1 /* Copyright (c) 2008, 2009, 2010 Nicira Networks
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
20 #include <arpa/inet.h>
23 #include <sys/socket.h>
25 #include <openflow/openflow.h>
30 #include <sys/socket.h>
31 #include <sys/types.h>
37 #include "dynamic-string.h"
42 #include "mac-learning.h"
45 #include "ofp-print.h"
47 #include "ofproto/netflow.h"
48 #include "ofproto/ofproto.h"
50 #include "poll-loop.h"
51 #include "port-array.h"
52 #include "proc-net-compat.h"
56 #include "socket-util.h"
57 #include "stream-ssl.h"
63 #include "vswitchd/vswitch-idl.h"
64 #include "xenserver.h"
66 #include "sflow_api.h"
68 #define THIS_MODULE VLM_bridge
77 /* These members are always valid. */
78 struct port *port; /* Containing port. */
79 size_t port_ifidx; /* Index within containing port. */
80 char *name; /* Host network device name. */
81 tag_type tag; /* Tag associated with this interface. */
82 long long delay_expires; /* Time after which 'enabled' may change. */
84 /* These members are valid only after bridge_reconfigure() causes them to
86 int dp_ifidx; /* Index within kernel datapath. */
87 struct netdev *netdev; /* Network device. */
88 bool enabled; /* May be chosen for flows? */
90 /* This member is only valid *during* bridge_reconfigure(). */
91 const struct ovsrec_interface *cfg;
94 #define BOND_MASK 0xff
96 int iface_idx; /* Index of assigned iface, or -1 if none. */
97 uint64_t tx_bytes; /* Count of bytes recently transmitted. */
98 tag_type iface_tag; /* Tag associated with iface_idx. */
101 #define MAX_MIRRORS 32
102 typedef uint32_t mirror_mask_t;
103 #define MIRROR_MASK_C(X) UINT32_C(X)
104 BUILD_ASSERT_DECL(sizeof(mirror_mask_t) * CHAR_BIT >= MAX_MIRRORS);
106 struct bridge *bridge;
110 /* Selection criteria. */
111 struct shash src_ports; /* Name is port name; data is always NULL. */
112 struct shash dst_ports; /* Name is port name; data is always NULL. */
117 struct port *out_port;
121 #define FLOOD_PORT ((struct port *) 1) /* The 'flood' output port. */
123 struct bridge *bridge;
125 int vlan; /* -1=trunk port, else a 12-bit VLAN ID. */
126 unsigned long *trunks; /* Bitmap of trunked VLANs, if 'vlan' == -1.
127 * NULL if all VLANs are trunked. */
130 /* An ordinary bridge port has 1 interface.
131 * A bridge port for bonding has at least 2 interfaces. */
132 struct iface **ifaces;
133 size_t n_ifaces, allocated_ifaces;
136 struct bond_entry *bond_hash; /* An array of (BOND_MASK + 1) elements. */
137 int active_iface; /* Ifidx on which bcasts accepted, or -1. */
138 tag_type active_iface_tag; /* Tag for bcast flows. */
139 tag_type no_ifaces_tag; /* Tag for flows when all ifaces disabled. */
140 int updelay, downdelay; /* Delay before iface goes up/down, in ms. */
141 bool bond_compat_is_stale; /* Need to call port_update_bond_compat()? */
142 bool bond_fake_iface; /* Fake a bond interface for legacy compat? */
143 long bond_next_fake_iface_update; /* Next update to fake bond stats. */
144 int bond_rebalance_interval; /* Interval between rebalances, in ms. */
145 long long int bond_next_rebalance; /* Next rebalancing time. */
147 /* Port mirroring info. */
148 mirror_mask_t src_mirrors; /* Mirrors triggered when packet received. */
149 mirror_mask_t dst_mirrors; /* Mirrors triggered when packet sent. */
150 bool is_mirror_output_port; /* Does port mirroring send frames here? */
152 /* This member is only valid *during* bridge_reconfigure(). */
153 const struct ovsrec_port *cfg;
156 #define DP_MAX_PORTS 255
158 struct list node; /* Node in global list of bridges. */
159 char *name; /* User-specified arbitrary name. */
160 struct mac_learning *ml; /* MAC learning table. */
161 uint8_t default_ea[ETH_ADDR_LEN]; /* Default MAC. */
163 /* OpenFlow switch processing. */
164 struct ofproto *ofproto; /* OpenFlow switch. */
166 /* Kernel datapath information. */
167 struct dpif *dpif; /* Datapath. */
168 struct port_array ifaces; /* Indexed by kernel datapath port number. */
172 size_t n_ports, allocated_ports;
173 struct shash iface_by_name; /* "struct iface"s indexed by name. */
174 struct shash port_by_name; /* "struct port"s indexed by name. */
177 bool has_bonded_ports;
182 /* Port mirroring. */
183 struct mirror *mirrors[MAX_MIRRORS];
185 /* This member is only valid *during* bridge_reconfigure(). */
186 const struct ovsrec_bridge *cfg;
189 /* List of all bridges. */
190 static struct list all_bridges = LIST_INITIALIZER(&all_bridges);
192 /* Maximum number of datapaths. */
193 enum { DP_MAX = 256 };
195 static struct bridge *bridge_create(const struct ovsrec_bridge *br_cfg);
196 static void bridge_destroy(struct bridge *);
197 static struct bridge *bridge_lookup(const char *name);
198 static unixctl_cb_func bridge_unixctl_dump_flows;
199 static int bridge_run_one(struct bridge *);
200 static size_t bridge_get_controllers(const struct ovsrec_open_vswitch *ovs_cfg,
201 const struct bridge *br,
202 struct ovsrec_controller ***controllersp);
203 static void bridge_reconfigure_one(const struct ovsrec_open_vswitch *,
205 static void bridge_reconfigure_remotes(const struct ovsrec_open_vswitch *,
207 const struct sockaddr_in *managers,
209 static void bridge_get_all_ifaces(const struct bridge *, struct shash *ifaces);
210 static void bridge_fetch_dp_ifaces(struct bridge *);
211 static void bridge_flush(struct bridge *);
212 static void bridge_pick_local_hw_addr(struct bridge *,
213 uint8_t ea[ETH_ADDR_LEN],
214 struct iface **hw_addr_iface);
215 static uint64_t bridge_pick_datapath_id(struct bridge *,
216 const uint8_t bridge_ea[ETH_ADDR_LEN],
217 struct iface *hw_addr_iface);
218 static struct iface *bridge_get_local_iface(struct bridge *);
219 static uint64_t dpid_from_hash(const void *, size_t nbytes);
221 static unixctl_cb_func bridge_unixctl_fdb_show;
223 static void bond_init(void);
224 static void bond_run(struct bridge *);
225 static void bond_wait(struct bridge *);
226 static void bond_rebalance_port(struct port *);
227 static void bond_send_learning_packets(struct port *);
228 static void bond_enable_slave(struct iface *iface, bool enable);
230 static struct port *port_create(struct bridge *, const char *name);
231 static void port_reconfigure(struct port *, const struct ovsrec_port *);
232 static void port_del_ifaces(struct port *, const struct ovsrec_port *);
233 static void port_destroy(struct port *);
234 static struct port *port_lookup(const struct bridge *, const char *name);
235 static struct iface *port_lookup_iface(const struct port *, const char *name);
236 static struct port *port_from_dp_ifidx(const struct bridge *,
238 static void port_update_bond_compat(struct port *);
239 static void port_update_vlan_compat(struct port *);
240 static void port_update_bonding(struct port *);
242 static struct mirror *mirror_create(struct bridge *, const char *name);
243 static void mirror_destroy(struct mirror *);
244 static void mirror_reconfigure(struct bridge *);
245 static void mirror_reconfigure_one(struct mirror *, struct ovsrec_mirror *);
246 static bool vlan_is_mirrored(const struct mirror *, int vlan);
248 static struct iface *iface_create(struct port *port,
249 const struct ovsrec_interface *if_cfg);
250 static void iface_destroy(struct iface *);
251 static struct iface *iface_lookup(const struct bridge *, const char *name);
252 static struct iface *iface_from_dp_ifidx(const struct bridge *,
254 static bool iface_is_internal(const struct bridge *, const char *name);
255 static void iface_set_mac(struct iface *);
256 static void iface_update_qos(struct iface *, const struct ovsrec_qos *);
258 /* Hooks into ofproto processing. */
259 static struct ofhooks bridge_ofhooks;
261 /* Public functions. */
263 /* Adds the name of each interface used by a bridge, including local and
264 * internal ports, to 'svec'. */
266 bridge_get_ifaces(struct svec *svec)
268 struct bridge *br, *next;
271 LIST_FOR_EACH_SAFE (br, next, struct bridge, node, &all_bridges) {
272 for (i = 0; i < br->n_ports; i++) {
273 struct port *port = br->ports[i];
275 for (j = 0; j < port->n_ifaces; j++) {
276 struct iface *iface = port->ifaces[j];
277 if (iface->dp_ifidx < 0) {
278 VLOG_ERR("%s interface not in datapath %s, ignoring",
279 iface->name, dpif_name(br->dpif));
281 if (iface->dp_ifidx != ODPP_LOCAL) {
282 svec_add(svec, iface->name);
291 bridge_init(const struct ovsrec_open_vswitch *cfg)
293 struct svec bridge_names;
294 struct svec dpif_names, dpif_types;
297 unixctl_command_register("fdb/show", bridge_unixctl_fdb_show, NULL);
299 svec_init(&bridge_names);
300 for (i = 0; i < cfg->n_bridges; i++) {
301 svec_add(&bridge_names, cfg->bridges[i]->name);
303 svec_sort(&bridge_names);
305 svec_init(&dpif_names);
306 svec_init(&dpif_types);
307 dp_enumerate_types(&dpif_types);
308 for (i = 0; i < dpif_types.n; i++) {
313 dp_enumerate_names(dpif_types.names[i], &dpif_names);
315 for (j = 0; j < dpif_names.n; j++) {
316 retval = dpif_open(dpif_names.names[j], dpif_types.names[i], &dpif);
318 struct svec all_names;
321 svec_init(&all_names);
322 dpif_get_all_names(dpif, &all_names);
323 for (k = 0; k < all_names.n; k++) {
324 if (svec_contains(&bridge_names, all_names.names[k])) {
330 svec_destroy(&all_names);
335 svec_destroy(&bridge_names);
336 svec_destroy(&dpif_names);
337 svec_destroy(&dpif_types);
339 unixctl_command_register("bridge/dump-flows", bridge_unixctl_dump_flows,
343 bridge_reconfigure(cfg);
348 bridge_configure_ssl(const struct ovsrec_ssl *ssl)
350 /* XXX SSL should be configurable on a per-bridge basis. */
352 stream_ssl_set_private_key_file(ssl->private_key);
353 stream_ssl_set_certificate_file(ssl->certificate);
354 stream_ssl_set_ca_cert_file(ssl->ca_cert, ssl->bootstrap_ca_cert);
359 /* Attempt to create the network device 'iface_name' through the netdev
362 set_up_iface(const struct ovsrec_interface *iface_cfg, struct iface *iface,
365 struct shash_node *node;
366 struct shash options;
370 shash_init(&options);
371 for (i = 0; i < iface_cfg->n_options; i++) {
372 shash_add(&options, iface_cfg->key_options[i],
373 xstrdup(iface_cfg->value_options[i]));
377 struct netdev_options netdev_options;
379 memset(&netdev_options, 0, sizeof netdev_options);
380 netdev_options.name = iface_cfg->name;
381 if (!strcmp(iface_cfg->type, "internal")) {
382 /* An "internal" config type maps to a netdev "system" type. */
383 netdev_options.type = "system";
385 netdev_options.type = iface_cfg->type;
387 netdev_options.args = &options;
388 netdev_options.ethertype = NETDEV_ETH_TYPE_NONE;
390 error = netdev_open(&netdev_options, &iface->netdev);
393 netdev_get_carrier(iface->netdev, &iface->enabled);
395 } else if (iface->netdev) {
396 const char *netdev_type = netdev_get_type(iface->netdev);
397 const char *iface_type = iface_cfg->type && strlen(iface_cfg->type)
398 ? iface_cfg->type : NULL;
400 /* An "internal" config type maps to a netdev "system" type. */
401 if (iface_type && !strcmp(iface_type, "internal")) {
402 iface_type = "system";
405 if (!iface_type || !strcmp(netdev_type, iface_type)) {
406 error = netdev_reconfigure(iface->netdev, &options);
408 VLOG_WARN("%s: attempting change device type from %s to %s",
409 iface_cfg->name, netdev_type, iface_type);
414 SHASH_FOR_EACH (node, &options) {
417 shash_destroy(&options);
423 reconfigure_iface(const struct ovsrec_interface *iface_cfg, struct iface *iface)
425 return set_up_iface(iface_cfg, iface, false);
429 check_iface_netdev(struct bridge *br OVS_UNUSED, struct iface *iface,
430 void *aux OVS_UNUSED)
432 if (!iface->netdev) {
433 int error = set_up_iface(iface->cfg, iface, true);
435 VLOG_WARN("could not open netdev on %s, dropping: %s", iface->name,
445 check_iface_dp_ifidx(struct bridge *br, struct iface *iface,
446 void *aux OVS_UNUSED)
448 if (iface->dp_ifidx >= 0) {
449 VLOG_DBG("%s has interface %s on port %d",
451 iface->name, iface->dp_ifidx);
454 VLOG_ERR("%s interface not in %s, dropping",
455 iface->name, dpif_name(br->dpif));
461 set_iface_properties(struct bridge *br OVS_UNUSED, struct iface *iface,
462 void *aux OVS_UNUSED)
464 /* Set policing attributes. */
465 netdev_set_policing(iface->netdev,
466 iface->cfg->ingress_policing_rate,
467 iface->cfg->ingress_policing_burst);
469 /* Set MAC address of internal interfaces other than the local
471 if (iface->dp_ifidx != ODPP_LOCAL
472 && iface_is_internal(br, iface->name)) {
473 iface_set_mac(iface);
479 /* Calls 'cb' for each interfaces in 'br', passing along the 'aux' argument.
480 * Deletes from 'br' all the interfaces for which 'cb' returns false, and then
481 * deletes from 'br' any ports that no longer have any interfaces. */
483 iterate_and_prune_ifaces(struct bridge *br,
484 bool (*cb)(struct bridge *, struct iface *,
490 for (i = 0; i < br->n_ports; ) {
491 struct port *port = br->ports[i];
492 for (j = 0; j < port->n_ifaces; ) {
493 struct iface *iface = port->ifaces[j];
494 if (cb(br, iface, aux)) {
497 iface_destroy(iface);
501 if (port->n_ifaces) {
504 VLOG_ERR("%s port has no interfaces, dropping", port->name);
510 /* Looks at the list of managers in 'ovs_cfg' and extracts their remote IP
511 * addresses and ports into '*managersp' and '*n_managersp'. The caller is
512 * responsible for freeing '*managersp' (with free()).
514 * You may be asking yourself "why does ovs-vswitchd care?", because
515 * ovsdb-server is responsible for connecting to the managers, and ovs-vswitchd
516 * should not be and in fact is not directly involved in that. But
517 * ovs-vswitchd needs to make sure that ovsdb-server can reach the managers, so
518 * it has to tell in-band control where the managers are to enable that.
521 collect_managers(const struct ovsrec_open_vswitch *ovs_cfg,
522 struct sockaddr_in **managersp, size_t *n_managersp)
524 struct sockaddr_in *managers = NULL;
525 size_t n_managers = 0;
527 if (ovs_cfg->n_managers > 0) {
530 managers = xmalloc(ovs_cfg->n_managers * sizeof *managers);
531 for (i = 0; i < ovs_cfg->n_managers; i++) {
532 const char *name = ovs_cfg->managers[i];
533 struct sockaddr_in *sin = &managers[i];
535 if ((!strncmp(name, "tcp:", 4)
536 && inet_parse_active(name + 4, JSONRPC_TCP_PORT, sin)) ||
537 (!strncmp(name, "ssl:", 4)
538 && inet_parse_active(name + 4, JSONRPC_SSL_PORT, sin))) {
544 *managersp = managers;
545 *n_managersp = n_managers;
549 bridge_reconfigure(const struct ovsrec_open_vswitch *ovs_cfg)
551 struct ovsdb_idl_txn *txn;
552 struct shash old_br, new_br;
553 struct shash_node *node;
554 struct bridge *br, *next;
555 struct sockaddr_in *managers;
558 int sflow_bridge_number;
560 COVERAGE_INC(bridge_reconfigure);
562 txn = ovsdb_idl_txn_create(ovs_cfg->header_.table->idl);
564 collect_managers(ovs_cfg, &managers, &n_managers);
566 /* Collect old and new bridges. */
569 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
570 shash_add(&old_br, br->name, br);
572 for (i = 0; i < ovs_cfg->n_bridges; i++) {
573 const struct ovsrec_bridge *br_cfg = ovs_cfg->bridges[i];
574 if (!shash_add_once(&new_br, br_cfg->name, br_cfg)) {
575 VLOG_WARN("more than one bridge named %s", br_cfg->name);
579 /* Get rid of deleted bridges and add new bridges. */
580 LIST_FOR_EACH_SAFE (br, next, struct bridge, node, &all_bridges) {
581 struct ovsrec_bridge *br_cfg = shash_find_data(&new_br, br->name);
588 SHASH_FOR_EACH (node, &new_br) {
589 const char *br_name = node->name;
590 const struct ovsrec_bridge *br_cfg = node->data;
591 br = shash_find_data(&old_br, br_name);
593 /* If the bridge datapath type has changed, we need to tear it
594 * down and recreate. */
595 if (strcmp(br->cfg->datapath_type, br_cfg->datapath_type)) {
597 bridge_create(br_cfg);
600 bridge_create(br_cfg);
603 shash_destroy(&old_br);
604 shash_destroy(&new_br);
608 bridge_configure_ssl(ovs_cfg->ssl);
611 /* Reconfigure all bridges. */
612 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
613 bridge_reconfigure_one(ovs_cfg, br);
616 /* Add and delete ports on all datapaths.
618 * The kernel will reject any attempt to add a given port to a datapath if
619 * that port already belongs to a different datapath, so we must do all
620 * port deletions before any port additions. */
621 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
622 struct odp_port *dpif_ports;
624 struct shash want_ifaces;
626 dpif_port_list(br->dpif, &dpif_ports, &n_dpif_ports);
627 bridge_get_all_ifaces(br, &want_ifaces);
628 for (i = 0; i < n_dpif_ports; i++) {
629 const struct odp_port *p = &dpif_ports[i];
630 if (!shash_find(&want_ifaces, p->devname)
631 && strcmp(p->devname, br->name)) {
632 int retval = dpif_port_del(br->dpif, p->port);
634 VLOG_ERR("failed to remove %s interface from %s: %s",
635 p->devname, dpif_name(br->dpif),
640 shash_destroy(&want_ifaces);
643 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
644 struct odp_port *dpif_ports;
646 struct shash cur_ifaces, want_ifaces;
647 struct shash_node *node;
649 /* Get the set of interfaces currently in this datapath. */
650 dpif_port_list(br->dpif, &dpif_ports, &n_dpif_ports);
651 shash_init(&cur_ifaces);
652 for (i = 0; i < n_dpif_ports; i++) {
653 const char *name = dpif_ports[i].devname;
654 if (!shash_find(&cur_ifaces, name)) {
655 shash_add(&cur_ifaces, name, NULL);
660 /* Get the set of interfaces we want on this datapath. */
661 bridge_get_all_ifaces(br, &want_ifaces);
663 SHASH_FOR_EACH (node, &want_ifaces) {
664 const char *if_name = node->name;
665 struct iface *iface = node->data;
667 if (shash_find(&cur_ifaces, if_name)) {
668 /* Already exists, just reconfigure it. */
670 reconfigure_iface(iface->cfg, iface);
673 /* Need to add to datapath. */
677 /* Add to datapath. */
678 internal = iface_is_internal(br, if_name);
679 error = dpif_port_add(br->dpif, if_name,
680 internal ? ODP_PORT_INTERNAL : 0, NULL);
681 if (error == EFBIG) {
682 VLOG_ERR("ran out of valid port numbers on %s",
683 dpif_name(br->dpif));
686 VLOG_ERR("failed to add %s interface to %s: %s",
687 if_name, dpif_name(br->dpif), strerror(error));
691 shash_destroy(&cur_ifaces);
692 shash_destroy(&want_ifaces);
694 sflow_bridge_number = 0;
695 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
698 struct iface *local_iface;
699 struct iface *hw_addr_iface;
702 bridge_fetch_dp_ifaces(br);
704 iterate_and_prune_ifaces(br, check_iface_netdev, NULL);
705 iterate_and_prune_ifaces(br, check_iface_dp_ifidx, NULL);
707 /* Pick local port hardware address, datapath ID. */
708 bridge_pick_local_hw_addr(br, ea, &hw_addr_iface);
709 local_iface = bridge_get_local_iface(br);
711 int error = netdev_set_etheraddr(local_iface->netdev, ea);
713 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
714 VLOG_ERR_RL(&rl, "bridge %s: failed to set bridge "
715 "Ethernet address: %s",
716 br->name, strerror(error));
720 dpid = bridge_pick_datapath_id(br, ea, hw_addr_iface);
721 ofproto_set_datapath_id(br->ofproto, dpid);
723 dpid_string = xasprintf("%016"PRIx64, dpid);
724 ovsrec_bridge_set_datapath_id(br->cfg, dpid_string);
727 /* Set NetFlow configuration on this bridge. */
728 if (br->cfg->netflow) {
729 struct ovsrec_netflow *nf_cfg = br->cfg->netflow;
730 struct netflow_options opts;
732 memset(&opts, 0, sizeof opts);
734 dpif_get_netflow_ids(br->dpif, &opts.engine_type, &opts.engine_id);
735 if (nf_cfg->engine_type) {
736 opts.engine_type = *nf_cfg->engine_type;
738 if (nf_cfg->engine_id) {
739 opts.engine_id = *nf_cfg->engine_id;
742 opts.active_timeout = nf_cfg->active_timeout;
743 if (!opts.active_timeout) {
744 opts.active_timeout = -1;
745 } else if (opts.active_timeout < 0) {
746 VLOG_WARN("bridge %s: active timeout interval set to negative "
747 "value, using default instead (%d seconds)", br->name,
748 NF_ACTIVE_TIMEOUT_DEFAULT);
749 opts.active_timeout = -1;
752 opts.add_id_to_iface = nf_cfg->add_id_to_interface;
753 if (opts.add_id_to_iface) {
754 if (opts.engine_id > 0x7f) {
755 VLOG_WARN("bridge %s: netflow port mangling may conflict "
756 "with another vswitch, choose an engine id less "
757 "than 128", br->name);
759 if (br->n_ports > 508) {
760 VLOG_WARN("bridge %s: netflow port mangling will conflict "
761 "with another port when more than 508 ports are "
766 opts.collectors.n = nf_cfg->n_targets;
767 opts.collectors.names = nf_cfg->targets;
768 if (ofproto_set_netflow(br->ofproto, &opts)) {
769 VLOG_ERR("bridge %s: problem setting netflow collectors",
773 ofproto_set_netflow(br->ofproto, NULL);
776 /* Set sFlow configuration on this bridge. */
777 if (br->cfg->sflow) {
778 const struct ovsrec_sflow *sflow_cfg = br->cfg->sflow;
779 struct ovsrec_controller **controllers;
780 struct ofproto_sflow_options oso;
781 size_t n_controllers;
784 memset(&oso, 0, sizeof oso);
786 oso.targets.n = sflow_cfg->n_targets;
787 oso.targets.names = sflow_cfg->targets;
789 oso.sampling_rate = SFL_DEFAULT_SAMPLING_RATE;
790 if (sflow_cfg->sampling) {
791 oso.sampling_rate = *sflow_cfg->sampling;
794 oso.polling_interval = SFL_DEFAULT_POLLING_INTERVAL;
795 if (sflow_cfg->polling) {
796 oso.polling_interval = *sflow_cfg->polling;
799 oso.header_len = SFL_DEFAULT_HEADER_SIZE;
800 if (sflow_cfg->header) {
801 oso.header_len = *sflow_cfg->header;
804 oso.sub_id = sflow_bridge_number++;
805 oso.agent_device = sflow_cfg->agent;
807 oso.control_ip = NULL;
808 n_controllers = bridge_get_controllers(ovs_cfg, br, &controllers);
809 for (i = 0; i < n_controllers; i++) {
810 if (controllers[i]->local_ip) {
811 oso.control_ip = controllers[i]->local_ip;
815 ofproto_set_sflow(br->ofproto, &oso);
817 /* Do not destroy oso.targets because it is owned by sflow_cfg. */
819 ofproto_set_sflow(br->ofproto, NULL);
822 /* Update the controller and related settings. It would be more
823 * straightforward to call this from bridge_reconfigure_one(), but we
824 * can't do it there for two reasons. First, and most importantly, at
825 * that point we don't know the dp_ifidx of any interfaces that have
826 * been added to the bridge (because we haven't actually added them to
827 * the datapath). Second, at that point we haven't set the datapath ID
828 * yet; when a controller is configured, resetting the datapath ID will
829 * immediately disconnect from the controller, so it's better to set
830 * the datapath ID before the controller. */
831 bridge_reconfigure_remotes(ovs_cfg, br, managers, n_managers);
833 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
834 for (i = 0; i < br->n_ports; i++) {
835 struct port *port = br->ports[i];
838 port_update_vlan_compat(port);
839 port_update_bonding(port);
841 for (j = 0; j < port->n_ifaces; j++) {
842 iface_update_qos(port->ifaces[j], port->cfg->qos);
846 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
847 iterate_and_prune_ifaces(br, set_iface_properties, NULL);
850 ovsrec_open_vswitch_set_cur_cfg(ovs_cfg, ovs_cfg->next_cfg);
852 ovsdb_idl_txn_commit(txn);
853 ovsdb_idl_txn_destroy(txn); /* XXX */
859 get_ovsrec_key_value(const char *key, char **keys, char **values, size_t n)
863 for (i = 0; i < n; i++) {
864 if (!strcmp(keys[i], key)) {
872 bridge_get_other_config(const struct ovsrec_bridge *br_cfg, const char *key)
874 return get_ovsrec_key_value(key,
875 br_cfg->key_other_config,
876 br_cfg->value_other_config,
877 br_cfg->n_other_config);
881 bridge_pick_local_hw_addr(struct bridge *br, uint8_t ea[ETH_ADDR_LEN],
882 struct iface **hw_addr_iface)
888 *hw_addr_iface = NULL;
890 /* Did the user request a particular MAC? */
891 hwaddr = bridge_get_other_config(br->cfg, "hwaddr");
892 if (hwaddr && eth_addr_from_string(hwaddr, ea)) {
893 if (eth_addr_is_multicast(ea)) {
894 VLOG_ERR("bridge %s: cannot set MAC address to multicast "
895 "address "ETH_ADDR_FMT, br->name, ETH_ADDR_ARGS(ea));
896 } else if (eth_addr_is_zero(ea)) {
897 VLOG_ERR("bridge %s: cannot set MAC address to zero", br->name);
903 /* Otherwise choose the minimum non-local MAC address among all of the
905 memset(ea, 0xff, sizeof ea);
906 for (i = 0; i < br->n_ports; i++) {
907 struct port *port = br->ports[i];
908 uint8_t iface_ea[ETH_ADDR_LEN];
911 /* Mirror output ports don't participate. */
912 if (port->is_mirror_output_port) {
916 /* Choose the MAC address to represent the port. */
917 if (port->cfg->mac && eth_addr_from_string(port->cfg->mac, iface_ea)) {
918 /* Find the interface with this Ethernet address (if any) so that
919 * we can provide the correct devname to the caller. */
921 for (j = 0; j < port->n_ifaces; j++) {
922 struct iface *candidate = port->ifaces[j];
923 uint8_t candidate_ea[ETH_ADDR_LEN];
924 if (!netdev_get_etheraddr(candidate->netdev, candidate_ea)
925 && eth_addr_equals(iface_ea, candidate_ea)) {
930 /* Choose the interface whose MAC address will represent the port.
931 * The Linux kernel bonding code always chooses the MAC address of
932 * the first slave added to a bond, and the Fedora networking
933 * scripts always add slaves to a bond in alphabetical order, so
934 * for compatibility we choose the interface with the name that is
935 * first in alphabetical order. */
936 iface = port->ifaces[0];
937 for (j = 1; j < port->n_ifaces; j++) {
938 struct iface *candidate = port->ifaces[j];
939 if (strcmp(candidate->name, iface->name) < 0) {
944 /* The local port doesn't count (since we're trying to choose its
945 * MAC address anyway). */
946 if (iface->dp_ifidx == ODPP_LOCAL) {
951 error = netdev_get_etheraddr(iface->netdev, iface_ea);
953 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
954 VLOG_ERR_RL(&rl, "failed to obtain Ethernet address of %s: %s",
955 iface->name, strerror(error));
960 /* Compare against our current choice. */
961 if (!eth_addr_is_multicast(iface_ea) &&
962 !eth_addr_is_local(iface_ea) &&
963 !eth_addr_is_reserved(iface_ea) &&
964 !eth_addr_is_zero(iface_ea) &&
965 memcmp(iface_ea, ea, ETH_ADDR_LEN) < 0)
967 memcpy(ea, iface_ea, ETH_ADDR_LEN);
968 *hw_addr_iface = iface;
971 if (eth_addr_is_multicast(ea)) {
972 memcpy(ea, br->default_ea, ETH_ADDR_LEN);
973 *hw_addr_iface = NULL;
974 VLOG_WARN("bridge %s: using default bridge Ethernet "
975 "address "ETH_ADDR_FMT, br->name, ETH_ADDR_ARGS(ea));
977 VLOG_DBG("bridge %s: using bridge Ethernet address "ETH_ADDR_FMT,
978 br->name, ETH_ADDR_ARGS(ea));
982 /* Choose and returns the datapath ID for bridge 'br' given that the bridge
983 * Ethernet address is 'bridge_ea'. If 'bridge_ea' is the Ethernet address of
984 * an interface on 'br', then that interface must be passed in as
985 * 'hw_addr_iface'; if 'bridge_ea' was derived some other way, then
986 * 'hw_addr_iface' must be passed in as a null pointer. */
988 bridge_pick_datapath_id(struct bridge *br,
989 const uint8_t bridge_ea[ETH_ADDR_LEN],
990 struct iface *hw_addr_iface)
993 * The procedure for choosing a bridge MAC address will, in the most
994 * ordinary case, also choose a unique MAC that we can use as a datapath
995 * ID. In some special cases, though, multiple bridges will end up with
996 * the same MAC address. This is OK for the bridges, but it will confuse
997 * the OpenFlow controller, because each datapath needs a unique datapath
1000 * Datapath IDs must be unique. It is also very desirable that they be
1001 * stable from one run to the next, so that policy set on a datapath
1004 const char *datapath_id;
1007 datapath_id = bridge_get_other_config(br->cfg, "datapath-id");
1008 if (datapath_id && dpid_from_string(datapath_id, &dpid)) {
1012 if (hw_addr_iface) {
1014 if (!netdev_get_vlan_vid(hw_addr_iface->netdev, &vlan)) {
1016 * A bridge whose MAC address is taken from a VLAN network device
1017 * (that is, a network device created with vconfig(8) or similar
1018 * tool) will have the same MAC address as a bridge on the VLAN
1019 * device's physical network device.
1021 * Handle this case by hashing the physical network device MAC
1022 * along with the VLAN identifier.
1024 uint8_t buf[ETH_ADDR_LEN + 2];
1025 memcpy(buf, bridge_ea, ETH_ADDR_LEN);
1026 buf[ETH_ADDR_LEN] = vlan >> 8;
1027 buf[ETH_ADDR_LEN + 1] = vlan;
1028 return dpid_from_hash(buf, sizeof buf);
1031 * Assume that this bridge's MAC address is unique, since it
1032 * doesn't fit any of the cases we handle specially.
1037 * A purely internal bridge, that is, one that has no non-virtual
1038 * network devices on it at all, is more difficult because it has no
1039 * natural unique identifier at all.
1041 * When the host is a XenServer, we handle this case by hashing the
1042 * host's UUID with the name of the bridge. Names of bridges are
1043 * persistent across XenServer reboots, although they can be reused if
1044 * an internal network is destroyed and then a new one is later
1045 * created, so this is fairly effective.
1047 * When the host is not a XenServer, we punt by using a random MAC
1048 * address on each run.
1050 const char *host_uuid = xenserver_get_host_uuid();
1052 char *combined = xasprintf("%s,%s", host_uuid, br->name);
1053 dpid = dpid_from_hash(combined, strlen(combined));
1059 return eth_addr_to_uint64(bridge_ea);
1063 dpid_from_hash(const void *data, size_t n)
1065 uint8_t hash[SHA1_DIGEST_SIZE];
1067 BUILD_ASSERT_DECL(sizeof hash >= ETH_ADDR_LEN);
1068 sha1_bytes(data, n, hash);
1069 eth_addr_mark_random(hash);
1070 return eth_addr_to_uint64(hash);
1076 struct bridge *br, *next;
1080 LIST_FOR_EACH_SAFE (br, next, struct bridge, node, &all_bridges) {
1081 int error = bridge_run_one(br);
1083 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1084 VLOG_ERR_RL(&rl, "bridge %s: datapath was destroyed externally, "
1085 "forcing reconfiguration", br->name);
1099 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
1100 ofproto_wait(br->ofproto);
1101 if (ofproto_has_controller(br->ofproto)) {
1105 mac_learning_wait(br->ml);
1110 /* Forces 'br' to revalidate all of its flows. This is appropriate when 'br''s
1111 * configuration changes. */
1113 bridge_flush(struct bridge *br)
1115 COVERAGE_INC(bridge_flush);
1117 mac_learning_flush(br->ml);
1120 /* Returns the 'br' interface for the ODPP_LOCAL port, or null if 'br' has no
1121 * such interface. */
1122 static struct iface *
1123 bridge_get_local_iface(struct bridge *br)
1127 for (i = 0; i < br->n_ports; i++) {
1128 struct port *port = br->ports[i];
1129 for (j = 0; j < port->n_ifaces; j++) {
1130 struct iface *iface = port->ifaces[j];
1131 if (iface->dp_ifidx == ODPP_LOCAL) {
1140 /* Bridge unixctl user interface functions. */
1142 bridge_unixctl_fdb_show(struct unixctl_conn *conn,
1143 const char *args, void *aux OVS_UNUSED)
1145 struct ds ds = DS_EMPTY_INITIALIZER;
1146 const struct bridge *br;
1147 const struct mac_entry *e;
1149 br = bridge_lookup(args);
1151 unixctl_command_reply(conn, 501, "no such bridge");
1155 ds_put_cstr(&ds, " port VLAN MAC Age\n");
1156 LIST_FOR_EACH (e, struct mac_entry, lru_node, &br->ml->lrus) {
1157 if (e->port < 0 || e->port >= br->n_ports) {
1160 ds_put_format(&ds, "%5d %4d "ETH_ADDR_FMT" %3d\n",
1161 br->ports[e->port]->ifaces[0]->dp_ifidx,
1162 e->vlan, ETH_ADDR_ARGS(e->mac), mac_entry_age(e));
1164 unixctl_command_reply(conn, 200, ds_cstr(&ds));
1168 /* Bridge reconfiguration functions. */
1169 static struct bridge *
1170 bridge_create(const struct ovsrec_bridge *br_cfg)
1175 assert(!bridge_lookup(br_cfg->name));
1176 br = xzalloc(sizeof *br);
1178 error = dpif_create_and_open(br_cfg->name, br_cfg->datapath_type,
1184 dpif_flow_flush(br->dpif);
1186 error = ofproto_create(br_cfg->name, br_cfg->datapath_type, &bridge_ofhooks,
1189 VLOG_ERR("failed to create switch %s: %s", br_cfg->name,
1191 dpif_delete(br->dpif);
1192 dpif_close(br->dpif);
1197 br->name = xstrdup(br_cfg->name);
1199 br->ml = mac_learning_create();
1200 eth_addr_nicira_random(br->default_ea);
1202 port_array_init(&br->ifaces);
1204 shash_init(&br->port_by_name);
1205 shash_init(&br->iface_by_name);
1209 list_push_back(&all_bridges, &br->node);
1211 VLOG_INFO("created bridge %s on %s", br->name, dpif_name(br->dpif));
1217 bridge_destroy(struct bridge *br)
1222 while (br->n_ports > 0) {
1223 port_destroy(br->ports[br->n_ports - 1]);
1225 list_remove(&br->node);
1226 error = dpif_delete(br->dpif);
1227 if (error && error != ENOENT) {
1228 VLOG_ERR("failed to delete %s: %s",
1229 dpif_name(br->dpif), strerror(error));
1231 dpif_close(br->dpif);
1232 ofproto_destroy(br->ofproto);
1233 mac_learning_destroy(br->ml);
1234 port_array_destroy(&br->ifaces);
1235 shash_destroy(&br->port_by_name);
1236 shash_destroy(&br->iface_by_name);
1243 static struct bridge *
1244 bridge_lookup(const char *name)
1248 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
1249 if (!strcmp(br->name, name)) {
1257 bridge_exists(const char *name)
1259 return bridge_lookup(name) ? true : false;
1263 bridge_get_datapathid(const char *name)
1265 struct bridge *br = bridge_lookup(name);
1266 return br ? ofproto_get_datapath_id(br->ofproto) : 0;
1269 /* Handle requests for a listing of all flows known by the OpenFlow
1270 * stack, including those normally hidden. */
1272 bridge_unixctl_dump_flows(struct unixctl_conn *conn,
1273 const char *args, void *aux OVS_UNUSED)
1278 br = bridge_lookup(args);
1280 unixctl_command_reply(conn, 501, "Unknown bridge");
1285 ofproto_get_all_flows(br->ofproto, &results);
1287 unixctl_command_reply(conn, 200, ds_cstr(&results));
1288 ds_destroy(&results);
1292 bridge_run_one(struct bridge *br)
1296 error = ofproto_run1(br->ofproto);
1301 mac_learning_run(br->ml, ofproto_get_revalidate_set(br->ofproto));
1304 error = ofproto_run2(br->ofproto, br->flush);
1311 bridge_get_controllers(const struct ovsrec_open_vswitch *ovs_cfg,
1312 const struct bridge *br,
1313 struct ovsrec_controller ***controllersp)
1315 struct ovsrec_controller **controllers;
1316 size_t n_controllers;
1318 if (br->cfg->n_controller) {
1319 controllers = br->cfg->controller;
1320 n_controllers = br->cfg->n_controller;
1322 controllers = ovs_cfg->controller;
1323 n_controllers = ovs_cfg->n_controller;
1326 if (n_controllers == 1 && !strcmp(controllers[0]->target, "none")) {
1332 *controllersp = controllers;
1334 return n_controllers;
1338 bridge_reconfigure_one(const struct ovsrec_open_vswitch *ovs_cfg,
1341 struct shash old_ports, new_ports;
1342 struct svec listeners, old_listeners;
1343 struct svec snoops, old_snoops;
1344 struct shash_node *node;
1347 /* Collect old ports. */
1348 shash_init(&old_ports);
1349 for (i = 0; i < br->n_ports; i++) {
1350 shash_add(&old_ports, br->ports[i]->name, br->ports[i]);
1353 /* Collect new ports. */
1354 shash_init(&new_ports);
1355 for (i = 0; i < br->cfg->n_ports; i++) {
1356 const char *name = br->cfg->ports[i]->name;
1357 if (!shash_add_once(&new_ports, name, br->cfg->ports[i])) {
1358 VLOG_WARN("bridge %s: %s specified twice as bridge port",
1363 /* If we have a controller, then we need a local port. Complain if the
1364 * user didn't specify one.
1366 * XXX perhaps we should synthesize a port ourselves in this case. */
1367 if (bridge_get_controllers(ovs_cfg, br, NULL)) {
1368 char local_name[IF_NAMESIZE];
1371 error = dpif_port_get_name(br->dpif, ODPP_LOCAL,
1372 local_name, sizeof local_name);
1373 if (!error && !shash_find(&new_ports, local_name)) {
1374 VLOG_WARN("bridge %s: controller specified but no local port "
1375 "(port named %s) defined",
1376 br->name, local_name);
1380 /* Get rid of deleted ports.
1381 * Get rid of deleted interfaces on ports that still exist. */
1382 SHASH_FOR_EACH (node, &old_ports) {
1383 struct port *port = node->data;
1384 const struct ovsrec_port *port_cfg;
1386 port_cfg = shash_find_data(&new_ports, node->name);
1390 port_del_ifaces(port, port_cfg);
1394 /* Create new ports.
1395 * Add new interfaces to existing ports.
1396 * Reconfigure existing ports. */
1397 SHASH_FOR_EACH (node, &new_ports) {
1398 struct port *port = shash_find_data(&old_ports, node->name);
1400 port = port_create(br, node->name);
1403 port_reconfigure(port, node->data);
1404 if (!port->n_ifaces) {
1405 VLOG_WARN("bridge %s: port %s has no interfaces, dropping",
1406 br->name, port->name);
1410 shash_destroy(&old_ports);
1411 shash_destroy(&new_ports);
1413 /* Delete all flows if we're switching from connected to standalone or vice
1414 * versa. (XXX Should we delete all flows if we are switching from one
1415 * controller to another?) */
1417 /* Configure OpenFlow management listener. */
1418 svec_init(&listeners);
1419 svec_add_nocopy(&listeners, xasprintf("punix:%s/%s.mgmt",
1420 ovs_rundir, br->name));
1421 svec_init(&old_listeners);
1422 ofproto_get_listeners(br->ofproto, &old_listeners);
1423 if (!svec_equal(&listeners, &old_listeners)) {
1424 ofproto_set_listeners(br->ofproto, &listeners);
1426 svec_destroy(&listeners);
1427 svec_destroy(&old_listeners);
1429 /* Configure OpenFlow controller connection snooping. */
1431 svec_add_nocopy(&snoops, xasprintf("punix:%s/%s.snoop",
1432 ovs_rundir, br->name));
1433 svec_init(&old_snoops);
1434 ofproto_get_snoops(br->ofproto, &old_snoops);
1435 if (!svec_equal(&snoops, &old_snoops)) {
1436 ofproto_set_snoops(br->ofproto, &snoops);
1438 svec_destroy(&snoops);
1439 svec_destroy(&old_snoops);
1441 mirror_reconfigure(br);
1445 bridge_reconfigure_remotes(const struct ovsrec_open_vswitch *ovs_cfg,
1447 const struct sockaddr_in *managers,
1450 struct ovsrec_controller **controllers;
1451 size_t n_controllers;
1453 ofproto_set_extra_in_band_remotes(br->ofproto, managers, n_managers);
1455 n_controllers = bridge_get_controllers(ovs_cfg, br, &controllers);
1456 if (ofproto_has_controller(br->ofproto) != (n_controllers != 0)) {
1457 ofproto_flush_flows(br->ofproto);
1460 if (!n_controllers) {
1461 union ofp_action action;
1464 /* Clear out controllers. */
1465 ofproto_set_controllers(br->ofproto, NULL, 0);
1467 /* Set up a flow that matches every packet and directs them to
1468 * OFPP_NORMAL (which goes to us). */
1469 memset(&action, 0, sizeof action);
1470 action.type = htons(OFPAT_OUTPUT);
1471 action.output.len = htons(sizeof action);
1472 action.output.port = htons(OFPP_NORMAL);
1473 memset(&flow, 0, sizeof flow);
1474 ofproto_add_flow(br->ofproto, &flow, OVSFW_ALL, 0, &action, 1, 0);
1476 struct ofproto_controller *ocs;
1479 ocs = xmalloc(n_controllers * sizeof *ocs);
1480 for (i = 0; i < n_controllers; i++) {
1481 struct ovsrec_controller *c = controllers[i];
1482 struct ofproto_controller *oc = &ocs[i];
1484 if (strcmp(c->target, "discover")) {
1485 struct iface *local_iface;
1488 local_iface = bridge_get_local_iface(br);
1489 if (local_iface && c->local_ip
1490 && inet_aton(c->local_ip, &ip)) {
1491 struct netdev *netdev = local_iface->netdev;
1492 struct in_addr mask, gateway;
1494 if (!c->local_netmask
1495 || !inet_aton(c->local_netmask, &mask)) {
1498 if (!c->local_gateway
1499 || !inet_aton(c->local_gateway, &gateway)) {
1503 netdev_turn_flags_on(netdev, NETDEV_UP, true);
1505 mask.s_addr = guess_netmask(ip.s_addr);
1507 if (!netdev_set_in4(netdev, ip, mask)) {
1508 VLOG_INFO("bridge %s: configured IP address "IP_FMT", "
1510 br->name, IP_ARGS(&ip.s_addr),
1511 IP_ARGS(&mask.s_addr));
1514 if (gateway.s_addr) {
1515 if (!netdev_add_router(netdev, gateway)) {
1516 VLOG_INFO("bridge %s: configured gateway "IP_FMT,
1517 br->name, IP_ARGS(&gateway.s_addr));
1523 oc->target = c->target;
1524 oc->max_backoff = c->max_backoff ? *c->max_backoff / 1000 : 8;
1525 oc->probe_interval = (c->inactivity_probe
1526 ? *c->inactivity_probe / 1000 : 5);
1527 oc->fail = (!c->fail_mode
1528 || !strcmp(c->fail_mode, "standalone")
1529 || !strcmp(c->fail_mode, "open")
1530 ? OFPROTO_FAIL_STANDALONE
1531 : OFPROTO_FAIL_SECURE);
1532 oc->band = (!c->connection_mode
1533 || !strcmp(c->connection_mode, "in-band")
1535 : OFPROTO_OUT_OF_BAND);
1536 oc->accept_re = c->discover_accept_regex;
1537 oc->update_resolv_conf = c->discover_update_resolv_conf;
1538 oc->rate_limit = (c->controller_rate_limit
1539 ? *c->controller_rate_limit : 0);
1540 oc->burst_limit = (c->controller_burst_limit
1541 ? *c->controller_burst_limit : 0);
1543 ofproto_set_controllers(br->ofproto, ocs, n_controllers);
1549 bridge_get_all_ifaces(const struct bridge *br, struct shash *ifaces)
1554 for (i = 0; i < br->n_ports; i++) {
1555 struct port *port = br->ports[i];
1556 for (j = 0; j < port->n_ifaces; j++) {
1557 struct iface *iface = port->ifaces[j];
1558 shash_add_once(ifaces, iface->name, iface);
1560 if (port->n_ifaces > 1 && port->cfg->bond_fake_iface) {
1561 shash_add_once(ifaces, port->name, NULL);
1566 /* For robustness, in case the administrator moves around datapath ports behind
1567 * our back, we re-check all the datapath port numbers here.
1569 * This function will set the 'dp_ifidx' members of interfaces that have
1570 * disappeared to -1, so only call this function from a context where those
1571 * 'struct iface's will be removed from the bridge. Otherwise, the -1
1572 * 'dp_ifidx'es will cause trouble later when we try to send them to the
1573 * datapath, which doesn't support UINT16_MAX+1 ports. */
1575 bridge_fetch_dp_ifaces(struct bridge *br)
1577 struct odp_port *dpif_ports;
1578 size_t n_dpif_ports;
1581 /* Reset all interface numbers. */
1582 for (i = 0; i < br->n_ports; i++) {
1583 struct port *port = br->ports[i];
1584 for (j = 0; j < port->n_ifaces; j++) {
1585 struct iface *iface = port->ifaces[j];
1586 iface->dp_ifidx = -1;
1589 port_array_clear(&br->ifaces);
1591 dpif_port_list(br->dpif, &dpif_ports, &n_dpif_ports);
1592 for (i = 0; i < n_dpif_ports; i++) {
1593 struct odp_port *p = &dpif_ports[i];
1594 struct iface *iface = iface_lookup(br, p->devname);
1596 if (iface->dp_ifidx >= 0) {
1597 VLOG_WARN("%s reported interface %s twice",
1598 dpif_name(br->dpif), p->devname);
1599 } else if (iface_from_dp_ifidx(br, p->port)) {
1600 VLOG_WARN("%s reported interface %"PRIu16" twice",
1601 dpif_name(br->dpif), p->port);
1603 port_array_set(&br->ifaces, p->port, iface);
1604 iface->dp_ifidx = p->port;
1608 int64_t ofport = (iface->dp_ifidx >= 0
1609 ? odp_port_to_ofp_port(iface->dp_ifidx)
1611 ovsrec_interface_set_ofport(iface->cfg, &ofport, 1);
1618 /* Bridge packet processing functions. */
1621 bond_hash(const uint8_t mac[ETH_ADDR_LEN])
1623 return hash_bytes(mac, ETH_ADDR_LEN, 0) & BOND_MASK;
1626 static struct bond_entry *
1627 lookup_bond_entry(const struct port *port, const uint8_t mac[ETH_ADDR_LEN])
1629 return &port->bond_hash[bond_hash(mac)];
1633 bond_choose_iface(const struct port *port)
1635 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20);
1636 size_t i, best_down_slave = -1;
1637 long long next_delay_expiration = LLONG_MAX;
1639 for (i = 0; i < port->n_ifaces; i++) {
1640 struct iface *iface = port->ifaces[i];
1642 if (iface->enabled) {
1644 } else if (iface->delay_expires < next_delay_expiration) {
1645 best_down_slave = i;
1646 next_delay_expiration = iface->delay_expires;
1650 if (best_down_slave != -1) {
1651 struct iface *iface = port->ifaces[best_down_slave];
1653 VLOG_INFO_RL(&rl, "interface %s: skipping remaining %lli ms updelay "
1654 "since no other interface is up", iface->name,
1655 iface->delay_expires - time_msec());
1656 bond_enable_slave(iface, true);
1659 return best_down_slave;
1663 choose_output_iface(const struct port *port, const uint8_t *dl_src,
1664 uint16_t *dp_ifidx, tag_type *tags)
1666 struct iface *iface;
1668 assert(port->n_ifaces);
1669 if (port->n_ifaces == 1) {
1670 iface = port->ifaces[0];
1672 struct bond_entry *e = lookup_bond_entry(port, dl_src);
1673 if (e->iface_idx < 0 || e->iface_idx >= port->n_ifaces
1674 || !port->ifaces[e->iface_idx]->enabled) {
1675 /* XXX select interface properly. The current interface selection
1676 * is only good for testing the rebalancing code. */
1677 e->iface_idx = bond_choose_iface(port);
1678 if (e->iface_idx < 0) {
1679 *tags |= port->no_ifaces_tag;
1682 e->iface_tag = tag_create_random();
1683 ((struct port *) port)->bond_compat_is_stale = true;
1685 *tags |= e->iface_tag;
1686 iface = port->ifaces[e->iface_idx];
1688 *dp_ifidx = iface->dp_ifidx;
1689 *tags |= iface->tag; /* Currently only used for bonding. */
1694 bond_link_status_update(struct iface *iface, bool carrier)
1696 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20);
1697 struct port *port = iface->port;
1699 if ((carrier == iface->enabled) == (iface->delay_expires == LLONG_MAX)) {
1700 /* Nothing to do. */
1703 VLOG_INFO_RL(&rl, "interface %s: carrier %s",
1704 iface->name, carrier ? "detected" : "dropped");
1705 if (carrier == iface->enabled) {
1706 iface->delay_expires = LLONG_MAX;
1707 VLOG_INFO_RL(&rl, "interface %s: will not be %s",
1708 iface->name, carrier ? "disabled" : "enabled");
1709 } else if (carrier && port->active_iface < 0) {
1710 bond_enable_slave(iface, true);
1711 if (port->updelay) {
1712 VLOG_INFO_RL(&rl, "interface %s: skipping %d ms updelay since no "
1713 "other interface is up", iface->name, port->updelay);
1716 int delay = carrier ? port->updelay : port->downdelay;
1717 iface->delay_expires = time_msec() + delay;
1720 "interface %s: will be %s if it stays %s for %d ms",
1722 carrier ? "enabled" : "disabled",
1723 carrier ? "up" : "down",
1730 bond_choose_active_iface(struct port *port)
1732 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20);
1734 port->active_iface = bond_choose_iface(port);
1735 port->active_iface_tag = tag_create_random();
1736 if (port->active_iface >= 0) {
1737 VLOG_INFO_RL(&rl, "port %s: active interface is now %s",
1738 port->name, port->ifaces[port->active_iface]->name);
1740 VLOG_WARN_RL(&rl, "port %s: all ports disabled, no active interface",
1746 bond_enable_slave(struct iface *iface, bool enable)
1748 struct port *port = iface->port;
1749 struct bridge *br = port->bridge;
1751 /* This acts as a recursion check. If the act of disabling a slave
1752 * causes a different slave to be enabled, the flag will allow us to
1753 * skip redundant work when we reenter this function. It must be
1754 * cleared on exit to keep things safe with multiple bonds. */
1755 static bool moving_active_iface = false;
1757 iface->delay_expires = LLONG_MAX;
1758 if (enable == iface->enabled) {
1762 iface->enabled = enable;
1763 if (!iface->enabled) {
1764 VLOG_WARN("interface %s: disabled", iface->name);
1765 ofproto_revalidate(br->ofproto, iface->tag);
1766 if (iface->port_ifidx == port->active_iface) {
1767 ofproto_revalidate(br->ofproto,
1768 port->active_iface_tag);
1770 /* Disabling a slave can lead to another slave being immediately
1771 * enabled if there will be no active slaves but one is waiting
1772 * on an updelay. In this case we do not need to run most of the
1773 * code for the newly enabled slave since there was no period
1774 * without an active slave and it is redundant with the disabling
1776 moving_active_iface = true;
1777 bond_choose_active_iface(port);
1779 bond_send_learning_packets(port);
1781 VLOG_WARN("interface %s: enabled", iface->name);
1782 if (port->active_iface < 0 && !moving_active_iface) {
1783 ofproto_revalidate(br->ofproto, port->no_ifaces_tag);
1784 bond_choose_active_iface(port);
1785 bond_send_learning_packets(port);
1787 iface->tag = tag_create_random();
1790 moving_active_iface = false;
1791 port->bond_compat_is_stale = true;
1794 /* Attempts to make the sum of the bond slaves' statistics appear on the fake
1795 * bond interface. */
1797 bond_update_fake_iface_stats(struct port *port)
1799 struct netdev_stats bond_stats;
1800 struct netdev *bond_dev;
1803 memset(&bond_stats, 0, sizeof bond_stats);
1805 for (i = 0; i < port->n_ifaces; i++) {
1806 struct netdev_stats slave_stats;
1808 if (!netdev_get_stats(port->ifaces[i]->netdev, &slave_stats)) {
1809 /* XXX: We swap the stats here because they are swapped back when
1810 * reported by the internal device. The reason for this is
1811 * internal devices normally represent packets going into the system
1812 * but when used as fake bond device they represent packets leaving
1813 * the system. We really should do this in the internal device
1814 * itself because changing it here reverses the counts from the
1815 * perspective of the switch. However, the internal device doesn't
1816 * know what type of device it represents so we have to do it here
1818 bond_stats.tx_packets += slave_stats.rx_packets;
1819 bond_stats.tx_bytes += slave_stats.rx_bytes;
1820 bond_stats.rx_packets += slave_stats.tx_packets;
1821 bond_stats.rx_bytes += slave_stats.tx_bytes;
1825 if (!netdev_open_default(port->name, &bond_dev)) {
1826 netdev_set_stats(bond_dev, &bond_stats);
1827 netdev_close(bond_dev);
1832 bond_run(struct bridge *br)
1836 for (i = 0; i < br->n_ports; i++) {
1837 struct port *port = br->ports[i];
1839 if (port->n_ifaces >= 2) {
1840 for (j = 0; j < port->n_ifaces; j++) {
1841 struct iface *iface = port->ifaces[j];
1842 if (time_msec() >= iface->delay_expires) {
1843 bond_enable_slave(iface, !iface->enabled);
1847 if (port->bond_fake_iface
1848 && time_msec() >= port->bond_next_fake_iface_update) {
1849 bond_update_fake_iface_stats(port);
1850 port->bond_next_fake_iface_update = time_msec() + 1000;
1854 if (port->bond_compat_is_stale) {
1855 port->bond_compat_is_stale = false;
1856 port_update_bond_compat(port);
1862 bond_wait(struct bridge *br)
1866 for (i = 0; i < br->n_ports; i++) {
1867 struct port *port = br->ports[i];
1868 if (port->n_ifaces < 2) {
1871 for (j = 0; j < port->n_ifaces; j++) {
1872 struct iface *iface = port->ifaces[j];
1873 if (iface->delay_expires != LLONG_MAX) {
1874 poll_timer_wait_until(iface->delay_expires);
1877 if (port->bond_fake_iface) {
1878 poll_timer_wait_until(port->bond_next_fake_iface_update);
1884 set_dst(struct dst *p, const flow_t *flow,
1885 const struct port *in_port, const struct port *out_port,
1888 p->vlan = (out_port->vlan >= 0 ? OFP_VLAN_NONE
1889 : in_port->vlan >= 0 ? in_port->vlan
1890 : ntohs(flow->dl_vlan));
1891 return choose_output_iface(out_port, flow->dl_src, &p->dp_ifidx, tags);
1895 swap_dst(struct dst *p, struct dst *q)
1897 struct dst tmp = *p;
1902 /* Moves all the dsts with vlan == 'vlan' to the front of the 'n_dsts' in
1903 * 'dsts'. (This may help performance by reducing the number of VLAN changes
1904 * that we push to the datapath. We could in fact fully sort the array by
1905 * vlan, but in most cases there are at most two different vlan tags so that's
1906 * possibly overkill.) */
1908 partition_dsts(struct dst *dsts, size_t n_dsts, int vlan)
1910 struct dst *first = dsts;
1911 struct dst *last = dsts + n_dsts;
1913 while (first != last) {
1915 * - All dsts < first have vlan == 'vlan'.
1916 * - All dsts >= last have vlan != 'vlan'.
1917 * - first < last. */
1918 while (first->vlan == vlan) {
1919 if (++first == last) {
1924 /* Same invariants, plus one additional:
1925 * - first->vlan != vlan.
1927 while (last[-1].vlan != vlan) {
1928 if (--last == first) {
1933 /* Same invariants, plus one additional:
1934 * - last[-1].vlan == vlan.*/
1935 swap_dst(first++, --last);
1940 mirror_mask_ffs(mirror_mask_t mask)
1942 BUILD_ASSERT_DECL(sizeof(unsigned int) >= sizeof(mask));
1947 dst_is_duplicate(const struct dst *dsts, size_t n_dsts,
1948 const struct dst *test)
1951 for (i = 0; i < n_dsts; i++) {
1952 if (dsts[i].vlan == test->vlan && dsts[i].dp_ifidx == test->dp_ifidx) {
1960 port_trunks_vlan(const struct port *port, uint16_t vlan)
1962 return (port->vlan < 0
1963 && (!port->trunks || bitmap_is_set(port->trunks, vlan)));
1967 port_includes_vlan(const struct port *port, uint16_t vlan)
1969 return vlan == port->vlan || port_trunks_vlan(port, vlan);
1973 compose_dsts(const struct bridge *br, const flow_t *flow, uint16_t vlan,
1974 const struct port *in_port, const struct port *out_port,
1975 struct dst dsts[], tag_type *tags, uint16_t *nf_output_iface)
1977 mirror_mask_t mirrors = in_port->src_mirrors;
1978 struct dst *dst = dsts;
1981 if (out_port == FLOOD_PORT) {
1982 /* XXX use ODP_FLOOD if no vlans or bonding. */
1983 /* XXX even better, define each VLAN as a datapath port group */
1984 for (i = 0; i < br->n_ports; i++) {
1985 struct port *port = br->ports[i];
1986 if (port != in_port && port_includes_vlan(port, vlan)
1987 && !port->is_mirror_output_port
1988 && set_dst(dst, flow, in_port, port, tags)) {
1989 mirrors |= port->dst_mirrors;
1993 *nf_output_iface = NF_OUT_FLOOD;
1994 } else if (out_port && set_dst(dst, flow, in_port, out_port, tags)) {
1995 *nf_output_iface = dst->dp_ifidx;
1996 mirrors |= out_port->dst_mirrors;
2001 struct mirror *m = br->mirrors[mirror_mask_ffs(mirrors) - 1];
2002 if (!m->n_vlans || vlan_is_mirrored(m, vlan)) {
2004 if (set_dst(dst, flow, in_port, m->out_port, tags)
2005 && !dst_is_duplicate(dsts, dst - dsts, dst)) {
2009 for (i = 0; i < br->n_ports; i++) {
2010 struct port *port = br->ports[i];
2011 if (port_includes_vlan(port, m->out_vlan)
2012 && set_dst(dst, flow, in_port, port, tags))
2016 if (port->vlan < 0) {
2017 dst->vlan = m->out_vlan;
2019 if (dst_is_duplicate(dsts, dst - dsts, dst)) {
2023 /* Use the vlan tag on the original flow instead of
2024 * the one passed in the vlan parameter. This ensures
2025 * that we compare the vlan from before any implicit
2026 * tagging tags place. This is necessary because
2027 * dst->vlan is the final vlan, after removing implicit
2029 flow_vlan = ntohs(flow->dl_vlan);
2030 if (flow_vlan == 0) {
2031 flow_vlan = OFP_VLAN_NONE;
2033 if (port == in_port && dst->vlan == flow_vlan) {
2034 /* Don't send out input port on same VLAN. */
2042 mirrors &= mirrors - 1;
2045 partition_dsts(dsts, dst - dsts, ntohs(flow->dl_vlan));
2049 static void OVS_UNUSED
2050 print_dsts(const struct dst *dsts, size_t n)
2052 for (; n--; dsts++) {
2053 printf(">p%"PRIu16, dsts->dp_ifidx);
2054 if (dsts->vlan != OFP_VLAN_NONE) {
2055 printf("v%"PRIu16, dsts->vlan);
2061 compose_actions(struct bridge *br, const flow_t *flow, uint16_t vlan,
2062 const struct port *in_port, const struct port *out_port,
2063 tag_type *tags, struct odp_actions *actions,
2064 uint16_t *nf_output_iface)
2066 struct dst dsts[DP_MAX_PORTS * (MAX_MIRRORS + 1)];
2068 const struct dst *p;
2071 n_dsts = compose_dsts(br, flow, vlan, in_port, out_port, dsts, tags,
2074 cur_vlan = ntohs(flow->dl_vlan);
2075 for (p = dsts; p < &dsts[n_dsts]; p++) {
2076 union odp_action *a;
2077 if (p->vlan != cur_vlan) {
2078 if (p->vlan == OFP_VLAN_NONE) {
2079 odp_actions_add(actions, ODPAT_STRIP_VLAN);
2081 a = odp_actions_add(actions, ODPAT_SET_VLAN_VID);
2082 a->vlan_vid.vlan_vid = htons(p->vlan);
2086 a = odp_actions_add(actions, ODPAT_OUTPUT);
2087 a->output.port = p->dp_ifidx;
2091 /* Returns the effective vlan of a packet, taking into account both the
2092 * 802.1Q header and implicitly tagged ports. A value of 0 indicates that
2093 * the packet is untagged and -1 indicates it has an invalid header and
2094 * should be dropped. */
2095 static int flow_get_vlan(struct bridge *br, const flow_t *flow,
2096 struct port *in_port, bool have_packet)
2098 /* Note that dl_vlan of 0 and of OFP_VLAN_NONE both mean that the packet
2099 * belongs to VLAN 0, so we should treat both cases identically. (In the
2100 * former case, the packet has an 802.1Q header that specifies VLAN 0,
2101 * presumably to allow a priority to be specified. In the latter case, the
2102 * packet does not have any 802.1Q header.) */
2103 int vlan = ntohs(flow->dl_vlan);
2104 if (vlan == OFP_VLAN_NONE) {
2107 if (in_port->vlan >= 0) {
2109 /* XXX support double tagging? */
2111 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2112 VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %"PRIu16" tagged "
2113 "packet received on port %s configured with "
2114 "implicit VLAN %"PRIu16,
2115 br->name, ntohs(flow->dl_vlan),
2116 in_port->name, in_port->vlan);
2120 vlan = in_port->vlan;
2122 if (!port_includes_vlan(in_port, vlan)) {
2124 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2125 VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %d tagged "
2126 "packet received on port %s not configured for "
2128 br->name, vlan, in_port->name, vlan);
2137 /* A VM broadcasts a gratuitous ARP to indicate that it has resumed after
2138 * migration. Older Citrix-patched Linux DomU used gratuitous ARP replies to
2139 * indicate this; newer upstream kernels use gratuitous ARP requests. */
2141 is_gratuitous_arp(const flow_t *flow)
2143 return (flow->dl_type == htons(ETH_TYPE_ARP)
2144 && eth_addr_is_broadcast(flow->dl_dst)
2145 && (flow->nw_proto == ARP_OP_REPLY
2146 || (flow->nw_proto == ARP_OP_REQUEST
2147 && flow->nw_src == flow->nw_dst)));
2151 update_learning_table(struct bridge *br, const flow_t *flow, int vlan,
2152 struct port *in_port)
2154 enum grat_arp_lock_type lock_type;
2157 /* We don't want to learn from gratuitous ARP packets that are reflected
2158 * back over bond slaves so we lock the learning table. */
2159 lock_type = !is_gratuitous_arp(flow) ? GRAT_ARP_LOCK_NONE :
2160 (in_port->n_ifaces == 1) ? GRAT_ARP_LOCK_SET :
2161 GRAT_ARP_LOCK_CHECK;
2163 rev_tag = mac_learning_learn(br->ml, flow->dl_src, vlan, in_port->port_idx,
2166 /* The log messages here could actually be useful in debugging,
2167 * so keep the rate limit relatively high. */
2168 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30,
2170 VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is "
2171 "on port %s in VLAN %d",
2172 br->name, ETH_ADDR_ARGS(flow->dl_src),
2173 in_port->name, vlan);
2174 ofproto_revalidate(br->ofproto, rev_tag);
2178 /* Determines whether packets in 'flow' within 'br' should be forwarded or
2179 * dropped. Returns true if they may be forwarded, false if they should be
2182 * If 'have_packet' is true, it indicates that the caller is processing a
2183 * received packet. If 'have_packet' is false, then the caller is just
2184 * revalidating an existing flow because configuration has changed. Either
2185 * way, 'have_packet' only affects logging (there is no point in logging errors
2186 * during revalidation).
2188 * Sets '*in_portp' to the input port. This will be a null pointer if
2189 * flow->in_port does not designate a known input port (in which case
2190 * is_admissible() returns false).
2192 * When returning true, sets '*vlanp' to the effective VLAN of the input
2193 * packet, as returned by flow_get_vlan().
2195 * May also add tags to '*tags', although the current implementation only does
2196 * so in one special case.
2199 is_admissible(struct bridge *br, const flow_t *flow, bool have_packet,
2200 tag_type *tags, int *vlanp, struct port **in_portp)
2202 struct iface *in_iface;
2203 struct port *in_port;
2206 /* Find the interface and port structure for the received packet. */
2207 in_iface = iface_from_dp_ifidx(br, flow->in_port);
2209 /* No interface? Something fishy... */
2211 /* Odd. A few possible reasons here:
2213 * - We deleted an interface but there are still a few packets
2214 * queued up from it.
2216 * - Someone externally added an interface (e.g. with "ovs-dpctl
2217 * add-if") that we don't know about.
2219 * - Packet arrived on the local port but the local port is not
2220 * one of our bridge ports.
2222 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2224 VLOG_WARN_RL(&rl, "bridge %s: received packet on unknown "
2225 "interface %"PRIu16, br->name, flow->in_port);
2231 *in_portp = in_port = in_iface->port;
2232 *vlanp = vlan = flow_get_vlan(br, flow, in_port, have_packet);
2237 /* Drop frames for reserved multicast addresses. */
2238 if (eth_addr_is_reserved(flow->dl_dst)) {
2242 /* Drop frames on ports reserved for mirroring. */
2243 if (in_port->is_mirror_output_port) {
2245 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2246 VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port "
2247 "%s, which is reserved exclusively for mirroring",
2248 br->name, in_port->name);
2253 /* Packets received on bonds need special attention to avoid duplicates. */
2254 if (in_port->n_ifaces > 1) {
2256 bool is_grat_arp_locked;
2258 if (eth_addr_is_multicast(flow->dl_dst)) {
2259 *tags |= in_port->active_iface_tag;
2260 if (in_port->active_iface != in_iface->port_ifidx) {
2261 /* Drop all multicast packets on inactive slaves. */
2266 /* Drop all packets for which we have learned a different input
2267 * port, because we probably sent the packet on one slave and got
2268 * it back on the other. Gratuitous ARP packets are an exception
2269 * to this rule: the host has moved to another switch. The exception
2270 * to the exception is if we locked the learning table to avoid
2271 * reflections on bond slaves. If this is the case, just drop the
2273 src_idx = mac_learning_lookup(br->ml, flow->dl_src, vlan,
2274 &is_grat_arp_locked);
2275 if (src_idx != -1 && src_idx != in_port->port_idx &&
2276 (!is_gratuitous_arp(flow) || is_grat_arp_locked)) {
2284 /* If the composed actions may be applied to any packet in the given 'flow',
2285 * returns true. Otherwise, the actions should only be applied to 'packet', or
2286 * not at all, if 'packet' was NULL. */
2288 process_flow(struct bridge *br, const flow_t *flow,
2289 const struct ofpbuf *packet, struct odp_actions *actions,
2290 tag_type *tags, uint16_t *nf_output_iface)
2292 struct port *in_port;
2293 struct port *out_port;
2297 /* Check whether we should drop packets in this flow. */
2298 if (!is_admissible(br, flow, packet != NULL, tags, &vlan, &in_port)) {
2303 /* Learn source MAC (but don't try to learn from revalidation). */
2305 update_learning_table(br, flow, vlan, in_port);
2308 /* Determine output port. */
2309 out_port_idx = mac_learning_lookup_tag(br->ml, flow->dl_dst, vlan, tags,
2311 if (out_port_idx >= 0 && out_port_idx < br->n_ports) {
2312 out_port = br->ports[out_port_idx];
2313 } else if (!packet && !eth_addr_is_multicast(flow->dl_dst)) {
2314 /* If we are revalidating but don't have a learning entry then
2315 * eject the flow. Installing a flow that floods packets opens
2316 * up a window of time where we could learn from a packet reflected
2317 * on a bond and blackhole packets before the learning table is
2318 * updated to reflect the correct port. */
2321 out_port = FLOOD_PORT;
2324 /* Don't send packets out their input ports. */
2325 if (in_port == out_port) {
2331 compose_actions(br, flow, vlan, in_port, out_port, tags, actions,
2338 /* Careful: 'opp' is in host byte order and opp->port_no is an OFP port
2341 bridge_port_changed_ofhook_cb(enum ofp_port_reason reason,
2342 const struct ofp_phy_port *opp,
2345 struct bridge *br = br_;
2346 struct iface *iface;
2349 iface = iface_from_dp_ifidx(br, ofp_port_to_odp_port(opp->port_no));
2355 if (reason == OFPPR_DELETE) {
2356 VLOG_WARN("bridge %s: interface %s deleted unexpectedly",
2357 br->name, iface->name);
2358 iface_destroy(iface);
2359 if (!port->n_ifaces) {
2360 VLOG_WARN("bridge %s: port %s has no interfaces, dropping",
2361 br->name, port->name);
2367 if (port->n_ifaces > 1) {
2368 bool up = !(opp->state & OFPPS_LINK_DOWN);
2369 bond_link_status_update(iface, up);
2370 port_update_bond_compat(port);
2376 bridge_normal_ofhook_cb(const flow_t *flow, const struct ofpbuf *packet,
2377 struct odp_actions *actions, tag_type *tags,
2378 uint16_t *nf_output_iface, void *br_)
2380 struct bridge *br = br_;
2382 COVERAGE_INC(bridge_process_flow);
2383 return process_flow(br, flow, packet, actions, tags, nf_output_iface);
2387 bridge_account_flow_ofhook_cb(const flow_t *flow,
2388 const union odp_action *actions,
2389 size_t n_actions, unsigned long long int n_bytes,
2392 struct bridge *br = br_;
2393 const union odp_action *a;
2394 struct port *in_port;
2398 /* Feed information from the active flows back into the learning table
2399 * to ensure that table is always in sync with what is actually flowing
2400 * through the datapath. */
2401 if (is_admissible(br, flow, false, &tags, &vlan, &in_port)) {
2402 update_learning_table(br, flow, vlan, in_port);
2405 if (!br->has_bonded_ports) {
2409 for (a = actions; a < &actions[n_actions]; a++) {
2410 if (a->type == ODPAT_OUTPUT) {
2411 struct port *out_port = port_from_dp_ifidx(br, a->output.port);
2412 if (out_port && out_port->n_ifaces >= 2) {
2413 struct bond_entry *e = lookup_bond_entry(out_port,
2415 e->tx_bytes += n_bytes;
2422 bridge_account_checkpoint_ofhook_cb(void *br_)
2424 struct bridge *br = br_;
2428 if (!br->has_bonded_ports) {
2433 for (i = 0; i < br->n_ports; i++) {
2434 struct port *port = br->ports[i];
2435 if (port->n_ifaces > 1 && now >= port->bond_next_rebalance) {
2436 port->bond_next_rebalance = now + port->bond_rebalance_interval;
2437 bond_rebalance_port(port);
2442 static struct ofhooks bridge_ofhooks = {
2443 bridge_port_changed_ofhook_cb,
2444 bridge_normal_ofhook_cb,
2445 bridge_account_flow_ofhook_cb,
2446 bridge_account_checkpoint_ofhook_cb,
2449 /* Bonding functions. */
2451 /* Statistics for a single interface on a bonded port, used for load-based
2452 * bond rebalancing. */
2453 struct slave_balance {
2454 struct iface *iface; /* The interface. */
2455 uint64_t tx_bytes; /* Sum of hashes[*]->tx_bytes. */
2457 /* All the "bond_entry"s that are assigned to this interface, in order of
2458 * increasing tx_bytes. */
2459 struct bond_entry **hashes;
2463 /* Sorts pointers to pointers to bond_entries in ascending order by the
2464 * interface to which they are assigned, and within a single interface in
2465 * ascending order of bytes transmitted. */
2467 compare_bond_entries(const void *a_, const void *b_)
2469 const struct bond_entry *const *ap = a_;
2470 const struct bond_entry *const *bp = b_;
2471 const struct bond_entry *a = *ap;
2472 const struct bond_entry *b = *bp;
2473 if (a->iface_idx != b->iface_idx) {
2474 return a->iface_idx > b->iface_idx ? 1 : -1;
2475 } else if (a->tx_bytes != b->tx_bytes) {
2476 return a->tx_bytes > b->tx_bytes ? 1 : -1;
2482 /* Sorts slave_balances so that enabled ports come first, and otherwise in
2483 * *descending* order by number of bytes transmitted. */
2485 compare_slave_balance(const void *a_, const void *b_)
2487 const struct slave_balance *a = a_;
2488 const struct slave_balance *b = b_;
2489 if (a->iface->enabled != b->iface->enabled) {
2490 return a->iface->enabled ? -1 : 1;
2491 } else if (a->tx_bytes != b->tx_bytes) {
2492 return a->tx_bytes > b->tx_bytes ? -1 : 1;
2499 swap_bals(struct slave_balance *a, struct slave_balance *b)
2501 struct slave_balance tmp = *a;
2506 /* Restores the 'n_bals' slave_balance structures in 'bals' to sorted order
2507 * given that 'p' (and only 'p') might be in the wrong location.
2509 * This function invalidates 'p', since it might now be in a different memory
2512 resort_bals(struct slave_balance *p,
2513 struct slave_balance bals[], size_t n_bals)
2516 for (; p > bals && p->tx_bytes > p[-1].tx_bytes; p--) {
2517 swap_bals(p, p - 1);
2519 for (; p < &bals[n_bals - 1] && p->tx_bytes < p[1].tx_bytes; p++) {
2520 swap_bals(p, p + 1);
2526 log_bals(const struct slave_balance *bals, size_t n_bals, struct port *port)
2528 if (VLOG_IS_DBG_ENABLED()) {
2529 struct ds ds = DS_EMPTY_INITIALIZER;
2530 const struct slave_balance *b;
2532 for (b = bals; b < bals + n_bals; b++) {
2536 ds_put_char(&ds, ',');
2538 ds_put_format(&ds, " %s %"PRIu64"kB",
2539 b->iface->name, b->tx_bytes / 1024);
2541 if (!b->iface->enabled) {
2542 ds_put_cstr(&ds, " (disabled)");
2544 if (b->n_hashes > 0) {
2545 ds_put_cstr(&ds, " (");
2546 for (i = 0; i < b->n_hashes; i++) {
2547 const struct bond_entry *e = b->hashes[i];
2549 ds_put_cstr(&ds, " + ");
2551 ds_put_format(&ds, "h%td: %"PRIu64"kB",
2552 e - port->bond_hash, e->tx_bytes / 1024);
2554 ds_put_cstr(&ds, ")");
2557 VLOG_DBG("bond %s:%s", port->name, ds_cstr(&ds));
2562 /* Shifts 'hash' from 'from' to 'to' within 'port'. */
2564 bond_shift_load(struct slave_balance *from, struct slave_balance *to,
2567 struct bond_entry *hash = from->hashes[hash_idx];
2568 struct port *port = from->iface->port;
2569 uint64_t delta = hash->tx_bytes;
2571 VLOG_INFO("bond %s: shift %"PRIu64"kB of load (with hash %td) "
2572 "from %s to %s (now carrying %"PRIu64"kB and "
2573 "%"PRIu64"kB load, respectively)",
2574 port->name, delta / 1024, hash - port->bond_hash,
2575 from->iface->name, to->iface->name,
2576 (from->tx_bytes - delta) / 1024,
2577 (to->tx_bytes + delta) / 1024);
2579 /* Delete element from from->hashes.
2581 * We don't bother to add the element to to->hashes because not only would
2582 * it require more work, the only purpose it would be to allow that hash to
2583 * be migrated to another slave in this rebalancing run, and there is no
2584 * point in doing that. */
2585 if (hash_idx == 0) {
2588 memmove(from->hashes + hash_idx, from->hashes + hash_idx + 1,
2589 (from->n_hashes - (hash_idx + 1)) * sizeof *from->hashes);
2593 /* Shift load away from 'from' to 'to'. */
2594 from->tx_bytes -= delta;
2595 to->tx_bytes += delta;
2597 /* Arrange for flows to be revalidated. */
2598 ofproto_revalidate(port->bridge->ofproto, hash->iface_tag);
2599 hash->iface_idx = to->iface->port_ifidx;
2600 hash->iface_tag = tag_create_random();
2604 bond_rebalance_port(struct port *port)
2606 struct slave_balance bals[DP_MAX_PORTS];
2608 struct bond_entry *hashes[BOND_MASK + 1];
2609 struct slave_balance *b, *from, *to;
2610 struct bond_entry *e;
2613 /* Sets up 'bals' to describe each of the port's interfaces, sorted in
2614 * descending order of tx_bytes, so that bals[0] represents the most
2615 * heavily loaded slave and bals[n_bals - 1] represents the least heavily
2618 * The code is a bit tricky: to avoid dynamically allocating a 'hashes'
2619 * array for each slave_balance structure, we sort our local array of
2620 * hashes in order by slave, so that all of the hashes for a given slave
2621 * become contiguous in memory, and then we point each 'hashes' members of
2622 * a slave_balance structure to the start of a contiguous group. */
2623 n_bals = port->n_ifaces;
2624 for (b = bals; b < &bals[n_bals]; b++) {
2625 b->iface = port->ifaces[b - bals];
2630 for (i = 0; i <= BOND_MASK; i++) {
2631 hashes[i] = &port->bond_hash[i];
2633 qsort(hashes, BOND_MASK + 1, sizeof *hashes, compare_bond_entries);
2634 for (i = 0; i <= BOND_MASK; i++) {
2636 if (e->iface_idx >= 0 && e->iface_idx < port->n_ifaces) {
2637 b = &bals[e->iface_idx];
2638 b->tx_bytes += e->tx_bytes;
2640 b->hashes = &hashes[i];
2645 qsort(bals, n_bals, sizeof *bals, compare_slave_balance);
2646 log_bals(bals, n_bals, port);
2648 /* Discard slaves that aren't enabled (which were sorted to the back of the
2649 * array earlier). */
2650 while (!bals[n_bals - 1].iface->enabled) {
2657 /* Shift load from the most-loaded slaves to the least-loaded slaves. */
2658 to = &bals[n_bals - 1];
2659 for (from = bals; from < to; ) {
2660 uint64_t overload = from->tx_bytes - to->tx_bytes;
2661 if (overload < to->tx_bytes >> 5 || overload < 100000) {
2662 /* The extra load on 'from' (and all less-loaded slaves), compared
2663 * to that of 'to' (the least-loaded slave), is less than ~3%, or
2664 * it is less than ~1Mbps. No point in rebalancing. */
2666 } else if (from->n_hashes == 1) {
2667 /* 'from' only carries a single MAC hash, so we can't shift any
2668 * load away from it, even though we want to. */
2671 /* 'from' is carrying significantly more load than 'to', and that
2672 * load is split across at least two different hashes. Pick a hash
2673 * to migrate to 'to' (the least-loaded slave), given that doing so
2674 * must decrease the ratio of the load on the two slaves by at
2677 * The sort order we use means that we prefer to shift away the
2678 * smallest hashes instead of the biggest ones. There is little
2679 * reason behind this decision; we could use the opposite sort
2680 * order to shift away big hashes ahead of small ones. */
2684 for (i = 0; i < from->n_hashes; i++) {
2685 double old_ratio, new_ratio;
2686 uint64_t delta = from->hashes[i]->tx_bytes;
2688 if (delta == 0 || from->tx_bytes - delta == 0) {
2689 /* Pointless move. */
2693 order_swapped = from->tx_bytes - delta < to->tx_bytes + delta;
2695 if (to->tx_bytes == 0) {
2696 /* Nothing on the new slave, move it. */
2700 old_ratio = (double)from->tx_bytes / to->tx_bytes;
2701 new_ratio = (double)(from->tx_bytes - delta) /
2702 (to->tx_bytes + delta);
2704 if (new_ratio == 0) {
2705 /* Should already be covered but check to prevent division
2710 if (new_ratio < 1) {
2711 new_ratio = 1 / new_ratio;
2714 if (old_ratio - new_ratio > 0.1) {
2715 /* Would decrease the ratio, move it. */
2719 if (i < from->n_hashes) {
2720 bond_shift_load(from, to, i);
2721 port->bond_compat_is_stale = true;
2723 /* If the result of the migration changed the relative order of
2724 * 'from' and 'to' swap them back to maintain invariants. */
2725 if (order_swapped) {
2726 swap_bals(from, to);
2729 /* Re-sort 'bals'. Note that this may make 'from' and 'to'
2730 * point to different slave_balance structures. It is only
2731 * valid to do these two operations in a row at all because we
2732 * know that 'from' will not move past 'to' and vice versa. */
2733 resort_bals(from, bals, n_bals);
2734 resort_bals(to, bals, n_bals);
2741 /* Implement exponentially weighted moving average. A weight of 1/2 causes
2742 * historical data to decay to <1% in 7 rebalancing runs. */
2743 for (e = &port->bond_hash[0]; e <= &port->bond_hash[BOND_MASK]; e++) {
2749 bond_send_learning_packets(struct port *port)
2751 struct bridge *br = port->bridge;
2752 struct mac_entry *e;
2753 struct ofpbuf packet;
2754 int error, n_packets, n_errors;
2756 if (!port->n_ifaces || port->active_iface < 0) {
2760 ofpbuf_init(&packet, 128);
2761 error = n_packets = n_errors = 0;
2762 LIST_FOR_EACH (e, struct mac_entry, lru_node, &br->ml->lrus) {
2763 union ofp_action actions[2], *a;
2769 if (e->port == port->port_idx
2770 || !choose_output_iface(port, e->mac, &dp_ifidx, &tags)) {
2774 /* Compose actions. */
2775 memset(actions, 0, sizeof actions);
2778 a->vlan_vid.type = htons(OFPAT_SET_VLAN_VID);
2779 a->vlan_vid.len = htons(sizeof *a);
2780 a->vlan_vid.vlan_vid = htons(e->vlan);
2783 a->output.type = htons(OFPAT_OUTPUT);
2784 a->output.len = htons(sizeof *a);
2785 a->output.port = htons(odp_port_to_ofp_port(dp_ifidx));
2790 compose_benign_packet(&packet, "Open vSwitch Bond Failover", 0xf177,
2792 flow_extract(&packet, 0, ODPP_NONE, &flow);
2793 retval = ofproto_send_packet(br->ofproto, &flow, actions, a - actions,
2800 ofpbuf_uninit(&packet);
2803 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2804 VLOG_WARN_RL(&rl, "bond %s: %d errors sending %d gratuitous learning "
2805 "packets, last error was: %s",
2806 port->name, n_errors, n_packets, strerror(error));
2808 VLOG_DBG("bond %s: sent %d gratuitous learning packets",
2809 port->name, n_packets);
2813 /* Bonding unixctl user interface functions. */
2816 bond_unixctl_list(struct unixctl_conn *conn,
2817 const char *args OVS_UNUSED, void *aux OVS_UNUSED)
2819 struct ds ds = DS_EMPTY_INITIALIZER;
2820 const struct bridge *br;
2822 ds_put_cstr(&ds, "bridge\tbond\tslaves\n");
2824 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
2827 for (i = 0; i < br->n_ports; i++) {
2828 const struct port *port = br->ports[i];
2829 if (port->n_ifaces > 1) {
2832 ds_put_format(&ds, "%s\t%s\t", br->name, port->name);
2833 for (j = 0; j < port->n_ifaces; j++) {
2834 const struct iface *iface = port->ifaces[j];
2836 ds_put_cstr(&ds, ", ");
2838 ds_put_cstr(&ds, iface->name);
2840 ds_put_char(&ds, '\n');
2844 unixctl_command_reply(conn, 200, ds_cstr(&ds));
2848 static struct port *
2849 bond_find(const char *name)
2851 const struct bridge *br;
2853 LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
2856 for (i = 0; i < br->n_ports; i++) {
2857 struct port *port = br->ports[i];
2858 if (!strcmp(port->name, name) && port->n_ifaces > 1) {
2867 bond_unixctl_show(struct unixctl_conn *conn,
2868 const char *args, void *aux OVS_UNUSED)
2870 struct ds ds = DS_EMPTY_INITIALIZER;
2871 const struct port *port;
2874 port = bond_find(args);
2876 unixctl_command_reply(conn, 501, "no such bond");
2880 ds_put_format(&ds, "updelay: %d ms\n", port->updelay);
2881 ds_put_format(&ds, "downdelay: %d ms\n", port->downdelay);
2882 ds_put_format(&ds, "next rebalance: %lld ms\n",
2883 port->bond_next_rebalance - time_msec());
2884 for (j = 0; j < port->n_ifaces; j++) {
2885 const struct iface *iface = port->ifaces[j];
2886 struct bond_entry *be;
2889 ds_put_format(&ds, "slave %s: %s\n",
2890 iface->name, iface->enabled ? "enabled" : "disabled");
2891 if (j == port->active_iface) {
2892 ds_put_cstr(&ds, "\tactive slave\n");
2894 if (iface->delay_expires != LLONG_MAX) {
2895 ds_put_format(&ds, "\t%s expires in %lld ms\n",
2896 iface->enabled ? "downdelay" : "updelay",
2897 iface->delay_expires - time_msec());
2901 for (be = port->bond_hash; be <= &port->bond_hash[BOND_MASK]; be++) {
2902 int hash = be - port->bond_hash;
2903 struct mac_entry *me;
2905 if (be->iface_idx != j) {
2909 ds_put_format(&ds, "\thash %d: %"PRIu64" kB load\n",
2910 hash, be->tx_bytes / 1024);
2913 LIST_FOR_EACH (me, struct mac_entry, lru_node,
2914 &port->bridge->ml->lrus) {
2917 if (bond_hash(me->mac) == hash
2918 && me->port != port->port_idx
2919 && choose_output_iface(port, me->mac, &dp_ifidx, &tags)
2920 && dp_ifidx == iface->dp_ifidx)
2922 ds_put_format(&ds, "\t\t"ETH_ADDR_FMT"\n",
2923 ETH_ADDR_ARGS(me->mac));
2928 unixctl_command_reply(conn, 200, ds_cstr(&ds));
2933 bond_unixctl_migrate(struct unixctl_conn *conn, const char *args_,
2934 void *aux OVS_UNUSED)
2936 char *args = (char *) args_;
2937 char *save_ptr = NULL;
2938 char *bond_s, *hash_s, *slave_s;
2939 uint8_t mac[ETH_ADDR_LEN];
2941 struct iface *iface;
2942 struct bond_entry *entry;
2945 bond_s = strtok_r(args, " ", &save_ptr);
2946 hash_s = strtok_r(NULL, " ", &save_ptr);
2947 slave_s = strtok_r(NULL, " ", &save_ptr);
2949 unixctl_command_reply(conn, 501,
2950 "usage: bond/migrate BOND HASH SLAVE");
2954 port = bond_find(bond_s);
2956 unixctl_command_reply(conn, 501, "no such bond");
2960 if (sscanf(hash_s, ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))
2961 == ETH_ADDR_SCAN_COUNT) {
2962 hash = bond_hash(mac);
2963 } else if (strspn(hash_s, "0123456789") == strlen(hash_s)) {
2964 hash = atoi(hash_s) & BOND_MASK;
2966 unixctl_command_reply(conn, 501, "bad hash");
2970 iface = port_lookup_iface(port, slave_s);
2972 unixctl_command_reply(conn, 501, "no such slave");
2976 if (!iface->enabled) {
2977 unixctl_command_reply(conn, 501, "cannot migrate to disabled slave");
2981 entry = &port->bond_hash[hash];
2982 ofproto_revalidate(port->bridge->ofproto, entry->iface_tag);
2983 entry->iface_idx = iface->port_ifidx;
2984 entry->iface_tag = tag_create_random();
2985 port->bond_compat_is_stale = true;
2986 unixctl_command_reply(conn, 200, "migrated");
2990 bond_unixctl_set_active_slave(struct unixctl_conn *conn, const char *args_,
2991 void *aux OVS_UNUSED)
2993 char *args = (char *) args_;
2994 char *save_ptr = NULL;
2995 char *bond_s, *slave_s;
2997 struct iface *iface;
2999 bond_s = strtok_r(args, " ", &save_ptr);
3000 slave_s = strtok_r(NULL, " ", &save_ptr);
3002 unixctl_command_reply(conn, 501,
3003 "usage: bond/set-active-slave BOND SLAVE");
3007 port = bond_find(bond_s);
3009 unixctl_command_reply(conn, 501, "no such bond");
3013 iface = port_lookup_iface(port, slave_s);
3015 unixctl_command_reply(conn, 501, "no such slave");
3019 if (!iface->enabled) {
3020 unixctl_command_reply(conn, 501, "cannot make disabled slave active");
3024 if (port->active_iface != iface->port_ifidx) {
3025 ofproto_revalidate(port->bridge->ofproto, port->active_iface_tag);
3026 port->active_iface = iface->port_ifidx;
3027 port->active_iface_tag = tag_create_random();
3028 VLOG_INFO("port %s: active interface is now %s",
3029 port->name, iface->name);
3030 bond_send_learning_packets(port);
3031 unixctl_command_reply(conn, 200, "done");
3033 unixctl_command_reply(conn, 200, "no change");
3038 enable_slave(struct unixctl_conn *conn, const char *args_, bool enable)
3040 char *args = (char *) args_;
3041 char *save_ptr = NULL;
3042 char *bond_s, *slave_s;
3044 struct iface *iface;
3046 bond_s = strtok_r(args, " ", &save_ptr);
3047 slave_s = strtok_r(NULL, " ", &save_ptr);
3049 unixctl_command_reply(conn, 501,
3050 "usage: bond/enable/disable-slave BOND SLAVE");
3054 port = bond_find(bond_s);
3056 unixctl_command_reply(conn, 501, "no such bond");
3060 iface = port_lookup_iface(port, slave_s);
3062 unixctl_command_reply(conn, 501, "no such slave");
3066 bond_enable_slave(iface, enable);
3067 unixctl_command_reply(conn, 501, enable ? "enabled" : "disabled");
3071 bond_unixctl_enable_slave(struct unixctl_conn *conn, const char *args,
3072 void *aux OVS_UNUSED)
3074 enable_slave(conn, args, true);
3078 bond_unixctl_disable_slave(struct unixctl_conn *conn, const char *args,
3079 void *aux OVS_UNUSED)
3081 enable_slave(conn, args, false);
3085 bond_unixctl_hash(struct unixctl_conn *conn, const char *args,
3086 void *aux OVS_UNUSED)
3088 uint8_t mac[ETH_ADDR_LEN];
3092 if (sscanf(args, ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))
3093 == ETH_ADDR_SCAN_COUNT) {
3094 hash = bond_hash(mac);
3096 hash_cstr = xasprintf("%u", hash);
3097 unixctl_command_reply(conn, 200, hash_cstr);
3100 unixctl_command_reply(conn, 501, "invalid mac");
3107 unixctl_command_register("bond/list", bond_unixctl_list, NULL);
3108 unixctl_command_register("bond/show", bond_unixctl_show, NULL);
3109 unixctl_command_register("bond/migrate", bond_unixctl_migrate, NULL);
3110 unixctl_command_register("bond/set-active-slave",
3111 bond_unixctl_set_active_slave, NULL);
3112 unixctl_command_register("bond/enable-slave", bond_unixctl_enable_slave,
3114 unixctl_command_register("bond/disable-slave", bond_unixctl_disable_slave,
3116 unixctl_command_register("bond/hash", bond_unixctl_hash, NULL);
3119 /* Port functions. */
3121 static struct port *
3122 port_create(struct bridge *br, const char *name)
3126 port = xzalloc(sizeof *port);
3128 port->port_idx = br->n_ports;
3130 port->trunks = NULL;
3131 port->name = xstrdup(name);
3132 port->active_iface = -1;
3134 if (br->n_ports >= br->allocated_ports) {
3135 br->ports = x2nrealloc(br->ports, &br->allocated_ports,
3138 br->ports[br->n_ports++] = port;
3139 shash_add_assert(&br->port_by_name, port->name, port);
3141 VLOG_INFO("created port %s on bridge %s", port->name, br->name);
3148 get_port_other_config(const struct ovsrec_port *port, const char *key,
3149 const char *default_value)
3151 const char *value = get_ovsrec_key_value(key,
3152 port->key_other_config,
3153 port->value_other_config,
3154 port->n_other_config);
3155 return value ? value : default_value;
3159 port_del_ifaces(struct port *port, const struct ovsrec_port *cfg)
3161 struct shash new_ifaces;
3164 /* Collect list of new interfaces. */
3165 shash_init(&new_ifaces);
3166 for (i = 0; i < cfg->n_interfaces; i++) {
3167 const char *name = cfg->interfaces[i]->name;
3168 shash_add_once(&new_ifaces, name, NULL);
3171 /* Get rid of deleted interfaces. */
3172 for (i = 0; i < port->n_ifaces; ) {
3173 if (!shash_find(&new_ifaces, cfg->interfaces[i]->name)) {
3174 iface_destroy(port->ifaces[i]);
3180 shash_destroy(&new_ifaces);
3184 port_reconfigure(struct port *port, const struct ovsrec_port *cfg)
3186 struct shash new_ifaces;
3187 long long int next_rebalance;
3188 unsigned long *trunks;
3194 /* Update settings. */
3195 port->updelay = cfg->bond_updelay;
3196 if (port->updelay < 0) {
3199 port->updelay = cfg->bond_downdelay;
3200 if (port->downdelay < 0) {
3201 port->downdelay = 0;
3203 port->bond_rebalance_interval = atoi(
3204 get_port_other_config(cfg, "bond-rebalance-interval", "10000"));
3205 if (port->bond_rebalance_interval < 1000) {
3206 port->bond_rebalance_interval = 1000;
3208 next_rebalance = time_msec() + port->bond_rebalance_interval;
3209 if (port->bond_next_rebalance > next_rebalance) {
3210 port->bond_next_rebalance = next_rebalance;
3213 /* Add new interfaces and update 'cfg' member of existing ones. */
3214 shash_init(&new_ifaces);
3215 for (i = 0; i < cfg->n_interfaces; i++) {
3216 const struct ovsrec_interface *if_cfg = cfg->interfaces[i];
3217 struct iface *iface;
3219 if (!shash_add_once(&new_ifaces, if_cfg->name, NULL)) {
3220 VLOG_WARN("port %s: %s specified twice as port interface",
3221 port->name, if_cfg->name);
3225 iface = iface_lookup(port->bridge, if_cfg->name);
3227 if (iface->port != port) {
3228 VLOG_ERR("bridge %s: %s interface is on multiple ports, "
3230 port->bridge->name, if_cfg->name, iface->port->name);
3233 iface->cfg = if_cfg;
3235 iface_create(port, if_cfg);
3238 shash_destroy(&new_ifaces);
3243 if (port->n_ifaces < 2) {
3245 if (vlan >= 0 && vlan <= 4095) {
3246 VLOG_DBG("port %s: assigning VLAN tag %d", port->name, vlan);
3251 /* It's possible that bonded, VLAN-tagged ports make sense. Maybe
3252 * they even work as-is. But they have not been tested. */
3253 VLOG_WARN("port %s: VLAN tags not supported on bonded ports",
3257 if (port->vlan != vlan) {
3259 bridge_flush(port->bridge);
3262 /* Get trunked VLANs. */
3264 if (vlan < 0 && cfg->n_trunks) {
3268 trunks = bitmap_allocate(4096);
3270 for (i = 0; i < cfg->n_trunks; i++) {
3271 int trunk = cfg->trunks[i];
3273 bitmap_set1(trunks, trunk);
3279 VLOG_ERR("port %s: invalid values for %zu trunk VLANs",
3280 port->name, cfg->n_trunks);
3282 if (n_errors == cfg->n_trunks) {
3283 VLOG_ERR("port %s: no valid trunks, trunking all VLANs",
3285 bitmap_free(trunks);
3288 } else if (vlan >= 0 && cfg->n_trunks) {
3289 VLOG_ERR("port %s: ignoring trunks in favor of implicit vlan",
3293 ? port->trunks != NULL
3294 : port->trunks == NULL || !bitmap_equal(trunks, port->trunks, 4096)) {
3295 bridge_flush(port->bridge);
3297 bitmap_free(port->trunks);
3298 port->trunks = trunks;
3302 port_destroy(struct port *port)
3305 struct bridge *br = port->bridge;
3309 proc_net_compat_update_vlan(port->name, NULL, 0);
3310 proc_net_compat_update_bond(port->name, NULL);
3312 for (i = 0; i < MAX_MIRRORS; i++) {
3313 struct mirror *m = br->mirrors[i];
3314 if (m && m->out_port == port) {
3319 while (port->n_ifaces > 0) {
3320 iface_destroy(port->ifaces[port->n_ifaces - 1]);
3323 shash_find_and_delete_assert(&br->port_by_name, port->name);
3325 del = br->ports[port->port_idx] = br->ports[--br->n_ports];
3326 del->port_idx = port->port_idx;
3329 bitmap_free(port->trunks);
3336 static struct port *
3337 port_from_dp_ifidx(const struct bridge *br, uint16_t dp_ifidx)
3339 struct iface *iface = iface_from_dp_ifidx(br, dp_ifidx);
3340 return iface ? iface->port : NULL;
3343 static struct port *
3344 port_lookup(const struct bridge *br, const char *name)
3346 return shash_find_data(&br->port_by_name, name);
3349 static struct iface *
3350 port_lookup_iface(const struct port *port, const char *name)
3352 struct iface *iface = iface_lookup(port->bridge, name);
3353 return iface && iface->port == port ? iface : NULL;
3357 port_update_bonding(struct port *port)
3359 if (port->n_ifaces < 2) {
3360 /* Not a bonded port. */
3361 if (port->bond_hash) {
3362 free(port->bond_hash);
3363 port->bond_hash = NULL;
3364 port->bond_compat_is_stale = true;
3365 port->bond_fake_iface = false;
3368 if (!port->bond_hash) {
3371 port->bond_hash = xcalloc(BOND_MASK + 1, sizeof *port->bond_hash);
3372 for (i = 0; i <= BOND_MASK; i++) {
3373 struct bond_entry *e = &port->bond_hash[i];
3377 port->no_ifaces_tag = tag_create_random();
3378 bond_choose_active_iface(port);
3379 port->bond_next_rebalance
3380 = time_msec() + port->bond_rebalance_interval;
3382 if (port->cfg->bond_fake_iface) {
3383 port->bond_next_fake_iface_update = time_msec();
3386 port->bond_compat_is_stale = true;
3387 port->bond_fake_iface = port->cfg->bond_fake_iface;
3392 port_update_bond_compat(struct port *port)
3394 struct compat_bond_hash compat_hashes[BOND_MASK + 1];
3395 struct compat_bond bond;
3398 if (port->n_ifaces < 2) {
3399 proc_net_compat_update_bond(port->name, NULL);
3404 bond.updelay = port->updelay;
3405 bond.downdelay = port->downdelay;
3408 bond.hashes = compat_hashes;
3409 if (port->bond_hash) {
3410 const struct bond_entry *e;
3411 for (e = port->bond_hash; e <= &port->bond_hash[BOND_MASK]; e++) {
3412 if (e->iface_idx >= 0 && e->iface_idx < port->n_ifaces) {
3413 struct compat_bond_hash *cbh = &bond.hashes[bond.n_hashes++];
3414 cbh->hash = e - port->bond_hash;
3415 cbh->netdev_name = port->ifaces[e->iface_idx]->name;
3420 bond.n_slaves = port->n_ifaces;
3421 bond.slaves = xmalloc(port->n_ifaces * sizeof *bond.slaves);
3422 for (i = 0; i < port->n_ifaces; i++) {
3423 struct iface *iface = port->ifaces[i];
3424 struct compat_bond_slave *slave = &bond.slaves[i];
3425 slave->name = iface->name;
3427 /* We need to make the same determination as the Linux bonding
3428 * code to determine whether a slave should be consider "up".
3429 * The Linux function bond_miimon_inspect() supports four
3430 * BOND_LINK_* states:
3432 * - BOND_LINK_UP: carrier detected, updelay has passed.
3433 * - BOND_LINK_FAIL: carrier lost, downdelay in progress.
3434 * - BOND_LINK_DOWN: carrier lost, downdelay has passed.
3435 * - BOND_LINK_BACK: carrier detected, updelay in progress.
3437 * The function bond_info_show_slave() only considers BOND_LINK_UP
3438 * to be "up" and anything else to be "down".
3440 slave->up = iface->enabled && iface->delay_expires == LLONG_MAX;
3444 netdev_get_etheraddr(iface->netdev, slave->mac);
3447 if (port->bond_fake_iface) {
3448 struct netdev *bond_netdev;
3450 if (!netdev_open_default(port->name, &bond_netdev)) {
3452 netdev_turn_flags_on(bond_netdev, NETDEV_UP, true);
3454 netdev_turn_flags_off(bond_netdev, NETDEV_UP, true);
3456 netdev_close(bond_netdev);
3460 proc_net_compat_update_bond(port->name, &bond);
3465 port_update_vlan_compat(struct port *port)
3467 struct bridge *br = port->bridge;
3468 char *vlandev_name = NULL;
3470 if (port->vlan > 0) {
3471 /* Figure out the name that the VLAN device should actually have, if it
3472 * existed. This takes some work because the VLAN device would not
3473 * have port->name in its name; rather, it would have the trunk port's
3474 * name, and 'port' would be attached to a bridge that also had the
3475 * VLAN device one of its ports. So we need to find a trunk port that
3476 * includes port->vlan.
3478 * There might be more than one candidate. This doesn't happen on
3479 * XenServer, so if it happens we just pick the first choice in
3480 * alphabetical order instead of creating multiple VLAN devices. */
3482 for (i = 0; i < br->n_ports; i++) {
3483 struct port *p = br->ports[i];
3484 if (port_trunks_vlan(p, port->vlan)
3486 && (!vlandev_name || strcmp(p->name, vlandev_name) <= 0))
3488 uint8_t ea[ETH_ADDR_LEN];
3489 netdev_get_etheraddr(p->ifaces[0]->netdev, ea);
3490 if (!eth_addr_is_multicast(ea) &&
3491 !eth_addr_is_reserved(ea) &&
3492 !eth_addr_is_zero(ea)) {
3493 vlandev_name = p->name;
3498 proc_net_compat_update_vlan(port->name, vlandev_name, port->vlan);
3501 /* Interface functions. */
3503 static struct iface *
3504 iface_create(struct port *port, const struct ovsrec_interface *if_cfg)
3506 struct bridge *br = port->bridge;
3507 struct iface *iface;
3508 char *name = if_cfg->name;
3511 iface = xzalloc(sizeof *iface);
3513 iface->port_ifidx = port->n_ifaces;
3514 iface->name = xstrdup(name);
3515 iface->dp_ifidx = -1;
3516 iface->tag = tag_create_random();
3517 iface->delay_expires = LLONG_MAX;
3518 iface->netdev = NULL;
3519 iface->cfg = if_cfg;
3521 shash_add_assert(&br->iface_by_name, iface->name, iface);
3523 /* Attempt to create the network interface in case it doesn't exist yet. */
3524 if (!iface_is_internal(br, iface->name)) {
3525 error = set_up_iface(if_cfg, iface, true);
3527 VLOG_WARN("could not create iface %s: %s", iface->name,
3530 shash_find_and_delete_assert(&br->iface_by_name, iface->name);
3537 if (port->n_ifaces >= port->allocated_ifaces) {
3538 port->ifaces = x2nrealloc(port->ifaces, &port->allocated_ifaces,
3539 sizeof *port->ifaces);
3541 port->ifaces[port->n_ifaces++] = iface;
3542 if (port->n_ifaces > 1) {
3543 br->has_bonded_ports = true;
3546 VLOG_DBG("attached network device %s to port %s", iface->name, port->name);
3554 iface_destroy(struct iface *iface)
3557 struct port *port = iface->port;
3558 struct bridge *br = port->bridge;
3559 bool del_active = port->active_iface == iface->port_ifidx;
3562 shash_find_and_delete_assert(&br->iface_by_name, iface->name);
3564 if (iface->dp_ifidx >= 0) {
3565 port_array_set(&br->ifaces, iface->dp_ifidx, NULL);
3568 del = port->ifaces[iface->port_ifidx] = port->ifaces[--port->n_ifaces];
3569 del->port_ifidx = iface->port_ifidx;
3571 netdev_close(iface->netdev);
3574 ofproto_revalidate(port->bridge->ofproto, port->active_iface_tag);
3575 bond_choose_active_iface(port);
3576 bond_send_learning_packets(port);
3582 bridge_flush(port->bridge);
3586 static struct iface *
3587 iface_lookup(const struct bridge *br, const char *name)
3589 return shash_find_data(&br->iface_by_name, name);
3592 static struct iface *
3593 iface_from_dp_ifidx(const struct bridge *br, uint16_t dp_ifidx)
3595 return port_array_get(&br->ifaces, dp_ifidx);
3598 /* Returns true if 'iface' is the name of an "internal" interface on bridge
3599 * 'br', that is, an interface that is entirely simulated within the datapath.
3600 * The local port (ODPP_LOCAL) is always an internal interface. Other local
3601 * interfaces are created by setting "iface.<iface>.internal = true".
3603 * In addition, we have a kluge-y feature that creates an internal port with
3604 * the name of a bonded port if "bonding.<bondname>.fake-iface = true" is set.
3605 * This feature needs to go away in the long term. Until then, this is one
3606 * reason why this function takes a name instead of a struct iface: the fake
3607 * interfaces created this way do not have a struct iface. */
3609 iface_is_internal(const struct bridge *br, const char *if_name)
3611 struct iface *iface;
3614 if (!strcmp(if_name, br->name)) {
3618 iface = iface_lookup(br, if_name);
3619 if (iface && !strcmp(iface->cfg->type, "internal")) {
3623 port = port_lookup(br, if_name);
3624 if (port && port->n_ifaces > 1 && port->cfg->bond_fake_iface) {
3630 /* Set Ethernet address of 'iface', if one is specified in the configuration
3633 iface_set_mac(struct iface *iface)
3635 uint8_t ea[ETH_ADDR_LEN];
3637 if (iface->cfg->mac && eth_addr_from_string(iface->cfg->mac, ea)) {
3638 if (eth_addr_is_multicast(ea)) {
3639 VLOG_ERR("interface %s: cannot set MAC to multicast address",
3641 } else if (iface->dp_ifidx == ODPP_LOCAL) {
3642 VLOG_ERR("ignoring iface.%s.mac; use bridge.%s.mac instead",
3643 iface->name, iface->name);
3645 int error = netdev_set_etheraddr(iface->netdev, ea);
3647 VLOG_ERR("interface %s: setting MAC failed (%s)",
3648 iface->name, strerror(error));
3655 shash_from_ovs_idl_map(char **keys, char **values, size_t n,
3656 struct shash *shash)
3661 for (i = 0; i < n; i++) {
3662 shash_add(shash, keys[i], values[i]);
3666 struct iface_delete_queues_cbdata {
3667 struct netdev *netdev;
3668 const int64_t *queue_ids;
3673 queue_ids_include(const int64_t *ids, size_t n, int64_t target)
3678 while (low < high) {
3679 size_t mid = low + (high - low) / 2;
3680 if (target > ids[mid]) {
3682 } else if (target < ids[mid]) {
3692 iface_delete_queues(unsigned int queue_id,
3693 const struct shash *details OVS_UNUSED, void *cbdata_)
3695 struct iface_delete_queues_cbdata *cbdata = cbdata_;
3697 if (!queue_ids_include(cbdata->queue_ids, cbdata->n_queue_ids, queue_id)) {
3698 netdev_delete_queue(cbdata->netdev, queue_id);
3703 iface_update_qos(struct iface *iface, const struct ovsrec_qos *qos)
3705 if (!qos || qos->type[0] == '\0') {
3706 netdev_set_qos(iface->netdev, NULL, NULL);
3708 struct iface_delete_queues_cbdata cbdata;
3709 struct shash details;
3712 /* Configure top-level Qos for 'iface'. */
3713 shash_from_ovs_idl_map(qos->key_other_config, qos->value_other_config,
3714 qos->n_other_config, &details);
3715 netdev_set_qos(iface->netdev, qos->type, &details);
3716 shash_destroy(&details);
3718 /* Deconfigure queues that were deleted. */
3719 cbdata.netdev = iface->netdev;
3720 cbdata.queue_ids = qos->key_queues;
3721 cbdata.n_queue_ids = qos->n_queues;
3722 netdev_dump_queues(iface->netdev, iface_delete_queues, &cbdata);
3724 /* Configure queues for 'iface'. */
3725 for (i = 0; i < qos->n_queues; i++) {
3726 const struct ovsrec_queue *queue = qos->value_queues[i];
3727 unsigned int queue_id = qos->key_queues[i];
3729 shash_from_ovs_idl_map(queue->key_other_config,
3730 queue->value_other_config,
3731 queue->n_other_config, &details);
3732 netdev_set_queue(iface->netdev, queue_id, &details);
3733 shash_destroy(&details);
3738 /* Port mirroring. */
3741 mirror_reconfigure(struct bridge *br)
3743 struct shash old_mirrors, new_mirrors;
3744 struct shash_node *node;
3745 unsigned long *rspan_vlans;
3748 /* Collect old mirrors. */
3749 shash_init(&old_mirrors);
3750 for (i = 0; i < MAX_MIRRORS; i++) {
3751 if (br->mirrors[i]) {
3752 shash_add(&old_mirrors, br->mirrors[i]->name, br->mirrors[i]);
3756 /* Collect new mirrors. */
3757 shash_init(&new_mirrors);
3758 for (i = 0; i < br->cfg->n_mirrors; i++) {
3759 struct ovsrec_mirror *cfg = br->cfg->mirrors[i];
3760 if (!shash_add_once(&new_mirrors, cfg->name, cfg)) {
3761 VLOG_WARN("bridge %s: %s specified twice as mirror",
3762 br->name, cfg->name);
3766 /* Get rid of deleted mirrors and add new mirrors. */
3767 SHASH_FOR_EACH (node, &old_mirrors) {
3768 if (!shash_find(&new_mirrors, node->name)) {
3769 mirror_destroy(node->data);
3772 SHASH_FOR_EACH (node, &new_mirrors) {
3773 struct mirror *mirror = shash_find_data(&old_mirrors, node->name);
3775 mirror = mirror_create(br, node->name);
3780 mirror_reconfigure_one(mirror, node->data);
3782 shash_destroy(&old_mirrors);
3783 shash_destroy(&new_mirrors);
3785 /* Update port reserved status. */
3786 for (i = 0; i < br->n_ports; i++) {
3787 br->ports[i]->is_mirror_output_port = false;
3789 for (i = 0; i < MAX_MIRRORS; i++) {
3790 struct mirror *m = br->mirrors[i];
3791 if (m && m->out_port) {
3792 m->out_port->is_mirror_output_port = true;
3796 /* Update flooded vlans (for RSPAN). */
3798 if (br->cfg->n_flood_vlans) {
3799 rspan_vlans = bitmap_allocate(4096);
3801 for (i = 0; i < br->cfg->n_flood_vlans; i++) {
3802 int64_t vlan = br->cfg->flood_vlans[i];
3803 if (vlan >= 0 && vlan < 4096) {
3804 bitmap_set1(rspan_vlans, vlan);
3805 VLOG_INFO("bridge %s: disabling learning on vlan %"PRId64,
3808 VLOG_ERR("bridge %s: invalid value %"PRId64 "for flood VLAN",
3813 if (mac_learning_set_flood_vlans(br->ml, rspan_vlans)) {
3818 static struct mirror *
3819 mirror_create(struct bridge *br, const char *name)
3824 for (i = 0; ; i++) {
3825 if (i >= MAX_MIRRORS) {
3826 VLOG_WARN("bridge %s: maximum of %d port mirrors reached, "
3827 "cannot create %s", br->name, MAX_MIRRORS, name);
3830 if (!br->mirrors[i]) {
3835 VLOG_INFO("created port mirror %s on bridge %s", name, br->name);
3838 br->mirrors[i] = m = xzalloc(sizeof *m);
3841 m->name = xstrdup(name);
3842 shash_init(&m->src_ports);
3843 shash_init(&m->dst_ports);
3853 mirror_destroy(struct mirror *m)
3856 struct bridge *br = m->bridge;
3859 for (i = 0; i < br->n_ports; i++) {
3860 br->ports[i]->src_mirrors &= ~(MIRROR_MASK_C(1) << m->idx);
3861 br->ports[i]->dst_mirrors &= ~(MIRROR_MASK_C(1) << m->idx);
3864 shash_destroy(&m->src_ports);
3865 shash_destroy(&m->dst_ports);
3868 m->bridge->mirrors[m->idx] = NULL;
3876 mirror_collect_ports(struct mirror *m, struct ovsrec_port **ports, int n_ports,
3877 struct shash *names)
3881 for (i = 0; i < n_ports; i++) {
3882 const char *name = ports[i]->name;
3883 if (port_lookup(m->bridge, name)) {
3884 shash_add_once(names, name, NULL);
3886 VLOG_WARN("bridge %s: mirror %s cannot match on nonexistent "
3887 "port %s", m->bridge->name, m->name, name);
3893 mirror_collect_vlans(struct mirror *m, const struct ovsrec_mirror *cfg,
3899 *vlans = xmalloc(sizeof **vlans * cfg->n_select_vlan);
3901 for (i = 0; i < cfg->n_select_vlan; i++) {
3902 int64_t vlan = cfg->select_vlan[i];
3903 if (vlan < 0 || vlan > 4095) {
3904 VLOG_WARN("bridge %s: mirror %s selects invalid VLAN %"PRId64,
3905 m->bridge->name, m->name, vlan);
3907 (*vlans)[n_vlans++] = vlan;
3914 vlan_is_mirrored(const struct mirror *m, int vlan)
3918 for (i = 0; i < m->n_vlans; i++) {
3919 if (m->vlans[i] == vlan) {
3927 port_trunks_any_mirrored_vlan(const struct mirror *m, const struct port *p)
3931 for (i = 0; i < m->n_vlans; i++) {
3932 if (port_trunks_vlan(p, m->vlans[i])) {
3940 mirror_reconfigure_one(struct mirror *m, struct ovsrec_mirror *cfg)
3942 struct shash src_ports, dst_ports;
3943 mirror_mask_t mirror_bit;
3944 struct port *out_port;
3950 /* Get output port. */
3951 if (cfg->output_port) {
3952 out_port = port_lookup(m->bridge, cfg->output_port->name);
3954 VLOG_ERR("bridge %s: mirror %s outputs to port not on bridge",
3955 m->bridge->name, m->name);
3961 if (cfg->output_vlan) {
3962 VLOG_ERR("bridge %s: mirror %s specifies both output port and "
3963 "output vlan; ignoring output vlan",
3964 m->bridge->name, m->name);
3966 } else if (cfg->output_vlan) {
3968 out_vlan = *cfg->output_vlan;
3970 VLOG_ERR("bridge %s: mirror %s does not specify output; ignoring",
3971 m->bridge->name, m->name);
3976 shash_init(&src_ports);
3977 shash_init(&dst_ports);
3978 if (cfg->select_all) {
3979 for (i = 0; i < m->bridge->n_ports; i++) {
3980 const char *name = m->bridge->ports[i]->name;
3981 shash_add_once(&src_ports, name, NULL);
3982 shash_add_once(&dst_ports, name, NULL);
3987 /* Get ports, and drop duplicates and ports that don't exist. */
3988 mirror_collect_ports(m, cfg->select_src_port, cfg->n_select_src_port,
3990 mirror_collect_ports(m, cfg->select_dst_port, cfg->n_select_dst_port,
3993 /* Get all the vlans, and drop duplicate and invalid vlans. */
3994 n_vlans = mirror_collect_vlans(m, cfg, &vlans);
3997 /* Update mirror data. */
3998 if (!shash_equal_keys(&m->src_ports, &src_ports)
3999 || !shash_equal_keys(&m->dst_ports, &dst_ports)
4000 || m->n_vlans != n_vlans
4001 || memcmp(m->vlans, vlans, sizeof *vlans * n_vlans)
4002 || m->out_port != out_port
4003 || m->out_vlan != out_vlan) {
4004 bridge_flush(m->bridge);
4006 shash_swap(&m->src_ports, &src_ports);
4007 shash_swap(&m->dst_ports, &dst_ports);
4010 m->n_vlans = n_vlans;
4011 m->out_port = out_port;
4012 m->out_vlan = out_vlan;
4015 mirror_bit = MIRROR_MASK_C(1) << m->idx;
4016 for (i = 0; i < m->bridge->n_ports; i++) {
4017 struct port *port = m->bridge->ports[i];
4019 if (shash_find(&m->src_ports, port->name)
4022 ? port_trunks_any_mirrored_vlan(m, port)
4023 : vlan_is_mirrored(m, port->vlan)))) {
4024 port->src_mirrors |= mirror_bit;
4026 port->src_mirrors &= ~mirror_bit;
4029 if (shash_find(&m->dst_ports, port->name)) {
4030 port->dst_mirrors |= mirror_bit;
4032 port->dst_mirrors &= ~mirror_bit;
4037 shash_destroy(&src_ports);
4038 shash_destroy(&dst_ports);
git://git.onelab.eu / sliver-openvswitch.git / blob