Add Nicira extension to OpenFlow for dropping spoofed ARP packets.

[sliver-openvswitch.git] / ofproto / ofproto.c

diff --git a/ofproto/ofproto.c b/ofproto/ofproto.c
index a466c9c..2e1530a 100644 (file)
--- a/ofproto/ofproto.c
+++ b/ofproto/ofproto.c
@@ -50,7 +50,6 @@
 #include "rconn.h"
 #include "shash.h"
 #include "status.h"
-#include "stp.h"
 #include "stream-ssl.h"
 #include "svec.h"
 #include "tag.h"
@@ -900,18 +899,6 @@ ofproto_set_sflow(struct ofproto *ofproto,
     }
 }
 
-int
-ofproto_set_stp(struct ofproto *ofproto OVS_UNUSED, bool enable_stp)
-{
-    /* XXX */
-    if (enable_stp) {
-        VLOG_WARN("STP is not yet implemented");
-        return EINVAL;
-    } else {
-        return 0;
-    }
-}
-
 uint64_t
 ofproto_get_datapath_id(const struct ofproto *ofproto)
 {
@@ -2427,6 +2414,10 @@ struct action_xlate_ctx {
     uint16_t nf_output_iface;   /* Output interface index for NetFlow. */
 };
 
+/* Maximum depth of flow table recursion (due to NXAST_RESUBMIT actions) in a
+ * flow translation. */
+#define MAX_RESUBMIT_RECURSION 8
+
 static void do_xlate_actions(const union ofp_action *in, size_t n_in,
                              struct action_xlate_ctx *ctx);
 
@@ -2474,7 +2465,7 @@ lookup_valid_rule(struct ofproto *ofproto, const flow_t *flow)
 static void
 xlate_table_action(struct action_xlate_ctx *ctx, uint16_t in_port)
 {
-    if (!ctx->recurse) {
+    if (ctx->recurse < MAX_RESUBMIT_RECURSION) {
         uint16_t old_in_port;
         struct rule *rule;
 
@@ -2495,6 +2486,11 @@ xlate_table_action(struct action_xlate_ctx *ctx, uint16_t in_port)
             do_xlate_actions(rule->actions, rule->n_actions, ctx);
             ctx->recurse--;
         }
+    } else {
+        struct vlog_rate_limit recurse_rl = VLOG_RATE_LIMIT_INIT(1, 1);
+
+        VLOG_ERR_RL(&recurse_rl, "NXAST_RESUBMIT recursed over %d times",
+                    MAX_RESUBMIT_RECURSION);
     }
 }
 
@@ -2635,6 +2631,12 @@ xlate_nicira_action(struct action_xlate_ctx *ctx,
         ctx->flow.tun_id = oa->tunnel.tun_id = nast->tun_id;
         break;
 
+    case NXAST_DROP_SPOOFED_ARP:
+        if (ctx->flow.dl_type == htons(ETH_TYPE_ARP)) {
+            odp_actions_add(ctx->out, ODPAT_DROP_SPOOFED_ARP);
+        }
+        break;
+
     /* If you add a new action here that modifies flow data, don't forget to
      * update the flow key in ctx->flow at the same time. */
 
@@ -2654,7 +2656,7 @@ do_xlate_actions(const union ofp_action *in, size_t n_in,
 
     port = port_array_get(&ctx->ofproto->ports, ctx->flow.in_port);
     if (port && port->opp.config & (OFPPC_NO_RECV | OFPPC_NO_RECV_STP) &&
-        port->opp.config & (eth_addr_equals(ctx->flow.dl_dst, stp_eth_addr)
+        port->opp.config & (eth_addr_equals(ctx->flow.dl_dst, eth_addr_stp)
                             ? OFPPC_NO_RECV_STP : OFPPC_NO_RECV)) {
         /* Drop this flow. */
         return;
@@ -2776,6 +2778,7 @@ xlate_actions(const union ofp_action *in, size_t n_in,
         *nf_output_iface = ctx.nf_output_iface;
     }
     if (odp_actions_overflow(out)) {
+        COVERAGE_INC(odp_overflow);
         odp_actions_init(out);
         return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_TOO_MANY);
     }