2009-07-08 13:19:16 -07:00
|
|
|
|
/*
|
2017-04-17 16:06:35 -07:00
|
|
|
|
* Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 Nicira, Inc.
|
2009-07-08 13:19:16 -07:00
|
|
|
|
*
|
2009-06-15 15:11:30 -07:00
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
|
* You may obtain a copy of the License at:
|
2009-07-08 13:19:16 -07:00
|
|
|
|
*
|
2009-06-15 15:11:30 -07:00
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
*
|
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
|
* limitations under the License.
|
2009-07-08 13:19:16 -07:00
|
|
|
|
*/
|
|
|
|
|
|
#ifndef FLOW_H
|
|
|
|
|
|
#define FLOW_H 1
|
|
|
|
|
|
|
2010-02-12 12:51:36 -08:00
|
|
|
|
#include <sys/types.h>
|
2009-07-08 13:19:16 -07:00
|
|
|
|
#include <netinet/in.h>
|
2016-07-02 11:35:29 -07:00
|
|
|
|
#include <netinet/icmp6.h>
|
2009-07-08 13:19:16 -07:00
|
|
|
|
#include <stdbool.h>
|
|
|
|
|
|
#include <stdint.h>
|
|
|
|
|
|
#include <string.h>
|
2015-08-25 13:55:03 -07:00
|
|
|
|
#include "bitmap.h"
|
2013-09-25 15:07:21 -07:00
|
|
|
|
#include "byte-order.h"
|
2016-04-04 21:32:03 -04:00
|
|
|
|
#include "openvswitch/compiler.h"
|
2010-04-12 11:49:16 -04:00
|
|
|
|
#include "openflow/nicira-ext.h"
|
2009-07-08 13:19:16 -07:00
|
|
|
|
#include "openflow/openflow.h"
|
2016-04-04 21:32:03 -04:00
|
|
|
|
#include "openvswitch/flow.h"
|
2014-04-18 08:26:56 -07:00
|
|
|
|
#include "packets.h"
|
2009-07-08 13:19:16 -07:00
|
|
|
|
#include "hash.h"
|
|
|
|
|
|
#include "util.h"
|
|
|
|
|
|
|
2011-01-26 07:11:50 -08:00
|
|
|
|
struct dpif_flow_stats;
|
dpctl: Properly reflect a rule's offloaded to HW state
Previously, any rule that is offloaded via a netdev, not necessarily
to the HW, would be reported as "offloaded". This patch fixes this
misalignment, and introduces the 'dp' state, as follows:
rule is in HW via TC offload -> offloaded=yes dp:tc
rule is in not HW over TC DP -> offloaded=no dp:tc
rule is in not HW over OVS DP -> offloaded=no dp:ovs
To achieve this, the flows's 'offloaded' flag was encapsulated in a new
attrs struct, which contains the offloaded state of the flow and the
DP layer the flow is handled in, and instead of setting the flow's
'offloaded' state based solely on the type of dump it was acquired
via, for netdev flows it now sends the new attrs struct to be
collected along with the rest of the flow via the netdev, allowing
it to be set per flow.
For TC offloads, the offloaded state is set based on the 'in_hw' and
'not_in_hw' flags received from the TC as part of the flower. If no
such flag was received, due to lack of kernel support, it defaults
to true.
Signed-off-by: Gavi Teitz <gavi@mellanox.com>
Acked-by: Roi Dayan <roid@mellanox.com>
[simon: resolved conflict in lib/dpctl.man]
Signed-off-by: Simon Horman <simon.horman@netronome.com>
2018-06-07 09:36:59 +03:00
|
|
|
|
struct dpif_flow_attrs;
|
2009-07-08 13:19:16 -07:00
|
|
|
|
struct ds;
|
2010-11-08 10:37:35 -08:00
|
|
|
|
struct flow_wildcards;
|
2012-09-04 12:43:53 -07:00
|
|
|
|
struct minimask;
|
2015-02-22 03:21:09 -08:00
|
|
|
|
struct dp_packet;
|
2017-05-31 16:06:12 -07:00
|
|
|
|
struct ofputil_port_map;
|
2014-02-26 18:08:04 -08:00
|
|
|
|
struct pkt_metadata;
|
2015-05-15 17:03:17 -07:00
|
|
|
|
struct match;
|
2009-07-08 13:19:16 -07:00
|
|
|
|
|
2014-09-20 07:30:02 +00:00
|
|
|
|
/* Some flow fields are mutually exclusive or only appear within the flow
|
|
|
|
|
|
* pipeline. IPv6 headers are bigger than IPv4 and MPLS, and IPv6 ND packets
|
|
|
|
|
|
* are bigger than TCP,UDP and IGMP packets. */
|
2015-01-06 11:10:42 -08:00
|
|
|
|
#define FLOW_MAX_PACKET_U64S (FLOW_U64S \
|
|
|
|
|
|
/* Unused in datapath */ - FLOW_U64_SIZE(regs) \
|
|
|
|
|
|
- FLOW_U64_SIZE(metadata) \
|
|
|
|
|
|
/* L2.5/3 */ - FLOW_U64_SIZE(nw_src) /* incl. nw_dst */ \
|
|
|
|
|
|
- FLOW_U64_SIZE(mpls_lse) \
|
|
|
|
|
|
/* L4 */ - FLOW_U64_SIZE(tp_src) \
|
2014-09-20 07:30:02 +00:00
|
|
|
|
)
|
|
|
|
|
|
|
2015-01-06 11:10:42 -08:00
|
|
|
|
extern const uint8_t flow_segment_u64s[];
|
2010-10-11 13:31:35 -07:00
|
|
|
|
|
2017-03-01 17:47:59 -05:00
|
|
|
|
/* Configured maximum VLAN headers. */
|
|
|
|
|
|
extern int flow_vlan_limit;
|
|
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
#define FLOW_U64_OFFSET(FIELD) \
|
|
|
|
|
|
(offsetof(struct flow, FIELD) / sizeof(uint64_t))
|
|
|
|
|
|
#define FLOW_U64_OFFREM(FIELD) \
|
|
|
|
|
|
(offsetof(struct flow, FIELD) % sizeof(uint64_t))
|
|
|
|
|
|
|
|
|
|
|
|
/* Number of 64-bit units spanned by a 'FIELD'. */
|
|
|
|
|
|
#define FLOW_U64_SIZE(FIELD) \
|
|
|
|
|
|
DIV_ROUND_UP(FLOW_U64_OFFREM(FIELD) + MEMBER_SIZEOF(struct flow, FIELD), \
|
|
|
|
|
|
sizeof(uint64_t))
|
|
|
|
|
|
|
2015-02-22 03:21:09 -08:00
|
|
|
|
void flow_extract(struct dp_packet *, struct flow *);
|
2013-01-25 16:22:07 +09:00
|
|
|
|
|
2011-08-19 09:39:16 -07:00
|
|
|
|
void flow_zero_wildcards(struct flow *, const struct flow_wildcards *);
|
2013-12-06 18:53:12 -08:00
|
|
|
|
void flow_unwildcard_tp_ports(const struct flow *, struct flow_wildcards *);
|
2015-05-15 17:03:17 -07:00
|
|
|
|
void flow_get_metadata(const struct flow *, struct match *flow_metadata);
|
2018-10-18 21:43:12 +05:30
|
|
|
|
struct netdev *flow_get_tunnel_netdev(struct flow_tnl *tunnel);
|
2011-08-19 09:39:16 -07:00
|
|
|
|
|
Add support for connection tracking.
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
|
|
|
|
const char *ct_state_to_string(uint32_t state);
|
2017-04-17 16:06:35 -07:00
|
|
|
|
uint32_t ct_state_from_string(const char *);
|
2017-06-27 11:11:32 -07:00
|
|
|
|
bool parse_ct_state(const char *state_str, uint32_t default_state,
|
|
|
|
|
|
uint32_t *ct_state, struct ds *);
|
|
|
|
|
|
bool validate_ct_state(uint32_t state, struct ds *);
|
2017-04-18 11:22:05 -07:00
|
|
|
|
void flow_clear_conntrack(struct flow *);
|
2017-04-17 16:06:35 -07:00
|
|
|
|
|
2017-05-31 16:06:12 -07:00
|
|
|
|
char *flow_to_string(const struct flow *, const struct ofputil_port_map *);
|
2012-11-21 18:51:36 -08:00
|
|
|
|
void format_flags(struct ds *ds, const char *(*bit_to_string)(uint32_t),
|
|
|
|
|
|
uint32_t flags, char del);
|
2013-12-02 15:14:09 -08:00
|
|
|
|
void format_flags_masked(struct ds *ds, const char *name,
|
|
|
|
|
|
const char *(*bit_to_string)(uint32_t),
|
2015-07-11 20:48:29 -07:00
|
|
|
|
uint32_t flags, uint32_t mask, uint32_t max_mask);
|
2017-06-23 16:47:57 +00:00
|
|
|
|
void format_packet_type_masked(struct ds *, ovs_be32 value, ovs_be32 mask);
|
2015-07-11 20:48:29 -07:00
|
|
|
|
int parse_flags(const char *s, const char *(*bit_to_string)(uint32_t),
|
|
|
|
|
|
char end, const char *field_name, char **res_string,
|
|
|
|
|
|
uint32_t *res_flags, uint32_t allowed, uint32_t *res_mask);
|
2012-11-21 18:51:36 -08:00
|
|
|
|
|
2017-05-31 16:06:12 -07:00
|
|
|
|
void flow_format(struct ds *, const struct flow *,
|
|
|
|
|
|
const struct ofputil_port_map *);
|
|
|
|
|
|
void flow_print(FILE *, const struct flow *, const struct ofputil_port_map *);
|
2011-10-25 16:33:38 -07:00
|
|
|
|
static inline int flow_compare_3way(const struct flow *, const struct flow *);
|
2010-09-03 11:30:02 -07:00
|
|
|
|
static inline bool flow_equal(const struct flow *, const struct flow *);
|
|
|
|
|
|
static inline size_t flow_hash(const struct flow *, uint32_t basis);
|
2009-07-08 13:19:16 -07:00
|
|
|
|
|
2018-07-17 02:01:56 +00:00
|
|
|
|
void flow_set_dl_vlan(struct flow *, ovs_be16 vid, int id);
|
2017-03-01 17:47:59 -05:00
|
|
|
|
void flow_fix_vlan_tpid(struct flow *);
|
2012-07-22 23:20:22 -07:00
|
|
|
|
void flow_set_vlan_vid(struct flow *, ovs_be16 vid);
|
2018-07-17 02:01:56 +00:00
|
|
|
|
void flow_set_vlan_pcp(struct flow *, uint8_t pcp, int id);
|
2011-11-21 14:14:02 -08:00
|
|
|
|
|
2017-03-01 17:47:59 -05:00
|
|
|
|
void flow_limit_vlans(int vlan_limit);
|
|
|
|
|
|
int flow_count_vlan_headers(const struct flow *);
|
|
|
|
|
|
void flow_skip_common_vlan_headers(const struct flow *a, int *p_an,
|
|
|
|
|
|
const struct flow *b, int *p_bn);
|
|
|
|
|
|
void flow_pop_vlan(struct flow*, struct flow_wildcards*);
|
|
|
|
|
|
void flow_push_vlan_uninit(struct flow*, struct flow_wildcards*);
|
|
|
|
|
|
|
2014-02-04 10:32:35 -08:00
|
|
|
|
int flow_count_mpls_labels(const struct flow *, struct flow_wildcards *);
|
|
|
|
|
|
int flow_count_common_mpls_labels(const struct flow *a, int an,
|
|
|
|
|
|
const struct flow *b, int bn,
|
|
|
|
|
|
struct flow_wildcards *wc);
|
|
|
|
|
|
void flow_push_mpls(struct flow *, int n, ovs_be16 mpls_eth_type,
|
mpls: Fix MPLS restoration after patch port and group bucket.
This patch fixes problems with MPLS handling related to patch ports
and group buckets.
If a group bucket or a peer bridge across a patch port pushes MPLS
headers to a non-MPLS packet and outputs, the flow translation after
returning from the group bucket or patch port would undo the packet
transformations so that the processing could continue with the packet
as it was before entering the patch port. There were two problems
with this:
1. As part of the first MPLS push on a non-MPLS packet, the flow
translation would first clear the L3/4 headers of the 'flow' to mark
those fields invalid. Later, when committing 'flow' changes to
datapath actions before output, the necessary datapath MPLS actions
are created and the corresponding changes updated to the 'base flow'.
This was done using the same flow_push_mpls() function that clears
the L2/3 headers, so also the 'base flow' L2/3 headers were cleared.
Then, when translation returns from a patch port or group bucket, the
original 'flow' is restored, now showing no sign of the MPLS labels.
Since the 'base flow' now has the MPLS labels, following translations
know to issue MPLS POP actions before any output actions. However, as
part of checking for changes to IP headers we test that the IP
protocol type was not changed. But now the 'base flow's 'nw_proto'
field is zero and an assert fail crashes OVS.
This is solved by not clearing the L3/4 fields of the 'base
flow'. This allows the processing after the patch port to continue
with L3/4 fields as if no MPLS was done, after first issuing the
necessary MPLS POP actions.
2. IP header updates were done before the MPLS POP actions were
issued. This caused incorrect packet output after, e.g., group action
or patch port. For example, with actions:
group 1234: all bucket=push_mpls,output:LOCAL
ip actions=group:1234,dec_ttl,output:LOCAL,output:LOCAL
the dec_ttl would only be executed before the last output to LOCAL,
since at the time of committing IP changes after the group action the
packet was still an MPLS packet.
This is solved by checking the dl_type of both 'flow' and 'base flow'
and issuing MPLS actions if they can transform the packet from an MPLS
packet to a non-MPLS packet. For an IP packet the change in ttl can
then be correctly committed before the last two output actions.
Two test cases are added to prevent future regressions.
Reported-by: Thomas Morin <thomas.morin@orange.com>
Suggested-by: Takashi YAMAMOTO <yamamoto@ovn.org>
Fixes: 8bfd0fdac ("Enhance userspace support for MPLS, for up to 3 labels.")
Fixes: 1b035ef20 ("mpls: Allow l3 and l4 actions to prior to a push_mpls action")
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: YAMAMOTO Takashi <yamamoto@ovn.org>
2016-12-01 14:05:24 -08:00
|
|
|
|
struct flow_wildcards *, bool clear_flow_L3);
|
2014-02-04 10:32:35 -08:00
|
|
|
|
bool flow_pop_mpls(struct flow *, int n, ovs_be16 eth_type,
|
|
|
|
|
|
struct flow_wildcards *);
|
|
|
|
|
|
void flow_set_mpls_label(struct flow *, int idx, ovs_be32 label);
|
|
|
|
|
|
void flow_set_mpls_ttl(struct flow *, int idx, uint8_t ttl);
|
|
|
|
|
|
void flow_set_mpls_tc(struct flow *, int idx, uint8_t tc);
|
|
|
|
|
|
void flow_set_mpls_bos(struct flow *, int idx, uint8_t stack);
|
|
|
|
|
|
void flow_set_mpls_lse(struct flow *, int idx, ovs_be32 lse);
|
2013-01-25 16:22:07 +09:00
|
|
|
|
|
2018-01-26 14:36:05 -08:00
|
|
|
|
void flow_compose(struct dp_packet *, const struct flow *,
|
|
|
|
|
|
const void *l7, size_t l7_len);
|
|
|
|
|
|
void packet_expand(struct dp_packet *, const struct flow *, size_t size);
|
2011-09-08 14:32:13 -07:00
|
|
|
|
|
2015-11-15 22:07:25 -08:00
|
|
|
|
bool parse_ipv6_ext_hdrs(const void **datap, size_t *sizep, uint8_t *nw_proto,
|
2019-02-13 15:34:15 -08:00
|
|
|
|
uint8_t *nw_frag,
|
|
|
|
|
|
const struct ovs_16aligned_ip6_frag **frag_hdr);
|
2018-01-11 13:24:01 +08:00
|
|
|
|
bool parse_nsh(const void **datap, size_t *sizep, struct ovs_key_nsh *key);
|
2018-06-25 16:21:05 +03:00
|
|
|
|
uint16_t parse_tcp_flags(struct dp_packet *packet);
|
2015-11-15 22:07:25 -08:00
|
|
|
|
|
2014-07-28 09:50:37 -07:00
|
|
|
|
static inline uint64_t
|
|
|
|
|
|
flow_get_xreg(const struct flow *flow, int idx)
|
|
|
|
|
|
{
|
|
|
|
|
|
return ((uint64_t) flow->regs[idx * 2] << 32) | flow->regs[idx * 2 + 1];
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline void
|
|
|
|
|
|
flow_set_xreg(struct flow *flow, int idx, uint64_t value)
|
|
|
|
|
|
{
|
|
|
|
|
|
flow->regs[idx * 2] = value >> 32;
|
|
|
|
|
|
flow->regs[idx * 2 + 1] = value;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-10-31 04:45:28 -07:00
|
|
|
|
static inline ovs_u128
|
|
|
|
|
|
flow_get_xxreg(const struct flow *flow, int idx)
|
|
|
|
|
|
{
|
|
|
|
|
|
ovs_u128 value;
|
|
|
|
|
|
|
|
|
|
|
|
value.u64.hi = (uint64_t) flow->regs[idx * 4] << 32;
|
|
|
|
|
|
value.u64.hi |= flow->regs[idx * 4 + 1];
|
|
|
|
|
|
value.u64.lo = (uint64_t) flow->regs[idx * 4 + 2] << 32;
|
|
|
|
|
|
value.u64.lo |= flow->regs[idx * 4 + 3];
|
|
|
|
|
|
|
|
|
|
|
|
return value;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline void
|
|
|
|
|
|
flow_set_xxreg(struct flow *flow, int idx, ovs_u128 value)
|
|
|
|
|
|
{
|
|
|
|
|
|
flow->regs[idx * 4] = value.u64.hi >> 32;
|
|
|
|
|
|
flow->regs[idx * 4 + 1] = value.u64.hi;
|
|
|
|
|
|
flow->regs[idx * 4 + 2] = value.u64.lo >> 32;
|
|
|
|
|
|
flow->regs[idx * 4 + 3] = value.u64.lo;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2009-07-08 13:19:16 -07:00
|
|
|
|
static inline int
|
2011-10-25 16:33:38 -07:00
|
|
|
|
flow_compare_3way(const struct flow *a, const struct flow *b)
|
2009-07-08 13:19:16 -07:00
|
|
|
|
{
|
2012-06-18 15:12:57 -07:00
|
|
|
|
return memcmp(a, b, sizeof *a);
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline bool
|
2010-09-03 11:30:02 -07:00
|
|
|
|
flow_equal(const struct flow *a, const struct flow *b)
|
2009-07-08 13:19:16 -07:00
|
|
|
|
{
|
2011-10-25 16:33:38 -07:00
|
|
|
|
return !flow_compare_3way(a, b);
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline size_t
|
2010-09-03 11:30:02 -07:00
|
|
|
|
flow_hash(const struct flow *flow, uint32_t basis)
|
2009-07-08 13:19:16 -07:00
|
|
|
|
{
|
2016-01-18 22:52:48 -08:00
|
|
|
|
return hash_bytes64((const uint64_t *)flow, sizeof *flow, basis);
|
2009-07-08 13:19:16 -07:00
|
|
|
|
}
|
2012-09-04 12:43:53 -07:00
|
|
|
|
|
2013-06-19 16:58:44 -07:00
|
|
|
|
static inline uint16_t
|
|
|
|
|
|
ofp_to_u16(ofp_port_t ofp_port)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (OVS_FORCE uint16_t) ofp_port;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline uint32_t
|
|
|
|
|
|
odp_to_u32(odp_port_t odp_port)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (OVS_FORCE uint32_t) odp_port;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline uint32_t
|
|
|
|
|
|
ofp11_to_u32(ofp11_port_t ofp11_port)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (OVS_FORCE uint32_t) ofp11_port;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline ofp_port_t
|
|
|
|
|
|
u16_to_ofp(uint16_t port)
|
|
|
|
|
|
{
|
|
|
|
|
|
return OFP_PORT_C(port);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline odp_port_t
|
|
|
|
|
|
u32_to_odp(uint32_t port)
|
|
|
|
|
|
{
|
|
|
|
|
|
return ODP_PORT_C(port);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline ofp11_port_t
|
|
|
|
|
|
u32_to_ofp11(uint32_t port)
|
|
|
|
|
|
{
|
|
|
|
|
|
return OFP11_PORT_C(port);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2013-06-22 10:33:27 -07:00
|
|
|
|
static inline uint32_t
|
|
|
|
|
|
hash_ofp_port(ofp_port_t ofp_port)
|
|
|
|
|
|
{
|
|
|
|
|
|
return hash_int(ofp_to_u16(ofp_port), 0);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline uint32_t
|
|
|
|
|
|
hash_odp_port(odp_port_t odp_port)
|
|
|
|
|
|
{
|
|
|
|
|
|
return hash_int(odp_to_u32(odp_port), 0);
|
|
|
|
|
|
}
|
2012-08-07 13:43:18 -07:00
|
|
|
|
�
|
2014-02-26 10:07:38 -08:00
|
|
|
|
uint32_t flow_hash_5tuple(const struct flow *flow, uint32_t basis);
|
2011-02-01 18:50:25 -08:00
|
|
|
|
uint32_t flow_hash_symmetric_l4(const struct flow *flow, uint32_t basis);
|
2018-05-24 17:27:59 +02:00
|
|
|
|
uint32_t flow_hash_symmetric_l2(const struct flow *flow, uint32_t basis);
|
2015-07-06 12:58:24 -05:00
|
|
|
|
uint32_t flow_hash_symmetric_l3l4(const struct flow *flow, uint32_t basis,
|
|
|
|
|
|
bool inc_udp_ports );
|
2018-10-02 09:40:09 -07:00
|
|
|
|
uint32_t flow_hash_symmetric_l3(const struct flow *flow, uint32_t basis);
|
2010-11-03 11:00:58 -07:00
|
|
|
|
|
2013-10-17 14:28:20 -07:00
|
|
|
|
/* Initialize a flow with random fields that matter for nx_hash_fields. */
|
|
|
|
|
|
void flow_random_hash_fields(struct flow *);
|
2013-06-26 16:37:16 -07:00
|
|
|
|
void flow_mask_hash_fields(const struct flow *, struct flow_wildcards *,
|
|
|
|
|
|
enum nx_hash_fields);
|
2011-07-13 16:20:24 -07:00
|
|
|
|
uint32_t flow_hash_fields(const struct flow *, enum nx_hash_fields,
|
|
|
|
|
|
uint16_t basis);
|
|
|
|
|
|
const char *flow_hash_fields_to_str(enum nx_hash_fields);
|
|
|
|
|
|
bool flow_hash_fields_valid(enum nx_hash_fields);
|
2011-06-06 14:21:40 -07:00
|
|
|
|
|
2013-06-10 22:48:58 -07:00
|
|
|
|
uint32_t flow_hash_in_wildcards(const struct flow *,
|
|
|
|
|
|
const struct flow_wildcards *,
|
|
|
|
|
|
uint32_t basis);
|
|
|
|
|
|
|
2012-08-07 13:43:18 -07:00
|
|
|
|
bool flow_equal_except(const struct flow *a, const struct flow *b,
|
|
|
|
|
|
const struct flow_wildcards *);
|
2012-09-04 12:43:53 -07:00
|
|
|
|
�
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* Bitmap for flow values. For each 1-bit the corresponding flow value is
|
|
|
|
|
|
* explicitly specified, other values are zeroes.
|
|
|
|
|
|
*
|
|
|
|
|
|
* map_t must be wide enough to hold any member of struct flow. */
|
|
|
|
|
|
typedef unsigned long long map_t;
|
|
|
|
|
|
#define MAP_T_BITS (sizeof(map_t) * CHAR_BIT)
|
|
|
|
|
|
#define MAP_1 (map_t)1
|
|
|
|
|
|
#define MAP_MAX TYPE_MAXIMUM(map_t)
|
|
|
|
|
|
|
|
|
|
|
|
#define MAP_IS_SET(MAP, IDX) ((MAP) & (MAP_1 << (IDX)))
|
|
|
|
|
|
|
|
|
|
|
|
/* Iterate through the indices of all 1-bits in 'MAP'. */
|
|
|
|
|
|
#define MAP_FOR_EACH_INDEX(IDX, MAP) \
|
|
|
|
|
|
ULLONG_FOR_EACH_1(IDX, MAP)
|
|
|
|
|
|
|
|
|
|
|
|
#define FLOWMAP_UNITS DIV_ROUND_UP(FLOW_U64S, MAP_T_BITS)
|
|
|
|
|
|
|
|
|
|
|
|
struct flowmap {
|
|
|
|
|
|
map_t bits[FLOWMAP_UNITS];
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
#define FLOWMAP_EMPTY_INITIALIZER { { 0 } }
|
|
|
|
|
|
|
|
|
|
|
|
static inline void flowmap_init(struct flowmap *);
|
|
|
|
|
|
static inline bool flowmap_equal(struct flowmap, struct flowmap);
|
|
|
|
|
|
static inline bool flowmap_is_set(const struct flowmap *, size_t idx);
|
|
|
|
|
|
static inline bool flowmap_are_set(const struct flowmap *, size_t idx,
|
|
|
|
|
|
unsigned int n_bits);
|
|
|
|
|
|
static inline void flowmap_set(struct flowmap *, size_t idx,
|
|
|
|
|
|
unsigned int n_bits);
|
|
|
|
|
|
static inline void flowmap_clear(struct flowmap *, size_t idx,
|
|
|
|
|
|
unsigned int n_bits);
|
|
|
|
|
|
static inline struct flowmap flowmap_or(struct flowmap, struct flowmap);
|
|
|
|
|
|
static inline struct flowmap flowmap_and(struct flowmap, struct flowmap);
|
|
|
|
|
|
static inline bool flowmap_is_empty(struct flowmap);
|
|
|
|
|
|
static inline unsigned int flowmap_n_1bits(struct flowmap);
|
|
|
|
|
|
|
|
|
|
|
|
#define FLOWMAP_HAS_FIELD(FM, FIELD) \
|
|
|
|
|
|
flowmap_are_set(FM, FLOW_U64_OFFSET(FIELD), FLOW_U64_SIZE(FIELD))
|
|
|
|
|
|
|
|
|
|
|
|
#define FLOWMAP_SET(FM, FIELD) \
|
|
|
|
|
|
flowmap_set(FM, FLOW_U64_OFFSET(FIELD), FLOW_U64_SIZE(FIELD))
|
|
|
|
|
|
|
|
|
|
|
|
#define FLOWMAP_SET__(FM, FIELD, SIZE) \
|
|
|
|
|
|
flowmap_set(FM, FLOW_U64_OFFSET(FIELD), \
|
|
|
|
|
|
DIV_ROUND_UP(SIZE, sizeof(uint64_t)))
|
|
|
|
|
|
|
|
|
|
|
|
/* XXX: Only works for full 64-bit units. */
|
|
|
|
|
|
#define FLOWMAP_CLEAR(FM, FIELD) \
|
|
|
|
|
|
BUILD_ASSERT_DECL(FLOW_U64_OFFREM(FIELD) == 0); \
|
|
|
|
|
|
BUILD_ASSERT_DECL(sizeof(((struct flow *)0)->FIELD) % sizeof(uint64_t) == 0); \
|
|
|
|
|
|
flowmap_clear(FM, FLOW_U64_OFFSET(FIELD), FLOW_U64_SIZE(FIELD))
|
|
|
|
|
|
|
|
|
|
|
|
/* Iterate through all units in 'FMAP'. */
|
|
|
|
|
|
#define FLOWMAP_FOR_EACH_UNIT(UNIT) \
|
|
|
|
|
|
for ((UNIT) = 0; (UNIT) < FLOWMAP_UNITS; (UNIT)++)
|
|
|
|
|
|
|
|
|
|
|
|
/* Iterate through all map units in 'FMAP'. */
|
|
|
|
|
|
#define FLOWMAP_FOR_EACH_MAP(MAP, FLOWMAP) \
|
|
|
|
|
|
for (size_t unit__ = 0; \
|
|
|
|
|
|
unit__ < FLOWMAP_UNITS && ((MAP) = (FLOWMAP).bits[unit__], true); \
|
|
|
|
|
|
unit__++)
|
|
|
|
|
|
|
|
|
|
|
|
struct flowmap_aux;
|
|
|
|
|
|
static inline bool flowmap_next_index(struct flowmap_aux *, size_t *idx);
|
|
|
|
|
|
|
|
|
|
|
|
#define FLOWMAP_AUX_INITIALIZER(FLOWMAP) { .unit = 0, .map = (FLOWMAP) }
|
|
|
|
|
|
|
|
|
|
|
|
/* Iterate through all struct flow u64 indices specified by 'MAP'. This is a
|
|
|
|
|
|
* slower but easier version of the FLOWMAP_FOR_EACH_MAP() &
|
|
|
|
|
|
* MAP_FOR_EACH_INDEX() combination. */
|
|
|
|
|
|
#define FLOWMAP_FOR_EACH_INDEX(IDX, MAP) \
|
|
|
|
|
|
for (struct flowmap_aux aux__ = FLOWMAP_AUX_INITIALIZER(MAP); \
|
|
|
|
|
|
flowmap_next_index(&aux__, &(IDX));)
|
|
|
|
|
|
|
|
|
|
|
|
/* Flowmap inline implementations. */
|
|
|
|
|
|
static inline void
|
|
|
|
|
|
flowmap_init(struct flowmap *fm)
|
|
|
|
|
|
{
|
|
|
|
|
|
memset(fm, 0, sizeof *fm);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline bool
|
|
|
|
|
|
flowmap_equal(struct flowmap a, struct flowmap b)
|
|
|
|
|
|
{
|
|
|
|
|
|
return !memcmp(&a, &b, sizeof a);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline bool
|
|
|
|
|
|
flowmap_is_set(const struct flowmap *fm, size_t idx)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (fm->bits[idx / MAP_T_BITS] & (MAP_1 << (idx % MAP_T_BITS))) != 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Returns 'true' if any of the 'n_bits' bits starting at 'idx' are set in
|
|
|
|
|
|
* 'fm'. 'n_bits' can be at most MAP_T_BITS. */
|
|
|
|
|
|
static inline bool
|
|
|
|
|
|
flowmap_are_set(const struct flowmap *fm, size_t idx, unsigned int n_bits)
|
|
|
|
|
|
{
|
|
|
|
|
|
map_t n_bits_mask = (MAP_1 << n_bits) - 1;
|
|
|
|
|
|
size_t unit = idx / MAP_T_BITS;
|
|
|
|
|
|
|
|
|
|
|
|
idx %= MAP_T_BITS;
|
2012-09-04 12:43:53 -07:00
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
if (fm->bits[unit] & (n_bits_mask << idx)) {
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
2015-08-27 10:48:03 -07:00
|
|
|
|
/* The seemingly unnecessary bounds check on 'unit' is a workaround for a
|
|
|
|
|
|
* false-positive array out of bounds error by GCC 4.9. */
|
|
|
|
|
|
if (unit + 1 < FLOWMAP_UNITS && idx + n_bits > MAP_T_BITS) {
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* Check the remaining bits from the next unit. */
|
|
|
|
|
|
return fm->bits[unit + 1] & (n_bits_mask >> (MAP_T_BITS - idx));
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
2015-07-17 15:18:43 -07:00
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* Set the 'n_bits' consecutive bits in 'fm', starting at bit 'idx'.
|
|
|
|
|
|
* 'n_bits' can be at most MAP_T_BITS. */
|
|
|
|
|
|
static inline void
|
|
|
|
|
|
flowmap_set(struct flowmap *fm, size_t idx, unsigned int n_bits)
|
|
|
|
|
|
{
|
|
|
|
|
|
map_t n_bits_mask = (MAP_1 << n_bits) - 1;
|
|
|
|
|
|
size_t unit = idx / MAP_T_BITS;
|
|
|
|
|
|
|
|
|
|
|
|
idx %= MAP_T_BITS;
|
|
|
|
|
|
|
|
|
|
|
|
fm->bits[unit] |= n_bits_mask << idx;
|
2015-08-27 10:48:03 -07:00
|
|
|
|
/* The seemingly unnecessary bounds check on 'unit' is a workaround for a
|
|
|
|
|
|
* false-positive array out of bounds error by GCC 4.9. */
|
|
|
|
|
|
if (unit + 1 < FLOWMAP_UNITS && idx + n_bits > MAP_T_BITS) {
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* 'MAP_T_BITS - idx' bits were set on 'unit', set the remaining
|
|
|
|
|
|
* bits from the next unit. */
|
|
|
|
|
|
fm->bits[unit + 1] |= n_bits_mask >> (MAP_T_BITS - idx);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Clears the 'n_bits' consecutive bits in 'fm', starting at bit 'idx'.
|
|
|
|
|
|
* 'n_bits' can be at most MAP_T_BITS. */
|
|
|
|
|
|
static inline void
|
|
|
|
|
|
flowmap_clear(struct flowmap *fm, size_t idx, unsigned int n_bits)
|
|
|
|
|
|
{
|
|
|
|
|
|
map_t n_bits_mask = (MAP_1 << n_bits) - 1;
|
|
|
|
|
|
size_t unit = idx / MAP_T_BITS;
|
|
|
|
|
|
|
|
|
|
|
|
idx %= MAP_T_BITS;
|
|
|
|
|
|
|
|
|
|
|
|
fm->bits[unit] &= ~(n_bits_mask << idx);
|
2015-08-27 10:48:03 -07:00
|
|
|
|
/* The seemingly unnecessary bounds check on 'unit' is a workaround for a
|
|
|
|
|
|
* false-positive array out of bounds error by GCC 4.9. */
|
|
|
|
|
|
if (unit + 1 < FLOWMAP_UNITS && idx + n_bits > MAP_T_BITS) {
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* 'MAP_T_BITS - idx' bits were cleared on 'unit', clear the
|
|
|
|
|
|
* remaining bits from the next unit. */
|
|
|
|
|
|
fm->bits[unit + 1] &= ~(n_bits_mask >> (MAP_T_BITS - idx));
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* OR the bits in the flowmaps. */
|
|
|
|
|
|
static inline struct flowmap
|
2015-08-30 07:40:31 -07:00
|
|
|
|
flowmap_or(struct flowmap a, struct flowmap b)
|
2015-08-25 13:55:03 -07:00
|
|
|
|
{
|
|
|
|
|
|
struct flowmap map;
|
|
|
|
|
|
size_t unit;
|
|
|
|
|
|
|
|
|
|
|
|
FLOWMAP_FOR_EACH_UNIT (unit) {
|
|
|
|
|
|
map.bits[unit] = a.bits[unit] | b.bits[unit];
|
|
|
|
|
|
}
|
|
|
|
|
|
return map;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* AND the bits in the flowmaps. */
|
|
|
|
|
|
static inline struct flowmap
|
2015-08-30 07:40:31 -07:00
|
|
|
|
flowmap_and(struct flowmap a, struct flowmap b)
|
2015-08-25 13:55:03 -07:00
|
|
|
|
{
|
|
|
|
|
|
struct flowmap map;
|
|
|
|
|
|
size_t unit;
|
|
|
|
|
|
|
|
|
|
|
|
FLOWMAP_FOR_EACH_UNIT (unit) {
|
|
|
|
|
|
map.bits[unit] = a.bits[unit] & b.bits[unit];
|
|
|
|
|
|
}
|
|
|
|
|
|
return map;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline bool
|
2015-08-30 07:40:31 -07:00
|
|
|
|
flowmap_is_empty(struct flowmap fm)
|
2015-08-25 13:55:03 -07:00
|
|
|
|
{
|
|
|
|
|
|
map_t map;
|
|
|
|
|
|
|
|
|
|
|
|
FLOWMAP_FOR_EACH_MAP (map, fm) {
|
|
|
|
|
|
if (map) {
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline unsigned int
|
|
|
|
|
|
flowmap_n_1bits(struct flowmap fm)
|
|
|
|
|
|
{
|
|
|
|
|
|
unsigned int n_1bits = 0;
|
|
|
|
|
|
size_t unit;
|
|
|
|
|
|
|
|
|
|
|
|
FLOWMAP_FOR_EACH_UNIT (unit) {
|
|
|
|
|
|
n_1bits += count_1bits(fm.bits[unit]);
|
|
|
|
|
|
}
|
|
|
|
|
|
return n_1bits;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct flowmap_aux {
|
|
|
|
|
|
size_t unit;
|
|
|
|
|
|
struct flowmap map;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
static inline bool
|
|
|
|
|
|
flowmap_next_index(struct flowmap_aux *aux, size_t *idx)
|
|
|
|
|
|
{
|
|
|
|
|
|
for (;;) {
|
|
|
|
|
|
map_t *map = &aux->map.bits[aux->unit];
|
|
|
|
|
|
if (*map) {
|
|
|
|
|
|
*idx = aux->unit * MAP_T_BITS + raw_ctz(*map);
|
|
|
|
|
|
*map = zero_rightmost_1bit(*map);
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
if (++aux->unit >= FLOWMAP_UNITS) {
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
�
|
|
|
|
|
|
/* Compressed flow. */
|
2012-09-04 12:43:53 -07:00
|
|
|
|
|
|
|
|
|
|
/* A sparse representation of a "struct flow".
|
|
|
|
|
|
*
|
|
|
|
|
|
* A "struct flow" is fairly large and tends to be mostly zeros. Sparse
|
2015-07-15 13:17:01 -07:00
|
|
|
|
* representation has two advantages. First, it saves memory and, more
|
|
|
|
|
|
* importantly, minimizes the number of accessed cache lines. Second, it saves
|
|
|
|
|
|
* time when the goal is to iterate over only the nonzero parts of the struct.
|
2012-09-04 12:43:53 -07:00
|
|
|
|
*
|
2015-08-25 13:55:03 -07:00
|
|
|
|
* The map member hold one bit for each uint64_t in a "struct flow". Each
|
2015-01-06 11:10:42 -08:00
|
|
|
|
* 0-bit indicates that the corresponding uint64_t is zero, each 1-bit that it
|
2014-04-29 15:50:39 -07:00
|
|
|
|
* *may* be nonzero (see below how this applies to minimasks).
|
2012-09-04 12:43:53 -07:00
|
|
|
|
*
|
2015-08-25 13:55:03 -07:00
|
|
|
|
* The values indicated by 'map' always follow the miniflow in memory. The
|
|
|
|
|
|
* user of the miniflow is responsible for always having enough storage after
|
|
|
|
|
|
* the struct miniflow corresponding to the number of 1-bits in maps.
|
2015-07-17 15:18:43 -07:00
|
|
|
|
*
|
2014-04-29 15:50:39 -07:00
|
|
|
|
* Elements in values array are allowed to be zero. This is useful for "struct
|
2013-02-06 16:13:19 -08:00
|
|
|
|
* minimatch", for which ensuring that the miniflow and minimask members have
|
2015-07-17 15:18:43 -07:00
|
|
|
|
* same maps allows optimization. This allowance applies only to a miniflow
|
2015-07-16 17:42:24 -07:00
|
|
|
|
* that is not a mask. That is, a minimask may NOT have zero elements in its
|
2015-07-17 15:18:43 -07:00
|
|
|
|
* values.
|
2015-07-15 13:17:01 -07:00
|
|
|
|
*
|
2015-07-17 15:18:43 -07:00
|
|
|
|
* A miniflow is always dynamically allocated so that the maps are followed by
|
|
|
|
|
|
* at least as many elements as there are 1-bits in maps. */
|
2012-09-04 12:43:53 -07:00
|
|
|
|
struct miniflow {
|
2015-08-25 13:55:03 -07:00
|
|
|
|
struct flowmap map;
|
2015-07-17 15:18:43 -07:00
|
|
|
|
/* Followed by:
|
|
|
|
|
|
* uint64_t values[n];
|
|
|
|
|
|
* where 'n' is miniflow_n_values(miniflow). */
|
2012-09-04 12:43:53 -07:00
|
|
|
|
};
|
2015-08-25 13:55:03 -07:00
|
|
|
|
BUILD_ASSERT_DECL(sizeof(struct miniflow) % sizeof(uint64_t) == 0);
|
2012-09-04 12:43:53 -07:00
|
|
|
|
|
2015-01-06 11:10:42 -08:00
|
|
|
|
#define MINIFLOW_VALUES_SIZE(COUNT) ((COUNT) * sizeof(uint64_t))
|
2014-04-29 15:50:39 -07:00
|
|
|
|
|
2015-07-16 17:42:24 -07:00
|
|
|
|
static inline uint64_t *miniflow_values(struct miniflow *mf)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (uint64_t *)(mf + 1);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline const uint64_t *miniflow_get_values(const struct miniflow *mf)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (const uint64_t *)(mf + 1);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-04-18 08:26:56 -07:00
|
|
|
|
struct pkt_metadata;
|
|
|
|
|
|
|
2015-07-15 13:17:01 -07:00
|
|
|
|
/* The 'dst' must follow with buffer space for FLOW_U64S 64-bit units.
|
|
|
|
|
|
* 'dst->map' is ignored on input and set on output to indicate which fields
|
|
|
|
|
|
* were extracted. */
|
2015-02-22 03:21:09 -08:00
|
|
|
|
void miniflow_extract(struct dp_packet *packet, struct miniflow *dst);
|
2015-07-15 13:17:01 -07:00
|
|
|
|
void miniflow_map_init(struct miniflow *, const struct flow *);
|
2015-08-25 13:55:03 -07:00
|
|
|
|
void flow_wc_map(const struct flow *, struct flowmap *);
|
2015-07-15 13:17:01 -07:00
|
|
|
|
size_t miniflow_alloc(struct miniflow *dsts[], size_t n,
|
|
|
|
|
|
const struct miniflow *src);
|
|
|
|
|
|
void miniflow_init(struct miniflow *, const struct flow *);
|
2015-07-15 13:17:01 -07:00
|
|
|
|
void miniflow_clone(struct miniflow *, const struct miniflow *,
|
|
|
|
|
|
size_t n_values);
|
2015-07-15 13:17:01 -07:00
|
|
|
|
struct miniflow * miniflow_create(const struct flow *);
|
2012-09-04 12:43:53 -07:00
|
|
|
|
|
|
|
|
|
|
void miniflow_expand(const struct miniflow *, struct flow *);
|
|
|
|
|
|
|
2015-01-06 11:10:42 -08:00
|
|
|
|
static inline uint64_t flow_u64_value(const struct flow *flow, size_t index)
|
2014-06-13 10:38:05 -07:00
|
|
|
|
{
|
2015-07-17 15:18:43 -07:00
|
|
|
|
return ((uint64_t *)flow)[index];
|
2014-06-13 10:38:05 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2015-01-06 11:10:42 -08:00
|
|
|
|
static inline uint64_t *flow_u64_lvalue(struct flow *flow, size_t index)
|
2014-06-13 10:38:05 -07:00
|
|
|
|
{
|
2015-07-17 15:18:43 -07:00
|
|
|
|
return &((uint64_t *)flow)[index];
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline size_t
|
|
|
|
|
|
miniflow_n_values(const struct miniflow *flow)
|
|
|
|
|
|
{
|
2015-08-25 13:55:03 -07:00
|
|
|
|
return flowmap_n_1bits(flow->map);
|
2015-07-17 15:18:43 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct flow_for_each_in_maps_aux {
|
2015-08-25 13:55:03 -07:00
|
|
|
|
const struct flow *flow;
|
|
|
|
|
|
struct flowmap_aux map_aux;
|
2015-07-17 15:18:43 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
2014-05-28 16:56:29 -07:00
|
|
|
|
static inline bool
|
2015-07-17 15:18:43 -07:00
|
|
|
|
flow_values_get_next_in_maps(struct flow_for_each_in_maps_aux *aux,
|
|
|
|
|
|
uint64_t *value)
|
2014-04-29 15:50:39 -07:00
|
|
|
|
{
|
2015-08-25 13:55:03 -07:00
|
|
|
|
size_t idx;
|
|
|
|
|
|
|
|
|
|
|
|
if (flowmap_next_index(&aux->map_aux, &idx)) {
|
|
|
|
|
|
*value = flow_u64_value(aux->flow, idx);
|
2014-04-29 15:50:39 -07:00
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* Iterate through all flow u64 values specified by 'MAPS'. */
|
2015-07-17 15:18:43 -07:00
|
|
|
|
#define FLOW_FOR_EACH_IN_MAPS(VALUE, FLOW, MAPS) \
|
|
|
|
|
|
for (struct flow_for_each_in_maps_aux aux__ \
|
2015-08-25 13:55:03 -07:00
|
|
|
|
= { (FLOW), FLOWMAP_AUX_INITIALIZER(MAPS) }; \
|
2015-07-17 15:18:43 -07:00
|
|
|
|
flow_values_get_next_in_maps(&aux__, &(VALUE));)
|
2014-04-29 15:50:39 -07:00
|
|
|
|
|
2014-10-07 12:59:14 -07:00
|
|
|
|
struct mf_for_each_in_map_aux {
|
2016-10-18 17:31:42 +01:00
|
|
|
|
size_t unit; /* Current 64-bit unit of the flowmaps
|
|
|
|
|
|
being processed. */
|
|
|
|
|
|
struct flowmap fmap; /* Remaining 1-bits corresponding to the
|
|
|
|
|
|
64-bit words in ‘values’ */
|
|
|
|
|
|
struct flowmap map; /* Remaining 1-bits corresponding to the
|
|
|
|
|
|
64-bit words of interest. */
|
|
|
|
|
|
const uint64_t *values; /* 64-bit words corresponding to the
|
|
|
|
|
|
1-bits in ‘fmap’. */
|
2014-10-07 12:59:14 -07:00
|
|
|
|
};
|
2014-04-18 08:26:56 -07:00
|
|
|
|
|
2016-10-18 17:31:42 +01:00
|
|
|
|
/* Get the data from ‘aux->values’ corresponding to the next lowest 1-bit
|
|
|
|
|
|
* in ‘aux->map’, given that ‘aux->values’ points to an array of 64-bit
|
|
|
|
|
|
* words corresponding to the 1-bits in ‘aux->fmap’, starting from the
|
|
|
|
|
|
* rightmost 1-bit.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Returns ’true’ if the traversal is incomplete, ‘false’ otherwise.
|
|
|
|
|
|
* ‘aux’ is prepared for the next iteration after each call.
|
|
|
|
|
|
*
|
|
|
|
|
|
* This is used to traverse through, for example, the values in a miniflow
|
|
|
|
|
|
* representation of a flow key selected by non-zero 64-bit words in a
|
|
|
|
|
|
* corresponding subtable mask. */
|
2014-10-07 12:59:14 -07:00
|
|
|
|
static inline bool
|
2015-07-17 15:18:43 -07:00
|
|
|
|
mf_get_next_in_map(struct mf_for_each_in_map_aux *aux,
|
|
|
|
|
|
uint64_t *value)
|
2014-10-07 12:59:14 -07:00
|
|
|
|
{
|
2015-08-25 13:55:03 -07:00
|
|
|
|
map_t *map, *fmap;
|
|
|
|
|
|
map_t rm1bit;
|
|
|
|
|
|
|
2016-10-18 17:31:42 +01:00
|
|
|
|
/* Skip empty map units. */
|
2015-08-25 13:55:03 -07:00
|
|
|
|
while (OVS_UNLIKELY(!*(map = &aux->map.bits[aux->unit]))) {
|
2016-10-18 17:31:42 +01:00
|
|
|
|
/* Skip remaining data in the current unit before advancing
|
|
|
|
|
|
* to the next. */
|
2015-08-25 13:55:03 -07:00
|
|
|
|
aux->values += count_1bits(aux->fmap.bits[aux->unit]);
|
|
|
|
|
|
if (++aux->unit == FLOWMAP_UNITS) {
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2015-07-17 15:18:43 -07:00
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
rm1bit = rightmost_1bit(*map);
|
|
|
|
|
|
*map -= rm1bit;
|
|
|
|
|
|
fmap = &aux->fmap.bits[aux->unit];
|
2014-10-07 12:59:14 -07:00
|
|
|
|
|
2016-10-18 17:31:42 +01:00
|
|
|
|
/* If the rightmost 1-bit found from the current unit in ‘aux->map’
|
|
|
|
|
|
* (‘rm1bit’) is also present in ‘aux->fmap’, store the corresponding
|
|
|
|
|
|
* value from ‘aux->values’ to ‘*value', otherwise store 0. */
|
2015-08-25 13:55:03 -07:00
|
|
|
|
if (OVS_LIKELY(*fmap & rm1bit)) {
|
2016-10-18 17:31:42 +01:00
|
|
|
|
/* Skip all 64-bit words in ‘values’ preceding the one corresponding
|
|
|
|
|
|
* to ‘rm1bit’. */
|
2015-08-25 13:55:03 -07:00
|
|
|
|
map_t trash = *fmap & (rm1bit - 1);
|
2015-07-17 15:18:43 -07:00
|
|
|
|
|
2016-10-18 17:31:41 +01:00
|
|
|
|
/* Avoid resetting 'fmap' and calling count_1bits() when trash is
|
|
|
|
|
|
* zero. */
|
|
|
|
|
|
if (trash) {
|
|
|
|
|
|
*fmap -= trash;
|
|
|
|
|
|
aux->values += count_1bits(trash);
|
|
|
|
|
|
}
|
2015-07-17 15:18:43 -07:00
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
*value = *aux->values;
|
|
|
|
|
|
} else {
|
|
|
|
|
|
*value = 0;
|
2014-04-18 08:26:56 -07:00
|
|
|
|
}
|
2015-08-25 13:55:03 -07:00
|
|
|
|
return true;
|
2014-04-18 08:26:56 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* Iterate through miniflow u64 values specified by 'FLOWMAP'. */
|
|
|
|
|
|
#define MINIFLOW_FOR_EACH_IN_FLOWMAP(VALUE, FLOW, FLOWMAP) \
|
2015-07-17 15:18:43 -07:00
|
|
|
|
for (struct mf_for_each_in_map_aux aux__ = \
|
2015-08-25 13:55:03 -07:00
|
|
|
|
{ 0, (FLOW)->map, (FLOWMAP), miniflow_get_values(FLOW) }; \
|
2015-07-17 15:18:43 -07:00
|
|
|
|
mf_get_next_in_map(&aux__, &(VALUE));)
|
2014-04-18 08:26:56 -07:00
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* This can be used when it is known that 'idx' is set in 'map'. */
|
2015-07-17 15:18:43 -07:00
|
|
|
|
static inline const uint64_t *
|
2015-08-25 13:55:03 -07:00
|
|
|
|
miniflow_values_get__(const uint64_t *values, map_t map, size_t idx)
|
2014-11-26 15:17:26 -08:00
|
|
|
|
{
|
2015-08-25 13:55:03 -07:00
|
|
|
|
return values + count_1bits(map & ((MAP_1 << idx) - 1));
|
2014-11-26 15:17:26 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
2015-01-06 11:10:42 -08:00
|
|
|
|
/* This can be used when it is known that 'u64_idx' is set in
|
2014-11-26 15:17:26 -08:00
|
|
|
|
* the map of 'mf'. */
|
2015-07-17 15:18:43 -07:00
|
|
|
|
static inline const uint64_t *
|
2015-08-25 13:55:03 -07:00
|
|
|
|
miniflow_get__(const struct miniflow *mf, size_t idx)
|
|
|
|
|
|
{
|
|
|
|
|
|
const uint64_t *values = miniflow_get_values(mf);
|
|
|
|
|
|
const map_t *map = mf->map.bits;
|
|
|
|
|
|
|
|
|
|
|
|
while (idx >= MAP_T_BITS) {
|
|
|
|
|
|
idx -= MAP_T_BITS;
|
|
|
|
|
|
values += count_1bits(*map++);
|
|
|
|
|
|
}
|
|
|
|
|
|
return miniflow_values_get__(values, *map, idx);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#define MINIFLOW_IN_MAP(MF, IDX) flowmap_is_set(&(MF)->map, IDX)
|
|
|
|
|
|
|
|
|
|
|
|
/* Get the value of the struct flow 'FIELD' as up to 8 byte wide integer type
|
|
|
|
|
|
* 'TYPE' from miniflow 'MF'. */
|
|
|
|
|
|
#define MINIFLOW_GET_TYPE(MF, TYPE, FIELD) \
|
2018-03-19 21:34:26 -07:00
|
|
|
|
(BUILD_ASSERT(sizeof(TYPE) == sizeof(((struct flow *)0)->FIELD)), \
|
|
|
|
|
|
BUILD_ASSERT_GCCONLY(__builtin_types_compatible_p(TYPE, typeof(((struct flow *)0)->FIELD))), \
|
|
|
|
|
|
MINIFLOW_GET_TYPE__(MF, TYPE, FIELD))
|
|
|
|
|
|
|
|
|
|
|
|
/* Like MINIFLOW_GET_TYPE, but without checking that TYPE is the correct width
|
|
|
|
|
|
* for FIELD. (This is useful for deliberately reading adjacent fields in one
|
|
|
|
|
|
* go.) */
|
|
|
|
|
|
#define MINIFLOW_GET_TYPE__(MF, TYPE, FIELD) \
|
2015-08-25 13:55:03 -07:00
|
|
|
|
(MINIFLOW_IN_MAP(MF, FLOW_U64_OFFSET(FIELD)) \
|
|
|
|
|
|
? ((OVS_FORCE const TYPE *)miniflow_get__(MF, FLOW_U64_OFFSET(FIELD))) \
|
|
|
|
|
|
[FLOW_U64_OFFREM(FIELD) / sizeof(TYPE)] \
|
2015-07-17 15:18:43 -07:00
|
|
|
|
: 0)
|
2014-04-29 15:50:38 -07:00
|
|
|
|
|
2015-11-11 11:39:49 -08:00
|
|
|
|
#define MINIFLOW_GET_U128(FLOW, FIELD) \
|
|
|
|
|
|
(ovs_u128) { .u64 = { \
|
|
|
|
|
|
(MINIFLOW_IN_MAP(FLOW, FLOW_U64_OFFSET(FIELD)) ? \
|
|
|
|
|
|
*miniflow_get__(FLOW, FLOW_U64_OFFSET(FIELD)) : 0), \
|
|
|
|
|
|
(MINIFLOW_IN_MAP(FLOW, FLOW_U64_OFFSET(FIELD) + 1) ? \
|
|
|
|
|
|
*miniflow_get__(FLOW, FLOW_U64_OFFSET(FIELD) + 1) : 0) } }
|
Add connection tracking label support.
This patch adds a new 128-bit metadata field to the connection tracking
interface. When a label is specified as part of the ct action and the
connection is committed, the value is saved with the current connection.
Subsequent ct lookups with the table specified will expose this metadata
as the "ct_label" field in the flow.
For example, to allow new TCP connections from port 1->2 and only allow
established connections from port 2->1, and to associate a label with
those connections:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2
table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1)
table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
#define MINIFLOW_GET_U8(FLOW, FIELD) \
|
|
|
|
|
|
MINIFLOW_GET_TYPE(FLOW, uint8_t, FIELD)
|
|
|
|
|
|
#define MINIFLOW_GET_U16(FLOW, FIELD) \
|
|
|
|
|
|
MINIFLOW_GET_TYPE(FLOW, uint16_t, FIELD)
|
|
|
|
|
|
#define MINIFLOW_GET_BE16(FLOW, FIELD) \
|
|
|
|
|
|
MINIFLOW_GET_TYPE(FLOW, ovs_be16, FIELD)
|
|
|
|
|
|
#define MINIFLOW_GET_U32(FLOW, FIELD) \
|
|
|
|
|
|
MINIFLOW_GET_TYPE(FLOW, uint32_t, FIELD)
|
|
|
|
|
|
#define MINIFLOW_GET_BE32(FLOW, FIELD) \
|
|
|
|
|
|
MINIFLOW_GET_TYPE(FLOW, ovs_be32, FIELD)
|
|
|
|
|
|
#define MINIFLOW_GET_U64(FLOW, FIELD) \
|
|
|
|
|
|
MINIFLOW_GET_TYPE(FLOW, uint64_t, FIELD)
|
|
|
|
|
|
#define MINIFLOW_GET_BE64(FLOW, FIELD) \
|
|
|
|
|
|
MINIFLOW_GET_TYPE(FLOW, ovs_be64, FIELD)
|
2015-01-06 11:10:42 -08:00
|
|
|
|
|
|
|
|
|
|
static inline uint64_t miniflow_get(const struct miniflow *,
|
|
|
|
|
|
unsigned int u64_ofs);
|
|
|
|
|
|
static inline uint32_t miniflow_get_u32(const struct miniflow *,
|
|
|
|
|
|
unsigned int u32_ofs);
|
|
|
|
|
|
static inline ovs_be32 miniflow_get_be32(const struct miniflow *,
|
|
|
|
|
|
unsigned int be32_ofs);
|
2017-03-01 17:47:59 -05:00
|
|
|
|
static inline uint16_t miniflow_get_vid(const struct miniflow *, size_t);
|
2014-04-18 08:26:56 -07:00
|
|
|
|
static inline uint16_t miniflow_get_tcp_flags(const struct miniflow *);
|
2013-09-25 15:07:21 -07:00
|
|
|
|
static inline ovs_be64 miniflow_get_metadata(const struct miniflow *);
|
2018-03-19 22:00:34 -07:00
|
|
|
|
static inline uint64_t miniflow_get_tun_metadata_present_map(
|
|
|
|
|
|
const struct miniflow *);
|
|
|
|
|
|
static inline uint32_t miniflow_get_recirc_id(const struct miniflow *);
|
|
|
|
|
|
static inline uint32_t miniflow_get_dp_hash(const struct miniflow *);
|
|
|
|
|
|
static inline ovs_be32 miniflow_get_ports(const struct miniflow *);
|
2012-09-04 12:43:53 -07:00
|
|
|
|
|
|
|
|
|
|
bool miniflow_equal(const struct miniflow *a, const struct miniflow *b);
|
|
|
|
|
|
bool miniflow_equal_in_minimask(const struct miniflow *a,
|
|
|
|
|
|
const struct miniflow *b,
|
|
|
|
|
|
const struct minimask *);
|
|
|
|
|
|
bool miniflow_equal_flow_in_minimask(const struct miniflow *a,
|
|
|
|
|
|
const struct flow *b,
|
|
|
|
|
|
const struct minimask *);
|
2014-04-18 08:26:57 -07:00
|
|
|
|
uint32_t miniflow_hash_5tuple(const struct miniflow *flow, uint32_t basis);
|
2013-12-20 08:16:31 -08:00
|
|
|
|
|
2012-09-04 12:43:53 -07:00
|
|
|
|
�
|
|
|
|
|
|
/* Compressed flow wildcards. */
|
|
|
|
|
|
|
|
|
|
|
|
/* A sparse representation of a "struct flow_wildcards".
|
|
|
|
|
|
*
|
2013-12-20 08:16:31 -08:00
|
|
|
|
* See the large comment on struct miniflow for details.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Note: While miniflow can have zero data for a 1-bit in the map,
|
|
|
|
|
|
* a minimask may not! We rely on this in the implementation. */
|
2012-09-04 12:43:53 -07:00
|
|
|
|
struct minimask {
|
|
|
|
|
|
struct miniflow masks;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2015-07-15 13:17:01 -07:00
|
|
|
|
void minimask_init(struct minimask *, const struct flow_wildcards *);
|
2015-07-15 13:17:01 -07:00
|
|
|
|
struct minimask * minimask_create(const struct flow_wildcards *);
|
2012-09-04 12:43:53 -07:00
|
|
|
|
void minimask_combine(struct minimask *dst,
|
|
|
|
|
|
const struct minimask *a, const struct minimask *b,
|
2015-01-06 11:10:42 -08:00
|
|
|
|
uint64_t storage[FLOW_U64S]);
|
2012-09-04 12:43:53 -07:00
|
|
|
|
|
|
|
|
|
|
void minimask_expand(const struct minimask *, struct flow_wildcards *);
|
|
|
|
|
|
|
2015-01-06 11:10:42 -08:00
|
|
|
|
static inline uint32_t minimask_get_u32(const struct minimask *,
|
|
|
|
|
|
unsigned int u32_ofs);
|
|
|
|
|
|
static inline ovs_be32 minimask_get_be32(const struct minimask *,
|
|
|
|
|
|
unsigned int be32_ofs);
|
2017-03-01 17:47:59 -05:00
|
|
|
|
static inline uint16_t minimask_get_vid_mask(const struct minimask *, size_t);
|
2013-09-25 15:07:21 -07:00
|
|
|
|
static inline ovs_be64 minimask_get_metadata_mask(const struct minimask *);
|
2012-09-04 12:43:53 -07:00
|
|
|
|
|
|
|
|
|
|
bool minimask_equal(const struct minimask *a, const struct minimask *b);
|
|
|
|
|
|
bool minimask_has_extra(const struct minimask *, const struct minimask *);
|
2014-04-29 15:50:38 -07:00
|
|
|
|
|
2014-04-29 15:50:39 -07:00
|
|
|
|
�
|
2014-04-29 15:50:38 -07:00
|
|
|
|
/* Returns true if 'mask' matches every packet, false if 'mask' fixes any bits
|
|
|
|
|
|
* or fields. */
|
|
|
|
|
|
static inline bool
|
|
|
|
|
|
minimask_is_catchall(const struct minimask *mask)
|
|
|
|
|
|
{
|
|
|
|
|
|
/* For every 1-bit in mask's map, the corresponding value is non-zero,
|
|
|
|
|
|
* so the only way the mask can not fix any bits or fields is for the
|
|
|
|
|
|
* map the be zero. */
|
2015-08-25 13:55:03 -07:00
|
|
|
|
return flowmap_is_empty(mask->masks.map);
|
2014-04-29 15:50:38 -07:00
|
|
|
|
}
|
2014-04-29 15:50:38 -07:00
|
|
|
|
|
2015-01-06 11:10:42 -08:00
|
|
|
|
/* Returns the uint64_t that would be at byte offset '8 * u64_ofs' if 'flow'
|
|
|
|
|
|
* were expanded into a "struct flow". */
|
|
|
|
|
|
static inline uint64_t miniflow_get(const struct miniflow *flow,
|
|
|
|
|
|
unsigned int u64_ofs)
|
|
|
|
|
|
{
|
2015-08-25 13:55:03 -07:00
|
|
|
|
return MINIFLOW_IN_MAP(flow, u64_ofs) ? *miniflow_get__(flow, u64_ofs) : 0;
|
2015-01-06 11:10:42 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline uint32_t miniflow_get_u32(const struct miniflow *flow,
|
|
|
|
|
|
unsigned int u32_ofs)
|
|
|
|
|
|
{
|
|
|
|
|
|
uint64_t value = miniflow_get(flow, u32_ofs / 2);
|
|
|
|
|
|
|
|
|
|
|
|
#if WORDS_BIGENDIAN
|
|
|
|
|
|
return (u32_ofs & 1) ? value : value >> 32;
|
|
|
|
|
|
#else
|
|
|
|
|
|
return (u32_ofs & 1) ? value >> 32 : value;
|
|
|
|
|
|
#endif
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline ovs_be32 miniflow_get_be32(const struct miniflow *flow,
|
|
|
|
|
|
unsigned int be32_ofs)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (OVS_FORCE ovs_be32)miniflow_get_u32(flow, be32_ofs);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-04-18 08:26:56 -07:00
|
|
|
|
/* Returns the VID within the vlan_tci member of the "struct flow" represented
|
|
|
|
|
|
* by 'flow'. */
|
|
|
|
|
|
static inline uint16_t
|
2017-03-01 17:47:59 -05:00
|
|
|
|
miniflow_get_vid(const struct miniflow *flow, size_t n)
|
2014-04-18 08:26:56 -07:00
|
|
|
|
{
|
2017-03-01 17:47:59 -05:00
|
|
|
|
if (n < FLOW_MAX_VLAN_HEADERS) {
|
|
|
|
|
|
union flow_vlan_hdr hdr = {
|
2018-03-19 21:34:26 -07:00
|
|
|
|
.qtag = MINIFLOW_GET_BE32(flow, vlans[n].qtag)
|
2017-03-01 17:47:59 -05:00
|
|
|
|
};
|
|
|
|
|
|
return vlan_tci_to_vid(hdr.tci);
|
|
|
|
|
|
}
|
|
|
|
|
|
return 0;
|
2014-04-18 08:26:56 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2015-01-06 11:10:42 -08:00
|
|
|
|
/* Returns the uint32_t that would be at byte offset '4 * u32_ofs' if 'mask'
|
|
|
|
|
|
* were expanded into a "struct flow_wildcards". */
|
|
|
|
|
|
static inline uint32_t
|
|
|
|
|
|
minimask_get_u32(const struct minimask *mask, unsigned int u32_ofs)
|
|
|
|
|
|
{
|
|
|
|
|
|
return miniflow_get_u32(&mask->masks, u32_ofs);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline ovs_be32
|
|
|
|
|
|
minimask_get_be32(const struct minimask *mask, unsigned int be32_ofs)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (OVS_FORCE ovs_be32)minimask_get_u32(mask, be32_ofs);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-04-18 08:26:56 -07:00
|
|
|
|
/* Returns the VID mask within the vlan_tci member of the "struct
|
|
|
|
|
|
* flow_wildcards" represented by 'mask'. */
|
|
|
|
|
|
static inline uint16_t
|
2017-03-01 17:47:59 -05:00
|
|
|
|
minimask_get_vid_mask(const struct minimask *mask, size_t n)
|
2014-04-18 08:26:56 -07:00
|
|
|
|
{
|
2017-03-01 17:47:59 -05:00
|
|
|
|
return miniflow_get_vid(&mask->masks, n);
|
2014-04-18 08:26:56 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Returns the value of the "tcp_flags" field in 'flow'. */
|
|
|
|
|
|
static inline uint16_t
|
|
|
|
|
|
miniflow_get_tcp_flags(const struct miniflow *flow)
|
|
|
|
|
|
{
|
2014-04-29 15:50:38 -07:00
|
|
|
|
return ntohs(MINIFLOW_GET_BE16(flow, tcp_flags));
|
2014-04-18 08:26:56 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2013-09-25 15:07:21 -07:00
|
|
|
|
/* Returns the value of the OpenFlow 1.1+ "metadata" field in 'flow'. */
|
|
|
|
|
|
static inline ovs_be64
|
|
|
|
|
|
miniflow_get_metadata(const struct miniflow *flow)
|
|
|
|
|
|
{
|
2015-01-06 11:10:42 -08:00
|
|
|
|
return MINIFLOW_GET_BE64(flow, metadata);
|
2013-09-25 15:07:21 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2018-03-19 22:00:34 -07:00
|
|
|
|
/* Returns the bitmap that indicates which tunnel metadata fields are present
|
|
|
|
|
|
* in 'flow'. */
|
|
|
|
|
|
static inline uint64_t
|
|
|
|
|
|
miniflow_get_tun_metadata_present_map(const struct miniflow *flow)
|
|
|
|
|
|
{
|
|
|
|
|
|
return MINIFLOW_GET_U64(flow, tunnel.metadata.present.map);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Returns the recirc_id in 'flow.' */
|
|
|
|
|
|
static inline uint32_t
|
|
|
|
|
|
miniflow_get_recirc_id(const struct miniflow *flow)
|
|
|
|
|
|
{
|
|
|
|
|
|
return MINIFLOW_GET_U32(flow, recirc_id);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Returns the dp_hash in 'flow.' */
|
|
|
|
|
|
static inline uint32_t
|
|
|
|
|
|
miniflow_get_dp_hash(const struct miniflow *flow)
|
|
|
|
|
|
{
|
|
|
|
|
|
return MINIFLOW_GET_U32(flow, dp_hash);
|
|
|
|
|
|
}
|
2018-03-19 21:34:26 -07:00
|
|
|
|
|
|
|
|
|
|
/* Returns the 'tp_src' and 'tp_dst' fields together as one piece of data. */
|
|
|
|
|
|
static inline ovs_be32
|
|
|
|
|
|
miniflow_get_ports(const struct miniflow *flow)
|
|
|
|
|
|
{
|
|
|
|
|
|
return MINIFLOW_GET_TYPE__(flow, ovs_be32, tp_src);
|
|
|
|
|
|
}
|
2018-03-19 22:00:34 -07:00
|
|
|
|
|
2013-09-25 15:07:21 -07:00
|
|
|
|
/* Returns the mask for the OpenFlow 1.1+ "metadata" field in 'mask'.
|
|
|
|
|
|
*
|
|
|
|
|
|
* The return value is all-1-bits if 'mask' matches on the whole value of the
|
|
|
|
|
|
* metadata field, all-0-bits if 'mask' entirely wildcards the metadata field,
|
|
|
|
|
|
* or some other value if the metadata field is partially matched, partially
|
|
|
|
|
|
* wildcarded. */
|
|
|
|
|
|
static inline ovs_be64
|
|
|
|
|
|
minimask_get_metadata_mask(const struct minimask *mask)
|
|
|
|
|
|
{
|
2015-01-06 11:10:42 -08:00
|
|
|
|
return MINIFLOW_GET_BE64(&mask->masks, metadata);
|
2013-09-25 15:07:21 -07:00
|
|
|
|
}
|
2012-08-07 13:43:18 -07:00
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* Perform a bitwise OR of miniflow 'src' flow data specified in 'subset' with
|
|
|
|
|
|
* the equivalent fields in 'dst', storing the result in 'dst'. 'subset' must
|
|
|
|
|
|
* be a subset of 'src's map. */
|
2014-04-29 15:50:38 -07:00
|
|
|
|
static inline void
|
2015-08-25 13:55:03 -07:00
|
|
|
|
flow_union_with_miniflow_subset(struct flow *dst, const struct miniflow *src,
|
|
|
|
|
|
struct flowmap subset)
|
2014-04-29 15:50:38 -07:00
|
|
|
|
{
|
2015-01-06 11:10:42 -08:00
|
|
|
|
uint64_t *dst_u64 = (uint64_t *) dst;
|
2015-07-16 17:42:24 -07:00
|
|
|
|
const uint64_t *p = miniflow_get_values(src);
|
2015-08-25 13:55:03 -07:00
|
|
|
|
map_t map;
|
2014-04-29 15:50:38 -07:00
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
FLOWMAP_FOR_EACH_MAP (map, subset) {
|
|
|
|
|
|
size_t idx;
|
|
|
|
|
|
|
|
|
|
|
|
MAP_FOR_EACH_INDEX(idx, map) {
|
|
|
|
|
|
dst_u64[idx] |= *p++;
|
|
|
|
|
|
}
|
|
|
|
|
|
dst_u64 += MAP_T_BITS;
|
2014-04-29 15:50:38 -07:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-08-25 13:55:03 -07:00
|
|
|
|
/* Perform a bitwise OR of miniflow 'src' flow data with the equivalent
|
|
|
|
|
|
* fields in 'dst', storing the result in 'dst'. */
|
|
|
|
|
|
static inline void
|
|
|
|
|
|
flow_union_with_miniflow(struct flow *dst, const struct miniflow *src)
|
|
|
|
|
|
{
|
|
|
|
|
|
flow_union_with_miniflow_subset(dst, src, src->map);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-03-08 17:18:23 -08:00
|
|
|
|
static inline bool is_ct_valid(const struct flow *flow,
|
|
|
|
|
|
const struct flow_wildcards *mask,
|
|
|
|
|
|
struct flow_wildcards *wc)
|
|
|
|
|
|
{
|
|
|
|
|
|
/* Matches are checked with 'mask' and without 'wc'. */
|
|
|
|
|
|
if (mask && !wc) {
|
|
|
|
|
|
/* Must match at least one of the bits that implies a valid
|
|
|
|
|
|
* conntrack entry, or an explicit not-invalid. */
|
|
|
|
|
|
return flow->ct_state & (CS_NEW | CS_ESTABLISHED | CS_RELATED
|
|
|
|
|
|
| CS_REPLY_DIR | CS_SRC_NAT | CS_DST_NAT)
|
|
|
|
|
|
|| (flow->ct_state & CS_TRACKED
|
|
|
|
|
|
&& mask->masks.ct_state & CS_INVALID
|
|
|
|
|
|
&& !(flow->ct_state & CS_INVALID));
|
|
|
|
|
|
}
|
|
|
|
|
|
/* Else we are checking a fully extracted flow, where valid CT state always
|
|
|
|
|
|
* has either 'new', 'established', or 'reply_dir' bit set. */
|
|
|
|
|
|
#define CS_VALID_MASK (CS_NEW | CS_ESTABLISHED | CS_REPLY_DIR)
|
|
|
|
|
|
if (wc) {
|
|
|
|
|
|
wc->masks.ct_state |= CS_VALID_MASK;
|
|
|
|
|
|
}
|
|
|
|
|
|
return flow->ct_state & CS_VALID_MASK;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-02-22 03:21:09 -08:00
|
|
|
|
static inline void
|
|
|
|
|
|
pkt_metadata_from_flow(struct pkt_metadata *md, const struct flow *flow)
|
|
|
|
|
|
{
|
2017-03-08 17:18:23 -08:00
|
|
|
|
/* Update this function whenever struct flow changes. */
|
2019-11-25 11:19:23 -08:00
|
|
|
|
BUILD_ASSERT_DECL(FLOW_WC_SEQ == 42);
|
2017-03-08 17:18:23 -08:00
|
|
|
|
|
2015-02-22 03:21:09 -08:00
|
|
|
|
md->recirc_id = flow->recirc_id;
|
|
|
|
|
|
md->dp_hash = flow->dp_hash;
|
2015-08-25 13:55:03 -07:00
|
|
|
|
flow_tnl_copy__(&md->tunnel, &flow->tunnel);
|
2015-02-22 03:21:09 -08:00
|
|
|
|
md->skb_priority = flow->skb_priority;
|
|
|
|
|
|
md->pkt_mark = flow->pkt_mark;
|
|
|
|
|
|
md->in_port = flow->in_port;
|
Add support for connection tracking.
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
|
|
|
|
md->ct_state = flow->ct_state;
|
|
|
|
|
|
md->ct_zone = flow->ct_zone;
|
Add connection tracking mark support.
This patch adds a new 32-bit metadata field to the connection tracking
interface. When a mark is specified as part of the ct action and the
connection is committed, the value is saved with the current connection.
Subsequent ct lookups with the table specified will expose this metadata
as the "ct_mark" field in the flow.
For example, to allow new TCP connections from port 1->2 and only allow
established connections from port 2->1, and to associate a mark with those
connections:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2
table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1)
table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
|
|
|
|
md->ct_mark = flow->ct_mark;
|
Add connection tracking label support.
This patch adds a new 128-bit metadata field to the connection tracking
interface. When a label is specified as part of the ct action and the
connection is committed, the value is saved with the current connection.
Subsequent ct lookups with the table specified will expose this metadata
as the "ct_label" field in the flow.
For example, to allow new TCP connections from port 1->2 and only allow
established connections from port 2->1, and to associate a label with
those connections:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2
table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1)
table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
|
|
|
|
md->ct_label = flow->ct_label;
|
2017-03-08 17:18:23 -08:00
|
|
|
|
|
|
|
|
|
|
md->ct_orig_tuple_ipv6 = false;
|
2017-10-25 23:33:03 +05:30
|
|
|
|
if (flow->dl_type && is_ct_valid(flow, NULL, NULL)) {
|
2017-03-08 17:18:23 -08:00
|
|
|
|
if (flow->dl_type == htons(ETH_TYPE_IP)) {
|
|
|
|
|
|
md->ct_orig_tuple.ipv4 = (struct ovs_key_ct_tuple_ipv4) {
|
|
|
|
|
|
flow->ct_nw_src,
|
|
|
|
|
|
flow->ct_nw_dst,
|
|
|
|
|
|
flow->ct_tp_src,
|
|
|
|
|
|
flow->ct_tp_dst,
|
|
|
|
|
|
flow->ct_nw_proto,
|
|
|
|
|
|
};
|
|
|
|
|
|
} else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
|
|
|
|
|
|
md->ct_orig_tuple_ipv6 = true;
|
|
|
|
|
|
md->ct_orig_tuple.ipv6 = (struct ovs_key_ct_tuple_ipv6) {
|
|
|
|
|
|
flow->ct_ipv6_src,
|
|
|
|
|
|
flow->ct_ipv6_dst,
|
|
|
|
|
|
flow->ct_tp_src,
|
|
|
|
|
|
flow->ct_tp_dst,
|
|
|
|
|
|
flow->ct_nw_proto,
|
|
|
|
|
|
};
|
2017-10-25 23:33:03 +05:30
|
|
|
|
} else {
|
|
|
|
|
|
/* Reset ct_orig_tuple for other types. */
|
|
|
|
|
|
memset(&md->ct_orig_tuple, 0, sizeof md->ct_orig_tuple);
|
2017-03-08 17:18:23 -08:00
|
|
|
|
}
|
|
|
|
|
|
} else {
|
|
|
|
|
|
memset(&md->ct_orig_tuple, 0, sizeof md->ct_orig_tuple);
|
|
|
|
|
|
}
|
2014-04-18 08:26:56 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2016-05-24 17:13:29 -07:00
|
|
|
|
/* Often, during translation we need to read a value from a flow('FLOW') and
|
|
|
|
|
|
* unwildcard the corresponding bits in the wildcards('WC'). This macro makes
|
|
|
|
|
|
* it easier to do that. */
|
|
|
|
|
|
|
|
|
|
|
|
#define FLOW_WC_GET_AND_MASK_WC(FLOW, WC, FIELD) \
|
|
|
|
|
|
(((WC) ? WC_MASK_FIELD(WC, FIELD) : NULL), ((FLOW)->FIELD))
|
|
|
|
|
|
|
2017-04-25 16:29:59 +00:00
|
|
|
|
static inline bool is_ethernet(const struct flow *flow,
|
|
|
|
|
|
struct flow_wildcards *wc)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (wc) {
|
|
|
|
|
|
WC_MASK_FIELD(wc, packet_type);
|
|
|
|
|
|
}
|
|
|
|
|
|
return flow->packet_type == htonl(PT_ETH);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-06-23 16:47:57 +00:00
|
|
|
|
static inline ovs_be16 get_dl_type(const struct flow *flow)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (flow->packet_type == htonl(PT_ETH)) {
|
|
|
|
|
|
return flow->dl_type;
|
|
|
|
|
|
} else if (pt_ns(flow->packet_type) == OFPHTN_ETHERTYPE) {
|
|
|
|
|
|
return pt_ns_type_be(flow->packet_type);
|
|
|
|
|
|
} else {
|
|
|
|
|
|
return htons(FLOW_DL_TYPE_NONE);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2016-07-29 16:52:03 -07:00
|
|
|
|
static inline bool is_vlan(const struct flow *flow,
|
|
|
|
|
|
struct flow_wildcards *wc)
|
|
|
|
|
|
{
|
2017-06-23 16:47:57 +00:00
|
|
|
|
if (!is_ethernet(flow, wc)) {
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
2016-07-29 16:52:03 -07:00
|
|
|
|
if (wc) {
|
2017-03-01 17:47:59 -05:00
|
|
|
|
WC_MASK_FIELD_MASK(wc, vlans[0].tci, htons(VLAN_CFI));
|
2016-07-29 16:52:03 -07:00
|
|
|
|
}
|
2017-03-01 17:47:59 -05:00
|
|
|
|
return (flow->vlans[0].tci & htons(VLAN_CFI)) != 0;
|
2016-07-29 16:52:03 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2014-04-18 08:26:56 -07:00
|
|
|
|
static inline bool is_ip_any(const struct flow *flow)
|
|
|
|
|
|
{
|
2017-06-23 16:47:57 +00:00
|
|
|
|
return dl_type_is_ip_any(get_dl_type(flow));
|
2014-04-18 08:26:56 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2016-07-29 16:52:03 -07:00
|
|
|
|
static inline bool is_ip_proto(const struct flow *flow, uint8_t ip_proto,
|
|
|
|
|
|
struct flow_wildcards *wc)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (is_ip_any(flow)) {
|
|
|
|
|
|
if (wc) {
|
|
|
|
|
|
WC_MASK_FIELD(wc, nw_proto);
|
|
|
|
|
|
}
|
|
|
|
|
|
return flow->nw_proto == ip_proto;
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline bool is_tcp(const struct flow *flow,
|
|
|
|
|
|
struct flow_wildcards *wc)
|
|
|
|
|
|
{
|
|
|
|
|
|
return is_ip_proto(flow, IPPROTO_TCP, wc);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline bool is_udp(const struct flow *flow,
|
|
|
|
|
|
struct flow_wildcards *wc)
|
|
|
|
|
|
{
|
|
|
|
|
|
return is_ip_proto(flow, IPPROTO_UDP, wc);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline bool is_sctp(const struct flow *flow,
|
|
|
|
|
|
struct flow_wildcards *wc)
|
|
|
|
|
|
{
|
|
|
|
|
|
return is_ip_proto(flow, IPPROTO_SCTP, wc);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2016-05-08 10:34:10 -07:00
|
|
|
|
static inline bool is_icmpv4(const struct flow *flow,
|
|
|
|
|
|
struct flow_wildcards *wc)
|
2014-04-18 08:26:56 -07:00
|
|
|
|
{
|
2017-06-23 16:47:57 +00:00
|
|
|
|
if (get_dl_type(flow) == htons(ETH_TYPE_IP)) {
|
2016-05-08 10:34:10 -07:00
|
|
|
|
if (wc) {
|
|
|
|
|
|
memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
|
|
|
|
|
|
}
|
|
|
|
|
|
return flow->nw_proto == IPPROTO_ICMP;
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
2014-04-18 08:26:56 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2016-05-08 10:34:10 -07:00
|
|
|
|
static inline bool is_icmpv6(const struct flow *flow,
|
|
|
|
|
|
struct flow_wildcards *wc)
|
2014-04-18 08:26:56 -07:00
|
|
|
|
{
|
2017-06-23 16:47:57 +00:00
|
|
|
|
if (get_dl_type(flow) == htons(ETH_TYPE_IPV6)) {
|
2016-05-08 10:34:10 -07:00
|
|
|
|
if (wc) {
|
|
|
|
|
|
memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
|
|
|
|
|
|
}
|
|
|
|
|
|
return flow->nw_proto == IPPROTO_ICMPV6;
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
2014-04-18 08:26:56 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2016-07-02 11:35:29 -07:00
|
|
|
|
static inline bool is_nd(const struct flow *flow,
|
|
|
|
|
|
struct flow_wildcards *wc)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (is_icmpv6(flow, wc)) {
|
|
|
|
|
|
if (wc) {
|
|
|
|
|
|
memset(&wc->masks.tp_dst, 0xff, sizeof wc->masks.tp_dst);
|
|
|
|
|
|
}
|
|
|
|
|
|
if (flow->tp_dst != htons(0)) {
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (wc) {
|
|
|
|
|
|
memset(&wc->masks.tp_src, 0xff, sizeof wc->masks.tp_src);
|
|
|
|
|
|
}
|
|
|
|
|
|
return (flow->tp_src == htons(ND_NEIGHBOR_SOLICIT) ||
|
|
|
|
|
|
flow->tp_src == htons(ND_NEIGHBOR_ADVERT));
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2018-04-05 12:20:27 +00:00
|
|
|
|
static inline bool is_arp(const struct flow *flow)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (flow->dl_type == htons(ETH_TYPE_ARP));
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline bool is_garp(const struct flow *flow,
|
|
|
|
|
|
struct flow_wildcards *wc)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (is_arp(flow)) {
|
|
|
|
|
|
return (FLOW_WC_GET_AND_MASK_WC(flow, wc, nw_src) ==
|
|
|
|
|
|
FLOW_WC_GET_AND_MASK_WC(flow, wc, nw_dst));
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2016-05-08 10:34:10 -07:00
|
|
|
|
static inline bool is_igmp(const struct flow *flow, struct flow_wildcards *wc)
|
2015-07-01 16:12:12 -03:00
|
|
|
|
{
|
2017-06-23 16:47:57 +00:00
|
|
|
|
if (get_dl_type(flow) == htons(ETH_TYPE_IP)) {
|
2016-05-08 10:34:10 -07:00
|
|
|
|
if (wc) {
|
|
|
|
|
|
memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
|
|
|
|
|
|
}
|
|
|
|
|
|
return flow->nw_proto == IPPROTO_IGMP;
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
2015-07-01 16:12:12 -03:00
|
|
|
|
}
|
|
|
|
|
|
|
2016-05-08 10:34:10 -07:00
|
|
|
|
static inline bool is_mld(const struct flow *flow,
|
|
|
|
|
|
struct flow_wildcards *wc)
|
2015-07-01 16:12:12 -03:00
|
|
|
|
{
|
2016-05-08 10:34:10 -07:00
|
|
|
|
if (is_icmpv6(flow, wc)) {
|
|
|
|
|
|
if (wc) {
|
|
|
|
|
|
memset(&wc->masks.tp_src, 0xff, sizeof wc->masks.tp_src);
|
|
|
|
|
|
}
|
|
|
|
|
|
return (flow->tp_src == htons(MLD_QUERY)
|
|
|
|
|
|
|| flow->tp_src == htons(MLD_REPORT)
|
|
|
|
|
|
|| flow->tp_src == htons(MLD_DONE)
|
|
|
|
|
|
|| flow->tp_src == htons(MLD2_REPORT));
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
2015-07-01 16:12:12 -03:00
|
|
|
|
}
|
|
|
|
|
|
|
2016-05-08 10:34:10 -07:00
|
|
|
|
static inline bool is_mld_query(const struct flow *flow,
|
|
|
|
|
|
struct flow_wildcards *wc)
|
2015-07-01 16:12:12 -03:00
|
|
|
|
{
|
2016-05-08 10:34:10 -07:00
|
|
|
|
if (is_icmpv6(flow, wc)) {
|
|
|
|
|
|
if (wc) {
|
|
|
|
|
|
memset(&wc->masks.tp_src, 0xff, sizeof wc->masks.tp_src);
|
|
|
|
|
|
}
|
|
|
|
|
|
return flow->tp_src == htons(MLD_QUERY);
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
2015-07-01 16:12:12 -03:00
|
|
|
|
}
|
|
|
|
|
|
|
2016-05-08 10:34:10 -07:00
|
|
|
|
static inline bool is_mld_report(const struct flow *flow,
|
|
|
|
|
|
struct flow_wildcards *wc)
|
2015-07-01 16:12:12 -03:00
|
|
|
|
{
|
2016-05-08 10:34:10 -07:00
|
|
|
|
return is_mld(flow, wc) && !is_mld_query(flow, wc);
|
2015-07-01 16:12:12 -03:00
|
|
|
|
}
|
|
|
|
|
|
|
2014-04-24 13:18:18 -07:00
|
|
|
|
static inline bool is_stp(const struct flow *flow)
|
|
|
|
|
|
{
|
2017-06-23 16:47:57 +00:00
|
|
|
|
return (flow->dl_type == htons(FLOW_DL_TYPE_NONE)
|
|
|
|
|
|
&& eth_addr_equals(flow->dl_dst, eth_addr_stp));
|
2014-04-24 13:18:18 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2018-10-03 15:11:20 -07:00
|
|
|
|
/* Returns true if flow->tp_dst equals 'port'. If 'wc' is nonnull, sets
|
|
|
|
|
|
* appropriate bits in wc->masks.tp_dst to account for the test.
|
|
|
|
|
|
*
|
|
|
|
|
|
* The caller must already have ensured that 'flow' is a protocol for which
|
|
|
|
|
|
* tp_dst is relevant. */
|
|
|
|
|
|
static inline bool tp_dst_equals(const struct flow *flow, uint16_t port,
|
|
|
|
|
|
struct flow_wildcards *wc)
|
|
|
|
|
|
{
|
|
|
|
|
|
uint16_t diff = port ^ ntohs(flow->tp_dst);
|
|
|
|
|
|
if (wc) {
|
|
|
|
|
|
if (diff) {
|
|
|
|
|
|
/* Set mask for the most significant mismatching bit. */
|
|
|
|
|
|
int ofs = raw_clz64((uint64_t) diff << 48); /* range [0,15] */
|
|
|
|
|
|
wc->masks.tp_dst |= htons(0x8000 >> ofs);
|
|
|
|
|
|
} else {
|
|
|
|
|
|
/* Must match all bits. */
|
|
|
|
|
|
wc->masks.tp_dst = OVS_BE16_MAX;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return !diff;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2009-07-08 13:19:16 -07:00
|
|
|
|
#endif /* flow.h */
|
