/*
- * Copyright (c) 2009 Nicira Networks.
+ * Copyright (c) 2009, 2010 Nicira Networks.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <errno.h>
#include <fcntl.h>
#include <inttypes.h>
-#include <net/if.h>
-#include <linux/rtnetlink.h>
-#include <linux/ethtool.h>
-#include <linux/sockios.h>
#include <netinet/in.h>
+#include <sys/socket.h>
+#include <net/if.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
-#include <sys/sysmacros.h>
#include <unistd.h>
#include "csum.h"
#include "queue.h"
#include "timeval.h"
#include "util.h"
-
#include "vlog.h"
-#define THIS_MODULE VLM_dpif_netdev
+
+VLOG_DEFINE_THIS_MODULE(dpif_netdev)
/* Configuration parameters. */
enum { N_QUEUES = 2 }; /* Number of queues for dpif_recv(). */
enum { MAX_QUEUE_LEN = 100 }; /* Maximum number of packets per queue. */
-enum { N_GROUPS = 16 }; /* Number of port groups. */
enum { MAX_PORTS = 256 }; /* Maximum number of ports. */
enum { MAX_FLOWS = 65536 }; /* Maximum number of flows in flow table. */
struct list node;
int dp_idx;
int open_cnt;
- bool deleted;
+ bool destroyed;
bool drop_frags; /* Drop all IP fragments, if true. */
struct ovs_queue queues[N_QUEUES]; /* Messages queued for dpif_recv(). */
struct hmap flow_table; /* Flow table. */
- struct odp_port_group groups[N_GROUPS];
/* Statistics. */
long long int n_frags; /* Number of dropped IP fragments. */
flow_t key;
/* Statistics. */
- struct timeval used; /* Last used time, in milliseconds. */
- long long int packet_count; /* Number of packets matched. */
- long long int byte_count; /* Number of bytes matched. */
- uint8_t ip_tos; /* IP TOS value. */
- uint16_t tcp_ctl; /* Bitwise-OR of seen tcp_ctl values. */
+ struct timespec used; /* Last used time. */
+ long long int packet_count; /* Number of packets matched. */
+ long long int byte_count; /* Number of bytes matched. */
+ uint16_t tcp_ctl; /* Bitwise-OR of seen tcp_ctl values. */
/* Actions. */
union odp_action *actions;
static int dp_netdev_output_control(struct dp_netdev *, const struct ofpbuf *,
int queue_no, int port_no, uint32_t arg);
static int dp_netdev_execute_actions(struct dp_netdev *,
- struct ofpbuf *, flow_t *,
+ struct ofpbuf *, const flow_t *,
const union odp_action *, int n);
static struct dpif_netdev *
static int
name_to_dp_idx(const char *name)
{
- if (!strncmp(name, "dp", 2) && isdigit(name[2])) {
+ if (!strncmp(name, "dp", 2) && isdigit((unsigned char)name[2])) {
int dp_idx = atoi(name + 2);
if (dp_idx >= 0 && dp_idx < N_DP_NETDEVS) {
return dp_idx;
dp->open_cnt++;
- dpname = xasprintf("netdev:dp%d", dp->dp_idx);
+ dpname = xasprintf("dp%d", dp->dp_idx);
dpif = xmalloc(sizeof *dpif);
dpif_init(&dpif->dpif, &dpif_netdev_class, dpname, dp->dp_idx, dp->dp_idx);
dpif->dp = dp;
}
/* Create datapath. */
- dp_netdevs[dp_idx] = dp = xcalloc(1, sizeof *dp);
+ dp_netdevs[dp_idx] = dp = xzalloc(sizeof *dp);
list_push_back(&dp_netdev_list, &dp->node);
dp->dp_idx = dp_idx;
dp->open_cnt = 0;
queue_init(&dp->queues[i]);
}
hmap_init(&dp->flow_table);
- for (i = 0; i < N_GROUPS; i++) {
- dp->groups[i].ports = NULL;
- dp->groups[i].n_ports = 0;
- dp->groups[i].group = i;
- }
list_init(&dp->port_list);
error = do_add_port(dp, name, ODP_PORT_INTERNAL, ODPP_LOCAL);
if (error) {
dp_netdev_free(dp);
- return error;
+ return ENODEV;
}
*dpifp = create_dpif_netdev(dp);
}
static int
-dpif_netdev_open(const char *name UNUSED, char *suffix, bool create,
+dpif_netdev_open(const char *name, const char *type OVS_UNUSED, bool create,
struct dpif **dpifp)
{
if (create) {
- if (find_dp_netdev(suffix)) {
+ if (find_dp_netdev(name)) {
return EEXIST;
} else {
- int dp_idx = name_to_dp_idx(suffix);
+ int dp_idx = name_to_dp_idx(name);
if (dp_idx >= 0) {
- return create_dp_netdev(suffix, dp_idx, dpifp);
+ return create_dp_netdev(name, dp_idx, dpifp);
} else {
/* Scan for unused dp_idx number. */
for (dp_idx = 0; dp_idx < N_DP_NETDEVS; dp_idx++) {
- int error = create_dp_netdev(suffix, dp_idx, dpifp);
+ int error = create_dp_netdev(name, dp_idx, dpifp);
if (error != EBUSY) {
return error;
}
}
}
} else {
- struct dp_netdev *dp = find_dp_netdev(suffix);
+ struct dp_netdev *dp = find_dp_netdev(name);
if (dp) {
*dpifp = create_dpif_netdev(dp);
return 0;
queue_destroy(&dp->queues[i]);
}
hmap_destroy(&dp->flow_table);
- for (i = 0; i < N_GROUPS; i++) {
- free(dp->groups[i].ports);
- }
dp_netdevs[dp->dp_idx] = NULL;
list_remove(&dp->node);
free(dp);
{
struct dp_netdev *dp = get_dp_netdev(dpif);
assert(dp->open_cnt > 0);
- if (--dp->open_cnt == 0 && dp->deleted) {
+ if (--dp->open_cnt == 0 && dp->destroyed) {
dp_netdev_free(dp);
}
free(dpif);
}
static int
-dpif_netdev_delete(struct dpif *dpif)
+dpif_netdev_destroy(struct dpif *dpif)
{
struct dp_netdev *dp = get_dp_netdev(dpif);
- dp->deleted = true;
+ dp->destroyed = true;
return 0;
}
stats->max_capacity = MAX_FLOWS;
stats->n_ports = dp->n_ports;
stats->max_ports = MAX_PORTS;
- stats->max_groups = N_GROUPS;
stats->n_frags = dp->n_frags;
stats->n_hit = dp->n_hit;
stats->n_missed = dp->n_missed;
{
bool internal = (flags & ODP_PORT_INTERNAL) != 0;
struct dp_netdev_port *port;
+ struct netdev_options netdev_options;
struct netdev *netdev;
int mtu;
int error;
/* XXX reject devices already in some dp_netdev. */
/* Open and validate network device. */
- if (!internal) {
- error = netdev_open(devname, NETDEV_ETH_TYPE_ANY, &netdev);
- } else {
- error = netdev_open_tap(devname, &netdev);
+ memset(&netdev_options, 0, sizeof netdev_options);
+ netdev_options.name = devname;
+ netdev_options.ethertype = NETDEV_ETH_TYPE_ANY;
+ if (internal) {
+ netdev_options.type = "tap";
}
+
+ error = netdev_open(&netdev_options, &netdev);
if (error) {
return error;
}
port->netdev = netdev;
port->internal = internal;
- mtu = netdev_get_mtu(netdev);
+ netdev_get_mtu(netdev, &mtu);
if (mtu > max_mtu) {
max_mtu = mtu;
}
return do_add_port(dp, devname, flags, port_no);
}
}
- return EXFULL;
+ return EFBIG;
}
static int
{
struct dp_netdev_port *port;
- LIST_FOR_EACH (port, struct dp_netdev_port, node, &dp->port_list) {
+ LIST_FOR_EACH (port, node, &dp->port_list) {
if (!strcmp(netdev_get_name(port->netdev), devname)) {
*portp = port;
return 0;
do_del_port(struct dp_netdev *dp, uint16_t port_no)
{
struct dp_netdev_port *port;
+ char *name;
int error;
error = get_port_by_number(dp, port_no, &port);
dp->n_ports--;
dp->serial++;
+ name = xstrdup(netdev_get_name(port->netdev));
netdev_close(port->netdev);
+
+ free(name);
free(port);
return 0;
{
struct dp_netdev_flow *flow, *next;
- HMAP_FOR_EACH_SAFE (flow, next, struct dp_netdev_flow, node,
- &dp->flow_table) {
+ HMAP_FOR_EACH_SAFE (flow, next, node, &dp->flow_table) {
dp_netdev_free_flow(dp, flow);
}
}
int i;
i = 0;
- LIST_FOR_EACH (port, struct dp_netdev_port, node, &dp->port_list) {
+ LIST_FOR_EACH (port, node, &dp->port_list) {
struct odp_port *odp_port = &ports[i];
if (i >= n) {
break;
}
static int
-dpif_netdev_port_poll(const struct dpif *dpif_, char **devnamep UNUSED)
+dpif_netdev_port_poll(const struct dpif *dpif_, char **devnamep OVS_UNUSED)
{
struct dpif_netdev *dpif = dpif_netdev_cast(dpif_);
if (dpif->dp_serial != dpif->dp->serial) {
}
}
-static int
-get_port_group(const struct dpif *dpif, int group_no,
- struct odp_port_group **groupp)
-{
- struct dp_netdev *dp = get_dp_netdev(dpif);
-
- if (group_no >= 0 && group_no < N_GROUPS) {
- *groupp = &dp->groups[group_no];
- return 0;
- } else {
- *groupp = NULL;
- return EINVAL;
- }
-}
-
-static int
-dpif_netdev_port_group_get(const struct dpif *dpif, int group_no,
- uint16_t ports[], int n)
-{
- struct odp_port_group *group;
- int error;
-
- if (n < 0) {
- return -EINVAL;
- }
-
- error = get_port_group(dpif, group_no, &group);
- if (!error) {
- memcpy(ports, group->ports, MIN(n, group->n_ports) * sizeof *ports);
- return group->n_ports;
- } else {
- return -error;
- }
-}
-
-static int
-dpif_netdev_port_group_set(struct dpif *dpif, int group_no,
- const uint16_t ports[], int n)
-{
- struct odp_port_group *group;
- int error;
-
- if (n < 0 || n > MAX_PORTS) {
- return EINVAL;
- }
-
- error = get_port_group(dpif, group_no, &group);
- if (!error) {
- free(group->ports);
- group->ports = xmemdup(ports, n * sizeof *group->ports);
- group->n_ports = n;
- group->group = group_no;
- }
- return error;
-}
-
static struct dp_netdev_flow *
dp_netdev_lookup_flow(const struct dp_netdev *dp, const flow_t *key)
{
struct dp_netdev_flow *flow;
- assert(key->reserved == 0);
- HMAP_FOR_EACH_WITH_HASH (flow, struct dp_netdev_flow, node,
- flow_hash(key, 0), &dp->flow_table) {
+ assert(!key->reserved[0] && !key->reserved[1] && !key->reserved[2]);
+ HMAP_FOR_EACH_WITH_HASH (flow, node, flow_hash(key, 0), &dp->flow_table) {
if (flow_equal(&flow->key, key)) {
return flow;
}
}
static void
-answer_flow_query(const struct dp_netdev_flow *flow,
+answer_flow_query(struct dp_netdev_flow *flow, uint32_t query_flags,
struct odp_flow *odp_flow)
{
if (flow) {
odp_flow->stats.n_packets = flow->packet_count;
odp_flow->stats.n_bytes = flow->byte_count;
odp_flow->stats.used_sec = flow->used.tv_sec;
- odp_flow->stats.used_nsec = flow->used.tv_usec * 1000;
+ odp_flow->stats.used_nsec = flow->used.tv_nsec;
odp_flow->stats.tcp_flags = TCP_FLAGS(flow->tcp_ctl);
- odp_flow->stats.ip_tos = flow->ip_tos;
+ odp_flow->stats.reserved = 0;
odp_flow->stats.error = 0;
if (odp_flow->n_actions > 0) {
unsigned int n = MIN(odp_flow->n_actions, flow->n_actions);
n * sizeof *odp_flow->actions);
odp_flow->n_actions = flow->n_actions;
}
+
+ if (query_flags & ODPFF_ZERO_TCP_FLAGS) {
+ flow->tcp_ctl = 0;
+ }
+
} else {
odp_flow->stats.error = ENOENT;
}
for (i = 0; i < n; i++) {
struct odp_flow *odp_flow = &flows[i];
- answer_flow_query(dp_netdev_lookup_flow(dp, &odp_flow->key), odp_flow);
+ answer_flow_query(dp_netdev_lookup_flow(dp, &odp_flow->key),
+ odp_flow->flags, odp_flow);
}
return 0;
}
dpif_netdev_validate_actions(const union odp_action *actions, int n_actions,
bool *mutates)
{
- unsigned int i;
+ unsigned int i;
*mutates = false;
- for (i = 0; i < n_actions; i++) {
- const union odp_action *a = &actions[i];
- switch (a->type) {
- case ODPAT_OUTPUT:
- if (a->output.port >= MAX_PORTS) {
- return EINVAL;
+ for (i = 0; i < n_actions; i++) {
+ const union odp_action *a = &actions[i];
+ switch (a->type) {
+ case ODPAT_OUTPUT:
+ if (a->output.port >= MAX_PORTS) {
+ return EINVAL;
}
- break;
+ break;
+
+ case ODPAT_CONTROLLER:
+ break;
- case ODPAT_OUTPUT_GROUP:
+ case ODPAT_SET_VLAN_VID:
*mutates = true;
- if (a->output_group.group >= N_GROUPS) {
- return EINVAL;
+ if (a->vlan_vid.vlan_vid & htons(~VLAN_VID_MASK)) {
+ return EINVAL;
}
- break;
-
- case ODPAT_CONTROLLER:
break;
- case ODPAT_SET_VLAN_VID:
+ case ODPAT_SET_VLAN_PCP:
*mutates = true;
- if (a->vlan_vid.vlan_vid & htons(~VLAN_VID_MASK)) {
- return EINVAL;
+ if (a->vlan_pcp.vlan_pcp & ~(VLAN_PCP_MASK >> VLAN_PCP_SHIFT)) {
+ return EINVAL;
}
- break;
+ break;
- case ODPAT_SET_VLAN_PCP:
+ case ODPAT_SET_NW_TOS:
*mutates = true;
- if (a->vlan_pcp.vlan_pcp & ~VLAN_PCP_MASK) {
- return EINVAL;
+ if (a->nw_tos.nw_tos & IP_ECN_MASK) {
+ return EINVAL;
}
- break;
+ break;
case ODPAT_STRIP_VLAN:
case ODPAT_SET_DL_SRC:
*mutates = true;
break;
- default:
+ default:
return EOPNOTSUPP;
- }
- }
- return 0;
+ }
+ }
+ return 0;
}
static int
struct dp_netdev_flow *flow;
int error;
- flow = xcalloc(1, sizeof *flow);
+ flow = xzalloc(sizeof *flow);
flow->key = odp_flow->key;
- flow->key.reserved = 0;
+ memset(flow->key.reserved, 0, sizeof flow->key.reserved);
error = set_flow_actions(flow, odp_flow);
if (error) {
clear_stats(struct dp_netdev_flow *flow)
{
flow->used.tv_sec = 0;
- flow->used.tv_usec = 0;
+ flow->used.tv_nsec = 0;
flow->packet_count = 0;
flow->byte_count = 0;
- flow->ip_tos = 0;
flow->tcp_ctl = 0;
}
if (hmap_count(&dp->flow_table) < MAX_FLOWS) {
return add_flow(dpif, &put->flow);
} else {
- return EXFULL;
+ return EFBIG;
}
} else {
return ENOENT;
flow = dp_netdev_lookup_flow(dp, &odp_flow->key);
if (flow) {
- answer_flow_query(flow, odp_flow);
+ answer_flow_query(flow, 0, odp_flow);
dp_netdev_free_flow(dp, flow);
return 0;
} else {
int i;
i = 0;
- HMAP_FOR_EACH (flow, struct dp_netdev_flow, node, &dp->flow_table) {
+ HMAP_FOR_EACH (flow, node, &dp->flow_table) {
if (i >= n) {
break;
}
- answer_flow_query(flow, &flows[i++]);
+ answer_flow_query(flow, 0, &flows[i++]);
}
return hmap_count(&dp->flow_table);
}
static int
-dpif_netdev_execute(struct dpif *dpif, uint16_t in_port,
+dpif_netdev_execute(struct dpif *dpif,
const union odp_action actions[], int n_actions,
const struct ofpbuf *packet)
{
flow_t flow;
int error;
- if (packet->size < ETH_HLEN || packet->size > UINT16_MAX) {
+ if (packet->size < ETH_HEADER_LEN || packet->size > UINT16_MAX) {
return EINVAL;
}
* if we don't. */
copy = *packet;
}
- flow_extract(©, in_port, &flow);
+ flow_extract(©, 0, -1, &flow);
error = dp_netdev_execute_actions(dp, ©, &flow, actions, n_actions);
if (mutates) {
ofpbuf_uninit(©);
dp_netdev_flow_used(struct dp_netdev_flow *flow, const flow_t *key,
const struct ofpbuf *packet)
{
- time_timeval(&flow->used);
+ time_timespec(&flow->used);
flow->packet_count++;
flow->byte_count += packet->size;
- if (key->dl_type == htons(ETH_P_IP)) {
- struct ip_header *nh = packet->l3;
- flow->ip_tos = nh->ip_tos;
-
- if (key->nw_proto == IPPROTO_TCP) {
- struct tcp_header *th = packet->l4;
- flow->tcp_ctl |= th->tcp_ctl;
- }
+ if (key->dl_type == htons(ETH_TYPE_IP) && key->nw_proto == IPPROTO_TCP) {
+ struct tcp_header *th = packet->l4;
+ flow->tcp_ctl |= th->tcp_ctl;
}
}
struct dp_netdev_flow *flow;
flow_t key;
- if (flow_extract(packet, port->port_no, &key) && dp->drop_frags) {
+ if (packet->size < ETH_HEADER_LEN) {
+ return;
+ }
+ if (flow_extract(packet, 0, port->port_no, &key) && dp->drop_frags) {
dp->n_frags++;
return;
}
struct dp_netdev *dp;
ofpbuf_init(&packet, DP_NETDEV_HEADROOM + max_mtu);
- LIST_FOR_EACH (dp, struct dp_netdev, node, &dp_netdev_list) {
+ LIST_FOR_EACH (dp, node, &dp_netdev_list) {
struct dp_netdev_port *port;
- LIST_FOR_EACH (port, struct dp_netdev_port, node, &dp->port_list) {
+ LIST_FOR_EACH (port, node, &dp->port_list) {
int error;
/* Reset packet contents. */
{
struct dp_netdev *dp;
- LIST_FOR_EACH (dp, struct dp_netdev, node, &dp_netdev_list) {
+ LIST_FOR_EACH (dp, node, &dp_netdev_list) {
struct dp_netdev_port *port;
- LIST_FOR_EACH (port, struct dp_netdev_port, node, &dp->port_list) {
+ LIST_FOR_EACH (port, node, &dp->port_list) {
netdev_recv_wait(port->netdev);
}
}
}
+
+/* Modify the TCI field of 'packet'. If a VLAN tag is not present, one
+ * is added with the TCI field set to 'tci'. If a VLAN tag is present,
+ * then 'mask' bits are cleared before 'tci' is logically OR'd into the
+ * TCI field.
+ *
+ * Note that the function does not ensure that 'tci' does not affect
+ * bits outside of 'mask'.
+ */
static void
-dp_netdev_modify_vlan_tci(struct ofpbuf *packet, flow_t *key,
- uint16_t tci, uint16_t mask)
+dp_netdev_modify_vlan_tci(struct ofpbuf *packet, uint16_t tci, uint16_t mask)
{
struct vlan_eth_header *veh;
+ struct eth_header *eh;
- if (key->dl_vlan != htons(ODP_VLAN_NONE)) {
- /* Modify 'mask' bits, but maintain other TCI bits. */
+ eh = packet->l2;
+ if (packet->size >= sizeof(struct vlan_eth_header)
+ && eh->eth_type == htons(ETH_TYPE_VLAN)) {
+ /* Clear 'mask' bits, but maintain other TCI bits. */
veh = packet->l2;
veh->veth_tci &= ~htons(mask);
veh->veth_tci |= htons(tci);
} else {
/* Insert new 802.1Q header. */
- struct eth_header *eh = packet->l2;
struct vlan_eth_header tmp;
memcpy(tmp.veth_dst, eh->eth_dst, ETH_ADDR_LEN);
memcpy(tmp.veth_src, eh->eth_src, ETH_ADDR_LEN);
memcpy(veh, &tmp, sizeof tmp);
packet->l2 = (char*)packet->l2 - VLAN_HEADER_LEN;
}
-
- key->dl_vlan = veh->veth_tci & htons(VLAN_VID_MASK);
}
static void
-dp_netdev_strip_vlan(struct ofpbuf *packet, flow_t *key)
+dp_netdev_strip_vlan(struct ofpbuf *packet)
{
struct vlan_eth_header *veh = packet->l2;
- if (veh->veth_type == htons(ETH_TYPE_VLAN)) {
+ if (packet->size >= sizeof *veh
+ && veh->veth_type == htons(ETH_TYPE_VLAN)) {
struct eth_header tmp;
memcpy(tmp.eth_dst, veh->veth_dst, ETH_ADDR_LEN);
packet->data = (char*)packet->data + VLAN_HEADER_LEN;
packet->l2 = (char*)packet->l2 + VLAN_HEADER_LEN;
memcpy(packet->data, &tmp, sizeof tmp);
-
- key->dl_vlan = htons(ODP_VLAN_NONE);
}
}
static void
-dp_netdev_set_dl_src(struct ofpbuf *packet,
- const uint8_t dl_addr[ETH_ADDR_LEN])
+dp_netdev_set_dl_src(struct ofpbuf *packet, const uint8_t dl_addr[ETH_ADDR_LEN])
{
struct eth_header *eh = packet->l2;
memcpy(eh->eth_src, dl_addr, sizeof eh->eth_src);
}
static void
-dp_netdev_set_dl_dst(struct ofpbuf *packet,
- const uint8_t dl_addr[ETH_ADDR_LEN])
+dp_netdev_set_dl_dst(struct ofpbuf *packet, const uint8_t dl_addr[ETH_ADDR_LEN])
{
struct eth_header *eh = packet->l2;
memcpy(eh->eth_dst, dl_addr, sizeof eh->eth_dst);
}
+static bool
+is_ip(const struct ofpbuf *packet, const flow_t *key)
+{
+ return key->dl_type == htons(ETH_TYPE_IP) && packet->l4;
+}
+
static void
-dp_netdev_set_nw_addr(struct ofpbuf *packet, flow_t *key,
+dp_netdev_set_nw_addr(struct ofpbuf *packet, const flow_t *key,
const struct odp_action_nw_addr *a)
{
- if (key->dl_type == htons(ETH_TYPE_IP)) {
+ if (is_ip(packet, key)) {
struct ip_header *nh = packet->l3;
uint32_t *field;
field = a->type == ODPAT_SET_NW_SRC ? &nh->ip_src : &nh->ip_dst;
- if (key->nw_proto == IP_TYPE_TCP) {
+ if (key->nw_proto == IP_TYPE_TCP && packet->l7) {
struct tcp_header *th = packet->l4;
th->tcp_csum = recalc_csum32(th->tcp_csum, *field, a->nw_addr);
- } else if (key->nw_proto == IP_TYPE_UDP) {
+ } else if (key->nw_proto == IP_TYPE_UDP && packet->l7) {
struct udp_header *uh = packet->l4;
if (uh->udp_csum) {
uh->udp_csum = recalc_csum32(uh->udp_csum, *field, a->nw_addr);
}
static void
-dp_netdev_set_tp_port(struct ofpbuf *packet, flow_t *key,
+dp_netdev_set_nw_tos(struct ofpbuf *packet, const flow_t *key,
+ const struct odp_action_nw_tos *a)
+{
+ if (is_ip(packet, key)) {
+ struct ip_header *nh = packet->l3;
+ uint8_t *field = &nh->ip_tos;
+
+ /* Set the DSCP bits and preserve the ECN bits. */
+ uint8_t new = a->nw_tos | (nh->ip_tos & IP_ECN_MASK);
+
+ nh->ip_csum = recalc_csum16(nh->ip_csum, htons((uint16_t)*field),
+ htons((uint16_t)a->nw_tos));
+ *field = new;
+ }
+}
+
+static void
+dp_netdev_set_tp_port(struct ofpbuf *packet, const flow_t *key,
const struct odp_action_tp_port *a)
{
- if (key->dl_type == htons(ETH_P_IP)) {
+ if (is_ip(packet, key)) {
uint16_t *field;
- if (key->nw_proto == IPPROTO_TCP) {
+ if (key->nw_proto == IPPROTO_TCP && packet->l7) {
struct tcp_header *th = packet->l4;
field = a->type == ODPAT_SET_TP_SRC ? &th->tcp_src : &th->tcp_dst;
th->tcp_csum = recalc_csum16(th->tcp_csum, *field, a->tp_port);
*field = a->tp_port;
- } else if (key->nw_proto == IPPROTO_UDP) {
+ } else if (key->nw_proto == IPPROTO_UDP && packet->l7) {
struct udp_header *uh = packet->l4;
field = a->type == ODPAT_SET_TP_SRC ? &uh->udp_src : &uh->udp_dst;
uh->udp_csum = recalc_csum16(uh->udp_csum, *field, a->tp_port);
*field = a->tp_port;
+ } else {
+ return;
}
}
}
dp_netdev_output_port(struct dp_netdev *dp, struct ofpbuf *packet,
uint16_t out_port)
{
- struct dp_netdev_port *p = dp->ports[out_port];
+ struct dp_netdev_port *p = dp->ports[out_port];
if (p) {
netdev_send(p->netdev, packet);
}
}
-static void
-dp_netdev_output_group(struct dp_netdev *dp, uint16_t group, uint16_t in_port,
- struct ofpbuf *packet)
-{
- struct odp_port_group *g = &dp->groups[group];
- int i;
-
- for (i = 0; i < g->n_ports; i++) {
- uint16_t out_port = g->ports[i];
- if (out_port != in_port) {
- dp_netdev_output_port(dp, packet, out_port);
- }
- }
-}
-
static int
dp_netdev_output_control(struct dp_netdev *dp, const struct ofpbuf *packet,
int queue_no, int port_no, uint32_t arg)
}
msg_size = sizeof *header + packet->size;
- msg = ofpbuf_new(msg_size);
+ msg = ofpbuf_new_with_headroom(msg_size, DPIF_RECV_MSG_PADDING);
header = ofpbuf_put_uninit(msg, sizeof *header);
header->type = queue_no;
header->length = msg_size;
return 0;
}
+/* Returns true if 'packet' is an invalid Ethernet+IPv4 ARP packet: one with
+ * screwy or truncated header fields or one whose inner and outer Ethernet
+ * address differ. */
+static bool
+dp_netdev_is_spoofed_arp(struct ofpbuf *packet, const struct odp_flow_key *key)
+{
+ struct arp_eth_header *arp;
+ struct eth_header *eth;
+ ptrdiff_t l3_size;
+
+ if (key->dl_type != htons(ETH_TYPE_ARP)) {
+ return false;
+ }
+
+ l3_size = (char *) ofpbuf_end(packet) - (char *) packet->l3;
+ if (l3_size < sizeof(struct arp_eth_header)) {
+ return true;
+ }
+
+ eth = packet->l2;
+ arp = packet->l3;
+ return (arp->ar_hrd != htons(ARP_HRD_ETHERNET)
+ || arp->ar_pro != htons(ARP_PRO_IP)
+ || arp->ar_hln != ETH_HEADER_LEN
+ || arp->ar_pln != 4
+ || !eth_addr_equals(arp->ar_sha, eth->eth_src));
+}
+
static int
dp_netdev_execute_actions(struct dp_netdev *dp,
- struct ofpbuf *packet, flow_t *key,
+ struct ofpbuf *packet, const flow_t *key,
const union odp_action *actions, int n_actions)
{
int i;
for (i = 0; i < n_actions; i++) {
const union odp_action *a = &actions[i];
- switch (a->type) {
- case ODPAT_OUTPUT:
+ switch (a->type) {
+ case ODPAT_OUTPUT:
dp_netdev_output_port(dp, packet, a->output.port);
- break;
-
- case ODPAT_OUTPUT_GROUP:
- dp_netdev_output_group(dp, a->output_group.group, key->in_port,
- packet);
- break;
+ break;
- case ODPAT_CONTROLLER:
+ case ODPAT_CONTROLLER:
dp_netdev_output_control(dp, packet, _ODPL_ACTION_NR,
key->in_port, a->controller.arg);
- break;
+ break;
- case ODPAT_SET_VLAN_VID:
- dp_netdev_modify_vlan_tci(packet, key, ntohs(a->vlan_vid.vlan_vid),
+ case ODPAT_SET_VLAN_VID:
+ dp_netdev_modify_vlan_tci(packet, ntohs(a->vlan_vid.vlan_vid),
VLAN_VID_MASK);
break;
- case ODPAT_SET_VLAN_PCP:
- dp_netdev_modify_vlan_tci(packet, key, a->vlan_pcp.vlan_pcp << 13,
+ case ODPAT_SET_VLAN_PCP:
+ dp_netdev_modify_vlan_tci(packet,
+ a->vlan_pcp.vlan_pcp << VLAN_PCP_SHIFT,
VLAN_PCP_MASK);
break;
- case ODPAT_STRIP_VLAN:
- dp_netdev_strip_vlan(packet, key);
- break;
+ case ODPAT_STRIP_VLAN:
+ dp_netdev_strip_vlan(packet);
+ break;
- case ODPAT_SET_DL_SRC:
+ case ODPAT_SET_DL_SRC:
dp_netdev_set_dl_src(packet, a->dl_addr.dl_addr);
- break;
+ break;
- case ODPAT_SET_DL_DST:
+ case ODPAT_SET_DL_DST:
dp_netdev_set_dl_dst(packet, a->dl_addr.dl_addr);
- break;
-
- case ODPAT_SET_NW_SRC:
- case ODPAT_SET_NW_DST:
- dp_netdev_set_nw_addr(packet, key, &a->nw_addr);
- break;
-
- case ODPAT_SET_TP_SRC:
- case ODPAT_SET_TP_DST:
- dp_netdev_set_tp_port(packet, key, &a->tp_port);
- break;
- }
- }
+ break;
+
+ case ODPAT_SET_NW_SRC:
+ case ODPAT_SET_NW_DST:
+ dp_netdev_set_nw_addr(packet, key, &a->nw_addr);
+ break;
+
+ case ODPAT_SET_NW_TOS:
+ dp_netdev_set_nw_tos(packet, key, &a->nw_tos);
+ break;
+
+ case ODPAT_SET_TP_SRC:
+ case ODPAT_SET_TP_DST:
+ dp_netdev_set_tp_port(packet, key, &a->tp_port);
+ break;
+
+ case ODPAT_DROP_SPOOFED_ARP:
+ if (dp_netdev_is_spoofed_arp(packet, key)) {
+ return 0;
+ }
+ }
+ }
return 0;
}
const struct dpif_class dpif_netdev_class = {
- "netdev",
"netdev",
dp_netdev_run,
dp_netdev_wait,
dpif_netdev_open,
dpif_netdev_close,
NULL, /* get_all_names */
- dpif_netdev_delete,
+ dpif_netdev_destroy,
dpif_netdev_get_stats,
dpif_netdev_get_drop_frags,
dpif_netdev_set_drop_frags,
dpif_netdev_port_list,
dpif_netdev_port_poll,
dpif_netdev_port_poll_wait,
- dpif_netdev_port_group_get,
- dpif_netdev_port_group_set,
dpif_netdev_flow_get,
dpif_netdev_flow_put,
dpif_netdev_flow_del,
dpif_netdev_execute,
dpif_netdev_recv_get_mask,
dpif_netdev_recv_set_mask,
+ NULL, /* get_sflow_probability */
+ NULL, /* set_sflow_probability */
+ NULL, /* queue_to_priority */
dpif_netdev_recv,
dpif_netdev_recv_wait,
};