/*
- * Copyright (c) 2009, 2010 Nicira Networks.
+ * Copyright (c) 2009, 2010, 2011, 2012, 2013 Nicira, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <config.h>
#include "classifier.h"
-#include <assert.h>
#include <errno.h>
#include <netinet/in.h>
#include "byte-order.h"
#include "packets.h"
static struct cls_table *find_table(const struct classifier *,
- const struct flow_wildcards *);
+ const struct minimask *);
static struct cls_table *insert_table(struct classifier *,
- const struct flow_wildcards *);
+ const struct minimask *);
-static struct cls_table *classifier_first_table(const struct classifier *);
-static struct cls_table *classifier_next_table(const struct classifier *,
- const struct cls_table *);
static void destroy_table(struct classifier *, struct cls_table *);
+static void update_tables_after_insertion(struct classifier *,
+ struct cls_table *,
+ unsigned int new_priority);
+static void update_tables_after_removal(struct classifier *,
+ struct cls_table *,
+ unsigned int del_priority);
+
static struct cls_rule *find_match(const struct cls_table *,
const struct flow *);
-static struct cls_rule *find_equal(struct cls_table *, const struct flow *,
- uint32_t hash);
-static struct cls_rule *insert_rule(struct cls_table *, struct cls_rule *);
-
-static bool flow_equal_except(const struct flow *, const struct flow *,
- const struct flow_wildcards *);
-static void zero_wildcards(struct flow *, const struct flow_wildcards *);
+static struct cls_rule *find_equal(struct cls_table *,
+ const struct miniflow *, uint32_t hash);
+static struct cls_rule *insert_rule(struct classifier *,
+ struct cls_table *, struct cls_rule *);
/* Iterates RULE over HEAD and all of the cls_rules on HEAD->list. */
#define FOR_EACH_RULE_IN_LIST(RULE, HEAD) \
static struct cls_rule *next_rule_in_list__(struct cls_rule *);
static struct cls_rule *next_rule_in_list(struct cls_rule *);
+\f
+/* cls_rule. */
-static struct cls_table *
-cls_table_from_hmap_node(const struct hmap_node *node)
-{
- return node ? CONTAINER_OF(node, struct cls_table, hmap_node) : NULL;
-}
-
-/* Converts the flow in 'flow' into a cls_rule in 'rule', with the given
- * 'wildcards' and 'priority'. */
-void
-cls_rule_init(const struct flow *flow, const struct flow_wildcards *wildcards,
- unsigned int priority, struct cls_rule *rule)
-{
- rule->flow = *flow;
- rule->wc = *wildcards;
- rule->priority = priority;
- cls_rule_zero_wildcarded_fields(rule);
-}
-
-/* Converts the flow in 'flow' into an exact-match cls_rule in 'rule', with the
- * given 'priority'. (For OpenFlow 1.0, exact-match rule are always highest
- * priority, so 'priority' should be at least 65535.) */
+/* Initializes 'rule' to match packets specified by 'match' at the given
+ * 'priority'. 'match' must satisfy the invariant described in the comment at
+ * the definition of struct match.
+ *
+ * The caller must eventually destroy 'rule' with cls_rule_destroy().
+ *
+ * (OpenFlow uses priorities between 0 and UINT16_MAX, inclusive, but
+ * internally Open vSwitch supports a wider range.) */
void
-cls_rule_init_exact(const struct flow *flow,
- unsigned int priority, struct cls_rule *rule)
+cls_rule_init(struct cls_rule *rule,
+ const struct match *match, unsigned int priority)
{
- rule->flow = *flow;
- flow_wildcards_init_exact(&rule->wc);
+ minimatch_init(&rule->match, match);
rule->priority = priority;
}
-/* Initializes 'rule' as a "catch-all" rule that matches every packet, with
- * priority 'priority'. */
+/* Same as cls_rule_init() for initialization from a "struct minimatch". */
void
-cls_rule_init_catchall(struct cls_rule *rule, unsigned int priority)
+cls_rule_init_from_minimatch(struct cls_rule *rule,
+ const struct minimatch *match,
+ unsigned int priority)
{
- memset(&rule->flow, 0, sizeof rule->flow);
- flow_wildcards_init_catchall(&rule->wc);
+ minimatch_clone(&rule->match, match);
rule->priority = priority;
}
-/* For each bit or field wildcarded in 'rule', sets the corresponding bit or
- * field in 'flow' to all-0-bits. It is important to maintain this invariant
- * in a clr_rule that might be inserted into a classifier.
+/* Initializes 'dst' as a copy of 'src'.
*
- * It is never necessary to call this function directly for a cls_rule that is
- * initialized or modified only by cls_rule_*() functions. It is useful to
- * restore the invariant in a cls_rule whose 'wc' member is modified by hand.
- */
-void
-cls_rule_zero_wildcarded_fields(struct cls_rule *rule)
-{
- zero_wildcards(&rule->flow, &rule->wc);
-}
-
-void
-cls_rule_set_reg(struct cls_rule *rule, unsigned int reg_idx, uint32_t value)
-{
- cls_rule_set_reg_masked(rule, reg_idx, value, UINT32_MAX);
-}
-
-void
-cls_rule_set_reg_masked(struct cls_rule *rule, unsigned int reg_idx,
- uint32_t value, uint32_t mask)
-{
- assert(reg_idx < FLOW_N_REGS);
- flow_wildcards_set_reg_mask(&rule->wc, reg_idx, mask);
- rule->flow.regs[reg_idx] = value & mask;
-}
-
-void
-cls_rule_set_tun_id(struct cls_rule *rule, ovs_be64 tun_id)
-{
- rule->wc.wildcards &= ~FWW_TUN_ID;
- rule->flow.tun_id = tun_id;
-}
-
-void
-cls_rule_set_in_port(struct cls_rule *rule, uint16_t odp_port)
-{
- rule->wc.wildcards &= ~FWW_IN_PORT;
- rule->flow.in_port = odp_port;
-}
-
-void
-cls_rule_set_dl_type(struct cls_rule *rule, ovs_be16 dl_type)
-{
- rule->wc.wildcards &= ~FWW_DL_TYPE;
- rule->flow.dl_type = dl_type;
-}
-
-void
-cls_rule_set_dl_src(struct cls_rule *rule, const uint8_t dl_src[ETH_ADDR_LEN])
-{
- rule->wc.wildcards &= ~FWW_DL_SRC;
- memcpy(rule->flow.dl_src, dl_src, ETH_ADDR_LEN);
-}
-
-void
-cls_rule_set_dl_dst(struct cls_rule *rule, const uint8_t dl_dst[ETH_ADDR_LEN])
-{
- rule->wc.wildcards &= ~(FWW_DL_DST | FWW_ETH_MCAST);
- memcpy(rule->flow.dl_dst, dl_dst, ETH_ADDR_LEN);
-}
-
+ * The caller must eventually destroy 'rule' with cls_rule_destroy(). */
void
-cls_rule_set_dl_tci(struct cls_rule *rule, ovs_be16 tci)
+cls_rule_clone(struct cls_rule *dst, const struct cls_rule *src)
{
- cls_rule_set_dl_tci_masked(rule, tci, htons(0xffff));
+ minimatch_clone(&dst->match, &src->match);
+ dst->priority = src->priority;
}
-void
-cls_rule_set_dl_tci_masked(struct cls_rule *rule, ovs_be16 tci, ovs_be16 mask)
-{
- rule->flow.vlan_tci = tci & mask;
- rule->wc.vlan_tci_mask = mask;
-}
-
-/* Modifies 'rule' so that the VLAN VID is wildcarded. If the PCP is already
- * wildcarded, then 'rule' will match a packet regardless of whether it has an
- * 802.1Q header or not. */
-void
-cls_rule_set_any_vid(struct cls_rule *rule)
-{
- if (rule->wc.vlan_tci_mask & htons(VLAN_PCP_MASK)) {
- rule->wc.vlan_tci_mask &= ~htons(VLAN_VID_MASK);
- rule->flow.vlan_tci &= ~htons(VLAN_VID_MASK);
- } else {
- cls_rule_set_dl_tci_masked(rule, htons(0), htons(0));
- }
-}
-
-/* Modifies 'rule' depending on 'dl_vlan':
- *
- * - If 'dl_vlan' is htons(OFP_VLAN_NONE), makes 'rule' match only packets
- * without an 802.1Q header.
+/* Frees memory referenced by 'rule'. Doesn't free 'rule' itself (it's
+ * normally embedded into a larger structure).
*
- * - Otherwise, makes 'rule' match only packets with an 802.1Q header whose
- * VID equals the low 12 bits of 'dl_vlan'.
- */
-void
-cls_rule_set_dl_vlan(struct cls_rule *rule, ovs_be16 dl_vlan)
-{
- if (dl_vlan == htons(OFP_VLAN_NONE)) {
- cls_rule_set_dl_tci(rule, htons(0));
- } else {
- dl_vlan &= htons(VLAN_VID_MASK);
- rule->flow.vlan_tci &= ~htons(VLAN_VID_MASK);
- rule->flow.vlan_tci |= htons(VLAN_CFI) | dl_vlan;
- rule->wc.vlan_tci_mask |= htons(VLAN_VID_MASK | VLAN_CFI);
- }
-}
-
-/* Modifies 'rule' so that the VLAN PCP is wildcarded. If the VID is already
- * wildcarded, then 'rule' will match a packet regardless of whether it has an
- * 802.1Q header or not. */
+ * ('rule' must not currently be in a classifier.) */
void
-cls_rule_set_any_pcp(struct cls_rule *rule)
+cls_rule_destroy(struct cls_rule *rule)
{
- if (rule->wc.vlan_tci_mask & htons(VLAN_VID_MASK)) {
- rule->wc.vlan_tci_mask &= ~htons(VLAN_PCP_MASK);
- rule->flow.vlan_tci &= ~htons(VLAN_PCP_MASK);
- } else {
- cls_rule_set_dl_tci_masked(rule, htons(0), htons(0));
- }
-}
-
-/* Modifies 'rule' so that it matches only packets with an 802.1Q header whose
- * PCP equals the low 3 bits of 'dl_vlan_pcp'. */
-void
-cls_rule_set_dl_vlan_pcp(struct cls_rule *rule, uint8_t dl_vlan_pcp)
-{
- dl_vlan_pcp &= 0x07;
- rule->flow.vlan_tci &= ~htons(VLAN_PCP_MASK);
- rule->flow.vlan_tci |= htons((dl_vlan_pcp << VLAN_PCP_SHIFT) | VLAN_CFI);
- rule->wc.vlan_tci_mask |= htons(VLAN_CFI | VLAN_PCP_MASK);
-}
-
-void
-cls_rule_set_tp_src(struct cls_rule *rule, ovs_be16 tp_src)
-{
- rule->wc.wildcards &= ~FWW_TP_SRC;
- rule->flow.tp_src = tp_src;
-}
-
-void
-cls_rule_set_tp_dst(struct cls_rule *rule, ovs_be16 tp_dst)
-{
- rule->wc.wildcards &= ~FWW_TP_DST;
- rule->flow.tp_dst = tp_dst;
-}
-
-void
-cls_rule_set_nw_proto(struct cls_rule *rule, uint8_t nw_proto)
-{
- rule->wc.wildcards &= ~FWW_NW_PROTO;
- rule->flow.nw_proto = nw_proto;
-}
-
-void
-cls_rule_set_nw_src(struct cls_rule *rule, ovs_be32 nw_src)
-{
- cls_rule_set_nw_src_masked(rule, nw_src, htonl(UINT32_MAX));
+ minimatch_destroy(&rule->match);
}
-bool
-cls_rule_set_nw_src_masked(struct cls_rule *rule, ovs_be32 ip, ovs_be32 mask)
-{
- if (flow_wildcards_set_nw_src_mask(&rule->wc, mask)) {
- rule->flow.nw_src = ip & mask;
- return true;
- } else {
- return false;
- }
-}
-
-void
-cls_rule_set_nw_dst(struct cls_rule *rule, ovs_be32 nw_dst)
-{
- cls_rule_set_nw_dst_masked(rule, nw_dst, htonl(UINT32_MAX));
-}
-
-bool
-cls_rule_set_nw_dst_masked(struct cls_rule *rule, ovs_be32 ip, ovs_be32 mask)
-{
- if (flow_wildcards_set_nw_dst_mask(&rule->wc, mask)) {
- rule->flow.nw_dst = ip & mask;
- return true;
- } else {
- return false;
- }
-}
-
-void
-cls_rule_set_nw_tos(struct cls_rule *rule, uint8_t nw_tos)
-{
- rule->wc.wildcards &= ~FWW_NW_TOS;
- rule->flow.nw_tos = nw_tos & IP_DSCP_MASK;
-}
-
-void
-cls_rule_set_icmp_type(struct cls_rule *rule, uint8_t icmp_type)
-{
- rule->wc.wildcards &= ~FWW_TP_SRC;
- rule->flow.icmp_type = htons(icmp_type);
-
-}
-
-void
-cls_rule_set_icmp_code(struct cls_rule *rule, uint8_t icmp_code)
-{
- rule->wc.wildcards &= ~FWW_TP_DST;
- rule->flow.icmp_code = htons(icmp_code);
-}
-
-/* Returns true if 'a' and 'b' have the same priority, wildcard the same
- * fields, and have the same values for fixed fields, otherwise false. */
+/* Returns true if 'a' and 'b' match the same packets at the same priority,
+ * false if they differ in some way. */
bool
cls_rule_equal(const struct cls_rule *a, const struct cls_rule *b)
{
- return (a->priority == b->priority
- && flow_wildcards_equal(&a->wc, &b->wc)
- && flow_equal(&a->flow, &b->flow));
+ return a->priority == b->priority && minimatch_equal(&a->match, &b->match);
}
-static void
-format_ip_netmask(struct ds *s, const char *name, ovs_be32 ip,
- ovs_be32 netmask)
-{
- if (netmask) {
- ds_put_format(s, "%s="IP_FMT, name, IP_ARGS(&ip));
- if (netmask != htonl(UINT32_MAX)) {
- if (ip_is_cidr(netmask)) {
- int wcbits = ofputil_netmask_to_wcbits(netmask);
- ds_put_format(s, "/%d", 32 - wcbits);
- } else {
- ds_put_format(s, "/"IP_FMT, IP_ARGS(&netmask));
- }
- }
- ds_put_char(s, ',');
- }
+/* Returns a hash value for 'rule', folding in 'basis'. */
+uint32_t
+cls_rule_hash(const struct cls_rule *rule, uint32_t basis)
+{
+ return minimatch_hash(&rule->match, hash_int(rule->priority, basis));
}
+/* Appends a string describing 'rule' to 's'. */
void
cls_rule_format(const struct cls_rule *rule, struct ds *s)
{
- const struct flow_wildcards *wc = &rule->wc;
- size_t start_len = s->length;
- flow_wildcards_t w = wc->wildcards;
- const struct flow *f = &rule->flow;
- bool skip_type = false;
- bool skip_proto = false;
-
- int i;
-
- if (rule->priority != OFP_DEFAULT_PRIORITY) {
- ds_put_format(s, "priority=%d,", rule->priority);
- }
-
- if (!(w & FWW_DL_TYPE)) {
- skip_type = true;
- if (f->dl_type == htons(ETH_TYPE_IP)) {
- if (!(w & FWW_NW_PROTO)) {
- skip_proto = true;
- if (f->nw_proto == IP_TYPE_ICMP) {
- ds_put_cstr(s, "icmp,");
- } else if (f->nw_proto == IP_TYPE_TCP) {
- ds_put_cstr(s, "tcp,");
- } else if (f->nw_proto == IP_TYPE_UDP) {
- ds_put_cstr(s, "udp,");
- } else {
- ds_put_cstr(s, "ip,");
- skip_proto = false;
- }
- } else {
- ds_put_cstr(s, "ip,");
- }
- } else if (f->dl_type == htons(ETH_TYPE_ARP)) {
- ds_put_cstr(s, "arp,");
- } else {
- skip_type = false;
- }
- }
- for (i = 0; i < FLOW_N_REGS; i++) {
- switch (wc->reg_masks[i]) {
- case 0:
- break;
- case UINT32_MAX:
- ds_put_format(s, "reg%d=0x%"PRIx32",", i, f->regs[i]);
- break;
- default:
- ds_put_format(s, "reg%d=0x%"PRIx32"/0x%"PRIx32",",
- i, f->regs[i], wc->reg_masks[i]);
- break;
- }
- }
- if (!(w & FWW_TUN_ID)) {
- ds_put_format(s, "tun_id=0x%"PRIx64",", ntohll(f->tun_id));
- }
- if (!(w & FWW_IN_PORT)) {
- ds_put_format(s, "in_port=%"PRIu16",",
- odp_port_to_ofp_port(f->in_port));
- }
- if (wc->vlan_tci_mask) {
- ovs_be16 vid_mask = wc->vlan_tci_mask & htons(VLAN_VID_MASK);
- ovs_be16 pcp_mask = wc->vlan_tci_mask & htons(VLAN_PCP_MASK);
- ovs_be16 cfi = wc->vlan_tci_mask & htons(VLAN_CFI);
-
- if (cfi && f->vlan_tci & htons(VLAN_CFI)
- && (!vid_mask || vid_mask == htons(VLAN_VID_MASK))
- && (!pcp_mask || pcp_mask == htons(VLAN_PCP_MASK))
- && (vid_mask || pcp_mask)) {
- if (vid_mask) {
- ds_put_format(s, "dl_vlan=%"PRIu16",",
- vlan_tci_to_vid(f->vlan_tci));
- }
- if (pcp_mask) {
- ds_put_format(s, "dl_vlan_pcp=%d,",
- vlan_tci_to_pcp(f->vlan_tci));
- }
- } else {
- ds_put_format(s, "vlan_tci=0x%04"PRIx16"/0x%04"PRIx16",",
- ntohs(f->vlan_tci), ntohs(wc->vlan_tci_mask));
- }
- }
- if (!(w & FWW_DL_SRC)) {
- ds_put_format(s, "dl_src="ETH_ADDR_FMT",", ETH_ADDR_ARGS(f->dl_src));
- }
- switch (w & (FWW_DL_DST | FWW_ETH_MCAST)) {
- case 0:
- ds_put_format(s, "dl_dst="ETH_ADDR_FMT",", ETH_ADDR_ARGS(f->dl_dst));
- break;
- case FWW_DL_DST:
- ds_put_format(s, "dl_dst="ETH_ADDR_FMT"/01:00:00:00:00:00,",
- ETH_ADDR_ARGS(f->dl_dst));
- break;
- case FWW_ETH_MCAST:
- ds_put_format(s, "dl_dst="ETH_ADDR_FMT"/fe:ff:ff:ff:ff:ff,",
- ETH_ADDR_ARGS(f->dl_dst));
- break;
- case FWW_DL_DST | FWW_ETH_MCAST:
- break;
- }
- if (!skip_type && !(w & FWW_DL_TYPE)) {
- ds_put_format(s, "dl_type=0x%04"PRIx16",", ntohs(f->dl_type));
- }
- format_ip_netmask(s, "nw_src", f->nw_src, wc->nw_src_mask);
- format_ip_netmask(s, "nw_dst", f->nw_dst, wc->nw_dst_mask);
- if (!skip_proto && !(w & FWW_NW_PROTO)) {
- if (f->dl_type == htons(ETH_TYPE_ARP)) {
- ds_put_format(s, "opcode=%"PRIu8",", f->nw_proto);
- } else {
- ds_put_format(s, "nw_proto=%"PRIu8",", f->nw_proto);
- }
- }
- if (!(w & FWW_NW_TOS)) {
- ds_put_format(s, "nw_tos=%"PRIu8",", f->nw_tos);
- }
- if (f->nw_proto == IP_TYPE_ICMP) {
- if (!(w & FWW_TP_SRC)) {
- ds_put_format(s, "icmp_type=%"PRIu16",", ntohs(f->tp_src));
- }
- if (!(w & FWW_TP_DST)) {
- ds_put_format(s, "icmp_code=%"PRIu16",", ntohs(f->tp_dst));
- }
- } else {
- if (!(w & FWW_TP_SRC)) {
- ds_put_format(s, "tp_src=%"PRIu16",", ntohs(f->tp_src));
- }
- if (!(w & FWW_TP_DST)) {
- ds_put_format(s, "tp_dst=%"PRIu16",", ntohs(f->tp_dst));
- }
- }
-
- if (s->length > start_len && ds_last(s) == ',') {
- s->length--;
- }
+ minimatch_format(&rule->match, s, rule->priority);
}
-/* Converts 'rule' to a string and returns the string. The caller must free
- * the string (with free()). */
-char *
-cls_rule_to_string(const struct cls_rule *rule)
-{
- struct ds s = DS_EMPTY_INITIALIZER;
- cls_rule_format(rule, &s);
- return ds_steal_cstr(&s);
-}
-
-void
-cls_rule_print(const struct cls_rule *rule)
+/* Returns true if 'rule' matches every packet, false otherwise. */
+bool
+cls_rule_is_catchall(const struct cls_rule *rule)
{
- char *s = cls_rule_to_string(rule);
- puts(s);
- free(s);
+ return minimask_is_catchall(&rule->match.mask);
}
\f
/* Initializes 'cls' as a classifier that initially contains no classification
{
cls->n_rules = 0;
hmap_init(&cls->tables);
+ list_init(&cls->tables_priority);
}
/* Destroys 'cls'. Rules within 'cls', if any, are not freed; this is the
struct cls_table *table, *next_table;
HMAP_FOR_EACH_SAFE (table, next_table, hmap_node, &cls->tables) {
- hmap_destroy(&table->rules);
- hmap_remove(&cls->tables, &table->hmap_node);
- free(table);
+ destroy_table(cls, table);
}
hmap_destroy(&cls->tables);
}
return cls->n_rules == 0;
}
-/* Returns the number of rules in 'classifier'. */
+/* Returns the number of rules in 'cls'. */
int
classifier_count(const struct classifier *cls)
{
* If 'cls' already contains an identical rule (including wildcards, values of
* fixed fields, and priority), replaces the old rule by 'rule' and returns the
* rule that was replaced. The caller takes ownership of the returned rule and
- * is thus responsible for freeing it, etc., as necessary.
+ * is thus responsible for destroying it with cls_rule_destroy(), freeing the
+ * memory block in which it resides, etc., as necessary.
*
* Returns NULL if 'cls' does not contain a rule with an identical key, after
* inserting the new rule. In this case, no rules are displaced by the new
* rule, even rules that cannot have any effect because the new rule matches a
* superset of their flows and has higher priority. */
struct cls_rule *
-classifier_insert(struct classifier *cls, struct cls_rule *rule)
+classifier_replace(struct classifier *cls, struct cls_rule *rule)
{
struct cls_rule *old_rule;
struct cls_table *table;
- table = find_table(cls, &rule->wc);
+ table = find_table(cls, &rule->match.mask);
if (!table) {
- table = insert_table(cls, &rule->wc);
+ table = insert_table(cls, &rule->match.mask);
}
- old_rule = insert_rule(table, rule);
+ old_rule = insert_rule(cls, table, rule);
if (!old_rule) {
table->n_table_rules++;
cls->n_rules++;
return old_rule;
}
-/* Removes 'rule' from 'cls'. It is the caller's responsibility to free
- * 'rule', if this is desirable. */
+/* Inserts 'rule' into 'cls'. Until 'rule' is removed from 'cls', the caller
+ * must not modify or free it.
+ *
+ * 'cls' must not contain an identical rule (including wildcards, values of
+ * fixed fields, and priority). Use classifier_find_rule_exactly() to find
+ * such a rule. */
+void
+classifier_insert(struct classifier *cls, struct cls_rule *rule)
+{
+ struct cls_rule *displaced_rule = classifier_replace(cls, rule);
+ ovs_assert(!displaced_rule);
+}
+
+/* Removes 'rule' from 'cls'. It is the caller's responsibility to destroy
+ * 'rule' with cls_rule_destroy(), freeing the memory block in which 'rule'
+ * resides, etc., as necessary. */
void
classifier_remove(struct classifier *cls, struct cls_rule *rule)
{
struct cls_rule *head;
struct cls_table *table;
- table = find_table(cls, &rule->wc);
- head = find_equal(table, &rule->flow, rule->hmap_node.hash);
+ table = find_table(cls, &rule->match.mask);
+ head = find_equal(table, &rule->match.flow, rule->hmap_node.hash);
if (head != rule) {
list_remove(&rule->list);
} else if (list_is_empty(&rule->list)) {
if (--table->n_table_rules == 0) {
destroy_table(cls, table);
+ } else {
+ update_tables_after_removal(cls, table, rule->priority);
}
-
cls->n_rules--;
}
/* Finds and returns the highest-priority rule in 'cls' that matches 'flow'.
* Returns a null pointer if no rules in 'cls' match 'flow'. If multiple rules
- * of equal priority match 'flow', returns one arbitrarily. */
+ * of equal priority match 'flow', returns one arbitrarily.
+ *
+ * If a rule is found and 'wc' is non-null, bitwise-OR's 'wc' with the
+ * set of bits that were significant in the lookup. At some point
+ * earlier, 'wc' should have been initialized (e.g., by
+ * flow_wildcards_init_catchall()). */
struct cls_rule *
-classifier_lookup(const struct classifier *cls, const struct flow *flow)
+classifier_lookup(const struct classifier *cls, const struct flow *flow,
+ struct flow_wildcards *wc)
{
struct cls_table *table;
struct cls_rule *best;
best = NULL;
- HMAP_FOR_EACH (table, hmap_node, &cls->tables) {
+ LIST_FOR_EACH (table, list_node, &cls->tables_priority) {
struct cls_rule *rule = find_match(table, flow);
- if (rule && (!best || rule->priority > best->priority)) {
+
+ if (wc) {
+ flow_wildcards_fold_minimask(wc, &table->mask);
+ }
+ if (rule) {
best = rule;
+ LIST_FOR_EACH_CONTINUE (table, list_node, &cls->tables_priority) {
+ if (table->max_priority <= best->priority) {
+ /* Tables in descending priority order,
+ * can not find anything better. */
+ return best;
+ }
+ rule = find_match(table, flow);
+ if (wc) {
+ flow_wildcards_fold_minimask(wc, &table->mask);
+ }
+ if (rule && rule->priority > best->priority) {
+ best = rule;
+ }
+ }
+ break;
}
}
return best;
/* Finds and returns a rule in 'cls' with exactly the same priority and
* matching criteria as 'target'. Returns a null pointer if 'cls' doesn't
- * contain an exact match.
- *
- * Priority is ignored for exact-match rules (because OpenFlow 1.0 always
- * treats exact-match rules as highest priority). */
+ * contain an exact match. */
struct cls_rule *
classifier_find_rule_exactly(const struct classifier *cls,
const struct cls_rule *target)
struct cls_rule *head, *rule;
struct cls_table *table;
- table = find_table(cls, &target->wc);
+ table = find_table(cls, &target->match.mask);
if (!table) {
return NULL;
}
- head = find_equal(table, &target->flow, flow_hash(&target->flow, 0));
- if (flow_wildcards_is_exact(&target->wc)) {
- return head;
+ /* Skip if there is no hope. */
+ if (target->priority > table->max_priority) {
+ return NULL;
}
+
+ head = find_equal(table, &target->match.flow,
+ miniflow_hash_in_minimask(&target->match.flow,
+ &target->match.mask, 0));
FOR_EACH_RULE_IN_LIST (rule, head) {
if (target->priority >= rule->priority) {
return target->priority == rule->priority ? rule : NULL;
return NULL;
}
+/* Finds and returns a rule in 'cls' with priority 'priority' and exactly the
+ * same matching criteria as 'target'. Returns a null pointer if 'cls' doesn't
+ * contain an exact match. */
+struct cls_rule *
+classifier_find_match_exactly(const struct classifier *cls,
+ const struct match *target,
+ unsigned int priority)
+{
+ struct cls_rule *retval;
+ struct cls_rule cr;
+
+ cls_rule_init(&cr, target, priority);
+ retval = classifier_find_rule_exactly(cls, &cr);
+ cls_rule_destroy(&cr);
+
+ return retval;
+}
+
/* Checks if 'target' would overlap any other rule in 'cls'. Two rules are
* considered to overlap if both rules have the same priority and a packet
* could match both. */
{
struct cls_table *table;
- HMAP_FOR_EACH (table, hmap_node, &cls->tables) {
- struct flow_wildcards wc;
+ /* Iterate tables in the descending max priority order. */
+ LIST_FOR_EACH (table, list_node, &cls->tables_priority) {
+ uint32_t storage[FLOW_U32S];
+ struct minimask mask;
struct cls_rule *head;
- flow_wildcards_combine(&wc, &target->wc, &table->wc);
+ if (target->priority > table->max_priority) {
+ break; /* Can skip this and the rest of the tables. */
+ }
+
+ minimask_combine(&mask, &target->match.mask, &table->mask, storage);
HMAP_FOR_EACH (head, hmap_node, &table->rules) {
struct cls_rule *rule;
FOR_EACH_RULE_IN_LIST (rule, head) {
+ if (rule->priority < target->priority) {
+ break; /* Rules in descending priority order. */
+ }
if (rule->priority == target->priority
- && flow_equal_except(&target->flow, &rule->flow, &wc)) {
+ && miniflow_equal_in_minimask(&target->match.flow,
+ &rule->match.flow, &mask)) {
return true;
}
}
return false;
}
+
+/* Returns true if 'rule' exactly matches 'criteria' or if 'rule' is more
+ * specific than 'criteria'. That is, 'rule' matches 'criteria' and this
+ * function returns true if, for every field:
+ *
+ * - 'criteria' and 'rule' specify the same (non-wildcarded) value for the
+ * field, or
+ *
+ * - 'criteria' wildcards the field,
+ *
+ * Conversely, 'rule' does not match 'criteria' and this function returns false
+ * if, for at least one field:
+ *
+ * - 'criteria' and 'rule' specify different values for the field, or
+ *
+ * - 'criteria' specifies a value for the field but 'rule' wildcards it.
+ *
+ * Equivalently, the truth table for whether a field matches is:
+ *
+ * rule
+ *
+ * c wildcard exact
+ * r +---------+---------+
+ * i wild | yes | yes |
+ * t card | | |
+ * e +---------+---------+
+ * r exact | no |if values|
+ * i | |are equal|
+ * a +---------+---------+
+ *
+ * This is the matching rule used by OpenFlow 1.0 non-strict OFPT_FLOW_MOD
+ * commands and by OpenFlow 1.0 aggregate and flow stats.
+ *
+ * Ignores rule->priority. */
+bool
+cls_rule_is_loose_match(const struct cls_rule *rule,
+ const struct minimatch *criteria)
+{
+ return (!minimask_has_extra(&rule->match.mask, &criteria->mask)
+ && miniflow_equal_in_minimask(&rule->match.flow, &criteria->flow,
+ &criteria->mask));
+}
\f
/* Iteration. */
rule_matches(const struct cls_rule *rule, const struct cls_rule *target)
{
return (!target
- || flow_equal_except(&rule->flow, &target->flow, &target->wc));
+ || miniflow_equal_in_minimask(&rule->match.flow,
+ &target->match.flow,
+ &target->match.mask));
}
static struct cls_rule *
search_table(const struct cls_table *table, const struct cls_rule *target)
{
- if (!target || !flow_wildcards_has_extra(&table->wc, &target->wc)) {
+ if (!target || !minimask_has_extra(&table->mask, &target->match.mask)) {
struct cls_rule *rule;
HMAP_FOR_EACH (rule, hmap_node, &table->rules) {
return NULL;
}
-/* Initializes 'cursor' for iterating through 'cls' rules that exactly match
- * 'target' or are more specific than 'target'. That is, a given 'rule'
- * matches 'target' if, for every field:
- *
- * - 'target' and 'rule' specify the same (non-wildcarded) value for the
- * field, or
- *
- * - 'target' wildcards the field,
- *
- * but not if:
- *
- * - 'target' and 'rule' specify different values for the field, or
- *
- * - 'target' specifies a value for the field but 'rule' wildcards it.
- *
- * Equivalently, the truth table for whether a field matches is:
+/* Initializes 'cursor' for iterating through rules in 'cls':
*
- * rule
- *
- * wildcard exact
- * +---------+---------+
- * t wild | yes | yes |
- * a card | | |
- * r +---------+---------+
- * g exact | no |if values|
- * e | |are equal|
- * t +---------+---------+
- *
- * This is the matching rule used by OpenFlow 1.0 non-strict OFPT_FLOW_MOD
- * commands and by OpenFlow 1.0 aggregate and flow stats.
+ * - If 'target' is null, the cursor will visit every rule in 'cls'.
*
- * Ignores target->priority.
+ * - If 'target' is nonnull, the cursor will visit each 'rule' in 'cls'
+ * such that cls_rule_is_loose_match(rule, target) returns true.
*
- * 'target' may be NULL to iterate over every rule in 'cls'. */
+ * Ignores target->priority. */
void
cls_cursor_init(struct cls_cursor *cursor, const struct classifier *cls,
const struct cls_rule *target)
{
cursor->cls = cls;
- cursor->target = target;
+ cursor->target = target && !cls_rule_is_catchall(target) ? target : NULL;
}
/* Returns the first matching cls_rule in 'cursor''s iteration, or a null
{
struct cls_table *table;
- for (table = classifier_first_table(cursor->cls); table;
- table = classifier_next_table(cursor->cls, table)) {
+ HMAP_FOR_EACH (table, hmap_node, &cursor->cls->tables) {
struct cls_rule *rule = search_table(table, cursor->target);
if (rule) {
cursor->table = table;
}
}
- for (table = classifier_next_table(cursor->cls, cursor->table); table;
- table = classifier_next_table(cursor->cls, table)) {
+ table = cursor->table;
+ HMAP_FOR_EACH_CONTINUE (table, hmap_node, &cursor->cls->tables) {
rule = search_table(table, cursor->target);
if (rule) {
cursor->table = table;
}
\f
static struct cls_table *
-find_table(const struct classifier *cls, const struct flow_wildcards *wc)
+find_table(const struct classifier *cls, const struct minimask *mask)
{
struct cls_table *table;
- HMAP_FOR_EACH_IN_BUCKET (table, hmap_node, flow_wildcards_hash(wc),
+ HMAP_FOR_EACH_IN_BUCKET (table, hmap_node, minimask_hash(mask, 0),
&cls->tables) {
- if (flow_wildcards_equal(wc, &table->wc)) {
+ if (minimask_equal(mask, &table->mask)) {
return table;
}
}
}
static struct cls_table *
-insert_table(struct classifier *cls, const struct flow_wildcards *wc)
+insert_table(struct classifier *cls, const struct minimask *mask)
{
struct cls_table *table;
table = xzalloc(sizeof *table);
hmap_init(&table->rules);
- table->wc = *wc;
- hmap_insert(&cls->tables, &table->hmap_node, flow_wildcards_hash(wc));
+ minimask_clone(&table->mask, mask);
+ hmap_insert(&cls->tables, &table->hmap_node, minimask_hash(mask, 0));
+ list_push_back(&cls->tables_priority, &table->list_node);
return table;
}
-static struct cls_table *
-classifier_first_table(const struct classifier *cls)
+static void
+destroy_table(struct classifier *cls, struct cls_table *table)
{
- return cls_table_from_hmap_node(hmap_first(&cls->tables));
+ minimask_destroy(&table->mask);
+ hmap_remove(&cls->tables, &table->hmap_node);
+ hmap_destroy(&table->rules);
+ list_remove(&table->list_node);
+ free(table);
}
-static struct cls_table *
-classifier_next_table(const struct classifier *cls,
- const struct cls_table *table)
-{
- return cls_table_from_hmap_node(hmap_next(&cls->tables,
- &table->hmap_node));
+/* This function performs the following updates for 'table' in 'cls' following
+ * the addition of a new rule with priority 'new_priority' to 'table':
+ *
+ * - Update 'table->max_priority' and 'table->max_count' if necessary.
+ *
+ * - Update 'table''s position in 'cls->tables_priority' if necessary.
+ *
+ * This function should only be called after adding a new rule, not after
+ * replacing a rule by an identical one or modifying a rule in-place. */
+static void
+update_tables_after_insertion(struct classifier *cls, struct cls_table *table,
+ unsigned int new_priority)
+{
+ if (new_priority == table->max_priority) {
+ ++table->max_count;
+ } else if (new_priority > table->max_priority) {
+ struct cls_table *iter;
+
+ table->max_priority = new_priority;
+ table->max_count = 1;
+
+ /* Possibly move 'table' earlier in the priority list. If we break out
+ * of the loop, then 'table' should be moved just after that 'iter'.
+ * If the loop terminates normally, then 'iter' will be the list head
+ * and we'll move table just after that (e.g. to the front of the
+ * list). */
+ iter = table;
+ LIST_FOR_EACH_REVERSE_CONTINUE (iter, list_node,
+ &cls->tables_priority) {
+ if (iter->max_priority >= table->max_priority) {
+ break;
+ }
+ }
+
+ /* Move 'table' just after 'iter' (unless it's already there). */
+ if (iter->list_node.next != &table->list_node) {
+ list_splice(iter->list_node.next,
+ &table->list_node, table->list_node.next);
+ }
+ }
}
+/* This function performs the following updates for 'table' in 'cls' following
+ * the deletion of a rule with priority 'del_priority' from 'table':
+ *
+ * - Update 'table->max_priority' and 'table->max_count' if necessary.
+ *
+ * - Update 'table''s position in 'cls->tables_priority' if necessary.
+ *
+ * This function should only be called after removing a rule, not after
+ * replacing a rule by an identical one or modifying a rule in-place. */
static void
-destroy_table(struct classifier *cls, struct cls_table *table)
+update_tables_after_removal(struct classifier *cls, struct cls_table *table,
+ unsigned int del_priority)
{
- hmap_remove(&cls->tables, &table->hmap_node);
- hmap_destroy(&table->rules);
- free(table);
+ struct cls_table *iter;
+
+ if (del_priority == table->max_priority && --table->max_count == 0) {
+ struct cls_rule *head;
+
+ table->max_priority = 0;
+ HMAP_FOR_EACH (head, hmap_node, &table->rules) {
+ if (head->priority > table->max_priority) {
+ table->max_priority = head->priority;
+ table->max_count = 1;
+ } else if (head->priority == table->max_priority) {
+ ++table->max_count;
+ }
+ }
+
+ /* Possibly move 'table' later in the priority list. If we break out
+ * of the loop, then 'table' should be moved just before that 'iter'.
+ * If the loop terminates normally, then 'iter' will be the list head
+ * and we'll move table just before that (e.g. to the back of the
+ * list). */
+ iter = table;
+ LIST_FOR_EACH_CONTINUE (iter, list_node, &cls->tables_priority) {
+ if (iter->max_priority <= table->max_priority) {
+ break;
+ }
+ }
+
+ /* Move 'table' just before 'iter' (unless it's already there). */
+ if (iter->list_node.prev != &table->list_node) {
+ list_splice(&iter->list_node,
+ &table->list_node, table->list_node.next);
+ }
+ }
}
static struct cls_rule *
find_match(const struct cls_table *table, const struct flow *flow)
{
+ uint32_t hash = flow_hash_in_minimask(flow, &table->mask, 0);
struct cls_rule *rule;
- struct flow f;
- f = *flow;
- zero_wildcards(&f, &table->wc);
- HMAP_FOR_EACH_WITH_HASH (rule, hmap_node, flow_hash(&f, 0),
- &table->rules) {
- if (flow_equal(&f, &rule->flow)) {
+ HMAP_FOR_EACH_WITH_HASH (rule, hmap_node, hash, &table->rules) {
+ if (miniflow_equal_flow_in_minimask(&rule->match.flow, flow,
+ &table->mask)) {
return rule;
}
}
+
return NULL;
}
static struct cls_rule *
-find_equal(struct cls_table *table, const struct flow *flow, uint32_t hash)
+find_equal(struct cls_table *table, const struct miniflow *flow, uint32_t hash)
{
struct cls_rule *head;
HMAP_FOR_EACH_WITH_HASH (head, hmap_node, hash, &table->rules) {
- if (flow_equal(&head->flow, flow)) {
+ if (miniflow_equal(&head->match.flow, flow)) {
return head;
}
}
}
static struct cls_rule *
-insert_rule(struct cls_table *table, struct cls_rule *new)
+insert_rule(struct classifier *cls,
+ struct cls_table *table, struct cls_rule *new)
{
struct cls_rule *head;
+ struct cls_rule *old = NULL;
- new->hmap_node.hash = flow_hash(&new->flow, 0);
+ new->hmap_node.hash = miniflow_hash_in_minimask(&new->match.flow,
+ &new->match.mask, 0);
- head = find_equal(table, &new->flow, new->hmap_node.hash);
+ head = find_equal(table, &new->match.flow, new->hmap_node.hash);
if (!head) {
hmap_insert(&table->rules, &new->hmap_node, new->hmap_node.hash);
list_init(&new->list);
- return NULL;
+ goto out;
} else {
/* Scan the list for the insertion point that will keep the list in
* order of decreasing priority. */
if (new->priority == rule->priority) {
list_replace(&new->list, &rule->list);
- return rule;
+ old = rule;
+ goto out;
} else {
list_insert(&rule->list, &new->list);
- return NULL;
+ goto out;
}
}
}
/* Insert 'new' at the end of the list. */
list_push_back(&head->list, &new->list);
- return NULL;
}
+
+ out:
+ if (!old) {
+ update_tables_after_insertion(cls, table, new->priority);
+ }
+ return old;
}
static struct cls_rule *
struct cls_rule *next = next_rule_in_list__(rule);
return next->priority < rule->priority ? next : NULL;
}
-
-static bool
-flow_equal_except(const struct flow *a, const struct flow *b,
- const struct flow_wildcards *wildcards)
-{
- const flow_wildcards_t wc = wildcards->wildcards;
- int i;
-
- BUILD_ASSERT_DECL(FLOW_SIG_SIZE == 40 + FLOW_N_REGS * 4);
-
- for (i = 0; i < FLOW_N_REGS; i++) {
- if ((a->regs[i] ^ b->regs[i]) & wildcards->reg_masks[i]) {
- return false;
- }
- }
-
- return ((wc & FWW_TUN_ID || a->tun_id == b->tun_id)
- && !((a->nw_src ^ b->nw_src) & wildcards->nw_src_mask)
- && !((a->nw_dst ^ b->nw_dst) & wildcards->nw_dst_mask)
- && (wc & FWW_IN_PORT || a->in_port == b->in_port)
- && !((a->vlan_tci ^ b->vlan_tci) & wildcards->vlan_tci_mask)
- && (wc & FWW_DL_TYPE || a->dl_type == b->dl_type)
- && (wc & FWW_TP_SRC || a->tp_src == b->tp_src)
- && (wc & FWW_TP_DST || a->tp_dst == b->tp_dst)
- && (wc & FWW_DL_SRC || eth_addr_equals(a->dl_src, b->dl_src))
- && (wc & FWW_DL_DST
- || (!((a->dl_dst[0] ^ b->dl_dst[0]) & 0xfe)
- && a->dl_dst[1] == b->dl_dst[1]
- && a->dl_dst[2] == b->dl_dst[2]
- && a->dl_dst[3] == b->dl_dst[3]
- && a->dl_dst[4] == b->dl_dst[4]
- && a->dl_dst[5] == b->dl_dst[5]))
- && (wc & FWW_ETH_MCAST
- || !((a->dl_dst[0] ^ b->dl_dst[0]) & 0x01))
- && (wc & FWW_NW_PROTO || a->nw_proto == b->nw_proto)
- && (wc & FWW_NW_TOS || a->nw_tos == b->nw_tos));
-}
-
-static void
-zero_wildcards(struct flow *flow, const struct flow_wildcards *wildcards)
-{
- const flow_wildcards_t wc = wildcards->wildcards;
- int i;
-
- BUILD_ASSERT_DECL(FLOW_SIG_SIZE == 40 + 4 * FLOW_N_REGS);
-
- for (i = 0; i < FLOW_N_REGS; i++) {
- flow->regs[i] &= wildcards->reg_masks[i];
- }
- if (wc & FWW_TUN_ID) {
- flow->tun_id = 0;
- }
- flow->nw_src &= wildcards->nw_src_mask;
- flow->nw_dst &= wildcards->nw_dst_mask;
- if (wc & FWW_IN_PORT) {
- flow->in_port = 0;
- }
- flow->vlan_tci &= wildcards->vlan_tci_mask;
- if (wc & FWW_DL_TYPE) {
- flow->dl_type = 0;
- }
- if (wc & FWW_TP_SRC) {
- flow->tp_src = 0;
- }
- if (wc & FWW_TP_DST) {
- flow->tp_dst = 0;
- }
- if (wc & FWW_DL_SRC) {
- memset(flow->dl_src, 0, sizeof flow->dl_src);
- }
- if (wc & FWW_DL_DST) {
- flow->dl_dst[0] &= 0x01;
- memset(&flow->dl_dst[1], 0, 5);
- }
- if (wc & FWW_ETH_MCAST) {
- flow->dl_dst[0] &= 0xfe;
- }
- if (wc & FWW_NW_PROTO) {
- flow->nw_proto = 0;
- }
- if (wc & FWW_NW_TOS) {
- flow->nw_tos = 0;
- }
-}