Re: [PATCH net-next v15] openvswitch: enable NSH support

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Yang, Yi" <yi.y.yang@intel.com>
To: Pravin Shelar <pshelar@ovn.org>
Cc: Linux Kernel Network Developers <netdev@vger.kernel.org>,
	ovs dev <dev@openvswitch.org>, Jiri Benc <jbenc@redhat.com>,
	Eric Garver <e@erig.me>, "David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH net-next v15] openvswitch: enable NSH support
Date: Mon, 6 Nov 2017 12:19:16 +0800	[thread overview]
Message-ID: <20171106041916.GA110563@localhost.localdomain> (raw)
In-Reply-To: <CAOrHB_COGWb78kN70QFKgA3w5v3zasAW=TJbzoE5zZYKao_GvA@mail.gmail.com>

On Sat, Nov 04, 2017 at 10:29:46PM +0800, Pravin Shelar wrote:
> On Tue, Oct 31, 2017 at 9:03 PM, Yi Yang <yi.y.yang@intel.com> wrote:
> > +int nsh_push(struct sk_buff *skb, const struct nshhdr *pushed_nh)
> > +{
> > +       struct nshhdr *nh;
> > +       size_t length = nsh_hdr_len(pushed_nh);
> > +       u8 next_proto;
> > +
> > +       if (skb->mac_len) {
> > +               next_proto = TUN_P_ETHERNET;
> > +       } else {
> > +               next_proto = tun_p_from_eth_p(skb->protocol);
> > +               if (!next_proto)
> > +                       return -EAFNOSUPPORT;
> check for supported protocols can be moved to flow install validation
> in __ovs_nla_copy_actions().
> 
> > +       }
> > +
> > +       /* Add the NSH header */
> > +       if (skb_cow_head(skb, length) < 0)
> > +               return -ENOMEM;
> > +
> > +       skb_push(skb, length);
> > +       nh = (struct nshhdr *)(skb->data);
> > +       memcpy(nh, pushed_nh, length);
> > +       nh->np = next_proto;
> > +
> > +       skb->protocol = htons(ETH_P_NSH);
> > +       skb_reset_mac_header(skb);
> > +       skb_reset_network_header(skb);
> > +       skb_reset_mac_len(skb);
> > +
> > +       return 0;
> > +}
> > +EXPORT_SYMBOL_GPL(nsh_push);
> > +
> > +int nsh_pop(struct sk_buff *skb)
> > +{
> > +       struct nshhdr *nh;
> > +       size_t length;
> > +       __be16 inner_proto;
> > +
> > +       if (!pskb_may_pull(skb, NSH_BASE_HDR_LEN))
> > +               return -ENOMEM;
> > +       nh = (struct nshhdr *)(skb->data);
> > +       length = nsh_hdr_len(nh);
> > +       inner_proto = tun_p_to_eth_p(nh->np);
> same as above, this check can be moved to flow install __ovs_nla_copy_actions().

Pravin, these two functions are not only for OVS, you can see it is
net/nsh/nsh.c, Jiri and Eric mentioned they also could be used by TC.

I understand you expect some checks should be moved to slow path, but
for there two cases, we can't remove them into __ovs_nla_copy_actions.

> 
> > +       if (!pskb_may_pull(skb, length))
> > +               return -ENOMEM;
> > +
> > +       if (!inner_proto)
> > +               return -EAFNOSUPPORT;
> > +
> > +       skb_pull(skb, length);
> > +       skb_reset_mac_header(skb);
> > +       skb_reset_network_header(skb);
> > +       skb_reset_mac_len(skb);
> > +       skb->protocol = inner_proto;
> > +
> > +       return 0;
> > +}
> > +EXPORT_SYMBOL_GPL(nsh_pop);
> > +
> ...
> > diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
> > index a551232..dd1449d 100644
> > --- a/net/openvswitch/actions.c
> > +++ b/net/openvswitch/actions.c
> ...
> > +static int pop_nsh(struct sk_buff *skb, struct sw_flow_key *key)
> > +{
> > +       int err;
> > +
> > +       if (ovs_key_mac_proto(key) != MAC_PROTO_NONE ||
> > +           skb->protocol != htons(ETH_P_NSH)) {
> > +               return -EINVAL;
> > +       }
> > +
> These checks can be moved to flow install.

Done in v16, here is incremental patch. I have sent out v16.

diff -u b/net/openvswitch/actions.c b/net/openvswitch/actions.c
--- b/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -400,11 +400,6 @@
 {
 	int err;
 
-	if (ovs_key_mac_proto(key) != MAC_PROTO_NONE ||
-	    skb->protocol != htons(ETH_P_NSH)) {
-		return -EINVAL;
-	}
-
 	err = nsh_pop(skb);
 	if (err)
 		return err;
diff -u b/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
--- b/net/openvswitch/flow_netlink.c
+++ b/net/openvswitch/flow_netlink.c
@@ -2737,6 +2737,8 @@
 		break;
 
 	case OVS_KEY_ATTR_NSH:
+		if (eth_type != htons(ETH_P_NSH))
+			return -EINVAL;
 		if (!validate_nsh(nla_data(a), masked, false, log))
 			return -EINVAL;
 		break;
@@ -3006,6 +3008,8 @@
 			break;
 
 		case OVS_ACTION_ATTR_POP_NSH:
+			if (eth_type != htons(ETH_P_NSH))
+				return -EINVAL;
 			if (key->nsh.base.np == TUN_P_ETHERNET)
 				mac_proto = MAC_PROTO_ETHERNET;
 			else
> 
> > +       err = nsh_pop(skb);
> > +       if (err)
> > +               return err;
> > +
> > +       /* safe right before invalidate_flow_key */
> > +       if (skb->protocol == htons(ETH_P_TEB))
> > +               key->mac_proto = MAC_PROTO_ETHERNET;
> > +       else
> > +               key->mac_proto = MAC_PROTO_NONE;
> > +       invalidate_flow_key(key);
> > +       return 0;
> > +}
> > +

next prev parent reply	other threads:[~2017-11-06  4:24 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-11-01  4:03 [PATCH net-next v15] openvswitch: enable NSH support Yi Yang
2017-11-01  8:46 ` Jiri Benc
2017-11-01 15:21 ` Eric Garver
2017-11-02  0:52 ` Pravin Shelar
2017-11-02  2:50   ` Yang, Yi
2017-11-02 12:06     ` Pravin Shelar
     [not found]       ` <CAOrHB_BaUS7WfisvX6G+450tEQ2skmsE0v-b27s-_21s25bigw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-11-02 12:09         ` Yang, Yi
2017-11-03  1:40         ` Yang, Yi
2017-11-04 12:30           ` Pravin Shelar
     [not found] ` <1509508981-66202-1-git-send-email-yi.y.yang-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-11-04 14:29   ` Pravin Shelar
2017-11-06  4:19     ` Yang, Yi [this message]
2017-11-06 12:09       ` Pravin Shelar
     [not found]     ` <CAOrHB_COGWb78kN70QFKgA3w5v3zasAW=TJbzoE5zZYKao_GvA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-11-06 12:22       ` Jiri Benc
     [not found]         ` <20171106132248.6fa4c5a0-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-11-07 10:57           ` Pravin Shelar
2017-11-07 11:28             ` Yang, Yi
     [not found]               ` <20171107112833.GA56179-re2EX8HDrk21gSHoDXDV2kEOCMrvLtNR@public.gmane.org>
2017-11-07 11:58                 ` Pravin Shelar
     [not found]                   ` <CAOrHB_D2khYGGJxNA8hpE4Qnhm7ONKrH=kcNteV=iYWLRnaGHQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-11-07 11:55                     ` Yang, Yi
2017-11-07 13:01                       ` Pravin Shelar
2017-11-07 13:09                         ` Yang, Yi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171106041916.GA110563@localhost.localdomain \
    --to=yi.y.yang@intel.com \
    --cc=davem@davemloft.net \
    --cc=dev@openvswitch.org \
    --cc=e@erig.me \
    --cc=jbenc@redhat.com \
    --cc=netdev@vger.kernel.org \
    --cc=pshelar@ovn.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.