From: Ben Pfaff <blp@nicira.com>
Date: Sun, 23 Mar 2014 21:47:47 +0000 (-0700)
Subject: Disable OF1.4 in ovs-vswitchd and ovs-ofctl without specially enabling.
X-Git-Url: http://git.onelab.eu/?p=sliver-openvswitch.git;a=commitdiff_plain;h=ecb229bebb9dd2687848dcebc10d2556ae1f2a87

Disable OF1.4 in ovs-vswitchd and ovs-ofctl without specially enabling.

When the OF1.4 is made safe, so that receiving an unimplemented message
cannot crash the switch, this commit should be reverted.

Signed-off-by: Ben Pfaff <blp@nicira.com>
---

diff --git a/FAQ b/FAQ
index 27bd5b88f..dae5c5b4a 100644
--- a/FAQ
+++ b/FAQ
@@ -1100,13 +1100,15 @@ A: The following table lists the versions of OpenFlow supported by
        1.11               yes    ---    [*]    [*]    ---
        2.0                yes    [*]    [*]    [*]    ---
        2.1                yes    [*]    [*]    [*]    ---
-       2.2                yes    [*]    [*]    [*]    [*]
+       2.2                yes    [*]    [*]    [*]    [%]
 
        [*] Supported, with one or more missing features.
+       [%] Support is unsafe: ovs-vswitchd will abort when certain
+           unimplemented features are tested.
 
-   Because of missing features, OpenFlow 1.1, 1.2, 1.3, and 1.4 must
-   be enabled manually.  The following command enables OpenFlow 1.0,
-   1.1, 1.2, and 1.3 on bridge br0:
+   Because of missing features, OpenFlow 1.1, 1.2, and 1.3 must be
+   enabled manually.  The following command enables OpenFlow 1.0, 1.1,
+   1.2, and 1.3 on bridge br0:
 
        ovs-vsctl set bridge br0 protocols=OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13
 
@@ -1115,6 +1117,13 @@ A: The following table lists the versions of OpenFlow supported by
 
        ovs-ofctl -O OpenFlow13 dump-flows br0
 
+   OpenFlow 1.4 is a special case, because it is not implemented
+   safely: ovs-vswitchd will abort when certain unimplemented features
+   are tested.  Thus, for now it is suitable only for experimental
+   use.  ovs-vswitchd will only allow OpenFlow 1.4 to be enabled
+   (which must be done in the same way described above) when it is
+   invoked with a special --enable-of14 command line option.
+
    OPENFLOW-1.1+ in the Open vSwitch source tree tracks support for
    OpenFlow 1.1 and later features.  When support for a given OpenFlow
    version is solidly implemented, Open vSwitch will enable that
diff --git a/lib/ofp-util.c b/lib/ofp-util.c
index e87d53985..5c6120a67 100644
--- a/lib/ofp-util.c
+++ b/lib/ofp-util.c
@@ -651,12 +651,16 @@ struct proto_abbrev {
 };
 
 /* Most users really don't care about some of the differences between
- * protocols.  These abbreviations help with that. */
+ * protocols.  These abbreviations help with that.
+ *
+ * Until it is safe to use the OpenFlow 1.4 protocol (which currently can
+ * cause aborts due to unimplemented features), we omit OpenFlow 1.4 from all
+ * abbrevations. */
 static const struct proto_abbrev proto_abbrevs[] = {
-    { OFPUTIL_P_ANY,          "any" },
-    { OFPUTIL_P_OF10_STD_ANY, "OpenFlow10" },
-    { OFPUTIL_P_OF10_NXM_ANY, "NXM" },
-    { OFPUTIL_P_ANY_OXM,      "OXM" },
+    { OFPUTIL_P_ANY          & ~OFPUTIL_P_OF14_OXM, "any" },
+    { OFPUTIL_P_OF10_STD_ANY & ~OFPUTIL_P_OF14_OXM, "OpenFlow10" },
+    { OFPUTIL_P_OF10_NXM_ANY & ~OFPUTIL_P_OF14_OXM, "NXM" },
+    { OFPUTIL_P_ANY_OXM      & ~OFPUTIL_P_OF14_OXM, "OXM" },
 };
 #define N_PROTO_ABBREVS ARRAY_SIZE(proto_abbrevs)
 
diff --git a/tests/learn.at b/tests/learn.at
index e656c97d1..cae401f89 100644
--- a/tests/learn.at
+++ b/tests/learn.at
@@ -7,7 +7,7 @@ actions=learn(NXM_OF_VLAN_TCI[0..11], NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], output:
 actions=learn(table=1,idle_timeout=10, hard_timeout=20, fin_idle_timeout=5, fin_hard_timeout=10, priority=10, cookie=0xfedcba9876543210, in_port=99,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG1[16..31])
 ]])
 AT_CHECK([ovs-ofctl parse-flows flows.txt], [0],
-[[usable protocols: any
+[[usable protocols: any,OXM-OpenFlow14
 chosen protocol: OpenFlow10-table_id
 OFPT_FLOW_MOD (xid=0x1): ADD actions=learn(table=1)
 OFPT_FLOW_MOD (xid=0x2): ADD actions=learn(table=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],output:NXM_OF_IN_PORT[],load:0xa->NXM_NX_REG0[5..10])
@@ -30,7 +30,7 @@ actions=learn(output:OXM_OF_IN_PORT[])
 actions=learn(table=1, in_port=1, load:OXM_OF_IN_PORT[]->NXM_NX_REG1[], load:0xfffffffe->OXM_OF_IN_PORT[])
 ]])
 AT_CHECK([ovs-ofctl -O OpenFlow12 parse-flows flows.txt], [0],
-[[usable protocols: any
+[[usable protocols: any,OXM-OpenFlow14
 chosen protocol: OXM-OpenFlow12
 OFPT_FLOW_MOD (OF1.2) (xid=0x1): ADD actions=learn(table=1,output:OXM_OF_IN_PORT[])
 OFPT_FLOW_MOD (OF1.2) (xid=0x2): ADD actions=learn(table=1,in_port=1,load:OXM_OF_IN_PORT[]->NXM_NX_REG1[],load:0xfffffffe->OXM_OF_IN_PORT[])
@@ -46,7 +46,7 @@ table=0 actions=learn(table=1,hard_timeout=10, NXM_OF_VLAN_TCI[0..11],output:NXM
 table=1 priority=0 actions=flood
 ]])
 AT_CHECK([ovs-ofctl parse-flows flows.txt], [0],
-[[usable protocols: OXM,OpenFlow10+table_id,NXM+table_id,OpenFlow11
+[[usable protocols: OXM,OpenFlow10+table_id,NXM+table_id,OpenFlow11,OXM-OpenFlow14
 chosen protocol: OpenFlow10+table_id
 OFPT_FLOW_MOD (xid=0x1): ADD table:255 actions=learn(table=1,in_port=99,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG1[16..31])
 OFPT_FLOW_MOD (xid=0x2): ADD table:255 actions=learn(table=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],output:NXM_OF_IN_PORT[])
@@ -62,7 +62,7 @@ ip,actions=learn(load:NXM_OF_IP_DST[]->NXM_NX_REG1[])
 ip,actions=learn(eth_type=0x800,OXM_OF_IPV4_DST[])
 ]])
 AT_CHECK([ovs-ofctl parse-flows flows.txt], [0],
-[[usable protocols: any
+[[usable protocols: any,OXM-OpenFlow14
 chosen protocol: OpenFlow10-table_id
 OFPT_FLOW_MOD (xid=0x1): ADD actions=learn(table=1,eth_type=0x800,load:0x5->NXM_OF_IP_DST[])
 OFPT_FLOW_MOD (xid=0x2): ADD ip actions=learn(table=1,load:NXM_OF_IP_DST[]->NXM_NX_REG1[])
diff --git a/tests/ovs-ofctl.at b/tests/ovs-ofctl.at
index bda866615..f3bad2b70 100644
--- a/tests/ovs-ofctl.at
+++ b/tests/ovs-ofctl.at
@@ -3,110 +3,110 @@ AT_BANNER([ovs-ofctl])
 AT_SETUP([ovs-ofctl parse-flows choice of protocol])
 # This doesn't cover some potential vlan_tci test cases.
 for test_case in \
-    'tun_id=0                                    NXM,OXM' \
-    'tun_id=0/0x1                                NXM,OXM' \
-    'tun_src=1.2.3.4                             NXM,OXM' \
-    'tun_src=1.2.3.4/0.0.0.1                     NXM,OXM' \
-    'tun_dst=1.2.3.4                             NXM,OXM' \
-    'tun_dst=1.2.3.4/0.0.0.1                     NXM,OXM' \
+    'tun_id=0                                    NXM,OXM,OXM-OpenFlow14' \
+    'tun_id=0/0x1                                NXM,OXM,OXM-OpenFlow14' \
+    'tun_src=1.2.3.4                             NXM,OXM,OXM-OpenFlow14' \
+    'tun_src=1.2.3.4/0.0.0.1                     NXM,OXM,OXM-OpenFlow14' \
+    'tun_dst=1.2.3.4                             NXM,OXM,OXM-OpenFlow14' \
+    'tun_dst=1.2.3.4/0.0.0.1                     NXM,OXM,OXM-OpenFlow14' \
     'tun_flags=0                                 none' \
     'tun_flags=1/1                               none' \
     'tun_tos=0                                   none' \
     'tun_ttl=0                                   none' \
-    'metadata=0                                  NXM,OXM,OpenFlow11' \
-    'metadata=1/1                                NXM,OXM,OpenFlow11' \
-    'in_port=1                                   any' \
+    'metadata=0                                  NXM,OXM,OpenFlow11,OXM-OpenFlow14' \
+    'metadata=1/1                                NXM,OXM,OpenFlow11,OXM-OpenFlow14' \
+    'in_port=1                                   any,OXM-OpenFlow14' \
     'skb_priority=0                              none' \
-    'pkt_mark=1                                  NXM,OXM' \
-    'pkt_mark=1/1                                NXM,OXM' \
-    'reg0=0                                      NXM,OXM' \
-    'reg0=0/1                                    NXM,OXM' \
-    'reg1=1                                      NXM,OXM' \
-    'reg1=1/1                                    NXM,OXM' \
-    'reg2=2                                      NXM,OXM' \
-    'reg2=2/1                                    NXM,OXM' \
-    'reg3=3                                      NXM,OXM' \
-    'reg3=3/1                                    NXM,OXM' \
-    'reg4=4                                      NXM,OXM' \
-    'reg4=4/1                                    NXM,OXM' \
-    'reg5=5                                      NXM,OXM' \
-    'reg5=5/1                                    NXM,OXM' \
-    'reg6=6                                      NXM,OXM' \
-    'reg6=6/1                                    NXM,OXM' \
-    'reg7=7                                      NXM,OXM' \
-    'reg7=7/1                                    NXM,OXM' \
-    'dl_src=00:11:22:33:44:55                    any' \
-    'dl_src=00:11:22:33:44:55/00:ff:ff:ff:ff:ff  NXM,OXM,OpenFlow11' \
-    'dl_dst=00:11:22:33:44:55                    any' \
-    'dl_dst=00:11:22:33:44:55/00:ff:ff:ff:ff:ff  NXM,OXM,OpenFlow11' \
-    'dl_type=0x1234                              any' \
-    'dl_type=0x0800                              any' \
-    'dl_type=0x0806                              any' \
-    'dl_type=0x86dd                              any' \
-    'vlan_tci=0                                  any' \
-    'vlan_tci=0x1009                             any' \
-    'vlan_tci=0x1009/0x1                         NXM,OXM' \
-    'dl_vlan=9                                   any' \
-    'vlan_vid=11                                 any' \
-    'vlan_vid=11/0x1                             NXM,OXM' \
-    'dl_vlan_pcp=6                               any' \
-    'vlan_pcp=5                                  any' \
-    'mpls,mpls_label=5                           NXM,OXM,OpenFlow11' \
-    'mpls,mpls_tc=1                              NXM,OXM,OpenFlow11' \
-    'mpls,mpls_bos=0                             NXM,OXM' \
-    'ip,ip_src=1.2.3.4                           any' \
-    'ip,ip_src=192.168.0.0/24                    any' \
-    'ip,ip_src=192.0.168.0/255.0.255.0           NXM,OXM,OpenFlow11' \
-    'ip,ip_dst=1.2.3.4                           any' \
-    'ip,ip_dst=192.168.0.0/24                    any' \
-    'ip,ip_dst=192.0.168.0/255.0.255.0           NXM,OXM,OpenFlow11' \
-    'ipv6,ipv6_src=::1                           NXM,OXM' \
-    'ipv6,ipv6_src=::1/::1                       NXM,OXM' \
-    'ipv6,ipv6_dst=::1                           NXM,OXM' \
-    'ipv6,ipv6_dst=::1/::1                       NXM,OXM' \
-    'ipv6,ipv6_label=5                           NXM,OXM' \
-    'ipv6,ipv6_label=5/1                         NXM,OXM' \
-    'ip,nw_proto=1                               any' \
-    'ipv6,nw_proto=1                             NXM,OXM' \
-    'ip,nw_tos=0xf0                              any' \
-    'ipv6,nw_tos=0xf0                            NXM,OXM' \
-    'ip,ip_dscp=0x3c                             any' \
-    'ipv6,ip_dscp=0x3c                           NXM,OXM' \
-    'ip,nw_ecn=1                                 NXM,OXM' \
-    'ipv6,nw_ecn=1                               NXM,OXM' \
-    'ip,nw_ttl=5                                 NXM,OXM' \
-    'ipv6,nw_ttl=5                               NXM,OXM' \
-    'ip,ip_frag=no                               NXM,OXM' \
-    'ipv6,ip_frag=no                             NXM,OXM' \
-    'arp,arp_op=0                                any' \
-    'arp,arp_spa=1.2.3.4                         any' \
-    'arp,arp_spa=1.2.3.4/0.0.0.1                 NXM,OXM,OpenFlow11' \
-    'arp,arp_tpa=1.2.3.4                         any' \
-    'arp,arp_tpa=1.2.3.4/0.0.0.1                 NXM,OXM,OpenFlow11' \
-    'arp,arp_sha=00:11:22:33:44:55               NXM,OXM' \
-    'arp,arp_sha=00:11:22:33:44:55/00:ff:ff:ff:ff:ff NXM,OXM' \
-    'arp,arp_tha=00:11:22:33:44:55               NXM,OXM' \
-    'arp,arp_tha=00:11:22:33:44:55/00:ff:ff:ff:ff:ff NXM,OXM' \
-    'tcp,tcp_src=80                              any' \
-    'tcp,tcp_src=0x1000/0x1000                   NXM,OXM' \
-    'tcp6,tcp_src=80                             NXM,OXM' \
-    'tcp6,tcp_src=0x1000/0x1000                  NXM,OXM' \
-    'tcp,tcp_dst=80                              any' \
-    'tcp,tcp_dst=0x1000/0x1000                   NXM,OXM' \
-    'tcp6,tcp_dst=80                             NXM,OXM' \
-    'tcp6,tcp_dst=0x1000/0x1000                  NXM,OXM' \
-    'udp,udp_src=80                              any' \
-    'udp,udp_src=0x1000/0x1000                   NXM,OXM' \
-    'udp6,udp_src=80                             NXM,OXM' \
-    'udp6,udp_src=0x1000/0x1000                  NXM,OXM' \
-    'udp,udp_dst=80                              any' \
-    'udp,udp_dst=0x1000/0x1000                   NXM,OXM' \
-    'udp6,udp_dst=80                             NXM,OXM' \
-    'udp6,udp_dst=0x1000/0x1000                  NXM,OXM' \
-    'icmp,icmp_type=1                            any' \
-    'icmp,icmp_code=2                            any' \
-    'icmp6,icmpv6_type=1                         NXM,OXM' \
-    'icmp6,icmpv6_code=2                         NXM,OXM'
+    'pkt_mark=1                                  NXM,OXM,OXM-OpenFlow14' \
+    'pkt_mark=1/1                                NXM,OXM,OXM-OpenFlow14' \
+    'reg0=0                                      NXM,OXM,OXM-OpenFlow14' \
+    'reg0=0/1                                    NXM,OXM,OXM-OpenFlow14' \
+    'reg1=1                                      NXM,OXM,OXM-OpenFlow14' \
+    'reg1=1/1                                    NXM,OXM,OXM-OpenFlow14' \
+    'reg2=2                                      NXM,OXM,OXM-OpenFlow14' \
+    'reg2=2/1                                    NXM,OXM,OXM-OpenFlow14' \
+    'reg3=3                                      NXM,OXM,OXM-OpenFlow14' \
+    'reg3=3/1                                    NXM,OXM,OXM-OpenFlow14' \
+    'reg4=4                                      NXM,OXM,OXM-OpenFlow14' \
+    'reg4=4/1                                    NXM,OXM,OXM-OpenFlow14' \
+    'reg5=5                                      NXM,OXM,OXM-OpenFlow14' \
+    'reg5=5/1                                    NXM,OXM,OXM-OpenFlow14' \
+    'reg6=6                                      NXM,OXM,OXM-OpenFlow14' \
+    'reg6=6/1                                    NXM,OXM,OXM-OpenFlow14' \
+    'reg7=7                                      NXM,OXM,OXM-OpenFlow14' \
+    'reg7=7/1                                    NXM,OXM,OXM-OpenFlow14' \
+    'dl_src=00:11:22:33:44:55                    any,OXM-OpenFlow14' \
+    'dl_src=00:11:22:33:44:55/00:ff:ff:ff:ff:ff  NXM,OXM,OpenFlow11,OXM-OpenFlow14' \
+    'dl_dst=00:11:22:33:44:55                    any,OXM-OpenFlow14' \
+    'dl_dst=00:11:22:33:44:55/00:ff:ff:ff:ff:ff  NXM,OXM,OpenFlow11,OXM-OpenFlow14' \
+    'dl_type=0x1234                              any,OXM-OpenFlow14' \
+    'dl_type=0x0800                              any,OXM-OpenFlow14' \
+    'dl_type=0x0806                              any,OXM-OpenFlow14' \
+    'dl_type=0x86dd                              any,OXM-OpenFlow14' \
+    'vlan_tci=0                                  any,OXM-OpenFlow14' \
+    'vlan_tci=0x1009                             any,OXM-OpenFlow14' \
+    'vlan_tci=0x1009/0x1                         NXM,OXM,OXM-OpenFlow14' \
+    'dl_vlan=9                                   any,OXM-OpenFlow14' \
+    'vlan_vid=11                                 any,OXM-OpenFlow14' \
+    'vlan_vid=11/0x1                             NXM,OXM,OXM-OpenFlow14' \
+    'dl_vlan_pcp=6                               any,OXM-OpenFlow14' \
+    'vlan_pcp=5                                  any,OXM-OpenFlow14' \
+    'mpls,mpls_label=5                           NXM,OXM,OpenFlow11,OXM-OpenFlow14' \
+    'mpls,mpls_tc=1                              NXM,OXM,OpenFlow11,OXM-OpenFlow14' \
+    'mpls,mpls_bos=0                             NXM,OXM,OXM-OpenFlow14' \
+    'ip,ip_src=1.2.3.4                           any,OXM-OpenFlow14' \
+    'ip,ip_src=192.168.0.0/24                    any,OXM-OpenFlow14' \
+    'ip,ip_src=192.0.168.0/255.0.255.0           NXM,OXM,OpenFlow11,OXM-OpenFlow14' \
+    'ip,ip_dst=1.2.3.4                           any,OXM-OpenFlow14' \
+    'ip,ip_dst=192.168.0.0/24                    any,OXM-OpenFlow14' \
+    'ip,ip_dst=192.0.168.0/255.0.255.0           NXM,OXM,OpenFlow11,OXM-OpenFlow14' \
+    'ipv6,ipv6_src=::1                           NXM,OXM,OXM-OpenFlow14' \
+    'ipv6,ipv6_src=::1/::1                       NXM,OXM,OXM-OpenFlow14' \
+    'ipv6,ipv6_dst=::1                           NXM,OXM,OXM-OpenFlow14' \
+    'ipv6,ipv6_dst=::1/::1                       NXM,OXM,OXM-OpenFlow14' \
+    'ipv6,ipv6_label=5                           NXM,OXM,OXM-OpenFlow14' \
+    'ipv6,ipv6_label=5/1                         NXM,OXM,OXM-OpenFlow14' \
+    'ip,nw_proto=1                               any,OXM-OpenFlow14' \
+    'ipv6,nw_proto=1                             NXM,OXM,OXM-OpenFlow14' \
+    'ip,nw_tos=0xf0                              any,OXM-OpenFlow14' \
+    'ipv6,nw_tos=0xf0                            NXM,OXM,OXM-OpenFlow14' \
+    'ip,ip_dscp=0x3c                             any,OXM-OpenFlow14' \
+    'ipv6,ip_dscp=0x3c                           NXM,OXM,OXM-OpenFlow14' \
+    'ip,nw_ecn=1                                 NXM,OXM,OXM-OpenFlow14' \
+    'ipv6,nw_ecn=1                               NXM,OXM,OXM-OpenFlow14' \
+    'ip,nw_ttl=5                                 NXM,OXM,OXM-OpenFlow14' \
+    'ipv6,nw_ttl=5                               NXM,OXM,OXM-OpenFlow14' \
+    'ip,ip_frag=no                               NXM,OXM,OXM-OpenFlow14' \
+    'ipv6,ip_frag=no                             NXM,OXM,OXM-OpenFlow14' \
+    'arp,arp_op=0                                any,OXM-OpenFlow14' \
+    'arp,arp_spa=1.2.3.4                         any,OXM-OpenFlow14' \
+    'arp,arp_spa=1.2.3.4/0.0.0.1                 NXM,OXM,OpenFlow11,OXM-OpenFlow14' \
+    'arp,arp_tpa=1.2.3.4                         any,OXM-OpenFlow14' \
+    'arp,arp_tpa=1.2.3.4/0.0.0.1                 NXM,OXM,OpenFlow11,OXM-OpenFlow14' \
+    'arp,arp_sha=00:11:22:33:44:55               NXM,OXM,OXM-OpenFlow14' \
+    'arp,arp_sha=00:11:22:33:44:55/00:ff:ff:ff:ff:ff NXM,OXM,OXM-OpenFlow14' \
+    'arp,arp_tha=00:11:22:33:44:55               NXM,OXM,OXM-OpenFlow14' \
+    'arp,arp_tha=00:11:22:33:44:55/00:ff:ff:ff:ff:ff NXM,OXM,OXM-OpenFlow14' \
+    'tcp,tcp_src=80                              any,OXM-OpenFlow14' \
+    'tcp,tcp_src=0x1000/0x1000                   NXM,OXM,OXM-OpenFlow14' \
+    'tcp6,tcp_src=80                             NXM,OXM,OXM-OpenFlow14' \
+    'tcp6,tcp_src=0x1000/0x1000                  NXM,OXM,OXM-OpenFlow14' \
+    'tcp,tcp_dst=80                              any,OXM-OpenFlow14' \
+    'tcp,tcp_dst=0x1000/0x1000                   NXM,OXM,OXM-OpenFlow14' \
+    'tcp6,tcp_dst=80                             NXM,OXM,OXM-OpenFlow14' \
+    'tcp6,tcp_dst=0x1000/0x1000                  NXM,OXM,OXM-OpenFlow14' \
+    'udp,udp_src=80                              any,OXM-OpenFlow14' \
+    'udp,udp_src=0x1000/0x1000                   NXM,OXM,OXM-OpenFlow14' \
+    'udp6,udp_src=80                             NXM,OXM,OXM-OpenFlow14' \
+    'udp6,udp_src=0x1000/0x1000                  NXM,OXM,OXM-OpenFlow14' \
+    'udp,udp_dst=80                              any,OXM-OpenFlow14' \
+    'udp,udp_dst=0x1000/0x1000                   NXM,OXM,OXM-OpenFlow14' \
+    'udp6,udp_dst=80                             NXM,OXM,OXM-OpenFlow14' \
+    'udp6,udp_dst=0x1000/0x1000                  NXM,OXM,OXM-OpenFlow14' \
+    'icmp,icmp_type=1                            any,OXM-OpenFlow14' \
+    'icmp,icmp_code=2                            any,OXM-OpenFlow14' \
+    'icmp6,icmpv6_type=1                         NXM,OXM,OXM-OpenFlow14' \
+    'icmp6,icmpv6_code=2                         NXM,OXM,OXM-OpenFlow14'
 do
     set $test_case
     echo
@@ -145,7 +145,7 @@ actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_
 AT_CHECK([ovs-ofctl parse-flows flows.txt
 ], [0], [stdout])
 AT_CHECK([[sed 's/ (xid=0x[0-9a-fA-F]*)//' stdout]], [0],
-[[usable protocols: any
+[[usable protocols: any,OXM-OpenFlow14
 chosen protocol: OpenFlow10-table_id
 OFPT_FLOW_MOD: ADD tcp,tp_src=123 out_port:5 actions=FLOOD
 OFPT_FLOW_MOD: ADD in_port=LOCAL,dl_vlan=9,dl_src=00:0a:e4:25:6b:b0 actions=drop
@@ -182,7 +182,7 @@ actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_
 AT_CHECK([ovs-ofctl --protocols OpenFlow11 parse-flows flows.txt
 ], [0], [stdout])
 AT_CHECK([[sed 's/ (xid=0x[0-9a-fA-F]*)//' stdout]], [0],
-[[usable protocols: any
+[[usable protocols: any,OXM-OpenFlow14
 chosen protocol: OpenFlow11
 OFPT_FLOW_MOD (OF1.1): ADD tcp,tp_src=123 out_port:5 actions=FLOOD
 OFPT_FLOW_MOD (OF1.1): ADD in_port=LOCAL,dl_vlan=9,dl_src=00:0a:e4:25:6b:b0 actions=drop
@@ -223,7 +223,7 @@ actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_
 AT_CHECK([ovs-ofctl --protocols OpenFlow12 parse-flows flows.txt
 ], [0], [stdout])
 AT_CHECK([[sed 's/ (xid=0x[0-9a-fA-F]*)//' stdout]], [0],
-[[usable protocols: NXM,OXM
+[[usable protocols: NXM,OXM,OXM-OpenFlow14
 chosen protocol: OXM-OpenFlow12
 OFPT_FLOW_MOD (OF1.2): ADD tcp,tp_src=123 actions=FLOOD
 OFPT_FLOW_MOD (OF1.2): ADD in_port=LOCAL,dl_vlan=9,dl_src=00:0a:e4:25:6b:b0 actions=set_field:4103->vlan_vid,set_field:2->vlan_pcp
@@ -350,7 +350,7 @@ actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_
 AT_CHECK([ovs-ofctl parse-flows flows.txt
 ], [0], [stdout])
 AT_CHECK([[sed 's/ (xid=0x[0-9a-fA-F]*)//' stdout]], [0],
-[[usable protocols: OXM,NXM+table_id
+[[usable protocols: OXM,NXM+table_id,OXM-OpenFlow14
 chosen protocol: NXM+table_id
 NXT_FLOW_MOD: ADD table:255 tcp,tp_src=123 actions=FLOOD
 NXT_FLOW_MOD: ADD table:255 in_port=LOCAL,dl_vlan=9,dl_src=00:0a:e4:25:6b:b0 actions=drop
@@ -418,7 +418,7 @@ actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_
 ])
 AT_CHECK([ovs-ofctl -F nxm parse-flows flows.txt], [0], [stdout])
 AT_CHECK([[sed 's/ (xid=0x[0-9a-fA-F]*)//' stdout]], [0], [dnl
-usable protocols: NXM,OXM
+usable protocols: NXM,OXM,OXM-OpenFlow14
 chosen protocol: NXM-table_id
 NXT_FLOW_MOD: ADD tcp,tp_src=123 actions=FLOOD
 NXT_FLOW_MOD: ADD in_port=LOCAL,dl_vlan=9,dl_src=00:0a:e4:25:6b:b0 actions=drop
@@ -484,7 +484,7 @@ actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_
 ]])
 AT_CHECK([ovs-ofctl -F nxm -mmm parse-flows flows.txt], [0], [stdout], [stderr])
 AT_CHECK([[sed 's/ (xid=0x[0-9a-fA-F]*)//' stdout]], [0],
-[[usable protocols: NXM,OXM
+[[usable protocols: NXM,OXM,OXM-OpenFlow14
 chosen protocol: NXM-table_id
 NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(0800), NXM_OF_IP_PROTO(06), NXM_OF_TCP_SRC(007b) actions=FLOOD
 NXT_FLOW_MOD: ADD NXM_OF_IN_PORT(fffe), NXM_OF_ETH_SRC(000ae4256bb0), NXM_OF_VLAN_TCI_W(1009/1fff) actions=drop
@@ -2233,10 +2233,10 @@ dnl Check that "-F openflow10" rejects a flow_mod with unsupported features,
 dnl such as tunnels and metadata.
 AT_SETUP([ovs-ofctl -F option and NXM features])
 AT_CHECK([ovs-ofctl -F openflow10 add-flow dummy tun_id=123,actions=drop],
-  [1], [], [ovs-ofctl: none of the usable flow formats (NXM,OXM) is among the allowed flow formats (OpenFlow10)
+  [1], [], [ovs-ofctl: none of the usable flow formats (NXM,OXM,OXM-OpenFlow14) is among the allowed flow formats (OpenFlow10)
 ])
 AT_CHECK([ovs-ofctl -F openflow10 add-flow dummy metadata=123,actions=drop],
-  [1], [], [ovs-ofctl: none of the usable flow formats (NXM,OXM,OpenFlow11) is among the allowed flow formats (OpenFlow10)
+  [1], [], [ovs-ofctl: none of the usable flow formats (NXM,OXM,OpenFlow11,OXM-OpenFlow14) is among the allowed flow formats (OpenFlow10)
 ])
 AT_CLEANUP
 
@@ -2271,7 +2271,7 @@ dnl can't be represented in OpenFlow 1.0.
 AT_SETUP([ovs-ofctl dump-flows rejects bad -F option])
 OVS_VSWITCHD_START
 AT_CHECK([ovs-ofctl -F openflow10 dump-flows unix:br0.mgmt reg0=0xabcdef], [1], [],
-  [ovs-ofctl: none of the usable flow formats (NXM,OXM) is among the allowed flow formats (OpenFlow10)
+  [ovs-ofctl: none of the usable flow formats (NXM,OXM,OXM-OpenFlow14) is among the allowed flow formats (OpenFlow10)
 ])
 OVS_VSWITCHD_STOP
 AT_CLEANUP
diff --git a/utilities/ovs-ofctl.8.in b/utilities/ovs-ofctl.8.in
index d6f8ae7f6..696baab39 100644
--- a/utilities/ovs-ofctl.8.in
+++ b/utilities/ovs-ofctl.8.in
@@ -1973,9 +1973,13 @@ format.
 .
 .IP "\fBOXM-OpenFlow12\fR"
 .IQ "\fBOXM-OpenFlow13\fR"
-.IQ "\fBOXM-OpenFlow14\fR"
 These are the standard OXM (OpenFlow Extensible Match) flow format in
-OpenFlow 1.2, 1.3, and 1.4, respectively.
+OpenFlow 1.2 and 1.3, respectively.
+.IP "\fBOXM-OpenFlow14\fR"
+The standard OXM (OpenFlow Extensible Match) flow format in OpenFlow
+1.4.  OpenFlow 1.4 is not yet well supported; in particular, the
+implementation is unsafe, such that sending an unsupported message in
+OpenFlow 1.4 to \fBovs\-vswitchd\fR can cause it to crash.
 .RE
 .
 .IP
@@ -1983,13 +1987,15 @@ OpenFlow 1.2, 1.3, and 1.4, respectively.
 collections of flow formats:
 .RS
 .IP "\fBany\fR"
-Any supported flow format.
+Any supported flow format except \fBOXM-OpenFlow14\fR, which is not
+yet well supported (see above).
 .IP "\fBOpenFlow10\fR"
 \fBOpenFlow10\-table_id\fR or \fBOpenFlow10+table_id\fR.
 .IP "\fBNXM\fR"
 \fBNXM\-table_id\fR or \fBNXM+table_id\fR.
 .IP "\fBOXM\fR"
-\fBOXM-OpenFlow12\fR, \fBOXM-OpenFlow13\fR, or \fBOXM-OpenFlow14\fR.
+\fBOXM-OpenFlow12\fR or \fBOXM-OpenFlow13\fR.  \fBOXM-OpenFlow14\fR is
+not included because it is not yet well supported (see above).
 .RE
 .
 .IP
diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c
index f7bd6572f..1d56bbd85 100644
--- a/vswitchd/bridge.c
+++ b/vswitchd/bridge.c
@@ -165,6 +165,11 @@ static uint64_t connectivity_seqno = LLONG_MIN;
 #define IFACE_STATS_INTERVAL (5 * 1000) /* In milliseconds. */
 static long long int iface_stats_timer = LLONG_MIN;
 
+/* Set to true to allow experimental use of OpenFlow 1.4.
+ * This is false initially because OpenFlow 1.4 is not yet safe to use: it can
+ * abort due to unimplemented features. */
+static bool allow_of14;
+
 /* In some datapaths, creating and destroying OpenFlow ports can be extremely
  * expensive.  This can cause bridge_reconfigure() to take a long time during
  * which no other work can be done.  To deal with this problem, we limit port
@@ -425,6 +430,14 @@ bridge_exit(void)
     ovsdb_idl_destroy(idl);
 }
 
+/* Enables use of OpenFlow 1.4.  This is off by default because OpenFlow 1.4 is
+ * not yet safe to use: it can abort due to unimplemented features. */
+void
+bridge_enable_of14(void)
+{
+    allow_of14 = true;
+}
+
 /* Looks at the list of managers in 'ovs_cfg' and extracts their remote IP
  * addresses and ports into '*managersp' and '*n_managersp'.  The caller is
  * responsible for freeing '*managersp' (with free()).
@@ -915,11 +928,17 @@ bridge_configure_datapath_id(struct bridge *br)
 static uint32_t
 bridge_get_allowed_versions(struct bridge *br)
 {
+    uint32_t allowed_versions;
+
     if (!br->cfg->n_protocols)
         return 0;
 
-    return ofputil_versions_from_strings(br->cfg->protocols,
-                                         br->cfg->n_protocols);
+    allowed_versions = ofputil_versions_from_strings(br->cfg->protocols,
+                                                     br->cfg->n_protocols);
+    if (!allow_of14) {
+        allowed_versions &= ~(1u << OFP14_VERSION);
+    }
+    return allowed_versions;
 }
 
 /* Set NetFlow configuration on 'br'. */
diff --git a/vswitchd/bridge.h b/vswitchd/bridge.h
index 7bffee8ad..d1ca988ef 100644
--- a/vswitchd/bridge.h
+++ b/vswitchd/bridge.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira, Inc.
+/* Copyright (c) 2008, 2009, 2010, 2011, 2012, 2014 Nicira, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,8 @@ struct simap;
 void bridge_init(const char *remote);
 void bridge_exit(void);
 
+void bridge_enable_of14(void);
+
 void bridge_run(void);
 void bridge_wait(void);
 
diff --git a/vswitchd/ovs-vswitchd.8.in b/vswitchd/ovs-vswitchd.8.in
index e9dc48397..817cec24e 100644
--- a/vswitchd/ovs-vswitchd.8.in
+++ b/vswitchd/ovs-vswitchd.8.in
@@ -83,6 +83,16 @@ only allow privileged users, such as the superuser, to use it.
 \fBovs\-vswitchd\fR emits a log message if \fBmlockall()\fR is
 unavailable or unsuccessful.
 .
+.IP "\fB\-\-enable\-of14\fR"
+Specifying this option allows OpenFlow 1.4 to be used if it is enabled
+through the \fBprotocols\fR column in the \fBController\fR.  Without
+this option, \fBovs\-vswitchd\fR will not use OpenFlow 1.4 even if it
+is enabled that way.  This option is present because OpenFlow 1.4
+support is not safe: the daemon will abort when certain unimplemented
+features are tested.  Thus, for now it is suitable only for
+experimental use.  When the support is implemented safely, this option
+will be removed.
+.
 .SS "Daemon Options"
 .ds DD \
 \fBovs\-vswitchd\fR detaches only after it has connected to the \
diff --git a/vswitchd/ovs-vswitchd.c b/vswitchd/ovs-vswitchd.c
index ca76aef10..900d3e2c6 100644
--- a/vswitchd/ovs-vswitchd.c
+++ b/vswitchd/ovs-vswitchd.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc.
+/* Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014 Nicira, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -142,6 +142,7 @@ parse_options(int argc, char *argv[], char **unixctl_pathp)
         OPT_BOOTSTRAP_CA_CERT,
         OPT_ENABLE_DUMMY,
         OPT_DISABLE_SYSTEM,
+        OPT_ENABLE_OF14,
         DAEMON_OPTION_ENUMS
     };
     static const struct option long_options[] = {
@@ -156,6 +157,7 @@ parse_options(int argc, char *argv[], char **unixctl_pathp)
         {"bootstrap-ca-cert", required_argument, NULL, OPT_BOOTSTRAP_CA_CERT},
         {"enable-dummy", optional_argument, NULL, OPT_ENABLE_DUMMY},
         {"disable-system", no_argument, NULL, OPT_DISABLE_SYSTEM},
+        {"enable-of14", no_argument, NULL, OPT_ENABLE_OF14},
         {NULL, 0, NULL, 0},
     };
     char *short_options = long_options_to_short_options(long_options);
@@ -204,6 +206,10 @@ parse_options(int argc, char *argv[], char **unixctl_pathp)
             dp_blacklist_provider("system");
             break;
 
+        case OPT_ENABLE_OF14:
+            bridge_enable_of14();
+            break;
+
         case '?':
             exit(EXIT_FAILURE);
 
@@ -242,6 +248,7 @@ usage(void)
     vlog_usage();
     printf("\nOther options:\n"
            "  --unixctl=SOCKET        override default control socket name\n"
+           "  --enable-of14           allow enabling OF1.4 (unsafely!)\n"
            "  -h, --help              display this help message\n"
            "  -V, --version           display version information\n");
     exit(EXIT_SUCCESS);
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index b640a0f5f..b0a857721 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -565,9 +565,22 @@
       </column>
 
       <column name="protocols">
-        List of OpenFlow protocols that may be used when negotiating a
-        connection with a controller.  A default value of
-        <code>OpenFlow10</code> will be used if this column is empty.
+	<p>
+	  List of OpenFlow protocols that may be used when negotiating a
+	  connection with a controller.  A default value of
+	  <code>OpenFlow10</code> will be used if this column is empty.
+	</p>
+
+	<p>
+	  The current implementation of OpenFlow 1.4 support is not safe:
+	  <code>ovs-vswitchd</code> will abort when certain unimplemented
+	  features are tested.  Thus, for now it is suitable only for
+	  experimental use.  For this reason, OpenFlow 1.4 is supported only
+	  if, in addition to specifying <code>OpenFlow14</code> in this field,
+	  <code>ovs-vswitchd</code> is invoked with the
+	  <code>--enable-of14</code> option.  (When support becomes safe, this
+	  option will be removed.)
+	</p>
       </column>
     </group>