From: Jarno Rajahalme
Date: Thu, 9 May 2013 12:24:16 +0000 (+0300)
Subject: OpenFlow-level flow-based tunneling support.
X-Git-Tag: sliver-openvswitch-1.10.90-3~16^2~1
X-Git-Url: http://git.onelab.eu/?p=sliver-openvswitch.git;a=commitdiff_plain;h=0ad90c845b7e82090a846fbe9f927e8d1c84cfc9
OpenFlow-level flow-based tunneling support.
Adds tun_src and tun_dst match and set capabilities via new NXM fields
NXM_NX_TUN_IPV4_SRC and NXM_NX_TUN_IPV4_DST. This allows management of
large number of tunnels via the flow tables, without requiring the tunnels
to be pre-configured.
Flow-based tunnels can be configured with options remote_ip=flow and
local_ip=flow. local_ip=flow requires remote_ip=flow. When set, the
tunnel remote IP address and/or local IP address is set from the flow,
instead of the tunnel configuration.
Example:
$ ovs-vsctl add-port br0 gre -- set Interface gre ofport_request=1 type=gre options:remote_ip=flow options:key=flow
$ ovs-ofctl add-flow br0 "in_port=LOCAL actions=set_tunnel:1,set_field:192.168.0.1->tun_dst,output:1"
$ ovs-ofctl add-flow br0 "in_port=1 tun_src=192.168.0.1 tun_id=1 actions=LOCAL"
Signed-off-by: Jarno Rajahalme
Signed-off-by: Ben Pfaff
---
diff --git a/NEWS b/NEWS
index 8536a140f..4cb4499a8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,9 @@
post-v1.11.0
---------------------
+ - OpenFlow:
+ * New support for matching outer source and destination IP address
+ of tunneled packets, for tunnel ports configured with the newly
+ added "remote_ip=flow" and "local_ip=flow" options.
v1.11.0 - xx xxx xxxx
diff --git a/include/openflow/nicira-ext.h b/include/openflow/nicira-ext.h
index 8c9fab1e1..5ca343e1a 100644
--- a/include/openflow/nicira-ext.h
+++ b/include/openflow/nicira-ext.h
@@ -478,6 +478,8 @@ OFP_ASSERT(sizeof(struct nx_action_pop_queue) == 16);
* - NXM_NX_ND_SLL
* - NXM_NX_ND_TLL
* - NXM_NX_REG(idx) for idx in the switch's accepted range.
+ * - NXM_NX_TUN_IPV4_SRC
+ * - NXM_NX_TUN_IPV4_DST
*
* The following nxm_header values are potentially acceptable as 'dst':
*
@@ -503,8 +505,10 @@ OFP_ASSERT(sizeof(struct nx_action_pop_queue) == 16);
* adds or modifies the 802.1Q header appropriately, setting the TCI field
* to the field's new value (with the CFI bit masked out).
*
- * - NXM_NX_TUN_ID. Modifying this value modifies the tunnel ID used for the
- * packet's next tunnel encapsulation.
+ * - NXM_NX_TUN_ID, NXM_NX_TUN_IPV4_SRC, NXM_NX_TUN_IPV4_DST. Modifying
+ * any of these values modifies the corresponding tunnel header field used
+ * for the packet's next tunnel encapsulation, if allowed by the
+ * configuration of the output tunnel port.
*
* A given nxm_header value may be used as 'src' or 'dst' only on a flow whose
* nx_match satisfies its prerequisites. For example, NXM_OF_IP_TOS may be
@@ -1748,6 +1752,21 @@ OFP_ASSERT(sizeof(struct nx_action_output_reg) == 24);
#define NXM_NX_COOKIE NXM_HEADER (0x0001, 30, 8)
#define NXM_NX_COOKIE_W NXM_HEADER_W(0x0001, 30, 8)
+/* The source or destination address in the outer IP header of a tunneled
+ * packet.
+ *
+ * For non-tunneled packets, the value is 0.
+ *
+ * Prereqs: None.
+ *
+ * Format: 32-bit integer in network byte order.
+ *
+ * Masking: Fully maskable. */
+#define NXM_NX_TUN_IPV4_SRC NXM_HEADER (0x0001, 31, 4)
+#define NXM_NX_TUN_IPV4_SRC_W NXM_HEADER_W(0x0001, 31, 4)
+#define NXM_NX_TUN_IPV4_DST NXM_HEADER (0x0001, 32, 4)
+#define NXM_NX_TUN_IPV4_DST_W NXM_HEADER_W(0x0001, 32, 4)
+
/* ## --------------------- ## */
/* ## Requests and replies. ## */
/* ## --------------------- ## */
diff --git a/lib/flow.c b/lib/flow.c
index e4154a711..3c12984cf 100644
--- a/lib/flow.c
+++ b/lib/flow.c
@@ -494,6 +494,8 @@ flow_get_metadata(const struct flow *flow, struct flow_metadata *fmd)
BUILD_ASSERT_DECL(FLOW_WC_SEQ == 20);
fmd->tun_id = flow->tunnel.tun_id;
+ fmd->tun_src = flow->tunnel.ip_src;
+ fmd->tun_dst = flow->tunnel.ip_dst;
fmd->metadata = flow->metadata;
memcpy(fmd->regs, flow->regs, sizeof fmd->regs);
fmd->in_port = flow->in_port;
diff --git a/lib/flow.h b/lib/flow.h
index 6e169d68e..0fdf4ef97 100644
--- a/lib/flow.h
+++ b/lib/flow.h
@@ -118,6 +118,8 @@ BUILD_ASSERT_DECL(sizeof(struct flow) == sizeof(struct flow_tnl) + 160 &&
/* Represents the metadata fields of struct flow. */
struct flow_metadata {
ovs_be64 tun_id; /* Encapsulating tunnel ID. */
+ ovs_be32 tun_src; /* Tunnel outer IPv4 src addr */
+ ovs_be32 tun_dst; /* Tunnel outer IPv4 dst addr */
ovs_be64 metadata; /* OpenFlow 1.1+ metadata field. */
uint32_t regs[FLOW_N_REGS]; /* Registers. */
uint16_t in_port; /* OpenFlow port or zero. */
diff --git a/lib/match.c b/lib/match.c
index fc3c54061..512253ec2 100644
--- a/lib/match.c
+++ b/lib/match.c
@@ -135,13 +135,9 @@ match_wc_init(struct match *match, const struct flow *flow)
void
match_init_exact(struct match *match, const struct flow *flow)
{
- ovs_be64 tun_id = flow->tunnel.tun_id;
-
match->flow = *flow;
match->flow.skb_priority = 0;
match->flow.skb_mark = 0;
- memset(&match->flow.tunnel, 0, sizeof match->flow.tunnel);
- match->flow.tunnel.tun_id = tun_id;
flow_wildcards_init_exact(&match->wc);
}
diff --git a/lib/meta-flow.c b/lib/meta-flow.c
index a75e52644..c3f198cd3 100644
--- a/lib/meta-flow.c
+++ b/lib/meta-flow.c
@@ -57,21 +57,21 @@ static const struct mf_field mf_fields[MFF_N_IDS] = {
}, {
MFF_TUN_SRC, "tun_src", NULL,
MF_FIELD_SIZES(be32),
- MFM_NONE,
+ MFM_FULLY,
MFS_IPV4,
MFP_NONE,
- false,
- 0, NULL,
- 0, NULL,
+ true,
+ NXM_NX_TUN_IPV4_SRC, "NXM_NX_TUN_IPV4_SRC",
+ NXM_NX_TUN_IPV4_SRC, "NXM_NX_TUN_IPV4_SRC",
}, {
MFF_TUN_DST, "tun_dst", NULL,
MF_FIELD_SIZES(be32),
- MFM_NONE,
+ MFM_FULLY,
MFS_IPV4,
MFP_NONE,
- false,
- 0, NULL,
- 0, NULL,
+ true,
+ NXM_NX_TUN_IPV4_DST, "NXM_NX_TUN_IPV4_DST",
+ NXM_NX_TUN_IPV4_DST, "NXM_NX_TUN_IPV4_DST",
}, {
MFF_TUN_FLAGS, "tun_flags", NULL,
MF_FIELD_SIZES(be16),
@@ -676,9 +676,11 @@ bool
mf_is_all_wild(const struct mf_field *mf, const struct flow_wildcards *wc)
{
switch (mf->id) {
- case MFF_TUN_ID:
case MFF_TUN_SRC:
+ return !wc->masks.tunnel.ip_src;
case MFF_TUN_DST:
+ return !wc->masks.tunnel.ip_dst;
+ case MFF_TUN_ID:
case MFF_TUN_TOS:
case MFF_TUN_TTL:
case MFF_TUN_FLAGS:
diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c
index 08169a1b4..1bcb34b07 100644
--- a/lib/netdev-vport.c
+++ b/lib/netdev-vport.c
@@ -325,7 +325,10 @@ set_tunnel_config(struct netdev_dev *dev_, const struct smap *args)
SMAP_FOR_EACH (node, args) {
if (!strcmp(node->key, "remote_ip")) {
struct in_addr in_addr;
- if (lookup_ip(node->value, &in_addr)) {
+ if (!strcmp(node->value, "flow")) {
+ tnl_cfg.ip_dst_flow = true;
+ tnl_cfg.ip_dst = htonl(0);
+ } else if (lookup_ip(node->value, &in_addr)) {
VLOG_WARN("%s: bad %s 'remote_ip'", name, type);
} else if (ip_is_multicast(in_addr.s_addr)) {
VLOG_WARN("%s: multicast remote_ip="IP_FMT" not allowed",
@@ -336,7 +339,10 @@ set_tunnel_config(struct netdev_dev *dev_, const struct smap *args)
}
} else if (!strcmp(node->key, "local_ip")) {
struct in_addr in_addr;
- if (lookup_ip(node->value, &in_addr)) {
+ if (!strcmp(node->value, "flow")) {
+ tnl_cfg.ip_src_flow = true;
+ tnl_cfg.ip_src = htonl(0);
+ } else if (lookup_ip(node->value, &in_addr)) {
VLOG_WARN("%s: bad %s 'local_ip'", name, type);
} else {
tnl_cfg.ip_src = in_addr.s_addr;
@@ -443,11 +449,16 @@ set_tunnel_config(struct netdev_dev *dev_, const struct smap *args)
}
}
- if (!tnl_cfg.ip_dst) {
+ if (!tnl_cfg.ip_dst && !tnl_cfg.ip_dst_flow) {
VLOG_ERR("%s: %s type requires valid 'remote_ip' argument",
name, type);
return EINVAL;
}
+ if (tnl_cfg.ip_src_flow && !tnl_cfg.ip_dst_flow) {
+ VLOG_ERR("%s: %s type requires 'remote_ip=flow' with 'local_ip=flow'",
+ name, type);
+ return EINVAL;
+ }
if (!tnl_cfg.ttl) {
tnl_cfg.ttl = DEFAULT_TTL;
}
@@ -474,10 +485,14 @@ get_tunnel_config(struct netdev_dev *dev, struct smap *args)
if (tnl_cfg->ip_dst) {
smap_add_format(args, "remote_ip", IP_FMT, IP_ARGS(tnl_cfg->ip_dst));
+ } else if (tnl_cfg->ip_dst_flow) {
+ smap_add(args, "remote_ip", "flow");
}
if (tnl_cfg->ip_src) {
smap_add_format(args, "local_ip", IP_FMT, IP_ARGS(tnl_cfg->ip_src));
+ } else if (tnl_cfg->ip_src_flow) {
+ smap_add(args, "local_ip", "flow");
}
if (tnl_cfg->in_key_flow && tnl_cfg->out_key_flow) {
diff --git a/lib/netdev.h b/lib/netdev.h
index aab9de097..8e87ae49b 100644
--- a/lib/netdev.h
+++ b/lib/netdev.h
@@ -88,6 +88,8 @@ struct netdev_tunnel_config {
ovs_be16 dst_port;
+ bool ip_src_flow;
+ bool ip_dst_flow;
ovs_be32 ip_src;
ovs_be32 ip_dst;
diff --git a/lib/nx-match.c b/lib/nx-match.c
index b328f026f..51b6dc645 100644
--- a/lib/nx-match.c
+++ b/lib/nx-match.c
@@ -690,7 +690,13 @@ nx_put_raw(struct ofpbuf *b, bool oxm, const struct match *match,
/* Tunnel ID. */
nxm_put_64m(b, oxm ? OXM_OF_TUNNEL_ID : NXM_NX_TUN_ID,
- flow->tunnel.tun_id, match->wc.masks.tunnel.tun_id);
+ flow->tunnel.tun_id, match->wc.masks.tunnel.tun_id);
+
+ /* Other tunnel metadata. */
+ nxm_put_32m(b, NXM_NX_TUN_IPV4_SRC,
+ flow->tunnel.ip_src, match->wc.masks.tunnel.ip_src);
+ nxm_put_32m(b, NXM_NX_TUN_IPV4_DST,
+ flow->tunnel.ip_dst, match->wc.masks.tunnel.ip_dst);
/* Registers. */
for (i = 0; i < FLOW_N_REGS; i++) {
diff --git a/lib/ofp-print.c b/lib/ofp-print.c
index 95d9b7310..8d99844a5 100644
--- a/lib/ofp-print.c
+++ b/lib/ofp-print.c
@@ -111,6 +111,14 @@ ofp_print_packet_in(struct ds *string, const struct ofp_header *oh,
ds_put_format(string, " tun_id=0x%"PRIx64, ntohll(pin.fmd.tun_id));
}
+ if (pin.fmd.tun_src != htonl(0)) {
+ ds_put_format(string, " tun_src="IP_FMT, IP_ARGS(pin.fmd.tun_src));
+ }
+
+ if (pin.fmd.tun_dst != htonl(0)) {
+ ds_put_format(string, " tun_dst="IP_FMT, IP_ARGS(pin.fmd.tun_dst));
+ }
+
if (pin.fmd.metadata != htonll(0)) {
ds_put_format(string, " metadata=0x%"PRIx64, ntohll(pin.fmd.metadata));
}
diff --git a/lib/ofp-util.c b/lib/ofp-util.c
index 44d3c4efa..2ca007715 100644
--- a/lib/ofp-util.c
+++ b/lib/ofp-util.c
@@ -1039,16 +1039,6 @@ regs_fully_wildcarded(const struct flow_wildcards *wc)
return true;
}
-static bool
-tun_parms_fully_wildcarded(const struct flow_wildcards *wc)
-{
- return (!wc->masks.tunnel.ip_src &&
- !wc->masks.tunnel.ip_dst &&
- !wc->masks.tunnel.ip_ttl &&
- !wc->masks.tunnel.ip_tos &&
- !wc->masks.tunnel.flags);
-}
-
/* Returns a bit-mask of ofputil_protocols that can be used for sending 'match'
* to a switch (e.g. to add or remove a flow). Only NXM can handle tunnel IDs,
* registers, or fixing the Ethernet multicast bit. Otherwise, it's better to
@@ -1060,8 +1050,9 @@ ofputil_usable_protocols(const struct match *match)
BUILD_ASSERT_DECL(FLOW_WC_SEQ == 20);
- /* tunnel params other than tun_id can't be sent in a flow_mod */
- if (!tun_parms_fully_wildcarded(wc)) {
+ /* These tunnel params can't be sent in a flow_mod */
+ if (wc->masks.tunnel.ip_ttl
+ || wc->masks.tunnel.ip_tos || wc->masks.tunnel.flags) {
return OFPUTIL_P_NONE;
}
@@ -1107,8 +1098,10 @@ ofputil_usable_protocols(const struct match *match)
| OFPUTIL_P_OF13_OXM;
}
- /* NXM and OXM support matching tun_id. */
- if (wc->masks.tunnel.tun_id != htonll(0)) {
+ /* NXM and OXM support matching tun_id, tun_src, and tun_dst. */
+ if (wc->masks.tunnel.tun_id != htonll(0)
+ || wc->masks.tunnel.ip_src != htonl(0)
+ || wc->masks.tunnel.ip_dst != htonl(0)) {
return OFPUTIL_P_OF10_NXM_ANY | OFPUTIL_P_OF12_OXM
| OFPUTIL_P_OF13_OXM;
}
@@ -2450,6 +2443,8 @@ ofputil_decode_packet_in_finish(struct ofputil_packet_in *pin,
pin->fmd.in_port = match->flow.in_port;
pin->fmd.tun_id = match->flow.tunnel.tun_id;
+ pin->fmd.tun_src = match->flow.tunnel.ip_src;
+ pin->fmd.tun_dst = match->flow.tunnel.ip_dst;
pin->fmd.metadata = match->flow.metadata;
memcpy(pin->fmd.regs, match->flow.regs, sizeof pin->fmd.regs);
}
@@ -2550,6 +2545,12 @@ ofputil_packet_in_to_match(const struct ofputil_packet_in *pin,
if (pin->fmd.tun_id != htonll(0)) {
match_set_tun_id(match, pin->fmd.tun_id);
}
+ if (pin->fmd.tun_src != htonl(0)) {
+ match_set_tun_src(match, pin->fmd.tun_src);
+ }
+ if (pin->fmd.tun_dst != htonl(0)) {
+ match_set_tun_dst(match, pin->fmd.tun_dst);
+ }
if (pin->fmd.metadata != htonll(0)) {
match_set_metadata(match, pin->fmd.metadata);
}
diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index 8e51655de..1da8ffbdd 100644
--- a/ofproto/ofproto-dpif.c
+++ b/ofproto/ofproto-dpif.c
@@ -218,6 +218,17 @@ struct action_xlate_ctx {
* this flow when actions change header fields. */
struct flow flow;
+ /* Flow at the last commit. */
+ struct flow base_flow;
+
+ /* Tunnel IP destination address as received. This is stored separately
+ * as the base_flow.tunnel is cleared on init to reflect the datapath
+ * behavior. Used to make sure not to send tunneled output to ourselves,
+ * which might lead to an infinite loop. This could happen easily
+ * if a tunnel is marked as 'ip_remote=flow', and the flow does not
+ * actually set the tun_dst field. */
+ ovs_be32 orig_tunnel_ip_dst;
+
/* stack for the push and pop actions.
* Each stack element is of the type "union mf_subvalue". */
struct ofpbuf stack;
@@ -283,7 +294,6 @@ struct action_xlate_ctx {
int recurse; /* Recursion level, via xlate_table_action. */
bool max_resubmit_trigger; /* Recursed too deeply during translation. */
- struct flow base_flow; /* Flow at the last commit. */
uint32_t orig_skb_priority; /* Priority when packet arrived. */
uint8_t table_id; /* OpenFlow table ID where flow was found. */
uint32_t sflow_n_outputs; /* Number of output ports. */
@@ -6160,7 +6170,10 @@ compose_output_action__(struct action_xlate_ctx *ctx, uint16_t ofp_port,
xlate_report(ctx, "Tunneling decided against output");
goto out; /* restore flow_nw_tos */
}
-
+ if (ctx->flow.tunnel.ip_dst == ctx->orig_tunnel_ip_dst) {
+ xlate_report(ctx, "Not tunneling to our own address");
+ goto out; /* restore flow_nw_tos */
+ }
if (ctx->resubmit_stats) {
netdev_vport_inc_tx(ofport->up.netdev, ctx->resubmit_stats);
}
@@ -7025,6 +7038,7 @@ action_xlate_ctx_init(struct action_xlate_ctx *ctx,
ctx->flow = *flow;
ctx->base_flow = ctx->flow;
memset(&ctx->base_flow.tunnel, 0, sizeof ctx->base_flow.tunnel);
+ ctx->orig_tunnel_ip_dst = flow->tunnel.ip_dst;
ctx->rule = rule;
ctx->packet = packet;
ctx->may_learn = packet != NULL;
diff --git a/ofproto/tunnel.c b/ofproto/tunnel.c
index 31aaf3b1c..ffc4057ac 100644
--- a/ofproto/tunnel.c
+++ b/ofproto/tunnel.c
@@ -43,6 +43,8 @@ struct tnl_match {
uint32_t odp_port;
uint32_t skb_mark;
bool in_key_flow;
+ bool ip_src_flow;
+ bool ip_dst_flow;
};
struct tnl_port {
@@ -90,6 +92,8 @@ tnl_port_add__(const struct ofport *ofport, uint32_t odp_port,
tnl_port->match.in_key = cfg->in_key;
tnl_port->match.ip_src = cfg->ip_src;
tnl_port->match.ip_dst = cfg->ip_dst;
+ tnl_port->match.ip_src_flow = cfg->ip_src_flow;
+ tnl_port->match.ip_dst_flow = cfg->ip_dst_flow;
tnl_port->match.skb_mark = cfg->ipsec ? IPSEC_MARK : 0;
tnl_port->match.in_key_flow = cfg->in_key_flow;
tnl_port->match.odp_port = odp_port;
@@ -229,8 +233,12 @@ tnl_port_send(const struct tnl_port *tnl_port, struct flow *flow)
pre_flow_str = flow_to_string(flow);
}
- flow->tunnel.ip_src = tnl_port->match.ip_src;
- flow->tunnel.ip_dst = tnl_port->match.ip_dst;
+ if (!cfg->ip_src_flow) {
+ flow->tunnel.ip_src = tnl_port->match.ip_src;
+ }
+ if (!cfg->ip_dst_flow) {
+ flow->tunnel.ip_dst = tnl_port->match.ip_dst;
+ }
flow->skb_mark = tnl_port->match.skb_mark;
if (!cfg->out_key_flow) {
@@ -331,14 +339,36 @@ tnl_find(struct tnl_match *match_)
return tnl_port;
}
+ /* Flow-based remote */
+ match.ip_dst = 0;
+ match.ip_dst_flow = true;
+ tnl_port = tnl_find_exact(&match);
+ if (tnl_port) {
+ return tnl_port;
+ }
+
+ /* Flow-based everything */
+ match.ip_src = 0;
+ match.ip_src_flow = true;
+ tnl_port = tnl_find_exact(&match);
+ if (tnl_port) {
+ return tnl_port;
+ }
+
return NULL;
}
static void
tnl_match_fmt(const struct tnl_match *match, struct ds *ds)
{
- ds_put_format(ds, IP_FMT"->"IP_FMT, IP_ARGS(match->ip_src),
- IP_ARGS(match->ip_dst));
+ if (!match->ip_dst_flow) {
+ ds_put_format(ds, IP_FMT"->"IP_FMT, IP_ARGS(match->ip_src),
+ IP_ARGS(match->ip_dst));
+ } else if (!match->ip_src_flow) {
+ ds_put_format(ds, IP_FMT"->flow", IP_ARGS(match->ip_src));
+ } else {
+ ds_put_cstr(ds, "flow->flow");
+ }
if (match->in_key_flow) {
ds_put_cstr(ds, ", key=flow");
diff --git a/tests/ofproto.at b/tests/ofproto.at
index a87f4b5fa..166b03e42 100644
--- a/tests/ofproto.at
+++ b/tests/ofproto.at
@@ -1475,6 +1475,33 @@ OFPT_BARRIER_REPLY (OF1.2):
OVS_VSWITCHD_STOP
AT_CLEANUP
+dnl This test checks that tunnel metadata is encoded in packet_in structures.
+AT_SETUP([ofproto - packet-out with tunnel metadata (OpenFlow 1.2)])
+OVS_VSWITCHD_START
+
+# Start a monitor listening for packet-ins.
+AT_CHECK([ovs-ofctl -O OpenFlow12 monitor br0 --detach --no-chdir --pidfile])
+ovs-appctl -t ovs-ofctl ofctl/send 0309000c0123456700000080
+ovs-appctl -t ovs-ofctl ofctl/barrier
+ovs-appctl -t ovs-ofctl ofctl/set-output-file monitor.log
+AT_CAPTURE_FILE([monitor.log])
+
+# Send a packet-out with set field actions to set some tunnel metadata, and forward to controller
+AT_CHECK([ovs-ofctl -O OpenFlow12 packet-out br0 none 'set_field:127.0.0.1->tun_src,set_field:0x01020304->tun_id,set_field:192.168.0.1->tun_dst, controller' '0001020304050010203040501234'])
+
+# Stop the monitor and check its output.
+ovs-appctl -t ovs-ofctl ofctl/barrier
+ovs-appctl -t ovs-ofctl exit
+
+AT_CHECK([sed 's/ (xid=0x[[0-9a-fA-F]]*)//' monitor.log], [0], [dnl
+OFPT_PACKET_IN (OF1.2): total_len=14 in_port=ANY tun_id=0x1020304 tun_src=127.0.0.1 tun_dst=192.168.0.1 (via action) data_len=14 (unbuffered)
+metadata=0,in_port=0,vlan_tci=0x0000,dl_src=00:10:20:30:40:50,dl_dst=00:01:02:03:04:05,dl_type=0x1234
+OFPT_BARRIER_REPLY (OF1.2):
+])
+
+OVS_VSWITCHD_STOP
+AT_CLEANUP
+
AT_SETUP([ofproto - flow monitoring])
AT_KEYWORDS([monitor])
OVS_VSWITCHD_START
diff --git a/tests/tunnel.at b/tests/tunnel.at
index 2eabb77a7..2369bd275 100644
--- a/tests/tunnel.at
+++ b/tests/tunnel.at
@@ -408,6 +408,34 @@ br0 (dummy@ovs-dummy):
br0 65534/100: (dummy)
p1 1/1: (vxlan: remote_ip=1.1.1.1)
])
+OVS_VSWITCHD_STOP
+AT_CLEANUP
+AT_SETUP([ofproto-dpif - set_field - tun_src/tun_dst/tun_id])
+OVS_VSWITCHD_START([dnl
+ add-port br0 p1 -- set Interface p1 type=gre options:key=flow \
+ options:remote_ip=1.1.1.1 ofport_request=1 \
+ -- add-port br0 p2 -- set Interface p2 type=gre options:key=flow \
+ options:remote_ip=flow ofport_request=2 \
+ -- add-port br0 p3 -- set Interface p3 type=gre options:key=flow \
+ options:remote_ip=flow options:local_ip=flow ofport_request=3 \
+ -- add-port br0 p4 -- set Interface p4 type=gre options:key=3 \
+ options:remote_ip=flow ofport_request=4 \
+ -- add-port br0 p5 -- set Interface p5 type=gre options:key=flow \
+ options:remote_ip=5.5.5.5 ofport_request=5])
+ADD_OF_PORTS([br0], [90])
+AT_DATA([flows.txt], [dnl
+in_port=90 actions=resubmit:1,resubmit:2,resubmit:3,resubmit:4,resubmit:5
+in_port=1 actions=set_field:42->tun_id,output:1
+in_port=2 actions=set_field:3.3.3.3->tun_dst,output:2
+in_port=3 actions=set_field:1.1.1.1->tun_src,set_field:4.4.4.4->tun_dst,output:3
+in_port=4 actions=set_field:2.2.2.2->tun_dst,output:4
+in_port=5 actions=set_field:5->tun_id
+])
+AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-appctl ofproto/trace br0 'in_port(90),eth(src=50:54:00:00:00:05,dst=50:54:00:00:00:07),eth_type(0x0800),ipv4(src=192.168.0.1,dst=192.168.0.2,proto=1,tos=0,ttl=128,frag=no),icmp(type=8,code=0)'], [0], [stdout])
+AT_CHECK([tail -1 stdout], [0],
+ [Datapath actions: set(tunnel(tun_id=0x2a,src=0.0.0.0,dst=1.1.1.1,tos=0x0,ttl=64,flags(df,key))),1,set(tunnel(tun_id=0x2a,src=0.0.0.0,dst=3.3.3.3,tos=0x0,ttl=64,flags(df,key))),1,set(tunnel(tun_id=0x2a,src=1.1.1.1,dst=4.4.4.4,tos=0x0,ttl=64,flags(df,key))),1,set(tunnel(tun_id=0x3,src=0.0.0.0,dst=2.2.2.2,tos=0x0,ttl=64,flags(df,key))),1
+])
OVS_VSWITCHD_STOP
AT_CLEANUP
diff --git a/utilities/ovs-ofctl.8.in b/utilities/ovs-ofctl.8.in
index f46b9dc08..061982b1c 100644
--- a/utilities/ovs-ofctl.8.in
+++ b/utilities/ovs-ofctl.8.in
@@ -775,6 +775,17 @@ if \fImask\fR is specified, then a 1-bit in \fImask\fR indicates that the
corresponding bit in \fItunnel-id\fR must match exactly, and a 0-bit
wildcards that bit.
.
+.IP \fBtun_src=\fIip\fR[\fB/\fInetmask\fR]
+.IQ \fBtun_dst=\fIip\fR[\fB/\fInetmask\fR]
+Matches tunnel IPv4 source (or destination) address \fIip\fR. Only packets
+that arrive over a tunnel will have nonzero tunnel addresses.
+The address may be specified as an IP address or host name
+(e.g. \fB192.168.1.1\fR or \fBwww.example.com\fR). The optional
+\fInetmask\fR allows restricting a match to a masked IPv4 address.
+The netmask may be specified as a dotted quad
+(e.g. \fB192.168.1.0/255.255.255.0\fR) or as a CIDR block
+(e.g. \fB192.168.1.0/24\fR).
+.
.IP "\fBreg\fIidx\fB=\fIvalue\fR[\fB/\fImask\fR]"
Matches \fIvalue\fR either exactly or with optional \fImask\fR in
register number \fIidx\fR. The valid range of \fIidx\fR depends on
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index 3388b81a6..4396779ba 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -1294,12 +1294,67 @@
- Required. The tunnel endpoint. Only unicast endpoints are supported.
+ Required. The remote tunnel endpoint, one of:
+
+
+ -
+ An IPv4 address (not a DNS name), e.g.
192.168.0.123
.
+ Only unicast endpoints are supported.
+
+ -
+ The word
flow
. The tunnel accepts packets from any
+ remote tunnel endpoint. To process only packets from a specific
+ remote tunnel endpoint, the flow entries may match on the
+ tun_src
field. When sending packets to a
+ remote_ip=flow
tunnel, the flow actions must
+ explicitly set the tun_dst
field to the IP address of
+ the desired remote tunnel endpoint, e.g. with a
+ set_field
action.
+
+
+
+
+ The remote tunnel endpoint for any packet received from a tunnel
+ is available in the tun_src
field for matching in the
+ flow table.
+
- Optional. The destination IP that received packets must match.
- Default is to match all addresses.
+
+ Optional. The tunnel destination IP that received packets must
+ match. Default is to match all addresses. If specified, may be one
+ of:
+
+
+
+
+
+ The tunnel destination IP address for any packet received from a
+ tunnel is available in the tun_dst
field for matching in
+ the flow table.
+