#include "port-array.h"
#include "proc-net-compat.h"
#include "process.h"
+#include "shash.h"
#include "socket-util.h"
#include "stp.h"
#include "svec.h"
#include "unixctl.h"
#include "vconn.h"
#include "vconn-ssl.h"
+#include "vswitchd/vswitch-idl.h"
#include "xenserver.h"
#include "xtoxll.h"
static struct bridge *bridge_create(const char *name);
static void bridge_destroy(struct bridge *);
static struct bridge *bridge_lookup(const char *name);
-static void bridge_unixctl_dump_flows(struct unixctl_conn *, const char *);
+static unixctl_cb_func bridge_unixctl_dump_flows;
static int bridge_run_one(struct bridge *);
static void bridge_reconfigure_one(struct bridge *);
static void bridge_reconfigure_controller(struct bridge *);
static struct iface *bridge_get_local_iface(struct bridge *);
static uint64_t dpid_from_hash(const void *, size_t nbytes);
-static void bridge_unixctl_fdb_show(struct unixctl_conn *, const char *args);
+static unixctl_cb_func bridge_unixctl_fdb_show;
static void bond_init(void);
static void bond_run(struct bridge *);
struct svec dpif_names;
size_t i;
- unixctl_command_register("fdb/show", bridge_unixctl_fdb_show);
+ unixctl_command_register("fdb/show", bridge_unixctl_fdb_show, NULL);
svec_init(&dpif_names);
dp_enumerate(&dpif_names);
}
svec_destroy(&dpif_names);
- unixctl_command_register("bridge/dump-flows", bridge_unixctl_dump_flows);
+ unixctl_command_register("bridge/dump-flows", bridge_unixctl_dump_flows,
+ NULL);
bond_init();
bridge_reconfigure();
}
#endif
+/* Attempt to create the network device 'iface_name' through the netdev
+ * library. */
+static int
+set_up_iface(const char *iface_name, bool create)
+{
+ const char *type;
+ const char *arg;
+ struct svec arg_svec;
+ struct shash args;
+ int error;
+ size_t i;
+
+ /* If a type is not explicitly declared, then assume it's an existing
+ * "system" device. */
+ type = cfg_get_string(0, "iface.%s.type", iface_name);
+ if (!type || !strcmp(type, "system")) {
+ return 0;
+ }
+
+ svec_init(&arg_svec);
+ cfg_get_subsections(&arg_svec, "iface.%s.args", iface_name);
+
+ shash_init(&args);
+ SVEC_FOR_EACH (i, arg, &arg_svec) {
+ const char *value;
+
+ value = cfg_get_string(0, "iface.%s.args.%s", iface_name, arg);
+ if (value) {
+ shash_add(&args, arg, xstrdup(value));
+ }
+ }
+
+ if (create) {
+ error = netdev_create(iface_name, type, &args);
+ } else {
+ /* xxx Check to make sure that the type hasn't changed. */
+ error = netdev_reconfigure(iface_name, &args);
+ }
+
+ svec_destroy(&arg_svec);
+ shash_destroy(&args);
+
+ return error;
+}
+
+static int
+create_iface(const char *iface_name)
+{
+ return set_up_iface(iface_name, true);
+}
+
+static int
+reconfigure_iface(const char *iface_name)
+{
+ return set_up_iface(iface_name, false);
+}
+
+static void
+destroy_iface(const char *iface_name)
+{
+ netdev_destroy(iface_name);
+}
+
+
/* iterate_and_prune_ifaces() callback function that opens the network device
* for 'iface', if it is not already open, and retrieves the interface's MAC
* address and carrier status. */
p->devname, dpif_name(br->dpif),
strerror(retval));
}
+ destroy_iface(p->devname);
}
}
svec_destroy(&want_ifaces);
bridge_get_all_ifaces(br, &want_ifaces);
svec_diff(&want_ifaces, &cur_ifaces, &add_ifaces, NULL, NULL);
+ for (i = 0; i < cur_ifaces.n; i++) {
+ const char *if_name = cur_ifaces.names[i];
+ reconfigure_iface(if_name);
+ }
+
for (i = 0; i < add_ifaces.n; i++) {
const char *if_name = add_ifaces.names[i];
bool internal;
int error;
+ /* Attempt to create the network interface in case it
+ * doesn't exist yet. */
+ error = create_iface(if_name);
+ if (error) {
+ VLOG_WARN("could not create iface %s: %s\n", if_name,
+ strerror(error));
+ continue;
+ }
+
/* Add to datapath. */
internal = iface_is_internal(br, if_name);
error = dpif_port_add(br->dpif, if_name,
\f
/* Bridge unixctl user interface functions. */
static void
-bridge_unixctl_fdb_show(struct unixctl_conn *conn, const char *args)
+bridge_unixctl_fdb_show(struct unixctl_conn *conn,
+ const char *args, void *aux UNUSED)
{
struct ds ds = DS_EMPTY_INITIALIZER;
const struct bridge *br;
int error;
assert(!bridge_lookup(name));
- br = xcalloc(1, sizeof *br);
+ br = xzalloc(sizeof *br);
- error = dpif_create(name, &br->dpif);
- if (error == EEXIST || error == EBUSY) {
- error = dpif_open(name, &br->dpif);
- if (error) {
- VLOG_ERR("datapath %s already exists but cannot be opened: %s",
- name, strerror(error));
- free(br);
- return NULL;
- }
- dpif_flow_flush(br->dpif);
- } else if (error) {
- VLOG_ERR("failed to create datapath %s: %s", name, strerror(error));
+ error = dpif_create_and_open(name, &br->dpif);
+ if (error) {
free(br);
return NULL;
}
+ dpif_flow_flush(br->dpif);
error = ofproto_create(name, &bridge_ofhooks, br, &br->ofproto);
if (error) {
/* Handle requests for a listing of all flows known by the OpenFlow
* stack, including those normally hidden. */
static void
-bridge_unixctl_dump_flows(struct unixctl_conn *conn, const char *args)
+bridge_unixctl_dump_flows(struct unixctl_conn *conn,
+ const char *args, void *aux UNUSED)
{
struct bridge *br;
struct ds results;
}
}
+/* Returns the effective vlan of a packet, taking into account both the
+ * 802.1Q header and implicitly tagged ports. A value of 0 indicates that
+ * the packet is untagged and -1 indicates it has an invalid header and
+ * should be dropped. */
+static int flow_get_vlan(struct bridge *br, const flow_t *flow,
+ struct port *in_port, bool have_packet)
+{
+ /* Note that dl_vlan of 0 and of OFP_VLAN_NONE both mean that the packet
+ * belongs to VLAN 0, so we should treat both cases identically. (In the
+ * former case, the packet has an 802.1Q header that specifies VLAN 0,
+ * presumably to allow a priority to be specified. In the latter case, the
+ * packet does not have any 802.1Q header.) */
+ int vlan = ntohs(flow->dl_vlan);
+ if (vlan == OFP_VLAN_NONE) {
+ vlan = 0;
+ }
+ if (in_port->vlan >= 0) {
+ if (vlan) {
+ /* XXX support double tagging? */
+ if (have_packet) {
+ static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
+ VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %"PRIu16" tagged "
+ "packet received on port %s configured with "
+ "implicit VLAN %"PRIu16,
+ br->name, ntohs(flow->dl_vlan),
+ in_port->name, in_port->vlan);
+ }
+ return -1;
+ }
+ vlan = in_port->vlan;
+ } else {
+ if (!port_includes_vlan(in_port, vlan)) {
+ if (have_packet) {
+ static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
+ VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %d tagged "
+ "packet received on port %s not configured for "
+ "trunking VLAN %d",
+ br->name, vlan, in_port->name, vlan);
+ }
+ return -1;
+ }
+ }
+
+ return vlan;
+}
+
+static void
+update_learning_table(struct bridge *br, const flow_t *flow, int vlan,
+ struct port *in_port)
+{
+ tag_type rev_tag = mac_learning_learn(br->ml, flow->dl_src,
+ vlan, in_port->port_idx);
+ if (rev_tag) {
+ /* The log messages here could actually be useful in debugging,
+ * so keep the rate limit relatively high. */
+ static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30,
+ 300);
+ VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is "
+ "on port %s in VLAN %d",
+ br->name, ETH_ADDR_ARGS(flow->dl_src),
+ in_port->name, vlan);
+ ofproto_revalidate(br->ofproto, rev_tag);
+ }
+}
+
static bool
is_bcast_arp_reply(const flow_t *flow)
{
return true;
}
in_port = in_iface->port;
-
- /* Figure out what VLAN this packet belongs to.
- *
- * Note that dl_vlan of 0 and of OFP_VLAN_NONE both mean that the packet
- * belongs to VLAN 0, so we should treat both cases identically. (In the
- * former case, the packet has an 802.1Q header that specifies VLAN 0,
- * presumably to allow a priority to be specified. In the latter case, the
- * packet does not have any 802.1Q header.) */
- vlan = ntohs(flow->dl_vlan);
- if (vlan == OFP_VLAN_NONE) {
- vlan = 0;
- }
- if (in_port->vlan >= 0) {
- if (vlan) {
- /* XXX support double tagging? */
- if (packet != NULL) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %"PRIu16" tagged "
- "packet received on port %s configured with "
- "implicit VLAN %"PRIu16,
- br->name, ntohs(flow->dl_vlan),
- in_port->name, in_port->vlan);
- }
- goto done;
- }
- vlan = in_port->vlan;
- } else {
- if (!port_includes_vlan(in_port, vlan)) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %d tagged "
- "packet received on port %s not configured for "
- "trunking VLAN %d",
- br->name, vlan, in_port->name, vlan);
- goto done;
- }
+ vlan = flow_get_vlan(br, flow, in_port, !!packet);
+ if (vlan < 0) {
+ goto done;
}
/* Drop frames for ports that STP wants entirely killed (both for
out_port = FLOOD_PORT;
/* Learn source MAC (but don't try to learn from revalidation). */
if (packet) {
- tag_type rev_tag = mac_learning_learn(br->ml, flow->dl_src,
- vlan, in_port->port_idx);
- if (rev_tag) {
- /* The log messages here could actually be useful in debugging,
- * so keep the rate limit relatively high. */
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30,
- 300);
- VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is "
- "on port %s in VLAN %d",
- br->name, ETH_ADDR_ARGS(flow->dl_src),
- in_port->name, vlan);
- ofproto_revalidate(br->ofproto, rev_tag);
- }
+ update_learning_table(br, flow, vlan, in_port);
}
/* Determine output port. */
tags);
if (out_port_idx >= 0 && out_port_idx < br->n_ports) {
out_port = br->ports[out_port_idx];
- } else if (!packet) {
+ } else if (!packet && !eth_addr_is_multicast(flow->dl_dst)) {
/* If we are revalidating but don't have a learning entry then
- * eject the flow. Installing a flow that floods packets will
- * prevent us from seeing future packets and learning properly. */
+ * eject the flow. Installing a flow that floods packets opens
+ * up a window of time where we could learn from a packet reflected
+ * on a bond and blackhole packets before the learning table is
+ * updated to reflect the correct port. */
return false;
}
void *br_)
{
struct bridge *br = br_;
+ struct port *in_port;
const union odp_action *a;
+ /* Feed information from the active flows back into the learning table
+ * to ensure that table is always in sync with what is actually flowing
+ * through the datapath. */
+ in_port = port_from_dp_ifidx(br, flow->in_port);
+ if (in_port) {
+ int vlan = flow_get_vlan(br, flow, in_port, false);
+ if (vlan >= 0) {
+ update_learning_table(br, flow, vlan, in_port);
+ }
+ }
+
if (!br->has_bonded_ports) {
return;
}
for (a = actions; a < &actions[n_actions]; a++) {
if (a->type == ODPAT_OUTPUT) {
- struct port *port = port_from_dp_ifidx(br, a->output.port);
- if (port && port->n_ifaces >= 2) {
- struct bond_entry *e = lookup_bond_entry(port, flow->dl_src);
+ struct port *out_port = port_from_dp_ifidx(br, a->output.port);
+ if (out_port && out_port->n_ifaces >= 2) {
+ struct bond_entry *e = lookup_bond_entry(out_port,
+ flow->dl_src);
e->tx_bytes += n_bytes;
}
}
/* Bonding unixctl user interface functions. */
static void
-bond_unixctl_list(struct unixctl_conn *conn, const char *args UNUSED)
+bond_unixctl_list(struct unixctl_conn *conn,
+ const char *args UNUSED, void *aux UNUSED)
{
struct ds ds = DS_EMPTY_INITIALIZER;
const struct bridge *br;
}
static void
-bond_unixctl_show(struct unixctl_conn *conn, const char *args)
+bond_unixctl_show(struct unixctl_conn *conn,
+ const char *args, void *aux UNUSED)
{
struct ds ds = DS_EMPTY_INITIALIZER;
const struct port *port;
}
static void
-bond_unixctl_migrate(struct unixctl_conn *conn, const char *args_)
+bond_unixctl_migrate(struct unixctl_conn *conn, const char *args_,
+ void *aux UNUSED)
{
char *args = (char *) args_;
char *save_ptr = NULL;
}
static void
-bond_unixctl_set_active_slave(struct unixctl_conn *conn, const char *args_)
+bond_unixctl_set_active_slave(struct unixctl_conn *conn, const char *args_,
+ void *aux UNUSED)
{
char *args = (char *) args_;
char *save_ptr = NULL;
}
static void
-bond_unixctl_enable_slave(struct unixctl_conn *conn, const char *args)
+bond_unixctl_enable_slave(struct unixctl_conn *conn, const char *args,
+ void *aux UNUSED)
{
enable_slave(conn, args, true);
}
static void
-bond_unixctl_disable_slave(struct unixctl_conn *conn, const char *args)
+bond_unixctl_disable_slave(struct unixctl_conn *conn, const char *args,
+ void *aux UNUSED)
{
enable_slave(conn, args, false);
}
static void
-bond_unixctl_hash(struct unixctl_conn *conn, const char *args)
+bond_unixctl_hash(struct unixctl_conn *conn, const char *args,
+ void *aux UNUSED)
{
uint8_t mac[ETH_ADDR_LEN];
uint8_t hash;
static void
bond_init(void)
{
- unixctl_command_register("bond/list", bond_unixctl_list);
- unixctl_command_register("bond/show", bond_unixctl_show);
- unixctl_command_register("bond/migrate", bond_unixctl_migrate);
+ unixctl_command_register("bond/list", bond_unixctl_list, NULL);
+ unixctl_command_register("bond/show", bond_unixctl_show, NULL);
+ unixctl_command_register("bond/migrate", bond_unixctl_migrate, NULL);
unixctl_command_register("bond/set-active-slave",
- bond_unixctl_set_active_slave);
- unixctl_command_register("bond/enable-slave", bond_unixctl_enable_slave);
- unixctl_command_register("bond/disable-slave", bond_unixctl_disable_slave);
- unixctl_command_register("bond/hash", bond_unixctl_hash);
+ bond_unixctl_set_active_slave, NULL);
+ unixctl_command_register("bond/enable-slave", bond_unixctl_enable_slave,
+ NULL);
+ unixctl_command_register("bond/disable-slave", bond_unixctl_disable_slave,
+ NULL);
+ unixctl_command_register("bond/hash", bond_unixctl_hash, NULL);
}
\f
/* Port functions. */
{
struct port *port;
- port = xcalloc(1, sizeof *port);
+ port = xzalloc(sizeof *port);
port->bridge = br;
port->port_idx = br->n_ports;
port->vlan = -1;
{
struct iface *iface;
- iface = xcalloc(1, sizeof *iface);
+ iface = xzalloc(sizeof *iface);
iface->port = port;
iface->port_ifidx = port->n_ifaces;
iface->name = xstrdup(name);
int vlan = cfg_get_vlan(i, "vlan.%s.disable-learning", br->name);
if (vlan >= 0) {
bitmap_set1(rspan_vlans, vlan);
+ VLOG_INFO("bridge %s: disabling learning on vlan %d\n",
+ br->name, vlan);
} else {
VLOG_ERR("bridge %s: invalid value '%s' for learning disabled "
"VLAN", br->name,
VLOG_INFO("created port mirror %s on bridge %s", name, br->name);
bridge_flush(br);
- br->mirrors[i] = m = xcalloc(1, sizeof *m);
+ br->mirrors[i] = m = xzalloc(sizeof *m);
m->bridge = br;
m->idx = i;
m->name = xstrdup(name);