* Stanford Junior University
*/
+#include <linux/netdevice.h>
+#include <linux/etherdevice.h>
#include <linux/if_ether.h>
#include <linux/if_vlan.h>
#include <linux/in.h>
static struct sk_buff *retrieve_skb(uint32_t id);
static void discard_skb(uint32_t id);
-/* 'skb' was received on 'in_port', a physical switch port between 0 and
- * OFPP_MAX. Process it according to 'chain'. */
-void fwd_port_input(struct sw_chain *chain, struct sk_buff *skb, int in_port)
+/* 'skb' was received on port 'p', which may be a physical switch port, the
+ * local port, or a null pointer. Process it according to 'chain'. Returns 0
+ * if successful, in which case 'skb' is destroyed, or -ESRCH if there is no
+ * matching flow, in which case 'skb' still belongs to the caller. */
+int run_flow_through_tables(struct sw_chain *chain, struct sk_buff *skb,
+ struct net_bridge_port *p)
{
+ /* Ethernet address used as the destination for STP frames. */
+ static const uint8_t stp_eth_addr[ETH_ALEN]
+ = { 0x01, 0x80, 0xC2, 0x00, 0x00, 0x01 };
struct sw_flow_key key;
struct sw_flow *flow;
- flow_extract(skb, in_port, &key);
+ if (flow_extract(skb, p ? p->port_no : OFPP_NONE, &key)
+ && (chain->dp->flags & OFPC_FRAG_MASK) == OFPC_FRAG_DROP) {
+ /* Drop fragment. */
+ kfree_skb(skb);
+ return 0;
+ }
+ if (p && p->flags & (OFPPFL_NO_RECV | OFPPFL_NO_RECV_STP) &&
+ p->flags & (compare_ether_addr(key.dl_dst, stp_eth_addr)
+ ? OFPPFL_NO_RECV : OFPPFL_NO_RECV_STP)) {
+ kfree_skb(skb);
+ return 0;
+ }
+
flow = chain_lookup(chain, &key);
if (likely(flow != NULL)) {
+ struct sw_flow_actions *sf_acts = rcu_dereference(flow->sf_acts);
flow_used(flow, skb);
execute_actions(chain->dp, skb, &key,
- flow->actions, flow->n_actions);
+ sf_acts->actions, sf_acts->n_actions, 0);
+ return 0;
} else {
+ return -ESRCH;
+ }
+}
+
+/* 'skb' was received on port 'p', which may be a physical switch port, the
+ * local port, or a null pointer. Process it according to 'chain', sending it
+ * up to the controller if no flow matches. Takes ownership of 'skb'. */
+void fwd_port_input(struct sw_chain *chain, struct sk_buff *skb,
+ struct net_bridge_port *p)
+{
+ if (run_flow_through_tables(chain, skb, p))
dp_output_control(chain->dp, skb, fwd_save_skb(skb),
chain->dp->miss_send_len,
OFPR_NO_MATCH);
- }
}
static int do_output(struct datapath *dp, struct sk_buff *skb, size_t max_len,
- int out_port)
+ int out_port, int ignore_no_fwd)
{
if (!skb)
return -ENOMEM;
return (likely(out_port != OFPP_CONTROLLER)
- ? dp_output_port(dp, skb, out_port)
+ ? dp_output_port(dp, skb, out_port, ignore_no_fwd)
: dp_output_control(dp, skb, fwd_save_skb(skb),
max_len, OFPR_ACTION));
}
void execute_actions(struct datapath *dp, struct sk_buff *skb,
- const struct sw_flow_key *key,
- const struct ofp_action *actions, int n_actions)
+ const struct sw_flow_key *key,
+ const struct ofp_action *actions, int n_actions,
+ int ignore_no_fwd)
{
/* Every output action needs a separate clone of 'skb', but the common
* case is just a single output action, so that doing a clone and
if (prev_port != -1) {
do_output(dp, skb_clone(skb, GFP_ATOMIC),
- max_len, prev_port);
+ max_len, prev_port, ignore_no_fwd);
prev_port = -1;
}
max_len = ntohs(a->arg.output.max_len);
} else {
if (!make_writable(&skb)) {
- printk("make_writable failed\n");
+ if (net_ratelimit())
+ printk("make_writable failed\n");
break;
}
skb = execute_setter(skb, eth_proto, key, a);
+ if (!skb) {
+ if (net_ratelimit())
+ printk("execute_setter lost skb\n");
+ return;
+ }
}
}
if (prev_port != -1)
- do_output(dp, skb, max_len, prev_port);
+ do_output(dp, skb, max_len, prev_port, ignore_no_fwd);
else
kfree_skb(skb);
}
static struct sk_buff *modify_vlan(struct sk_buff *skb,
const struct sw_flow_key *key, const struct ofp_action *a)
{
- uint16_t new_id = a->arg.vlan_id;
+ uint16_t new_id = ntohs(a->arg.vlan_id);
if (new_id != OFP_VLAN_NONE) {
if (key->dl_vlan != htons(OFP_VLAN_NONE)) {
/* Modify vlan id, but maintain other TCI values */
struct vlan_ethhdr *vh = vlan_eth_hdr(skb);
vh->h_vlan_TCI = (vh->h_vlan_TCI
- & ~(htons(VLAN_VID_MASK))) | htons(new_id);
+ & ~(htons(VLAN_VID_MASK))) | a->arg.vlan_id;
} else {
/* Add vlan header */
- skb = vlan_put_tag(skb, new_id);
+
+ /* xxx The vlan_put_tag function, doesn't seem to work
+ * xxx reliably when it attempts to use the hardware-accelerated
+ * xxx version. We'll directly use the software version
+ * xxx until the problem can be diagnosed.
+ */
+ skb = __vlan_put_tag(skb, new_id);
}
} else {
/* Remove an existing vlan header if it exists */
return skb;
}
+static int
+recv_hello(struct sw_chain *chain, const struct sender *sender,
+ const void *msg)
+{
+ return dp_send_hello(chain->dp, sender, msg);
+}
+
static int
recv_features_request(struct sw_chain *chain, const struct sender *sender,
const void *msg)
const void *msg)
{
const struct ofp_switch_config *osc = msg;
+ int flags;
+
+ flags = ntohs(osc->flags) & (OFPC_SEND_FLOW_EXP | OFPC_FRAG_MASK);
+ if ((flags & OFPC_FRAG_MASK) != OFPC_FRAG_NORMAL
+ && (flags & OFPC_FRAG_MASK) != OFPC_FRAG_DROP) {
+ flags = (flags & ~OFPC_FRAG_MASK) | OFPC_FRAG_DROP;
+ }
+ chain->dp->flags = flags;
- chain->dp->flags = ntohs(osc->flags);
chain->dp->miss_send_len = ntohs(osc->miss_send_len);
return 0;
struct sk_buff *skb;
struct vlan_ethhdr *mac;
int nh_ofs;
+ struct sw_flow_key key;
+ int n_actions = ntohs(opo->n_actions);
+ int act_len = n_actions * sizeof opo->actions[0];
+
+ if (act_len > (ntohs(opo->header.length) - sizeof *opo)) {
+ if (net_ratelimit())
+ printk("message too short for number of actions\n");
+ return -EINVAL;
+ }
if (ntohl(opo->buffer_id) == (uint32_t) -1) {
- int data_len = ntohs(opo->header.length) - sizeof *opo;
+ int data_len = ntohs(opo->header.length) - sizeof *opo - act_len;
/* FIXME: there is likely a way to reuse the data in msg. */
skb = alloc_skb(data_len, GFP_ATOMIC);
/* FIXME? We don't reserve NET_IP_ALIGN or NET_SKB_PAD since
* we're just transmitting this raw without examining anything
* at those layers. */
- memcpy(skb_put(skb, data_len), opo->u.data, data_len);
- dp_set_origin(chain->dp, ntohs(opo->in_port), skb);
+ memcpy(skb_put(skb, data_len), &opo->actions[n_actions], data_len);
skb_set_mac_header(skb, 0);
mac = vlan_eth_hdr(skb);
else
nh_ofs = sizeof(struct vlan_ethhdr);
skb_set_network_header(skb, nh_ofs);
-
- dp_output_port(chain->dp, skb, ntohs(opo->out_port));
} else {
- struct sw_flow_key key;
- int n_acts;
-
skb = retrieve_skb(ntohl(opo->buffer_id));
if (!skb)
return -ESRCH;
- dp_set_origin(chain->dp, ntohs(opo->in_port), skb);
-
- n_acts = (ntohs(opo->header.length) - sizeof *opo)
- / sizeof *opo->u.actions;
- flow_extract(skb, ntohs(opo->in_port), &key);
- execute_actions(chain->dp, skb, &key, opo->u.actions, n_acts);
}
+
+ dp_set_origin(chain->dp, ntohs(opo->in_port), skb);
+
+ flow_extract(skb, ntohs(opo->in_port), &key);
+ execute_actions(chain->dp, skb, &key, opo->actions, n_actions, 1);
+
return 0;
}
{
const struct ofp_port_mod *opm = msg;
- dp_update_port_flags(chain->dp, &opm->desc);
+ dp_update_port_flags(chain->dp, opm);
return 0;
}
+static int
+recv_echo_request(struct sw_chain *chain, const struct sender *sender,
+ const void *msg)
+{
+ return dp_send_echo_reply(chain->dp, sender, msg);
+}
+
+static int
+recv_echo_reply(struct sw_chain *chain, const struct sender *sender,
+ const void *msg)
+{
+ return 0;
+}
+
static int
add_flow(struct sw_chain *chain, const struct ofp_flow_mod *ofm)
{
int error = -ENOMEM;
int i;
- int n_acts;
+ int n_actions;
struct sw_flow *flow;
- /* Check number of actions. */
- n_acts = (ntohs(ofm->header.length) - sizeof *ofm) / sizeof *ofm->actions;
- if (n_acts > MAX_ACTIONS) {
- error = -E2BIG;
- goto error;
- }
-
/* To prevent loops, make sure there's no action to send to the
* OFP_TABLE virtual port.
*/
- for (i=0; i<n_acts; i++) {
+ n_actions = (ntohs(ofm->header.length) - sizeof *ofm)
+ / sizeof *ofm->actions;
+ for (i=0; i<n_actions; i++) {
const struct ofp_action *a = &ofm->actions[i];
if (a->type == htons(OFPAT_OUTPUT)
- && a->arg.output.port == htons(OFPP_TABLE)) {
+ && (a->arg.output.port == htons(OFPP_TABLE)
+ || a->arg.output.port == htons(OFPP_NONE)
+ || a->arg.output.port == ofm->match.in_port)) {
/* xxx Send fancy new error message? */
goto error;
}
}
/* Allocate memory. */
- flow = flow_alloc(n_acts, GFP_ATOMIC);
+ flow = flow_alloc(n_actions, GFP_ATOMIC);
if (flow == NULL)
goto error;
/* Fill out flow. */
flow_extract_match(&flow->key, &ofm->match);
- flow->group_id = ntohl(ofm->group_id);
- flow->max_idle = ntohs(ofm->max_idle);
- flow->priority = ntohs(ofm->priority);
- flow->timeout = jiffies + flow->max_idle * HZ;
- flow->n_actions = n_acts;
+ flow->priority = flow->key.wildcards ? ntohs(ofm->priority) : -1;
+ flow->idle_timeout = ntohs(ofm->idle_timeout);
+ flow->hard_timeout = ntohs(ofm->hard_timeout);
+ flow->used = jiffies;
flow->init_time = jiffies;
flow->byte_count = 0;
flow->packet_count = 0;
- atomic_set(&flow->deleted, 0);
spin_lock_init(&flow->lock);
- memcpy(flow->actions, ofm->actions, n_acts * sizeof *flow->actions);
+ memcpy(flow->sf_acts->actions, ofm->actions,
+ n_actions * sizeof *flow->sf_acts->actions);
/* Act. */
error = chain_insert(chain, flow);
struct sw_flow_key key;
flow_used(flow, skb);
flow_extract(skb, ntohs(ofm->match.in_port), &key);
- execute_actions(chain->dp, skb, &key,
- ofm->actions, n_acts);
+ execute_actions(chain->dp, skb, &key, ofm->actions, n_actions, 0);
}
else
error = -ESRCH;
return error;
}
+static int
+mod_flow(struct sw_chain *chain, const struct ofp_flow_mod *ofm)
+{
+ int error = -ENOMEM;
+ int i;
+ int n_actions;
+ struct sw_flow_key key;
+ uint16_t priority;
+ int strict;
+
+ /* To prevent loops, make sure there's no action to send to the
+ * OFP_TABLE virtual port.
+ */
+ n_actions = (ntohs(ofm->header.length) - sizeof *ofm)
+ / sizeof *ofm->actions;
+ for (i=0; i<n_actions; i++) {
+ const struct ofp_action *a = &ofm->actions[i];
+
+ if (a->type == htons(OFPAT_OUTPUT)
+ && (a->arg.output.port == htons(OFPP_TABLE)
+ || a->arg.output.port == htons(OFPP_NONE)
+ || a->arg.output.port == ofm->match.in_port)) {
+ /* xxx Send fancy new error message? */
+ goto error;
+ }
+ }
+
+ flow_extract_match(&key, &ofm->match);
+ priority = key.wildcards ? ntohs(ofm->priority) : -1;
+ strict = (ofm->command == htons(OFPFC_MODIFY_STRICT)) ? 1 : 0;
+ chain_modify(chain, &key, priority, strict, ofm->actions, n_actions);
+
+ if (ntohl(ofm->buffer_id) != (uint32_t) -1) {
+ struct sk_buff *skb = retrieve_skb(ntohl(ofm->buffer_id));
+ if (skb) {
+ struct sw_flow_key skb_key;
+ flow_extract(skb, ntohs(ofm->match.in_port), &skb_key);
+ execute_actions(chain->dp, skb, &skb_key,
+ ofm->actions, n_actions, 0);
+ }
+ else
+ error = -ESRCH;
+ }
+ return error;
+
+error:
+ if (ntohl(ofm->buffer_id) != (uint32_t) -1)
+ discard_skb(ntohl(ofm->buffer_id));
+ return error;
+}
+
static int
recv_flow(struct sw_chain *chain, const struct sender *sender, const void *msg)
{
if (command == OFPFC_ADD) {
return add_flow(chain, ofm);
+ } else if ((command == OFPFC_MODIFY) || (command == OFPFC_MODIFY_STRICT)) {
+ return mod_flow(chain, ofm);
} else if (command == OFPFC_DELETE) {
struct sw_flow_key key;
flow_extract_match(&key, &ofm->match);
- return chain_delete(chain, &key, 0) ? 0 : -ESRCH;
+ return chain_delete(chain, &key, 0, 0) ? 0 : -ESRCH;
} else if (command == OFPFC_DELETE_STRICT) {
struct sw_flow_key key;
+ uint16_t priority;
flow_extract_match(&key, &ofm->match);
- return chain_delete(chain, &key, 1) ? 0 : -ESRCH;
- } else {
- return -ENOTSUPP;
- }
-}
-
-static int
-recv_flow_stats_request(struct sw_chain *chain, const struct sender *sender,
- const void *msg)
-{
- const struct ofp_flow_stats_request *fsr = msg;
- if (fsr->type == OFPFS_INDIV) {
- return dp_send_flow_stats(chain->dp, sender, &fsr->match);
+ priority = key.wildcards ? ntohs(ofm->priority) : -1;
+ return chain_delete(chain, &key, priority, 1) ? 0 : -ESRCH;
} else {
- /* FIXME */
return -ENOTSUPP;
}
}
-static int
-recv_port_stats_request(struct sw_chain *chain, const struct sender *sender,
- const void *msg)
-{
- return dp_send_port_stats(chain->dp, sender);
-}
-
-static int
-recv_table_stats_request(struct sw_chain *chain, const struct sender *sender,
- const void *msg)
-{
- return dp_send_table_stats(chain->dp, sender);
-}
-
/* 'msg', which is 'length' bytes long, was received across Netlink from
* 'sender'. Apply it to 'chain'. */
int
};
static const struct openflow_packet packets[] = {
+ [OFPT_HELLO] = {
+ sizeof (struct ofp_header),
+ recv_hello,
+ },
[OFPT_FEATURES_REQUEST] = {
sizeof (struct ofp_header),
recv_features_request,
sizeof (struct ofp_port_mod),
recv_port_mod,
},
- [OFPT_FLOW_STATS_REQUEST] = {
- sizeof (struct ofp_flow_stats_request),
- recv_flow_stats_request,
- },
- [OFPT_PORT_STATS_REQUEST] = {
- sizeof (struct ofp_port_stats_request),
- recv_port_stats_request,
+ [OFPT_ECHO_REQUEST] = {
+ sizeof (struct ofp_header),
+ recv_echo_request,
},
- [OFPT_TABLE_STATS_REQUEST] = {
- sizeof (struct ofp_table_stats_request),
- recv_table_stats_request,
+ [OFPT_ECHO_REPLY] = {
+ sizeof (struct ofp_header),
+ recv_echo_reply,
},
};
- const struct openflow_packet *pkt;
struct ofp_header *oh;
oh = (struct ofp_header *) msg;
- if (oh->version != OFP_VERSION || oh->type >= ARRAY_SIZE(packets)
- || ntohs(oh->length) > length)
+ if (oh->version != OFP_VERSION
+ && oh->type != OFPT_HELLO
+ && oh->type != OFPT_ERROR
+ && oh->type != OFPT_ECHO_REQUEST
+ && oh->type != OFPT_ECHO_REPLY
+ && oh->type != OFPT_VENDOR)
+ {
+ dp_send_error_msg(chain->dp, sender, OFPET_BAD_REQUEST,
+ OFPBRC_BAD_VERSION, msg, length);
+ return -EINVAL;
+ }
+ if (ntohs(oh->length) > length)
return -EINVAL;
- pkt = &packets[oh->type];
- if (!pkt->handler)
- return -ENOSYS;
- if (length < pkt->min_size)
- return -EFAULT;
-
- return pkt->handler(chain, sender, msg);
+ if (oh->type < ARRAY_SIZE(packets)) {
+ const struct openflow_packet *pkt = &packets[oh->type];
+ if (pkt->handler) {
+ if (length < pkt->min_size)
+ return -EFAULT;
+ return pkt->handler(chain, sender, msg);
+ }
+ }
+ dp_send_error_msg(chain->dp, sender, OFPET_BAD_REQUEST,
+ OFPBRC_BAD_TYPE, msg, length);
+ return -EINVAL;
}
/* Packet buffering. */
uint32_t fwd_save_skb(struct sk_buff *skb)
{
+ struct sk_buff *old_skb = NULL;
struct packet_buffer *p;
unsigned long int flags;
uint32_t id;
if (time_before(jiffies, p->exp_jiffies)) {
spin_unlock_irqrestore(&buffer_lock, flags);
return -1;
- } else
- kfree_skb(p->skb);
+ } else {
+ /* Defer kfree_skb() until interrupts re-enabled. */
+ old_skb = p->skb;
+ }
}
/* Don't use maximum cookie value since the all-bits-1 id is
* special. */
id = buffer_idx | (p->cookie << PKT_BUFFER_BITS);
spin_unlock_irqrestore(&buffer_lock, flags);
+ if (old_skb)
+ kfree_skb(old_skb);
+
return id;
}
return skb;
}
+void fwd_discard_all(void)
+{
+ int i;
+
+ for (i = 0; i < N_PKT_BUFFERS; i++) {
+ struct sk_buff *skb;
+ unsigned long int flags;
+
+ /* Defer kfree_skb() until interrupts re-enabled. */
+ spin_lock_irqsave(&buffer_lock, flags);
+ skb = buffers[i].skb;
+ buffers[i].skb = NULL;
+ spin_unlock_irqrestore(&buffer_lock, flags);
+
+ kfree_skb(skb);
+ }
+}
+
static void discard_skb(uint32_t id)
{
+ struct sk_buff *old_skb = NULL;
unsigned long int flags;
struct packet_buffer *p;
spin_lock_irqsave(&buffer_lock, flags);
p = &buffers[id & PKT_BUFFER_MASK];
if (p->cookie == id >> PKT_BUFFER_BITS) {
- kfree_skb(p->skb);
+ /* Defer kfree_skb() until interrupts re-enabled. */
+ old_skb = p->skb;
p->skb = NULL;
}
spin_unlock_irqrestore(&buffer_lock, flags);
+
+ if (old_skb)
+ kfree_skb(old_skb);
}
void fwd_exit(void)
{
- int i;
-
- for (i = 0; i < N_PKT_BUFFERS; i++)
- kfree_skb(buffers[i].skb);
+ fwd_discard_all();
}
/* Utility functions. */
if (skb_shared(*pskb) || skb_cloned(*pskb))
goto copy_skb;
- return pskb_may_pull(*pskb, 64); /* FIXME? */
+ return pskb_may_pull(*pskb, 40); /* FIXME? */
copy_skb:
nskb = skb_copy(*pskb, GFP_ATOMIC);