Back in 2008 or so, I introduced this extension as a way to provide
information about switch status to the new "switch UI" program. Since
then, the switch UI program has been removed and the important information
that was provided by the switch status extension is now available in the
database, so we might as well get rid of this extension, and that is what
this commit does.
Without this commit, many of the unit tests for ofp-print.c fail with bus
errors on RISC architectures (tested on sparc) and presumably so would any
other code that uses these same struct members.
IPv6 uses Neighbor Discovery messages in a similar manner to how IPv4
uses ARP. This commit adds support for matching deeper into the
payloads of Neighbor Solicitation (NS) and Neighbor Advertisement (NA)
messages. Currently, the matching fields include:
- NS and NA Target (nd_target)
- NS Source Link Layer Address (nd_sll)
- NA Target Link Layer Address (nd_tll)
When defining IPv6 Neighbor Discovery rules, the Nicira Extensible Match
(NXM) extension to OVS must be used.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Provides ability to match over IPv6 traffic in the same manner as IPv4.
Currently, the matching fields include:
- IPv6 source and destination addresses (ipv6_src and ipv6_dst)
- Traffic Class (nw_tos)
- Next Header (nw_proto)
- ICMPv6 Type and Code (icmp_type and icmp_code)
- TCP and UDP Ports over IPv6 (tp_src and tp_dst)
When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to
OVS must be used.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
OpenFlow 1.0 doesn't allow matching on the ARP source and target
hardware address. This has caused us to introduce hacks such as the
Drop Spoofed ARP action. Now that we have extensible match, we can
match on more fields within ARP:
- Source Hardware Address (arp_sha)
- Target Hardware Address (arp_tha)
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
NXM_NX_TUN_ID and NXM_OF_VLAN_TCI were already allowed on NXAST_REG_MOVE,
but not on NXAST_REG_LOAD. This makes them valid on both.
Requested-by: Pankaj Thakkar <thakkar@nicira.com>
We have a need to identify tunnels with keys longer than 32 bits. This
commit adds basic datapath and OpenFlow support for such keys. It doesn't
actually add any tunnel protocols that support 64-bit keys, so this is not
very useful yet.
The 'arg' member of struct odp_msg had to be expanded to 64-bits also,
because it sometimes contains a tunnel ID. This member also contains the
argument passed to ODPAT_CONTROLLER, so I expanded that action's argument
to 64 bits also so that it can use the full width of the expanded 'arg'.
Userspace doesn't take advantage of the new space though (it was only
using 16 bits anyhow).
This commit has been tested only to the extent that it doesn't disrupt
basic Open vSwitch operation. I have not tested it with tunnel traffic.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Feature #3976.
The NXM_IS_NX_REG macro didn't check the "hasmask" bit, which meant that it
looked like it was supposed to match both exact and wildcarded NXM headers,
e.g. both NXM_NX_REG0 and NXM_NX_REG0_W. But exact and wildcarded NXM
headers differ not just in the "hasmask" bit but in the "length" value
also (the wildcarded version's length is twice the exact version's length),
so this was not what it actually did.
The only current users of NXM_IS_NX_REG actually only want to match exact
versions, so this commit makes it only match those. It also adds a new
NXM_IS_NX_REG_W macro that matches only wildcarded versions. This new
macro has no users yet, but its existence should help to make it clear that
NXM_IS_NX_REG only matches exact NXM headers.
Reported-by: Natasha Gude <natasha@nicira.com>
Our controller group at Nicira has requested a way to annotate flows with
extra information beyond the flow cookie. The new NXAST_NOTE action
provides such a way.
This new action is somewhat controversial. Some have suggested that it
should be added another way (either as part of the Nicira Extended Match
or as a new component of the flow_mod and related messages). Others think
that it has no place in the OpenFlow protocol at all and that an equivalent
should be implemented using the already available features of OVSDB. So
it is possible that this extension will be deleted and the feature will
be reimplemented some other way (or not at all).
CC: Teemu Koponen <koponen@nicira.com>
CC: Jeremy Stribling <strib@nicira.com>
It seemed to me that the descriptions of what actions do should be just
above the action structures, where the reader can see the arguments,
instead of just above the enumeration name, so I rearranged the code
this way.
A few actions didn't have their own structures, so to do this I had to give
them some.
The OpenFlow OFPAT_ENQUEUE action sets a queue id and outputs the packet
in one shot. There are times in which the queue should be set, but the
output port is not yet known. This commit adds the NXAST_SET_QUEUE and
NXAST_POP_QUEUE Nicira extension actions to modify the queue
configuration without requiring a port argument.
CC: Jeremy Stribling <strib@nicira.com>
CC: Keith Amidon <keith@nicira.com>
"ARP spoofing" is when a host claims an incorrect association between an
IP address and a MAC address for deceptive purposes. OpenFlow by itself
can prevent a host from sending out ARP replies from an incorrect MAC
address in the Ethernet L2 header, but it cannot control the MAC addresses
inside the ARP L3 packet. This commit adds a new action that can be used
to drop these spoofed packets.
CC: Paul Ingram <paul@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
ovs-vswitchd doesn't declare its QoS capabilities in the database yet,
so the controller has to know what they are. We can add that later.
The linux-htb QoS class has been tested to the extent that I can see that
it sets up the queues I expect when I run "tc qdisc show" and "tc class
show". I haven't tested that the effects on flows are what we expect them
to be. I am sure that there will be problems in that area that we will
have to fix.
Now that Open vSwitch has support for multiple simultaneous controllers,
there is some need for a degree of coordination among them. For now, the
plan is for the controllers themselves to take the lead on this. This
commit adds a small bit of OVS infrastructure: the ability for a controller
to designate itself as a "master" or a "slave". There may be at most one
master at a time; when a controller designates itself as the master, then
any existing master is demoted to slave status. Slave controllers are not
allowed to modify the flow table or global configuration; any attempt to
do so is rejected with a "bad request" error.
Feature #2495.
Add a tun_id field which contains the ID of the encapsulating tunnel
on which a packet was received (0 if not received on a tunnel). Also
add an action which allows the tunnel ID to be set for outgoing
packets. At this point there aren't any tunnel implementations so
these fields don't have any effect.
The matching is exposed to OpenFlow by overloading the high 32 bits
of the cookie as the tunnel ID. ovs-ofctl is capable of turning
on this special behavior using a new "tun-cookie" command but this
command is intentially undocumented to avoid it being used without
a full understanding of the consequences.
If NXAST_RESUBMIT adopts the replacement in_port for executing actions,
then OFPP_NORMAL will believe that traffic originated from whatever port
that is. This seems unlikely to ever be useful and in fact breaks
applications that use NXAST_RESUBMIT for two-stage ACLs.
Bug #2644.
Until now, the NXAST_RESUBMIT action has always looked up the original
flow except for the updated in_port. This commit changes the semantics to
instead look up the flow as modified by any preceding actions that affect
it, e.g. if OFPAT_SET_VLAN_VID precedes NXAST_RESUBMIT, then NXAST_RESUBMIT
now looks up the flow with the modified VLAN, not the original (as well as
the modified in_port).
Also, document how NXAST_RESUBMIT is supposed to work.
Suggested-by: Paul Ingram <paul@nicira.com>
Finalize OpenFlow 1.0 wire-compatibility:
- Set protocol version to 0x01
- Remove references to retired OFPC_MULTI_PHY_TX
- Clean extraneous spaces in header file
NOTE: This is the final commit in the OpenFlow 1.0 set. Starting with
this commit, OVS is OpenFlow 1.0 wire-compatible. Slicing is not yet
implemented.
OpenFlow 1.0 adds support for a subset of QoS that's referred to as slicing.
Open vSwitch does not support this yet, so send errors if it's used.
NOTE: OVS at this point is not wire-compatible with OpenFlow 1.0 until
the final commit in this OpenFlow 1.0 set.
OpenFlow 1.0 adds "port_no" field to the Port Stat request messages to
allow stats for individual ports to be queried. Port stats for all ports
can still be requested by specifying OFPP_NONE as the port number.
NOTE: OVS at this point is not wire-compatible with OpenFlow 1.0 until
the final commit in this OpenFlow 1.0 set.
OpenFlow 1.0 adds support for matching on IP ToS/DSCP bits.
NOTE: OVS at this point is not wire-compatible with OpenFlow 1.0 until
the final commit in this OpenFlow 1.0 set.
OpenFlow 1.0 increases the resolution of flow stats and flow removed messages
from seconds to (potentially) nanoseconds. The spec stats that only
millisecond granularity is required, so that's all we provide at this
time. Increasing to nanoseconds would require more significant code
change and would not provide an appreciable improvement in real world
use.
NOTE: OVS at this point is not wire-compatible with OpenFlow 1.0 until
the final commit in this OpenFlow 1.0 set.
The OpenFlow 1.0 specification supports matching the IP address and
opcode in ARP messages. The datapath already supports this, so this
commit merely exposes that through the OpenFlow module.
NOTE: OVS at this point is not wire-compatible with OpenFlow 1.0
until the final commit in this OpenFlow 1.0 set.
In OpenFlow 1.0, flows have been extended to include an opaque
identifier, referred to as a cookie. The cookie is specified by the
controller when the flow is installed; the cookie will be returned as
part of each flow stats and flow removed message.
NOTE: OVS at this point is not wire-compatible with OpenFlow 1.0 until
the final commit in this Openflow 1.0 set.
