1 /* Copyright (c) 2008, 2009, 2010 Nicira Networks
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
18 #include "byte-order.h"
21 #include <arpa/inet.h>
24 #include <sys/socket.h>
26 #include <openflow/openflow.h>
31 #include <sys/socket.h>
32 #include <sys/types.h>
36 #include "classifier.h"
40 #include "dynamic-string.h"
46 #include "mac-learning.h"
49 #include "ofp-print.h"
51 #include "ofproto/netflow.h"
52 #include "ofproto/ofproto.h"
53 #include "ovsdb-data.h"
55 #include "poll-loop.h"
56 #include "proc-net-compat.h"
60 #include "socket-util.h"
61 #include "stream-ssl.h"
63 #include "system-stats.h"
68 #include "vswitchd/vswitch-idl.h"
69 #include "xenserver.h"
71 #include "sflow_api.h"
73 VLOG_DEFINE_THIS_MODULE(bridge);
81 /* These members are always valid. */
82 struct port *port; /* Containing port. */
83 size_t port_ifidx; /* Index within containing port. */
84 char *name; /* Host network device name. */
85 tag_type tag; /* Tag associated with this interface. */
86 long long delay_expires; /* Time after which 'enabled' may change. */
88 /* These members are valid only after bridge_reconfigure() causes them to
90 struct hmap_node dp_ifidx_node; /* In struct bridge's "ifaces" hmap. */
91 int dp_ifidx; /* Index within kernel datapath. */
92 struct netdev *netdev; /* Network device. */
93 bool enabled; /* May be chosen for flows? */
94 const char *type; /* Usually same as cfg->type. */
95 struct cfm *cfm; /* Connectivity Fault Management */
96 const struct ovsrec_interface *cfg;
99 #define BOND_MASK 0xff
101 int iface_idx; /* Index of assigned iface, or -1 if none. */
102 uint64_t tx_bytes; /* Count of bytes recently transmitted. */
103 tag_type iface_tag; /* Tag associated with iface_idx. */
106 #define MAX_MIRRORS 32
107 typedef uint32_t mirror_mask_t;
108 #define MIRROR_MASK_C(X) UINT32_C(X)
109 BUILD_ASSERT_DECL(sizeof(mirror_mask_t) * CHAR_BIT >= MAX_MIRRORS);
111 struct bridge *bridge;
114 struct uuid uuid; /* UUID of this "mirror" record in database. */
116 /* Selection criteria. */
117 struct shash src_ports; /* Name is port name; data is always NULL. */
118 struct shash dst_ports; /* Name is port name; data is always NULL. */
123 struct port *out_port;
127 #define FLOOD_PORT ((struct port *) 1) /* The 'flood' output port. */
129 struct bridge *bridge;
131 int vlan; /* -1=trunk port, else a 12-bit VLAN ID. */
132 unsigned long *trunks; /* Bitmap of trunked VLANs, if 'vlan' == -1.
133 * NULL if all VLANs are trunked. */
134 const struct ovsrec_port *cfg;
137 /* An ordinary bridge port has 1 interface.
138 * A bridge port for bonding has at least 2 interfaces. */
139 struct iface **ifaces;
140 size_t n_ifaces, allocated_ifaces;
143 struct bond_entry *bond_hash; /* An array of (BOND_MASK + 1) elements. */
144 int active_iface; /* Ifidx on which bcasts accepted, or -1. */
145 tag_type active_iface_tag; /* Tag for bcast flows. */
146 tag_type no_ifaces_tag; /* Tag for flows when all ifaces disabled. */
147 int updelay, downdelay; /* Delay before iface goes up/down, in ms. */
148 bool bond_compat_is_stale; /* Need to call port_update_bond_compat()? */
149 bool bond_fake_iface; /* Fake a bond interface for legacy compat? */
150 long long int bond_next_fake_iface_update; /* Time of next update. */
151 int bond_rebalance_interval; /* Interval between rebalances, in ms. */
152 long long int bond_next_rebalance; /* Next rebalancing time. */
153 struct netdev_monitor *monitor; /* Tracks carrier up/down status. */
155 /* Port mirroring info. */
156 mirror_mask_t src_mirrors; /* Mirrors triggered when packet received. */
157 mirror_mask_t dst_mirrors; /* Mirrors triggered when packet sent. */
158 bool is_mirror_output_port; /* Does port mirroring send frames here? */
161 #define DP_MAX_PORTS 255
163 struct list node; /* Node in global list of bridges. */
164 char *name; /* User-specified arbitrary name. */
165 struct mac_learning *ml; /* MAC learning table. */
166 uint8_t default_ea[ETH_ADDR_LEN]; /* Default MAC. */
167 const struct ovsrec_bridge *cfg;
169 /* OpenFlow switch processing. */
170 struct ofproto *ofproto; /* OpenFlow switch. */
172 /* Kernel datapath information. */
173 struct dpif *dpif; /* Datapath. */
174 struct hmap ifaces; /* Contains "struct iface"s. */
178 size_t n_ports, allocated_ports;
179 struct shash iface_by_name; /* "struct iface"s indexed by name. */
180 struct shash port_by_name; /* "struct port"s indexed by name. */
183 bool has_bonded_ports;
188 /* Port mirroring. */
189 struct mirror *mirrors[MAX_MIRRORS];
192 /* List of all bridges. */
193 static struct list all_bridges = LIST_INITIALIZER(&all_bridges);
195 /* OVSDB IDL used to obtain configuration. */
196 static struct ovsdb_idl *idl;
198 /* Each time this timer expires, the bridge fetches systems and interface
199 * statistics and pushes them into the database. */
200 #define STATS_INTERVAL (5 * 1000) /* In milliseconds. */
201 static long long int stats_timer = LLONG_MIN;
203 static struct bridge *bridge_create(const struct ovsrec_bridge *br_cfg);
204 static void bridge_destroy(struct bridge *);
205 static struct bridge *bridge_lookup(const char *name);
206 static unixctl_cb_func bridge_unixctl_dump_flows;
207 static unixctl_cb_func bridge_unixctl_reconnect;
208 static int bridge_run_one(struct bridge *);
209 static size_t bridge_get_controllers(const struct bridge *br,
210 struct ovsrec_controller ***controllersp);
211 static void bridge_reconfigure_one(struct bridge *);
212 static void bridge_reconfigure_remotes(struct bridge *,
213 const struct sockaddr_in *managers,
215 static void bridge_get_all_ifaces(const struct bridge *, struct shash *ifaces);
216 static void bridge_fetch_dp_ifaces(struct bridge *);
217 static void bridge_flush(struct bridge *);
218 static void bridge_pick_local_hw_addr(struct bridge *,
219 uint8_t ea[ETH_ADDR_LEN],
220 struct iface **hw_addr_iface);
221 static uint64_t bridge_pick_datapath_id(struct bridge *,
222 const uint8_t bridge_ea[ETH_ADDR_LEN],
223 struct iface *hw_addr_iface);
224 static struct iface *bridge_get_local_iface(struct bridge *);
225 static uint64_t dpid_from_hash(const void *, size_t nbytes);
227 static unixctl_cb_func bridge_unixctl_fdb_show;
229 static void bond_init(void);
230 static void bond_run(struct bridge *);
231 static void bond_wait(struct bridge *);
232 static void bond_rebalance_port(struct port *);
233 static void bond_send_learning_packets(struct port *);
234 static void bond_enable_slave(struct iface *iface, bool enable);
236 static struct port *port_create(struct bridge *, const char *name);
237 static void port_reconfigure(struct port *, const struct ovsrec_port *);
238 static void port_del_ifaces(struct port *, const struct ovsrec_port *);
239 static void port_destroy(struct port *);
240 static struct port *port_lookup(const struct bridge *, const char *name);
241 static struct iface *port_lookup_iface(const struct port *, const char *name);
242 static struct port *port_from_dp_ifidx(const struct bridge *,
244 static void port_update_bond_compat(struct port *);
245 static void port_update_vlan_compat(struct port *);
246 static void port_update_bonding(struct port *);
248 static void mirror_create(struct bridge *, struct ovsrec_mirror *);
249 static void mirror_destroy(struct mirror *);
250 static void mirror_reconfigure(struct bridge *);
251 static void mirror_reconfigure_one(struct mirror *, struct ovsrec_mirror *);
252 static bool vlan_is_mirrored(const struct mirror *, int vlan);
254 static struct iface *iface_create(struct port *port,
255 const struct ovsrec_interface *if_cfg);
256 static void iface_destroy(struct iface *);
257 static struct iface *iface_lookup(const struct bridge *, const char *name);
258 static struct iface *iface_from_dp_ifidx(const struct bridge *,
260 static void iface_set_mac(struct iface *);
261 static void iface_set_ofport(const struct ovsrec_interface *, int64_t ofport);
262 static void iface_update_qos(struct iface *, const struct ovsrec_qos *);
263 static void iface_update_cfm(struct iface *);
264 static void iface_refresh_cfm_stats(struct iface *iface);
265 static void iface_send_packet(struct iface *, struct ofpbuf *packet);
267 static void shash_from_ovs_idl_map(char **keys, char **values, size_t n,
270 /* Hooks into ofproto processing. */
271 static struct ofhooks bridge_ofhooks;
273 /* Public functions. */
275 /* Initializes the bridge module, configuring it to obtain its configuration
276 * from an OVSDB server accessed over 'remote', which should be a string in a
277 * form acceptable to ovsdb_idl_create(). */
279 bridge_init(const char *remote)
281 /* Create connection to database. */
282 idl = ovsdb_idl_create(remote, &ovsrec_idl_class, true);
284 ovsdb_idl_omit_alert(idl, &ovsrec_open_vswitch_col_cur_cfg);
285 ovsdb_idl_omit_alert(idl, &ovsrec_open_vswitch_col_statistics);
286 ovsdb_idl_omit(idl, &ovsrec_open_vswitch_col_external_ids);
288 ovsdb_idl_omit(idl, &ovsrec_bridge_col_external_ids);
290 ovsdb_idl_omit(idl, &ovsrec_port_col_external_ids);
291 ovsdb_idl_omit(idl, &ovsrec_port_col_fake_bridge);
293 ovsdb_idl_omit_alert(idl, &ovsrec_interface_col_ofport);
294 ovsdb_idl_omit_alert(idl, &ovsrec_interface_col_statistics);
295 ovsdb_idl_omit(idl, &ovsrec_interface_col_external_ids);
297 /* Register unixctl commands. */
298 unixctl_command_register("fdb/show", bridge_unixctl_fdb_show, NULL);
299 unixctl_command_register("bridge/dump-flows", bridge_unixctl_dump_flows,
301 unixctl_command_register("bridge/reconnect", bridge_unixctl_reconnect,
306 /* Performs configuration that is only necessary once at ovs-vswitchd startup,
307 * but for which the ovs-vswitchd configuration 'cfg' is required. */
309 bridge_configure_once(const struct ovsrec_open_vswitch *cfg)
311 static bool already_configured_once;
312 struct svec bridge_names;
313 struct svec dpif_names, dpif_types;
316 /* Only do this once per ovs-vswitchd run. */
317 if (already_configured_once) {
320 already_configured_once = true;
322 stats_timer = time_msec() + STATS_INTERVAL;
324 /* Get all the configured bridges' names from 'cfg' into 'bridge_names'. */
325 svec_init(&bridge_names);
326 for (i = 0; i < cfg->n_bridges; i++) {
327 svec_add(&bridge_names, cfg->bridges[i]->name);
329 svec_sort(&bridge_names);
331 /* Iterate over all system dpifs and delete any of them that do not appear
333 svec_init(&dpif_names);
334 svec_init(&dpif_types);
335 dp_enumerate_types(&dpif_types);
336 for (i = 0; i < dpif_types.n; i++) {
341 dp_enumerate_names(dpif_types.names[i], &dpif_names);
343 /* For each dpif... */
344 for (j = 0; j < dpif_names.n; j++) {
345 retval = dpif_open(dpif_names.names[j], dpif_types.names[i], &dpif);
347 struct svec all_names;
350 /* ...check whether any of its names is in 'bridge_names'. */
351 svec_init(&all_names);
352 dpif_get_all_names(dpif, &all_names);
353 for (k = 0; k < all_names.n; k++) {
354 if (svec_contains(&bridge_names, all_names.names[k])) {
359 /* No. Delete the dpif. */
363 svec_destroy(&all_names);
368 svec_destroy(&bridge_names);
369 svec_destroy(&dpif_names);
370 svec_destroy(&dpif_types);
373 /* Initializes 'options' and fills it with the options for 'if_cfg'. Merges
374 * keys from "options" and "other_config", preferring "options" keys over
375 * "other_config" keys.
377 * The value strings in '*options' are taken directly from if_cfg, not copied,
378 * so the caller should not modify or free them. */
380 iface_get_options(const struct ovsrec_interface *if_cfg, struct shash *options)
384 shash_from_ovs_idl_map(if_cfg->key_options, if_cfg->value_options,
385 if_cfg->n_options, options);
387 for (i = 0; i < if_cfg->n_other_config; i++) {
388 char *key = if_cfg->key_other_config[i];
389 char *value = if_cfg->value_other_config[i];
391 if (!shash_find_data(options, key)) {
392 shash_add(options, key, value);
394 VLOG_WARN("%s: ignoring \"other_config\" key %s that conflicts "
395 "with \"options\" key %s", if_cfg->name, key, key);
400 /* Returns the type of network device that 'iface' should have. (This is
401 * ordinarily the same type as the interface, but the network devices for
402 * "internal" ports have type "system".) */
404 iface_get_netdev_type(const struct iface *iface)
406 return !strcmp(iface->type, "internal") ? "system" : iface->type;
409 /* Attempt to create the network device for 'iface' through the netdev
412 create_iface_netdev(struct iface *iface)
414 struct netdev_options netdev_options;
415 struct shash options;
418 memset(&netdev_options, 0, sizeof netdev_options);
419 netdev_options.name = iface->cfg->name;
420 netdev_options.type = iface_get_netdev_type(iface);
421 netdev_options.args = &options;
422 netdev_options.ethertype = NETDEV_ETH_TYPE_NONE;
424 iface_get_options(iface->cfg, &options);
426 error = netdev_open(&netdev_options, &iface->netdev);
429 iface->enabled = netdev_get_carrier(iface->netdev);
432 shash_destroy(&options);
438 reconfigure_iface_netdev(struct iface *iface)
440 const char *netdev_type, *iface_type;
441 struct shash options;
444 /* Skip reconfiguration if the device has the wrong type. This shouldn't
446 iface_type = iface_get_netdev_type(iface);
447 netdev_type = netdev_get_type(iface->netdev);
448 if (iface_type && strcmp(netdev_type, iface_type)) {
449 VLOG_WARN("%s: attempting change device type from %s to %s",
450 iface->cfg->name, netdev_type, iface_type);
454 /* Reconfigure device. */
455 iface_get_options(iface->cfg, &options);
456 error = netdev_reconfigure(iface->netdev, &options);
457 shash_destroy(&options);
462 /* Callback for iterate_and_prune_ifaces(). */
464 check_iface(struct bridge *br, struct iface *iface, void *aux OVS_UNUSED)
466 if (!iface->netdev) {
467 /* We already reported a related error, don't bother duplicating it. */
471 if (iface->dp_ifidx < 0) {
472 VLOG_ERR("%s interface not in %s, dropping",
473 iface->name, dpif_name(br->dpif));
477 VLOG_DBG("%s has interface %s on port %d", dpif_name(br->dpif),
478 iface->name, iface->dp_ifidx);
482 /* Callback for iterate_and_prune_ifaces(). */
484 set_iface_properties(struct bridge *br OVS_UNUSED, struct iface *iface,
485 void *aux OVS_UNUSED)
487 /* Set policing attributes. */
488 netdev_set_policing(iface->netdev,
489 iface->cfg->ingress_policing_rate,
490 iface->cfg->ingress_policing_burst);
492 /* Set MAC address of internal interfaces other than the local
494 if (iface->dp_ifidx != ODPP_LOCAL && !strcmp(iface->type, "internal")) {
495 iface_set_mac(iface);
501 /* Calls 'cb' for each interfaces in 'br', passing along the 'aux' argument.
502 * Deletes from 'br' all the interfaces for which 'cb' returns false, and then
503 * deletes from 'br' any ports that no longer have any interfaces. */
505 iterate_and_prune_ifaces(struct bridge *br,
506 bool (*cb)(struct bridge *, struct iface *,
512 for (i = 0; i < br->n_ports; ) {
513 struct port *port = br->ports[i];
514 for (j = 0; j < port->n_ifaces; ) {
515 struct iface *iface = port->ifaces[j];
516 if (cb(br, iface, aux)) {
519 iface_set_ofport(iface->cfg, -1);
520 iface_destroy(iface);
524 if (port->n_ifaces) {
527 VLOG_ERR("%s port has no interfaces, dropping", port->name);
533 /* Looks at the list of managers in 'ovs_cfg' and extracts their remote IP
534 * addresses and ports into '*managersp' and '*n_managersp'. The caller is
535 * responsible for freeing '*managersp' (with free()).
537 * You may be asking yourself "why does ovs-vswitchd care?", because
538 * ovsdb-server is responsible for connecting to the managers, and ovs-vswitchd
539 * should not be and in fact is not directly involved in that. But
540 * ovs-vswitchd needs to make sure that ovsdb-server can reach the managers, so
541 * it has to tell in-band control where the managers are to enable that.
542 * (Thus, only managers connected in-band are collected.)
545 collect_in_band_managers(const struct ovsrec_open_vswitch *ovs_cfg,
546 struct sockaddr_in **managersp, size_t *n_managersp)
548 struct sockaddr_in *managers = NULL;
549 size_t n_managers = 0;
550 struct shash targets;
553 /* Collect all of the potential targets, as the union of the "managers"
554 * column and the "targets" columns of the rows pointed to by
555 * "manager_options", excluding any that are out-of-band. */
556 shash_init(&targets);
557 for (i = 0; i < ovs_cfg->n_managers; i++) {
558 shash_add_once(&targets, ovs_cfg->managers[i], NULL);
560 for (i = 0; i < ovs_cfg->n_manager_options; i++) {
561 struct ovsrec_manager *m = ovs_cfg->manager_options[i];
563 if (m->connection_mode && !strcmp(m->connection_mode, "out-of-band")) {
564 shash_find_and_delete(&targets, m->target);
566 shash_add_once(&targets, m->target, NULL);
570 /* Now extract the targets' IP addresses. */
571 if (!shash_is_empty(&targets)) {
572 struct shash_node *node;
574 managers = xmalloc(shash_count(&targets) * sizeof *managers);
575 SHASH_FOR_EACH (node, &targets) {
576 const char *target = node->name;
577 struct sockaddr_in *sin = &managers[n_managers];
579 if ((!strncmp(target, "tcp:", 4)
580 && inet_parse_active(target + 4, JSONRPC_TCP_PORT, sin)) ||
581 (!strncmp(target, "ssl:", 4)
582 && inet_parse_active(target + 4, JSONRPC_SSL_PORT, sin))) {
587 shash_destroy(&targets);
589 *managersp = managers;
590 *n_managersp = n_managers;
594 bridge_reconfigure(const struct ovsrec_open_vswitch *ovs_cfg)
596 struct shash old_br, new_br;
597 struct shash_node *node;
598 struct bridge *br, *next;
599 struct sockaddr_in *managers;
602 int sflow_bridge_number;
604 COVERAGE_INC(bridge_reconfigure);
606 collect_in_band_managers(ovs_cfg, &managers, &n_managers);
608 /* Collect old and new bridges. */
611 LIST_FOR_EACH (br, node, &all_bridges) {
612 shash_add(&old_br, br->name, br);
614 for (i = 0; i < ovs_cfg->n_bridges; i++) {
615 const struct ovsrec_bridge *br_cfg = ovs_cfg->bridges[i];
616 if (!shash_add_once(&new_br, br_cfg->name, br_cfg)) {
617 VLOG_WARN("more than one bridge named %s", br_cfg->name);
621 /* Get rid of deleted bridges and add new bridges. */
622 LIST_FOR_EACH_SAFE (br, next, node, &all_bridges) {
623 struct ovsrec_bridge *br_cfg = shash_find_data(&new_br, br->name);
630 SHASH_FOR_EACH (node, &new_br) {
631 const char *br_name = node->name;
632 const struct ovsrec_bridge *br_cfg = node->data;
633 br = shash_find_data(&old_br, br_name);
635 /* If the bridge datapath type has changed, we need to tear it
636 * down and recreate. */
637 if (strcmp(br->cfg->datapath_type, br_cfg->datapath_type)) {
639 bridge_create(br_cfg);
642 bridge_create(br_cfg);
645 shash_destroy(&old_br);
646 shash_destroy(&new_br);
648 /* Reconfigure all bridges. */
649 LIST_FOR_EACH (br, node, &all_bridges) {
650 bridge_reconfigure_one(br);
653 /* Add and delete ports on all datapaths.
655 * The kernel will reject any attempt to add a given port to a datapath if
656 * that port already belongs to a different datapath, so we must do all
657 * port deletions before any port additions. */
658 LIST_FOR_EACH (br, node, &all_bridges) {
659 struct odp_port *dpif_ports;
661 struct shash want_ifaces;
663 dpif_port_list(br->dpif, &dpif_ports, &n_dpif_ports);
664 bridge_get_all_ifaces(br, &want_ifaces);
665 for (i = 0; i < n_dpif_ports; i++) {
666 const struct odp_port *p = &dpif_ports[i];
667 if (!shash_find(&want_ifaces, p->devname)
668 && strcmp(p->devname, br->name)) {
669 int retval = dpif_port_del(br->dpif, p->port);
671 VLOG_ERR("failed to remove %s interface from %s: %s",
672 p->devname, dpif_name(br->dpif),
677 shash_destroy(&want_ifaces);
680 LIST_FOR_EACH (br, node, &all_bridges) {
681 struct odp_port *dpif_ports;
683 struct shash cur_ifaces, want_ifaces;
685 /* Get the set of interfaces currently in this datapath. */
686 dpif_port_list(br->dpif, &dpif_ports, &n_dpif_ports);
687 shash_init(&cur_ifaces);
688 for (i = 0; i < n_dpif_ports; i++) {
689 const char *name = dpif_ports[i].devname;
690 shash_add_once(&cur_ifaces, name, &dpif_ports[i]);
693 /* Get the set of interfaces we want on this datapath. */
694 bridge_get_all_ifaces(br, &want_ifaces);
696 hmap_clear(&br->ifaces);
697 SHASH_FOR_EACH (node, &want_ifaces) {
698 const char *if_name = node->name;
699 struct iface *iface = node->data;
700 bool internal = !iface || !strcmp(iface->type, "internal");
701 struct odp_port *dpif_port = shash_find_data(&cur_ifaces, if_name);
704 /* If we have a port or a netdev already, and it's not the type we
705 * want, then delete the port (if any) and close the netdev (if
708 ? dpif_port && !(dpif_port->flags & ODP_PORT_INTERNAL)
710 && strcmp(iface->type, netdev_get_type(iface->netdev))))
713 error = ofproto_port_del(br->ofproto, dpif_port->port);
720 netdev_close(iface->netdev);
721 iface->netdev = NULL;
725 /* If it's not an internal port, open (possibly create) the
728 if (!iface->netdev) {
729 error = create_iface_netdev(iface);
731 VLOG_WARN("could not create iface %s: %s", iface->name,
736 reconfigure_iface_netdev(iface);
740 /* If it's not part of the datapath, add it. */
742 error = dpif_port_add(br->dpif, if_name,
743 internal ? ODP_PORT_INTERNAL : 0, NULL);
744 if (error == EFBIG) {
745 VLOG_ERR("ran out of valid port numbers on %s",
746 dpif_name(br->dpif));
749 VLOG_ERR("failed to add %s interface to %s: %s",
750 if_name, dpif_name(br->dpif), strerror(error));
755 /* If it's an internal port, open the netdev. */
757 if (iface && !iface->netdev) {
758 error = create_iface_netdev(iface);
760 VLOG_WARN("could not create iface %s: %s", iface->name,
766 assert(iface->netdev != NULL);
770 shash_destroy(&cur_ifaces);
771 shash_destroy(&want_ifaces);
773 sflow_bridge_number = 0;
774 LIST_FOR_EACH (br, node, &all_bridges) {
777 struct iface *local_iface;
778 struct iface *hw_addr_iface;
781 bridge_fetch_dp_ifaces(br);
783 iterate_and_prune_ifaces(br, check_iface, NULL);
785 /* Pick local port hardware address, datapath ID. */
786 bridge_pick_local_hw_addr(br, ea, &hw_addr_iface);
787 local_iface = bridge_get_local_iface(br);
789 int error = netdev_set_etheraddr(local_iface->netdev, ea);
791 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
792 VLOG_ERR_RL(&rl, "bridge %s: failed to set bridge "
793 "Ethernet address: %s",
794 br->name, strerror(error));
798 dpid = bridge_pick_datapath_id(br, ea, hw_addr_iface);
799 ofproto_set_datapath_id(br->ofproto, dpid);
801 dpid_string = xasprintf("%016"PRIx64, dpid);
802 ovsrec_bridge_set_datapath_id(br->cfg, dpid_string);
805 /* Set NetFlow configuration on this bridge. */
806 if (br->cfg->netflow) {
807 struct ovsrec_netflow *nf_cfg = br->cfg->netflow;
808 struct netflow_options opts;
810 memset(&opts, 0, sizeof opts);
812 dpif_get_netflow_ids(br->dpif, &opts.engine_type, &opts.engine_id);
813 if (nf_cfg->engine_type) {
814 opts.engine_type = *nf_cfg->engine_type;
816 if (nf_cfg->engine_id) {
817 opts.engine_id = *nf_cfg->engine_id;
820 opts.active_timeout = nf_cfg->active_timeout;
821 if (!opts.active_timeout) {
822 opts.active_timeout = -1;
823 } else if (opts.active_timeout < 0) {
824 VLOG_WARN("bridge %s: active timeout interval set to negative "
825 "value, using default instead (%d seconds)", br->name,
826 NF_ACTIVE_TIMEOUT_DEFAULT);
827 opts.active_timeout = -1;
830 opts.add_id_to_iface = nf_cfg->add_id_to_interface;
831 if (opts.add_id_to_iface) {
832 if (opts.engine_id > 0x7f) {
833 VLOG_WARN("bridge %s: netflow port mangling may conflict "
834 "with another vswitch, choose an engine id less "
835 "than 128", br->name);
837 if (br->n_ports > 508) {
838 VLOG_WARN("bridge %s: netflow port mangling will conflict "
839 "with another port when more than 508 ports are "
844 opts.collectors.n = nf_cfg->n_targets;
845 opts.collectors.names = nf_cfg->targets;
846 if (ofproto_set_netflow(br->ofproto, &opts)) {
847 VLOG_ERR("bridge %s: problem setting netflow collectors",
851 ofproto_set_netflow(br->ofproto, NULL);
854 /* Set sFlow configuration on this bridge. */
855 if (br->cfg->sflow) {
856 const struct ovsrec_sflow *sflow_cfg = br->cfg->sflow;
857 struct ovsrec_controller **controllers;
858 struct ofproto_sflow_options oso;
859 size_t n_controllers;
861 memset(&oso, 0, sizeof oso);
863 oso.targets.n = sflow_cfg->n_targets;
864 oso.targets.names = sflow_cfg->targets;
866 oso.sampling_rate = SFL_DEFAULT_SAMPLING_RATE;
867 if (sflow_cfg->sampling) {
868 oso.sampling_rate = *sflow_cfg->sampling;
871 oso.polling_interval = SFL_DEFAULT_POLLING_INTERVAL;
872 if (sflow_cfg->polling) {
873 oso.polling_interval = *sflow_cfg->polling;
876 oso.header_len = SFL_DEFAULT_HEADER_SIZE;
877 if (sflow_cfg->header) {
878 oso.header_len = *sflow_cfg->header;
881 oso.sub_id = sflow_bridge_number++;
882 oso.agent_device = sflow_cfg->agent;
884 oso.control_ip = NULL;
885 n_controllers = bridge_get_controllers(br, &controllers);
886 for (i = 0; i < n_controllers; i++) {
887 if (controllers[i]->local_ip) {
888 oso.control_ip = controllers[i]->local_ip;
892 ofproto_set_sflow(br->ofproto, &oso);
894 /* Do not destroy oso.targets because it is owned by sflow_cfg. */
896 ofproto_set_sflow(br->ofproto, NULL);
899 /* Update the controller and related settings. It would be more
900 * straightforward to call this from bridge_reconfigure_one(), but we
901 * can't do it there for two reasons. First, and most importantly, at
902 * that point we don't know the dp_ifidx of any interfaces that have
903 * been added to the bridge (because we haven't actually added them to
904 * the datapath). Second, at that point we haven't set the datapath ID
905 * yet; when a controller is configured, resetting the datapath ID will
906 * immediately disconnect from the controller, so it's better to set
907 * the datapath ID before the controller. */
908 bridge_reconfigure_remotes(br, managers, n_managers);
910 LIST_FOR_EACH (br, node, &all_bridges) {
911 for (i = 0; i < br->n_ports; i++) {
912 struct port *port = br->ports[i];
915 port_update_vlan_compat(port);
916 port_update_bonding(port);
918 for (j = 0; j < port->n_ifaces; j++) {
919 iface_update_qos(port->ifaces[j], port->cfg->qos);
923 LIST_FOR_EACH (br, node, &all_bridges) {
924 iterate_and_prune_ifaces(br, set_iface_properties, NULL);
927 LIST_FOR_EACH (br, node, &all_bridges) {
929 HMAP_FOR_EACH (iface, dp_ifidx_node, &br->ifaces) {
930 iface_update_cfm(iface);
938 get_ovsrec_key_value(const struct ovsdb_idl_row *row,
939 const struct ovsdb_idl_column *column,
942 const struct ovsdb_datum *datum;
943 union ovsdb_atom atom;
946 datum = ovsdb_idl_get(row, column, OVSDB_TYPE_STRING, OVSDB_TYPE_STRING);
947 atom.string = (char *) key;
948 idx = ovsdb_datum_find_key(datum, &atom, OVSDB_TYPE_STRING);
949 return idx == UINT_MAX ? NULL : datum->values[idx].string;
953 bridge_get_other_config(const struct ovsrec_bridge *br_cfg, const char *key)
955 return get_ovsrec_key_value(&br_cfg->header_,
956 &ovsrec_bridge_col_other_config, key);
960 bridge_pick_local_hw_addr(struct bridge *br, uint8_t ea[ETH_ADDR_LEN],
961 struct iface **hw_addr_iface)
967 *hw_addr_iface = NULL;
969 /* Did the user request a particular MAC? */
970 hwaddr = bridge_get_other_config(br->cfg, "hwaddr");
971 if (hwaddr && eth_addr_from_string(hwaddr, ea)) {
972 if (eth_addr_is_multicast(ea)) {
973 VLOG_ERR("bridge %s: cannot set MAC address to multicast "
974 "address "ETH_ADDR_FMT, br->name, ETH_ADDR_ARGS(ea));
975 } else if (eth_addr_is_zero(ea)) {
976 VLOG_ERR("bridge %s: cannot set MAC address to zero", br->name);
982 /* Otherwise choose the minimum non-local MAC address among all of the
984 memset(ea, 0xff, sizeof ea);
985 for (i = 0; i < br->n_ports; i++) {
986 struct port *port = br->ports[i];
987 uint8_t iface_ea[ETH_ADDR_LEN];
990 /* Mirror output ports don't participate. */
991 if (port->is_mirror_output_port) {
995 /* Choose the MAC address to represent the port. */
996 if (port->cfg->mac && eth_addr_from_string(port->cfg->mac, iface_ea)) {
997 /* Find the interface with this Ethernet address (if any) so that
998 * we can provide the correct devname to the caller. */
1000 for (j = 0; j < port->n_ifaces; j++) {
1001 struct iface *candidate = port->ifaces[j];
1002 uint8_t candidate_ea[ETH_ADDR_LEN];
1003 if (!netdev_get_etheraddr(candidate->netdev, candidate_ea)
1004 && eth_addr_equals(iface_ea, candidate_ea)) {
1009 /* Choose the interface whose MAC address will represent the port.
1010 * The Linux kernel bonding code always chooses the MAC address of
1011 * the first slave added to a bond, and the Fedora networking
1012 * scripts always add slaves to a bond in alphabetical order, so
1013 * for compatibility we choose the interface with the name that is
1014 * first in alphabetical order. */
1015 iface = port->ifaces[0];
1016 for (j = 1; j < port->n_ifaces; j++) {
1017 struct iface *candidate = port->ifaces[j];
1018 if (strcmp(candidate->name, iface->name) < 0) {
1023 /* The local port doesn't count (since we're trying to choose its
1024 * MAC address anyway). */
1025 if (iface->dp_ifidx == ODPP_LOCAL) {
1030 error = netdev_get_etheraddr(iface->netdev, iface_ea);
1032 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1033 VLOG_ERR_RL(&rl, "failed to obtain Ethernet address of %s: %s",
1034 iface->name, strerror(error));
1039 /* Compare against our current choice. */
1040 if (!eth_addr_is_multicast(iface_ea) &&
1041 !eth_addr_is_local(iface_ea) &&
1042 !eth_addr_is_reserved(iface_ea) &&
1043 !eth_addr_is_zero(iface_ea) &&
1044 memcmp(iface_ea, ea, ETH_ADDR_LEN) < 0)
1046 memcpy(ea, iface_ea, ETH_ADDR_LEN);
1047 *hw_addr_iface = iface;
1050 if (eth_addr_is_multicast(ea)) {
1051 memcpy(ea, br->default_ea, ETH_ADDR_LEN);
1052 *hw_addr_iface = NULL;
1053 VLOG_WARN("bridge %s: using default bridge Ethernet "
1054 "address "ETH_ADDR_FMT, br->name, ETH_ADDR_ARGS(ea));
1056 VLOG_DBG("bridge %s: using bridge Ethernet address "ETH_ADDR_FMT,
1057 br->name, ETH_ADDR_ARGS(ea));
1061 /* Choose and returns the datapath ID for bridge 'br' given that the bridge
1062 * Ethernet address is 'bridge_ea'. If 'bridge_ea' is the Ethernet address of
1063 * an interface on 'br', then that interface must be passed in as
1064 * 'hw_addr_iface'; if 'bridge_ea' was derived some other way, then
1065 * 'hw_addr_iface' must be passed in as a null pointer. */
1067 bridge_pick_datapath_id(struct bridge *br,
1068 const uint8_t bridge_ea[ETH_ADDR_LEN],
1069 struct iface *hw_addr_iface)
1072 * The procedure for choosing a bridge MAC address will, in the most
1073 * ordinary case, also choose a unique MAC that we can use as a datapath
1074 * ID. In some special cases, though, multiple bridges will end up with
1075 * the same MAC address. This is OK for the bridges, but it will confuse
1076 * the OpenFlow controller, because each datapath needs a unique datapath
1079 * Datapath IDs must be unique. It is also very desirable that they be
1080 * stable from one run to the next, so that policy set on a datapath
1083 const char *datapath_id;
1086 datapath_id = bridge_get_other_config(br->cfg, "datapath-id");
1087 if (datapath_id && dpid_from_string(datapath_id, &dpid)) {
1091 if (hw_addr_iface) {
1093 if (!netdev_get_vlan_vid(hw_addr_iface->netdev, &vlan)) {
1095 * A bridge whose MAC address is taken from a VLAN network device
1096 * (that is, a network device created with vconfig(8) or similar
1097 * tool) will have the same MAC address as a bridge on the VLAN
1098 * device's physical network device.
1100 * Handle this case by hashing the physical network device MAC
1101 * along with the VLAN identifier.
1103 uint8_t buf[ETH_ADDR_LEN + 2];
1104 memcpy(buf, bridge_ea, ETH_ADDR_LEN);
1105 buf[ETH_ADDR_LEN] = vlan >> 8;
1106 buf[ETH_ADDR_LEN + 1] = vlan;
1107 return dpid_from_hash(buf, sizeof buf);
1110 * Assume that this bridge's MAC address is unique, since it
1111 * doesn't fit any of the cases we handle specially.
1116 * A purely internal bridge, that is, one that has no non-virtual
1117 * network devices on it at all, is more difficult because it has no
1118 * natural unique identifier at all.
1120 * When the host is a XenServer, we handle this case by hashing the
1121 * host's UUID with the name of the bridge. Names of bridges are
1122 * persistent across XenServer reboots, although they can be reused if
1123 * an internal network is destroyed and then a new one is later
1124 * created, so this is fairly effective.
1126 * When the host is not a XenServer, we punt by using a random MAC
1127 * address on each run.
1129 const char *host_uuid = xenserver_get_host_uuid();
1131 char *combined = xasprintf("%s,%s", host_uuid, br->name);
1132 dpid = dpid_from_hash(combined, strlen(combined));
1138 return eth_addr_to_uint64(bridge_ea);
1142 dpid_from_hash(const void *data, size_t n)
1144 uint8_t hash[SHA1_DIGEST_SIZE];
1146 BUILD_ASSERT_DECL(sizeof hash >= ETH_ADDR_LEN);
1147 sha1_bytes(data, n, hash);
1148 eth_addr_mark_random(hash);
1149 return eth_addr_to_uint64(hash);
1153 iface_refresh_cfm_stats(struct iface *iface)
1157 const struct ovsrec_monitor *mon;
1159 mon = iface->cfg->monitor;
1166 for (i = 0; i < mon->n_remote_mps; i++) {
1167 const struct ovsrec_maintenance_point *mp;
1168 const struct remote_mp *rmp;
1170 mp = mon->remote_mps[i];
1171 rmp = cfm_get_remote_mp(cfm, mp->mpid);
1173 ovsrec_maintenance_point_set_fault(mp, &rmp->fault, 1);
1176 if (hmap_is_empty(&cfm->x_remote_mps)) {
1177 ovsrec_monitor_set_unexpected_remote_mpids(mon, NULL, 0);
1180 struct remote_mp *rmp;
1181 int64_t *x_remote_mps;
1183 length = hmap_count(&cfm->x_remote_mps);
1184 x_remote_mps = xzalloc(length * sizeof *x_remote_mps);
1187 HMAP_FOR_EACH (rmp, node, &cfm->x_remote_mps) {
1188 x_remote_mps[i++] = rmp->mpid;
1191 ovsrec_monitor_set_unexpected_remote_mpids(mon, x_remote_mps, length);
1195 if (hmap_is_empty(&cfm->x_remote_maids)) {
1196 ovsrec_monitor_set_unexpected_remote_maids(mon, NULL, 0);
1199 char **x_remote_maids;
1200 struct remote_maid *rmaid;
1202 length = hmap_count(&cfm->x_remote_maids);
1203 x_remote_maids = xzalloc(length * sizeof *x_remote_maids);
1206 HMAP_FOR_EACH (rmaid, node, &cfm->x_remote_maids) {
1209 x_remote_maids[i] = xzalloc(CCM_MAID_LEN * 2 + 1);
1211 for (j = 0; j < CCM_MAID_LEN; j++) {
1212 snprintf(&x_remote_maids[i][j * 2], 3, "%02hhx",
1217 ovsrec_monitor_set_unexpected_remote_maids(mon, x_remote_maids, length);
1219 for (i = 0; i < length; i++) {
1220 free(x_remote_maids[i]);
1222 free(x_remote_maids);
1225 ovsrec_monitor_set_fault(mon, &cfm->fault, 1);
1229 iface_refresh_stats(struct iface *iface)
1235 static const struct iface_stat iface_stats[] = {
1236 { "rx_packets", offsetof(struct netdev_stats, rx_packets) },
1237 { "tx_packets", offsetof(struct netdev_stats, tx_packets) },
1238 { "rx_bytes", offsetof(struct netdev_stats, rx_bytes) },
1239 { "tx_bytes", offsetof(struct netdev_stats, tx_bytes) },
1240 { "rx_dropped", offsetof(struct netdev_stats, rx_dropped) },
1241 { "tx_dropped", offsetof(struct netdev_stats, tx_dropped) },
1242 { "rx_errors", offsetof(struct netdev_stats, rx_errors) },
1243 { "tx_errors", offsetof(struct netdev_stats, tx_errors) },
1244 { "rx_frame_err", offsetof(struct netdev_stats, rx_frame_errors) },
1245 { "rx_over_err", offsetof(struct netdev_stats, rx_over_errors) },
1246 { "rx_crc_err", offsetof(struct netdev_stats, rx_crc_errors) },
1247 { "collisions", offsetof(struct netdev_stats, collisions) },
1249 enum { N_STATS = ARRAY_SIZE(iface_stats) };
1250 const struct iface_stat *s;
1252 char *keys[N_STATS];
1253 int64_t values[N_STATS];
1256 struct netdev_stats stats;
1258 /* Intentionally ignore return value, since errors will set 'stats' to
1259 * all-1s, and we will deal with that correctly below. */
1260 netdev_get_stats(iface->netdev, &stats);
1263 for (s = iface_stats; s < &iface_stats[N_STATS]; s++) {
1264 uint64_t value = *(uint64_t *) (((char *) &stats) + s->offset);
1265 if (value != UINT64_MAX) {
1272 ovsrec_interface_set_statistics(iface->cfg, keys, values, n);
1276 refresh_system_stats(const struct ovsrec_open_vswitch *cfg)
1278 struct ovsdb_datum datum;
1282 get_system_stats(&stats);
1284 ovsdb_datum_from_shash(&datum, &stats);
1285 ovsdb_idl_txn_write(&cfg->header_, &ovsrec_open_vswitch_col_statistics,
1292 const struct ovsrec_open_vswitch *cfg;
1294 bool datapath_destroyed;
1295 bool database_changed;
1298 /* Let each bridge do the work that it needs to do. */
1299 datapath_destroyed = false;
1300 LIST_FOR_EACH (br, node, &all_bridges) {
1301 int error = bridge_run_one(br);
1303 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1304 VLOG_ERR_RL(&rl, "bridge %s: datapath was destroyed externally, "
1305 "forcing reconfiguration", br->name);
1306 datapath_destroyed = true;
1310 /* (Re)configure if necessary. */
1311 database_changed = ovsdb_idl_run(idl);
1312 cfg = ovsrec_open_vswitch_first(idl);
1313 if (database_changed || datapath_destroyed) {
1315 struct ovsdb_idl_txn *txn = ovsdb_idl_txn_create(idl);
1317 bridge_configure_once(cfg);
1318 bridge_reconfigure(cfg);
1320 ovsrec_open_vswitch_set_cur_cfg(cfg, cfg->next_cfg);
1321 ovsdb_idl_txn_commit(txn);
1322 ovsdb_idl_txn_destroy(txn); /* XXX */
1324 /* We still need to reconfigure to avoid dangling pointers to
1325 * now-destroyed ovsrec structures inside bridge data. */
1326 static const struct ovsrec_open_vswitch null_cfg;
1328 bridge_reconfigure(&null_cfg);
1333 /* Re-configure SSL. We do this on every trip through the main loop,
1334 * instead of just when the database changes, because the contents of the
1335 * key and certificate files can change without the database changing. */
1336 if (cfg && cfg->ssl) {
1337 const struct ovsrec_ssl *ssl = cfg->ssl;
1339 stream_ssl_set_key_and_cert(ssl->private_key, ssl->certificate);
1340 stream_ssl_set_ca_cert_file(ssl->ca_cert, ssl->bootstrap_ca_cert);
1344 /* Refresh system and interface stats if necessary. */
1345 if (time_msec() >= stats_timer) {
1347 struct ovsdb_idl_txn *txn;
1349 txn = ovsdb_idl_txn_create(idl);
1350 LIST_FOR_EACH (br, node, &all_bridges) {
1353 for (i = 0; i < br->n_ports; i++) {
1354 struct port *port = br->ports[i];
1357 for (j = 0; j < port->n_ifaces; j++) {
1358 struct iface *iface = port->ifaces[j];
1359 iface_refresh_stats(iface);
1360 iface_refresh_cfm_stats(iface);
1364 refresh_system_stats(cfg);
1365 ovsdb_idl_txn_commit(txn);
1366 ovsdb_idl_txn_destroy(txn); /* XXX */
1369 stats_timer = time_msec() + STATS_INTERVAL;
1377 struct iface *iface;
1379 LIST_FOR_EACH (br, node, &all_bridges) {
1380 ofproto_wait(br->ofproto);
1381 if (ofproto_has_primary_controller(br->ofproto)) {
1385 mac_learning_wait(br->ml);
1388 HMAP_FOR_EACH (iface, dp_ifidx_node, &br->ifaces) {
1390 cfm_wait(iface->cfm);
1394 ovsdb_idl_wait(idl);
1395 poll_timer_wait_until(stats_timer);
1398 /* Forces 'br' to revalidate all of its flows. This is appropriate when 'br''s
1399 * configuration changes. */
1401 bridge_flush(struct bridge *br)
1403 COVERAGE_INC(bridge_flush);
1405 mac_learning_flush(br->ml);
1408 /* Returns the 'br' interface for the ODPP_LOCAL port, or null if 'br' has no
1409 * such interface. */
1410 static struct iface *
1411 bridge_get_local_iface(struct bridge *br)
1415 for (i = 0; i < br->n_ports; i++) {
1416 struct port *port = br->ports[i];
1417 for (j = 0; j < port->n_ifaces; j++) {
1418 struct iface *iface = port->ifaces[j];
1419 if (iface->dp_ifidx == ODPP_LOCAL) {
1428 /* Bridge unixctl user interface functions. */
1430 bridge_unixctl_fdb_show(struct unixctl_conn *conn,
1431 const char *args, void *aux OVS_UNUSED)
1433 struct ds ds = DS_EMPTY_INITIALIZER;
1434 const struct bridge *br;
1435 const struct mac_entry *e;
1437 br = bridge_lookup(args);
1439 unixctl_command_reply(conn, 501, "no such bridge");
1443 ds_put_cstr(&ds, " port VLAN MAC Age\n");
1444 LIST_FOR_EACH (e, lru_node, &br->ml->lrus) {
1445 if (e->port < 0 || e->port >= br->n_ports) {
1448 ds_put_format(&ds, "%5d %4d "ETH_ADDR_FMT" %3d\n",
1449 br->ports[e->port]->ifaces[0]->dp_ifidx,
1450 e->vlan, ETH_ADDR_ARGS(e->mac), mac_entry_age(e));
1452 unixctl_command_reply(conn, 200, ds_cstr(&ds));
1456 /* Bridge reconfiguration functions. */
1457 static struct bridge *
1458 bridge_create(const struct ovsrec_bridge *br_cfg)
1463 assert(!bridge_lookup(br_cfg->name));
1464 br = xzalloc(sizeof *br);
1466 error = dpif_create_and_open(br_cfg->name, br_cfg->datapath_type,
1472 dpif_flow_flush(br->dpif);
1474 error = ofproto_create(br_cfg->name, br_cfg->datapath_type, &bridge_ofhooks,
1477 VLOG_ERR("failed to create switch %s: %s", br_cfg->name,
1479 dpif_delete(br->dpif);
1480 dpif_close(br->dpif);
1485 br->name = xstrdup(br_cfg->name);
1487 br->ml = mac_learning_create();
1488 eth_addr_nicira_random(br->default_ea);
1490 hmap_init(&br->ifaces);
1492 shash_init(&br->port_by_name);
1493 shash_init(&br->iface_by_name);
1497 list_push_back(&all_bridges, &br->node);
1499 VLOG_INFO("created bridge %s on %s", br->name, dpif_name(br->dpif));
1505 bridge_destroy(struct bridge *br)
1510 while (br->n_ports > 0) {
1511 port_destroy(br->ports[br->n_ports - 1]);
1513 list_remove(&br->node);
1514 error = dpif_delete(br->dpif);
1515 if (error && error != ENOENT) {
1516 VLOG_ERR("failed to delete %s: %s",
1517 dpif_name(br->dpif), strerror(error));
1519 dpif_close(br->dpif);
1520 ofproto_destroy(br->ofproto);
1521 mac_learning_destroy(br->ml);
1522 hmap_destroy(&br->ifaces);
1523 shash_destroy(&br->port_by_name);
1524 shash_destroy(&br->iface_by_name);
1531 static struct bridge *
1532 bridge_lookup(const char *name)
1536 LIST_FOR_EACH (br, node, &all_bridges) {
1537 if (!strcmp(br->name, name)) {
1544 /* Handle requests for a listing of all flows known by the OpenFlow
1545 * stack, including those normally hidden. */
1547 bridge_unixctl_dump_flows(struct unixctl_conn *conn,
1548 const char *args, void *aux OVS_UNUSED)
1553 br = bridge_lookup(args);
1555 unixctl_command_reply(conn, 501, "Unknown bridge");
1560 ofproto_get_all_flows(br->ofproto, &results);
1562 unixctl_command_reply(conn, 200, ds_cstr(&results));
1563 ds_destroy(&results);
1566 /* "bridge/reconnect [BRIDGE]": makes BRIDGE drop all of its controller
1567 * connections and reconnect. If BRIDGE is not specified, then all bridges
1568 * drop their controller connections and reconnect. */
1570 bridge_unixctl_reconnect(struct unixctl_conn *conn,
1571 const char *args, void *aux OVS_UNUSED)
1574 if (args[0] != '\0') {
1575 br = bridge_lookup(args);
1577 unixctl_command_reply(conn, 501, "Unknown bridge");
1580 ofproto_reconnect_controllers(br->ofproto);
1582 LIST_FOR_EACH (br, node, &all_bridges) {
1583 ofproto_reconnect_controllers(br->ofproto);
1586 unixctl_command_reply(conn, 200, NULL);
1590 bridge_run_one(struct bridge *br)
1593 struct iface *iface;
1595 error = ofproto_run1(br->ofproto);
1600 mac_learning_run(br->ml, ofproto_get_revalidate_set(br->ofproto));
1603 error = ofproto_run2(br->ofproto, br->flush);
1606 HMAP_FOR_EACH (iface, dp_ifidx_node, &br->ifaces) {
1607 struct ofpbuf *packet;
1613 packet = cfm_run(iface->cfm);
1615 iface_send_packet(iface, packet);
1616 ofpbuf_uninit(packet);
1625 bridge_get_controllers(const struct bridge *br,
1626 struct ovsrec_controller ***controllersp)
1628 struct ovsrec_controller **controllers;
1629 size_t n_controllers;
1631 controllers = br->cfg->controller;
1632 n_controllers = br->cfg->n_controller;
1634 if (n_controllers == 1 && !strcmp(controllers[0]->target, "none")) {
1640 *controllersp = controllers;
1642 return n_controllers;
1646 bridge_reconfigure_one(struct bridge *br)
1648 struct shash old_ports, new_ports;
1649 struct svec snoops, old_snoops;
1650 struct shash_node *node;
1651 enum ofproto_fail_mode fail_mode;
1654 /* Collect old ports. */
1655 shash_init(&old_ports);
1656 for (i = 0; i < br->n_ports; i++) {
1657 shash_add(&old_ports, br->ports[i]->name, br->ports[i]);
1660 /* Collect new ports. */
1661 shash_init(&new_ports);
1662 for (i = 0; i < br->cfg->n_ports; i++) {
1663 const char *name = br->cfg->ports[i]->name;
1664 if (!shash_add_once(&new_ports, name, br->cfg->ports[i])) {
1665 VLOG_WARN("bridge %s: %s specified twice as bridge port",
1670 /* If we have a controller, then we need a local port. Complain if the
1671 * user didn't specify one.
1673 * XXX perhaps we should synthesize a port ourselves in this case. */
1674 if (bridge_get_controllers(br, NULL)) {
1675 char local_name[IF_NAMESIZE];
1678 error = dpif_port_get_name(br->dpif, ODPP_LOCAL,
1679 local_name, sizeof local_name);
1680 if (!error && !shash_find(&new_ports, local_name)) {
1681 VLOG_WARN("bridge %s: controller specified but no local port "
1682 "(port named %s) defined",
1683 br->name, local_name);
1687 /* Get rid of deleted ports.
1688 * Get rid of deleted interfaces on ports that still exist. */
1689 SHASH_FOR_EACH (node, &old_ports) {
1690 struct port *port = node->data;
1691 const struct ovsrec_port *port_cfg;
1693 port_cfg = shash_find_data(&new_ports, node->name);
1697 port_del_ifaces(port, port_cfg);
1701 /* Create new ports.
1702 * Add new interfaces to existing ports.
1703 * Reconfigure existing ports. */
1704 SHASH_FOR_EACH (node, &new_ports) {
1705 struct port *port = shash_find_data(&old_ports, node->name);
1707 port = port_create(br, node->name);
1710 port_reconfigure(port, node->data);
1711 if (!port->n_ifaces) {
1712 VLOG_WARN("bridge %s: port %s has no interfaces, dropping",
1713 br->name, port->name);
1717 shash_destroy(&old_ports);
1718 shash_destroy(&new_ports);
1720 /* Set the fail-mode */
1721 fail_mode = !br->cfg->fail_mode
1722 || !strcmp(br->cfg->fail_mode, "standalone")
1723 ? OFPROTO_FAIL_STANDALONE
1724 : OFPROTO_FAIL_SECURE;
1725 if (ofproto_get_fail_mode(br->ofproto) != fail_mode
1726 && !ofproto_has_primary_controller(br->ofproto)) {
1727 ofproto_flush_flows(br->ofproto);
1729 ofproto_set_fail_mode(br->ofproto, fail_mode);
1731 /* Delete all flows if we're switching from connected to standalone or vice
1732 * versa. (XXX Should we delete all flows if we are switching from one
1733 * controller to another?) */
1735 /* Configure OpenFlow controller connection snooping. */
1737 svec_add_nocopy(&snoops, xasprintf("punix:%s/%s.snoop",
1738 ovs_rundir(), br->name));
1739 svec_init(&old_snoops);
1740 ofproto_get_snoops(br->ofproto, &old_snoops);
1741 if (!svec_equal(&snoops, &old_snoops)) {
1742 ofproto_set_snoops(br->ofproto, &snoops);
1744 svec_destroy(&snoops);
1745 svec_destroy(&old_snoops);
1747 mirror_reconfigure(br);
1750 /* Initializes 'oc' appropriately as a management service controller for
1753 * The caller must free oc->target when it is no longer needed. */
1755 bridge_ofproto_controller_for_mgmt(const struct bridge *br,
1756 struct ofproto_controller *oc)
1758 oc->target = xasprintf("punix:%s/%s.mgmt", ovs_rundir(), br->name);
1759 oc->max_backoff = 0;
1760 oc->probe_interval = 60;
1761 oc->band = OFPROTO_OUT_OF_BAND;
1762 oc->accept_re = NULL;
1763 oc->update_resolv_conf = false;
1765 oc->burst_limit = 0;
1768 /* Converts ovsrec_controller 'c' into an ofproto_controller in 'oc'. */
1770 bridge_ofproto_controller_from_ovsrec(const struct ovsrec_controller *c,
1771 struct ofproto_controller *oc)
1773 oc->target = c->target;
1774 oc->max_backoff = c->max_backoff ? *c->max_backoff / 1000 : 8;
1775 oc->probe_interval = c->inactivity_probe ? *c->inactivity_probe / 1000 : 5;
1776 oc->band = (!c->connection_mode || !strcmp(c->connection_mode, "in-band")
1777 ? OFPROTO_IN_BAND : OFPROTO_OUT_OF_BAND);
1778 oc->accept_re = c->discover_accept_regex;
1779 oc->update_resolv_conf = c->discover_update_resolv_conf;
1780 oc->rate_limit = c->controller_rate_limit ? *c->controller_rate_limit : 0;
1781 oc->burst_limit = (c->controller_burst_limit
1782 ? *c->controller_burst_limit : 0);
1785 /* Configures the IP stack for 'br''s local interface properly according to the
1786 * configuration in 'c'. */
1788 bridge_configure_local_iface_netdev(struct bridge *br,
1789 struct ovsrec_controller *c)
1791 struct netdev *netdev;
1792 struct in_addr mask, gateway;
1794 struct iface *local_iface;
1797 /* Controller discovery does its own TCP/IP configuration later. */
1798 if (strcmp(c->target, "discover")) {
1802 /* If there's no local interface or no IP address, give up. */
1803 local_iface = bridge_get_local_iface(br);
1804 if (!local_iface || !c->local_ip || !inet_aton(c->local_ip, &ip)) {
1808 /* Bring up the local interface. */
1809 netdev = local_iface->netdev;
1810 netdev_turn_flags_on(netdev, NETDEV_UP, true);
1812 /* Configure the IP address and netmask. */
1813 if (!c->local_netmask
1814 || !inet_aton(c->local_netmask, &mask)
1816 mask.s_addr = guess_netmask(ip.s_addr);
1818 if (!netdev_set_in4(netdev, ip, mask)) {
1819 VLOG_INFO("bridge %s: configured IP address "IP_FMT", netmask "IP_FMT,
1820 br->name, IP_ARGS(&ip.s_addr), IP_ARGS(&mask.s_addr));
1823 /* Configure the default gateway. */
1824 if (c->local_gateway
1825 && inet_aton(c->local_gateway, &gateway)
1826 && gateway.s_addr) {
1827 if (!netdev_add_router(netdev, gateway)) {
1828 VLOG_INFO("bridge %s: configured gateway "IP_FMT,
1829 br->name, IP_ARGS(&gateway.s_addr));
1835 bridge_reconfigure_remotes(struct bridge *br,
1836 const struct sockaddr_in *managers,
1839 const char *disable_ib_str, *queue_id_str;
1840 bool disable_in_band = false;
1843 struct ovsrec_controller **controllers;
1844 size_t n_controllers;
1847 struct ofproto_controller *ocs;
1851 /* Check if we should disable in-band control on this bridge. */
1852 disable_ib_str = bridge_get_other_config(br->cfg, "disable-in-band");
1853 if (disable_ib_str && !strcmp(disable_ib_str, "true")) {
1854 disable_in_band = true;
1857 /* Set OpenFlow queue ID for in-band control. */
1858 queue_id_str = bridge_get_other_config(br->cfg, "in-band-queue");
1859 queue_id = queue_id_str ? strtol(queue_id_str, NULL, 10) : -1;
1860 ofproto_set_in_band_queue(br->ofproto, queue_id);
1862 if (disable_in_band) {
1863 ofproto_set_extra_in_band_remotes(br->ofproto, NULL, 0);
1865 ofproto_set_extra_in_band_remotes(br->ofproto, managers, n_managers);
1867 had_primary = ofproto_has_primary_controller(br->ofproto);
1869 n_controllers = bridge_get_controllers(br, &controllers);
1871 ocs = xmalloc((n_controllers + 1) * sizeof *ocs);
1874 bridge_ofproto_controller_for_mgmt(br, &ocs[n_ocs++]);
1875 for (i = 0; i < n_controllers; i++) {
1876 struct ovsrec_controller *c = controllers[i];
1878 if (!strncmp(c->target, "punix:", 6)
1879 || !strncmp(c->target, "unix:", 5)) {
1880 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1882 /* Prevent remote ovsdb-server users from accessing arbitrary Unix
1883 * domain sockets and overwriting arbitrary local files. */
1884 VLOG_ERR_RL(&rl, "%s: not adding Unix domain socket controller "
1885 "\"%s\" due to possibility for remote exploit",
1886 dpif_name(br->dpif), c->target);
1890 bridge_configure_local_iface_netdev(br, c);
1891 bridge_ofproto_controller_from_ovsrec(c, &ocs[n_ocs]);
1892 if (disable_in_band) {
1893 ocs[n_ocs].band = OFPROTO_OUT_OF_BAND;
1898 ofproto_set_controllers(br->ofproto, ocs, n_ocs);
1899 free(ocs[0].target); /* From bridge_ofproto_controller_for_mgmt(). */
1902 if (had_primary != ofproto_has_primary_controller(br->ofproto)) {
1903 ofproto_flush_flows(br->ofproto);
1906 /* If there are no controllers and the bridge is in standalone
1907 * mode, set up a flow that matches every packet and directs
1908 * them to OFPP_NORMAL (which goes to us). Otherwise, the
1909 * switch is in secure mode and we won't pass any traffic until
1910 * a controller has been defined and it tells us to do so. */
1912 && ofproto_get_fail_mode(br->ofproto) == OFPROTO_FAIL_STANDALONE) {
1913 union ofp_action action;
1914 struct cls_rule rule;
1916 memset(&action, 0, sizeof action);
1917 action.type = htons(OFPAT_OUTPUT);
1918 action.output.len = htons(sizeof action);
1919 action.output.port = htons(OFPP_NORMAL);
1920 cls_rule_init_catchall(&rule, 0);
1921 ofproto_add_flow(br->ofproto, &rule, &action, 1);
1926 bridge_get_all_ifaces(const struct bridge *br, struct shash *ifaces)
1931 for (i = 0; i < br->n_ports; i++) {
1932 struct port *port = br->ports[i];
1933 for (j = 0; j < port->n_ifaces; j++) {
1934 struct iface *iface = port->ifaces[j];
1935 shash_add_once(ifaces, iface->name, iface);
1937 if (port->n_ifaces > 1 && port->cfg->bond_fake_iface) {
1938 shash_add_once(ifaces, port->name, NULL);
1943 /* For robustness, in case the administrator moves around datapath ports behind
1944 * our back, we re-check all the datapath port numbers here.
1946 * This function will set the 'dp_ifidx' members of interfaces that have
1947 * disappeared to -1, so only call this function from a context where those
1948 * 'struct iface's will be removed from the bridge. Otherwise, the -1
1949 * 'dp_ifidx'es will cause trouble later when we try to send them to the
1950 * datapath, which doesn't support UINT16_MAX+1 ports. */
1952 bridge_fetch_dp_ifaces(struct bridge *br)
1954 struct odp_port *dpif_ports;
1955 size_t n_dpif_ports;
1958 /* Reset all interface numbers. */
1959 for (i = 0; i < br->n_ports; i++) {
1960 struct port *port = br->ports[i];
1961 for (j = 0; j < port->n_ifaces; j++) {
1962 struct iface *iface = port->ifaces[j];
1963 iface->dp_ifidx = -1;
1966 hmap_clear(&br->ifaces);
1968 dpif_port_list(br->dpif, &dpif_ports, &n_dpif_ports);
1969 for (i = 0; i < n_dpif_ports; i++) {
1970 struct odp_port *p = &dpif_ports[i];
1971 struct iface *iface = iface_lookup(br, p->devname);
1973 if (iface->dp_ifidx >= 0) {
1974 VLOG_WARN("%s reported interface %s twice",
1975 dpif_name(br->dpif), p->devname);
1976 } else if (iface_from_dp_ifidx(br, p->port)) {
1977 VLOG_WARN("%s reported interface %"PRIu16" twice",
1978 dpif_name(br->dpif), p->port);
1980 iface->dp_ifidx = p->port;
1981 hmap_insert(&br->ifaces, &iface->dp_ifidx_node,
1982 hash_int(iface->dp_ifidx, 0));
1985 iface_set_ofport(iface->cfg,
1986 (iface->dp_ifidx >= 0
1987 ? odp_port_to_ofp_port(iface->dp_ifidx)
1994 /* Bridge packet processing functions. */
1997 bond_hash(const uint8_t mac[ETH_ADDR_LEN])
1999 return hash_bytes(mac, ETH_ADDR_LEN, 0) & BOND_MASK;
2002 static struct bond_entry *
2003 lookup_bond_entry(const struct port *port, const uint8_t mac[ETH_ADDR_LEN])
2005 return &port->bond_hash[bond_hash(mac)];
2009 bond_choose_iface(const struct port *port)
2011 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20);
2012 size_t i, best_down_slave = -1;
2013 long long next_delay_expiration = LLONG_MAX;
2015 for (i = 0; i < port->n_ifaces; i++) {
2016 struct iface *iface = port->ifaces[i];
2018 if (iface->enabled) {
2020 } else if (iface->delay_expires < next_delay_expiration) {
2021 best_down_slave = i;
2022 next_delay_expiration = iface->delay_expires;
2026 if (best_down_slave != -1) {
2027 struct iface *iface = port->ifaces[best_down_slave];
2029 VLOG_INFO_RL(&rl, "interface %s: skipping remaining %lli ms updelay "
2030 "since no other interface is up", iface->name,
2031 iface->delay_expires - time_msec());
2032 bond_enable_slave(iface, true);
2035 return best_down_slave;
2039 choose_output_iface(const struct port *port, const uint8_t *dl_src,
2040 uint16_t *dp_ifidx, tag_type *tags)
2042 struct iface *iface;
2044 assert(port->n_ifaces);
2045 if (port->n_ifaces == 1) {
2046 iface = port->ifaces[0];
2048 struct bond_entry *e = lookup_bond_entry(port, dl_src);
2049 if (e->iface_idx < 0 || e->iface_idx >= port->n_ifaces
2050 || !port->ifaces[e->iface_idx]->enabled) {
2051 /* XXX select interface properly. The current interface selection
2052 * is only good for testing the rebalancing code. */
2053 e->iface_idx = bond_choose_iface(port);
2054 if (e->iface_idx < 0) {
2055 *tags |= port->no_ifaces_tag;
2058 e->iface_tag = tag_create_random();
2059 ((struct port *) port)->bond_compat_is_stale = true;
2061 *tags |= e->iface_tag;
2062 iface = port->ifaces[e->iface_idx];
2064 *dp_ifidx = iface->dp_ifidx;
2065 *tags |= iface->tag; /* Currently only used for bonding. */
2070 bond_link_status_update(struct iface *iface, bool carrier)
2072 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20);
2073 struct port *port = iface->port;
2075 if ((carrier == iface->enabled) == (iface->delay_expires == LLONG_MAX)) {
2076 /* Nothing to do. */
2079 VLOG_INFO_RL(&rl, "interface %s: carrier %s",
2080 iface->name, carrier ? "detected" : "dropped");
2081 if (carrier == iface->enabled) {
2082 iface->delay_expires = LLONG_MAX;
2083 VLOG_INFO_RL(&rl, "interface %s: will not be %s",
2084 iface->name, carrier ? "disabled" : "enabled");
2085 } else if (carrier && port->active_iface < 0) {
2086 bond_enable_slave(iface, true);
2087 if (port->updelay) {
2088 VLOG_INFO_RL(&rl, "interface %s: skipping %d ms updelay since no "
2089 "other interface is up", iface->name, port->updelay);
2092 int delay = carrier ? port->updelay : port->downdelay;
2093 iface->delay_expires = time_msec() + delay;
2096 "interface %s: will be %s if it stays %s for %d ms",
2098 carrier ? "enabled" : "disabled",
2099 carrier ? "up" : "down",
2106 bond_choose_active_iface(struct port *port)
2108 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20);
2110 port->active_iface = bond_choose_iface(port);
2111 port->active_iface_tag = tag_create_random();
2112 if (port->active_iface >= 0) {
2113 VLOG_INFO_RL(&rl, "port %s: active interface is now %s",
2114 port->name, port->ifaces[port->active_iface]->name);
2116 VLOG_WARN_RL(&rl, "port %s: all ports disabled, no active interface",
2122 bond_enable_slave(struct iface *iface, bool enable)
2124 struct port *port = iface->port;
2125 struct bridge *br = port->bridge;
2127 /* This acts as a recursion check. If the act of disabling a slave
2128 * causes a different slave to be enabled, the flag will allow us to
2129 * skip redundant work when we reenter this function. It must be
2130 * cleared on exit to keep things safe with multiple bonds. */
2131 static bool moving_active_iface = false;
2133 iface->delay_expires = LLONG_MAX;
2134 if (enable == iface->enabled) {
2138 iface->enabled = enable;
2139 if (!iface->enabled) {
2140 VLOG_WARN("interface %s: disabled", iface->name);
2141 ofproto_revalidate(br->ofproto, iface->tag);
2142 if (iface->port_ifidx == port->active_iface) {
2143 ofproto_revalidate(br->ofproto,
2144 port->active_iface_tag);
2146 /* Disabling a slave can lead to another slave being immediately
2147 * enabled if there will be no active slaves but one is waiting
2148 * on an updelay. In this case we do not need to run most of the
2149 * code for the newly enabled slave since there was no period
2150 * without an active slave and it is redundant with the disabling
2152 moving_active_iface = true;
2153 bond_choose_active_iface(port);
2155 bond_send_learning_packets(port);
2157 VLOG_WARN("interface %s: enabled", iface->name);
2158 if (port->active_iface < 0 && !moving_active_iface) {
2159 ofproto_revalidate(br->ofproto, port->no_ifaces_tag);
2160 bond_choose_active_iface(port);
2161 bond_send_learning_packets(port);
2163 iface->tag = tag_create_random();
2166 moving_active_iface = false;
2167 port->bond_compat_is_stale = true;
2170 /* Attempts to make the sum of the bond slaves' statistics appear on the fake
2171 * bond interface. */
2173 bond_update_fake_iface_stats(struct port *port)
2175 struct netdev_stats bond_stats;
2176 struct netdev *bond_dev;
2179 memset(&bond_stats, 0, sizeof bond_stats);
2181 for (i = 0; i < port->n_ifaces; i++) {
2182 struct netdev_stats slave_stats;
2184 if (!netdev_get_stats(port->ifaces[i]->netdev, &slave_stats)) {
2185 /* XXX: We swap the stats here because they are swapped back when
2186 * reported by the internal device. The reason for this is
2187 * internal devices normally represent packets going into the system
2188 * but when used as fake bond device they represent packets leaving
2189 * the system. We really should do this in the internal device
2190 * itself because changing it here reverses the counts from the
2191 * perspective of the switch. However, the internal device doesn't
2192 * know what type of device it represents so we have to do it here
2194 bond_stats.tx_packets += slave_stats.rx_packets;
2195 bond_stats.tx_bytes += slave_stats.rx_bytes;
2196 bond_stats.rx_packets += slave_stats.tx_packets;
2197 bond_stats.rx_bytes += slave_stats.tx_bytes;
2201 if (!netdev_open_default(port->name, &bond_dev)) {
2202 netdev_set_stats(bond_dev, &bond_stats);
2203 netdev_close(bond_dev);
2208 bond_run(struct bridge *br)
2212 for (i = 0; i < br->n_ports; i++) {
2213 struct port *port = br->ports[i];
2215 if (port->n_ifaces >= 2) {
2218 /* Track carrier going up and down on interfaces. */
2219 while (!netdev_monitor_poll(port->monitor, &devname)) {
2220 struct iface *iface;
2222 iface = port_lookup_iface(port, devname);
2224 bool carrier = netdev_get_carrier(iface->netdev);
2226 bond_link_status_update(iface, carrier);
2227 port_update_bond_compat(port);
2232 for (j = 0; j < port->n_ifaces; j++) {
2233 struct iface *iface = port->ifaces[j];
2234 if (time_msec() >= iface->delay_expires) {
2235 bond_enable_slave(iface, !iface->enabled);
2239 if (port->bond_fake_iface
2240 && time_msec() >= port->bond_next_fake_iface_update) {
2241 bond_update_fake_iface_stats(port);
2242 port->bond_next_fake_iface_update = time_msec() + 1000;
2246 if (port->bond_compat_is_stale) {
2247 port->bond_compat_is_stale = false;
2248 port_update_bond_compat(port);
2254 bond_wait(struct bridge *br)
2258 for (i = 0; i < br->n_ports; i++) {
2259 struct port *port = br->ports[i];
2260 if (port->n_ifaces < 2) {
2263 netdev_monitor_poll_wait(port->monitor);
2264 for (j = 0; j < port->n_ifaces; j++) {
2265 struct iface *iface = port->ifaces[j];
2266 if (iface->delay_expires != LLONG_MAX) {
2267 poll_timer_wait_until(iface->delay_expires);
2270 if (port->bond_fake_iface) {
2271 poll_timer_wait_until(port->bond_next_fake_iface_update);
2277 set_dst(struct dst *p, const struct flow *flow,
2278 const struct port *in_port, const struct port *out_port,
2281 p->vlan = (out_port->vlan >= 0 ? OFP_VLAN_NONE
2282 : in_port->vlan >= 0 ? in_port->vlan
2283 : flow->vlan_tci == 0 ? OFP_VLAN_NONE
2284 : vlan_tci_to_vid(flow->vlan_tci));
2285 return choose_output_iface(out_port, flow->dl_src, &p->dp_ifidx, tags);
2289 swap_dst(struct dst *p, struct dst *q)
2291 struct dst tmp = *p;
2296 /* Moves all the dsts with vlan == 'vlan' to the front of the 'n_dsts' in
2297 * 'dsts'. (This may help performance by reducing the number of VLAN changes
2298 * that we push to the datapath. We could in fact fully sort the array by
2299 * vlan, but in most cases there are at most two different vlan tags so that's
2300 * possibly overkill.) */
2302 partition_dsts(struct dst *dsts, size_t n_dsts, int vlan)
2304 struct dst *first = dsts;
2305 struct dst *last = dsts + n_dsts;
2307 while (first != last) {
2309 * - All dsts < first have vlan == 'vlan'.
2310 * - All dsts >= last have vlan != 'vlan'.
2311 * - first < last. */
2312 while (first->vlan == vlan) {
2313 if (++first == last) {
2318 /* Same invariants, plus one additional:
2319 * - first->vlan != vlan.
2321 while (last[-1].vlan != vlan) {
2322 if (--last == first) {
2327 /* Same invariants, plus one additional:
2328 * - last[-1].vlan == vlan.*/
2329 swap_dst(first++, --last);
2334 mirror_mask_ffs(mirror_mask_t mask)
2336 BUILD_ASSERT_DECL(sizeof(unsigned int) >= sizeof(mask));
2341 dst_is_duplicate(const struct dst *dsts, size_t n_dsts,
2342 const struct dst *test)
2345 for (i = 0; i < n_dsts; i++) {
2346 if (dsts[i].vlan == test->vlan && dsts[i].dp_ifidx == test->dp_ifidx) {
2354 port_trunks_vlan(const struct port *port, uint16_t vlan)
2356 return (port->vlan < 0
2357 && (!port->trunks || bitmap_is_set(port->trunks, vlan)));
2361 port_includes_vlan(const struct port *port, uint16_t vlan)
2363 return vlan == port->vlan || port_trunks_vlan(port, vlan);
2367 port_is_floodable(const struct port *port)
2371 for (i = 0; i < port->n_ifaces; i++) {
2372 if (!ofproto_port_is_floodable(port->bridge->ofproto,
2373 port->ifaces[i]->dp_ifidx)) {
2381 compose_dsts(const struct bridge *br, const struct flow *flow, uint16_t vlan,
2382 const struct port *in_port, const struct port *out_port,
2383 struct dst dsts[], tag_type *tags, uint16_t *nf_output_iface)
2385 mirror_mask_t mirrors = in_port->src_mirrors;
2387 struct dst *dst = dsts;
2390 flow_vlan = vlan_tci_to_vid(flow->vlan_tci);
2391 if (flow_vlan == 0) {
2392 flow_vlan = OFP_VLAN_NONE;
2395 if (out_port == FLOOD_PORT) {
2396 /* XXX use ODP_FLOOD if no vlans or bonding. */
2397 /* XXX even better, define each VLAN as a datapath port group */
2398 for (i = 0; i < br->n_ports; i++) {
2399 struct port *port = br->ports[i];
2401 && port_is_floodable(port)
2402 && port_includes_vlan(port, vlan)
2403 && !port->is_mirror_output_port
2404 && set_dst(dst, flow, in_port, port, tags)) {
2405 mirrors |= port->dst_mirrors;
2409 *nf_output_iface = NF_OUT_FLOOD;
2410 } else if (out_port && set_dst(dst, flow, in_port, out_port, tags)) {
2411 *nf_output_iface = dst->dp_ifidx;
2412 mirrors |= out_port->dst_mirrors;
2417 struct mirror *m = br->mirrors[mirror_mask_ffs(mirrors) - 1];
2418 if (!m->n_vlans || vlan_is_mirrored(m, vlan)) {
2420 if (set_dst(dst, flow, in_port, m->out_port, tags)
2421 && !dst_is_duplicate(dsts, dst - dsts, dst)) {
2425 for (i = 0; i < br->n_ports; i++) {
2426 struct port *port = br->ports[i];
2427 if (port_includes_vlan(port, m->out_vlan)
2428 && set_dst(dst, flow, in_port, port, tags))
2431 if (port->vlan < 0) {
2432 dst->vlan = m->out_vlan;
2434 if (dst_is_duplicate(dsts, dst - dsts, dst)) {
2438 /* Use the vlan tag on the original flow instead of
2439 * the one passed in the vlan parameter. This ensures
2440 * that we compare the vlan from before any implicit
2441 * tagging tags place. This is necessary because
2442 * dst->vlan is the final vlan, after removing implicit
2444 if (port == in_port && dst->vlan == flow_vlan) {
2445 /* Don't send out input port on same VLAN. */
2453 mirrors &= mirrors - 1;
2456 partition_dsts(dsts, dst - dsts, flow_vlan);
2460 static void OVS_UNUSED
2461 print_dsts(const struct dst *dsts, size_t n)
2463 for (; n--; dsts++) {
2464 printf(">p%"PRIu16, dsts->dp_ifidx);
2465 if (dsts->vlan != OFP_VLAN_NONE) {
2466 printf("v%"PRIu16, dsts->vlan);
2472 compose_actions(struct bridge *br, const struct flow *flow, uint16_t vlan,
2473 const struct port *in_port, const struct port *out_port,
2474 tag_type *tags, struct odp_actions *actions,
2475 uint16_t *nf_output_iface)
2477 struct dst dsts[DP_MAX_PORTS * (MAX_MIRRORS + 1)];
2479 const struct dst *p;
2482 n_dsts = compose_dsts(br, flow, vlan, in_port, out_port, dsts, tags,
2485 cur_vlan = vlan_tci_to_vid(flow->vlan_tci);
2486 if (cur_vlan == 0) {
2487 cur_vlan = OFP_VLAN_NONE;
2489 for (p = dsts; p < &dsts[n_dsts]; p++) {
2490 union odp_action *a;
2491 if (p->vlan != cur_vlan) {
2492 if (p->vlan == OFP_VLAN_NONE) {
2493 odp_actions_add(actions, ODPAT_STRIP_VLAN);
2495 a = odp_actions_add(actions, ODPAT_SET_DL_TCI);
2496 a->dl_tci.tci = htons(p->vlan & VLAN_VID_MASK);
2497 a->dl_tci.tci |= flow->vlan_tci & htons(VLAN_PCP_MASK);
2501 a = odp_actions_add(actions, ODPAT_OUTPUT);
2502 a->output.port = p->dp_ifidx;
2506 /* Returns the effective vlan of a packet, taking into account both the
2507 * 802.1Q header and implicitly tagged ports. A value of 0 indicates that
2508 * the packet is untagged and -1 indicates it has an invalid header and
2509 * should be dropped. */
2510 static int flow_get_vlan(struct bridge *br, const struct flow *flow,
2511 struct port *in_port, bool have_packet)
2513 int vlan = vlan_tci_to_vid(flow->vlan_tci);
2514 if (in_port->vlan >= 0) {
2516 /* XXX support double tagging? */
2518 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2519 VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %d tagged "
2520 "packet received on port %s configured with "
2521 "implicit VLAN %"PRIu16,
2522 br->name, vlan, in_port->name, in_port->vlan);
2526 vlan = in_port->vlan;
2528 if (!port_includes_vlan(in_port, vlan)) {
2530 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2531 VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %d tagged "
2532 "packet received on port %s not configured for "
2534 br->name, vlan, in_port->name, vlan);
2543 /* A VM broadcasts a gratuitous ARP to indicate that it has resumed after
2544 * migration. Older Citrix-patched Linux DomU used gratuitous ARP replies to
2545 * indicate this; newer upstream kernels use gratuitous ARP requests. */
2547 is_gratuitous_arp(const struct flow *flow)
2549 return (flow->dl_type == htons(ETH_TYPE_ARP)
2550 && eth_addr_is_broadcast(flow->dl_dst)
2551 && (flow->nw_proto == ARP_OP_REPLY
2552 || (flow->nw_proto == ARP_OP_REQUEST
2553 && flow->nw_src == flow->nw_dst)));
2557 update_learning_table(struct bridge *br, const struct flow *flow, int vlan,
2558 struct port *in_port)
2560 enum grat_arp_lock_type lock_type;
2563 /* We don't want to learn from gratuitous ARP packets that are reflected
2564 * back over bond slaves so we lock the learning table. */
2565 lock_type = !is_gratuitous_arp(flow) ? GRAT_ARP_LOCK_NONE :
2566 (in_port->n_ifaces == 1) ? GRAT_ARP_LOCK_SET :
2567 GRAT_ARP_LOCK_CHECK;
2569 rev_tag = mac_learning_learn(br->ml, flow->dl_src, vlan, in_port->port_idx,
2572 /* The log messages here could actually be useful in debugging,
2573 * so keep the rate limit relatively high. */
2574 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30,
2576 VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is "
2577 "on port %s in VLAN %d",
2578 br->name, ETH_ADDR_ARGS(flow->dl_src),
2579 in_port->name, vlan);
2580 ofproto_revalidate(br->ofproto, rev_tag);
2584 /* Determines whether packets in 'flow' within 'br' should be forwarded or
2585 * dropped. Returns true if they may be forwarded, false if they should be
2588 * If 'have_packet' is true, it indicates that the caller is processing a
2589 * received packet. If 'have_packet' is false, then the caller is just
2590 * revalidating an existing flow because configuration has changed. Either
2591 * way, 'have_packet' only affects logging (there is no point in logging errors
2592 * during revalidation).
2594 * Sets '*in_portp' to the input port. This will be a null pointer if
2595 * flow->in_port does not designate a known input port (in which case
2596 * is_admissible() returns false).
2598 * When returning true, sets '*vlanp' to the effective VLAN of the input
2599 * packet, as returned by flow_get_vlan().
2601 * May also add tags to '*tags', although the current implementation only does
2602 * so in one special case.
2605 is_admissible(struct bridge *br, const struct flow *flow, bool have_packet,
2606 tag_type *tags, int *vlanp, struct port **in_portp)
2608 struct iface *in_iface;
2609 struct port *in_port;
2612 /* Find the interface and port structure for the received packet. */
2613 in_iface = iface_from_dp_ifidx(br, flow->in_port);
2615 /* No interface? Something fishy... */
2617 /* Odd. A few possible reasons here:
2619 * - We deleted an interface but there are still a few packets
2620 * queued up from it.
2622 * - Someone externally added an interface (e.g. with "ovs-dpctl
2623 * add-if") that we don't know about.
2625 * - Packet arrived on the local port but the local port is not
2626 * one of our bridge ports.
2628 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2630 VLOG_WARN_RL(&rl, "bridge %s: received packet on unknown "
2631 "interface %"PRIu16, br->name, flow->in_port);
2637 *in_portp = in_port = in_iface->port;
2638 *vlanp = vlan = flow_get_vlan(br, flow, in_port, have_packet);
2643 /* Drop frames for reserved multicast addresses. */
2644 if (eth_addr_is_reserved(flow->dl_dst)) {
2648 /* Drop frames on ports reserved for mirroring. */
2649 if (in_port->is_mirror_output_port) {
2651 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2652 VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port "
2653 "%s, which is reserved exclusively for mirroring",
2654 br->name, in_port->name);
2659 /* Packets received on bonds need special attention to avoid duplicates. */
2660 if (in_port->n_ifaces > 1) {
2662 bool is_grat_arp_locked;
2664 if (eth_addr_is_multicast(flow->dl_dst)) {
2665 *tags |= in_port->active_iface_tag;
2666 if (in_port->active_iface != in_iface->port_ifidx) {
2667 /* Drop all multicast packets on inactive slaves. */
2672 /* Drop all packets for which we have learned a different input
2673 * port, because we probably sent the packet on one slave and got
2674 * it back on the other. Gratuitous ARP packets are an exception
2675 * to this rule: the host has moved to another switch. The exception
2676 * to the exception is if we locked the learning table to avoid
2677 * reflections on bond slaves. If this is the case, just drop the
2679 src_idx = mac_learning_lookup(br->ml, flow->dl_src, vlan,
2680 &is_grat_arp_locked);
2681 if (src_idx != -1 && src_idx != in_port->port_idx &&
2682 (!is_gratuitous_arp(flow) || is_grat_arp_locked)) {
2690 /* If the composed actions may be applied to any packet in the given 'flow',
2691 * returns true. Otherwise, the actions should only be applied to 'packet', or
2692 * not at all, if 'packet' was NULL. */
2694 process_flow(struct bridge *br, const struct flow *flow,
2695 const struct ofpbuf *packet, struct odp_actions *actions,
2696 tag_type *tags, uint16_t *nf_output_iface)
2698 struct port *in_port;
2699 struct port *out_port;
2703 /* Check whether we should drop packets in this flow. */
2704 if (!is_admissible(br, flow, packet != NULL, tags, &vlan, &in_port)) {
2709 /* Learn source MAC (but don't try to learn from revalidation). */
2711 update_learning_table(br, flow, vlan, in_port);
2714 /* Determine output port. */
2715 out_port_idx = mac_learning_lookup_tag(br->ml, flow->dl_dst, vlan, tags,
2717 if (out_port_idx >= 0 && out_port_idx < br->n_ports) {
2718 out_port = br->ports[out_port_idx];
2719 } else if (!packet && !eth_addr_is_multicast(flow->dl_dst)) {
2720 /* If we are revalidating but don't have a learning entry then
2721 * eject the flow. Installing a flow that floods packets opens
2722 * up a window of time where we could learn from a packet reflected
2723 * on a bond and blackhole packets before the learning table is
2724 * updated to reflect the correct port. */
2727 out_port = FLOOD_PORT;
2730 /* Don't send packets out their input ports. */
2731 if (in_port == out_port) {
2737 compose_actions(br, flow, vlan, in_port, out_port, tags, actions,
2745 bridge_normal_ofhook_cb(const struct flow *flow, const struct ofpbuf *packet,
2746 struct odp_actions *actions, tag_type *tags,
2747 uint16_t *nf_output_iface, void *br_)
2749 struct iface *iface;
2750 struct bridge *br = br_;
2752 COVERAGE_INC(bridge_process_flow);
2754 iface = iface_from_dp_ifidx(br, flow->in_port);
2756 if (cfm_should_process_flow(flow)) {
2757 if (packet && iface->cfm) {
2758 cfm_process_heartbeat(iface->cfm, packet);
2763 return process_flow(br, flow, packet, actions, tags, nf_output_iface);
2767 bridge_account_flow_ofhook_cb(const struct flow *flow, tag_type tags,
2768 const union odp_action *actions,
2769 size_t n_actions, unsigned long long int n_bytes,
2772 struct bridge *br = br_;
2773 const union odp_action *a;
2774 struct port *in_port;
2778 /* Feed information from the active flows back into the learning table to
2779 * ensure that table is always in sync with what is actually flowing
2780 * through the datapath.
2782 * We test that 'tags' is nonzero to ensure that only flows that include an
2783 * OFPP_NORMAL action are used for learning. This works because
2784 * bridge_normal_ofhook_cb() always sets a nonzero tag value. */
2785 if (tags && is_admissible(br, flow, false, &dummy, &vlan, &in_port)) {
2786 update_learning_table(br, flow, vlan, in_port);
2789 /* Account for bond slave utilization. */
2790 if (!br->has_bonded_ports) {
2793 for (a = actions; a < &actions[n_actions]; a++) {
2794 if (a->type == ODPAT_OUTPUT) {
2795 struct port *out_port = port_from_dp_ifidx(br, a->output.port);
2796 if (out_port && out_port->n_ifaces >= 2) {
2797 struct bond_entry *e = lookup_bond_entry(out_port,
2799 e->tx_bytes += n_bytes;
2806 bridge_account_checkpoint_ofhook_cb(void *br_)
2808 struct bridge *br = br_;
2812 if (!br->has_bonded_ports) {
2817 for (i = 0; i < br->n_ports; i++) {
2818 struct port *port = br->ports[i];
2819 if (port->n_ifaces > 1 && now >= port->bond_next_rebalance) {
2820 port->bond_next_rebalance = now + port->bond_rebalance_interval;
2821 bond_rebalance_port(port);
2826 static struct ofhooks bridge_ofhooks = {
2827 bridge_normal_ofhook_cb,
2828 bridge_account_flow_ofhook_cb,
2829 bridge_account_checkpoint_ofhook_cb,
2832 /* Bonding functions. */
2834 /* Statistics for a single interface on a bonded port, used for load-based
2835 * bond rebalancing. */
2836 struct slave_balance {
2837 struct iface *iface; /* The interface. */
2838 uint64_t tx_bytes; /* Sum of hashes[*]->tx_bytes. */
2840 /* All the "bond_entry"s that are assigned to this interface, in order of
2841 * increasing tx_bytes. */
2842 struct bond_entry **hashes;
2846 /* Sorts pointers to pointers to bond_entries in ascending order by the
2847 * interface to which they are assigned, and within a single interface in
2848 * ascending order of bytes transmitted. */
2850 compare_bond_entries(const void *a_, const void *b_)
2852 const struct bond_entry *const *ap = a_;
2853 const struct bond_entry *const *bp = b_;
2854 const struct bond_entry *a = *ap;
2855 const struct bond_entry *b = *bp;
2856 if (a->iface_idx != b->iface_idx) {
2857 return a->iface_idx > b->iface_idx ? 1 : -1;
2858 } else if (a->tx_bytes != b->tx_bytes) {
2859 return a->tx_bytes > b->tx_bytes ? 1 : -1;
2865 /* Sorts slave_balances so that enabled ports come first, and otherwise in
2866 * *descending* order by number of bytes transmitted. */
2868 compare_slave_balance(const void *a_, const void *b_)
2870 const struct slave_balance *a = a_;
2871 const struct slave_balance *b = b_;
2872 if (a->iface->enabled != b->iface->enabled) {
2873 return a->iface->enabled ? -1 : 1;
2874 } else if (a->tx_bytes != b->tx_bytes) {
2875 return a->tx_bytes > b->tx_bytes ? -1 : 1;
2882 swap_bals(struct slave_balance *a, struct slave_balance *b)
2884 struct slave_balance tmp = *a;
2889 /* Restores the 'n_bals' slave_balance structures in 'bals' to sorted order
2890 * given that 'p' (and only 'p') might be in the wrong location.
2892 * This function invalidates 'p', since it might now be in a different memory
2895 resort_bals(struct slave_balance *p,
2896 struct slave_balance bals[], size_t n_bals)
2899 for (; p > bals && p->tx_bytes > p[-1].tx_bytes; p--) {
2900 swap_bals(p, p - 1);
2902 for (; p < &bals[n_bals - 1] && p->tx_bytes < p[1].tx_bytes; p++) {
2903 swap_bals(p, p + 1);
2909 log_bals(const struct slave_balance *bals, size_t n_bals, struct port *port)
2911 if (VLOG_IS_DBG_ENABLED()) {
2912 struct ds ds = DS_EMPTY_INITIALIZER;
2913 const struct slave_balance *b;
2915 for (b = bals; b < bals + n_bals; b++) {
2919 ds_put_char(&ds, ',');
2921 ds_put_format(&ds, " %s %"PRIu64"kB",
2922 b->iface->name, b->tx_bytes / 1024);
2924 if (!b->iface->enabled) {
2925 ds_put_cstr(&ds, " (disabled)");
2927 if (b->n_hashes > 0) {
2928 ds_put_cstr(&ds, " (");
2929 for (i = 0; i < b->n_hashes; i++) {
2930 const struct bond_entry *e = b->hashes[i];
2932 ds_put_cstr(&ds, " + ");
2934 ds_put_format(&ds, "h%td: %"PRIu64"kB",
2935 e - port->bond_hash, e->tx_bytes / 1024);
2937 ds_put_cstr(&ds, ")");
2940 VLOG_DBG("bond %s:%s", port->name, ds_cstr(&ds));
2945 /* Shifts 'hash' from 'from' to 'to' within 'port'. */
2947 bond_shift_load(struct slave_balance *from, struct slave_balance *to,
2950 struct bond_entry *hash = from->hashes[hash_idx];
2951 struct port *port = from->iface->port;
2952 uint64_t delta = hash->tx_bytes;
2954 VLOG_INFO("bond %s: shift %"PRIu64"kB of load (with hash %td) "
2955 "from %s to %s (now carrying %"PRIu64"kB and "
2956 "%"PRIu64"kB load, respectively)",
2957 port->name, delta / 1024, hash - port->bond_hash,
2958 from->iface->name, to->iface->name,
2959 (from->tx_bytes - delta) / 1024,
2960 (to->tx_bytes + delta) / 1024);
2962 /* Delete element from from->hashes.
2964 * We don't bother to add the element to to->hashes because not only would
2965 * it require more work, the only purpose it would be to allow that hash to
2966 * be migrated to another slave in this rebalancing run, and there is no
2967 * point in doing that. */
2968 if (hash_idx == 0) {
2971 memmove(from->hashes + hash_idx, from->hashes + hash_idx + 1,
2972 (from->n_hashes - (hash_idx + 1)) * sizeof *from->hashes);
2976 /* Shift load away from 'from' to 'to'. */
2977 from->tx_bytes -= delta;
2978 to->tx_bytes += delta;
2980 /* Arrange for flows to be revalidated. */
2981 ofproto_revalidate(port->bridge->ofproto, hash->iface_tag);
2982 hash->iface_idx = to->iface->port_ifidx;
2983 hash->iface_tag = tag_create_random();
2987 bond_rebalance_port(struct port *port)
2989 struct slave_balance bals[DP_MAX_PORTS];
2991 struct bond_entry *hashes[BOND_MASK + 1];
2992 struct slave_balance *b, *from, *to;
2993 struct bond_entry *e;
2996 /* Sets up 'bals' to describe each of the port's interfaces, sorted in
2997 * descending order of tx_bytes, so that bals[0] represents the most
2998 * heavily loaded slave and bals[n_bals - 1] represents the least heavily
3001 * The code is a bit tricky: to avoid dynamically allocating a 'hashes'
3002 * array for each slave_balance structure, we sort our local array of
3003 * hashes in order by slave, so that all of the hashes for a given slave
3004 * become contiguous in memory, and then we point each 'hashes' members of
3005 * a slave_balance structure to the start of a contiguous group. */
3006 n_bals = port->n_ifaces;
3007 for (b = bals; b < &bals[n_bals]; b++) {
3008 b->iface = port->ifaces[b - bals];
3013 for (i = 0; i <= BOND_MASK; i++) {
3014 hashes[i] = &port->bond_hash[i];
3016 qsort(hashes, BOND_MASK + 1, sizeof *hashes, compare_bond_entries);
3017 for (i = 0; i <= BOND_MASK; i++) {
3019 if (e->iface_idx >= 0 && e->iface_idx < port->n_ifaces) {
3020 b = &bals[e->iface_idx];
3021 b->tx_bytes += e->tx_bytes;
3023 b->hashes = &hashes[i];
3028 qsort(bals, n_bals, sizeof *bals, compare_slave_balance);
3029 log_bals(bals, n_bals, port);
3031 /* Discard slaves that aren't enabled (which were sorted to the back of the
3032 * array earlier). */
3033 while (!bals[n_bals - 1].iface->enabled) {
3040 /* Shift load from the most-loaded slaves to the least-loaded slaves. */
3041 to = &bals[n_bals - 1];
3042 for (from = bals; from < to; ) {
3043 uint64_t overload = from->tx_bytes - to->tx_bytes;
3044 if (overload < to->tx_bytes >> 5 || overload < 100000) {
3045 /* The extra load on 'from' (and all less-loaded slaves), compared
3046 * to that of 'to' (the least-loaded slave), is less than ~3%, or
3047 * it is less than ~1Mbps. No point in rebalancing. */
3049 } else if (from->n_hashes == 1) {
3050 /* 'from' only carries a single MAC hash, so we can't shift any
3051 * load away from it, even though we want to. */
3054 /* 'from' is carrying significantly more load than 'to', and that
3055 * load is split across at least two different hashes. Pick a hash
3056 * to migrate to 'to' (the least-loaded slave), given that doing so
3057 * must decrease the ratio of the load on the two slaves by at
3060 * The sort order we use means that we prefer to shift away the
3061 * smallest hashes instead of the biggest ones. There is little
3062 * reason behind this decision; we could use the opposite sort
3063 * order to shift away big hashes ahead of small ones. */
3066 for (i = 0; i < from->n_hashes; i++) {
3067 double old_ratio, new_ratio;
3068 uint64_t delta = from->hashes[i]->tx_bytes;
3070 if (delta == 0 || from->tx_bytes - delta == 0) {
3071 /* Pointless move. */
3075 order_swapped = from->tx_bytes - delta < to->tx_bytes + delta;
3077 if (to->tx_bytes == 0) {
3078 /* Nothing on the new slave, move it. */
3082 old_ratio = (double)from->tx_bytes / to->tx_bytes;
3083 new_ratio = (double)(from->tx_bytes - delta) /
3084 (to->tx_bytes + delta);
3086 if (new_ratio == 0) {
3087 /* Should already be covered but check to prevent division
3092 if (new_ratio < 1) {
3093 new_ratio = 1 / new_ratio;
3096 if (old_ratio - new_ratio > 0.1) {
3097 /* Would decrease the ratio, move it. */
3101 if (i < from->n_hashes) {
3102 bond_shift_load(from, to, i);
3103 port->bond_compat_is_stale = true;
3105 /* If the result of the migration changed the relative order of
3106 * 'from' and 'to' swap them back to maintain invariants. */
3107 if (order_swapped) {
3108 swap_bals(from, to);
3111 /* Re-sort 'bals'. Note that this may make 'from' and 'to'
3112 * point to different slave_balance structures. It is only
3113 * valid to do these two operations in a row at all because we
3114 * know that 'from' will not move past 'to' and vice versa. */
3115 resort_bals(from, bals, n_bals);
3116 resort_bals(to, bals, n_bals);
3123 /* Implement exponentially weighted moving average. A weight of 1/2 causes
3124 * historical data to decay to <1% in 7 rebalancing runs. */
3125 for (e = &port->bond_hash[0]; e <= &port->bond_hash[BOND_MASK]; e++) {
3131 bond_send_learning_packets(struct port *port)
3133 struct bridge *br = port->bridge;
3134 struct mac_entry *e;
3135 struct ofpbuf packet;
3136 int error, n_packets, n_errors;
3138 if (!port->n_ifaces || port->active_iface < 0) {
3142 ofpbuf_init(&packet, 128);
3143 error = n_packets = n_errors = 0;
3144 LIST_FOR_EACH (e, lru_node, &br->ml->lrus) {
3145 union ofp_action actions[2], *a;
3151 if (e->port == port->port_idx
3152 || !choose_output_iface(port, e->mac, &dp_ifidx, &tags)) {
3156 /* Compose actions. */
3157 memset(actions, 0, sizeof actions);
3160 a->vlan_vid.type = htons(OFPAT_SET_VLAN_VID);
3161 a->vlan_vid.len = htons(sizeof *a);
3162 a->vlan_vid.vlan_vid = htons(e->vlan);
3165 a->output.type = htons(OFPAT_OUTPUT);
3166 a->output.len = htons(sizeof *a);
3167 a->output.port = htons(odp_port_to_ofp_port(dp_ifidx));
3172 compose_benign_packet(&packet, "Open vSwitch Bond Failover", 0xf177,
3174 flow_extract(&packet, 0, ODPP_NONE, &flow);
3175 retval = ofproto_send_packet(br->ofproto, &flow, actions, a - actions,
3182 ofpbuf_uninit(&packet);
3185 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
3186 VLOG_WARN_RL(&rl, "bond %s: %d errors sending %d gratuitous learning "
3187 "packets, last error was: %s",
3188 port->name, n_errors, n_packets, strerror(error));
3190 VLOG_DBG("bond %s: sent %d gratuitous learning packets",
3191 port->name, n_packets);
3195 /* Bonding unixctl user interface functions. */
3198 bond_unixctl_list(struct unixctl_conn *conn,
3199 const char *args OVS_UNUSED, void *aux OVS_UNUSED)
3201 struct ds ds = DS_EMPTY_INITIALIZER;
3202 const struct bridge *br;
3204 ds_put_cstr(&ds, "bridge\tbond\tslaves\n");
3206 LIST_FOR_EACH (br, node, &all_bridges) {
3209 for (i = 0; i < br->n_ports; i++) {
3210 const struct port *port = br->ports[i];
3211 if (port->n_ifaces > 1) {
3214 ds_put_format(&ds, "%s\t%s\t", br->name, port->name);
3215 for (j = 0; j < port->n_ifaces; j++) {
3216 const struct iface *iface = port->ifaces[j];
3218 ds_put_cstr(&ds, ", ");
3220 ds_put_cstr(&ds, iface->name);
3222 ds_put_char(&ds, '\n');
3226 unixctl_command_reply(conn, 200, ds_cstr(&ds));
3230 static struct port *
3231 bond_find(const char *name)
3233 const struct bridge *br;
3235 LIST_FOR_EACH (br, node, &all_bridges) {
3238 for (i = 0; i < br->n_ports; i++) {
3239 struct port *port = br->ports[i];
3240 if (!strcmp(port->name, name) && port->n_ifaces > 1) {
3249 bond_unixctl_show(struct unixctl_conn *conn,
3250 const char *args, void *aux OVS_UNUSED)
3252 struct ds ds = DS_EMPTY_INITIALIZER;
3253 const struct port *port;
3256 port = bond_find(args);
3258 unixctl_command_reply(conn, 501, "no such bond");
3262 ds_put_format(&ds, "updelay: %d ms\n", port->updelay);
3263 ds_put_format(&ds, "downdelay: %d ms\n", port->downdelay);
3264 ds_put_format(&ds, "next rebalance: %lld ms\n",
3265 port->bond_next_rebalance - time_msec());
3266 for (j = 0; j < port->n_ifaces; j++) {
3267 const struct iface *iface = port->ifaces[j];
3268 struct bond_entry *be;
3271 ds_put_format(&ds, "slave %s: %s\n",
3272 iface->name, iface->enabled ? "enabled" : "disabled");
3273 if (j == port->active_iface) {
3274 ds_put_cstr(&ds, "\tactive slave\n");
3276 if (iface->delay_expires != LLONG_MAX) {
3277 ds_put_format(&ds, "\t%s expires in %lld ms\n",
3278 iface->enabled ? "downdelay" : "updelay",
3279 iface->delay_expires - time_msec());
3283 for (be = port->bond_hash; be <= &port->bond_hash[BOND_MASK]; be++) {
3284 int hash = be - port->bond_hash;
3285 struct mac_entry *me;
3287 if (be->iface_idx != j) {
3291 ds_put_format(&ds, "\thash %d: %"PRIu64" kB load\n",
3292 hash, be->tx_bytes / 1024);
3295 LIST_FOR_EACH (me, lru_node, &port->bridge->ml->lrus) {
3298 if (bond_hash(me->mac) == hash
3299 && me->port != port->port_idx
3300 && choose_output_iface(port, me->mac, &dp_ifidx, &tags)
3301 && dp_ifidx == iface->dp_ifidx)
3303 ds_put_format(&ds, "\t\t"ETH_ADDR_FMT"\n",
3304 ETH_ADDR_ARGS(me->mac));
3309 unixctl_command_reply(conn, 200, ds_cstr(&ds));
3314 bond_unixctl_migrate(struct unixctl_conn *conn, const char *args_,
3315 void *aux OVS_UNUSED)
3317 char *args = (char *) args_;
3318 char *save_ptr = NULL;
3319 char *bond_s, *hash_s, *slave_s;
3320 uint8_t mac[ETH_ADDR_LEN];
3322 struct iface *iface;
3323 struct bond_entry *entry;
3326 bond_s = strtok_r(args, " ", &save_ptr);
3327 hash_s = strtok_r(NULL, " ", &save_ptr);
3328 slave_s = strtok_r(NULL, " ", &save_ptr);
3330 unixctl_command_reply(conn, 501,
3331 "usage: bond/migrate BOND HASH SLAVE");
3335 port = bond_find(bond_s);
3337 unixctl_command_reply(conn, 501, "no such bond");
3341 if (sscanf(hash_s, ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))
3342 == ETH_ADDR_SCAN_COUNT) {
3343 hash = bond_hash(mac);
3344 } else if (strspn(hash_s, "0123456789") == strlen(hash_s)) {
3345 hash = atoi(hash_s) & BOND_MASK;
3347 unixctl_command_reply(conn, 501, "bad hash");
3351 iface = port_lookup_iface(port, slave_s);
3353 unixctl_command_reply(conn, 501, "no such slave");
3357 if (!iface->enabled) {
3358 unixctl_command_reply(conn, 501, "cannot migrate to disabled slave");
3362 entry = &port->bond_hash[hash];
3363 ofproto_revalidate(port->bridge->ofproto, entry->iface_tag);
3364 entry->iface_idx = iface->port_ifidx;
3365 entry->iface_tag = tag_create_random();
3366 port->bond_compat_is_stale = true;
3367 unixctl_command_reply(conn, 200, "migrated");
3371 bond_unixctl_set_active_slave(struct unixctl_conn *conn, const char *args_,
3372 void *aux OVS_UNUSED)
3374 char *args = (char *) args_;
3375 char *save_ptr = NULL;
3376 char *bond_s, *slave_s;
3378 struct iface *iface;
3380 bond_s = strtok_r(args, " ", &save_ptr);
3381 slave_s = strtok_r(NULL, " ", &save_ptr);
3383 unixctl_command_reply(conn, 501,
3384 "usage: bond/set-active-slave BOND SLAVE");
3388 port = bond_find(bond_s);
3390 unixctl_command_reply(conn, 501, "no such bond");
3394 iface = port_lookup_iface(port, slave_s);
3396 unixctl_command_reply(conn, 501, "no such slave");
3400 if (!iface->enabled) {
3401 unixctl_command_reply(conn, 501, "cannot make disabled slave active");
3405 if (port->active_iface != iface->port_ifidx) {
3406 ofproto_revalidate(port->bridge->ofproto, port->active_iface_tag);
3407 port->active_iface = iface->port_ifidx;
3408 port->active_iface_tag = tag_create_random();
3409 VLOG_INFO("port %s: active interface is now %s",
3410 port->name, iface->name);
3411 bond_send_learning_packets(port);
3412 unixctl_command_reply(conn, 200, "done");
3414 unixctl_command_reply(conn, 200, "no change");
3419 enable_slave(struct unixctl_conn *conn, const char *args_, bool enable)
3421 char *args = (char *) args_;
3422 char *save_ptr = NULL;
3423 char *bond_s, *slave_s;
3425 struct iface *iface;
3427 bond_s = strtok_r(args, " ", &save_ptr);
3428 slave_s = strtok_r(NULL, " ", &save_ptr);
3430 unixctl_command_reply(conn, 501,
3431 "usage: bond/enable/disable-slave BOND SLAVE");
3435 port = bond_find(bond_s);
3437 unixctl_command_reply(conn, 501, "no such bond");
3441 iface = port_lookup_iface(port, slave_s);
3443 unixctl_command_reply(conn, 501, "no such slave");
3447 bond_enable_slave(iface, enable);
3448 unixctl_command_reply(conn, 501, enable ? "enabled" : "disabled");
3452 bond_unixctl_enable_slave(struct unixctl_conn *conn, const char *args,
3453 void *aux OVS_UNUSED)
3455 enable_slave(conn, args, true);
3459 bond_unixctl_disable_slave(struct unixctl_conn *conn, const char *args,
3460 void *aux OVS_UNUSED)
3462 enable_slave(conn, args, false);
3466 bond_unixctl_hash(struct unixctl_conn *conn, const char *args,
3467 void *aux OVS_UNUSED)
3469 uint8_t mac[ETH_ADDR_LEN];
3473 if (sscanf(args, ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))
3474 == ETH_ADDR_SCAN_COUNT) {
3475 hash = bond_hash(mac);
3477 hash_cstr = xasprintf("%u", hash);
3478 unixctl_command_reply(conn, 200, hash_cstr);
3481 unixctl_command_reply(conn, 501, "invalid mac");
3488 unixctl_command_register("bond/list", bond_unixctl_list, NULL);
3489 unixctl_command_register("bond/show", bond_unixctl_show, NULL);
3490 unixctl_command_register("bond/migrate", bond_unixctl_migrate, NULL);
3491 unixctl_command_register("bond/set-active-slave",
3492 bond_unixctl_set_active_slave, NULL);
3493 unixctl_command_register("bond/enable-slave", bond_unixctl_enable_slave,
3495 unixctl_command_register("bond/disable-slave", bond_unixctl_disable_slave,
3497 unixctl_command_register("bond/hash", bond_unixctl_hash, NULL);
3500 /* Port functions. */
3502 static struct port *
3503 port_create(struct bridge *br, const char *name)
3507 port = xzalloc(sizeof *port);
3509 port->port_idx = br->n_ports;
3511 port->trunks = NULL;
3512 port->name = xstrdup(name);
3513 port->active_iface = -1;
3515 if (br->n_ports >= br->allocated_ports) {
3516 br->ports = x2nrealloc(br->ports, &br->allocated_ports,
3519 br->ports[br->n_ports++] = port;
3520 shash_add_assert(&br->port_by_name, port->name, port);
3522 VLOG_INFO("created port %s on bridge %s", port->name, br->name);
3529 get_port_other_config(const struct ovsrec_port *port, const char *key,
3530 const char *default_value)
3534 value = get_ovsrec_key_value(&port->header_, &ovsrec_port_col_other_config,
3536 return value ? value : default_value;
3540 port_del_ifaces(struct port *port, const struct ovsrec_port *cfg)
3542 struct shash new_ifaces;
3545 /* Collect list of new interfaces. */
3546 shash_init(&new_ifaces);
3547 for (i = 0; i < cfg->n_interfaces; i++) {
3548 const char *name = cfg->interfaces[i]->name;
3549 shash_add_once(&new_ifaces, name, NULL);
3552 /* Get rid of deleted interfaces. */
3553 for (i = 0; i < port->n_ifaces; ) {
3554 if (!shash_find(&new_ifaces, cfg->interfaces[i]->name)) {
3555 iface_destroy(port->ifaces[i]);
3561 shash_destroy(&new_ifaces);
3565 port_reconfigure(struct port *port, const struct ovsrec_port *cfg)
3567 struct shash new_ifaces;
3568 long long int next_rebalance;
3569 unsigned long *trunks;
3575 /* Update settings. */
3576 port->updelay = cfg->bond_updelay;
3577 if (port->updelay < 0) {
3580 port->downdelay = cfg->bond_downdelay;
3581 if (port->downdelay < 0) {
3582 port->downdelay = 0;
3584 port->bond_rebalance_interval = atoi(
3585 get_port_other_config(cfg, "bond-rebalance-interval", "10000"));
3586 if (port->bond_rebalance_interval < 1000) {
3587 port->bond_rebalance_interval = 1000;
3589 next_rebalance = time_msec() + port->bond_rebalance_interval;
3590 if (port->bond_next_rebalance > next_rebalance) {
3591 port->bond_next_rebalance = next_rebalance;
3594 /* Add new interfaces and update 'cfg' member of existing ones. */
3595 shash_init(&new_ifaces);
3596 for (i = 0; i < cfg->n_interfaces; i++) {
3597 const struct ovsrec_interface *if_cfg = cfg->interfaces[i];
3598 struct iface *iface;
3600 if (!shash_add_once(&new_ifaces, if_cfg->name, NULL)) {
3601 VLOG_WARN("port %s: %s specified twice as port interface",
3602 port->name, if_cfg->name);
3603 iface_set_ofport(if_cfg, -1);
3607 iface = iface_lookup(port->bridge, if_cfg->name);
3609 if (iface->port != port) {
3610 VLOG_ERR("bridge %s: %s interface is on multiple ports, "
3612 port->bridge->name, if_cfg->name, iface->port->name);
3615 iface->cfg = if_cfg;
3617 iface = iface_create(port, if_cfg);
3620 /* Determine interface type. The local port always has type
3621 * "internal". Other ports take their type from the database and
3622 * default to "system" if none is specified. */
3623 iface->type = (!strcmp(if_cfg->name, port->bridge->name) ? "internal"
3624 : if_cfg->type[0] ? if_cfg->type
3627 shash_destroy(&new_ifaces);
3632 if (port->n_ifaces < 2) {
3634 if (vlan >= 0 && vlan <= 4095) {
3635 VLOG_DBG("port %s: assigning VLAN tag %d", port->name, vlan);
3640 /* It's possible that bonded, VLAN-tagged ports make sense. Maybe
3641 * they even work as-is. But they have not been tested. */
3642 VLOG_WARN("port %s: VLAN tags not supported on bonded ports",
3646 if (port->vlan != vlan) {
3648 bridge_flush(port->bridge);
3651 /* Get trunked VLANs. */
3653 if (vlan < 0 && cfg->n_trunks) {
3656 trunks = bitmap_allocate(4096);
3658 for (i = 0; i < cfg->n_trunks; i++) {
3659 int trunk = cfg->trunks[i];
3661 bitmap_set1(trunks, trunk);
3667 VLOG_ERR("port %s: invalid values for %zu trunk VLANs",
3668 port->name, cfg->n_trunks);
3670 if (n_errors == cfg->n_trunks) {
3671 VLOG_ERR("port %s: no valid trunks, trunking all VLANs",
3673 bitmap_free(trunks);
3676 } else if (vlan >= 0 && cfg->n_trunks) {
3677 VLOG_ERR("port %s: ignoring trunks in favor of implicit vlan",
3681 ? port->trunks != NULL
3682 : port->trunks == NULL || !bitmap_equal(trunks, port->trunks, 4096)) {
3683 bridge_flush(port->bridge);
3685 bitmap_free(port->trunks);
3686 port->trunks = trunks;
3690 port_destroy(struct port *port)
3693 struct bridge *br = port->bridge;
3697 proc_net_compat_update_vlan(port->name, NULL, 0);
3698 proc_net_compat_update_bond(port->name, NULL);
3700 for (i = 0; i < MAX_MIRRORS; i++) {
3701 struct mirror *m = br->mirrors[i];
3702 if (m && m->out_port == port) {
3707 while (port->n_ifaces > 0) {
3708 iface_destroy(port->ifaces[port->n_ifaces - 1]);
3711 shash_find_and_delete_assert(&br->port_by_name, port->name);
3713 del = br->ports[port->port_idx] = br->ports[--br->n_ports];
3714 del->port_idx = port->port_idx;
3716 VLOG_INFO("destroyed port %s on bridge %s", port->name, br->name);
3718 netdev_monitor_destroy(port->monitor);
3720 bitmap_free(port->trunks);
3727 static struct port *
3728 port_from_dp_ifidx(const struct bridge *br, uint16_t dp_ifidx)
3730 struct iface *iface = iface_from_dp_ifidx(br, dp_ifidx);
3731 return iface ? iface->port : NULL;
3734 static struct port *
3735 port_lookup(const struct bridge *br, const char *name)
3737 return shash_find_data(&br->port_by_name, name);
3740 static struct iface *
3741 port_lookup_iface(const struct port *port, const char *name)
3743 struct iface *iface = iface_lookup(port->bridge, name);
3744 return iface && iface->port == port ? iface : NULL;
3748 port_update_bonding(struct port *port)
3750 if (port->monitor) {
3751 netdev_monitor_destroy(port->monitor);
3752 port->monitor = NULL;
3754 if (port->n_ifaces < 2) {
3755 /* Not a bonded port. */
3756 if (port->bond_hash) {
3757 free(port->bond_hash);
3758 port->bond_hash = NULL;
3759 port->bond_compat_is_stale = true;
3760 port->bond_fake_iface = false;
3765 if (!port->bond_hash) {
3766 port->bond_hash = xcalloc(BOND_MASK + 1, sizeof *port->bond_hash);
3767 for (i = 0; i <= BOND_MASK; i++) {
3768 struct bond_entry *e = &port->bond_hash[i];
3772 port->no_ifaces_tag = tag_create_random();
3773 bond_choose_active_iface(port);
3774 port->bond_next_rebalance
3775 = time_msec() + port->bond_rebalance_interval;
3777 if (port->cfg->bond_fake_iface) {
3778 port->bond_next_fake_iface_update = time_msec();
3781 port->bond_compat_is_stale = true;
3782 port->bond_fake_iface = port->cfg->bond_fake_iface;
3784 port->monitor = netdev_monitor_create();
3785 for (i = 0; i < port->n_ifaces; i++) {
3786 netdev_monitor_add(port->monitor, port->ifaces[i]->netdev);
3792 port_update_bond_compat(struct port *port)
3794 struct compat_bond_hash compat_hashes[BOND_MASK + 1];
3795 struct compat_bond bond;
3798 if (port->n_ifaces < 2) {
3799 proc_net_compat_update_bond(port->name, NULL);
3804 bond.updelay = port->updelay;
3805 bond.downdelay = port->downdelay;
3808 bond.hashes = compat_hashes;
3809 if (port->bond_hash) {
3810 const struct bond_entry *e;
3811 for (e = port->bond_hash; e <= &port->bond_hash[BOND_MASK]; e++) {
3812 if (e->iface_idx >= 0 && e->iface_idx < port->n_ifaces) {
3813 struct compat_bond_hash *cbh = &bond.hashes[bond.n_hashes++];
3814 cbh->hash = e - port->bond_hash;
3815 cbh->netdev_name = port->ifaces[e->iface_idx]->name;
3820 bond.n_slaves = port->n_ifaces;
3821 bond.slaves = xmalloc(port->n_ifaces * sizeof *bond.slaves);
3822 for (i = 0; i < port->n_ifaces; i++) {
3823 struct iface *iface = port->ifaces[i];
3824 struct compat_bond_slave *slave = &bond.slaves[i];
3825 slave->name = iface->name;
3827 /* We need to make the same determination as the Linux bonding
3828 * code to determine whether a slave should be consider "up".
3829 * The Linux function bond_miimon_inspect() supports four
3830 * BOND_LINK_* states:
3832 * - BOND_LINK_UP: carrier detected, updelay has passed.
3833 * - BOND_LINK_FAIL: carrier lost, downdelay in progress.
3834 * - BOND_LINK_DOWN: carrier lost, downdelay has passed.
3835 * - BOND_LINK_BACK: carrier detected, updelay in progress.
3837 * The function bond_info_show_slave() only considers BOND_LINK_UP
3838 * to be "up" and anything else to be "down".
3840 slave->up = iface->enabled && iface->delay_expires == LLONG_MAX;
3844 netdev_get_etheraddr(iface->netdev, slave->mac);
3847 if (port->bond_fake_iface) {
3848 struct netdev *bond_netdev;
3850 if (!netdev_open_default(port->name, &bond_netdev)) {
3852 netdev_turn_flags_on(bond_netdev, NETDEV_UP, true);
3854 netdev_turn_flags_off(bond_netdev, NETDEV_UP, true);
3856 netdev_close(bond_netdev);
3860 proc_net_compat_update_bond(port->name, &bond);
3865 port_update_vlan_compat(struct port *port)
3867 struct bridge *br = port->bridge;
3868 char *vlandev_name = NULL;
3870 if (port->vlan > 0) {
3871 /* Figure out the name that the VLAN device should actually have, if it
3872 * existed. This takes some work because the VLAN device would not
3873 * have port->name in its name; rather, it would have the trunk port's
3874 * name, and 'port' would be attached to a bridge that also had the
3875 * VLAN device one of its ports. So we need to find a trunk port that
3876 * includes port->vlan.
3878 * There might be more than one candidate. This doesn't happen on
3879 * XenServer, so if it happens we just pick the first choice in
3880 * alphabetical order instead of creating multiple VLAN devices. */
3882 for (i = 0; i < br->n_ports; i++) {
3883 struct port *p = br->ports[i];
3884 if (port_trunks_vlan(p, port->vlan)
3886 && (!vlandev_name || strcmp(p->name, vlandev_name) <= 0))
3888 uint8_t ea[ETH_ADDR_LEN];
3889 netdev_get_etheraddr(p->ifaces[0]->netdev, ea);
3890 if (!eth_addr_is_multicast(ea) &&
3891 !eth_addr_is_reserved(ea) &&
3892 !eth_addr_is_zero(ea)) {
3893 vlandev_name = p->name;
3898 proc_net_compat_update_vlan(port->name, vlandev_name, port->vlan);
3901 /* Interface functions. */
3904 iface_send_packet(struct iface *iface, struct ofpbuf *packet)
3907 union ofp_action action;
3909 memset(&action, 0, sizeof action);
3910 action.output.type = htons(OFPAT_OUTPUT);
3911 action.output.len = htons(sizeof action);
3912 action.output.port = htons(odp_port_to_ofp_port(iface->dp_ifidx));
3914 flow_extract(packet, 0, ODPP_NONE, &flow);
3916 if (ofproto_send_packet(iface->port->bridge->ofproto, &flow, &action, 1,
3918 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
3919 VLOG_WARN_RL(&rl, "interface %s: Failed to send packet.", iface->name);
3923 static struct iface *
3924 iface_create(struct port *port, const struct ovsrec_interface *if_cfg)
3926 struct bridge *br = port->bridge;
3927 struct iface *iface;
3928 char *name = if_cfg->name;
3930 iface = xzalloc(sizeof *iface);
3932 iface->port_ifidx = port->n_ifaces;
3933 iface->name = xstrdup(name);
3934 iface->dp_ifidx = -1;
3935 iface->tag = tag_create_random();
3936 iface->delay_expires = LLONG_MAX;
3937 iface->netdev = NULL;
3938 iface->cfg = if_cfg;
3940 shash_add_assert(&br->iface_by_name, iface->name, iface);
3942 if (port->n_ifaces >= port->allocated_ifaces) {
3943 port->ifaces = x2nrealloc(port->ifaces, &port->allocated_ifaces,
3944 sizeof *port->ifaces);
3946 port->ifaces[port->n_ifaces++] = iface;
3947 if (port->n_ifaces > 1) {
3948 br->has_bonded_ports = true;
3951 VLOG_DBG("attached network device %s to port %s", iface->name, port->name);
3959 iface_destroy(struct iface *iface)
3962 struct port *port = iface->port;
3963 struct bridge *br = port->bridge;
3964 bool del_active = port->active_iface == iface->port_ifidx;
3967 shash_find_and_delete_assert(&br->iface_by_name, iface->name);
3969 if (iface->dp_ifidx >= 0) {
3970 hmap_remove(&br->ifaces, &iface->dp_ifidx_node);
3973 del = port->ifaces[iface->port_ifidx] = port->ifaces[--port->n_ifaces];
3974 del->port_ifidx = iface->port_ifidx;
3976 netdev_close(iface->netdev);
3979 ofproto_revalidate(port->bridge->ofproto, port->active_iface_tag);
3980 bond_choose_active_iface(port);
3981 bond_send_learning_packets(port);
3984 cfm_destroy(iface->cfm);
3989 bridge_flush(port->bridge);
3993 static struct iface *
3994 iface_lookup(const struct bridge *br, const char *name)
3996 return shash_find_data(&br->iface_by_name, name);
3999 static struct iface *
4000 iface_from_dp_ifidx(const struct bridge *br, uint16_t dp_ifidx)
4002 struct iface *iface;
4004 HMAP_FOR_EACH_IN_BUCKET (iface, dp_ifidx_node,
4005 hash_int(dp_ifidx, 0), &br->ifaces) {
4006 if (iface->dp_ifidx == dp_ifidx) {
4013 /* Set Ethernet address of 'iface', if one is specified in the configuration
4016 iface_set_mac(struct iface *iface)
4018 uint8_t ea[ETH_ADDR_LEN];
4020 if (iface->cfg->mac && eth_addr_from_string(iface->cfg->mac, ea)) {
4021 if (eth_addr_is_multicast(ea)) {
4022 VLOG_ERR("interface %s: cannot set MAC to multicast address",
4024 } else if (iface->dp_ifidx == ODPP_LOCAL) {
4025 VLOG_ERR("ignoring iface.%s.mac; use bridge.%s.mac instead",
4026 iface->name, iface->name);
4028 int error = netdev_set_etheraddr(iface->netdev, ea);
4030 VLOG_ERR("interface %s: setting MAC failed (%s)",
4031 iface->name, strerror(error));
4037 /* Sets the ofport column of 'if_cfg' to 'ofport'. */
4039 iface_set_ofport(const struct ovsrec_interface *if_cfg, int64_t ofport)
4042 ovsrec_interface_set_ofport(if_cfg, &ofport, 1);
4046 /* Adds the 'n' key-value pairs in 'keys' in 'values' to 'shash'.
4048 * The value strings in '*shash' are taken directly from values[], not copied,
4049 * so the caller should not modify or free them. */
4051 shash_from_ovs_idl_map(char **keys, char **values, size_t n,
4052 struct shash *shash)
4057 for (i = 0; i < n; i++) {
4058 shash_add(shash, keys[i], values[i]);
4062 struct iface_delete_queues_cbdata {
4063 struct netdev *netdev;
4064 const struct ovsdb_datum *queues;
4068 queue_ids_include(const struct ovsdb_datum *queues, int64_t target)
4070 union ovsdb_atom atom;
4072 atom.integer = target;
4073 return ovsdb_datum_find_key(queues, &atom, OVSDB_TYPE_INTEGER) != UINT_MAX;
4077 iface_delete_queues(unsigned int queue_id,
4078 const struct shash *details OVS_UNUSED, void *cbdata_)
4080 struct iface_delete_queues_cbdata *cbdata = cbdata_;
4082 if (!queue_ids_include(cbdata->queues, queue_id)) {
4083 netdev_delete_queue(cbdata->netdev, queue_id);
4088 iface_update_qos(struct iface *iface, const struct ovsrec_qos *qos)
4090 if (!qos || qos->type[0] == '\0') {
4091 netdev_set_qos(iface->netdev, NULL, NULL);
4093 struct iface_delete_queues_cbdata cbdata;
4094 struct shash details;
4097 /* Configure top-level Qos for 'iface'. */
4098 shash_from_ovs_idl_map(qos->key_other_config, qos->value_other_config,
4099 qos->n_other_config, &details);
4100 netdev_set_qos(iface->netdev, qos->type, &details);
4101 shash_destroy(&details);
4103 /* Deconfigure queues that were deleted. */
4104 cbdata.netdev = iface->netdev;
4105 cbdata.queues = ovsrec_qos_get_queues(qos, OVSDB_TYPE_INTEGER,
4107 netdev_dump_queues(iface->netdev, iface_delete_queues, &cbdata);
4109 /* Configure queues for 'iface'. */
4110 for (i = 0; i < qos->n_queues; i++) {
4111 const struct ovsrec_queue *queue = qos->value_queues[i];
4112 unsigned int queue_id = qos->key_queues[i];
4114 shash_from_ovs_idl_map(queue->key_other_config,
4115 queue->value_other_config,
4116 queue->n_other_config, &details);
4117 netdev_set_queue(iface->netdev, queue_id, &details);
4118 shash_destroy(&details);
4124 iface_update_cfm(struct iface *iface)
4128 uint16_t *remote_mps;
4129 struct ovsrec_monitor *mon;
4130 uint8_t ea[ETH_ADDR_LEN], maid[CCM_MAID_LEN];
4132 mon = iface->cfg->monitor;
4138 if (netdev_get_etheraddr(iface->netdev, ea)) {
4139 VLOG_WARN("interface %s: Failed to get ethernet address. "
4140 "Skipping Monitor.", iface->name);
4144 if (!cfm_generate_maid(mon->md_name, mon->ma_name, maid)) {
4145 VLOG_WARN("interface %s: Failed to generate MAID.", iface->name);
4150 iface->cfm = cfm_create();
4154 cfm->mpid = mon->mpid;
4155 cfm->interval = mon->interval ? *mon->interval : 1000;
4157 memcpy(cfm->eth_src, ea, sizeof cfm->eth_src);
4158 memcpy(cfm->maid, maid, sizeof cfm->maid);
4160 remote_mps = xzalloc(mon->n_remote_mps * sizeof *remote_mps);
4161 for(i = 0; i < mon->n_remote_mps; i++) {
4162 remote_mps[i] = mon->remote_mps[i]->mpid;
4164 cfm_update_remote_mps(cfm, remote_mps, mon->n_remote_mps);
4167 if (!cfm_configure(iface->cfm)) {
4168 cfm_destroy(iface->cfm);
4173 /* Port mirroring. */
4175 static struct mirror *
4176 mirror_find_by_uuid(struct bridge *br, const struct uuid *uuid)
4180 for (i = 0; i < MAX_MIRRORS; i++) {
4181 struct mirror *m = br->mirrors[i];
4182 if (m && uuid_equals(uuid, &m->uuid)) {
4190 mirror_reconfigure(struct bridge *br)
4192 unsigned long *rspan_vlans;
4195 /* Get rid of deleted mirrors. */
4196 for (i = 0; i < MAX_MIRRORS; i++) {
4197 struct mirror *m = br->mirrors[i];
4199 const struct ovsdb_datum *mc;
4200 union ovsdb_atom atom;
4202 mc = ovsrec_bridge_get_mirrors(br->cfg, OVSDB_TYPE_UUID);
4203 atom.uuid = br->mirrors[i]->uuid;
4204 if (ovsdb_datum_find_key(mc, &atom, OVSDB_TYPE_UUID) == UINT_MAX) {
4210 /* Add new mirrors and reconfigure existing ones. */
4211 for (i = 0; i < br->cfg->n_mirrors; i++) {
4212 struct ovsrec_mirror *cfg = br->cfg->mirrors[i];
4213 struct mirror *m = mirror_find_by_uuid(br, &cfg->header_.uuid);
4215 mirror_reconfigure_one(m, cfg);
4217 mirror_create(br, cfg);
4221 /* Update port reserved status. */
4222 for (i = 0; i < br->n_ports; i++) {
4223 br->ports[i]->is_mirror_output_port = false;
4225 for (i = 0; i < MAX_MIRRORS; i++) {
4226 struct mirror *m = br->mirrors[i];
4227 if (m && m->out_port) {
4228 m->out_port->is_mirror_output_port = true;
4232 /* Update flooded vlans (for RSPAN). */
4234 if (br->cfg->n_flood_vlans) {
4235 rspan_vlans = bitmap_allocate(4096);
4237 for (i = 0; i < br->cfg->n_flood_vlans; i++) {
4238 int64_t vlan = br->cfg->flood_vlans[i];
4239 if (vlan >= 0 && vlan < 4096) {
4240 bitmap_set1(rspan_vlans, vlan);
4241 VLOG_INFO("bridge %s: disabling learning on vlan %"PRId64,
4244 VLOG_ERR("bridge %s: invalid value %"PRId64 "for flood VLAN",
4249 if (mac_learning_set_flood_vlans(br->ml, rspan_vlans)) {
4255 mirror_create(struct bridge *br, struct ovsrec_mirror *cfg)
4260 for (i = 0; ; i++) {
4261 if (i >= MAX_MIRRORS) {
4262 VLOG_WARN("bridge %s: maximum of %d port mirrors reached, "
4263 "cannot create %s", br->name, MAX_MIRRORS, cfg->name);
4266 if (!br->mirrors[i]) {
4271 VLOG_INFO("created port mirror %s on bridge %s", cfg->name, br->name);
4274 br->mirrors[i] = m = xzalloc(sizeof *m);
4277 m->name = xstrdup(cfg->name);
4278 shash_init(&m->src_ports);
4279 shash_init(&m->dst_ports);
4285 mirror_reconfigure_one(m, cfg);
4289 mirror_destroy(struct mirror *m)
4292 struct bridge *br = m->bridge;
4295 for (i = 0; i < br->n_ports; i++) {
4296 br->ports[i]->src_mirrors &= ~(MIRROR_MASK_C(1) << m->idx);
4297 br->ports[i]->dst_mirrors &= ~(MIRROR_MASK_C(1) << m->idx);
4300 shash_destroy(&m->src_ports);
4301 shash_destroy(&m->dst_ports);
4304 m->bridge->mirrors[m->idx] = NULL;
4313 mirror_collect_ports(struct mirror *m, struct ovsrec_port **ports, int n_ports,
4314 struct shash *names)
4318 for (i = 0; i < n_ports; i++) {
4319 const char *name = ports[i]->name;
4320 if (port_lookup(m->bridge, name)) {
4321 shash_add_once(names, name, NULL);
4323 VLOG_WARN("bridge %s: mirror %s cannot match on nonexistent "
4324 "port %s", m->bridge->name, m->name, name);
4330 mirror_collect_vlans(struct mirror *m, const struct ovsrec_mirror *cfg,
4336 *vlans = xmalloc(sizeof **vlans * cfg->n_select_vlan);
4338 for (i = 0; i < cfg->n_select_vlan; i++) {
4339 int64_t vlan = cfg->select_vlan[i];
4340 if (vlan < 0 || vlan > 4095) {
4341 VLOG_WARN("bridge %s: mirror %s selects invalid VLAN %"PRId64,
4342 m->bridge->name, m->name, vlan);
4344 (*vlans)[n_vlans++] = vlan;
4351 vlan_is_mirrored(const struct mirror *m, int vlan)
4355 for (i = 0; i < m->n_vlans; i++) {
4356 if (m->vlans[i] == vlan) {
4364 port_trunks_any_mirrored_vlan(const struct mirror *m, const struct port *p)
4368 for (i = 0; i < m->n_vlans; i++) {
4369 if (port_trunks_vlan(p, m->vlans[i])) {
4377 mirror_reconfigure_one(struct mirror *m, struct ovsrec_mirror *cfg)
4379 struct shash src_ports, dst_ports;
4380 mirror_mask_t mirror_bit;
4381 struct port *out_port;
4388 if (strcmp(cfg->name, m->name)) {
4390 m->name = xstrdup(cfg->name);
4393 /* Get output port. */
4394 if (cfg->output_port) {
4395 out_port = port_lookup(m->bridge, cfg->output_port->name);
4397 VLOG_ERR("bridge %s: mirror %s outputs to port not on bridge",
4398 m->bridge->name, m->name);
4404 if (cfg->output_vlan) {
4405 VLOG_ERR("bridge %s: mirror %s specifies both output port and "
4406 "output vlan; ignoring output vlan",
4407 m->bridge->name, m->name);
4409 } else if (cfg->output_vlan) {
4411 out_vlan = *cfg->output_vlan;
4413 VLOG_ERR("bridge %s: mirror %s does not specify output; ignoring",
4414 m->bridge->name, m->name);
4419 shash_init(&src_ports);
4420 shash_init(&dst_ports);
4421 if (cfg->select_all) {
4422 for (i = 0; i < m->bridge->n_ports; i++) {
4423 const char *name = m->bridge->ports[i]->name;
4424 shash_add_once(&src_ports, name, NULL);
4425 shash_add_once(&dst_ports, name, NULL);
4430 /* Get ports, and drop duplicates and ports that don't exist. */
4431 mirror_collect_ports(m, cfg->select_src_port, cfg->n_select_src_port,
4433 mirror_collect_ports(m, cfg->select_dst_port, cfg->n_select_dst_port,
4436 /* Get all the vlans, and drop duplicate and invalid vlans. */
4437 n_vlans = mirror_collect_vlans(m, cfg, &vlans);
4440 /* Update mirror data. */
4441 if (!shash_equal_keys(&m->src_ports, &src_ports)
4442 || !shash_equal_keys(&m->dst_ports, &dst_ports)
4443 || m->n_vlans != n_vlans
4444 || memcmp(m->vlans, vlans, sizeof *vlans * n_vlans)
4445 || m->out_port != out_port
4446 || m->out_vlan != out_vlan) {
4447 bridge_flush(m->bridge);
4449 shash_swap(&m->src_ports, &src_ports);
4450 shash_swap(&m->dst_ports, &dst_ports);
4453 m->n_vlans = n_vlans;
4454 m->out_port = out_port;
4455 m->out_vlan = out_vlan;
4458 mirror_bit = MIRROR_MASK_C(1) << m->idx;
4459 for (i = 0; i < m->bridge->n_ports; i++) {
4460 struct port *port = m->bridge->ports[i];
4462 if (shash_find(&m->src_ports, port->name)
4465 ? port_trunks_any_mirrored_vlan(m, port)
4466 : vlan_is_mirrored(m, port->vlan)))) {
4467 port->src_mirrors |= mirror_bit;
4469 port->src_mirrors &= ~mirror_bit;
4472 if (shash_find(&m->dst_ports, port->name)) {
4473 port->dst_mirrors |= mirror_bit;
4475 port->dst_mirrors &= ~mirror_bit;
4480 shash_destroy(&src_ports);
4481 shash_destroy(&dst_ports);
git://git.onelab.eu / sliver-openvswitch.git / blob