+/* Table overflow policy. */
+
+/* Chooses and returns a rule to evict from 'table'. Returns NULL if the table
+ * is not configured to evict rules or if the table contains no evictable
+ * rules. (Rules with 'evictable' set to false or with no timeouts are not
+ * evictable.) */
+static struct rule *
+choose_rule_to_evict(struct oftable *table)
+{
+ struct eviction_group *evg;
+
+ if (!table->eviction_fields) {
+ return NULL;
+ }
+
+ /* In the common case, the outer and inner loops here will each be entered
+ * exactly once:
+ *
+ * - The inner loop normally "return"s in its first iteration. If the
+ * eviction group has any evictable rules, then it always returns in
+ * some iteration.
+ *
+ * - The outer loop only iterates more than once if the largest eviction
+ * group has no evictable rules.
+ *
+ * - The outer loop can exit only if table's 'max_flows' is all filled up
+ * by unevictable rules'. */
+ HEAP_FOR_EACH (evg, size_node, &table->eviction_groups_by_size) {
+ struct rule *rule;
+
+ HEAP_FOR_EACH (rule, evg_node, &evg->rules) {
+ if (rule->evictable) {
+ return rule;
+ }
+ }
+ }
+
+ return NULL;
+}
+
+/* Searches 'ofproto' for tables that have more flows than their configured
+ * maximum and that have flow eviction enabled, and evicts as many flows as
+ * necessary and currently feasible from them.
+ *
+ * This triggers only when an OpenFlow table has N flows in it and then the
+ * client configures a maximum number of flows less than N. */
+static void
+ofproto_evict(struct ofproto *ofproto)
+{
+ struct ofopgroup *group;
+ struct oftable *table;
+
+ group = ofopgroup_create_unattached(ofproto);
+ OFPROTO_FOR_EACH_TABLE (table, ofproto) {
+ while (classifier_count(&table->cls) > table->max_flows
+ && table->eviction_fields) {
+ struct rule *rule;
+
+ rule = choose_rule_to_evict(table);
+ if (!rule || rule->pending) {
+ break;
+ }
+
+ ofoperation_create(group, rule,
+ OFOPERATION_DELETE, OFPRR_EVICTION);
+ oftable_remove_rule(rule);
+ ofproto->ofproto_class->rule_destruct(rule);
+ }
+ }
+ ofopgroup_submit(group);
+}
+\f
+/* Eviction groups. */
+
+/* Returns the priority to use for an eviction_group that contains 'n_rules'
+ * rules. The priority contains low-order random bits to ensure that eviction
+ * groups with the same number of rules are prioritized randomly. */
+static uint32_t
+eviction_group_priority(size_t n_rules)
+{
+ uint16_t size = MIN(UINT16_MAX, n_rules);
+ return (size << 16) | random_uint16();
+}
+
+/* Updates 'evg', an eviction_group within 'table', following a change that
+ * adds or removes rules in 'evg'. */
+static void
+eviction_group_resized(struct oftable *table, struct eviction_group *evg)
+{
+ heap_change(&table->eviction_groups_by_size, &evg->size_node,
+ eviction_group_priority(heap_count(&evg->rules)));
+}
+
+/* Destroys 'evg', an eviction_group within 'table':
+ *
+ * - Removes all the rules, if any, from 'evg'. (It doesn't destroy the
+ * rules themselves, just removes them from the eviction group.)
+ *
+ * - Removes 'evg' from 'table'.
+ *
+ * - Frees 'evg'. */
+static void
+eviction_group_destroy(struct oftable *table, struct eviction_group *evg)
+{
+ while (!heap_is_empty(&evg->rules)) {
+ struct rule *rule;
+
+ rule = CONTAINER_OF(heap_pop(&evg->rules), struct rule, evg_node);
+ rule->eviction_group = NULL;
+ }
+ hmap_remove(&table->eviction_groups_by_id, &evg->id_node);
+ heap_remove(&table->eviction_groups_by_size, &evg->size_node);
+ heap_destroy(&evg->rules);
+ free(evg);
+}
+
+/* Removes 'rule' from its eviction group, if any. */
+static void
+eviction_group_remove_rule(struct rule *rule)
+{
+ if (rule->eviction_group) {
+ struct oftable *table = &rule->ofproto->tables[rule->table_id];
+ struct eviction_group *evg = rule->eviction_group;
+
+ rule->eviction_group = NULL;
+ heap_remove(&evg->rules, &rule->evg_node);
+ if (heap_is_empty(&evg->rules)) {
+ eviction_group_destroy(table, evg);
+ } else {
+ eviction_group_resized(table, evg);
+ }
+ }
+}
+
+/* Hashes the 'rule''s values for the eviction_fields of 'rule''s table, and
+ * returns the hash value. */
+static uint32_t
+eviction_group_hash_rule(struct rule *rule)
+{
+ struct oftable *table = &rule->ofproto->tables[rule->table_id];
+ const struct mf_subfield *sf;
+ struct flow flow;
+ uint32_t hash;
+
+ hash = table->eviction_group_id_basis;
+ miniflow_expand(&rule->cr.match.flow, &flow);
+ for (sf = table->eviction_fields;
+ sf < &table->eviction_fields[table->n_eviction_fields];
+ sf++)
+ {
+ if (mf_are_prereqs_ok(sf->field, &flow)) {
+ union mf_value value;
+
+ mf_get_value(sf->field, &flow, &value);
+ if (sf->ofs) {
+ bitwise_zero(&value, sf->field->n_bytes, 0, sf->ofs);
+ }
+ if (sf->ofs + sf->n_bits < sf->field->n_bytes * 8) {
+ unsigned int start = sf->ofs + sf->n_bits;
+ bitwise_zero(&value, sf->field->n_bytes, start,
+ sf->field->n_bytes * 8 - start);
+ }
+ hash = hash_bytes(&value, sf->field->n_bytes, hash);
+ } else {
+ hash = hash_int(hash, 0);
+ }
+ }
+
+ return hash;
+}
+
+/* Returns an eviction group within 'table' with the given 'id', creating one
+ * if necessary. */
+static struct eviction_group *
+eviction_group_find(struct oftable *table, uint32_t id)
+{
+ struct eviction_group *evg;
+
+ HMAP_FOR_EACH_WITH_HASH (evg, id_node, id, &table->eviction_groups_by_id) {
+ return evg;
+ }
+
+ evg = xmalloc(sizeof *evg);
+ hmap_insert(&table->eviction_groups_by_id, &evg->id_node, id);
+ heap_insert(&table->eviction_groups_by_size, &evg->size_node,
+ eviction_group_priority(0));
+ heap_init(&evg->rules);
+
+ return evg;
+}
+
+/* Returns an eviction priority for 'rule'. The return value should be
+ * interpreted so that higher priorities make a rule more attractive candidates
+ * for eviction. */
+static uint32_t
+rule_eviction_priority(struct rule *rule)
+{
+ long long int hard_expiration;
+ long long int idle_expiration;
+ long long int expiration;
+ uint32_t expiration_offset;
+
+ /* Calculate time of expiration. */
+ hard_expiration = (rule->hard_timeout
+ ? rule->modified + rule->hard_timeout * 1000
+ : LLONG_MAX);
+ idle_expiration = (rule->idle_timeout
+ ? rule->used + rule->idle_timeout * 1000
+ : LLONG_MAX);
+ expiration = MIN(hard_expiration, idle_expiration);
+ if (expiration == LLONG_MAX) {
+ return 0;
+ }
+
+ /* Calculate the time of expiration as a number of (approximate) seconds
+ * after program startup.
+ *
+ * This should work OK for program runs that last UINT32_MAX seconds or
+ * less. Therefore, please restart OVS at least once every 136 years. */
+ expiration_offset = (expiration >> 10) - (time_boot_msec() >> 10);
+
+ /* Invert the expiration offset because we're using a max-heap. */
+ return UINT32_MAX - expiration_offset;
+}
+
+/* Adds 'rule' to an appropriate eviction group for its oftable's
+ * configuration. Does nothing if 'rule''s oftable doesn't have eviction
+ * enabled, or if 'rule' is a permanent rule (one that will never expire on its
+ * own).
+ *
+ * The caller must ensure that 'rule' is not already in an eviction group. */
+static void
+eviction_group_add_rule(struct rule *rule)
+{
+ struct ofproto *ofproto = rule->ofproto;
+ struct oftable *table = &ofproto->tables[rule->table_id];
+
+ if (table->eviction_fields
+ && (rule->hard_timeout || rule->idle_timeout)) {
+ struct eviction_group *evg;
+
+ evg = eviction_group_find(table, eviction_group_hash_rule(rule));
+
+ rule->eviction_group = evg;
+ heap_insert(&evg->rules, &rule->evg_node,
+ rule_eviction_priority(rule));
+ eviction_group_resized(table, evg);
+ }
+}
+\f
+/* oftables. */
+
+/* Initializes 'table'. */
+static void
+oftable_init(struct oftable *table)
+{
+ memset(table, 0, sizeof *table);
+ classifier_init(&table->cls);
+ table->max_flows = UINT_MAX;
+}
+
+/* Destroys 'table', including its classifier and eviction groups.
+ *
+ * The caller is responsible for freeing 'table' itself. */
+static void
+oftable_destroy(struct oftable *table)
+{
+ assert(classifier_is_empty(&table->cls));
+ oftable_disable_eviction(table);
+ classifier_destroy(&table->cls);
+ free(table->name);
+}
+
+/* Changes the name of 'table' to 'name'. If 'name' is NULL or the empty
+ * string, then 'table' will use its default name.
+ *
+ * This only affects the name exposed for a table exposed through the OpenFlow
+ * OFPST_TABLE (as printed by "ovs-ofctl dump-tables"). */
+static void
+oftable_set_name(struct oftable *table, const char *name)
+{
+ if (name && name[0]) {
+ int len = strnlen(name, OFP_MAX_TABLE_NAME_LEN);
+ if (!table->name || strncmp(name, table->name, len)) {
+ free(table->name);
+ table->name = xmemdup0(name, len);
+ }
+ } else {
+ free(table->name);
+ table->name = NULL;
+ }
+}
+
+/* oftables support a choice of two policies when adding a rule would cause the
+ * number of flows in the table to exceed the configured maximum number: either
+ * they can refuse to add the new flow or they can evict some existing flow.
+ * This function configures the former policy on 'table'. */
+static void
+oftable_disable_eviction(struct oftable *table)
+{
+ if (table->eviction_fields) {
+ struct eviction_group *evg, *next;
+
+ HMAP_FOR_EACH_SAFE (evg, next, id_node,
+ &table->eviction_groups_by_id) {
+ eviction_group_destroy(table, evg);
+ }
+ hmap_destroy(&table->eviction_groups_by_id);
+ heap_destroy(&table->eviction_groups_by_size);
+
+ free(table->eviction_fields);
+ table->eviction_fields = NULL;
+ table->n_eviction_fields = 0;
+ }
+}
+
+/* oftables support a choice of two policies when adding a rule would cause the
+ * number of flows in the table to exceed the configured maximum number: either
+ * they can refuse to add the new flow or they can evict some existing flow.
+ * This function configures the latter policy on 'table', with fairness based
+ * on the values of the 'n_fields' fields specified in 'fields'. (Specifying
+ * 'n_fields' as 0 disables fairness.) */
+static void
+oftable_enable_eviction(struct oftable *table,
+ const struct mf_subfield *fields, size_t n_fields)
+{
+ struct cls_cursor cursor;
+ struct rule *rule;
+
+ if (table->eviction_fields
+ && n_fields == table->n_eviction_fields
+ && (!n_fields
+ || !memcmp(fields, table->eviction_fields,
+ n_fields * sizeof *fields))) {
+ /* No change. */
+ return;
+ }
+
+ oftable_disable_eviction(table);
+
+ table->n_eviction_fields = n_fields;
+ table->eviction_fields = xmemdup(fields, n_fields * sizeof *fields);
+
+ table->eviction_group_id_basis = random_uint32();
+ hmap_init(&table->eviction_groups_by_id);
+ heap_init(&table->eviction_groups_by_size);
+
+ cls_cursor_init(&cursor, &table->cls, NULL);
+ CLS_CURSOR_FOR_EACH (rule, cr, &cursor) {
+ eviction_group_add_rule(rule);
+ }
+}
+
+/* Removes 'rule' from the oftable that contains it. */
+static void
+oftable_remove_rule(struct rule *rule)
+{
+ struct ofproto *ofproto = rule->ofproto;
+ struct oftable *table = &ofproto->tables[rule->table_id];
+
+ classifier_remove(&table->cls, &rule->cr);
+ eviction_group_remove_rule(rule);
+}
+
+/* Inserts 'rule' into its oftable. Removes any existing rule from 'rule''s
+ * oftable that has an identical cls_rule. Returns the rule that was removed,
+ * if any, and otherwise NULL. */
+static struct rule *
+oftable_replace_rule(struct rule *rule)
+{
+ struct ofproto *ofproto = rule->ofproto;
+ struct oftable *table = &ofproto->tables[rule->table_id];
+ struct rule *victim;
+
+ victim = rule_from_cls_rule(classifier_replace(&table->cls, &rule->cr));
+ if (victim) {
+ eviction_group_remove_rule(victim);
+ }
+ eviction_group_add_rule(rule);
+ return victim;
+}
+
+/* Removes 'old' from its oftable then, if 'new' is nonnull, inserts 'new'. */
+static void
+oftable_substitute_rule(struct rule *old, struct rule *new)
+{
+ if (new) {
+ oftable_replace_rule(new);
+ } else {
+ oftable_remove_rule(old);
+ }
+}
+\f