[ovs-dev] [PATCH v5 13/13] datapath: Relax match_validate.
Jarno Rajahalme
jrajahalme at nicira.com
Fri Sep 5 23:05:20 UTC 2014
When userspace inserts masked flows, it is not necessary to demand
that flows matching in a known ethertype also must have the
corresponding key, as a missing key will be automatically wildcarded.
For example, if a drop flow dropping all UDP packets is installed,
this patch allows the userspace application to not specify the
OVS_KEY_ATTR_UDP key.
Signed-off-by: Jarno Rajahalme <jrajahalme at nicira.com>
---
datapath/flow_netlink.c | 23 -----------------------
1 file changed, 23 deletions(-)
diff --git a/datapath/flow_netlink.c b/datapath/flow_netlink.c
index 09aaf41..690f0e9 100644
--- a/datapath/flow_netlink.c
+++ b/datapath/flow_netlink.c
@@ -114,7 +114,6 @@ static void update_range(struct sw_flow_match *match,
static bool match_validate(const struct sw_flow_match *match,
u64 key_attrs, u64 mask_attrs)
{
- u64 key_expected = 1ULL << OVS_KEY_ATTR_ETHERNET;
u64 mask_allowed = key_attrs; /* At most allow all key attributes */
/* The following mask attributes allowed only if they
@@ -139,39 +138,32 @@ static bool match_validate(const struct sw_flow_match *match,
/* Check key attributes. */
if (match->key->eth.type == htons(ETH_P_ARP)
|| match->key->eth.type == htons(ETH_P_RARP)) {
- key_expected |= 1ULL << OVS_KEY_ATTR_ARP;
if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
mask_allowed |= 1ULL << OVS_KEY_ATTR_ARP;
}
if (eth_p_mpls(match->key->eth.type)) {
- key_expected |= 1ULL << OVS_KEY_ATTR_MPLS;
if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
mask_allowed |= 1ULL << OVS_KEY_ATTR_MPLS;
}
if (match->key->eth.type == htons(ETH_P_IP)) {
- key_expected |= 1ULL << OVS_KEY_ATTR_IPV4;
if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
mask_allowed |= 1ULL << OVS_KEY_ATTR_IPV4;
if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) {
if (match->key->ip.proto == IPPROTO_UDP) {
- key_expected |= 1ULL << OVS_KEY_ATTR_UDP;
if (match->mask && (match->mask->key.ip.proto == 0xff))
mask_allowed |= 1ULL << OVS_KEY_ATTR_UDP;
}
if (match->key->ip.proto == IPPROTO_SCTP) {
- key_expected |= 1ULL << OVS_KEY_ATTR_SCTP;
if (match->mask && (match->mask->key.ip.proto == 0xff))
mask_allowed |= 1ULL << OVS_KEY_ATTR_SCTP;
}
if (match->key->ip.proto == IPPROTO_TCP) {
- key_expected |= 1ULL << OVS_KEY_ATTR_TCP;
- key_expected |= 1ULL << OVS_KEY_ATTR_TCP_FLAGS;
if (match->mask && (match->mask->key.ip.proto == 0xff)) {
mask_allowed |= 1ULL << OVS_KEY_ATTR_TCP;
mask_allowed |= 1ULL << OVS_KEY_ATTR_TCP_FLAGS;
@@ -179,7 +171,6 @@ static bool match_validate(const struct sw_flow_match *match,
}
if (match->key->ip.proto == IPPROTO_ICMP) {
- key_expected |= 1ULL << OVS_KEY_ATTR_ICMP;
if (match->mask && (match->mask->key.ip.proto == 0xff))
mask_allowed |= 1ULL << OVS_KEY_ATTR_ICMP;
}
@@ -187,26 +178,21 @@ static bool match_validate(const struct sw_flow_match *match,
}
if (match->key->eth.type == htons(ETH_P_IPV6)) {
- key_expected |= 1ULL << OVS_KEY_ATTR_IPV6;
if (match->mask && (match->mask->key.eth.type == htons(0xffff)))
mask_allowed |= 1ULL << OVS_KEY_ATTR_IPV6;
if (match->key->ip.frag != OVS_FRAG_TYPE_LATER) {
if (match->key->ip.proto == IPPROTO_UDP) {
- key_expected |= 1ULL << OVS_KEY_ATTR_UDP;
if (match->mask && (match->mask->key.ip.proto == 0xff))
mask_allowed |= 1ULL << OVS_KEY_ATTR_UDP;
}
if (match->key->ip.proto == IPPROTO_SCTP) {
- key_expected |= 1ULL << OVS_KEY_ATTR_SCTP;
if (match->mask && (match->mask->key.ip.proto == 0xff))
mask_allowed |= 1ULL << OVS_KEY_ATTR_SCTP;
}
if (match->key->ip.proto == IPPROTO_TCP) {
- key_expected |= 1ULL << OVS_KEY_ATTR_TCP;
- key_expected |= 1ULL << OVS_KEY_ATTR_TCP_FLAGS;
if (match->mask && (match->mask->key.ip.proto == 0xff)) {
mask_allowed |= 1ULL << OVS_KEY_ATTR_TCP;
mask_allowed |= 1ULL << OVS_KEY_ATTR_TCP_FLAGS;
@@ -214,14 +200,12 @@ static bool match_validate(const struct sw_flow_match *match,
}
if (match->key->ip.proto == IPPROTO_ICMPV6) {
- key_expected |= 1ULL << OVS_KEY_ATTR_ICMPV6;
if (match->mask && (match->mask->key.ip.proto == 0xff))
mask_allowed |= 1ULL << OVS_KEY_ATTR_ICMPV6;
if (match->key->tp.src ==
htons(NDISC_NEIGHBOUR_SOLICITATION) ||
match->key->tp.src == htons(NDISC_NEIGHBOUR_ADVERTISEMENT)) {
- key_expected |= 1ULL << OVS_KEY_ATTR_ND;
if (match->mask && (match->mask->key.tp.src == htons(0xff)))
mask_allowed |= 1ULL << OVS_KEY_ATTR_ND;
}
@@ -229,13 +213,6 @@ static bool match_validate(const struct sw_flow_match *match,
}
}
- if ((key_attrs & key_expected) != key_expected) {
- /* Key attributes check failed. */
- OVS_NLERR("Missing expected key attributes (key_attrs=%llx, expected=%llx).\n",
- (unsigned long long)key_attrs, (unsigned long long)key_expected);
- return false;
- }
-
if ((mask_attrs & mask_allowed) != mask_attrs) {
/* Mask attributes check failed. */
OVS_NLERR("Contain more than allowed mask fields (mask_attrs=%llx, mask_allowed=%llx).\n",
--
1.7.10.4
More information about the dev
mailing list