Until now, the rules that cover the asynchronous messages that Open vSwitch
sends to a controller have been ad hoc. The new NXT_SET_ASYNC_CONFIG
message provides systematic, precise control.
Feature #7086.
Signed-off-by: Ben Pfaff <blp@nicira.com>
This makes the ofp-util support for packet_out better match the support
that ofp-util has for other OpenFlow messages. It also prepares for an
upcoming patch that adds a new piece of code that generates packet_out
messages.
Signed-off-by: Ben Pfaff <blp@nicira.com>
The "learn" action is useful for MAC learning, but until now there has been
no way to find out through OpenFlow how much time remains before a MAC
learning entry (a learned flow) expires. This commit adds that ability.
Feature #7193.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Following patch implements dec_ttl as vendor action with similar
semantics as OpenFlow 1.2. If TTL reaches zero while procession
actions in current table, the remaining actions in previous tables
are processed. A configuration parameter is added to make TTL
decrement to zero generate packet in.
Feature #8758
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
This commit switches from using the actual protocol values of error codes
internally in Open vSwitch, to using abstract values that are translated to
and from protocol values at message parsing and serialization time. I
believe that this makes the code easier to read and to write.
This is also one step along the way toward OpenFlow 1.1 support because
OpenFlow 1.1 renumbered a bunch of error codes.
Signed-off-by: Ben Pfaff <blp@nicira.com>
This makes it possible to add entries for decoding OpenFlow messages with
newer versions, e.g. OpenFlow 1.1 or 1.2. However, no actual messages for
newer versions are actually implemented yet; that will come later.
Signed-off-by: Ben Pfaff <blp@nicira.com>
The new PACKET_IN format implemented in this patch includes flow
metadata such as the cookie, table_id, and registers.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
With this commit, it is possible to limit flow deletions and
modifications to specific cookies. It also provides the ability to
dump flows based on their cookies.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Add support matching the IPv4 TTL and IPv6 hop limit fields. This
commit also adds support for modifying the IPv4 TTL. Modifying the IPv6
hop limit isn't currently supported, since we don't support modifying
IPv6 headers.
We will likely want to change the user-space interface, since basic
matching and setting the TTL are not generally useful. We will probably
want the ability to match on extraordinary events (such as TTL of 0 or 1)
and a decrement action.
Feature #8024
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Some invalid ports (those above the maximum port number supported by the
datapath, including OpenFlow reserved ports that are not translated by OVS
into some other number) will be rejected by the datapath. It's better to
catch these early and send back an appropriate OpenFlow error code, rather
than to just get EINVAL from the kernel and have to guess at the problem.
Reported-by: Aaron Rosen <arosen@clemson.edu>
The exit action causes the switch to immediately halt processing of
further actions. It's intended to be used in conjunction with
multi table support. It allows a table to force tables which call
it to discontinue processing a flow.
This patch special cases OFPP_NONE to be always up in bundle
actions. Presumably, if a controller put OFPP_NONE in their bundle
action, they want it to be an available choice.
This patch also adds documentation to the bundle action about slave
liveness.
Until now, OVS has handled IP fragments more awkwardly than necessary. It
has not been possible to match on L4 headers, even in fragments with offset
0 where they are actually present. This means that there was no way to
implement ACLs that treat, say, different TCP ports differently, on
fragmented traffic; instead, all decisions for fragment forwarding had to
be made on the basis of L2 and L3 headers alone.
This commit improves the situation significantly. It is still not possible
to match on L4 headers in fragments with nonzero offset, because that
information is simply not present in such fragments, but this commit adds
the ability to match on L4 headers for fragments with zero offset. This
means that it becomes possible to implement ACLs that drop such "first
fragments" on the basis of L4 headers. In practice, that effectively
blocks even fragmented traffic on an L4 basis, because the receiving IP
stack cannot reassemble a full packet when the first fragment is missing.
This commit works by adding a new "fragment type" to the kernel flow match
and making it available through OpenFlow as a new NXM field named
NXM_NX_IP_FRAG. Because OpenFlow 1.0 explicitly says that the L4 fields
are always 0 for IP fragments, it adds a new OpenFlow fragment handling
mode that fills in the L4 fields for "first fragments". It also enhances
ovs-ofctl to allow users to configure this new fragment handling mode and
to parse the new field.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Bug #7557.
These macros caused trouble if datapath-protocol.h was included before
openflow.h. Later references to the icmp_type and icmp_code members of
struct ovs_key_icmp caused compiler errors, because the macros caused them
to try to refer to nonexistent tp_src and tp_dst members in those
structures.
There are a few loose ends here. First, learning actions cause too much
flow revalidation. Upcoming commits will fix that problem. The following
additional issues have not yet been addressed:
* Resource limits: nothing yet limits the maximum number of flows that
can be learned. It is possible to exhaust all system memory.
* Age reporting: there is no way to find out how soon a learned table
entry is due to be evicted.
To try this action out, here's a recipe for a very simple-minded MAC
learning switch. It uses a 10-second MAC expiration time to make it easier
to see what's going on:
ovs-vsctl del-controller br0
ovs-ofctl del-flows br0
ovs-ofctl add-flow br0 "table=0 actions=learn(table=1, hard_timeout=10, \
NXM_OF_VLAN_TCI[0..11], NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], \
output:NXM_OF_IN_PORT[]), resubmit(,1)"
ovs-ofctl add-flow br0 "table=1 priority=0 actions=flood"
You can then dump the MAC learning table with:
ovs-ofctl dump-flows br0 table=1
The code and the specification say that nxm_length includes both value
and mask, but this example showed nxm_length only including the value.
This commit fixes it.
Reported-by: Justin Pettit <jpettit@nicira.com>
Until now, fields writable by actions defined in terms of NXM field
numbers were special cases, but commit b3e9b2eda9 "ofproto: Optimize
datapath actions" had the side effect of making it easy to modify
additional fields. This commit takes advantage of that to make
modifiable all the fields that the kernel datapath supports modifying.
We could make other fields modifiable by adding more support to the kernel
datapath.
This patch creates two new helper functions, nxm_reg_load() and
nxm_dst_check(). The new nxm_dst_check() function may be used to
check the validity of destination fields used by actions. The new
nxm_reg_load() function may be used by actions which need to write
to NXM fields.
This patch also allows multipath and autopath to write their result
to non-register NXM fields.
This patch creates a new action called "bundle". Bundles are a way
to implement a simple form of multipath in OpenFlow by grouping
several ports in a single output-like action.
Future patches will use nx_hash_fields for non-multipath related
actions. This patch renames nx_mp_fields and creates a new
flow_hash_fields() function.
Some hardware supports reporting packet or byte counters but not both, so
OVS has to be prepared for that.
Suggested-by: Justin Pettit <jpettit@nicira.com>
An upcoming patch will make stats messages much more like other messages,
in that their structures will include all of the headers. This means that
struct ofp_aggregate_stats_reply will no longer be appropriate as a
member of struct nx_aggregate_stats_reply, because it will then include
those additional header members.
Also, struct nx_aggregate_stats_reply doesn't need to use the special
ovs_32aligned_be64 type, since its 64-bit members are correctly aligned,
which is another reasonable reason to keep it separate.
These structures for OpenFlow stats requests and replies have identical
memebers, but until now they have been separate structures. Since in some
cases we actually want to treat both of them the same way, this has led
to various kinds of awkwardness. This commit merges them into a new
"struct ofp_stats_msg" and fixes up the users.
We don't know of anyone using this command in production yet, so it seems
reasonable to give it a new number instead of coping with it having a
conflicting number.
The NXAST_DROP_SPOOFED_ARP action has been deprecated in favor of
defining flows using the NXM_NX_ARP_SHA flow match for a while. This
commit removes it.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
I know already that this breaks the statsfixes that were implemented by the
following commits:
827ab71c97 "ofproto: Datapath statistics accounted twice."
6f1435fc8f "ofproto: Resubmit statistics improperly account during..."
These were already broken in a previous merge. I will work on a fix.
I've been reluctant in the past to make wholesale changes to openflow.h
because it would be a divergence from upstream that would make comparisons
and merges more difficult. But, in practice, no one does such comparisons
and no merges happen (because OpenFlow 1.0 is not changing). I'd still be
inclined to resist, except that in this series I'm adding actual checking
for byte order conventions (as opposed to just documentation).
This implements basic multiple table support in ofproto and supporting
libraries and utilities. The design is the same as the one that has been
on the Open vSwitch "wdp" branch for a long time. There is no support for
multiple tables in the software switch implementation (ofproto-dpif), only
a set of hooks for other switch implementations to use.
To allow controllers to add flows in a particular table, Open vSwitch adds
an OpenFlow 1.0 extension called NXT_FLOW_MOD_TABLE_ID.
