X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=lib%2Fofp-parse.c;h=afcaf87737b08c1d98cabe645d5b8ea2ac1be627;hb=6c222e55fa4222c6724094e1e7a0a69addf6b030;hp=7fed553eadc0aa8fde0e434a11c8c21f8a7918b6;hpb=8368c090cab8b604818cc3db321f1ed8531f27a4;p=sliver-openvswitch.git diff --git a/lib/ofp-parse.c b/lib/ofp-parse.c index 7fed553ea..afcaf8773 100644 --- a/lib/ofp-parse.c +++ b/lib/ofp-parse.c @@ -22,6 +22,7 @@ #include #include +#include "autopath.h" #include "byte-order.h" #include "dynamic-string.h" #include "netdev.h" @@ -43,7 +44,7 @@ str_to_u32(const char *str) char *tail; uint32_t value; - if (!str) { + if (!str[0]) { ovs_fatal(0, "missing required numeric argument"); } @@ -61,6 +62,10 @@ str_to_u64(const char *str) char *tail; uint64_t value; + if (!str[0]) { + ovs_fatal(0, "missing required numeric argument"); + } + errno = 0; value = strtoull(str, &tail, 0); if (errno == EINVAL || errno == ERANGE || *tail) { @@ -78,6 +83,27 @@ str_to_mac(const char *str, uint8_t mac[6]) } } +static void +str_to_eth_dst(const char *str, + uint8_t mac[ETH_ADDR_LEN], uint8_t mask[ETH_ADDR_LEN]) +{ + if (sscanf(str, ETH_ADDR_SCAN_FMT"/"ETH_ADDR_SCAN_FMT, + ETH_ADDR_SCAN_ARGS(mac), ETH_ADDR_SCAN_ARGS(mask)) + == ETH_ADDR_SCAN_COUNT * 2) { + if (!flow_wildcards_is_dl_dst_mask_valid(mask)) { + ovs_fatal(0, "%s: invalid Ethernet destination mask (only " + "00:00:00:00:00:00, 01:00:00:00:00:00, " + "fe:ff:ff:ff:ff:ff, and ff:ff:ff:ff:ff:ff are allowed)", + str); + } + } else if (sscanf(str, ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac)) + == ETH_ADDR_SCAN_COUNT) { + memset(mask, 0xff, ETH_ADDR_LEN); + } else { + ovs_fatal(0, "invalid mac address %s", str); + } +} + static void str_to_ip(const char *str_, ovs_be32 *ip, ovs_be32 *maskp) { @@ -157,6 +183,46 @@ error: ovs_fatal(0, "%s: bad syntax for tunnel id", str); } +static void +str_to_ipv6(const char *str_, struct in6_addr *addrp, struct in6_addr *maskp) +{ + char *str = xstrdup(str_); + char *save_ptr = NULL; + const char *name, *netmask; + struct in6_addr addr, mask; + int retval; + + name = strtok_r(str, "/", &save_ptr); + retval = name ? lookup_ipv6(name, &addr) : EINVAL; + if (retval) { + ovs_fatal(0, "%s: could not convert to IPv6 address", str); + } + + netmask = strtok_r(NULL, "/", &save_ptr); + if (netmask) { + int prefix = atoi(netmask); + if (prefix <= 0 || prefix > 128) { + ovs_fatal(0, "%s: network prefix bits not between 1 and 128", + str); + } else { + mask = ipv6_create_mask(prefix); + } + } else { + mask = in6addr_exact; + } + *addrp = ipv6_addr_bitand(&addr, &mask); + + if (maskp) { + *maskp = mask; + } else { + if (!ipv6_mask_is_exact(&mask)) { + ovs_fatal(0, "%s: netmask not allowed here", str_); + } + } + + free(str); +} + static void * put_action(struct ofpbuf *b, size_t size, uint16_t type) { @@ -231,6 +297,7 @@ str_to_action(char *str, struct ofpbuf *b) pos = str; n_actions = 0; for (;;) { + char empty_string[] = ""; char *act, *arg; size_t actlen; uint16_t port; @@ -280,7 +347,7 @@ str_to_action(char *str, struct ofpbuf *b) pos = arg + arglen; } else { /* There might be no argument at all. */ - arg = NULL; + arg = empty_string; pos = act + actlen + (act[actlen] != '\0'); } act[actlen] = '\0'; @@ -343,11 +410,6 @@ str_to_action(char *str, struct ofpbuf *b) nast->subtype = htons(NXAST_SET_TUNNEL); nast->tun_id = htonl(tun_id); } - } else if (!strcasecmp(act, "drop_spoofed_arp")) { - struct nx_action_header *nah; - nah = put_action(b, sizeof *nah, OFPAT_VENDOR); - nah->vendor = htonl(NX_VENDOR_ID); - nah->subtype = htons(NXAST_DROP_SPOOFED_ARP); } else if (!strcasecmp(act, "set_queue")) { struct nx_action_set_queue *nasq; nasq = put_action(b, sizeof *nasq, OFPAT_VENDOR); @@ -370,7 +432,7 @@ str_to_action(char *str, struct ofpbuf *b) nan->subtype = htons(NXAST_NOTE); b->size -= sizeof nan->note; - while (arg && *arg != '\0') { + while (*arg != '\0') { uint8_t byte; bool ok; @@ -408,6 +470,10 @@ str_to_action(char *str, struct ofpbuf *b) struct nx_action_multipath *nam; nam = ofpbuf_put_uninit(b, sizeof *nam); multipath_parse(nam, arg); + } else if (!strcasecmp(act, "autopath")) { + struct nx_action_autopath *naa; + naa = ofpbuf_put_uninit(b, sizeof *naa); + autopath_parse(naa, arg); } else if (!strcasecmp(act, "output")) { put_output_action(b, str_to_u32(arg)); } else if (!strcasecmp(act, "enqueue")) { @@ -432,7 +498,7 @@ str_to_action(char *str, struct ofpbuf *b) /* Unless a numeric argument is specified, we send the whole * packet to the controller. */ - if (arg && (strspn(arg, "0123456789") == strlen(arg))) { + if (arg[0] && (strspn(arg, "0123456789") == strlen(arg))) { oao->max_len = htons(str_to_u32(arg)); } else { oao->max_len = htons(UINT16_MAX); @@ -460,9 +526,14 @@ parse_protocol(const char *name, const struct protocol **p_out) static const struct protocol protocols[] = { { "ip", ETH_TYPE_IP, 0 }, { "arp", ETH_TYPE_ARP, 0 }, - { "icmp", ETH_TYPE_IP, IP_TYPE_ICMP }, - { "tcp", ETH_TYPE_IP, IP_TYPE_TCP }, - { "udp", ETH_TYPE_IP, IP_TYPE_UDP }, + { "icmp", ETH_TYPE_IP, IPPROTO_ICMP }, + { "tcp", ETH_TYPE_IP, IPPROTO_TCP }, + { "udp", ETH_TYPE_IP, IPPROTO_UDP }, + { "ipv6", ETH_TYPE_IPV6, 0 }, + { "ip6", ETH_TYPE_IPV6, 0 }, + { "icmp6", ETH_TYPE_IPV6, IPPROTO_ICMPV6 }, + { "tcp6", ETH_TYPE_IPV6, IPPROTO_TCP }, + { "udp6", ETH_TYPE_IPV6, IPPROTO_UDP }, }; const struct protocol *p; @@ -482,7 +553,7 @@ parse_protocol(const char *name, const struct protocol **p_out) FIELD(F_DL_VLAN, "dl_vlan", 0) \ FIELD(F_DL_VLAN_PCP, "dl_vlan_pcp", 0) \ FIELD(F_DL_SRC, "dl_src", FWW_DL_SRC) \ - FIELD(F_DL_DST, "dl_dst", FWW_DL_DST) \ + FIELD(F_DL_DST, "dl_dst", FWW_DL_DST | FWW_ETH_MCAST) \ FIELD(F_DL_TYPE, "dl_type", FWW_DL_TYPE) \ FIELD(F_NW_SRC, "nw_src", 0) \ FIELD(F_NW_DST, "nw_dst", 0) \ @@ -491,7 +562,14 @@ parse_protocol(const char *name, const struct protocol **p_out) FIELD(F_TP_SRC, "tp_src", FWW_TP_SRC) \ FIELD(F_TP_DST, "tp_dst", FWW_TP_DST) \ FIELD(F_ICMP_TYPE, "icmp_type", FWW_TP_SRC) \ - FIELD(F_ICMP_CODE, "icmp_code", FWW_TP_DST) + FIELD(F_ICMP_CODE, "icmp_code", FWW_TP_DST) \ + FIELD(F_ARP_SHA, "arp_sha", FWW_ARP_SHA) \ + FIELD(F_ARP_THA, "arp_tha", FWW_ARP_THA) \ + FIELD(F_IPV6_SRC, "ipv6_src", 0) \ + FIELD(F_IPV6_DST, "ipv6_dst", 0) \ + FIELD(F_ND_TARGET, "nd_target", FWW_ND_TARGET) \ + FIELD(F_ND_SLL, "nd_sll", FWW_ARP_SHA) \ + FIELD(F_ND_TLL, "nd_tll", FWW_ARP_THA) enum field_index { #define FIELD(ENUM, NAME, WILDCARD) ENUM, @@ -530,9 +608,10 @@ static void parse_field_value(struct cls_rule *rule, enum field_index index, const char *value) { - uint8_t mac[ETH_ADDR_LEN]; + uint8_t mac[ETH_ADDR_LEN], mac_mask[ETH_ADDR_LEN]; ovs_be64 tun_id, tun_mask; ovs_be32 ip, mask; + struct in6_addr ipv6, ipv6_mask; uint16_t port_no; switch (index) { @@ -545,9 +624,6 @@ parse_field_value(struct cls_rule *rule, enum field_index index, if (!parse_port_name(value, &port_no)) { port_no = atoi(value); } - if (port_no == OFPP_LOCAL) { - port_no = ODPP_LOCAL; - } cls_rule_set_in_port(rule, port_no); break; @@ -565,8 +641,8 @@ parse_field_value(struct cls_rule *rule, enum field_index index, break; case F_DL_DST: - str_to_mac(value, mac); - cls_rule_set_dl_dst(rule, mac); + str_to_eth_dst(value, mac, mac_mask); + cls_rule_set_dl_dst_masked(rule, mac, mac_mask); break; case F_DL_TYPE: @@ -607,6 +683,41 @@ parse_field_value(struct cls_rule *rule, enum field_index index, cls_rule_set_icmp_code(rule, str_to_u32(value)); break; + case F_ARP_SHA: + str_to_mac(value, mac); + cls_rule_set_arp_sha(rule, mac); + break; + + case F_ARP_THA: + str_to_mac(value, mac); + cls_rule_set_arp_tha(rule, mac); + break; + + case F_IPV6_SRC: + str_to_ipv6(value, &ipv6, &ipv6_mask); + cls_rule_set_ipv6_src_masked(rule, &ipv6, &ipv6_mask); + break; + + case F_IPV6_DST: + str_to_ipv6(value, &ipv6, &ipv6_mask); + cls_rule_set_ipv6_dst_masked(rule, &ipv6, &ipv6_mask); + break; + + case F_ND_TARGET: + str_to_ipv6(value, &ipv6, NULL); + cls_rule_set_nd_target(rule, ipv6); + break; + + case F_ND_SLL: + str_to_mac(value, mac); + cls_rule_set_arp_sha(rule, mac); + break; + + case F_ND_TLL: + str_to_mac(value, mac); + cls_rule_set_arp_tha(rule, mac); + break; + case N_FIELDS: NOT_REACHED(); } @@ -633,18 +744,15 @@ parse_reg_value(struct cls_rule *rule, int reg_idx, const char *value) /* Convert 'string' (as described in the Flow Syntax section of the ovs-ofctl * man page) into 'pf'. If 'actions' is specified, an action must be in * 'string' and may be expanded or reallocated. */ -static void -parse_ofp_str(struct flow_mod *fm, uint8_t *table_idx, - struct ofpbuf *actions, char *string) +void +parse_ofp_str(struct flow_mod *fm, struct ofpbuf *actions, char *string) { char *save_ptr = NULL; char *name; - if (table_idx) { - *table_idx = 0xff; - } cls_rule_init_catchall(&fm->cr, OFP_DEFAULT_PRIORITY); fm->cookie = htonll(0); + fm->table_id = 0xff; fm->command = UINT16_MAX; fm->idle_timeout = OFP_FLOW_PERMANENT; fm->hard_timeout = OFP_FLOW_PERMANENT; @@ -690,8 +798,8 @@ parse_ofp_str(struct flow_mod *fm, uint8_t *table_idx, ovs_fatal(0, "field %s missing value", name); } - if (table_idx && !strcmp(name, "table")) { - *table_idx = atoi(value); + if (!strcmp(name, "table")) { + fm->table_id = atoi(value); } else if (!strcmp(name, "out_port")) { fm->out_port = atoi(value); } else if (!strcmp(name, "priority")) { @@ -711,6 +819,12 @@ parse_ofp_str(struct flow_mod *fm, uint8_t *table_idx, cls_rule_set_nw_src_masked(&fm->cr, 0, 0); } else if (f->index == F_NW_DST) { cls_rule_set_nw_dst_masked(&fm->cr, 0, 0); + } else if (f->index == F_IPV6_SRC) { + cls_rule_set_ipv6_src_masked(&fm->cr, + &in6addr_any, &in6addr_any); + } else if (f->index == F_IPV6_DST) { + cls_rule_set_ipv6_dst_masked(&fm->cr, + &in6addr_any, &in6addr_any); } else if (f->index == F_DL_VLAN) { cls_rule_set_any_vid(&fm->cr); } else if (f->index == F_DL_VLAN_PCP) { @@ -721,7 +835,8 @@ parse_ofp_str(struct flow_mod *fm, uint8_t *table_idx, } else { parse_field_value(&fm->cr, f->index, value); } - } else if (!strncmp(name, "reg", 3) && isdigit(name[3])) { + } else if (!strncmp(name, "reg", 3) + && isdigit((unsigned char) name[3])) { unsigned int reg_idx = atoi(name + 3); if (reg_idx >= FLOW_N_REGS) { ovs_fatal(0, "only %d registers supported", FLOW_N_REGS); @@ -742,19 +857,20 @@ parse_ofp_str(struct flow_mod *fm, uint8_t *table_idx, * flow. */ void parse_ofp_flow_mod_str(struct list *packets, enum nx_flow_format *cur_format, - char *string, uint16_t command) + bool *flow_mod_table_id, char *string, uint16_t command) { bool is_del = command == OFPFC_DELETE || command == OFPFC_DELETE_STRICT; enum nx_flow_format min_format, next_format; + struct cls_rule rule_copy; struct ofpbuf actions; struct ofpbuf *ofm; struct flow_mod fm; ofpbuf_init(&actions, 64); - parse_ofp_str(&fm, NULL, is_del ? NULL : &actions, string); + parse_ofp_str(&fm, is_del ? NULL : &actions, string); fm.command = command; - min_format = ofputil_min_flow_format(&fm.cr, true, fm.cookie); + min_format = ofputil_min_flow_format(&fm.cr); next_format = MAX(*cur_format, min_format); if (next_format != *cur_format) { struct ofpbuf *sff = ofputil_make_set_flow_format(next_format); @@ -762,7 +878,19 @@ parse_ofp_flow_mod_str(struct list *packets, enum nx_flow_format *cur_format, *cur_format = next_format; } - ofm = ofputil_encode_flow_mod(&fm, *cur_format); + /* Normalize a copy of the rule. This ensures that non-normalized flows + * get logged but doesn't affect what gets sent to the switch, so that the + * switch can do whatever it likes with the flow. */ + rule_copy = fm.cr; + ofputil_normalize_rule(&rule_copy, next_format); + + if (fm.table_id != 0xff && !*flow_mod_table_id) { + struct ofpbuf *sff = ofputil_make_flow_mod_table_id(true); + list_push_back(packets, &sff->list_node); + *flow_mod_table_id = true; + } + + ofm = ofputil_encode_flow_mod(&fm, *cur_format, *flow_mod_table_id); list_push_back(packets, &ofm->list_node); ofpbuf_uninit(&actions); @@ -772,30 +900,18 @@ parse_ofp_flow_mod_str(struct list *packets, enum nx_flow_format *cur_format, * 'stream' and the command is always OFPFC_ADD. Returns false if end-of-file * is reached before reading a flow, otherwise true. */ bool -parse_ofp_add_flow_file(struct list *packets, enum nx_flow_format *cur, - FILE *stream) +parse_ofp_flow_mod_file(struct list *packets, + enum nx_flow_format *cur, bool *flow_mod_table_id, + FILE *stream, uint16_t command) { - struct ds s = DS_EMPTY_INITIALIZER; - bool ok = false; - - while (!ds_get_line(&s, stream)) { - char *line = ds_cstr(&s); - char *comment; - - /* Delete comments. */ - comment = strchr(line, '#'); - if (comment) { - *comment = '\0'; - } - - /* Drop empty lines. */ - if (line[strspn(line, " \t\n")] == '\0') { - continue; - } - - parse_ofp_flow_mod_str(packets, cur, line, OFPFC_ADD); - ok = true; - break; + struct ds s; + bool ok; + + ds_init(&s); + ok = ds_get_preprocessed_line(&s, stream) == 0; + if (ok) { + parse_ofp_flow_mod_str(packets, cur, flow_mod_table_id, + ds_cstr(&s), command); } ds_destroy(&s); @@ -807,12 +923,10 @@ parse_ofp_flow_stats_request_str(struct flow_stats_request *fsr, bool aggregate, char *string) { struct flow_mod fm; - uint8_t table_id; - parse_ofp_str(&fm, &table_id, NULL, string); + parse_ofp_str(&fm, NULL, string); fsr->aggregate = aggregate; fsr->match = fm.cr; fsr->out_port = fm.out_port; - fsr->table_id = table_id; + fsr->table_id = fm.table_id; } -