2009-07-08 13:19:16 -07:00
|
|
|
|
/*
|
2016-11-23 23:15:19 -08:00
|
|
|
|
* Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 Nicira, Inc.
|
2009-07-08 13:19:16 -07:00
|
|
|
|
*
|
2009-06-15 15:11:30 -07:00
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
|
* You may obtain a copy of the License at:
|
2009-07-08 13:19:16 -07:00
|
|
|
|
*
|
2009-06-15 15:11:30 -07:00
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
*
|
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
|
* limitations under the License.
|
2009-07-08 13:19:16 -07:00
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
#ifndef ODP_UTIL_H
|
|
|
|
|
|
#define ODP_UTIL_H 1
|
|
|
|
|
|
|
|
|
|
|
|
#include <stdbool.h>
|
2010-05-26 10:37:39 -07:00
|
|
|
|
#include <stddef.h>
|
2009-07-08 13:19:16 -07:00
|
|
|
|
#include <stdint.h>
|
2010-10-11 13:31:35 -07:00
|
|
|
|
#include <string.h>
|
2014-06-13 08:40:00 -07:00
|
|
|
|
#include "flow.h"
|
2010-10-11 13:31:35 -07:00
|
|
|
|
#include "hash.h"
|
2016-07-12 16:37:34 -05:00
|
|
|
|
#include "openvswitch/hmap.h"
|
2016-11-23 23:15:19 -08:00
|
|
|
|
#include "openvswitch/ofp-actions.h"
|
2017-10-03 17:31:34 -07:00
|
|
|
|
#include "openvswitch/uuid.h"
|
2014-08-04 11:11:40 -07:00
|
|
|
|
#include "odp-netlink.h"
|
2009-07-08 13:19:16 -07:00
|
|
|
|
#include "openflow/openflow.h"
|
2010-08-04 10:50:40 -07:00
|
|
|
|
#include "util.h"
|
2009-07-08 13:19:16 -07:00
|
|
|
|
|
|
|
|
|
|
struct ds;
|
2011-10-04 15:30:40 -07:00
|
|
|
|
struct nlattr;
|
2011-01-23 18:44:44 -08:00
|
|
|
|
struct ofpbuf;
|
2012-05-22 10:32:02 -07:00
|
|
|
|
struct simap;
|
2013-12-30 15:58:58 -08:00
|
|
|
|
struct pkt_metadata;
|
2009-07-08 13:19:16 -07:00
|
|
|
|
|
2013-10-09 17:28:05 -07:00
|
|
|
|
#define SLOW_PATH_REASONS \
|
|
|
|
|
|
SPR(SLOW_CFM, "cfm", "Consists of CFM packets") \
|
|
|
|
|
|
SPR(SLOW_BFD, "bfd", "Consists of BFD packets") \
|
|
|
|
|
|
SPR(SLOW_LACP, "lacp", "Consists of LACP packets") \
|
|
|
|
|
|
SPR(SLOW_STP, "stp", "Consists of STP packets") \
|
2017-07-05 15:17:52 -07:00
|
|
|
|
SPR(SLOW_LLDP, "lldp", "Consists of LLDP packets") \
|
2013-10-09 17:28:05 -07:00
|
|
|
|
SPR(SLOW_ACTION, "action", \
|
ofproto-dpif-upcall: Slow path flows that datapath can't fully match.
In the OVS architecture, when a datapath doesn't have a match for a packet,
it sends the packet and the flow that it extracted from it to userspace.
Userspace then examines the packet and the flow and compares them.
Commonly, the flow is the same as what userspace expects, given the packet,
but there are two other possibilities:
- The flow lacks one or more fields that userspace expects to be there,
that is, the datapath doesn't understand or parse them but userspace
does. This is, for example, what would happen if current OVS
userspace, which understands and extracts TCP flags, were to be
paired with an older OVS kernel module, which does not. Internally
OVS uses the name ODP_FIT_TOO_LITTLE for this situation.
- The flow includes fields that userspace does not know about, that is,
the datapath understands and parses them but userspace does not.
This is, for example, what would happen if an old OVS userspace that
does not understand or extract TCP flags, were to be paired with a
recent OVS kernel module that does. Internally, OVS uses the name
ODP_FIT_TOO_MUCH for this situation.
The latter is not a big deal and OVS doesn't have to do much to cope with
it.
The former is more of a problem. When the datapath can't match on all the
fields that OVS supports, it means that OVS can't safely install a flow at
all, other than one that directs packets to the slow path. Otherwise, if
OVS did install a flow, it could match a packet that does not match the
flow that OVS intended to match and could cause the wrong behavior.
Somehow, this nuance was lost a long time. From about 2013 until today,
it seems that OVS has ignored ODP_FIT_TOO_LITTLE. Instead, it happily
installs a flow regardless of whether the datapath can actually fully match
it. I imagine that this is rarely a problem because most of the time
the datapath and userspace are well matched, but it is still an important
problem to fix. This commit fixes it, by forcing flows into the slow path
when the datapath cannot match specifically enough.
CC: Ethan Jackson <ejj@eecs.berkeley.edu>
Fixes: e79a6c833e0d ("ofproto: Handle flow installation and eviction in upcall.")
Reported-by: Huanle Han <hanxueluo@gmail.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-January/343665.html
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-01-24 11:40:19 -08:00
|
|
|
|
"Uses action(s) not supported by datapath") \
|
|
|
|
|
|
SPR(SLOW_MATCH, "match", \
|
|
|
|
|
|
"Datapath can't match specifically enough")
|
2013-10-09 17:28:05 -07:00
|
|
|
|
|
|
|
|
|
|
/* Indexes for slow-path reasons. Client code uses "enum slow_path_reason"
|
|
|
|
|
|
* values instead of these, these are just a way to construct those. */
|
|
|
|
|
|
enum {
|
|
|
|
|
|
#define SPR(ENUM, STRING, EXPLANATION) ENUM##_INDEX,
|
|
|
|
|
|
SLOW_PATH_REASONS
|
|
|
|
|
|
#undef SPR
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2018-01-24 11:40:18 -08:00
|
|
|
|
/* Reasons why a flow might not be fast-pathable.
|
2013-10-09 17:28:05 -07:00
|
|
|
|
*
|
|
|
|
|
|
* Each reason is a separate bit to allow reasons to be combined. */
|
|
|
|
|
|
enum slow_path_reason {
|
|
|
|
|
|
#define SPR(ENUM, STRING, EXPLANATION) ENUM = 1 << ENUM##_INDEX,
|
|
|
|
|
|
SLOW_PATH_REASONS
|
|
|
|
|
|
#undef SPR
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2014-09-05 15:44:20 -07:00
|
|
|
|
/* Mask of all slow_path_reasons. */
|
|
|
|
|
|
enum {
|
|
|
|
|
|
SLOW_PATH_REASON_MASK = 0
|
|
|
|
|
|
#define SPR(ENUM, STRING, EXPLANATION) | 1 << ENUM##_INDEX
|
|
|
|
|
|
SLOW_PATH_REASONS
|
|
|
|
|
|
#undef SPR
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2013-10-09 17:28:05 -07:00
|
|
|
|
const char *slow_path_reason_to_explanation(enum slow_path_reason);
|
|
|
|
|
|
|
2013-06-19 16:58:44 -07:00
|
|
|
|
#define ODPP_LOCAL ODP_PORT_C(OVSP_LOCAL)
|
|
|
|
|
|
#define ODPP_NONE ODP_PORT_C(UINT32_MAX)
|
2011-01-08 16:00:41 -08:00
|
|
|
|
|
2010-12-10 10:40:58 -08:00
|
|
|
|
void format_odp_actions(struct ds *, const struct nlattr *odp_actions,
|
2017-06-18 09:51:57 +08:00
|
|
|
|
size_t actions_len, const struct hmap *portno_names);
|
2012-05-22 10:32:02 -07:00
|
|
|
|
int odp_actions_from_string(const char *, const struct simap *port_names,
|
2011-11-11 15:22:56 -08:00
|
|
|
|
struct ofpbuf *odp_actions);
|
2009-07-08 13:19:16 -07:00
|
|
|
|
|
2013-09-23 22:58:46 -07:00
|
|
|
|
/* A map from odp port number to its name. */
|
|
|
|
|
|
struct odp_portno_names {
|
|
|
|
|
|
struct hmap_node hmap_node; /* A node in a port number to name hmap. */
|
|
|
|
|
|
odp_port_t port_no; /* Port number in the datapath. */
|
|
|
|
|
|
char *name; /* Name associated with the above 'port_no'. */
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
void odp_portno_names_set(struct hmap *portno_names, odp_port_t port_no,
|
|
|
|
|
|
char *port_name);
|
|
|
|
|
|
void odp_portno_names_destroy(struct hmap *portno_names);
|
2017-06-18 09:51:57 +08:00
|
|
|
|
void odp_portno_name_format(const struct hmap *portno_names,
|
|
|
|
|
|
odp_port_t, struct ds *);
|
|
|
|
|
|
|
2012-05-15 12:50:57 -07:00
|
|
|
|
/* The maximum number of bytes that odp_flow_key_from_flow() appends to a
|
|
|
|
|
|
* buffer. This is the upper bound on the length of a nlattr-formatted flow
|
|
|
|
|
|
* key that ovs-vswitchd fully understands.
|
|
|
|
|
|
*
|
|
|
|
|
|
* OVS doesn't insist that ovs-vswitchd and the datapath have exactly the same
|
|
|
|
|
|
* idea of a flow, so therefore this value isn't necessarily an upper bound on
|
|
|
|
|
|
* the length of a flow key that the datapath can pass to ovs-vswitchd.
|
|
|
|
|
|
*
|
|
|
|
|
|
* The longest nlattr-formatted flow key appended by odp_flow_key_from_flow()
|
|
|
|
|
|
* would be:
|
2011-01-23 18:44:44 -08:00
|
|
|
|
*
|
2013-01-20 23:15:07 -08:00
|
|
|
|
* struct pad nl hdr total
|
|
|
|
|
|
* ------ --- ------ -----
|
|
|
|
|
|
* OVS_KEY_ATTR_PRIORITY 4 -- 4 8
|
|
|
|
|
|
* OVS_KEY_ATTR_TUNNEL 0 -- 4 4
|
|
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_ID 8 -- 4 12
|
|
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_IPV4_SRC 4 -- 4 8
|
|
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_IPV4_DST 4 -- 4 8
|
2015-11-25 11:31:11 -02:00
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_IPV6_SRC 16 -- 4 20
|
|
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_IPV6_DST 16 -- 4 20
|
2013-01-20 23:15:07 -08:00
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_TOS 1 3 4 8
|
|
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_TTL 1 3 4 8
|
|
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT 0 -- 4 4
|
|
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_CSUM 0 -- 4 4
|
2014-05-27 21:50:35 -07:00
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_OAM 0 -- 4 4
|
2014-06-05 19:07:32 -07:00
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS 256 -- 4 260
|
2015-02-14 15:13:17 +01:00
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS - -- - - (shared with _GENEVE_OPTS)
|
2013-01-20 23:15:07 -08:00
|
|
|
|
* OVS_KEY_ATTR_IN_PORT 4 -- 4 8
|
|
|
|
|
|
* OVS_KEY_ATTR_SKB_MARK 4 -- 4 8
|
2014-06-12 22:39:51 -07:00
|
|
|
|
* OVS_KEY_ATTR_DP_HASH 4 -- 4 8
|
|
|
|
|
|
* OVS_KEY_ATTR_RECIRC_ID 4 -- 4 8
|
Add support for connection tracking.
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
|
|
|
|
* OVS_KEY_ATTR_CT_STATE 4 -- 4 8
|
|
|
|
|
|
* OVS_KEY_ATTR_CT_ZONE 2 2 4 8
|
Add connection tracking mark support.
This patch adds a new 32-bit metadata field to the connection tracking
interface. When a mark is specified as part of the ct action and the
connection is committed, the value is saved with the current connection.
Subsequent ct lookups with the table specified will expose this metadata
as the "ct_mark" field in the flow.
For example, to allow new TCP connections from port 1->2 and only allow
established connections from port 2->1, and to associate a mark with those
connections:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2
table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1)
table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
|
|
|
|
* OVS_KEY_ATTR_CT_MARK 4 -- 4 8
|
Add connection tracking label support.
This patch adds a new 128-bit metadata field to the connection tracking
interface. When a label is specified as part of the ct action and the
connection is committed, the value is saved with the current connection.
Subsequent ct lookups with the table specified will expose this metadata
as the "ct_label" field in the flow.
For example, to allow new TCP connections from port 1->2 and only allow
established connections from port 2->1, and to associate a label with
those connections:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2
table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1)
table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
|
|
|
|
* OVS_KEY_ATTR_CT_LABEL 16 -- 4 20
|
2017-03-08 17:18:23 -08:00
|
|
|
|
* OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6 40 -- 4 44
|
2017-07-18 21:49:39 -07:00
|
|
|
|
* OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4 - -- - - (exclusive of_CT_ORIG_TUPLE_IPV6)
|
2013-01-20 23:15:07 -08:00
|
|
|
|
* OVS_KEY_ATTR_ETHERNET 12 -- 4 16
|
|
|
|
|
|
* OVS_KEY_ATTR_ETHERTYPE 2 2 4 8 (outer VLAN ethertype)
|
2014-08-06 14:15:52 -07:00
|
|
|
|
* OVS_KEY_ATTR_VLAN 2 2 4 8
|
2013-01-20 23:15:07 -08:00
|
|
|
|
* OVS_KEY_ATTR_ENCAP 0 -- 4 4 (VLAN encapsulation)
|
|
|
|
|
|
* OVS_KEY_ATTR_ETHERTYPE 2 2 4 8 (inner VLAN ethertype)
|
|
|
|
|
|
* OVS_KEY_ATTR_IPV6 40 -- 4 44
|
|
|
|
|
|
* OVS_KEY_ATTR_ICMPV6 2 2 4 8
|
|
|
|
|
|
* OVS_KEY_ATTR_ND 28 -- 4 32
|
|
|
|
|
|
* ----------------------------------------------------------
|
2017-03-08 17:18:23 -08:00
|
|
|
|
* total 616
|
2012-05-15 12:50:57 -07:00
|
|
|
|
*
|
|
|
|
|
|
* We include some slack space in case the calculation isn't quite right or we
|
|
|
|
|
|
* add another field and forget to adjust this value.
|
2011-02-06 22:46:27 -08:00
|
|
|
|
*/
|
2015-11-25 11:31:11 -02:00
|
|
|
|
#define ODPUTIL_FLOW_KEY_BYTES 640
|
2019-11-25 11:19:23 -08:00
|
|
|
|
BUILD_ASSERT_DECL(FLOW_WC_SEQ == 42);
|
2011-02-06 22:46:27 -08:00
|
|
|
|
|
2011-03-02 13:25:10 -08:00
|
|
|
|
/* A buffer with sufficient size and alignment to hold an nlattr-formatted flow
|
|
|
|
|
|
* key. An array of "struct nlattr" might not, in theory, be sufficiently
|
|
|
|
|
|
* aligned because it only contains 16-bit types. */
|
|
|
|
|
|
struct odputil_keybuf {
|
|
|
|
|
|
uint32_t keybuf[DIV_ROUND_UP(ODPUTIL_FLOW_KEY_BYTES, 4)];
|
|
|
|
|
|
};
|
2010-10-11 13:31:35 -07:00
|
|
|
|
|
2016-04-19 18:36:04 -07:00
|
|
|
|
enum odp_key_fitness odp_tun_key_from_attr(const struct nlattr *,
|
2018-12-14 18:16:55 -08:00
|
|
|
|
struct flow_tnl *, char **errorp);
|
2018-01-06 13:47:51 +08:00
|
|
|
|
enum odp_key_fitness odp_nsh_key_from_attr(const struct nlattr *,
|
2018-01-11 13:24:02 +08:00
|
|
|
|
struct ovs_key_nsh *,
|
2018-12-14 18:16:55 -08:00
|
|
|
|
struct ovs_key_nsh *,
|
|
|
|
|
|
char **errorp);
|
2018-01-06 13:47:51 +08:00
|
|
|
|
enum odp_key_fitness odp_nsh_hdr_from_attr(const struct nlattr *,
|
2018-01-11 13:24:02 +08:00
|
|
|
|
struct nsh_hdr *, size_t);
|
2013-06-05 14:28:48 +09:00
|
|
|
|
|
2014-11-12 09:49:22 -08:00
|
|
|
|
int odp_ufid_from_string(const char *s_, ovs_u128 *ufid);
|
2014-09-24 16:26:35 +12:00
|
|
|
|
void odp_format_ufid(const ovs_u128 *ufid, struct ds *);
|
2016-04-19 18:36:04 -07:00
|
|
|
|
|
2013-06-19 07:15:10 +00:00
|
|
|
|
void odp_flow_format(const struct nlattr *key, size_t key_len,
|
|
|
|
|
|
const struct nlattr *mask, size_t mask_len,
|
2013-09-23 22:58:46 -07:00
|
|
|
|
const struct hmap *portno_names, struct ds *,
|
|
|
|
|
|
bool verbose);
|
2011-01-23 18:44:44 -08:00
|
|
|
|
void odp_flow_key_format(const struct nlattr *, size_t, struct ds *);
|
2018-12-14 18:16:55 -08:00
|
|
|
|
int odp_flow_from_string(const char *s, const struct simap *port_names,
|
|
|
|
|
|
struct ofpbuf *, struct ofpbuf *, char **errorp);
|
2010-10-11 13:31:35 -07:00
|
|
|
|
|
2017-03-15 18:39:57 -07:00
|
|
|
|
/* ODP_SUPPORT_FIELD(TYPE, FIELD_NAME, FIELD_DESCRIPTION)
|
|
|
|
|
|
*
|
|
|
|
|
|
* Each 'ODP_SUPPORT_FIELD' defines a member in 'struct odp_support',
|
|
|
|
|
|
* and represents support for related OVS_KEY_ATTR_* fields.
|
|
|
|
|
|
* They are defined as macros to keep 'dpif_show_support()' in sync
|
|
|
|
|
|
* as new fields are added. */
|
|
|
|
|
|
#define ODP_SUPPORT_FIELDS \
|
|
|
|
|
|
/* Maximum number of 802.1q VLAN headers to serialize in a mask. */ \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(size_t, max_vlan_headers, "Max VLAN headers") \
|
|
|
|
|
|
/* Maximum number of MPLS label stack entries to serialise in a mask. */ \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(size_t, max_mpls_depth, "Max MPLS depth") \
|
|
|
|
|
|
/* If this is true, then recirculation fields will always be \
|
|
|
|
|
|
* serialised. */ \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(bool, recirc, "Recirc") \
|
|
|
|
|
|
/* If true, serialise the corresponding OVS_KEY_ATTR_CONN_* field. */ \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(bool, ct_state, "CT state") \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(bool, ct_zone, "CT zone") \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(bool, ct_mark, "CT mark") \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(bool, ct_label, "CT label") \
|
|
|
|
|
|
\
|
|
|
|
|
|
/* If true, it means that the datapath supports the NAT bits in \
|
|
|
|
|
|
* 'ct_state'. The above 'ct_state' member must be true for this \
|
|
|
|
|
|
* to make sense */ \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(bool, ct_state_nat, "CT state NAT") \
|
|
|
|
|
|
\
|
|
|
|
|
|
/* Conntrack original direction tuple matching * supported. */ \
|
2017-06-02 09:38:47 -07:00
|
|
|
|
ODP_SUPPORT_FIELD(bool, ct_orig_tuple, "CT orig tuple") \
|
2019-11-20 11:21:13 -03:00
|
|
|
|
ODP_SUPPORT_FIELD(bool, ct_orig_tuple6, "CT orig tuple for IPv6") \
|
|
|
|
|
|
\
|
|
|
|
|
|
/* If true, it means that the datapath supports the IPv6 Neigh \
|
|
|
|
|
|
* Discovery Extension bits. */ \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(bool, nd_ext, "IPv6 ND Extension")
|
2017-03-15 18:39:57 -07:00
|
|
|
|
|
2015-06-30 16:43:03 -07:00
|
|
|
|
/* Indicates support for various fields. This defines how flows will be
|
|
|
|
|
|
* serialised. */
|
|
|
|
|
|
struct odp_support {
|
2017-03-15 18:39:57 -07:00
|
|
|
|
#define ODP_SUPPORT_FIELD(TYPE, NAME, TITLE) TYPE NAME;
|
|
|
|
|
|
ODP_SUPPORT_FIELDS
|
|
|
|
|
|
#undef ODP_SUPPORT_FIELD
|
2015-06-30 16:43:03 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
2015-06-16 11:15:28 -07:00
|
|
|
|
struct odp_flow_key_parms {
|
|
|
|
|
|
/* The flow and mask to be serialized. In the case of masks, 'flow'
|
|
|
|
|
|
* is used as a template to determine how to interpret 'mask'. For
|
|
|
|
|
|
* example, the 'dl_type' of 'mask' describes the mask, but it doesn't
|
|
|
|
|
|
* indicate whether the other fields should be interpreted as ARP, IPv4,
|
|
|
|
|
|
* IPv6, etc. */
|
|
|
|
|
|
const struct flow *flow;
|
|
|
|
|
|
const struct flow *mask;
|
|
|
|
|
|
|
2015-06-30 16:43:03 -07:00
|
|
|
|
/* Indicates support for various fields. If the datapath supports a field,
|
|
|
|
|
|
* then it will always be serialised. */
|
|
|
|
|
|
struct odp_support support;
|
2015-06-19 13:54:13 -07:00
|
|
|
|
|
2017-03-01 17:47:59 -05:00
|
|
|
|
/* Indicates if we are probing datapath capability. If true, ignore the
|
|
|
|
|
|
* configured flow limits. */
|
|
|
|
|
|
bool probe;
|
|
|
|
|
|
|
2015-06-19 13:54:13 -07:00
|
|
|
|
/* The netlink formatted version of the flow. It is used in cases where
|
|
|
|
|
|
* the mask cannot be constructed from the OVS internal representation
|
|
|
|
|
|
* and needs to see the original form. */
|
|
|
|
|
|
const struct ofpbuf *key_buf;
|
2015-06-16 11:15:28 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
void odp_flow_key_from_flow(const struct odp_flow_key_parms *, struct ofpbuf *);
|
|
|
|
|
|
void odp_flow_key_from_mask(const struct odp_flow_key_parms *, struct ofpbuf *);
|
2011-11-23 10:26:02 -08:00
|
|
|
|
|
2019-12-08 18:09:53 +01:00
|
|
|
|
void odp_flow_key_hash(const void *key, size_t key_len, ovs_u128 *hash);
|
2011-11-23 10:26:02 -08:00
|
|
|
|
|
2013-12-30 15:58:58 -08:00
|
|
|
|
/* Estimated space needed for metadata. */
|
|
|
|
|
|
enum { ODP_KEY_METADATA_SIZE = 9 * 8 };
|
2017-06-02 16:16:17 +00:00
|
|
|
|
void odp_key_from_dp_packet(struct ofpbuf *, const struct dp_packet *);
|
|
|
|
|
|
void odp_key_to_dp_packet(const struct nlattr *key, size_t key_len,
|
|
|
|
|
|
struct dp_packet *md);
|
2013-12-30 15:58:58 -08:00
|
|
|
|
|
2011-11-23 10:26:02 -08:00
|
|
|
|
/* How well a kernel-provided flow key (a sequence of OVS_KEY_ATTR_*
|
|
|
|
|
|
* attributes) matches OVS userspace expectations.
|
|
|
|
|
|
*
|
|
|
|
|
|
* These values are arranged so that greater values are "more important" than
|
|
|
|
|
|
* lesser ones. In particular, a single flow key can fit the descriptions for
|
|
|
|
|
|
* both ODP_FIT_TOO_LITTLE and ODP_FIT_TOO_MUCH. Such a key is treated as
|
|
|
|
|
|
* ODP_FIT_TOO_LITTLE. */
|
|
|
|
|
|
enum odp_key_fitness {
|
|
|
|
|
|
ODP_FIT_PERFECT, /* The key had exactly the fields we expect. */
|
|
|
|
|
|
ODP_FIT_TOO_MUCH, /* The key had fields we don't understand. */
|
|
|
|
|
|
ODP_FIT_TOO_LITTLE, /* The key lacked fields we expected to see. */
|
|
|
|
|
|
ODP_FIT_ERROR, /* The key was invalid. */
|
|
|
|
|
|
};
|
|
|
|
|
|
enum odp_key_fitness odp_flow_key_to_flow(const struct nlattr *, size_t,
|
2018-12-14 18:16:55 -08:00
|
|
|
|
struct flow *, char **errorp);
|
2015-06-19 13:54:13 -07:00
|
|
|
|
enum odp_key_fitness odp_flow_key_to_mask(const struct nlattr *mask_key,
|
|
|
|
|
|
size_t mask_key_len,
|
2015-12-07 17:30:25 -08:00
|
|
|
|
struct flow_wildcards *mask,
|
2018-12-14 18:16:55 -08:00
|
|
|
|
const struct flow *flow,
|
|
|
|
|
|
char **errorp);
|
2017-06-13 18:03:38 +03:00
|
|
|
|
int parse_key_and_mask_to_match(const struct nlattr *key, size_t key_len,
|
|
|
|
|
|
const struct nlattr *mask, size_t mask_len,
|
|
|
|
|
|
struct match *match);
|
2015-06-29 18:01:59 -07:00
|
|
|
|
|
2012-01-16 12:37:44 -08:00
|
|
|
|
const char *odp_key_fitness_to_string(enum odp_key_fitness);
|
2010-10-11 13:31:35 -07:00
|
|
|
|
|
2012-12-14 19:14:54 -08:00
|
|
|
|
void commit_odp_tunnel_action(const struct flow *, struct flow *base,
|
tunnel: make tun_key_to_attr aware of tunnel type.
When there is a flow rule which forwards a packet from geneve
port to another tunnel port, ex: gre, the tun_metadata carried
from the geneve port might affect the outgoing port. For example,
the datapath action from geneve port output to gre port (1) shows:
set(tunnel(tun_id=0x7b,dst=2.2.2.2,ttl=64,
geneve({class=0xffff,type=0,len=4,0x123}),flags(df|key))),1
Where the geneve(...) should not exist.
When using kernel's tunnel port, this triggers an error saying:
"Multiple metadata blocks provided", when there is a rule forwarding
the geneve packet to vxlan/erspan tunnel port. A userspace test case
using geneve and gre also demonstrates the issue.
The patch makes the tun_key_to_attr aware of the tunnel type. So only
the relevant output tunnel's options are set.
Reported-by: Xiaoyan Jin <xiaoyanj@vmware.com>
Signed-off-by: William Tu <u9012063@gmail.com>
Cc: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-05-14 11:46:47 -07:00
|
|
|
|
struct ofpbuf *odp_actions,
|
|
|
|
|
|
const char *tnl_type);
|
2014-09-05 15:44:19 -07:00
|
|
|
|
void commit_masked_set_action(struct ofpbuf *odp_actions,
|
|
|
|
|
|
enum ovs_key_attr key_type, const void *key,
|
|
|
|
|
|
const void *mask, size_t key_size);
|
2013-10-09 17:28:05 -07:00
|
|
|
|
enum slow_path_reason commit_odp_actions(const struct flow *,
|
|
|
|
|
|
struct flow *base,
|
|
|
|
|
|
struct ofpbuf *odp_actions,
|
2014-09-05 16:00:49 -07:00
|
|
|
|
struct flow_wildcards *wc,
|
OF support and translation of generic encap and decap
This commit adds support for the OpenFlow actions generic encap
and decap (as specified in ONF EXT-382) to the OVS control plane.
CLI syntax for encap action with properties:
encap(<header>)
encap(<header>(<prop>=<value>,<tlv>(<class>,<type>,<value>),...))
For example:
encap(ethernet)
encap(nsh(md_type=1))
encap(nsh(md_type=2,tlv(0x1000,10,0x12345678),tlv(0x2000,20,0xfedcba9876543210)))
CLI syntax for decap action:
decap()
decap(packet_type(ns=<pt_ns>,type=<pt_type>))
For example:
decap()
decap(packet_type(ns=0,type=0xfffe))
decap(packet_type(ns=1,type=0x894f))
The first header supported for encap and decap is "ethernet" to convert
packets between packet_type (1,Ethertype) and (0,0).
This commit also implements a skeleton for the translation of generic
encap and decap actions in ofproto-dpif and adds support to encap and
decap an Ethernet header.
In general translation of encap commits pending actions and then rewrites
struct flow in accordance with the new packet type and header. In the
case of encap(ethernet) it suffices to change the packet type from
(1, Ethertype) to (0,0) and set the dl_type accordingly. A new
pending_encap flag in xlate ctx is set to mark that an corresponding
datapath encap action must be triggered at the next commit. In the
case of encap(ethernet) ofproto generetas a push_eth action.
The general case for translation of decap() is to emit a datapath action
to decap the current outermost header and then recirculate the packet
to reparse the inner headers. In the special case of an Ethernet packet,
decap() just changes the packet type from (0,0) to (1, dl_type) without
a need to recirculate. The emission of the pop_eth action for the
datapath is postponed to the next commit.
Hence encap(ethernet) and decap() on an Ethernet packet are OF octions
that only incur a cost in the dataplane when a modifed packet is
actually committed, e.g. because it is sent out. They can freely be
used for normalizing the packet type in the OF pipeline without
degrading performance.
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com>
Signed-off-by: Yi Yang <yi.y.yang@intel.com>
Signed-off-by: Zoltan Balogh <zoltan.balogh@ericsson.com>
Co-authored-by: Zoltan Balogh <zoltan.balogh@ericsson.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2017-08-02 16:04:12 +08:00
|
|
|
|
bool use_masked,
|
2017-08-05 13:41:11 +08:00
|
|
|
|
bool pending_encap,
|
2018-04-05 16:11:03 +02:00
|
|
|
|
bool pending_decap,
|
2017-08-05 13:41:11 +08:00
|
|
|
|
struct ofpbuf *encap_data);
|
2012-05-04 14:52:36 -07:00
|
|
|
|
�
|
2023-06-27 13:48:12 +03:00
|
|
|
|
int odp_vxlan_tun_opts_from_attr(const struct nlattr *tun_attr, ovs_be16 *id,
|
|
|
|
|
|
uint8_t *flags, bool *id_present);
|
|
|
|
|
|
|
2012-05-04 14:52:36 -07:00
|
|
|
|
/* ofproto-dpif interface.
|
|
|
|
|
|
*
|
|
|
|
|
|
* The following types and functions are logically part of ofproto-dpif.
|
|
|
|
|
|
* ofproto-dpif puts values of these types into the flows that it installs in
|
|
|
|
|
|
* the kernel datapath, though, so ovs-dpctl needs to interpret them so that
|
|
|
|
|
|
* it can print flows in a more human-readable manner. */
|
|
|
|
|
|
|
2011-09-28 10:43:07 -07:00
|
|
|
|
enum user_action_cookie_type {
|
|
|
|
|
|
USER_ACTION_COOKIE_UNSPEC,
|
2013-04-22 10:01:14 -07:00
|
|
|
|
USER_ACTION_COOKIE_SFLOW, /* Packet for per-bridge sFlow sampling. */
|
|
|
|
|
|
USER_ACTION_COOKIE_SLOW_PATH, /* Userspace must process this flow. */
|
|
|
|
|
|
USER_ACTION_COOKIE_FLOW_SAMPLE, /* Packet for per-flow sampling. */
|
|
|
|
|
|
USER_ACTION_COOKIE_IPFIX, /* Packet for per-bridge IPFIX sampling. */
|
2017-07-05 15:17:52 -07:00
|
|
|
|
USER_ACTION_COOKIE_CONTROLLER, /* Forward packet to controller. */
|
2011-09-28 10:43:07 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
2016-11-23 11:46:32 -08:00
|
|
|
|
/* user_action_cookie is passed as argument to OVS_ACTION_ATTR_USERSPACE. */
|
2018-01-04 12:37:57 -08:00
|
|
|
|
struct user_action_cookie {
|
2012-05-09 09:36:08 -07:00
|
|
|
|
uint16_t type; /* enum user_action_cookie_type. */
|
2017-10-03 17:31:34 -07:00
|
|
|
|
ofp_port_t ofp_in_port; /* OpenFlow in port, or OFPP_NONE. */
|
|
|
|
|
|
struct uuid ofproto_uuid; /* UUID of ofproto-dpif. */
|
2012-05-09 09:36:08 -07:00
|
|
|
|
|
2018-01-04 12:37:57 -08:00
|
|
|
|
union {
|
|
|
|
|
|
struct {
|
|
|
|
|
|
/* USER_ACTION_COOKIE_SFLOW. */
|
|
|
|
|
|
ovs_be16 vlan_tci; /* Destination VLAN TCI. */
|
|
|
|
|
|
uint32_t output; /* SFL_FLOW_SAMPLE_TYPE 'output' value. */
|
|
|
|
|
|
} sflow;
|
|
|
|
|
|
|
|
|
|
|
|
struct {
|
|
|
|
|
|
/* USER_ACTION_COOKIE_SLOW_PATH. */
|
|
|
|
|
|
uint16_t unused;
|
|
|
|
|
|
uint32_t reason; /* enum slow_path_reason. */
|
|
|
|
|
|
} slow_path;
|
|
|
|
|
|
|
|
|
|
|
|
struct {
|
|
|
|
|
|
/* USER_ACTION_COOKIE_FLOW_SAMPLE. */
|
|
|
|
|
|
uint16_t probability; /* Sampling probability. */
|
|
|
|
|
|
uint32_t collector_set_id; /* ID of IPFIX collector set. */
|
|
|
|
|
|
uint32_t obs_domain_id; /* Observation Domain ID. */
|
|
|
|
|
|
uint32_t obs_point_id; /* Observation Point ID. */
|
|
|
|
|
|
odp_port_t output_odp_port; /* The output odp port. */
|
|
|
|
|
|
enum nx_action_sample_direction direction;
|
|
|
|
|
|
} flow_sample;
|
|
|
|
|
|
|
|
|
|
|
|
struct {
|
|
|
|
|
|
/* USER_ACTION_COOKIE_IPFIX. */
|
|
|
|
|
|
odp_port_t output_odp_port; /* The output odp port. */
|
|
|
|
|
|
} ipfix;
|
2017-07-05 15:17:52 -07:00
|
|
|
|
|
|
|
|
|
|
struct {
|
|
|
|
|
|
/* USER_ACTION_COOKIE_CONTROLLER. */
|
2018-12-26 16:52:23 -08:00
|
|
|
|
uint8_t dont_send; /* Don't send the packet to controller. */
|
|
|
|
|
|
uint8_t continuation; /* Send packet-in as a continuation. */
|
2017-07-05 15:17:52 -07:00
|
|
|
|
uint16_t reason;
|
|
|
|
|
|
uint32_t recirc_id;
|
|
|
|
|
|
ovs_32aligned_be64 rule_cookie;
|
|
|
|
|
|
uint16_t controller_id;
|
|
|
|
|
|
uint16_t max_len;
|
|
|
|
|
|
} controller;
|
2018-01-04 12:37:57 -08:00
|
|
|
|
};
|
2012-05-04 14:52:36 -07:00
|
|
|
|
};
|
2017-10-03 17:31:34 -07:00
|
|
|
|
BUILD_ASSERT_DECL(sizeof(struct user_action_cookie) == 48);
|
2011-09-28 10:43:07 -07:00
|
|
|
|
|
2020-12-21 16:01:04 +01:00
|
|
|
|
int odp_put_userspace_action(uint32_t pid,
|
|
|
|
|
|
const void *userdata, size_t userdata_size,
|
|
|
|
|
|
odp_port_t tunnel_out_port,
|
|
|
|
|
|
bool include_actions,
|
|
|
|
|
|
struct ofpbuf *odp_actions,
|
|
|
|
|
|
size_t *odp_actions_ofs);
|
2012-12-14 19:14:54 -08:00
|
|
|
|
void odp_put_tunnel_action(const struct flow_tnl *tunnel,
|
tunnel: make tun_key_to_attr aware of tunnel type.
When there is a flow rule which forwards a packet from geneve
port to another tunnel port, ex: gre, the tun_metadata carried
from the geneve port might affect the outgoing port. For example,
the datapath action from geneve port output to gre port (1) shows:
set(tunnel(tun_id=0x7b,dst=2.2.2.2,ttl=64,
geneve({class=0xffff,type=0,len=4,0x123}),flags(df|key))),1
Where the geneve(...) should not exist.
When using kernel's tunnel port, this triggers an error saying:
"Multiple metadata blocks provided", when there is a rule forwarding
the geneve packet to vxlan/erspan tunnel port. A userspace test case
using geneve and gre also demonstrates the issue.
The patch makes the tun_key_to_attr aware of the tunnel type. So only
the relevant output tunnel's options are set.
Reported-by: Xiaoyan Jin <xiaoyanj@vmware.com>
Signed-off-by: William Tu <u9012063@gmail.com>
Cc: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-05-14 11:46:47 -07:00
|
|
|
|
struct ofpbuf *odp_actions,
|
|
|
|
|
|
const char *tnl_type);
|
2011-11-28 14:14:23 -08:00
|
|
|
|
|
2014-11-11 11:53:47 -08:00
|
|
|
|
void odp_put_tnl_push_action(struct ofpbuf *odp_actions,
|
|
|
|
|
|
struct ovs_action_push_tnl *data);
|
2017-05-06 15:49:43 +00:00
|
|
|
|
|
|
|
|
|
|
void odp_put_pop_eth_action(struct ofpbuf *odp_actions);
|
|
|
|
|
|
void odp_put_push_eth_action(struct ofpbuf *odp_actions,
|
|
|
|
|
|
const struct eth_addr *eth_src,
|
|
|
|
|
|
const struct eth_addr *eth_dst);
|
|
|
|
|
|
|
2023-06-27 13:48:07 +03:00
|
|
|
|
static inline void odp_decode_gbp_raw(uint32_t gbp_raw,
|
|
|
|
|
|
ovs_be16 *id,
|
|
|
|
|
|
uint8_t *flags)
|
|
|
|
|
|
{
|
|
|
|
|
|
*id = htons(gbp_raw & 0xFFFF);
|
|
|
|
|
|
*flags = (gbp_raw >> 16) & 0xFF;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-06-27 13:48:08 +03:00
|
|
|
|
static inline uint32_t odp_encode_gbp_raw(uint8_t flags, ovs_be16 id)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (flags << 16) | ntohs(id);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-09-18 07:16:02 +03:00
|
|
|
|
struct attr_len_tbl {
|
|
|
|
|
|
int len;
|
|
|
|
|
|
const struct attr_len_tbl *next;
|
|
|
|
|
|
int next_max;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
#define ATTR_LEN_INVALID -1
|
|
|
|
|
|
#define ATTR_LEN_VARIABLE -2
|
|
|
|
|
|
#define ATTR_LEN_NESTED -3
|
|
|
|
|
|
|
|
|
|
|
|
extern const struct attr_len_tbl ovs_flow_key_attr_lens[OVS_KEY_ATTR_MAX + 1];
|
2009-07-08 13:19:16 -07:00
|
|
|
|
#endif /* odp-util.h */
|
