1 /* Copyright (c) 2008, 2009 Nicira Networks
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
20 #include <arpa/inet.h>
24 #include <openflow/openflow.h>
29 #include <sys/socket.h>
30 #include <sys/types.h>
37 #include "dynamic-string.h"
41 #include "mac-learning.h"
44 #include "ofp-print.h"
47 #include "poll-loop.h"
48 #include "port-array.h"
49 #include "proc-net-compat.h"
51 #include "secchan/ofproto.h"
52 #include "socket-util.h"
59 #include "vconn-ssl.h"
60 #include "xenserver.h"
63 #define THIS_MODULE VLM_bridge
71 extern uint64_t mgmt_id;
74 struct port *port; /* Containing port. */
75 size_t port_ifidx; /* Index within containing port. */
77 char *name; /* Host network device name. */
78 int dp_ifidx; /* Index within kernel datapath. */
80 uint8_t mac[ETH_ADDR_LEN]; /* Ethernet address (all zeros if unknowns). */
82 tag_type tag; /* Tag associated with this interface. */
83 bool enabled; /* May be chosen for flows? */
84 long long delay_expires; /* Time after which 'enabled' may change. */
87 #define BOND_MASK 0xff
89 int iface_idx; /* Index of assigned iface, or -1 if none. */
90 uint64_t tx_bytes; /* Count of bytes recently transmitted. */
91 tag_type iface_tag; /* Tag associated with iface_idx. */
94 #define MAX_MIRRORS 32
95 typedef uint32_t mirror_mask_t;
96 #define MIRROR_MASK_C(X) UINT32_C(X)
97 BUILD_ASSERT_DECL(sizeof(mirror_mask_t) * CHAR_BIT >= MAX_MIRRORS);
99 struct bridge *bridge;
103 /* Selection criteria. */
104 struct svec src_ports;
105 struct svec dst_ports;
110 struct port *out_port;
114 #define FLOOD_PORT ((struct port *) 1) /* The 'flood' output port. */
116 struct bridge *bridge;
118 int vlan; /* -1=trunk port, else a 12-bit VLAN ID. */
119 unsigned long *trunks; /* Bitmap of trunked VLANs, if 'vlan' == -1. */
122 /* An ordinary bridge port has 1 interface.
123 * A bridge port for bonding has at least 2 interfaces. */
124 struct iface **ifaces;
125 size_t n_ifaces, allocated_ifaces;
128 struct bond_entry *bond_hash; /* An array of (BOND_MASK + 1) elements. */
129 int active_iface; /* Ifidx on which bcasts accepted, or -1. */
130 tag_type active_iface_tag; /* Tag for bcast flows. */
131 tag_type no_ifaces_tag; /* Tag for flows when all ifaces disabled. */
132 int updelay, downdelay; /* Delay before iface goes up/down, in ms. */
134 /* Port mirroring info. */
135 mirror_mask_t src_mirrors; /* Mirrors triggered when packet received. */
136 mirror_mask_t dst_mirrors; /* Mirrors triggered when packet sent. */
137 bool is_mirror_output_port; /* Does port mirroring send frames here? */
139 /* Spanning tree info. */
140 enum stp_state stp_state; /* Always STP_FORWARDING if STP not in use. */
141 tag_type stp_state_tag; /* Tag for STP state change. */
144 #define DP_MAX_PORTS 255
146 struct list node; /* Node in global list of bridges. */
147 char *name; /* User-specified arbitrary name. */
148 struct mac_learning *ml; /* MAC learning table, or null not to learn. */
149 bool sent_config_request; /* Successfully sent config request? */
150 uint8_t default_ea[ETH_ADDR_LEN]; /* Default MAC. */
152 /* Support for remote controllers. */
153 char *controller; /* NULL if there is no remote controller;
154 * "discover" to do controller discovery;
155 * otherwise a vconn name. */
157 /* OpenFlow switch processing. */
158 struct ofproto *ofproto; /* OpenFlow switch. */
160 /* Kernel datapath information. */
161 struct dpif dpif; /* Kernel datapath. */
162 struct port_array ifaces; /* Indexed by kernel datapath port number. */
166 size_t n_ports, allocated_ports;
169 bool has_bonded_ports;
170 long long int bond_next_rebalance;
175 /* Flow statistics gathering. */
176 time_t next_stats_request;
178 /* Port mirroring. */
179 struct mirror *mirrors[MAX_MIRRORS];
183 long long int stp_last_tick;
186 /* List of all bridges. */
187 static struct list all_bridges = LIST_INITIALIZER(&all_bridges);
189 /* Maximum number of datapaths. */
190 enum { DP_MAX = 256 };
192 static struct bridge *bridge_create(const char *name);
193 static void bridge_destroy(struct bridge *);
194 static struct bridge *bridge_lookup(const char *name);
195 static void bridge_unixctl_dump_flows(struct unixctl_conn *, const char *);
196 static int bridge_run_one(struct bridge *);
197 static void bridge_reconfigure_one(struct bridge *);
198 static void bridge_reconfigure_controller(struct bridge *);
199 static void bridge_get_all_ifaces(const struct bridge *, struct svec *ifaces);
200 static void bridge_fetch_dp_ifaces(struct bridge *);
201 static void bridge_flush(struct bridge *);
202 static void bridge_pick_local_hw_addr(struct bridge *,
203 uint8_t ea[ETH_ADDR_LEN],
204 const char **devname);
205 static uint64_t bridge_pick_datapath_id(struct bridge *,
206 const uint8_t bridge_ea[ETH_ADDR_LEN],
207 const char *devname);
208 static uint64_t dpid_from_hash(const void *, size_t nbytes);
210 static void bridge_unixctl_fdb_show(struct unixctl_conn *, const char *args);
212 static void bond_init(void);
213 static void bond_run(struct bridge *);
214 static void bond_wait(struct bridge *);
215 static void bond_rebalance_port(struct port *);
216 static void bond_send_learning_packets(struct port *);
218 static void port_create(struct bridge *, const char *name);
219 static void port_reconfigure(struct port *);
220 static void port_destroy(struct port *);
221 static struct port *port_lookup(const struct bridge *, const char *name);
222 static struct iface *port_lookup_iface(const struct port *, const char *name);
223 static struct port *port_from_dp_ifidx(const struct bridge *,
225 static void port_update_bond_compat(struct port *);
226 static void port_update_vlan_compat(struct port *);
228 static void mirror_create(struct bridge *, const char *name);
229 static void mirror_destroy(struct mirror *);
230 static void mirror_reconfigure(struct bridge *);
231 static void mirror_reconfigure_one(struct mirror *);
232 static bool vlan_is_mirrored(const struct mirror *, int vlan);
234 static void brstp_reconfigure(struct bridge *);
235 static void brstp_adjust_timers(struct bridge *);
236 static void brstp_run(struct bridge *);
237 static void brstp_wait(struct bridge *);
239 static void iface_create(struct port *, const char *name);
240 static void iface_destroy(struct iface *);
241 static struct iface *iface_lookup(const struct bridge *, const char *name);
242 static struct iface *iface_from_dp_ifidx(const struct bridge *,
245 /* Hooks into ofproto processing. */
246 static struct ofhooks bridge_ofhooks;
248 /* Public functions. */
250 /* Adds the name of each interface used by a bridge, including local and
251 * internal ports, to 'svec'. */
253 bridge_get_ifaces(struct svec *svec)
255 struct bridge *br, *next;
258 LIST_FOR_EACH_SAFE (br, next, struct bridge, node, &all_bridges) {
259 for (i = 0; i < br->n_ports; i++) {
260 struct port *port = br->ports[i];
262 for (j = 0; j < port->n_ifaces; j++) {
263 struct iface *iface = port->ifaces[j];
264 if (iface->dp_ifidx < 0) {
265 VLOG_ERR("%s interface not in dp%u, ignoring",
266 iface->name, dpif_id(&br->dpif));
268 if (iface->dp_ifidx != ODPP_LOCAL) {
269 svec_add(svec, iface->name);
277 /* The caller must already have called cfg_read(). */
286 unixctl_command_register("fdb/show", bridge_unixctl_fdb_show);
288 for (i = 0; i < DP_MAX; i++) {
292 sprintf(devname, "dp%d", i);
293 retval = dpif_open(devname, &dpif);
295 char dpif_name[IF_NAMESIZE];
296 if (dpif_get_name(&dpif, dpif_name, sizeof dpif_name)
297 || !cfg_has("bridge.%s.port", dpif_name)) {
301 } else if (retval != ENODEV) {
302 VLOG_ERR("failed to delete datapath dp%d: %s",
303 i, strerror(retval));
307 unixctl_command_register("bridge/dump-flows", bridge_unixctl_dump_flows);
309 bridge_reconfigure();
314 config_string_change(const char *key, char **valuep)
316 const char *value = cfg_get_string(0, "%s", key);
317 if (value && (!*valuep || strcmp(value, *valuep))) {
319 *valuep = xstrdup(value);
327 bridge_configure_ssl(void)
329 /* XXX SSL should be configurable on a per-bridge basis.
330 * XXX should be possible to de-configure SSL. */
331 static char *private_key_file;
332 static char *certificate_file;
333 static char *cacert_file;
336 if (config_string_change("ssl.private-key", &private_key_file)) {
337 vconn_ssl_set_private_key_file(private_key_file);
340 if (config_string_change("ssl.certificate", &certificate_file)) {
341 vconn_ssl_set_certificate_file(certificate_file);
344 /* We assume that even if the filename hasn't changed, if the CA cert
345 * file has been removed, that we want to move back into
346 * boot-strapping mode. This opens a small security hole, because
347 * the old certificate will still be trusted until vSwitch is
348 * restarted. We may want to address this in vconn's SSL library. */
349 if (config_string_change("ssl.ca-cert", &cacert_file)
350 || (stat(cacert_file, &s) && errno == ENOENT)) {
351 vconn_ssl_set_ca_cert_file(cacert_file,
352 cfg_get_bool(0, "ssl.bootstrap-ca-cert"));
358 bridge_reconfigure(void)
360 struct svec old_br, new_br, raw_new_br;
361 struct bridge *br, *next;
364 COVERAGE_INC(bridge_reconfigure);
366 /* Collect old bridges. */
368 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
369 svec_add(&old_br, br->name);
372 /* Collect new bridges. */
373 svec_init(&raw_new_br);
374 cfg_get_subsections(&raw_new_br, "bridge");
376 for (i = 0; i < raw_new_br.n; i++) {
377 const char *name = raw_new_br.names[i];
378 if ((!strncmp(name, "dp", 2) && isdigit(name[2])) ||
379 (!strncmp(name, "nl:", 3) && isdigit(name[3]))) {
380 VLOG_ERR("%s is not a valid bridge name (bridges may not be "
381 "named \"dp\" or \"nl:\" followed by a digit)", name);
383 svec_add(&new_br, name);
386 svec_destroy(&raw_new_br);
388 /* Get rid of deleted bridges and add new bridges. */
391 assert(svec_is_unique(&old_br));
392 assert(svec_is_unique(&new_br));
393 LIST_FOR_EACH_SAFE (br, next, struct bridge, node, &all_bridges) {
394 if (!svec_contains(&new_br, br->name)) {
398 for (i = 0; i < new_br.n; i++) {
399 const char *name = new_br.names[i];
400 if (!svec_contains(&old_br, name)) {
404 svec_destroy(&old_br);
405 svec_destroy(&new_br);
409 bridge_configure_ssl();
412 /* Reconfigure all bridges. */
413 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
414 bridge_reconfigure_one(br);
417 /* Add and delete ports on all datapaths.
419 * The kernel will reject any attempt to add a given port to a datapath if
420 * that port already belongs to a different datapath, so we must do all
421 * port deletions before any port additions. */
422 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
423 struct odp_port *dpif_ports;
425 struct svec want_ifaces;
427 dpif_port_list(&br->dpif, &dpif_ports, &n_dpif_ports);
428 bridge_get_all_ifaces(br, &want_ifaces);
429 for (i = 0; i < n_dpif_ports; i++) {
430 const struct odp_port *p = &dpif_ports[i];
431 if (!svec_contains(&want_ifaces, p->devname)
432 && strcmp(p->devname, br->name)) {
433 int retval = dpif_port_del(&br->dpif, p->port);
435 VLOG_ERR("failed to remove %s interface from dp%u: %s",
436 p->devname, dpif_id(&br->dpif), strerror(retval));
440 svec_destroy(&want_ifaces);
443 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
444 struct odp_port *dpif_ports;
446 struct svec cur_ifaces, want_ifaces, add_ifaces;
449 dpif_port_list(&br->dpif, &dpif_ports, &n_dpif_ports);
450 svec_init(&cur_ifaces);
451 for (i = 0; i < n_dpif_ports; i++) {
452 svec_add(&cur_ifaces, dpif_ports[i].devname);
455 svec_sort_unique(&cur_ifaces);
456 bridge_get_all_ifaces(br, &want_ifaces);
457 svec_diff(&want_ifaces, &cur_ifaces, &add_ifaces, NULL, NULL);
460 for (i = 0; i < add_ifaces.n; i++) {
461 const char *if_name = add_ifaces.names[i];
463 int internal = cfg_get_bool(0, "iface.%s.internal", if_name);
464 int error = dpif_port_add(&br->dpif, if_name, next_port_no++,
465 internal ? ODP_PORT_INTERNAL : 0);
466 if (error != EEXIST) {
467 if (next_port_no >= 256) {
468 VLOG_ERR("ran out of valid port numbers on dp%u",
473 VLOG_ERR("failed to add %s interface to dp%u: %s",
474 if_name, dpif_id(&br->dpif), strerror(error));
481 svec_destroy(&cur_ifaces);
482 svec_destroy(&want_ifaces);
483 svec_destroy(&add_ifaces);
485 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
488 struct iface *local_iface = NULL;
490 uint8_t engine_type = br->dpif.minor;
491 uint8_t engine_id = br->dpif.minor;
492 bool add_id_to_iface = false;
493 struct svec nf_hosts;
495 bridge_fetch_dp_ifaces(br);
496 for (i = 0; i < br->n_ports; ) {
497 struct port *port = br->ports[i];
499 for (j = 0; j < port->n_ifaces; ) {
500 struct iface *iface = port->ifaces[j];
501 if (iface->dp_ifidx < 0) {
502 VLOG_ERR("%s interface not in dp%u, dropping",
503 iface->name, dpif_id(&br->dpif));
504 iface_destroy(iface);
506 if (iface->dp_ifidx == ODPP_LOCAL) {
509 VLOG_DBG("dp%u has interface %s on port %d",
510 dpif_id(&br->dpif), iface->name, iface->dp_ifidx);
514 if (!port->n_ifaces) {
515 VLOG_ERR("%s port has no interfaces, dropping", port->name);
522 /* Pick local port hardware address, datapath ID. */
523 bridge_pick_local_hw_addr(br, ea, &devname);
525 int error = netdev_nodev_set_etheraddr(local_iface->name, ea);
527 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
528 VLOG_ERR_RL(&rl, "bridge %s: failed to set bridge "
529 "Ethernet address: %s",
530 br->name, strerror(error));
534 dpid = bridge_pick_datapath_id(br, ea, devname);
535 ofproto_set_datapath_id(br->ofproto, dpid);
537 /* Set NetFlow configuration on this bridge. */
538 if (cfg_has("netflow.%s.engine-type", br->name)) {
539 engine_type = cfg_get_int(0, "netflow.%s.engine-type",
542 if (cfg_has("netflow.%s.engine-id", br->name)) {
543 engine_id = cfg_get_int(0, "netflow.%s.engine-id", br->name);
545 if (cfg_has("netflow.%s.add-id-to-iface", br->name)) {
546 add_id_to_iface = cfg_get_bool(0, "netflow.%s.add-id-to-iface",
549 if (add_id_to_iface && engine_id > 0x7f) {
550 VLOG_WARN("bridge %s: netflow port mangling may conflict with "
551 "another vswitch, choose an engine id less than 128",
554 if (add_id_to_iface && br->n_ports > 0x1ff) {
555 VLOG_WARN("bridge %s: netflow port mangling will conflict with "
556 "another port when 512 or more ports are used",
559 svec_init(&nf_hosts);
560 cfg_get_all_keys(&nf_hosts, "netflow.%s.host", br->name);
561 if (ofproto_set_netflow(br->ofproto, &nf_hosts, engine_type,
562 engine_id, add_id_to_iface)) {
563 VLOG_ERR("bridge %s: problem setting netflow collectors",
567 /* Update the controller and related settings. It would be more
568 * straightforward to call this from bridge_reconfigure_one(), but we
569 * can't do it there for two reasons. First, and most importantly, at
570 * that point we don't know the dp_ifidx of any interfaces that have
571 * been added to the bridge (because we haven't actually added them to
572 * the datapath). Second, at that point we haven't set the datapath ID
573 * yet; when a controller is configured, resetting the datapath ID will
574 * immediately disconnect from the controller, so it's better to set
575 * the datapath ID before the controller. */
576 bridge_reconfigure_controller(br);
578 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
579 for (i = 0; i < br->n_ports; i++) {
580 struct port *port = br->ports[i];
581 port_update_vlan_compat(port);
584 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
585 brstp_reconfigure(br);
590 bridge_pick_local_hw_addr(struct bridge *br, uint8_t ea[ETH_ADDR_LEN],
591 const char **devname)
593 uint64_t requested_ea;
599 /* Did the user request a particular MAC? */
600 requested_ea = cfg_get_mac(0, "bridge.%s.mac", br->name);
602 eth_addr_from_uint64(requested_ea, ea);
603 if (eth_addr_is_multicast(ea)) {
604 VLOG_ERR("bridge %s: cannot set MAC address to multicast "
605 "address "ETH_ADDR_FMT, br->name, ETH_ADDR_ARGS(ea));
606 } else if (eth_addr_is_zero(ea)) {
607 VLOG_ERR("bridge %s: cannot set MAC address to zero", br->name);
613 /* Otherwise choose the minimum MAC address among all of the interfaces.
614 * (Xen uses FE:FF:FF:FF:FF:FF for virtual interfaces so this will get the
615 * MAC of the physical interface in such an environment.) */
616 memset(ea, 0xff, sizeof ea);
617 for (i = 0; i < br->n_ports; i++) {
618 struct port *port = br->ports[i];
619 uint8_t iface_ea[ETH_ADDR_LEN];
620 uint64_t iface_ea_u64;
623 /* Mirror output ports don't participate. */
624 if (port->is_mirror_output_port) {
628 /* Choose the MAC address to represent the port. */
629 iface_ea_u64 = cfg_get_mac(0, "port.%s.mac", port->name);
631 /* User specified explicitly. */
632 eth_addr_from_uint64(iface_ea_u64, iface_ea);
634 /* Choose the interface whose MAC address will represent the port.
635 * The Linux kernel bonding code always chooses the MAC address of
636 * the first slave added to a bond, and the Fedora networking
637 * scripts always add slaves to a bond in alphabetical order, so
638 * for compatibility we choose the interface with the name that is
639 * first in alphabetical order. */
640 iface = port->ifaces[0];
641 for (j = 1; j < port->n_ifaces; j++) {
642 struct iface *candidate = port->ifaces[j];
643 if (strcmp(candidate->name, iface->name) < 0) {
648 /* The local port doesn't count (since we're trying to choose its
649 * MAC address anyway). Other internal ports don't count because
650 * we really want a physical MAC if we can get it, and internal
651 * ports typically have randomly generated MACs. */
652 if (iface->dp_ifidx == ODPP_LOCAL
653 || cfg_get_bool(0, "iface.%s.internal", iface->name)) {
658 error = netdev_nodev_get_etheraddr(iface->name, iface_ea);
660 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
661 VLOG_ERR_RL(&rl, "failed to obtain Ethernet address of %s: %s",
662 iface->name, strerror(error));
667 /* Compare against our current choice. */
668 if (!eth_addr_is_multicast(iface_ea) &&
669 !eth_addr_is_reserved(iface_ea) &&
670 !eth_addr_is_zero(iface_ea) &&
671 memcmp(iface_ea, ea, ETH_ADDR_LEN) < 0)
673 memcpy(ea, iface_ea, ETH_ADDR_LEN);
674 *devname = iface->name;
677 if (eth_addr_is_multicast(ea) || eth_addr_is_vif(ea)) {
678 memcpy(ea, br->default_ea, ETH_ADDR_LEN);
680 VLOG_WARN("bridge %s: using default bridge Ethernet "
681 "address "ETH_ADDR_FMT, br->name, ETH_ADDR_ARGS(ea));
683 VLOG_DBG("bridge %s: using bridge Ethernet address "ETH_ADDR_FMT,
684 br->name, ETH_ADDR_ARGS(ea));
688 /* Choose and returns the datapath ID for bridge 'br' given that the bridge
689 * Ethernet address is 'bridge_ea'. If 'bridge_ea' is the Ethernet address of
690 * a network device, then that network device's name must be passed in as
691 * 'devname'; if 'bridge_ea' was derived some other way, then 'devname' must be
692 * passed in as a null pointer. */
694 bridge_pick_datapath_id(struct bridge *br,
695 const uint8_t bridge_ea[ETH_ADDR_LEN],
699 * The procedure for choosing a bridge MAC address will, in the most
700 * ordinary case, also choose a unique MAC that we can use as a datapath
701 * ID. In some special cases, though, multiple bridges will end up with
702 * the same MAC address. This is OK for the bridges, but it will confuse
703 * the OpenFlow controller, because each datapath needs a unique datapath
706 * Datapath IDs must be unique. It is also very desirable that they be
707 * stable from one run to the next, so that policy set on a datapath
712 dpid = cfg_get_dpid(0, "bridge.%s.datapath-id", br->name);
719 if (!netdev_get_vlan_vid(devname, &vlan)) {
721 * A bridge whose MAC address is taken from a VLAN network device
722 * (that is, a network device created with vconfig(8) or similar
723 * tool) will have the same MAC address as a bridge on the VLAN
724 * device's physical network device.
726 * Handle this case by hashing the physical network device MAC
727 * along with the VLAN identifier.
729 uint8_t buf[ETH_ADDR_LEN + 2];
730 memcpy(buf, bridge_ea, ETH_ADDR_LEN);
731 buf[ETH_ADDR_LEN] = vlan >> 8;
732 buf[ETH_ADDR_LEN + 1] = vlan;
733 return dpid_from_hash(buf, sizeof buf);
736 * Assume that this bridge's MAC address is unique, since it
737 * doesn't fit any of the cases we handle specially.
742 * A purely internal bridge, that is, one that has no non-virtual
743 * network devices on it at all, is more difficult because it has no
744 * natural unique identifier at all.
746 * When the host is a XenServer, we handle this case by hashing the
747 * host's UUID with the name of the bridge. Names of bridges are
748 * persistent across XenServer reboots, although they can be reused if
749 * an internal network is destroyed and then a new one is later
750 * created, so this is fairly effective.
752 * When the host is not a XenServer, we punt by using a random MAC
753 * address on each run.
755 const char *host_uuid = xenserver_get_host_uuid();
757 char *combined = xasprintf("%s,%s", host_uuid, br->name);
758 dpid = dpid_from_hash(combined, strlen(combined));
764 return eth_addr_to_uint64(bridge_ea);
768 dpid_from_hash(const void *data, size_t n)
770 uint8_t hash[SHA1_DIGEST_SIZE];
772 BUILD_ASSERT_DECL(sizeof hash >= ETH_ADDR_LEN);
773 sha1_bytes(data, n, hash);
774 eth_addr_mark_random(hash);
775 return eth_addr_to_uint64(hash);
781 struct bridge *br, *next;
785 LIST_FOR_EACH_SAFE (br, next, struct bridge, node, &all_bridges) {
786 int error = bridge_run_one(br);
788 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
789 VLOG_ERR_RL(&rl, "bridge %s: datapath was destroyed externally, "
790 "forcing reconfiguration", br->name);
804 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
805 ofproto_wait(br->ofproto);
806 if (br->controller) {
811 mac_learning_wait(br->ml);
818 /* Forces 'br' to revalidate all of its flows. This is appropriate when 'br''s
819 * configuration changes. */
821 bridge_flush(struct bridge *br)
823 COVERAGE_INC(bridge_flush);
826 mac_learning_flush(br->ml);
830 /* Bridge unixctl user interface functions. */
832 bridge_unixctl_fdb_show(struct unixctl_conn *conn, const char *args)
834 struct ds ds = DS_EMPTY_INITIALIZER;
835 const struct bridge *br;
837 br = bridge_lookup(args);
839 unixctl_command_reply(conn, 501, "no such bridge");
843 ds_put_cstr(&ds, " port VLAN MAC Age\n");
845 const struct mac_entry *e;
846 LIST_FOR_EACH (e, struct mac_entry, lru_node, &br->ml->lrus) {
847 if (e->port < 0 || e->port >= br->n_ports) {
850 ds_put_format(&ds, "%5d %4d "ETH_ADDR_FMT" %3d\n",
851 br->ports[e->port]->ifaces[0]->dp_ifidx,
852 e->vlan, ETH_ADDR_ARGS(e->mac), mac_entry_age(e));
855 unixctl_command_reply(conn, 200, ds_cstr(&ds));
859 /* Bridge reconfiguration functions. */
861 static struct bridge *
862 bridge_create(const char *name)
867 assert(!bridge_lookup(name));
868 br = xcalloc(1, sizeof *br);
870 error = dpif_create(name, &br->dpif);
871 if (error == EEXIST) {
872 error = dpif_open(name, &br->dpif);
874 VLOG_ERR("datapath %s already exists but cannot be opened: %s",
875 name, strerror(error));
879 dpif_flow_flush(&br->dpif);
881 VLOG_ERR("failed to create datapath %s: %s", name, strerror(error));
886 error = ofproto_create(name, &bridge_ofhooks, br, &br->ofproto);
888 VLOG_ERR("failed to create switch %s: %s", name, strerror(error));
889 dpif_delete(&br->dpif);
890 dpif_close(&br->dpif);
895 br->name = xstrdup(name);
896 br->ml = mac_learning_create();
897 br->sent_config_request = false;
898 eth_addr_random(br->default_ea);
900 port_array_init(&br->ifaces);
903 br->bond_next_rebalance = time_msec() + 10000;
905 list_push_back(&all_bridges, &br->node);
907 VLOG_INFO("created bridge %s on dp%u", br->name, dpif_id(&br->dpif));
913 bridge_destroy(struct bridge *br)
918 while (br->n_ports > 0) {
919 port_destroy(br->ports[br->n_ports - 1]);
921 list_remove(&br->node);
922 error = dpif_delete(&br->dpif);
923 if (error && error != ENOENT) {
924 VLOG_ERR("failed to delete dp%u: %s",
925 dpif_id(&br->dpif), strerror(error));
927 dpif_close(&br->dpif);
928 ofproto_destroy(br->ofproto);
929 free(br->controller);
930 mac_learning_destroy(br->ml);
931 port_array_destroy(&br->ifaces);
938 static struct bridge *
939 bridge_lookup(const char *name)
943 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
944 if (!strcmp(br->name, name)) {
952 bridge_exists(const char *name)
954 return bridge_lookup(name) ? true : false;
958 bridge_get_datapathid(const char *name)
960 struct bridge *br = bridge_lookup(name);
961 return br ? ofproto_get_datapath_id(br->ofproto) : 0;
964 /* Handle requests for a listing of all flows known by the OpenFlow
965 * stack, including those normally hidden. */
967 bridge_unixctl_dump_flows(struct unixctl_conn *conn, const char *args)
972 br = bridge_lookup(args);
974 unixctl_command_reply(conn, 501, "Unknown bridge");
979 ofproto_get_all_flows(br->ofproto, &results);
981 unixctl_command_reply(conn, 200, ds_cstr(&results));
982 ds_destroy(&results);
986 bridge_run_one(struct bridge *br)
990 error = ofproto_run1(br->ofproto);
996 mac_learning_run(br->ml, ofproto_get_revalidate_set(br->ofproto));
1001 error = ofproto_run2(br->ofproto, br->flush);
1008 bridge_get_controller(const struct bridge *br)
1010 const char *controller;
1012 controller = cfg_get_string(0, "bridge.%s.controller", br->name);
1014 controller = cfg_get_string(0, "mgmt.controller");
1016 return controller && controller[0] ? controller : NULL;
1020 bridge_reconfigure_one(struct bridge *br)
1022 struct svec old_ports, new_ports, ifaces;
1023 struct svec listeners, old_listeners;
1024 struct svec snoops, old_snoops;
1027 /* Collect old ports. */
1028 svec_init(&old_ports);
1029 for (i = 0; i < br->n_ports; i++) {
1030 svec_add(&old_ports, br->ports[i]->name);
1032 svec_sort(&old_ports);
1033 assert(svec_is_unique(&old_ports));
1035 /* Collect new ports. */
1036 svec_init(&new_ports);
1037 cfg_get_all_keys(&new_ports, "bridge.%s.port", br->name);
1038 svec_sort(&new_ports);
1039 if (bridge_get_controller(br) && !svec_contains(&new_ports, br->name)) {
1040 svec_add(&new_ports, br->name);
1041 svec_sort(&new_ports);
1043 if (!svec_is_unique(&new_ports)) {
1044 VLOG_WARN("bridge %s: %s specified twice as bridge port",
1045 br->name, svec_get_duplicate(&new_ports));
1046 svec_unique(&new_ports);
1049 ofproto_set_mgmt_id(br->ofproto, mgmt_id);
1051 /* Get rid of deleted ports and add new ports. */
1052 for (i = 0; i < br->n_ports; ) {
1053 struct port *port = br->ports[i];
1054 if (!svec_contains(&new_ports, port->name)) {
1060 for (i = 0; i < new_ports.n; i++) {
1061 const char *name = new_ports.names[i];
1062 if (!svec_contains(&old_ports, name)) {
1063 port_create(br, name);
1066 svec_destroy(&old_ports);
1067 svec_destroy(&new_ports);
1069 /* Reconfigure all ports. */
1070 for (i = 0; i < br->n_ports; i++) {
1071 port_reconfigure(br->ports[i]);
1074 /* Check and delete duplicate interfaces. */
1076 for (i = 0; i < br->n_ports; ) {
1077 struct port *port = br->ports[i];
1078 for (j = 0; j < port->n_ifaces; ) {
1079 struct iface *iface = port->ifaces[j];
1080 if (svec_contains(&ifaces, iface->name)) {
1081 VLOG_ERR("bridge %s: %s interface is on multiple ports, "
1083 br->name, iface->name, port->name);
1084 iface_destroy(iface);
1086 svec_add(&ifaces, iface->name);
1091 if (!port->n_ifaces) {
1092 VLOG_ERR("%s port has no interfaces, dropping", port->name);
1098 svec_destroy(&ifaces);
1100 /* Delete all flows if we're switching from connected to standalone or vice
1101 * versa. (XXX Should we delete all flows if we are switching from one
1102 * controller to another?) */
1104 /* Configure OpenFlow management listeners. */
1105 svec_init(&listeners);
1106 cfg_get_all_strings(&listeners, "bridge.%s.openflow.listeners", br->name);
1108 svec_add_nocopy(&listeners, xasprintf("punix:%s/%s.mgmt",
1109 ovs_rundir, br->name));
1110 } else if (listeners.n == 1 && !strcmp(listeners.names[0], "none")) {
1111 svec_clear(&listeners);
1113 svec_sort_unique(&listeners);
1115 svec_init(&old_listeners);
1116 ofproto_get_listeners(br->ofproto, &old_listeners);
1117 svec_sort_unique(&old_listeners);
1119 if (!svec_equal(&listeners, &old_listeners)) {
1120 ofproto_set_listeners(br->ofproto, &listeners);
1122 svec_destroy(&listeners);
1123 svec_destroy(&old_listeners);
1125 /* Configure OpenFlow controller connection snooping. */
1127 cfg_get_all_strings(&snoops, "bridge.%s.openflow.snoops", br->name);
1129 svec_add_nocopy(&snoops, xasprintf("punix:%s/%s.snoop",
1130 ovs_rundir, br->name));
1131 } else if (snoops.n == 1 && !strcmp(snoops.names[0], "none")) {
1132 svec_clear(&snoops);
1134 svec_sort_unique(&snoops);
1136 svec_init(&old_snoops);
1137 ofproto_get_snoops(br->ofproto, &old_snoops);
1138 svec_sort_unique(&old_snoops);
1140 if (!svec_equal(&snoops, &old_snoops)) {
1141 ofproto_set_snoops(br->ofproto, &snoops);
1143 svec_destroy(&snoops);
1144 svec_destroy(&old_snoops);
1146 mirror_reconfigure(br);
1150 bridge_reconfigure_controller(struct bridge *br)
1152 char *pfx = xasprintf("bridge.%s.controller", br->name);
1153 const char *controller;
1155 controller = bridge_get_controller(br);
1156 if ((br->controller != NULL) != (controller != NULL)) {
1157 ofproto_flush_flows(br->ofproto);
1159 free(br->controller);
1160 br->controller = controller ? xstrdup(controller) : NULL;
1163 const char *fail_mode;
1164 int max_backoff, probe;
1165 int rate_limit, burst_limit;
1167 if (!strcmp(controller, "discover")) {
1168 bool update_resolv_conf = true;
1170 if (cfg_has("%s.update-resolv.conf", pfx)) {
1171 update_resolv_conf = cfg_get_bool(0, "%s.update-resolv.conf",
1174 ofproto_set_discovery(br->ofproto, true,
1175 cfg_get_string(0, "%s.accept-regex", pfx),
1176 update_resolv_conf);
1178 struct netdev *netdev;
1182 in_band = (!cfg_is_valid(CFG_BOOL | CFG_REQUIRED,
1184 || cfg_get_bool(0, "%s.in-band", pfx));
1185 ofproto_set_discovery(br->ofproto, false, NULL, NULL);
1186 ofproto_set_in_band(br->ofproto, in_band);
1188 error = netdev_open(br->name, NETDEV_ETH_TYPE_NONE, &netdev);
1190 if (cfg_is_valid(CFG_IP | CFG_REQUIRED, "%s.ip", pfx)) {
1191 struct in_addr ip, mask, gateway;
1192 ip.s_addr = cfg_get_ip(0, "%s.ip", pfx);
1193 mask.s_addr = cfg_get_ip(0, "%s.netmask", pfx);
1194 gateway.s_addr = cfg_get_ip(0, "%s.gateway", pfx);
1196 netdev_turn_flags_on(netdev, NETDEV_UP, true);
1198 mask.s_addr = guess_netmask(ip.s_addr);
1200 if (!netdev_set_in4(netdev, ip, mask)) {
1201 VLOG_INFO("bridge %s: configured IP address "IP_FMT", "
1203 br->name, IP_ARGS(&ip.s_addr),
1204 IP_ARGS(&mask.s_addr));
1207 if (gateway.s_addr) {
1208 if (!netdev_add_router(gateway)) {
1209 VLOG_INFO("bridge %s: configured gateway "IP_FMT,
1210 br->name, IP_ARGS(&gateway.s_addr));
1214 netdev_close(netdev);
1218 fail_mode = cfg_get_string(0, "%s.fail-mode", pfx);
1220 fail_mode = cfg_get_string(0, "mgmt.fail-mode");
1222 ofproto_set_failure(br->ofproto,
1224 || !strcmp(fail_mode, "standalone")
1225 || !strcmp(fail_mode, "open")));
1227 probe = cfg_get_int(0, "%s.inactivity-probe", pfx);
1229 probe = cfg_get_int(0, "mgmt.inactivity-probe");
1234 ofproto_set_probe_interval(br->ofproto, probe);
1236 max_backoff = cfg_get_int(0, "%s.max-backoff", pfx);
1238 max_backoff = cfg_get_int(0, "mgmt.max-backoff");
1243 ofproto_set_max_backoff(br->ofproto, max_backoff);
1245 rate_limit = cfg_get_int(0, "%s.rate-limit", pfx);
1247 rate_limit = cfg_get_int(0, "mgmt.rate-limit");
1249 burst_limit = cfg_get_int(0, "%s.burst-limit", pfx);
1251 burst_limit = cfg_get_int(0, "mgmt.burst-limit");
1253 ofproto_set_rate_limit(br->ofproto, rate_limit, burst_limit);
1255 ofproto_set_stp(br->ofproto, cfg_get_bool(0, "%s.stp", pfx));
1257 if (cfg_has("%s.commands.acl", pfx)) {
1258 struct svec command_acls;
1261 svec_init(&command_acls);
1262 cfg_get_all_strings(&command_acls, "%s.commands.acl", pfx);
1263 command_acl = svec_join(&command_acls, ",", "");
1265 ofproto_set_remote_execution(br->ofproto, command_acl,
1266 cfg_get_string(0, "%s.commands.dir",
1269 svec_destroy(&command_acls);
1272 ofproto_set_remote_execution(br->ofproto, NULL, NULL);
1275 union ofp_action action;
1278 /* Set up a flow that matches every packet and directs them to
1279 * OFPP_NORMAL (which goes to us). */
1280 memset(&action, 0, sizeof action);
1281 action.type = htons(OFPAT_OUTPUT);
1282 action.output.len = htons(sizeof action);
1283 action.output.port = htons(OFPP_NORMAL);
1284 memset(&flow, 0, sizeof flow);
1285 ofproto_add_flow(br->ofproto, &flow, OFPFW_ALL, 0,
1288 ofproto_set_in_band(br->ofproto, false);
1289 ofproto_set_max_backoff(br->ofproto, 1);
1290 ofproto_set_probe_interval(br->ofproto, 5);
1291 ofproto_set_failure(br->ofproto, false);
1292 ofproto_set_stp(br->ofproto, false);
1296 ofproto_set_controller(br->ofproto, br->controller);
1300 bridge_get_all_ifaces(const struct bridge *br, struct svec *ifaces)
1305 for (i = 0; i < br->n_ports; i++) {
1306 struct port *port = br->ports[i];
1307 for (j = 0; j < port->n_ifaces; j++) {
1308 struct iface *iface = port->ifaces[j];
1309 svec_add(ifaces, iface->name);
1313 assert(svec_is_unique(ifaces));
1316 /* For robustness, in case the administrator moves around datapath ports behind
1317 * our back, we re-check all the datapath port numbers here.
1319 * This function will set the 'dp_ifidx' members of interfaces that have
1320 * disappeared to -1, so only call this function from a context where those
1321 * 'struct iface's will be removed from the bridge. Otherwise, the -1
1322 * 'dp_ifidx'es will cause trouble later when we try to send them to the
1323 * datapath, which doesn't support UINT16_MAX+1 ports. */
1325 bridge_fetch_dp_ifaces(struct bridge *br)
1327 struct odp_port *dpif_ports;
1328 size_t n_dpif_ports;
1331 /* Reset all interface numbers. */
1332 for (i = 0; i < br->n_ports; i++) {
1333 struct port *port = br->ports[i];
1334 for (j = 0; j < port->n_ifaces; j++) {
1335 struct iface *iface = port->ifaces[j];
1336 iface->dp_ifidx = -1;
1339 port_array_clear(&br->ifaces);
1341 dpif_port_list(&br->dpif, &dpif_ports, &n_dpif_ports);
1342 for (i = 0; i < n_dpif_ports; i++) {
1343 struct odp_port *p = &dpif_ports[i];
1344 struct iface *iface = iface_lookup(br, p->devname);
1346 if (iface->dp_ifidx >= 0) {
1347 VLOG_WARN("dp%u reported interface %s twice",
1348 dpif_id(&br->dpif), p->devname);
1349 } else if (iface_from_dp_ifidx(br, p->port)) {
1350 VLOG_WARN("dp%u reported interface %"PRIu16" twice",
1351 dpif_id(&br->dpif), p->port);
1353 port_array_set(&br->ifaces, p->port, iface);
1354 iface->dp_ifidx = p->port;
1361 /* Bridge packet processing functions. */
1364 bond_hash(const uint8_t mac[ETH_ADDR_LEN])
1366 return hash_bytes(mac, ETH_ADDR_LEN, 0) & BOND_MASK;
1369 static struct bond_entry *
1370 lookup_bond_entry(const struct port *port, const uint8_t mac[ETH_ADDR_LEN])
1372 return &port->bond_hash[bond_hash(mac)];
1376 bond_choose_iface(const struct port *port)
1379 for (i = 0; i < port->n_ifaces; i++) {
1380 if (port->ifaces[i]->enabled) {
1388 choose_output_iface(const struct port *port, const uint8_t *dl_src,
1389 uint16_t *dp_ifidx, tag_type *tags)
1391 struct iface *iface;
1393 assert(port->n_ifaces);
1394 if (port->n_ifaces == 1) {
1395 iface = port->ifaces[0];
1397 struct bond_entry *e = lookup_bond_entry(port, dl_src);
1398 if (e->iface_idx < 0 || e->iface_idx >= port->n_ifaces
1399 || !port->ifaces[e->iface_idx]->enabled) {
1400 /* XXX select interface properly. The current interface selection
1401 * is only good for testing the rebalancing code. */
1402 e->iface_idx = bond_choose_iface(port);
1403 if (e->iface_idx < 0) {
1404 *tags |= port->no_ifaces_tag;
1407 e->iface_tag = tag_create_random();
1409 *tags |= e->iface_tag;
1410 iface = port->ifaces[e->iface_idx];
1412 *dp_ifidx = iface->dp_ifidx;
1413 *tags |= iface->tag; /* Currently only used for bonding. */
1418 bond_link_status_update(struct iface *iface, bool carrier)
1420 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20);
1421 struct port *port = iface->port;
1423 if ((carrier == iface->enabled) == (iface->delay_expires == LLONG_MAX)) {
1424 /* Nothing to do. */
1427 VLOG_INFO_RL(&rl, "interface %s: carrier %s",
1428 iface->name, carrier ? "detected" : "dropped");
1429 if (carrier == iface->enabled) {
1430 iface->delay_expires = LLONG_MAX;
1431 VLOG_INFO_RL(&rl, "interface %s: will not be %s",
1432 iface->name, carrier ? "disabled" : "enabled");
1433 } else if (carrier && port->updelay && port->active_iface < 0) {
1434 iface->delay_expires = time_msec();
1435 VLOG_INFO_RL(&rl, "interface %s: skipping %d ms updelay since no "
1436 "other interface is up", iface->name, port->updelay);
1438 int delay = carrier ? port->updelay : port->downdelay;
1439 iface->delay_expires = time_msec() + delay;
1442 "interface %s: will be %s if it stays %s for %d ms",
1444 carrier ? "enabled" : "disabled",
1445 carrier ? "up" : "down",
1452 bond_choose_active_iface(struct port *port)
1454 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20);
1456 port->active_iface = bond_choose_iface(port);
1457 port->active_iface_tag = tag_create_random();
1458 if (port->active_iface >= 0) {
1459 VLOG_INFO_RL(&rl, "port %s: active interface is now %s",
1460 port->name, port->ifaces[port->active_iface]->name);
1462 VLOG_WARN_RL(&rl, "port %s: all ports disabled, no active interface",
1468 bond_enable_slave(struct iface *iface, bool enable)
1470 struct port *port = iface->port;
1471 struct bridge *br = port->bridge;
1473 iface->delay_expires = LLONG_MAX;
1474 if (enable == iface->enabled) {
1478 iface->enabled = enable;
1479 if (!iface->enabled) {
1480 VLOG_WARN("interface %s: disabled", iface->name);
1481 ofproto_revalidate(br->ofproto, iface->tag);
1482 if (iface->port_ifidx == port->active_iface) {
1483 ofproto_revalidate(br->ofproto,
1484 port->active_iface_tag);
1485 bond_choose_active_iface(port);
1487 bond_send_learning_packets(port);
1489 VLOG_WARN("interface %s: enabled", iface->name);
1490 if (port->active_iface < 0) {
1491 ofproto_revalidate(br->ofproto, port->no_ifaces_tag);
1492 bond_choose_active_iface(port);
1493 bond_send_learning_packets(port);
1495 iface->tag = tag_create_random();
1500 bond_run(struct bridge *br)
1504 for (i = 0; i < br->n_ports; i++) {
1505 struct port *port = br->ports[i];
1506 if (port->n_ifaces < 2) {
1509 for (j = 0; j < port->n_ifaces; j++) {
1510 struct iface *iface = port->ifaces[j];
1511 if (time_msec() >= iface->delay_expires) {
1512 bond_enable_slave(iface, !iface->enabled);
1519 bond_wait(struct bridge *br)
1523 for (i = 0; i < br->n_ports; i++) {
1524 struct port *port = br->ports[i];
1525 if (port->n_ifaces < 2) {
1528 for (j = 0; j < port->n_ifaces; j++) {
1529 struct iface *iface = port->ifaces[j];
1530 if (iface->delay_expires != LLONG_MAX) {
1531 poll_timer_wait(iface->delay_expires - time_msec());
1538 set_dst(struct dst *p, const flow_t *flow,
1539 const struct port *in_port, const struct port *out_port,
1544 * XXX This uses too many tags: any broadcast flow will get one tag per
1545 * destination port, and thus a broadcast on a switch of any size is likely
1546 * to have all tag bits set. We should figure out a way to be smarter.
1548 * This is OK when STP is disabled, because stp_state_tag is 0 then. */
1549 *tags |= out_port->stp_state_tag;
1550 if (!(out_port->stp_state & (STP_DISABLED | STP_FORWARDING))) {
1554 p->vlan = (out_port->vlan >= 0 ? OFP_VLAN_NONE
1555 : in_port->vlan >= 0 ? in_port->vlan
1556 : ntohs(flow->dl_vlan));
1557 return choose_output_iface(out_port, flow->dl_src, &p->dp_ifidx, tags);
1561 swap_dst(struct dst *p, struct dst *q)
1563 struct dst tmp = *p;
1568 /* Moves all the dsts with vlan == 'vlan' to the front of the 'n_dsts' in
1569 * 'dsts'. (This may help performance by reducing the number of VLAN changes
1570 * that we push to the datapath. We could in fact fully sort the array by
1571 * vlan, but in most cases there are at most two different vlan tags so that's
1572 * possibly overkill.) */
1574 partition_dsts(struct dst *dsts, size_t n_dsts, int vlan)
1576 struct dst *first = dsts;
1577 struct dst *last = dsts + n_dsts;
1579 while (first != last) {
1581 * - All dsts < first have vlan == 'vlan'.
1582 * - All dsts >= last have vlan != 'vlan'.
1583 * - first < last. */
1584 while (first->vlan == vlan) {
1585 if (++first == last) {
1590 /* Same invariants, plus one additional:
1591 * - first->vlan != vlan.
1593 while (last[-1].vlan != vlan) {
1594 if (--last == first) {
1599 /* Same invariants, plus one additional:
1600 * - last[-1].vlan == vlan.*/
1601 swap_dst(first++, --last);
1606 mirror_mask_ffs(mirror_mask_t mask)
1608 BUILD_ASSERT_DECL(sizeof(unsigned int) >= sizeof(mask));
1613 dst_is_duplicate(const struct dst *dsts, size_t n_dsts,
1614 const struct dst *test)
1617 for (i = 0; i < n_dsts; i++) {
1618 if (dsts[i].vlan == test->vlan && dsts[i].dp_ifidx == test->dp_ifidx) {
1626 port_trunks_vlan(const struct port *port, uint16_t vlan)
1628 return port->vlan < 0 && bitmap_is_set(port->trunks, vlan);
1632 port_includes_vlan(const struct port *port, uint16_t vlan)
1634 return vlan == port->vlan || port_trunks_vlan(port, vlan);
1638 compose_dsts(const struct bridge *br, const flow_t *flow, uint16_t vlan,
1639 const struct port *in_port, const struct port *out_port,
1640 struct dst dsts[], tag_type *tags)
1642 mirror_mask_t mirrors = in_port->src_mirrors;
1643 struct dst *dst = dsts;
1646 *tags |= in_port->stp_state_tag;
1647 if (out_port == FLOOD_PORT) {
1648 /* XXX use ODP_FLOOD if no vlans or bonding. */
1649 /* XXX even better, define each VLAN as a datapath port group */
1650 for (i = 0; i < br->n_ports; i++) {
1651 struct port *port = br->ports[i];
1652 if (port != in_port && port_includes_vlan(port, vlan)
1653 && !port->is_mirror_output_port
1654 && set_dst(dst, flow, in_port, port, tags)) {
1655 mirrors |= port->dst_mirrors;
1659 } else if (out_port && set_dst(dst, flow, in_port, out_port, tags)) {
1660 mirrors |= out_port->dst_mirrors;
1665 struct mirror *m = br->mirrors[mirror_mask_ffs(mirrors) - 1];
1666 if (!m->n_vlans || vlan_is_mirrored(m, vlan)) {
1668 if (set_dst(dst, flow, in_port, m->out_port, tags)
1669 && !dst_is_duplicate(dsts, dst - dsts, dst)) {
1673 for (i = 0; i < br->n_ports; i++) {
1674 struct port *port = br->ports[i];
1675 if (port_includes_vlan(port, m->out_vlan)
1676 && set_dst(dst, flow, in_port, port, tags)
1677 && !dst_is_duplicate(dsts, dst - dsts, dst))
1679 if (port->vlan < 0) {
1680 dst->vlan = m->out_vlan;
1682 if (dst->dp_ifidx == flow->in_port
1683 && dst->vlan == vlan) {
1684 /* Don't send out input port on same VLAN. */
1692 mirrors &= mirrors - 1;
1695 partition_dsts(dsts, dst - dsts, ntohs(flow->dl_vlan));
1700 print_dsts(const struct dst *dsts, size_t n)
1702 for (; n--; dsts++) {
1703 printf(">p%"PRIu16, dsts->dp_ifidx);
1704 if (dsts->vlan != OFP_VLAN_NONE) {
1705 printf("v%"PRIu16, dsts->vlan);
1711 compose_actions(struct bridge *br, const flow_t *flow, uint16_t vlan,
1712 const struct port *in_port, const struct port *out_port,
1713 tag_type *tags, struct odp_actions *actions)
1715 struct dst dsts[DP_MAX_PORTS * (MAX_MIRRORS + 1)];
1717 const struct dst *p;
1720 n_dsts = compose_dsts(br, flow, vlan, in_port, out_port, dsts, tags);
1722 cur_vlan = ntohs(flow->dl_vlan);
1723 for (p = dsts; p < &dsts[n_dsts]; p++) {
1724 union odp_action *a;
1725 if (p->vlan != cur_vlan) {
1726 if (p->vlan == OFP_VLAN_NONE) {
1727 odp_actions_add(actions, ODPAT_STRIP_VLAN);
1729 a = odp_actions_add(actions, ODPAT_SET_VLAN_VID);
1730 a->vlan_vid.vlan_vid = htons(p->vlan);
1734 a = odp_actions_add(actions, ODPAT_OUTPUT);
1735 a->output.port = p->dp_ifidx;
1740 is_bcast_arp_reply(const flow_t *flow, const struct ofpbuf *packet)
1742 struct arp_eth_header *arp = (struct arp_eth_header *) packet->data;
1743 return (flow->dl_type == htons(ETH_TYPE_ARP)
1744 && eth_addr_is_broadcast(flow->dl_dst)
1745 && packet->size >= sizeof(struct arp_eth_header)
1746 && arp->ar_op == ARP_OP_REQUEST);
1749 /* If the composed actions may be applied to any packet in the given 'flow',
1750 * returns true. Otherwise, the actions should only be applied to 'packet', or
1751 * not at all, if 'packet' was NULL. */
1753 process_flow(struct bridge *br, const flow_t *flow,
1754 const struct ofpbuf *packet, struct odp_actions *actions,
1757 struct iface *in_iface;
1758 struct port *in_port;
1759 struct port *out_port = NULL; /* By default, drop the packet/flow. */
1762 /* Find the interface and port structure for the received packet. */
1763 in_iface = iface_from_dp_ifidx(br, flow->in_port);
1765 /* No interface? Something fishy... */
1766 if (packet != NULL) {
1767 /* Odd. A few possible reasons here:
1769 * - We deleted an interface but there are still a few packets
1770 * queued up from it.
1772 * - Someone externally added an interface (e.g. with "ovs-dpctl
1773 * add-if") that we don't know about.
1775 * - Packet arrived on the local port but the local port is not
1776 * one of our bridge ports.
1778 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1780 VLOG_WARN_RL(&rl, "bridge %s: received packet on unknown "
1781 "interface %"PRIu16, br->name, flow->in_port);
1784 /* Return without adding any actions, to drop packets on this flow. */
1787 in_port = in_iface->port;
1789 /* Figure out what VLAN this packet belongs to.
1791 * Note that dl_vlan of 0 and of OFP_VLAN_NONE both mean that the packet
1792 * belongs to VLAN 0, so we should treat both cases identically. (In the
1793 * former case, the packet has an 802.1Q header that specifies VLAN 0,
1794 * presumably to allow a priority to be specified. In the latter case, the
1795 * packet does not have any 802.1Q header.) */
1796 vlan = ntohs(flow->dl_vlan);
1797 if (vlan == OFP_VLAN_NONE) {
1800 if (in_port->vlan >= 0) {
1802 /* XXX support double tagging? */
1803 if (packet != NULL) {
1804 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1805 VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %"PRIu16" tagged "
1806 "packet received on port %s configured with "
1807 "implicit VLAN %"PRIu16,
1808 br->name, ntohs(flow->dl_vlan),
1809 in_port->name, in_port->vlan);
1813 vlan = in_port->vlan;
1815 if (!port_includes_vlan(in_port, vlan)) {
1816 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1817 VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %d tagged "
1818 "packet received on port %s not configured for "
1820 br->name, vlan, in_port->name, vlan);
1825 /* Drop frames for ports that STP wants entirely killed (both for
1826 * forwarding and for learning). Later, after we do learning, we'll drop
1827 * the frames that STP wants to do learning but not forwarding on. */
1828 if (in_port->stp_state & (STP_LISTENING | STP_BLOCKING)) {
1832 /* Drop frames for reserved multicast addresses. */
1833 if (eth_addr_is_reserved(flow->dl_dst)) {
1837 /* Drop frames on ports reserved for mirroring. */
1838 if (in_port->is_mirror_output_port) {
1839 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1840 VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port %s, "
1841 "which is reserved exclusively for mirroring",
1842 br->name, in_port->name);
1846 /* Multicast (and broadcast) packets on bonds need special attention, to
1847 * avoid receiving duplicates. */
1848 if (in_port->n_ifaces > 1 && eth_addr_is_multicast(flow->dl_dst)) {
1849 *tags |= in_port->active_iface_tag;
1850 if (in_port->active_iface != in_iface->port_ifidx) {
1851 /* Drop all multicast packets on inactive slaves. */
1854 /* Drop all multicast packets for which we have learned a different
1855 * input port, because we probably sent the packet on one slaves
1856 * and got it back on the active slave. Broadcast ARP replies are
1857 * an exception to this rule: the host has moved to another
1859 int src_idx = mac_learning_lookup(br->ml, flow->dl_src, vlan);
1860 if (src_idx != -1 && src_idx != in_port->port_idx) {
1862 if (!is_bcast_arp_reply(flow, packet)) {
1866 /* No way to know whether it's an ARP reply, because the
1867 * flow entry doesn't include enough information and we
1868 * don't have a packet. Punt. */
1876 out_port = FLOOD_PORT;
1880 /* Learn source MAC (but don't try to learn from revalidation). */
1882 tag_type rev_tag = mac_learning_learn(br->ml, flow->dl_src,
1883 vlan, in_port->port_idx);
1885 /* The log messages here could actually be useful in debugging,
1886 * so keep the rate limit relatively high. */
1887 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30,
1889 VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is "
1890 "on port %s in VLAN %d",
1891 br->name, ETH_ADDR_ARGS(flow->dl_src),
1892 in_port->name, vlan);
1893 ofproto_revalidate(br->ofproto, rev_tag);
1897 /* Determine output port. */
1898 out_port_idx = mac_learning_lookup_tag(br->ml, flow->dl_dst, vlan,
1900 if (out_port_idx >= 0 && out_port_idx < br->n_ports) {
1901 out_port = br->ports[out_port_idx];
1905 /* Don't send packets out their input ports. Don't forward frames that STP
1906 * wants us to discard. */
1907 if (in_port == out_port || in_port->stp_state == STP_LEARNING) {
1912 compose_actions(br, flow, vlan, in_port, out_port, tags, actions);
1915 * We send out only a single packet, instead of setting up a flow, if the
1916 * packet is an ARP directed to broadcast that arrived on a bonded
1917 * interface. In such a situation ARP requests and replies must be handled
1918 * differently, but OpenFlow unfortunately can't distinguish them.
1920 return (in_port->n_ifaces < 2
1921 || flow->dl_type != htons(ETH_TYPE_ARP)
1922 || !eth_addr_is_broadcast(flow->dl_dst));
1925 /* Careful: 'opp' is in host byte order and opp->port_no is an OFP port
1928 bridge_port_changed_ofhook_cb(enum ofp_port_reason reason,
1929 const struct ofp_phy_port *opp,
1932 struct bridge *br = br_;
1933 struct iface *iface;
1936 iface = iface_from_dp_ifidx(br, ofp_port_to_odp_port(opp->port_no));
1942 if (reason == OFPPR_DELETE) {
1943 VLOG_WARN("bridge %s: interface %s deleted unexpectedly",
1944 br->name, iface->name);
1945 iface_destroy(iface);
1946 if (!port->n_ifaces) {
1947 VLOG_WARN("bridge %s: port %s has no interfaces, dropping",
1948 br->name, port->name);
1954 memcpy(iface->mac, opp->hw_addr, ETH_ADDR_LEN);
1955 if (port->n_ifaces > 1) {
1956 bool up = !(opp->state & OFPPS_LINK_DOWN);
1957 bond_link_status_update(iface, up);
1958 port_update_bond_compat(port);
1964 bridge_normal_ofhook_cb(const flow_t *flow, const struct ofpbuf *packet,
1965 struct odp_actions *actions, tag_type *tags, void *br_)
1967 struct bridge *br = br_;
1970 if (flow->dl_type == htons(OFP_DL_TYPE_NOT_ETH_TYPE)
1971 && eth_addr_equals(flow->dl_dst, stp_eth_addr)) {
1972 brstp_receive(br, flow, payload);
1977 COVERAGE_INC(bridge_process_flow);
1978 return process_flow(br, flow, packet, actions, tags);
1982 bridge_account_flow_ofhook_cb(const flow_t *flow,
1983 const union odp_action *actions,
1984 size_t n_actions, unsigned long long int n_bytes,
1987 struct bridge *br = br_;
1988 const union odp_action *a;
1990 if (!br->has_bonded_ports) {
1994 for (a = actions; a < &actions[n_actions]; a++) {
1995 if (a->type == ODPAT_OUTPUT) {
1996 struct port *port = port_from_dp_ifidx(br, a->output.port);
1997 if (port && port->n_ifaces >= 2) {
1998 struct bond_entry *e = lookup_bond_entry(port, flow->dl_src);
1999 e->tx_bytes += n_bytes;
2006 bridge_account_checkpoint_ofhook_cb(void *br_)
2008 struct bridge *br = br_;
2011 if (!br->has_bonded_ports) {
2015 /* The current ofproto implementation calls this callback at least once a
2016 * second, so this timer implementation is sufficient. */
2017 if (time_msec() < br->bond_next_rebalance) {
2020 br->bond_next_rebalance = time_msec() + 10000;
2022 for (i = 0; i < br->n_ports; i++) {
2023 struct port *port = br->ports[i];
2024 if (port->n_ifaces > 1) {
2025 bond_rebalance_port(port);
2030 static struct ofhooks bridge_ofhooks = {
2031 bridge_port_changed_ofhook_cb,
2032 bridge_normal_ofhook_cb,
2033 bridge_account_flow_ofhook_cb,
2034 bridge_account_checkpoint_ofhook_cb,
2037 /* Bonding functions. */
2039 /* Statistics for a single interface on a bonded port, used for load-based
2040 * bond rebalancing. */
2041 struct slave_balance {
2042 struct iface *iface; /* The interface. */
2043 uint64_t tx_bytes; /* Sum of hashes[*]->tx_bytes. */
2045 /* All the "bond_entry"s that are assigned to this interface, in order of
2046 * increasing tx_bytes. */
2047 struct bond_entry **hashes;
2051 /* Sorts pointers to pointers to bond_entries in ascending order by the
2052 * interface to which they are assigned, and within a single interface in
2053 * ascending order of bytes transmitted. */
2055 compare_bond_entries(const void *a_, const void *b_)
2057 const struct bond_entry *const *ap = a_;
2058 const struct bond_entry *const *bp = b_;
2059 const struct bond_entry *a = *ap;
2060 const struct bond_entry *b = *bp;
2061 if (a->iface_idx != b->iface_idx) {
2062 return a->iface_idx > b->iface_idx ? 1 : -1;
2063 } else if (a->tx_bytes != b->tx_bytes) {
2064 return a->tx_bytes > b->tx_bytes ? 1 : -1;
2070 /* Sorts slave_balances so that enabled ports come first, and otherwise in
2071 * *descending* order by number of bytes transmitted. */
2073 compare_slave_balance(const void *a_, const void *b_)
2075 const struct slave_balance *a = a_;
2076 const struct slave_balance *b = b_;
2077 if (a->iface->enabled != b->iface->enabled) {
2078 return a->iface->enabled ? -1 : 1;
2079 } else if (a->tx_bytes != b->tx_bytes) {
2080 return a->tx_bytes > b->tx_bytes ? -1 : 1;
2087 swap_bals(struct slave_balance *a, struct slave_balance *b)
2089 struct slave_balance tmp = *a;
2094 /* Restores the 'n_bals' slave_balance structures in 'bals' to sorted order
2095 * given that 'p' (and only 'p') might be in the wrong location.
2097 * This function invalidates 'p', since it might now be in a different memory
2100 resort_bals(struct slave_balance *p,
2101 struct slave_balance bals[], size_t n_bals)
2104 for (; p > bals && p->tx_bytes > p[-1].tx_bytes; p--) {
2105 swap_bals(p, p - 1);
2107 for (; p < &bals[n_bals - 1] && p->tx_bytes < p[1].tx_bytes; p++) {
2108 swap_bals(p, p + 1);
2114 log_bals(const struct slave_balance *bals, size_t n_bals, struct port *port)
2116 if (VLOG_IS_DBG_ENABLED()) {
2117 struct ds ds = DS_EMPTY_INITIALIZER;
2118 const struct slave_balance *b;
2120 for (b = bals; b < bals + n_bals; b++) {
2124 ds_put_char(&ds, ',');
2126 ds_put_format(&ds, " %s %"PRIu64"kB",
2127 b->iface->name, b->tx_bytes / 1024);
2129 if (!b->iface->enabled) {
2130 ds_put_cstr(&ds, " (disabled)");
2132 if (b->n_hashes > 0) {
2133 ds_put_cstr(&ds, " (");
2134 for (i = 0; i < b->n_hashes; i++) {
2135 const struct bond_entry *e = b->hashes[i];
2137 ds_put_cstr(&ds, " + ");
2139 ds_put_format(&ds, "h%td: %"PRIu64"kB",
2140 e - port->bond_hash, e->tx_bytes / 1024);
2142 ds_put_cstr(&ds, ")");
2145 VLOG_DBG("bond %s:%s", port->name, ds_cstr(&ds));
2150 /* Shifts 'hash' from 'from' to 'to' within 'port'. */
2152 bond_shift_load(struct slave_balance *from, struct slave_balance *to,
2153 struct bond_entry *hash)
2155 struct port *port = from->iface->port;
2156 uint64_t delta = hash->tx_bytes;
2158 VLOG_INFO("bond %s: shift %"PRIu64"kB of load (with hash %td) "
2159 "from %s to %s (now carrying %"PRIu64"kB and "
2160 "%"PRIu64"kB load, respectively)",
2161 port->name, delta / 1024, hash - port->bond_hash,
2162 from->iface->name, to->iface->name,
2163 (from->tx_bytes - delta) / 1024,
2164 (to->tx_bytes + delta) / 1024);
2166 /* Delete element from from->hashes.
2168 * We don't bother to add the element to to->hashes because not only would
2169 * it require more work, the only purpose it would be to allow that hash to
2170 * be migrated to another slave in this rebalancing run, and there is no
2171 * point in doing that. */
2172 if (from->hashes[0] == hash) {
2175 int i = hash - from->hashes[0];
2176 memmove(from->hashes + i, from->hashes + i + 1,
2177 (from->n_hashes - (i + 1)) * sizeof *from->hashes);
2181 /* Shift load away from 'from' to 'to'. */
2182 from->tx_bytes -= delta;
2183 to->tx_bytes += delta;
2185 /* Arrange for flows to be revalidated. */
2186 ofproto_revalidate(port->bridge->ofproto, hash->iface_tag);
2187 hash->iface_idx = to->iface->port_ifidx;
2188 hash->iface_tag = tag_create_random();
2192 bond_rebalance_port(struct port *port)
2194 struct slave_balance bals[DP_MAX_PORTS];
2196 struct bond_entry *hashes[BOND_MASK + 1];
2197 struct slave_balance *b, *from, *to;
2198 struct bond_entry *e;
2201 /* Sets up 'bals' to describe each of the port's interfaces, sorted in
2202 * descending order of tx_bytes, so that bals[0] represents the most
2203 * heavily loaded slave and bals[n_bals - 1] represents the least heavily
2206 * The code is a bit tricky: to avoid dynamically allocating a 'hashes'
2207 * array for each slave_balance structure, we sort our local array of
2208 * hashes in order by slave, so that all of the hashes for a given slave
2209 * become contiguous in memory, and then we point each 'hashes' members of
2210 * a slave_balance structure to the start of a contiguous group. */
2211 n_bals = port->n_ifaces;
2212 for (b = bals; b < &bals[n_bals]; b++) {
2213 b->iface = port->ifaces[b - bals];
2218 for (i = 0; i <= BOND_MASK; i++) {
2219 hashes[i] = &port->bond_hash[i];
2221 qsort(hashes, BOND_MASK + 1, sizeof *hashes, compare_bond_entries);
2222 for (i = 0; i <= BOND_MASK; i++) {
2224 if (e->iface_idx >= 0 && e->iface_idx < port->n_ifaces) {
2225 b = &bals[e->iface_idx];
2226 b->tx_bytes += e->tx_bytes;
2228 b->hashes = &hashes[i];
2233 qsort(bals, n_bals, sizeof *bals, compare_slave_balance);
2234 log_bals(bals, n_bals, port);
2236 /* Discard slaves that aren't enabled (which were sorted to the back of the
2237 * array earlier). */
2238 while (!bals[n_bals - 1].iface->enabled) {
2245 /* Shift load from the most-loaded slaves to the least-loaded slaves. */
2246 to = &bals[n_bals - 1];
2247 for (from = bals; from < to; ) {
2248 uint64_t overload = from->tx_bytes - to->tx_bytes;
2249 if (overload < to->tx_bytes >> 5 || overload < 100000) {
2250 /* The extra load on 'from' (and all less-loaded slaves), compared
2251 * to that of 'to' (the least-loaded slave), is less than ~3%, or
2252 * it is less than ~1Mbps. No point in rebalancing. */
2254 } else if (from->n_hashes == 1) {
2255 /* 'from' only carries a single MAC hash, so we can't shift any
2256 * load away from it, even though we want to. */
2259 /* 'from' is carrying significantly more load than 'to', and that
2260 * load is split across at least two different hashes. Pick a hash
2261 * to migrate to 'to' (the least-loaded slave), given that doing so
2262 * must not cause 'to''s load to exceed 'from''s load.
2264 * The sort order we use means that we prefer to shift away the
2265 * smallest hashes instead of the biggest ones. There is little
2266 * reason behind this decision; we could use the opposite sort
2267 * order to shift away big hashes ahead of small ones. */
2270 for (i = 0; i < from->n_hashes; i++) {
2271 uint64_t delta = from->hashes[i]->tx_bytes;
2272 if (to->tx_bytes + delta < from->tx_bytes - delta) {
2276 if (i < from->n_hashes) {
2277 bond_shift_load(from, to, from->hashes[i]);
2279 /* Re-sort 'bals'. Note that this may make 'from' and 'to'
2280 * point to different slave_balance structures. It is only
2281 * valid to do these two operations in a row at all because we
2282 * know that 'from' will not move past 'to' and vice versa. */
2283 resort_bals(from, bals, n_bals);
2284 resort_bals(to, bals, n_bals);
2291 /* Implement exponentially weighted moving average. A weight of 1/2 causes
2292 * historical data to decay to <1% in 7 rebalancing runs. */
2293 for (e = &port->bond_hash[0]; e <= &port->bond_hash[BOND_MASK]; e++) {
2299 bond_send_learning_packets(struct port *port)
2301 struct bridge *br = port->bridge;
2302 struct mac_entry *e;
2303 struct ofpbuf packet;
2304 int error, n_packets, n_errors;
2306 if (!port->n_ifaces || port->active_iface < 0 || !br->ml) {
2310 ofpbuf_init(&packet, 128);
2311 error = n_packets = n_errors = 0;
2312 LIST_FOR_EACH (e, struct mac_entry, lru_node, &br->ml->lrus) {
2313 static const char s[] = "Open vSwitch Bond Failover";
2314 union ofp_action actions[2], *a;
2315 struct eth_header *eth;
2316 struct llc_snap_header *llc_snap;
2322 if (e->port == port->port_idx
2323 || !choose_output_iface(port, e->mac, &dp_ifidx, &tags)) {
2327 /* Compose packet to send. */
2328 ofpbuf_clear(&packet);
2329 eth = ofpbuf_put_zeros(&packet, ETH_HEADER_LEN);
2330 llc_snap = ofpbuf_put_zeros(&packet, LLC_SNAP_HEADER_LEN);
2331 ofpbuf_put(&packet, s, sizeof s); /* Includes null byte. */
2332 ofpbuf_put(&packet, e->mac, ETH_ADDR_LEN);
2334 memcpy(eth->eth_dst, eth_addr_broadcast, ETH_ADDR_LEN);
2335 memcpy(eth->eth_src, e->mac, ETH_ADDR_LEN);
2336 eth->eth_type = htons(packet.size - ETH_HEADER_LEN);
2338 llc_snap->llc.llc_dsap = LLC_DSAP_SNAP;
2339 llc_snap->llc.llc_ssap = LLC_SSAP_SNAP;
2340 llc_snap->llc.llc_cntl = LLC_CNTL_SNAP;
2341 memcpy(llc_snap->snap.snap_org, "\x00\x23\x20", 3);
2342 llc_snap->snap.snap_type = htons(0xf177); /* Random number. */
2344 /* Compose actions. */
2345 memset(actions, 0, sizeof actions);
2348 a->vlan_vid.type = htons(OFPAT_SET_VLAN_VID);
2349 a->vlan_vid.len = htons(sizeof *a);
2350 a->vlan_vid.vlan_vid = htons(e->vlan);
2353 a->output.type = htons(OFPAT_OUTPUT);
2354 a->output.len = htons(sizeof *a);
2355 a->output.port = htons(odp_port_to_ofp_port(dp_ifidx));
2360 flow_extract(&packet, ODPP_NONE, &flow);
2361 retval = ofproto_send_packet(br->ofproto, &flow, actions, a - actions,
2368 ofpbuf_uninit(&packet);
2371 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2372 VLOG_WARN_RL(&rl, "bond %s: %d errors sending %d gratuitous learning "
2373 "packets, last error was: %s",
2374 port->name, n_errors, n_packets, strerror(error));
2376 VLOG_DBG("bond %s: sent %d gratuitous learning packets",
2377 port->name, n_packets);
2381 /* Bonding unixctl user interface functions. */
2384 bond_unixctl_list(struct unixctl_conn *conn, const char *args UNUSED)
2386 struct ds ds = DS_EMPTY_INITIALIZER;
2387 const struct bridge *br;
2389 ds_put_cstr(&ds, "bridge\tbond\tslaves\n");
2391 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
2394 for (i = 0; i < br->n_ports; i++) {
2395 const struct port *port = br->ports[i];
2396 if (port->n_ifaces > 1) {
2399 ds_put_format(&ds, "%s\t%s\t", br->name, port->name);
2400 for (j = 0; j < port->n_ifaces; j++) {
2401 const struct iface *iface = port->ifaces[j];
2403 ds_put_cstr(&ds, ", ");
2405 ds_put_cstr(&ds, iface->name);
2407 ds_put_char(&ds, '\n');
2411 unixctl_command_reply(conn, 200, ds_cstr(&ds));
2415 static struct port *
2416 bond_find(const char *name)
2418 const struct bridge *br;
2420 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
2423 for (i = 0; i < br->n_ports; i++) {
2424 struct port *port = br->ports[i];
2425 if (!strcmp(port->name, name) && port->n_ifaces > 1) {
2434 bond_unixctl_show(struct unixctl_conn *conn, const char *args)
2436 struct ds ds = DS_EMPTY_INITIALIZER;
2437 const struct port *port;
2440 port = bond_find(args);
2442 unixctl_command_reply(conn, 501, "no such bond");
2446 ds_put_format(&ds, "updelay: %d ms\n", port->updelay);
2447 ds_put_format(&ds, "downdelay: %d ms\n", port->downdelay);
2448 ds_put_format(&ds, "next rebalance: %lld ms\n",
2449 port->bridge->bond_next_rebalance - time_msec());
2450 for (j = 0; j < port->n_ifaces; j++) {
2451 const struct iface *iface = port->ifaces[j];
2452 struct bond_entry *be;
2455 ds_put_format(&ds, "slave %s: %s\n",
2456 iface->name, iface->enabled ? "enabled" : "disabled");
2457 if (j == port->active_iface) {
2458 ds_put_cstr(&ds, "\tactive slave\n");
2460 if (iface->delay_expires != LLONG_MAX) {
2461 ds_put_format(&ds, "\t%s expires in %lld ms\n",
2462 iface->enabled ? "downdelay" : "updelay",
2463 iface->delay_expires - time_msec());
2467 for (be = port->bond_hash; be <= &port->bond_hash[BOND_MASK]; be++) {
2468 int hash = be - port->bond_hash;
2469 struct mac_entry *me;
2471 if (be->iface_idx != j) {
2475 ds_put_format(&ds, "\thash %d: %lld kB load\n",
2476 hash, be->tx_bytes / 1024);
2479 if (!port->bridge->ml) {
2483 LIST_FOR_EACH (me, struct mac_entry, lru_node,
2484 &port->bridge->ml->lrus) {
2487 if (bond_hash(me->mac) == hash
2488 && me->port != port->port_idx
2489 && choose_output_iface(port, me->mac, &dp_ifidx, &tags)
2490 && dp_ifidx == iface->dp_ifidx)
2492 ds_put_format(&ds, "\t\t"ETH_ADDR_FMT"\n",
2493 ETH_ADDR_ARGS(me->mac));
2498 unixctl_command_reply(conn, 200, ds_cstr(&ds));
2503 bond_unixctl_migrate(struct unixctl_conn *conn, const char *args_)
2505 char *args = (char *) args_;
2506 char *save_ptr = NULL;
2507 char *bond_s, *hash_s, *slave_s;
2508 uint8_t mac[ETH_ADDR_LEN];
2510 struct iface *iface;
2511 struct bond_entry *entry;
2514 bond_s = strtok_r(args, " ", &save_ptr);
2515 hash_s = strtok_r(NULL, " ", &save_ptr);
2516 slave_s = strtok_r(NULL, " ", &save_ptr);
2518 unixctl_command_reply(conn, 501,
2519 "usage: bond/migrate BOND HASH SLAVE");
2523 port = bond_find(bond_s);
2525 unixctl_command_reply(conn, 501, "no such bond");
2529 if (sscanf(hash_s, ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))
2530 == ETH_ADDR_SCAN_COUNT) {
2531 hash = bond_hash(mac);
2532 } else if (strspn(hash_s, "0123456789") == strlen(hash_s)) {
2533 hash = atoi(hash_s) & BOND_MASK;
2535 unixctl_command_reply(conn, 501, "bad hash");
2539 iface = port_lookup_iface(port, slave_s);
2541 unixctl_command_reply(conn, 501, "no such slave");
2545 if (!iface->enabled) {
2546 unixctl_command_reply(conn, 501, "cannot migrate to disabled slave");
2550 entry = &port->bond_hash[hash];
2551 ofproto_revalidate(port->bridge->ofproto, entry->iface_tag);
2552 entry->iface_idx = iface->port_ifidx;
2553 entry->iface_tag = tag_create_random();
2554 unixctl_command_reply(conn, 200, "migrated");
2558 bond_unixctl_set_active_slave(struct unixctl_conn *conn, const char *args_)
2560 char *args = (char *) args_;
2561 char *save_ptr = NULL;
2562 char *bond_s, *slave_s;
2564 struct iface *iface;
2566 bond_s = strtok_r(args, " ", &save_ptr);
2567 slave_s = strtok_r(NULL, " ", &save_ptr);
2569 unixctl_command_reply(conn, 501,
2570 "usage: bond/set-active-slave BOND SLAVE");
2574 port = bond_find(bond_s);
2576 unixctl_command_reply(conn, 501, "no such bond");
2580 iface = port_lookup_iface(port, slave_s);
2582 unixctl_command_reply(conn, 501, "no such slave");
2586 if (!iface->enabled) {
2587 unixctl_command_reply(conn, 501, "cannot make disabled slave active");
2591 if (port->active_iface != iface->port_ifidx) {
2592 ofproto_revalidate(port->bridge->ofproto, port->active_iface_tag);
2593 port->active_iface = iface->port_ifidx;
2594 port->active_iface_tag = tag_create_random();
2595 VLOG_INFO("port %s: active interface is now %s",
2596 port->name, iface->name);
2597 bond_send_learning_packets(port);
2598 unixctl_command_reply(conn, 200, "done");
2600 unixctl_command_reply(conn, 200, "no change");
2605 enable_slave(struct unixctl_conn *conn, const char *args_, bool enable)
2607 char *args = (char *) args_;
2608 char *save_ptr = NULL;
2609 char *bond_s, *slave_s;
2611 struct iface *iface;
2613 bond_s = strtok_r(args, " ", &save_ptr);
2614 slave_s = strtok_r(NULL, " ", &save_ptr);
2616 unixctl_command_reply(conn, 501,
2617 "usage: bond/enable/disable-slave BOND SLAVE");
2621 port = bond_find(bond_s);
2623 unixctl_command_reply(conn, 501, "no such bond");
2627 iface = port_lookup_iface(port, slave_s);
2629 unixctl_command_reply(conn, 501, "no such slave");
2633 bond_enable_slave(iface, enable);
2634 unixctl_command_reply(conn, 501, enable ? "enabled" : "disabled");
2638 bond_unixctl_enable_slave(struct unixctl_conn *conn, const char *args)
2640 enable_slave(conn, args, true);
2644 bond_unixctl_disable_slave(struct unixctl_conn *conn, const char *args)
2646 enable_slave(conn, args, false);
2652 unixctl_command_register("bond/list", bond_unixctl_list);
2653 unixctl_command_register("bond/show", bond_unixctl_show);
2654 unixctl_command_register("bond/migrate", bond_unixctl_migrate);
2655 unixctl_command_register("bond/set-active-slave",
2656 bond_unixctl_set_active_slave);
2657 unixctl_command_register("bond/enable-slave", bond_unixctl_enable_slave);
2658 unixctl_command_register("bond/disable-slave", bond_unixctl_disable_slave);
2661 /* Port functions. */
2664 port_create(struct bridge *br, const char *name)
2668 port = xcalloc(1, sizeof *port);
2670 port->port_idx = br->n_ports;
2672 port->trunks = NULL;
2673 port->name = xstrdup(name);
2674 port->active_iface = -1;
2675 port->stp_state = STP_DISABLED;
2676 port->stp_state_tag = 0;
2678 if (br->n_ports >= br->allocated_ports) {
2679 br->ports = x2nrealloc(br->ports, &br->allocated_ports,
2682 br->ports[br->n_ports++] = port;
2684 VLOG_INFO("created port %s on bridge %s", port->name, br->name);
2689 port_reconfigure(struct port *port)
2691 bool bonded = cfg_has_section("bonding.%s", port->name);
2692 struct svec old_ifaces, new_ifaces;
2693 unsigned long *trunks;
2697 /* Collect old and new interfaces. */
2698 svec_init(&old_ifaces);
2699 svec_init(&new_ifaces);
2700 for (i = 0; i < port->n_ifaces; i++) {
2701 svec_add(&old_ifaces, port->ifaces[i]->name);
2703 svec_sort(&old_ifaces);
2705 cfg_get_all_keys(&new_ifaces, "bonding.%s.slave", port->name);
2706 if (!new_ifaces.n) {
2707 VLOG_ERR("port %s: no interfaces specified for bonded port",
2709 } else if (new_ifaces.n == 1) {
2710 VLOG_WARN("port %s: only 1 interface specified for bonded port",
2714 port->updelay = cfg_get_int(0, "bonding.%s.updelay", port->name);
2715 if (port->updelay < 0) {
2718 port->downdelay = cfg_get_int(0, "bonding.%s.downdelay", port->name);
2719 if (port->downdelay < 0) {
2720 port->downdelay = 0;
2723 svec_init(&new_ifaces);
2724 svec_add(&new_ifaces, port->name);
2727 /* Get rid of deleted interfaces and add new interfaces. */
2728 for (i = 0; i < port->n_ifaces; i++) {
2729 struct iface *iface = port->ifaces[i];
2730 if (!svec_contains(&new_ifaces, iface->name)) {
2731 iface_destroy(iface);
2736 for (i = 0; i < new_ifaces.n; i++) {
2737 const char *name = new_ifaces.names[i];
2738 if (!svec_contains(&old_ifaces, name)) {
2739 iface_create(port, name);
2745 if (cfg_has("vlan.%s.tag", port->name)) {
2747 vlan = cfg_get_vlan(0, "vlan.%s.tag", port->name);
2748 if (vlan >= 0 && vlan <= 4095) {
2749 VLOG_DBG("port %s: assigning VLAN tag %d", port->name, vlan);
2752 /* It's possible that bonded, VLAN-tagged ports make sense. Maybe
2753 * they even work as-is. But they have not been tested. */
2754 VLOG_WARN("port %s: VLAN tags not supported on bonded ports",
2758 if (port->vlan != vlan) {
2760 bridge_flush(port->bridge);
2763 /* Get trunked VLANs. */
2766 size_t n_trunks, n_errors;
2769 trunks = bitmap_allocate(4096);
2770 n_trunks = cfg_count("vlan.%s.trunks", port->name);
2772 for (i = 0; i < n_trunks; i++) {
2773 int trunk = cfg_get_vlan(i, "vlan.%s.trunks", port->name);
2775 bitmap_set1(trunks, trunk);
2781 VLOG_ERR("port %s: invalid values for %zu trunk VLANs",
2782 port->name, n_trunks);
2784 if (n_errors == n_trunks) {
2786 VLOG_ERR("port %s: no valid trunks, trunking all VLANs",
2789 bitmap_set_multiple(trunks, 0, 4096, 1);
2792 if (cfg_has("vlan.%s.trunks", port->name)) {
2793 VLOG_ERR("ignoring vlan.%s.trunks in favor of vlan.%s.vlan",
2794 port->name, port->name);
2798 ? port->trunks != NULL
2799 : port->trunks == NULL || !bitmap_equal(trunks, port->trunks, 4096)) {
2800 bridge_flush(port->bridge);
2802 bitmap_free(port->trunks);
2803 port->trunks = trunks;
2805 svec_destroy(&old_ifaces);
2806 svec_destroy(&new_ifaces);
2810 port_destroy(struct port *port)
2813 struct bridge *br = port->bridge;
2817 proc_net_compat_update_vlan(port->name, NULL, 0);
2819 for (i = 0; i < MAX_MIRRORS; i++) {
2820 struct mirror *m = br->mirrors[i];
2821 if (m && m->out_port == port) {
2826 while (port->n_ifaces > 0) {
2827 iface_destroy(port->ifaces[port->n_ifaces - 1]);
2830 del = br->ports[port->port_idx] = br->ports[--br->n_ports];
2831 del->port_idx = port->port_idx;
2834 bitmap_free(port->trunks);
2841 static struct port *
2842 port_from_dp_ifidx(const struct bridge *br, uint16_t dp_ifidx)
2844 struct iface *iface = iface_from_dp_ifidx(br, dp_ifidx);
2845 return iface ? iface->port : NULL;
2848 static struct port *
2849 port_lookup(const struct bridge *br, const char *name)
2853 for (i = 0; i < br->n_ports; i++) {
2854 struct port *port = br->ports[i];
2855 if (!strcmp(port->name, name)) {
2862 static struct iface *
2863 port_lookup_iface(const struct port *port, const char *name)
2867 for (j = 0; j < port->n_ifaces; j++) {
2868 struct iface *iface = port->ifaces[j];
2869 if (!strcmp(iface->name, name)) {
2877 port_update_bonding(struct port *port)
2879 if (port->n_ifaces < 2) {
2880 /* Not a bonded port. */
2881 if (port->bond_hash) {
2882 free(port->bond_hash);
2883 port->bond_hash = NULL;
2884 proc_net_compat_update_bond(port->name, NULL);
2887 if (!port->bond_hash) {
2890 port->bond_hash = xcalloc(BOND_MASK + 1, sizeof *port->bond_hash);
2891 for (i = 0; i <= BOND_MASK; i++) {
2892 struct bond_entry *e = &port->bond_hash[i];
2896 port->no_ifaces_tag = tag_create_random();
2897 bond_choose_active_iface(port);
2899 port_update_bond_compat(port);
2904 port_update_bond_compat(struct port *port)
2906 struct compat_bond_hash compat_hashes[BOND_MASK + 1];
2907 struct compat_bond bond;
2910 if (port->n_ifaces < 2) {
2915 bond.updelay = port->updelay;
2916 bond.downdelay = port->downdelay;
2919 bond.hashes = compat_hashes;
2920 if (port->bond_hash) {
2921 const struct bond_entry *e;
2922 for (e = port->bond_hash; e <= &port->bond_hash[BOND_MASK]; e++) {
2923 if (e->iface_idx >= 0 && e->iface_idx < port->n_ifaces) {
2924 struct compat_bond_hash *cbh = &bond.hashes[bond.n_hashes++];
2925 cbh->hash = e - port->bond_hash;
2926 cbh->netdev_name = port->ifaces[e->iface_idx]->name;
2931 bond.n_slaves = port->n_ifaces;
2932 bond.slaves = xmalloc(port->n_ifaces * sizeof *bond.slaves);
2933 for (i = 0; i < port->n_ifaces; i++) {
2934 struct iface *iface = port->ifaces[i];
2935 struct compat_bond_slave *slave = &bond.slaves[i];
2936 slave->name = iface->name;
2937 slave->up = ((iface->enabled && iface->delay_expires == LLONG_MAX) ||
2938 (!iface->enabled && iface->delay_expires != LLONG_MAX));
2942 memcpy(slave->mac, iface->mac, ETH_ADDR_LEN);
2945 proc_net_compat_update_bond(port->name, &bond);
2950 port_update_vlan_compat(struct port *port)
2952 struct bridge *br = port->bridge;
2953 char *vlandev_name = NULL;
2955 if (port->vlan > 0) {
2956 /* Figure out the name that the VLAN device should actually have, if it
2957 * existed. This takes some work because the VLAN device would not
2958 * have port->name in its name; rather, it would have the trunk port's
2959 * name, and 'port' would be attached to a bridge that also had the
2960 * VLAN device one of its ports. So we need to find a trunk port that
2961 * includes port->vlan.
2963 * There might be more than one candidate. This doesn't happen on
2964 * XenServer, so if it happens we just pick the first choice in
2965 * alphabetical order instead of creating multiple VLAN devices. */
2967 for (i = 0; i < br->n_ports; i++) {
2968 struct port *p = br->ports[i];
2969 if (port_trunks_vlan(p, port->vlan)
2971 && (!vlandev_name || strcmp(p->name, vlandev_name) <= 0))
2973 const uint8_t *ea = p->ifaces[0]->mac;
2974 if (!eth_addr_is_multicast(ea) &&
2975 !eth_addr_is_reserved(ea) &&
2976 !eth_addr_is_zero(ea)) {
2977 vlandev_name = p->name;
2982 proc_net_compat_update_vlan(port->name, vlandev_name, port->vlan);
2985 /* Interface functions. */
2988 iface_create(struct port *port, const char *name)
2990 struct iface *iface;
2992 iface = xcalloc(1, sizeof *iface);
2994 iface->port_ifidx = port->n_ifaces;
2995 iface->name = xstrdup(name);
2996 iface->dp_ifidx = -1;
2997 iface->tag = tag_create_random();
2998 iface->delay_expires = LLONG_MAX;
3000 netdev_nodev_get_etheraddr(name, iface->mac);
3001 netdev_nodev_get_carrier(name, &iface->enabled);
3003 if (port->n_ifaces >= port->allocated_ifaces) {
3004 port->ifaces = x2nrealloc(port->ifaces, &port->allocated_ifaces,
3005 sizeof *port->ifaces);
3007 port->ifaces[port->n_ifaces++] = iface;
3008 if (port->n_ifaces > 1) {
3009 port->bridge->has_bonded_ports = true;
3012 VLOG_DBG("attached network device %s to port %s", iface->name, port->name);
3014 port_update_bonding(port);
3015 bridge_flush(port->bridge);
3019 iface_destroy(struct iface *iface)
3022 struct port *port = iface->port;
3023 struct bridge *br = port->bridge;
3024 bool del_active = port->active_iface == iface->port_ifidx;
3027 if (iface->dp_ifidx >= 0) {
3028 port_array_set(&br->ifaces, iface->dp_ifidx, NULL);
3031 del = port->ifaces[iface->port_ifidx] = port->ifaces[--port->n_ifaces];
3032 del->port_ifidx = iface->port_ifidx;
3038 ofproto_revalidate(port->bridge->ofproto, port->active_iface_tag);
3039 bond_choose_active_iface(port);
3040 bond_send_learning_packets(port);
3043 port_update_bonding(port);
3044 bridge_flush(port->bridge);
3048 static struct iface *
3049 iface_lookup(const struct bridge *br, const char *name)
3053 for (i = 0; i < br->n_ports; i++) {
3054 struct port *port = br->ports[i];
3055 for (j = 0; j < port->n_ifaces; j++) {
3056 struct iface *iface = port->ifaces[j];
3057 if (!strcmp(iface->name, name)) {
3065 static struct iface *
3066 iface_from_dp_ifidx(const struct bridge *br, uint16_t dp_ifidx)
3068 return port_array_get(&br->ifaces, dp_ifidx);
3071 /* Port mirroring. */
3074 mirror_reconfigure(struct bridge *br)
3076 struct svec old_mirrors, new_mirrors;
3079 /* Collect old and new mirrors. */
3080 svec_init(&old_mirrors);
3081 svec_init(&new_mirrors);
3082 cfg_get_subsections(&new_mirrors, "mirror.%s", br->name);
3083 for (i = 0; i < MAX_MIRRORS; i++) {
3084 if (br->mirrors[i]) {
3085 svec_add(&old_mirrors, br->mirrors[i]->name);
3089 /* Get rid of deleted mirrors and add new mirrors. */
3090 svec_sort(&old_mirrors);
3091 assert(svec_is_unique(&old_mirrors));
3092 svec_sort(&new_mirrors);
3093 assert(svec_is_unique(&new_mirrors));
3094 for (i = 0; i < MAX_MIRRORS; i++) {
3095 struct mirror *m = br->mirrors[i];
3096 if (m && !svec_contains(&new_mirrors, m->name)) {
3100 for (i = 0; i < new_mirrors.n; i++) {
3101 const char *name = new_mirrors.names[i];
3102 if (!svec_contains(&old_mirrors, name)) {
3103 mirror_create(br, name);
3106 svec_destroy(&old_mirrors);
3107 svec_destroy(&new_mirrors);
3109 /* Reconfigure all mirrors. */
3110 for (i = 0; i < MAX_MIRRORS; i++) {
3111 if (br->mirrors[i]) {
3112 mirror_reconfigure_one(br->mirrors[i]);
3116 /* Update port reserved status. */
3117 for (i = 0; i < br->n_ports; i++) {
3118 br->ports[i]->is_mirror_output_port = false;
3120 for (i = 0; i < MAX_MIRRORS; i++) {
3121 struct mirror *m = br->mirrors[i];
3122 if (m && m->out_port) {
3123 m->out_port->is_mirror_output_port = true;
3129 mirror_create(struct bridge *br, const char *name)
3134 for (i = 0; ; i++) {
3135 if (i >= MAX_MIRRORS) {
3136 VLOG_WARN("bridge %s: maximum of %d port mirrors reached, "
3137 "cannot create %s", br->name, MAX_MIRRORS, name);
3140 if (!br->mirrors[i]) {
3145 VLOG_INFO("created port mirror %s on bridge %s", name, br->name);
3148 br->mirrors[i] = m = xcalloc(1, sizeof *m);
3151 m->name = xstrdup(name);
3152 svec_init(&m->src_ports);
3153 svec_init(&m->dst_ports);
3161 mirror_destroy(struct mirror *m)
3164 struct bridge *br = m->bridge;
3167 for (i = 0; i < br->n_ports; i++) {
3168 br->ports[i]->src_mirrors &= ~(MIRROR_MASK_C(1) << m->idx);
3169 br->ports[i]->dst_mirrors &= ~(MIRROR_MASK_C(1) << m->idx);
3172 svec_destroy(&m->src_ports);
3173 svec_destroy(&m->dst_ports);
3176 m->bridge->mirrors[m->idx] = NULL;
3184 prune_ports(struct mirror *m, struct svec *ports)
3189 svec_sort_unique(ports);
3192 for (i = 0; i < ports->n; i++) {
3193 const char *name = ports->names[i];
3194 if (port_lookup(m->bridge, name)) {
3195 svec_add(&tmp, name);
3197 VLOG_WARN("mirror.%s.%s: cannot match on nonexistent port %s",
3198 m->bridge->name, m->name, name);
3201 svec_swap(ports, &tmp);
3206 prune_vlans(struct mirror *m, struct svec *vlan_strings, int **vlans)
3210 /* This isn't perfect: it won't combine "0" and "00", and the textual sort
3211 * order won't give us numeric sort order. But that's good enough for what
3212 * we need right now. */
3213 svec_sort_unique(vlan_strings);
3215 *vlans = xmalloc(sizeof *vlans * vlan_strings->n);
3217 for (i = 0; i < vlan_strings->n; i++) {
3218 const char *name = vlan_strings->names[i];
3220 if (!str_to_int(name, 10, &vlan) || vlan < 0 || vlan > 4095) {
3221 VLOG_WARN("mirror.%s.%s.select.vlan: ignoring invalid VLAN %s",
3222 m->bridge->name, m->name, name);
3224 (*vlans)[n_vlans++] = vlan;
3231 vlan_is_mirrored(const struct mirror *m, int vlan)
3235 for (i = 0; i < m->n_vlans; i++) {
3236 if (m->vlans[i] == vlan) {
3244 port_trunks_any_mirrored_vlan(const struct mirror *m, const struct port *p)
3248 for (i = 0; i < m->n_vlans; i++) {
3249 if (port_trunks_vlan(p, m->vlans[i])) {
3257 mirror_reconfigure_one(struct mirror *m)
3259 char *pfx = xasprintf("mirror.%s.%s", m->bridge->name, m->name);
3260 struct svec src_ports, dst_ports, ports;
3261 struct svec vlan_strings;
3262 mirror_mask_t mirror_bit;
3263 const char *out_port_name;
3264 struct port *out_port;
3269 bool mirror_all_ports;
3271 /* Get output port. */
3272 out_port_name = cfg_get_key(0, "mirror.%s.%s.output.port",
3273 m->bridge->name, m->name);
3274 if (out_port_name) {
3275 out_port = port_lookup(m->bridge, out_port_name);
3277 VLOG_ERR("%s.output.port: bridge %s does not have a port "
3278 "named %s", pfx, m->bridge->name, out_port_name);
3285 if (cfg_has("%s.output.vlan", pfx)) {
3286 VLOG_ERR("%s.output.port and %s.output.vlan both specified; "
3287 "ignoring %s.output.vlan", pfx, pfx, pfx);
3289 } else if (cfg_has("%s.output.vlan", pfx)) {
3291 out_vlan = cfg_get_vlan(0, "%s.output.vlan", pfx);
3293 VLOG_ERR("%s: neither %s.output.port nor %s.output.vlan specified, "
3294 "but exactly one is required; disabling port mirror %s",
3295 pfx, pfx, pfx, pfx);
3301 /* Get all the ports, and drop duplicates and ports that don't exist. */
3302 svec_init(&src_ports);
3303 svec_init(&dst_ports);
3305 cfg_get_all_keys(&src_ports, "%s.select.src-port", pfx);
3306 cfg_get_all_keys(&dst_ports, "%s.select.dst-port", pfx);
3307 cfg_get_all_keys(&ports, "%s.select.port", pfx);
3308 svec_append(&src_ports, &ports);
3309 svec_append(&dst_ports, &ports);
3310 svec_destroy(&ports);
3311 prune_ports(m, &src_ports);
3312 prune_ports(m, &dst_ports);
3314 /* Get all the vlans, and drop duplicate and invalid vlans. */
3315 svec_init(&vlan_strings);
3316 cfg_get_all_keys(&vlan_strings, "%s.select.vlan", pfx);
3317 n_vlans = prune_vlans(m, &vlan_strings, &vlans);
3318 svec_destroy(&vlan_strings);
3320 /* Update mirror data. */
3321 if (!svec_equal(&m->src_ports, &src_ports)
3322 || !svec_equal(&m->dst_ports, &dst_ports)
3323 || m->n_vlans != n_vlans
3324 || memcmp(m->vlans, vlans, sizeof *vlans * n_vlans)
3325 || m->out_port != out_port
3326 || m->out_vlan != out_vlan) {
3327 bridge_flush(m->bridge);
3329 svec_swap(&m->src_ports, &src_ports);
3330 svec_swap(&m->dst_ports, &dst_ports);
3333 m->n_vlans = n_vlans;
3334 m->out_port = out_port;
3335 m->out_vlan = out_vlan;
3337 /* If no selection criteria have been given, mirror for all ports. */
3338 mirror_all_ports = (!m->src_ports.n) && (!m->dst_ports.n) && (!m->n_vlans);
3341 mirror_bit = MIRROR_MASK_C(1) << m->idx;
3342 for (i = 0; i < m->bridge->n_ports; i++) {
3343 struct port *port = m->bridge->ports[i];
3345 if (mirror_all_ports
3346 || svec_contains(&m->src_ports, port->name)
3349 ? port_trunks_any_mirrored_vlan(m, port)
3350 : vlan_is_mirrored(m, port->vlan)))) {
3351 port->src_mirrors |= mirror_bit;
3353 port->src_mirrors &= ~mirror_bit;
3356 if (mirror_all_ports || svec_contains(&m->dst_ports, port->name)) {
3357 port->dst_mirrors |= mirror_bit;
3359 port->dst_mirrors &= ~mirror_bit;
3364 svec_destroy(&src_ports);
3365 svec_destroy(&dst_ports);
3369 /* Spanning tree protocol. */
3371 static void brstp_update_port_state(struct port *);
3374 brstp_send_bpdu(struct ofpbuf *pkt, int port_no, void *br_)
3376 struct bridge *br = br_;
3377 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
3378 struct iface *iface = iface_from_dp_ifidx(br, port_no);
3380 VLOG_WARN_RL(&rl, "%s: cannot send BPDU on unknown port %d",
3382 } else if (eth_addr_is_zero(iface->mac)) {
3383 VLOG_WARN_RL(&rl, "%s: cannot send BPDU on port %d with unknown MAC",
3386 union ofp_action action;
3387 struct eth_header *eth = pkt->l2;
3390 memcpy(eth->eth_src, iface->mac, ETH_ADDR_LEN);
3392 memset(&action, 0, sizeof action);
3393 action.type = htons(OFPAT_OUTPUT);
3394 action.output.len = htons(sizeof action);
3395 action.output.port = htons(port_no);
3397 flow_extract(pkt, ODPP_NONE, &flow);
3398 ofproto_send_packet(br->ofproto, &flow, &action, 1, pkt);
3404 brstp_reconfigure(struct bridge *br)
3408 if (!cfg_get_bool(0, "stp.%s.enabled", br->name)) {
3410 stp_destroy(br->stp);
3416 uint64_t bridge_address, bridge_id;
3417 int bridge_priority;
3419 bridge_address = cfg_get_mac(0, "stp.%s.address", br->name);
3420 if (!bridge_address) {
3422 bridge_address = (stp_get_bridge_id(br->stp)
3423 & ((UINT64_C(1) << 48) - 1));
3425 uint8_t mac[ETH_ADDR_LEN];
3426 eth_addr_random(mac);
3427 bridge_address = eth_addr_to_uint64(mac);
3431 if (cfg_is_valid(CFG_INT | CFG_REQUIRED, "stp.%s.priority",
3433 bridge_priority = cfg_get_int(0, "stp.%s.priority", br->name);
3435 bridge_priority = STP_DEFAULT_BRIDGE_PRIORITY;
3438 bridge_id = bridge_address | ((uint64_t) bridge_priority << 48);
3440 br->stp = stp_create(br->name, bridge_id, brstp_send_bpdu, br);
3441 br->stp_last_tick = time_msec();
3444 if (bridge_id != stp_get_bridge_id(br->stp)) {
3445 stp_set_bridge_id(br->stp, bridge_id);
3450 for (i = 0; i < br->n_ports; i++) {
3451 struct port *p = br->ports[i];
3453 struct stp_port *sp;
3454 int path_cost, priority;
3460 dp_ifidx = p->ifaces[0]->dp_ifidx;
3461 if (dp_ifidx < 0 || dp_ifidx >= STP_MAX_PORTS) {
3465 sp = stp_get_port(br->stp, dp_ifidx);
3466 enable = (!cfg_is_valid(CFG_BOOL | CFG_REQUIRED,
3467 "stp.%s.port.%s.enabled",
3469 || cfg_get_bool(0, "stp.%s.port.%s.enabled",
3470 br->name, p->name));
3471 if (p->is_mirror_output_port) {
3474 if (enable != (stp_port_get_state(sp) != STP_DISABLED)) {
3475 bridge_flush(br); /* Might not be necessary. */
3477 stp_port_enable(sp);
3479 stp_port_disable(sp);
3483 path_cost = cfg_get_int(0, "stp.%s.port.%s.path-cost",
3485 stp_port_set_path_cost(sp, path_cost ? path_cost : 19 /* XXX */);
3487 priority = (cfg_is_valid(CFG_INT | CFG_REQUIRED,
3488 "stp.%s.port.%s.priority",
3490 ? cfg_get_int(0, "stp.%s.port.%s.priority",
3492 : STP_DEFAULT_PORT_PRIORITY);
3493 stp_port_set_priority(sp, priority);
3496 brstp_adjust_timers(br);
3498 for (i = 0; i < br->n_ports; i++) {
3499 brstp_update_port_state(br->ports[i]);
3504 brstp_update_port_state(struct port *p)
3506 struct bridge *br = p->bridge;
3507 enum stp_state state;
3509 /* Figure out new state. */
3510 state = STP_DISABLED;
3511 if (br->stp && p->n_ifaces > 0) {
3512 int dp_ifidx = p->ifaces[0]->dp_ifidx;
3513 if (dp_ifidx >= 0 && dp_ifidx < STP_MAX_PORTS) {
3514 state = stp_port_get_state(stp_get_port(br->stp, dp_ifidx));
3519 if (p->stp_state != state) {
3520 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(10, 10);
3521 VLOG_INFO_RL(&rl, "port %s: STP state changed from %s to %s",
3522 p->name, stp_state_name(p->stp_state),
3523 stp_state_name(state));
3524 if (p->stp_state == STP_DISABLED) {
3527 ofproto_revalidate(p->bridge->ofproto, p->stp_state_tag);
3529 p->stp_state = state;
3530 p->stp_state_tag = (p->stp_state == STP_DISABLED ? 0
3531 : tag_create_random());
3536 brstp_adjust_timers(struct bridge *br)
3538 int hello_time = cfg_get_int(0, "stp.%s.hello-time", br->name);
3539 int max_age = cfg_get_int(0, "stp.%s.max-age", br->name);
3540 int forward_delay = cfg_get_int(0, "stp.%s.forward-delay", br->name);
3542 stp_set_hello_time(br->stp, hello_time ? hello_time : 2000);
3543 stp_set_max_age(br->stp, max_age ? max_age : 20000);
3544 stp_set_forward_delay(br->stp, forward_delay ? forward_delay : 15000);
3548 brstp_run(struct bridge *br)
3551 long long int now = time_msec();
3552 long long int elapsed = now - br->stp_last_tick;
3553 struct stp_port *sp;
3556 stp_tick(br->stp, MIN(INT_MAX, elapsed));
3557 br->stp_last_tick = now;
3559 while (stp_get_changed_port(br->stp, &sp)) {
3560 struct port *p = port_from_dp_ifidx(br, stp_port_no(sp));
3562 brstp_update_port_state(p);
3569 brstp_wait(struct bridge *br)
3572 poll_timer_wait(1000);
git://git.onelab.eu / sliver-openvswitch.git / blob