X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=ofproto%2Fofproto-dpif.c;h=7b3e1eb649c13ad4eb36ee3b9df138b3b0778038;hb=94b8c324a11de4e4ab7647e8ad87fd01a8163f6d;hp=d5cfc16a9715bde83fb4a9b39392f6ed402b75c6;hpb=c985ec94a2fe051f083a55d67311e643a432a7ae;p=sliver-openvswitch.git diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c index d5cfc16a9..7b3e1eb64 100644 --- a/ofproto/ofproto-dpif.c +++ b/ofproto/ofproto-dpif.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2010, 2011, 2012, 2013 Nicira, Inc. + * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014 Nicira, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ #include +#include "ofproto/ofproto-dpif.h" #include "ofproto/ofproto-provider.h" #include @@ -24,12 +25,14 @@ #include "bond.h" #include "bundle.h" #include "byte-order.h" +#include "connectivity.h" #include "connmgr.h" #include "coverage.h" #include "cfm.h" #include "dpif.h" #include "dynamic-string.h" #include "fail-open.h" +#include "guarded-list.h" #include "hmapx.h" #include "lacp.h" #include "learn.h" @@ -47,10 +50,14 @@ #include "ofp-actions.h" #include "ofp-parse.h" #include "ofp-print.h" -#include "ofproto-dpif-governor.h" #include "ofproto-dpif-ipfix.h" +#include "ofproto-dpif-mirror.h" +#include "ofproto-dpif-monitor.h" #include "ofproto-dpif-sflow.h" +#include "ofproto-dpif-upcall.h" +#include "ofproto-dpif-xlate.h" #include "poll-loop.h" +#include "seq.h" #include "simap.h" #include "smap.h" #include "timer.h" @@ -63,100 +70,44 @@ VLOG_DEFINE_THIS_MODULE(ofproto_dpif); COVERAGE_DEFINE(ofproto_dpif_expired); -COVERAGE_DEFINE(ofproto_dpif_xlate); -COVERAGE_DEFINE(facet_changed_rule); -COVERAGE_DEFINE(facet_revalidate); -COVERAGE_DEFINE(facet_unexpected); -COVERAGE_DEFINE(facet_suppress); - -/* Maximum depth of flow table recursion (due to resubmit actions) in a - * flow translation. */ -#define MAX_RESUBMIT_RECURSION 64 +COVERAGE_DEFINE(packet_in_overflow); /* Number of implemented OpenFlow tables. */ enum { N_TABLES = 255 }; enum { TBL_INTERNAL = N_TABLES - 1 }; /* Used for internal hidden rules. */ BUILD_ASSERT_DECL(N_TABLES >= 2 && N_TABLES <= 255); -struct ofport_dpif; -struct ofproto_dpif; struct flow_miss; -struct facet; struct rule_dpif { struct rule up; /* These statistics: * - * - Do include packets and bytes from facets that have been deleted or - * whose own statistics have been folded into the rule. - * - * - Do include packets and bytes sent "by hand" that were accounted to - * the rule without any facet being involved (this is a rare corner - * case in rule_execute()). - * - * - Do not include packet or bytes that can be obtained from any facet's - * packet_count or byte_count member or that can be obtained from the - * datapath by, e.g., dpif_flow_get() for any subfacet. - */ - uint64_t packet_count; /* Number of packets received. */ - uint64_t byte_count; /* Number of bytes received. */ - - tag_type tag; /* Caches rule_calculate_tag() result. */ - - struct list facets; /* List of "struct facet"s. */ + * - Do include packets and bytes from datapath flows which have not + * recently been processed by a revalidator. */ + struct ovs_mutex stats_mutex; + uint64_t packet_count OVS_GUARDED; /* Number of packets received. */ + uint64_t byte_count OVS_GUARDED; /* Number of bytes received. */ }; -static struct rule_dpif *rule_dpif_cast(const struct rule *rule) -{ - return rule ? CONTAINER_OF(rule, struct rule_dpif, up) : NULL; -} - -static struct rule_dpif *rule_dpif_lookup(struct ofproto_dpif *, - const struct flow *); -static struct rule_dpif *rule_dpif_lookup__(struct ofproto_dpif *, - const struct flow *, - uint8_t table); -static struct rule_dpif *rule_dpif_miss_rule(struct ofproto_dpif *ofproto, - const struct flow *flow); - static void rule_get_stats(struct rule *, uint64_t *packets, uint64_t *bytes); -static void rule_credit_stats(struct rule_dpif *, - const struct dpif_flow_stats *); -static tag_type rule_calculate_tag(const struct flow *, - const struct minimask *, uint32_t basis); -static void rule_invalidate(const struct rule_dpif *); - -#define MAX_MIRRORS 32 -typedef uint32_t mirror_mask_t; -#define MIRROR_MASK_C(X) UINT32_C(X) -BUILD_ASSERT_DECL(sizeof(mirror_mask_t) * CHAR_BIT >= MAX_MIRRORS); -struct ofmirror { - struct ofproto_dpif *ofproto; /* Owning ofproto. */ - size_t idx; /* In ofproto's "mirrors" array. */ - void *aux; /* Key supplied by ofproto's client. */ - char *name; /* Identifier for log messages. */ - - /* Selection criteria. */ - struct hmapx srcs; /* Contains "struct ofbundle *"s. */ - struct hmapx dsts; /* Contains "struct ofbundle *"s. */ - unsigned long *vlans; /* Bitmap of chosen VLANs, NULL selects all. */ +static struct rule_dpif *rule_dpif_cast(const struct rule *); +static void rule_expire(struct rule_dpif *); - /* Output (exactly one of out == NULL and out_vlan == -1 is true). */ - struct ofbundle *out; /* Output port or NULL. */ - int out_vlan; /* Output VLAN or -1. */ - mirror_mask_t dup_mirrors; /* Bitmap of mirrors with the same output. */ +struct group_dpif { + struct ofgroup up; - /* Counters. */ - int64_t packet_count; /* Number of packets sent. */ - int64_t byte_count; /* Number of bytes sent. */ + /* These statistics: + * + * - Do include packets and bytes from datapath flows which have not + * recently been processed by a revalidator. */ + struct ovs_mutex stats_mutex; + uint64_t packet_count OVS_GUARDED; /* Number of packets received. */ + uint64_t byte_count OVS_GUARDED; /* Number of bytes received. */ + struct bucket_counter *bucket_stats OVS_GUARDED; /* Bucket statistics. */ }; -static void mirror_destroy(struct ofmirror *); -static void update_mirror_stats(struct ofproto_dpif *ofproto, - mirror_mask_t mirrors, - uint64_t packets, uint64_t bytes); - struct ofbundle { struct hmap_node hmap_node; /* In struct ofproto's "bundles" hmap. */ struct ofproto_dpif *ofproto; /* Owning ofproto. */ @@ -175,11 +126,6 @@ struct ofbundle { /* Status. */ bool floodable; /* True if no port has OFPUTIL_PC_NO_FLOOD set. */ - - /* Port mirroring info. */ - mirror_mask_t src_mirrors; /* Mirrors triggered when packet received. */ - mirror_mask_t dst_mirrors; /* Mirrors triggered when packet sent. */ - mirror_mask_t mirror_out; /* Mirrors that output to this bundle. */ }; static void bundle_remove(struct ofport *); @@ -188,348 +134,35 @@ static void bundle_destroy(struct ofbundle *); static void bundle_del_port(struct ofport_dpif *); static void bundle_run(struct ofbundle *); static void bundle_wait(struct ofbundle *); -static struct ofbundle *lookup_input_bundle(const struct ofproto_dpif *, - uint16_t in_port, bool warn, - struct ofport_dpif **in_ofportp); - -/* A controller may use OFPP_NONE as the ingress port to indicate that - * it did not arrive on a "real" port. 'ofpp_none_bundle' exists for - * when an input bundle is needed for validation (e.g., mirroring or - * OFPP_NORMAL processing). It is not connected to an 'ofproto' or have - * any 'port' structs, so care must be taken when dealing with it. */ -static struct ofbundle ofpp_none_bundle = { - .name = "OFPP_NONE", - .vlan_mode = PORT_VLAN_TRUNK -}; static void stp_run(struct ofproto_dpif *ofproto); static void stp_wait(struct ofproto_dpif *ofproto); static int set_stp_port(struct ofport *, const struct ofproto_port_stp_settings *); -static bool ofbundle_includes_vlan(const struct ofbundle *, uint16_t vlan); - -struct xlate_ctx; - -/* Initial values of fields of the packet that may be changed during - * flow processing and needed later. */ -struct initial_vals { - /* This is the value of vlan_tci in the packet as actually received from - * dpif. This is the same as the facet's flow.vlan_tci unless the packet - * was received via a VLAN splinter. In that case, this value is 0 - * (because the packet as actually received from the dpif had no 802.1Q - * tag) but the facet's flow.vlan_tci is set to the VLAN that the splinter - * represents. - * - * This member should be removed when the VLAN splinters feature is no - * longer needed. */ - ovs_be16 vlan_tci; -}; - -struct xlate_out { - tag_type tags; /* Tags associated with actions. */ - enum slow_path_reason slow; /* 0 if fast path may be used. */ - bool has_learn; /* Actions include NXAST_LEARN? */ - bool has_normal; /* Actions output to OFPP_NORMAL? */ - bool has_fin_timeout; /* Actions include NXAST_FIN_TIMEOUT? */ - uint16_t nf_output_iface; /* Output interface index for NetFlow. */ - mirror_mask_t mirrors; /* Bitmap of associated mirrors. */ - - uint64_t odp_actions_stub[256 / 8]; - struct ofpbuf odp_actions; -}; - -struct xlate_in { - struct ofproto_dpif *ofproto; - - /* Flow to which the OpenFlow actions apply. xlate_actions() will modify - * this flow when actions change header fields. */ - struct flow flow; - - struct initial_vals initial_vals; - - /* The packet corresponding to 'flow', or a null pointer if we are - * revalidating without a packet to refer to. */ - const struct ofpbuf *packet; - - /* Should OFPP_NORMAL update the MAC learning table? Should "learn" - * actions update the flow table? - * - * We want to update these tables if we are actually processing a packet, - * or if we are accounting for packets that the datapath has processed, but - * not if we are just revalidating. */ - bool may_learn; - - /* The rule initiating translation or NULL. */ - struct rule_dpif *rule; - - /* The actions to translate. If 'rule' is not NULL, these may be NULL. */ - const struct ofpact *ofpacts; - size_t ofpacts_len; - - /* Union of the set of TCP flags seen so far in this flow. (Used only by - * NXAST_FIN_TIMEOUT. Set to zero to avoid updating updating rules' - * timeouts.) */ - uint8_t tcp_flags; - - /* If nonnull, flow translation calls this function just before executing a - * resubmit or OFPP_TABLE action. In addition, disables logging of traces - * when the recursion depth is exceeded. - * - * 'rule' is the rule being submitted into. It will be null if the - * resubmit or OFPP_TABLE action didn't find a matching rule. - * - * This is normally null so the client has to set it manually after - * calling xlate_in_init(). */ - void (*resubmit_hook)(struct xlate_ctx *, struct rule_dpif *rule); - - /* If nonnull, flow translation calls this function to report some - * significant decision, e.g. to explain why OFPP_NORMAL translation - * dropped a packet. */ - void (*report_hook)(struct xlate_ctx *, const char *s); - - /* If nonnull, flow translation credits the specified statistics to each - * rule reached through a resubmit or OFPP_TABLE action. - * - * This is normally null so the client has to set it manually after - * calling xlate_in_init(). */ - const struct dpif_flow_stats *resubmit_stats; -}; - -/* Context used by xlate_actions() and its callees. */ -struct xlate_ctx { - struct xlate_in *xin; - struct xlate_out *xout; - - struct ofproto_dpif *ofproto; - - /* Flow at the last commit. */ - struct flow base_flow; - - /* Tunnel IP destination address as received. This is stored separately - * as the base_flow.tunnel is cleared on init to reflect the datapath - * behavior. Used to make sure not to send tunneled output to ourselves, - * which might lead to an infinite loop. This could happen easily - * if a tunnel is marked as 'ip_remote=flow', and the flow does not - * actually set the tun_dst field. */ - ovs_be32 orig_tunnel_ip_dst; - - /* Stack for the push and pop actions. Each stack element is of type - * "union mf_subvalue". */ - union mf_subvalue init_stack[1024 / sizeof(union mf_subvalue)]; - struct ofpbuf stack; - - /* The rule that we are currently translating, or NULL. */ - struct rule_dpif *rule; - - int recurse; /* Recursion level, via xlate_table_action. */ - bool max_resubmit_trigger; /* Recursed too deeply during translation. */ - uint32_t orig_skb_priority; /* Priority when packet arrived. */ - uint8_t table_id; /* OpenFlow table ID where flow was found. */ - uint32_t sflow_n_outputs; /* Number of output ports. */ - uint32_t sflow_odp_port; /* Output port for composing sFlow action. */ - uint16_t user_cookie_offset;/* Used for user_action_cookie fixup. */ - bool exit; /* No further actions should be processed. */ -}; - -static void xlate_in_init(struct xlate_in *, struct ofproto_dpif *, - const struct flow *, const struct initial_vals *, - struct rule_dpif *, uint8_t tcp_flags, - const struct ofpbuf *); - -static void xlate_out_uninit(struct xlate_out *); - -static void xlate_actions(struct xlate_in *, struct xlate_out *); - -static void xlate_actions_for_side_effects(struct xlate_in *); - -static void xlate_table_action(struct xlate_ctx *, uint16_t in_port, - uint8_t table_id, bool may_packet_in); - -static size_t put_userspace_action(const struct ofproto_dpif *, - struct ofpbuf *odp_actions, - const struct flow *, - const union user_action_cookie *, - const size_t); - -static void compose_slow_path(const struct ofproto_dpif *, const struct flow *, - enum slow_path_reason, - uint64_t *stub, size_t stub_size, - const struct nlattr **actionsp, - size_t *actions_lenp); - -static void xlate_report(struct xlate_ctx *ctx, const char *s); - -/* A subfacet (see "struct subfacet" below) has three possible installation - * states: - * - * - SF_NOT_INSTALLED: Not installed in the datapath. This will only be the - * case just after the subfacet is created, just before the subfacet is - * destroyed, or if the datapath returns an error when we try to install a - * subfacet. - * - * - SF_FAST_PATH: The subfacet's actions are installed in the datapath. - * - * - SF_SLOW_PATH: An action that sends every packet for the subfacet through - * ofproto_dpif is installed in the datapath. - */ -enum subfacet_path { - SF_NOT_INSTALLED, /* No datapath flow for this subfacet. */ - SF_FAST_PATH, /* Full actions are installed. */ - SF_SLOW_PATH, /* Send-to-userspace action is installed. */ -}; - -/* A dpif flow and actions associated with a facet. - * - * See also the large comment on struct facet. */ -struct subfacet { - /* Owners. */ - struct hmap_node hmap_node; /* In struct ofproto_dpif 'subfacets' list. */ - struct list list_node; /* In struct facet's 'facets' list. */ - struct facet *facet; /* Owning facet. */ - struct dpif_backer *backer; /* Owning backer. */ - - enum odp_key_fitness key_fitness; - struct nlattr *key; - int key_len; - - long long int used; /* Time last used; time created if not used. */ - long long int created; /* Time created. */ - - uint64_t dp_packet_count; /* Last known packet count in the datapath. */ - uint64_t dp_byte_count; /* Last known byte count in the datapath. */ - - enum subfacet_path path; /* Installed in datapath? */ -}; - -#define SUBFACET_DESTROY_MAX_BATCH 50 - -static struct subfacet *subfacet_create(struct facet *, struct flow_miss *miss, - long long int now); -static struct subfacet *subfacet_find(struct dpif_backer *, - const struct nlattr *key, size_t key_len, - uint32_t key_hash); -static void subfacet_destroy(struct subfacet *); -static void subfacet_destroy__(struct subfacet *); -static void subfacet_destroy_batch(struct dpif_backer *, - struct subfacet **, int n); -static void subfacet_reset_dp_stats(struct subfacet *, - struct dpif_flow_stats *); -static void subfacet_update_stats(struct subfacet *, - const struct dpif_flow_stats *); -static int subfacet_install(struct subfacet *, - const struct ofpbuf *odp_actions, - struct dpif_flow_stats *); -static void subfacet_uninstall(struct subfacet *); - -/* An exact-match instantiation of an OpenFlow flow. - * - * A facet associates a "struct flow", which represents the Open vSwitch - * userspace idea of an exact-match flow, with one or more subfacets. Each - * subfacet tracks the datapath's idea of the exact-match flow equivalent to - * the facet. When the kernel module (or other dpif implementation) and Open - * vSwitch userspace agree on the definition of a flow key, there is exactly - * one subfacet per facet. If the dpif implementation supports more-specific - * flow matching than userspace, however, a facet can have more than one - * subfacet, each of which corresponds to some distinction in flow that - * userspace simply doesn't understand. - * - * Flow expiration works in terms of subfacets, so a facet must have at least - * one subfacet or it will never expire, leaking memory. */ -struct facet { - /* Owners. */ - struct hmap_node hmap_node; /* In owning ofproto's 'facets' hmap. */ - struct list list_node; /* In owning rule's 'facets' list. */ - struct rule_dpif *rule; /* Owning rule. */ - - /* Owned data. */ - struct list subfacets; - long long int used; /* Time last used; time created if not used. */ - - /* Key. */ - struct flow flow; - - /* These statistics: - * - * - Do include packets and bytes sent "by hand", e.g. with - * dpif_execute(). - * - * - Do include packets and bytes that were obtained from the datapath - * when a subfacet's statistics were reset (e.g. dpif_flow_put() with - * DPIF_FP_ZERO_STATS). - * - * - Do not include packets or bytes that can be obtained from the - * datapath for any existing subfacet. - */ - uint64_t packet_count; /* Number of packets received. */ - uint64_t byte_count; /* Number of bytes received. */ - - /* Resubmit statistics. */ - uint64_t prev_packet_count; /* Number of packets from last stats push. */ - uint64_t prev_byte_count; /* Number of bytes from last stats push. */ - long long int prev_used; /* Used time from last stats push. */ - - /* Accounting. */ - uint64_t accounted_bytes; /* Bytes processed by facet_account(). */ - struct netflow_flow nf_flow; /* Per-flow NetFlow tracking data. */ - uint8_t tcp_flags; /* TCP flags seen for this 'rule'. */ - - struct xlate_out xout; - - /* Initial values of the packet that may be needed later. */ - struct initial_vals initial_vals; - - /* Storage for a single subfacet, to reduce malloc() time and space - * overhead. (A facet always has at least one subfacet and in the common - * case has exactly one subfacet. However, 'one_subfacet' may not - * always be valid, since it could have been removed after newer - * subfacets were pushed onto the 'subfacets' list.) */ - struct subfacet one_subfacet; - - long long int learn_rl; /* Rate limiter for facet_learn(). */ -}; - -static struct facet *facet_create(const struct flow_miss *, uint32_t hash); -static void facet_remove(struct facet *); -static void facet_free(struct facet *); - -static struct facet *facet_find(struct ofproto_dpif *, - const struct flow *, uint32_t hash); -static struct facet *facet_lookup_valid(struct ofproto_dpif *, - const struct flow *, uint32_t hash); -static bool facet_revalidate(struct facet *); -static bool facet_check_consistency(struct facet *); - -static void facet_flush_stats(struct facet *); - -static void facet_reset_counters(struct facet *); -static void facet_push_stats(struct facet *, bool may_learn); -static void facet_learn(struct facet *); -static void facet_account(struct facet *); -static void push_all_stats(void); - -static bool facet_is_controller_flow(struct facet *); - struct ofport_dpif { struct hmap_node odp_port_node; /* In dpif_backer's "odp_to_ofport_map". */ struct ofport up; - uint32_t odp_port; + odp_port_t odp_port; struct ofbundle *bundle; /* Bundle that contains this port, if any. */ struct list bundle_node; /* In struct ofbundle's "ports" list. */ struct cfm *cfm; /* Connectivity Fault Management, if any. */ struct bfd *bfd; /* BFD, if any. */ - tag_type tag; /* Tag associated with this port. */ bool may_enable; /* May be enabled in bonds. */ + bool is_tunnel; /* This port is a tunnel. */ + bool is_layer3; /* This is a layer 3 port. */ long long int carrier_seq; /* Carrier status changes. */ - struct tnl_port *tnl_port; /* Tunnel handle, or null. */ + struct ofport_dpif *peer; /* Peer if patch port. */ /* Spanning tree. */ struct stp_port *stp_port; /* Spanning Tree Protocol, if any. */ enum stp_state stp_state; /* Always STP_DISABLED if STP not in use. */ long long int stp_state_entered; - struct hmap priorities; /* Map of attached 'priority_to_dscp's. */ + /* Queue to DSCP mapping. */ + struct ofproto_port_queue *qdscp; + size_t n_qdscp; /* Linux VLAN device support (e.g. "eth0.10" for VLAN 10.) * @@ -537,20 +170,10 @@ struct ofport_dpif { * drivers in old versions of Linux that do not properly support VLANs when * VLAN devices are not used. When broken device drivers are no longer in * widespread use, we will delete these interfaces. */ - uint16_t realdev_ofp_port; + ofp_port_t realdev_ofp_port; int vlandev_vid; }; -/* Node in 'ofport_dpif''s 'priorities' map. Used to maintain a map from - * 'priority' (the datapath's term for QoS queue) to the dscp bits which all - * traffic egressing the 'ofport' with that priority should be marked with. */ -struct priority_to_dscp { - struct hmap_node hmap_node; /* Node in 'ofport_dpif''s 'priorities' map. */ - uint32_t priority; /* Priority of this queue (see struct flow). */ - - uint8_t dscp; /* DSCP bits to mark outgoing traffic with. */ -}; - /* Linux VLAN device support (e.g. "eth0.10" for VLAN 10.) * * This is deprecated. It is only for compatibility with broken device drivers @@ -560,22 +183,19 @@ struct priority_to_dscp { struct vlan_splinter { struct hmap_node realdev_vid_node; struct hmap_node vlandev_node; - uint16_t realdev_ofp_port; - uint16_t vlandev_ofp_port; + ofp_port_t realdev_ofp_port; + ofp_port_t vlandev_ofp_port; int vid; }; -static uint16_t vsp_realdev_to_vlandev(const struct ofproto_dpif *, - uint16_t realdev_ofp_port, - ovs_be16 vlan_tci); -static bool vsp_adjust_flow(const struct ofproto_dpif *, struct flow *); static void vsp_remove(struct ofport_dpif *); -static void vsp_add(struct ofport_dpif *, uint16_t realdev_ofp_port, int vid); +static void vsp_add(struct ofport_dpif *, ofp_port_t realdev_ofp_port, int vid); -static uint32_t ofp_port_to_odp_port(const struct ofproto_dpif *, - uint16_t ofp_port); -static uint16_t odp_port_to_ofp_port(const struct ofproto_dpif *, - uint32_t odp_port); +static odp_port_t ofp_port_to_odp_port(const struct ofproto_dpif *, + ofp_port_t); + +static ofp_port_t odp_port_to_ofp_port(const struct ofproto_dpif *, + odp_port_t); static struct ofport_dpif * ofport_dpif_cast(const struct ofport *ofport) @@ -584,31 +204,17 @@ ofport_dpif_cast(const struct ofport *ofport) } static void port_run(struct ofport_dpif *); -static void port_run_fast(struct ofport_dpif *); -static void port_wait(struct ofport_dpif *); static int set_bfd(struct ofport *, const struct smap *); static int set_cfm(struct ofport *, const struct cfm_settings *); -static void ofport_clear_priorities(struct ofport_dpif *); -static void run_fast_rl(void); +static void ofport_update_peer(struct ofport_dpif *); struct dpif_completion { struct list list_node; struct ofoperation *op; }; -/* Extra information about a classifier table. - * Currently used just for optimized flow revalidation. */ -struct table_dpif { - /* If either of these is nonnull, then this table has a form that allows - * flows to be tagged to avoid revalidating most flows for the most common - * kinds of flow table changes. */ - struct cls_table *catchall_table; /* Table that wildcards all fields. */ - struct cls_table *other_table; /* Table with any other wildcard set. */ - uint32_t basis; /* Keeps each table's tags separate. */ -}; - -/* Reasons that we might need to revalidate every facet, and corresponding - * coverage counters. +/* Reasons that we might need to revalidate every datapath flow, and + * corresponding coverage counters. * * A value of 0 means that there is no need to revalidate. * @@ -618,90 +224,54 @@ struct table_dpif { enum revalidate_reason { REV_RECONFIGURE = 1, /* Switch configuration changed. */ REV_STP, /* Spanning tree protocol port status change. */ + REV_BOND, /* Bonding changed. */ REV_PORT_TOGGLED, /* Port enabled or disabled by CFM, LACP, ...*/ REV_FLOW_TABLE, /* Flow table changed. */ - REV_INCONSISTENCY /* Facet self-check failed. */ + REV_MAC_LEARNING, /* Mac learning changed. */ }; COVERAGE_DEFINE(rev_reconfigure); COVERAGE_DEFINE(rev_stp); +COVERAGE_DEFINE(rev_bond); COVERAGE_DEFINE(rev_port_toggled); COVERAGE_DEFINE(rev_flow_table); -COVERAGE_DEFINE(rev_inconsistency); - -/* Drop keys are odp flow keys which have drop flows installed in the kernel. - * These are datapath flows which have no associated ofproto, if they did we - * would use facets. */ -struct drop_key { - struct hmap_node hmap_node; - struct nlattr *key; - size_t key_len; -}; - -struct avg_subfacet_rates { - double add_rate; /* Moving average of new flows created per minute. */ - double del_rate; /* Moving average of flows deleted per minute. */ -}; +COVERAGE_DEFINE(rev_mac_learning); /* All datapaths of a given type share a single dpif backer instance. */ struct dpif_backer { char *type; int refcount; struct dpif *dpif; - struct timer next_expiration; - struct hmap odp_to_ofport_map; /* ODP port to ofport mapping. */ + struct udpif *udpif; + + struct ovs_rwlock odp_to_ofport_lock; + struct hmap odp_to_ofport_map OVS_GUARDED; /* Contains "struct ofport"s. */ struct simap tnl_backers; /* Set of dpif ports backing tunnels. */ - /* Facet revalidation flags applying to facets which use this backer. */ - enum revalidate_reason need_revalidate; /* Revalidate every facet. */ - struct tag_set revalidate_set; /* Revalidate only matching facets. */ + enum revalidate_reason need_revalidate; /* Revalidate all flows. */ - struct hmap drop_keys; /* Set of dropped odp keys. */ bool recv_set_enable; /* Enables or disables receiving packets. */ - struct hmap subfacets; - struct governor *governor; + /* True if the datapath supports variable-length + * OVS_USERSPACE_ATTR_USERDATA in OVS_ACTION_ATTR_USERSPACE actions. + * False if the datapath supports only 8-byte (or shorter) userdata. */ + bool variable_length_userdata; - /* Subfacet statistics. - * - * These keep track of the total number of subfacets added and deleted and - * flow life span. They are useful for computing the flow rates stats - * exposed via "ovs-appctl dpif/show". The goal is to learn about - * traffic patterns in ways that we can use later to improve Open vSwitch - * performance in new situations. */ - long long int created; /* Time when it is created. */ - unsigned max_n_subfacet; /* Maximum number of flows */ - unsigned avg_n_subfacet; /* Average number of flows. */ - long long int avg_subfacet_life; /* Average life span of subfacets. */ - - /* The average number of subfacets... */ - struct avg_subfacet_rates hourly; /* ...over the last hour. */ - struct avg_subfacet_rates daily; /* ...over the last day. */ - struct avg_subfacet_rates lifetime; /* ...over the switch lifetime. */ - long long int last_minute; /* Last time 'hourly' was updated. */ - - /* Number of subfacets added or deleted since 'last_minute'. */ - unsigned subfacet_add_count; - unsigned subfacet_del_count; - - /* Number of subfacets added or deleted from 'created' to 'last_minute.' */ - unsigned long long int total_subfacet_add_count; - unsigned long long int total_subfacet_del_count; + /* Maximum number of MPLS label stack entries that the datapath supports + * in a match */ + size_t max_mpls_depth; }; /* All existing ofproto_backer instances, indexed by ofproto->up.type. */ static struct shash all_dpif_backers = SHASH_INITIALIZER(&all_dpif_backers); -static void drop_key_clear(struct dpif_backer *); -static struct ofport_dpif * -odp_port_to_ofport(const struct dpif_backer *, uint32_t odp_port); -static void update_moving_averages(struct dpif_backer *backer); - struct ofproto_dpif { struct hmap_node all_ofproto_dpifs_node; /* In 'all_ofproto_dpifs'. */ struct ofproto up; struct dpif_backer *backer; + uint64_t dump_seq; /* Last read of udpif_dump_seq(). */ + /* Special OpenFlow rules. */ struct rule_dpif *miss_rule; /* Sends flow table misses to controller. */ struct rule_dpif *no_packet_in_rule; /* Drops flow table misses. */ @@ -713,96 +283,86 @@ struct ofproto_dpif { struct dpif_ipfix *ipfix; struct hmap bundles; /* Contains "struct ofbundle"s. */ struct mac_learning *ml; - struct ofmirror *mirrors[MAX_MIRRORS]; - bool has_mirrors; bool has_bonded_bundles; + bool lacp_enabled; + struct mbridge *mbridge; - /* Facets. */ - struct hmap facets; - long long int consistency_rl; - - /* Revalidation. */ - struct table_dpif tables[N_TABLES]; - - /* Support for debugging async flow mods. */ - struct list completions; - - bool has_bundle_action; /* True when the first bundle action appears. */ - struct netdev_stats stats; /* To account packets generated and consumed in - * userspace. */ + struct ovs_mutex stats_mutex; + struct netdev_stats stats OVS_GUARDED; /* To account packets generated and + * consumed in userspace. */ /* Spanning tree. */ struct stp *stp; long long int stp_last_tick; /* VLAN splinters. */ - struct hmap realdev_vid_map; /* (realdev,vid) -> vlandev. */ - struct hmap vlandev_map; /* vlandev -> (realdev,vid). */ + struct ovs_mutex vsp_mutex; + struct hmap realdev_vid_map OVS_GUARDED; /* (realdev,vid) -> vlandev. */ + struct hmap vlandev_map OVS_GUARDED; /* vlandev -> (realdev,vid). */ /* Ports. */ struct sset ports; /* Set of standard port names. */ struct sset ghost_ports; /* Ports with no datapath port. */ struct sset port_poll_set; /* Queued names for port_poll() reply. */ int port_poll_errno; /* Last errno for port_poll() reply. */ + uint64_t change_seq; /* Connectivity status changes. */ - /* Per ofproto's dpif stats. */ - uint64_t n_hit; - uint64_t n_missed; + /* Work queues. */ + struct guarded_list pins; /* Contains "struct ofputil_packet_in"s. */ }; -/* Defer flow mod completion until "ovs-appctl ofproto/unclog"? (Useful only - * for debugging the asynchronous flow_mod implementation.) */ -static bool clogged; - /* All existing ofproto_dpif instances, indexed by ->up.name. */ static struct hmap all_ofproto_dpifs = HMAP_INITIALIZER(&all_ofproto_dpifs); static void ofproto_dpif_unixctl_init(void); -static struct ofproto_dpif * +static inline struct ofproto_dpif * ofproto_dpif_cast(const struct ofproto *ofproto) { ovs_assert(ofproto->ofproto_class == &ofproto_dpif_class); return CONTAINER_OF(ofproto, struct ofproto_dpif, up); } -static struct ofport_dpif *get_ofp_port(const struct ofproto_dpif *, - uint16_t ofp_port); -static struct ofport_dpif *get_odp_port(const struct ofproto_dpif *, - uint32_t odp_port); -static void ofproto_trace(struct ofproto_dpif *, const struct flow *, - const struct ofpbuf *, - const struct initial_vals *, struct ds *); - -/* Packet processing. */ -static void update_learning_table(struct ofproto_dpif *, - const struct flow *, int vlan, - struct ofbundle *); -/* Upcalls. */ -#define FLOW_MISS_MAX_BATCH 50 -static int handle_upcalls(struct dpif_backer *, unsigned int max_batch); +size_t +ofproto_dpif_get_max_mpls_depth(const struct ofproto_dpif *ofproto) +{ + return ofproto->backer->max_mpls_depth; +} -/* Flow expiration. */ -static int expire(struct dpif_backer *); +static struct ofport_dpif *get_ofp_port(const struct ofproto_dpif *ofproto, + ofp_port_t ofp_port); +static void ofproto_trace(struct ofproto_dpif *, const struct flow *, + const struct ofpbuf *packet, + const struct ofpact[], size_t ofpacts_len, + struct ds *); -/* NetFlow. */ -static void send_netflow_active_timeouts(struct ofproto_dpif *); - -/* Utilities. */ -static int send_packet(const struct ofport_dpif *, struct ofpbuf *packet); -static size_t compose_sflow_action(const struct ofproto_dpif *, - struct ofpbuf *odp_actions, - const struct flow *, uint32_t odp_port); -static void compose_ipfix_action(const struct ofproto_dpif *, - struct ofpbuf *odp_actions, - const struct flow *); -static void add_mirror_actions(struct xlate_ctx *ctx, - const struct flow *flow); /* Global variables. */ static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); /* Initial mappings of port to bridge mappings. */ static struct shash init_ofp_ports = SHASH_INITIALIZER(&init_ofp_ports); + +/* Executes 'fm'. The caller retains ownership of 'fm' and everything in + * it. */ +void +ofproto_dpif_flow_mod(struct ofproto_dpif *ofproto, + struct ofputil_flow_mod *fm) +{ + ofproto_flow_mod(&ofproto->up, fm); +} + +/* Appends 'pin' to the queue of "packet ins" to be sent to the controller. + * Takes ownership of 'pin' and pin->packet. */ +void +ofproto_dpif_send_packet_in(struct ofproto_dpif *ofproto, + struct ofproto_packet_in *pin) +{ + if (!guarded_list_push_back(&ofproto->pins, &pin->list_node, 1024)) { + COVERAGE_INC(packet_in_overflow); + free(CONST_CAST(void *, pin->up.packet)); + free(pin); + } +} /* Factory functions. */ @@ -868,6 +428,12 @@ port_open_type(const char *datapath_type, const char *port_type) /* Type functions. */ +static void process_dpif_port_changes(struct dpif_backer *); +static void process_dpif_all_ports_changed(struct dpif_backer *); +static void process_dpif_port_change(struct dpif_backer *, + const char *devname); +static void process_dpif_port_error(struct dpif_backer *, int error); + static struct ofproto_dpif * lookup_ofproto_dpif_by_port_name(const char *name) { @@ -885,10 +451,7 @@ lookup_ofproto_dpif_by_port_name(const char *name) static int type_run(const char *type) { - static long long int push_timer = LLONG_MIN; struct dpif_backer *backer; - char *devname; - int error; backer = shash_find_data(&all_dpif_backers, type); if (!backer) { @@ -899,20 +462,12 @@ type_run(const char *type) dpif_run(backer->dpif); - /* The most natural place to push facet statistics is when they're pulled - * from the datapath. However, when there are many flows in the datapath, - * this expensive operation can occur so frequently, that it reduces our - * ability to quickly set up flows. To reduce the cost, we push statistics - * here instead. */ - if (time_msec() > push_timer) { - push_timer = time_msec() + 2000; - push_all_stats(); - } - /* If vswitchd started with other_config:flow_restore_wait set as "true", * and the configuration has now changed to "false", enable receiving * packets from the datapath. */ if (!backer->recv_set_enable && !ofproto_get_flow_restore_wait()) { + int error; + backer->recv_set_enable = true; error = dpif_recv_set(backer->dpif, backer->recv_set_enable); @@ -924,10 +479,11 @@ type_run(const char *type) backer->need_revalidate = REV_RECONFIGURE; } - if (backer->need_revalidate - || !tag_set_is_empty(&backer->revalidate_set)) { - struct tag_set revalidate_set = backer->revalidate_set; - bool need_revalidate = backer->need_revalidate; + if (backer->recv_set_enable) { + udpif_set_threads(backer->udpif, n_handlers, n_revalidators); + } + + if (backer->need_revalidate) { struct ofproto_dpif *ofproto; struct simap_node *node; struct simap tmp_backers; @@ -947,7 +503,7 @@ type_run(const char *type) char namebuf[NETDEV_VPORT_NAME_BUFSIZE]; const char *dp_port; - if (!iter->tnl_port) { + if (!iter->is_tunnel) { continue; } @@ -961,225 +517,216 @@ type_run(const char *type) } else { node = simap_find(&backer->tnl_backers, dp_port); if (!node) { - uint32_t odp_port = UINT32_MAX; + odp_port_t odp_port = ODPP_NONE; if (!dpif_port_add(backer->dpif, iter->up.netdev, &odp_port)) { - simap_put(&backer->tnl_backers, dp_port, odp_port); + simap_put(&backer->tnl_backers, dp_port, + odp_to_u32(odp_port)); node = simap_find(&backer->tnl_backers, dp_port); } } } - iter->odp_port = node ? node->data : OVSP_NONE; - if (tnl_port_reconfigure(&iter->up, iter->odp_port, - &iter->tnl_port)) { + iter->odp_port = node ? u32_to_odp(node->data) : ODPP_NONE; + if (tnl_port_reconfigure(iter, iter->up.netdev, + iter->odp_port)) { backer->need_revalidate = REV_RECONFIGURE; } } } SIMAP_FOR_EACH (node, &tmp_backers) { - dpif_port_del(backer->dpif, node->data); + dpif_port_del(backer->dpif, u32_to_odp(node->data)); } simap_destroy(&tmp_backers); switch (backer->need_revalidate) { case REV_RECONFIGURE: COVERAGE_INC(rev_reconfigure); break; case REV_STP: COVERAGE_INC(rev_stp); break; + case REV_BOND: COVERAGE_INC(rev_bond); break; case REV_PORT_TOGGLED: COVERAGE_INC(rev_port_toggled); break; case REV_FLOW_TABLE: COVERAGE_INC(rev_flow_table); break; - case REV_INCONSISTENCY: COVERAGE_INC(rev_inconsistency); break; - } - - if (backer->need_revalidate) { - /* Clear the drop_keys in case we should now be accepting some - * formerly dropped flows. */ - drop_key_clear(backer); + case REV_MAC_LEARNING: COVERAGE_INC(rev_mac_learning); break; } - - /* Clear the revalidation flags. */ - tag_set_init(&backer->revalidate_set); backer->need_revalidate = 0; HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, &all_ofproto_dpifs) { - struct facet *facet, *next; + struct ofport_dpif *ofport; + struct ofbundle *bundle; if (ofproto->backer != backer) { continue; } - HMAP_FOR_EACH_SAFE (facet, next, hmap_node, &ofproto->facets) { - if (need_revalidate - || tag_set_intersects(&revalidate_set, facet->xout.tags)) { - facet_revalidate(facet); - run_fast_rl(); - } + ovs_rwlock_wrlock(&xlate_rwlock); + xlate_ofproto_set(ofproto, ofproto->up.name, + ofproto->backer->dpif, ofproto->miss_rule, + ofproto->no_packet_in_rule, ofproto->ml, + ofproto->stp, ofproto->mbridge, + ofproto->sflow, ofproto->ipfix, + ofproto->netflow, ofproto->up.frag_handling, + ofproto->up.forward_bpdu, + connmgr_has_in_band(ofproto->up.connmgr), + ofproto->backer->variable_length_userdata, + ofproto->backer->max_mpls_depth); + + HMAP_FOR_EACH (bundle, hmap_node, &ofproto->bundles) { + xlate_bundle_set(ofproto, bundle, bundle->name, + bundle->vlan_mode, bundle->vlan, + bundle->trunks, bundle->use_priority_tags, + bundle->bond, bundle->lacp, + bundle->floodable); + } + + HMAP_FOR_EACH (ofport, up.hmap_node, &ofproto->up.ports) { + int stp_port = ofport->stp_port + ? stp_port_no(ofport->stp_port) + : -1; + xlate_ofport_set(ofproto, ofport->bundle, ofport, + ofport->up.ofp_port, ofport->odp_port, + ofport->up.netdev, ofport->cfm, + ofport->bfd, ofport->peer, stp_port, + ofport->qdscp, ofport->n_qdscp, + ofport->up.pp.config, ofport->up.pp.state, + ofport->is_tunnel, ofport->may_enable); } + ovs_rwlock_unlock(&xlate_rwlock); } - } - if (!backer->recv_set_enable) { - /* Wake up before a max of 1000ms. */ - timer_set_duration(&backer->next_expiration, 1000); - } else if (timer_expired(&backer->next_expiration)) { - int delay = expire(backer); - timer_set_duration(&backer->next_expiration, delay); + udpif_revalidate(backer->udpif); } - /* Check for port changes in the dpif. */ - while ((error = dpif_port_poll(backer->dpif, &devname)) == 0) { - struct ofproto_dpif *ofproto; - struct dpif_port port; + process_dpif_port_changes(backer); - /* Don't report on the datapath's device. */ - if (!strcmp(devname, dpif_base_name(backer->dpif))) { - goto next; - } + return 0; +} - HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, - &all_ofproto_dpifs) { - if (simap_contains(&ofproto->backer->tnl_backers, devname)) { - goto next; - } - } +/* Check for and handle port changes in 'backer''s dpif. */ +static void +process_dpif_port_changes(struct dpif_backer *backer) +{ + for (;;) { + char *devname; + int error; - ofproto = lookup_ofproto_dpif_by_port_name(devname); - if (dpif_port_query_by_name(backer->dpif, devname, &port)) { - /* The port was removed. If we know the datapath, - * report it through poll_set(). If we don't, it may be - * notifying us of a removal we initiated, so ignore it. - * If there's a pending ENOBUFS, let it stand, since - * everything will be reevaluated. */ - if (ofproto && ofproto->port_poll_errno != ENOBUFS) { - sset_add(&ofproto->port_poll_set, devname); - ofproto->port_poll_errno = 0; - } - } else if (!ofproto) { - /* The port was added, but we don't know with which - * ofproto we should associate it. Delete it. */ - dpif_port_del(backer->dpif, port.port_no); - } - dpif_port_destroy(&port); + error = dpif_port_poll(backer->dpif, &devname); + switch (error) { + case EAGAIN: + return; - next: - free(devname); - } + case ENOBUFS: + process_dpif_all_ports_changed(backer); + break; - if (error != EAGAIN) { - struct ofproto_dpif *ofproto; + case 0: + process_dpif_port_change(backer, devname); + free(devname); + break; - /* There was some sort of error, so propagate it to all - * ofprotos that use this backer. */ - HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, - &all_ofproto_dpifs) { - if (ofproto->backer == backer) { - sset_clear(&ofproto->port_poll_set); - ofproto->port_poll_errno = error; - } + default: + process_dpif_port_error(backer, error); + break; } } +} - if (backer->governor) { - size_t n_subfacets; +static void +process_dpif_all_ports_changed(struct dpif_backer *backer) +{ + struct ofproto_dpif *ofproto; + struct dpif_port dpif_port; + struct dpif_port_dump dump; + struct sset devnames; + const char *devname; - governor_run(backer->governor); + sset_init(&devnames); + HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, &all_ofproto_dpifs) { + if (ofproto->backer == backer) { + struct ofport *ofport; - /* If the governor has shrunk to its minimum size and the number of - * subfacets has dwindled, then drop the governor entirely. - * - * For hysteresis, the number of subfacets to drop the governor is - * smaller than the number needed to trigger its creation. */ - n_subfacets = hmap_count(&backer->subfacets); - if (n_subfacets * 4 < flow_eviction_threshold - && governor_is_idle(backer->governor)) { - governor_destroy(backer->governor); - backer->governor = NULL; + HMAP_FOR_EACH (ofport, hmap_node, &ofproto->up.ports) { + sset_add(&devnames, netdev_get_name(ofport->netdev)); + } } } + DPIF_PORT_FOR_EACH (&dpif_port, &dump, backer->dpif) { + sset_add(&devnames, dpif_port.name); + } - return 0; + SSET_FOR_EACH (devname, &devnames) { + process_dpif_port_change(backer, devname); + } + sset_destroy(&devnames); } -static int -dpif_backer_run_fast(struct dpif_backer *backer, int max_batch) +static void +process_dpif_port_change(struct dpif_backer *backer, const char *devname) { - unsigned int work; + struct ofproto_dpif *ofproto; + struct dpif_port port; - /* If recv_set_enable is false, we should not handle upcalls. */ - if (!backer->recv_set_enable) { - return 0; + /* Don't report on the datapath's device. */ + if (!strcmp(devname, dpif_base_name(backer->dpif))) { + return; } - /* Handle one or more batches of upcalls, until there's nothing left to do - * or until we do a fixed total amount of work. - * - * We do work in batches because it can be much cheaper to set up a number - * of flows and fire off their patches all at once. We do multiple batches - * because in some cases handling a packet can cause another packet to be - * queued almost immediately as part of the return flow. Both - * optimizations can make major improvements on some benchmarks and - * presumably for real traffic as well. */ - work = 0; - while (work < max_batch) { - int retval = handle_upcalls(backer, max_batch - work); - if (retval <= 0) { - return -retval; + HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, + &all_ofproto_dpifs) { + if (simap_contains(&ofproto->backer->tnl_backers, devname)) { + return; } - work += retval; } - return 0; -} - -static int -type_run_fast(const char *type) -{ - struct dpif_backer *backer; + ofproto = lookup_ofproto_dpif_by_port_name(devname); + if (dpif_port_query_by_name(backer->dpif, devname, &port)) { + /* The port was removed. If we know the datapath, + * report it through poll_set(). If we don't, it may be + * notifying us of a removal we initiated, so ignore it. + * If there's a pending ENOBUFS, let it stand, since + * everything will be reevaluated. */ + if (ofproto && ofproto->port_poll_errno != ENOBUFS) { + sset_add(&ofproto->port_poll_set, devname); + ofproto->port_poll_errno = 0; + } + } else if (!ofproto) { + /* The port was added, but we don't know with which + * ofproto we should associate it. Delete it. */ + dpif_port_del(backer->dpif, port.port_no); + } else { + struct ofport_dpif *ofport; - backer = shash_find_data(&all_dpif_backers, type); - if (!backer) { - /* This is not necessarily a problem, since backers are only - * created on demand. */ - return 0; + ofport = ofport_dpif_cast(shash_find_data( + &ofproto->up.port_by_name, devname)); + if (ofport + && ofport->odp_port != port.port_no + && !odp_port_to_ofport(backer, port.port_no)) + { + /* 'ofport''s datapath port number has changed from + * 'ofport->odp_port' to 'port.port_no'. Update our internal data + * structures to match. */ + ovs_rwlock_wrlock(&backer->odp_to_ofport_lock); + hmap_remove(&backer->odp_to_ofport_map, &ofport->odp_port_node); + ofport->odp_port = port.port_no; + hmap_insert(&backer->odp_to_ofport_map, &ofport->odp_port_node, + hash_odp_port(port.port_no)); + ovs_rwlock_unlock(&backer->odp_to_ofport_lock); + backer->need_revalidate = REV_RECONFIGURE; + } } - - return dpif_backer_run_fast(backer, FLOW_MISS_MAX_BATCH); + dpif_port_destroy(&port); } +/* Propagate 'error' to all ofprotos based on 'backer'. */ static void -run_fast_rl(void) +process_dpif_port_error(struct dpif_backer *backer, int error) { - static long long int port_rl = LLONG_MIN; - static unsigned int backer_rl = 0; - - if (time_msec() >= port_rl) { - struct ofproto_dpif *ofproto; - struct ofport_dpif *ofport; - - HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, &all_ofproto_dpifs) { - - HMAP_FOR_EACH (ofport, up.hmap_node, &ofproto->up.ports) { - port_run_fast(ofport); - } - } - port_rl = time_msec() + 200; - } - - /* XXX: We have to be careful not to do too much work in this function. If - * we call dpif_backer_run_fast() too often, or with too large a batch, - * performance improves signifcantly, but at a cost. It's possible for the - * number of flows in the datapath to increase without bound, and for poll - * loops to take 10s of seconds. The correct solution to this problem, - * long term, is to separate flow miss handling into it's own thread so it - * isn't affected by revalidations, and expirations. Until then, this is - * the best we can do. */ - if (++backer_rl >= 10) { - struct shash_node *node; + struct ofproto_dpif *ofproto; - backer_rl = 0; - SHASH_FOR_EACH (node, &all_dpif_backers) { - dpif_backer_run_fast(node->data, 1); + HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, &all_ofproto_dpifs) { + if (ofproto->backer == backer) { + sset_clear(&ofproto->port_poll_set); + ofproto->port_poll_errno = error; } } } @@ -1196,11 +743,7 @@ type_wait(const char *type) return; } - if (backer->governor) { - governor_wait(backer->governor); - } - - timer_wait(&backer->next_expiration); + dpif_wait(backer->dpif); } /* Basic life-cycle. */ @@ -1224,37 +767,33 @@ dealloc(struct ofproto *ofproto_) static void close_dpif_backer(struct dpif_backer *backer) { - struct shash_node *node; - ovs_assert(backer->refcount > 0); if (--backer->refcount) { return; } - drop_key_clear(backer); - hmap_destroy(&backer->drop_keys); + udpif_destroy(backer->udpif); simap_destroy(&backer->tnl_backers); + ovs_rwlock_destroy(&backer->odp_to_ofport_lock); hmap_destroy(&backer->odp_to_ofport_map); - node = shash_find(&all_dpif_backers, backer->type); + shash_find_and_delete(&all_dpif_backers, backer->type); free(backer->type); - shash_delete(&all_dpif_backers, node); dpif_close(backer->dpif); - ovs_assert(hmap_is_empty(&backer->subfacets)); - hmap_destroy(&backer->subfacets); - governor_destroy(backer->governor); - free(backer); } /* Datapath port slated for removal from datapath. */ struct odp_garbage { struct list list_node; - uint32_t odp_port; + odp_port_t odp_port; }; +static bool check_variable_length_userdata(struct dpif_backer *backer); +static size_t check_max_mpls_depth(struct dpif_backer *backer); + static int open_dpif_backer(const char *type, struct dpif_backer **backerp) { @@ -1305,21 +844,18 @@ open_dpif_backer(const char *type, struct dpif_backer **backerp) free(backer_name); if (error) { VLOG_ERR("failed to open datapath of type %s: %s", type, - strerror(error)); + ovs_strerror(error)); free(backer); return error; } + backer->udpif = udpif_create(backer, backer->dpif); backer->type = xstrdup(type); - backer->governor = NULL; backer->refcount = 1; hmap_init(&backer->odp_to_ofport_map); - hmap_init(&backer->drop_keys); - hmap_init(&backer->subfacets); - timer_set_duration(&backer->next_expiration, 1000); + ovs_rwlock_init(&backer->odp_to_ofport_lock); backer->need_revalidate = 0; simap_init(&backer->tnl_backers); - tag_set_init(&backer->revalidate_set); backer->recv_set_enable = !ofproto_get_flow_restore_wait(); *backerp = backer; @@ -1352,72 +888,171 @@ open_dpif_backer(const char *type, struct dpif_backer **backerp) error = dpif_recv_set(backer->dpif, backer->recv_set_enable); if (error) { VLOG_ERR("failed to listen on datapath of type %s: %s", - type, strerror(error)); + type, ovs_strerror(error)); close_dpif_backer(backer); return error; } + backer->variable_length_userdata = check_variable_length_userdata(backer); + backer->max_mpls_depth = check_max_mpls_depth(backer); - backer->max_n_subfacet = 0; - backer->created = time_msec(); - backer->last_minute = backer->created; - memset(&backer->hourly, 0, sizeof backer->hourly); - memset(&backer->daily, 0, sizeof backer->daily); - memset(&backer->lifetime, 0, sizeof backer->lifetime); - backer->subfacet_add_count = 0; - backer->subfacet_del_count = 0; - backer->total_subfacet_add_count = 0; - backer->total_subfacet_del_count = 0; - backer->avg_n_subfacet = 0; - backer->avg_subfacet_life = 0; + if (backer->recv_set_enable) { + udpif_set_threads(backer->udpif, n_handlers, n_revalidators); + } return error; } -static int -construct(struct ofproto *ofproto_) +/* Tests whether 'backer''s datapath supports variable-length + * OVS_USERSPACE_ATTR_USERDATA in OVS_ACTION_ATTR_USERSPACE actions. We need + * to disable some features on older datapaths that don't support this + * feature. + * + * Returns false if 'backer' definitely does not support variable-length + * userdata, true if it seems to support them or if at least the error we get + * is ambiguous. */ +static bool +check_variable_length_userdata(struct dpif_backer *backer) { - struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); - struct shash_node *node, *next; - int max_ports; + struct eth_header *eth; + struct ofpbuf actions; + struct dpif_execute execute; + struct ofpbuf packet; + size_t start; int error; - int i; - error = open_dpif_backer(ofproto->up.type, &ofproto->backer); - if (error) { - return error; - } + /* Compose a userspace action that will cause an ERANGE error on older + * datapaths that don't support variable-length userdata. + * + * We really test for using userdata longer than 8 bytes, but older + * datapaths accepted these, silently truncating the userdata to 8 bytes. + * The same older datapaths rejected userdata shorter than 8 bytes, so we + * test for that instead as a proxy for longer userdata support. */ + ofpbuf_init(&actions, 64); + start = nl_msg_start_nested(&actions, OVS_ACTION_ATTR_USERSPACE); + nl_msg_put_u32(&actions, OVS_USERSPACE_ATTR_PID, + dpif_port_get_pid(backer->dpif, ODPP_NONE)); + nl_msg_put_unspec_zero(&actions, OVS_USERSPACE_ATTR_USERDATA, 4); + nl_msg_end_nested(&actions, start); + + /* Compose a dummy ethernet packet. */ + ofpbuf_init(&packet, ETH_HEADER_LEN); + eth = ofpbuf_put_zeros(&packet, ETH_HEADER_LEN); + eth->eth_type = htons(0x1234); + + /* Execute the actions. On older datapaths this fails with ERANGE, on + * newer datapaths it succeeds. */ + execute.actions = actions.data; + execute.actions_len = actions.size; + execute.packet = &packet; + execute.md = PKT_METADATA_INITIALIZER(0); + execute.needs_help = false; + + error = dpif_execute(backer->dpif, &execute); + + ofpbuf_uninit(&packet); + ofpbuf_uninit(&actions); + + switch (error) { + case 0: + /* Variable-length userdata is supported. + * + * Purge received packets to avoid processing the nonsense packet we + * sent to userspace, then report success. */ + dpif_recv_purge(backer->dpif); + return true; - max_ports = dpif_get_max_ports(ofproto->backer->dpif); - ofproto_init_max_ports(ofproto_, MIN(max_ports, OFPP_MAX)); + case ERANGE: + /* Variable-length userdata is not supported. */ + VLOG_WARN("%s: datapath does not support variable-length userdata " + "feature (needs Linux 3.10+ or kernel module from OVS " + "1..11+). The NXAST_SAMPLE action will be ignored.", + dpif_name(backer->dpif)); + return false; - ofproto->netflow = NULL; - ofproto->sflow = NULL; - ofproto->ipfix = NULL; - ofproto->stp = NULL; - hmap_init(&ofproto->bundles); - ofproto->ml = mac_learning_create(MAC_ENTRY_DEFAULT_IDLE_TIME); - for (i = 0; i < MAX_MIRRORS; i++) { - ofproto->mirrors[i] = NULL; + default: + /* Something odd happened. We're not sure whether variable-length + * userdata is supported. Default to "yes". */ + VLOG_WARN("%s: variable-length userdata feature probe failed (%s)", + dpif_name(backer->dpif), ovs_strerror(error)); + return true; } - ofproto->has_bonded_bundles = false; +} - hmap_init(&ofproto->facets); - ofproto->consistency_rl = LLONG_MIN; +/* Tests the MPLS label stack depth supported by 'backer''s datapath. + * + * Returns the number of elements in a struct flow's mpls_lse field + * if the datapath supports at least that many entries in an + * MPLS label stack. + * Otherwise returns the number of MPLS push actions supported by + * the datapath. */ +static size_t +check_max_mpls_depth(struct dpif_backer *backer) +{ + struct flow flow; + int n; - for (i = 0; i < N_TABLES; i++) { - struct table_dpif *table = &ofproto->tables[i]; + for (n = 0; n < FLOW_MAX_MPLS_LABELS; n++) { + struct odputil_keybuf keybuf; + struct ofpbuf key; + int error; - table->catchall_table = NULL; - table->other_table = NULL; - table->basis = random_uint32(); + memset(&flow, 0, sizeof flow); + flow.dl_type = htons(ETH_TYPE_MPLS); + flow_set_mpls_bos(&flow, n, 1); + + ofpbuf_use_stack(&key, &keybuf, sizeof keybuf); + odp_flow_key_from_flow(&key, &flow, 0); + + error = dpif_flow_put(backer->dpif, DPIF_FP_CREATE | DPIF_FP_MODIFY, + key.data, key.size, NULL, 0, NULL, 0, NULL); + if (error && error != EEXIST) { + if (error != EINVAL) { + VLOG_WARN("%s: MPLS stack length feature probe failed (%s)", + dpif_name(backer->dpif), ovs_strerror(error)); + } + break; + } + + error = dpif_flow_del(backer->dpif, key.data, key.size, NULL); + if (error) { + VLOG_WARN("%s: failed to delete MPLS feature probe flow", + dpif_name(backer->dpif)); + } } - list_init(&ofproto->completions); + VLOG_INFO("%s: MPLS label stack length probed as %d", + dpif_name(backer->dpif), n); + return n; +} - ofproto_dpif_unixctl_init(); +static int +construct(struct ofproto *ofproto_) +{ + struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); + struct shash_node *node, *next; + int error; - ofproto->has_mirrors = false; - ofproto->has_bundle_action = false; + error = open_dpif_backer(ofproto->up.type, &ofproto->backer); + if (error) { + return error; + } + + ofproto->netflow = NULL; + ofproto->sflow = NULL; + ofproto->ipfix = NULL; + ofproto->stp = NULL; + ofproto->dump_seq = 0; + hmap_init(&ofproto->bundles); + ofproto->ml = mac_learning_create(MAC_ENTRY_DEFAULT_IDLE_TIME); + ofproto->mbridge = mbridge_create(); + ofproto->has_bonded_bundles = false; + ofproto->lacp_enabled = false; + ovs_mutex_init(&ofproto->stats_mutex); + ovs_mutex_init(&ofproto->vsp_mutex); + + guarded_list_init(&ofproto->pins); + + ofproto_dpif_unixctl_init(); hmap_init(&ofproto->vlandev_map); hmap_init(&ofproto->realdev_vid_map); @@ -1426,6 +1061,7 @@ construct(struct ofproto *ofproto_) sset_init(&ofproto->ghost_ports); sset_init(&ofproto->port_poll_set); ofproto->port_poll_errno = 0; + ofproto->change_seq = 0; SHASH_FOR_EACH_SAFE (node, next, &init_ofp_ports) { struct iface_hint *iface_hint = node->data; @@ -1451,9 +1087,6 @@ construct(struct ofproto *ofproto_) error = add_internal_flows(ofproto); ofproto->up.tables[TBL_INTERNAL].flags = OFTABLE_HIDDEN | OFTABLE_READONLY; - ofproto->n_hit = 0; - ofproto->n_missed = 0; - return error; } @@ -1470,6 +1103,7 @@ add_internal_flow(struct ofproto_dpif *ofproto, int id, fm.new_cookie = htonll(0); fm.cookie = htonll(0); fm.cookie_mask = htonll(0); + fm.modify_cookie = false; fm.table_id = TBL_INTERNAL; fm.command = OFPFC_ADD; fm.idle_timeout = 0; @@ -1487,8 +1121,12 @@ add_internal_flow(struct ofproto_dpif *ofproto, int id, return error; } - *rulep = rule_dpif_lookup__(ofproto, &fm.match.flow, TBL_INTERNAL); - ovs_assert(*rulep != NULL); + if (rule_dpif_lookup_in_table(ofproto, &fm.match.flow, NULL, TBL_INTERNAL, + rulep)) { + rule_dpif_unref(*rulep); + } else { + OVS_NOT_REACHED(); + } return 0; } @@ -1528,48 +1166,51 @@ add_internal_flows(struct ofproto_dpif *ofproto) return error; } -static void -complete_operations(struct ofproto_dpif *ofproto) -{ - struct dpif_completion *c, *next; - - LIST_FOR_EACH_SAFE (c, next, list_node, &ofproto->completions) { - ofoperation_complete(c->op, 0); - list_remove(&c->list_node); - free(c); - } -} - static void destruct(struct ofproto *ofproto_) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); struct rule_dpif *rule, *next_rule; + struct ofproto_packet_in *pin, *next_pin; struct oftable *table; - int i; + struct list pins; + + ofproto->backer->need_revalidate = REV_RECONFIGURE; + ovs_rwlock_wrlock(&xlate_rwlock); + xlate_remove_ofproto(ofproto); + ovs_rwlock_unlock(&xlate_rwlock); + + /* Discard any flow_miss_batches queued up for 'ofproto', avoiding a + * use-after-free error. */ + udpif_revalidate(ofproto->backer->udpif); hmap_remove(&all_ofproto_dpifs, &ofproto->all_ofproto_dpifs_node); - complete_operations(ofproto); OFPROTO_FOR_EACH_TABLE (table, &ofproto->up) { struct cls_cursor cursor; + fat_rwlock_rdlock(&table->cls.rwlock); cls_cursor_init(&cursor, &table->cls, NULL); + fat_rwlock_unlock(&table->cls.rwlock); CLS_CURSOR_FOR_EACH_SAFE (rule, next_rule, up.cr, &cursor) { - ofproto_rule_destroy(&rule->up); + ofproto_rule_delete(&ofproto->up, &rule->up); } } - for (i = 0; i < MAX_MIRRORS; i++) { - mirror_destroy(ofproto->mirrors[i]); + guarded_list_pop_all(&ofproto->pins, &pins); + LIST_FOR_EACH_SAFE (pin, next_pin, list_node, &pins) { + list_remove(&pin->list_node); + free(CONST_CAST(void *, pin->up.packet)); + free(pin); } + guarded_list_destroy(&ofproto->pins); - netflow_destroy(ofproto->netflow); - dpif_sflow_destroy(ofproto->sflow); - hmap_destroy(&ofproto->bundles); - mac_learning_destroy(ofproto->ml); + mbridge_unref(ofproto->mbridge); - hmap_destroy(&ofproto->facets); + netflow_unref(ofproto->netflow); + dpif_sflow_unref(ofproto->sflow); + hmap_destroy(&ofproto->bundles); + mac_learning_unref(ofproto->ml); hmap_destroy(&ofproto->vlandev_map); hmap_destroy(&ofproto->realdev_vid_map); @@ -1578,84 +1219,101 @@ destruct(struct ofproto *ofproto_) sset_destroy(&ofproto->ghost_ports); sset_destroy(&ofproto->port_poll_set); - close_dpif_backer(ofproto->backer); -} - -static int -run_fast(struct ofproto *ofproto_) -{ - struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); - struct ofport_dpif *ofport; - - /* Do not perform any periodic activity required by 'ofproto' while - * waiting for flow restore to complete. */ - if (ofproto_get_flow_restore_wait()) { - return 0; - } - - HMAP_FOR_EACH (ofport, up.hmap_node, &ofproto->up.ports) { - port_run_fast(ofport); - } + ovs_mutex_destroy(&ofproto->stats_mutex); + ovs_mutex_destroy(&ofproto->vsp_mutex); - return 0; + close_dpif_backer(ofproto->backer); } static int run(struct ofproto *ofproto_) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); - struct ofport_dpif *ofport; - struct ofbundle *bundle; - int error; + uint64_t new_seq, new_dump_seq; - if (!clogged) { - complete_operations(ofproto); + if (mbridge_need_revalidate(ofproto->mbridge)) { + ofproto->backer->need_revalidate = REV_RECONFIGURE; + ovs_rwlock_wrlock(&ofproto->ml->rwlock); + mac_learning_flush(ofproto->ml); + ovs_rwlock_unlock(&ofproto->ml->rwlock); } - /* Do not perform any periodic activity below required by 'ofproto' while + /* Do not perform any periodic activity required by 'ofproto' while * waiting for flow restore to complete. */ - if (ofproto_get_flow_restore_wait()) { - return 0; - } + if (!ofproto_get_flow_restore_wait()) { + struct ofproto_packet_in *pin, *next_pin; + struct list pins; - error = run_fast(ofproto_); - if (error) { - return error; + guarded_list_pop_all(&ofproto->pins, &pins); + LIST_FOR_EACH_SAFE (pin, next_pin, list_node, &pins) { + connmgr_send_packet_in(ofproto->up.connmgr, pin); + list_remove(&pin->list_node); + free(CONST_CAST(void *, pin->up.packet)); + free(pin); + } } if (ofproto->netflow) { - if (netflow_run(ofproto->netflow)) { - send_netflow_active_timeouts(ofproto); - } + netflow_run(ofproto->netflow); } if (ofproto->sflow) { dpif_sflow_run(ofproto->sflow); } + if (ofproto->ipfix) { + dpif_ipfix_run(ofproto->ipfix); + } + + new_seq = seq_read(connectivity_seq_get()); + if (ofproto->change_seq != new_seq) { + struct ofport_dpif *ofport; + + HMAP_FOR_EACH (ofport, up.hmap_node, &ofproto->up.ports) { + port_run(ofport); + } - HMAP_FOR_EACH (ofport, up.hmap_node, &ofproto->up.ports) { - port_run(ofport); + ofproto->change_seq = new_seq; } - HMAP_FOR_EACH (bundle, hmap_node, &ofproto->bundles) { - bundle_run(bundle); + if (ofproto->lacp_enabled || ofproto->has_bonded_bundles) { + struct ofbundle *bundle; + + HMAP_FOR_EACH (bundle, hmap_node, &ofproto->bundles) { + bundle_run(bundle); + } } stp_run(ofproto); - mac_learning_run(ofproto->ml, &ofproto->backer->revalidate_set); - - /* Check the consistency of a random facet, to aid debugging. */ - if (time_msec() >= ofproto->consistency_rl - && !hmap_is_empty(&ofproto->facets) - && !ofproto->backer->need_revalidate) { - struct facet *facet; - - ofproto->consistency_rl = time_msec() + 250; - - facet = CONTAINER_OF(hmap_random_node(&ofproto->facets), - struct facet, hmap_node); - if (!tag_set_intersects(&ofproto->backer->revalidate_set, - facet->xout.tags)) { - if (!facet_check_consistency(facet)) { - ofproto->backer->need_revalidate = REV_INCONSISTENCY; + ovs_rwlock_wrlock(&ofproto->ml->rwlock); + if (mac_learning_run(ofproto->ml)) { + ofproto->backer->need_revalidate = REV_MAC_LEARNING; + } + ovs_rwlock_unlock(&ofproto->ml->rwlock); + + new_dump_seq = seq_read(udpif_dump_seq(ofproto->backer->udpif)); + if (ofproto->dump_seq != new_dump_seq) { + struct rule *rule, *next_rule; + + /* We know stats are relatively fresh, so now is a good time to do some + * periodic work. */ + ofproto->dump_seq = new_dump_seq; + + /* Expire OpenFlow flows whose idle_timeout or hard_timeout + * has passed. */ + ovs_mutex_lock(&ofproto_mutex); + LIST_FOR_EACH_SAFE (rule, next_rule, expirable, + &ofproto->up.expirable) { + rule_expire(rule_dpif_cast(rule)); + } + ovs_mutex_unlock(&ofproto_mutex); + + /* All outstanding data in existing flows has been accounted, so it's a + * good time to do bond rebalancing. */ + if (ofproto->has_bonded_bundles) { + struct ofbundle *bundle; + + HMAP_FOR_EACH (bundle, hmap_node, &ofproto->bundles) { + if (bundle->bond) { + bond_rebalance(bundle->bond); + } } } } @@ -1667,86 +1325,55 @@ static void wait(struct ofproto *ofproto_) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); - struct ofport_dpif *ofport; - struct ofbundle *bundle; - - if (!clogged && !list_is_empty(&ofproto->completions)) { - poll_immediate_wake(); - } if (ofproto_get_flow_restore_wait()) { return; } - dpif_wait(ofproto->backer->dpif); - dpif_recv_wait(ofproto->backer->dpif); if (ofproto->sflow) { dpif_sflow_wait(ofproto->sflow); } - if (!tag_set_is_empty(&ofproto->backer->revalidate_set)) { - poll_immediate_wake(); - } - HMAP_FOR_EACH (ofport, up.hmap_node, &ofproto->up.ports) { - port_wait(ofport); + if (ofproto->ipfix) { + dpif_ipfix_wait(ofproto->ipfix); } - HMAP_FOR_EACH (bundle, hmap_node, &ofproto->bundles) { - bundle_wait(bundle); + if (ofproto->lacp_enabled || ofproto->has_bonded_bundles) { + struct ofbundle *bundle; + + HMAP_FOR_EACH (bundle, hmap_node, &ofproto->bundles) { + bundle_wait(bundle); + } } if (ofproto->netflow) { netflow_wait(ofproto->netflow); } + ovs_rwlock_rdlock(&ofproto->ml->rwlock); mac_learning_wait(ofproto->ml); + ovs_rwlock_unlock(&ofproto->ml->rwlock); stp_wait(ofproto); if (ofproto->backer->need_revalidate) { /* Shouldn't happen, but if it does just go around again. */ VLOG_DBG_RL(&rl, "need revalidate in ofproto_wait_cb()"); poll_immediate_wake(); } + + seq_wait(udpif_dump_seq(ofproto->backer->udpif), ofproto->dump_seq); } static void -get_memory_usage(const struct ofproto *ofproto_, struct simap *usage) +type_get_memory_usage(const char *type, struct simap *usage) { - const struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); - size_t n_subfacets = 0; - struct facet *facet; + struct dpif_backer *backer; - simap_increase(usage, "facets", hmap_count(&ofproto->facets)); - HMAP_FOR_EACH (facet, hmap_node, &ofproto->facets) { - n_subfacets += list_size(&facet->subfacets); + backer = shash_find_data(&all_dpif_backers, type); + if (backer) { + udpif_get_memory_usage(backer->udpif, usage); } - simap_increase(usage, "subfacets", n_subfacets); } static void -flush(struct ofproto *ofproto_) +flush(struct ofproto *ofproto OVS_UNUSED) { - struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); - struct subfacet *subfacet, *next_subfacet; - struct subfacet *batch[SUBFACET_DESTROY_MAX_BATCH]; - int n_batch; - - n_batch = 0; - HMAP_FOR_EACH_SAFE (subfacet, next_subfacet, hmap_node, - &ofproto->backer->subfacets) { - if (ofproto_dpif_cast(subfacet->facet->rule->up.ofproto) != ofproto) { - continue; - } - - if (subfacet->path != SF_NOT_INSTALLED) { - batch[n_batch++] = subfacet; - if (n_batch >= SUBFACET_DESTROY_MAX_BATCH) { - subfacet_destroy_batch(ofproto->backer, batch, n_batch); - n_batch = 0; - } - } else { - subfacet_destroy(subfacet); - } - } - - if (n_batch > 0) { - subfacet_destroy_batch(ofproto->backer, batch, n_batch); - } + udpif_flush(); } static void @@ -1816,15 +1443,17 @@ port_construct(struct ofport *port_) port->bundle = NULL; port->cfm = NULL; port->bfd = NULL; - port->tag = tag_create_random(); port->may_enable = true; port->stp_port = NULL; port->stp_state = STP_DISABLED; - port->tnl_port = NULL; - hmap_init(&port->priorities); + port->is_tunnel = false; + port->peer = NULL; + port->qdscp = NULL; + port->n_qdscp = 0; port->realdev_ofp_port = 0; port->vlandev_vid = 0; port->carrier_seq = netdev_get_carrier_resets(netdev); + port->is_layer3 = netdev_vport_is_layer3(netdev); if (netdev_vport_is_patch(netdev)) { /* By bailing out here, we don't submit the port to the sFlow module @@ -1832,7 +1461,8 @@ port_construct(struct ofport *port_) * because the patch port represents an interface that sFlow considers * to be "internal" to the switch as a whole, and therefore not an * candidate for counter polling. */ - port->odp_port = OVSP_NONE; + port->odp_port = ODPP_NONE; + ofport_update_peer(port); return 0; } @@ -1847,7 +1477,8 @@ port_construct(struct ofport *port_) port->odp_port = dpif_port.port_no; if (netdev_get_tunnel_config(netdev)) { - port->tnl_port = tnl_port_add(&port->up, port->odp_port); + tnl_port_add(port, port->up.netdev, port->odp_port); + port->is_tunnel = true; } else { /* Sanity-check that a mapping doesn't already exist. This * shouldn't happen for non-tunnel ports. */ @@ -1858,8 +1489,10 @@ port_construct(struct ofport *port_) return EBUSY; } + ovs_rwlock_wrlock(&ofproto->backer->odp_to_ofport_lock); hmap_insert(&ofproto->backer->odp_to_ofport_map, &port->odp_port_node, - hash_int(port->odp_port, 0)); + hash_odp_port(port->odp_port)); + ovs_rwlock_unlock(&ofproto->backer->odp_to_ofport_lock); } dpif_port_destroy(&dpif_port); @@ -1879,6 +1512,11 @@ port_destruct(struct ofport *port_) char namebuf[NETDEV_VPORT_NAME_BUFSIZE]; const char *dp_port_name; + ofproto->backer->need_revalidate = REV_RECONFIGURE; + ovs_rwlock_wrlock(&xlate_rwlock); + xlate_ofport_remove(port); + ovs_rwlock_unlock(&xlate_rwlock); + dp_port_name = netdev_vport_get_dpif_port(port->up.netdev, namebuf, sizeof namebuf); if (dpif_port_exists(ofproto->backer->dpif, dp_port_name)) { @@ -1886,20 +1524,25 @@ port_destruct(struct ofport *port_) * happens when the ofproto is being destroyed, since the caller * assumes that removal of attached ports will happen as part of * destruction. */ - if (!port->tnl_port) { + if (!port->is_tunnel) { dpif_port_del(ofproto->backer->dpif, port->odp_port); } - ofproto->backer->need_revalidate = REV_RECONFIGURE; } - if (port->odp_port != OVSP_NONE && !port->tnl_port) { + if (port->peer) { + port->peer->peer = NULL; + port->peer = NULL; + } + + if (port->odp_port != ODPP_NONE && !port->is_tunnel) { + ovs_rwlock_wrlock(&ofproto->backer->odp_to_ofport_lock); hmap_remove(&ofproto->backer->odp_to_ofport_map, &port->odp_port_node); + ovs_rwlock_unlock(&ofproto->backer->odp_to_ofport_lock); } - tnl_port_del(port->tnl_port); + tnl_port_del(port); sset_find_and_delete(&ofproto->ports, devname); sset_find_and_delete(&ofproto->ghost_ports, devname); - ofproto->backer->need_revalidate = REV_RECONFIGURE; bundle_remove(port_); set_cfm(port_, NULL); set_bfd(port_, NULL); @@ -1907,8 +1550,7 @@ port_destruct(struct ofport *port_) dpif_sflow_del_port(ofproto->sflow, port->odp_port); } - ofport_clear_priorities(port); - hmap_destroy(&port->priorities); + free(port->qdscp); } static void @@ -1923,6 +1565,21 @@ port_modified(struct ofport *port_) if (port->cfm) { cfm_set_netdev(port->cfm, port->up.netdev); } + + if (port->bfd) { + bfd_set_netdev(port->bfd, port->up.netdev); + } + + ofproto_dpif_monitor_port_update(port, port->bfd, port->cfm, + port->up.pp.hw_addr); + + if (port->is_tunnel && tnl_port_reconfigure(port, port->up.netdev, + port->odp_port)) { + ofproto_dpif_cast(port->up.ofproto)->backer->need_revalidate = + REV_RECONFIGURE; + } + + ofport_update_peer(port); } static void @@ -1963,7 +1620,7 @@ set_sflow(struct ofproto *ofproto_, dpif_sflow_set_options(ds, sflow_options); } else { if (ds) { - dpif_sflow_destroy(ds); + dpif_sflow_unref(ds); ofproto->backer->need_revalidate = REV_RECONFIGURE; ofproto->sflow = NULL; } @@ -1980,20 +1637,25 @@ set_ipfix( { struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); struct dpif_ipfix *di = ofproto->ipfix; + bool has_options = bridge_exporter_options || flow_exporters_options; - if (bridge_exporter_options || flow_exporters_options) { - if (!di) { - di = ofproto->ipfix = dpif_ipfix_create(); - } + if (has_options && !di) { + di = ofproto->ipfix = dpif_ipfix_create(); + } + + if (di) { + /* Call set_options in any case to cleanly flush the flow + * caches in the last exporters that are to be destroyed. */ dpif_ipfix_set_options( di, bridge_exporter_options, flow_exporters_options, n_flow_exporters_options); - } else { - if (di) { - dpif_ipfix_destroy(di); + + if (!has_options) { + dpif_ipfix_unref(di); ofproto->ipfix = NULL; } } + return 0; } @@ -2001,11 +1663,9 @@ static int set_cfm(struct ofport *ofport_, const struct cfm_settings *s) { struct ofport_dpif *ofport = ofport_dpif_cast(ofport_); - int error; + int error = 0; - if (!s) { - error = 0; - } else { + if (s) { if (!ofport->cfm) { struct ofproto_dpif *ofproto; @@ -2015,13 +1675,17 @@ set_cfm(struct ofport *ofport_, const struct cfm_settings *s) } if (cfm_configure(ofport->cfm, s)) { - return 0; + error = 0; + goto out; } error = EINVAL; } - cfm_destroy(ofport->cfm); + cfm_unref(ofport->cfm); ofport->cfm = NULL; +out: + ofproto_dpif_monitor_port_update(ofport, ofport->bfd, ofport->cfm, + ofport->up.pp.hw_addr); return error; } @@ -2033,6 +1697,7 @@ get_cfm_status(const struct ofport *ofport_, if (ofport->cfm) { status->faults = cfm_get_fault(ofport->cfm); + status->flap_count = cfm_get_flap_count(ofport->cfm); status->remote_opstate = cfm_get_opup(ofport->cfm); status->health = cfm_get_health(ofport->cfm); cfm_get_remote_mpids(ofport->cfm, &status->rmps, &status->n_rmps); @@ -2050,11 +1715,13 @@ set_bfd(struct ofport *ofport_, const struct smap *cfg) struct bfd *old; old = ofport->bfd; - ofport->bfd = bfd_configure(old, netdev_get_name(ofport->up.netdev), cfg); + ofport->bfd = bfd_configure(old, netdev_get_name(ofport->up.netdev), + cfg, ofport->up.netdev); if (ofport->bfd != old) { ofproto->backer->need_revalidate = REV_RECONFIGURE; } - + ofproto_dpif_monitor_port_update(ofport, ofport->bfd, ofport->cfm, + ofport->up.pp.hw_addr); return 0; } @@ -2092,7 +1759,7 @@ send_bpdu_cb(struct ofpbuf *pkt, int port_num, void *ofproto_) VLOG_WARN_RL(&rl, "%s: cannot send BPDU on port %d " "with unknown MAC", ofproto->up.name, port_num); } else { - send_packet(ofport, pkt); + ofproto_dpif_send_packet(ofport, pkt); } } ofpbuf_delete(pkt); @@ -2128,7 +1795,7 @@ set_stp(struct ofproto *ofproto_, const struct ofproto_stp_settings *s) set_stp_port(ofport, NULL); } - stp_destroy(ofproto->stp); + stp_unref(ofproto->stp); ofproto->stp = NULL; } @@ -2174,8 +1841,9 @@ update_stp_port_state(struct ofport_dpif *ofport) if (stp_learn_in_state(ofport->stp_state) != stp_learn_in_state(state)) { /* xxx Learning action flows should also be flushed. */ - mac_learning_flush(ofproto->ml, - &ofproto->backer->revalidate_set); + ovs_rwlock_wrlock(&ofproto->ml->rwlock); + mac_learning_flush(ofproto->ml); + ovs_rwlock_unlock(&ofproto->ml->rwlock); } fwd_change = stp_forward_in_state(ofport->stp_state) != stp_forward_in_state(state); @@ -2254,6 +1922,24 @@ get_stp_port_status(struct ofport *ofport_, s->state = stp_port_get_state(sp); s->sec_in_state = (time_msec() - ofport->stp_state_entered) / 1000; s->role = stp_port_get_role(sp); + + return 0; +} + +static int +get_stp_port_stats(struct ofport *ofport_, + struct ofproto_port_stp_stats *s) +{ + struct ofport_dpif *ofport = ofport_dpif_cast(ofport_); + struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofport->up.ofproto); + struct stp_port *sp = ofport->stp_port; + + if (!ofproto->stp || !sp) { + s->enabled = false; + return 0; + } + + s->enabled = true; stp_port_get_counts(sp, &s->tx_count, &s->rx_count, &s->error_count); return 0; @@ -2280,7 +1966,9 @@ stp_run(struct ofproto_dpif *ofproto) } if (stp_check_and_reset_fdb_flush(ofproto->stp)) { - mac_learning_flush(ofproto->ml, &ofproto->backer->revalidate_set); + ovs_rwlock_wrlock(&ofproto->ml->rwlock); + mac_learning_flush(ofproto->ml); + ovs_rwlock_unlock(&ofproto->ml->rwlock); } } } @@ -2292,111 +1980,25 @@ stp_wait(struct ofproto_dpif *ofproto) poll_timer_wait(1000); } } - -/* Returns true if STP should process 'flow'. */ -static bool -stp_should_process_flow(const struct flow *flow) -{ - return eth_addr_equals(flow->dl_dst, eth_addr_stp); -} - -static void -stp_process_packet(const struct ofport_dpif *ofport, - const struct ofpbuf *packet) -{ - struct ofpbuf payload = *packet; - struct eth_header *eth = payload.data; - struct stp_port *sp = ofport->stp_port; - - /* Sink packets on ports that have STP disabled when the bridge has - * STP enabled. */ - if (!sp || stp_port_get_state(sp) == STP_DISABLED) { - return; - } - - /* Trim off padding on payload. */ - if (payload.size > ntohs(eth->eth_type) + ETH_HEADER_LEN) { - payload.size = ntohs(eth->eth_type) + ETH_HEADER_LEN; - } - - if (ofpbuf_try_pull(&payload, ETH_HEADER_LEN + LLC_HEADER_LEN)) { - stp_received_bpdu(sp, payload.data, payload.size); - } -} -static struct priority_to_dscp * -get_priority(const struct ofport_dpif *ofport, uint32_t priority) -{ - struct priority_to_dscp *pdscp; - uint32_t hash; - - hash = hash_int(priority, 0); - HMAP_FOR_EACH_IN_BUCKET (pdscp, hmap_node, hash, &ofport->priorities) { - if (pdscp->priority == priority) { - return pdscp; - } - } - return NULL; -} - -static void -ofport_clear_priorities(struct ofport_dpif *ofport) -{ - struct priority_to_dscp *pdscp, *next; - - HMAP_FOR_EACH_SAFE (pdscp, next, hmap_node, &ofport->priorities) { - hmap_remove(&ofport->priorities, &pdscp->hmap_node); - free(pdscp); - } -} - static int -set_queues(struct ofport *ofport_, - const struct ofproto_port_queue *qdscp_list, +set_queues(struct ofport *ofport_, const struct ofproto_port_queue *qdscp, size_t n_qdscp) { struct ofport_dpif *ofport = ofport_dpif_cast(ofport_); struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofport->up.ofproto); - struct hmap new = HMAP_INITIALIZER(&new); - size_t i; - - for (i = 0; i < n_qdscp; i++) { - struct priority_to_dscp *pdscp; - uint32_t priority; - uint8_t dscp; - - dscp = (qdscp_list[i].dscp << 2) & IP_DSCP_MASK; - if (dpif_queue_to_priority(ofproto->backer->dpif, qdscp_list[i].queue, - &priority)) { - continue; - } - - pdscp = get_priority(ofport, priority); - if (pdscp) { - hmap_remove(&ofport->priorities, &pdscp->hmap_node); - } else { - pdscp = xmalloc(sizeof *pdscp); - pdscp->priority = priority; - pdscp->dscp = dscp; - ofproto->backer->need_revalidate = REV_RECONFIGURE; - } - - if (pdscp->dscp != dscp) { - pdscp->dscp = dscp; - ofproto->backer->need_revalidate = REV_RECONFIGURE; - } - - hmap_insert(&new, &pdscp->hmap_node, hash_int(pdscp->priority, 0)); - } - if (!hmap_is_empty(&ofport->priorities)) { - ofport_clear_priorities(ofport); + if (ofport->n_qdscp != n_qdscp + || (n_qdscp && memcmp(ofport->qdscp, qdscp, + n_qdscp * sizeof *qdscp))) { ofproto->backer->need_revalidate = REV_RECONFIGURE; + free(ofport->qdscp); + ofport->qdscp = n_qdscp + ? xmemdup(qdscp, n_qdscp * sizeof *qdscp) + : NULL; + ofport->n_qdscp = n_qdscp; } - hmap_swap(&new, &ofport->priorities); - hmap_destroy(&new); - return 0; } @@ -2419,6 +2021,7 @@ bundle_flush_macs(struct ofbundle *bundle, bool all_ofprotos) struct mac_entry *mac, *next_mac; ofproto->backer->need_revalidate = REV_RECONFIGURE; + ovs_rwlock_wrlock(&ml->rwlock); LIST_FOR_EACH_SAFE (mac, next_mac, lru_node, &ml->lrus) { if (mac->port.p == bundle) { if (all_ofprotos) { @@ -2428,11 +2031,12 @@ bundle_flush_macs(struct ofbundle *bundle, bool all_ofprotos) if (o != ofproto) { struct mac_entry *e; - e = mac_learning_lookup(o->ml, mac->mac, mac->vlan, - NULL); + ovs_rwlock_wrlock(&o->ml->rwlock); + e = mac_learning_lookup(o->ml, mac->mac, mac->vlan); if (e) { mac_learning_expire(o->ml, e); } + ovs_rwlock_unlock(&o->ml->rwlock); } } } @@ -2440,6 +2044,7 @@ bundle_flush_macs(struct ofbundle *bundle, bool all_ofprotos) mac_learning_expire(ml, mac); } } + ovs_rwlock_unlock(&ml->rwlock); } static struct ofbundle * @@ -2456,24 +2061,6 @@ bundle_lookup(const struct ofproto_dpif *ofproto, void *aux) return NULL; } -/* Looks up each of the 'n_auxes' pointers in 'auxes' as bundles and adds the - * ones that are found to 'bundles'. */ -static void -bundle_lookup_multiple(struct ofproto_dpif *ofproto, - void **auxes, size_t n_auxes, - struct hmapx *bundles) -{ - size_t i; - - hmapx_init(bundles); - for (i = 0; i < n_auxes; i++) { - struct ofbundle *bundle = bundle_lookup(ofproto, auxes[i]); - if (bundle) { - hmapx_add(bundles, bundle); - } - } -} - static void bundle_update(struct ofbundle *bundle) { @@ -2482,6 +2069,7 @@ bundle_update(struct ofbundle *bundle) bundle->floodable = true; LIST_FOR_EACH (port, bundle_node, &bundle->ports) { if (port->up.pp.config & OFPUTIL_PC_NO_FLOOD + || port->is_layer3 || !stp_forward_in_state(port->stp_state)) { bundle->floodable = false; break; @@ -2510,7 +2098,7 @@ bundle_del_port(struct ofport_dpif *port) } static bool -bundle_add_port(struct ofbundle *bundle, uint16_t ofp_port, +bundle_add_port(struct ofbundle *bundle, ofp_port_t ofp_port, struct lacp_slave_settings *lacp) { struct ofport_dpif *port; @@ -2523,12 +2111,13 @@ bundle_add_port(struct ofbundle *bundle, uint16_t ofp_port, if (port->bundle != bundle) { bundle->ofproto->backer->need_revalidate = REV_RECONFIGURE; if (port->bundle) { - bundle_del_port(port); + bundle_remove(&port->up); } port->bundle = bundle; list_push_back(&bundle->ports, &port->bundle_node); if (port->up.pp.config & OFPUTIL_PC_NO_FLOOD + || port->is_layer3 || !stp_forward_in_state(port->stp_state)) { bundle->floodable = false; } @@ -2546,24 +2135,17 @@ bundle_destroy(struct ofbundle *bundle) { struct ofproto_dpif *ofproto; struct ofport_dpif *port, *next_port; - int i; if (!bundle) { return; } ofproto = bundle->ofproto; - for (i = 0; i < MAX_MIRRORS; i++) { - struct ofmirror *m = ofproto->mirrors[i]; - if (m) { - if (m->out == bundle) { - mirror_destroy(m); - } else if (hmapx_find_and_delete(&m->srcs, bundle) - || hmapx_find_and_delete(&m->dsts, bundle)) { - ofproto->backer->need_revalidate = REV_RECONFIGURE; - } - } - } + mbridge_unregister_bundle(ofproto->mbridge, bundle->aux); + + ovs_rwlock_wrlock(&xlate_rwlock); + xlate_bundle_remove(bundle); + ovs_rwlock_unlock(&xlate_rwlock); LIST_FOR_EACH_SAFE (port, next_port, bundle_node, &bundle->ports) { bundle_del_port(port); @@ -2573,8 +2155,8 @@ bundle_destroy(struct ofbundle *bundle) hmap_remove(&ofproto->bundles, &bundle->hmap_node); free(bundle->name); free(bundle->trunks); - lacp_destroy(bundle->lacp); - bond_destroy(bundle->bond); + lacp_unref(bundle->lacp); + bond_unref(bundle->bond); free(bundle); } @@ -2618,10 +2200,7 @@ bundle_set(struct ofproto *ofproto_, void *aux, bundle->bond = NULL; bundle->floodable = true; - - bundle->src_mirrors = 0; - bundle->dst_mirrors = 0; - bundle->mirror_out = 0; + mbridge_register_bundle(ofproto->mbridge, bundle); } if (!bundle->name || strcmp(s->name, bundle->name)) { @@ -2631,13 +2210,14 @@ bundle_set(struct ofproto *ofproto_, void *aux, /* LACP. */ if (s->lacp) { + ofproto->lacp_enabled = true; if (!bundle->lacp) { ofproto->backer->need_revalidate = REV_RECONFIGURE; bundle->lacp = lacp_create(); } lacp_configure(bundle->lacp, s->lacp); } else { - lacp_destroy(bundle->lacp); + lacp_unref(bundle->lacp); bundle->lacp = NULL; } @@ -2716,7 +2296,7 @@ bundle_set(struct ofproto *ofproto_, void *aux, break; default: - NOT_REACHED(); + OVS_NOT_REACHED(); } if (!vlan_bitmap_equal(trunks, bundle->trunks)) { free(bundle->trunks); @@ -2748,7 +2328,7 @@ bundle_set(struct ofproto *ofproto_, void *aux, bond_slave_register(bundle->bond, port, port->up.netdev); } } else { - bond_destroy(bundle->bond); + bond_unref(bundle->bond); bundle->bond = NULL; } @@ -2772,7 +2352,7 @@ bundle_remove(struct ofport *port_) if (list_is_empty(&bundle->ports)) { bundle_destroy(bundle); } else if (list_is_short(&bundle->ports)) { - bond_destroy(bundle->bond); + bond_unref(bundle->bond); bundle->bond = NULL; } } @@ -2796,12 +2376,12 @@ send_pdu_cb(void *port_, const void *pdu, size_t pdu_size) pdu_size); memcpy(packet_pdu, pdu, pdu_size); - send_packet(port, &packet); + ofproto_dpif_send_packet(port, &packet); ofpbuf_uninit(&packet); } else { VLOG_ERR_RL(&rl, "port %s: cannot obtain Ethernet address of iface " "%s (%s)", port->bundle->name, - netdev_get_name(port->up.netdev), strerror(error)); + netdev_get_name(port->up.netdev), ovs_strerror(error)); } } @@ -2809,38 +2389,44 @@ static void bundle_send_learning_packets(struct ofbundle *bundle) { struct ofproto_dpif *ofproto = bundle->ofproto; + struct ofpbuf *learning_packet; int error, n_packets, n_errors; struct mac_entry *e; + struct list packets; - error = n_packets = n_errors = 0; + list_init(&packets); + ovs_rwlock_rdlock(&ofproto->ml->rwlock); LIST_FOR_EACH (e, lru_node, &ofproto->ml->lrus) { if (e->port.p != bundle) { - struct ofpbuf *learning_packet; - struct ofport_dpif *port; void *port_void; - int ret; - /* The assignment to "port" is unnecessary but makes "grep"ing for - * struct ofport_dpif more effective. */ learning_packet = bond_compose_learning_packet(bundle->bond, e->mac, e->vlan, &port_void); - port = port_void; - ret = send_packet(port, learning_packet); - ofpbuf_delete(learning_packet); - if (ret) { - error = ret; - n_errors++; - } - n_packets++; + learning_packet->private_p = port_void; + list_push_back(&packets, &learning_packet->list_node); } } + ovs_rwlock_unlock(&ofproto->ml->rwlock); + + error = n_packets = n_errors = 0; + LIST_FOR_EACH (learning_packet, list_node, &packets) { + int ret; + + ret = ofproto_dpif_send_packet(learning_packet->private_p, learning_packet); + if (ret) { + error = ret; + n_errors++; + } + n_packets++; + } + ofpbuf_list_delete(&packets); if (n_errors) { static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); VLOG_WARN_RL(&rl, "bond %s: %d errors sending %d gratuitous learning " "packets, last error was: %s", - bundle->name, n_errors, n_packets, strerror(error)); + bundle->name, n_errors, n_packets, ovs_strerror(error)); } else { VLOG_DBG("bond %s: sent %d gratuitous learning packets", bundle->name, n_packets); @@ -2860,8 +2446,10 @@ bundle_run(struct ofbundle *bundle) bond_slave_set_may_enable(bundle->bond, port, port->may_enable); } - bond_run(bundle->bond, &bundle->ofproto->backer->revalidate_set, - lacp_status(bundle->lacp)); + if (bond_run(bundle->bond, lacp_status(bundle->lacp))) { + bundle->ofproto->backer->need_revalidate = REV_BOND; + } + if (bond_should_send_learning_packets(bundle->bond)) { bundle_send_learning_packets(bundle); } @@ -2882,247 +2470,55 @@ bundle_wait(struct ofbundle *bundle) /* Mirrors. */ static int -mirror_scan(struct ofproto_dpif *ofproto) +mirror_set__(struct ofproto *ofproto_, void *aux, + const struct ofproto_mirror_settings *s) { - int idx; + struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); + struct ofbundle **srcs, **dsts; + int error; + size_t i; - for (idx = 0; idx < MAX_MIRRORS; idx++) { - if (!ofproto->mirrors[idx]) { - return idx; - } + if (!s) { + mirror_destroy(ofproto->mbridge, aux); + return 0; } - return -1; -} -static struct ofmirror * -mirror_lookup(struct ofproto_dpif *ofproto, void *aux) -{ - int i; + srcs = xmalloc(s->n_srcs * sizeof *srcs); + dsts = xmalloc(s->n_dsts * sizeof *dsts); - for (i = 0; i < MAX_MIRRORS; i++) { - struct ofmirror *mirror = ofproto->mirrors[i]; - if (mirror && mirror->aux == aux) { - return mirror; - } + for (i = 0; i < s->n_srcs; i++) { + srcs[i] = bundle_lookup(ofproto, s->srcs[i]); } - return NULL; + for (i = 0; i < s->n_dsts; i++) { + dsts[i] = bundle_lookup(ofproto, s->dsts[i]); + } + + error = mirror_set(ofproto->mbridge, aux, s->name, srcs, s->n_srcs, dsts, + s->n_dsts, s->src_vlans, + bundle_lookup(ofproto, s->out_bundle), s->out_vlan); + free(srcs); + free(dsts); + return error; } -/* Update the 'dup_mirrors' member of each of the ofmirrors in 'ofproto'. */ -static void -mirror_update_dups(struct ofproto_dpif *ofproto) +static int +mirror_get_stats__(struct ofproto *ofproto, void *aux, + uint64_t *packets, uint64_t *bytes) { - int i; - - for (i = 0; i < MAX_MIRRORS; i++) { - struct ofmirror *m = ofproto->mirrors[i]; - - if (m) { - m->dup_mirrors = MIRROR_MASK_C(1) << i; - } - } - - for (i = 0; i < MAX_MIRRORS; i++) { - struct ofmirror *m1 = ofproto->mirrors[i]; - int j; - - if (!m1) { - continue; - } - - for (j = i + 1; j < MAX_MIRRORS; j++) { - struct ofmirror *m2 = ofproto->mirrors[j]; - - if (m2 && m1->out == m2->out && m1->out_vlan == m2->out_vlan) { - m1->dup_mirrors |= MIRROR_MASK_C(1) << j; - m2->dup_mirrors |= m1->dup_mirrors; - } - } - } -} - -static int -mirror_set(struct ofproto *ofproto_, void *aux, - const struct ofproto_mirror_settings *s) -{ - struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); - mirror_mask_t mirror_bit; - struct ofbundle *bundle; - struct ofmirror *mirror; - struct ofbundle *out; - struct hmapx srcs; /* Contains "struct ofbundle *"s. */ - struct hmapx dsts; /* Contains "struct ofbundle *"s. */ - int out_vlan; - - mirror = mirror_lookup(ofproto, aux); - if (!s) { - mirror_destroy(mirror); - return 0; - } - if (!mirror) { - int idx; - - idx = mirror_scan(ofproto); - if (idx < 0) { - VLOG_WARN("bridge %s: maximum of %d port mirrors reached, " - "cannot create %s", - ofproto->up.name, MAX_MIRRORS, s->name); - return EFBIG; - } - - mirror = ofproto->mirrors[idx] = xzalloc(sizeof *mirror); - mirror->ofproto = ofproto; - mirror->idx = idx; - mirror->aux = aux; - mirror->out_vlan = -1; - mirror->name = NULL; - } - - if (!mirror->name || strcmp(s->name, mirror->name)) { - free(mirror->name); - mirror->name = xstrdup(s->name); - } - - /* Get the new configuration. */ - if (s->out_bundle) { - out = bundle_lookup(ofproto, s->out_bundle); - if (!out) { - mirror_destroy(mirror); - return EINVAL; - } - out_vlan = -1; - } else { - out = NULL; - out_vlan = s->out_vlan; - } - bundle_lookup_multiple(ofproto, s->srcs, s->n_srcs, &srcs); - bundle_lookup_multiple(ofproto, s->dsts, s->n_dsts, &dsts); - - /* If the configuration has not changed, do nothing. */ - if (hmapx_equals(&srcs, &mirror->srcs) - && hmapx_equals(&dsts, &mirror->dsts) - && vlan_bitmap_equal(mirror->vlans, s->src_vlans) - && mirror->out == out - && mirror->out_vlan == out_vlan) - { - hmapx_destroy(&srcs); - hmapx_destroy(&dsts); - return 0; - } - - hmapx_swap(&srcs, &mirror->srcs); - hmapx_destroy(&srcs); - - hmapx_swap(&dsts, &mirror->dsts); - hmapx_destroy(&dsts); - - free(mirror->vlans); - mirror->vlans = vlan_bitmap_clone(s->src_vlans); - - mirror->out = out; - mirror->out_vlan = out_vlan; - - /* Update bundles. */ - mirror_bit = MIRROR_MASK_C(1) << mirror->idx; - HMAP_FOR_EACH (bundle, hmap_node, &mirror->ofproto->bundles) { - if (hmapx_contains(&mirror->srcs, bundle)) { - bundle->src_mirrors |= mirror_bit; - } else { - bundle->src_mirrors &= ~mirror_bit; - } - - if (hmapx_contains(&mirror->dsts, bundle)) { - bundle->dst_mirrors |= mirror_bit; - } else { - bundle->dst_mirrors &= ~mirror_bit; - } - - if (mirror->out == bundle) { - bundle->mirror_out |= mirror_bit; - } else { - bundle->mirror_out &= ~mirror_bit; - } - } - - ofproto->backer->need_revalidate = REV_RECONFIGURE; - ofproto->has_mirrors = true; - mac_learning_flush(ofproto->ml, - &ofproto->backer->revalidate_set); - mirror_update_dups(ofproto); - - return 0; -} - -static void -mirror_destroy(struct ofmirror *mirror) -{ - struct ofproto_dpif *ofproto; - mirror_mask_t mirror_bit; - struct ofbundle *bundle; - int i; - - if (!mirror) { - return; - } - - ofproto = mirror->ofproto; - ofproto->backer->need_revalidate = REV_RECONFIGURE; - mac_learning_flush(ofproto->ml, &ofproto->backer->revalidate_set); - - mirror_bit = MIRROR_MASK_C(1) << mirror->idx; - HMAP_FOR_EACH (bundle, hmap_node, &ofproto->bundles) { - bundle->src_mirrors &= ~mirror_bit; - bundle->dst_mirrors &= ~mirror_bit; - bundle->mirror_out &= ~mirror_bit; - } - - hmapx_destroy(&mirror->srcs); - hmapx_destroy(&mirror->dsts); - free(mirror->vlans); - - ofproto->mirrors[mirror->idx] = NULL; - free(mirror->name); - free(mirror); - - mirror_update_dups(ofproto); - - ofproto->has_mirrors = false; - for (i = 0; i < MAX_MIRRORS; i++) { - if (ofproto->mirrors[i]) { - ofproto->has_mirrors = true; - break; - } - } -} - -static int -mirror_get_stats(struct ofproto *ofproto_, void *aux, - uint64_t *packets, uint64_t *bytes) -{ - struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); - struct ofmirror *mirror = mirror_lookup(ofproto, aux); - - if (!mirror) { - *packets = *bytes = UINT64_MAX; - return 0; - } - - push_all_stats(); - - *packets = mirror->packet_count; - *bytes = mirror->byte_count; - - return 0; + return mirror_get_stats(ofproto_dpif_cast(ofproto)->mbridge, aux, packets, + bytes); } static int set_flood_vlans(struct ofproto *ofproto_, unsigned long *flood_vlans) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); + ovs_rwlock_wrlock(&ofproto->ml->rwlock); if (mac_learning_set_flood_vlans(ofproto->ml, flood_vlans)) { - mac_learning_flush(ofproto->ml, &ofproto->backer->revalidate_set); + mac_learning_flush(ofproto->ml); } + ovs_rwlock_unlock(&ofproto->ml->rwlock); return 0; } @@ -3131,7 +2527,7 @@ is_mirror_output_bundle(const struct ofproto *ofproto_, void *aux) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); struct ofbundle *bundle = bundle_lookup(ofproto, aux); - return bundle && bundle->mirror_out != 0; + return bundle && mirror_bundle_out(ofproto->mbridge, bundle) != 0; } static void @@ -3146,26 +2542,21 @@ set_mac_table_config(struct ofproto *ofproto_, unsigned int idle_time, size_t max_entries) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); + ovs_rwlock_wrlock(&ofproto->ml->rwlock); mac_learning_set_idle_time(ofproto->ml, idle_time); mac_learning_set_max_entries(ofproto->ml, max_entries); + ovs_rwlock_unlock(&ofproto->ml->rwlock); } /* Ports. */ static struct ofport_dpif * -get_ofp_port(const struct ofproto_dpif *ofproto, uint16_t ofp_port) +get_ofp_port(const struct ofproto_dpif *ofproto, ofp_port_t ofp_port) { struct ofport *ofport = ofproto_get_port(&ofproto->up, ofp_port); return ofport ? ofport_dpif_cast(ofport) : NULL; } -static struct ofport_dpif * -get_odp_port(const struct ofproto_dpif *ofproto, uint32_t odp_port) -{ - struct ofport_dpif *port = odp_port_to_ofport(ofproto->backer, odp_port); - return port && &ofproto->up == port->up.ofproto ? port : NULL; -} - static void ofproto_port_from_dpif_port(struct ofproto_dpif *ofproto, struct ofproto_port *ofproto_port, @@ -3176,48 +2567,56 @@ ofproto_port_from_dpif_port(struct ofproto_dpif *ofproto, ofproto_port->ofp_port = odp_port_to_ofp_port(ofproto, dpif_port->port_no); } -static struct ofport_dpif * -ofport_get_peer(const struct ofport_dpif *ofport_dpif) +static void +ofport_update_peer(struct ofport_dpif *ofport) { const struct ofproto_dpif *ofproto; - const char *peer; + struct dpif_backer *backer; + char *peer_name; - peer = netdev_vport_patch_peer(ofport_dpif->up.netdev); - if (!peer) { - return NULL; + if (!netdev_vport_is_patch(ofport->up.netdev)) { + return; } - HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, &all_ofproto_dpifs) { - struct ofport *ofport; + backer = ofproto_dpif_cast(ofport->up.ofproto)->backer; + backer->need_revalidate = REV_RECONFIGURE; - ofport = shash_find_data(&ofproto->up.port_by_name, peer); - if (ofport && ofport->ofproto->ofproto_class == &ofproto_dpif_class) { - return ofport_dpif_cast(ofport); - } + if (ofport->peer) { + ofport->peer->peer = NULL; + ofport->peer = NULL; } - return NULL; -} - -static void -port_run_fast(struct ofport_dpif *ofport) -{ - if (ofport->cfm && cfm_should_send_ccm(ofport->cfm)) { - struct ofpbuf packet; - ofpbuf_init(&packet, 0); - cfm_compose_ccm(ofport->cfm, &packet, ofport->up.pp.hw_addr); - send_packet(ofport, &packet); - ofpbuf_uninit(&packet); + peer_name = netdev_vport_patch_peer(ofport->up.netdev); + if (!peer_name) { + return; } - if (ofport->bfd && bfd_should_send_packet(ofport->bfd)) { - struct ofpbuf packet; + HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, &all_ofproto_dpifs) { + struct ofport *peer_ofport; + struct ofport_dpif *peer; + char *peer_peer; - ofpbuf_init(&packet, 0); - bfd_put_packet(ofport->bfd, &packet, ofport->up.pp.hw_addr); - send_packet(ofport, &packet); - ofpbuf_uninit(&packet); + if (ofproto->backer != backer) { + continue; + } + + peer_ofport = shash_find_data(&ofproto->up.port_by_name, peer_name); + if (!peer_ofport) { + continue; + } + + peer = ofport_dpif_cast(peer_ofport); + peer_peer = netdev_vport_patch_peer(peer->up.netdev); + if (peer_peer && !strcmp(netdev_get_name(ofport->up.netdev), + peer_peer)) { + ofport->peer = peer; + ofport->peer->peer = ofport; + } + free(peer_peer); + + break; } + free(peer_name); } static void @@ -3226,31 +2625,27 @@ port_run(struct ofport_dpif *ofport) long long int carrier_seq = netdev_get_carrier_resets(ofport->up.netdev); bool carrier_changed = carrier_seq != ofport->carrier_seq; bool enable = netdev_get_carrier(ofport->up.netdev); + bool cfm_enable = false; + bool bfd_enable = false; ofport->carrier_seq = carrier_seq; - port_run_fast(ofport); - - if (ofport->tnl_port - && tnl_port_reconfigure(&ofport->up, ofport->odp_port, - &ofport->tnl_port)) { - ofproto_dpif_cast(ofport->up.ofproto)->backer->need_revalidate = true; - } - if (ofport->cfm) { int cfm_opup = cfm_get_opup(ofport->cfm); - cfm_run(ofport->cfm); - enable = enable && !cfm_get_fault(ofport->cfm); + cfm_enable = !cfm_get_fault(ofport->cfm); if (cfm_opup >= 0) { - enable = enable && cfm_opup; + cfm_enable = cfm_enable && cfm_opup; } } if (ofport->bfd) { - bfd_run(ofport->bfd); - enable = enable && bfd_forwarding(ofport->bfd); + bfd_enable = bfd_forwarding(ofport->bfd); + } + + if (ofport->bfd || ofport->cfm) { + enable = enable && (cfm_enable || bfd_enable); } if (ofport->bundle) { @@ -3262,27 +2657,12 @@ port_run(struct ofport_dpif *ofport) if (ofport->may_enable != enable) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofport->up.ofproto); - - if (ofproto->has_bundle_action) { - ofproto->backer->need_revalidate = REV_PORT_TOGGLED; - } + ofproto->backer->need_revalidate = REV_PORT_TOGGLED; } ofport->may_enable = enable; } -static void -port_wait(struct ofport_dpif *ofport) -{ - if (ofport->cfm) { - cfm_wait(ofport->cfm); - } - - if (ofport->bfd) { - bfd_wait(ofport->bfd); - } -} - static int port_query_by_name(const struct ofproto *ofproto_, const char *devname, struct ofproto_port *ofproto_port) @@ -3335,7 +2715,7 @@ port_add(struct ofproto *ofproto_, struct netdev *netdev) dp_port_name = netdev_vport_get_dpif_port(netdev, namebuf, sizeof namebuf); if (!dpif_port_exists(ofproto->backer->dpif, dp_port_name)) { - uint32_t port_no = UINT32_MAX; + odp_port_t port_no = ODPP_NONE; int error; error = dpif_port_add(ofproto->backer->dpif, netdev, &port_no); @@ -3343,7 +2723,8 @@ port_add(struct ofproto *ofproto_, struct netdev *netdev) return error; } if (netdev_get_tunnel_config(netdev)) { - simap_put(&ofproto->backer->tnl_backers, dp_port_name, port_no); + simap_put(&ofproto->backer->tnl_backers, + dp_port_name, odp_to_u32(port_no)); } } @@ -3356,7 +2737,7 @@ port_add(struct ofproto *ofproto_, struct netdev *netdev) } static int -port_del(struct ofproto *ofproto_, uint16_t ofp_port) +port_del(struct ofproto *ofproto_, ofp_port_t ofp_port) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); struct ofport_dpif *ofport = get_ofp_port(ofproto, ofp_port); @@ -3369,7 +2750,7 @@ port_del(struct ofproto *ofproto_, uint16_t ofp_port) sset_find_and_delete(&ofproto->ghost_ports, netdev_get_name(ofport->up.netdev)); ofproto->backer->need_revalidate = REV_RECONFIGURE; - if (!ofport->tnl_port) { + if (!ofport->is_tunnel && !netdev_vport_is_patch(ofport->up.netdev)) { error = dpif_port_del(ofproto->backer->dpif, ofport->odp_port); if (!error) { /* The caller is going to close ofport->up.netdev. If this is a @@ -3388,17 +2769,16 @@ port_get_stats(const struct ofport *ofport_, struct netdev_stats *stats) struct ofport_dpif *ofport = ofport_dpif_cast(ofport_); int error; - push_all_stats(); - error = netdev_get_stats(ofport->up.netdev, stats); if (!error && ofport_->ofp_port == OFPP_LOCAL) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofport->up.ofproto); + ovs_mutex_lock(&ofproto->stats_mutex); /* ofproto->stats.tx_packets represents packets that we created * internally and sent to some port (e.g. packets sent with - * send_packet()). Account for them as if they had come from - * OFPP_LOCAL and got forwarded. */ + * ofproto_dpif_send_packet()). Account for them as if they had + * come from OFPP_LOCAL and got forwarded. */ if (stats->rx_packets != UINT64_MAX) { stats->rx_packets += ofproto->stats.tx_packets; @@ -3419,6 +2799,7 @@ port_get_stats(const struct ofport *ofport_, struct netdev_stats *stats) if (stats->tx_bytes != UINT64_MAX) { stats->tx_bytes += ofproto->stats.rx_bytes; } + ovs_mutex_unlock(&ofproto->stats_mutex); } return error; @@ -3524,4186 +2905,478 @@ port_is_lacp_current(const struct ofport *ofport_) : -1); } -/* Upcall handling. */ +/* If 'rule' is an OpenFlow rule, that has expired according to OpenFlow rules, + * then delete it entirely. */ +static void +rule_expire(struct rule_dpif *rule) + OVS_REQUIRES(ofproto_mutex) +{ + uint16_t idle_timeout, hard_timeout; + long long int now = time_msec(); + int reason; -/* Flow miss batching. - * - * Some dpifs implement operations faster when you hand them off in a batch. - * To allow batching, "struct flow_miss" queues the dpif-related work needed - * for a given flow. Each "struct flow_miss" corresponds to sending one or - * more packets, plus possibly installing the flow in the dpif. - * - * So far we only batch the operations that affect flow setup time the most. - * It's possible to batch more than that, but the benefit might be minimal. */ -struct flow_miss { - struct hmap_node hmap_node; - struct ofproto_dpif *ofproto; - struct flow flow; - enum odp_key_fitness key_fitness; - const struct nlattr *key; - size_t key_len; - struct initial_vals initial_vals; - struct list packets; - enum dpif_upcall_type upcall_type; -}; + ovs_assert(!rule->up.pending); -struct flow_miss_op { - struct dpif_op dpif_op; + /* Has 'rule' expired? */ + ovs_mutex_lock(&rule->up.mutex); + hard_timeout = rule->up.hard_timeout; + idle_timeout = rule->up.idle_timeout; + if (hard_timeout && now > rule->up.modified + hard_timeout * 1000) { + reason = OFPRR_HARD_TIMEOUT; + } else if (idle_timeout && now > rule->up.used + idle_timeout * 1000) { + reason = OFPRR_IDLE_TIMEOUT; + } else { + reason = -1; + } + ovs_mutex_unlock(&rule->up.mutex); - uint64_t slow_stub[128 / 8]; /* Buffer for compose_slow_path() */ - struct xlate_out xout; - bool xout_garbage; /* 'xout' needs to be uninitialized? */ -}; + if (reason >= 0) { + COVERAGE_INC(ofproto_dpif_expired); + ofproto_rule_expire(&rule->up, reason); + } +} -/* Sends an OFPT_PACKET_IN message for 'packet' of type OFPR_NO_MATCH to each - * OpenFlow controller as necessary according to their individual - * configurations. */ -static void -send_packet_in_miss(struct ofproto_dpif *ofproto, const struct ofpbuf *packet, - const struct flow *flow) +/* Executes, within 'ofproto', the actions in 'rule' or 'ofpacts' on 'packet'. + * 'flow' must reflect the data in 'packet'. */ +int +ofproto_dpif_execute_actions(struct ofproto_dpif *ofproto, + const struct flow *flow, + struct rule_dpif *rule, + const struct ofpact *ofpacts, size_t ofpacts_len, + struct ofpbuf *packet) { - struct ofputil_packet_in pin; + struct dpif_flow_stats stats; + struct xlate_out xout; + struct xlate_in xin; + ofp_port_t in_port; + struct dpif_execute execute; + int error; + + ovs_assert((rule != NULL) != (ofpacts != NULL)); + + dpif_flow_stats_extract(flow, packet, time_msec(), &stats); + if (rule) { + rule_dpif_credit_stats(rule, &stats); + } - pin.packet = packet->data; - pin.packet_len = packet->size; - pin.reason = OFPR_NO_MATCH; - pin.controller_id = 0; + xlate_in_init(&xin, ofproto, flow, rule, stats.tcp_flags, packet); + xin.ofpacts = ofpacts; + xin.ofpacts_len = ofpacts_len; + xin.resubmit_stats = &stats; + xlate_actions(&xin, &xout); - pin.table_id = 0; - pin.cookie = 0; + in_port = flow->in_port.ofp_port; + if (in_port == OFPP_NONE) { + in_port = OFPP_LOCAL; + } + execute.actions = xout.odp_actions.data; + execute.actions_len = xout.odp_actions.size; + execute.packet = packet; + execute.md.tunnel = flow->tunnel; + execute.md.skb_priority = flow->skb_priority; + execute.md.pkt_mark = flow->pkt_mark; + execute.md.in_port = ofp_port_to_odp_port(ofproto, in_port); + execute.needs_help = (xout.slow & SLOW_ACTION) != 0; - pin.send_len = 0; /* not used for flow table misses */ + error = dpif_execute(ofproto->backer->dpif, &execute); - flow_get_metadata(flow, &pin.fmd); + xlate_out_uninit(&xout); - connmgr_send_packet_in(ofproto->up.connmgr, &pin); + return error; } -static enum slow_path_reason -process_special(struct ofproto_dpif *ofproto, const struct flow *flow, - const struct ofport_dpif *ofport, const struct ofpbuf *packet) +void +rule_dpif_credit_stats(struct rule_dpif *rule, + const struct dpif_flow_stats *stats) { - if (!ofport) { - return 0; - } else if (ofport->cfm && cfm_should_process_flow(ofport->cfm, flow)) { - if (packet) { - cfm_process_heartbeat(ofport->cfm, packet); - } - return SLOW_CFM; - } else if (ofport->bfd && bfd_should_process_flow(flow)) { - if (packet) { - bfd_process_packet(ofport->bfd, flow, packet); - } - return SLOW_BFD; - } else if (ofport->bundle && ofport->bundle->lacp - && flow->dl_type == htons(ETH_TYPE_LACP)) { - if (packet) { - lacp_process_packet(ofport->bundle->lacp, ofport, packet); - } - return SLOW_LACP; - } else if (ofproto->stp && stp_should_process_flow(flow)) { - if (packet) { - stp_process_packet(ofport, packet); - } - return SLOW_STP; - } else { - return 0; - } + ovs_mutex_lock(&rule->stats_mutex); + rule->packet_count += stats->n_packets; + rule->byte_count += stats->n_bytes; + rule->up.used = MAX(rule->up.used, stats->used); + ovs_mutex_unlock(&rule->stats_mutex); } -static struct flow_miss * -flow_miss_find(struct hmap *todo, const struct ofproto_dpif *ofproto, - const struct flow *flow, uint32_t hash) +bool +rule_dpif_is_fail_open(const struct rule_dpif *rule) { - struct flow_miss *miss; - - HMAP_FOR_EACH_WITH_HASH (miss, hmap_node, hash, todo) { - if (miss->ofproto == ofproto && flow_equal(&miss->flow, flow)) { - return miss; - } - } - - return NULL; + return is_fail_open_rule(&rule->up); } -/* Partially Initializes 'op' as an "execute" operation for 'miss' and - * 'packet'. The caller must initialize op->actions and op->actions_len. If - * 'miss' is associated with a subfacet the caller must also initialize the - * returned op->subfacet, and if anything needs to be freed after processing - * the op, the caller must initialize op->garbage also. */ -static void -init_flow_miss_execute_op(struct flow_miss *miss, struct ofpbuf *packet, - struct flow_miss_op *op) +bool +rule_dpif_is_table_miss(const struct rule_dpif *rule) { - if (miss->flow.vlan_tci != miss->initial_vals.vlan_tci) { - /* This packet was received on a VLAN splinter port. We - * added a VLAN to the packet to make the packet resemble - * the flow, but the actions were composed assuming that - * the packet contained no VLAN. So, we must remove the - * VLAN header from the packet before trying to execute the - * actions. */ - eth_pop_vlan(packet); - } - - op->xout_garbage = false; - op->dpif_op.type = DPIF_OP_EXECUTE; - op->dpif_op.u.execute.key = miss->key; - op->dpif_op.u.execute.key_len = miss->key_len; - op->dpif_op.u.execute.packet = packet; + return rule_is_table_miss(&rule->up); } -/* Helper for handle_flow_miss_without_facet() and - * handle_flow_miss_with_facet(). */ -static void -handle_flow_miss_common(struct rule_dpif *rule, - struct ofpbuf *packet, const struct flow *flow) +ovs_be64 +rule_dpif_get_flow_cookie(const struct rule_dpif *rule) + OVS_REQUIRES(rule->up.mutex) { - struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); - - if (rule->up.cr.priority == FAIL_OPEN_PRIORITY) { - /* - * Extra-special case for fail-open mode. - * - * We are in fail-open mode and the packet matched the fail-open - * rule, but we are connected to a controller too. We should send - * the packet up to the controller in the hope that it will try to - * set up a flow and thereby allow us to exit fail-open. - * - * See the top-level comment in fail-open.c for more information. - */ - send_packet_in_miss(ofproto, packet, flow); - } + return rule->up.flow_cookie; } -/* Figures out whether a flow that missed in 'ofproto', whose details are in - * 'miss', is likely to be worth tracking in detail in userspace and (usually) - * installing a datapath flow. The answer is usually "yes" (a return value of - * true). However, for short flows the cost of bookkeeping is much higher than - * the benefits, so when the datapath holds a large number of flows we impose - * some heuristics to decide which flows are likely to be worth tracking. */ -static bool -flow_miss_should_make_facet(struct flow_miss *miss, uint32_t hash) +void +rule_dpif_reduce_timeouts(struct rule_dpif *rule, uint16_t idle_timeout, + uint16_t hard_timeout) { - struct dpif_backer *backer = miss->ofproto->backer; + ofproto_rule_reduce_timeouts(&rule->up, idle_timeout, hard_timeout); +} - if (!backer->governor) { - size_t n_subfacets; +/* Returns 'rule''s actions. The caller owns a reference on the returned + * actions and must eventually release it (with rule_actions_unref()) to avoid + * a memory leak. */ +struct rule_actions * +rule_dpif_get_actions(const struct rule_dpif *rule) +{ + return rule_get_actions(&rule->up); +} - n_subfacets = hmap_count(&backer->subfacets); - if (n_subfacets * 2 <= flow_eviction_threshold) { - return true; - } +/* Lookup 'flow' in 'ofproto''s classifier. If 'wc' is non-null, sets + * the fields that were relevant as part of the lookup. */ +void +rule_dpif_lookup(struct ofproto_dpif *ofproto, const struct flow *flow, + struct flow_wildcards *wc, struct rule_dpif **rule) +{ + struct ofport_dpif *port; - backer->governor = governor_create(); + if (rule_dpif_lookup_in_table(ofproto, flow, wc, 0, rule)) { + return; + } + port = get_ofp_port(ofproto, flow->in_port.ofp_port); + if (!port) { + VLOG_WARN_RL(&rl, "packet-in on unknown OpenFlow port %"PRIu16, + flow->in_port.ofp_port); } - return governor_should_install_flow(backer->governor, hash, - list_size(&miss->packets)); + choose_miss_rule(port ? port->up.pp.config : 0, ofproto->miss_rule, + ofproto->no_packet_in_rule, rule); } -/* Handles 'miss', which matches 'rule', without creating a facet or subfacet - * or creating any datapath flow. May add an "execute" operation to 'ops' and - * increment '*n_ops'. */ -static void -handle_flow_miss_without_facet(struct flow_miss *miss, - struct flow_miss_op *ops, size_t *n_ops) +bool +rule_dpif_lookup_in_table(struct ofproto_dpif *ofproto, + const struct flow *flow, struct flow_wildcards *wc, + uint8_t table_id, struct rule_dpif **rule) { - struct rule_dpif *rule = rule_dpif_lookup(miss->ofproto, &miss->flow); - long long int now = time_msec(); - struct ofpbuf *packet; - struct xlate_in xin; + const struct cls_rule *cls_rule; + struct classifier *cls; + bool frag; - LIST_FOR_EACH (packet, list_node, &miss->packets) { - struct flow_miss_op *op = &ops[*n_ops]; - struct dpif_flow_stats stats; + *rule = NULL; + if (table_id >= N_TABLES) { + return false; + } - COVERAGE_INC(facet_suppress); + if (wc) { + memset(&wc->masks.dl_type, 0xff, sizeof wc->masks.dl_type); + if (is_ip_any(flow)) { + wc->masks.nw_frag |= FLOW_NW_FRAG_MASK; + } + } - handle_flow_miss_common(rule, packet, &miss->flow); + cls = &ofproto->up.tables[table_id].cls; + fat_rwlock_rdlock(&cls->rwlock); + frag = (flow->nw_frag & FLOW_NW_FRAG_ANY) != 0; + if (frag && ofproto->up.frag_handling == OFPC_FRAG_NORMAL) { + /* We must pretend that transport ports are unavailable. */ + struct flow ofpc_normal_flow = *flow; + ofpc_normal_flow.tp_src = htons(0); + ofpc_normal_flow.tp_dst = htons(0); + cls_rule = classifier_lookup(cls, &ofpc_normal_flow, wc); + } else if (frag && ofproto->up.frag_handling == OFPC_FRAG_DROP) { + cls_rule = &ofproto->drop_frags_rule->up.cr; + /* Frag mask in wc already set above. */ + } else { + cls_rule = classifier_lookup(cls, flow, wc); + } - dpif_flow_stats_extract(&miss->flow, packet, now, &stats); - rule_credit_stats(rule, &stats); + *rule = rule_dpif_cast(rule_from_cls_rule(cls_rule)); + rule_dpif_ref(*rule); + fat_rwlock_unlock(&cls->rwlock); - xlate_in_init(&xin, miss->ofproto, &miss->flow, &miss->initial_vals, - rule, stats.tcp_flags, packet); - xin.resubmit_stats = &stats; - xlate_actions(&xin, &op->xout); + return *rule != NULL; +} - if (op->xout.odp_actions.size) { - struct dpif_execute *execute = &op->dpif_op.u.execute; +/* Given a port configuration (specified as zero if there's no port), chooses + * which of 'miss_rule' and 'no_packet_in_rule' should be used in case of a + * flow table miss. */ +void +choose_miss_rule(enum ofputil_port_config config, struct rule_dpif *miss_rule, + struct rule_dpif *no_packet_in_rule, struct rule_dpif **rule) +{ + *rule = config & OFPUTIL_PC_NO_PACKET_IN ? no_packet_in_rule : miss_rule; + rule_dpif_ref(*rule); +} - init_flow_miss_execute_op(miss, packet, op); - execute->actions = op->xout.odp_actions.data; - execute->actions_len = op->xout.odp_actions.size; - op->xout_garbage = true; +void +rule_dpif_ref(struct rule_dpif *rule) +{ + if (rule) { + ofproto_rule_ref(&rule->up); + } +} - (*n_ops)++; - } else { - xlate_out_uninit(&op->xout); - } +void +rule_dpif_unref(struct rule_dpif *rule) +{ + if (rule) { + ofproto_rule_unref(&rule->up); } } -/* Handles 'miss', which matches 'facet'. May add any required datapath - * operations to 'ops', incrementing '*n_ops' for each new op. - * - * All of the packets in 'miss' are considered to have arrived at time 'now'. - * This is really important only for new facets: if we just called time_msec() - * here, then the new subfacet or its packets could look (occasionally) as - * though it was used some time after the facet was used. That can make a - * one-packet flow look like it has a nonzero duration, which looks odd in - * e.g. NetFlow statistics. */ static void -handle_flow_miss_with_facet(struct flow_miss *miss, struct facet *facet, - long long int now, - struct flow_miss_op *ops, size_t *n_ops) +complete_operation(struct rule_dpif *rule) + OVS_REQUIRES(ofproto_mutex) { - struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); - enum subfacet_path want_path; - struct subfacet *subfacet; - struct ofpbuf *packet; - - subfacet = subfacet_create(facet, miss, now); - want_path = subfacet->facet->xout.slow ? SF_SLOW_PATH : SF_FAST_PATH; - - LIST_FOR_EACH (packet, list_node, &miss->packets) { - struct flow_miss_op *op = &ops[*n_ops]; - struct dpif_flow_stats stats; + struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); - handle_flow_miss_common(facet->rule, packet, &miss->flow); + ofproto->backer->need_revalidate = REV_FLOW_TABLE; + ofoperation_complete(rule->up.pending, 0); +} - if (want_path != SF_FAST_PATH) { - struct xlate_in xin; +static struct rule_dpif *rule_dpif_cast(const struct rule *rule) +{ + return rule ? CONTAINER_OF(rule, struct rule_dpif, up) : NULL; +} - xlate_in_init(&xin, ofproto, &facet->flow, &facet->initial_vals, - facet->rule, 0, packet); - xlate_actions_for_side_effects(&xin); - } - - dpif_flow_stats_extract(&facet->flow, packet, now, &stats); - subfacet_update_stats(subfacet, &stats); - - if (facet->xout.odp_actions.size) { - struct dpif_execute *execute = &op->dpif_op.u.execute; - - init_flow_miss_execute_op(miss, packet, op); - execute->actions = facet->xout.odp_actions.data, - execute->actions_len = facet->xout.odp_actions.size; - (*n_ops)++; - } - } - - if (miss->upcall_type == DPIF_UC_MISS || subfacet->path != want_path) { - struct flow_miss_op *op = &ops[(*n_ops)++]; - struct dpif_flow_put *put = &op->dpif_op.u.flow_put; - - subfacet->path = want_path; - - op->xout_garbage = false; - op->dpif_op.type = DPIF_OP_FLOW_PUT; - put->flags = DPIF_FP_CREATE | DPIF_FP_MODIFY; - put->key = miss->key; - put->key_len = miss->key_len; - if (want_path == SF_FAST_PATH) { - put->actions = facet->xout.odp_actions.data; - put->actions_len = facet->xout.odp_actions.size; - } else { - compose_slow_path(ofproto, &facet->flow, facet->xout.slow, - op->slow_stub, sizeof op->slow_stub, - &put->actions, &put->actions_len); - } - put->stats = NULL; - } -} - -/* Handles flow miss 'miss'. May add any required datapath operations - * to 'ops', incrementing '*n_ops' for each new op. */ -static void -handle_flow_miss(struct flow_miss *miss, struct flow_miss_op *ops, - size_t *n_ops) -{ - struct ofproto_dpif *ofproto = miss->ofproto; - struct facet *facet; - long long int now; - uint32_t hash; - - /* The caller must ensure that miss->hmap_node.hash contains - * flow_hash(miss->flow, 0). */ - hash = miss->hmap_node.hash; - - facet = facet_lookup_valid(ofproto, &miss->flow, hash); - if (!facet) { - /* There does not exist a bijection between 'struct flow' and datapath - * flow keys with fitness ODP_FIT_TO_LITTLE. This breaks a fundamental - * assumption used throughout the facet and subfacet handling code. - * Since we have to handle these misses in userspace anyway, we simply - * skip facet creation, avoiding the problem altogether. */ - if (miss->key_fitness == ODP_FIT_TOO_LITTLE - || !flow_miss_should_make_facet(miss, hash)) { - handle_flow_miss_without_facet(miss, ops, n_ops); - return; - } - - facet = facet_create(miss, hash); - now = facet->used; - } else { - now = time_msec(); - } - handle_flow_miss_with_facet(miss, facet, now, ops, n_ops); -} - -static struct drop_key * -drop_key_lookup(const struct dpif_backer *backer, const struct nlattr *key, - size_t key_len) -{ - struct drop_key *drop_key; - - HMAP_FOR_EACH_WITH_HASH (drop_key, hmap_node, hash_bytes(key, key_len, 0), - &backer->drop_keys) { - if (drop_key->key_len == key_len - && !memcmp(drop_key->key, key, key_len)) { - return drop_key; - } - } - return NULL; -} - -static void -drop_key_clear(struct dpif_backer *backer) -{ - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 15); - struct drop_key *drop_key, *next; - - HMAP_FOR_EACH_SAFE (drop_key, next, hmap_node, &backer->drop_keys) { - int error; - - error = dpif_flow_del(backer->dpif, drop_key->key, drop_key->key_len, - NULL); - if (error && !VLOG_DROP_WARN(&rl)) { - struct ds ds = DS_EMPTY_INITIALIZER; - odp_flow_key_format(drop_key->key, drop_key->key_len, &ds); - VLOG_WARN("Failed to delete drop key (%s) (%s)", strerror(error), - ds_cstr(&ds)); - ds_destroy(&ds); - } - - hmap_remove(&backer->drop_keys, &drop_key->hmap_node); - free(drop_key->key); - free(drop_key); - } -} - -/* Given a datpath, packet, and flow metadata ('backer', 'packet', and 'key' - * respectively), populates 'flow' with the result of odp_flow_key_to_flow(). - * Optionally, if nonnull, populates 'fitnessp' with the fitness of 'flow' as - * returned by odp_flow_key_to_flow(). Also, optionally populates 'ofproto' - * with the ofproto_dpif, and 'odp_in_port' with the datapath in_port, that - * 'packet' ingressed. - * - * If 'ofproto' is nonnull, requires 'flow''s in_port to exist. Otherwise sets - * 'flow''s in_port to OFPP_NONE. - * - * This function does post-processing on data returned from - * odp_flow_key_to_flow() to help make VLAN splinters transparent to the rest - * of the upcall processing logic. In particular, if the extracted in_port is - * a VLAN splinter port, it replaces flow->in_port by the "real" port, sets - * flow->vlan_tci correctly for the VLAN of the VLAN splinter port, and pushes - * a VLAN header onto 'packet' (if it is nonnull). - * - * Optionally, if 'initial_vals' is nonnull, sets 'initial_vals->vlan_tci' - * to the VLAN TCI with which the packet was really received, that is, the - * actual VLAN TCI extracted by odp_flow_key_to_flow(). (This differs from - * the value returned in flow->vlan_tci only for packets received on - * VLAN splinters.) - * - * Similarly, this function also includes some logic to help with tunnels. It - * may modify 'flow' as necessary to make the tunneling implementation - * transparent to the upcall processing logic. - * - * Returns 0 if successful, ENODEV if the parsed flow has no associated ofport, - * or some other positive errno if there are other problems. */ -static int -ofproto_receive(const struct dpif_backer *backer, struct ofpbuf *packet, - const struct nlattr *key, size_t key_len, - struct flow *flow, enum odp_key_fitness *fitnessp, - struct ofproto_dpif **ofproto, uint32_t *odp_in_port, - struct initial_vals *initial_vals) -{ - const struct ofport_dpif *port; - enum odp_key_fitness fitness; - int error = ENODEV; - - fitness = odp_flow_key_to_flow(key, key_len, flow); - if (fitness == ODP_FIT_ERROR) { - error = EINVAL; - goto exit; - } - - if (initial_vals) { - initial_vals->vlan_tci = flow->vlan_tci; - } - - if (odp_in_port) { - *odp_in_port = flow->in_port; - } - - port = (tnl_port_should_receive(flow) - ? ofport_dpif_cast(tnl_port_receive(flow)) - : odp_port_to_ofport(backer, flow->in_port)); - flow->in_port = port ? port->up.ofp_port : OFPP_NONE; - if (!port) { - goto exit; - } - - /* XXX: Since the tunnel module is not scoped per backer, for a tunnel port - * it's theoretically possible that we'll receive an ofport belonging to an - * entirely different datapath. In practice, this can't happen because no - * platforms has two separate datapaths which each support tunneling. */ - ovs_assert(ofproto_dpif_cast(port->up.ofproto)->backer == backer); - - if (vsp_adjust_flow(ofproto_dpif_cast(port->up.ofproto), flow)) { - if (packet) { - /* Make the packet resemble the flow, so that it gets sent to - * an OpenFlow controller properly, so that it looks correct - * for sFlow, and so that flow_extract() will get the correct - * vlan_tci if it is called on 'packet'. - * - * The allocated space inside 'packet' probably also contains - * 'key', that is, both 'packet' and 'key' are probably part of - * a struct dpif_upcall (see the large comment on that - * structure definition), so pushing data on 'packet' is in - * general not a good idea since it could overwrite 'key' or - * free it as a side effect. However, it's OK in this special - * case because we know that 'packet' is inside a Netlink - * attribute: pushing 4 bytes will just overwrite the 4-byte - * "struct nlattr", which is fine since we don't need that - * header anymore. */ - eth_push_vlan(packet, flow->vlan_tci); - } - /* We can't reproduce 'key' from 'flow'. */ - fitness = fitness == ODP_FIT_PERFECT ? ODP_FIT_TOO_MUCH : fitness; - } - error = 0; - - if (ofproto) { - *ofproto = ofproto_dpif_cast(port->up.ofproto); - } - -exit: - if (fitnessp) { - *fitnessp = fitness; - } - return error; -} - -static void -handle_miss_upcalls(struct dpif_backer *backer, struct dpif_upcall *upcalls, - size_t n_upcalls) -{ - struct dpif_upcall *upcall; - struct flow_miss *miss; - struct flow_miss misses[FLOW_MISS_MAX_BATCH]; - struct flow_miss_op flow_miss_ops[FLOW_MISS_MAX_BATCH * 2]; - struct dpif_op *dpif_ops[FLOW_MISS_MAX_BATCH * 2]; - struct hmap todo; - int n_misses; - size_t n_ops; - size_t i; - - if (!n_upcalls) { - return; - } - - /* Construct the to-do list. - * - * This just amounts to extracting the flow from each packet and sticking - * the packets that have the same flow in the same "flow_miss" structure so - * that we can process them together. */ - hmap_init(&todo); - n_misses = 0; - for (upcall = upcalls; upcall < &upcalls[n_upcalls]; upcall++) { - struct flow_miss *miss = &misses[n_misses]; - struct flow_miss *existing_miss; - struct ofproto_dpif *ofproto; - uint32_t odp_in_port; - struct flow flow; - uint32_t hash; - int error; - - error = ofproto_receive(backer, upcall->packet, upcall->key, - upcall->key_len, &flow, &miss->key_fitness, - &ofproto, &odp_in_port, &miss->initial_vals); - if (error == ENODEV) { - struct drop_key *drop_key; - - /* Received packet on datapath port for which we couldn't - * associate an ofproto. This can happen if a port is removed - * while traffic is being received. Print a rate-limited message - * in case it happens frequently. Install a drop flow so - * that future packets of the flow are inexpensively dropped - * in the kernel. */ - VLOG_INFO_RL(&rl, "received packet on unassociated datapath port " - "%"PRIu32, odp_in_port); - - drop_key = drop_key_lookup(backer, upcall->key, upcall->key_len); - if (!drop_key) { - drop_key = xmalloc(sizeof *drop_key); - drop_key->key = xmemdup(upcall->key, upcall->key_len); - drop_key->key_len = upcall->key_len; - - hmap_insert(&backer->drop_keys, &drop_key->hmap_node, - hash_bytes(drop_key->key, drop_key->key_len, 0)); - dpif_flow_put(backer->dpif, DPIF_FP_CREATE | DPIF_FP_MODIFY, - drop_key->key, drop_key->key_len, NULL, 0, NULL); - } - continue; - } - if (error) { - continue; - } - - ofproto->n_missed++; - flow_extract(upcall->packet, flow.skb_priority, flow.skb_mark, - &flow.tunnel, flow.in_port, &miss->flow); - - /* Add other packets to a to-do list. */ - hash = flow_hash(&miss->flow, 0); - existing_miss = flow_miss_find(&todo, ofproto, &miss->flow, hash); - if (!existing_miss) { - hmap_insert(&todo, &miss->hmap_node, hash); - miss->ofproto = ofproto; - miss->key = upcall->key; - miss->key_len = upcall->key_len; - miss->upcall_type = upcall->type; - list_init(&miss->packets); - - n_misses++; - } else { - miss = existing_miss; - } - list_push_back(&miss->packets, &upcall->packet->list_node); - } - - /* Process each element in the to-do list, constructing the set of - * operations to batch. */ - n_ops = 0; - HMAP_FOR_EACH (miss, hmap_node, &todo) { - handle_flow_miss(miss, flow_miss_ops, &n_ops); - } - ovs_assert(n_ops <= ARRAY_SIZE(flow_miss_ops)); - - /* Execute batch. */ - for (i = 0; i < n_ops; i++) { - dpif_ops[i] = &flow_miss_ops[i].dpif_op; - } - dpif_operate(backer->dpif, dpif_ops, n_ops); - - /* Free memory. */ - for (i = 0; i < n_ops; i++) { - if (flow_miss_ops[i].xout_garbage) { - xlate_out_uninit(&flow_miss_ops[i].xout); - } - } - hmap_destroy(&todo); -} - -static enum { SFLOW_UPCALL, MISS_UPCALL, BAD_UPCALL, FLOW_SAMPLE_UPCALL, - IPFIX_UPCALL } -classify_upcall(const struct dpif_upcall *upcall) -{ - size_t userdata_len; - union user_action_cookie cookie; - - /* First look at the upcall type. */ - switch (upcall->type) { - case DPIF_UC_ACTION: - break; - - case DPIF_UC_MISS: - return MISS_UPCALL; - - case DPIF_N_UC_TYPES: - default: - VLOG_WARN_RL(&rl, "upcall has unexpected type %"PRIu32, upcall->type); - return BAD_UPCALL; - } - - /* "action" upcalls need a closer look. */ - if (!upcall->userdata) { - VLOG_WARN_RL(&rl, "action upcall missing cookie"); - return BAD_UPCALL; - } - userdata_len = nl_attr_get_size(upcall->userdata); - if (userdata_len < sizeof cookie.type - || userdata_len > sizeof cookie) { - VLOG_WARN_RL(&rl, "action upcall cookie has unexpected size %zu", - userdata_len); - return BAD_UPCALL; - } - memset(&cookie, 0, sizeof cookie); - memcpy(&cookie, nl_attr_get(upcall->userdata), userdata_len); - if (userdata_len == sizeof cookie.sflow - && cookie.type == USER_ACTION_COOKIE_SFLOW) { - return SFLOW_UPCALL; - } else if (userdata_len == sizeof cookie.slow_path - && cookie.type == USER_ACTION_COOKIE_SLOW_PATH) { - return MISS_UPCALL; - } else if (userdata_len == sizeof cookie.flow_sample - && cookie.type == USER_ACTION_COOKIE_FLOW_SAMPLE) { - return FLOW_SAMPLE_UPCALL; - } else if (userdata_len == sizeof cookie.ipfix - && cookie.type == USER_ACTION_COOKIE_IPFIX) { - return IPFIX_UPCALL; - } else { - VLOG_WARN_RL(&rl, "invalid user cookie of type %"PRIu16 - " and size %zu", cookie.type, userdata_len); - return BAD_UPCALL; - } -} - -static void -handle_sflow_upcall(struct dpif_backer *backer, - const struct dpif_upcall *upcall) -{ - struct ofproto_dpif *ofproto; - union user_action_cookie cookie; - struct flow flow; - uint32_t odp_in_port; - - if (ofproto_receive(backer, upcall->packet, upcall->key, upcall->key_len, - &flow, NULL, &ofproto, &odp_in_port, NULL) - || !ofproto->sflow) { - return; - } - - memset(&cookie, 0, sizeof cookie); - memcpy(&cookie, nl_attr_get(upcall->userdata), sizeof cookie.sflow); - dpif_sflow_received(ofproto->sflow, upcall->packet, &flow, - odp_in_port, &cookie); -} - -static void -handle_flow_sample_upcall(struct dpif_backer *backer, - const struct dpif_upcall *upcall) -{ - struct ofproto_dpif *ofproto; - union user_action_cookie cookie; - struct flow flow; - - if (ofproto_receive(backer, upcall->packet, upcall->key, upcall->key_len, - &flow, NULL, &ofproto, NULL, NULL) - || !ofproto->ipfix) { - return; - } - - memset(&cookie, 0, sizeof cookie); - memcpy(&cookie, nl_attr_get(upcall->userdata), sizeof cookie.flow_sample); - - /* The flow reflects exactly the contents of the packet. Sample - * the packet using it. */ - dpif_ipfix_flow_sample(ofproto->ipfix, upcall->packet, &flow, - cookie.flow_sample.collector_set_id, - cookie.flow_sample.probability, - cookie.flow_sample.obs_domain_id, - cookie.flow_sample.obs_point_id); -} - -static void -handle_ipfix_upcall(struct dpif_backer *backer, - const struct dpif_upcall *upcall) -{ - struct ofproto_dpif *ofproto; - struct flow flow; - - if (ofproto_receive(backer, upcall->packet, upcall->key, upcall->key_len, - &flow, NULL, &ofproto, NULL, NULL) - || !ofproto->ipfix) { - return; - } - - /* The flow reflects exactly the contents of the packet. Sample - * the packet using it. */ - dpif_ipfix_bridge_sample(ofproto->ipfix, upcall->packet, &flow); -} - -static int -handle_upcalls(struct dpif_backer *backer, unsigned int max_batch) -{ - struct dpif_upcall misses[FLOW_MISS_MAX_BATCH]; - struct ofpbuf miss_bufs[FLOW_MISS_MAX_BATCH]; - uint64_t miss_buf_stubs[FLOW_MISS_MAX_BATCH][4096 / 8]; - int n_processed; - int n_misses; - int i; - - ovs_assert(max_batch <= FLOW_MISS_MAX_BATCH); - - n_misses = 0; - for (n_processed = 0; n_processed < max_batch; n_processed++) { - struct dpif_upcall *upcall = &misses[n_misses]; - struct ofpbuf *buf = &miss_bufs[n_misses]; - int error; - - ofpbuf_use_stub(buf, miss_buf_stubs[n_misses], - sizeof miss_buf_stubs[n_misses]); - error = dpif_recv(backer->dpif, upcall, buf); - if (error) { - ofpbuf_uninit(buf); - break; - } - - switch (classify_upcall(upcall)) { - case MISS_UPCALL: - /* Handle it later. */ - n_misses++; - break; - - case SFLOW_UPCALL: - handle_sflow_upcall(backer, upcall); - ofpbuf_uninit(buf); - break; - - case FLOW_SAMPLE_UPCALL: - handle_flow_sample_upcall(backer, upcall); - ofpbuf_uninit(buf); - break; - - case IPFIX_UPCALL: - handle_ipfix_upcall(backer, upcall); - ofpbuf_uninit(buf); - break; - - case BAD_UPCALL: - ofpbuf_uninit(buf); - break; - } - } - - /* Handle deferred MISS_UPCALL processing. */ - handle_miss_upcalls(backer, misses, n_misses); - for (i = 0; i < n_misses; i++) { - ofpbuf_uninit(&miss_bufs[i]); - } - - return n_processed; -} - -/* Flow expiration. */ - -static int subfacet_max_idle(const struct dpif_backer *); -static void update_stats(struct dpif_backer *); -static void rule_expire(struct rule_dpif *); -static void expire_subfacets(struct dpif_backer *, int dp_max_idle); - -/* This function is called periodically by run(). Its job is to collect - * updates for the flows that have been installed into the datapath, most - * importantly when they last were used, and then use that information to - * expire flows that have not been used recently. - * - * Returns the number of milliseconds after which it should be called again. */ -static int -expire(struct dpif_backer *backer) -{ - struct ofproto_dpif *ofproto; - size_t n_subfacets; - int max_idle; - - /* Periodically clear out the drop keys in an effort to keep them - * relatively few. */ - drop_key_clear(backer); - - /* Update stats for each flow in the backer. */ - update_stats(backer); - - n_subfacets = hmap_count(&backer->subfacets); - if (n_subfacets) { - struct subfacet *subfacet; - long long int total, now; - - total = 0; - now = time_msec(); - HMAP_FOR_EACH (subfacet, hmap_node, &backer->subfacets) { - total += now - subfacet->created; - } - backer->avg_subfacet_life += total / n_subfacets; - } - backer->avg_subfacet_life /= 2; - - backer->avg_n_subfacet += n_subfacets; - backer->avg_n_subfacet /= 2; - - backer->max_n_subfacet = MAX(backer->max_n_subfacet, n_subfacets); - - max_idle = subfacet_max_idle(backer); - expire_subfacets(backer, max_idle); - - HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, &all_ofproto_dpifs) { - struct rule *rule, *next_rule; - - if (ofproto->backer != backer) { - continue; - } - - /* Expire OpenFlow flows whose idle_timeout or hard_timeout - * has passed. */ - LIST_FOR_EACH_SAFE (rule, next_rule, expirable, - &ofproto->up.expirable) { - rule_expire(rule_dpif_cast(rule)); - } - - /* All outstanding data in existing flows has been accounted, so it's a - * good time to do bond rebalancing. */ - if (ofproto->has_bonded_bundles) { - struct ofbundle *bundle; - - HMAP_FOR_EACH (bundle, hmap_node, &ofproto->bundles) { - if (bundle->bond) { - bond_rebalance(bundle->bond, &backer->revalidate_set); - } - } - } - } - - return MIN(max_idle, 1000); -} - -/* Updates flow table statistics given that the datapath just reported 'stats' - * as 'subfacet''s statistics. */ -static void -update_subfacet_stats(struct subfacet *subfacet, - const struct dpif_flow_stats *stats) -{ - struct facet *facet = subfacet->facet; - struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); - struct dpif_flow_stats diff; - - diff.tcp_flags = stats->tcp_flags; - diff.used = stats->used; - - if (stats->n_packets >= subfacet->dp_packet_count) { - diff.n_packets = stats->n_packets - subfacet->dp_packet_count; - } else { - VLOG_WARN_RL(&rl, "unexpected packet count from the datapath"); - diff.n_packets = 0; - } - - if (stats->n_bytes >= subfacet->dp_byte_count) { - diff.n_bytes = stats->n_bytes - subfacet->dp_byte_count; - } else { - VLOG_WARN_RL(&rl, "unexpected byte count from datapath"); - diff.n_bytes = 0; - } - - ofproto->n_hit += diff.n_packets; - subfacet->dp_packet_count = stats->n_packets; - subfacet->dp_byte_count = stats->n_bytes; - subfacet_update_stats(subfacet, &diff); - - if (facet->accounted_bytes < facet->byte_count) { - facet_learn(facet); - facet_account(facet); - facet->accounted_bytes = facet->byte_count; - } -} - -/* 'key' with length 'key_len' bytes is a flow in 'dpif' that we know nothing - * about, or a flow that shouldn't be installed but was anyway. Delete it. */ -static void -delete_unexpected_flow(struct dpif_backer *backer, - const struct nlattr *key, size_t key_len) -{ - if (!VLOG_DROP_WARN(&rl)) { - struct ds s; - - ds_init(&s); - odp_flow_key_format(key, key_len, &s); - VLOG_WARN("unexpected flow: %s", ds_cstr(&s)); - ds_destroy(&s); - } - - COVERAGE_INC(facet_unexpected); - dpif_flow_del(backer->dpif, key, key_len, NULL); -} - -/* Update 'packet_count', 'byte_count', and 'used' members of installed facets. - * - * This function also pushes statistics updates to rules which each facet - * resubmits into. Generally these statistics will be accurate. However, if a - * facet changes the rule it resubmits into at some time in between - * update_stats() runs, it is possible that statistics accrued to the - * old rule will be incorrectly attributed to the new rule. This could be - * avoided by calling update_stats() whenever rules are created or - * deleted. However, the performance impact of making so many calls to the - * datapath do not justify the benefit of having perfectly accurate statistics. - * - * In addition, this function maintains per ofproto flow hit counts. The patch - * port is not treated specially. e.g. A packet ingress from br0 patched into - * br1 will increase the hit count of br0 by 1, however, does not affect - * the hit or miss counts of br1. - */ -static void -update_stats(struct dpif_backer *backer) -{ - const struct dpif_flow_stats *stats; - struct dpif_flow_dump dump; - const struct nlattr *key; - size_t key_len; - - dpif_flow_dump_start(&dump, backer->dpif); - while (dpif_flow_dump_next(&dump, &key, &key_len, NULL, NULL, &stats)) { - struct subfacet *subfacet; - uint32_t key_hash; - - key_hash = odp_flow_key_hash(key, key_len); - subfacet = subfacet_find(backer, key, key_len, key_hash); - switch (subfacet ? subfacet->path : SF_NOT_INSTALLED) { - case SF_FAST_PATH: - update_subfacet_stats(subfacet, stats); - break; - - case SF_SLOW_PATH: - /* Stats are updated per-packet. */ - break; - - case SF_NOT_INSTALLED: - default: - delete_unexpected_flow(backer, key, key_len); - break; - } - run_fast_rl(); - } - dpif_flow_dump_done(&dump); - - update_moving_averages(backer); -} - -/* Calculates and returns the number of milliseconds of idle time after which - * subfacets should expire from the datapath. When a subfacet expires, we fold - * its statistics into its facet, and when a facet's last subfacet expires, we - * fold its statistic into its rule. */ -static int -subfacet_max_idle(const struct dpif_backer *backer) -{ - /* - * Idle time histogram. - * - * Most of the time a switch has a relatively small number of subfacets. - * When this is the case we might as well keep statistics for all of them - * in userspace and to cache them in the kernel datapath for performance as - * well. - * - * As the number of subfacets increases, the memory required to maintain - * statistics about them in userspace and in the kernel becomes - * significant. However, with a large number of subfacets it is likely - * that only a few of them are "heavy hitters" that consume a large amount - * of bandwidth. At this point, only heavy hitters are worth caching in - * the kernel and maintaining in userspaces; other subfacets we can - * discard. - * - * The technique used to compute the idle time is to build a histogram with - * N_BUCKETS buckets whose width is BUCKET_WIDTH msecs each. Each subfacet - * that is installed in the kernel gets dropped in the appropriate bucket. - * After the histogram has been built, we compute the cutoff so that only - * the most-recently-used 1% of subfacets (but at least - * flow_eviction_threshold flows) are kept cached. At least - * the most-recently-used bucket of subfacets is kept, so actually an - * arbitrary number of subfacets can be kept in any given expiration run - * (though the next run will delete most of those unless they receive - * additional data). - * - * This requires a second pass through the subfacets, in addition to the - * pass made by update_stats(), because the former function never looks at - * uninstallable subfacets. - */ - enum { BUCKET_WIDTH = ROUND_UP(100, TIME_UPDATE_INTERVAL) }; - enum { N_BUCKETS = 5000 / BUCKET_WIDTH }; - int buckets[N_BUCKETS] = { 0 }; - int total, subtotal, bucket; - struct subfacet *subfacet; - long long int now; - int i; - - total = hmap_count(&backer->subfacets); - if (total <= flow_eviction_threshold) { - return N_BUCKETS * BUCKET_WIDTH; - } - - /* Build histogram. */ - now = time_msec(); - HMAP_FOR_EACH (subfacet, hmap_node, &backer->subfacets) { - long long int idle = now - subfacet->used; - int bucket = (idle <= 0 ? 0 - : idle >= BUCKET_WIDTH * N_BUCKETS ? N_BUCKETS - 1 - : (unsigned int) idle / BUCKET_WIDTH); - buckets[bucket]++; - } - - /* Find the first bucket whose flows should be expired. */ - subtotal = bucket = 0; - do { - subtotal += buckets[bucket++]; - } while (bucket < N_BUCKETS && - subtotal < MAX(flow_eviction_threshold, total / 100)); - - if (VLOG_IS_DBG_ENABLED()) { - struct ds s; - - ds_init(&s); - ds_put_cstr(&s, "keep"); - for (i = 0; i < N_BUCKETS; i++) { - if (i == bucket) { - ds_put_cstr(&s, ", drop"); - } - if (buckets[i]) { - ds_put_format(&s, " %d:%d", i * BUCKET_WIDTH, buckets[i]); - } - } - VLOG_INFO("%s (msec:count)", ds_cstr(&s)); - ds_destroy(&s); - } - - return bucket * BUCKET_WIDTH; -} - -static void -expire_subfacets(struct dpif_backer *backer, int dp_max_idle) -{ - /* Cutoff time for most flows. */ - long long int normal_cutoff = time_msec() - dp_max_idle; - - /* We really want to keep flows for special protocols around, so use a more - * conservative cutoff. */ - long long int special_cutoff = time_msec() - 10000; - - struct subfacet *subfacet, *next_subfacet; - struct subfacet *batch[SUBFACET_DESTROY_MAX_BATCH]; - int n_batch; - - n_batch = 0; - HMAP_FOR_EACH_SAFE (subfacet, next_subfacet, hmap_node, - &backer->subfacets) { - long long int cutoff; - - cutoff = (subfacet->facet->xout.slow & (SLOW_CFM | SLOW_BFD | SLOW_LACP - | SLOW_STP) - ? special_cutoff - : normal_cutoff); - if (subfacet->used < cutoff) { - if (subfacet->path != SF_NOT_INSTALLED) { - batch[n_batch++] = subfacet; - if (n_batch >= SUBFACET_DESTROY_MAX_BATCH) { - subfacet_destroy_batch(backer, batch, n_batch); - n_batch = 0; - } - } else { - subfacet_destroy(subfacet); - } - } - } - - if (n_batch > 0) { - subfacet_destroy_batch(backer, batch, n_batch); - } -} - -/* If 'rule' is an OpenFlow rule, that has expired according to OpenFlow rules, - * then delete it entirely. */ -static void -rule_expire(struct rule_dpif *rule) -{ - struct facet *facet, *next_facet; - long long int now; - uint8_t reason; - - if (rule->up.pending) { - /* We'll have to expire it later. */ - return; - } - - /* Has 'rule' expired? */ - now = time_msec(); - if (rule->up.hard_timeout - && now > rule->up.modified + rule->up.hard_timeout * 1000) { - reason = OFPRR_HARD_TIMEOUT; - } else if (rule->up.idle_timeout - && now > rule->up.used + rule->up.idle_timeout * 1000) { - reason = OFPRR_IDLE_TIMEOUT; - } else { - return; - } - - COVERAGE_INC(ofproto_dpif_expired); - - /* Update stats. (This is a no-op if the rule expired due to an idle - * timeout, because that only happens when the rule has no facets left.) */ - LIST_FOR_EACH_SAFE (facet, next_facet, list_node, &rule->facets) { - facet_remove(facet); - } - - /* Get rid of the rule. */ - ofproto_rule_expire(&rule->up, reason); -} - -/* Facets. */ - -/* Creates and returns a new facet based on 'miss'. - * - * The caller must already have determined that no facet with an identical - * 'miss->flow' exists in 'miss->ofproto'. - * - * 'hash' must be the return value of flow_hash(miss->flow, 0). - * - * The facet will initially have no subfacets. The caller should create (at - * least) one subfacet with subfacet_create(). */ -static struct facet * -facet_create(const struct flow_miss *miss, uint32_t hash) -{ - struct ofproto_dpif *ofproto = miss->ofproto; - struct xlate_in xin; - struct facet *facet; - - facet = xzalloc(sizeof *facet); - facet->used = time_msec(); - facet->flow = miss->flow; - facet->initial_vals = miss->initial_vals; - facet->rule = rule_dpif_lookup(ofproto, &facet->flow); - facet->learn_rl = time_msec() + 500; - - hmap_insert(&ofproto->facets, &facet->hmap_node, hash); - list_push_back(&facet->rule->facets, &facet->list_node); - list_init(&facet->subfacets); - netflow_flow_init(&facet->nf_flow); - netflow_flow_update_time(ofproto->netflow, &facet->nf_flow, facet->used); - - xlate_in_init(&xin, ofproto, &facet->flow, &facet->initial_vals, - facet->rule, 0, NULL); - xin.may_learn = true; - xlate_actions(&xin, &facet->xout); - facet->nf_flow.output_iface = facet->xout.nf_output_iface; - - return facet; -} - -static void -facet_free(struct facet *facet) -{ - if (facet) { - xlate_out_uninit(&facet->xout); - free(facet); - } -} - -/* Executes, within 'ofproto', the 'n_actions' actions in 'actions' on - * 'packet', which arrived on 'in_port'. */ -static bool -execute_odp_actions(struct ofproto_dpif *ofproto, const struct flow *flow, - const struct nlattr *odp_actions, size_t actions_len, - struct ofpbuf *packet) -{ - struct odputil_keybuf keybuf; - struct ofpbuf key; - int error; - - ofpbuf_use_stack(&key, &keybuf, sizeof keybuf); - odp_flow_key_from_flow(&key, flow, - ofp_port_to_odp_port(ofproto, flow->in_port)); - - error = dpif_execute(ofproto->backer->dpif, key.data, key.size, - odp_actions, actions_len, packet); - return !error; -} - -/* Remove 'facet' from 'ofproto' and free up the associated memory: - * - * - If 'facet' was installed in the datapath, uninstalls it and updates its - * rule's statistics, via subfacet_uninstall(). - * - * - Removes 'facet' from its rule and from ofproto->facets. - */ -static void -facet_remove(struct facet *facet) -{ - struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); - struct subfacet *subfacet, *next_subfacet; - - ovs_assert(!list_is_empty(&facet->subfacets)); - - /* First uninstall all of the subfacets to get final statistics. */ - LIST_FOR_EACH (subfacet, list_node, &facet->subfacets) { - subfacet_uninstall(subfacet); - } - - /* Flush the final stats to the rule. - * - * This might require us to have at least one subfacet around so that we - * can use its actions for accounting in facet_account(), which is why we - * have uninstalled but not yet destroyed the subfacets. */ - facet_flush_stats(facet); - - /* Now we're really all done so destroy everything. */ - LIST_FOR_EACH_SAFE (subfacet, next_subfacet, list_node, - &facet->subfacets) { - subfacet_destroy__(subfacet); - } - hmap_remove(&ofproto->facets, &facet->hmap_node); - list_remove(&facet->list_node); - facet_free(facet); -} - -/* Feed information from 'facet' back into the learning table to keep it in - * sync with what is actually flowing through the datapath. */ -static void -facet_learn(struct facet *facet) -{ - long long int now = time_msec(); - - if (!facet->xout.has_fin_timeout && now < facet->learn_rl) { - return; - } - - facet->learn_rl = now + 500; - - if (!facet->xout.has_learn - && !facet->xout.has_normal - && (!facet->xout.has_fin_timeout - || !(facet->tcp_flags & (TCP_FIN | TCP_RST)))) { - return; - } - - facet_push_stats(facet, true); -} - -static void -facet_account(struct facet *facet) -{ - struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); - const struct nlattr *a; - unsigned int left; - ovs_be16 vlan_tci; - uint64_t n_bytes; - - if (!facet->xout.has_normal || !ofproto->has_bonded_bundles) { - return; - } - n_bytes = facet->byte_count - facet->accounted_bytes; - - /* This loop feeds byte counters to bond_account() for rebalancing to use - * as a basis. We also need to track the actual VLAN on which the packet - * is going to be sent to ensure that it matches the one passed to - * bond_choose_output_slave(). (Otherwise, we will account to the wrong - * hash bucket.) - * - * We use the actions from an arbitrary subfacet because they should all - * be equally valid for our purpose. */ - vlan_tci = facet->flow.vlan_tci; - NL_ATTR_FOR_EACH_UNSAFE (a, left, facet->xout.odp_actions.data, - facet->xout.odp_actions.size) { - const struct ovs_action_push_vlan *vlan; - struct ofport_dpif *port; - - switch (nl_attr_type(a)) { - case OVS_ACTION_ATTR_OUTPUT: - port = get_odp_port(ofproto, nl_attr_get_u32(a)); - if (port && port->bundle && port->bundle->bond) { - bond_account(port->bundle->bond, &facet->flow, - vlan_tci_to_vid(vlan_tci), n_bytes); - } - break; - - case OVS_ACTION_ATTR_POP_VLAN: - vlan_tci = htons(0); - break; - - case OVS_ACTION_ATTR_PUSH_VLAN: - vlan = nl_attr_get(a); - vlan_tci = vlan->vlan_tci; - break; - } - } -} - -/* Returns true if the only action for 'facet' is to send to the controller. - * (We don't report NetFlow expiration messages for such facets because they - * are just part of the control logic for the network, not real traffic). */ -static bool -facet_is_controller_flow(struct facet *facet) -{ - if (facet) { - const struct rule *rule = &facet->rule->up; - const struct ofpact *ofpacts = rule->ofpacts; - size_t ofpacts_len = rule->ofpacts_len; - - if (ofpacts_len > 0 && - ofpacts->type == OFPACT_CONTROLLER && - ofpact_next(ofpacts) >= ofpact_end(ofpacts, ofpacts_len)) { - return true; - } - } - return false; -} - -/* Folds all of 'facet''s statistics into its rule. Also updates the - * accounting ofhook and emits a NetFlow expiration if appropriate. All of - * 'facet''s statistics in the datapath should have been zeroed and folded into - * its packet and byte counts before this function is called. */ -static void -facet_flush_stats(struct facet *facet) -{ - struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); - struct subfacet *subfacet; - - LIST_FOR_EACH (subfacet, list_node, &facet->subfacets) { - ovs_assert(!subfacet->dp_byte_count); - ovs_assert(!subfacet->dp_packet_count); - } - - facet_push_stats(facet, false); - if (facet->accounted_bytes < facet->byte_count) { - facet_account(facet); - facet->accounted_bytes = facet->byte_count; - } - - if (ofproto->netflow && !facet_is_controller_flow(facet)) { - struct ofexpired expired; - expired.flow = facet->flow; - expired.packet_count = facet->packet_count; - expired.byte_count = facet->byte_count; - expired.used = facet->used; - netflow_expire(ofproto->netflow, &facet->nf_flow, &expired); - } - - /* Reset counters to prevent double counting if 'facet' ever gets - * reinstalled. */ - facet_reset_counters(facet); - - netflow_flow_clear(&facet->nf_flow); - facet->tcp_flags = 0; -} - -/* Searches 'ofproto''s table of facets for one exactly equal to 'flow'. - * Returns it if found, otherwise a null pointer. - * - * 'hash' must be the return value of flow_hash(flow, 0). - * - * The returned facet might need revalidation; use facet_lookup_valid() - * instead if that is important. */ -static struct facet * -facet_find(struct ofproto_dpif *ofproto, - const struct flow *flow, uint32_t hash) -{ - struct facet *facet; - - HMAP_FOR_EACH_WITH_HASH (facet, hmap_node, hash, &ofproto->facets) { - if (flow_equal(flow, &facet->flow)) { - return facet; - } - } - - return NULL; -} - -/* Searches 'ofproto''s table of facets for one exactly equal to 'flow'. - * Returns it if found, otherwise a null pointer. - * - * 'hash' must be the return value of flow_hash(flow, 0). - * - * The returned facet is guaranteed to be valid. */ -static struct facet * -facet_lookup_valid(struct ofproto_dpif *ofproto, const struct flow *flow, - uint32_t hash) -{ - struct facet *facet; - - facet = facet_find(ofproto, flow, hash); - if (facet - && (ofproto->backer->need_revalidate - || tag_set_intersects(&ofproto->backer->revalidate_set, - facet->xout.tags)) - && !facet_revalidate(facet)) { - return NULL; - } - - return facet; -} - -static bool -facet_check_consistency(struct facet *facet) -{ - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 15); - - struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); - - struct xlate_out xout; - struct xlate_in xin; - - struct rule_dpif *rule; - bool ok; - - /* Check the rule for consistency. */ - rule = rule_dpif_lookup(ofproto, &facet->flow); - if (rule != facet->rule) { - if (!VLOG_DROP_WARN(&rl)) { - struct ds s = DS_EMPTY_INITIALIZER; - - flow_format(&s, &facet->flow); - ds_put_format(&s, ": facet associated with wrong rule (was " - "table=%"PRIu8",", facet->rule->up.table_id); - cls_rule_format(&facet->rule->up.cr, &s); - ds_put_format(&s, ") (should have been table=%"PRIu8",", - rule->up.table_id); - cls_rule_format(&rule->up.cr, &s); - ds_put_char(&s, ')'); - - VLOG_WARN("%s", ds_cstr(&s)); - ds_destroy(&s); - } - return false; - } - - /* Check the datapath actions for consistency. */ - xlate_in_init(&xin, ofproto, &facet->flow, &facet->initial_vals, rule, - 0, NULL); - xlate_actions(&xin, &xout); - - ok = ofpbuf_equal(&facet->xout.odp_actions, &xout.odp_actions) - && facet->xout.slow == xout.slow; - if (!ok && !VLOG_DROP_WARN(&rl)) { - struct ds s = DS_EMPTY_INITIALIZER; - - flow_format(&s, &facet->flow); - ds_put_cstr(&s, ": inconsistency in facet"); - - if (!ofpbuf_equal(&facet->xout.odp_actions, &xout.odp_actions)) { - ds_put_cstr(&s, " (actions were: "); - format_odp_actions(&s, facet->xout.odp_actions.data, - facet->xout.odp_actions.size); - ds_put_cstr(&s, ") (correct actions: "); - format_odp_actions(&s, xout.odp_actions.data, - xout.odp_actions.size); - ds_put_char(&s, ')'); - } - - if (facet->xout.slow != xout.slow) { - ds_put_format(&s, " slow path incorrect. should be %d", xout.slow); - } - - VLOG_WARN("%s", ds_cstr(&s)); - ds_destroy(&s); - } - xlate_out_uninit(&xout); - - return ok; -} - -/* Re-searches the classifier for 'facet': - * - * - If the rule found is different from 'facet''s current rule, moves - * 'facet' to the new rule and recompiles its actions. - * - * - If the rule found is the same as 'facet''s current rule, leaves 'facet' - * where it is and recompiles its actions anyway. - * - * - If any of 'facet''s subfacets correspond to a new flow according to - * ofproto_receive(), 'facet' is removed. - * - * Returns true if 'facet' is still valid. False if 'facet' was removed. */ -static bool -facet_revalidate(struct facet *facet) -{ - struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); - struct rule_dpif *new_rule; - struct subfacet *subfacet; - struct xlate_out xout; - struct xlate_in xin; - - COVERAGE_INC(facet_revalidate); - - /* Check that child subfacets still correspond to this facet. Tunnel - * configuration changes could cause a subfacet's OpenFlow in_port to - * change. */ - LIST_FOR_EACH (subfacet, list_node, &facet->subfacets) { - struct ofproto_dpif *recv_ofproto; - struct flow recv_flow; - int error; - - error = ofproto_receive(ofproto->backer, NULL, subfacet->key, - subfacet->key_len, &recv_flow, NULL, - &recv_ofproto, NULL, NULL); - if (error - || recv_ofproto != ofproto - || memcmp(&recv_flow, &facet->flow, sizeof recv_flow)) { - facet_remove(facet); - return false; - } - } - - new_rule = rule_dpif_lookup(ofproto, &facet->flow); - - /* Calculate new datapath actions. - * - * We do not modify any 'facet' state yet, because we might need to, e.g., - * emit a NetFlow expiration and, if so, we need to have the old state - * around to properly compose it. */ - xlate_in_init(&xin, ofproto, &facet->flow, &facet->initial_vals, new_rule, - 0, NULL); - xlate_actions(&xin, &xout); - - /* A facet's slow path reason should only change under dramatic - * circumstances. Rather than try to update everything, it's simpler to - * remove the facet and start over. */ - if (facet->xout.slow != xout.slow) { - facet_remove(facet); - xlate_out_uninit(&xout); - return false; - } - - if (!ofpbuf_equal(&facet->xout.odp_actions, &xout.odp_actions)) { - LIST_FOR_EACH(subfacet, list_node, &facet->subfacets) { - if (subfacet->path == SF_FAST_PATH) { - struct dpif_flow_stats stats; - - subfacet_install(subfacet, &xout.odp_actions, &stats); - subfacet_update_stats(subfacet, &stats); - } - } - - facet_flush_stats(facet); - - ofpbuf_clear(&facet->xout.odp_actions); - ofpbuf_put(&facet->xout.odp_actions, xout.odp_actions.data, - xout.odp_actions.size); - } - - /* Update 'facet' now that we've taken care of all the old state. */ - facet->xout.tags = xout.tags; - facet->xout.slow = xout.slow; - facet->xout.has_learn = xout.has_learn; - facet->xout.has_normal = xout.has_normal; - facet->xout.has_fin_timeout = xout.has_fin_timeout; - facet->xout.nf_output_iface = xout.nf_output_iface; - facet->xout.mirrors = xout.mirrors; - facet->nf_flow.output_iface = facet->xout.nf_output_iface; - - if (facet->rule != new_rule) { - COVERAGE_INC(facet_changed_rule); - list_remove(&facet->list_node); - list_push_back(&new_rule->facets, &facet->list_node); - facet->rule = new_rule; - facet->used = new_rule->up.created; - facet->prev_used = facet->used; - } - - xlate_out_uninit(&xout); - return true; -} - -static void -facet_reset_counters(struct facet *facet) -{ - facet->packet_count = 0; - facet->byte_count = 0; - facet->prev_packet_count = 0; - facet->prev_byte_count = 0; - facet->accounted_bytes = 0; -} - -static void -facet_push_stats(struct facet *facet, bool may_learn) -{ - struct dpif_flow_stats stats; - - ovs_assert(facet->packet_count >= facet->prev_packet_count); - ovs_assert(facet->byte_count >= facet->prev_byte_count); - ovs_assert(facet->used >= facet->prev_used); - - stats.n_packets = facet->packet_count - facet->prev_packet_count; - stats.n_bytes = facet->byte_count - facet->prev_byte_count; - stats.used = facet->used; - stats.tcp_flags = facet->tcp_flags; - - if (may_learn || stats.n_packets || facet->used > facet->prev_used) { - struct ofproto_dpif *ofproto = - ofproto_dpif_cast(facet->rule->up.ofproto); - - struct ofport_dpif *in_port; - struct xlate_in xin; - - facet->prev_packet_count = facet->packet_count; - facet->prev_byte_count = facet->byte_count; - facet->prev_used = facet->used; - - in_port = get_ofp_port(ofproto, facet->flow.in_port); - if (in_port && in_port->tnl_port) { - netdev_vport_inc_rx(in_port->up.netdev, &stats); - } - - rule_credit_stats(facet->rule, &stats); - netflow_flow_update_time(ofproto->netflow, &facet->nf_flow, - facet->used); - netflow_flow_update_flags(&facet->nf_flow, facet->tcp_flags); - update_mirror_stats(ofproto, facet->xout.mirrors, stats.n_packets, - stats.n_bytes); - - xlate_in_init(&xin, ofproto, &facet->flow, &facet->initial_vals, - facet->rule, stats.tcp_flags, NULL); - xin.resubmit_stats = &stats; - xin.may_learn = may_learn; - xlate_actions_for_side_effects(&xin); - } -} - -static void -push_all_stats__(bool run_fast) -{ - static long long int rl = LLONG_MIN; - struct ofproto_dpif *ofproto; - - if (time_msec() < rl) { - return; - } - - HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, &all_ofproto_dpifs) { - struct facet *facet; - - HMAP_FOR_EACH (facet, hmap_node, &ofproto->facets) { - facet_push_stats(facet, false); - if (run_fast) { - run_fast_rl(); - } - } - } - - rl = time_msec() + 100; -} - -static void -push_all_stats(void) -{ - push_all_stats__(true); -} - -static void -rule_credit_stats(struct rule_dpif *rule, const struct dpif_flow_stats *stats) -{ - rule->packet_count += stats->n_packets; - rule->byte_count += stats->n_bytes; - ofproto_rule_update_used(&rule->up, stats->used); -} - -/* Subfacets. */ - -static struct subfacet * -subfacet_find(struct dpif_backer *backer, const struct nlattr *key, - size_t key_len, uint32_t key_hash) -{ - struct subfacet *subfacet; - - HMAP_FOR_EACH_WITH_HASH (subfacet, hmap_node, key_hash, - &backer->subfacets) { - if (subfacet->key_len == key_len - && !memcmp(key, subfacet->key, key_len)) { - return subfacet; - } - } - - return NULL; -} - -/* Searches 'facet' (within 'ofproto') for a subfacet with the specified - * 'key_fitness', 'key', and 'key_len' members in 'miss'. Returns the - * existing subfacet if there is one, otherwise creates and returns a - * new subfacet. */ -static struct subfacet * -subfacet_create(struct facet *facet, struct flow_miss *miss, - long long int now) -{ - struct dpif_backer *backer = miss->ofproto->backer; - enum odp_key_fitness key_fitness = miss->key_fitness; - const struct nlattr *key = miss->key; - size_t key_len = miss->key_len; - uint32_t key_hash; - struct subfacet *subfacet; - - key_hash = odp_flow_key_hash(key, key_len); - - if (list_is_empty(&facet->subfacets)) { - subfacet = &facet->one_subfacet; - } else { - subfacet = subfacet_find(backer, key, key_len, key_hash); - if (subfacet) { - if (subfacet->facet == facet) { - return subfacet; - } - - /* This shouldn't happen. */ - VLOG_ERR_RL(&rl, "subfacet with wrong facet"); - subfacet_destroy(subfacet); - } - - subfacet = xmalloc(sizeof *subfacet); - } - - hmap_insert(&backer->subfacets, &subfacet->hmap_node, key_hash); - list_push_back(&facet->subfacets, &subfacet->list_node); - subfacet->facet = facet; - subfacet->key_fitness = key_fitness; - subfacet->key = xmemdup(key, key_len); - subfacet->key_len = key_len; - subfacet->used = now; - subfacet->created = now; - subfacet->dp_packet_count = 0; - subfacet->dp_byte_count = 0; - subfacet->path = SF_NOT_INSTALLED; - subfacet->backer = backer; - - backer->subfacet_add_count++; - return subfacet; -} - -/* Uninstalls 'subfacet' from the datapath, if it is installed, removes it from - * its facet within 'ofproto', and frees it. */ -static void -subfacet_destroy__(struct subfacet *subfacet) -{ - struct facet *facet = subfacet->facet; - struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); - - /* Update ofproto stats before uninstall the subfacet. */ - ofproto->backer->subfacet_del_count++; - - subfacet_uninstall(subfacet); - hmap_remove(&subfacet->backer->subfacets, &subfacet->hmap_node); - list_remove(&subfacet->list_node); - free(subfacet->key); - if (subfacet != &facet->one_subfacet) { - free(subfacet); - } -} - -/* Destroys 'subfacet', as with subfacet_destroy__(), and then if this was the - * last remaining subfacet in its facet destroys the facet too. */ -static void -subfacet_destroy(struct subfacet *subfacet) -{ - struct facet *facet = subfacet->facet; - - if (list_is_singleton(&facet->subfacets)) { - /* facet_remove() needs at least one subfacet (it will remove it). */ - facet_remove(facet); - } else { - subfacet_destroy__(subfacet); - } -} - -static void -subfacet_destroy_batch(struct dpif_backer *backer, - struct subfacet **subfacets, int n) -{ - struct dpif_op ops[SUBFACET_DESTROY_MAX_BATCH]; - struct dpif_op *opsp[SUBFACET_DESTROY_MAX_BATCH]; - struct dpif_flow_stats stats[SUBFACET_DESTROY_MAX_BATCH]; - int i; - - for (i = 0; i < n; i++) { - ops[i].type = DPIF_OP_FLOW_DEL; - ops[i].u.flow_del.key = subfacets[i]->key; - ops[i].u.flow_del.key_len = subfacets[i]->key_len; - ops[i].u.flow_del.stats = &stats[i]; - opsp[i] = &ops[i]; - } - - dpif_operate(backer->dpif, opsp, n); - for (i = 0; i < n; i++) { - subfacet_reset_dp_stats(subfacets[i], &stats[i]); - subfacets[i]->path = SF_NOT_INSTALLED; - subfacet_destroy(subfacets[i]); - run_fast_rl(); - } -} - -/* Updates 'subfacet''s datapath flow, setting its actions to 'actions_len' - * bytes of actions in 'actions'. If 'stats' is non-null, statistics counters - * in the datapath will be zeroed and 'stats' will be updated with traffic new - * since 'subfacet' was last updated. - * - * Returns 0 if successful, otherwise a positive errno value. */ -static int -subfacet_install(struct subfacet *subfacet, const struct ofpbuf *odp_actions, - struct dpif_flow_stats *stats) -{ - struct facet *facet = subfacet->facet; - struct ofproto_dpif *ofproto = ofproto_dpif_cast(facet->rule->up.ofproto); - enum subfacet_path path = facet->xout.slow ? SF_SLOW_PATH : SF_FAST_PATH; - const struct nlattr *actions = odp_actions->data; - size_t actions_len = odp_actions->size; - - uint64_t slow_path_stub[128 / 8]; - enum dpif_flow_put_flags flags; - int ret; - - flags = DPIF_FP_CREATE | DPIF_FP_MODIFY; - if (stats) { - flags |= DPIF_FP_ZERO_STATS; - } - - if (path == SF_SLOW_PATH) { - compose_slow_path(ofproto, &facet->flow, facet->xout.slow, - slow_path_stub, sizeof slow_path_stub, - &actions, &actions_len); - } - - ret = dpif_flow_put(subfacet->backer->dpif, flags, subfacet->key, - subfacet->key_len, actions, actions_len, stats); - - if (stats) { - subfacet_reset_dp_stats(subfacet, stats); - } - - if (!ret) { - subfacet->path = path; - } - return ret; -} - -/* If 'subfacet' is installed in the datapath, uninstalls it. */ -static void -subfacet_uninstall(struct subfacet *subfacet) -{ - if (subfacet->path != SF_NOT_INSTALLED) { - struct rule_dpif *rule = subfacet->facet->rule; - struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); - struct dpif_flow_stats stats; - int error; - - error = dpif_flow_del(ofproto->backer->dpif, subfacet->key, - subfacet->key_len, &stats); - subfacet_reset_dp_stats(subfacet, &stats); - if (!error) { - subfacet_update_stats(subfacet, &stats); - } - subfacet->path = SF_NOT_INSTALLED; - } else { - ovs_assert(subfacet->dp_packet_count == 0); - ovs_assert(subfacet->dp_byte_count == 0); - } -} - -/* Resets 'subfacet''s datapath statistics counters. This should be called - * when 'subfacet''s statistics are cleared in the datapath. If 'stats' is - * non-null, it should contain the statistics returned by dpif when 'subfacet' - * was reset in the datapath. 'stats' will be modified to include only - * statistics new since 'subfacet' was last updated. */ -static void -subfacet_reset_dp_stats(struct subfacet *subfacet, - struct dpif_flow_stats *stats) -{ - if (stats - && subfacet->dp_packet_count <= stats->n_packets - && subfacet->dp_byte_count <= stats->n_bytes) { - stats->n_packets -= subfacet->dp_packet_count; - stats->n_bytes -= subfacet->dp_byte_count; - } - - subfacet->dp_packet_count = 0; - subfacet->dp_byte_count = 0; -} - -/* Folds the statistics from 'stats' into the counters in 'subfacet'. - * - * Because of the meaning of a subfacet's counters, it only makes sense to do - * this if 'stats' are not tracked in the datapath, that is, if 'stats' - * represents a packet that was sent by hand or if it represents statistics - * that have been cleared out of the datapath. */ -static void -subfacet_update_stats(struct subfacet *subfacet, - const struct dpif_flow_stats *stats) -{ - if (stats->n_packets || stats->used > subfacet->used) { - struct facet *facet = subfacet->facet; - - subfacet->used = MAX(subfacet->used, stats->used); - facet->used = MAX(facet->used, stats->used); - facet->packet_count += stats->n_packets; - facet->byte_count += stats->n_bytes; - facet->tcp_flags |= stats->tcp_flags; - } -} - -/* Rules. */ - -static struct rule_dpif * -rule_dpif_lookup(struct ofproto_dpif *ofproto, const struct flow *flow) -{ - struct rule_dpif *rule; - - rule = rule_dpif_lookup__(ofproto, flow, 0); - if (rule) { - return rule; - } - - return rule_dpif_miss_rule(ofproto, flow); -} - -static struct rule_dpif * -rule_dpif_lookup__(struct ofproto_dpif *ofproto, const struct flow *flow, - uint8_t table_id) -{ - struct cls_rule *cls_rule; - struct classifier *cls; - bool frag; - - if (table_id >= N_TABLES) { - return NULL; - } - - cls = &ofproto->up.tables[table_id].cls; - frag = (flow->nw_frag & FLOW_NW_FRAG_ANY) != 0; - if (frag && ofproto->up.frag_handling == OFPC_FRAG_NORMAL) { - /* We must pretend that transport ports are unavailable. */ - struct flow ofpc_normal_flow = *flow; - ofpc_normal_flow.tp_src = htons(0); - ofpc_normal_flow.tp_dst = htons(0); - cls_rule = classifier_lookup(cls, &ofpc_normal_flow); - } else if (frag && ofproto->up.frag_handling == OFPC_FRAG_DROP) { - cls_rule = &ofproto->drop_frags_rule->up.cr; - } else { - cls_rule = classifier_lookup(cls, flow); - } - return rule_dpif_cast(rule_from_cls_rule(cls_rule)); -} - -static struct rule_dpif * -rule_dpif_miss_rule(struct ofproto_dpif *ofproto, const struct flow *flow) -{ - struct ofport_dpif *port; - - port = get_ofp_port(ofproto, flow->in_port); - if (!port) { - VLOG_WARN_RL(&rl, "packet-in on unknown port %"PRIu16, flow->in_port); - return ofproto->miss_rule; - } - - if (port->up.pp.config & OFPUTIL_PC_NO_PACKET_IN) { - return ofproto->no_packet_in_rule; - } - return ofproto->miss_rule; -} - -static void -complete_operation(struct rule_dpif *rule) -{ - struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); - - rule_invalidate(rule); - if (clogged) { - struct dpif_completion *c = xmalloc(sizeof *c); - c->op = rule->up.pending; - list_push_back(&ofproto->completions, &c->list_node); - } else { - ofoperation_complete(rule->up.pending, 0); - } -} - -static struct rule * -rule_alloc(void) -{ - struct rule_dpif *rule = xmalloc(sizeof *rule); - return &rule->up; -} - -static void -rule_dealloc(struct rule *rule_) -{ - struct rule_dpif *rule = rule_dpif_cast(rule_); - free(rule); -} - -static enum ofperr -rule_construct(struct rule *rule_) -{ - struct rule_dpif *rule = rule_dpif_cast(rule_); - struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); - struct rule_dpif *victim; - uint8_t table_id; - - rule->packet_count = 0; - rule->byte_count = 0; - - victim = rule_dpif_cast(ofoperation_get_victim(rule->up.pending)); - if (victim && !list_is_empty(&victim->facets)) { - struct facet *facet; - - rule->facets = victim->facets; - list_moved(&rule->facets); - LIST_FOR_EACH (facet, list_node, &rule->facets) { - /* XXX: We're only clearing our local counters here. It's possible - * that quite a few packets are unaccounted for in the datapath - * statistics. These will be accounted to the new rule instead of - * cleared as required. This could be fixed by clearing out the - * datapath statistics for this facet, but currently it doesn't - * seem worth it. */ - facet_reset_counters(facet); - facet->rule = rule; - } - } else { - /* Must avoid list_moved() in this case. */ - list_init(&rule->facets); - } - - table_id = rule->up.table_id; - if (victim) { - rule->tag = victim->tag; - } else if (table_id == 0) { - rule->tag = 0; - } else { - struct flow flow; - - miniflow_expand(&rule->up.cr.match.flow, &flow); - rule->tag = rule_calculate_tag(&flow, &rule->up.cr.match.mask, - ofproto->tables[table_id].basis); - } - - complete_operation(rule); - return 0; -} - -static void -rule_destruct(struct rule *rule_) -{ - struct rule_dpif *rule = rule_dpif_cast(rule_); - struct facet *facet, *next_facet; - - LIST_FOR_EACH_SAFE (facet, next_facet, list_node, &rule->facets) { - facet_revalidate(facet); - } - - complete_operation(rule); -} - -static void -rule_get_stats(struct rule *rule_, uint64_t *packets, uint64_t *bytes) -{ - struct rule_dpif *rule = rule_dpif_cast(rule_); - - /* push_all_stats() can handle flow misses which, when using the learn - * action, can cause rules to be added and deleted. This can corrupt our - * caller's datastructures which assume that rule_get_stats() doesn't have - * an impact on the flow table. To be safe, we disable miss handling. */ - push_all_stats__(false); - - /* Start from historical data for 'rule' itself that are no longer tracked - * in facets. This counts, for example, facets that have expired. */ - *packets = rule->packet_count; - *bytes = rule->byte_count; -} - -static void -rule_dpif_execute(struct rule_dpif *rule, const struct flow *flow, - struct ofpbuf *packet) -{ - struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); - struct initial_vals initial_vals; - struct dpif_flow_stats stats; - struct xlate_out xout; - struct xlate_in xin; - - dpif_flow_stats_extract(flow, packet, time_msec(), &stats); - rule_credit_stats(rule, &stats); - - initial_vals.vlan_tci = flow->vlan_tci; - xlate_in_init(&xin, ofproto, flow, &initial_vals, rule, stats.tcp_flags, - packet); - xin.resubmit_stats = &stats; - xlate_actions(&xin, &xout); - - execute_odp_actions(ofproto, flow, xout.odp_actions.data, - xout.odp_actions.size, packet); - - xlate_out_uninit(&xout); -} - -static enum ofperr -rule_execute(struct rule *rule, const struct flow *flow, - struct ofpbuf *packet) -{ - rule_dpif_execute(rule_dpif_cast(rule), flow, packet); - ofpbuf_delete(packet); - return 0; -} - -static void -rule_modify_actions(struct rule *rule_) -{ - struct rule_dpif *rule = rule_dpif_cast(rule_); - - complete_operation(rule); -} - -/* Sends 'packet' out 'ofport'. - * May modify 'packet'. - * Returns 0 if successful, otherwise a positive errno value. */ -static int -send_packet(const struct ofport_dpif *ofport, struct ofpbuf *packet) -{ - struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofport->up.ofproto); - uint64_t odp_actions_stub[1024 / 8]; - struct ofpbuf key, odp_actions; - struct dpif_flow_stats stats; - struct odputil_keybuf keybuf; - struct ofpact_output output; - struct xlate_out xout; - struct xlate_in xin; - struct flow flow; - int error; - - ofpbuf_use_stub(&odp_actions, odp_actions_stub, sizeof odp_actions_stub); - ofpbuf_use_stack(&key, &keybuf, sizeof keybuf); - - /* Use OFPP_NONE as the in_port to avoid special packet processing. */ - flow_extract(packet, 0, 0, NULL, OFPP_NONE, &flow); - odp_flow_key_from_flow(&key, &flow, ofp_port_to_odp_port(ofproto, - OFPP_LOCAL)); - dpif_flow_stats_extract(&flow, packet, time_msec(), &stats); - - ofpact_init(&output.ofpact, OFPACT_OUTPUT, sizeof output); - output.port = ofport->up.ofp_port; - output.max_len = 0; - - xlate_in_init(&xin, ofproto, &flow, NULL, NULL, 0, packet); - xin.ofpacts_len = sizeof output; - xin.ofpacts = &output.ofpact; - xin.resubmit_stats = &stats; - xlate_actions(&xin, &xout); - - error = dpif_execute(ofproto->backer->dpif, - key.data, key.size, - xout.odp_actions.data, xout.odp_actions.size, - packet); - xlate_out_uninit(&xout); - - if (error) { - VLOG_WARN_RL(&rl, "%s: failed to send packet on port %s (%s)", - ofproto->up.name, netdev_get_name(ofport->up.netdev), - strerror(error)); - } - - ofproto->stats.tx_packets++; - ofproto->stats.tx_bytes += packet->size; - return error; -} - -/* OpenFlow to datapath action translation. */ - -static bool may_receive(const struct ofport_dpif *, struct xlate_ctx *); -static void do_xlate_actions(const struct ofpact *, size_t ofpacts_len, - struct xlate_ctx *); -static void xlate_normal(struct xlate_ctx *); - -/* Composes an ODP action for a "slow path" action for 'flow' within 'ofproto'. - * The action will state 'slow' as the reason that the action is in the slow - * path. (This is purely informational: it allows a human viewing "ovs-dpctl - * dump-flows" output to see why a flow is in the slow path.) - * - * The 'stub_size' bytes in 'stub' will be used to store the action. - * 'stub_size' must be large enough for the action. - * - * The action and its size will be stored in '*actionsp' and '*actions_lenp', - * respectively. */ -static void -compose_slow_path(const struct ofproto_dpif *ofproto, const struct flow *flow, - enum slow_path_reason slow, - uint64_t *stub, size_t stub_size, - const struct nlattr **actionsp, size_t *actions_lenp) -{ - union user_action_cookie cookie; - struct ofpbuf buf; - - cookie.type = USER_ACTION_COOKIE_SLOW_PATH; - cookie.slow_path.unused = 0; - cookie.slow_path.reason = slow; - - ofpbuf_use_stack(&buf, stub, stub_size); - if (slow & (SLOW_CFM | SLOW_BFD | SLOW_LACP | SLOW_STP)) { - uint32_t pid = dpif_port_get_pid(ofproto->backer->dpif, UINT32_MAX); - odp_put_userspace_action(pid, &cookie, sizeof cookie.slow_path, &buf); - } else { - put_userspace_action(ofproto, &buf, flow, &cookie, - sizeof cookie.slow_path); - } - *actionsp = buf.data; - *actions_lenp = buf.size; -} - -static size_t -put_userspace_action(const struct ofproto_dpif *ofproto, - struct ofpbuf *odp_actions, - const struct flow *flow, - const union user_action_cookie *cookie, - const size_t cookie_size) -{ - uint32_t pid; - - pid = dpif_port_get_pid(ofproto->backer->dpif, - ofp_port_to_odp_port(ofproto, flow->in_port)); - - return odp_put_userspace_action(pid, cookie, cookie_size, odp_actions); -} - -/* Compose SAMPLE action for sFlow or IPFIX. The given probability is - * the number of packets out of UINT32_MAX to sample. The given - * cookie is passed back in the callback for each sampled packet. - */ -static size_t -compose_sample_action(const struct ofproto_dpif *ofproto, - struct ofpbuf *odp_actions, - const struct flow *flow, - const uint32_t probability, - const union user_action_cookie *cookie, - const size_t cookie_size) -{ - size_t sample_offset, actions_offset; - int cookie_offset; - - sample_offset = nl_msg_start_nested(odp_actions, OVS_ACTION_ATTR_SAMPLE); - - nl_msg_put_u32(odp_actions, OVS_SAMPLE_ATTR_PROBABILITY, probability); - - actions_offset = nl_msg_start_nested(odp_actions, OVS_SAMPLE_ATTR_ACTIONS); - cookie_offset = put_userspace_action(ofproto, odp_actions, flow, cookie, - cookie_size); - - nl_msg_end_nested(odp_actions, actions_offset); - nl_msg_end_nested(odp_actions, sample_offset); - return cookie_offset; -} - -static void -compose_sflow_cookie(const struct ofproto_dpif *ofproto, - ovs_be16 vlan_tci, uint32_t odp_port, - unsigned int n_outputs, union user_action_cookie *cookie) -{ - int ifindex; - - cookie->type = USER_ACTION_COOKIE_SFLOW; - cookie->sflow.vlan_tci = vlan_tci; - - /* See http://www.sflow.org/sflow_version_5.txt (search for "Input/output - * port information") for the interpretation of cookie->output. */ - switch (n_outputs) { - case 0: - /* 0x40000000 | 256 means "packet dropped for unknown reason". */ - cookie->sflow.output = 0x40000000 | 256; - break; - - case 1: - ifindex = dpif_sflow_odp_port_to_ifindex(ofproto->sflow, odp_port); - if (ifindex) { - cookie->sflow.output = ifindex; - break; - } - /* Fall through. */ - default: - /* 0x80000000 means "multiple output ports. */ - cookie->sflow.output = 0x80000000 | n_outputs; - break; - } -} - -/* Compose SAMPLE action for sFlow bridge sampling. */ -static size_t -compose_sflow_action(const struct ofproto_dpif *ofproto, - struct ofpbuf *odp_actions, - const struct flow *flow, - uint32_t odp_port) -{ - uint32_t probability; - union user_action_cookie cookie; - - if (!ofproto->sflow || flow->in_port == OFPP_NONE) { - return 0; - } - - probability = dpif_sflow_get_probability(ofproto->sflow); - compose_sflow_cookie(ofproto, htons(0), odp_port, - odp_port == OVSP_NONE ? 0 : 1, &cookie); - - return compose_sample_action(ofproto, odp_actions, flow, probability, - &cookie, sizeof cookie.sflow); -} - -static void -compose_flow_sample_cookie(uint16_t probability, uint32_t collector_set_id, - uint32_t obs_domain_id, uint32_t obs_point_id, - union user_action_cookie *cookie) -{ - cookie->type = USER_ACTION_COOKIE_FLOW_SAMPLE; - cookie->flow_sample.probability = probability; - cookie->flow_sample.collector_set_id = collector_set_id; - cookie->flow_sample.obs_domain_id = obs_domain_id; - cookie->flow_sample.obs_point_id = obs_point_id; -} - -static void -compose_ipfix_cookie(union user_action_cookie *cookie) -{ - cookie->type = USER_ACTION_COOKIE_IPFIX; -} - -/* Compose SAMPLE action for IPFIX bridge sampling. */ -static void -compose_ipfix_action(const struct ofproto_dpif *ofproto, - struct ofpbuf *odp_actions, - const struct flow *flow) -{ - uint32_t probability; - union user_action_cookie cookie; - - if (!ofproto->ipfix || flow->in_port == OFPP_NONE) { - return; - } - - probability = dpif_ipfix_get_bridge_exporter_probability(ofproto->ipfix); - compose_ipfix_cookie(&cookie); - - compose_sample_action(ofproto, odp_actions, flow, probability, - &cookie, sizeof cookie.ipfix); -} - -/* SAMPLE action for sFlow must be first action in any given list of - * actions. At this point we do not have all information required to - * build it. So try to build sample action as complete as possible. */ -static void -add_sflow_action(struct xlate_ctx *ctx) -{ - ctx->user_cookie_offset = compose_sflow_action(ctx->ofproto, - &ctx->xout->odp_actions, - &ctx->xin->flow, OVSP_NONE); - ctx->sflow_odp_port = 0; - ctx->sflow_n_outputs = 0; -} - -/* SAMPLE action for IPFIX must be 1st or 2nd action in any given list - * of actions, eventually after the SAMPLE action for sFlow. */ -static void -add_ipfix_action(struct xlate_ctx *ctx) -{ - compose_ipfix_action(ctx->ofproto, &ctx->xout->odp_actions, - &ctx->xin->flow); -} - -/* Fix SAMPLE action according to data collected while composing ODP actions. - * We need to fix SAMPLE actions OVS_SAMPLE_ATTR_ACTIONS attribute, i.e. nested - * USERSPACE action's user-cookie which is required for sflow. */ -static void -fix_sflow_action(struct xlate_ctx *ctx) -{ - const struct flow *base = &ctx->base_flow; - union user_action_cookie *cookie; - - if (!ctx->user_cookie_offset) { - return; - } - - cookie = ofpbuf_at(&ctx->xout->odp_actions, ctx->user_cookie_offset, - sizeof cookie->sflow); - ovs_assert(cookie->type == USER_ACTION_COOKIE_SFLOW); - - compose_sflow_cookie(ctx->ofproto, base->vlan_tci, - ctx->sflow_odp_port, ctx->sflow_n_outputs, cookie); -} - -static void -compose_output_action__(struct xlate_ctx *ctx, uint16_t ofp_port, - bool check_stp) -{ - const struct ofport_dpif *ofport = get_ofp_port(ctx->ofproto, ofp_port); - ovs_be16 flow_vlan_tci; - uint32_t flow_skb_mark; - uint8_t flow_nw_tos; - struct priority_to_dscp *pdscp; - uint32_t out_port, odp_port; - - /* If 'struct flow' gets additional metadata, we'll need to zero it out - * before traversing a patch port. */ - BUILD_ASSERT_DECL(FLOW_WC_SEQ == 20); - - if (!ofport) { - xlate_report(ctx, "Nonexistent output port"); - return; - } else if (ofport->up.pp.config & OFPUTIL_PC_NO_FWD) { - xlate_report(ctx, "OFPPC_NO_FWD set, skipping output"); - return; - } else if (check_stp && !stp_forward_in_state(ofport->stp_state)) { - xlate_report(ctx, "STP not in forwarding state, skipping output"); - return; - } - - if (netdev_vport_is_patch(ofport->up.netdev)) { - struct ofport_dpif *peer = ofport_get_peer(ofport); - struct flow old_flow = ctx->xin->flow; - const struct ofproto_dpif *peer_ofproto; - enum slow_path_reason special; - struct ofport_dpif *in_port; - - if (!peer) { - xlate_report(ctx, "Nonexistent patch port peer"); - return; - } - - peer_ofproto = ofproto_dpif_cast(peer->up.ofproto); - if (peer_ofproto->backer != ctx->ofproto->backer) { - xlate_report(ctx, "Patch port peer on a different datapath"); - return; - } - - ctx->ofproto = ofproto_dpif_cast(peer->up.ofproto); - ctx->xin->flow.in_port = peer->up.ofp_port; - ctx->xin->flow.metadata = htonll(0); - memset(&ctx->xin->flow.tunnel, 0, sizeof ctx->xin->flow.tunnel); - memset(ctx->xin->flow.regs, 0, sizeof ctx->xin->flow.regs); - - in_port = get_ofp_port(ctx->ofproto, ctx->xin->flow.in_port); - special = process_special(ctx->ofproto, &ctx->xin->flow, in_port, - ctx->xin->packet); - if (special) { - ctx->xout->slow = special; - } else if (!in_port || may_receive(in_port, ctx)) { - if (!in_port || stp_forward_in_state(in_port->stp_state)) { - xlate_table_action(ctx, ctx->xin->flow.in_port, 0, true); - } else { - /* Forwarding is disabled by STP. Let OFPP_NORMAL and the - * learning action look at the packet, then drop it. */ - struct flow old_base_flow = ctx->base_flow; - size_t old_size = ctx->xout->odp_actions.size; - xlate_table_action(ctx, ctx->xin->flow.in_port, 0, true); - ctx->base_flow = old_base_flow; - ctx->xout->odp_actions.size = old_size; - } - } - - ctx->xin->flow = old_flow; - ctx->ofproto = ofproto_dpif_cast(ofport->up.ofproto); - - if (ctx->xin->resubmit_stats) { - netdev_vport_inc_tx(ofport->up.netdev, ctx->xin->resubmit_stats); - netdev_vport_inc_rx(peer->up.netdev, ctx->xin->resubmit_stats); - } - - return; - } - - flow_vlan_tci = ctx->xin->flow.vlan_tci; - flow_skb_mark = ctx->xin->flow.skb_mark; - flow_nw_tos = ctx->xin->flow.nw_tos; - - pdscp = get_priority(ofport, ctx->xin->flow.skb_priority); - if (pdscp) { - ctx->xin->flow.nw_tos &= ~IP_DSCP_MASK; - ctx->xin->flow.nw_tos |= pdscp->dscp; - } - - if (ofport->tnl_port) { - /* Save tunnel metadata so that changes made due to - * the Logical (tunnel) Port are not visible for any further - * matches, while explicit set actions on tunnel metadata are. - */ - struct flow_tnl flow_tnl = ctx->xin->flow.tunnel; - odp_port = tnl_port_send(ofport->tnl_port, &ctx->xin->flow); - if (odp_port == OVSP_NONE) { - xlate_report(ctx, "Tunneling decided against output"); - goto out; /* restore flow_nw_tos */ - } - if (ctx->xin->flow.tunnel.ip_dst == ctx->orig_tunnel_ip_dst) { - xlate_report(ctx, "Not tunneling to our own address"); - goto out; /* restore flow_nw_tos */ - } - if (ctx->xin->resubmit_stats) { - netdev_vport_inc_tx(ofport->up.netdev, ctx->xin->resubmit_stats); - } - out_port = odp_port; - commit_odp_tunnel_action(&ctx->xin->flow, &ctx->base_flow, - &ctx->xout->odp_actions); - ctx->xin->flow.tunnel = flow_tnl; /* Restore tunnel metadata */ - } else { - uint16_t vlandev_port; - odp_port = ofport->odp_port; - vlandev_port = vsp_realdev_to_vlandev(ctx->ofproto, ofp_port, - ctx->xin->flow.vlan_tci); - if (vlandev_port == ofp_port) { - out_port = odp_port; - } else { - out_port = ofp_port_to_odp_port(ctx->ofproto, vlandev_port); - ctx->xin->flow.vlan_tci = htons(0); - } - ctx->xin->flow.skb_mark &= ~IPSEC_MARK; - } - commit_odp_actions(&ctx->xin->flow, &ctx->base_flow, - &ctx->xout->odp_actions); - nl_msg_put_u32(&ctx->xout->odp_actions, OVS_ACTION_ATTR_OUTPUT, out_port); - - ctx->sflow_odp_port = odp_port; - ctx->sflow_n_outputs++; - ctx->xout->nf_output_iface = ofp_port; - - /* Restore flow */ - ctx->xin->flow.vlan_tci = flow_vlan_tci; - ctx->xin->flow.skb_mark = flow_skb_mark; - out: - ctx->xin->flow.nw_tos = flow_nw_tos; -} - -static void -compose_output_action(struct xlate_ctx *ctx, uint16_t ofp_port) -{ - compose_output_action__(ctx, ofp_port, true); -} - -static void -tag_the_flow(struct xlate_ctx *ctx, struct rule_dpif *rule) -{ - struct ofproto_dpif *ofproto = ctx->ofproto; - uint8_t table_id = ctx->table_id; - - if (table_id > 0 && table_id < N_TABLES) { - struct table_dpif *table = &ofproto->tables[table_id]; - if (table->other_table) { - ctx->xout->tags |= (rule && rule->tag - ? rule->tag - : rule_calculate_tag(&ctx->xin->flow, - &table->other_table->mask, - table->basis)); - } - } -} - -/* Common rule processing in one place to avoid duplicating code. */ -static struct rule_dpif * -ctx_rule_hooks(struct xlate_ctx *ctx, struct rule_dpif *rule, - bool may_packet_in) -{ - if (ctx->xin->resubmit_hook) { - ctx->xin->resubmit_hook(ctx, rule); - } - if (rule == NULL && may_packet_in) { - /* XXX - * check if table configuration flags - * OFPTC_TABLE_MISS_CONTROLLER, default. - * OFPTC_TABLE_MISS_CONTINUE, - * OFPTC_TABLE_MISS_DROP - * When OF1.0, OFPTC_TABLE_MISS_CONTINUE is used. What to do? - */ - rule = rule_dpif_miss_rule(ctx->ofproto, &ctx->xin->flow); - } - if (rule && ctx->xin->resubmit_stats) { - rule_credit_stats(rule, ctx->xin->resubmit_stats); - } - return rule; -} - -static void -xlate_table_action(struct xlate_ctx *ctx, - uint16_t in_port, uint8_t table_id, bool may_packet_in) -{ - if (ctx->recurse < MAX_RESUBMIT_RECURSION) { - struct rule_dpif *rule; - uint16_t old_in_port = ctx->xin->flow.in_port; - uint8_t old_table_id = ctx->table_id; - - ctx->table_id = table_id; - - /* Look up a flow with 'in_port' as the input port. */ - ctx->xin->flow.in_port = in_port; - rule = rule_dpif_lookup__(ctx->ofproto, &ctx->xin->flow, table_id); - - tag_the_flow(ctx, rule); - - /* Restore the original input port. Otherwise OFPP_NORMAL and - * OFPP_IN_PORT will have surprising behavior. */ - ctx->xin->flow.in_port = old_in_port; - - rule = ctx_rule_hooks(ctx, rule, may_packet_in); - - if (rule) { - struct rule_dpif *old_rule = ctx->rule; - - ctx->recurse++; - ctx->rule = rule; - do_xlate_actions(rule->up.ofpacts, rule->up.ofpacts_len, ctx); - ctx->rule = old_rule; - ctx->recurse--; - } - - ctx->table_id = old_table_id; - } else { - static struct vlog_rate_limit recurse_rl = VLOG_RATE_LIMIT_INIT(1, 1); - - VLOG_ERR_RL(&recurse_rl, "resubmit actions recursed over %d times", - MAX_RESUBMIT_RECURSION); - ctx->max_resubmit_trigger = true; - } -} - -static void -xlate_ofpact_resubmit(struct xlate_ctx *ctx, - const struct ofpact_resubmit *resubmit) -{ - uint16_t in_port; - uint8_t table_id; - - in_port = resubmit->in_port; - if (in_port == OFPP_IN_PORT) { - in_port = ctx->xin->flow.in_port; - } - - table_id = resubmit->table_id; - if (table_id == 255) { - table_id = ctx->table_id; - } - - xlate_table_action(ctx, in_port, table_id, false); -} - -static void -flood_packets(struct xlate_ctx *ctx, bool all) -{ - struct ofport_dpif *ofport; - - HMAP_FOR_EACH (ofport, up.hmap_node, &ctx->ofproto->up.ports) { - uint16_t ofp_port = ofport->up.ofp_port; - - if (ofp_port == ctx->xin->flow.in_port) { - continue; - } - - if (all) { - compose_output_action__(ctx, ofp_port, false); - } else if (!(ofport->up.pp.config & OFPUTIL_PC_NO_FLOOD)) { - compose_output_action(ctx, ofp_port); - } - } - - ctx->xout->nf_output_iface = NF_OUT_FLOOD; -} - -static void -execute_controller_action(struct xlate_ctx *ctx, int len, - enum ofp_packet_in_reason reason, - uint16_t controller_id) -{ - struct ofputil_packet_in pin; - struct ofpbuf *packet; - struct flow key; - - ovs_assert(!ctx->xout->slow || ctx->xout->slow == SLOW_CONTROLLER); - ctx->xout->slow = SLOW_CONTROLLER; - if (!ctx->xin->packet) { - return; - } - - packet = ofpbuf_clone(ctx->xin->packet); - - key.skb_priority = 0; - key.skb_mark = 0; - memset(&key.tunnel, 0, sizeof key.tunnel); - - commit_odp_actions(&ctx->xin->flow, &ctx->base_flow, - &ctx->xout->odp_actions); - - odp_execute_actions(NULL, packet, &key, ctx->xout->odp_actions.data, - ctx->xout->odp_actions.size, NULL, NULL); - - pin.packet = packet->data; - pin.packet_len = packet->size; - pin.reason = reason; - pin.controller_id = controller_id; - pin.table_id = ctx->table_id; - pin.cookie = ctx->rule ? ctx->rule->up.flow_cookie : 0; - - pin.send_len = len; - flow_get_metadata(&ctx->xin->flow, &pin.fmd); - - connmgr_send_packet_in(ctx->ofproto->up.connmgr, &pin); - ofpbuf_delete(packet); -} - -static void -execute_mpls_push_action(struct xlate_ctx *ctx, ovs_be16 eth_type) -{ - ovs_assert(eth_type_mpls(eth_type)); - - if (ctx->base_flow.mpls_depth) { - ctx->xin->flow.mpls_lse &= ~htonl(MPLS_BOS_MASK); - ctx->xin->flow.mpls_depth++; - } else { - ovs_be32 label; - uint8_t tc, ttl; - - if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IPV6)) { - label = htonl(0x2); /* IPV6 Explicit Null. */ - } else { - label = htonl(0x0); /* IPV4 Explicit Null. */ - } - tc = (ctx->xin->flow.nw_tos & IP_DSCP_MASK) >> 2; - ttl = ctx->xin->flow.nw_ttl ? ctx->xin->flow.nw_ttl : 0x40; - ctx->xin->flow.mpls_lse = set_mpls_lse_values(ttl, tc, 1, label); - ctx->xin->flow.mpls_depth = 1; - } - ctx->xin->flow.dl_type = eth_type; -} - -static void -execute_mpls_pop_action(struct xlate_ctx *ctx, ovs_be16 eth_type) -{ - ovs_assert(eth_type_mpls(ctx->xin->flow.dl_type)); - ovs_assert(!eth_type_mpls(eth_type)); - - if (ctx->xin->flow.mpls_depth) { - ctx->xin->flow.mpls_depth--; - ctx->xin->flow.mpls_lse = htonl(0); - if (!ctx->xin->flow.mpls_depth) { - ctx->xin->flow.dl_type = eth_type; - } - } -} - -static bool -compose_dec_ttl(struct xlate_ctx *ctx, struct ofpact_cnt_ids *ids) -{ - if (ctx->xin->flow.dl_type != htons(ETH_TYPE_IP) && - ctx->xin->flow.dl_type != htons(ETH_TYPE_IPV6)) { - return false; - } - - if (ctx->xin->flow.nw_ttl > 1) { - ctx->xin->flow.nw_ttl--; - return false; - } else { - size_t i; - - for (i = 0; i < ids->n_controllers; i++) { - execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL, - ids->cnt_ids[i]); - } - - /* Stop processing for current table. */ - return true; - } -} - -static bool -execute_set_mpls_ttl_action(struct xlate_ctx *ctx, uint8_t ttl) -{ - if (!eth_type_mpls(ctx->xin->flow.dl_type)) { - return true; - } - - set_mpls_lse_ttl(&ctx->xin->flow.mpls_lse, ttl); - return false; -} - -static bool -execute_dec_mpls_ttl_action(struct xlate_ctx *ctx) -{ - uint8_t ttl = mpls_lse_to_ttl(ctx->xin->flow.mpls_lse); - - if (!eth_type_mpls(ctx->xin->flow.dl_type)) { - return false; - } - - if (ttl > 1) { - ttl--; - set_mpls_lse_ttl(&ctx->xin->flow.mpls_lse, ttl); - return false; - } else { - execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL, 0); - - /* Stop processing for current table. */ - return true; - } -} - -static void -xlate_output_action(struct xlate_ctx *ctx, - uint16_t port, uint16_t max_len, bool may_packet_in) -{ - uint16_t prev_nf_output_iface = ctx->xout->nf_output_iface; - - ctx->xout->nf_output_iface = NF_OUT_DROP; - - switch (port) { - case OFPP_IN_PORT: - compose_output_action(ctx, ctx->xin->flow.in_port); - break; - case OFPP_TABLE: - xlate_table_action(ctx, ctx->xin->flow.in_port, 0, may_packet_in); - break; - case OFPP_NORMAL: - xlate_normal(ctx); - break; - case OFPP_FLOOD: - flood_packets(ctx, false); - break; - case OFPP_ALL: - flood_packets(ctx, true); - break; - case OFPP_CONTROLLER: - execute_controller_action(ctx, max_len, OFPR_ACTION, 0); - break; - case OFPP_NONE: - break; - case OFPP_LOCAL: - default: - if (port != ctx->xin->flow.in_port) { - compose_output_action(ctx, port); - } else { - xlate_report(ctx, "skipping output to input port"); - } - break; - } - - if (prev_nf_output_iface == NF_OUT_FLOOD) { - ctx->xout->nf_output_iface = NF_OUT_FLOOD; - } else if (ctx->xout->nf_output_iface == NF_OUT_DROP) { - ctx->xout->nf_output_iface = prev_nf_output_iface; - } else if (prev_nf_output_iface != NF_OUT_DROP && - ctx->xout->nf_output_iface != NF_OUT_FLOOD) { - ctx->xout->nf_output_iface = NF_OUT_MULTI; - } -} - -static void -xlate_output_reg_action(struct xlate_ctx *ctx, - const struct ofpact_output_reg *or) -{ - uint64_t port = mf_get_subfield(&or->src, &ctx->xin->flow); - if (port <= UINT16_MAX) { - xlate_output_action(ctx, port, or->max_len, false); - } -} - -static void -xlate_enqueue_action(struct xlate_ctx *ctx, - const struct ofpact_enqueue *enqueue) -{ - uint16_t ofp_port = enqueue->port; - uint32_t queue_id = enqueue->queue; - uint32_t flow_priority, priority; - int error; - - /* Translate queue to priority. */ - error = dpif_queue_to_priority(ctx->ofproto->backer->dpif, - queue_id, &priority); - if (error) { - /* Fall back to ordinary output action. */ - xlate_output_action(ctx, enqueue->port, 0, false); - return; - } - - /* Check output port. */ - if (ofp_port == OFPP_IN_PORT) { - ofp_port = ctx->xin->flow.in_port; - } else if (ofp_port == ctx->xin->flow.in_port) { - return; - } - - /* Add datapath actions. */ - flow_priority = ctx->xin->flow.skb_priority; - ctx->xin->flow.skb_priority = priority; - compose_output_action(ctx, ofp_port); - ctx->xin->flow.skb_priority = flow_priority; - - /* Update NetFlow output port. */ - if (ctx->xout->nf_output_iface == NF_OUT_DROP) { - ctx->xout->nf_output_iface = ofp_port; - } else if (ctx->xout->nf_output_iface != NF_OUT_FLOOD) { - ctx->xout->nf_output_iface = NF_OUT_MULTI; - } -} - -static void -xlate_set_queue_action(struct xlate_ctx *ctx, uint32_t queue_id) -{ - uint32_t skb_priority; - - if (!dpif_queue_to_priority(ctx->ofproto->backer->dpif, - queue_id, &skb_priority)) { - ctx->xin->flow.skb_priority = skb_priority; - } else { - /* Couldn't translate queue to a priority. Nothing to do. A warning - * has already been logged. */ - } -} - -static bool -slave_enabled_cb(uint16_t ofp_port, void *ofproto_) -{ - struct ofproto_dpif *ofproto = ofproto_; - struct ofport_dpif *port; - - switch (ofp_port) { - case OFPP_IN_PORT: - case OFPP_TABLE: - case OFPP_NORMAL: - case OFPP_FLOOD: - case OFPP_ALL: - case OFPP_NONE: - return true; - case OFPP_CONTROLLER: /* Not supported by the bundle action. */ - return false; - default: - port = get_ofp_port(ofproto, ofp_port); - return port ? port->may_enable : false; - } -} - -static void -xlate_bundle_action(struct xlate_ctx *ctx, - const struct ofpact_bundle *bundle) -{ - uint16_t port; - - port = bundle_execute(bundle, &ctx->xin->flow, slave_enabled_cb, - ctx->ofproto); - if (bundle->dst.field) { - nxm_reg_load(&bundle->dst, port, &ctx->xin->flow); - } else { - xlate_output_action(ctx, port, 0, false); - } -} - -static void -xlate_learn_action(struct xlate_ctx *ctx, - const struct ofpact_learn *learn) -{ - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); - struct ofputil_flow_mod fm; - uint64_t ofpacts_stub[1024 / 8]; - struct ofpbuf ofpacts; - int error; - - ofpbuf_use_stack(&ofpacts, ofpacts_stub, sizeof ofpacts_stub); - learn_execute(learn, &ctx->xin->flow, &fm, &ofpacts); - - error = ofproto_flow_mod(&ctx->ofproto->up, &fm); - if (error && !VLOG_DROP_WARN(&rl)) { - VLOG_WARN("learning action failed to modify flow table (%s)", - ofperr_get_name(error)); - } - - ofpbuf_uninit(&ofpacts); -} - -/* Reduces '*timeout' to no more than 'max'. A value of zero in either case - * means "infinite". */ -static void -reduce_timeout(uint16_t max, uint16_t *timeout) -{ - if (max && (!*timeout || *timeout > max)) { - *timeout = max; - } -} - -static void -xlate_fin_timeout(struct xlate_ctx *ctx, - const struct ofpact_fin_timeout *oft) -{ - if (ctx->xin->tcp_flags & (TCP_FIN | TCP_RST) && ctx->rule) { - struct rule_dpif *rule = ctx->rule; - - reduce_timeout(oft->fin_idle_timeout, &rule->up.idle_timeout); - reduce_timeout(oft->fin_hard_timeout, &rule->up.hard_timeout); - } -} - -static void -xlate_sample_action(struct xlate_ctx *ctx, - const struct ofpact_sample *os) -{ - union user_action_cookie cookie; - /* Scale the probability from 16-bit to 32-bit while representing - * the same percentage. */ - uint32_t probability = (os->probability << 16) | os->probability; - - commit_odp_actions(&ctx->xin->flow, &ctx->base_flow, - &ctx->xout->odp_actions); - - compose_flow_sample_cookie(os->probability, os->collector_set_id, - os->obs_domain_id, os->obs_point_id, &cookie); - compose_sample_action(ctx->ofproto, &ctx->xout->odp_actions, &ctx->xin->flow, - probability, &cookie, sizeof cookie.flow_sample); -} - -static bool -may_receive(const struct ofport_dpif *port, struct xlate_ctx *ctx) -{ - if (port->up.pp.config & (eth_addr_equals(ctx->xin->flow.dl_dst, - eth_addr_stp) - ? OFPUTIL_PC_NO_RECV_STP - : OFPUTIL_PC_NO_RECV)) { - return false; - } - - /* Only drop packets here if both forwarding and learning are - * disabled. If just learning is enabled, we need to have - * OFPP_NORMAL and the learning action have a look at the packet - * before we can drop it. */ - if (!stp_forward_in_state(port->stp_state) - && !stp_learn_in_state(port->stp_state)) { - return false; - } - - return true; -} - -static bool -tunnel_ecn_ok(struct xlate_ctx *ctx) -{ - if (is_ip_any(&ctx->base_flow) - && (ctx->xin->flow.tunnel.ip_tos & IP_ECN_MASK) == IP_ECN_CE) { - if ((ctx->base_flow.nw_tos & IP_ECN_MASK) == IP_ECN_NOT_ECT) { - VLOG_WARN_RL(&rl, "dropping tunnel packet marked ECN CE" - " but is not ECN capable"); - return false; - } else { - /* Set the ECN CE value in the tunneled packet. */ - ctx->xin->flow.nw_tos |= IP_ECN_CE; - } - } - - return true; -} - -static void -do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, - struct xlate_ctx *ctx) -{ - bool was_evictable = true; - const struct ofpact *a; - - if (ctx->rule) { - /* Don't let the rule we're working on get evicted underneath us. */ - was_evictable = ctx->rule->up.evictable; - ctx->rule->up.evictable = false; - } - - do_xlate_actions_again: - OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) { - struct ofpact_controller *controller; - const struct ofpact_metadata *metadata; - - if (ctx->exit) { - break; - } - - switch (a->type) { - case OFPACT_OUTPUT: - xlate_output_action(ctx, ofpact_get_OUTPUT(a)->port, - ofpact_get_OUTPUT(a)->max_len, true); - break; - - case OFPACT_CONTROLLER: - controller = ofpact_get_CONTROLLER(a); - execute_controller_action(ctx, controller->max_len, - controller->reason, - controller->controller_id); - break; - - case OFPACT_ENQUEUE: - xlate_enqueue_action(ctx, ofpact_get_ENQUEUE(a)); - break; - - case OFPACT_SET_VLAN_VID: - ctx->xin->flow.vlan_tci &= ~htons(VLAN_VID_MASK); - ctx->xin->flow.vlan_tci |= - (htons(ofpact_get_SET_VLAN_VID(a)->vlan_vid) - | htons(VLAN_CFI)); - break; - - case OFPACT_SET_VLAN_PCP: - ctx->xin->flow.vlan_tci &= ~htons(VLAN_PCP_MASK); - ctx->xin->flow.vlan_tci |= - htons((ofpact_get_SET_VLAN_PCP(a)->vlan_pcp << VLAN_PCP_SHIFT) - | VLAN_CFI); - break; - - case OFPACT_STRIP_VLAN: - ctx->xin->flow.vlan_tci = htons(0); - break; - - case OFPACT_PUSH_VLAN: - /* XXX 802.1AD(QinQ) */ - ctx->xin->flow.vlan_tci = htons(VLAN_CFI); - break; - - case OFPACT_SET_ETH_SRC: - memcpy(ctx->xin->flow.dl_src, ofpact_get_SET_ETH_SRC(a)->mac, - ETH_ADDR_LEN); - break; - - case OFPACT_SET_ETH_DST: - memcpy(ctx->xin->flow.dl_dst, ofpact_get_SET_ETH_DST(a)->mac, - ETH_ADDR_LEN); - break; - - case OFPACT_SET_IPV4_SRC: - if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IP)) { - ctx->xin->flow.nw_src = ofpact_get_SET_IPV4_SRC(a)->ipv4; - } - break; - - case OFPACT_SET_IPV4_DST: - if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IP)) { - ctx->xin->flow.nw_dst = ofpact_get_SET_IPV4_DST(a)->ipv4; - } - break; - - case OFPACT_SET_IPV4_DSCP: - /* OpenFlow 1.0 only supports IPv4. */ - if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IP)) { - ctx->xin->flow.nw_tos &= ~IP_DSCP_MASK; - ctx->xin->flow.nw_tos |= ofpact_get_SET_IPV4_DSCP(a)->dscp; - } - break; - - case OFPACT_SET_L4_SRC_PORT: - if (is_ip_any(&ctx->xin->flow)) { - ctx->xin->flow.tp_src = - htons(ofpact_get_SET_L4_SRC_PORT(a)->port); - } - break; - - case OFPACT_SET_L4_DST_PORT: - if (is_ip_any(&ctx->xin->flow)) { - ctx->xin->flow.tp_dst = - htons(ofpact_get_SET_L4_DST_PORT(a)->port); - } - break; - - case OFPACT_RESUBMIT: - xlate_ofpact_resubmit(ctx, ofpact_get_RESUBMIT(a)); - break; - - case OFPACT_SET_TUNNEL: - ctx->xin->flow.tunnel.tun_id = - htonll(ofpact_get_SET_TUNNEL(a)->tun_id); - break; - - case OFPACT_SET_QUEUE: - xlate_set_queue_action(ctx, ofpact_get_SET_QUEUE(a)->queue_id); - break; - - case OFPACT_POP_QUEUE: - ctx->xin->flow.skb_priority = ctx->orig_skb_priority; - break; - - case OFPACT_REG_MOVE: - nxm_execute_reg_move(ofpact_get_REG_MOVE(a), &ctx->xin->flow); - break; - - case OFPACT_REG_LOAD: - nxm_execute_reg_load(ofpact_get_REG_LOAD(a), &ctx->xin->flow); - break; - - case OFPACT_STACK_PUSH: - nxm_execute_stack_push(ofpact_get_STACK_PUSH(a), &ctx->xin->flow, - &ctx->stack); - break; - - case OFPACT_STACK_POP: - nxm_execute_stack_pop(ofpact_get_STACK_POP(a), &ctx->xin->flow, - &ctx->stack); - break; - - case OFPACT_PUSH_MPLS: - execute_mpls_push_action(ctx, ofpact_get_PUSH_MPLS(a)->ethertype); - break; - - case OFPACT_POP_MPLS: - execute_mpls_pop_action(ctx, ofpact_get_POP_MPLS(a)->ethertype); - break; - - case OFPACT_SET_MPLS_TTL: - if (execute_set_mpls_ttl_action(ctx, - ofpact_get_SET_MPLS_TTL(a)->ttl)) { - goto out; - } - break; - - case OFPACT_DEC_MPLS_TTL: - if (execute_dec_mpls_ttl_action(ctx)) { - goto out; - } - break; - - case OFPACT_DEC_TTL: - if (compose_dec_ttl(ctx, ofpact_get_DEC_TTL(a))) { - goto out; - } - break; - - case OFPACT_NOTE: - /* Nothing to do. */ - break; - - case OFPACT_MULTIPATH: - multipath_execute(ofpact_get_MULTIPATH(a), &ctx->xin->flow); - break; - - case OFPACT_BUNDLE: - ctx->ofproto->has_bundle_action = true; - xlate_bundle_action(ctx, ofpact_get_BUNDLE(a)); - break; - - case OFPACT_OUTPUT_REG: - xlate_output_reg_action(ctx, ofpact_get_OUTPUT_REG(a)); - break; - - case OFPACT_LEARN: - ctx->xout->has_learn = true; - if (ctx->xin->may_learn) { - xlate_learn_action(ctx, ofpact_get_LEARN(a)); - } - break; - - case OFPACT_EXIT: - ctx->exit = true; - break; - - case OFPACT_FIN_TIMEOUT: - ctx->xout->has_fin_timeout = true; - xlate_fin_timeout(ctx, ofpact_get_FIN_TIMEOUT(a)); - break; - - case OFPACT_CLEAR_ACTIONS: - /* XXX - * Nothing to do because writa-actions is not supported for now. - * When writa-actions is supported, clear-actions also must - * be supported at the same time. - */ - break; - - case OFPACT_WRITE_METADATA: - metadata = ofpact_get_WRITE_METADATA(a); - ctx->xin->flow.metadata &= ~metadata->mask; - ctx->xin->flow.metadata |= metadata->metadata & metadata->mask; - break; - - case OFPACT_GOTO_TABLE: { - /* It is assumed that goto-table is the last action. */ - struct ofpact_goto_table *ogt = ofpact_get_GOTO_TABLE(a); - struct rule_dpif *rule; - - ovs_assert(ctx->table_id < ogt->table_id); - - ctx->table_id = ogt->table_id; - - /* Look up a flow from the new table. */ - rule = rule_dpif_lookup__(ctx->ofproto, &ctx->xin->flow, ctx->table_id); - - tag_the_flow(ctx, rule); - - rule = ctx_rule_hooks(ctx, rule, true); - - if (rule) { - if (ctx->rule) { - ctx->rule->up.evictable = was_evictable; - } - ctx->rule = rule; - was_evictable = rule->up.evictable; - rule->up.evictable = false; - - /* Tail recursion removal. */ - ofpacts = rule->up.ofpacts; - ofpacts_len = rule->up.ofpacts_len; - goto do_xlate_actions_again; - } - break; - } - - case OFPACT_SAMPLE: - xlate_sample_action(ctx, ofpact_get_SAMPLE(a)); - break; - } - } - -out: - if (ctx->rule) { - ctx->rule->up.evictable = was_evictable; - } -} - -static void -xlate_in_init(struct xlate_in *xin, struct ofproto_dpif *ofproto, - const struct flow *flow, - const struct initial_vals *initial_vals, - struct rule_dpif *rule, uint8_t tcp_flags, - const struct ofpbuf *packet) -{ - xin->ofproto = ofproto; - xin->flow = *flow; - xin->packet = packet; - xin->may_learn = packet != NULL; - xin->rule = rule; - xin->ofpacts = NULL; - xin->ofpacts_len = 0; - xin->tcp_flags = tcp_flags; - xin->resubmit_hook = NULL; - xin->report_hook = NULL; - xin->resubmit_stats = NULL; - - if (initial_vals) { - xin->initial_vals = *initial_vals; - } else { - xin->initial_vals.vlan_tci = xin->flow.vlan_tci; - } -} - -static void -xlate_out_uninit(struct xlate_out *xout) -{ - if (xout) { - ofpbuf_uninit(&xout->odp_actions); - } -} - -/* Translates the 'ofpacts_len' bytes of "struct ofpacts" starting at 'ofpacts' - * into datapath actions in 'odp_actions', using 'ctx'. */ -static void -xlate_actions(struct xlate_in *xin, struct xlate_out *xout) -{ - /* Normally false. Set to true if we ever hit MAX_RESUBMIT_RECURSION, so - * that in the future we always keep a copy of the original flow for - * tracing purposes. */ - static bool hit_resubmit_limit; - - enum slow_path_reason special; - const struct ofpact *ofpacts; - struct ofport_dpif *in_port; - struct flow orig_flow; - struct xlate_ctx ctx; - size_t ofpacts_len; - - COVERAGE_INC(ofproto_dpif_xlate); - - /* Flow initialization rules: - * - 'base_flow' must match the kernel's view of the packet at the - * time that action processing starts. 'flow' represents any - * transformations we wish to make through actions. - * - By default 'base_flow' and 'flow' are the same since the input - * packet matches the output before any actions are applied. - * - When using VLAN splinters, 'base_flow''s VLAN is set to the value - * of the received packet as seen by the kernel. If we later output - * to another device without any modifications this will cause us to - * insert a new tag since the original one was stripped off by the - * VLAN device. - * - Tunnel metadata as received is retained in 'flow'. This allows - * tunnel metadata matching also in later tables. - * Since a kernel action for setting the tunnel metadata will only be - * generated with actual tunnel output, changing the tunnel metadata - * values in 'flow' (such as tun_id) will only have effect with a later - * tunnel output action. - * - Tunnel 'base_flow' is completely cleared since that is what the - * kernel does. If we wish to maintain the original values an action - * needs to be generated. */ - - ctx.xin = xin; - ctx.xout = xout; - - ctx.ofproto = xin->ofproto; - ctx.rule = xin->rule; - - ctx.base_flow = ctx.xin->flow; - ctx.base_flow.vlan_tci = xin->initial_vals.vlan_tci; - memset(&ctx.base_flow.tunnel, 0, sizeof ctx.base_flow.tunnel); - ctx.orig_tunnel_ip_dst = ctx.xin->flow.tunnel.ip_dst; - - ctx.xout->tags = 0; - ctx.xout->slow = 0; - ctx.xout->has_learn = false; - ctx.xout->has_normal = false; - ctx.xout->has_fin_timeout = false; - ctx.xout->nf_output_iface = NF_OUT_DROP; - ctx.xout->mirrors = 0; - - ofpbuf_use_stub(&ctx.xout->odp_actions, ctx.xout->odp_actions_stub, - sizeof ctx.xout->odp_actions_stub); - ofpbuf_reserve(&ctx.xout->odp_actions, NL_A_U32_SIZE); - - ctx.recurse = 0; - ctx.max_resubmit_trigger = false; - ctx.orig_skb_priority = ctx.xin->flow.skb_priority; - ctx.table_id = 0; - ctx.exit = false; - - if (xin->ofpacts) { - ofpacts = xin->ofpacts; - ofpacts_len = xin->ofpacts_len; - } else if (xin->rule) { - ofpacts = xin->rule->up.ofpacts; - ofpacts_len = xin->rule->up.ofpacts_len; - } else { - NOT_REACHED(); - } - - ofpbuf_use_stub(&ctx.stack, ctx.init_stack, sizeof ctx.init_stack); - - if (ctx.ofproto->has_mirrors || hit_resubmit_limit) { - /* Do this conditionally because the copy is expensive enough that it - * shows up in profiles. */ - orig_flow = ctx.xin->flow; - } - - if (ctx.xin->flow.nw_frag & FLOW_NW_FRAG_ANY) { - switch (ctx.ofproto->up.frag_handling) { - case OFPC_FRAG_NORMAL: - /* We must pretend that transport ports are unavailable. */ - ctx.xin->flow.tp_src = ctx.base_flow.tp_src = htons(0); - ctx.xin->flow.tp_dst = ctx.base_flow.tp_dst = htons(0); - break; - - case OFPC_FRAG_DROP: - return; - - case OFPC_FRAG_REASM: - NOT_REACHED(); - - case OFPC_FRAG_NX_MATCH: - /* Nothing to do. */ - break; - - case OFPC_INVALID_TTL_TO_CONTROLLER: - NOT_REACHED(); - } - } - - in_port = get_ofp_port(ctx.ofproto, ctx.xin->flow.in_port); - special = process_special(ctx.ofproto, &ctx.xin->flow, in_port, - ctx.xin->packet); - if (special) { - ctx.xout->slow = special; - } else { - static struct vlog_rate_limit trace_rl = VLOG_RATE_LIMIT_INIT(1, 1); - struct initial_vals initial_vals; - size_t sample_actions_len; - uint32_t local_odp_port; - - initial_vals.vlan_tci = ctx.base_flow.vlan_tci; - - add_sflow_action(&ctx); - add_ipfix_action(&ctx); - sample_actions_len = ctx.xout->odp_actions.size; - - if (tunnel_ecn_ok(&ctx) && (!in_port || may_receive(in_port, &ctx))) { - do_xlate_actions(ofpacts, ofpacts_len, &ctx); - - /* We've let OFPP_NORMAL and the learning action look at the - * packet, so drop it now if forwarding is disabled. */ - if (in_port && !stp_forward_in_state(in_port->stp_state)) { - ctx.xout->odp_actions.size = sample_actions_len; - } - } - - if (ctx.max_resubmit_trigger && !ctx.xin->resubmit_hook) { - if (!hit_resubmit_limit) { - /* We didn't record the original flow. Make sure we do from - * now on. */ - hit_resubmit_limit = true; - } else if (!VLOG_DROP_ERR(&trace_rl)) { - struct ds ds = DS_EMPTY_INITIALIZER; - - ofproto_trace(ctx.ofproto, &orig_flow, ctx.xin->packet, - &initial_vals, &ds); - VLOG_ERR("Trace triggered by excessive resubmit " - "recursion:\n%s", ds_cstr(&ds)); - ds_destroy(&ds); - } - } - - local_odp_port = ofp_port_to_odp_port(ctx.ofproto, OFPP_LOCAL); - if (!connmgr_must_output_local(ctx.ofproto->up.connmgr, &ctx.xin->flow, - local_odp_port, - ctx.xout->odp_actions.data, - ctx.xout->odp_actions.size)) { - compose_output_action(&ctx, OFPP_LOCAL); - } - if (ctx.ofproto->has_mirrors) { - add_mirror_actions(&ctx, &orig_flow); - } - fix_sflow_action(&ctx); - } - - ofpbuf_uninit(&ctx.stack); -} - -/* Translates the 'ofpacts_len' bytes of "struct ofpact"s starting at 'ofpacts' - * into datapath actions, using 'ctx', and discards the datapath actions. */ -static void -xlate_actions_for_side_effects(struct xlate_in *xin) -{ - struct xlate_out xout; - - xlate_actions(xin, &xout); - xlate_out_uninit(&xout); -} - -static void -xlate_report(struct xlate_ctx *ctx, const char *s) -{ - if (ctx->xin->report_hook) { - ctx->xin->report_hook(ctx, s); - } -} - -/* OFPP_NORMAL implementation. */ - -static struct ofport_dpif *ofbundle_get_a_port(const struct ofbundle *); - -/* Given 'vid', the VID obtained from the 802.1Q header that was received as - * part of a packet (specify 0 if there was no 802.1Q header), and 'in_bundle', - * the bundle on which the packet was received, returns the VLAN to which the - * packet belongs. - * - * Both 'vid' and the return value are in the range 0...4095. */ -static uint16_t -input_vid_to_vlan(const struct ofbundle *in_bundle, uint16_t vid) -{ - switch (in_bundle->vlan_mode) { - case PORT_VLAN_ACCESS: - return in_bundle->vlan; - break; - - case PORT_VLAN_TRUNK: - return vid; - - case PORT_VLAN_NATIVE_UNTAGGED: - case PORT_VLAN_NATIVE_TAGGED: - return vid ? vid : in_bundle->vlan; - - default: - NOT_REACHED(); - } -} - -/* Checks whether a packet with the given 'vid' may ingress on 'in_bundle'. - * If so, returns true. Otherwise, returns false and, if 'warn' is true, logs - * a warning. - * - * 'vid' should be the VID obtained from the 802.1Q header that was received as - * part of a packet (specify 0 if there was no 802.1Q header), in the range - * 0...4095. */ -static bool -input_vid_is_valid(uint16_t vid, struct ofbundle *in_bundle, bool warn) -{ - /* Allow any VID on the OFPP_NONE port. */ - if (in_bundle == &ofpp_none_bundle) { - return true; - } - - switch (in_bundle->vlan_mode) { - case PORT_VLAN_ACCESS: - if (vid) { - if (warn) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %"PRIu16" tagged " - "packet received on port %s configured as VLAN " - "%"PRIu16" access port", - in_bundle->ofproto->up.name, vid, - in_bundle->name, in_bundle->vlan); - } - return false; - } - return true; - - case PORT_VLAN_NATIVE_UNTAGGED: - case PORT_VLAN_NATIVE_TAGGED: - if (!vid) { - /* Port must always carry its native VLAN. */ - return true; - } - /* Fall through. */ - case PORT_VLAN_TRUNK: - if (!ofbundle_includes_vlan(in_bundle, vid)) { - if (warn) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %"PRIu16" packet " - "received on port %s not configured for trunking " - "VLAN %"PRIu16, - in_bundle->ofproto->up.name, vid, - in_bundle->name, vid); - } - return false; - } - return true; - - default: - NOT_REACHED(); - } - -} - -/* Given 'vlan', the VLAN that a packet belongs to, and - * 'out_bundle', a bundle on which the packet is to be output, returns the VID - * that should be included in the 802.1Q header. (If the return value is 0, - * then the 802.1Q header should only be included in the packet if there is a - * nonzero PCP.) - * - * Both 'vlan' and the return value are in the range 0...4095. */ -static uint16_t -output_vlan_to_vid(const struct ofbundle *out_bundle, uint16_t vlan) +static struct rule * +rule_alloc(void) { - switch (out_bundle->vlan_mode) { - case PORT_VLAN_ACCESS: - return 0; - - case PORT_VLAN_TRUNK: - case PORT_VLAN_NATIVE_TAGGED: - return vlan; - - case PORT_VLAN_NATIVE_UNTAGGED: - return vlan == out_bundle->vlan ? 0 : vlan; - - default: - NOT_REACHED(); - } + struct rule_dpif *rule = xmalloc(sizeof *rule); + return &rule->up; } static void -output_normal(struct xlate_ctx *ctx, const struct ofbundle *out_bundle, - uint16_t vlan) -{ - struct ofport_dpif *port; - uint16_t vid; - ovs_be16 tci, old_tci; - - vid = output_vlan_to_vid(out_bundle, vlan); - if (!out_bundle->bond) { - port = ofbundle_get_a_port(out_bundle); - } else { - port = bond_choose_output_slave(out_bundle->bond, &ctx->xin->flow, - vid, &ctx->xout->tags); - if (!port) { - /* No slaves enabled, so drop packet. */ - return; - } - } - - old_tci = ctx->xin->flow.vlan_tci; - tci = htons(vid); - if (tci || out_bundle->use_priority_tags) { - tci |= ctx->xin->flow.vlan_tci & htons(VLAN_PCP_MASK); - if (tci) { - tci |= htons(VLAN_CFI); - } - } - ctx->xin->flow.vlan_tci = tci; - - compose_output_action(ctx, port->up.ofp_port); - ctx->xin->flow.vlan_tci = old_tci; -} - -static int -mirror_mask_ffs(mirror_mask_t mask) +rule_dealloc(struct rule *rule_) { - BUILD_ASSERT_DECL(sizeof(unsigned int) >= sizeof(mask)); - return ffs(mask); + struct rule_dpif *rule = rule_dpif_cast(rule_); + free(rule); } -static bool -ofbundle_trunks_vlan(const struct ofbundle *bundle, uint16_t vlan) +static enum ofperr +rule_construct(struct rule *rule_) { - return (bundle->vlan_mode != PORT_VLAN_ACCESS - && (!bundle->trunks || bitmap_is_set(bundle->trunks, vlan))); + struct rule_dpif *rule = rule_dpif_cast(rule_); + ovs_mutex_init(&rule->stats_mutex); + ovs_mutex_lock(&rule->stats_mutex); + rule->packet_count = 0; + rule->byte_count = 0; + ovs_mutex_unlock(&rule->stats_mutex); + return 0; } -static bool -ofbundle_includes_vlan(const struct ofbundle *bundle, uint16_t vlan) +static void +rule_insert(struct rule *rule_) + OVS_REQUIRES(ofproto_mutex) { - return vlan == bundle->vlan || ofbundle_trunks_vlan(bundle, vlan); + struct rule_dpif *rule = rule_dpif_cast(rule_); + complete_operation(rule); } -/* Returns an arbitrary interface within 'bundle'. */ -static struct ofport_dpif * -ofbundle_get_a_port(const struct ofbundle *bundle) +static void +rule_delete(struct rule *rule_) + OVS_REQUIRES(ofproto_mutex) { - return CONTAINER_OF(list_front(&bundle->ports), - struct ofport_dpif, bundle_node); + struct rule_dpif *rule = rule_dpif_cast(rule_); + complete_operation(rule); } -static bool -vlan_is_mirrored(const struct ofmirror *m, int vlan) +static void +rule_destruct(struct rule *rule_) { - return !m->vlans || bitmap_is_set(m->vlans, vlan); + struct rule_dpif *rule = rule_dpif_cast(rule_); + ovs_mutex_destroy(&rule->stats_mutex); } static void -add_mirror_actions(struct xlate_ctx *ctx, const struct flow *orig_flow) -{ - struct ofproto_dpif *ofproto = ctx->ofproto; - mirror_mask_t mirrors; - struct ofbundle *in_bundle; - uint16_t vlan; - uint16_t vid; - const struct nlattr *a; - size_t left; - - in_bundle = lookup_input_bundle(ctx->ofproto, orig_flow->in_port, - ctx->xin->packet != NULL, NULL); - if (!in_bundle) { - return; - } - mirrors = in_bundle->src_mirrors; - - /* Drop frames on bundles reserved for mirroring. */ - if (in_bundle->mirror_out) { - if (ctx->xin->packet != NULL) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port " - "%s, which is reserved exclusively for mirroring", - ctx->ofproto->up.name, in_bundle->name); - } - return; - } - - /* Check VLAN. */ - vid = vlan_tci_to_vid(orig_flow->vlan_tci); - if (!input_vid_is_valid(vid, in_bundle, ctx->xin->packet != NULL)) { - return; - } - vlan = input_vid_to_vlan(in_bundle, vid); - - /* Look at the output ports to check for destination selections. */ - - NL_ATTR_FOR_EACH (a, left, ctx->xout->odp_actions.data, - ctx->xout->odp_actions.size) { - enum ovs_action_attr type = nl_attr_type(a); - struct ofport_dpif *ofport; - - if (type != OVS_ACTION_ATTR_OUTPUT) { - continue; - } - - ofport = get_odp_port(ofproto, nl_attr_get_u32(a)); - if (ofport && ofport->bundle) { - mirrors |= ofport->bundle->dst_mirrors; - } - } - - if (!mirrors) { - return; - } - - /* Restore the original packet before adding the mirror actions. */ - ctx->xin->flow = *orig_flow; - - while (mirrors) { - struct ofmirror *m; - - m = ofproto->mirrors[mirror_mask_ffs(mirrors) - 1]; - - if (!vlan_is_mirrored(m, vlan)) { - mirrors = zero_rightmost_1bit(mirrors); - continue; - } - - mirrors &= ~m->dup_mirrors; - ctx->xout->mirrors |= m->dup_mirrors; - if (m->out) { - output_normal(ctx, m->out, vlan); - } else if (vlan != m->out_vlan - && !eth_addr_is_reserved(orig_flow->dl_dst)) { - struct ofbundle *bundle; +rule_get_stats(struct rule *rule_, uint64_t *packets, uint64_t *bytes) +{ + struct rule_dpif *rule = rule_dpif_cast(rule_); - HMAP_FOR_EACH (bundle, hmap_node, &ofproto->bundles) { - if (ofbundle_includes_vlan(bundle, m->out_vlan) - && !bundle->mirror_out) { - output_normal(ctx, bundle, m->out_vlan); - } - } - } - } + ovs_mutex_lock(&rule->stats_mutex); + *packets = rule->packet_count; + *bytes = rule->byte_count; + ovs_mutex_unlock(&rule->stats_mutex); } static void -update_mirror_stats(struct ofproto_dpif *ofproto, mirror_mask_t mirrors, - uint64_t packets, uint64_t bytes) +rule_dpif_execute(struct rule_dpif *rule, const struct flow *flow, + struct ofpbuf *packet) { - if (!mirrors) { - return; - } - - for (; mirrors; mirrors = zero_rightmost_1bit(mirrors)) { - struct ofmirror *m; - - m = ofproto->mirrors[mirror_mask_ffs(mirrors) - 1]; - - if (!m) { - /* In normal circumstances 'm' will not be NULL. However, - * if mirrors are reconfigured, we can temporarily get out - * of sync in facet_revalidate(). We could "correct" the - * mirror list before reaching here, but doing that would - * not properly account the traffic stats we've currently - * accumulated for previous mirror configuration. */ - continue; - } + struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); - m->packet_count += packets; - m->byte_count += bytes; - } + ofproto_dpif_execute_actions(ofproto, flow, rule, NULL, 0, packet); } -/* A VM broadcasts a gratuitous ARP to indicate that it has resumed after - * migration. Older Citrix-patched Linux DomU used gratuitous ARP replies to - * indicate this; newer upstream kernels use gratuitous ARP requests. */ -static bool -is_gratuitous_arp(const struct flow *flow) +static enum ofperr +rule_execute(struct rule *rule, const struct flow *flow, + struct ofpbuf *packet) { - return (flow->dl_type == htons(ETH_TYPE_ARP) - && eth_addr_is_broadcast(flow->dl_dst) - && (flow->nw_proto == ARP_OP_REPLY - || (flow->nw_proto == ARP_OP_REQUEST - && flow->nw_src == flow->nw_dst))); + rule_dpif_execute(rule_dpif_cast(rule), flow, packet); + ofpbuf_delete(packet); + return 0; } static void -update_learning_table(struct ofproto_dpif *ofproto, - const struct flow *flow, int vlan, - struct ofbundle *in_bundle) +rule_modify_actions(struct rule *rule_, bool reset_counters) + OVS_REQUIRES(ofproto_mutex) { - struct mac_entry *mac; - - /* Don't learn the OFPP_NONE port. */ - if (in_bundle == &ofpp_none_bundle) { - return; - } - - if (!mac_learning_may_learn(ofproto->ml, flow->dl_src, vlan)) { - return; - } + struct rule_dpif *rule = rule_dpif_cast(rule_); - mac = mac_learning_insert(ofproto->ml, flow->dl_src, vlan); - if (is_gratuitous_arp(flow)) { - /* We don't want to learn from gratuitous ARP packets that are - * reflected back over bond slaves so we lock the learning table. */ - if (!in_bundle->bond) { - mac_entry_set_grat_arp_lock(mac); - } else if (mac_entry_is_grat_arp_locked(mac)) { - return; - } + if (reset_counters) { + ovs_mutex_lock(&rule->stats_mutex); + rule->packet_count = 0; + rule->byte_count = 0; + ovs_mutex_unlock(&rule->stats_mutex); } - if (mac_entry_is_new(mac) || mac->port.p != in_bundle) { - /* The log messages here could actually be useful in debugging, - * so keep the rate limit relatively high. */ - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, 300); - VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is " - "on port %s in VLAN %d", - ofproto->up.name, ETH_ADDR_ARGS(flow->dl_src), - in_bundle->name, vlan); - - mac->port.p = in_bundle; - tag_set_add(&ofproto->backer->revalidate_set, - mac_learning_changed(ofproto->ml, mac)); - } + complete_operation(rule); } -static struct ofbundle * -lookup_input_bundle(const struct ofproto_dpif *ofproto, uint16_t in_port, - bool warn, struct ofport_dpif **in_ofportp) +static struct group_dpif *group_dpif_cast(const struct ofgroup *group) { - struct ofport_dpif *ofport; - - /* Find the port and bundle for the received packet. */ - ofport = get_ofp_port(ofproto, in_port); - if (in_ofportp) { - *in_ofportp = ofport; - } - if (ofport && ofport->bundle) { - return ofport->bundle; - } - - /* Special-case OFPP_NONE, which a controller may use as the ingress - * port for traffic that it is sourcing. */ - if (in_port == OFPP_NONE) { - return &ofpp_none_bundle; - } - - /* Odd. A few possible reasons here: - * - * - We deleted a port but there are still a few packets queued up - * from it. - * - * - Someone externally added a port (e.g. "ovs-dpctl add-if") that - * we don't know about. - * - * - The ofproto client didn't configure the port as part of a bundle. - * This is particularly likely to happen if a packet was received on the - * port after it was created, but before the client had a chance to - * configure its bundle. - */ - if (warn) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - - VLOG_WARN_RL(&rl, "bridge %s: received packet on unknown " - "port %"PRIu16, ofproto->up.name, in_port); - } - return NULL; + return group ? CONTAINER_OF(group, struct group_dpif, up) : NULL; } -/* Determines whether packets in 'flow' within 'ofproto' should be forwarded or - * dropped. Returns true if they may be forwarded, false if they should be - * dropped. - * - * 'in_port' must be the ofport_dpif that corresponds to flow->in_port. - * 'in_port' must be part of a bundle (e.g. in_port->bundle must be nonnull). - * - * 'vlan' must be the VLAN that corresponds to flow->vlan_tci on 'in_port', as - * returned by input_vid_to_vlan(). It must be a valid VLAN for 'in_port', as - * checked by input_vid_is_valid(). - * - * May also add tags to '*tags', although the current implementation only does - * so in one special case. - */ -static bool -is_admissible(struct xlate_ctx *ctx, struct ofport_dpif *in_port, - uint16_t vlan) +static struct ofgroup * +group_alloc(void) { - struct ofproto_dpif *ofproto = ctx->ofproto; - struct flow *flow = &ctx->xin->flow; - struct ofbundle *in_bundle = in_port->bundle; - - /* Drop frames for reserved multicast addresses - * only if forward_bpdu option is absent. */ - if (!ofproto->up.forward_bpdu && eth_addr_is_reserved(flow->dl_dst)) { - xlate_report(ctx, "packet has reserved destination MAC, dropping"); - return false; - } - - if (in_bundle->bond) { - struct mac_entry *mac; + struct group_dpif *group = xzalloc(sizeof *group); + return &group->up; +} - switch (bond_check_admissibility(in_bundle->bond, in_port, - flow->dl_dst, &ctx->xout->tags)) { - case BV_ACCEPT: - break; +static void +group_dealloc(struct ofgroup *group_) +{ + struct group_dpif *group = group_dpif_cast(group_); + free(group); +} - case BV_DROP: - xlate_report(ctx, "bonding refused admissibility, dropping"); - return false; - - case BV_DROP_IF_MOVED: - mac = mac_learning_lookup(ofproto->ml, flow->dl_src, vlan, NULL); - if (mac && mac->port.p != in_bundle && - (!is_gratuitous_arp(flow) - || mac_entry_is_grat_arp_locked(mac))) { - xlate_report(ctx, "SLB bond thinks this packet looped back, " - "dropping"); - return false; - } - break; - } +static void +group_construct_stats(struct group_dpif *group) + OVS_REQUIRES(group->stats_mutex) +{ + group->packet_count = 0; + group->byte_count = 0; + if (!group->bucket_stats) { + group->bucket_stats = xcalloc(group->up.n_buckets, + sizeof *group->bucket_stats); + } else { + memset(group->bucket_stats, 0, group->up.n_buckets * + sizeof *group->bucket_stats); } +} - return true; +static enum ofperr +group_construct(struct ofgroup *group_) +{ + struct group_dpif *group = group_dpif_cast(group_); + ovs_mutex_init(&group->stats_mutex); + ovs_mutex_lock(&group->stats_mutex); + group_construct_stats(group); + ovs_mutex_unlock(&group->stats_mutex); + return 0; } static void -xlate_normal(struct xlate_ctx *ctx) +group_destruct__(struct group_dpif *group) + OVS_REQUIRES(group->stats_mutex) { - struct ofport_dpif *in_port; - struct ofbundle *in_bundle; - struct mac_entry *mac; - uint16_t vlan; - uint16_t vid; - - ctx->xout->has_normal = true; - - in_bundle = lookup_input_bundle(ctx->ofproto, ctx->xin->flow.in_port, - ctx->xin->packet != NULL, &in_port); - if (!in_bundle) { - xlate_report(ctx, "no input bundle, dropping"); - return; - } + free(group->bucket_stats); + group->bucket_stats = NULL; +} - /* Drop malformed frames. */ - if (ctx->xin->flow.dl_type == htons(ETH_TYPE_VLAN) && - !(ctx->xin->flow.vlan_tci & htons(VLAN_CFI))) { - if (ctx->xin->packet != NULL) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping packet with partial " - "VLAN tag received on port %s", - ctx->ofproto->up.name, in_bundle->name); - } - xlate_report(ctx, "partial VLAN tag, dropping"); - return; - } +static void +group_destruct(struct ofgroup *group_) +{ + struct group_dpif *group = group_dpif_cast(group_); + ovs_mutex_lock(&group->stats_mutex); + group_destruct__(group); + ovs_mutex_unlock(&group->stats_mutex); + ovs_mutex_destroy(&group->stats_mutex); +} - /* Drop frames on bundles reserved for mirroring. */ - if (in_bundle->mirror_out) { - if (ctx->xin->packet != NULL) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port " - "%s, which is reserved exclusively for mirroring", - ctx->ofproto->up.name, in_bundle->name); - } - xlate_report(ctx, "input port is mirror output port, dropping"); - return; - } +static enum ofperr +group_modify(struct ofgroup *group_, struct ofgroup *victim_) +{ + struct group_dpif *group = group_dpif_cast(group_); + struct group_dpif *victim = group_dpif_cast(victim_); - /* Check VLAN. */ - vid = vlan_tci_to_vid(ctx->xin->flow.vlan_tci); - if (!input_vid_is_valid(vid, in_bundle, ctx->xin->packet != NULL)) { - xlate_report(ctx, "disallowed VLAN VID for this input port, dropping"); - return; + ovs_mutex_lock(&group->stats_mutex); + if (victim->up.n_buckets < group->up.n_buckets) { + group_destruct__(group); } - vlan = input_vid_to_vlan(in_bundle, vid); + group_construct_stats(group); + ovs_mutex_unlock(&group->stats_mutex); - /* Check other admissibility requirements. */ - if (in_port && !is_admissible(ctx, in_port, vlan)) { - return; - } + return 0; +} - /* Learn source MAC. */ - if (ctx->xin->may_learn) { - update_learning_table(ctx->ofproto, &ctx->xin->flow, vlan, in_bundle); - } +static enum ofperr +group_get_stats(const struct ofgroup *group_, struct ofputil_group_stats *ogs) +{ + struct group_dpif *group = group_dpif_cast(group_); - /* Determine output bundle. */ - mac = mac_learning_lookup(ctx->ofproto->ml, ctx->xin->flow.dl_dst, vlan, - &ctx->xout->tags); - if (mac) { - if (mac->port.p != in_bundle) { - xlate_report(ctx, "forwarding to learned port"); - output_normal(ctx, mac->port.p, vlan); - } else { - xlate_report(ctx, "learned port is input port, dropping"); - } - } else { - struct ofbundle *bundle; + ovs_mutex_lock(&group->stats_mutex); + ogs->packet_count = group->packet_count; + ogs->byte_count = group->byte_count; + memcpy(ogs->bucket_stats, group->bucket_stats, + group->up.n_buckets * sizeof *group->bucket_stats); + ovs_mutex_unlock(&group->stats_mutex); - xlate_report(ctx, "no learned MAC for destination, flooding"); - HMAP_FOR_EACH (bundle, hmap_node, &ctx->ofproto->bundles) { - if (bundle != in_bundle - && ofbundle_includes_vlan(bundle, vlan) - && bundle->floodable - && !bundle->mirror_out) { - output_normal(ctx, bundle, vlan); - } - } - ctx->xout->nf_output_iface = NF_OUT_FLOOD; - } -} - -/* Optimized flow revalidation. - * - * It's a difficult problem, in general, to tell which facets need to have - * their actions recalculated whenever the OpenFlow flow table changes. We - * don't try to solve that general problem: for most kinds of OpenFlow flow - * table changes, we recalculate the actions for every facet. This is - * relatively expensive, but it's good enough if the OpenFlow flow table - * doesn't change very often. - * - * However, we can expect one particular kind of OpenFlow flow table change to - * happen frequently: changes caused by MAC learning. To avoid wasting a lot - * of CPU on revalidating every facet whenever MAC learning modifies the flow - * table, we add a special case that applies to flow tables in which every rule - * has the same form (that is, the same wildcards), except that the table is - * also allowed to have a single "catch-all" flow that matches all packets. We - * optimize this case by tagging all of the facets that resubmit into the table - * and invalidating the same tag whenever a flow changes in that table. The - * end result is that we revalidate just the facets that need it (and sometimes - * a few more, but not all of the facets or even all of the facets that - * resubmit to the table modified by MAC learning). */ - -/* Calculates the tag to use for 'flow' and mask 'mask' when it is inserted - * into an OpenFlow table with the given 'basis'. */ -static tag_type -rule_calculate_tag(const struct flow *flow, const struct minimask *mask, - uint32_t secret) -{ - if (minimask_is_catchall(mask)) { - return 0; - } else { - uint32_t hash = flow_hash_in_minimask(flow, mask, secret); - return tag_create_deterministic(hash); - } + return 0; } -/* Following a change to OpenFlow table 'table_id' in 'ofproto', update the - * taggability of that table. - * - * This function must be called after *each* change to a flow table. If you - * skip calling it on some changes then the pointer comparisons at the end can - * be invalid if you get unlucky. For example, if a flow removal causes a - * cls_table to be destroyed and then a flow insertion causes a cls_table with - * different wildcards to be created with the same address, then this function - * will incorrectly skip revalidation. */ -static void -table_update_taggable(struct ofproto_dpif *ofproto, uint8_t table_id) +bool +group_dpif_lookup(struct ofproto_dpif *ofproto, uint32_t group_id, + struct group_dpif **group) + OVS_TRY_RDLOCK(true, (*group)->up.rwlock) { - struct table_dpif *table = &ofproto->tables[table_id]; - const struct oftable *oftable = &ofproto->up.tables[table_id]; - struct cls_table *catchall, *other; - struct cls_table *t; - - catchall = other = NULL; + struct ofgroup *ofgroup; + bool found; - switch (hmap_count(&oftable->cls.tables)) { - case 0: - /* We could tag this OpenFlow table but it would make the logic a - * little harder and it's a corner case that doesn't seem worth it - * yet. */ - break; - - case 1: - case 2: - HMAP_FOR_EACH (t, hmap_node, &oftable->cls.tables) { - if (cls_table_is_catchall(t)) { - catchall = t; - } else if (!other) { - other = t; - } else { - /* Indicate that we can't tag this by setting both tables to - * NULL. (We know that 'catchall' is already NULL.) */ - other = NULL; - } - } - break; + *group = NULL; + found = ofproto_group_lookup(&ofproto->up, group_id, &ofgroup); + *group = found ? group_dpif_cast(ofgroup) : NULL; - default: - /* Can't tag this table. */ - break; - } + return found; +} - if (table->catchall_table != catchall || table->other_table != other) { - table->catchall_table = catchall; - table->other_table = other; - ofproto->backer->need_revalidate = REV_FLOW_TABLE; - } +void +group_dpif_release(struct group_dpif *group) + OVS_RELEASES(group->up.rwlock) +{ + ofproto_group_release(&group->up); } -/* Given 'rule' that has changed in some way (either it is a rule being - * inserted, a rule being deleted, or a rule whose actions are being - * modified), marks facets for revalidation to ensure that packets will be - * forwarded correctly according to the new state of the flow table. - * - * This function must be called after *each* change to a flow table. See - * the comment on table_update_taggable() for more information. */ -static void -rule_invalidate(const struct rule_dpif *rule) +void +group_dpif_get_buckets(const struct group_dpif *group, + const struct list **buckets) { - struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); + *buckets = &group->up.buckets; +} - table_update_taggable(ofproto, rule->up.table_id); +enum ofp11_group_type +group_dpif_get_type(const struct group_dpif *group) +{ + return group->up.type; +} + +/* Sends 'packet' out 'ofport'. + * May modify 'packet'. + * Returns 0 if successful, otherwise a positive errno value. */ +int +ofproto_dpif_send_packet(const struct ofport_dpif *ofport, struct ofpbuf *packet) +{ + struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofport->up.ofproto); + int error; - if (!ofproto->backer->need_revalidate) { - struct table_dpif *table = &ofproto->tables[rule->up.table_id]; + error = xlate_send_packet(ofport, packet); - if (table->other_table && rule->tag) { - tag_set_add(&ofproto->backer->revalidate_set, rule->tag); - } else { - ofproto->backer->need_revalidate = REV_FLOW_TABLE; - } - } + ovs_mutex_lock(&ofproto->stats_mutex); + ofproto->stats.tx_packets++; + ofproto->stats.tx_bytes += packet->size; + ovs_mutex_unlock(&ofproto->stats_mutex); + return error; } static bool @@ -7725,32 +3398,9 @@ packet_out(struct ofproto *ofproto_, struct ofpbuf *packet, const struct ofpact *ofpacts, size_t ofpacts_len) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); - struct initial_vals initial_vals; - struct odputil_keybuf keybuf; - struct dpif_flow_stats stats; - struct xlate_out xout; - struct xlate_in xin; - struct ofpbuf key; - - - ofpbuf_use_stack(&key, &keybuf, sizeof keybuf); - odp_flow_key_from_flow(&key, flow, - ofp_port_to_odp_port(ofproto, flow->in_port)); - - dpif_flow_stats_extract(flow, packet, time_msec(), &stats); - - initial_vals.vlan_tci = flow->vlan_tci; - xlate_in_init(&xin, ofproto, flow, &initial_vals, NULL, stats.tcp_flags, - packet); - xin.resubmit_stats = &stats; - xin.ofpacts_len = ofpacts_len; - xin.ofpacts = ofpacts; - - xlate_actions(&xin, &xout); - dpif_execute(ofproto->backer->dpif, key.data, key.size, - xout.odp_actions.data, xout.odp_actions.size, packet); - xlate_out_uninit(&xout); + ofproto_dpif_execute_actions(ofproto, flow, NULL, ofpacts, + ofpacts_len, packet); return 0; } @@ -7765,13 +3415,16 @@ set_netflow(struct ofproto *ofproto_, if (netflow_options) { if (!ofproto->netflow) { ofproto->netflow = netflow_create(); + ofproto->backer->need_revalidate = REV_RECONFIGURE; } return netflow_set_options(ofproto->netflow, netflow_options); - } else { - netflow_destroy(ofproto->netflow); + } else if (ofproto->netflow) { + ofproto->backer->need_revalidate = REV_RECONFIGURE; + netflow_unref(ofproto->netflow); ofproto->netflow = NULL; - return 0; } + + return 0; } static void @@ -7782,41 +3435,6 @@ get_netflow_ids(const struct ofproto *ofproto_, dpif_get_netflow_ids(ofproto->backer->dpif, engine_type, engine_id); } - -static void -send_active_timeout(struct ofproto_dpif *ofproto, struct facet *facet) -{ - if (!facet_is_controller_flow(facet) && - netflow_active_timeout_expired(ofproto->netflow, &facet->nf_flow)) { - struct subfacet *subfacet; - struct ofexpired expired; - - LIST_FOR_EACH (subfacet, list_node, &facet->subfacets) { - if (subfacet->path == SF_FAST_PATH) { - struct dpif_flow_stats stats; - - subfacet_install(subfacet, &facet->xout.odp_actions, &stats); - subfacet_update_stats(subfacet, &stats); - } - } - - expired.flow = facet->flow; - expired.packet_count = facet->packet_count; - expired.byte_count = facet->byte_count; - expired.used = facet->used; - netflow_expire(ofproto->netflow, &facet->nf_flow, &expired); - } -} - -static void -send_netflow_active_timeouts(struct ofproto_dpif *ofproto) -{ - struct facet *facet; - - HMAP_FOR_EACH (facet, hmap_node, &ofproto->facets) { - send_active_timeout(ofproto, facet); - } -} static struct ofproto_dpif * ofproto_dpif_lookup(const char *name) @@ -7844,16 +3462,27 @@ ofproto_unixctl_fdb_flush(struct unixctl_conn *conn, int argc, unixctl_command_reply_error(conn, "no such bridge"); return; } - mac_learning_flush(ofproto->ml, &ofproto->backer->revalidate_set); + ovs_rwlock_wrlock(&ofproto->ml->rwlock); + mac_learning_flush(ofproto->ml); + ovs_rwlock_unlock(&ofproto->ml->rwlock); } else { HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, &all_ofproto_dpifs) { - mac_learning_flush(ofproto->ml, &ofproto->backer->revalidate_set); + ovs_rwlock_wrlock(&ofproto->ml->rwlock); + mac_learning_flush(ofproto->ml); + ovs_rwlock_unlock(&ofproto->ml->rwlock); } } unixctl_command_reply(conn, "table successfully flushed"); } +static struct ofport_dpif * +ofbundle_get_a_port(const struct ofbundle *bundle) +{ + return CONTAINER_OF(list_front(&bundle->ports), struct ofport_dpif, + bundle_node); +} + static void ofproto_unixctl_fdb_show(struct unixctl_conn *conn, int argc OVS_UNUSED, const char *argv[], void *aux OVS_UNUSED) @@ -7869,13 +3498,18 @@ ofproto_unixctl_fdb_show(struct unixctl_conn *conn, int argc OVS_UNUSED, } ds_put_cstr(&ds, " port VLAN MAC Age\n"); + ovs_rwlock_rdlock(&ofproto->ml->rwlock); LIST_FOR_EACH (e, lru_node, &ofproto->ml->lrus) { struct ofbundle *bundle = e->port.p; - ds_put_format(&ds, "%5d %4d "ETH_ADDR_FMT" %3d\n", - ofbundle_get_a_port(bundle)->odp_port, - e->vlan, ETH_ADDR_ARGS(e->mac), + char name[OFP_MAX_PORT_NAME_LEN]; + + ofputil_port_to_string(ofbundle_get_a_port(bundle)->up.ofp_port, + name, sizeof name); + ds_put_format(&ds, "%5s %4d "ETH_ADDR_FMT" %3d\n", + name, e->vlan, ETH_ADDR_ARGS(e->mac), mac_entry_age(ofproto->ml, e)); } + ovs_rwlock_unlock(&ofproto->ml->rwlock); unixctl_command_reply(conn, ds_cstr(&ds)); ds_destroy(&ds); } @@ -7884,28 +3518,39 @@ struct trace_ctx { struct xlate_out xout; struct xlate_in xin; struct flow flow; + struct flow_wildcards wc; struct ds *result; }; static void -trace_format_rule(struct ds *result, uint8_t table_id, int level, - const struct rule_dpif *rule) +trace_format_rule(struct ds *result, int level, const struct rule_dpif *rule) { + struct rule_actions *actions; + ovs_be64 cookie; + ds_put_char_multiple(result, '\t', level); if (!rule) { ds_put_cstr(result, "No match\n"); return; } + ovs_mutex_lock(&rule->up.mutex); + cookie = rule->up.flow_cookie; + ovs_mutex_unlock(&rule->up.mutex); + ds_put_format(result, "Rule: table=%"PRIu8" cookie=%#"PRIx64" ", - table_id, ntohll(rule->up.flow_cookie)); + rule ? rule->up.table_id : 0, ntohll(cookie)); cls_rule_format(&rule->up.cr, result); ds_put_char(result, '\n'); + actions = rule_dpif_get_actions(rule); + ds_put_char_multiple(result, '\t', level); - ds_put_cstr(result, "OpenFlow "); - ofpacts_format(rule->up.ofpacts, rule->up.ofpacts_len, result); + ds_put_cstr(result, "OpenFlow actions="); + ofpacts_format(actions->ofpacts, actions->ofpacts_len, result); ds_put_char(result, '\n'); + + rule_actions_unref(actions); } static void @@ -7932,308 +3577,396 @@ trace_format_regs(struct ds *result, int level, const char *title, ds_put_char_multiple(result, '\t', level); ds_put_format(result, "%s:", title); for (i = 0; i < FLOW_N_REGS; i++) { - ds_put_format(result, " reg%zu=0x%"PRIx32, i, trace->flow.regs[i]); + ds_put_format(result, " reg%"PRIuSIZE"=0x%"PRIx32, i, trace->flow.regs[i]); } ds_put_char(result, '\n'); } static void -trace_format_odp(struct ds *result, int level, const char *title, - struct trace_ctx *trace) +trace_format_odp(struct ds *result, int level, const char *title, + struct trace_ctx *trace) +{ + struct ofpbuf *odp_actions = &trace->xout.odp_actions; + + ds_put_char_multiple(result, '\t', level); + ds_put_format(result, "%s: ", title); + format_odp_actions(result, odp_actions->data, odp_actions->size); + ds_put_char(result, '\n'); +} + +static void +trace_format_megaflow(struct ds *result, int level, const char *title, + struct trace_ctx *trace) { - struct ofpbuf *odp_actions = &trace->xout.odp_actions; + struct match match; ds_put_char_multiple(result, '\t', level); ds_put_format(result, "%s: ", title); - format_odp_actions(result, odp_actions->data, odp_actions->size); + flow_wildcards_or(&trace->wc, &trace->xout.wc, &trace->wc); + match_init(&match, &trace->flow, &trace->wc); + match_format(&match, result, OFP_DEFAULT_PRIORITY); ds_put_char(result, '\n'); } static void -trace_resubmit(struct xlate_ctx *ctx, struct rule_dpif *rule) +trace_resubmit(struct xlate_in *xin, struct rule_dpif *rule, int recurse) { - struct trace_ctx *trace = CONTAINER_OF(ctx->xin, struct trace_ctx, xin); + struct trace_ctx *trace = CONTAINER_OF(xin, struct trace_ctx, xin); struct ds *result = trace->result; ds_put_char(result, '\n'); - trace_format_flow(result, ctx->recurse + 1, "Resubmitted flow", trace); - trace_format_regs(result, ctx->recurse + 1, "Resubmitted regs", trace); - trace_format_odp(result, ctx->recurse + 1, "Resubmitted odp", trace); - trace_format_rule(result, ctx->table_id, ctx->recurse + 1, rule); + trace_format_flow(result, recurse + 1, "Resubmitted flow", trace); + trace_format_regs(result, recurse + 1, "Resubmitted regs", trace); + trace_format_odp(result, recurse + 1, "Resubmitted odp", trace); + trace_format_megaflow(result, recurse + 1, "Resubmitted megaflow", trace); + trace_format_rule(result, recurse + 1, rule); } static void -trace_report(struct xlate_ctx *ctx, const char *s) +trace_report(struct xlate_in *xin, const char *s, int recurse) { - struct trace_ctx *trace = CONTAINER_OF(ctx->xin, struct trace_ctx, xin); + struct trace_ctx *trace = CONTAINER_OF(xin, struct trace_ctx, xin); struct ds *result = trace->result; - ds_put_char_multiple(result, '\t', ctx->recurse); + ds_put_char_multiple(result, '\t', recurse); ds_put_cstr(result, s); ds_put_char(result, '\n'); } -static void -ofproto_unixctl_trace(struct unixctl_conn *conn, int argc, const char *argv[], - void *aux OVS_UNUSED) -{ - const struct dpif_backer *backer; - struct ofproto_dpif *ofproto; - struct ofpbuf odp_key; +/* Parses the 'argc' elements of 'argv', ignoring argv[0]. The following + * forms are supported: + * + * - [dpname] odp_flow [-generate | packet] + * - bridge br_flow [-generate | packet] + * + * On success, initializes '*ofprotop' and 'flow' and returns NULL. On failure + * returns a nonnull malloced error message. */ +static char * WARN_UNUSED_RESULT +parse_flow_and_packet(int argc, const char *argv[], + struct ofproto_dpif **ofprotop, struct flow *flow, + struct ofpbuf **packetp) +{ + const struct dpif_backer *backer = NULL; + const char *error = NULL; + char *m_err = NULL; + struct simap port_names = SIMAP_INITIALIZER(&port_names); struct ofpbuf *packet; - struct initial_vals initial_vals; - struct ds result; - struct flow flow; - char *s; + struct ofpbuf odp_key; + struct ofpbuf odp_mask; - packet = NULL; - backer = NULL; - ds_init(&result); ofpbuf_init(&odp_key, 0); + ofpbuf_init(&odp_mask, 0); /* Handle "-generate" or a hex string as the last argument. */ if (!strcmp(argv[argc - 1], "-generate")) { packet = ofpbuf_new(0); argc--; } else { - const char *error = eth_from_hex(argv[argc - 1], &packet); + error = eth_from_hex(argv[argc - 1], &packet); if (!error) { argc--; } else if (argc == 4) { /* The 3-argument form must end in "-generate' or a hex string. */ - unixctl_command_reply_error(conn, error); goto exit; } + error = NULL; } - /* Parse the flow and determine whether a datapath or - * bridge is specified. If function odp_flow_key_from_string() - * returns 0, the flow is a odp_flow. If function - * parse_ofp_exact_flow() returns 0, the flow is a br_flow. */ - if (!odp_flow_key_from_string(argv[argc - 1], NULL, &odp_key)) { - /* If the odp_flow is the second argument, - * the datapath name is the first argument. */ - if (argc == 3) { - const char *dp_type; - if (!strncmp(argv[1], "ovs-", 4)) { - dp_type = argv[1] + 4; - } else { - dp_type = argv[1]; - } - backer = shash_find_data(&all_dpif_backers, dp_type); - if (!backer) { - unixctl_command_reply_error(conn, "Cannot find datapath " - "of this name"); - goto exit; - } + /* odp_flow can have its in_port specified as a name instead of port no. + * We do not yet know whether a given flow is a odp_flow or a br_flow. + * But, to know whether a flow is odp_flow through odp_flow_from_string(), + * we need to create a simap of name to port no. */ + if (argc == 3) { + const char *dp_type; + if (!strncmp(argv[1], "ovs-", 4)) { + dp_type = argv[1] + 4; } else { - /* No datapath name specified, so there should be only one - * datapath. */ - struct shash_node *node; - if (shash_count(&all_dpif_backers) != 1) { - unixctl_command_reply_error(conn, "Must specify datapath " - "name, there is more than one type of datapath"); - goto exit; - } + dp_type = argv[1]; + } + backer = shash_find_data(&all_dpif_backers, dp_type); + } else if (argc == 2) { + struct shash_node *node; + if (shash_count(&all_dpif_backers) == 1) { node = shash_first(&all_dpif_backers); backer = node->data; } + } else { + error = "Syntax error"; + goto exit; + } + if (backer && backer->dpif) { + struct dpif_port dpif_port; + struct dpif_port_dump port_dump; + DPIF_PORT_FOR_EACH (&dpif_port, &port_dump, backer->dpif) { + simap_put(&port_names, dpif_port.name, + odp_to_u32(dpif_port.port_no)); + } + } - /* Extract the ofproto_dpif object from the ofproto_receive() - * function. */ - if (ofproto_receive(backer, NULL, odp_key.data, - odp_key.size, &flow, NULL, &ofproto, NULL, - &initial_vals)) { - unixctl_command_reply_error(conn, "Invalid datapath flow"); + /* Parse the flow and determine whether a datapath or + * bridge is specified. If function odp_flow_key_from_string() + * returns 0, the flow is a odp_flow. If function + * parse_ofp_exact_flow() returns NULL, the flow is a br_flow. */ + if (!odp_flow_from_string(argv[argc - 1], &port_names, + &odp_key, &odp_mask)) { + if (!backer) { + error = "Cannot find the datapath"; goto exit; } - ds_put_format(&result, "Bridge: %s\n", ofproto->up.name); - } else if (!parse_ofp_exact_flow(&flow, argv[argc - 1])) { - if (argc != 3) { - unixctl_command_reply_error(conn, "Must specify bridge name"); + + if (xlate_receive(backer, NULL, odp_key.data, odp_key.size, flow, + ofprotop, NULL, NULL, NULL, NULL)) { + error = "Invalid datapath flow"; goto exit; } + } else { + char *err = parse_ofp_exact_flow(flow, NULL, argv[argc - 1], NULL); - ofproto = ofproto_dpif_lookup(argv[1]); - if (!ofproto) { - unixctl_command_reply_error(conn, "Unknown bridge name"); + if (err) { + m_err = xasprintf("Bad flow syntax: %s", err); + free(err); goto exit; + } else { + if (argc != 3) { + error = "Must specify bridge name"; + goto exit; + } + + *ofprotop = ofproto_dpif_lookup(argv[1]); + if (!*ofprotop) { + error = "Unknown bridge name"; + goto exit; + } } - initial_vals.vlan_tci = flow.vlan_tci; - } else { - unixctl_command_reply_error(conn, "Bad flow syntax"); - goto exit; } /* Generate a packet, if requested. */ if (packet) { if (!packet->size) { - flow_compose(packet, &flow); + flow_compose(packet, flow); } else { - ds_put_cstr(&result, "Packet: "); - s = ofp_packet_to_string(packet->data, packet->size); - ds_put_cstr(&result, s); - free(s); + union flow_in_port in_port = flow->in_port; /* Use the metadata from the flow and the packet argument * to reconstruct the flow. */ - flow_extract(packet, flow.skb_priority, flow.skb_mark, NULL, - flow.in_port, &flow); - initial_vals.vlan_tci = flow.vlan_tci; + flow_extract(packet, flow->skb_priority, flow->pkt_mark, NULL, + &in_port, flow); } } - ofproto_trace(ofproto, &flow, packet, &initial_vals, &result); +exit: + if (error && !m_err) { + m_err = xstrdup(error); + } + if (m_err) { + ofpbuf_delete(packet); + packet = NULL; + } + *packetp = packet; + ofpbuf_uninit(&odp_key); + ofpbuf_uninit(&odp_mask); + simap_destroy(&port_names); + return m_err; +} + +static void +ofproto_unixctl_trace(struct unixctl_conn *conn, int argc, const char *argv[], + void *aux OVS_UNUSED) +{ + struct ofproto_dpif *ofproto; + struct ofpbuf *packet; + char *error; + struct flow flow; + + error = parse_flow_and_packet(argc, argv, &ofproto, &flow, &packet); + if (!error) { + struct ds result; + + ds_init(&result); + ofproto_trace(ofproto, &flow, packet, NULL, 0, &result); + unixctl_command_reply(conn, ds_cstr(&result)); + ds_destroy(&result); + ofpbuf_delete(packet); + } else { + unixctl_command_reply_error(conn, error); + free(error); + } +} + +static void +ofproto_unixctl_trace_actions(struct unixctl_conn *conn, int argc, + const char *argv[], void *aux OVS_UNUSED) +{ + enum ofputil_protocol usable_protocols; + struct ofproto_dpif *ofproto; + bool enforce_consistency; + struct ofpbuf ofpacts; + struct ofpbuf *packet; + struct ds result; + struct flow flow; + uint16_t in_port; + + /* Three kinds of error return values! */ + enum ofperr retval; + char *error; + + packet = NULL; + ds_init(&result); + ofpbuf_init(&ofpacts, 0); + + /* Parse actions. */ + error = parse_ofpacts(argv[--argc], &ofpacts, &usable_protocols); + if (error) { + unixctl_command_reply_error(conn, error); + free(error); + goto exit; + } + + /* OpenFlow 1.1 and later suggest that the switch enforces certain forms of + * consistency between the flow and the actions. With -consistent, we + * enforce consistency even for a flow supported in OpenFlow 1.0. */ + if (!strcmp(argv[1], "-consistent")) { + enforce_consistency = true; + argv++; + argc--; + } else { + enforce_consistency = false; + } + + error = parse_flow_and_packet(argc, argv, &ofproto, &flow, &packet); + if (error) { + unixctl_command_reply_error(conn, error); + free(error); + goto exit; + } + + /* Do the same checks as handle_packet_out() in ofproto.c. + * + * We pass a 'table_id' of 0 to ofproto_check_ofpacts(), which isn't + * strictly correct because these actions aren't in any table, but it's OK + * because it 'table_id' is used only to check goto_table instructions, but + * packet-outs take a list of actions and therefore it can't include + * instructions. + * + * We skip the "meter" check here because meter is an instruction, not an + * action, and thus cannot appear in ofpacts. */ + in_port = ofp_to_u16(flow.in_port.ofp_port); + if (in_port >= ofproto->up.max_ports && in_port < ofp_to_u16(OFPP_MAX)) { + unixctl_command_reply_error(conn, "invalid in_port"); + goto exit; + } + if (enforce_consistency) { + retval = ofpacts_check_consistency(ofpacts.data, ofpacts.size, &flow, + u16_to_ofp(ofproto->up.max_ports), + 0, 0, usable_protocols); + } else { + retval = ofpacts_check(ofpacts.data, ofpacts.size, &flow, + u16_to_ofp(ofproto->up.max_ports), 0, 0, + &usable_protocols); + } + + if (retval) { + ds_clear(&result); + ds_put_format(&result, "Bad actions: %s", ofperr_to_string(retval)); + unixctl_command_reply_error(conn, ds_cstr(&result)); + goto exit; + } + + ofproto_trace(ofproto, &flow, packet, ofpacts.data, ofpacts.size, &result); unixctl_command_reply(conn, ds_cstr(&result)); exit: ds_destroy(&result); ofpbuf_delete(packet); - ofpbuf_uninit(&odp_key); + ofpbuf_uninit(&ofpacts); } +/* Implements a "trace" through 'ofproto''s flow table, appending a textual + * description of the results to 'ds'. + * + * The trace follows a packet with the specified 'flow' through the flow + * table. 'packet' may be nonnull to trace an actual packet, with consequent + * side effects (if it is nonnull then its flow must be 'flow'). + * + * If 'ofpacts' is nonnull then its 'ofpacts_len' bytes specify the actions to + * trace, otherwise the actions are determined by a flow table lookup. */ static void ofproto_trace(struct ofproto_dpif *ofproto, const struct flow *flow, const struct ofpbuf *packet, - const struct initial_vals *initial_vals, struct ds *ds) + const struct ofpact ofpacts[], size_t ofpacts_len, + struct ds *ds) { struct rule_dpif *rule; + struct trace_ctx trace; + ds_put_format(ds, "Bridge: %s\n", ofproto->up.name); ds_put_cstr(ds, "Flow: "); flow_format(ds, flow); ds_put_char(ds, '\n'); - rule = rule_dpif_lookup(ofproto, flow); + flow_wildcards_init_catchall(&trace.wc); + if (ofpacts) { + rule = NULL; + } else { + rule_dpif_lookup(ofproto, flow, &trace.wc, &rule); - trace_format_rule(ds, 0, 0, rule); - if (rule == ofproto->miss_rule) { - ds_put_cstr(ds, "\nNo match, flow generates \"packet in\"s.\n"); - } else if (rule == ofproto->no_packet_in_rule) { - ds_put_cstr(ds, "\nNo match, packets dropped because " - "OFPPC_NO_PACKET_IN is set on in_port.\n"); - } else if (rule == ofproto->drop_frags_rule) { - ds_put_cstr(ds, "\nPackets dropped because they are IP fragments " - "and the fragment handling mode is \"drop\".\n"); + trace_format_rule(ds, 0, rule); + if (rule == ofproto->miss_rule) { + ds_put_cstr(ds, "\nNo match, flow generates \"packet in\"s.\n"); + } else if (rule == ofproto->no_packet_in_rule) { + ds_put_cstr(ds, "\nNo match, packets dropped because " + "OFPPC_NO_PACKET_IN is set on in_port.\n"); + } else if (rule == ofproto->drop_frags_rule) { + ds_put_cstr(ds, "\nPackets dropped because they are IP fragments " + "and the fragment handling mode is \"drop\".\n"); + } } - if (rule) { - uint64_t odp_actions_stub[1024 / 8]; - struct ofpbuf odp_actions; - - struct trace_ctx trace; - uint8_t tcp_flags; + if (rule || ofpacts) { + uint16_t tcp_flags; tcp_flags = packet ? packet_get_tcp_flags(packet, flow) : 0; trace.result = ds; trace.flow = *flow; - ofpbuf_use_stub(&odp_actions, - odp_actions_stub, sizeof odp_actions_stub); - xlate_in_init(&trace.xin, ofproto, flow, initial_vals, rule, tcp_flags, - packet); + xlate_in_init(&trace.xin, ofproto, flow, rule, tcp_flags, packet); + if (ofpacts) { + trace.xin.ofpacts = ofpacts; + trace.xin.ofpacts_len = ofpacts_len; + } trace.xin.resubmit_hook = trace_resubmit; trace.xin.report_hook = trace_report; + xlate_actions(&trace.xin, &trace.xout); ds_put_char(ds, '\n'); trace_format_flow(ds, 0, "Final flow", &trace); + trace_format_megaflow(ds, 0, "Megaflow", &trace); + ds_put_cstr(ds, "Datapath actions: "); format_odp_actions(ds, trace.xout.odp_actions.data, trace.xout.odp_actions.size); if (trace.xout.slow) { + enum slow_path_reason slow; + ds_put_cstr(ds, "\nThis flow is handled by the userspace " "slow path because it:"); - switch (trace.xout.slow) { - case SLOW_CFM: - ds_put_cstr(ds, "\n\t- Consists of CFM packets."); - break; - case SLOW_LACP: - ds_put_cstr(ds, "\n\t- Consists of LACP packets."); - break; - case SLOW_STP: - ds_put_cstr(ds, "\n\t- Consists of STP packets."); - break; - case SLOW_BFD: - ds_put_cstr(ds, "\n\t- Consists of BFD packets."); - break; - case SLOW_CONTROLLER: - ds_put_cstr(ds, "\n\t- Sends \"packet-in\" messages " - "to the OpenFlow controller."); - break; - case __SLOW_MAX: - NOT_REACHED(); - } - } - - xlate_out_uninit(&trace.xout); - } -} - -static void -ofproto_dpif_clog(struct unixctl_conn *conn OVS_UNUSED, int argc OVS_UNUSED, - const char *argv[] OVS_UNUSED, void *aux OVS_UNUSED) -{ - clogged = true; - unixctl_command_reply(conn, NULL); -} -static void -ofproto_dpif_unclog(struct unixctl_conn *conn OVS_UNUSED, int argc OVS_UNUSED, - const char *argv[] OVS_UNUSED, void *aux OVS_UNUSED) -{ - clogged = false; - unixctl_command_reply(conn, NULL); -} + slow = trace.xout.slow; + while (slow) { + enum slow_path_reason bit = rightmost_1bit(slow); -/* Runs a self-check of flow translations in 'ofproto'. Appends a message to - * 'reply' describing the results. */ -static void -ofproto_dpif_self_check__(struct ofproto_dpif *ofproto, struct ds *reply) -{ - struct facet *facet; - int errors; + ds_put_format(ds, "\n\t- %s.", + slow_path_reason_to_explanation(bit)); - errors = 0; - HMAP_FOR_EACH (facet, hmap_node, &ofproto->facets) { - if (!facet_check_consistency(facet)) { - errors++; + slow &= ~bit; + } } - } - if (errors) { - ofproto->backer->need_revalidate = REV_INCONSISTENCY; - } - - if (errors) { - ds_put_format(reply, "%s: self-check failed (%d errors)\n", - ofproto->up.name, errors); - } else { - ds_put_format(reply, "%s: self-check passed\n", ofproto->up.name); - } -} - -static void -ofproto_dpif_self_check(struct unixctl_conn *conn, - int argc, const char *argv[], void *aux OVS_UNUSED) -{ - struct ds reply = DS_EMPTY_INITIALIZER; - struct ofproto_dpif *ofproto; - if (argc > 1) { - ofproto = ofproto_dpif_lookup(argv[1]); - if (!ofproto) { - unixctl_command_reply_error(conn, "Unknown ofproto (use " - "ofproto/list for help)"); - return; - } - ofproto_dpif_self_check__(ofproto, &reply); - } else { - HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, &all_ofproto_dpifs) { - ofproto_dpif_self_check__(ofproto, &reply); - } + xlate_out_uninit(&trace.xout); } - unixctl_command_reply(conn, ds_cstr(&reply)); - ds_destroy(&reply); + rule_dpif_unref(rule); } /* Store the current ofprotos in 'ofproto_shash'. Returns a sorted list @@ -8276,46 +4009,18 @@ ofproto_unixctl_dpif_dump_dps(struct unixctl_conn *conn, int argc OVS_UNUSED, ds_destroy(&ds); } -static void -show_dp_rates(struct ds *ds, const char *heading, - const struct avg_subfacet_rates *rates) -{ - ds_put_format(ds, "%s add rate: %5.3f/min, del rate: %5.3f/min\n", - heading, rates->add_rate, rates->del_rate); -} - static void dpif_show_backer(const struct dpif_backer *backer, struct ds *ds) { - size_t n_hit, n_missed, i; const struct shash_node **ofprotos; - struct ofproto_dpif *ofproto; + struct dpif_dp_stats dp_stats; struct shash ofproto_shash; - long long int minutes; + size_t i; - n_hit = n_missed = 0; - HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, &all_ofproto_dpifs) { - if (ofproto->backer == backer) { - n_missed += ofproto->n_missed; - n_hit += ofproto->n_hit; - } - } + dpif_get_dp_stats(backer->dpif, &dp_stats); ds_put_format(ds, "%s: hit:%"PRIu64" missed:%"PRIu64"\n", - dpif_name(backer->dpif), n_hit, n_missed); - ds_put_format(ds, "\tflows: cur: %zu, avg: %u, max: %u," - " life span: %lldms\n", hmap_count(&backer->subfacets), - backer->avg_n_subfacet, backer->max_n_subfacet, - backer->avg_subfacet_life); - - minutes = (time_msec() - backer->created) / (1000 * 60); - if (minutes >= 60) { - show_dp_rates(ds, "\thourly avg:", &backer->hourly); - } - if (minutes >= 60 * 24) { - show_dp_rates(ds, "\tdaily avg:", &backer->daily); - } - show_dp_rates(ds, "\toverall avg:", &backer->lifetime); + dpif_name(backer->dpif), dp_stats.n_hit, dp_stats.n_missed); shash_init(&ofproto_shash); ofprotos = get_ofprotos(&ofproto_shash); @@ -8328,21 +4033,20 @@ dpif_show_backer(const struct dpif_backer *backer, struct ds *ds) continue; } - ds_put_format(ds, "\t%s: hit:%"PRIu64" missed:%"PRIu64"\n", - ofproto->up.name, ofproto->n_hit, ofproto->n_missed); + ds_put_format(ds, "\t%s:\n", ofproto->up.name); ports = shash_sort(&ofproto->up.port_by_name); for (j = 0; j < shash_count(&ofproto->up.port_by_name); j++) { const struct shash_node *node = ports[j]; struct ofport *ofport = node->data; struct smap config; - uint32_t odp_port; + odp_port_t odp_port; ds_put_format(ds, "\t\t%s %u/", netdev_get_name(ofport->netdev), ofport->ofp_port); odp_port = ofp_port_to_odp_port(ofproto, ofport->ofp_port); - if (odp_port != OVSP_NONE) { + if (odp_port != ODPP_NONE) { ds_put_format(ds, "%"PRIu32":", odp_port); } else { ds_put_cstr(ds, "none:"); @@ -8392,83 +4096,79 @@ ofproto_unixctl_dpif_show(struct unixctl_conn *conn, int argc OVS_UNUSED, ds_destroy(&ds); } +static bool +ofproto_dpif_contains_flow(const struct ofproto_dpif *ofproto, + const struct nlattr *key, size_t key_len) +{ + struct ofproto_dpif *ofp; + struct flow flow; + + xlate_receive(ofproto->backer, NULL, key, key_len, &flow, &ofp, + NULL, NULL, NULL, NULL); + return ofp == ofproto; +} + static void ofproto_unixctl_dpif_dump_flows(struct unixctl_conn *conn, int argc OVS_UNUSED, const char *argv[], void *aux OVS_UNUSED) { struct ds ds = DS_EMPTY_INITIALIZER; + const struct dpif_flow_stats *stats; const struct ofproto_dpif *ofproto; - struct subfacet *subfacet; + struct dpif_flow_dump flow_dump; + const struct nlattr *actions; + const struct nlattr *mask; + const struct nlattr *key; + size_t actions_len; + size_t mask_len; + size_t key_len; + bool verbosity = false; + struct dpif_port dpif_port; + struct dpif_port_dump port_dump; + struct hmap portno_names; - ofproto = ofproto_dpif_lookup(argv[1]); + ofproto = ofproto_dpif_lookup(argv[argc - 1]); if (!ofproto) { unixctl_command_reply_error(conn, "no such bridge"); return; } - update_stats(ofproto->backer); + if (argc > 2 && !strcmp(argv[1], "-m")) { + verbosity = true; + } - HMAP_FOR_EACH (subfacet, hmap_node, &ofproto->backer->subfacets) { - struct facet *facet = subfacet->facet; + hmap_init(&portno_names); + DPIF_PORT_FOR_EACH (&dpif_port, &port_dump, ofproto->backer->dpif) { + odp_portno_names_set(&portno_names, dpif_port.port_no, dpif_port.name); + } - if (ofproto_dpif_cast(facet->rule->up.ofproto) != ofproto) { + ds_init(&ds); + dpif_flow_dump_start(&flow_dump, ofproto->backer->dpif); + while (dpif_flow_dump_next(&flow_dump, &key, &key_len, &mask, &mask_len, + &actions, &actions_len, &stats)) { + if (!ofproto_dpif_contains_flow(ofproto, key, key_len)) { continue; } - odp_flow_key_format(subfacet->key, subfacet->key_len, &ds); - - ds_put_format(&ds, ", packets:%"PRIu64", bytes:%"PRIu64", used:", - subfacet->dp_packet_count, subfacet->dp_byte_count); - if (subfacet->used) { - ds_put_format(&ds, "%.3fs", - (time_msec() - subfacet->used) / 1000.0); - } else { - ds_put_format(&ds, "never"); - } - if (subfacet->facet->tcp_flags) { - ds_put_cstr(&ds, ", flags:"); - packet_format_tcp_flags(&ds, subfacet->facet->tcp_flags); - } - + odp_flow_format(key, key_len, mask, mask_len, &portno_names, &ds, + verbosity); + ds_put_cstr(&ds, ", "); + dpif_flow_stats_format(stats, &ds); ds_put_cstr(&ds, ", actions:"); - if (facet->xout.slow) { - uint64_t slow_path_stub[128 / 8]; - const struct nlattr *actions; - size_t actions_len; - - compose_slow_path(ofproto, &facet->flow, facet->xout.slow, - slow_path_stub, sizeof slow_path_stub, - &actions, &actions_len); - format_odp_actions(&ds, actions, actions_len); - } else { - format_odp_actions(&ds, facet->xout.odp_actions.data, - facet->xout.odp_actions.size); - } + format_odp_actions(&ds, actions, actions_len); ds_put_char(&ds, '\n'); } - unixctl_command_reply(conn, ds_cstr(&ds)); - ds_destroy(&ds); -} - -static void -ofproto_unixctl_dpif_del_flows(struct unixctl_conn *conn, - int argc OVS_UNUSED, const char *argv[], - void *aux OVS_UNUSED) -{ - struct ds ds = DS_EMPTY_INITIALIZER; - struct ofproto_dpif *ofproto; - - ofproto = ofproto_dpif_lookup(argv[1]); - if (!ofproto) { - unixctl_command_reply_error(conn, "no such bridge"); - return; + if (dpif_flow_dump_done(&flow_dump)) { + ds_clear(&ds); + ds_put_format(&ds, "dpif/dump_flows failed: %s", ovs_strerror(errno)); + unixctl_command_reply_error(conn, ds_cstr(&ds)); + } else { + unixctl_command_reply(conn, ds_cstr(&ds)); } - - flush(&ofproto->up); - - unixctl_command_reply(conn, ds_cstr(&ds)); + odp_portno_names_destroy(&portno_names); + hmap_destroy(&portno_names); ds_destroy(&ds); } @@ -8483,26 +4183,22 @@ ofproto_dpif_unixctl_init(void) unixctl_command_register( "ofproto/trace", - "[dp_name]|bridge odp_flow|br_flow [-generate|packet]", + "{[dp_name] odp_flow | bridge br_flow} [-generate|packet]", 1, 3, ofproto_unixctl_trace, NULL); + unixctl_command_register( + "ofproto/trace-packet-out", + "[-consistent] {[dp_name] odp_flow | bridge br_flow} [-generate|packet] actions", + 2, 6, ofproto_unixctl_trace_actions, NULL); unixctl_command_register("fdb/flush", "[bridge]", 0, 1, ofproto_unixctl_fdb_flush, NULL); unixctl_command_register("fdb/show", "bridge", 1, 1, ofproto_unixctl_fdb_show, NULL); - unixctl_command_register("ofproto/clog", "", 0, 0, - ofproto_dpif_clog, NULL); - unixctl_command_register("ofproto/unclog", "", 0, 0, - ofproto_dpif_unclog, NULL); - unixctl_command_register("ofproto/self-check", "[bridge]", 0, 1, - ofproto_dpif_self_check, NULL); unixctl_command_register("dpif/dump-dps", "", 0, 0, ofproto_unixctl_dpif_dump_dps, NULL); unixctl_command_register("dpif/show", "", 0, 0, ofproto_unixctl_dpif_show, NULL); - unixctl_command_register("dpif/dump-flows", "bridge", 1, 1, + unixctl_command_register("dpif/dump-flows", "[-m] bridge", 1, 2, ofproto_unixctl_dpif_dump_flows, NULL); - unixctl_command_register("dpif/del-flows", "bridge", 1, 1, - ofproto_unixctl_dpif_del_flows, NULL); } /* Linux VLAN device support (e.g. "eth0.10" for VLAN 10.) @@ -8513,7 +4209,7 @@ ofproto_dpif_unixctl_init(void) * widespread use, we will delete these interfaces. */ static int -set_realdev(struct ofport *ofport_, uint16_t realdev_ofp_port, int vid) +set_realdev(struct ofport *ofport_, ofp_port_t realdev_ofp_port, int vid) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofport_->ofproto); struct ofport_dpif *ofport = ofport_dpif_cast(ofport_); @@ -8545,21 +4241,27 @@ set_realdev(struct ofport *ofport_, uint16_t realdev_ofp_port, int vid) } static uint32_t -hash_realdev_vid(uint16_t realdev_ofp_port, int vid) +hash_realdev_vid(ofp_port_t realdev_ofp_port, int vid) { - return hash_2words(realdev_ofp_port, vid); + return hash_2words(ofp_to_u16(realdev_ofp_port), vid); } -/* Returns the OFP port number of the Linux VLAN device that corresponds to - * 'vlan_tci' on the network device with port number 'realdev_ofp_port' in - * 'struct ofport_dpif'. For example, given 'realdev_ofp_port' of eth0 and - * 'vlan_tci' 9, it would return the port number of eth0.9. - * - * Unless VLAN splinters are enabled for port 'realdev_ofp_port', this - * function just returns its 'realdev_ofp_port' argument. */ -static uint16_t -vsp_realdev_to_vlandev(const struct ofproto_dpif *ofproto, - uint16_t realdev_ofp_port, ovs_be16 vlan_tci) +bool +ofproto_has_vlan_splinters(const struct ofproto_dpif *ofproto) + OVS_EXCLUDED(ofproto->vsp_mutex) +{ + bool ret; + + ovs_mutex_lock(&ofproto->vsp_mutex); + ret = !hmap_is_empty(&ofproto->realdev_vid_map); + ovs_mutex_unlock(&ofproto->vsp_mutex); + return ret; +} + +static ofp_port_t +vsp_realdev_to_vlandev__(const struct ofproto_dpif *ofproto, + ofp_port_t realdev_ofp_port, ovs_be16 vlan_tci) + OVS_REQUIRES(ofproto->vsp_mutex) { if (!hmap_is_empty(&ofproto->realdev_vid_map)) { int vid = vlan_tci_to_vid(vlan_tci); @@ -8577,12 +4279,33 @@ vsp_realdev_to_vlandev(const struct ofproto_dpif *ofproto, return realdev_ofp_port; } +/* Returns the OFP port number of the Linux VLAN device that corresponds to + * 'vlan_tci' on the network device with port number 'realdev_ofp_port' in + * 'struct ofport_dpif'. For example, given 'realdev_ofp_port' of eth0 and + * 'vlan_tci' 9, it would return the port number of eth0.9. + * + * Unless VLAN splinters are enabled for port 'realdev_ofp_port', this + * function just returns its 'realdev_ofp_port' argument. */ +ofp_port_t +vsp_realdev_to_vlandev(const struct ofproto_dpif *ofproto, + ofp_port_t realdev_ofp_port, ovs_be16 vlan_tci) + OVS_EXCLUDED(ofproto->vsp_mutex) +{ + ofp_port_t ret; + + ovs_mutex_lock(&ofproto->vsp_mutex); + ret = vsp_realdev_to_vlandev__(ofproto, realdev_ofp_port, vlan_tci); + ovs_mutex_unlock(&ofproto->vsp_mutex); + return ret; +} + static struct vlan_splinter * -vlandev_find(const struct ofproto_dpif *ofproto, uint16_t vlandev_ofp_port) +vlandev_find(const struct ofproto_dpif *ofproto, ofp_port_t vlandev_ofp_port) { struct vlan_splinter *vsp; - HMAP_FOR_EACH_WITH_HASH (vsp, vlandev_node, hash_int(vlandev_ofp_port, 0), + HMAP_FOR_EACH_WITH_HASH (vsp, vlandev_node, + hash_ofp_port(vlandev_ofp_port), &ofproto->vlandev_map) { if (vsp->vlandev_ofp_port == vlandev_ofp_port) { return vsp; @@ -8601,9 +4324,10 @@ vlandev_find(const struct ofproto_dpif *ofproto, uint16_t vlandev_ofp_port) * Returns 0 and does not modify '*vid' if 'vlandev_ofp_port' is not a Linux * VLAN device. Unless VLAN splinters are enabled, this is what this function * always does.*/ -static uint16_t +static ofp_port_t vsp_vlandev_to_realdev(const struct ofproto_dpif *ofproto, - uint16_t vlandev_ofp_port, int *vid) + ofp_port_t vlandev_ofp_port, int *vid) + OVS_REQUIRES(ofproto->vsp_mutex) { if (!hmap_is_empty(&ofproto->vlandev_map)) { const struct vlan_splinter *vsp; @@ -8625,20 +4349,23 @@ vsp_vlandev_to_realdev(const struct ofproto_dpif *ofproto, * 'flow->vlan_tci' to the VLAN VID, and returns true. Otherwise (which is * always the case unless VLAN splinters are enabled), returns false without * making any changes. */ -static bool +bool vsp_adjust_flow(const struct ofproto_dpif *ofproto, struct flow *flow) + OVS_EXCLUDED(ofproto->vsp_mutex) { - uint16_t realdev; + ofp_port_t realdev; int vid; - realdev = vsp_vlandev_to_realdev(ofproto, flow->in_port, &vid); + ovs_mutex_lock(&ofproto->vsp_mutex); + realdev = vsp_vlandev_to_realdev(ofproto, flow->in_port.ofp_port, &vid); + ovs_mutex_unlock(&ofproto->vsp_mutex); if (!realdev) { return false; } /* Cause the flow to be processed as if it came in on the real device with * the VLAN device's VLAN ID. */ - flow->in_port = realdev; + flow->in_port.ofp_port = realdev; flow->vlan_tci = htons((vid & VLAN_VID_MASK) | VLAN_CFI); return true; } @@ -8649,6 +4376,7 @@ vsp_remove(struct ofport_dpif *port) struct ofproto_dpif *ofproto = ofproto_dpif_cast(port->up.ofproto); struct vlan_splinter *vsp; + ovs_mutex_lock(&ofproto->vsp_mutex); vsp = vlandev_find(ofproto, port->up.ofp_port); if (vsp) { hmap_remove(&ofproto->vlandev_map, &vsp->vlandev_node); @@ -8659,58 +4387,64 @@ vsp_remove(struct ofport_dpif *port) } else { VLOG_ERR("missing vlan device record"); } + ovs_mutex_unlock(&ofproto->vsp_mutex); } static void -vsp_add(struct ofport_dpif *port, uint16_t realdev_ofp_port, int vid) +vsp_add(struct ofport_dpif *port, ofp_port_t realdev_ofp_port, int vid) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(port->up.ofproto); + ovs_mutex_lock(&ofproto->vsp_mutex); if (!vsp_vlandev_to_realdev(ofproto, port->up.ofp_port, NULL) - && (vsp_realdev_to_vlandev(ofproto, realdev_ofp_port, htons(vid)) + && (vsp_realdev_to_vlandev__(ofproto, realdev_ofp_port, htons(vid)) == realdev_ofp_port)) { struct vlan_splinter *vsp; vsp = xmalloc(sizeof *vsp); - hmap_insert(&ofproto->vlandev_map, &vsp->vlandev_node, - hash_int(port->up.ofp_port, 0)); - hmap_insert(&ofproto->realdev_vid_map, &vsp->realdev_vid_node, - hash_realdev_vid(realdev_ofp_port, vid)); vsp->realdev_ofp_port = realdev_ofp_port; vsp->vlandev_ofp_port = port->up.ofp_port; vsp->vid = vid; port->realdev_ofp_port = realdev_ofp_port; + + hmap_insert(&ofproto->vlandev_map, &vsp->vlandev_node, + hash_ofp_port(port->up.ofp_port)); + hmap_insert(&ofproto->realdev_vid_map, &vsp->realdev_vid_node, + hash_realdev_vid(realdev_ofp_port, vid)); } else { VLOG_ERR("duplicate vlan device record"); } + ovs_mutex_unlock(&ofproto->vsp_mutex); } -static uint32_t -ofp_port_to_odp_port(const struct ofproto_dpif *ofproto, uint16_t ofp_port) +static odp_port_t +ofp_port_to_odp_port(const struct ofproto_dpif *ofproto, ofp_port_t ofp_port) { const struct ofport_dpif *ofport = get_ofp_port(ofproto, ofp_port); - return ofport ? ofport->odp_port : OVSP_NONE; + return ofport ? ofport->odp_port : ODPP_NONE; } -static struct ofport_dpif * -odp_port_to_ofport(const struct dpif_backer *backer, uint32_t odp_port) +struct ofport_dpif * +odp_port_to_ofport(const struct dpif_backer *backer, odp_port_t odp_port) { struct ofport_dpif *port; - HMAP_FOR_EACH_IN_BUCKET (port, odp_port_node, - hash_int(odp_port, 0), + ovs_rwlock_rdlock(&backer->odp_to_ofport_lock); + HMAP_FOR_EACH_IN_BUCKET (port, odp_port_node, hash_odp_port(odp_port), &backer->odp_to_ofport_map) { if (port->odp_port == odp_port) { + ovs_rwlock_unlock(&backer->odp_to_ofport_lock); return port; } } + ovs_rwlock_unlock(&backer->odp_to_ofport_lock); return NULL; } -static uint16_t -odp_port_to_ofp_port(const struct ofproto_dpif *ofproto, uint32_t odp_port) +static ofp_port_t +odp_port_to_ofp_port(const struct ofproto_dpif *ofproto, odp_port_t odp_port) { struct ofport_dpif *port; @@ -8722,51 +4456,6 @@ odp_port_to_ofp_port(const struct ofproto_dpif *ofproto, uint32_t odp_port) } } -/* Compute exponentially weighted moving average, adding 'new' as the newest, - * most heavily weighted element. 'base' designates the rate of decay: after - * 'base' further updates, 'new''s weight in the EWMA decays to about 1/e - * (about .37). */ -static void -exp_mavg(double *avg, int base, double new) -{ - *avg = (*avg * (base - 1) + new) / base; -} - -static void -update_moving_averages(struct dpif_backer *backer) -{ - const int min_ms = 60 * 1000; /* milliseconds in one minute. */ - long long int minutes = (time_msec() - backer->created) / min_ms; - - if (minutes > 0) { - backer->lifetime.add_rate = (double) backer->total_subfacet_add_count - / minutes; - backer->lifetime.del_rate = (double) backer->total_subfacet_del_count - / minutes; - } else { - backer->lifetime.add_rate = 0.0; - backer->lifetime.del_rate = 0.0; - } - - /* Update hourly averages on the minute boundaries. */ - if (time_msec() - backer->last_minute >= min_ms) { - exp_mavg(&backer->hourly.add_rate, 60, backer->subfacet_add_count); - exp_mavg(&backer->hourly.del_rate, 60, backer->subfacet_del_count); - - /* Update daily averages on the hour boundaries. */ - if ((backer->last_minute - backer->created) / min_ms % 60 == 59) { - exp_mavg(&backer->daily.add_rate, 24, backer->hourly.add_rate); - exp_mavg(&backer->daily.del_rate, 24, backer->hourly.del_rate); - } - - backer->total_subfacet_add_count += backer->subfacet_add_count; - backer->total_subfacet_del_count += backer->subfacet_del_count; - backer->subfacet_add_count = 0; - backer->subfacet_del_count = 0; - backer->last_minute += min_ms; - } -} - const struct ofproto_class ofproto_dpif_class = { init, enumerate_types, @@ -8774,16 +4463,15 @@ const struct ofproto_class ofproto_dpif_class = { del, port_open_type, type_run, - type_run_fast, type_wait, alloc, construct, destruct, dealloc, run, - run_fast, wait, - get_memory_usage, + NULL, /* get_memory_usage. */ + type_get_memory_usage, flush, get_features, get_tables, @@ -8806,6 +4494,8 @@ const struct ofproto_class ofproto_dpif_class = { NULL, /* rule_choose_table */ rule_alloc, rule_construct, + rule_insert, + rule_delete, rule_destruct, rule_dealloc, rule_get_stats, @@ -8825,14 +4515,25 @@ const struct ofproto_class ofproto_dpif_class = { get_stp_status, set_stp_port, get_stp_port_status, + get_stp_port_stats, set_queues, bundle_set, bundle_remove, - mirror_set, - mirror_get_stats, + mirror_set__, + mirror_get_stats__, set_flood_vlans, is_mirror_output_bundle, forward_bpdu_changed, set_mac_table_config, set_realdev, + NULL, /* meter_get_features */ + NULL, /* meter_set */ + NULL, /* meter_get */ + NULL, /* meter_del */ + group_alloc, /* group_alloc */ + group_construct, /* group_construct */ + group_destruct, /* group_destruct */ + group_dealloc, /* group_dealloc */ + group_modify, /* group_modify */ + group_get_stats, /* group_get_stats */ };