2
0
mirror of https://github.com/openvswitch/ovs synced 2025-10-25 15:07:05 +00:00
Commit Graph

205 Commits

Author SHA1 Message Date
Ben Pfaff
98403001ec datapath: Move Netlink PID for userspace actions from flows to actions.
Commit b063d9f06 "datapath: Use unicast Netlink sockets for upcalls" that
switched from multicast to unicast Netlink for sending upcalls added a
Netlink PID to each kernel flow, used by OVS_ACTION_ATTR_USERSPACE actions
within the flow as target.

This commit drops this per-flow PID in favor of a per-action PID, because
that is more flexible.  It does not yet make use of this additional
flexibility, so behavior should not change.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Bug #7559.
2011-10-12 16:27:00 -07:00
Ben Pfaff
3ee8a9f002 openflow: Delete icmp_type and icmp_code macros.
These macros caused trouble if datapath-protocol.h was included before
openflow.h.  Later references to the icmp_type and icmp_code members of
struct ovs_key_icmp caused compiler errors, because the macros caused them
to try to refer to nonexistent tp_src and tp_dst members in those
structures.
2011-10-11 10:37:25 -07:00
Ben Pfaff
5621afff91 odp-util: Use nl_parse_nested() to simplify format_odp_sample_action(). 2011-10-05 11:17:14 -07:00
Pravin Shelar
6ff686f2bc sFlow: Genericize/simplify kernel sFlow implementation
Following patch adds sampling action which takes probability and set
of actions as arguments. When probability is hit, actions are executed for
given packet.
USERSPACE action's userdata (u64) is used to store struct
user_action_cookie as cookie. CONTROLLER action is fixed accordingly.

Now we can remove sFlow code from kernel and implement sFlow generically
as SAMPLE action. sFlow is defined as SAMPLE Action with probability (sFlow
sampling rate) and USERSPACE action as argument. USERSPACE action's data
is used as cookie. sFlow uses this cookie to store output-port, number of
output ports and vlan-id. sample-pool is calculated by using vport
stats.

Signed-off-by: Pravin Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-28 10:43:07 -07:00
Ben Pfaff
6d324ae5db odp-util: Drop pointless "if" statement. 2011-09-15 11:10:36 -07:00
Pravin Shelar
d9065a90b6 datapath: VLAN actions should use push/pop semantics
Currently the kernel vlan actions mirror those used by OpenFlow 1.0.
i.e. MODIFY and STRIP. More flexible approach is to have an action to
push a tag and pop a tag off, so that it can handle multiple levels of vlan
tags. Plus it aligns with newer version of OpenFlow.
        As this patch replaces MODIFY with PUSH semantic, action
mapping done in userpace is fixed accordingly.
        GSO handling for multiple levels of vlan tags is also added as
Jesse suggested before.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
2011-09-09 18:13:26 -07:00
Ben Pfaff
18886b60bc datapath: Allow a packet with no input port to omit OVS_KEY_ATTR_IN_PORT.
When ovs-vswitchd executes actions on a synthesized packet, that is, on a
packet that is not being forwarded from any particular port but is being
generated by ovs-vswitchd itself or by an OpenFlow controller (using a
OFPT_PACKET_OUT message with an in_port of OFPP_NONE), there is no good
choice for the in_port to pass to the kernel in the flow in the
OVS_PACKET_CMD_EXECUTE message.  This commit allows ovs-vswitchd to omit
the in_port entirely in this case.

This fixes a bug in OFPT_PACKET_OUT: using an in_port of OFPP_NONE would
cause the packet to be dropped by the kernel, since that's an invalid
input port.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Reported-by: Aaron Rosen <arosen@clemson.edu>
2011-09-08 16:30:20 -07:00
Justin Pettit
df2c07f433 datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions.
The prefix "ODP_*" is not overly descriptive in the context of the
larger Linux tree.  This commit changes the prefix to "OVS_*" for the
userpace to kernel interactions.  The userspace libraries still use
"ODP_" in many of their interfaces since it is more descriptive in the
OVS oeuvre.

Feature #6904

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-19 22:48:23 -07:00
Ben Pfaff
fac2e5163c odp-util: Fix parsing of Ethertypes 0x8000 and above.
An existing comment in the function being updated explains the problem:

    * Many of the sscanf calls in this function use oversized destination
    * fields because some sscanf() implementations truncate the range of %i
    * directives, so that e.g. "%"SCNi16 interprets input of "0xfedc" as a
    * value of 0x7fff.  The other alternatives are to allow only a single
    * radix (e.g. decimal or hexadecimal) or to write more sophisticated
    * parsers.
2011-08-18 11:37:44 -07:00
Ethan Jackson
b53055f4da lib: Whitespace cleanup. 2011-08-12 15:05:41 -07:00
Ben Pfaff
3bffc610fa odp-util: New function odp_flow_key_from_string().
This will be used in upcoming commits.
2011-08-08 13:14:01 -07:00
Ben Pfaff
6adf1730c8 odp-util: Format VLAN headers more like other headers in ODP flow output.
The rest of the headers all follow the form "header(value)" or
"header(key1=value1,key2=value2,...)" but VLAN headers left out the "="
characters.  This adds them in for consistency.
2011-08-08 13:14:01 -07:00
pravin shelar
b85d8d61a6 Datapath action should not refer to controller
ODP_ACTION_ATTR_CONTROLLER in the kernel actually sends packets to
userspace, not the controller. To make it generic rename this action
to ODP_ACTION_ATTR_USERSPACE.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2011-07-28 09:05:25 -07:00
Justin Pettit
6c222e55fa Remove NXAST_DROP_SPOOFED_ARP action.
The NXAST_DROP_SPOOFED_ARP action has been deprecated in favor of
defining flows using the NXM_NX_ARP_SHA flow match for a while.  This
commit removes it.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
2011-06-09 16:19:38 -07:00
Ben Pfaff
abe529af47 ofproto: Break apart into generic and hardware-specific parts.
In addition to the changes to ofproto, this commit changes all of the
instances of "struct flow" in the tree so that the "in_port" member is an
OpenFlow port number.  Previously, this member was an OpenFlow port number
in some cases and an ODP port number in other cases.
2011-05-11 12:35:09 -07:00
Justin Pettit
602ef4b21c odp-util: Print tunnel ids in host-order.
Suggested-by: Pankaj Thakkar <thakkar@nicira.com>
2011-03-22 21:33:14 -07:00
Ben Pfaff
535d6987a7 Zero padding bytes in odp_key_ipv4, odp_key_arp.
This is a potential security issue for the kernel.  In userspace it just
provokes false-positive valgrind warnings (which is how I found it).

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
2011-02-03 14:55:28 -08:00
Justin Pettit
685a51a5b8 nicira-ext: Support matching IPv6 Neighbor Discovery messages.
IPv6 uses Neighbor Discovery messages in a similar manner to how IPv4
uses ARP.  This commit adds support for matching deeper into the
payloads of Neighbor Solicitation (NS) and Neighbor Advertisement (NA)
messages.  Currently, the matching fields include:

    - NS and NA Target (nd_target)
    - NS Source Link Layer Address (nd_sll)
    - NA Target Link Layer Address (nd_tll)

When defining IPv6 Neighbor Discovery rules, the Nicira Extensible Match
(NXM) extension to OVS must be used.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2011-02-02 13:22:34 -08:00
Justin Pettit
d31f1109f1 nicira-ext: Support matching IPv6 traffic.
Provides ability to match over IPv6 traffic in the same manner as IPv4.
Currently, the matching fields include:

    - IPv6 source and destination addresses (ipv6_src and ipv6_dst)
    - Traffic Class (nw_tos)
    - Next Header (nw_proto)
    - ICMPv6 Type and Code (icmp_type and icmp_code)
    - TCP and UDP Ports over IPv6 (tp_src and tp_dst)

When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to
OVS must be used.

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2011-02-02 12:53:26 -08:00
Justin Pettit
bad68a9965 nicira-ext: Support matching ARP source and target hardware addresses.
OpenFlow 1.0 doesn't allow matching on the ARP source and target
hardware address.  This has caused us to introduce hacks such as the
Drop Spoofed ARP action.  Now that we have extensible match, we can
match on more fields within ARP:

    - Source Hardware Address (arp_sha)
    - Target Hardware Address (arp_tha)

Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2011-02-02 12:42:40 -08:00
Justin Pettit
6767a2cce9 lib: Replace IP_TYPE_ references with IPPROTO_.
A few common IP protocol types were defined in "lib/packets.h".  However,
we already assume the existence of <netinet/in.h> which contains a more
exhaustive list and should be available on POSIX systems.
2011-02-02 11:50:17 -08:00
Jesse Gross
074d69f58b odp-util: Print EtherTypes consistently.
The '#' format specifier doesn't respect the field width modifier,
so EtherTypes are printed with variable length.  Zero is not a valid
EtherType so there isn't a need for the logic to dynamically insert
the 0x prefix (if the EtherType isn't specified it won't be printed
at all).  This fixes the EtherType to have the intended format and
also changes the vlan TPID to match.
2011-01-29 23:41:27 -08:00
Ben Pfaff
7aec165dbc datapath: s/ODPAT_/ODP_ACTION_ATTR_/ to fit new naming scheme.
Jesse suggested this naming scheme, so I'm adjusting existing names to
fit it.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-28 15:34:40 -08:00
Ben Pfaff
c97fb13280 dpif: Eliminate "struct odp_flow_stats" from client-visible interface.
Following this commit, "struct odp_flow_stats" is only used in
Linux-specific parts of OVS userspace code.  This allows the actual Linux
datapath interface to evolve more freely.

Reviewed by Justin Pettit.
2011-01-27 21:08:38 -08:00
Ben Pfaff
feebdea2e5 dpif: Eliminate "struct odp_flow" from client-visible interface.
Following this commit, "struct odp_flow" and related data structures are
only used in Linux-specific parts of OVS userspace code.  This allows the
actual Linux datapath interface to evolve more freely.

Reviewed by Justin Pettit.
2011-01-27 21:08:38 -08:00
Ben Pfaff
ffeda91a47 ovs-dpctl: Use netdev_get_config() to print vport configurations.
This is cleaner than parsing "odp_port"s directly.  It takes one step
toward eliminating use of odp_port from any userspace code outside of
lib/netdev-vport.c and lib/dpif-linux.c.

Reviewed by Justin Pettit.
2011-01-27 21:08:37 -08:00
Ben Pfaff
36956a7d33 datapath: Convert odp_flow_key to use Netlink attributes instead.
One of the goals for Open vSwitch is to decouple kernel and userspace
software, so that either one can be upgraded or rolled back independent of
the other.  To do this in full generality, it must be possible to change
the kernel's idea of the flow key separately from the userspace version.
In turn, that means that flow keys must become variable-length.  This
commit makes that change using Netlink attribute sequences.

This commit does not actually make userspace flexible enough to handle
changes in the kernel flow key structure, because userspace doesn't yet
have enough information to do that intelligently.  Upcoming commits will
fix that.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-27 21:08:35 -08:00
Ben Pfaff
3476fce34e odp-util: Improve formatting of bogus empty action attributes.
Before this change, these were formatted as:
	,***%u leftover bytes***
After this change, they are formatted as:
	<empty>,***%u leftover bytes***

Reviewed by Ethan Jackson <ethan@nicira.com>.
2011-01-27 09:26:06 -08:00
Justin Pettit
e16a28b585 vswitch: Use "ipsec_gre" vport instead of "gre" with "other_config"
Previously, a GRE-over-IPsec tunnel was created as an interface with a
"type" of "gre" and the "other_config" column with "ipsec_cert" or
"ipsec_psk" set.  This could lead to a potential security problem if a user
intended to create a GRE-over-IPsec tunnel, but misconfigured the
"ipsec_*" config and created an unencrypted GRE tunnel.

This commit defines an "ipsec_gre" tunnel type, which should prevent
users from inadvertently establishing insecure tunnels.
2010-12-28 14:30:36 -08:00
Justin Pettit
0ae60917fc ovs-dpctl: Print extended information about vports.
When "ovs-dpctl show" is run, return additional information about the
port.  For example, tunnel ports will print the remote_ip, local_ip, and
in_key when defined.
2010-12-28 14:30:35 -08:00
Ben Pfaff
8ba43fbd1f odp-util: Improve formatting of bad ODP actions.
nla_len is the size of a Netlink attribute including its header, but we
only want to print the attribute payload, so use nl_attr_get_size()
instead.

Also, make it clear that what follows the "bad action" information is a
dump of the action itself.

Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-28 09:17:23 -08:00
Jesse Gross
b7b0c62097 odp-util: Correct length check in format_odp_action().
When printing the action list we first check that the size of the
action matches the expected length for that type.  However, when
doing the lookup we were passing in the length of the action, not
the type, leading to bogus values.
2010-12-16 14:33:04 -08:00
Jesse Gross
cf22f8cba3 vswitchd: Consistently use size_t for action lengths.
Currently the type of the datapath action length is mixture of
size_t and unsigned int.  However, size_t is really defined as an
unsigned long, which causes the build to fail on 64-bit platforms.
This consistently uses size_t.
2010-12-13 11:07:15 -08:00
Ben Pfaff
b9298d3f82 Expand tunnel IDs from 32 to 64 bits.
We have a need to identify tunnels with keys longer than 32 bits.  This
commit adds basic datapath and OpenFlow support for such keys.  It doesn't
actually add any tunnel protocols that support 64-bit keys, so this is not
very useful yet.

The 'arg' member of struct odp_msg had to be expanded to 64-bits also,
because it sometimes contains a tunnel ID.  This member also contains the
argument passed to ODPAT_CONTROLLER, so I expanded that action's argument
to 64 bits also so that it can use the full width of the expanded 'arg'.
Userspace doesn't take advantage of the new space though (it was only
using 16 bits anyhow).

This commit has been tested only to the extent that it doesn't disrupt
basic Open vSwitch operation.  I have not tested it with tunnel traffic.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Feature #3976.
2010-12-10 11:14:13 -08:00
Ben Pfaff
cdee00fd63 datapath: Replace "struct odp_action" by Netlink attributes.
In the medium term, we plan to migrate the datapath to use Netlink as its
communication channel.  In the short term, we need to be able to have
actions with 64-bit arguments but "struct odp_action" only has room for
48 bits.  So this patch shifts to variable-length arguments using Netlink
attributes, which starts in on the Netlink transition and makes 64-bit
arguments possible at the same time.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 11:13:32 -08:00
Ben Pfaff
5b16f00916 Format tunnel IDs consistently.
Some code failed to convert tunnel IDs to host byte order for printing,
so this fixes that.  Some code printed tunnel IDs with a 0x prefix and
other code didn't, so this code uses the '#' flag consistently (which
prints 0x for nonzero values and omits it for zero).

This commit also stops always printing all 8 digits.  When tunnel IDs
are expanded to 64 bits, as they will be soon, printing 16 digits all the
time wastes too much space.

Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-03 09:32:31 -08:00
Ben Pfaff
66642cb40b nx-match: Implement support for arbitrary VLAN TCI masks.
Since the Nicira Extended Match was specified nicira-ext.h has claimed that
arbitrary masks are allowed, but in fact only certain masks were actually
implemented.  This commit implements general masking for the 802.1Q VLAN
TCI field.
2010-11-23 10:06:28 -08:00
Ben Pfaff
b6c9e612fa ofproto: Implement support for registers in extended flow match. 2010-11-11 10:41:33 -08:00
Ben Pfaff
7da6be985c odp-util: Print in_port in decimal in format_odp_flow_key().
Suggested-by: Justin Pettit <jpettit@nicira.com>
2010-10-29 09:50:56 -07:00
Ben Pfaff
386a62a104 odp-util: Print tunnel id as part of ODP flow key in format_odp_flow_key(). 2010-10-29 09:49:46 -07:00
Ben Pfaff
27bcf966b4 datapath: Simplify ODPAT_SET_DL_TCI action.
There's no need to have a mask in this action, because both parts of the
TCI are part of the flow structure.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
2010-10-18 11:18:23 -07:00
Justin Pettit
db164669c1 odp-util: Remove extraneous "set_tci(" from format_odp_action()
The function format_odp_action(), which is used to format the output of
"ovs-dpctl dump-flows", printed "set_tci(" before printing a correct
"set_tci" with actual parameters.

Bug #3808 (1/2)
2010-10-12 00:06:51 -07:00
Ben Pfaff
a01ef04ced datapath: Drop padding from struct odp_flow_key.
Breaking this out as a separate commit should make it easier to see what
needs to change later, if we need to reintroduce padding at some point.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
2010-10-11 13:31:43 -07:00
Ben Pfaff
26233bb461 datapath: Combine dl_vlan and dl_vlan_pcp.
This allows eliminating padding from odp_flow_key, although actually doing
that is postponed until the next commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
2010-10-11 13:31:43 -07:00
Ben Pfaff
14608a1539 flow: Separate "flow_t" from "struct odp_flow_key".
The "struct odp_flow_key" used in the kernel datapath is conceptually
separate from the "flow_t" used in userspace, but until now we have
used the latter as a typedef for the former for convenience.  This commit
separates them.  This makes it possible in upcoming commits to change
them independently.

This is cross-ported from the "wdp" branch, which has had it for months.
2010-10-11 13:31:35 -07:00
Ben Pfaff
f1588b1fa1 datapath: Remove implementation of port groups.
The "port group" concept seems like a good one, but it has not been
used very much in userspace so far, so before we commit ourselves to
a frozen API that we must maintain forever, remove it.  We can always
add it back in later as a new kind of vport.

Signed-off-by: Ben Pfaff <blp@nicira.com>
2010-10-11 12:40:11 -07:00
Ben Pfaff
a77d89b84a Properly print drop_spoofed_arp actions when decoding OpenFlow and ODP.
Also fix formatting of unknown Nicira actions in OpenFlow.
2010-09-15 13:26:46 -07:00
Ben Pfaff
9026bf3430 odp-util: Avoid branch in odp_actions_add().
I have no idea why, but the test and branch in odp_actions_add() has always
bugged me.  This commit eliminates it.
2010-08-13 10:06:11 -07:00
Ben Pfaff
c4d279ab34 Add pretty-printers for QoS related OpenFlow and ODP actions. 2010-07-20 11:22:36 -07:00
Jesse Gross
659586efcf tunneling: Add support for tunnel ID.
Add a tun_id field which contains the ID of the encapsulating tunnel
on which a packet was received (0 if not received on a tunnel).  Also
add an action which allows the tunnel ID to be set for outgoing
packets.  At this point there aren't any tunnel implementations so
these fields don't have any effect.

The matching is exposed to OpenFlow by overloading the high 32 bits
of the cookie as the tunnel ID.  ovs-ofctl is capable of turning
on this special behavior using a new "tun-cookie" command but this
command is intentially undocumented to avoid it being used without
a full understanding of the consequences.
2010-04-19 09:11:51 -04:00