[ovs-dev] [PATCH 1/2] datapath: take into account transport protocol ports in route lookup

Ansis Atteka aatteka at nicira.com
Mon Jun 8 20:07:26 UTC 2015 

Transport protocol ports should be taken into account when doing route
lookup because IPsec policies will depend on them.  This will be
used in upcoming commit that introduces IPsec support for Ethernet
over L4 tunneling protocols.

Signed-Off-By: Ansis Atteka <aatteka at nicira.com>
---
 datapath/compat.h       | 5 ++++-
 datapath/vport-geneve.c | 4 ++--
 datapath/vport-gre.c    | 2 +-
 datapath/vport-lisp.c   | 7 +++----
 datapath/vport-stt.c    | 4 ++--
 datapath/vport-vxlan.c  | 4 ++--
 datapath/vport.c        | 4 +++-
 7 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/datapath/compat.h b/datapath/compat.h
index c827b11..297277b 100644
--- a/datapath/compat.h
+++ b/datapath/compat.h
@@ -45,7 +45,8 @@
 
 static inline struct rtable *find_route(struct net *net,
 					__be32 *saddr, __be32 daddr,
-					u8 ipproto, u8 tos, u32 skb_mark)
+					u8 ipproto, u8 tos, u32 skb_mark,
+					__be16 tp_src, __be16 tp_dst)
 {
 	struct rtable *rt;
 	/* Tunnel configuration keeps DSCP part of TOS bits, But Linux
@@ -68,6 +69,8 @@ static inline struct rtable *find_route(struct net *net,
 	struct flowi4 fl = { .daddr = daddr,
 			     .saddr = *saddr,
 			     .flowi4_tos = RT_TOS(tos),
+			     .fl4_sport = tp_src,
+			     .fl4_sport = tp_dst,
 			     .flowi4_mark = skb_mark,
 			     .flowi4_proto = ipproto };
 
diff --git a/datapath/vport-geneve.c b/datapath/vport-geneve.c
index 2d7a6b3..c3ddfc4 100644
--- a/datapath/vport-geneve.c
+++ b/datapath/vport-geneve.c
@@ -190,18 +190,18 @@ static int geneve_tnl_send(struct vport *vport, struct sk_buff *skb)
 
 	tun_key = &tun_info->tunnel;
 
+	sport = udp_flow_src_port(net, skb, 1, USHRT_MAX, true);
 	saddr = tun_key->ipv4_src;
 	rt = find_route(ovs_dp_get_net(vport->dp),
 			&saddr, tun_key->ipv4_dst,
 			IPPROTO_UDP, tun_key->ipv4_tos,
-			skb->mark);
+			skb->mark, sport, dport);
 	if (IS_ERR(rt)) {
 		err = PTR_ERR(rt);
 		goto error;
 	}
 
 	df = tun_key->tun_flags & TUNNEL_DONT_FRAGMENT ? htons(IP_DF) : 0;
-	sport = udp_flow_src_port(net, skb, 1, USHRT_MAX, true);
 	tunnel_id_to_vni(tun_key->tun_id, vni);
 	skb->ignore_df = 1;
 
diff --git a/datapath/vport-gre.c b/datapath/vport-gre.c
index 7bbcf57..9803913 100644
--- a/datapath/vport-gre.c
+++ b/datapath/vport-gre.c
@@ -158,7 +158,7 @@ static int __send(struct vport *vport, struct sk_buff *skb,
 	rt = find_route(ovs_dp_get_net(vport->dp),
 			&saddr, tun_key->ipv4_dst,
 			IPPROTO_GRE, tun_key->ipv4_tos,
-			skb->mark);
+			skb->mark, 0, 0);
 	if (IS_ERR(rt)) {
 		err = PTR_ERR(rt);
 		goto error;
diff --git a/datapath/vport-lisp.c b/datapath/vport-lisp.c
index 0024eb4..0239244 100644
--- a/datapath/vport-lisp.c
+++ b/datapath/vport-lisp.c
@@ -410,10 +410,12 @@ static int lisp_send(struct vport *vport, struct sk_buff *skb)
 
 	/* Route lookup */
 	saddr = tun_key->ipv4_src;
+	src_port = htons(get_src_port(net, skb));
+	dst_port = lisp_port->dst_port;
 	rt = find_route(ovs_dp_get_net(vport->dp),
 			&saddr, tun_key->ipv4_dst,
 			IPPROTO_UDP, tun_key->ipv4_tos,
-			skb->mark);
+			skb->mark, src_port, dst_port);
 	if (IS_ERR(rt)) {
 		err = PTR_ERR(rt);
 		goto error;
@@ -445,9 +447,6 @@ static int lisp_send(struct vport *vport, struct sk_buff *skb)
 		goto err_free_rt;
 	}
 
-	src_port = htons(get_src_port(net, skb));
-	dst_port = lisp_port->dst_port;
-
 	lisp_build_header(skb);
 
 	skb->ignore_df = 1;
diff --git a/datapath/vport-stt.c b/datapath/vport-stt.c
index 9a1c8a6..9c6860f 100644
--- a/datapath/vport-stt.c
+++ b/datapath/vport-stt.c
@@ -149,10 +149,11 @@ static int stt_tnl_send(struct vport *vport, struct sk_buff *skb)
 	tun_key = &tun_info->tunnel;
 	/* Route lookup */
 	saddr = tun_key->ipv4_src;
+	sport = udp_flow_src_port(net, skb, 1, USHRT_MAX, true);
 	rt = find_route(ovs_dp_get_net(vport->dp),
 			&saddr, tun_key->ipv4_dst,
 			IPPROTO_TCP, tun_key->ipv4_tos,
-			skb->mark);
+			skb->mark, sport, dport);
 
 	if (IS_ERR(rt)) {
 		err = PTR_ERR(rt);
@@ -160,7 +161,6 @@ static int stt_tnl_send(struct vport *vport, struct sk_buff *skb)
 	}
 
 	df = tun_key->tun_flags & TUNNEL_DONT_FRAGMENT ? htons(IP_DF) : 0;
-	sport = udp_flow_src_port(net, skb, 1, USHRT_MAX, true);
 	skb->ignore_df = 1;
 
 	return stt_xmit_skb(skb, rt, saddr, tun_key->ipv4_dst,
diff --git a/datapath/vport-vxlan.c b/datapath/vport-vxlan.c
index eff7ca2..0b23508 100644
--- a/datapath/vport-vxlan.c
+++ b/datapath/vport-vxlan.c
@@ -242,10 +242,11 @@ static int vxlan_tnl_send(struct vport *vport, struct sk_buff *skb)
 
 	/* Route lookup */
 	saddr = tun_key->ipv4_src;
+	src_port = udp_flow_src_port(net, skb, 0, 0, true);
 	rt = find_route(ovs_dp_get_net(vport->dp),
 			&saddr, tun_key->ipv4_dst,
 			IPPROTO_UDP, tun_key->ipv4_tos,
-			skb->mark);
+			skb->mark, src_port, dst_port);
 	if (IS_ERR(rt)) {
 		err = PTR_ERR(rt);
 		goto error;
@@ -254,7 +255,6 @@ static int vxlan_tnl_send(struct vport *vport, struct sk_buff *skb)
 	df = tun_key->tun_flags & TUNNEL_DONT_FRAGMENT ? htons(IP_DF) : 0;
 	skb->ignore_df = 1;
 
-	src_port = udp_flow_src_port(net, skb, 0, 0, true);
 	md.vni = htonl(be64_to_cpu(tun_key->tun_id) << 8);
 	md.gbp = vxlan_ext_gbp(skb);
 	vxflags = vxlan_port->exts |
diff --git a/datapath/vport.c b/datapath/vport.c
index 4486d06..a7a7cff 100644
--- a/datapath/vport.c
+++ b/datapath/vport.c
@@ -610,7 +610,9 @@ int ovs_tunnel_get_egress_info(struct ovs_tunnel_info *egress_tun_info,
 			tun_key->ipv4_dst,
 			ipproto,
 			tun_key->ipv4_tos,
-			skb_mark);
+			skb_mark,
+			tp_src,
+			tp_dst);
 	if (IS_ERR(rt))
 		return PTR_ERR(rt);
 
-- 
2.1.4

More information about the dev mailing list