From c55177e3e1e8a89d9d810d95ac18cb104865322c Mon Sep 17 00:00:00 2001 From: Jesse Gross Date: Mon, 2 Apr 2012 15:13:36 -0700 Subject: [PATCH 1/7] openvswitch: Enable retrieval of TCP flags from IPv6 traffic. We currently check that a packet is IPv4 and TCP before fetching the TCP flags. This enables fetching from IPv6 packets as well. Reported-by: Michael Mao Signed-off-by: Jesse Gross --- net/openvswitch/flow.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c index 2a11ec2383ee..c6e1dae8a5ee 100644 --- a/net/openvswitch/flow.c +++ b/net/openvswitch/flow.c @@ -182,7 +182,8 @@ void ovs_flow_used(struct sw_flow *flow, struct sk_buff *skb) { u8 tcp_flags = 0; - if (flow->key.eth.type == htons(ETH_P_IP) && + if ((flow->key.eth.type == htons(ETH_P_IP) || + flow->key.eth.type == htons(ETH_P_IPV6)) && flow->key.ip.proto == IPPROTO_TCP && likely(skb->len >= skb_transport_offset(skb) + sizeof(struct tcphdr))) { u8 *tcp = (u8 *)tcp_hdr(skb); From 03fbf8b38792448370343f240131d9fde19d0387 Mon Sep 17 00:00:00 2001 From: Ansis Atteka Date: Mon, 9 Apr 2012 12:12:12 -0700 Subject: [PATCH 2/7] openvswitch: Do not send notification if ovs_vport_set_options() failed There is no need to send a notification if ovs_vport_set_options() failed and ovs_vport_cmd_set() did not change anything. Signed-off-by: Ansis Atteka Signed-off-by: Jesse Gross --- net/openvswitch/datapath.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c index e44e631ea952..4813d953d8f2 100644 --- a/net/openvswitch/datapath.c +++ b/net/openvswitch/datapath.c @@ -1635,7 +1635,9 @@ static int ovs_vport_cmd_set(struct sk_buff *skb, struct genl_info *info) if (!err && a[OVS_VPORT_ATTR_OPTIONS]) err = ovs_vport_set_options(vport, a[OVS_VPORT_ATTR_OPTIONS]); - if (!err && a[OVS_VPORT_ATTR_UPCALL_PID]) + if (err) + goto exit_unlock; + if (a[OVS_VPORT_ATTR_UPCALL_PID]) vport->upcall_pid = nla_get_u32(a[OVS_VPORT_ATTR_UPCALL_PID]); reply = ovs_vport_cmd_build_info(vport, info->snd_pid, info->snd_seq, From caf2ee14bbc2c6bd73cf0decf576007e0239a482 Mon Sep 17 00:00:00 2001 From: Raju Subramanian Date: Thu, 3 May 2012 18:55:23 -0700 Subject: [PATCH 3/7] openvswitch: Replace Nicira Networks. Replaced all instances of Nicira Networks(, Inc) to Nicira, Inc. Signed-off-by: Raju Subramanian Signed-off-by: Ben Pfaff Signed-off-by: Jesse Gross --- net/openvswitch/actions.c | 2 +- net/openvswitch/datapath.c | 2 +- net/openvswitch/datapath.h | 2 +- net/openvswitch/dp_notify.c | 2 +- net/openvswitch/flow.c | 2 +- net/openvswitch/flow.h | 2 +- net/openvswitch/vport-internal_dev.c | 2 +- net/openvswitch/vport-internal_dev.h | 2 +- net/openvswitch/vport-netdev.c | 2 +- net/openvswitch/vport-netdev.h | 2 +- net/openvswitch/vport.c | 2 +- net/openvswitch/vport.h | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c index 48badffaafc1..f3f96badf5aa 100644 --- a/net/openvswitch/actions.c +++ b/net/openvswitch/actions.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2012 Nicira Networks. + * Copyright (c) 2007-2012 Nicira, Inc. * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c index 4813d953d8f2..b512cb8cdc87 100644 --- a/net/openvswitch/datapath.c +++ b/net/openvswitch/datapath.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2012 Nicira Networks. + * Copyright (c) 2007-2012 Nicira, Inc. * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/net/openvswitch/datapath.h b/net/openvswitch/datapath.h index c73370cc1f02..c1105c147531 100644 --- a/net/openvswitch/datapath.h +++ b/net/openvswitch/datapath.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2011 Nicira Networks. + * Copyright (c) 2007-2012 Nicira, Inc. * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/net/openvswitch/dp_notify.c b/net/openvswitch/dp_notify.c index 46736518c453..36dcee8fc84a 100644 --- a/net/openvswitch/dp_notify.c +++ b/net/openvswitch/dp_notify.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2011 Nicira Networks. + * Copyright (c) 2007-2012 Nicira, Inc. * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c index c6e1dae8a5ee..1115dcf70362 100644 --- a/net/openvswitch/flow.c +++ b/net/openvswitch/flow.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2011 Nicira Networks. + * Copyright (c) 2007-2011 Nicira, Inc. * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/net/openvswitch/flow.h b/net/openvswitch/flow.h index 2747dc2c4ac1..9b75617ca4e0 100644 --- a/net/openvswitch/flow.h +++ b/net/openvswitch/flow.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2011 Nicira Networks. + * Copyright (c) 2007-2011 Nicira, Inc. * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/net/openvswitch/vport-internal_dev.c b/net/openvswitch/vport-internal_dev.c index b6b1d7daa3cb..de509d347112 100644 --- a/net/openvswitch/vport-internal_dev.c +++ b/net/openvswitch/vport-internal_dev.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2011 Nicira Networks. + * Copyright (c) 2007-2012 Nicira, Inc. * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/net/openvswitch/vport-internal_dev.h b/net/openvswitch/vport-internal_dev.h index 3454447c5f11..9a7d30ecc6a2 100644 --- a/net/openvswitch/vport-internal_dev.h +++ b/net/openvswitch/vport-internal_dev.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2011 Nicira Networks. + * Copyright (c) 2007-2011 Nicira, Inc. * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/net/openvswitch/vport-netdev.c b/net/openvswitch/vport-netdev.c index c1068aed03d1..54a456d0b407 100644 --- a/net/openvswitch/vport-netdev.c +++ b/net/openvswitch/vport-netdev.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2011 Nicira Networks. + * Copyright (c) 2007-2012 Nicira, Inc. * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/net/openvswitch/vport-netdev.h b/net/openvswitch/vport-netdev.h index fd9b008a0e6e..f7072a25c604 100644 --- a/net/openvswitch/vport-netdev.h +++ b/net/openvswitch/vport-netdev.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2011 Nicira Networks. + * Copyright (c) 2007-2011 Nicira, Inc. * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/net/openvswitch/vport.c b/net/openvswitch/vport.c index 6c066ba25dc7..6140336e79d7 100644 --- a/net/openvswitch/vport.c +++ b/net/openvswitch/vport.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2011 Nicira Networks. + * Copyright (c) 2007-2012 Nicira, Inc. * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/net/openvswitch/vport.h b/net/openvswitch/vport.h index 19609629dabd..aac680ca2b06 100644 --- a/net/openvswitch/vport.h +++ b/net/openvswitch/vport.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2011 Nicira Networks. + * Copyright (c) 2007-2012 Nicira, Inc. * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public From 7fe99e2d434eafeac0c57b279a77e5de39212636 Mon Sep 17 00:00:00 2001 From: Jesse Gross Date: Fri, 25 May 2012 11:29:30 -0700 Subject: [PATCH 4/7] openvswitch: Reset upper layer protocol info on internal devices. It's possible that packets that are sent on internal devices (from the OVS perspective) have already traversed the local IP stack. After they go through the internal device, they will again travel through the IP stack which may get confused by the presence of existing information in the skb. The problem can be observed when switching between namespaces. This clears out that information to avoid problems but deliberately leaves other metadata alone. This is to provide maximum flexibility in chaining together OVS and other Linux components. Signed-off-by: Jesse Gross --- net/openvswitch/vport-internal_dev.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/net/openvswitch/vport-internal_dev.c b/net/openvswitch/vport-internal_dev.c index de509d347112..4061b9ee07f7 100644 --- a/net/openvswitch/vport-internal_dev.c +++ b/net/openvswitch/vport-internal_dev.c @@ -24,6 +24,9 @@ #include #include +#include +#include + #include "datapath.h" #include "vport-internal_dev.h" #include "vport-netdev.h" @@ -209,6 +212,11 @@ static int internal_dev_recv(struct vport *vport, struct sk_buff *skb) int len; len = skb->len; + + skb_dst_drop(skb); + nf_reset(skb); + secpath_reset(skb); + skb->dev = netdev; skb->pkt_type = PACKET_HOST; skb->protocol = eth_type_trans(skb, netdev); From 92e5dfc34cf39c20ae1087bd5e676238b5d0dfac Mon Sep 17 00:00:00 2001 From: Pravin B Shelar Date: Fri, 20 Jul 2012 14:46:29 -0700 Subject: [PATCH 5/7] openvswitch: Check currect return value from skb_gso_segment() Fix return check typo. Signed-off-by: Pravin B Shelar Signed-off-by: Jesse Gross --- net/openvswitch/datapath.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c index b512cb8cdc87..670e63020667 100644 --- a/net/openvswitch/datapath.c +++ b/net/openvswitch/datapath.c @@ -269,8 +269,8 @@ static int queue_gso_packets(int dp_ifindex, struct sk_buff *skb, int err; segs = skb_gso_segment(skb, NETIF_F_SG | NETIF_F_HW_CSUM); - if (IS_ERR(skb)) - return PTR_ERR(skb); + if (IS_ERR(segs)) + return PTR_ERR(segs); /* Queue all of the segments. */ skb = segs; From a1b5d0dd28e9cb4fe42ad2df4ebbe5cce96866d7 Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Fri, 20 Jul 2012 14:47:54 -0700 Subject: [PATCH 6/7] openvswitch: Check gso_type for correct sk_buff in queue_gso_packets(). At the point where it was used, skb_shinfo(skb)->gso_type referred to a post-GSO sk_buff. Thus, it would always be 0. We want to know the pre-GSO gso_type, so we need to obtain it before segmenting. Before this change, the kernel would pass inconsistent data to userspace: packets for UDP fragments with nonzero offset would be passed along with flow keys that indicate a zero offset (that is, the flow key for "later" fragments claimed to be "first" fragments). This inconsistency tended to confuse Open vSwitch userspace, causing it to log messages about "failed to flow_del" the flows with "later" fragments. Signed-off-by: Ben Pfaff Signed-off-by: Jesse Gross --- net/openvswitch/datapath.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c index 670e63020667..29dbfcb65d92 100644 --- a/net/openvswitch/datapath.c +++ b/net/openvswitch/datapath.c @@ -263,6 +263,7 @@ err: static int queue_gso_packets(int dp_ifindex, struct sk_buff *skb, const struct dp_upcall_info *upcall_info) { + unsigned short gso_type = skb_shinfo(skb)->gso_type; struct dp_upcall_info later_info; struct sw_flow_key later_key; struct sk_buff *segs, *nskb; @@ -279,7 +280,7 @@ static int queue_gso_packets(int dp_ifindex, struct sk_buff *skb, if (err) break; - if (skb == segs && skb_shinfo(skb)->gso_type & SKB_GSO_UDP) { + if (skb == segs && gso_type & SKB_GSO_UDP) { /* The initial flow key extracted by ovs_flow_extract() * in this case is for a first fragment, so we need to * properly mark later fragments. From efaac3bf087b1a6cec28f2a041e01c874d65390c Mon Sep 17 00:00:00 2001 From: Leo Alterman Date: Fri, 20 Jul 2012 14:51:07 -0700 Subject: [PATCH 7/7] openvswitch: Fix typo in documentation. Signed-off-by: Leo Alterman Signed-off-by: Jesse Gross --- Documentation/networking/openvswitch.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/networking/openvswitch.txt b/Documentation/networking/openvswitch.txt index b8a048b8df3a..8fa2dd1e792e 100644 --- a/Documentation/networking/openvswitch.txt +++ b/Documentation/networking/openvswitch.txt @@ -118,7 +118,7 @@ essentially like this, ignoring metadata: Naively, to add VLAN support, it makes sense to add a new "vlan" flow key attribute to contain the VLAN tag, then continue to decode the encapsulated headers beyond the VLAN tag using the existing field -definitions. With this change, an TCP packet in VLAN 10 would have a +definitions. With this change, a TCP packet in VLAN 10 would have a flow key much like this: eth(...), vlan(vid=10, pcp=0), eth_type(0x0800), ip(proto=6, ...), tcp(...)