X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=include%2Fopenflow%2Fnicira-ext.h;h=135f793edb38820d47b1cb241625a55695a93870;hb=b9298d3f825703063c9538aa37407da43e1e4781;hp=e6f34baab1dd116d1a01b3c5f4465587629fbd81;hpb=9deba63bdebc2e0eceab8da186b79703fe694186;p=sliver-openvswitch.git diff --git a/include/openflow/nicira-ext.h b/include/openflow/nicira-ext.h index e6f34baab..135f793ed 100644 --- a/include/openflow/nicira-ext.h +++ b/include/openflow/nicira-ext.h @@ -18,15 +18,113 @@ #define OPENFLOW_NICIRA_EXT_H 1 #include "openflow/openflow.h" - -#define NICIRA_OUI_STR "002320" +#include "openvswitch/types.h" /* The following vendor extensions, proposed by Nicira Networks, are not yet - * ready for standardization (and may never be), so they are not included in - * openflow.h. */ + * standardized, so they are not included in openflow.h. Some of them may be + * suitable for standardization; others we never expect to standardize. */ #define NX_VENDOR_ID 0x00002320 + +/* Nicira vendor-specific error messages extension. + * + * OpenFlow 1.0 has a set of predefined error types (OFPET_*) and codes (which + * are specific to each type). It does not have any provision for + * vendor-specific error codes, and it does not even provide "generic" error + * codes that can apply to problems not anticipated by the OpenFlow + * specification authors. + * + * This extension attempts to address the problem by adding a generic "error + * vendor extension". The extension works as follows: use NXET_VENDOR as type + * and NXVC_VENDOR_CODE as code, followed by struct nx_vendor_error with + * vendor-specific details, followed by at least 64 bytes of the failed + * request. + * + * It would be better to have a type-specific vendor extension, e.g. so that + * OFPET_BAD_ACTION could be used with vendor-specific code values. But + * OFPET_BAD_ACTION and most other standardized types already specify that + * their 'data' values are (the start of) the OpenFlow message being replied + * to, so there is no room to insert a vendor ID. + * + * Currently this extension is only implemented by Open vSwitch, but it seems + * like a reasonable candidate for future standardization. + */ + +/* This is a random number to avoid accidental collision with any other + * vendor's extension. */ +#define NXET_VENDOR 0xb0c2 + +/* ofp_error msg 'code' values for NXET_VENDOR. */ +enum nx_vendor_code { + NXVC_VENDOR_ERROR /* 'data' contains struct nx_vendor_error. */ +}; + +/* 'data' for 'type' == NXET_VENDOR, 'code' == NXVC_VENDOR_ERROR. */ +struct nx_vendor_error { + ovs_be32 vendor; /* Vendor ID as in struct ofp_vendor_header. */ + ovs_be16 type; /* Vendor-defined type. */ + ovs_be16 code; /* Vendor-defined subtype. */ + /* Followed by at least the first 64 bytes of the failed request. */ +}; + +/* Specific Nicira extension error numbers. + * + * These are the "code" values used in nx_vendor_error. So far, the "type" + * values in nx_vendor_error are the same as those in ofp_error_msg. That is, + * at Nicira so far we've only needed additional vendor-specific 'code' values, + * so we're using the existing 'type' values to avoid having to invent new ones + * that duplicate the current ones' meanings. */ + +/* Additional "code" values for OFPET_BAD_REQUEST. */ +enum { +/* Nicira Extended Match (NXM) errors. */ + + /* Generic error code used when there is an error in an NXM sent to the + * switch. The switch may use one of the more specific error codes below, + * if there is an appropriate one, to simplify debugging, but it is not + * required to do so. */ + NXBRC_NXM_INVALID = 0x100, + + /* The nxm_type, or nxm_type taken in combination with nxm_hasmask or + * nxm_length or both, is invalid or not implemented. */ + NXBRC_NXM_BAD_TYPE = 0x101, + + /* Invalid nxm_value. */ + NXBRC_NXM_BAD_VALUE = 0x102, + + /* Invalid nxm_mask. */ + NXBRC_NXM_BAD_MASK = 0x103, + /* A prerequisite was not met. */ + NXBRC_NXM_BAD_PREREQ = 0x104, + + /* A given nxm_type was specified more than once. */ + NXBRC_NXM_DUP_TYPE = 0x105 +}; + +/* Additional "code" values for OFPET_FLOW_MOD_FAILED. */ +enum { + /* Generic hardware error. */ + NXFMFC_HARDWARE = 0x100, + + /* A nonexistent table ID was specified in the "command" field of struct + * ofp_flow_mod, when the nxt_flow_mod_table_id extension is enabled. + * (This extension is not yet implemented on this branch of Open + * vSwitch.) */ + NXFMFC_BAD_TABLE_ID = 0x101 +}; + +/* Nicira vendor requests and replies. */ + +/* Header for Nicira vendor requests and replies. */ +struct nicira_header { + struct ofp_header header; + ovs_be32 vendor; /* NX_VENDOR_ID. */ + ovs_be32 subtype; /* One of NXT_* below. */ +}; +OFP_ASSERT(sizeof(struct nicira_header) == 16); + +/* Values for the 'subtype' member of struct nicira_header. */ enum nicira_type { /* Switch status request. The request body is an ASCII string that * specifies a prefix of the key names to include in the output; if it is @@ -53,16 +151,33 @@ enum nicira_type { /* Controller role support. The request body is struct nx_role_request. * The reply echos the request. */ NXT_ROLE_REQUEST, - NXT_ROLE_REPLY + NXT_ROLE_REPLY, + + /* Flexible flow specification (aka NXM = Nicira Extended Match). */ + NXT_SET_FLOW_FORMAT, /* Set flow format. */ + NXT_FLOW_MOD, /* Analogous to OFPT_FLOW_MOD. */ + NXT_FLOW_REMOVED /* Analogous to OFPT_FLOW_REMOVED. */ }; -struct nicira_header { - struct ofp_header header; - uint32_t vendor; /* NX_VENDOR_ID. */ - uint32_t subtype; /* One of NXT_* above. */ +/* Header for Nicira vendor stats request and reply messages. */ +struct nicira_stats_msg { + struct ofp_header header; /* OFPT_STATS_REQUEST or OFPT_STATS_REPLY. */ + ovs_be16 type; /* OFPST_VENDOR. */ + ovs_be16 flags; /* OFPSF_{REQ,REPLY}_*. */ + ovs_be32 vendor; /* NX_VENDOR_ID. */ + ovs_be32 subtype; /* One of NXST_* below. */ + uint8_t pad[4]; /* Align to 64-bits. */ }; -OFP_ASSERT(sizeof(struct nicira_header) == 16); +OFP_ASSERT(sizeof(struct nicira_stats_msg) == 24); +/* Values for the 'subtype' member of struct nicira_stats_msg. */ +enum nicira_stats_type { + /* Flexible flow specification (aka NXM = Nicira Extended Match). */ + NXST_FLOW, /* Analogous to OFPST_FLOW. */ + NXST_AGGREGATE /* Analogous to OFPST_AGGREGATE. */ +}; + +/* NXT_TUN_ID_FROM_COOKIE request. */ struct nxt_tun_id_cookie { struct ofp_header header; uint32_t vendor; /* NX_VENDOR_ID. */ @@ -88,8 +203,8 @@ OFP_ASSERT(sizeof(struct nxt_tun_id_cookie) == 24); * OpenFlow features. In particular attempts to modify the flow table * will be rejected with an OFPBRC_EPERM error. * - * Slave controllers also do not receive asynchronous messages - * (OFPT_PACKET_IN, OFPT_FLOW_REMOVED, OFPT_PORT_STATUS). + * Slave controllers do not receive OFPT_PACKET_IN or OFPT_FLOW_REMOVED + * messages, but they do receive OFPT_PORT_STATUS messages. */ struct nx_role_request { struct nicira_header nxh; @@ -101,38 +216,58 @@ enum nx_role { NX_ROLE_MASTER, /* Full access, at most one. */ NX_ROLE_SLAVE /* Read-only access. */ }; + +/* Nicira vendor flow actions. */ enum nx_action_subtype { - NXAST_SNAT__OBSOLETE, /* No longer used. */ - - /* Searches the flow table again, using a flow that is slightly modified - * from the original lookup: - * - * - The 'in_port' member of struct nx_action_resubmit is used as the - * flow's in_port. - * - * - If NXAST_RESUBMIT is preceded by actions that affect the flow - * (e.g. OFPAT_SET_VLAN_VID), then the flow is updated with the new - * values. - * - * Following the lookup, the original in_port is restored. - * - * If the modified flow matched in the flow table, then the corresponding - * actions are executed, except that NXAST_RESUBMIT actions found in the - * secondary set of actions are ignored. Afterward, actions following - * NXAST_RESUBMIT in the original set of actions, if any, are executed; any - * changes made to the packet (e.g. changes to VLAN) by secondary actions - * persist when those actions are executed, although the original in_port - * is restored. - * - * NXAST_RESUBMIT may be used any number of times within a set of actions. - */ - NXAST_RESUBMIT, + NXAST_SNAT__OBSOLETE, /* No longer used. */ + NXAST_RESUBMIT, /* struct nx_action_resubmit */ + NXAST_SET_TUNNEL, /* struct nx_action_set_tunnel */ + NXAST_DROP_SPOOFED_ARP, /* struct nx_action_drop_spoofed_arp */ + NXAST_SET_QUEUE, /* struct nx_action_set_queue */ + NXAST_POP_QUEUE, /* struct nx_action_pop_queue */ + NXAST_REG_MOVE, /* struct nx_action_reg_move */ + NXAST_REG_LOAD, /* struct nx_action_reg_load */ + NXAST_NOTE, /* struct nx_action_note */ + NXAST_SET_TUNNEL64, /* struct nx_action_set_tunnel64 */ +}; - NXAST_SET_TUNNEL /* Set encapsulating tunnel ID. */ +/* Header for Nicira-defined actions. */ +struct nx_action_header { + uint16_t type; /* OFPAT_VENDOR. */ + uint16_t len; /* Length is 16. */ + uint32_t vendor; /* NX_VENDOR_ID. */ + uint16_t subtype; /* NXAST_*. */ + uint8_t pad[6]; }; +OFP_ASSERT(sizeof(struct nx_action_header) == 16); -/* Action structure for NXAST_RESUBMIT. */ +/* Action structure for NXAST_RESUBMIT. + * + * NXAST_RESUBMIT searches the flow table again, using a flow that is slightly + * modified from the original lookup: + * + * - The 'in_port' member of struct nx_action_resubmit is used as the flow's + * in_port. + * + * - If NXAST_RESUBMIT is preceded by actions that affect the flow + * (e.g. OFPAT_SET_VLAN_VID), then the flow is updated with the new + * values. + * + * Following the lookup, the original in_port is restored. + * + * If the modified flow matched in the flow table, then the corresponding + * actions are executed. Afterward, actions following NXAST_RESUBMIT in the + * original set of actions, if any, are executed; any changes made to the + * packet (e.g. changes to VLAN) by secondary actions persist when those + * actions are executed, although the original in_port is restored. + * + * NXAST_RESUBMIT may be used any number of times within a set of actions. + * + * NXAST_RESUBMIT may nest to an implementation-defined depth. Beyond this + * implementation-defined depth, further NXAST_RESUBMIT actions are simply + * ignored. (Open vSwitch 1.0.1 and earlier did not support recursion.) + */ struct nx_action_resubmit { uint16_t type; /* OFPAT_VENDOR. */ uint16_t len; /* Length is 16. */ @@ -143,7 +278,10 @@ struct nx_action_resubmit { }; OFP_ASSERT(sizeof(struct nx_action_resubmit) == 16); -/* Action structure for NXAST_SET_TUNNEL. */ +/* Action structure for NXAST_SET_TUNNEL. + * + * Sets the encapsulating tunnel ID to a 32-bit value. The most-significant 32 + * bits of the tunnel ID are set to 0. */ struct nx_action_set_tunnel { uint16_t type; /* OFPAT_VENDOR. */ uint16_t len; /* Length is 16. */ @@ -154,20 +292,765 @@ struct nx_action_set_tunnel { }; OFP_ASSERT(sizeof(struct nx_action_set_tunnel) == 16); -/* Header for Nicira-defined actions. */ -struct nx_action_header { +/* Action structure for NXAST_SET_TUNNEL64. + * + * Sets the encapsulating tunnel ID to a 64-bit value. */ +struct nx_action_set_tunnel64 { + ovs_be16 type; /* OFPAT_VENDOR. */ + ovs_be16 len; /* Length is 16. */ + ovs_be32 vendor; /* NX_VENDOR_ID. */ + ovs_be16 subtype; /* NXAST_SET_TUNNEL64. */ + uint8_t pad[6]; + ovs_be64 tun_id; /* Tunnel ID. */ +}; +OFP_ASSERT(sizeof(struct nx_action_set_tunnel64) == 24); + +/* Action structure for NXAST_DROP_SPOOFED_ARP. + * + * Stops processing further actions, if the packet being processed is an + * Ethernet+IPv4 ARP packet for which the source Ethernet address inside the + * ARP packet differs from the source Ethernet address in the Ethernet header. + * + * This is useful because OpenFlow does not provide a way to match on the + * Ethernet addresses inside ARP packets, so there is no other way to drop + * spoofed ARPs other than sending every ARP packet to a controller. */ +struct nx_action_drop_spoofed_arp { uint16_t type; /* OFPAT_VENDOR. */ uint16_t len; /* Length is 16. */ uint32_t vendor; /* NX_VENDOR_ID. */ - uint16_t subtype; /* NXAST_*. */ + uint16_t subtype; /* NXAST_DROP_SPOOFED_ARP. */ uint8_t pad[6]; }; -OFP_ASSERT(sizeof(struct nx_action_header) == 16); +OFP_ASSERT(sizeof(struct nx_action_drop_spoofed_arp) == 16); + +/* Action structure for NXAST_SET_QUEUE. + * + * Set the queue that should be used when packets are output. This is similar + * to the OpenFlow OFPAT_ENQUEUE action, but does not take the output port as + * an argument. This allows the queue to be defined before the port is + * known. */ +struct nx_action_set_queue { + uint16_t type; /* OFPAT_VENDOR. */ + uint16_t len; /* Length is 16. */ + uint32_t vendor; /* NX_VENDOR_ID. */ + uint16_t subtype; /* NXAST_SET_QUEUE. */ + uint8_t pad[2]; + uint32_t queue_id; /* Where to enqueue packets. */ +}; +OFP_ASSERT(sizeof(struct nx_action_set_queue) == 16); + +/* Action structure for NXAST_POP_QUEUE. + * + * Restores the queue to the value it was before any NXAST_SET_QUEUE actions + * were used. Only the original queue can be restored this way; no stack is + * maintained. */ +struct nx_action_pop_queue { + uint16_t type; /* OFPAT_VENDOR. */ + uint16_t len; /* Length is 16. */ + uint32_t vendor; /* NX_VENDOR_ID. */ + uint16_t subtype; /* NXAST_POP_QUEUE. */ + uint8_t pad[6]; +}; +OFP_ASSERT(sizeof(struct nx_action_pop_queue) == 16); + +/* Action structure for NXAST_REG_MOVE. + * + * Copies src[src_ofs:src_ofs+n_bits] to dst[dst_ofs:dst_ofs+n_bits], where + * a[b:c] denotes the bits within 'a' numbered 'b' through 'c' (not including + * bit 'c'). Bit numbering starts at 0 for the least-significant bit, 1 for + * the next most significant bit, and so on. + * + * 'src' and 'dst' are nxm_header values with nxm_hasmask=0. (It doesn't make + * sense to use nxm_hasmask=1 because the action does not do any kind of + * matching; it uses the actual value of a field.) + * + * The following nxm_header values are potentially acceptable as 'src': + * + * - NXM_OF_IN_PORT + * - NXM_OF_ETH_DST + * - NXM_OF_ETH_SRC + * - NXM_OF_ETH_TYPE + * - NXM_OF_VLAN_TCI + * - NXM_OF_IP_TOS + * - NXM_OF_IP_PROTO + * - NXM_OF_IP_SRC + * - NXM_OF_IP_DST + * - NXM_OF_TCP_SRC + * - NXM_OF_TCP_DST + * - NXM_OF_UDP_SRC + * - NXM_OF_UDP_DST + * - NXM_OF_ICMP_TYPE + * - NXM_OF_ICMP_CODE + * - NXM_OF_ARP_OP + * - NXM_OF_ARP_SPA + * - NXM_OF_ARP_TPA + * - NXM_NX_TUN_ID + * - NXM_NX_REG(idx) for idx in the switch's accepted range. + * + * The following nxm_header values are potentially acceptable as 'dst': + * + * - NXM_NX_REG(idx) for idx in the switch's accepted range. + * + * - NXM_OF_VLAN_TCI. Modifying this field's value has side effects on the + * packet's 802.1Q header. Setting a value with CFI=0 removes the 802.1Q + * header (if any), ignoring the other bits. Setting a value with CFI=1 + * adds or modifies the 802.1Q header appropriately, setting the TCI field + * to the field's new value (with the CFI bit masked out). + * + * - NXM_NX_TUN_ID. Modifying this value modifies the tunnel ID used for the + * packet's next tunnel encapsulation. + * + * A given nxm_header value may be used as 'src' or 'dst' only on a flow whose + * nx_match satisfies its prerequisites. For example, NXM_OF_IP_TOS may be + * used only if the flow's nx_match includes an nxm_entry that specifies + * nxm_type=NXM_OF_ETH_TYPE, nxm_hasmask=0, and nxm_value=0x0800. + * + * The switch will reject actions for which src_ofs+n_bits is greater than the + * width of 'src' or dst_ofs+n_bits is greater than the width of 'dst' with + * error type OFPET_BAD_ACTION, code OFPBAC_BAD_ARGUMENT. + */ +struct nx_action_reg_move { + ovs_be16 type; /* OFPAT_VENDOR. */ + ovs_be16 len; /* Length is 16. */ + ovs_be32 vendor; /* NX_VENDOR_ID. */ + ovs_be16 subtype; /* NXAST_REG_MOVE. */ + ovs_be16 n_bits; /* Number of bits. */ + ovs_be16 src_ofs; /* Starting bit offset in source. */ + ovs_be16 dst_ofs; /* Starting bit offset in destination. */ + ovs_be32 src; /* Source register. */ + ovs_be32 dst; /* Destination register. */ +}; +OFP_ASSERT(sizeof(struct nx_action_reg_move) == 24); + +/* Action structure for NXAST_REG_LOAD. + * + * Copies value[0:n_bits] to dst[ofs:ofs+n_bits], where a[b:c] denotes the bits + * within 'a' numbered 'b' through 'c' (not including bit 'c'). Bit numbering + * starts at 0 for the least-significant bit, 1 for the next most significant + * bit, and so on. + * + * 'dst' is an nxm_header with nxm_hasmask=0. It must be one of the following: + * + * - NXM_NX_REG(idx) for idx in the switch's accepted range. + * + * The 'ofs' and 'n_bits' fields are combined into a single 'ofs_nbits' field + * to avoid enlarging the structure by another 8 bytes. To allow 'n_bits' to + * take a value between 1 and 64 (inclusive) while taking up only 6 bits, it is + * also stored as one less than its true value: + * + * 15 6 5 0 + * +------------------------------+------------------+ + * | ofs | n_bits - 1 | + * +------------------------------+------------------+ + * + * The switch will reject actions for which ofs+n_bits is greater than the + * width of 'dst', or in which any bits in 'value' with value 2**n_bits or + * greater are set to 1, with error type OFPET_BAD_ACTION, code + * OFPBAC_BAD_ARGUMENT. + */ +struct nx_action_reg_load { + ovs_be16 type; /* OFPAT_VENDOR. */ + ovs_be16 len; /* Length is 16. */ + ovs_be32 vendor; /* NX_VENDOR_ID. */ + ovs_be16 subtype; /* NXAST_REG_LOAD. */ + ovs_be16 ofs_nbits; /* (ofs << 6) | (n_bits - 1). */ + ovs_be32 dst; /* Destination register. */ + ovs_be64 value; /* Immediate value. */ +}; +OFP_ASSERT(sizeof(struct nx_action_reg_load) == 24); + +/* Action structure for NXAST_NOTE. + * + * This action has no effect. It is variable length. The switch does not + * attempt to interpret the user-defined 'note' data in any way. A controller + * can use this action to attach arbitrary metadata to a flow. + * + * This action might go away in the future. + */ +struct nx_action_note { + uint16_t type; /* OFPAT_VENDOR. */ + uint16_t len; /* A multiple of 8, but at least 16. */ + uint32_t vendor; /* NX_VENDOR_ID. */ + uint16_t subtype; /* NXAST_NOTE. */ + uint8_t note[6]; /* Start of user-defined data. */ + /* Possibly followed by additional user-defined data. */ +}; +OFP_ASSERT(sizeof(struct nx_action_note) == 16); /* Wildcard for tunnel ID. */ #define NXFW_TUN_ID (1 << 25) #define NXFW_ALL NXFW_TUN_ID #define OVSFW_ALL (OFPFW_ALL | NXFW_ALL) + +/* Flexible flow specifications (aka NXM = Nicira Extended Match). + * + * OpenFlow 1.0 has "struct ofp_match" for specifying flow matches. This + * structure is fixed-length and hence difficult to extend. This section + * describes a more flexible, variable-length flow match, called "nx_match" for + * short, that is also supported by Open vSwitch. This section also defines a + * replacement for each OpenFlow message that includes struct ofp_match. + * + * + * Format + * ====== + * + * An nx_match is a sequence of zero or more "nxm_entry"s, which are + * type-length-value (TLV) entries, each 5 to 259 (inclusive) bytes long. + * "nxm_entry"s are not aligned on or padded to any multibyte boundary. The + * first 4 bytes of an nxm_entry are its "header", followed by the entry's + * "body". + * + * An nxm_entry's header is interpreted as a 32-bit word in network byte order: + * + * |<-------------------- nxm_type ------------------>| + * | | + * |31 16 15 9| 8 7 0 + * +----------------------------------+---------------+--+------------------+ + * | nxm_vendor | nxm_field |hm| nxm_length | + * +----------------------------------+---------------+--+------------------+ + * + * The most-significant 23 bits of the header are collectively "nxm_type". + * Bits 16...31 are "nxm_vendor", one of the NXM_VENDOR_* values below. Bits + * 9...15 are "nxm_field", which is a vendor-specific value. nxm_type normally + * designates a protocol header, such as the Ethernet type, but it can also + * refer to packet metadata, such as the switch port on which a packet arrived. + * + * Bit 8 is "nxm_hasmask" (labeled "hm" above for space reasons). The meaning + * of this bit is explained later. + * + * The least-significant 8 bits are "nxm_length", a positive integer. The + * length of the nxm_entry, including the header, is exactly 4 + nxm_length + * bytes. + * + * For a given nxm_vendor, nxm_field, and nxm_hasmask value, nxm_length is a + * constant. It is included only to allow software to minimally parse + * "nxm_entry"s of unknown types. (Similarly, for a given nxm_vendor, + * nxm_field, and nxm_length, nxm_hasmask is a constant.) + * + * + * Semantics + * ========= + * + * A zero-length nx_match (one with no "nxm_entry"s) matches every packet. + * + * An nxm_entry places a constraint on the packets matched by the nx_match: + * + * - If nxm_hasmask is 0, the nxm_entry's body contains a value for the + * field, called "nxm_value". The nx_match matches only packets in which + * the field equals nxm_value. + * + * - If nxm_hasmask is 1, then the nxm_entry's body contains a value for the + * field (nxm_value), followed by a bitmask of the same length as the + * value, called "nxm_mask". For each 1-bit in position J in nxm_mask, the + * nx_match matches only packets for which bit J in the given field's value + * matches bit J in nxm_value. A 0-bit in nxm_mask causes the + * corresponding bits in nxm_value and the field's value to be ignored. + * (The sense of the nxm_mask bits is the opposite of that used by the + * "wildcards" member of struct ofp_match.) + * + * When nxm_hasmask is 1, nxm_length is always even. + * + * An all-zero-bits nxm_mask is equivalent to omitting the nxm_entry + * entirely. An all-one-bits nxm_mask is equivalent to specifying 0 for + * nxm_hasmask. + * + * When there are multiple "nxm_entry"s, all of the constraints must be met. + * + * + * Mask Restrictions + * ================= + * + * Masks may be restricted: + * + * - Some nxm_types may not support masked wildcards, that is, nxm_hasmask + * must always be 0 when these fields are specified. For example, the + * field that identifies the port on which a packet was received may not be + * masked. + * + * - Some nxm_types that do support masked wildcards may only support certain + * nxm_mask patterns. For example, fields that have IPv4 address values + * may be restricted to CIDR masks. + * + * These restrictions should be noted in specifications for individual fields. + * A switch may accept an nxm_hasmask or nxm_mask value that the specification + * disallows, if the switch correctly implements support for that nxm_hasmask + * or nxm_mask value. A switch must reject an attempt to set up a flow that + * contains a nxm_hasmask or nxm_mask value that it does not support. + * + * + * Prerequisite Restrictions + * ========================= + * + * The presence of an nxm_entry with a given nxm_type may be restricted based + * on the presence of or values of other "nxm_entry"s. For example: + * + * - An nxm_entry for nxm_type=NXM_OF_IP_TOS is allowed only if it is + * preceded by another entry with nxm_type=NXM_OF_ETH_TYPE, nxm_hasmask=0, + * and nxm_value=0x0800. That is, matching on the IP source address is + * allowed only if the Ethernet type is explicitly set to IP. + * + * - An nxm_entry for nxm_type=NXM_OF_TCP_SRC is allowed only if it is preced + * by an entry with nxm_type=NXM_OF_ETH_TYPE, nxm_hasmask=0, + * nxm_value=0x0800 and another with nxm_type=NXM_OF_IP_PROTO, + * nxm_hasmask=0, nxm_value=6, in that order. That is, matching on the TCP + * source port is allowed only if the Ethernet type is IP and the IP + * protocol is TCP. + * + * These restrictions should be noted in specifications for individual fields. + * A switch may implement relaxed versions of these restrictions. A switch + * must reject an attempt to set up a flow that violates its restrictions. + * + * + * Ordering Restrictions + * ===================== + * + * An nxm_entry that has prerequisite restrictions must appear after the + * "nxm_entry"s for its prerequisites. Ordering of "nxm_entry"s within an + * nx_match is not otherwise constrained. + * + * Any given nxm_type may appear in an nx_match at most once. + * + * + * nxm_entry Examples + * ================== + * + * These examples show the format of a single nxm_entry with particular + * nxm_hasmask and nxm_length values. The diagrams are labeled with field + * numbers and byte indexes. + * + * + * 8-bit nxm_value, nxm_hasmask=1, nxm_length=1: + * + * 0 3 4 5 + * +------------+---+---+ + * | header | v | m | + * +------------+---+---+ + * + * + * 16-bit nxm_value, nxm_hasmask=0, nxm_length=2: + * + * 0 3 4 5 + * +------------+------+ + * | header | value| + * +------------+------+ + * + * + * 32-bit nxm_value, nxm_hasmask=0, nxm_length=4: + * + * 0 3 4 7 + * +------------+-------------+ + * | header | nxm_value | + * +------------+-------------+ + * + * + * 48-bit nxm_value, nxm_hasmask=0, nxm_length=6: + * + * 0 3 4 9 + * +------------+------------------+ + * | header | nxm_value | + * +------------+------------------+ + * + * + * 48-bit nxm_value, nxm_hasmask=1, nxm_length=12: + * + * 0 3 4 9 10 15 + * +------------+------------------+------------------+ + * | header | nxm_value | nxm_mask | + * +------------+------------------+------------------+ + * + * + * Error Reporting + * =============== + * + * A switch should report an error in an nx_match using error type + * OFPET_BAD_REQUEST and one of the NXBRC_NXM_* codes. Ideally the switch + * should report a specific error code, if one is assigned for the particular + * problem, but NXBRC_NXM_INVALID is also available to report a generic + * nx_match error. + */ + +#define NXM_HEADER__(VENDOR, FIELD, HASMASK, LENGTH) \ + (((VENDOR) << 16) | ((FIELD) << 9) | ((HASMASK) << 8) | (LENGTH)) +#define NXM_HEADER(VENDOR, FIELD, LENGTH) \ + NXM_HEADER__(VENDOR, FIELD, 0, LENGTH) +#define NXM_HEADER_W(VENDOR, FIELD, LENGTH) \ + NXM_HEADER__(VENDOR, FIELD, 1, (LENGTH) * 2) +#define NXM_VENDOR(HEADER) ((HEADER) >> 16) +#define NXM_FIELD(HEADER) (((HEADER) >> 9) & 0x7f) +#define NXM_TYPE(HEADER) (((HEADER) >> 9) & 0x7fffff) +#define NXM_HASMASK(HEADER) (((HEADER) >> 8) & 1) +#define NXM_LENGTH(HEADER) ((HEADER) & 0xff) + +#define NXM_MAKE_WILD_HEADER(HEADER) \ + NXM_HEADER_W(NXM_VENDOR(HEADER), NXM_FIELD(HEADER), NXM_LENGTH(HEADER)) + +/* ## ------------------------------- ## */ +/* ## OpenFlow 1.0-compatible fields. ## */ +/* ## ------------------------------- ## */ + +/* Physical or virtual port on which the packet was received. + * + * Prereqs: None. + * + * Format: 16-bit integer in network byte order. + * + * Masking: Not maskable. */ +#define NXM_OF_IN_PORT NXM_HEADER (0x0000, 0, 2) + +/* Source or destination address in Ethernet header. + * + * Prereqs: None. + * + * Format: 48-bit Ethernet MAC address. + * + * Masking: The nxm_mask patterns 01:00:00:00:00:00 and FE:FF:FF:FF:FF:FF must + * be supported for NXM_OF_ETH_DST_W (as well as the trivial patterns that + * are all-0-bits or all-1-bits). Support for other patterns and for masking + * of NXM_OF_ETH_SRC is optional. */ +#define NXM_OF_ETH_DST NXM_HEADER (0x0000, 1, 6) +#define NXM_OF_ETH_DST_W NXM_HEADER_W(0x0000, 1, 6) +#define NXM_OF_ETH_SRC NXM_HEADER (0x0000, 2, 6) + +/* Packet's Ethernet type. + * + * For an Ethernet II packet this is taken from the Ethernet header. For an + * 802.2 LLC+SNAP header with OUI 00-00-00 this is taken from the SNAP header. + * A packet that has neither format has value 0x05ff + * (OFP_DL_TYPE_NOT_ETH_TYPE). + * + * For a packet with an 802.1Q header, this is the type of the encapsulated + * frame. + * + * Prereqs: None. + * + * Format: 16-bit integer in network byte order. + * + * Masking: Not maskable. */ +#define NXM_OF_ETH_TYPE NXM_HEADER (0x0000, 3, 2) + +/* 802.1Q TCI. + * + * For a packet with an 802.1Q header, this is the Tag Control Information + * (TCI) field, with the CFI bit forced to 1. For a packet with no 802.1Q + * header, this has value 0. + * + * Prereqs: None. + * + * Format: 16-bit integer in network byte order. + * + * Masking: Arbitrary masks. + * + * This field can be used in various ways: + * + * - If it is not constrained at all, the nx_match matches packets without + * an 802.1Q header or with an 802.1Q header that has any TCI value. + * + * - Testing for an exact match with 0 matches only packets without an + * 802.1Q header. + * + * - Testing for an exact match with a TCI value with CFI=1 matches packets + * that have an 802.1Q header with a specified VID and PCP. + * + * - Testing for an exact match with a nonzero TCI value with CFI=0 does + * not make sense. The switch may reject this combination. + * + * - Testing with a specific VID and CFI=1, with nxm_mask=0x1fff, matches + * packets that have an 802.1Q header with that VID (and any PCP). + * + * - Testing with a specific PCP and CFI=1, with nxm_mask=0xf000, matches + * packets that have an 802.1Q header with that PCP (and any VID). + * + * - Testing with nxm_value=0, nxm_mask=0xe000 matches packets with no 802.1Q + * header or with an 802.1Q header with a VID of 0. + */ +#define NXM_OF_VLAN_TCI NXM_HEADER (0x0000, 4, 2) +#define NXM_OF_VLAN_TCI_W NXM_HEADER_W(0x0000, 4, 2) + +/* The "type of service" byte of the IP header, with the ECN bits forced to 0. + * + * Prereqs: NXM_OF_ETH_TYPE must match 0x0800 exactly. + * + * Format: 8-bit integer with 2 least-significant bits forced to 0. + * + * Masking: Not maskable. */ +#define NXM_OF_IP_TOS NXM_HEADER (0x0000, 5, 1) + +/* The "protocol" byte in the IP header. + * + * Prereqs: NXM_OF_ETH_TYPE must match 0x0800 exactly. + * + * Format: 8-bit integer. + * + * Masking: Not maskable. */ +#define NXM_OF_IP_PROTO NXM_HEADER (0x0000, 6, 1) + +/* The source or destination address in the IP header. + * + * Prereqs: NXM_OF_ETH_TYPE must match 0x0800 exactly. + * + * Format: 32-bit integer in network byte order. + * + * Masking: Only CIDR masks are allowed, that is, masks that consist of N + * high-order bits set to 1 and the other 32-N bits set to 0. */ +#define NXM_OF_IP_SRC NXM_HEADER (0x0000, 7, 4) +#define NXM_OF_IP_SRC_W NXM_HEADER_W(0x0000, 7, 4) +#define NXM_OF_IP_DST NXM_HEADER (0x0000, 8, 4) +#define NXM_OF_IP_DST_W NXM_HEADER_W(0x0000, 8, 4) + +/* The source or destination port in the TCP header. + * + * Prereqs: + * NXM_OF_ETH_TYPE must match 0x0800 exactly. + * NXM_OF_IP_PROTO must match 6 exactly. + * + * Format: 16-bit integer in network byte order. + * + * Masking: Not maskable. */ +#define NXM_OF_TCP_SRC NXM_HEADER (0x0000, 9, 2) +#define NXM_OF_TCP_DST NXM_HEADER (0x0000, 10, 2) + +/* The source or destination port in the UDP header. + * + * Prereqs: + * NXM_OF_ETH_TYPE must match 0x0800 exactly. + * NXM_OF_IP_PROTO must match 17 exactly. + * + * Format: 16-bit integer in network byte order. + * + * Masking: Not maskable. */ +#define NXM_OF_UDP_SRC NXM_HEADER (0x0000, 11, 2) +#define NXM_OF_UDP_DST NXM_HEADER (0x0000, 12, 2) + +/* The type or code in the ICMP header. + * + * Prereqs: + * NXM_OF_ETH_TYPE must match 0x0800 exactly. + * NXM_OF_IP_PROTO must match 1 exactly. + * + * Format: 8-bit integer. + * + * Masking: Not maskable. */ +#define NXM_OF_ICMP_TYPE NXM_HEADER (0x0000, 13, 1) +#define NXM_OF_ICMP_CODE NXM_HEADER (0x0000, 14, 1) + +/* ARP opcode. + * + * For an Ethernet+IP ARP packet, the opcode in the ARP header. Always 0 + * otherwise. Only ARP opcodes between 1 and 255 should be specified for + * matching. + * + * Prereqs: NXM_OF_ETH_TYPE must match 0x0806 exactly. + * + * Format: 16-bit integer in network byte order. + * + * Masking: Not maskable. */ +#define NXM_OF_ARP_OP NXM_HEADER (0x0000, 15, 2) + +/* For an Ethernet+IP ARP packet, the source or target protocol address + * in the ARP header. Always 0 otherwise. + * + * Prereqs: NXM_OF_ETH_TYPE must match 0x0806 exactly. + * + * Format: 32-bit integer in network byte order. + * + * Masking: Only CIDR masks are allowed, that is, masks that consist of N + * high-order bits set to 1 and the other 32-N bits set to 0. */ +#define NXM_OF_ARP_SPA NXM_HEADER (0x0000, 16, 4) +#define NXM_OF_ARP_SPA_W NXM_HEADER_W(0x0000, 16, 4) +#define NXM_OF_ARP_TPA NXM_HEADER (0x0000, 17, 4) +#define NXM_OF_ARP_TPA_W NXM_HEADER_W(0x0000, 17, 4) + +/* ## ------------------------ ## */ +/* ## Nicira match extensions. ## */ +/* ## ------------------------ ## */ + +/* Metadata registers. + * + * Registers initially have value 0. Actions allow register values to be + * manipulated. + * + * Prereqs: None. + * + * Format: Array of 32-bit integer registers. Space is reserved for up to + * NXM_NX_MAX_REGS registers, but switches may implement fewer. + * + * Masking: Arbitrary masks. */ +#define NXM_NX_MAX_REGS 16 +#define NXM_NX_REG(IDX) NXM_HEADER (0x0001, IDX, 4) +#define NXM_NX_REG_W(IDX) NXM_HEADER_W(0x0001, IDX, 4) +#define NXM_NX_REG_IDX(HEADER) NXM_FIELD(HEADER) +#define NXM_IS_NX_REG(HEADER) (!((((HEADER) ^ NXM_NX_REG0)) & 0xffffe1ff)) +#define NXM_IS_NX_REG_W(HEADER) (!((((HEADER) ^ NXM_NX_REG0_W)) & 0xffffe1ff)) +#define NXM_NX_REG0 NXM_HEADER (0x0001, 0, 4) +#define NXM_NX_REG0_W NXM_HEADER_W(0x0001, 0, 4) +#define NXM_NX_REG1 NXM_HEADER (0x0001, 1, 4) +#define NXM_NX_REG1_W NXM_HEADER_W(0x0001, 1, 4) +#define NXM_NX_REG2 NXM_HEADER (0x0001, 2, 4) +#define NXM_NX_REG2_W NXM_HEADER_W(0x0001, 2, 4) +#define NXM_NX_REG3 NXM_HEADER (0x0001, 3, 4) +#define NXM_NX_REG3_W NXM_HEADER_W(0x0001, 3, 4) + +/* Tunnel ID. + * + * For a packet received via GRE tunnel including a (32-bit) key, the key is + * stored in the low 32-bits and the high bits are zeroed. For other packets, + * the value is 0. + * + * Prereqs: None. + * + * Format: 64-bit integer in network byte order. + * + * Masking: Arbitrary masks. */ +#define NXM_NX_TUN_ID NXM_HEADER (0x0001, 16, 8) +#define NXM_NX_TUN_ID_W NXM_HEADER_W(0x0001, 16, 8) + +/* ## --------------------- ## */ +/* ## Requests and replies. ## */ +/* ## --------------------- ## */ + +enum nx_flow_format { + NXFF_OPENFLOW10 = 0, /* Standard OpenFlow 1.0 compatible. */ + NXFF_TUN_ID_FROM_COOKIE = 1, /* OpenFlow 1.0, plus obtain tunnel ID from + * cookie. */ + NXFF_NXM = 2 /* Nicira extended match. */ +}; + +/* NXT_SET_FLOW_FORMAT request. */ +struct nxt_set_flow_format { + struct ofp_header header; + ovs_be32 vendor; /* NX_VENDOR_ID. */ + ovs_be32 subtype; /* NXT_SET_FLOW_FORMAT. */ + ovs_be32 format; /* One of NXFF_*. */ +}; +OFP_ASSERT(sizeof(struct nxt_set_flow_format) == 20); + +/* NXT_FLOW_MOD (analogous to OFPT_FLOW_MOD). */ +struct nx_flow_mod { + struct nicira_header nxh; + ovs_be64 cookie; /* Opaque controller-issued identifier. */ + ovs_be16 command; /* One of OFPFC_*. */ + ovs_be16 idle_timeout; /* Idle time before discarding (seconds). */ + ovs_be16 hard_timeout; /* Max time before discarding (seconds). */ + ovs_be16 priority; /* Priority level of flow entry. */ + ovs_be32 buffer_id; /* Buffered packet to apply to (or -1). + Not meaningful for OFPFC_DELETE*. */ + ovs_be16 out_port; /* For OFPFC_DELETE* commands, require + matching entries to include this as an + output port. A value of OFPP_NONE + indicates no restriction. */ + ovs_be16 flags; /* One of OFPFF_*. */ + ovs_be16 match_len; /* Size of nx_match. */ + uint8_t pad[6]; /* Align to 64-bits. */ + /* Followed by: + * - Exactly match_len (possibly 0) bytes containing the nx_match, then + * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of + * all-zero bytes, then + * - Actions to fill out the remainder of the message length (always a + * multiple of 8). + */ +}; +OFP_ASSERT(sizeof(struct nx_flow_mod) == 48); + +/* NXT_FLOW_REMOVED (analogous to OFPT_FLOW_REMOVED). */ +struct nx_flow_removed { + struct nicira_header nxh; + ovs_be64 cookie; /* Opaque controller-issued identifier. */ + ovs_be16 priority; /* Priority level of flow entry. */ + uint8_t reason; /* One of OFPRR_*. */ + uint8_t pad[1]; /* Align to 32-bits. */ + ovs_be32 duration_sec; /* Time flow was alive in seconds. */ + ovs_be32 duration_nsec; /* Time flow was alive in nanoseconds beyond + duration_sec. */ + ovs_be16 idle_timeout; /* Idle timeout from original flow mod. */ + ovs_be16 match_len; /* Size of nx_match. */ + ovs_be64 packet_count; + ovs_be64 byte_count; + /* Followed by: + * - Exactly match_len (possibly 0) bytes containing the nx_match, then + * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of + * all-zero bytes. */ +}; +OFP_ASSERT(sizeof(struct nx_flow_removed) == 56); + +/* Nicira vendor stats request of type NXST_FLOW (analogous to OFPST_FLOW + * request). */ +struct nx_flow_stats_request { + struct nicira_stats_msg nsm; + ovs_be16 out_port; /* Require matching entries to include this + as an output port. A value of OFPP_NONE + indicates no restriction. */ + ovs_be16 match_len; /* Length of nx_match. */ + uint8_t table_id; /* ID of table to read (from ofp_table_stats) + or 0xff for all tables. */ + uint8_t pad[3]; /* Align to 64 bits. */ + /* Followed by: + * - Exactly match_len (possibly 0) bytes containing the nx_match, then + * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of + * all-zero bytes, which must also exactly fill out the length of the + * message. + */ +}; +OFP_ASSERT(sizeof(struct nx_flow_stats_request) == 32); + +/* Body for Nicira vendor stats reply of type NXST_FLOW (analogous to + * OFPST_FLOW reply). */ +struct nx_flow_stats { + ovs_be16 length; /* Length of this entry. */ + uint8_t table_id; /* ID of table flow came from. */ + uint8_t pad; + ovs_be32 duration_sec; /* Time flow has been alive in seconds. */ + ovs_be32 duration_nsec; /* Time flow has been alive in nanoseconds + beyond duration_sec. */ + ovs_be16 priority; /* Priority of the entry. Only meaningful + when this is not an exact-match entry. */ + ovs_be16 idle_timeout; /* Number of seconds idle before expiration. */ + ovs_be16 hard_timeout; /* Number of seconds before expiration. */ + ovs_be16 match_len; /* Length of nx_match. */ + uint8_t pad2[4]; /* Align to 64 bits. */ + ovs_be64 cookie; /* Opaque controller-issued identifier. */ + ovs_be64 packet_count; /* Number of packets in flow. */ + ovs_be64 byte_count; /* Number of bytes in flow. */ + /* Followed by: + * - Exactly match_len (possibly 0) bytes containing the nx_match, then + * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of + * all-zero bytes, then + * - Actions to fill out the remainder 'length' bytes (always a multiple + * of 8). + */ +}; +OFP_ASSERT(sizeof(struct nx_flow_stats) == 48); + +/* Nicira vendor stats request of type NXST_AGGREGATE (analogous to + * OFPST_AGGREGATE request). */ +struct nx_aggregate_stats_request { + struct nicira_stats_msg nsm; + ovs_be16 out_port; /* Require matching entries to include this + as an output port. A value of OFPP_NONE + indicates no restriction. */ + ovs_be16 match_len; /* Length of nx_match. */ + uint8_t table_id; /* ID of table to read (from ofp_table_stats) + or 0xff for all tables. */ + uint8_t pad[3]; /* Align to 64 bits. */ + /* Followed by: + * - Exactly match_len (possibly 0) bytes containing the nx_match, then + * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of + * all-zero bytes, which must also exactly fill out the length of the + * message. + */ +}; +OFP_ASSERT(sizeof(struct nx_aggregate_stats_request) == 32); + +/* Body for nicira_stats_msg reply of type NXST_AGGREGATE (analogous to + * OFPST_AGGREGATE reply). + * + * ofp_aggregate_stats_reply does not contain an ofp_match structure, so we + * reuse it entirely. (It would be very odd to use OFPST_AGGREGATE to reply to + * an NXST_AGGREGATE request, so we don't do that.) */ +struct nx_aggregate_stats_reply { + struct nicira_stats_msg nsm; + struct ofp_aggregate_stats_reply asr; +}; +OFP_ASSERT(sizeof(struct nx_aggregate_stats_reply) == 48); #endif /* openflow/nicira-ext.h */