1 /* Copyright (c) 2008, 2009, 2010, 2011 Nicira Networks
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
18 #include "byte-order.h"
21 #include <arpa/inet.h>
24 #include <sys/socket.h>
26 #include <openflow/openflow.h>
31 #include <sys/socket.h>
32 #include <sys/types.h>
37 #include "classifier.h"
42 #include "dynamic-string.h"
49 #include "mac-learning.h"
53 #include "ofp-print.h"
55 #include "ofproto/netflow.h"
56 #include "ofproto/ofproto.h"
57 #include "ovsdb-data.h"
59 #include "poll-loop.h"
63 #include "socket-util.h"
64 #include "stream-ssl.h"
67 #include "system-stats.h"
72 #include "vswitchd/vswitch-idl.h"
73 #include "xenserver.h"
75 #include "sflow_api.h"
77 VLOG_DEFINE_THIS_MODULE(bridge);
79 COVERAGE_DEFINE(bridge_flush);
80 COVERAGE_DEFINE(bridge_process_flow);
81 COVERAGE_DEFINE(bridge_reconfigure);
89 struct dst builtin[32];
94 static void dst_set_init(struct dst_set *);
95 static void dst_set_add(struct dst_set *, const struct dst *);
96 static void dst_set_free(struct dst_set *);
99 /* These members are always valid. */
100 struct list port_elem; /* Element in struct port's "ifaces" list. */
101 struct port *port; /* Containing port. */
102 char *name; /* Host network device name. */
103 tag_type tag; /* Tag associated with this interface. */
105 /* These members are valid only after bridge_reconfigure() causes them to
107 struct hmap_node dp_ifidx_node; /* In struct bridge's "ifaces" hmap. */
108 int dp_ifidx; /* Index within kernel datapath. */
109 struct netdev *netdev; /* Network device. */
110 const char *type; /* Usually same as cfg->type. */
111 const struct ovsrec_interface *cfg;
114 #define MAX_MIRRORS 32
115 typedef uint32_t mirror_mask_t;
116 #define MIRROR_MASK_C(X) UINT32_C(X)
117 BUILD_ASSERT_DECL(sizeof(mirror_mask_t) * CHAR_BIT >= MAX_MIRRORS);
119 struct bridge *bridge;
122 struct uuid uuid; /* UUID of this "mirror" record in database. */
124 /* Selection criteria. */
125 struct sset src_ports; /* Source port names. */
126 struct sset dst_ports; /* Destination port names. */
131 struct port *out_port;
135 #define FLOOD_PORT ((struct port *) 1) /* The 'flood' output port. */
137 struct bridge *bridge;
138 struct hmap_node hmap_node; /* Element in struct bridge's "ports" hmap. */
141 int vlan; /* -1=trunk port, else a 12-bit VLAN ID. */
142 unsigned long *trunks; /* Bitmap of trunked VLANs, if 'vlan' == -1.
143 * NULL if all VLANs are trunked. */
144 const struct ovsrec_port *cfg;
146 /* An ordinary bridge port has 1 interface.
147 * A bridge port for bonding has at least 2 interfaces. */
148 struct list ifaces; /* List of "struct iface"s. */
149 size_t n_ifaces; /* list_size(ifaces). */
154 /* Port mirroring info. */
155 mirror_mask_t src_mirrors; /* Mirrors triggered when packet received. */
156 mirror_mask_t dst_mirrors; /* Mirrors triggered when packet sent. */
157 bool is_mirror_output_port; /* Does port mirroring send frames here? */
161 struct list node; /* Node in global list of bridges. */
162 char *name; /* User-specified arbitrary name. */
163 struct mac_learning *ml; /* MAC learning table. */
164 uint8_t ea[ETH_ADDR_LEN]; /* Bridge Ethernet Address. */
165 uint8_t default_ea[ETH_ADDR_LEN]; /* Default MAC. */
166 const struct ovsrec_bridge *cfg;
168 /* OpenFlow switch processing. */
169 struct ofproto *ofproto; /* OpenFlow switch. */
171 /* Kernel datapath information. */
172 struct dpif *dpif; /* Datapath. */
173 struct hmap ifaces; /* "struct iface"s indexed by dp_ifidx. */
176 struct hmap ports; /* "struct port"s indexed by name. */
177 struct shash iface_by_name; /* "struct iface"s indexed by name. */
180 bool has_bonded_ports;
185 /* Port mirroring. */
186 struct mirror *mirrors[MAX_MIRRORS];
189 /* List of all bridges. */
190 static struct list all_bridges = LIST_INITIALIZER(&all_bridges);
192 /* OVSDB IDL used to obtain configuration. */
193 static struct ovsdb_idl *idl;
195 /* Each time this timer expires, the bridge fetches systems and interface
196 * statistics and pushes them into the database. */
197 #define STATS_INTERVAL (5 * 1000) /* In milliseconds. */
198 static long long int stats_timer = LLONG_MIN;
200 /* Stores the time after which CFM statistics may be written to the database.
201 * Only updated when changes to the database require rate limiting. */
202 #define CFM_LIMIT_INTERVAL (1 * 1000) /* In milliseconds. */
203 static long long int cfm_limiter = LLONG_MIN;
205 static struct bridge *bridge_create(const struct ovsrec_bridge *br_cfg);
206 static void bridge_destroy(struct bridge *);
207 static struct bridge *bridge_lookup(const char *name);
208 static unixctl_cb_func bridge_unixctl_dump_flows;
209 static unixctl_cb_func bridge_unixctl_reconnect;
210 static int bridge_run_one(struct bridge *);
211 static size_t bridge_get_controllers(const struct bridge *br,
212 struct ovsrec_controller ***controllersp);
213 static void bridge_reconfigure_one(struct bridge *);
214 static void bridge_reconfigure_remotes(struct bridge *,
215 const struct sockaddr_in *managers,
217 static void bridge_get_all_ifaces(const struct bridge *, struct shash *ifaces);
218 static void bridge_fetch_dp_ifaces(struct bridge *);
219 static void bridge_flush(struct bridge *);
220 static void bridge_pick_local_hw_addr(struct bridge *,
221 uint8_t ea[ETH_ADDR_LEN],
222 struct iface **hw_addr_iface);
223 static uint64_t bridge_pick_datapath_id(struct bridge *,
224 const uint8_t bridge_ea[ETH_ADDR_LEN],
225 struct iface *hw_addr_iface);
226 static uint64_t dpid_from_hash(const void *, size_t nbytes);
228 static unixctl_cb_func bridge_unixctl_fdb_show;
229 static unixctl_cb_func cfm_unixctl_show;
230 static unixctl_cb_func qos_unixctl_show;
232 static void port_run(struct port *);
233 static void port_wait(struct port *);
234 static struct port *port_create(struct bridge *, const char *name);
235 static void port_reconfigure(struct port *, const struct ovsrec_port *);
236 static void port_del_ifaces(struct port *, const struct ovsrec_port *);
237 static void port_destroy(struct port *);
238 static struct port *port_lookup(const struct bridge *, const char *name);
239 static struct iface *port_get_an_iface(const struct port *);
240 static struct port *port_from_dp_ifidx(const struct bridge *,
242 static void port_reconfigure_bond(struct port *);
243 static void port_send_learning_packets(struct port *);
245 static void mirror_create(struct bridge *, struct ovsrec_mirror *);
246 static void mirror_destroy(struct mirror *);
247 static void mirror_reconfigure(struct bridge *);
248 static void mirror_reconfigure_one(struct mirror *, struct ovsrec_mirror *);
249 static bool vlan_is_mirrored(const struct mirror *, int vlan);
251 static struct iface *iface_create(struct port *port,
252 const struct ovsrec_interface *if_cfg);
253 static void iface_destroy(struct iface *);
254 static struct iface *iface_lookup(const struct bridge *, const char *name);
255 static struct iface *iface_find(const char *name);
256 static struct iface *iface_from_dp_ifidx(const struct bridge *,
258 static void iface_set_mac(struct iface *);
259 static void iface_set_ofport(const struct ovsrec_interface *, int64_t ofport);
260 static void iface_update_qos(struct iface *, const struct ovsrec_qos *);
261 static void iface_update_cfm(struct iface *);
262 static bool iface_refresh_cfm_stats(struct iface *iface);
263 static bool iface_get_carrier(const struct iface *);
265 static void shash_from_ovs_idl_map(char **keys, char **values, size_t n,
267 static void shash_to_ovs_idl_map(struct shash *,
268 char ***keys, char ***values, size_t *n);
270 /* Hooks into ofproto processing. */
271 static struct ofhooks bridge_ofhooks;
273 /* Public functions. */
275 /* Initializes the bridge module, configuring it to obtain its configuration
276 * from an OVSDB server accessed over 'remote', which should be a string in a
277 * form acceptable to ovsdb_idl_create(). */
279 bridge_init(const char *remote)
281 /* Create connection to database. */
282 idl = ovsdb_idl_create(remote, &ovsrec_idl_class, true);
284 ovsdb_idl_omit_alert(idl, &ovsrec_open_vswitch_col_cur_cfg);
285 ovsdb_idl_omit_alert(idl, &ovsrec_open_vswitch_col_statistics);
286 ovsdb_idl_omit(idl, &ovsrec_open_vswitch_col_external_ids);
288 ovsdb_idl_omit(idl, &ovsrec_bridge_col_external_ids);
290 ovsdb_idl_omit(idl, &ovsrec_port_col_external_ids);
291 ovsdb_idl_omit(idl, &ovsrec_port_col_fake_bridge);
293 ovsdb_idl_omit_alert(idl, &ovsrec_interface_col_ofport);
294 ovsdb_idl_omit_alert(idl, &ovsrec_interface_col_statistics);
295 ovsdb_idl_omit(idl, &ovsrec_interface_col_external_ids);
297 /* Register unixctl commands. */
298 unixctl_command_register("fdb/show", bridge_unixctl_fdb_show, NULL);
299 unixctl_command_register("cfm/show", cfm_unixctl_show, NULL);
300 unixctl_command_register("qos/show", qos_unixctl_show, NULL);
301 unixctl_command_register("bridge/dump-flows", bridge_unixctl_dump_flows,
303 unixctl_command_register("bridge/reconnect", bridge_unixctl_reconnect,
311 struct bridge *br, *next_br;
313 LIST_FOR_EACH_SAFE (br, next_br, node, &all_bridges) {
316 ovsdb_idl_destroy(idl);
319 /* Performs configuration that is only necessary once at ovs-vswitchd startup,
320 * but for which the ovs-vswitchd configuration 'cfg' is required. */
322 bridge_configure_once(const struct ovsrec_open_vswitch *cfg)
324 static bool already_configured_once;
325 struct sset bridge_names;
326 struct sset dpif_names, dpif_types;
330 /* Only do this once per ovs-vswitchd run. */
331 if (already_configured_once) {
334 already_configured_once = true;
336 stats_timer = time_msec() + STATS_INTERVAL;
338 /* Get all the configured bridges' names from 'cfg' into 'bridge_names'. */
339 sset_init(&bridge_names);
340 for (i = 0; i < cfg->n_bridges; i++) {
341 sset_add(&bridge_names, cfg->bridges[i]->name);
344 /* Iterate over all system dpifs and delete any of them that do not appear
346 sset_init(&dpif_names);
347 sset_init(&dpif_types);
348 dp_enumerate_types(&dpif_types);
349 SSET_FOR_EACH (type, &dpif_types) {
352 dp_enumerate_names(type, &dpif_names);
354 /* Delete each dpif whose name is not in 'bridge_names'. */
355 SSET_FOR_EACH (name, &dpif_names) {
356 if (!sset_contains(&bridge_names, name)) {
360 retval = dpif_open(name, type, &dpif);
368 sset_destroy(&bridge_names);
369 sset_destroy(&dpif_names);
370 sset_destroy(&dpif_types);
373 /* Callback for iterate_and_prune_ifaces(). */
375 check_iface(struct bridge *br, struct iface *iface, void *aux OVS_UNUSED)
377 if (!iface->netdev) {
378 /* We already reported a related error, don't bother duplicating it. */
382 if (iface->dp_ifidx < 0) {
383 VLOG_ERR("%s interface not in %s, dropping",
384 iface->name, dpif_name(br->dpif));
388 VLOG_DBG("%s has interface %s on port %d", dpif_name(br->dpif),
389 iface->name, iface->dp_ifidx);
393 /* Callback for iterate_and_prune_ifaces(). */
395 set_iface_properties(struct bridge *br OVS_UNUSED, struct iface *iface,
396 void *aux OVS_UNUSED)
398 /* Set policing attributes. */
399 netdev_set_policing(iface->netdev,
400 iface->cfg->ingress_policing_rate,
401 iface->cfg->ingress_policing_burst);
403 /* Set MAC address of internal interfaces other than the local
405 if (iface->dp_ifidx != ODPP_LOCAL && !strcmp(iface->type, "internal")) {
406 iface_set_mac(iface);
412 /* Calls 'cb' for each interfaces in 'br', passing along the 'aux' argument.
413 * Deletes from 'br' all the interfaces for which 'cb' returns false, and then
414 * deletes from 'br' any ports that no longer have any interfaces. */
416 iterate_and_prune_ifaces(struct bridge *br,
417 bool (*cb)(struct bridge *, struct iface *,
421 struct port *port, *next_port;
423 HMAP_FOR_EACH_SAFE (port, next_port, hmap_node, &br->ports) {
424 struct iface *iface, *next_iface;
426 LIST_FOR_EACH_SAFE (iface, next_iface, port_elem, &port->ifaces) {
427 if (!cb(br, iface, aux)) {
428 iface_set_ofport(iface->cfg, -1);
429 iface_destroy(iface);
433 if (!port->n_ifaces) {
434 VLOG_WARN("%s port has no interfaces, dropping", port->name);
440 /* Looks at the list of managers in 'ovs_cfg' and extracts their remote IP
441 * addresses and ports into '*managersp' and '*n_managersp'. The caller is
442 * responsible for freeing '*managersp' (with free()).
444 * You may be asking yourself "why does ovs-vswitchd care?", because
445 * ovsdb-server is responsible for connecting to the managers, and ovs-vswitchd
446 * should not be and in fact is not directly involved in that. But
447 * ovs-vswitchd needs to make sure that ovsdb-server can reach the managers, so
448 * it has to tell in-band control where the managers are to enable that.
449 * (Thus, only managers connected in-band are collected.)
452 collect_in_band_managers(const struct ovsrec_open_vswitch *ovs_cfg,
453 struct sockaddr_in **managersp, size_t *n_managersp)
455 struct sockaddr_in *managers = NULL;
456 size_t n_managers = 0;
460 /* Collect all of the potential targets from the "targets" columns of the
461 * rows pointed to by "manager_options", excluding any that are
464 for (i = 0; i < ovs_cfg->n_manager_options; i++) {
465 struct ovsrec_manager *m = ovs_cfg->manager_options[i];
467 if (m->connection_mode && !strcmp(m->connection_mode, "out-of-band")) {
468 sset_find_and_delete(&targets, m->target);
470 sset_add(&targets, m->target);
474 /* Now extract the targets' IP addresses. */
475 if (!sset_is_empty(&targets)) {
478 managers = xmalloc(sset_count(&targets) * sizeof *managers);
479 SSET_FOR_EACH (target, &targets) {
480 struct sockaddr_in *sin = &managers[n_managers];
482 if ((!strncmp(target, "tcp:", 4)
483 && inet_parse_active(target + 4, JSONRPC_TCP_PORT, sin)) ||
484 (!strncmp(target, "ssl:", 4)
485 && inet_parse_active(target + 4, JSONRPC_SSL_PORT, sin))) {
490 sset_destroy(&targets);
492 *managersp = managers;
493 *n_managersp = n_managers;
497 bridge_reconfigure(const struct ovsrec_open_vswitch *ovs_cfg)
499 struct shash old_br, new_br;
500 struct shash_node *node;
501 struct bridge *br, *next;
502 struct sockaddr_in *managers;
505 int sflow_bridge_number;
507 COVERAGE_INC(bridge_reconfigure);
509 collect_in_band_managers(ovs_cfg, &managers, &n_managers);
511 /* Collect old and new bridges. */
514 LIST_FOR_EACH (br, node, &all_bridges) {
515 shash_add(&old_br, br->name, br);
517 for (i = 0; i < ovs_cfg->n_bridges; i++) {
518 const struct ovsrec_bridge *br_cfg = ovs_cfg->bridges[i];
519 if (!shash_add_once(&new_br, br_cfg->name, br_cfg)) {
520 VLOG_WARN("more than one bridge named %s", br_cfg->name);
524 /* Get rid of deleted bridges and add new bridges. */
525 LIST_FOR_EACH_SAFE (br, next, node, &all_bridges) {
526 struct ovsrec_bridge *br_cfg = shash_find_data(&new_br, br->name);
533 SHASH_FOR_EACH (node, &new_br) {
534 const char *br_name = node->name;
535 const struct ovsrec_bridge *br_cfg = node->data;
536 br = shash_find_data(&old_br, br_name);
538 /* If the bridge datapath type has changed, we need to tear it
539 * down and recreate. */
540 if (strcmp(br->cfg->datapath_type, br_cfg->datapath_type)) {
542 bridge_create(br_cfg);
545 bridge_create(br_cfg);
548 shash_destroy(&old_br);
549 shash_destroy(&new_br);
551 /* Reconfigure all bridges. */
552 LIST_FOR_EACH (br, node, &all_bridges) {
553 bridge_reconfigure_one(br);
556 /* Add and delete ports on all datapaths.
558 * The kernel will reject any attempt to add a given port to a datapath if
559 * that port already belongs to a different datapath, so we must do all
560 * port deletions before any port additions. */
561 LIST_FOR_EACH (br, node, &all_bridges) {
562 struct dpif_port_dump dump;
563 struct shash want_ifaces;
564 struct dpif_port dpif_port;
566 bridge_get_all_ifaces(br, &want_ifaces);
567 DPIF_PORT_FOR_EACH (&dpif_port, &dump, br->dpif) {
568 if (!shash_find(&want_ifaces, dpif_port.name)
569 && strcmp(dpif_port.name, br->name)) {
570 int retval = dpif_port_del(br->dpif, dpif_port.port_no);
572 VLOG_WARN("failed to remove %s interface from %s: %s",
573 dpif_port.name, dpif_name(br->dpif),
578 shash_destroy(&want_ifaces);
580 LIST_FOR_EACH (br, node, &all_bridges) {
581 struct shash cur_ifaces, want_ifaces;
582 struct dpif_port_dump dump;
583 struct dpif_port dpif_port;
585 /* Get the set of interfaces currently in this datapath. */
586 shash_init(&cur_ifaces);
587 DPIF_PORT_FOR_EACH (&dpif_port, &dump, br->dpif) {
588 struct dpif_port *port_info = xmalloc(sizeof *port_info);
589 dpif_port_clone(port_info, &dpif_port);
590 shash_add(&cur_ifaces, dpif_port.name, port_info);
593 /* Get the set of interfaces we want on this datapath. */
594 bridge_get_all_ifaces(br, &want_ifaces);
596 hmap_clear(&br->ifaces);
597 SHASH_FOR_EACH (node, &want_ifaces) {
598 const char *if_name = node->name;
599 struct iface *iface = node->data;
600 struct dpif_port *dpif_port;
604 type = iface ? iface->type : "internal";
605 dpif_port = shash_find_data(&cur_ifaces, if_name);
607 /* If we have a port or a netdev already, and it's not the type we
608 * want, then delete the port (if any) and close the netdev (if
610 if ((dpif_port && strcmp(dpif_port->type, type))
611 || (iface && iface->netdev
612 && strcmp(type, netdev_get_type(iface->netdev)))) {
614 error = ofproto_port_del(br->ofproto, dpif_port->port_no);
621 netdev_close(iface->netdev);
622 iface->netdev = NULL;
626 /* If the port doesn't exist or we don't have the netdev open,
627 * we need to do more work. */
628 if (!dpif_port || (iface && !iface->netdev)) {
629 struct netdev_options options;
630 struct netdev *netdev;
633 /* First open the network device. */
634 options.name = if_name;
636 options.args = &args;
637 options.ethertype = NETDEV_ETH_TYPE_NONE;
641 shash_from_ovs_idl_map(iface->cfg->key_options,
642 iface->cfg->value_options,
643 iface->cfg->n_options, &args);
645 error = netdev_open(&options, &netdev);
646 shash_destroy(&args);
649 VLOG_WARN("could not open network device %s (%s)",
650 if_name, strerror(error));
654 /* Then add the port if we haven't already. */
656 error = dpif_port_add(br->dpif, netdev, NULL);
658 netdev_close(netdev);
659 if (error == EFBIG) {
660 VLOG_ERR("ran out of valid port numbers on %s",
661 dpif_name(br->dpif));
664 VLOG_WARN("failed to add %s interface to %s: %s",
665 if_name, dpif_name(br->dpif),
672 /* Update 'iface'. */
674 iface->netdev = netdev;
676 } else if (iface && iface->netdev) {
680 shash_from_ovs_idl_map(iface->cfg->key_options,
681 iface->cfg->value_options,
682 iface->cfg->n_options, &args);
683 netdev_set_config(iface->netdev, &args);
684 shash_destroy(&args);
687 shash_destroy(&want_ifaces);
689 SHASH_FOR_EACH (node, &cur_ifaces) {
690 struct dpif_port *port_info = node->data;
691 dpif_port_destroy(port_info);
694 shash_destroy(&cur_ifaces);
696 sflow_bridge_number = 0;
697 LIST_FOR_EACH (br, node, &all_bridges) {
698 uint8_t ea[ETH_ADDR_LEN];
700 struct iface *local_iface;
701 struct iface *hw_addr_iface;
704 bridge_fetch_dp_ifaces(br);
706 /* Delete interfaces that cannot be opened.
708 * From this point forward we are guaranteed that every "struct iface"
709 * has nonnull 'netdev' and correct 'dp_ifidx'. */
710 iterate_and_prune_ifaces(br, check_iface, NULL);
712 /* Pick local port hardware address, datapath ID. */
713 bridge_pick_local_hw_addr(br, ea, &hw_addr_iface);
714 local_iface = iface_from_dp_ifidx(br, ODPP_LOCAL);
716 int error = netdev_set_etheraddr(local_iface->netdev, ea);
718 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
719 VLOG_ERR_RL(&rl, "bridge %s: failed to set bridge "
720 "Ethernet address: %s",
721 br->name, strerror(error));
724 memcpy(br->ea, ea, ETH_ADDR_LEN);
726 dpid = bridge_pick_datapath_id(br, ea, hw_addr_iface);
727 ofproto_set_datapath_id(br->ofproto, dpid);
729 dpid_string = xasprintf("%016"PRIx64, dpid);
730 ovsrec_bridge_set_datapath_id(br->cfg, dpid_string);
733 /* Set NetFlow configuration on this bridge. */
734 if (br->cfg->netflow) {
735 struct ovsrec_netflow *nf_cfg = br->cfg->netflow;
736 struct netflow_options opts;
738 memset(&opts, 0, sizeof opts);
740 dpif_get_netflow_ids(br->dpif, &opts.engine_type, &opts.engine_id);
741 if (nf_cfg->engine_type) {
742 opts.engine_type = *nf_cfg->engine_type;
744 if (nf_cfg->engine_id) {
745 opts.engine_id = *nf_cfg->engine_id;
748 opts.active_timeout = nf_cfg->active_timeout;
749 if (!opts.active_timeout) {
750 opts.active_timeout = -1;
751 } else if (opts.active_timeout < 0) {
752 VLOG_WARN("bridge %s: active timeout interval set to negative "
753 "value, using default instead (%d seconds)", br->name,
754 NF_ACTIVE_TIMEOUT_DEFAULT);
755 opts.active_timeout = -1;
758 opts.add_id_to_iface = nf_cfg->add_id_to_interface;
759 if (opts.add_id_to_iface) {
760 if (opts.engine_id > 0x7f) {
761 VLOG_WARN("bridge %s: netflow port mangling may conflict "
762 "with another vswitch, choose an engine id less "
763 "than 128", br->name);
765 if (hmap_count(&br->ports) > 508) {
766 VLOG_WARN("bridge %s: netflow port mangling will conflict "
767 "with another port when more than 508 ports are "
772 sset_init(&opts.collectors);
773 sset_add_array(&opts.collectors,
774 nf_cfg->targets, nf_cfg->n_targets);
775 if (ofproto_set_netflow(br->ofproto, &opts)) {
776 VLOG_ERR("bridge %s: problem setting netflow collectors",
779 sset_destroy(&opts.collectors);
781 ofproto_set_netflow(br->ofproto, NULL);
784 /* Set sFlow configuration on this bridge. */
785 if (br->cfg->sflow) {
786 const struct ovsrec_sflow *sflow_cfg = br->cfg->sflow;
787 struct ovsrec_controller **controllers;
788 struct ofproto_sflow_options oso;
789 size_t n_controllers;
791 memset(&oso, 0, sizeof oso);
793 sset_init(&oso.targets);
794 sset_add_array(&oso.targets,
795 sflow_cfg->targets, sflow_cfg->n_targets);
797 oso.sampling_rate = SFL_DEFAULT_SAMPLING_RATE;
798 if (sflow_cfg->sampling) {
799 oso.sampling_rate = *sflow_cfg->sampling;
802 oso.polling_interval = SFL_DEFAULT_POLLING_INTERVAL;
803 if (sflow_cfg->polling) {
804 oso.polling_interval = *sflow_cfg->polling;
807 oso.header_len = SFL_DEFAULT_HEADER_SIZE;
808 if (sflow_cfg->header) {
809 oso.header_len = *sflow_cfg->header;
812 oso.sub_id = sflow_bridge_number++;
813 oso.agent_device = sflow_cfg->agent;
815 oso.control_ip = NULL;
816 n_controllers = bridge_get_controllers(br, &controllers);
817 for (i = 0; i < n_controllers; i++) {
818 if (controllers[i]->local_ip) {
819 oso.control_ip = controllers[i]->local_ip;
823 ofproto_set_sflow(br->ofproto, &oso);
825 sset_destroy(&oso.targets);
827 ofproto_set_sflow(br->ofproto, NULL);
830 /* Update the controller and related settings. It would be more
831 * straightforward to call this from bridge_reconfigure_one(), but we
832 * can't do it there for two reasons. First, and most importantly, at
833 * that point we don't know the dp_ifidx of any interfaces that have
834 * been added to the bridge (because we haven't actually added them to
835 * the datapath). Second, at that point we haven't set the datapath ID
836 * yet; when a controller is configured, resetting the datapath ID will
837 * immediately disconnect from the controller, so it's better to set
838 * the datapath ID before the controller. */
839 bridge_reconfigure_remotes(br, managers, n_managers);
841 LIST_FOR_EACH (br, node, &all_bridges) {
844 br->has_bonded_ports = false;
845 HMAP_FOR_EACH (port, hmap_node, &br->ports) {
848 port_reconfigure_bond(port);
850 LIST_FOR_EACH (iface, port_elem, &port->ifaces) {
851 iface_update_qos(iface, port->cfg->qos);
855 LIST_FOR_EACH (br, node, &all_bridges) {
856 iterate_and_prune_ifaces(br, set_iface_properties, NULL);
859 LIST_FOR_EACH (br, node, &all_bridges) {
861 HMAP_FOR_EACH (iface, dp_ifidx_node, &br->ifaces) {
862 iface_update_cfm(iface);
868 /* ovs-vswitchd has completed initialization, so allow the process that
869 * forked us to exit successfully. */
870 daemonize_complete();
874 get_ovsrec_key_value(const struct ovsdb_idl_row *row,
875 const struct ovsdb_idl_column *column,
878 const struct ovsdb_datum *datum;
879 union ovsdb_atom atom;
882 datum = ovsdb_idl_get(row, column, OVSDB_TYPE_STRING, OVSDB_TYPE_STRING);
883 atom.string = (char *) key;
884 idx = ovsdb_datum_find_key(datum, &atom, OVSDB_TYPE_STRING);
885 return idx == UINT_MAX ? NULL : datum->values[idx].string;
889 bridge_get_other_config(const struct ovsrec_bridge *br_cfg, const char *key)
891 return get_ovsrec_key_value(&br_cfg->header_,
892 &ovsrec_bridge_col_other_config, key);
896 bridge_pick_local_hw_addr(struct bridge *br, uint8_t ea[ETH_ADDR_LEN],
897 struct iface **hw_addr_iface)
903 *hw_addr_iface = NULL;
905 /* Did the user request a particular MAC? */
906 hwaddr = bridge_get_other_config(br->cfg, "hwaddr");
907 if (hwaddr && eth_addr_from_string(hwaddr, ea)) {
908 if (eth_addr_is_multicast(ea)) {
909 VLOG_ERR("bridge %s: cannot set MAC address to multicast "
910 "address "ETH_ADDR_FMT, br->name, ETH_ADDR_ARGS(ea));
911 } else if (eth_addr_is_zero(ea)) {
912 VLOG_ERR("bridge %s: cannot set MAC address to zero", br->name);
918 /* Otherwise choose the minimum non-local MAC address among all of the
920 memset(ea, 0xff, ETH_ADDR_LEN);
921 HMAP_FOR_EACH (port, hmap_node, &br->ports) {
922 uint8_t iface_ea[ETH_ADDR_LEN];
923 struct iface *candidate;
926 /* Mirror output ports don't participate. */
927 if (port->is_mirror_output_port) {
931 /* Choose the MAC address to represent the port. */
933 if (port->cfg->mac && eth_addr_from_string(port->cfg->mac, iface_ea)) {
934 /* Find the interface with this Ethernet address (if any) so that
935 * we can provide the correct devname to the caller. */
936 LIST_FOR_EACH (candidate, port_elem, &port->ifaces) {
937 uint8_t candidate_ea[ETH_ADDR_LEN];
938 if (!netdev_get_etheraddr(candidate->netdev, candidate_ea)
939 && eth_addr_equals(iface_ea, candidate_ea)) {
944 /* Choose the interface whose MAC address will represent the port.
945 * The Linux kernel bonding code always chooses the MAC address of
946 * the first slave added to a bond, and the Fedora networking
947 * scripts always add slaves to a bond in alphabetical order, so
948 * for compatibility we choose the interface with the name that is
949 * first in alphabetical order. */
950 LIST_FOR_EACH (candidate, port_elem, &port->ifaces) {
951 if (!iface || strcmp(candidate->name, iface->name) < 0) {
956 /* The local port doesn't count (since we're trying to choose its
957 * MAC address anyway). */
958 if (iface->dp_ifidx == ODPP_LOCAL) {
963 error = netdev_get_etheraddr(iface->netdev, iface_ea);
965 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
966 VLOG_ERR_RL(&rl, "failed to obtain Ethernet address of %s: %s",
967 iface->name, strerror(error));
972 /* Compare against our current choice. */
973 if (!eth_addr_is_multicast(iface_ea) &&
974 !eth_addr_is_local(iface_ea) &&
975 !eth_addr_is_reserved(iface_ea) &&
976 !eth_addr_is_zero(iface_ea) &&
977 eth_addr_compare_3way(iface_ea, ea) < 0)
979 memcpy(ea, iface_ea, ETH_ADDR_LEN);
980 *hw_addr_iface = iface;
983 if (eth_addr_is_multicast(ea)) {
984 memcpy(ea, br->default_ea, ETH_ADDR_LEN);
985 *hw_addr_iface = NULL;
986 VLOG_WARN("bridge %s: using default bridge Ethernet "
987 "address "ETH_ADDR_FMT, br->name, ETH_ADDR_ARGS(ea));
989 VLOG_DBG("bridge %s: using bridge Ethernet address "ETH_ADDR_FMT,
990 br->name, ETH_ADDR_ARGS(ea));
994 /* Choose and returns the datapath ID for bridge 'br' given that the bridge
995 * Ethernet address is 'bridge_ea'. If 'bridge_ea' is the Ethernet address of
996 * an interface on 'br', then that interface must be passed in as
997 * 'hw_addr_iface'; if 'bridge_ea' was derived some other way, then
998 * 'hw_addr_iface' must be passed in as a null pointer. */
1000 bridge_pick_datapath_id(struct bridge *br,
1001 const uint8_t bridge_ea[ETH_ADDR_LEN],
1002 struct iface *hw_addr_iface)
1005 * The procedure for choosing a bridge MAC address will, in the most
1006 * ordinary case, also choose a unique MAC that we can use as a datapath
1007 * ID. In some special cases, though, multiple bridges will end up with
1008 * the same MAC address. This is OK for the bridges, but it will confuse
1009 * the OpenFlow controller, because each datapath needs a unique datapath
1012 * Datapath IDs must be unique. It is also very desirable that they be
1013 * stable from one run to the next, so that policy set on a datapath
1016 const char *datapath_id;
1019 datapath_id = bridge_get_other_config(br->cfg, "datapath-id");
1020 if (datapath_id && dpid_from_string(datapath_id, &dpid)) {
1024 if (hw_addr_iface) {
1026 if (!netdev_get_vlan_vid(hw_addr_iface->netdev, &vlan)) {
1028 * A bridge whose MAC address is taken from a VLAN network device
1029 * (that is, a network device created with vconfig(8) or similar
1030 * tool) will have the same MAC address as a bridge on the VLAN
1031 * device's physical network device.
1033 * Handle this case by hashing the physical network device MAC
1034 * along with the VLAN identifier.
1036 uint8_t buf[ETH_ADDR_LEN + 2];
1037 memcpy(buf, bridge_ea, ETH_ADDR_LEN);
1038 buf[ETH_ADDR_LEN] = vlan >> 8;
1039 buf[ETH_ADDR_LEN + 1] = vlan;
1040 return dpid_from_hash(buf, sizeof buf);
1043 * Assume that this bridge's MAC address is unique, since it
1044 * doesn't fit any of the cases we handle specially.
1049 * A purely internal bridge, that is, one that has no non-virtual
1050 * network devices on it at all, is more difficult because it has no
1051 * natural unique identifier at all.
1053 * When the host is a XenServer, we handle this case by hashing the
1054 * host's UUID with the name of the bridge. Names of bridges are
1055 * persistent across XenServer reboots, although they can be reused if
1056 * an internal network is destroyed and then a new one is later
1057 * created, so this is fairly effective.
1059 * When the host is not a XenServer, we punt by using a random MAC
1060 * address on each run.
1062 const char *host_uuid = xenserver_get_host_uuid();
1064 char *combined = xasprintf("%s,%s", host_uuid, br->name);
1065 dpid = dpid_from_hash(combined, strlen(combined));
1071 return eth_addr_to_uint64(bridge_ea);
1075 dpid_from_hash(const void *data, size_t n)
1077 uint8_t hash[SHA1_DIGEST_SIZE];
1079 BUILD_ASSERT_DECL(sizeof hash >= ETH_ADDR_LEN);
1080 sha1_bytes(data, n, hash);
1081 eth_addr_mark_random(hash);
1082 return eth_addr_to_uint64(hash);
1086 iface_refresh_status(struct iface *iface)
1090 enum netdev_flags flags;
1099 if (!netdev_get_status(iface->netdev, &sh)) {
1101 char **keys, **values;
1103 shash_to_ovs_idl_map(&sh, &keys, &values, &n);
1104 ovsrec_interface_set_status(iface->cfg, keys, values, n);
1109 ovsrec_interface_set_status(iface->cfg, NULL, NULL, 0);
1112 shash_destroy_free_data(&sh);
1114 error = netdev_get_flags(iface->netdev, &flags);
1116 ovsrec_interface_set_admin_state(iface->cfg, flags & NETDEV_UP ? "up" : "down");
1119 ovsrec_interface_set_admin_state(iface->cfg, NULL);
1122 error = netdev_get_features(iface->netdev, ¤t, NULL, NULL, NULL);
1124 ovsrec_interface_set_duplex(iface->cfg,
1125 netdev_features_is_full_duplex(current)
1127 /* warning: uint64_t -> int64_t conversion */
1128 bps = netdev_features_to_bps(current);
1129 ovsrec_interface_set_link_speed(iface->cfg, &bps, 1);
1132 ovsrec_interface_set_duplex(iface->cfg, NULL);
1133 ovsrec_interface_set_link_speed(iface->cfg, NULL, 0);
1137 ovsrec_interface_set_link_state(iface->cfg,
1138 iface_get_carrier(iface) ? "up" : "down");
1140 error = netdev_get_mtu(iface->netdev, &mtu);
1141 if (!error && mtu != INT_MAX) {
1143 ovsrec_interface_set_mtu(iface->cfg, &mtu_64, 1);
1146 ovsrec_interface_set_mtu(iface->cfg, NULL, 0);
1150 /* Writes 'iface''s CFM statistics to the database. Returns true if anything
1151 * changed, false otherwise. */
1153 iface_refresh_cfm_stats(struct iface *iface)
1155 const struct ovsrec_monitor *mon;
1156 const struct cfm *cfm;
1157 bool changed = false;
1160 mon = iface->cfg->monitor;
1161 cfm = ofproto_iface_get_cfm(iface->port->bridge->ofproto, iface->dp_ifidx);
1167 for (i = 0; i < mon->n_remote_mps; i++) {
1168 const struct ovsrec_maintenance_point *mp;
1169 const struct remote_mp *rmp;
1171 mp = mon->remote_mps[i];
1172 rmp = cfm_get_remote_mp(cfm, mp->mpid);
1174 if (mp->n_fault != 1 || mp->fault[0] != rmp->fault) {
1175 ovsrec_maintenance_point_set_fault(mp, &rmp->fault, 1);
1180 if (mon->n_fault != 1 || mon->fault[0] != cfm->fault) {
1181 ovsrec_monitor_set_fault(mon, &cfm->fault, 1);
1189 iface_refresh_stats(struct iface *iface)
1195 static const struct iface_stat iface_stats[] = {
1196 { "rx_packets", offsetof(struct netdev_stats, rx_packets) },
1197 { "tx_packets", offsetof(struct netdev_stats, tx_packets) },
1198 { "rx_bytes", offsetof(struct netdev_stats, rx_bytes) },
1199 { "tx_bytes", offsetof(struct netdev_stats, tx_bytes) },
1200 { "rx_dropped", offsetof(struct netdev_stats, rx_dropped) },
1201 { "tx_dropped", offsetof(struct netdev_stats, tx_dropped) },
1202 { "rx_errors", offsetof(struct netdev_stats, rx_errors) },
1203 { "tx_errors", offsetof(struct netdev_stats, tx_errors) },
1204 { "rx_frame_err", offsetof(struct netdev_stats, rx_frame_errors) },
1205 { "rx_over_err", offsetof(struct netdev_stats, rx_over_errors) },
1206 { "rx_crc_err", offsetof(struct netdev_stats, rx_crc_errors) },
1207 { "collisions", offsetof(struct netdev_stats, collisions) },
1209 enum { N_STATS = ARRAY_SIZE(iface_stats) };
1210 const struct iface_stat *s;
1212 char *keys[N_STATS];
1213 int64_t values[N_STATS];
1216 struct netdev_stats stats;
1218 /* Intentionally ignore return value, since errors will set 'stats' to
1219 * all-1s, and we will deal with that correctly below. */
1220 netdev_get_stats(iface->netdev, &stats);
1223 for (s = iface_stats; s < &iface_stats[N_STATS]; s++) {
1224 uint64_t value = *(uint64_t *) (((char *) &stats) + s->offset);
1225 if (value != UINT64_MAX) {
1232 ovsrec_interface_set_statistics(iface->cfg, keys, values, n);
1236 refresh_system_stats(const struct ovsrec_open_vswitch *cfg)
1238 struct ovsdb_datum datum;
1242 get_system_stats(&stats);
1244 ovsdb_datum_from_shash(&datum, &stats);
1245 ovsdb_idl_txn_write(&cfg->header_, &ovsrec_open_vswitch_col_statistics,
1249 static inline const char *
1250 nx_role_to_str(enum nx_role role)
1255 case NX_ROLE_MASTER:
1260 return "*** INVALID ROLE ***";
1265 bridge_refresh_controller_status(const struct bridge *br)
1268 const struct ovsrec_controller *cfg;
1270 ofproto_get_ofproto_controller_info(br->ofproto, &info);
1272 OVSREC_CONTROLLER_FOR_EACH(cfg, idl) {
1273 struct ofproto_controller_info *cinfo =
1274 shash_find_data(&info, cfg->target);
1277 ovsrec_controller_set_is_connected(cfg, cinfo->is_connected);
1278 ovsrec_controller_set_role(cfg, nx_role_to_str(cinfo->role));
1279 ovsrec_controller_set_status(cfg, (char **) cinfo->pairs.keys,
1280 (char **) cinfo->pairs.values,
1283 ovsrec_controller_set_is_connected(cfg, false);
1284 ovsrec_controller_set_role(cfg, NULL);
1285 ovsrec_controller_set_status(cfg, NULL, NULL, 0);
1289 ofproto_free_ofproto_controller_info(&info);
1295 const struct ovsrec_open_vswitch *cfg;
1297 bool datapath_destroyed;
1298 bool database_changed;
1301 /* Let each bridge do the work that it needs to do. */
1302 datapath_destroyed = false;
1303 LIST_FOR_EACH (br, node, &all_bridges) {
1304 int error = bridge_run_one(br);
1306 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1307 VLOG_ERR_RL(&rl, "bridge %s: datapath was destroyed externally, "
1308 "forcing reconfiguration", br->name);
1309 datapath_destroyed = true;
1313 /* (Re)configure if necessary. */
1314 database_changed = ovsdb_idl_run(idl);
1315 cfg = ovsrec_open_vswitch_first(idl);
1317 /* Re-configure SSL. We do this on every trip through the main loop,
1318 * instead of just when the database changes, because the contents of the
1319 * key and certificate files can change without the database changing.
1321 * We do this before bridge_reconfigure() because that function might
1322 * initiate SSL connections and thus requires SSL to be configured. */
1323 if (cfg && cfg->ssl) {
1324 const struct ovsrec_ssl *ssl = cfg->ssl;
1326 stream_ssl_set_key_and_cert(ssl->private_key, ssl->certificate);
1327 stream_ssl_set_ca_cert_file(ssl->ca_cert, ssl->bootstrap_ca_cert);
1330 if (database_changed || datapath_destroyed) {
1332 struct ovsdb_idl_txn *txn = ovsdb_idl_txn_create(idl);
1334 bridge_configure_once(cfg);
1335 bridge_reconfigure(cfg);
1337 ovsrec_open_vswitch_set_cur_cfg(cfg, cfg->next_cfg);
1338 ovsdb_idl_txn_commit(txn);
1339 ovsdb_idl_txn_destroy(txn); /* XXX */
1341 /* We still need to reconfigure to avoid dangling pointers to
1342 * now-destroyed ovsrec structures inside bridge data. */
1343 static const struct ovsrec_open_vswitch null_cfg;
1345 bridge_reconfigure(&null_cfg);
1349 /* Refresh system and interface stats if necessary. */
1350 if (time_msec() >= stats_timer) {
1352 struct ovsdb_idl_txn *txn;
1354 txn = ovsdb_idl_txn_create(idl);
1355 LIST_FOR_EACH (br, node, &all_bridges) {
1358 HMAP_FOR_EACH (port, hmap_node, &br->ports) {
1359 struct iface *iface;
1361 LIST_FOR_EACH (iface, port_elem, &port->ifaces) {
1362 iface_refresh_stats(iface);
1363 iface_refresh_status(iface);
1366 bridge_refresh_controller_status(br);
1368 refresh_system_stats(cfg);
1369 ovsdb_idl_txn_commit(txn);
1370 ovsdb_idl_txn_destroy(txn); /* XXX */
1373 stats_timer = time_msec() + STATS_INTERVAL;
1376 if (time_msec() >= cfm_limiter) {
1377 struct ovsdb_idl_txn *txn;
1378 bool changed = false;
1380 txn = ovsdb_idl_txn_create(idl);
1381 LIST_FOR_EACH (br, node, &all_bridges) {
1384 HMAP_FOR_EACH (port, hmap_node, &br->ports) {
1385 struct iface *iface;
1387 LIST_FOR_EACH (iface, port_elem, &port->ifaces) {
1388 changed = iface_refresh_cfm_stats(iface) || changed;
1394 cfm_limiter = time_msec() + CFM_LIMIT_INTERVAL;
1397 ovsdb_idl_txn_commit(txn);
1398 ovsdb_idl_txn_destroy(txn);
1407 LIST_FOR_EACH (br, node, &all_bridges) {
1410 ofproto_wait(br->ofproto);
1411 mac_learning_wait(br->ml);
1412 HMAP_FOR_EACH (port, hmap_node, &br->ports) {
1416 ovsdb_idl_wait(idl);
1417 poll_timer_wait_until(stats_timer);
1419 if (cfm_limiter > time_msec()) {
1420 poll_timer_wait_until(cfm_limiter);
1424 /* Forces 'br' to revalidate all of its flows. This is appropriate when 'br''s
1425 * configuration changes. */
1427 bridge_flush(struct bridge *br)
1429 COVERAGE_INC(bridge_flush);
1433 /* Bridge unixctl user interface functions. */
1435 bridge_unixctl_fdb_show(struct unixctl_conn *conn,
1436 const char *args, void *aux OVS_UNUSED)
1438 struct ds ds = DS_EMPTY_INITIALIZER;
1439 const struct bridge *br;
1440 const struct mac_entry *e;
1442 br = bridge_lookup(args);
1444 unixctl_command_reply(conn, 501, "no such bridge");
1448 ds_put_cstr(&ds, " port VLAN MAC Age\n");
1449 LIST_FOR_EACH (e, lru_node, &br->ml->lrus) {
1450 struct port *port = e->port.p;
1451 ds_put_format(&ds, "%5d %4d "ETH_ADDR_FMT" %3d\n",
1452 port_get_an_iface(port)->dp_ifidx,
1453 e->vlan, ETH_ADDR_ARGS(e->mac), mac_entry_age(e));
1455 unixctl_command_reply(conn, 200, ds_cstr(&ds));
1459 /* CFM unixctl user interface functions. */
1461 cfm_unixctl_show(struct unixctl_conn *conn,
1462 const char *args, void *aux OVS_UNUSED)
1464 struct ds ds = DS_EMPTY_INITIALIZER;
1465 struct iface *iface;
1466 const struct cfm *cfm;
1468 iface = iface_find(args);
1470 unixctl_command_reply(conn, 501, "no such interface");
1474 cfm = ofproto_iface_get_cfm(iface->port->bridge->ofproto, iface->dp_ifidx);
1477 unixctl_command_reply(conn, 501, "CFM not enabled");
1481 cfm_dump_ds(cfm, &ds);
1482 unixctl_command_reply(conn, 200, ds_cstr(&ds));
1486 /* QoS unixctl user interface functions. */
1488 struct qos_unixctl_show_cbdata {
1490 struct iface *iface;
1494 qos_unixctl_show_cb(unsigned int queue_id,
1495 const struct shash *details,
1498 struct qos_unixctl_show_cbdata *data = aux;
1499 struct ds *ds = data->ds;
1500 struct iface *iface = data->iface;
1501 struct netdev_queue_stats stats;
1502 struct shash_node *node;
1505 ds_put_cstr(ds, "\n");
1507 ds_put_format(ds, "Queue %u:\n", queue_id);
1509 ds_put_cstr(ds, "Default:\n");
1512 SHASH_FOR_EACH (node, details) {
1513 ds_put_format(ds, "\t%s: %s\n", node->name, (char *)node->data);
1516 error = netdev_get_queue_stats(iface->netdev, queue_id, &stats);
1518 if (stats.tx_packets != UINT64_MAX) {
1519 ds_put_format(ds, "\ttx_packets: %"PRIu64"\n", stats.tx_packets);
1522 if (stats.tx_bytes != UINT64_MAX) {
1523 ds_put_format(ds, "\ttx_bytes: %"PRIu64"\n", stats.tx_bytes);
1526 if (stats.tx_errors != UINT64_MAX) {
1527 ds_put_format(ds, "\ttx_errors: %"PRIu64"\n", stats.tx_errors);
1530 ds_put_format(ds, "\tFailed to get statistics for queue %u: %s",
1531 queue_id, strerror(error));
1536 qos_unixctl_show(struct unixctl_conn *conn,
1537 const char *args, void *aux OVS_UNUSED)
1539 struct ds ds = DS_EMPTY_INITIALIZER;
1540 struct shash sh = SHASH_INITIALIZER(&sh);
1541 struct iface *iface;
1543 struct shash_node *node;
1544 struct qos_unixctl_show_cbdata data;
1547 iface = iface_find(args);
1549 unixctl_command_reply(conn, 501, "no such interface");
1553 netdev_get_qos(iface->netdev, &type, &sh);
1555 if (*type != '\0') {
1556 ds_put_format(&ds, "QoS: %s %s\n", iface->name, type);
1558 SHASH_FOR_EACH (node, &sh) {
1559 ds_put_format(&ds, "%s: %s\n", node->name, (char *)node->data);
1564 error = netdev_dump_queues(iface->netdev, qos_unixctl_show_cb, &data);
1567 ds_put_format(&ds, "failed to dump queues: %s", strerror(error));
1569 unixctl_command_reply(conn, 200, ds_cstr(&ds));
1571 ds_put_format(&ds, "QoS not configured on %s\n", iface->name);
1572 unixctl_command_reply(conn, 501, ds_cstr(&ds));
1575 shash_destroy_free_data(&sh);
1579 /* Bridge reconfiguration functions. */
1580 static struct bridge *
1581 bridge_create(const struct ovsrec_bridge *br_cfg)
1586 assert(!bridge_lookup(br_cfg->name));
1587 br = xzalloc(sizeof *br);
1589 error = dpif_create_and_open(br_cfg->name, br_cfg->datapath_type,
1596 error = ofproto_create(br_cfg->name, br_cfg->datapath_type, &bridge_ofhooks,
1599 VLOG_ERR("failed to create switch %s: %s", br_cfg->name,
1601 dpif_delete(br->dpif);
1602 dpif_close(br->dpif);
1607 br->name = xstrdup(br_cfg->name);
1609 br->ml = mac_learning_create();
1610 eth_addr_nicira_random(br->default_ea);
1612 hmap_init(&br->ports);
1613 hmap_init(&br->ifaces);
1614 shash_init(&br->iface_by_name);
1618 list_push_back(&all_bridges, &br->node);
1620 VLOG_INFO("created bridge %s on %s", br->name, dpif_name(br->dpif));
1626 bridge_destroy(struct bridge *br)
1629 struct port *port, *next;
1632 HMAP_FOR_EACH_SAFE (port, next, hmap_node, &br->ports) {
1635 list_remove(&br->node);
1636 ofproto_destroy(br->ofproto);
1637 error = dpif_delete(br->dpif);
1638 if (error && error != ENOENT) {
1639 VLOG_ERR("failed to delete %s: %s",
1640 dpif_name(br->dpif), strerror(error));
1642 dpif_close(br->dpif);
1643 mac_learning_destroy(br->ml);
1644 hmap_destroy(&br->ifaces);
1645 hmap_destroy(&br->ports);
1646 shash_destroy(&br->iface_by_name);
1652 static struct bridge *
1653 bridge_lookup(const char *name)
1657 LIST_FOR_EACH (br, node, &all_bridges) {
1658 if (!strcmp(br->name, name)) {
1665 /* Handle requests for a listing of all flows known by the OpenFlow
1666 * stack, including those normally hidden. */
1668 bridge_unixctl_dump_flows(struct unixctl_conn *conn,
1669 const char *args, void *aux OVS_UNUSED)
1674 br = bridge_lookup(args);
1676 unixctl_command_reply(conn, 501, "Unknown bridge");
1681 ofproto_get_all_flows(br->ofproto, &results);
1683 unixctl_command_reply(conn, 200, ds_cstr(&results));
1684 ds_destroy(&results);
1687 /* "bridge/reconnect [BRIDGE]": makes BRIDGE drop all of its controller
1688 * connections and reconnect. If BRIDGE is not specified, then all bridges
1689 * drop their controller connections and reconnect. */
1691 bridge_unixctl_reconnect(struct unixctl_conn *conn,
1692 const char *args, void *aux OVS_UNUSED)
1695 if (args[0] != '\0') {
1696 br = bridge_lookup(args);
1698 unixctl_command_reply(conn, 501, "Unknown bridge");
1701 ofproto_reconnect_controllers(br->ofproto);
1703 LIST_FOR_EACH (br, node, &all_bridges) {
1704 ofproto_reconnect_controllers(br->ofproto);
1707 unixctl_command_reply(conn, 200, NULL);
1711 bridge_run_one(struct bridge *br)
1716 error = ofproto_run1(br->ofproto);
1721 mac_learning_run(br->ml, ofproto_get_revalidate_set(br->ofproto));
1723 HMAP_FOR_EACH (port, hmap_node, &br->ports) {
1727 error = ofproto_run2(br->ofproto, br->flush);
1734 bridge_get_controllers(const struct bridge *br,
1735 struct ovsrec_controller ***controllersp)
1737 struct ovsrec_controller **controllers;
1738 size_t n_controllers;
1740 controllers = br->cfg->controller;
1741 n_controllers = br->cfg->n_controller;
1743 if (n_controllers == 1 && !strcmp(controllers[0]->target, "none")) {
1749 *controllersp = controllers;
1751 return n_controllers;
1755 bridge_reconfigure_one(struct bridge *br)
1757 enum ofproto_fail_mode fail_mode;
1758 struct port *port, *next;
1759 struct shash_node *node;
1760 struct shash new_ports;
1763 /* Collect new ports. */
1764 shash_init(&new_ports);
1765 for (i = 0; i < br->cfg->n_ports; i++) {
1766 const char *name = br->cfg->ports[i]->name;
1767 if (!shash_add_once(&new_ports, name, br->cfg->ports[i])) {
1768 VLOG_WARN("bridge %s: %s specified twice as bridge port",
1773 /* If we have a controller, then we need a local port. Complain if the
1774 * user didn't specify one.
1776 * XXX perhaps we should synthesize a port ourselves in this case. */
1777 if (bridge_get_controllers(br, NULL)) {
1778 char local_name[IF_NAMESIZE];
1781 error = dpif_port_get_name(br->dpif, ODPP_LOCAL,
1782 local_name, sizeof local_name);
1783 if (!error && !shash_find(&new_ports, local_name)) {
1784 VLOG_WARN("bridge %s: controller specified but no local port "
1785 "(port named %s) defined",
1786 br->name, local_name);
1790 /* Get rid of deleted ports.
1791 * Get rid of deleted interfaces on ports that still exist. */
1792 HMAP_FOR_EACH_SAFE (port, next, hmap_node, &br->ports) {
1793 const struct ovsrec_port *port_cfg;
1795 port_cfg = shash_find_data(&new_ports, port->name);
1799 port_del_ifaces(port, port_cfg);
1803 /* Create new ports.
1804 * Add new interfaces to existing ports.
1805 * Reconfigure existing ports. */
1806 SHASH_FOR_EACH (node, &new_ports) {
1807 struct port *port = port_lookup(br, node->name);
1809 port = port_create(br, node->name);
1812 port_reconfigure(port, node->data);
1813 if (!port->n_ifaces) {
1814 VLOG_WARN("bridge %s: port %s has no interfaces, dropping",
1815 br->name, port->name);
1819 shash_destroy(&new_ports);
1821 /* Set the fail-mode */
1822 fail_mode = !br->cfg->fail_mode
1823 || !strcmp(br->cfg->fail_mode, "standalone")
1824 ? OFPROTO_FAIL_STANDALONE
1825 : OFPROTO_FAIL_SECURE;
1826 if (ofproto_get_fail_mode(br->ofproto) != fail_mode
1827 && !ofproto_has_primary_controller(br->ofproto)) {
1828 ofproto_flush_flows(br->ofproto);
1830 ofproto_set_fail_mode(br->ofproto, fail_mode);
1832 /* Delete all flows if we're switching from connected to standalone or vice
1833 * versa. (XXX Should we delete all flows if we are switching from one
1834 * controller to another?) */
1836 /* Configure OpenFlow controller connection snooping. */
1837 if (!ofproto_has_snoops(br->ofproto)) {
1841 sset_add_and_free(&snoops, xasprintf("punix:%s/%s.snoop",
1842 ovs_rundir(), br->name));
1843 ofproto_set_snoops(br->ofproto, &snoops);
1844 sset_destroy(&snoops);
1847 mirror_reconfigure(br);
1850 /* Initializes 'oc' appropriately as a management service controller for
1853 * The caller must free oc->target when it is no longer needed. */
1855 bridge_ofproto_controller_for_mgmt(const struct bridge *br,
1856 struct ofproto_controller *oc)
1858 oc->target = xasprintf("punix:%s/%s.mgmt", ovs_rundir(), br->name);
1859 oc->max_backoff = 0;
1860 oc->probe_interval = 60;
1861 oc->band = OFPROTO_OUT_OF_BAND;
1863 oc->burst_limit = 0;
1866 /* Converts ovsrec_controller 'c' into an ofproto_controller in 'oc'. */
1868 bridge_ofproto_controller_from_ovsrec(const struct ovsrec_controller *c,
1869 struct ofproto_controller *oc)
1871 oc->target = c->target;
1872 oc->max_backoff = c->max_backoff ? *c->max_backoff / 1000 : 8;
1873 oc->probe_interval = c->inactivity_probe ? *c->inactivity_probe / 1000 : 5;
1874 oc->band = (!c->connection_mode || !strcmp(c->connection_mode, "in-band")
1875 ? OFPROTO_IN_BAND : OFPROTO_OUT_OF_BAND);
1876 oc->rate_limit = c->controller_rate_limit ? *c->controller_rate_limit : 0;
1877 oc->burst_limit = (c->controller_burst_limit
1878 ? *c->controller_burst_limit : 0);
1881 /* Configures the IP stack for 'br''s local interface properly according to the
1882 * configuration in 'c'. */
1884 bridge_configure_local_iface_netdev(struct bridge *br,
1885 struct ovsrec_controller *c)
1887 struct netdev *netdev;
1888 struct in_addr mask, gateway;
1890 struct iface *local_iface;
1893 /* If there's no local interface or no IP address, give up. */
1894 local_iface = iface_from_dp_ifidx(br, ODPP_LOCAL);
1895 if (!local_iface || !c->local_ip || !inet_aton(c->local_ip, &ip)) {
1899 /* Bring up the local interface. */
1900 netdev = local_iface->netdev;
1901 netdev_turn_flags_on(netdev, NETDEV_UP, true);
1903 /* Configure the IP address and netmask. */
1904 if (!c->local_netmask
1905 || !inet_aton(c->local_netmask, &mask)
1907 mask.s_addr = guess_netmask(ip.s_addr);
1909 if (!netdev_set_in4(netdev, ip, mask)) {
1910 VLOG_INFO("bridge %s: configured IP address "IP_FMT", netmask "IP_FMT,
1911 br->name, IP_ARGS(&ip.s_addr), IP_ARGS(&mask.s_addr));
1914 /* Configure the default gateway. */
1915 if (c->local_gateway
1916 && inet_aton(c->local_gateway, &gateway)
1917 && gateway.s_addr) {
1918 if (!netdev_add_router(netdev, gateway)) {
1919 VLOG_INFO("bridge %s: configured gateway "IP_FMT,
1920 br->name, IP_ARGS(&gateway.s_addr));
1926 bridge_reconfigure_remotes(struct bridge *br,
1927 const struct sockaddr_in *managers,
1930 const char *disable_ib_str, *queue_id_str;
1931 bool disable_in_band = false;
1934 struct ovsrec_controller **controllers;
1935 size_t n_controllers;
1938 struct ofproto_controller *ocs;
1942 /* Check if we should disable in-band control on this bridge. */
1943 disable_ib_str = bridge_get_other_config(br->cfg, "disable-in-band");
1944 if (disable_ib_str && !strcmp(disable_ib_str, "true")) {
1945 disable_in_band = true;
1948 /* Set OpenFlow queue ID for in-band control. */
1949 queue_id_str = bridge_get_other_config(br->cfg, "in-band-queue");
1950 queue_id = queue_id_str ? strtol(queue_id_str, NULL, 10) : -1;
1951 ofproto_set_in_band_queue(br->ofproto, queue_id);
1953 if (disable_in_band) {
1954 ofproto_set_extra_in_band_remotes(br->ofproto, NULL, 0);
1956 ofproto_set_extra_in_band_remotes(br->ofproto, managers, n_managers);
1958 had_primary = ofproto_has_primary_controller(br->ofproto);
1960 n_controllers = bridge_get_controllers(br, &controllers);
1962 ocs = xmalloc((n_controllers + 1) * sizeof *ocs);
1965 bridge_ofproto_controller_for_mgmt(br, &ocs[n_ocs++]);
1966 for (i = 0; i < n_controllers; i++) {
1967 struct ovsrec_controller *c = controllers[i];
1969 if (!strncmp(c->target, "punix:", 6)
1970 || !strncmp(c->target, "unix:", 5)) {
1971 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1973 /* Prevent remote ovsdb-server users from accessing arbitrary Unix
1974 * domain sockets and overwriting arbitrary local files. */
1975 VLOG_ERR_RL(&rl, "%s: not adding Unix domain socket controller "
1976 "\"%s\" due to possibility for remote exploit",
1977 dpif_name(br->dpif), c->target);
1981 bridge_configure_local_iface_netdev(br, c);
1982 bridge_ofproto_controller_from_ovsrec(c, &ocs[n_ocs]);
1983 if (disable_in_band) {
1984 ocs[n_ocs].band = OFPROTO_OUT_OF_BAND;
1989 ofproto_set_controllers(br->ofproto, ocs, n_ocs);
1990 free(ocs[0].target); /* From bridge_ofproto_controller_for_mgmt(). */
1993 if (had_primary != ofproto_has_primary_controller(br->ofproto)) {
1994 ofproto_flush_flows(br->ofproto);
1997 /* If there are no controllers and the bridge is in standalone
1998 * mode, set up a flow that matches every packet and directs
1999 * them to OFPP_NORMAL (which goes to us). Otherwise, the
2000 * switch is in secure mode and we won't pass any traffic until
2001 * a controller has been defined and it tells us to do so. */
2003 && ofproto_get_fail_mode(br->ofproto) == OFPROTO_FAIL_STANDALONE) {
2004 union ofp_action action;
2005 struct cls_rule rule;
2007 memset(&action, 0, sizeof action);
2008 action.type = htons(OFPAT_OUTPUT);
2009 action.output.len = htons(sizeof action);
2010 action.output.port = htons(OFPP_NORMAL);
2011 cls_rule_init_catchall(&rule, 0);
2012 ofproto_add_flow(br->ofproto, &rule, &action, 1);
2017 bridge_get_all_ifaces(const struct bridge *br, struct shash *ifaces)
2022 HMAP_FOR_EACH (port, hmap_node, &br->ports) {
2023 struct iface *iface;
2025 LIST_FOR_EACH (iface, port_elem, &port->ifaces) {
2026 shash_add_once(ifaces, iface->name, iface);
2028 if (port->n_ifaces > 1 && port->cfg->bond_fake_iface) {
2029 shash_add_once(ifaces, port->name, NULL);
2034 /* For robustness, in case the administrator moves around datapath ports behind
2035 * our back, we re-check all the datapath port numbers here.
2037 * This function will set the 'dp_ifidx' members of interfaces that have
2038 * disappeared to -1, so only call this function from a context where those
2039 * 'struct iface's will be removed from the bridge. Otherwise, the -1
2040 * 'dp_ifidx'es will cause trouble later when we try to send them to the
2041 * datapath, which doesn't support UINT16_MAX+1 ports. */
2043 bridge_fetch_dp_ifaces(struct bridge *br)
2045 struct dpif_port_dump dump;
2046 struct dpif_port dpif_port;
2049 /* Reset all interface numbers. */
2050 HMAP_FOR_EACH (port, hmap_node, &br->ports) {
2051 struct iface *iface;
2053 LIST_FOR_EACH (iface, port_elem, &port->ifaces) {
2054 iface->dp_ifidx = -1;
2057 hmap_clear(&br->ifaces);
2059 DPIF_PORT_FOR_EACH (&dpif_port, &dump, br->dpif) {
2060 struct iface *iface = iface_lookup(br, dpif_port.name);
2062 if (iface->dp_ifidx >= 0) {
2063 VLOG_WARN("%s reported interface %s twice",
2064 dpif_name(br->dpif), dpif_port.name);
2065 } else if (iface_from_dp_ifidx(br, dpif_port.port_no)) {
2066 VLOG_WARN("%s reported interface %"PRIu16" twice",
2067 dpif_name(br->dpif), dpif_port.port_no);
2069 iface->dp_ifidx = dpif_port.port_no;
2070 hmap_insert(&br->ifaces, &iface->dp_ifidx_node,
2071 hash_int(iface->dp_ifidx, 0));
2074 iface_set_ofport(iface->cfg,
2075 (iface->dp_ifidx >= 0
2076 ? odp_port_to_ofp_port(iface->dp_ifidx)
2082 /* Bridge packet processing functions. */
2085 set_dst(struct dst *dst, const struct flow *flow,
2086 const struct port *in_port, const struct port *out_port,
2089 struct iface *iface;
2092 vlan = (out_port->vlan >= 0 ? OFP_VLAN_NONE
2093 : in_port->vlan >= 0 ? in_port->vlan
2094 : flow->vlan_tci == 0 ? OFP_VLAN_NONE
2095 : vlan_tci_to_vid(flow->vlan_tci));
2097 iface = (!out_port->bond
2098 ? port_get_an_iface(out_port)
2099 : bond_choose_output_slave(out_port->bond, flow, vlan, tags));
2102 dst->dp_ifidx = iface->dp_ifidx;
2110 swap_dst(struct dst *p, struct dst *q)
2112 struct dst tmp = *p;
2117 /* Moves all the dsts with vlan == 'vlan' to the front of the 'n_dsts' in
2118 * 'dsts'. (This may help performance by reducing the number of VLAN changes
2119 * that we push to the datapath. We could in fact fully sort the array by
2120 * vlan, but in most cases there are at most two different vlan tags so that's
2121 * possibly overkill.) */
2123 partition_dsts(struct dst_set *set, int vlan)
2125 struct dst *first = set->dsts;
2126 struct dst *last = set->dsts + set->n;
2128 while (first != last) {
2130 * - All dsts < first have vlan == 'vlan'.
2131 * - All dsts >= last have vlan != 'vlan'.
2132 * - first < last. */
2133 while (first->vlan == vlan) {
2134 if (++first == last) {
2139 /* Same invariants, plus one additional:
2140 * - first->vlan != vlan.
2142 while (last[-1].vlan != vlan) {
2143 if (--last == first) {
2148 /* Same invariants, plus one additional:
2149 * - last[-1].vlan == vlan.*/
2150 swap_dst(first++, --last);
2155 mirror_mask_ffs(mirror_mask_t mask)
2157 BUILD_ASSERT_DECL(sizeof(unsigned int) >= sizeof(mask));
2162 dst_set_init(struct dst_set *set)
2164 set->dsts = set->builtin;
2166 set->allocated = ARRAY_SIZE(set->builtin);
2170 dst_set_add(struct dst_set *set, const struct dst *dst)
2172 if (set->n >= set->allocated) {
2173 size_t new_allocated;
2174 struct dst *new_dsts;
2176 new_allocated = set->allocated * 2;
2177 new_dsts = xmalloc(new_allocated * sizeof *new_dsts);
2178 memcpy(new_dsts, set->dsts, set->n * sizeof *new_dsts);
2182 set->dsts = new_dsts;
2183 set->allocated = new_allocated;
2185 set->dsts[set->n++] = *dst;
2189 dst_set_free(struct dst_set *set)
2191 if (set->dsts != set->builtin) {
2197 dst_is_duplicate(const struct dst_set *set, const struct dst *test)
2200 for (i = 0; i < set->n; i++) {
2201 if (set->dsts[i].vlan == test->vlan
2202 && set->dsts[i].dp_ifidx == test->dp_ifidx) {
2210 port_trunks_vlan(const struct port *port, uint16_t vlan)
2212 return (port->vlan < 0
2213 && (!port->trunks || bitmap_is_set(port->trunks, vlan)));
2217 port_includes_vlan(const struct port *port, uint16_t vlan)
2219 return vlan == port->vlan || port_trunks_vlan(port, vlan);
2223 port_is_floodable(const struct port *port)
2225 struct iface *iface;
2227 LIST_FOR_EACH (iface, port_elem, &port->ifaces) {
2228 if (!ofproto_port_is_floodable(port->bridge->ofproto,
2236 /* Returns an arbitrary interface within 'port'. */
2237 static struct iface *
2238 port_get_an_iface(const struct port *port)
2240 return CONTAINER_OF(list_front(&port->ifaces), struct iface, port_elem);
2244 compose_dsts(const struct bridge *br, const struct flow *flow, uint16_t vlan,
2245 const struct port *in_port, const struct port *out_port,
2246 struct dst_set *set, tag_type *tags, uint16_t *nf_output_iface)
2248 mirror_mask_t mirrors = in_port->src_mirrors;
2252 flow_vlan = vlan_tci_to_vid(flow->vlan_tci);
2253 if (flow_vlan == 0) {
2254 flow_vlan = OFP_VLAN_NONE;
2257 if (out_port == FLOOD_PORT) {
2260 HMAP_FOR_EACH (port, hmap_node, &br->ports) {
2262 && port_is_floodable(port)
2263 && port_includes_vlan(port, vlan)
2264 && !port->is_mirror_output_port
2265 && set_dst(&dst, flow, in_port, port, tags)) {
2266 mirrors |= port->dst_mirrors;
2267 dst_set_add(set, &dst);
2270 *nf_output_iface = NF_OUT_FLOOD;
2271 } else if (out_port && set_dst(&dst, flow, in_port, out_port, tags)) {
2272 dst_set_add(set, &dst);
2273 *nf_output_iface = dst.dp_ifidx;
2274 mirrors |= out_port->dst_mirrors;
2278 struct mirror *m = br->mirrors[mirror_mask_ffs(mirrors) - 1];
2279 if (!m->n_vlans || vlan_is_mirrored(m, vlan)) {
2281 if (set_dst(&dst, flow, in_port, m->out_port, tags)
2282 && !dst_is_duplicate(set, &dst)) {
2283 dst_set_add(set, &dst);
2288 HMAP_FOR_EACH (port, hmap_node, &br->ports) {
2289 if (port_includes_vlan(port, m->out_vlan)
2290 && set_dst(&dst, flow, in_port, port, tags))
2292 if (port->vlan < 0) {
2293 dst.vlan = m->out_vlan;
2295 if (dst_is_duplicate(set, &dst)) {
2299 /* Use the vlan tag on the original flow instead of
2300 * the one passed in the vlan parameter. This ensures
2301 * that we compare the vlan from before any implicit
2302 * tagging tags place. This is necessary because
2303 * dst->vlan is the final vlan, after removing implicit
2305 if (port == in_port && dst.vlan == flow_vlan) {
2306 /* Don't send out input port on same VLAN. */
2309 dst_set_add(set, &dst);
2314 mirrors &= mirrors - 1;
2317 partition_dsts(set, flow_vlan);
2320 static void OVS_UNUSED
2321 print_dsts(const struct dst_set *set)
2325 for (i = 0; i < set->n; i++) {
2326 const struct dst *dst = &set->dsts[i];
2328 printf(">p%"PRIu16, dst->dp_ifidx);
2329 if (dst->vlan != OFP_VLAN_NONE) {
2330 printf("v%"PRIu16, dst->vlan);
2336 compose_actions(struct bridge *br, const struct flow *flow, uint16_t vlan,
2337 const struct port *in_port, const struct port *out_port,
2338 tag_type *tags, struct ofpbuf *actions,
2339 uint16_t *nf_output_iface)
2346 compose_dsts(br, flow, vlan, in_port, out_port, &set, tags,
2349 cur_vlan = vlan_tci_to_vid(flow->vlan_tci);
2350 if (cur_vlan == 0) {
2351 cur_vlan = OFP_VLAN_NONE;
2353 for (i = 0; i < set.n; i++) {
2354 const struct dst *dst = &set.dsts[i];
2355 if (dst->vlan != cur_vlan) {
2356 if (dst->vlan == OFP_VLAN_NONE) {
2357 nl_msg_put_flag(actions, ODP_ACTION_ATTR_STRIP_VLAN);
2360 tci = htons(dst->vlan & VLAN_VID_MASK);
2361 tci |= flow->vlan_tci & htons(VLAN_PCP_MASK);
2362 nl_msg_put_be16(actions, ODP_ACTION_ATTR_SET_DL_TCI, tci);
2364 cur_vlan = dst->vlan;
2366 nl_msg_put_u32(actions, ODP_ACTION_ATTR_OUTPUT, dst->dp_ifidx);
2371 /* Returns the effective vlan of a packet, taking into account both the
2372 * 802.1Q header and implicitly tagged ports. A value of 0 indicates that
2373 * the packet is untagged and -1 indicates it has an invalid header and
2374 * should be dropped. */
2375 static int flow_get_vlan(struct bridge *br, const struct flow *flow,
2376 struct port *in_port, bool have_packet)
2378 int vlan = vlan_tci_to_vid(flow->vlan_tci);
2379 if (in_port->vlan >= 0) {
2382 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2383 VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %d tagged "
2384 "packet received on port %s configured with "
2385 "implicit VLAN %"PRIu16,
2386 br->name, vlan, in_port->name, in_port->vlan);
2390 vlan = in_port->vlan;
2392 if (!port_includes_vlan(in_port, vlan)) {
2394 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2395 VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %d tagged "
2396 "packet received on port %s not configured for "
2398 br->name, vlan, in_port->name, vlan);
2407 /* A VM broadcasts a gratuitous ARP to indicate that it has resumed after
2408 * migration. Older Citrix-patched Linux DomU used gratuitous ARP replies to
2409 * indicate this; newer upstream kernels use gratuitous ARP requests. */
2411 is_gratuitous_arp(const struct flow *flow)
2413 return (flow->dl_type == htons(ETH_TYPE_ARP)
2414 && eth_addr_is_broadcast(flow->dl_dst)
2415 && (flow->nw_proto == ARP_OP_REPLY
2416 || (flow->nw_proto == ARP_OP_REQUEST
2417 && flow->nw_src == flow->nw_dst)));
2421 update_learning_table(struct bridge *br, const struct flow *flow, int vlan,
2422 struct port *in_port)
2424 struct mac_entry *mac;
2426 if (!mac_learning_may_learn(br->ml, flow->dl_src, vlan)) {
2430 mac = mac_learning_insert(br->ml, flow->dl_src, vlan);
2431 if (is_gratuitous_arp(flow)) {
2432 /* We don't want to learn from gratuitous ARP packets that are
2433 * reflected back over bond slaves so we lock the learning table. */
2434 if (in_port->n_ifaces == 1) {
2435 mac_entry_set_grat_arp_lock(mac);
2436 } else if (mac_entry_is_grat_arp_locked(mac)) {
2441 if (mac_entry_is_new(mac) || mac->port.p != in_port) {
2442 /* The log messages here could actually be useful in debugging,
2443 * so keep the rate limit relatively high. */
2444 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, 300);
2445 VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is "
2446 "on port %s in VLAN %d",
2447 br->name, ETH_ADDR_ARGS(flow->dl_src),
2448 in_port->name, vlan);
2450 mac->port.p = in_port;
2451 ofproto_revalidate(br->ofproto, mac_learning_changed(br->ml, mac));
2455 /* Determines whether packets in 'flow' within 'br' should be forwarded or
2456 * dropped. Returns true if they may be forwarded, false if they should be
2459 * If 'have_packet' is true, it indicates that the caller is processing a
2460 * received packet. If 'have_packet' is false, then the caller is just
2461 * revalidating an existing flow because configuration has changed. Either
2462 * way, 'have_packet' only affects logging (there is no point in logging errors
2463 * during revalidation).
2465 * Sets '*in_portp' to the input port. This will be a null pointer if
2466 * flow->in_port does not designate a known input port (in which case
2467 * is_admissible() returns false).
2469 * When returning true, sets '*vlanp' to the effective VLAN of the input
2470 * packet, as returned by flow_get_vlan().
2472 * May also add tags to '*tags', although the current implementation only does
2473 * so in one special case.
2476 is_admissible(struct bridge *br, const struct flow *flow, bool have_packet,
2477 tag_type *tags, int *vlanp, struct port **in_portp)
2479 struct iface *in_iface;
2480 struct port *in_port;
2483 /* Find the interface and port structure for the received packet. */
2484 in_iface = iface_from_dp_ifidx(br, flow->in_port);
2486 /* No interface? Something fishy... */
2488 /* Odd. A few possible reasons here:
2490 * - We deleted an interface but there are still a few packets
2491 * queued up from it.
2493 * - Someone externally added an interface (e.g. with "ovs-dpctl
2494 * add-if") that we don't know about.
2496 * - Packet arrived on the local port but the local port is not
2497 * one of our bridge ports.
2499 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2501 VLOG_WARN_RL(&rl, "bridge %s: received packet on unknown "
2502 "interface %"PRIu16, br->name, flow->in_port);
2508 *in_portp = in_port = in_iface->port;
2509 *vlanp = vlan = flow_get_vlan(br, flow, in_port, have_packet);
2514 /* Drop frames for reserved multicast addresses. */
2515 if (eth_addr_is_reserved(flow->dl_dst)) {
2519 /* Drop frames on ports reserved for mirroring. */
2520 if (in_port->is_mirror_output_port) {
2522 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2523 VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port "
2524 "%s, which is reserved exclusively for mirroring",
2525 br->name, in_port->name);
2530 if (in_port->bond) {
2531 struct mac_entry *mac;
2533 switch (bond_check_admissibility(in_port->bond, in_iface,
2534 flow->dl_dst, tags)) {
2541 case BV_DROP_IF_MOVED:
2542 mac = mac_learning_lookup(br->ml, flow->dl_src, vlan, NULL);
2543 if (mac && mac->port.p != in_port &&
2544 (!is_gratuitous_arp(flow)
2545 || mac_entry_is_grat_arp_locked(mac))) {
2555 /* If the composed actions may be applied to any packet in the given 'flow',
2556 * returns true. Otherwise, the actions should only be applied to 'packet', or
2557 * not at all, if 'packet' was NULL. */
2559 process_flow(struct bridge *br, const struct flow *flow,
2560 const struct ofpbuf *packet, struct ofpbuf *actions,
2561 tag_type *tags, uint16_t *nf_output_iface)
2563 struct port *in_port;
2564 struct port *out_port;
2565 struct mac_entry *mac;
2568 /* Check whether we should drop packets in this flow. */
2569 if (!is_admissible(br, flow, packet != NULL, tags, &vlan, &in_port)) {
2574 /* Learn source MAC (but don't try to learn from revalidation). */
2576 update_learning_table(br, flow, vlan, in_port);
2579 /* Determine output port. */
2580 mac = mac_learning_lookup(br->ml, flow->dl_dst, vlan, tags);
2582 out_port = mac->port.p;
2583 } else if (!packet && !eth_addr_is_multicast(flow->dl_dst)) {
2584 /* If we are revalidating but don't have a learning entry then
2585 * eject the flow. Installing a flow that floods packets opens
2586 * up a window of time where we could learn from a packet reflected
2587 * on a bond and blackhole packets before the learning table is
2588 * updated to reflect the correct port. */
2591 out_port = FLOOD_PORT;
2594 /* Don't send packets out their input ports. */
2595 if (in_port == out_port) {
2601 compose_actions(br, flow, vlan, in_port, out_port, tags, actions,
2609 bridge_normal_ofhook_cb(const struct flow *flow, const struct ofpbuf *packet,
2610 struct ofpbuf *actions, tag_type *tags,
2611 uint16_t *nf_output_iface, void *br_)
2613 struct bridge *br = br_;
2615 COVERAGE_INC(bridge_process_flow);
2616 return process_flow(br, flow, packet, actions, tags, nf_output_iface);
2620 bridge_special_ofhook_cb(const struct flow *flow,
2621 const struct ofpbuf *packet, void *br_)
2623 struct iface *iface;
2624 struct bridge *br = br_;
2626 iface = iface_from_dp_ifidx(br, flow->in_port);
2628 if (flow->dl_type == htons(ETH_TYPE_LACP)) {
2629 if (iface && iface->port->bond && packet) {
2630 bond_process_lacp(iface->port->bond, iface, packet);
2639 bridge_account_flow_ofhook_cb(const struct flow *flow, tag_type tags,
2640 const struct nlattr *actions,
2642 uint64_t n_bytes, void *br_)
2644 struct bridge *br = br_;
2645 const struct nlattr *a;
2646 struct port *in_port;
2651 /* Feed information from the active flows back into the learning table to
2652 * ensure that table is always in sync with what is actually flowing
2653 * through the datapath.
2655 * We test that 'tags' is nonzero to ensure that only flows that include an
2656 * OFPP_NORMAL action are used for learning. This works because
2657 * bridge_normal_ofhook_cb() always sets a nonzero tag value. */
2658 if (tags && is_admissible(br, flow, false, &dummy, &vlan, &in_port)) {
2659 update_learning_table(br, flow, vlan, in_port);
2662 /* Account for bond slave utilization. */
2663 if (!br->has_bonded_ports) {
2666 NL_ATTR_FOR_EACH_UNSAFE (a, left, actions, actions_len) {
2667 if (nl_attr_type(a) == ODP_ACTION_ATTR_OUTPUT) {
2668 struct port *out_port = port_from_dp_ifidx(br, nl_attr_get_u32(a));
2669 if (out_port && out_port->bond) {
2670 uint16_t vlan = (flow->vlan_tci
2671 ? vlan_tci_to_vid(flow->vlan_tci)
2673 bond_account(out_port->bond, flow, vlan, n_bytes);
2680 bridge_account_checkpoint_ofhook_cb(void *br_)
2682 struct bridge *br = br_;
2685 HMAP_FOR_EACH (port, hmap_node, &br->ports) {
2687 bond_rebalance(port->bond,
2688 ofproto_get_revalidate_set(br->ofproto));
2693 static struct ofhooks bridge_ofhooks = {
2694 bridge_normal_ofhook_cb,
2695 bridge_special_ofhook_cb,
2696 bridge_account_flow_ofhook_cb,
2697 bridge_account_checkpoint_ofhook_cb,
2700 /* Port functions. */
2703 port_run(struct port *port)
2706 bond_run(port->bond,
2707 ofproto_get_revalidate_set(port->bridge->ofproto));
2708 if (bond_should_send_learning_packets(port->bond)) {
2709 port_send_learning_packets(port);
2715 port_wait(struct port *port)
2718 bond_wait(port->bond);
2722 static struct port *
2723 port_create(struct bridge *br, const char *name)
2727 port = xzalloc(sizeof *port);
2730 port->trunks = NULL;
2731 port->name = xstrdup(name);
2732 list_init(&port->ifaces);
2734 hmap_insert(&br->ports, &port->hmap_node, hash_string(port->name, 0));
2736 VLOG_INFO("created port %s on bridge %s", port->name, br->name);
2743 get_port_other_config(const struct ovsrec_port *port, const char *key,
2744 const char *default_value)
2748 value = get_ovsrec_key_value(&port->header_, &ovsrec_port_col_other_config,
2750 return value ? value : default_value;
2754 get_interface_other_config(const struct ovsrec_interface *iface,
2755 const char *key, const char *default_value)
2759 value = get_ovsrec_key_value(&iface->header_,
2760 &ovsrec_interface_col_other_config, key);
2761 return value ? value : default_value;
2765 port_del_ifaces(struct port *port, const struct ovsrec_port *cfg)
2767 struct iface *iface, *next;
2768 struct sset new_ifaces;
2771 /* Collect list of new interfaces. */
2772 sset_init(&new_ifaces);
2773 for (i = 0; i < cfg->n_interfaces; i++) {
2774 const char *name = cfg->interfaces[i]->name;
2775 sset_add(&new_ifaces, name);
2778 /* Get rid of deleted interfaces. */
2779 LIST_FOR_EACH_SAFE (iface, next, port_elem, &port->ifaces) {
2780 if (!sset_contains(&new_ifaces, iface->name)) {
2781 iface_destroy(iface);
2785 sset_destroy(&new_ifaces);
2788 /* Expires all MAC learning entries associated with 'port' and forces ofproto
2789 * to revalidate every flow. */
2791 port_flush_macs(struct port *port)
2793 struct bridge *br = port->bridge;
2794 struct mac_learning *ml = br->ml;
2795 struct mac_entry *mac, *next_mac;
2798 LIST_FOR_EACH_SAFE (mac, next_mac, lru_node, &ml->lrus) {
2799 if (mac->port.p == port) {
2800 mac_learning_expire(ml, mac);
2806 port_reconfigure(struct port *port, const struct ovsrec_port *cfg)
2808 struct sset new_ifaces;
2809 bool need_flush = false;
2810 unsigned long *trunks;
2817 /* Add new interfaces and update 'cfg' member of existing ones. */
2818 sset_init(&new_ifaces);
2819 for (i = 0; i < cfg->n_interfaces; i++) {
2820 const struct ovsrec_interface *if_cfg = cfg->interfaces[i];
2821 struct iface *iface;
2823 if (!sset_add(&new_ifaces, if_cfg->name)) {
2824 VLOG_WARN("port %s: %s specified twice as port interface",
2825 port->name, if_cfg->name);
2826 iface_set_ofport(if_cfg, -1);
2830 iface = iface_lookup(port->bridge, if_cfg->name);
2832 if (iface->port != port) {
2833 VLOG_ERR("bridge %s: %s interface is on multiple ports, "
2835 port->bridge->name, if_cfg->name, iface->port->name);
2838 iface->cfg = if_cfg;
2840 iface = iface_create(port, if_cfg);
2843 /* Determine interface type. The local port always has type
2844 * "internal". Other ports take their type from the database and
2845 * default to "system" if none is specified. */
2846 iface->type = (!strcmp(if_cfg->name, port->bridge->name) ? "internal"
2847 : if_cfg->type[0] ? if_cfg->type
2850 sset_destroy(&new_ifaces);
2855 if (port->n_ifaces < 2) {
2857 if (vlan >= 0 && vlan <= 4095) {
2858 VLOG_DBG("port %s: assigning VLAN tag %d", port->name, vlan);
2863 /* It's possible that bonded, VLAN-tagged ports make sense. Maybe
2864 * they even work as-is. But they have not been tested. */
2865 VLOG_WARN("port %s: VLAN tags not supported on bonded ports",
2869 if (port->vlan != vlan) {
2874 /* Get trunked VLANs. */
2876 if (vlan < 0 && cfg->n_trunks) {
2879 trunks = bitmap_allocate(4096);
2881 for (i = 0; i < cfg->n_trunks; i++) {
2882 int trunk = cfg->trunks[i];
2884 bitmap_set1(trunks, trunk);
2890 VLOG_ERR("port %s: invalid values for %zu trunk VLANs",
2891 port->name, cfg->n_trunks);
2893 if (n_errors == cfg->n_trunks) {
2894 VLOG_ERR("port %s: no valid trunks, trunking all VLANs",
2896 bitmap_free(trunks);
2899 } else if (vlan >= 0 && cfg->n_trunks) {
2900 VLOG_ERR("port %s: ignoring trunks in favor of implicit vlan",
2904 ? port->trunks != NULL
2905 : port->trunks == NULL || !bitmap_equal(trunks, port->trunks, 4096)) {
2908 bitmap_free(port->trunks);
2909 port->trunks = trunks;
2912 port_flush_macs(port);
2917 port_destroy(struct port *port)
2920 struct bridge *br = port->bridge;
2921 struct iface *iface, *next;
2924 for (i = 0; i < MAX_MIRRORS; i++) {
2925 struct mirror *m = br->mirrors[i];
2926 if (m && m->out_port == port) {
2931 LIST_FOR_EACH_SAFE (iface, next, port_elem, &port->ifaces) {
2932 iface_destroy(iface);
2935 hmap_remove(&br->ports, &port->hmap_node);
2937 VLOG_INFO("destroyed port %s on bridge %s", port->name, br->name);
2939 port_flush_macs(port);
2941 bitmap_free(port->trunks);
2947 static struct port *
2948 port_from_dp_ifidx(const struct bridge *br, uint16_t dp_ifidx)
2950 struct iface *iface = iface_from_dp_ifidx(br, dp_ifidx);
2951 return iface ? iface->port : NULL;
2954 static struct port *
2955 port_lookup(const struct bridge *br, const char *name)
2959 HMAP_FOR_EACH_WITH_HASH (port, hmap_node, hash_string(name, 0),
2961 if (!strcmp(port->name, name)) {
2969 enable_lacp(struct port *port, bool *activep)
2971 if (!port->cfg->lacp) {
2972 /* XXX when LACP implementation has been sufficiently tested, enable by
2973 * default and make active on bonded ports. */
2975 } else if (!strcmp(port->cfg->lacp, "off")) {
2977 } else if (!strcmp(port->cfg->lacp, "active")) {
2980 } else if (!strcmp(port->cfg->lacp, "passive")) {
2984 VLOG_WARN("port %s: unknown LACP mode %s",
2985 port->name, port->cfg->lacp);
2990 static struct lacp_settings *
2991 port_reconfigure_bond_lacp(struct port *port, struct lacp_settings *s)
2993 if (!enable_lacp(port, &s->active)) {
2997 s->name = port->name;
2998 memcpy(s->id, port->bridge->ea, ETH_ADDR_LEN);
2999 s->priority = atoi(get_port_other_config(port->cfg, "lacp-system-priority",
3001 s->fast = !strcmp(get_port_other_config(port->cfg, "lacp-time", "slow"),
3004 if (s->priority <= 0 || s->priority > UINT16_MAX) {
3005 /* Prefer bondable links if unspecified. */
3006 s->priority = UINT16_MAX - (port->n_ifaces > 1);
3012 iface_reconfigure_bond(struct iface *iface)
3014 struct lacp_slave_settings s;
3017 s.name = iface->name;
3018 s.id = iface->dp_ifidx;
3019 priority = atoi(get_interface_other_config(
3020 iface->cfg, "lacp-port-priority", "0"));
3021 s.priority = (priority >= 0 && priority <= UINT16_MAX
3022 ? priority : UINT16_MAX);
3023 bond_slave_register(iface->port->bond, iface, iface->netdev, &s);
3027 port_reconfigure_bond(struct port *port)
3029 struct lacp_settings lacp_settings;
3030 struct bond_settings s;
3031 const char *detect_s;
3032 struct iface *iface;
3034 if (port->n_ifaces < 2) {
3035 /* Not a bonded port. */
3036 bond_destroy(port->bond);
3041 port->bridge->has_bonded_ports = true;
3043 s.name = port->name;
3045 if (port->cfg->bond_mode
3046 && !bond_mode_from_string(&s.balance, port->cfg->bond_mode)) {
3047 VLOG_WARN("port %s: unknown bond_mode %s, defaulting to %s",
3048 port->name, port->cfg->bond_mode,
3049 bond_mode_to_string(s.balance));
3052 s.detect = BLSM_CARRIER;
3053 detect_s = get_port_other_config(port->cfg, "bond-detect-mode", NULL);
3054 if (detect_s && !bond_detect_mode_from_string(&s.detect, detect_s)) {
3055 VLOG_WARN("port %s: unsupported bond-detect-mode %s, "
3057 port->name, detect_s, bond_detect_mode_to_string(s.detect));
3060 s.miimon_interval = atoi(
3061 get_port_other_config(port->cfg, "bond-miimon-interval", "200"));
3062 if (s.miimon_interval < 100) {
3063 s.miimon_interval = 100;
3066 s.up_delay = MAX(0, port->cfg->bond_updelay);
3067 s.down_delay = MAX(0, port->cfg->bond_downdelay);
3068 s.rebalance_interval = atoi(
3069 get_port_other_config(port->cfg, "bond-rebalance-interval", "10000"));
3070 if (s.rebalance_interval < 1000) {
3071 s.rebalance_interval = 1000;
3074 s.fake_iface = port->cfg->bond_fake_iface;
3075 s.lacp = port_reconfigure_bond_lacp(port, &lacp_settings);
3078 port->bond = bond_create(&s);
3080 bond_reconfigure(port->bond, &s);
3083 LIST_FOR_EACH (iface, port_elem, &port->ifaces) {
3084 iface_reconfigure_bond(iface);
3089 port_send_learning_packets(struct port *port)
3091 struct bridge *br = port->bridge;
3092 int error, n_packets, n_errors;
3093 struct mac_entry *e;
3095 error = n_packets = n_errors = 0;
3096 LIST_FOR_EACH (e, lru_node, &br->ml->lrus) {
3097 if (e->port.p != port) {
3098 int ret = bond_send_learning_packet(port->bond, e->mac, e->vlan);
3108 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
3109 VLOG_WARN_RL(&rl, "bond %s: %d errors sending %d gratuitous learning "
3110 "packets, last error was: %s",
3111 port->name, n_errors, n_packets, strerror(error));
3113 VLOG_DBG("bond %s: sent %d gratuitous learning packets",
3114 port->name, n_packets);
3118 /* Interface functions. */
3120 static struct iface *
3121 iface_create(struct port *port, const struct ovsrec_interface *if_cfg)
3123 struct bridge *br = port->bridge;
3124 struct iface *iface;
3125 char *name = if_cfg->name;
3127 iface = xzalloc(sizeof *iface);
3129 iface->name = xstrdup(name);
3130 iface->dp_ifidx = -1;
3131 iface->tag = tag_create_random();
3132 iface->netdev = NULL;
3133 iface->cfg = if_cfg;
3135 shash_add_assert(&br->iface_by_name, iface->name, iface);
3137 list_push_back(&port->ifaces, &iface->port_elem);
3140 VLOG_DBG("attached network device %s to port %s", iface->name, port->name);
3148 iface_destroy(struct iface *iface)
3151 struct port *port = iface->port;
3152 struct bridge *br = port->bridge;
3155 bond_slave_unregister(port->bond, iface);
3158 shash_find_and_delete_assert(&br->iface_by_name, iface->name);
3160 if (iface->dp_ifidx >= 0) {
3161 hmap_remove(&br->ifaces, &iface->dp_ifidx_node);
3164 list_remove(&iface->port_elem);
3167 netdev_close(iface->netdev);
3172 bridge_flush(port->bridge);
3176 static struct iface *
3177 iface_lookup(const struct bridge *br, const char *name)
3179 return shash_find_data(&br->iface_by_name, name);
3182 static struct iface *
3183 iface_find(const char *name)
3185 const struct bridge *br;
3187 LIST_FOR_EACH (br, node, &all_bridges) {
3188 struct iface *iface = iface_lookup(br, name);
3197 static struct iface *
3198 iface_from_dp_ifidx(const struct bridge *br, uint16_t dp_ifidx)
3200 struct iface *iface;
3202 HMAP_FOR_EACH_IN_BUCKET (iface, dp_ifidx_node,
3203 hash_int(dp_ifidx, 0), &br->ifaces) {
3204 if (iface->dp_ifidx == dp_ifidx) {
3211 /* Set Ethernet address of 'iface', if one is specified in the configuration
3214 iface_set_mac(struct iface *iface)
3216 uint8_t ea[ETH_ADDR_LEN];
3218 if (iface->cfg->mac && eth_addr_from_string(iface->cfg->mac, ea)) {
3219 if (eth_addr_is_multicast(ea)) {
3220 VLOG_ERR("interface %s: cannot set MAC to multicast address",
3222 } else if (iface->dp_ifidx == ODPP_LOCAL) {
3223 VLOG_ERR("ignoring iface.%s.mac; use bridge.%s.mac instead",
3224 iface->name, iface->name);
3226 int error = netdev_set_etheraddr(iface->netdev, ea);
3228 VLOG_ERR("interface %s: setting MAC failed (%s)",
3229 iface->name, strerror(error));
3235 /* Sets the ofport column of 'if_cfg' to 'ofport'. */
3237 iface_set_ofport(const struct ovsrec_interface *if_cfg, int64_t ofport)
3240 ovsrec_interface_set_ofport(if_cfg, &ofport, 1);
3244 /* Adds the 'n' key-value pairs in 'keys' in 'values' to 'shash'.
3246 * The value strings in '*shash' are taken directly from values[], not copied,
3247 * so the caller should not modify or free them. */
3249 shash_from_ovs_idl_map(char **keys, char **values, size_t n,
3250 struct shash *shash)
3255 for (i = 0; i < n; i++) {
3256 shash_add(shash, keys[i], values[i]);
3260 /* Creates 'keys' and 'values' arrays from 'shash'.
3262 * Sets 'keys' and 'values' to heap allocated arrays representing the key-value
3263 * pairs in 'shash'. The caller takes ownership of 'keys' and 'values'. They
3264 * are populated with with strings taken directly from 'shash' and thus have
3265 * the same ownership of the key-value pairs in shash.
3268 shash_to_ovs_idl_map(struct shash *shash,
3269 char ***keys, char ***values, size_t *n)
3273 struct shash_node *sn;
3275 count = shash_count(shash);
3277 k = xmalloc(count * sizeof *k);
3278 v = xmalloc(count * sizeof *v);
3281 SHASH_FOR_EACH(sn, shash) {
3292 struct iface_delete_queues_cbdata {
3293 struct netdev *netdev;
3294 const struct ovsdb_datum *queues;
3298 queue_ids_include(const struct ovsdb_datum *queues, int64_t target)
3300 union ovsdb_atom atom;
3302 atom.integer = target;
3303 return ovsdb_datum_find_key(queues, &atom, OVSDB_TYPE_INTEGER) != UINT_MAX;
3307 iface_delete_queues(unsigned int queue_id,
3308 const struct shash *details OVS_UNUSED, void *cbdata_)
3310 struct iface_delete_queues_cbdata *cbdata = cbdata_;
3312 if (!queue_ids_include(cbdata->queues, queue_id)) {
3313 netdev_delete_queue(cbdata->netdev, queue_id);
3318 iface_update_qos(struct iface *iface, const struct ovsrec_qos *qos)
3320 if (!qos || qos->type[0] == '\0') {
3321 netdev_set_qos(iface->netdev, NULL, NULL);
3323 struct iface_delete_queues_cbdata cbdata;
3324 struct shash details;
3327 /* Configure top-level Qos for 'iface'. */
3328 shash_from_ovs_idl_map(qos->key_other_config, qos->value_other_config,
3329 qos->n_other_config, &details);
3330 netdev_set_qos(iface->netdev, qos->type, &details);
3331 shash_destroy(&details);
3333 /* Deconfigure queues that were deleted. */
3334 cbdata.netdev = iface->netdev;
3335 cbdata.queues = ovsrec_qos_get_queues(qos, OVSDB_TYPE_INTEGER,
3337 netdev_dump_queues(iface->netdev, iface_delete_queues, &cbdata);
3339 /* Configure queues for 'iface'. */
3340 for (i = 0; i < qos->n_queues; i++) {
3341 const struct ovsrec_queue *queue = qos->value_queues[i];
3342 unsigned int queue_id = qos->key_queues[i];
3344 shash_from_ovs_idl_map(queue->key_other_config,
3345 queue->value_other_config,
3346 queue->n_other_config, &details);
3347 netdev_set_queue(iface->netdev, queue_id, &details);
3348 shash_destroy(&details);
3354 iface_update_cfm(struct iface *iface)
3358 uint16_t *remote_mps;
3359 struct ovsrec_monitor *mon;
3360 uint8_t maid[CCM_MAID_LEN];
3362 mon = iface->cfg->monitor;
3365 ofproto_iface_clear_cfm(iface->port->bridge->ofproto, iface->dp_ifidx);
3369 if (!cfm_generate_maid(mon->md_name, mon->ma_name, maid)) {
3370 VLOG_WARN("interface %s: Failed to generate MAID.", iface->name);
3374 cfm.mpid = mon->mpid;
3375 cfm.interval = mon->interval ? *mon->interval : 1000;
3377 memcpy(cfm.maid, maid, sizeof cfm.maid);
3379 remote_mps = xzalloc(mon->n_remote_mps * sizeof *remote_mps);
3380 for(i = 0; i < mon->n_remote_mps; i++) {
3381 remote_mps[i] = mon->remote_mps[i]->mpid;
3384 ofproto_iface_set_cfm(iface->port->bridge->ofproto, iface->dp_ifidx,
3385 &cfm, remote_mps, mon->n_remote_mps);
3389 /* Read carrier or miimon status directly from 'iface''s netdev, according to
3390 * how 'iface''s port is configured.
3392 * Returns true if 'iface' is up, false otherwise. */
3394 iface_get_carrier(const struct iface *iface)
3397 return netdev_get_carrier(iface->netdev);
3400 /* Port mirroring. */
3402 static struct mirror *
3403 mirror_find_by_uuid(struct bridge *br, const struct uuid *uuid)
3407 for (i = 0; i < MAX_MIRRORS; i++) {
3408 struct mirror *m = br->mirrors[i];
3409 if (m && uuid_equals(uuid, &m->uuid)) {
3417 mirror_reconfigure(struct bridge *br)
3419 unsigned long *rspan_vlans;
3423 /* Get rid of deleted mirrors. */
3424 for (i = 0; i < MAX_MIRRORS; i++) {
3425 struct mirror *m = br->mirrors[i];
3427 const struct ovsdb_datum *mc;
3428 union ovsdb_atom atom;
3430 mc = ovsrec_bridge_get_mirrors(br->cfg, OVSDB_TYPE_UUID);
3431 atom.uuid = br->mirrors[i]->uuid;
3432 if (ovsdb_datum_find_key(mc, &atom, OVSDB_TYPE_UUID) == UINT_MAX) {
3438 /* Add new mirrors and reconfigure existing ones. */
3439 for (i = 0; i < br->cfg->n_mirrors; i++) {
3440 struct ovsrec_mirror *cfg = br->cfg->mirrors[i];
3441 struct mirror *m = mirror_find_by_uuid(br, &cfg->header_.uuid);
3443 mirror_reconfigure_one(m, cfg);
3445 mirror_create(br, cfg);
3449 /* Update port reserved status. */
3450 HMAP_FOR_EACH (port, hmap_node, &br->ports) {
3451 port->is_mirror_output_port = false;
3453 for (i = 0; i < MAX_MIRRORS; i++) {
3454 struct mirror *m = br->mirrors[i];
3455 if (m && m->out_port) {
3456 m->out_port->is_mirror_output_port = true;
3460 /* Update flooded vlans (for RSPAN). */
3462 if (br->cfg->n_flood_vlans) {
3463 rspan_vlans = bitmap_allocate(4096);
3465 for (i = 0; i < br->cfg->n_flood_vlans; i++) {
3466 int64_t vlan = br->cfg->flood_vlans[i];
3467 if (vlan >= 0 && vlan < 4096) {
3468 bitmap_set1(rspan_vlans, vlan);
3469 VLOG_INFO("bridge %s: disabling learning on vlan %"PRId64,
3472 VLOG_ERR("bridge %s: invalid value %"PRId64 "for flood VLAN",
3477 if (mac_learning_set_flood_vlans(br->ml, rspan_vlans)) {
3479 mac_learning_flush(br->ml);
3484 mirror_create(struct bridge *br, struct ovsrec_mirror *cfg)
3489 for (i = 0; ; i++) {
3490 if (i >= MAX_MIRRORS) {
3491 VLOG_WARN("bridge %s: maximum of %d port mirrors reached, "
3492 "cannot create %s", br->name, MAX_MIRRORS, cfg->name);
3495 if (!br->mirrors[i]) {
3500 VLOG_INFO("created port mirror %s on bridge %s", cfg->name, br->name);
3502 mac_learning_flush(br->ml);
3504 br->mirrors[i] = m = xzalloc(sizeof *m);
3507 m->name = xstrdup(cfg->name);
3508 sset_init(&m->src_ports);
3509 sset_init(&m->dst_ports);
3515 mirror_reconfigure_one(m, cfg);
3519 mirror_destroy(struct mirror *m)
3522 struct bridge *br = m->bridge;
3525 HMAP_FOR_EACH (port, hmap_node, &br->ports) {
3526 port->src_mirrors &= ~(MIRROR_MASK_C(1) << m->idx);
3527 port->dst_mirrors &= ~(MIRROR_MASK_C(1) << m->idx);
3530 sset_destroy(&m->src_ports);
3531 sset_destroy(&m->dst_ports);
3534 m->bridge->mirrors[m->idx] = NULL;
3539 mac_learning_flush(br->ml);
3544 mirror_collect_ports(struct mirror *m, struct ovsrec_port **ports, int n_ports,
3549 for (i = 0; i < n_ports; i++) {
3550 const char *name = ports[i]->name;
3551 if (port_lookup(m->bridge, name)) {
3552 sset_add(names, name);
3554 VLOG_WARN("bridge %s: mirror %s cannot match on nonexistent "
3555 "port %s", m->bridge->name, m->name, name);
3561 mirror_collect_vlans(struct mirror *m, const struct ovsrec_mirror *cfg,
3567 *vlans = xmalloc(sizeof **vlans * cfg->n_select_vlan);
3569 for (i = 0; i < cfg->n_select_vlan; i++) {
3570 int64_t vlan = cfg->select_vlan[i];
3571 if (vlan < 0 || vlan > 4095) {
3572 VLOG_WARN("bridge %s: mirror %s selects invalid VLAN %"PRId64,
3573 m->bridge->name, m->name, vlan);
3575 (*vlans)[n_vlans++] = vlan;
3582 vlan_is_mirrored(const struct mirror *m, int vlan)
3586 for (i = 0; i < m->n_vlans; i++) {
3587 if (m->vlans[i] == vlan) {
3595 port_trunks_any_mirrored_vlan(const struct mirror *m, const struct port *p)
3599 for (i = 0; i < m->n_vlans; i++) {
3600 if (port_trunks_vlan(p, m->vlans[i])) {
3608 mirror_reconfigure_one(struct mirror *m, struct ovsrec_mirror *cfg)
3610 struct sset src_ports, dst_ports;
3611 mirror_mask_t mirror_bit;
3612 struct port *out_port;
3619 if (strcmp(cfg->name, m->name)) {
3621 m->name = xstrdup(cfg->name);
3624 /* Get output port. */
3625 if (cfg->output_port) {
3626 out_port = port_lookup(m->bridge, cfg->output_port->name);
3628 VLOG_ERR("bridge %s: mirror %s outputs to port not on bridge",
3629 m->bridge->name, m->name);
3635 if (cfg->output_vlan) {
3636 VLOG_ERR("bridge %s: mirror %s specifies both output port and "
3637 "output vlan; ignoring output vlan",
3638 m->bridge->name, m->name);
3640 } else if (cfg->output_vlan) {
3642 out_vlan = *cfg->output_vlan;
3644 VLOG_ERR("bridge %s: mirror %s does not specify output; ignoring",
3645 m->bridge->name, m->name);
3650 sset_init(&src_ports);
3651 sset_init(&dst_ports);
3652 if (cfg->select_all) {
3653 HMAP_FOR_EACH (port, hmap_node, &m->bridge->ports) {
3654 sset_add(&src_ports, port->name);
3655 sset_add(&dst_ports, port->name);
3660 /* Get ports, and drop duplicates and ports that don't exist. */
3661 mirror_collect_ports(m, cfg->select_src_port, cfg->n_select_src_port,
3663 mirror_collect_ports(m, cfg->select_dst_port, cfg->n_select_dst_port,
3666 /* Get all the vlans, and drop duplicate and invalid vlans. */
3667 n_vlans = mirror_collect_vlans(m, cfg, &vlans);
3670 /* Update mirror data. */
3671 if (!sset_equals(&m->src_ports, &src_ports)
3672 || !sset_equals(&m->dst_ports, &dst_ports)
3673 || m->n_vlans != n_vlans
3674 || memcmp(m->vlans, vlans, sizeof *vlans * n_vlans)
3675 || m->out_port != out_port
3676 || m->out_vlan != out_vlan) {
3677 bridge_flush(m->bridge);
3678 mac_learning_flush(m->bridge->ml);
3680 sset_swap(&m->src_ports, &src_ports);
3681 sset_swap(&m->dst_ports, &dst_ports);
3684 m->n_vlans = n_vlans;
3685 m->out_port = out_port;
3686 m->out_vlan = out_vlan;
3689 mirror_bit = MIRROR_MASK_C(1) << m->idx;
3690 HMAP_FOR_EACH (port, hmap_node, &m->bridge->ports) {
3691 if (sset_contains(&m->src_ports, port->name)
3694 ? port_trunks_any_mirrored_vlan(m, port)
3695 : vlan_is_mirrored(m, port->vlan)))) {
3696 port->src_mirrors |= mirror_bit;
3698 port->src_mirrors &= ~mirror_bit;
3701 if (sset_contains(&m->dst_ports, port->name)) {
3702 port->dst_mirrors |= mirror_bit;
3704 port->dst_mirrors &= ~mirror_bit;
3709 sset_destroy(&src_ports);
3710 sset_destroy(&dst_ports);
git://git.onelab.eu / sliver-openvswitch.git / blob