openvswitch: TCP flags matching support.
tcp_flags=flags/mask Bitwise match on TCP flags. The flags and mask are 16-bit num‐ bers written in decimal or in hexadecimal prefixed by 0x. Each 1-bit in mask requires that the corresponding bit in port must match. Each 0-bit in mask causes the corresponding bit to be ignored. TCP protocol currently defines 9 flag bits, and additional 3 bits are reserved (must be transmitted as zero), see RFCs 793, 3168, and 3540. The flag bits are, numbering from the least significant bit: 0: FIN No more data from sender. 1: SYN Synchronize sequence numbers. 2: RST Reset the connection. 3: PSH Push function. 4: ACK Acknowledgement field significant. 5: URG Urgent pointer field significant. 6: ECE ECN Echo. 7: CWR Congestion Windows Reduced. 8: NS Nonce Sum. 9-11: Reserved. 12-15: Not matchable, must be zero. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
This commit is contained in:
parent
df23e9f642
commit
5eb26b156e
4 changed files with 34 additions and 2 deletions
|
@ -271,6 +271,7 @@ enum ovs_key_attr {
|
|||
OVS_KEY_ATTR_SKB_MARK, /* u32 skb mark */
|
||||
OVS_KEY_ATTR_TUNNEL, /* Nested set of ovs_tunnel attributes */
|
||||
OVS_KEY_ATTR_SCTP, /* struct ovs_key_sctp */
|
||||
OVS_KEY_ATTR_TCP_FLAGS, /* be16 TCP flags. */
|
||||
|
||||
#ifdef __KERNEL__
|
||||
OVS_KEY_ATTR_IPV4_TUNNEL, /* struct ovs_key_ipv4_tunnel */
|
||||
|
|
|
@ -428,6 +428,7 @@ int ovs_flow_extract(struct sk_buff *skb, u16 in_port, struct sw_flow_key *key)
|
|||
struct tcphdr *tcp = tcp_hdr(skb);
|
||||
key->ipv4.tp.src = tcp->source;
|
||||
key->ipv4.tp.dst = tcp->dest;
|
||||
key->ipv4.tp.flags = TCP_FLAGS_BE16(tcp);
|
||||
}
|
||||
} else if (key->ip.proto == IPPROTO_UDP) {
|
||||
if (udphdr_ok(skb)) {
|
||||
|
@ -496,6 +497,7 @@ int ovs_flow_extract(struct sk_buff *skb, u16 in_port, struct sw_flow_key *key)
|
|||
struct tcphdr *tcp = tcp_hdr(skb);
|
||||
key->ipv6.tp.src = tcp->source;
|
||||
key->ipv6.tp.dst = tcp->dest;
|
||||
key->ipv6.tp.flags = TCP_FLAGS_BE16(tcp);
|
||||
}
|
||||
} else if (key->ip.proto == NEXTHDR_UDP) {
|
||||
if (udphdr_ok(skb)) {
|
||||
|
|
|
@ -93,6 +93,7 @@ struct sw_flow_key {
|
|||
struct {
|
||||
__be16 src; /* TCP/UDP/SCTP source port. */
|
||||
__be16 dst; /* TCP/UDP/SCTP destination port. */
|
||||
__be16 flags; /* TCP flags. */
|
||||
} tp;
|
||||
struct {
|
||||
u8 sha[ETH_ALEN]; /* ARP source hardware address. */
|
||||
|
@ -109,6 +110,7 @@ struct sw_flow_key {
|
|||
struct {
|
||||
__be16 src; /* TCP/UDP/SCTP source port. */
|
||||
__be16 dst; /* TCP/UDP/SCTP destination port. */
|
||||
__be16 flags; /* TCP flags. */
|
||||
} tp;
|
||||
struct {
|
||||
struct in6_addr target; /* ND target address. */
|
||||
|
|
|
@ -114,6 +114,7 @@ static bool match_validate(const struct sw_flow_match *match,
|
|||
mask_allowed &= ~((1 << OVS_KEY_ATTR_IPV4)
|
||||
| (1 << OVS_KEY_ATTR_IPV6)
|
||||
| (1 << OVS_KEY_ATTR_TCP)
|
||||
| (1 << OVS_KEY_ATTR_TCP_FLAGS)
|
||||
| (1 << OVS_KEY_ATTR_UDP)
|
||||
| (1 << OVS_KEY_ATTR_SCTP)
|
||||
| (1 << OVS_KEY_ATTR_ICMP)
|
||||
|
@ -154,8 +155,11 @@ static bool match_validate(const struct sw_flow_match *match,
|
|||
|
||||
if (match->key->ip.proto == IPPROTO_TCP) {
|
||||
key_expected |= 1 << OVS_KEY_ATTR_TCP;
|
||||
if (match->mask && (match->mask->key.ip.proto == 0xff))
|
||||
key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
|
||||
if (match->mask && (match->mask->key.ip.proto == 0xff)) {
|
||||
mask_allowed |= 1 << OVS_KEY_ATTR_TCP;
|
||||
mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
|
||||
}
|
||||
}
|
||||
|
||||
if (match->key->ip.proto == IPPROTO_ICMP) {
|
||||
|
@ -186,8 +190,11 @@ static bool match_validate(const struct sw_flow_match *match,
|
|||
|
||||
if (match->key->ip.proto == IPPROTO_TCP) {
|
||||
key_expected |= 1 << OVS_KEY_ATTR_TCP;
|
||||
if (match->mask && (match->mask->key.ip.proto == 0xff))
|
||||
key_expected |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
|
||||
if (match->mask && (match->mask->key.ip.proto == 0xff)) {
|
||||
mask_allowed |= 1 << OVS_KEY_ATTR_TCP;
|
||||
mask_allowed |= 1 << OVS_KEY_ATTR_TCP_FLAGS;
|
||||
}
|
||||
}
|
||||
|
||||
if (match->key->ip.proto == IPPROTO_ICMPV6) {
|
||||
|
@ -235,6 +242,7 @@ static const int ovs_key_lens[OVS_KEY_ATTR_MAX + 1] = {
|
|||
[OVS_KEY_ATTR_IPV4] = sizeof(struct ovs_key_ipv4),
|
||||
[OVS_KEY_ATTR_IPV6] = sizeof(struct ovs_key_ipv6),
|
||||
[OVS_KEY_ATTR_TCP] = sizeof(struct ovs_key_tcp),
|
||||
[OVS_KEY_ATTR_TCP_FLAGS] = sizeof(__be16),
|
||||
[OVS_KEY_ATTR_UDP] = sizeof(struct ovs_key_udp),
|
||||
[OVS_KEY_ATTR_SCTP] = sizeof(struct ovs_key_sctp),
|
||||
[OVS_KEY_ATTR_ICMP] = sizeof(struct ovs_key_icmp),
|
||||
|
@ -634,6 +642,19 @@ static int ovs_key_from_nlattrs(struct sw_flow_match *match, u64 attrs,
|
|||
attrs &= ~(1 << OVS_KEY_ATTR_TCP);
|
||||
}
|
||||
|
||||
if (attrs & (1 << OVS_KEY_ATTR_TCP_FLAGS)) {
|
||||
if (orig_attrs & (1 << OVS_KEY_ATTR_IPV4)) {
|
||||
SW_FLOW_KEY_PUT(match, ipv4.tp.flags,
|
||||
nla_get_be16(a[OVS_KEY_ATTR_TCP_FLAGS]),
|
||||
is_mask);
|
||||
} else {
|
||||
SW_FLOW_KEY_PUT(match, ipv6.tp.flags,
|
||||
nla_get_be16(a[OVS_KEY_ATTR_TCP_FLAGS]),
|
||||
is_mask);
|
||||
}
|
||||
attrs &= ~(1 << OVS_KEY_ATTR_TCP_FLAGS);
|
||||
}
|
||||
|
||||
if (attrs & (1 << OVS_KEY_ATTR_UDP)) {
|
||||
const struct ovs_key_udp *udp_key;
|
||||
|
||||
|
@ -1004,9 +1025,15 @@ int ovs_nla_put_flow(const struct sw_flow_key *swkey,
|
|||
if (swkey->eth.type == htons(ETH_P_IP)) {
|
||||
tcp_key->tcp_src = output->ipv4.tp.src;
|
||||
tcp_key->tcp_dst = output->ipv4.tp.dst;
|
||||
if (nla_put_be16(skb, OVS_KEY_ATTR_TCP_FLAGS,
|
||||
output->ipv4.tp.flags))
|
||||
goto nla_put_failure;
|
||||
} else if (swkey->eth.type == htons(ETH_P_IPV6)) {
|
||||
tcp_key->tcp_src = output->ipv6.tp.src;
|
||||
tcp_key->tcp_dst = output->ipv6.tp.dst;
|
||||
if (nla_put_be16(skb, OVS_KEY_ATTR_TCP_FLAGS,
|
||||
output->ipv6.tp.flags))
|
||||
goto nla_put_failure;
|
||||
}
|
||||
} else if (swkey->ip.proto == IPPROTO_UDP) {
|
||||
struct ovs_key_udp *udp_key;
|
||||
|
|
Loading…
Reference in a new issue