#include "ofp-print.h"
#include <errno.h>
#include <inttypes.h>
+#include <netinet/icmp6.h>
#include <stdlib.h>
#include "autopath.h"
+#include "bundle.h"
#include "byte-order.h"
#include "classifier.h"
#include "dynamic-string.h"
VLOG_DEFINE_THIS_MODULE(ofp_util);
-static ovs_be32 normalize_wildcards(const struct ofp_match *);
-
/* Rate limit for OpenFlow message parse errors. These always indicate a bug
* in the peer and so there's not much point in showing a lot of them. */
static struct vlog_rate_limit bad_ofmsg_rl = VLOG_RATE_LIMIT_INIT(1, 5);
/* WC_INVARIANTS is the invariant bits (as defined on WC_INVARIANT_LIST) all
* OR'd together. */
-enum {
- WC_INVARIANTS = 0
+static const flow_wildcards_t WC_INVARIANTS = 0
#define WC_INVARIANT_BIT(NAME) | FWW_##NAME
WC_INVARIANT_LIST
#undef WC_INVARIANT_BIT
-};
+;
-/* Converts the ofp_match in 'match' into a cls_rule in 'rule', with the given
- * 'priority'. */
+/* Converts the wildcard in 'ofpfw' into a flow_wildcards in 'wc' for use in
+ * struct cls_rule. It is the caller's responsibility to handle the special
+ * case where the flow match's dl_vlan is set to OFP_VLAN_NONE. */
void
-ofputil_cls_rule_from_match(const struct ofp_match *match,
- unsigned int priority, struct cls_rule *rule)
+ofputil_wildcard_from_openflow(uint32_t ofpfw, struct flow_wildcards *wc)
{
- struct flow_wildcards *wc = &rule->wc;
- unsigned int ofpfw;
- ovs_be16 vid, pcp;
-
- /* Initialize rule->priority. */
- ofpfw = ntohl(match->wildcards) & OFPFW_ALL;
- rule->priority = !ofpfw ? UINT16_MAX : priority;
+ BUILD_ASSERT_DECL(FLOW_WC_SEQ == 1);
/* Initialize most of rule->wc. */
flow_wildcards_init_catchall(wc);
- wc->wildcards = ofpfw & WC_INVARIANTS;
+ wc->wildcards = (OVS_FORCE flow_wildcards_t) ofpfw & WC_INVARIANTS;
/* Wildcard fields that aren't defined by ofp_match or tun_id. */
wc->wildcards |= (FWW_ARP_SHA | FWW_ARP_THA | FWW_ND_TARGET);
wc->wildcards |= FWW_ETH_MCAST;
}
+ /* VLAN TCI mask. */
+ if (!(ofpfw & OFPFW_DL_VLAN_PCP)) {
+ wc->vlan_tci_mask |= htons(VLAN_PCP_MASK | VLAN_CFI);
+ }
+ if (!(ofpfw & OFPFW_DL_VLAN)) {
+ wc->vlan_tci_mask |= htons(VLAN_VID_MASK | VLAN_CFI);
+ }
+}
+
+/* Converts the ofp_match in 'match' into a cls_rule in 'rule', with the given
+ * 'priority'. */
+void
+ofputil_cls_rule_from_match(const struct ofp_match *match,
+ unsigned int priority, struct cls_rule *rule)
+{
+ uint32_t ofpfw = ntohl(match->wildcards) & OFPFW_ALL;
+
+ /* Initialize rule->priority, rule->wc. */
+ rule->priority = !ofpfw ? UINT16_MAX : priority;
+ ofputil_wildcard_from_openflow(ofpfw, &rule->wc);
+
/* Initialize most of rule->flow. */
rule->flow.nw_src = match->nw_src;
rule->flow.nw_dst = match->nw_dst;
- rule->flow.in_port = (match->in_port == htons(OFPP_LOCAL) ? ODPP_LOCAL
- : ntohs(match->in_port));
+ rule->flow.in_port = ntohs(match->in_port);
rule->flow.dl_type = ofputil_dl_type_from_openflow(match->dl_type);
rule->flow.tp_src = match->tp_src;
rule->flow.tp_dst = match->tp_dst;
rule->flow.nw_proto = match->nw_proto;
/* Translate VLANs. */
- vid = match->dl_vlan & htons(VLAN_VID_MASK);
- pcp = htons((match->dl_vlan_pcp << VLAN_PCP_SHIFT) & VLAN_PCP_MASK);
- switch (ofpfw & (OFPFW_DL_VLAN | OFPFW_DL_VLAN_PCP)) {
- case OFPFW_DL_VLAN | OFPFW_DL_VLAN_PCP:
- /* Wildcard everything. */
+ if (!(ofpfw & OFPFW_DL_VLAN) && match->dl_vlan == htons(OFP_VLAN_NONE)) {
+ /* Match only packets without 802.1Q header.
+ *
+ * When OFPFW_DL_VLAN_PCP is wildcarded, this is obviously correct.
+ *
+ * If OFPFW_DL_VLAN_PCP is matched, the flow match is contradictory,
+ * because we can't have a specific PCP without an 802.1Q header.
+ * However, older versions of OVS treated this as matching packets
+ * withut an 802.1Q header, so we do here too. */
rule->flow.vlan_tci = htons(0);
- rule->wc.vlan_tci_mask = htons(0);
- break;
-
- case OFPFW_DL_VLAN_PCP:
- if (match->dl_vlan == htons(OFP_VLAN_NONE)) {
- /* Match only packets without 802.1Q header. */
- rule->flow.vlan_tci = htons(0);
- rule->wc.vlan_tci_mask = htons(0xffff);
- } else {
- /* Wildcard PCP, specific VID. */
- rule->flow.vlan_tci = vid | htons(VLAN_CFI);
- rule->wc.vlan_tci_mask = htons(VLAN_VID_MASK | VLAN_CFI);
- }
- break;
-
- case OFPFW_DL_VLAN:
- /* Wildcard VID, specific PCP. */
- rule->flow.vlan_tci = pcp | htons(VLAN_CFI);
- rule->wc.vlan_tci_mask = htons(VLAN_PCP_MASK | VLAN_CFI);
- break;
+ rule->wc.vlan_tci_mask = htons(0xffff);
+ } else {
+ ovs_be16 vid, pcp, tci;
- case 0:
- if (match->dl_vlan == htons(OFP_VLAN_NONE)) {
- /* This case is odd, since we can't have a specific PCP without an
- * 802.1Q header. However, older versions of OVS treated this as
- * matching packets withut an 802.1Q header, so we do here too. */
- rule->flow.vlan_tci = htons(0);
- rule->wc.vlan_tci_mask = htons(0xffff);
- } else {
- /* Specific VID and PCP. */
- rule->flow.vlan_tci = vid | pcp | htons(VLAN_CFI);
- rule->wc.vlan_tci_mask = htons(0xffff);
- }
- break;
+ vid = match->dl_vlan & htons(VLAN_VID_MASK);
+ pcp = htons((match->dl_vlan_pcp << VLAN_PCP_SHIFT) & VLAN_PCP_MASK);
+ tci = vid | pcp | htons(VLAN_CFI);
+ rule->flow.vlan_tci = tci & rule->wc.vlan_tci_mask;
}
/* Clean up. */
ofputil_cls_rule_to_match(const struct cls_rule *rule, struct ofp_match *match)
{
const struct flow_wildcards *wc = &rule->wc;
- unsigned int ofpfw;
+ uint32_t ofpfw;
/* Figure out most OpenFlow wildcards. */
- ofpfw = wc->wildcards & WC_INVARIANTS;
+ ofpfw = (OVS_FORCE uint32_t) (wc->wildcards & WC_INVARIANTS);
ofpfw |= ofputil_netmask_to_wcbits(wc->nw_src_mask) << OFPFW_NW_SRC_SHIFT;
ofpfw |= ofputil_netmask_to_wcbits(wc->nw_dst_mask) << OFPFW_NW_DST_SHIFT;
if (wc->wildcards & FWW_NW_TOS) {
/* Compose most of the match structure. */
match->wildcards = htonl(ofpfw);
- match->in_port = htons(rule->flow.in_port == ODPP_LOCAL ? OFPP_LOCAL
- : rule->flow.in_port);
+ match->in_port = htons(rule->flow.in_port);
memcpy(match->dl_src, rule->flow.dl_src, ETH_ADDR_LEN);
memcpy(match->dl_dst, rule->flow.dl_dst, ETH_ADDR_LEN);
match->dl_type = ofputil_dl_type_to_openflow(rule->flow.dl_type);
ofputil_decode_vendor(const struct ofp_header *oh,
const struct ofputil_msg_type **typep)
{
+ BUILD_ASSERT_DECL(sizeof(struct nxt_set_flow_format)
+ != sizeof(struct nxt_flow_mod_table_id));
+
static const struct ofputil_msg_type nxt_messages[] = {
{ OFPUTIL_NXT_ROLE_REQUEST,
NXT_ROLE_REQUEST, "NXT_ROLE_REQUEST",
{ OFPUTIL_NXT_FLOW_REMOVED,
NXT_FLOW_REMOVED, "NXT_FLOW_REMOVED",
sizeof(struct nx_flow_removed), 8 },
+
+ { OFPUTIL_NXT_FLOW_MOD_TABLE_ID,
+ NXT_FLOW_MOD_TABLE_ID, "NXT_FLOW_MOD_TABLE_ID",
+ sizeof(struct nxt_flow_mod_table_id), 0 },
};
static const struct ofputil_msg_category nxt_category = {
static int
check_nxstats_msg(const struct ofp_header *oh)
{
- const struct ofp_stats_request *osr;
+ const struct ofp_stats_msg *osm = (const struct ofp_stats_msg *) oh;
ovs_be32 vendor;
- osr = (const struct ofp_stats_request *) oh;
-
- memcpy(&vendor, osr->body, sizeof vendor);
+ memcpy(&vendor, osm + 1, sizeof vendor);
if (vendor != htonl(NX_VENDOR_ID)) {
VLOG_WARN_RL(&bad_ofmsg_rl, "received vendor stats message for "
"unknown vendor %"PRIx32, ntohl(vendor));
return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_VENDOR);
}
- if (ntohs(osr->header.length) < sizeof(struct nicira_stats_msg)) {
+ if (ntohs(osm->header.length) < sizeof(struct nicira_stats_msg)) {
VLOG_WARN_RL(&bad_ofmsg_rl, "truncated Nicira stats message");
return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN);
}
ofputil_decode_ofpst_request(const struct ofp_header *oh,
const struct ofputil_msg_type **typep)
{
- enum { OSR_SIZE = sizeof(struct ofp_stats_request) };
static const struct ofputil_msg_type ofpst_requests[] = {
{ OFPUTIL_OFPST_DESC_REQUEST,
OFPST_DESC, "OFPST_DESC request",
- OSR_SIZE, 0 },
+ sizeof(struct ofp_stats_msg), 0 },
{ OFPUTIL_OFPST_FLOW_REQUEST,
OFPST_FLOW, "OFPST_FLOW request",
- OSR_SIZE + sizeof(struct ofp_flow_stats_request), 0 },
+ sizeof(struct ofp_flow_stats_request), 0 },
{ OFPUTIL_OFPST_AGGREGATE_REQUEST,
OFPST_AGGREGATE, "OFPST_AGGREGATE request",
- OSR_SIZE + sizeof(struct ofp_aggregate_stats_request), 0 },
+ sizeof(struct ofp_flow_stats_request), 0 },
{ OFPUTIL_OFPST_TABLE_REQUEST,
OFPST_TABLE, "OFPST_TABLE request",
- OSR_SIZE, 0 },
+ sizeof(struct ofp_stats_msg), 0 },
{ OFPUTIL_OFPST_PORT_REQUEST,
OFPST_PORT, "OFPST_PORT request",
- OSR_SIZE + sizeof(struct ofp_port_stats_request), 0 },
+ sizeof(struct ofp_port_stats_request), 0 },
{ OFPUTIL_OFPST_QUEUE_REQUEST,
OFPST_QUEUE, "OFPST_QUEUE request",
- OSR_SIZE + sizeof(struct ofp_queue_stats_request), 0 },
+ sizeof(struct ofp_queue_stats_request), 0 },
{ 0,
OFPST_VENDOR, "OFPST_VENDOR request",
- OSR_SIZE + sizeof(uint32_t), 1 },
+ sizeof(struct ofp_vendor_stats_msg), 1 },
};
static const struct ofputil_msg_category ofpst_request_category = {
OFP_MKERR(OFPET_BAD_REQUEST, OFPBRC_BAD_STAT)
};
- const struct ofp_stats_request *osr;
+ const struct ofp_stats_msg *request = (const struct ofp_stats_msg *) oh;
int error;
- osr = (const struct ofp_stats_request *) oh;
error = ofputil_lookup_openflow_message(&ofpst_request_category,
- ntohs(osr->type),
+ ntohs(request->type),
ntohs(oh->length), typep);
- if (!error && osr->type == htons(OFPST_VENDOR)) {
+ if (!error && request->type == htons(OFPST_VENDOR)) {
error = ofputil_decode_nxst_request(oh, typep);
}
return error;
ofputil_decode_ofpst_reply(const struct ofp_header *oh,
const struct ofputil_msg_type **typep)
{
- enum { OSR_SIZE = sizeof(struct ofp_stats_reply) };
static const struct ofputil_msg_type ofpst_replies[] = {
{ OFPUTIL_OFPST_DESC_REPLY,
OFPST_DESC, "OFPST_DESC reply",
- OSR_SIZE + sizeof(struct ofp_desc_stats), 0 },
+ sizeof(struct ofp_desc_stats), 0 },
{ OFPUTIL_OFPST_FLOW_REPLY,
OFPST_FLOW, "OFPST_FLOW reply",
- OSR_SIZE, 1 },
+ sizeof(struct ofp_stats_msg), 1 },
{ OFPUTIL_OFPST_AGGREGATE_REPLY,
OFPST_AGGREGATE, "OFPST_AGGREGATE reply",
- OSR_SIZE + sizeof(struct ofp_aggregate_stats_reply), 0 },
+ sizeof(struct ofp_aggregate_stats_reply), 0 },
{ OFPUTIL_OFPST_TABLE_REPLY,
OFPST_TABLE, "OFPST_TABLE reply",
- OSR_SIZE, sizeof(struct ofp_table_stats) },
+ sizeof(struct ofp_stats_msg), sizeof(struct ofp_table_stats) },
{ OFPUTIL_OFPST_PORT_REPLY,
OFPST_PORT, "OFPST_PORT reply",
- OSR_SIZE, sizeof(struct ofp_port_stats) },
+ sizeof(struct ofp_stats_msg), sizeof(struct ofp_port_stats) },
{ OFPUTIL_OFPST_QUEUE_REPLY,
OFPST_QUEUE, "OFPST_QUEUE reply",
- OSR_SIZE, sizeof(struct ofp_queue_stats) },
+ sizeof(struct ofp_stats_msg), sizeof(struct ofp_queue_stats) },
{ 0,
OFPST_VENDOR, "OFPST_VENDOR reply",
- OSR_SIZE + sizeof(uint32_t), 1 },
+ sizeof(struct ofp_vendor_stats_msg), 1 },
};
static const struct ofputil_msg_category ofpst_reply_category = {
OFP_MKERR(OFPET_BAD_REQUEST, OFPBRC_BAD_STAT)
};
- const struct ofp_stats_reply *osr = (const struct ofp_stats_reply *) oh;
+ const struct ofp_stats_msg *reply = (const struct ofp_stats_msg *) oh;
int error;
error = ofputil_lookup_openflow_message(&ofpst_reply_category,
- ntohs(osr->type),
+ ntohs(reply->type),
ntohs(oh->length), typep);
- if (!error && osr->type == htons(OFPST_VENDOR)) {
+ if (!error && reply->type == htons(OFPST_VENDOR)) {
error = ofputil_decode_nxst_reply(oh, typep);
}
return error;
{ 0,
OFPT_STATS_REQUEST, "OFPT_STATS_REQUEST",
- sizeof(struct ofp_stats_request), 1 },
+ sizeof(struct ofp_stats_msg), 1 },
{ 0,
OFPT_STATS_REPLY, "OFPT_STATS_REPLY",
- sizeof(struct ofp_stats_reply), 1 },
+ sizeof(struct ofp_stats_msg), 1 },
{ OFPUTIL_OFPT_BARRIER_REQUEST,
OFPT_BARRIER_REQUEST, "OFPT_BARRIER_REQUEST",
}
if (error) {
static const struct ofputil_msg_type ofputil_invalid_type = {
- OFPUTIL_INVALID,
- 0, "OFPUTIL_INVALID",
+ OFPUTIL_MSG_INVALID,
+ 0, "OFPUTIL_MSG_INVALID",
0, 0
};
{
const struct flow_wildcards *wc = &rule->wc;
+ BUILD_ASSERT_DECL(FLOW_WC_SEQ == 1);
+
/* Only NXM supports separately wildcards the Ethernet multicast bit. */
if (!(wc->wildcards & FWW_DL_DST) != !(wc->wildcards & FWW_ETH_MCAST)) {
return NXFF_NXM;
return msg;
}
+/* Returns an OpenFlow message that can be used to turn the flow_mod_table_id
+ * extension on or off (according to 'flow_mod_table_id'). */
+struct ofpbuf *
+ofputil_make_flow_mod_table_id(bool flow_mod_table_id)
+{
+ struct nxt_flow_mod_table_id *nfmti;
+ struct ofpbuf *msg;
+
+ nfmti = make_nxmsg(sizeof *nfmti, NXT_FLOW_MOD_TABLE_ID, &msg);
+ nfmti->set = flow_mod_table_id;
+ return msg;
+}
+
/* Converts an OFPT_FLOW_MOD or NXT_FLOW_MOD message 'oh' into an abstract
* flow_mod in 'fm'. Returns 0 if successful, otherwise an OpenFlow error
* code.
*
+ * 'flow_mod_table_id' should be true if the NXT_FLOW_MOD_TABLE_ID extension is
+ * enabled, false otherwise.
+ *
* Does not validate the flow_mod actions. */
int
-ofputil_decode_flow_mod(struct flow_mod *fm, const struct ofp_header *oh)
+ofputil_decode_flow_mod(struct ofputil_flow_mod *fm,
+ const struct ofp_header *oh, bool flow_mod_table_id)
{
const struct ofputil_msg_type *type;
+ uint16_t command;
struct ofpbuf b;
ofpbuf_use_const(&b, oh, ntohs(oh->length));
/* Standard OpenFlow flow_mod. */
const struct ofp_flow_mod *ofm;
uint16_t priority;
- ovs_be32 wc;
int error;
/* Dissect the message. */
/* Set priority based on original wildcards. Normally we'd allow
* ofputil_cls_rule_from_match() to do this for us, but
- * normalize_wildcards() can put wildcards where the original flow
+ * ofputil_normalize_rule() can put wildcards where the original flow
* didn't have them. */
priority = ntohs(ofm->priority);
if (!(ofm->match.wildcards & htonl(OFPFW_ALL))) {
priority = UINT16_MAX;
}
- /* Normalize ofm->match. If normalization actually changes anything,
- * then log the differences. */
- wc = normalize_wildcards(&ofm->match);
- if (wc == ofm->match.wildcards) {
- ofputil_cls_rule_from_match(&ofm->match, priority, &fm->cr);
- } else {
- struct ofp_match match = ofm->match;
- match.wildcards = wc;
- ofputil_cls_rule_from_match(&match, priority, &fm->cr);
-
- if (!VLOG_DROP_INFO(&bad_ofmsg_rl)) {
- char *pre = ofp_match_to_string(&ofm->match, 1);
- char *post = ofp_match_to_string(&match, 1);
- VLOG_INFO("normalization changed ofp_match, details:");
- VLOG_INFO(" pre: %s", pre);
- VLOG_INFO("post: %s", post);
- free(pre);
- free(post);
- }
- }
+ /* Translate the rule. */
+ ofputil_cls_rule_from_match(&ofm->match, priority, &fm->cr);
+ ofputil_normalize_rule(&fm->cr, NXFF_OPENFLOW10);
/* Translate the message. */
fm->cookie = ofm->cookie;
- fm->command = ntohs(ofm->command);
+ command = ntohs(ofm->command);
fm->idle_timeout = ntohs(ofm->idle_timeout);
fm->hard_timeout = ntohs(ofm->hard_timeout);
fm->buffer_id = ntohl(ofm->buffer_id);
/* Translate the message. */
fm->cookie = nfm->cookie;
- fm->command = ntohs(nfm->command);
+ command = ntohs(nfm->command);
fm->idle_timeout = ntohs(nfm->idle_timeout);
fm->hard_timeout = ntohs(nfm->hard_timeout);
fm->buffer_id = ntohl(nfm->buffer_id);
NOT_REACHED();
}
+ if (flow_mod_table_id) {
+ fm->command = command & 0xff;
+ fm->table_id = command >> 8;
+ } else {
+ fm->command = command;
+ fm->table_id = 0xff;
+ }
+
return 0;
}
/* Converts 'fm' into an OFPT_FLOW_MOD or NXT_FLOW_MOD message according to
- * 'flow_format' and returns the message. */
+ * 'flow_format' and returns the message.
+ *
+ * 'flow_mod_table_id' should be true if the NXT_FLOW_MOD_TABLE_ID extension is
+ * enabled, false otherwise. */
struct ofpbuf *
-ofputil_encode_flow_mod(const struct flow_mod *fm,
- enum nx_flow_format flow_format)
+ofputil_encode_flow_mod(const struct ofputil_flow_mod *fm,
+ enum nx_flow_format flow_format,
+ bool flow_mod_table_id)
{
size_t actions_len = fm->n_actions * sizeof *fm->actions;
struct ofpbuf *msg;
+ uint16_t command;
+
+ command = (flow_mod_table_id
+ ? (fm->command & 0xff) | (fm->table_id << 8)
+ : fm->command);
if (flow_format == NXFF_OPENFLOW10) {
struct ofp_flow_mod *ofm;
ofm = put_openflow(sizeof *ofm, OFPT_FLOW_MOD, msg);
ofputil_cls_rule_to_match(&fm->cr, &ofm->match);
ofm->cookie = fm->cookie;
- ofm->command = htons(fm->command);
+ ofm->command = htons(command);
ofm->idle_timeout = htons(fm->idle_timeout);
ofm->hard_timeout = htons(fm->hard_timeout);
ofm->priority = htons(fm->cr.priority);
nfm = msg->data;
nfm->cookie = fm->cookie;
- nfm->command = htons(fm->command);
+ nfm->command = htons(command);
nfm->idle_timeout = htons(fm->idle_timeout);
nfm->hard_timeout = htons(fm->hard_timeout);
nfm->priority = htons(fm->cr.priority);
}
static int
-ofputil_decode_ofpst_flow_request(struct flow_stats_request *fsr,
+ofputil_decode_ofpst_flow_request(struct ofputil_flow_stats_request *fsr,
const struct ofp_header *oh,
bool aggregate)
{
- const struct ofp_flow_stats_request *ofsr = ofputil_stats_body(oh);
+ const struct ofp_flow_stats_request *ofsr =
+ (const struct ofp_flow_stats_request *) oh;
fsr->aggregate = aggregate;
ofputil_cls_rule_from_match(&ofsr->match, 0, &fsr->match);
}
static int
-ofputil_decode_nxst_flow_request(struct flow_stats_request *fsr,
+ofputil_decode_nxst_flow_request(struct ofputil_flow_stats_request *fsr,
const struct ofp_header *oh,
bool aggregate)
{
* request 'oh', into an abstract flow_stats_request in 'fsr'. Returns 0 if
* successful, otherwise an OpenFlow error code. */
int
-ofputil_decode_flow_stats_request(struct flow_stats_request *fsr,
+ofputil_decode_flow_stats_request(struct ofputil_flow_stats_request *fsr,
const struct ofp_header *oh)
{
const struct ofputil_msg_type *type;
* OFPST_AGGREGATE, NXST_FLOW, or NXST_AGGREGATE request 'oh' according to
* 'flow_format', and returns the message. */
struct ofpbuf *
-ofputil_encode_flow_stats_request(const struct flow_stats_request *fsr,
+ofputil_encode_flow_stats_request(const struct ofputil_flow_stats_request *fsr,
enum nx_flow_format flow_format)
{
struct ofpbuf *msg;
struct ofp_flow_stats_request *ofsr;
int type;
- BUILD_ASSERT_DECL(sizeof(struct ofp_flow_stats_request)
- == sizeof(struct ofp_aggregate_stats_request));
-
type = fsr->aggregate ? OFPST_AGGREGATE : OFPST_FLOW;
- ofsr = ofputil_make_stats_request(sizeof *ofsr, type, &msg);
+ ofsr = ofputil_make_stats_request(sizeof *ofsr, type, 0, &msg);
ofputil_cls_rule_to_match(&fsr->match, &ofsr->match);
ofsr->table_id = fsr->table_id;
ofsr->out_port = htons(fsr->out_port);
int subtype;
subtype = fsr->aggregate ? NXST_AGGREGATE : NXST_FLOW;
- ofputil_make_nxstats_request(sizeof *nfsr, subtype, &msg);
+ ofputil_make_stats_request(sizeof *nfsr, OFPST_VENDOR, subtype, &msg);
match_len = nx_put_match(msg, &fsr->match);
nfsr = msg->data;
if (!msg->l2) {
msg->l2 = msg->data;
if (code == OFPUTIL_OFPST_FLOW_REPLY) {
- ofpbuf_pull(msg, sizeof(struct ofp_stats_reply));
+ ofpbuf_pull(msg, sizeof(struct ofp_stats_msg));
} else if (code == OFPUTIL_NXST_FLOW_REPLY) {
ofpbuf_pull(msg, sizeof(struct nicira_stats_msg));
} else {
return 0;
}
+/* Returns 'count' unchanged except that UINT64_MAX becomes 0.
+ *
+ * We use this in situations where OVS internally uses UINT64_MAX to mean
+ * "value unknown" but OpenFlow 1.0 does not define any unknown value. */
+static uint64_t
+unknown_to_zero(uint64_t count)
+{
+ return count != UINT64_MAX ? count : 0;
+}
+
+/* Appends an OFPST_FLOW or NXST_FLOW reply that contains the data in 'fs' to
+ * those already present in the list of ofpbufs in 'replies'. 'replies' should
+ * have been initialized with ofputil_start_stats_reply(). */
+void
+ofputil_append_flow_stats_reply(const struct ofputil_flow_stats *fs,
+ struct list *replies)
+{
+ size_t act_len = fs->n_actions * sizeof *fs->actions;
+ const struct ofp_stats_msg *osm;
+
+ osm = ofpbuf_from_list(list_back(replies))->data;
+ if (osm->type == htons(OFPST_FLOW)) {
+ size_t len = offsetof(struct ofp_flow_stats, actions) + act_len;
+ struct ofp_flow_stats *ofs;
+
+ ofs = ofputil_append_stats_reply(len, replies);
+ ofs->length = htons(len);
+ ofs->table_id = fs->table_id;
+ ofs->pad = 0;
+ ofputil_cls_rule_to_match(&fs->rule, &ofs->match);
+ ofs->duration_sec = htonl(fs->duration_sec);
+ ofs->duration_nsec = htonl(fs->duration_nsec);
+ ofs->priority = htons(fs->rule.priority);
+ ofs->idle_timeout = htons(fs->idle_timeout);
+ ofs->hard_timeout = htons(fs->hard_timeout);
+ memset(ofs->pad2, 0, sizeof ofs->pad2);
+ put_32aligned_be64(&ofs->cookie, fs->cookie);
+ put_32aligned_be64(&ofs->packet_count,
+ htonll(unknown_to_zero(fs->packet_count)));
+ put_32aligned_be64(&ofs->byte_count,
+ htonll(unknown_to_zero(fs->byte_count)));
+ memcpy(ofs->actions, fs->actions, act_len);
+ } else if (osm->type == htons(OFPST_VENDOR)) {
+ struct nx_flow_stats *nfs;
+ struct ofpbuf *msg;
+ size_t start_len;
+
+ msg = ofputil_reserve_stats_reply(
+ sizeof *nfs + NXM_MAX_LEN + act_len, replies);
+ start_len = msg->size;
+
+ nfs = ofpbuf_put_uninit(msg, sizeof *nfs);
+ nfs->table_id = fs->table_id;
+ nfs->pad = 0;
+ nfs->duration_sec = htonl(fs->duration_sec);
+ nfs->duration_nsec = htonl(fs->duration_nsec);
+ nfs->priority = htons(fs->rule.priority);
+ nfs->idle_timeout = htons(fs->idle_timeout);
+ nfs->hard_timeout = htons(fs->hard_timeout);
+ nfs->match_len = htons(nx_put_match(msg, &fs->rule));
+ memset(nfs->pad2, 0, sizeof nfs->pad2);
+ nfs->cookie = fs->cookie;
+ nfs->packet_count = htonll(fs->packet_count);
+ nfs->byte_count = htonll(fs->byte_count);
+ ofpbuf_put(msg, fs->actions, act_len);
+ nfs->length = htons(msg->size - start_len);
+ } else {
+ NOT_REACHED();
+ }
+}
+
+/* Converts abstract ofputil_aggregate_stats 'stats' into an OFPST_AGGREGATE or
+ * NXST_AGGREGATE reply according to 'flow_format', and returns the message. */
+struct ofpbuf *
+ofputil_encode_aggregate_stats_reply(
+ const struct ofputil_aggregate_stats *stats,
+ const struct ofp_stats_msg *request)
+{
+ struct ofpbuf *msg;
+
+ if (request->type == htons(OFPST_AGGREGATE)) {
+ struct ofp_aggregate_stats_reply *asr;
+
+ asr = ofputil_make_stats_reply(sizeof *asr, request, &msg);
+ put_32aligned_be64(&asr->packet_count,
+ htonll(unknown_to_zero(stats->packet_count)));
+ put_32aligned_be64(&asr->byte_count,
+ htonll(unknown_to_zero(stats->byte_count)));
+ asr->flow_count = htonl(stats->flow_count);
+ } else if (request->type == htons(OFPST_VENDOR)) {
+ struct nx_aggregate_stats_reply *nasr;
+
+ nasr = ofputil_make_stats_reply(sizeof *nasr, request, &msg);
+ assert(nasr->nsm.subtype == htonl(NXST_AGGREGATE));
+ nasr->packet_count = htonll(stats->packet_count);
+ nasr->byte_count = htonll(stats->byte_count);
+ nasr->flow_count = htonl(stats->flow_count);
+ } else {
+ NOT_REACHED();
+ }
+
+ return msg;
+}
+
/* Converts an OFPT_FLOW_REMOVED or NXT_FLOW_REMOVED message 'oh' into an
* abstract ofputil_flow_removed in 'fr'. Returns 0 if successful, otherwise
* an OpenFlow error code. */
ofr = make_openflow_xid(sizeof *ofr, OFPT_FLOW_REMOVED, htonl(0),
&msg);
ofputil_cls_rule_to_match(&fr->rule, &ofr->match);
+ ofr->cookie = fr->cookie;
ofr->priority = htons(fr->rule.priority);
ofr->reason = fr->reason;
ofr->duration_sec = htonl(fr->duration_sec);
ofr->duration_nsec = htonl(fr->duration_nsec);
ofr->idle_timeout = htons(fr->idle_timeout);
- ofr->packet_count = htonll(fr->packet_count);
- ofr->byte_count = htonll(fr->byte_count);
+ ofr->packet_count = htonll(unknown_to_zero(fr->packet_count));
+ ofr->byte_count = htonll(unknown_to_zero(fr->byte_count));
} else if (flow_format == NXFF_NXM) {
struct nx_flow_removed *nfr;
int match_len;
oh->length = htons(buffer->size);
}
-/* Creates an ofp_stats_request with the given 'type' and 'body_len' bytes of
- * space allocated for the 'body' member. Returns the first byte of the 'body'
- * member. */
+static void
+put_stats__(ovs_be32 xid, uint8_t ofp_type,
+ ovs_be16 ofpst_type, ovs_be32 nxst_subtype,
+ struct ofpbuf *msg)
+{
+ if (ofpst_type == htons(OFPST_VENDOR)) {
+ struct nicira_stats_msg *nsm;
+
+ nsm = put_openflow_xid(sizeof *nsm, ofp_type, xid, msg);
+ nsm->vsm.osm.type = ofpst_type;
+ nsm->vsm.vendor = htonl(NX_VENDOR_ID);
+ nsm->subtype = nxst_subtype;
+ } else {
+ struct ofp_stats_msg *osm;
+
+ osm = put_openflow_xid(sizeof *osm, ofp_type, xid, msg);
+ osm->type = ofpst_type;
+ }
+}
+
+/* Creates a statistics request message with total length 'openflow_len'
+ * (including all headers) and the given 'ofpst_type', and stores the buffer
+ * containing the new message in '*bufferp'. If 'ofpst_type' is OFPST_VENDOR
+ * then 'nxst_subtype' is used as the Nicira vendor extension statistics
+ * subtype (otherwise 'nxst_subtype' is ignored).
+ *
+ * Initializes bytes following the headers to all-bits-zero.
+ *
+ * Returns the first byte of the new message. */
void *
-ofputil_make_stats_request(size_t body_len, uint16_t type,
- struct ofpbuf **bufferp)
+ofputil_make_stats_request(size_t openflow_len, uint16_t ofpst_type,
+ uint32_t nxst_subtype, struct ofpbuf **bufferp)
+{
+ struct ofpbuf *msg;
+
+ msg = *bufferp = ofpbuf_new(openflow_len);
+ put_stats__(alloc_xid(), OFPT_STATS_REQUEST,
+ htons(ofpst_type), htonl(nxst_subtype), msg);
+ ofpbuf_padto(msg, openflow_len);
+
+ return msg->data;
+}
+
+static void
+put_stats_reply__(const struct ofp_stats_msg *request, struct ofpbuf *msg)
{
- struct ofp_stats_request *osr;
- osr = make_openflow((offsetof(struct ofp_stats_request, body)
- + body_len), OFPT_STATS_REQUEST, bufferp);
- osr->type = htons(type);
- osr->flags = htons(0);
- return osr->body;
+ assert(request->header.type == OFPT_STATS_REQUEST ||
+ request->header.type == OFPT_STATS_REPLY);
+ put_stats__(request->header.xid, OFPT_STATS_REPLY, request->type,
+ (request->type != htons(OFPST_VENDOR)
+ ? htonl(0)
+ : ((const struct nicira_stats_msg *) request)->subtype),
+ msg);
}
-/* Creates a stats request message with Nicira as vendor and the given
- * 'subtype', of total length 'openflow_len'. Returns the message. */
+/* Creates a statistics reply message with total length 'openflow_len'
+ * (including all headers) and the same type (either a standard OpenFlow
+ * statistics type or a Nicira extension type and subtype) as 'request', and
+ * stores the buffer containing the new message in '*bufferp'.
+ *
+ * Initializes bytes following the headers to all-bits-zero.
+ *
+ * Returns the first byte of the new message. */
void *
-ofputil_make_nxstats_request(size_t openflow_len, uint32_t subtype,
- struct ofpbuf **bufferp)
+ofputil_make_stats_reply(size_t openflow_len,
+ const struct ofp_stats_msg *request,
+ struct ofpbuf **bufferp)
{
- struct nicira_stats_msg *nsm;
+ struct ofpbuf *msg;
+
+ msg = *bufferp = ofpbuf_new(openflow_len);
+ put_stats_reply__(request, msg);
+ ofpbuf_padto(msg, openflow_len);
- nsm = make_openflow(openflow_len, OFPT_STATS_REQUEST, bufferp);
- nsm->type = htons(OFPST_VENDOR);
- nsm->flags = htons(0);
- nsm->vendor = htonl(NX_VENDOR_ID);
- nsm->subtype = htonl(subtype);
- return nsm;
+ return msg->data;
}
-/* Returns the first byte of the 'body' member of the ofp_stats_request or
- * ofp_stats_reply in 'oh'. */
+/* Initializes 'replies' as a list of ofpbufs that will contain a series of
+ * replies to 'request', which should be an OpenFlow or Nicira extension
+ * statistics request. Initially 'replies' will have a single reply message
+ * that has only a header. The functions ofputil_reserve_stats_reply() and
+ * ofputil_append_stats_reply() may be used to add to the reply. */
+void
+ofputil_start_stats_reply(const struct ofp_stats_msg *request,
+ struct list *replies)
+{
+ struct ofpbuf *msg;
+
+ msg = ofpbuf_new(1024);
+ put_stats_reply__(request, msg);
+
+ list_init(replies);
+ list_push_back(replies, &msg->list_node);
+}
+
+/* Prepares to append up to 'len' bytes to the series of statistics replies in
+ * 'replies', which should have been initialized with
+ * ofputil_start_stats_reply(). Returns an ofpbuf with at least 'len' bytes of
+ * tailroom. (The 'len' bytes have not actually be allocated; the caller must
+ * do so with e.g. ofpbuf_put_uninit().) */
+struct ofpbuf *
+ofputil_reserve_stats_reply(size_t len, struct list *replies)
+{
+ struct ofpbuf *msg = ofpbuf_from_list(list_back(replies));
+ struct ofp_stats_msg *osm = msg->data;
+
+ if (msg->size + len <= UINT16_MAX) {
+ ofpbuf_prealloc_tailroom(msg, len);
+ } else {
+ osm->flags |= htons(OFPSF_REPLY_MORE);
+
+ msg = ofpbuf_new(MAX(1024, sizeof(struct nicira_stats_msg) + len));
+ put_stats_reply__(osm, msg);
+ list_push_back(replies, &msg->list_node);
+ }
+ return msg;
+}
+
+/* Appends 'len' bytes to the series of statistics replies in 'replies', and
+ * returns the first byte. */
+void *
+ofputil_append_stats_reply(size_t len, struct list *replies)
+{
+ return ofpbuf_put_uninit(ofputil_reserve_stats_reply(len, replies), len);
+}
+
+/* Returns the first byte past the ofp_stats_msg header in 'oh'. */
const void *
ofputil_stats_body(const struct ofp_header *oh)
{
assert(oh->type == OFPT_STATS_REQUEST || oh->type == OFPT_STATS_REPLY);
- return ((const struct ofp_stats_request *) oh)->body;
+ return (const struct ofp_stats_msg *) oh + 1;
}
-/* Returns the length of the 'body' member of the ofp_stats_request or
- * ofp_stats_reply in 'oh'. */
+/* Returns the number of bytes past the ofp_stats_msg header in 'oh'. */
size_t
ofputil_stats_body_len(const struct ofp_header *oh)
{
assert(oh->type == OFPT_STATS_REQUEST || oh->type == OFPT_STATS_REPLY);
- return ntohs(oh->length) - sizeof(struct ofp_stats_request);
+ return ntohs(oh->length) - sizeof(struct ofp_stats_msg);
}
-/* Returns the first byte of the body of the nicira_stats_msg in 'oh'. */
+/* Returns the first byte past the nicira_stats_msg header in 'oh'. */
const void *
ofputil_nxstats_body(const struct ofp_header *oh)
{
return ((const struct nicira_stats_msg *) oh) + 1;
}
-/* Returns the length of the body of the nicira_stats_msg in 'oh'. */
+/* Returns the number of bytes past the nicira_stats_msg header in 'oh'. */
size_t
ofputil_nxstats_body_len(const struct ofp_header *oh)
{
return out;
}
-/* Converts the members of 'opp' from host to network byte order. */
-void
-hton_ofp_phy_port(struct ofp_phy_port *opp)
-{
- opp->port_no = htons(opp->port_no);
- opp->config = htonl(opp->config);
- opp->state = htonl(opp->state);
- opp->curr = htonl(opp->curr);
- opp->advertised = htonl(opp->advertised);
- opp->supported = htonl(opp->supported);
- opp->peer = htonl(opp->peer);
-}
-
-static int
-check_action_exact_len(const union ofp_action *a, unsigned int len,
- unsigned int required_len)
-{
- if (len != required_len) {
- VLOG_WARN_RL(&bad_ofmsg_rl, "action %"PRIu16" has invalid length "
- "%"PRIu16" (must be %u)\n",
- ntohs(a->type), ntohs(a->header.len), required_len);
- return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN);
- }
- return 0;
-}
-
-static int
-check_nx_action_exact_len(const struct nx_action_header *a,
- unsigned int len, unsigned int required_len)
-{
- if (len != required_len) {
- VLOG_WARN_RL(&bad_ofmsg_rl,
- "Nicira action %"PRIu16" has invalid length %"PRIu16" "
- "(must be %u)\n",
- ntohs(a->subtype), ntohs(a->len), required_len);
- return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN);
- }
- return 0;
-}
-
/* Checks that 'port' is a valid output port for the OFPAT_OUTPUT action, given
* that the switch will never have more than 'max_ports' ports. Returns 0 if
* 'port' is valid, otherwise an ofp_mkerr() return code. */
-static int
-check_output_port(uint16_t port, int max_ports)
+int
+ofputil_check_output_port(uint16_t port, int max_ports)
{
switch (port) {
case OFPP_IN_PORT:
if (port < max_ports) {
return 0;
}
- VLOG_WARN_RL(&bad_ofmsg_rl, "unknown output port %x", port);
return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_OUT_PORT);
}
}
-/* Checks that 'action' is a valid OFPAT_ENQUEUE action, given that the switch
- * will never have more than 'max_ports' ports. Returns 0 if 'port' is valid,
- * otherwise an ofp_mkerr() return code. */
static int
-check_enqueue_action(const union ofp_action *a, unsigned int len,
- int max_ports)
+check_resubmit_table(const struct nx_action_resubmit *nar)
{
- const struct ofp_action_enqueue *oae;
- uint16_t port;
- int error;
-
- error = check_action_exact_len(a, len, 16);
- if (error) {
- return error;
- }
-
- oae = (const struct ofp_action_enqueue *) a;
- port = ntohs(oae->port);
- if (port < max_ports || port == OFPP_IN_PORT) {
- return 0;
+ if (nar->pad[0] || nar->pad[1] || nar->pad[2]) {
+ return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT);
}
- VLOG_WARN_RL(&bad_ofmsg_rl, "unknown enqueue port %x", port);
- return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_OUT_PORT);
+ return 0;
}
-static int
-check_nicira_action(const union ofp_action *a, unsigned int len,
- const struct flow *flow)
+int
+validate_actions(const union ofp_action *actions, size_t n_actions,
+ const struct flow *flow, int max_ports)
{
- const struct nx_action_header *nah;
- int subtype;
- int error;
+ const union ofp_action *a;
+ size_t left;
- if (len < 16) {
- VLOG_WARN_RL(&bad_ofmsg_rl,
- "Nicira vendor action only %u bytes", len);
- return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN);
- }
- nah = (const struct nx_action_header *) a;
+ OFPUTIL_ACTION_FOR_EACH (a, left, actions, n_actions) {
+ uint16_t port;
+ int error;
+ int code;
- subtype = ntohs(nah->subtype);
- if (subtype > TYPE_MAXIMUM(enum nx_action_subtype)) {
- /* This is necessary because enum nx_action_subtype may be an
- * 8-bit type, so the cast below throws away the top 8 bits. */
- return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_VENDOR_TYPE);
- }
+ code = ofputil_decode_action(a);
+ if (code < 0) {
+ char *msg;
- switch ((enum nx_action_subtype) subtype) {
- case NXAST_RESUBMIT:
- case NXAST_SET_TUNNEL:
- case NXAST_DROP_SPOOFED_ARP:
- case NXAST_SET_QUEUE:
- case NXAST_POP_QUEUE:
- return check_nx_action_exact_len(nah, len, 16);
+ error = -code;
+ msg = ofputil_error_to_string(error);
+ VLOG_WARN_RL(&bad_ofmsg_rl,
+ "action decoding error at offset %td (%s)",
+ (a - actions) * sizeof *a, msg);
+ free(msg);
- case NXAST_REG_MOVE:
- error = check_nx_action_exact_len(nah, len,
- sizeof(struct nx_action_reg_move));
- if (error) {
return error;
}
- return nxm_check_reg_move((const struct nx_action_reg_move *) a, flow);
- case NXAST_REG_LOAD:
- error = check_nx_action_exact_len(nah, len,
- sizeof(struct nx_action_reg_load));
- if (error) {
- return error;
- }
- return nxm_check_reg_load((const struct nx_action_reg_load *) a, flow);
+ error = 0;
+ switch ((enum ofputil_action_code) code) {
+ case OFPUTIL_OFPAT_OUTPUT:
+ error = ofputil_check_output_port(ntohs(a->output.port),
+ max_ports);
+ break;
- case NXAST_NOTE:
- return 0;
+ case OFPUTIL_OFPAT_SET_VLAN_VID:
+ if (a->vlan_vid.vlan_vid & ~htons(0xfff)) {
+ error = ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT);
+ }
+ break;
- case NXAST_SET_TUNNEL64:
- return check_nx_action_exact_len(
- nah, len, sizeof(struct nx_action_set_tunnel64));
+ case OFPUTIL_OFPAT_SET_VLAN_PCP:
+ if (a->vlan_pcp.vlan_pcp & ~7) {
+ error = ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT);
+ }
+ break;
- case NXAST_MULTIPATH:
- error = check_nx_action_exact_len(
- nah, len, sizeof(struct nx_action_multipath));
- if (error) {
- return error;
+ case OFPUTIL_OFPAT_ENQUEUE:
+ port = ntohs(((const struct ofp_action_enqueue *) a)->port);
+ if (port >= max_ports && port != OFPP_IN_PORT) {
+ error = ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_OUT_PORT);
+ }
+ break;
+
+ case OFPUTIL_NXAST_REG_MOVE:
+ error = nxm_check_reg_move((const struct nx_action_reg_move *) a,
+ flow);
+ break;
+
+ case OFPUTIL_NXAST_REG_LOAD:
+ error = nxm_check_reg_load((const struct nx_action_reg_load *) a,
+ flow);
+ break;
+
+ case OFPUTIL_NXAST_MULTIPATH:
+ error = multipath_check((const struct nx_action_multipath *) a,
+ flow);
+ break;
+
+ case OFPUTIL_NXAST_AUTOPATH:
+ error = autopath_check((const struct nx_action_autopath *) a,
+ flow);
+ break;
+
+ case OFPUTIL_NXAST_BUNDLE:
+ case OFPUTIL_NXAST_BUNDLE_LOAD:
+ error = bundle_check((const struct nx_action_bundle *) a,
+ max_ports, flow);
+ break;
+
+ case OFPUTIL_NXAST_RESUBMIT_TABLE:
+ error = check_resubmit_table(
+ (const struct nx_action_resubmit *) a);
+ break;
+
+ case OFPUTIL_OFPAT_STRIP_VLAN:
+ case OFPUTIL_OFPAT_SET_NW_SRC:
+ case OFPUTIL_OFPAT_SET_NW_DST:
+ case OFPUTIL_OFPAT_SET_NW_TOS:
+ case OFPUTIL_OFPAT_SET_TP_SRC:
+ case OFPUTIL_OFPAT_SET_TP_DST:
+ case OFPUTIL_OFPAT_SET_DL_SRC:
+ case OFPUTIL_OFPAT_SET_DL_DST:
+ case OFPUTIL_NXAST_RESUBMIT:
+ case OFPUTIL_NXAST_SET_TUNNEL:
+ case OFPUTIL_NXAST_SET_QUEUE:
+ case OFPUTIL_NXAST_POP_QUEUE:
+ case OFPUTIL_NXAST_NOTE:
+ case OFPUTIL_NXAST_SET_TUNNEL64:
+ break;
}
- return multipath_check((const struct nx_action_multipath *) a);
- case NXAST_AUTOPATH:
- error = check_nx_action_exact_len(
- nah, len, sizeof(struct nx_action_autopath));
if (error) {
+ char *msg = ofputil_error_to_string(error);
+ VLOG_WARN_RL(&bad_ofmsg_rl, "bad action at offset %td (%s)",
+ (a - actions) * sizeof *a, msg);
+ free(msg);
return error;
}
- return autopath_check((const struct nx_action_autopath *) a);
-
- case NXAST_SNAT__OBSOLETE:
- default:
- VLOG_WARN_RL(&bad_ofmsg_rl,
- "unknown Nicira vendor action subtype %d", subtype);
- return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_VENDOR_TYPE);
}
+ if (left) {
+ VLOG_WARN_RL(&bad_ofmsg_rl, "bad action format at offset %zu",
+ (n_actions - left) * sizeof *a);
+ return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN);
+ }
+ return 0;
}
-static int
-check_action(const union ofp_action *a, unsigned int len,
- const struct flow *flow, int max_ports)
+struct ofputil_action {
+ int code;
+ unsigned int min_len;
+ unsigned int max_len;
+};
+
+static const struct ofputil_action action_bad_type
+ = { -OFP_MKERR(OFPET_BAD_ACTION, OFPBAC_BAD_TYPE), 0, UINT_MAX };
+static const struct ofputil_action action_bad_len
+ = { -OFP_MKERR(OFPET_BAD_ACTION, OFPBAC_BAD_LEN), 0, UINT_MAX };
+static const struct ofputil_action action_bad_vendor
+ = { -OFP_MKERR(OFPET_BAD_ACTION, OFPBAC_BAD_VENDOR), 0, UINT_MAX };
+
+static const struct ofputil_action *
+ofputil_decode_ofpat_action(const union ofp_action *a)
{
enum ofp_action_type type = ntohs(a->type);
- int error;
switch (type) {
- case OFPAT_OUTPUT:
- error = check_action_exact_len(a, len, 8);
- if (error) {
- return error;
- }
- return check_output_port(ntohs(a->output.port), max_ports);
-
- case OFPAT_SET_VLAN_VID:
- error = check_action_exact_len(a, len, 8);
- if (error) {
- return error;
+#define OFPAT_ACTION(ENUM, TYPE) \
+ case ENUM: { \
+ static const struct ofputil_action action = { \
+ OFPUTIL_##ENUM, sizeof(TYPE), sizeof(TYPE) \
+ }; \
+ return &action; \
}
- if (a->vlan_vid.vlan_vid & ~htons(0xfff)) {
- return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT);
- }
- return 0;
-
- case OFPAT_SET_VLAN_PCP:
- error = check_action_exact_len(a, len, 8);
- if (error) {
- return error;
- }
- if (a->vlan_pcp.vlan_pcp & ~7) {
- return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT);
- }
- return 0;
-
- case OFPAT_STRIP_VLAN:
- case OFPAT_SET_NW_SRC:
- case OFPAT_SET_NW_DST:
- case OFPAT_SET_NW_TOS:
- case OFPAT_SET_TP_SRC:
- case OFPAT_SET_TP_DST:
- return check_action_exact_len(a, len, 8);
-
- case OFPAT_SET_DL_SRC:
- case OFPAT_SET_DL_DST:
- return check_action_exact_len(a, len, 16);
+ OFPAT_ACTION(OFPAT_OUTPUT, struct ofp_action_output);
+ OFPAT_ACTION(OFPAT_SET_VLAN_VID, struct ofp_action_vlan_vid);
+ OFPAT_ACTION(OFPAT_SET_VLAN_PCP, struct ofp_action_vlan_pcp);
+ OFPAT_ACTION(OFPAT_STRIP_VLAN, struct ofp_action_header);
+ OFPAT_ACTION(OFPAT_SET_DL_SRC, struct ofp_action_dl_addr);
+ OFPAT_ACTION(OFPAT_SET_DL_DST, struct ofp_action_dl_addr);
+ OFPAT_ACTION(OFPAT_SET_NW_SRC, struct ofp_action_nw_addr);
+ OFPAT_ACTION(OFPAT_SET_NW_DST, struct ofp_action_nw_addr);
+ OFPAT_ACTION(OFPAT_SET_NW_TOS, struct ofp_action_nw_tos);
+ OFPAT_ACTION(OFPAT_SET_TP_SRC, struct ofp_action_tp_port);
+ OFPAT_ACTION(OFPAT_SET_TP_DST, struct ofp_action_tp_port);
+ OFPAT_ACTION(OFPAT_ENQUEUE, struct ofp_action_enqueue);
+#undef OFPAT_ACTION
case OFPAT_VENDOR:
- return (a->vendor.vendor == htonl(NX_VENDOR_ID)
- ? check_nicira_action(a, len, flow)
- : ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_VENDOR));
+ default:
+ return &action_bad_type;
+ }
+}
- case OFPAT_ENQUEUE:
- return check_enqueue_action(a, len, max_ports);
+static const struct ofputil_action *
+ofputil_decode_nxast_action(const union ofp_action *a)
+{
+ const struct nx_action_header *nah = (const struct nx_action_header *) a;
+ enum nx_action_subtype subtype = ntohs(nah->subtype);
+
+ switch (subtype) {
+#define NXAST_ACTION(ENUM, TYPE, EXTENSIBLE) \
+ case ENUM: { \
+ static const struct ofputil_action action = { \
+ OFPUTIL_##ENUM, \
+ sizeof(TYPE), \
+ EXTENSIBLE ? UINT_MAX : sizeof(TYPE) \
+ }; \
+ return &action; \
+ }
+ NXAST_ACTION(NXAST_RESUBMIT, struct nx_action_resubmit, false);
+ NXAST_ACTION(NXAST_SET_TUNNEL, struct nx_action_set_tunnel, false);
+ NXAST_ACTION(NXAST_SET_QUEUE, struct nx_action_set_queue, false);
+ NXAST_ACTION(NXAST_POP_QUEUE, struct nx_action_pop_queue, false);
+ NXAST_ACTION(NXAST_REG_MOVE, struct nx_action_reg_move, false);
+ NXAST_ACTION(NXAST_REG_LOAD, struct nx_action_reg_load, false);
+ NXAST_ACTION(NXAST_NOTE, struct nx_action_note, true);
+ NXAST_ACTION(NXAST_SET_TUNNEL64, struct nx_action_set_tunnel64, false);
+ NXAST_ACTION(NXAST_MULTIPATH, struct nx_action_multipath, false);
+ NXAST_ACTION(NXAST_AUTOPATH, struct nx_action_autopath, false);
+ NXAST_ACTION(NXAST_BUNDLE, struct nx_action_bundle, true);
+ NXAST_ACTION(NXAST_BUNDLE_LOAD, struct nx_action_bundle, true);
+ NXAST_ACTION(NXAST_RESUBMIT_TABLE, struct nx_action_resubmit, false);
+#undef NXAST_ACTION
+ case NXAST_SNAT__OBSOLETE:
+ case NXAST_DROP_SPOOFED_ARP__OBSOLETE:
default:
- VLOG_WARN_RL(&bad_ofmsg_rl, "unknown action type %d", (int) type);
- return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_TYPE);
+ return &action_bad_type;
}
}
+/* Parses 'a' to determine its type. Returns a nonnegative OFPUTIL_OFPAT_* or
+ * OFPUTIL_NXAST_* constant if successful, otherwise a negative OpenFlow error
+ * code (as returned by ofp_mkerr()).
+ *
+ * The caller must have already verified that 'a''s length is correct (that is,
+ * a->header.len is nonzero and a multiple of sizeof(union ofp_action) and no
+ * longer than the amount of space allocated to 'a').
+ *
+ * This function verifies that 'a''s length is correct for the type of action
+ * that it represents. */
int
-validate_actions(const union ofp_action *actions, size_t n_actions,
- const struct flow *flow, int max_ports)
+ofputil_decode_action(const union ofp_action *a)
{
- size_t i;
-
- for (i = 0; i < n_actions; ) {
- const union ofp_action *a = &actions[i];
- unsigned int len = ntohs(a->header.len);
- unsigned int n_slots = len / OFP_ACTION_ALIGN;
- unsigned int slots_left = &actions[n_actions] - a;
- int error;
+ const struct ofputil_action *action;
+ uint16_t len = ntohs(a->header.len);
- if (n_slots > slots_left) {
- VLOG_WARN_RL(&bad_ofmsg_rl,
- "action requires %u slots but only %u remain",
- n_slots, slots_left);
- return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN);
- } else if (!len) {
- VLOG_WARN_RL(&bad_ofmsg_rl, "action has invalid length 0");
- return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN);
- } else if (len % OFP_ACTION_ALIGN) {
- VLOG_WARN_RL(&bad_ofmsg_rl, "action length %u is not a multiple "
- "of %d", len, OFP_ACTION_ALIGN);
- return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN);
+ if (a->type != htons(OFPAT_VENDOR)) {
+ action = ofputil_decode_ofpat_action(a);
+ } else {
+ switch (ntohl(a->vendor.vendor)) {
+ case NX_VENDOR_ID:
+ if (len < sizeof(struct nx_action_header)) {
+ return -ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN);
+ }
+ action = ofputil_decode_nxast_action(a);
+ break;
+ default:
+ action = &action_bad_vendor;
+ break;
}
+ }
- error = check_action(a, len, flow, max_ports);
- if (error) {
- return error;
- }
- i += n_slots;
+ return (len >= action->min_len && len <= action->max_len
+ ? action->code
+ : -ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN));
+}
+
+/* Parses 'a' and returns its type as an OFPUTIL_OFPAT_* or OFPUTIL_NXAST_*
+ * constant. The caller must have already validated that 'a' is a valid action
+ * understood by Open vSwitch (e.g. by a previous successful call to
+ * ofputil_decode_action()). */
+enum ofputil_action_code
+ofputil_decode_action_unsafe(const union ofp_action *a)
+{
+ const struct ofputil_action *action;
+
+ if (a->type != htons(OFPAT_VENDOR)) {
+ action = ofputil_decode_ofpat_action(a);
+ } else {
+ action = ofputil_decode_nxast_action(a);
}
- return 0;
+
+ return action->code;
}
-/* Returns true if 'action' outputs to 'port' (which must be in network byte
- * order), false otherwise. */
+/* Returns true if 'action' outputs to 'port', false otherwise. */
bool
-action_outputs_to_port(const union ofp_action *action, uint16_t port)
+action_outputs_to_port(const union ofp_action *action, ovs_be16 port)
{
switch (ntohs(action->type)) {
case OFPAT_OUTPUT:
}
}
-/* The set of actions must either come from a trusted source or have been
- * previously validated with validate_actions(). */
-const union ofp_action *
-actions_first(struct actions_iterator *iter,
- const union ofp_action *oa, size_t n_actions)
-{
- iter->pos = oa;
- iter->end = oa + n_actions;
- return actions_next(iter);
-}
-
-const union ofp_action *
-actions_next(struct actions_iterator *iter)
-{
- if (iter->pos != iter->end) {
- const union ofp_action *a = iter->pos;
- unsigned int len = ntohs(a->header.len);
- iter->pos += len / OFP_ACTION_ALIGN;
- return a;
+/* "Normalizes" the wildcards in 'rule'. That means:
+ *
+ * 1. If the type of level N is known, then only the valid fields for that
+ * level may be specified. For example, ARP does not have a TOS field,
+ * so nw_tos must be wildcarded if 'rule' specifies an ARP flow.
+ * Similarly, IPv4 does not have any IPv6 addresses, so ipv6_src and
+ * ipv6_dst (and other fields) must be wildcarded if 'rule' specifies an
+ * IPv4 flow.
+ *
+ * 2. If the type of level N is not known (or not understood by Open
+ * vSwitch), then no fields at all for that level may be specified. For
+ * example, Open vSwitch does not understand SCTP, an L4 protocol, so the
+ * L4 fields tp_src and tp_dst must be wildcarded if 'rule' specifies an
+ * SCTP flow.
+ *
+ * 'flow_format' specifies the format of the flow as received or as intended to
+ * be sent. This is important for IPv6 and ARP, for which NXM supports more
+ * detailed matching. */
+void
+ofputil_normalize_rule(struct cls_rule *rule, enum nx_flow_format flow_format)
+{
+ enum {
+ MAY_NW_ADDR = 1 << 0, /* nw_src, nw_dst */
+ MAY_TP_ADDR = 1 << 1, /* tp_src, tp_dst */
+ MAY_NW_PROTO = 1 << 2, /* nw_proto */
+ MAY_NW_TOS = 1 << 3, /* nw_tos */
+ MAY_ARP_SHA = 1 << 4, /* arp_sha */
+ MAY_ARP_THA = 1 << 5, /* arp_tha */
+ MAY_IPV6_ADDR = 1 << 6, /* ipv6_src, ipv6_dst */
+ MAY_ND_TARGET = 1 << 7 /* nd_target */
+ } may_match;
+
+ struct flow_wildcards wc;
+
+ /* Figure out what fields may be matched. */
+ if (rule->flow.dl_type == htons(ETH_TYPE_IP)) {
+ may_match = MAY_NW_PROTO | MAY_NW_TOS | MAY_NW_ADDR;
+ if (rule->flow.nw_proto == IPPROTO_TCP ||
+ rule->flow.nw_proto == IPPROTO_UDP ||
+ rule->flow.nw_proto == IPPROTO_ICMP) {
+ may_match |= MAY_TP_ADDR;
+ }
+ } else if (rule->flow.dl_type == htons(ETH_TYPE_IPV6)
+ && flow_format == NXFF_NXM) {
+ may_match = MAY_NW_PROTO | MAY_NW_TOS | MAY_IPV6_ADDR;
+ if (rule->flow.nw_proto == IPPROTO_TCP ||
+ rule->flow.nw_proto == IPPROTO_UDP) {
+ may_match |= MAY_TP_ADDR;
+ } else if (rule->flow.nw_proto == IPPROTO_ICMPV6) {
+ may_match |= MAY_TP_ADDR;
+ if (rule->flow.tp_src == htons(ND_NEIGHBOR_SOLICIT)) {
+ may_match |= MAY_ND_TARGET | MAY_ARP_SHA;
+ } else if (rule->flow.tp_src == htons(ND_NEIGHBOR_ADVERT)) {
+ may_match |= MAY_ND_TARGET | MAY_ARP_THA;
+ }
+ }
+ } else if (rule->flow.dl_type == htons(ETH_TYPE_ARP)) {
+ may_match = MAY_NW_PROTO | MAY_NW_ADDR;
+ if (flow_format == NXFF_NXM) {
+ may_match |= MAY_ARP_SHA | MAY_ARP_THA;
+ }
} else {
- return NULL;
+ may_match = 0;
}
-}
-static ovs_be32
-normalize_wildcards(const struct ofp_match *m)
-{
- enum { OFPFW_NW = (OFPFW_NW_SRC_ALL | OFPFW_NW_DST_ALL | OFPFW_NW_PROTO
- | OFPFW_NW_TOS) };
- enum { OFPFW_TP = OFPFW_TP_SRC | OFPFW_TP_DST };
- ovs_be32 wc;
-
- wc = m->wildcards;
- if (wc & htonl(OFPFW_DL_TYPE)) {
- wc |= htonl(OFPFW_NW | OFPFW_TP);
- } else if (m->dl_type == htons(ETH_TYPE_IP)) {
- if (wc & htonl(OFPFW_NW_PROTO) || (m->nw_proto != IPPROTO_TCP &&
- m->nw_proto != IPPROTO_UDP &&
- m->nw_proto != IPPROTO_ICMP)) {
- wc |= htonl(OFPFW_TP);
+ /* Clear the fields that may not be matched. */
+ wc = rule->wc;
+ if (!(may_match & MAY_NW_ADDR)) {
+ wc.nw_src_mask = wc.nw_dst_mask = htonl(0);
+ }
+ if (!(may_match & MAY_TP_ADDR)) {
+ wc.wildcards |= FWW_TP_SRC | FWW_TP_DST;
+ }
+ if (!(may_match & MAY_NW_PROTO)) {
+ wc.wildcards |= FWW_NW_PROTO;
+ }
+ if (!(may_match & MAY_NW_TOS)) {
+ wc.wildcards |= FWW_NW_TOS;
+ }
+ if (!(may_match & MAY_ARP_SHA)) {
+ wc.wildcards |= FWW_ARP_SHA;
+ }
+ if (!(may_match & MAY_ARP_THA)) {
+ wc.wildcards |= FWW_ARP_THA;
+ }
+ if (!(may_match & MAY_IPV6_ADDR)) {
+ wc.ipv6_src_mask = wc.ipv6_dst_mask = in6addr_any;
+ }
+ if (!(may_match & MAY_ND_TARGET)) {
+ wc.wildcards |= FWW_ND_TARGET;
+ }
+
+ /* Log any changes. */
+ if (!flow_wildcards_equal(&wc, &rule->wc)) {
+ bool log = !VLOG_DROP_INFO(&bad_ofmsg_rl);
+ char *pre = log ? cls_rule_to_string(rule) : NULL;
+
+ rule->wc = wc;
+ cls_rule_zero_wildcarded_fields(rule);
+
+ if (log) {
+ char *post = cls_rule_to_string(rule);
+ VLOG_INFO("normalization changed ofp_match, details:");
+ VLOG_INFO(" pre: %s", pre);
+ VLOG_INFO("post: %s", post);
+ free(pre);
+ free(post);
}
- } else if (m->dl_type == htons(ETH_TYPE_ARP)) {
- wc |= htonl(OFPFW_TP);
- } else {
- wc |= htonl(OFPFW_NW | OFPFW_TP);
}
- return wc;
}
static uint32_t
*n_actionsp = 0;
return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN);
}
+
+bool
+ofputil_actions_equal(const union ofp_action *a, size_t n_a,
+ const union ofp_action *b, size_t n_b)
+{
+ return n_a == n_b && (!n_a || !memcmp(a, b, n_a * sizeof *a));
+}
+
+union ofp_action *
+ofputil_actions_clone(const union ofp_action *actions, size_t n)
+{
+ return n ? xmemdup(actions, n * sizeof *actions) : NULL;
+}
git://git.onelab.eu / sliver-openvswitch.git / blobdiff