#include "nx-match.h"
+#include <netinet/icmp6.h>
+
#include "classifier.h"
#include "dynamic-string.h"
#include "ofp-util.h"
/* For each NXM_* field, define NFI_NXM_* as consecutive integers starting from
* zero. */
enum nxm_field_index {
-#define DEFINE_FIELD(HEADER, WILDCARD, DL_TYPE, NW_PROTO, WRITABLE) \
+#define DEFINE_FIELD(HEADER, WILDCARD, DL_TYPES, NW_PROTO, WRITABLE) \
NFI_NXM_##HEADER,
#include "nx-match.def"
N_NXM_FIELDS
struct nxm_field {
struct hmap_node hmap_node;
- enum nxm_field_index index; /* NFI_* value. */
- uint32_t header; /* NXM_* value. */
- flow_wildcards_t wildcard; /* FWW_* bit, if exactly one. */
- ovs_be16 dl_type; /* dl_type prerequisite, if nonzero. */
- uint8_t nw_proto; /* nw_proto prerequisite, if nonzero. */
- const char *name; /* "NXM_*" string. */
- bool writable; /* Writable with NXAST_REG_{MOVE,LOAD}? */
+ enum nxm_field_index index; /* NFI_* value. */
+ uint32_t header; /* NXM_* value. */
+ flow_wildcards_t wildcard; /* FWW_* bit, if exactly one. */
+ ovs_be16 dl_type[N_NXM_DL_TYPES]; /* dl_type prerequisites. */
+ uint8_t nw_proto; /* nw_proto prerequisite, if nonzero. */
+ const char *name; /* "NXM_*" string. */
+ bool writable; /* Writable with NXAST_REG_{MOVE,LOAD}? */
};
+
/* All the known fields. */
static struct nxm_field nxm_fields[N_NXM_FIELDS] = {
-#define DEFINE_FIELD(HEADER, WILDCARD, DL_TYPE, NW_PROTO, WRITABLE) \
+#define DEFINE_FIELD(HEADER, WILDCARD, DL_TYPES, NW_PROTO, WRITABLE) \
{ HMAP_NODE_NULL_INITIALIZER, NFI_NXM_##HEADER, NXM_##HEADER, WILDCARD, \
- CONSTANT_HTONS(DL_TYPE), NW_PROTO, "NXM_" #HEADER, WRITABLE },
+ DL_CONVERT DL_TYPES, NW_PROTO, "NXM_" #HEADER, WRITABLE },
+#define DL_CONVERT(T1, T2) { CONSTANT_HTONS(T1), CONSTANT_HTONS(T2) }
#include "nx-match.def"
};
/* Hash table of 'nxm_fields'. */
static struct hmap all_nxm_fields = HMAP_INITIALIZER(&all_nxm_fields);
-/* Possible masks for NXM_OF_ETH_DST_W. */
-static const uint8_t eth_all_0s[ETH_ADDR_LEN]
- = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
-static const uint8_t eth_all_1s[ETH_ADDR_LEN]
- = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
-static const uint8_t eth_mcast_1[ETH_ADDR_LEN]
- = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00};
-static const uint8_t eth_mcast_0[ETH_ADDR_LEN]
- = {0xfe, 0xff, 0xff, 0xff, 0xff, 0xff};
-
static void
nxm_init(void)
{
struct flow_wildcards *wc = &rule->wc;
struct flow *flow = &rule->flow;
+ BUILD_ASSERT_DECL(FLOW_WC_SEQ == 1);
+
switch (f->index) {
/* Metadata. */
case NFI_NXM_OF_IN_PORT:
flow->in_port = ntohs(get_unaligned_be16(value));
- if (flow->in_port == OFPP_LOCAL) {
- flow->in_port = ODPP_LOCAL;
- }
return 0;
/* Ethernet header. */
if ((wc->wildcards & (FWW_DL_DST | FWW_ETH_MCAST))
!= (FWW_DL_DST | FWW_ETH_MCAST)) {
return NXM_DUP_TYPE;
- } else if (eth_addr_equals(mask, eth_mcast_1)) {
- wc->wildcards &= ~FWW_ETH_MCAST;
- flow->dl_dst[0] = *(uint8_t *) value & 0x01;
- } else if (eth_addr_equals(mask, eth_mcast_0)) {
- wc->wildcards &= ~FWW_DL_DST;
- memcpy(flow->dl_dst, value, ETH_ADDR_LEN);
- flow->dl_dst[0] &= 0xfe;
- } else if (eth_addr_equals(mask, eth_all_0s)) {
- return 0;
- } else if (eth_addr_equals(mask, eth_all_1s)) {
- wc->wildcards &= ~(FWW_DL_DST | FWW_ETH_MCAST);
- memcpy(flow->dl_dst, value, ETH_ADDR_LEN);
+ } else if (flow_wildcards_is_dl_dst_mask_valid(mask)) {
+ cls_rule_set_dl_dst_masked(rule, value, mask);
return 0;
} else {
return NXM_BAD_MASK;
return 0;
}
+ /* IPv6 addresses. */
+ case NFI_NXM_NX_IPV6_SRC:
+ if (!ipv6_mask_is_any(&wc->ipv6_src_mask)) {
+ return NXM_DUP_TYPE;
+ } else {
+ struct in6_addr ipv6;
+ memcpy(&ipv6, value, sizeof ipv6);
+ cls_rule_set_ipv6_src(rule, &ipv6);
+ return 0;
+ }
+ case NFI_NXM_NX_IPV6_SRC_W:
+ if (!ipv6_mask_is_any(&wc->ipv6_src_mask)) {
+ return NXM_DUP_TYPE;
+ } else {
+ struct in6_addr ipv6, netmask;
+ memcpy(&ipv6, value, sizeof ipv6);
+ memcpy(&netmask, mask, sizeof netmask);
+ if (!cls_rule_set_ipv6_src_masked(rule, &ipv6, &netmask)) {
+ return NXM_BAD_MASK;
+ }
+ return 0;
+ }
+ case NFI_NXM_NX_IPV6_DST:
+ if (!ipv6_mask_is_any(&wc->ipv6_dst_mask)) {
+ return NXM_DUP_TYPE;
+ } else {
+ struct in6_addr ipv6;
+ memcpy(&ipv6, value, sizeof ipv6);
+ cls_rule_set_ipv6_dst(rule, &ipv6);
+ return 0;
+ }
+ case NFI_NXM_NX_IPV6_DST_W:
+ if (!ipv6_mask_is_any(&wc->ipv6_dst_mask)) {
+ return NXM_DUP_TYPE;
+ } else {
+ struct in6_addr ipv6, netmask;
+ memcpy(&ipv6, value, sizeof ipv6);
+ memcpy(&netmask, mask, sizeof netmask);
+ if (!cls_rule_set_ipv6_dst_masked(rule, &ipv6, &netmask)) {
+ return NXM_BAD_MASK;
+ }
+ return 0;
+ }
+
/* TCP header. */
case NFI_NXM_OF_TCP_SRC:
flow->tp_src = get_unaligned_be16(value);
flow->tp_dst = htons(*(uint8_t *) value);
return 0;
+ /* ICMPv6 header. */
+ case NFI_NXM_NX_ICMPV6_TYPE:
+ flow->tp_src = htons(*(uint8_t *) value);
+ return 0;
+ case NFI_NXM_NX_ICMPV6_CODE:
+ flow->tp_dst = htons(*(uint8_t *) value);
+ return 0;
+
+ /* IPv6 Neighbor Discovery. */
+ case NFI_NXM_NX_ND_TARGET:
+ /* We've already verified that it's an ICMPv6 message. */
+ if ((flow->tp_src != htons(ND_NEIGHBOR_SOLICIT))
+ && (flow->tp_src != htons(ND_NEIGHBOR_ADVERT))) {
+ return NXM_BAD_PREREQ;
+ }
+ memcpy(&flow->nd_target, value, sizeof flow->nd_target);
+ return 0;
+ case NFI_NXM_NX_ND_SLL:
+ /* We've already verified that it's an ICMPv6 message. */
+ if (flow->tp_src != htons(ND_NEIGHBOR_SOLICIT)) {
+ return NXM_BAD_PREREQ;
+ }
+ memcpy(flow->arp_sha, value, ETH_ADDR_LEN);
+ return 0;
+ case NFI_NXM_NX_ND_TLL:
+ /* We've already verified that it's an ICMPv6 message. */
+ if (flow->tp_src != htons(ND_NEIGHBOR_ADVERT)) {
+ return NXM_BAD_PREREQ;
+ }
+ memcpy(flow->arp_tha, value, ETH_ADDR_LEN);
+ return 0;
+
/* ARP header. */
case NFI_NXM_OF_ARP_OP:
if (ntohs(get_unaligned_be16(value)) > 255) {
static bool
nxm_prereqs_ok(const struct nxm_field *field, const struct flow *flow)
{
- return (!field->dl_type
- || (field->dl_type == flow->dl_type
- && (!field->nw_proto || field->nw_proto == flow->nw_proto)));
+ if (field->nw_proto && field->nw_proto != flow->nw_proto) {
+ return false;
+ }
+
+ if (!field->dl_type[0]) {
+ return true;
+ } else if (field->dl_type[0] == flow->dl_type) {
+ return true;
+ } else if (field->dl_type[1] && field->dl_type[1] == flow->dl_type) {
+ return true;
+ }
+
+ return false;
}
static uint32_t
static void
nxm_put_eth_dst(struct ofpbuf *b,
- uint32_t wc, const uint8_t value[ETH_ADDR_LEN])
+ flow_wildcards_t wc, const uint8_t value[ETH_ADDR_LEN])
{
switch (wc & (FWW_DL_DST | FWW_ETH_MCAST)) {
case FWW_DL_DST | FWW_ETH_MCAST:
break;
- case FWW_DL_DST:
- nxm_put_header(b, NXM_OF_ETH_DST_W);
- ofpbuf_put(b, value, ETH_ADDR_LEN);
- ofpbuf_put(b, eth_mcast_1, ETH_ADDR_LEN);
- break;
- case FWW_ETH_MCAST:
+ default:
nxm_put_header(b, NXM_OF_ETH_DST_W);
ofpbuf_put(b, value, ETH_ADDR_LEN);
- ofpbuf_put(b, eth_mcast_0, ETH_ADDR_LEN);
+ ofpbuf_put(b, flow_wildcards_to_dl_dst_mask(wc), ETH_ADDR_LEN);
break;
case 0:
nxm_put_eth(b, NXM_OF_ETH_DST, value);
}
}
+static void
+nxm_put_ipv6(struct ofpbuf *b, uint32_t header,
+ const struct in6_addr *value, const struct in6_addr *mask)
+{
+ if (ipv6_mask_is_any(mask)) {
+ return;
+ } else if (ipv6_mask_is_exact(mask)) {
+ nxm_put_header(b, header);
+ ofpbuf_put(b, value, sizeof *value);
+ } else {
+ nxm_put_header(b, NXM_MAKE_WILD_HEADER(header));
+ ofpbuf_put(b, value, sizeof *value);
+ ofpbuf_put(b, mask, sizeof *mask);
+ }
+}
+
/* Appends to 'b' the nx_match format that expresses 'cr' (except for
* 'cr->priority', because priority is not part of nx_match), plus enough
* zero bytes to pad the nx_match out to a multiple of 8.
int match_len;
int i;
+ BUILD_ASSERT_DECL(FLOW_WC_SEQ == 1);
+
/* Metadata. */
if (!(wc & FWW_IN_PORT)) {
uint16_t in_port = flow->in_port;
- if (in_port == ODPP_LOCAL) {
- in_port = OFPP_LOCAL;
- }
nxm_put_16(b, NXM_OF_IN_PORT, htons(in_port));
}
break;
}
}
+ } else if (!(wc & FWW_DL_TYPE) && flow->dl_type == htons(ETH_TYPE_IPV6)) {
+ /* IPv6. */
+
+ if (!(wc & FWW_NW_TOS)) {
+ nxm_put_8(b, NXM_OF_IP_TOS, flow->nw_tos & 0xfc);
+ }
+ nxm_put_ipv6(b, NXM_NX_IPV6_SRC, &flow->ipv6_src,
+ &cr->wc.ipv6_src_mask);
+ nxm_put_ipv6(b, NXM_NX_IPV6_DST, &flow->ipv6_dst,
+ &cr->wc.ipv6_dst_mask);
+
+ if (!(wc & FWW_NW_PROTO)) {
+ nxm_put_8(b, NXM_OF_IP_PROTO, flow->nw_proto);
+ switch (flow->nw_proto) {
+ /* TCP. */
+ case IPPROTO_TCP:
+ if (!(wc & FWW_TP_SRC)) {
+ nxm_put_16(b, NXM_OF_TCP_SRC, flow->tp_src);
+ }
+ if (!(wc & FWW_TP_DST)) {
+ nxm_put_16(b, NXM_OF_TCP_DST, flow->tp_dst);
+ }
+ break;
+
+ /* UDP. */
+ case IPPROTO_UDP:
+ if (!(wc & FWW_TP_SRC)) {
+ nxm_put_16(b, NXM_OF_UDP_SRC, flow->tp_src);
+ }
+ if (!(wc & FWW_TP_DST)) {
+ nxm_put_16(b, NXM_OF_UDP_DST, flow->tp_dst);
+ }
+ break;
+
+ /* ICMPv6. */
+ case IPPROTO_ICMPV6:
+ if (!(wc & FWW_TP_SRC)) {
+ nxm_put_8(b, NXM_NX_ICMPV6_TYPE, ntohs(flow->tp_src));
+
+ if (flow->tp_src == htons(ND_NEIGHBOR_SOLICIT) ||
+ flow->tp_src == htons(ND_NEIGHBOR_ADVERT)) {
+ if (!(wc & FWW_ND_TARGET)) {
+ nxm_put_ipv6(b, NXM_NX_ND_TARGET, &flow->nd_target,
+ &in6addr_exact);
+ }
+ if (!(wc & FWW_ARP_SHA)
+ && flow->tp_src == htons(ND_NEIGHBOR_SOLICIT)) {
+ nxm_put_eth(b, NXM_NX_ND_SLL, flow->arp_sha);
+ }
+ if (!(wc & FWW_ARP_THA)
+ && flow->tp_src == htons(ND_NEIGHBOR_ADVERT)) {
+ nxm_put_eth(b, NXM_NX_ND_TLL, flow->arp_tha);
+ }
+ }
+ }
+ if (!(wc & FWW_TP_DST)) {
+ nxm_put_8(b, NXM_NX_ICMPV6_CODE, ntohs(flow->tp_dst));
+ }
+ break;
+ }
+ }
} else if (!(wc & FWW_DL_TYPE) && flow->dl_type == htons(ETH_TYPE_ARP)) {
/* ARP. */
if (!(wc & FWW_NW_PROTO)) {
return 0;
}
+/* Given a flow, checks that the destination field represented by 'dst_header'
+ * and 'ofs_nbits' is valid and large enough for 'min_n_bits' bits of data. */
int
-nxm_check_reg_load(const struct nx_action_reg_load *action,
- const struct flow *flow)
+nxm_dst_check(ovs_be32 dst_header, ovs_be16 ofs_nbits, size_t min_n_bits,
+ const struct flow *flow)
{
const struct nxm_field *dst;
int ofs, n_bits;
- ofs = nxm_decode_ofs(action->ofs_nbits);
- n_bits = nxm_decode_n_bits(action->ofs_nbits);
- dst = nxm_field_lookup(ntohl(action->dst));
+ ofs = nxm_decode_ofs(ofs_nbits);
+ n_bits = nxm_decode_n_bits(ofs_nbits);
+ dst = nxm_field_lookup(ntohl(dst_header));
+
if (!field_ok(dst, flow, ofs + n_bits)) {
- return BAD_ARGUMENT;
+ VLOG_WARN_RL(&rl, "invalid destination field");
+ } else if (!dst->writable) {
+ VLOG_WARN_RL(&rl, "destination field is not writable");
+ } else if (n_bits < min_n_bits) {
+ VLOG_WARN_RL(&rl, "insufficient bits in destination");
+ } else {
+ return 0;
+ }
+
+ return BAD_ARGUMENT;
+}
+
+int
+nxm_check_reg_load(const struct nx_action_reg_load *action,
+ const struct flow *flow)
+{
+ int n_bits;
+ int error;
+
+ error = nxm_dst_check(action->dst, action->ofs_nbits, 0, flow);
+ if (error) {
+ return error;
}
/* Reject 'action' if a bit numbered 'n_bits' or higher is set to 1 in
* action->value. */
+ n_bits = nxm_decode_n_bits(action->ofs_nbits);
if (n_bits < 64 && ntohll(action->value) >> n_bits) {
return BAD_ARGUMENT;
}
- if (!dst->writable) {
- return BAD_ARGUMENT;
- }
-
return 0;
}
\f
{
switch (src->index) {
case NFI_NXM_OF_IN_PORT:
- return flow->in_port == ODPP_LOCAL ? OFPP_LOCAL : flow->in_port;
+ return flow->in_port;
case NFI_NXM_OF_ETH_DST:
return eth_addr_to_uint64(flow->dl_dst);
return ntohs(flow->tp_dst);
case NFI_NXM_OF_ICMP_TYPE:
+ case NFI_NXM_NX_ICMPV6_TYPE:
return ntohs(flow->tp_src) & 0xff;
case NFI_NXM_OF_ICMP_CODE:
+ case NFI_NXM_NX_ICMPV6_CODE:
return ntohs(flow->tp_dst) & 0xff;
case NFI_NXM_NX_TUN_ID:
#endif
case NFI_NXM_NX_ARP_SHA:
+ case NFI_NXM_NX_ND_SLL:
return eth_addr_to_uint64(flow->arp_sha);
case NFI_NXM_NX_ARP_THA:
+ case NFI_NXM_NX_ND_TLL:
return eth_addr_to_uint64(flow->arp_tha);
case NFI_NXM_NX_TUN_ID_W:
case NFI_NXM_OF_IP_DST_W:
case NFI_NXM_OF_ARP_SPA_W:
case NFI_NXM_OF_ARP_TPA_W:
+ case NFI_NXM_NX_IPV6_SRC:
+ case NFI_NXM_NX_IPV6_SRC_W:
+ case NFI_NXM_NX_IPV6_DST:
+ case NFI_NXM_NX_IPV6_DST_W:
+ case NFI_NXM_NX_ND_TARGET:
case N_NXM_FIELDS:
NOT_REACHED();
}
uint64_t new_value)
{
switch (dst->index) {
+ case NFI_NXM_OF_ETH_DST:
+ eth_addr_from_uint64(new_value, flow->dl_dst);
+ break;
+
+ case NFI_NXM_OF_ETH_SRC:
+ eth_addr_from_uint64(new_value, flow->dl_src);
+ break;
+
case NFI_NXM_OF_VLAN_TCI:
flow->vlan_tci = htons(new_value);
break;
#error
#endif
- case NFI_NXM_OF_IN_PORT:
- case NFI_NXM_OF_ETH_DST:
- case NFI_NXM_OF_ETH_SRC:
- case NFI_NXM_OF_ETH_TYPE:
case NFI_NXM_OF_IP_TOS:
- case NFI_NXM_OF_IP_PROTO:
- case NFI_NXM_OF_ARP_OP:
+ flow->nw_tos = new_value & IP_DSCP_MASK;
+ break;
+
case NFI_NXM_OF_IP_SRC:
- case NFI_NXM_OF_ARP_SPA:
+ flow->nw_src = htonl(new_value);
+ break;
+
case NFI_NXM_OF_IP_DST:
- case NFI_NXM_OF_ARP_TPA:
+ flow->nw_dst = htonl(new_value);
+ break;
+
case NFI_NXM_OF_TCP_SRC:
case NFI_NXM_OF_UDP_SRC:
+ flow->tp_src = htons(new_value);
+ break;
+
case NFI_NXM_OF_TCP_DST:
case NFI_NXM_OF_UDP_DST:
+ flow->tp_dst = htons(new_value);
+ break;
+
+ case NFI_NXM_OF_IN_PORT:
+ case NFI_NXM_OF_ETH_TYPE:
+ case NFI_NXM_OF_IP_PROTO:
+ case NFI_NXM_OF_ARP_OP:
+ case NFI_NXM_OF_ARP_SPA:
+ case NFI_NXM_OF_ARP_TPA:
case NFI_NXM_OF_ICMP_TYPE:
case NFI_NXM_OF_ICMP_CODE:
case NFI_NXM_NX_TUN_ID_W:
case NFI_NXM_OF_ARP_TPA_W:
case NFI_NXM_NX_ARP_SHA:
case NFI_NXM_NX_ARP_THA:
+ case NFI_NXM_NX_IPV6_SRC:
+ case NFI_NXM_NX_IPV6_SRC_W:
+ case NFI_NXM_NX_IPV6_DST:
+ case NFI_NXM_NX_IPV6_DST_W:
+ case NFI_NXM_NX_ICMPV6_TYPE:
+ case NFI_NXM_NX_ICMPV6_CODE:
+ case NFI_NXM_NX_ND_TARGET:
+ case NFI_NXM_NX_ND_SLL:
+ case NFI_NXM_NX_ND_TLL:
case N_NXM_FIELDS:
NOT_REACHED();
}
/* Get the interesting bits of the source field. */
const struct nxm_field *src = nxm_field_lookup(ntohl(action->src));
int src_ofs = ntohs(action->src_ofs);
- uint64_t src_data = nxm_read_field(src, flow) & (mask << src_ofs);
-
- /* Get the remaining bits of the destination field. */
- const struct nxm_field *dst = nxm_field_lookup(ntohl(action->dst));
- int dst_ofs = ntohs(action->dst_ofs);
- uint64_t dst_data = nxm_read_field(dst, flow) & ~(mask << dst_ofs);
+ uint64_t src_data = (nxm_read_field(src, flow) >> src_ofs) & mask;
- /* Get the final value. */
- uint64_t new_data = dst_data | ((src_data >> src_ofs) << dst_ofs);
-
- nxm_write_field(dst, flow, new_data);
+ nxm_reg_load(action->dst,
+ nxm_encode_ofs_nbits(ntohs(action->dst_ofs), n_bits),
+ src_data, flow);
}
void
nxm_execute_reg_load(const struct nx_action_reg_load *action,
struct flow *flow)
{
- /* Preparation. */
- int n_bits = nxm_decode_n_bits(action->ofs_nbits);
- uint64_t mask = n_bits == 64 ? UINT64_MAX : (UINT64_C(1) << n_bits) - 1;
+ nxm_reg_load(action->dst, action->ofs_nbits, ntohll(action->value), flow);
+}
- /* Get source data. */
- uint64_t src_data = ntohll(action->value);
+/* Calculates ofs and n_bits from the given 'ofs_nbits' parameter, and copies
+ * 'src_data'[0:n_bits] to 'dst_header'[ofs:ofs+n_bits] in the given 'flow'. */
+void
+nxm_reg_load(ovs_be32 dst_header, ovs_be16 ofs_nbits, uint64_t src_data,
+ struct flow *flow)
+{
+ int n_bits = nxm_decode_n_bits(ofs_nbits);
+ int dst_ofs = nxm_decode_ofs(ofs_nbits);
+ uint64_t mask = n_bits == 64 ? UINT64_MAX : (UINT64_C(1) << n_bits) - 1;
/* Get remaining bits of the destination field. */
- const struct nxm_field *dst = nxm_field_lookup(ntohl(action->dst));
- int dst_ofs = nxm_decode_ofs(action->ofs_nbits);
+ const struct nxm_field *dst = nxm_field_lookup(ntohl(dst_header));
uint64_t dst_data = nxm_read_field(dst, flow) & ~(mask << dst_ofs);
/* Get the final value. */