X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=include%2Fopenflow%2Fnicira-ext.h;h=b66b806ed6f47121461cbbed8639bb249b536255;hb=a7349929fb86d41f2e2ef77395e33b21f9457d48;hp=f449329f7b3be6084d54a91c2dcdfaaacbac44e7;hpb=799d2bfaad0afb53131f8071281c9018a74fa35f;p=sliver-openvswitch.git diff --git a/include/openflow/nicira-ext.h b/include/openflow/nicira-ext.h index f449329f7..b66b806ed 100644 --- a/include/openflow/nicira-ext.h +++ b/include/openflow/nicira-ext.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2009, 2010, 2011 Nicira Networks + * Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira Networks * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -67,64 +67,6 @@ struct nx_vendor_error { /* Followed by at least the first 64 bytes of the failed request. */ }; -/* Specific Nicira extension error numbers. - * - * These are the "code" values used in nx_vendor_error. So far, the "type" - * values in nx_vendor_error are the same as those in ofp_error_msg. That is, - * at Nicira so far we've only needed additional vendor-specific 'code' values, - * so we're using the existing 'type' values to avoid having to invent new ones - * that duplicate the current ones' meanings. */ - -/* Additional "code" values for OFPET_BAD_REQUEST. */ -enum nx_bad_request_code { -/* Nicira Extended Match (NXM) errors. */ - - /* Generic error code used when there is an error in an NXM sent to the - * switch. The switch may use one of the more specific error codes below, - * if there is an appropriate one, to simplify debugging, but it is not - * required to do so. */ - NXBRC_NXM_INVALID = 0x100, - - /* The nxm_type, or nxm_type taken in combination with nxm_hasmask or - * nxm_length or both, is invalid or not implemented. */ - NXBRC_NXM_BAD_TYPE = 0x101, - - /* Invalid nxm_value. */ - NXBRC_NXM_BAD_VALUE = 0x102, - - /* Invalid nxm_mask. */ - NXBRC_NXM_BAD_MASK = 0x103, - - /* A prerequisite was not met. */ - NXBRC_NXM_BAD_PREREQ = 0x104, - - /* A given nxm_type was specified more than once. */ - NXBRC_NXM_DUP_TYPE = 0x105, - -/* Other errors. */ - - /* A request specified a nonexistent table ID. (But NXFMFC_BAD_TABLE_ID is - * used instead, when it is appropriate, because that is such a special - * case.) */ - NXBRC_BAD_TABLE_ID = 0x200, - - /* NXT_ROLE_REQUEST specified an invalid role. */ - NXBRC_BAD_ROLE = 0x201, - - /* The in_port in an ofp_packet_out request is invalid. */ - NXBRC_BAD_IN_PORT = 0x202 -}; - -/* Additional "code" values for OFPET_FLOW_MOD_FAILED. */ -enum nx_flow_mod_failed_code { - /* Generic hardware error. */ - NXFMFC_HARDWARE = 0x100, - - /* A nonexistent table ID was specified in the "command" field of struct - * ofp_flow_mod, when the nxt_flow_mod_table_id extension is enabled. */ - NXFMFC_BAD_TABLE_ID = 0x101 -}; - /* Nicira vendor requests and replies. */ /* Header for Nicira vendor requests and replies. */ @@ -161,8 +103,20 @@ enum nicira_type { /* Use the upper 8 bits of the 'command' member in struct ofp_flow_mod to * designate the table to which a flow is to be added? See the big comment - * on struct nxt_flow_mod_table_id for more information. */ - NXT_FLOW_MOD_TABLE_ID = 15 + * on struct nx_flow_mod_table_id for more information. */ + NXT_FLOW_MOD_TABLE_ID = 15, + + /* Alternative PACKET_IN message formats. */ + NXT_SET_PACKET_IN_FORMAT = 16, /* Set Packet In format. */ + NXT_PACKET_IN = 17, /* Nicira Packet In. */ + + /* Are the idle_age and hard_age members in struct nx_flow_stats supported? + * If so, the switch does not reply to this message (which consists only of + * a "struct nicira_header"). If not, the switch sends an error reply. */ + NXT_FLOW_AGE = 18, + + NXT_SET_ASYNC_CONFIG = 19, /* struct nx_async_config. */ + NXT_SET_CONTROLLER_ID = 20, /* struct nx_controller_id. */ }; /* Header for Nicira vendor stats request and reply messages. */ @@ -237,14 +191,75 @@ enum nx_hash_fields { * matches, then it is modified or deleted; if flows in more than one * table match, then none is modified or deleted. */ -struct nxt_flow_mod_table_id { +struct nx_flow_mod_table_id { struct ofp_header header; uint32_t vendor; /* NX_VENDOR_ID. */ uint32_t subtype; /* NXT_FLOW_MOD_TABLE_ID. */ uint8_t set; /* Nonzero to enable, zero to disable. */ uint8_t pad[7]; }; -OFP_ASSERT(sizeof(struct nxt_flow_mod_table_id) == 24); +OFP_ASSERT(sizeof(struct nx_flow_mod_table_id) == 24); + +enum nx_packet_in_format { + NXPIF_OPENFLOW10 = 0, /* Standard OpenFlow 1.0 compatible. */ + NXPIF_NXM = 1 /* Nicira Extended. */ +}; + +/* NXT_SET_PACKET_IN_FORMAT request. */ +struct nx_set_packet_in_format { + struct nicira_header nxh; + ovs_be32 format; /* One of NXPIF_*. */ +}; +OFP_ASSERT(sizeof(struct nx_set_packet_in_format) == 20); + +/* NXT_PACKET_IN (analogous to OFPT_PACKET_IN). + * + * The NXT_PACKET_IN format is intended to model the OpenFlow-1.2 PACKET_IN + * with some minor tweaks. Most notably NXT_PACKET_IN includes the cookie of + * the rule which triggered the NXT_PACKET_IN message, and the match fields are + * in NXM format. + * + * The match fields in the NXT_PACKET_IN are intended to contain flow + * processing metadata collected at the time the NXT_PACKET_IN message was + * triggered. It is minimally required to contain the NXM_OF_IN_PORT of the + * packet, but may include other NXM headers such as flow registers. The match + * fields are allowed to contain non-metadata (e.g. NXM_OF_ETH_SRC etc). + * However, this information can typically be found in the packet directly, so + * it may be redundant. + * + * Whereas in most cases a controller can expect to only get back NXM fields + * that it set up itself (e.g. flow dumps will ordinarily report only NXM + * fields from flows that the controller added), NXT_PACKET_IN messages might + * contain fields that the controller does not understand, because the switch + * might support fields (new registers, new protocols, etc.) that the + * controller does not.  The controller must prepared to tolerate these. + * + * The 'cookie' and 'table_id' fields have no meaning when 'reason' is + * OFPR_NO_MATCH. In this case they should be set to 0. */ +struct nx_packet_in { + struct nicira_header nxh; + ovs_be32 buffer_id; /* ID assigned by datapath. */ + ovs_be16 total_len; /* Full length of frame. */ + uint8_t reason; /* Reason packet is sent (one of OFPR_*). */ + uint8_t table_id; /* ID of the table that was looked up. */ + ovs_be64 cookie; /* Cookie of the rule that was looked up. */ + ovs_be16 match_len; /* Size of nx_match. */ + uint8_t pad[6]; /* Align to 64-bits. */ + /* Followed by: + * - Exactly match_len (possibly 0) bytes containing the nx_match, then + * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of + * all-zero bytes, then + * - Exactly 2 all-zero padding bytes, then + * - An Ethernet frame whose length is inferred from nxh.header.length. + * + * The padding bytes preceding the Ethernet frame ensure that the IP + * header (if any) following the Ethernet header is 32-bit aligned. */ + + /* uint8_t nxm_fields[...]; */ /* Match. */ + /* uint8_t pad[2]; */ /* Align to 64 bit + 16 bit. */ + /* uint8_t data[0]; */ /* Ethernet frame. */ +}; +OFP_ASSERT(sizeof(struct nx_packet_in) == 40); /* Configures the "role" of the sending controller. The default role is: * @@ -269,12 +284,35 @@ struct nx_role_request { struct nicira_header nxh; ovs_be32 role; /* One of NX_ROLE_*. */ }; +OFP_ASSERT(sizeof(struct nx_role_request) == 20); enum nx_role { NX_ROLE_OTHER, /* Default role, full access. */ NX_ROLE_MASTER, /* Full access, at most one. */ NX_ROLE_SLAVE /* Read-only access. */ }; + +/* NXT_SET_ASYNC_CONFIG. + * + * Sent by a controller, this message configures the asynchronous messages that + * the controller wants to receive. Element 0 in each array specifies messages + * of interest when the controller has an "other" or "master" role; element 1, + * when the controller has a "slave" role. + * + * Each array element is a bitmask in which a 0-bit disables receiving a + * particular message and a 1-bit enables receiving it. Each bit controls the + * message whose 'reason' corresponds to the bit index. For example, the bit + * with value 1<<2 == 4 in port_status_mask[1] determines whether the + * controller will receive OFPT_PORT_STATUS messages with reason OFPPR_MODIFY + * (value 2) when the controller has a "slave" role. + */ +struct nx_async_config { + struct nicira_header nxh; + ovs_be32 packet_in_mask[2]; /* Bitmasks of OFPR_* values. */ + ovs_be32 port_status_mask[2]; /* Bitmasks of OFPRR_* values. */ + ovs_be32 flow_removed_mask[2]; /* Bitmasks of OFPPR_* values. */ +}; +OFP_ASSERT(sizeof(struct nx_async_config) == 40); /* Nicira vendor flow actions. */ @@ -296,7 +334,10 @@ enum nx_action_subtype { NXAST_RESUBMIT_TABLE, /* struct nx_action_resubmit */ NXAST_OUTPUT_REG, /* struct nx_action_output_reg */ NXAST_LEARN, /* struct nx_action_learn */ - NXAST_EXIT /* struct nx_action_header */ + NXAST_EXIT, /* struct nx_action_header */ + NXAST_DEC_TTL, /* struct nx_action_header */ + NXAST_FIN_TIMEOUT, /* struct nx_action_fin_timeout */ + NXAST_CONTROLLER, /* struct nx_action_controller */ }; /* Header for Nicira-defined actions. */ @@ -764,6 +805,13 @@ enum nx_mp_algorithm { * prepared to handle this by flooding (which can be implemented as a * low-priority flow). * + * If a learned flow matches a single TCP stream with a relatively long + * timeout, one may make the best of resource constraints by setting + * 'fin_idle_timeout' or 'fin_hard_timeout' (both measured in seconds), or + * both, to shorter timeouts. When either of these is specified as a nonzero + * value, OVS adds a NXAST_FIN_TIMEOUT action, with the specified timeouts, to + * the learned flow. + * * Examples * -------- * @@ -867,7 +915,9 @@ struct nx_action_learn { ovs_be64 cookie; /* Cookie for new flow. */ ovs_be16 flags; /* Either 0 or OFPFF_SEND_FLOW_REM. */ uint8_t table_id; /* Table to insert flow entry. */ - uint8_t pad[5]; /* Must be zero. */ + uint8_t pad; /* Must be zero. */ + ovs_be16 fin_idle_timeout; /* Idle timeout after FIN, if nonzero. */ + ovs_be16 fin_hard_timeout; /* Hard timeout after FIN, if nonzero. */ /* Followed by a sequence of flow_mod_spec elements, as described above, * until the end of the action is reached. */ }; @@ -884,6 +934,40 @@ OFP_ASSERT(sizeof(struct nx_action_learn) == 32); #define NX_LEARN_DST_OUTPUT (2 << 11) /* Add OFPAT_OUTPUT action. */ #define NX_LEARN_DST_RESERVED (3 << 11) /* Not yet defined. */ #define NX_LEARN_DST_MASK (3 << 11) + +/* Action structure for NXAST_FIN_TIMEOUT. + * + * This action changes the idle timeout or hard timeout, or both, of this + * OpenFlow rule when the rule matches a TCP packet with the FIN or RST flag. + * When such a packet is observed, the action reduces the rule's idle timeout + * to 'fin_idle_timeout' and its hard timeout to 'fin_hard_timeout'. This + * action has no effect on an existing timeout that is already shorter than the + * one that the action specifies. A 'fin_idle_timeout' or 'fin_hard_timeout' + * of zero has no effect on the respective timeout. + * + * 'fin_idle_timeout' and 'fin_hard_timeout' are measured in seconds. + * 'fin_hard_timeout' specifies time since the flow's creation, not since the + * receipt of the FIN or RST. + * + * This is useful for quickly discarding learned TCP flows that otherwise will + * take a long time to expire. + * + * This action is intended for use with an OpenFlow rule that matches only a + * single TCP flow. If the rule matches multiple TCP flows (e.g. it wildcards + * all TCP traffic, or all TCP traffic to a particular port), then any FIN or + * RST in any of those flows will cause the entire OpenFlow rule to expire + * early, which is not normally desirable. + */ +struct nx_action_fin_timeout { + ovs_be16 type; /* OFPAT_VENDOR. */ + ovs_be16 len; /* 16. */ + ovs_be32 vendor; /* NX_VENDOR_ID. */ + ovs_be16 subtype; /* NXAST_FIN_TIMEOUT. */ + ovs_be16 fin_idle_timeout; /* New idle timeout, if nonzero. */ + ovs_be16 fin_hard_timeout; /* New hard timeout, if nonzero. */ + ovs_be16 pad; /* Must be zero. */ +}; +OFP_ASSERT(sizeof(struct nx_action_fin_timeout) == 16); /* Action structure for NXAST_AUTOPATH. * @@ -1389,9 +1473,12 @@ OFP_ASSERT(sizeof(struct nx_action_output_reg) == 24); * * Format: 16-bit integer in network byte order. * - * Masking: Not maskable. */ + * Masking: Fully maskable, in Open vSwitch 1.6 and later. Not maskable, in + * earlier versions. */ #define NXM_OF_TCP_SRC NXM_HEADER (0x0000, 9, 2) +#define NXM_OF_TCP_SRC_W NXM_HEADER_W(0x0000, 9, 2) #define NXM_OF_TCP_DST NXM_HEADER (0x0000, 10, 2) +#define NXM_OF_TCP_DST_W NXM_HEADER_W(0x0000, 10, 2) /* The source or destination port in the UDP header. * @@ -1401,9 +1488,12 @@ OFP_ASSERT(sizeof(struct nx_action_output_reg) == 24); * * Format: 16-bit integer in network byte order. * - * Masking: Not maskable. */ + * Masking: Fully maskable, in Open vSwitch 1.6 and later. Not maskable, in + * earlier versions. */ #define NXM_OF_UDP_SRC NXM_HEADER (0x0000, 11, 2) +#define NXM_OF_UDP_SRC_W NXM_HEADER_W(0x0000, 11, 2) #define NXM_OF_UDP_DST NXM_HEADER (0x0000, 12, 2) +#define NXM_OF_UDP_DST_W NXM_HEADER_W(0x0000, 12, 2) /* The type or code in the ICMP header. * @@ -1641,6 +1731,22 @@ OFP_ASSERT(sizeof(struct nx_action_output_reg) == 24); * Masking: Not maskable. */ #define NXM_NX_IP_TTL NXM_HEADER (0x0001, 29, 1) +/* Flow cookie. + * + * This may be used to gain the OpenFlow 1.1-like ability to restrict + * certain NXM-based Flow Mod and Flow Stats Request messages to flows + * with specific cookies. See the "nx_flow_mod" and "nx_flow_stats_request" + * structure definitions for more details. This match is otherwise not + * allowed. + * + * Prereqs: None. + * + * Format: 64-bit integer in network byte order. + * + * Masking: Arbitrary masks. */ +#define NXM_NX_COOKIE NXM_HEADER (0x0001, 30, 8) +#define NXM_NX_COOKIE_W NXM_HEADER_W(0x0001, 30, 8) + /* ## --------------------- ## */ /* ## Requests and replies. ## */ /* ## --------------------- ## */ @@ -1651,15 +1757,22 @@ enum nx_flow_format { }; /* NXT_SET_FLOW_FORMAT request. */ -struct nxt_set_flow_format { +struct nx_set_flow_format { struct ofp_header header; ovs_be32 vendor; /* NX_VENDOR_ID. */ ovs_be32 subtype; /* NXT_SET_FLOW_FORMAT. */ ovs_be32 format; /* One of NXFF_*. */ }; -OFP_ASSERT(sizeof(struct nxt_set_flow_format) == 20); +OFP_ASSERT(sizeof(struct nx_set_flow_format) == 20); -/* NXT_FLOW_MOD (analogous to OFPT_FLOW_MOD). */ +/* NXT_FLOW_MOD (analogous to OFPT_FLOW_MOD). + * + * It is possible to limit flow deletions and modifications to certain + * cookies by using the NXM_NX_COOKIE and NXM_NX_COOKIE_W matches. For + * these commands, the "cookie" field is always ignored. Flow additions + * make use of the "cookie" field and ignore any NXM_NX_COOKIE* + * definitions. + */ struct nx_flow_mod { struct nicira_header nxh; ovs_be64 cookie; /* Opaque controller-issued identifier. */ @@ -1708,7 +1821,11 @@ struct nx_flow_removed { OFP_ASSERT(sizeof(struct nx_flow_removed) == 56); /* Nicira vendor stats request of type NXST_FLOW (analogous to OFPST_FLOW - * request). */ + * request). + * + * It is possible to limit matches to certain cookies by using the + * NXM_NX_COOKIE and NXM_NX_COOKIE_W matches. + */ struct nx_flow_stats_request { struct nicira_stats_msg nsm; ovs_be16 out_port; /* Require matching entries to include this @@ -1728,7 +1845,27 @@ struct nx_flow_stats_request { OFP_ASSERT(sizeof(struct nx_flow_stats_request) == 32); /* Body for Nicira vendor stats reply of type NXST_FLOW (analogous to - * OFPST_FLOW reply). */ + * OFPST_FLOW reply). + * + * The values of 'idle_age' and 'hard_age' are only meaningful when talking to + * a switch that implements the NXT_FLOW_AGE extension. Zero means that the + * true value is unknown, perhaps because hardware does not track the value. + * (Zero is also the value that one should ordinarily expect to see talking to + * a switch that does not implement NXT_FLOW_AGE, since those switches zero the + * padding bytes that these fields replaced.) A nonzero value X represents X-1 + * seconds. A value of 65535 represents 65534 or more seconds. + * + * 'idle_age' is the number of seconds that the flow has been idle, that is, + * the number of seconds since a packet passed through the flow. 'hard_age' is + * the number of seconds since the flow was last modified (e.g. OFPFC_MODIFY or + * OFPFC_MODIFY_STRICT). (The 'duration_*' fields are the elapsed time since + * the flow was added, regardless of subsequent modifications.) + * + * For a flow with an idle or hard timeout, 'idle_age' or 'hard_age', + * respectively, will ordinarily be smaller than the timeout, but flow + * expiration times are only approximate and so one must be prepared to + * tolerate expirations that occur somewhat early or late. + */ struct nx_flow_stats { ovs_be16 length; /* Length of this entry. */ uint8_t table_id; /* ID of table flow came from. */ @@ -1741,7 +1878,8 @@ struct nx_flow_stats { ovs_be16 idle_timeout; /* Number of seconds idle before expiration. */ ovs_be16 hard_timeout; /* Number of seconds before expiration. */ ovs_be16 match_len; /* Length of nx_match. */ - uint8_t pad2[4]; /* Align to 64 bits. */ + ovs_be16 idle_age; /* Seconds since last packet, plus one. */ + ovs_be16 hard_age; /* Seconds since last modification, plus one. */ ovs_be64 cookie; /* Opaque controller-issued identifier. */ ovs_be64 packet_count; /* Number of packets, UINT64_MAX if unknown. */ ovs_be64 byte_count; /* Number of bytes, UINT64_MAX if unknown. */ @@ -1785,5 +1923,45 @@ struct nx_aggregate_stats_reply { uint8_t pad[4]; /* Align to 64 bits. */ }; OFP_ASSERT(sizeof(struct nx_aggregate_stats_reply) == 48); + +/* NXT_SET_CONTROLLER_ID. + * + * Each OpenFlow controller connection has a 16-bit identifier that is + * initially 0. This message changes the connection's ID to 'id'. + * + * Controller connection IDs need not be unique. + * + * The NXAST_CONTROLLER action is the only current user of controller + * connection IDs. */ +struct nx_controller_id { + struct nicira_header nxh; + uint8_t zero[6]; /* Must be zero. */ + ovs_be16 controller_id; /* New controller connection ID. */ +}; +OFP_ASSERT(sizeof(struct nx_controller_id) == 24); + +/* Action structure for NXAST_CONTROLLER. + * + * This generalizes using OFPAT_OUTPUT to send a packet to OFPP_CONTROLLER. In + * addition to the 'max_len' that OFPAT_OUTPUT supports, it also allows + * specifying: + * + * - 'reason': The reason code to use in the ofp_packet_in or nx_packet_in. + * + * - 'controller_id': The ID of the controller connection to which the + * ofp_packet_in should be sent. The ofp_packet_in or nx_packet_in is + * sent only to controllers that have the specified controller connection + * ID. See "struct nx_controller_id" for more information. */ +struct nx_action_controller { + ovs_be16 type; /* OFPAT_VENDOR. */ + ovs_be16 len; /* Length is 16. */ + ovs_be32 vendor; /* NX_VENDOR_ID. */ + ovs_be16 subtype; /* NXAST_CONTROLLER. */ + ovs_be16 max_len; /* Maximum length to send to controller. */ + ovs_be16 controller_id; /* Controller ID to send packet-in. */ + uint8_t reason; /* enum ofp_packet_in_reason (OFPR_*). */ + uint8_t zero; /* Must be zero. */ +}; +OFP_ASSERT(sizeof(struct nx_action_controller) == 16); #endif /* openflow/nicira-ext.h */