mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-09-06 17:26:27 +00:00
Code Issues Releases Wiki Activity
Files
b8786b188ddac5789fd1b228613b514e19a5782a
ovs/lib/odp-util.c

5376 lines
174 KiB
C
Raw Normal View History

Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
/*
Extend sFlow agent to report tunnel and MPLS structures Packets are still sampled at ingress only, so the egress tunnel and/or MPLS structures are only included when there is just 1 output port. The actions are either provided by the datapath in the sample upcall or looked up in the userspace cache. The former is preferred because it is more reliable and does not present any new demands or constraints on the userspace cache, however the code falls back on the userspace lookup so that this solution can work with existing kernel datapath modules. If the lookup fails it is not critical: the compiled user-action-cookie is still available and provides the essential output port and output VLAN forwarding information just as before. The openvswitch actions can express almost any tunneling/mangling so the only totally faithful representation would be to somehow encode the whole list of flow actions in the sFlow output. However the standard sFlow tunnel structures can express most common real-world scenarios, so in parsing the actions we look for those and skip the encoding if we see anything unusual. For example, a single set(tunnel()) or tnl_push() is interpreted, but if a second such action is encountered then the egress tunnel reporting is suppressed. The sFlow standard allows "best effort" encoding so that if a field is not knowable or too onerous to look up then it can be left out. This is often the case for the layer-4 source port or even the src ip address of a tunnel. The assumption is that monitoring is enabled everywhere so a missing field can typically be seen at ingress to the next switch in the path. This patch also adds unit tests to check the sFlow encoding of set(tunnel()), tnl_push() and push_mpls() actions. The netlink attribute to request that actions be included in the upcall from the datapath is inserted for sFlow sampling only. To make that option be explicit would require further changes to the printing and parsing of actions in lib/odp-util.c, and to scripts in the test suite. Further enhancements to report on 802.1AD QinQ, 64-bit tunnel IDs, and NAT transformations can follow in future patches that make only incremental changes. Signed-off-by: Neil McKee <neil.mckee@inmon.com> [blp@nicira.com made stylistic and semantic changes] Signed-off-by: Ben Pfaff <blp@nicira.com>
2015-07-17 21:37:02 -07:00
* Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014, 2015 Nicira, Inc.
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
*
Update primary code license to Apache 2.0.
2009-06-15 15:11:30 -07:00
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
*
Update primary code license to Apache 2.0.
2009-06-15 15:11:30 -07:00
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
*/
#include <config.h>
odp-util: Include <config.h> first. Otherwise _GNU_SOURCE doesn't get defined early enough and on some systems LLONG_MIN is missing when odp-util.c tries to use it indirectly through token-bucket.h. Reported-by: Michael Hu <mhu@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-06-21 10:42:20 -07:00
#include <arpa/inet.h>
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include "odp-util.h"
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
#include <errno.h>
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include <inttypes.h>
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
#include <math.h>
Fix build on FreeBSD. Patch below fixes build on FreeBSD; tested on 10.0-CURRENT. Signed-off-by: Edward Tomasz Napierala <trasz@FreeBSD.org> Signed-off-by: Ben Pfaff <blp@nicira.com>
2011-11-01 13:25:49 +01:00
#include <netinet/in.h>
nicira-ext: Support matching IPv6 Neighbor Discovery messages. IPv6 uses Neighbor Discovery messages in a similar manner to how IPv4 uses ARP. This commit adds support for matching deeper into the payloads of Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages. Currently, the matching fields include: - NS and NA Target (nd_target) - NS Source Link Layer Address (nd_sll) - NA Target Link Layer Address (nd_tll) When defining IPv6 Neighbor Discovery rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-02-01 22:54:11 -08:00
#include <netinet/icmp6.h>
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include <stdlib.h>
#include <string.h>
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
#include "byte-order.h"
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include "coverage.h"
dpif: Use explicit packet metadata. This helps reduce confusion about when a flow is a flow and when it is just metadata. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-12-30 15:58:58 -08:00
#include "dpif.h"
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include "dynamic-string.h"
#include "flow.h"
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
#include "netlink.h"
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
#include "ofpbuf.h"
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include "packets.h"
simap: New data structure for string-to-integer maps. This commit adapts a couple of existing pieces of code to use the new data structure. The following commit will add another user (which is also the first use of the simap_increas() function). Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-22 10:32:02 -07:00
#include "simap.h"
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include "timeval.h"
tunnel: Geneve TLV handling support for OpenFlow. The current support for Geneve in OVS is exactly equivalent to VXLAN: it is possible to set and match on the VNI but not on any options contained in the header. This patch enables the use of options. The goal for Geneve support is not to add support for any particular option but to allow end users or controllers to specify what they would like to match. That is, the full range of Geneve's capabilities should be exposed without modifying the code (the one exception being options that require per-packet computation in the fast path). The main issue with supporting Geneve options is how to integrate the fields into the existing OpenFlow pipeline. All existing operations are referred to by their NXM/OXM field name - matches, action generation, arithmetic operations (i.e. tranfer to a register). However, the Geneve option space is exactly the same as the OXM space, so a direct mapping is not feasible. Instead, we create a pool of 64 NXMs that are then dynamically mapped on Geneve option TLVs using OpenFlow. Once mapped, these fields become first-class citizens in the OpenFlow pipeline. An example of how to use Geneve options: ovs-ofctl add-geneve-map br0 {class=0xffff,type=0,len=4}->tun_metadata0 ovs-ofctl add-flow br0 in_port=LOCAL,actions=set_field:0xffffffff->tun_metadata0,1 This will add a 4 bytes option (filled will all 1's) to all packets coming from the LOCAL port and then send then out to port 1. A limitation of this patch is that although the option table is specified for a particular switch over OpenFlow, it is currently global to all switches. This will be addressed in a future patch. Based on work originally done by Madhu Challa. Ben Pfaff also significantly improved the comments. Signed-off-by: Madhu Challa <challa@noironetworks.com> Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-04-30 18:09:57 -07:00
#include "tun-metadata.h"
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
#include "unaligned.h"
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
#include "util.h"
odp-util: Reuse UUID marshalling for UFID. Unique flow identifiers are really a UUID of sorts, so it makes sense to reuse the UUID string representations for UFID. Suggested-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-05-29 17:08:45 -07:00
#include "uuid.h"
lib: Move vlog.h to <openvswitch/vlog.h> A new function vlog_insert_module() is introduced to avoid using list_insert() from the vlog.h header. Signed-off-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-12-15 14:10:38 +01:00
#include "openvswitch/vlog.h"
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
VLOG_DEFINE_THIS_MODULE(odp_util);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
/* The interface between userspace and kernel uses an "OVS_*" prefix.
* Since this is fairly non-specific for the OVS userspace components,
* "ODP_*" (Open vSwitch Datapath) is used as the prefix for
* interactions with the datapath.
*/
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
/* The set of characters that may separate one action or one key attribute
* from another. */
static const char *delimiters = ", \t\r\n";
Add support for connection tracking helper/ALGs. This patch adds support for specifying a "helper" or ALG to assist connection tracking for protocols that consist of multiple streams. Initially, only support for FTP is included. Below is an example set of flows to allow FTP control connections from port 1->2 to establish active data connections in the reverse direction: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1) table=1,in_port=2,tcp,ct_state=+trk+est,action=1 table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-15 14:29:16 -07:00
static const char *delimiters_end = ", \t\r\n)";
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
struct attr_len_tbl {
int len;
const struct attr_len_tbl *next;
int next_max;
};
#define ATTR_LEN_INVALID -1
#define ATTR_LEN_VARIABLE -2
#define ATTR_LEN_NESTED -3
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
static int parse_odp_key_mask_attr(const char *, const struct simap *port_names,
struct ofpbuf *, struct ofpbuf *);
static void format_odp_key_attr(const struct nlattr *a,
ovs-dpctl, ofproto/trace: Show and handle the in_port name in flows. With this commit, whenever the verbosity is enabled with '-m' option, the ovs-dpctl dump-flows command will display the flows with in_port field showing the name instead of a port number. Conversely, one can also use a name in the in_port field with del-flow, add-flow and mod-flow commands of ovs-dpctl. One should also be able to use the port name when supplying the datapath flow as an input to ofproto/trace command. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-09-23 22:58:46 -07:00
const struct nlattr *ma,
const struct hmap *portno_names, struct ds *ds,
odp-util: add verbose mode for displaying dp flow. When verbose mode tuned on, all dp flow fields described by the netlink attributes are displayed, including fully wildcarded attributes. Otherwise, the fully wildcarded attributes are omitted for brevity. Added -m option to "ovs-dpctl dump-flows" to enable verbose mode. It is off by default. Signed-off-by: Andy Zhou <azhou@nicira.com> [blp@nicira.com added documentation] Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-03 12:23:14 -07:00
bool verbose);
odp-util: Adjust style. Usually we don't put a new-line in prototypes unless we have to. I also think that this comment deserves to be higher up in the file, so I moved it.
2011-11-07 09:14:46 -08:00
tunneling: Userspace datapath support for Geneve options. Currently the userspace datapath only supports Geneve in a basic mode - without options - since the rest of userspace previously didn't support options either. This enables the userspace datapath to send and receive options as well. The receive path for extracting the tunnel options isn't entirely optimal because it does a lookup on the options on a per-packet basis, rather than per-flow like the kernel does. This is not as straightforward to do in the userspace datapath since there is no translation step between packet formats used in packet vs. flow lookup. This can be optimized in the future and in the meantime option support is still useful for testing and simulation. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-22 14:23:37 -07:00
struct geneve_scan {
struct geneve_opt d[63];
int len;
};
static int scan_geneve(const char *s, struct geneve_scan *key,
struct geneve_scan *mask);
static void format_geneve_opts(const struct geneve_opt *opt,
const struct geneve_opt *mask, int opts_len,
struct ds *, bool verbose);
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
static struct nlattr *generate_all_wildcard_mask(const struct attr_len_tbl tbl[],
int max, struct ofpbuf *,
const struct nlattr *key);
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
static void format_u128(struct ds *ds, const ovs_u128 *value,
const ovs_u128 *mask, bool verbose);
static int scan_u128(const char *s, ovs_u128 *value, ovs_u128 *mask);
datapath: Move Netlink PID for userspace actions from flows to actions. Commit b063d9f06 "datapath: Use unicast Netlink sockets for upcalls" that switched from multicast to unicast Netlink for sending upcalls added a Netlink PID to each kernel flow, used by OVS_ACTION_ATTR_USERSPACE actions within the flow as target. This commit drops this per-flow PID in favor of a per-action PID, because that is more flexible. It does not yet make use of this additional flexibility, so behavior should not change. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7559.
2011-10-12 16:24:54 -07:00
/* Returns one the following for the action with the given OVS_ACTION_ATTR_*
* 'type':
*
* - For an action whose argument has a fixed length, returned that
* nonnegative length in bytes.
*
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
* - For an action with a variable-length argument, returns ATTR_LEN_VARIABLE.
datapath: Move Netlink PID for userspace actions from flows to actions. Commit b063d9f06 "datapath: Use unicast Netlink sockets for upcalls" that switched from multicast to unicast Netlink for sending upcalls added a Netlink PID to each kernel flow, used by OVS_ACTION_ATTR_USERSPACE actions within the flow as target. This commit drops this per-flow PID in favor of a per-action PID, because that is more flexible. It does not yet make use of this additional flexibility, so behavior should not change. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7559.
2011-10-12 16:24:54 -07:00
*
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
* - For an invalid 'type', returns ATTR_LEN_INVALID. */
datapath: Refactor actions in terms of match fields. Almost all current actions can be expressed in the form of push/pop/set <field>, where field is one of the match fields. We can create three base actions and take a field. This has both a nice symmetry and avoids inconsistencies where we can match on the vlan TPID but not set it. Following patch converts all actions to this new format. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7115
2011-10-21 14:38:54 -07:00
static int
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
odp_action_len(uint16_t type)
{
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
if (type > OVS_ACTION_ATTR_MAX) {
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
return -1;
}
datapath-protocol: Rename enums for consistency. Most of the enum tags in this file are lowercased versions of the uppercase enum prefixes (or slightly less abbreviated versions, e.g. "dp" becomes "datapath"). This commit fixes up the others for consistency. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-10-05 09:59:51 -07:00
switch ((enum ovs_action_attr) type) {
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
case OVS_ACTION_ATTR_OUTPUT: return sizeof(uint32_t);
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
case OVS_ACTION_ATTR_TUNNEL_PUSH: return ATTR_LEN_VARIABLE;
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
case OVS_ACTION_ATTR_TUNNEL_POP: return sizeof(uint32_t);
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
case OVS_ACTION_ATTR_USERSPACE: return ATTR_LEN_VARIABLE;
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
case OVS_ACTION_ATTR_PUSH_VLAN: return sizeof(struct ovs_action_push_vlan);
case OVS_ACTION_ATTR_POP_VLAN: return 0;
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
case OVS_ACTION_ATTR_PUSH_MPLS: return sizeof(struct ovs_action_push_mpls);
case OVS_ACTION_ATTR_POP_MPLS: return sizeof(ovs_be16);
dpif-netdev: Move hash function out of the recirc action, into its own action Currently recirculation action can optionally compute hash. This patch adds a hash action that is independent of the recirc action, which no longer computes hash. For megaflow bond with recirc, the output to a bond port action will look like: hash(hash_l4(0)), recirc(<recirc_id>) Obviously, when a recirculation application that does not depend on hash value can just use the recirc action alone. Signed-off-by: Andy Zhou <azhou@nicira.com> Reviewed-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp> Acked-by: Pravin B Shelar <pshelar@nicira.com
2014-04-08 18:42:39 -07:00
case OVS_ACTION_ATTR_RECIRC: return sizeof(uint32_t);
case OVS_ACTION_ATTR_HASH: return sizeof(struct ovs_action_hash);
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
case OVS_ACTION_ATTR_SET: return ATTR_LEN_VARIABLE;
case OVS_ACTION_ATTR_SET_MASKED: return ATTR_LEN_VARIABLE;
case OVS_ACTION_ATTR_SAMPLE: return ATTR_LEN_VARIABLE;
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
case OVS_ACTION_ATTR_CT: return ATTR_LEN_VARIABLE;
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_ACTION_ATTR_UNSPEC:
case __OVS_ACTION_ATTR_MAX:
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
return ATTR_LEN_INVALID;
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
}
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
return ATTR_LEN_INVALID;
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
}
odp-util: Avoid returning static data in ovs_key_attr_to_string(). Returning a static data buffer makes code more brittle and definitely not thread-safe, so this commit switches to using a caller-provided buffer instead. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ansis Atteka <aatteka@nicira.com>
2013-04-15 15:40:21 -07:00
/* Returns a string form of 'attr'. The return value is either a statically
* allocated constant string or the 'bufsize'-byte buffer 'namebuf'. 'bufsize'
* should be at least OVS_KEY_ATTR_BUFSIZE. */
enum { OVS_KEY_ATTR_BUFSIZE = 3 + INT_STRLEN(unsigned int) + 1 };
odp-util: New function ovs_key_attr_to_string(). This seems like a worthwhile improvement in itself, but it will also see additional users in upcoming commits.
2011-11-07 13:13:36 -08:00
static const char *
odp-util: Avoid returning static data in ovs_key_attr_to_string(). Returning a static data buffer makes code more brittle and definitely not thread-safe, so this commit switches to using a caller-provided buffer instead. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ansis Atteka <aatteka@nicira.com>
2013-04-15 15:40:21 -07:00
ovs_key_attr_to_string(enum ovs_key_attr attr, char *namebuf, size_t bufsize)
odp-util: New function ovs_key_attr_to_string(). This seems like a worthwhile improvement in itself, but it will also see additional users in upcoming commits.
2011-11-07 13:13:36 -08:00
{
switch (attr) {
case OVS_KEY_ATTR_UNSPEC: return "unspec";
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
case OVS_KEY_ATTR_ENCAP: return "encap";
vswitchd: log skb_mark and skb_priority This patch adds logging support for skb_mark and skb_priority. Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ansis Atteka <aatteka@nicira.com>
2012-11-29 14:36:49 -08:00
case OVS_KEY_ATTR_PRIORITY: return "skb_priority";
datapath: add skb mark matching and set action This patch adds support for skb mark matching and set action. Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ansis Atteka <aatteka@nicira.com>
2012-11-13 19:19:36 +02:00
case OVS_KEY_ATTR_SKB_MARK: return "skb_mark";
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
case OVS_KEY_ATTR_CT_STATE: return "ct_state";
case OVS_KEY_ATTR_CT_ZONE: return "ct_zone";
Add connection tracking mark support. This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
case OVS_KEY_ATTR_CT_MARK: return "ct_mark";
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
case OVS_KEY_ATTR_CT_LABELS: return "ct_label";
datapath: More flexible kernel/userspace tunneling attribute. Following patch breaks down single ipv4_tunnel netlink attribute into individual member attributes. It will help when we extend tunneling parameters in future. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #14611
2013-01-18 18:10:59 -08:00
case OVS_KEY_ATTR_TUNNEL: return "tunnel";
odp-util: New function ovs_key_attr_to_string(). This seems like a worthwhile improvement in itself, but it will also see additional users in upcoming commits.
2011-11-07 13:13:36 -08:00
case OVS_KEY_ATTR_IN_PORT: return "in_port";
case OVS_KEY_ATTR_ETHERNET: return "eth";
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
case OVS_KEY_ATTR_VLAN: return "vlan";
odp-util: New function ovs_key_attr_to_string(). This seems like a worthwhile improvement in itself, but it will also see additional users in upcoming commits.
2011-11-07 13:13:36 -08:00
case OVS_KEY_ATTR_ETHERTYPE: return "eth_type";
case OVS_KEY_ATTR_IPV4: return "ipv4";
case OVS_KEY_ATTR_IPV6: return "ipv6";
case OVS_KEY_ATTR_TCP: return "tcp";
TCP flags matching support. tcp_flags=flags/mask Bitwise match on TCP flags. The flags and mask are 16-bit num‐ bers written in decimal or in hexadecimal prefixed by 0x. Each 1-bit in mask requires that the corresponding bit in port must match. Each 0-bit in mask causes the corresponding bit to be ignored. TCP protocol currently defines 9 flag bits, and additional 3 bits are reserved (must be transmitted as zero), see RFCs 793, 3168, and 3540. The flag bits are, numbering from the least significant bit: 0: FIN No more data from sender. 1: SYN Synchronize sequence numbers. 2: RST Reset the connection. 3: PSH Push function. 4: ACK Acknowledgement field significant. 5: URG Urgent pointer field significant. 6: ECE ECN Echo. 7: CWR Congestion Windows Reduced. 8: NS Nonce Sum. 9-11: Reserved. 12-15: Not matchable, must be zero. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-10-28 13:54:40 -07:00
case OVS_KEY_ATTR_TCP_FLAGS: return "tcp_flags";
odp-util: New function ovs_key_attr_to_string(). This seems like a worthwhile improvement in itself, but it will also see additional users in upcoming commits.
2011-11-07 13:13:36 -08:00
case OVS_KEY_ATTR_UDP: return "udp";
ofproto-dpif: Add SCTP support Reviewed-by: Simon Horman <horms@verge.net.au> Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-22 20:24:44 +12:00
case OVS_KEY_ATTR_SCTP: return "sctp";
odp-util: New function ovs_key_attr_to_string(). This seems like a worthwhile improvement in itself, but it will also see additional users in upcoming commits.
2011-11-07 13:13:36 -08:00
case OVS_KEY_ATTR_ICMP: return "icmp";
case OVS_KEY_ATTR_ICMPV6: return "icmpv6";
case OVS_KEY_ATTR_ARP: return "arp";
case OVS_KEY_ATTR_ND: return "nd";
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
case OVS_KEY_ATTR_MPLS: return "mpls";
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
case OVS_KEY_ATTR_DP_HASH: return "dp_hash";
case OVS_KEY_ATTR_RECIRC_ID: return "recirc_id";
odp-util: New function ovs_key_attr_to_string(). This seems like a worthwhile improvement in itself, but it will also see additional users in upcoming commits.
2011-11-07 13:13:36 -08:00
case __OVS_KEY_ATTR_MAX:
default:
odp-util: Avoid returning static data in ovs_key_attr_to_string(). Returning a static data buffer makes code more brittle and definitely not thread-safe, so this commit switches to using a caller-provided buffer instead. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ansis Atteka <aatteka@nicira.com>
2013-04-15 15:40:21 -07:00
snprintf(namebuf, bufsize, "key%u", (unsigned int) attr);
return namebuf;
odp-util: New function ovs_key_attr_to_string(). This seems like a worthwhile improvement in itself, but it will also see additional users in upcoming commits.
2011-11-07 13:13:36 -08:00
}
}
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
static void
format_generic_odp_action(struct ds *ds, const struct nlattr *a)
{
odp-util: Improve formatting of bad ODP actions. nla_len is the size of a Netlink attribute including its header, but we only want to print the attribute payload, so use nl_attr_get_size() instead. Also, make it clear that what follows the "bad action" information is a dump of the action itself. Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 14:21:01 -08:00
size_t len = nl_attr_get_size(a);
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
ds_put_format(ds, "action%"PRId16, nl_attr_type(a));
odp-util: Improve formatting of bad ODP actions. nla_len is the size of a Netlink attribute including its header, but we only want to print the attribute payload, so use nl_attr_get_size() instead. Also, make it clear that what follows the "bad action" information is a dump of the action itself. Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 14:21:01 -08:00
if (len) {
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
const uint8_t *unspec;
unsigned int i;
unspec = nl_attr_get(a);
odp-util: Improve formatting of bad ODP actions. nla_len is the size of a Netlink attribute including its header, but we only want to print the attribute payload, so use nl_attr_get_size() instead. Also, make it clear that what follows the "bad action" information is a dump of the action itself. Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-23 14:21:01 -08:00
for (i = 0; i < len; i++) {
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
ds_put_char(ds, i ? ' ': '(');
ds_put_format(ds, "%02x", unspec[i]);
}
ds_put_char(ds, ')');
}
}
sFlow: Genericize/simplify kernel sFlow implementation Following patch adds sampling action which takes probability and set of actions as arguments. When probability is hit, actions are executed for given packet. USERSPACE action's userdata (u64) is used to store struct user_action_cookie as cookie. CONTROLLER action is fixed accordingly. Now we can remove sFlow code from kernel and implement sFlow generically as SAMPLE action. sFlow is defined as SAMPLE Action with probability (sFlow sampling rate) and USERSPACE action as argument. USERSPACE action's data is used as cookie. sFlow uses this cookie to store output-port, number of output ports and vlan-id. sample-pool is calculated by using vport stats. Signed-off-by: Pravin Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-28 10:43:07 -07:00
static void
format_odp_sample_action(struct ds *ds, const struct nlattr *attr)
{
static const struct nl_policy ovs_sample_policy[] = {
CodingStyle: Allow designated initializers. MSVC 2013 finally implements them, 14 years after they became part of C, so we can use them in generic code now. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Alex Wang <alexw@nicira.com>
2014-03-19 17:34:55 -07:00
[OVS_SAMPLE_ATTR_PROBABILITY] = { .type = NL_A_U32 },
[OVS_SAMPLE_ATTR_ACTIONS] = { .type = NL_A_NESTED }
sFlow: Genericize/simplify kernel sFlow implementation Following patch adds sampling action which takes probability and set of actions as arguments. When probability is hit, actions are executed for given packet. USERSPACE action's userdata (u64) is used to store struct user_action_cookie as cookie. CONTROLLER action is fixed accordingly. Now we can remove sFlow code from kernel and implement sFlow generically as SAMPLE action. sFlow is defined as SAMPLE Action with probability (sFlow sampling rate) and USERSPACE action as argument. USERSPACE action's data is used as cookie. sFlow uses this cookie to store output-port, number of output ports and vlan-id. sample-pool is calculated by using vport stats. Signed-off-by: Pravin Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-28 10:43:07 -07:00
};
struct nlattr *a[ARRAY_SIZE(ovs_sample_policy)];
double percentage;
const struct nlattr *nla_acts;
int len;
ds_put_cstr(ds, "sample");
odp-util: Use nl_parse_nested() to simplify format_odp_sample_action().
2011-10-04 12:58:25 -07:00
if (!nl_parse_nested(attr, ovs_sample_policy, a, ARRAY_SIZE(a))) {
sFlow: Genericize/simplify kernel sFlow implementation Following patch adds sampling action which takes probability and set of actions as arguments. When probability is hit, actions are executed for given packet. USERSPACE action's userdata (u64) is used to store struct user_action_cookie as cookie. CONTROLLER action is fixed accordingly. Now we can remove sFlow code from kernel and implement sFlow generically as SAMPLE action. sFlow is defined as SAMPLE Action with probability (sFlow sampling rate) and USERSPACE action as argument. USERSPACE action's data is used as cookie. sFlow uses this cookie to store output-port, number of output ports and vlan-id. sample-pool is calculated by using vport stats. Signed-off-by: Pravin Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-28 10:43:07 -07:00
ds_put_cstr(ds, "(error)");
return;
}
percentage = (100.0 * nl_attr_get_u32(a[OVS_SAMPLE_ATTR_PROBABILITY])) /
UINT32_MAX;
ds_put_format(ds, "(sample=%.1f%%,", percentage);
ds_put_cstr(ds, "actions(");
nla_acts = nl_attr_get(a[OVS_SAMPLE_ATTR_ACTIONS]);
len = nl_attr_get_size(a[OVS_SAMPLE_ATTR_ACTIONS]);
format_odp_actions(ds, nla_acts, len);
ds_put_format(ds, "))");
}
ofproto-dpif: Introduce "slow path" datapath flows. Most exact-match flows can be handled directly in the datapath, but for various reasons, some cannot: every packet in these flows must be sent separately to userspace. Until now, flows that cannot be handled entirely in the kernel have been allowed to miss each time in the datapath. This is generally OK, but it has a few disadvantages: * It can make troubleshooting at the level where one must look at datapath flows a bit confusing in some cases, because datapath misses due to genuinely new flows are mixed in with datapath misses for known flows that cannot be set up. * It means that the kernel-to-userspace packets for a given input port always go to a single kernel-to-userspace queue, even if we'd like to segregate out some of the packets for known flows. (An upcoming commit has examples.) This commit therefore introduces the concept of a "slow path" flow, one that is installed in the datapath with a single action that sends the flow's packets to userspace. To make troubleshooting easier, the action includes a reason code (displayed by "ovs-dpctl dump-flows") that explains why the flow has been slow-pathed. Bug #7550. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-04 14:52:36 -07:00
static const char *
odp-util: Make it possible to combine slow path reasons. It will soon be possible for a single flow to be slow pathed for multiple reasons. This commit makes it possible to indicate more than one reason to slow path a flow. This commit is logically a revert of commit 98f0520fb2 (odp-util: Make slow_path_reasons mutually exclusive.) but details have changed. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-09-20 12:54:51 -07:00
slow_path_reason_to_string(uint32_t reason)
ofproto-dpif: Introduce "slow path" datapath flows. Most exact-match flows can be handled directly in the datapath, but for various reasons, some cannot: every packet in these flows must be sent separately to userspace. Until now, flows that cannot be handled entirely in the kernel have been allowed to miss each time in the datapath. This is generally OK, but it has a few disadvantages: * It can make troubleshooting at the level where one must look at datapath flows a bit confusing in some cases, because datapath misses due to genuinely new flows are mixed in with datapath misses for known flows that cannot be set up. * It means that the kernel-to-userspace packets for a given input port always go to a single kernel-to-userspace queue, even if we'd like to segregate out some of the packets for known flows. (An upcoming commit has examples.) This commit therefore introduces the concept of a "slow path" flow, one that is installed in the datapath with a single action that sends the flow's packets to userspace. To make troubleshooting easier, the action includes a reason code (displayed by "ovs-dpctl dump-flows") that explains why the flow has been slow-pathed. Bug #7550. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-04 14:52:36 -07:00
{
odp-util: Make it possible to combine slow path reasons. It will soon be possible for a single flow to be slow pathed for multiple reasons. This commit makes it possible to indicate more than one reason to slow path a flow. This commit is logically a revert of commit 98f0520fb2 (odp-util: Make slow_path_reasons mutually exclusive.) but details have changed. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-09-20 12:54:51 -07:00
switch ((enum slow_path_reason) reason) {
#define SPR(ENUM, STRING, EXPLANATION) case ENUM: return STRING;
SLOW_PATH_REASONS
#undef SPR
ofproto-dpif: Introduce "slow path" datapath flows. Most exact-match flows can be handled directly in the datapath, but for various reasons, some cannot: every packet in these flows must be sent separately to userspace. Until now, flows that cannot be handled entirely in the kernel have been allowed to miss each time in the datapath. This is generally OK, but it has a few disadvantages: * It can make troubleshooting at the level where one must look at datapath flows a bit confusing in some cases, because datapath misses due to genuinely new flows are mixed in with datapath misses for known flows that cannot be set up. * It means that the kernel-to-userspace packets for a given input port always go to a single kernel-to-userspace queue, even if we'd like to segregate out some of the packets for known flows. (An upcoming commit has examples.) This commit therefore introduces the concept of a "slow path" flow, one that is installed in the datapath with a single action that sends the flow's packets to userspace. To make troubleshooting easier, the action includes a reason code (displayed by "ovs-dpctl dump-flows") that explains why the flow has been slow-pathed. Bug #7550. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-04 14:52:36 -07:00
}
odp-util: Make it possible to combine slow path reasons. It will soon be possible for a single flow to be slow pathed for multiple reasons. This commit makes it possible to indicate more than one reason to slow path a flow. This commit is logically a revert of commit 98f0520fb2 (odp-util: Make slow_path_reasons mutually exclusive.) but details have changed. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-09-20 12:54:51 -07:00
return NULL;
ofproto-dpif: Introduce "slow path" datapath flows. Most exact-match flows can be handled directly in the datapath, but for various reasons, some cannot: every packet in these flows must be sent separately to userspace. Until now, flows that cannot be handled entirely in the kernel have been allowed to miss each time in the datapath. This is generally OK, but it has a few disadvantages: * It can make troubleshooting at the level where one must look at datapath flows a bit confusing in some cases, because datapath misses due to genuinely new flows are mixed in with datapath misses for known flows that cannot be set up. * It means that the kernel-to-userspace packets for a given input port always go to a single kernel-to-userspace queue, even if we'd like to segregate out some of the packets for known flows. (An upcoming commit has examples.) This commit therefore introduces the concept of a "slow path" flow, one that is installed in the datapath with a single action that sends the flow's packets to userspace. To make troubleshooting easier, the action includes a reason code (displayed by "ovs-dpctl dump-flows") that explains why the flow has been slow-pathed. Bug #7550. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-04 14:52:36 -07:00
}
odp-util: Make it possible to combine slow path reasons. It will soon be possible for a single flow to be slow pathed for multiple reasons. This commit makes it possible to indicate more than one reason to slow path a flow. This commit is logically a revert of commit 98f0520fb2 (odp-util: Make slow_path_reasons mutually exclusive.) but details have changed. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-09-20 12:54:51 -07:00
const char *
slow_path_reason_to_explanation(enum slow_path_reason reason)
odp-util: Make slow_path_reasons mutually exclusive. It's no longer possible for a single datapath flow to be slow pathed for two different reasons. This patch updates the code to reflect this fact (marginally simplifying it). Signed-off-by: Ethan Jackson <ethan@nicira.com>
2013-05-28 11:43:43 -07:00
{
odp-util: Make it possible to combine slow path reasons. It will soon be possible for a single flow to be slow pathed for multiple reasons. This commit makes it possible to indicate more than one reason to slow path a flow. This commit is logically a revert of commit 98f0520fb2 (odp-util: Make slow_path_reasons mutually exclusive.) but details have changed. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-09-20 12:54:51 -07:00
switch (reason) {
#define SPR(ENUM, STRING, EXPLANATION) case ENUM: return EXPLANATION;
SLOW_PATH_REASONS
#undef SPR
odp-util: Make slow_path_reasons mutually exclusive. It's no longer possible for a single datapath flow to be slow pathed for two different reasons. This patch updates the code to reflect this fact (marginally simplifying it). Signed-off-by: Ethan Jackson <ethan@nicira.com>
2013-05-28 11:43:43 -07:00
}
odp-util: Make it possible to combine slow path reasons. It will soon be possible for a single flow to be slow pathed for multiple reasons. This commit makes it possible to indicate more than one reason to slow path a flow. This commit is logically a revert of commit 98f0520fb2 (odp-util: Make slow_path_reasons mutually exclusive.) but details have changed. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-09-20 12:54:51 -07:00
return "<unknown>";
odp-util: Make slow_path_reasons mutually exclusive. It's no longer possible for a single datapath flow to be slow pathed for two different reasons. This patch updates the code to reflect this fact (marginally simplifying it). Signed-off-by: Ethan Jackson <ethan@nicira.com>
2013-05-28 11:43:43 -07:00
}
odp-utils: Refactor slow_path_reason parse and format functions. These functions are used in next patch. Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-11-14 21:10:22 -08:00
static int
flow: Factor out flag parsing and formatting routines. There are several implementations of functions that parse/format flags and their binary representation. This factors them out into common routines. In addition to reducing code, it also makes things more consistent across different parts of OVS. Signed-off-by: Jesse Gross <jesse@nicira.com>
2015-07-11 20:48:29 -07:00
parse_odp_flags(const char *s, const char *(*bit_to_string)(uint32_t),
uint32_t *res_flags, uint32_t allowed, uint32_t *res_mask)
odp-utils: Refactor slow_path_reason parse and format functions. These functions are used in next patch. Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-11-14 21:10:22 -08:00
{
flow: Factor out flag parsing and formatting routines. There are several implementations of functions that parse/format flags and their binary representation. This factors them out into common routines. In addition to reducing code, it also makes things more consistent across different parts of OVS. Signed-off-by: Jesse Gross <jesse@nicira.com>
2015-07-11 20:48:29 -07:00
return parse_flags(s, bit_to_string, ')', NULL, NULL,
res_flags, allowed, res_mask);
ofproto-dpif: Introduce "slow path" datapath flows. Most exact-match flows can be handled directly in the datapath, but for various reasons, some cannot: every packet in these flows must be sent separately to userspace. Until now, flows that cannot be handled entirely in the kernel have been allowed to miss each time in the datapath. This is generally OK, but it has a few disadvantages: * It can make troubleshooting at the level where one must look at datapath flows a bit confusing in some cases, because datapath misses due to genuinely new flows are mixed in with datapath misses for known flows that cannot be set up. * It means that the kernel-to-userspace packets for a given input port always go to a single kernel-to-userspace queue, even if we'd like to segregate out some of the packets for known flows. (An upcoming commit has examples.) This commit therefore introduces the concept of a "slow path" flow, one that is installed in the datapath with a single action that sends the flow's packets to userspace. To make troubleshooting easier, the action includes a reason code (displayed by "ovs-dpctl dump-flows") that explains why the flow has been slow-pathed. Bug #7550. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-04 14:52:36 -07:00
}
datapath: Move Netlink PID for userspace actions from flows to actions. Commit b063d9f06 "datapath: Use unicast Netlink sockets for upcalls" that switched from multicast to unicast Netlink for sending upcalls added a Netlink PID to each kernel flow, used by OVS_ACTION_ATTR_USERSPACE actions within the flow as target. This commit drops this per-flow PID in favor of a per-action PID, because that is more flexible. It does not yet make use of this additional flexibility, so behavior should not change. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7559.
2011-10-12 16:24:54 -07:00
static void
format_odp_userspace_action(struct ds *ds, const struct nlattr *attr)
{
static const struct nl_policy ovs_userspace_policy[] = {
CodingStyle: Allow designated initializers. MSVC 2013 finally implements them, 14 years after they became part of C, so we can use them in generic code now. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Alex Wang <alexw@nicira.com>
2014-03-19 17:34:55 -07:00
[OVS_USERSPACE_ATTR_PID] = { .type = NL_A_U32 },
[OVS_USERSPACE_ATTR_USERDATA] = { .type = NL_A_UNSPEC,
.optional = true },
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
[OVS_USERSPACE_ATTR_EGRESS_TUN_PORT] = { .type = NL_A_U32,
.optional = true },
Extend sFlow agent to report tunnel and MPLS structures Packets are still sampled at ingress only, so the egress tunnel and/or MPLS structures are only included when there is just 1 output port. The actions are either provided by the datapath in the sample upcall or looked up in the userspace cache. The former is preferred because it is more reliable and does not present any new demands or constraints on the userspace cache, however the code falls back on the userspace lookup so that this solution can work with existing kernel datapath modules. If the lookup fails it is not critical: the compiled user-action-cookie is still available and provides the essential output port and output VLAN forwarding information just as before. The openvswitch actions can express almost any tunneling/mangling so the only totally faithful representation would be to somehow encode the whole list of flow actions in the sFlow output. However the standard sFlow tunnel structures can express most common real-world scenarios, so in parsing the actions we look for those and skip the encoding if we see anything unusual. For example, a single set(tunnel()) or tnl_push() is interpreted, but if a second such action is encountered then the egress tunnel reporting is suppressed. The sFlow standard allows "best effort" encoding so that if a field is not knowable or too onerous to look up then it can be left out. This is often the case for the layer-4 source port or even the src ip address of a tunnel. The assumption is that monitoring is enabled everywhere so a missing field can typically be seen at ingress to the next switch in the path. This patch also adds unit tests to check the sFlow encoding of set(tunnel()), tnl_push() and push_mpls() actions. The netlink attribute to request that actions be included in the upcall from the datapath is inserted for sFlow sampling only. To make that option be explicit would require further changes to the printing and parsing of actions in lib/odp-util.c, and to scripts in the test suite. Further enhancements to report on 802.1AD QinQ, 64-bit tunnel IDs, and NAT transformations can follow in future patches that make only incremental changes. Signed-off-by: Neil McKee <neil.mckee@inmon.com> [blp@nicira.com made stylistic and semantic changes] Signed-off-by: Ben Pfaff <blp@nicira.com>
2015-07-17 21:37:02 -07:00
[OVS_USERSPACE_ATTR_ACTIONS] = { .type = NL_A_UNSPEC,
.optional = true },
datapath: Move Netlink PID for userspace actions from flows to actions. Commit b063d9f06 "datapath: Use unicast Netlink sockets for upcalls" that switched from multicast to unicast Netlink for sending upcalls added a Netlink PID to each kernel flow, used by OVS_ACTION_ATTR_USERSPACE actions within the flow as target. This commit drops this per-flow PID in favor of a per-action PID, because that is more flexible. It does not yet make use of this additional flexibility, so behavior should not change. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7559.
2011-10-12 16:24:54 -07:00
};
struct nlattr *a[ARRAY_SIZE(ovs_userspace_policy)];
Allow OVS_USERSPACE_ATTR_USERDATA to be variable length. Until now, the optional OVS_USERSPACE_ATTR_USERDATA attribute had to be exactly 64 bits long, if it was present. However, 64 bits is not enough space to associate as much information with a flow as would be convenient for some userspace features now under development. This commit generalizes the attribute, allowing it to be any length. This generalization is backward-compatible: if userspace only uses 64-bit attributes, then it will not see any change in behavior. CC: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-02-15 16:48:32 -08:00
const struct nlattr *userdata_attr;
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
const struct nlattr *tunnel_out_port_attr;
datapath: Move Netlink PID for userspace actions from flows to actions. Commit b063d9f06 "datapath: Use unicast Netlink sockets for upcalls" that switched from multicast to unicast Netlink for sending upcalls added a Netlink PID to each kernel flow, used by OVS_ACTION_ATTR_USERSPACE actions within the flow as target. This commit drops this per-flow PID in favor of a per-action PID, because that is more flexible. It does not yet make use of this additional flexibility, so behavior should not change. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7559.
2011-10-12 16:24:54 -07:00
if (!nl_parse_nested(attr, ovs_userspace_policy, a, ARRAY_SIZE(a))) {
ds_put_cstr(ds, "userspace(error)");
return;
}
ds_put_format(ds, "userspace(pid=%"PRIu32,
nl_attr_get_u32(a[OVS_USERSPACE_ATTR_PID]));
Allow OVS_USERSPACE_ATTR_USERDATA to be variable length. Until now, the optional OVS_USERSPACE_ATTR_USERDATA attribute had to be exactly 64 bits long, if it was present. However, 64 bits is not enough space to associate as much information with a flow as would be convenient for some userspace features now under development. This commit generalizes the attribute, allowing it to be any length. This generalization is backward-compatible: if userspace only uses 64-bit attributes, then it will not see any change in behavior. CC: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-02-15 16:48:32 -08:00
userdata_attr = a[OVS_USERSPACE_ATTR_USERDATA];
Implement IPFIX export Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated into a new SAMPLE "flow_sample" dp action. Make the userspace action's userdata size vary depending on the union member used. Add a new "flow_sample" upcall to do per-flow packet sampling. Add a new "ipfix" upcall to do per-bridge packet sampling to IPFIX collectors. Extend the OVSDB schema to support configuring IPFIX collector sets. Add support for configuring multiple IPFIX collectors for per-flow packet sampling. Add support for configuring per-bridge IPFIX sampling. Automatically generate standard IPFIX entity definitions from the IANA specs. Send one IPFIX data record message for every packet sampled by an OpenFlow sample action or received by a bridge configured with IPFIX sampling, and periodically send IPFIX template set messages. Signed-off-by: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-04-22 10:01:14 -07:00
if (userdata_attr) {
const uint8_t *userdata = nl_attr_get(userdata_attr);
size_t userdata_len = nl_attr_get_size(userdata_attr);
bool userdata_unspec = true;
odp-util: Change user_action_cookie from struct to union. An upcoming commit will introduce a new type and a new use for the additional members. It seems cleanest to use a union, rather that using the existing members multiple ways. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-04 14:56:40 -07:00
union user_action_cookie cookie;
datapath: Move Netlink PID for userspace actions from flows to actions. Commit b063d9f06 "datapath: Use unicast Netlink sockets for upcalls" that switched from multicast to unicast Netlink for sending upcalls added a Netlink PID to each kernel flow, used by OVS_ACTION_ATTR_USERSPACE actions within the flow as target. This commit drops this per-flow PID in favor of a per-action PID, because that is more flexible. It does not yet make use of this additional flexibility, so behavior should not change. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7559.
2011-10-12 16:24:54 -07:00
Implement IPFIX export Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated into a new SAMPLE "flow_sample" dp action. Make the userspace action's userdata size vary depending on the union member used. Add a new "flow_sample" upcall to do per-flow packet sampling. Add a new "ipfix" upcall to do per-bridge packet sampling to IPFIX collectors. Extend the OVSDB schema to support configuring IPFIX collector sets. Add support for configuring multiple IPFIX collectors for per-flow packet sampling. Add support for configuring per-bridge IPFIX sampling. Automatically generate standard IPFIX entity definitions from the IANA specs. Send one IPFIX data record message for every packet sampled by an OpenFlow sample action or received by a bridge configured with IPFIX sampling, and periodically send IPFIX template set messages. Signed-off-by: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-04-22 10:01:14 -07:00
if (userdata_len >= sizeof cookie.type
&& userdata_len <= sizeof cookie) {
memset(&cookie, 0, sizeof cookie);
memcpy(&cookie, userdata, userdata_len);
userdata_unspec = false;
if (userdata_len == sizeof cookie.sflow
&& cookie.type == USER_ACTION_COOKIE_SFLOW) {
ds_put_format(ds, ",sFlow("
"vid=%"PRIu16",pcp=%"PRIu8",output=%"PRIu32")",
vlan_tci_to_vid(cookie.sflow.vlan_tci),
vlan_tci_to_pcp(cookie.sflow.vlan_tci),
cookie.sflow.output);
} else if (userdata_len == sizeof cookie.slow_path
&& cookie.type == USER_ACTION_COOKIE_SLOW_PATH) {
odp-util: Make it possible to combine slow path reasons. It will soon be possible for a single flow to be slow pathed for multiple reasons. This commit makes it possible to indicate more than one reason to slow path a flow. This commit is logically a revert of commit 98f0520fb2 (odp-util: Make slow_path_reasons mutually exclusive.) but details have changed. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-09-20 12:54:51 -07:00
ds_put_cstr(ds, ",slow_path(");
format_flags(ds, slow_path_reason_to_string,
cookie.slow_path.reason, ',');
ds_put_format(ds, ")");
Implement IPFIX export Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated into a new SAMPLE "flow_sample" dp action. Make the userspace action's userdata size vary depending on the union member used. Add a new "flow_sample" upcall to do per-flow packet sampling. Add a new "ipfix" upcall to do per-bridge packet sampling to IPFIX collectors. Extend the OVSDB schema to support configuring IPFIX collector sets. Add support for configuring multiple IPFIX collectors for per-flow packet sampling. Add support for configuring per-bridge IPFIX sampling. Automatically generate standard IPFIX entity definitions from the IANA specs. Send one IPFIX data record message for every packet sampled by an OpenFlow sample action or received by a bridge configured with IPFIX sampling, and periodically send IPFIX template set messages. Signed-off-by: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-04-22 10:01:14 -07:00
} else if (userdata_len == sizeof cookie.flow_sample
&& cookie.type == USER_ACTION_COOKIE_FLOW_SAMPLE) {
ds_put_format(ds, ",flow_sample(probability=%"PRIu16
",collector_set_id=%"PRIu32
",obs_domain_id=%"PRIu32
",obs_point_id=%"PRIu32")",
cookie.flow_sample.probability,
cookie.flow_sample.collector_set_id,
cookie.flow_sample.obs_domain_id,
cookie.flow_sample.obs_point_id);
odp-util: Fix formatting of ipfix action cookies, to fix a testsuite failure Problem introduced by previous commit 96ed775f19 (odp-util: Fix IPFIX breakage with old kernel modules.) Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-11-11 13:32:23 -08:00
} else if (userdata_len >= sizeof cookie.ipfix
Implement IPFIX export Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated into a new SAMPLE "flow_sample" dp action. Make the userspace action's userdata size vary depending on the union member used. Add a new "flow_sample" upcall to do per-flow packet sampling. Add a new "ipfix" upcall to do per-bridge packet sampling to IPFIX collectors. Extend the OVSDB schema to support configuring IPFIX collector sets. Add support for configuring multiple IPFIX collectors for per-flow packet sampling. Add support for configuring per-bridge IPFIX sampling. Automatically generate standard IPFIX entity definitions from the IANA specs. Send one IPFIX data record message for every packet sampled by an OpenFlow sample action or received by a bridge configured with IPFIX sampling, and periodically send IPFIX template set messages. Signed-off-by: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-04-22 10:01:14 -07:00
&& cookie.type == USER_ACTION_COOKIE_IPFIX) {
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
ds_put_format(ds, ",ipfix(output_port=%"PRIu32")",
cookie.ipfix.output_odp_port);
Implement IPFIX export Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated into a new SAMPLE "flow_sample" dp action. Make the userspace action's userdata size vary depending on the union member used. Add a new "flow_sample" upcall to do per-flow packet sampling. Add a new "ipfix" upcall to do per-bridge packet sampling to IPFIX collectors. Extend the OVSDB schema to support configuring IPFIX collector sets. Add support for configuring multiple IPFIX collectors for per-flow packet sampling. Add support for configuring per-bridge IPFIX sampling. Automatically generate standard IPFIX entity definitions from the IANA specs. Send one IPFIX data record message for every packet sampled by an OpenFlow sample action or received by a bridge configured with IPFIX sampling, and periodically send IPFIX template set messages. Signed-off-by: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-04-22 10:01:14 -07:00
} else {
userdata_unspec = true;
}
datapath: Move Netlink PID for userspace actions from flows to actions. Commit b063d9f06 "datapath: Use unicast Netlink sockets for upcalls" that switched from multicast to unicast Netlink for sending upcalls added a Netlink PID to each kernel flow, used by OVS_ACTION_ATTR_USERSPACE actions within the flow as target. This commit drops this per-flow PID in favor of a per-action PID, because that is more flexible. It does not yet make use of this additional flexibility, so behavior should not change. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7559.
2011-10-12 16:24:54 -07:00
}
Allow OVS_USERSPACE_ATTR_USERDATA to be variable length. Until now, the optional OVS_USERSPACE_ATTR_USERDATA attribute had to be exactly 64 bits long, if it was present. However, 64 bits is not enough space to associate as much information with a flow as would be convenient for some userspace features now under development. This commit generalizes the attribute, allowing it to be any length. This generalization is backward-compatible: if userspace only uses 64-bit attributes, then it will not see any change in behavior. CC: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-02-15 16:48:32 -08:00
Implement IPFIX export Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated into a new SAMPLE "flow_sample" dp action. Make the userspace action's userdata size vary depending on the union member used. Add a new "flow_sample" upcall to do per-flow packet sampling. Add a new "ipfix" upcall to do per-bridge packet sampling to IPFIX collectors. Extend the OVSDB schema to support configuring IPFIX collector sets. Add support for configuring multiple IPFIX collectors for per-flow packet sampling. Add support for configuring per-bridge IPFIX sampling. Automatically generate standard IPFIX entity definitions from the IANA specs. Send one IPFIX data record message for every packet sampled by an OpenFlow sample action or received by a bridge configured with IPFIX sampling, and periodically send IPFIX template set messages. Signed-off-by: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-04-22 10:01:14 -07:00
if (userdata_unspec) {
size_t i;
ds_put_format(ds, ",userdata(");
for (i = 0; i < userdata_len; i++) {
ds_put_format(ds, "%02x", userdata[i]);
}
ds_put_char(ds, ')');
Allow OVS_USERSPACE_ATTR_USERDATA to be variable length. Until now, the optional OVS_USERSPACE_ATTR_USERDATA attribute had to be exactly 64 bits long, if it was present. However, 64 bits is not enough space to associate as much information with a flow as would be convenient for some userspace features now under development. This commit generalizes the attribute, allowing it to be any length. This generalization is backward-compatible: if userspace only uses 64-bit attributes, then it will not see any change in behavior. CC: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-02-15 16:48:32 -08:00
}
datapath: Move Netlink PID for userspace actions from flows to actions. Commit b063d9f06 "datapath: Use unicast Netlink sockets for upcalls" that switched from multicast to unicast Netlink for sending upcalls added a Netlink PID to each kernel flow, used by OVS_ACTION_ATTR_USERSPACE actions within the flow as target. This commit drops this per-flow PID in favor of a per-action PID, because that is more flexible. It does not yet make use of this additional flexibility, so behavior should not change. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7559.
2011-10-12 16:24:54 -07:00
}
Extend sFlow agent to report tunnel and MPLS structures Packets are still sampled at ingress only, so the egress tunnel and/or MPLS structures are only included when there is just 1 output port. The actions are either provided by the datapath in the sample upcall or looked up in the userspace cache. The former is preferred because it is more reliable and does not present any new demands or constraints on the userspace cache, however the code falls back on the userspace lookup so that this solution can work with existing kernel datapath modules. If the lookup fails it is not critical: the compiled user-action-cookie is still available and provides the essential output port and output VLAN forwarding information just as before. The openvswitch actions can express almost any tunneling/mangling so the only totally faithful representation would be to somehow encode the whole list of flow actions in the sFlow output. However the standard sFlow tunnel structures can express most common real-world scenarios, so in parsing the actions we look for those and skip the encoding if we see anything unusual. For example, a single set(tunnel()) or tnl_push() is interpreted, but if a second such action is encountered then the egress tunnel reporting is suppressed. The sFlow standard allows "best effort" encoding so that if a field is not knowable or too onerous to look up then it can be left out. This is often the case for the layer-4 source port or even the src ip address of a tunnel. The assumption is that monitoring is enabled everywhere so a missing field can typically be seen at ingress to the next switch in the path. This patch also adds unit tests to check the sFlow encoding of set(tunnel()), tnl_push() and push_mpls() actions. The netlink attribute to request that actions be included in the upcall from the datapath is inserted for sFlow sampling only. To make that option be explicit would require further changes to the printing and parsing of actions in lib/odp-util.c, and to scripts in the test suite. Further enhancements to report on 802.1AD QinQ, 64-bit tunnel IDs, and NAT transformations can follow in future patches that make only incremental changes. Signed-off-by: Neil McKee <neil.mckee@inmon.com> [blp@nicira.com made stylistic and semantic changes] Signed-off-by: Ben Pfaff <blp@nicira.com>
2015-07-17 21:37:02 -07:00
if (a[OVS_USERSPACE_ATTR_ACTIONS]) {
ds_put_cstr(ds, ",actions");
}
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
tunnel_out_port_attr = a[OVS_USERSPACE_ATTR_EGRESS_TUN_PORT];
if (tunnel_out_port_attr) {
ds_put_format(ds, ",tunnel_out_port=%"PRIu32,
nl_attr_get_u32(tunnel_out_port_attr));
}
datapath: Move Netlink PID for userspace actions from flows to actions. Commit b063d9f06 "datapath: Use unicast Netlink sockets for upcalls" that switched from multicast to unicast Netlink for sending upcalls added a Netlink PID to each kernel flow, used by OVS_ACTION_ATTR_USERSPACE actions within the flow as target. This commit drops this per-flow PID in favor of a per-action PID, because that is more flexible. It does not yet make use of this additional flexibility, so behavior should not change. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7559.
2011-10-12 16:24:54 -07:00
ds_put_char(ds, ')');
}
datapath: Don't drop packets with partial vlan tags. In the future it is likely that our vlan support will expand to include multiply tagged packets. When this happens, we would ideally like for it to be consistent with our current tagging. Currently, if we receive a packet with a partial VLAN tag we will automatically drop it in the kernel, which is unique among the protocols we support. The only other reason to drop a packet is a memory allocation error. For a doubly tagged packet, we will parse the first tag and indicate that another tag was present but do not drop if the second tag is incorrect as we do not parse it. This changes the behavior of the vlan parser to match other protocols and also deeper tags by indicating the presence of a broken tag with the 802.1Q EtherType but no vlan information. This shifts the policy decision to userspace on whether to drop broken tags and allows us to uniformly add new levels of tag parsing. Although additional levels of control are provided to userspace, this maintains the current behavior of dropping packets with a broken tag when using the NORMAL action because that is the correct behavior for an 802.1Q-aware switch. The userspace flow parser actually already had the new behavior so this corrects an inconsistency. Reported-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 17:19:41 -08:00
static void
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
format_vlan_tci(struct ds *ds, ovs_be16 tci, ovs_be16 mask, bool verbose)
datapath: Don't drop packets with partial vlan tags. In the future it is likely that our vlan support will expand to include multiply tagged packets. When this happens, we would ideally like for it to be consistent with our current tagging. Currently, if we receive a packet with a partial VLAN tag we will automatically drop it in the kernel, which is unique among the protocols we support. The only other reason to drop a packet is a memory allocation error. For a doubly tagged packet, we will parse the first tag and indicate that another tag was present but do not drop if the second tag is incorrect as we do not parse it. This changes the behavior of the vlan parser to match other protocols and also deeper tags by indicating the presence of a broken tag with the 802.1Q EtherType but no vlan information. This shifts the policy decision to userspace on whether to drop broken tags and allows us to uniformly add new levels of tag parsing. Although additional levels of control are provided to userspace, this maintains the current behavior of dropping packets with a broken tag when using the NORMAL action because that is the correct behavior for an 802.1Q-aware switch. The userspace flow parser actually already had the new behavior so this corrects an inconsistency. Reported-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 17:19:41 -08:00
{
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (verbose || vlan_tci_to_vid(tci) || vlan_tci_to_vid(mask)) {
ds_put_format(ds, "vid=%"PRIu16, vlan_tci_to_vid(tci));
if (vlan_tci_to_vid(mask) != VLAN_VID_MASK) { /* Partially masked. */
ds_put_format(ds, "/0x%"PRIx16, vlan_tci_to_vid(mask));
};
ds_put_char(ds, ',');
}
if (verbose || vlan_tci_to_pcp(tci) || vlan_tci_to_pcp(mask)) {
ds_put_format(ds, "pcp=%d", vlan_tci_to_pcp(tci));
if (vlan_tci_to_pcp(mask) != (VLAN_PCP_MASK >> VLAN_PCP_SHIFT)) {
ds_put_format(ds, "/0x%x", vlan_tci_to_pcp(mask));
}
ds_put_char(ds, ',');
}
if (!(tci & htons(VLAN_CFI))) {
ds_put_cstr(ds, "cfi=0");
ds_put_char(ds, ',');
datapath: Don't drop packets with partial vlan tags. In the future it is likely that our vlan support will expand to include multiply tagged packets. When this happens, we would ideally like for it to be consistent with our current tagging. Currently, if we receive a packet with a partial VLAN tag we will automatically drop it in the kernel, which is unique among the protocols we support. The only other reason to drop a packet is a memory allocation error. For a doubly tagged packet, we will parse the first tag and indicate that another tag was present but do not drop if the second tag is incorrect as we do not parse it. This changes the behavior of the vlan parser to match other protocols and also deeper tags by indicating the presence of a broken tag with the 802.1Q EtherType but no vlan information. This shifts the policy decision to userspace on whether to drop broken tags and allows us to uniformly add new levels of tag parsing. Although additional levels of control are provided to userspace, this maintains the current behavior of dropping packets with a broken tag when using the NORMAL action because that is the correct behavior for an 802.1Q-aware switch. The userspace flow parser actually already had the new behavior so this corrects an inconsistency. Reported-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 17:19:41 -08:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
ds_chomp(ds, ',');
datapath: Don't drop packets with partial vlan tags. In the future it is likely that our vlan support will expand to include multiply tagged packets. When this happens, we would ideally like for it to be consistent with our current tagging. Currently, if we receive a packet with a partial VLAN tag we will automatically drop it in the kernel, which is unique among the protocols we support. The only other reason to drop a packet is a memory allocation error. For a doubly tagged packet, we will parse the first tag and indicate that another tag was present but do not drop if the second tag is incorrect as we do not parse it. This changes the behavior of the vlan parser to match other protocols and also deeper tags by indicating the presence of a broken tag with the 802.1Q EtherType but no vlan information. This shifts the policy decision to userspace on whether to drop broken tags and allows us to uniformly add new levels of tag parsing. Although additional levels of control are provided to userspace, this maintains the current behavior of dropping packets with a broken tag when using the NORMAL action because that is the correct behavior for an 802.1Q-aware switch. The userspace flow parser actually already had the new behavior so this corrects an inconsistency. Reported-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 17:19:41 -08:00
}
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
static void
format_mpls_lse(struct ds *ds, ovs_be32 mpls_lse)
{
ds_put_format(ds, "label=%"PRIu32",tc=%d,ttl=%d,bos=%d",
mpls_lse_to_label(mpls_lse),
mpls_lse_to_tc(mpls_lse),
mpls_lse_to_ttl(mpls_lse),
mpls_lse_to_bos(mpls_lse));
}
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
static void
format_mpls(struct ds *ds, const struct ovs_key_mpls *mpls_key,
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
const struct ovs_key_mpls *mpls_mask, int n)
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
{
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
if (n == 1) {
ovs_be32 key = mpls_key->mpls_lse;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
if (mpls_mask == NULL) {
format_mpls_lse(ds, key);
} else {
ovs_be32 mask = mpls_mask->mpls_lse;
ds_put_format(ds, "label=%"PRIu32"/0x%x,tc=%d/%x,ttl=%d/0x%x,bos=%d/%x",
mpls_lse_to_label(key), mpls_lse_to_label(mask),
mpls_lse_to_tc(key), mpls_lse_to_tc(mask),
mpls_lse_to_ttl(key), mpls_lse_to_ttl(mask),
mpls_lse_to_bos(key), mpls_lse_to_bos(mask));
}
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
} else {
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
int i;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
for (i = 0; i < n; i++) {
ds_put_format(ds, "lse%d=%#"PRIx32,
i, ntohl(mpls_key[i].mpls_lse));
if (mpls_mask) {
ds_put_format(ds, "/%#"PRIx32, ntohl(mpls_mask[i].mpls_lse));
}
ds_put_char(ds, ',');
}
ds_chomp(ds, ',');
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
}
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
static void
dpif-netdev: Move hash function out of the recirc action, into its own action Currently recirculation action can optionally compute hash. This patch adds a hash action that is independent of the recirc action, which no longer computes hash. For megaflow bond with recirc, the output to a bond port action will look like: hash(hash_l4(0)), recirc(<recirc_id>) Obviously, when a recirculation application that does not depend on hash value can just use the recirc action alone. Signed-off-by: Andy Zhou <azhou@nicira.com> Reviewed-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp> Acked-by: Pravin B Shelar <pshelar@nicira.com
2014-04-08 18:42:39 -07:00
format_odp_recirc_action(struct ds *ds, uint32_t recirc_id)
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
{
odp-util: always output recirc_id in hex The match is in hex, this makes it more consistent. Signed-off-by: Joe Stringer <joestringer@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com>
2015-05-20 13:46:01 -07:00
ds_put_format(ds, "recirc(%#"PRIx32")", recirc_id);
dpif-netdev: Move hash function out of the recirc action, into its own action Currently recirculation action can optionally compute hash. This patch adds a hash action that is independent of the recirc action, which no longer computes hash. For megaflow bond with recirc, the output to a bond port action will look like: hash(hash_l4(0)), recirc(<recirc_id>) Obviously, when a recirculation application that does not depend on hash value can just use the recirc action alone. Signed-off-by: Andy Zhou <azhou@nicira.com> Reviewed-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp> Acked-by: Pravin B Shelar <pshelar@nicira.com
2014-04-08 18:42:39 -07:00
}
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
dpif-netdev: Move hash function out of the recirc action, into its own action Currently recirculation action can optionally compute hash. This patch adds a hash action that is independent of the recirc action, which no longer computes hash. For megaflow bond with recirc, the output to a bond port action will look like: hash(hash_l4(0)), recirc(<recirc_id>) Obviously, when a recirculation application that does not depend on hash value can just use the recirc action alone. Signed-off-by: Andy Zhou <azhou@nicira.com> Reviewed-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp> Acked-by: Pravin B Shelar <pshelar@nicira.com
2014-04-08 18:42:39 -07:00
static void
format_odp_hash_action(struct ds *ds, const struct ovs_action_hash *hash_act)
{
ds_put_format(ds, "hash(");
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
dpif-netdev: Move hash function out of the recirc action, into its own action Currently recirculation action can optionally compute hash. This patch adds a hash action that is independent of the recirc action, which no longer computes hash. For megaflow bond with recirc, the output to a bond port action will look like: hash(hash_l4(0)), recirc(<recirc_id>) Obviously, when a recirculation application that does not depend on hash value can just use the recirc action alone. Signed-off-by: Andy Zhou <azhou@nicira.com> Reviewed-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp> Acked-by: Pravin B Shelar <pshelar@nicira.com
2014-04-08 18:42:39 -07:00
if (hash_act->hash_alg == OVS_HASH_ALG_L4) {
openvswitch.h: rename hash action definition Rename hash_bias to hash_basis to make it consistent with similar usages. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2014-04-17 20:06:58 -07:00
ds_put_format(ds, "hash_l4(%"PRIu32")", hash_act->hash_basis);
dpif-netdev: Move hash function out of the recirc action, into its own action Currently recirculation action can optionally compute hash. This patch adds a hash action that is independent of the recirc action, which no longer computes hash. For megaflow bond with recirc, the output to a bond port action will look like: hash(hash_l4(0)), recirc(<recirc_id>) Obviously, when a recirculation application that does not depend on hash value can just use the recirc action alone. Signed-off-by: Andy Zhou <azhou@nicira.com> Reviewed-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp> Acked-by: Pravin B Shelar <pshelar@nicira.com
2014-04-08 18:42:39 -07:00
} else {
ds_put_format(ds, "Unknown hash algorithm(%"PRIu32")",
hash_act->hash_alg);
}
ds_put_format(ds, ")");
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
}
tunneling: Factor out common UDP tunnel code. Currently, the userspace VXLAN implementation contains the code for generating and parsing both the UDP and VXLAN headers. This pulls out the UDP portion for better layering and to make it easier to support additional UDP based tunnels and features. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 12:07:02 -07:00
static const void *
format_udp_tnl_push_header(struct ds *ds, const struct ip_header *ip)
{
const struct udp_header *udp;
udp = (const struct udp_header *) (ip + 1);
tunneling: Add UDP checksum support for userspace tunnels. Kernel based OVS recently added the ability to support checksums for UDP based tunnels (Geneve and VXLAN). This adds similar support for the userspace datapath to bring feature parity. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 14:27:19 -07:00
ds_put_format(ds, "udp(src=%"PRIu16",dst=%"PRIu16",csum=0x%"PRIx16"),",
ntohs(udp->udp_src), ntohs(udp->udp_dst),
ntohs(udp->udp_csum));
tunneling: Factor out common UDP tunnel code. Currently, the userspace VXLAN implementation contains the code for generating and parsing both the UDP and VXLAN headers. This pulls out the UDP portion for better layering and to make it easier to support additional UDP based tunnels and features. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 12:07:02 -07:00
return udp + 1;
}
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
static void
format_odp_tnl_push_header(struct ds *ds, struct ovs_action_push_tnl *data)
{
const struct eth_header *eth;
const struct ip_header *ip;
const void *l3;
eth = (const struct eth_header *)data->header;
l3 = eth + 1;
ip = (const struct ip_header *)l3;
/* Ethernet */
ds_put_format(ds, "header(size=%"PRIu8",type=%"PRIu8",eth(dst=",
data->header_len, data->tnl_type);
ds_put_format(ds, ETH_ADDR_FMT, ETH_ADDR_ARGS(eth->eth_dst));
ds_put_format(ds, ",src=");
ds_put_format(ds, ETH_ADDR_FMT, ETH_ADDR_ARGS(eth->eth_src));
ds_put_format(ds, ",dl_type=0x%04"PRIx16"),", ntohs(eth->eth_type));
/* IPv4 */
ds_put_format(ds, "ipv4(src="IP_FMT",dst="IP_FMT",proto=%"PRIu8
",tos=%#"PRIx8",ttl=%"PRIu8",frag=0x%"PRIx16"),",
IP_ARGS(get_16aligned_be32(&ip->ip_src)),
IP_ARGS(get_16aligned_be32(&ip->ip_dst)),
ip->ip_proto, ip->ip_tos,
ip->ip_ttl,
ip->ip_frag_off);
if (data->tnl_type == OVS_VPORT_TYPE_VXLAN) {
const struct vxlanhdr *vxh;
tunneling: Factor out common UDP tunnel code. Currently, the userspace VXLAN implementation contains the code for generating and parsing both the UDP and VXLAN headers. This pulls out the UDP portion for better layering and to make it easier to support additional UDP based tunnels and features. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 12:07:02 -07:00
vxh = format_udp_tnl_push_header(ds, ip);
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
ds_put_format(ds, "vxlan(flags=0x%"PRIx32",vni=0x%"PRIx32")",
ntohl(get_16aligned_be32(&vxh->vx_flags)),
odp-util: Shift VXLAN VNI when printing/parsing. Currently when printing a userspace tunnel action for VXLAN, the VNI is treated as a 32 bit field rather than 24 bit. Even if this is the representation that we use internally, we should still show the right VNI to avoid confusing people. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pritesh Kothari <pritesh.kothari@cisco.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-27 17:51:35 -07:00
ntohl(get_16aligned_be32(&vxh->vx_vni)) >> 8);
tunneling: Add userspace tunnel support for Geneve. This adds basic userspace dataplane support for the Geneve tunneling protocol. The rest of userspace only has the ability to handle Geneve without options and this follows that pattern for the time being. However, when the rest of userspace is updated it should be easy to extend the dataplane as well. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 13:51:06 -07:00
} else if (data->tnl_type == OVS_VPORT_TYPE_GENEVE) {
const struct genevehdr *gnh;
gnh = format_udp_tnl_push_header(ds, ip);
tunneling: Userspace datapath support for Geneve options. Currently the userspace datapath only supports Geneve in a basic mode - without options - since the rest of userspace previously didn't support options either. This enables the userspace datapath to send and receive options as well. The receive path for extracting the tunnel options isn't entirely optimal because it does a lookup on the options on a per-packet basis, rather than per-flow like the kernel does. This is not as straightforward to do in the userspace datapath since there is no translation step between packet formats used in packet vs. flow lookup. This can be optimized in the future and in the meantime option support is still useful for testing and simulation. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-22 14:23:37 -07:00
ds_put_format(ds, "geneve(%s%svni=0x%"PRIx32,
tunneling: Add userspace tunnel support for Geneve. This adds basic userspace dataplane support for the Geneve tunneling protocol. The rest of userspace only has the ability to handle Geneve without options and this follows that pattern for the time being. However, when the rest of userspace is updated it should be easy to extend the dataplane as well. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 13:51:06 -07:00
gnh->oam ? "oam," : "",
tunneling: Userspace datapath support for Geneve options. Currently the userspace datapath only supports Geneve in a basic mode - without options - since the rest of userspace previously didn't support options either. This enables the userspace datapath to send and receive options as well. The receive path for extracting the tunnel options isn't entirely optimal because it does a lookup on the options on a per-packet basis, rather than per-flow like the kernel does. This is not as straightforward to do in the userspace datapath since there is no translation step between packet formats used in packet vs. flow lookup. This can be optimized in the future and in the meantime option support is still useful for testing and simulation. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-22 14:23:37 -07:00
gnh->critical ? "crit," : "",
tunneling: Add userspace tunnel support for Geneve. This adds basic userspace dataplane support for the Geneve tunneling protocol. The rest of userspace only has the ability to handle Geneve without options and this follows that pattern for the time being. However, when the rest of userspace is updated it should be easy to extend the dataplane as well. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 13:51:06 -07:00
ntohl(get_16aligned_be32(&gnh->vni)) >> 8);
tunneling: Userspace datapath support for Geneve options. Currently the userspace datapath only supports Geneve in a basic mode - without options - since the rest of userspace previously didn't support options either. This enables the userspace datapath to send and receive options as well. The receive path for extracting the tunnel options isn't entirely optimal because it does a lookup on the options on a per-packet basis, rather than per-flow like the kernel does. This is not as straightforward to do in the userspace datapath since there is no translation step between packet formats used in packet vs. flow lookup. This can be optimized in the future and in the meantime option support is still useful for testing and simulation. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-22 14:23:37 -07:00
if (gnh->opt_len) {
ds_put_cstr(ds, ",options(");
format_geneve_opts(gnh->options, NULL, gnh->opt_len * 4,
ds, false);
ds_put_char(ds, ')');
}
ds_put_char(ds, ')');
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
} else if (data->tnl_type == OVS_VPORT_TYPE_GRE) {
const struct gre_base_hdr *greh;
ovs_16aligned_be32 *options;
void *l4;
l4 = ((uint8_t *)l3 + sizeof(struct ip_header));
greh = (const struct gre_base_hdr *) l4;
ds_put_format(ds, "gre((flags=0x%"PRIx16",proto=0x%"PRIx16")",
tests: gre: fix flags endianness The flags field is 16 bits so use network byte order in the test case and use the proper conversion methods when parsing and dumping. Signed-off-by: Flavio Leitner <fbl@redhat.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
2015-04-10 11:08:10 -03:00
ntohs(greh->flags), ntohs(greh->protocol));
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
options = (ovs_16aligned_be32 *)(greh + 1);
if (greh->flags & htons(GRE_CSUM)) {
tunneling: Fix location of GRE checksums. The GRE checksum is a 16 bit field stored in a 32 bit option (the rest is reserved). The current code treats the checksum as a 32-bit field and places it in the right place for little endian systems but not big endian. This fixes the problem by storing the 16 bit field directly. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pritesh Kothari <pritesh.kothari@cisco.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 17:09:38 -07:00
ds_put_format(ds, ",csum=0x%"PRIx16, ntohs(*((ovs_be16 *)options)));
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
options++;
}
if (greh->flags & htons(GRE_KEY)) {
ds_put_format(ds, ",key=0x%"PRIx32, ntohl(get_16aligned_be32(options)));
options++;
}
if (greh->flags & htons(GRE_SEQ)) {
ds_put_format(ds, ",seq=0x%"PRIx32, ntohl(get_16aligned_be32(options)));
options++;
}
ds_put_format(ds, ")");
}
ds_put_format(ds, ")");
}
static void
format_odp_tnl_push_action(struct ds *ds, const struct nlattr *attr)
{
struct ovs_action_push_tnl *data;
data = (struct ovs_action_push_tnl *) nl_attr_get(attr);
ds_put_format(ds, "tnl_push(tnl_port(%"PRIu32"),", data->tnl_port);
format_odp_tnl_push_header(ds, data);
ds_put_format(ds, ",out_port(%"PRIu32"))", data->out_port);
}
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
static const struct nl_policy ovs_conntrack_policy[] = {
[OVS_CT_ATTR_COMMIT] = { .type = NL_A_FLAG, .optional = true, },
[OVS_CT_ATTR_ZONE] = { .type = NL_A_U16, .optional = true, },
Add connection tracking mark support. This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
[OVS_CT_ATTR_MARK] = { .type = NL_A_UNSPEC, .optional = true,
.min_len = sizeof(uint32_t) * 2 },
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
[OVS_CT_ATTR_LABELS] = { .type = NL_A_UNSPEC, .optional = true,
.min_len = sizeof(struct ovs_key_ct_labels) * 2 },
Add support for connection tracking helper/ALGs. This patch adds support for specifying a "helper" or ALG to assist connection tracking for protocols that consist of multiple streams. Initially, only support for FTP is included. Below is an example set of flows to allow FTP control connections from port 1->2 to establish active data connections in the reverse direction: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1) table=1,in_port=2,tcp,ct_state=+trk+est,action=1 table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-15 14:29:16 -07:00
[OVS_CT_ATTR_HELPER] = { .type = NL_A_STRING, .optional = true,
.min_len = 1, .max_len = 16 },
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
};
static void
format_odp_conntrack_action(struct ds *ds, const struct nlattr *attr)
{
struct nlattr *a[ARRAY_SIZE(ovs_conntrack_policy)];
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
const ovs_u128 *label;
Add connection tracking mark support. This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
const uint32_t *mark;
Add support for connection tracking helper/ALGs. This patch adds support for specifying a "helper" or ALG to assist connection tracking for protocols that consist of multiple streams. Initially, only support for FTP is included. Below is an example set of flows to allow FTP control connections from port 1->2 to establish active data connections in the reverse direction: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1) table=1,in_port=2,tcp,ct_state=+trk+est,action=1 table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-15 14:29:16 -07:00
const char *helper;
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
uint16_t zone;
Add connection tracking mark support. This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
bool commit;
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
if (!nl_parse_nested(attr, ovs_conntrack_policy, a, ARRAY_SIZE(a))) {
ds_put_cstr(ds, "ct(error)");
return;
}
commit = a[OVS_CT_ATTR_COMMIT] ? true : false;
zone = a[OVS_CT_ATTR_ZONE] ? nl_attr_get_u16(a[OVS_CT_ATTR_ZONE]) : 0;
Add connection tracking mark support. This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
mark = a[OVS_CT_ATTR_MARK] ? nl_attr_get(a[OVS_CT_ATTR_MARK]) : NULL;
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
label = a[OVS_CT_ATTR_LABELS] ? nl_attr_get(a[OVS_CT_ATTR_LABELS]): NULL;
Add support for connection tracking helper/ALGs. This patch adds support for specifying a "helper" or ALG to assist connection tracking for protocols that consist of multiple streams. Initially, only support for FTP is included. Below is an example set of flows to allow FTP control connections from port 1->2 to establish active data connections in the reverse direction: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1) table=1,in_port=2,tcp,ct_state=+trk+est,action=1 table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-15 14:29:16 -07:00
helper = a[OVS_CT_ATTR_HELPER] ? nl_attr_get(a[OVS_CT_ATTR_HELPER]) : NULL;
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
ds_put_format(ds, "ct");
Add support for connection tracking helper/ALGs. This patch adds support for specifying a "helper" or ALG to assist connection tracking for protocols that consist of multiple streams. Initially, only support for FTP is included. Below is an example set of flows to allow FTP control connections from port 1->2 to establish active data connections in the reverse direction: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1) table=1,in_port=2,tcp,ct_state=+trk+est,action=1 table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-15 14:29:16 -07:00
if (commit || zone || mark || label || helper) {
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
ds_put_cstr(ds, "(");
if (commit) {
ds_put_format(ds, "commit,");
}
if (zone) {
ds_put_format(ds, "zone=%"PRIu16",", zone);
}
Add connection tracking mark support. This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
if (mark) {
ds_put_format(ds, "mark=%#"PRIx32"/%#"PRIx32",", *mark,
*(mark + 1));
}
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
if (label) {
ds_put_format(ds, "label=");
format_u128(ds, label, label + 1, true);
odp-util: Fix CT action formating. Comma was missing after "label" attribute. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Joe Stringer <joestringer@nicira.com>
2015-10-23 16:35:17 -07:00
ds_put_char(ds, ',');
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
}
Add support for connection tracking helper/ALGs. This patch adds support for specifying a "helper" or ALG to assist connection tracking for protocols that consist of multiple streams. Initially, only support for FTP is included. Below is an example set of flows to allow FTP control connections from port 1->2 to establish active data connections in the reverse direction: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1) table=1,in_port=2,tcp,ct_state=+trk+est,action=1 table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-15 14:29:16 -07:00
if (helper) {
ds_put_format(ds, "helper=%s,", helper);
}
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
ds_chomp(ds, ',');
ds_put_cstr(ds, ")");
}
}
datapath: Refactor actions in terms of match fields. Almost all current actions can be expressed in the form of push/pop/set <field>, where field is one of the match fields. We can create three base actions and take a field. This has both a nice symmetry and avoids inconsistencies where we can match on the vlan TPID but not set it. Following patch converts all actions to this new format. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7115
2011-10-21 14:38:54 -07:00
static void
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
format_odp_action(struct ds *ds, const struct nlattr *a)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
datapath: Move Netlink PID for userspace actions from flows to actions. Commit b063d9f06 "datapath: Use unicast Netlink sockets for upcalls" that switched from multicast to unicast Netlink for sending upcalls added a Netlink PID to each kernel flow, used by OVS_ACTION_ATTR_USERSPACE actions within the flow as target. This commit drops this per-flow PID in favor of a per-action PID, because that is more flexible. It does not yet make use of this additional flexibility, so behavior should not change. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7559.
2011-10-12 16:24:54 -07:00
int expected_len;
datapath: Refactor actions in terms of match fields. Almost all current actions can be expressed in the form of push/pop/set <field>, where field is one of the match fields. We can create three base actions and take a field. This has both a nice symmetry and avoids inconsistencies where we can match on the vlan TPID but not set it. Following patch converts all actions to this new format. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7115
2011-10-21 14:38:54 -07:00
enum ovs_action_attr type = nl_attr_type(a);
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
const struct ovs_action_push_vlan *vlan;
lib/odp: Masked set action execution and printing. Add a new action type OVS_ACTION_ATTR_SET_MASKED, and support for parsing, printing, and committing them. Masked set actions add a mask, immediately following the netlink attribute data, within the netlink attribute itself. Thus the key attribute size for a masked set action is exactly double of the non-masked set action. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:19 -07:00
size_t size;
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
datapath: Move Netlink PID for userspace actions from flows to actions. Commit b063d9f06 "datapath: Use unicast Netlink sockets for upcalls" that switched from multicast to unicast Netlink for sending upcalls added a Netlink PID to each kernel flow, used by OVS_ACTION_ATTR_USERSPACE actions within the flow as target. This commit drops this per-flow PID in favor of a per-action PID, because that is more flexible. It does not yet make use of this additional flexibility, so behavior should not change. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7559.
2011-10-12 16:24:54 -07:00
expected_len = odp_action_len(nl_attr_type(a));
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
if (expected_len != ATTR_LEN_VARIABLE &&
nl_attr_get_size(a) != expected_len) {
Avoid printf type modifiers not supported by MSVC C runtime library. The MSVC C library printf() implementation does not support the 'z', 't', 'j', or 'hh' format specifiers. This commit changes the Open vSwitch code to avoid those format specifiers, switching to standard macros from <inttypes.h> where available and inventing new macros resembling them where necessary. It also updates CodingStyle to specify the macros' use and adds a Makefile rule to report violations. Signed-off-by: Alin Serdean <aserdean@cloudbasesolutions.com> Co-authored-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-11-25 23:38:48 -08:00
ds_put_format(ds, "bad length %"PRIuSIZE", expected %d for: ",
datapath: Move Netlink PID for userspace actions from flows to actions. Commit b063d9f06 "datapath: Use unicast Netlink sockets for upcalls" that switched from multicast to unicast Netlink for sending upcalls added a Netlink PID to each kernel flow, used by OVS_ACTION_ATTR_USERSPACE actions within the flow as target. This commit drops this per-flow PID in favor of a per-action PID, because that is more flexible. It does not yet make use of this additional flexibility, so behavior should not change. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7559.
2011-10-12 16:24:54 -07:00
nl_attr_get_size(a), expected_len);
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
format_generic_odp_action(ds, a);
return;
}
datapath: Refactor actions in terms of match fields. Almost all current actions can be expressed in the form of push/pop/set <field>, where field is one of the match fields. We can create three base actions and take a field. This has both a nice symmetry and avoids inconsistencies where we can match on the vlan TPID but not set it. Following patch converts all actions to this new format. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7115
2011-10-21 14:38:54 -07:00
switch (type) {
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_ACTION_ATTR_OUTPUT:
odp-util: Use proper formatting for ODP port number. Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-14 17:09:34 +03:00
ds_put_format(ds, "%"PRIu32, nl_attr_get_u32(a));
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
case OVS_ACTION_ATTR_TUNNEL_POP:
ds_put_format(ds, "tnl_pop(%"PRIu32")", nl_attr_get_u32(a));
break;
case OVS_ACTION_ATTR_TUNNEL_PUSH:
format_odp_tnl_push_action(ds, a);
break;
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_ACTION_ATTR_USERSPACE:
datapath: Move Netlink PID for userspace actions from flows to actions. Commit b063d9f06 "datapath: Use unicast Netlink sockets for upcalls" that switched from multicast to unicast Netlink for sending upcalls added a Netlink PID to each kernel flow, used by OVS_ACTION_ATTR_USERSPACE actions within the flow as target. This commit drops this per-flow PID in favor of a per-action PID, because that is more flexible. It does not yet make use of this additional flexibility, so behavior should not change. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7559.
2011-10-12 16:24:54 -07:00
format_odp_userspace_action(ds, a);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
case OVS_ACTION_ATTR_RECIRC:
dpif-netdev: Move hash function out of the recirc action, into its own action Currently recirculation action can optionally compute hash. This patch adds a hash action that is independent of the recirc action, which no longer computes hash. For megaflow bond with recirc, the output to a bond port action will look like: hash(hash_l4(0)), recirc(<recirc_id>) Obviously, when a recirculation application that does not depend on hash value can just use the recirc action alone. Signed-off-by: Andy Zhou <azhou@nicira.com> Reviewed-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp> Acked-by: Pravin B Shelar <pshelar@nicira.com
2014-04-08 18:42:39 -07:00
format_odp_recirc_action(ds, nl_attr_get_u32(a));
break;
case OVS_ACTION_ATTR_HASH:
format_odp_hash_action(ds, nl_attr_get(a));
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
break;
lib/odp: Masked set action execution and printing. Add a new action type OVS_ACTION_ATTR_SET_MASKED, and support for parsing, printing, and committing them. Masked set actions add a mask, immediately following the netlink attribute data, within the netlink attribute itself. Thus the key attribute size for a masked set action is exactly double of the non-masked set action. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:19 -07:00
case OVS_ACTION_ATTR_SET_MASKED:
a = nl_attr_get(a);
size = nl_attr_get_size(a) / 2;
ds_put_cstr(ds, "set(");
/* Masked set action not supported for tunnel key, which is bigger. */
if (size <= sizeof(struct ovs_key_ipv6)) {
struct nlattr attr[1 + DIV_ROUND_UP(sizeof(struct ovs_key_ipv6),
sizeof(struct nlattr))];
struct nlattr mask[1 + DIV_ROUND_UP(sizeof(struct ovs_key_ipv6),
sizeof(struct nlattr))];
mask->nla_type = attr->nla_type = nl_attr_type(a);
mask->nla_len = attr->nla_len = NLA_HDRLEN + size;
memcpy(attr + 1, (char *)(a + 1), size);
memcpy(mask + 1, (char *)(a + 1) + size, size);
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
format_odp_key_attr(attr, mask, NULL, ds, false);
lib/odp: Masked set action execution and printing. Add a new action type OVS_ACTION_ATTR_SET_MASKED, and support for parsing, printing, and committing them. Masked set actions add a mask, immediately following the netlink attribute data, within the netlink attribute itself. Thus the key attribute size for a masked set action is exactly double of the non-masked set action. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:19 -07:00
} else {
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
format_odp_key_attr(a, NULL, NULL, ds, false);
lib/odp: Masked set action execution and printing. Add a new action type OVS_ACTION_ATTR_SET_MASKED, and support for parsing, printing, and committing them. Masked set actions add a mask, immediately following the netlink attribute data, within the netlink attribute itself. Thus the key attribute size for a masked set action is exactly double of the non-masked set action. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:19 -07:00
}
ds_put_cstr(ds, ")");
break;
datapath: Refactor actions in terms of match fields. Almost all current actions can be expressed in the form of push/pop/set <field>, where field is one of the match fields. We can create three base actions and take a field. This has both a nice symmetry and avoids inconsistencies where we can match on the vlan TPID but not set it. Following patch converts all actions to this new format. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7115
2011-10-21 14:38:54 -07:00
case OVS_ACTION_ATTR_SET:
ds_put_cstr(ds, "set(");
ovs-dpctl, ofproto/trace: Show and handle the in_port name in flows. With this commit, whenever the verbosity is enabled with '-m' option, the ovs-dpctl dump-flows command will display the flows with in_port field showing the name instead of a port number. Conversely, one can also use a name in the in_port field with del-flow, add-flow and mod-flow commands of ovs-dpctl. One should also be able to use the port name when supplying the datapath flow as an input to ofproto/trace command. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-09-23 22:58:46 -07:00
format_odp_key_attr(nl_attr_get(a), NULL, NULL, ds, true);
datapath: Refactor actions in terms of match fields. Almost all current actions can be expressed in the form of push/pop/set <field>, where field is one of the match fields. We can create three base actions and take a field. This has both a nice symmetry and avoids inconsistencies where we can match on the vlan TPID but not set it. Following patch converts all actions to this new format. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7115
2011-10-21 14:38:54 -07:00
ds_put_cstr(ds, ")");
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
case OVS_ACTION_ATTR_PUSH_VLAN:
vlan = nl_attr_get(a);
ds_put_cstr(ds, "push_vlan(");
if (vlan->vlan_tpid != htons(ETH_TYPE_VLAN)) {
ds_put_format(ds, "tpid=0x%04"PRIx16",", ntohs(vlan->vlan_tpid));
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
format_vlan_tci(ds, vlan->vlan_tci, OVS_BE16_MAX, false);
datapath: Don't drop packets with partial vlan tags. In the future it is likely that our vlan support will expand to include multiply tagged packets. When this happens, we would ideally like for it to be consistent with our current tagging. Currently, if we receive a packet with a partial VLAN tag we will automatically drop it in the kernel, which is unique among the protocols we support. The only other reason to drop a packet is a memory allocation error. For a doubly tagged packet, we will parse the first tag and indicate that another tag was present but do not drop if the second tag is incorrect as we do not parse it. This changes the behavior of the vlan parser to match other protocols and also deeper tags by indicating the presence of a broken tag with the 802.1Q EtherType but no vlan information. This shifts the policy decision to userspace on whether to drop broken tags and allows us to uniformly add new levels of tag parsing. Although additional levels of control are provided to userspace, this maintains the current behavior of dropping packets with a broken tag when using the NORMAL action because that is the correct behavior for an 802.1Q-aware switch. The userspace flow parser actually already had the new behavior so this corrects an inconsistency. Reported-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 17:19:41 -08:00
ds_put_char(ds, ')');
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
case OVS_ACTION_ATTR_POP_VLAN:
ds_put_cstr(ds, "pop_vlan");
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
case OVS_ACTION_ATTR_PUSH_MPLS: {
const struct ovs_action_push_mpls *mpls = nl_attr_get(a);
ds_put_cstr(ds, "push_mpls(");
format_mpls_lse(ds, mpls->mpls_lse);
ds_put_format(ds, ",eth_type=0x%"PRIx16")", ntohs(mpls->mpls_ethertype));
break;
}
case OVS_ACTION_ATTR_POP_MPLS: {
ovs_be16 ethertype = nl_attr_get_be16(a);
ds_put_format(ds, "pop_mpls(eth_type=0x%"PRIx16")", ntohs(ethertype));
break;
}
sFlow: Genericize/simplify kernel sFlow implementation Following patch adds sampling action which takes probability and set of actions as arguments. When probability is hit, actions are executed for given packet. USERSPACE action's userdata (u64) is used to store struct user_action_cookie as cookie. CONTROLLER action is fixed accordingly. Now we can remove sFlow code from kernel and implement sFlow generically as SAMPLE action. sFlow is defined as SAMPLE Action with probability (sFlow sampling rate) and USERSPACE action as argument. USERSPACE action's data is used as cookie. sFlow uses this cookie to store output-port, number of output ports and vlan-id. sample-pool is calculated by using vport stats. Signed-off-by: Pravin Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-09-28 10:43:07 -07:00
case OVS_ACTION_ATTR_SAMPLE:
format_odp_sample_action(ds, a);
break;
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
case OVS_ACTION_ATTR_CT:
format_odp_conntrack_action(ds, a);
break;
datapath: Refactor actions in terms of match fields. Almost all current actions can be expressed in the form of push/pop/set <field>, where field is one of the match fields. We can create three base actions and take a field. This has both a nice symmetry and avoids inconsistencies where we can match on the vlan TPID but not set it. Following patch converts all actions to this new format. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7115
2011-10-21 14:38:54 -07:00
case OVS_ACTION_ATTR_UNSPEC:
case __OVS_ACTION_ATTR_MAX:
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
default:
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
format_generic_odp_action(ds, a);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
break;
}
}
void
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
format_odp_actions(struct ds *ds, const struct nlattr *actions,
vswitchd: Consistently use size_t for action lengths. Currently the type of the datapath action length is mixture of size_t and unsigned int. However, size_t is really defined as an unsigned long, which causes the build to fail on 64-bit platforms. This consistently uses size_t.
2010-12-11 22:51:31 -08:00
size_t actions_len)
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
{
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
if (actions_len) {
const struct nlattr *a;
unsigned int left;
NL_ATTR_FOR_EACH (a, left, actions, actions_len) {
if (a != actions) {
ds_put_char(ds, ',');
}
format_odp_action(ds, a);
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
}
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
if (left) {
odp-util: Describe invalid keys and actions in more detail. I have an outstanding bug report that has tons of "***56 leftover bytes***" messages with no way to guess what the problem is. I hope this makes debugging possible. Bug #9346. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-01-26 16:21:50 -08:00
int i;
odp-util: Improve formatting of bogus empty action attributes. Before this change, these were formatted as: ,***%u leftover bytes*** After this change, they are formatted as: <empty>,***%u leftover bytes*** Reviewed by Ethan Jackson <ethan@nicira.com>.
2011-01-11 15:35:56 -08:00
if (left == actions_len) {
ds_put_cstr(ds, "<empty>");
}
odp-util: Describe invalid keys and actions in more detail. I have an outstanding bug report that has tons of "***56 leftover bytes***" messages with no way to guess what the problem is. I hope this makes debugging possible. Bug #9346. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-01-26 16:21:50 -08:00
ds_put_format(ds, ",***%u leftover bytes*** (", left);
for (i = 0; i < left; i++) {
ds_put_format(ds, "%02x", ((const uint8_t *) a)[i]);
}
ds_put_char(ds, ')');
datapath: Replace "struct odp_action" by Netlink attributes. In the medium term, we plan to migrate the datapath to use Netlink as its communication channel. In the short term, we need to be able to have actions with 64-bit arguments but "struct odp_action" only has room for 48 bits. So this patch shifts to variable-length arguments using Netlink attributes, which starts in on the Netlink transition and makes 64-bit arguments possible at the same time. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2010-12-10 10:40:58 -08:00
}
} else {
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
ds_put_cstr(ds, "drop");
}
}
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
/* Separate out parse_odp_userspace_action() function. */
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
static int
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
parse_odp_userspace_action(const char *s, struct ofpbuf *actions)
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
{
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
uint32_t pid;
union user_action_cookie cookie;
struct ofpbuf buf;
odp_port_t tunnel_out_port;
int n = -1;
void *user_data = NULL;
size_t user_data_size = 0;
Extend sFlow agent to report tunnel and MPLS structures Packets are still sampled at ingress only, so the egress tunnel and/or MPLS structures are only included when there is just 1 output port. The actions are either provided by the datapath in the sample upcall or looked up in the userspace cache. The former is preferred because it is more reliable and does not present any new demands or constraints on the userspace cache, however the code falls back on the userspace lookup so that this solution can work with existing kernel datapath modules. If the lookup fails it is not critical: the compiled user-action-cookie is still available and provides the essential output port and output VLAN forwarding information just as before. The openvswitch actions can express almost any tunneling/mangling so the only totally faithful representation would be to somehow encode the whole list of flow actions in the sFlow output. However the standard sFlow tunnel structures can express most common real-world scenarios, so in parsing the actions we look for those and skip the encoding if we see anything unusual. For example, a single set(tunnel()) or tnl_push() is interpreted, but if a second such action is encountered then the egress tunnel reporting is suppressed. The sFlow standard allows "best effort" encoding so that if a field is not knowable or too onerous to look up then it can be left out. This is often the case for the layer-4 source port or even the src ip address of a tunnel. The assumption is that monitoring is enabled everywhere so a missing field can typically be seen at ingress to the next switch in the path. This patch also adds unit tests to check the sFlow encoding of set(tunnel()), tnl_push() and push_mpls() actions. The netlink attribute to request that actions be included in the upcall from the datapath is inserted for sFlow sampling only. To make that option be explicit would require further changes to the printing and parsing of actions in lib/odp-util.c, and to scripts in the test suite. Further enhancements to report on 802.1AD QinQ, 64-bit tunnel IDs, and NAT transformations can follow in future patches that make only incremental changes. Signed-off-by: Neil McKee <neil.mckee@inmon.com> [blp@nicira.com made stylistic and semantic changes] Signed-off-by: Ben Pfaff <blp@nicira.com>
2015-07-17 21:37:02 -07:00
bool include_actions = false;
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
if (!ovs_scan(s, "userspace(pid=%"SCNi32"%n", &pid, &n)) {
return -EINVAL;
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
}
{
Switch from sscanf() to ovs_scan() throughout the tree. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-11-09 15:44:23 -08:00
uint32_t output;
uint32_t probability;
uint32_t collector_set_id;
uint32_t obs_domain_id;
uint32_t obs_point_id;
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
int vid, pcp;
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
int n1 = -1;
if (ovs_scan(&s[n], ",sFlow(vid=%i,"
"pcp=%i,output=%"SCNi32")%n",
&vid, &pcp, &output, &n1)) {
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
uint16_t tci;
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
n += n1;
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
tci = vid | (pcp << VLAN_PCP_SHIFT);
if (tci) {
tci |= VLAN_CFI;
}
cookie.type = USER_ACTION_COOKIE_SFLOW;
odp-util: Change user_action_cookie from struct to union. An upcoming commit will introduce a new type and a new use for the additional members. It seems cleanest to use a union, rather that using the existing members multiple ways. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-04 14:56:40 -07:00
cookie.sflow.vlan_tci = htons(tci);
cookie.sflow.output = output;
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
user_data = &cookie;
user_data_size = sizeof cookie.sflow;
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
} else if (ovs_scan(&s[n], ",slow_path(%n",
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
&n1)) {
odp-util: Make it possible to combine slow path reasons. It will soon be possible for a single flow to be slow pathed for multiple reasons. This commit makes it possible to indicate more than one reason to slow path a flow. This commit is logically a revert of commit 98f0520fb2 (odp-util: Make slow_path_reasons mutually exclusive.) but details have changed. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-09-20 12:54:51 -07:00
int res;
ofproto-dpif: Introduce "slow path" datapath flows. Most exact-match flows can be handled directly in the datapath, but for various reasons, some cannot: every packet in these flows must be sent separately to userspace. Until now, flows that cannot be handled entirely in the kernel have been allowed to miss each time in the datapath. This is generally OK, but it has a few disadvantages: * It can make troubleshooting at the level where one must look at datapath flows a bit confusing in some cases, because datapath misses due to genuinely new flows are mixed in with datapath misses for known flows that cannot be set up. * It means that the kernel-to-userspace packets for a given input port always go to a single kernel-to-userspace queue, even if we'd like to segregate out some of the packets for known flows. (An upcoming commit has examples.) This commit therefore introduces the concept of a "slow path" flow, one that is installed in the datapath with a single action that sends the flow's packets to userspace. To make troubleshooting easier, the action includes a reason code (displayed by "ovs-dpctl dump-flows") that explains why the flow has been slow-pathed. Bug #7550. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-04 14:52:36 -07:00
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
n += n1;
ofproto-dpif: Introduce "slow path" datapath flows. Most exact-match flows can be handled directly in the datapath, but for various reasons, some cannot: every packet in these flows must be sent separately to userspace. Until now, flows that cannot be handled entirely in the kernel have been allowed to miss each time in the datapath. This is generally OK, but it has a few disadvantages: * It can make troubleshooting at the level where one must look at datapath flows a bit confusing in some cases, because datapath misses due to genuinely new flows are mixed in with datapath misses for known flows that cannot be set up. * It means that the kernel-to-userspace packets for a given input port always go to a single kernel-to-userspace queue, even if we'd like to segregate out some of the packets for known flows. (An upcoming commit has examples.) This commit therefore introduces the concept of a "slow path" flow, one that is installed in the datapath with a single action that sends the flow's packets to userspace. To make troubleshooting easier, the action includes a reason code (displayed by "ovs-dpctl dump-flows") that explains why the flow has been slow-pathed. Bug #7550. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-04 14:52:36 -07:00
cookie.type = USER_ACTION_COOKIE_SLOW_PATH;
cookie.slow_path.unused = 0;
odp-util: Make it possible to combine slow path reasons. It will soon be possible for a single flow to be slow pathed for multiple reasons. This commit makes it possible to indicate more than one reason to slow path a flow. This commit is logically a revert of commit 98f0520fb2 (odp-util: Make slow_path_reasons mutually exclusive.) but details have changed. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-09-20 12:54:51 -07:00
cookie.slow_path.reason = 0;
ofproto-dpif: Introduce "slow path" datapath flows. Most exact-match flows can be handled directly in the datapath, but for various reasons, some cannot: every packet in these flows must be sent separately to userspace. Until now, flows that cannot be handled entirely in the kernel have been allowed to miss each time in the datapath. This is generally OK, but it has a few disadvantages: * It can make troubleshooting at the level where one must look at datapath flows a bit confusing in some cases, because datapath misses due to genuinely new flows are mixed in with datapath misses for known flows that cannot be set up. * It means that the kernel-to-userspace packets for a given input port always go to a single kernel-to-userspace queue, even if we'd like to segregate out some of the packets for known flows. (An upcoming commit has examples.) This commit therefore introduces the concept of a "slow path" flow, one that is installed in the datapath with a single action that sends the flow's packets to userspace. To make troubleshooting easier, the action includes a reason code (displayed by "ovs-dpctl dump-flows") that explains why the flow has been slow-pathed. Bug #7550. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-04 14:52:36 -07:00
flow: Factor out flag parsing and formatting routines. There are several implementations of functions that parse/format flags and their binary representation. This factors them out into common routines. In addition to reducing code, it also makes things more consistent across different parts of OVS. Signed-off-by: Jesse Gross <jesse@nicira.com>
2015-07-11 20:48:29 -07:00
res = parse_odp_flags(&s[n], slow_path_reason_to_string,
&cookie.slow_path.reason,
SLOW_PATH_REASON_MASK, NULL);
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (res < 0 || s[n + res] != ')') {
odp-util: Make it possible to combine slow path reasons. It will soon be possible for a single flow to be slow pathed for multiple reasons. This commit makes it possible to indicate more than one reason to slow path a flow. This commit is logically a revert of commit 98f0520fb2 (odp-util: Make slow_path_reasons mutually exclusive.) but details have changed. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-09-20 12:54:51 -07:00
return res;
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
n += res + 1;
ofproto-dpif: Introduce "slow path" datapath flows. Most exact-match flows can be handled directly in the datapath, but for various reasons, some cannot: every packet in these flows must be sent separately to userspace. Until now, flows that cannot be handled entirely in the kernel have been allowed to miss each time in the datapath. This is generally OK, but it has a few disadvantages: * It can make troubleshooting at the level where one must look at datapath flows a bit confusing in some cases, because datapath misses due to genuinely new flows are mixed in with datapath misses for known flows that cannot be set up. * It means that the kernel-to-userspace packets for a given input port always go to a single kernel-to-userspace queue, even if we'd like to segregate out some of the packets for known flows. (An upcoming commit has examples.) This commit therefore introduces the concept of a "slow path" flow, one that is installed in the datapath with a single action that sends the flow's packets to userspace. To make troubleshooting easier, the action includes a reason code (displayed by "ovs-dpctl dump-flows") that explains why the flow has been slow-pathed. Bug #7550. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-04 14:52:36 -07:00
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
user_data = &cookie;
user_data_size = sizeof cookie.slow_path;
} else if (ovs_scan(&s[n], ",flow_sample(probability=%"SCNi32","
Switch from sscanf() to ovs_scan() throughout the tree. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-11-09 15:44:23 -08:00
"collector_set_id=%"SCNi32","
"obs_domain_id=%"SCNi32","
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
"obs_point_id=%"SCNi32")%n",
&probability, &collector_set_id,
&obs_domain_id, &obs_point_id, &n1)) {
n += n1;
Implement IPFIX export Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated into a new SAMPLE "flow_sample" dp action. Make the userspace action's userdata size vary depending on the union member used. Add a new "flow_sample" upcall to do per-flow packet sampling. Add a new "ipfix" upcall to do per-bridge packet sampling to IPFIX collectors. Extend the OVSDB schema to support configuring IPFIX collector sets. Add support for configuring multiple IPFIX collectors for per-flow packet sampling. Add support for configuring per-bridge IPFIX sampling. Automatically generate standard IPFIX entity definitions from the IANA specs. Send one IPFIX data record message for every packet sampled by an OpenFlow sample action or received by a bridge configured with IPFIX sampling, and periodically send IPFIX template set messages. Signed-off-by: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-04-22 10:01:14 -07:00
cookie.type = USER_ACTION_COOKIE_FLOW_SAMPLE;
cookie.flow_sample.probability = probability;
cookie.flow_sample.collector_set_id = collector_set_id;
cookie.flow_sample.obs_domain_id = obs_domain_id;
cookie.flow_sample.obs_point_id = obs_point_id;
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
user_data = &cookie;
user_data_size = sizeof cookie.flow_sample;
} else if (ovs_scan(&s[n], ",ipfix(output_port=%"SCNi32")%n",
&output, &n1) ) {
n += n1;
Implement IPFIX export Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated into a new SAMPLE "flow_sample" dp action. Make the userspace action's userdata size vary depending on the union member used. Add a new "flow_sample" upcall to do per-flow packet sampling. Add a new "ipfix" upcall to do per-bridge packet sampling to IPFIX collectors. Extend the OVSDB schema to support configuring IPFIX collector sets. Add support for configuring multiple IPFIX collectors for per-flow packet sampling. Add support for configuring per-bridge IPFIX sampling. Automatically generate standard IPFIX entity definitions from the IANA specs. Send one IPFIX data record message for every packet sampled by an OpenFlow sample action or received by a bridge configured with IPFIX sampling, and periodically send IPFIX template set messages. Signed-off-by: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-04-22 10:01:14 -07:00
cookie.type = USER_ACTION_COOKIE_IPFIX;
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
cookie.ipfix.output_odp_port = u32_to_odp(output);
user_data = &cookie;
user_data_size = sizeof cookie.ipfix;
} else if (ovs_scan(&s[n], ",userdata(%n",
&n1)) {
Allow OVS_USERSPACE_ATTR_USERDATA to be variable length. Until now, the optional OVS_USERSPACE_ATTR_USERDATA attribute had to be exactly 64 bits long, if it was present. However, 64 bits is not enough space to associate as much information with a flow as would be convenient for some userspace features now under development. This commit generalizes the attribute, allowing it to be any length. This generalization is backward-compatible: if userspace only uses 64-bit attributes, then it will not see any change in behavior. CC: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-02-15 16:48:32 -08:00
char *end;
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
n += n1;
Allow OVS_USERSPACE_ATTR_USERDATA to be variable length. Until now, the optional OVS_USERSPACE_ATTR_USERDATA attribute had to be exactly 64 bits long, if it was present. However, 64 bits is not enough space to associate as much information with a flow as would be convenient for some userspace features now under development. This commit generalizes the attribute, allowing it to be any length. This generalization is backward-compatible: if userspace only uses 64-bit attributes, then it will not see any change in behavior. CC: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-02-15 16:48:32 -08:00
ofpbuf_init(&buf, 16);
end = ofpbuf_put_hex(&buf, &s[n], NULL);
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
if (end[0] != ')') {
return -EINVAL;
Allow OVS_USERSPACE_ATTR_USERDATA to be variable length. Until now, the optional OVS_USERSPACE_ATTR_USERDATA attribute had to be exactly 64 bits long, if it was present. However, 64 bits is not enough space to associate as much information with a flow as would be convenient for some userspace features now under development. This commit generalizes the attribute, allowing it to be any length. This generalization is backward-compatible: if userspace only uses 64-bit attributes, then it will not see any change in behavior. CC: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-02-15 16:48:32 -08:00
}
ofpbuf: Simplify ofpbuf API. ofpbuf was complicated due to its wide usage across all layers of OVS, Now we have introduced independent dp_packet which can be used for datapath packet, we can simplify ofpbuf. Following patch removes DPDK mbuf and access API of ofpbuf members. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-03-02 17:29:44 -08:00
user_data = buf.data;
user_data_size = buf.size;
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
n = (end + 1) - s;
}
}
Extend sFlow agent to report tunnel and MPLS structures Packets are still sampled at ingress only, so the egress tunnel and/or MPLS structures are only included when there is just 1 output port. The actions are either provided by the datapath in the sample upcall or looked up in the userspace cache. The former is preferred because it is more reliable and does not present any new demands or constraints on the userspace cache, however the code falls back on the userspace lookup so that this solution can work with existing kernel datapath modules. If the lookup fails it is not critical: the compiled user-action-cookie is still available and provides the essential output port and output VLAN forwarding information just as before. The openvswitch actions can express almost any tunneling/mangling so the only totally faithful representation would be to somehow encode the whole list of flow actions in the sFlow output. However the standard sFlow tunnel structures can express most common real-world scenarios, so in parsing the actions we look for those and skip the encoding if we see anything unusual. For example, a single set(tunnel()) or tnl_push() is interpreted, but if a second such action is encountered then the egress tunnel reporting is suppressed. The sFlow standard allows "best effort" encoding so that if a field is not knowable or too onerous to look up then it can be left out. This is often the case for the layer-4 source port or even the src ip address of a tunnel. The assumption is that monitoring is enabled everywhere so a missing field can typically be seen at ingress to the next switch in the path. This patch also adds unit tests to check the sFlow encoding of set(tunnel()), tnl_push() and push_mpls() actions. The netlink attribute to request that actions be included in the upcall from the datapath is inserted for sFlow sampling only. To make that option be explicit would require further changes to the printing and parsing of actions in lib/odp-util.c, and to scripts in the test suite. Further enhancements to report on 802.1AD QinQ, 64-bit tunnel IDs, and NAT transformations can follow in future patches that make only incremental changes. Signed-off-by: Neil McKee <neil.mckee@inmon.com> [blp@nicira.com made stylistic and semantic changes] Signed-off-by: Ben Pfaff <blp@nicira.com>
2015-07-17 21:37:02 -07:00
{
int n1 = -1;
if (ovs_scan(&s[n], ",actions%n", &n1)) {
n += n1;
include_actions = true;
}
}
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
{
int n1 = -1;
if (ovs_scan(&s[n], ",tunnel_out_port=%"SCNi32")%n",
&tunnel_out_port, &n1)) {
Extend sFlow agent to report tunnel and MPLS structures Packets are still sampled at ingress only, so the egress tunnel and/or MPLS structures are only included when there is just 1 output port. The actions are either provided by the datapath in the sample upcall or looked up in the userspace cache. The former is preferred because it is more reliable and does not present any new demands or constraints on the userspace cache, however the code falls back on the userspace lookup so that this solution can work with existing kernel datapath modules. If the lookup fails it is not critical: the compiled user-action-cookie is still available and provides the essential output port and output VLAN forwarding information just as before. The openvswitch actions can express almost any tunneling/mangling so the only totally faithful representation would be to somehow encode the whole list of flow actions in the sFlow output. However the standard sFlow tunnel structures can express most common real-world scenarios, so in parsing the actions we look for those and skip the encoding if we see anything unusual. For example, a single set(tunnel()) or tnl_push() is interpreted, but if a second such action is encountered then the egress tunnel reporting is suppressed. The sFlow standard allows "best effort" encoding so that if a field is not knowable or too onerous to look up then it can be left out. This is often the case for the layer-4 source port or even the src ip address of a tunnel. The assumption is that monitoring is enabled everywhere so a missing field can typically be seen at ingress to the next switch in the path. This patch also adds unit tests to check the sFlow encoding of set(tunnel()), tnl_push() and push_mpls() actions. The netlink attribute to request that actions be included in the upcall from the datapath is inserted for sFlow sampling only. To make that option be explicit would require further changes to the printing and parsing of actions in lib/odp-util.c, and to scripts in the test suite. Further enhancements to report on 802.1AD QinQ, 64-bit tunnel IDs, and NAT transformations can follow in future patches that make only incremental changes. Signed-off-by: Neil McKee <neil.mckee@inmon.com> [blp@nicira.com made stylistic and semantic changes] Signed-off-by: Ben Pfaff <blp@nicira.com>
2015-07-17 21:37:02 -07:00
odp_put_userspace_action(pid, user_data, user_data_size,
tunnel_out_port, include_actions, actions);
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
return n + n1;
} else if (s[n] == ')') {
Extend sFlow agent to report tunnel and MPLS structures Packets are still sampled at ingress only, so the egress tunnel and/or MPLS structures are only included when there is just 1 output port. The actions are either provided by the datapath in the sample upcall or looked up in the userspace cache. The former is preferred because it is more reliable and does not present any new demands or constraints on the userspace cache, however the code falls back on the userspace lookup so that this solution can work with existing kernel datapath modules. If the lookup fails it is not critical: the compiled user-action-cookie is still available and provides the essential output port and output VLAN forwarding information just as before. The openvswitch actions can express almost any tunneling/mangling so the only totally faithful representation would be to somehow encode the whole list of flow actions in the sFlow output. However the standard sFlow tunnel structures can express most common real-world scenarios, so in parsing the actions we look for those and skip the encoding if we see anything unusual. For example, a single set(tunnel()) or tnl_push() is interpreted, but if a second such action is encountered then the egress tunnel reporting is suppressed. The sFlow standard allows "best effort" encoding so that if a field is not knowable or too onerous to look up then it can be left out. This is often the case for the layer-4 source port or even the src ip address of a tunnel. The assumption is that monitoring is enabled everywhere so a missing field can typically be seen at ingress to the next switch in the path. This patch also adds unit tests to check the sFlow encoding of set(tunnel()), tnl_push() and push_mpls() actions. The netlink attribute to request that actions be included in the upcall from the datapath is inserted for sFlow sampling only. To make that option be explicit would require further changes to the printing and parsing of actions in lib/odp-util.c, and to scripts in the test suite. Further enhancements to report on 802.1AD QinQ, 64-bit tunnel IDs, and NAT transformations can follow in future patches that make only incremental changes. Signed-off-by: Neil McKee <neil.mckee@inmon.com> [blp@nicira.com made stylistic and semantic changes] Signed-off-by: Ben Pfaff <blp@nicira.com>
2015-07-17 21:37:02 -07:00
odp_put_userspace_action(pid, user_data, user_data_size,
ODPP_NONE, include_actions, actions);
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
return n + 1;
}
}
return -EINVAL;
}
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
static int
ovs_parse_tnl_push(const char *s, struct ovs_action_push_tnl *data)
{
struct eth_header *eth;
struct ip_header *ip;
struct udp_header *udp;
struct gre_base_hdr *greh;
tests: gre: fix flags endianness The flags field is 16 bits so use network byte order in the test case and use the proper conversion methods when parsing and dumping. Signed-off-by: Flavio Leitner <fbl@redhat.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
2015-04-10 11:08:10 -03:00
uint16_t gre_proto, gre_flags, dl_type, udp_src, udp_dst, csum;
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
ovs_be32 sip, dip;
uint32_t tnl_type = 0, header_len = 0;
void *l3, *l4;
int n = 0;
if (!ovs_scan_len(s, &n, "tnl_push(tnl_port(%"SCNi32"),", &data->tnl_port)) {
return -EINVAL;
}
eth = (struct eth_header *) data->header;
l3 = (data->header + sizeof *eth);
l4 = ((uint8_t *) l3 + sizeof (struct ip_header));
ip = (struct ip_header *) l3;
if (!ovs_scan_len(s, &n, "header(size=%"SCNi32",type=%"SCNi32","
"eth(dst="ETH_ADDR_SCAN_FMT",",
&data->header_len,
&data->tnl_type,
ETH_ADDR_SCAN_ARGS(eth->eth_dst))) {
return -EINVAL;
}
if (!ovs_scan_len(s, &n, "src="ETH_ADDR_SCAN_FMT",",
ETH_ADDR_SCAN_ARGS(eth->eth_src))) {
return -EINVAL;
}
if (!ovs_scan_len(s, &n, "dl_type=0x%"SCNx16"),", &dl_type)) {
return -EINVAL;
}
eth->eth_type = htons(dl_type);
/* IPv4 */
if (!ovs_scan_len(s, &n, "ipv4(src="IP_SCAN_FMT",dst="IP_SCAN_FMT",proto=%"SCNi8
",tos=%"SCNi8",ttl=%"SCNi8",frag=0x%"SCNx16"),",
IP_SCAN_ARGS(&sip),
IP_SCAN_ARGS(&dip),
&ip->ip_proto, &ip->ip_tos,
&ip->ip_ttl, &ip->ip_frag_off)) {
return -EINVAL;
}
put_16aligned_be32(&ip->ip_src, sip);
put_16aligned_be32(&ip->ip_dst, dip);
/* Tunnel header */
udp = (struct udp_header *) l4;
greh = (struct gre_base_hdr *) l4;
tunneling: Add UDP checksum support for userspace tunnels. Kernel based OVS recently added the ability to support checksums for UDP based tunnels (Geneve and VXLAN). This adds similar support for the userspace datapath to bring feature parity. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 14:27:19 -07:00
if (ovs_scan_len(s, &n, "udp(src=%"SCNi16",dst=%"SCNi16",csum=0x%"SCNx16"),",
&udp_src, &udp_dst, &csum)) {
tunneling: Add userspace tunnel support for Geneve. This adds basic userspace dataplane support for the Geneve tunneling protocol. The rest of userspace only has the ability to handle Geneve without options and this follows that pattern for the time being. However, when the rest of userspace is updated it should be easy to extend the dataplane as well. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 13:51:06 -07:00
uint32_t vx_flags, vni;
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
udp->udp_src = htons(udp_src);
udp->udp_dst = htons(udp_dst);
udp->udp_len = 0;
tunneling: Add UDP checksum support for userspace tunnels. Kernel based OVS recently added the ability to support checksums for UDP based tunnels (Geneve and VXLAN). This adds similar support for the userspace datapath to bring feature parity. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 14:27:19 -07:00
udp->udp_csum = htons(csum);
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
tunneling: Factor out common UDP tunnel code. Currently, the userspace VXLAN implementation contains the code for generating and parsing both the UDP and VXLAN headers. This pulls out the UDP portion for better layering and to make it easier to support additional UDP based tunnels and features. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 12:07:02 -07:00
if (ovs_scan_len(s, &n, "vxlan(flags=0x%"SCNx32",vni=0x%"SCNx32"))",
tunneling: Add userspace tunnel support for Geneve. This adds basic userspace dataplane support for the Geneve tunneling protocol. The rest of userspace only has the ability to handle Geneve without options and this follows that pattern for the time being. However, when the rest of userspace is updated it should be easy to extend the dataplane as well. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 13:51:06 -07:00
&vx_flags, &vni)) {
tunneling: Factor out common UDP tunnel code. Currently, the userspace VXLAN implementation contains the code for generating and parsing both the UDP and VXLAN headers. This pulls out the UDP portion for better layering and to make it easier to support additional UDP based tunnels and features. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 12:07:02 -07:00
struct vxlanhdr *vxh = (struct vxlanhdr *) (udp + 1);
put_16aligned_be32(&vxh->vx_flags, htonl(vx_flags));
tunneling: Add userspace tunnel support for Geneve. This adds basic userspace dataplane support for the Geneve tunneling protocol. The rest of userspace only has the ability to handle Geneve without options and this follows that pattern for the time being. However, when the rest of userspace is updated it should be easy to extend the dataplane as well. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 13:51:06 -07:00
put_16aligned_be32(&vxh->vx_vni, htonl(vni << 8));
tunneling: Factor out common UDP tunnel code. Currently, the userspace VXLAN implementation contains the code for generating and parsing both the UDP and VXLAN headers. This pulls out the UDP portion for better layering and to make it easier to support additional UDP based tunnels and features. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 12:07:02 -07:00
tnl_type = OVS_VPORT_TYPE_VXLAN;
header_len = sizeof *eth + sizeof *ip +
sizeof *udp + sizeof *vxh;
tunneling: Add userspace tunnel support for Geneve. This adds basic userspace dataplane support for the Geneve tunneling protocol. The rest of userspace only has the ability to handle Geneve without options and this follows that pattern for the time being. However, when the rest of userspace is updated it should be easy to extend the dataplane as well. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 13:51:06 -07:00
} else if (ovs_scan_len(s, &n, "geneve(")) {
struct genevehdr *gnh = (struct genevehdr *) (udp + 1);
geneve: Zero header before parsing userspace tunneling action. When we parse the text representation of the Geneve action the header is not fully initialized. Besides the obvious potential to generate an action that the user did not actually specify, this also causes intermittent unit test failures when an action is read in and printed out and the result is different. Signed-off-by: Jesse Gross <jesse@nicira.com>
2015-04-07 18:55:54 -07:00
memset(gnh, 0, sizeof *gnh);
tunneling: Userspace datapath support for Geneve options. Currently the userspace datapath only supports Geneve in a basic mode - without options - since the rest of userspace previously didn't support options either. This enables the userspace datapath to send and receive options as well. The receive path for extracting the tunnel options isn't entirely optimal because it does a lookup on the options on a per-packet basis, rather than per-flow like the kernel does. This is not as straightforward to do in the userspace datapath since there is no translation step between packet formats used in packet vs. flow lookup. This can be optimized in the future and in the meantime option support is still useful for testing and simulation. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-22 14:23:37 -07:00
header_len = sizeof *eth + sizeof *ip +
sizeof *udp + sizeof *gnh;
tunneling: Add userspace tunnel support for Geneve. This adds basic userspace dataplane support for the Geneve tunneling protocol. The rest of userspace only has the ability to handle Geneve without options and this follows that pattern for the time being. However, when the rest of userspace is updated it should be easy to extend the dataplane as well. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 13:51:06 -07:00
if (ovs_scan_len(s, &n, "oam,")) {
gnh->oam = 1;
}
tunneling: Userspace datapath support for Geneve options. Currently the userspace datapath only supports Geneve in a basic mode - without options - since the rest of userspace previously didn't support options either. This enables the userspace datapath to send and receive options as well. The receive path for extracting the tunnel options isn't entirely optimal because it does a lookup on the options on a per-packet basis, rather than per-flow like the kernel does. This is not as straightforward to do in the userspace datapath since there is no translation step between packet formats used in packet vs. flow lookup. This can be optimized in the future and in the meantime option support is still useful for testing and simulation. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-22 14:23:37 -07:00
if (ovs_scan_len(s, &n, "crit,")) {
gnh->critical = 1;
}
if (!ovs_scan_len(s, &n, "vni=%"SCNi32, &vni)) {
tunneling: Add userspace tunnel support for Geneve. This adds basic userspace dataplane support for the Geneve tunneling protocol. The rest of userspace only has the ability to handle Geneve without options and this follows that pattern for the time being. However, when the rest of userspace is updated it should be easy to extend the dataplane as well. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 13:51:06 -07:00
return -EINVAL;
}
tunneling: Userspace datapath support for Geneve options. Currently the userspace datapath only supports Geneve in a basic mode - without options - since the rest of userspace previously didn't support options either. This enables the userspace datapath to send and receive options as well. The receive path for extracting the tunnel options isn't entirely optimal because it does a lookup on the options on a per-packet basis, rather than per-flow like the kernel does. This is not as straightforward to do in the userspace datapath since there is no translation step between packet formats used in packet vs. flow lookup. This can be optimized in the future and in the meantime option support is still useful for testing and simulation. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-22 14:23:37 -07:00
if (ovs_scan_len(s, &n, ",options(")) {
struct geneve_scan options;
int len;
memset(&options, 0, sizeof options);
len = scan_geneve(s + n, &options, NULL);
if (!len) {
return -EINVAL;
}
memcpy(gnh->options, options.d, options.len);
gnh->opt_len = options.len / 4;
header_len += options.len;
n += len;
}
if (!ovs_scan_len(s, &n, "))")) {
return -EINVAL;
}
tunneling: Add userspace tunnel support for Geneve. This adds basic userspace dataplane support for the Geneve tunneling protocol. The rest of userspace only has the ability to handle Geneve without options and this follows that pattern for the time being. However, when the rest of userspace is updated it should be easy to extend the dataplane as well. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 13:51:06 -07:00
gnh->proto_type = htons(ETH_TYPE_TEB);
put_16aligned_be32(&gnh->vni, htonl(vni << 8));
tnl_type = OVS_VPORT_TYPE_GENEVE;
tunneling: Factor out common UDP tunnel code. Currently, the userspace VXLAN implementation contains the code for generating and parsing both the UDP and VXLAN headers. This pulls out the UDP portion for better layering and to make it easier to support additional UDP based tunnels and features. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 12:07:02 -07:00
} else {
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
return -EINVAL;
}
} else if (ovs_scan_len(s, &n, "gre((flags=0x%"SCNx16",proto=0x%"SCNx16")",
tests: gre: fix flags endianness The flags field is 16 bits so use network byte order in the test case and use the proper conversion methods when parsing and dumping. Signed-off-by: Flavio Leitner <fbl@redhat.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
2015-04-10 11:08:10 -03:00
&gre_flags, &gre_proto)){
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
tnl_type = OVS_VPORT_TYPE_GRE;
tests: gre: fix flags endianness The flags field is 16 bits so use network byte order in the test case and use the proper conversion methods when parsing and dumping. Signed-off-by: Flavio Leitner <fbl@redhat.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
2015-04-10 11:08:10 -03:00
greh->flags = htons(gre_flags);
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
greh->protocol = htons(gre_proto);
ovs_16aligned_be32 *options = (ovs_16aligned_be32 *) (greh + 1);
if (greh->flags & htons(GRE_CSUM)) {
tunneling: Fix location of GRE checksums. The GRE checksum is a 16 bit field stored in a 32 bit option (the rest is reserved). The current code treats the checksum as a 32-bit field and places it in the right place for little endian systems but not big endian. This fixes the problem by storing the 16 bit field directly. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pritesh Kothari <pritesh.kothari@cisco.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 17:09:38 -07:00
if (!ovs_scan_len(s, &n, ",csum=0x%"SCNx16, &csum)) {
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
return -EINVAL;
}
tunneling: Fix location of GRE checksums. The GRE checksum is a 16 bit field stored in a 32 bit option (the rest is reserved). The current code treats the checksum as a 32-bit field and places it in the right place for little endian systems but not big endian. This fixes the problem by storing the 16 bit field directly. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Pritesh Kothari <pritesh.kothari@cisco.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2015-03-26 17:09:38 -07:00
memset(options, 0, sizeof *options);
*((ovs_be16 *)options) = htons(csum);
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
options++;
}
if (greh->flags & htons(GRE_KEY)) {
uint32_t key;
if (!ovs_scan_len(s, &n, ",key=0x%"SCNx32, &key)) {
return -EINVAL;
}
put_16aligned_be32(options, htonl(key));
options++;
}
if (greh->flags & htons(GRE_SEQ)) {
uint32_t seq;
if (!ovs_scan_len(s, &n, ",seq=0x%"SCNx32, &seq)) {
return -EINVAL;
}
put_16aligned_be32(options, htonl(seq));
options++;
}
if (!ovs_scan_len(s, &n, "))")) {
return -EINVAL;
}
header_len = sizeof *eth + sizeof *ip +
((uint8_t *) options - (uint8_t *) greh);
} else {
return -EINVAL;
}
/* check tunnel meta data. */
if (data->tnl_type != tnl_type) {
return -EINVAL;
}
if (data->header_len != header_len) {
return -EINVAL;
}
/* Out port */
if (!ovs_scan_len(s, &n, ",out_port(%"SCNi32"))", &data->out_port)) {
return -EINVAL;
}
return n;
}
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
static int
parse_conntrack_action(const char *s_, struct ofpbuf *actions)
{
const char *s = s_;
if (ovs_scan(s, "ct")) {
Add support for connection tracking helper/ALGs. This patch adds support for specifying a "helper" or ALG to assist connection tracking for protocols that consist of multiple streams. Initially, only support for FTP is included. Below is an example set of flows to allow FTP control connections from port 1->2 to establish active data connections in the reverse direction: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1) table=1,in_port=2,tcp,ct_state=+trk+est,action=1 table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-15 14:29:16 -07:00
const char *helper = NULL;
size_t helper_len = 0;
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
bool commit = false;
uint16_t zone = 0;
Add connection tracking mark support. This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
struct {
uint32_t value;
uint32_t mask;
} ct_mark = { 0, 0 };
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
struct {
ovs_u128 value;
ovs_u128 mask;
} ct_label;
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
size_t start;
char *end;
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
memset(&ct_label, 0, sizeof(ct_label));
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
s += 2;
if (ovs_scan(s, "(")) {
s++;
end = strchr(s, ')');
if (!end) {
return -EINVAL;
}
while (s != end) {
int n = -1;
s += strspn(s, delimiters);
if (ovs_scan(s, "commit%n", &n)) {
commit = true;
s += n;
continue;
}
if (ovs_scan(s, "zone=%"SCNu16"%n", &zone, &n)) {
s += n;
continue;
}
Add connection tracking mark support. This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
if (ovs_scan(s, "mark=%"SCNx32"%n", &ct_mark.value, &n)) {
s += n;
n = -1;
if (ovs_scan(s, "/%"SCNx32"%n", &ct_mark.mask, &n)) {
s += n;
} else {
ct_mark.mask = UINT32_MAX;
}
continue;
}
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
if (ovs_scan(s, "label=%n", &n)) {
int retval;
s += n;
retval = scan_u128(s, &ct_label.value, &ct_label.mask);
if (retval < 0) {
return retval;
}
s += retval;
continue;
}
Add support for connection tracking helper/ALGs. This patch adds support for specifying a "helper" or ALG to assist connection tracking for protocols that consist of multiple streams. Initially, only support for FTP is included. Below is an example set of flows to allow FTP control connections from port 1->2 to establish active data connections in the reverse direction: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1) table=1,in_port=2,tcp,ct_state=+trk+est,action=1 table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-15 14:29:16 -07:00
if (ovs_scan(s, "helper=%n", &n)) {
s += n;
helper_len = strcspn(s, delimiters_end);
if (!helper_len || helper_len > 15) {
return -EINVAL;
}
helper = s;
s += helper_len;
continue;
}
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
return -EINVAL;
}
s++;
}
start = nl_msg_start_nested(actions, OVS_ACTION_ATTR_CT);
if (commit) {
nl_msg_put_flag(actions, OVS_CT_ATTR_COMMIT);
}
if (zone) {
nl_msg_put_u16(actions, OVS_CT_ATTR_ZONE, zone);
}
Add connection tracking mark support. This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
if (ct_mark.mask) {
nl_msg_put_unspec(actions, OVS_CT_ATTR_MARK, &ct_mark,
sizeof(ct_mark));
}
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
if (!ovs_u128_is_zero(&ct_label.mask)) {
nl_msg_put_unspec(actions, OVS_CT_ATTR_LABELS, &ct_label,
sizeof ct_label);
}
Add support for connection tracking helper/ALGs. This patch adds support for specifying a "helper" or ALG to assist connection tracking for protocols that consist of multiple streams. Initially, only support for FTP is included. Below is an example set of flows to allow FTP control connections from port 1->2 to establish active data connections in the reverse direction: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1) table=1,in_port=2,tcp,ct_state=+trk+est,action=1 table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-15 14:29:16 -07:00
if (helper) {
nl_msg_put_string__(actions, OVS_CT_ATTR_HELPER, helper,
helper_len);
}
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
nl_msg_end_nested(actions, start);
}
return s - s_;
}
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
static int
parse_odp_action(const char *s, const struct simap *port_names,
struct ofpbuf *actions)
{
{
uint32_t port;
int n;
if (ovs_scan(s, "%"SCNi32"%n", &port, &n)) {
nl_msg_put_u32(actions, OVS_ACTION_ATTR_OUTPUT, port);
return n;
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
}
}
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
if (port_names) {
int len = strcspn(s, delimiters);
struct simap_node *node;
node = simap_find_len(port_names, s, len);
if (node) {
nl_msg_put_u32(actions, OVS_ACTION_ATTR_OUTPUT, node->data);
return len;
}
}
odp-util: Parse recirc action in parse_odp_action() This may be useful for debugging (with dpctl) Signed-off-by: Daniele Di Proietto <ddiproietto@vmware.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2014-10-03 15:04:15 -07:00
{
uint32_t recirc_id;
int n = -1;
if (ovs_scan(s, "recirc(%"PRIu32")%n", &recirc_id, &n)) {
nl_msg_put_u32(actions, OVS_ACTION_ATTR_RECIRC, recirc_id);
return n;
}
}
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
if (!strncmp(s, "userspace(", 10)) {
return parse_odp_userspace_action(s, actions);
}
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
if (!strncmp(s, "set(", 4)) {
size_t start_ofs;
int retval;
lib/odp: Masked set action execution and printing. Add a new action type OVS_ACTION_ATTR_SET_MASKED, and support for parsing, printing, and committing them. Masked set actions add a mask, immediately following the netlink attribute data, within the netlink attribute itself. Thus the key attribute size for a masked set action is exactly double of the non-masked set action. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:19 -07:00
struct nlattr mask[128 / sizeof(struct nlattr)];
struct ofpbuf maskbuf;
struct nlattr *nested, *key;
size_t size;
/* 'mask' is big enough to hold any key. */
ofpbuf_use_stack(&maskbuf, mask, sizeof mask);
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
start_ofs = nl_msg_start_nested(actions, OVS_ACTION_ATTR_SET);
lib/odp: Masked set action execution and printing. Add a new action type OVS_ACTION_ATTR_SET_MASKED, and support for parsing, printing, and committing them. Masked set actions add a mask, immediately following the netlink attribute data, within the netlink attribute itself. Thus the key attribute size for a masked set action is exactly double of the non-masked set action. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:19 -07:00
retval = parse_odp_key_mask_attr(s + 4, port_names, actions, &maskbuf);
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
if (retval < 0) {
return retval;
}
if (s[retval + 4] != ')') {
return -EINVAL;
}
lib/odp: Masked set action execution and printing. Add a new action type OVS_ACTION_ATTR_SET_MASKED, and support for parsing, printing, and committing them. Masked set actions add a mask, immediately following the netlink attribute data, within the netlink attribute itself. Thus the key attribute size for a masked set action is exactly double of the non-masked set action. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:19 -07:00
nested = ofpbuf_at_assert(actions, start_ofs, sizeof *nested);
key = nested + 1;
size = nl_attr_get_size(mask);
if (size == nl_attr_get_size(key)) {
/* Change to masked set action if not fully masked. */
lib/util: Change is_all_zeros and is_all_ones to take a void *. is_all_zeros() and is_all_ones() operate on bytes, but just like with memset, it is easier to use if the first argument is a void *. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:19 -07:00
if (!is_all_ones(mask + 1, size)) {
lib/odp: Masked set action execution and printing. Add a new action type OVS_ACTION_ATTR_SET_MASKED, and support for parsing, printing, and committing them. Masked set actions add a mask, immediately following the netlink attribute data, within the netlink attribute itself. Thus the key attribute size for a masked set action is exactly double of the non-masked set action. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:19 -07:00
key->nla_len += size;
ofpbuf_put(actions, mask + 1, size);
/* 'actions' may have been reallocated by ofpbuf_put(). */
nested = ofpbuf_at_assert(actions, start_ofs, sizeof *nested);
nested->nla_type = OVS_ACTION_ATTR_SET_MASKED;
}
}
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
nl_msg_end_nested(actions, start_ofs);
return retval + 5;
}
tests: Rewrite code for comparing sets of ODP actions. The compare-odp-actions.pl utility isn't fully general, even for its intended purpose of allowing sets of ODP actions to be compared ignoring unimportant differences in ordering of output actions and VLAN set actions. I decided that the proper way to do it was to have a utility that can actually parse the actions, instead of just doing textual transformations on them. So, this commit replaces compare-odp-actions.pl by "ovs-dpctl normalize-actions", which is sufficiently general for the intended purpose. The new ovs-dpctl functionality can be easily extended to handle differences in fields other than VLAN, but only VLAN is needed so far. This will be needed in an upcoming commit that in some cases introduces redundant "set vlan" actions into the ODP actions, which compare-odp-actions.pl doesn't tolerate.
2011-11-17 10:24:05 -08:00
{
struct ovs_action_push_vlan push;
int tpid = ETH_TYPE_VLAN;
int vid, pcp;
int cfi = 1;
int n = -1;
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
Switch from sscanf() to ovs_scan() throughout the tree. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-11-09 15:44:23 -08:00
if (ovs_scan(s, "push_vlan(vid=%i,pcp=%i)%n", &vid, &pcp, &n)
|| ovs_scan(s, "push_vlan(vid=%i,pcp=%i,cfi=%i)%n",
&vid, &pcp, &cfi, &n)
|| ovs_scan(s, "push_vlan(tpid=%i,vid=%i,pcp=%i)%n",
&tpid, &vid, &pcp, &n)
|| ovs_scan(s, "push_vlan(tpid=%i,vid=%i,pcp=%i,cfi=%i)%n",
&tpid, &vid, &pcp, &cfi, &n)) {
tests: Rewrite code for comparing sets of ODP actions. The compare-odp-actions.pl utility isn't fully general, even for its intended purpose of allowing sets of ODP actions to be compared ignoring unimportant differences in ordering of output actions and VLAN set actions. I decided that the proper way to do it was to have a utility that can actually parse the actions, instead of just doing textual transformations on them. So, this commit replaces compare-odp-actions.pl by "ovs-dpctl normalize-actions", which is sufficiently general for the intended purpose. The new ovs-dpctl functionality can be easily extended to handle differences in fields other than VLAN, but only VLAN is needed so far. This will be needed in an upcoming commit that in some cases introduces redundant "set vlan" actions into the ODP actions, which compare-odp-actions.pl doesn't tolerate.
2011-11-17 10:24:05 -08:00
push.vlan_tpid = htons(tpid);
push.vlan_tci = htons((vid << VLAN_VID_SHIFT)
| (pcp << VLAN_PCP_SHIFT)
| (cfi ? VLAN_CFI : 0));
nl_msg_put_unspec(actions, OVS_ACTION_ATTR_PUSH_VLAN,
&push, sizeof push);
return n;
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
}
}
tests: Rewrite code for comparing sets of ODP actions. The compare-odp-actions.pl utility isn't fully general, even for its intended purpose of allowing sets of ODP actions to be compared ignoring unimportant differences in ordering of output actions and VLAN set actions. I decided that the proper way to do it was to have a utility that can actually parse the actions, instead of just doing textual transformations on them. So, this commit replaces compare-odp-actions.pl by "ovs-dpctl normalize-actions", which is sufficiently general for the intended purpose. The new ovs-dpctl functionality can be easily extended to handle differences in fields other than VLAN, but only VLAN is needed so far. This will be needed in an upcoming commit that in some cases introduces redundant "set vlan" actions into the ODP actions, which compare-odp-actions.pl doesn't tolerate.
2011-11-17 10:24:05 -08:00
if (!strncmp(s, "pop_vlan", 8)) {
nl_msg_put_flag(actions, OVS_ACTION_ATTR_POP_VLAN);
return 8;
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
}
{
double percentage;
int n = -1;
Switch from sscanf() to ovs_scan() throughout the tree. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-11-09 15:44:23 -08:00
if (ovs_scan(s, "sample(sample=%lf%%,actions(%n", &percentage, &n)
&& percentage >= 0. && percentage <= 100.0) {
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
size_t sample_ofs, actions_ofs;
double probability;
probability = floor(UINT32_MAX * (percentage / 100.0) + .5);
sample_ofs = nl_msg_start_nested(actions, OVS_ACTION_ATTR_SAMPLE);
nl_msg_put_u32(actions, OVS_SAMPLE_ATTR_PROBABILITY,
(probability <= 0 ? 0
: probability >= UINT32_MAX ? UINT32_MAX
: probability));
actions_ofs = nl_msg_start_nested(actions,
OVS_SAMPLE_ATTR_ACTIONS);
for (;;) {
int retval;
odp-util: Fix parsing of actions encapsulated within "sample" actions. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-09 12:21:54 -07:00
n += strspn(s + n, delimiters);
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
if (s[n] == ')') {
break;
}
retval = parse_odp_action(s + n, port_names, actions);
if (retval < 0) {
return retval;
}
n += retval;
}
nl_msg_end_nested(actions, actions_ofs);
nl_msg_end_nested(actions, sample_ofs);
return s[n + 1] == ')' ? n + 2 : -EINVAL;
}
}
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
{
uint32_t port;
int n;
if (ovs_scan(s, "tnl_pop(%"SCNi32")%n", &port, &n)) {
nl_msg_put_u32(actions, OVS_ACTION_ATTR_TUNNEL_POP, port);
return n;
}
}
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
{
int retval;
retval = parse_conntrack_action(s, actions);
if (retval) {
return retval;
}
}
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
{
struct ovs_action_push_tnl data;
int n;
n = ovs_parse_tnl_push(s, &data);
if (n > 0) {
odp_put_tnl_push_action(actions, &data);
return n;
} else if (n < 0) {
return n;
}
}
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
return -EINVAL;
}
/* Parses the string representation of datapath actions, in the format output
* by format_odp_action(). Returns 0 if successful, otherwise a positive errno
* value. On success, the ODP actions are appended to 'actions' as a series of
* Netlink attributes. On failure, no data is appended to 'actions'. Either
* way, 'actions''s data might be reallocated. */
int
simap: New data structure for string-to-integer maps. This commit adapts a couple of existing pieces of code to use the new data structure. The following commit will add another user (which is also the first use of the simap_increas() function). Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-22 10:32:02 -07:00
odp_actions_from_string(const char *s, const struct simap *port_names,
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
struct ofpbuf *actions)
{
size_t old_size;
if (!strcasecmp(s, "drop")) {
return 0;
}
ofpbuf: Simplify ofpbuf API. ofpbuf was complicated due to its wide usage across all layers of OVS, Now we have introduced independent dp_packet which can be used for datapath packet, we can simplify ofpbuf. Following patch removes DPDK mbuf and access API of ofpbuf members. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-03-02 17:29:44 -08:00
old_size = actions->size;
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
for (;;) {
int retval;
s += strspn(s, delimiters);
if (!*s) {
return 0;
}
retval = parse_odp_action(s, port_names, actions);
if (retval < 0 || !strchr(delimiters, s[retval])) {
ofpbuf: Simplify ofpbuf API. ofpbuf was complicated due to its wide usage across all layers of OVS, Now we have introduced independent dp_packet which can be used for datapath packet, we can simplify ofpbuf. Following patch removes DPDK mbuf and access API of ofpbuf members. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-03-02 17:29:44 -08:00
actions->size = old_size;
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
return -retval;
}
s += retval;
}
return 0;
}
flow: Separate "flow_t" from "struct odp_flow_key". The "struct odp_flow_key" used in the kernel datapath is conceptually separate from the "flow_t" used in userspace, but until now we have used the latter as a typedef for the former for convenience. This commit separates them. This makes it possible in upcoming commits to change them independently. This is cross-ported from the "wdp" branch, which has had it for months.
2010-10-11 13:31:35 -07:00
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
static const struct attr_len_tbl ovs_vxlan_ext_attr_lens[OVS_VXLAN_EXT_MAX + 1] = {
[OVS_VXLAN_EXT_GBP] = { .len = 4 },
};
static const struct attr_len_tbl ovs_tun_key_attr_lens[OVS_TUNNEL_KEY_ATTR_MAX + 1] = {
[OVS_TUNNEL_KEY_ATTR_ID] = { .len = 8 },
[OVS_TUNNEL_KEY_ATTR_IPV4_SRC] = { .len = 4 },
[OVS_TUNNEL_KEY_ATTR_IPV4_DST] = { .len = 4 },
[OVS_TUNNEL_KEY_ATTR_TOS] = { .len = 1 },
[OVS_TUNNEL_KEY_ATTR_TTL] = { .len = 1 },
[OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT] = { .len = 0 },
[OVS_TUNNEL_KEY_ATTR_CSUM] = { .len = 0 },
[OVS_TUNNEL_KEY_ATTR_TP_SRC] = { .len = 2 },
[OVS_TUNNEL_KEY_ATTR_TP_DST] = { .len = 2 },
[OVS_TUNNEL_KEY_ATTR_OAM] = { .len = 0 },
[OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS] = { .len = ATTR_LEN_VARIABLE },
[OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS] = { .len = ATTR_LEN_NESTED,
.next = ovs_vxlan_ext_attr_lens ,
.next_max = OVS_VXLAN_EXT_MAX},
};
static const struct attr_len_tbl ovs_flow_key_attr_lens[OVS_KEY_ATTR_MAX + 1] = {
[OVS_KEY_ATTR_ENCAP] = { .len = ATTR_LEN_NESTED },
[OVS_KEY_ATTR_PRIORITY] = { .len = 4 },
[OVS_KEY_ATTR_SKB_MARK] = { .len = 4 },
[OVS_KEY_ATTR_DP_HASH] = { .len = 4 },
[OVS_KEY_ATTR_RECIRC_ID] = { .len = 4 },
[OVS_KEY_ATTR_TUNNEL] = { .len = ATTR_LEN_NESTED,
.next = ovs_tun_key_attr_lens,
.next_max = OVS_TUNNEL_KEY_ATTR_MAX },
[OVS_KEY_ATTR_IN_PORT] = { .len = 4 },
[OVS_KEY_ATTR_ETHERNET] = { .len = sizeof(struct ovs_key_ethernet) },
[OVS_KEY_ATTR_VLAN] = { .len = 2 },
[OVS_KEY_ATTR_ETHERTYPE] = { .len = 2 },
[OVS_KEY_ATTR_MPLS] = { .len = ATTR_LEN_VARIABLE },
[OVS_KEY_ATTR_IPV4] = { .len = sizeof(struct ovs_key_ipv4) },
[OVS_KEY_ATTR_IPV6] = { .len = sizeof(struct ovs_key_ipv6) },
[OVS_KEY_ATTR_TCP] = { .len = sizeof(struct ovs_key_tcp) },
[OVS_KEY_ATTR_TCP_FLAGS] = { .len = 2 },
[OVS_KEY_ATTR_UDP] = { .len = sizeof(struct ovs_key_udp) },
[OVS_KEY_ATTR_SCTP] = { .len = sizeof(struct ovs_key_sctp) },
[OVS_KEY_ATTR_ICMP] = { .len = sizeof(struct ovs_key_icmp) },
[OVS_KEY_ATTR_ICMPV6] = { .len = sizeof(struct ovs_key_icmpv6) },
[OVS_KEY_ATTR_ARP] = { .len = sizeof(struct ovs_key_arp) },
[OVS_KEY_ATTR_ND] = { .len = sizeof(struct ovs_key_nd) },
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
[OVS_KEY_ATTR_CT_STATE] = { .len = 4 },
[OVS_KEY_ATTR_CT_ZONE] = { .len = 2 },
Add connection tracking mark support. This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
[OVS_KEY_ATTR_CT_MARK] = { .len = 4 },
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
[OVS_KEY_ATTR_CT_LABELS] = { .len = sizeof(struct ovs_key_ct_labels) },
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
};
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
/* Returns the correct length of the payload for a flow key attribute of the
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
* specified 'type', ATTR_LEN_INVALID if 'type' is unknown, ATTR_LEN_VARIABLE
* if the attribute's payload is variable length, or ATTR_LEN_NESTED if the
* payload is a nested type. */
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
static int
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
odp_key_attr_len(const struct attr_len_tbl tbl[], int max_len, uint16_t type)
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
{
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
if (type > max_len) {
return ATTR_LEN_INVALID;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
}
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
return tbl[type].len;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
}
static void
format_generic_odp_key(const struct nlattr *a, struct ds *ds)
{
size_t len = nl_attr_get_size(a);
if (len) {
const uint8_t *unspec;
unsigned int i;
unspec = nl_attr_get(a);
for (i = 0; i < len; i++) {
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
if (i) {
ds_put_char(ds, ' ');
}
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
ds_put_format(ds, "%02x", unspec[i]);
}
}
}
Implement new fragment handling policy. Until now, OVS has handled IP fragments more awkwardly than necessary. It has not been possible to match on L4 headers, even in fragments with offset 0 where they are actually present. This means that there was no way to implement ACLs that treat, say, different TCP ports differently, on fragmented traffic; instead, all decisions for fragment forwarding had to be made on the basis of L2 and L3 headers alone. This commit improves the situation significantly. It is still not possible to match on L4 headers in fragments with nonzero offset, because that information is simply not present in such fragments, but this commit adds the ability to match on L4 headers for fragments with zero offset. This means that it becomes possible to implement ACLs that drop such "first fragments" on the basis of L4 headers. In practice, that effectively blocks even fragmented traffic on an L4 basis, because the receiving IP stack cannot reassemble a full packet when the first fragment is missing. This commit works by adding a new "fragment type" to the kernel flow match and making it available through OpenFlow as a new NXM field named NXM_NX_IP_FRAG. Because OpenFlow 1.0 explicitly says that the L4 fields are always 0 for IP fragments, it adds a new OpenFlow fragment handling mode that fills in the L4 fields for "first fragments". It also enhances ovs-ofctl to allow users to configure this new fragment handling mode and to parse the new field. Signed-off-by: Ben Pfaff <blp@nicira.com> Bug #7557.
2011-10-19 21:33:44 -07:00
static const char *
ovs_frag_type_to_string(enum ovs_frag_type type)
{
switch (type) {
case OVS_FRAG_TYPE_NONE:
return "no";
case OVS_FRAG_TYPE_FIRST:
return "first";
case OVS_FRAG_TYPE_LATER:
return "later";
case __OVS_FRAG_TYPE_MAX:
default:
return "<error>";
}
}
odp-util: Pass down flow netlink attributes when translating masks. Sometimes we need to look at flow fields to understand how to parse an attribute. However, masks don't have this information - just the mask on the field. We already use the translated flow structure for this purpose but this isn't always enough since sometimes we actually need the raw netlink information. Fortunately, that is also readily available so this passes it down from the appropriate callers. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-19 13:54:13 -07:00
static enum odp_key_fitness
odp_tun_key_from_attr__(const struct nlattr *attr,
tunnel: Geneve TLV handling support for OpenFlow. The current support for Geneve in OVS is exactly equivalent to VXLAN: it is possible to set and match on the VNI but not on any options contained in the header. This patch enables the use of options. The goal for Geneve support is not to add support for any particular option but to allow end users or controllers to specify what they would like to match. That is, the full range of Geneve's capabilities should be exposed without modifying the code (the one exception being options that require per-packet computation in the fast path). The main issue with supporting Geneve options is how to integrate the fields into the existing OpenFlow pipeline. All existing operations are referred to by their NXM/OXM field name - matches, action generation, arithmetic operations (i.e. tranfer to a register). However, the Geneve option space is exactly the same as the OXM space, so a direct mapping is not feasible. Instead, we create a pool of 64 NXMs that are then dynamically mapped on Geneve option TLVs using OpenFlow. Once mapped, these fields become first-class citizens in the OpenFlow pipeline. An example of how to use Geneve options: ovs-ofctl add-geneve-map br0 {class=0xffff,type=0,len=4}->tun_metadata0 ovs-ofctl add-flow br0 in_port=LOCAL,actions=set_field:0xffffffff->tun_metadata0,1 This will add a 4 bytes option (filled will all 1's) to all packets coming from the LOCAL port and then send then out to port 1. A limitation of this patch is that although the option table is specified for a particular switch over OpenFlow, it is currently global to all switches. This will be addressed in a future patch. Based on work originally done by Madhu Challa. Ben Pfaff also significantly improved the comments. Signed-off-by: Madhu Challa <challa@noironetworks.com> Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-04-30 18:09:57 -07:00
const struct nlattr *flow_attrs, size_t flow_attr_len,
dpif-netdev: Translate Geneve options per-flow, not per-packet. The kernel implementation of Geneve options stores the TLV option data in the flow exactly as received, without any further parsing. This is then translated to known options for the purposes of matching on flow setup (which will then install a datapath flow in the form the kernel is expecting). The userspace implementation behaves a little bit differently - it looks up known options as each packet is received. The reason for this is there is a much tighter coupling between datapath and flow translation and the representation is generally expected to be the same. This works but it incurs work on a per-packet basis that could be done per-flow instead. This introduces a small translation step for Geneve packets between datapath and flow lookup for the userspace datapath in order to allow the same kind of processing that the kernel does. A side effect of this is that unknown options are now shown when flows dumped via ovs-appctl dpif/dump-flows, similar to the kernel. There is a second benefit to this as well: for some operations it is preferable to keep the options exactly as they were received on the wire, which this enables. One example is that for packets that are executed from ofproto-dpif-upcall to the datapath, this avoids the translation of Geneve metadata. Since this conversion is potentially lossy (for unknown options), keeping everything in the same format removes the possibility of dropping options if the packet comes back up to userspace and the Geneve option translation table has changed. To help with these types of operations, most functions can understand both formats of data and seamlessly do the right thing. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-06-29 18:01:59 -07:00
const struct flow_tnl *src_tun, struct flow_tnl *tun,
bool udpif)
datapath: More flexible kernel/userspace tunneling attribute. Following patch breaks down single ipv4_tunnel netlink attribute into individual member attributes. It will help when we extend tunneling parameters in future. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #14611
2013-01-18 18:10:59 -08:00
{
unsigned int left;
const struct nlattr *a;
bool ttl = false;
bool unknown = false;
NL_NESTED_FOR_EACH(a, left, attr) {
uint16_t type = nl_attr_type(a);
size_t len = nl_attr_get_size(a);
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
int expected_len = odp_key_attr_len(ovs_tun_key_attr_lens,
OVS_TUNNEL_ATTR_MAX, type);
datapath: More flexible kernel/userspace tunneling attribute. Following patch breaks down single ipv4_tunnel netlink attribute into individual member attributes. It will help when we extend tunneling parameters in future. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #14611
2013-01-18 18:10:59 -08:00
if (len != expected_len && expected_len >= 0) {
return ODP_FIT_ERROR;
}
switch (type) {
case OVS_TUNNEL_KEY_ATTR_ID:
tun->tun_id = nl_attr_get_be64(a);
tun->flags |= FLOW_TNL_F_KEY;
break;
case OVS_TUNNEL_KEY_ATTR_IPV4_SRC:
tun->ip_src = nl_attr_get_be32(a);
break;
case OVS_TUNNEL_KEY_ATTR_IPV4_DST:
tun->ip_dst = nl_attr_get_be32(a);
break;
case OVS_TUNNEL_KEY_ATTR_TOS:
tun->ip_tos = nl_attr_get_u8(a);
break;
case OVS_TUNNEL_KEY_ATTR_TTL:
tun->ip_ttl = nl_attr_get_u8(a);
ttl = true;
break;
case OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT:
tun->flags |= FLOW_TNL_F_DONT_FRAGMENT;
break;
case OVS_TUNNEL_KEY_ATTR_CSUM:
tun->flags |= FLOW_TNL_F_CSUM;
break;
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
case OVS_TUNNEL_KEY_ATTR_TP_SRC:
tun->tp_src = nl_attr_get_be16(a);
break;
case OVS_TUNNEL_KEY_ATTR_TP_DST:
tun->tp_dst = nl_attr_get_be16(a);
break;
tunnel: Add support for matching on OAM packets. Some tunnel formats have mechanisms for indicating that packets are OAM frames that should be handled specially (either as high priority or not forwarded beyond an endpoint). This provides support for allowing those types of packets to be matched. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Thomas Graf <tgraf@suug.ch> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-05-27 21:50:35 -07:00
case OVS_TUNNEL_KEY_ATTR_OAM:
tun->flags |= FLOW_TNL_F_OAM;
break;
ofproto: Add NXM_NX_TUN_GBP_ID and NXM_NX_TUN_GBP_FLAGS Introduces two new NXMs to represent VXLAN-GBP [0] fields. actions=load:0x10->NXM_NX_TUN_GBP_ID[],NORMAL tun_gbp_id=0x10,actions=drop This enables existing VXLAN tunnels to carry security label information such as a SELinux context to other network peers. The values are carried to/from the datapath using the attribute OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS. [0] https://tools.ietf.org/html/draft-smith-vxlan-group-policy-00 Signed-off-by: Madhu Challa <challa@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
2015-02-14 15:13:17 +01:00
case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS: {
static const struct nl_policy vxlan_opts_policy[] = {
[OVS_VXLAN_EXT_GBP] = { .type = NL_A_U32 },
};
struct nlattr *ext[ARRAY_SIZE(vxlan_opts_policy)];
if (!nl_parse_nested(a, vxlan_opts_policy, ext, ARRAY_SIZE(ext))) {
return ODP_FIT_ERROR;
}
if (ext[OVS_VXLAN_EXT_GBP]) {
uint32_t gbp = nl_attr_get_u32(ext[OVS_VXLAN_EXT_GBP]);
tun->gbp_id = htons(gbp & 0xFFFF);
tun->gbp_flags = (gbp >> 16) & 0xFF;
}
break;
}
tunnel: Geneve TLV handling support for OpenFlow. The current support for Geneve in OVS is exactly equivalent to VXLAN: it is possible to set and match on the VNI but not on any options contained in the header. This patch enables the use of options. The goal for Geneve support is not to add support for any particular option but to allow end users or controllers to specify what they would like to match. That is, the full range of Geneve's capabilities should be exposed without modifying the code (the one exception being options that require per-packet computation in the fast path). The main issue with supporting Geneve options is how to integrate the fields into the existing OpenFlow pipeline. All existing operations are referred to by their NXM/OXM field name - matches, action generation, arithmetic operations (i.e. tranfer to a register). However, the Geneve option space is exactly the same as the OXM space, so a direct mapping is not feasible. Instead, we create a pool of 64 NXMs that are then dynamically mapped on Geneve option TLVs using OpenFlow. Once mapped, these fields become first-class citizens in the OpenFlow pipeline. An example of how to use Geneve options: ovs-ofctl add-geneve-map br0 {class=0xffff,type=0,len=4}->tun_metadata0 ovs-ofctl add-flow br0 in_port=LOCAL,actions=set_field:0xffffffff->tun_metadata0,1 This will add a 4 bytes option (filled will all 1's) to all packets coming from the LOCAL port and then send then out to port 1. A limitation of this patch is that although the option table is specified for a particular switch over OpenFlow, it is currently global to all switches. This will be addressed in a future patch. Based on work originally done by Madhu Challa. Ben Pfaff also significantly improved the comments. Signed-off-by: Madhu Challa <challa@noironetworks.com> Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-04-30 18:09:57 -07:00
case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS:
if (tun_metadata_from_geneve_nlattr(a, flow_attrs, flow_attr_len,
dpif-netdev: Translate Geneve options per-flow, not per-packet. The kernel implementation of Geneve options stores the TLV option data in the flow exactly as received, without any further parsing. This is then translated to known options for the purposes of matching on flow setup (which will then install a datapath flow in the form the kernel is expecting). The userspace implementation behaves a little bit differently - it looks up known options as each packet is received. The reason for this is there is a much tighter coupling between datapath and flow translation and the representation is generally expected to be the same. This works but it incurs work on a per-packet basis that could be done per-flow instead. This introduces a small translation step for Geneve packets between datapath and flow lookup for the userspace datapath in order to allow the same kind of processing that the kernel does. A side effect of this is that unknown options are now shown when flows dumped via ovs-appctl dpif/dump-flows, similar to the kernel. There is a second benefit to this as well: for some operations it is preferable to keep the options exactly as they were received on the wire, which this enables. One example is that for packets that are executed from ofproto-dpif-upcall to the datapath, this avoids the translation of Geneve metadata. Since this conversion is potentially lossy (for unknown options), keeping everything in the same format removes the possibility of dropping options if the packet comes back up to userspace and the Geneve option translation table has changed. To help with these types of operations, most functions can understand both formats of data and seamlessly do the right thing. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-06-29 18:01:59 -07:00
src_tun, udpif, tun)) {
datapath: Add support for Geneve tunneling. This adds support for Geneve - Generic Network Virtualization Encapsulation. The protocol is documented at http://tools.ietf.org/html/draft-gross-geneve-00 The kernel implementation is completely agnostic to the options that are in use and can handle newly defined options without further work. It does this by simply matching on a byte array of options and allowing userspace to setup flows on this array. Userspace currently implements only support for basic version of Geneve. It can work with the base header (including the VNI) and is capable of parsing options but does not currently support any particular option definitions. Over time, the intention is to allow options to be matched through OpenFlow without requiring explicit support in OVS userspace. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Thomas Graf <tgraf@suug.ch> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-06-05 19:07:32 -07:00
return ODP_FIT_ERROR;
}
break;
tunnel: Geneve TLV handling support for OpenFlow. The current support for Geneve in OVS is exactly equivalent to VXLAN: it is possible to set and match on the VNI but not on any options contained in the header. This patch enables the use of options. The goal for Geneve support is not to add support for any particular option but to allow end users or controllers to specify what they would like to match. That is, the full range of Geneve's capabilities should be exposed without modifying the code (the one exception being options that require per-packet computation in the fast path). The main issue with supporting Geneve options is how to integrate the fields into the existing OpenFlow pipeline. All existing operations are referred to by their NXM/OXM field name - matches, action generation, arithmetic operations (i.e. tranfer to a register). However, the Geneve option space is exactly the same as the OXM space, so a direct mapping is not feasible. Instead, we create a pool of 64 NXMs that are then dynamically mapped on Geneve option TLVs using OpenFlow. Once mapped, these fields become first-class citizens in the OpenFlow pipeline. An example of how to use Geneve options: ovs-ofctl add-geneve-map br0 {class=0xffff,type=0,len=4}->tun_metadata0 ovs-ofctl add-flow br0 in_port=LOCAL,actions=set_field:0xffffffff->tun_metadata0,1 This will add a 4 bytes option (filled will all 1's) to all packets coming from the LOCAL port and then send then out to port 1. A limitation of this patch is that although the option table is specified for a particular switch over OpenFlow, it is currently global to all switches. This will be addressed in a future patch. Based on work originally done by Madhu Challa. Ben Pfaff also significantly improved the comments. Signed-off-by: Madhu Challa <challa@noironetworks.com> Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-04-30 18:09:57 -07:00
datapath: More flexible kernel/userspace tunneling attribute. Following patch breaks down single ipv4_tunnel netlink attribute into individual member attributes. It will help when we extend tunneling parameters in future. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #14611
2013-01-18 18:10:59 -08:00
default:
/* Allow this to show up as unexpected, if there are unknown
* tunnel attribute, eventually resulting in ODP_FIT_TOO_MUCH. */
unknown = true;
break;
}
}
if (!ttl) {
return ODP_FIT_ERROR;
}
if (unknown) {
dpif: Use explicit packet metadata. This helps reduce confusion about when a flow is a flow and when it is just metadata. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-12-30 15:58:58 -08:00
return ODP_FIT_TOO_MUCH;
datapath: More flexible kernel/userspace tunneling attribute. Following patch breaks down single ipv4_tunnel netlink attribute into individual member attributes. It will help when we extend tunneling parameters in future. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #14611
2013-01-18 18:10:59 -08:00
}
return ODP_FIT_PERFECT;
}
odp-util: Pass down flow netlink attributes when translating masks. Sometimes we need to look at flow fields to understand how to parse an attribute. However, masks don't have this information - just the mask on the field. We already use the translated flow structure for this purpose but this isn't always enough since sometimes we actually need the raw netlink information. Fortunately, that is also readily available so this passes it down from the appropriate callers. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-19 13:54:13 -07:00
enum odp_key_fitness
dpif-netdev: Translate Geneve options per-flow, not per-packet. The kernel implementation of Geneve options stores the TLV option data in the flow exactly as received, without any further parsing. This is then translated to known options for the purposes of matching on flow setup (which will then install a datapath flow in the form the kernel is expecting). The userspace implementation behaves a little bit differently - it looks up known options as each packet is received. The reason for this is there is a much tighter coupling between datapath and flow translation and the representation is generally expected to be the same. This works but it incurs work on a per-packet basis that could be done per-flow instead. This introduces a small translation step for Geneve packets between datapath and flow lookup for the userspace datapath in order to allow the same kind of processing that the kernel does. A side effect of this is that unknown options are now shown when flows dumped via ovs-appctl dpif/dump-flows, similar to the kernel. There is a second benefit to this as well: for some operations it is preferable to keep the options exactly as they were received on the wire, which this enables. One example is that for packets that are executed from ofproto-dpif-upcall to the datapath, this avoids the translation of Geneve metadata. Since this conversion is potentially lossy (for unknown options), keeping everything in the same format removes the possibility of dropping options if the packet comes back up to userspace and the Geneve option translation table has changed. To help with these types of operations, most functions can understand both formats of data and seamlessly do the right thing. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-06-29 18:01:59 -07:00
odp_tun_key_from_attr(const struct nlattr *attr, bool udpif,
struct flow_tnl *tun)
odp-util: Pass down flow netlink attributes when translating masks. Sometimes we need to look at flow fields to understand how to parse an attribute. However, masks don't have this information - just the mask on the field. We already use the translated flow structure for this purpose but this isn't always enough since sometimes we actually need the raw netlink information. Fortunately, that is also readily available so this passes it down from the appropriate callers. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-19 13:54:13 -07:00
{
tunnels: Don't initialize unnecessary packet metadata. The addition of Geneve options to packet metadata significantly expanded its size. It was reported that this can decrease performance for DPDK ports by up to 25% since we need to initialize the whole structure on each packet receive. It is not really necessary to zero out the entire structure because miniflow_extract() only copies the tunnel metadata when particular fields indicate that it is valid. Therefore, as long as we zero out these fields when the metadata is initialized and ensure that the rest of the structure is correctly set in the presence of a tunnel, we can avoid touching the tunnel fields on packet reception. Reported-by: Ciara Loftus <ciara.loftus@intel.com> Tested-by: Ciara Loftus <ciara.loftus@intel.com> Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-30 19:19:40 -07:00
memset(tun, 0, sizeof *tun);
dpif-netdev: Translate Geneve options per-flow, not per-packet. The kernel implementation of Geneve options stores the TLV option data in the flow exactly as received, without any further parsing. This is then translated to known options for the purposes of matching on flow setup (which will then install a datapath flow in the form the kernel is expecting). The userspace implementation behaves a little bit differently - it looks up known options as each packet is received. The reason for this is there is a much tighter coupling between datapath and flow translation and the representation is generally expected to be the same. This works but it incurs work on a per-packet basis that could be done per-flow instead. This introduces a small translation step for Geneve packets between datapath and flow lookup for the userspace datapath in order to allow the same kind of processing that the kernel does. A side effect of this is that unknown options are now shown when flows dumped via ovs-appctl dpif/dump-flows, similar to the kernel. There is a second benefit to this as well: for some operations it is preferable to keep the options exactly as they were received on the wire, which this enables. One example is that for packets that are executed from ofproto-dpif-upcall to the datapath, this avoids the translation of Geneve metadata. Since this conversion is potentially lossy (for unknown options), keeping everything in the same format removes the possibility of dropping options if the packet comes back up to userspace and the Geneve option translation table has changed. To help with these types of operations, most functions can understand both formats of data and seamlessly do the right thing. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-06-29 18:01:59 -07:00
return odp_tun_key_from_attr__(attr, NULL, 0, NULL, tun, udpif);
odp-util: Pass down flow netlink attributes when translating masks. Sometimes we need to look at flow fields to understand how to parse an attribute. However, masks don't have this information - just the mask on the field. We already use the translated flow structure for this purpose but this isn't always enough since sometimes we actually need the raw netlink information. Fortunately, that is also readily available so this passes it down from the appropriate callers. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-19 13:54:13 -07:00
}
datapath: More flexible kernel/userspace tunneling attribute. Following patch breaks down single ipv4_tunnel netlink attribute into individual member attributes. It will help when we extend tunneling parameters in future. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #14611
2013-01-18 18:10:59 -08:00
static void
odp-util: Pass down flow netlink attributes when translating masks. Sometimes we need to look at flow fields to understand how to parse an attribute. However, masks don't have this information - just the mask on the field. We already use the translated flow structure for this purpose but this isn't always enough since sometimes we actually need the raw netlink information. Fortunately, that is also readily available so this passes it down from the appropriate callers. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-19 13:54:13 -07:00
tun_key_to_attr(struct ofpbuf *a, const struct flow_tnl *tun_key,
tunnel: Geneve TLV handling support for OpenFlow. The current support for Geneve in OVS is exactly equivalent to VXLAN: it is possible to set and match on the VNI but not on any options contained in the header. This patch enables the use of options. The goal for Geneve support is not to add support for any particular option but to allow end users or controllers to specify what they would like to match. That is, the full range of Geneve's capabilities should be exposed without modifying the code (the one exception being options that require per-packet computation in the fast path). The main issue with supporting Geneve options is how to integrate the fields into the existing OpenFlow pipeline. All existing operations are referred to by their NXM/OXM field name - matches, action generation, arithmetic operations (i.e. tranfer to a register). However, the Geneve option space is exactly the same as the OXM space, so a direct mapping is not feasible. Instead, we create a pool of 64 NXMs that are then dynamically mapped on Geneve option TLVs using OpenFlow. Once mapped, these fields become first-class citizens in the OpenFlow pipeline. An example of how to use Geneve options: ovs-ofctl add-geneve-map br0 {class=0xffff,type=0,len=4}->tun_metadata0 ovs-ofctl add-flow br0 in_port=LOCAL,actions=set_field:0xffffffff->tun_metadata0,1 This will add a 4 bytes option (filled will all 1's) to all packets coming from the LOCAL port and then send then out to port 1. A limitation of this patch is that although the option table is specified for a particular switch over OpenFlow, it is currently global to all switches. This will be addressed in a future patch. Based on work originally done by Madhu Challa. Ben Pfaff also significantly improved the comments. Signed-off-by: Madhu Challa <challa@noironetworks.com> Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-04-30 18:09:57 -07:00
const struct flow_tnl *tun_flow_key,
const struct ofpbuf *key_buf)
datapath: More flexible kernel/userspace tunneling attribute. Following patch breaks down single ipv4_tunnel netlink attribute into individual member attributes. It will help when we extend tunneling parameters in future. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #14611
2013-01-18 18:10:59 -08:00
{
size_t tun_key_ofs;
tun_key_ofs = nl_msg_start_nested(a, OVS_KEY_ATTR_TUNNEL);
odp-util: Include tun_id when nonzero even if "key" flag not set. When a flow_tnl is being translated to Netlink attributes, the tun_id field was included only if the FLOW_TNL_F_KEY flag was set. This meant that for a mask, where one would not necessarily expect that flag to be set even if there were a key, the tun_id could be omitted even if it were nonzero. This led to kernel flows that did not match on a field that was required to be matched (possibly causing incorrect treatment of packets) and premature deletion of kernel flows due to mask mismatch. This commit fixes the problem. Bug #1192516. Reported-by: Krishna Miriyala <miriyalak@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
2014-03-01 17:11:02 -08:00
/* tun_id != 0 without FLOW_TNL_F_KEY is valid if tun_key is a mask. */
if (tun_key->tun_id || tun_key->flags & FLOW_TNL_F_KEY) {
datapath: More flexible kernel/userspace tunneling attribute. Following patch breaks down single ipv4_tunnel netlink attribute into individual member attributes. It will help when we extend tunneling parameters in future. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #14611
2013-01-18 18:10:59 -08:00
nl_msg_put_be64(a, OVS_TUNNEL_KEY_ATTR_ID, tun_key->tun_id);
}
if (tun_key->ip_src) {
nl_msg_put_be32(a, OVS_TUNNEL_KEY_ATTR_IPV4_SRC, tun_key->ip_src);
}
if (tun_key->ip_dst) {
nl_msg_put_be32(a, OVS_TUNNEL_KEY_ATTR_IPV4_DST, tun_key->ip_dst);
}
if (tun_key->ip_tos) {
nl_msg_put_u8(a, OVS_TUNNEL_KEY_ATTR_TOS, tun_key->ip_tos);
}
nl_msg_put_u8(a, OVS_TUNNEL_KEY_ATTR_TTL, tun_key->ip_ttl);
if (tun_key->flags & FLOW_TNL_F_DONT_FRAGMENT) {
nl_msg_put_flag(a, OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT);
}
if (tun_key->flags & FLOW_TNL_F_CSUM) {
nl_msg_put_flag(a, OVS_TUNNEL_KEY_ATTR_CSUM);
}
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
if (tun_key->tp_src) {
nl_msg_put_be16(a, OVS_TUNNEL_KEY_ATTR_TP_SRC, tun_key->tp_src);
}
if (tun_key->tp_dst) {
nl_msg_put_be16(a, OVS_TUNNEL_KEY_ATTR_TP_DST, tun_key->tp_dst);
}
tunnel: Add support for matching on OAM packets. Some tunnel formats have mechanisms for indicating that packets are OAM frames that should be handled specially (either as high priority or not forwarded beyond an endpoint). This provides support for allowing those types of packets to be matched. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Thomas Graf <tgraf@suug.ch> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-05-27 21:50:35 -07:00
if (tun_key->flags & FLOW_TNL_F_OAM) {
nl_msg_put_flag(a, OVS_TUNNEL_KEY_ATTR_OAM);
}
ofproto: Add NXM_NX_TUN_GBP_ID and NXM_NX_TUN_GBP_FLAGS Introduces two new NXMs to represent VXLAN-GBP [0] fields. actions=load:0x10->NXM_NX_TUN_GBP_ID[],NORMAL tun_gbp_id=0x10,actions=drop This enables existing VXLAN tunnels to carry security label information such as a SELinux context to other network peers. The values are carried to/from the datapath using the attribute OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS. [0] https://tools.ietf.org/html/draft-smith-vxlan-group-policy-00 Signed-off-by: Madhu Challa <challa@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
2015-02-14 15:13:17 +01:00
if (tun_key->gbp_flags || tun_key->gbp_id) {
size_t vxlan_opts_ofs;
vxlan_opts_ofs = nl_msg_start_nested(a, OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS);
nl_msg_put_u32(a, OVS_VXLAN_EXT_GBP,
(tun_key->gbp_flags << 16) | ntohs(tun_key->gbp_id));
nl_msg_end_nested(a, vxlan_opts_ofs);
}
dpif-netdev: Translate Geneve options per-flow, not per-packet. The kernel implementation of Geneve options stores the TLV option data in the flow exactly as received, without any further parsing. This is then translated to known options for the purposes of matching on flow setup (which will then install a datapath flow in the form the kernel is expecting). The userspace implementation behaves a little bit differently - it looks up known options as each packet is received. The reason for this is there is a much tighter coupling between datapath and flow translation and the representation is generally expected to be the same. This works but it incurs work on a per-packet basis that could be done per-flow instead. This introduces a small translation step for Geneve packets between datapath and flow lookup for the userspace datapath in order to allow the same kind of processing that the kernel does. A side effect of this is that unknown options are now shown when flows dumped via ovs-appctl dpif/dump-flows, similar to the kernel. There is a second benefit to this as well: for some operations it is preferable to keep the options exactly as they were received on the wire, which this enables. One example is that for packets that are executed from ofproto-dpif-upcall to the datapath, this avoids the translation of Geneve metadata. Since this conversion is potentially lossy (for unknown options), keeping everything in the same format removes the possibility of dropping options if the packet comes back up to userspace and the Geneve option translation table has changed. To help with these types of operations, most functions can understand both formats of data and seamlessly do the right thing. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-06-29 18:01:59 -07:00
tun_metadata_to_geneve_nlattr(tun_key, tun_flow_key, key_buf, a);
tunnel: Geneve TLV handling support for OpenFlow. The current support for Geneve in OVS is exactly equivalent to VXLAN: it is possible to set and match on the VNI but not on any options contained in the header. This patch enables the use of options. The goal for Geneve support is not to add support for any particular option but to allow end users or controllers to specify what they would like to match. That is, the full range of Geneve's capabilities should be exposed without modifying the code (the one exception being options that require per-packet computation in the fast path). The main issue with supporting Geneve options is how to integrate the fields into the existing OpenFlow pipeline. All existing operations are referred to by their NXM/OXM field name - matches, action generation, arithmetic operations (i.e. tranfer to a register). However, the Geneve option space is exactly the same as the OXM space, so a direct mapping is not feasible. Instead, we create a pool of 64 NXMs that are then dynamically mapped on Geneve option TLVs using OpenFlow. Once mapped, these fields become first-class citizens in the OpenFlow pipeline. An example of how to use Geneve options: ovs-ofctl add-geneve-map br0 {class=0xffff,type=0,len=4}->tun_metadata0 ovs-ofctl add-flow br0 in_port=LOCAL,actions=set_field:0xffffffff->tun_metadata0,1 This will add a 4 bytes option (filled will all 1's) to all packets coming from the LOCAL port and then send then out to port 1. A limitation of this patch is that although the option table is specified for a particular switch over OpenFlow, it is currently global to all switches. This will be addressed in a future patch. Based on work originally done by Madhu Challa. Ben Pfaff also significantly improved the comments. Signed-off-by: Madhu Challa <challa@noironetworks.com> Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-04-30 18:09:57 -07:00
datapath: More flexible kernel/userspace tunneling attribute. Following patch breaks down single ipv4_tunnel netlink attribute into individual member attributes. It will help when we extend tunneling parameters in future. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #14611
2013-01-18 18:10:59 -08:00
nl_msg_end_nested(a, tun_key_ofs);
odp-utils: Print human readable ipv4-tunnel-key flags. Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-11-14 21:10:54 -08:00
}
odp-util: add verbose mode for displaying dp flow. When verbose mode tuned on, all dp flow fields described by the netlink attributes are displayed, including fully wildcarded attributes. Otherwise, the fully wildcarded attributes are omitted for brevity. Added -m option to "ovs-dpctl dump-flows" to enable verbose mode. It is off by default. Signed-off-by: Andy Zhou <azhou@nicira.com> [blp@nicira.com added documentation] Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-03 12:23:14 -07:00
static bool
odp_mask_attr_is_wildcard(const struct nlattr *ma)
{
return is_all_zeros(nl_attr_get(ma), nl_attr_get_size(ma));
}
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
static bool
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
odp_mask_is_exact(enum ovs_key_attr attr, const void *mask, size_t size)
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
{
lib/odp-util: Refine odp_mask_attr_is_exact(). Some attributes are exact matches even when all bits are not ones. Make odp_mask_attr_is_exact() to return true if the mask is set for all the bits we actually care about. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
if (attr == OVS_KEY_ATTR_TCP_FLAGS) {
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
return TCP_FLAGS(*(ovs_be16 *)mask) == TCP_FLAGS(OVS_BE16_MAX);
}
if (attr == OVS_KEY_ATTR_IPV6) {
const struct ovs_key_ipv6 *ipv6_mask = mask;
lib/odp-util: Refine odp_mask_attr_is_exact(). Some attributes are exact matches even when all bits are not ones. Make odp_mask_attr_is_exact() to return true if the mask is set for all the bits we actually care about. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
return
((ipv6_mask->ipv6_label & htonl(IPV6_LABEL_MASK))
lib: Unify flags parsing and formatting. Use the "+-" syntax more uniformly when printing masked flags, and use the syntax of delimited 1-flags also for formatting fully masked TCP flags. The "+-" syntax only deals with masked flags, but if there are many of those, the printout becomes long and confusing. Typically there are many flags only when flags are fully masked, but even then most of them are zeros, so it makes sense to print the flags that are set (ones) and omit the zero flags. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
== htonl(IPV6_LABEL_MASK))
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
&& ipv6_mask->ipv6_proto == UINT8_MAX
&& ipv6_mask->ipv6_tclass == UINT8_MAX
&& ipv6_mask->ipv6_hlimit == UINT8_MAX
&& ipv6_mask->ipv6_frag == UINT8_MAX
&& ipv6_mask_is_exact((const struct in6_addr *)ipv6_mask->ipv6_src)
&& ipv6_mask_is_exact((const struct in6_addr *)ipv6_mask->ipv6_dst);
}
if (attr == OVS_KEY_ATTR_TUNNEL) {
odp-util: Remove last use of odp_tun_key_from_attr for formatting. We formerly converted tunnel attributes to their flow representation before formatting but now perform all operations directly on the netlink attributes. There is one remaining use of odp_tun_key_from_attr() that is not used for the purposes of generating a flow. This is to check the mask but this no longer makes sense given the way that we format the flow itself. In fact, the code is not actually invoked any more, so we can simply remove it. This retains the special case for tunnels as a safety measure but it should not matter in practice. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-09 10:29:43 -07:00
return false;
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
}
if (attr == OVS_KEY_ATTR_ARP) {
/* ARP key has padding, ignore it. */
BUILD_ASSERT_DECL(sizeof(struct ovs_key_arp) == 24);
BUILD_ASSERT_DECL(offsetof(struct ovs_key_arp, arp_tha) == 10 + 6);
size = offsetof(struct ovs_key_arp, arp_tha) + ETH_ADDR_LEN;
ovs_assert(((uint16_t *)mask)[size/2] == 0);
}
lib/odp-util: Refine odp_mask_attr_is_exact(). Some attributes are exact matches even when all bits are not ones. Make odp_mask_attr_is_exact() to return true if the mask is set for all the bits we actually care about. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
return is_all_ones(mask, size);
}
static bool
odp_mask_attr_is_exact(const struct nlattr *ma)
{
enum ovs_key_attr attr = nl_attr_type(ma);
const void *mask;
size_t size;
if (attr == OVS_KEY_ATTR_TUNNEL) {
odp-util: Remove last use of odp_tun_key_from_attr for formatting. We formerly converted tunnel attributes to their flow representation before formatting but now perform all operations directly on the netlink attributes. There is one remaining use of odp_tun_key_from_attr() that is not used for the purposes of generating a flow. This is to check the mask but this no longer makes sense given the way that we format the flow itself. In fact, the code is not actually invoked any more, so we can simply remove it. This retains the special case for tunnels as a safety measure but it should not matter in practice. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-09 10:29:43 -07:00
return false;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
} else {
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
mask = nl_attr_get(ma);
size = nl_attr_get_size(ma);
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
return odp_mask_is_exact(attr, mask, size);
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
ovs-dpctl, ofproto/trace: Show and handle the in_port name in flows. With this commit, whenever the verbosity is enabled with '-m' option, the ovs-dpctl dump-flows command will display the flows with in_port field showing the name instead of a port number. Conversely, one can also use a name in the in_port field with del-flow, add-flow and mod-flow commands of ovs-dpctl. One should also be able to use the port name when supplying the datapath flow as an input to ofproto/trace command. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-09-23 22:58:46 -07:00
void
odp_portno_names_set(struct hmap *portno_names, odp_port_t port_no,
char *port_name)
{
struct odp_portno_names *odp_portno_names;
odp_portno_names = xmalloc(sizeof *odp_portno_names);
odp_portno_names->port_no = port_no;
odp_portno_names->name = xstrdup(port_name);
hmap_insert(portno_names, &odp_portno_names->hmap_node,
hash_odp_port(port_no));
}
static char *
odp_portno_names_get(const struct hmap *portno_names, odp_port_t port_no)
{
struct odp_portno_names *odp_portno_names;
HMAP_FOR_EACH_IN_BUCKET (odp_portno_names, hmap_node,
hash_odp_port(port_no), portno_names) {
if (odp_portno_names->port_no == port_no) {
return odp_portno_names->name;
}
}
return NULL;
}
void
odp_portno_names_destroy(struct hmap *portno_names)
{
struct odp_portno_names *odp_portno_names, *odp_portno_names_next;
HMAP_FOR_EACH_SAFE (odp_portno_names, odp_portno_names_next,
hmap_node, portno_names) {
hmap_remove(portno_names, &odp_portno_names->hmap_node);
free(odp_portno_names->name);
free(odp_portno_names);
}
}
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
/* Format helpers. */
static void
userspace: Define and use struct eth_addr. Define struct eth_addr and use it instead of a uint8_t array for all ethernet addresses in OVS userspace. The struct is always the right size, and it can be assigned without an explicit memcpy, which makes code more readable. "struct eth_addr" is a good type name for this as many utility functions are already named accordingly. struct eth_addr can be accessed as bytes as well as ovs_be16's, which makes the struct 16-bit aligned. All use seems to be 16-bit aligned, so some algorithms on the ethernet addresses can be made a bit more efficient making use of this fact. As the struct fits into a register (in 64-bit systems) we pass it by value when possible. This patch also changes the few uses of Linux specific ETH_ALEN to OVS's own ETH_ADDR_LEN, and removes the OFP_ETH_ALEN, as it is no longer needed. This work stemmed from a desire to make all struct flow members assignable for unrelated exploration purposes. However, I think this might be a nice code readability improvement by itself. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-08-28 14:55:11 -07:00
format_eth(struct ds *ds, const char *name, const struct eth_addr key,
const struct eth_addr *mask, bool verbose)
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
{
bool mask_empty = mask && eth_addr_is_zero(*mask);
if (verbose || !mask_empty) {
bool mask_full = !mask || eth_mask_is_exact(*mask);
if (mask_full) {
ds_put_format(ds, "%s="ETH_ADDR_FMT",", name, ETH_ADDR_ARGS(key));
} else {
ds_put_format(ds, "%s=", name);
userspace: Define and use struct eth_addr. Define struct eth_addr and use it instead of a uint8_t array for all ethernet addresses in OVS userspace. The struct is always the right size, and it can be assigned without an explicit memcpy, which makes code more readable. "struct eth_addr" is a good type name for this as many utility functions are already named accordingly. struct eth_addr can be accessed as bytes as well as ovs_be16's, which makes the struct 16-bit aligned. All use seems to be 16-bit aligned, so some algorithms on the ethernet addresses can be made a bit more efficient making use of this fact. As the struct fits into a register (in 64-bit systems) we pass it by value when possible. This patch also changes the few uses of Linux specific ETH_ALEN to OVS's own ETH_ADDR_LEN, and removes the OFP_ETH_ALEN, as it is no longer needed. This work stemmed from a desire to make all struct flow members assignable for unrelated exploration purposes. However, I think this might be a nice code readability improvement by itself. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-08-28 14:55:11 -07:00
eth_format_masked(key, mask, ds);
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
ds_put_char(ds, ',');
}
}
}
static void
format_be64(struct ds *ds, const char *name, ovs_be64 key,
const ovs_be64 *mask, bool verbose)
{
bool mask_empty = mask && !*mask;
if (verbose || !mask_empty) {
bool mask_full = !mask || *mask == OVS_BE64_MAX;
ds_put_format(ds, "%s=0x%"PRIx64, name, ntohll(key));
if (!mask_full) { /* Partially masked. */
ds_put_format(ds, "/%#"PRIx64, ntohll(*mask));
}
ds_put_char(ds, ',');
}
}
static void
format_ipv4(struct ds *ds, const char *name, ovs_be32 key,
const ovs_be32 *mask, bool verbose)
{
bool mask_empty = mask && !*mask;
if (verbose || !mask_empty) {
bool mask_full = !mask || *mask == OVS_BE32_MAX;
ds_put_format(ds, "%s="IP_FMT, name, IP_ARGS(key));
if (!mask_full) { /* Partially masked. */
ds_put_format(ds, "/"IP_FMT, IP_ARGS(*mask));
}
ds_put_char(ds, ',');
}
}
static void
format_ipv6(struct ds *ds, const char *name, const ovs_be32 key_[4],
const ovs_be32 (*mask_)[4], bool verbose)
{
char buf[INET6_ADDRSTRLEN];
const struct in6_addr *key = (const struct in6_addr *)key_;
const struct in6_addr *mask = mask_ ? (const struct in6_addr *)*mask_
: NULL;
bool mask_empty = mask && ipv6_mask_is_any(mask);
if (verbose || !mask_empty) {
bool mask_full = !mask || ipv6_mask_is_exact(mask);
inet_ntop(AF_INET6, key, buf, sizeof buf);
ds_put_format(ds, "%s=%s", name, buf);
if (!mask_full) { /* Partially masked. */
inet_ntop(AF_INET6, mask, buf, sizeof buf);
ds_put_format(ds, "/%s", buf);
}
ds_put_char(ds, ',');
}
}
static void
format_ipv6_label(struct ds *ds, const char *name, ovs_be32 key,
const ovs_be32 *mask, bool verbose)
{
bool mask_empty = mask && !*mask;
if (verbose || !mask_empty) {
bool mask_full = !mask
|| (*mask & htonl(IPV6_LABEL_MASK)) == htonl(IPV6_LABEL_MASK);
ds_put_format(ds, "%s=%#"PRIx32, name, ntohl(key));
if (!mask_full) { /* Partially masked. */
ds_put_format(ds, "/%#"PRIx32, ntohl(*mask));
}
ds_put_char(ds, ',');
}
}
static void
format_u8x(struct ds *ds, const char *name, uint8_t key,
const uint8_t *mask, bool verbose)
{
bool mask_empty = mask && !*mask;
if (verbose || !mask_empty) {
bool mask_full = !mask || *mask == UINT8_MAX;
ds_put_format(ds, "%s=%#"PRIx8, name, key);
if (!mask_full) { /* Partially masked. */
ds_put_format(ds, "/%#"PRIx8, *mask);
}
ds_put_char(ds, ',');
}
}
static void
format_u8u(struct ds *ds, const char *name, uint8_t key,
const uint8_t *mask, bool verbose)
{
bool mask_empty = mask && !*mask;
if (verbose || !mask_empty) {
bool mask_full = !mask || *mask == UINT8_MAX;
ds_put_format(ds, "%s=%"PRIu8, name, key);
if (!mask_full) { /* Partially masked. */
ds_put_format(ds, "/%#"PRIx8, *mask);
}
ds_put_char(ds, ',');
}
}
static void
format_be16(struct ds *ds, const char *name, ovs_be16 key,
const ovs_be16 *mask, bool verbose)
{
bool mask_empty = mask && !*mask;
if (verbose || !mask_empty) {
bool mask_full = !mask || *mask == OVS_BE16_MAX;
ds_put_format(ds, "%s=%"PRIu16, name, ntohs(key));
if (!mask_full) { /* Partially masked. */
ds_put_format(ds, "/%#"PRIx16, ntohs(*mask));
}
ds_put_char(ds, ',');
}
}
odp-util: Geneve netlink decoding. Even though userspace does not yet support Geneve options, the kernel does and there is some basic support for decoding those attributes. This adds the ability to print Geneve attributes that might potentially come from the kernel. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-18 16:03:01 -07:00
static void
format_be16x(struct ds *ds, const char *name, ovs_be16 key,
const ovs_be16 *mask, bool verbose)
{
bool mask_empty = mask && !*mask;
if (verbose || !mask_empty) {
bool mask_full = !mask || *mask == OVS_BE16_MAX;
ds_put_format(ds, "%s=%#"PRIx16, name, ntohs(key));
if (!mask_full) { /* Partially masked. */
ds_put_format(ds, "/%#"PRIx16, ntohs(*mask));
}
ds_put_char(ds, ',');
}
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static void
format_tun_flags(struct ds *ds, const char *name, uint16_t key,
const uint16_t *mask, bool verbose)
{
bool mask_empty = mask && !*mask;
if (verbose || !mask_empty) {
ds_put_cstr(ds, name);
ds_put_char(ds, '(');
flow: Factor out flag parsing and formatting routines. There are several implementations of functions that parse/format flags and their binary representation. This factors them out into common routines. In addition to reducing code, it also makes things more consistent across different parts of OVS. Signed-off-by: Jesse Gross <jesse@nicira.com>
2015-07-11 20:48:29 -07:00
if (mask) {
format_flags_masked(ds, NULL, flow_tun_flag_to_string, key,
*mask & FLOW_TNL_F_MASK, FLOW_TNL_F_MASK);
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
} else { /* Fully masked. */
flow: Factor out flag parsing and formatting routines. There are several implementations of functions that parse/format flags and their binary representation. This factors them out into common routines. In addition to reducing code, it also makes things more consistent across different parts of OVS. Signed-off-by: Jesse Gross <jesse@nicira.com>
2015-07-11 20:48:29 -07:00
format_flags(ds, flow_tun_flag_to_string, key, '|');
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
}
ds_put_cstr(ds, "),");
}
}
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
static bool
check_attr_len(struct ds *ds, const struct nlattr *a, const struct nlattr *ma,
const struct attr_len_tbl tbl[], int max_len, bool need_key)
{
int expected_len;
expected_len = odp_key_attr_len(tbl, max_len, nl_attr_type(a));
if (expected_len != ATTR_LEN_VARIABLE &&
expected_len != ATTR_LEN_NESTED) {
bool bad_key_len = nl_attr_get_size(a) != expected_len;
bool bad_mask_len = ma && nl_attr_get_size(ma) != expected_len;
if (bad_key_len || bad_mask_len) {
if (need_key) {
ds_put_format(ds, "key%u", nl_attr_type(a));
}
if (bad_key_len) {
ds_put_format(ds, "(bad key length %"PRIuSIZE", expected %d)(",
nl_attr_get_size(a), expected_len);
}
format_generic_odp_key(a, ds);
if (ma) {
ds_put_char(ds, '/');
if (bad_mask_len) {
ds_put_format(ds, "(bad mask length %"PRIuSIZE", expected %d)(",
nl_attr_get_size(ma), expected_len);
}
format_generic_odp_key(ma, ds);
}
ds_put_char(ds, ')');
return false;
}
}
return true;
}
static void
format_unknown_key(struct ds *ds, const struct nlattr *a,
const struct nlattr *ma)
{
ds_put_format(ds, "key%u(", nl_attr_type(a));
format_generic_odp_key(a, ds);
if (ma && !odp_mask_attr_is_exact(ma)) {
ds_put_char(ds, '/');
format_generic_odp_key(ma, ds);
}
ds_put_cstr(ds, "),");
}
static void
format_odp_tun_vxlan_opt(const struct nlattr *attr,
const struct nlattr *mask_attr, struct ds *ds,
bool verbose)
{
unsigned int left;
const struct nlattr *a;
struct ofpbuf ofp;
ofpbuf_init(&ofp, 100);
NL_NESTED_FOR_EACH(a, left, attr) {
uint16_t type = nl_attr_type(a);
const struct nlattr *ma = NULL;
if (mask_attr) {
ma = nl_attr_find__(nl_attr_get(mask_attr),
nl_attr_get_size(mask_attr), type);
if (!ma) {
ma = generate_all_wildcard_mask(ovs_vxlan_ext_attr_lens,
OVS_VXLAN_EXT_MAX,
&ofp, a);
}
}
if (!check_attr_len(ds, a, ma, ovs_vxlan_ext_attr_lens,
OVS_VXLAN_EXT_MAX, true)) {
continue;
}
switch (type) {
case OVS_VXLAN_EXT_GBP: {
uint32_t key = nl_attr_get_u32(a);
ovs_be16 id, id_mask;
uint8_t flags, flags_mask;
id = htons(key & 0xFFFF);
flags = (key >> 16) & 0xFF;
if (ma) {
uint32_t mask = nl_attr_get_u32(ma);
id_mask = htons(mask & 0xFFFF);
flags_mask = (mask >> 16) & 0xFF;
}
ds_put_cstr(ds, "gbp(");
format_be16(ds, "id", id, ma ? &id_mask : NULL, verbose);
format_u8x(ds, "flags", flags, ma ? &flags_mask : NULL, verbose);
ds_chomp(ds, ',');
ds_put_cstr(ds, "),");
break;
}
default:
format_unknown_key(ds, a, ma);
}
ofpbuf_clear(&ofp);
}
ds_chomp(ds, ',');
ofpbuf_uninit(&ofp);
}
odp-util: Geneve netlink decoding. Even though userspace does not yet support Geneve options, the kernel does and there is some basic support for decoding those attributes. This adds the ability to print Geneve attributes that might potentially come from the kernel. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-18 16:03:01 -07:00
#define MASK(PTR, FIELD) PTR ? &PTR->FIELD : NULL
static void
tunneling: Userspace datapath support for Geneve options. Currently the userspace datapath only supports Geneve in a basic mode - without options - since the rest of userspace previously didn't support options either. This enables the userspace datapath to send and receive options as well. The receive path for extracting the tunnel options isn't entirely optimal because it does a lookup on the options on a per-packet basis, rather than per-flow like the kernel does. This is not as straightforward to do in the userspace datapath since there is no translation step between packet formats used in packet vs. flow lookup. This can be optimized in the future and in the meantime option support is still useful for testing and simulation. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-22 14:23:37 -07:00
format_geneve_opts(const struct geneve_opt *opt,
const struct geneve_opt *mask, int opts_len,
struct ds *ds, bool verbose)
odp-util: Geneve netlink decoding. Even though userspace does not yet support Geneve options, the kernel does and there is some basic support for decoding those attributes. This adds the ability to print Geneve attributes that might potentially come from the kernel. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-18 16:03:01 -07:00
{
while (opts_len > 0) {
unsigned int len;
uint8_t data_len, data_len_mask;
if (opts_len < sizeof *opt) {
ds_put_format(ds, "opt len %u less than minimum %"PRIuSIZE,
opts_len, sizeof *opt);
return;
}
data_len = opt->length * 4;
if (mask) {
if (mask->length == 0x1f) {
data_len_mask = UINT8_MAX;
} else {
data_len_mask = mask->length;
}
}
len = sizeof *opt + data_len;
if (len > opts_len) {
ds_put_format(ds, "opt len %u greater than remaining %u",
len, opts_len);
return;
}
ds_put_char(ds, '{');
format_be16x(ds, "class", opt->opt_class, MASK(mask, opt_class),
verbose);
format_u8x(ds, "type", opt->type, MASK(mask, type), verbose);
format_u8u(ds, "len", data_len, mask ? &data_len_mask : NULL, verbose);
tunnel: Support matching on the presence of Geneve options. Sometimes it is useful to match only on whether a Geneve option is present even if the specific value is unimportant. A special case of this is zero length options where there is no value at all and the only information conveyed is whether the option was included in the packet. This operation was partially supported before but it was not consistent - in particular, options were never serialized through NXM/OXM unless they had a non-zero mask. Furthermore, zero length options were rejected altogether when they were installed through the Geneve map OpenFlow command. This adds support for these types of matches by making any NXM/OXM for tunnel metadata force a match on that field. In the case of a zero length option, both the value and mask of the NXM are ignored. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-08-11 18:41:37 -07:00
if (data_len &&
(verbose || !mask || !is_all_zeros(mask + 1, data_len))) {
odp-util: Geneve netlink decoding. Even though userspace does not yet support Geneve options, the kernel does and there is some basic support for decoding those attributes. This adds the ability to print Geneve attributes that might potentially come from the kernel. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-18 16:03:01 -07:00
ds_put_hex(ds, opt + 1, data_len);
if (mask && !is_all_ones(mask + 1, data_len)) {
ds_put_char(ds, '/');
ds_put_hex(ds, mask + 1, data_len);
}
} else {
ds_chomp(ds, ',');
}
ds_put_char(ds, '}');
opt += len / sizeof(*opt);
if (mask) {
mask += len / sizeof(*opt);
}
opts_len -= len;
};
}
tunneling: Userspace datapath support for Geneve options. Currently the userspace datapath only supports Geneve in a basic mode - without options - since the rest of userspace previously didn't support options either. This enables the userspace datapath to send and receive options as well. The receive path for extracting the tunnel options isn't entirely optimal because it does a lookup on the options on a per-packet basis, rather than per-flow like the kernel does. This is not as straightforward to do in the userspace datapath since there is no translation step between packet formats used in packet vs. flow lookup. This can be optimized in the future and in the meantime option support is still useful for testing and simulation. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-22 14:23:37 -07:00
static void
format_odp_tun_geneve(const struct nlattr *attr,
const struct nlattr *mask_attr, struct ds *ds,
bool verbose)
{
int opts_len = nl_attr_get_size(attr);
const struct geneve_opt *opt = nl_attr_get(attr);
const struct geneve_opt *mask = mask_attr ?
nl_attr_get(mask_attr) : NULL;
if (mask && nl_attr_get_size(attr) != nl_attr_get_size(mask_attr)) {
ds_put_format(ds, "value len %"PRIuSIZE" different from mask len %"PRIuSIZE,
nl_attr_get_size(attr), nl_attr_get_size(mask_attr));
return;
}
format_geneve_opts(opt, mask, opts_len, ds, verbose);
}
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
static void
format_odp_tun_attr(const struct nlattr *attr, const struct nlattr *mask_attr,
struct ds *ds, bool verbose)
{
unsigned int left;
const struct nlattr *a;
uint16_t flags = 0;
uint16_t mask_flags = 0;
struct ofpbuf ofp;
ofpbuf_init(&ofp, 100);
NL_NESTED_FOR_EACH(a, left, attr) {
enum ovs_tunnel_key_attr type = nl_attr_type(a);
const struct nlattr *ma = NULL;
if (mask_attr) {
ma = nl_attr_find__(nl_attr_get(mask_attr),
nl_attr_get_size(mask_attr), type);
if (!ma) {
ma = generate_all_wildcard_mask(ovs_tun_key_attr_lens,
OVS_TUNNEL_KEY_ATTR_MAX,
&ofp, a);
}
}
if (!check_attr_len(ds, a, ma, ovs_tun_key_attr_lens,
OVS_TUNNEL_KEY_ATTR_MAX, true)) {
continue;
}
switch (type) {
case OVS_TUNNEL_KEY_ATTR_ID:
format_be64(ds, "tun_id", nl_attr_get_be64(a),
ma ? nl_attr_get(ma) : NULL, verbose);
flags |= FLOW_TNL_F_KEY;
if (ma) {
mask_flags |= FLOW_TNL_F_KEY;
}
break;
case OVS_TUNNEL_KEY_ATTR_IPV4_SRC:
format_ipv4(ds, "src", nl_attr_get_be32(a),
ma ? nl_attr_get(ma) : NULL, verbose);
break;
case OVS_TUNNEL_KEY_ATTR_IPV4_DST:
format_ipv4(ds, "dst", nl_attr_get_be32(a),
ma ? nl_attr_get(ma) : NULL, verbose);
break;
case OVS_TUNNEL_KEY_ATTR_TOS:
format_u8x(ds, "tos", nl_attr_get_u8(a),
ma ? nl_attr_get(ma) : NULL, verbose);
break;
case OVS_TUNNEL_KEY_ATTR_TTL:
format_u8u(ds, "ttl", nl_attr_get_u8(a),
ma ? nl_attr_get(ma) : NULL, verbose);
break;
case OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT:
flags |= FLOW_TNL_F_DONT_FRAGMENT;
break;
case OVS_TUNNEL_KEY_ATTR_CSUM:
flags |= FLOW_TNL_F_CSUM;
break;
case OVS_TUNNEL_KEY_ATTR_TP_SRC:
format_be16(ds, "tp_src", nl_attr_get_be16(a),
ma ? nl_attr_get(ma) : NULL, verbose);
break;
case OVS_TUNNEL_KEY_ATTR_TP_DST:
format_be16(ds, "tp_dst", nl_attr_get_be16(a),
ma ? nl_attr_get(ma) : NULL, verbose);
break;
case OVS_TUNNEL_KEY_ATTR_OAM:
flags |= FLOW_TNL_F_OAM;
break;
case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS:
ds_put_cstr(ds, "vxlan(");
format_odp_tun_vxlan_opt(a, ma, ds, verbose);
ds_put_cstr(ds, "),");
break;
case OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS:
odp-util: Geneve netlink decoding. Even though userspace does not yet support Geneve options, the kernel does and there is some basic support for decoding those attributes. This adds the ability to print Geneve attributes that might potentially come from the kernel. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-18 16:03:01 -07:00
ds_put_cstr(ds, "geneve(");
format_odp_tun_geneve(a, ma, ds, verbose);
ds_put_cstr(ds, "),");
break;
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
case __OVS_TUNNEL_KEY_ATTR_MAX:
default:
format_unknown_key(ds, a, ma);
}
ofpbuf_clear(&ofp);
}
/* Flags can have a valid mask even if the attribute is not set, so
* we need to collect these separately. */
if (mask_attr) {
NL_NESTED_FOR_EACH(a, left, mask_attr) {
switch (nl_attr_type(a)) {
case OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT:
mask_flags |= FLOW_TNL_F_DONT_FRAGMENT;
break;
case OVS_TUNNEL_KEY_ATTR_CSUM:
mask_flags |= FLOW_TNL_F_CSUM;
break;
case OVS_TUNNEL_KEY_ATTR_OAM:
mask_flags |= FLOW_TNL_F_OAM;
break;
}
}
}
format_tun_flags(ds, "flags", flags, mask_attr ? &mask_flags : NULL,
verbose);
ds_chomp(ds, ',');
ofpbuf_uninit(&ofp);
}
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
static const char *
odp_ct_state_to_string(uint32_t flag)
{
switch (flag) {
case OVS_CS_F_REPLY_DIR:
return "rpl";
case OVS_CS_F_TRACKED:
return "trk";
case OVS_CS_F_NEW:
return "new";
case OVS_CS_F_ESTABLISHED:
return "est";
case OVS_CS_F_RELATED:
return "rel";
case OVS_CS_F_INVALID:
return "inv";
default:
return NULL;
}
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static void
format_frag(struct ds *ds, const char *name, uint8_t key,
const uint8_t *mask, bool verbose)
{
bool mask_empty = mask && !*mask;
/* ODP frag is an enumeration field; partial masks are not meaningful. */
if (verbose || !mask_empty) {
bool mask_full = !mask || *mask == UINT8_MAX;
if (!mask_full) { /* Partially masked. */
ds_put_format(ds, "error: partial mask not supported for frag (%#"
PRIx8"),", *mask);
} else {
ds_put_format(ds, "%s=%s,", name, ovs_frag_type_to_string(key));
}
}
}
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
static bool
mask_empty(const struct nlattr *ma)
{
const void *mask;
size_t n;
if (!ma) {
return true;
}
mask = nl_attr_get(ma);
n = nl_attr_get_size(ma);
return is_all_zeros(mask, n);
}
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
static void
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
format_odp_key_attr(const struct nlattr *a, const struct nlattr *ma,
ovs-dpctl, ofproto/trace: Show and handle the in_port name in flows. With this commit, whenever the verbosity is enabled with '-m' option, the ovs-dpctl dump-flows command will display the flows with in_port field showing the name instead of a port number. Conversely, one can also use a name in the in_port field with del-flow, add-flow and mod-flow commands of ovs-dpctl. One should also be able to use the port name when supplying the datapath flow as an input to ofproto/trace command. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-09-23 22:58:46 -07:00
const struct hmap *portno_names, struct ds *ds,
bool verbose)
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
{
odp-util: Trigger warning for unhandled attrs in format_odp_key_attr(). I usually do things this way but must have overlooked this one a while ago.
2011-11-07 09:13:53 -08:00
enum ovs_key_attr attr = nl_attr_type(a);
odp-util: Avoid returning static data in ovs_key_attr_to_string(). Returning a static data buffer makes code more brittle and definitely not thread-safe, so this commit switches to using a caller-provided buffer instead. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ansis Atteka <aatteka@nicira.com>
2013-04-15 15:40:21 -07:00
char namebuf[OVS_KEY_ATTR_BUFSIZE];
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
bool is_exact;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
is_exact = ma ? odp_mask_attr_is_exact(ma) : true;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
odp-util: Avoid returning static data in ovs_key_attr_to_string(). Returning a static data buffer makes code more brittle and definitely not thread-safe, so this commit switches to using a caller-provided buffer instead. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ansis Atteka <aatteka@nicira.com>
2013-04-15 15:40:21 -07:00
ds_put_cstr(ds, ovs_key_attr_to_string(attr, namebuf, sizeof namebuf));
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
if (!check_attr_len(ds, a, ma, ovs_flow_key_attr_lens,
OVS_KEY_ATTR_MAX, false)) {
return;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
}
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
ds_put_char(ds, '(');
odp-util: Trigger warning for unhandled attrs in format_odp_key_attr(). I usually do things this way but must have overlooked this one a while ago.
2011-11-07 09:13:53 -08:00
switch (attr) {
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
case OVS_KEY_ATTR_ENCAP:
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
if (ma && nl_attr_get_size(ma) && nl_attr_get_size(a)) {
odp_flow_format(nl_attr_get(a), nl_attr_get_size(a),
ovs-dpctl, ofproto/trace: Show and handle the in_port name in flows. With this commit, whenever the verbosity is enabled with '-m' option, the ovs-dpctl dump-flows command will display the flows with in_port field showing the name instead of a port number. Conversely, one can also use a name in the in_port field with del-flow, add-flow and mod-flow commands of ovs-dpctl. One should also be able to use the port name when supplying the datapath flow as an input to ofproto/trace command. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-09-23 22:58:46 -07:00
nl_attr_get(ma), nl_attr_get_size(ma), NULL, ds,
odp-util: add verbose mode for displaying dp flow. When verbose mode tuned on, all dp flow fields described by the netlink attributes are displayed, including fully wildcarded attributes. Otherwise, the fully wildcarded attributes are omitted for brevity. Added -m option to "ovs-dpctl dump-flows" to enable verbose mode. It is off by default. Signed-off-by: Andy Zhou <azhou@nicira.com> [blp@nicira.com added documentation] Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-03 12:23:14 -07:00
verbose);
ovs-dpctl, ofproto/trace: Show and handle the in_port name in flows. With this commit, whenever the verbosity is enabled with '-m' option, the ovs-dpctl dump-flows command will display the flows with in_port field showing the name instead of a port number. Conversely, one can also use a name in the in_port field with del-flow, add-flow and mod-flow commands of ovs-dpctl. One should also be able to use the port name when supplying the datapath flow as an input to ofproto/trace command. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-09-23 22:58:46 -07:00
} else if (nl_attr_get_size(a)) {
odp_flow_format(nl_attr_get(a), nl_attr_get_size(a), NULL, 0, NULL,
ds, verbose);
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
}
break;
datapath: Convert kernel priority actions into match/set. Following patch adds skb-priority to flow key. So userspace will know what was priority when packet arrived and we can remove the pop/reset priority action. It's no longer necessary to have a special action for pop that is based on the kernel remembering original skb->priority. Userspace can just emit a set priority action with the original value. Since the priority field is a match field with just a normal set action, we can convert it into the new model for actions that are based on matches. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7715
2011-11-01 10:13:16 -07:00
case OVS_KEY_ATTR_PRIORITY:
datapath: add skb mark matching and set action This patch adds support for skb mark matching and set action. Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ansis Atteka <aatteka@nicira.com>
2012-11-13 19:19:36 +02:00
case OVS_KEY_ATTR_SKB_MARK:
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
case OVS_KEY_ATTR_DP_HASH:
case OVS_KEY_ATTR_RECIRC_ID:
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
ds_put_format(ds, "%#"PRIx32, nl_attr_get_u32(a));
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
if (!is_exact) {
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
ds_put_format(ds, "/%#"PRIx32, nl_attr_get_u32(ma));
}
datapath: add skb mark matching and set action This patch adds support for skb mark matching and set action. Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ansis Atteka <aatteka@nicira.com>
2012-11-13 19:19:36 +02:00
break;
Add connection tracking mark support. This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
case OVS_KEY_ATTR_CT_MARK:
if (verbose || !mask_empty(ma)) {
ds_put_format(ds, "%#"PRIx32, nl_attr_get_u32(a));
if (!is_exact) {
ds_put_format(ds, "/%#"PRIx32, nl_attr_get_u32(ma));
}
}
break;
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
case OVS_KEY_ATTR_CT_STATE:
if (verbose) {
ds_put_format(ds, "%#"PRIx32, nl_attr_get_u32(a));
if (!is_exact) {
ds_put_format(ds, "/%#"PRIx32,
mask_empty(ma) ? 0 : nl_attr_get_u32(ma));
}
} else if (!is_exact) {
format_flags_masked(ds, NULL, odp_ct_state_to_string,
nl_attr_get_u32(a),
mask_empty(ma) ? 0 : nl_attr_get_u32(ma),
UINT32_MAX);
} else {
format_flags(ds, odp_ct_state_to_string, nl_attr_get_u32(a), '|');
}
break;
case OVS_KEY_ATTR_CT_ZONE:
if (verbose || !mask_empty(ma)) {
ds_put_format(ds, "%#"PRIx16, nl_attr_get_u16(a));
if (!is_exact) {
ds_put_format(ds, "/%#"PRIx16, nl_attr_get_u16(ma));
}
}
break;
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
case OVS_KEY_ATTR_CT_LABELS: {
const ovs_u128 *value = nl_attr_get(a);
const ovs_u128 *mask = ma ? nl_attr_get(ma) : NULL;
format_u128(ds, value, mask, verbose);
break;
}
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
case OVS_KEY_ATTR_TUNNEL:
format_odp_tun_attr(a, ma, ds, verbose);
datapath: Add support for tun_key to Open vSwitch datapath This is a first pass at providing a tun_key which can be used as the basis for flow-based tunnelling. The tun_key includes and replaces the tun_id in both struct ovs_skb_cb and struct sw_tun_key. This patch allows all existing tun_id behaviour to still work. Existing users of tun_id are redirected to tun_key->tun_id to retain compatibility. However, when the userspace code is updated to make use of the new tun_key, the old behaviour will be deprecated and removed. NOTE: With these changes, the tunneling code no longer assumes input and output keys are symmetric. If they are not, PMTUD needs to be disabled for tunneling to work. Signed-off-by: Kyle Mestery <kmestery@cisco.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Reviewed-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2012-10-20 12:15:24 -07:00
break;
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_KEY_ATTR_IN_PORT:
ovs-dpctl, ofproto/trace: Show and handle the in_port name in flows. With this commit, whenever the verbosity is enabled with '-m' option, the ovs-dpctl dump-flows command will display the flows with in_port field showing the name instead of a port number. Conversely, one can also use a name in the in_port field with del-flow, add-flow and mod-flow commands of ovs-dpctl. One should also be able to use the port name when supplying the datapath flow as an input to ofproto/trace command. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-09-23 22:58:46 -07:00
if (portno_names && verbose && is_exact) {
char *name = odp_portno_names_get(portno_names,
u32_to_odp(nl_attr_get_u32(a)));
if (name) {
ds_put_format(ds, "%s", name);
} else {
ds_put_format(ds, "%"PRIu32, nl_attr_get_u32(a));
}
} else {
ds_put_format(ds, "%"PRIu32, nl_attr_get_u32(a));
if (!is_exact) {
ds_put_format(ds, "/%#"PRIx32, nl_attr_get_u32(ma));
}
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
break;
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
case OVS_KEY_ATTR_ETHERNET: {
const struct ovs_key_ethernet *mask = ma ? nl_attr_get(ma) : NULL;
const struct ovs_key_ethernet *key = nl_attr_get(a);
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
format_eth(ds, "src", key->eth_src, MASK(mask, eth_src), verbose);
format_eth(ds, "dst", key->eth_dst, MASK(mask, eth_dst), verbose);
ds_chomp(ds, ',');
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
break;
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
}
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
case OVS_KEY_ATTR_VLAN:
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
format_vlan_tci(ds, nl_attr_get_be16(a),
ma ? nl_attr_get_be16(ma) : OVS_BE16_MAX, verbose);
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
break;
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
case OVS_KEY_ATTR_MPLS: {
const struct ovs_key_mpls *mpls_key = nl_attr_get(a);
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
const struct ovs_key_mpls *mpls_mask = NULL;
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
size_t size = nl_attr_get_size(a);
if (!size || size % sizeof *mpls_key) {
lib/odp: Masked set action execution and printing. Add a new action type OVS_ACTION_ATTR_SET_MASKED, and support for parsing, printing, and committing them. Masked set actions add a mask, immediately following the netlink attribute data, within the netlink attribute itself. Thus the key attribute size for a masked set action is exactly double of the non-masked set action. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:19 -07:00
ds_put_format(ds, "(bad key length %"PRIuSIZE")", size);
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
return;
}
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
if (!is_exact) {
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
mpls_mask = nl_attr_get(ma);
lib/odp: Masked set action execution and printing. Add a new action type OVS_ACTION_ATTR_SET_MASKED, and support for parsing, printing, and committing them. Masked set actions add a mask, immediately following the netlink attribute data, within the netlink attribute itself. Thus the key attribute size for a masked set action is exactly double of the non-masked set action. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:19 -07:00
if (size != nl_attr_get_size(ma)) {
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
ds_put_format(ds, "(key length %"PRIuSIZE" != "
"mask length %"PRIuSIZE")",
lib/odp: Masked set action execution and printing. Add a new action type OVS_ACTION_ATTR_SET_MASKED, and support for parsing, printing, and committing them. Masked set actions add a mask, immediately following the netlink attribute data, within the netlink attribute itself. Thus the key attribute size for a masked set action is exactly double of the non-masked set action. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:19 -07:00
size, nl_attr_get_size(ma));
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
return;
}
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
format_mpls(ds, mpls_key, mpls_mask, size / sizeof *mpls_key);
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
break;
}
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_KEY_ATTR_ETHERTYPE:
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
ds_put_format(ds, "0x%04"PRIx16, ntohs(nl_attr_get_be16(a)));
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
if (!is_exact) {
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
ds_put_format(ds, "/0x%04"PRIx16, ntohs(nl_attr_get_be16(ma)));
}
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
break;
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
case OVS_KEY_ATTR_IPV4: {
const struct ovs_key_ipv4 *key = nl_attr_get(a);
const struct ovs_key_ipv4 *mask = ma ? nl_attr_get(ma) : NULL;
format_ipv4(ds, "src", key->ipv4_src, MASK(mask, ipv4_src), verbose);
format_ipv4(ds, "dst", key->ipv4_dst, MASK(mask, ipv4_dst), verbose);
format_u8u(ds, "proto", key->ipv4_proto, MASK(mask, ipv4_proto),
verbose);
format_u8x(ds, "tos", key->ipv4_tos, MASK(mask, ipv4_tos), verbose);
format_u8u(ds, "ttl", key->ipv4_ttl, MASK(mask, ipv4_ttl), verbose);
format_frag(ds, "frag", key->ipv4_frag, MASK(mask, ipv4_frag),
verbose);
ds_chomp(ds, ',');
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
break;
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
}
case OVS_KEY_ATTR_IPV6: {
const struct ovs_key_ipv6 *key = nl_attr_get(a);
const struct ovs_key_ipv6 *mask = ma ? nl_attr_get(ma) : NULL;
format_ipv6(ds, "src", key->ipv6_src, MASK(mask, ipv6_src), verbose);
format_ipv6(ds, "dst", key->ipv6_dst, MASK(mask, ipv6_dst), verbose);
format_ipv6_label(ds, "label", key->ipv6_label, MASK(mask, ipv6_label),
verbose);
format_u8u(ds, "proto", key->ipv6_proto, MASK(mask, ipv6_proto),
verbose);
format_u8x(ds, "tclass", key->ipv6_tclass, MASK(mask, ipv6_tclass),
verbose);
format_u8u(ds, "hlimit", key->ipv6_hlimit, MASK(mask, ipv6_hlimit),
verbose);
format_frag(ds, "frag", key->ipv6_frag, MASK(mask, ipv6_frag),
verbose);
ds_chomp(ds, ',');
nicira-ext: Support matching IPv6 traffic. Provides ability to match over IPv6 traffic in the same manner as IPv4. Currently, the matching fields include: - IPv6 source and destination addresses (ipv6_src and ipv6_dst) - Traffic Class (nw_tos) - Next Header (nw_proto) - ICMPv6 Type and Code (icmp_type and icmp_code) - TCP and UDP Ports over IPv6 (tp_src and tp_dst) When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 19:03:46 -08:00
break;
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
}
/* These have the same structure and format. */
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_KEY_ATTR_TCP:
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
case OVS_KEY_ATTR_UDP:
case OVS_KEY_ATTR_SCTP: {
const struct ovs_key_tcp *key = nl_attr_get(a);
const struct ovs_key_tcp *mask = ma ? nl_attr_get(ma) : NULL;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
format_be16(ds, "src", key->tcp_src, MASK(mask, tcp_src), verbose);
format_be16(ds, "dst", key->tcp_dst, MASK(mask, tcp_dst), verbose);
ds_chomp(ds, ',');
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
break;
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
}
TCP flags matching support. tcp_flags=flags/mask Bitwise match on TCP flags. The flags and mask are 16-bit num‐ bers written in decimal or in hexadecimal prefixed by 0x. Each 1-bit in mask requires that the corresponding bit in port must match. Each 0-bit in mask causes the corresponding bit to be ignored. TCP protocol currently defines 9 flag bits, and additional 3 bits are reserved (must be transmitted as zero), see RFCs 793, 3168, and 3540. The flag bits are, numbering from the least significant bit: 0: FIN No more data from sender. 1: SYN Synchronize sequence numbers. 2: RST Reset the connection. 3: PSH Push function. 4: ACK Acknowledgement field significant. 5: URG Urgent pointer field significant. 6: ECE ECN Echo. 7: CWR Congestion Windows Reduced. 8: NS Nonce Sum. 9-11: Reserved. 12-15: Not matchable, must be zero. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-10-28 13:54:40 -07:00
case OVS_KEY_ATTR_TCP_FLAGS:
if (!is_exact) {
lib: Unify flags parsing and formatting. Use the "+-" syntax more uniformly when printing masked flags, and use the syntax of delimited 1-flags also for formatting fully masked TCP flags. The "+-" syntax only deals with masked flags, but if there are many of those, the printout becomes long and confusing. Typically there are many flags only when flags are fully masked, but even then most of them are zeros, so it makes sense to print the flags that are set (ones) and omit the zero flags. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
format_flags_masked(ds, NULL, packet_tcp_flag_to_string,
ntohs(nl_attr_get_be16(a)),
flow: Factor out flag parsing and formatting routines. There are several implementations of functions that parse/format flags and their binary representation. This factors them out into common routines. In addition to reducing code, it also makes things more consistent across different parts of OVS. Signed-off-by: Jesse Gross <jesse@nicira.com>
2015-07-11 20:48:29 -07:00
TCP_FLAGS(nl_attr_get_be16(ma)),
TCP_FLAGS(OVS_BE16_MAX));
lib: Unify flags parsing and formatting. Use the "+-" syntax more uniformly when printing masked flags, and use the syntax of delimited 1-flags also for formatting fully masked TCP flags. The "+-" syntax only deals with masked flags, but if there are many of those, the printout becomes long and confusing. Typically there are many flags only when flags are fully masked, but even then most of them are zeros, so it makes sense to print the flags that are set (ones) and omit the zero flags. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
} else {
format_flags(ds, packet_tcp_flag_to_string,
flow: Factor out flag parsing and formatting routines. There are several implementations of functions that parse/format flags and their binary representation. This factors them out into common routines. In addition to reducing code, it also makes things more consistent across different parts of OVS. Signed-off-by: Jesse Gross <jesse@nicira.com>
2015-07-11 20:48:29 -07:00
ntohs(nl_attr_get_be16(a)), '|');
TCP flags matching support. tcp_flags=flags/mask Bitwise match on TCP flags. The flags and mask are 16-bit num‐ bers written in decimal or in hexadecimal prefixed by 0x. Each 1-bit in mask requires that the corresponding bit in port must match. Each 0-bit in mask causes the corresponding bit to be ignored. TCP protocol currently defines 9 flag bits, and additional 3 bits are reserved (must be transmitted as zero), see RFCs 793, 3168, and 3540. The flag bits are, numbering from the least significant bit: 0: FIN No more data from sender. 1: SYN Synchronize sequence numbers. 2: RST Reset the connection. 3: PSH Push function. 4: ACK Acknowledgement field significant. 5: URG Urgent pointer field significant. 6: ECE ECN Echo. 7: CWR Congestion Windows Reduced. 8: NS Nonce Sum. 9-11: Reserved. 12-15: Not matchable, must be zero. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-10-28 13:54:40 -07:00
}
break;
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
case OVS_KEY_ATTR_ICMP: {
const struct ovs_key_icmp *key = nl_attr_get(a);
const struct ovs_key_icmp *mask = ma ? nl_attr_get(ma) : NULL;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
format_u8u(ds, "type", key->icmp_type, MASK(mask, icmp_type), verbose);
format_u8u(ds, "code", key->icmp_code, MASK(mask, icmp_code), verbose);
ds_chomp(ds, ',');
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
break;
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
}
case OVS_KEY_ATTR_ICMPV6: {
const struct ovs_key_icmpv6 *key = nl_attr_get(a);
const struct ovs_key_icmpv6 *mask = ma ? nl_attr_get(ma) : NULL;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
format_u8u(ds, "type", key->icmpv6_type, MASK(mask, icmpv6_type),
verbose);
format_u8u(ds, "code", key->icmpv6_code, MASK(mask, icmpv6_code),
verbose);
ds_chomp(ds, ',');
nicira-ext: Support matching IPv6 traffic. Provides ability to match over IPv6 traffic in the same manner as IPv4. Currently, the matching fields include: - IPv6 source and destination addresses (ipv6_src and ipv6_dst) - Traffic Class (nw_tos) - Next Header (nw_proto) - ICMPv6 Type and Code (icmp_type and icmp_code) - TCP and UDP Ports over IPv6 (tp_src and tp_dst) When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 19:03:46 -08:00
break;
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
}
case OVS_KEY_ATTR_ARP: {
const struct ovs_key_arp *mask = ma ? nl_attr_get(ma) : NULL;
const struct ovs_key_arp *key = nl_attr_get(a);
nicira-ext: Support matching IPv6 traffic. Provides ability to match over IPv6 traffic in the same manner as IPv4. Currently, the matching fields include: - IPv6 source and destination addresses (ipv6_src and ipv6_dst) - Traffic Class (nw_tos) - Next Header (nw_proto) - ICMPv6 Type and Code (icmp_type and icmp_code) - TCP and UDP Ports over IPv6 (tp_src and tp_dst) When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 19:03:46 -08:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
format_ipv4(ds, "sip", key->arp_sip, MASK(mask, arp_sip), verbose);
format_ipv4(ds, "tip", key->arp_tip, MASK(mask, arp_tip), verbose);
format_be16(ds, "op", key->arp_op, MASK(mask, arp_op), verbose);
format_eth(ds, "sha", key->arp_sha, MASK(mask, arp_sha), verbose);
format_eth(ds, "tha", key->arp_tha, MASK(mask, arp_tha), verbose);
ds_chomp(ds, ',');
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
break;
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
}
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
case OVS_KEY_ATTR_ND: {
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
const struct ovs_key_nd *mask = ma ? nl_attr_get(ma) : NULL;
const struct ovs_key_nd *key = nl_attr_get(a);
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
format_ipv6(ds, "target", key->nd_target, MASK(mask, nd_target),
verbose);
format_eth(ds, "sll", key->nd_sll, MASK(mask, nd_sll), verbose);
format_eth(ds, "tll", key->nd_tll, MASK(mask, nd_tll), verbose);
nicira-ext: Support matching IPv6 Neighbor Discovery messages. IPv6 uses Neighbor Discovery messages in a similar manner to how IPv4 uses ARP. This commit adds support for matching deeper into the payloads of Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages. Currently, the matching fields include: - NS and NA Target (nd_target) - NS Source Link Layer Address (nd_sll) - NA Target Link Layer Address (nd_tll) When defining IPv6 Neighbor Discovery rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-02-01 22:54:11 -08:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
ds_chomp(ds, ',');
nicira-ext: Support matching IPv6 Neighbor Discovery messages. IPv6 uses Neighbor Discovery messages in a similar manner to how IPv4 uses ARP. This commit adds support for matching deeper into the payloads of Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages. Currently, the matching fields include: - NS and NA Target (nd_target) - NS Source Link Layer Address (nd_sll) - NA Target Link Layer Address (nd_tll) When defining IPv6 Neighbor Discovery rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-02-01 22:54:11 -08:00
break;
}
odp-util: Trigger warning for unhandled attrs in format_odp_key_attr(). I usually do things this way but must have overlooked this one a while ago.
2011-11-07 09:13:53 -08:00
case OVS_KEY_ATTR_UNSPEC:
case __OVS_KEY_ATTR_MAX:
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
default:
format_generic_odp_key(a, ds);
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
if (!is_exact) {
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
ds_put_char(ds, '/');
format_generic_odp_key(ma, ds);
}
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
break;
}
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
ds_put_char(ds, ')');
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
}
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
static struct nlattr *
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
generate_all_wildcard_mask(const struct attr_len_tbl tbl[], int max,
struct ofpbuf *ofp, const struct nlattr *key)
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
{
const struct nlattr *a;
unsigned int left;
int type = nl_attr_type(key);
int size = nl_attr_get_size(key);
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
if (odp_key_attr_len(tbl, max, type) != ATTR_LEN_NESTED) {
netlink: New function nl_msg_put_unspec_zero(). This function already had a few potential users, which this commit converts. An upcoming commit adds more users. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-07 14:11:40 -07:00
nl_msg_put_unspec_zero(ofp, type, size);
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
} else {
size_t nested_mask;
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
if (tbl[type].next) {
tbl = tbl[type].next;
max = tbl[type].next_max;
}
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
nested_mask = nl_msg_start_nested(ofp, type);
NL_ATTR_FOR_EACH(a, left, key, nl_attr_get_size(key)) {
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
generate_all_wildcard_mask(tbl, max, ofp, nl_attr_get(a));
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
}
nl_msg_end_nested(ofp, nested_mask);
}
ofpbuf: Simplify ofpbuf API. ofpbuf was complicated due to its wide usage across all layers of OVS, Now we have introduced independent dp_packet which can be used for datapath packet, we can simplify ofpbuf. Following patch removes DPDK mbuf and access API of ofpbuf members. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-03-02 17:29:44 -08:00
return ofp->base;
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
}
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
static void
format_u128(struct ds *ds, const ovs_u128 *key, const ovs_u128 *mask,
bool verbose)
{
if (verbose || (mask && !ovs_u128_is_zero(mask))) {
ovs_be128 value;
hton128(key, &value);
ds_put_hex(ds, &value, sizeof value);
if (mask && !(ovs_u128_is_ones(mask))) {
hton128(mask, &value);
ds_put_char(ds, '/');
ds_put_hex(ds, &value, sizeof value);
}
}
}
static int
scan_u128(const char *s_, ovs_u128 *value, ovs_u128 *mask)
{
char *s = CONST_CAST(char *, s_);
ovs_be128 be_value;
ovs_be128 be_mask;
if (!parse_int_string(s, (uint8_t *)&be_value, sizeof be_value, &s)) {
ntoh128(&be_value, value);
if (mask) {
int n;
if (ovs_scan(s, "/%n", &n)) {
int error;
s += n;
error = parse_int_string(s, (uint8_t *)&be_mask,
sizeof be_mask, &s);
if (error) {
return error;
}
ntoh128(&be_mask, mask);
} else {
*mask = OVS_U128_MAX;
}
}
return s - s_;
}
return 0;
}
dpctl: Add support for using UFID to add/del flows. Parse "ufid:<foo>" at the beginning of a flow specification and use it for flow manipulation if present. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-12 09:49:22 -08:00
int
odp_ufid_from_string(const char *s_, ovs_u128 *ufid)
{
const char *s = s_;
if (ovs_scan(s, "ufid:")) {
s += 5;
odp-util: Reuse UUID marshalling for UFID. Unique flow identifiers are really a UUID of sorts, so it makes sense to reuse the UUID string representations for UFID. Suggested-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-05-29 17:08:45 -07:00
if (!uuid_from_string_prefix((struct uuid *)ufid, s)) {
dpctl: Add support for using UFID to add/del flows. Parse "ufid:<foo>" at the beginning of a flow specification and use it for flow manipulation if present. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-12 09:49:22 -08:00
return -EINVAL;
}
odp-util: Reuse UUID marshalling for UFID. Unique flow identifiers are really a UUID of sorts, so it makes sense to reuse the UUID string representations for UFID. Suggested-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-05-29 17:08:45 -07:00
s += UUID_LEN;
dpctl: Add support for using UFID to add/del flows. Parse "ufid:<foo>" at the beginning of a flow specification and use it for flow manipulation if present. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-12 09:49:22 -08:00
return s - s_;
}
return 0;
}
dpif: Index flows using unique identifiers. This patch modifies the dpif interface to allow flows to be manipulated using a 128-bit identifier. This allows revalidator threads to perform datapath operations faster, as they do not need to serialise the entire flow key for operations like flow_get and flow_delete. In conjunction with a future patch to simplify the dump interface, this provides a significant performance benefit for revalidation. When handlers assemble flow_put operations, they specify a unique identifier (UFID) for each flow as it is passed down to the datapath to be stored with the flow. The UFID is currently provided to handlers by the dpif during upcall processing. When revalidators assemble flow_get or flow_del operations, they may specify the UFID for the flow along with the key. The dpif will decide whether to send only the UFID to the datapath, or both the UFID and flow key. The former is preferred for newer datapaths that support UFID, while the latter is used for backwards compatibility. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-24 16:26:35 +12:00
void
odp_format_ufid(const ovs_u128 *ufid, struct ds *ds)
{
odp-util: Reuse UUID marshalling for UFID. Unique flow identifiers are really a UUID of sorts, so it makes sense to reuse the UUID string representations for UFID. Suggested-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-05-29 17:08:45 -07:00
ds_put_format(ds, "ufid:"UUID_FMT, UUID_ARGS((struct uuid *)ufid));
dpif: Index flows using unique identifiers. This patch modifies the dpif interface to allow flows to be manipulated using a 128-bit identifier. This allows revalidator threads to perform datapath operations faster, as they do not need to serialise the entire flow key for operations like flow_get and flow_delete. In conjunction with a future patch to simplify the dump interface, this provides a significant performance benefit for revalidation. When handlers assemble flow_put operations, they specify a unique identifier (UFID) for each flow as it is passed down to the datapath to be stored with the flow. The UFID is currently provided to handlers by the dpif during upcall processing. When revalidators assemble flow_get or flow_del operations, they may specify the UFID for the flow along with the key. The dpif will decide whether to send only the UFID to the datapath, or both the UFID and flow key. The former is preferred for newer datapaths that support UFID, while the latter is used for backwards compatibility. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-24 16:26:35 +12:00
}
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
/* Appends to 'ds' a string representation of the 'key_len' bytes of
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
* OVS_KEY_ATTR_* attributes in 'key'. If non-null, additionally formats the
odp-util: Elaborate the comment for odp_flow_format() function. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-10-14 08:09:17 -07:00
* 'mask_len' bytes of 'mask' which apply to 'key'. If 'portno_names' is
* non-null and 'verbose' is true, translates odp port number to its name. */
flow: Separate "flow_t" from "struct odp_flow_key". The "struct odp_flow_key" used in the kernel datapath is conceptually separate from the "flow_t" used in userspace, but until now we have used the latter as a typedef for the former for convenience. This commit separates them. This makes it possible in upcoming commits to change them independently. This is cross-ported from the "wdp" branch, which has had it for months.
2010-10-11 13:31:35 -07:00
void
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
odp_flow_format(const struct nlattr *key, size_t key_len,
const struct nlattr *mask, size_t mask_len,
ovs-dpctl, ofproto/trace: Show and handle the in_port name in flows. With this commit, whenever the verbosity is enabled with '-m' option, the ovs-dpctl dump-flows command will display the flows with in_port field showing the name instead of a port number. Conversely, one can also use a name in the in_port field with del-flow, add-flow and mod-flow commands of ovs-dpctl. One should also be able to use the port name when supplying the datapath flow as an input to ofproto/trace command. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-09-23 22:58:46 -07:00
const struct hmap *portno_names, struct ds *ds, bool verbose)
flow: Separate "flow_t" from "struct odp_flow_key". The "struct odp_flow_key" used in the kernel datapath is conceptually separate from the "flow_t" used in userspace, but until now we have used the latter as a typedef for the former for convenience. This commit separates them. This makes it possible in upcoming commits to change them independently. This is cross-ported from the "wdp" branch, which has had it for months.
2010-10-11 13:31:35 -07:00
{
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
if (key_len) {
const struct nlattr *a;
unsigned int left;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
bool has_ethtype_key = false;
const struct nlattr *ma = NULL;
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
struct ofpbuf ofp;
odp-util: add verbose mode for displaying dp flow. When verbose mode tuned on, all dp flow fields described by the netlink attributes are displayed, including fully wildcarded attributes. Otherwise, the fully wildcarded attributes are omitted for brevity. Added -m option to "ovs-dpctl dump-flows" to enable verbose mode. It is off by default. Signed-off-by: Andy Zhou <azhou@nicira.com> [blp@nicira.com added documentation] Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-03 12:23:14 -07:00
bool first_field = true;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
ofpbuf_init(&ofp, 100);
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
NL_ATTR_FOR_EACH (a, left, key, key_len) {
odp-util: add verbose mode for displaying dp flow. When verbose mode tuned on, all dp flow fields described by the netlink attributes are displayed, including fully wildcarded attributes. Otherwise, the fully wildcarded attributes are omitted for brevity. Added -m option to "ovs-dpctl dump-flows" to enable verbose mode. It is off by default. Signed-off-by: Andy Zhou <azhou@nicira.com> [blp@nicira.com added documentation] Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-03 12:23:14 -07:00
bool is_nested_attr;
bool is_wildcard = false;
int attr_type = nl_attr_type(a);
if (attr_type == OVS_KEY_ATTR_ETHERTYPE) {
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
has_ethtype_key = true;
}
odp-util: add verbose mode for displaying dp flow. When verbose mode tuned on, all dp flow fields described by the netlink attributes are displayed, including fully wildcarded attributes. Otherwise, the fully wildcarded attributes are omitted for brevity. Added -m option to "ovs-dpctl dump-flows" to enable verbose mode. It is off by default. Signed-off-by: Andy Zhou <azhou@nicira.com> [blp@nicira.com added documentation] Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-03 12:23:14 -07:00
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
is_nested_attr = odp_key_attr_len(ovs_flow_key_attr_lens,
OVS_KEY_ATTR_MAX, attr_type) ==
ATTR_LEN_NESTED;
odp-util: add verbose mode for displaying dp flow. When verbose mode tuned on, all dp flow fields described by the netlink attributes are displayed, including fully wildcarded attributes. Otherwise, the fully wildcarded attributes are omitted for brevity. Added -m option to "ovs-dpctl dump-flows" to enable verbose mode. It is off by default. Signed-off-by: Andy Zhou <azhou@nicira.com> [blp@nicira.com added documentation] Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-03 12:23:14 -07:00
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
if (mask && mask_len) {
ma = nl_attr_find__(mask, mask_len, nl_attr_type(a));
odp-util: add verbose mode for displaying dp flow. When verbose mode tuned on, all dp flow fields described by the netlink attributes are displayed, including fully wildcarded attributes. Otherwise, the fully wildcarded attributes are omitted for brevity. Added -m option to "ovs-dpctl dump-flows" to enable verbose mode. It is off by default. Signed-off-by: Andy Zhou <azhou@nicira.com> [blp@nicira.com added documentation] Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-03 12:23:14 -07:00
is_wildcard = ma ? odp_mask_attr_is_wildcard(ma) : true;
}
if (verbose || !is_wildcard || is_nested_attr) {
if (is_wildcard && !ma) {
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
ma = generate_all_wildcard_mask(ovs_flow_key_attr_lens,
OVS_KEY_ATTR_MAX,
&ofp, a);
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
}
odp-util: add verbose mode for displaying dp flow. When verbose mode tuned on, all dp flow fields described by the netlink attributes are displayed, including fully wildcarded attributes. Otherwise, the fully wildcarded attributes are omitted for brevity. Added -m option to "ovs-dpctl dump-flows" to enable verbose mode. It is off by default. Signed-off-by: Andy Zhou <azhou@nicira.com> [blp@nicira.com added documentation] Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-03 12:23:14 -07:00
if (!first_field) {
ds_put_char(ds, ',');
}
ovs-dpctl, ofproto/trace: Show and handle the in_port name in flows. With this commit, whenever the verbosity is enabled with '-m' option, the ovs-dpctl dump-flows command will display the flows with in_port field showing the name instead of a port number. Conversely, one can also use a name in the in_port field with del-flow, add-flow and mod-flow commands of ovs-dpctl. One should also be able to use the port name when supplying the datapath flow as an input to ofproto/trace command. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-09-23 22:58:46 -07:00
format_odp_key_attr(a, ma, portno_names, ds, verbose);
odp-util: add verbose mode for displaying dp flow. When verbose mode tuned on, all dp flow fields described by the netlink attributes are displayed, including fully wildcarded attributes. Otherwise, the fully wildcarded attributes are omitted for brevity. Added -m option to "ovs-dpctl dump-flows" to enable verbose mode. It is off by default. Signed-off-by: Andy Zhou <azhou@nicira.com> [blp@nicira.com added documentation] Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-03 12:23:14 -07:00
first_field = false;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
ofpbuf_clear(&ofp);
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
}
ovs-dpctl: Fix mega flow output ovs-dpctl sometimes displays wildcarded fields as exact match. This patch fixes those cases. This patch implements the following logic. When OVS_FLOW_ATTR_MASK is missing, the entire key attributes will be displayed as exact match fields. When OVS_FLOW_ATTR_MASK is present, but some individual key attributes do not have matching attributes in the mask, those key attributes will be displayed as wildcarded fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-27 22:02:58 -07:00
ofpbuf_uninit(&ofp);
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
if (left) {
odp-util: Describe invalid keys and actions in more detail. I have an outstanding bug report that has tons of "***56 leftover bytes***" messages with no way to guess what the problem is. I hope this makes debugging possible. Bug #9346. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-01-26 16:21:50 -08:00
int i;
odp-util: Remove trailing whitespace. Signed-off-by: Ethan Jackson <ethan@nicira.com>
2013-09-16 17:23:31 -07:00
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
if (left == key_len) {
ds_put_cstr(ds, "<empty>");
}
odp-util: Describe invalid keys and actions in more detail. I have an outstanding bug report that has tons of "***56 leftover bytes***" messages with no way to guess what the problem is. I hope this makes debugging possible. Bug #9346. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-01-26 16:21:50 -08:00
ds_put_format(ds, ",***%u leftover bytes*** (", left);
for (i = 0; i < left; i++) {
ds_put_format(ds, "%02x", ((const uint8_t *) a)[i]);
}
ds_put_char(ds, ')');
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
}
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
if (!has_ethtype_key) {
ma = nl_attr_find__(mask, mask_len, OVS_KEY_ATTR_ETHERTYPE);
if (ma) {
ds_put_format(ds, ",eth_type(0/0x%04"PRIx16")",
ntohs(nl_attr_get_be16(ma)));
}
}
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
} else {
ds_put_cstr(ds, "<empty>");
}
flow: Separate "flow_t" from "struct odp_flow_key". The "struct odp_flow_key" used in the kernel datapath is conceptually separate from the "flow_t" used in userspace, but until now we have used the latter as a typedef for the former for convenience. This commit separates them. This makes it possible in upcoming commits to change them independently. This is cross-ported from the "wdp" branch, which has had it for months.
2010-10-11 13:31:35 -07:00
}
Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45.
2009-07-08 13:19:16 -07:00
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
/* Appends to 'ds' a string representation of the 'key_len' bytes of
* OVS_KEY_ATTR_* attributes in 'key'. */
void
odp_flow_key_format(const struct nlattr *key,
size_t key_len, struct ds *ds)
{
ovs-dpctl, ofproto/trace: Show and handle the in_port name in flows. With this commit, whenever the verbosity is enabled with '-m' option, the ovs-dpctl dump-flows command will display the flows with in_port field showing the name instead of a port number. Conversely, one can also use a name in the in_port field with del-flow, add-flow and mod-flow commands of ovs-dpctl. One should also be able to use the port name when supplying the datapath flow as an input to ofproto/trace command. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-09-23 22:58:46 -07:00
odp_flow_format(key, key_len, NULL, 0, NULL, ds, true);
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
Implement new fragment handling policy. Until now, OVS has handled IP fragments more awkwardly than necessary. It has not been possible to match on L4 headers, even in fragments with offset 0 where they are actually present. This means that there was no way to implement ACLs that treat, say, different TCP ports differently, on fragmented traffic; instead, all decisions for fragment forwarding had to be made on the basis of L2 and L3 headers alone. This commit improves the situation significantly. It is still not possible to match on L4 headers in fragments with nonzero offset, because that information is simply not present in such fragments, but this commit adds the ability to match on L4 headers for fragments with zero offset. This means that it becomes possible to implement ACLs that drop such "first fragments" on the basis of L4 headers. In practice, that effectively blocks even fragmented traffic on an L4 basis, because the receiving IP stack cannot reassemble a full packet when the first fragment is missing. This commit works by adding a new "fragment type" to the kernel flow match and making it available through OpenFlow as a new NXM field named NXM_NX_IP_FRAG. Because OpenFlow 1.0 explicitly says that the L4 fields are always 0 for IP fragments, it adds a new OpenFlow fragment handling mode that fills in the L4 fields for "first fragments". It also enhances ovs-ofctl to allow users to configure this new fragment handling mode and to parse the new field. Signed-off-by: Ben Pfaff <blp@nicira.com> Bug #7557.
2011-10-19 21:33:44 -07:00
static bool
ovs_frag_type_from_string(const char *s, enum ovs_frag_type *type)
{
if (!strcasecmp(s, "no")) {
*type = OVS_FRAG_TYPE_NONE;
} else if (!strcasecmp(s, "first")) {
*type = OVS_FRAG_TYPE_FIRST;
} else if (!strcasecmp(s, "later")) {
*type = OVS_FRAG_TYPE_LATER;
} else {
return false;
}
return true;
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
/* Parsing. */
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
static int
userspace: Define and use struct eth_addr. Define struct eth_addr and use it instead of a uint8_t array for all ethernet addresses in OVS userspace. The struct is always the right size, and it can be assigned without an explicit memcpy, which makes code more readable. "struct eth_addr" is a good type name for this as many utility functions are already named accordingly. struct eth_addr can be accessed as bytes as well as ovs_be16's, which makes the struct 16-bit aligned. All use seems to be 16-bit aligned, so some algorithms on the ethernet addresses can be made a bit more efficient making use of this fact. As the struct fits into a register (in 64-bit systems) we pass it by value when possible. This patch also changes the few uses of Linux specific ETH_ALEN to OVS's own ETH_ADDR_LEN, and removes the OFP_ETH_ALEN, as it is no longer needed. This work stemmed from a desire to make all struct flow members assignable for unrelated exploration purposes. However, I think this might be a nice code readability improvement by itself. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-08-28 14:55:11 -07:00
scan_eth(const char *s, struct eth_addr *key, struct eth_addr *mask)
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
{
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
int n;
datapath: Convert kernel priority actions into match/set. Following patch adds skb-priority to flow key. So userspace will know what was priority when packet arrived and we can remove the pop/reset priority action. It's no longer necessary to have a special action for pop that is based on the kernel remembering original skb->priority. Userspace can just emit a set priority action with the original value. Since the priority field is a match field with just a normal set action, we can convert it into the new model for actions that are based on matches. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7715
2011-11-01 10:13:16 -07:00
userspace: Define and use struct eth_addr. Define struct eth_addr and use it instead of a uint8_t array for all ethernet addresses in OVS userspace. The struct is always the right size, and it can be assigned without an explicit memcpy, which makes code more readable. "struct eth_addr" is a good type name for this as many utility functions are already named accordingly. struct eth_addr can be accessed as bytes as well as ovs_be16's, which makes the struct 16-bit aligned. All use seems to be 16-bit aligned, so some algorithms on the ethernet addresses can be made a bit more efficient making use of this fact. As the struct fits into a register (in 64-bit systems) we pass it by value when possible. This patch also changes the few uses of Linux specific ETH_ALEN to OVS's own ETH_ADDR_LEN, and removes the OFP_ETH_ALEN, as it is no longer needed. This work stemmed from a desire to make all struct flow members assignable for unrelated exploration purposes. However, I think this might be a nice code readability improvement by itself. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-08-28 14:55:11 -07:00
if (ovs_scan(s, ETH_ADDR_SCAN_FMT"%n",
ETH_ADDR_SCAN_ARGS(*key), &n)) {
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
int len = n;
if (mask) {
if (ovs_scan(s + len, "/"ETH_ADDR_SCAN_FMT"%n",
ETH_ADDR_SCAN_ARGS(*mask), &n)) {
len += n;
} else {
memset(mask, 0xff, sizeof *mask);
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
datapath: Convert kernel priority actions into match/set. Following patch adds skb-priority to flow key. So userspace will know what was priority when packet arrived and we can remove the pop/reset priority action. It's no longer necessary to have a special action for pop that is based on the kernel remembering original skb->priority. Userspace can just emit a set priority action with the original value. Since the priority field is a match field with just a normal set action, we can convert it into the new model for actions that are based on matches. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7715
2011-11-01 10:13:16 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return len;
datapath: Convert kernel priority actions into match/set. Following patch adds skb-priority to flow key. So userspace will know what was priority when packet arrived and we can remove the pop/reset priority action. It's no longer necessary to have a special action for pop that is based on the kernel remembering original skb->priority. Userspace can just emit a set priority action with the original value. Since the priority field is a match field with just a normal set action, we can convert it into the new model for actions that are based on matches. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7715
2011-11-01 10:13:16 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return 0;
}
datapath: Convert kernel priority actions into match/set. Following patch adds skb-priority to flow key. So userspace will know what was priority when packet arrived and we can remove the pop/reset priority action. It's no longer necessary to have a special action for pop that is based on the kernel remembering original skb->priority. Userspace can just emit a set priority action with the original value. Since the priority field is a match field with just a normal set action, we can convert it into the new model for actions that are based on matches. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7715
2011-11-01 10:13:16 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_ipv4(const char *s, ovs_be32 *key, ovs_be32 *mask)
{
int n;
datapath: add skb mark matching and set action This patch adds support for skb mark matching and set action. Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ansis Atteka <aatteka@nicira.com>
2012-11-13 19:19:36 +02:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (ovs_scan(s, IP_SCAN_FMT"%n", IP_SCAN_ARGS(key), &n)) {
int len = n;
if (mask) {
if (ovs_scan(s + len, "/"IP_SCAN_FMT"%n",
IP_SCAN_ARGS(mask), &n)) {
len += n;
} else {
*mask = OVS_BE32_MAX;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
datapath: add skb mark matching and set action This patch adds support for skb mark matching and set action. Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ansis Atteka <aatteka@nicira.com>
2012-11-13 19:19:36 +02:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return len;
datapath: add skb mark matching and set action This patch adds support for skb mark matching and set action. Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ansis Atteka <aatteka@nicira.com>
2012-11-13 19:19:36 +02:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return 0;
}
datapath: add skb mark matching and set action This patch adds support for skb mark matching and set action. Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ansis Atteka <aatteka@nicira.com>
2012-11-13 19:19:36 +02:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_ipv6(const char *s, ovs_be32 (*key)[4], ovs_be32 (*mask)[4])
{
int n;
char ipv6_s[IPV6_SCAN_LEN + 1];
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (ovs_scan(s, IPV6_SCAN_FMT"%n", ipv6_s, &n)
&& inet_pton(AF_INET6, ipv6_s, key) == 1) {
int len = n;
if (mask) {
if (ovs_scan(s + len, "/"IPV6_SCAN_FMT"%n", ipv6_s, &n)
&& inet_pton(AF_INET6, ipv6_s, mask) == 1) {
len += n;
} else {
memset(mask, 0xff, sizeof *mask);
odp-util: Only add recirc_id mask to Netlink message if mask is provided Current unconditional call may result in NULL being passed to nl_msg_put_u32(). Cc: Andy Zhou <azhou@nicira.com> Signed-off-by: Thomas Graf <tgraf@noironetworks.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2014-08-26 18:34:52 +02:00
}
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return len;
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return 0;
}
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_ipv6_label(const char *s, ovs_be32 *key, ovs_be32 *mask)
{
int key_, mask_;
int n;
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (ovs_scan(s, "%i%n", &key_, &n)
&& (key_ & ~IPV6_LABEL_MASK) == 0) {
int len = n;
odp-utils: Print human readable ipv4-tunnel-key flags. Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-11-14 21:10:54 -08:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
*key = htonl(key_);
if (mask) {
if (ovs_scan(s + len, "/%i%n", &mask_, &n)
&& (mask_ & ~IPV6_LABEL_MASK) == 0) {
len += n;
*mask = htonl(mask_);
} else {
*mask = htonl(IPV6_LABEL_MASK);
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
odp: Enable parsing ipv4_tunnel key. We can format ipv4_tunnel keys from the kernel but can't currently parse them. Userspace doesn't know how to do anything with this information but this support enables utilities like ovs-dpctl and ovs-appctl ofproto/trace to show useful information. Bug #13785 Signed-off-by: Jesse Gross <jesse@nicira.com>
2012-11-01 15:50:16 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return len;
odp: Enable parsing ipv4_tunnel key. We can format ipv4_tunnel keys from the kernel but can't currently parse them. Userspace doesn't know how to do anything with this information but this support enables utilities like ovs-dpctl and ovs-appctl ofproto/trace to show useful information. Bug #13785 Signed-off-by: Jesse Gross <jesse@nicira.com>
2012-11-01 15:50:16 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return 0;
}
odp: Enable parsing ipv4_tunnel key. We can format ipv4_tunnel keys from the kernel but can't currently parse them. Userspace doesn't know how to do anything with this information but this support enables utilities like ovs-dpctl and ovs-appctl ofproto/trace to show useful information. Bug #13785 Signed-off-by: Jesse Gross <jesse@nicira.com>
2012-11-01 15:50:16 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_u8(const char *s, uint8_t *key, uint8_t *mask)
{
int n;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (ovs_scan(s, "%"SCNi8"%n", key, &n)) {
int len = n;
if (mask) {
if (ovs_scan(s + len, "/%"SCNi8"%n", mask, &n)) {
len += n;
} else {
*mask = UINT8_MAX;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return len;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return 0;
}
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
static int
scan_u16(const char *s, uint16_t *key, uint16_t *mask)
{
int n;
if (ovs_scan(s, "%"SCNi16"%n", key, &n)) {
int len = n;
if (mask) {
if (ovs_scan(s + len, "/%"SCNi16"%n", mask, &n)) {
len += n;
} else {
*mask = UINT16_MAX;
}
}
return len;
}
return 0;
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_u32(const char *s, uint32_t *key, uint32_t *mask)
{
int n;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (ovs_scan(s, "%"SCNi32"%n", key, &n)) {
int len = n;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (mask) {
if (ovs_scan(s + len, "/%"SCNi32"%n", mask, &n)) {
len += n;
} else {
*mask = UINT32_MAX;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
odp-util: Add support for named ports to odp_flow_key_from_string(). Really the "trace" command should support this but in fact I need it for an upcoming update to a test.
2011-10-26 10:01:32 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return len;
odp-util: Add support for named ports to odp_flow_key_from_string(). Really the "trace" command should support this but in fact I need it for an upcoming update to a test.
2011-10-26 10:01:32 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return 0;
}
odp-util: Add support for named ports to odp_flow_key_from_string(). Really the "trace" command should support this but in fact I need it for an upcoming update to a test.
2011-10-26 10:01:32 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_be16(const char *s, ovs_be16 *key, ovs_be16 *mask)
{
uint16_t key_, mask_;
int n;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (ovs_scan(s, "%"SCNi16"%n", &key_, &n)) {
int len = n;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
*key = htons(key_);
if (mask) {
if (ovs_scan(s + len, "/%"SCNi16"%n", &mask_, &n)) {
len += n;
*mask = htons(mask_);
} else {
*mask = OVS_BE16_MAX;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return len;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return 0;
}
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_be64(const char *s, ovs_be64 *key, ovs_be64 *mask)
{
uint64_t key_, mask_;
int n;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (ovs_scan(s, "%"SCNi64"%n", &key_, &n)) {
int len = n;
*key = htonll(key_);
if (mask) {
if (ovs_scan(s + len, "/%"SCNi64"%n", &mask_, &n)) {
len += n;
*mask = htonll(mask_);
} else {
*mask = OVS_BE64_MAX;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return len;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return 0;
}
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_tun_flags(const char *s, uint16_t *key, uint16_t *mask)
{
uint32_t flags, fmask;
int n;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
flow: Factor out flag parsing and formatting routines. There are several implementations of functions that parse/format flags and their binary representation. This factors them out into common routines. In addition to reducing code, it also makes things more consistent across different parts of OVS. Signed-off-by: Jesse Gross <jesse@nicira.com>
2015-07-11 20:48:29 -07:00
n = parse_odp_flags(s, flow_tun_flag_to_string, &flags,
FLOW_TNL_F_MASK, mask ? &fmask : NULL);
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (n >= 0 && s[n] == ')') {
*key = flags;
if (mask) {
*mask = fmask;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return n + 1;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return 0;
}
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_tcp_flags(const char *s, ovs_be16 *key, ovs_be16 *mask)
{
uint32_t flags, fmask;
int n;
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
flow: Factor out flag parsing and formatting routines. There are several implementations of functions that parse/format flags and their binary representation. This factors them out into common routines. In addition to reducing code, it also makes things more consistent across different parts of OVS. Signed-off-by: Jesse Gross <jesse@nicira.com>
2015-07-11 20:48:29 -07:00
n = parse_odp_flags(s, packet_tcp_flag_to_string, &flags,
TCP_FLAGS(OVS_BE16_MAX), mask ? &fmask : NULL);
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (n >= 0) {
*key = htons(flags);
if (mask) {
*mask = htons(fmask);
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return n;
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return 0;
}
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
static uint32_t
ovs_to_odp_ct_state(uint8_t state)
{
uint32_t odp = 0;
if (state & CS_NEW) {
odp |= OVS_CS_F_NEW;
}
if (state & CS_ESTABLISHED) {
odp |= OVS_CS_F_ESTABLISHED;
}
if (state & CS_RELATED) {
odp |= OVS_CS_F_RELATED;
}
if (state & CS_INVALID) {
odp |= OVS_CS_F_INVALID;
}
if (state & CS_REPLY_DIR) {
odp |= OVS_CS_F_REPLY_DIR;
}
if (state & CS_TRACKED) {
odp |= OVS_CS_F_TRACKED;
}
return odp;
}
static uint8_t
odp_to_ovs_ct_state(uint32_t flags)
{
uint32_t state = 0;
if (flags & OVS_CS_F_NEW) {
state |= CS_NEW;
}
if (flags & OVS_CS_F_ESTABLISHED) {
state |= CS_ESTABLISHED;
}
if (flags & OVS_CS_F_RELATED) {
state |= CS_RELATED;
}
if (flags & OVS_CS_F_INVALID) {
state |= CS_INVALID;
}
if (flags & OVS_CS_F_REPLY_DIR) {
state |= CS_REPLY_DIR;
}
if (flags & OVS_CS_F_TRACKED) {
state |= CS_TRACKED;
}
return state;
}
static int
scan_ct_state(const char *s, uint32_t *key, uint32_t *mask)
{
uint32_t flags, fmask;
int n;
n = parse_flags(s, odp_ct_state_to_string, ')', NULL, NULL, &flags,
ovs_to_odp_ct_state(CS_SUPPORTED_MASK),
mask ? &fmask : NULL);
if (n >= 0) {
*key = flags;
if (mask) {
*mask = fmask;
}
return n;
}
return 0;
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_frag(const char *s, uint8_t *key, uint8_t *mask)
{
int n;
char frag[8];
enum ovs_frag_type frag_type;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (ovs_scan(s, "%7[a-z]%n", frag, &n)
&& ovs_frag_type_from_string(frag, &frag_type)) {
int len = n;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
*key = frag_type;
if (mask) {
*mask = UINT8_MAX;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return len;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return 0;
}
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_port(const char *s, uint32_t *key, uint32_t *mask,
const struct simap *port_names)
{
int n;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (ovs_scan(s, "%"SCNi32"%n", key, &n)) {
int len = n;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (mask) {
if (ovs_scan(s + len, "/%"SCNi32"%n", mask, &n)) {
len += n;
} else {
*mask = UINT32_MAX;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return len;
} else if (port_names) {
const struct simap_node *node;
int len;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
len = strcspn(s, ")");
node = simap_find_len(port_names, s, len);
if (node) {
*key = node->data;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
if (mask) {
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
*mask = UINT32_MAX;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return len;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
}
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return 0;
}
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
/* Helper for vlan parsing. */
struct ovs_key_vlan__ {
ovs_be16 tci;
};
TCP flags matching support. tcp_flags=flags/mask Bitwise match on TCP flags. The flags and mask are 16-bit num‐ bers written in decimal or in hexadecimal prefixed by 0x. Each 1-bit in mask requires that the corresponding bit in port must match. Each 0-bit in mask causes the corresponding bit to be ignored. TCP protocol currently defines 9 flag bits, and additional 3 bits are reserved (must be transmitted as zero), see RFCs 793, 3168, and 3540. The flag bits are, numbering from the least significant bit: 0: FIN No more data from sender. 1: SYN Synchronize sequence numbers. 2: RST Reset the connection. 3: PSH Push function. 4: ACK Acknowledgement field significant. 5: URG Urgent pointer field significant. 6: ECE ECN Echo. 7: CWR Congestion Windows Reduced. 8: NS Nonce Sum. 9-11: Reserved. 12-15: Not matchable, must be zero. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-10-28 13:54:40 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static bool
set_be16_bf(ovs_be16 *bf, uint8_t bits, uint8_t offset, uint16_t value)
{
const uint16_t mask = ((1U << bits) - 1) << offset;
lib: Unify flags parsing and formatting. Use the "+-" syntax more uniformly when printing masked flags, and use the syntax of delimited 1-flags also for formatting fully masked TCP flags. The "+-" syntax only deals with masked flags, but if there are many of those, the printout becomes long and confusing. Typically there are many flags only when flags are fully masked, but even then most of them are zeros, so it makes sense to print the flags that are set (ones) and omit the zero flags. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (value >> bits) {
return false;
TCP flags matching support. tcp_flags=flags/mask Bitwise match on TCP flags. The flags and mask are 16-bit num‐ bers written in decimal or in hexadecimal prefixed by 0x. Each 1-bit in mask requires that the corresponding bit in port must match. Each 0-bit in mask causes the corresponding bit to be ignored. TCP protocol currently defines 9 flag bits, and additional 3 bits are reserved (must be transmitted as zero), see RFCs 793, 3168, and 3540. The flag bits are, numbering from the least significant bit: 0: FIN No more data from sender. 1: SYN Synchronize sequence numbers. 2: RST Reset the connection. 3: PSH Push function. 4: ACK Acknowledgement field significant. 5: URG Urgent pointer field significant. 6: ECE ECN Echo. 7: CWR Congestion Windows Reduced. 8: NS Nonce Sum. 9-11: Reserved. 12-15: Not matchable, must be zero. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-10-28 13:54:40 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
*bf = htons((ntohs(*bf) & ~mask) | (value << offset));
return true;
}
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_be16_bf(const char *s, ovs_be16 *key, ovs_be16 *mask, uint8_t bits,
uint8_t offset)
{
uint16_t key_, mask_;
int n;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (ovs_scan(s, "%"SCNi16"%n", &key_, &n)) {
int len = n;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (set_be16_bf(key, bits, offset, key_)) {
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
if (mask) {
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (ovs_scan(s + len, "/%"SCNi16"%n", &mask_, &n)) {
len += n;
if (!set_be16_bf(mask, bits, offset, mask_)) {
return 0;
}
} else {
*mask |= htons(((1U << bits) - 1) << offset);
}
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return len;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
}
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return 0;
}
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_vid(const char *s, ovs_be16 *key, ovs_be16 *mask)
{
return scan_be16_bf(s, key, mask, 12, VLAN_VID_SHIFT);
}
ofproto-dpif: Add SCTP support Reviewed-by: Simon Horman <horms@verge.net.au> Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-22 20:24:44 +12:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_pcp(const char *s, ovs_be16 *key, ovs_be16 *mask)
{
return scan_be16_bf(s, key, mask, 3, VLAN_PCP_SHIFT);
}
ofproto-dpif: Add SCTP support Reviewed-by: Simon Horman <horms@verge.net.au> Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-22 20:24:44 +12:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_cfi(const char *s, ovs_be16 *key, ovs_be16 *mask)
{
return scan_be16_bf(s, key, mask, 1, VLAN_CFI_SHIFT);
}
ofproto-dpif: Add SCTP support Reviewed-by: Simon Horman <horms@verge.net.au> Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-22 20:24:44 +12:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
/* For MPLS. */
static bool
set_be32_bf(ovs_be32 *bf, uint8_t bits, uint8_t offset, uint32_t value)
{
const uint32_t mask = ((1U << bits) - 1) << offset;
ofproto-dpif: Add SCTP support Reviewed-by: Simon Horman <horms@verge.net.au> Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-22 20:24:44 +12:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (value >> bits) {
return false;
ofproto-dpif: Add SCTP support Reviewed-by: Simon Horman <horms@verge.net.au> Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-22 20:24:44 +12:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
*bf = htonl((ntohl(*bf) & ~mask) | (value << offset));
return true;
}
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_be32_bf(const char *s, ovs_be32 *key, ovs_be32 *mask, uint8_t bits,
uint8_t offset)
{
uint32_t key_, mask_;
int n;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (ovs_scan(s, "%"SCNi32"%n", &key_, &n)) {
int len = n;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (set_be32_bf(key, bits, offset, key_)) {
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
if (mask) {
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (ovs_scan(s + len, "/%"SCNi32"%n", &mask_, &n)) {
len += n;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (!set_be32_bf(mask, bits, offset, mask_)) {
return 0;
}
} else {
*mask |= htonl(((1U << bits) - 1) << offset);
}
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return len;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
}
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return 0;
}
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_mpls_label(const char *s, ovs_be32 *key, ovs_be32 *mask)
{
return scan_be32_bf(s, key, mask, 20, MPLS_LABEL_SHIFT);
}
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_mpls_tc(const char *s, ovs_be32 *key, ovs_be32 *mask)
{
return scan_be32_bf(s, key, mask, 3, MPLS_TC_SHIFT);
}
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_mpls_ttl(const char *s, ovs_be32 *key, ovs_be32 *mask)
{
return scan_be32_bf(s, key, mask, 8, MPLS_TTL_SHIFT);
}
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
scan_mpls_bos(const char *s, ovs_be32 *key, ovs_be32 *mask)
{
return scan_be32_bf(s, key, mask, 1, MPLS_BOS_SHIFT);
}
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
static int
scan_vxlan_gbp(const char *s, uint32_t *key, uint32_t *mask)
{
const char *s_base = s;
odp-util: Simplify parsing function for GCC. GCC 4.7.2 -O3 flagged potential use before initialization for the 'id' and 'id_mask' being scanned in scan_vxlan_gbp(). For the 'id' this was a real possiblity, but for the 'id_mask' it seems to be a false positive in gcc analysis. Simplify scan_vxlan_gbp() to fix this. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-09 15:24:33 -07:00
ovs_be16 id = 0, id_mask = 0;
uint8_t flags = 0, flags_mask = 0;
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
if (!strncmp(s, "id=", 3)) {
s += 3;
s += scan_be16(s, &id, mask ? &id_mask : NULL);
}
if (s[0] == ',') {
s++;
}
if (!strncmp(s, "flags=", 6)) {
s += 6;
s += scan_u8(s, &flags, mask ? &flags_mask : NULL);
}
if (!strncmp(s, "))", 2)) {
s += 2;
*key = (flags << 16) | ntohs(id);
if (mask) {
*mask = (flags_mask << 16) | ntohs(id_mask);
}
return s - s_base;
}
return 0;
}
odp-util: Geneve netlink decoding. Even though userspace does not yet support Geneve options, the kernel does and there is some basic support for decoding those attributes. This adds the ability to print Geneve attributes that might potentially come from the kernel. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-18 16:03:01 -07:00
static int
scan_geneve(const char *s, struct geneve_scan *key, struct geneve_scan *mask)
{
const char *s_base = s;
odp-util: Fix alignment when scanning Geneve attributes. Clang complains about the fact that we use a byte array to scan Geneve attributes into since there are different alignment requirements: lib/odp-util.c:2936:30: error: cast from 'uint8_t *' (aka 'unsigned char *') to 'struct geneve_opt *' increases required alignment from 1 to 2 [-Werror,-Wcast-align] struct geneve_opt *opt = (struct geneve_opt *)key->d; ^~~~~~~~~~~~~~~~~~~~~~~~~~~ We can instead treat this as an array of Geneve option headers to ensure we get the right alignment and then there are no need for casts. Reported-by: Joe Stringer <joestringer@nicira.com> Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Joe Stringer <joestringer@nicira.com>
2015-05-29 10:41:05 -07:00
struct geneve_opt *opt = key->d;
struct geneve_opt *opt_mask = mask ? mask->d : NULL;
odp-util: Geneve netlink decoding. Even though userspace does not yet support Geneve options, the kernel does and there is some basic support for decoding those attributes. This adds the ability to print Geneve attributes that might potentially come from the kernel. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-18 16:03:01 -07:00
int len_remain = sizeof key->d;
while (s[0] == '{' && len_remain >= sizeof *opt) {
int data_len = 0;
s++;
len_remain -= sizeof *opt;
if (!strncmp(s, "class=", 6)) {
s += 6;
s += scan_be16(s, &opt->opt_class,
mask ? &opt_mask->opt_class : NULL);
} else if (mask) {
memset(&opt_mask->opt_class, 0, sizeof opt_mask->opt_class);
}
if (s[0] == ',') {
s++;
}
if (!strncmp(s, "type=", 5)) {
s += 5;
s += scan_u8(s, &opt->type, mask ? &opt_mask->type : NULL);
} else if (mask) {
memset(&opt_mask->type, 0, sizeof opt_mask->type);
}
if (s[0] == ',') {
s++;
}
if (!strncmp(s, "len=", 4)) {
uint8_t opt_len, opt_len_mask;
s += 4;
s += scan_u8(s, &opt_len, mask ? &opt_len_mask : NULL);
if (opt_len > 124 || opt_len % 4 || opt_len > len_remain) {
return 0;
}
opt->length = opt_len / 4;
if (mask) {
opt_mask->length = opt_len_mask;
}
data_len = opt_len;
} else if (mask) {
memset(&opt_mask->type, 0, sizeof opt_mask->type);
}
if (s[0] == ',') {
s++;
}
if (parse_int_string(s, (uint8_t *)(opt + 1), data_len, (char **)&s)) {
return 0;
}
if (mask) {
if (s[0] == '/') {
s++;
if (parse_int_string(s, (uint8_t *)(opt_mask + 1),
data_len, (char **)&s)) {
return 0;
}
}
opt_mask->r1 = 0;
opt_mask->r2 = 0;
opt_mask->r3 = 0;
}
if (s[0] == '}') {
s++;
opt += 1 + data_len / 4;
if (mask) {
opt_mask += 1 + data_len / 4;
}
len_remain -= data_len;
}
}
if (s[0] == ')') {
int len = sizeof key->d - len_remain;
s++;
key->len = len;
if (mask) {
mask->len = len;
}
return s - s_base;
}
return 0;
}
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
static void
tun_flags_to_attr(struct ofpbuf *a, const void *data_)
{
const uint16_t *flags = data_;
if (*flags & FLOW_TNL_F_DONT_FRAGMENT) {
nl_msg_put_flag(a, OVS_TUNNEL_KEY_ATTR_DONT_FRAGMENT);
}
if (*flags & FLOW_TNL_F_CSUM) {
nl_msg_put_flag(a, OVS_TUNNEL_KEY_ATTR_CSUM);
}
if (*flags & FLOW_TNL_F_OAM) {
nl_msg_put_flag(a, OVS_TUNNEL_KEY_ATTR_OAM);
}
}
static void
vxlan_gbp_to_attr(struct ofpbuf *a, const void *data_)
{
const uint32_t *gbp = data_;
if (*gbp) {
size_t vxlan_opts_ofs;
vxlan_opts_ofs = nl_msg_start_nested(a, OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS);
nl_msg_put_u32(a, OVS_VXLAN_EXT_GBP, *gbp);
nl_msg_end_nested(a, vxlan_opts_ofs);
}
}
odp-util: Geneve netlink decoding. Even though userspace does not yet support Geneve options, the kernel does and there is some basic support for decoding those attributes. This adds the ability to print Geneve attributes that might potentially come from the kernel. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-18 16:03:01 -07:00
static void
geneve_to_attr(struct ofpbuf *a, const void *data_)
{
const struct geneve_scan *geneve = data_;
nl_msg_put_unspec(a, OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS, geneve->d,
geneve->len);
}
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
#define SCAN_PUT_ATTR(BUF, ATTR, DATA, FUNC) \
{ \
unsigned long call_fn = (unsigned long)FUNC; \
if (call_fn) { \
typedef void (*fn)(struct ofpbuf *, const void *); \
fn func = FUNC; \
func(BUF, &(DATA)); \
} else { \
nl_msg_put_unspec(BUF, ATTR, &(DATA), sizeof (DATA)); \
} \
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
}
#define SCAN_IF(NAME) \
if (strncmp(s, NAME, strlen(NAME)) == 0) { \
const char *start = s; \
int len; \
\
s += strlen(NAME)
/* Usually no special initialization is needed. */
#define SCAN_BEGIN(NAME, TYPE) \
SCAN_IF(NAME); \
TYPE skey, smask; \
memset(&skey, 0, sizeof skey); \
memset(&smask, 0, sizeof smask); \
do { \
len = 0;
odp-util: Fix scanning of recirc_id. Recirculation id was scanned without a mask, which led to it being ignored. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-03-13 13:27:19 -07:00
/* Init as fully-masked as mask will not be scanned. */
#define SCAN_BEGIN_FULLY_MASKED(NAME, TYPE) \
SCAN_IF(NAME); \
TYPE skey, smask; \
memset(&skey, 0, sizeof skey); \
memset(&smask, 0xff, sizeof smask); \
do { \
len = 0;
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
/* VLAN needs special initialization. */
#define SCAN_BEGIN_INIT(NAME, TYPE, KEY_INIT, MASK_INIT) \
SCAN_IF(NAME); \
TYPE skey = KEY_INIT; \
TYPE smask = MASK_INIT; \
do { \
len = 0;
/* Scan unnamed entry as 'TYPE' */
#define SCAN_TYPE(TYPE, KEY, MASK) \
len = scan_##TYPE(s, KEY, MASK); \
if (len == 0) { \
return -EINVAL; \
} \
s += len
/* Scan named ('NAME') entry 'FIELD' as 'TYPE'. */
#define SCAN_FIELD(NAME, TYPE, FIELD) \
if (strncmp(s, NAME, strlen(NAME)) == 0) { \
s += strlen(NAME); \
SCAN_TYPE(TYPE, &skey.FIELD, mask ? &smask.FIELD : NULL); \
continue; \
}
#define SCAN_FINISH() \
} while (*s++ == ',' && len != 0); \
if (s[-1] != ')') { \
return -EINVAL; \
}
#define SCAN_FINISH_SINGLE() \
} while (false); \
if (*s++ != ')') { \
return -EINVAL; \
}
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
/* Beginning of nested attribute. */
#define SCAN_BEGIN_NESTED(NAME, ATTR) \
SCAN_IF(NAME); \
size_t key_offset, mask_offset; \
key_offset = nl_msg_start_nested(key, ATTR); \
if (mask) { \
mask_offset = nl_msg_start_nested(mask, ATTR); \
} \
do { \
len = 0;
#define SCAN_END_NESTED() \
SCAN_FINISH(); \
nl_msg_end_nested(key, key_offset); \
if (mask) { \
nl_msg_end_nested(mask, mask_offset); \
} \
return s - start; \
}
#define SCAN_FIELD_NESTED__(NAME, TYPE, SCAN_AS, ATTR, FUNC) \
if (strncmp(s, NAME, strlen(NAME)) == 0) { \
TYPE skey, smask; \
memset(&skey, 0, sizeof skey); \
memset(&smask, 0xff, sizeof smask); \
s += strlen(NAME); \
SCAN_TYPE(SCAN_AS, &skey, &smask); \
SCAN_PUT(ATTR, FUNC); \
continue; \
}
#define SCAN_FIELD_NESTED(NAME, TYPE, SCAN_AS, ATTR) \
SCAN_FIELD_NESTED__(NAME, TYPE, SCAN_AS, ATTR, NULL)
#define SCAN_FIELD_NESTED_FUNC(NAME, TYPE, SCAN_AS, FUNC) \
SCAN_FIELD_NESTED__(NAME, TYPE, SCAN_AS, 0, FUNC)
#define SCAN_PUT(ATTR, FUNC) \
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (!mask || !is_all_zeros(&smask, sizeof smask)) { \
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
SCAN_PUT_ATTR(key, ATTR, skey, FUNC); \
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
if (mask) { \
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
SCAN_PUT_ATTR(mask, ATTR, smask, FUNC); \
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
} \
}
#define SCAN_END(ATTR) \
SCAN_FINISH(); \
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
SCAN_PUT(ATTR, NULL); \
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return s - start; \
}
#define SCAN_END_SINGLE(ATTR) \
SCAN_FINISH_SINGLE(); \
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
SCAN_PUT(ATTR, NULL); \
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
return s - start; \
}
#define SCAN_SINGLE(NAME, TYPE, SCAN_AS, ATTR) \
SCAN_BEGIN(NAME, TYPE) { \
SCAN_TYPE(SCAN_AS, &skey, &smask); \
} SCAN_END_SINGLE(ATTR)
odp-util: Fix scanning of recirc_id. Recirculation id was scanned without a mask, which led to it being ignored. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-03-13 13:27:19 -07:00
#define SCAN_SINGLE_FULLY_MASKED(NAME, TYPE, SCAN_AS, ATTR) \
SCAN_BEGIN_FULLY_MASKED(NAME, TYPE) { \
SCAN_TYPE(SCAN_AS, &skey, NULL); \
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
} SCAN_END_SINGLE(ATTR)
/* scan_port needs one extra argument. */
#define SCAN_SINGLE_PORT(NAME, TYPE, ATTR) \
SCAN_BEGIN(NAME, TYPE) { \
len = scan_port(s, &skey, &smask, port_names); \
if (len == 0) { \
return -EINVAL; \
} \
s += len; \
} SCAN_END_SINGLE(ATTR)
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
static int
parse_odp_key_mask_attr(const char *s, const struct simap *port_names,
struct ofpbuf *key, struct ofpbuf *mask)
{
odp-util: Reuse UUID marshalling for UFID. Unique flow identifiers are really a UUID of sorts, so it makes sense to reuse the UUID string representations for UFID. Suggested-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-05-29 17:08:45 -07:00
ovs_u128 ufid;
int len;
odp-util: Skip UFID when parsing datapath key. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-05-20 17:04:33 -07:00
odp-util: Reuse UUID marshalling for UFID. Unique flow identifiers are really a UUID of sorts, so it makes sense to reuse the UUID string representations for UFID. Suggested-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-05-29 17:08:45 -07:00
/* Skip UFID. */
len = odp_ufid_from_string(s, &ufid);
if (len) {
return len;
odp-util: Skip UFID when parsing datapath key. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-05-20 17:04:33 -07:00
}
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
SCAN_SINGLE("skb_priority(", uint32_t, u32, OVS_KEY_ATTR_PRIORITY);
SCAN_SINGLE("skb_mark(", uint32_t, u32, OVS_KEY_ATTR_SKB_MARK);
odp-util: Fix scanning of recirc_id. Recirculation id was scanned without a mask, which led to it being ignored. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-03-13 13:27:19 -07:00
SCAN_SINGLE_FULLY_MASKED("recirc_id(", uint32_t, u32,
OVS_KEY_ATTR_RECIRC_ID);
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
SCAN_SINGLE("dp_hash(", uint32_t, u32, OVS_KEY_ATTR_DP_HASH);
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
SCAN_SINGLE("ct_state(", uint32_t, ct_state, OVS_KEY_ATTR_CT_STATE);
SCAN_SINGLE("ct_zone(", uint16_t, u16, OVS_KEY_ATTR_CT_ZONE);
Add connection tracking mark support. This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
SCAN_SINGLE("ct_mark(", uint32_t, u32, OVS_KEY_ATTR_CT_MARK);
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
SCAN_SINGLE("ct_label(", ovs_u128, u128, OVS_KEY_ATTR_CT_LABELS);
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
SCAN_BEGIN_NESTED("tunnel(", OVS_KEY_ATTR_TUNNEL) {
SCAN_FIELD_NESTED("tun_id=", ovs_be64, be64, OVS_TUNNEL_KEY_ATTR_ID);
SCAN_FIELD_NESTED("src=", ovs_be32, ipv4, OVS_TUNNEL_KEY_ATTR_IPV4_SRC);
SCAN_FIELD_NESTED("dst=", ovs_be32, ipv4, OVS_TUNNEL_KEY_ATTR_IPV4_DST);
SCAN_FIELD_NESTED("tos=", uint8_t, u8, OVS_TUNNEL_KEY_ATTR_TOS);
SCAN_FIELD_NESTED("ttl=", uint8_t, u8, OVS_TUNNEL_KEY_ATTR_TTL);
SCAN_FIELD_NESTED("tp_src=", ovs_be16, be16, OVS_TUNNEL_KEY_ATTR_TP_SRC);
SCAN_FIELD_NESTED("tp_dst=", ovs_be16, be16, OVS_TUNNEL_KEY_ATTR_TP_DST);
SCAN_FIELD_NESTED_FUNC("vxlan(gbp(", uint32_t, vxlan_gbp, vxlan_gbp_to_attr);
odp-util: Geneve netlink decoding. Even though userspace does not yet support Geneve options, the kernel does and there is some basic support for decoding those attributes. This adds the ability to print Geneve attributes that might potentially come from the kernel. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-18 16:03:01 -07:00
SCAN_FIELD_NESTED_FUNC("geneve(", struct geneve_scan, geneve,
geneve_to_attr);
odp-util: Format tunnel attributes directly from netlink. When we format most netlink attributes we do so from the netlink itself, iterating through each one and printing the contents out. However, for tunnels we don't do this - we first convert to the OVS userspace representation and then format that. While convienient, this isn't really ideal as the primary use of printing netlink attributes is debugging and this conversion is lossy, particularly when the attributes aren't as expected. The result is that unexpected keys are silently ignored and the level of detail on errors is minimal. This situation becomes worse when we introduce support for Geneve. The conversion to userspace format requires additional information which we might not have (ovs-dpctl) and is more complicated than other attributes so it is likely to be confusing in the event of a bug. The information from the kernel is self-describing so it's much more reliable to display it directly from the netlink. This converts tunnel attribute formatting to be more similar to other types of attributes. As a nice bonus the output becomes more compact because it doesn't print zeroed out attributes in cases where they aren't relevant and therefore not present. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-16 22:08:20 -07:00
SCAN_FIELD_NESTED_FUNC("flags(", uint16_t, tun_flags, tun_flags_to_attr);
} SCAN_END_NESTED();
lib/odp-util: Skip ignored fields when parsing and formatting. When a whole field of a key value is ignored, skip it when formatting the key, and allow it to be left out when parsing the key from a string. However, when the 'verbose' formatting is requested those are still formatted, as it may help in debugging. Now the named key fields can also be given in arbitrary order. Duplicate field values are not checked for, so the last one will remain in effect. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-09 14:50:36 -07:00
SCAN_SINGLE_PORT("in_port(", uint32_t, OVS_KEY_ATTR_IN_PORT);
SCAN_BEGIN("eth(", struct ovs_key_ethernet) {
SCAN_FIELD("src=", eth, eth_src);
SCAN_FIELD("dst=", eth, eth_dst);
} SCAN_END(OVS_KEY_ATTR_ETHERNET);
SCAN_BEGIN_INIT("vlan(", struct ovs_key_vlan__,
{ htons(VLAN_CFI) }, { htons(VLAN_CFI) }) {
SCAN_FIELD("vid=", vid, tci);
SCAN_FIELD("pcp=", pcp, tci);
SCAN_FIELD("cfi=", cfi, tci);
} SCAN_END(OVS_KEY_ATTR_VLAN);
SCAN_SINGLE("eth_type(", ovs_be16, be16, OVS_KEY_ATTR_ETHERTYPE);
SCAN_BEGIN("mpls(", struct ovs_key_mpls) {
SCAN_FIELD("label=", mpls_label, mpls_lse);
SCAN_FIELD("tc=", mpls_tc, mpls_lse);
SCAN_FIELD("ttl=", mpls_ttl, mpls_lse);
SCAN_FIELD("bos=", mpls_bos, mpls_lse);
} SCAN_END(OVS_KEY_ATTR_MPLS);
SCAN_BEGIN("ipv4(", struct ovs_key_ipv4) {
SCAN_FIELD("src=", ipv4, ipv4_src);
SCAN_FIELD("dst=", ipv4, ipv4_dst);
SCAN_FIELD("proto=", u8, ipv4_proto);
SCAN_FIELD("tos=", u8, ipv4_tos);
SCAN_FIELD("ttl=", u8, ipv4_ttl);
SCAN_FIELD("frag=", frag, ipv4_frag);
} SCAN_END(OVS_KEY_ATTR_IPV4);
SCAN_BEGIN("ipv6(", struct ovs_key_ipv6) {
SCAN_FIELD("src=", ipv6, ipv6_src);
SCAN_FIELD("dst=", ipv6, ipv6_dst);
SCAN_FIELD("label=", ipv6_label, ipv6_label);
SCAN_FIELD("proto=", u8, ipv6_proto);
SCAN_FIELD("tclass=", u8, ipv6_tclass);
SCAN_FIELD("hlimit=", u8, ipv6_hlimit);
SCAN_FIELD("frag=", frag, ipv6_frag);
} SCAN_END(OVS_KEY_ATTR_IPV6);
SCAN_BEGIN("tcp(", struct ovs_key_tcp) {
SCAN_FIELD("src=", be16, tcp_src);
SCAN_FIELD("dst=", be16, tcp_dst);
} SCAN_END(OVS_KEY_ATTR_TCP);
SCAN_SINGLE("tcp_flags(", ovs_be16, tcp_flags, OVS_KEY_ATTR_TCP_FLAGS);
SCAN_BEGIN("udp(", struct ovs_key_udp) {
SCAN_FIELD("src=", be16, udp_src);
SCAN_FIELD("dst=", be16, udp_dst);
} SCAN_END(OVS_KEY_ATTR_UDP);
SCAN_BEGIN("sctp(", struct ovs_key_sctp) {
SCAN_FIELD("src=", be16, sctp_src);
SCAN_FIELD("dst=", be16, sctp_dst);
} SCAN_END(OVS_KEY_ATTR_SCTP);
SCAN_BEGIN("icmp(", struct ovs_key_icmp) {
SCAN_FIELD("type=", u8, icmp_type);
SCAN_FIELD("code=", u8, icmp_code);
} SCAN_END(OVS_KEY_ATTR_ICMP);
SCAN_BEGIN("icmpv6(", struct ovs_key_icmpv6) {
SCAN_FIELD("type=", u8, icmpv6_type);
SCAN_FIELD("code=", u8, icmpv6_code);
} SCAN_END(OVS_KEY_ATTR_ICMPV6);
SCAN_BEGIN("arp(", struct ovs_key_arp) {
SCAN_FIELD("sip=", ipv4, arp_sip);
SCAN_FIELD("tip=", ipv4, arp_tip);
SCAN_FIELD("op=", be16, arp_op);
SCAN_FIELD("sha=", eth, arp_sha);
SCAN_FIELD("tha=", eth, arp_tha);
} SCAN_END(OVS_KEY_ATTR_ARP);
SCAN_BEGIN("nd(", struct ovs_key_nd) {
SCAN_FIELD("target=", ipv6, nd_target);
SCAN_FIELD("sll=", eth, nd_sll);
SCAN_FIELD("tll=", eth, nd_tll);
} SCAN_END(OVS_KEY_ATTR_ND);
/* Encap open-coded. */
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
if (!strncmp(s, "encap(", 6)) {
const char *start = s;
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
size_t encap, encap_mask = 0;
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
encap = nl_msg_start_nested(key, OVS_KEY_ATTR_ENCAP);
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
if (mask) {
encap_mask = nl_msg_start_nested(mask, OVS_KEY_ATTR_ENCAP);
}
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
s += 6;
for (;;) {
int retval;
odp-util: Reuse standard delimiters. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-12-05 14:07:19 -08:00
s += strspn(s, delimiters);
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
if (!*s) {
return -EINVAL;
} else if (*s == ')') {
break;
}
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
retval = parse_odp_key_mask_attr(s, port_names, key, mask);
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
if (retval < 0) {
return retval;
}
s += retval;
}
s++;
nl_msg_end_nested(key, encap);
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
if (mask) {
nl_msg_end_nested(mask, encap_mask);
}
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
return s - start;
}
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
return -EINVAL;
}
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
/* Parses the string representation of a datapath flow key, in the
* format output by odp_flow_key_format(). Returns 0 if successful,
* otherwise a positive errno value. On success, the flow key is
* appended to 'key' as a series of Netlink attributes. On failure, no
* data is appended to 'key'. Either way, 'key''s data might be
* reallocated.
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
*
simap: New data structure for string-to-integer maps. This commit adapts a couple of existing pieces of code to use the new data structure. The following commit will add another user (which is also the first use of the simap_increas() function). Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-05-22 10:32:02 -07:00
* If 'port_names' is nonnull, it points to an simap that maps from a port name
* to a port number. (Port names may be used instead of port numbers in
* in_port.)
odp-util: Add support for named ports to odp_flow_key_from_string(). Really the "trace" command should support this but in fact I need it for an upcoming update to a test.
2011-10-26 10:01:32 -07:00
*
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
* On success, the attributes appended to 'key' are individually syntactically
* valid, but they may not be valid as a sequence. 'key' might, for example,
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
* have duplicated keys. odp_flow_key_to_flow() will detect those errors. */
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
int
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
odp_flow_from_string(const char *s, const struct simap *port_names,
struct ofpbuf *key, struct ofpbuf *mask)
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
{
ofpbuf: Simplify ofpbuf API. ofpbuf was complicated due to its wide usage across all layers of OVS, Now we have introduced independent dp_packet which can be used for datapath packet, we can simplify ofpbuf. Following patch removes DPDK mbuf and access API of ofpbuf members. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-03-02 17:29:44 -08:00
const size_t old_size = key->size;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
for (;;) {
int retval;
odp-util: New function odp_actions_from_string(). An upcoming commit will add a user. The only planned users for now are part of unit tests themselves, so it doesn't seem important to unit test it.
2011-11-11 15:22:56 -08:00
s += strspn(s, delimiters);
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
if (!*s) {
return 0;
}
ovs-dpctl: Add mega flow support Added support to allow mega flow specified and displayed. ovs-dpctl tool is mainly used as debugging tool. This patch also implements the low level user space routines to send and receive mega flow netlink messages. Those netlink suppor routines are required for forthcoming user space mega flow patches. Added a unit test to test parsing and display of mega flows. Ethan contributed the ovs-dpctl mega flow output function. Co-authored-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Ethan Jackson <ethan@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 07:15:10 +00:00
retval = parse_odp_key_mask_attr(s, port_names, key, mask);
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
if (retval < 0) {
ofpbuf: Simplify ofpbuf API. ofpbuf was complicated due to its wide usage across all layers of OVS, Now we have introduced independent dp_packet which can be used for datapath packet, we can simplify ofpbuf. Following patch removes DPDK mbuf and access API of ofpbuf members. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-03-02 17:29:44 -08:00
key->size = old_size;
odp-util: New function odp_flow_key_from_string(). This will be used in upcoming commits.
2011-08-04 16:20:34 -07:00
return -retval;
}
s += retval;
}
return 0;
}
Implement new fragment handling policy. Until now, OVS has handled IP fragments more awkwardly than necessary. It has not been possible to match on L4 headers, even in fragments with offset 0 where they are actually present. This means that there was no way to implement ACLs that treat, say, different TCP ports differently, on fragmented traffic; instead, all decisions for fragment forwarding had to be made on the basis of L2 and L3 headers alone. This commit improves the situation significantly. It is still not possible to match on L4 headers in fragments with nonzero offset, because that information is simply not present in such fragments, but this commit adds the ability to match on L4 headers for fragments with zero offset. This means that it becomes possible to implement ACLs that drop such "first fragments" on the basis of L4 headers. In practice, that effectively blocks even fragmented traffic on an L4 basis, because the receiving IP stack cannot reassemble a full packet when the first fragment is missing. This commit works by adding a new "fragment type" to the kernel flow match and making it available through OpenFlow as a new NXM field named NXM_NX_IP_FRAG. Because OpenFlow 1.0 explicitly says that the L4 fields are always 0 for IP fragments, it adds a new OpenFlow fragment handling mode that fills in the L4 fields for "first fragments". It also enhances ovs-ofctl to allow users to configure this new fragment handling mode and to parse the new field. Signed-off-by: Ben Pfaff <blp@nicira.com> Bug #7557.
2011-10-19 21:33:44 -07:00
static uint8_t
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
ovs_to_odp_frag(uint8_t nw_frag, bool is_mask)
Implement new fragment handling policy. Until now, OVS has handled IP fragments more awkwardly than necessary. It has not been possible to match on L4 headers, even in fragments with offset 0 where they are actually present. This means that there was no way to implement ACLs that treat, say, different TCP ports differently, on fragmented traffic; instead, all decisions for fragment forwarding had to be made on the basis of L2 and L3 headers alone. This commit improves the situation significantly. It is still not possible to match on L4 headers in fragments with nonzero offset, because that information is simply not present in such fragments, but this commit adds the ability to match on L4 headers for fragments with zero offset. This means that it becomes possible to implement ACLs that drop such "first fragments" on the basis of L4 headers. In practice, that effectively blocks even fragmented traffic on an L4 basis, because the receiving IP stack cannot reassemble a full packet when the first fragment is missing. This commit works by adding a new "fragment type" to the kernel flow match and making it available through OpenFlow as a new NXM field named NXM_NX_IP_FRAG. Because OpenFlow 1.0 explicitly says that the L4 fields are always 0 for IP fragments, it adds a new OpenFlow fragment handling mode that fills in the L4 fields for "first fragments". It also enhances ovs-ofctl to allow users to configure this new fragment handling mode and to parse the new field. Signed-off-by: Ben Pfaff <blp@nicira.com> Bug #7557.
2011-10-19 21:33:44 -07:00
{
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
if (is_mask) {
/* Netlink interface 'enum ovs_frag_type' is an 8-bit enumeration type,
* not a set of flags or bitfields. Hence, if the struct flow nw_frag
* mask, which is a set of bits, has the FLOW_NW_FRAG_ANY as zero, we
* must use a zero mask for the netlink frag field, and all ones mask
* otherwise. */
return (nw_frag & FLOW_NW_FRAG_ANY) ? UINT8_MAX : 0;
}
lib/odp-util: Fix mapping to Netlink frag mask. The frag member in the Netlink interface is an uint8_t enumeration type, not a bitfield, so it should always be either fully masked or not masked at all. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
return !(nw_frag & FLOW_NW_FRAG_ANY) ? OVS_FRAG_TYPE_NONE
: nw_frag & FLOW_NW_FRAG_LATER ? OVS_FRAG_TYPE_LATER
: OVS_FRAG_TYPE_FIRST;
Implement new fragment handling policy. Until now, OVS has handled IP fragments more awkwardly than necessary. It has not been possible to match on L4 headers, even in fragments with offset 0 where they are actually present. This means that there was no way to implement ACLs that treat, say, different TCP ports differently, on fragmented traffic; instead, all decisions for fragment forwarding had to be made on the basis of L2 and L3 headers alone. This commit improves the situation significantly. It is still not possible to match on L4 headers in fragments with nonzero offset, because that information is simply not present in such fragments, but this commit adds the ability to match on L4 headers for fragments with zero offset. This means that it becomes possible to implement ACLs that drop such "first fragments" on the basis of L4 headers. In practice, that effectively blocks even fragmented traffic on an L4 basis, because the receiving IP stack cannot reassemble a full packet when the first fragment is missing. This commit works by adding a new "fragment type" to the kernel flow match and making it available through OpenFlow as a new NXM field named NXM_NX_IP_FRAG. Because OpenFlow 1.0 explicitly says that the L4 fields are always 0 for IP fragments, it adds a new OpenFlow fragment handling mode that fills in the L4 fields for "first fragments". It also enhances ovs-ofctl to allow users to configure this new fragment handling mode and to parse the new field. Signed-off-by: Ben Pfaff <blp@nicira.com> Bug #7557.
2011-10-19 21:33:44 -07:00
}
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
static void get_ethernet_key(const struct flow *, struct ovs_key_ethernet *);
static void put_ethernet_key(const struct ovs_key_ethernet *, struct flow *);
static void get_ipv4_key(const struct flow *, struct ovs_key_ipv4 *,
bool is_mask);
static void put_ipv4_key(const struct ovs_key_ipv4 *, struct flow *,
bool is_mask);
static void get_ipv6_key(const struct flow *, struct ovs_key_ipv6 *,
bool is_mask);
static void put_ipv6_key(const struct ovs_key_ipv6 *, struct flow *,
bool is_mask);
static void get_arp_key(const struct flow *, struct ovs_key_arp *);
static void put_arp_key(const struct ovs_key_arp *, struct flow *);
Implement set-field for IPv6 ND fields (nd_target, nd_sll, and nd_tll). This patch adds set-field operations for nd_target, nd_sll, and nd_tll fields, with and without masks, using Nicira extensions and OpenFlow 1.2 protocol. Signed-off-by: Randall A Sharo <randall.sharo at navy.mil> Signed-off-by: Ben Pfaff <blp@nicira.com>
2014-12-23 23:42:05 +00:00
static void get_nd_key(const struct flow *, struct ovs_key_nd *);
static void put_nd_key(const struct ovs_key_nd *, struct flow *);
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
/* These share the same layout. */
union ovs_key_tp {
struct ovs_key_tcp tcp;
struct ovs_key_udp udp;
struct ovs_key_sctp sctp;
};
static void get_tp_key(const struct flow *, union ovs_key_tp *);
static void put_tp_key(const union ovs_key_tp *, struct flow *);
odp-util: fix bug in setting ipv4 frag flag mask This bug causes the flag mask to always mask only 1 bit, not the 2 bits possible. While at it, make the top 6 bits exact match. Bug #18834. Signed-off-by: Andy Zhou <azhou@nicira.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
2013-07-31 13:54:12 -07:00
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
static void
odp-util: Convert flow serialization parameters to a struct. Serializing between userspace flows and netlink attributes currently requires several additional parameters besides the flows themselves. This will continue to grow in the future as well. This converts the function arguments to a parameters struct, which makes the code easier to read and allowing irrelevant arguments to be omitted. Signed-off-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com>
2015-06-16 11:15:28 -07:00
odp_flow_key_from_flow__(const struct odp_flow_key_parms *parms,
bool export_mask, struct ofpbuf *buf)
flow: Separate "flow_t" from "struct odp_flow_key". The "struct odp_flow_key" used in the kernel datapath is conceptually separate from the "flow_t" used in userspace, but until now we have used the latter as a typedef for the former for convenience. This commit separates them. This makes it possible in upcoming commits to change them independently. This is cross-ported from the "wdp" branch, which has had it for months.
2010-10-11 13:31:35 -07:00
{
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
struct ovs_key_ethernet *eth_key;
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
size_t encap;
odp-util: Convert flow serialization parameters to a struct. Serializing between userspace flows and netlink attributes currently requires several additional parameters besides the flows themselves. This will continue to grow in the future as well. This converts the function arguments to a parameters struct, which makes the code easier to read and allowing irrelevant arguments to be omitted. Signed-off-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com>
2015-06-16 11:15:28 -07:00
const struct flow *flow = parms->flow;
const struct flow *data = export_mask ? parms->mask : parms->flow;
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
odp-util: Always export the priority and skb_mark netlink attributes. The current Netlink protocol allows a default value of zero if either mark or priority is not specified (this is part of the ABI). Until now, when userspace serializes either the value or mask, it looked at the value and omitted the netlink attribute if it is zero. This is a bug because an exact match on zero turns into a wildcard of the field. These two fields (plus input port and EtherType) are special because they can be omitted whereas most other values are required to be fully specified. These protocol variations tend to cause bugs (as above) when we evolve the protocol because an exception that makes sense in one context might not be logical in another. Since the default value for mark and priority are merely shorthands, we can push the protocol in a more consistent direction by ignoring the shortcut and always serializing the values. This is what this commits does. Signed-off-by: Andy Zhou <azhou@nicira.com> [blp@nicira.com added Jesse's text to the commit message] Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-03 12:23:15 -07:00
nl_msg_put_u32(buf, OVS_KEY_ATTR_PRIORITY, data->skb_priority);
datapath: Convert kernel priority actions into match/set. Following patch adds skb-priority to flow key. So userspace will know what was priority when packet arrived and we can remove the pop/reset priority action. It's no longer necessary to have a special action for pop that is based on the kernel remembering original skb->priority. Userspace can just emit a set priority action with the original value. Since the priority field is a match field with just a normal set action, we can convert it into the new model for actions that are based on matches. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #7715
2011-11-01 10:13:16 -07:00
odp-util: Always generate key/mask pair in netlink for recirc_id Currently netlink flow (and mask) recirc_id attribute is only serialized when the recirc_id value is non-zero. For this logic to work correctly, the interpretation of the missing recirc_id depends on whether the datapath supports recirculation. This patch remove the ambiguity of the meaning of missing recirc_id attribute in netlink message. When recirc_id is non-zero, or when it is not a wildcard match, both key and mask attributes are serialized. On the other hand, when recirc_id is zero, and being wildcarded, they are not serialized. A missing recirc_id key and mask attribute thus should always be interpreted as wildcard, same as other flow fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2014-04-17 23:13:46 -07:00
if (flow->tunnel.ip_dst || export_mask) {
odp-util: Pass down flow netlink attributes when translating masks. Sometimes we need to look at flow fields to understand how to parse an attribute. However, masks don't have this information - just the mask on the field. We already use the translated flow structure for this purpose but this isn't always enough since sometimes we actually need the raw netlink information. Fortunately, that is also readily available so this passes it down from the appropriate callers. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-19 13:54:13 -07:00
tun_key_to_attr(buf, &data->tunnel, &parms->flow->tunnel,
parms->key_buf);
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
}
flow: Rename skb_mark to pkt_mark. The skb_mark field is currently only available with the Linux datapath and is only used internally. However, it is desirable to expose this through OpenFlow and when it is exposed ideally it would not be system- specific. In preparation for this, skb_mark is rename to pkt_mark in internal data structures for consistency. This does not rename the Linux interfaces because doing so would break the API. It would not necessarily be desirable to do anyways since in Linux-specific code it is clearer to use the actual name rather than a generic one. This can lead to confusion in some places, however, because we do not always strictly separate generic and platform dependent code (one example is actions). This seems inevitable though at this point if the lower and upper layers have different names (as they must given the above requirements). Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2013-08-06 12:57:13 -07:00
nl_msg_put_u32(buf, OVS_KEY_ATTR_SKB_MARK, data->pkt_mark);
datapath: add skb mark matching and set action This patch adds support for skb mark matching and set action. Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ansis Atteka <aatteka@nicira.com>
2012-11-13 19:19:36 +02:00
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
if (parms->support.ct_state) {
nl_msg_put_u32(buf, OVS_KEY_ATTR_CT_STATE,
ovs_to_odp_ct_state(data->ct_state));
}
if (parms->support.ct_zone) {
nl_msg_put_u16(buf, OVS_KEY_ATTR_CT_ZONE, data->ct_zone);
}
Add connection tracking mark support. This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
if (parms->support.ct_mark) {
nl_msg_put_u32(buf, OVS_KEY_ATTR_CT_MARK, data->ct_mark);
}
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
if (parms->support.ct_label) {
nl_msg_put_unspec(buf, OVS_KEY_ATTR_CT_LABELS, &data->ct_label,
sizeof(data->ct_label));
}
odp-util: Share fields between odp and dpif_backer. Datapath support for some flow key fields is used inside ofproto-dpif as well as odp-util. Share these fields using the same structure. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-06-30 16:43:03 -07:00
if (parms->support.recirc) {
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
nl_msg_put_u32(buf, OVS_KEY_ATTR_RECIRC_ID, data->recirc_id);
nl_msg_put_u32(buf, OVS_KEY_ATTR_DP_HASH, data->dp_hash);
}
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
/* Add an ingress port attribute if this is a mask or 'odp_in_port'
* is not the magical value "ODPP_NONE". */
odp-util: Convert flow serialization parameters to a struct. Serializing between userspace flows and netlink attributes currently requires several additional parameters besides the flows themselves. This will continue to grow in the future as well. This converts the function arguments to a parameters struct, which makes the code easier to read and allowing irrelevant arguments to be omitted. Signed-off-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com>
2015-06-16 11:15:28 -07:00
if (export_mask || parms->odp_in_port != ODPP_NONE) {
nl_msg_put_odp_port(buf, OVS_KEY_ATTR_IN_PORT, parms->odp_in_port);
datapath: Allow a packet with no input port to omit OVS_KEY_ATTR_IN_PORT. When ovs-vswitchd executes actions on a synthesized packet, that is, on a packet that is not being forwarded from any particular port but is being generated by ovs-vswitchd itself or by an OpenFlow controller (using a OFPT_PACKET_OUT message with an in_port of OFPP_NONE), there is no good choice for the in_port to pass to the kernel in the flow in the OVS_PACKET_CMD_EXECUTE message. This commit allows ovs-vswitchd to omit the in_port entirely in this case. This fixes a bug in OFPT_PACKET_OUT: using an in_port of OFPP_NONE would cause the packet to be dropped by the kernel, since that's an invalid input port. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Reported-by: Aaron Rosen <arosen@clemson.edu>
2011-09-08 16:30:20 -07:00
}
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
eth_key = nl_msg_put_unspec_uninit(buf, OVS_KEY_ATTR_ETHERNET,
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
sizeof *eth_key);
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
get_ethernet_key(data, eth_key);
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
datapath: Don't drop packets with partial vlan tags. In the future it is likely that our vlan support will expand to include multiply tagged packets. When this happens, we would ideally like for it to be consistent with our current tagging. Currently, if we receive a packet with a partial VLAN tag we will automatically drop it in the kernel, which is unique among the protocols we support. The only other reason to drop a packet is a memory allocation error. For a doubly tagged packet, we will parse the first tag and indicate that another tag was present but do not drop if the second tag is incorrect as we do not parse it. This changes the behavior of the vlan parser to match other protocols and also deeper tags by indicating the presence of a broken tag with the 802.1Q EtherType but no vlan information. This shifts the policy decision to userspace on whether to drop broken tags and allows us to uniformly add new levels of tag parsing. Although additional levels of control are provided to userspace, this maintains the current behavior of dropping packets with a broken tag when using the NORMAL action because that is the correct behavior for an 802.1Q-aware switch. The userspace flow parser actually already had the new behavior so this corrects an inconsistency. Reported-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 17:19:41 -08:00
if (flow->vlan_tci != htons(0) || flow->dl_type == htons(ETH_TYPE_VLAN)) {
odp-util: Always generate key/mask pair in netlink for recirc_id Currently netlink flow (and mask) recirc_id attribute is only serialized when the recirc_id value is non-zero. For this logic to work correctly, the interpretation of the missing recirc_id depends on whether the datapath supports recirculation. This patch remove the ambiguity of the meaning of missing recirc_id attribute in netlink message. When recirc_id is non-zero, or when it is not a wildcard match, both key and mask attributes are serialized. On the other hand, when recirc_id is zero, and being wildcarded, they are not serialized. A missing recirc_id key and mask attribute thus should always be interpreted as wildcard, same as other flow fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2014-04-17 23:13:46 -07:00
if (export_mask) {
openvswitch/types.h: New macros OVS_BE16_MAX, OVS_BE32_MAX, OVS_BE64_MAX. These seem slightly nicer than e.g. htons(UINT16_MAX). Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-27 15:27:15 -07:00
nl_msg_put_be16(buf, OVS_KEY_ATTR_ETHERTYPE, OVS_BE16_MAX);
odp-util: Fix converting masked VLAN from flow. When converting the VLAN from a flow to an ODP key, the processing logic would always store the VLAN ethertype. However, when handling a mask, it should be a mask, not an ethertype. And since we don't support bit-wise masking of the ethertype, just make it an exact-match mask. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ethan Jackson <ethan@nicira.com>
2013-06-27 17:57:57 -07:00
} else {
nl_msg_put_be16(buf, OVS_KEY_ATTR_ETHERTYPE, htons(ETH_TYPE_VLAN));
}
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
nl_msg_put_be16(buf, OVS_KEY_ATTR_VLAN, data->vlan_tci);
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
encap = nl_msg_start_nested(buf, OVS_KEY_ATTR_ENCAP);
datapath: Don't drop packets with partial vlan tags. In the future it is likely that our vlan support will expand to include multiply tagged packets. When this happens, we would ideally like for it to be consistent with our current tagging. Currently, if we receive a packet with a partial VLAN tag we will automatically drop it in the kernel, which is unique among the protocols we support. The only other reason to drop a packet is a memory allocation error. For a doubly tagged packet, we will parse the first tag and indicate that another tag was present but do not drop if the second tag is incorrect as we do not parse it. This changes the behavior of the vlan parser to match other protocols and also deeper tags by indicating the presence of a broken tag with the 802.1Q EtherType but no vlan information. This shifts the policy decision to userspace on whether to drop broken tags and allows us to uniformly add new levels of tag parsing. Although additional levels of control are provided to userspace, this maintains the current behavior of dropping packets with a broken tag when using the NORMAL action because that is the correct behavior for an 802.1Q-aware switch. The userspace flow parser actually already had the new behavior so this corrects an inconsistency. Reported-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 17:19:41 -08:00
if (flow->vlan_tci == htons(0)) {
goto unencap;
}
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
} else {
encap = 0;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
}
if (ntohs(flow->dl_type) < ETH_TYPE_MIN) {
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
/* For backwards compatibility with kernels that don't support
* wildcarding, the following convention is used to encode the
* OVS_KEY_ATTR_ETHERTYPE for key and mask:
*
* key mask matches
* -------- -------- -------
* >0x5ff 0xffff Specified Ethernet II Ethertype.
* >0x5ff 0 Any Ethernet II or non-Ethernet II frame.
* <none> 0xffff Any non-Ethernet II frame (except valid
* 802.3 SNAP packet with valid eth_type).
*/
odp-util: Always generate key/mask pair in netlink for recirc_id Currently netlink flow (and mask) recirc_id attribute is only serialized when the recirc_id value is non-zero. For this logic to work correctly, the interpretation of the missing recirc_id depends on whether the datapath supports recirculation. This patch remove the ambiguity of the meaning of missing recirc_id attribute in netlink message. When recirc_id is non-zero, or when it is not a wildcard match, both key and mask attributes are serialized. On the other hand, when recirc_id is zero, and being wildcarded, they are not serialized. A missing recirc_id key and mask attribute thus should always be interpreted as wildcard, same as other flow fields. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2014-04-17 23:13:46 -07:00
if (export_mask) {
openvswitch/types.h: New macros OVS_BE16_MAX, OVS_BE32_MAX, OVS_BE64_MAX. These seem slightly nicer than e.g. htons(UINT16_MAX). Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-27 15:27:15 -07:00
nl_msg_put_be16(buf, OVS_KEY_ATTR_ETHERTYPE, OVS_BE16_MAX);
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
}
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
goto unencap;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
}
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
nl_msg_put_be16(buf, OVS_KEY_ATTR_ETHERTYPE, data->dl_type);
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
if (flow->dl_type == htons(ETH_TYPE_IP)) {
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
struct ovs_key_ipv4 *ipv4_key;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
ipv4_key = nl_msg_put_unspec_uninit(buf, OVS_KEY_ATTR_IPV4,
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
sizeof *ipv4_key);
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
get_ipv4_key(data, ipv4_key, export_mask);
nicira-ext: Support matching IPv6 traffic. Provides ability to match over IPv6 traffic in the same manner as IPv4. Currently, the matching fields include: - IPv6 source and destination addresses (ipv6_src and ipv6_dst) - Traffic Class (nw_tos) - Next Header (nw_proto) - ICMPv6 Type and Code (icmp_type and icmp_code) - TCP and UDP Ports over IPv6 (tp_src and tp_dst) When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 19:03:46 -08:00
} else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
struct ovs_key_ipv6 *ipv6_key;
nicira-ext: Support matching IPv6 traffic. Provides ability to match over IPv6 traffic in the same manner as IPv4. Currently, the matching fields include: - IPv6 source and destination addresses (ipv6_src and ipv6_dst) - Traffic Class (nw_tos) - Next Header (nw_proto) - ICMPv6 Type and Code (icmp_type and icmp_code) - TCP and UDP Ports over IPv6 (tp_src and tp_dst) When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 19:03:46 -08:00
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
ipv6_key = nl_msg_put_unspec_uninit(buf, OVS_KEY_ATTR_IPV6,
nicira-ext: Support matching IPv6 traffic. Provides ability to match over IPv6 traffic in the same manner as IPv4. Currently, the matching fields include: - IPv6 source and destination addresses (ipv6_src and ipv6_dst) - Traffic Class (nw_tos) - Next Header (nw_proto) - ICMPv6 Type and Code (icmp_type and icmp_code) - TCP and UDP Ports over IPv6 (tp_src and tp_dst) When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 19:03:46 -08:00
sizeof *ipv6_key);
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
get_ipv6_key(data, ipv6_key, export_mask);
Process RARP packets with ethertype 0x8035 similar to ARP packets. With this commit, OVS will match the data in the RARP packets having ethertype 0x8035, in the same way as the data in the ARP packets. Signed-off-by: Mehak Mahajan <mmahajan@nicira.com>
2012-11-02 11:43:46 -07:00
} else if (flow->dl_type == htons(ETH_TYPE_ARP) ||
flow->dl_type == htons(ETH_TYPE_RARP)) {
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
struct ovs_key_arp *arp_key;
nicira-ext: Support matching IPv6 traffic. Provides ability to match over IPv6 traffic in the same manner as IPv4. Currently, the matching fields include: - IPv6 source and destination addresses (ipv6_src and ipv6_dst) - Traffic Class (nw_tos) - Next Header (nw_proto) - ICMPv6 Type and Code (icmp_type and icmp_code) - TCP and UDP Ports over IPv6 (tp_src and tp_dst) When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 19:03:46 -08:00
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
arp_key = nl_msg_put_unspec_uninit(buf, OVS_KEY_ATTR_ARP,
sizeof *arp_key);
get_arp_key(data, arp_key);
Remove mpls_depth field from flow Rather than tracking the MPLS depth as a field in the flow, which is an entirely poor place for it, just track the delta to the MPLS depth during translation. This logic was developed while implementing recirculation and intended to be used to detect when recirculation should occur. This variant of the patch uses the logic to determine if processing of actions should stop due to an MPLS action which cannot be translated (without recirculation). A side-effect of this patch is that it resolves a bug whereby ovs-vswitchd will abort due to to an assertion on eth_type_mpls(ctx->xin->flow.dl_type) in compose_mpls_pop_action(() if the actions of a flow include pop_mpls twice without a push_mpls in between. Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-09-27 06:55:19 +09:00
} else if (eth_type_mpls(flow->dl_type)) {
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
struct ovs_key_mpls *mpls_key;
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
int i, n;
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
n = flow_count_mpls_labels(flow, NULL);
odp-util: Convert flow serialization parameters to a struct. Serializing between userspace flows and netlink attributes currently requires several additional parameters besides the flows themselves. This will continue to grow in the future as well. This converts the function arguments to a parameters struct, which makes the code easier to read and allowing irrelevant arguments to be omitted. Signed-off-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com>
2015-06-16 11:15:28 -07:00
if (export_mask) {
odp-util: Share fields between odp and dpif_backer. Datapath support for some flow key fields is used inside ofproto-dpif as well as odp-util. Share these fields using the same structure. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-06-30 16:43:03 -07:00
n = MIN(n, parms->support.max_mpls_depth);
odp-util: Convert flow serialization parameters to a struct. Serializing between userspace flows and netlink attributes currently requires several additional parameters besides the flows themselves. This will continue to grow in the future as well. This converts the function arguments to a parameters struct, which makes the code easier to read and allowing irrelevant arguments to be omitted. Signed-off-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com>
2015-06-16 11:15:28 -07:00
}
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
mpls_key = nl_msg_put_unspec_uninit(buf, OVS_KEY_ATTR_MPLS,
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
n * sizeof *mpls_key);
for (i = 0; i < n; i++) {
mpls_key[i].mpls_lse = data->mpls_lse[i];
}
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
}
packets: Create global helper is_ip_any(). Used outside of meta-flow in future patches. Signed-off-by: Ethan Jackson <ethan@nicira.com>
2013-01-22 19:38:32 -08:00
if (is_ip_any(flow) && !(flow->nw_frag & FLOW_NW_FRAG_LATER)) {
lib: Replace IP_TYPE_ references with IPPROTO_. A few common IP protocol types were defined in "lib/packets.h". However, we already assume the existence of <netinet/in.h> which contains a more exhaustive list and should be available on POSIX systems.
2011-02-02 11:33:20 -08:00
if (flow->nw_proto == IPPROTO_TCP) {
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
union ovs_key_tp *tcp_key;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
tcp_key = nl_msg_put_unspec_uninit(buf, OVS_KEY_ATTR_TCP,
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
sizeof *tcp_key);
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
get_tp_key(data, tcp_key);
TCP flags matching support. tcp_flags=flags/mask Bitwise match on TCP flags. The flags and mask are 16-bit num‐ bers written in decimal or in hexadecimal prefixed by 0x. Each 1-bit in mask requires that the corresponding bit in port must match. Each 0-bit in mask causes the corresponding bit to be ignored. TCP protocol currently defines 9 flag bits, and additional 3 bits are reserved (must be transmitted as zero), see RFCs 793, 3168, and 3540. The flag bits are, numbering from the least significant bit: 0: FIN No more data from sender. 1: SYN Synchronize sequence numbers. 2: RST Reset the connection. 3: PSH Push function. 4: ACK Acknowledgement field significant. 5: URG Urgent pointer field significant. 6: ECE ECN Echo. 7: CWR Congestion Windows Reduced. 8: NS Nonce Sum. 9-11: Reserved. 12-15: Not matchable, must be zero. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-10-28 13:54:40 -07:00
if (data->tcp_flags) {
nl_msg_put_be16(buf, OVS_KEY_ATTR_TCP_FLAGS, data->tcp_flags);
}
lib: Replace IP_TYPE_ references with IPPROTO_. A few common IP protocol types were defined in "lib/packets.h". However, we already assume the existence of <netinet/in.h> which contains a more exhaustive list and should be available on POSIX systems.
2011-02-02 11:33:20 -08:00
} else if (flow->nw_proto == IPPROTO_UDP) {
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
union ovs_key_tp *udp_key;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
udp_key = nl_msg_put_unspec_uninit(buf, OVS_KEY_ATTR_UDP,
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
sizeof *udp_key);
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
get_tp_key(data, udp_key);
ofproto-dpif: Add SCTP support Reviewed-by: Simon Horman <horms@verge.net.au> Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-22 20:24:44 +12:00
} else if (flow->nw_proto == IPPROTO_SCTP) {
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
union ovs_key_tp *sctp_key;
ofproto-dpif: Add SCTP support Reviewed-by: Simon Horman <horms@verge.net.au> Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-22 20:24:44 +12:00
sctp_key = nl_msg_put_unspec_uninit(buf, OVS_KEY_ATTR_SCTP,
sizeof *sctp_key);
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
get_tp_key(data, sctp_key);
nicira-ext: Support matching IPv6 traffic. Provides ability to match over IPv6 traffic in the same manner as IPv4. Currently, the matching fields include: - IPv6 source and destination addresses (ipv6_src and ipv6_dst) - Traffic Class (nw_tos) - Next Header (nw_proto) - ICMPv6 Type and Code (icmp_type and icmp_code) - TCP and UDP Ports over IPv6 (tp_src and tp_dst) When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 19:03:46 -08:00
} else if (flow->dl_type == htons(ETH_TYPE_IP)
&& flow->nw_proto == IPPROTO_ICMP) {
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
struct ovs_key_icmp *icmp_key;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
icmp_key = nl_msg_put_unspec_uninit(buf, OVS_KEY_ATTR_ICMP,
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
sizeof *icmp_key);
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
icmp_key->icmp_type = ntohs(data->tp_src);
icmp_key->icmp_code = ntohs(data->tp_dst);
nicira-ext: Support matching IPv6 traffic. Provides ability to match over IPv6 traffic in the same manner as IPv4. Currently, the matching fields include: - IPv6 source and destination addresses (ipv6_src and ipv6_dst) - Traffic Class (nw_tos) - Next Header (nw_proto) - ICMPv6 Type and Code (icmp_type and icmp_code) - TCP and UDP Ports over IPv6 (tp_src and tp_dst) When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 19:03:46 -08:00
} else if (flow->dl_type == htons(ETH_TYPE_IPV6)
&& flow->nw_proto == IPPROTO_ICMPV6) {
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
struct ovs_key_icmpv6 *icmpv6_key;
nicira-ext: Support matching IPv6 traffic. Provides ability to match over IPv6 traffic in the same manner as IPv4. Currently, the matching fields include: - IPv6 source and destination addresses (ipv6_src and ipv6_dst) - Traffic Class (nw_tos) - Next Header (nw_proto) - ICMPv6 Type and Code (icmp_type and icmp_code) - TCP and UDP Ports over IPv6 (tp_src and tp_dst) When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 19:03:46 -08:00
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
icmpv6_key = nl_msg_put_unspec_uninit(buf, OVS_KEY_ATTR_ICMPV6,
nicira-ext: Support matching IPv6 traffic. Provides ability to match over IPv6 traffic in the same manner as IPv4. Currently, the matching fields include: - IPv6 source and destination addresses (ipv6_src and ipv6_dst) - Traffic Class (nw_tos) - Next Header (nw_proto) - ICMPv6 Type and Code (icmp_type and icmp_code) - TCP and UDP Ports over IPv6 (tp_src and tp_dst) When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 19:03:46 -08:00
sizeof *icmpv6_key);
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
icmpv6_key->icmpv6_type = ntohs(data->tp_src);
icmpv6_key->icmpv6_code = ntohs(data->tp_dst);
nicira-ext: Support matching IPv6 Neighbor Discovery messages. IPv6 uses Neighbor Discovery messages in a similar manner to how IPv4 uses ARP. This commit adds support for matching deeper into the payloads of Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages. Currently, the matching fields include: - NS and NA Target (nd_target) - NS Source Link Layer Address (nd_sll) - NA Target Link Layer Address (nd_tll) When defining IPv6 Neighbor Discovery rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-02-01 22:54:11 -08:00
odp-util: Improve formatting of ND export to odp. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2014-05-15 15:56:30 +12:00
if (flow->tp_dst == htons(0)
&& (flow->tp_src == htons(ND_NEIGHBOR_SOLICIT)
|| flow->tp_src == htons(ND_NEIGHBOR_ADVERT))
&& (!export_mask || (data->tp_src == htons(0xffff)
&& data->tp_dst == htons(0xffff)))) {
Fix a bug in conversion between flow/mask and flow key In odp_flow_key_from_flow__(), when converting ICMPv6 flow/mask to flow/mask key, we should always use flow to check for whether ND informaition is present or not. In mask case, both type and code field should be masked, otherwise ND fields can be masked. Similarly in reverse conversion (parse_l2_5_onward()), we should have same check. Signed-off-by: Guolin Yang <gyang@nicira.com> [blp@nicira.com changed && to || in parse_l2_5_onward() Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2013-08-30 09:57:13 -07:00
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
struct ovs_key_nd *nd_key;
nicira-ext: Support matching IPv6 Neighbor Discovery messages. IPv6 uses Neighbor Discovery messages in a similar manner to how IPv4 uses ARP. This commit adds support for matching deeper into the payloads of Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages. Currently, the matching fields include: - NS and NA Target (nd_target) - NS Source Link Layer Address (nd_sll) - NA Target Link Layer Address (nd_tll) When defining IPv6 Neighbor Discovery rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-02-01 22:54:11 -08:00
datapath: Use "OVS_*" as opposed to "ODP_*" for user<->kernel interactions. The prefix "ODP_*" is not overly descriptive in the context of the larger Linux tree. This commit changes the prefix to "OVS_*" for the userpace to kernel interactions. The userspace libraries still use "ODP_" in many of their interfaces since it is more descriptive in the OVS oeuvre. Feature #6904 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-08-18 10:35:40 -07:00
nd_key = nl_msg_put_unspec_uninit(buf, OVS_KEY_ATTR_ND,
nicira-ext: Support matching IPv6 Neighbor Discovery messages. IPv6 uses Neighbor Discovery messages in a similar manner to how IPv4 uses ARP. This commit adds support for matching deeper into the payloads of Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages. Currently, the matching fields include: - NS and NA Target (nd_target) - NS Source Link Layer Address (nd_sll) - NA Target Link Layer Address (nd_tll) When defining IPv6 Neighbor Discovery rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-02-01 22:54:11 -08:00
sizeof *nd_key);
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
memcpy(nd_key->nd_target, &data->nd_target,
nicira-ext: Support matching IPv6 Neighbor Discovery messages. IPv6 uses Neighbor Discovery messages in a similar manner to how IPv4 uses ARP. This commit adds support for matching deeper into the payloads of Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages. Currently, the matching fields include: - NS and NA Target (nd_target) - NS Source Link Layer Address (nd_sll) - NA Target Link Layer Address (nd_tll) When defining IPv6 Neighbor Discovery rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-02-01 22:54:11 -08:00
sizeof nd_key->nd_target);
userspace: Define and use struct eth_addr. Define struct eth_addr and use it instead of a uint8_t array for all ethernet addresses in OVS userspace. The struct is always the right size, and it can be assigned without an explicit memcpy, which makes code more readable. "struct eth_addr" is a good type name for this as many utility functions are already named accordingly. struct eth_addr can be accessed as bytes as well as ovs_be16's, which makes the struct 16-bit aligned. All use seems to be 16-bit aligned, so some algorithms on the ethernet addresses can be made a bit more efficient making use of this fact. As the struct fits into a register (in 64-bit systems) we pass it by value when possible. This patch also changes the few uses of Linux specific ETH_ALEN to OVS's own ETH_ADDR_LEN, and removes the OFP_ETH_ALEN, as it is no longer needed. This work stemmed from a desire to make all struct flow members assignable for unrelated exploration purposes. However, I think this might be a nice code readability improvement by itself. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-08-28 14:55:11 -07:00
nd_key->nd_sll = data->arp_sha;
nd_key->nd_tll = data->arp_tha;
nicira-ext: Support matching IPv6 Neighbor Discovery messages. IPv6 uses Neighbor Discovery messages in a similar manner to how IPv4 uses ARP. This commit adds support for matching deeper into the payloads of Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages. Currently, the matching fields include: - NS and NA Target (nd_target) - NS Source Link Layer Address (nd_sll) - NA Target Link Layer Address (nd_tll) When defining IPv6 Neighbor Discovery rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-02-01 22:54:11 -08:00
}
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
}
}
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
unencap:
if (encap) {
nl_msg_end_nested(buf, encap);
}
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
}
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
/* Appends a representation of 'flow' as OVS_KEY_ATTR_* attributes to 'buf'.
*
* 'buf' must have at least ODPUTIL_FLOW_KEY_BYTES bytes of space, or be
odp-util: Convert flow serialization parameters to a struct. Serializing between userspace flows and netlink attributes currently requires several additional parameters besides the flows themselves. This will continue to grow in the future as well. This converts the function arguments to a parameters struct, which makes the code easier to read and allowing irrelevant arguments to be omitted. Signed-off-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com>
2015-06-16 11:15:28 -07:00
* capable of being expanded to allow for that much space. */
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
void
odp-util: Convert flow serialization parameters to a struct. Serializing between userspace flows and netlink attributes currently requires several additional parameters besides the flows themselves. This will continue to grow in the future as well. This converts the function arguments to a parameters struct, which makes the code easier to read and allowing irrelevant arguments to be omitted. Signed-off-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com>
2015-06-16 11:15:28 -07:00
odp_flow_key_from_flow(const struct odp_flow_key_parms *parms,
struct ofpbuf *buf)
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
{
odp-util: Convert flow serialization parameters to a struct. Serializing between userspace flows and netlink attributes currently requires several additional parameters besides the flows themselves. This will continue to grow in the future as well. This converts the function arguments to a parameters struct, which makes the code easier to read and allowing irrelevant arguments to be omitted. Signed-off-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com>
2015-06-16 11:15:28 -07:00
odp_flow_key_from_flow__(parms, false, buf);
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
}
/* Appends a representation of 'mask' as OVS_KEY_ATTR_* attributes to
odp-util: Convert flow serialization parameters to a struct. Serializing between userspace flows and netlink attributes currently requires several additional parameters besides the flows themselves. This will continue to grow in the future as well. This converts the function arguments to a parameters struct, which makes the code easier to read and allowing irrelevant arguments to be omitted. Signed-off-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com>
2015-06-16 11:15:28 -07:00
* 'buf'.
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
*
* 'buf' must have at least ODPUTIL_FLOW_KEY_BYTES bytes of space, or be
odp-util: Convert flow serialization parameters to a struct. Serializing between userspace flows and netlink attributes currently requires several additional parameters besides the flows themselves. This will continue to grow in the future as well. This converts the function arguments to a parameters struct, which makes the code easier to read and allowing irrelevant arguments to be omitted. Signed-off-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com>
2015-06-16 11:15:28 -07:00
* capable of being expanded to allow for that much space. */
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
void
odp-util: Convert flow serialization parameters to a struct. Serializing between userspace flows and netlink attributes currently requires several additional parameters besides the flows themselves. This will continue to grow in the future as well. This converts the function arguments to a parameters struct, which makes the code easier to read and allowing irrelevant arguments to be omitted. Signed-off-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com>
2015-06-16 11:15:28 -07:00
odp_flow_key_from_mask(const struct odp_flow_key_parms *parms,
struct ofpbuf *buf)
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
{
odp-util: Convert flow serialization parameters to a struct. Serializing between userspace flows and netlink attributes currently requires several additional parameters besides the flows themselves. This will continue to grow in the future as well. This converts the function arguments to a parameters struct, which makes the code easier to read and allowing irrelevant arguments to be omitted. Signed-off-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Andy Zhou <azhou@nicira.com>
2015-06-16 11:15:28 -07:00
odp_flow_key_from_flow__(parms, true, buf);
odp-util: Introduce odp_flow_key_from_mask(). Add a new function for converting a mask into a set of OVS_KEY_ATTR* attributes. This will be useful in a future commit. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-05 18:56:58 -07:00
}
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
dpif: Use explicit packet metadata. This helps reduce confusion about when a flow is a flow and when it is just metadata. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-12-30 15:58:58 -08:00
/* Generate ODP flow key from the given packet metadata */
void
odp_key_from_pkt_metadata(struct ofpbuf *buf, const struct pkt_metadata *md)
{
nl_msg_put_u32(buf, OVS_KEY_ATTR_PRIORITY, md->skb_priority);
if (md->tunnel.ip_dst) {
odp-util: Pass down flow netlink attributes when translating masks. Sometimes we need to look at flow fields to understand how to parse an attribute. However, masks don't have this information - just the mask on the field. We already use the translated flow structure for this purpose but this isn't always enough since sometimes we actually need the raw netlink information. Fortunately, that is also readily available so this passes it down from the appropriate callers. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-19 13:54:13 -07:00
tun_key_to_attr(buf, &md->tunnel, &md->tunnel, NULL);
dpif: Use explicit packet metadata. This helps reduce confusion about when a flow is a flow and when it is just metadata. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-12-30 15:58:58 -08:00
}
nl_msg_put_u32(buf, OVS_KEY_ATTR_SKB_MARK, md->pkt_mark);
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
if (md->ct_state) {
nl_msg_put_u32(buf, OVS_KEY_ATTR_CT_STATE,
ovs_to_odp_ct_state(md->ct_state));
if (md->ct_zone) {
nl_msg_put_u16(buf, OVS_KEY_ATTR_CT_ZONE, md->ct_zone);
}
Add connection tracking mark support. This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
if (md->ct_mark) {
nl_msg_put_u32(buf, OVS_KEY_ATTR_CT_MARK, md->ct_mark);
}
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
if (!ovs_u128_is_zero(&md->ct_label)) {
nl_msg_put_unspec(buf, OVS_KEY_ATTR_CT_LABELS, &md->ct_label,
sizeof(md->ct_label));
}
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
}
dpif: Use explicit packet metadata. This helps reduce confusion about when a flow is a flow and when it is just metadata. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-12-30 15:58:58 -08:00
/* Add an ingress port attribute if 'odp_in_port' is not the magical
* value "ODPP_NONE". */
lib: simplify flow_extract() API Change the flow_extract() API to accept struct pkt_metadata, instead of individual metadata fields. It will make the API more logical and easier to maintain when we need to expand metadata down the road. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>¬
2014-02-26 18:08:04 -08:00
if (md->in_port.odp_port != ODPP_NONE) {
nl_msg_put_odp_port(buf, OVS_KEY_ATTR_IN_PORT, md->in_port.odp_port);
dpif: Use explicit packet metadata. This helps reduce confusion about when a flow is a flow and when it is just metadata. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-12-30 15:58:58 -08:00
}
}
/* Generate packet metadata from the given ODP flow key. */
void
odp_key_to_pkt_metadata(const struct nlattr *key, size_t key_len,
struct pkt_metadata *md)
{
const struct nlattr *nla;
size_t left;
uint32_t wanted_attrs = 1u << OVS_KEY_ATTR_PRIORITY |
1u << OVS_KEY_ATTR_SKB_MARK | 1u << OVS_KEY_ATTR_TUNNEL |
1u << OVS_KEY_ATTR_IN_PORT;
tunnels: Don't initialize unnecessary packet metadata. The addition of Geneve options to packet metadata significantly expanded its size. It was reported that this can decrease performance for DPDK ports by up to 25% since we need to initialize the whole structure on each packet receive. It is not really necessary to zero out the entire structure because miniflow_extract() only copies the tunnel metadata when particular fields indicate that it is valid. Therefore, as long as we zero out these fields when the metadata is initialized and ensure that the rest of the structure is correctly set in the presence of a tunnel, we can avoid touching the tunnel fields on packet reception. Reported-by: Ciara Loftus <ciara.loftus@intel.com> Tested-by: Ciara Loftus <ciara.loftus@intel.com> Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-30 19:19:40 -07:00
pkt_metadata_init(md, ODPP_NONE);
dpif: Use explicit packet metadata. This helps reduce confusion about when a flow is a flow and when it is just metadata. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-12-30 15:58:58 -08:00
NL_ATTR_FOR_EACH (nla, left, key, key_len) {
uint16_t type = nl_attr_type(nla);
size_t len = nl_attr_get_size(nla);
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
int expected_len = odp_key_attr_len(ovs_flow_key_attr_lens,
OVS_KEY_ATTR_MAX, type);
dpif: Use explicit packet metadata. This helps reduce confusion about when a flow is a flow and when it is just metadata. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-12-30 15:58:58 -08:00
if (len != expected_len && expected_len >= 0) {
continue;
}
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
switch (type) {
case OVS_KEY_ATTR_RECIRC_ID:
md->recirc_id = nl_attr_get_u32(nla);
wanted_attrs &= ~(1u << OVS_KEY_ATTR_RECIRC_ID);
break;
case OVS_KEY_ATTR_DP_HASH:
md->dp_hash = nl_attr_get_u32(nla);
wanted_attrs &= ~(1u << OVS_KEY_ATTR_DP_HASH);
break;
case OVS_KEY_ATTR_PRIORITY:
dpif: Use explicit packet metadata. This helps reduce confusion about when a flow is a flow and when it is just metadata. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-12-30 15:58:58 -08:00
md->skb_priority = nl_attr_get_u32(nla);
wanted_attrs &= ~(1u << OVS_KEY_ATTR_PRIORITY);
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
break;
case OVS_KEY_ATTR_SKB_MARK:
dpif: Use explicit packet metadata. This helps reduce confusion about when a flow is a flow and when it is just metadata. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-12-30 15:58:58 -08:00
md->pkt_mark = nl_attr_get_u32(nla);
wanted_attrs &= ~(1u << OVS_KEY_ATTR_SKB_MARK);
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
break;
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
case OVS_KEY_ATTR_CT_STATE:
md->ct_state = odp_to_ovs_ct_state(nl_attr_get_u32(nla));
wanted_attrs &= ~(1u << OVS_KEY_ATTR_CT_STATE);
break;
case OVS_KEY_ATTR_CT_ZONE:
md->ct_zone = nl_attr_get_u16(nla);
wanted_attrs &= ~(1u << OVS_KEY_ATTR_CT_ZONE);
break;
Add connection tracking mark support. This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
case OVS_KEY_ATTR_CT_MARK:
md->ct_mark = nl_attr_get_u32(nla);
wanted_attrs &= ~(1u << OVS_KEY_ATTR_CT_MARK);
break;
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
case OVS_KEY_ATTR_CT_LABELS: {
const ovs_u128 *cl = nl_attr_get(nla);
md->ct_label = *cl;
wanted_attrs &= ~(1u << OVS_KEY_ATTR_CT_LABELS);
break;
}
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
case OVS_KEY_ATTR_TUNNEL: {
dpif: Use explicit packet metadata. This helps reduce confusion about when a flow is a flow and when it is just metadata. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-12-30 15:58:58 -08:00
enum odp_key_fitness res;
dpif-netdev: Translate Geneve options per-flow, not per-packet. The kernel implementation of Geneve options stores the TLV option data in the flow exactly as received, without any further parsing. This is then translated to known options for the purposes of matching on flow setup (which will then install a datapath flow in the form the kernel is expecting). The userspace implementation behaves a little bit differently - it looks up known options as each packet is received. The reason for this is there is a much tighter coupling between datapath and flow translation and the representation is generally expected to be the same. This works but it incurs work on a per-packet basis that could be done per-flow instead. This introduces a small translation step for Geneve packets between datapath and flow lookup for the userspace datapath in order to allow the same kind of processing that the kernel does. A side effect of this is that unknown options are now shown when flows dumped via ovs-appctl dpif/dump-flows, similar to the kernel. There is a second benefit to this as well: for some operations it is preferable to keep the options exactly as they were received on the wire, which this enables. One example is that for packets that are executed from ofproto-dpif-upcall to the datapath, this avoids the translation of Geneve metadata. Since this conversion is potentially lossy (for unknown options), keeping everything in the same format removes the possibility of dropping options if the packet comes back up to userspace and the Geneve option translation table has changed. To help with these types of operations, most functions can understand both formats of data and seamlessly do the right thing. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-06-29 18:01:59 -07:00
res = odp_tun_key_from_attr(nla, true, &md->tunnel);
dpif: Use explicit packet metadata. This helps reduce confusion about when a flow is a flow and when it is just metadata. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-12-30 15:58:58 -08:00
if (res == ODP_FIT_ERROR) {
memset(&md->tunnel, 0, sizeof md->tunnel);
} else if (res == ODP_FIT_PERFECT) {
wanted_attrs &= ~(1u << OVS_KEY_ATTR_TUNNEL);
}
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
break;
}
case OVS_KEY_ATTR_IN_PORT:
lib: simplify flow_extract() API Change the flow_extract() API to accept struct pkt_metadata, instead of individual metadata fields. It will make the API more logical and easier to maintain when we need to expand metadata down the road. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>¬
2014-02-26 18:08:04 -08:00
md->in_port.odp_port = nl_attr_get_odp_port(nla);
dpif: Use explicit packet metadata. This helps reduce confusion about when a flow is a flow and when it is just metadata. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-12-30 15:58:58 -08:00
wanted_attrs &= ~(1u << OVS_KEY_ATTR_IN_PORT);
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
break;
default:
break;
dpif: Use explicit packet metadata. This helps reduce confusion about when a flow is a flow and when it is just metadata. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-12-30 15:58:58 -08:00
}
if (!wanted_attrs) {
return; /* Have everything. */
}
}
}
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
uint32_t
odp_flow_key_hash(const struct nlattr *key, size_t key_len)
{
BUILD_ASSERT_DECL(!(NLA_ALIGNTO % sizeof(uint32_t)));
clang: Fix the alignment warning. This commit fixes the warning issued by 'clang' when pointer is casted to one with greater alignment. Signed-off-by: Alex Wang <alexw@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-07-22 15:47:19 -07:00
return hash_words(ALIGNED_CAST(const uint32_t *, key),
key_len / sizeof(uint32_t), 0);
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
}
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
static void
log_odp_key_attributes(struct vlog_rate_limit *rl, const char *title,
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
uint64_t attrs, int out_of_range_attr,
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
const struct nlattr *key, size_t key_len)
{
struct ds s;
int i;
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
if (VLOG_DROP_DBG(rl)) {
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
return;
}
ds_init(&s);
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
for (i = 0; i < 64; i++) {
if (attrs & (UINT64_C(1) << i)) {
odp-util: Avoid returning static data in ovs_key_attr_to_string(). Returning a static data buffer makes code more brittle and definitely not thread-safe, so this commit switches to using a caller-provided buffer instead. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ansis Atteka <aatteka@nicira.com>
2013-04-15 15:40:21 -07:00
char namebuf[OVS_KEY_ATTR_BUFSIZE];
ds_put_format(&s, " %s",
ovs_key_attr_to_string(i, namebuf, sizeof namebuf));
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
}
}
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
if (out_of_range_attr) {
ds_put_format(&s, " %d (and possibly others)", out_of_range_attr);
}
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
ds_put_cstr(&s, ": ");
odp_flow_key_format(key, key_len, &s);
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
VLOG_DBG("%s:%s", title, ds_cstr(&s));
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
ds_destroy(&s);
}
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
static uint8_t
odp_to_ovs_frag(uint8_t odp_frag, bool is_mask)
Implement new fragment handling policy. Until now, OVS has handled IP fragments more awkwardly than necessary. It has not been possible to match on L4 headers, even in fragments with offset 0 where they are actually present. This means that there was no way to implement ACLs that treat, say, different TCP ports differently, on fragmented traffic; instead, all decisions for fragment forwarding had to be made on the basis of L2 and L3 headers alone. This commit improves the situation significantly. It is still not possible to match on L4 headers in fragments with nonzero offset, because that information is simply not present in such fragments, but this commit adds the ability to match on L4 headers for fragments with zero offset. This means that it becomes possible to implement ACLs that drop such "first fragments" on the basis of L4 headers. In practice, that effectively blocks even fragmented traffic on an L4 basis, because the receiving IP stack cannot reassemble a full packet when the first fragment is missing. This commit works by adding a new "fragment type" to the kernel flow match and making it available through OpenFlow as a new NXM field named NXM_NX_IP_FRAG. Because OpenFlow 1.0 explicitly says that the L4 fields are always 0 for IP fragments, it adds a new OpenFlow fragment handling mode that fills in the L4 fields for "first fragments". It also enhances ovs-ofctl to allow users to configure this new fragment handling mode and to parse the new field. Signed-off-by: Ben Pfaff <blp@nicira.com> Bug #7557.
2011-10-19 21:33:44 -07:00
{
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
if (is_mask) {
return odp_frag ? FLOW_NW_FRAG_MASK : 0;
}
Don't overload IP TOS with the frag matching bits. This will be useful later when we add support for matching the ECN bits within the TOS field. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-02 18:17:36 -07:00
if (odp_frag > OVS_FRAG_TYPE_LATER) {
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
VLOG_ERR_RL(&rl, "invalid frag %"PRIu8" in flow key", odp_frag);
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
return 0xff; /* Error. */
Implement new fragment handling policy. Until now, OVS has handled IP fragments more awkwardly than necessary. It has not been possible to match on L4 headers, even in fragments with offset 0 where they are actually present. This means that there was no way to implement ACLs that treat, say, different TCP ports differently, on fragmented traffic; instead, all decisions for fragment forwarding had to be made on the basis of L2 and L3 headers alone. This commit improves the situation significantly. It is still not possible to match on L4 headers in fragments with nonzero offset, because that information is simply not present in such fragments, but this commit adds the ability to match on L4 headers for fragments with zero offset. This means that it becomes possible to implement ACLs that drop such "first fragments" on the basis of L4 headers. In practice, that effectively blocks even fragmented traffic on an L4 basis, because the receiving IP stack cannot reassemble a full packet when the first fragment is missing. This commit works by adding a new "fragment type" to the kernel flow match and making it available through OpenFlow as a new NXM field named NXM_NX_IP_FRAG. Because OpenFlow 1.0 explicitly says that the L4 fields are always 0 for IP fragments, it adds a new OpenFlow fragment handling mode that fills in the L4 fields for "first fragments". It also enhances ovs-ofctl to allow users to configure this new fragment handling mode and to parse the new field. Signed-off-by: Ben Pfaff <blp@nicira.com> Bug #7557.
2011-10-19 21:33:44 -07:00
}
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
return (odp_frag == OVS_FRAG_TYPE_NONE) ? 0
: (odp_frag == OVS_FRAG_TYPE_FIRST) ? FLOW_NW_FRAG_ANY
: FLOW_NW_FRAG_ANY | FLOW_NW_FRAG_LATER;
Implement new fragment handling policy. Until now, OVS has handled IP fragments more awkwardly than necessary. It has not been possible to match on L4 headers, even in fragments with offset 0 where they are actually present. This means that there was no way to implement ACLs that treat, say, different TCP ports differently, on fragmented traffic; instead, all decisions for fragment forwarding had to be made on the basis of L2 and L3 headers alone. This commit improves the situation significantly. It is still not possible to match on L4 headers in fragments with nonzero offset, because that information is simply not present in such fragments, but this commit adds the ability to match on L4 headers for fragments with zero offset. This means that it becomes possible to implement ACLs that drop such "first fragments" on the basis of L4 headers. In practice, that effectively blocks even fragmented traffic on an L4 basis, because the receiving IP stack cannot reassemble a full packet when the first fragment is missing. This commit works by adding a new "fragment type" to the kernel flow match and making it available through OpenFlow as a new NXM field named NXM_NX_IP_FRAG. Because OpenFlow 1.0 explicitly says that the L4 fields are always 0 for IP fragments, it adds a new OpenFlow fragment handling mode that fills in the L4 fields for "first fragments". It also enhances ovs-ofctl to allow users to configure this new fragment handling mode and to parse the new field. Signed-off-by: Ben Pfaff <blp@nicira.com> Bug #7557.
2011-10-19 21:33:44 -07:00
}
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
static bool
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
parse_flow_nlattrs(const struct nlattr *key, size_t key_len,
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
const struct nlattr *attrs[], uint64_t *present_attrsp,
int *out_of_range_attrp)
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
{
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(10, 10);
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
const struct nlattr *nla;
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
uint64_t present_attrs;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
size_t left;
odp-utils: Fix memory corruption while flow parsing. Currently, when flow attribute type is greater than OVS_KEY_ATTR_MAX, we can write into a random memory address causing corruption. Fix it. Bug #15702. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
2013-03-22 16:25:36 -07:00
BUILD_ASSERT(OVS_KEY_ATTR_MAX < CHAR_BIT * sizeof present_attrs);
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
present_attrs = 0;
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
*out_of_range_attrp = 0;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
NL_ATTR_FOR_EACH (nla, left, key, key_len) {
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
uint16_t type = nl_attr_type(nla);
size_t len = nl_attr_get_size(nla);
odp-util: Correctly generate wildcards when formating nested attributes. When formatting netlink attributes if no mask is present a wildcarded attribute is synthesized for the purposes of later processing. In the case of nested attributes this must be done recursively, filling in the correct attributes at each level rather than just generating a set of zeros of the correct size. This is done already but it always uses the attribute type for the top level keys - this corresponds to nested ENCAP attributes. However, we have several levels of potentially nested attributes for tunnels that each have their own types. This uses an approach similar to the kernel where we have sets of tables for the type of each attribute linked together by pointers. This allows the mask generation function to automatically traverse the nested attributes and always get the right types. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2015-05-20 11:57:35 -07:00
int expected_len = odp_key_attr_len(ovs_flow_key_attr_lens,
OVS_KEY_ATTR_MAX, type);
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
if (len != expected_len && expected_len >= 0) {
odp-util: Avoid returning static data in ovs_key_attr_to_string(). Returning a static data buffer makes code more brittle and definitely not thread-safe, so this commit switches to using a caller-provided buffer instead. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ansis Atteka <aatteka@nicira.com>
2013-04-15 15:40:21 -07:00
char namebuf[OVS_KEY_ATTR_BUFSIZE];
Avoid printf type modifiers not supported by MSVC C runtime library. The MSVC C library printf() implementation does not support the 'z', 't', 'j', or 'hh' format specifiers. This commit changes the Open vSwitch code to avoid those format specifiers, switching to standard macros from <inttypes.h> where available and inventing new macros resembling them where necessary. It also updates CodingStyle to specify the macros' use and adds a Makefile rule to report violations. Signed-off-by: Alin Serdean <aserdean@cloudbasesolutions.com> Co-authored-by: Ben Pfaff <blp@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-11-25 23:38:48 -08:00
VLOG_ERR_RL(&rl, "attribute %s has length %"PRIuSIZE" but should have "
odp-util: Avoid returning static data in ovs_key_attr_to_string(). Returning a static data buffer makes code more brittle and definitely not thread-safe, so this commit switches to using a caller-provided buffer instead. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ansis Atteka <aatteka@nicira.com>
2013-04-15 15:40:21 -07:00
"length %d", ovs_key_attr_to_string(type, namebuf,
sizeof namebuf),
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
len, expected_len);
return false;
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
}
odp-utils: Fix memory corruption while flow parsing. Currently, when flow attribute type is greater than OVS_KEY_ATTR_MAX, we can write into a random memory address causing corruption. Fix it. Bug #15702. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
2013-03-22 16:25:36 -07:00
if (type > OVS_KEY_ATTR_MAX) {
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
*out_of_range_attrp = type;
} else {
if (present_attrs & (UINT64_C(1) << type)) {
odp-util: Avoid returning static data in ovs_key_attr_to_string(). Returning a static data buffer makes code more brittle and definitely not thread-safe, so this commit switches to using a caller-provided buffer instead. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ansis Atteka <aatteka@nicira.com>
2013-04-15 15:40:21 -07:00
char namebuf[OVS_KEY_ATTR_BUFSIZE];
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
VLOG_ERR_RL(&rl, "duplicate %s attribute in flow key",
odp-util: Avoid returning static data in ovs_key_attr_to_string(). Returning a static data buffer makes code more brittle and definitely not thread-safe, so this commit switches to using a caller-provided buffer instead. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Ansis Atteka <aatteka@nicira.com>
2013-04-15 15:40:21 -07:00
ovs_key_attr_to_string(type,
namebuf, sizeof namebuf));
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
return false;
}
present_attrs |= UINT64_C(1) << type;
attrs[type] = nla;
}
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
}
if (left) {
VLOG_ERR_RL(&rl, "trailing garbage in flow key");
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
return false;
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
}
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
*present_attrsp = present_attrs;
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
return true;
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
}
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
static enum odp_key_fitness
check_expectations(uint64_t present_attrs, int out_of_range_attr,
uint64_t expected_attrs,
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
const struct nlattr *key, size_t key_len)
{
uint64_t missing_attrs;
uint64_t extra_attrs;
missing_attrs = expected_attrs & ~present_attrs;
if (missing_attrs) {
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(10, 10);
log_odp_key_attributes(&rl, "expected but not present",
missing_attrs, 0, key, key_len);
return ODP_FIT_TOO_LITTLE;
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
}
extra_attrs = present_attrs & ~expected_attrs;
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
if (extra_attrs || out_of_range_attr) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(10, 10);
log_odp_key_attributes(&rl, "present but not expected",
extra_attrs, out_of_range_attr, key, key_len);
return ODP_FIT_TOO_MUCH;
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
}
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
return ODP_FIT_PERFECT;
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
}
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
static bool
parse_ethertype(const struct nlattr *attrs[OVS_KEY_ATTR_MAX + 1],
uint64_t present_attrs, uint64_t *expected_attrs,
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
struct flow *flow, const struct flow *src_flow)
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
{
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
bool is_mask = flow != src_flow;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_ETHERTYPE)) {
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
flow->dl_type = nl_attr_get_be16(attrs[OVS_KEY_ATTR_ETHERTYPE]);
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
if (!is_mask && ntohs(flow->dl_type) < ETH_TYPE_MIN) {
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
VLOG_ERR_RL(&rl, "invalid Ethertype %"PRIu16" in flow key",
ntohs(flow->dl_type));
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
return false;
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
}
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
if (is_mask && ntohs(src_flow->dl_type) < ETH_TYPE_MIN &&
flow->dl_type != htons(0xffff)) {
return false;
}
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
*expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_ETHERTYPE;
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
} else {
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
if (!is_mask) {
flow->dl_type = htons(FLOW_DL_TYPE_NONE);
} else if (ntohs(src_flow->dl_type) < ETH_TYPE_MIN) {
/* See comments in odp_flow_key_from_flow__(). */
VLOG_ERR_RL(&rl, "mask expected for non-Ethernet II frame");
return false;
}
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
}
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
return true;
}
static enum odp_key_fitness
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
parse_l2_5_onward(const struct nlattr *attrs[OVS_KEY_ATTR_MAX + 1],
uint64_t present_attrs, int out_of_range_attr,
uint64_t expected_attrs, struct flow *flow,
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
const struct nlattr *key, size_t key_len,
odp-util: Fix code formatting. Tabs and spaces got mixed up, making the code harder to read. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-10-04 07:49:13 -07:00
const struct flow *src_flow)
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
{
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
bool is_mask = src_flow != flow;
const void *check_start = NULL;
size_t check_len = 0;
enum ovs_key_attr expected_bit = 0xff;
if (eth_type_mpls(src_flow->dl_type)) {
odp-util: Fix segfault in MPLS attribute parsing. Just because the ethertype is MPLS, this doesn't mean that the datapath understands and provides OVS_KEY_ATTR_MPLS attributes for the flow. Previously we would check the size of the OVS_KEY_ATTR_MPLS attribute before checking whether the attribute is present. This would cause a segfault in nl_attr_get_size(), usually triggered from a handler thread. This patch brings the MPLS parsing code more in line with the rest of the parse_l2_5_onward() function, by only processing MPLS if the attribute is present. Reported-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-10-31 14:05:46 -07:00
if (!is_mask || present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_MPLS)) {
odp-util: Fix code formatting. Tabs and spaces got mixed up, making the code harder to read. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-10-04 07:49:13 -07:00
expected_attrs |= (UINT64_C(1) << OVS_KEY_ATTR_MPLS);
odp-util: Fix segfault in MPLS attribute parsing. Just because the ethertype is MPLS, this doesn't mean that the datapath understands and provides OVS_KEY_ATTR_MPLS attributes for the flow. Previously we would check the size of the OVS_KEY_ATTR_MPLS attribute before checking whether the attribute is present. This would cause a segfault in nl_attr_get_size(), usually triggered from a handler thread. This patch brings the MPLS parsing code more in line with the rest of the parse_l2_5_onward() function, by only processing MPLS if the attribute is present. Reported-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-10-31 14:05:46 -07:00
}
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_MPLS)) {
size_t size = nl_attr_get_size(attrs[OVS_KEY_ATTR_MPLS]);
const ovs_be32 *mpls_lse = nl_attr_get(attrs[OVS_KEY_ATTR_MPLS]);
int n = size / sizeof(ovs_be32);
int i;
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
odp-util: Fix segfault in MPLS attribute parsing. Just because the ethertype is MPLS, this doesn't mean that the datapath understands and provides OVS_KEY_ATTR_MPLS attributes for the flow. Previously we would check the size of the OVS_KEY_ATTR_MPLS attribute before checking whether the attribute is present. This would cause a segfault in nl_attr_get_size(), usually triggered from a handler thread. This patch brings the MPLS parsing code more in line with the rest of the parse_l2_5_onward() function, by only processing MPLS if the attribute is present. Reported-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-10-31 14:05:46 -07:00
if (!size || size % sizeof(ovs_be32)) {
return ODP_FIT_ERROR;
odp-util: Fix code formatting. Tabs and spaces got mixed up, making the code harder to read. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-10-04 07:49:13 -07:00
}
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
if (flow->mpls_lse[0] && flow->dl_type != htons(0xffff)) {
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
return ODP_FIT_ERROR;
}
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
odp-util: Fix segfault in MPLS attribute parsing. Just because the ethertype is MPLS, this doesn't mean that the datapath understands and provides OVS_KEY_ATTR_MPLS attributes for the flow. Previously we would check the size of the OVS_KEY_ATTR_MPLS attribute before checking whether the attribute is present. This would cause a segfault in nl_attr_get_size(), usually triggered from a handler thread. This patch brings the MPLS parsing code more in line with the rest of the parse_l2_5_onward() function, by only processing MPLS if the attribute is present. Reported-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-10-31 14:05:46 -07:00
for (i = 0; i < n && i < FLOW_MAX_MPLS_LABELS; i++) {
flow->mpls_lse[i] = mpls_lse[i];
}
if (n > FLOW_MAX_MPLS_LABELS) {
return ODP_FIT_TOO_MUCH;
}
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
odp-util: Fix segfault in MPLS attribute parsing. Just because the ethertype is MPLS, this doesn't mean that the datapath understands and provides OVS_KEY_ATTR_MPLS attributes for the flow. Previously we would check the size of the OVS_KEY_ATTR_MPLS attribute before checking whether the attribute is present. This would cause a segfault in nl_attr_get_size(), usually triggered from a handler thread. This patch brings the MPLS parsing code more in line with the rest of the parse_l2_5_onward() function, by only processing MPLS if the attribute is present. Reported-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-10-31 14:05:46 -07:00
if (!is_mask) {
/* BOS may be set only in the innermost label. */
for (i = 0; i < n - 1; i++) {
if (flow->mpls_lse[i] & htonl(MPLS_BOS_MASK)) {
return ODP_FIT_ERROR;
}
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
}
odp-util: Fix segfault in MPLS attribute parsing. Just because the ethertype is MPLS, this doesn't mean that the datapath understands and provides OVS_KEY_ATTR_MPLS attributes for the flow. Previously we would check the size of the OVS_KEY_ATTR_MPLS attribute before checking whether the attribute is present. This would cause a segfault in nl_attr_get_size(), usually triggered from a handler thread. This patch brings the MPLS parsing code more in line with the rest of the parse_l2_5_onward() function, by only processing MPLS if the attribute is present. Reported-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-10-31 14:05:46 -07:00
/* BOS must be set in the innermost label. */
if (n < FLOW_MAX_MPLS_LABELS
&& !(flow->mpls_lse[n - 1] & htonl(MPLS_BOS_MASK))) {
return ODP_FIT_TOO_LITTLE;
}
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
}
}
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
goto done;
} else if (src_flow->dl_type == htons(ETH_TYPE_IP)) {
if (!is_mask) {
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_IPV4;
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
}
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_IPV4)) {
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
const struct ovs_key_ipv4 *ipv4_key;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
ipv4_key = nl_attr_get(attrs[OVS_KEY_ATTR_IPV4]);
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
put_ipv4_key(ipv4_key, flow, is_mask);
if (flow->nw_frag > FLOW_NW_FRAG_MASK) {
return ODP_FIT_ERROR;
}
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
if (is_mask) {
check_start = ipv4_key;
check_len = sizeof *ipv4_key;
expected_bit = OVS_KEY_ATTR_IPV4;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
}
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
}
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
} else if (src_flow->dl_type == htons(ETH_TYPE_IPV6)) {
if (!is_mask) {
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_IPV6;
}
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_IPV6)) {
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
const struct ovs_key_ipv6 *ipv6_key;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
ipv6_key = nl_attr_get(attrs[OVS_KEY_ATTR_IPV6]);
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
put_ipv6_key(ipv6_key, flow, is_mask);
if (flow->nw_frag > FLOW_NW_FRAG_MASK) {
return ODP_FIT_ERROR;
}
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
if (is_mask) {
check_start = ipv6_key;
check_len = sizeof *ipv6_key;
expected_bit = OVS_KEY_ATTR_IPV6;
nicira-ext: Support matching IPv6 traffic. Provides ability to match over IPv6 traffic in the same manner as IPv4. Currently, the matching fields include: - IPv6 source and destination addresses (ipv6_src and ipv6_dst) - Traffic Class (nw_tos) - Next Header (nw_proto) - ICMPv6 Type and Code (icmp_type and icmp_code) - TCP and UDP Ports over IPv6 (tp_src and tp_dst) When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 19:03:46 -08:00
}
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
}
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
} else if (src_flow->dl_type == htons(ETH_TYPE_ARP) ||
src_flow->dl_type == htons(ETH_TYPE_RARP)) {
if (!is_mask) {
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_ARP;
}
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_ARP)) {
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
const struct ovs_key_arp *arp_key;
nicira-ext: Support matching IPv6 traffic. Provides ability to match over IPv6 traffic in the same manner as IPv4. Currently, the matching fields include: - IPv6 source and destination addresses (ipv6_src and ipv6_dst) - Traffic Class (nw_tos) - Next Header (nw_proto) - ICMPv6 Type and Code (icmp_type and icmp_code) - TCP and UDP Ports over IPv6 (tp_src and tp_dst) When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 19:03:46 -08:00
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
arp_key = nl_attr_get(attrs[OVS_KEY_ATTR_ARP]);
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
if (!is_mask && (arp_key->arp_op & htons(0xff00))) {
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
VLOG_ERR_RL(&rl, "unsupported ARP opcode %"PRIu16" in flow "
"key", ntohs(arp_key->arp_op));
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
return ODP_FIT_ERROR;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
}
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
put_arp_key(arp_key, flow);
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
if (is_mask) {
check_start = arp_key;
check_len = sizeof *arp_key;
expected_bit = OVS_KEY_ATTR_ARP;
}
}
} else {
goto done;
}
lib/odp-util: Only use expected_bit when set. parse_l2_5_onward() previously used out of range 'expected_bit' when it was called with no attrs, which happens when parsing a mask with zero length. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-12-06 08:30:17 -08:00
if (check_len > 0) { /* Happens only when 'is_mask'. */
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
if (!is_all_zeros(check_start, check_len) &&
flow->dl_type != htons(0xffff)) {
return ODP_FIT_ERROR;
} else {
expected_attrs |= UINT64_C(1) << expected_bit;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
}
}
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
expected_bit = OVS_KEY_ATTR_UNSPEC;
if (src_flow->nw_proto == IPPROTO_TCP
&& (src_flow->dl_type == htons(ETH_TYPE_IP) ||
src_flow->dl_type == htons(ETH_TYPE_IPV6))
&& !(src_flow->nw_frag & FLOW_NW_FRAG_LATER)) {
if (!is_mask) {
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_TCP;
}
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_TCP)) {
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
const union ovs_key_tp *tcp_key;
datapath: Convert odp_flow_key to use Netlink attributes instead. One of the goals for Open vSwitch is to decouple kernel and userspace software, so that either one can be upgraded or rolled back independent of the other. To do this in full generality, it must be possible to change the kernel's idea of the flow key separately from the userspace version. In turn, that means that flow keys must become variable-length. This commit makes that change using Netlink attribute sequences. This commit does not actually make userspace flexible enough to handle changes in the kernel flow key structure, because userspace doesn't yet have enough information to do that intelligently. Upcoming commits will fix that. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-01-23 18:44:44 -08:00
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
tcp_key = nl_attr_get(attrs[OVS_KEY_ATTR_TCP]);
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
put_tp_key(tcp_key, flow);
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
expected_bit = OVS_KEY_ATTR_TCP;
}
TCP flags matching support. tcp_flags=flags/mask Bitwise match on TCP flags. The flags and mask are 16-bit num‐ bers written in decimal or in hexadecimal prefixed by 0x. Each 1-bit in mask requires that the corresponding bit in port must match. Each 0-bit in mask causes the corresponding bit to be ignored. TCP protocol currently defines 9 flag bits, and additional 3 bits are reserved (must be transmitted as zero), see RFCs 793, 3168, and 3540. The flag bits are, numbering from the least significant bit: 0: FIN No more data from sender. 1: SYN Synchronize sequence numbers. 2: RST Reset the connection. 3: PSH Push function. 4: ACK Acknowledgement field significant. 5: URG Urgent pointer field significant. 6: ECE ECN Echo. 7: CWR Congestion Windows Reduced. 8: NS Nonce Sum. 9-11: Reserved. 12-15: Not matchable, must be zero. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-10-28 13:54:40 -07:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_TCP_FLAGS)) {
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_TCP_FLAGS;
flow->tcp_flags = nl_attr_get_be16(attrs[OVS_KEY_ATTR_TCP_FLAGS]);
}
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
} else if (src_flow->nw_proto == IPPROTO_UDP
&& (src_flow->dl_type == htons(ETH_TYPE_IP) ||
src_flow->dl_type == htons(ETH_TYPE_IPV6))
&& !(src_flow->nw_frag & FLOW_NW_FRAG_LATER)) {
if (!is_mask) {
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_UDP;
Implement new fragment handling policy. Until now, OVS has handled IP fragments more awkwardly than necessary. It has not been possible to match on L4 headers, even in fragments with offset 0 where they are actually present. This means that there was no way to implement ACLs that treat, say, different TCP ports differently, on fragmented traffic; instead, all decisions for fragment forwarding had to be made on the basis of L2 and L3 headers alone. This commit improves the situation significantly. It is still not possible to match on L4 headers in fragments with nonzero offset, because that information is simply not present in such fragments, but this commit adds the ability to match on L4 headers for fragments with zero offset. This means that it becomes possible to implement ACLs that drop such "first fragments" on the basis of L4 headers. In practice, that effectively blocks even fragmented traffic on an L4 basis, because the receiving IP stack cannot reassemble a full packet when the first fragment is missing. This commit works by adding a new "fragment type" to the kernel flow match and making it available through OpenFlow as a new NXM field named NXM_NX_IP_FRAG. Because OpenFlow 1.0 explicitly says that the L4 fields are always 0 for IP fragments, it adds a new OpenFlow fragment handling mode that fills in the L4 fields for "first fragments". It also enhances ovs-ofctl to allow users to configure this new fragment handling mode and to parse the new field. Signed-off-by: Ben Pfaff <blp@nicira.com> Bug #7557.
2011-10-19 21:33:44 -07:00
}
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_UDP)) {
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
const union ovs_key_tp *udp_key;
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
udp_key = nl_attr_get(attrs[OVS_KEY_ATTR_UDP]);
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
put_tp_key(udp_key, flow);
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
expected_bit = OVS_KEY_ATTR_UDP;
}
odp-util: Parse SCTP correctly. We should be looking at 'src_flow' instead of 'flow'. Otherwise, parsing SCTP through odp_flow_key_to_mask will fail. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-10-30 00:44:32 -07:00
} else if (src_flow->nw_proto == IPPROTO_SCTP
&& (src_flow->dl_type == htons(ETH_TYPE_IP) ||
src_flow->dl_type == htons(ETH_TYPE_IPV6))
&& !(src_flow->nw_frag & FLOW_NW_FRAG_LATER)) {
ofproto-dpif: Add SCTP support Reviewed-by: Simon Horman <horms@verge.net.au> Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-22 20:24:44 +12:00
if (!is_mask) {
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_SCTP;
}
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_SCTP)) {
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
const union ovs_key_tp *sctp_key;
ofproto-dpif: Add SCTP support Reviewed-by: Simon Horman <horms@verge.net.au> Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-22 20:24:44 +12:00
sctp_key = nl_attr_get(attrs[OVS_KEY_ATTR_SCTP]);
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
put_tp_key(sctp_key, flow);
ofproto-dpif: Add SCTP support Reviewed-by: Simon Horman <horms@verge.net.au> Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-22 20:24:44 +12:00
expected_bit = OVS_KEY_ATTR_SCTP;
}
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
} else if (src_flow->nw_proto == IPPROTO_ICMP
&& src_flow->dl_type == htons(ETH_TYPE_IP)
&& !(src_flow->nw_frag & FLOW_NW_FRAG_LATER)) {
if (!is_mask) {
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_ICMP;
nicira-ext: Support matching IPv6 traffic. Provides ability to match over IPv6 traffic in the same manner as IPv4. Currently, the matching fields include: - IPv6 source and destination addresses (ipv6_src and ipv6_dst) - Traffic Class (nw_tos) - Next Header (nw_proto) - ICMPv6 Type and Code (icmp_type and icmp_code) - TCP and UDP Ports over IPv6 (tp_src and tp_dst) When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2010-12-29 19:03:46 -08:00
}
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_ICMP)) {
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
const struct ovs_key_icmp *icmp_key;
icmp_key = nl_attr_get(attrs[OVS_KEY_ATTR_ICMP]);
flow->tp_src = htons(icmp_key->icmp_type);
flow->tp_dst = htons(icmp_key->icmp_code);
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
expected_bit = OVS_KEY_ATTR_ICMP;
}
} else if (src_flow->nw_proto == IPPROTO_ICMPV6
&& src_flow->dl_type == htons(ETH_TYPE_IPV6)
&& !(src_flow->nw_frag & FLOW_NW_FRAG_LATER)) {
if (!is_mask) {
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_ICMPV6;
nicira-ext: Support matching IPv6 Neighbor Discovery messages. IPv6 uses Neighbor Discovery messages in a similar manner to how IPv4 uses ARP. This commit adds support for matching deeper into the payloads of Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages. Currently, the matching fields include: - NS and NA Target (nd_target) - NS Source Link Layer Address (nd_sll) - NA Target Link Layer Address (nd_tll) When defining IPv6 Neighbor Discovery rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2011-02-01 22:54:11 -08:00
}
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_ICMPV6)) {
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
const struct ovs_key_icmpv6 *icmpv6_key;
icmpv6_key = nl_attr_get(attrs[OVS_KEY_ATTR_ICMPV6]);
flow->tp_src = htons(icmpv6_key->icmpv6_type);
flow->tp_dst = htons(icmpv6_key->icmpv6_code);
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
expected_bit = OVS_KEY_ATTR_ICMPV6;
Fix a bug in conversion between flow/mask and flow key In odp_flow_key_from_flow__(), when converting ICMPv6 flow/mask to flow/mask key, we should always use flow to check for whether ND informaition is present or not. In mask case, both type and code field should be masked, otherwise ND fields can be masked. Similarly in reverse conversion (parse_l2_5_onward()), we should have same check. Signed-off-by: Guolin Yang <gyang@nicira.com> [blp@nicira.com changed && to || in parse_l2_5_onward() Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2013-08-30 09:57:13 -07:00
if (src_flow->tp_dst == htons(0) &&
(src_flow->tp_src == htons(ND_NEIGHBOR_SOLICIT) ||
src_flow->tp_src == htons(ND_NEIGHBOR_ADVERT))) {
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
if (!is_mask) {
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_ND;
}
datapath: Describe policy for extending flow key, implement needed changes. When the datapath was converted to use Netlink attributes for describing flow keys, I had a vague idea of how it could be smoothly extensible, but I didn't actually implement extensibility or carefully think it through. This commit adds a document that describes how flow keys can be extended in a compatible fashion and adapts the existing interface to match what it says. This commit doesn't actually implement extensibility. I already have a separate patch series out for that. This patch series borrows from that one heavily, but the extensibility series will need to be reworked somewhat once this one is in. This commit is only lightly tested because I don't have a good test setup for VLANs. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:56:43 -08:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_ND)) {
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
const struct ovs_key_nd *nd_key;
nd_key = nl_attr_get(attrs[OVS_KEY_ATTR_ND]);
memcpy(&flow->nd_target, nd_key->nd_target,
sizeof flow->nd_target);
userspace: Define and use struct eth_addr. Define struct eth_addr and use it instead of a uint8_t array for all ethernet addresses in OVS userspace. The struct is always the right size, and it can be assigned without an explicit memcpy, which makes code more readable. "struct eth_addr" is a good type name for this as many utility functions are already named accordingly. struct eth_addr can be accessed as bytes as well as ovs_be16's, which makes the struct 16-bit aligned. All use seems to be 16-bit aligned, so some algorithms on the ethernet addresses can be made a bit more efficient making use of this fact. As the struct fits into a register (in 64-bit systems) we pass it by value when possible. This patch also changes the few uses of Linux specific ETH_ALEN to OVS's own ETH_ADDR_LEN, and removes the OFP_ETH_ALEN, as it is no longer needed. This work stemmed from a desire to make all struct flow members assignable for unrelated exploration purposes. However, I think this might be a nice code readability improvement by itself. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-08-28 14:55:11 -07:00
flow->arp_sha = nd_key->nd_sll;
flow->arp_tha = nd_key->nd_tll;
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
if (is_mask) {
lib/util: Change is_all_zeros and is_all_ones to take a void *. is_all_zeros() and is_all_ones() operate on bytes, but just like with memset, it is easier to use if the first argument is a void *. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:19 -07:00
if (!is_all_zeros(nd_key, sizeof *nd_key) &&
Fix a bug in conversion between flow/mask and flow key In odp_flow_key_from_flow__(), when converting ICMPv6 flow/mask to flow/mask key, we should always use flow to check for whether ND informaition is present or not. In mask case, both type and code field should be masked, otherwise ND fields can be masked. Similarly in reverse conversion (parse_l2_5_onward()), we should have same check. Signed-off-by: Guolin Yang <gyang@nicira.com> [blp@nicira.com changed && to || in parse_l2_5_onward() Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2013-08-30 09:57:13 -07:00
(flow->tp_src != htons(0xffff) ||
flow->tp_dst != htons(0xffff))) {
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
return ODP_FIT_ERROR;
} else {
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_ND;
}
}
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
}
}
Implement new fragment handling policy. Until now, OVS has handled IP fragments more awkwardly than necessary. It has not been possible to match on L4 headers, even in fragments with offset 0 where they are actually present. This means that there was no way to implement ACLs that treat, say, different TCP ports differently, on fragmented traffic; instead, all decisions for fragment forwarding had to be made on the basis of L2 and L3 headers alone. This commit improves the situation significantly. It is still not possible to match on L4 headers in fragments with nonzero offset, because that information is simply not present in such fragments, but this commit adds the ability to match on L4 headers for fragments with zero offset. This means that it becomes possible to implement ACLs that drop such "first fragments" on the basis of L4 headers. In practice, that effectively blocks even fragmented traffic on an L4 basis, because the receiving IP stack cannot reassemble a full packet when the first fragment is missing. This commit works by adding a new "fragment type" to the kernel flow match and making it available through OpenFlow as a new NXM field named NXM_NX_IP_FRAG. Because OpenFlow 1.0 explicitly says that the L4 fields are always 0 for IP fragments, it adds a new OpenFlow fragment handling mode that fills in the L4 fields for "first fragments". It also enhances ovs-ofctl to allow users to configure this new fragment handling mode and to parse the new field. Signed-off-by: Ben Pfaff <blp@nicira.com> Bug #7557.
2011-10-19 21:33:44 -07:00
}
datapath: Allow flow key Netlink attributes to appear in any order. This is more conventional use of Netlink. For upstreaming, 'u64 attrs' can be changed to u32 and the uses of 1ULL can be changed to 1. Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2011-11-14 15:09:01 -08:00
}
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
if (is_mask && expected_bit != OVS_KEY_ATTR_UNSPEC) {
if ((flow->tp_src || flow->tp_dst) && flow->nw_proto != 0xff) {
return ODP_FIT_ERROR;
} else {
expected_attrs |= UINT64_C(1) << expected_bit;
}
}
Implement new fragment handling policy. Until now, OVS has handled IP fragments more awkwardly than necessary. It has not been possible to match on L4 headers, even in fragments with offset 0 where they are actually present. This means that there was no way to implement ACLs that treat, say, different TCP ports differently, on fragmented traffic; instead, all decisions for fragment forwarding had to be made on the basis of L2 and L3 headers alone. This commit improves the situation significantly. It is still not possible to match on L4 headers in fragments with nonzero offset, because that information is simply not present in such fragments, but this commit adds the ability to match on L4 headers for fragments with zero offset. This means that it becomes possible to implement ACLs that drop such "first fragments" on the basis of L4 headers. In practice, that effectively blocks even fragmented traffic on an L4 basis, because the receiving IP stack cannot reassemble a full packet when the first fragment is missing. This commit works by adding a new "fragment type" to the kernel flow match and making it available through OpenFlow as a new NXM field named NXM_NX_IP_FRAG. Because OpenFlow 1.0 explicitly says that the L4 fields are always 0 for IP fragments, it adds a new OpenFlow fragment handling mode that fills in the L4 fields for "first fragments". It also enhances ovs-ofctl to allow users to configure this new fragment handling mode and to parse the new field. Signed-off-by: Ben Pfaff <blp@nicira.com> Bug #7557.
2011-10-19 21:33:44 -07:00
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
done:
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
return check_expectations(present_attrs, out_of_range_attr, expected_attrs,
key, key_len);
}
/* Parse 802.1Q header then encapsulated L3 attributes. */
static enum odp_key_fitness
parse_8021q_onward(const struct nlattr *attrs[OVS_KEY_ATTR_MAX + 1],
uint64_t present_attrs, int out_of_range_attr,
uint64_t expected_attrs, struct flow *flow,
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
const struct nlattr *key, size_t key_len,
const struct flow *src_flow)
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
{
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
bool is_mask = src_flow != flow;
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
const struct nlattr *encap
= (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_ENCAP)
? attrs[OVS_KEY_ATTR_ENCAP] : NULL);
enum odp_key_fitness encap_fitness;
enum odp_key_fitness fitness;
Fix misspellings in comments and docs. Flagged with: https://github.com/lyda/misspell-check Run with: git ls-files | misspellings -f - Signed-off-by: Andy Hill <hillad@gmail.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-04 17:35:36 -05:00
/* Calculate fitness of outer attributes. */
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
if (!is_mask) {
expected_attrs |= ((UINT64_C(1) << OVS_KEY_ATTR_VLAN) |
(UINT64_C(1) << OVS_KEY_ATTR_ENCAP));
} else {
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_VLAN)) {
expected_attrs |= (UINT64_C(1) << OVS_KEY_ATTR_VLAN);
}
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_ENCAP)) {
expected_attrs |= (UINT64_C(1) << OVS_KEY_ATTR_ENCAP);
}
}
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
fitness = check_expectations(present_attrs, out_of_range_attr,
expected_attrs, key, key_len);
odp-util: Fix VLAN parsing behavior in parse_8021q_onward(). Anytime there is a VLAN the flow needs to properly reflect that. Keeping the TPID in dl_type never makes sense and will probably cause problems. The existing code did the right thing in the common case but not in corner cases where it returned ODP_FIT_TOO_MUCH or ODP_FIT_TOO_LITTLE (the cases where it returned an error don't matter since nothing looks at the flow in that case). Found by inspection. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-12-31 10:35:27 -08:00
/* Set vlan_tci.
* Remove the TPID from dl_type since it's not the real Ethertype. */
flow->dl_type = htons(0);
flow->vlan_tci = (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_VLAN)
? nl_attr_get_be16(attrs[OVS_KEY_ATTR_VLAN])
: htons(0));
if (!is_mask) {
if (!(present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_VLAN))) {
return ODP_FIT_TOO_LITTLE;
} else if (flow->vlan_tci == htons(0)) {
/* Corner case for a truncated 802.1Q header. */
if (fitness == ODP_FIT_PERFECT && nl_attr_get_size(encap)) {
return ODP_FIT_TOO_MUCH;
}
return fitness;
} else if (!(flow->vlan_tci & htons(VLAN_CFI))) {
VLOG_ERR_RL(&rl, "OVS_KEY_ATTR_VLAN 0x%04"PRIx16" is nonzero "
"but CFI bit is not set", ntohs(flow->vlan_tci));
return ODP_FIT_ERROR;
}
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
} else {
odp-util: Fix VLAN parsing behavior in parse_8021q_onward(). Anytime there is a VLAN the flow needs to properly reflect that. Keeping the TPID in dl_type never makes sense and will probably cause problems. The existing code did the right thing in the common case but not in corner cases where it returned ODP_FIT_TOO_MUCH or ODP_FIT_TOO_LITTLE (the cases where it returned an error don't matter since nothing looks at the flow in that case). Found by inspection. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-12-31 10:35:27 -08:00
if (!(present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_ENCAP))) {
return fitness;
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
}
}
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
/* Now parse the encapsulated attributes. */
if (!parse_flow_nlattrs(nl_attr_get(encap), nl_attr_get_size(encap),
attrs, &present_attrs, &out_of_range_attr)) {
return ODP_FIT_ERROR;
}
expected_attrs = 0;
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
if (!parse_ethertype(attrs, present_attrs, &expected_attrs, flow, src_flow)) {
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
return ODP_FIT_ERROR;
}
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
encap_fitness = parse_l2_5_onward(attrs, present_attrs, out_of_range_attr,
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
expected_attrs, flow, key, key_len,
src_flow);
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
/* The overall fitness is the worse of the outer and inner attributes. */
return MAX(fitness, encap_fitness);
}
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
static enum odp_key_fitness
odp_flow_key_to_flow__(const struct nlattr *key, size_t key_len,
odp-util: Pass down flow netlink attributes when translating masks. Sometimes we need to look at flow fields to understand how to parse an attribute. However, masks don't have this information - just the mask on the field. We already use the translated flow structure for this purpose but this isn't always enough since sometimes we actually need the raw netlink information. Fortunately, that is also readily available so this passes it down from the appropriate callers. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-19 13:54:13 -07:00
const struct nlattr *src_key, size_t src_key_len,
dpif-netdev: Translate Geneve options per-flow, not per-packet. The kernel implementation of Geneve options stores the TLV option data in the flow exactly as received, without any further parsing. This is then translated to known options for the purposes of matching on flow setup (which will then install a datapath flow in the form the kernel is expecting). The userspace implementation behaves a little bit differently - it looks up known options as each packet is received. The reason for this is there is a much tighter coupling between datapath and flow translation and the representation is generally expected to be the same. This works but it incurs work on a per-packet basis that could be done per-flow instead. This introduces a small translation step for Geneve packets between datapath and flow lookup for the userspace datapath in order to allow the same kind of processing that the kernel does. A side effect of this is that unknown options are now shown when flows dumped via ovs-appctl dpif/dump-flows, similar to the kernel. There is a second benefit to this as well: for some operations it is preferable to keep the options exactly as they were received on the wire, which this enables. One example is that for packets that are executed from ofproto-dpif-upcall to the datapath, this avoids the translation of Geneve metadata. Since this conversion is potentially lossy (for unknown options), keeping everything in the same format removes the possibility of dropping options if the packet comes back up to userspace and the Geneve option translation table has changed. To help with these types of operations, most functions can understand both formats of data and seamlessly do the right thing. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-06-29 18:01:59 -07:00
struct flow *flow, const struct flow *src_flow,
bool udpif)
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
{
const struct nlattr *attrs[OVS_KEY_ATTR_MAX + 1];
uint64_t expected_attrs;
uint64_t present_attrs;
int out_of_range_attr;
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
bool is_mask = src_flow != flow;
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
memset(flow, 0, sizeof *flow);
/* Parse attributes. */
if (!parse_flow_nlattrs(key, key_len, attrs, &present_attrs,
&out_of_range_attr)) {
return ODP_FIT_ERROR;
}
expected_attrs = 0;
/* Metadata. */
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_RECIRC_ID)) {
flow->recirc_id = nl_attr_get_u32(attrs[OVS_KEY_ATTR_RECIRC_ID]);
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_RECIRC_ID;
} else if (is_mask) {
odp-util: Fix a comment. The comment was very specific to one user of the function, and had a typo. This change reflects the wider effect of the case. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-05-13 10:07:18 +12:00
/* Always exact match recirc_id if it is not specified. */
dpif-netdev: user space datapath recirculation Add basic recirculation infrastructure and user space data path support for it. The following bond mega flow patch will make use of this infrastructure. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-03-04 15:36:03 -08:00
flow->recirc_id = UINT32_MAX;
}
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_DP_HASH)) {
flow->dp_hash = nl_attr_get_u32(attrs[OVS_KEY_ATTR_DP_HASH]);
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_DP_HASH;
}
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_PRIORITY)) {
flow: Rename 'priority' to 'skb_priority'. This priority's mean is completely different from the priority of an OpenFlow rule, so it is confusing for it to have the same name. We should be on the lookout for a less Linux-specific name, but this one seems fine for now. Signed-off-by: Ben Pfaff <blp@nicira.com>
2011-12-21 15:52:23 -08:00
flow->skb_priority = nl_attr_get_u32(attrs[OVS_KEY_ATTR_PRIORITY]);
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_PRIORITY;
}
datapath: add skb mark matching and set action This patch adds support for skb mark matching and set action. Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ansis Atteka <aatteka@nicira.com>
2012-11-13 19:19:36 +02:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_SKB_MARK)) {
flow: Rename skb_mark to pkt_mark. The skb_mark field is currently only available with the Linux datapath and is only used internally. However, it is desirable to expose this through OpenFlow and when it is exposed ideally it would not be system- specific. In preparation for this, skb_mark is rename to pkt_mark in internal data structures for consistency. This does not rename the Linux interfaces because doing so would break the API. It would not necessarily be desirable to do anyways since in Linux-specific code it is clearer to use the actual name rather than a generic one. This can lead to confusion in some places, however, because we do not always strictly separate generic and platform dependent code (one example is actions). This seems inevitable though at this point if the lower and upper layers have different names (as they must given the above requirements). Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Andy Zhou <azhou@nicira.com>
2013-08-06 12:57:13 -07:00
flow->pkt_mark = nl_attr_get_u32(attrs[OVS_KEY_ATTR_SKB_MARK]);
datapath: add skb mark matching and set action This patch adds support for skb mark matching and set action. Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ansis Atteka <aatteka@nicira.com>
2012-11-13 19:19:36 +02:00
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_SKB_MARK;
}
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_CT_STATE)) {
uint32_t odp_state = nl_attr_get_u32(attrs[OVS_KEY_ATTR_CT_STATE]);
flow->ct_state = odp_to_ovs_ct_state(odp_state);
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_CT_STATE;
}
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_CT_ZONE)) {
flow->ct_zone = nl_attr_get_u16(attrs[OVS_KEY_ATTR_CT_ZONE]);
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_CT_ZONE;
}
Add connection tracking mark support. This patch adds a new 32-bit metadata field to the connection tracking interface. When a mark is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_mark" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a mark with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_CT_MARK)) {
flow->ct_mark = nl_attr_get_u32(attrs[OVS_KEY_ATTR_CT_MARK]);
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_CT_MARK;
}
Add connection tracking label support. This patch adds a new 128-bit metadata field to the connection tracking interface. When a label is specified as part of the ct action and the connection is committed, the value is saved with the current connection. Subsequent ct lookups with the table specified will expose this metadata as the "ct_label" field in the flow. For example, to allow new TCP connections from port 1->2 and only allow established connections from port 2->1, and to associate a label with those connections: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_label)),2 table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1) table=1,in_port=2,ct_state=+trk,ct_label=1,tcp,action=1 Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-10-13 11:13:10 -07:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_CT_LABELS)) {
const ovs_u128 *cl = nl_attr_get(attrs[OVS_KEY_ATTR_CT_LABELS]);
flow->ct_label = *cl;
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_CT_LABELS;
}
Add support for connection tracking. This patch adds a new action and fields to OVS that allow connection tracking to be performed. This support works in conjunction with the Linux kernel support merged into the Linux-4.3 development cycle. Packets have two possible states with respect to connection tracking: Untracked packets have not previously passed through the connection tracker, while tracked packets have previously been through the connection tracker. For OpenFlow pipeline processing, untracked packets can become tracked, and they will remain tracked until the end of the pipeline. Tracked packets cannot become untracked. Connections can be unknown, uncommitted, or committed. Packets which are untracked have unknown connection state. To know the connection state, the packet must become tracked. Uncommitted connections have no connection state stored about them, so it is only possible for the connection tracker to identify whether they are a new connection or whether they are invalid. Committed connections have connection state stored beyond the lifetime of the packet, which allows later packets in the same connection to be identified as part of the same established connection, or related to an existing connection - for instance ICMP error responses. The new 'ct' action transitions the packet from "untracked" to "tracked" by sending this flow through the connection tracker. The following parameters are supported initally: - "commit": When commit is executed, the connection moves from uncommitted state to committed state. This signals that information about the connection should be stored beyond the lifetime of the packet within the pipeline. This allows future packets in the same connection to be recognized as part of the same "established" (est) connection, as well as identifying packets in the reply (rpl) direction, or packets related to an existing connection (rel). - "zone=[u16|NXM]": Perform connection tracking in the zone specified. Each zone is an independent connection tracking context. When the "commit" parameter is used, the connection will only be committed in the specified zone, and not in other zones. This is 0 by default. - "table=NUMBER": Fork pipeline processing in two. The original instance of the packet will continue processing the current actions list as an untracked packet. An additional instance of the packet will be sent to the connection tracker, which will be re-injected into the OpenFlow pipeline to resume processing in the specified table, with the ct_state and other ct match fields set. If the table is not specified, then the packet is submitted to the connection tracker, but the pipeline does not fork and the ct match fields are not populated. It is strongly recommended to specify a table later than the current table to prevent loops. When the "table" option is used, the packet that continues processing in the specified table will have the ct_state populated. The ct_state may have any of the following flags set: - Tracked (trk): Connection tracking has occurred. - Reply (rpl): The flow is in the reply direction. - Invalid (inv): The connection tracker couldn't identify the connection. - New (new): This is the beginning of a new connection. - Established (est): This is part of an already existing connection. - Related (rel): This connection is related to an existing connection. For more information, consult the ovs-ofctl(8) man pages. Below is a simple example flow table to allow outbound TCP traffic from port 1 and drop traffic from port 2 that was not initiated by port 1: table=0,priority=1,action=drop table=0,arp,action=normal table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2 table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1) table=1,in_port=2,ct_state=+trk+est,tcp,action=1 table=1,in_port=2,ct_state=+trk+new,tcp,action=drop Based on original design by Justin Pettit, contributions from Thomas Graf and Daniele Di Proietto. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
datapath: More flexible kernel/userspace tunneling attribute. Following patch breaks down single ipv4_tunnel netlink attribute into individual member attributes. It will help when we extend tunneling parameters in future. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #14611
2013-01-18 18:10:59 -08:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_TUNNEL)) {
enum odp_key_fitness res;
Add ODP level handling of OVS_KEY_ATTR_IPV4_TUNNEL. Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
2012-12-21 10:44:38 +02:00
dpif-netdev: Translate Geneve options per-flow, not per-packet. The kernel implementation of Geneve options stores the TLV option data in the flow exactly as received, without any further parsing. This is then translated to known options for the purposes of matching on flow setup (which will then install a datapath flow in the form the kernel is expecting). The userspace implementation behaves a little bit differently - it looks up known options as each packet is received. The reason for this is there is a much tighter coupling between datapath and flow translation and the representation is generally expected to be the same. This works but it incurs work on a per-packet basis that could be done per-flow instead. This introduces a small translation step for Geneve packets between datapath and flow lookup for the userspace datapath in order to allow the same kind of processing that the kernel does. A side effect of this is that unknown options are now shown when flows dumped via ovs-appctl dpif/dump-flows, similar to the kernel. There is a second benefit to this as well: for some operations it is preferable to keep the options exactly as they were received on the wire, which this enables. One example is that for packets that are executed from ofproto-dpif-upcall to the datapath, this avoids the translation of Geneve metadata. Since this conversion is potentially lossy (for unknown options), keeping everything in the same format removes the possibility of dropping options if the packet comes back up to userspace and the Geneve option translation table has changed. To help with these types of operations, most functions can understand both formats of data and seamlessly do the right thing. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-06-29 18:01:59 -07:00
res = odp_tun_key_from_attr__(attrs[OVS_KEY_ATTR_TUNNEL],
is_mask ? src_key : NULL,
odp-util: Pass down flow netlink attributes when translating masks. Sometimes we need to look at flow fields to understand how to parse an attribute. However, masks don't have this information - just the mask on the field. We already use the translated flow structure for this purpose but this isn't always enough since sometimes we actually need the raw netlink information. Fortunately, that is also readily available so this passes it down from the appropriate callers. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-19 13:54:13 -07:00
src_key_len, &src_flow->tunnel,
dpif-netdev: Translate Geneve options per-flow, not per-packet. The kernel implementation of Geneve options stores the TLV option data in the flow exactly as received, without any further parsing. This is then translated to known options for the purposes of matching on flow setup (which will then install a datapath flow in the form the kernel is expecting). The userspace implementation behaves a little bit differently - it looks up known options as each packet is received. The reason for this is there is a much tighter coupling between datapath and flow translation and the representation is generally expected to be the same. This works but it incurs work on a per-packet basis that could be done per-flow instead. This introduces a small translation step for Geneve packets between datapath and flow lookup for the userspace datapath in order to allow the same kind of processing that the kernel does. A side effect of this is that unknown options are now shown when flows dumped via ovs-appctl dpif/dump-flows, similar to the kernel. There is a second benefit to this as well: for some operations it is preferable to keep the options exactly as they were received on the wire, which this enables. One example is that for packets that are executed from ofproto-dpif-upcall to the datapath, this avoids the translation of Geneve metadata. Since this conversion is potentially lossy (for unknown options), keeping everything in the same format removes the possibility of dropping options if the packet comes back up to userspace and the Geneve option translation table has changed. To help with these types of operations, most functions can understand both formats of data and seamlessly do the right thing. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-06-29 18:01:59 -07:00
&flow->tunnel, udpif);
datapath: More flexible kernel/userspace tunneling attribute. Following patch breaks down single ipv4_tunnel netlink attribute into individual member attributes. It will help when we extend tunneling parameters in future. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com> Bug #14611
2013-01-18 18:10:59 -08:00
if (res == ODP_FIT_ERROR) {
return ODP_FIT_ERROR;
} else if (res == ODP_FIT_PERFECT) {
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_TUNNEL;
Add ODP level handling of OVS_KEY_ATTR_IPV4_TUNNEL. Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
2012-12-21 10:44:38 +02:00
}
}
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_IN_PORT)) {
Create specific types for ofp and odp port Until now, datapath ports and openflow ports were both represented by unsigned integers of various sizes. With implicit conversions, etc., it is easy to mix them up and use one where the other is expected. This commit creates two typedefs, ofp_port_t and odp_port_t. Both of these two types are marked by "__attribute__((bitwise))" so that sparse can be used to detect any misuse. Signed-off-by: Alex Wang <alexw@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 16:58:44 -07:00
flow->in_port.odp_port
= nl_attr_get_odp_port(attrs[OVS_KEY_ATTR_IN_PORT]);
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_IN_PORT;
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
} else if (!is_mask) {
Create specific types for ofp and odp port Until now, datapath ports and openflow ports were both represented by unsigned integers of various sizes. With implicit conversions, etc., it is easy to mix them up and use one where the other is expected. This commit creates two typedefs, ofp_port_t and odp_port_t. Both of these two types are marked by "__attribute__((bitwise))" so that sparse can be used to detect any misuse. Signed-off-by: Alex Wang <alexw@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-06-19 16:58:44 -07:00
flow->in_port.odp_port = ODPP_NONE;
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
}
/* Ethernet header. */
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_ETHERNET)) {
const struct ovs_key_ethernet *eth_key;
eth_key = nl_attr_get(attrs[OVS_KEY_ATTR_ETHERNET]);
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
put_ethernet_key(eth_key, flow);
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
if (is_mask) {
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_ETHERNET;
}
}
if (!is_mask) {
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_ETHERNET;
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
}
/* Get Ethertype or 802.1Q TPID or FLOW_DL_TYPE_NONE. */
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
if (!parse_ethertype(attrs, present_attrs, &expected_attrs, flow,
src_flow)) {
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
return ODP_FIT_ERROR;
}
odp-util: Simplify logic in odp_flow_key_to_flow__(). Simplify (a && b) || (!a && c) to just a ? b : c. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-12-31 10:36:19 -08:00
if (is_mask
? (src_flow->vlan_tci & htons(VLAN_CFI)) != 0
: src_flow->dl_type == htons(ETH_TYPE_VLAN)) {
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
return parse_8021q_onward(attrs, present_attrs, out_of_range_attr,
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
expected_attrs, flow, key, key_len, src_flow);
}
if (is_mask) {
dpif-netdev: Exact match non-presence of vlans. The Netlink encoding of datapath flow keys cannot express wildcarding the presence of a VLAN tag. Instead, a missing VLAN tag is interpreted as exact match on the fact that there is no VLAN. This makes reading datapath flow dumps confusing, since for everything else, a missing key value means that the corresponding key was wildcarded. Unless we refactor a lot of code that translates between Netlink and struct flow representations, we have to do the same in the userspace datapath. This makes at least the flow install logs show that the vlan_tci field is matched to zero. However, the datapath flow dumps remain as they were before, as they are performed using the netlink format. Add a test to verify that packet with a vlan will not match a rule that may seem wildcarding the presence of the vlan tag. Applying this test without the userspace datapath modification showed that the userspace datapath failed to create a new datapath flow for the VLAN packet before this patch. Reported-by: Tony van der Peet <tony.vanderpeet@gmail.com> Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 17:47:37 -07:00
/* A missing VLAN mask means exact match on vlan_tci 0 (== no VLAN). */
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
flow->vlan_tci = htons(0xffff);
if (present_attrs & (UINT64_C(1) << OVS_KEY_ATTR_VLAN)) {
flow->vlan_tci = nl_attr_get_be16(attrs[OVS_KEY_ATTR_VLAN]);
expected_attrs |= (UINT64_C(1) << OVS_KEY_ATTR_VLAN);
}
ofproto-dpif: Support differing user/kernel packet parsing support. Feature #4886.
2011-11-23 10:26:02 -08:00
}
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
return parse_l2_5_onward(attrs, present_attrs, out_of_range_attr,
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
expected_attrs, flow, key, key_len, src_flow);
}
/* Converts the 'key_len' bytes of OVS_KEY_ATTR_* attributes in 'key' to a flow
* structure in 'flow'. Returns an ODP_FIT_* value that indicates how well
* 'key' fits our expectations for what a flow key should contain.
*
* The 'in_port' will be the datapath's understanding of the port. The
* caller will need to translate with odp_port_to_ofp_port() if the
* OpenFlow port is needed.
*
* This function doesn't take the packet itself as an argument because none of
* the currently understood OVS_KEY_ATTR_* attributes require it. Currently,
* it is always possible to infer which additional attribute(s) should appear
* by looking at the attributes for lower-level protocols, e.g. if the network
* protocol in OVS_KEY_ATTR_IPV4 or OVS_KEY_ATTR_IPV6 is IPPROTO_TCP then we
* know that a OVS_KEY_ATTR_TCP attribute must appear and that otherwise it
* must be absent. */
enum odp_key_fitness
odp_flow_key_to_flow(const struct nlattr *key, size_t key_len,
struct flow *flow)
{
dpif-netdev: Translate Geneve options per-flow, not per-packet. The kernel implementation of Geneve options stores the TLV option data in the flow exactly as received, without any further parsing. This is then translated to known options for the purposes of matching on flow setup (which will then install a datapath flow in the form the kernel is expecting). The userspace implementation behaves a little bit differently - it looks up known options as each packet is received. The reason for this is there is a much tighter coupling between datapath and flow translation and the representation is generally expected to be the same. This works but it incurs work on a per-packet basis that could be done per-flow instead. This introduces a small translation step for Geneve packets between datapath and flow lookup for the userspace datapath in order to allow the same kind of processing that the kernel does. A side effect of this is that unknown options are now shown when flows dumped via ovs-appctl dpif/dump-flows, similar to the kernel. There is a second benefit to this as well: for some operations it is preferable to keep the options exactly as they were received on the wire, which this enables. One example is that for packets that are executed from ofproto-dpif-upcall to the datapath, this avoids the translation of Geneve metadata. Since this conversion is potentially lossy (for unknown options), keeping everything in the same format removes the possibility of dropping options if the packet comes back up to userspace and the Geneve option translation table has changed. To help with these types of operations, most functions can understand both formats of data and seamlessly do the right thing. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-06-29 18:01:59 -07:00
return odp_flow_key_to_flow__(key, key_len, NULL, 0, flow, flow, false);
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
}
odp-util: Pass down flow netlink attributes when translating masks. Sometimes we need to look at flow fields to understand how to parse an attribute. However, masks don't have this information - just the mask on the field. We already use the translated flow structure for this purpose but this isn't always enough since sometimes we actually need the raw netlink information. Fortunately, that is also readily available so this passes it down from the appropriate callers. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-19 13:54:13 -07:00
/* Converts the 'mask_key_len' bytes of OVS_KEY_ATTR_* attributes in 'mask_key'
* to a mask structure in 'mask'. 'flow' must be a previously translated flow
* corresponding to 'mask' and similarly flow_key/flow_key_len must be the
* attributes from that flow. Returns an ODP_FIT_* value that indicates how
* well 'key' fits our expectations for what a flow key should contain. */
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
enum odp_key_fitness
odp-util: Pass down flow netlink attributes when translating masks. Sometimes we need to look at flow fields to understand how to parse an attribute. However, masks don't have this information - just the mask on the field. We already use the translated flow structure for this purpose but this isn't always enough since sometimes we actually need the raw netlink information. Fortunately, that is also readily available so this passes it down from the appropriate callers. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-19 13:54:13 -07:00
odp_flow_key_to_mask(const struct nlattr *mask_key, size_t mask_key_len,
const struct nlattr *flow_key, size_t flow_key_len,
odp-util: New function odp_flow_key_to_mask(). With megaflow support, there is API to convert mask to nlattr key based format. This change introduces API to do the reverse conversion. We leverage the existing odp_flow_key_to_flow() API to reuse the code. Signed-off-by: Guolin Yang <gyang@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-20 10:40:50 -07:00
struct flow *mask, const struct flow *flow)
{
odp-util: Pass down flow netlink attributes when translating masks. Sometimes we need to look at flow fields to understand how to parse an attribute. However, masks don't have this information - just the mask on the field. We already use the translated flow structure for this purpose but this isn't always enough since sometimes we actually need the raw netlink information. Fortunately, that is also readily available so this passes it down from the appropriate callers. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-19 13:54:13 -07:00
return odp_flow_key_to_flow__(mask_key, mask_key_len, flow_key, flow_key_len,
dpif-netdev: Translate Geneve options per-flow, not per-packet. The kernel implementation of Geneve options stores the TLV option data in the flow exactly as received, without any further parsing. This is then translated to known options for the purposes of matching on flow setup (which will then install a datapath flow in the form the kernel is expecting). The userspace implementation behaves a little bit differently - it looks up known options as each packet is received. The reason for this is there is a much tighter coupling between datapath and flow translation and the representation is generally expected to be the same. This works but it incurs work on a per-packet basis that could be done per-flow instead. This introduces a small translation step for Geneve packets between datapath and flow lookup for the userspace datapath in order to allow the same kind of processing that the kernel does. A side effect of this is that unknown options are now shown when flows dumped via ovs-appctl dpif/dump-flows, similar to the kernel. There is a second benefit to this as well: for some operations it is preferable to keep the options exactly as they were received on the wire, which this enables. One example is that for packets that are executed from ofproto-dpif-upcall to the datapath, this avoids the translation of Geneve metadata. Since this conversion is potentially lossy (for unknown options), keeping everything in the same format removes the possibility of dropping options if the packet comes back up to userspace and the Geneve option translation table has changed. To help with these types of operations, most functions can understand both formats of data and seamlessly do the right thing. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-06-29 18:01:59 -07:00
mask, flow, false);
}
/* These functions are similar to their non-"_udpif" variants but output a
* 'flow' that is suitable for fast-path packet processing.
*
* Some fields have different representation for flow setup and per-
* packet processing (i.e. different between ofproto-dpif and userspace
* datapath). In particular, with the non-"_udpif" functions, struct
* tun_metadata is in the per-flow format (using 'present.map' and 'opts.u8');
* with these functions, struct tun_metadata is in the per-packet format
* (using 'present.len' and 'opts.gnv'). */
enum odp_key_fitness
odp_flow_key_to_flow_udpif(const struct nlattr *key, size_t key_len,
struct flow *flow)
{
return odp_flow_key_to_flow__(key, key_len, NULL, 0, flow, flow, true);
}
enum odp_key_fitness
odp_flow_key_to_mask_udpif(const struct nlattr *mask_key, size_t mask_key_len,
const struct nlattr *flow_key, size_t flow_key_len,
struct flow *mask, const struct flow *flow)
{
return odp_flow_key_to_flow__(mask_key, mask_key_len, flow_key, flow_key_len,
mask, flow, true);
flow: Separate "flow_t" from "struct odp_flow_key". The "struct odp_flow_key" used in the kernel datapath is conceptually separate from the "flow_t" used in userspace, but until now we have used the latter as a typedef for the former for convenience. This commit separates them. This makes it possible in upcoming commits to change them independently. This is cross-ported from the "wdp" branch, which has had it for months.
2010-10-11 13:31:35 -07:00
}
odp-util: New function factored out of put_userspace_action(). An upcoming patch to odp-util will add a new user, but this seems like a reasonable change in any case.
2011-10-25 16:54:42 -07:00
ofproto-dpif: Implement self-check of flow translations. One of the major tasks of ofproto-dpif is to translate OpenFlow actions into "ODP" datapath actions. These translations are essentially a cache that requires revalidation when certain state changes occur. For best performance it's important to revalidate flows only when necessary, so from time to time Open vSwitch has gotten this wrong, which meant that stale flows could persist in the kernel and cause surprising behavior. This commit implements a simple "self check": every trip through the Open vSwitch main loop randomly chooses one flow entry and checks that its actions have been correctly translated. If not, Open vSwitch logs the details of the problem. This should help find problems more quickly in the future. Signed-off-by: Ben Pfaff <blp@nicira.com>
2012-01-16 12:37:44 -08:00
/* Returns 'fitness' as a string, for use in debug messages. */
const char *
odp_key_fitness_to_string(enum odp_key_fitness fitness)
{
switch (fitness) {
case ODP_FIT_PERFECT:
return "OK";
case ODP_FIT_TOO_MUCH:
return "too_much";
case ODP_FIT_TOO_LITTLE:
return "too_little";
case ODP_FIT_ERROR:
return "error";
default:
return "<unknown>";
}
}
odp-util: New function factored out of put_userspace_action(). An upcoming patch to odp-util will add a new user, but this seems like a reasonable change in any case.
2011-10-25 16:54:42 -07:00
/* Appends an OVS_ACTION_ATTR_USERSPACE action to 'odp_actions' that specifies
Allow OVS_USERSPACE_ATTR_USERDATA to be variable length. Until now, the optional OVS_USERSPACE_ATTR_USERDATA attribute had to be exactly 64 bits long, if it was present. However, 64 bits is not enough space to associate as much information with a flow as would be convenient for some userspace features now under development. This commit generalizes the attribute, allowing it to be any length. This generalization is backward-compatible: if userspace only uses 64-bit attributes, then it will not see any change in behavior. CC: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-02-15 16:48:32 -08:00
* Netlink PID 'pid'. If 'userdata' is nonnull, adds a userdata attribute
* whose contents are the 'userdata_size' bytes at 'userdata' and returns the
* offset within 'odp_actions' of the start of the cookie. (If 'userdata' is
* null, then the return value is not meaningful.) */
odp-util: New function factored out of put_userspace_action(). An upcoming patch to odp-util will add a new user, but this seems like a reasonable change in any case.
2011-10-25 16:54:42 -07:00
size_t
Allow OVS_USERSPACE_ATTR_USERDATA to be variable length. Until now, the optional OVS_USERSPACE_ATTR_USERDATA attribute had to be exactly 64 bits long, if it was present. However, 64 bits is not enough space to associate as much information with a flow as would be convenient for some userspace features now under development. This commit generalizes the attribute, allowing it to be any length. This generalization is backward-compatible: if userspace only uses 64-bit attributes, then it will not see any change in behavior. CC: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-02-15 16:48:32 -08:00
odp_put_userspace_action(uint32_t pid,
const void *userdata, size_t userdata_size,
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
odp_port_t tunnel_out_port,
Extend sFlow agent to report tunnel and MPLS structures Packets are still sampled at ingress only, so the egress tunnel and/or MPLS structures are only included when there is just 1 output port. The actions are either provided by the datapath in the sample upcall or looked up in the userspace cache. The former is preferred because it is more reliable and does not present any new demands or constraints on the userspace cache, however the code falls back on the userspace lookup so that this solution can work with existing kernel datapath modules. If the lookup fails it is not critical: the compiled user-action-cookie is still available and provides the essential output port and output VLAN forwarding information just as before. The openvswitch actions can express almost any tunneling/mangling so the only totally faithful representation would be to somehow encode the whole list of flow actions in the sFlow output. However the standard sFlow tunnel structures can express most common real-world scenarios, so in parsing the actions we look for those and skip the encoding if we see anything unusual. For example, a single set(tunnel()) or tnl_push() is interpreted, but if a second such action is encountered then the egress tunnel reporting is suppressed. The sFlow standard allows "best effort" encoding so that if a field is not knowable or too onerous to look up then it can be left out. This is often the case for the layer-4 source port or even the src ip address of a tunnel. The assumption is that monitoring is enabled everywhere so a missing field can typically be seen at ingress to the next switch in the path. This patch also adds unit tests to check the sFlow encoding of set(tunnel()), tnl_push() and push_mpls() actions. The netlink attribute to request that actions be included in the upcall from the datapath is inserted for sFlow sampling only. To make that option be explicit would require further changes to the printing and parsing of actions in lib/odp-util.c, and to scripts in the test suite. Further enhancements to report on 802.1AD QinQ, 64-bit tunnel IDs, and NAT transformations can follow in future patches that make only incremental changes. Signed-off-by: Neil McKee <neil.mckee@inmon.com> [blp@nicira.com made stylistic and semantic changes] Signed-off-by: Ben Pfaff <blp@nicira.com>
2015-07-17 21:37:02 -07:00
bool include_actions,
odp-util: New function factored out of put_userspace_action(). An upcoming patch to odp-util will add a new user, but this seems like a reasonable change in any case.
2011-10-25 16:54:42 -07:00
struct ofpbuf *odp_actions)
{
Allow OVS_USERSPACE_ATTR_USERDATA to be variable length. Until now, the optional OVS_USERSPACE_ATTR_USERDATA attribute had to be exactly 64 bits long, if it was present. However, 64 bits is not enough space to associate as much information with a flow as would be convenient for some userspace features now under development. This commit generalizes the attribute, allowing it to be any length. This generalization is backward-compatible: if userspace only uses 64-bit attributes, then it will not see any change in behavior. CC: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-02-15 16:48:32 -08:00
size_t userdata_ofs;
odp-util: New function factored out of put_userspace_action(). An upcoming patch to odp-util will add a new user, but this seems like a reasonable change in any case.
2011-10-25 16:54:42 -07:00
size_t offset;
offset = nl_msg_start_nested(odp_actions, OVS_ACTION_ATTR_USERSPACE);
nl_msg_put_u32(odp_actions, OVS_USERSPACE_ATTR_PID, pid);
Allow OVS_USERSPACE_ATTR_USERDATA to be variable length. Until now, the optional OVS_USERSPACE_ATTR_USERDATA attribute had to be exactly 64 bits long, if it was present. However, 64 bits is not enough space to associate as much information with a flow as would be convenient for some userspace features now under development. This commit generalizes the attribute, allowing it to be any length. This generalization is backward-compatible: if userspace only uses 64-bit attributes, then it will not see any change in behavior. CC: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-02-15 16:48:32 -08:00
if (userdata) {
ofpbuf: Simplify ofpbuf API. ofpbuf was complicated due to its wide usage across all layers of OVS, Now we have introduced independent dp_packet which can be used for datapath packet, we can simplify ofpbuf. Following patch removes DPDK mbuf and access API of ofpbuf members. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-03-02 17:29:44 -08:00
userdata_ofs = odp_actions->size + NLA_HDRLEN;
odp-util: Fix IPFIX breakage with old kernel modules. Before commit e995e3df57ea (Allow OVS_USERSPACE_ATTR_USERDATA to be variable length.) userdata attributes in userspace actions were expected to be exactly 64 bits long. The kernel only actually enforced that they were at least 64 bits long (the previously referenced commit's log message contains misinformation on this account). Initially this was no problem, because all of the userdata that userspace actually used was exactly 8 bytes long. Commit 29089a540c (Implement IPFIX export), however, exposed a problem by reducing the length of userdata for IPFIX support to just 4 bytes. This meant that IPFIX no longer worked on older datapaths, because the userdata was no longer at least 8 bytes long. This commit fixes the problem by padding out userdata attributes less than 8 bytes long to 8 bytes. CC: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Romain Lenglet <rlenglet at vmware.com>
2013-10-07 14:26:28 -07:00
/* The OVS kernel module before OVS 1.11 and the upstream Linux kernel
* module before Linux 3.10 required the userdata to be exactly 8 bytes
* long:
*
* - The kernel rejected shorter userdata with -ERANGE.
*
* - The kernel silently dropped userdata beyond the first 8 bytes.
*
* Thus, for maximum compatibility, always put at least 8 bytes. (We
* separately disable features that required more than 8 bytes.) */
memcpy(nl_msg_put_unspec_zero(odp_actions, OVS_USERSPACE_ATTR_USERDATA,
MAX(8, userdata_size)),
userdata, userdata_size);
Allow OVS_USERSPACE_ATTR_USERDATA to be variable length. Until now, the optional OVS_USERSPACE_ATTR_USERDATA attribute had to be exactly 64 bits long, if it was present. However, 64 bits is not enough space to associate as much information with a flow as would be convenient for some userspace features now under development. This commit generalizes the attribute, allowing it to be any length. This generalization is backward-compatible: if userspace only uses 64-bit attributes, then it will not see any change in behavior. CC: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-02-15 16:48:32 -08:00
} else {
userdata_ofs = 0;
odp-util: New function factored out of put_userspace_action(). An upcoming patch to odp-util will add a new user, but this seems like a reasonable change in any case.
2011-10-25 16:54:42 -07:00
}
Extend OVS IPFIX exporter to export tunnel headers Extend IPFIX exporter to export tunnel headers when both input and output of the port. Add three other_config options in IPFIX table: enable-input-sampling, enable-output-sampling and enable-tunnel-sampling, to control whether sampling tunnel info, on which direction (input or output). Insert sampling action before output action and the output tunnel port is sent to datapath in the sampling action. Make datapath collect output tunnel info and send it back to userpace in upcall message with a new additional optional attribute. Add a tunnel ports map to make the tunnel port lookup faster in sampling upcalls in IPFIX exporter. Make the IPFIX exporter generate IPFIX template sets with enterprise elements for the tunnel info, save the tunnel info in IPFIX cache entries, and send IPFIX DATA with tunnel info. Add flowDirection element in IPFIX templates. Signed-off-by: Wenyu Zhang <wenyuz@vmware.com> Acked-by: Romain Lenglet <rlenglet@vmware.com> Acked-by: Ben Pfaff <blp@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com>
2014-08-17 20:19:36 -07:00
if (tunnel_out_port != ODPP_NONE) {
nl_msg_put_odp_port(odp_actions, OVS_USERSPACE_ATTR_EGRESS_TUN_PORT,
tunnel_out_port);
}
Extend sFlow agent to report tunnel and MPLS structures Packets are still sampled at ingress only, so the egress tunnel and/or MPLS structures are only included when there is just 1 output port. The actions are either provided by the datapath in the sample upcall or looked up in the userspace cache. The former is preferred because it is more reliable and does not present any new demands or constraints on the userspace cache, however the code falls back on the userspace lookup so that this solution can work with existing kernel datapath modules. If the lookup fails it is not critical: the compiled user-action-cookie is still available and provides the essential output port and output VLAN forwarding information just as before. The openvswitch actions can express almost any tunneling/mangling so the only totally faithful representation would be to somehow encode the whole list of flow actions in the sFlow output. However the standard sFlow tunnel structures can express most common real-world scenarios, so in parsing the actions we look for those and skip the encoding if we see anything unusual. For example, a single set(tunnel()) or tnl_push() is interpreted, but if a second such action is encountered then the egress tunnel reporting is suppressed. The sFlow standard allows "best effort" encoding so that if a field is not knowable or too onerous to look up then it can be left out. This is often the case for the layer-4 source port or even the src ip address of a tunnel. The assumption is that monitoring is enabled everywhere so a missing field can typically be seen at ingress to the next switch in the path. This patch also adds unit tests to check the sFlow encoding of set(tunnel()), tnl_push() and push_mpls() actions. The netlink attribute to request that actions be included in the upcall from the datapath is inserted for sFlow sampling only. To make that option be explicit would require further changes to the printing and parsing of actions in lib/odp-util.c, and to scripts in the test suite. Further enhancements to report on 802.1AD QinQ, 64-bit tunnel IDs, and NAT transformations can follow in future patches that make only incremental changes. Signed-off-by: Neil McKee <neil.mckee@inmon.com> [blp@nicira.com made stylistic and semantic changes] Signed-off-by: Ben Pfaff <blp@nicira.com>
2015-07-17 21:37:02 -07:00
if (include_actions) {
nl_msg_put_flag(odp_actions, OVS_USERSPACE_ATTR_ACTIONS);
}
odp-util: New function factored out of put_userspace_action(). An upcoming patch to odp-util will add a new user, but this seems like a reasonable change in any case.
2011-10-25 16:54:42 -07:00
nl_msg_end_nested(odp_actions, offset);
Allow OVS_USERSPACE_ATTR_USERDATA to be variable length. Until now, the optional OVS_USERSPACE_ATTR_USERDATA attribute had to be exactly 64 bits long, if it was present. However, 64 bits is not enough space to associate as much information with a flow as would be convenient for some userspace features now under development. This commit generalizes the attribute, allowing it to be any length. This generalization is backward-compatible: if userspace only uses 64-bit attributes, then it will not see any change in behavior. CC: Romain Lenglet <rlenglet@vmware.com> Signed-off-by: Ben Pfaff <blp@nicira.com> Acked-by: Jesse Gross <jesse@nicira.com>
2013-02-15 16:48:32 -08:00
return userdata_ofs;
odp-util: New function factored out of put_userspace_action(). An upcoming patch to odp-util will add a new user, but this seems like a reasonable change in any case.
2011-10-25 16:54:42 -07:00
}
lib: Switch to flow based tunneling. With this patch, ovs-vswitchd uses flow based tunneling exclusively. I.E. each kind of tunnel shares a single tunnel backer in the datapath. Tunnel headers are set by userspace using the ipv4_tunnel datapath action. And, the configuration of individual tunnels is now a userspace responsibility, so netdev-vport no longer marshals and unmarshals Netlink attributes for tunnel configuration, instead only storing the configuration internally. There are still some significant pieces of work to do, but the basic building blocks are there to begin testing. Signed-off-by: Ethan Jackson <ethan@nicira.com> Co-authored-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
2012-12-14 19:14:54 -08:00
void
odp_put_tunnel_action(const struct flow_tnl *tunnel,
struct ofpbuf *odp_actions)
{
size_t offset = nl_msg_start_nested(odp_actions, OVS_ACTION_ATTR_SET);
odp-util: Pass down flow netlink attributes when translating masks. Sometimes we need to look at flow fields to understand how to parse an attribute. However, masks don't have this information - just the mask on the field. We already use the translated flow structure for this purpose but this isn't always enough since sometimes we actually need the raw netlink information. Fortunately, that is also readily available so this passes it down from the appropriate callers. Signed-off-by: Jesse Gross <jesse@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-06-19 13:54:13 -07:00
tun_key_to_attr(odp_actions, tunnel, tunnel, NULL);
lib: Switch to flow based tunneling. With this patch, ovs-vswitchd uses flow based tunneling exclusively. I.E. each kind of tunnel shares a single tunnel backer in the datapath. Tunnel headers are set by userspace using the ipv4_tunnel datapath action. And, the configuration of individual tunnels is now a userspace responsibility, so netdev-vport no longer marshals and unmarshals Netlink attributes for tunnel configuration, instead only storing the configuration internally. There are still some significant pieces of work to do, but the basic building blocks are there to begin testing. Signed-off-by: Ethan Jackson <ethan@nicira.com> Co-authored-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
2012-12-14 19:14:54 -08:00
nl_msg_end_nested(odp_actions, offset);
}
openvswitch: Userspace tunneling. Following patch adds support for userspace tunneling. Tunneling needs three more component first is routing table which is configured by caching kernel routes and second is ARP cache which build automatically by snooping arp. And third is tunnel protocol table which list all listening protocols which is populated by vswitchd as tunnel ports are added. GRE and VXLAN protocol support is added in this patch. Tunneling works as follows: On packet receive vswitchd check if this packet is targeted to tunnel port. If it is then vswitchd inserts tunnel pop action which pops header and sends packet to tunnel port. On packet xmit rather than generating Set tunnel action it generate tunnel push action which has tunnel header data. datapath can use tunnel-push action data to generate header for each packet and forward this packet to output port. Since tunnel-push action contains most of packet header vswitchd needs to lookup routing table and arp table to build this action. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Thomas Graf <tgraf@noironetworks.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-11-11 11:53:47 -08:00
void
odp_put_tnl_push_action(struct ofpbuf *odp_actions,
struct ovs_action_push_tnl *data)
{
int size = offsetof(struct ovs_action_push_tnl, header);
size += data->header_len;
nl_msg_put_unspec(odp_actions, OVS_ACTION_ATTR_TUNNEL_PUSH, data, size);
}
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
/* The commit_odp_actions() function and its helpers. */
static void
commit_set_action(struct ofpbuf *odp_actions, enum ovs_key_attr key_type,
const void *key, size_t key_size)
{
size_t offset = nl_msg_start_nested(odp_actions, OVS_ACTION_ATTR_SET);
nl_msg_put_unspec(odp_actions, key_type, key, key_size);
nl_msg_end_nested(odp_actions, offset);
}
lib/odp: Masked set action execution and printing. Add a new action type OVS_ACTION_ATTR_SET_MASKED, and support for parsing, printing, and committing them. Masked set actions add a mask, immediately following the netlink attribute data, within the netlink attribute itself. Thus the key attribute size for a masked set action is exactly double of the non-masked set action. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:19 -07:00
/* Masked set actions have a mask following the data within the netlink
* attribute. The unmasked bits in the data will be cleared as the data
* is copied to the action. */
void
commit_masked_set_action(struct ofpbuf *odp_actions,
enum ovs_key_attr key_type,
const void *key_, const void *mask_, size_t key_size)
{
size_t offset = nl_msg_start_nested(odp_actions,
OVS_ACTION_ATTR_SET_MASKED);
char *data = nl_msg_put_unspec_uninit(odp_actions, key_type, key_size * 2);
const char *key = key_, *mask = mask_;
memcpy(data + key_size, mask, key_size);
/* Clear unmasked bits while copying. */
while (key_size--) {
*data++ = *key++ & *mask++;
}
nl_msg_end_nested(odp_actions, offset);
}
lib: Switch to flow based tunneling. With this patch, ovs-vswitchd uses flow based tunneling exclusively. I.E. each kind of tunnel shares a single tunnel backer in the datapath. Tunnel headers are set by userspace using the ipv4_tunnel datapath action. And, the configuration of individual tunnels is now a userspace responsibility, so netdev-vport no longer marshals and unmarshals Netlink attributes for tunnel configuration, instead only storing the configuration internally. There are still some significant pieces of work to do, but the basic building blocks are there to begin testing. Signed-off-by: Ethan Jackson <ethan@nicira.com> Co-authored-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
2012-12-14 19:14:54 -08:00
/* If any of the flow key data that ODP actions can modify are different in
* 'base->tunnel' and 'flow->tunnel', appends a set_tunnel ODP action to
* 'odp_actions' that change the flow tunneling information in key from
* 'base->tunnel' into 'flow->tunnel', and then changes 'base->tunnel' in the
* same way. In other words, operates the same as commit_odp_actions(), but
* only on tunneling information. */
void
commit_odp_tunnel_action(const struct flow *flow, struct flow *base,
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
struct ofpbuf *odp_actions)
{
Add ODP level handling of OVS_KEY_ATTR_IPV4_TUNNEL. Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
2012-12-21 10:44:38 +02:00
/* A valid IPV4_TUNNEL must have non-zero ip_dst. */
if (flow->tunnel.ip_dst) {
odp-util: Keep base flow in sync with the kernel view. Change the base flow only if a corresponding kernel action is generated in commit_odp_tunnel_action(). Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-04-18 18:07:39 +03:00
if (!memcmp(&base->tunnel, &flow->tunnel, sizeof base->tunnel)) {
return;
}
memcpy(&base->tunnel, &flow->tunnel, sizeof base->tunnel);
lib: Switch to flow based tunneling. With this patch, ovs-vswitchd uses flow based tunneling exclusively. I.E. each kind of tunnel shares a single tunnel backer in the datapath. Tunnel headers are set by userspace using the ipv4_tunnel datapath action. And, the configuration of individual tunnels is now a userspace responsibility, so netdev-vport no longer marshals and unmarshals Netlink attributes for tunnel configuration, instead only storing the configuration internally. There are still some significant pieces of work to do, but the basic building blocks are there to begin testing. Signed-off-by: Ethan Jackson <ethan@nicira.com> Co-authored-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
2012-12-14 19:14:54 -08:00
odp_put_tunnel_action(&base->tunnel, odp_actions);
Add ODP level handling of OVS_KEY_ATTR_IPV4_TUNNEL. Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
2012-12-21 10:44:38 +02:00
}
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
}
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
static bool
commit(enum ovs_key_attr attr, bool use_masked_set,
const void *key, void *base, void *mask, size_t size,
struct ofpbuf *odp_actions)
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
{
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
if (memcmp(key, base, size)) {
bool fully_masked = odp_mask_is_exact(attr, mask, size);
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
if (use_masked_set && !fully_masked) {
commit_masked_set_action(odp_actions, attr, key, mask, size);
} else {
if (!fully_masked) {
memset(mask, 0xff, size);
}
commit_set_action(odp_actions, attr, key, size);
}
memcpy(base, key, size);
return true;
} else {
/* Mask bits are set when we have either read or set the corresponding
* values. Masked bits will be exact-matched, no need to set them
* if the value did not actually change. */
return false;
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
}
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
}
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
static void
get_ethernet_key(const struct flow *flow, struct ovs_key_ethernet *eth)
{
userspace: Define and use struct eth_addr. Define struct eth_addr and use it instead of a uint8_t array for all ethernet addresses in OVS userspace. The struct is always the right size, and it can be assigned without an explicit memcpy, which makes code more readable. "struct eth_addr" is a good type name for this as many utility functions are already named accordingly. struct eth_addr can be accessed as bytes as well as ovs_be16's, which makes the struct 16-bit aligned. All use seems to be 16-bit aligned, so some algorithms on the ethernet addresses can be made a bit more efficient making use of this fact. As the struct fits into a register (in 64-bit systems) we pass it by value when possible. This patch also changes the few uses of Linux specific ETH_ALEN to OVS's own ETH_ADDR_LEN, and removes the OFP_ETH_ALEN, as it is no longer needed. This work stemmed from a desire to make all struct flow members assignable for unrelated exploration purposes. However, I think this might be a nice code readability improvement by itself. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-08-28 14:55:11 -07:00
eth->eth_src = flow->dl_src;
eth->eth_dst = flow->dl_dst;
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
}
ofproto-dpif: Tighten up megaflow wildcard handling. A number of use-cases weren't handled properly when determining what can be wildcarded for megaflows. This commit both catches additional fields that cannot be wildcarded and loosens a few other cases. Bug #17979 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-18 23:55:47 -07:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
static void
put_ethernet_key(const struct ovs_key_ethernet *eth, struct flow *flow)
{
userspace: Define and use struct eth_addr. Define struct eth_addr and use it instead of a uint8_t array for all ethernet addresses in OVS userspace. The struct is always the right size, and it can be assigned without an explicit memcpy, which makes code more readable. "struct eth_addr" is a good type name for this as many utility functions are already named accordingly. struct eth_addr can be accessed as bytes as well as ovs_be16's, which makes the struct 16-bit aligned. All use seems to be 16-bit aligned, so some algorithms on the ethernet addresses can be made a bit more efficient making use of this fact. As the struct fits into a register (in 64-bit systems) we pass it by value when possible. This patch also changes the few uses of Linux specific ETH_ALEN to OVS's own ETH_ADDR_LEN, and removes the OFP_ETH_ALEN, as it is no longer needed. This work stemmed from a desire to make all struct flow members assignable for unrelated exploration purposes. However, I think this might be a nice code readability improvement by itself. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-08-28 14:55:11 -07:00
flow->dl_src = eth->eth_src;
flow->dl_dst = eth->eth_dst;
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
}
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
static void
commit_set_ether_addr_action(const struct flow *flow, struct flow *base_flow,
struct ofpbuf *odp_actions,
struct flow_wildcards *wc,
bool use_masked)
{
struct ovs_key_ethernet key, base, mask;
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
get_ethernet_key(flow, &key);
get_ethernet_key(base_flow, &base);
get_ethernet_key(&wc->masks, &mask);
if (commit(OVS_KEY_ATTR_ETHERNET, use_masked,
&key, &base, &mask, sizeof key, odp_actions)) {
put_ethernet_key(&base, base_flow);
put_ethernet_key(&mask, &wc->masks);
}
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
}
static void
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
pop_vlan(struct flow *base,
struct ofpbuf *odp_actions, struct flow_wildcards *wc)
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
{
ofproto-dpif: Tighten up megaflow wildcard handling. A number of use-cases weren't handled properly when determining what can be wildcarded for megaflows. This commit both catches additional fields that cannot be wildcarded and loosens a few other cases. Bug #17979 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-18 23:55:47 -07:00
memset(&wc->masks.vlan_tci, 0xff, sizeof wc->masks.vlan_tci);
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
if (base->vlan_tci & htons(VLAN_CFI)) {
nl_msg_put_flag(odp_actions, OVS_ACTION_ATTR_POP_VLAN);
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
base->vlan_tci = 0;
}
}
static void
commit_vlan_action(ovs_be16 vlan_tci, struct flow *base,
struct ofpbuf *odp_actions, struct flow_wildcards *wc)
{
if (base->vlan_tci == vlan_tci) {
return;
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
}
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
pop_vlan(base, odp_actions, wc);
odp: Only pass vlan_tci to commit_vlan_action() This allows for future patches to pass different tci values to commit_vlan_action() without passing an entire flow structure. Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-09-27 09:18:30 +09:00
if (vlan_tci & htons(VLAN_CFI)) {
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
struct ovs_action_push_vlan vlan;
vlan.vlan_tpid = htons(ETH_TYPE_VLAN);
odp: Only pass vlan_tci to commit_vlan_action() This allows for future patches to pass different tci values to commit_vlan_action() without passing an entire flow structure. Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-09-27 09:18:30 +09:00
vlan.vlan_tci = vlan_tci;
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
nl_msg_put_unspec(odp_actions, OVS_ACTION_ATTR_PUSH_VLAN,
&vlan, sizeof vlan);
}
odp: Only pass vlan_tci to commit_vlan_action() This allows for future patches to pass different tci values to commit_vlan_action() without passing an entire flow structure. Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-09-27 09:18:30 +09:00
base->vlan_tci = vlan_tci;
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
}
lib: Fix MPLS masking. Previously we masked labels not present in the incoming packet. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-30 13:34:43 -07:00
/* Wildcarding already done at action translation time. */
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
static void
commit_mpls_action(const struct flow *flow, struct flow *base,
lib: Fix MPLS masking. Previously we masked labels not present in the incoming packet. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-30 13:34:43 -07:00
struct ofpbuf *odp_actions)
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
{
lib: Fix MPLS masking. Previously we masked labels not present in the incoming packet. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-30 13:34:43 -07:00
int base_n = flow_count_mpls_labels(base, NULL);
int flow_n = flow_count_mpls_labels(flow, NULL);
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
int common_n = flow_count_common_mpls_labels(flow, flow_n, base, base_n,
lib: Fix MPLS masking. Previously we masked labels not present in the incoming packet. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-30 13:34:43 -07:00
NULL);
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
while (base_n > common_n) {
if (base_n - 1 == common_n && flow_n > common_n) {
/* If there is only one more LSE in base than there are common
* between base and flow; and flow has at least one more LSE than
* is common then the topmost LSE of base may be updated using
* set */
struct ovs_key_mpls mpls_key;
mpls_key.mpls_lse = flow->mpls_lse[flow_n - base_n];
commit_set_action(odp_actions, OVS_KEY_ATTR_MPLS,
&mpls_key, sizeof mpls_key);
flow_set_mpls_lse(base, 0, mpls_key.mpls_lse);
common_n++;
} else {
/* Otherwise, if there more LSEs in base than are common between
* base and flow then pop the topmost one. */
ovs_be16 dl_type;
bool popped;
/* If all the LSEs are to be popped and this is not the outermost
* LSE then use ETH_TYPE_MPLS as the ethertype parameter of the
* POP_MPLS action instead of flow->dl_type.
*
* This is because the POP_MPLS action requires its ethertype
* argument to be an MPLS ethernet type but in this case
* flow->dl_type will be a non-MPLS ethernet type.
*
* When the final POP_MPLS action occurs it use flow->dl_type and
* the and the resulting packet will have the desired dl_type. */
if ((!eth_type_mpls(flow->dl_type)) && base_n > 1) {
dl_type = htons(ETH_TYPE_MPLS);
} else {
dl_type = flow->dl_type;
}
nl_msg_put_be16(odp_actions, OVS_ACTION_ATTR_POP_MPLS, dl_type);
lib: Fix MPLS masking. Previously we masked labels not present in the incoming packet. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-30 13:34:43 -07:00
popped = flow_pop_mpls(base, base_n, flow->dl_type, NULL);
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
ovs_assert(popped);
base_n--;
}
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
}
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
/* If, after the above popping and setting, there are more LSEs in flow
* than base then some LSEs need to be pushed. */
while (base_n < flow_n) {
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
struct ovs_action_push_mpls *mpls;
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
mpls = nl_msg_put_unspec_zero(odp_actions,
OVS_ACTION_ATTR_PUSH_MPLS,
netlink: New function nl_msg_put_unspec_zero(). This function already had a few potential users, which this commit converts. An upcoming commit adds more users. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-07 14:11:40 -07:00
sizeof *mpls);
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
mpls->mpls_ethertype = flow->dl_type;
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
mpls->mpls_lse = flow->mpls_lse[flow_n - base_n - 1];
lib: Fix MPLS masking. Previously we masked labels not present in the incoming packet. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-30 13:34:43 -07:00
flow_push_mpls(base, base_n, mpls->mpls_ethertype, NULL);
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
flow_set_mpls_lse(base, 0, mpls->mpls_lse);
base_n++;
Remove mpls_depth field from flow Rather than tracking the MPLS depth as a field in the flow, which is an entirely poor place for it, just track the delta to the MPLS depth during translation. This logic was developed while implementing recirculation and intended to be used to detect when recirculation should occur. This variant of the patch uses the logic to determine if processing of actions should stop due to an MPLS action which cannot be translated (without recirculation). A side-effect of this patch is that it resolves a bug whereby ovs-vswitchd will abort due to to an assertion on eth_type_mpls(ctx->xin->flow.dl_type) in compose_mpls_pop_action(() if the actions of a flow include pop_mpls twice without a push_mpls in between. Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-09-27 06:55:19 +09:00
}
User-Space MPLS actions and matches This patch implements use-space datapath and non-datapath code to match and use the datapath API set out in Leo Alterman's patch "user-space datapath: Add basic MPLS support to kernel". The resulting MPLS implementation supports: * Pushing a single MPLS label * Poping a single MPLS label * Modifying an MPLS lable using set-field or load actions that act on the label value, tc and bos bit. * There is no support for manipulating the TTL this is considered future work. The single-level push pop limitation is implemented by processing push, pop and set-field/load actions in order and discarding information that would require multiple levels of push/pop to be supported. e.g. push,push -> the first push is discarded pop,pop -> the first pop is discarded This patch is based heavily on work by Ravi K. Cc: Ravi K <rkerur@gmail.com> Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-01-25 16:22:07 +09:00
}
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
static void
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
get_ipv4_key(const struct flow *flow, struct ovs_key_ipv4 *ipv4, bool is_mask)
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
{
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
ipv4->ipv4_src = flow->nw_src;
ipv4->ipv4_dst = flow->nw_dst;
ipv4->ipv4_proto = flow->nw_proto;
ipv4->ipv4_tos = flow->nw_tos;
ipv4->ipv4_ttl = flow->nw_ttl;
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
ipv4->ipv4_frag = ovs_to_odp_frag(flow->nw_frag, is_mask);
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
}
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
static void
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
put_ipv4_key(const struct ovs_key_ipv4 *ipv4, struct flow *flow, bool is_mask)
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
{
flow->nw_src = ipv4->ipv4_src;
flow->nw_dst = ipv4->ipv4_dst;
flow->nw_proto = ipv4->ipv4_proto;
flow->nw_tos = ipv4->ipv4_tos;
flow->nw_ttl = ipv4->ipv4_ttl;
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
flow->nw_frag = odp_to_ovs_frag(ipv4->ipv4_frag, is_mask);
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
}
static void
commit_set_ipv4_action(const struct flow *flow, struct flow *base_flow,
struct ofpbuf *odp_actions, struct flow_wildcards *wc,
bool use_masked)
{
struct ovs_key_ipv4 key, mask, base;
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
/* Check that nw_proto and nw_frag remain unchanged. */
ovs_assert(flow->nw_proto == base_flow->nw_proto &&
flow->nw_frag == base_flow->nw_frag);
ofproto-dpif: Tighten up megaflow wildcard handling. A number of use-cases weren't handled properly when determining what can be wildcarded for megaflows. This commit both catches additional fields that cannot be wildcarded and loosens a few other cases. Bug #17979 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-18 23:55:47 -07:00
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
get_ipv4_key(flow, &key, false);
get_ipv4_key(base_flow, &base, false);
get_ipv4_key(&wc->masks, &mask, true);
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
mask.ipv4_proto = 0; /* Not writeable. */
mask.ipv4_frag = 0; /* Not writable. */
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
if (commit(OVS_KEY_ATTR_IPV4, use_masked, &key, &base, &mask, sizeof key,
odp_actions)) {
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
put_ipv4_key(&base, base_flow, false);
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
if (mask.ipv4_proto != 0) { /* Mask was changed by commit(). */
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
put_ipv4_key(&mask, &wc->masks, true);
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
}
}
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
}
odp-util: Handle ipv6 in set nw action. Rather than silently skipping ipv6 action generation, following patch generates OVS_ACTION_ATTR_SET action for ipv6. Datapath which do not support ipv6 action can reject this action. Bug #8758 Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-01-11 12:44:23 -08:00
static void
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
get_ipv6_key(const struct flow *flow, struct ovs_key_ipv6 *ipv6, bool is_mask)
odp-util: Handle ipv6 in set nw action. Rather than silently skipping ipv6 action generation, following patch generates OVS_ACTION_ATTR_SET action for ipv6. Datapath which do not support ipv6 action can reject this action. Bug #8758 Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-01-11 12:44:23 -08:00
{
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
memcpy(ipv6->ipv6_src, &flow->ipv6_src, sizeof ipv6->ipv6_src);
memcpy(ipv6->ipv6_dst, &flow->ipv6_dst, sizeof ipv6->ipv6_dst);
ipv6->ipv6_label = flow->ipv6_label;
ipv6->ipv6_proto = flow->nw_proto;
ipv6->ipv6_tclass = flow->nw_tos;
ipv6->ipv6_hlimit = flow->nw_ttl;
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
ipv6->ipv6_frag = ovs_to_odp_frag(flow->nw_frag, is_mask);
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
}
odp-util: Handle ipv6 in set nw action. Rather than silently skipping ipv6 action generation, following patch generates OVS_ACTION_ATTR_SET action for ipv6. Datapath which do not support ipv6 action can reject this action. Bug #8758 Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-01-11 12:44:23 -08:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
static void
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
put_ipv6_key(const struct ovs_key_ipv6 *ipv6, struct flow *flow, bool is_mask)
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
{
memcpy(&flow->ipv6_src, ipv6->ipv6_src, sizeof flow->ipv6_src);
memcpy(&flow->ipv6_dst, ipv6->ipv6_dst, sizeof flow->ipv6_dst);
flow->ipv6_label = ipv6->ipv6_label;
flow->nw_proto = ipv6->ipv6_proto;
flow->nw_tos = ipv6->ipv6_tclass;
flow->nw_ttl = ipv6->ipv6_hlimit;
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
flow->nw_frag = odp_to_ovs_frag(ipv6->ipv6_frag, is_mask);
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
}
odp-util: Handle ipv6 in set nw action. Rather than silently skipping ipv6 action generation, following patch generates OVS_ACTION_ATTR_SET action for ipv6. Datapath which do not support ipv6 action can reject this action. Bug #8758 Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-01-11 12:44:23 -08:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
static void
commit_set_ipv6_action(const struct flow *flow, struct flow *base_flow,
struct ofpbuf *odp_actions, struct flow_wildcards *wc,
bool use_masked)
{
struct ovs_key_ipv6 key, mask, base;
ofproto-dpif: Tighten up megaflow wildcard handling. A number of use-cases weren't handled properly when determining what can be wildcarded for megaflows. This commit both catches additional fields that cannot be wildcarded and loosens a few other cases. Bug #17979 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-18 23:55:47 -07:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
/* Check that nw_proto and nw_frag remain unchanged. */
ovs_assert(flow->nw_proto == base_flow->nw_proto &&
flow->nw_frag == base_flow->nw_frag);
odp-util: Handle ipv6 in set nw action. Rather than silently skipping ipv6 action generation, following patch generates OVS_ACTION_ATTR_SET action for ipv6. Datapath which do not support ipv6 action can reject this action. Bug #8758 Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-01-11 12:44:23 -08:00
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
get_ipv6_key(flow, &key, false);
get_ipv6_key(base_flow, &base, false);
get_ipv6_key(&wc->masks, &mask, true);
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
mask.ipv6_proto = 0; /* Not writeable. */
mask.ipv6_frag = 0; /* Not writable. */
odp-util: Handle ipv6 in set nw action. Rather than silently skipping ipv6 action generation, following patch generates OVS_ACTION_ATTR_SET action for ipv6. Datapath which do not support ipv6 action can reject this action. Bug #8758 Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-01-11 12:44:23 -08:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
if (commit(OVS_KEY_ATTR_IPV6, use_masked, &key, &base, &mask, sizeof key,
odp_actions)) {
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
put_ipv6_key(&base, base_flow, false);
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
if (mask.ipv6_proto != 0) { /* Mask was changed by commit(). */
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
put_ipv6_key(&mask, &wc->masks, true);
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
}
}
odp-util: Handle ipv6 in set nw action. Rather than silently skipping ipv6 action generation, following patch generates OVS_ACTION_ATTR_SET action for ipv6. Datapath which do not support ipv6 action can reject this action. Bug #8758 Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-01-11 12:44:23 -08:00
}
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
static void
get_arp_key(const struct flow *flow, struct ovs_key_arp *arp)
Add software switch support for modifying ARP headers in OpenFlow. This support is added through the userspace slow path, because we don't judge that this is important enough to require permanent support in the Linux kernel ABI. Bug #19259. CC: Teemu Koponen <koponen@nicira.com> CC: Pankaj Thakkar <thakkar@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:37:30 -07:00
{
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
/* ARP key has padding, clear it. */
memset(arp, 0, sizeof *arp);
Add software switch support for modifying ARP headers in OpenFlow. This support is added through the userspace slow path, because we don't judge that this is important enough to require permanent support in the Linux kernel ABI. Bug #19259. CC: Teemu Koponen <koponen@nicira.com> CC: Pankaj Thakkar <thakkar@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:37:30 -07:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
arp->arp_sip = flow->nw_src;
arp->arp_tip = flow->nw_dst;
arp->arp_op = htons(flow->nw_proto);
userspace: Define and use struct eth_addr. Define struct eth_addr and use it instead of a uint8_t array for all ethernet addresses in OVS userspace. The struct is always the right size, and it can be assigned without an explicit memcpy, which makes code more readable. "struct eth_addr" is a good type name for this as many utility functions are already named accordingly. struct eth_addr can be accessed as bytes as well as ovs_be16's, which makes the struct 16-bit aligned. All use seems to be 16-bit aligned, so some algorithms on the ethernet addresses can be made a bit more efficient making use of this fact. As the struct fits into a register (in 64-bit systems) we pass it by value when possible. This patch also changes the few uses of Linux specific ETH_ALEN to OVS's own ETH_ADDR_LEN, and removes the OFP_ETH_ALEN, as it is no longer needed. This work stemmed from a desire to make all struct flow members assignable for unrelated exploration purposes. However, I think this might be a nice code readability improvement by itself. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-08-28 14:55:11 -07:00
arp->arp_sha = flow->arp_sha;
arp->arp_tha = flow->arp_tha;
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
}
Add software switch support for modifying ARP headers in OpenFlow. This support is added through the userspace slow path, because we don't judge that this is important enough to require permanent support in the Linux kernel ABI. Bug #19259. CC: Teemu Koponen <koponen@nicira.com> CC: Pankaj Thakkar <thakkar@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:37:30 -07:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
static void
put_arp_key(const struct ovs_key_arp *arp, struct flow *flow)
{
flow->nw_src = arp->arp_sip;
flow->nw_dst = arp->arp_tip;
flow->nw_proto = ntohs(arp->arp_op);
userspace: Define and use struct eth_addr. Define struct eth_addr and use it instead of a uint8_t array for all ethernet addresses in OVS userspace. The struct is always the right size, and it can be assigned without an explicit memcpy, which makes code more readable. "struct eth_addr" is a good type name for this as many utility functions are already named accordingly. struct eth_addr can be accessed as bytes as well as ovs_be16's, which makes the struct 16-bit aligned. All use seems to be 16-bit aligned, so some algorithms on the ethernet addresses can be made a bit more efficient making use of this fact. As the struct fits into a register (in 64-bit systems) we pass it by value when possible. This patch also changes the few uses of Linux specific ETH_ALEN to OVS's own ETH_ADDR_LEN, and removes the OFP_ETH_ALEN, as it is no longer needed. This work stemmed from a desire to make all struct flow members assignable for unrelated exploration purposes. However, I think this might be a nice code readability improvement by itself. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-08-28 14:55:11 -07:00
flow->arp_sha = arp->arp_sha;
flow->arp_tha = arp->arp_tha;
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
}
Add software switch support for modifying ARP headers in OpenFlow. This support is added through the userspace slow path, because we don't judge that this is important enough to require permanent support in the Linux kernel ABI. Bug #19259. CC: Teemu Koponen <koponen@nicira.com> CC: Pankaj Thakkar <thakkar@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:37:30 -07:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
static enum slow_path_reason
commit_set_arp_action(const struct flow *flow, struct flow *base_flow,
struct ofpbuf *odp_actions, struct flow_wildcards *wc)
{
struct ovs_key_arp key, mask, base;
Add software switch support for modifying ARP headers in OpenFlow. This support is added through the userspace slow path, because we don't judge that this is important enough to require permanent support in the Linux kernel ABI. Bug #19259. CC: Teemu Koponen <koponen@nicira.com> CC: Pankaj Thakkar <thakkar@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:37:30 -07:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
get_arp_key(flow, &key);
get_arp_key(base_flow, &base);
get_arp_key(&wc->masks, &mask);
Add software switch support for modifying ARP headers in OpenFlow. This support is added through the userspace slow path, because we don't judge that this is important enough to require permanent support in the Linux kernel ABI. Bug #19259. CC: Teemu Koponen <koponen@nicira.com> CC: Pankaj Thakkar <thakkar@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:37:30 -07:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
if (commit(OVS_KEY_ATTR_ARP, true, &key, &base, &mask, sizeof key,
odp_actions)) {
put_arp_key(&base, base_flow);
put_arp_key(&mask, &wc->masks);
return SLOW_ACTION;
}
return 0;
Add software switch support for modifying ARP headers in OpenFlow. This support is added through the userspace slow path, because we don't judge that this is important enough to require permanent support in the Linux kernel ABI. Bug #19259. CC: Teemu Koponen <koponen@nicira.com> CC: Pankaj Thakkar <thakkar@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:37:30 -07:00
}
Implement set-field for IPv6 ND fields (nd_target, nd_sll, and nd_tll). This patch adds set-field operations for nd_target, nd_sll, and nd_tll fields, with and without masks, using Nicira extensions and OpenFlow 1.2 protocol. Signed-off-by: Randall A Sharo <randall.sharo at navy.mil> Signed-off-by: Ben Pfaff <blp@nicira.com>
2014-12-23 23:42:05 +00:00
static void
get_nd_key(const struct flow *flow, struct ovs_key_nd *nd)
{
memcpy(nd->nd_target, &flow->nd_target, sizeof flow->nd_target);
/* nd_sll and nd_tll are stored in arp_sha and arp_tha, respectively */
userspace: Define and use struct eth_addr. Define struct eth_addr and use it instead of a uint8_t array for all ethernet addresses in OVS userspace. The struct is always the right size, and it can be assigned without an explicit memcpy, which makes code more readable. "struct eth_addr" is a good type name for this as many utility functions are already named accordingly. struct eth_addr can be accessed as bytes as well as ovs_be16's, which makes the struct 16-bit aligned. All use seems to be 16-bit aligned, so some algorithms on the ethernet addresses can be made a bit more efficient making use of this fact. As the struct fits into a register (in 64-bit systems) we pass it by value when possible. This patch also changes the few uses of Linux specific ETH_ALEN to OVS's own ETH_ADDR_LEN, and removes the OFP_ETH_ALEN, as it is no longer needed. This work stemmed from a desire to make all struct flow members assignable for unrelated exploration purposes. However, I think this might be a nice code readability improvement by itself. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-08-28 14:55:11 -07:00
nd->nd_sll = flow->arp_sha;
nd->nd_tll = flow->arp_tha;
Implement set-field for IPv6 ND fields (nd_target, nd_sll, and nd_tll). This patch adds set-field operations for nd_target, nd_sll, and nd_tll fields, with and without masks, using Nicira extensions and OpenFlow 1.2 protocol. Signed-off-by: Randall A Sharo <randall.sharo at navy.mil> Signed-off-by: Ben Pfaff <blp@nicira.com>
2014-12-23 23:42:05 +00:00
}
static void
put_nd_key(const struct ovs_key_nd *nd, struct flow *flow)
{
odp-util: Fix put_nd_key(). Actually copy the 'nd_target' from the key. Found by inspection. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-20 13:10:07 -07:00
memcpy(&flow->nd_target, nd->nd_target, sizeof flow->nd_target);
Implement set-field for IPv6 ND fields (nd_target, nd_sll, and nd_tll). This patch adds set-field operations for nd_target, nd_sll, and nd_tll fields, with and without masks, using Nicira extensions and OpenFlow 1.2 protocol. Signed-off-by: Randall A Sharo <randall.sharo at navy.mil> Signed-off-by: Ben Pfaff <blp@nicira.com>
2014-12-23 23:42:05 +00:00
/* nd_sll and nd_tll are stored in arp_sha and arp_tha, respectively */
userspace: Define and use struct eth_addr. Define struct eth_addr and use it instead of a uint8_t array for all ethernet addresses in OVS userspace. The struct is always the right size, and it can be assigned without an explicit memcpy, which makes code more readable. "struct eth_addr" is a good type name for this as many utility functions are already named accordingly. struct eth_addr can be accessed as bytes as well as ovs_be16's, which makes the struct 16-bit aligned. All use seems to be 16-bit aligned, so some algorithms on the ethernet addresses can be made a bit more efficient making use of this fact. As the struct fits into a register (in 64-bit systems) we pass it by value when possible. This patch also changes the few uses of Linux specific ETH_ALEN to OVS's own ETH_ADDR_LEN, and removes the OFP_ETH_ALEN, as it is no longer needed. This work stemmed from a desire to make all struct flow members assignable for unrelated exploration purposes. However, I think this might be a nice code readability improvement by itself. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
2015-08-28 14:55:11 -07:00
flow->arp_sha = nd->nd_sll;
flow->arp_tha = nd->nd_tll;
Implement set-field for IPv6 ND fields (nd_target, nd_sll, and nd_tll). This patch adds set-field operations for nd_target, nd_sll, and nd_tll fields, with and without masks, using Nicira extensions and OpenFlow 1.2 protocol. Signed-off-by: Randall A Sharo <randall.sharo at navy.mil> Signed-off-by: Ben Pfaff <blp@nicira.com>
2014-12-23 23:42:05 +00:00
}
static enum slow_path_reason
commit_set_nd_action(const struct flow *flow, struct flow *base_flow,
struct ofpbuf *odp_actions,
struct flow_wildcards *wc, bool use_masked)
{
struct ovs_key_nd key, mask, base;
get_nd_key(flow, &key);
get_nd_key(base_flow, &base);
get_nd_key(&wc->masks, &mask);
if (commit(OVS_KEY_ATTR_ND, use_masked, &key, &base, &mask, sizeof key,
odp_actions)) {
put_nd_key(&base, base_flow);
put_nd_key(&mask, &wc->masks);
return SLOW_ACTION;
}
return 0;
}
Add software switch support for modifying ARP headers in OpenFlow. This support is added through the userspace slow path, because we don't judge that this is important enough to require permanent support in the Linux kernel ABI. Bug #19259. CC: Teemu Koponen <koponen@nicira.com> CC: Pankaj Thakkar <thakkar@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:37:30 -07:00
static enum slow_path_reason
odp-util: Handle ipv6 in set nw action. Rather than silently skipping ipv6 action generation, following patch generates OVS_ACTION_ATTR_SET action for ipv6. Datapath which do not support ipv6 action can reject this action. Bug #8758 Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-01-11 12:44:23 -08:00
commit_set_nw_action(const struct flow *flow, struct flow *base,
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
struct ofpbuf *odp_actions, struct flow_wildcards *wc,
bool use_masked)
odp-util: Handle ipv6 in set nw action. Rather than silently skipping ipv6 action generation, following patch generates OVS_ACTION_ATTR_SET action for ipv6. Datapath which do not support ipv6 action can reject this action. Bug #8758 Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-01-11 12:44:23 -08:00
{
Add software switch support for modifying ARP headers in OpenFlow. This support is added through the userspace slow path, because we don't judge that this is important enough to require permanent support in the Linux kernel ABI. Bug #19259. CC: Teemu Koponen <koponen@nicira.com> CC: Pankaj Thakkar <thakkar@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:37:30 -07:00
/* Check if 'flow' really has an L3 header. */
odp-util: Handle ipv6 in set nw action. Rather than silently skipping ipv6 action generation, following patch generates OVS_ACTION_ATTR_SET action for ipv6. Datapath which do not support ipv6 action can reject this action. Bug #8758 Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-01-11 12:44:23 -08:00
if (!flow->nw_proto) {
Add software switch support for modifying ARP headers in OpenFlow. This support is added through the userspace slow path, because we don't judge that this is important enough to require permanent support in the Linux kernel ABI. Bug #19259. CC: Teemu Koponen <koponen@nicira.com> CC: Pankaj Thakkar <thakkar@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:37:30 -07:00
return 0;
odp-util: Handle ipv6 in set nw action. Rather than silently skipping ipv6 action generation, following patch generates OVS_ACTION_ATTR_SET action for ipv6. Datapath which do not support ipv6 action can reject this action. Bug #8758 Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-01-11 12:44:23 -08:00
}
Add software switch support for modifying ARP headers in OpenFlow. This support is added through the userspace slow path, because we don't judge that this is important enough to require permanent support in the Linux kernel ABI. Bug #19259. CC: Teemu Koponen <koponen@nicira.com> CC: Pankaj Thakkar <thakkar@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:37:30 -07:00
switch (ntohs(base->dl_type)) {
case ETH_TYPE_IP:
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
commit_set_ipv4_action(flow, base, odp_actions, wc, use_masked);
Add software switch support for modifying ARP headers in OpenFlow. This support is added through the userspace slow path, because we don't judge that this is important enough to require permanent support in the Linux kernel ABI. Bug #19259. CC: Teemu Koponen <koponen@nicira.com> CC: Pankaj Thakkar <thakkar@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:37:30 -07:00
break;
case ETH_TYPE_IPV6:
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
commit_set_ipv6_action(flow, base, odp_actions, wc, use_masked);
Implement set-field for IPv6 ND fields (nd_target, nd_sll, and nd_tll). This patch adds set-field operations for nd_target, nd_sll, and nd_tll fields, with and without masks, using Nicira extensions and OpenFlow 1.2 protocol. Signed-off-by: Randall A Sharo <randall.sharo at navy.mil> Signed-off-by: Ben Pfaff <blp@nicira.com>
2014-12-23 23:42:05 +00:00
return commit_set_nd_action(flow, base, odp_actions, wc, use_masked);
Add software switch support for modifying ARP headers in OpenFlow. This support is added through the userspace slow path, because we don't judge that this is important enough to require permanent support in the Linux kernel ABI. Bug #19259. CC: Teemu Koponen <koponen@nicira.com> CC: Pankaj Thakkar <thakkar@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:37:30 -07:00
case ETH_TYPE_ARP:
return commit_set_arp_action(flow, base, odp_actions, wc);
odp-util: Handle ipv6 in set nw action. Rather than silently skipping ipv6 action generation, following patch generates OVS_ACTION_ATTR_SET action for ipv6. Datapath which do not support ipv6 action can reject this action. Bug #8758 Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-01-11 12:44:23 -08:00
}
Add software switch support for modifying ARP headers in OpenFlow. This support is added through the userspace slow path, because we don't judge that this is important enough to require permanent support in the Linux kernel ABI. Bug #19259. CC: Teemu Koponen <koponen@nicira.com> CC: Pankaj Thakkar <thakkar@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:37:30 -07:00
return 0;
odp-util: Handle ipv6 in set nw action. Rather than silently skipping ipv6 action generation, following patch generates OVS_ACTION_ATTR_SET action for ipv6. Datapath which do not support ipv6 action can reject this action. Bug #8758 Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
2012-01-11 12:44:23 -08:00
}
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
/* TCP, UDP, and SCTP keys have the same layout. */
BUILD_ASSERT_DECL(sizeof(struct ovs_key_tcp) == sizeof(struct ovs_key_udp) &&
sizeof(struct ovs_key_tcp) == sizeof(struct ovs_key_sctp));
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
static void
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
get_tp_key(const struct flow *flow, union ovs_key_tp *tp)
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
{
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
tp->tcp.tcp_src = flow->tp_src;
tp->tcp.tcp_dst = flow->tp_dst;
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
}
static void
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
put_tp_key(const union ovs_key_tp *tp, struct flow *flow)
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
{
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
flow->tp_src = tp->tcp.tcp_src;
flow->tp_dst = tp->tcp.tcp_dst;
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
}
static void
commit_set_port_action(const struct flow *flow, struct flow *base_flow,
struct ofpbuf *odp_actions, struct flow_wildcards *wc,
bool use_masked)
{
enum ovs_key_attr key_type;
lib/odp-util: Reduce duplicated code. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 15:44:20 -07:00
union ovs_key_tp key, mask, base;
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
odp-util: Do not set port mask of non-IP packets In the case that an flow for an IP packet has an mpls_push action applied the L3 and L4 portions of the flow will be cleared in flow_push_mpls(). Without this change commit_set_port_action() will set the tp_src and tp_dst mask for the flow to all-ones because the base and flow port values no longer match. Even though there will be no corresponding set action for the ports; because the flow is no longer IP. In this case where nw_proto is not part of the match this manifests in a problem because the kernel datapath rejects flows whose masks have non-zero values for tp_src or dp_dst if the nw_proto mask is not all-ones. This patch resolves this problem by having commit_set_port_action() return without doing anything if flow->nw_proto is zero. The same logic is present in commit_set_nw_action(). Also enhance one of the MPLS tests to exercise this logic. The enhanced tests inputs a UDP packet with non-zero ports rather than an IP packet with zeroed ports: zeroed ports cause commit_set_port_action() always return without doing anything.. Commit 691d39b ("upcall: Remove redundant xlate_actions_for_side_effects().") causes xlate_in_init() to be called for every packet that has an upcall. This has the effect of indirectly calling commit_set_port_action() when translating a controller action which may not have previously been the case depending on the flow. The result is that the behaviour described in the changelog above can be exercised via a minor enhancement to one of the existing MPLS tests. This illustrates that the problem exists for the user-space datapath whereas I had previously incorrectly assumed it only manifested when using the kernel datapath because I had only observed it there. Signed-off-by: Simon Horman <horms@verge.net.au> Acked-by: Jarno Rajahalme <jrajahame@nicira.com>
2014-06-04 16:56:09 +00:00
/* Check if 'flow' really has an L3 header. */
if (!flow->nw_proto) {
return;
}
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
if (!is_ip_any(base_flow)) {
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
return;
}
if (flow->nw_proto == IPPROTO_TCP) {
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
key_type = OVS_KEY_ATTR_TCP;
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
} else if (flow->nw_proto == IPPROTO_UDP) {
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
key_type = OVS_KEY_ATTR_UDP;
ofproto-dpif: Add SCTP support Reviewed-by: Simon Horman <horms@verge.net.au> Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-22 20:24:44 +12:00
} else if (flow->nw_proto == IPPROTO_SCTP) {
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
key_type = OVS_KEY_ATTR_SCTP;
} else {
return;
}
ofproto-dpif: Add SCTP support Reviewed-by: Simon Horman <horms@verge.net.au> Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-22 20:24:44 +12:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
get_tp_key(flow, &key);
get_tp_key(base_flow, &base);
get_tp_key(&wc->masks, &mask);
ofproto-dpif: Add SCTP support Reviewed-by: Simon Horman <horms@verge.net.au> Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-08-22 20:24:44 +12:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
if (commit(key_type, use_masked, &key, &base, &mask, sizeof key,
odp_actions)) {
put_tp_key(&base, base_flow);
put_tp_key(&mask, &wc->masks);
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
}
}
static void
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
commit_set_priority_action(const struct flow *flow, struct flow *base_flow,
ofproto-dpif: Tighten up megaflow wildcard handling. A number of use-cases weren't handled properly when determining what can be wildcarded for megaflows. This commit both catches additional fields that cannot be wildcarded and loosens a few other cases. Bug #17979 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-18 23:55:47 -07:00
struct ofpbuf *odp_actions,
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
struct flow_wildcards *wc,
bool use_masked)
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
{
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
uint32_t key, mask, base;
ofproto-dpif: Tighten up megaflow wildcard handling. A number of use-cases weren't handled properly when determining what can be wildcarded for megaflows. This commit both catches additional fields that cannot be wildcarded and loosens a few other cases. Bug #17979 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-18 23:55:47 -07:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
key = flow->skb_priority;
base = base_flow->skb_priority;
mask = wc->masks.skb_priority;
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
if (commit(OVS_KEY_ATTR_PRIORITY, use_masked, &key, &base, &mask,
sizeof key, odp_actions)) {
base_flow->skb_priority = base;
wc->masks.skb_priority = mask;
}
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
}
datapath: add skb mark matching and set action This patch adds support for skb mark matching and set action. Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ansis Atteka <aatteka@nicira.com>
2012-11-13 19:19:36 +02:00
static void
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
commit_set_pkt_mark_action(const struct flow *flow, struct flow *base_flow,
ofproto-dpif: Tighten up megaflow wildcard handling. A number of use-cases weren't handled properly when determining what can be wildcarded for megaflows. This commit both catches additional fields that cannot be wildcarded and loosens a few other cases. Bug #17979 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-18 23:55:47 -07:00
struct ofpbuf *odp_actions,
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
struct flow_wildcards *wc,
bool use_masked)
datapath: add skb mark matching and set action This patch adds support for skb mark matching and set action. Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ansis Atteka <aatteka@nicira.com>
2012-11-13 19:19:36 +02:00
{
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
uint32_t key, mask, base;
ofproto-dpif: Tighten up megaflow wildcard handling. A number of use-cases weren't handled properly when determining what can be wildcarded for megaflows. This commit both catches additional fields that cannot be wildcarded and loosens a few other cases. Bug #17979 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-18 23:55:47 -07:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
key = flow->pkt_mark;
base = base_flow->pkt_mark;
mask = wc->masks.pkt_mark;
datapath: add skb mark matching and set action This patch adds support for skb mark matching and set action. Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ansis Atteka <aatteka@nicira.com>
2012-11-13 19:19:36 +02:00
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
if (commit(OVS_KEY_ATTR_SKB_MARK, use_masked, &key, &base, &mask,
sizeof key, odp_actions)) {
base_flow->pkt_mark = base;
wc->masks.pkt_mark = mask;
}
datapath: add skb mark matching and set action This patch adds support for skb mark matching and set action. Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Ansis Atteka <aatteka@nicira.com>
2012-11-13 19:19:36 +02:00
}
dpif: Support working around actions that a datapath does not support. Until now, OVS has expected that the datapath supports all the actions required by any flow to be installed. There are at least two reasons why a datapath might not support a given action: - The datapath version is older than the userspace version, and the action was introduced after the version of the datapath in use. - The action is not considered important enough to implement as part of an ABI that must be maintained forever. This commit adds infrastructure to handle these cases. It doesn't actually add any uses; that will come in an upcoming commit. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:28:05 -07:00
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
/* If any of the flow key data that ODP actions can modify are different in
* 'base' and 'flow', appends ODP actions to 'odp_actions' that change the flow
lib: Switch to flow based tunneling. With this patch, ovs-vswitchd uses flow based tunneling exclusively. I.E. each kind of tunnel shares a single tunnel backer in the datapath. Tunnel headers are set by userspace using the ipv4_tunnel datapath action. And, the configuration of individual tunnels is now a userspace responsibility, so netdev-vport no longer marshals and unmarshals Netlink attributes for tunnel configuration, instead only storing the configuration internally. There are still some significant pieces of work to do, but the basic building blocks are there to begin testing. Signed-off-by: Ethan Jackson <ethan@nicira.com> Co-authored-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
2012-12-14 19:14:54 -08:00
* key from 'base' into 'flow', and then changes 'base' the same way. Does not
* commit set_tunnel actions. Users should call commit_odp_tunnel_action()
ofproto-dpif: Tighten up megaflow wildcard handling. A number of use-cases weren't handled properly when determining what can be wildcarded for megaflows. This commit both catches additional fields that cannot be wildcarded and loosens a few other cases. Bug #17979 Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2013-06-18 23:55:47 -07:00
* in addition to this function if needed. Sets fields in 'wc' that are
dpif: Support working around actions that a datapath does not support. Until now, OVS has expected that the datapath supports all the actions required by any flow to be installed. There are at least two reasons why a datapath might not support a given action: - The datapath version is older than the userspace version, and the action was introduced after the version of the datapath in use. - The action is not considered important enough to implement as part of an ABI that must be maintained forever. This commit adds infrastructure to handle these cases. It doesn't actually add any uses; that will come in an upcoming commit. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:28:05 -07:00
* used as part of the action.
*
* Returns a reason to force processing the flow's packets into the userspace
* slow path, if there is one, otherwise 0. */
enum slow_path_reason
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
commit_odp_actions(const struct flow *flow, struct flow *base,
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
struct ofpbuf *odp_actions, struct flow_wildcards *wc,
bool use_masked)
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
{
Add software switch support for modifying ARP headers in OpenFlow. This support is added through the userspace slow path, because we don't judge that this is important enough to require permanent support in the Linux kernel ABI. Bug #19259. CC: Teemu Koponen <koponen@nicira.com> CC: Pankaj Thakkar <thakkar@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:37:30 -07:00
enum slow_path_reason slow;
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
commit_set_ether_addr_action(flow, base, odp_actions, wc, use_masked);
slow = commit_set_nw_action(flow, base, odp_actions, wc, use_masked);
commit_set_port_action(flow, base, odp_actions, wc, use_masked);
lib: Fix MPLS masking. Previously we masked labels not present in the incoming packet. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-30 13:34:43 -07:00
commit_mpls_action(flow, base, odp_actions);
Enhance userspace support for MPLS, for up to 3 labels. This commit makes the userspace support for MPLS more complete. Now up to 3 labels are supported. Signed-off-by: Ben Pfaff <blp@nicira.com> Co-authored-by: Simon Horman <horms@verge.net.au> Signed-off-by: Simon Horman <horms@verge.net.au>
2014-02-04 10:32:35 -08:00
commit_vlan_action(flow->vlan_tci, base, odp_actions, wc);
lib/odp: Use masked set actions. Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2014-09-05 16:00:49 -07:00
commit_set_priority_action(flow, base, odp_actions, wc, use_masked);
commit_set_pkt_mark_action(flow, base, odp_actions, wc, use_masked);
dpif: Support working around actions that a datapath does not support. Until now, OVS has expected that the datapath supports all the actions required by any flow to be installed. There are at least two reasons why a datapath might not support a given action: - The datapath version is older than the userspace version, and the action was introduced after the version of the datapath in use. - The action is not considered important enough to implement as part of an ABI that must be maintained forever. This commit adds infrastructure to handle these cases. It doesn't actually add any uses; that will come in an upcoming commit. Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:28:05 -07:00
Add software switch support for modifying ARP headers in OpenFlow. This support is added through the userspace slow path, because we don't judge that this is important enough to require permanent support in the Linux kernel ABI. Bug #19259. CC: Teemu Koponen <koponen@nicira.com> CC: Pankaj Thakkar <thakkar@nicira.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2013-10-09 17:37:30 -07:00
return slow;
odp-util: Move commit_odp_actions() from ofproto-dpif. In an effort to simplify ofproto-dpif, this commit moves the definition of commit_odp_actions() to odp-util.
2011-11-28 14:14:23 -08:00
}
Reference in New Issue Copy Permalink