X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=include%2Fopenflow%2Fnicira-ext.h;h=c97478faf3bc337d7649aff8cfb97cfdc7425ee5;hb=9c64f2384d850658985d7e18003443c196e89ae1;hp=5ec009a767df6f2653f6b65222cfcc75b30c27ba;hpb=659586efcf6f9539282da9447007897907c41112;p=sliver-openvswitch.git diff --git a/include/openflow/nicira-ext.h b/include/openflow/nicira-ext.h index 5ec009a76..c97478faf 100644 --- a/include/openflow/nicira-ext.h +++ b/include/openflow/nicira-ext.h @@ -49,6 +49,11 @@ enum nicira_type { /* Use the high 32 bits of the cookie field as the tunnel ID in the flow * match. */ NXT_TUN_ID_FROM_COOKIE, + + /* Controller role support. The request body is struct nx_role_request. + * The reply echos the request. */ + NXT_ROLE_REQUEST, + NXT_ROLE_REPLY }; struct nicira_header { @@ -67,6 +72,36 @@ struct nxt_tun_id_cookie { }; OFP_ASSERT(sizeof(struct nxt_tun_id_cookie) == 24); +/* Configures the "role" of the sending controller. The default role is: + * + * - Other (NX_ROLE_OTHER), which allows the controller access to all + * OpenFlow features. + * + * The other possible roles are a related pair: + * + * - Master (NX_ROLE_MASTER) is equivalent to Other, except that there may + * be at most one Master controller at a time: when a controller + * configures itself as Master, any existing Master is demoted to the + * Slave role. + * + * - Slave (NX_ROLE_SLAVE) allows the controller read-only access to + * OpenFlow features. In particular attempts to modify the flow table + * will be rejected with an OFPBRC_EPERM error. + * + * Slave controllers also do not receive asynchronous messages + * (OFPT_PACKET_IN, OFPT_FLOW_REMOVED, OFPT_PORT_STATUS). + */ +struct nx_role_request { + struct nicira_header nxh; + uint32_t role; /* One of NX_ROLE_*. */ +}; + +enum nx_role { + NX_ROLE_OTHER, /* Default role, full access. */ + NX_ROLE_MASTER, /* Full access, at most one. */ + NX_ROLE_SLAVE /* Read-only access. */ +}; + enum nx_action_subtype { NXAST_SNAT__OBSOLETE, /* No longer used. */ @@ -83,18 +118,31 @@ enum nx_action_subtype { * Following the lookup, the original in_port is restored. * * If the modified flow matched in the flow table, then the corresponding - * actions are executed, except that NXAST_RESUBMIT actions found in the - * secondary set of actions are ignored. Afterward, actions following - * NXAST_RESUBMIT in the original set of actions, if any, are executed; any - * changes made to the packet (e.g. changes to VLAN) by secondary actions - * persist when those actions are executed, although the original in_port - * is restored. + * actions are executed. Afterward, actions following NXAST_RESUBMIT in + * the original set of actions, if any, are executed; any changes made to + * the packet (e.g. changes to VLAN) by secondary actions persist when + * those actions are executed, although the original in_port is restored. * * NXAST_RESUBMIT may be used any number of times within a set of actions. + * + * NXAST_RESUBMIT may nest to an implementation-defined depth. Beyond this + * implementation-defined depth, further NXAST_RESUBMIT actions are simply + * ignored. (Open vSwitch 1.0.1 and earlier did not support recursion.) */ NXAST_RESUBMIT, - NXAST_SET_TUNNEL /* Set encapsulating tunnel ID. */ + /* Set encapsulating tunnel ID. */ + NXAST_SET_TUNNEL, + + /* Stops processing further actions, if the packet being processed is an + * Ethernet+IPv4 ARP packet for which the source Ethernet address inside + * the ARP packet differs from the source Ethernet address in the Ethernet + * header. + * + * This is useful because OpenFlow does not provide a way to match on the + * Ethernet addresses inside ARP packets, so there is no other way to drop + * spoofed ARPs other than sending every ARP packet to a controller. */ + NXAST_DROP_SPOOFED_ARP }; /* Action structure for NXAST_RESUBMIT. */