From 9583bc14430acc0578c1d00a78143c01d9cf7bee Mon Sep 17 00:00:00 2001 From: Ethan Jackson Date: Tue, 11 Jun 2013 13:32:30 -0700 Subject: [PATCH] ofproto-dpif: Pull xlate_actions() into its own file. Ideally, this patch would move xlate_actions() into it's own module with a clearly defined regular interface which is minimally dependent on ofproto-dpif. While, I've done this in a prototype, moving large amounts of code into a new file while simultaneously changing the logic and keeping up with changes to master has proved nearly impossible. This patch takes a different approach. It simply copies the logic directly from ofproto-dpif with no changes. Once this is in, future patches can begin breaking the ties between ofproto-dpif-xlate and ofproto-dpif proper. Signed-off-by: Ethan Jackson --- ofproto/automake.mk | 3 + ofproto/ofproto-dpif-xlate.c | 1996 +++++++++++++++++++++++++ ofproto/ofproto-dpif-xlate.h | 152 ++ ofproto/ofproto-dpif.c | 2676 ++-------------------------------- ofproto/ofproto-dpif.h | 351 +++++ 5 files changed, 2639 insertions(+), 2539 deletions(-) create mode 100644 ofproto/ofproto-dpif-xlate.c create mode 100644 ofproto/ofproto-dpif-xlate.h create mode 100644 ofproto/ofproto-dpif.h diff --git a/ofproto/automake.mk b/ofproto/automake.mk index e4ea41d01..b4d087688 100644 --- a/ofproto/automake.mk +++ b/ofproto/automake.mk @@ -21,12 +21,15 @@ ofproto_libofproto_a_SOURCES = \ ofproto/ofproto.c \ ofproto/ofproto.h \ ofproto/ofproto-dpif.c \ + ofproto/ofproto-dpif.h \ ofproto/ofproto-dpif-governor.c \ ofproto/ofproto-dpif-governor.h \ ofproto/ofproto-dpif-ipfix.c \ ofproto/ofproto-dpif-ipfix.h \ ofproto/ofproto-dpif-sflow.c \ ofproto/ofproto-dpif-sflow.h \ + ofproto/ofproto-dpif-xlate.c \ + ofproto/ofproto-dpif-xlate.h \ ofproto/ofproto-provider.h \ ofproto/pktbuf.c \ ofproto/pktbuf.h \ diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c new file mode 100644 index 000000000..ca650805a --- /dev/null +++ b/ofproto/ofproto-dpif-xlate.c @@ -0,0 +1,1996 @@ +/* Copyright (c) 2009, 2010, 2011, 2012, 2013 Nicira, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ + +#include + +#include "ofproto/ofproto-dpif-xlate.h" + +#include "bitmap.h" +#include "bond.h" +#include "bundle.h" +#include "byte-order.h" +#include "connmgr.h" +#include "coverage.h" +#include "dpif.h" +#include "dynamic-string.h" +#include "learn.h" +#include "mac-learning.h" +#include "meta-flow.h" +#include "multipath.h" +#include "netdev-vport.h" +#include "netlink.h" +#include "nx-match.h" +#include "odp-execute.h" +#include "ofp-actions.h" +#include "ofproto/ofproto-dpif-ipfix.h" +#include "ofproto/ofproto-dpif-sflow.h" +#include "ofproto/ofproto-dpif.h" +#include "tunnel.h" +#include "vlog.h" + +COVERAGE_DEFINE(ofproto_dpif_xlate); + +VLOG_DEFINE_THIS_MODULE(ofproto_dpif_xlate); + +/* A controller may use OFPP_NONE as the ingress port to indicate that + * it did not arrive on a "real" port. 'ofpp_none_bundle' exists for + * when an input bundle is needed for validation (e.g., mirroring or + * OFPP_NORMAL processing). It is not connected to an 'ofproto' or have + * any 'port' structs, so care must be taken when dealing with it. */ +static struct ofbundle ofpp_none_bundle = { + .name = "OFPP_NONE", + .vlan_mode = PORT_VLAN_TRUNK +}; + +static bool may_receive(const struct ofport_dpif *, struct xlate_ctx *); +static void do_xlate_actions(const struct ofpact *, size_t ofpacts_len, + struct xlate_ctx *); +static void xlate_normal(struct xlate_ctx *); +static void xlate_report(struct xlate_ctx *, const char *); +static void xlate_table_action(struct xlate_ctx *, uint16_t in_port, + uint8_t table_id, bool may_packet_in); +static bool input_vid_is_valid(uint16_t vid, struct ofbundle *, bool warn); +static uint16_t input_vid_to_vlan(const struct ofbundle *, uint16_t vid); +static void output_normal(struct xlate_ctx *, const struct ofbundle *, + uint16_t vlan); +static void compose_output_action(struct xlate_ctx *, uint16_t ofp_port); + +static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); + +static bool +ofbundle_trunks_vlan(const struct ofbundle *bundle, uint16_t vlan) +{ + return (bundle->vlan_mode != PORT_VLAN_ACCESS + && (!bundle->trunks || bitmap_is_set(bundle->trunks, vlan))); +} + +static bool +ofbundle_includes_vlan(const struct ofbundle *bundle, uint16_t vlan) +{ + return vlan == bundle->vlan || ofbundle_trunks_vlan(bundle, vlan); +} + +static bool +vlan_is_mirrored(const struct ofmirror *m, int vlan) +{ + return !m->vlans || bitmap_is_set(m->vlans, vlan); +} + +static struct ofbundle * +lookup_input_bundle(const struct ofproto_dpif *ofproto, uint16_t in_port, + bool warn, struct ofport_dpif **in_ofportp) +{ + struct ofport_dpif *ofport; + + /* Find the port and bundle for the received packet. */ + ofport = get_ofp_port(ofproto, in_port); + if (in_ofportp) { + *in_ofportp = ofport; + } + if (ofport && ofport->bundle) { + return ofport->bundle; + } + + /* Special-case OFPP_NONE, which a controller may use as the ingress + * port for traffic that it is sourcing. */ + if (in_port == OFPP_NONE) { + return &ofpp_none_bundle; + } + + /* Odd. A few possible reasons here: + * + * - We deleted a port but there are still a few packets queued up + * from it. + * + * - Someone externally added a port (e.g. "ovs-dpctl add-if") that + * we don't know about. + * + * - The ofproto client didn't configure the port as part of a bundle. + * This is particularly likely to happen if a packet was received on the + * port after it was created, but before the client had a chance to + * configure its bundle. + */ + if (warn) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); + + VLOG_WARN_RL(&rl, "bridge %s: received packet on unknown " + "port %"PRIu16, ofproto->up.name, in_port); + } + return NULL; +} + +static void +add_mirror_actions(struct xlate_ctx *ctx, const struct flow *orig_flow) +{ + struct ofproto_dpif *ofproto = ctx->ofproto; + mirror_mask_t mirrors; + struct ofbundle *in_bundle; + uint16_t vlan; + uint16_t vid; + const struct nlattr *a; + size_t left; + + in_bundle = lookup_input_bundle(ctx->ofproto, orig_flow->in_port, + ctx->xin->packet != NULL, NULL); + if (!in_bundle) { + return; + } + mirrors = in_bundle->src_mirrors; + + /* Drop frames on bundles reserved for mirroring. */ + if (in_bundle->mirror_out) { + if (ctx->xin->packet != NULL) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); + VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port " + "%s, which is reserved exclusively for mirroring", + ctx->ofproto->up.name, in_bundle->name); + } + return; + } + + /* Check VLAN. */ + vid = vlan_tci_to_vid(orig_flow->vlan_tci); + if (!input_vid_is_valid(vid, in_bundle, ctx->xin->packet != NULL)) { + return; + } + vlan = input_vid_to_vlan(in_bundle, vid); + + /* Look at the output ports to check for destination selections. */ + + NL_ATTR_FOR_EACH (a, left, ctx->xout->odp_actions.data, + ctx->xout->odp_actions.size) { + enum ovs_action_attr type = nl_attr_type(a); + struct ofport_dpif *ofport; + + if (type != OVS_ACTION_ATTR_OUTPUT) { + continue; + } + + ofport = get_odp_port(ofproto, nl_attr_get_u32(a)); + if (ofport && ofport->bundle) { + mirrors |= ofport->bundle->dst_mirrors; + } + } + + if (!mirrors) { + return; + } + + /* Restore the original packet before adding the mirror actions. */ + ctx->xin->flow = *orig_flow; + + while (mirrors) { + struct ofmirror *m; + + m = ofproto->mirrors[mirror_mask_ffs(mirrors) - 1]; + + if (m->vlans) { + ctx->xout->wc.masks.vlan_tci |= htons(VLAN_CFI | VLAN_VID_MASK); + } + + if (!vlan_is_mirrored(m, vlan)) { + mirrors = zero_rightmost_1bit(mirrors); + continue; + } + + mirrors &= ~m->dup_mirrors; + ctx->xout->mirrors |= m->dup_mirrors; + if (m->out) { + output_normal(ctx, m->out, vlan); + } else if (vlan != m->out_vlan + && !eth_addr_is_reserved(orig_flow->dl_dst)) { + struct ofbundle *bundle; + + HMAP_FOR_EACH (bundle, hmap_node, &ofproto->bundles) { + if (ofbundle_includes_vlan(bundle, m->out_vlan) + && !bundle->mirror_out) { + output_normal(ctx, bundle, m->out_vlan); + } + } + } + } +} + +/* Given 'vid', the VID obtained from the 802.1Q header that was received as + * part of a packet (specify 0 if there was no 802.1Q header), and 'in_bundle', + * the bundle on which the packet was received, returns the VLAN to which the + * packet belongs. + * + * Both 'vid' and the return value are in the range 0...4095. */ +static uint16_t +input_vid_to_vlan(const struct ofbundle *in_bundle, uint16_t vid) +{ + switch (in_bundle->vlan_mode) { + case PORT_VLAN_ACCESS: + return in_bundle->vlan; + break; + + case PORT_VLAN_TRUNK: + return vid; + + case PORT_VLAN_NATIVE_UNTAGGED: + case PORT_VLAN_NATIVE_TAGGED: + return vid ? vid : in_bundle->vlan; + + default: + NOT_REACHED(); + } +} + +/* Checks whether a packet with the given 'vid' may ingress on 'in_bundle'. + * If so, returns true. Otherwise, returns false and, if 'warn' is true, logs + * a warning. + * + * 'vid' should be the VID obtained from the 802.1Q header that was received as + * part of a packet (specify 0 if there was no 802.1Q header), in the range + * 0...4095. */ +static bool +input_vid_is_valid(uint16_t vid, struct ofbundle *in_bundle, bool warn) +{ + /* Allow any VID on the OFPP_NONE port. */ + if (in_bundle == &ofpp_none_bundle) { + return true; + } + + switch (in_bundle->vlan_mode) { + case PORT_VLAN_ACCESS: + if (vid) { + if (warn) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); + VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %"PRIu16" tagged " + "packet received on port %s configured as VLAN " + "%"PRIu16" access port", + in_bundle->ofproto->up.name, vid, + in_bundle->name, in_bundle->vlan); + } + return false; + } + return true; + + case PORT_VLAN_NATIVE_UNTAGGED: + case PORT_VLAN_NATIVE_TAGGED: + if (!vid) { + /* Port must always carry its native VLAN. */ + return true; + } + /* Fall through. */ + case PORT_VLAN_TRUNK: + if (!ofbundle_includes_vlan(in_bundle, vid)) { + if (warn) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); + VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %"PRIu16" packet " + "received on port %s not configured for trunking " + "VLAN %"PRIu16, + in_bundle->ofproto->up.name, vid, + in_bundle->name, vid); + } + return false; + } + return true; + + default: + NOT_REACHED(); + } + +} + +/* Given 'vlan', the VLAN that a packet belongs to, and + * 'out_bundle', a bundle on which the packet is to be output, returns the VID + * that should be included in the 802.1Q header. (If the return value is 0, + * then the 802.1Q header should only be included in the packet if there is a + * nonzero PCP.) + * + * Both 'vlan' and the return value are in the range 0...4095. */ +static uint16_t +output_vlan_to_vid(const struct ofbundle *out_bundle, uint16_t vlan) +{ + switch (out_bundle->vlan_mode) { + case PORT_VLAN_ACCESS: + return 0; + + case PORT_VLAN_TRUNK: + case PORT_VLAN_NATIVE_TAGGED: + return vlan; + + case PORT_VLAN_NATIVE_UNTAGGED: + return vlan == out_bundle->vlan ? 0 : vlan; + + default: + NOT_REACHED(); + } +} + +static void +output_normal(struct xlate_ctx *ctx, const struct ofbundle *out_bundle, + uint16_t vlan) +{ + struct ofport_dpif *port; + uint16_t vid; + ovs_be16 tci, old_tci; + + vid = output_vlan_to_vid(out_bundle, vlan); + if (!out_bundle->bond) { + port = ofbundle_get_a_port(out_bundle); + } else { + port = bond_choose_output_slave(out_bundle->bond, &ctx->xin->flow, + &ctx->xout->wc, vid, &ctx->xout->tags); + if (!port) { + /* No slaves enabled, so drop packet. */ + return; + } + } + + old_tci = ctx->xin->flow.vlan_tci; + tci = htons(vid); + if (tci || out_bundle->use_priority_tags) { + tci |= ctx->xin->flow.vlan_tci & htons(VLAN_PCP_MASK); + if (tci) { + tci |= htons(VLAN_CFI); + } + } + ctx->xin->flow.vlan_tci = tci; + + compose_output_action(ctx, port->up.ofp_port); + ctx->xin->flow.vlan_tci = old_tci; +} + +/* A VM broadcasts a gratuitous ARP to indicate that it has resumed after + * migration. Older Citrix-patched Linux DomU used gratuitous ARP replies to + * indicate this; newer upstream kernels use gratuitous ARP requests. */ +static bool +is_gratuitous_arp(const struct flow *flow, struct flow_wildcards *wc) +{ + if (flow->dl_type != htons(ETH_TYPE_ARP)) { + return false; + } + + memset(&wc->masks.dl_dst, 0xff, sizeof wc->masks.dl_dst); + if (!eth_addr_is_broadcast(flow->dl_dst)) { + return false; + } + + memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto); + if (flow->nw_proto == ARP_OP_REPLY) { + return true; + } else if (flow->nw_proto == ARP_OP_REQUEST) { + memset(&wc->masks.nw_src, 0xff, sizeof wc->masks.nw_src); + memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst); + + return flow->nw_src == flow->nw_dst; + } else { + return false; + } +} + +static void +update_learning_table(struct ofproto_dpif *ofproto, + const struct flow *flow, struct flow_wildcards *wc, + int vlan, struct ofbundle *in_bundle) +{ + struct mac_entry *mac; + + /* Don't learn the OFPP_NONE port. */ + if (in_bundle == &ofpp_none_bundle) { + return; + } + + if (!mac_learning_may_learn(ofproto->ml, flow->dl_src, vlan)) { + return; + } + + mac = mac_learning_insert(ofproto->ml, flow->dl_src, vlan); + if (is_gratuitous_arp(flow, wc)) { + /* We don't want to learn from gratuitous ARP packets that are + * reflected back over bond slaves so we lock the learning table. */ + if (!in_bundle->bond) { + mac_entry_set_grat_arp_lock(mac); + } else if (mac_entry_is_grat_arp_locked(mac)) { + return; + } + } + + if (mac_entry_is_new(mac) || mac->port.p != in_bundle) { + /* The log messages here could actually be useful in debugging, + * so keep the rate limit relatively high. */ + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, 300); + VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is " + "on port %s in VLAN %d", + ofproto->up.name, ETH_ADDR_ARGS(flow->dl_src), + in_bundle->name, vlan); + + mac->port.p = in_bundle; + tag_set_add(&ofproto->backer->revalidate_set, + mac_learning_changed(ofproto->ml, mac)); + } +} + +/* Determines whether packets in 'flow' within 'ofproto' should be forwarded or + * dropped. Returns true if they may be forwarded, false if they should be + * dropped. + * + * 'in_port' must be the ofport_dpif that corresponds to flow->in_port. + * 'in_port' must be part of a bundle (e.g. in_port->bundle must be nonnull). + * + * 'vlan' must be the VLAN that corresponds to flow->vlan_tci on 'in_port', as + * returned by input_vid_to_vlan(). It must be a valid VLAN for 'in_port', as + * checked by input_vid_is_valid(). + * + * May also add tags to '*tags', although the current implementation only does + * so in one special case. + */ +static bool +is_admissible(struct xlate_ctx *ctx, struct ofport_dpif *in_port, + uint16_t vlan) +{ + struct ofproto_dpif *ofproto = ctx->ofproto; + struct flow *flow = &ctx->xin->flow; + struct ofbundle *in_bundle = in_port->bundle; + + /* Drop frames for reserved multicast addresses + * only if forward_bpdu option is absent. */ + if (!ofproto->up.forward_bpdu && eth_addr_is_reserved(flow->dl_dst)) { + xlate_report(ctx, "packet has reserved destination MAC, dropping"); + return false; + } + + if (in_bundle->bond) { + struct mac_entry *mac; + + switch (bond_check_admissibility(in_bundle->bond, in_port, + flow->dl_dst, &ctx->xout->tags)) { + case BV_ACCEPT: + break; + + case BV_DROP: + xlate_report(ctx, "bonding refused admissibility, dropping"); + return false; + + case BV_DROP_IF_MOVED: + mac = mac_learning_lookup(ofproto->ml, flow->dl_src, vlan, NULL); + if (mac && mac->port.p != in_bundle && + (!is_gratuitous_arp(flow, &ctx->xout->wc) + || mac_entry_is_grat_arp_locked(mac))) { + xlate_report(ctx, "SLB bond thinks this packet looped back, " + "dropping"); + return false; + } + break; + } + } + + return true; +} + +static void +xlate_normal(struct xlate_ctx *ctx) +{ + struct ofport_dpif *in_port; + struct ofbundle *in_bundle; + struct mac_entry *mac; + uint16_t vlan; + uint16_t vid; + + ctx->xout->has_normal = true; + + /* Check the dl_type, since we may check for gratuituous ARP. */ + memset(&ctx->xout->wc.masks.dl_type, 0xff, + sizeof ctx->xout->wc.masks.dl_type); + + memset(&ctx->xout->wc.masks.dl_src, 0xff, + sizeof ctx->xout->wc.masks.dl_src); + memset(&ctx->xout->wc.masks.dl_dst, 0xff, + sizeof ctx->xout->wc.masks.dl_dst); + memset(&ctx->xout->wc.masks.vlan_tci, 0xff, + sizeof ctx->xout->wc.masks.vlan_tci); + + in_bundle = lookup_input_bundle(ctx->ofproto, ctx->xin->flow.in_port, + ctx->xin->packet != NULL, &in_port); + if (!in_bundle) { + xlate_report(ctx, "no input bundle, dropping"); + return; + } + + /* Drop malformed frames. */ + if (ctx->xin->flow.dl_type == htons(ETH_TYPE_VLAN) && + !(ctx->xin->flow.vlan_tci & htons(VLAN_CFI))) { + if (ctx->xin->packet != NULL) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); + VLOG_WARN_RL(&rl, "bridge %s: dropping packet with partial " + "VLAN tag received on port %s", + ctx->ofproto->up.name, in_bundle->name); + } + xlate_report(ctx, "partial VLAN tag, dropping"); + return; + } + + /* Drop frames on bundles reserved for mirroring. */ + if (in_bundle->mirror_out) { + if (ctx->xin->packet != NULL) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); + VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port " + "%s, which is reserved exclusively for mirroring", + ctx->ofproto->up.name, in_bundle->name); + } + xlate_report(ctx, "input port is mirror output port, dropping"); + return; + } + + /* Check VLAN. */ + vid = vlan_tci_to_vid(ctx->xin->flow.vlan_tci); + if (!input_vid_is_valid(vid, in_bundle, ctx->xin->packet != NULL)) { + xlate_report(ctx, "disallowed VLAN VID for this input port, dropping"); + return; + } + vlan = input_vid_to_vlan(in_bundle, vid); + + /* Check other admissibility requirements. */ + if (in_port && !is_admissible(ctx, in_port, vlan)) { + return; + } + + /* Learn source MAC. */ + if (ctx->xin->may_learn) { + update_learning_table(ctx->ofproto, &ctx->xin->flow, &ctx->xout->wc, + vlan, in_bundle); + } + + /* Determine output bundle. */ + mac = mac_learning_lookup(ctx->ofproto->ml, ctx->xin->flow.dl_dst, vlan, + &ctx->xout->tags); + if (mac) { + if (mac->port.p != in_bundle) { + xlate_report(ctx, "forwarding to learned port"); + output_normal(ctx, mac->port.p, vlan); + } else { + xlate_report(ctx, "learned port is input port, dropping"); + } + } else { + struct ofbundle *bundle; + + xlate_report(ctx, "no learned MAC for destination, flooding"); + HMAP_FOR_EACH (bundle, hmap_node, &ctx->ofproto->bundles) { + if (bundle != in_bundle + && ofbundle_includes_vlan(bundle, vlan) + && bundle->floodable + && !bundle->mirror_out) { + output_normal(ctx, bundle, vlan); + } + } + ctx->xout->nf_output_iface = NF_OUT_FLOOD; + } +} + +/* Compose SAMPLE action for sFlow or IPFIX. The given probability is + * the number of packets out of UINT32_MAX to sample. The given + * cookie is passed back in the callback for each sampled packet. + */ +static size_t +compose_sample_action(const struct ofproto_dpif *ofproto, + struct ofpbuf *odp_actions, + const struct flow *flow, + const uint32_t probability, + const union user_action_cookie *cookie, + const size_t cookie_size) +{ + size_t sample_offset, actions_offset; + int cookie_offset; + + sample_offset = nl_msg_start_nested(odp_actions, OVS_ACTION_ATTR_SAMPLE); + + nl_msg_put_u32(odp_actions, OVS_SAMPLE_ATTR_PROBABILITY, probability); + + actions_offset = nl_msg_start_nested(odp_actions, OVS_SAMPLE_ATTR_ACTIONS); + cookie_offset = put_userspace_action(ofproto, odp_actions, flow, cookie, + cookie_size); + + nl_msg_end_nested(odp_actions, actions_offset); + nl_msg_end_nested(odp_actions, sample_offset); + return cookie_offset; +} + +static void +compose_sflow_cookie(const struct ofproto_dpif *ofproto, + ovs_be16 vlan_tci, uint32_t odp_port, + unsigned int n_outputs, union user_action_cookie *cookie) +{ + int ifindex; + + cookie->type = USER_ACTION_COOKIE_SFLOW; + cookie->sflow.vlan_tci = vlan_tci; + + /* See http://www.sflow.org/sflow_version_5.txt (search for "Input/output + * port information") for the interpretation of cookie->output. */ + switch (n_outputs) { + case 0: + /* 0x40000000 | 256 means "packet dropped for unknown reason". */ + cookie->sflow.output = 0x40000000 | 256; + break; + + case 1: + ifindex = dpif_sflow_odp_port_to_ifindex(ofproto->sflow, odp_port); + if (ifindex) { + cookie->sflow.output = ifindex; + break; + } + /* Fall through. */ + default: + /* 0x80000000 means "multiple output ports. */ + cookie->sflow.output = 0x80000000 | n_outputs; + break; + } +} + +/* Compose SAMPLE action for sFlow bridge sampling. */ +static size_t +compose_sflow_action(const struct ofproto_dpif *ofproto, + struct ofpbuf *odp_actions, + const struct flow *flow, + uint32_t odp_port) +{ + uint32_t probability; + union user_action_cookie cookie; + + if (!ofproto->sflow || flow->in_port == OFPP_NONE) { + return 0; + } + + probability = dpif_sflow_get_probability(ofproto->sflow); + compose_sflow_cookie(ofproto, htons(0), odp_port, + odp_port == OVSP_NONE ? 0 : 1, &cookie); + + return compose_sample_action(ofproto, odp_actions, flow, probability, + &cookie, sizeof cookie.sflow); +} + +static void +compose_flow_sample_cookie(uint16_t probability, uint32_t collector_set_id, + uint32_t obs_domain_id, uint32_t obs_point_id, + union user_action_cookie *cookie) +{ + cookie->type = USER_ACTION_COOKIE_FLOW_SAMPLE; + cookie->flow_sample.probability = probability; + cookie->flow_sample.collector_set_id = collector_set_id; + cookie->flow_sample.obs_domain_id = obs_domain_id; + cookie->flow_sample.obs_point_id = obs_point_id; +} + +static void +compose_ipfix_cookie(union user_action_cookie *cookie) +{ + cookie->type = USER_ACTION_COOKIE_IPFIX; +} + +/* Compose SAMPLE action for IPFIX bridge sampling. */ +static void +compose_ipfix_action(const struct ofproto_dpif *ofproto, + struct ofpbuf *odp_actions, + const struct flow *flow) +{ + uint32_t probability; + union user_action_cookie cookie; + + if (!ofproto->ipfix || flow->in_port == OFPP_NONE) { + return; + } + + probability = dpif_ipfix_get_bridge_exporter_probability(ofproto->ipfix); + compose_ipfix_cookie(&cookie); + + compose_sample_action(ofproto, odp_actions, flow, probability, + &cookie, sizeof cookie.ipfix); +} + +/* SAMPLE action for sFlow must be first action in any given list of + * actions. At this point we do not have all information required to + * build it. So try to build sample action as complete as possible. */ +static void +add_sflow_action(struct xlate_ctx *ctx) +{ + ctx->user_cookie_offset = compose_sflow_action(ctx->ofproto, + &ctx->xout->odp_actions, + &ctx->xin->flow, OVSP_NONE); + ctx->sflow_odp_port = 0; + ctx->sflow_n_outputs = 0; +} + +/* SAMPLE action for IPFIX must be 1st or 2nd action in any given list + * of actions, eventually after the SAMPLE action for sFlow. */ +static void +add_ipfix_action(struct xlate_ctx *ctx) +{ + compose_ipfix_action(ctx->ofproto, &ctx->xout->odp_actions, + &ctx->xin->flow); +} + +/* Fix SAMPLE action according to data collected while composing ODP actions. + * We need to fix SAMPLE actions OVS_SAMPLE_ATTR_ACTIONS attribute, i.e. nested + * USERSPACE action's user-cookie which is required for sflow. */ +static void +fix_sflow_action(struct xlate_ctx *ctx) +{ + const struct flow *base = &ctx->base_flow; + union user_action_cookie *cookie; + + if (!ctx->user_cookie_offset) { + return; + } + + cookie = ofpbuf_at(&ctx->xout->odp_actions, ctx->user_cookie_offset, + sizeof cookie->sflow); + ovs_assert(cookie->type == USER_ACTION_COOKIE_SFLOW); + + compose_sflow_cookie(ctx->ofproto, base->vlan_tci, + ctx->sflow_odp_port, ctx->sflow_n_outputs, cookie); +} + +static void +compose_output_action__(struct xlate_ctx *ctx, uint16_t ofp_port, + bool check_stp) +{ + const struct ofport_dpif *ofport = get_ofp_port(ctx->ofproto, ofp_port); + ovs_be16 flow_vlan_tci; + uint32_t flow_skb_mark; + uint8_t flow_nw_tos; + struct priority_to_dscp *pdscp; + uint32_t out_port, odp_port; + + /* If 'struct flow' gets additional metadata, we'll need to zero it out + * before traversing a patch port. */ + BUILD_ASSERT_DECL(FLOW_WC_SEQ == 20); + + if (!ofport) { + xlate_report(ctx, "Nonexistent output port"); + return; + } else if (ofport->up.pp.config & OFPUTIL_PC_NO_FWD) { + xlate_report(ctx, "OFPPC_NO_FWD set, skipping output"); + return; + } else if (check_stp && !stp_forward_in_state(ofport->stp_state)) { + xlate_report(ctx, "STP not in forwarding state, skipping output"); + return; + } + + if (netdev_vport_is_patch(ofport->up.netdev)) { + struct ofport_dpif *peer = ofport_get_peer(ofport); + struct flow old_flow = ctx->xin->flow; + const struct ofproto_dpif *peer_ofproto; + enum slow_path_reason special; + struct ofport_dpif *in_port; + + if (!peer) { + xlate_report(ctx, "Nonexistent patch port peer"); + return; + } + + peer_ofproto = ofproto_dpif_cast(peer->up.ofproto); + if (peer_ofproto->backer != ctx->ofproto->backer) { + xlate_report(ctx, "Patch port peer on a different datapath"); + return; + } + + ctx->ofproto = ofproto_dpif_cast(peer->up.ofproto); + ctx->xin->flow.in_port = peer->up.ofp_port; + ctx->xin->flow.metadata = htonll(0); + memset(&ctx->xin->flow.tunnel, 0, sizeof ctx->xin->flow.tunnel); + memset(ctx->xin->flow.regs, 0, sizeof ctx->xin->flow.regs); + + in_port = get_ofp_port(ctx->ofproto, ctx->xin->flow.in_port); + special = process_special(ctx->ofproto, &ctx->xin->flow, in_port, + ctx->xin->packet); + if (special) { + ctx->xout->slow = special; + } else if (!in_port || may_receive(in_port, ctx)) { + if (!in_port || stp_forward_in_state(in_port->stp_state)) { + xlate_table_action(ctx, ctx->xin->flow.in_port, 0, true); + } else { + /* Forwarding is disabled by STP. Let OFPP_NORMAL and the + * learning action look at the packet, then drop it. */ + struct flow old_base_flow = ctx->base_flow; + size_t old_size = ctx->xout->odp_actions.size; + xlate_table_action(ctx, ctx->xin->flow.in_port, 0, true); + ctx->base_flow = old_base_flow; + ctx->xout->odp_actions.size = old_size; + } + } + + ctx->xin->flow = old_flow; + ctx->ofproto = ofproto_dpif_cast(ofport->up.ofproto); + + if (ctx->xin->resubmit_stats) { + netdev_vport_inc_tx(ofport->up.netdev, ctx->xin->resubmit_stats); + netdev_vport_inc_rx(peer->up.netdev, ctx->xin->resubmit_stats); + } + + return; + } + + flow_vlan_tci = ctx->xin->flow.vlan_tci; + flow_skb_mark = ctx->xin->flow.skb_mark; + flow_nw_tos = ctx->xin->flow.nw_tos; + + pdscp = get_priority(ofport, ctx->xin->flow.skb_priority); + if (pdscp) { + ctx->xin->flow.nw_tos &= ~IP_DSCP_MASK; + ctx->xin->flow.nw_tos |= pdscp->dscp; + } + + if (ofport->tnl_port) { + /* Save tunnel metadata so that changes made due to + * the Logical (tunnel) Port are not visible for any further + * matches, while explicit set actions on tunnel metadata are. + */ + struct flow_tnl flow_tnl = ctx->xin->flow.tunnel; + odp_port = tnl_port_send(ofport->tnl_port, &ctx->xin->flow); + if (odp_port == OVSP_NONE) { + xlate_report(ctx, "Tunneling decided against output"); + goto out; /* restore flow_nw_tos */ + } + if (ctx->xin->flow.tunnel.ip_dst == ctx->orig_tunnel_ip_dst) { + xlate_report(ctx, "Not tunneling to our own address"); + goto out; /* restore flow_nw_tos */ + } + if (ctx->xin->resubmit_stats) { + netdev_vport_inc_tx(ofport->up.netdev, ctx->xin->resubmit_stats); + } + out_port = odp_port; + commit_odp_tunnel_action(&ctx->xin->flow, &ctx->base_flow, + &ctx->xout->odp_actions); + ctx->xin->flow.tunnel = flow_tnl; /* Restore tunnel metadata */ + } else { + uint16_t vlandev_port; + odp_port = ofport->odp_port; + vlandev_port = vsp_realdev_to_vlandev(ctx->ofproto, ofp_port, + ctx->xin->flow.vlan_tci); + if (vlandev_port == ofp_port) { + out_port = odp_port; + } else { + out_port = ofp_port_to_odp_port(ctx->ofproto, vlandev_port); + ctx->xin->flow.vlan_tci = htons(0); + } + ctx->xin->flow.skb_mark &= ~IPSEC_MARK; + } + commit_odp_actions(&ctx->xin->flow, &ctx->base_flow, + &ctx->xout->odp_actions); + nl_msg_put_u32(&ctx->xout->odp_actions, OVS_ACTION_ATTR_OUTPUT, out_port); + + ctx->sflow_odp_port = odp_port; + ctx->sflow_n_outputs++; + ctx->xout->nf_output_iface = ofp_port; + + /* Restore flow */ + ctx->xin->flow.vlan_tci = flow_vlan_tci; + ctx->xin->flow.skb_mark = flow_skb_mark; + out: + ctx->xin->flow.nw_tos = flow_nw_tos; +} + +static void +compose_output_action(struct xlate_ctx *ctx, uint16_t ofp_port) +{ + compose_output_action__(ctx, ofp_port, true); +} + +static void +tag_the_flow(struct xlate_ctx *ctx, struct rule_dpif *rule) +{ + struct ofproto_dpif *ofproto = ctx->ofproto; + uint8_t table_id = ctx->table_id; + + if (table_id > 0 && table_id < N_TABLES) { + struct table_dpif *table = &ofproto->tables[table_id]; + if (table->other_table) { + ctx->xout->tags |= (rule && rule->tag + ? rule->tag + : rule_calculate_tag(&ctx->xin->flow, + &table->other_table->mask, + table->basis)); + } + } +} + +/* Common rule processing in one place to avoid duplicating code. */ +static struct rule_dpif * +ctx_rule_hooks(struct xlate_ctx *ctx, struct rule_dpif *rule, + bool may_packet_in) +{ + if (ctx->xin->resubmit_hook) { + ctx->xin->resubmit_hook(ctx, rule); + } + if (rule == NULL && may_packet_in) { + /* XXX + * check if table configuration flags + * OFPTC_TABLE_MISS_CONTROLLER, default. + * OFPTC_TABLE_MISS_CONTINUE, + * OFPTC_TABLE_MISS_DROP + * When OF1.0, OFPTC_TABLE_MISS_CONTINUE is used. What to do? + */ + rule = rule_dpif_miss_rule(ctx->ofproto, &ctx->xin->flow); + } + if (rule && ctx->xin->resubmit_stats) { + rule_credit_stats(rule, ctx->xin->resubmit_stats); + } + return rule; +} + +static void +xlate_table_action(struct xlate_ctx *ctx, + uint16_t in_port, uint8_t table_id, bool may_packet_in) +{ + if (ctx->recurse < MAX_RESUBMIT_RECURSION) { + struct rule_dpif *rule; + uint16_t old_in_port = ctx->xin->flow.in_port; + uint8_t old_table_id = ctx->table_id; + + ctx->table_id = table_id; + + /* Look up a flow with 'in_port' as the input port. */ + ctx->xin->flow.in_port = in_port; + rule = rule_dpif_lookup_in_table(ctx->ofproto, &ctx->xin->flow, + &ctx->xout->wc, table_id); + + tag_the_flow(ctx, rule); + + /* Restore the original input port. Otherwise OFPP_NORMAL and + * OFPP_IN_PORT will have surprising behavior. */ + ctx->xin->flow.in_port = old_in_port; + + rule = ctx_rule_hooks(ctx, rule, may_packet_in); + + if (rule) { + struct rule_dpif *old_rule = ctx->rule; + + ctx->recurse++; + ctx->rule = rule; + do_xlate_actions(rule->up.ofpacts, rule->up.ofpacts_len, ctx); + ctx->rule = old_rule; + ctx->recurse--; + } + + ctx->table_id = old_table_id; + } else { + static struct vlog_rate_limit recurse_rl = VLOG_RATE_LIMIT_INIT(1, 1); + + VLOG_ERR_RL(&recurse_rl, "resubmit actions recursed over %d times", + MAX_RESUBMIT_RECURSION); + ctx->max_resubmit_trigger = true; + } +} + +static void +xlate_ofpact_resubmit(struct xlate_ctx *ctx, + const struct ofpact_resubmit *resubmit) +{ + uint16_t in_port; + uint8_t table_id; + + in_port = resubmit->in_port; + if (in_port == OFPP_IN_PORT) { + in_port = ctx->xin->flow.in_port; + } + + table_id = resubmit->table_id; + if (table_id == 255) { + table_id = ctx->table_id; + } + + xlate_table_action(ctx, in_port, table_id, false); +} + +static void +flood_packets(struct xlate_ctx *ctx, bool all) +{ + struct ofport_dpif *ofport; + + HMAP_FOR_EACH (ofport, up.hmap_node, &ctx->ofproto->up.ports) { + uint16_t ofp_port = ofport->up.ofp_port; + + if (ofp_port == ctx->xin->flow.in_port) { + continue; + } + + if (all) { + compose_output_action__(ctx, ofp_port, false); + } else if (!(ofport->up.pp.config & OFPUTIL_PC_NO_FLOOD)) { + compose_output_action(ctx, ofp_port); + } + } + + ctx->xout->nf_output_iface = NF_OUT_FLOOD; +} + +static void +execute_controller_action(struct xlate_ctx *ctx, int len, + enum ofp_packet_in_reason reason, + uint16_t controller_id) +{ + struct ofputil_packet_in pin; + struct ofpbuf *packet; + struct flow key; + + ovs_assert(!ctx->xout->slow || ctx->xout->slow == SLOW_CONTROLLER); + ctx->xout->slow = SLOW_CONTROLLER; + if (!ctx->xin->packet) { + return; + } + + packet = ofpbuf_clone(ctx->xin->packet); + + key.skb_priority = 0; + key.skb_mark = 0; + memset(&key.tunnel, 0, sizeof key.tunnel); + + commit_odp_actions(&ctx->xin->flow, &ctx->base_flow, + &ctx->xout->odp_actions); + + odp_execute_actions(NULL, packet, &key, ctx->xout->odp_actions.data, + ctx->xout->odp_actions.size, NULL, NULL); + + pin.packet = packet->data; + pin.packet_len = packet->size; + pin.reason = reason; + pin.controller_id = controller_id; + pin.table_id = ctx->table_id; + pin.cookie = ctx->rule ? ctx->rule->up.flow_cookie : 0; + + pin.send_len = len; + flow_get_metadata(&ctx->xin->flow, &pin.fmd); + + connmgr_send_packet_in(ctx->ofproto->up.connmgr, &pin); + ofpbuf_delete(packet); +} + +static void +execute_mpls_push_action(struct xlate_ctx *ctx, ovs_be16 eth_type) +{ + ovs_assert(eth_type_mpls(eth_type)); + + memset(&ctx->xout->wc.masks.dl_type, 0xff, + sizeof ctx->xout->wc.masks.dl_type); + memset(&ctx->xout->wc.masks.mpls_lse, 0xff, + sizeof ctx->xout->wc.masks.mpls_lse); + memset(&ctx->xout->wc.masks.mpls_depth, 0xff, + sizeof ctx->xout->wc.masks.mpls_depth); + + if (ctx->base_flow.mpls_depth) { + ctx->xin->flow.mpls_lse &= ~htonl(MPLS_BOS_MASK); + ctx->xin->flow.mpls_depth++; + } else { + ovs_be32 label; + uint8_t tc, ttl; + + if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IPV6)) { + label = htonl(0x2); /* IPV6 Explicit Null. */ + } else { + label = htonl(0x0); /* IPV4 Explicit Null. */ + } + tc = (ctx->xin->flow.nw_tos & IP_DSCP_MASK) >> 2; + ttl = ctx->xin->flow.nw_ttl ? ctx->xin->flow.nw_ttl : 0x40; + ctx->xin->flow.mpls_lse = set_mpls_lse_values(ttl, tc, 1, label); + ctx->xin->flow.mpls_depth = 1; + } + ctx->xin->flow.dl_type = eth_type; +} + +static void +execute_mpls_pop_action(struct xlate_ctx *ctx, ovs_be16 eth_type) +{ + ovs_assert(eth_type_mpls(ctx->xin->flow.dl_type)); + ovs_assert(!eth_type_mpls(eth_type)); + + memset(&ctx->xout->wc.masks.dl_type, 0xff, + sizeof ctx->xout->wc.masks.dl_type); + memset(&ctx->xout->wc.masks.mpls_lse, 0xff, + sizeof ctx->xout->wc.masks.mpls_lse); + memset(&ctx->xout->wc.masks.mpls_depth, 0xff, + sizeof ctx->xout->wc.masks.mpls_depth); + + if (ctx->xin->flow.mpls_depth) { + ctx->xin->flow.mpls_depth--; + ctx->xin->flow.mpls_lse = htonl(0); + if (!ctx->xin->flow.mpls_depth) { + ctx->xin->flow.dl_type = eth_type; + } + } +} + +static bool +compose_dec_ttl(struct xlate_ctx *ctx, struct ofpact_cnt_ids *ids) +{ + if (ctx->xin->flow.dl_type != htons(ETH_TYPE_IP) && + ctx->xin->flow.dl_type != htons(ETH_TYPE_IPV6)) { + return false; + } + + if (ctx->xin->flow.nw_ttl > 1) { + ctx->xin->flow.nw_ttl--; + return false; + } else { + size_t i; + + for (i = 0; i < ids->n_controllers; i++) { + execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL, + ids->cnt_ids[i]); + } + + /* Stop processing for current table. */ + return true; + } +} + +static bool +execute_set_mpls_ttl_action(struct xlate_ctx *ctx, uint8_t ttl) +{ + if (!eth_type_mpls(ctx->xin->flow.dl_type)) { + return true; + } + + set_mpls_lse_ttl(&ctx->xin->flow.mpls_lse, ttl); + return false; +} + +static bool +execute_dec_mpls_ttl_action(struct xlate_ctx *ctx) +{ + uint8_t ttl = mpls_lse_to_ttl(ctx->xin->flow.mpls_lse); + + if (!eth_type_mpls(ctx->xin->flow.dl_type)) { + return false; + } + + if (ttl > 1) { + ttl--; + set_mpls_lse_ttl(&ctx->xin->flow.mpls_lse, ttl); + return false; + } else { + execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL, 0); + + /* Stop processing for current table. */ + return true; + } +} + +static void +xlate_output_action(struct xlate_ctx *ctx, + uint16_t port, uint16_t max_len, bool may_packet_in) +{ + uint16_t prev_nf_output_iface = ctx->xout->nf_output_iface; + + ctx->xout->nf_output_iface = NF_OUT_DROP; + + switch (port) { + case OFPP_IN_PORT: + compose_output_action(ctx, ctx->xin->flow.in_port); + break; + case OFPP_TABLE: + xlate_table_action(ctx, ctx->xin->flow.in_port, 0, may_packet_in); + break; + case OFPP_NORMAL: + xlate_normal(ctx); + break; + case OFPP_FLOOD: + flood_packets(ctx, false); + break; + case OFPP_ALL: + flood_packets(ctx, true); + break; + case OFPP_CONTROLLER: + execute_controller_action(ctx, max_len, OFPR_ACTION, 0); + break; + case OFPP_NONE: + break; + case OFPP_LOCAL: + default: + if (port != ctx->xin->flow.in_port) { + compose_output_action(ctx, port); + } else { + xlate_report(ctx, "skipping output to input port"); + } + break; + } + + if (prev_nf_output_iface == NF_OUT_FLOOD) { + ctx->xout->nf_output_iface = NF_OUT_FLOOD; + } else if (ctx->xout->nf_output_iface == NF_OUT_DROP) { + ctx->xout->nf_output_iface = prev_nf_output_iface; + } else if (prev_nf_output_iface != NF_OUT_DROP && + ctx->xout->nf_output_iface != NF_OUT_FLOOD) { + ctx->xout->nf_output_iface = NF_OUT_MULTI; + } +} + +static void +xlate_output_reg_action(struct xlate_ctx *ctx, + const struct ofpact_output_reg *or) +{ + uint64_t port = mf_get_subfield(&or->src, &ctx->xin->flow); + if (port <= UINT16_MAX) { + union mf_subvalue value; + + memset(&value, 0xff, sizeof value); + mf_write_subfield_flow(&or->src, &value, &ctx->xout->wc.masks); + xlate_output_action(ctx, port, or->max_len, false); + } +} + +static void +xlate_enqueue_action(struct xlate_ctx *ctx, + const struct ofpact_enqueue *enqueue) +{ + uint16_t ofp_port = enqueue->port; + uint32_t queue_id = enqueue->queue; + uint32_t flow_priority, priority; + int error; + + /* Translate queue to priority. */ + error = dpif_queue_to_priority(ctx->ofproto->backer->dpif, + queue_id, &priority); + if (error) { + /* Fall back to ordinary output action. */ + xlate_output_action(ctx, enqueue->port, 0, false); + return; + } + + /* Check output port. */ + if (ofp_port == OFPP_IN_PORT) { + ofp_port = ctx->xin->flow.in_port; + } else if (ofp_port == ctx->xin->flow.in_port) { + return; + } + + /* Add datapath actions. */ + flow_priority = ctx->xin->flow.skb_priority; + ctx->xin->flow.skb_priority = priority; + compose_output_action(ctx, ofp_port); + ctx->xin->flow.skb_priority = flow_priority; + + /* Update NetFlow output port. */ + if (ctx->xout->nf_output_iface == NF_OUT_DROP) { + ctx->xout->nf_output_iface = ofp_port; + } else if (ctx->xout->nf_output_iface != NF_OUT_FLOOD) { + ctx->xout->nf_output_iface = NF_OUT_MULTI; + } +} + +static void +xlate_set_queue_action(struct xlate_ctx *ctx, uint32_t queue_id) +{ + uint32_t skb_priority; + + if (!dpif_queue_to_priority(ctx->ofproto->backer->dpif, + queue_id, &skb_priority)) { + ctx->xin->flow.skb_priority = skb_priority; + } else { + /* Couldn't translate queue to a priority. Nothing to do. A warning + * has already been logged. */ + } +} + +static bool +slave_enabled_cb(uint16_t ofp_port, void *ofproto_) +{ + struct ofproto_dpif *ofproto = ofproto_; + struct ofport_dpif *port; + + switch (ofp_port) { + case OFPP_IN_PORT: + case OFPP_TABLE: + case OFPP_NORMAL: + case OFPP_FLOOD: + case OFPP_ALL: + case OFPP_NONE: + return true; + case OFPP_CONTROLLER: /* Not supported by the bundle action. */ + return false; + default: + port = get_ofp_port(ofproto, ofp_port); + return port ? port->may_enable : false; + } +} + +static void +xlate_bundle_action(struct xlate_ctx *ctx, + const struct ofpact_bundle *bundle) +{ + uint16_t port; + + port = bundle_execute(bundle, &ctx->xin->flow, &ctx->xout->wc, + slave_enabled_cb, ctx->ofproto); + if (bundle->dst.field) { + nxm_reg_load(&bundle->dst, port, &ctx->xin->flow); + } else { + xlate_output_action(ctx, port, 0, false); + } +} + +static void +xlate_learn_action(struct xlate_ctx *ctx, + const struct ofpact_learn *learn) +{ + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); + struct ofputil_flow_mod fm; + uint64_t ofpacts_stub[1024 / 8]; + struct ofpbuf ofpacts; + int error; + + ctx->xout->has_learn = true; + + learn_mask(learn, &ctx->xout->wc); + + if (!ctx->xin->may_learn) { + return; + } + + ofpbuf_use_stack(&ofpacts, ofpacts_stub, sizeof ofpacts_stub); + learn_execute(learn, &ctx->xin->flow, &fm, &ofpacts); + + error = ofproto_flow_mod(&ctx->ofproto->up, &fm); + if (error && !VLOG_DROP_WARN(&rl)) { + VLOG_WARN("learning action failed to modify flow table (%s)", + ofperr_get_name(error)); + } + + ofpbuf_uninit(&ofpacts); +} + +/* Reduces '*timeout' to no more than 'max'. A value of zero in either case + * means "infinite". */ +static void +reduce_timeout(uint16_t max, uint16_t *timeout) +{ + if (max && (!*timeout || *timeout > max)) { + *timeout = max; + } +} + +static void +xlate_fin_timeout(struct xlate_ctx *ctx, + const struct ofpact_fin_timeout *oft) +{ + if (ctx->xin->tcp_flags & (TCP_FIN | TCP_RST) && ctx->rule) { + struct rule_dpif *rule = ctx->rule; + + reduce_timeout(oft->fin_idle_timeout, &rule->up.idle_timeout); + reduce_timeout(oft->fin_hard_timeout, &rule->up.hard_timeout); + } +} + +static void +xlate_sample_action(struct xlate_ctx *ctx, + const struct ofpact_sample *os) +{ + union user_action_cookie cookie; + /* Scale the probability from 16-bit to 32-bit while representing + * the same percentage. */ + uint32_t probability = (os->probability << 16) | os->probability; + + commit_odp_actions(&ctx->xin->flow, &ctx->base_flow, + &ctx->xout->odp_actions); + + compose_flow_sample_cookie(os->probability, os->collector_set_id, + os->obs_domain_id, os->obs_point_id, &cookie); + compose_sample_action(ctx->ofproto, &ctx->xout->odp_actions, &ctx->xin->flow, + probability, &cookie, sizeof cookie.flow_sample); +} + +static bool +may_receive(const struct ofport_dpif *port, struct xlate_ctx *ctx) +{ + if (port->up.pp.config & (eth_addr_equals(ctx->xin->flow.dl_dst, + eth_addr_stp) + ? OFPUTIL_PC_NO_RECV_STP + : OFPUTIL_PC_NO_RECV)) { + return false; + } + + /* Only drop packets here if both forwarding and learning are + * disabled. If just learning is enabled, we need to have + * OFPP_NORMAL and the learning action have a look at the packet + * before we can drop it. */ + if (!stp_forward_in_state(port->stp_state) + && !stp_learn_in_state(port->stp_state)) { + return false; + } + + return true; +} + +static bool +tunnel_ecn_ok(struct xlate_ctx *ctx) +{ + if (is_ip_any(&ctx->base_flow) + && (ctx->xin->flow.tunnel.ip_tos & IP_ECN_MASK) == IP_ECN_CE) { + if ((ctx->base_flow.nw_tos & IP_ECN_MASK) == IP_ECN_NOT_ECT) { + VLOG_WARN_RL(&rl, "dropping tunnel packet marked ECN CE" + " but is not ECN capable"); + return false; + } else { + /* Set the ECN CE value in the tunneled packet. */ + ctx->xin->flow.nw_tos |= IP_ECN_CE; + } + } + + return true; +} + +static void +do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, + struct xlate_ctx *ctx) +{ + bool was_evictable = true; + const struct ofpact *a; + + if (ctx->rule) { + /* Don't let the rule we're working on get evicted underneath us. */ + was_evictable = ctx->rule->up.evictable; + ctx->rule->up.evictable = false; + } + + do_xlate_actions_again: + OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) { + struct ofpact_controller *controller; + const struct ofpact_metadata *metadata; + + if (ctx->exit) { + break; + } + + switch (a->type) { + case OFPACT_OUTPUT: + xlate_output_action(ctx, ofpact_get_OUTPUT(a)->port, + ofpact_get_OUTPUT(a)->max_len, true); + break; + + case OFPACT_CONTROLLER: + controller = ofpact_get_CONTROLLER(a); + execute_controller_action(ctx, controller->max_len, + controller->reason, + controller->controller_id); + break; + + case OFPACT_ENQUEUE: + xlate_enqueue_action(ctx, ofpact_get_ENQUEUE(a)); + break; + + case OFPACT_SET_VLAN_VID: + ctx->xin->flow.vlan_tci &= ~htons(VLAN_VID_MASK); + ctx->xin->flow.vlan_tci |= + (htons(ofpact_get_SET_VLAN_VID(a)->vlan_vid) + | htons(VLAN_CFI)); + break; + + case OFPACT_SET_VLAN_PCP: + ctx->xin->flow.vlan_tci &= ~htons(VLAN_PCP_MASK); + ctx->xin->flow.vlan_tci |= + htons((ofpact_get_SET_VLAN_PCP(a)->vlan_pcp << VLAN_PCP_SHIFT) + | VLAN_CFI); + break; + + case OFPACT_STRIP_VLAN: + ctx->xin->flow.vlan_tci = htons(0); + break; + + case OFPACT_PUSH_VLAN: + /* XXX 802.1AD(QinQ) */ + ctx->xin->flow.vlan_tci = htons(VLAN_CFI); + break; + + case OFPACT_SET_ETH_SRC: + memcpy(ctx->xin->flow.dl_src, ofpact_get_SET_ETH_SRC(a)->mac, + ETH_ADDR_LEN); + break; + + case OFPACT_SET_ETH_DST: + memcpy(ctx->xin->flow.dl_dst, ofpact_get_SET_ETH_DST(a)->mac, + ETH_ADDR_LEN); + break; + + case OFPACT_SET_IPV4_SRC: + memset(&ctx->xout->wc.masks.dl_type, 0xff, + sizeof ctx->xout->wc.masks.dl_type); + if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IP)) { + ctx->xin->flow.nw_src = ofpact_get_SET_IPV4_SRC(a)->ipv4; + } + break; + + case OFPACT_SET_IPV4_DST: + memset(&ctx->xout->wc.masks.dl_type, 0xff, + sizeof ctx->xout->wc.masks.dl_type); + if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IP)) { + ctx->xin->flow.nw_dst = ofpact_get_SET_IPV4_DST(a)->ipv4; + } + break; + + case OFPACT_SET_IPV4_DSCP: + /* OpenFlow 1.0 only supports IPv4. */ + memset(&ctx->xout->wc.masks.dl_type, 0xff, + sizeof ctx->xout->wc.masks.dl_type); + if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IP)) { + ctx->xin->flow.nw_tos &= ~IP_DSCP_MASK; + ctx->xin->flow.nw_tos |= ofpact_get_SET_IPV4_DSCP(a)->dscp; + } + break; + + case OFPACT_SET_L4_SRC_PORT: + memset(&ctx->xout->wc.masks.dl_type, 0xff, + sizeof ctx->xout->wc.masks.dl_type); + memset(&ctx->xout->wc.masks.nw_proto, 0xff, + sizeof ctx->xout->wc.masks.nw_proto); + if (is_ip_any(&ctx->xin->flow)) { + ctx->xin->flow.tp_src = + htons(ofpact_get_SET_L4_SRC_PORT(a)->port); + } + break; + + case OFPACT_SET_L4_DST_PORT: + memset(&ctx->xout->wc.masks.dl_type, 0xff, + sizeof ctx->xout->wc.masks.dl_type); + memset(&ctx->xout->wc.masks.nw_proto, 0xff, + sizeof ctx->xout->wc.masks.nw_proto); + if (is_ip_any(&ctx->xin->flow)) { + ctx->xin->flow.tp_dst = + htons(ofpact_get_SET_L4_DST_PORT(a)->port); + } + break; + + case OFPACT_RESUBMIT: + xlate_ofpact_resubmit(ctx, ofpact_get_RESUBMIT(a)); + break; + + case OFPACT_SET_TUNNEL: + ctx->xin->flow.tunnel.tun_id = + htonll(ofpact_get_SET_TUNNEL(a)->tun_id); + break; + + case OFPACT_SET_QUEUE: + xlate_set_queue_action(ctx, ofpact_get_SET_QUEUE(a)->queue_id); + break; + + case OFPACT_POP_QUEUE: + memset(&ctx->xout->wc.masks.skb_priority, 0xff, + sizeof ctx->xout->wc.masks.skb_priority); + + ctx->xin->flow.skb_priority = ctx->orig_skb_priority; + break; + + case OFPACT_REG_MOVE: + nxm_execute_reg_move(ofpact_get_REG_MOVE(a), &ctx->xin->flow, + &ctx->xout->wc); + break; + + case OFPACT_REG_LOAD: + nxm_execute_reg_load(ofpact_get_REG_LOAD(a), &ctx->xin->flow); + break; + + case OFPACT_STACK_PUSH: + nxm_execute_stack_push(ofpact_get_STACK_PUSH(a), &ctx->xin->flow, + &ctx->xout->wc, &ctx->stack); + break; + + case OFPACT_STACK_POP: + nxm_execute_stack_pop(ofpact_get_STACK_POP(a), &ctx->xin->flow, + &ctx->stack); + break; + + case OFPACT_PUSH_MPLS: + execute_mpls_push_action(ctx, ofpact_get_PUSH_MPLS(a)->ethertype); + break; + + case OFPACT_POP_MPLS: + execute_mpls_pop_action(ctx, ofpact_get_POP_MPLS(a)->ethertype); + break; + + case OFPACT_SET_MPLS_TTL: + if (execute_set_mpls_ttl_action(ctx, + ofpact_get_SET_MPLS_TTL(a)->ttl)) { + goto out; + } + break; + + case OFPACT_DEC_MPLS_TTL: + if (execute_dec_mpls_ttl_action(ctx)) { + goto out; + } + break; + + case OFPACT_DEC_TTL: + memset(&ctx->xout->wc.masks.dl_type, 0xff, + sizeof ctx->xout->wc.masks.dl_type); + if (compose_dec_ttl(ctx, ofpact_get_DEC_TTL(a))) { + goto out; + } + break; + + case OFPACT_NOTE: + /* Nothing to do. */ + break; + + case OFPACT_MULTIPATH: + multipath_execute(ofpact_get_MULTIPATH(a), &ctx->xin->flow, + &ctx->xout->wc); + break; + + case OFPACT_BUNDLE: + ctx->ofproto->has_bundle_action = true; + xlate_bundle_action(ctx, ofpact_get_BUNDLE(a)); + break; + + case OFPACT_OUTPUT_REG: + xlate_output_reg_action(ctx, ofpact_get_OUTPUT_REG(a)); + break; + + case OFPACT_LEARN: + xlate_learn_action(ctx, ofpact_get_LEARN(a)); + break; + + case OFPACT_EXIT: + ctx->exit = true; + break; + + case OFPACT_FIN_TIMEOUT: + memset(&ctx->xout->wc.masks.dl_type, 0xff, + sizeof ctx->xout->wc.masks.dl_type); + memset(&ctx->xout->wc.masks.nw_proto, 0xff, + sizeof ctx->xout->wc.masks.nw_proto); + ctx->xout->has_fin_timeout = true; + xlate_fin_timeout(ctx, ofpact_get_FIN_TIMEOUT(a)); + break; + + case OFPACT_CLEAR_ACTIONS: + /* XXX + * Nothing to do because writa-actions is not supported for now. + * When writa-actions is supported, clear-actions also must + * be supported at the same time. + */ + break; + + case OFPACT_WRITE_METADATA: + metadata = ofpact_get_WRITE_METADATA(a); + ctx->xin->flow.metadata &= ~metadata->mask; + ctx->xin->flow.metadata |= metadata->metadata & metadata->mask; + break; + + case OFPACT_GOTO_TABLE: { + /* It is assumed that goto-table is the last action. */ + struct ofpact_goto_table *ogt = ofpact_get_GOTO_TABLE(a); + struct rule_dpif *rule; + + ovs_assert(ctx->table_id < ogt->table_id); + + ctx->table_id = ogt->table_id; + + /* Look up a flow from the new table. */ + rule = rule_dpif_lookup_in_table(ctx->ofproto, &ctx->xin->flow, + &ctx->xout->wc, ctx->table_id); + + tag_the_flow(ctx, rule); + + rule = ctx_rule_hooks(ctx, rule, true); + + if (rule) { + if (ctx->rule) { + ctx->rule->up.evictable = was_evictable; + } + ctx->rule = rule; + was_evictable = rule->up.evictable; + rule->up.evictable = false; + + /* Tail recursion removal. */ + ofpacts = rule->up.ofpacts; + ofpacts_len = rule->up.ofpacts_len; + goto do_xlate_actions_again; + } + break; + } + + case OFPACT_SAMPLE: + xlate_sample_action(ctx, ofpact_get_SAMPLE(a)); + break; + } + } + +out: + if (ctx->rule) { + ctx->rule->up.evictable = was_evictable; + } +} + +void +xlate_in_init(struct xlate_in *xin, struct ofproto_dpif *ofproto, + const struct flow *flow, struct rule_dpif *rule, + uint8_t tcp_flags, const struct ofpbuf *packet) +{ + xin->ofproto = ofproto; + xin->flow = *flow; + xin->packet = packet; + xin->may_learn = packet != NULL; + xin->rule = rule; + xin->ofpacts = NULL; + xin->ofpacts_len = 0; + xin->tcp_flags = tcp_flags; + xin->resubmit_hook = NULL; + xin->report_hook = NULL; + xin->resubmit_stats = NULL; +} + +void +xlate_out_uninit(struct xlate_out *xout) +{ + if (xout) { + ofpbuf_uninit(&xout->odp_actions); + } +} + +/* Translates the 'ofpacts_len' bytes of "struct ofpact"s starting at 'ofpacts' + * into datapath actions, using 'ctx', and discards the datapath actions. */ +void +xlate_actions_for_side_effects(struct xlate_in *xin) +{ + struct xlate_out xout; + + xlate_actions(xin, &xout); + xlate_out_uninit(&xout); +} + +static void +xlate_report(struct xlate_ctx *ctx, const char *s) +{ + if (ctx->xin->report_hook) { + ctx->xin->report_hook(ctx, s); + } +} + +void +xlate_out_copy(struct xlate_out *dst, const struct xlate_out *src) +{ + dst->wc = src->wc; + dst->tags = src->tags; + dst->slow = src->slow; + dst->has_learn = src->has_learn; + dst->has_normal = src->has_normal; + dst->has_fin_timeout = src->has_fin_timeout; + dst->nf_output_iface = src->nf_output_iface; + dst->mirrors = src->mirrors; + + ofpbuf_use_stub(&dst->odp_actions, dst->odp_actions_stub, + sizeof dst->odp_actions_stub); + ofpbuf_put(&dst->odp_actions, src->odp_actions.data, + src->odp_actions.size); +} + + +/* Translates the 'ofpacts_len' bytes of "struct ofpacts" starting at 'ofpacts' + * into datapath actions in 'odp_actions', using 'ctx'. */ +void +xlate_actions(struct xlate_in *xin, struct xlate_out *xout) +{ + /* Normally false. Set to true if we ever hit MAX_RESUBMIT_RECURSION, so + * that in the future we always keep a copy of the original flow for + * tracing purposes. */ + static bool hit_resubmit_limit; + + enum slow_path_reason special; + const struct ofpact *ofpacts; + struct ofport_dpif *in_port; + struct flow orig_flow; + struct xlate_ctx ctx; + size_t ofpacts_len; + + COVERAGE_INC(ofproto_dpif_xlate); + + /* Flow initialization rules: + * - 'base_flow' must match the kernel's view of the packet at the + * time that action processing starts. 'flow' represents any + * transformations we wish to make through actions. + * - By default 'base_flow' and 'flow' are the same since the input + * packet matches the output before any actions are applied. + * - When using VLAN splinters, 'base_flow''s VLAN is set to the value + * of the received packet as seen by the kernel. If we later output + * to another device without any modifications this will cause us to + * insert a new tag since the original one was stripped off by the + * VLAN device. + * - Tunnel metadata as received is retained in 'flow'. This allows + * tunnel metadata matching also in later tables. + * Since a kernel action for setting the tunnel metadata will only be + * generated with actual tunnel output, changing the tunnel metadata + * values in 'flow' (such as tun_id) will only have effect with a later + * tunnel output action. + * - Tunnel 'base_flow' is completely cleared since that is what the + * kernel does. If we wish to maintain the original values an action + * needs to be generated. */ + + ctx.xin = xin; + ctx.xout = xout; + + ctx.ofproto = xin->ofproto; + ctx.rule = xin->rule; + + ctx.base_flow = ctx.xin->flow; + memset(&ctx.base_flow.tunnel, 0, sizeof ctx.base_flow.tunnel); + ctx.orig_tunnel_ip_dst = ctx.xin->flow.tunnel.ip_dst; + + flow_wildcards_init_catchall(&ctx.xout->wc); + memset(&ctx.xout->wc.masks.in_port, 0xff, + sizeof ctx.xout->wc.masks.in_port); + + if (tnl_port_should_receive(&ctx.xin->flow)) { + memset(&ctx.xout->wc.masks.tunnel, 0xff, + sizeof ctx.xout->wc.masks.tunnel); + } + + /* Disable most wildcarding for NetFlow. */ + if (xin->ofproto->netflow) { + memset(&ctx.xout->wc.masks.dl_src, 0xff, + sizeof ctx.xout->wc.masks.dl_src); + memset(&ctx.xout->wc.masks.dl_dst, 0xff, + sizeof ctx.xout->wc.masks.dl_dst); + memset(&ctx.xout->wc.masks.dl_type, 0xff, + sizeof ctx.xout->wc.masks.dl_type); + memset(&ctx.xout->wc.masks.vlan_tci, 0xff, + sizeof ctx.xout->wc.masks.vlan_tci); + memset(&ctx.xout->wc.masks.nw_proto, 0xff, + sizeof ctx.xout->wc.masks.nw_proto); + memset(&ctx.xout->wc.masks.nw_src, 0xff, + sizeof ctx.xout->wc.masks.nw_src); + memset(&ctx.xout->wc.masks.nw_dst, 0xff, + sizeof ctx.xout->wc.masks.nw_dst); + memset(&ctx.xout->wc.masks.tp_src, 0xff, + sizeof ctx.xout->wc.masks.tp_src); + memset(&ctx.xout->wc.masks.tp_dst, 0xff, + sizeof ctx.xout->wc.masks.tp_dst); + } + + ctx.xout->tags = 0; + ctx.xout->slow = 0; + ctx.xout->has_learn = false; + ctx.xout->has_normal = false; + ctx.xout->has_fin_timeout = false; + ctx.xout->nf_output_iface = NF_OUT_DROP; + ctx.xout->mirrors = 0; + + ofpbuf_use_stub(&ctx.xout->odp_actions, ctx.xout->odp_actions_stub, + sizeof ctx.xout->odp_actions_stub); + ofpbuf_reserve(&ctx.xout->odp_actions, NL_A_U32_SIZE); + + ctx.recurse = 0; + ctx.max_resubmit_trigger = false; + ctx.orig_skb_priority = ctx.xin->flow.skb_priority; + ctx.table_id = 0; + ctx.exit = false; + + if (xin->ofpacts) { + ofpacts = xin->ofpacts; + ofpacts_len = xin->ofpacts_len; + } else if (xin->rule) { + ofpacts = xin->rule->up.ofpacts; + ofpacts_len = xin->rule->up.ofpacts_len; + } else { + NOT_REACHED(); + } + + ofpbuf_use_stub(&ctx.stack, ctx.init_stack, sizeof ctx.init_stack); + + if (ctx.ofproto->has_mirrors || hit_resubmit_limit) { + /* Do this conditionally because the copy is expensive enough that it + * shows up in profiles. */ + orig_flow = ctx.xin->flow; + } + + if (ctx.xin->flow.nw_frag & FLOW_NW_FRAG_ANY) { + switch (ctx.ofproto->up.frag_handling) { + case OFPC_FRAG_NORMAL: + /* We must pretend that transport ports are unavailable. */ + ctx.xin->flow.tp_src = ctx.base_flow.tp_src = htons(0); + ctx.xin->flow.tp_dst = ctx.base_flow.tp_dst = htons(0); + break; + + case OFPC_FRAG_DROP: + return; + + case OFPC_FRAG_REASM: + NOT_REACHED(); + + case OFPC_FRAG_NX_MATCH: + /* Nothing to do. */ + break; + + case OFPC_INVALID_TTL_TO_CONTROLLER: + NOT_REACHED(); + } + } + + in_port = get_ofp_port(ctx.ofproto, ctx.xin->flow.in_port); + special = process_special(ctx.ofproto, &ctx.xin->flow, in_port, + ctx.xin->packet); + if (special) { + ctx.xout->slow = special; + } else { + static struct vlog_rate_limit trace_rl = VLOG_RATE_LIMIT_INIT(1, 1); + size_t sample_actions_len; + uint32_t local_odp_port; + + if (ctx.xin->flow.in_port + != vsp_realdev_to_vlandev(ctx.ofproto, ctx.xin->flow.in_port, + ctx.xin->flow.vlan_tci)) { + ctx.base_flow.vlan_tci = 0; + } + + add_sflow_action(&ctx); + add_ipfix_action(&ctx); + sample_actions_len = ctx.xout->odp_actions.size; + + if (tunnel_ecn_ok(&ctx) && (!in_port || may_receive(in_port, &ctx))) { + do_xlate_actions(ofpacts, ofpacts_len, &ctx); + + /* We've let OFPP_NORMAL and the learning action look at the + * packet, so drop it now if forwarding is disabled. */ + if (in_port && !stp_forward_in_state(in_port->stp_state)) { + ctx.xout->odp_actions.size = sample_actions_len; + } + } + + if (ctx.max_resubmit_trigger && !ctx.xin->resubmit_hook) { + if (!hit_resubmit_limit) { + /* We didn't record the original flow. Make sure we do from + * now on. */ + hit_resubmit_limit = true; + } else if (!VLOG_DROP_ERR(&trace_rl)) { + struct ds ds = DS_EMPTY_INITIALIZER; + + ofproto_trace(ctx.ofproto, &orig_flow, ctx.xin->packet, &ds); + VLOG_ERR("Trace triggered by excessive resubmit " + "recursion:\n%s", ds_cstr(&ds)); + ds_destroy(&ds); + } + } + + local_odp_port = ofp_port_to_odp_port(ctx.ofproto, OFPP_LOCAL); + if (!connmgr_must_output_local(ctx.ofproto->up.connmgr, &ctx.xin->flow, + local_odp_port, + ctx.xout->odp_actions.data, + ctx.xout->odp_actions.size)) { + compose_output_action(&ctx, OFPP_LOCAL); + } + if (ctx.ofproto->has_mirrors) { + add_mirror_actions(&ctx, &orig_flow); + } + fix_sflow_action(&ctx); + } + + ofpbuf_uninit(&ctx.stack); + + /* Clear the metadata and register wildcard masks, because we won't + * use non-header fields as part of the cache. */ + memset(&ctx.xout->wc.masks.metadata, 0, + sizeof ctx.xout->wc.masks.metadata); + memset(&ctx.xout->wc.masks.regs, 0, sizeof ctx.xout->wc.masks.regs); +} diff --git a/ofproto/ofproto-dpif-xlate.h b/ofproto/ofproto-dpif-xlate.h new file mode 100644 index 000000000..bffd21727 --- /dev/null +++ b/ofproto/ofproto-dpif-xlate.h @@ -0,0 +1,152 @@ +/* Copyright (c) 2009, 2010, 2011, 2012, 2013 Nicira, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ + +#ifndef OFPROT_DPIF_XLATE_H +#define OFPROT_DPIF_XLATE_H 1 + +#include "flow.h" +#include "meta-flow.h" +#include "odp-util.h" +#include "ofpbuf.h" +#include "ofproto-dpif.h" +#include "tag.h" + +/* Maximum depth of flow table recursion (due to resubmit actions) in a + * flow translation. */ +#define MAX_RESUBMIT_RECURSION 64 + +struct xlate_ctx; + +struct xlate_out { + /* Wildcards relevant in translation. Any fields that were used to + * calculate the action must be set for caching and kernel + * wildcarding to work. For example, if the flow lookup involved + * performing the "normal" action on IPv4 and ARP packets, 'wc' + * would have the 'in_port' (always set), 'dl_type' (flow match), + * 'vlan_tci' (normal action), and 'dl_dst' (normal action) fields + * set. */ + struct flow_wildcards wc; + + tag_type tags; /* Tags associated with actions. */ + enum slow_path_reason slow; /* 0 if fast path may be used. */ + bool has_learn; /* Actions include NXAST_LEARN? */ + bool has_normal; /* Actions output to OFPP_NORMAL? */ + bool has_fin_timeout; /* Actions include NXAST_FIN_TIMEOUT? */ + uint16_t nf_output_iface; /* Output interface index for NetFlow. */ + mirror_mask_t mirrors; /* Bitmap of associated mirrors. */ + + uint64_t odp_actions_stub[256 / 8]; + struct ofpbuf odp_actions; +}; + +struct xlate_in { + struct ofproto_dpif *ofproto; + + /* Flow to which the OpenFlow actions apply. xlate_actions() will modify + * this flow when actions change header fields. */ + struct flow flow; + + /* The packet corresponding to 'flow', or a null pointer if we are + * revalidating without a packet to refer to. */ + const struct ofpbuf *packet; + + /* Should OFPP_NORMAL update the MAC learning table? Should "learn" + * actions update the flow table? + * + * We want to update these tables if we are actually processing a packet, + * or if we are accounting for packets that the datapath has processed, but + * not if we are just revalidating. */ + bool may_learn; + + /* The rule initiating translation or NULL. */ + struct rule_dpif *rule; + + /* The actions to translate. If 'rule' is not NULL, these may be NULL. */ + const struct ofpact *ofpacts; + size_t ofpacts_len; + + /* Union of the set of TCP flags seen so far in this flow. (Used only by + * NXAST_FIN_TIMEOUT. Set to zero to avoid updating updating rules' + * timeouts.) */ + uint8_t tcp_flags; + + /* If nonnull, flow translation calls this function just before executing a + * resubmit or OFPP_TABLE action. In addition, disables logging of traces + * when the recursion depth is exceeded. + * + * 'rule' is the rule being submitted into. It will be null if the + * resubmit or OFPP_TABLE action didn't find a matching rule. + * + * This is normally null so the client has to set it manually after + * calling xlate_in_init(). */ + void (*resubmit_hook)(struct xlate_ctx *, struct rule_dpif *rule); + + /* If nonnull, flow translation calls this function to report some + * significant decision, e.g. to explain why OFPP_NORMAL translation + * dropped a packet. */ + void (*report_hook)(struct xlate_ctx *, const char *s); + + /* If nonnull, flow translation credits the specified statistics to each + * rule reached through a resubmit or OFPP_TABLE action. + * + * This is normally null so the client has to set it manually after + * calling xlate_in_init(). */ + const struct dpif_flow_stats *resubmit_stats; +}; + +/* Context used by xlate_actions() and its callees. */ +struct xlate_ctx { + struct xlate_in *xin; + struct xlate_out *xout; + + struct ofproto_dpif *ofproto; + + /* Flow at the last commit. */ + struct flow base_flow; + + /* Tunnel IP destination address as received. This is stored separately + * as the base_flow.tunnel is cleared on init to reflect the datapath + * behavior. Used to make sure not to send tunneled output to ourselves, + * which might lead to an infinite loop. This could happen easily + * if a tunnel is marked as 'ip_remote=flow', and the flow does not + * actually set the tun_dst field. */ + ovs_be32 orig_tunnel_ip_dst; + + /* Stack for the push and pop actions. Each stack element is of type + * "union mf_subvalue". */ + union mf_subvalue init_stack[1024 / sizeof(union mf_subvalue)]; + struct ofpbuf stack; + + /* The rule that we are currently translating, or NULL. */ + struct rule_dpif *rule; + + int recurse; /* Recursion level, via xlate_table_action. */ + bool max_resubmit_trigger; /* Recursed too deeply during translation. */ + uint32_t orig_skb_priority; /* Priority when packet arrived. */ + uint8_t table_id; /* OpenFlow table ID where flow was found. */ + uint32_t sflow_n_outputs; /* Number of output ports. */ + uint32_t sflow_odp_port; /* Output port for composing sFlow action. */ + uint16_t user_cookie_offset;/* Used for user_action_cookie fixup. */ + bool exit; /* No further actions should be processed. */ +}; + +void xlate_actions(struct xlate_in *, struct xlate_out *); +void xlate_in_init(struct xlate_in *, struct ofproto_dpif *, + const struct flow *, struct rule_dpif *, + uint8_t tcp_flags, const struct ofpbuf *packet); +void xlate_out_uninit(struct xlate_out *); +void xlate_actions_for_side_effects(struct xlate_in *); +void xlate_out_copy(struct xlate_out *dst, const struct xlate_out *src); + +#endif /* ofproto-dpif-xlate.h */ diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c index c262e7bab..3bc8dd795 100644 --- a/ofproto/ofproto-dpif.c +++ b/ofproto/ofproto-dpif.c @@ -16,6 +16,7 @@ #include +#include "ofproto/ofproto-dpif.h" #include "ofproto/ofproto-provider.h" #include @@ -50,6 +51,7 @@ #include "ofproto-dpif-governor.h" #include "ofproto-dpif-ipfix.h" #include "ofproto-dpif-sflow.h" +#include "ofproto-dpif-xlate.h" #include "poll-loop.h" #include "simap.h" #include "smap.h" @@ -63,298 +65,44 @@ VLOG_DEFINE_THIS_MODULE(ofproto_dpif); COVERAGE_DEFINE(ofproto_dpif_expired); -COVERAGE_DEFINE(ofproto_dpif_xlate); COVERAGE_DEFINE(facet_changed_rule); COVERAGE_DEFINE(facet_revalidate); COVERAGE_DEFINE(facet_unexpected); COVERAGE_DEFINE(facet_suppress); -/* Maximum depth of flow table recursion (due to resubmit actions) in a - * flow translation. */ -#define MAX_RESUBMIT_RECURSION 64 - -/* Number of implemented OpenFlow tables. */ -enum { N_TABLES = 255 }; -enum { TBL_INTERNAL = N_TABLES - 1 }; /* Used for internal hidden rules. */ -BUILD_ASSERT_DECL(N_TABLES >= 2 && N_TABLES <= 255); - -struct ofport_dpif; -struct ofproto_dpif; struct flow_miss; struct facet; -struct rule_dpif { - struct rule up; - - /* These statistics: - * - * - Do include packets and bytes from facets that have been deleted or - * whose own statistics have been folded into the rule. - * - * - Do include packets and bytes sent "by hand" that were accounted to - * the rule without any facet being involved (this is a rare corner - * case in rule_execute()). - * - * - Do not include packet or bytes that can be obtained from any facet's - * packet_count or byte_count member or that can be obtained from the - * datapath by, e.g., dpif_flow_get() for any subfacet. - */ - uint64_t packet_count; /* Number of packets received. */ - uint64_t byte_count; /* Number of bytes received. */ - - tag_type tag; /* Caches rule_calculate_tag() result. */ - - struct list facets; /* List of "struct facet"s. */ -}; - -static struct rule_dpif *rule_dpif_cast(const struct rule *rule) -{ - return rule ? CONTAINER_OF(rule, struct rule_dpif, up) : NULL; -} - static struct rule_dpif *rule_dpif_lookup(struct ofproto_dpif *, const struct flow *, struct flow_wildcards *wc); -static struct rule_dpif *rule_dpif_lookup__(struct ofproto_dpif *, - const struct flow *, - struct flow_wildcards *wc, - uint8_t table); -static struct rule_dpif *rule_dpif_miss_rule(struct ofproto_dpif *ofproto, - const struct flow *flow); static void rule_get_stats(struct rule *, uint64_t *packets, uint64_t *bytes); -static void rule_credit_stats(struct rule_dpif *, - const struct dpif_flow_stats *); -static tag_type rule_calculate_tag(const struct flow *, - const struct minimask *, uint32_t basis); static void rule_invalidate(const struct rule_dpif *); -#define MAX_MIRRORS 32 -typedef uint32_t mirror_mask_t; -#define MIRROR_MASK_C(X) UINT32_C(X) -BUILD_ASSERT_DECL(sizeof(mirror_mask_t) * CHAR_BIT >= MAX_MIRRORS); -struct ofmirror { - struct ofproto_dpif *ofproto; /* Owning ofproto. */ - size_t idx; /* In ofproto's "mirrors" array. */ - void *aux; /* Key supplied by ofproto's client. */ - char *name; /* Identifier for log messages. */ - - /* Selection criteria. */ - struct hmapx srcs; /* Contains "struct ofbundle *"s. */ - struct hmapx dsts; /* Contains "struct ofbundle *"s. */ - unsigned long *vlans; /* Bitmap of chosen VLANs, NULL selects all. */ - - /* Output (exactly one of out == NULL and out_vlan == -1 is true). */ - struct ofbundle *out; /* Output port or NULL. */ - int out_vlan; /* Output VLAN or -1. */ - mirror_mask_t dup_mirrors; /* Bitmap of mirrors with the same output. */ - - /* Counters. */ - int64_t packet_count; /* Number of packets sent. */ - int64_t byte_count; /* Number of bytes sent. */ -}; - static void mirror_destroy(struct ofmirror *); static void update_mirror_stats(struct ofproto_dpif *ofproto, mirror_mask_t mirrors, uint64_t packets, uint64_t bytes); -struct ofbundle { - struct hmap_node hmap_node; /* In struct ofproto's "bundles" hmap. */ - struct ofproto_dpif *ofproto; /* Owning ofproto. */ - void *aux; /* Key supplied by ofproto's client. */ - char *name; /* Identifier for log messages. */ - - /* Configuration. */ - struct list ports; /* Contains "struct ofport"s. */ - enum port_vlan_mode vlan_mode; /* VLAN mode */ - int vlan; /* -1=trunk port, else a 12-bit VLAN ID. */ - unsigned long *trunks; /* Bitmap of trunked VLANs, if 'vlan' == -1. - * NULL if all VLANs are trunked. */ - struct lacp *lacp; /* LACP if LACP is enabled, otherwise NULL. */ - struct bond *bond; /* Nonnull iff more than one port. */ - bool use_priority_tags; /* Use 802.1p tag for frames in VLAN 0? */ - - /* Status. */ - bool floodable; /* True if no port has OFPUTIL_PC_NO_FLOOD set. */ - - /* Port mirroring info. */ - mirror_mask_t src_mirrors; /* Mirrors triggered when packet received. */ - mirror_mask_t dst_mirrors; /* Mirrors triggered when packet sent. */ - mirror_mask_t mirror_out; /* Mirrors that output to this bundle. */ -}; - static void bundle_remove(struct ofport *); static void bundle_update(struct ofbundle *); static void bundle_destroy(struct ofbundle *); static void bundle_del_port(struct ofport_dpif *); static void bundle_run(struct ofbundle *); static void bundle_wait(struct ofbundle *); -static struct ofbundle *lookup_input_bundle(const struct ofproto_dpif *, - uint16_t in_port, bool warn, - struct ofport_dpif **in_ofportp); - -/* A controller may use OFPP_NONE as the ingress port to indicate that - * it did not arrive on a "real" port. 'ofpp_none_bundle' exists for - * when an input bundle is needed for validation (e.g., mirroring or - * OFPP_NORMAL processing). It is not connected to an 'ofproto' or have - * any 'port' structs, so care must be taken when dealing with it. */ -static struct ofbundle ofpp_none_bundle = { - .name = "OFPP_NONE", - .vlan_mode = PORT_VLAN_TRUNK -}; static void stp_run(struct ofproto_dpif *ofproto); static void stp_wait(struct ofproto_dpif *ofproto); static int set_stp_port(struct ofport *, const struct ofproto_port_stp_settings *); -static bool ofbundle_includes_vlan(const struct ofbundle *, uint16_t vlan); - -struct xlate_ctx; - -struct xlate_out { - /* Wildcards relevant in translation. Any fields that were used to - * calculate the action must be set for caching and kernel - * wildcarding to work. For example, if the flow lookup involved - * performing the "normal" action on IPv4 and ARP packets, 'wc' - * would have the 'in_port' (always set), 'dl_type' (flow match), - * 'vlan_tci' (normal action), and 'dl_dst' (normal action) fields - * set. */ - struct flow_wildcards wc; - - tag_type tags; /* Tags associated with actions. */ - enum slow_path_reason slow; /* 0 if fast path may be used. */ - bool has_learn; /* Actions include NXAST_LEARN? */ - bool has_normal; /* Actions output to OFPP_NORMAL? */ - bool has_fin_timeout; /* Actions include NXAST_FIN_TIMEOUT? */ - uint16_t nf_output_iface; /* Output interface index for NetFlow. */ - mirror_mask_t mirrors; /* Bitmap of associated mirrors. */ - - uint64_t odp_actions_stub[256 / 8]; - struct ofpbuf odp_actions; -}; - -struct xlate_in { - struct ofproto_dpif *ofproto; - - /* Flow to which the OpenFlow actions apply. xlate_actions() will modify - * this flow when actions change header fields. */ - struct flow flow; - - /* The packet corresponding to 'flow', or a null pointer if we are - * revalidating without a packet to refer to. */ - const struct ofpbuf *packet; - - /* Should OFPP_NORMAL update the MAC learning table? Should "learn" - * actions update the flow table? - * - * We want to update these tables if we are actually processing a packet, - * or if we are accounting for packets that the datapath has processed, but - * not if we are just revalidating. */ - bool may_learn; - - /* The rule initiating translation or NULL. */ - struct rule_dpif *rule; - - /* The actions to translate. If 'rule' is not NULL, these may be NULL. */ - const struct ofpact *ofpacts; - size_t ofpacts_len; - - /* Union of the set of TCP flags seen so far in this flow. (Used only by - * NXAST_FIN_TIMEOUT. Set to zero to avoid updating updating rules' - * timeouts.) */ - uint8_t tcp_flags; - - /* If nonnull, flow translation calls this function just before executing a - * resubmit or OFPP_TABLE action. In addition, disables logging of traces - * when the recursion depth is exceeded. - * - * 'rule' is the rule being submitted into. It will be null if the - * resubmit or OFPP_TABLE action didn't find a matching rule. - * - * This is normally null so the client has to set it manually after - * calling xlate_in_init(). */ - void (*resubmit_hook)(struct xlate_ctx *, struct rule_dpif *rule); - - /* If nonnull, flow translation calls this function to report some - * significant decision, e.g. to explain why OFPP_NORMAL translation - * dropped a packet. */ - void (*report_hook)(struct xlate_ctx *, const char *s); - - /* If nonnull, flow translation credits the specified statistics to each - * rule reached through a resubmit or OFPP_TABLE action. - * - * This is normally null so the client has to set it manually after - * calling xlate_in_init(). */ - const struct dpif_flow_stats *resubmit_stats; -}; - -/* Context used by xlate_actions() and its callees. */ -struct xlate_ctx { - struct xlate_in *xin; - struct xlate_out *xout; - - struct ofproto_dpif *ofproto; - - /* Flow at the last commit. */ - struct flow base_flow; - - /* Tunnel IP destination address as received. This is stored separately - * as the base_flow.tunnel is cleared on init to reflect the datapath - * behavior. Used to make sure not to send tunneled output to ourselves, - * which might lead to an infinite loop. This could happen easily - * if a tunnel is marked as 'ip_remote=flow', and the flow does not - * actually set the tun_dst field. */ - ovs_be32 orig_tunnel_ip_dst; - - /* Stack for the push and pop actions. Each stack element is of type - * "union mf_subvalue". */ - union mf_subvalue init_stack[1024 / sizeof(union mf_subvalue)]; - struct ofpbuf stack; - - /* The rule that we are currently translating, or NULL. */ - struct rule_dpif *rule; - - int recurse; /* Recursion level, via xlate_table_action. */ - bool max_resubmit_trigger; /* Recursed too deeply during translation. */ - uint32_t orig_skb_priority; /* Priority when packet arrived. */ - uint8_t table_id; /* OpenFlow table ID where flow was found. */ - uint32_t sflow_n_outputs; /* Number of output ports. */ - uint32_t sflow_odp_port; /* Output port for composing sFlow action. */ - uint16_t user_cookie_offset;/* Used for user_action_cookie fixup. */ - bool exit; /* No further actions should be processed. */ -}; - -static void xlate_in_init(struct xlate_in *, struct ofproto_dpif *, - const struct flow *, struct rule_dpif *, - uint8_t tcp_flags, const struct ofpbuf *); - -static void xlate_out_uninit(struct xlate_out *); - -static void xlate_actions(struct xlate_in *, struct xlate_out *); - -static void xlate_actions_for_side_effects(struct xlate_in *); - -static void xlate_table_action(struct xlate_ctx *, uint16_t in_port, - uint8_t table_id, bool may_packet_in); - -static size_t put_userspace_action(const struct ofproto_dpif *, - struct ofpbuf *odp_actions, - const struct flow *, - const union user_action_cookie *, - const size_t); - static void compose_slow_path(const struct ofproto_dpif *, const struct flow *, enum slow_path_reason, uint64_t *stub, size_t stub_size, const struct nlattr **actionsp, size_t *actions_lenp); -static void xlate_report(struct xlate_ctx *ctx, const char *s); - -static void xlate_out_copy(struct xlate_out *dst, const struct xlate_out *src); - /* A subfacet (see "struct subfacet" below) has three possible installation * states: * @@ -510,47 +258,6 @@ static void push_all_stats(void); static bool facet_is_controller_flow(struct facet *); -struct ofport_dpif { - struct hmap_node odp_port_node; /* In dpif_backer's "odp_to_ofport_map". */ - struct ofport up; - - uint32_t odp_port; - struct ofbundle *bundle; /* Bundle that contains this port, if any. */ - struct list bundle_node; /* In struct ofbundle's "ports" list. */ - struct cfm *cfm; /* Connectivity Fault Management, if any. */ - struct bfd *bfd; /* BFD, if any. */ - tag_type tag; /* Tag associated with this port. */ - bool may_enable; /* May be enabled in bonds. */ - long long int carrier_seq; /* Carrier status changes. */ - struct tnl_port *tnl_port; /* Tunnel handle, or null. */ - - /* Spanning tree. */ - struct stp_port *stp_port; /* Spanning Tree Protocol, if any. */ - enum stp_state stp_state; /* Always STP_DISABLED if STP not in use. */ - long long int stp_state_entered; - - struct hmap priorities; /* Map of attached 'priority_to_dscp's. */ - - /* Linux VLAN device support (e.g. "eth0.10" for VLAN 10.) - * - * This is deprecated. It is only for compatibility with broken device - * drivers in old versions of Linux that do not properly support VLANs when - * VLAN devices are not used. When broken device drivers are no longer in - * widespread use, we will delete these interfaces. */ - uint16_t realdev_ofp_port; - int vlandev_vid; -}; - -/* Node in 'ofport_dpif''s 'priorities' map. Used to maintain a map from - * 'priority' (the datapath's term for QoS queue) to the dscp bits which all - * traffic egressing the 'ofport' with that priority should be marked with. */ -struct priority_to_dscp { - struct hmap_node hmap_node; /* Node in 'ofport_dpif''s 'priorities' map. */ - uint32_t priority; /* Priority of this queue (see struct flow). */ - - uint8_t dscp; /* DSCP bits to mark outgoing traffic with. */ -}; - /* Linux VLAN device support (e.g. "eth0.10" for VLAN 10.) * * This is deprecated. It is only for compatibility with broken device drivers @@ -565,15 +272,10 @@ struct vlan_splinter { int vid; }; -static uint16_t vsp_realdev_to_vlandev(const struct ofproto_dpif *, - uint16_t realdev_ofp_port, - ovs_be16 vlan_tci); static bool vsp_adjust_flow(const struct ofproto_dpif *, struct flow *); static void vsp_remove(struct ofport_dpif *); static void vsp_add(struct ofport_dpif *, uint16_t realdev_ofp_port, int vid); -static uint32_t ofp_port_to_odp_port(const struct ofproto_dpif *, - uint16_t ofp_port); static uint16_t odp_port_to_ofp_port(const struct ofproto_dpif *, uint32_t odp_port); @@ -596,32 +298,6 @@ struct dpif_completion { struct ofoperation *op; }; -/* Extra information about a classifier table. - * Currently used just for optimized flow revalidation. */ -struct table_dpif { - /* If either of these is nonnull, then this table has a form that allows - * flows to be tagged to avoid revalidating most flows for the most common - * kinds of flow table changes. */ - struct cls_table *catchall_table; /* Table that wildcards all fields. */ - struct cls_table *other_table; /* Table with any other wildcard set. */ - uint32_t basis; /* Keeps each table's tags separate. */ -}; - -/* Reasons that we might need to revalidate every facet, and corresponding - * coverage counters. - * - * A value of 0 means that there is no need to revalidate. - * - * It would be nice to have some cleaner way to integrate with coverage - * counters, but with only a few reasons I guess this is good enough for - * now. */ -enum revalidate_reason { - REV_RECONFIGURE = 1, /* Switch configuration changed. */ - REV_STP, /* Spanning tree protocol port status change. */ - REV_PORT_TOGGLED, /* Port enabled or disabled by CFM, LACP, ...*/ - REV_FLOW_TABLE, /* Flow table changed. */ - REV_INCONSISTENCY /* Facet self-check failed. */ -}; COVERAGE_DEFINE(rev_reconfigure); COVERAGE_DEFINE(rev_stp); COVERAGE_DEFINE(rev_port_toggled); @@ -637,58 +313,6 @@ struct drop_key { size_t key_len; }; -struct avg_subfacet_rates { - double add_rate; /* Moving average of new flows created per minute. */ - double del_rate; /* Moving average of flows deleted per minute. */ -}; - -/* All datapaths of a given type share a single dpif backer instance. */ -struct dpif_backer { - char *type; - int refcount; - struct dpif *dpif; - struct timer next_expiration; - struct hmap odp_to_ofport_map; /* ODP port to ofport mapping. */ - - struct simap tnl_backers; /* Set of dpif ports backing tunnels. */ - - /* Facet revalidation flags applying to facets which use this backer. */ - enum revalidate_reason need_revalidate; /* Revalidate every facet. */ - struct tag_set revalidate_set; /* Revalidate only matching facets. */ - - struct hmap drop_keys; /* Set of dropped odp keys. */ - bool recv_set_enable; /* Enables or disables receiving packets. */ - - struct hmap subfacets; - struct governor *governor; - - /* Subfacet statistics. - * - * These keep track of the total number of subfacets added and deleted and - * flow life span. They are useful for computing the flow rates stats - * exposed via "ovs-appctl dpif/show". The goal is to learn about - * traffic patterns in ways that we can use later to improve Open vSwitch - * performance in new situations. */ - long long int created; /* Time when it is created. */ - unsigned max_n_subfacet; /* Maximum number of flows */ - unsigned avg_n_subfacet; /* Average number of flows. */ - long long int avg_subfacet_life; /* Average life span of subfacets. */ - - /* The average number of subfacets... */ - struct avg_subfacet_rates hourly; /* ...over the last hour. */ - struct avg_subfacet_rates daily; /* ...over the last day. */ - struct avg_subfacet_rates lifetime; /* ...over the switch lifetime. */ - long long int last_minute; /* Last time 'hourly' was updated. */ - - /* Number of subfacets added or deleted since 'last_minute'. */ - unsigned subfacet_add_count; - unsigned subfacet_del_count; - - /* Number of subfacets added or deleted from 'created' to 'last_minute.' */ - unsigned long long int total_subfacet_add_count; - unsigned long long int total_subfacet_del_count; -}; - /* All existing ofproto_backer instances, indexed by ofproto->up.type. */ static struct shash all_dpif_backers = SHASH_INITIALIZER(&all_dpif_backers); @@ -697,59 +321,6 @@ static struct ofport_dpif * odp_port_to_ofport(const struct dpif_backer *, uint32_t odp_port); static void update_moving_averages(struct dpif_backer *backer); -struct ofproto_dpif { - struct hmap_node all_ofproto_dpifs_node; /* In 'all_ofproto_dpifs'. */ - struct ofproto up; - struct dpif_backer *backer; - - /* Special OpenFlow rules. */ - struct rule_dpif *miss_rule; /* Sends flow table misses to controller. */ - struct rule_dpif *no_packet_in_rule; /* Drops flow table misses. */ - struct rule_dpif *drop_frags_rule; /* Used in OFPC_FRAG_DROP mode. */ - - /* Bridging. */ - struct netflow *netflow; - struct dpif_sflow *sflow; - struct dpif_ipfix *ipfix; - struct hmap bundles; /* Contains "struct ofbundle"s. */ - struct mac_learning *ml; - struct ofmirror *mirrors[MAX_MIRRORS]; - bool has_mirrors; - bool has_bonded_bundles; - - /* Facets. */ - struct classifier facets; /* Contains 'struct facet's. */ - long long int consistency_rl; - - /* Revalidation. */ - struct table_dpif tables[N_TABLES]; - - /* Support for debugging async flow mods. */ - struct list completions; - - bool has_bundle_action; /* True when the first bundle action appears. */ - struct netdev_stats stats; /* To account packets generated and consumed in - * userspace. */ - - /* Spanning tree. */ - struct stp *stp; - long long int stp_last_tick; - - /* VLAN splinters. */ - struct hmap realdev_vid_map; /* (realdev,vid) -> vlandev. */ - struct hmap vlandev_map; /* vlandev -> (realdev,vid). */ - - /* Ports. */ - struct sset ports; /* Set of standard port names. */ - struct sset ghost_ports; /* Ports with no datapath port. */ - struct sset port_poll_set; /* Queued names for port_poll() reply. */ - int port_poll_errno; /* Last errno for port_poll() reply. */ - - /* Per ofproto's dpif stats. */ - uint64_t n_hit; - uint64_t n_missed; -}; - /* Defer flow mod completion until "ovs-appctl ofproto/unclog"? (Useful only * for debugging the asynchronous flow_mod implementation.) */ static bool clogged; @@ -759,24 +330,6 @@ static struct hmap all_ofproto_dpifs = HMAP_INITIALIZER(&all_ofproto_dpifs); static void ofproto_dpif_unixctl_init(void); -static struct ofproto_dpif * -ofproto_dpif_cast(const struct ofproto *ofproto) -{ - ovs_assert(ofproto->ofproto_class == &ofproto_dpif_class); - return CONTAINER_OF(ofproto, struct ofproto_dpif, up); -} - -static struct ofport_dpif *get_ofp_port(const struct ofproto_dpif *, - uint16_t ofp_port); -static struct ofport_dpif *get_odp_port(const struct ofproto_dpif *, - uint32_t odp_port); -static void ofproto_trace(struct ofproto_dpif *, const struct flow *, - const struct ofpbuf *, struct ds *); - -/* Packet processing. */ -static void update_learning_table(struct ofproto_dpif *, const struct flow *, - struct flow_wildcards *, int vlan, - struct ofbundle *); /* Upcalls. */ #define FLOW_MISS_MAX_BATCH 50 static int handle_upcalls(struct dpif_backer *, unsigned int max_batch); @@ -789,14 +342,7 @@ static void send_netflow_active_timeouts(struct ofproto_dpif *); /* Utilities. */ static int send_packet(const struct ofport_dpif *, struct ofpbuf *packet); -static size_t compose_sflow_action(const struct ofproto_dpif *, - struct ofpbuf *odp_actions, - const struct flow *, uint32_t odp_port); -static void compose_ipfix_action(const struct ofproto_dpif *, - struct ofpbuf *odp_actions, - const struct flow *); -static void add_mirror_actions(struct xlate_ctx *ctx, - const struct flow *flow); + /* Global variables. */ static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); @@ -1488,7 +1034,8 @@ add_internal_flow(struct ofproto_dpif *ofproto, int id, return error; } - *rulep = rule_dpif_lookup__(ofproto, &fm.match.flow, NULL, TBL_INTERNAL); + *rulep = rule_dpif_lookup_in_table(ofproto, &fm.match.flow, NULL, + TBL_INTERNAL); ovs_assert(*rulep != NULL); return 0; @@ -2334,7 +1881,7 @@ stp_process_packet(const struct ofport_dpif *ofport, } } -static struct priority_to_dscp * +struct priority_to_dscp * get_priority(const struct ofport_dpif *ofport, uint32_t priority) { struct priority_to_dscp *pdscp; @@ -3162,14 +2709,14 @@ set_mac_table_config(struct ofproto *ofproto_, unsigned int idle_time, /* Ports. */ -static struct ofport_dpif * +struct ofport_dpif * get_ofp_port(const struct ofproto_dpif *ofproto, uint16_t ofp_port) { struct ofport *ofport = ofproto_get_port(&ofproto->up, ofp_port); return ofport ? ofport_dpif_cast(ofport) : NULL; } -static struct ofport_dpif * +struct ofport_dpif * get_odp_port(const struct ofproto_dpif *ofproto, uint32_t odp_port) { struct ofport_dpif *port = odp_port_to_ofport(ofproto->backer, odp_port); @@ -3186,7 +2733,7 @@ ofproto_port_from_dpif_port(struct ofproto_dpif *ofproto, ofproto_port->ofp_port = odp_port_to_ofp_port(ofproto, dpif_port->port_no); } -static struct ofport_dpif * +struct ofport_dpif * ofport_get_peer(const struct ofport_dpif *ofport_dpif) { const struct ofproto_dpif *ofproto; @@ -3588,7 +3135,7 @@ send_packet_in_miss(struct ofproto_dpif *ofproto, const struct ofpbuf *packet, connmgr_send_packet_in(ofproto->up.connmgr, &pin); } -static enum slow_path_reason +enum slow_path_reason process_special(struct ofproto_dpif *ofproto, const struct flow *flow, const struct ofport_dpif *ofport, const struct ofpbuf *packet) { @@ -5204,7 +4751,7 @@ push_all_stats(void) push_all_stats__(true); } -static void +void rule_credit_stats(struct rule_dpif *rule, const struct dpif_flow_stats *stats) { rule->packet_count += stats->n_packets; @@ -5461,7 +5008,7 @@ rule_dpif_lookup(struct ofproto_dpif *ofproto, const struct flow *flow, { struct rule_dpif *rule; - rule = rule_dpif_lookup__(ofproto, flow, wc, 0); + rule = rule_dpif_lookup_in_table(ofproto, flow, wc, 0); if (rule) { return rule; } @@ -5469,9 +5016,10 @@ rule_dpif_lookup(struct ofproto_dpif *ofproto, const struct flow *flow, return rule_dpif_miss_rule(ofproto, flow); } -static struct rule_dpif * -rule_dpif_lookup__(struct ofproto_dpif *ofproto, const struct flow *flow, - struct flow_wildcards *wc, uint8_t table_id) +struct rule_dpif * +rule_dpif_lookup_in_table(struct ofproto_dpif *ofproto, + const struct flow *flow, struct flow_wildcards *wc, + uint8_t table_id) { struct cls_rule *cls_rule; struct classifier *cls; @@ -5500,7 +5048,7 @@ rule_dpif_lookup__(struct ofproto_dpif *ofproto, const struct flow *flow, return rule_dpif_cast(rule_from_cls_rule(cls_rule)); } -static struct rule_dpif * +struct rule_dpif * rule_dpif_miss_rule(struct ofproto_dpif *ofproto, const struct flow *flow) { struct ofport_dpif *port; @@ -5716,13 +5264,6 @@ send_packet(const struct ofport_dpif *ofport, struct ofpbuf *packet) ofproto->stats.tx_bytes += packet->size; return error; } - -/* OpenFlow to datapath action translation. */ - -static bool may_receive(const struct ofport_dpif *, struct xlate_ctx *); -static void do_xlate_actions(const struct ofpact *, size_t ofpacts_len, - struct xlate_ctx *); -static void xlate_normal(struct xlate_ctx *); /* Composes an ODP action for a "slow path" action for 'flow' within 'ofproto'. * The action will state 'slow' as the reason that the action is in the slow @@ -5759,7 +5300,7 @@ compose_slow_path(const struct ofproto_dpif *ofproto, const struct flow *flow, *actions_lenp = buf.size; } -static size_t +size_t put_userspace_action(const struct ofproto_dpif *ofproto, struct ofpbuf *odp_actions, const struct flow *flow, @@ -5774,2095 +5315,152 @@ put_userspace_action(const struct ofproto_dpif *ofproto, return odp_put_userspace_action(pid, cookie, cookie_size, odp_actions); } -/* Compose SAMPLE action for sFlow or IPFIX. The given probability is - * the number of packets out of UINT32_MAX to sample. The given - * cookie is passed back in the callback for each sampled packet. - */ -static size_t -compose_sample_action(const struct ofproto_dpif *ofproto, - struct ofpbuf *odp_actions, - const struct flow *flow, - const uint32_t probability, - const union user_action_cookie *cookie, - const size_t cookie_size) + +static void +update_mirror_stats(struct ofproto_dpif *ofproto, mirror_mask_t mirrors, + uint64_t packets, uint64_t bytes) { - size_t sample_offset, actions_offset; - int cookie_offset; + if (!mirrors) { + return; + } - sample_offset = nl_msg_start_nested(odp_actions, OVS_ACTION_ATTR_SAMPLE); + for (; mirrors; mirrors = zero_rightmost_1bit(mirrors)) { + struct ofmirror *m; + + m = ofproto->mirrors[mirror_mask_ffs(mirrors) - 1]; + + if (!m) { + /* In normal circumstances 'm' will not be NULL. However, + * if mirrors are reconfigured, we can temporarily get out + * of sync in facet_revalidate(). We could "correct" the + * mirror list before reaching here, but doing that would + * not properly account the traffic stats we've currently + * accumulated for previous mirror configuration. */ + continue; + } - nl_msg_put_u32(odp_actions, OVS_SAMPLE_ATTR_PROBABILITY, probability); + m->packet_count += packets; + m->byte_count += bytes; + } +} - actions_offset = nl_msg_start_nested(odp_actions, OVS_SAMPLE_ATTR_ACTIONS); - cookie_offset = put_userspace_action(ofproto, odp_actions, flow, cookie, - cookie_size); + +/* Optimized flow revalidation. + * + * It's a difficult problem, in general, to tell which facets need to have + * their actions recalculated whenever the OpenFlow flow table changes. We + * don't try to solve that general problem: for most kinds of OpenFlow flow + * table changes, we recalculate the actions for every facet. This is + * relatively expensive, but it's good enough if the OpenFlow flow table + * doesn't change very often. + * + * However, we can expect one particular kind of OpenFlow flow table change to + * happen frequently: changes caused by MAC learning. To avoid wasting a lot + * of CPU on revalidating every facet whenever MAC learning modifies the flow + * table, we add a special case that applies to flow tables in which every rule + * has the same form (that is, the same wildcards), except that the table is + * also allowed to have a single "catch-all" flow that matches all packets. We + * optimize this case by tagging all of the facets that resubmit into the table + * and invalidating the same tag whenever a flow changes in that table. The + * end result is that we revalidate just the facets that need it (and sometimes + * a few more, but not all of the facets or even all of the facets that + * resubmit to the table modified by MAC learning). */ - nl_msg_end_nested(odp_actions, actions_offset); - nl_msg_end_nested(odp_actions, sample_offset); - return cookie_offset; +/* Calculates the tag to use for 'flow' and mask 'mask' when it is inserted + * into an OpenFlow table with the given 'basis'. */ +tag_type +rule_calculate_tag(const struct flow *flow, const struct minimask *mask, + uint32_t secret) +{ + if (minimask_is_catchall(mask)) { + return 0; + } else { + uint32_t hash = flow_hash_in_minimask(flow, mask, secret); + return tag_create_deterministic(hash); + } } +/* Following a change to OpenFlow table 'table_id' in 'ofproto', update the + * taggability of that table. + * + * This function must be called after *each* change to a flow table. If you + * skip calling it on some changes then the pointer comparisons at the end can + * be invalid if you get unlucky. For example, if a flow removal causes a + * cls_table to be destroyed and then a flow insertion causes a cls_table with + * different wildcards to be created with the same address, then this function + * will incorrectly skip revalidation. */ static void -compose_sflow_cookie(const struct ofproto_dpif *ofproto, - ovs_be16 vlan_tci, uint32_t odp_port, - unsigned int n_outputs, union user_action_cookie *cookie) +table_update_taggable(struct ofproto_dpif *ofproto, uint8_t table_id) { - int ifindex; + struct table_dpif *table = &ofproto->tables[table_id]; + const struct oftable *oftable = &ofproto->up.tables[table_id]; + struct cls_table *catchall, *other; + struct cls_table *t; - cookie->type = USER_ACTION_COOKIE_SFLOW; - cookie->sflow.vlan_tci = vlan_tci; + catchall = other = NULL; - /* See http://www.sflow.org/sflow_version_5.txt (search for "Input/output - * port information") for the interpretation of cookie->output. */ - switch (n_outputs) { + switch (hmap_count(&oftable->cls.tables)) { case 0: - /* 0x40000000 | 256 means "packet dropped for unknown reason". */ - cookie->sflow.output = 0x40000000 | 256; + /* We could tag this OpenFlow table but it would make the logic a + * little harder and it's a corner case that doesn't seem worth it + * yet. */ break; case 1: - ifindex = dpif_sflow_odp_port_to_ifindex(ofproto->sflow, odp_port); - if (ifindex) { - cookie->sflow.output = ifindex; - break; + case 2: + HMAP_FOR_EACH (t, hmap_node, &oftable->cls.tables) { + if (cls_table_is_catchall(t)) { + catchall = t; + } else if (!other) { + other = t; + } else { + /* Indicate that we can't tag this by setting both tables to + * NULL. (We know that 'catchall' is already NULL.) */ + other = NULL; + } } - /* Fall through. */ + break; + default: - /* 0x80000000 means "multiple output ports. */ - cookie->sflow.output = 0x80000000 | n_outputs; + /* Can't tag this table. */ break; } -} - -/* Compose SAMPLE action for sFlow bridge sampling. */ -static size_t -compose_sflow_action(const struct ofproto_dpif *ofproto, - struct ofpbuf *odp_actions, - const struct flow *flow, - uint32_t odp_port) -{ - uint32_t probability; - union user_action_cookie cookie; - if (!ofproto->sflow || flow->in_port == OFPP_NONE) { - return 0; + if (table->catchall_table != catchall || table->other_table != other) { + table->catchall_table = catchall; + table->other_table = other; + ofproto->backer->need_revalidate = REV_FLOW_TABLE; } - - probability = dpif_sflow_get_probability(ofproto->sflow); - compose_sflow_cookie(ofproto, htons(0), odp_port, - odp_port == OVSP_NONE ? 0 : 1, &cookie); - - return compose_sample_action(ofproto, odp_actions, flow, probability, - &cookie, sizeof cookie.sflow); } +/* Given 'rule' that has changed in some way (either it is a rule being + * inserted, a rule being deleted, or a rule whose actions are being + * modified), marks facets for revalidation to ensure that packets will be + * forwarded correctly according to the new state of the flow table. + * + * This function must be called after *each* change to a flow table. See + * the comment on table_update_taggable() for more information. */ static void -compose_flow_sample_cookie(uint16_t probability, uint32_t collector_set_id, - uint32_t obs_domain_id, uint32_t obs_point_id, - union user_action_cookie *cookie) +rule_invalidate(const struct rule_dpif *rule) { - cookie->type = USER_ACTION_COOKIE_FLOW_SAMPLE; - cookie->flow_sample.probability = probability; - cookie->flow_sample.collector_set_id = collector_set_id; - cookie->flow_sample.obs_domain_id = obs_domain_id; - cookie->flow_sample.obs_point_id = obs_point_id; -} + struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); -static void -compose_ipfix_cookie(union user_action_cookie *cookie) -{ - cookie->type = USER_ACTION_COOKIE_IPFIX; -} + table_update_taggable(ofproto, rule->up.table_id); -/* Compose SAMPLE action for IPFIX bridge sampling. */ -static void -compose_ipfix_action(const struct ofproto_dpif *ofproto, - struct ofpbuf *odp_actions, - const struct flow *flow) -{ - uint32_t probability; - union user_action_cookie cookie; + if (!ofproto->backer->need_revalidate) { + struct table_dpif *table = &ofproto->tables[rule->up.table_id]; - if (!ofproto->ipfix || flow->in_port == OFPP_NONE) { - return; + if (table->other_table && rule->tag) { + tag_set_add(&ofproto->backer->revalidate_set, rule->tag); + } else { + ofproto->backer->need_revalidate = REV_FLOW_TABLE; + } } - - probability = dpif_ipfix_get_bridge_exporter_probability(ofproto->ipfix); - compose_ipfix_cookie(&cookie); - - compose_sample_action(ofproto, odp_actions, flow, probability, - &cookie, sizeof cookie.ipfix); -} - -/* SAMPLE action for sFlow must be first action in any given list of - * actions. At this point we do not have all information required to - * build it. So try to build sample action as complete as possible. */ -static void -add_sflow_action(struct xlate_ctx *ctx) -{ - ctx->user_cookie_offset = compose_sflow_action(ctx->ofproto, - &ctx->xout->odp_actions, - &ctx->xin->flow, OVSP_NONE); - ctx->sflow_odp_port = 0; - ctx->sflow_n_outputs = 0; } - -/* SAMPLE action for IPFIX must be 1st or 2nd action in any given list - * of actions, eventually after the SAMPLE action for sFlow. */ -static void -add_ipfix_action(struct xlate_ctx *ctx) -{ - compose_ipfix_action(ctx->ofproto, &ctx->xout->odp_actions, - &ctx->xin->flow); -} - -/* Fix SAMPLE action according to data collected while composing ODP actions. - * We need to fix SAMPLE actions OVS_SAMPLE_ATTR_ACTIONS attribute, i.e. nested - * USERSPACE action's user-cookie which is required for sflow. */ -static void -fix_sflow_action(struct xlate_ctx *ctx) -{ - const struct flow *base = &ctx->base_flow; - union user_action_cookie *cookie; - - if (!ctx->user_cookie_offset) { - return; - } - - cookie = ofpbuf_at(&ctx->xout->odp_actions, ctx->user_cookie_offset, - sizeof cookie->sflow); - ovs_assert(cookie->type == USER_ACTION_COOKIE_SFLOW); - - compose_sflow_cookie(ctx->ofproto, base->vlan_tci, - ctx->sflow_odp_port, ctx->sflow_n_outputs, cookie); -} - -static void -compose_output_action__(struct xlate_ctx *ctx, uint16_t ofp_port, - bool check_stp) -{ - const struct ofport_dpif *ofport = get_ofp_port(ctx->ofproto, ofp_port); - ovs_be16 flow_vlan_tci; - uint32_t flow_skb_mark; - uint8_t flow_nw_tos; - struct priority_to_dscp *pdscp; - uint32_t out_port, odp_port; - - /* If 'struct flow' gets additional metadata, we'll need to zero it out - * before traversing a patch port. */ - BUILD_ASSERT_DECL(FLOW_WC_SEQ == 20); - - if (!ofport) { - xlate_report(ctx, "Nonexistent output port"); - return; - } else if (ofport->up.pp.config & OFPUTIL_PC_NO_FWD) { - xlate_report(ctx, "OFPPC_NO_FWD set, skipping output"); - return; - } else if (check_stp && !stp_forward_in_state(ofport->stp_state)) { - xlate_report(ctx, "STP not in forwarding state, skipping output"); - return; - } - - if (netdev_vport_is_patch(ofport->up.netdev)) { - struct ofport_dpif *peer = ofport_get_peer(ofport); - struct flow old_flow = ctx->xin->flow; - const struct ofproto_dpif *peer_ofproto; - enum slow_path_reason special; - struct ofport_dpif *in_port; - - if (!peer) { - xlate_report(ctx, "Nonexistent patch port peer"); - return; - } - - peer_ofproto = ofproto_dpif_cast(peer->up.ofproto); - if (peer_ofproto->backer != ctx->ofproto->backer) { - xlate_report(ctx, "Patch port peer on a different datapath"); - return; - } - - ctx->ofproto = ofproto_dpif_cast(peer->up.ofproto); - ctx->xin->flow.in_port = peer->up.ofp_port; - ctx->xin->flow.metadata = htonll(0); - memset(&ctx->xin->flow.tunnel, 0, sizeof ctx->xin->flow.tunnel); - memset(ctx->xin->flow.regs, 0, sizeof ctx->xin->flow.regs); - - in_port = get_ofp_port(ctx->ofproto, ctx->xin->flow.in_port); - special = process_special(ctx->ofproto, &ctx->xin->flow, in_port, - ctx->xin->packet); - if (special) { - ctx->xout->slow = special; - } else if (!in_port || may_receive(in_port, ctx)) { - if (!in_port || stp_forward_in_state(in_port->stp_state)) { - xlate_table_action(ctx, ctx->xin->flow.in_port, 0, true); - } else { - /* Forwarding is disabled by STP. Let OFPP_NORMAL and the - * learning action look at the packet, then drop it. */ - struct flow old_base_flow = ctx->base_flow; - size_t old_size = ctx->xout->odp_actions.size; - xlate_table_action(ctx, ctx->xin->flow.in_port, 0, true); - ctx->base_flow = old_base_flow; - ctx->xout->odp_actions.size = old_size; - } - } - - ctx->xin->flow = old_flow; - ctx->ofproto = ofproto_dpif_cast(ofport->up.ofproto); - - if (ctx->xin->resubmit_stats) { - netdev_vport_inc_tx(ofport->up.netdev, ctx->xin->resubmit_stats); - netdev_vport_inc_rx(peer->up.netdev, ctx->xin->resubmit_stats); - } - - return; - } - - flow_vlan_tci = ctx->xin->flow.vlan_tci; - flow_skb_mark = ctx->xin->flow.skb_mark; - flow_nw_tos = ctx->xin->flow.nw_tos; - - pdscp = get_priority(ofport, ctx->xin->flow.skb_priority); - if (pdscp) { - ctx->xin->flow.nw_tos &= ~IP_DSCP_MASK; - ctx->xin->flow.nw_tos |= pdscp->dscp; - } - - if (ofport->tnl_port) { - /* Save tunnel metadata so that changes made due to - * the Logical (tunnel) Port are not visible for any further - * matches, while explicit set actions on tunnel metadata are. - */ - struct flow_tnl flow_tnl = ctx->xin->flow.tunnel; - odp_port = tnl_port_send(ofport->tnl_port, &ctx->xin->flow); - if (odp_port == OVSP_NONE) { - xlate_report(ctx, "Tunneling decided against output"); - goto out; /* restore flow_nw_tos */ - } - if (ctx->xin->flow.tunnel.ip_dst == ctx->orig_tunnel_ip_dst) { - xlate_report(ctx, "Not tunneling to our own address"); - goto out; /* restore flow_nw_tos */ - } - if (ctx->xin->resubmit_stats) { - netdev_vport_inc_tx(ofport->up.netdev, ctx->xin->resubmit_stats); - } - out_port = odp_port; - commit_odp_tunnel_action(&ctx->xin->flow, &ctx->base_flow, - &ctx->xout->odp_actions); - ctx->xin->flow.tunnel = flow_tnl; /* Restore tunnel metadata */ - } else { - uint16_t vlandev_port; - odp_port = ofport->odp_port; - vlandev_port = vsp_realdev_to_vlandev(ctx->ofproto, ofp_port, - ctx->xin->flow.vlan_tci); - if (vlandev_port == ofp_port) { - out_port = odp_port; - } else { - out_port = ofp_port_to_odp_port(ctx->ofproto, vlandev_port); - ctx->xin->flow.vlan_tci = htons(0); - } - ctx->xin->flow.skb_mark &= ~IPSEC_MARK; - } - commit_odp_actions(&ctx->xin->flow, &ctx->base_flow, - &ctx->xout->odp_actions); - nl_msg_put_u32(&ctx->xout->odp_actions, OVS_ACTION_ATTR_OUTPUT, out_port); - - ctx->sflow_odp_port = odp_port; - ctx->sflow_n_outputs++; - ctx->xout->nf_output_iface = ofp_port; - - /* Restore flow */ - ctx->xin->flow.vlan_tci = flow_vlan_tci; - ctx->xin->flow.skb_mark = flow_skb_mark; - out: - ctx->xin->flow.nw_tos = flow_nw_tos; -} - -static void -compose_output_action(struct xlate_ctx *ctx, uint16_t ofp_port) -{ - compose_output_action__(ctx, ofp_port, true); -} - -static void -tag_the_flow(struct xlate_ctx *ctx, struct rule_dpif *rule) -{ - struct ofproto_dpif *ofproto = ctx->ofproto; - uint8_t table_id = ctx->table_id; - - if (table_id > 0 && table_id < N_TABLES) { - struct table_dpif *table = &ofproto->tables[table_id]; - if (table->other_table) { - ctx->xout->tags |= (rule && rule->tag - ? rule->tag - : rule_calculate_tag(&ctx->xin->flow, - &table->other_table->mask, - table->basis)); - } - } -} - -/* Common rule processing in one place to avoid duplicating code. */ -static struct rule_dpif * -ctx_rule_hooks(struct xlate_ctx *ctx, struct rule_dpif *rule, - bool may_packet_in) -{ - if (ctx->xin->resubmit_hook) { - ctx->xin->resubmit_hook(ctx, rule); - } - if (rule == NULL && may_packet_in) { - /* XXX - * check if table configuration flags - * OFPTC_TABLE_MISS_CONTROLLER, default. - * OFPTC_TABLE_MISS_CONTINUE, - * OFPTC_TABLE_MISS_DROP - * When OF1.0, OFPTC_TABLE_MISS_CONTINUE is used. What to do? - */ - rule = rule_dpif_miss_rule(ctx->ofproto, &ctx->xin->flow); - } - if (rule && ctx->xin->resubmit_stats) { - rule_credit_stats(rule, ctx->xin->resubmit_stats); - } - return rule; -} - -static void -xlate_table_action(struct xlate_ctx *ctx, - uint16_t in_port, uint8_t table_id, bool may_packet_in) -{ - if (ctx->recurse < MAX_RESUBMIT_RECURSION) { - struct rule_dpif *rule; - uint16_t old_in_port = ctx->xin->flow.in_port; - uint8_t old_table_id = ctx->table_id; - - ctx->table_id = table_id; - - /* Look up a flow with 'in_port' as the input port. */ - ctx->xin->flow.in_port = in_port; - rule = rule_dpif_lookup__(ctx->ofproto, &ctx->xin->flow, - &ctx->xout->wc, table_id); - - tag_the_flow(ctx, rule); - - /* Restore the original input port. Otherwise OFPP_NORMAL and - * OFPP_IN_PORT will have surprising behavior. */ - ctx->xin->flow.in_port = old_in_port; - - rule = ctx_rule_hooks(ctx, rule, may_packet_in); - - if (rule) { - struct rule_dpif *old_rule = ctx->rule; - - ctx->recurse++; - ctx->rule = rule; - do_xlate_actions(rule->up.ofpacts, rule->up.ofpacts_len, ctx); - ctx->rule = old_rule; - ctx->recurse--; - } - - ctx->table_id = old_table_id; - } else { - static struct vlog_rate_limit recurse_rl = VLOG_RATE_LIMIT_INIT(1, 1); - - VLOG_ERR_RL(&recurse_rl, "resubmit actions recursed over %d times", - MAX_RESUBMIT_RECURSION); - ctx->max_resubmit_trigger = true; - } -} - -static void -xlate_ofpact_resubmit(struct xlate_ctx *ctx, - const struct ofpact_resubmit *resubmit) -{ - uint16_t in_port; - uint8_t table_id; - - in_port = resubmit->in_port; - if (in_port == OFPP_IN_PORT) { - in_port = ctx->xin->flow.in_port; - } - - table_id = resubmit->table_id; - if (table_id == 255) { - table_id = ctx->table_id; - } - - xlate_table_action(ctx, in_port, table_id, false); -} - -static void -flood_packets(struct xlate_ctx *ctx, bool all) -{ - struct ofport_dpif *ofport; - - HMAP_FOR_EACH (ofport, up.hmap_node, &ctx->ofproto->up.ports) { - uint16_t ofp_port = ofport->up.ofp_port; - - if (ofp_port == ctx->xin->flow.in_port) { - continue; - } - - if (all) { - compose_output_action__(ctx, ofp_port, false); - } else if (!(ofport->up.pp.config & OFPUTIL_PC_NO_FLOOD)) { - compose_output_action(ctx, ofp_port); - } - } - - ctx->xout->nf_output_iface = NF_OUT_FLOOD; -} - -static void -execute_controller_action(struct xlate_ctx *ctx, int len, - enum ofp_packet_in_reason reason, - uint16_t controller_id) -{ - struct ofputil_packet_in pin; - struct ofpbuf *packet; - struct flow key; - - ovs_assert(!ctx->xout->slow || ctx->xout->slow == SLOW_CONTROLLER); - ctx->xout->slow = SLOW_CONTROLLER; - if (!ctx->xin->packet) { - return; - } - - packet = ofpbuf_clone(ctx->xin->packet); - - key.skb_priority = 0; - key.skb_mark = 0; - memset(&key.tunnel, 0, sizeof key.tunnel); - - commit_odp_actions(&ctx->xin->flow, &ctx->base_flow, - &ctx->xout->odp_actions); - - odp_execute_actions(NULL, packet, &key, ctx->xout->odp_actions.data, - ctx->xout->odp_actions.size, NULL, NULL); - - pin.packet = packet->data; - pin.packet_len = packet->size; - pin.reason = reason; - pin.controller_id = controller_id; - pin.table_id = ctx->table_id; - pin.cookie = ctx->rule ? ctx->rule->up.flow_cookie : 0; - - pin.send_len = len; - flow_get_metadata(&ctx->xin->flow, &pin.fmd); - - connmgr_send_packet_in(ctx->ofproto->up.connmgr, &pin); - ofpbuf_delete(packet); -} - -static void -execute_mpls_push_action(struct xlate_ctx *ctx, ovs_be16 eth_type) -{ - ovs_assert(eth_type_mpls(eth_type)); - - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - memset(&ctx->xout->wc.masks.mpls_lse, 0xff, - sizeof ctx->xout->wc.masks.mpls_lse); - memset(&ctx->xout->wc.masks.mpls_depth, 0xff, - sizeof ctx->xout->wc.masks.mpls_depth); - - if (ctx->base_flow.mpls_depth) { - ctx->xin->flow.mpls_lse &= ~htonl(MPLS_BOS_MASK); - ctx->xin->flow.mpls_depth++; - } else { - ovs_be32 label; - uint8_t tc, ttl; - - if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IPV6)) { - label = htonl(0x2); /* IPV6 Explicit Null. */ - } else { - label = htonl(0x0); /* IPV4 Explicit Null. */ - } - tc = (ctx->xin->flow.nw_tos & IP_DSCP_MASK) >> 2; - ttl = ctx->xin->flow.nw_ttl ? ctx->xin->flow.nw_ttl : 0x40; - ctx->xin->flow.mpls_lse = set_mpls_lse_values(ttl, tc, 1, label); - ctx->xin->flow.mpls_depth = 1; - } - ctx->xin->flow.dl_type = eth_type; -} - -static void -execute_mpls_pop_action(struct xlate_ctx *ctx, ovs_be16 eth_type) -{ - ovs_assert(eth_type_mpls(ctx->xin->flow.dl_type)); - ovs_assert(!eth_type_mpls(eth_type)); - - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - memset(&ctx->xout->wc.masks.mpls_lse, 0xff, - sizeof ctx->xout->wc.masks.mpls_lse); - memset(&ctx->xout->wc.masks.mpls_depth, 0xff, - sizeof ctx->xout->wc.masks.mpls_depth); - - if (ctx->xin->flow.mpls_depth) { - ctx->xin->flow.mpls_depth--; - ctx->xin->flow.mpls_lse = htonl(0); - if (!ctx->xin->flow.mpls_depth) { - ctx->xin->flow.dl_type = eth_type; - } - } -} - -static bool -compose_dec_ttl(struct xlate_ctx *ctx, struct ofpact_cnt_ids *ids) -{ - if (ctx->xin->flow.dl_type != htons(ETH_TYPE_IP) && - ctx->xin->flow.dl_type != htons(ETH_TYPE_IPV6)) { - return false; - } - - if (ctx->xin->flow.nw_ttl > 1) { - ctx->xin->flow.nw_ttl--; - return false; - } else { - size_t i; - - for (i = 0; i < ids->n_controllers; i++) { - execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL, - ids->cnt_ids[i]); - } - - /* Stop processing for current table. */ - return true; - } -} - -static bool -execute_set_mpls_ttl_action(struct xlate_ctx *ctx, uint8_t ttl) -{ - if (!eth_type_mpls(ctx->xin->flow.dl_type)) { - return true; - } - - set_mpls_lse_ttl(&ctx->xin->flow.mpls_lse, ttl); - return false; -} - -static bool -execute_dec_mpls_ttl_action(struct xlate_ctx *ctx) -{ - uint8_t ttl = mpls_lse_to_ttl(ctx->xin->flow.mpls_lse); - - if (!eth_type_mpls(ctx->xin->flow.dl_type)) { - return false; - } - - if (ttl > 1) { - ttl--; - set_mpls_lse_ttl(&ctx->xin->flow.mpls_lse, ttl); - return false; - } else { - execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL, 0); - - /* Stop processing for current table. */ - return true; - } -} - -static void -xlate_output_action(struct xlate_ctx *ctx, - uint16_t port, uint16_t max_len, bool may_packet_in) -{ - uint16_t prev_nf_output_iface = ctx->xout->nf_output_iface; - - ctx->xout->nf_output_iface = NF_OUT_DROP; - - switch (port) { - case OFPP_IN_PORT: - compose_output_action(ctx, ctx->xin->flow.in_port); - break; - case OFPP_TABLE: - xlate_table_action(ctx, ctx->xin->flow.in_port, 0, may_packet_in); - break; - case OFPP_NORMAL: - xlate_normal(ctx); - break; - case OFPP_FLOOD: - flood_packets(ctx, false); - break; - case OFPP_ALL: - flood_packets(ctx, true); - break; - case OFPP_CONTROLLER: - execute_controller_action(ctx, max_len, OFPR_ACTION, 0); - break; - case OFPP_NONE: - break; - case OFPP_LOCAL: - default: - if (port != ctx->xin->flow.in_port) { - compose_output_action(ctx, port); - } else { - xlate_report(ctx, "skipping output to input port"); - } - break; - } - - if (prev_nf_output_iface == NF_OUT_FLOOD) { - ctx->xout->nf_output_iface = NF_OUT_FLOOD; - } else if (ctx->xout->nf_output_iface == NF_OUT_DROP) { - ctx->xout->nf_output_iface = prev_nf_output_iface; - } else if (prev_nf_output_iface != NF_OUT_DROP && - ctx->xout->nf_output_iface != NF_OUT_FLOOD) { - ctx->xout->nf_output_iface = NF_OUT_MULTI; - } -} - -static void -xlate_output_reg_action(struct xlate_ctx *ctx, - const struct ofpact_output_reg *or) -{ - uint64_t port = mf_get_subfield(&or->src, &ctx->xin->flow); - if (port <= UINT16_MAX) { - union mf_subvalue value; - - memset(&value, 0xff, sizeof value); - mf_write_subfield_flow(&or->src, &value, &ctx->xout->wc.masks); - xlate_output_action(ctx, port, or->max_len, false); - } -} - -static void -xlate_enqueue_action(struct xlate_ctx *ctx, - const struct ofpact_enqueue *enqueue) -{ - uint16_t ofp_port = enqueue->port; - uint32_t queue_id = enqueue->queue; - uint32_t flow_priority, priority; - int error; - - /* Translate queue to priority. */ - error = dpif_queue_to_priority(ctx->ofproto->backer->dpif, - queue_id, &priority); - if (error) { - /* Fall back to ordinary output action. */ - xlate_output_action(ctx, enqueue->port, 0, false); - return; - } - - /* Check output port. */ - if (ofp_port == OFPP_IN_PORT) { - ofp_port = ctx->xin->flow.in_port; - } else if (ofp_port == ctx->xin->flow.in_port) { - return; - } - - /* Add datapath actions. */ - flow_priority = ctx->xin->flow.skb_priority; - ctx->xin->flow.skb_priority = priority; - compose_output_action(ctx, ofp_port); - ctx->xin->flow.skb_priority = flow_priority; - - /* Update NetFlow output port. */ - if (ctx->xout->nf_output_iface == NF_OUT_DROP) { - ctx->xout->nf_output_iface = ofp_port; - } else if (ctx->xout->nf_output_iface != NF_OUT_FLOOD) { - ctx->xout->nf_output_iface = NF_OUT_MULTI; - } -} - -static void -xlate_set_queue_action(struct xlate_ctx *ctx, uint32_t queue_id) -{ - uint32_t skb_priority; - - if (!dpif_queue_to_priority(ctx->ofproto->backer->dpif, - queue_id, &skb_priority)) { - ctx->xin->flow.skb_priority = skb_priority; - } else { - /* Couldn't translate queue to a priority. Nothing to do. A warning - * has already been logged. */ - } -} - -static bool -slave_enabled_cb(uint16_t ofp_port, void *ofproto_) -{ - struct ofproto_dpif *ofproto = ofproto_; - struct ofport_dpif *port; - - switch (ofp_port) { - case OFPP_IN_PORT: - case OFPP_TABLE: - case OFPP_NORMAL: - case OFPP_FLOOD: - case OFPP_ALL: - case OFPP_NONE: - return true; - case OFPP_CONTROLLER: /* Not supported by the bundle action. */ - return false; - default: - port = get_ofp_port(ofproto, ofp_port); - return port ? port->may_enable : false; - } -} - -static void -xlate_bundle_action(struct xlate_ctx *ctx, - const struct ofpact_bundle *bundle) -{ - uint16_t port; - - port = bundle_execute(bundle, &ctx->xin->flow, &ctx->xout->wc, - slave_enabled_cb, ctx->ofproto); - if (bundle->dst.field) { - nxm_reg_load(&bundle->dst, port, &ctx->xin->flow); - } else { - xlate_output_action(ctx, port, 0, false); - } -} - -static void -xlate_learn_action(struct xlate_ctx *ctx, - const struct ofpact_learn *learn) -{ - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); - struct ofputil_flow_mod fm; - uint64_t ofpacts_stub[1024 / 8]; - struct ofpbuf ofpacts; - int error; - - ctx->xout->has_learn = true; - - learn_mask(learn, &ctx->xout->wc); - - if (!ctx->xin->may_learn) { - return; - } - - ofpbuf_use_stack(&ofpacts, ofpacts_stub, sizeof ofpacts_stub); - learn_execute(learn, &ctx->xin->flow, &fm, &ofpacts); - - error = ofproto_flow_mod(&ctx->ofproto->up, &fm); - if (error && !VLOG_DROP_WARN(&rl)) { - VLOG_WARN("learning action failed to modify flow table (%s)", - ofperr_get_name(error)); - } - - ofpbuf_uninit(&ofpacts); -} - -/* Reduces '*timeout' to no more than 'max'. A value of zero in either case - * means "infinite". */ -static void -reduce_timeout(uint16_t max, uint16_t *timeout) -{ - if (max && (!*timeout || *timeout > max)) { - *timeout = max; - } -} - -static void -xlate_fin_timeout(struct xlate_ctx *ctx, - const struct ofpact_fin_timeout *oft) -{ - if (ctx->xin->tcp_flags & (TCP_FIN | TCP_RST) && ctx->rule) { - struct rule_dpif *rule = ctx->rule; - - reduce_timeout(oft->fin_idle_timeout, &rule->up.idle_timeout); - reduce_timeout(oft->fin_hard_timeout, &rule->up.hard_timeout); - } -} - -static void -xlate_sample_action(struct xlate_ctx *ctx, - const struct ofpact_sample *os) -{ - union user_action_cookie cookie; - /* Scale the probability from 16-bit to 32-bit while representing - * the same percentage. */ - uint32_t probability = (os->probability << 16) | os->probability; - - commit_odp_actions(&ctx->xin->flow, &ctx->base_flow, - &ctx->xout->odp_actions); - - compose_flow_sample_cookie(os->probability, os->collector_set_id, - os->obs_domain_id, os->obs_point_id, &cookie); - compose_sample_action(ctx->ofproto, &ctx->xout->odp_actions, &ctx->xin->flow, - probability, &cookie, sizeof cookie.flow_sample); -} - -static bool -may_receive(const struct ofport_dpif *port, struct xlate_ctx *ctx) -{ - if (port->up.pp.config & (eth_addr_equals(ctx->xin->flow.dl_dst, - eth_addr_stp) - ? OFPUTIL_PC_NO_RECV_STP - : OFPUTIL_PC_NO_RECV)) { - return false; - } - - /* Only drop packets here if both forwarding and learning are - * disabled. If just learning is enabled, we need to have - * OFPP_NORMAL and the learning action have a look at the packet - * before we can drop it. */ - if (!stp_forward_in_state(port->stp_state) - && !stp_learn_in_state(port->stp_state)) { - return false; - } - - return true; -} - -static bool -tunnel_ecn_ok(struct xlate_ctx *ctx) -{ - if (is_ip_any(&ctx->base_flow) - && (ctx->xin->flow.tunnel.ip_tos & IP_ECN_MASK) == IP_ECN_CE) { - if ((ctx->base_flow.nw_tos & IP_ECN_MASK) == IP_ECN_NOT_ECT) { - VLOG_WARN_RL(&rl, "dropping tunnel packet marked ECN CE" - " but is not ECN capable"); - return false; - } else { - /* Set the ECN CE value in the tunneled packet. */ - ctx->xin->flow.nw_tos |= IP_ECN_CE; - } - } - - return true; -} - -static void -do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, - struct xlate_ctx *ctx) -{ - bool was_evictable = true; - const struct ofpact *a; - - if (ctx->rule) { - /* Don't let the rule we're working on get evicted underneath us. */ - was_evictable = ctx->rule->up.evictable; - ctx->rule->up.evictable = false; - } - - do_xlate_actions_again: - OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) { - struct ofpact_controller *controller; - const struct ofpact_metadata *metadata; - - if (ctx->exit) { - break; - } - - switch (a->type) { - case OFPACT_OUTPUT: - xlate_output_action(ctx, ofpact_get_OUTPUT(a)->port, - ofpact_get_OUTPUT(a)->max_len, true); - break; - - case OFPACT_CONTROLLER: - controller = ofpact_get_CONTROLLER(a); - execute_controller_action(ctx, controller->max_len, - controller->reason, - controller->controller_id); - break; - - case OFPACT_ENQUEUE: - xlate_enqueue_action(ctx, ofpact_get_ENQUEUE(a)); - break; - - case OFPACT_SET_VLAN_VID: - ctx->xin->flow.vlan_tci &= ~htons(VLAN_VID_MASK); - ctx->xin->flow.vlan_tci |= - (htons(ofpact_get_SET_VLAN_VID(a)->vlan_vid) - | htons(VLAN_CFI)); - break; - - case OFPACT_SET_VLAN_PCP: - ctx->xin->flow.vlan_tci &= ~htons(VLAN_PCP_MASK); - ctx->xin->flow.vlan_tci |= - htons((ofpact_get_SET_VLAN_PCP(a)->vlan_pcp << VLAN_PCP_SHIFT) - | VLAN_CFI); - break; - - case OFPACT_STRIP_VLAN: - ctx->xin->flow.vlan_tci = htons(0); - break; - - case OFPACT_PUSH_VLAN: - /* XXX 802.1AD(QinQ) */ - ctx->xin->flow.vlan_tci = htons(VLAN_CFI); - break; - - case OFPACT_SET_ETH_SRC: - memcpy(ctx->xin->flow.dl_src, ofpact_get_SET_ETH_SRC(a)->mac, - ETH_ADDR_LEN); - break; - - case OFPACT_SET_ETH_DST: - memcpy(ctx->xin->flow.dl_dst, ofpact_get_SET_ETH_DST(a)->mac, - ETH_ADDR_LEN); - break; - - case OFPACT_SET_IPV4_SRC: - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IP)) { - ctx->xin->flow.nw_src = ofpact_get_SET_IPV4_SRC(a)->ipv4; - } - break; - - case OFPACT_SET_IPV4_DST: - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IP)) { - ctx->xin->flow.nw_dst = ofpact_get_SET_IPV4_DST(a)->ipv4; - } - break; - - case OFPACT_SET_IPV4_DSCP: - /* OpenFlow 1.0 only supports IPv4. */ - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - if (ctx->xin->flow.dl_type == htons(ETH_TYPE_IP)) { - ctx->xin->flow.nw_tos &= ~IP_DSCP_MASK; - ctx->xin->flow.nw_tos |= ofpact_get_SET_IPV4_DSCP(a)->dscp; - } - break; - - case OFPACT_SET_L4_SRC_PORT: - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - memset(&ctx->xout->wc.masks.nw_proto, 0xff, - sizeof ctx->xout->wc.masks.nw_proto); - if (is_ip_any(&ctx->xin->flow)) { - ctx->xin->flow.tp_src = - htons(ofpact_get_SET_L4_SRC_PORT(a)->port); - } - break; - - case OFPACT_SET_L4_DST_PORT: - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - memset(&ctx->xout->wc.masks.nw_proto, 0xff, - sizeof ctx->xout->wc.masks.nw_proto); - if (is_ip_any(&ctx->xin->flow)) { - ctx->xin->flow.tp_dst = - htons(ofpact_get_SET_L4_DST_PORT(a)->port); - } - break; - - case OFPACT_RESUBMIT: - xlate_ofpact_resubmit(ctx, ofpact_get_RESUBMIT(a)); - break; - - case OFPACT_SET_TUNNEL: - ctx->xin->flow.tunnel.tun_id = - htonll(ofpact_get_SET_TUNNEL(a)->tun_id); - break; - - case OFPACT_SET_QUEUE: - xlate_set_queue_action(ctx, ofpact_get_SET_QUEUE(a)->queue_id); - break; - - case OFPACT_POP_QUEUE: - memset(&ctx->xout->wc.masks.skb_priority, 0xff, - sizeof ctx->xout->wc.masks.skb_priority); - - ctx->xin->flow.skb_priority = ctx->orig_skb_priority; - break; - - case OFPACT_REG_MOVE: - nxm_execute_reg_move(ofpact_get_REG_MOVE(a), &ctx->xin->flow, - &ctx->xout->wc); - break; - - case OFPACT_REG_LOAD: - nxm_execute_reg_load(ofpact_get_REG_LOAD(a), &ctx->xin->flow); - break; - - case OFPACT_STACK_PUSH: - nxm_execute_stack_push(ofpact_get_STACK_PUSH(a), &ctx->xin->flow, - &ctx->xout->wc, &ctx->stack); - break; - - case OFPACT_STACK_POP: - nxm_execute_stack_pop(ofpact_get_STACK_POP(a), &ctx->xin->flow, - &ctx->stack); - break; - - case OFPACT_PUSH_MPLS: - execute_mpls_push_action(ctx, ofpact_get_PUSH_MPLS(a)->ethertype); - break; - - case OFPACT_POP_MPLS: - execute_mpls_pop_action(ctx, ofpact_get_POP_MPLS(a)->ethertype); - break; - - case OFPACT_SET_MPLS_TTL: - if (execute_set_mpls_ttl_action(ctx, - ofpact_get_SET_MPLS_TTL(a)->ttl)) { - goto out; - } - break; - - case OFPACT_DEC_MPLS_TTL: - if (execute_dec_mpls_ttl_action(ctx)) { - goto out; - } - break; - - case OFPACT_DEC_TTL: - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - if (compose_dec_ttl(ctx, ofpact_get_DEC_TTL(a))) { - goto out; - } - break; - - case OFPACT_NOTE: - /* Nothing to do. */ - break; - - case OFPACT_MULTIPATH: - multipath_execute(ofpact_get_MULTIPATH(a), &ctx->xin->flow, - &ctx->xout->wc); - break; - - case OFPACT_BUNDLE: - ctx->ofproto->has_bundle_action = true; - xlate_bundle_action(ctx, ofpact_get_BUNDLE(a)); - break; - - case OFPACT_OUTPUT_REG: - xlate_output_reg_action(ctx, ofpact_get_OUTPUT_REG(a)); - break; - - case OFPACT_LEARN: - xlate_learn_action(ctx, ofpact_get_LEARN(a)); - break; - - case OFPACT_EXIT: - ctx->exit = true; - break; - - case OFPACT_FIN_TIMEOUT: - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - memset(&ctx->xout->wc.masks.nw_proto, 0xff, - sizeof ctx->xout->wc.masks.nw_proto); - ctx->xout->has_fin_timeout = true; - xlate_fin_timeout(ctx, ofpact_get_FIN_TIMEOUT(a)); - break; - - case OFPACT_CLEAR_ACTIONS: - /* XXX - * Nothing to do because writa-actions is not supported for now. - * When writa-actions is supported, clear-actions also must - * be supported at the same time. - */ - break; - - case OFPACT_WRITE_METADATA: - metadata = ofpact_get_WRITE_METADATA(a); - ctx->xin->flow.metadata &= ~metadata->mask; - ctx->xin->flow.metadata |= metadata->metadata & metadata->mask; - break; - - case OFPACT_GOTO_TABLE: { - /* It is assumed that goto-table is the last action. */ - struct ofpact_goto_table *ogt = ofpact_get_GOTO_TABLE(a); - struct rule_dpif *rule; - - ovs_assert(ctx->table_id < ogt->table_id); - - ctx->table_id = ogt->table_id; - - /* Look up a flow from the new table. */ - rule = rule_dpif_lookup__(ctx->ofproto, &ctx->xin->flow, - &ctx->xout->wc, ctx->table_id); - - tag_the_flow(ctx, rule); - - rule = ctx_rule_hooks(ctx, rule, true); - - if (rule) { - if (ctx->rule) { - ctx->rule->up.evictable = was_evictable; - } - ctx->rule = rule; - was_evictable = rule->up.evictable; - rule->up.evictable = false; - - /* Tail recursion removal. */ - ofpacts = rule->up.ofpacts; - ofpacts_len = rule->up.ofpacts_len; - goto do_xlate_actions_again; - } - break; - } - - case OFPACT_SAMPLE: - xlate_sample_action(ctx, ofpact_get_SAMPLE(a)); - break; - } - } - -out: - if (ctx->rule) { - ctx->rule->up.evictable = was_evictable; - } -} - -static void -xlate_in_init(struct xlate_in *xin, struct ofproto_dpif *ofproto, - const struct flow *flow, struct rule_dpif *rule, - uint8_t tcp_flags, const struct ofpbuf *packet) -{ - xin->ofproto = ofproto; - xin->flow = *flow; - xin->packet = packet; - xin->may_learn = packet != NULL; - xin->rule = rule; - xin->ofpacts = NULL; - xin->ofpacts_len = 0; - xin->tcp_flags = tcp_flags; - xin->resubmit_hook = NULL; - xin->report_hook = NULL; - xin->resubmit_stats = NULL; -} - -static void -xlate_out_uninit(struct xlate_out *xout) -{ - if (xout) { - ofpbuf_uninit(&xout->odp_actions); - } -} - -/* Translates the 'ofpacts_len' bytes of "struct ofpacts" starting at 'ofpacts' - * into datapath actions in 'odp_actions', using 'ctx'. */ -static void -xlate_actions(struct xlate_in *xin, struct xlate_out *xout) -{ - /* Normally false. Set to true if we ever hit MAX_RESUBMIT_RECURSION, so - * that in the future we always keep a copy of the original flow for - * tracing purposes. */ - static bool hit_resubmit_limit; - - enum slow_path_reason special; - const struct ofpact *ofpacts; - struct ofport_dpif *in_port; - struct flow orig_flow; - struct xlate_ctx ctx; - size_t ofpacts_len; - - COVERAGE_INC(ofproto_dpif_xlate); - - /* Flow initialization rules: - * - 'base_flow' must match the kernel's view of the packet at the - * time that action processing starts. 'flow' represents any - * transformations we wish to make through actions. - * - By default 'base_flow' and 'flow' are the same since the input - * packet matches the output before any actions are applied. - * - When using VLAN splinters, 'base_flow''s VLAN is set to the value - * of the received packet as seen by the kernel. If we later output - * to another device without any modifications this will cause us to - * insert a new tag since the original one was stripped off by the - * VLAN device. - * - Tunnel metadata as received is retained in 'flow'. This allows - * tunnel metadata matching also in later tables. - * Since a kernel action for setting the tunnel metadata will only be - * generated with actual tunnel output, changing the tunnel metadata - * values in 'flow' (such as tun_id) will only have effect with a later - * tunnel output action. - * - Tunnel 'base_flow' is completely cleared since that is what the - * kernel does. If we wish to maintain the original values an action - * needs to be generated. */ - - ctx.xin = xin; - ctx.xout = xout; - - ctx.ofproto = xin->ofproto; - ctx.rule = xin->rule; - - ctx.base_flow = ctx.xin->flow; - memset(&ctx.base_flow.tunnel, 0, sizeof ctx.base_flow.tunnel); - ctx.orig_tunnel_ip_dst = ctx.xin->flow.tunnel.ip_dst; - - flow_wildcards_init_catchall(&ctx.xout->wc); - memset(&ctx.xout->wc.masks.in_port, 0xff, - sizeof ctx.xout->wc.masks.in_port); - - if (tnl_port_should_receive(&ctx.xin->flow)) { - memset(&ctx.xout->wc.masks.tunnel, 0xff, - sizeof ctx.xout->wc.masks.tunnel); - } - - /* Disable most wildcarding for NetFlow. */ - if (xin->ofproto->netflow) { - memset(&ctx.xout->wc.masks.dl_src, 0xff, - sizeof ctx.xout->wc.masks.dl_src); - memset(&ctx.xout->wc.masks.dl_dst, 0xff, - sizeof ctx.xout->wc.masks.dl_dst); - memset(&ctx.xout->wc.masks.dl_type, 0xff, - sizeof ctx.xout->wc.masks.dl_type); - memset(&ctx.xout->wc.masks.vlan_tci, 0xff, - sizeof ctx.xout->wc.masks.vlan_tci); - memset(&ctx.xout->wc.masks.nw_proto, 0xff, - sizeof ctx.xout->wc.masks.nw_proto); - memset(&ctx.xout->wc.masks.nw_src, 0xff, - sizeof ctx.xout->wc.masks.nw_src); - memset(&ctx.xout->wc.masks.nw_dst, 0xff, - sizeof ctx.xout->wc.masks.nw_dst); - memset(&ctx.xout->wc.masks.tp_src, 0xff, - sizeof ctx.xout->wc.masks.tp_src); - memset(&ctx.xout->wc.masks.tp_dst, 0xff, - sizeof ctx.xout->wc.masks.tp_dst); - } - - ctx.xout->tags = 0; - ctx.xout->slow = 0; - ctx.xout->has_learn = false; - ctx.xout->has_normal = false; - ctx.xout->has_fin_timeout = false; - ctx.xout->nf_output_iface = NF_OUT_DROP; - ctx.xout->mirrors = 0; - - ofpbuf_use_stub(&ctx.xout->odp_actions, ctx.xout->odp_actions_stub, - sizeof ctx.xout->odp_actions_stub); - ofpbuf_reserve(&ctx.xout->odp_actions, NL_A_U32_SIZE); - - ctx.recurse = 0; - ctx.max_resubmit_trigger = false; - ctx.orig_skb_priority = ctx.xin->flow.skb_priority; - ctx.table_id = 0; - ctx.exit = false; - - if (xin->ofpacts) { - ofpacts = xin->ofpacts; - ofpacts_len = xin->ofpacts_len; - } else if (xin->rule) { - ofpacts = xin->rule->up.ofpacts; - ofpacts_len = xin->rule->up.ofpacts_len; - } else { - NOT_REACHED(); - } - - ofpbuf_use_stub(&ctx.stack, ctx.init_stack, sizeof ctx.init_stack); - - if (ctx.ofproto->has_mirrors || hit_resubmit_limit) { - /* Do this conditionally because the copy is expensive enough that it - * shows up in profiles. */ - orig_flow = ctx.xin->flow; - } - - if (ctx.xin->flow.nw_frag & FLOW_NW_FRAG_ANY) { - switch (ctx.ofproto->up.frag_handling) { - case OFPC_FRAG_NORMAL: - /* We must pretend that transport ports are unavailable. */ - ctx.xin->flow.tp_src = ctx.base_flow.tp_src = htons(0); - ctx.xin->flow.tp_dst = ctx.base_flow.tp_dst = htons(0); - break; - - case OFPC_FRAG_DROP: - return; - - case OFPC_FRAG_REASM: - NOT_REACHED(); - - case OFPC_FRAG_NX_MATCH: - /* Nothing to do. */ - break; - - case OFPC_INVALID_TTL_TO_CONTROLLER: - NOT_REACHED(); - } - } - - in_port = get_ofp_port(ctx.ofproto, ctx.xin->flow.in_port); - special = process_special(ctx.ofproto, &ctx.xin->flow, in_port, - ctx.xin->packet); - if (special) { - ctx.xout->slow = special; - } else { - static struct vlog_rate_limit trace_rl = VLOG_RATE_LIMIT_INIT(1, 1); - size_t sample_actions_len; - uint32_t local_odp_port; - - if (ctx.xin->flow.in_port - != vsp_realdev_to_vlandev(ctx.ofproto, ctx.xin->flow.in_port, - ctx.xin->flow.vlan_tci)) { - ctx.base_flow.vlan_tci = 0; - } - - add_sflow_action(&ctx); - add_ipfix_action(&ctx); - sample_actions_len = ctx.xout->odp_actions.size; - - if (tunnel_ecn_ok(&ctx) && (!in_port || may_receive(in_port, &ctx))) { - do_xlate_actions(ofpacts, ofpacts_len, &ctx); - - /* We've let OFPP_NORMAL and the learning action look at the - * packet, so drop it now if forwarding is disabled. */ - if (in_port && !stp_forward_in_state(in_port->stp_state)) { - ctx.xout->odp_actions.size = sample_actions_len; - } - } - - if (ctx.max_resubmit_trigger && !ctx.xin->resubmit_hook) { - if (!hit_resubmit_limit) { - /* We didn't record the original flow. Make sure we do from - * now on. */ - hit_resubmit_limit = true; - } else if (!VLOG_DROP_ERR(&trace_rl)) { - struct ds ds = DS_EMPTY_INITIALIZER; - - ofproto_trace(ctx.ofproto, &orig_flow, ctx.xin->packet, &ds); - VLOG_ERR("Trace triggered by excessive resubmit " - "recursion:\n%s", ds_cstr(&ds)); - ds_destroy(&ds); - } - } - - local_odp_port = ofp_port_to_odp_port(ctx.ofproto, OFPP_LOCAL); - if (!connmgr_must_output_local(ctx.ofproto->up.connmgr, &ctx.xin->flow, - local_odp_port, - ctx.xout->odp_actions.data, - ctx.xout->odp_actions.size)) { - compose_output_action(&ctx, OFPP_LOCAL); - } - if (ctx.ofproto->has_mirrors) { - add_mirror_actions(&ctx, &orig_flow); - } - fix_sflow_action(&ctx); - } - - ofpbuf_uninit(&ctx.stack); - - /* Clear the metadata and register wildcard masks, because we won't - * use non-header fields as part of the cache. */ - memset(&ctx.xout->wc.masks.metadata, 0, - sizeof ctx.xout->wc.masks.metadata); - memset(&ctx.xout->wc.masks.regs, 0, sizeof ctx.xout->wc.masks.regs); -} - -/* Translates the 'ofpacts_len' bytes of "struct ofpact"s starting at 'ofpacts' - * into datapath actions, using 'ctx', and discards the datapath actions. */ -static void -xlate_actions_for_side_effects(struct xlate_in *xin) -{ - struct xlate_out xout; - - xlate_actions(xin, &xout); - xlate_out_uninit(&xout); -} - -static void -xlate_report(struct xlate_ctx *ctx, const char *s) -{ - if (ctx->xin->report_hook) { - ctx->xin->report_hook(ctx, s); - } -} - -static void -xlate_out_copy(struct xlate_out *dst, const struct xlate_out *src) -{ - dst->wc = src->wc; - dst->tags = src->tags; - dst->slow = src->slow; - dst->has_learn = src->has_learn; - dst->has_normal = src->has_normal; - dst->has_fin_timeout = src->has_fin_timeout; - dst->nf_output_iface = src->nf_output_iface; - dst->mirrors = src->mirrors; - - ofpbuf_use_stub(&dst->odp_actions, dst->odp_actions_stub, - sizeof dst->odp_actions_stub); - ofpbuf_put(&dst->odp_actions, src->odp_actions.data, - src->odp_actions.size); -} - -/* OFPP_NORMAL implementation. */ - -static struct ofport_dpif *ofbundle_get_a_port(const struct ofbundle *); - -/* Given 'vid', the VID obtained from the 802.1Q header that was received as - * part of a packet (specify 0 if there was no 802.1Q header), and 'in_bundle', - * the bundle on which the packet was received, returns the VLAN to which the - * packet belongs. - * - * Both 'vid' and the return value are in the range 0...4095. */ -static uint16_t -input_vid_to_vlan(const struct ofbundle *in_bundle, uint16_t vid) -{ - switch (in_bundle->vlan_mode) { - case PORT_VLAN_ACCESS: - return in_bundle->vlan; - break; - - case PORT_VLAN_TRUNK: - return vid; - - case PORT_VLAN_NATIVE_UNTAGGED: - case PORT_VLAN_NATIVE_TAGGED: - return vid ? vid : in_bundle->vlan; - - default: - NOT_REACHED(); - } -} - -/* Checks whether a packet with the given 'vid' may ingress on 'in_bundle'. - * If so, returns true. Otherwise, returns false and, if 'warn' is true, logs - * a warning. - * - * 'vid' should be the VID obtained from the 802.1Q header that was received as - * part of a packet (specify 0 if there was no 802.1Q header), in the range - * 0...4095. */ -static bool -input_vid_is_valid(uint16_t vid, struct ofbundle *in_bundle, bool warn) -{ - /* Allow any VID on the OFPP_NONE port. */ - if (in_bundle == &ofpp_none_bundle) { - return true; - } - - switch (in_bundle->vlan_mode) { - case PORT_VLAN_ACCESS: - if (vid) { - if (warn) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %"PRIu16" tagged " - "packet received on port %s configured as VLAN " - "%"PRIu16" access port", - in_bundle->ofproto->up.name, vid, - in_bundle->name, in_bundle->vlan); - } - return false; - } - return true; - - case PORT_VLAN_NATIVE_UNTAGGED: - case PORT_VLAN_NATIVE_TAGGED: - if (!vid) { - /* Port must always carry its native VLAN. */ - return true; - } - /* Fall through. */ - case PORT_VLAN_TRUNK: - if (!ofbundle_includes_vlan(in_bundle, vid)) { - if (warn) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %"PRIu16" packet " - "received on port %s not configured for trunking " - "VLAN %"PRIu16, - in_bundle->ofproto->up.name, vid, - in_bundle->name, vid); - } - return false; - } - return true; - - default: - NOT_REACHED(); - } - -} - -/* Given 'vlan', the VLAN that a packet belongs to, and - * 'out_bundle', a bundle on which the packet is to be output, returns the VID - * that should be included in the 802.1Q header. (If the return value is 0, - * then the 802.1Q header should only be included in the packet if there is a - * nonzero PCP.) - * - * Both 'vlan' and the return value are in the range 0...4095. */ -static uint16_t -output_vlan_to_vid(const struct ofbundle *out_bundle, uint16_t vlan) -{ - switch (out_bundle->vlan_mode) { - case PORT_VLAN_ACCESS: - return 0; - - case PORT_VLAN_TRUNK: - case PORT_VLAN_NATIVE_TAGGED: - return vlan; - - case PORT_VLAN_NATIVE_UNTAGGED: - return vlan == out_bundle->vlan ? 0 : vlan; - - default: - NOT_REACHED(); - } -} - -static void -output_normal(struct xlate_ctx *ctx, const struct ofbundle *out_bundle, - uint16_t vlan) -{ - struct ofport_dpif *port; - uint16_t vid; - ovs_be16 tci, old_tci; - - vid = output_vlan_to_vid(out_bundle, vlan); - if (!out_bundle->bond) { - port = ofbundle_get_a_port(out_bundle); - } else { - port = bond_choose_output_slave(out_bundle->bond, &ctx->xin->flow, - &ctx->xout->wc, vid, &ctx->xout->tags); - if (!port) { - /* No slaves enabled, so drop packet. */ - return; - } - } - - old_tci = ctx->xin->flow.vlan_tci; - tci = htons(vid); - if (tci || out_bundle->use_priority_tags) { - tci |= ctx->xin->flow.vlan_tci & htons(VLAN_PCP_MASK); - if (tci) { - tci |= htons(VLAN_CFI); - } - } - ctx->xin->flow.vlan_tci = tci; - - compose_output_action(ctx, port->up.ofp_port); - ctx->xin->flow.vlan_tci = old_tci; -} - -static int -mirror_mask_ffs(mirror_mask_t mask) -{ - BUILD_ASSERT_DECL(sizeof(unsigned int) >= sizeof(mask)); - return ffs(mask); -} - -static bool -ofbundle_trunks_vlan(const struct ofbundle *bundle, uint16_t vlan) -{ - return (bundle->vlan_mode != PORT_VLAN_ACCESS - && (!bundle->trunks || bitmap_is_set(bundle->trunks, vlan))); -} - -static bool -ofbundle_includes_vlan(const struct ofbundle *bundle, uint16_t vlan) -{ - return vlan == bundle->vlan || ofbundle_trunks_vlan(bundle, vlan); -} - -/* Returns an arbitrary interface within 'bundle'. */ -static struct ofport_dpif * -ofbundle_get_a_port(const struct ofbundle *bundle) -{ - return CONTAINER_OF(list_front(&bundle->ports), - struct ofport_dpif, bundle_node); -} - -static bool -vlan_is_mirrored(const struct ofmirror *m, int vlan) -{ - return !m->vlans || bitmap_is_set(m->vlans, vlan); -} - -static void -add_mirror_actions(struct xlate_ctx *ctx, const struct flow *orig_flow) -{ - struct ofproto_dpif *ofproto = ctx->ofproto; - mirror_mask_t mirrors; - struct ofbundle *in_bundle; - uint16_t vlan; - uint16_t vid; - const struct nlattr *a; - size_t left; - - in_bundle = lookup_input_bundle(ctx->ofproto, orig_flow->in_port, - ctx->xin->packet != NULL, NULL); - if (!in_bundle) { - return; - } - mirrors = in_bundle->src_mirrors; - - /* Drop frames on bundles reserved for mirroring. */ - if (in_bundle->mirror_out) { - if (ctx->xin->packet != NULL) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port " - "%s, which is reserved exclusively for mirroring", - ctx->ofproto->up.name, in_bundle->name); - } - return; - } - - /* Check VLAN. */ - vid = vlan_tci_to_vid(orig_flow->vlan_tci); - if (!input_vid_is_valid(vid, in_bundle, ctx->xin->packet != NULL)) { - return; - } - vlan = input_vid_to_vlan(in_bundle, vid); - - /* Look at the output ports to check for destination selections. */ - - NL_ATTR_FOR_EACH (a, left, ctx->xout->odp_actions.data, - ctx->xout->odp_actions.size) { - enum ovs_action_attr type = nl_attr_type(a); - struct ofport_dpif *ofport; - - if (type != OVS_ACTION_ATTR_OUTPUT) { - continue; - } - - ofport = get_odp_port(ofproto, nl_attr_get_u32(a)); - if (ofport && ofport->bundle) { - mirrors |= ofport->bundle->dst_mirrors; - } - } - - if (!mirrors) { - return; - } - - /* Restore the original packet before adding the mirror actions. */ - ctx->xin->flow = *orig_flow; - - while (mirrors) { - struct ofmirror *m; - - m = ofproto->mirrors[mirror_mask_ffs(mirrors) - 1]; - - if (m->vlans) { - ctx->xout->wc.masks.vlan_tci |= htons(VLAN_CFI | VLAN_VID_MASK); - } - - if (!vlan_is_mirrored(m, vlan)) { - mirrors = zero_rightmost_1bit(mirrors); - continue; - } - - mirrors &= ~m->dup_mirrors; - ctx->xout->mirrors |= m->dup_mirrors; - if (m->out) { - output_normal(ctx, m->out, vlan); - } else if (vlan != m->out_vlan - && !eth_addr_is_reserved(orig_flow->dl_dst)) { - struct ofbundle *bundle; - - HMAP_FOR_EACH (bundle, hmap_node, &ofproto->bundles) { - if (ofbundle_includes_vlan(bundle, m->out_vlan) - && !bundle->mirror_out) { - output_normal(ctx, bundle, m->out_vlan); - } - } - } - } -} - -static void -update_mirror_stats(struct ofproto_dpif *ofproto, mirror_mask_t mirrors, - uint64_t packets, uint64_t bytes) -{ - if (!mirrors) { - return; - } - - for (; mirrors; mirrors = zero_rightmost_1bit(mirrors)) { - struct ofmirror *m; - - m = ofproto->mirrors[mirror_mask_ffs(mirrors) - 1]; - - if (!m) { - /* In normal circumstances 'm' will not be NULL. However, - * if mirrors are reconfigured, we can temporarily get out - * of sync in facet_revalidate(). We could "correct" the - * mirror list before reaching here, but doing that would - * not properly account the traffic stats we've currently - * accumulated for previous mirror configuration. */ - continue; - } - - m->packet_count += packets; - m->byte_count += bytes; - } -} - -/* A VM broadcasts a gratuitous ARP to indicate that it has resumed after - * migration. Older Citrix-patched Linux DomU used gratuitous ARP replies to - * indicate this; newer upstream kernels use gratuitous ARP requests. */ -static bool -is_gratuitous_arp(const struct flow *flow, struct flow_wildcards *wc) -{ - if (flow->dl_type != htons(ETH_TYPE_ARP)) { - return false; - } - - memset(&wc->masks.dl_dst, 0xff, sizeof wc->masks.dl_dst); - if (!eth_addr_is_broadcast(flow->dl_dst)) { - return false; - } - - memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto); - if (flow->nw_proto == ARP_OP_REPLY) { - return true; - } else if (flow->nw_proto == ARP_OP_REQUEST) { - memset(&wc->masks.nw_src, 0xff, sizeof wc->masks.nw_src); - memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst); - - return flow->nw_src == flow->nw_dst; - } else { - return false; - } -} - -static void -update_learning_table(struct ofproto_dpif *ofproto, - const struct flow *flow, struct flow_wildcards *wc, - int vlan, struct ofbundle *in_bundle) -{ - struct mac_entry *mac; - - /* Don't learn the OFPP_NONE port. */ - if (in_bundle == &ofpp_none_bundle) { - return; - } - - if (!mac_learning_may_learn(ofproto->ml, flow->dl_src, vlan)) { - return; - } - - mac = mac_learning_insert(ofproto->ml, flow->dl_src, vlan); - if (is_gratuitous_arp(flow, wc)) { - /* We don't want to learn from gratuitous ARP packets that are - * reflected back over bond slaves so we lock the learning table. */ - if (!in_bundle->bond) { - mac_entry_set_grat_arp_lock(mac); - } else if (mac_entry_is_grat_arp_locked(mac)) { - return; - } - } - - if (mac_entry_is_new(mac) || mac->port.p != in_bundle) { - /* The log messages here could actually be useful in debugging, - * so keep the rate limit relatively high. */ - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, 300); - VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is " - "on port %s in VLAN %d", - ofproto->up.name, ETH_ADDR_ARGS(flow->dl_src), - in_bundle->name, vlan); - - mac->port.p = in_bundle; - tag_set_add(&ofproto->backer->revalidate_set, - mac_learning_changed(ofproto->ml, mac)); - } -} - -static struct ofbundle * -lookup_input_bundle(const struct ofproto_dpif *ofproto, uint16_t in_port, - bool warn, struct ofport_dpif **in_ofportp) -{ - struct ofport_dpif *ofport; - - /* Find the port and bundle for the received packet. */ - ofport = get_ofp_port(ofproto, in_port); - if (in_ofportp) { - *in_ofportp = ofport; - } - if (ofport && ofport->bundle) { - return ofport->bundle; - } - - /* Special-case OFPP_NONE, which a controller may use as the ingress - * port for traffic that it is sourcing. */ - if (in_port == OFPP_NONE) { - return &ofpp_none_bundle; - } - - /* Odd. A few possible reasons here: - * - * - We deleted a port but there are still a few packets queued up - * from it. - * - * - Someone externally added a port (e.g. "ovs-dpctl add-if") that - * we don't know about. - * - * - The ofproto client didn't configure the port as part of a bundle. - * This is particularly likely to happen if a packet was received on the - * port after it was created, but before the client had a chance to - * configure its bundle. - */ - if (warn) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - - VLOG_WARN_RL(&rl, "bridge %s: received packet on unknown " - "port %"PRIu16, ofproto->up.name, in_port); - } - return NULL; -} - -/* Determines whether packets in 'flow' within 'ofproto' should be forwarded or - * dropped. Returns true if they may be forwarded, false if they should be - * dropped. - * - * 'in_port' must be the ofport_dpif that corresponds to flow->in_port. - * 'in_port' must be part of a bundle (e.g. in_port->bundle must be nonnull). - * - * 'vlan' must be the VLAN that corresponds to flow->vlan_tci on 'in_port', as - * returned by input_vid_to_vlan(). It must be a valid VLAN for 'in_port', as - * checked by input_vid_is_valid(). - * - * May also add tags to '*tags', although the current implementation only does - * so in one special case. - */ -static bool -is_admissible(struct xlate_ctx *ctx, struct ofport_dpif *in_port, - uint16_t vlan) -{ - struct ofproto_dpif *ofproto = ctx->ofproto; - struct flow *flow = &ctx->xin->flow; - struct ofbundle *in_bundle = in_port->bundle; - - /* Drop frames for reserved multicast addresses - * only if forward_bpdu option is absent. */ - if (!ofproto->up.forward_bpdu && eth_addr_is_reserved(flow->dl_dst)) { - xlate_report(ctx, "packet has reserved destination MAC, dropping"); - return false; - } - - if (in_bundle->bond) { - struct mac_entry *mac; - - switch (bond_check_admissibility(in_bundle->bond, in_port, - flow->dl_dst, &ctx->xout->tags)) { - case BV_ACCEPT: - break; - - case BV_DROP: - xlate_report(ctx, "bonding refused admissibility, dropping"); - return false; - - case BV_DROP_IF_MOVED: - mac = mac_learning_lookup(ofproto->ml, flow->dl_src, vlan, NULL); - if (mac && mac->port.p != in_bundle && - (!is_gratuitous_arp(flow, &ctx->xout->wc) - || mac_entry_is_grat_arp_locked(mac))) { - xlate_report(ctx, "SLB bond thinks this packet looped back, " - "dropping"); - return false; - } - break; - } - } - - return true; -} - -static void -xlate_normal(struct xlate_ctx *ctx) -{ - struct ofport_dpif *in_port; - struct ofbundle *in_bundle; - struct mac_entry *mac; - uint16_t vlan; - uint16_t vid; - - ctx->xout->has_normal = true; - - /* Check the dl_type, since we may check for gratuituous ARP. */ - memset(&ctx->xout->wc.masks.dl_type, 0xff, - sizeof ctx->xout->wc.masks.dl_type); - - memset(&ctx->xout->wc.masks.dl_src, 0xff, - sizeof ctx->xout->wc.masks.dl_src); - memset(&ctx->xout->wc.masks.dl_dst, 0xff, - sizeof ctx->xout->wc.masks.dl_dst); - memset(&ctx->xout->wc.masks.vlan_tci, 0xff, - sizeof ctx->xout->wc.masks.vlan_tci); - - in_bundle = lookup_input_bundle(ctx->ofproto, ctx->xin->flow.in_port, - ctx->xin->packet != NULL, &in_port); - if (!in_bundle) { - xlate_report(ctx, "no input bundle, dropping"); - return; - } - - /* Drop malformed frames. */ - if (ctx->xin->flow.dl_type == htons(ETH_TYPE_VLAN) && - !(ctx->xin->flow.vlan_tci & htons(VLAN_CFI))) { - if (ctx->xin->packet != NULL) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping packet with partial " - "VLAN tag received on port %s", - ctx->ofproto->up.name, in_bundle->name); - } - xlate_report(ctx, "partial VLAN tag, dropping"); - return; - } - - /* Drop frames on bundles reserved for mirroring. */ - if (in_bundle->mirror_out) { - if (ctx->xin->packet != NULL) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port " - "%s, which is reserved exclusively for mirroring", - ctx->ofproto->up.name, in_bundle->name); - } - xlate_report(ctx, "input port is mirror output port, dropping"); - return; - } - - /* Check VLAN. */ - vid = vlan_tci_to_vid(ctx->xin->flow.vlan_tci); - if (!input_vid_is_valid(vid, in_bundle, ctx->xin->packet != NULL)) { - xlate_report(ctx, "disallowed VLAN VID for this input port, dropping"); - return; - } - vlan = input_vid_to_vlan(in_bundle, vid); - - /* Check other admissibility requirements. */ - if (in_port && !is_admissible(ctx, in_port, vlan)) { - return; - } - - /* Learn source MAC. */ - if (ctx->xin->may_learn) { - update_learning_table(ctx->ofproto, &ctx->xin->flow, &ctx->xout->wc, - vlan, in_bundle); - } - - /* Determine output bundle. */ - mac = mac_learning_lookup(ctx->ofproto->ml, ctx->xin->flow.dl_dst, vlan, - &ctx->xout->tags); - if (mac) { - if (mac->port.p != in_bundle) { - xlate_report(ctx, "forwarding to learned port"); - output_normal(ctx, mac->port.p, vlan); - } else { - xlate_report(ctx, "learned port is input port, dropping"); - } - } else { - struct ofbundle *bundle; - - xlate_report(ctx, "no learned MAC for destination, flooding"); - HMAP_FOR_EACH (bundle, hmap_node, &ctx->ofproto->bundles) { - if (bundle != in_bundle - && ofbundle_includes_vlan(bundle, vlan) - && bundle->floodable - && !bundle->mirror_out) { - output_normal(ctx, bundle, vlan); - } - } - ctx->xout->nf_output_iface = NF_OUT_FLOOD; - } -} - -/* Optimized flow revalidation. - * - * It's a difficult problem, in general, to tell which facets need to have - * their actions recalculated whenever the OpenFlow flow table changes. We - * don't try to solve that general problem: for most kinds of OpenFlow flow - * table changes, we recalculate the actions for every facet. This is - * relatively expensive, but it's good enough if the OpenFlow flow table - * doesn't change very often. - * - * However, we can expect one particular kind of OpenFlow flow table change to - * happen frequently: changes caused by MAC learning. To avoid wasting a lot - * of CPU on revalidating every facet whenever MAC learning modifies the flow - * table, we add a special case that applies to flow tables in which every rule - * has the same form (that is, the same wildcards), except that the table is - * also allowed to have a single "catch-all" flow that matches all packets. We - * optimize this case by tagging all of the facets that resubmit into the table - * and invalidating the same tag whenever a flow changes in that table. The - * end result is that we revalidate just the facets that need it (and sometimes - * a few more, but not all of the facets or even all of the facets that - * resubmit to the table modified by MAC learning). */ - -/* Calculates the tag to use for 'flow' and mask 'mask' when it is inserted - * into an OpenFlow table with the given 'basis'. */ -static tag_type -rule_calculate_tag(const struct flow *flow, const struct minimask *mask, - uint32_t secret) -{ - if (minimask_is_catchall(mask)) { - return 0; - } else { - uint32_t hash = flow_hash_in_minimask(flow, mask, secret); - return tag_create_deterministic(hash); - } -} - -/* Following a change to OpenFlow table 'table_id' in 'ofproto', update the - * taggability of that table. - * - * This function must be called after *each* change to a flow table. If you - * skip calling it on some changes then the pointer comparisons at the end can - * be invalid if you get unlucky. For example, if a flow removal causes a - * cls_table to be destroyed and then a flow insertion causes a cls_table with - * different wildcards to be created with the same address, then this function - * will incorrectly skip revalidation. */ -static void -table_update_taggable(struct ofproto_dpif *ofproto, uint8_t table_id) -{ - struct table_dpif *table = &ofproto->tables[table_id]; - const struct oftable *oftable = &ofproto->up.tables[table_id]; - struct cls_table *catchall, *other; - struct cls_table *t; - - catchall = other = NULL; - - switch (hmap_count(&oftable->cls.tables)) { - case 0: - /* We could tag this OpenFlow table but it would make the logic a - * little harder and it's a corner case that doesn't seem worth it - * yet. */ - break; - - case 1: - case 2: - HMAP_FOR_EACH (t, hmap_node, &oftable->cls.tables) { - if (cls_table_is_catchall(t)) { - catchall = t; - } else if (!other) { - other = t; - } else { - /* Indicate that we can't tag this by setting both tables to - * NULL. (We know that 'catchall' is already NULL.) */ - other = NULL; - } - } - break; - - default: - /* Can't tag this table. */ - break; - } - - if (table->catchall_table != catchall || table->other_table != other) { - table->catchall_table = catchall; - table->other_table = other; - ofproto->backer->need_revalidate = REV_FLOW_TABLE; - } -} - -/* Given 'rule' that has changed in some way (either it is a rule being - * inserted, a rule being deleted, or a rule whose actions are being - * modified), marks facets for revalidation to ensure that packets will be - * forwarded correctly according to the new state of the flow table. - * - * This function must be called after *each* change to a flow table. See - * the comment on table_update_taggable() for more information. */ -static void -rule_invalidate(const struct rule_dpif *rule) -{ - struct ofproto_dpif *ofproto = ofproto_dpif_cast(rule->up.ofproto); - - table_update_taggable(ofproto, rule->up.table_id); - - if (!ofproto->backer->need_revalidate) { - struct table_dpif *table = &ofproto->tables[rule->up.table_id]; - - if (table->other_table && rule->tag) { - tag_set_add(&ofproto->backer->revalidate_set, rule->tag); - } else { - ofproto->backer->need_revalidate = REV_FLOW_TABLE; - } - } -} - -static bool -set_frag_handling(struct ofproto *ofproto_, - enum ofp_config_flags frag_handling) + +static bool +set_frag_handling(struct ofproto *ofproto_, + enum ofp_config_flags frag_handling) { struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); if (frag_handling != OFPC_FRAG_REASM) { @@ -8242,7 +5840,7 @@ exit: ofpbuf_uninit(&odp_key); } -static void +void ofproto_trace(struct ofproto_dpif *ofproto, const struct flow *flow, const struct ofpbuf *packet, struct ds *ds) { @@ -8771,7 +6369,7 @@ hash_realdev_vid(uint16_t realdev_ofp_port, int vid) * * Unless VLAN splinters are enabled for port 'realdev_ofp_port', this * function just returns its 'realdev_ofp_port' argument. */ -static uint16_t +uint16_t vsp_realdev_to_vlandev(const struct ofproto_dpif *ofproto, uint16_t realdev_ofp_port, ovs_be16 vlan_tci) { @@ -8900,7 +6498,7 @@ vsp_add(struct ofport_dpif *port, uint16_t realdev_ofp_port, int vid) } } -static uint32_t +uint32_t ofp_port_to_odp_port(const struct ofproto_dpif *ofproto, uint16_t ofp_port) { const struct ofport_dpif *ofport = get_ofp_port(ofproto, ofp_port); diff --git a/ofproto/ofproto-dpif.h b/ofproto/ofproto-dpif.h new file mode 100644 index 000000000..0c3252ccf --- /dev/null +++ b/ofproto/ofproto-dpif.h @@ -0,0 +1,351 @@ +/* Copyright (c) 2009, 2010, 2011, 2012, 2013 Nicira, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ + +#ifndef OFPROTO_DPIF_H +#define OFPROTO_DPIF_H 1 + +#include + +#include "hmapx.h" +#include "ofproto/ofproto-provider.h" +#include "tag.h" +#include "timer.h" +#include "util.h" + +union user_action_cookie; + +#define MAX_MIRRORS 32 +typedef uint32_t mirror_mask_t; +#define MIRROR_MASK_C(X) UINT32_C(X) +BUILD_ASSERT_DECL(sizeof(mirror_mask_t) * CHAR_BIT >= MAX_MIRRORS); + +/* Number of implemented OpenFlow tables. */ +enum { N_TABLES = 255 }; +enum { TBL_INTERNAL = N_TABLES - 1 }; /* Used for internal hidden rules. */ +BUILD_ASSERT_DECL(N_TABLES >= 2 && N_TABLES <= 255); + +/* Reasons that we might need to revalidate every facet, and corresponding + * coverage counters. + * + * A value of 0 means that there is no need to revalidate. + * + * It would be nice to have some cleaner way to integrate with coverage + * counters, but with only a few reasons I guess this is good enough for + * now. */ +enum revalidate_reason { + REV_RECONFIGURE = 1, /* Switch configuration changed. */ + REV_STP, /* Spanning tree protocol port status change. */ + REV_PORT_TOGGLED, /* Port enabled or disabled by CFM, LACP, ...*/ + REV_FLOW_TABLE, /* Flow table changed. */ + REV_INCONSISTENCY /* Facet self-check failed. */ +}; + +struct rule_dpif { + struct rule up; + + /* These statistics: + * + * - Do include packets and bytes from facets that have been deleted or + * whose own statistics have been folded into the rule. + * + * - Do include packets and bytes sent "by hand" that were accounted to + * the rule without any facet being involved (this is a rare corner + * case in rule_execute()). + * + * - Do not include packet or bytes that can be obtained from any facet's + * packet_count or byte_count member or that can be obtained from the + * datapath by, e.g., dpif_flow_get() for any subfacet. + */ + uint64_t packet_count; /* Number of packets received. */ + uint64_t byte_count; /* Number of bytes received. */ + + tag_type tag; /* Caches rule_calculate_tag() result. */ + + struct list facets; /* List of "struct facet"s. */ +}; + +struct avg_subfacet_rates { + double add_rate; /* Moving average of new flows created per minute. */ + double del_rate; /* Moving average of flows deleted per minute. */ +}; + +/* All datapaths of a given type share a single dpif backer instance. */ +struct dpif_backer { + char *type; + int refcount; + struct dpif *dpif; + struct timer next_expiration; + struct hmap odp_to_ofport_map; /* ODP port to ofport mapping. */ + + struct simap tnl_backers; /* Set of dpif ports backing tunnels. */ + + /* Facet revalidation flags applying to facets which use this backer. */ + enum revalidate_reason need_revalidate; /* Revalidate every facet. */ + struct tag_set revalidate_set; /* Revalidate only matching facets. */ + + struct hmap drop_keys; /* Set of dropped odp keys. */ + bool recv_set_enable; /* Enables or disables receiving packets. */ + + struct hmap subfacets; + struct governor *governor; + + /* Subfacet statistics. + * + * These keep track of the total number of subfacets added and deleted and + * flow life span. They are useful for computing the flow rates stats + * exposed via "ovs-appctl dpif/show". The goal is to learn about + * traffic patterns in ways that we can use later to improve Open vSwitch + * performance in new situations. */ + long long int created; /* Time when it is created. */ + unsigned max_n_subfacet; /* Maximum number of flows */ + unsigned avg_n_subfacet; /* Average number of flows. */ + long long int avg_subfacet_life; /* Average life span of subfacets. */ + + /* The average number of subfacets... */ + struct avg_subfacet_rates hourly; /* ...over the last hour. */ + struct avg_subfacet_rates daily; /* ...over the last day. */ + struct avg_subfacet_rates lifetime; /* ...over the switch lifetime. */ + long long int last_minute; /* Last time 'hourly' was updated. */ + + /* Number of subfacets added or deleted since 'last_minute'. */ + unsigned subfacet_add_count; + unsigned subfacet_del_count; + + /* Number of subfacets added or deleted from 'created' to 'last_minute.' */ + unsigned long long int total_subfacet_add_count; + unsigned long long int total_subfacet_del_count; +}; + +/* Extra information about a classifier table. + * Currently used just for optimized flow revalidation. */ +struct table_dpif { + /* If either of these is nonnull, then this table has a form that allows + * flows to be tagged to avoid revalidating most flows for the most common + * kinds of flow table changes. */ + struct cls_table *catchall_table; /* Table that wildcards all fields. */ + struct cls_table *other_table; /* Table with any other wildcard set. */ + uint32_t basis; /* Keeps each table's tags separate. */ +}; + +struct ofproto_dpif { + struct hmap_node all_ofproto_dpifs_node; /* In 'all_ofproto_dpifs'. */ + struct ofproto up; + struct dpif_backer *backer; + + /* Special OpenFlow rules. */ + struct rule_dpif *miss_rule; /* Sends flow table misses to controller. */ + struct rule_dpif *no_packet_in_rule; /* Drops flow table misses. */ + struct rule_dpif *drop_frags_rule; /* Used in OFPC_FRAG_DROP mode. */ + + /* Bridging. */ + struct netflow *netflow; + struct dpif_sflow *sflow; + struct dpif_ipfix *ipfix; + struct hmap bundles; /* Contains "struct ofbundle"s. */ + struct mac_learning *ml; + struct ofmirror *mirrors[MAX_MIRRORS]; + bool has_mirrors; + bool has_bonded_bundles; + + /* Facets. */ + struct classifier facets; /* Contains 'struct facet's. */ + long long int consistency_rl; + + /* Revalidation. */ + struct table_dpif tables[N_TABLES]; + + /* Support for debugging async flow mods. */ + struct list completions; + + bool has_bundle_action; /* True when the first bundle action appears. */ + struct netdev_stats stats; /* To account packets generated and consumed in + * userspace. */ + + /* Spanning tree. */ + struct stp *stp; + long long int stp_last_tick; + + /* VLAN splinters. */ + struct hmap realdev_vid_map; /* (realdev,vid) -> vlandev. */ + struct hmap vlandev_map; /* vlandev -> (realdev,vid). */ + + /* Ports. */ + struct sset ports; /* Set of standard port names. */ + struct sset ghost_ports; /* Ports with no datapath port. */ + struct sset port_poll_set; /* Queued names for port_poll() reply. */ + int port_poll_errno; /* Last errno for port_poll() reply. */ + + /* Per ofproto's dpif stats. */ + uint64_t n_hit; + uint64_t n_missed; +}; + +struct ofport_dpif { + struct hmap_node odp_port_node; /* In dpif_backer's "odp_to_ofport_map". */ + struct ofport up; + + uint32_t odp_port; + struct ofbundle *bundle; /* Bundle that contains this port, if any. */ + struct list bundle_node; /* In struct ofbundle's "ports" list. */ + struct cfm *cfm; /* Connectivity Fault Management, if any. */ + struct bfd *bfd; /* BFD, if any. */ + tag_type tag; /* Tag associated with this port. */ + bool may_enable; /* May be enabled in bonds. */ + long long int carrier_seq; /* Carrier status changes. */ + struct tnl_port *tnl_port; /* Tunnel handle, or null. */ + + /* Spanning tree. */ + struct stp_port *stp_port; /* Spanning Tree Protocol, if any. */ + enum stp_state stp_state; /* Always STP_DISABLED if STP not in use. */ + long long int stp_state_entered; + + struct hmap priorities; /* Map of attached 'priority_to_dscp's. */ + + /* Linux VLAN device support (e.g. "eth0.10" for VLAN 10.) + * + * This is deprecated. It is only for compatibility with broken device + * drivers in old versions of Linux that do not properly support VLANs when + * VLAN devices are not used. When broken device drivers are no longer in + * widespread use, we will delete these interfaces. */ + uint16_t realdev_ofp_port; + int vlandev_vid; +}; + +struct ofbundle { + struct hmap_node hmap_node; /* In struct ofproto's "bundles" hmap. */ + struct ofproto_dpif *ofproto; /* Owning ofproto. */ + void *aux; /* Key supplied by ofproto's client. */ + char *name; /* Identifier for log messages. */ + + /* Configuration. */ + struct list ports; /* Contains "struct ofport"s. */ + enum port_vlan_mode vlan_mode; /* VLAN mode */ + int vlan; /* -1=trunk port, else a 12-bit VLAN ID. */ + unsigned long *trunks; /* Bitmap of trunked VLANs, if 'vlan' == -1. + * NULL if all VLANs are trunked. */ + struct lacp *lacp; /* LACP if LACP is enabled, otherwise NULL. */ + struct bond *bond; /* Nonnull iff more than one port. */ + bool use_priority_tags; /* Use 802.1p tag for frames in VLAN 0? */ + + /* Status. */ + bool floodable; /* True if no port has OFPUTIL_PC_NO_FLOOD set. */ + + /* Port mirroring info. */ + mirror_mask_t src_mirrors; /* Mirrors triggered when packet received. */ + mirror_mask_t dst_mirrors; /* Mirrors triggered when packet sent. */ + mirror_mask_t mirror_out; /* Mirrors that output to this bundle. */ +}; + +struct ofmirror { + struct ofproto_dpif *ofproto; /* Owning ofproto. */ + size_t idx; /* In ofproto's "mirrors" array. */ + void *aux; /* Key supplied by ofproto's client. */ + char *name; /* Identifier for log messages. */ + + /* Selection criteria. */ + struct hmapx srcs; /* Contains "struct ofbundle *"s. */ + struct hmapx dsts; /* Contains "struct ofbundle *"s. */ + unsigned long *vlans; /* Bitmap of chosen VLANs, NULL selects all. */ + + /* Output (exactly one of out == NULL and out_vlan == -1 is true). */ + struct ofbundle *out; /* Output port or NULL. */ + int out_vlan; /* Output VLAN or -1. */ + mirror_mask_t dup_mirrors; /* Bitmap of mirrors with the same output. */ + + /* Counters. */ + int64_t packet_count; /* Number of packets sent. */ + int64_t byte_count; /* Number of bytes sent. */ +}; + +/* Node in 'ofport_dpif''s 'priorities' map. Used to maintain a map from + * 'priority' (the datapath's term for QoS queue) to the dscp bits which all + * traffic egressing the 'ofport' with that priority should be marked with. */ +struct priority_to_dscp { + struct hmap_node hmap_node; /* Node in 'ofport_dpif''s 'priorities' map. */ + uint32_t priority; /* Priority of this queue (see struct flow). */ + + uint8_t dscp; /* DSCP bits to mark outgoing traffic with. */ +}; + +static inline struct rule_dpif *rule_dpif_cast(const struct rule *rule) +{ + return rule ? CONTAINER_OF(rule, struct rule_dpif, up) : NULL; +} + +static inline struct ofproto_dpif * +ofproto_dpif_cast(const struct ofproto *ofproto) +{ + ovs_assert(ofproto->ofproto_class == &ofproto_dpif_class); + return CONTAINER_OF(ofproto, struct ofproto_dpif, up); +} + +static inline struct ofport_dpif * +ofbundle_get_a_port(const struct ofbundle *bundle) +{ + return CONTAINER_OF(list_front(&bundle->ports), struct ofport_dpif, + bundle_node); +} + +static inline int +mirror_mask_ffs(mirror_mask_t mask) +{ + BUILD_ASSERT_DECL(sizeof(unsigned int) >= sizeof(mask)); + return ffs(mask); +} + +struct ofport_dpif *get_ofp_port(const struct ofproto_dpif *, + uint16_t ofp_port); + +struct ofport_dpif *get_odp_port(const struct ofproto_dpif *, + uint32_t odp_port); + +struct ofport_dpif *ofport_get_peer(const struct ofport_dpif *); + +uint32_t ofp_port_to_odp_port(const struct ofproto_dpif *, uint16_t ofp_port); + +struct rule_dpif *rule_dpif_lookup_in_table(struct ofproto_dpif *, + const struct flow *, + struct flow_wildcards *, + uint8_t table_id); + +tag_type rule_calculate_tag(const struct flow *flow, const struct minimask *, + uint32_t secret); + +struct rule_dpif *rule_dpif_miss_rule(struct ofproto_dpif *ofproto, + const struct flow *); + +void rule_credit_stats(struct rule_dpif *, const struct dpif_flow_stats *); + +void ofproto_trace(struct ofproto_dpif *, const struct flow *, + const struct ofpbuf *packet, struct ds *); + +size_t put_userspace_action(const struct ofproto_dpif *, + struct ofpbuf *odp_actions, const struct flow *, + const union user_action_cookie *, + const size_t cookie_size); + +enum slow_path_reason process_special(struct ofproto_dpif *, + const struct flow *, + const struct ofport_dpif *, + const struct ofpbuf *packet); + +uint16_t vsp_realdev_to_vlandev(const struct ofproto_dpif *, + uint16_t realdev_ofp_port, + ovs_be16 vlan_tci); + +struct priority_to_dscp *get_priority(const struct ofport_dpif *, + uint32_t priority); + + +#endif /* ofproto-dpif.h */ -- 2.43.0