/* Use the high 32 bits of the cookie field as the tunnel ID in the flow
* match. */
NXT_TUN_ID_FROM_COOKIE,
+
+ /* Controller role support. The request body is struct nx_role_request.
+ * The reply echos the request. */
+ NXT_ROLE_REQUEST,
+ NXT_ROLE_REPLY
};
struct nicira_header {
};
OFP_ASSERT(sizeof(struct nxt_tun_id_cookie) == 24);
+/* Configures the "role" of the sending controller. The default role is:
+ *
+ * - Other (NX_ROLE_OTHER), which allows the controller access to all
+ * OpenFlow features.
+ *
+ * The other possible roles are a related pair:
+ *
+ * - Master (NX_ROLE_MASTER) is equivalent to Other, except that there may
+ * be at most one Master controller at a time: when a controller
+ * configures itself as Master, any existing Master is demoted to the
+ * Slave role.
+ *
+ * - Slave (NX_ROLE_SLAVE) allows the controller read-only access to
+ * OpenFlow features. In particular attempts to modify the flow table
+ * will be rejected with an OFPBRC_EPERM error.
+ *
+ * Slave controllers also do not receive asynchronous messages
+ * (OFPT_PACKET_IN, OFPT_FLOW_REMOVED, OFPT_PORT_STATUS).
+ */
+struct nx_role_request {
+ struct nicira_header nxh;
+ uint32_t role; /* One of NX_ROLE_*. */
+};
+
+enum nx_role {
+ NX_ROLE_OTHER, /* Default role, full access. */
+ NX_ROLE_MASTER, /* Full access, at most one. */
+ NX_ROLE_SLAVE /* Read-only access. */
+};
+
enum nx_action_subtype {
NXAST_SNAT__OBSOLETE, /* No longer used. */
* Following the lookup, the original in_port is restored.
*
* If the modified flow matched in the flow table, then the corresponding
- * actions are executed, except that NXAST_RESUBMIT actions found in the
- * secondary set of actions are ignored. Afterward, actions following
- * NXAST_RESUBMIT in the original set of actions, if any, are executed; any
- * changes made to the packet (e.g. changes to VLAN) by secondary actions
- * persist when those actions are executed, although the original in_port
- * is restored.
+ * actions are executed. Afterward, actions following NXAST_RESUBMIT in
+ * the original set of actions, if any, are executed; any changes made to
+ * the packet (e.g. changes to VLAN) by secondary actions persist when
+ * those actions are executed, although the original in_port is restored.
*
* NXAST_RESUBMIT may be used any number of times within a set of actions.
+ *
+ * NXAST_RESUBMIT may nest to an implementation-defined depth. Beyond this
+ * implementation-defined depth, further NXAST_RESUBMIT actions are simply
+ * ignored. (Open vSwitch 1.0.1 and earlier did not support recursion.)
*/
NXAST_RESUBMIT,
- NXAST_SET_TUNNEL /* Set encapsulating tunnel ID. */
+ /* Set encapsulating tunnel ID. */
+ NXAST_SET_TUNNEL,
+
+ /* Stops processing further actions, if the packet being processed is an
+ * Ethernet+IPv4 ARP packet for which the source Ethernet address inside
+ * the ARP packet differs from the source Ethernet address in the Ethernet
+ * header.
+ *
+ * This is useful because OpenFlow does not provide a way to match on the
+ * Ethernet addresses inside ARP packets, so there is no other way to drop
+ * spoofed ARPs other than sending every ARP packet to a controller. */
+ NXAST_DROP_SPOOFED_ARP
};
/* Action structure for NXAST_RESUBMIT. */
git://git.onelab.eu / sliver-openvswitch.git / blobdiff