[ovs-dev] [PATCH net-next v2 2/2] datapath: Restructure vxlan tunneling.
Pravin B Shelar
pshelar at nicira.com
Tue Jul 16 16:06:31 UTC 2013
Following patch restructures vxlan tunneling so that it is more
in sync with upstream vxlan tunneling code.
Signed-off-by: Pravin Shelar <pshelar at nicira.com>
---
v1-v2:
- Added create flag to vxlan-port add.
- Moved rxhash functions to flow_dissector.c
---
datapath/compat.h | 6 +
datapath/linux/Modules.mk | 6 +-
datapath/linux/compat/flow_dissector.c | 202 +++++++++++
datapath/linux/compat/include/linux/in.h | 20 ++
datapath/linux/compat/include/linux/skbuff.h | 22 ++
datapath/linux/compat/include/net/flow_keys.h | 22 ++
datapath/linux/compat/include/net/ip.h | 7 +
datapath/linux/compat/include/net/ipv6.h | 15 +
datapath/linux/compat/include/net/vxlan.h | 43 +++
datapath/linux/compat/vxlan.c | 457 +++++++++++++++++++++++++
datapath/vport-vxlan.c | 222 +++++--------
11 files changed, 877 insertions(+), 145 deletions(-)
create mode 100644 datapath/linux/compat/flow_dissector.c
create mode 100644 datapath/linux/compat/include/net/flow_keys.h
create mode 100644 datapath/linux/compat/include/net/vxlan.h
create mode 100644 datapath/linux/compat/vxlan.c
diff --git a/datapath/compat.h b/datapath/compat.h
index a6a01d5..4dfd192 100644
--- a/datapath/compat.h
+++ b/datapath/compat.h
@@ -100,4 +100,10 @@ static inline void skb_set_mark(struct sk_buff *skb, u32 mark)
#define rt_dst(rt) (rt->u.dst)
#endif
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,33)
+#define inet_sport(sk) (inet_sk(sk)->sport)
+#else
+#define inet_sport(sk) (inet_sk(sk)->inet_sport)
+#endif
+
#endif /* compat.h */
diff --git a/datapath/linux/Modules.mk b/datapath/linux/Modules.mk
index dcacc79..edaeabb 100644
--- a/datapath/linux/Modules.mk
+++ b/datapath/linux/Modules.mk
@@ -3,6 +3,7 @@ openvswitch_sources += \
linux/compat/dev-openvswitch.c \
linux/compat/exthdrs_core.c \
linux/compat/flex_array.c \
+ linux/compat/flow_dissector.c \
linux/compat/gre.c \
linux/compat/gso.c \
linux/compat/genetlink-openvswitch.c \
@@ -14,6 +15,7 @@ openvswitch_sources += \
linux/compat/reciprocal_div.c \
linux/compat/skbuff-openvswitch.c \
linux/compat/time.c \
+ linux/compat/vxlan.c \
linux/compat/workqueue.c
openvswitch_headers += \
linux/compat/gso.h \
@@ -65,6 +67,7 @@ openvswitch_headers += \
linux/compat/include/linux/workqueue.h \
linux/compat/include/net/checksum.h \
linux/compat/include/net/dst.h \
+ linux/compat/include/net/flow_keys.h \
linux/compat/include/net/genetlink.h \
linux/compat/include/net/gre.h \
linux/compat/include/net/inet_frag.h \
@@ -76,4 +79,5 @@ openvswitch_headers += \
linux/compat/include/net/protocol.h \
linux/compat/include/net/route.h \
linux/compat/include/net/sock.h \
- linux/compat/include/net/netns/generic.h
+ linux/compat/include/net/netns/generic.h \
+ linux/compat/include/net/vxlan.h
diff --git a/datapath/linux/compat/flow_dissector.c b/datapath/linux/compat/flow_dissector.c
new file mode 100644
index 0000000..f5fca26
--- /dev/null
+++ b/datapath/linux/compat/flow_dissector.c
@@ -0,0 +1,202 @@
+
+#include <linux/ip.h>
+#include <linux/ipv6.h>
+#include <linux/if_vlan.h>
+#include <net/ip.h>
+#include <net/ipv6.h>
+#include <linux/igmp.h>
+#include <linux/icmp.h>
+#include <linux/sctp.h>
+#include <linux/dccp.h>
+#include <linux/if_tunnel.h>
+#include <linux/if_pppox.h>
+#include <linux/ppp_defs.h>
+#include <net/flow_keys.h>
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,37)
+
+/* copy saddr & daddr, possibly using 64bit load/store
+ * Equivalent to : flow->src = iph->saddr;
+ * flow->dst = iph->daddr;
+ */
+static void iph_to_flow_copy_addrs(struct flow_keys *flow, const struct iphdr *iph)
+{
+ BUILD_BUG_ON(offsetof(typeof(*flow), dst) !=
+ offsetof(typeof(*flow), src) + sizeof(flow->src));
+ memcpy(&flow->src, &iph->saddr, sizeof(flow->src) + sizeof(flow->dst));
+}
+
+static bool skb_flow_dissect(const struct sk_buff *skb, struct flow_keys *flow)
+{
+ int poff, nhoff = skb_network_offset(skb);
+ u8 ip_proto;
+ __be16 proto = skb->protocol;
+
+ memset(flow, 0, sizeof(*flow));
+
+again:
+ switch (proto) {
+ case __constant_htons(ETH_P_IP): {
+ const struct iphdr *iph;
+ struct iphdr _iph;
+ip:
+ iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
+ if (!iph)
+ return false;
+
+ if (ip_is_fragment(iph))
+ ip_proto = 0;
+ else
+ ip_proto = iph->protocol;
+ iph_to_flow_copy_addrs(flow, iph);
+ nhoff += iph->ihl * 4;
+ break;
+ }
+ case __constant_htons(ETH_P_IPV6): {
+ const struct ipv6hdr *iph;
+ struct ipv6hdr _iph;
+ipv6:
+ iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
+ if (!iph)
+ return false;
+
+ ip_proto = iph->nexthdr;
+ flow->src = (__force __be32)ipv6_addr_hash(&iph->saddr);
+ flow->dst = (__force __be32)ipv6_addr_hash(&iph->daddr);
+ nhoff += sizeof(struct ipv6hdr);
+ break;
+ }
+ case __constant_htons(ETH_P_8021Q): {
+ const struct vlan_hdr *vlan;
+ struct vlan_hdr _vlan;
+
+ vlan = skb_header_pointer(skb, nhoff, sizeof(_vlan), &_vlan);
+ if (!vlan)
+ return false;
+
+ proto = vlan->h_vlan_encapsulated_proto;
+ nhoff += sizeof(*vlan);
+ goto again;
+ }
+ case __constant_htons(ETH_P_PPP_SES): {
+ struct {
+ struct pppoe_hdr hdr;
+ __be16 proto;
+ } *hdr, _hdr;
+ hdr = skb_header_pointer(skb, nhoff, sizeof(_hdr), &_hdr);
+ if (!hdr)
+ return false;
+ proto = hdr->proto;
+ nhoff += PPPOE_SES_HLEN;
+ switch (proto) {
+ case __constant_htons(PPP_IP):
+ goto ip;
+ case __constant_htons(PPP_IPV6):
+ goto ipv6;
+ default:
+ return false;
+ }
+ }
+ default:
+ return false;
+ }
+
+ switch (ip_proto) {
+ case IPPROTO_GRE: {
+ struct gre_hdr {
+ __be16 flags;
+ __be16 proto;
+ } *hdr, _hdr;
+
+ hdr = skb_header_pointer(skb, nhoff, sizeof(_hdr), &_hdr);
+ if (!hdr)
+ return false;
+ /*
+ * Only look inside GRE if version zero and no
+ * routing
+ */
+ if (!(hdr->flags & (GRE_VERSION|GRE_ROUTING))) {
+ proto = hdr->proto;
+ nhoff += 4;
+ if (hdr->flags & GRE_CSUM)
+ nhoff += 4;
+ if (hdr->flags & GRE_KEY)
+ nhoff += 4;
+ if (hdr->flags & GRE_SEQ)
+ nhoff += 4;
+ if (proto == htons(ETH_P_TEB)) {
+ const struct ethhdr *eth;
+ struct ethhdr _eth;
+
+ eth = skb_header_pointer(skb, nhoff,
+ sizeof(_eth), &_eth);
+ if (!eth)
+ return false;
+ proto = eth->h_proto;
+ nhoff += sizeof(*eth);
+ }
+ goto again;
+ }
+ break;
+ }
+ case IPPROTO_IPIP:
+ goto again;
+ default:
+ break;
+ }
+
+ flow->ip_proto = ip_proto;
+ poff = proto_ports_offset(ip_proto);
+ if (poff >= 0) {
+ __be32 *ports, _ports;
+
+ nhoff += poff;
+ ports = skb_header_pointer(skb, nhoff, sizeof(_ports), &_ports);
+ if (ports)
+ flow->ports = *ports;
+ }
+
+ flow->thoff = (u16) nhoff;
+
+ return true;
+}
+
+static u32 hashrnd __read_mostly;
+
+static void init_hashrnd(void)
+{
+ if (likely(hashrnd))
+ return;
+ get_random_bytes(&hashrnd, sizeof(hashrnd));
+}
+
+u32 __skb_get_rxhash(struct sk_buff *skb)
+{
+ struct flow_keys keys;
+ u32 hash;
+
+ if (!skb_flow_dissect(skb, &keys))
+ return 0;
+
+ /* get a consistent hash (same value on both flow directions) */
+ if (((__force u32)keys.dst < (__force u32)keys.src) ||
+ (((__force u32)keys.dst == (__force u32)keys.src) &&
+ ((__force u16)keys.port16[1] < (__force u16)keys.port16[0]))) {
+ swap(keys.dst, keys.src);
+ swap(keys.port16[0], keys.port16[1]);
+ }
+
+ init_hashrnd();
+
+ hash = jhash_3words((__force u32)keys.dst,
+ (__force u32)keys.src,
+ (__force u32)keys.ports, hashrnd);
+ if (!hash)
+ hash = 1;
+
+#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,34)
+ skb->rxhash = hash;
+#endif
+ return hash;
+}
+#endif
diff --git a/datapath/linux/compat/include/linux/in.h b/datapath/linux/compat/include/linux/in.h
index f91a832..fa2e026 100644
--- a/datapath/linux/compat/include/linux/in.h
+++ b/datapath/linux/compat/include/linux/in.h
@@ -3,6 +3,26 @@
#include_next <linux/in.h>
+#include <linux/module.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,37)
+static inline int proto_ports_offset(int proto)
+{
+ switch (proto) {
+ case IPPROTO_TCP:
+ case IPPROTO_UDP:
+ case IPPROTO_DCCP:
+ case IPPROTO_ESP: /* SPI */
+ case IPPROTO_SCTP:
+ case IPPROTO_UDPLITE:
+ return 0;
+ case IPPROTO_AH: /* SPI */
+ return 4;
+ default:
+ return -EINVAL;
+ }
+}
+#endif
+
#ifndef HAVE_IPV4_IS_MULTICAST
static inline bool ipv4_is_loopback(__be32 addr)
diff --git a/datapath/linux/compat/include/linux/skbuff.h b/datapath/linux/compat/include/linux/skbuff.h
index d485b39..c9c103d 100644
--- a/datapath/linux/compat/include/linux/skbuff.h
+++ b/datapath/linux/compat/include/linux/skbuff.h
@@ -251,4 +251,26 @@ static inline void skb_reset_mac_len(struct sk_buff *skb)
skb->mac_len = skb->network_header - skb->mac_header;
}
#endif
+
+static inline int skb_unclone(struct sk_buff *skb, gfp_t pri)
+{
+ might_sleep_if(pri & __GFP_WAIT);
+
+ if (skb_cloned(skb))
+ return pskb_expand_head(skb, 0, 0, pri);
+
+ return 0;
+}
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,37)
+extern u32 __skb_get_rxhash(struct sk_buff *skb);
+static inline __u32 skb_get_rxhash(struct sk_buff *skb)
+{
+#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,34)
+ if (!skb->rxhash)
+#endif
+ return __skb_get_rxhash(skb);
+}
+#endif
+
#endif
diff --git a/datapath/linux/compat/include/net/flow_keys.h b/datapath/linux/compat/include/net/flow_keys.h
new file mode 100644
index 0000000..4de17d1
--- /dev/null
+++ b/datapath/linux/compat/include/net/flow_keys.h
@@ -0,0 +1,22 @@
+#ifndef _NET_FLOW_KEYS_WRAPPER_H
+#define _NET_FLOW_KEYS_WRAPPER_H
+
+#include <linux/version.h>
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,3,0)
+#include_next <net/flow_keys.h>
+#else
+struct flow_keys {
+ /* (src,dst) must be grouped, in the same way than in IP header */
+ __be32 src;
+ __be32 dst;
+ union {
+ __be32 ports;
+ __be16 port16[2];
+ };
+ u16 thoff;
+ u8 ip_proto;
+};
+#endif
+
+#endif
diff --git a/datapath/linux/compat/include/net/ip.h b/datapath/linux/compat/include/net/ip.h
index b18b968..1dccdea 100644
--- a/datapath/linux/compat/include/net/ip.h
+++ b/datapath/linux/compat/include/net/ip.h
@@ -11,4 +11,11 @@ extern int ip_local_out(struct sk_buff *skb);
#endif /* linux kernel < 2.6.25 */
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3,1,0)
+static inline bool ip_is_fragment(const struct iphdr *iph)
+{
+ return (iph->frag_off & htons(IP_MF | IP_OFFSET)) != 0;
+}
+#endif
+
#endif
diff --git a/datapath/linux/compat/include/net/ipv6.h b/datapath/linux/compat/include/net/ipv6.h
index d1e3248..7ab234a 100644
--- a/datapath/linux/compat/include/net/ipv6.h
+++ b/datapath/linux/compat/include/net/ipv6.h
@@ -23,4 +23,19 @@ enum {
extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
int target, unsigned short *fragoff, int *fragflg);
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3,4,0)
+static inline u32 ipv6_addr_hash(const struct in6_addr *a)
+{
+#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
+ const unsigned long *ul = (const unsigned long *)a;
+ unsigned long x = ul[0] ^ ul[1];
+
+ return (u32)(x ^ (x >> 32));
+#else
+ return (__force u32)(a->s6_addr32[0] ^ a->s6_addr32[1] ^
+ a->s6_addr32[2] ^ a->s6_addr32[3]);
+#endif
+}
+#endif
+
#endif
diff --git a/datapath/linux/compat/include/net/vxlan.h b/datapath/linux/compat/include/net/vxlan.h
new file mode 100644
index 0000000..102bc0c
--- /dev/null
+++ b/datapath/linux/compat/include/net/vxlan.h
@@ -0,0 +1,43 @@
+#ifndef __NET_VXLAN_WRAPPER_H
+#define __NET_VXLAN_WRAPPER_H 1
+
+#include <linux/skbuff.h>
+#include <linux/netdevice.h>
+#include <linux/udp.h>
+
+/* per UDP socket information */
+struct vxlan_sock {
+ struct hlist_node hlist;
+ struct rcu_head rcu;
+ struct socket *sock;
+ struct list_head handler_list;
+};
+
+struct vxlan_handler;
+typedef int (vxlan_rcv_t)(struct vxlan_handler *vh, struct sk_buff *skb, __be32 key);
+
+struct vxlan_handler {
+ vxlan_rcv_t *rcv;
+ struct list_head node;
+ void *data;
+ struct vxlan_sock *vs;
+ atomic_t refcnt;
+ struct rcu_head rcu;
+ struct work_struct del_work;
+ int priority;
+};
+
+void vxlan_handler_put(struct vxlan_handler *vh);
+
+struct vxlan_handler *vxlan_handler_add(struct net *net,
+ __be16 portno, vxlan_rcv_t *rcv,
+ void *data, int priority, bool create);
+
+int vxlan_xmit_skb(struct net *net, struct vxlan_handler *vh,
+ struct rtable *rt, struct sk_buff *skb,
+ __be32 src, __be32 dst, __u8 tos, __u8 ttl, __be16 df,
+ __be16 src_port, __be16 dst_port, __be32 vni);
+
+__be16 vxlan_src_port(__u16 port_min, __u16 port_max, struct sk_buff *skb);
+
+#endif
diff --git a/datapath/linux/compat/vxlan.c b/datapath/linux/compat/vxlan.c
new file mode 100644
index 0000000..b41ecc2
--- /dev/null
+++ b/datapath/linux/compat/vxlan.c
@@ -0,0 +1,457 @@
+#include <linux/kernel.h>
+#include <linux/types.h>
+#include <linux/module.h>
+#include <linux/errno.h>
+#include <linux/slab.h>
+#include <linux/skbuff.h>
+#include <linux/rculist.h>
+#include <linux/netdevice.h>
+#include <linux/in.h>
+#include <linux/ip.h>
+#include <linux/udp.h>
+#include <linux/igmp.h>
+#include <linux/etherdevice.h>
+#include <linux/if_ether.h>
+#include <linux/if_vlan.h>
+#include <linux/hash.h>
+#include <linux/ethtool.h>
+#include <net/arp.h>
+#include <net/ndisc.h>
+#include <net/ip.h>
+#include <net/ip_tunnels.h>
+#include <net/icmp.h>
+#include <net/udp.h>
+#include <net/rtnetlink.h>
+#include <net/route.h>
+#include <net/dsfield.h>
+#include <net/inet_ecn.h>
+#include <net/net_namespace.h>
+#include <net/netns/generic.h>
+#include <net/vxlan.h>
+
+#include "checksum.h"
+#include "compat.h"
+#include "gso.h"
+#include "vlan.h"
+
+#define PORT_HASH_BITS 8
+#define PORT_HASH_SIZE (1<<PORT_HASH_BITS)
+
+#define VXLAN_N_VID (1u << 24)
+#define VXLAN_VID_MASK (VXLAN_N_VID - 1)
+/* IP header + UDP + VXLAN + Ethernet header */
+#define VXLAN_HEADROOM (20 + 8 + 8 + 14)
+#define VXLAN_HLEN (sizeof(struct udphdr) + sizeof(struct vxlanhdr))
+
+#define VXLAN_FLAGS 0x08000000 /* struct vxlanhdr.vx_flags required value. */
+
+/* VXLAN protocol header */
+struct vxlanhdr {
+ __be32 vx_flags;
+ __be32 vx_vni;
+};
+
+static int vxlan_net_id;
+
+/* per-network namespace private data for this module */
+struct vxlan_net {
+ struct hlist_head sock_list[PORT_HASH_SIZE];
+ struct mutex sock_lock; /* RTNL lock nests inside this lock. */
+};
+
+/* Socket hash table head */
+static inline struct hlist_head *vs_head(struct net *net, __be16 port)
+{
+ struct vxlan_net *vn = net_generic(net, vxlan_net_id);
+
+ return &vn->sock_list[hash_32(ntohs(port), PORT_HASH_BITS)];
+}
+
+/* Find VXLAN socket based on network namespace and UDP port */
+static struct vxlan_sock *vxlan_find_port(struct net *net, __be16 port)
+{
+ struct vxlan_sock *vs;
+
+ hlist_for_each_entry_rcu(vs, vs_head(net, port), hlist) {
+ if (inet_sport(vs->sock->sk) == port)
+ return vs;
+ }
+ return NULL;
+}
+
+/* Callback from net/ipv4/udp.c to receive packets */
+static int vxlan_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
+{
+ struct vxlan_handler *vh;
+ struct vxlan_sock *vs;
+ struct vxlanhdr *vxh;
+
+ /* Need Vxlan and inner Ethernet header to be present */
+ if (!pskb_may_pull(skb, VXLAN_HLEN))
+ goto error;
+
+ /* Return packets with reserved bits set */
+ vxh = (struct vxlanhdr *)(udp_hdr(skb) + 1);
+ if (vxh->vx_flags != htonl(VXLAN_FLAGS) ||
+ (vxh->vx_vni & htonl(0xff))) {
+ printk("invalid vxlan flags=%#x vni=%#x\n",
+ ntohl(vxh->vx_flags), ntohl(vxh->vx_vni));
+ goto error;
+ }
+
+ if (iptunnel_pull_header(skb, VXLAN_HLEN, htons(ETH_P_TEB)))
+ goto drop;
+
+ vs = vxlan_find_port(sock_net(sk), inet_sport(sk));
+ if (!vs)
+ goto drop;
+
+ list_for_each_entry_rcu(vh, &vs->handler_list, node) {
+ if (vh->rcv(vh, skb, vxh->vx_vni) == PACKET_RCVD)
+ return 0;
+ }
+
+drop:
+ /* Consume bad packet */
+ kfree_skb(skb);
+ return 0;
+
+error:
+ /* Return non vxlan pkt */
+ return 1;
+}
+
+static void vxlan_sock_put(struct sk_buff *skb)
+{
+ sock_put(skb->sk);
+}
+
+/* On transmit, associate with the tunnel socket */
+static void vxlan_set_owner(struct sock *sk, struct sk_buff *skb)
+{
+ skb_orphan(skb);
+ sock_hold(sk);
+ skb->sk = sk;
+ skb->destructor = vxlan_sock_put;
+}
+
+/* Compute source port for outgoing packet
+ * first choice to use L4 flow hash since it will spread
+ * better and maybe available from hardware
+ * secondary choice is to use jhash on the Ethernet header
+ */
+__be16 vxlan_src_port(__u16 port_min, __u16 port_max, struct sk_buff *skb)
+{
+ unsigned int range = (port_max - port_min) + 1;
+ u32 hash;
+
+ hash = skb_get_rxhash(skb);
+ if (!hash)
+ hash = jhash(skb->data, 2 * ETH_ALEN,
+ (__force u32) skb->protocol);
+
+ return htons((((u64) hash * range) >> 32) + port_min);
+}
+
+static void vxlan_gso(struct sk_buff *skb)
+{
+ int udp_offset = skb_transport_offset(skb);
+ struct udphdr *uh;
+
+ uh = udp_hdr(skb);
+ uh->len = htons(skb->len - udp_offset);
+
+ /* csum segment if tunnel sets skb with csum. */
+ if (unlikely(uh->check)) {
+ struct iphdr *iph = ip_hdr(skb);
+
+ uh->check = ~csum_tcpudp_magic(iph->saddr, iph->daddr,
+ skb->len - udp_offset,
+ IPPROTO_UDP, 0);
+ uh->check = csum_fold(skb_checksum(skb, udp_offset,
+ skb->len - udp_offset, 0));
+
+ if (uh->check == 0)
+ uh->check = CSUM_MANGLED_0;
+
+ }
+ skb->ip_summed = CHECKSUM_NONE;
+}
+
+static int handle_offloads(struct sk_buff *skb)
+{
+ if (skb_is_gso(skb)) {
+ OVS_GSO_CB(skb)->fix_segment = vxlan_gso;
+ } else {
+ if (skb->ip_summed != CHECKSUM_PARTIAL)
+ skb->ip_summed = CHECKSUM_NONE;
+ }
+ return 0;
+}
+
+int vxlan_xmit_skb(struct net *net, struct vxlan_handler *vh,
+ struct rtable *rt, struct sk_buff *skb,
+ __be32 src, __be32 dst, __u8 tos, __u8 ttl, __be16 df,
+ __be16 src_port, __be16 dst_port, __be32 vni)
+{
+ struct vxlanhdr *vxh;
+ struct udphdr *uh;
+ int min_headroom;
+ int err;
+
+ skb_reset_inner_headers(skb);
+
+ min_headroom = LL_RESERVED_SPACE(rt_dst(rt).dev) + rt_dst(rt).header_len
+ + VXLAN_HLEN + sizeof(struct iphdr)
+ + (vlan_tx_tag_present(skb) ? VLAN_HLEN : 0);
+
+ /* Need space for new headers (invalidates iph ptr) */
+ err = skb_cow_head(skb, min_headroom);
+ if (unlikely(err))
+ return err;
+
+ if (unlikely(vlan_deaccel_tag(skb)))
+ return -ENOMEM;
+
+ vxh = (struct vxlanhdr *) __skb_push(skb, sizeof(*vxh));
+ vxh->vx_flags = htonl(VXLAN_FLAGS);
+ vxh->vx_vni = vni;
+
+ __skb_push(skb, sizeof(*uh));
+ skb_reset_transport_header(skb);
+ uh = udp_hdr(skb);
+
+ uh->dest = dst_port;
+ uh->source = src_port;
+
+ uh->len = htons(skb->len);
+ uh->check = 0;
+
+ vxlan_set_owner(vh->vs->sock->sk, skb);
+
+ err = handle_offloads(skb);
+ if (err)
+ return err;
+
+ return iptunnel_xmit(net, rt, skb, src, dst,
+ IPPROTO_UDP, tos, ttl, df);
+}
+
+static struct vxlan_sock *vxlan_socket_create(struct net *net, __be16 port)
+{
+ struct vxlan_sock *vs;
+ struct sock *sk;
+ struct sockaddr_in vxlan_addr = {
+ .sin_family = AF_INET,
+ .sin_addr.s_addr = htonl(INADDR_ANY),
+ .sin_port = port,
+ };
+ int rc;
+
+ vs = kmalloc(sizeof(*vs), GFP_KERNEL);
+ if (!vs)
+ return ERR_PTR(-ENOMEM);
+
+ /* Create UDP socket for encapsulation receive. */
+ rc = sock_create_kern(AF_INET, SOCK_DGRAM, IPPROTO_UDP, &vs->sock);
+ if (rc < 0) {
+ pr_debug("UDP socket create failed\n");
+ kfree(vs);
+ return ERR_PTR(rc);
+ }
+
+ /* Put in proper namespace */
+ sk = vs->sock->sk;
+ sk_change_net(sk, net);
+
+ rc = kernel_bind(vs->sock, (struct sockaddr *) &vxlan_addr,
+ sizeof(vxlan_addr));
+ if (rc < 0) {
+ pr_debug("bind for UDP socket %pI4:%u (%d)\n",
+ &vxlan_addr.sin_addr, ntohs(vxlan_addr.sin_port), rc);
+ sk_release_kernel(sk);
+ kfree(vs);
+ return ERR_PTR(rc);
+ }
+
+ /* Disable multicast loopback */
+ inet_sk(sk)->mc_loop = 0;
+ INIT_LIST_HEAD(&vs->handler_list);
+ hlist_add_head_rcu(&vs->hlist, vs_head(net, port));
+
+ /* Mark socket as an encapsulation socket. */
+ udp_sk(sk)->encap_type = 1;
+ udp_sk(sk)->encap_rcv = vxlan_udp_encap_recv;
+ udp_encap_enable();
+
+ return vs;
+}
+
+static void rcu_free_vs_callback(struct rcu_head *rcu)
+{
+ struct vxlan_sock *vs = container_of(rcu, struct vxlan_sock, rcu);
+
+ kfree(vs);
+}
+
+static void vxlan_socket_del(struct vxlan_sock *vs)
+{
+ if (list_empty(&vs->handler_list)) {
+ hlist_del_rcu(&vs->hlist);
+
+ sk_release_kernel(vs->sock->sk);
+ call_rcu(&vs->rcu, rcu_free_vs_callback);
+ }
+}
+
+static int vxlan_init_module(void);
+static void vxlan_cleanup_module(void);
+
+static void rcu_free_vh_callback(struct rcu_head *rcu)
+{
+ struct vxlan_handler *vh = container_of(rcu, struct vxlan_handler, rcu);
+
+ kfree(vh);
+}
+
+static void vh_del_work(struct work_struct *work)
+{
+ struct vxlan_handler *vh = container_of(work, struct vxlan_handler, del_work);
+ struct vxlan_sock *vs = vh->vs;
+ struct net *net = sock_net(vs->sock->sk);
+ struct vxlan_net *vn = net_generic(net, vxlan_net_id);
+
+ mutex_lock(&vn->sock_lock);
+
+ list_del_rcu(&vh->node);
+ call_rcu(&vh->rcu, rcu_free_vh_callback);
+ vxlan_socket_del(vs);
+
+ mutex_unlock(&vn->sock_lock);
+
+ vxlan_cleanup_module();
+}
+
+struct vxlan_handler *vxlan_handler_add(struct net *net,
+ __be16 portno, vxlan_rcv_t *rcv,
+ void *data, int priority, bool create)
+{
+ struct vxlan_net *vn;
+ struct vxlan_sock *vs;
+ struct vxlan_handler *vh;
+ struct vxlan_handler *new;
+ int err;
+
+ err = vxlan_init_module();
+ if (err)
+ return ERR_PTR(err);
+
+ vn = net_generic(net, vxlan_net_id);
+ mutex_lock(&vn->sock_lock);
+ /* Look to see if can reuse socket */
+ vs = vxlan_find_port(net, portno);
+ if (!vs) {
+ vs = vxlan_socket_create(net, portno);
+ if (IS_ERR(vs)) {
+ new = (void *) vs;
+ goto out;
+ }
+ }
+
+ /* Try existing vxlan hanlders for this socket. */
+ list_for_each_entry(vh, &vs->handler_list, node) {
+ if (vh->rcv == rcv) {
+ if (create) {
+ vxlan_socket_del(vs);
+ new = ERR_PTR(-EEXIST);
+ goto out;
+ }
+ atomic_inc(&vh->refcnt);
+ new = vh;
+ goto out;
+ }
+ }
+
+ new = kzalloc(sizeof(*new), GFP_KERNEL);
+ if (!new) {
+ vxlan_socket_del(vs);
+ new = ERR_PTR(-ENOMEM);
+ goto out;
+ }
+
+ new->rcv = rcv;
+ new->vs = vs;
+ atomic_set(&new->refcnt, 1);
+ INIT_WORK(&new->del_work, vh_del_work);
+ new->data = data;
+ new->priority = priority;
+
+ list_for_each_entry(vh, &vs->handler_list, node) {
+ if (vh->priority > priority) {
+ list_add_tail_rcu(&new->node, &vh->node);
+ goto out;
+ }
+ }
+
+ list_add_tail_rcu(&new->node, &vs->handler_list);
+out:
+ mutex_unlock(&vn->sock_lock);
+ return new;
+}
+
+void vxlan_handler_put(struct vxlan_handler *vh)
+{
+ BUG_ON(!vh->vs);
+
+ if (atomic_dec_and_test(&vh->refcnt))
+ queue_work(&vh->del_work);
+}
+
+static __net_init int vxlan_init_net(struct net *net)
+{
+ struct vxlan_net *vn = net_generic(net, vxlan_net_id);
+ unsigned int h;
+
+ mutex_init(&vn->sock_lock);
+
+ for (h = 0; h < PORT_HASH_SIZE; ++h)
+ INIT_HLIST_HEAD(&vn->sock_list[h]);
+
+ return 0;
+}
+
+static struct pernet_operations vxlan_net_ops = {
+ .init = vxlan_init_net,
+ .id = &vxlan_net_id,
+ .size = sizeof(struct vxlan_net),
+};
+
+static int refcnt;
+static DEFINE_MUTEX(init_lock);
+DEFINE_COMPAT_PNET_REG_FUNC(gen_device);
+
+static int vxlan_init_module(void)
+{
+ int err = 0;
+
+ mutex_lock(&init_lock);
+ if (refcnt)
+ goto out;
+ err = register_pernet_device(&vxlan_net_ops);
+out:
+ if (!err)
+ refcnt++;
+ mutex_unlock(&init_lock);
+ return err;
+}
+
+static void vxlan_cleanup_module(void)
+{
+ mutex_lock(&init_lock);
+ refcnt--;
+ if (refcnt)
+ goto out;
+ unregister_pernet_device(&vxlan_net_ops);
+out:
+ mutex_unlock(&init_lock);
+}
diff --git a/datapath/vport-vxlan.c b/datapath/vport-vxlan.c
index 7ff51fd..eea5803 100644
--- a/datapath/vport-vxlan.c
+++ b/datapath/vport-vxlan.c
@@ -31,164 +31,60 @@
#include <net/icmp.h>
#include <net/ip.h>
#include <net/udp.h>
+#include <net/ip_tunnels.h>
+#include <net/udp.h>
+#include <net/rtnetlink.h>
+#include <net/route.h>
+#include <net/dsfield.h>
+#include <net/inet_ecn.h>
+#include <net/net_namespace.h>
+#include <net/netns/generic.h>
+#include <net/vxlan.h>
#include "datapath.h"
#include "tunnel.h"
#include "vport.h"
-#define VXLAN_FLAGS 0x08000000 /* struct vxlanhdr.vx_flags required value. */
-
-/**
- * struct vxlanhdr - VXLAN header
- * @vx_flags: Must have the exact value %VXLAN_FLAGS.
- * @vx_vni: VXLAN Network Identifier (VNI) in top 24 bits, low 8 bits zeroed.
- */
-struct vxlanhdr {
- __be32 vx_flags;
- __be32 vx_vni;
-};
-
-#define VXLAN_HLEN (sizeof(struct udphdr) + sizeof(struct vxlanhdr))
+#define OVS_VXLAN_RCV_PRIORITY 8
/**
* struct vxlan_port - Keeps track of open UDP ports
- * @dst_port: vxlan UDP port no.
- * @list: list element in @vxlan_ports.
- * @vxlan_rcv_socket: The socket created for this port number.
+ * @vh: vxlan_handler created for the port.
* @name: vport name.
*/
struct vxlan_port {
- __be16 dst_port;
- struct list_head list;
- struct socket *vxlan_rcv_socket;
+ struct vxlan_handler *vh;
char name[IFNAMSIZ];
};
-static LIST_HEAD(vxlan_ports);
-
static inline struct vxlan_port *vxlan_vport(const struct vport *vport)
{
return vport_priv(vport);
}
-static struct vxlan_port *vxlan_find_port(struct net *net, __be16 port)
-{
- struct vxlan_port *vxlan_port;
-
- list_for_each_entry_rcu(vxlan_port, &vxlan_ports, list) {
-
- if (vxlan_port->dst_port == port &&
- net_eq(sock_net(vxlan_port->vxlan_rcv_socket->sk), net))
- return vxlan_port;
- }
-
- return NULL;
-}
-
-static inline struct vxlanhdr *vxlan_hdr(const struct sk_buff *skb)
-{
- return (struct vxlanhdr *)(udp_hdr(skb) + 1);
-}
-
-static void vxlan_build_header(const struct vport *vport,
- struct sk_buff *skb,
- int tunnel_hlen)
-{
- struct vxlan_port *vxlan_port = vxlan_vport(vport);
- struct udphdr *udph = udp_hdr(skb);
- struct vxlanhdr *vxh = (struct vxlanhdr *)(udph + 1);
- const struct ovs_key_ipv4_tunnel *tun_key = OVS_CB(skb)->tun_key;
-
- udph->dest = vxlan_port->dst_port;
- udph->source = htons(ovs_tnl_get_src_port(skb));
- udph->check = 0;
- udph->len = htons(skb->len - skb_transport_offset(skb));
-
- vxh->vx_flags = htonl(VXLAN_FLAGS);
- vxh->vx_vni = htonl(be64_to_cpu(tun_key->tun_id) << 8);
-}
-
/* Called with rcu_read_lock and BH disabled. */
-static int vxlan_rcv(struct sock *sk, struct sk_buff *skb)
+static int vxlan_rcv(struct vxlan_handler *vh, struct sk_buff *skb, __be32 vx_vni)
{
- struct vxlan_port *vxlan_vport;
- struct vxlanhdr *vxh;
+ struct vport *vport = vh->data;
struct iphdr *iph;
struct ovs_key_ipv4_tunnel tun_key;
__be64 key;
- vxlan_vport = vxlan_find_port(dev_net(skb->dev), udp_hdr(skb)->dest);
- if (unlikely(!vxlan_vport))
- goto error;
-
- if (unlikely(!pskb_may_pull(skb, VXLAN_HLEN + ETH_HLEN)))
- goto error;
-
- vxh = vxlan_hdr(skb);
- if (unlikely(vxh->vx_flags != htonl(VXLAN_FLAGS) ||
- vxh->vx_vni & htonl(0xff)))
- goto error;
-
- skb_pull_rcsum(skb, VXLAN_HLEN);
-
- key = cpu_to_be64(ntohl(vxh->vx_vni) >> 8);
-
/* Save outer tunnel values */
iph = ip_hdr(skb);
+ key = cpu_to_be64(ntohl(vx_vni) >> 8);
tnl_tun_key_init(&tun_key, iph, key, TUNNEL_KEY);
- ovs_tnl_rcv(vport_from_priv(vxlan_vport), skb, &tun_key);
- goto out;
-
-error:
- kfree_skb(skb);
-out:
- return 0;
-}
-
-/* Random value. Irrelevant as long as it's not 0 since we set the handler. */
-#define UDP_ENCAP_VXLAN 1
-static int vxlan_socket_init(struct vxlan_port *vxlan_port, struct net *net)
-{
- struct sockaddr_in sin;
- int err;
-
- err = sock_create_kern(AF_INET, SOCK_DGRAM, 0,
- &vxlan_port->vxlan_rcv_socket);
- if (err)
- goto error;
-
- /* release net ref. */
- sk_change_net(vxlan_port->vxlan_rcv_socket->sk, net);
-
- sin.sin_family = AF_INET;
- sin.sin_addr.s_addr = htonl(INADDR_ANY);
- sin.sin_port = vxlan_port->dst_port;
-
- err = kernel_bind(vxlan_port->vxlan_rcv_socket, (struct sockaddr *)&sin,
- sizeof(struct sockaddr_in));
- if (err)
- goto error_sock;
-
- udp_sk(vxlan_port->vxlan_rcv_socket->sk)->encap_type = UDP_ENCAP_VXLAN;
- udp_sk(vxlan_port->vxlan_rcv_socket->sk)->encap_rcv = vxlan_rcv;
-
- udp_encap_enable();
-
- return 0;
-
-error_sock:
- sk_release_kernel(vxlan_port->vxlan_rcv_socket->sk);
-error:
- pr_warn("cannot register vxlan protocol handler\n");
- return err;
+ ovs_vport_receive(vport, skb, &tun_key);
+ return PACKET_RCVD;
}
static int vxlan_get_options(const struct vport *vport, struct sk_buff *skb)
{
struct vxlan_port *vxlan_port = vxlan_vport(vport);
+ __be16 dst_port = inet_sport(vxlan_port->vh->vs->sock->sk);
- if (nla_put_u16(skb, OVS_TUNNEL_ATTR_DST_PORT, ntohs(vxlan_port->dst_port)))
+ if (nla_put_u16(skb, OVS_TUNNEL_ATTR_DST_PORT, ntohs(dst_port)))
return -EMSGSIZE;
return 0;
}
@@ -197,9 +93,7 @@ static void vxlan_tnl_destroy(struct vport *vport)
{
struct vxlan_port *vxlan_port = vxlan_vport(vport);
- list_del_rcu(&vxlan_port->list);
- /* Release socket */
- sk_release_kernel(vxlan_port->vxlan_rcv_socket->sk);
+ vxlan_handler_put(vxlan_port->vh);
ovs_vport_deferred_free(vport);
}
@@ -209,10 +103,12 @@ static struct vport *vxlan_tnl_create(const struct vport_parms *parms)
struct net *net = ovs_dp_get_net(parms->dp);
struct nlattr *options = parms->options;
struct vxlan_port *vxlan_port;
+ struct vxlan_handler *vh;
struct vport *vport;
+ bool create = true;
struct nlattr *a;
- int err;
u16 dst_port;
+ int err;
if (!options) {
err = -EINVAL;
@@ -227,41 +123,79 @@ static struct vport *vxlan_tnl_create(const struct vport_parms *parms)
goto error;
}
- /* Verify if we already have a socket created for this port */
- if (vxlan_find_port(net, htons(dst_port))) {
- err = -EEXIST;
- goto error;
- }
-
vport = ovs_vport_alloc(sizeof(struct vxlan_port),
&ovs_vxlan_vport_ops, parms);
if (IS_ERR(vport))
return vport;
vxlan_port = vxlan_vport(vport);
- vxlan_port->dst_port = htons(dst_port);
strncpy(vxlan_port->name, parms->name, IFNAMSIZ);
- err = vxlan_socket_init(vxlan_port, net);
- if (err)
- goto error_free;
+ vh = vxlan_handler_add(net, htons(dst_port), vxlan_rcv,
+ vport, OVS_VXLAN_RCV_PRIORITY, create);
+ if (IS_ERR(vh)) {
+ ovs_vport_free(vport);
+ return (void *)vh;
+ }
+ vxlan_port->vh = vh;
- list_add_tail_rcu(&vxlan_port->list, &vxlan_ports);
return vport;
-error_free:
- ovs_vport_free(vport);
error:
return ERR_PTR(err);
}
static int vxlan_tnl_send(struct vport *vport, struct sk_buff *skb)
{
- if (unlikely(!OVS_CB(skb)->tun_key))
- return -EINVAL;
+ struct vxlan_port *vxlan_port = vxlan_vport(vport);
+ __be16 dst_port = inet_sport(vxlan_port->vh->vs->sock->sk);
+ struct net *net = ovs_dp_get_net(vport->dp);
+ struct rtable *rt;
+ __be16 src_port;
+ __be32 saddr;
+ __be16 df;
+ int port_min;
+ int port_max;
+ int err;
+
+ if (unlikely(!OVS_CB(skb)->tun_key)) {
+ err = -EINVAL;
+ goto error;
+ }
- return ovs_tnl_send(vport, skb, IPPROTO_UDP,
- VXLAN_HLEN, vxlan_build_header);
+ forward_ip_summed(skb, true);
+
+ /* Route lookup */
+ saddr = OVS_CB(skb)->tun_key->ipv4_src;
+ rt = find_route(ovs_dp_get_net(vport->dp),
+ &saddr,
+ OVS_CB(skb)->tun_key->ipv4_dst,
+ IPPROTO_UDP,
+ OVS_CB(skb)->tun_key->ipv4_tos,
+ skb_get_mark(skb));
+ if (IS_ERR(rt)) {
+ err = PTR_ERR(rt);
+ goto error;
+ }
+
+ df = OVS_CB(skb)->tun_key->tun_flags & TUNNEL_DONT_FRAGMENT ?
+ htons(IP_DF) : 0;
+
+ skb->local_df = 1;
+
+ inet_get_local_port_range(&port_min, &port_max);
+ src_port = vxlan_src_port(port_min, port_max, skb);
+
+ err = vxlan_xmit_skb(net, vxlan_port->vh, rt, skb,
+ saddr, OVS_CB(skb)->tun_key->ipv4_dst,
+ OVS_CB(skb)->tun_key->ipv4_tos,
+ OVS_CB(skb)->tun_key->ipv4_ttl, df,
+ src_port, dst_port,
+ htonl(be64_to_cpu(OVS_CB(skb)->tun_key->tun_id) << 8));
+ if (err < 0)
+ ip_rt_put(rt);
+error:
+ return err;
}
static const char *vxlan_get_name(const struct vport *vport)
--
1.7.1
More information about the dev
mailing list