2009-07-08 13:19:16 -07:00
|
|
|
|
/*
|
2016-11-23 23:15:19 -08:00
|
|
|
|
* Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 Nicira, Inc.
|
2009-07-08 13:19:16 -07:00
|
|
|
|
*
|
2009-06-15 15:11:30 -07:00
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
|
* You may obtain a copy of the License at:
|
2009-07-08 13:19:16 -07:00
|
|
|
|
*
|
2009-06-15 15:11:30 -07:00
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
*
|
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
|
* limitations under the License.
|
2009-07-08 13:19:16 -07:00
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
#ifndef ODP_UTIL_H
|
|
|
|
|
|
#define ODP_UTIL_H 1
|
|
|
|
|
|
|
|
|
|
|
|
#include <stdbool.h>
|
2010-05-26 10:37:39 -07:00
|
|
|
|
#include <stddef.h>
|
2009-07-08 13:19:16 -07:00
|
|
|
|
#include <stdint.h>
|
2010-10-11 13:31:35 -07:00
|
|
|
|
#include <string.h>
|
2014-06-13 08:40:00 -07:00
|
|
|
|
#include "flow.h"
|
2010-10-11 13:31:35 -07:00
|
|
|
|
#include "hash.h"
|
2016-07-12 16:37:34 -05:00
|
|
|
|
#include "openvswitch/hmap.h"
|
2016-11-23 23:15:19 -08:00
|
|
|
|
#include "openvswitch/ofp-actions.h"
|
2014-08-04 11:11:40 -07:00
|
|
|
|
#include "odp-netlink.h"
|
2009-07-08 13:19:16 -07:00
|
|
|
|
#include "openflow/openflow.h"
|
2010-08-04 10:50:40 -07:00
|
|
|
|
#include "util.h"
|
2009-07-08 13:19:16 -07:00
|
|
|
|
|
|
|
|
|
|
struct ds;
|
2011-10-04 15:30:40 -07:00
|
|
|
|
struct nlattr;
|
2011-01-23 18:44:44 -08:00
|
|
|
|
struct ofpbuf;
|
2012-05-22 10:32:02 -07:00
|
|
|
|
struct simap;
|
2013-12-30 15:58:58 -08:00
|
|
|
|
struct pkt_metadata;
|
2009-07-08 13:19:16 -07:00
|
|
|
|
|
2013-10-09 17:28:05 -07:00
|
|
|
|
#define SLOW_PATH_REASONS \
|
|
|
|
|
|
/* These reasons are mutually exclusive. */ \
|
|
|
|
|
|
SPR(SLOW_CFM, "cfm", "Consists of CFM packets") \
|
|
|
|
|
|
SPR(SLOW_BFD, "bfd", "Consists of BFD packets") \
|
|
|
|
|
|
SPR(SLOW_LACP, "lacp", "Consists of LACP packets") \
|
|
|
|
|
|
SPR(SLOW_STP, "stp", "Consists of STP packets") \
|
2015-02-20 14:17:10 -05:00
|
|
|
|
SPR(SLOW_LLDP, "lldp", "Consists of LLDP packets") \
|
2013-10-09 17:28:05 -07:00
|
|
|
|
SPR(SLOW_CONTROLLER, "controller", \
|
|
|
|
|
|
"Sends \"packet-in\" messages to the OpenFlow controller") \
|
|
|
|
|
|
SPR(SLOW_ACTION, "action", \
|
|
|
|
|
|
"Uses action(s) not supported by datapath")
|
|
|
|
|
|
|
|
|
|
|
|
/* Indexes for slow-path reasons. Client code uses "enum slow_path_reason"
|
|
|
|
|
|
* values instead of these, these are just a way to construct those. */
|
|
|
|
|
|
enum {
|
|
|
|
|
|
#define SPR(ENUM, STRING, EXPLANATION) ENUM##_INDEX,
|
|
|
|
|
|
SLOW_PATH_REASONS
|
|
|
|
|
|
#undef SPR
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* Reasons why a subfacet might not be fast-pathable.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Each reason is a separate bit to allow reasons to be combined. */
|
|
|
|
|
|
enum slow_path_reason {
|
|
|
|
|
|
#define SPR(ENUM, STRING, EXPLANATION) ENUM = 1 << ENUM##_INDEX,
|
|
|
|
|
|
SLOW_PATH_REASONS
|
|
|
|
|
|
#undef SPR
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2014-09-05 15:44:20 -07:00
|
|
|
|
/* Mask of all slow_path_reasons. */
|
|
|
|
|
|
enum {
|
|
|
|
|
|
SLOW_PATH_REASON_MASK = 0
|
|
|
|
|
|
#define SPR(ENUM, STRING, EXPLANATION) | 1 << ENUM##_INDEX
|
|
|
|
|
|
SLOW_PATH_REASONS
|
|
|
|
|
|
#undef SPR
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2013-10-09 17:28:05 -07:00
|
|
|
|
const char *slow_path_reason_to_explanation(enum slow_path_reason);
|
|
|
|
|
|
|
2013-06-19 16:58:44 -07:00
|
|
|
|
#define ODPP_LOCAL ODP_PORT_C(OVSP_LOCAL)
|
|
|
|
|
|
#define ODPP_NONE ODP_PORT_C(UINT32_MAX)
|
2011-01-08 16:00:41 -08:00
|
|
|
|
|
2010-12-10 10:40:58 -08:00
|
|
|
|
void format_odp_actions(struct ds *, const struct nlattr *odp_actions,
|
2017-06-18 09:51:57 +08:00
|
|
|
|
size_t actions_len, const struct hmap *portno_names);
|
2012-05-22 10:32:02 -07:00
|
|
|
|
int odp_actions_from_string(const char *, const struct simap *port_names,
|
2011-11-11 15:22:56 -08:00
|
|
|
|
struct ofpbuf *odp_actions);
|
2009-07-08 13:19:16 -07:00
|
|
|
|
|
2013-09-23 22:58:46 -07:00
|
|
|
|
/* A map from odp port number to its name. */
|
|
|
|
|
|
struct odp_portno_names {
|
|
|
|
|
|
struct hmap_node hmap_node; /* A node in a port number to name hmap. */
|
|
|
|
|
|
odp_port_t port_no; /* Port number in the datapath. */
|
|
|
|
|
|
char *name; /* Name associated with the above 'port_no'. */
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
void odp_portno_names_set(struct hmap *portno_names, odp_port_t port_no,
|
|
|
|
|
|
char *port_name);
|
|
|
|
|
|
void odp_portno_names_destroy(struct hmap *portno_names);
|
2017-06-18 09:51:57 +08:00
|
|
|
|
void odp_portno_name_format(const struct hmap *portno_names,
|
|
|
|
|
|
odp_port_t, struct ds *);
|
|
|
|
|
|
|
2012-05-15 12:50:57 -07:00
|
|
|
|
/* The maximum number of bytes that odp_flow_key_from_flow() appends to a
|
|
|
|
|
|
* buffer. This is the upper bound on the length of a nlattr-formatted flow
|
|
|
|
|
|
* key that ovs-vswitchd fully understands.
|
|
|
|
|
|
*
|
|
|
|
|
|
* OVS doesn't insist that ovs-vswitchd and the datapath have exactly the same
|
|
|
|
|
|
* idea of a flow, so therefore this value isn't necessarily an upper bound on
|
|
|
|
|
|
* the length of a flow key that the datapath can pass to ovs-vswitchd.
|
|
|
|
|
|
*
|
|
|
|
|
|
* The longest nlattr-formatted flow key appended by odp_flow_key_from_flow()
|
|
|
|
|
|
* would be:
|
2011-01-23 18:44:44 -08:00
|
|
|
|
*
|
2013-01-20 23:15:07 -08:00
|
|
|
|
* struct pad nl hdr total
|
|
|
|
|
|
* ------ --- ------ -----
|
|
|
|
|
|
* OVS_KEY_ATTR_PRIORITY 4 -- 4 8
|
|
|
|
|
|
* OVS_KEY_ATTR_TUNNEL 0 -- 4 4
|
|
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_ID 8 -- 4 12
|
|
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_IPV4_SRC 4 -- 4 8
|
|
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_IPV4_DST 4 -- 4 8
|
2015-11-25 11:31:11 -02:00
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_IPV6_SRC 16 -- 4 20
|
|
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_IPV6_DST 16 -- 4 20
|
2013-01-20 23:15:07 -08:00
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_TOS 1 3 4 8
|
|
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_TTL 1 3 4 8
|
|
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT 0 -- 4 4
|
|
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_CSUM 0 -- 4 4
|
2014-05-27 21:50:35 -07:00
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_OAM 0 -- 4 4
|
2014-06-05 19:07:32 -07:00
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS 256 -- 4 260
|
2015-02-14 15:13:17 +01:00
|
|
|
|
* - OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS - -- - - (shared with _GENEVE_OPTS)
|
2013-01-20 23:15:07 -08:00
|
|
|
|
* OVS_KEY_ATTR_IN_PORT 4 -- 4 8
|
|
|
|
|
|
* OVS_KEY_ATTR_SKB_MARK 4 -- 4 8
|
2014-06-12 22:39:51 -07:00
|
|
|
|
* OVS_KEY_ATTR_DP_HASH 4 -- 4 8
|
|
|
|
|
|
* OVS_KEY_ATTR_RECIRC_ID 4 -- 4 8
|
Add support for connection tracking.
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
|
|
|
|
* OVS_KEY_ATTR_CT_STATE 4 -- 4 8
|
|
|
|
|
|
* OVS_KEY_ATTR_CT_ZONE 2 2 4 8
|
Add connection tracking mark support.
This patch adds a new 32-bit metadata field to the connection tracking
interface. When a mark is specified as part of the ct action and the
connection is committed, the value is saved with the current connection.
Subsequent ct lookups with the table specified will expose this metadata
as the "ct_mark" field in the flow.
For example, to allow new TCP connections from port 1->2 and only allow
established connections from port 2->1, and to associate a mark with those
connections:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2
table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1)
table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
|
|
|
|
* OVS_KEY_ATTR_CT_MARK 4 -- 4 8
|
Add connection tracking label support.
This patch adds a new 128-bit metadata field to the connection tracking
interface. When a label is specified as part of the ct action and the
connection is committed, the value is saved with the current connection.
Subsequent ct lookups with the table specified will expose this metadata
as the "ct_label" field in the flow.
For example, to allow new TCP connections from port 1->2 and only allow
established connections from port 2->1, and to associate a label with
those connections:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2
table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1)
table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
|
|
|
|
* OVS_KEY_ATTR_CT_LABEL 16 -- 4 20
|
2017-03-08 17:18:23 -08:00
|
|
|
|
* OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV6 40 -- 4 44
|
2017-07-18 21:49:39 -07:00
|
|
|
|
* OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV4 - -- - - (exclusive of_CT_ORIG_TUPLE_IPV6)
|
2013-01-20 23:15:07 -08:00
|
|
|
|
* OVS_KEY_ATTR_ETHERNET 12 -- 4 16
|
|
|
|
|
|
* OVS_KEY_ATTR_ETHERTYPE 2 2 4 8 (outer VLAN ethertype)
|
2014-08-06 14:15:52 -07:00
|
|
|
|
* OVS_KEY_ATTR_VLAN 2 2 4 8
|
2013-01-20 23:15:07 -08:00
|
|
|
|
* OVS_KEY_ATTR_ENCAP 0 -- 4 4 (VLAN encapsulation)
|
|
|
|
|
|
* OVS_KEY_ATTR_ETHERTYPE 2 2 4 8 (inner VLAN ethertype)
|
|
|
|
|
|
* OVS_KEY_ATTR_IPV6 40 -- 4 44
|
|
|
|
|
|
* OVS_KEY_ATTR_ICMPV6 2 2 4 8
|
|
|
|
|
|
* OVS_KEY_ATTR_ND 28 -- 4 32
|
|
|
|
|
|
* ----------------------------------------------------------
|
2017-03-08 17:18:23 -08:00
|
|
|
|
* total 616
|
2012-05-15 12:50:57 -07:00
|
|
|
|
*
|
|
|
|
|
|
* We include some slack space in case the calculation isn't quite right or we
|
|
|
|
|
|
* add another field and forget to adjust this value.
|
2011-02-06 22:46:27 -08:00
|
|
|
|
*/
|
2015-11-25 11:31:11 -02:00
|
|
|
|
#define ODPUTIL_FLOW_KEY_BYTES 640
|
userspace: Add support for NSH MD1 match fields
This patch adds support for NSH packet header fields to the OVS
control plane and the userspace datapath. Initially we support the
fields of the NSH base header as defined in
https://www.ietf.org/id/draft-ietf-sfc-nsh-13.txt
and the fixed context headers specified for metadata format MD1.
The variable length MD2 format is parsed but the TLV context headers
are not yet available for matching.
The NSH fields are modelled as experimenter fields with the dedicated
experimenter class 0x005ad650 proposed for NSH in ONF. The following
fields are defined:
NXOXM code ofctl name Size Comment
=====================================================================
NXOXM_NSH_FLAGS nsh_flags 8 Bits 2-9 of 1st NSH word
(0x005ad650,1)
NXOXM_NSH_MDTYPE nsh_mdtype 8 Bits 16-23
(0x005ad650,2)
NXOXM_NSH_NEXTPROTO nsh_np 8 Bits 24-31
(0x005ad650,3)
NXOXM_NSH_SPI nsh_spi 24 Bits 0-23 of 2nd NSH word
(0x005ad650,4)
NXOXM_NSH_SI nsh_si 8 Bits 24-31
(0x005ad650,5)
NXOXM_NSH_C1 nsh_c1 32 Maskable, nsh_mdtype==1
(0x005ad650,6)
NXOXM_NSH_C2 nsh_c2 32 Maskable, nsh_mdtype==1
(0x005ad650,7)
NXOXM_NSH_C3 nsh_c3 32 Maskable, nsh_mdtype==1
(0x005ad650,8)
NXOXM_NSH_C4 nsh_c4 32 Maskable, nsh_mdtype==1
(0x005ad650,9)
Co-authored-by: Johnson Li <johnson.li@intel.com>
Signed-off-by: Yi Yang <yi.y.yang@intel.com>
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2017-08-05 13:41:08 +08:00
|
|
|
|
BUILD_ASSERT_DECL(FLOW_WC_SEQ == 40);
|
2011-02-06 22:46:27 -08:00
|
|
|
|
|
2011-03-02 13:25:10 -08:00
|
|
|
|
/* A buffer with sufficient size and alignment to hold an nlattr-formatted flow
|
|
|
|
|
|
* key. An array of "struct nlattr" might not, in theory, be sufficiently
|
|
|
|
|
|
* aligned because it only contains 16-bit types. */
|
|
|
|
|
|
struct odputil_keybuf {
|
|
|
|
|
|
uint32_t keybuf[DIV_ROUND_UP(ODPUTIL_FLOW_KEY_BYTES, 4)];
|
|
|
|
|
|
};
|
2010-10-11 13:31:35 -07:00
|
|
|
|
|
2016-04-19 18:36:04 -07:00
|
|
|
|
enum odp_key_fitness odp_tun_key_from_attr(const struct nlattr *,
|
2013-06-05 14:28:48 +09:00
|
|
|
|
struct flow_tnl *);
|
2018-01-06 13:47:51 +08:00
|
|
|
|
enum odp_key_fitness odp_nsh_key_from_attr(const struct nlattr *,
|
|
|
|
|
|
struct flow_nsh *);
|
|
|
|
|
|
enum odp_key_fitness odp_nsh_hdr_from_attr(const struct nlattr *,
|
|
|
|
|
|
struct nsh_hdr *, size_t size);
|
2013-06-05 14:28:48 +09:00
|
|
|
|
|
2014-11-12 09:49:22 -08:00
|
|
|
|
int odp_ufid_from_string(const char *s_, ovs_u128 *ufid);
|
2014-09-24 16:26:35 +12:00
|
|
|
|
void odp_format_ufid(const ovs_u128 *ufid, struct ds *);
|
2016-04-19 18:36:04 -07:00
|
|
|
|
|
2013-06-19 07:15:10 +00:00
|
|
|
|
void odp_flow_format(const struct nlattr *key, size_t key_len,
|
|
|
|
|
|
const struct nlattr *mask, size_t mask_len,
|
2013-09-23 22:58:46 -07:00
|
|
|
|
const struct hmap *portno_names, struct ds *,
|
|
|
|
|
|
bool verbose);
|
2011-01-23 18:44:44 -08:00
|
|
|
|
void odp_flow_key_format(const struct nlattr *, size_t, struct ds *);
|
2013-06-19 07:15:10 +00:00
|
|
|
|
int odp_flow_from_string(const char *s,
|
|
|
|
|
|
const struct simap *port_names,
|
|
|
|
|
|
struct ofpbuf *, struct ofpbuf *);
|
2010-10-11 13:31:35 -07:00
|
|
|
|
|
2017-03-15 18:39:57 -07:00
|
|
|
|
/* ODP_SUPPORT_FIELD(TYPE, FIELD_NAME, FIELD_DESCRIPTION)
|
|
|
|
|
|
*
|
|
|
|
|
|
* Each 'ODP_SUPPORT_FIELD' defines a member in 'struct odp_support',
|
|
|
|
|
|
* and represents support for related OVS_KEY_ATTR_* fields.
|
|
|
|
|
|
* They are defined as macros to keep 'dpif_show_support()' in sync
|
|
|
|
|
|
* as new fields are added. */
|
|
|
|
|
|
#define ODP_SUPPORT_FIELDS \
|
|
|
|
|
|
/* Maximum number of 802.1q VLAN headers to serialize in a mask. */ \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(size_t, max_vlan_headers, "Max VLAN headers") \
|
|
|
|
|
|
/* Maximum number of MPLS label stack entries to serialise in a mask. */ \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(size_t, max_mpls_depth, "Max MPLS depth") \
|
|
|
|
|
|
/* If this is true, then recirculation fields will always be \
|
|
|
|
|
|
* serialised. */ \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(bool, recirc, "Recirc") \
|
|
|
|
|
|
/* If true, serialise the corresponding OVS_KEY_ATTR_CONN_* field. */ \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(bool, ct_state, "CT state") \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(bool, ct_zone, "CT zone") \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(bool, ct_mark, "CT mark") \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(bool, ct_label, "CT label") \
|
|
|
|
|
|
\
|
|
|
|
|
|
/* If true, it means that the datapath supports the NAT bits in \
|
|
|
|
|
|
* 'ct_state'. The above 'ct_state' member must be true for this \
|
|
|
|
|
|
* to make sense */ \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(bool, ct_state_nat, "CT state NAT") \
|
|
|
|
|
|
\
|
|
|
|
|
|
/* Conntrack original direction tuple matching * supported. */ \
|
2017-06-02 09:38:47 -07:00
|
|
|
|
ODP_SUPPORT_FIELD(bool, ct_orig_tuple, "CT orig tuple") \
|
|
|
|
|
|
ODP_SUPPORT_FIELD(bool, ct_orig_tuple6, "CT orig tuple for IPv6")
|
2017-03-15 18:39:57 -07:00
|
|
|
|
|
2015-06-30 16:43:03 -07:00
|
|
|
|
/* Indicates support for various fields. This defines how flows will be
|
|
|
|
|
|
* serialised. */
|
|
|
|
|
|
struct odp_support {
|
2017-03-15 18:39:57 -07:00
|
|
|
|
#define ODP_SUPPORT_FIELD(TYPE, NAME, TITLE) TYPE NAME;
|
|
|
|
|
|
ODP_SUPPORT_FIELDS
|
|
|
|
|
|
#undef ODP_SUPPORT_FIELD
|
2015-06-30 16:43:03 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
2015-06-16 11:15:28 -07:00
|
|
|
|
struct odp_flow_key_parms {
|
|
|
|
|
|
/* The flow and mask to be serialized. In the case of masks, 'flow'
|
|
|
|
|
|
* is used as a template to determine how to interpret 'mask'. For
|
|
|
|
|
|
* example, the 'dl_type' of 'mask' describes the mask, but it doesn't
|
|
|
|
|
|
* indicate whether the other fields should be interpreted as ARP, IPv4,
|
|
|
|
|
|
* IPv6, etc. */
|
|
|
|
|
|
const struct flow *flow;
|
|
|
|
|
|
const struct flow *mask;
|
|
|
|
|
|
|
2015-06-30 16:43:03 -07:00
|
|
|
|
/* Indicates support for various fields. If the datapath supports a field,
|
|
|
|
|
|
* then it will always be serialised. */
|
|
|
|
|
|
struct odp_support support;
|
2015-06-19 13:54:13 -07:00
|
|
|
|
|
2017-03-01 17:47:59 -05:00
|
|
|
|
/* Indicates if we are probing datapath capability. If true, ignore the
|
|
|
|
|
|
* configured flow limits. */
|
|
|
|
|
|
bool probe;
|
|
|
|
|
|
|
2015-06-19 13:54:13 -07:00
|
|
|
|
/* The netlink formatted version of the flow. It is used in cases where
|
|
|
|
|
|
* the mask cannot be constructed from the OVS internal representation
|
|
|
|
|
|
* and needs to see the original form. */
|
|
|
|
|
|
const struct ofpbuf *key_buf;
|
2015-06-16 11:15:28 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
void odp_flow_key_from_flow(const struct odp_flow_key_parms *, struct ofpbuf *);
|
|
|
|
|
|
void odp_flow_key_from_mask(const struct odp_flow_key_parms *, struct ofpbuf *);
|
2011-11-23 10:26:02 -08:00
|
|
|
|
|
|
|
|
|
|
uint32_t odp_flow_key_hash(const struct nlattr *, size_t);
|
|
|
|
|
|
|
2013-12-30 15:58:58 -08:00
|
|
|
|
/* Estimated space needed for metadata. */
|
|
|
|
|
|
enum { ODP_KEY_METADATA_SIZE = 9 * 8 };
|
2017-06-02 16:16:17 +00:00
|
|
|
|
void odp_key_from_dp_packet(struct ofpbuf *, const struct dp_packet *);
|
|
|
|
|
|
void odp_key_to_dp_packet(const struct nlattr *key, size_t key_len,
|
|
|
|
|
|
struct dp_packet *md);
|
2013-12-30 15:58:58 -08:00
|
|
|
|
|
2011-11-23 10:26:02 -08:00
|
|
|
|
/* How well a kernel-provided flow key (a sequence of OVS_KEY_ATTR_*
|
|
|
|
|
|
* attributes) matches OVS userspace expectations.
|
|
|
|
|
|
*
|
|
|
|
|
|
* These values are arranged so that greater values are "more important" than
|
|
|
|
|
|
* lesser ones. In particular, a single flow key can fit the descriptions for
|
|
|
|
|
|
* both ODP_FIT_TOO_LITTLE and ODP_FIT_TOO_MUCH. Such a key is treated as
|
|
|
|
|
|
* ODP_FIT_TOO_LITTLE. */
|
|
|
|
|
|
enum odp_key_fitness {
|
|
|
|
|
|
ODP_FIT_PERFECT, /* The key had exactly the fields we expect. */
|
|
|
|
|
|
ODP_FIT_TOO_MUCH, /* The key had fields we don't understand. */
|
|
|
|
|
|
ODP_FIT_TOO_LITTLE, /* The key lacked fields we expected to see. */
|
|
|
|
|
|
ODP_FIT_ERROR, /* The key was invalid. */
|
|
|
|
|
|
};
|
|
|
|
|
|
enum odp_key_fitness odp_flow_key_to_flow(const struct nlattr *, size_t,
|
|
|
|
|
|
struct flow *);
|
2015-06-19 13:54:13 -07:00
|
|
|
|
enum odp_key_fitness odp_flow_key_to_mask(const struct nlattr *mask_key,
|
|
|
|
|
|
size_t mask_key_len,
|
2015-12-07 17:30:25 -08:00
|
|
|
|
struct flow_wildcards *mask,
|
2013-08-20 10:40:50 -07:00
|
|
|
|
const struct flow *flow);
|
2017-06-13 18:03:38 +03:00
|
|
|
|
int parse_key_and_mask_to_match(const struct nlattr *key, size_t key_len,
|
|
|
|
|
|
const struct nlattr *mask, size_t mask_len,
|
|
|
|
|
|
struct match *match);
|
2015-06-29 18:01:59 -07:00
|
|
|
|
|
2012-01-16 12:37:44 -08:00
|
|
|
|
const char *odp_key_fitness_to_string(enum odp_key_fitness);
|
2010-10-11 13:31:35 -07:00
|
|
|
|
|
2012-12-14 19:14:54 -08:00
|
|
|
|
void commit_odp_tunnel_action(const struct flow *, struct flow *base,
|
|
|
|
|
|
struct ofpbuf *odp_actions);
|
2014-09-05 15:44:19 -07:00
|
|
|
|
void commit_masked_set_action(struct ofpbuf *odp_actions,
|
|
|
|
|
|
enum ovs_key_attr key_type, const void *key,
|
|
|
|
|
|
const void *mask, size_t key_size);
|
2013-10-09 17:28:05 -07:00
|
|
|
|
enum slow_path_reason commit_odp_actions(const struct flow *,
|
|
|
|
|
|
struct flow *base,
|
|
|
|
|
|
struct ofpbuf *odp_actions,
|
2014-09-05 16:00:49 -07:00
|
|
|
|
struct flow_wildcards *wc,
|
OF support and translation of generic encap and decap
This commit adds support for the OpenFlow actions generic encap
and decap (as specified in ONF EXT-382) to the OVS control plane.
CLI syntax for encap action with properties:
encap(<header>)
encap(<header>(<prop>=<value>,<tlv>(<class>,<type>,<value>),...))
For example:
encap(ethernet)
encap(nsh(md_type=1))
encap(nsh(md_type=2,tlv(0x1000,10,0x12345678),tlv(0x2000,20,0xfedcba9876543210)))
CLI syntax for decap action:
decap()
decap(packet_type(ns=<pt_ns>,type=<pt_type>))
For example:
decap()
decap(packet_type(ns=0,type=0xfffe))
decap(packet_type(ns=1,type=0x894f))
The first header supported for encap and decap is "ethernet" to convert
packets between packet_type (1,Ethertype) and (0,0).
This commit also implements a skeleton for the translation of generic
encap and decap actions in ofproto-dpif and adds support to encap and
decap an Ethernet header.
In general translation of encap commits pending actions and then rewrites
struct flow in accordance with the new packet type and header. In the
case of encap(ethernet) it suffices to change the packet type from
(1, Ethertype) to (0,0) and set the dl_type accordingly. A new
pending_encap flag in xlate ctx is set to mark that an corresponding
datapath encap action must be triggered at the next commit. In the
case of encap(ethernet) ofproto generetas a push_eth action.
The general case for translation of decap() is to emit a datapath action
to decap the current outermost header and then recirculate the packet
to reparse the inner headers. In the special case of an Ethernet packet,
decap() just changes the packet type from (0,0) to (1, dl_type) without
a need to recirculate. The emission of the pop_eth action for the
datapath is postponed to the next commit.
Hence encap(ethernet) and decap() on an Ethernet packet are OF octions
that only incur a cost in the dataplane when a modifed packet is
actually committed, e.g. because it is sent out. They can freely be
used for normalizing the packet type in the OF pipeline without
degrading performance.
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com>
Signed-off-by: Yi Yang <yi.y.yang@intel.com>
Signed-off-by: Zoltan Balogh <zoltan.balogh@ericsson.com>
Co-authored-by: Zoltan Balogh <zoltan.balogh@ericsson.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2017-08-02 16:04:12 +08:00
|
|
|
|
bool use_masked,
|
2017-08-05 13:41:11 +08:00
|
|
|
|
bool pending_encap,
|
|
|
|
|
|
struct ofpbuf *encap_data);
|
2012-05-04 14:52:36 -07:00
|
|
|
|
�
|
|
|
|
|
|
/* ofproto-dpif interface.
|
|
|
|
|
|
*
|
|
|
|
|
|
* The following types and functions are logically part of ofproto-dpif.
|
|
|
|
|
|
* ofproto-dpif puts values of these types into the flows that it installs in
|
|
|
|
|
|
* the kernel datapath, though, so ovs-dpctl needs to interpret them so that
|
|
|
|
|
|
* it can print flows in a more human-readable manner. */
|
|
|
|
|
|
|
2011-09-28 10:43:07 -07:00
|
|
|
|
enum user_action_cookie_type {
|
|
|
|
|
|
USER_ACTION_COOKIE_UNSPEC,
|
2013-04-22 10:01:14 -07:00
|
|
|
|
USER_ACTION_COOKIE_SFLOW, /* Packet for per-bridge sFlow sampling. */
|
|
|
|
|
|
USER_ACTION_COOKIE_SLOW_PATH, /* Userspace must process this flow. */
|
|
|
|
|
|
USER_ACTION_COOKIE_FLOW_SAMPLE, /* Packet for per-flow sampling. */
|
|
|
|
|
|
USER_ACTION_COOKIE_IPFIX, /* Packet for per-bridge IPFIX sampling. */
|
2011-09-28 10:43:07 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
2016-11-23 11:46:32 -08:00
|
|
|
|
/* user_action_cookie is passed as argument to OVS_ACTION_ATTR_USERSPACE. */
|
2012-05-04 14:56:40 -07:00
|
|
|
|
union user_action_cookie {
|
2012-05-09 09:36:08 -07:00
|
|
|
|
uint16_t type; /* enum user_action_cookie_type. */
|
|
|
|
|
|
|
2012-05-04 14:56:40 -07:00
|
|
|
|
struct {
|
|
|
|
|
|
uint16_t type; /* USER_ACTION_COOKIE_SFLOW. */
|
|
|
|
|
|
ovs_be16 vlan_tci; /* Destination VLAN TCI. */
|
|
|
|
|
|
uint32_t output; /* SFL_FLOW_SAMPLE_TYPE 'output' value. */
|
|
|
|
|
|
} sflow;
|
2011-09-28 10:43:07 -07:00
|
|
|
|
|
2012-05-04 14:52:36 -07:00
|
|
|
|
struct {
|
|
|
|
|
|
uint16_t type; /* USER_ACTION_COOKIE_SLOW_PATH. */
|
|
|
|
|
|
uint16_t unused;
|
|
|
|
|
|
uint32_t reason; /* enum slow_path_reason. */
|
|
|
|
|
|
} slow_path;
|
2013-04-22 10:01:14 -07:00
|
|
|
|
|
|
|
|
|
|
struct {
|
|
|
|
|
|
uint16_t type; /* USER_ACTION_COOKIE_FLOW_SAMPLE. */
|
|
|
|
|
|
uint16_t probability; /* Sampling probability. */
|
|
|
|
|
|
uint32_t collector_set_id; /* ID of IPFIX collector set. */
|
|
|
|
|
|
uint32_t obs_domain_id; /* Observation Domain ID. */
|
|
|
|
|
|
uint32_t obs_point_id; /* Observation Point ID. */
|
ipfix: Support tunnel information for Flow IPFIX.
Add support to export tunnel information for flow-based IPFIX.
The original steps to configure flow level IPFIX:
1) Create a new record in Flow_Sample_Collector_Set table:
'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
2) Add IPFIX configuration which is referred by corresponding
row in Flow_Sample_Collector_Set table:
'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX
targets=\"IP:4739\" obs_domain_id=123 obs_point_id=456
cache_active_timeout=60 cache_max_flows=13'
3) Add sample action to the flows:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,
obs_domain_id=123,obs_point_id=456')',output:3'
NXAST_SAMPLE action was used in step 3. In order to support exporting tunnel
information, the NXAST_SAMPLE2 action was added and with NXAST_SAMPLE2 action
in this patch, the step 3 should be configured like below:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
'sampling_port' can be equal to ingress port or one of egress ports. If sampling
port is equal to output port and the output port is a tunnel port,
OVS_USERSPACE_ATTR_EGRESS_TUN_PORT will be set in the datapath flow sample action.
When flow sample action upcall happens, tunnel information will be retrieved from
the datapath and then IPFIX can export egress tunnel port information. If
samping_port=65535 (OFPP_NONE), flow-based IPFIX will keep the same behavior
as before.
This patch mainly do three tasks:
1) Add a new flow sample action NXAST_SAMPLE2 to support exporting
tunnel information. NXAST_SAMPLE2 action has a new added field
'sampling_port'.
2) Use 'other_configure: enable-tunnel-sampling' to enable or disable
exporting tunnel information.
3) If 'sampling_port' is equal to output port and output port is a tunnel
port, the translation of OpenFlow "sample" action should first emit
set(tunnel(...)), then the sample action itself. It makes sure the
egress tunnel information can be sampled.
4) Add a test of flow-based IPFIX for tunnel set.
How to test flow-based IPFIX:
1) Setup a test environment with two Linux host with Docker supported
2) Create a Docker container and a GRE tunnel port on each host
3) Use ovs-docker to add the container on the bridge
4) Listen on port 4739 on the collector machine and use wireshark to filter
'cflow' packets.
5) Configure flow-based IPFIX:
- 'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
- 'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX \
targets=\"IP:4739\" cache_active_timeout=60 cache_max_flows=13 \
other_config:enable-tunnel-sampling=true'
- 'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
Note: The in-port is container port. The output port and sampling_port
are both open flow port and the output port is a GRE tunnel port.
6) Ping from the container whose host enabled flow-based IPFIX.
7) Get the IPFIX template pakcets and IPFIX information packets.
Signed-off-by: Benli Ye <daniely@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2016-06-14 16:53:34 +08:00
|
|
|
|
odp_port_t output_odp_port; /* The output odp port. */
|
2016-11-23 23:15:19 -08:00
|
|
|
|
enum nx_action_sample_direction direction;
|
2013-04-22 10:01:14 -07:00
|
|
|
|
} flow_sample;
|
|
|
|
|
|
|
|
|
|
|
|
struct {
|
2014-08-17 20:19:36 -07:00
|
|
|
|
uint16_t type; /* USER_ACTION_COOKIE_IPFIX. */
|
|
|
|
|
|
odp_port_t output_odp_port; /* The output odp port. */
|
2013-04-22 10:01:14 -07:00
|
|
|
|
} ipfix;
|
2012-05-04 14:52:36 -07:00
|
|
|
|
};
|
2016-11-23 23:15:19 -08:00
|
|
|
|
BUILD_ASSERT_DECL(sizeof(union user_action_cookie) == 24);
|
2011-09-28 10:43:07 -07:00
|
|
|
|
|
2011-10-25 16:54:42 -07:00
|
|
|
|
size_t odp_put_userspace_action(uint32_t pid,
|
2013-02-15 16:48:32 -08:00
|
|
|
|
const void *userdata, size_t userdata_size,
|
2014-08-17 20:19:36 -07:00
|
|
|
|
odp_port_t tunnel_out_port,
|
2015-07-17 21:37:02 -07:00
|
|
|
|
bool include_actions,
|
2011-10-25 16:54:42 -07:00
|
|
|
|
struct ofpbuf *odp_actions);
|
2012-12-14 19:14:54 -08:00
|
|
|
|
void odp_put_tunnel_action(const struct flow_tnl *tunnel,
|
|
|
|
|
|
struct ofpbuf *odp_actions);
|
2011-11-28 14:14:23 -08:00
|
|
|
|
|
2014-11-11 11:53:47 -08:00
|
|
|
|
void odp_put_tnl_push_action(struct ofpbuf *odp_actions,
|
|
|
|
|
|
struct ovs_action_push_tnl *data);
|
2017-05-06 15:49:43 +00:00
|
|
|
|
|
|
|
|
|
|
void odp_put_pop_eth_action(struct ofpbuf *odp_actions);
|
|
|
|
|
|
void odp_put_push_eth_action(struct ofpbuf *odp_actions,
|
|
|
|
|
|
const struct eth_addr *eth_src,
|
|
|
|
|
|
const struct eth_addr *eth_dst);
|
|
|
|
|
|
|
2017-09-18 07:16:02 +03:00
|
|
|
|
struct attr_len_tbl {
|
|
|
|
|
|
int len;
|
|
|
|
|
|
const struct attr_len_tbl *next;
|
|
|
|
|
|
int next_max;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
#define ATTR_LEN_INVALID -1
|
|
|
|
|
|
#define ATTR_LEN_VARIABLE -2
|
|
|
|
|
|
#define ATTR_LEN_NESTED -3
|
|
|
|
|
|
|
|
|
|
|
|
extern const struct attr_len_tbl ovs_flow_key_attr_lens[OVS_KEY_ATTR_MAX + 1];
|
2009-07-08 13:19:16 -07:00
|
|
|
|
#endif /* odp-util.h */
|
