1 /* Copyright (c) 2008, 2009 Nicira Networks
3 * This program is free software: you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation, either version 3 of the License, or
6 * (at your option) any later version.
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program. If not, see <http://www.gnu.org/licenses/>.
16 * In addition, as a special exception, Nicira Networks gives permission
17 * to link the code of its release of vswitchd with the OpenSSL project's
18 * "OpenSSL" library (or with modified versions of it that use the same
19 * license as the "OpenSSL" library), and distribute the linked
20 * executables. You must obey the GNU General Public License in all
21 * respects for all of the code used other than "OpenSSL". If you modify
22 * this file, you may extend this exception to your version of the file,
23 * but you are not obligated to do so. If you do not wish to do so,
24 * delete this exception statement from your version.
32 #include <arpa/inet.h>
36 #include <openflow/openflow.h>
41 #include <sys/socket.h>
48 #include "dynamic-string.h"
52 #include "mac-learning.h"
55 #include "ofp-print.h"
57 #include "poll-loop.h"
58 #include "port-array.h"
59 #include "proc-net-compat.h"
61 #include "secchan/ofproto.h"
62 #include "socket-util.h"
68 #include "vconn-ssl.h"
69 #include "xenserver.h"
72 #define THIS_MODULE VLM_bridge
80 extern uint64_t mgmt_id;
83 struct port *port; /* Containing port. */
84 size_t port_ifidx; /* Index within containing port. */
86 char *name; /* Host network device name. */
87 int dp_ifidx; /* Index within kernel datapath. */
89 uint8_t mac[ETH_ADDR_LEN]; /* Ethernet address (all zeros if unknowns). */
91 tag_type tag; /* Tag associated with this interface. */
92 bool enabled; /* May be chosen for flows? */
93 long long delay_expires; /* Time after which 'enabled' may change. */
96 #define BOND_MASK 0xff
98 int iface_idx; /* Index of assigned iface, or -1 if none. */
99 uint64_t tx_bytes; /* Count of bytes recently transmitted. */
100 tag_type iface_tag; /* Tag associated with iface_idx. */
103 #define MAX_MIRRORS 32
104 typedef uint32_t mirror_mask_t;
105 #define MIRROR_MASK_C(X) UINT32_C(X)
106 BUILD_ASSERT_DECL(sizeof(mirror_mask_t) * CHAR_BIT >= MAX_MIRRORS);
108 struct bridge *bridge;
112 /* Selection criteria. */
113 struct svec src_ports;
114 struct svec dst_ports;
119 struct port *out_port;
123 #define FLOOD_PORT ((struct port *) 1) /* The 'flood' output port. */
125 struct bridge *bridge;
127 int vlan; /* -1=trunk port, else a 12-bit VLAN ID. */
128 unsigned long *trunks; /* Bitmap of trunked VLANs, if 'vlan' == -1. */
131 /* An ordinary bridge port has 1 interface.
132 * A bridge port for bonding has at least 2 interfaces. */
133 struct iface **ifaces;
134 size_t n_ifaces, allocated_ifaces;
137 struct bond_entry *bond_hash; /* An array of (BOND_MASK + 1) elements. */
138 int active_iface; /* Ifidx on which bcasts accepted, or -1. */
139 tag_type active_iface_tag; /* Tag for bcast flows. */
140 tag_type no_ifaces_tag; /* Tag for flows when all ifaces disabled. */
141 int updelay, downdelay; /* Delay before iface goes up/down, in ms. */
143 /* Port mirroring info. */
144 mirror_mask_t src_mirrors; /* Mirrors triggered when packet received. */
145 mirror_mask_t dst_mirrors; /* Mirrors triggered when packet sent. */
146 bool is_mirror_output_port; /* Does port mirroring send frames here? */
148 /* Spanning tree info. */
149 enum stp_state stp_state; /* Always STP_FORWARDING if STP not in use. */
150 tag_type stp_state_tag; /* Tag for STP state change. */
153 #define DP_MAX_PORTS 255
155 struct list node; /* Node in global list of bridges. */
156 char *name; /* User-specified arbitrary name. */
157 struct mac_learning *ml; /* MAC learning table, or null not to learn. */
158 bool sent_config_request; /* Successfully sent config request? */
159 uint8_t default_ea[ETH_ADDR_LEN]; /* Default MAC. */
161 /* Support for remote controllers. */
162 char *controller; /* NULL if there is no remote controller;
163 * "discover" to do controller discovery;
164 * otherwise a vconn name. */
166 /* OpenFlow switch processing. */
167 struct ofproto *ofproto; /* OpenFlow switch. */
169 /* Kernel datapath information. */
170 struct dpif dpif; /* Kernel datapath. */
171 struct port_array ifaces; /* Indexed by kernel datapath port number. */
175 size_t n_ports, allocated_ports;
178 bool has_bonded_ports;
179 long long int bond_next_rebalance;
184 /* Flow statistics gathering. */
185 time_t next_stats_request;
187 /* Port mirroring. */
188 struct mirror *mirrors[MAX_MIRRORS];
192 long long int stp_last_tick;
195 /* List of all bridges. */
196 static struct list all_bridges = LIST_INITIALIZER(&all_bridges);
198 /* Maximum number of datapaths. */
199 enum { DP_MAX = 256 };
201 static struct bridge *bridge_create(const char *name);
202 static void bridge_destroy(struct bridge *);
203 static struct bridge *bridge_lookup(const char *name);
204 static int bridge_run_one(struct bridge *);
205 static void bridge_reconfigure_one(struct bridge *);
206 static void bridge_reconfigure_controller(struct bridge *);
207 static void bridge_get_all_ifaces(const struct bridge *, struct svec *ifaces);
208 static void bridge_fetch_dp_ifaces(struct bridge *);
209 static void bridge_flush(struct bridge *);
210 static void bridge_pick_local_hw_addr(struct bridge *,
211 uint8_t ea[ETH_ADDR_LEN],
212 const char **devname);
213 static uint64_t bridge_pick_datapath_id(struct bridge *,
214 const uint8_t bridge_ea[ETH_ADDR_LEN],
215 const char *devname);
216 static uint64_t dpid_from_hash(const void *, size_t nbytes);
218 static void bond_run(struct bridge *);
219 static void bond_wait(struct bridge *);
220 static void bond_rebalance_port(struct port *);
222 static void port_create(struct bridge *, const char *name);
223 static void port_reconfigure(struct port *);
224 static void port_destroy(struct port *);
225 static struct port *port_lookup(const struct bridge *, const char *name);
226 static struct port *port_from_dp_ifidx(const struct bridge *,
228 static void port_update_bond_compat(struct port *);
229 static void port_update_vlan_compat(struct port *);
231 static void mirror_create(struct bridge *, const char *name);
232 static void mirror_destroy(struct mirror *);
233 static void mirror_reconfigure(struct bridge *);
234 static void mirror_reconfigure_one(struct mirror *);
235 static bool vlan_is_mirrored(const struct mirror *, int vlan);
237 static void brstp_reconfigure(struct bridge *);
238 static void brstp_adjust_timers(struct bridge *);
239 static void brstp_run(struct bridge *);
240 static void brstp_wait(struct bridge *);
242 static void iface_create(struct port *, const char *name);
243 static void iface_destroy(struct iface *);
244 static struct iface *iface_lookup(const struct bridge *, const char *name);
245 static struct iface *iface_from_dp_ifidx(const struct bridge *,
248 /* Hooks into ofproto processing. */
249 static struct ofhooks bridge_ofhooks;
251 /* Public functions. */
253 /* Adds the name of each interface used by a bridge, including local and
254 * internal ports, to 'svec'. */
256 bridge_get_ifaces(struct svec *svec)
258 struct bridge *br, *next;
261 LIST_FOR_EACH_SAFE (br, next, struct bridge, node, &all_bridges) {
262 for (i = 0; i < br->n_ports; i++) {
263 struct port *port = br->ports[i];
265 for (j = 0; j < port->n_ifaces; j++) {
266 struct iface *iface = port->ifaces[j];
267 if (iface->dp_ifidx < 0) {
268 VLOG_ERR("%s interface not in dp%u, ignoring",
269 iface->name, dpif_id(&br->dpif));
271 if (iface->dp_ifidx != ODPP_LOCAL) {
272 svec_add(svec, iface->name);
280 /* The caller must already have called cfg_read(). */
287 for (i = 0; i < DP_MAX; i++) {
291 sprintf(devname, "dp%d", i);
292 retval = dpif_open(devname, &dpif);
294 char dpif_name[IF_NAMESIZE];
295 if (dpif_get_name(&dpif, dpif_name, sizeof dpif_name)
296 || !cfg_has("bridge.%s.port", dpif_name)) {
300 } else if (retval != ENODEV) {
301 VLOG_ERR("failed to delete datapath dp%d: %s",
302 i, strerror(retval));
306 bridge_reconfigure();
311 config_string_change(const char *key, char **valuep)
313 const char *value = cfg_get_string(0, "%s", key);
314 if (value && (!*valuep || strcmp(value, *valuep))) {
316 *valuep = xstrdup(value);
324 bridge_configure_ssl(void)
326 /* XXX SSL should be configurable on a per-bridge basis.
327 * XXX should be possible to de-configure SSL. */
328 static char *private_key_file;
329 static char *certificate_file;
330 static char *cacert_file;
332 if (config_string_change("ssl.private-key", &private_key_file)) {
333 vconn_ssl_set_private_key_file(private_key_file);
336 if (config_string_change("ssl.certificate", &certificate_file)) {
337 vconn_ssl_set_certificate_file(certificate_file);
340 if (config_string_change("ssl.ca-cert", &cacert_file)) {
341 vconn_ssl_set_ca_cert_file(cacert_file,
342 cfg_get_bool(0, "ssl.bootstrap-ca-cert"));
348 bridge_reconfigure(void)
350 struct svec old_br, new_br, raw_new_br;
351 struct bridge *br, *next;
354 COVERAGE_INC(bridge_reconfigure);
356 /* Collect old bridges. */
358 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
359 svec_add(&old_br, br->name);
362 /* Collect new bridges. */
363 svec_init(&raw_new_br);
364 cfg_get_subsections(&raw_new_br, "bridge");
366 for (i = 0; i < raw_new_br.n; i++) {
367 const char *name = raw_new_br.names[i];
368 if ((!strncmp(name, "dp", 2) && isdigit(name[2])) ||
369 (!strncmp(name, "nl:", 3) && isdigit(name[3]))) {
370 VLOG_ERR("%s is not a valid bridge name (bridges may not be "
371 "named \"dp\" or \"nl:\" followed by a digit)", name);
373 svec_add(&new_br, name);
376 svec_destroy(&raw_new_br);
378 /* Get rid of deleted bridges and add new bridges. */
381 assert(svec_is_unique(&old_br));
382 assert(svec_is_unique(&new_br));
383 LIST_FOR_EACH_SAFE (br, next, struct bridge, node, &all_bridges) {
384 if (!svec_contains(&new_br, br->name)) {
388 for (i = 0; i < new_br.n; i++) {
389 const char *name = new_br.names[i];
390 if (!svec_contains(&old_br, name)) {
394 svec_destroy(&old_br);
395 svec_destroy(&new_br);
399 bridge_configure_ssl();
402 /* Reconfigure all bridges. */
403 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
404 bridge_reconfigure_one(br);
407 /* Add and delete ports on all datapaths.
409 * The kernel will reject any attempt to add a given port to a datapath if
410 * that port already belongs to a different datapath, so we must do all
411 * port deletions before any port additions. */
412 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
413 struct odp_port *dpif_ports;
415 struct svec want_ifaces;
417 dpif_port_list(&br->dpif, &dpif_ports, &n_dpif_ports);
418 bridge_get_all_ifaces(br, &want_ifaces);
419 for (i = 0; i < n_dpif_ports; i++) {
420 const struct odp_port *p = &dpif_ports[i];
421 if (!svec_contains(&want_ifaces, p->devname)
422 && strcmp(p->devname, br->name)) {
423 int retval = dpif_port_del(&br->dpif, p->port);
425 VLOG_ERR("failed to remove %s interface from dp%u: %s",
426 p->devname, dpif_id(&br->dpif), strerror(retval));
430 svec_destroy(&want_ifaces);
433 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
434 struct odp_port *dpif_ports;
436 struct svec cur_ifaces, want_ifaces, add_ifaces;
439 dpif_port_list(&br->dpif, &dpif_ports, &n_dpif_ports);
440 svec_init(&cur_ifaces);
441 for (i = 0; i < n_dpif_ports; i++) {
442 svec_add(&cur_ifaces, dpif_ports[i].devname);
445 svec_sort_unique(&cur_ifaces);
446 bridge_get_all_ifaces(br, &want_ifaces);
447 svec_diff(&want_ifaces, &cur_ifaces, &add_ifaces, NULL, NULL);
450 for (i = 0; i < add_ifaces.n; i++) {
451 const char *if_name = add_ifaces.names[i];
453 int internal = cfg_get_bool(0, "iface.%s.internal", if_name);
454 int error = dpif_port_add(&br->dpif, if_name, next_port_no++,
455 internal ? ODP_PORT_INTERNAL : 0);
456 if (error != EEXIST) {
457 if (next_port_no >= 256) {
458 VLOG_ERR("ran out of valid port numbers on dp%u",
463 VLOG_ERR("failed to add %s interface to dp%u: %s",
464 if_name, dpif_id(&br->dpif), strerror(error));
471 svec_destroy(&cur_ifaces);
472 svec_destroy(&want_ifaces);
473 svec_destroy(&add_ifaces);
475 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
478 struct iface *local_iface = NULL;
480 uint8_t engine_type = br->dpif.minor;
481 uint8_t engine_id = br->dpif.minor;
482 bool add_id_to_iface = false;
483 struct svec nf_hosts;
486 bridge_fetch_dp_ifaces(br);
487 for (i = 0; i < br->n_ports; ) {
488 struct port *port = br->ports[i];
490 for (j = 0; j < port->n_ifaces; ) {
491 struct iface *iface = port->ifaces[j];
492 if (iface->dp_ifidx < 0) {
493 VLOG_ERR("%s interface not in dp%u, dropping",
494 iface->name, dpif_id(&br->dpif));
495 iface_destroy(iface);
497 if (iface->dp_ifidx == ODPP_LOCAL) {
500 VLOG_DBG("dp%u has interface %s on port %d",
501 dpif_id(&br->dpif), iface->name, iface->dp_ifidx);
505 if (!port->n_ifaces) {
506 VLOG_ERR("%s port has no interfaces, dropping", port->name);
513 /* Pick local port hardware address, datapath ID. */
514 bridge_pick_local_hw_addr(br, ea, &devname);
516 int error = netdev_nodev_set_etheraddr(local_iface->name, ea);
518 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
519 VLOG_ERR_RL(&rl, "bridge %s: failed to set bridge "
520 "Ethernet address: %s",
521 br->name, strerror(error));
525 dpid = bridge_pick_datapath_id(br, ea, devname);
526 ofproto_set_datapath_id(br->ofproto, dpid);
528 /* Set NetFlow configuration on this bridge. */
529 if (cfg_has("netflow.%s.engine-type", br->name)) {
530 engine_type = cfg_get_int(0, "netflow.%s.engine-type",
533 if (cfg_has("netflow.%s.engine-id", br->name)) {
534 engine_id = cfg_get_int(0, "netflow.%s.engine-id", br->name);
536 if (cfg_has("netflow.%s.add-id-to-iface", br->name)) {
537 add_id_to_iface = cfg_get_bool(0, "netflow.%s.add-id-to-iface",
540 if (add_id_to_iface && engine_id > 0x7f) {
541 VLOG_WARN("bridge %s: netflow port mangling may conflict with "
542 "another vswitch, choose an engine id less than 128",
545 if (add_id_to_iface && br->n_ports > 0x1ff) {
546 VLOG_WARN("bridge %s: netflow port mangling will conflict with "
547 "another port when 512 or more ports are used",
550 svec_init(&nf_hosts);
551 cfg_get_all_keys(&nf_hosts, "netflow.%s.host", br->name);
552 if (ofproto_set_netflow(br->ofproto, &nf_hosts, engine_type,
553 engine_id, add_id_to_iface)) {
554 VLOG_ERR("bridge %s: problem setting netflow collectors",
558 /* Update the controller and related settings. It would be more
559 * straightforward to call this from bridge_reconfigure_one(), but we
560 * can't do it there for two reasons. First, and most importantly, at
561 * that point we don't know the dp_ifidx of any interfaces that have
562 * been added to the bridge (because we haven't actually added them to
563 * the datapath). Second, at that point we haven't set the datapath ID
564 * yet; when a controller is configured, resetting the datapath ID will
565 * immediately disconnect from the controller, so it's better to set
566 * the datapath ID before the controller. */
567 bridge_reconfigure_controller(br);
569 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
570 for (i = 0; i < br->n_ports; i++) {
571 struct port *port = br->ports[i];
572 port_update_vlan_compat(port);
575 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
576 brstp_reconfigure(br);
581 bridge_pick_local_hw_addr(struct bridge *br, uint8_t ea[ETH_ADDR_LEN],
582 const char **devname)
584 uint64_t requested_ea;
590 /* Did the user request a particular MAC? */
591 requested_ea = cfg_get_mac(0, "bridge.%s.mac", br->name);
593 eth_addr_from_uint64(requested_ea, ea);
594 if (eth_addr_is_multicast(ea)) {
595 VLOG_ERR("bridge %s: cannot set MAC address to multicast "
596 "address "ETH_ADDR_FMT, br->name, ETH_ADDR_ARGS(ea));
597 } else if (eth_addr_is_zero(ea)) {
598 VLOG_ERR("bridge %s: cannot set MAC address to zero", br->name);
604 /* Otherwise choose the minimum MAC address among all of the interfaces.
605 * (Xen uses FE:FF:FF:FF:FF:FF for virtual interfaces so this will get the
606 * MAC of the physical interface in such an environment.) */
607 memset(ea, 0xff, sizeof ea);
608 for (i = 0; i < br->n_ports; i++) {
609 struct port *port = br->ports[i];
610 if (port->is_mirror_output_port) {
613 for (j = 0; j < port->n_ifaces; j++) {
614 struct iface *iface = port->ifaces[j];
615 uint8_t iface_ea[ETH_ADDR_LEN];
616 if (iface->dp_ifidx == ODPP_LOCAL
617 || cfg_get_bool(0, "iface.%s.internal", iface->name)) {
620 error = netdev_nodev_get_etheraddr(iface->name, iface_ea);
622 if (!eth_addr_is_multicast(iface_ea) &&
623 !eth_addr_is_reserved(iface_ea) &&
624 !eth_addr_is_zero(iface_ea) &&
625 memcmp(iface_ea, ea, ETH_ADDR_LEN) < 0) {
626 memcpy(ea, iface_ea, ETH_ADDR_LEN);
627 *devname = iface->name;
630 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
631 VLOG_ERR_RL(&rl, "failed to obtain Ethernet address of %s: %s",
632 iface->name, strerror(error));
636 if (eth_addr_is_multicast(ea) || eth_addr_is_vif(ea)) {
637 memcpy(ea, br->default_ea, ETH_ADDR_LEN);
639 VLOG_WARN("bridge %s: using default bridge Ethernet "
640 "address "ETH_ADDR_FMT, br->name, ETH_ADDR_ARGS(ea));
642 VLOG_DBG("bridge %s: using bridge Ethernet address "ETH_ADDR_FMT,
643 br->name, ETH_ADDR_ARGS(ea));
647 /* Choose and returns the datapath ID for bridge 'br' given that the bridge
648 * Ethernet address is 'bridge_ea'. If 'bridge_ea' is the Ethernet address of
649 * a network device, then that network device's name must be passed in as
650 * 'devname'; if 'bridge_ea' was derived some other way, then 'devname' must be
651 * passed in as a null pointer. */
653 bridge_pick_datapath_id(struct bridge *br,
654 const uint8_t bridge_ea[ETH_ADDR_LEN],
658 * The procedure for choosing a bridge MAC address will, in the most
659 * ordinary case, also choose a unique MAC that we can use as a datapath
660 * ID. In some special cases, though, multiple bridges will end up with
661 * the same MAC address. This is OK for the bridges, but it will confuse
662 * the OpenFlow controller, because each datapath needs a unique datapath
665 * Datapath IDs must be unique. It is also very desirable that they be
666 * stable from one run to the next, so that policy set on a datapath
671 dpid = cfg_get_dpid(0, "bridge.%s.datapath-id", br->name);
678 if (!netdev_get_vlan_vid(devname, &vlan)) {
680 * A bridge whose MAC address is taken from a VLAN network device
681 * (that is, a network device created with vconfig(8) or similar
682 * tool) will have the same MAC address as a bridge on the VLAN
683 * device's physical network device.
685 * Handle this case by hashing the physical network device MAC
686 * along with the VLAN identifier.
688 uint8_t buf[ETH_ADDR_LEN + 2];
689 memcpy(buf, bridge_ea, ETH_ADDR_LEN);
690 buf[ETH_ADDR_LEN] = vlan >> 8;
691 buf[ETH_ADDR_LEN + 1] = vlan;
692 return dpid_from_hash(buf, sizeof buf);
695 * Assume that this bridge's MAC address is unique, since it
696 * doesn't fit any of the cases we handle specially.
701 * A purely internal bridge, that is, one that has no non-virtual
702 * network devices on it at all, is more difficult because it has no
703 * natural unique identifier at all.
705 * When the host is a XenServer, we handle this case by hashing the
706 * host's UUID with the name of the bridge. Names of bridges are
707 * persistent across XenServer reboots, although they can be reused if
708 * an internal network is destroyed and then a new one is later
709 * created, so this is fairly effective.
711 * When the host is not a XenServer, we punt by using a random MAC
712 * address on each run.
714 const char *host_uuid = xenserver_get_host_uuid();
716 char *combined = xasprintf("%s,%s", host_uuid, br->name);
717 dpid = dpid_from_hash(combined, strlen(combined));
723 return eth_addr_to_uint64(bridge_ea);
727 dpid_from_hash(const void *data, size_t n)
729 uint8_t hash[SHA1HashSize];
731 BUILD_ASSERT_DECL(sizeof hash >= ETH_ADDR_LEN);
732 SHA1Bytes(data, n, hash);
733 eth_addr_mark_random(hash);
734 return eth_addr_to_uint64(hash);
740 struct bridge *br, *next;
744 LIST_FOR_EACH_SAFE (br, next, struct bridge, node, &all_bridges) {
745 int error = bridge_run_one(br);
747 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
748 VLOG_ERR_RL(&rl, "bridge %s: datapath was destroyed externally, "
749 "forcing reconfiguration", br->name);
763 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
764 ofproto_wait(br->ofproto);
765 if (br->controller) {
770 mac_learning_wait(br->ml);
777 /* Forces 'br' to revalidate all of its flows. This is appropriate when 'br''s
778 * configuration changes. */
780 bridge_flush(struct bridge *br)
782 COVERAGE_INC(bridge_flush);
785 mac_learning_flush(br->ml);
789 /* Bridge reconfiguration functions. */
791 static struct bridge *
792 bridge_create(const char *name)
797 assert(!bridge_lookup(name));
798 br = xcalloc(1, sizeof *br);
800 error = dpif_create(name, &br->dpif);
801 if (error == EEXIST) {
802 error = dpif_open(name, &br->dpif);
804 VLOG_ERR("datapath %s already exists but cannot be opened: %s",
805 name, strerror(error));
809 dpif_flow_flush(&br->dpif);
811 VLOG_ERR("failed to create datapath %s: %s", name, strerror(error));
816 error = ofproto_create(name, &bridge_ofhooks, br, &br->ofproto);
818 VLOG_ERR("failed to create switch %s: %s", name, strerror(error));
819 dpif_delete(&br->dpif);
820 dpif_close(&br->dpif);
825 br->name = xstrdup(name);
826 br->ml = mac_learning_create();
827 br->sent_config_request = false;
828 eth_addr_random(br->default_ea);
830 port_array_init(&br->ifaces);
833 br->bond_next_rebalance = time_msec() + 10000;
835 list_push_back(&all_bridges, &br->node);
837 VLOG_INFO("created bridge %s on dp%u", br->name, dpif_id(&br->dpif));
843 bridge_destroy(struct bridge *br)
848 while (br->n_ports > 0) {
849 port_destroy(br->ports[br->n_ports - 1]);
851 list_remove(&br->node);
852 error = dpif_delete(&br->dpif);
853 if (error && error != ENOENT) {
854 VLOG_ERR("failed to delete dp%u: %s",
855 dpif_id(&br->dpif), strerror(error));
857 dpif_close(&br->dpif);
858 ofproto_destroy(br->ofproto);
859 free(br->controller);
860 mac_learning_destroy(br->ml);
861 port_array_destroy(&br->ifaces);
868 static struct bridge *
869 bridge_lookup(const char *name)
873 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
874 if (!strcmp(br->name, name)) {
882 bridge_exists(const char *name)
884 return bridge_lookup(name) ? true : false;
888 bridge_get_datapathid(const char *name)
890 struct bridge *br = bridge_lookup(name);
891 return br ? ofproto_get_datapath_id(br->ofproto) : 0;
895 bridge_run_one(struct bridge *br)
899 error = ofproto_run1(br->ofproto);
905 mac_learning_run(br->ml, ofproto_get_revalidate_set(br->ofproto));
910 error = ofproto_run2(br->ofproto, br->flush);
917 bridge_get_controller(const struct bridge *br)
919 const char *controller;
921 controller = cfg_get_string(0, "bridge.%s.controller", br->name);
923 controller = cfg_get_string(0, "mgmt.controller");
925 return controller && controller[0] ? controller : NULL;
929 bridge_reconfigure_one(struct bridge *br)
931 struct svec old_ports, new_ports, ifaces;
932 struct svec listeners, old_listeners;
933 struct svec snoops, old_snoops;
936 /* Collect old ports. */
937 svec_init(&old_ports);
938 for (i = 0; i < br->n_ports; i++) {
939 svec_add(&old_ports, br->ports[i]->name);
941 svec_sort(&old_ports);
942 assert(svec_is_unique(&old_ports));
944 /* Collect new ports. */
945 svec_init(&new_ports);
946 cfg_get_all_keys(&new_ports, "bridge.%s.port", br->name);
947 svec_sort(&new_ports);
948 if (bridge_get_controller(br) && !svec_contains(&new_ports, br->name)) {
949 svec_add(&new_ports, br->name);
950 svec_sort(&new_ports);
952 if (!svec_is_unique(&new_ports)) {
953 VLOG_WARN("bridge %s: %s specified twice as bridge port",
954 br->name, svec_get_duplicate(&new_ports));
955 svec_unique(&new_ports);
958 ofproto_set_mgmt_id(br->ofproto, mgmt_id);
960 /* Get rid of deleted ports and add new ports. */
961 for (i = 0; i < br->n_ports; ) {
962 struct port *port = br->ports[i];
963 if (!svec_contains(&new_ports, port->name)) {
969 for (i = 0; i < new_ports.n; i++) {
970 const char *name = new_ports.names[i];
971 if (!svec_contains(&old_ports, name)) {
972 port_create(br, name);
975 svec_destroy(&old_ports);
976 svec_destroy(&new_ports);
978 /* Reconfigure all ports. */
979 for (i = 0; i < br->n_ports; i++) {
980 port_reconfigure(br->ports[i]);
983 /* Check and delete duplicate interfaces. */
985 for (i = 0; i < br->n_ports; ) {
986 struct port *port = br->ports[i];
987 for (j = 0; j < port->n_ifaces; ) {
988 struct iface *iface = port->ifaces[j];
989 if (svec_contains(&ifaces, iface->name)) {
990 VLOG_ERR("bridge %s: %s interface is on multiple ports, "
992 br->name, iface->name, port->name);
993 iface_destroy(iface);
995 svec_add(&ifaces, iface->name);
1000 if (!port->n_ifaces) {
1001 VLOG_ERR("%s port has no interfaces, dropping", port->name);
1007 svec_destroy(&ifaces);
1009 /* Delete all flows if we're switching from connected to standalone or vice
1010 * versa. (XXX Should we delete all flows if we are switching from one
1011 * controller to another?) */
1013 /* Configure OpenFlow management listeners. */
1014 svec_init(&listeners);
1015 cfg_get_all_strings(&listeners, "bridge.%s.openflow.listeners", br->name);
1017 svec_add_nocopy(&listeners, xasprintf("punix:%s/%s.mgmt",
1018 ovs_rundir, br->name));
1019 } else if (listeners.n == 1 && !strcmp(listeners.names[0], "none")) {
1020 svec_clear(&listeners);
1022 svec_sort_unique(&listeners);
1024 svec_init(&old_listeners);
1025 ofproto_get_listeners(br->ofproto, &old_listeners);
1026 svec_sort_unique(&old_listeners);
1028 if (!svec_equal(&listeners, &old_listeners)) {
1029 ofproto_set_listeners(br->ofproto, &listeners);
1031 svec_destroy(&listeners);
1032 svec_destroy(&old_listeners);
1034 /* Configure OpenFlow controller connection snooping. */
1036 cfg_get_all_strings(&snoops, "bridge.%s.openflow.snoops", br->name);
1038 svec_add_nocopy(&snoops, xasprintf("punix:%s/%s.snoop",
1039 ovs_rundir, br->name));
1040 } else if (snoops.n == 1 && !strcmp(snoops.names[0], "none")) {
1041 svec_clear(&snoops);
1043 svec_sort_unique(&snoops);
1045 svec_init(&old_snoops);
1046 ofproto_get_snoops(br->ofproto, &old_snoops);
1047 svec_sort_unique(&old_snoops);
1049 if (!svec_equal(&snoops, &old_snoops)) {
1050 ofproto_set_snoops(br->ofproto, &snoops);
1052 svec_destroy(&snoops);
1053 svec_destroy(&old_snoops);
1055 mirror_reconfigure(br);
1059 bridge_reconfigure_controller(struct bridge *br)
1061 char *pfx = xasprintf("bridge.%s.controller", br->name);
1062 const char *controller;
1064 controller = bridge_get_controller(br);
1065 if ((br->controller != NULL) != (controller != NULL)) {
1066 ofproto_flush_flows(br->ofproto);
1068 free(br->controller);
1069 br->controller = controller ? xstrdup(controller) : NULL;
1072 const char *fail_mode;
1073 int max_backoff, probe;
1074 int rate_limit, burst_limit;
1076 if (!strcmp(controller, "discover")) {
1077 ofproto_set_discovery(br->ofproto, true,
1078 cfg_get_string(0, "%s.accept-regex", pfx),
1079 cfg_get_bool(0, "%s.update-resolv.conf",
1082 struct netdev *netdev;
1086 in_band = (!cfg_is_valid(CFG_BOOL | CFG_REQUIRED,
1088 || cfg_get_bool(0, "%s.in-band", pfx));
1089 ofproto_set_discovery(br->ofproto, false, NULL, NULL);
1090 ofproto_set_in_band(br->ofproto, in_band);
1092 error = netdev_open(br->name, NETDEV_ETH_TYPE_NONE, &netdev);
1094 if (cfg_is_valid(CFG_IP | CFG_REQUIRED, "%s.ip", pfx)) {
1095 struct in_addr ip, mask, gateway;
1096 ip.s_addr = cfg_get_ip(0, "%s.ip", pfx);
1097 mask.s_addr = cfg_get_ip(0, "%s.netmask", pfx);
1098 gateway.s_addr = cfg_get_ip(0, "%s.gateway", pfx);
1100 netdev_turn_flags_on(netdev, NETDEV_UP, true);
1102 mask.s_addr = guess_netmask(ip.s_addr);
1104 if (!netdev_set_in4(netdev, ip, mask)) {
1105 VLOG_INFO("bridge %s: configured IP address "IP_FMT", "
1107 br->name, IP_ARGS(&ip.s_addr),
1108 IP_ARGS(&mask.s_addr));
1111 if (gateway.s_addr) {
1112 if (!netdev_add_router(gateway)) {
1113 VLOG_INFO("bridge %s: configured gateway "IP_FMT,
1114 br->name, IP_ARGS(&gateway.s_addr));
1118 netdev_close(netdev);
1122 fail_mode = cfg_get_string(0, "%s.fail-mode", pfx);
1124 fail_mode = cfg_get_string(0, "mgmt.fail-mode");
1126 ofproto_set_failure(br->ofproto,
1128 || !strcmp(fail_mode, "standalone")
1129 || !strcmp(fail_mode, "open")));
1131 probe = cfg_get_int(0, "%s.inactivity-probe", pfx);
1132 ofproto_set_probe_interval(br->ofproto,
1133 probe ? probe : cfg_get_int(0, "mgmt.inactivity-probe"));
1135 max_backoff = cfg_get_int(0, "%s.max-backoff", pfx);
1137 max_backoff = cfg_get_int(0, "mgmt.max-backoff");
1142 ofproto_set_max_backoff(br->ofproto, max_backoff);
1144 rate_limit = cfg_get_int(0, "%s.rate-limit", pfx);
1146 rate_limit = cfg_get_int(0, "mgmt.rate-limit");
1148 burst_limit = cfg_get_int(0, "%s.burst-limit", pfx);
1150 burst_limit = cfg_get_int(0, "mgmt.burst-limit");
1152 ofproto_set_rate_limit(br->ofproto, rate_limit, burst_limit);
1154 ofproto_set_stp(br->ofproto, cfg_get_bool(0, "%s.stp", pfx));
1156 if (cfg_has("%s.commands.acl", pfx)) {
1157 struct svec command_acls;
1160 svec_init(&command_acls);
1161 cfg_get_all_strings(&command_acls, "%s.commands.acl", pfx);
1162 command_acl = svec_join(&command_acls, ",", "");
1164 ofproto_set_remote_execution(br->ofproto, command_acl,
1165 cfg_get_string(0, "%s.commands.dir",
1168 svec_destroy(&command_acls);
1171 ofproto_set_remote_execution(br->ofproto, NULL, NULL);
1174 union ofp_action action;
1177 /* Set up a flow that matches every packet and directs them to
1178 * OFPP_NORMAL (which goes to us). */
1179 memset(&action, 0, sizeof action);
1180 action.type = htons(OFPAT_OUTPUT);
1181 action.output.len = htons(sizeof action);
1182 action.output.port = htons(OFPP_NORMAL);
1183 memset(&flow, 0, sizeof flow);
1184 ofproto_add_flow(br->ofproto, &flow, OFPFW_ALL, 0,
1187 ofproto_set_in_band(br->ofproto, false);
1188 ofproto_set_max_backoff(br->ofproto, 1);
1189 ofproto_set_probe_interval(br->ofproto, 5);
1190 ofproto_set_failure(br->ofproto, false);
1191 ofproto_set_stp(br->ofproto, false);
1195 ofproto_set_controller(br->ofproto, br->controller);
1199 bridge_get_all_ifaces(const struct bridge *br, struct svec *ifaces)
1204 for (i = 0; i < br->n_ports; i++) {
1205 struct port *port = br->ports[i];
1206 for (j = 0; j < port->n_ifaces; j++) {
1207 struct iface *iface = port->ifaces[j];
1208 svec_add(ifaces, iface->name);
1212 assert(svec_is_unique(ifaces));
1215 /* For robustness, in case the administrator moves around datapath ports behind
1216 * our back, we re-check all the datapath port numbers here.
1218 * This function will set the 'dp_ifidx' members of interfaces that have
1219 * disappeared to -1, so only call this function from a context where those
1220 * 'struct iface's will be removed from the bridge. Otherwise, the -1
1221 * 'dp_ifidx'es will cause trouble later when we try to send them to the
1222 * datapath, which doesn't support UINT16_MAX+1 ports. */
1224 bridge_fetch_dp_ifaces(struct bridge *br)
1226 struct odp_port *dpif_ports;
1227 size_t n_dpif_ports;
1230 /* Reset all interface numbers. */
1231 for (i = 0; i < br->n_ports; i++) {
1232 struct port *port = br->ports[i];
1233 for (j = 0; j < port->n_ifaces; j++) {
1234 struct iface *iface = port->ifaces[j];
1235 iface->dp_ifidx = -1;
1238 port_array_clear(&br->ifaces);
1240 dpif_port_list(&br->dpif, &dpif_ports, &n_dpif_ports);
1241 for (i = 0; i < n_dpif_ports; i++) {
1242 struct odp_port *p = &dpif_ports[i];
1243 struct iface *iface = iface_lookup(br, p->devname);
1245 if (iface->dp_ifidx >= 0) {
1246 VLOG_WARN("dp%u reported interface %s twice",
1247 dpif_id(&br->dpif), p->devname);
1248 } else if (iface_from_dp_ifidx(br, p->port)) {
1249 VLOG_WARN("dp%u reported interface %"PRIu16" twice",
1250 dpif_id(&br->dpif), p->port);
1252 port_array_set(&br->ifaces, p->port, iface);
1253 iface->dp_ifidx = p->port;
1260 /* Bridge packet processing functions. */
1262 static struct bond_entry *
1263 lookup_bond_entry(const struct port *port, const uint8_t mac[ETH_ADDR_LEN])
1265 size_t h = hash_bytes(mac, ETH_ADDR_LEN, 0);
1266 return &port->bond_hash[h & BOND_MASK];
1270 bond_choose_iface(const struct port *port)
1273 for (i = 0; i < port->n_ifaces; i++) {
1274 if (port->ifaces[i]->enabled) {
1282 choose_output_iface(const struct port *port, const flow_t *flow,
1283 uint16_t *dp_ifidx, tag_type *tags)
1285 struct iface *iface;
1287 assert(port->n_ifaces);
1288 if (port->n_ifaces == 1) {
1289 iface = port->ifaces[0];
1291 struct bond_entry *e = lookup_bond_entry(port, flow->dl_src);
1292 if (e->iface_idx < 0 || e->iface_idx >= port->n_ifaces
1293 || !port->ifaces[e->iface_idx]->enabled) {
1294 /* XXX select interface properly. The current interface selection
1295 * is only good for testing the rebalancing code. */
1296 e->iface_idx = bond_choose_iface(port);
1297 if (e->iface_idx < 0) {
1298 *tags |= port->no_ifaces_tag;
1301 e->iface_tag = tag_create_random();
1303 *tags |= e->iface_tag;
1304 iface = port->ifaces[e->iface_idx];
1306 *dp_ifidx = iface->dp_ifidx;
1307 *tags |= iface->tag; /* Currently only used for bonding. */
1312 bond_link_status_update(struct iface *iface, bool carrier)
1314 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20);
1315 struct port *port = iface->port;
1317 if ((carrier == iface->enabled) == (iface->delay_expires == LLONG_MAX)) {
1318 /* Nothing to do. */
1321 VLOG_INFO_RL(&rl, "interface %s: carrier %s",
1322 iface->name, carrier ? "detected" : "dropped");
1323 if (carrier == iface->enabled) {
1324 iface->delay_expires = LLONG_MAX;
1325 VLOG_INFO_RL(&rl, "interface %s: will not be %s",
1326 iface->name, carrier ? "disabled" : "enabled");
1328 int delay = carrier ? port->updelay : port->downdelay;
1329 iface->delay_expires = time_msec() + delay;
1332 "interface %s: will be %s if it stays %s for %d ms",
1334 carrier ? "enabled" : "disabled",
1335 carrier ? "up" : "down",
1342 bond_choose_active_iface(struct port *port)
1344 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20);
1346 port->active_iface = bond_choose_iface(port);
1347 port->active_iface_tag = tag_create_random();
1348 if (port->active_iface >= 0) {
1349 VLOG_INFO_RL(&rl, "port %s: active interface is now %s",
1350 port->name, port->ifaces[port->active_iface]->name);
1352 VLOG_WARN_RL(&rl, "port %s: all ports disabled, no active interface",
1358 bond_run(struct bridge *br)
1362 for (i = 0; i < br->n_ports; i++) {
1363 struct port *port = br->ports[i];
1364 if (port->n_ifaces < 2) {
1367 for (j = 0; j < port->n_ifaces; j++) {
1368 struct iface *iface = port->ifaces[j];
1369 if (time_msec() >= iface->delay_expires) {
1370 iface->delay_expires = LLONG_MAX;
1371 iface->enabled = !iface->enabled;
1372 VLOG_WARN("interface %s: %s",
1374 iface->enabled ? "enabled" : "disabled");
1375 if (!iface->enabled) {
1376 ofproto_revalidate(br->ofproto, iface->tag);
1377 if (iface->port_ifidx == port->active_iface) {
1378 ofproto_revalidate(br->ofproto,
1379 port->active_iface_tag);
1380 bond_choose_active_iface(port);
1383 if (port->active_iface < 0) {
1384 ofproto_revalidate(br->ofproto, port->no_ifaces_tag);
1385 bond_choose_active_iface(port);
1387 iface->tag = tag_create_random();
1395 bond_wait(struct bridge *br)
1399 for (i = 0; i < br->n_ports; i++) {
1400 struct port *port = br->ports[i];
1401 if (port->n_ifaces < 2) {
1404 for (j = 0; j < port->n_ifaces; j++) {
1405 struct iface *iface = port->ifaces[j];
1406 if (iface->delay_expires != LLONG_MAX) {
1407 poll_timer_wait(iface->delay_expires - time_msec());
1414 set_dst(struct dst *p, const flow_t *flow,
1415 const struct port *in_port, const struct port *out_port,
1420 * XXX This uses too many tags: any broadcast flow will get one tag per
1421 * destination port, and thus a broadcast on a switch of any size is likely
1422 * to have all tag bits set. We should figure out a way to be smarter.
1424 * This is OK when STP is disabled, because stp_state_tag is 0 then. */
1425 *tags |= out_port->stp_state_tag;
1426 if (!(out_port->stp_state & (STP_DISABLED | STP_FORWARDING))) {
1430 p->vlan = (out_port->vlan >= 0 ? OFP_VLAN_NONE
1431 : in_port->vlan >= 0 ? in_port->vlan
1432 : ntohs(flow->dl_vlan));
1433 return choose_output_iface(out_port, flow, &p->dp_ifidx, tags);
1437 swap_dst(struct dst *p, struct dst *q)
1439 struct dst tmp = *p;
1444 /* Moves all the dsts with vlan == 'vlan' to the front of the 'n_dsts' in
1445 * 'dsts'. (This may help performance by reducing the number of VLAN changes
1446 * that we push to the datapath. We could in fact fully sort the array by
1447 * vlan, but in most cases there are at most two different vlan tags so that's
1448 * possibly overkill.) */
1450 partition_dsts(struct dst *dsts, size_t n_dsts, int vlan)
1452 struct dst *first = dsts;
1453 struct dst *last = dsts + n_dsts;
1455 while (first != last) {
1457 * - All dsts < first have vlan == 'vlan'.
1458 * - All dsts >= last have vlan != 'vlan'.
1459 * - first < last. */
1460 while (first->vlan == vlan) {
1461 if (++first == last) {
1466 /* Same invariants, plus one additional:
1467 * - first->vlan != vlan.
1469 while (last[-1].vlan != vlan) {
1470 if (--last == first) {
1475 /* Same invariants, plus one additional:
1476 * - last[-1].vlan == vlan.*/
1477 swap_dst(first++, --last);
1482 mirror_mask_ffs(mirror_mask_t mask)
1484 BUILD_ASSERT_DECL(sizeof(unsigned int) >= sizeof(mask));
1489 dst_is_duplicate(const struct dst *dsts, size_t n_dsts,
1490 const struct dst *test)
1493 for (i = 0; i < n_dsts; i++) {
1494 if (dsts[i].vlan == test->vlan && dsts[i].dp_ifidx == test->dp_ifidx) {
1502 port_trunks_vlan(const struct port *port, uint16_t vlan)
1504 return port->vlan < 0 && bitmap_is_set(port->trunks, vlan);
1508 port_includes_vlan(const struct port *port, uint16_t vlan)
1510 return vlan == port->vlan || port_trunks_vlan(port, vlan);
1514 compose_dsts(const struct bridge *br, const flow_t *flow, uint16_t vlan,
1515 const struct port *in_port, const struct port *out_port,
1516 struct dst dsts[], tag_type *tags)
1518 mirror_mask_t mirrors = in_port->src_mirrors;
1519 struct dst *dst = dsts;
1522 *tags |= in_port->stp_state_tag;
1523 if (out_port == FLOOD_PORT) {
1524 /* XXX use ODP_FLOOD if no vlans or bonding. */
1525 /* XXX even better, define each VLAN as a datapath port group */
1526 for (i = 0; i < br->n_ports; i++) {
1527 struct port *port = br->ports[i];
1528 if (port != in_port && port_includes_vlan(port, vlan)
1529 && !port->is_mirror_output_port
1530 && set_dst(dst, flow, in_port, port, tags)) {
1531 mirrors |= port->dst_mirrors;
1535 } else if (out_port && set_dst(dst, flow, in_port, out_port, tags)) {
1536 mirrors |= out_port->dst_mirrors;
1541 struct mirror *m = br->mirrors[mirror_mask_ffs(mirrors) - 1];
1542 if (!m->n_vlans || vlan_is_mirrored(m, vlan)) {
1544 if (set_dst(dst, flow, in_port, m->out_port, tags)
1545 && !dst_is_duplicate(dsts, dst - dsts, dst)) {
1549 for (i = 0; i < br->n_ports; i++) {
1550 struct port *port = br->ports[i];
1551 if (port_includes_vlan(port, m->out_vlan)
1552 && set_dst(dst, flow, in_port, port, tags)
1553 && !dst_is_duplicate(dsts, dst - dsts, dst))
1555 if (port->vlan < 0) {
1556 dst->vlan = m->out_vlan;
1558 if (dst->dp_ifidx == flow->in_port
1559 && dst->vlan == vlan) {
1560 /* Don't send out input port on same VLAN. */
1568 mirrors &= mirrors - 1;
1571 partition_dsts(dsts, dst - dsts, ntohs(flow->dl_vlan));
1576 print_dsts(const struct dst *dsts, size_t n)
1578 for (; n--; dsts++) {
1579 printf(">p%"PRIu16, dsts->dp_ifidx);
1580 if (dsts->vlan != OFP_VLAN_NONE) {
1581 printf("v%"PRIu16, dsts->vlan);
1587 compose_actions(struct bridge *br, const flow_t *flow, uint16_t vlan,
1588 const struct port *in_port, const struct port *out_port,
1589 tag_type *tags, struct odp_actions *actions)
1591 struct dst dsts[DP_MAX_PORTS * (MAX_MIRRORS + 1)];
1593 const struct dst *p;
1596 n_dsts = compose_dsts(br, flow, vlan, in_port, out_port, dsts, tags);
1598 cur_vlan = ntohs(flow->dl_vlan);
1599 for (p = dsts; p < &dsts[n_dsts]; p++) {
1600 union odp_action *a;
1601 if (p->vlan != cur_vlan) {
1602 if (p->vlan == OFP_VLAN_NONE) {
1603 odp_actions_add(actions, ODPAT_STRIP_VLAN);
1605 a = odp_actions_add(actions, ODPAT_SET_VLAN_VID);
1606 a->vlan_vid.vlan_vid = htons(p->vlan);
1610 a = odp_actions_add(actions, ODPAT_OUTPUT);
1611 a->output.port = p->dp_ifidx;
1616 is_bcast_arp_reply(const flow_t *flow, const struct ofpbuf *packet)
1618 struct arp_eth_header *arp = (struct arp_eth_header *) packet->data;
1619 return (flow->dl_type == htons(ETH_TYPE_ARP)
1620 && eth_addr_is_broadcast(flow->dl_dst)
1621 && packet->size >= sizeof(struct arp_eth_header)
1622 && arp->ar_op == ARP_OP_REQUEST);
1625 /* If the composed actions may be applied to any packet in the given 'flow',
1626 * returns true. Otherwise, the actions should only be applied to 'packet', or
1627 * not at all, if 'packet' was NULL. */
1629 process_flow(struct bridge *br, const flow_t *flow,
1630 const struct ofpbuf *packet, struct odp_actions *actions,
1633 struct iface *in_iface;
1634 struct port *in_port;
1635 struct port *out_port = NULL; /* By default, drop the packet/flow. */
1638 /* Find the interface and port structure for the received packet. */
1639 in_iface = iface_from_dp_ifidx(br, flow->in_port);
1641 /* No interface? Something fishy... */
1642 if (packet != NULL) {
1643 /* Odd. A few possible reasons here:
1645 * - We deleted an interface but there are still a few packets
1646 * queued up from it.
1648 * - Someone externally added an interface (e.g. with "ovs-dpctl
1649 * add-if") that we don't know about.
1651 * - Packet arrived on the local port but the local port is not
1652 * one of our bridge ports.
1654 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1656 VLOG_WARN_RL(&rl, "bridge %s: received packet on unknown "
1657 "interface %"PRIu16, br->name, flow->in_port);
1660 /* Return without adding any actions, to drop packets on this flow. */
1663 in_port = in_iface->port;
1665 /* Figure out what VLAN this packet belongs to.
1667 * Note that dl_vlan of 0 and of OFP_VLAN_NONE both mean that the packet
1668 * belongs to VLAN 0, so we should treat both cases identically. (In the
1669 * former case, the packet has an 802.1Q header that specifies VLAN 0,
1670 * presumably to allow a priority to be specified. In the latter case, the
1671 * packet does not have any 802.1Q header.) */
1672 vlan = ntohs(flow->dl_vlan);
1673 if (vlan == OFP_VLAN_NONE) {
1676 if (in_port->vlan >= 0) {
1678 /* XXX support double tagging? */
1679 if (packet != NULL) {
1680 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1681 VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %"PRIu16" tagged "
1682 "packet received on port %s configured with "
1683 "implicit VLAN %"PRIu16,
1684 br->name, ntohs(flow->dl_vlan),
1685 in_port->name, in_port->vlan);
1689 vlan = in_port->vlan;
1691 if (!port_includes_vlan(in_port, vlan)) {
1692 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1693 VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %d tagged "
1694 "packet received on port %s not configured for "
1696 br->name, vlan, in_port->name, vlan);
1701 /* Drop frames for ports that STP wants entirely killed (both for
1702 * forwarding and for learning). Later, after we do learning, we'll drop
1703 * the frames that STP wants to do learning but not forwarding on. */
1704 if (in_port->stp_state & (STP_LISTENING | STP_BLOCKING)) {
1708 /* Drop frames for reserved multicast addresses. */
1709 if (eth_addr_is_reserved(flow->dl_dst)) {
1713 /* Drop frames on ports reserved for mirroring. */
1714 if (in_port->is_mirror_output_port) {
1715 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1716 VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port %s, "
1717 "which is reserved exclusively for mirroring",
1718 br->name, in_port->name);
1722 /* Drop multicast and broadcast packets on inactive bonded interfaces, to
1723 * avoid receiving duplicates. */
1724 if (in_port->n_ifaces > 1 && eth_addr_is_multicast(flow->dl_dst)) {
1725 *tags |= in_port->active_iface_tag;
1726 if (in_port->active_iface != in_iface->port_ifidx) {
1732 out_port = FLOOD_PORT;
1738 /* Don't try to learn from revalidation. */
1740 } else if (in_port->n_ifaces > 1) {
1741 /* If the packet arrived on a bonded port, don't learn from it
1742 * unless we haven't learned any port at all for that address
1743 * (because we probably sent the packet on one bonded interface and
1744 * got it back on the other). Broadcast ARP replies are an
1745 * exception to this rule: the host has moved to another switch. */
1746 int src_idx = mac_learning_lookup(br->ml, flow->dl_src, vlan);
1747 may_learn = (src_idx < 0
1748 || src_idx == in_port->port_idx
1749 || is_bcast_arp_reply(flow, packet));
1754 /* Learn source MAC. */
1756 tag_type rev_tag = mac_learning_learn(br->ml, flow->dl_src,
1757 vlan, in_port->port_idx);
1759 /* The log messages here could actually be useful in debugging,
1760 * so keep the rate limit relatively high. */
1761 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30,
1763 VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is "
1764 "on port %s in VLAN %d",
1765 br->name, ETH_ADDR_ARGS(flow->dl_src),
1766 in_port->name, vlan);
1767 ofproto_revalidate(br->ofproto, rev_tag);
1771 /* Determine output port. */
1772 out_port_idx = mac_learning_lookup_tag(br->ml, flow->dl_dst, vlan,
1774 if (out_port_idx >= 0 && out_port_idx < br->n_ports) {
1775 out_port = br->ports[out_port_idx];
1779 /* Don't send packets out their input ports. Don't forward frames that STP
1780 * wants us to discard. */
1781 if (in_port == out_port || in_port->stp_state == STP_LEARNING) {
1786 compose_actions(br, flow, vlan, in_port, out_port, tags, actions);
1789 * We send out only a single packet, instead of setting up a flow, if the
1790 * packet is an ARP directed to broadcast that arrived on a bonded
1791 * interface. In such a situation ARP requests and replies must be handled
1792 * differently, but OpenFlow unfortunately can't distinguish them.
1794 return (in_port->n_ifaces < 2
1795 || flow->dl_type != htons(ETH_TYPE_ARP)
1796 || !eth_addr_is_broadcast(flow->dl_dst));
1799 /* Careful: 'opp' is in host byte order and opp->port_no is an OFP port
1802 bridge_port_changed_ofhook_cb(enum ofp_port_reason reason,
1803 const struct ofp_phy_port *opp,
1806 struct bridge *br = br_;
1807 struct iface *iface;
1810 iface = iface_from_dp_ifidx(br, ofp_port_to_odp_port(opp->port_no));
1816 if (reason == OFPPR_DELETE) {
1817 VLOG_WARN("bridge %s: interface %s deleted unexpectedly",
1818 br->name, iface->name);
1819 iface_destroy(iface);
1820 if (!port->n_ifaces) {
1821 VLOG_WARN("bridge %s: port %s has no interfaces, dropping",
1822 br->name, port->name);
1828 memcpy(iface->mac, opp->hw_addr, ETH_ADDR_LEN);
1829 if (port->n_ifaces > 1) {
1830 bool up = !(opp->state & OFPPS_LINK_DOWN);
1831 bond_link_status_update(iface, up);
1832 port_update_bond_compat(port);
1838 bridge_normal_ofhook_cb(const flow_t *flow, const struct ofpbuf *packet,
1839 struct odp_actions *actions, tag_type *tags, void *br_)
1841 struct bridge *br = br_;
1844 if (flow->dl_type == htons(OFP_DL_TYPE_NOT_ETH_TYPE)
1845 && eth_addr_equals(flow->dl_dst, stp_eth_addr)) {
1846 brstp_receive(br, flow, payload);
1851 COVERAGE_INC(bridge_process_flow);
1852 return process_flow(br, flow, packet, actions, tags);
1856 bridge_account_flow_ofhook_cb(const flow_t *flow,
1857 const union odp_action *actions,
1858 size_t n_actions, unsigned long long int n_bytes,
1861 struct bridge *br = br_;
1862 const union odp_action *a;
1864 if (!br->has_bonded_ports) {
1868 for (a = actions; a < &actions[n_actions]; a++) {
1869 if (a->type == ODPAT_OUTPUT) {
1870 struct port *port = port_from_dp_ifidx(br, a->output.port);
1871 if (port && port->n_ifaces >= 2) {
1872 struct bond_entry *e = lookup_bond_entry(port, flow->dl_src);
1873 e->tx_bytes += n_bytes;
1880 bridge_account_checkpoint_ofhook_cb(void *br_)
1882 struct bridge *br = br_;
1885 if (!br->has_bonded_ports) {
1889 /* The current ofproto implementation calls this callback at least once a
1890 * second, so this timer implementation is sufficient. */
1891 if (time_msec() < br->bond_next_rebalance) {
1894 br->bond_next_rebalance = time_msec() + 10000;
1896 for (i = 0; i < br->n_ports; i++) {
1897 struct port *port = br->ports[i];
1898 if (port->n_ifaces > 1) {
1899 bond_rebalance_port(port);
1904 static struct ofhooks bridge_ofhooks = {
1905 bridge_port_changed_ofhook_cb,
1906 bridge_normal_ofhook_cb,
1907 bridge_account_flow_ofhook_cb,
1908 bridge_account_checkpoint_ofhook_cb,
1911 /* Statistics for a single interface on a bonded port, used for load-based
1912 * bond rebalancing. */
1913 struct slave_balance {
1914 struct iface *iface; /* The interface. */
1915 uint64_t tx_bytes; /* Sum of hashes[*]->tx_bytes. */
1917 /* All the "bond_entry"s that are assigned to this interface, in order of
1918 * increasing tx_bytes. */
1919 struct bond_entry **hashes;
1923 /* Sorts pointers to pointers to bond_entries in ascending order by the
1924 * interface to which they are assigned, and within a single interface in
1925 * ascending order of bytes transmitted. */
1927 compare_bond_entries(const void *a_, const void *b_)
1929 const struct bond_entry *const *ap = a_;
1930 const struct bond_entry *const *bp = b_;
1931 const struct bond_entry *a = *ap;
1932 const struct bond_entry *b = *bp;
1933 if (a->iface_idx != b->iface_idx) {
1934 return a->iface_idx > b->iface_idx ? 1 : -1;
1935 } else if (a->tx_bytes != b->tx_bytes) {
1936 return a->tx_bytes > b->tx_bytes ? 1 : -1;
1942 /* Sorts slave_balances so that enabled ports come first, and otherwise in
1943 * *descending* order by number of bytes transmitted. */
1945 compare_slave_balance(const void *a_, const void *b_)
1947 const struct slave_balance *a = a_;
1948 const struct slave_balance *b = b_;
1949 if (a->iface->enabled != b->iface->enabled) {
1950 return a->iface->enabled ? -1 : 1;
1951 } else if (a->tx_bytes != b->tx_bytes) {
1952 return a->tx_bytes > b->tx_bytes ? -1 : 1;
1959 swap_bals(struct slave_balance *a, struct slave_balance *b)
1961 struct slave_balance tmp = *a;
1966 /* Restores the 'n_bals' slave_balance structures in 'bals' to sorted order
1967 * given that 'p' (and only 'p') might be in the wrong location.
1969 * This function invalidates 'p', since it might now be in a different memory
1972 resort_bals(struct slave_balance *p,
1973 struct slave_balance bals[], size_t n_bals)
1976 for (; p > bals && p->tx_bytes > p[-1].tx_bytes; p--) {
1977 swap_bals(p, p - 1);
1979 for (; p < &bals[n_bals - 1] && p->tx_bytes < p[1].tx_bytes; p++) {
1980 swap_bals(p, p + 1);
1986 log_bals(const struct slave_balance *bals, size_t n_bals, struct port *port)
1988 if (VLOG_IS_DBG_ENABLED()) {
1989 struct ds ds = DS_EMPTY_INITIALIZER;
1990 const struct slave_balance *b;
1992 for (b = bals; b < bals + n_bals; b++) {
1996 ds_put_char(&ds, ',');
1998 ds_put_format(&ds, " %s %"PRIu64"kB",
1999 b->iface->name, b->tx_bytes / 1024);
2001 if (!b->iface->enabled) {
2002 ds_put_cstr(&ds, " (disabled)");
2004 if (b->n_hashes > 0) {
2005 ds_put_cstr(&ds, " (");
2006 for (i = 0; i < b->n_hashes; i++) {
2007 const struct bond_entry *e = b->hashes[i];
2009 ds_put_cstr(&ds, " + ");
2011 ds_put_format(&ds, "h%td: %"PRIu64"kB",
2012 e - port->bond_hash, e->tx_bytes / 1024);
2014 ds_put_cstr(&ds, ")");
2017 VLOG_DBG("bond %s:%s", port->name, ds_cstr(&ds));
2022 /* Shifts 'hash' from 'from' to 'to' within 'port'. */
2024 bond_shift_load(struct slave_balance *from, struct slave_balance *to,
2025 struct bond_entry *hash)
2027 struct port *port = from->iface->port;
2028 uint64_t delta = hash->tx_bytes;
2030 VLOG_INFO("bond %s: shift %"PRIu64"kB of load (with hash %td) "
2031 "from %s to %s (now carrying %"PRIu64"kB and "
2032 "%"PRIu64"kB load, respectively)",
2033 port->name, delta / 1024, hash - port->bond_hash,
2034 from->iface->name, to->iface->name,
2035 (from->tx_bytes - delta) / 1024,
2036 (to->tx_bytes + delta) / 1024);
2038 /* Delete element from from->hashes.
2040 * We don't bother to add the element to to->hashes because not only would
2041 * it require more work, the only purpose it would be to allow that hash to
2042 * be migrated to another slave in this rebalancing run, and there is no
2043 * point in doing that. */
2044 if (from->hashes[0] == hash) {
2047 int i = hash - from->hashes[0];
2048 memmove(from->hashes + i, from->hashes + i + 1,
2049 (from->n_hashes - (i + 1)) * sizeof *from->hashes);
2053 /* Shift load away from 'from' to 'to'. */
2054 from->tx_bytes -= delta;
2055 to->tx_bytes += delta;
2057 /* Arrange for flows to be revalidated. */
2058 ofproto_revalidate(port->bridge->ofproto, hash->iface_tag);
2059 hash->iface_idx = to->iface->port_ifidx;
2060 hash->iface_tag = tag_create_random();
2065 bond_rebalance_port(struct port *port)
2067 struct slave_balance bals[DP_MAX_PORTS];
2069 struct bond_entry *hashes[BOND_MASK + 1];
2070 struct slave_balance *b, *from, *to;
2071 struct bond_entry *e;
2074 /* Sets up 'bals' to describe each of the port's interfaces, sorted in
2075 * descending order of tx_bytes, so that bals[0] represents the most
2076 * heavily loaded slave and bals[n_bals - 1] represents the least heavily
2079 * The code is a bit tricky: to avoid dynamically allocating a 'hashes'
2080 * array for each slave_balance structure, we sort our local array of
2081 * hashes in order by slave, so that all of the hashes for a given slave
2082 * become contiguous in memory, and then we point each 'hashes' members of
2083 * a slave_balance structure to the start of a contiguous group. */
2084 n_bals = port->n_ifaces;
2085 for (b = bals; b < &bals[n_bals]; b++) {
2086 b->iface = port->ifaces[b - bals];
2091 for (i = 0; i <= BOND_MASK; i++) {
2092 hashes[i] = &port->bond_hash[i];
2094 qsort(hashes, BOND_MASK + 1, sizeof *hashes, compare_bond_entries);
2095 for (i = 0; i <= BOND_MASK; i++) {
2097 if (e->iface_idx >= 0 && e->iface_idx < port->n_ifaces) {
2098 b = &bals[e->iface_idx];
2099 b->tx_bytes += e->tx_bytes;
2101 b->hashes = &hashes[i];
2106 qsort(bals, n_bals, sizeof *bals, compare_slave_balance);
2107 log_bals(bals, n_bals, port);
2109 /* Discard slaves that aren't enabled (which were sorted to the back of the
2110 * array earlier). */
2111 while (!bals[n_bals - 1].iface->enabled) {
2118 /* Shift load from the most-loaded slaves to the least-loaded slaves. */
2119 to = &bals[n_bals - 1];
2120 for (from = bals; from < to; ) {
2121 uint64_t overload = from->tx_bytes - to->tx_bytes;
2122 if (overload < to->tx_bytes >> 5 || overload < 100000) {
2123 /* The extra load on 'from' (and all less-loaded slaves), compared
2124 * to that of 'to' (the least-loaded slave), is less than ~3%, or
2125 * it is less than ~1Mbps. No point in rebalancing. */
2127 } else if (from->n_hashes == 1) {
2128 /* 'from' only carries a single MAC hash, so we can't shift any
2129 * load away from it, even though we want to. */
2132 /* 'from' is carrying significantly more load than 'to', and that
2133 * load is split across at least two different hashes. Pick a hash
2134 * to migrate to 'to' (the least-loaded slave), given that doing so
2135 * must not cause 'to''s load to exceed 'from''s load.
2137 * The sort order we use means that we prefer to shift away the
2138 * smallest hashes instead of the biggest ones. There is little
2139 * reason behind this decision; we could use the opposite sort
2140 * order to shift away big hashes ahead of small ones. */
2143 for (i = 0; i < from->n_hashes; i++) {
2144 uint64_t delta = from->hashes[i]->tx_bytes;
2145 if (to->tx_bytes + delta < from->tx_bytes - delta) {
2149 if (i < from->n_hashes) {
2150 bond_shift_load(from, to, from->hashes[i]);
2152 /* Re-sort 'bals'. Note that this may make 'from' and 'to'
2153 * point to different slave_balance structures. It is only
2154 * valid to do these two operations in a row at all because we
2155 * know that 'from' will not move past 'to' and vice versa. */
2156 resort_bals(from, bals, n_bals);
2157 resort_bals(to, bals, n_bals);
2164 /* Implement exponentially weighted moving average. A weight of 1/2 causes
2165 * historical data to decay to <1% in 7 rebalancing runs. */
2166 for (e = &port->bond_hash[0]; e <= &port->bond_hash[BOND_MASK]; e++) {
2171 /* Port functions. */
2174 port_create(struct bridge *br, const char *name)
2178 port = xcalloc(1, sizeof *port);
2180 port->port_idx = br->n_ports;
2182 port->trunks = NULL;
2183 port->name = xstrdup(name);
2184 port->active_iface = -1;
2185 port->stp_state = STP_DISABLED;
2186 port->stp_state_tag = 0;
2188 if (br->n_ports >= br->allocated_ports) {
2189 br->ports = x2nrealloc(br->ports, &br->allocated_ports,
2192 br->ports[br->n_ports++] = port;
2194 VLOG_INFO("created port %s on bridge %s", port->name, br->name);
2199 port_reconfigure(struct port *port)
2201 bool bonded = cfg_has_section("bonding.%s", port->name);
2202 struct svec old_ifaces, new_ifaces;
2203 unsigned long *trunks;
2207 /* Collect old and new interfaces. */
2208 svec_init(&old_ifaces);
2209 svec_init(&new_ifaces);
2210 for (i = 0; i < port->n_ifaces; i++) {
2211 svec_add(&old_ifaces, port->ifaces[i]->name);
2213 svec_sort(&old_ifaces);
2215 cfg_get_all_keys(&new_ifaces, "bonding.%s.slave", port->name);
2216 if (!new_ifaces.n) {
2217 VLOG_ERR("port %s: no interfaces specified for bonded port",
2219 } else if (new_ifaces.n == 1) {
2220 VLOG_WARN("port %s: only 1 interface specified for bonded port",
2224 port->updelay = cfg_get_int(0, "bonding.%s.updelay", port->name);
2225 if (port->updelay < 0) {
2228 port->downdelay = cfg_get_int(0, "bonding.%s.downdelay", port->name);
2229 if (port->downdelay < 0) {
2230 port->downdelay = 0;
2233 svec_init(&new_ifaces);
2234 svec_add(&new_ifaces, port->name);
2237 /* Get rid of deleted interfaces and add new interfaces. */
2238 for (i = 0; i < port->n_ifaces; i++) {
2239 struct iface *iface = port->ifaces[i];
2240 if (!svec_contains(&new_ifaces, iface->name)) {
2241 iface_destroy(iface);
2246 for (i = 0; i < new_ifaces.n; i++) {
2247 const char *name = new_ifaces.names[i];
2248 if (!svec_contains(&old_ifaces, name)) {
2249 iface_create(port, name);
2255 if (cfg_has("vlan.%s.tag", port->name)) {
2257 vlan = cfg_get_vlan(0, "vlan.%s.tag", port->name);
2258 if (vlan >= 0 && vlan <= 4095) {
2259 VLOG_DBG("port %s: assigning VLAN tag %d", port->name, vlan);
2262 /* It's possible that bonded, VLAN-tagged ports make sense. Maybe
2263 * they even work as-is. But they have not been tested. */
2264 VLOG_WARN("port %s: VLAN tags not supported on bonded ports",
2268 if (port->vlan != vlan) {
2270 bridge_flush(port->bridge);
2273 /* Get trunked VLANs. */
2276 size_t n_trunks, n_errors;
2279 trunks = bitmap_allocate(4096);
2280 n_trunks = cfg_count("vlan.%s.trunks", port->name);
2282 for (i = 0; i < n_trunks; i++) {
2283 int trunk = cfg_get_vlan(i, "vlan.%s.trunks", port->name);
2285 bitmap_set1(trunks, trunk);
2291 VLOG_ERR("port %s: invalid values for %zu trunk VLANs",
2292 port->name, n_trunks);
2294 if (n_errors == n_trunks) {
2296 VLOG_ERR("port %s: no valid trunks, trunking all VLANs",
2299 bitmap_set_multiple(trunks, 0, 4096, 1);
2302 if (cfg_has("vlan.%s.trunks", port->name)) {
2303 VLOG_ERR("ignoring vlan.%s.trunks in favor of vlan.%s.vlan",
2304 port->name, port->name);
2308 ? port->trunks != NULL
2309 : port->trunks == NULL || !bitmap_equal(trunks, port->trunks, 4096)) {
2310 bridge_flush(port->bridge);
2312 bitmap_free(port->trunks);
2313 port->trunks = trunks;
2315 svec_destroy(&old_ifaces);
2316 svec_destroy(&new_ifaces);
2320 port_destroy(struct port *port)
2323 struct bridge *br = port->bridge;
2327 proc_net_compat_update_vlan(port->name, NULL, 0);
2329 for (i = 0; i < MAX_MIRRORS; i++) {
2330 struct mirror *m = br->mirrors[i];
2331 if (m && m->out_port == port) {
2336 while (port->n_ifaces > 0) {
2337 iface_destroy(port->ifaces[port->n_ifaces - 1]);
2340 del = br->ports[port->port_idx] = br->ports[--br->n_ports];
2341 del->port_idx = port->port_idx;
2344 bitmap_free(port->trunks);
2351 static struct port *
2352 port_from_dp_ifidx(const struct bridge *br, uint16_t dp_ifidx)
2354 struct iface *iface = iface_from_dp_ifidx(br, dp_ifidx);
2355 return iface ? iface->port : NULL;
2358 static struct port *
2359 port_lookup(const struct bridge *br, const char *name)
2363 for (i = 0; i < br->n_ports; i++) {
2364 struct port *port = br->ports[i];
2365 if (!strcmp(port->name, name)) {
2373 port_update_bonding(struct port *port)
2375 if (port->n_ifaces < 2) {
2376 /* Not a bonded port. */
2377 if (port->bond_hash) {
2378 free(port->bond_hash);
2379 port->bond_hash = NULL;
2380 proc_net_compat_update_bond(port->name, NULL);
2383 if (!port->bond_hash) {
2386 port->bond_hash = xcalloc(BOND_MASK + 1, sizeof *port->bond_hash);
2387 for (i = 0; i <= BOND_MASK; i++) {
2388 struct bond_entry *e = &port->bond_hash[i];
2392 port->no_ifaces_tag = tag_create_random();
2393 bond_choose_active_iface(port);
2395 port_update_bond_compat(port);
2400 port_update_bond_compat(struct port *port)
2402 struct compat_bond bond;
2405 if (port->n_ifaces < 2) {
2410 bond.updelay = port->updelay;
2411 bond.downdelay = port->downdelay;
2412 bond.n_slaves = port->n_ifaces;
2413 bond.slaves = xmalloc(port->n_ifaces * sizeof *bond.slaves);
2414 for (i = 0; i < port->n_ifaces; i++) {
2415 struct iface *iface = port->ifaces[i];
2416 struct compat_bond_slave *slave = &bond.slaves[i];
2417 slave->name = iface->name;
2418 slave->up = ((iface->enabled && iface->delay_expires == LLONG_MAX) ||
2419 (!iface->enabled && iface->delay_expires != LLONG_MAX));
2423 memcpy(slave->mac, iface->mac, ETH_ADDR_LEN);
2425 proc_net_compat_update_bond(port->name, &bond);
2430 port_update_vlan_compat(struct port *port)
2432 struct bridge *br = port->bridge;
2433 char *vlandev_name = NULL;
2435 if (port->vlan > 0) {
2436 /* Figure out the name that the VLAN device should actually have, if it
2437 * existed. This takes some work because the VLAN device would not
2438 * have port->name in its name; rather, it would have the trunk port's
2439 * name, and 'port' would be attached to a bridge that also had the
2440 * VLAN device one of its ports. So we need to find a trunk port that
2441 * includes port->vlan.
2443 * There might be more than one candidate. This doesn't happen on
2444 * XenServer, so if it happens we just pick the first choice in
2445 * alphabetical order instead of creating multiple VLAN devices. */
2447 for (i = 0; i < br->n_ports; i++) {
2448 struct port *p = br->ports[i];
2449 if (port_trunks_vlan(p, port->vlan)
2451 && (!vlandev_name || strcmp(p->name, vlandev_name) <= 0))
2453 const uint8_t *ea = p->ifaces[0]->mac;
2454 if (!eth_addr_is_multicast(ea) &&
2455 !eth_addr_is_reserved(ea) &&
2456 !eth_addr_is_zero(ea)) {
2457 vlandev_name = p->name;
2462 proc_net_compat_update_vlan(port->name, vlandev_name, port->vlan);
2465 /* Interface functions. */
2468 iface_create(struct port *port, const char *name)
2470 enum netdev_flags flags;
2471 struct iface *iface;
2473 iface = xcalloc(1, sizeof *iface);
2475 iface->port_ifidx = port->n_ifaces;
2476 iface->name = xstrdup(name);
2477 iface->dp_ifidx = -1;
2478 iface->tag = tag_create_random();
2479 iface->enabled = true;
2480 iface->delay_expires = LLONG_MAX;
2482 netdev_nodev_get_etheraddr(name, iface->mac);
2484 if (!netdev_nodev_get_flags(name, &flags)) {
2485 iface->enabled = (flags & NETDEV_UP) != 0;
2488 if (port->n_ifaces >= port->allocated_ifaces) {
2489 port->ifaces = x2nrealloc(port->ifaces, &port->allocated_ifaces,
2490 sizeof *port->ifaces);
2492 port->ifaces[port->n_ifaces++] = iface;
2493 if (port->n_ifaces > 1) {
2494 port->bridge->has_bonded_ports = true;
2497 VLOG_DBG("attached network device %s to port %s", iface->name, port->name);
2499 port_update_bonding(port);
2500 bridge_flush(port->bridge);
2504 iface_destroy(struct iface *iface)
2507 struct port *port = iface->port;
2508 struct bridge *br = port->bridge;
2509 bool del_active = port->active_iface == iface->port_ifidx;
2512 if (iface->dp_ifidx >= 0) {
2513 port_array_set(&br->ifaces, iface->dp_ifidx, NULL);
2516 del = port->ifaces[iface->port_ifidx] = port->ifaces[--port->n_ifaces];
2517 del->port_ifidx = iface->port_ifidx;
2523 ofproto_revalidate(port->bridge->ofproto, port->active_iface_tag);
2524 bond_choose_active_iface(port);
2527 port_update_bonding(port);
2528 bridge_flush(port->bridge);
2532 static struct iface *
2533 iface_lookup(const struct bridge *br, const char *name)
2537 for (i = 0; i < br->n_ports; i++) {
2538 struct port *port = br->ports[i];
2539 for (j = 0; j < port->n_ifaces; j++) {
2540 struct iface *iface = port->ifaces[j];
2541 if (!strcmp(iface->name, name)) {
2549 static struct iface *
2550 iface_from_dp_ifidx(const struct bridge *br, uint16_t dp_ifidx)
2552 return port_array_get(&br->ifaces, dp_ifidx);
2555 /* Port mirroring. */
2558 mirror_reconfigure(struct bridge *br)
2560 struct svec old_mirrors, new_mirrors;
2563 /* Collect old and new mirrors. */
2564 svec_init(&old_mirrors);
2565 svec_init(&new_mirrors);
2566 cfg_get_subsections(&new_mirrors, "mirror.%s", br->name);
2567 for (i = 0; i < MAX_MIRRORS; i++) {
2568 if (br->mirrors[i]) {
2569 svec_add(&old_mirrors, br->mirrors[i]->name);
2573 /* Get rid of deleted mirrors and add new mirrors. */
2574 svec_sort(&old_mirrors);
2575 assert(svec_is_unique(&old_mirrors));
2576 svec_sort(&new_mirrors);
2577 assert(svec_is_unique(&new_mirrors));
2578 for (i = 0; i < MAX_MIRRORS; i++) {
2579 struct mirror *m = br->mirrors[i];
2580 if (m && !svec_contains(&new_mirrors, m->name)) {
2584 for (i = 0; i < new_mirrors.n; i++) {
2585 const char *name = new_mirrors.names[i];
2586 if (!svec_contains(&old_mirrors, name)) {
2587 mirror_create(br, name);
2590 svec_destroy(&old_mirrors);
2591 svec_destroy(&new_mirrors);
2593 /* Reconfigure all mirrors. */
2594 for (i = 0; i < MAX_MIRRORS; i++) {
2595 if (br->mirrors[i]) {
2596 mirror_reconfigure_one(br->mirrors[i]);
2600 /* Update port reserved status. */
2601 for (i = 0; i < br->n_ports; i++) {
2602 br->ports[i]->is_mirror_output_port = false;
2604 for (i = 0; i < MAX_MIRRORS; i++) {
2605 struct mirror *m = br->mirrors[i];
2606 if (m && m->out_port) {
2607 m->out_port->is_mirror_output_port = true;
2613 mirror_create(struct bridge *br, const char *name)
2618 for (i = 0; ; i++) {
2619 if (i >= MAX_MIRRORS) {
2620 VLOG_WARN("bridge %s: maximum of %d port mirrors reached, "
2621 "cannot create %s", br->name, MAX_MIRRORS, name);
2624 if (!br->mirrors[i]) {
2629 VLOG_INFO("created port mirror %s on bridge %s", name, br->name);
2632 br->mirrors[i] = m = xcalloc(1, sizeof *m);
2635 m->name = xstrdup(name);
2636 svec_init(&m->src_ports);
2637 svec_init(&m->dst_ports);
2645 mirror_destroy(struct mirror *m)
2648 struct bridge *br = m->bridge;
2651 for (i = 0; i < br->n_ports; i++) {
2652 br->ports[i]->src_mirrors &= ~(MIRROR_MASK_C(1) << m->idx);
2653 br->ports[i]->dst_mirrors &= ~(MIRROR_MASK_C(1) << m->idx);
2656 svec_destroy(&m->src_ports);
2657 svec_destroy(&m->dst_ports);
2660 m->bridge->mirrors[m->idx] = NULL;
2668 prune_ports(struct mirror *m, struct svec *ports)
2673 svec_sort_unique(ports);
2676 for (i = 0; i < ports->n; i++) {
2677 const char *name = ports->names[i];
2678 if (port_lookup(m->bridge, name)) {
2679 svec_add(&tmp, name);
2681 VLOG_WARN("mirror.%s.%s: cannot match on nonexistent port %s",
2682 m->bridge->name, m->name, name);
2685 svec_swap(ports, &tmp);
2690 prune_vlans(struct mirror *m, struct svec *vlan_strings, int **vlans)
2694 /* This isn't perfect: it won't combine "0" and "00", and the textual sort
2695 * order won't give us numeric sort order. But that's good enough for what
2696 * we need right now. */
2697 svec_sort_unique(vlan_strings);
2699 *vlans = xmalloc(sizeof *vlans * vlan_strings->n);
2701 for (i = 0; i < vlan_strings->n; i++) {
2702 const char *name = vlan_strings->names[i];
2704 if (!str_to_int(name, 10, &vlan) || vlan < 0 || vlan > 4095) {
2705 VLOG_WARN("mirror.%s.%s.select.vlan: ignoring invalid VLAN %s",
2706 m->bridge->name, m->name, name);
2708 (*vlans)[n_vlans++] = vlan;
2715 vlan_is_mirrored(const struct mirror *m, int vlan)
2719 for (i = 0; i < m->n_vlans; i++) {
2720 if (m->vlans[i] == vlan) {
2728 port_trunks_any_mirrored_vlan(const struct mirror *m, const struct port *p)
2732 for (i = 0; i < m->n_vlans; i++) {
2733 if (port_trunks_vlan(p, m->vlans[i])) {
2741 mirror_reconfigure_one(struct mirror *m)
2743 char *pfx = xasprintf("mirror.%s.%s", m->bridge->name, m->name);
2744 struct svec src_ports, dst_ports, ports;
2745 struct svec vlan_strings;
2746 mirror_mask_t mirror_bit;
2747 const char *out_port_name;
2748 struct port *out_port;
2753 bool mirror_all_ports;
2755 /* Get output port. */
2756 out_port_name = cfg_get_key(0, "mirror.%s.%s.output.port",
2757 m->bridge->name, m->name);
2758 if (out_port_name) {
2759 out_port = port_lookup(m->bridge, out_port_name);
2761 VLOG_ERR("%s.output.port: bridge %s does not have a port "
2762 "named %s", pfx, m->bridge->name, out_port_name);
2769 if (cfg_has("%s.output.vlan", pfx)) {
2770 VLOG_ERR("%s.output.port and %s.output.vlan both specified; "
2771 "ignoring %s.output.vlan", pfx, pfx, pfx);
2773 } else if (cfg_has("%s.output.vlan", pfx)) {
2775 out_vlan = cfg_get_vlan(0, "%s.output.vlan", pfx);
2777 VLOG_ERR("%s: neither %s.output.port nor %s.output.vlan specified, "
2778 "but exactly one is required; disabling port mirror %s",
2779 pfx, pfx, pfx, pfx);
2785 /* Get all the ports, and drop duplicates and ports that don't exist. */
2786 svec_init(&src_ports);
2787 svec_init(&dst_ports);
2789 cfg_get_all_keys(&src_ports, "%s.select.src-port", pfx);
2790 cfg_get_all_keys(&dst_ports, "%s.select.dst-port", pfx);
2791 cfg_get_all_keys(&ports, "%s.select.port", pfx);
2792 svec_append(&src_ports, &ports);
2793 svec_append(&dst_ports, &ports);
2794 svec_destroy(&ports);
2795 prune_ports(m, &src_ports);
2796 prune_ports(m, &dst_ports);
2798 /* Get all the vlans, and drop duplicate and invalid vlans. */
2799 svec_init(&vlan_strings);
2800 cfg_get_all_keys(&vlan_strings, "%s.select.vlan", pfx);
2801 n_vlans = prune_vlans(m, &vlan_strings, &vlans);
2802 svec_destroy(&vlan_strings);
2804 /* Update mirror data. */
2805 if (!svec_equal(&m->src_ports, &src_ports)
2806 || !svec_equal(&m->dst_ports, &dst_ports)
2807 || m->n_vlans != n_vlans
2808 || memcmp(m->vlans, vlans, sizeof *vlans * n_vlans)
2809 || m->out_port != out_port
2810 || m->out_vlan != out_vlan) {
2811 bridge_flush(m->bridge);
2813 svec_swap(&m->src_ports, &src_ports);
2814 svec_swap(&m->dst_ports, &dst_ports);
2817 m->n_vlans = n_vlans;
2818 m->out_port = out_port;
2819 m->out_vlan = out_vlan;
2821 /* If no selection criteria have been given, mirror for all ports. */
2822 mirror_all_ports = (!m->src_ports.n) && (!m->dst_ports.n) && (!m->n_vlans);
2825 mirror_bit = MIRROR_MASK_C(1) << m->idx;
2826 for (i = 0; i < m->bridge->n_ports; i++) {
2827 struct port *port = m->bridge->ports[i];
2829 if (mirror_all_ports
2830 || svec_contains(&m->src_ports, port->name)
2833 ? port_trunks_any_mirrored_vlan(m, port)
2834 : vlan_is_mirrored(m, port->vlan)))) {
2835 port->src_mirrors |= mirror_bit;
2837 port->src_mirrors &= ~mirror_bit;
2840 if (mirror_all_ports || svec_contains(&m->dst_ports, port->name)) {
2841 port->dst_mirrors |= mirror_bit;
2843 port->dst_mirrors &= ~mirror_bit;
2848 svec_destroy(&src_ports);
2849 svec_destroy(&dst_ports);
2853 /* Spanning tree protocol. */
2855 static void brstp_update_port_state(struct port *);
2858 brstp_send_bpdu(struct ofpbuf *pkt, int port_no, void *br_)
2860 struct bridge *br = br_;
2861 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2862 struct iface *iface = iface_from_dp_ifidx(br, port_no);
2864 VLOG_WARN_RL(&rl, "%s: cannot send BPDU on unknown port %d",
2866 } else if (eth_addr_is_zero(iface->mac)) {
2867 VLOG_WARN_RL(&rl, "%s: cannot send BPDU on port %d with unknown MAC",
2870 union ofp_action action;
2871 struct eth_header *eth = pkt->l2;
2874 memcpy(eth->eth_src, iface->mac, ETH_ADDR_LEN);
2876 memset(&action, 0, sizeof action);
2877 action.type = htons(OFPAT_OUTPUT);
2878 action.output.len = htons(sizeof action);
2879 action.output.port = htons(port_no);
2881 flow_extract(pkt, ODPP_NONE, &flow);
2882 ofproto_send_packet(br->ofproto, &flow, &action, 1, pkt);
2888 brstp_reconfigure(struct bridge *br)
2892 if (!cfg_get_bool(0, "stp.%s.enabled", br->name)) {
2894 stp_destroy(br->stp);
2900 uint64_t bridge_address, bridge_id;
2901 int bridge_priority;
2903 bridge_address = cfg_get_mac(0, "stp.%s.address", br->name);
2904 if (!bridge_address) {
2906 bridge_address = (stp_get_bridge_id(br->stp)
2907 & ((UINT64_C(1) << 48) - 1));
2909 uint8_t mac[ETH_ADDR_LEN];
2910 eth_addr_random(mac);
2911 bridge_address = eth_addr_to_uint64(mac);
2915 if (cfg_is_valid(CFG_INT | CFG_REQUIRED, "stp.%s.priority",
2917 bridge_priority = cfg_get_int(0, "stp.%s.priority", br->name);
2919 bridge_priority = STP_DEFAULT_BRIDGE_PRIORITY;
2922 bridge_id = bridge_address | ((uint64_t) bridge_priority << 48);
2924 br->stp = stp_create(br->name, bridge_id, brstp_send_bpdu, br);
2925 br->stp_last_tick = time_msec();
2928 if (bridge_id != stp_get_bridge_id(br->stp)) {
2929 stp_set_bridge_id(br->stp, bridge_id);
2934 for (i = 0; i < br->n_ports; i++) {
2935 struct port *p = br->ports[i];
2937 struct stp_port *sp;
2938 int path_cost, priority;
2944 dp_ifidx = p->ifaces[0]->dp_ifidx;
2945 if (dp_ifidx < 0 || dp_ifidx >= STP_MAX_PORTS) {
2949 sp = stp_get_port(br->stp, dp_ifidx);
2950 enable = (!cfg_is_valid(CFG_BOOL | CFG_REQUIRED,
2951 "stp.%s.port.%s.enabled",
2953 || cfg_get_bool(0, "stp.%s.port.%s.enabled",
2954 br->name, p->name));
2955 if (p->is_mirror_output_port) {
2958 if (enable != (stp_port_get_state(sp) != STP_DISABLED)) {
2959 bridge_flush(br); /* Might not be necessary. */
2961 stp_port_enable(sp);
2963 stp_port_disable(sp);
2967 path_cost = cfg_get_int(0, "stp.%s.port.%s.path-cost",
2969 stp_port_set_path_cost(sp, path_cost ? path_cost : 19 /* XXX */);
2971 priority = (cfg_is_valid(CFG_INT | CFG_REQUIRED,
2972 "stp.%s.port.%s.priority",
2974 ? cfg_get_int(0, "stp.%s.port.%s.priority",
2976 : STP_DEFAULT_PORT_PRIORITY);
2977 stp_port_set_priority(sp, priority);
2980 brstp_adjust_timers(br);
2982 for (i = 0; i < br->n_ports; i++) {
2983 brstp_update_port_state(br->ports[i]);
2988 brstp_update_port_state(struct port *p)
2990 struct bridge *br = p->bridge;
2991 enum stp_state state;
2993 /* Figure out new state. */
2994 state = STP_DISABLED;
2995 if (br->stp && p->n_ifaces > 0) {
2996 int dp_ifidx = p->ifaces[0]->dp_ifidx;
2997 if (dp_ifidx >= 0 && dp_ifidx < STP_MAX_PORTS) {
2998 state = stp_port_get_state(stp_get_port(br->stp, dp_ifidx));
3003 if (p->stp_state != state) {
3004 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(10, 10);
3005 VLOG_INFO_RL(&rl, "port %s: STP state changed from %s to %s",
3006 p->name, stp_state_name(p->stp_state),
3007 stp_state_name(state));
3008 if (p->stp_state == STP_DISABLED) {
3011 ofproto_revalidate(p->bridge->ofproto, p->stp_state_tag);
3013 p->stp_state = state;
3014 p->stp_state_tag = (p->stp_state == STP_DISABLED ? 0
3015 : tag_create_random());
3020 brstp_adjust_timers(struct bridge *br)
3022 int hello_time = cfg_get_int(0, "stp.%s.hello-time", br->name);
3023 int max_age = cfg_get_int(0, "stp.%s.max-age", br->name);
3024 int forward_delay = cfg_get_int(0, "stp.%s.forward-delay", br->name);
3026 stp_set_hello_time(br->stp, hello_time ? hello_time : 2000);
3027 stp_set_max_age(br->stp, max_age ? max_age : 20000);
3028 stp_set_forward_delay(br->stp, forward_delay ? forward_delay : 15000);
3032 brstp_run(struct bridge *br)
3035 long long int now = time_msec();
3036 long long int elapsed = now - br->stp_last_tick;
3037 struct stp_port *sp;
3040 stp_tick(br->stp, MIN(INT_MAX, elapsed));
3041 br->stp_last_tick = now;
3043 while (stp_get_changed_port(br->stp, &sp)) {
3044 struct port *p = port_from_dp_ifidx(br, stp_port_no(sp));
3046 brstp_update_port_state(p);
3053 brstp_wait(struct bridge *br)
3056 poll_timer_wait(1000);
git://git.onelab.eu / sliver-openvswitch.git / blob