X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=lib%2Fofp-util.c;h=6fe1611e255f76dca0084835df42f99636f26383;hb=f0fd1a1772665ea57662281d9cccadb0f0146196;hp=1125b83fc17752de195b11ee6479136da958fb45;hpb=685a51a5b89750cead1b2934c2079d2bb9c52a4a;p=sliver-openvswitch.git diff --git a/lib/ofp-util.c b/lib/ofp-util.c index 1125b83fc..6fe1611e2 100644 --- a/lib/ofp-util.c +++ b/lib/ofp-util.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2009, 2010, 2011 Nicira Networks. + * Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira Networks. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -18,10 +18,16 @@ #include "ofp-print.h" #include #include +#include +#include +#include #include +#include "autopath.h" +#include "bundle.h" #include "byte-order.h" #include "classifier.h" #include "dynamic-string.h" +#include "learn.h" #include "multipath.h" #include "nx-match.h" #include "ofp-errors.h" @@ -29,6 +35,7 @@ #include "ofpbuf.h" #include "packets.h" #include "random.h" +#include "unaligned.h" #include "type-props.h" #include "vlog.h" @@ -55,22 +62,12 @@ ofputil_wcbits_to_netmask(int wcbits) } /* Given the IP netmask 'netmask', returns the number of bits of the IP address - * that it wildcards. 'netmask' must be a CIDR netmask (see ip_is_cidr()). */ + * that it wildcards, that is, the number of 0-bits in 'netmask'. 'netmask' + * must be a CIDR netmask (see ip_is_cidr()). */ int ofputil_netmask_to_wcbits(ovs_be32 netmask) { - assert(ip_is_cidr(netmask)); -#if __GNUC__ >= 4 - return netmask == htonl(0) ? 32 : __builtin_ctz(ntohl(netmask)); -#else - int wcbits; - - for (wcbits = 32; netmask; wcbits--) { - netmask &= netmask - 1; - } - - return wcbits; -#endif + return 32 - ip_count_cidr_bits(netmask); } /* A list of the FWW_* and OFPFW_ bits that have the same value, meaning, and @@ -92,52 +89,37 @@ ofputil_netmask_to_wcbits(ovs_be32 netmask) /* WC_INVARIANTS is the invariant bits (as defined on WC_INVARIANT_LIST) all * OR'd together. */ -enum { - WC_INVARIANTS = 0 +static const flow_wildcards_t WC_INVARIANTS = 0 #define WC_INVARIANT_BIT(NAME) | FWW_##NAME WC_INVARIANT_LIST #undef WC_INVARIANT_BIT -}; +; -/* Converts the ofp_match in 'match' into a cls_rule in 'rule', with the given - * 'priority'. - * - * 'flow_format' must either NXFF_OPENFLOW10 or NXFF_TUN_ID_FROM_COOKIE. In - * the latter case only, 'flow''s tun_id field will be taken from the high bits - * of 'cookie', if 'match''s wildcards do not indicate that tun_id is - * wildcarded. */ +/* Converts the wildcard in 'ofpfw' into a flow_wildcards in 'wc' for use in + * struct cls_rule. It is the caller's responsibility to handle the special + * case where the flow match's dl_vlan is set to OFP_VLAN_NONE. */ void -ofputil_cls_rule_from_match(const struct ofp_match *match, - unsigned int priority, - enum nx_flow_format flow_format, - ovs_be64 cookie, struct cls_rule *rule) +ofputil_wildcard_from_openflow(uint32_t ofpfw, struct flow_wildcards *wc) { - struct flow_wildcards *wc = &rule->wc; - unsigned int ofpfw; - ovs_be16 vid, pcp; - - /* Initialize rule->priority. */ - ofpfw = ntohl(match->wildcards); - ofpfw &= flow_format == NXFF_TUN_ID_FROM_COOKIE ? OVSFW_ALL : OFPFW_ALL; - rule->priority = !ofpfw ? UINT16_MAX : priority; + BUILD_ASSERT_DECL(FLOW_WC_SEQ == 7); /* Initialize most of rule->wc. */ flow_wildcards_init_catchall(wc); - wc->wildcards = ofpfw & WC_INVARIANTS; + wc->wildcards = (OVS_FORCE flow_wildcards_t) ofpfw & WC_INVARIANTS; /* Wildcard fields that aren't defined by ofp_match or tun_id. */ - wc->wildcards |= (FWW_ARP_SHA | FWW_ARP_THA | FWW_ND_TARGET); + wc->wildcards |= (FWW_ARP_SHA | FWW_ARP_THA | FWW_NW_ECN | FWW_NW_TTL + | FWW_ND_TARGET | FWW_IPV6_LABEL); if (ofpfw & OFPFW_NW_TOS) { - wc->wildcards |= FWW_NW_TOS; + /* OpenFlow 1.0 defines a TOS wildcard, but it's much later in + * the enum than we can use. */ + wc->wildcards |= FWW_NW_DSCP; } + wc->nw_src_mask = ofputil_wcbits_to_netmask(ofpfw >> OFPFW_NW_SRC_SHIFT); wc->nw_dst_mask = ofputil_wcbits_to_netmask(ofpfw >> OFPFW_NW_DST_SHIFT); - if (flow_format == NXFF_TUN_ID_FROM_COOKIE && !(ofpfw & NXFW_TUN_ID)) { - rule->flow.tun_id = htonll(ntohll(cookie) >> 32); - } - if (ofpfw & OFPFW_DL_DST) { /* OpenFlow 1.0 OFPFW_DL_DST covers the whole Ethernet destination, but * Open vSwitch breaks the Ethernet destination into bits as FWW_DL_DST @@ -145,107 +127,79 @@ ofputil_cls_rule_from_match(const struct ofp_match *match, wc->wildcards |= FWW_ETH_MCAST; } + /* VLAN TCI mask. */ + if (!(ofpfw & OFPFW_DL_VLAN_PCP)) { + wc->vlan_tci_mask |= htons(VLAN_PCP_MASK | VLAN_CFI); + } + if (!(ofpfw & OFPFW_DL_VLAN)) { + wc->vlan_tci_mask |= htons(VLAN_VID_MASK | VLAN_CFI); + } +} + +/* Converts the ofp_match in 'match' into a cls_rule in 'rule', with the given + * 'priority'. */ +void +ofputil_cls_rule_from_match(const struct ofp_match *match, + unsigned int priority, struct cls_rule *rule) +{ + uint32_t ofpfw = ntohl(match->wildcards) & OFPFW_ALL; + + /* Initialize rule->priority, rule->wc. */ + rule->priority = !ofpfw ? UINT16_MAX : priority; + ofputil_wildcard_from_openflow(ofpfw, &rule->wc); + /* Initialize most of rule->flow. */ rule->flow.nw_src = match->nw_src; rule->flow.nw_dst = match->nw_dst; - rule->flow.in_port = (match->in_port == htons(OFPP_LOCAL) ? ODPP_LOCAL - : ntohs(match->in_port)); + rule->flow.in_port = ntohs(match->in_port); rule->flow.dl_type = ofputil_dl_type_from_openflow(match->dl_type); rule->flow.tp_src = match->tp_src; rule->flow.tp_dst = match->tp_dst; memcpy(rule->flow.dl_src, match->dl_src, ETH_ADDR_LEN); memcpy(rule->flow.dl_dst, match->dl_dst, ETH_ADDR_LEN); - rule->flow.nw_tos = match->nw_tos; + rule->flow.nw_tos = match->nw_tos & IP_DSCP_MASK; rule->flow.nw_proto = match->nw_proto; /* Translate VLANs. */ - vid = match->dl_vlan & htons(VLAN_VID_MASK); - pcp = htons((match->dl_vlan_pcp << VLAN_PCP_SHIFT) & VLAN_PCP_MASK); - switch (ofpfw & (OFPFW_DL_VLAN | OFPFW_DL_VLAN_PCP)) { - case OFPFW_DL_VLAN | OFPFW_DL_VLAN_PCP: - /* Wildcard everything. */ + if (!(ofpfw & OFPFW_DL_VLAN) && match->dl_vlan == htons(OFP_VLAN_NONE)) { + /* Match only packets without 802.1Q header. + * + * When OFPFW_DL_VLAN_PCP is wildcarded, this is obviously correct. + * + * If OFPFW_DL_VLAN_PCP is matched, the flow match is contradictory, + * because we can't have a specific PCP without an 802.1Q header. + * However, older versions of OVS treated this as matching packets + * withut an 802.1Q header, so we do here too. */ rule->flow.vlan_tci = htons(0); - rule->wc.vlan_tci_mask = htons(0); - break; - - case OFPFW_DL_VLAN_PCP: - if (match->dl_vlan == htons(OFP_VLAN_NONE)) { - /* Match only packets without 802.1Q header. */ - rule->flow.vlan_tci = htons(0); - rule->wc.vlan_tci_mask = htons(0xffff); - } else { - /* Wildcard PCP, specific VID. */ - rule->flow.vlan_tci = vid | htons(VLAN_CFI); - rule->wc.vlan_tci_mask = htons(VLAN_VID_MASK | VLAN_CFI); - } - break; - - case OFPFW_DL_VLAN: - /* Wildcard VID, specific PCP. */ - rule->flow.vlan_tci = pcp | htons(VLAN_CFI); - rule->wc.vlan_tci_mask = htons(VLAN_PCP_MASK | VLAN_CFI); - break; + rule->wc.vlan_tci_mask = htons(0xffff); + } else { + ovs_be16 vid, pcp, tci; - case 0: - if (match->dl_vlan == htons(OFP_VLAN_NONE)) { - /* This case is odd, since we can't have a specific PCP without an - * 802.1Q header. However, older versions of OVS treated this as - * matching packets withut an 802.1Q header, so we do here too. */ - rule->flow.vlan_tci = htons(0); - rule->wc.vlan_tci_mask = htons(0xffff); - } else { - /* Specific VID and PCP. */ - rule->flow.vlan_tci = vid | pcp | htons(VLAN_CFI); - rule->wc.vlan_tci_mask = htons(0xffff); - } - break; + vid = match->dl_vlan & htons(VLAN_VID_MASK); + pcp = htons((match->dl_vlan_pcp << VLAN_PCP_SHIFT) & VLAN_PCP_MASK); + tci = vid | pcp | htons(VLAN_CFI); + rule->flow.vlan_tci = tci & rule->wc.vlan_tci_mask; } /* Clean up. */ cls_rule_zero_wildcarded_fields(rule); } -/* Convert 'rule' into the OpenFlow match structure 'match'. 'flow_format' - * must either NXFF_OPENFLOW10 or NXFF_TUN_ID_FROM_COOKIE. - * - * The NXFF_TUN_ID_FROM_COOKIE flow format requires modifying the flow cookie. - * This function can help with that, if 'cookie_out' is nonnull. For - * NXFF_OPENFLOW10, or if the tunnel ID is wildcarded, 'cookie_in' will be - * copied directly to '*cookie_out'. For NXFF_TUN_ID_FROM_COOKIE when tunnel - * ID is matched, 'cookie_in' will be modified appropriately before setting - * '*cookie_out'. - */ +/* Convert 'rule' into the OpenFlow match structure 'match'. */ void -ofputil_cls_rule_to_match(const struct cls_rule *rule, - enum nx_flow_format flow_format, - struct ofp_match *match, - ovs_be64 cookie_in, ovs_be64 *cookie_out) +ofputil_cls_rule_to_match(const struct cls_rule *rule, struct ofp_match *match) { const struct flow_wildcards *wc = &rule->wc; - unsigned int ofpfw; + uint32_t ofpfw; /* Figure out most OpenFlow wildcards. */ - ofpfw = wc->wildcards & WC_INVARIANTS; + ofpfw = (OVS_FORCE uint32_t) (wc->wildcards & WC_INVARIANTS); ofpfw |= ofputil_netmask_to_wcbits(wc->nw_src_mask) << OFPFW_NW_SRC_SHIFT; ofpfw |= ofputil_netmask_to_wcbits(wc->nw_dst_mask) << OFPFW_NW_DST_SHIFT; - if (wc->wildcards & FWW_NW_TOS) { + if (wc->wildcards & FWW_NW_DSCP) { ofpfw |= OFPFW_NW_TOS; } - /* Tunnel ID. */ - if (flow_format == NXFF_TUN_ID_FROM_COOKIE) { - if (wc->tun_id_mask == htonll(0)) { - ofpfw |= NXFW_TUN_ID; - } else { - uint32_t cookie_lo = ntohll(cookie_in); - uint32_t cookie_hi = ntohll(rule->flow.tun_id); - cookie_in = htonll(cookie_lo | ((uint64_t) cookie_hi << 32)); - } - } - if (cookie_out) { - *cookie_out = cookie_in; - } - /* Translate VLANs. */ match->dl_vlan = htons(0); match->dl_vlan_pcp = 0; @@ -270,14 +224,13 @@ ofputil_cls_rule_to_match(const struct cls_rule *rule, /* Compose most of the match structure. */ match->wildcards = htonl(ofpfw); - match->in_port = htons(rule->flow.in_port == ODPP_LOCAL ? OFPP_LOCAL - : rule->flow.in_port); + match->in_port = htons(rule->flow.in_port); memcpy(match->dl_src, rule->flow.dl_src, ETH_ADDR_LEN); memcpy(match->dl_dst, rule->flow.dl_dst, ETH_ADDR_LEN); match->dl_type = ofputil_dl_type_to_openflow(rule->flow.dl_type); match->nw_src = rule->flow.nw_src; match->nw_dst = rule->flow.nw_dst; - match->nw_tos = rule->flow.nw_tos; + match->nw_tos = rule->flow.nw_tos & IP_DSCP_MASK; match->nw_proto = rule->flow.nw_proto; match->tp_src = rule->flow.tp_src; match->tp_dst = rule->flow.tp_dst; @@ -318,6 +271,7 @@ alloc_xid(void) struct ofputil_msg_type { enum ofputil_msg_code code; /* OFPUTIL_*. */ + uint8_t ofp_version; /* An OpenFlow version or 0 for "any". */ uint32_t value; /* OFPT_*, OFPST_*, NXT_*, or NXST_*. */ const char *name; /* e.g. "OFPT_FLOW_REMOVED". */ unsigned int min_size; /* Minimum total message size in bytes. */ @@ -326,63 +280,64 @@ struct ofputil_msg_type { unsigned int extra_multiple; }; +/* Represents a malformed OpenFlow message. */ +static const struct ofputil_msg_type ofputil_invalid_type = { + OFPUTIL_MSG_INVALID, 0, 0, "OFPUTIL_MSG_INVALID", 0, 0 +}; + struct ofputil_msg_category { const char *name; /* e.g. "OpenFlow message" */ const struct ofputil_msg_type *types; size_t n_types; - int missing_error; /* ofp_mkerr() value for missing type. */ + enum ofperr missing_error; /* Error value for missing type. */ }; -static bool -ofputil_length_ok(const struct ofputil_msg_category *cat, - const struct ofputil_msg_type *type, - unsigned int size) +static enum ofperr +ofputil_check_length(const struct ofputil_msg_type *type, unsigned int size) { switch (type->extra_multiple) { case 0: if (size != type->min_size) { - VLOG_WARN_RL(&bad_ofmsg_rl, "received %s %s with incorrect " + VLOG_WARN_RL(&bad_ofmsg_rl, "received %s with incorrect " "length %u (expected length %u)", - cat->name, type->name, size, type->min_size); - return false; + type->name, size, type->min_size); + return OFPERR_OFPBRC_BAD_LEN; } - return true; + return 0; case 1: if (size < type->min_size) { - VLOG_WARN_RL(&bad_ofmsg_rl, "received %s %s with incorrect " + VLOG_WARN_RL(&bad_ofmsg_rl, "received %s with incorrect " "length %u (expected length at least %u bytes)", - cat->name, type->name, size, type->min_size); - return false; + type->name, size, type->min_size); + return OFPERR_OFPBRC_BAD_LEN; } - return true; + return 0; default: if (size < type->min_size || (size - type->min_size) % type->extra_multiple) { - VLOG_WARN_RL(&bad_ofmsg_rl, "received %s %s with incorrect " + VLOG_WARN_RL(&bad_ofmsg_rl, "received %s with incorrect " "length %u (must be exactly %u bytes or longer " "by an integer multiple of %u bytes)", - cat->name, type->name, size, + type->name, size, type->min_size, type->extra_multiple); - return false; + return OFPERR_OFPBRC_BAD_LEN; } - return true; + return 0; } } -static int +static enum ofperr ofputil_lookup_openflow_message(const struct ofputil_msg_category *cat, - uint32_t value, unsigned int size, + uint8_t version, uint32_t value, const struct ofputil_msg_type **typep) { const struct ofputil_msg_type *type; for (type = cat->types; type < &cat->types[cat->n_types]; type++) { - if (type->value == value) { - if (!ofputil_length_ok(cat, type, size)) { - return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN); - } + if (type->value == value + && (!type->ofp_version || version == type->ofp_version)) { *typep = type; return 0; } @@ -393,105 +348,122 @@ ofputil_lookup_openflow_message(const struct ofputil_msg_category *cat, return cat->missing_error; } -static int -ofputil_decode_vendor(const struct ofp_header *oh, +static enum ofperr +ofputil_decode_vendor(const struct ofp_header *oh, size_t length, const struct ofputil_msg_type **typep) { static const struct ofputil_msg_type nxt_messages[] = { - { OFPUTIL_NXT_STATUS_REQUEST, - NXT_STATUS_REQUEST, "NXT_STATUS_REQUEST", - sizeof(struct nicira_header), 1 }, - - { OFPUTIL_NXT_STATUS_REPLY, - NXT_STATUS_REPLY, "NXT_STATUS_REPLY", - sizeof(struct nicira_header), 1 }, - - { OFPUTIL_NXT_TUN_ID_FROM_COOKIE, - NXT_TUN_ID_FROM_COOKIE, "NXT_TUN_ID_FROM_COOKIE", - sizeof(struct nxt_tun_id_cookie), 0 }, - - { OFPUTIL_NXT_ROLE_REQUEST, + { OFPUTIL_NXT_ROLE_REQUEST, OFP10_VERSION, NXT_ROLE_REQUEST, "NXT_ROLE_REQUEST", sizeof(struct nx_role_request), 0 }, - { OFPUTIL_NXT_ROLE_REPLY, + { OFPUTIL_NXT_ROLE_REPLY, OFP10_VERSION, NXT_ROLE_REPLY, "NXT_ROLE_REPLY", sizeof(struct nx_role_request), 0 }, - { OFPUTIL_NXT_SET_FLOW_FORMAT, + { OFPUTIL_NXT_SET_FLOW_FORMAT, OFP10_VERSION, NXT_SET_FLOW_FORMAT, "NXT_SET_FLOW_FORMAT", - sizeof(struct nxt_set_flow_format), 0 }, + sizeof(struct nx_set_flow_format), 0 }, + + { OFPUTIL_NXT_SET_PACKET_IN_FORMAT, OFP10_VERSION, + NXT_SET_PACKET_IN_FORMAT, "NXT_SET_PACKET_IN_FORMAT", + sizeof(struct nx_set_packet_in_format), 0 }, + + { OFPUTIL_NXT_PACKET_IN, OFP10_VERSION, + NXT_PACKET_IN, "NXT_PACKET_IN", + sizeof(struct nx_packet_in), 1 }, - { OFPUTIL_NXT_FLOW_MOD, + { OFPUTIL_NXT_FLOW_MOD, OFP10_VERSION, NXT_FLOW_MOD, "NXT_FLOW_MOD", sizeof(struct nx_flow_mod), 8 }, - { OFPUTIL_NXT_FLOW_REMOVED, + { OFPUTIL_NXT_FLOW_REMOVED, OFP10_VERSION, NXT_FLOW_REMOVED, "NXT_FLOW_REMOVED", sizeof(struct nx_flow_removed), 8 }, + + { OFPUTIL_NXT_FLOW_MOD_TABLE_ID, OFP10_VERSION, + NXT_FLOW_MOD_TABLE_ID, "NXT_FLOW_MOD_TABLE_ID", + sizeof(struct nx_flow_mod_table_id), 0 }, }; static const struct ofputil_msg_category nxt_category = { "Nicira extension message", nxt_messages, ARRAY_SIZE(nxt_messages), - OFP_MKERR(OFPET_BAD_REQUEST, OFPBRC_BAD_SUBTYPE) + OFPERR_OFPBRC_BAD_SUBTYPE }; const struct ofp_vendor_header *ovh; const struct nicira_header *nh; + if (length < sizeof(struct ofp_vendor_header)) { + if (length == ntohs(oh->length)) { + VLOG_WARN_RL(&bad_ofmsg_rl, "truncated vendor message"); + } + return OFPERR_OFPBRC_BAD_LEN; + } + ovh = (const struct ofp_vendor_header *) oh; if (ovh->vendor != htonl(NX_VENDOR_ID)) { VLOG_WARN_RL(&bad_ofmsg_rl, "received vendor message for unknown " "vendor %"PRIx32, ntohl(ovh->vendor)); - return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_VENDOR); + return OFPERR_OFPBRC_BAD_VENDOR; } - if (ntohs(ovh->header.length) < sizeof(struct nicira_header)) { - VLOG_WARN_RL(&bad_ofmsg_rl, "received Nicira vendor message of " - "length %u (expected at least %zu)", - ntohs(ovh->header.length), sizeof(struct nicira_header)); - return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN); + if (length < sizeof(struct nicira_header)) { + if (length == ntohs(oh->length)) { + VLOG_WARN_RL(&bad_ofmsg_rl, "received Nicira vendor message of " + "length %u (expected at least %zu)", + ntohs(ovh->header.length), + sizeof(struct nicira_header)); + } + return OFPERR_OFPBRC_BAD_LEN; } nh = (const struct nicira_header *) oh; - return ofputil_lookup_openflow_message(&nxt_category, ntohl(nh->subtype), - ntohs(oh->length), typep); + return ofputil_lookup_openflow_message(&nxt_category, oh->version, + ntohl(nh->subtype), typep); } -static int -check_nxstats_msg(const struct ofp_header *oh) +static enum ofperr +check_nxstats_msg(const struct ofp_header *oh, size_t length) { - const struct ofp_stats_request *osr; + const struct ofp_stats_msg *osm = (const struct ofp_stats_msg *) oh; ovs_be32 vendor; - osr = (const struct ofp_stats_request *) oh; + if (length < sizeof(struct ofp_vendor_stats_msg)) { + if (length == ntohs(oh->length)) { + VLOG_WARN_RL(&bad_ofmsg_rl, "truncated vendor stats message"); + } + return OFPERR_OFPBRC_BAD_LEN; + } - memcpy(&vendor, osr->body, sizeof vendor); + memcpy(&vendor, osm + 1, sizeof vendor); if (vendor != htonl(NX_VENDOR_ID)) { VLOG_WARN_RL(&bad_ofmsg_rl, "received vendor stats message for " "unknown vendor %"PRIx32, ntohl(vendor)); - return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_VENDOR); + return OFPERR_OFPBRC_BAD_VENDOR; } - if (ntohs(osr->header.length) < sizeof(struct nicira_stats_msg)) { - VLOG_WARN_RL(&bad_ofmsg_rl, "truncated Nicira stats message"); - return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN); + if (length < sizeof(struct nicira_stats_msg)) { + if (length == ntohs(osm->header.length)) { + VLOG_WARN_RL(&bad_ofmsg_rl, "truncated Nicira stats message"); + } + return OFPERR_OFPBRC_BAD_LEN; } return 0; } -static int -ofputil_decode_nxst_request(const struct ofp_header *oh, +static enum ofperr +ofputil_decode_nxst_request(const struct ofp_header *oh, size_t length, const struct ofputil_msg_type **typep) { static const struct ofputil_msg_type nxst_requests[] = { - { OFPUTIL_NXST_FLOW_REQUEST, + { OFPUTIL_NXST_FLOW_REQUEST, OFP10_VERSION, NXST_FLOW, "NXST_FLOW request", sizeof(struct nx_flow_stats_request), 8 }, - { OFPUTIL_NXST_AGGREGATE_REQUEST, + { OFPUTIL_NXST_AGGREGATE_REQUEST, OFP10_VERSION, NXST_AGGREGATE, "NXST_AGGREGATE request", sizeof(struct nx_aggregate_stats_request), 8 }, }; @@ -499,33 +471,32 @@ ofputil_decode_nxst_request(const struct ofp_header *oh, static const struct ofputil_msg_category nxst_request_category = { "Nicira extension statistics request", nxst_requests, ARRAY_SIZE(nxst_requests), - OFP_MKERR(OFPET_BAD_REQUEST, OFPBRC_BAD_SUBTYPE) + OFPERR_OFPBRC_BAD_SUBTYPE }; const struct nicira_stats_msg *nsm; - int error; + enum ofperr error; - error = check_nxstats_msg(oh); + error = check_nxstats_msg(oh, length); if (error) { return error; } nsm = (struct nicira_stats_msg *) oh; - return ofputil_lookup_openflow_message(&nxst_request_category, - ntohl(nsm->subtype), - ntohs(oh->length), typep); + return ofputil_lookup_openflow_message(&nxst_request_category, oh->version, + ntohl(nsm->subtype), typep); } -static int -ofputil_decode_nxst_reply(const struct ofp_header *oh, +static enum ofperr +ofputil_decode_nxst_reply(const struct ofp_header *oh, size_t length, const struct ofputil_msg_type **typep) { static const struct ofputil_msg_type nxst_replies[] = { - { OFPUTIL_NXST_FLOW_REPLY, + { OFPUTIL_NXST_FLOW_REPLY, OFP10_VERSION, NXST_FLOW, "NXST_FLOW reply", sizeof(struct nicira_stats_msg), 8 }, - { OFPUTIL_NXST_AGGREGATE_REPLY, + { OFPUTIL_NXST_AGGREGATE_REPLY, OFP10_VERSION, NXST_AGGREGATE, "NXST_AGGREGATE reply", sizeof(struct nx_aggregate_stats_reply), 0 }, }; @@ -533,222 +504,230 @@ ofputil_decode_nxst_reply(const struct ofp_header *oh, static const struct ofputil_msg_category nxst_reply_category = { "Nicira extension statistics reply", nxst_replies, ARRAY_SIZE(nxst_replies), - OFP_MKERR(OFPET_BAD_REQUEST, OFPBRC_BAD_SUBTYPE) + OFPERR_OFPBRC_BAD_SUBTYPE }; const struct nicira_stats_msg *nsm; - int error; + enum ofperr error; - error = check_nxstats_msg(oh); + error = check_nxstats_msg(oh, length); if (error) { return error; } nsm = (struct nicira_stats_msg *) oh; - return ofputil_lookup_openflow_message(&nxst_reply_category, - ntohl(nsm->subtype), - ntohs(oh->length), typep); + return ofputil_lookup_openflow_message(&nxst_reply_category, oh->version, + ntohl(nsm->subtype), typep); } -static int -ofputil_decode_ofpst_request(const struct ofp_header *oh, +static enum ofperr +check_stats_msg(const struct ofp_header *oh, size_t length) +{ + if (length < sizeof(struct ofp_stats_msg)) { + if (length == ntohs(oh->length)) { + VLOG_WARN_RL(&bad_ofmsg_rl, "truncated stats message"); + } + return OFPERR_OFPBRC_BAD_LEN; + } + + return 0; +} + +static enum ofperr +ofputil_decode_ofpst_request(const struct ofp_header *oh, size_t length, const struct ofputil_msg_type **typep) { - enum { OSR_SIZE = sizeof(struct ofp_stats_request) }; static const struct ofputil_msg_type ofpst_requests[] = { - { OFPUTIL_OFPST_DESC_REQUEST, + { OFPUTIL_OFPST_DESC_REQUEST, OFP10_VERSION, OFPST_DESC, "OFPST_DESC request", - OSR_SIZE, 0 }, + sizeof(struct ofp_stats_msg), 0 }, - { OFPUTIL_OFPST_FLOW_REQUEST, + { OFPUTIL_OFPST_FLOW_REQUEST, OFP10_VERSION, OFPST_FLOW, "OFPST_FLOW request", - OSR_SIZE + sizeof(struct ofp_flow_stats_request), 0 }, + sizeof(struct ofp_flow_stats_request), 0 }, - { OFPUTIL_OFPST_AGGREGATE_REQUEST, + { OFPUTIL_OFPST_AGGREGATE_REQUEST, OFP10_VERSION, OFPST_AGGREGATE, "OFPST_AGGREGATE request", - OSR_SIZE + sizeof(struct ofp_aggregate_stats_request), 0 }, + sizeof(struct ofp_flow_stats_request), 0 }, - { OFPUTIL_OFPST_TABLE_REQUEST, + { OFPUTIL_OFPST_TABLE_REQUEST, OFP10_VERSION, OFPST_TABLE, "OFPST_TABLE request", - OSR_SIZE, 0 }, + sizeof(struct ofp_stats_msg), 0 }, - { OFPUTIL_OFPST_PORT_REQUEST, + { OFPUTIL_OFPST_PORT_REQUEST, OFP10_VERSION, OFPST_PORT, "OFPST_PORT request", - OSR_SIZE + sizeof(struct ofp_port_stats_request), 0 }, + sizeof(struct ofp_port_stats_request), 0 }, - { OFPUTIL_OFPST_QUEUE_REQUEST, + { OFPUTIL_OFPST_QUEUE_REQUEST, OFP10_VERSION, OFPST_QUEUE, "OFPST_QUEUE request", - OSR_SIZE + sizeof(struct ofp_queue_stats_request), 0 }, + sizeof(struct ofp_queue_stats_request), 0 }, - { 0, + { 0, 0, OFPST_VENDOR, "OFPST_VENDOR request", - OSR_SIZE + sizeof(uint32_t), 1 }, + sizeof(struct ofp_vendor_stats_msg), 1 }, }; static const struct ofputil_msg_category ofpst_request_category = { "OpenFlow statistics", ofpst_requests, ARRAY_SIZE(ofpst_requests), - OFP_MKERR(OFPET_BAD_REQUEST, OFPBRC_BAD_STAT) + OFPERR_OFPBRC_BAD_STAT }; - const struct ofp_stats_request *osr; - int error; + const struct ofp_stats_msg *request = (const struct ofp_stats_msg *) oh; + enum ofperr error; + + error = check_stats_msg(oh, length); + if (error) { + return error; + } - osr = (const struct ofp_stats_request *) oh; error = ofputil_lookup_openflow_message(&ofpst_request_category, - ntohs(osr->type), - ntohs(oh->length), typep); - if (!error && osr->type == htons(OFPST_VENDOR)) { - error = ofputil_decode_nxst_request(oh, typep); + oh->version, ntohs(request->type), + typep); + if (!error && request->type == htons(OFPST_VENDOR)) { + error = ofputil_decode_nxst_request(oh, length, typep); } return error; } -static int -ofputil_decode_ofpst_reply(const struct ofp_header *oh, +static enum ofperr +ofputil_decode_ofpst_reply(const struct ofp_header *oh, size_t length, const struct ofputil_msg_type **typep) { - enum { OSR_SIZE = sizeof(struct ofp_stats_reply) }; static const struct ofputil_msg_type ofpst_replies[] = { - { OFPUTIL_OFPST_DESC_REPLY, + { OFPUTIL_OFPST_DESC_REPLY, OFP10_VERSION, OFPST_DESC, "OFPST_DESC reply", - OSR_SIZE + sizeof(struct ofp_desc_stats), 0 }, + sizeof(struct ofp_desc_stats), 0 }, - { OFPUTIL_OFPST_FLOW_REPLY, + { OFPUTIL_OFPST_FLOW_REPLY, OFP10_VERSION, OFPST_FLOW, "OFPST_FLOW reply", - OSR_SIZE, 1 }, + sizeof(struct ofp_stats_msg), 1 }, - { OFPUTIL_OFPST_AGGREGATE_REPLY, + { OFPUTIL_OFPST_AGGREGATE_REPLY, OFP10_VERSION, OFPST_AGGREGATE, "OFPST_AGGREGATE reply", - OSR_SIZE + sizeof(struct ofp_aggregate_stats_reply), 0 }, + sizeof(struct ofp_aggregate_stats_reply), 0 }, - { OFPUTIL_OFPST_TABLE_REPLY, + { OFPUTIL_OFPST_TABLE_REPLY, OFP10_VERSION, OFPST_TABLE, "OFPST_TABLE reply", - OSR_SIZE, sizeof(struct ofp_table_stats) }, + sizeof(struct ofp_stats_msg), sizeof(struct ofp_table_stats) }, - { OFPUTIL_OFPST_PORT_REPLY, + { OFPUTIL_OFPST_PORT_REPLY, OFP10_VERSION, OFPST_PORT, "OFPST_PORT reply", - OSR_SIZE, sizeof(struct ofp_port_stats) }, + sizeof(struct ofp_stats_msg), sizeof(struct ofp_port_stats) }, - { OFPUTIL_OFPST_QUEUE_REPLY, + { OFPUTIL_OFPST_QUEUE_REPLY, OFP10_VERSION, OFPST_QUEUE, "OFPST_QUEUE reply", - OSR_SIZE, sizeof(struct ofp_queue_stats) }, + sizeof(struct ofp_stats_msg), sizeof(struct ofp_queue_stats) }, - { 0, + { 0, 0, OFPST_VENDOR, "OFPST_VENDOR reply", - OSR_SIZE + sizeof(uint32_t), 1 }, + sizeof(struct ofp_vendor_stats_msg), 1 }, }; static const struct ofputil_msg_category ofpst_reply_category = { "OpenFlow statistics", ofpst_replies, ARRAY_SIZE(ofpst_replies), - OFP_MKERR(OFPET_BAD_REQUEST, OFPBRC_BAD_STAT) + OFPERR_OFPBRC_BAD_STAT }; - const struct ofp_stats_reply *osr = (const struct ofp_stats_reply *) oh; - int error; + const struct ofp_stats_msg *reply = (const struct ofp_stats_msg *) oh; + enum ofperr error; + + error = check_stats_msg(oh, length); + if (error) { + return error; + } - error = ofputil_lookup_openflow_message(&ofpst_reply_category, - ntohs(osr->type), - ntohs(oh->length), typep); - if (!error && osr->type == htons(OFPST_VENDOR)) { - error = ofputil_decode_nxst_reply(oh, typep); + error = ofputil_lookup_openflow_message(&ofpst_reply_category, oh->version, + ntohs(reply->type), typep); + if (!error && reply->type == htons(OFPST_VENDOR)) { + error = ofputil_decode_nxst_reply(oh, length, typep); } return error; } -/* Decodes the message type represented by 'oh'. Returns 0 if successful or - * an OpenFlow error code constructed with ofp_mkerr() on failure. Either - * way, stores in '*typep' a type structure that can be inspected with the - * ofputil_msg_type_*() functions. - * - * oh->length must indicate the correct length of the message (and must be at - * least sizeof(struct ofp_header)). - * - * Success indicates that 'oh' is at least as long as the minimum-length - * message of its type. */ -int -ofputil_decode_msg_type(const struct ofp_header *oh, - const struct ofputil_msg_type **typep) +static enum ofperr +ofputil_decode_msg_type__(const struct ofp_header *oh, size_t length, + const struct ofputil_msg_type **typep) { static const struct ofputil_msg_type ofpt_messages[] = { - { OFPUTIL_OFPT_HELLO, + { OFPUTIL_OFPT_HELLO, OFP10_VERSION, OFPT_HELLO, "OFPT_HELLO", sizeof(struct ofp_hello), 1 }, - { OFPUTIL_OFPT_ERROR, + { OFPUTIL_OFPT_ERROR, 0, OFPT_ERROR, "OFPT_ERROR", sizeof(struct ofp_error_msg), 1 }, - { OFPUTIL_OFPT_ECHO_REQUEST, + { OFPUTIL_OFPT_ECHO_REQUEST, OFP10_VERSION, OFPT_ECHO_REQUEST, "OFPT_ECHO_REQUEST", sizeof(struct ofp_header), 1 }, - { OFPUTIL_OFPT_ECHO_REPLY, + { OFPUTIL_OFPT_ECHO_REPLY, OFP10_VERSION, OFPT_ECHO_REPLY, "OFPT_ECHO_REPLY", sizeof(struct ofp_header), 1 }, - { OFPUTIL_OFPT_FEATURES_REQUEST, + { OFPUTIL_OFPT_FEATURES_REQUEST, OFP10_VERSION, OFPT_FEATURES_REQUEST, "OFPT_FEATURES_REQUEST", sizeof(struct ofp_header), 0 }, - { OFPUTIL_OFPT_FEATURES_REPLY, + { OFPUTIL_OFPT_FEATURES_REPLY, OFP10_VERSION, OFPT_FEATURES_REPLY, "OFPT_FEATURES_REPLY", sizeof(struct ofp_switch_features), sizeof(struct ofp_phy_port) }, - { OFPUTIL_OFPT_GET_CONFIG_REQUEST, + { OFPUTIL_OFPT_GET_CONFIG_REQUEST, OFP10_VERSION, OFPT_GET_CONFIG_REQUEST, "OFPT_GET_CONFIG_REQUEST", sizeof(struct ofp_header), 0 }, - { OFPUTIL_OFPT_GET_CONFIG_REPLY, + { OFPUTIL_OFPT_GET_CONFIG_REPLY, OFP10_VERSION, OFPT_GET_CONFIG_REPLY, "OFPT_GET_CONFIG_REPLY", sizeof(struct ofp_switch_config), 0 }, - { OFPUTIL_OFPT_SET_CONFIG, + { OFPUTIL_OFPT_SET_CONFIG, OFP10_VERSION, OFPT_SET_CONFIG, "OFPT_SET_CONFIG", sizeof(struct ofp_switch_config), 0 }, - { OFPUTIL_OFPT_PACKET_IN, + { OFPUTIL_OFPT_PACKET_IN, OFP10_VERSION, OFPT_PACKET_IN, "OFPT_PACKET_IN", offsetof(struct ofp_packet_in, data), 1 }, - { OFPUTIL_OFPT_FLOW_REMOVED, + { OFPUTIL_OFPT_FLOW_REMOVED, OFP10_VERSION, OFPT_FLOW_REMOVED, "OFPT_FLOW_REMOVED", sizeof(struct ofp_flow_removed), 0 }, - { OFPUTIL_OFPT_PORT_STATUS, + { OFPUTIL_OFPT_PORT_STATUS, OFP10_VERSION, OFPT_PORT_STATUS, "OFPT_PORT_STATUS", sizeof(struct ofp_port_status), 0 }, - { OFPUTIL_OFPT_PACKET_OUT, + { OFPUTIL_OFPT_PACKET_OUT, OFP10_VERSION, OFPT_PACKET_OUT, "OFPT_PACKET_OUT", sizeof(struct ofp_packet_out), 1 }, - { OFPUTIL_OFPT_FLOW_MOD, + { OFPUTIL_OFPT_FLOW_MOD, OFP10_VERSION, OFPT_FLOW_MOD, "OFPT_FLOW_MOD", sizeof(struct ofp_flow_mod), 1 }, - { OFPUTIL_OFPT_PORT_MOD, + { OFPUTIL_OFPT_PORT_MOD, OFP10_VERSION, OFPT_PORT_MOD, "OFPT_PORT_MOD", sizeof(struct ofp_port_mod), 0 }, - { 0, + { 0, OFP10_VERSION, OFPT_STATS_REQUEST, "OFPT_STATS_REQUEST", - sizeof(struct ofp_stats_request), 1 }, + sizeof(struct ofp_stats_msg), 1 }, - { 0, + { 0, OFP10_VERSION, OFPT_STATS_REPLY, "OFPT_STATS_REPLY", - sizeof(struct ofp_stats_reply), 1 }, + sizeof(struct ofp_stats_msg), 1 }, - { OFPUTIL_OFPT_BARRIER_REQUEST, + { OFPUTIL_OFPT_BARRIER_REQUEST, OFP10_VERSION, OFPT_BARRIER_REQUEST, "OFPT_BARRIER_REQUEST", sizeof(struct ofp_header), 0 }, - { OFPUTIL_OFPT_BARRIER_REPLY, + { OFPUTIL_OFPT_BARRIER_REPLY, OFP10_VERSION, OFPT_BARRIER_REPLY, "OFPT_BARRIER_REPLY", sizeof(struct ofp_header), 0 }, - { 0, + { 0, 0, OFPT_VENDOR, "OFPT_VENDOR", sizeof(struct ofp_vendor_header), 1 }, }; @@ -756,37 +735,73 @@ ofputil_decode_msg_type(const struct ofp_header *oh, static const struct ofputil_msg_category ofpt_category = { "OpenFlow message", ofpt_messages, ARRAY_SIZE(ofpt_messages), - OFP_MKERR(OFPET_BAD_REQUEST, OFPBRC_BAD_TYPE) + OFPERR_OFPBRC_BAD_TYPE }; - int error; + enum ofperr error; - error = ofputil_lookup_openflow_message(&ofpt_category, oh->type, - ntohs(oh->length), typep); + error = ofputil_lookup_openflow_message(&ofpt_category, oh->version, + oh->type, typep); if (!error) { switch (oh->type) { case OFPT_VENDOR: - error = ofputil_decode_vendor(oh, typep); + error = ofputil_decode_vendor(oh, length, typep); break; case OFPT_STATS_REQUEST: - error = ofputil_decode_ofpst_request(oh, typep); + error = ofputil_decode_ofpst_request(oh, length, typep); break; case OFPT_STATS_REPLY: - error = ofputil_decode_ofpst_reply(oh, typep); + error = ofputil_decode_ofpst_reply(oh, length, typep); default: break; } } + return error; +} + +/* Decodes the message type represented by 'oh'. Returns 0 if successful or an + * OpenFlow error code on failure. Either way, stores in '*typep' a type + * structure that can be inspected with the ofputil_msg_type_*() functions. + * + * oh->length must indicate the correct length of the message (and must be at + * least sizeof(struct ofp_header)). + * + * Success indicates that 'oh' is at least as long as the minimum-length + * message of its type. */ +enum ofperr +ofputil_decode_msg_type(const struct ofp_header *oh, + const struct ofputil_msg_type **typep) +{ + size_t length = ntohs(oh->length); + enum ofperr error; + + error = ofputil_decode_msg_type__(oh, length, typep); + if (!error) { + error = ofputil_check_length(*typep, length); + } if (error) { - static const struct ofputil_msg_type ofputil_invalid_type = { - OFPUTIL_INVALID, - 0, "OFPUTIL_INVALID", - 0, 0 - }; + *typep = &ofputil_invalid_type; + } + return error; +} +/* Decodes the message type represented by 'oh', of which only the first + * 'length' bytes are available. Returns 0 if successful or an OpenFlow error + * code on failure. Either way, stores in '*typep' a type structure that can + * be inspected with the ofputil_msg_type_*() functions. */ +enum ofperr +ofputil_decode_msg_type_partial(const struct ofp_header *oh, size_t length, + const struct ofputil_msg_type **typep) +{ + enum ofperr error; + + error = (length >= sizeof *oh + ? ofputil_decode_msg_type__(oh, length, typep) + : OFPERR_OFPBRC_BAD_LEN); + if (error) { *typep = &ofputil_invalid_type; } return error; @@ -806,7 +821,6 @@ ofputil_flow_format_is_valid(enum nx_flow_format flow_format) { switch (flow_format) { case NXFF_OPENFLOW10: - case NXFF_TUN_ID_FROM_COOKIE: case NXFF_NXM: return true; } @@ -820,8 +834,6 @@ ofputil_flow_format_to_string(enum nx_flow_format flow_format) switch (flow_format) { case NXFF_OPENFLOW10: return "openflow10"; - case NXFF_TUN_ID_FROM_COOKIE: - return "tun_id_from_cookie"; case NXFF_NXM: return "nxm"; default: @@ -833,11 +845,43 @@ int ofputil_flow_format_from_string(const char *s) { return (!strcmp(s, "openflow10") ? NXFF_OPENFLOW10 - : !strcmp(s, "tun_id_from_cookie") ? NXFF_TUN_ID_FROM_COOKIE : !strcmp(s, "nxm") ? NXFF_NXM : -1); } +bool +ofputil_packet_in_format_is_valid(enum nx_packet_in_format packet_in_format) +{ + switch (packet_in_format) { + case NXPIF_OPENFLOW10: + case NXPIF_NXM: + return true; + } + + return false; +} + +const char * +ofputil_packet_in_format_to_string(enum nx_packet_in_format packet_in_format) +{ + switch (packet_in_format) { + case NXPIF_OPENFLOW10: + return "openflow10"; + case NXPIF_NXM: + return "nxm"; + default: + NOT_REACHED(); + } +} + +int +ofputil_packet_in_format_from_string(const char *s) +{ + return (!strcmp(s, "openflow10") ? NXPIF_OPENFLOW10 + : !strcmp(s, "nxm") ? NXPIF_NXM + : -1); +} + static bool regs_fully_wildcarded(const struct flow_wildcards *wc) { @@ -851,89 +895,65 @@ regs_fully_wildcarded(const struct flow_wildcards *wc) return true; } -static inline bool -is_nxm_required(const struct cls_rule *rule, bool cookie_support, - ovs_be64 cookie) +/* Returns the minimum nx_flow_format to use for sending 'rule' to a switch + * (e.g. to add or remove a flow). Only NXM can handle tunnel IDs, registers, + * or fixing the Ethernet multicast bit. Otherwise, it's better to use + * NXFF_OPENFLOW10 for backward compatibility. */ +enum nx_flow_format +ofputil_min_flow_format(const struct cls_rule *rule) { const struct flow_wildcards *wc = &rule->wc; - ovs_be32 cookie_hi; + + BUILD_ASSERT_DECL(FLOW_WC_SEQ == 7); /* Only NXM supports separately wildcards the Ethernet multicast bit. */ if (!(wc->wildcards & FWW_DL_DST) != !(wc->wildcards & FWW_ETH_MCAST)) { - return true; + return NXFF_NXM; } /* Only NXM supports matching ARP hardware addresses. */ if (!(wc->wildcards & FWW_ARP_SHA) || !(wc->wildcards & FWW_ARP_THA)) { - return true; + return NXFF_NXM; } /* Only NXM supports matching IPv6 traffic. */ if (!(wc->wildcards & FWW_DL_TYPE) && (rule->flow.dl_type == htons(ETH_TYPE_IPV6))) { - return true; + return NXFF_NXM; } /* Only NXM supports matching registers. */ if (!regs_fully_wildcarded(wc)) { - return true; + return NXFF_NXM; } - switch (wc->tun_id_mask) { - case CONSTANT_HTONLL(0): - /* Other formats can fully wildcard tun_id. */ - break; + /* Only NXM supports matching tun_id. */ + if (wc->tun_id_mask != htonll(0)) { + return NXFF_NXM; + } - case CONSTANT_HTONLL(UINT64_MAX): - /* Only NXM supports matching tunnel ID, unless there is a cookie and - * the top 32 bits of the cookie are the desired tunnel ID value. */ - cookie_hi = htonl(ntohll(cookie) >> 32); - if (!cookie_support - || (cookie_hi && cookie_hi != ntohll(rule->flow.tun_id))) { - return true; - } - break; + /* Only NXM supports matching fragments. */ + if (wc->nw_frag_mask) { + return NXFF_NXM; + } - default: - /* Only NXM supports partial matches on tunnel ID. */ - return true; + /* Only NXM supports matching IPv6 flow label. */ + if (!(wc->wildcards & FWW_IPV6_LABEL)) { + return NXFF_NXM; } - /* Other formats can express this rule. */ - return false; -} + /* Only NXM supports matching IP ECN bits. */ + if (!(wc->wildcards & FWW_NW_ECN)) { + return NXFF_NXM; + } -/* Returns the minimum nx_flow_format to use for sending 'rule' to a switch - * (e.g. to add or remove a flow). 'cookie_support' should be true if the - * command to be sent includes a flow cookie (as OFPT_FLOW_MOD does, for - * example) or false if the command does not (OFPST_FLOW and OFPST_AGGREGATE do - * not, for example). If 'cookie_support' is true, then 'cookie' should be the - * cookie to be sent; otherwise its value is ignored. - * - * The "best" flow format is chosen on this basis: - * - * - It must be capable of expressing the rule. NXFF_OPENFLOW10 flows can't - * handle tunnel IDs. NXFF_TUN_ID_FROM_COOKIE flows can't handle registers - * or fixing the Ethernet multicast bit, and can't handle tunnel IDs that - * conflict with the high 32 bits of the cookie or commands that don't - * support cookies. - * - * - Otherwise, the chosen format should be as backward compatible as - * possible. (NXFF_OPENFLOW10 is more backward compatible than - * NXFF_TUN_ID_FROM_COOKIE, which is more backward compatible than - * NXFF_NXM.) - */ -enum nx_flow_format -ofputil_min_flow_format(const struct cls_rule *rule, bool cookie_support, - ovs_be64 cookie) -{ - if (is_nxm_required(rule, cookie_support, cookie)) { + /* Only NXM supports matching IP TTL/hop limit. */ + if (!(wc->wildcards & FWW_NW_TTL)) { return NXFF_NXM; - } else if (rule->wc.tun_id_mask != htonll(0)) { - return NXFF_TUN_ID_FROM_COOKIE; - } else { - return NXFF_OPENFLOW10; } + + /* Other formats can express this rule. */ + return NXFF_OPENFLOW10; } /* Returns an OpenFlow message that can be used to set the flow format to @@ -941,21 +961,37 @@ ofputil_min_flow_format(const struct cls_rule *rule, bool cookie_support, struct ofpbuf * ofputil_make_set_flow_format(enum nx_flow_format flow_format) { + struct nx_set_flow_format *sff; struct ofpbuf *msg; - if (flow_format == NXFF_OPENFLOW10 - || flow_format == NXFF_TUN_ID_FROM_COOKIE) { - struct nxt_tun_id_cookie *tic; + sff = make_nxmsg(sizeof *sff, NXT_SET_FLOW_FORMAT, &msg); + sff->format = htonl(flow_format); - tic = make_nxmsg(sizeof *tic, NXT_TUN_ID_FROM_COOKIE, &msg); - tic->set = flow_format == NXFF_TUN_ID_FROM_COOKIE; - } else { - struct nxt_set_flow_format *sff; + return msg; +} - sff = make_nxmsg(sizeof *sff, NXT_SET_FLOW_FORMAT, &msg); - sff->format = htonl(flow_format); - } +struct ofpbuf * +ofputil_make_set_packet_in_format(enum nx_packet_in_format packet_in_format) +{ + struct nx_set_packet_in_format *spif; + struct ofpbuf *msg; + spif = make_nxmsg(sizeof *spif, NXT_SET_PACKET_IN_FORMAT, &msg); + spif->format = htonl(packet_in_format); + + return msg; +} + +/* Returns an OpenFlow message that can be used to turn the flow_mod_table_id + * extension on or off (according to 'flow_mod_table_id'). */ +struct ofpbuf * +ofputil_make_flow_mod_table_id(bool flow_mod_table_id) +{ + struct nx_flow_mod_table_id *nfmti; + struct ofpbuf *msg; + + nfmti = make_nxmsg(sizeof *nfmti, NXT_FLOW_MOD_TABLE_ID, &msg); + nfmti->set = flow_mod_table_id; return msg; } @@ -963,16 +999,16 @@ ofputil_make_set_flow_format(enum nx_flow_format flow_format) * flow_mod in 'fm'. Returns 0 if successful, otherwise an OpenFlow error * code. * - * For OFPT_FLOW_MOD messages, 'flow_format' should be the current flow format - * at the time when the message was received. Otherwise 'flow_format' is - * ignored. + * 'flow_mod_table_id' should be true if the NXT_FLOW_MOD_TABLE_ID extension is + * enabled, false otherwise. * * Does not validate the flow_mod actions. */ -int -ofputil_decode_flow_mod(struct flow_mod *fm, const struct ofp_header *oh, - enum nx_flow_format flow_format) +enum ofperr +ofputil_decode_flow_mod(struct ofputil_flow_mod *fm, + const struct ofp_header *oh, bool flow_mod_table_id) { const struct ofputil_msg_type *type; + uint16_t command; struct ofpbuf b; ofpbuf_use_const(&b, oh, ntohs(oh->length)); @@ -980,9 +1016,9 @@ ofputil_decode_flow_mod(struct flow_mod *fm, const struct ofp_header *oh, ofputil_decode_msg_type(oh, &type); if (ofputil_msg_type_code(type) == OFPUTIL_OFPT_FLOW_MOD) { /* Standard OpenFlow flow_mod. */ - struct ofp_match match, orig_match; const struct ofp_flow_mod *ofm; - int error; + uint16_t priority; + enum ofperr error; /* Dissect the message. */ ofm = ofpbuf_pull(&b, sizeof *ofm); @@ -991,29 +1027,23 @@ ofputil_decode_flow_mod(struct flow_mod *fm, const struct ofp_header *oh, return error; } - /* Normalize ofm->match. If normalization actually changes anything, - * then log the differences. */ - match = ofm->match; - match.pad1[0] = match.pad2[0] = 0; - orig_match = match; - normalize_match(&match); - if (memcmp(&match, &orig_match, sizeof orig_match)) { - if (!VLOG_DROP_INFO(&bad_ofmsg_rl)) { - char *old = ofp_match_to_literal_string(&orig_match); - char *new = ofp_match_to_literal_string(&match); - VLOG_INFO("normalization changed ofp_match, details:"); - VLOG_INFO(" pre: %s", old); - VLOG_INFO("post: %s", new); - free(old); - free(new); - } + /* Set priority based on original wildcards. Normally we'd allow + * ofputil_cls_rule_from_match() to do this for us, but + * ofputil_normalize_rule() can put wildcards where the original flow + * didn't have them. */ + priority = ntohs(ofm->priority); + if (!(ofm->match.wildcards & htonl(OFPFW_ALL))) { + priority = UINT16_MAX; } + /* Translate the rule. */ + ofputil_cls_rule_from_match(&ofm->match, priority, &fm->cr); + ofputil_normalize_rule(&fm->cr, NXFF_OPENFLOW10); + /* Translate the message. */ - ofputil_cls_rule_from_match(&match, ntohs(ofm->priority), flow_format, - ofm->cookie, &fm->cr); fm->cookie = ofm->cookie; - fm->command = ntohs(ofm->command); + fm->cookie_mask = htonll(UINT64_MAX); + command = ntohs(ofm->command); fm->idle_timeout = ntohs(ofm->idle_timeout); fm->hard_timeout = ntohs(ofm->hard_timeout); fm->buffer_id = ntohl(ofm->buffer_id); @@ -1022,12 +1052,12 @@ ofputil_decode_flow_mod(struct flow_mod *fm, const struct ofp_header *oh, } else if (ofputil_msg_type_code(type) == OFPUTIL_NXT_FLOW_MOD) { /* Nicira extended flow_mod. */ const struct nx_flow_mod *nfm; - int error; + enum ofperr error; /* Dissect the message. */ nfm = ofpbuf_pull(&b, sizeof *nfm); error = nx_pull_match(&b, ntohs(nfm->match_len), ntohs(nfm->priority), - &fm->cr); + &fm->cr, &fm->cookie, &fm->cookie_mask); if (error) { return error; } @@ -1037,8 +1067,18 @@ ofputil_decode_flow_mod(struct flow_mod *fm, const struct ofp_header *oh, } /* Translate the message. */ - fm->cookie = nfm->cookie; - fm->command = ntohs(nfm->command); + command = ntohs(nfm->command); + if (command == OFPFC_ADD) { + if (fm->cookie_mask) { + /* The "NXM_NX_COOKIE*" matches are not valid for flow + * additions. Additions must use the "cookie" field of + * the "nx_flow_mod" structure. */ + return OFPERR_NXBRC_NXM_INVALID; + } else { + fm->cookie = nfm->cookie; + fm->cookie_mask = htonll(UINT64_MAX); + } + } fm->idle_timeout = ntohs(nfm->idle_timeout); fm->hard_timeout = ntohs(nfm->hard_timeout); fm->buffer_id = ntohl(nfm->buffer_id); @@ -1048,27 +1088,43 @@ ofputil_decode_flow_mod(struct flow_mod *fm, const struct ofp_header *oh, NOT_REACHED(); } + if (flow_mod_table_id) { + fm->command = command & 0xff; + fm->table_id = command >> 8; + } else { + fm->command = command; + fm->table_id = 0xff; + } + return 0; } /* Converts 'fm' into an OFPT_FLOW_MOD or NXT_FLOW_MOD message according to - * 'flow_format' and returns the message. */ + * 'flow_format' and returns the message. + * + * 'flow_mod_table_id' should be true if the NXT_FLOW_MOD_TABLE_ID extension is + * enabled, false otherwise. */ struct ofpbuf * -ofputil_encode_flow_mod(const struct flow_mod *fm, - enum nx_flow_format flow_format) +ofputil_encode_flow_mod(const struct ofputil_flow_mod *fm, + enum nx_flow_format flow_format, + bool flow_mod_table_id) { size_t actions_len = fm->n_actions * sizeof *fm->actions; struct ofpbuf *msg; + uint16_t command; + + command = (flow_mod_table_id + ? (fm->command & 0xff) | (fm->table_id << 8) + : fm->command); - if (flow_format == NXFF_OPENFLOW10 - || flow_format == NXFF_TUN_ID_FROM_COOKIE) { + if (flow_format == NXFF_OPENFLOW10) { struct ofp_flow_mod *ofm; msg = ofpbuf_new(sizeof *ofm + actions_len); ofm = put_openflow(sizeof *ofm, OFPT_FLOW_MOD, msg); - ofputil_cls_rule_to_match(&fm->cr, flow_format, &ofm->match, - fm->cookie, &ofm->cookie); - ofm->command = htons(fm->command); + ofputil_cls_rule_to_match(&fm->cr, &ofm->match); + ofm->cookie = fm->cookie; + ofm->command = htons(command); ofm->idle_timeout = htons(fm->idle_timeout); ofm->hard_timeout = htons(fm->hard_timeout); ofm->priority = htons(fm->cr.priority); @@ -1081,11 +1137,16 @@ ofputil_encode_flow_mod(const struct flow_mod *fm, msg = ofpbuf_new(sizeof *nfm + NXM_TYPICAL_LEN + actions_len); put_nxmsg(sizeof *nfm, NXT_FLOW_MOD, msg); - match_len = nx_put_match(msg, &fm->cr); - nfm = msg->data; - nfm->cookie = fm->cookie; - nfm->command = htons(fm->command); + nfm->command = htons(command); + if (command == OFPFC_ADD) { + nfm->cookie = fm->cookie; + match_len = nx_put_match(msg, &fm->cr, 0, 0); + } else { + nfm->cookie = 0; + match_len = nx_put_match(msg, &fm->cr, + fm->cookie, fm->cookie_mask); + } nfm->idle_timeout = htons(fm->idle_timeout); nfm->hard_timeout = htons(fm->hard_timeout); nfm->priority = htons(fm->cr.priority); @@ -1102,40 +1163,42 @@ ofputil_encode_flow_mod(const struct flow_mod *fm, return msg; } -static int -ofputil_decode_ofpst_flow_request(struct flow_stats_request *fsr, +static enum ofperr +ofputil_decode_ofpst_flow_request(struct ofputil_flow_stats_request *fsr, const struct ofp_header *oh, - enum nx_flow_format flow_format, bool aggregate) { - const struct ofp_flow_stats_request *ofsr = ofputil_stats_body(oh); + const struct ofp_flow_stats_request *ofsr = + (const struct ofp_flow_stats_request *) oh; fsr->aggregate = aggregate; - ofputil_cls_rule_from_match(&ofsr->match, 0, flow_format, 0, &fsr->match); + ofputil_cls_rule_from_match(&ofsr->match, 0, &fsr->match); fsr->out_port = ntohs(ofsr->out_port); fsr->table_id = ofsr->table_id; + fsr->cookie = fsr->cookie_mask = htonll(0); return 0; } -static int -ofputil_decode_nxst_flow_request(struct flow_stats_request *fsr, +static enum ofperr +ofputil_decode_nxst_flow_request(struct ofputil_flow_stats_request *fsr, const struct ofp_header *oh, bool aggregate) { const struct nx_flow_stats_request *nfsr; struct ofpbuf b; - int error; + enum ofperr error; ofpbuf_use_const(&b, oh, ntohs(oh->length)); nfsr = ofpbuf_pull(&b, sizeof *nfsr); - error = nx_pull_match(&b, ntohs(nfsr->match_len), 0, &fsr->match); + error = nx_pull_match(&b, ntohs(nfsr->match_len), 0, &fsr->match, + &fsr->cookie, &fsr->cookie_mask); if (error) { return error; } if (b.size) { - return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN); + return OFPERR_OFPBRC_BAD_LEN; } fsr->aggregate = aggregate; @@ -1146,17 +1209,11 @@ ofputil_decode_nxst_flow_request(struct flow_stats_request *fsr, } /* Converts an OFPST_FLOW, OFPST_AGGREGATE, NXST_FLOW, or NXST_AGGREGATE - * message 'oh', received when the current flow format was 'flow_format', into - * an abstract flow_stats_request in 'fsr'. Returns 0 if successful, otherwise - * an OpenFlow error code. - * - * For OFPST_FLOW and OFPST_AGGREGATE messages, 'flow_format' should be the - * current flow format at the time when the message was received. Otherwise - * 'flow_format' is ignored. */ -int -ofputil_decode_flow_stats_request(struct flow_stats_request *fsr, - const struct ofp_header *oh, - enum nx_flow_format flow_format) + * request 'oh', into an abstract flow_stats_request in 'fsr'. Returns 0 if + * successful, otherwise an OpenFlow error code. */ +enum ofperr +ofputil_decode_flow_stats_request(struct ofputil_flow_stats_request *fsr, + const struct ofp_header *oh) { const struct ofputil_msg_type *type; struct ofpbuf b; @@ -1168,10 +1225,10 @@ ofputil_decode_flow_stats_request(struct flow_stats_request *fsr, code = ofputil_msg_type_code(type); switch (code) { case OFPUTIL_OFPST_FLOW_REQUEST: - return ofputil_decode_ofpst_flow_request(fsr, oh, flow_format, false); + return ofputil_decode_ofpst_flow_request(fsr, oh, false); case OFPUTIL_OFPST_AGGREGATE_REQUEST: - return ofputil_decode_ofpst_flow_request(fsr, oh, flow_format, true); + return ofputil_decode_ofpst_flow_request(fsr, oh, true); case OFPUTIL_NXST_FLOW_REQUEST: return ofputil_decode_nxst_flow_request(fsr, oh, false); @@ -1186,26 +1243,21 @@ ofputil_decode_flow_stats_request(struct flow_stats_request *fsr, } /* Converts abstract flow_stats_request 'fsr' into an OFPST_FLOW, - * OFPST_AGGREGATE, NXST_FLOW, or NXST_AGGREGATE message 'oh' according to + * OFPST_AGGREGATE, NXST_FLOW, or NXST_AGGREGATE request 'oh' according to * 'flow_format', and returns the message. */ struct ofpbuf * -ofputil_encode_flow_stats_request(const struct flow_stats_request *fsr, +ofputil_encode_flow_stats_request(const struct ofputil_flow_stats_request *fsr, enum nx_flow_format flow_format) { struct ofpbuf *msg; - if (flow_format == NXFF_OPENFLOW10 - || flow_format == NXFF_TUN_ID_FROM_COOKIE) { + if (flow_format == NXFF_OPENFLOW10) { struct ofp_flow_stats_request *ofsr; int type; - BUILD_ASSERT_DECL(sizeof(struct ofp_flow_stats_request) - == sizeof(struct ofp_aggregate_stats_request)); - type = fsr->aggregate ? OFPST_AGGREGATE : OFPST_FLOW; - ofsr = ofputil_make_stats_request(sizeof *ofsr, type, &msg); - ofputil_cls_rule_to_match(&fsr->match, flow_format, &ofsr->match, - 0, NULL); + ofsr = ofputil_make_stats_request(sizeof *ofsr, type, 0, &msg); + ofputil_cls_rule_to_match(&fsr->match, &ofsr->match); ofsr->table_id = fsr->table_id; ofsr->out_port = htons(fsr->out_port); } else if (flow_format == NXFF_NXM) { @@ -1214,8 +1266,9 @@ ofputil_encode_flow_stats_request(const struct flow_stats_request *fsr, int subtype; subtype = fsr->aggregate ? NXST_AGGREGATE : NXST_FLOW; - ofputil_make_nxstats_request(sizeof *nfsr, subtype, &msg); - match_len = nx_put_match(msg, &fsr->match); + ofputil_make_stats_request(sizeof *nfsr, OFPST_VENDOR, subtype, &msg); + match_len = nx_put_match(msg, &fsr->match, + fsr->cookie, fsr->cookie_mask); nfsr = msg->data; nfsr->out_port = htons(fsr->out_port); @@ -1228,61 +1281,108 @@ ofputil_encode_flow_stats_request(const struct flow_stats_request *fsr, return msg; } -/* Converts an OFPT_FLOW_REMOVED or NXT_FLOW_REMOVED message 'oh', received - * when the current flow format was 'flow_format', into an abstract - * ofputil_flow_removed in 'fr'. Returns 0 if successful, otherwise an - * OpenFlow error code. +/* Converts an OFPST_FLOW or NXST_FLOW reply in 'msg' into an abstract + * ofputil_flow_stats in 'fs'. * - * For OFPT_FLOW_REMOVED messages, 'flow_format' should be the current flow - * format at the time when the message was received. Otherwise 'flow_format' - * is ignored. */ + * Multiple OFPST_FLOW or NXST_FLOW replies can be packed into a single + * OpenFlow message. Calling this function multiple times for a single 'msg' + * iterates through the replies. The caller must initially leave 'msg''s layer + * pointers null and not modify them between calls. + * + * Returns 0 if successful, EOF if no replies were left in this 'msg', + * otherwise a positive errno value. */ int -ofputil_decode_flow_removed(struct ofputil_flow_removed *fr, - const struct ofp_header *oh, - enum nx_flow_format flow_format) +ofputil_decode_flow_stats_reply(struct ofputil_flow_stats *fs, + struct ofpbuf *msg) { const struct ofputil_msg_type *type; - enum ofputil_msg_code code; + int code; - ofputil_decode_msg_type(oh, &type); + ofputil_decode_msg_type(msg->l2 ? msg->l2 : msg->data, &type); code = ofputil_msg_type_code(type); - if (code == OFPUTIL_OFPT_FLOW_REMOVED) { - const struct ofp_flow_removed *ofr; + if (!msg->l2) { + msg->l2 = msg->data; + if (code == OFPUTIL_OFPST_FLOW_REPLY) { + ofpbuf_pull(msg, sizeof(struct ofp_stats_msg)); + } else if (code == OFPUTIL_NXST_FLOW_REPLY) { + ofpbuf_pull(msg, sizeof(struct nicira_stats_msg)); + } else { + NOT_REACHED(); + } + } - ofr = (const struct ofp_flow_removed *) oh; - ofputil_cls_rule_from_match(&ofr->match, ntohs(ofr->priority), - flow_format, ofr->cookie, &fr->rule); - fr->cookie = ofr->cookie; - fr->reason = ofr->reason; - fr->duration_sec = ntohl(ofr->duration_sec); - fr->duration_nsec = ntohl(ofr->duration_nsec); - fr->idle_timeout = ntohs(ofr->idle_timeout); - fr->packet_count = ntohll(ofr->packet_count); - fr->byte_count = ntohll(ofr->byte_count); - } else if (code == OFPUTIL_NXT_FLOW_REMOVED) { - struct nx_flow_removed *nfr; - struct ofpbuf b; - int error; + if (!msg->size) { + return EOF; + } else if (code == OFPUTIL_OFPST_FLOW_REPLY) { + const struct ofp_flow_stats *ofs; + size_t length; - ofpbuf_use_const(&b, oh, ntohs(oh->length)); + ofs = ofpbuf_try_pull(msg, sizeof *ofs); + if (!ofs) { + VLOG_WARN_RL(&bad_ofmsg_rl, "OFPST_FLOW reply has %zu leftover " + "bytes at end", msg->size); + return EINVAL; + } - nfr = ofpbuf_pull(&b, sizeof *nfr); - error = nx_pull_match(&b, ntohs(nfr->match_len), ntohs(nfr->priority), - &fr->rule); - if (error) { - return error; + length = ntohs(ofs->length); + if (length < sizeof *ofs) { + VLOG_WARN_RL(&bad_ofmsg_rl, "OFPST_FLOW reply claims invalid " + "length %zu", length); + return EINVAL; } - if (b.size) { - return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN); + + if (ofputil_pull_actions(msg, length - sizeof *ofs, + &fs->actions, &fs->n_actions)) { + return EINVAL; } - fr->cookie = nfr->cookie; - fr->reason = nfr->reason; - fr->duration_sec = ntohl(nfr->duration_sec); - fr->duration_nsec = ntohl(nfr->duration_nsec); - fr->idle_timeout = ntohs(nfr->idle_timeout); - fr->packet_count = ntohll(nfr->packet_count); - fr->byte_count = ntohll(nfr->byte_count); + fs->cookie = get_32aligned_be64(&ofs->cookie); + ofputil_cls_rule_from_match(&ofs->match, ntohs(ofs->priority), + &fs->rule); + fs->table_id = ofs->table_id; + fs->duration_sec = ntohl(ofs->duration_sec); + fs->duration_nsec = ntohl(ofs->duration_nsec); + fs->idle_timeout = ntohs(ofs->idle_timeout); + fs->hard_timeout = ntohs(ofs->hard_timeout); + fs->packet_count = ntohll(get_32aligned_be64(&ofs->packet_count)); + fs->byte_count = ntohll(get_32aligned_be64(&ofs->byte_count)); + } else if (code == OFPUTIL_NXST_FLOW_REPLY) { + const struct nx_flow_stats *nfs; + size_t match_len, length; + + nfs = ofpbuf_try_pull(msg, sizeof *nfs); + if (!nfs) { + VLOG_WARN_RL(&bad_ofmsg_rl, "NXST_FLOW reply has %zu leftover " + "bytes at end", msg->size); + return EINVAL; + } + + length = ntohs(nfs->length); + match_len = ntohs(nfs->match_len); + if (length < sizeof *nfs + ROUND_UP(match_len, 8)) { + VLOG_WARN_RL(&bad_ofmsg_rl, "NXST_FLOW reply with match_len=%zu " + "claims invalid length %zu", match_len, length); + return EINVAL; + } + if (nx_pull_match(msg, match_len, ntohs(nfs->priority), &fs->rule, + NULL, NULL)) { + return EINVAL; + } + + if (ofputil_pull_actions(msg, + length - sizeof *nfs - ROUND_UP(match_len, 8), + &fs->actions, &fs->n_actions)) { + return EINVAL; + } + + fs->cookie = nfs->cookie; + fs->table_id = nfs->table_id; + fs->duration_sec = ntohl(nfs->duration_sec); + fs->duration_nsec = ntohl(nfs->duration_nsec); + fs->idle_timeout = ntohs(nfs->idle_timeout); + fs->hard_timeout = ntohs(nfs->hard_timeout); + fs->packet_count = ntohll(nfs->packet_count); + fs->byte_count = ntohll(nfs->byte_count); } else { NOT_REACHED(); } @@ -1290,12 +1390,356 @@ ofputil_decode_flow_removed(struct ofputil_flow_removed *fr, return 0; } -/* Returns a string representing the message type of 'type'. The string is the - * enumeration constant for the type, e.g. "OFPT_HELLO". For statistics - * messages, the constant is followed by "request" or "reply", - * e.g. "OFPST_AGGREGATE reply". */ -const char * -ofputil_msg_type_name(const struct ofputil_msg_type *type) +/* Returns 'count' unchanged except that UINT64_MAX becomes 0. + * + * We use this in situations where OVS internally uses UINT64_MAX to mean + * "value unknown" but OpenFlow 1.0 does not define any unknown value. */ +static uint64_t +unknown_to_zero(uint64_t count) +{ + return count != UINT64_MAX ? count : 0; +} + +/* Appends an OFPST_FLOW or NXST_FLOW reply that contains the data in 'fs' to + * those already present in the list of ofpbufs in 'replies'. 'replies' should + * have been initialized with ofputil_start_stats_reply(). */ +void +ofputil_append_flow_stats_reply(const struct ofputil_flow_stats *fs, + struct list *replies) +{ + size_t act_len = fs->n_actions * sizeof *fs->actions; + const struct ofp_stats_msg *osm; + + osm = ofpbuf_from_list(list_back(replies))->data; + if (osm->type == htons(OFPST_FLOW)) { + size_t len = offsetof(struct ofp_flow_stats, actions) + act_len; + struct ofp_flow_stats *ofs; + + ofs = ofputil_append_stats_reply(len, replies); + ofs->length = htons(len); + ofs->table_id = fs->table_id; + ofs->pad = 0; + ofputil_cls_rule_to_match(&fs->rule, &ofs->match); + ofs->duration_sec = htonl(fs->duration_sec); + ofs->duration_nsec = htonl(fs->duration_nsec); + ofs->priority = htons(fs->rule.priority); + ofs->idle_timeout = htons(fs->idle_timeout); + ofs->hard_timeout = htons(fs->hard_timeout); + memset(ofs->pad2, 0, sizeof ofs->pad2); + put_32aligned_be64(&ofs->cookie, fs->cookie); + put_32aligned_be64(&ofs->packet_count, + htonll(unknown_to_zero(fs->packet_count))); + put_32aligned_be64(&ofs->byte_count, + htonll(unknown_to_zero(fs->byte_count))); + memcpy(ofs->actions, fs->actions, act_len); + } else if (osm->type == htons(OFPST_VENDOR)) { + struct nx_flow_stats *nfs; + struct ofpbuf *msg; + size_t start_len; + + msg = ofputil_reserve_stats_reply( + sizeof *nfs + NXM_MAX_LEN + act_len, replies); + start_len = msg->size; + + nfs = ofpbuf_put_uninit(msg, sizeof *nfs); + nfs->table_id = fs->table_id; + nfs->pad = 0; + nfs->duration_sec = htonl(fs->duration_sec); + nfs->duration_nsec = htonl(fs->duration_nsec); + nfs->priority = htons(fs->rule.priority); + nfs->idle_timeout = htons(fs->idle_timeout); + nfs->hard_timeout = htons(fs->hard_timeout); + nfs->match_len = htons(nx_put_match(msg, &fs->rule, 0, 0)); + memset(nfs->pad2, 0, sizeof nfs->pad2); + nfs->cookie = fs->cookie; + nfs->packet_count = htonll(fs->packet_count); + nfs->byte_count = htonll(fs->byte_count); + ofpbuf_put(msg, fs->actions, act_len); + nfs->length = htons(msg->size - start_len); + } else { + NOT_REACHED(); + } +} + +/* Converts abstract ofputil_aggregate_stats 'stats' into an OFPST_AGGREGATE or + * NXST_AGGREGATE reply according to 'flow_format', and returns the message. */ +struct ofpbuf * +ofputil_encode_aggregate_stats_reply( + const struct ofputil_aggregate_stats *stats, + const struct ofp_stats_msg *request) +{ + struct ofpbuf *msg; + + if (request->type == htons(OFPST_AGGREGATE)) { + struct ofp_aggregate_stats_reply *asr; + + asr = ofputil_make_stats_reply(sizeof *asr, request, &msg); + put_32aligned_be64(&asr->packet_count, + htonll(unknown_to_zero(stats->packet_count))); + put_32aligned_be64(&asr->byte_count, + htonll(unknown_to_zero(stats->byte_count))); + asr->flow_count = htonl(stats->flow_count); + } else if (request->type == htons(OFPST_VENDOR)) { + struct nx_aggregate_stats_reply *nasr; + + nasr = ofputil_make_stats_reply(sizeof *nasr, request, &msg); + assert(nasr->nsm.subtype == htonl(NXST_AGGREGATE)); + nasr->packet_count = htonll(stats->packet_count); + nasr->byte_count = htonll(stats->byte_count); + nasr->flow_count = htonl(stats->flow_count); + } else { + NOT_REACHED(); + } + + return msg; +} + +/* Converts an OFPT_FLOW_REMOVED or NXT_FLOW_REMOVED message 'oh' into an + * abstract ofputil_flow_removed in 'fr'. Returns 0 if successful, otherwise + * an OpenFlow error code. */ +enum ofperr +ofputil_decode_flow_removed(struct ofputil_flow_removed *fr, + const struct ofp_header *oh) +{ + const struct ofputil_msg_type *type; + enum ofputil_msg_code code; + + ofputil_decode_msg_type(oh, &type); + code = ofputil_msg_type_code(type); + if (code == OFPUTIL_OFPT_FLOW_REMOVED) { + const struct ofp_flow_removed *ofr; + + ofr = (const struct ofp_flow_removed *) oh; + ofputil_cls_rule_from_match(&ofr->match, ntohs(ofr->priority), + &fr->rule); + fr->cookie = ofr->cookie; + fr->reason = ofr->reason; + fr->duration_sec = ntohl(ofr->duration_sec); + fr->duration_nsec = ntohl(ofr->duration_nsec); + fr->idle_timeout = ntohs(ofr->idle_timeout); + fr->packet_count = ntohll(ofr->packet_count); + fr->byte_count = ntohll(ofr->byte_count); + } else if (code == OFPUTIL_NXT_FLOW_REMOVED) { + struct nx_flow_removed *nfr; + struct ofpbuf b; + int error; + + ofpbuf_use_const(&b, oh, ntohs(oh->length)); + + nfr = ofpbuf_pull(&b, sizeof *nfr); + error = nx_pull_match(&b, ntohs(nfr->match_len), ntohs(nfr->priority), + &fr->rule, NULL, NULL); + if (error) { + return error; + } + if (b.size) { + return OFPERR_OFPBRC_BAD_LEN; + } + + fr->cookie = nfr->cookie; + fr->reason = nfr->reason; + fr->duration_sec = ntohl(nfr->duration_sec); + fr->duration_nsec = ntohl(nfr->duration_nsec); + fr->idle_timeout = ntohs(nfr->idle_timeout); + fr->packet_count = ntohll(nfr->packet_count); + fr->byte_count = ntohll(nfr->byte_count); + } else { + NOT_REACHED(); + } + + return 0; +} + +/* Converts abstract ofputil_flow_removed 'fr' into an OFPT_FLOW_REMOVED or + * NXT_FLOW_REMOVED message 'oh' according to 'flow_format', and returns the + * message. */ +struct ofpbuf * +ofputil_encode_flow_removed(const struct ofputil_flow_removed *fr, + enum nx_flow_format flow_format) +{ + struct ofpbuf *msg; + + if (flow_format == NXFF_OPENFLOW10) { + struct ofp_flow_removed *ofr; + + ofr = make_openflow_xid(sizeof *ofr, OFPT_FLOW_REMOVED, htonl(0), + &msg); + ofputil_cls_rule_to_match(&fr->rule, &ofr->match); + ofr->cookie = fr->cookie; + ofr->priority = htons(fr->rule.priority); + ofr->reason = fr->reason; + ofr->duration_sec = htonl(fr->duration_sec); + ofr->duration_nsec = htonl(fr->duration_nsec); + ofr->idle_timeout = htons(fr->idle_timeout); + ofr->packet_count = htonll(unknown_to_zero(fr->packet_count)); + ofr->byte_count = htonll(unknown_to_zero(fr->byte_count)); + } else if (flow_format == NXFF_NXM) { + struct nx_flow_removed *nfr; + int match_len; + + make_nxmsg_xid(sizeof *nfr, NXT_FLOW_REMOVED, htonl(0), &msg); + match_len = nx_put_match(msg, &fr->rule, 0, 0); + + nfr = msg->data; + nfr->cookie = fr->cookie; + nfr->priority = htons(fr->rule.priority); + nfr->reason = fr->reason; + nfr->duration_sec = htonl(fr->duration_sec); + nfr->duration_nsec = htonl(fr->duration_nsec); + nfr->idle_timeout = htons(fr->idle_timeout); + nfr->match_len = htons(match_len); + nfr->packet_count = htonll(fr->packet_count); + nfr->byte_count = htonll(fr->byte_count); + } else { + NOT_REACHED(); + } + + return msg; +} + +int +ofputil_decode_packet_in(struct ofputil_packet_in *pin, + const struct ofp_header *oh) +{ + const struct ofputil_msg_type *type; + enum ofputil_msg_code code; + + ofputil_decode_msg_type(oh, &type); + code = ofputil_msg_type_code(type); + memset(pin, 0, sizeof *pin); + + if (code == OFPUTIL_OFPT_PACKET_IN) { + const struct ofp_packet_in *opi = (const struct ofp_packet_in *) oh; + + pin->packet = opi->data; + pin->packet_len = ntohs(opi->header.length) + - offsetof(struct ofp_packet_in, data); + + pin->fmd.in_port = ntohs(opi->in_port); + pin->reason = opi->reason; + pin->buffer_id = ntohl(opi->buffer_id); + pin->total_len = ntohs(opi->total_len); + } else if (code == OFPUTIL_NXT_PACKET_IN) { + const struct nx_packet_in *npi; + struct cls_rule rule; + struct ofpbuf b; + int error; + + ofpbuf_use_const(&b, oh, ntohs(oh->length)); + + npi = ofpbuf_pull(&b, sizeof *npi); + error = nx_pull_match_loose(&b, ntohs(npi->match_len), 0, &rule, NULL, + NULL); + if (error) { + return error; + } + + if (!ofpbuf_try_pull(&b, 2)) { + return OFPERR_OFPBRC_BAD_LEN; + } + + pin->packet = b.data; + pin->packet_len = b.size; + pin->reason = npi->reason; + pin->table_id = npi->table_id; + pin->cookie = npi->cookie; + + pin->fmd.in_port = rule.flow.in_port; + + pin->fmd.tun_id = rule.flow.tun_id; + pin->fmd.tun_id_mask = rule.wc.tun_id_mask; + + memcpy(pin->fmd.regs, rule.flow.regs, sizeof pin->fmd.regs); + memcpy(pin->fmd.reg_masks, rule.wc.reg_masks, + sizeof pin->fmd.reg_masks); + + pin->buffer_id = ntohl(npi->buffer_id); + pin->total_len = ntohs(npi->total_len); + } else { + NOT_REACHED(); + } + + return 0; +} + +/* Converts abstract ofputil_packet_in 'pin' into a PACKET_IN message + * in the format specified by 'packet_in_format'. */ +struct ofpbuf * +ofputil_encode_packet_in(const struct ofputil_packet_in *pin, + enum nx_packet_in_format packet_in_format) +{ + size_t send_len = MIN(pin->send_len, pin->packet_len); + struct ofpbuf *packet; + + /* Add OFPT_PACKET_IN. */ + if (packet_in_format == NXPIF_OPENFLOW10) { + size_t header_len = offsetof(struct ofp_packet_in, data); + struct ofp_packet_in *opi; + + packet = ofpbuf_new(send_len + header_len); + opi = ofpbuf_put_zeros(packet, header_len); + opi->header.version = OFP_VERSION; + opi->header.type = OFPT_PACKET_IN; + opi->total_len = htons(pin->total_len); + opi->in_port = htons(pin->fmd.in_port); + opi->reason = pin->reason; + opi->buffer_id = htonl(pin->buffer_id); + + ofpbuf_put(packet, pin->packet, send_len); + } else if (packet_in_format == NXPIF_NXM) { + struct nx_packet_in *npi; + struct cls_rule rule; + size_t match_len; + size_t i; + + /* Estimate of required PACKET_IN length includes the NPI header, space + * for the match (2 times sizeof the metadata seems like enough), 2 + * bytes for padding, and the packet length. */ + packet = ofpbuf_new(sizeof *npi + sizeof(struct flow_metadata) * 2 + + 2 + send_len); + + cls_rule_init_catchall(&rule, 0); + cls_rule_set_tun_id_masked(&rule, pin->fmd.tun_id, + pin->fmd.tun_id_mask); + + for (i = 0; i < FLOW_N_REGS; i++) { + cls_rule_set_reg_masked(&rule, i, pin->fmd.regs[i], + pin->fmd.reg_masks[i]); + } + + cls_rule_set_in_port(&rule, pin->fmd.in_port); + + ofpbuf_put_zeros(packet, sizeof *npi); + match_len = nx_put_match(packet, &rule, 0, 0); + ofpbuf_put_zeros(packet, 2); + ofpbuf_put(packet, pin->packet, send_len); + + npi = packet->data; + npi->nxh.header.version = OFP_VERSION; + npi->nxh.header.type = OFPT_VENDOR; + npi->nxh.vendor = htonl(NX_VENDOR_ID); + npi->nxh.subtype = htonl(NXT_PACKET_IN); + + npi->buffer_id = htonl(pin->buffer_id); + npi->total_len = htons(pin->total_len); + npi->reason = pin->reason; + npi->table_id = pin->table_id; + npi->cookie = pin->cookie; + npi->match_len = htons(match_len); + } else { + NOT_REACHED(); + } + update_openflow_length(packet); + + return packet; +} + +/* Returns a string representing the message type of 'type'. The string is the + * enumeration constant for the type, e.g. "OFPT_HELLO". For statistics + * messages, the constant is followed by "request" or "reply", + * e.g. "OFPST_AGGREGATE reply". */ +const char * +ofputil_msg_type_name(const struct ofputil_msg_type *type) { return type->name; } @@ -1432,56 +1876,149 @@ update_openflow_length(struct ofpbuf *buffer) oh->length = htons(buffer->size); } -/* Creates an ofp_stats_request with the given 'type' and 'body_len' bytes of - * space allocated for the 'body' member. Returns the first byte of the 'body' - * member. */ +static void +put_stats__(ovs_be32 xid, uint8_t ofp_type, + ovs_be16 ofpst_type, ovs_be32 nxst_subtype, + struct ofpbuf *msg) +{ + if (ofpst_type == htons(OFPST_VENDOR)) { + struct nicira_stats_msg *nsm; + + nsm = put_openflow_xid(sizeof *nsm, ofp_type, xid, msg); + nsm->vsm.osm.type = ofpst_type; + nsm->vsm.vendor = htonl(NX_VENDOR_ID); + nsm->subtype = nxst_subtype; + } else { + struct ofp_stats_msg *osm; + + osm = put_openflow_xid(sizeof *osm, ofp_type, xid, msg); + osm->type = ofpst_type; + } +} + +/* Creates a statistics request message with total length 'openflow_len' + * (including all headers) and the given 'ofpst_type', and stores the buffer + * containing the new message in '*bufferp'. If 'ofpst_type' is OFPST_VENDOR + * then 'nxst_subtype' is used as the Nicira vendor extension statistics + * subtype (otherwise 'nxst_subtype' is ignored). + * + * Initializes bytes following the headers to all-bits-zero. + * + * Returns the first byte of the new message. */ void * -ofputil_make_stats_request(size_t body_len, uint16_t type, - struct ofpbuf **bufferp) +ofputil_make_stats_request(size_t openflow_len, uint16_t ofpst_type, + uint32_t nxst_subtype, struct ofpbuf **bufferp) { - struct ofp_stats_request *osr; - osr = make_openflow((offsetof(struct ofp_stats_request, body) - + body_len), OFPT_STATS_REQUEST, bufferp); - osr->type = htons(type); - osr->flags = htons(0); - return osr->body; + struct ofpbuf *msg; + + msg = *bufferp = ofpbuf_new(openflow_len); + put_stats__(alloc_xid(), OFPT_STATS_REQUEST, + htons(ofpst_type), htonl(nxst_subtype), msg); + ofpbuf_padto(msg, openflow_len); + + return msg->data; +} + +static void +put_stats_reply__(const struct ofp_stats_msg *request, struct ofpbuf *msg) +{ + assert(request->header.type == OFPT_STATS_REQUEST || + request->header.type == OFPT_STATS_REPLY); + put_stats__(request->header.xid, OFPT_STATS_REPLY, request->type, + (request->type != htons(OFPST_VENDOR) + ? htonl(0) + : ((const struct nicira_stats_msg *) request)->subtype), + msg); } -/* Creates a stats request message with Nicira as vendor and the given - * 'subtype', of total length 'openflow_len'. Returns the message. */ +/* Creates a statistics reply message with total length 'openflow_len' + * (including all headers) and the same type (either a standard OpenFlow + * statistics type or a Nicira extension type and subtype) as 'request', and + * stores the buffer containing the new message in '*bufferp'. + * + * Initializes bytes following the headers to all-bits-zero. + * + * Returns the first byte of the new message. */ void * -ofputil_make_nxstats_request(size_t openflow_len, uint32_t subtype, - struct ofpbuf **bufferp) +ofputil_make_stats_reply(size_t openflow_len, + const struct ofp_stats_msg *request, + struct ofpbuf **bufferp) +{ + struct ofpbuf *msg; + + msg = *bufferp = ofpbuf_new(openflow_len); + put_stats_reply__(request, msg); + ofpbuf_padto(msg, openflow_len); + + return msg->data; +} + +/* Initializes 'replies' as a list of ofpbufs that will contain a series of + * replies to 'request', which should be an OpenFlow or Nicira extension + * statistics request. Initially 'replies' will have a single reply message + * that has only a header. The functions ofputil_reserve_stats_reply() and + * ofputil_append_stats_reply() may be used to add to the reply. */ +void +ofputil_start_stats_reply(const struct ofp_stats_msg *request, + struct list *replies) { - struct nicira_stats_msg *nsm; + struct ofpbuf *msg; + + msg = ofpbuf_new(1024); + put_stats_reply__(request, msg); - nsm = make_openflow(openflow_len, OFPT_STATS_REQUEST, bufferp); - nsm->type = htons(OFPST_VENDOR); - nsm->flags = htons(0); - nsm->vendor = htonl(NX_VENDOR_ID); - nsm->subtype = htonl(subtype); - return nsm; + list_init(replies); + list_push_back(replies, &msg->list_node); +} + +/* Prepares to append up to 'len' bytes to the series of statistics replies in + * 'replies', which should have been initialized with + * ofputil_start_stats_reply(). Returns an ofpbuf with at least 'len' bytes of + * tailroom. (The 'len' bytes have not actually be allocated; the caller must + * do so with e.g. ofpbuf_put_uninit().) */ +struct ofpbuf * +ofputil_reserve_stats_reply(size_t len, struct list *replies) +{ + struct ofpbuf *msg = ofpbuf_from_list(list_back(replies)); + struct ofp_stats_msg *osm = msg->data; + + if (msg->size + len <= UINT16_MAX) { + ofpbuf_prealloc_tailroom(msg, len); + } else { + osm->flags |= htons(OFPSF_REPLY_MORE); + + msg = ofpbuf_new(MAX(1024, sizeof(struct nicira_stats_msg) + len)); + put_stats_reply__(osm, msg); + list_push_back(replies, &msg->list_node); + } + return msg; } -/* Returns the first byte of the 'body' member of the ofp_stats_request or - * ofp_stats_reply in 'oh'. */ +/* Appends 'len' bytes to the series of statistics replies in 'replies', and + * returns the first byte. */ +void * +ofputil_append_stats_reply(size_t len, struct list *replies) +{ + return ofpbuf_put_uninit(ofputil_reserve_stats_reply(len, replies), len); +} + +/* Returns the first byte past the ofp_stats_msg header in 'oh'. */ const void * ofputil_stats_body(const struct ofp_header *oh) { assert(oh->type == OFPT_STATS_REQUEST || oh->type == OFPT_STATS_REPLY); - return ((const struct ofp_stats_request *) oh)->body; + return (const struct ofp_stats_msg *) oh + 1; } -/* Returns the length of the 'body' member of the ofp_stats_request or - * ofp_stats_reply in 'oh'. */ +/* Returns the number of bytes past the ofp_stats_msg header in 'oh'. */ size_t ofputil_stats_body_len(const struct ofp_header *oh) { assert(oh->type == OFPT_STATS_REQUEST || oh->type == OFPT_STATS_REPLY); - return ntohs(oh->length) - sizeof(struct ofp_stats_request); + return ntohs(oh->length) - sizeof(struct ofp_stats_msg); } -/* Returns the first byte of the body of the nicira_stats_msg in 'oh'. */ +/* Returns the first byte past the nicira_stats_msg header in 'oh'. */ const void * ofputil_nxstats_body(const struct ofp_header *oh) { @@ -1489,7 +2026,7 @@ ofputil_nxstats_body(const struct ofp_header *oh) return ((const struct nicira_stats_msg *) oh) + 1; } -/* Returns the length of the body of the nicira_stats_msg in 'oh'. */ +/* Returns the number of bytes past the nicira_stats_msg header in 'oh'. */ size_t ofputil_nxstats_body_len(const struct ofp_header *oh) { @@ -1510,7 +2047,7 @@ make_flow_mod(uint16_t command, const struct cls_rule *rule, ofm->header.length = htons(size); ofm->cookie = 0; ofm->priority = htons(MIN(rule->priority, UINT16_MAX)); - ofputil_cls_rule_to_match(rule, NXFF_OPENFLOW10, &ofm->match, 0, NULL); + ofputil_cls_rule_to_match(rule, &ofm->match); ofm->command = htons(command); return out; } @@ -1546,10 +2083,7 @@ make_add_simple_flow(const struct cls_rule *rule, struct ofpbuf *buffer; buffer = make_add_flow(rule, buffer_id, idle_timeout, sizeof *oao); - oao = ofpbuf_put_zeros(buffer, sizeof *oao); - oao->type = htons(OFPAT_OUTPUT); - oao->len = htons(sizeof *oao); - oao->port = htons(out_port); + ofputil_put_OFPAT_OUTPUT(buffer)->port = htons(out_port); return buffer; } else { return make_add_flow(rule, buffer_id, idle_timeout, 0); @@ -1594,7 +2128,7 @@ make_packet_out(const struct ofpbuf *packet, uint32_t buffer_id, opo->header.length = htons(size); opo->header.xid = htonl(0); opo->buffer_id = htonl(buffer_id); - opo->in_port = htons(in_port == ODPP_LOCAL ? OFPP_LOCAL : in_port); + opo->in_port = htons(in_port); opo->actions_len = htons(actions_len); ofpbuf_put(out, actions, actions_len); if (packet) { @@ -1657,83 +2191,41 @@ make_echo_reply(const struct ofp_header *rq) return out; } -const struct ofp_flow_stats * -flow_stats_first(struct flow_stats_iterator *iter, - const struct ofp_stats_reply *osr) -{ - iter->pos = osr->body; - iter->end = osr->body + (ntohs(osr->header.length) - - offsetof(struct ofp_stats_reply, body)); - return flow_stats_next(iter); -} - -const struct ofp_flow_stats * -flow_stats_next(struct flow_stats_iterator *iter) +const char * +ofputil_frag_handling_to_string(enum ofp_config_flags flags) { - ptrdiff_t bytes_left = iter->end - iter->pos; - const struct ofp_flow_stats *fs; - size_t length; - - if (bytes_left < sizeof *fs) { - if (bytes_left != 0) { - VLOG_WARN_RL(&bad_ofmsg_rl, - "%td leftover bytes in flow stats reply", bytes_left); - } - return NULL; - } - - fs = (const void *) iter->pos; - length = ntohs(fs->length); - if (length < sizeof *fs) { - VLOG_WARN_RL(&bad_ofmsg_rl, "flow stats length %zu is shorter than " - "min %zu", length, sizeof *fs); - return NULL; - } else if (length > bytes_left) { - VLOG_WARN_RL(&bad_ofmsg_rl, "flow stats length %zu but only %td " - "bytes left", length, bytes_left); - return NULL; - } else if ((length - sizeof *fs) % sizeof fs->actions[0]) { - VLOG_WARN_RL(&bad_ofmsg_rl, "flow stats length %zu has %zu bytes " - "left over in final action", length, - (length - sizeof *fs) % sizeof fs->actions[0]); - return NULL; - } - iter->pos += length; - return fs; -} - -static int -check_action_exact_len(const union ofp_action *a, unsigned int len, - unsigned int required_len) -{ - if (len != required_len) { - VLOG_WARN_RL(&bad_ofmsg_rl, "action %"PRIu16" has invalid length " - "%"PRIu16" (must be %u)\n", - ntohs(a->type), ntohs(a->header.len), required_len); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); + switch (flags & OFPC_FRAG_MASK) { + case OFPC_FRAG_NORMAL: return "normal"; + case OFPC_FRAG_DROP: return "drop"; + case OFPC_FRAG_REASM: return "reassemble"; + case OFPC_FRAG_NX_MATCH: return "nx-match"; } - return 0; + + NOT_REACHED(); } -static int -check_nx_action_exact_len(const struct nx_action_header *a, - unsigned int len, unsigned int required_len) -{ - if (len != required_len) { - VLOG_WARN_RL(&bad_ofmsg_rl, - "Nicira action %"PRIu16" has invalid length %"PRIu16" " - "(must be %u)\n", - ntohs(a->subtype), ntohs(a->len), required_len); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); +bool +ofputil_frag_handling_from_string(const char *s, enum ofp_config_flags *flags) +{ + if (!strcasecmp(s, "normal")) { + *flags = OFPC_FRAG_NORMAL; + } else if (!strcasecmp(s, "drop")) { + *flags = OFPC_FRAG_DROP; + } else if (!strcasecmp(s, "reassemble")) { + *flags = OFPC_FRAG_REASM; + } else if (!strcasecmp(s, "nx-match")) { + *flags = OFPC_FRAG_NX_MATCH; + } else { + return false; } - return 0; + return true; } /* Checks that 'port' is a valid output port for the OFPAT_OUTPUT action, given * that the switch will never have more than 'max_ports' ports. Returns 0 if - * 'port' is valid, otherwise an ofp_mkerr() return code. */ -static int -check_output_port(uint16_t port, int max_ports) + * 'port' is valid, otherwise an OpenFlow return code. */ +enum ofperr +ofputil_check_output_port(uint16_t port, int max_ports) { switch (port) { case OFPP_IN_PORT: @@ -1749,562 +2241,541 @@ check_output_port(uint16_t port, int max_ports) if (port < max_ports) { return 0; } - VLOG_WARN_RL(&bad_ofmsg_rl, "unknown output port %x", port); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_OUT_PORT); + return OFPERR_OFPBAC_BAD_OUT_PORT; } } -/* Checks that 'action' is a valid OFPAT_ENQUEUE action, given that the switch - * will never have more than 'max_ports' ports. Returns 0 if 'port' is valid, - * otherwise an ofp_mkerr() return code. */ -static int -check_enqueue_action(const union ofp_action *a, unsigned int len, - int max_ports) +#define OFPUTIL_NAMED_PORTS \ + OFPUTIL_NAMED_PORT(IN_PORT) \ + OFPUTIL_NAMED_PORT(TABLE) \ + OFPUTIL_NAMED_PORT(NORMAL) \ + OFPUTIL_NAMED_PORT(FLOOD) \ + OFPUTIL_NAMED_PORT(ALL) \ + OFPUTIL_NAMED_PORT(CONTROLLER) \ + OFPUTIL_NAMED_PORT(LOCAL) \ + OFPUTIL_NAMED_PORT(NONE) + +/* Checks whether 's' is the string representation of an OpenFlow port number, + * either as an integer or a string name (e.g. "LOCAL"). If it is, stores the + * number in '*port' and returns true. Otherwise, returns false. */ +bool +ofputil_port_from_string(const char *name, uint16_t *port) { - const struct ofp_action_enqueue *oae; - uint16_t port; - int error; + struct pair { + const char *name; + uint16_t value; + }; + static const struct pair pairs[] = { +#define OFPUTIL_NAMED_PORT(NAME) {#NAME, OFPP_##NAME}, + OFPUTIL_NAMED_PORTS +#undef OFPUTIL_NAMED_PORT + }; + static const int n_pairs = ARRAY_SIZE(pairs); + int i; - error = check_action_exact_len(a, len, 16); - if (error) { - return error; + if (str_to_int(name, 0, &i) && i >= 0 && i < UINT16_MAX) { + *port = i; + return true; } - oae = (const struct ofp_action_enqueue *) a; - port = ntohs(oae->port); - if (port < max_ports || port == OFPP_IN_PORT) { - return 0; + for (i = 0; i < n_pairs; i++) { + if (!strcasecmp(name, pairs[i].name)) { + *port = pairs[i].value; + return true; + } } - VLOG_WARN_RL(&bad_ofmsg_rl, "unknown enqueue port %x", port); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_OUT_PORT); + return false; } -static int -check_nicira_action(const union ofp_action *a, unsigned int len, - const struct flow *flow) +/* Appends to 's' a string representation of the OpenFlow port number 'port'. + * Most ports' string representation is just the port number, but for special + * ports, e.g. OFPP_LOCAL, it is the name, e.g. "LOCAL". */ +void +ofputil_format_port(uint16_t port, struct ds *s) { - const struct nx_action_header *nah; - uint16_t subtype; - int error; + const char *name; + + switch (port) { +#define OFPUTIL_NAMED_PORT(NAME) case OFPP_##NAME: name = #NAME; break; + OFPUTIL_NAMED_PORTS +#undef OFPUTIL_NAMED_PORT - if (len < 16) { - VLOG_WARN_RL(&bad_ofmsg_rl, - "Nicira vendor action only %u bytes", len); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); + default: + ds_put_format(s, "%"PRIu16, port); + return; } - nah = (const struct nx_action_header *) a; + ds_put_cstr(s, name); +} - subtype = ntohs(nah->subtype); - if (subtype > TYPE_MAXIMUM(enum nx_action_subtype)) { - /* This is necessary because enum nx_action_subtype is probably an - * 8-bit type, so the cast below throws away the top 8 bits. */ - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_VENDOR_TYPE); +static enum ofperr +check_resubmit_table(const struct nx_action_resubmit *nar) +{ + if (nar->pad[0] || nar->pad[1] || nar->pad[2]) { + return OFPERR_OFPBAC_BAD_ARGUMENT; } + return 0; +} - switch ((enum nx_action_subtype) subtype) { - case NXAST_RESUBMIT: - case NXAST_SET_TUNNEL: - case NXAST_DROP_SPOOFED_ARP: - case NXAST_SET_QUEUE: - case NXAST_POP_QUEUE: - return check_nx_action_exact_len(nah, len, 16); +static enum ofperr +check_output_reg(const struct nx_action_output_reg *naor, + const struct flow *flow) +{ + size_t i; - case NXAST_REG_MOVE: - error = check_nx_action_exact_len(nah, len, - sizeof(struct nx_action_reg_move)); - if (error) { - return error; + for (i = 0; i < sizeof naor->zero; i++) { + if (naor->zero[i]) { + return OFPERR_OFPBAC_BAD_ARGUMENT; } - return nxm_check_reg_move((const struct nx_action_reg_move *) a, flow); + } - case NXAST_REG_LOAD: - error = check_nx_action_exact_len(nah, len, - sizeof(struct nx_action_reg_load)); - if (error) { - return error; - } - return nxm_check_reg_load((const struct nx_action_reg_load *) a, flow); + return nxm_src_check(naor->src, nxm_decode_ofs(naor->ofs_nbits), + nxm_decode_n_bits(naor->ofs_nbits), flow); +} - case NXAST_NOTE: - return 0; +enum ofperr +validate_actions(const union ofp_action *actions, size_t n_actions, + const struct flow *flow, int max_ports) +{ + const union ofp_action *a; + size_t left; - case NXAST_SET_TUNNEL64: - return check_nx_action_exact_len( - nah, len, sizeof(struct nx_action_set_tunnel64)); + OFPUTIL_ACTION_FOR_EACH (a, left, actions, n_actions) { + enum ofperr error; + uint16_t port; + int code; + + code = ofputil_decode_action(a); + if (code < 0) { + error = -code; + VLOG_WARN_RL(&bad_ofmsg_rl, + "action decoding error at offset %td (%s)", + (a - actions) * sizeof *a, ofperr_get_name(error)); - case NXAST_MULTIPATH: - error = check_nx_action_exact_len( - nah, len, sizeof(struct nx_action_multipath)); - if (error) { return error; } - return multipath_check((const struct nx_action_multipath *) a); - case NXAST_SNAT__OBSOLETE: - default: - VLOG_WARN_RL(&bad_ofmsg_rl, - "unknown Nicira vendor action subtype %"PRIu16, - ntohs(nah->subtype)); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_VENDOR_TYPE); - } -} + error = 0; + switch ((enum ofputil_action_code) code) { + case OFPUTIL_OFPAT_OUTPUT: + error = ofputil_check_output_port(ntohs(a->output.port), + max_ports); + break; -static int -check_action(const union ofp_action *a, unsigned int len, - const struct flow *flow, int max_ports) -{ - enum ofp_action_type type = ntohs(a->type); - int error; + case OFPUTIL_OFPAT_SET_VLAN_VID: + if (a->vlan_vid.vlan_vid & ~htons(0xfff)) { + error = OFPERR_OFPBAC_BAD_ARGUMENT; + } + break; - switch (type) { - case OFPAT_OUTPUT: - error = check_action_exact_len(a, len, 8); - if (error) { - return error; - } - return check_output_port(ntohs(a->output.port), max_ports); + case OFPUTIL_OFPAT_SET_VLAN_PCP: + if (a->vlan_pcp.vlan_pcp & ~7) { + error = OFPERR_OFPBAC_BAD_ARGUMENT; + } + break; - case OFPAT_SET_VLAN_VID: - error = check_action_exact_len(a, len, 8); - if (error) { - return error; - } - if (a->vlan_vid.vlan_vid & ~htons(0xfff)) { - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT); - } - return 0; + case OFPUTIL_OFPAT_ENQUEUE: + port = ntohs(((const struct ofp_action_enqueue *) a)->port); + if (port >= max_ports && port != OFPP_IN_PORT + && port != OFPP_LOCAL) { + error = OFPERR_OFPBAC_BAD_OUT_PORT; + } + break; - case OFPAT_SET_VLAN_PCP: - error = check_action_exact_len(a, len, 8); - if (error) { - return error; - } - if (a->vlan_vid.vlan_vid & ~7) { - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT); - } - return 0; + case OFPUTIL_NXAST_REG_MOVE: + error = nxm_check_reg_move((const struct nx_action_reg_move *) a, + flow); + break; - case OFPAT_STRIP_VLAN: - case OFPAT_SET_NW_SRC: - case OFPAT_SET_NW_DST: - case OFPAT_SET_NW_TOS: - case OFPAT_SET_TP_SRC: - case OFPAT_SET_TP_DST: - return check_action_exact_len(a, len, 8); + case OFPUTIL_NXAST_REG_LOAD: + error = nxm_check_reg_load((const struct nx_action_reg_load *) a, + flow); + break; - case OFPAT_SET_DL_SRC: - case OFPAT_SET_DL_DST: - return check_action_exact_len(a, len, 16); + case OFPUTIL_NXAST_MULTIPATH: + error = multipath_check((const struct nx_action_multipath *) a, + flow); + break; - case OFPAT_VENDOR: - return (a->vendor.vendor == htonl(NX_VENDOR_ID) - ? check_nicira_action(a, len, flow) - : ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_VENDOR)); + case OFPUTIL_NXAST_AUTOPATH: + error = autopath_check((const struct nx_action_autopath *) a, + flow); + break; - case OFPAT_ENQUEUE: - return check_enqueue_action(a, len, max_ports); + case OFPUTIL_NXAST_BUNDLE: + case OFPUTIL_NXAST_BUNDLE_LOAD: + error = bundle_check((const struct nx_action_bundle *) a, + max_ports, flow); + break; - default: - VLOG_WARN_RL(&bad_ofmsg_rl, "unknown action type %d", (int) type); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_TYPE); - } -} + case OFPUTIL_NXAST_OUTPUT_REG: + error = check_output_reg((const struct nx_action_output_reg *) a, + flow); + break; -int -validate_actions(const union ofp_action *actions, size_t n_actions, - const struct flow *flow, int max_ports) -{ - size_t i; + case OFPUTIL_NXAST_RESUBMIT_TABLE: + error = check_resubmit_table( + (const struct nx_action_resubmit *) a); + break; - for (i = 0; i < n_actions; ) { - const union ofp_action *a = &actions[i]; - unsigned int len = ntohs(a->header.len); - unsigned int n_slots = len / OFP_ACTION_ALIGN; - unsigned int slots_left = &actions[n_actions] - a; - int error; + case OFPUTIL_NXAST_LEARN: + error = learn_check((const struct nx_action_learn *) a, flow); + break; - if (n_slots > slots_left) { - VLOG_WARN_RL(&bad_ofmsg_rl, - "action requires %u slots but only %u remain", - n_slots, slots_left); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); - } else if (!len) { - VLOG_WARN_RL(&bad_ofmsg_rl, "action has invalid length 0"); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); - } else if (len % OFP_ACTION_ALIGN) { - VLOG_WARN_RL(&bad_ofmsg_rl, "action length %u is not a multiple " - "of %d", len, OFP_ACTION_ALIGN); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); + case OFPUTIL_OFPAT_STRIP_VLAN: + case OFPUTIL_OFPAT_SET_NW_SRC: + case OFPUTIL_OFPAT_SET_NW_DST: + case OFPUTIL_OFPAT_SET_NW_TOS: + case OFPUTIL_OFPAT_SET_TP_SRC: + case OFPUTIL_OFPAT_SET_TP_DST: + case OFPUTIL_OFPAT_SET_DL_SRC: + case OFPUTIL_OFPAT_SET_DL_DST: + case OFPUTIL_NXAST_RESUBMIT: + case OFPUTIL_NXAST_SET_TUNNEL: + case OFPUTIL_NXAST_SET_QUEUE: + case OFPUTIL_NXAST_POP_QUEUE: + case OFPUTIL_NXAST_NOTE: + case OFPUTIL_NXAST_SET_TUNNEL64: + case OFPUTIL_NXAST_EXIT: + case OFPUTIL_NXAST_DEC_TTL: + break; } - error = check_action(a, len, flow, max_ports); if (error) { + VLOG_WARN_RL(&bad_ofmsg_rl, "bad action at offset %td (%s)", + (a - actions) * sizeof *a, ofperr_get_name(error)); return error; } - i += n_slots; + } + if (left) { + VLOG_WARN_RL(&bad_ofmsg_rl, "bad action format at offset %zu", + (n_actions - left) * sizeof *a); + return OFPERR_OFPBAC_BAD_LEN; } return 0; } -/* Returns true if 'action' outputs to 'port' (which must be in network byte - * order), false otherwise. */ -bool -action_outputs_to_port(const union ofp_action *action, uint16_t port) -{ - switch (ntohs(action->type)) { - case OFPAT_OUTPUT: - return action->output.port == port; - case OFPAT_ENQUEUE: - return ((const struct ofp_action_enqueue *) action)->port == port; - default: - return false; - } -} +struct ofputil_action { + int code; + unsigned int min_len; + unsigned int max_len; +}; -/* The set of actions must either come from a trusted source or have been - * previously validated with validate_actions(). */ -const union ofp_action * -actions_first(struct actions_iterator *iter, - const union ofp_action *oa, size_t n_actions) -{ - iter->pos = oa; - iter->end = oa + n_actions; - return actions_next(iter); -} +static const struct ofputil_action action_bad_type + = { -OFPERR_OFPBAC_BAD_TYPE, 0, UINT_MAX }; +static const struct ofputil_action action_bad_len + = { -OFPERR_OFPBAC_BAD_LEN, 0, UINT_MAX }; +static const struct ofputil_action action_bad_vendor + = { -OFPERR_OFPBAC_BAD_VENDOR, 0, UINT_MAX }; -const union ofp_action * -actions_next(struct actions_iterator *iter) +static const struct ofputil_action * +ofputil_decode_ofpat_action(const union ofp_action *a) { - if (iter->pos != iter->end) { - const union ofp_action *a = iter->pos; - unsigned int len = ntohs(a->header.len); - iter->pos += len / OFP_ACTION_ALIGN; - return a; - } else { - return NULL; - } -} + enum ofp_action_type type = ntohs(a->type); -void -normalize_match(struct ofp_match *m) -{ - enum { OFPFW_NW = (OFPFW_NW_SRC_MASK | OFPFW_NW_DST_MASK | OFPFW_NW_PROTO - | OFPFW_NW_TOS) }; - enum { OFPFW_TP = OFPFW_TP_SRC | OFPFW_TP_DST }; - uint32_t wc; - - wc = ntohl(m->wildcards) & OVSFW_ALL; - if (wc & OFPFW_DL_TYPE) { - m->dl_type = 0; - - /* Can't sensibly match on network or transport headers if the - * data link type is unknown. */ - wc |= OFPFW_NW | OFPFW_TP; - m->nw_src = m->nw_dst = m->nw_proto = m->nw_tos = 0; - m->tp_src = m->tp_dst = 0; - } else if (m->dl_type == htons(ETH_TYPE_IP)) { - if (wc & OFPFW_NW_PROTO) { - m->nw_proto = 0; - - /* Can't sensibly match on transport headers if the network - * protocol is unknown. */ - wc |= OFPFW_TP; - m->tp_src = m->tp_dst = 0; - } else if (m->nw_proto == IPPROTO_TCP || - m->nw_proto == IPPROTO_UDP || - m->nw_proto == IPPROTO_ICMP) { - if (wc & OFPFW_TP_SRC) { - m->tp_src = 0; - } - if (wc & OFPFW_TP_DST) { - m->tp_dst = 0; - } - } else { - /* Transport layer fields will always be extracted as zeros, so we - * can do an exact-match on those values. */ - wc &= ~OFPFW_TP; - m->tp_src = m->tp_dst = 0; - } - if (wc & OFPFW_NW_SRC_MASK) { - m->nw_src &= ofputil_wcbits_to_netmask(wc >> OFPFW_NW_SRC_SHIFT); - } - if (wc & OFPFW_NW_DST_MASK) { - m->nw_dst &= ofputil_wcbits_to_netmask(wc >> OFPFW_NW_DST_SHIFT); - } - if (wc & OFPFW_NW_TOS) { - m->nw_tos = 0; - } else { - m->nw_tos &= IP_DSCP_MASK; - } - } else if (m->dl_type == htons(ETH_TYPE_ARP)) { - if (wc & OFPFW_NW_PROTO) { - m->nw_proto = 0; - } - if (wc & OFPFW_NW_SRC_MASK) { - m->nw_src &= ofputil_wcbits_to_netmask(wc >> OFPFW_NW_SRC_SHIFT); - } - if (wc & OFPFW_NW_DST_MASK) { - m->nw_dst &= ofputil_wcbits_to_netmask(wc >> OFPFW_NW_DST_SHIFT); + switch (type) { +#define OFPAT_ACTION(ENUM, STRUCT, NAME) \ + case ENUM: { \ + static const struct ofputil_action action = { \ + OFPUTIL_##ENUM, \ + sizeof(struct STRUCT), \ + sizeof(struct STRUCT) \ + }; \ + return &action; \ } - m->tp_src = m->tp_dst = m->nw_tos = 0; - } else if (m->dl_type == htons(ETH_TYPE_IPV6)) { - /* Don't normalize IPv6 traffic, since OpenFlow doesn't have a - * way to express it. */ - } else { - /* Network and transport layer fields will always be extracted as - * zeros, so we can do an exact-match on those values. */ - wc &= ~(OFPFW_NW | OFPFW_TP); - m->nw_proto = m->nw_src = m->nw_dst = m->nw_tos = 0; - m->tp_src = m->tp_dst = 0; - } - if (wc & OFPFW_DL_SRC) { - memset(m->dl_src, 0, sizeof m->dl_src); - } - if (wc & OFPFW_DL_DST) { - memset(m->dl_dst, 0, sizeof m->dl_dst); - } - m->wildcards = htonl(wc); -} +#include "ofp-util.def" -/* Returns a string that describes 'match' in a very literal way, without - * interpreting its contents except in a very basic fashion. The returned - * string is intended to be fixed-length, so that it is easy to see differences - * between two such strings if one is put above another. This is useful for - * describing changes made by normalize_match(). - * - * The caller must free the returned string (with free()). */ -char * -ofp_match_to_literal_string(const struct ofp_match *match) -{ - return xasprintf("wildcards=%#10"PRIx32" " - " in_port=%5"PRId16" " - " dl_src="ETH_ADDR_FMT" " - " dl_dst="ETH_ADDR_FMT" " - " dl_vlan=%5"PRId16" " - " dl_vlan_pcp=%3"PRId8" " - " dl_type=%#6"PRIx16" " - " nw_tos=%#4"PRIx8" " - " nw_proto=%#4"PRIx16" " - " nw_src=%#10"PRIx32" " - " nw_dst=%#10"PRIx32" " - " tp_src=%5"PRId16" " - " tp_dst=%5"PRId16, - ntohl(match->wildcards), - ntohs(match->in_port), - ETH_ADDR_ARGS(match->dl_src), - ETH_ADDR_ARGS(match->dl_dst), - ntohs(match->dl_vlan), - match->dl_vlan_pcp, - ntohs(match->dl_type), - match->nw_tos, - match->nw_proto, - ntohl(match->nw_src), - ntohl(match->nw_dst), - ntohs(match->tp_src), - ntohs(match->tp_dst)); -} - -static uint32_t -vendor_code_to_id(uint8_t code) -{ - switch (code) { -#define OFPUTIL_VENDOR(NAME, VENDOR_ID) case NAME: return VENDOR_ID; - OFPUTIL_VENDORS -#undef OFPUTIL_VENDOR + case OFPAT_VENDOR: default: - return UINT32_MAX; + return &action_bad_type; } } -static int -vendor_id_to_code(uint32_t id) +static const struct ofputil_action * +ofputil_decode_nxast_action(const union ofp_action *a) { - switch (id) { -#define OFPUTIL_VENDOR(NAME, VENDOR_ID) case VENDOR_ID: return NAME; - OFPUTIL_VENDORS -#undef OFPUTIL_VENDOR + const struct nx_action_header *nah = (const struct nx_action_header *) a; + enum nx_action_subtype subtype = ntohs(nah->subtype); + + switch (subtype) { +#define NXAST_ACTION(ENUM, STRUCT, EXTENSIBLE, NAME) \ + case ENUM: { \ + static const struct ofputil_action action = { \ + OFPUTIL_##ENUM, \ + sizeof(struct STRUCT), \ + EXTENSIBLE ? UINT_MAX : sizeof(struct STRUCT) \ + }; \ + return &action; \ + } +#include "ofp-util.def" + + case NXAST_SNAT__OBSOLETE: + case NXAST_DROP_SPOOFED_ARP__OBSOLETE: default: - return -1; + return &action_bad_type; } } -/* Creates and returns an OpenFlow message of type OFPT_ERROR with the error - * information taken from 'error', whose encoding must be as described in the - * large comment in ofp-util.h. If 'oh' is nonnull, then the error will use - * oh->xid as its transaction ID, and it will include up to the first 64 bytes - * of 'oh'. +/* Parses 'a' to determine its type. Returns a nonnegative OFPUTIL_OFPAT_* or + * OFPUTIL_NXAST_* constant if successful, otherwise a negative OFPERR_* error + * code. * - * Returns NULL if 'error' is not an OpenFlow error code. */ -struct ofpbuf * -ofputil_encode_error_msg(int error, const struct ofp_header *oh) + * The caller must have already verified that 'a''s length is correct (that is, + * a->header.len is nonzero and a multiple of sizeof(union ofp_action) and no + * longer than the amount of space allocated to 'a'). + * + * This function verifies that 'a''s length is correct for the type of action + * that it represents. */ +int +ofputil_decode_action(const union ofp_action *a) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - - struct ofpbuf *buf; - const void *data; - size_t len; - uint8_t vendor; - uint16_t type; - uint16_t code; - ovs_be32 xid; - - if (!is_ofp_error(error)) { - /* We format 'error' with strerror() here since it seems likely to be - * a system errno value. */ - VLOG_WARN_RL(&rl, "invalid OpenFlow error code %d (%s)", - error, strerror(error)); - return NULL; - } - - if (oh) { - xid = oh->xid; - data = oh; - len = ntohs(oh->length); - if (len > 64) { - len = 64; - } - } else { - xid = 0; - data = NULL; - len = 0; - } - - vendor = get_ofp_err_vendor(error); - type = get_ofp_err_type(error); - code = get_ofp_err_code(error); - if (vendor == OFPUTIL_VENDOR_OPENFLOW) { - struct ofp_error_msg *oem; + const struct ofputil_action *action; + uint16_t len = ntohs(a->header.len); - oem = make_openflow_xid(len + sizeof *oem, OFPT_ERROR, xid, &buf); - oem->type = htons(type); - oem->code = htons(code); + if (a->type != htons(OFPAT_VENDOR)) { + action = ofputil_decode_ofpat_action(a); } else { - struct ofp_error_msg *oem; - struct nx_vendor_error *nve; - uint32_t vendor_id; - - vendor_id = vendor_code_to_id(vendor); - if (vendor_id == UINT32_MAX) { - VLOG_WARN_RL(&rl, "error %x contains invalid vendor code %d", - error, vendor); - return NULL; + switch (ntohl(a->vendor.vendor)) { + case NX_VENDOR_ID: + if (len < sizeof(struct nx_action_header)) { + return -OFPERR_OFPBAC_BAD_LEN; + } + action = ofputil_decode_nxast_action(a); + break; + default: + action = &action_bad_vendor; + break; } + } - oem = make_openflow_xid(len + sizeof *oem + sizeof *nve, - OFPT_ERROR, xid, &buf); - oem->type = htons(NXET_VENDOR); - oem->code = htons(NXVC_VENDOR_ERROR); + return (len >= action->min_len && len <= action->max_len + ? action->code + : -OFPERR_OFPBAC_BAD_LEN); +} - nve = (struct nx_vendor_error *)oem->data; - nve->vendor = htonl(vendor_id); - nve->type = htons(type); - nve->code = htons(code); - } +/* Parses 'a' and returns its type as an OFPUTIL_OFPAT_* or OFPUTIL_NXAST_* + * constant. The caller must have already validated that 'a' is a valid action + * understood by Open vSwitch (e.g. by a previous successful call to + * ofputil_decode_action()). */ +enum ofputil_action_code +ofputil_decode_action_unsafe(const union ofp_action *a) +{ + const struct ofputil_action *action; - if (len) { - buf->size -= len; - ofpbuf_put(buf, data, len); + if (a->type != htons(OFPAT_VENDOR)) { + action = ofputil_decode_ofpat_action(a); + } else { + action = ofputil_decode_nxast_action(a); } - return buf; + return action->code; } -/* Decodes 'oh', which should be an OpenFlow OFPT_ERROR message, and returns an - * Open vSwitch internal error code in the format described in the large - * comment in ofp-util.h. +/* Returns the 'enum ofputil_action_code' corresponding to 'name' (e.g. if + * 'name' is "output" then the return value is OFPUTIL_OFPAT_OUTPUT), or -1 if + * 'name' is not the name of any action. * - * If 'payload_ofs' is nonnull, on success '*payload_ofs' is set to the offset - * to the payload starting from 'oh' and on failure it is set to 0. */ + * ofp-util.def lists the mapping from names to action. */ int -ofputil_decode_error_msg(const struct ofp_header *oh, size_t *payload_ofs) +ofputil_action_code_from_name(const char *name) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); + static const char *names[OFPUTIL_N_ACTIONS] = { +#define OFPAT_ACTION(ENUM, STRUCT, NAME) NAME, +#define NXAST_ACTION(ENUM, STRUCT, EXTENSIBLE, NAME) NAME, +#include "ofp-util.def" + }; - const struct ofp_error_msg *oem; - uint16_t type, code; - struct ofpbuf b; - int vendor; + const char **p; - if (payload_ofs) { - *payload_ofs = 0; - } - if (oh->type != OFPT_ERROR) { - return EPROTO; + for (p = names; p < &names[ARRAY_SIZE(names)]; p++) { + if (*p && !strcasecmp(name, *p)) { + return p - names; + } } + return -1; +} - ofpbuf_use_const(&b, oh, ntohs(oh->length)); - oem = ofpbuf_try_pull(&b, sizeof *oem); - if (!oem) { - return EPROTO; +/* Appends an action of the type specified by 'code' to 'buf' and returns the + * action. Initializes the parts of 'action' that identify it as having type + * and length 'sizeof *action' and zeros the rest. For actions that + * have variable length, the length used and cleared is that of struct + * . */ +void * +ofputil_put_action(enum ofputil_action_code code, struct ofpbuf *buf) +{ + switch (code) { +#define OFPAT_ACTION(ENUM, STRUCT, NAME) \ + case OFPUTIL_##ENUM: return ofputil_put_##ENUM(buf); +#define NXAST_ACTION(ENUM, STRUCT, EXTENSIBLE, NAME) \ + case OFPUTIL_##ENUM: return ofputil_put_##ENUM(buf); +#include "ofp-util.def" + } + NOT_REACHED(); +} + +#define OFPAT_ACTION(ENUM, STRUCT, NAME) \ + void \ + ofputil_init_##ENUM(struct STRUCT *s) \ + { \ + memset(s, 0, sizeof *s); \ + s->type = htons(ENUM); \ + s->len = htons(sizeof *s); \ + } \ + \ + struct STRUCT * \ + ofputil_put_##ENUM(struct ofpbuf *buf) \ + { \ + struct STRUCT *s = ofpbuf_put_uninit(buf, sizeof *s); \ + ofputil_init_##ENUM(s); \ + return s; \ + } +#define NXAST_ACTION(ENUM, STRUCT, EXTENSIBLE, NAME) \ + void \ + ofputil_init_##ENUM(struct STRUCT *s) \ + { \ + memset(s, 0, sizeof *s); \ + s->type = htons(OFPAT_VENDOR); \ + s->len = htons(sizeof *s); \ + s->vendor = htonl(NX_VENDOR_ID); \ + s->subtype = htons(ENUM); \ + } \ + \ + struct STRUCT * \ + ofputil_put_##ENUM(struct ofpbuf *buf) \ + { \ + struct STRUCT *s = ofpbuf_put_uninit(buf, sizeof *s); \ + ofputil_init_##ENUM(s); \ + return s; \ + } +#include "ofp-util.def" + +/* Returns true if 'action' outputs to 'port', false otherwise. */ +bool +action_outputs_to_port(const union ofp_action *action, ovs_be16 port) +{ + switch (ntohs(action->type)) { + case OFPAT_OUTPUT: + return action->output.port == port; + case OFPAT_ENQUEUE: + return ((const struct ofp_action_enqueue *) action)->port == port; + default: + return false; } +} - type = ntohs(oem->type); - code = ntohs(oem->code); - if (type == NXET_VENDOR && code == NXVC_VENDOR_ERROR) { - const struct nx_vendor_error *nve = ofpbuf_try_pull(&b, sizeof *nve); - if (!nve) { - return EPROTO; +/* "Normalizes" the wildcards in 'rule'. That means: + * + * 1. If the type of level N is known, then only the valid fields for that + * level may be specified. For example, ARP does not have a TOS field, + * so nw_tos must be wildcarded if 'rule' specifies an ARP flow. + * Similarly, IPv4 does not have any IPv6 addresses, so ipv6_src and + * ipv6_dst (and other fields) must be wildcarded if 'rule' specifies an + * IPv4 flow. + * + * 2. If the type of level N is not known (or not understood by Open + * vSwitch), then no fields at all for that level may be specified. For + * example, Open vSwitch does not understand SCTP, an L4 protocol, so the + * L4 fields tp_src and tp_dst must be wildcarded if 'rule' specifies an + * SCTP flow. + * + * 'flow_format' specifies the format of the flow as received or as intended to + * be sent. This is important for IPv6 and ARP, for which NXM supports more + * detailed matching. */ +void +ofputil_normalize_rule(struct cls_rule *rule, enum nx_flow_format flow_format) +{ + enum { + MAY_NW_ADDR = 1 << 0, /* nw_src, nw_dst */ + MAY_TP_ADDR = 1 << 1, /* tp_src, tp_dst */ + MAY_NW_PROTO = 1 << 2, /* nw_proto */ + MAY_IPVx = 1 << 3, /* tos, frag, ttl */ + MAY_ARP_SHA = 1 << 4, /* arp_sha */ + MAY_ARP_THA = 1 << 5, /* arp_tha */ + MAY_IPV6 = 1 << 6, /* ipv6_src, ipv6_dst, ipv6_label */ + MAY_ND_TARGET = 1 << 7 /* nd_target */ + } may_match; + + struct flow_wildcards wc; + + /* Figure out what fields may be matched. */ + if (rule->flow.dl_type == htons(ETH_TYPE_IP)) { + may_match = MAY_NW_PROTO | MAY_IPVx | MAY_NW_ADDR; + if (rule->flow.nw_proto == IPPROTO_TCP || + rule->flow.nw_proto == IPPROTO_UDP || + rule->flow.nw_proto == IPPROTO_ICMP) { + may_match |= MAY_TP_ADDR; } - - vendor = vendor_id_to_code(ntohl(nve->vendor)); - if (vendor < 0) { - VLOG_WARN_RL(&rl, "error contains unknown vendor ID %#"PRIx32, - ntohl(nve->vendor)); - return EPROTO; + } else if (rule->flow.dl_type == htons(ETH_TYPE_IPV6) + && flow_format == NXFF_NXM) { + may_match = MAY_NW_PROTO | MAY_IPVx | MAY_IPV6; + if (rule->flow.nw_proto == IPPROTO_TCP || + rule->flow.nw_proto == IPPROTO_UDP) { + may_match |= MAY_TP_ADDR; + } else if (rule->flow.nw_proto == IPPROTO_ICMPV6) { + may_match |= MAY_TP_ADDR; + if (rule->flow.tp_src == htons(ND_NEIGHBOR_SOLICIT)) { + may_match |= MAY_ND_TARGET | MAY_ARP_SHA; + } else if (rule->flow.tp_src == htons(ND_NEIGHBOR_ADVERT)) { + may_match |= MAY_ND_TARGET | MAY_ARP_THA; + } + } + } else if (rule->flow.dl_type == htons(ETH_TYPE_ARP)) { + may_match = MAY_NW_PROTO | MAY_NW_ADDR; + if (flow_format == NXFF_NXM) { + may_match |= MAY_ARP_SHA | MAY_ARP_THA; } - type = ntohs(nve->type); - code = ntohs(nve->code); } else { - vendor = OFPUTIL_VENDOR_OPENFLOW; + may_match = 0; } - if (type >= 1024) { - VLOG_WARN_RL(&rl, "error contains type %"PRIu16" greater than " - "supported maximum value 1023", type); - return EPROTO; + /* Clear the fields that may not be matched. */ + wc = rule->wc; + if (!(may_match & MAY_NW_ADDR)) { + wc.nw_src_mask = wc.nw_dst_mask = htonl(0); } - - if (payload_ofs) { - *payload_ofs = (uint8_t *) b.data - (uint8_t *) oh; + if (!(may_match & MAY_TP_ADDR)) { + wc.wildcards |= FWW_TP_SRC | FWW_TP_DST; + } + if (!(may_match & MAY_NW_PROTO)) { + wc.wildcards |= FWW_NW_PROTO; + } + if (!(may_match & MAY_IPVx)) { + wc.wildcards |= FWW_NW_DSCP; + wc.wildcards |= FWW_NW_ECN; + wc.wildcards |= FWW_NW_TTL; + } + if (!(may_match & MAY_ARP_SHA)) { + wc.wildcards |= FWW_ARP_SHA; + } + if (!(may_match & MAY_ARP_THA)) { + wc.wildcards |= FWW_ARP_THA; + } + if (!(may_match & MAY_IPV6)) { + wc.ipv6_src_mask = wc.ipv6_dst_mask = in6addr_any; + wc.wildcards |= FWW_IPV6_LABEL; + } + if (!(may_match & MAY_ND_TARGET)) { + wc.wildcards |= FWW_ND_TARGET; } - return ofp_mkerr_vendor(vendor, type, code); -} -void -ofputil_format_error(struct ds *s, int error) -{ - if (is_errno(error)) { - ds_put_cstr(s, strerror(error)); - } else { - uint16_t type = get_ofp_err_type(error); - uint16_t code = get_ofp_err_code(error); - const char *type_s = ofp_error_type_to_string(type); - const char *code_s = ofp_error_code_to_string(type, code); - - ds_put_format(s, "type "); - if (type_s) { - ds_put_cstr(s, type_s); - } else { - ds_put_format(s, "%"PRIu16, type); - } + /* Log any changes. */ + if (!flow_wildcards_equal(&wc, &rule->wc)) { + bool log = !VLOG_DROP_INFO(&bad_ofmsg_rl); + char *pre = log ? cls_rule_to_string(rule) : NULL; - ds_put_cstr(s, ", code "); - if (code_s) { - ds_put_cstr(s, code_s); - } else { - ds_put_format(s, "%"PRIu16, code); + rule->wc = wc; + cls_rule_zero_wildcarded_fields(rule); + + if (log) { + char *post = cls_rule_to_string(rule); + VLOG_INFO("normalization changed ofp_match, details:"); + VLOG_INFO(" pre: %s", pre); + VLOG_INFO("post: %s", post); + free(pre); + free(post); } } } -char * -ofputil_error_to_string(int error) -{ - struct ds s = DS_EMPTY_INITIALIZER; - ofputil_format_error(&s, error); - return ds_steal_cstr(&s); -} - /* Attempts to pull 'actions_len' bytes from the front of 'b'. Returns 0 if * successful, otherwise an OpenFlow error. * @@ -2316,7 +2787,7 @@ ofputil_error_to_string(int error) * do so, with validate_actions()). The caller is also responsible for making * sure that 'b->data' is initially aligned appropriately for "union * ofp_action". */ -int +enum ofperr ofputil_pull_actions(struct ofpbuf *b, unsigned int actions_len, union ofp_action **actionsp, size_t *n_actionsp) { @@ -2340,5 +2811,87 @@ ofputil_pull_actions(struct ofpbuf *b, unsigned int actions_len, error: *actionsp = NULL; *n_actionsp = 0; - return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN); + return OFPERR_OFPBRC_BAD_LEN; +} + +bool +ofputil_actions_equal(const union ofp_action *a, size_t n_a, + const union ofp_action *b, size_t n_b) +{ + return n_a == n_b && (!n_a || !memcmp(a, b, n_a * sizeof *a)); +} + +union ofp_action * +ofputil_actions_clone(const union ofp_action *actions, size_t n) +{ + return n ? xmemdup(actions, n * sizeof *actions) : NULL; +} + +/* Parses a key or a key-value pair from '*stringp'. + * + * On success: Stores the key into '*keyp'. Stores the value, if present, into + * '*valuep', otherwise an empty string. Advances '*stringp' past the end of + * the key-value pair, preparing it for another call. '*keyp' and '*valuep' + * are substrings of '*stringp' created by replacing some of its bytes by null + * terminators. Returns true. + * + * If '*stringp' is just white space or commas, sets '*keyp' and '*valuep' to + * NULL and returns false. */ +bool +ofputil_parse_key_value(char **stringp, char **keyp, char **valuep) +{ + char *pos, *key, *value; + size_t key_len; + + pos = *stringp; + pos += strspn(pos, ", \t\r\n"); + if (*pos == '\0') { + *keyp = *valuep = NULL; + return false; + } + + key = pos; + key_len = strcspn(pos, ":=(, \t\r\n"); + if (key[key_len] == ':' || key[key_len] == '=') { + /* The value can be separated by a colon. */ + size_t value_len; + + value = key + key_len + 1; + value_len = strcspn(value, ", \t\r\n"); + pos = value + value_len + (value[value_len] != '\0'); + value[value_len] = '\0'; + } else if (key[key_len] == '(') { + /* The value can be surrounded by balanced parentheses. The outermost + * set of parentheses is removed. */ + int level = 1; + size_t value_len; + + value = key + key_len + 1; + for (value_len = 0; level > 0; value_len++) { + switch (value[value_len]) { + case '\0': + ovs_fatal(0, "unbalanced parentheses in argument to %s", key); + + case '(': + level++; + break; + + case ')': + level--; + break; + } + } + value[value_len - 1] = '\0'; + pos = value + value_len; + } else { + /* There might be no value at all. */ + value = key + key_len; /* Will become the empty string below. */ + pos = key + key_len + (key[key_len] != '\0'); + } + key[key_len] = '\0'; + + *stringp = pos; + *keyp = key; + *valuep = value; + return true; }