X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=ofproto%2Fofproto-dpif.c;h=b917dc770a39137503efef9dc5660772411861b5;hb=8a553e9afc412fb434f2352f27e75700ade88bd1;hp=c262e7baba881117f0547764dabe4434044c6c77;hpb=8ecafa3ee424b200a35daf5a3a4c14d6f3cc2646;p=sliver-openvswitch.git diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c index c262e7bab..b917dc770 100644 --- a/ofproto/ofproto-dpif.c +++ b/ofproto/ofproto-dpif.c @@ -16,6 +16,7 @@ #include +#include "ofproto/ofproto-dpif.h" #include "ofproto/ofproto-provider.h" #include @@ -50,6 +51,7 @@ #include "ofproto-dpif-governor.h" #include "ofproto-dpif-ipfix.h" #include "ofproto-dpif-sflow.h" +#include "ofproto-dpif-xlate.h" #include "poll-loop.h" #include "simap.h" #include "smap.h" @@ -63,298 +65,44 @@ VLOG_DEFINE_THIS_MODULE(ofproto_dpif); COVERAGE_DEFINE(ofproto_dpif_expired); -COVERAGE_DEFINE(ofproto_dpif_xlate); COVERAGE_DEFINE(facet_changed_rule); COVERAGE_DEFINE(facet_revalidate); COVERAGE_DEFINE(facet_unexpected); COVERAGE_DEFINE(facet_suppress); -/* Maximum depth of flow table recursion (due to resubmit actions) in a - * flow translation. */ -#define MAX_RESUBMIT_RECURSION 64 - -/* Number of implemented OpenFlow tables. */ -enum { N_TABLES = 255 }; -enum { TBL_INTERNAL = N_TABLES - 1 }; /* Used for internal hidden rules. */ -BUILD_ASSERT_DECL(N_TABLES >= 2 && N_TABLES <= 255); - -struct ofport_dpif; -struct ofproto_dpif; struct flow_miss; struct facet; -struct rule_dpif { - struct rule up; - - /* These statistics: - * - * - Do include packets and bytes from facets that have been deleted or - * whose own statistics have been folded into the rule. - * - * - Do include packets and bytes sent "by hand" that were accounted to - * the rule without any facet being involved (this is a rare corner - * case in rule_execute()). - * - * - Do not include packet or bytes that can be obtained from any facet's - * packet_count or byte_count member or that can be obtained from the - * datapath by, e.g., dpif_flow_get() for any subfacet. - */ - uint64_t packet_count; /* Number of packets received. */ - uint64_t byte_count; /* Number of bytes received. */ - - tag_type tag; /* Caches rule_calculate_tag() result. */ - - struct list facets; /* List of "struct facet"s. */ -}; - -static struct rule_dpif *rule_dpif_cast(const struct rule *rule) -{ - return rule ? CONTAINER_OF(rule, struct rule_dpif, up) : NULL; -} - static struct rule_dpif *rule_dpif_lookup(struct ofproto_dpif *, const struct flow *, struct flow_wildcards *wc); -static struct rule_dpif *rule_dpif_lookup__(struct ofproto_dpif *, - const struct flow *, - struct flow_wildcards *wc, - uint8_t table); -static struct rule_dpif *rule_dpif_miss_rule(struct ofproto_dpif *ofproto, - const struct flow *flow); static void rule_get_stats(struct rule *, uint64_t *packets, uint64_t *bytes); -static void rule_credit_stats(struct rule_dpif *, - const struct dpif_flow_stats *); -static tag_type rule_calculate_tag(const struct flow *, - const struct minimask *, uint32_t basis); static void rule_invalidate(const struct rule_dpif *); -#define MAX_MIRRORS 32 -typedef uint32_t mirror_mask_t; -#define MIRROR_MASK_C(X) UINT32_C(X) -BUILD_ASSERT_DECL(sizeof(mirror_mask_t) * CHAR_BIT >= MAX_MIRRORS); -struct ofmirror { - struct ofproto_dpif *ofproto; /* Owning ofproto. */ - size_t idx; /* In ofproto's "mirrors" array. */ - void *aux; /* Key supplied by ofproto's client. */ - char *name; /* Identifier for log messages. */ - - /* Selection criteria. */ - struct hmapx srcs; /* Contains "struct ofbundle *"s. */ - struct hmapx dsts; /* Contains "struct ofbundle *"s. */ - unsigned long *vlans; /* Bitmap of chosen VLANs, NULL selects all. */ - - /* Output (exactly one of out == NULL and out_vlan == -1 is true). */ - struct ofbundle *out; /* Output port or NULL. */ - int out_vlan; /* Output VLAN or -1. */ - mirror_mask_t dup_mirrors; /* Bitmap of mirrors with the same output. */ - - /* Counters. */ - int64_t packet_count; /* Number of packets sent. */ - int64_t byte_count; /* Number of bytes sent. */ -}; - static void mirror_destroy(struct ofmirror *); static void update_mirror_stats(struct ofproto_dpif *ofproto, mirror_mask_t mirrors, uint64_t packets, uint64_t bytes); -struct ofbundle { - struct hmap_node hmap_node; /* In struct ofproto's "bundles" hmap. */ - struct ofproto_dpif *ofproto; /* Owning ofproto. */ - void *aux; /* Key supplied by ofproto's client. */ - char *name; /* Identifier for log messages. */ - - /* Configuration. */ - struct list ports; /* Contains "struct ofport"s. */ - enum port_vlan_mode vlan_mode; /* VLAN mode */ - int vlan; /* -1=trunk port, else a 12-bit VLAN ID. */ - unsigned long *trunks; /* Bitmap of trunked VLANs, if 'vlan' == -1. - * NULL if all VLANs are trunked. */ - struct lacp *lacp; /* LACP if LACP is enabled, otherwise NULL. */ - struct bond *bond; /* Nonnull iff more than one port. */ - bool use_priority_tags; /* Use 802.1p tag for frames in VLAN 0? */ - - /* Status. */ - bool floodable; /* True if no port has OFPUTIL_PC_NO_FLOOD set. */ - - /* Port mirroring info. */ - mirror_mask_t src_mirrors; /* Mirrors triggered when packet received. */ - mirror_mask_t dst_mirrors; /* Mirrors triggered when packet sent. */ - mirror_mask_t mirror_out; /* Mirrors that output to this bundle. */ -}; - static void bundle_remove(struct ofport *); static void bundle_update(struct ofbundle *); static void bundle_destroy(struct ofbundle *); static void bundle_del_port(struct ofport_dpif *); static void bundle_run(struct ofbundle *); static void bundle_wait(struct ofbundle *); -static struct ofbundle *lookup_input_bundle(const struct ofproto_dpif *, - uint16_t in_port, bool warn, - struct ofport_dpif **in_ofportp); - -/* A controller may use OFPP_NONE as the ingress port to indicate that - * it did not arrive on a "real" port. 'ofpp_none_bundle' exists for - * when an input bundle is needed for validation (e.g., mirroring or - * OFPP_NORMAL processing). It is not connected to an 'ofproto' or have - * any 'port' structs, so care must be taken when dealing with it. */ -static struct ofbundle ofpp_none_bundle = { - .name = "OFPP_NONE", - .vlan_mode = PORT_VLAN_TRUNK -}; static void stp_run(struct ofproto_dpif *ofproto); static void stp_wait(struct ofproto_dpif *ofproto); static int set_stp_port(struct ofport *, const struct ofproto_port_stp_settings *); -static bool ofbundle_includes_vlan(const struct ofbundle *, uint16_t vlan); - -struct xlate_ctx; - -struct xlate_out { - /* Wildcards relevant in translation. Any fields that were used to - * calculate the action must be set for caching and kernel - * wildcarding to work. For example, if the flow lookup involved - * performing the "normal" action on IPv4 and ARP packets, 'wc' - * would have the 'in_port' (always set), 'dl_type' (flow match), - * 'vlan_tci' (normal action), and 'dl_dst' (normal action) fields - * set. */ - struct flow_wildcards wc; - - tag_type tags; /* Tags associated with actions. */ - enum slow_path_reason slow; /* 0 if fast path may be used. */ - bool has_learn; /* Actions include NXAST_LEARN? */ - bool has_normal; /* Actions output to OFPP_NORMAL? */ - bool has_fin_timeout; /* Actions include NXAST_FIN_TIMEOUT? */ - uint16_t nf_output_iface; /* Output interface index for NetFlow. */ - mirror_mask_t mirrors; /* Bitmap of associated mirrors. */ - - uint64_t odp_actions_stub[256 / 8]; - struct ofpbuf odp_actions; -}; - -struct xlate_in { - struct ofproto_dpif *ofproto; - - /* Flow to which the OpenFlow actions apply. xlate_actions() will modify - * this flow when actions change header fields. */ - struct flow flow; - - /* The packet corresponding to 'flow', or a null pointer if we are - * revalidating without a packet to refer to. */ - const struct ofpbuf *packet; - - /* Should OFPP_NORMAL update the MAC learning table? Should "learn" - * actions update the flow table? - * - * We want to update these tables if we are actually processing a packet, - * or if we are accounting for packets that the datapath has processed, but - * not if we are just revalidating. */ - bool may_learn; - - /* The rule initiating translation or NULL. */ - struct rule_dpif *rule; - - /* The actions to translate. If 'rule' is not NULL, these may be NULL. */ - const struct ofpact *ofpacts; - size_t ofpacts_len; - - /* Union of the set of TCP flags seen so far in this flow. (Used only by - * NXAST_FIN_TIMEOUT. Set to zero to avoid updating updating rules' - * timeouts.) */ - uint8_t tcp_flags; - - /* If nonnull, flow translation calls this function just before executing a - * resubmit or OFPP_TABLE action. In addition, disables logging of traces - * when the recursion depth is exceeded. - * - * 'rule' is the rule being submitted into. It will be null if the - * resubmit or OFPP_TABLE action didn't find a matching rule. - * - * This is normally null so the client has to set it manually after - * calling xlate_in_init(). */ - void (*resubmit_hook)(struct xlate_ctx *, struct rule_dpif *rule); - - /* If nonnull, flow translation calls this function to report some - * significant decision, e.g. to explain why OFPP_NORMAL translation - * dropped a packet. */ - void (*report_hook)(struct xlate_ctx *, const char *s); - - /* If nonnull, flow translation credits the specified statistics to each - * rule reached through a resubmit or OFPP_TABLE action. - * - * This is normally null so the client has to set it manually after - * calling xlate_in_init(). */ - const struct dpif_flow_stats *resubmit_stats; -}; - -/* Context used by xlate_actions() and its callees. */ -struct xlate_ctx { - struct xlate_in *xin; - struct xlate_out *xout; - - struct ofproto_dpif *ofproto; - - /* Flow at the last commit. */ - struct flow base_flow; - - /* Tunnel IP destination address as received. This is stored separately - * as the base_flow.tunnel is cleared on init to reflect the datapath - * behavior. Used to make sure not to send tunneled output to ourselves, - * which might lead to an infinite loop. This could happen easily - * if a tunnel is marked as 'ip_remote=flow', and the flow does not - * actually set the tun_dst field. */ - ovs_be32 orig_tunnel_ip_dst; - - /* Stack for the push and pop actions. Each stack element is of type - * "union mf_subvalue". */ - union mf_subvalue init_stack[1024 / sizeof(union mf_subvalue)]; - struct ofpbuf stack; - - /* The rule that we are currently translating, or NULL. */ - struct rule_dpif *rule; - - int recurse; /* Recursion level, via xlate_table_action. */ - bool max_resubmit_trigger; /* Recursed too deeply during translation. */ - uint32_t orig_skb_priority; /* Priority when packet arrived. */ - uint8_t table_id; /* OpenFlow table ID where flow was found. */ - uint32_t sflow_n_outputs; /* Number of output ports. */ - uint32_t sflow_odp_port; /* Output port for composing sFlow action. */ - uint16_t user_cookie_offset;/* Used for user_action_cookie fixup. */ - bool exit; /* No further actions should be processed. */ -}; - -static void xlate_in_init(struct xlate_in *, struct ofproto_dpif *, - const struct flow *, struct rule_dpif *, - uint8_t tcp_flags, const struct ofpbuf *); - -static void xlate_out_uninit(struct xlate_out *); - -static void xlate_actions(struct xlate_in *, struct xlate_out *); - -static void xlate_actions_for_side_effects(struct xlate_in *); - -static void xlate_table_action(struct xlate_ctx *, uint16_t in_port, - uint8_t table_id, bool may_packet_in); - -static size_t put_userspace_action(const struct ofproto_dpif *, - struct ofpbuf *odp_actions, - const struct flow *, - const union user_action_cookie *, - const size_t); - static void compose_slow_path(const struct ofproto_dpif *, const struct flow *, enum slow_path_reason, uint64_t *stub, size_t stub_size, const struct nlattr **actionsp, size_t *actions_lenp); -static void xlate_report(struct xlate_ctx *ctx, const char *s); - -static void xlate_out_copy(struct xlate_out *dst, const struct xlate_out *src); - /* A subfacet (see "struct subfacet" below) has three possible installation * states: * @@ -510,37 +258,6 @@ static void push_all_stats(void); static bool facet_is_controller_flow(struct facet *); -struct ofport_dpif { - struct hmap_node odp_port_node; /* In dpif_backer's "odp_to_ofport_map". */ - struct ofport up; - - uint32_t odp_port; - struct ofbundle *bundle; /* Bundle that contains this port, if any. */ - struct list bundle_node; /* In struct ofbundle's "ports" list. */ - struct cfm *cfm; /* Connectivity Fault Management, if any. */ - struct bfd *bfd; /* BFD, if any. */ - tag_type tag; /* Tag associated with this port. */ - bool may_enable; /* May be enabled in bonds. */ - long long int carrier_seq; /* Carrier status changes. */ - struct tnl_port *tnl_port; /* Tunnel handle, or null. */ - - /* Spanning tree. */ - struct stp_port *stp_port; /* Spanning Tree Protocol, if any. */ - enum stp_state stp_state; /* Always STP_DISABLED if STP not in use. */ - long long int stp_state_entered; - - struct hmap priorities; /* Map of attached 'priority_to_dscp's. */ - - /* Linux VLAN device support (e.g. "eth0.10" for VLAN 10.) - * - * This is deprecated. It is only for compatibility with broken device - * drivers in old versions of Linux that do not properly support VLANs when - * VLAN devices are not used. When broken device drivers are no longer in - * widespread use, we will delete these interfaces. */ - uint16_t realdev_ofp_port; - int vlandev_vid; -}; - /* Node in 'ofport_dpif''s 'priorities' map. Used to maintain a map from * 'priority' (the datapath's term for QoS queue) to the dscp bits which all * traffic egressing the 'ofport' with that priority should be marked with. */ @@ -565,15 +282,10 @@ struct vlan_splinter { int vid; }; -static uint16_t vsp_realdev_to_vlandev(const struct ofproto_dpif *, - uint16_t realdev_ofp_port, - ovs_be16 vlan_tci); static bool vsp_adjust_flow(const struct ofproto_dpif *, struct flow *); static void vsp_remove(struct ofport_dpif *); static void vsp_add(struct ofport_dpif *, uint16_t realdev_ofp_port, int vid); -static uint32_t ofp_port_to_odp_port(const struct ofproto_dpif *, - uint16_t ofp_port); static uint16_t odp_port_to_ofp_port(const struct ofproto_dpif *, uint32_t odp_port); @@ -596,17 +308,6 @@ struct dpif_completion { struct ofoperation *op; }; -/* Extra information about a classifier table. - * Currently used just for optimized flow revalidation. */ -struct table_dpif { - /* If either of these is nonnull, then this table has a form that allows - * flows to be tagged to avoid revalidating most flows for the most common - * kinds of flow table changes. */ - struct cls_table *catchall_table; /* Table that wildcards all fields. */ - struct cls_table *other_table; /* Table with any other wildcard set. */ - uint32_t basis; /* Keeps each table's tags separate. */ -}; - /* Reasons that we might need to revalidate every facet, and corresponding * coverage counters. * @@ -697,59 +398,6 @@ static struct ofport_dpif * odp_port_to_ofport(const struct dpif_backer *, uint32_t odp_port); static void update_moving_averages(struct dpif_backer *backer); -struct ofproto_dpif { - struct hmap_node all_ofproto_dpifs_node; /* In 'all_ofproto_dpifs'. */ - struct ofproto up; - struct dpif_backer *backer; - - /* Special OpenFlow rules. */ - struct rule_dpif *miss_rule; /* Sends flow table misses to controller. */ - struct rule_dpif *no_packet_in_rule; /* Drops flow table misses. */ - struct rule_dpif *drop_frags_rule; /* Used in OFPC_FRAG_DROP mode. */ - - /* Bridging. */ - struct netflow *netflow; - struct dpif_sflow *sflow; - struct dpif_ipfix *ipfix; - struct hmap bundles; /* Contains "struct ofbundle"s. */ - struct mac_learning *ml; - struct ofmirror *mirrors[MAX_MIRRORS]; - bool has_mirrors; - bool has_bonded_bundles; - - /* Facets. */ - struct classifier facets; /* Contains 'struct facet's. */ - long long int consistency_rl; - - /* Revalidation. */ - struct table_dpif tables[N_TABLES]; - - /* Support for debugging async flow mods. */ - struct list completions; - - bool has_bundle_action; /* True when the first bundle action appears. */ - struct netdev_stats stats; /* To account packets generated and consumed in - * userspace. */ - - /* Spanning tree. */ - struct stp *stp; - long long int stp_last_tick; - - /* VLAN splinters. */ - struct hmap realdev_vid_map; /* (realdev,vid) -> vlandev. */ - struct hmap vlandev_map; /* vlandev -> (realdev,vid). */ - - /* Ports. */ - struct sset ports; /* Set of standard port names. */ - struct sset ghost_ports; /* Ports with no datapath port. */ - struct sset port_poll_set; /* Queued names for port_poll() reply. */ - int port_poll_errno; /* Last errno for port_poll() reply. */ - - /* Per ofproto's dpif stats. */ - uint64_t n_hit; - uint64_t n_missed; -}; - /* Defer flow mod completion until "ovs-appctl ofproto/unclog"? (Useful only * for debugging the asynchronous flow_mod implementation.) */ static bool clogged; @@ -759,24 +407,6 @@ static struct hmap all_ofproto_dpifs = HMAP_INITIALIZER(&all_ofproto_dpifs); static void ofproto_dpif_unixctl_init(void); -static struct ofproto_dpif * -ofproto_dpif_cast(const struct ofproto *ofproto) -{ - ovs_assert(ofproto->ofproto_class == &ofproto_dpif_class); - return CONTAINER_OF(ofproto, struct ofproto_dpif, up); -} - -static struct ofport_dpif *get_ofp_port(const struct ofproto_dpif *, - uint16_t ofp_port); -static struct ofport_dpif *get_odp_port(const struct ofproto_dpif *, - uint32_t odp_port); -static void ofproto_trace(struct ofproto_dpif *, const struct flow *, - const struct ofpbuf *, struct ds *); - -/* Packet processing. */ -static void update_learning_table(struct ofproto_dpif *, const struct flow *, - struct flow_wildcards *, int vlan, - struct ofbundle *); /* Upcalls. */ #define FLOW_MISS_MAX_BATCH 50 static int handle_upcalls(struct dpif_backer *, unsigned int max_batch); @@ -789,14 +419,7 @@ static void send_netflow_active_timeouts(struct ofproto_dpif *); /* Utilities. */ static int send_packet(const struct ofport_dpif *, struct ofpbuf *packet); -static size_t compose_sflow_action(const struct ofproto_dpif *, - struct ofpbuf *odp_actions, - const struct flow *, uint32_t odp_port); -static void compose_ipfix_action(const struct ofproto_dpif *, - struct ofpbuf *odp_actions, - const struct flow *); -static void add_mirror_actions(struct xlate_ctx *ctx, - const struct flow *flow); + /* Global variables. */ static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); @@ -1488,7 +1111,8 @@ add_internal_flow(struct ofproto_dpif *ofproto, int id, return error; } - *rulep = rule_dpif_lookup__(ofproto, &fm.match.flow, NULL, TBL_INTERNAL); + *rulep = rule_dpif_lookup_in_table(ofproto, &fm.match.flow, NULL, + TBL_INTERNAL); ovs_assert(*rulep != NULL); return 0; @@ -2334,6 +1958,13 @@ stp_process_packet(const struct ofport_dpif *ofport, } } +int +ofproto_dpif_queue_to_priority(const struct ofproto_dpif *ofproto, + uint32_t queue_id, uint32_t *priority) +{ + return dpif_queue_to_priority(ofproto->backer->dpif, queue_id, priority); +} + static struct priority_to_dscp * get_priority(const struct ofport_dpif *ofport, uint32_t priority) { @@ -2349,6 +1980,15 @@ get_priority(const struct ofport_dpif *ofport, uint32_t priority) return NULL; } +bool +ofproto_dpif_dscp_from_priority(const struct ofport_dpif *ofport, + uint32_t priority, uint8_t *dscp) +{ + struct priority_to_dscp *pdscp = get_priority(ofport, priority); + *dscp = pdscp ? pdscp->dscp : 0; + return pdscp != NULL; +} + static void ofport_clear_priorities(struct ofport_dpif *ofport) { @@ -3162,14 +2802,14 @@ set_mac_table_config(struct ofproto *ofproto_, unsigned int idle_time, /* Ports. */ -static struct ofport_dpif * +struct ofport_dpif * get_ofp_port(const struct ofproto_dpif *ofproto, uint16_t ofp_port) { struct ofport *ofport = ofproto_get_port(&ofproto->up, ofp_port); return ofport ? ofport_dpif_cast(ofport) : NULL; } -static struct ofport_dpif * +struct ofport_dpif * get_odp_port(const struct ofproto_dpif *ofproto, uint32_t odp_port) { struct ofport_dpif *port = odp_port_to_ofport(ofproto->backer, odp_port); @@ -3186,10 +2826,11 @@ ofproto_port_from_dpif_port(struct ofproto_dpif *ofproto, ofproto_port->ofp_port = odp_port_to_ofp_port(ofproto, dpif_port->port_no); } -static struct ofport_dpif * +struct ofport_dpif * ofport_get_peer(const struct ofport_dpif *ofport_dpif) { const struct ofproto_dpif *ofproto; + const struct dpif_backer *backer; const char *peer; peer = netdev_vport_patch_peer(ofport_dpif->up.netdev); @@ -3197,11 +2838,16 @@ ofport_get_peer(const struct ofport_dpif *ofport_dpif) return NULL; } + backer = ofproto_dpif_cast(ofport_dpif->up.ofproto)->backer; HMAP_FOR_EACH (ofproto, all_ofproto_dpifs_node, &all_ofproto_dpifs) { struct ofport *ofport; + if (ofproto->backer != backer) { + continue; + } + ofport = shash_find_data(&ofproto->up.port_by_name, peer); - if (ofport && ofport->ofproto->ofproto_class == &ofproto_dpif_class) { + if (ofport) { return ofport_dpif_cast(ofport); } } @@ -3588,7 +3234,7 @@ send_packet_in_miss(struct ofproto_dpif *ofproto, const struct ofpbuf *packet, connmgr_send_packet_in(ofproto->up.connmgr, &pin); } -static enum slow_path_reason +enum slow_path_reason process_special(struct ofproto_dpif *ofproto, const struct flow *flow, const struct ofport_dpif *ofport, const struct ofpbuf *packet) { @@ -5204,7 +4850,7 @@ push_all_stats(void) push_all_stats__(true); } -static void +void rule_credit_stats(struct rule_dpif *rule, const struct dpif_flow_stats *stats) { rule->packet_count += stats->n_packets; @@ -5461,7 +5107,7 @@ rule_dpif_lookup(struct ofproto_dpif *ofproto, const struct flow *flow, { struct rule_dpif *rule; - rule = rule_dpif_lookup__(ofproto, flow, wc, 0); + rule = rule_dpif_lookup_in_table(ofproto, flow, wc, 0); if (rule) { return rule; } @@ -5469,9 +5115,10 @@ rule_dpif_lookup(struct ofproto_dpif *ofproto, const struct flow *flow, return rule_dpif_miss_rule(ofproto, flow); } -static struct rule_dpif * -rule_dpif_lookup__(struct ofproto_dpif *ofproto, const struct flow *flow, - struct flow_wildcards *wc, uint8_t table_id) +struct rule_dpif * +rule_dpif_lookup_in_table(struct ofproto_dpif *ofproto, + const struct flow *flow, struct flow_wildcards *wc, + uint8_t table_id) { struct cls_rule *cls_rule; struct classifier *cls; @@ -5500,7 +5147,7 @@ rule_dpif_lookup__(struct ofproto_dpif *ofproto, const struct flow *flow, return rule_dpif_cast(rule_from_cls_rule(cls_rule)); } -static struct rule_dpif * +struct rule_dpif * rule_dpif_miss_rule(struct ofproto_dpif *ofproto, const struct flow *flow) { struct ofport_dpif *port; @@ -5716,13 +5363,6 @@ send_packet(const struct ofport_dpif *ofport, struct ofpbuf *packet) ofproto->stats.tx_bytes += packet->size; return error; } - -/* OpenFlow to datapath action translation. */ - -static bool may_receive(const struct ofport_dpif *, struct xlate_ctx *); -static void do_xlate_actions(const struct ofpact *, size_t ofpacts_len, - struct xlate_ctx *); -static void xlate_normal(struct xlate_ctx *); /* Composes an ODP action for a "slow path" action for 'flow' within 'ofproto'. * The action will state 'slow' as the reason that the action is in the slow @@ -5759,7 +5399,7 @@ compose_slow_path(const struct ofproto_dpif *ofproto, const struct flow *flow, *actions_lenp = buf.size; } -static size_t +size_t put_userspace_action(const struct ofproto_dpif *ofproto, struct ofpbuf *odp_actions, const struct flow *flow, @@ -5774,2103 +5414,160 @@ put_userspace_action(const struct ofproto_dpif *ofproto, return odp_put_userspace_action(pid, cookie, cookie_size, odp_actions); } -/* Compose SAMPLE action for sFlow or IPFIX. The given probability is - * the number of packets out of UINT32_MAX to sample. The given - * cookie is passed back in the callback for each sampled packet. - */ -static size_t -compose_sample_action(const struct ofproto_dpif *ofproto, - struct ofpbuf *odp_actions, - const struct flow *flow, - const uint32_t probability, - const union user_action_cookie *cookie, - const size_t cookie_size) + +static void +update_mirror_stats(struct ofproto_dpif *ofproto, mirror_mask_t mirrors, + uint64_t packets, uint64_t bytes) { - size_t sample_offset, actions_offset; - int cookie_offset; + if (!mirrors) { + return; + } + + for (; mirrors; mirrors = zero_rightmost_1bit(mirrors)) { + struct ofmirror *m; + + m = ofproto->mirrors[mirror_mask_ffs(mirrors) - 1]; - sample_offset = nl_msg_start_nested(odp_actions, OVS_ACTION_ATTR_SAMPLE); + if (!m) { + /* In normal circumstances 'm' will not be NULL. However, + * if mirrors are reconfigured, we can temporarily get out + * of sync in facet_revalidate(). We could "correct" the + * mirror list before reaching here, but doing that would + * not properly account the traffic stats we've currently + * accumulated for previous mirror configuration. */ + continue; + } - nl_msg_put_u32(odp_actions, OVS_SAMPLE_ATTR_PROBABILITY, probability); + m->packet_count += packets; + m->byte_count += bytes; + } +} - actions_offset = nl_msg_start_nested(odp_actions, OVS_SAMPLE_ATTR_ACTIONS); - cookie_offset = put_userspace_action(ofproto, odp_actions, flow, cookie, - cookie_size); + +/* Optimized flow revalidation. + * + * It's a difficult problem, in general, to tell which facets need to have + * their actions recalculated whenever the OpenFlow flow table changes. We + * don't try to solve that general problem: for most kinds of OpenFlow flow + * table changes, we recalculate the actions for every facet. This is + * relatively expensive, but it's good enough if the OpenFlow flow table + * doesn't change very often. + * + * However, we can expect one particular kind of OpenFlow flow table change to + * happen frequently: changes caused by MAC learning. To avoid wasting a lot + * of CPU on revalidating every facet whenever MAC learning modifies the flow + * table, we add a special case that applies to flow tables in which every rule + * has the same form (that is, the same wildcards), except that the table is + * also allowed to have a single "catch-all" flow that matches all packets. We + * optimize this case by tagging all of the facets that resubmit into the table + * and invalidating the same tag whenever a flow changes in that table. The + * end result is that we revalidate just the facets that need it (and sometimes + * a few more, but not all of the facets or even all of the facets that + * resubmit to the table modified by MAC learning). */ - nl_msg_end_nested(odp_actions, actions_offset); - nl_msg_end_nested(odp_actions, sample_offset); - return cookie_offset; +/* Calculates the tag to use for 'flow' and mask 'mask' when it is inserted + * into an OpenFlow table with the given 'basis'. */ +tag_type +rule_calculate_tag(const struct flow *flow, const struct minimask *mask, + uint32_t secret) +{ + if (minimask_is_catchall(mask)) { + return 0; + } else { + uint32_t hash = flow_hash_in_minimask(flow, mask, secret); + return tag_create_deterministic(hash); + } } +/* Following a change to OpenFlow table 'table_id' in 'ofproto', update the + * taggability of that table. + * + * This function must be called after *each* change to a flow table. If you + * skip calling it on some changes then the pointer comparisons at the end can + * be invalid if you get unlucky. For example, if a flow removal causes a + * cls_table to be destroyed and then a flow insertion causes a cls_table with + * different wildcards to be created with the same address, then this function + * will incorrectly skip revalidation. */ static void -compose_sflow_cookie(const struct ofproto_dpif *ofproto, - ovs_be16 vlan_tci, uint32_t odp_port, - unsigned int n_outputs, union user_action_cookie *cookie) +table_update_taggable(struct ofproto_dpif *ofproto, uint8_t table_id) { - int ifindex; + struct table_dpif *table = &ofproto->tables[table_id]; + const struct oftable *oftable = &ofproto->up.tables[table_id]; + struct cls_table *catchall, *other; + struct cls_table *t; - cookie->type = USER_ACTION_COOKIE_SFLOW; - cookie->sflow.vlan_tci = vlan_tci; + catchall = other = NULL; - /* See http://www.sflow.org/sflow_version_5.txt (search for "Input/output - * port information") for the interpretation of cookie->output. */ - switch (n_outputs) { + switch (hmap_count(&oftable->cls.tables)) { case 0: - /* 0x40000000 | 256 means "packet dropped for unknown reason". */ - cookie->sflow.output = 0x40000000 | 256; + /* We could tag this OpenFlow table but it would make the logic a + * little harder and it's a corner case that doesn't seem worth it + * yet. */ break; case 1: - ifindex = dpif_sflow_odp_port_to_ifindex(ofproto->sflow, odp_port); - if (ifindex) { - cookie->sflow.output = ifindex; - break; + case 2: + HMAP_FOR_EACH (t, hmap_node, &oftable->cls.tables) { + if (cls_table_is_catchall(t)) { + catchall = t; + } else if (!other) { + other = t; + } else { + /* Indicate that we can't tag this by setting both tables to + * NULL. (We know that 'catchall' is already NULL.) */ + other = NULL; + } } - /* Fall through. */ + break; + default: - /* 0x80000000 means "multiple output ports. */ - cookie->sflow.output = 0x80000000 | n_outputs; + /* Can't tag this table. */ break; } -} - -/* Compose SAMPLE action for sFlow bridge sampling. */ -static size_t -compose_sflow_action(const struct ofproto_dpif *ofproto, - struct ofpbuf *odp_actions, - const struct flow *flow, - uint32_t odp_port) -{ - uint32_t probability; - union user_action_cookie cookie; - if (!ofproto->sflow || flow->in_port == OFPP_NONE) { - return 0; + if (table->catchall_table != catchall || table->other_table != other) { + table->catchall_table = catchall; + table->other_table = other; + ofproto->backer->need_revalidate = REV_FLOW_TABLE; } - - probability = dpif_sflow_get_probability(ofproto->sflow); - compose_sflow_cookie(ofproto, htons(0), odp_port, - odp_port == OVSP_NONE ? 0 : 1, &cookie); - - return compose_sample_action(ofproto, odp_actions, flow, probability, - &cookie, sizeof cookie.sflow); } +/* Given 'rule' that has changed in some way (either it is a rule being + * inserted, a rule being deleted, or a rule whose actions are being + * modified), marks facets for revalidation to ensure that packets will be + * forwarded correctly according to the new state of the flow table. + * + * This function must be called after *each* change to a flow table. See + * the comment on table_update_taggable() for more information. */ static void -compose_flow_sample_cookie(uint16_t probability, uint32_t collector_set_id, - uint32_t obs_domain_id, uint32_t obs_point_id, - union user_action_cookie *cookie) +rule_invalidate(const struct rule_dpif *rule) { - cookie->type = USER_ACTION_COOKIE_FLOW_SAMPLE; - cookie->flow_sample.probability = probability; - cookie->flow_sample.collector_set_id = collector_set_id; - cookie->flow_sample.obs_domain_id = obs_domain_id; - cookie->flow_sample.obs_point_id = obs_point_id; -} + struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); -static void -compose_ipfix_cookie(union user_action_cookie *cookie) -{ - cookie->type = USER_ACTION_COOKIE_IPFIX; -} + table_update_taggable(ofproto, rule->up.table_id); -/* Compose SAMPLE action for IPFIX bridge sampling. */ -static void -compose_ipfix_action(const struct ofproto_dpif *ofproto, - struct ofpbuf *odp_actions, - const struct flow *flow) -{ - uint32_t probability; - union user_action_cookie cookie; + if (!ofproto->backer->need_revalidate) { + struct table_dpif *table = &ofproto->tables[rule->up.table_id]; - if (!ofproto->ipfix || flow->in_port == OFPP_NONE) { - return; + if (table->other_table && rule->tag) { + tag_set_add(&ofproto->backer->revalidate_set, rule->tag); + } else { + ofproto->backer->need_revalidate = REV_FLOW_TABLE; + } } - - probability = dpif_ipfix_get_bridge_exporter_probability(ofproto->ipfix); - compose_ipfix_cookie(&cookie); - - compose_sample_action(ofproto, odp_actions, flow, probability, - &cookie, sizeof cookie.ipfix); -} - -/* SAMPLE action for sFlow must be first action in any given list of - * actions. At this point we do not have all information required to - * build it. So try to build sample action as complete as possible. */ -static void -add_sflow_action(struct xlate_ctx *ctx) -{ - ctx->user_cookie_offset = compose_sflow_action(ctx->ofproto, - &ctx->xout->odp_actions, - &ctx->xin->flow, OVSP_NONE); - ctx->sflow_odp_port = 0; - ctx->sflow_n_outputs = 0; } - -/* SAMPLE action for IPFIX must be 1st or 2nd action in any given list - * of actions, eventually after the SAMPLE action for sFlow. */ -static void -add_ipfix_action(struct xlate_ctx *ctx) + +static bool +set_frag_handling(struct ofproto *ofproto_, + enum ofp_config_flags frag_handling) { - compose_ipfix_action(ctx->ofproto, &ctx->xout->odp_actions, - &ctx->xin->flow); -} - -/* Fix SAMPLE action according to data collected while composing ODP actions. - * We need to fix SAMPLE actions OVS_SAMPLE_ATTR_ACTIONS attribute, i.e. nested - * USERSPACE action's user-cookie which is required for sflow. */ -static void -fix_sflow_action(struct xlate_ctx *ctx) -{ - const struct flow *base = &ctx->base_flow; - union user_action_cookie *cookie; - - if (!ctx->user_cookie_offset) { - return; - } - - cookie = ofpbuf_at(&ctx->xout->odp_actions, ctx->user_cookie_offset, - sizeof cookie->sflow); - ovs_assert(cookie->type == USER_ACTION_COOKIE_SFLOW); - - compose_sflow_cookie(ctx->ofproto, base->vlan_tci, - ctx->sflow_odp_port, ctx->sflow_n_outputs, cookie); -} - -static void -compose_output_action__(struct xlate_ctx *ctx, uint16_t ofp_port, - bool check_stp) -{ - const struct ofport_dpif *ofport = get_ofp_port(ctx->ofproto, ofp_port); - ovs_be16 flow_vlan_tci; - uint32_t flow_skb_mark; - uint8_t flow_nw_tos; - struct priority_to_dscp *pdscp; - uint32_t out_port, odp_port; - - /* If 'struct flow' gets additional metadata, we'll need to zero it out - * before traversing a patch port. */ - BUILD_ASSERT_DECL(FLOW_WC_SEQ == 20); - - if (!ofport) { - xlate_report(ctx, "Nonexistent output port"); - return; - } else if (ofport->up.pp.config & OFPUTIL_PC_NO_FWD) { - xlate_report(ctx, "OFPPC_NO_FWD set, skipping output"); - return; - } else if (check_stp && !stp_forward_in_state(ofport->stp_state)) { - xlate_report(ctx, "STP not in forwarding state, skipping output"); - return; - } - - if (netdev_vport_is_patch(ofport->up.netdev)) { - struct ofport_dpif *peer = ofport_get_peer(ofport); - struct flow old_flow = ctx->xin->flow; - const struct ofproto_dpif *peer_ofproto; - enum slow_path_reason special; - struct ofport_dpif *in_port; - - if (!peer) { - xlate_report(ctx, "Nonexistent patch port peer"); - return; - } - - peer_ofproto = ofproto_dpif_cast(peer->up.ofproto); - if (peer_ofproto->backer != ctx->ofproto->backer) { - xlate_report(ctx, "Patch port peer on a different datapath"); - return; - } - - ctx->ofproto = ofproto_dpif_cast(peer->up.ofproto); - ctx->xin->flow.in_port = peer->up.ofp_port; - ctx->xin->flow.metadata = htonll(0); - memset(&ctx->xin->flow.tunnel, 0, sizeof ctx->xin->flow.tunnel); - memset(ctx->xin->flow.regs, 0, sizeof ctx->xin->flow.regs); - - in_port = get_ofp_port(ctx->ofproto, ctx->xin->flow.in_port); - special = process_special(ctx->ofproto, &ctx->xin->flow, in_port, - ctx->xin->packet); - if (special) { - ctx->xout->slow = special; - } else if (!in_port || may_receive(in_port, ctx)) { - if (!in_port || stp_forward_in_state(in_port->stp_state)) { - xlate_table_action(ctx, ctx->xin->flow.in_port, 0, true); - } else { - /* Forwarding is disabled by STP. Let OFPP_NORMAL and the - * learning action look at the packet, then drop it. */ - struct flow old_base_flow = ctx->base_flow; - size_t old_size = ctx->xout->odp_actions.size; - xlate_table_action(ctx, ctx->xin->flow.in_port, 0, true); - ctx->base_flow = old_base_flow; - ctx->xout->odp_actions.size = old_size; - } - } - - ctx->xin->flow = old_flow; - ctx->ofproto = ofproto_dpif_cast(ofport->up.ofproto); - - if (ctx->xin->resubmit_stats) { - netdev_vport_inc_tx(ofport->up.netdev, ctx->xin->resubmit_stats); - netdev_vport_inc_rx(peer->up.netdev, ctx->xin->resubmit_stats); - } - - return; - } - - flow_vlan_tci = ctx->xin->flow.vlan_tci; - flow_skb_mark = ctx->xin->flow.skb_mark; - flow_nw_tos = ctx->xin->flow.nw_tos; - - pdscp = get_priority(ofport, ctx->xin->flow.skb_priority); - if (pdscp) { - ctx->xin->flow.nw_tos &= ~IP_DSCP_MASK; - ctx->xin->flow.nw_tos |= pdscp->dscp; - } - - if (ofport->tnl_port) { - /* Save tunnel metadata so that changes made due to - * the Logical (tunnel) Port are not visible for any further - * matches, while explicit set actions on tunnel metadata are. - */ - struct flow_tnl flow_tnl = ctx->xin->flow.tunnel; - odp_port = tnl_port_send(ofport->tnl_port, &ctx->xin->flow); - if (odp_port == OVSP_NONE) { - xlate_report(ctx, "Tunneling decided against output"); - goto out; /* restore flow_nw_tos */ - } - if (ctx->xin->flow.tunnel.ip_dst == ctx->orig_tunnel_ip_dst) { - xlate_report(ctx, "Not tunneling to our own address"); - goto out; /* restore flow_nw_tos */ - } - if (ctx->xin->resubmit_stats) { - netdev_vport_inc_tx(ofport->up.netdev, ctx->xin->resubmit_stats); - } - out_port = odp_port; - commit_odp_tunnel_action(&ctx->xin->flow, &ctx->base_flow, - &ctx->xout->odp_actions); - ctx->xin->flow.tunnel = flow_tnl; /* Restore tunnel metadata */ - } else { - uint16_t vlandev_port; - odp_port = ofport->odp_port; - vlandev_port = vsp_realdev_to_vlandev(ctx->ofproto, ofp_port, - ctx->xin->flow.vlan_tci); - if (vlandev_port == ofp_port) { - out_port = odp_port; - } else { - out_port = ofp_port_to_odp_port(ctx->ofproto, vlandev_port); - ctx->xin->flow.vlan_tci = htons(0); - } - ctx->xin->flow.skb_mark &= ~IPSEC_MARK; - } - commit_odp_actions(&ctx->xin->flow, &ctx->base_flow, - &ctx->xout->odp_actions); - nl_msg_put_u32(&ctx->xout->odp_actions, OVS_ACTION_ATTR_OUTPUT, out_port); - - ctx->sflow_odp_port = odp_port; - ctx->sflow_n_outputs++; - ctx->xout->nf_output_iface = ofp_port; - - /* Restore flow */ - ctx->xin->flow.vlan_tci = flow_vlan_tci; - ctx->xin->flow.skb_mark = flow_skb_mark; - out: - ctx->xin->flow.nw_tos = flow_nw_tos; -} - -static void -compose_output_action(struct xlate_ctx *ctx, uint16_t ofp_port) -{ - compose_output_action__(ctx, ofp_port, true); -} - -static void -tag_the_flow(struct xlate_ctx *ctx, struct rule_dpif *rule) -{ - struct ofproto_dpif *ofproto = ctx->ofproto; - uint8_t table_id = ctx->table_id; - - if (table_id > 0 && table_id < N_TABLES) { - struct table_dpif *table = &ofproto->tables[table_id]; - if (table->other_table) { - ctx->xout->tags |= (rule && rule->tag - ? rule->tag - : rule_calculate_tag(&ctx->xin->flow, - &table->other_table->mask, - table->basis)); - } - } -} - -/* Common rule processing in one place to avoid duplicating code. */ -static struct rule_dpif * -ctx_rule_hooks(struct xlate_ctx *ctx, struct rule_dpif *rule, - bool may_packet_in) -{ - if (ctx->xin->resubmit_hook) { - ctx->xin->resubmit_hook(ctx, rule); - } - if (rule == NULL && may_packet_in) { - /* XXX - * check if table configuration flags - * OFPTC_TABLE_MISS_CONTROLLER, default. - * OFPTC_TABLE_MISS_CONTINUE, - * OFPTC_TABLE_MISS_DROP - * When OF1.0, OFPTC_TABLE_MISS_CONTINUE is used. What to do? - */ - rule = rule_dpif_miss_rule(ctx->ofproto, &ctx->xin->flow); - } - if (rule && ctx->xin->resubmit_stats) { - rule_credit_stats(rule, ctx->xin->resubmit_stats); - } - return rule; -} - -static void -xlate_table_action(struct xlate_ctx *ctx, - uint16_t in_port, uint8_t table_id, bool may_packet_in) -{ - if (ctx->recurse < MAX_RESUBMIT_RECURSION) { - struct rule_dpif *rule; - uint16_t old_in_port = ctx->xin->flow.in_port; - uint8_t old_table_id = ctx->table_id; - - ctx->table_id = table_id; - - /* Look up a flow with 'in_port' as the input port. */ - ctx->xin->flow.in_port = in_port; - rule = rule_dpif_lookup__(ctx->ofproto, &ctx->xin->flow, - &ctx->xout->wc, table_id); - - tag_the_flow(ctx, rule); - - /* Restore the original input port. Otherwise OFPP_NORMAL and - * OFPP_IN_PORT will have surprising behavior. */ - ctx->xin->flow.in_port = old_in_port; - - rule = ctx_rule_hooks(ctx, rule, may_packet_in); - - if (rule) { - struct rule_dpif *old_rule = ctx->rule; - - ctx->recurse++; - ctx->rule = rule; - do_xlate_actions(rule->up.ofpacts, rule->up.ofpacts_len, ctx); - ctx->rule = old_rule; - ctx->recurse--; - } - - ctx->table_id = old_table_id; - } else { - static struct vlog_rate_limit recurse_rl = VLOG_RATE_LIMIT_INIT(1, 1); - - VLOG_ERR_RL(&recurse_rl, "resubmit actions recursed over %d times", - MAX_RESUBMIT_RECURSION); - ctx->max_resubmit_trigger = true; - } -} - -static void -xlate_ofpact_resubmit(struct xlate_ctx *ctx, - const struct ofpact_resubmit *resubmit) -{ - uint16_t in_port; - uint8_t table_id; - - in_port = resubmit->in_port; - if (in_port == OFPP_IN_PORT) { - in_port = ctx->xin->flow.in_port; - } - - table_id = resubmit->table_id; - if (table_id == 255) { - table_id = ctx->table_id; - } - - xlate_table_action(ctx, in_port, table_id, false); -} - -static void -flood_packets(struct xlate_ctx *ctx, bool all) -{ - struct ofport_dpif *ofport; - - HMAP_FOR_EACH (ofport, up.hmap_node, &ctx->ofproto->up.ports) { - uint16_t ofp_port = ofport->up.ofp_port; - - if (ofp_port == ctx->xin->flow.in_port) { - continue; - } - - if (all) { - compose_output_action__(ctx, ofp_port, false); - } else if (!(ofport->up.pp.config & OFPUTIL_PC_NO_FLOOD)) { - compose_output_action(ctx, ofp_port); - } - } - - ctx->xout->nf_output_iface = NF_OUT_FLOOD; -} - -static void -execute_controller_action(struct xlate_ctx *ctx, int len, - enum ofp_packet_in_reason reason, - uint16_t controller_id) -{ - struct ofputil_packet_in pin; - struct ofpbuf *packet; - struct flow key; - - ovs_assert(!ctx->xout->slow || ctx->xout->slow == SLOW_CONTROLLER); - ctx->xout->slow = SLOW_CONTROLLER; - if (!ctx->xin->packet) { - return; - } - - packet = ofpbuf_clone(ctx->xin->packet); - - key.skb_priority = 0; - key.skb_mark = 0; - memset(&key.tunnel, 0, sizeof key.tunnel); - - commit_odp_actions(&ctx->xin->flow, &ctx->base_flow, - &ctx->xout->odp_actions); - - odp_execute_actions(NULL, packet, &key, ctx->xout->odp_actions.data, - ctx->xout->odp_actions.size, NULL, NULL); - - pin.packet = packet->data; - pin.packet_len = packet->size; - pin.reason = reason; - pin.controller_id = controller_id; - pin.table_id = ctx->table_id; - pin.cookie = ctx->rule ? ctx->rule->up.flow_cookie : 0; - - pin.send_len = len; - flow_get_metadata(&ctx->xin->flow, &pin.fmd); - - connmgr_send_packet_in(ctx->ofproto->up.connmgr, &pin); - ofpbuf_delete(packet); -} - -static void -execute_mpls_push_action(struct xlate_ctx *ctx, ovs_be16 eth_type) -{ - ovs_assert(eth_type_mpls(eth_type)); - - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - memset(&ctx->xout->wc.masks.mpls_lse, 0xff, - sizeof ctx->xout->wc.masks.mpls_lse); - memset(&ctx->xout->wc.masks.mpls_depth, 0xff, - sizeof ctx->xout->wc.masks.mpls_depth); - - if (ctx->base_flow.mpls_depth) { - ctx->xin->flow.mpls_lse &= ~htonl(MPLS_BOS_MASK); - ctx->xin->flow.mpls_depth++; - } else { - ovs_be32 label; - uint8_t tc, ttl; - - if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IPV6)) { - label = htonl(0x2); /* IPV6 Explicit Null. */ - } else { - label = htonl(0x0); /* IPV4 Explicit Null. */ - } - tc = (ctx->xin->flow.nw_tos & IP_DSCP_MASK) >> 2; - ttl = ctx->xin->flow.nw_ttl ? ctx->xin->flow.nw_ttl : 0x40; - ctx->xin->flow.mpls_lse = set_mpls_lse_values(ttl, tc, 1, label); - ctx->xin->flow.mpls_depth = 1; - } - ctx->xin->flow.dl_type = eth_type; -} - -static void -execute_mpls_pop_action(struct xlate_ctx *ctx, ovs_be16 eth_type) -{ - ovs_assert(eth_type_mpls(ctx->xin->flow.dl_type)); - ovs_assert(!eth_type_mpls(eth_type)); - - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - memset(&ctx->xout->wc.masks.mpls_lse, 0xff, - sizeof ctx->xout->wc.masks.mpls_lse); - memset(&ctx->xout->wc.masks.mpls_depth, 0xff, - sizeof ctx->xout->wc.masks.mpls_depth); - - if (ctx->xin->flow.mpls_depth) { - ctx->xin->flow.mpls_depth--; - ctx->xin->flow.mpls_lse = htonl(0); - if (!ctx->xin->flow.mpls_depth) { - ctx->xin->flow.dl_type = eth_type; - } - } -} - -static bool -compose_dec_ttl(struct xlate_ctx *ctx, struct ofpact_cnt_ids *ids) -{ - if (ctx->xin->flow.dl_type != htons(ETH_TYPE_IP) && - ctx->xin->flow.dl_type != htons(ETH_TYPE_IPV6)) { - return false; - } - - if (ctx->xin->flow.nw_ttl > 1) { - ctx->xin->flow.nw_ttl--; - return false; - } else { - size_t i; - - for (i = 0; i < ids->n_controllers; i++) { - execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL, - ids->cnt_ids[i]); - } - - /* Stop processing for current table. */ - return true; - } -} - -static bool -execute_set_mpls_ttl_action(struct xlate_ctx *ctx, uint8_t ttl) -{ - if (!eth_type_mpls(ctx->xin->flow.dl_type)) { - return true; - } - - set_mpls_lse_ttl(&ctx->xin->flow.mpls_lse, ttl); - return false; -} - -static bool -execute_dec_mpls_ttl_action(struct xlate_ctx *ctx) -{ - uint8_t ttl = mpls_lse_to_ttl(ctx->xin->flow.mpls_lse); - - if (!eth_type_mpls(ctx->xin->flow.dl_type)) { - return false; - } - - if (ttl > 1) { - ttl--; - set_mpls_lse_ttl(&ctx->xin->flow.mpls_lse, ttl); - return false; - } else { - execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL, 0); - - /* Stop processing for current table. */ - return true; - } -} - -static void -xlate_output_action(struct xlate_ctx *ctx, - uint16_t port, uint16_t max_len, bool may_packet_in) -{ - uint16_t prev_nf_output_iface = ctx->xout->nf_output_iface; - - ctx->xout->nf_output_iface = NF_OUT_DROP; - - switch (port) { - case OFPP_IN_PORT: - compose_output_action(ctx, ctx->xin->flow.in_port); - break; - case OFPP_TABLE: - xlate_table_action(ctx, ctx->xin->flow.in_port, 0, may_packet_in); - break; - case OFPP_NORMAL: - xlate_normal(ctx); - break; - case OFPP_FLOOD: - flood_packets(ctx, false); - break; - case OFPP_ALL: - flood_packets(ctx, true); - break; - case OFPP_CONTROLLER: - execute_controller_action(ctx, max_len, OFPR_ACTION, 0); - break; - case OFPP_NONE: - break; - case OFPP_LOCAL: - default: - if (port != ctx->xin->flow.in_port) { - compose_output_action(ctx, port); - } else { - xlate_report(ctx, "skipping output to input port"); - } - break; - } - - if (prev_nf_output_iface == NF_OUT_FLOOD) { - ctx->xout->nf_output_iface = NF_OUT_FLOOD; - } else if (ctx->xout->nf_output_iface == NF_OUT_DROP) { - ctx->xout->nf_output_iface = prev_nf_output_iface; - } else if (prev_nf_output_iface != NF_OUT_DROP && - ctx->xout->nf_output_iface != NF_OUT_FLOOD) { - ctx->xout->nf_output_iface = NF_OUT_MULTI; - } -} - -static void -xlate_output_reg_action(struct xlate_ctx *ctx, - const struct ofpact_output_reg *or) -{ - uint64_t port = mf_get_subfield(&or->src, &ctx->xin->flow); - if (port <= UINT16_MAX) { - union mf_subvalue value; - - memset(&value, 0xff, sizeof value); - mf_write_subfield_flow(&or->src, &value, &ctx->xout->wc.masks); - xlate_output_action(ctx, port, or->max_len, false); - } -} - -static void -xlate_enqueue_action(struct xlate_ctx *ctx, - const struct ofpact_enqueue *enqueue) -{ - uint16_t ofp_port = enqueue->port; - uint32_t queue_id = enqueue->queue; - uint32_t flow_priority, priority; - int error; - - /* Translate queue to priority. */ - error = dpif_queue_to_priority(ctx->ofproto->backer->dpif, - queue_id, &priority); - if (error) { - /* Fall back to ordinary output action. */ - xlate_output_action(ctx, enqueue->port, 0, false); - return; - } - - /* Check output port. */ - if (ofp_port == OFPP_IN_PORT) { - ofp_port = ctx->xin->flow.in_port; - } else if (ofp_port == ctx->xin->flow.in_port) { - return; - } - - /* Add datapath actions. */ - flow_priority = ctx->xin->flow.skb_priority; - ctx->xin->flow.skb_priority = priority; - compose_output_action(ctx, ofp_port); - ctx->xin->flow.skb_priority = flow_priority; - - /* Update NetFlow output port. */ - if (ctx->xout->nf_output_iface == NF_OUT_DROP) { - ctx->xout->nf_output_iface = ofp_port; - } else if (ctx->xout->nf_output_iface != NF_OUT_FLOOD) { - ctx->xout->nf_output_iface = NF_OUT_MULTI; - } -} - -static void -xlate_set_queue_action(struct xlate_ctx *ctx, uint32_t queue_id) -{ - uint32_t skb_priority; - - if (!dpif_queue_to_priority(ctx->ofproto->backer->dpif, - queue_id, &skb_priority)) { - ctx->xin->flow.skb_priority = skb_priority; - } else { - /* Couldn't translate queue to a priority. Nothing to do. A warning - * has already been logged. */ - } -} - -static bool -slave_enabled_cb(uint16_t ofp_port, void *ofproto_) -{ - struct ofproto_dpif *ofproto = ofproto_; - struct ofport_dpif *port; - - switch (ofp_port) { - case OFPP_IN_PORT: - case OFPP_TABLE: - case OFPP_NORMAL: - case OFPP_FLOOD: - case OFPP_ALL: - case OFPP_NONE: - return true; - case OFPP_CONTROLLER: /* Not supported by the bundle action. */ - return false; - default: - port = get_ofp_port(ofproto, ofp_port); - return port ? port->may_enable : false; - } -} - -static void -xlate_bundle_action(struct xlate_ctx *ctx, - const struct ofpact_bundle *bundle) -{ - uint16_t port; - - port = bundle_execute(bundle, &ctx->xin->flow, &ctx->xout->wc, - slave_enabled_cb, ctx->ofproto); - if (bundle->dst.field) { - nxm_reg_load(&bundle->dst, port, &ctx->xin->flow); - } else { - xlate_output_action(ctx, port, 0, false); - } -} - -static void -xlate_learn_action(struct xlate_ctx *ctx, - const struct ofpact_learn *learn) -{ - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); - struct ofputil_flow_mod fm; - uint64_t ofpacts_stub[1024 / 8]; - struct ofpbuf ofpacts; - int error; - - ctx->xout->has_learn = true; - - learn_mask(learn, &ctx->xout->wc); - - if (!ctx->xin->may_learn) { - return; - } - - ofpbuf_use_stack(&ofpacts, ofpacts_stub, sizeof ofpacts_stub); - learn_execute(learn, &ctx->xin->flow, &fm, &ofpacts); - - error = ofproto_flow_mod(&ctx->ofproto->up, &fm); - if (error && !VLOG_DROP_WARN(&rl)) { - VLOG_WARN("learning action failed to modify flow table (%s)", - ofperr_get_name(error)); - } - - ofpbuf_uninit(&ofpacts); -} - -/* Reduces '*timeout' to no more than 'max'. A value of zero in either case - * means "infinite". */ -static void -reduce_timeout(uint16_t max, uint16_t *timeout) -{ - if (max && (!*timeout || *timeout > max)) { - *timeout = max; - } -} - -static void -xlate_fin_timeout(struct xlate_ctx *ctx, - const struct ofpact_fin_timeout *oft) -{ - if (ctx->xin->tcp_flags & (TCP_FIN | TCP_RST) && ctx->rule) { - struct rule_dpif *rule = ctx->rule; - - reduce_timeout(oft->fin_idle_timeout, &rule->up.idle_timeout); - reduce_timeout(oft->fin_hard_timeout, &rule->up.hard_timeout); - } -} - -static void -xlate_sample_action(struct xlate_ctx *ctx, - const struct ofpact_sample *os) -{ - union user_action_cookie cookie; - /* Scale the probability from 16-bit to 32-bit while representing - * the same percentage. */ - uint32_t probability = (os->probability << 16) | os->probability; - - commit_odp_actions(&ctx->xin->flow, &ctx->base_flow, - &ctx->xout->odp_actions); - - compose_flow_sample_cookie(os->probability, os->collector_set_id, - os->obs_domain_id, os->obs_point_id, &cookie); - compose_sample_action(ctx->ofproto, &ctx->xout->odp_actions, &ctx->xin->flow, - probability, &cookie, sizeof cookie.flow_sample); -} - -static bool -may_receive(const struct ofport_dpif *port, struct xlate_ctx *ctx) -{ - if (port->up.pp.config & (eth_addr_equals(ctx->xin->flow.dl_dst, - eth_addr_stp) - ? OFPUTIL_PC_NO_RECV_STP - : OFPUTIL_PC_NO_RECV)) { - return false; - } - - /* Only drop packets here if both forwarding and learning are - * disabled. If just learning is enabled, we need to have - * OFPP_NORMAL and the learning action have a look at the packet - * before we can drop it. */ - if (!stp_forward_in_state(port->stp_state) - && !stp_learn_in_state(port->stp_state)) { - return false; - } - - return true; -} - -static bool -tunnel_ecn_ok(struct xlate_ctx *ctx) -{ - if (is_ip_any(&ctx->base_flow) - && (ctx->xin->flow.tunnel.ip_tos & IP_ECN_MASK) == IP_ECN_CE) { - if ((ctx->base_flow.nw_tos & IP_ECN_MASK) == IP_ECN_NOT_ECT) { - VLOG_WARN_RL(&rl, "dropping tunnel packet marked ECN CE" - " but is not ECN capable"); - return false; - } else { - /* Set the ECN CE value in the tunneled packet. */ - ctx->xin->flow.nw_tos |= IP_ECN_CE; - } - } - - return true; -} - -static void -do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, - struct xlate_ctx *ctx) -{ - bool was_evictable = true; - const struct ofpact *a; - - if (ctx->rule) { - /* Don't let the rule we're working on get evicted underneath us. */ - was_evictable = ctx->rule->up.evictable; - ctx->rule->up.evictable = false; - } - - do_xlate_actions_again: - OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) { - struct ofpact_controller *controller; - const struct ofpact_metadata *metadata; - - if (ctx->exit) { - break; - } - - switch (a->type) { - case OFPACT_OUTPUT: - xlate_output_action(ctx, ofpact_get_OUTPUT(a)->port, - ofpact_get_OUTPUT(a)->max_len, true); - break; - - case OFPACT_CONTROLLER: - controller = ofpact_get_CONTROLLER(a); - execute_controller_action(ctx, controller->max_len, - controller->reason, - controller->controller_id); - break; - - case OFPACT_ENQUEUE: - xlate_enqueue_action(ctx, ofpact_get_ENQUEUE(a)); - break; - - case OFPACT_SET_VLAN_VID: - ctx->xin->flow.vlan_tci &= ~htons(VLAN_VID_MASK); - ctx->xin->flow.vlan_tci |= - (htons(ofpact_get_SET_VLAN_VID(a)->vlan_vid) - | htons(VLAN_CFI)); - break; - - case OFPACT_SET_VLAN_PCP: - ctx->xin->flow.vlan_tci &= ~htons(VLAN_PCP_MASK); - ctx->xin->flow.vlan_tci |= - htons((ofpact_get_SET_VLAN_PCP(a)->vlan_pcp << VLAN_PCP_SHIFT) - | VLAN_CFI); - break; - - case OFPACT_STRIP_VLAN: - ctx->xin->flow.vlan_tci = htons(0); - break; - - case OFPACT_PUSH_VLAN: - /* XXX 802.1AD(QinQ) */ - ctx->xin->flow.vlan_tci = htons(VLAN_CFI); - break; - - case OFPACT_SET_ETH_SRC: - memcpy(ctx->xin->flow.dl_src, ofpact_get_SET_ETH_SRC(a)->mac, - ETH_ADDR_LEN); - break; - - case OFPACT_SET_ETH_DST: - memcpy(ctx->xin->flow.dl_dst, ofpact_get_SET_ETH_DST(a)->mac, - ETH_ADDR_LEN); - break; - - case OFPACT_SET_IPV4_SRC: - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IP)) { - ctx->xin->flow.nw_src = ofpact_get_SET_IPV4_SRC(a)->ipv4; - } - break; - - case OFPACT_SET_IPV4_DST: - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IP)) { - ctx->xin->flow.nw_dst = ofpact_get_SET_IPV4_DST(a)->ipv4; - } - break; - - case OFPACT_SET_IPV4_DSCP: - /* OpenFlow 1.0 only supports IPv4. */ - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IP)) { - ctx->xin->flow.nw_tos &= ~IP_DSCP_MASK; - ctx->xin->flow.nw_tos |= ofpact_get_SET_IPV4_DSCP(a)->dscp; - } - break; - - case OFPACT_SET_L4_SRC_PORT: - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - memset(&ctx->xout->wc.masks.nw_proto, 0xff, - sizeof ctx->xout->wc.masks.nw_proto); - if (is_ip_any(&ctx->xin->flow)) { - ctx->xin->flow.tp_src = - htons(ofpact_get_SET_L4_SRC_PORT(a)->port); - } - break; - - case OFPACT_SET_L4_DST_PORT: - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - memset(&ctx->xout->wc.masks.nw_proto, 0xff, - sizeof ctx->xout->wc.masks.nw_proto); - if (is_ip_any(&ctx->xin->flow)) { - ctx->xin->flow.tp_dst = - htons(ofpact_get_SET_L4_DST_PORT(a)->port); - } - break; - - case OFPACT_RESUBMIT: - xlate_ofpact_resubmit(ctx, ofpact_get_RESUBMIT(a)); - break; - - case OFPACT_SET_TUNNEL: - ctx->xin->flow.tunnel.tun_id = - htonll(ofpact_get_SET_TUNNEL(a)->tun_id); - break; - - case OFPACT_SET_QUEUE: - xlate_set_queue_action(ctx, ofpact_get_SET_QUEUE(a)->queue_id); - break; - - case OFPACT_POP_QUEUE: - memset(&ctx->xout->wc.masks.skb_priority, 0xff, - sizeof ctx->xout->wc.masks.skb_priority); - - ctx->xin->flow.skb_priority = ctx->orig_skb_priority; - break; - - case OFPACT_REG_MOVE: - nxm_execute_reg_move(ofpact_get_REG_MOVE(a), &ctx->xin->flow, - &ctx->xout->wc); - break; - - case OFPACT_REG_LOAD: - nxm_execute_reg_load(ofpact_get_REG_LOAD(a), &ctx->xin->flow); - break; - - case OFPACT_STACK_PUSH: - nxm_execute_stack_push(ofpact_get_STACK_PUSH(a), &ctx->xin->flow, - &ctx->xout->wc, &ctx->stack); - break; - - case OFPACT_STACK_POP: - nxm_execute_stack_pop(ofpact_get_STACK_POP(a), &ctx->xin->flow, - &ctx->stack); - break; - - case OFPACT_PUSH_MPLS: - execute_mpls_push_action(ctx, ofpact_get_PUSH_MPLS(a)->ethertype); - break; - - case OFPACT_POP_MPLS: - execute_mpls_pop_action(ctx, ofpact_get_POP_MPLS(a)->ethertype); - break; - - case OFPACT_SET_MPLS_TTL: - if (execute_set_mpls_ttl_action(ctx, - ofpact_get_SET_MPLS_TTL(a)->ttl)) { - goto out; - } - break; - - case OFPACT_DEC_MPLS_TTL: - if (execute_dec_mpls_ttl_action(ctx)) { - goto out; - } - break; - - case OFPACT_DEC_TTL: - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - if (compose_dec_ttl(ctx, ofpact_get_DEC_TTL(a))) { - goto out; - } - break; - - case OFPACT_NOTE: - /* Nothing to do. */ - break; - - case OFPACT_MULTIPATH: - multipath_execute(ofpact_get_MULTIPATH(a), &ctx->xin->flow, - &ctx->xout->wc); - break; - - case OFPACT_BUNDLE: - ctx->ofproto->has_bundle_action = true; - xlate_bundle_action(ctx, ofpact_get_BUNDLE(a)); - break; - - case OFPACT_OUTPUT_REG: - xlate_output_reg_action(ctx, ofpact_get_OUTPUT_REG(a)); - break; - - case OFPACT_LEARN: - xlate_learn_action(ctx, ofpact_get_LEARN(a)); - break; - - case OFPACT_EXIT: - ctx->exit = true; - break; - - case OFPACT_FIN_TIMEOUT: - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - memset(&ctx->xout->wc.masks.nw_proto, 0xff, - sizeof ctx->xout->wc.masks.nw_proto); - ctx->xout->has_fin_timeout = true; - xlate_fin_timeout(ctx, ofpact_get_FIN_TIMEOUT(a)); - break; - - case OFPACT_CLEAR_ACTIONS: - /* XXX - * Nothing to do because writa-actions is not supported for now. - * When writa-actions is supported, clear-actions also must - * be supported at the same time. - */ - break; - - case OFPACT_WRITE_METADATA: - metadata = ofpact_get_WRITE_METADATA(a); - ctx->xin->flow.metadata &= ~metadata->mask; - ctx->xin->flow.metadata |= metadata->metadata & metadata->mask; - break; - - case OFPACT_GOTO_TABLE: { - /* It is assumed that goto-table is the last action. */ - struct ofpact_goto_table *ogt = ofpact_get_GOTO_TABLE(a); - struct rule_dpif *rule; - - ovs_assert(ctx->table_id < ogt->table_id); - - ctx->table_id = ogt->table_id; - - /* Look up a flow from the new table. */ - rule = rule_dpif_lookup__(ctx->ofproto, &ctx->xin->flow, - &ctx->xout->wc, ctx->table_id); - - tag_the_flow(ctx, rule); - - rule = ctx_rule_hooks(ctx, rule, true); - - if (rule) { - if (ctx->rule) { - ctx->rule->up.evictable = was_evictable; - } - ctx->rule = rule; - was_evictable = rule->up.evictable; - rule->up.evictable = false; - - /* Tail recursion removal. */ - ofpacts = rule->up.ofpacts; - ofpacts_len = rule->up.ofpacts_len; - goto do_xlate_actions_again; - } - break; - } - - case OFPACT_SAMPLE: - xlate_sample_action(ctx, ofpact_get_SAMPLE(a)); - break; - } - } - -out: - if (ctx->rule) { - ctx->rule->up.evictable = was_evictable; - } -} - -static void -xlate_in_init(struct xlate_in *xin, struct ofproto_dpif *ofproto, - const struct flow *flow, struct rule_dpif *rule, - uint8_t tcp_flags, const struct ofpbuf *packet) -{ - xin->ofproto = ofproto; - xin->flow = *flow; - xin->packet = packet; - xin->may_learn = packet != NULL; - xin->rule = rule; - xin->ofpacts = NULL; - xin->ofpacts_len = 0; - xin->tcp_flags = tcp_flags; - xin->resubmit_hook = NULL; - xin->report_hook = NULL; - xin->resubmit_stats = NULL; -} - -static void -xlate_out_uninit(struct xlate_out *xout) -{ - if (xout) { - ofpbuf_uninit(&xout->odp_actions); - } -} - -/* Translates the 'ofpacts_len' bytes of "struct ofpacts" starting at 'ofpacts' - * into datapath actions in 'odp_actions', using 'ctx'. */ -static void -xlate_actions(struct xlate_in *xin, struct xlate_out *xout) -{ - /* Normally false. Set to true if we ever hit MAX_RESUBMIT_RECURSION, so - * that in the future we always keep a copy of the original flow for - * tracing purposes. */ - static bool hit_resubmit_limit; - - enum slow_path_reason special; - const struct ofpact *ofpacts; - struct ofport_dpif *in_port; - struct flow orig_flow; - struct xlate_ctx ctx; - size_t ofpacts_len; - - COVERAGE_INC(ofproto_dpif_xlate); - - /* Flow initialization rules: - * - 'base_flow' must match the kernel's view of the packet at the - * time that action processing starts. 'flow' represents any - * transformations we wish to make through actions. - * - By default 'base_flow' and 'flow' are the same since the input - * packet matches the output before any actions are applied. - * - When using VLAN splinters, 'base_flow''s VLAN is set to the value - * of the received packet as seen by the kernel. If we later output - * to another device without any modifications this will cause us to - * insert a new tag since the original one was stripped off by the - * VLAN device. - * - Tunnel metadata as received is retained in 'flow'. This allows - * tunnel metadata matching also in later tables. - * Since a kernel action for setting the tunnel metadata will only be - * generated with actual tunnel output, changing the tunnel metadata - * values in 'flow' (such as tun_id) will only have effect with a later - * tunnel output action. - * - Tunnel 'base_flow' is completely cleared since that is what the - * kernel does. If we wish to maintain the original values an action - * needs to be generated. */ - - ctx.xin = xin; - ctx.xout = xout; - - ctx.ofproto = xin->ofproto; - ctx.rule = xin->rule; - - ctx.base_flow = ctx.xin->flow; - memset(&ctx.base_flow.tunnel, 0, sizeof ctx.base_flow.tunnel); - ctx.orig_tunnel_ip_dst = ctx.xin->flow.tunnel.ip_dst; - - flow_wildcards_init_catchall(&ctx.xout->wc); - memset(&ctx.xout->wc.masks.in_port, 0xff, - sizeof ctx.xout->wc.masks.in_port); - - if (tnl_port_should_receive(&ctx.xin->flow)) { - memset(&ctx.xout->wc.masks.tunnel, 0xff, - sizeof ctx.xout->wc.masks.tunnel); - } - - /* Disable most wildcarding for NetFlow. */ - if (xin->ofproto->netflow) { - memset(&ctx.xout->wc.masks.dl_src, 0xff, - sizeof ctx.xout->wc.masks.dl_src); - memset(&ctx.xout->wc.masks.dl_dst, 0xff, - sizeof ctx.xout->wc.masks.dl_dst); - memset(&ctx.xout->wc.masks.dl_type, 0xff, - sizeof ctx.xout->wc.masks.dl_type); - memset(&ctx.xout->wc.masks.vlan_tci, 0xff, - sizeof ctx.xout->wc.masks.vlan_tci); - memset(&ctx.xout->wc.masks.nw_proto, 0xff, - sizeof ctx.xout->wc.masks.nw_proto); - memset(&ctx.xout->wc.masks.nw_src, 0xff, - sizeof ctx.xout->wc.masks.nw_src); - memset(&ctx.xout->wc.masks.nw_dst, 0xff, - sizeof ctx.xout->wc.masks.nw_dst); - memset(&ctx.xout->wc.masks.tp_src, 0xff, - sizeof ctx.xout->wc.masks.tp_src); - memset(&ctx.xout->wc.masks.tp_dst, 0xff, - sizeof ctx.xout->wc.masks.tp_dst); - } - - ctx.xout->tags = 0; - ctx.xout->slow = 0; - ctx.xout->has_learn = false; - ctx.xout->has_normal = false; - ctx.xout->has_fin_timeout = false; - ctx.xout->nf_output_iface = NF_OUT_DROP; - ctx.xout->mirrors = 0; - - ofpbuf_use_stub(&ctx.xout->odp_actions, ctx.xout->odp_actions_stub, - sizeof ctx.xout->odp_actions_stub); - ofpbuf_reserve(&ctx.xout->odp_actions, NL_A_U32_SIZE); - - ctx.recurse = 0; - ctx.max_resubmit_trigger = false; - ctx.orig_skb_priority = ctx.xin->flow.skb_priority; - ctx.table_id = 0; - ctx.exit = false; - - if (xin->ofpacts) { - ofpacts = xin->ofpacts; - ofpacts_len = xin->ofpacts_len; - } else if (xin->rule) { - ofpacts = xin->rule->up.ofpacts; - ofpacts_len = xin->rule->up.ofpacts_len; - } else { - NOT_REACHED(); - } - - ofpbuf_use_stub(&ctx.stack, ctx.init_stack, sizeof ctx.init_stack); - - if (ctx.ofproto->has_mirrors || hit_resubmit_limit) { - /* Do this conditionally because the copy is expensive enough that it - * shows up in profiles. */ - orig_flow = ctx.xin->flow; - } - - if (ctx.xin->flow.nw_frag & FLOW_NW_FRAG_ANY) { - switch (ctx.ofproto->up.frag_handling) { - case OFPC_FRAG_NORMAL: - /* We must pretend that transport ports are unavailable. */ - ctx.xin->flow.tp_src = ctx.base_flow.tp_src = htons(0); - ctx.xin->flow.tp_dst = ctx.base_flow.tp_dst = htons(0); - break; - - case OFPC_FRAG_DROP: - return; - - case OFPC_FRAG_REASM: - NOT_REACHED(); - - case OFPC_FRAG_NX_MATCH: - /* Nothing to do. */ - break; - - case OFPC_INVALID_TTL_TO_CONTROLLER: - NOT_REACHED(); - } - } - - in_port = get_ofp_port(ctx.ofproto, ctx.xin->flow.in_port); - special = process_special(ctx.ofproto, &ctx.xin->flow, in_port, - ctx.xin->packet); - if (special) { - ctx.xout->slow = special; - } else { - static struct vlog_rate_limit trace_rl = VLOG_RATE_LIMIT_INIT(1, 1); - size_t sample_actions_len; - uint32_t local_odp_port; - - if (ctx.xin->flow.in_port - != vsp_realdev_to_vlandev(ctx.ofproto, ctx.xin->flow.in_port, - ctx.xin->flow.vlan_tci)) { - ctx.base_flow.vlan_tci = 0; - } - - add_sflow_action(&ctx); - add_ipfix_action(&ctx); - sample_actions_len = ctx.xout->odp_actions.size; - - if (tunnel_ecn_ok(&ctx) && (!in_port || may_receive(in_port, &ctx))) { - do_xlate_actions(ofpacts, ofpacts_len, &ctx); - - /* We've let OFPP_NORMAL and the learning action look at the - * packet, so drop it now if forwarding is disabled. */ - if (in_port && !stp_forward_in_state(in_port->stp_state)) { - ctx.xout->odp_actions.size = sample_actions_len; - } - } - - if (ctx.max_resubmit_trigger && !ctx.xin->resubmit_hook) { - if (!hit_resubmit_limit) { - /* We didn't record the original flow. Make sure we do from - * now on. */ - hit_resubmit_limit = true; - } else if (!VLOG_DROP_ERR(&trace_rl)) { - struct ds ds = DS_EMPTY_INITIALIZER; - - ofproto_trace(ctx.ofproto, &orig_flow, ctx.xin->packet, &ds); - VLOG_ERR("Trace triggered by excessive resubmit " - "recursion:\n%s", ds_cstr(&ds)); - ds_destroy(&ds); - } - } - - local_odp_port = ofp_port_to_odp_port(ctx.ofproto, OFPP_LOCAL); - if (!connmgr_must_output_local(ctx.ofproto->up.connmgr, &ctx.xin->flow, - local_odp_port, - ctx.xout->odp_actions.data, - ctx.xout->odp_actions.size)) { - compose_output_action(&ctx, OFPP_LOCAL); - } - if (ctx.ofproto->has_mirrors) { - add_mirror_actions(&ctx, &orig_flow); - } - fix_sflow_action(&ctx); - } - - ofpbuf_uninit(&ctx.stack); - - /* Clear the metadata and register wildcard masks, because we won't - * use non-header fields as part of the cache. */ - memset(&ctx.xout->wc.masks.metadata, 0, - sizeof ctx.xout->wc.masks.metadata); - memset(&ctx.xout->wc.masks.regs, 0, sizeof ctx.xout->wc.masks.regs); -} - -/* Translates the 'ofpacts_len' bytes of "struct ofpact"s starting at 'ofpacts' - * into datapath actions, using 'ctx', and discards the datapath actions. */ -static void -xlate_actions_for_side_effects(struct xlate_in *xin) -{ - struct xlate_out xout; - - xlate_actions(xin, &xout); - xlate_out_uninit(&xout); -} - -static void -xlate_report(struct xlate_ctx *ctx, const char *s) -{ - if (ctx->xin->report_hook) { - ctx->xin->report_hook(ctx, s); - } -} - -static void -xlate_out_copy(struct xlate_out *dst, const struct xlate_out *src) -{ - dst->wc = src->wc; - dst->tags = src->tags; - dst->slow = src->slow; - dst->has_learn = src->has_learn; - dst->has_normal = src->has_normal; - dst->has_fin_timeout = src->has_fin_timeout; - dst->nf_output_iface = src->nf_output_iface; - dst->mirrors = src->mirrors; - - ofpbuf_use_stub(&dst->odp_actions, dst->odp_actions_stub, - sizeof dst->odp_actions_stub); - ofpbuf_put(&dst->odp_actions, src->odp_actions.data, - src->odp_actions.size); -} - -/* OFPP_NORMAL implementation. */ - -static struct ofport_dpif *ofbundle_get_a_port(const struct ofbundle *); - -/* Given 'vid', the VID obtained from the 802.1Q header that was received as - * part of a packet (specify 0 if there was no 802.1Q header), and 'in_bundle', - * the bundle on which the packet was received, returns the VLAN to which the - * packet belongs. - * - * Both 'vid' and the return value are in the range 0...4095. */ -static uint16_t -input_vid_to_vlan(const struct ofbundle *in_bundle, uint16_t vid) -{ - switch (in_bundle->vlan_mode) { - case PORT_VLAN_ACCESS: - return in_bundle->vlan; - break; - - case PORT_VLAN_TRUNK: - return vid; - - case PORT_VLAN_NATIVE_UNTAGGED: - case PORT_VLAN_NATIVE_TAGGED: - return vid ? vid : in_bundle->vlan; - - default: - NOT_REACHED(); - } -} - -/* Checks whether a packet with the given 'vid' may ingress on 'in_bundle'. - * If so, returns true. Otherwise, returns false and, if 'warn' is true, logs - * a warning. - * - * 'vid' should be the VID obtained from the 802.1Q header that was received as - * part of a packet (specify 0 if there was no 802.1Q header), in the range - * 0...4095. */ -static bool -input_vid_is_valid(uint16_t vid, struct ofbundle *in_bundle, bool warn) -{ - /* Allow any VID on the OFPP_NONE port. */ - if (in_bundle == &ofpp_none_bundle) { - return true; - } - - switch (in_bundle->vlan_mode) { - case PORT_VLAN_ACCESS: - if (vid) { - if (warn) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %"PRIu16" tagged " - "packet received on port %s configured as VLAN " - "%"PRIu16" access port", - in_bundle->ofproto->up.name, vid, - in_bundle->name, in_bundle->vlan); - } - return false; - } - return true; - - case PORT_VLAN_NATIVE_UNTAGGED: - case PORT_VLAN_NATIVE_TAGGED: - if (!vid) { - /* Port must always carry its native VLAN. */ - return true; - } - /* Fall through. */ - case PORT_VLAN_TRUNK: - if (!ofbundle_includes_vlan(in_bundle, vid)) { - if (warn) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %"PRIu16" packet " - "received on port %s not configured for trunking " - "VLAN %"PRIu16, - in_bundle->ofproto->up.name, vid, - in_bundle->name, vid); - } - return false; - } - return true; - - default: - NOT_REACHED(); - } - -} - -/* Given 'vlan', the VLAN that a packet belongs to, and - * 'out_bundle', a bundle on which the packet is to be output, returns the VID - * that should be included in the 802.1Q header. (If the return value is 0, - * then the 802.1Q header should only be included in the packet if there is a - * nonzero PCP.) - * - * Both 'vlan' and the return value are in the range 0...4095. */ -static uint16_t -output_vlan_to_vid(const struct ofbundle *out_bundle, uint16_t vlan) -{ - switch (out_bundle->vlan_mode) { - case PORT_VLAN_ACCESS: - return 0; - - case PORT_VLAN_TRUNK: - case PORT_VLAN_NATIVE_TAGGED: - return vlan; - - case PORT_VLAN_NATIVE_UNTAGGED: - return vlan == out_bundle->vlan ? 0 : vlan; - - default: - NOT_REACHED(); - } -} - -static void -output_normal(struct xlate_ctx *ctx, const struct ofbundle *out_bundle, - uint16_t vlan) -{ - struct ofport_dpif *port; - uint16_t vid; - ovs_be16 tci, old_tci; - - vid = output_vlan_to_vid(out_bundle, vlan); - if (!out_bundle->bond) { - port = ofbundle_get_a_port(out_bundle); - } else { - port = bond_choose_output_slave(out_bundle->bond, &ctx->xin->flow, - &ctx->xout->wc, vid, &ctx->xout->tags); - if (!port) { - /* No slaves enabled, so drop packet. */ - return; - } - } - - old_tci = ctx->xin->flow.vlan_tci; - tci = htons(vid); - if (tci || out_bundle->use_priority_tags) { - tci |= ctx->xin->flow.vlan_tci & htons(VLAN_PCP_MASK); - if (tci) { - tci |= htons(VLAN_CFI); - } - } - ctx->xin->flow.vlan_tci = tci; - - compose_output_action(ctx, port->up.ofp_port); - ctx->xin->flow.vlan_tci = old_tci; -} - -static int -mirror_mask_ffs(mirror_mask_t mask) -{ - BUILD_ASSERT_DECL(sizeof(unsigned int) >= sizeof(mask)); - return ffs(mask); -} - -static bool -ofbundle_trunks_vlan(const struct ofbundle *bundle, uint16_t vlan) -{ - return (bundle->vlan_mode != PORT_VLAN_ACCESS - && (!bundle->trunks || bitmap_is_set(bundle->trunks, vlan))); -} - -static bool -ofbundle_includes_vlan(const struct ofbundle *bundle, uint16_t vlan) -{ - return vlan == bundle->vlan || ofbundle_trunks_vlan(bundle, vlan); -} - -/* Returns an arbitrary interface within 'bundle'. */ -static struct ofport_dpif * -ofbundle_get_a_port(const struct ofbundle *bundle) -{ - return CONTAINER_OF(list_front(&bundle->ports), - struct ofport_dpif, bundle_node); -} - -static bool -vlan_is_mirrored(const struct ofmirror *m, int vlan) -{ - return !m->vlans || bitmap_is_set(m->vlans, vlan); -} - -static void -add_mirror_actions(struct xlate_ctx *ctx, const struct flow *orig_flow) -{ - struct ofproto_dpif *ofproto = ctx->ofproto; - mirror_mask_t mirrors; - struct ofbundle *in_bundle; - uint16_t vlan; - uint16_t vid; - const struct nlattr *a; - size_t left; - - in_bundle = lookup_input_bundle(ctx->ofproto, orig_flow->in_port, - ctx->xin->packet != NULL, NULL); - if (!in_bundle) { - return; - } - mirrors = in_bundle->src_mirrors; - - /* Drop frames on bundles reserved for mirroring. */ - if (in_bundle->mirror_out) { - if (ctx->xin->packet != NULL) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port " - "%s, which is reserved exclusively for mirroring", - ctx->ofproto->up.name, in_bundle->name); - } - return; - } - - /* Check VLAN. */ - vid = vlan_tci_to_vid(orig_flow->vlan_tci); - if (!input_vid_is_valid(vid, in_bundle, ctx->xin->packet != NULL)) { - return; - } - vlan = input_vid_to_vlan(in_bundle, vid); - - /* Look at the output ports to check for destination selections. */ - - NL_ATTR_FOR_EACH (a, left, ctx->xout->odp_actions.data, - ctx->xout->odp_actions.size) { - enum ovs_action_attr type = nl_attr_type(a); - struct ofport_dpif *ofport; - - if (type != OVS_ACTION_ATTR_OUTPUT) { - continue; - } - - ofport = get_odp_port(ofproto, nl_attr_get_u32(a)); - if (ofport && ofport->bundle) { - mirrors |= ofport->bundle->dst_mirrors; - } - } - - if (!mirrors) { - return; - } - - /* Restore the original packet before adding the mirror actions. */ - ctx->xin->flow = *orig_flow; - - while (mirrors) { - struct ofmirror *m; - - m = ofproto->mirrors[mirror_mask_ffs(mirrors) - 1]; - - if (m->vlans) { - ctx->xout->wc.masks.vlan_tci |= htons(VLAN_CFI | VLAN_VID_MASK); - } - - if (!vlan_is_mirrored(m, vlan)) { - mirrors = zero_rightmost_1bit(mirrors); - continue; - } - - mirrors &= ~m->dup_mirrors; - ctx->xout->mirrors |= m->dup_mirrors; - if (m->out) { - output_normal(ctx, m->out, vlan); - } else if (vlan != m->out_vlan - && !eth_addr_is_reserved(orig_flow->dl_dst)) { - struct ofbundle *bundle; - - HMAP_FOR_EACH (bundle, hmap_node, &ofproto->bundles) { - if (ofbundle_includes_vlan(bundle, m->out_vlan) - && !bundle->mirror_out) { - output_normal(ctx, bundle, m->out_vlan); - } - } - } - } -} - -static void -update_mirror_stats(struct ofproto_dpif *ofproto, mirror_mask_t mirrors, - uint64_t packets, uint64_t bytes) -{ - if (!mirrors) { - return; - } - - for (; mirrors; mirrors = zero_rightmost_1bit(mirrors)) { - struct ofmirror *m; - - m = ofproto->mirrors[mirror_mask_ffs(mirrors) - 1]; - - if (!m) { - /* In normal circumstances 'm' will not be NULL. However, - * if mirrors are reconfigured, we can temporarily get out - * of sync in facet_revalidate(). We could "correct" the - * mirror list before reaching here, but doing that would - * not properly account the traffic stats we've currently - * accumulated for previous mirror configuration. */ - continue; - } - - m->packet_count += packets; - m->byte_count += bytes; - } -} - -/* A VM broadcasts a gratuitous ARP to indicate that it has resumed after - * migration. Older Citrix-patched Linux DomU used gratuitous ARP replies to - * indicate this; newer upstream kernels use gratuitous ARP requests. */ -static bool -is_gratuitous_arp(const struct flow *flow, struct flow_wildcards *wc) -{ - if (flow->dl_type != htons(ETH_TYPE_ARP)) { - return false; - } - - memset(&wc->masks.dl_dst, 0xff, sizeof wc->masks.dl_dst); - if (!eth_addr_is_broadcast(flow->dl_dst)) { - return false; - } - - memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto); - if (flow->nw_proto == ARP_OP_REPLY) { - return true; - } else if (flow->nw_proto == ARP_OP_REQUEST) { - memset(&wc->masks.nw_src, 0xff, sizeof wc->masks.nw_src); - memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst); - - return flow->nw_src == flow->nw_dst; - } else { - return false; - } -} - -static void -update_learning_table(struct ofproto_dpif *ofproto, - const struct flow *flow, struct flow_wildcards *wc, - int vlan, struct ofbundle *in_bundle) -{ - struct mac_entry *mac; - - /* Don't learn the OFPP_NONE port. */ - if (in_bundle == &ofpp_none_bundle) { - return; - } - - if (!mac_learning_may_learn(ofproto->ml, flow->dl_src, vlan)) { - return; - } - - mac = mac_learning_insert(ofproto->ml, flow->dl_src, vlan); - if (is_gratuitous_arp(flow, wc)) { - /* We don't want to learn from gratuitous ARP packets that are - * reflected back over bond slaves so we lock the learning table. */ - if (!in_bundle->bond) { - mac_entry_set_grat_arp_lock(mac); - } else if (mac_entry_is_grat_arp_locked(mac)) { - return; - } - } - - if (mac_entry_is_new(mac) || mac->port.p != in_bundle) { - /* The log messages here could actually be useful in debugging, - * so keep the rate limit relatively high. */ - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, 300); - VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is " - "on port %s in VLAN %d", - ofproto->up.name, ETH_ADDR_ARGS(flow->dl_src), - in_bundle->name, vlan); - - mac->port.p = in_bundle; - tag_set_add(&ofproto->backer->revalidate_set, - mac_learning_changed(ofproto->ml, mac)); - } -} - -static struct ofbundle * -lookup_input_bundle(const struct ofproto_dpif *ofproto, uint16_t in_port, - bool warn, struct ofport_dpif **in_ofportp) -{ - struct ofport_dpif *ofport; - - /* Find the port and bundle for the received packet. */ - ofport = get_ofp_port(ofproto, in_port); - if (in_ofportp) { - *in_ofportp = ofport; - } - if (ofport && ofport->bundle) { - return ofport->bundle; - } - - /* Special-case OFPP_NONE, which a controller may use as the ingress - * port for traffic that it is sourcing. */ - if (in_port == OFPP_NONE) { - return &ofpp_none_bundle; - } - - /* Odd. A few possible reasons here: - * - * - We deleted a port but there are still a few packets queued up - * from it. - * - * - Someone externally added a port (e.g. "ovs-dpctl add-if") that - * we don't know about. - * - * - The ofproto client didn't configure the port as part of a bundle. - * This is particularly likely to happen if a packet was received on the - * port after it was created, but before the client had a chance to - * configure its bundle. - */ - if (warn) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - - VLOG_WARN_RL(&rl, "bridge %s: received packet on unknown " - "port %"PRIu16, ofproto->up.name, in_port); - } - return NULL; -} - -/* Determines whether packets in 'flow' within 'ofproto' should be forwarded or - * dropped. Returns true if they may be forwarded, false if they should be - * dropped. - * - * 'in_port' must be the ofport_dpif that corresponds to flow->in_port. - * 'in_port' must be part of a bundle (e.g. in_port->bundle must be nonnull). - * - * 'vlan' must be the VLAN that corresponds to flow->vlan_tci on 'in_port', as - * returned by input_vid_to_vlan(). It must be a valid VLAN for 'in_port', as - * checked by input_vid_is_valid(). - * - * May also add tags to '*tags', although the current implementation only does - * so in one special case. - */ -static bool -is_admissible(struct xlate_ctx *ctx, struct ofport_dpif *in_port, - uint16_t vlan) -{ - struct ofproto_dpif *ofproto = ctx->ofproto; - struct flow *flow = &ctx->xin->flow; - struct ofbundle *in_bundle = in_port->bundle; - - /* Drop frames for reserved multicast addresses - * only if forward_bpdu option is absent. */ - if (!ofproto->up.forward_bpdu && eth_addr_is_reserved(flow->dl_dst)) { - xlate_report(ctx, "packet has reserved destination MAC, dropping"); - return false; - } - - if (in_bundle->bond) { - struct mac_entry *mac; - - switch (bond_check_admissibility(in_bundle->bond, in_port, - flow->dl_dst, &ctx->xout->tags)) { - case BV_ACCEPT: - break; - - case BV_DROP: - xlate_report(ctx, "bonding refused admissibility, dropping"); - return false; - - case BV_DROP_IF_MOVED: - mac = mac_learning_lookup(ofproto->ml, flow->dl_src, vlan, NULL); - if (mac && mac->port.p != in_bundle && - (!is_gratuitous_arp(flow, &ctx->xout->wc) - || mac_entry_is_grat_arp_locked(mac))) { - xlate_report(ctx, "SLB bond thinks this packet looped back, " - "dropping"); - return false; - } - break; - } - } - - return true; -} - -static void -xlate_normal(struct xlate_ctx *ctx) -{ - struct ofport_dpif *in_port; - struct ofbundle *in_bundle; - struct mac_entry *mac; - uint16_t vlan; - uint16_t vid; - - ctx->xout->has_normal = true; - - /* Check the dl_type, since we may check for gratuituous ARP. */ - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - - memset(&ctx->xout->wc.masks.dl_src, 0xff, - sizeof ctx->xout->wc.masks.dl_src); - memset(&ctx->xout->wc.masks.dl_dst, 0xff, - sizeof ctx->xout->wc.masks.dl_dst); - memset(&ctx->xout->wc.masks.vlan_tci, 0xff, - sizeof ctx->xout->wc.masks.vlan_tci); - - in_bundle = lookup_input_bundle(ctx->ofproto, ctx->xin->flow.in_port, - ctx->xin->packet != NULL, &in_port); - if (!in_bundle) { - xlate_report(ctx, "no input bundle, dropping"); - return; - } - - /* Drop malformed frames. */ - if (ctx->xin->flow.dl_type == htons(ETH_TYPE_VLAN) && - !(ctx->xin->flow.vlan_tci & htons(VLAN_CFI))) { - if (ctx->xin->packet != NULL) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping packet with partial " - "VLAN tag received on port %s", - ctx->ofproto->up.name, in_bundle->name); - } - xlate_report(ctx, "partial VLAN tag, dropping"); - return; - } - - /* Drop frames on bundles reserved for mirroring. */ - if (in_bundle->mirror_out) { - if (ctx->xin->packet != NULL) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port " - "%s, which is reserved exclusively for mirroring", - ctx->ofproto->up.name, in_bundle->name); - } - xlate_report(ctx, "input port is mirror output port, dropping"); - return; - } - - /* Check VLAN. */ - vid = vlan_tci_to_vid(ctx->xin->flow.vlan_tci); - if (!input_vid_is_valid(vid, in_bundle, ctx->xin->packet != NULL)) { - xlate_report(ctx, "disallowed VLAN VID for this input port, dropping"); - return; - } - vlan = input_vid_to_vlan(in_bundle, vid); - - /* Check other admissibility requirements. */ - if (in_port && !is_admissible(ctx, in_port, vlan)) { - return; - } - - /* Learn source MAC. */ - if (ctx->xin->may_learn) { - update_learning_table(ctx->ofproto, &ctx->xin->flow, &ctx->xout->wc, - vlan, in_bundle); - } - - /* Determine output bundle. */ - mac = mac_learning_lookup(ctx->ofproto->ml, ctx->xin->flow.dl_dst, vlan, - &ctx->xout->tags); - if (mac) { - if (mac->port.p != in_bundle) { - xlate_report(ctx, "forwarding to learned port"); - output_normal(ctx, mac->port.p, vlan); - } else { - xlate_report(ctx, "learned port is input port, dropping"); - } - } else { - struct ofbundle *bundle; - - xlate_report(ctx, "no learned MAC for destination, flooding"); - HMAP_FOR_EACH (bundle, hmap_node, &ctx->ofproto->bundles) { - if (bundle != in_bundle - && ofbundle_includes_vlan(bundle, vlan) - && bundle->floodable - && !bundle->mirror_out) { - output_normal(ctx, bundle, vlan); - } - } - ctx->xout->nf_output_iface = NF_OUT_FLOOD; - } -} - -/* Optimized flow revalidation. - * - * It's a difficult problem, in general, to tell which facets need to have - * their actions recalculated whenever the OpenFlow flow table changes. We - * don't try to solve that general problem: for most kinds of OpenFlow flow - * table changes, we recalculate the actions for every facet. This is - * relatively expensive, but it's good enough if the OpenFlow flow table - * doesn't change very often. - * - * However, we can expect one particular kind of OpenFlow flow table change to - * happen frequently: changes caused by MAC learning. To avoid wasting a lot - * of CPU on revalidating every facet whenever MAC learning modifies the flow - * table, we add a special case that applies to flow tables in which every rule - * has the same form (that is, the same wildcards), except that the table is - * also allowed to have a single "catch-all" flow that matches all packets. We - * optimize this case by tagging all of the facets that resubmit into the table - * and invalidating the same tag whenever a flow changes in that table. The - * end result is that we revalidate just the facets that need it (and sometimes - * a few more, but not all of the facets or even all of the facets that - * resubmit to the table modified by MAC learning). */ - -/* Calculates the tag to use for 'flow' and mask 'mask' when it is inserted - * into an OpenFlow table with the given 'basis'. */ -static tag_type -rule_calculate_tag(const struct flow *flow, const struct minimask *mask, - uint32_t secret) -{ - if (minimask_is_catchall(mask)) { - return 0; - } else { - uint32_t hash = flow_hash_in_minimask(flow, mask, secret); - return tag_create_deterministic(hash); - } -} - -/* Following a change to OpenFlow table 'table_id' in 'ofproto', update the - * taggability of that table. - * - * This function must be called after *each* change to a flow table. If you - * skip calling it on some changes then the pointer comparisons at the end can - * be invalid if you get unlucky. For example, if a flow removal causes a - * cls_table to be destroyed and then a flow insertion causes a cls_table with - * different wildcards to be created with the same address, then this function - * will incorrectly skip revalidation. */ -static void -table_update_taggable(struct ofproto_dpif *ofproto, uint8_t table_id) -{ - struct table_dpif *table = &ofproto->tables[table_id]; - const struct oftable *oftable = &ofproto->up.tables[table_id]; - struct cls_table *catchall, *other; - struct cls_table *t; - - catchall = other = NULL; - - switch (hmap_count(&oftable->cls.tables)) { - case 0: - /* We could tag this OpenFlow table but it would make the logic a - * little harder and it's a corner case that doesn't seem worth it - * yet. */ - break; - - case 1: - case 2: - HMAP_FOR_EACH (t, hmap_node, &oftable->cls.tables) { - if (cls_table_is_catchall(t)) { - catchall = t; - } else if (!other) { - other = t; - } else { - /* Indicate that we can't tag this by setting both tables to - * NULL. (We know that 'catchall' is already NULL.) */ - other = NULL; - } - } - break; - - default: - /* Can't tag this table. */ - break; - } - - if (table->catchall_table != catchall || table->other_table != other) { - table->catchall_table = catchall; - table->other_table = other; - ofproto->backer->need_revalidate = REV_FLOW_TABLE; - } -} - -/* Given 'rule' that has changed in some way (either it is a rule being - * inserted, a rule being deleted, or a rule whose actions are being - * modified), marks facets for revalidation to ensure that packets will be - * forwarded correctly according to the new state of the flow table. - * - * This function must be called after *each* change to a flow table. See - * the comment on table_update_taggable() for more information. */ -static void -rule_invalidate(const struct rule_dpif *rule) -{ - struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); - - table_update_taggable(ofproto, rule->up.table_id); - - if (!ofproto->backer->need_revalidate) { - struct table_dpif *table = &ofproto->tables[rule->up.table_id]; - - if (table->other_table && rule->tag) { - tag_set_add(&ofproto->backer->revalidate_set, rule->tag); - } else { - ofproto->backer->need_revalidate = REV_FLOW_TABLE; - } - } -} - -static bool -set_frag_handling(struct ofproto *ofproto_, - enum ofp_config_flags frag_handling) -{ - struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); - if (frag_handling != OFPC_FRAG_REASM) { - ofproto->backer->need_revalidate = REV_RECONFIGURE; - return true; - } else { - return false; - } + struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); + if (frag_handling != OFPC_FRAG_REASM) { + ofproto->backer->need_revalidate = REV_RECONFIGURE; + return true; + } else { + return false; + } } static enum ofperr @@ -8042,8 +5739,7 @@ struct trace_ctx { }; static void -trace_format_rule(struct ds *result, uint8_t table_id, int level, - const struct rule_dpif *rule) +trace_format_rule(struct ds *result, int level, const struct rule_dpif *rule) { ds_put_char_multiple(result, '\t', level); if (!rule) { @@ -8052,7 +5748,7 @@ trace_format_rule(struct ds *result, uint8_t table_id, int level, } ds_put_format(result, "Rule: table=%"PRIu8" cookie=%#"PRIx64" ", - table_id, ntohll(rule->up.flow_cookie)); + rule ? rule->up.table_id : 0, ntohll(rule->up.flow_cookie)); cls_rule_format(&rule->up.cr, result); ds_put_char(result, '\n'); @@ -8104,25 +5800,25 @@ trace_format_odp(struct ds *result, int level, const char *title, } static void -trace_resubmit(struct xlate_ctx *ctx, struct rule_dpif *rule) +trace_resubmit(struct xlate_in *xin, struct rule_dpif *rule, int recurse) { - struct trace_ctx *trace = CONTAINER_OF(ctx->xin, struct trace_ctx, xin); + struct trace_ctx *trace = CONTAINER_OF(xin, struct trace_ctx, xin); struct ds *result = trace->result; ds_put_char(result, '\n'); - trace_format_flow(result, ctx->recurse + 1, "Resubmitted flow", trace); - trace_format_regs(result, ctx->recurse + 1, "Resubmitted regs", trace); - trace_format_odp(result, ctx->recurse + 1, "Resubmitted odp", trace); - trace_format_rule(result, ctx->table_id, ctx->recurse + 1, rule); + trace_format_flow(result, recurse + 1, "Resubmitted flow", trace); + trace_format_regs(result, recurse + 1, "Resubmitted regs", trace); + trace_format_odp(result, recurse + 1, "Resubmitted odp", trace); + trace_format_rule(result, recurse + 1, rule); } static void -trace_report(struct xlate_ctx *ctx, const char *s) +trace_report(struct xlate_in *xin, const char *s, int recurse) { - struct trace_ctx *trace = CONTAINER_OF(ctx->xin, struct trace_ctx, xin); + struct trace_ctx *trace = CONTAINER_OF(xin, struct trace_ctx, xin); struct ds *result = trace->result; - ds_put_char_multiple(result, '\t', ctx->recurse); + ds_put_char_multiple(result, '\t', recurse); ds_put_cstr(result, s); ds_put_char(result, '\n'); } @@ -8242,7 +5938,7 @@ exit: ofpbuf_uninit(&odp_key); } -static void +void ofproto_trace(struct ofproto_dpif *ofproto, const struct flow *flow, const struct ofpbuf *packet, struct ds *ds) { @@ -8254,7 +5950,7 @@ ofproto_trace(struct ofproto_dpif *ofproto, const struct flow *flow, rule = rule_dpif_lookup(ofproto, flow, NULL); - trace_format_rule(ds, 0, 0, rule); + trace_format_rule(ds, 0, rule); if (rule == ofproto->miss_rule) { ds_put_cstr(ds, "\nNo match, flow generates \"packet in\"s.\n"); } else if (rule == ofproto->no_packet_in_rule) { @@ -8771,7 +6467,7 @@ hash_realdev_vid(uint16_t realdev_ofp_port, int vid) * * Unless VLAN splinters are enabled for port 'realdev_ofp_port', this * function just returns its 'realdev_ofp_port' argument. */ -static uint16_t +uint16_t vsp_realdev_to_vlandev(const struct ofproto_dpif *ofproto, uint16_t realdev_ofp_port, ovs_be16 vlan_tci) { @@ -8900,7 +6596,7 @@ vsp_add(struct ofport_dpif *port, uint16_t realdev_ofp_port, int vid) } } -static uint32_t +uint32_t ofp_port_to_odp_port(const struct ofproto_dpif *ofproto, uint16_t ofp_port) { const struct ofport_dpif *ofport = get_ofp_port(ofproto, ofp_port);