4_tos,
+			skb_get_mark(skb));
+	if (IS_ERR(rt)) {
+		err = PTR_ERR(rt);
+		goto error;
+	}
+
+	df = OVS_CB(skb)->tun_key->tun_flags & TUNNEL_DONT_FRAGMENT ?
+		htons(IP_DF) : 0;
+
+	skb->local_df = 1;
+
+	inet_get_local_port_range(&port_min, &port_max);
+	src_port = vxlan_src_port(port_min, port_max, skb);
+
+	err = vxlan_xmit_skb(net, vxlan_port->vh, rt, skb,
+			     saddr, OVS_CB(skb)->tun_key->ipv4_dst,
+			     OVS_CB(skb)->tun_key->ipv4_tos,
+			     OVS_CB(skb)->tun_key->ipv4_ttl, df,
+			     src_port, dst_port,
+			     htonl(be64_to_cpu(OVS_CB(skb)->tun_key->tun_id) << 8));
+	if (err < 0)
+		ip_rt_put(rt);
+error:
+	return err;
 }
 
 static const char *vxlan_get_name(const struct vport *vport)
-- 
1.7.1




More information about the dev mailing list