[ovs-dev] [PATCHv3 3/5] datapath: Add SCTP support

Joe Stringer joe at wand.net.nz
Wed Jun 19 03:23:56 UTC 2013


Will need to fold in this incremental whitespace fix:

diff --git a/datapath/actions.c b/datapath/actions.c
index d4fdd65..666ecdb 100644
--- a/datapath/actions.c
+++ b/datapath/actions.c
@@ -376,7 +376,7 @@ static int set_sctp(struct sk_buff *skb,
                sh->source = sctp_port_key->sctp_src;
                sh->dest = sctp_port_key->sctp_dst;

-                new_csum = compute_sctp_csum(skb);
+               new_csum = compute_sctp_csum(skb);

                /* Carry any checksum errors through. */
                sh->checksum = old_csum ^ old_correct_csum ^ new_csum;


On Wed, Jun 12, 2013 at 2:35 PM, Joe Stringer <joe at wand.net.nz> wrote:

> This patch adds support for rewriting SCTP src,dst ports similar to the
> functionality already available for TCP/UDP.
>
> Rewriting SCTP ports is expensive due to double-recalculation of the
> SCTP checksums; this is performed to ensure that packets traversing OVS
> with invalid checksums will continue to the destination with any
> checksum corruption intact.
>
> Reviewed-by: Simon Horman <horms at verge.net.au>
> Signed-off-by: Joe Stringer <joe at wand.net.nz>
> ---
> This patch introduces sparse warnings when calling
> sctp_end_cksum(), due to a bug that was fixed in v3.10:
>
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eee1d5a14780b9391ec51f3feaf4cffb521ddbb1
>
> I've now tested this through use of sctp_test from lksctp, linking two
> VMs via the OVS bridge. I added the following flows:
> "sctp,tp_dst=7777 actions=mod_tp_dst:8888,normal"
> "sctp,tp_src=8888 actions=mod_tp_src:7777,normal"
>
> Then, with an lksctp server running on one host on port 8888, I ran the
> lksctp client with the destination port 7777. The connections establish
> and transfer data successfully. I took pcaps from VM interfaces and
> verified with wireshark that the checksums were correct.
>
> v3: Rebase
>     Refactor sctp checksum computation
>     Handle skb fragments for checksum calculation
>     Fix sparse errors
> v2: Remove SCTP checksum recalculation when changing IP address
>     Calculate checksums as delta from incoming checksum
> ---
>  datapath/actions.c                         |   40 +++++++++++++++++++
>  datapath/checksum.c                        |    3 ++
>  datapath/checksum.h                        |   15 +++++++
>  datapath/datapath.c                        |    6 +++
>  datapath/flow.c                            |   60
> ++++++++++++++++++++++++++++
>  datapath/flow.h                            |    8 ++--
>  datapath/linux/Modules.mk                  |    1 +
>  datapath/linux/compat/include/linux/sctp.h |   17 ++++++++
>  8 files changed, 146 insertions(+), 4 deletions(-)
>  create mode 100644 datapath/linux/compat/include/linux/sctp.h
>
> diff --git a/datapath/actions.c b/datapath/actions.c
> index 0dac658..d4fdd65 100644
> --- a/datapath/actions.c
> +++ b/datapath/actions.c
> @@ -22,11 +22,13 @@
>  #include <linux/in.h>
>  #include <linux/ip.h>
>  #include <linux/openvswitch.h>
> +#include <linux/sctp.h>
>  #include <linux/tcp.h>
>  #include <linux/udp.h>
>  #include <linux/in6.h>
>  #include <linux/if_arp.h>
>  #include <linux/if_vlan.h>
> +#include <linux/crc32c.h>
>  #include <net/ip.h>
>  #include <net/ipv6.h>
>  #include <net/checksum.h>
> @@ -352,6 +354,40 @@ static int set_tcp(struct sk_buff *skb, const struct
> ovs_key_tcp *tcp_port_key)
>         return 0;
>  }
>
> +static int set_sctp(struct sk_buff *skb,
> +                    const struct ovs_key_sctp *sctp_port_key)
> +{
> +       struct sctphdr *sh;
> +       int err;
> +
> +       err = make_writable(skb, skb_transport_offset(skb) +
> +                                sizeof(struct sctphdr));
> +       if (unlikely(err))
> +               return err;
> +
> +       sh = sctp_hdr(skb);
> +       if (sctp_port_key->sctp_src != sh->source ||
> +           sctp_port_key->sctp_dst != sh->dest) {
> +               __le32 old_correct_csum, new_csum, old_csum;
> +
> +               old_csum = sh->checksum;
> +               old_correct_csum = compute_sctp_csum(skb);
> +
> +               sh->source = sctp_port_key->sctp_src;
> +               sh->dest = sctp_port_key->sctp_dst;
> +
> +                new_csum = compute_sctp_csum(skb);
> +
> +               /* Carry any checksum errors through. */
> +               sh->checksum = old_csum ^ old_correct_csum ^ new_csum;
> +
> +               skb->ip_summed = CHECKSUM_UNNECESSARY;
> +               skb_clear_rxhash(skb);
> +       }
> +
> +       return 0;
> +}
> +
>  static int do_output(struct datapath *dp, struct sk_buff *skb, int
> out_port)
>  {
>         struct vport *vport;
> @@ -459,6 +495,10 @@ static int execute_set_action(struct sk_buff *skb,
>         case OVS_KEY_ATTR_UDP:
>                 err = set_udp(skb, nla_data(nested_attr));
>                 break;
> +
> +       case OVS_KEY_ATTR_SCTP:
> +               err = set_sctp(skb, nla_data(nested_attr));
> +               break;
>         }
>
>         return err;
> diff --git a/datapath/checksum.c b/datapath/checksum.c
> index 5146c65..bfa75a7 100644
> --- a/datapath/checksum.c
> +++ b/datapath/checksum.c
> @@ -59,6 +59,9 @@ static int vswitch_skb_checksum_setup(struct sk_buff
> *skb)
>         case IPPROTO_UDP:
>                 csum_offset = offsetof(struct udphdr, check);
>                 break;
> +       case IPPROTO_SCTP:
> +               csum_offset = offsetof(struct sctphdr, check);
> +               break;
>         default:
>                 if (net_ratelimit())
>                         pr_err("Attempting to checksum a non-TCP/UDP
> packet, "
> diff --git a/datapath/checksum.h b/datapath/checksum.h
> index a440c59..a97d47b 100644
> --- a/datapath/checksum.h
> +++ b/datapath/checksum.h
> @@ -23,6 +23,7 @@
>  #include <linux/version.h>
>
>  #include <net/checksum.h>
> +#include <net/sctp/checksum.h>
>
>  #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) || \
>         (defined(CONFIG_XEN) && defined(HAVE_PROTO_DATA_VALID))
> @@ -170,4 +171,18 @@ static inline unsigned char
> *rpl__pskb_pull_tail(struct sk_buff *skb,
>  #define __pskb_pull_tail rpl__pskb_pull_tail
>  #endif
>
> +static inline __le32 compute_sctp_csum(const struct sk_buff *skb)
> +{
> +       const struct sk_buff *iter;
> +       __u32 crc;
> +       __u16 tp_len = skb_headlen(skb) - skb_transport_offset(skb);
> +
> +       crc = sctp_start_cksum((__u8 *)sctp_hdr(skb), tp_len);
> +       skb_walk_frags(skb, iter)
> +               crc = sctp_update_cksum((u8 *) iter->data,
> skb_headlen(iter),
> +                                       crc);
> +
> +       return sctp_end_cksum(crc);
> +}
> +
>  #endif /* checksum.h */
> diff --git a/datapath/datapath.c b/datapath/datapath.c
> index 42af315..8839213 100644
> --- a/datapath/datapath.c
> +++ b/datapath/datapath.c
> @@ -723,6 +723,12 @@ static int validate_set(const struct nlattr *a,
>
>                 return validate_tp_port(flow_key);
>
> +       case OVS_KEY_ATTR_SCTP:
> +               if (flow_key->ip.proto != IPPROTO_SCTP)
> +                       return -EINVAL;
> +
> +               return validate_tp_port(flow_key);
> +
>         default:
>                 return -EINVAL;
>         }
> diff --git a/datapath/flow.c b/datapath/flow.c
> index 7f897bd..40be695 100644
> --- a/datapath/flow.c
> +++ b/datapath/flow.c
> @@ -34,6 +34,7 @@
>  #include <linux/if_arp.h>
>  #include <linux/ip.h>
>  #include <linux/ipv6.h>
> +#include <linux/sctp.h>
>  #include <linux/tcp.h>
>  #include <linux/udp.h>
>  #include <linux/icmp.h>
> @@ -103,6 +104,12 @@ static bool udphdr_ok(struct sk_buff *skb)
>                                   sizeof(struct udphdr));
>  }
>
> +static bool sctphdr_ok(struct sk_buff *skb)
> +{
> +       return pskb_may_pull(skb, skb_transport_offset(skb) +
> +                                 sizeof(struct sctphdr));
> +}
> +
>  static bool icmphdr_ok(struct sk_buff *skb)
>  {
>         return pskb_may_pull(skb, skb_transport_offset(skb) +
> @@ -698,6 +705,13 @@ int ovs_flow_extract(struct sk_buff *skb, u16
> in_port, struct sw_flow_key *key,
>                                 key->ipv4.tp.src = udp->source;
>                                 key->ipv4.tp.dst = udp->dest;
>                         }
> +               } else if (key->ip.proto == IPPROTO_SCTP) {
> +                       key_len = SW_FLOW_KEY_OFFSET(ipv4.tp);
> +                       if (sctphdr_ok(skb)) {
> +                               struct sctphdr *sctp = sctp_hdr(skb);
> +                               key->ipv4.tp.src = sctp->source;
> +                               key->ipv4.tp.dst = sctp->dest;
> +                       }
>                 } else if (key->ip.proto == IPPROTO_ICMP) {
>                         key_len = SW_FLOW_KEY_OFFSET(ipv4.tp);
>                         if (icmphdr_ok(skb)) {
> @@ -762,6 +776,13 @@ int ovs_flow_extract(struct sk_buff *skb, u16
> in_port, struct sw_flow_key *key,
>                                 key->ipv6.tp.src = udp->source;
>                                 key->ipv6.tp.dst = udp->dest;
>                         }
> +               } else if (key->ip.proto == NEXTHDR_SCTP) {
> +                       key_len = SW_FLOW_KEY_OFFSET(ipv6.tp);
> +                       if (sctphdr_ok(skb)) {
> +                               struct sctphdr *sctp = sctp_hdr(skb);
> +                               key->ipv6.tp.src = sctp->source;
> +                               key->ipv6.tp.dst = sctp->dest;
> +                       }
>                 } else if (key->ip.proto == NEXTHDR_ICMP) {
>                         key_len = SW_FLOW_KEY_OFFSET(ipv6.tp);
>                         if (icmp6hdr_ok(skb)) {
> @@ -843,6 +864,7 @@ const int ovs_key_lens[OVS_KEY_ATTR_MAX + 1] = {
>         [OVS_KEY_ATTR_IPV6] = sizeof(struct ovs_key_ipv6),
>         [OVS_KEY_ATTR_TCP] = sizeof(struct ovs_key_tcp),
>         [OVS_KEY_ATTR_UDP] = sizeof(struct ovs_key_udp),
> +       [OVS_KEY_ATTR_SCTP] = sizeof(struct ovs_key_sctp),
>         [OVS_KEY_ATTR_ICMP] = sizeof(struct ovs_key_icmp),
>         [OVS_KEY_ATTR_ICMPV6] = sizeof(struct ovs_key_icmpv6),
>         [OVS_KEY_ATTR_ARP] = sizeof(struct ovs_key_arp),
> @@ -856,6 +878,7 @@ static int ipv4_flow_from_nlattrs(struct sw_flow_key
> *swkey, int *key_len,
>         const struct ovs_key_icmp *icmp_key;
>         const struct ovs_key_tcp *tcp_key;
>         const struct ovs_key_udp *udp_key;
> +       const struct ovs_key_sctp *sctp_key;
>
>         switch (swkey->ip.proto) {
>         case IPPROTO_TCP:
> @@ -880,6 +903,17 @@ static int ipv4_flow_from_nlattrs(struct sw_flow_key
> *swkey, int *key_len,
>                 swkey->ipv4.tp.dst = udp_key->udp_dst;
>                 break;
>
> +       case IPPROTO_SCTP:
> +               if (!(*attrs & (1 << OVS_KEY_ATTR_SCTP)))
> +                       return -EINVAL;
> +               *attrs &= ~(1 << OVS_KEY_ATTR_SCTP);
> +
> +               *key_len = SW_FLOW_KEY_OFFSET(ipv4.tp);
> +               sctp_key = nla_data(a[OVS_KEY_ATTR_SCTP]);
> +               swkey->ipv4.tp.src = sctp_key->sctp_src;
> +               swkey->ipv4.tp.dst = sctp_key->sctp_dst;
> +               break;
> +
>         case IPPROTO_ICMP:
>                 if (!(*attrs & (1 << OVS_KEY_ATTR_ICMP)))
>                         return -EINVAL;
> @@ -901,6 +935,7 @@ static int ipv6_flow_from_nlattrs(struct sw_flow_key
> *swkey, int *key_len,
>         const struct ovs_key_icmpv6 *icmpv6_key;
>         const struct ovs_key_tcp *tcp_key;
>         const struct ovs_key_udp *udp_key;
> +       const struct ovs_key_sctp *sctp_key;
>
>         switch (swkey->ip.proto) {
>         case IPPROTO_TCP:
> @@ -925,6 +960,17 @@ static int ipv6_flow_from_nlattrs(struct sw_flow_key
> *swkey, int *key_len,
>                 swkey->ipv6.tp.dst = udp_key->udp_dst;
>                 break;
>
> +       case IPPROTO_SCTP:
> +               if (!(*attrs & (1 << OVS_KEY_ATTR_SCTP)))
> +                       return -EINVAL;
> +               *attrs &= ~(1 << OVS_KEY_ATTR_SCTP);
> +
> +               *key_len = SW_FLOW_KEY_OFFSET(ipv6.tp);
> +               sctp_key = nla_data(a[OVS_KEY_ATTR_SCTP]);
> +               swkey->ipv6.tp.src = sctp_key->sctp_src;
> +               swkey->ipv6.tp.dst = sctp_key->sctp_dst;
> +               break;
> +
>         case IPPROTO_ICMPV6:
>                 if (!(*attrs & (1 << OVS_KEY_ATTR_ICMPV6)))
>                         return -EINVAL;
> @@ -1454,6 +1500,20 @@ int ovs_flow_to_nlattrs(const struct sw_flow_key
> *swkey, struct sk_buff *skb)
>                                 udp_key->udp_src = swkey->ipv6.tp.src;
>                                 udp_key->udp_dst = swkey->ipv6.tp.dst;
>                         }
> +               } else if (swkey->ip.proto == IPPROTO_SCTP) {
> +                       struct ovs_key_sctp *sctp_key;
> +
> +                       nla = nla_reserve(skb, OVS_KEY_ATTR_SCTP,
> sizeof(*sctp_key));
> +                       if (!nla)
> +                               goto nla_put_failure;
> +                       sctp_key = nla_data(nla);
> +                       if (swkey->eth.type == htons(ETH_P_IP)) {
> +                               sctp_key->sctp_src = swkey->ipv4.tp.src;
> +                               sctp_key->sctp_dst = swkey->ipv4.tp.dst;
> +                       } else if (swkey->eth.type == htons(ETH_P_IPV6)) {
> +                               sctp_key->sctp_src = swkey->ipv6.tp.src;
> +                               sctp_key->sctp_dst = swkey->ipv6.tp.dst;
> +                       }
>                 } else if (swkey->eth.type == htons(ETH_P_IP) &&
>                            swkey->ip.proto == IPPROTO_ICMP) {
>                         struct ovs_key_icmp *icmp_key;
> diff --git a/datapath/flow.h b/datapath/flow.h
> index dba66cf..8fc4899 100644
> --- a/datapath/flow.h
> +++ b/datapath/flow.h
> @@ -86,8 +86,8 @@ struct sw_flow_key {
>                         } addr;
>                         union {
>                                 struct {
> -                                       __be16 src;             /* TCP/UDP
> source port. */
> -                                       __be16 dst;             /* TCP/UDP
> destination port. */
> +                                       __be16 src;             /*
> TCP/UDP/SCTP source port. */
> +                                       __be16 dst;             /*
> TCP/UDP/SCTP destination port. */
>                                 } tp;
>                                 struct {
>                                         u8 sha[ETH_ALEN];       /* ARP
> source hardware address. */
> @@ -102,8 +102,8 @@ struct sw_flow_key {
>                         } addr;
>                         __be32 label;                   /* IPv6 flow
> label. */
>                         struct {
> -                               __be16 src;             /* TCP/UDP source
> port. */
> -                               __be16 dst;             /* TCP/UDP
> destination port. */
> +                               __be16 src;             /* TCP/UDP/SCTP
> source port. */
> +                               __be16 dst;             /* TCP/UDP/SCTP
> destination port. */
>                         } tp;
>                         struct {
>                                 struct in6_addr target; /* ND target
> address. */
> diff --git a/datapath/linux/Modules.mk b/datapath/linux/Modules.mk
> index 1434a2d..a435d1f 100644
> --- a/datapath/linux/Modules.mk
> +++ b/datapath/linux/Modules.mk
> @@ -49,6 +49,7 @@ openvswitch_headers += \
>         linux/compat/include/linux/rcupdate.h \
>         linux/compat/include/linux/reciprocal_div.h \
>         linux/compat/include/linux/rtnetlink.h \
> +       linux/compat/include/linux/sctp.h \
>         linux/compat/include/linux/skbuff.h \
>         linux/compat/include/linux/slab.h \
>         linux/compat/include/linux/stddef.h \
> diff --git a/datapath/linux/compat/include/linux/sctp.h
> b/datapath/linux/compat/include/linux/sctp.h
> new file mode 100644
> index 0000000..e6b9174
> --- /dev/null
> +++ b/datapath/linux/compat/include/linux/sctp.h
> @@ -0,0 +1,17 @@
> +#ifndef __LINUX_SCTP_WRAPPER_H
> +#define __LINUX_SCTP_WRAPPER_H 1
> +
> +#include_next <linux/sctp.h>
> +
> +#ifndef NEXTHDR_SCTP
> +#define NEXTHDR_SCTP    132 /* Stream Control Transport Protocol */
> +#endif
> +
> +#ifndef HAVE_SKBUFF_HEADER_HELPERS
> +static inline struct sctphdr *sctp_hdr(const struct sk_buff *skb)
> +{
> +       return (struct sctphdr *)skb_transport_header(skb);
> +}
> +#endif /* HAVE_SKBUFF_HEADER_HELPERS */
> +
> +#endif
> --
> 1.7.10.4
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-dev/attachments/20130619/f6e2a23b/attachment-0003.html>


More information about the dev mailing list