1 /* Copyright (c) 2008, 2009, 2010, 2011 Nicira Networks
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
18 #include "byte-order.h"
21 #include <arpa/inet.h>
24 #include <sys/socket.h>
26 #include <openflow/openflow.h>
31 #include <sys/socket.h>
32 #include <sys/types.h>
36 #include "classifier.h"
41 #include "dynamic-string.h"
47 #include "mac-learning.h"
51 #include "ofp-print.h"
53 #include "ofproto/netflow.h"
54 #include "ofproto/ofproto.h"
55 #include "ovsdb-data.h"
57 #include "poll-loop.h"
58 #include "proc-net-compat.h"
62 #include "socket-util.h"
63 #include "stream-ssl.h"
65 #include "system-stats.h"
70 #include "vswitchd/vswitch-idl.h"
71 #include "xenserver.h"
73 #include "sflow_api.h"
75 VLOG_DEFINE_THIS_MODULE(bridge);
77 COVERAGE_DEFINE(bridge_flush);
78 COVERAGE_DEFINE(bridge_process_flow);
79 COVERAGE_DEFINE(bridge_process_cfm);
80 COVERAGE_DEFINE(bridge_process_lacp);
81 COVERAGE_DEFINE(bridge_reconfigure);
82 COVERAGE_DEFINE(bridge_lacp_update);
90 struct dst builtin[32];
95 static void dst_set_init(struct dst_set *);
96 static void dst_set_add(struct dst_set *, const struct dst *);
97 static void dst_set_free(struct dst_set *);
100 LACP_CURRENT = 0x01, /* Current State. */
101 LACP_EXPIRED = 0x02, /* Expired State. */
102 LACP_DEFAULTED = 0x04, /* Partner is defaulted. */
103 LACP_ATTACHED = 0x08, /* Attached. Interface may be choosen for flows. */
107 /* These members are always valid. */
108 struct port *port; /* Containing port. */
109 size_t port_ifidx; /* Index within containing port. */
110 char *name; /* Host network device name. */
111 tag_type tag; /* Tag associated with this interface. */
112 long long delay_expires; /* Time after which 'enabled' may change. */
114 /* These members are valid only after bridge_reconfigure() causes them to
116 struct hmap_node dp_ifidx_node; /* In struct bridge's "ifaces" hmap. */
117 int dp_ifidx; /* Index within kernel datapath. */
118 struct netdev *netdev; /* Network device. */
119 bool enabled; /* May be chosen for flows? */
120 bool up; /* Is the interface up? */
121 const char *type; /* Usually same as cfg->type. */
122 struct cfm *cfm; /* Connectivity Fault Management */
123 const struct ovsrec_interface *cfg;
125 /* LACP information. */
126 enum lacp_status lacp_status; /* LACP status. */
127 uint16_t lacp_priority; /* LACP port priority. */
128 struct lacp_info lacp_actor; /* LACP actor information. */
129 struct lacp_info lacp_partner; /* LACP partner information. */
130 long long int lacp_tx; /* Next LACP message transmission time. */
131 long long int lacp_rx; /* Next LACP message receive time. */
134 #define BOND_MASK 0xff
136 int iface_idx; /* Index of assigned iface, or -1 if none. */
137 uint64_t tx_bytes; /* Count of bytes recently transmitted. */
138 tag_type iface_tag; /* Tag associated with iface_idx. */
142 BM_TCP, /* Transport Layer Load Balance. */
143 BM_SLB, /* Source Load Balance. */
144 BM_AB /* Active Backup. */
147 #define MAX_MIRRORS 32
148 typedef uint32_t mirror_mask_t;
149 #define MIRROR_MASK_C(X) UINT32_C(X)
150 BUILD_ASSERT_DECL(sizeof(mirror_mask_t) * CHAR_BIT >= MAX_MIRRORS);
152 struct bridge *bridge;
155 struct uuid uuid; /* UUID of this "mirror" record in database. */
157 /* Selection criteria. */
158 struct shash src_ports; /* Name is port name; data is always NULL. */
159 struct shash dst_ports; /* Name is port name; data is always NULL. */
164 struct port *out_port;
168 /* Flags for a port's lacp member. */
169 #define LACP_ACTIVE 0x01 /* LACP is in active mode. */
170 #define LACP_PASSIVE 0x02 /* LACP is in passive mode. */
171 #define LACP_NEGOTIATED 0x04 /* LACP has successfully negotiated. */
173 #define FLOOD_PORT ((struct port *) 1) /* The 'flood' output port. */
175 struct bridge *bridge;
177 int vlan; /* -1=trunk port, else a 12-bit VLAN ID. */
178 unsigned long *trunks; /* Bitmap of trunked VLANs, if 'vlan' == -1.
179 * NULL if all VLANs are trunked. */
180 const struct ovsrec_port *cfg;
183 /* An ordinary bridge port has 1 interface.
184 * A bridge port for bonding has at least 2 interfaces. */
185 struct iface **ifaces;
186 size_t n_ifaces, allocated_ifaces;
189 enum bond_mode bond_mode; /* Type of the bond. BM_SLB is the default. */
190 int active_iface; /* Ifidx on which bcasts accepted, or -1. */
191 tag_type active_iface_tag; /* Tag for bcast flows. */
192 tag_type no_ifaces_tag; /* Tag for flows when all ifaces disabled. */
193 int updelay, downdelay; /* Delay before iface goes up/down, in ms. */
194 bool bond_compat_is_stale; /* Need to call port_update_bond_compat()? */
195 bool bond_fake_iface; /* Fake a bond interface for legacy compat? */
196 bool miimon; /* Use miimon instead of carrier? */
197 long long int bond_miimon_interval; /* Miimon status refresh interval. */
198 long long int bond_miimon_next_update; /* Time of next miimon update. */
199 long long int bond_next_fake_iface_update; /* Time of next update. */
200 struct netdev_monitor *monitor; /* Tracks carrier up/down status. */
202 /* LACP information. */
203 int lacp; /* LACP status flags. 0 if LACP is off. */
204 uint16_t lacp_key; /* LACP aggregation key. */
205 uint16_t lacp_priority; /* LACP system priority. */
206 bool lacp_need_update; /* Need to update attached interfaces? */
208 /* SLB specific bonding info. */
209 struct bond_entry *bond_hash; /* An array of (BOND_MASK + 1) elements. */
210 int bond_rebalance_interval; /* Interval between rebalances, in ms. */
211 long long int bond_next_rebalance; /* Next rebalancing time. */
213 /* Port mirroring info. */
214 mirror_mask_t src_mirrors; /* Mirrors triggered when packet received. */
215 mirror_mask_t dst_mirrors; /* Mirrors triggered when packet sent. */
216 bool is_mirror_output_port; /* Does port mirroring send frames here? */
220 struct list node; /* Node in global list of bridges. */
221 char *name; /* User-specified arbitrary name. */
222 struct mac_learning *ml; /* MAC learning table. */
223 uint8_t ea[ETH_ADDR_LEN]; /* Bridge Ethernet Address. */
224 uint8_t default_ea[ETH_ADDR_LEN]; /* Default MAC. */
225 const struct ovsrec_bridge *cfg;
227 /* OpenFlow switch processing. */
228 struct ofproto *ofproto; /* OpenFlow switch. */
230 /* Kernel datapath information. */
231 struct dpif *dpif; /* Datapath. */
232 struct hmap ifaces; /* Contains "struct iface"s. */
236 size_t n_ports, allocated_ports;
237 struct shash iface_by_name; /* "struct iface"s indexed by name. */
238 struct shash port_by_name; /* "struct port"s indexed by name. */
241 bool has_bonded_ports;
246 /* Port mirroring. */
247 struct mirror *mirrors[MAX_MIRRORS];
250 /* List of all bridges. */
251 static struct list all_bridges = LIST_INITIALIZER(&all_bridges);
253 /* OVSDB IDL used to obtain configuration. */
254 static struct ovsdb_idl *idl;
256 /* Each time this timer expires, the bridge fetches systems and interface
257 * statistics and pushes them into the database. */
258 #define STATS_INTERVAL (5 * 1000) /* In milliseconds. */
259 static long long int stats_timer = LLONG_MIN;
261 static struct bridge *bridge_create(const struct ovsrec_bridge *br_cfg);
262 static void bridge_destroy(struct bridge *);
263 static struct bridge *bridge_lookup(const char *name);
264 static unixctl_cb_func bridge_unixctl_dump_flows;
265 static unixctl_cb_func bridge_unixctl_reconnect;
266 static int bridge_run_one(struct bridge *);
267 static size_t bridge_get_controllers(const struct bridge *br,
268 struct ovsrec_controller ***controllersp);
269 static void bridge_reconfigure_one(struct bridge *);
270 static void bridge_reconfigure_remotes(struct bridge *,
271 const struct sockaddr_in *managers,
273 static void bridge_get_all_ifaces(const struct bridge *, struct shash *ifaces);
274 static void bridge_fetch_dp_ifaces(struct bridge *);
275 static void bridge_flush(struct bridge *);
276 static void bridge_pick_local_hw_addr(struct bridge *,
277 uint8_t ea[ETH_ADDR_LEN],
278 struct iface **hw_addr_iface);
279 static uint64_t bridge_pick_datapath_id(struct bridge *,
280 const uint8_t bridge_ea[ETH_ADDR_LEN],
281 struct iface *hw_addr_iface);
282 static struct iface *bridge_get_local_iface(struct bridge *);
283 static uint64_t dpid_from_hash(const void *, size_t nbytes);
285 static unixctl_cb_func bridge_unixctl_fdb_show;
287 static void lacp_run(struct bridge *);
288 static void lacp_wait(struct bridge *);
289 static void lacp_process_packet(const struct ofpbuf *, struct iface *);
291 static void bond_init(void);
292 static void bond_run(struct bridge *);
293 static void bond_wait(struct bridge *);
294 static void bond_rebalance_port(struct port *);
295 static void bond_send_learning_packets(struct port *);
296 static void bond_enable_slave(struct iface *iface, bool enable);
298 static struct port *port_create(struct bridge *, const char *name);
299 static void port_reconfigure(struct port *, const struct ovsrec_port *);
300 static void port_del_ifaces(struct port *, const struct ovsrec_port *);
301 static void port_destroy(struct port *);
302 static struct port *port_lookup(const struct bridge *, const char *name);
303 static struct iface *port_lookup_iface(const struct port *, const char *name);
304 static struct port *port_from_dp_ifidx(const struct bridge *,
306 static void port_update_bond_compat(struct port *);
307 static void port_update_vlan_compat(struct port *);
308 static void port_update_bonding(struct port *);
309 static void port_update_lacp(struct port *);
311 static void mirror_create(struct bridge *, struct ovsrec_mirror *);
312 static void mirror_destroy(struct mirror *);
313 static void mirror_reconfigure(struct bridge *);
314 static void mirror_reconfigure_one(struct mirror *, struct ovsrec_mirror *);
315 static bool vlan_is_mirrored(const struct mirror *, int vlan);
317 static struct iface *iface_create(struct port *port,
318 const struct ovsrec_interface *if_cfg);
319 static void iface_destroy(struct iface *);
320 static struct iface *iface_lookup(const struct bridge *, const char *name);
321 static struct iface *iface_from_dp_ifidx(const struct bridge *,
323 static void iface_set_mac(struct iface *);
324 static void iface_set_ofport(const struct ovsrec_interface *, int64_t ofport);
325 static void iface_update_qos(struct iface *, const struct ovsrec_qos *);
326 static void iface_update_cfm(struct iface *);
327 static void iface_refresh_cfm_stats(struct iface *iface);
328 static void iface_send_packet(struct iface *, struct ofpbuf *packet);
329 static uint8_t iface_get_lacp_state(const struct iface *);
330 static void iface_get_lacp_priority(struct iface *, struct lacp_info *);
331 static void iface_set_lacp_defaulted(struct iface *);
332 static void iface_set_lacp_expired(struct iface *);
334 static void shash_from_ovs_idl_map(char **keys, char **values, size_t n,
336 static void shash_to_ovs_idl_map(struct shash *,
337 char ***keys, char ***values, size_t *n);
340 /* Hooks into ofproto processing. */
341 static struct ofhooks bridge_ofhooks;
343 /* Public functions. */
345 /* Initializes the bridge module, configuring it to obtain its configuration
346 * from an OVSDB server accessed over 'remote', which should be a string in a
347 * form acceptable to ovsdb_idl_create(). */
349 bridge_init(const char *remote)
351 /* Create connection to database. */
352 idl = ovsdb_idl_create(remote, &ovsrec_idl_class, true);
354 ovsdb_idl_omit_alert(idl, &ovsrec_open_vswitch_col_cur_cfg);
355 ovsdb_idl_omit_alert(idl, &ovsrec_open_vswitch_col_statistics);
356 ovsdb_idl_omit(idl, &ovsrec_open_vswitch_col_external_ids);
358 ovsdb_idl_omit(idl, &ovsrec_bridge_col_external_ids);
360 ovsdb_idl_omit(idl, &ovsrec_port_col_external_ids);
361 ovsdb_idl_omit(idl, &ovsrec_port_col_fake_bridge);
363 ovsdb_idl_omit_alert(idl, &ovsrec_interface_col_ofport);
364 ovsdb_idl_omit_alert(idl, &ovsrec_interface_col_statistics);
365 ovsdb_idl_omit(idl, &ovsrec_interface_col_external_ids);
367 /* Register unixctl commands. */
368 unixctl_command_register("fdb/show", bridge_unixctl_fdb_show, NULL);
369 unixctl_command_register("bridge/dump-flows", bridge_unixctl_dump_flows,
371 unixctl_command_register("bridge/reconnect", bridge_unixctl_reconnect,
379 struct bridge *br, *next_br;
381 LIST_FOR_EACH_SAFE (br, next_br, node, &all_bridges) {
384 ovsdb_idl_destroy(idl);
387 /* Performs configuration that is only necessary once at ovs-vswitchd startup,
388 * but for which the ovs-vswitchd configuration 'cfg' is required. */
390 bridge_configure_once(const struct ovsrec_open_vswitch *cfg)
392 static bool already_configured_once;
393 struct svec bridge_names;
394 struct svec dpif_names, dpif_types;
397 /* Only do this once per ovs-vswitchd run. */
398 if (already_configured_once) {
401 already_configured_once = true;
403 stats_timer = time_msec() + STATS_INTERVAL;
405 /* Get all the configured bridges' names from 'cfg' into 'bridge_names'. */
406 svec_init(&bridge_names);
407 for (i = 0; i < cfg->n_bridges; i++) {
408 svec_add(&bridge_names, cfg->bridges[i]->name);
410 svec_sort(&bridge_names);
412 /* Iterate over all system dpifs and delete any of them that do not appear
414 svec_init(&dpif_names);
415 svec_init(&dpif_types);
416 dp_enumerate_types(&dpif_types);
417 for (i = 0; i < dpif_types.n; i++) {
420 dp_enumerate_names(dpif_types.names[i], &dpif_names);
422 /* Delete each dpif whose name is not in 'bridge_names'. */
423 for (j = 0; j < dpif_names.n; j++) {
424 if (!svec_contains(&bridge_names, dpif_names.names[j])) {
428 retval = dpif_open(dpif_names.names[j], dpif_types.names[i],
437 svec_destroy(&bridge_names);
438 svec_destroy(&dpif_names);
439 svec_destroy(&dpif_types);
442 /* Callback for iterate_and_prune_ifaces(). */
444 check_iface(struct bridge *br, struct iface *iface, void *aux OVS_UNUSED)
446 if (!iface->netdev) {
447 /* We already reported a related error, don't bother duplicating it. */
451 if (iface->dp_ifidx < 0) {
452 VLOG_ERR("%s interface not in %s, dropping",
453 iface->name, dpif_name(br->dpif));
457 VLOG_DBG("%s has interface %s on port %d", dpif_name(br->dpif),
458 iface->name, iface->dp_ifidx);
462 /* Callback for iterate_and_prune_ifaces(). */
464 set_iface_properties(struct bridge *br OVS_UNUSED, struct iface *iface,
465 void *aux OVS_UNUSED)
467 /* Set policing attributes. */
468 netdev_set_policing(iface->netdev,
469 iface->cfg->ingress_policing_rate,
470 iface->cfg->ingress_policing_burst);
472 /* Set MAC address of internal interfaces other than the local
474 if (iface->dp_ifidx != ODPP_LOCAL && !strcmp(iface->type, "internal")) {
475 iface_set_mac(iface);
481 /* Calls 'cb' for each interfaces in 'br', passing along the 'aux' argument.
482 * Deletes from 'br' all the interfaces for which 'cb' returns false, and then
483 * deletes from 'br' any ports that no longer have any interfaces. */
485 iterate_and_prune_ifaces(struct bridge *br,
486 bool (*cb)(struct bridge *, struct iface *,
492 for (i = 0; i < br->n_ports; ) {
493 struct port *port = br->ports[i];
494 for (j = 0; j < port->n_ifaces; ) {
495 struct iface *iface = port->ifaces[j];
496 if (cb(br, iface, aux)) {
499 iface_set_ofport(iface->cfg, -1);
500 iface_destroy(iface);
504 if (port->n_ifaces) {
507 VLOG_ERR("%s port has no interfaces, dropping", port->name);
513 /* Looks at the list of managers in 'ovs_cfg' and extracts their remote IP
514 * addresses and ports into '*managersp' and '*n_managersp'. The caller is
515 * responsible for freeing '*managersp' (with free()).
517 * You may be asking yourself "why does ovs-vswitchd care?", because
518 * ovsdb-server is responsible for connecting to the managers, and ovs-vswitchd
519 * should not be and in fact is not directly involved in that. But
520 * ovs-vswitchd needs to make sure that ovsdb-server can reach the managers, so
521 * it has to tell in-band control where the managers are to enable that.
522 * (Thus, only managers connected in-band are collected.)
525 collect_in_band_managers(const struct ovsrec_open_vswitch *ovs_cfg,
526 struct sockaddr_in **managersp, size_t *n_managersp)
528 struct sockaddr_in *managers = NULL;
529 size_t n_managers = 0;
530 struct shash targets;
533 /* Collect all of the potential targets, as the union of the "managers"
534 * column and the "targets" columns of the rows pointed to by
535 * "manager_options", excluding any that are out-of-band. */
536 shash_init(&targets);
537 for (i = 0; i < ovs_cfg->n_managers; i++) {
538 shash_add_once(&targets, ovs_cfg->managers[i], NULL);
540 for (i = 0; i < ovs_cfg->n_manager_options; i++) {
541 struct ovsrec_manager *m = ovs_cfg->manager_options[i];
543 if (m->connection_mode && !strcmp(m->connection_mode, "out-of-band")) {
544 shash_find_and_delete(&targets, m->target);
546 shash_add_once(&targets, m->target, NULL);
550 /* Now extract the targets' IP addresses. */
551 if (!shash_is_empty(&targets)) {
552 struct shash_node *node;
554 managers = xmalloc(shash_count(&targets) * sizeof *managers);
555 SHASH_FOR_EACH (node, &targets) {
556 const char *target = node->name;
557 struct sockaddr_in *sin = &managers[n_managers];
559 if ((!strncmp(target, "tcp:", 4)
560 && inet_parse_active(target + 4, JSONRPC_TCP_PORT, sin)) ||
561 (!strncmp(target, "ssl:", 4)
562 && inet_parse_active(target + 4, JSONRPC_SSL_PORT, sin))) {
567 shash_destroy(&targets);
569 *managersp = managers;
570 *n_managersp = n_managers;
574 bridge_reconfigure(const struct ovsrec_open_vswitch *ovs_cfg)
576 struct shash old_br, new_br;
577 struct shash_node *node;
578 struct bridge *br, *next;
579 struct sockaddr_in *managers;
582 int sflow_bridge_number;
584 COVERAGE_INC(bridge_reconfigure);
586 collect_in_band_managers(ovs_cfg, &managers, &n_managers);
588 /* Collect old and new bridges. */
591 LIST_FOR_EACH (br, node, &all_bridges) {
592 shash_add(&old_br, br->name, br);
594 for (i = 0; i < ovs_cfg->n_bridges; i++) {
595 const struct ovsrec_bridge *br_cfg = ovs_cfg->bridges[i];
596 if (!shash_add_once(&new_br, br_cfg->name, br_cfg)) {
597 VLOG_WARN("more than one bridge named %s", br_cfg->name);
601 /* Get rid of deleted bridges and add new bridges. */
602 LIST_FOR_EACH_SAFE (br, next, node, &all_bridges) {
603 struct ovsrec_bridge *br_cfg = shash_find_data(&new_br, br->name);
610 SHASH_FOR_EACH (node, &new_br) {
611 const char *br_name = node->name;
612 const struct ovsrec_bridge *br_cfg = node->data;
613 br = shash_find_data(&old_br, br_name);
615 /* If the bridge datapath type has changed, we need to tear it
616 * down and recreate. */
617 if (strcmp(br->cfg->datapath_type, br_cfg->datapath_type)) {
619 bridge_create(br_cfg);
622 bridge_create(br_cfg);
625 shash_destroy(&old_br);
626 shash_destroy(&new_br);
628 /* Reconfigure all bridges. */
629 LIST_FOR_EACH (br, node, &all_bridges) {
630 bridge_reconfigure_one(br);
633 /* Add and delete ports on all datapaths.
635 * The kernel will reject any attempt to add a given port to a datapath if
636 * that port already belongs to a different datapath, so we must do all
637 * port deletions before any port additions. */
638 LIST_FOR_EACH (br, node, &all_bridges) {
639 struct dpif_port_dump dump;
640 struct shash want_ifaces;
641 struct dpif_port dpif_port;
643 bridge_get_all_ifaces(br, &want_ifaces);
644 DPIF_PORT_FOR_EACH (&dpif_port, &dump, br->dpif) {
645 if (!shash_find(&want_ifaces, dpif_port.name)
646 && strcmp(dpif_port.name, br->name)) {
647 int retval = dpif_port_del(br->dpif, dpif_port.port_no);
649 VLOG_ERR("failed to remove %s interface from %s: %s",
650 dpif_port.name, dpif_name(br->dpif),
655 shash_destroy(&want_ifaces);
657 LIST_FOR_EACH (br, node, &all_bridges) {
658 struct shash cur_ifaces, want_ifaces;
659 struct dpif_port_dump dump;
660 struct dpif_port dpif_port;
662 /* Get the set of interfaces currently in this datapath. */
663 shash_init(&cur_ifaces);
664 DPIF_PORT_FOR_EACH (&dpif_port, &dump, br->dpif) {
665 struct dpif_port *port_info = xmalloc(sizeof *port_info);
666 dpif_port_clone(port_info, &dpif_port);
667 shash_add(&cur_ifaces, dpif_port.name, port_info);
670 /* Get the set of interfaces we want on this datapath. */
671 bridge_get_all_ifaces(br, &want_ifaces);
673 hmap_clear(&br->ifaces);
674 SHASH_FOR_EACH (node, &want_ifaces) {
675 const char *if_name = node->name;
676 struct iface *iface = node->data;
677 struct dpif_port *dpif_port;
681 type = iface ? iface->type : "internal";
682 dpif_port = shash_find_data(&cur_ifaces, if_name);
684 /* If we have a port or a netdev already, and it's not the type we
685 * want, then delete the port (if any) and close the netdev (if
687 if ((dpif_port && strcmp(dpif_port->type, type))
688 || (iface && iface->netdev
689 && strcmp(type, netdev_get_type(iface->netdev)))) {
691 error = ofproto_port_del(br->ofproto, dpif_port->port_no);
698 netdev_close(iface->netdev);
699 iface->netdev = NULL;
703 /* If the port doesn't exist or we don't have the netdev open,
704 * we need to do more work. */
705 if (!dpif_port || (iface && !iface->netdev)) {
706 struct netdev_options options;
707 struct netdev *netdev;
710 /* First open the network device. */
711 options.name = if_name;
713 options.args = &args;
714 options.ethertype = NETDEV_ETH_TYPE_NONE;
718 shash_from_ovs_idl_map(iface->cfg->key_options,
719 iface->cfg->value_options,
720 iface->cfg->n_options, &args);
722 error = netdev_open(&options, &netdev);
723 shash_destroy(&args);
726 VLOG_WARN("could not open network device %s (%s)",
727 if_name, strerror(error));
731 /* Then add the port if we haven't already. */
733 error = dpif_port_add(br->dpif, netdev, NULL);
735 netdev_close(netdev);
736 if (error == EFBIG) {
737 VLOG_ERR("ran out of valid port numbers on %s",
738 dpif_name(br->dpif));
741 VLOG_ERR("failed to add %s interface to %s: %s",
742 if_name, dpif_name(br->dpif),
749 /* Update 'iface'. */
751 iface->netdev = netdev;
752 iface->enabled = netdev_get_carrier(iface->netdev);
753 iface->up = iface->enabled;
755 } else if (iface && iface->netdev) {
759 shash_from_ovs_idl_map(iface->cfg->key_options,
760 iface->cfg->value_options,
761 iface->cfg->n_options, &args);
762 netdev_set_config(iface->netdev, &args);
763 shash_destroy(&args);
766 shash_destroy(&want_ifaces);
768 SHASH_FOR_EACH (node, &cur_ifaces) {
769 struct dpif_port *port_info = node->data;
770 dpif_port_destroy(port_info);
773 shash_destroy(&cur_ifaces);
775 sflow_bridge_number = 0;
776 LIST_FOR_EACH (br, node, &all_bridges) {
779 struct iface *local_iface;
780 struct iface *hw_addr_iface;
783 bridge_fetch_dp_ifaces(br);
785 iterate_and_prune_ifaces(br, check_iface, NULL);
787 /* Pick local port hardware address, datapath ID. */
788 bridge_pick_local_hw_addr(br, ea, &hw_addr_iface);
789 local_iface = bridge_get_local_iface(br);
791 int error = netdev_set_etheraddr(local_iface->netdev, ea);
793 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
794 VLOG_ERR_RL(&rl, "bridge %s: failed to set bridge "
795 "Ethernet address: %s",
796 br->name, strerror(error));
799 memcpy(br->ea, ea, ETH_ADDR_LEN);
801 dpid = bridge_pick_datapath_id(br, ea, hw_addr_iface);
802 ofproto_set_datapath_id(br->ofproto, dpid);
804 dpid_string = xasprintf("%016"PRIx64, dpid);
805 ovsrec_bridge_set_datapath_id(br->cfg, dpid_string);
808 /* Set NetFlow configuration on this bridge. */
809 if (br->cfg->netflow) {
810 struct ovsrec_netflow *nf_cfg = br->cfg->netflow;
811 struct netflow_options opts;
813 memset(&opts, 0, sizeof opts);
815 dpif_get_netflow_ids(br->dpif, &opts.engine_type, &opts.engine_id);
816 if (nf_cfg->engine_type) {
817 opts.engine_type = *nf_cfg->engine_type;
819 if (nf_cfg->engine_id) {
820 opts.engine_id = *nf_cfg->engine_id;
823 opts.active_timeout = nf_cfg->active_timeout;
824 if (!opts.active_timeout) {
825 opts.active_timeout = -1;
826 } else if (opts.active_timeout < 0) {
827 VLOG_WARN("bridge %s: active timeout interval set to negative "
828 "value, using default instead (%d seconds)", br->name,
829 NF_ACTIVE_TIMEOUT_DEFAULT);
830 opts.active_timeout = -1;
833 opts.add_id_to_iface = nf_cfg->add_id_to_interface;
834 if (opts.add_id_to_iface) {
835 if (opts.engine_id > 0x7f) {
836 VLOG_WARN("bridge %s: netflow port mangling may conflict "
837 "with another vswitch, choose an engine id less "
838 "than 128", br->name);
840 if (br->n_ports > 508) {
841 VLOG_WARN("bridge %s: netflow port mangling will conflict "
842 "with another port when more than 508 ports are "
847 opts.collectors.n = nf_cfg->n_targets;
848 opts.collectors.names = nf_cfg->targets;
849 if (ofproto_set_netflow(br->ofproto, &opts)) {
850 VLOG_ERR("bridge %s: problem setting netflow collectors",
854 ofproto_set_netflow(br->ofproto, NULL);
857 /* Set sFlow configuration on this bridge. */
858 if (br->cfg->sflow) {
859 const struct ovsrec_sflow *sflow_cfg = br->cfg->sflow;
860 struct ovsrec_controller **controllers;
861 struct ofproto_sflow_options oso;
862 size_t n_controllers;
864 memset(&oso, 0, sizeof oso);
866 oso.targets.n = sflow_cfg->n_targets;
867 oso.targets.names = sflow_cfg->targets;
869 oso.sampling_rate = SFL_DEFAULT_SAMPLING_RATE;
870 if (sflow_cfg->sampling) {
871 oso.sampling_rate = *sflow_cfg->sampling;
874 oso.polling_interval = SFL_DEFAULT_POLLING_INTERVAL;
875 if (sflow_cfg->polling) {
876 oso.polling_interval = *sflow_cfg->polling;
879 oso.header_len = SFL_DEFAULT_HEADER_SIZE;
880 if (sflow_cfg->header) {
881 oso.header_len = *sflow_cfg->header;
884 oso.sub_id = sflow_bridge_number++;
885 oso.agent_device = sflow_cfg->agent;
887 oso.control_ip = NULL;
888 n_controllers = bridge_get_controllers(br, &controllers);
889 for (i = 0; i < n_controllers; i++) {
890 if (controllers[i]->local_ip) {
891 oso.control_ip = controllers[i]->local_ip;
895 ofproto_set_sflow(br->ofproto, &oso);
897 /* Do not destroy oso.targets because it is owned by sflow_cfg. */
899 ofproto_set_sflow(br->ofproto, NULL);
902 /* Update the controller and related settings. It would be more
903 * straightforward to call this from bridge_reconfigure_one(), but we
904 * can't do it there for two reasons. First, and most importantly, at
905 * that point we don't know the dp_ifidx of any interfaces that have
906 * been added to the bridge (because we haven't actually added them to
907 * the datapath). Second, at that point we haven't set the datapath ID
908 * yet; when a controller is configured, resetting the datapath ID will
909 * immediately disconnect from the controller, so it's better to set
910 * the datapath ID before the controller. */
911 bridge_reconfigure_remotes(br, managers, n_managers);
913 LIST_FOR_EACH (br, node, &all_bridges) {
914 for (i = 0; i < br->n_ports; i++) {
915 struct port *port = br->ports[i];
918 port_update_vlan_compat(port);
919 port_update_bonding(port);
920 port_update_lacp(port);
922 for (j = 0; j < port->n_ifaces; j++) {
923 iface_update_qos(port->ifaces[j], port->cfg->qos);
927 LIST_FOR_EACH (br, node, &all_bridges) {
928 iterate_and_prune_ifaces(br, set_iface_properties, NULL);
931 LIST_FOR_EACH (br, node, &all_bridges) {
933 HMAP_FOR_EACH (iface, dp_ifidx_node, &br->ifaces) {
934 iface_update_cfm(iface);
940 /* ovs-vswitchd has completed initialization, so allow the process that
941 * forked us to exit successfully. */
942 daemonize_complete();
946 get_ovsrec_key_value(const struct ovsdb_idl_row *row,
947 const struct ovsdb_idl_column *column,
950 const struct ovsdb_datum *datum;
951 union ovsdb_atom atom;
954 datum = ovsdb_idl_get(row, column, OVSDB_TYPE_STRING, OVSDB_TYPE_STRING);
955 atom.string = (char *) key;
956 idx = ovsdb_datum_find_key(datum, &atom, OVSDB_TYPE_STRING);
957 return idx == UINT_MAX ? NULL : datum->values[idx].string;
961 bridge_get_other_config(const struct ovsrec_bridge *br_cfg, const char *key)
963 return get_ovsrec_key_value(&br_cfg->header_,
964 &ovsrec_bridge_col_other_config, key);
968 bridge_pick_local_hw_addr(struct bridge *br, uint8_t ea[ETH_ADDR_LEN],
969 struct iface **hw_addr_iface)
975 *hw_addr_iface = NULL;
977 /* Did the user request a particular MAC? */
978 hwaddr = bridge_get_other_config(br->cfg, "hwaddr");
979 if (hwaddr && eth_addr_from_string(hwaddr, ea)) {
980 if (eth_addr_is_multicast(ea)) {
981 VLOG_ERR("bridge %s: cannot set MAC address to multicast "
982 "address "ETH_ADDR_FMT, br->name, ETH_ADDR_ARGS(ea));
983 } else if (eth_addr_is_zero(ea)) {
984 VLOG_ERR("bridge %s: cannot set MAC address to zero", br->name);
990 /* Otherwise choose the minimum non-local MAC address among all of the
992 memset(ea, 0xff, sizeof ea);
993 for (i = 0; i < br->n_ports; i++) {
994 struct port *port = br->ports[i];
995 uint8_t iface_ea[ETH_ADDR_LEN];
998 /* Mirror output ports don't participate. */
999 if (port->is_mirror_output_port) {
1003 /* Choose the MAC address to represent the port. */
1004 if (port->cfg->mac && eth_addr_from_string(port->cfg->mac, iface_ea)) {
1005 /* Find the interface with this Ethernet address (if any) so that
1006 * we can provide the correct devname to the caller. */
1008 for (j = 0; j < port->n_ifaces; j++) {
1009 struct iface *candidate = port->ifaces[j];
1010 uint8_t candidate_ea[ETH_ADDR_LEN];
1011 if (!netdev_get_etheraddr(candidate->netdev, candidate_ea)
1012 && eth_addr_equals(iface_ea, candidate_ea)) {
1017 /* Choose the interface whose MAC address will represent the port.
1018 * The Linux kernel bonding code always chooses the MAC address of
1019 * the first slave added to a bond, and the Fedora networking
1020 * scripts always add slaves to a bond in alphabetical order, so
1021 * for compatibility we choose the interface with the name that is
1022 * first in alphabetical order. */
1023 iface = port->ifaces[0];
1024 for (j = 1; j < port->n_ifaces; j++) {
1025 struct iface *candidate = port->ifaces[j];
1026 if (strcmp(candidate->name, iface->name) < 0) {
1031 /* The local port doesn't count (since we're trying to choose its
1032 * MAC address anyway). */
1033 if (iface->dp_ifidx == ODPP_LOCAL) {
1038 error = netdev_get_etheraddr(iface->netdev, iface_ea);
1040 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1041 VLOG_ERR_RL(&rl, "failed to obtain Ethernet address of %s: %s",
1042 iface->name, strerror(error));
1047 /* Compare against our current choice. */
1048 if (!eth_addr_is_multicast(iface_ea) &&
1049 !eth_addr_is_local(iface_ea) &&
1050 !eth_addr_is_reserved(iface_ea) &&
1051 !eth_addr_is_zero(iface_ea) &&
1052 eth_addr_compare_3way(iface_ea, ea) < 0)
1054 memcpy(ea, iface_ea, ETH_ADDR_LEN);
1055 *hw_addr_iface = iface;
1058 if (eth_addr_is_multicast(ea)) {
1059 memcpy(ea, br->default_ea, ETH_ADDR_LEN);
1060 *hw_addr_iface = NULL;
1061 VLOG_WARN("bridge %s: using default bridge Ethernet "
1062 "address "ETH_ADDR_FMT, br->name, ETH_ADDR_ARGS(ea));
1064 VLOG_DBG("bridge %s: using bridge Ethernet address "ETH_ADDR_FMT,
1065 br->name, ETH_ADDR_ARGS(ea));
1069 /* Choose and returns the datapath ID for bridge 'br' given that the bridge
1070 * Ethernet address is 'bridge_ea'. If 'bridge_ea' is the Ethernet address of
1071 * an interface on 'br', then that interface must be passed in as
1072 * 'hw_addr_iface'; if 'bridge_ea' was derived some other way, then
1073 * 'hw_addr_iface' must be passed in as a null pointer. */
1075 bridge_pick_datapath_id(struct bridge *br,
1076 const uint8_t bridge_ea[ETH_ADDR_LEN],
1077 struct iface *hw_addr_iface)
1080 * The procedure for choosing a bridge MAC address will, in the most
1081 * ordinary case, also choose a unique MAC that we can use as a datapath
1082 * ID. In some special cases, though, multiple bridges will end up with
1083 * the same MAC address. This is OK for the bridges, but it will confuse
1084 * the OpenFlow controller, because each datapath needs a unique datapath
1087 * Datapath IDs must be unique. It is also very desirable that they be
1088 * stable from one run to the next, so that policy set on a datapath
1091 const char *datapath_id;
1094 datapath_id = bridge_get_other_config(br->cfg, "datapath-id");
1095 if (datapath_id && dpid_from_string(datapath_id, &dpid)) {
1099 if (hw_addr_iface) {
1101 if (!netdev_get_vlan_vid(hw_addr_iface->netdev, &vlan)) {
1103 * A bridge whose MAC address is taken from a VLAN network device
1104 * (that is, a network device created with vconfig(8) or similar
1105 * tool) will have the same MAC address as a bridge on the VLAN
1106 * device's physical network device.
1108 * Handle this case by hashing the physical network device MAC
1109 * along with the VLAN identifier.
1111 uint8_t buf[ETH_ADDR_LEN + 2];
1112 memcpy(buf, bridge_ea, ETH_ADDR_LEN);
1113 buf[ETH_ADDR_LEN] = vlan >> 8;
1114 buf[ETH_ADDR_LEN + 1] = vlan;
1115 return dpid_from_hash(buf, sizeof buf);
1118 * Assume that this bridge's MAC address is unique, since it
1119 * doesn't fit any of the cases we handle specially.
1124 * A purely internal bridge, that is, one that has no non-virtual
1125 * network devices on it at all, is more difficult because it has no
1126 * natural unique identifier at all.
1128 * When the host is a XenServer, we handle this case by hashing the
1129 * host's UUID with the name of the bridge. Names of bridges are
1130 * persistent across XenServer reboots, although they can be reused if
1131 * an internal network is destroyed and then a new one is later
1132 * created, so this is fairly effective.
1134 * When the host is not a XenServer, we punt by using a random MAC
1135 * address on each run.
1137 const char *host_uuid = xenserver_get_host_uuid();
1139 char *combined = xasprintf("%s,%s", host_uuid, br->name);
1140 dpid = dpid_from_hash(combined, strlen(combined));
1146 return eth_addr_to_uint64(bridge_ea);
1150 dpid_from_hash(const void *data, size_t n)
1152 uint8_t hash[SHA1_DIGEST_SIZE];
1154 BUILD_ASSERT_DECL(sizeof hash >= ETH_ADDR_LEN);
1155 sha1_bytes(data, n, hash);
1156 eth_addr_mark_random(hash);
1157 return eth_addr_to_uint64(hash);
1161 iface_refresh_status(struct iface *iface)
1165 enum netdev_flags flags;
1174 if (!netdev_get_status(iface->netdev, &sh)) {
1176 char **keys, **values;
1178 shash_to_ovs_idl_map(&sh, &keys, &values, &n);
1179 ovsrec_interface_set_status(iface->cfg, keys, values, n);
1184 ovsrec_interface_set_status(iface->cfg, NULL, NULL, 0);
1187 shash_destroy_free_data(&sh);
1189 error = netdev_get_flags(iface->netdev, &flags);
1191 ovsrec_interface_set_admin_state(iface->cfg, flags & NETDEV_UP ? "up" : "down");
1194 ovsrec_interface_set_admin_state(iface->cfg, NULL);
1197 error = netdev_get_features(iface->netdev, ¤t, NULL, NULL, NULL);
1199 ovsrec_interface_set_duplex(iface->cfg,
1200 netdev_features_is_full_duplex(current)
1202 /* warning: uint64_t -> int64_t conversion */
1203 bps = netdev_features_to_bps(current);
1204 ovsrec_interface_set_link_speed(iface->cfg, &bps, 1);
1207 ovsrec_interface_set_duplex(iface->cfg, NULL);
1208 ovsrec_interface_set_link_speed(iface->cfg, NULL, 0);
1212 ovsrec_interface_set_link_state(iface->cfg,
1213 netdev_get_carrier(iface->netdev)
1216 error = netdev_get_mtu(iface->netdev, &mtu);
1217 if (!error && mtu != INT_MAX) {
1219 ovsrec_interface_set_mtu(iface->cfg, &mtu_64, 1);
1222 ovsrec_interface_set_mtu(iface->cfg, NULL, 0);
1227 iface_refresh_cfm_stats(struct iface *iface)
1231 const struct ovsrec_monitor *mon;
1233 mon = iface->cfg->monitor;
1240 for (i = 0; i < mon->n_remote_mps; i++) {
1241 const struct ovsrec_maintenance_point *mp;
1242 const struct remote_mp *rmp;
1244 mp = mon->remote_mps[i];
1245 rmp = cfm_get_remote_mp(cfm, mp->mpid);
1247 ovsrec_maintenance_point_set_fault(mp, &rmp->fault, 1);
1250 if (hmap_is_empty(&cfm->x_remote_mps)) {
1251 ovsrec_monitor_set_unexpected_remote_mpids(mon, NULL, 0);
1254 struct remote_mp *rmp;
1255 int64_t *x_remote_mps;
1257 length = hmap_count(&cfm->x_remote_mps);
1258 x_remote_mps = xzalloc(length * sizeof *x_remote_mps);
1261 HMAP_FOR_EACH (rmp, node, &cfm->x_remote_mps) {
1262 x_remote_mps[i++] = rmp->mpid;
1265 ovsrec_monitor_set_unexpected_remote_mpids(mon, x_remote_mps, length);
1269 if (hmap_is_empty(&cfm->x_remote_maids)) {
1270 ovsrec_monitor_set_unexpected_remote_maids(mon, NULL, 0);
1273 char **x_remote_maids;
1274 struct remote_maid *rmaid;
1276 length = hmap_count(&cfm->x_remote_maids);
1277 x_remote_maids = xzalloc(length * sizeof *x_remote_maids);
1280 HMAP_FOR_EACH (rmaid, node, &cfm->x_remote_maids) {
1283 x_remote_maids[i] = xzalloc(CCM_MAID_LEN * 2 + 1);
1285 for (j = 0; j < CCM_MAID_LEN; j++) {
1286 snprintf(&x_remote_maids[i][j * 2], 3, "%02hhx",
1291 ovsrec_monitor_set_unexpected_remote_maids(mon, x_remote_maids, length);
1293 for (i = 0; i < length; i++) {
1294 free(x_remote_maids[i]);
1296 free(x_remote_maids);
1299 ovsrec_monitor_set_fault(mon, &cfm->fault, 1);
1303 iface_refresh_stats(struct iface *iface)
1309 static const struct iface_stat iface_stats[] = {
1310 { "rx_packets", offsetof(struct netdev_stats, rx_packets) },
1311 { "tx_packets", offsetof(struct netdev_stats, tx_packets) },
1312 { "rx_bytes", offsetof(struct netdev_stats, rx_bytes) },
1313 { "tx_bytes", offsetof(struct netdev_stats, tx_bytes) },
1314 { "rx_dropped", offsetof(struct netdev_stats, rx_dropped) },
1315 { "tx_dropped", offsetof(struct netdev_stats, tx_dropped) },
1316 { "rx_errors", offsetof(struct netdev_stats, rx_errors) },
1317 { "tx_errors", offsetof(struct netdev_stats, tx_errors) },
1318 { "rx_frame_err", offsetof(struct netdev_stats, rx_frame_errors) },
1319 { "rx_over_err", offsetof(struct netdev_stats, rx_over_errors) },
1320 { "rx_crc_err", offsetof(struct netdev_stats, rx_crc_errors) },
1321 { "collisions", offsetof(struct netdev_stats, collisions) },
1323 enum { N_STATS = ARRAY_SIZE(iface_stats) };
1324 const struct iface_stat *s;
1326 char *keys[N_STATS];
1327 int64_t values[N_STATS];
1330 struct netdev_stats stats;
1332 /* Intentionally ignore return value, since errors will set 'stats' to
1333 * all-1s, and we will deal with that correctly below. */
1334 netdev_get_stats(iface->netdev, &stats);
1337 for (s = iface_stats; s < &iface_stats[N_STATS]; s++) {
1338 uint64_t value = *(uint64_t *) (((char *) &stats) + s->offset);
1339 if (value != UINT64_MAX) {
1346 ovsrec_interface_set_statistics(iface->cfg, keys, values, n);
1350 refresh_system_stats(const struct ovsrec_open_vswitch *cfg)
1352 struct ovsdb_datum datum;
1356 get_system_stats(&stats);
1358 ovsdb_datum_from_shash(&datum, &stats);
1359 ovsdb_idl_txn_write(&cfg->header_, &ovsrec_open_vswitch_col_statistics,
1363 static inline const char *
1364 nx_role_to_str(enum nx_role role)
1369 case NX_ROLE_MASTER:
1374 return "*** INVALID ROLE ***";
1379 bridge_refresh_controller_status(const struct bridge *br)
1382 const struct ovsrec_controller *cfg;
1384 ofproto_get_ofproto_controller_info(br->ofproto, &info);
1386 OVSREC_CONTROLLER_FOR_EACH(cfg, idl) {
1387 struct ofproto_controller_info *cinfo =
1388 shash_find_data(&info, cfg->target);
1391 ovsrec_controller_set_is_connected(cfg, cinfo->is_connected);
1392 ovsrec_controller_set_role(cfg, nx_role_to_str(cinfo->role));
1393 ovsrec_controller_set_status(cfg, (char **) cinfo->pairs.keys,
1394 (char **) cinfo->pairs.values,
1397 ovsrec_controller_set_is_connected(cfg, false);
1398 ovsrec_controller_set_role(cfg, NULL);
1399 ovsrec_controller_set_status(cfg, NULL, NULL, 0);
1403 ofproto_free_ofproto_controller_info(&info);
1409 const struct ovsrec_open_vswitch *cfg;
1411 bool datapath_destroyed;
1412 bool database_changed;
1415 /* Let each bridge do the work that it needs to do. */
1416 datapath_destroyed = false;
1417 LIST_FOR_EACH (br, node, &all_bridges) {
1418 int error = bridge_run_one(br);
1420 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1421 VLOG_ERR_RL(&rl, "bridge %s: datapath was destroyed externally, "
1422 "forcing reconfiguration", br->name);
1423 datapath_destroyed = true;
1427 /* (Re)configure if necessary. */
1428 database_changed = ovsdb_idl_run(idl);
1429 cfg = ovsrec_open_vswitch_first(idl);
1431 /* Re-configure SSL. We do this on every trip through the main loop,
1432 * instead of just when the database changes, because the contents of the
1433 * key and certificate files can change without the database changing.
1435 * We do this before bridge_reconfigure() because that function might
1436 * initiate SSL connections and thus requires SSL to be configured. */
1437 if (cfg && cfg->ssl) {
1438 const struct ovsrec_ssl *ssl = cfg->ssl;
1440 stream_ssl_set_key_and_cert(ssl->private_key, ssl->certificate);
1441 stream_ssl_set_ca_cert_file(ssl->ca_cert, ssl->bootstrap_ca_cert);
1444 if (database_changed || datapath_destroyed) {
1446 struct ovsdb_idl_txn *txn = ovsdb_idl_txn_create(idl);
1448 bridge_configure_once(cfg);
1449 bridge_reconfigure(cfg);
1451 ovsrec_open_vswitch_set_cur_cfg(cfg, cfg->next_cfg);
1452 ovsdb_idl_txn_commit(txn);
1453 ovsdb_idl_txn_destroy(txn); /* XXX */
1455 /* We still need to reconfigure to avoid dangling pointers to
1456 * now-destroyed ovsrec structures inside bridge data. */
1457 static const struct ovsrec_open_vswitch null_cfg;
1459 bridge_reconfigure(&null_cfg);
1463 /* Refresh system and interface stats if necessary. */
1464 if (time_msec() >= stats_timer) {
1466 struct ovsdb_idl_txn *txn;
1468 txn = ovsdb_idl_txn_create(idl);
1469 LIST_FOR_EACH (br, node, &all_bridges) {
1472 for (i = 0; i < br->n_ports; i++) {
1473 struct port *port = br->ports[i];
1476 for (j = 0; j < port->n_ifaces; j++) {
1477 struct iface *iface = port->ifaces[j];
1478 iface_refresh_stats(iface);
1479 iface_refresh_cfm_stats(iface);
1480 iface_refresh_status(iface);
1483 bridge_refresh_controller_status(br);
1485 refresh_system_stats(cfg);
1486 ovsdb_idl_txn_commit(txn);
1487 ovsdb_idl_txn_destroy(txn); /* XXX */
1490 stats_timer = time_msec() + STATS_INTERVAL;
1498 struct iface *iface;
1500 LIST_FOR_EACH (br, node, &all_bridges) {
1501 ofproto_wait(br->ofproto);
1502 if (ofproto_has_primary_controller(br->ofproto)) {
1506 mac_learning_wait(br->ml);
1510 HMAP_FOR_EACH (iface, dp_ifidx_node, &br->ifaces) {
1512 cfm_wait(iface->cfm);
1516 ovsdb_idl_wait(idl);
1517 poll_timer_wait_until(stats_timer);
1520 /* Forces 'br' to revalidate all of its flows. This is appropriate when 'br''s
1521 * configuration changes. */
1523 bridge_flush(struct bridge *br)
1525 COVERAGE_INC(bridge_flush);
1527 mac_learning_flush(br->ml);
1530 /* Returns the 'br' interface for the ODPP_LOCAL port, or null if 'br' has no
1531 * such interface. */
1532 static struct iface *
1533 bridge_get_local_iface(struct bridge *br)
1537 for (i = 0; i < br->n_ports; i++) {
1538 struct port *port = br->ports[i];
1539 for (j = 0; j < port->n_ifaces; j++) {
1540 struct iface *iface = port->ifaces[j];
1541 if (iface->dp_ifidx == ODPP_LOCAL) {
1550 /* Bridge unixctl user interface functions. */
1552 bridge_unixctl_fdb_show(struct unixctl_conn *conn,
1553 const char *args, void *aux OVS_UNUSED)
1555 struct ds ds = DS_EMPTY_INITIALIZER;
1556 const struct bridge *br;
1557 const struct mac_entry *e;
1559 br = bridge_lookup(args);
1561 unixctl_command_reply(conn, 501, "no such bridge");
1565 ds_put_cstr(&ds, " port VLAN MAC Age\n");
1566 LIST_FOR_EACH (e, lru_node, &br->ml->lrus) {
1567 if (e->port < 0 || e->port >= br->n_ports) {
1570 ds_put_format(&ds, "%5d %4d "ETH_ADDR_FMT" %3d\n",
1571 br->ports[e->port]->ifaces[0]->dp_ifidx,
1572 e->vlan, ETH_ADDR_ARGS(e->mac), mac_entry_age(e));
1574 unixctl_command_reply(conn, 200, ds_cstr(&ds));
1578 /* Bridge reconfiguration functions. */
1579 static struct bridge *
1580 bridge_create(const struct ovsrec_bridge *br_cfg)
1585 assert(!bridge_lookup(br_cfg->name));
1586 br = xzalloc(sizeof *br);
1588 error = dpif_create_and_open(br_cfg->name, br_cfg->datapath_type,
1594 dpif_flow_flush(br->dpif);
1596 error = ofproto_create(br_cfg->name, br_cfg->datapath_type, &bridge_ofhooks,
1599 VLOG_ERR("failed to create switch %s: %s", br_cfg->name,
1601 dpif_delete(br->dpif);
1602 dpif_close(br->dpif);
1607 br->name = xstrdup(br_cfg->name);
1609 br->ml = mac_learning_create();
1610 eth_addr_nicira_random(br->default_ea);
1612 hmap_init(&br->ifaces);
1614 shash_init(&br->port_by_name);
1615 shash_init(&br->iface_by_name);
1619 list_push_back(&all_bridges, &br->node);
1621 VLOG_INFO("created bridge %s on %s", br->name, dpif_name(br->dpif));
1627 bridge_destroy(struct bridge *br)
1632 while (br->n_ports > 0) {
1633 port_destroy(br->ports[br->n_ports - 1]);
1635 list_remove(&br->node);
1636 error = dpif_delete(br->dpif);
1637 if (error && error != ENOENT) {
1638 VLOG_ERR("failed to delete %s: %s",
1639 dpif_name(br->dpif), strerror(error));
1641 dpif_close(br->dpif);
1642 ofproto_destroy(br->ofproto);
1643 mac_learning_destroy(br->ml);
1644 hmap_destroy(&br->ifaces);
1645 shash_destroy(&br->port_by_name);
1646 shash_destroy(&br->iface_by_name);
1653 static struct bridge *
1654 bridge_lookup(const char *name)
1658 LIST_FOR_EACH (br, node, &all_bridges) {
1659 if (!strcmp(br->name, name)) {
1666 /* Handle requests for a listing of all flows known by the OpenFlow
1667 * stack, including those normally hidden. */
1669 bridge_unixctl_dump_flows(struct unixctl_conn *conn,
1670 const char *args, void *aux OVS_UNUSED)
1675 br = bridge_lookup(args);
1677 unixctl_command_reply(conn, 501, "Unknown bridge");
1682 ofproto_get_all_flows(br->ofproto, &results);
1684 unixctl_command_reply(conn, 200, ds_cstr(&results));
1685 ds_destroy(&results);
1688 /* "bridge/reconnect [BRIDGE]": makes BRIDGE drop all of its controller
1689 * connections and reconnect. If BRIDGE is not specified, then all bridges
1690 * drop their controller connections and reconnect. */
1692 bridge_unixctl_reconnect(struct unixctl_conn *conn,
1693 const char *args, void *aux OVS_UNUSED)
1696 if (args[0] != '\0') {
1697 br = bridge_lookup(args);
1699 unixctl_command_reply(conn, 501, "Unknown bridge");
1702 ofproto_reconnect_controllers(br->ofproto);
1704 LIST_FOR_EACH (br, node, &all_bridges) {
1705 ofproto_reconnect_controllers(br->ofproto);
1708 unixctl_command_reply(conn, 200, NULL);
1712 bridge_run_one(struct bridge *br)
1715 struct iface *iface;
1717 error = ofproto_run1(br->ofproto);
1722 mac_learning_run(br->ml, ofproto_get_revalidate_set(br->ofproto));
1726 error = ofproto_run2(br->ofproto, br->flush);
1729 HMAP_FOR_EACH (iface, dp_ifidx_node, &br->ifaces) {
1730 struct ofpbuf *packet;
1736 packet = cfm_run(iface->cfm);
1738 iface_send_packet(iface, packet);
1739 ofpbuf_uninit(packet);
1748 bridge_get_controllers(const struct bridge *br,
1749 struct ovsrec_controller ***controllersp)
1751 struct ovsrec_controller **controllers;
1752 size_t n_controllers;
1754 controllers = br->cfg->controller;
1755 n_controllers = br->cfg->n_controller;
1757 if (n_controllers == 1 && !strcmp(controllers[0]->target, "none")) {
1763 *controllersp = controllers;
1765 return n_controllers;
1769 bridge_reconfigure_one(struct bridge *br)
1771 struct shash old_ports, new_ports;
1772 struct svec snoops, old_snoops;
1773 struct shash_node *node;
1774 enum ofproto_fail_mode fail_mode;
1777 /* Collect old ports. */
1778 shash_init(&old_ports);
1779 for (i = 0; i < br->n_ports; i++) {
1780 shash_add(&old_ports, br->ports[i]->name, br->ports[i]);
1783 /* Collect new ports. */
1784 shash_init(&new_ports);
1785 for (i = 0; i < br->cfg->n_ports; i++) {
1786 const char *name = br->cfg->ports[i]->name;
1787 if (!shash_add_once(&new_ports, name, br->cfg->ports[i])) {
1788 VLOG_WARN("bridge %s: %s specified twice as bridge port",
1793 /* If we have a controller, then we need a local port. Complain if the
1794 * user didn't specify one.
1796 * XXX perhaps we should synthesize a port ourselves in this case. */
1797 if (bridge_get_controllers(br, NULL)) {
1798 char local_name[IF_NAMESIZE];
1801 error = dpif_port_get_name(br->dpif, ODPP_LOCAL,
1802 local_name, sizeof local_name);
1803 if (!error && !shash_find(&new_ports, local_name)) {
1804 VLOG_WARN("bridge %s: controller specified but no local port "
1805 "(port named %s) defined",
1806 br->name, local_name);
1810 /* Get rid of deleted ports.
1811 * Get rid of deleted interfaces on ports that still exist. */
1812 SHASH_FOR_EACH (node, &old_ports) {
1813 struct port *port = node->data;
1814 const struct ovsrec_port *port_cfg;
1816 port_cfg = shash_find_data(&new_ports, node->name);
1820 port_del_ifaces(port, port_cfg);
1824 /* Create new ports.
1825 * Add new interfaces to existing ports.
1826 * Reconfigure existing ports. */
1827 SHASH_FOR_EACH (node, &new_ports) {
1828 struct port *port = shash_find_data(&old_ports, node->name);
1830 port = port_create(br, node->name);
1833 port_reconfigure(port, node->data);
1834 if (!port->n_ifaces) {
1835 VLOG_WARN("bridge %s: port %s has no interfaces, dropping",
1836 br->name, port->name);
1840 shash_destroy(&old_ports);
1841 shash_destroy(&new_ports);
1843 /* Set the fail-mode */
1844 fail_mode = !br->cfg->fail_mode
1845 || !strcmp(br->cfg->fail_mode, "standalone")
1846 ? OFPROTO_FAIL_STANDALONE
1847 : OFPROTO_FAIL_SECURE;
1848 if (ofproto_get_fail_mode(br->ofproto) != fail_mode
1849 && !ofproto_has_primary_controller(br->ofproto)) {
1850 ofproto_flush_flows(br->ofproto);
1852 ofproto_set_fail_mode(br->ofproto, fail_mode);
1854 /* Delete all flows if we're switching from connected to standalone or vice
1855 * versa. (XXX Should we delete all flows if we are switching from one
1856 * controller to another?) */
1858 /* Configure OpenFlow controller connection snooping. */
1860 svec_add_nocopy(&snoops, xasprintf("punix:%s/%s.snoop",
1861 ovs_rundir(), br->name));
1862 svec_init(&old_snoops);
1863 ofproto_get_snoops(br->ofproto, &old_snoops);
1864 if (!svec_equal(&snoops, &old_snoops)) {
1865 ofproto_set_snoops(br->ofproto, &snoops);
1867 svec_destroy(&snoops);
1868 svec_destroy(&old_snoops);
1870 mirror_reconfigure(br);
1873 /* Initializes 'oc' appropriately as a management service controller for
1876 * The caller must free oc->target when it is no longer needed. */
1878 bridge_ofproto_controller_for_mgmt(const struct bridge *br,
1879 struct ofproto_controller *oc)
1881 oc->target = xasprintf("punix:%s/%s.mgmt", ovs_rundir(), br->name);
1882 oc->max_backoff = 0;
1883 oc->probe_interval = 60;
1884 oc->band = OFPROTO_OUT_OF_BAND;
1885 oc->accept_re = NULL;
1886 oc->update_resolv_conf = false;
1888 oc->burst_limit = 0;
1891 /* Converts ovsrec_controller 'c' into an ofproto_controller in 'oc'. */
1893 bridge_ofproto_controller_from_ovsrec(const struct ovsrec_controller *c,
1894 struct ofproto_controller *oc)
1896 oc->target = c->target;
1897 oc->max_backoff = c->max_backoff ? *c->max_backoff / 1000 : 8;
1898 oc->probe_interval = c->inactivity_probe ? *c->inactivity_probe / 1000 : 5;
1899 oc->band = (!c->connection_mode || !strcmp(c->connection_mode, "in-band")
1900 ? OFPROTO_IN_BAND : OFPROTO_OUT_OF_BAND);
1901 oc->accept_re = c->discover_accept_regex;
1902 oc->update_resolv_conf = c->discover_update_resolv_conf;
1903 oc->rate_limit = c->controller_rate_limit ? *c->controller_rate_limit : 0;
1904 oc->burst_limit = (c->controller_burst_limit
1905 ? *c->controller_burst_limit : 0);
1908 /* Configures the IP stack for 'br''s local interface properly according to the
1909 * configuration in 'c'. */
1911 bridge_configure_local_iface_netdev(struct bridge *br,
1912 struct ovsrec_controller *c)
1914 struct netdev *netdev;
1915 struct in_addr mask, gateway;
1917 struct iface *local_iface;
1920 /* Controller discovery does its own TCP/IP configuration later. */
1921 if (strcmp(c->target, "discover")) {
1925 /* If there's no local interface or no IP address, give up. */
1926 local_iface = bridge_get_local_iface(br);
1927 if (!local_iface || !c->local_ip || !inet_aton(c->local_ip, &ip)) {
1931 /* Bring up the local interface. */
1932 netdev = local_iface->netdev;
1933 netdev_turn_flags_on(netdev, NETDEV_UP, true);
1935 /* Configure the IP address and netmask. */
1936 if (!c->local_netmask
1937 || !inet_aton(c->local_netmask, &mask)
1939 mask.s_addr = guess_netmask(ip.s_addr);
1941 if (!netdev_set_in4(netdev, ip, mask)) {
1942 VLOG_INFO("bridge %s: configured IP address "IP_FMT", netmask "IP_FMT,
1943 br->name, IP_ARGS(&ip.s_addr), IP_ARGS(&mask.s_addr));
1946 /* Configure the default gateway. */
1947 if (c->local_gateway
1948 && inet_aton(c->local_gateway, &gateway)
1949 && gateway.s_addr) {
1950 if (!netdev_add_router(netdev, gateway)) {
1951 VLOG_INFO("bridge %s: configured gateway "IP_FMT,
1952 br->name, IP_ARGS(&gateway.s_addr));
1958 bridge_reconfigure_remotes(struct bridge *br,
1959 const struct sockaddr_in *managers,
1962 const char *disable_ib_str, *queue_id_str;
1963 bool disable_in_band = false;
1966 struct ovsrec_controller **controllers;
1967 size_t n_controllers;
1970 struct ofproto_controller *ocs;
1974 /* Check if we should disable in-band control on this bridge. */
1975 disable_ib_str = bridge_get_other_config(br->cfg, "disable-in-band");
1976 if (disable_ib_str && !strcmp(disable_ib_str, "true")) {
1977 disable_in_band = true;
1980 /* Set OpenFlow queue ID for in-band control. */
1981 queue_id_str = bridge_get_other_config(br->cfg, "in-band-queue");
1982 queue_id = queue_id_str ? strtol(queue_id_str, NULL, 10) : -1;
1983 ofproto_set_in_band_queue(br->ofproto, queue_id);
1985 if (disable_in_band) {
1986 ofproto_set_extra_in_band_remotes(br->ofproto, NULL, 0);
1988 ofproto_set_extra_in_band_remotes(br->ofproto, managers, n_managers);
1990 had_primary = ofproto_has_primary_controller(br->ofproto);
1992 n_controllers = bridge_get_controllers(br, &controllers);
1994 ocs = xmalloc((n_controllers + 1) * sizeof *ocs);
1997 bridge_ofproto_controller_for_mgmt(br, &ocs[n_ocs++]);
1998 for (i = 0; i < n_controllers; i++) {
1999 struct ovsrec_controller *c = controllers[i];
2001 if (!strncmp(c->target, "punix:", 6)
2002 || !strncmp(c->target, "unix:", 5)) {
2003 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2005 /* Prevent remote ovsdb-server users from accessing arbitrary Unix
2006 * domain sockets and overwriting arbitrary local files. */
2007 VLOG_ERR_RL(&rl, "%s: not adding Unix domain socket controller "
2008 "\"%s\" due to possibility for remote exploit",
2009 dpif_name(br->dpif), c->target);
2013 bridge_configure_local_iface_netdev(br, c);
2014 bridge_ofproto_controller_from_ovsrec(c, &ocs[n_ocs]);
2015 if (disable_in_band) {
2016 ocs[n_ocs].band = OFPROTO_OUT_OF_BAND;
2021 ofproto_set_controllers(br->ofproto, ocs, n_ocs);
2022 free(ocs[0].target); /* From bridge_ofproto_controller_for_mgmt(). */
2025 if (had_primary != ofproto_has_primary_controller(br->ofproto)) {
2026 ofproto_flush_flows(br->ofproto);
2029 /* If there are no controllers and the bridge is in standalone
2030 * mode, set up a flow that matches every packet and directs
2031 * them to OFPP_NORMAL (which goes to us). Otherwise, the
2032 * switch is in secure mode and we won't pass any traffic until
2033 * a controller has been defined and it tells us to do so. */
2035 && ofproto_get_fail_mode(br->ofproto) == OFPROTO_FAIL_STANDALONE) {
2036 union ofp_action action;
2037 struct cls_rule rule;
2039 memset(&action, 0, sizeof action);
2040 action.type = htons(OFPAT_OUTPUT);
2041 action.output.len = htons(sizeof action);
2042 action.output.port = htons(OFPP_NORMAL);
2043 cls_rule_init_catchall(&rule, 0);
2044 ofproto_add_flow(br->ofproto, &rule, &action, 1);
2049 bridge_get_all_ifaces(const struct bridge *br, struct shash *ifaces)
2054 for (i = 0; i < br->n_ports; i++) {
2055 struct port *port = br->ports[i];
2056 for (j = 0; j < port->n_ifaces; j++) {
2057 struct iface *iface = port->ifaces[j];
2058 shash_add_once(ifaces, iface->name, iface);
2060 if (port->n_ifaces > 1 && port->cfg->bond_fake_iface) {
2061 shash_add_once(ifaces, port->name, NULL);
2066 /* For robustness, in case the administrator moves around datapath ports behind
2067 * our back, we re-check all the datapath port numbers here.
2069 * This function will set the 'dp_ifidx' members of interfaces that have
2070 * disappeared to -1, so only call this function from a context where those
2071 * 'struct iface's will be removed from the bridge. Otherwise, the -1
2072 * 'dp_ifidx'es will cause trouble later when we try to send them to the
2073 * datapath, which doesn't support UINT16_MAX+1 ports. */
2075 bridge_fetch_dp_ifaces(struct bridge *br)
2077 struct dpif_port_dump dump;
2078 struct dpif_port dpif_port;
2081 /* Reset all interface numbers. */
2082 for (i = 0; i < br->n_ports; i++) {
2083 struct port *port = br->ports[i];
2084 for (j = 0; j < port->n_ifaces; j++) {
2085 struct iface *iface = port->ifaces[j];
2086 iface->dp_ifidx = -1;
2089 hmap_clear(&br->ifaces);
2091 DPIF_PORT_FOR_EACH (&dpif_port, &dump, br->dpif) {
2092 struct iface *iface = iface_lookup(br, dpif_port.name);
2094 if (iface->dp_ifidx >= 0) {
2095 VLOG_WARN("%s reported interface %s twice",
2096 dpif_name(br->dpif), dpif_port.name);
2097 } else if (iface_from_dp_ifidx(br, dpif_port.port_no)) {
2098 VLOG_WARN("%s reported interface %"PRIu16" twice",
2099 dpif_name(br->dpif), dpif_port.port_no);
2101 iface->dp_ifidx = dpif_port.port_no;
2102 hmap_insert(&br->ifaces, &iface->dp_ifidx_node,
2103 hash_int(iface->dp_ifidx, 0));
2106 iface_set_ofport(iface->cfg,
2107 (iface->dp_ifidx >= 0
2108 ? odp_port_to_ofp_port(iface->dp_ifidx)
2114 /* Bridge packet processing functions. */
2117 bond_is_tcp_hash(const struct port *port)
2119 return port->bond_mode == BM_TCP && port->lacp & LACP_NEGOTIATED;
2123 bond_hash_src(const uint8_t mac[ETH_ADDR_LEN], uint16_t vlan)
2125 return hash_bytes(mac, ETH_ADDR_LEN, vlan) & BOND_MASK;
2128 static int bond_hash_tcp(const struct flow *flow, uint16_t vlan)
2130 struct flow hash_flow;
2132 memcpy(&hash_flow, flow, sizeof hash_flow);
2133 hash_flow.vlan_tci = 0;
2135 /* The symmetric quality of this hash function is not required, but
2136 * flow_hash_symmetric_l4 already exists, and is sufficient for our
2137 * purposes, so we use it out of convenience. */
2138 return flow_hash_symmetric_l4(&hash_flow, vlan) & BOND_MASK;
2141 static struct bond_entry *
2142 lookup_bond_entry(const struct port *port, const struct flow *flow,
2145 assert(port->bond_mode != BM_AB);
2147 if (bond_is_tcp_hash(port)) {
2148 return &port->bond_hash[bond_hash_tcp(flow, vlan)];
2150 return &port->bond_hash[bond_hash_src(flow->dl_src, vlan)];
2155 bond_choose_iface(const struct port *port)
2157 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20);
2158 size_t i, best_down_slave = -1;
2159 long long next_delay_expiration = LLONG_MAX;
2161 for (i = 0; i < port->n_ifaces; i++) {
2162 struct iface *iface = port->ifaces[i];
2164 if (iface->enabled) {
2166 } else if (iface->delay_expires < next_delay_expiration
2167 && (iface->lacp_status & LACP_ATTACHED
2168 || !(port->lacp & LACP_NEGOTIATED))) {
2169 best_down_slave = i;
2170 next_delay_expiration = iface->delay_expires;
2174 if (best_down_slave != -1) {
2175 struct iface *iface = port->ifaces[best_down_slave];
2177 VLOG_INFO_RL(&rl, "interface %s: skipping remaining %lli ms updelay "
2178 "since no other interface is up", iface->name,
2179 iface->delay_expires - time_msec());
2180 bond_enable_slave(iface, true);
2183 return best_down_slave;
2187 choose_output_iface(const struct port *port, const struct flow *flow,
2188 uint16_t vlan, uint16_t *dp_ifidx, tag_type *tags)
2190 struct iface *iface;
2192 assert(port->n_ifaces);
2193 if (port->n_ifaces == 1) {
2194 iface = port->ifaces[0];
2195 } else if (port->bond_mode == BM_AB) {
2196 if (port->active_iface < 0) {
2197 *tags |= port->no_ifaces_tag;
2200 iface = port->ifaces[port->active_iface];
2202 struct bond_entry *e = lookup_bond_entry(port, flow, vlan);
2203 if (e->iface_idx < 0 || e->iface_idx >= port->n_ifaces
2204 || !port->ifaces[e->iface_idx]->enabled) {
2205 /* XXX select interface properly. The current interface selection
2206 * is only good for testing the rebalancing code. */
2207 e->iface_idx = bond_choose_iface(port);
2208 if (e->iface_idx < 0) {
2209 *tags |= port->no_ifaces_tag;
2212 e->iface_tag = tag_create_random();
2213 ((struct port *) port)->bond_compat_is_stale = true;
2215 *tags |= e->iface_tag;
2216 iface = port->ifaces[e->iface_idx];
2218 *dp_ifidx = iface->dp_ifidx;
2219 *tags |= iface->tag; /* Currently only used for bonding. */
2224 bond_link_status_update(struct iface *iface)
2226 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20);
2227 struct port *port = iface->port;
2228 bool up = iface->up;
2229 int updelay, downdelay;
2231 updelay = port->updelay;
2232 downdelay = port->downdelay;
2234 if (iface->port->lacp & LACP_NEGOTIATED) {
2239 if (iface->port->lacp && up) {
2240 /* The interface is up if it's attached to an aggregator and its
2241 * partner is synchronized. The only exception is defaulted links.
2242 * They are not required to have synchronized partners because they
2243 * have no partners at all. However, they will only be attached if
2244 * negotiations failed on all interfaces in the bond. */
2245 up = iface->lacp_status & LACP_ATTACHED
2246 && (iface->lacp_partner.state & LACP_STATE_SYNC
2247 || iface->lacp_status & LACP_DEFAULTED);
2251 if ((up == iface->enabled) == (iface->delay_expires == LLONG_MAX)) {
2252 /* Nothing to do. */
2255 VLOG_INFO_RL(&rl, "interface %s: link state %s",
2256 iface->name, up ? "up" : "down");
2257 if (up == iface->enabled) {
2258 iface->delay_expires = LLONG_MAX;
2259 VLOG_INFO_RL(&rl, "interface %s: will not be %s",
2260 iface->name, up ? "disabled" : "enabled");
2261 } else if (up && port->active_iface < 0) {
2262 bond_enable_slave(iface, true);
2264 VLOG_INFO_RL(&rl, "interface %s: skipping %d ms updelay since no "
2265 "other interface is up", iface->name, updelay);
2268 int delay = up ? updelay : downdelay;
2269 iface->delay_expires = time_msec() + delay;
2272 "interface %s: will be %s if it stays %s for %d ms",
2274 up ? "enabled" : "disabled",
2282 bond_choose_active_iface(struct port *port)
2284 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20);
2286 port->active_iface = bond_choose_iface(port);
2287 port->active_iface_tag = tag_create_random();
2288 if (port->active_iface >= 0) {
2289 VLOG_INFO_RL(&rl, "port %s: active interface is now %s",
2290 port->name, port->ifaces[port->active_iface]->name);
2292 VLOG_WARN_RL(&rl, "port %s: all ports disabled, no active interface",
2298 bond_enable_slave(struct iface *iface, bool enable)
2300 struct port *port = iface->port;
2301 struct bridge *br = port->bridge;
2303 /* This acts as a recursion check. If the act of disabling a slave
2304 * causes a different slave to be enabled, the flag will allow us to
2305 * skip redundant work when we reenter this function. It must be
2306 * cleared on exit to keep things safe with multiple bonds. */
2307 static bool moving_active_iface = false;
2309 iface->delay_expires = LLONG_MAX;
2310 if (enable == iface->enabled) {
2314 iface->enabled = enable;
2315 if (!iface->enabled) {
2316 VLOG_WARN("interface %s: disabled", iface->name);
2317 ofproto_revalidate(br->ofproto, iface->tag);
2318 if (iface->port_ifidx == port->active_iface) {
2319 ofproto_revalidate(br->ofproto,
2320 port->active_iface_tag);
2322 /* Disabling a slave can lead to another slave being immediately
2323 * enabled if there will be no active slaves but one is waiting
2324 * on an updelay. In this case we do not need to run most of the
2325 * code for the newly enabled slave since there was no period
2326 * without an active slave and it is redundant with the disabling
2328 moving_active_iface = true;
2329 bond_choose_active_iface(port);
2331 bond_send_learning_packets(port);
2333 VLOG_WARN("interface %s: enabled", iface->name);
2334 if (port->active_iface < 0 && !moving_active_iface) {
2335 ofproto_revalidate(br->ofproto, port->no_ifaces_tag);
2336 bond_choose_active_iface(port);
2337 bond_send_learning_packets(port);
2339 iface->tag = tag_create_random();
2342 moving_active_iface = false;
2343 port->bond_compat_is_stale = true;
2346 /* Attempts to make the sum of the bond slaves' statistics appear on the fake
2347 * bond interface. */
2349 bond_update_fake_iface_stats(struct port *port)
2351 struct netdev_stats bond_stats;
2352 struct netdev *bond_dev;
2355 memset(&bond_stats, 0, sizeof bond_stats);
2357 for (i = 0; i < port->n_ifaces; i++) {
2358 struct netdev_stats slave_stats;
2360 if (!netdev_get_stats(port->ifaces[i]->netdev, &slave_stats)) {
2361 /* XXX: We swap the stats here because they are swapped back when
2362 * reported by the internal device. The reason for this is
2363 * internal devices normally represent packets going into the system
2364 * but when used as fake bond device they represent packets leaving
2365 * the system. We really should do this in the internal device
2366 * itself because changing it here reverses the counts from the
2367 * perspective of the switch. However, the internal device doesn't
2368 * know what type of device it represents so we have to do it here
2370 bond_stats.tx_packets += slave_stats.rx_packets;
2371 bond_stats.tx_bytes += slave_stats.rx_bytes;
2372 bond_stats.rx_packets += slave_stats.tx_packets;
2373 bond_stats.rx_bytes += slave_stats.tx_bytes;
2377 if (!netdev_open_default(port->name, &bond_dev)) {
2378 netdev_set_stats(bond_dev, &bond_stats);
2379 netdev_close(bond_dev);
2384 bond_link_carrier_update(struct iface *iface, bool carrier)
2386 if (carrier == iface->up) {
2390 if (iface->lacp_status & LACP_CURRENT) {
2391 iface_set_lacp_expired(iface);
2394 iface->up = carrier;
2396 iface->port->bond_compat_is_stale = true;
2400 bond_run(struct bridge *br)
2404 for (i = 0; i < br->n_ports; i++) {
2405 struct port *port = br->ports[i];
2407 if (port->n_ifaces >= 2) {
2410 if (port->monitor) {
2411 assert(!port->miimon);
2413 /* Track carrier going up and down on interfaces. */
2414 while (!netdev_monitor_poll(port->monitor, &devname)) {
2415 struct iface *iface;
2417 iface = port_lookup_iface(port, devname);
2419 bool up = netdev_get_carrier(iface->netdev);
2420 bond_link_carrier_update(iface, up);
2425 assert(port->miimon);
2427 if (time_msec() >= port->bond_miimon_next_update) {
2428 for (j = 0; j < port->n_ifaces; j++) {
2429 struct iface *iface = port->ifaces[j];
2430 bool up = netdev_get_miimon(iface->netdev);
2431 bond_link_carrier_update(iface, up);
2433 port->bond_miimon_next_update = time_msec() +
2434 port->bond_miimon_interval;
2438 for (j = 0; j < port->n_ifaces; j++) {
2439 bond_link_status_update(port->ifaces[j]);
2442 for (j = 0; j < port->n_ifaces; j++) {
2443 struct iface *iface = port->ifaces[j];
2444 if (time_msec() >= iface->delay_expires) {
2445 bond_enable_slave(iface, !iface->enabled);
2449 if (port->bond_fake_iface
2450 && time_msec() >= port->bond_next_fake_iface_update) {
2451 bond_update_fake_iface_stats(port);
2452 port->bond_next_fake_iface_update = time_msec() + 1000;
2456 if (port->bond_compat_is_stale) {
2457 port->bond_compat_is_stale = false;
2458 port_update_bond_compat(port);
2464 bond_wait(struct bridge *br)
2468 for (i = 0; i < br->n_ports; i++) {
2469 struct port *port = br->ports[i];
2470 if (port->n_ifaces < 2) {
2474 if (port->monitor) {
2475 netdev_monitor_poll_wait(port->monitor);
2479 poll_timer_wait_until(port->bond_miimon_next_update);
2482 for (j = 0; j < port->n_ifaces; j++) {
2483 struct iface *iface = port->ifaces[j];
2484 if (iface->delay_expires != LLONG_MAX) {
2485 poll_timer_wait_until(iface->delay_expires);
2488 if (port->bond_fake_iface) {
2489 poll_timer_wait_until(port->bond_next_fake_iface_update);
2495 set_dst(struct dst *dst, const struct flow *flow,
2496 const struct port *in_port, const struct port *out_port,
2499 dst->vlan = (out_port->vlan >= 0 ? OFP_VLAN_NONE
2500 : in_port->vlan >= 0 ? in_port->vlan
2501 : flow->vlan_tci == 0 ? OFP_VLAN_NONE
2502 : vlan_tci_to_vid(flow->vlan_tci));
2503 return choose_output_iface(out_port, flow, dst->vlan,
2504 &dst->dp_ifidx, tags);
2508 swap_dst(struct dst *p, struct dst *q)
2510 struct dst tmp = *p;
2515 /* Moves all the dsts with vlan == 'vlan' to the front of the 'n_dsts' in
2516 * 'dsts'. (This may help performance by reducing the number of VLAN changes
2517 * that we push to the datapath. We could in fact fully sort the array by
2518 * vlan, but in most cases there are at most two different vlan tags so that's
2519 * possibly overkill.) */
2521 partition_dsts(struct dst_set *set, int vlan)
2523 struct dst *first = set->dsts;
2524 struct dst *last = set->dsts + set->n;
2526 while (first != last) {
2528 * - All dsts < first have vlan == 'vlan'.
2529 * - All dsts >= last have vlan != 'vlan'.
2530 * - first < last. */
2531 while (first->vlan == vlan) {
2532 if (++first == last) {
2537 /* Same invariants, plus one additional:
2538 * - first->vlan != vlan.
2540 while (last[-1].vlan != vlan) {
2541 if (--last == first) {
2546 /* Same invariants, plus one additional:
2547 * - last[-1].vlan == vlan.*/
2548 swap_dst(first++, --last);
2553 mirror_mask_ffs(mirror_mask_t mask)
2555 BUILD_ASSERT_DECL(sizeof(unsigned int) >= sizeof(mask));
2560 dst_set_init(struct dst_set *set)
2562 set->dsts = set->builtin;
2564 set->allocated = ARRAY_SIZE(set->builtin);
2568 dst_set_add(struct dst_set *set, const struct dst *dst)
2570 if (set->n >= set->allocated) {
2571 size_t new_allocated;
2572 struct dst *new_dsts;
2574 new_allocated = set->allocated * 2;
2575 new_dsts = xmalloc(new_allocated * sizeof *new_dsts);
2576 memcpy(new_dsts, set->dsts, set->n * sizeof *new_dsts);
2580 set->dsts = new_dsts;
2581 set->allocated = new_allocated;
2583 set->dsts[set->n++] = *dst;
2587 dst_set_free(struct dst_set *set)
2589 if (set->dsts != set->builtin) {
2595 dst_is_duplicate(const struct dst_set *set, const struct dst *test)
2598 for (i = 0; i < set->n; i++) {
2599 if (set->dsts[i].vlan == test->vlan
2600 && set->dsts[i].dp_ifidx == test->dp_ifidx) {
2608 port_trunks_vlan(const struct port *port, uint16_t vlan)
2610 return (port->vlan < 0
2611 && (!port->trunks || bitmap_is_set(port->trunks, vlan)));
2615 port_includes_vlan(const struct port *port, uint16_t vlan)
2617 return vlan == port->vlan || port_trunks_vlan(port, vlan);
2621 port_is_floodable(const struct port *port)
2625 for (i = 0; i < port->n_ifaces; i++) {
2626 if (!ofproto_port_is_floodable(port->bridge->ofproto,
2627 port->ifaces[i]->dp_ifidx)) {
2635 compose_dsts(const struct bridge *br, const struct flow *flow, uint16_t vlan,
2636 const struct port *in_port, const struct port *out_port,
2637 struct dst_set *set, tag_type *tags, uint16_t *nf_output_iface)
2639 mirror_mask_t mirrors = in_port->src_mirrors;
2644 flow_vlan = vlan_tci_to_vid(flow->vlan_tci);
2645 if (flow_vlan == 0) {
2646 flow_vlan = OFP_VLAN_NONE;
2649 if (out_port == FLOOD_PORT) {
2650 for (i = 0; i < br->n_ports; i++) {
2651 struct port *port = br->ports[i];
2653 && port_is_floodable(port)
2654 && port_includes_vlan(port, vlan)
2655 && !port->is_mirror_output_port
2656 && set_dst(&dst, flow, in_port, port, tags)) {
2657 mirrors |= port->dst_mirrors;
2658 dst_set_add(set, &dst);
2661 *nf_output_iface = NF_OUT_FLOOD;
2662 } else if (out_port && set_dst(&dst, flow, in_port, out_port, tags)) {
2663 dst_set_add(set, &dst);
2664 *nf_output_iface = dst.dp_ifidx;
2665 mirrors |= out_port->dst_mirrors;
2669 struct mirror *m = br->mirrors[mirror_mask_ffs(mirrors) - 1];
2670 if (!m->n_vlans || vlan_is_mirrored(m, vlan)) {
2672 if (set_dst(&dst, flow, in_port, m->out_port, tags)
2673 && !dst_is_duplicate(set, &dst)) {
2674 dst_set_add(set, &dst);
2677 for (i = 0; i < br->n_ports; i++) {
2678 struct port *port = br->ports[i];
2679 if (port_includes_vlan(port, m->out_vlan)
2680 && set_dst(&dst, flow, in_port, port, tags))
2682 if (port->vlan < 0) {
2683 dst.vlan = m->out_vlan;
2685 if (dst_is_duplicate(set, &dst)) {
2689 /* Use the vlan tag on the original flow instead of
2690 * the one passed in the vlan parameter. This ensures
2691 * that we compare the vlan from before any implicit
2692 * tagging tags place. This is necessary because
2693 * dst->vlan is the final vlan, after removing implicit
2695 if (port == in_port && dst.vlan == flow_vlan) {
2696 /* Don't send out input port on same VLAN. */
2699 dst_set_add(set, &dst);
2704 mirrors &= mirrors - 1;
2707 partition_dsts(set, flow_vlan);
2710 static void OVS_UNUSED
2711 print_dsts(const struct dst_set *set)
2715 for (i = 0; i < set->n; i++) {
2716 const struct dst *dst = &set->dsts[i];
2718 printf(">p%"PRIu16, dst->dp_ifidx);
2719 if (dst->vlan != OFP_VLAN_NONE) {
2720 printf("v%"PRIu16, dst->vlan);
2726 compose_actions(struct bridge *br, const struct flow *flow, uint16_t vlan,
2727 const struct port *in_port, const struct port *out_port,
2728 tag_type *tags, struct ofpbuf *actions,
2729 uint16_t *nf_output_iface)
2736 compose_dsts(br, flow, vlan, in_port, out_port, &set, tags,
2739 cur_vlan = vlan_tci_to_vid(flow->vlan_tci);
2740 if (cur_vlan == 0) {
2741 cur_vlan = OFP_VLAN_NONE;
2743 for (i = 0; i < set.n; i++) {
2744 const struct dst *dst = &set.dsts[i];
2745 if (dst->vlan != cur_vlan) {
2746 if (dst->vlan == OFP_VLAN_NONE) {
2747 nl_msg_put_flag(actions, ODP_ACTION_ATTR_STRIP_VLAN);
2750 tci = htons(dst->vlan & VLAN_VID_MASK);
2751 tci |= flow->vlan_tci & htons(VLAN_PCP_MASK);
2752 nl_msg_put_be16(actions, ODP_ACTION_ATTR_SET_DL_TCI, tci);
2754 cur_vlan = dst->vlan;
2756 nl_msg_put_u32(actions, ODP_ACTION_ATTR_OUTPUT, dst->dp_ifidx);
2761 /* Returns the effective vlan of a packet, taking into account both the
2762 * 802.1Q header and implicitly tagged ports. A value of 0 indicates that
2763 * the packet is untagged and -1 indicates it has an invalid header and
2764 * should be dropped. */
2765 static int flow_get_vlan(struct bridge *br, const struct flow *flow,
2766 struct port *in_port, bool have_packet)
2768 int vlan = vlan_tci_to_vid(flow->vlan_tci);
2769 if (in_port->vlan >= 0) {
2771 /* XXX support double tagging? */
2773 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2774 VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %d tagged "
2775 "packet received on port %s configured with "
2776 "implicit VLAN %"PRIu16,
2777 br->name, vlan, in_port->name, in_port->vlan);
2781 vlan = in_port->vlan;
2783 if (!port_includes_vlan(in_port, vlan)) {
2785 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2786 VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %d tagged "
2787 "packet received on port %s not configured for "
2789 br->name, vlan, in_port->name, vlan);
2798 /* A VM broadcasts a gratuitous ARP to indicate that it has resumed after
2799 * migration. Older Citrix-patched Linux DomU used gratuitous ARP replies to
2800 * indicate this; newer upstream kernels use gratuitous ARP requests. */
2802 is_gratuitous_arp(const struct flow *flow)
2804 return (flow->dl_type == htons(ETH_TYPE_ARP)
2805 && eth_addr_is_broadcast(flow->dl_dst)
2806 && (flow->nw_proto == ARP_OP_REPLY
2807 || (flow->nw_proto == ARP_OP_REQUEST
2808 && flow->nw_src == flow->nw_dst)));
2812 update_learning_table(struct bridge *br, const struct flow *flow, int vlan,
2813 struct port *in_port)
2815 enum grat_arp_lock_type lock_type;
2818 /* We don't want to learn from gratuitous ARP packets that are reflected
2819 * back over bond slaves so we lock the learning table. */
2820 lock_type = !is_gratuitous_arp(flow) ? GRAT_ARP_LOCK_NONE :
2821 (in_port->n_ifaces == 1) ? GRAT_ARP_LOCK_SET :
2822 GRAT_ARP_LOCK_CHECK;
2824 rev_tag = mac_learning_learn(br->ml, flow->dl_src, vlan, in_port->port_idx,
2827 /* The log messages here could actually be useful in debugging,
2828 * so keep the rate limit relatively high. */
2829 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30,
2831 VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is "
2832 "on port %s in VLAN %d",
2833 br->name, ETH_ADDR_ARGS(flow->dl_src),
2834 in_port->name, vlan);
2835 ofproto_revalidate(br->ofproto, rev_tag);
2839 /* Determines whether packets in 'flow' within 'br' should be forwarded or
2840 * dropped. Returns true if they may be forwarded, false if they should be
2843 * If 'have_packet' is true, it indicates that the caller is processing a
2844 * received packet. If 'have_packet' is false, then the caller is just
2845 * revalidating an existing flow because configuration has changed. Either
2846 * way, 'have_packet' only affects logging (there is no point in logging errors
2847 * during revalidation).
2849 * Sets '*in_portp' to the input port. This will be a null pointer if
2850 * flow->in_port does not designate a known input port (in which case
2851 * is_admissible() returns false).
2853 * When returning true, sets '*vlanp' to the effective VLAN of the input
2854 * packet, as returned by flow_get_vlan().
2856 * May also add tags to '*tags', although the current implementation only does
2857 * so in one special case.
2860 is_admissible(struct bridge *br, const struct flow *flow, bool have_packet,
2861 tag_type *tags, int *vlanp, struct port **in_portp)
2863 struct iface *in_iface;
2864 struct port *in_port;
2867 /* Find the interface and port structure for the received packet. */
2868 in_iface = iface_from_dp_ifidx(br, flow->in_port);
2870 /* No interface? Something fishy... */
2872 /* Odd. A few possible reasons here:
2874 * - We deleted an interface but there are still a few packets
2875 * queued up from it.
2877 * - Someone externally added an interface (e.g. with "ovs-dpctl
2878 * add-if") that we don't know about.
2880 * - Packet arrived on the local port but the local port is not
2881 * one of our bridge ports.
2883 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2885 VLOG_WARN_RL(&rl, "bridge %s: received packet on unknown "
2886 "interface %"PRIu16, br->name, flow->in_port);
2892 *in_portp = in_port = in_iface->port;
2893 *vlanp = vlan = flow_get_vlan(br, flow, in_port, have_packet);
2898 /* Drop frames for reserved multicast addresses. */
2899 if (eth_addr_is_reserved(flow->dl_dst)) {
2903 /* Drop frames on ports reserved for mirroring. */
2904 if (in_port->is_mirror_output_port) {
2906 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2907 VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port "
2908 "%s, which is reserved exclusively for mirroring",
2909 br->name, in_port->name);
2914 /* When using LACP, do not accept packets from disabled interfaces. */
2915 if (in_port->lacp & LACP_NEGOTIATED && !in_iface->enabled) {
2919 /* Packets received on non-LACP bonds need special attention to avoid
2921 if (in_port->n_ifaces > 1 && !(in_port->lacp & LACP_NEGOTIATED)) {
2923 bool is_grat_arp_locked;
2925 if (eth_addr_is_multicast(flow->dl_dst)) {
2926 *tags |= in_port->active_iface_tag;
2927 if (in_port->active_iface != in_iface->port_ifidx) {
2928 /* Drop all multicast packets on inactive slaves. */
2933 /* Drop all packets for which we have learned a different input
2934 * port, because we probably sent the packet on one slave and got
2935 * it back on the other. Gratuitous ARP packets are an exception
2936 * to this rule: the host has moved to another switch. The exception
2937 * to the exception is if we locked the learning table to avoid
2938 * reflections on bond slaves. If this is the case, just drop the
2940 src_idx = mac_learning_lookup(br->ml, flow->dl_src, vlan,
2941 &is_grat_arp_locked);
2942 if (src_idx != -1 && src_idx != in_port->port_idx &&
2943 (!is_gratuitous_arp(flow) || is_grat_arp_locked)) {
2951 /* If the composed actions may be applied to any packet in the given 'flow',
2952 * returns true. Otherwise, the actions should only be applied to 'packet', or
2953 * not at all, if 'packet' was NULL. */
2955 process_flow(struct bridge *br, const struct flow *flow,
2956 const struct ofpbuf *packet, struct ofpbuf *actions,
2957 tag_type *tags, uint16_t *nf_output_iface)
2959 struct port *in_port;
2960 struct port *out_port;
2964 /* Check whether we should drop packets in this flow. */
2965 if (!is_admissible(br, flow, packet != NULL, tags, &vlan, &in_port)) {
2970 /* Learn source MAC (but don't try to learn from revalidation). */
2972 update_learning_table(br, flow, vlan, in_port);
2975 /* Determine output port. */
2976 out_port_idx = mac_learning_lookup_tag(br->ml, flow->dl_dst, vlan, tags,
2978 if (out_port_idx >= 0 && out_port_idx < br->n_ports) {
2979 out_port = br->ports[out_port_idx];
2980 } else if (!packet && !eth_addr_is_multicast(flow->dl_dst)) {
2981 /* If we are revalidating but don't have a learning entry then
2982 * eject the flow. Installing a flow that floods packets opens
2983 * up a window of time where we could learn from a packet reflected
2984 * on a bond and blackhole packets before the learning table is
2985 * updated to reflect the correct port. */
2988 out_port = FLOOD_PORT;
2991 /* Don't send packets out their input ports. */
2992 if (in_port == out_port) {
2998 compose_actions(br, flow, vlan, in_port, out_port, tags, actions,
3006 bridge_normal_ofhook_cb(const struct flow *flow, const struct ofpbuf *packet,
3007 struct ofpbuf *actions, tag_type *tags,
3008 uint16_t *nf_output_iface, void *br_)
3010 struct bridge *br = br_;
3012 COVERAGE_INC(bridge_process_flow);
3013 return process_flow(br, flow, packet, actions, tags, nf_output_iface);
3017 bridge_special_ofhook_cb(const struct flow *flow,
3018 const struct ofpbuf *packet, void *br_)
3020 struct iface *iface;
3021 struct bridge *br = br_;
3023 iface = iface_from_dp_ifidx(br, flow->in_port);
3025 if (cfm_should_process_flow(flow)) {
3027 if (iface && packet && iface->cfm) {
3028 COVERAGE_INC(bridge_process_cfm);
3029 cfm_process_heartbeat(iface->cfm, packet);
3032 } else if (flow->dl_type == htons(ETH_TYPE_LACP)) {
3034 if (iface && packet) {
3035 COVERAGE_INC(bridge_process_lacp);
3036 lacp_process_packet(packet, iface);
3045 bridge_account_flow_ofhook_cb(const struct flow *flow, tag_type tags,
3046 const struct nlattr *actions,
3048 unsigned long long int n_bytes, void *br_)
3050 struct bridge *br = br_;
3051 const struct nlattr *a;
3052 struct port *in_port;
3057 /* Feed information from the active flows back into the learning table to
3058 * ensure that table is always in sync with what is actually flowing
3059 * through the datapath.
3061 * We test that 'tags' is nonzero to ensure that only flows that include an
3062 * OFPP_NORMAL action are used for learning. This works because
3063 * bridge_normal_ofhook_cb() always sets a nonzero tag value. */
3064 if (tags && is_admissible(br, flow, false, &dummy, &vlan, &in_port)) {
3065 update_learning_table(br, flow, vlan, in_port);
3068 /* Account for bond slave utilization. */
3069 if (!br->has_bonded_ports) {
3072 NL_ATTR_FOR_EACH_UNSAFE (a, left, actions, actions_len) {
3073 if (nl_attr_type(a) == ODP_ACTION_ATTR_OUTPUT) {
3074 struct port *out_port = port_from_dp_ifidx(br, nl_attr_get_u32(a));
3075 if (out_port && out_port->n_ifaces >= 2 &&
3076 out_port->bond_mode != BM_AB) {
3077 uint16_t vlan = (flow->vlan_tci
3078 ? vlan_tci_to_vid(flow->vlan_tci)
3080 struct bond_entry *e = lookup_bond_entry(out_port, flow, vlan);
3081 e->tx_bytes += n_bytes;
3088 bridge_account_checkpoint_ofhook_cb(void *br_)
3090 struct bridge *br = br_;
3094 if (!br->has_bonded_ports) {
3099 for (i = 0; i < br->n_ports; i++) {
3100 struct port *port = br->ports[i];
3101 if (port->n_ifaces > 1 && port->bond_mode != BM_AB
3102 && now >= port->bond_next_rebalance) {
3103 port->bond_next_rebalance = now + port->bond_rebalance_interval;
3104 bond_rebalance_port(port);
3109 static struct ofhooks bridge_ofhooks = {
3110 bridge_normal_ofhook_cb,
3111 bridge_special_ofhook_cb,
3112 bridge_account_flow_ofhook_cb,
3113 bridge_account_checkpoint_ofhook_cb,
3116 /* LACP functions. */
3119 lacp_process_packet(const struct ofpbuf *packet, struct iface *iface)
3121 const struct lacp_pdu *pdu;
3123 if (!iface->port->lacp) {
3127 pdu = parse_lacp_packet(packet);
3132 iface->lacp_status |= LACP_CURRENT;
3133 iface->lacp_status &= ~(LACP_EXPIRED | LACP_DEFAULTED);
3134 iface->lacp_rx = time_msec() + LACP_SLOW_TIME_RX;
3136 iface->lacp_actor.state = iface_get_lacp_state(iface);
3137 if (memcmp(&iface->lacp_actor, &pdu->partner, sizeof pdu->partner)) {
3141 if (memcmp(&iface->lacp_partner, &pdu->actor, sizeof pdu->actor)) {
3142 iface->port->lacp_need_update = true;
3143 iface->lacp_partner = pdu->actor;
3148 lacp_update_ifaces(struct port *port)
3152 struct lacp_info lead_pri;
3153 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 10);
3155 port->lacp_need_update = false;
3156 COVERAGE_INC(bridge_lacp_update);
3162 VLOG_DBG_RL(&rl, "port %s: re-evaluating LACP link status", port->name);
3165 for (i = 0; i < port->n_ifaces; i++) {
3166 struct iface *iface = port->ifaces[i];
3167 struct lacp_info pri;
3169 iface->lacp_status |= LACP_ATTACHED;
3170 ofproto_revalidate(port->bridge->ofproto, iface->tag);
3172 /* Don't allow loopback interfaces to send traffic or lead. */
3173 if (eth_addr_equals(iface->lacp_partner.sysid,
3174 iface->lacp_actor.sysid)) {
3175 VLOG_WARN_RL(&rl, "iface %s: Loopback detected. Interface is "
3176 "connected to its own bridge", iface->name);
3177 iface->lacp_status &= ~LACP_ATTACHED;
3181 if (iface->lacp_status & LACP_DEFAULTED) {
3185 iface_get_lacp_priority(iface, &pri);
3187 if (!lead || memcmp(&pri, &lead_pri, sizeof pri) < 0) {
3194 port->lacp &= ~LACP_NEGOTIATED;
3198 port->lacp |= LACP_NEGOTIATED;
3200 for (i = 0; i < port->n_ifaces; i++) {
3201 struct iface *iface = port->ifaces[i];
3203 if (iface->lacp_status & LACP_DEFAULTED
3204 || lead->lacp_partner.key != iface->lacp_partner.key
3205 || !eth_addr_equals(lead->lacp_partner.sysid,
3206 iface->lacp_partner.sysid)) {
3207 iface->lacp_status &= ~LACP_ATTACHED;
3213 lacp_iface_may_tx(const struct iface *iface)
3215 return iface->port->lacp & LACP_ACTIVE
3216 || iface->lacp_status & (LACP_CURRENT | LACP_EXPIRED);
3220 lacp_run(struct bridge *br)
3223 struct ofpbuf packet;
3225 ofpbuf_init(&packet, ETH_HEADER_LEN + LACP_PDU_LEN);
3227 for (i = 0; i < br->n_ports; i++) {
3228 struct port *port = br->ports[i];
3234 for (j = 0; j < port->n_ifaces; j++) {
3235 struct iface *iface = port->ifaces[j];
3237 if (time_msec() > iface->lacp_rx) {
3238 if (iface->lacp_status & LACP_CURRENT) {
3239 iface_set_lacp_expired(iface);
3240 } else if (iface->lacp_status & LACP_EXPIRED) {
3241 iface_set_lacp_defaulted(iface);
3246 if (port->lacp_need_update) {
3247 lacp_update_ifaces(port);
3250 for (j = 0; j < port->n_ifaces; j++) {
3251 struct iface *iface = port->ifaces[j];
3252 uint8_t ea[ETH_ADDR_LEN];
3255 if (time_msec() < iface->lacp_tx || !lacp_iface_may_tx(iface)) {
3259 error = netdev_get_etheraddr(iface->netdev, ea);
3261 iface->lacp_actor.state = iface_get_lacp_state(iface);
3262 compose_lacp_packet(&packet, &iface->lacp_actor,
3263 &iface->lacp_partner, ea);
3264 iface_send_packet(iface, &packet);
3266 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 10);
3267 VLOG_ERR_RL(&rl, "iface %s: failed to obtain Ethernet address "
3268 "(%s)", iface->name, strerror(error));
3271 iface->lacp_tx = time_msec() +
3272 (iface->lacp_partner.state & LACP_STATE_TIME
3274 : LACP_SLOW_TIME_TX);
3277 ofpbuf_uninit(&packet);
3281 lacp_wait(struct bridge *br)
3285 for (i = 0; i < br->n_ports; i++) {
3286 struct port *port = br->ports[i];
3292 for (j = 0; j < port->n_ifaces; j++) {
3293 struct iface *iface = port->ifaces[j];
3295 if (lacp_iface_may_tx(iface)) {
3296 poll_timer_wait_until(iface->lacp_tx);
3299 if (iface->lacp_status & (LACP_CURRENT | LACP_EXPIRED)) {
3300 poll_timer_wait_until(iface->lacp_rx);
3306 /* Bonding functions. */
3308 /* Statistics for a single interface on a bonded port, used for load-based
3309 * bond rebalancing. */
3310 struct slave_balance {
3311 struct iface *iface; /* The interface. */
3312 uint64_t tx_bytes; /* Sum of hashes[*]->tx_bytes. */
3314 /* All the "bond_entry"s that are assigned to this interface, in order of
3315 * increasing tx_bytes. */
3316 struct bond_entry **hashes;
3321 bond_mode_to_string(enum bond_mode bm) {
3322 static char *bm_slb = "balance-slb";
3323 static char *bm_ab = "active-backup";
3324 static char *bm_tcp = "balance-tcp";
3327 case BM_SLB: return bm_slb;
3328 case BM_AB: return bm_ab;
3329 case BM_TCP: return bm_tcp;
3336 /* Sorts pointers to pointers to bond_entries in ascending order by the
3337 * interface to which they are assigned, and within a single interface in
3338 * ascending order of bytes transmitted. */
3340 compare_bond_entries(const void *a_, const void *b_)
3342 const struct bond_entry *const *ap = a_;
3343 const struct bond_entry *const *bp = b_;
3344 const struct bond_entry *a = *ap;
3345 const struct bond_entry *b = *bp;
3346 if (a->iface_idx != b->iface_idx) {
3347 return a->iface_idx > b->iface_idx ? 1 : -1;
3348 } else if (a->tx_bytes != b->tx_bytes) {
3349 return a->tx_bytes > b->tx_bytes ? 1 : -1;
3355 /* Sorts slave_balances so that enabled ports come first, and otherwise in
3356 * *descending* order by number of bytes transmitted. */
3358 compare_slave_balance(const void *a_, const void *b_)
3360 const struct slave_balance *a = a_;
3361 const struct slave_balance *b = b_;
3362 if (a->iface->enabled != b->iface->enabled) {
3363 return a->iface->enabled ? -1 : 1;
3364 } else if (a->tx_bytes != b->tx_bytes) {
3365 return a->tx_bytes > b->tx_bytes ? -1 : 1;
3372 swap_bals(struct slave_balance *a, struct slave_balance *b)
3374 struct slave_balance tmp = *a;
3379 /* Restores the 'n_bals' slave_balance structures in 'bals' to sorted order
3380 * given that 'p' (and only 'p') might be in the wrong location.
3382 * This function invalidates 'p', since it might now be in a different memory
3385 resort_bals(struct slave_balance *p,
3386 struct slave_balance bals[], size_t n_bals)
3389 for (; p > bals && p->tx_bytes > p[-1].tx_bytes; p--) {
3390 swap_bals(p, p - 1);
3392 for (; p < &bals[n_bals - 1] && p->tx_bytes < p[1].tx_bytes; p++) {
3393 swap_bals(p, p + 1);
3399 log_bals(const struct slave_balance *bals, size_t n_bals, struct port *port)
3401 if (VLOG_IS_DBG_ENABLED()) {
3402 struct ds ds = DS_EMPTY_INITIALIZER;
3403 const struct slave_balance *b;
3405 for (b = bals; b < bals + n_bals; b++) {
3409 ds_put_char(&ds, ',');
3411 ds_put_format(&ds, " %s %"PRIu64"kB",
3412 b->iface->name, b->tx_bytes / 1024);
3414 if (!b->iface->enabled) {
3415 ds_put_cstr(&ds, " (disabled)");
3417 if (b->n_hashes > 0) {
3418 ds_put_cstr(&ds, " (");
3419 for (i = 0; i < b->n_hashes; i++) {
3420 const struct bond_entry *e = b->hashes[i];
3422 ds_put_cstr(&ds, " + ");
3424 ds_put_format(&ds, "h%td: %"PRIu64"kB",
3425 e - port->bond_hash, e->tx_bytes / 1024);
3427 ds_put_cstr(&ds, ")");
3430 VLOG_DBG("bond %s:%s", port->name, ds_cstr(&ds));
3435 /* Shifts 'hash' from 'from' to 'to' within 'port'. */
3437 bond_shift_load(struct slave_balance *from, struct slave_balance *to,
3440 struct bond_entry *hash = from->hashes[hash_idx];
3441 struct port *port = from->iface->port;
3442 uint64_t delta = hash->tx_bytes;
3444 assert(port->bond_mode != BM_AB);
3446 VLOG_INFO("bond %s: shift %"PRIu64"kB of load (with hash %td) "
3447 "from %s to %s (now carrying %"PRIu64"kB and "
3448 "%"PRIu64"kB load, respectively)",
3449 port->name, delta / 1024, hash - port->bond_hash,
3450 from->iface->name, to->iface->name,
3451 (from->tx_bytes - delta) / 1024,
3452 (to->tx_bytes + delta) / 1024);
3454 /* Delete element from from->hashes.
3456 * We don't bother to add the element to to->hashes because not only would
3457 * it require more work, the only purpose it would be to allow that hash to
3458 * be migrated to another slave in this rebalancing run, and there is no
3459 * point in doing that. */
3460 if (hash_idx == 0) {
3463 memmove(from->hashes + hash_idx, from->hashes + hash_idx + 1,
3464 (from->n_hashes - (hash_idx + 1)) * sizeof *from->hashes);
3468 /* Shift load away from 'from' to 'to'. */
3469 from->tx_bytes -= delta;
3470 to->tx_bytes += delta;
3472 /* Arrange for flows to be revalidated. */
3473 ofproto_revalidate(port->bridge->ofproto, hash->iface_tag);
3474 hash->iface_idx = to->iface->port_ifidx;
3475 hash->iface_tag = tag_create_random();
3479 bond_rebalance_port(struct port *port)
3481 struct slave_balance *bals;
3483 struct bond_entry *hashes[BOND_MASK + 1];
3484 struct slave_balance *b, *from, *to;
3485 struct bond_entry *e;
3488 assert(port->bond_mode != BM_AB);
3490 /* Sets up 'bals' to describe each of the port's interfaces, sorted in
3491 * descending order of tx_bytes, so that bals[0] represents the most
3492 * heavily loaded slave and bals[n_bals - 1] represents the least heavily
3495 * The code is a bit tricky: to avoid dynamically allocating a 'hashes'
3496 * array for each slave_balance structure, we sort our local array of
3497 * hashes in order by slave, so that all of the hashes for a given slave
3498 * become contiguous in memory, and then we point each 'hashes' members of
3499 * a slave_balance structure to the start of a contiguous group. */
3500 n_bals = port->n_ifaces;
3501 bals = xmalloc(n_bals * sizeof *bals);
3502 for (b = bals; b < &bals[n_bals]; b++) {
3503 b->iface = port->ifaces[b - bals];
3508 for (i = 0; i <= BOND_MASK; i++) {
3509 hashes[i] = &port->bond_hash[i];
3511 qsort(hashes, BOND_MASK + 1, sizeof *hashes, compare_bond_entries);
3512 for (i = 0; i <= BOND_MASK; i++) {
3514 if (e->iface_idx >= 0 && e->iface_idx < port->n_ifaces) {
3515 b = &bals[e->iface_idx];
3516 b->tx_bytes += e->tx_bytes;
3518 b->hashes = &hashes[i];
3523 qsort(bals, n_bals, sizeof *bals, compare_slave_balance);
3524 log_bals(bals, n_bals, port);
3526 /* Discard slaves that aren't enabled (which were sorted to the back of the
3527 * array earlier). */
3528 while (!bals[n_bals - 1].iface->enabled) {
3535 /* Shift load from the most-loaded slaves to the least-loaded slaves. */
3536 to = &bals[n_bals - 1];
3537 for (from = bals; from < to; ) {
3538 uint64_t overload = from->tx_bytes - to->tx_bytes;
3539 if (overload < to->tx_bytes >> 5 || overload < 100000) {
3540 /* The extra load on 'from' (and all less-loaded slaves), compared
3541 * to that of 'to' (the least-loaded slave), is less than ~3%, or
3542 * it is less than ~1Mbps. No point in rebalancing. */
3544 } else if (from->n_hashes == 1) {
3545 /* 'from' only carries a single MAC hash, so we can't shift any
3546 * load away from it, even though we want to. */
3549 /* 'from' is carrying significantly more load than 'to', and that
3550 * load is split across at least two different hashes. Pick a hash
3551 * to migrate to 'to' (the least-loaded slave), given that doing so
3552 * must decrease the ratio of the load on the two slaves by at
3555 * The sort order we use means that we prefer to shift away the
3556 * smallest hashes instead of the biggest ones. There is little
3557 * reason behind this decision; we could use the opposite sort
3558 * order to shift away big hashes ahead of small ones. */
3561 for (i = 0; i < from->n_hashes; i++) {
3562 double old_ratio, new_ratio;
3563 uint64_t delta = from->hashes[i]->tx_bytes;
3565 if (delta == 0 || from->tx_bytes - delta == 0) {
3566 /* Pointless move. */
3570 order_swapped = from->tx_bytes - delta < to->tx_bytes + delta;
3572 if (to->tx_bytes == 0) {
3573 /* Nothing on the new slave, move it. */
3577 old_ratio = (double)from->tx_bytes / to->tx_bytes;
3578 new_ratio = (double)(from->tx_bytes - delta) /
3579 (to->tx_bytes + delta);
3581 if (new_ratio == 0) {
3582 /* Should already be covered but check to prevent division
3587 if (new_ratio < 1) {
3588 new_ratio = 1 / new_ratio;
3591 if (old_ratio - new_ratio > 0.1) {
3592 /* Would decrease the ratio, move it. */
3596 if (i < from->n_hashes) {
3597 bond_shift_load(from, to, i);
3598 port->bond_compat_is_stale = true;
3600 /* If the result of the migration changed the relative order of
3601 * 'from' and 'to' swap them back to maintain invariants. */
3602 if (order_swapped) {
3603 swap_bals(from, to);
3606 /* Re-sort 'bals'. Note that this may make 'from' and 'to'
3607 * point to different slave_balance structures. It is only
3608 * valid to do these two operations in a row at all because we
3609 * know that 'from' will not move past 'to' and vice versa. */
3610 resort_bals(from, bals, n_bals);
3611 resort_bals(to, bals, n_bals);
3618 /* Implement exponentially weighted moving average. A weight of 1/2 causes
3619 * historical data to decay to <1% in 7 rebalancing runs. */
3620 for (e = &port->bond_hash[0]; e <= &port->bond_hash[BOND_MASK]; e++) {
3629 bond_send_learning_packets(struct port *port)
3631 struct bridge *br = port->bridge;
3632 struct mac_entry *e;
3633 struct ofpbuf packet;
3634 int error, n_packets, n_errors;
3636 if (!port->n_ifaces || port->active_iface < 0 || bond_is_tcp_hash(port)) {
3640 ofpbuf_init(&packet, 128);
3641 error = n_packets = n_errors = 0;
3642 LIST_FOR_EACH (e, lru_node, &br->ml->lrus) {
3643 union ofp_action actions[2], *a;
3649 if (e->port == port->port_idx) {
3653 compose_benign_packet(&packet, "Open vSwitch Bond Failover", 0xf177,
3655 flow_extract(&packet, 0, ODPP_NONE, &flow);
3657 if (!choose_output_iface(port, &flow, e->vlan, &dp_ifidx, &tags)) {
3661 /* Compose actions. */
3662 memset(actions, 0, sizeof actions);
3665 a->vlan_vid.type = htons(OFPAT_SET_VLAN_VID);
3666 a->vlan_vid.len = htons(sizeof *a);
3667 a->vlan_vid.vlan_vid = htons(e->vlan);
3670 a->output.type = htons(OFPAT_OUTPUT);
3671 a->output.len = htons(sizeof *a);
3672 a->output.port = htons(odp_port_to_ofp_port(dp_ifidx));
3677 retval = ofproto_send_packet(br->ofproto, &flow, actions, a - actions,
3684 ofpbuf_uninit(&packet);
3687 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
3688 VLOG_WARN_RL(&rl, "bond %s: %d errors sending %d gratuitous learning "
3689 "packets, last error was: %s",
3690 port->name, n_errors, n_packets, strerror(error));
3692 VLOG_DBG("bond %s: sent %d gratuitous learning packets",
3693 port->name, n_packets);
3697 /* Bonding unixctl user interface functions. */
3700 bond_unixctl_list(struct unixctl_conn *conn,
3701 const char *args OVS_UNUSED, void *aux OVS_UNUSED)
3703 struct ds ds = DS_EMPTY_INITIALIZER;
3704 const struct bridge *br;
3706 ds_put_cstr(&ds, "bridge\tbond\ttype\tslaves\n");
3708 LIST_FOR_EACH (br, node, &all_bridges) {
3711 for (i = 0; i < br->n_ports; i++) {
3712 const struct port *port = br->ports[i];
3713 if (port->n_ifaces > 1) {
3716 ds_put_format(&ds, "%s\t%s\t%s\t", br->name, port->name,
3717 bond_mode_to_string(port->bond_mode));
3718 for (j = 0; j < port->n_ifaces; j++) {
3719 const struct iface *iface = port->ifaces[j];
3721 ds_put_cstr(&ds, ", ");
3723 ds_put_cstr(&ds, iface->name);
3725 ds_put_char(&ds, '\n');
3729 unixctl_command_reply(conn, 200, ds_cstr(&ds));
3733 static struct port *
3734 bond_find(const char *name)
3736 const struct bridge *br;
3738 LIST_FOR_EACH (br, node, &all_bridges) {
3741 for (i = 0; i < br->n_ports; i++) {
3742 struct port *port = br->ports[i];
3743 if (!strcmp(port->name, name) && port->n_ifaces > 1) {
3752 ds_put_lacp_state(struct ds *ds, uint8_t state)
3754 if (state & LACP_STATE_ACT) {
3755 ds_put_cstr(ds, "activity ");
3758 if (state & LACP_STATE_TIME) {
3759 ds_put_cstr(ds, "timeout ");
3762 if (state & LACP_STATE_AGG) {
3763 ds_put_cstr(ds, "aggregation ");
3766 if (state & LACP_STATE_SYNC) {
3767 ds_put_cstr(ds, "synchronized ");
3770 if (state & LACP_STATE_COL) {
3771 ds_put_cstr(ds, "collecting ");
3774 if (state & LACP_STATE_DIST) {
3775 ds_put_cstr(ds, "distributing ");
3778 if (state & LACP_STATE_DEF) {
3779 ds_put_cstr(ds, "defaulted ");
3782 if (state & LACP_STATE_EXP) {
3783 ds_put_cstr(ds, "expired ");
3788 bond_unixctl_show(struct unixctl_conn *conn,
3789 const char *args, void *aux OVS_UNUSED)
3791 struct ds ds = DS_EMPTY_INITIALIZER;
3792 const struct port *port;
3795 port = bond_find(args);
3797 unixctl_command_reply(conn, 501, "no such bond");
3801 ds_put_format(&ds, "bond_mode: %s\n",
3802 bond_mode_to_string(port->bond_mode));
3805 ds_put_format(&ds, "lacp: %s\n",
3806 port->lacp & LACP_ACTIVE ? "active" : "passive");
3808 ds_put_cstr(&ds, "lacp: off\n");
3811 if (port->bond_mode != BM_AB) {
3812 ds_put_format(&ds, "bond-hash-algorithm: %s\n",
3813 bond_is_tcp_hash(port) ? "balance-tcp" : "balance-slb");
3817 ds_put_format(&ds, "bond-detect-mode: %s\n",
3818 port->miimon ? "miimon" : "carrier");
3821 ds_put_format(&ds, "bond-miimon-interval: %lld\n",
3822 port->bond_miimon_interval);
3825 ds_put_format(&ds, "updelay: %d ms\n", port->updelay);
3826 ds_put_format(&ds, "downdelay: %d ms\n", port->downdelay);
3828 if (port->bond_mode != BM_AB) {
3829 ds_put_format(&ds, "next rebalance: %lld ms\n",
3830 port->bond_next_rebalance - time_msec());
3833 for (j = 0; j < port->n_ifaces; j++) {
3834 const struct iface *iface = port->ifaces[j];
3835 struct bond_entry *be;
3839 ds_put_format(&ds, "\nslave %s: %s\n",
3840 iface->name, iface->enabled ? "enabled" : "disabled");
3841 if (j == port->active_iface) {
3842 ds_put_cstr(&ds, "\tactive slave\n");
3844 if (iface->delay_expires != LLONG_MAX) {
3845 ds_put_format(&ds, "\t%s expires in %lld ms\n",
3846 iface->enabled ? "downdelay" : "updelay",
3847 iface->delay_expires - time_msec());
3851 ds_put_cstr(&ds, "\tstatus: ");
3853 if (iface->lacp_status & LACP_CURRENT) {
3854 ds_put_cstr(&ds, "current ");
3857 if (iface->lacp_status & LACP_EXPIRED) {
3858 ds_put_cstr(&ds, "expired ");
3861 if (iface->lacp_status & LACP_DEFAULTED) {
3862 ds_put_cstr(&ds, "defaulted ");
3865 if (iface->lacp_status & LACP_ATTACHED) {
3866 ds_put_cstr(&ds, "attached ");
3869 ds_put_cstr(&ds, "\n");
3871 ds_put_cstr(&ds, "\n\tactor sysid: ");
3872 ds_put_format(&ds, ETH_ADDR_FMT,
3873 ETH_ADDR_ARGS(iface->lacp_actor.sysid));
3874 ds_put_cstr(&ds, "\n");
3876 ds_put_format(&ds, "\tactor sys_priority: %u\n",
3877 ntohs(iface->lacp_actor.sys_priority));
3879 ds_put_format(&ds, "\tactor portid: %u\n",
3880 ntohs(iface->lacp_actor.portid));
3882 ds_put_format(&ds, "\tactor port_priority: %u\n",
3883 ntohs(iface->lacp_actor.port_priority));
3885 ds_put_format(&ds, "\tactor key: %u\n",
3886 ntohs(iface->lacp_actor.key));
3888 ds_put_cstr(&ds, "\tactor state: ");
3889 ds_put_lacp_state(&ds, iface_get_lacp_state(iface));
3890 ds_put_cstr(&ds, "\n\n");
3892 ds_put_cstr(&ds, "\tpartner sysid: ");
3893 ds_put_format(&ds, ETH_ADDR_FMT,
3894 ETH_ADDR_ARGS(iface->lacp_partner.sysid));
3895 ds_put_cstr(&ds, "\n");
3897 ds_put_format(&ds, "\tpartner sys_priority: %u\n",
3898 ntohs(iface->lacp_partner.sys_priority));
3900 ds_put_format(&ds, "\tpartner portid: %u\n",
3901 ntohs(iface->lacp_partner.portid));
3903 ds_put_format(&ds, "\tpartner port_priority: %u\n",
3904 ntohs(iface->lacp_partner.port_priority));
3906 ds_put_format(&ds, "\tpartner key: %u\n",
3907 ntohs(iface->lacp_partner.key));
3909 ds_put_cstr(&ds, "\tpartner state: ");
3910 ds_put_lacp_state(&ds, iface->lacp_partner.state);
3911 ds_put_cstr(&ds, "\n");
3914 if (port->bond_mode == BM_AB) {
3919 memset(&flow, 0, sizeof flow);
3920 for (be = port->bond_hash; be <= &port->bond_hash[BOND_MASK]; be++) {
3921 int hash = be - port->bond_hash;
3922 struct mac_entry *me;
3924 if (be->iface_idx != j) {
3928 ds_put_format(&ds, "\thash %d: %"PRIu64" kB load\n",
3929 hash, be->tx_bytes / 1024);
3931 if (port->bond_mode != BM_SLB) {
3936 LIST_FOR_EACH (me, lru_node, &port->bridge->ml->lrus) {
3940 memcpy(flow.dl_src, me->mac, ETH_ADDR_LEN);
3941 if (bond_hash_src(me->mac, me->vlan) == hash
3942 && me->port != port->port_idx
3943 && choose_output_iface(port, &flow, me->vlan,
3945 && dp_ifidx == iface->dp_ifidx)
3947 ds_put_format(&ds, "\t\t"ETH_ADDR_FMT"\n",
3948 ETH_ADDR_ARGS(me->mac));
3953 unixctl_command_reply(conn, 200, ds_cstr(&ds));
3958 bond_unixctl_migrate(struct unixctl_conn *conn, const char *args_,
3959 void *aux OVS_UNUSED)
3961 char *args = (char *) args_;
3962 char *save_ptr = NULL;
3963 char *bond_s, *hash_s, *slave_s;
3965 struct iface *iface;
3966 struct bond_entry *entry;
3969 bond_s = strtok_r(args, " ", &save_ptr);
3970 hash_s = strtok_r(NULL, " ", &save_ptr);
3971 slave_s = strtok_r(NULL, " ", &save_ptr);
3973 unixctl_command_reply(conn, 501,
3974 "usage: bond/migrate BOND HASH SLAVE");
3978 port = bond_find(bond_s);
3980 unixctl_command_reply(conn, 501, "no such bond");
3984 if (port->bond_mode != BM_SLB) {
3985 unixctl_command_reply(conn, 501, "not an SLB bond");
3989 if (strspn(hash_s, "0123456789") == strlen(hash_s)) {
3990 hash = atoi(hash_s) & BOND_MASK;
3992 unixctl_command_reply(conn, 501, "bad hash");
3996 iface = port_lookup_iface(port, slave_s);
3998 unixctl_command_reply(conn, 501, "no such slave");
4002 if (!iface->enabled) {
4003 unixctl_command_reply(conn, 501, "cannot migrate to disabled slave");
4007 entry = &port->bond_hash[hash];
4008 ofproto_revalidate(port->bridge->ofproto, entry->iface_tag);
4009 entry->iface_idx = iface->port_ifidx;
4010 entry->iface_tag = tag_create_random();
4011 port->bond_compat_is_stale = true;
4012 unixctl_command_reply(conn, 200, "migrated");
4016 bond_unixctl_set_active_slave(struct unixctl_conn *conn, const char *args_,
4017 void *aux OVS_UNUSED)
4019 char *args = (char *) args_;
4020 char *save_ptr = NULL;
4021 char *bond_s, *slave_s;
4023 struct iface *iface;
4025 bond_s = strtok_r(args, " ", &save_ptr);
4026 slave_s = strtok_r(NULL, " ", &save_ptr);
4028 unixctl_command_reply(conn, 501,
4029 "usage: bond/set-active-slave BOND SLAVE");
4033 port = bond_find(bond_s);
4035 unixctl_command_reply(conn, 501, "no such bond");
4039 iface = port_lookup_iface(port, slave_s);
4041 unixctl_command_reply(conn, 501, "no such slave");
4045 if (!iface->enabled) {
4046 unixctl_command_reply(conn, 501, "cannot make disabled slave active");
4050 if (port->active_iface != iface->port_ifidx) {
4051 ofproto_revalidate(port->bridge->ofproto, port->active_iface_tag);
4052 port->active_iface = iface->port_ifidx;
4053 port->active_iface_tag = tag_create_random();
4054 VLOG_INFO("port %s: active interface is now %s",
4055 port->name, iface->name);
4056 bond_send_learning_packets(port);
4057 unixctl_command_reply(conn, 200, "done");
4059 unixctl_command_reply(conn, 200, "no change");
4064 enable_slave(struct unixctl_conn *conn, const char *args_, bool enable)
4066 char *args = (char *) args_;
4067 char *save_ptr = NULL;
4068 char *bond_s, *slave_s;
4070 struct iface *iface;
4072 bond_s = strtok_r(args, " ", &save_ptr);
4073 slave_s = strtok_r(NULL, " ", &save_ptr);
4075 unixctl_command_reply(conn, 501,
4076 "usage: bond/enable/disable-slave BOND SLAVE");
4080 port = bond_find(bond_s);
4082 unixctl_command_reply(conn, 501, "no such bond");
4086 iface = port_lookup_iface(port, slave_s);
4088 unixctl_command_reply(conn, 501, "no such slave");
4092 bond_enable_slave(iface, enable);
4093 unixctl_command_reply(conn, 501, enable ? "enabled" : "disabled");
4097 bond_unixctl_enable_slave(struct unixctl_conn *conn, const char *args,
4098 void *aux OVS_UNUSED)
4100 enable_slave(conn, args, true);
4104 bond_unixctl_disable_slave(struct unixctl_conn *conn, const char *args,
4105 void *aux OVS_UNUSED)
4107 enable_slave(conn, args, false);
4111 bond_unixctl_hash(struct unixctl_conn *conn, const char *args_,
4112 void *aux OVS_UNUSED)
4114 char *args = (char *) args_;
4115 uint8_t mac[ETH_ADDR_LEN];
4119 char *mac_s, *vlan_s;
4120 char *save_ptr = NULL;
4122 mac_s = strtok_r(args, " ", &save_ptr);
4123 vlan_s = strtok_r(NULL, " ", &save_ptr);
4126 if (sscanf(vlan_s, "%u", &vlan) != 1) {
4127 unixctl_command_reply(conn, 501, "invalid vlan");
4131 vlan = OFP_VLAN_NONE;
4134 if (sscanf(mac_s, ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))
4135 == ETH_ADDR_SCAN_COUNT) {
4136 hash = bond_hash_src(mac, vlan);
4138 hash_cstr = xasprintf("%u", hash);
4139 unixctl_command_reply(conn, 200, hash_cstr);
4142 unixctl_command_reply(conn, 501, "invalid mac");
4149 unixctl_command_register("bond/list", bond_unixctl_list, NULL);
4150 unixctl_command_register("bond/show", bond_unixctl_show, NULL);
4151 unixctl_command_register("bond/migrate", bond_unixctl_migrate, NULL);
4152 unixctl_command_register("bond/set-active-slave",
4153 bond_unixctl_set_active_slave, NULL);
4154 unixctl_command_register("bond/enable-slave", bond_unixctl_enable_slave,
4156 unixctl_command_register("bond/disable-slave", bond_unixctl_disable_slave,
4158 unixctl_command_register("bond/hash", bond_unixctl_hash, NULL);
4161 /* Port functions. */
4163 static struct port *
4164 port_create(struct bridge *br, const char *name)
4168 port = xzalloc(sizeof *port);
4170 port->port_idx = br->n_ports;
4172 port->trunks = NULL;
4173 port->name = xstrdup(name);
4174 port->active_iface = -1;
4176 if (br->n_ports >= br->allocated_ports) {
4177 br->ports = x2nrealloc(br->ports, &br->allocated_ports,
4180 br->ports[br->n_ports++] = port;
4181 shash_add_assert(&br->port_by_name, port->name, port);
4183 VLOG_INFO("created port %s on bridge %s", port->name, br->name);
4190 get_port_other_config(const struct ovsrec_port *port, const char *key,
4191 const char *default_value)
4195 value = get_ovsrec_key_value(&port->header_, &ovsrec_port_col_other_config,
4197 return value ? value : default_value;
4201 get_interface_other_config(const struct ovsrec_interface *iface,
4202 const char *key, const char *default_value)
4206 value = get_ovsrec_key_value(&iface->header_,
4207 &ovsrec_interface_col_other_config, key);
4208 return value ? value : default_value;
4212 port_del_ifaces(struct port *port, const struct ovsrec_port *cfg)
4214 struct shash new_ifaces;
4217 /* Collect list of new interfaces. */
4218 shash_init(&new_ifaces);
4219 for (i = 0; i < cfg->n_interfaces; i++) {
4220 const char *name = cfg->interfaces[i]->name;
4221 shash_add_once(&new_ifaces, name, NULL);
4224 /* Get rid of deleted interfaces. */
4225 for (i = 0; i < port->n_ifaces; ) {
4226 if (!shash_find(&new_ifaces, cfg->interfaces[i]->name)) {
4227 iface_destroy(port->ifaces[i]);
4233 shash_destroy(&new_ifaces);
4237 port_reconfigure(struct port *port, const struct ovsrec_port *cfg)
4239 const char *detect_mode;
4240 struct shash new_ifaces;
4241 long long int next_rebalance, miimon_next_update, lacp_priority;
4242 unsigned long *trunks;
4248 /* Update settings. */
4249 port->updelay = cfg->bond_updelay;
4250 if (port->updelay < 0) {
4253 port->downdelay = cfg->bond_downdelay;
4254 if (port->downdelay < 0) {
4255 port->downdelay = 0;
4257 port->bond_rebalance_interval = atoi(
4258 get_port_other_config(cfg, "bond-rebalance-interval", "10000"));
4259 if (port->bond_rebalance_interval < 1000) {
4260 port->bond_rebalance_interval = 1000;
4262 next_rebalance = time_msec() + port->bond_rebalance_interval;
4263 if (port->bond_next_rebalance > next_rebalance) {
4264 port->bond_next_rebalance = next_rebalance;
4267 detect_mode = get_port_other_config(cfg, "bond-detect-mode",
4270 if (!strcmp(detect_mode, "carrier")) {
4271 port->miimon = false;
4272 } else if (!strcmp(detect_mode, "miimon")) {
4273 port->miimon = true;
4275 port->miimon = false;
4276 VLOG_WARN("port %s: unsupported bond-detect-mode %s, defaulting to "
4277 "carrier", port->name, detect_mode);
4280 port->bond_miimon_interval = atoi(
4281 get_port_other_config(cfg, "bond-miimon-interval", "200"));
4282 if (port->bond_miimon_interval < 100) {
4283 port->bond_miimon_interval = 100;
4285 miimon_next_update = time_msec() + port->bond_miimon_interval;
4286 if (port->bond_miimon_next_update > miimon_next_update) {
4287 port->bond_miimon_next_update = miimon_next_update;
4290 if (!port->cfg->bond_mode ||
4291 !strcmp(port->cfg->bond_mode, bond_mode_to_string(BM_SLB))) {
4292 port->bond_mode = BM_SLB;
4293 } else if (!strcmp(port->cfg->bond_mode, bond_mode_to_string(BM_AB))) {
4294 port->bond_mode = BM_AB;
4295 } else if (!strcmp(port->cfg->bond_mode, bond_mode_to_string(BM_TCP))) {
4296 port->bond_mode = BM_TCP;
4298 port->bond_mode = BM_SLB;
4299 VLOG_WARN("port %s: unknown bond_mode %s, defaulting to %s",
4300 port->name, port->cfg->bond_mode,
4301 bond_mode_to_string(port->bond_mode));
4304 /* Add new interfaces and update 'cfg' member of existing ones. */
4305 shash_init(&new_ifaces);
4306 for (i = 0; i < cfg->n_interfaces; i++) {
4307 const struct ovsrec_interface *if_cfg = cfg->interfaces[i];
4308 struct iface *iface;
4310 if (!shash_add_once(&new_ifaces, if_cfg->name, NULL)) {
4311 VLOG_WARN("port %s: %s specified twice as port interface",
4312 port->name, if_cfg->name);
4313 iface_set_ofport(if_cfg, -1);
4317 iface = iface_lookup(port->bridge, if_cfg->name);
4319 if (iface->port != port) {
4320 VLOG_ERR("bridge %s: %s interface is on multiple ports, "
4322 port->bridge->name, if_cfg->name, iface->port->name);
4325 iface->cfg = if_cfg;
4327 iface = iface_create(port, if_cfg);
4330 /* Determine interface type. The local port always has type
4331 * "internal". Other ports take their type from the database and
4332 * default to "system" if none is specified. */
4333 iface->type = (!strcmp(if_cfg->name, port->bridge->name) ? "internal"
4334 : if_cfg->type[0] ? if_cfg->type
4338 atoi(get_interface_other_config(if_cfg, "lacp-port-priority",
4341 if (lacp_priority <= 0 || lacp_priority > UINT16_MAX) {
4342 iface->lacp_priority = UINT16_MAX;
4344 iface->lacp_priority = lacp_priority;
4347 shash_destroy(&new_ifaces);
4350 atoi(get_port_other_config(cfg, "lacp-system-priority", "0"));
4352 if (lacp_priority <= 0 || lacp_priority > UINT16_MAX) {
4353 /* Prefer bondable links if unspecified. */
4354 port->lacp_priority = port->n_ifaces > 1 ? UINT16_MAX - 1 : UINT16_MAX;
4356 port->lacp_priority = lacp_priority;
4359 if (!port->cfg->lacp) {
4360 /* XXX when LACP implementation has been sufficiently tested, enable by
4361 * default and make active on bonded ports. */
4363 } else if (!strcmp(port->cfg->lacp, "off")) {
4365 } else if (!strcmp(port->cfg->lacp, "active")) {
4366 port->lacp = LACP_ACTIVE;
4367 } else if (!strcmp(port->cfg->lacp, "passive")) {
4368 port->lacp = LACP_PASSIVE;
4370 VLOG_WARN("port %s: unknown LACP mode %s",
4371 port->name, port->cfg->lacp);
4378 if (port->n_ifaces < 2) {
4380 if (vlan >= 0 && vlan <= 4095) {
4381 VLOG_DBG("port %s: assigning VLAN tag %d", port->name, vlan);
4386 /* It's possible that bonded, VLAN-tagged ports make sense. Maybe
4387 * they even work as-is. But they have not been tested. */
4388 VLOG_WARN("port %s: VLAN tags not supported on bonded ports",
4392 if (port->vlan != vlan) {
4394 bridge_flush(port->bridge);
4397 /* Get trunked VLANs. */
4399 if (vlan < 0 && cfg->n_trunks) {
4402 trunks = bitmap_allocate(4096);
4404 for (i = 0; i < cfg->n_trunks; i++) {
4405 int trunk = cfg->trunks[i];
4407 bitmap_set1(trunks, trunk);
4413 VLOG_ERR("port %s: invalid values for %zu trunk VLANs",
4414 port->name, cfg->n_trunks);
4416 if (n_errors == cfg->n_trunks) {
4417 VLOG_ERR("port %s: no valid trunks, trunking all VLANs",
4419 bitmap_free(trunks);
4422 } else if (vlan >= 0 && cfg->n_trunks) {
4423 VLOG_ERR("port %s: ignoring trunks in favor of implicit vlan",
4427 ? port->trunks != NULL
4428 : port->trunks == NULL || !bitmap_equal(trunks, port->trunks, 4096)) {
4429 bridge_flush(port->bridge);
4431 bitmap_free(port->trunks);
4432 port->trunks = trunks;
4436 port_destroy(struct port *port)
4439 struct bridge *br = port->bridge;
4443 proc_net_compat_update_vlan(port->name, NULL, 0);
4444 proc_net_compat_update_bond(port->name, NULL);
4446 for (i = 0; i < MAX_MIRRORS; i++) {
4447 struct mirror *m = br->mirrors[i];
4448 if (m && m->out_port == port) {
4453 while (port->n_ifaces > 0) {
4454 iface_destroy(port->ifaces[port->n_ifaces - 1]);
4457 shash_find_and_delete_assert(&br->port_by_name, port->name);
4459 del = br->ports[port->port_idx] = br->ports[--br->n_ports];
4460 del->port_idx = port->port_idx;
4462 VLOG_INFO("destroyed port %s on bridge %s", port->name, br->name);
4464 netdev_monitor_destroy(port->monitor);
4466 bitmap_free(port->trunks);
4473 static struct port *
4474 port_from_dp_ifidx(const struct bridge *br, uint16_t dp_ifidx)
4476 struct iface *iface = iface_from_dp_ifidx(br, dp_ifidx);
4477 return iface ? iface->port : NULL;
4480 static struct port *
4481 port_lookup(const struct bridge *br, const char *name)
4483 return shash_find_data(&br->port_by_name, name);
4486 static struct iface *
4487 port_lookup_iface(const struct port *port, const char *name)
4489 struct iface *iface = iface_lookup(port->bridge, name);
4490 return iface && iface->port == port ? iface : NULL;
4494 port_update_lacp(struct port *port)
4499 if (!port->lacp || port->n_ifaces < 1) {
4500 for (i = 0; i < port->n_ifaces; i++) {
4501 iface_set_lacp_defaulted(port->ifaces[i]);
4507 for (i = 0; i < port->n_ifaces; i++) {
4508 struct iface *iface = port->ifaces[i];
4510 if (iface->dp_ifidx <= 0 || iface->dp_ifidx > UINT16_MAX) {
4515 if (iface->dp_ifidx == port->lacp_key) {
4516 key_changed = false;
4521 port->lacp_key = port->ifaces[0]->dp_ifidx;
4524 for (i = 0; i < port->n_ifaces; i++) {
4525 struct iface *iface = port->ifaces[i];
4527 iface->lacp_actor.sys_priority = htons(port->lacp_priority);
4528 memcpy(&iface->lacp_actor.sysid, port->bridge->ea, ETH_ADDR_LEN);
4530 iface->lacp_actor.port_priority = htons(iface->lacp_priority);
4531 iface->lacp_actor.portid = htons(iface->dp_ifidx);
4532 iface->lacp_actor.key = htons(port->lacp_key);
4536 port->lacp_need_update = true;
4540 port_update_bonding(struct port *port)
4542 if (port->monitor) {
4543 netdev_monitor_destroy(port->monitor);
4544 port->monitor = NULL;
4546 if (port->n_ifaces < 2) {
4547 /* Not a bonded port. */
4548 if (port->bond_hash) {
4549 free(port->bond_hash);
4550 port->bond_hash = NULL;
4551 port->bond_compat_is_stale = true;
4554 port->bond_fake_iface = false;
4558 if (port->bond_mode != BM_AB && !port->bond_hash) {
4559 port->bond_hash = xcalloc(BOND_MASK + 1, sizeof *port->bond_hash);
4560 for (i = 0; i <= BOND_MASK; i++) {
4561 struct bond_entry *e = &port->bond_hash[i];
4565 port->no_ifaces_tag = tag_create_random();
4566 bond_choose_active_iface(port);
4567 port->bond_next_rebalance
4568 = time_msec() + port->bond_rebalance_interval;
4570 if (port->cfg->bond_fake_iface) {
4571 port->bond_next_fake_iface_update = time_msec();
4573 } else if (port->bond_mode == BM_AB) {
4574 free(port->bond_hash);
4575 port->bond_hash = NULL;
4577 port->bond_compat_is_stale = true;
4578 port->bond_fake_iface = port->cfg->bond_fake_iface;
4580 if (!port->miimon) {
4581 port->monitor = netdev_monitor_create();
4582 for (i = 0; i < port->n_ifaces; i++) {
4583 netdev_monitor_add(port->monitor, port->ifaces[i]->netdev);
4590 port_update_bond_compat(struct port *port)
4592 struct compat_bond_hash compat_hashes[BOND_MASK + 1];
4593 struct compat_bond bond;
4596 if (port->n_ifaces < 2 || port->bond_mode != BM_SLB) {
4597 proc_net_compat_update_bond(port->name, NULL);
4602 bond.updelay = port->updelay;
4603 bond.downdelay = port->downdelay;
4606 bond.hashes = compat_hashes;
4607 if (port->bond_hash) {
4608 const struct bond_entry *e;
4609 for (e = port->bond_hash; e <= &port->bond_hash[BOND_MASK]; e++) {
4610 if (e->iface_idx >= 0 && e->iface_idx < port->n_ifaces) {
4611 struct compat_bond_hash *cbh = &bond.hashes[bond.n_hashes++];
4612 cbh->hash = e - port->bond_hash;
4613 cbh->netdev_name = port->ifaces[e->iface_idx]->name;
4618 bond.n_slaves = port->n_ifaces;
4619 bond.slaves = xmalloc(port->n_ifaces * sizeof *bond.slaves);
4620 for (i = 0; i < port->n_ifaces; i++) {
4621 struct iface *iface = port->ifaces[i];
4622 struct compat_bond_slave *slave = &bond.slaves[i];
4623 slave->name = iface->name;
4625 /* We need to make the same determination as the Linux bonding
4626 * code to determine whether a slave should be consider "up".
4627 * The Linux function bond_miimon_inspect() supports four
4628 * BOND_LINK_* states:
4630 * - BOND_LINK_UP: carrier detected, updelay has passed.
4631 * - BOND_LINK_FAIL: carrier lost, downdelay in progress.
4632 * - BOND_LINK_DOWN: carrier lost, downdelay has passed.
4633 * - BOND_LINK_BACK: carrier detected, updelay in progress.
4635 * The function bond_info_show_slave() only considers BOND_LINK_UP
4636 * to be "up" and anything else to be "down".
4638 slave->up = iface->enabled && iface->delay_expires == LLONG_MAX;
4642 netdev_get_etheraddr(iface->netdev, slave->mac);
4645 if (port->bond_fake_iface) {
4646 struct netdev *bond_netdev;
4648 if (!netdev_open_default(port->name, &bond_netdev)) {
4650 netdev_turn_flags_on(bond_netdev, NETDEV_UP, true);
4652 netdev_turn_flags_off(bond_netdev, NETDEV_UP, true);
4654 netdev_close(bond_netdev);
4658 proc_net_compat_update_bond(port->name, &bond);
4663 port_update_vlan_compat(struct port *port)
4665 struct bridge *br = port->bridge;
4666 char *vlandev_name = NULL;
4668 if (port->vlan > 0) {
4669 /* Figure out the name that the VLAN device should actually have, if it
4670 * existed. This takes some work because the VLAN device would not
4671 * have port->name in its name; rather, it would have the trunk port's
4672 * name, and 'port' would be attached to a bridge that also had the
4673 * VLAN device one of its ports. So we need to find a trunk port that
4674 * includes port->vlan.
4676 * There might be more than one candidate. This doesn't happen on
4677 * XenServer, so if it happens we just pick the first choice in
4678 * alphabetical order instead of creating multiple VLAN devices. */
4680 for (i = 0; i < br->n_ports; i++) {
4681 struct port *p = br->ports[i];
4682 if (port_trunks_vlan(p, port->vlan)
4684 && (!vlandev_name || strcmp(p->name, vlandev_name) <= 0))
4686 uint8_t ea[ETH_ADDR_LEN];
4687 netdev_get_etheraddr(p->ifaces[0]->netdev, ea);
4688 if (!eth_addr_is_multicast(ea) &&
4689 !eth_addr_is_reserved(ea) &&
4690 !eth_addr_is_zero(ea)) {
4691 vlandev_name = p->name;
4696 proc_net_compat_update_vlan(port->name, vlandev_name, port->vlan);
4699 /* Interface functions. */
4702 iface_set_lacp_defaulted(struct iface *iface)
4704 memset(&iface->lacp_partner, 0, sizeof iface->lacp_partner);
4706 iface->lacp_status |= LACP_DEFAULTED;
4707 iface->lacp_status &= ~(LACP_CURRENT | LACP_EXPIRED);
4709 iface->port->lacp_need_update = true;
4713 iface_set_lacp_expired(struct iface *iface)
4715 iface->lacp_status &= ~LACP_CURRENT;
4716 iface->lacp_status |= LACP_EXPIRED;
4717 iface->lacp_partner.state |= LACP_STATE_TIME;
4718 iface->lacp_partner.state &= ~LACP_STATE_SYNC;
4720 iface->lacp_rx = time_msec() + LACP_FAST_TIME_RX;
4725 iface_get_lacp_state(const struct iface *iface)
4729 if (iface->port->lacp & LACP_ACTIVE) {
4730 state |= LACP_STATE_ACT;
4733 if (iface->lacp_status & LACP_ATTACHED) {
4734 state |= LACP_STATE_SYNC;
4737 if (iface->lacp_status & LACP_DEFAULTED) {
4738 state |= LACP_STATE_DEF;
4741 if (iface->lacp_status & LACP_EXPIRED) {
4742 state |= LACP_STATE_EXP;
4745 if (iface->port->n_ifaces > 1) {
4746 state |= LACP_STATE_AGG;
4749 if (iface->enabled) {
4750 state |= LACP_STATE_COL | LACP_STATE_DIST;
4756 /* Given 'iface', populates 'priority' with data representing its LACP link
4757 * priority. If two priority objects populated by this function are compared
4758 * using memcmp, the higher priority link will be less than the lower priority
4761 iface_get_lacp_priority(struct iface *iface, struct lacp_info *priority)
4763 uint16_t partner_priority, actor_priority;
4765 /* Choose the lacp_info of the higher priority system by comparing their
4766 * system priorities and mac addresses. */
4767 actor_priority = ntohs(iface->lacp_actor.sys_priority);
4768 partner_priority = ntohs(iface->lacp_partner.sys_priority);
4769 if (actor_priority < partner_priority) {
4770 *priority = iface->lacp_actor;
4771 } else if (partner_priority < actor_priority) {
4772 *priority = iface->lacp_partner;
4773 } else if (eth_addr_compare_3way(iface->lacp_actor.sysid,
4774 iface->lacp_partner.sysid) < 0) {
4775 *priority = iface->lacp_actor;
4777 *priority = iface->lacp_partner;
4780 /* Key and state are not used in priority comparisons. */
4782 priority->state = 0;
4786 iface_send_packet(struct iface *iface, struct ofpbuf *packet)
4789 union ofp_action action;
4791 memset(&action, 0, sizeof action);
4792 action.output.type = htons(OFPAT_OUTPUT);
4793 action.output.len = htons(sizeof action);
4794 action.output.port = htons(odp_port_to_ofp_port(iface->dp_ifidx));
4796 flow_extract(packet, 0, ODPP_NONE, &flow);
4798 if (ofproto_send_packet(iface->port->bridge->ofproto, &flow, &action, 1,
4800 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
4801 VLOG_WARN_RL(&rl, "interface %s: Failed to send packet.", iface->name);
4805 static struct iface *
4806 iface_create(struct port *port, const struct ovsrec_interface *if_cfg)
4808 struct bridge *br = port->bridge;
4809 struct iface *iface;
4810 char *name = if_cfg->name;
4812 iface = xzalloc(sizeof *iface);
4814 iface->port_ifidx = port->n_ifaces;
4815 iface->name = xstrdup(name);
4816 iface->dp_ifidx = -1;
4817 iface->tag = tag_create_random();
4818 iface->delay_expires = LLONG_MAX;
4819 iface->netdev = NULL;
4820 iface->cfg = if_cfg;
4821 iface_set_lacp_defaulted(iface);
4823 if (port->lacp & LACP_ACTIVE) {
4824 iface_set_lacp_expired(iface);
4827 shash_add_assert(&br->iface_by_name, iface->name, iface);
4829 if (port->n_ifaces >= port->allocated_ifaces) {
4830 port->ifaces = x2nrealloc(port->ifaces, &port->allocated_ifaces,
4831 sizeof *port->ifaces);
4833 port->ifaces[port->n_ifaces++] = iface;
4834 if (port->n_ifaces > 1) {
4835 br->has_bonded_ports = true;
4838 VLOG_DBG("attached network device %s to port %s", iface->name, port->name);
4846 iface_destroy(struct iface *iface)
4849 struct port *port = iface->port;
4850 struct bridge *br = port->bridge;
4851 bool del_active = port->active_iface == iface->port_ifidx;
4854 if (port->monitor) {
4855 netdev_monitor_remove(port->monitor, iface->netdev);
4858 shash_find_and_delete_assert(&br->iface_by_name, iface->name);
4860 if (iface->dp_ifidx >= 0) {
4861 hmap_remove(&br->ifaces, &iface->dp_ifidx_node);
4864 del = port->ifaces[iface->port_ifidx] = port->ifaces[--port->n_ifaces];
4865 del->port_ifidx = iface->port_ifidx;
4867 netdev_close(iface->netdev);
4870 ofproto_revalidate(port->bridge->ofproto, port->active_iface_tag);
4871 bond_choose_active_iface(port);
4872 bond_send_learning_packets(port);
4875 cfm_destroy(iface->cfm);
4880 bridge_flush(port->bridge);
4884 static struct iface *
4885 iface_lookup(const struct bridge *br, const char *name)
4887 return shash_find_data(&br->iface_by_name, name);
4890 static struct iface *
4891 iface_from_dp_ifidx(const struct bridge *br, uint16_t dp_ifidx)
4893 struct iface *iface;
4895 HMAP_FOR_EACH_IN_BUCKET (iface, dp_ifidx_node,
4896 hash_int(dp_ifidx, 0), &br->ifaces) {
4897 if (iface->dp_ifidx == dp_ifidx) {
4904 /* Set Ethernet address of 'iface', if one is specified in the configuration
4907 iface_set_mac(struct iface *iface)
4909 uint8_t ea[ETH_ADDR_LEN];
4911 if (iface->cfg->mac && eth_addr_from_string(iface->cfg->mac, ea)) {
4912 if (eth_addr_is_multicast(ea)) {
4913 VLOG_ERR("interface %s: cannot set MAC to multicast address",
4915 } else if (iface->dp_ifidx == ODPP_LOCAL) {
4916 VLOG_ERR("ignoring iface.%s.mac; use bridge.%s.mac instead",
4917 iface->name, iface->name);
4919 int error = netdev_set_etheraddr(iface->netdev, ea);
4921 VLOG_ERR("interface %s: setting MAC failed (%s)",
4922 iface->name, strerror(error));
4928 /* Sets the ofport column of 'if_cfg' to 'ofport'. */
4930 iface_set_ofport(const struct ovsrec_interface *if_cfg, int64_t ofport)
4933 ovsrec_interface_set_ofport(if_cfg, &ofport, 1);
4937 /* Adds the 'n' key-value pairs in 'keys' in 'values' to 'shash'.
4939 * The value strings in '*shash' are taken directly from values[], not copied,
4940 * so the caller should not modify or free them. */
4942 shash_from_ovs_idl_map(char **keys, char **values, size_t n,
4943 struct shash *shash)
4948 for (i = 0; i < n; i++) {
4949 shash_add(shash, keys[i], values[i]);
4953 /* Creates 'keys' and 'values' arrays from 'shash'.
4955 * Sets 'keys' and 'values' to heap allocated arrays representing the key-value
4956 * pairs in 'shash'. The caller takes ownership of 'keys' and 'values'. They
4957 * are populated with with strings taken directly from 'shash' and thus have
4958 * the same ownership of the key-value pairs in shash.
4961 shash_to_ovs_idl_map(struct shash *shash,
4962 char ***keys, char ***values, size_t *n)
4966 struct shash_node *sn;
4968 count = shash_count(shash);
4970 k = xmalloc(count * sizeof *k);
4971 v = xmalloc(count * sizeof *v);
4974 SHASH_FOR_EACH(sn, shash) {
4985 struct iface_delete_queues_cbdata {
4986 struct netdev *netdev;
4987 const struct ovsdb_datum *queues;
4991 queue_ids_include(const struct ovsdb_datum *queues, int64_t target)
4993 union ovsdb_atom atom;
4995 atom.integer = target;
4996 return ovsdb_datum_find_key(queues, &atom, OVSDB_TYPE_INTEGER) != UINT_MAX;
5000 iface_delete_queues(unsigned int queue_id,
5001 const struct shash *details OVS_UNUSED, void *cbdata_)
5003 struct iface_delete_queues_cbdata *cbdata = cbdata_;
5005 if (!queue_ids_include(cbdata->queues, queue_id)) {
5006 netdev_delete_queue(cbdata->netdev, queue_id);
5011 iface_update_qos(struct iface *iface, const struct ovsrec_qos *qos)
5013 if (!qos || qos->type[0] == '\0') {
5014 netdev_set_qos(iface->netdev, NULL, NULL);
5016 struct iface_delete_queues_cbdata cbdata;
5017 struct shash details;
5020 /* Configure top-level Qos for 'iface'. */
5021 shash_from_ovs_idl_map(qos->key_other_config, qos->value_other_config,
5022 qos->n_other_config, &details);
5023 netdev_set_qos(iface->netdev, qos->type, &details);
5024 shash_destroy(&details);
5026 /* Deconfigure queues that were deleted. */
5027 cbdata.netdev = iface->netdev;
5028 cbdata.queues = ovsrec_qos_get_queues(qos, OVSDB_TYPE_INTEGER,
5030 netdev_dump_queues(iface->netdev, iface_delete_queues, &cbdata);
5032 /* Configure queues for 'iface'. */
5033 for (i = 0; i < qos->n_queues; i++) {
5034 const struct ovsrec_queue *queue = qos->value_queues[i];
5035 unsigned int queue_id = qos->key_queues[i];
5037 shash_from_ovs_idl_map(queue->key_other_config,
5038 queue->value_other_config,
5039 queue->n_other_config, &details);
5040 netdev_set_queue(iface->netdev, queue_id, &details);
5041 shash_destroy(&details);
5047 iface_update_cfm(struct iface *iface)
5051 uint16_t *remote_mps;
5052 struct ovsrec_monitor *mon;
5053 uint8_t ea[ETH_ADDR_LEN], maid[CCM_MAID_LEN];
5055 mon = iface->cfg->monitor;
5058 cfm_destroy(iface->cfm);
5063 if (netdev_get_etheraddr(iface->netdev, ea)) {
5064 VLOG_WARN("interface %s: Failed to get ethernet address. "
5065 "Skipping Monitor.", iface->name);
5069 if (!cfm_generate_maid(mon->md_name, mon->ma_name, maid)) {
5070 VLOG_WARN("interface %s: Failed to generate MAID.", iface->name);
5075 iface->cfm = cfm_create();
5079 cfm->mpid = mon->mpid;
5080 cfm->interval = mon->interval ? *mon->interval : 1000;
5082 memcpy(cfm->eth_src, ea, sizeof cfm->eth_src);
5083 memcpy(cfm->maid, maid, sizeof cfm->maid);
5085 remote_mps = xzalloc(mon->n_remote_mps * sizeof *remote_mps);
5086 for(i = 0; i < mon->n_remote_mps; i++) {
5087 remote_mps[i] = mon->remote_mps[i]->mpid;
5089 cfm_update_remote_mps(cfm, remote_mps, mon->n_remote_mps);
5092 if (!cfm_configure(iface->cfm)) {
5093 cfm_destroy(iface->cfm);
5098 /* Port mirroring. */
5100 static struct mirror *
5101 mirror_find_by_uuid(struct bridge *br, const struct uuid *uuid)
5105 for (i = 0; i < MAX_MIRRORS; i++) {
5106 struct mirror *m = br->mirrors[i];
5107 if (m && uuid_equals(uuid, &m->uuid)) {
5115 mirror_reconfigure(struct bridge *br)
5117 unsigned long *rspan_vlans;
5120 /* Get rid of deleted mirrors. */
5121 for (i = 0; i < MAX_MIRRORS; i++) {
5122 struct mirror *m = br->mirrors[i];
5124 const struct ovsdb_datum *mc;
5125 union ovsdb_atom atom;
5127 mc = ovsrec_bridge_get_mirrors(br->cfg, OVSDB_TYPE_UUID);
5128 atom.uuid = br->mirrors[i]->uuid;
5129 if (ovsdb_datum_find_key(mc, &atom, OVSDB_TYPE_UUID) == UINT_MAX) {
5135 /* Add new mirrors and reconfigure existing ones. */
5136 for (i = 0; i < br->cfg->n_mirrors; i++) {
5137 struct ovsrec_mirror *cfg = br->cfg->mirrors[i];
5138 struct mirror *m = mirror_find_by_uuid(br, &cfg->header_.uuid);
5140 mirror_reconfigure_one(m, cfg);
5142 mirror_create(br, cfg);
5146 /* Update port reserved status. */
5147 for (i = 0; i < br->n_ports; i++) {
5148 br->ports[i]->is_mirror_output_port = false;
5150 for (i = 0; i < MAX_MIRRORS; i++) {
5151 struct mirror *m = br->mirrors[i];
5152 if (m && m->out_port) {
5153 m->out_port->is_mirror_output_port = true;
5157 /* Update flooded vlans (for RSPAN). */
5159 if (br->cfg->n_flood_vlans) {
5160 rspan_vlans = bitmap_allocate(4096);
5162 for (i = 0; i < br->cfg->n_flood_vlans; i++) {
5163 int64_t vlan = br->cfg->flood_vlans[i];
5164 if (vlan >= 0 && vlan < 4096) {
5165 bitmap_set1(rspan_vlans, vlan);
5166 VLOG_INFO("bridge %s: disabling learning on vlan %"PRId64,
5169 VLOG_ERR("bridge %s: invalid value %"PRId64 "for flood VLAN",
5174 if (mac_learning_set_flood_vlans(br->ml, rspan_vlans)) {
5180 mirror_create(struct bridge *br, struct ovsrec_mirror *cfg)
5185 for (i = 0; ; i++) {
5186 if (i >= MAX_MIRRORS) {
5187 VLOG_WARN("bridge %s: maximum of %d port mirrors reached, "
5188 "cannot create %s", br->name, MAX_MIRRORS, cfg->name);
5191 if (!br->mirrors[i]) {
5196 VLOG_INFO("created port mirror %s on bridge %s", cfg->name, br->name);
5199 br->mirrors[i] = m = xzalloc(sizeof *m);
5202 m->name = xstrdup(cfg->name);
5203 shash_init(&m->src_ports);
5204 shash_init(&m->dst_ports);
5210 mirror_reconfigure_one(m, cfg);
5214 mirror_destroy(struct mirror *m)
5217 struct bridge *br = m->bridge;
5220 for (i = 0; i < br->n_ports; i++) {
5221 br->ports[i]->src_mirrors &= ~(MIRROR_MASK_C(1) << m->idx);
5222 br->ports[i]->dst_mirrors &= ~(MIRROR_MASK_C(1) << m->idx);
5225 shash_destroy(&m->src_ports);
5226 shash_destroy(&m->dst_ports);
5229 m->bridge->mirrors[m->idx] = NULL;
5238 mirror_collect_ports(struct mirror *m, struct ovsrec_port **ports, int n_ports,
5239 struct shash *names)
5243 for (i = 0; i < n_ports; i++) {
5244 const char *name = ports[i]->name;
5245 if (port_lookup(m->bridge, name)) {
5246 shash_add_once(names, name, NULL);
5248 VLOG_WARN("bridge %s: mirror %s cannot match on nonexistent "
5249 "port %s", m->bridge->name, m->name, name);
5255 mirror_collect_vlans(struct mirror *m, const struct ovsrec_mirror *cfg,
5261 *vlans = xmalloc(sizeof **vlans * cfg->n_select_vlan);
5263 for (i = 0; i < cfg->n_select_vlan; i++) {
5264 int64_t vlan = cfg->select_vlan[i];
5265 if (vlan < 0 || vlan > 4095) {
5266 VLOG_WARN("bridge %s: mirror %s selects invalid VLAN %"PRId64,
5267 m->bridge->name, m->name, vlan);
5269 (*vlans)[n_vlans++] = vlan;
5276 vlan_is_mirrored(const struct mirror *m, int vlan)
5280 for (i = 0; i < m->n_vlans; i++) {
5281 if (m->vlans[i] == vlan) {
5289 port_trunks_any_mirrored_vlan(const struct mirror *m, const struct port *p)
5293 for (i = 0; i < m->n_vlans; i++) {
5294 if (port_trunks_vlan(p, m->vlans[i])) {
5302 mirror_reconfigure_one(struct mirror *m, struct ovsrec_mirror *cfg)
5304 struct shash src_ports, dst_ports;
5305 mirror_mask_t mirror_bit;
5306 struct port *out_port;
5313 if (strcmp(cfg->name, m->name)) {
5315 m->name = xstrdup(cfg->name);
5318 /* Get output port. */
5319 if (cfg->output_port) {
5320 out_port = port_lookup(m->bridge, cfg->output_port->name);
5322 VLOG_ERR("bridge %s: mirror %s outputs to port not on bridge",
5323 m->bridge->name, m->name);
5329 if (cfg->output_vlan) {
5330 VLOG_ERR("bridge %s: mirror %s specifies both output port and "
5331 "output vlan; ignoring output vlan",
5332 m->bridge->name, m->name);
5334 } else if (cfg->output_vlan) {
5336 out_vlan = *cfg->output_vlan;
5338 VLOG_ERR("bridge %s: mirror %s does not specify output; ignoring",
5339 m->bridge->name, m->name);
5344 shash_init(&src_ports);
5345 shash_init(&dst_ports);
5346 if (cfg->select_all) {
5347 for (i = 0; i < m->bridge->n_ports; i++) {
5348 const char *name = m->bridge->ports[i]->name;
5349 shash_add_once(&src_ports, name, NULL);
5350 shash_add_once(&dst_ports, name, NULL);
5355 /* Get ports, and drop duplicates and ports that don't exist. */
5356 mirror_collect_ports(m, cfg->select_src_port, cfg->n_select_src_port,
5358 mirror_collect_ports(m, cfg->select_dst_port, cfg->n_select_dst_port,
5361 /* Get all the vlans, and drop duplicate and invalid vlans. */
5362 n_vlans = mirror_collect_vlans(m, cfg, &vlans);
5365 /* Update mirror data. */
5366 if (!shash_equal_keys(&m->src_ports, &src_ports)
5367 || !shash_equal_keys(&m->dst_ports, &dst_ports)
5368 || m->n_vlans != n_vlans
5369 || memcmp(m->vlans, vlans, sizeof *vlans * n_vlans)
5370 || m->out_port != out_port
5371 || m->out_vlan != out_vlan) {
5372 bridge_flush(m->bridge);
5374 shash_swap(&m->src_ports, &src_ports);
5375 shash_swap(&m->dst_ports, &dst_ports);
5378 m->n_vlans = n_vlans;
5379 m->out_port = out_port;
5380 m->out_vlan = out_vlan;
5383 mirror_bit = MIRROR_MASK_C(1) << m->idx;
5384 for (i = 0; i < m->bridge->n_ports; i++) {
5385 struct port *port = m->bridge->ports[i];
5387 if (shash_find(&m->src_ports, port->name)
5390 ? port_trunks_any_mirrored_vlan(m, port)
5391 : vlan_is_mirrored(m, port->vlan)))) {
5392 port->src_mirrors |= mirror_bit;
5394 port->src_mirrors &= ~mirror_bit;
5397 if (shash_find(&m->dst_ports, port->name)) {
5398 port->dst_mirrors |= mirror_bit;
5400 port->dst_mirrors &= ~mirror_bit;
5405 shash_destroy(&src_ports);
5406 shash_destroy(&dst_ports);
git://git.onelab.eu / sliver-openvswitch.git / blob