2012-07-03 22:17:14 -07:00
|
|
|
|
/*
|
2017-01-06 08:19:53 -08:00
|
|
|
|
* Copyright (c) 2012, 2013, 2014, 2015, 2016, 2017 Nicira, Inc.
|
2012-07-03 22:17:14 -07:00
|
|
|
|
*
|
|
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
|
* You may obtain a copy of the License at:
|
|
|
|
|
|
*
|
|
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
*
|
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
|
* limitations under the License.
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
2016-04-14 15:20:19 -07:00
|
|
|
|
#ifndef OPENVSWITCH_OFP_ACTIONS_H
|
|
|
|
|
|
#define OPENVSWITCH_OFP_ACTIONS_H 1
|
2012-07-03 22:17:14 -07:00
|
|
|
|
|
2013-10-11 13:23:29 +09:00
|
|
|
|
#include <stddef.h>
|
2012-07-03 22:17:14 -07:00
|
|
|
|
#include <stdint.h>
|
|
|
|
|
|
#include "openflow/openflow.h"
|
|
|
|
|
|
#include "openflow/nicira-ext.h"
|
2016-04-14 15:20:19 -07:00
|
|
|
|
#include "openvswitch/meta-flow.h"
|
|
|
|
|
|
#include "openvswitch/ofp-util.h"
|
2016-03-03 10:20:43 -08:00
|
|
|
|
#include "openvswitch/ofp-errors.h"
|
2012-07-03 22:17:14 -07:00
|
|
|
|
#include "openvswitch/types.h"
|
|
|
|
|
|
|
|
|
|
|
|
/* List of OVS abstracted actions.
|
|
|
|
|
|
*
|
|
|
|
|
|
* This macro is used directly only internally by this header, but the list is
|
|
|
|
|
|
* still of interest to developers.
|
|
|
|
|
|
*
|
2014-08-11 10:57:03 -07:00
|
|
|
|
* Each OFPACT invocation has the following parameters:
|
2012-07-03 22:17:14 -07:00
|
|
|
|
*
|
|
|
|
|
|
* 1. <ENUM>, used below in the enum definition of OFPACT_<ENUM>, and
|
|
|
|
|
|
* elsewhere.
|
|
|
|
|
|
*
|
|
|
|
|
|
* 2. <STRUCT> corresponding to a structure "struct <STRUCT>", that must be
|
|
|
|
|
|
* defined below. This structure must be an abstract definition of the
|
|
|
|
|
|
* action. Its first member must have type "struct ofpact" and name
|
|
|
|
|
|
* "ofpact". It may be fixed length or end with a flexible array member
|
|
|
|
|
|
* (e.g. "int member[];").
|
|
|
|
|
|
*
|
|
|
|
|
|
* 3. <MEMBER>, which has one of two possible values:
|
|
|
|
|
|
*
|
|
|
|
|
|
* - If "struct <STRUCT>" is fixed-length, it must be "ofpact".
|
|
|
|
|
|
*
|
|
|
|
|
|
* - If "struct <STRUCT>" is variable-length, it must be the name of the
|
|
|
|
|
|
* flexible array member.
|
2014-08-11 10:57:03 -07:00
|
|
|
|
*
|
|
|
|
|
|
* 4. <NAME>, a quoted string that gives the name of the action, for use in
|
|
|
|
|
|
* parsing actions from text.
|
2012-07-03 22:17:14 -07:00
|
|
|
|
*/
|
2014-08-11 10:57:03 -07:00
|
|
|
|
#define OFPACTS \
|
|
|
|
|
|
/* Output. */ \
|
|
|
|
|
|
OFPACT(OUTPUT, ofpact_output, ofpact, "output") \
|
|
|
|
|
|
OFPACT(GROUP, ofpact_group, ofpact, "group") \
|
2016-02-19 15:53:26 -08:00
|
|
|
|
OFPACT(CONTROLLER, ofpact_controller, userdata, "controller") \
|
2014-08-11 10:57:03 -07:00
|
|
|
|
OFPACT(ENQUEUE, ofpact_enqueue, ofpact, "enqueue") \
|
|
|
|
|
|
OFPACT(OUTPUT_REG, ofpact_output_reg, ofpact, "output_reg") \
|
|
|
|
|
|
OFPACT(BUNDLE, ofpact_bundle, slaves, "bundle") \
|
|
|
|
|
|
\
|
|
|
|
|
|
/* Header changes. */ \
|
|
|
|
|
|
OFPACT(SET_FIELD, ofpact_set_field, ofpact, "set_field") \
|
|
|
|
|
|
OFPACT(SET_VLAN_VID, ofpact_vlan_vid, ofpact, "set_vlan_vid") \
|
|
|
|
|
|
OFPACT(SET_VLAN_PCP, ofpact_vlan_pcp, ofpact, "set_vlan_pcp") \
|
|
|
|
|
|
OFPACT(STRIP_VLAN, ofpact_null, ofpact, "strip_vlan") \
|
|
|
|
|
|
OFPACT(PUSH_VLAN, ofpact_null, ofpact, "push_vlan") \
|
|
|
|
|
|
OFPACT(SET_ETH_SRC, ofpact_mac, ofpact, "mod_dl_src") \
|
|
|
|
|
|
OFPACT(SET_ETH_DST, ofpact_mac, ofpact, "mod_dl_dst") \
|
|
|
|
|
|
OFPACT(SET_IPV4_SRC, ofpact_ipv4, ofpact, "mod_nw_src") \
|
|
|
|
|
|
OFPACT(SET_IPV4_DST, ofpact_ipv4, ofpact, "mod_nw_dst") \
|
|
|
|
|
|
OFPACT(SET_IP_DSCP, ofpact_dscp, ofpact, "mod_nw_tos") \
|
|
|
|
|
|
OFPACT(SET_IP_ECN, ofpact_ecn, ofpact, "mod_nw_ecn") \
|
|
|
|
|
|
OFPACT(SET_IP_TTL, ofpact_ip_ttl, ofpact, "mod_nw_ttl") \
|
|
|
|
|
|
OFPACT(SET_L4_SRC_PORT, ofpact_l4_port, ofpact, "mod_tp_src") \
|
|
|
|
|
|
OFPACT(SET_L4_DST_PORT, ofpact_l4_port, ofpact, "mod_tp_dst") \
|
|
|
|
|
|
OFPACT(REG_MOVE, ofpact_reg_move, ofpact, "move") \
|
|
|
|
|
|
OFPACT(STACK_PUSH, ofpact_stack, ofpact, "push") \
|
|
|
|
|
|
OFPACT(STACK_POP, ofpact_stack, ofpact, "pop") \
|
|
|
|
|
|
OFPACT(DEC_TTL, ofpact_cnt_ids, cnt_ids, "dec_ttl") \
|
|
|
|
|
|
OFPACT(SET_MPLS_LABEL, ofpact_mpls_label, ofpact, "set_mpls_label") \
|
|
|
|
|
|
OFPACT(SET_MPLS_TC, ofpact_mpls_tc, ofpact, "set_mpls_tc") \
|
|
|
|
|
|
OFPACT(SET_MPLS_TTL, ofpact_mpls_ttl, ofpact, "set_mpls_ttl") \
|
|
|
|
|
|
OFPACT(DEC_MPLS_TTL, ofpact_null, ofpact, "dec_mpls_ttl") \
|
|
|
|
|
|
OFPACT(PUSH_MPLS, ofpact_push_mpls, ofpact, "push_mpls") \
|
|
|
|
|
|
OFPACT(POP_MPLS, ofpact_pop_mpls, ofpact, "pop_mpls") \
|
|
|
|
|
|
\
|
|
|
|
|
|
/* Metadata. */ \
|
|
|
|
|
|
OFPACT(SET_TUNNEL, ofpact_tunnel, ofpact, "set_tunnel") \
|
|
|
|
|
|
OFPACT(SET_QUEUE, ofpact_queue, ofpact, "set_queue") \
|
|
|
|
|
|
OFPACT(POP_QUEUE, ofpact_null, ofpact, "pop_queue") \
|
|
|
|
|
|
OFPACT(FIN_TIMEOUT, ofpact_fin_timeout, ofpact, "fin_timeout") \
|
|
|
|
|
|
\
|
|
|
|
|
|
/* Flow table interaction. */ \
|
|
|
|
|
|
OFPACT(RESUBMIT, ofpact_resubmit, ofpact, "resubmit") \
|
|
|
|
|
|
OFPACT(LEARN, ofpact_learn, specs, "learn") \
|
2015-01-11 13:25:24 -08:00
|
|
|
|
OFPACT(CONJUNCTION, ofpact_conjunction, ofpact, "conjunction") \
|
2014-08-11 10:57:03 -07:00
|
|
|
|
\
|
|
|
|
|
|
/* Arithmetic. */ \
|
|
|
|
|
|
OFPACT(MULTIPATH, ofpact_multipath, ofpact, "multipath") \
|
|
|
|
|
|
\
|
|
|
|
|
|
/* Other. */ \
|
|
|
|
|
|
OFPACT(NOTE, ofpact_note, data, "note") \
|
|
|
|
|
|
OFPACT(EXIT, ofpact_null, ofpact, "exit") \
|
|
|
|
|
|
OFPACT(SAMPLE, ofpact_sample, ofpact, "sample") \
|
2015-03-26 11:18:16 -07:00
|
|
|
|
OFPACT(UNROLL_XLATE, ofpact_unroll_xlate, ofpact, "unroll_xlate") \
|
Add support for connection tracking.
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
|
|
|
|
OFPACT(CT, ofpact_conntrack, ofpact, "ct") \
|
2017-01-06 08:19:53 -08:00
|
|
|
|
OFPACT(CT_CLEAR, ofpact_null, ofpact, "ct_clear") \
|
2015-11-24 15:47:56 -08:00
|
|
|
|
OFPACT(NAT, ofpact_nat, ofpact, "nat") \
|
ofp-actions: Add truncate action.
The patch adds a new action to support packet truncation. The new action
is formatted as 'output(port=n,max_len=m)', as output to port n, with
packet size being MIN(original_size, m).
One use case is to enable port mirroring to send smaller packets to the
destination port so that only useful packet information is mirrored/copied,
saving some performance overhead of copying entire packet payload. Example
use case is below as well as shown in the testcases:
- Output to port 1 with max_len 100 bytes.
- The output packet size on port 1 will be MIN(original_packet_size, 100).
# ovs-ofctl add-flow br0 'actions=output(port=1,max_len=100)'
- The scope of max_len is limited to output action itself. The following
packet size of output:1 and output:2 will be intact.
# ovs-ofctl add-flow br0 \
'actions=output(port=1,max_len=100),output:1,output:2'
- The Datapath actions shows:
# Datapath actions: trunc(100),1,1,2
Tested-at: https://travis-ci.org/williamtu/ovs-travis/builds/140037134
Signed-off-by: William Tu <u9012063@gmail.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
2016-06-24 07:42:30 -07:00
|
|
|
|
OFPACT(OUTPUT_TRUNC, ofpact_output_trunc,ofpact, "output_trunc") \
|
ofp-actions: Add clone action.
This patch adds OpenFlow clone action with syntax as below:
"clone([action][,action...])". The clone() action makes a copy of the
current packet and executes the list of actions against the packet,
without affecting the packet after the "clone(...)" action. In other
word, the packet before the clone() and after the clone() is the same,
no matter what actions executed inside the clone().
Use case 1:
Set different fields and output to different ports without unset
actions=
clone(mod_dl_src:<mac1>, output:1), clone(mod_dl_dst:<mac2>, output:2), output:3
Since each clone() has independent packet, output:1 has only dl_src modified,
output:2 has only dl_dst modified, output:3 has original packet.
Similar to case1
actions=
push_vlan(...), output:2, pop_vlan, push_vlan(...), output:3
can be changed to
actions=
clone(push_vlan(...), output:2),clone(push_vlan(...), output:3)
without having to add pop_vlan.
case 2: resubmit to another table without worrying packet being modified
actions=clone(resubmit(1,2)), ...
Signed-off-by: William Tu <u9012063@gmail.com>
[blp@ovn.org revised this to omit the "sample" action]
Signed-off-by: Ben Pfaff <blp@ovn.org>
2016-12-18 00:13:02 -08:00
|
|
|
|
OFPACT(CLONE, ofpact_nest, actions, "clone") \
|
2014-08-11 10:57:03 -07:00
|
|
|
|
\
|
2015-07-29 22:02:41 -07:00
|
|
|
|
/* Debugging actions. \
|
|
|
|
|
|
* \
|
|
|
|
|
|
* These are intentionally undocumented, subject to change, and \
|
|
|
|
|
|
* only accepted if ovs-vswitchd is started with --enable-dummy. */ \
|
|
|
|
|
|
OFPACT(DEBUG_RECIRC, ofpact_null, ofpact, "debug_recirc") \
|
|
|
|
|
|
\
|
2014-08-11 10:57:03 -07:00
|
|
|
|
/* Instructions. */ \
|
|
|
|
|
|
OFPACT(METER, ofpact_meter, ofpact, "meter") \
|
|
|
|
|
|
OFPACT(CLEAR_ACTIONS, ofpact_null, ofpact, "clear_actions") \
|
2016-07-15 14:13:02 -07:00
|
|
|
|
OFPACT(WRITE_ACTIONS, ofpact_nest, actions, "write_actions") \
|
2014-08-11 10:57:03 -07:00
|
|
|
|
OFPACT(WRITE_METADATA, ofpact_metadata, ofpact, "write_metadata") \
|
|
|
|
|
|
OFPACT(GOTO_TABLE, ofpact_goto_table, ofpact, "goto_table")
|
2012-07-03 22:17:14 -07:00
|
|
|
|
|
|
|
|
|
|
/* enum ofpact_type, with a member OFPACT_<ENUM> for each action. */
|
|
|
|
|
|
enum OVS_PACKED_ENUM ofpact_type {
|
2014-08-11 10:57:03 -07:00
|
|
|
|
#define OFPACT(ENUM, STRUCT, MEMBER, NAME) OFPACT_##ENUM,
|
2012-07-03 22:17:14 -07:00
|
|
|
|
OFPACTS
|
2014-08-11 10:57:03 -07:00
|
|
|
|
#undef OFPACT
|
2012-07-03 22:17:14 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
2014-08-11 10:57:03 -07:00
|
|
|
|
/* Define N_OFPACTS to the number of types of ofpacts. */
|
2012-07-03 22:17:14 -07:00
|
|
|
|
enum {
|
2014-08-11 10:57:03 -07:00
|
|
|
|
#define OFPACT(ENUM, STRUCT, MEMBER, NAME) + 1
|
|
|
|
|
|
N_OFPACTS = OFPACTS
|
|
|
|
|
|
#undef OFPACT
|
2012-07-03 22:17:14 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* Header for an action.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Each action is a structure "struct ofpact_*" that begins with "struct
|
|
|
|
|
|
* ofpact", usually followed by other data that describes the action. Actions
|
2012-09-19 15:38:29 -07:00
|
|
|
|
* are padded out to a multiple of OFPACT_ALIGNTO bytes in length.
|
|
|
|
|
|
*
|
ofp-actions: Centralize all OpenFlow action code for maintainability.
Until now, knowledge about OpenFlow has been somewhat scattered around the
tree. Some of it is in ofp-actions, some of it is in ofp-util, some in
separate files for individual actions, and most of the wire format
declarations are in include/openflow. This commit centralizes all of that
in ofp-actions.
Encoding and decoding OpenFlow actions was previously broken up by OpenFlow
version. This was OK with only OpenFlow 1.0 and 1.1, but each additional
version added a new wrapper around the existing ones, which started to
become hard to understand. This commit merges all of the processing for
the different versions, to the extent that they are similar, making the
version differences clearer.
Previously, ofp-actions contained OpenFlow encoding and decoding, plus
ofpact formatting, but OpenFlow parsing was separated into ofp-parse, which
seems an odd division. This commit moves the parsing code into ofp-actions
with the rest of the code.
Before this commit, the four main bits of code associated with a particular
ofpact--OpenFlow encoding and decoding, ofpact formatting and parsing--were
all found far away from each other. This often made it hard to see what
was going on for a particular ofpact, since you had to search around to
many different pieces of code. This commit reorganizes so that all of the
code for a given ofpact is in a single place.
As a code refactoring, this commit has little visible behavioral change.
The update to ofproto-dpif.at illustrates one minor bug fix as a side
effect: a flow that was added with the action "dec_ttl" (a standard
OpenFlow action) was previously formatted as "dec_ttl(0)" (using a Nicira
extension to specifically direct packets bounced to the controller because
of too-low TTL), but after this commit it is correctly formatted as
"dec_ttl".
The other visible effect is to drop support for the Nicira extension
dec_ttl action in OpenFlow 1.1 and later in favor of the equivalent
standard action. It seems unlikely that anyone was really using the
Nicira extension in OF1.1 or later.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2014-08-11 12:50:36 -07:00
|
|
|
|
* The 'raw' member is special:
|
2012-09-19 15:38:29 -07:00
|
|
|
|
*
|
|
|
|
|
|
* - Most "struct ofpact"s correspond to one particular kind of OpenFlow
|
|
|
|
|
|
* action, at least in a given OpenFlow version. For example,
|
|
|
|
|
|
* OFPACT_SET_VLAN_VID corresponds to OFPAT10_SET_VLAN_VID in OpenFlow
|
|
|
|
|
|
* 1.0.
|
|
|
|
|
|
*
|
ofp-actions: Centralize all OpenFlow action code for maintainability.
Until now, knowledge about OpenFlow has been somewhat scattered around the
tree. Some of it is in ofp-actions, some of it is in ofp-util, some in
separate files for individual actions, and most of the wire format
declarations are in include/openflow. This commit centralizes all of that
in ofp-actions.
Encoding and decoding OpenFlow actions was previously broken up by OpenFlow
version. This was OK with only OpenFlow 1.0 and 1.1, but each additional
version added a new wrapper around the existing ones, which started to
become hard to understand. This commit merges all of the processing for
the different versions, to the extent that they are similar, making the
version differences clearer.
Previously, ofp-actions contained OpenFlow encoding and decoding, plus
ofpact formatting, but OpenFlow parsing was separated into ofp-parse, which
seems an odd division. This commit moves the parsing code into ofp-actions
with the rest of the code.
Before this commit, the four main bits of code associated with a particular
ofpact--OpenFlow encoding and decoding, ofpact formatting and parsing--were
all found far away from each other. This often made it hard to see what
was going on for a particular ofpact, since you had to search around to
many different pieces of code. This commit reorganizes so that all of the
code for a given ofpact is in a single place.
As a code refactoring, this commit has little visible behavioral change.
The update to ofproto-dpif.at illustrates one minor bug fix as a side
effect: a flow that was added with the action "dec_ttl" (a standard
OpenFlow action) was previously formatted as "dec_ttl(0)" (using a Nicira
extension to specifically direct packets bounced to the controller because
of too-low TTL), but after this commit it is correctly formatted as
"dec_ttl".
The other visible effect is to drop support for the Nicira extension
dec_ttl action in OpenFlow 1.1 and later in favor of the equivalent
standard action. It seems unlikely that anyone was really using the
Nicira extension in OF1.1 or later.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2014-08-11 12:50:36 -07:00
|
|
|
|
* For such actions, the 'raw' member is not meaningful and generally
|
2012-09-19 15:38:29 -07:00
|
|
|
|
* should be zero.
|
|
|
|
|
|
*
|
|
|
|
|
|
* - A few "struct ofpact"s correspond to multiple OpenFlow actions. For
|
|
|
|
|
|
* example, OFPACT_SET_TUNNEL can be NXAST_SET_TUNNEL or
|
|
|
|
|
|
* NXAST_SET_TUNNEL64. In these cases, if the "struct ofpact" originated
|
|
|
|
|
|
* from OpenFlow, then we want to make sure that, if it gets translated
|
|
|
|
|
|
* back to OpenFlow later, it is translated back to the same action type.
|
2016-12-08 12:55:26 +00:00
|
|
|
|
* (Otherwise, we'd violate the promise made in the topics/design doc, in
|
|
|
|
|
|
* the "Action Reproduction" section.)
|
2012-09-19 15:38:29 -07:00
|
|
|
|
*
|
ofp-actions: Centralize all OpenFlow action code for maintainability.
Until now, knowledge about OpenFlow has been somewhat scattered around the
tree. Some of it is in ofp-actions, some of it is in ofp-util, some in
separate files for individual actions, and most of the wire format
declarations are in include/openflow. This commit centralizes all of that
in ofp-actions.
Encoding and decoding OpenFlow actions was previously broken up by OpenFlow
version. This was OK with only OpenFlow 1.0 and 1.1, but each additional
version added a new wrapper around the existing ones, which started to
become hard to understand. This commit merges all of the processing for
the different versions, to the extent that they are similar, making the
version differences clearer.
Previously, ofp-actions contained OpenFlow encoding and decoding, plus
ofpact formatting, but OpenFlow parsing was separated into ofp-parse, which
seems an odd division. This commit moves the parsing code into ofp-actions
with the rest of the code.
Before this commit, the four main bits of code associated with a particular
ofpact--OpenFlow encoding and decoding, ofpact formatting and parsing--were
all found far away from each other. This often made it hard to see what
was going on for a particular ofpact, since you had to search around to
many different pieces of code. This commit reorganizes so that all of the
code for a given ofpact is in a single place.
As a code refactoring, this commit has little visible behavioral change.
The update to ofproto-dpif.at illustrates one minor bug fix as a side
effect: a flow that was added with the action "dec_ttl" (a standard
OpenFlow action) was previously formatted as "dec_ttl(0)" (using a Nicira
extension to specifically direct packets bounced to the controller because
of too-low TTL), but after this commit it is correctly formatted as
"dec_ttl".
The other visible effect is to drop support for the Nicira extension
dec_ttl action in OpenFlow 1.1 and later in favor of the equivalent
standard action. It seems unlikely that anyone was really using the
Nicira extension in OF1.1 or later.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2014-08-11 12:50:36 -07:00
|
|
|
|
* For such actions, the 'raw' member should be the "enum ofp_raw_action"
|
|
|
|
|
|
* originally extracted from the OpenFlow action. (If the action didn't
|
|
|
|
|
|
* originate from OpenFlow, then setting 'raw' to zero should be fine:
|
|
|
|
|
|
* code to translate the ofpact to OpenFlow must tolerate this case.)
|
2012-09-19 15:38:29 -07:00
|
|
|
|
*/
|
2015-03-16 15:04:52 -07:00
|
|
|
|
struct ofpact {
|
2014-08-12 11:42:56 -07:00
|
|
|
|
/* We want the space advantage of an 8-bit type here on every
|
|
|
|
|
|
* implementation, without giving up the advantage of having a useful type
|
|
|
|
|
|
* on implementations that support packed enums. */
|
|
|
|
|
|
#ifdef HAVE_PACKED_ENUM
|
2012-07-03 22:17:14 -07:00
|
|
|
|
enum ofpact_type type; /* OFPACT_*. */
|
2014-08-12 11:42:56 -07:00
|
|
|
|
#else
|
|
|
|
|
|
uint8_t type; /* OFPACT_* */
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
ofp-actions: Centralize all OpenFlow action code for maintainability.
Until now, knowledge about OpenFlow has been somewhat scattered around the
tree. Some of it is in ofp-actions, some of it is in ofp-util, some in
separate files for individual actions, and most of the wire format
declarations are in include/openflow. This commit centralizes all of that
in ofp-actions.
Encoding and decoding OpenFlow actions was previously broken up by OpenFlow
version. This was OK with only OpenFlow 1.0 and 1.1, but each additional
version added a new wrapper around the existing ones, which started to
become hard to understand. This commit merges all of the processing for
the different versions, to the extent that they are similar, making the
version differences clearer.
Previously, ofp-actions contained OpenFlow encoding and decoding, plus
ofpact formatting, but OpenFlow parsing was separated into ofp-parse, which
seems an odd division. This commit moves the parsing code into ofp-actions
with the rest of the code.
Before this commit, the four main bits of code associated with a particular
ofpact--OpenFlow encoding and decoding, ofpact formatting and parsing--were
all found far away from each other. This often made it hard to see what
was going on for a particular ofpact, since you had to search around to
many different pieces of code. This commit reorganizes so that all of the
code for a given ofpact is in a single place.
As a code refactoring, this commit has little visible behavioral change.
The update to ofproto-dpif.at illustrates one minor bug fix as a side
effect: a flow that was added with the action "dec_ttl" (a standard
OpenFlow action) was previously formatted as "dec_ttl(0)" (using a Nicira
extension to specifically direct packets bounced to the controller because
of too-low TTL), but after this commit it is correctly formatted as
"dec_ttl".
The other visible effect is to drop support for the Nicira extension
dec_ttl action in OpenFlow 1.1 and later in favor of the equivalent
standard action. It seems unlikely that anyone was really using the
Nicira extension in OF1.1 or later.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2014-08-11 12:50:36 -07:00
|
|
|
|
uint8_t raw; /* Original type when added, if any. */
|
2012-07-03 22:17:14 -07:00
|
|
|
|
uint16_t len; /* Length of the action, in bytes, including
|
|
|
|
|
|
* struct ofpact, excluding padding. */
|
|
|
|
|
|
};
|
2015-03-16 15:04:52 -07:00
|
|
|
|
BUILD_ASSERT_DECL(sizeof(struct ofpact) == 4);
|
|
|
|
|
|
|
|
|
|
|
|
/* Alignment. */
|
|
|
|
|
|
#define OFPACT_ALIGNTO 8
|
|
|
|
|
|
#define OFPACT_ALIGN(SIZE) ROUND_UP(SIZE, OFPACT_ALIGNTO)
|
2016-07-15 14:14:21 -07:00
|
|
|
|
#define OFPACT_PADDED_MEMBERS(MEMBERS) PADDED_MEMBERS(OFPACT_ALIGNTO, MEMBERS)
|
2016-02-18 10:12:04 -08:00
|
|
|
|
|
2015-11-29 10:51:25 -08:00
|
|
|
|
/* Returns the ofpact following 'ofpact'. */
|
2012-07-03 22:17:14 -07:00
|
|
|
|
static inline struct ofpact *
|
|
|
|
|
|
ofpact_next(const struct ofpact *ofpact)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (void *) ((uint8_t *) ofpact + OFPACT_ALIGN(ofpact->len));
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-11-29 10:51:25 -08:00
|
|
|
|
struct ofpact *ofpact_next_flattened(const struct ofpact *);
|
|
|
|
|
|
|
2012-07-03 22:17:14 -07:00
|
|
|
|
static inline struct ofpact *
|
|
|
|
|
|
ofpact_end(const struct ofpact *ofpacts, size_t ofpacts_len)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (void *) ((uint8_t *) ofpacts + ofpacts_len);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2016-07-29 16:52:02 -07:00
|
|
|
|
static inline const struct ofpact *
|
|
|
|
|
|
ofpact_find_type_flattened(const struct ofpact *a, enum ofpact_type type,
|
|
|
|
|
|
const struct ofpact * const end)
|
|
|
|
|
|
{
|
|
|
|
|
|
while (a < end) {
|
|
|
|
|
|
if (a->type == type) {
|
|
|
|
|
|
return a;
|
|
|
|
|
|
}
|
|
|
|
|
|
a = ofpact_next_flattened(a);
|
|
|
|
|
|
}
|
|
|
|
|
|
return NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#define OFPACT_FIND_TYPE_FLATTENED(A, TYPE, END) \
|
|
|
|
|
|
ofpact_get_##TYPE##_nullable( \
|
|
|
|
|
|
ofpact_find_type_flattened(A, OFPACT_##TYPE, END))
|
|
|
|
|
|
|
2012-07-03 22:17:14 -07:00
|
|
|
|
/* Assigns POS to each ofpact, in turn, in the OFPACTS_LEN bytes of ofpacts
|
|
|
|
|
|
* starting at OFPACTS. */
|
|
|
|
|
|
#define OFPACT_FOR_EACH(POS, OFPACTS, OFPACTS_LEN) \
|
|
|
|
|
|
for ((POS) = (OFPACTS); (POS) < ofpact_end(OFPACTS, OFPACTS_LEN); \
|
|
|
|
|
|
(POS) = ofpact_next(POS))
|
2015-11-29 10:51:25 -08:00
|
|
|
|
|
|
|
|
|
|
/* Assigns POS to each ofpact, in turn, in the OFPACTS_LEN bytes of ofpacts
|
|
|
|
|
|
* starting at OFPACTS.
|
|
|
|
|
|
*
|
|
|
|
|
|
* For ofpacts that contain nested ofpacts, this visits each of the inner
|
|
|
|
|
|
* ofpacts as well. */
|
|
|
|
|
|
#define OFPACT_FOR_EACH_FLATTENED(POS, OFPACTS, OFPACTS_LEN) \
|
|
|
|
|
|
for ((POS) = (OFPACTS); (POS) < ofpact_end(OFPACTS, OFPACTS_LEN); \
|
|
|
|
|
|
(POS) = ofpact_next_flattened(POS))
|
2016-07-29 16:52:02 -07:00
|
|
|
|
|
|
|
|
|
|
#define OFPACT_FOR_EACH_TYPE_FLATTENED(POS, TYPE, OFPACTS, OFPACTS_LEN) \
|
|
|
|
|
|
for ((POS) = OFPACT_FIND_TYPE_FLATTENED(OFPACTS, TYPE, \
|
|
|
|
|
|
ofpact_end(OFPACTS, OFPACTS_LEN)); \
|
|
|
|
|
|
(POS); \
|
|
|
|
|
|
(POS) = OFPACT_FIND_TYPE_FLATTENED( \
|
|
|
|
|
|
ofpact_next_flattened(&(POS)->ofpact), TYPE, \
|
|
|
|
|
|
ofpact_end(OFPACTS, OFPACTS_LEN)))
|
2012-07-03 22:17:14 -07:00
|
|
|
|
�
|
|
|
|
|
|
/* Action structure for each OFPACT_*. */
|
|
|
|
|
|
|
2012-10-05 15:56:57 +09:00
|
|
|
|
/* OFPACT_STRIP_VLAN, OFPACT_POP_QUEUE, OFPACT_EXIT, OFPACT_CLEAR_ACTIONS.
|
2012-07-03 22:17:14 -07:00
|
|
|
|
*
|
2012-10-18 07:02:04 +09:00
|
|
|
|
* Used for OFPAT10_STRIP_VLAN, NXAST_POP_QUEUE, NXAST_EXIT,
|
2012-10-18 03:51:58 +09:00
|
|
|
|
* OFPAT11_POP_VLAN, OFPIT11_CLEAR_ACTIONS.
|
2012-07-03 22:17:14 -07:00
|
|
|
|
*
|
|
|
|
|
|
* Action structure for actions that do not have any extra data beyond the
|
|
|
|
|
|
* action type. */
|
|
|
|
|
|
struct ofpact_null {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* OFPACT_OUTPUT.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for OFPAT10_OUTPUT. */
|
|
|
|
|
|
struct ofpact_output {
|
|
|
|
|
|
struct ofpact ofpact;
|
2013-06-19 16:58:44 -07:00
|
|
|
|
ofp_port_t port; /* Output port. */
|
2012-07-03 22:17:14 -07:00
|
|
|
|
uint16_t max_len; /* Max send len, for port OFPP_CONTROLLER. */
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* OFPACT_CONTROLLER.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_CONTROLLER. */
|
|
|
|
|
|
struct ofpact_controller {
|
2016-03-01 18:14:37 -08:00
|
|
|
|
OFPACT_PADDED_MEMBERS(
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
uint16_t max_len; /* Max length to send to controller. */
|
|
|
|
|
|
uint16_t controller_id; /* Controller ID to send packet-in. */
|
|
|
|
|
|
enum ofp_packet_in_reason reason; /* Reason to put in packet-in. */
|
2016-02-19 15:53:26 -08:00
|
|
|
|
|
2016-03-01 18:14:37 -08:00
|
|
|
|
/* If true, this action freezes packet traversal of the OpenFlow
|
|
|
|
|
|
* tables and adds a continuation to the packet-in message, that
|
|
|
|
|
|
* a controller can use to resume that traversal. */
|
|
|
|
|
|
bool pause;
|
Implement serializing the state of packet traversal in "continuations".
One purpose of OpenFlow packet-in messages is to allow a controller to
interpose on the path of a packet through the flow tables. If, for
example, the controller needs to modify a packet in some way that the
switch doesn't directly support, the controller should be able to
program the switch to send it the packet, then modify the packet and
send it back to the switch to continue through the flow table.
That's the theory. In practice, this doesn't work with any but the
simplest flow tables. Packet-in messages simply don't include enough
context to allow the flow table traversal to continue. For example:
* Via "resubmit" actions, an Open vSwitch packet can have an
effective "call stack", but a packet-in can't describe it, and
so it would be lost.
* A packet-in can't preserve the stack used by NXAST_PUSH and
NXAST_POP actions.
* A packet-in can't preserve the OpenFlow 1.1+ action set.
* A packet-in can't preserve the state of Open vSwitch mirroring
or connection tracking.
This commit introduces a solution called "continuations". A continuation
is the state of a packet's traversal through OpenFlow flow tables. A
"controller" action with the "pause" flag, which is newly implemented in
this commit, generates a continuation and sends it to the OpenFlow
controller in a packet-in asynchronous message (only NXT_PACKET_IN2
supports continuations, so the controller must configure them with
NXT_SET_PACKET_IN_FORMAT). The controller processes the packet-in,
possibly modifying some of its data, and sends it back to the switch with
an NXT_RESUME request, which causes flow table traversal to continue. In
principle, a single packet can be paused and resumed multiple times.
Another way to look at it is:
- "pause" is an extension of the existing OFPAT_CONTROLLER
action. It sends the packet to the controller, with full
pipeline context (some of which is switch implementation
dependent, and may thus vary from switch to switch).
- A continuation is an extension of OFPT_PACKET_IN, allowing for
implementation dependent metadata.
- NXT_RESUME is an extension of OFPT_PACKET_OUT, with the
semantics that the pipeline processing is continued with the
original translation context from where it was left at the time
it was paused.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>
2016-02-19 16:10:06 -08:00
|
|
|
|
|
2016-03-01 18:14:37 -08:00
|
|
|
|
/* Arbitrary data to include in the packet-in message (currently,
|
|
|
|
|
|
* only in NXT_PACKET_IN2). */
|
|
|
|
|
|
uint16_t userdata_len;
|
|
|
|
|
|
);
|
|
|
|
|
|
uint8_t userdata[0];
|
2012-07-03 22:17:14 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* OFPACT_ENQUEUE.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for OFPAT10_ENQUEUE. */
|
|
|
|
|
|
struct ofpact_enqueue {
|
|
|
|
|
|
struct ofpact ofpact;
|
2013-06-19 16:58:44 -07:00
|
|
|
|
ofp_port_t port;
|
2012-07-03 22:17:14 -07:00
|
|
|
|
uint32_t queue;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* OFPACT_OUTPUT_REG.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_OUTPUT_REG. */
|
|
|
|
|
|
struct ofpact_output_reg {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
uint16_t max_len;
|
2014-04-29 15:50:38 -07:00
|
|
|
|
struct mf_subfield src;
|
2012-07-03 22:17:14 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
ofp-actions: Add truncate action.
The patch adds a new action to support packet truncation. The new action
is formatted as 'output(port=n,max_len=m)', as output to port n, with
packet size being MIN(original_size, m).
One use case is to enable port mirroring to send smaller packets to the
destination port so that only useful packet information is mirrored/copied,
saving some performance overhead of copying entire packet payload. Example
use case is below as well as shown in the testcases:
- Output to port 1 with max_len 100 bytes.
- The output packet size on port 1 will be MIN(original_packet_size, 100).
# ovs-ofctl add-flow br0 'actions=output(port=1,max_len=100)'
- The scope of max_len is limited to output action itself. The following
packet size of output:1 and output:2 will be intact.
# ovs-ofctl add-flow br0 \
'actions=output(port=1,max_len=100),output:1,output:2'
- The Datapath actions shows:
# Datapath actions: trunc(100),1,1,2
Tested-at: https://travis-ci.org/williamtu/ovs-travis/builds/140037134
Signed-off-by: William Tu <u9012063@gmail.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
2016-06-24 07:42:30 -07:00
|
|
|
|
/* OFPACT_OUTPUT_TRUNC.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_OUTPUT_TRUNC. */
|
|
|
|
|
|
struct ofpact_output_trunc {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
ofp_port_t port; /* Output port. */
|
|
|
|
|
|
uint32_t max_len; /* Max send len. */
|
|
|
|
|
|
};
|
|
|
|
|
|
|
ofp-actions: Centralize all OpenFlow action code for maintainability.
Until now, knowledge about OpenFlow has been somewhat scattered around the
tree. Some of it is in ofp-actions, some of it is in ofp-util, some in
separate files for individual actions, and most of the wire format
declarations are in include/openflow. This commit centralizes all of that
in ofp-actions.
Encoding and decoding OpenFlow actions was previously broken up by OpenFlow
version. This was OK with only OpenFlow 1.0 and 1.1, but each additional
version added a new wrapper around the existing ones, which started to
become hard to understand. This commit merges all of the processing for
the different versions, to the extent that they are similar, making the
version differences clearer.
Previously, ofp-actions contained OpenFlow encoding and decoding, plus
ofpact formatting, but OpenFlow parsing was separated into ofp-parse, which
seems an odd division. This commit moves the parsing code into ofp-actions
with the rest of the code.
Before this commit, the four main bits of code associated with a particular
ofpact--OpenFlow encoding and decoding, ofpact formatting and parsing--were
all found far away from each other. This often made it hard to see what
was going on for a particular ofpact, since you had to search around to
many different pieces of code. This commit reorganizes so that all of the
code for a given ofpact is in a single place.
As a code refactoring, this commit has little visible behavioral change.
The update to ofproto-dpif.at illustrates one minor bug fix as a side
effect: a flow that was added with the action "dec_ttl" (a standard
OpenFlow action) was previously formatted as "dec_ttl(0)" (using a Nicira
extension to specifically direct packets bounced to the controller because
of too-low TTL), but after this commit it is correctly formatted as
"dec_ttl".
The other visible effect is to drop support for the Nicira extension
dec_ttl action in OpenFlow 1.1 and later in favor of the equivalent
standard action. It seems unlikely that anyone was really using the
Nicira extension in OF1.1 or later.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2014-08-11 12:50:36 -07:00
|
|
|
|
/* Bundle slave choice algorithm to apply.
|
|
|
|
|
|
*
|
|
|
|
|
|
* In the descriptions below, 'slaves' is the list of possible slaves in the
|
|
|
|
|
|
* order they appear in the OpenFlow action. */
|
|
|
|
|
|
enum nx_bd_algorithm {
|
|
|
|
|
|
/* Chooses the first live slave listed in the bundle.
|
|
|
|
|
|
*
|
|
|
|
|
|
* O(n_slaves) performance. */
|
|
|
|
|
|
NX_BD_ALG_ACTIVE_BACKUP = 0,
|
|
|
|
|
|
|
|
|
|
|
|
/* Highest Random Weight.
|
|
|
|
|
|
*
|
|
|
|
|
|
* for i in [0,n_slaves):
|
|
|
|
|
|
* weights[i] = hash(flow, i)
|
|
|
|
|
|
* slave = { slaves[i] such that weights[i] >= weights[j] for all j != i }
|
|
|
|
|
|
*
|
|
|
|
|
|
* Redistributes 1/n_slaves of traffic when a slave's liveness changes.
|
|
|
|
|
|
* O(n_slaves) performance.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Uses the 'fields' and 'basis' parameters. */
|
|
|
|
|
|
NX_BD_ALG_HRW = 1
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2012-07-03 22:17:14 -07:00
|
|
|
|
/* OFPACT_BUNDLE.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_BUNDLE. */
|
|
|
|
|
|
struct ofpact_bundle {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
|
|
|
|
|
|
/* Slave choice algorithm to apply to hash value. */
|
|
|
|
|
|
enum nx_bd_algorithm algorithm;
|
|
|
|
|
|
|
|
|
|
|
|
/* What fields to hash and how. */
|
|
|
|
|
|
enum nx_hash_fields fields;
|
|
|
|
|
|
uint16_t basis; /* Universal hash parameter. */
|
|
|
|
|
|
|
|
|
|
|
|
struct mf_subfield dst;
|
|
|
|
|
|
|
|
|
|
|
|
/* Slaves for output. */
|
|
|
|
|
|
unsigned int n_slaves;
|
2013-06-19 16:58:44 -07:00
|
|
|
|
ofp_port_t slaves[];
|
2012-07-03 22:17:14 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* OFPACT_SET_VLAN_VID.
|
|
|
|
|
|
*
|
2013-10-24 13:19:25 -07:00
|
|
|
|
* We keep track if vlan was present at action validation time to avoid a
|
|
|
|
|
|
* PUSH_VLAN when translating to OpenFlow 1.1+.
|
|
|
|
|
|
*
|
|
|
|
|
|
* We also keep the originating OFPUTIL action code in ofpact.compat.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for OFPAT10_SET_VLAN_VID and OFPAT11_SET_VLAN_VID. */
|
2012-07-03 22:17:14 -07:00
|
|
|
|
struct ofpact_vlan_vid {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
uint16_t vlan_vid; /* VLAN VID in low 12 bits, 0 in other bits. */
|
2013-10-24 13:19:25 -07:00
|
|
|
|
bool push_vlan_if_needed; /* OF 1.0 semantics if true. */
|
|
|
|
|
|
bool flow_has_vlan; /* VLAN present at action validation time? */
|
2012-07-03 22:17:14 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* OFPACT_SET_VLAN_PCP.
|
|
|
|
|
|
*
|
2013-10-24 13:19:25 -07:00
|
|
|
|
* We keep track if vlan was present at action validation time to avoid a
|
|
|
|
|
|
* PUSH_VLAN when translating to OpenFlow 1.1+.
|
|
|
|
|
|
*
|
|
|
|
|
|
* We also keep the originating OFPUTIL action code in ofpact.compat.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for OFPAT10_SET_VLAN_PCP and OFPAT11_SET_VLAN_PCP. */
|
2012-07-03 22:17:14 -07:00
|
|
|
|
struct ofpact_vlan_pcp {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
uint8_t vlan_pcp; /* VLAN PCP in low 3 bits, 0 in other bits. */
|
2013-10-24 13:19:25 -07:00
|
|
|
|
bool push_vlan_if_needed; /* OF 1.0 semantics if true. */
|
|
|
|
|
|
bool flow_has_vlan; /* VLAN present at action validation time? */
|
2012-07-03 22:17:14 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* OFPACT_SET_ETH_SRC, OFPACT_SET_ETH_DST.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for OFPAT10_SET_DL_SRC, OFPAT10_SET_DL_DST. */
|
|
|
|
|
|
struct ofpact_mac {
|
|
|
|
|
|
struct ofpact ofpact;
|
2015-08-28 14:55:11 -07:00
|
|
|
|
struct eth_addr mac;
|
2012-07-03 22:17:14 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* OFPACT_SET_IPV4_SRC, OFPACT_SET_IPV4_DST.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for OFPAT10_SET_NW_SRC, OFPAT10_SET_NW_DST. */
|
|
|
|
|
|
struct ofpact_ipv4 {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
ovs_be32 ipv4;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2013-10-23 09:58:34 -07:00
|
|
|
|
/* OFPACT_SET_IP_DSCP.
|
2012-07-03 22:17:14 -07:00
|
|
|
|
*
|
|
|
|
|
|
* Used for OFPAT10_SET_NW_TOS. */
|
|
|
|
|
|
struct ofpact_dscp {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
uint8_t dscp; /* DSCP in high 6 bits, rest ignored. */
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2013-10-22 17:20:43 -07:00
|
|
|
|
/* OFPACT_SET_IP_ECN.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for OFPAT11_SET_NW_ECN. */
|
|
|
|
|
|
struct ofpact_ecn {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
uint8_t ecn; /* ECN in low 2 bits, rest ignored. */
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2013-10-22 17:20:44 -07:00
|
|
|
|
/* OFPACT_SET_IP_TTL.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for OFPAT11_SET_NW_TTL. */
|
|
|
|
|
|
struct ofpact_ip_ttl {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
uint8_t ttl;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2012-07-03 22:17:14 -07:00
|
|
|
|
/* OFPACT_SET_L4_SRC_PORT, OFPACT_SET_L4_DST_PORT.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for OFPAT10_SET_TP_SRC, OFPAT10_SET_TP_DST. */
|
|
|
|
|
|
struct ofpact_l4_port {
|
|
|
|
|
|
struct ofpact ofpact;
|
2013-10-24 13:19:32 -07:00
|
|
|
|
uint16_t port; /* TCP, UDP or SCTP port number. */
|
|
|
|
|
|
uint8_t flow_ip_proto; /* IP proto from corresponding match, or 0 */
|
2012-07-03 22:17:14 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* OFPACT_REG_MOVE.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_REG_MOVE. */
|
|
|
|
|
|
struct ofpact_reg_move {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
struct mf_subfield src;
|
|
|
|
|
|
struct mf_subfield dst;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2013-03-05 16:27:55 -08:00
|
|
|
|
/* OFPACT_STACK_PUSH.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_STACK_PUSH and NXAST_STACK_POP. */
|
|
|
|
|
|
struct ofpact_stack {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
struct mf_subfield subfield;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2013-10-24 13:19:29 -07:00
|
|
|
|
/* OFPACT_SET_FIELD.
|
|
|
|
|
|
*
|
2014-10-07 16:49:50 -07:00
|
|
|
|
* Used for NXAST_REG_LOAD and OFPAT12_SET_FIELD. */
|
2013-10-24 13:19:29 -07:00
|
|
|
|
struct ofpact_set_field {
|
2016-08-31 08:43:48 -07:00
|
|
|
|
OFPACT_PADDED_MEMBERS(
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
bool flow_has_vlan; /* VLAN present at action validation time. */
|
|
|
|
|
|
const struct mf_field *field;
|
|
|
|
|
|
);
|
|
|
|
|
|
union mf_value value[]; /* Significant value bytes followed by
|
|
|
|
|
|
* significant mask bytes. */
|
2013-10-24 13:19:29 -07:00
|
|
|
|
};
|
2016-08-31 08:43:48 -07:00
|
|
|
|
BUILD_ASSERT_DECL(offsetof(struct ofpact_set_field, value)
|
|
|
|
|
|
% OFPACT_ALIGNTO == 0);
|
|
|
|
|
|
BUILD_ASSERT_DECL(offsetof(struct ofpact_set_field, value)
|
|
|
|
|
|
== sizeof(struct ofpact_set_field));
|
|
|
|
|
|
|
|
|
|
|
|
/* Use macro to not have to deal with constness. */
|
|
|
|
|
|
#define ofpact_set_field_mask(SF) \
|
|
|
|
|
|
ALIGNED_CAST(union mf_value *, \
|
|
|
|
|
|
(uint8_t *)(SF)->value + (SF)->field->n_bytes)
|
2013-10-24 13:19:29 -07:00
|
|
|
|
|
2013-01-25 16:22:07 +09:00
|
|
|
|
/* OFPACT_PUSH_VLAN/MPLS/PBB
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_PUSH_MPLS, OFPAT11_PUSH_MPLS. */
|
|
|
|
|
|
struct ofpact_push_mpls {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
ovs_be16 ethertype;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* OFPACT_POP_MPLS
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_POP_MPLS, OFPAT11_POP_MPLS.. */
|
|
|
|
|
|
struct ofpact_pop_mpls {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
ovs_be16 ethertype;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2012-07-03 22:17:14 -07:00
|
|
|
|
/* OFPACT_SET_TUNNEL.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_SET_TUNNEL, NXAST_SET_TUNNEL64. */
|
|
|
|
|
|
struct ofpact_tunnel {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
uint64_t tun_id;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* OFPACT_SET_QUEUE.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_SET_QUEUE. */
|
|
|
|
|
|
struct ofpact_queue {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
uint32_t queue_id;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* OFPACT_FIN_TIMEOUT.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_FIN_TIMEOUT. */
|
|
|
|
|
|
struct ofpact_fin_timeout {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
uint16_t fin_idle_timeout;
|
|
|
|
|
|
uint16_t fin_hard_timeout;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2012-10-19 02:37:37 +09:00
|
|
|
|
/* OFPACT_WRITE_METADATA.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_WRITE_METADATA. */
|
|
|
|
|
|
struct ofpact_metadata {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
ovs_be64 metadata;
|
|
|
|
|
|
ovs_be64 mask;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2013-06-20 17:26:18 +03:00
|
|
|
|
/* OFPACT_METER.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for OFPIT13_METER. */
|
|
|
|
|
|
struct ofpact_meter {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
uint32_t meter_id;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
ofp-actions: Add clone action.
This patch adds OpenFlow clone action with syntax as below:
"clone([action][,action...])". The clone() action makes a copy of the
current packet and executes the list of actions against the packet,
without affecting the packet after the "clone(...)" action. In other
word, the packet before the clone() and after the clone() is the same,
no matter what actions executed inside the clone().
Use case 1:
Set different fields and output to different ports without unset
actions=
clone(mod_dl_src:<mac1>, output:1), clone(mod_dl_dst:<mac2>, output:2), output:3
Since each clone() has independent packet, output:1 has only dl_src modified,
output:2 has only dl_dst modified, output:3 has original packet.
Similar to case1
actions=
push_vlan(...), output:2, pop_vlan, push_vlan(...), output:3
can be changed to
actions=
clone(push_vlan(...), output:2),clone(push_vlan(...), output:3)
without having to add pop_vlan.
case 2: resubmit to another table without worrying packet being modified
actions=clone(resubmit(1,2)), ...
Signed-off-by: William Tu <u9012063@gmail.com>
[blp@ovn.org revised this to omit the "sample" action]
Signed-off-by: Ben Pfaff <blp@ovn.org>
2016-12-18 00:13:02 -08:00
|
|
|
|
/* OFPACT_WRITE_ACTIONS, OFPACT_CLONE.
|
2013-10-11 13:23:29 +09:00
|
|
|
|
*
|
ofp-actions: Add clone action.
This patch adds OpenFlow clone action with syntax as below:
"clone([action][,action...])". The clone() action makes a copy of the
current packet and executes the list of actions against the packet,
without affecting the packet after the "clone(...)" action. In other
word, the packet before the clone() and after the clone() is the same,
no matter what actions executed inside the clone().
Use case 1:
Set different fields and output to different ports without unset
actions=
clone(mod_dl_src:<mac1>, output:1), clone(mod_dl_dst:<mac2>, output:2), output:3
Since each clone() has independent packet, output:1 has only dl_src modified,
output:2 has only dl_dst modified, output:3 has original packet.
Similar to case1
actions=
push_vlan(...), output:2, pop_vlan, push_vlan(...), output:3
can be changed to
actions=
clone(push_vlan(...), output:2),clone(push_vlan(...), output:3)
without having to add pop_vlan.
case 2: resubmit to another table without worrying packet being modified
actions=clone(resubmit(1,2)), ...
Signed-off-by: William Tu <u9012063@gmail.com>
[blp@ovn.org revised this to omit the "sample" action]
Signed-off-by: Ben Pfaff <blp@ovn.org>
2016-12-18 00:13:02 -08:00
|
|
|
|
* Used for OFPIT11_WRITE_ACTIONS, NXAST_CLONE. */
|
2013-10-11 13:23:29 +09:00
|
|
|
|
struct ofpact_nest {
|
2016-02-18 10:12:04 -08:00
|
|
|
|
OFPACT_PADDED_MEMBERS(struct ofpact ofpact;);
|
2013-10-11 13:23:29 +09:00
|
|
|
|
struct ofpact actions[];
|
|
|
|
|
|
};
|
2014-03-12 09:40:36 -07:00
|
|
|
|
BUILD_ASSERT_DECL(offsetof(struct ofpact_nest, actions) % OFPACT_ALIGNTO == 0);
|
ofp-actions: Centralize all OpenFlow action code for maintainability.
Until now, knowledge about OpenFlow has been somewhat scattered around the
tree. Some of it is in ofp-actions, some of it is in ofp-util, some in
separate files for individual actions, and most of the wire format
declarations are in include/openflow. This commit centralizes all of that
in ofp-actions.
Encoding and decoding OpenFlow actions was previously broken up by OpenFlow
version. This was OK with only OpenFlow 1.0 and 1.1, but each additional
version added a new wrapper around the existing ones, which started to
become hard to understand. This commit merges all of the processing for
the different versions, to the extent that they are similar, making the
version differences clearer.
Previously, ofp-actions contained OpenFlow encoding and decoding, plus
ofpact formatting, but OpenFlow parsing was separated into ofp-parse, which
seems an odd division. This commit moves the parsing code into ofp-actions
with the rest of the code.
Before this commit, the four main bits of code associated with a particular
ofpact--OpenFlow encoding and decoding, ofpact formatting and parsing--were
all found far away from each other. This often made it hard to see what
was going on for a particular ofpact, since you had to search around to
many different pieces of code. This commit reorganizes so that all of the
code for a given ofpact is in a single place.
As a code refactoring, this commit has little visible behavioral change.
The update to ofproto-dpif.at illustrates one minor bug fix as a side
effect: a flow that was added with the action "dec_ttl" (a standard
OpenFlow action) was previously formatted as "dec_ttl(0)" (using a Nicira
extension to specifically direct packets bounced to the controller because
of too-low TTL), but after this commit it is correctly formatted as
"dec_ttl".
The other visible effect is to drop support for the Nicira extension
dec_ttl action in OpenFlow 1.1 and later in favor of the equivalent
standard action. It seems unlikely that anyone was really using the
Nicira extension in OF1.1 or later.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2014-08-11 12:50:36 -07:00
|
|
|
|
BUILD_ASSERT_DECL(offsetof(struct ofpact_nest, actions)
|
|
|
|
|
|
== sizeof(struct ofpact_nest));
|
2013-10-11 13:23:29 +09:00
|
|
|
|
|
2016-12-15 09:25:04 -08:00
|
|
|
|
static inline size_t
|
|
|
|
|
|
ofpact_nest_get_action_len(const struct ofpact_nest *on)
|
|
|
|
|
|
{
|
|
|
|
|
|
return on->ofpact.len - offsetof(struct ofpact_nest, actions);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
Add support for connection tracking.
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
|
|
|
|
/* Bits for 'flags' in struct nx_action_conntrack.
|
|
|
|
|
|
*
|
|
|
|
|
|
* If NX_CT_F_COMMIT is set, then the connection entry is moved from the
|
|
|
|
|
|
* unconfirmed to confirmed list in the tracker. */
|
|
|
|
|
|
enum nx_conntrack_flags {
|
|
|
|
|
|
NX_CT_F_COMMIT = 1 << 0,
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* Magic value for struct nx_action_conntrack 'recirc_table' field, to specify
|
|
|
|
|
|
* that the packet should not be recirculated. */
|
|
|
|
|
|
#define NX_CT_RECIRC_NONE OFPTT_ALL
|
|
|
|
|
|
|
2015-10-14 04:41:47 +00:00
|
|
|
|
#if !defined(IPPORT_FTP)
|
2016-09-27 14:45:34 -07:00
|
|
|
|
#define IPPORT_FTP 21
|
2015-10-14 04:41:47 +00:00
|
|
|
|
#endif
|
|
|
|
|
|
|
2016-12-22 10:58:25 -08:00
|
|
|
|
#if !defined(IPPORT_TFTP)
|
|
|
|
|
|
#define IPPORT_TFTP 69
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
Add support for connection tracking.
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
|
|
|
|
/* OFPACT_CT.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_CT. */
|
|
|
|
|
|
struct ofpact_conntrack {
|
2016-02-18 10:12:04 -08:00
|
|
|
|
OFPACT_PADDED_MEMBERS(
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
uint16_t flags;
|
|
|
|
|
|
uint16_t zone_imm;
|
|
|
|
|
|
struct mf_subfield zone_src;
|
|
|
|
|
|
uint16_t alg;
|
|
|
|
|
|
uint8_t recirc_table;
|
|
|
|
|
|
);
|
2015-10-16 15:31:59 -07:00
|
|
|
|
struct ofpact actions[0];
|
Add support for connection tracking.
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
|
|
|
|
};
|
Add connection tracking mark support.
This patch adds a new 32-bit metadata field to the connection tracking
interface. When a mark is specified as part of the ct action and the
connection is committed, the value is saved with the current connection.
Subsequent ct lookups with the table specified will expose this metadata
as the "ct_mark" field in the flow.
For example, to allow new TCP connections from port 1->2 and only allow
established connections from port 2->1, and to associate a mark with those
connections:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2
table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1)
table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
|
|
|
|
BUILD_ASSERT_DECL(offsetof(struct ofpact_conntrack, actions)
|
|
|
|
|
|
% OFPACT_ALIGNTO == 0);
|
|
|
|
|
|
BUILD_ASSERT_DECL(offsetof(struct ofpact_conntrack, actions)
|
|
|
|
|
|
== sizeof(struct ofpact_conntrack));
|
|
|
|
|
|
|
|
|
|
|
|
static inline size_t
|
|
|
|
|
|
ofpact_ct_get_action_len(const struct ofpact_conntrack *oc)
|
|
|
|
|
|
{
|
|
|
|
|
|
return oc->ofpact.len - offsetof(struct ofpact_conntrack, actions);
|
|
|
|
|
|
}
|
Add support for connection tracking.
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
|
|
|
|
|
2013-10-11 13:23:29 +09:00
|
|
|
|
void ofpacts_execute_action_set(struct ofpbuf *action_list,
|
|
|
|
|
|
const struct ofpbuf *action_set);
|
|
|
|
|
|
|
2015-11-24 15:47:56 -08:00
|
|
|
|
/* Bits for 'flags' in struct nx_action_nat.
|
|
|
|
|
|
*/
|
|
|
|
|
|
enum nx_nat_flags {
|
2016-05-18 16:28:36 -07:00
|
|
|
|
NX_NAT_F_SRC = 1 << 0, /* Mutually exclusive with NX_NAT_F_DST. */
|
2015-11-24 15:47:56 -08:00
|
|
|
|
NX_NAT_F_DST = 1 << 1,
|
|
|
|
|
|
NX_NAT_F_PERSISTENT = 1 << 2,
|
2016-05-18 16:28:36 -07:00
|
|
|
|
NX_NAT_F_PROTO_HASH = 1 << 3, /* Mutually exclusive with PROTO_RANDOM. */
|
2015-11-24 15:47:56 -08:00
|
|
|
|
NX_NAT_F_PROTO_RANDOM = 1 << 4,
|
2016-05-18 16:28:36 -07:00
|
|
|
|
NX_NAT_F_MASK = (NX_NAT_F_SRC | NX_NAT_F_DST | NX_NAT_F_PERSISTENT | NX_NAT_F_PROTO_HASH | NX_NAT_F_PROTO_RANDOM)
|
2015-11-24 15:47:56 -08:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* OFPACT_NAT.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_NAT. */
|
|
|
|
|
|
struct ofpact_nat {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
uint8_t range_af; /* AF_UNSPEC, AF_INET, or AF_INET6 */
|
|
|
|
|
|
uint16_t flags; /* NX_NAT_F_* */
|
|
|
|
|
|
struct {
|
|
|
|
|
|
struct {
|
|
|
|
|
|
uint16_t min;
|
|
|
|
|
|
uint16_t max;
|
|
|
|
|
|
} proto;
|
|
|
|
|
|
union {
|
|
|
|
|
|
struct {
|
|
|
|
|
|
ovs_be32 min;
|
|
|
|
|
|
ovs_be32 max;
|
|
|
|
|
|
} ipv4;
|
|
|
|
|
|
struct {
|
|
|
|
|
|
struct in6_addr min;
|
|
|
|
|
|
struct in6_addr max;
|
|
|
|
|
|
} ipv6;
|
|
|
|
|
|
} addr;
|
|
|
|
|
|
} range;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
2012-07-03 22:17:14 -07:00
|
|
|
|
/* OFPACT_RESUBMIT.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_RESUBMIT, NXAST_RESUBMIT_TABLE. */
|
|
|
|
|
|
struct ofpact_resubmit {
|
|
|
|
|
|
struct ofpact ofpact;
|
2013-06-19 16:58:44 -07:00
|
|
|
|
ofp_port_t in_port;
|
2012-07-03 22:17:14 -07:00
|
|
|
|
uint8_t table_id;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
ofp-actions: Centralize all OpenFlow action code for maintainability.
Until now, knowledge about OpenFlow has been somewhat scattered around the
tree. Some of it is in ofp-actions, some of it is in ofp-util, some in
separate files for individual actions, and most of the wire format
declarations are in include/openflow. This commit centralizes all of that
in ofp-actions.
Encoding and decoding OpenFlow actions was previously broken up by OpenFlow
version. This was OK with only OpenFlow 1.0 and 1.1, but each additional
version added a new wrapper around the existing ones, which started to
become hard to understand. This commit merges all of the processing for
the different versions, to the extent that they are similar, making the
version differences clearer.
Previously, ofp-actions contained OpenFlow encoding and decoding, plus
ofpact formatting, but OpenFlow parsing was separated into ofp-parse, which
seems an odd division. This commit moves the parsing code into ofp-actions
with the rest of the code.
Before this commit, the four main bits of code associated with a particular
ofpact--OpenFlow encoding and decoding, ofpact formatting and parsing--were
all found far away from each other. This often made it hard to see what
was going on for a particular ofpact, since you had to search around to
many different pieces of code. This commit reorganizes so that all of the
code for a given ofpact is in a single place.
As a code refactoring, this commit has little visible behavioral change.
The update to ofproto-dpif.at illustrates one minor bug fix as a side
effect: a flow that was added with the action "dec_ttl" (a standard
OpenFlow action) was previously formatted as "dec_ttl(0)" (using a Nicira
extension to specifically direct packets bounced to the controller because
of too-low TTL), but after this commit it is correctly formatted as
"dec_ttl".
The other visible effect is to drop support for the Nicira extension
dec_ttl action in OpenFlow 1.1 and later in favor of the equivalent
standard action. It seems unlikely that anyone was really using the
Nicira extension in OF1.1 or later.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2014-08-11 12:50:36 -07:00
|
|
|
|
/* Bits for 'flags' in struct nx_action_learn.
|
|
|
|
|
|
*
|
|
|
|
|
|
* If NX_LEARN_F_SEND_FLOW_REM is set, then the learned flows will have their
|
|
|
|
|
|
* OFPFF_SEND_FLOW_REM flag set.
|
|
|
|
|
|
*
|
|
|
|
|
|
* If NX_LEARN_F_DELETE_LEARNED is set, then removing this action will delete
|
|
|
|
|
|
* all the flows from the learn action's 'table_id' that have the learn
|
|
|
|
|
|
* action's 'cookie'. Important points:
|
|
|
|
|
|
*
|
|
|
|
|
|
* - The deleted flows include those created by this action, those created
|
|
|
|
|
|
* by other learn actions with the same 'table_id' and 'cookie', those
|
|
|
|
|
|
* created by flow_mod requests by a controller in the specified table
|
|
|
|
|
|
* with the specified cookie, and those created through any other
|
|
|
|
|
|
* means.
|
|
|
|
|
|
*
|
|
|
|
|
|
* - If multiple flows specify "learn" actions with
|
|
|
|
|
|
* NX_LEARN_F_DELETE_LEARNED with the same 'table_id' and 'cookie', then
|
|
|
|
|
|
* no deletion occurs until all of those "learn" actions are deleted.
|
|
|
|
|
|
*
|
|
|
|
|
|
* - Deleting a flow that contains a learn action is the most obvious way
|
|
|
|
|
|
* to delete a learn action. Modifying a flow's actions, or replacing it
|
|
|
|
|
|
* by a new flow, can also delete a learn action. Finally, replacing a
|
|
|
|
|
|
* learn action with NX_LEARN_F_DELETE_LEARNED with a learn action
|
|
|
|
|
|
* without that flag also effectively deletes the learn action and can
|
|
|
|
|
|
* trigger flow deletion.
|
|
|
|
|
|
*
|
|
|
|
|
|
* NX_LEARN_F_DELETE_LEARNED was added in Open vSwitch 2.4. */
|
|
|
|
|
|
enum nx_learn_flags {
|
|
|
|
|
|
NX_LEARN_F_SEND_FLOW_REM = 1 << 0,
|
|
|
|
|
|
NX_LEARN_F_DELETE_LEARNED = 1 << 1,
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
#define NX_LEARN_N_BITS_MASK 0x3ff
|
|
|
|
|
|
|
|
|
|
|
|
#define NX_LEARN_SRC_FIELD (0 << 13) /* Copy from field. */
|
|
|
|
|
|
#define NX_LEARN_SRC_IMMEDIATE (1 << 13) /* Copy from immediate value. */
|
|
|
|
|
|
#define NX_LEARN_SRC_MASK (1 << 13)
|
|
|
|
|
|
|
|
|
|
|
|
#define NX_LEARN_DST_MATCH (0 << 11) /* Add match criterion. */
|
|
|
|
|
|
#define NX_LEARN_DST_LOAD (1 << 11) /* Add NXAST_REG_LOAD action. */
|
|
|
|
|
|
#define NX_LEARN_DST_OUTPUT (2 << 11) /* Add OFPAT_OUTPUT action. */
|
|
|
|
|
|
#define NX_LEARN_DST_RESERVED (3 << 11) /* Not yet defined. */
|
|
|
|
|
|
#define NX_LEARN_DST_MASK (3 << 11)
|
|
|
|
|
|
|
2016-08-31 08:43:48 -07:00
|
|
|
|
/* Part of struct ofpact_learn, below. */
|
|
|
|
|
|
struct ofpact_learn_spec {
|
2016-09-01 13:29:57 -07:00
|
|
|
|
OFPACT_PADDED_MEMBERS(
|
|
|
|
|
|
struct mf_subfield src; /* NX_LEARN_SRC_FIELD only. */
|
|
|
|
|
|
struct mf_subfield dst; /* NX_LEARN_DST_MATCH,
|
|
|
|
|
|
* NX_LEARN_DST_LOAD only. */
|
|
|
|
|
|
uint16_t src_type; /* One of NX_LEARN_SRC_*. */
|
|
|
|
|
|
uint16_t dst_type; /* One of NX_LEARN_DST_*. */
|
|
|
|
|
|
uint8_t n_bits; /* Number of bits in source and dest. */
|
|
|
|
|
|
);
|
|
|
|
|
|
/* Followed by 'DIV_ROUND_UP(n_bits, 8)' bytes of immediate data for
|
|
|
|
|
|
* match 'dst_type's NX_LEARN_DST_MATCH and NX_LEARN_DST_LOAD when
|
|
|
|
|
|
* NX_LEARN_SRC_IMMEDIATE is set in 'src_type', followed by zeroes to align
|
|
|
|
|
|
* to OFPACT_ALIGNTO. */
|
|
|
|
|
|
};
|
|
|
|
|
|
BUILD_ASSERT_DECL(sizeof(struct ofpact_learn_spec) % OFPACT_ALIGNTO == 0);
|
|
|
|
|
|
|
|
|
|
|
|
static inline const void *
|
|
|
|
|
|
ofpact_learn_spec_imm(const struct ofpact_learn_spec *spec)
|
|
|
|
|
|
{
|
|
|
|
|
|
return spec + 1;
|
|
|
|
|
|
}
|
2016-08-31 08:43:48 -07:00
|
|
|
|
|
|
|
|
|
|
static inline const struct ofpact_learn_spec *
|
|
|
|
|
|
ofpact_learn_spec_next(const struct ofpact_learn_spec *spec)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (spec->src_type == NX_LEARN_SRC_IMMEDIATE) {
|
2016-09-01 13:29:57 -07:00
|
|
|
|
unsigned int n_bytes = OFPACT_ALIGN(DIV_ROUND_UP(spec->n_bits, 8));
|
|
|
|
|
|
return ALIGNED_CAST(const struct ofpact_learn_spec *,
|
|
|
|
|
|
(const uint8_t *)(spec + 1) + n_bytes);
|
2016-08-31 08:43:48 -07:00
|
|
|
|
}
|
2016-09-01 13:29:57 -07:00
|
|
|
|
return spec + 1;
|
2016-08-31 08:43:48 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2012-07-03 22:17:14 -07:00
|
|
|
|
/* OFPACT_LEARN.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_LEARN. */
|
|
|
|
|
|
struct ofpact_learn {
|
2016-09-02 13:26:50 -07:00
|
|
|
|
OFPACT_PADDED_MEMBERS(
|
|
|
|
|
|
struct ofpact ofpact;
|
2012-07-03 22:17:14 -07:00
|
|
|
|
|
2016-09-02 13:26:50 -07:00
|
|
|
|
uint16_t idle_timeout; /* Idle time before discarding (seconds). */
|
|
|
|
|
|
uint16_t hard_timeout; /* Max time before discarding (seconds). */
|
|
|
|
|
|
uint16_t priority; /* Priority level of flow entry. */
|
|
|
|
|
|
uint8_t table_id; /* Table to insert flow entry. */
|
|
|
|
|
|
enum nx_learn_flags flags; /* NX_LEARN_F_*. */
|
|
|
|
|
|
ovs_be64 cookie; /* Cookie for new flow. */
|
|
|
|
|
|
uint16_t fin_idle_timeout; /* Idle timeout after FIN, if nonzero. */
|
|
|
|
|
|
uint16_t fin_hard_timeout; /* Hard timeout after FIN, if nonzero. */
|
|
|
|
|
|
);
|
2012-07-03 22:17:14 -07:00
|
|
|
|
|
|
|
|
|
|
struct ofpact_learn_spec specs[];
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2016-09-02 13:26:50 -07:00
|
|
|
|
static inline const struct ofpact_learn_spec *
|
|
|
|
|
|
ofpact_learn_spec_end(const struct ofpact_learn *learn)
|
|
|
|
|
|
{
|
|
|
|
|
|
return ALIGNED_CAST(const struct ofpact_learn_spec *,
|
|
|
|
|
|
ofpact_next(&learn->ofpact));
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#define OFPACT_LEARN_SPEC_FOR_EACH(SPEC, LEARN) \
|
|
|
|
|
|
for ((SPEC) = (LEARN)->specs; \
|
|
|
|
|
|
(SPEC) < ofpact_learn_spec_end(LEARN); \
|
|
|
|
|
|
(SPEC) = ofpact_learn_spec_next(SPEC))
|
|
|
|
|
|
|
ofp-actions: Centralize all OpenFlow action code for maintainability.
Until now, knowledge about OpenFlow has been somewhat scattered around the
tree. Some of it is in ofp-actions, some of it is in ofp-util, some in
separate files for individual actions, and most of the wire format
declarations are in include/openflow. This commit centralizes all of that
in ofp-actions.
Encoding and decoding OpenFlow actions was previously broken up by OpenFlow
version. This was OK with only OpenFlow 1.0 and 1.1, but each additional
version added a new wrapper around the existing ones, which started to
become hard to understand. This commit merges all of the processing for
the different versions, to the extent that they are similar, making the
version differences clearer.
Previously, ofp-actions contained OpenFlow encoding and decoding, plus
ofpact formatting, but OpenFlow parsing was separated into ofp-parse, which
seems an odd division. This commit moves the parsing code into ofp-actions
with the rest of the code.
Before this commit, the four main bits of code associated with a particular
ofpact--OpenFlow encoding and decoding, ofpact formatting and parsing--were
all found far away from each other. This often made it hard to see what
was going on for a particular ofpact, since you had to search around to
many different pieces of code. This commit reorganizes so that all of the
code for a given ofpact is in a single place.
As a code refactoring, this commit has little visible behavioral change.
The update to ofproto-dpif.at illustrates one minor bug fix as a side
effect: a flow that was added with the action "dec_ttl" (a standard
OpenFlow action) was previously formatted as "dec_ttl(0)" (using a Nicira
extension to specifically direct packets bounced to the controller because
of too-low TTL), but after this commit it is correctly formatted as
"dec_ttl".
The other visible effect is to drop support for the Nicira extension
dec_ttl action in OpenFlow 1.1 and later in favor of the equivalent
standard action. It seems unlikely that anyone was really using the
Nicira extension in OF1.1 or later.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2014-08-11 12:50:36 -07:00
|
|
|
|
/* Multipath link choice algorithm to apply.
|
|
|
|
|
|
*
|
|
|
|
|
|
* In the descriptions below, 'n_links' is max_link + 1. */
|
|
|
|
|
|
enum nx_mp_algorithm {
|
|
|
|
|
|
/* link = hash(flow) % n_links.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Redistributes all traffic when n_links changes. O(1) performance. See
|
|
|
|
|
|
* RFC 2992.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Use UINT16_MAX for max_link to get a raw hash value. */
|
|
|
|
|
|
NX_MP_ALG_MODULO_N = 0,
|
|
|
|
|
|
|
|
|
|
|
|
/* link = hash(flow) / (MAX_HASH / n_links).
|
|
|
|
|
|
*
|
|
|
|
|
|
* Redistributes between one-quarter and one-half of traffic when n_links
|
|
|
|
|
|
* changes. O(1) performance. See RFC 2992.
|
|
|
|
|
|
*/
|
|
|
|
|
|
NX_MP_ALG_HASH_THRESHOLD = 1,
|
|
|
|
|
|
|
|
|
|
|
|
/* Highest Random Weight.
|
|
|
|
|
|
*
|
|
|
|
|
|
* for i in [0,n_links):
|
|
|
|
|
|
* weights[i] = hash(flow, i)
|
|
|
|
|
|
* link = { i such that weights[i] >= weights[j] for all j != i }
|
|
|
|
|
|
*
|
|
|
|
|
|
* Redistributes 1/n_links of traffic when n_links changes. O(n_links)
|
|
|
|
|
|
* performance. If n_links is greater than a threshold (currently 64, but
|
|
|
|
|
|
* subject to change), Open vSwitch will substitute another algorithm
|
|
|
|
|
|
* automatically. See RFC 2992. */
|
|
|
|
|
|
NX_MP_ALG_HRW = 2,
|
|
|
|
|
|
|
|
|
|
|
|
/* Iterative Hash.
|
|
|
|
|
|
*
|
|
|
|
|
|
* i = 0
|
|
|
|
|
|
* repeat:
|
|
|
|
|
|
* i = i + 1
|
|
|
|
|
|
* link = hash(flow, i) % arg
|
|
|
|
|
|
* while link > max_link
|
|
|
|
|
|
*
|
|
|
|
|
|
* Redistributes 1/n_links of traffic when n_links changes. O(1)
|
|
|
|
|
|
* performance when arg/max_link is bounded by a constant.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Redistributes all traffic when arg changes.
|
|
|
|
|
|
*
|
|
|
|
|
|
* arg must be greater than max_link and for best performance should be no
|
|
|
|
|
|
* more than approximately max_link * 2. If arg is outside the acceptable
|
|
|
|
|
|
* range, Open vSwitch will automatically substitute the least power of 2
|
|
|
|
|
|
* greater than max_link.
|
|
|
|
|
|
*
|
|
|
|
|
|
* This algorithm is specific to Open vSwitch.
|
|
|
|
|
|
*/
|
|
|
|
|
|
NX_MP_ALG_ITER_HASH = 3,
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2015-01-11 13:25:24 -08:00
|
|
|
|
/* OFPACT_CONJUNCTION.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_CONJUNCTION. */
|
|
|
|
|
|
struct ofpact_conjunction {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
uint8_t clause;
|
|
|
|
|
|
uint8_t n_clauses;
|
|
|
|
|
|
uint32_t id;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2012-07-03 22:17:14 -07:00
|
|
|
|
/* OFPACT_MULTIPATH.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_MULTIPATH. */
|
|
|
|
|
|
struct ofpact_multipath {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
|
|
|
|
|
|
/* What fields to hash and how. */
|
|
|
|
|
|
enum nx_hash_fields fields;
|
|
|
|
|
|
uint16_t basis; /* Universal hash parameter. */
|
|
|
|
|
|
|
|
|
|
|
|
/* Multipath link choice algorithm to apply to hash value. */
|
|
|
|
|
|
enum nx_mp_algorithm algorithm;
|
|
|
|
|
|
uint16_t max_link; /* Number of output links, minus 1. */
|
|
|
|
|
|
uint32_t arg; /* Algorithm-specific argument. */
|
|
|
|
|
|
|
|
|
|
|
|
/* Where to store the result. */
|
|
|
|
|
|
struct mf_subfield dst;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* OFPACT_NOTE.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for NXAST_NOTE. */
|
|
|
|
|
|
struct ofpact_note {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
size_t length;
|
|
|
|
|
|
uint8_t data[];
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2016-11-23 23:15:19 -08:00
|
|
|
|
/* Direction of sampled packets. */
|
|
|
|
|
|
enum nx_action_sample_direction {
|
|
|
|
|
|
/* OVS will attempt to infer the sample's direction based on whether
|
|
|
|
|
|
* 'sampling_port' is the packet's output port. This is generally
|
|
|
|
|
|
* effective except when sampling happens as part of an output to a patch
|
|
|
|
|
|
* port, which doesn't involve a datapath output action. */
|
|
|
|
|
|
NX_ACTION_SAMPLE_DEFAULT,
|
|
|
|
|
|
|
|
|
|
|
|
/* Explicit direction. This is useful for sampling packets coming in from
|
|
|
|
|
|
* or going out of a patch port, where the direction cannot be inferred. */
|
|
|
|
|
|
NX_ACTION_SAMPLE_INGRESS,
|
|
|
|
|
|
NX_ACTION_SAMPLE_EGRESS
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2013-04-22 10:01:14 -07:00
|
|
|
|
/* OFPACT_SAMPLE.
|
|
|
|
|
|
*
|
2016-11-23 23:15:19 -08:00
|
|
|
|
* Used for NXAST_SAMPLE, NXAST_SAMPLE2, and NXAST_SAMPLE3. */
|
2013-04-22 10:01:14 -07:00
|
|
|
|
struct ofpact_sample {
|
|
|
|
|
|
struct ofpact ofpact;
|
ipfix: Support tunnel information for Flow IPFIX.
Add support to export tunnel information for flow-based IPFIX.
The original steps to configure flow level IPFIX:
1) Create a new record in Flow_Sample_Collector_Set table:
'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
2) Add IPFIX configuration which is referred by corresponding
row in Flow_Sample_Collector_Set table:
'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX
targets=\"IP:4739\" obs_domain_id=123 obs_point_id=456
cache_active_timeout=60 cache_max_flows=13'
3) Add sample action to the flows:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,
obs_domain_id=123,obs_point_id=456')',output:3'
NXAST_SAMPLE action was used in step 3. In order to support exporting tunnel
information, the NXAST_SAMPLE2 action was added and with NXAST_SAMPLE2 action
in this patch, the step 3 should be configured like below:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
'sampling_port' can be equal to ingress port or one of egress ports. If sampling
port is equal to output port and the output port is a tunnel port,
OVS_USERSPACE_ATTR_EGRESS_TUN_PORT will be set in the datapath flow sample action.
When flow sample action upcall happens, tunnel information will be retrieved from
the datapath and then IPFIX can export egress tunnel port information. If
samping_port=65535 (OFPP_NONE), flow-based IPFIX will keep the same behavior
as before.
This patch mainly do three tasks:
1) Add a new flow sample action NXAST_SAMPLE2 to support exporting
tunnel information. NXAST_SAMPLE2 action has a new added field
'sampling_port'.
2) Use 'other_configure: enable-tunnel-sampling' to enable or disable
exporting tunnel information.
3) If 'sampling_port' is equal to output port and output port is a tunnel
port, the translation of OpenFlow "sample" action should first emit
set(tunnel(...)), then the sample action itself. It makes sure the
egress tunnel information can be sampled.
4) Add a test of flow-based IPFIX for tunnel set.
How to test flow-based IPFIX:
1) Setup a test environment with two Linux host with Docker supported
2) Create a Docker container and a GRE tunnel port on each host
3) Use ovs-docker to add the container on the bridge
4) Listen on port 4739 on the collector machine and use wireshark to filter
'cflow' packets.
5) Configure flow-based IPFIX:
- 'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
- 'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX \
targets=\"IP:4739\" cache_active_timeout=60 cache_max_flows=13 \
other_config:enable-tunnel-sampling=true'
- 'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
Note: The in-port is container port. The output port and sampling_port
are both open flow port and the output port is a GRE tunnel port.
6) Ping from the container whose host enabled flow-based IPFIX.
7) Get the IPFIX template pakcets and IPFIX information packets.
Signed-off-by: Benli Ye <daniely@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2016-06-14 16:53:34 +08:00
|
|
|
|
uint16_t probability; /* Always positive. */
|
2013-04-22 10:01:14 -07:00
|
|
|
|
uint32_t collector_set_id;
|
|
|
|
|
|
uint32_t obs_domain_id;
|
|
|
|
|
|
uint32_t obs_point_id;
|
ipfix: Support tunnel information for Flow IPFIX.
Add support to export tunnel information for flow-based IPFIX.
The original steps to configure flow level IPFIX:
1) Create a new record in Flow_Sample_Collector_Set table:
'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
2) Add IPFIX configuration which is referred by corresponding
row in Flow_Sample_Collector_Set table:
'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX
targets=\"IP:4739\" obs_domain_id=123 obs_point_id=456
cache_active_timeout=60 cache_max_flows=13'
3) Add sample action to the flows:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,
obs_domain_id=123,obs_point_id=456')',output:3'
NXAST_SAMPLE action was used in step 3. In order to support exporting tunnel
information, the NXAST_SAMPLE2 action was added and with NXAST_SAMPLE2 action
in this patch, the step 3 should be configured like below:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
'sampling_port' can be equal to ingress port or one of egress ports. If sampling
port is equal to output port and the output port is a tunnel port,
OVS_USERSPACE_ATTR_EGRESS_TUN_PORT will be set in the datapath flow sample action.
When flow sample action upcall happens, tunnel information will be retrieved from
the datapath and then IPFIX can export egress tunnel port information. If
samping_port=65535 (OFPP_NONE), flow-based IPFIX will keep the same behavior
as before.
This patch mainly do three tasks:
1) Add a new flow sample action NXAST_SAMPLE2 to support exporting
tunnel information. NXAST_SAMPLE2 action has a new added field
'sampling_port'.
2) Use 'other_configure: enable-tunnel-sampling' to enable or disable
exporting tunnel information.
3) If 'sampling_port' is equal to output port and output port is a tunnel
port, the translation of OpenFlow "sample" action should first emit
set(tunnel(...)), then the sample action itself. It makes sure the
egress tunnel information can be sampled.
4) Add a test of flow-based IPFIX for tunnel set.
How to test flow-based IPFIX:
1) Setup a test environment with two Linux host with Docker supported
2) Create a Docker container and a GRE tunnel port on each host
3) Use ovs-docker to add the container on the bridge
4) Listen on port 4739 on the collector machine and use wireshark to filter
'cflow' packets.
5) Configure flow-based IPFIX:
- 'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
- 'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX \
targets=\"IP:4739\" cache_active_timeout=60 cache_max_flows=13 \
other_config:enable-tunnel-sampling=true'
- 'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
Note: The in-port is container port. The output port and sampling_port
are both open flow port and the output port is a GRE tunnel port.
6) Ping from the container whose host enabled flow-based IPFIX.
7) Get the IPFIX template pakcets and IPFIX information packets.
Signed-off-by: Benli Ye <daniely@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2016-06-14 16:53:34 +08:00
|
|
|
|
ofp_port_t sampling_port;
|
2016-11-23 23:15:19 -08:00
|
|
|
|
enum nx_action_sample_direction direction;
|
2013-04-22 10:01:14 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
2012-08-16 14:25:07 -07:00
|
|
|
|
/* OFPACT_DEC_TTL.
|
|
|
|
|
|
*
|
2012-10-18 07:02:04 +09:00
|
|
|
|
* Used for OFPAT11_DEC_NW_TTL, NXAST_DEC_TTL and NXAST_DEC_TTL_CNT_IDS. */
|
2012-08-16 14:25:07 -07:00
|
|
|
|
struct ofpact_cnt_ids {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
|
|
|
|
|
|
/* Controller ids. */
|
|
|
|
|
|
unsigned int n_controllers;
|
|
|
|
|
|
uint16_t cnt_ids[];
|
2012-10-05 15:56:56 +09:00
|
|
|
|
};
|
2012-08-16 14:25:07 -07:00
|
|
|
|
|
2013-10-24 13:19:34 -07:00
|
|
|
|
/* OFPACT_SET_MPLS_LABEL.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for OFPAT11_SET_MPLS_LABEL and NXAST_SET_MPLS_LABEL */
|
|
|
|
|
|
struct ofpact_mpls_label {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
|
|
|
|
|
|
ovs_be32 label;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* OFPACT_SET_MPLS_TC.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for OFPAT11_SET_MPLS_TC and NXAST_SET_MPLS_TC */
|
|
|
|
|
|
struct ofpact_mpls_tc {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
|
|
|
|
|
|
uint8_t tc;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2013-03-06 16:08:12 +09:00
|
|
|
|
/* OFPACT_SET_MPLS_TTL.
|
|
|
|
|
|
*
|
2013-10-24 13:19:34 -07:00
|
|
|
|
* Used for OFPAT11_SET_MPLS_TTL and NXAST_SET_MPLS_TTL */
|
2013-03-06 16:08:12 +09:00
|
|
|
|
struct ofpact_mpls_ttl {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
|
|
|
|
|
|
uint8_t ttl;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2012-10-05 15:56:56 +09:00
|
|
|
|
/* OFPACT_GOTO_TABLE
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for OFPIT11_GOTO_TABLE */
|
|
|
|
|
|
struct ofpact_goto_table {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
uint8_t table_id;
|
2012-08-16 14:25:07 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
2013-09-01 18:30:17 -07:00
|
|
|
|
/* OFPACT_GROUP.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used for OFPAT11_GROUP. */
|
|
|
|
|
|
struct ofpact_group {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
uint32_t group_id;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2015-03-26 11:18:16 -07:00
|
|
|
|
/* OFPACT_UNROLL_XLATE.
|
|
|
|
|
|
*
|
|
|
|
|
|
* Used only internally. */
|
|
|
|
|
|
struct ofpact_unroll_xlate {
|
|
|
|
|
|
struct ofpact ofpact;
|
|
|
|
|
|
|
|
|
|
|
|
/* Metadata in xlate context, visible to controller via PACKET_INs. */
|
|
|
|
|
|
uint8_t rule_table_id; /* 0xFF if none. */
|
|
|
|
|
|
ovs_be64 rule_cookie; /* OVS_BE64_MAX if none. */
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2012-07-03 22:17:14 -07:00
|
|
|
|
/* Converting OpenFlow to ofpacts. */
|
2013-10-24 13:19:31 -07:00
|
|
|
|
enum ofperr ofpacts_pull_openflow_actions(struct ofpbuf *openflow,
|
|
|
|
|
|
unsigned int actions_len,
|
|
|
|
|
|
enum ofp_version version,
|
|
|
|
|
|
struct ofpbuf *ofpacts);
|
|
|
|
|
|
enum ofperr ofpacts_pull_openflow_instructions(struct ofpbuf *openflow,
|
|
|
|
|
|
unsigned int instructions_len,
|
|
|
|
|
|
enum ofp_version version,
|
|
|
|
|
|
struct ofpbuf *ofpacts);
|
2013-10-24 13:19:25 -07:00
|
|
|
|
enum ofperr ofpacts_check(struct ofpact[], size_t ofpacts_len,
|
2013-11-15 14:19:57 -08:00
|
|
|
|
struct flow *, ofp_port_t max_ports,
|
|
|
|
|
|
uint8_t table_id, uint8_t n_tables,
|
|
|
|
|
|
enum ofputil_protocol *usable_protocols);
|
|
|
|
|
|
enum ofperr ofpacts_check_consistency(struct ofpact[], size_t ofpacts_len,
|
|
|
|
|
|
struct flow *, ofp_port_t max_ports,
|
|
|
|
|
|
uint8_t table_id, uint8_t n_tables,
|
|
|
|
|
|
enum ofputil_protocol usable_protocols);
|
2013-10-30 16:31:28 -07:00
|
|
|
|
enum ofperr ofpact_check_output_port(ofp_port_t port, ofp_port_t max_ports);
|
2012-07-03 22:17:14 -07:00
|
|
|
|
|
|
|
|
|
|
/* Converting ofpacts to OpenFlow. */
|
2013-10-24 13:19:31 -07:00
|
|
|
|
size_t ofpacts_put_openflow_actions(const struct ofpact[], size_t ofpacts_len,
|
|
|
|
|
|
struct ofpbuf *openflow, enum ofp_version);
|
|
|
|
|
|
void ofpacts_put_openflow_instructions(const struct ofpact[],
|
|
|
|
|
|
size_t ofpacts_len,
|
|
|
|
|
|
struct ofpbuf *openflow,
|
|
|
|
|
|
enum ofp_version ofp_version);
|
2012-07-03 22:17:14 -07:00
|
|
|
|
|
2014-08-11 10:57:03 -07:00
|
|
|
|
/* Sets of supported actions. */
|
|
|
|
|
|
ovs_be32 ofpact_bitmap_to_openflow(uint64_t ofpacts_bitmap, enum ofp_version);
|
|
|
|
|
|
uint64_t ofpact_bitmap_from_openflow(ovs_be32 ofpat_bitmap, enum ofp_version);
|
|
|
|
|
|
void ofpact_bitmap_format(uint64_t ofpacts_bitmap, struct ds *);
|
|
|
|
|
|
|
2012-07-03 22:17:14 -07:00
|
|
|
|
/* Working with ofpacts. */
|
|
|
|
|
|
bool ofpacts_output_to_port(const struct ofpact[], size_t ofpacts_len,
|
2013-06-19 16:58:44 -07:00
|
|
|
|
ofp_port_t port);
|
2013-09-01 18:30:17 -07:00
|
|
|
|
bool ofpacts_output_to_group(const struct ofpact[], size_t ofpacts_len,
|
|
|
|
|
|
uint32_t group_id);
|
2012-07-03 22:17:14 -07:00
|
|
|
|
bool ofpacts_equal(const struct ofpact a[], size_t a_len,
|
|
|
|
|
|
const struct ofpact b[], size_t b_len);
|
2015-12-01 16:17:45 -08:00
|
|
|
|
const struct mf_field *ofpact_get_mf_dst(const struct ofpact *ofpact);
|
2013-09-06 19:52:14 -07:00
|
|
|
|
uint32_t ofpacts_get_meter(const struct ofpact[], size_t ofpacts_len);
|
2012-07-03 22:17:14 -07:00
|
|
|
|
|
ofp-actions: Centralize all OpenFlow action code for maintainability.
Until now, knowledge about OpenFlow has been somewhat scattered around the
tree. Some of it is in ofp-actions, some of it is in ofp-util, some in
separate files for individual actions, and most of the wire format
declarations are in include/openflow. This commit centralizes all of that
in ofp-actions.
Encoding and decoding OpenFlow actions was previously broken up by OpenFlow
version. This was OK with only OpenFlow 1.0 and 1.1, but each additional
version added a new wrapper around the existing ones, which started to
become hard to understand. This commit merges all of the processing for
the different versions, to the extent that they are similar, making the
version differences clearer.
Previously, ofp-actions contained OpenFlow encoding and decoding, plus
ofpact formatting, but OpenFlow parsing was separated into ofp-parse, which
seems an odd division. This commit moves the parsing code into ofp-actions
with the rest of the code.
Before this commit, the four main bits of code associated with a particular
ofpact--OpenFlow encoding and decoding, ofpact formatting and parsing--were
all found far away from each other. This often made it hard to see what
was going on for a particular ofpact, since you had to search around to
many different pieces of code. This commit reorganizes so that all of the
code for a given ofpact is in a single place.
As a code refactoring, this commit has little visible behavioral change.
The update to ofproto-dpif.at illustrates one minor bug fix as a side
effect: a flow that was added with the action "dec_ttl" (a standard
OpenFlow action) was previously formatted as "dec_ttl(0)" (using a Nicira
extension to specifically direct packets bounced to the controller because
of too-low TTL), but after this commit it is correctly formatted as
"dec_ttl".
The other visible effect is to drop support for the Nicira extension
dec_ttl action in OpenFlow 1.1 and later in favor of the equivalent
standard action. It seems unlikely that anyone was really using the
Nicira extension in OF1.1 or later.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2014-08-11 12:50:36 -07:00
|
|
|
|
/* Formatting and parsing ofpacts. */
|
2012-07-03 22:17:14 -07:00
|
|
|
|
void ofpacts_format(const struct ofpact[], size_t ofpacts_len, struct ds *);
|
ofp-actions: Centralize all OpenFlow action code for maintainability.
Until now, knowledge about OpenFlow has been somewhat scattered around the
tree. Some of it is in ofp-actions, some of it is in ofp-util, some in
separate files for individual actions, and most of the wire format
declarations are in include/openflow. This commit centralizes all of that
in ofp-actions.
Encoding and decoding OpenFlow actions was previously broken up by OpenFlow
version. This was OK with only OpenFlow 1.0 and 1.1, but each additional
version added a new wrapper around the existing ones, which started to
become hard to understand. This commit merges all of the processing for
the different versions, to the extent that they are similar, making the
version differences clearer.
Previously, ofp-actions contained OpenFlow encoding and decoding, plus
ofpact formatting, but OpenFlow parsing was separated into ofp-parse, which
seems an odd division. This commit moves the parsing code into ofp-actions
with the rest of the code.
Before this commit, the four main bits of code associated with a particular
ofpact--OpenFlow encoding and decoding, ofpact formatting and parsing--were
all found far away from each other. This often made it hard to see what
was going on for a particular ofpact, since you had to search around to
many different pieces of code. This commit reorganizes so that all of the
code for a given ofpact is in a single place.
As a code refactoring, this commit has little visible behavioral change.
The update to ofproto-dpif.at illustrates one minor bug fix as a side
effect: a flow that was added with the action "dec_ttl" (a standard
OpenFlow action) was previously formatted as "dec_ttl(0)" (using a Nicira
extension to specifically direct packets bounced to the controller because
of too-low TTL), but after this commit it is correctly formatted as
"dec_ttl".
The other visible effect is to drop support for the Nicira extension
dec_ttl action in OpenFlow 1.1 and later in favor of the equivalent
standard action. It seems unlikely that anyone was really using the
Nicira extension in OF1.1 or later.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2014-08-11 12:50:36 -07:00
|
|
|
|
char *ofpacts_parse_actions(const char *, struct ofpbuf *ofpacts,
|
|
|
|
|
|
enum ofputil_protocol *usable_protocols)
|
2014-12-15 14:10:38 +01:00
|
|
|
|
OVS_WARN_UNUSED_RESULT;
|
ofp-actions: Centralize all OpenFlow action code for maintainability.
Until now, knowledge about OpenFlow has been somewhat scattered around the
tree. Some of it is in ofp-actions, some of it is in ofp-util, some in
separate files for individual actions, and most of the wire format
declarations are in include/openflow. This commit centralizes all of that
in ofp-actions.
Encoding and decoding OpenFlow actions was previously broken up by OpenFlow
version. This was OK with only OpenFlow 1.0 and 1.1, but each additional
version added a new wrapper around the existing ones, which started to
become hard to understand. This commit merges all of the processing for
the different versions, to the extent that they are similar, making the
version differences clearer.
Previously, ofp-actions contained OpenFlow encoding and decoding, plus
ofpact formatting, but OpenFlow parsing was separated into ofp-parse, which
seems an odd division. This commit moves the parsing code into ofp-actions
with the rest of the code.
Before this commit, the four main bits of code associated with a particular
ofpact--OpenFlow encoding and decoding, ofpact formatting and parsing--were
all found far away from each other. This often made it hard to see what
was going on for a particular ofpact, since you had to search around to
many different pieces of code. This commit reorganizes so that all of the
code for a given ofpact is in a single place.
As a code refactoring, this commit has little visible behavioral change.
The update to ofproto-dpif.at illustrates one minor bug fix as a side
effect: a flow that was added with the action "dec_ttl" (a standard
OpenFlow action) was previously formatted as "dec_ttl(0)" (using a Nicira
extension to specifically direct packets bounced to the controller because
of too-low TTL), but after this commit it is correctly formatted as
"dec_ttl".
The other visible effect is to drop support for the Nicira extension
dec_ttl action in OpenFlow 1.1 and later in favor of the equivalent
standard action. It seems unlikely that anyone was really using the
Nicira extension in OF1.1 or later.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
2014-08-11 12:50:36 -07:00
|
|
|
|
char *ofpacts_parse_instructions(const char *, struct ofpbuf *ofpacts,
|
|
|
|
|
|
enum ofputil_protocol *usable_protocols)
|
2014-12-15 14:10:38 +01:00
|
|
|
|
OVS_WARN_UNUSED_RESULT;
|
2014-08-11 10:57:03 -07:00
|
|
|
|
const char *ofpact_name(enum ofpact_type);
|
2012-07-03 22:17:14 -07:00
|
|
|
|
|
|
|
|
|
|
/* Internal use by the helpers below. */
|
|
|
|
|
|
void ofpact_init(struct ofpact *, enum ofpact_type, size_t len);
|
|
|
|
|
|
void *ofpact_put(struct ofpbuf *, enum ofpact_type, size_t len);
|
2016-04-12 22:00:25 -07:00
|
|
|
|
void *ofpact_finish(struct ofpbuf *, struct ofpact *);
|
2012-07-03 22:17:14 -07:00
|
|
|
|
|
|
|
|
|
|
/* For each OFPACT_<ENUM> with a corresponding struct <STRUCT>, this defines
|
|
|
|
|
|
* the following commonly useful functions:
|
|
|
|
|
|
*
|
|
|
|
|
|
* struct <STRUCT> *ofpact_put_<ENUM>(struct ofpbuf *ofpacts);
|
|
|
|
|
|
*
|
2015-12-23 13:23:48 -08:00
|
|
|
|
* Appends a new 'ofpact', of length OFPACT_<ENUM>_SIZE, to 'ofpacts',
|
2012-07-03 22:17:14 -07:00
|
|
|
|
* initializes it with ofpact_init_<ENUM>(), and returns it. Also sets
|
2015-11-24 15:47:56 -08:00
|
|
|
|
* 'ofpacts->header' to the returned action.
|
2012-07-03 22:17:14 -07:00
|
|
|
|
*
|
|
|
|
|
|
* After using this function to add a variable-length action, add the
|
|
|
|
|
|
* elements of the flexible array (e.g. with ofpbuf_put()), then use
|
2015-12-22 12:39:55 -08:00
|
|
|
|
* ofpact_finish() to pad the action to a multiple of OFPACT_ALIGNTO bytes
|
|
|
|
|
|
* and update its embedded length field. (Keep in mind the need to refresh
|
|
|
|
|
|
* the structure from 'ofpacts->header' after adding data to 'ofpacts'.)
|
2012-07-03 22:17:14 -07:00
|
|
|
|
*
|
|
|
|
|
|
* struct <STRUCT> *ofpact_get_<ENUM>(const struct ofpact *ofpact);
|
|
|
|
|
|
*
|
|
|
|
|
|
* Returns 'ofpact' cast to "struct <STRUCT> *". 'ofpact->type' must be
|
|
|
|
|
|
* OFPACT_<ENUM>.
|
|
|
|
|
|
*
|
2016-04-12 22:00:25 -07:00
|
|
|
|
* void ofpact_finish_<ENUM>(struct ofpbuf *ofpacts, struct <STRUCT> **ap);
|
|
|
|
|
|
*
|
|
|
|
|
|
* Finishes composing variable-length action '*ap' (begun using
|
|
|
|
|
|
* ofpact_put_<NAME>() on 'ofpacts'), by padding the action to a multiple
|
|
|
|
|
|
* of OFPACT_ALIGNTO bytes and updating its embedded length field.
|
|
|
|
|
|
*
|
|
|
|
|
|
* May reallocate 'ofpacts', and so as a convenience automatically updates
|
|
|
|
|
|
* '*ap' to point to the new location. If the caller has other pointers
|
|
|
|
|
|
* within 'ap' or 'ofpacts', it needs to update them manually.
|
|
|
|
|
|
*
|
2012-07-03 22:17:14 -07:00
|
|
|
|
* as well as the following more rarely useful definitions:
|
|
|
|
|
|
*
|
|
|
|
|
|
* void ofpact_init_<ENUM>(struct <STRUCT> *ofpact);
|
|
|
|
|
|
*
|
|
|
|
|
|
* Initializes the parts of 'ofpact' that identify it as having type
|
2015-12-23 13:23:48 -08:00
|
|
|
|
* OFPACT_<ENUM> and length OFPACT_<ENUM>_SIZE and zeros the rest.
|
2012-07-03 22:17:14 -07:00
|
|
|
|
*
|
|
|
|
|
|
* <ENUM>_SIZE
|
|
|
|
|
|
*
|
2015-12-23 13:23:48 -08:00
|
|
|
|
* The size of the action structure. For a fixed-length action, this is
|
|
|
|
|
|
* sizeof(struct <STRUCT>) rounded up to a multiple of OFPACT_ALIGNTO. For
|
|
|
|
|
|
* a variable-length action, this is the offset to the variable-length
|
|
|
|
|
|
* part.
|
2012-07-03 22:17:14 -07:00
|
|
|
|
*/
|
2014-08-11 10:57:03 -07:00
|
|
|
|
#define OFPACT(ENUM, STRUCT, MEMBER, NAME) \
|
2012-07-03 22:17:14 -07:00
|
|
|
|
BUILD_ASSERT_DECL(offsetof(struct STRUCT, ofpact) == 0); \
|
|
|
|
|
|
\
|
2015-12-23 13:23:48 -08:00
|
|
|
|
enum { OFPACT_##ENUM##_SIZE \
|
2012-07-03 22:17:14 -07:00
|
|
|
|
= (offsetof(struct STRUCT, MEMBER) \
|
|
|
|
|
|
? offsetof(struct STRUCT, MEMBER) \
|
2015-12-23 13:23:48 -08:00
|
|
|
|
: OFPACT_ALIGN(sizeof(struct STRUCT))) }; \
|
2012-07-03 22:17:14 -07:00
|
|
|
|
\
|
|
|
|
|
|
static inline struct STRUCT * \
|
|
|
|
|
|
ofpact_get_##ENUM(const struct ofpact *ofpact) \
|
|
|
|
|
|
{ \
|
2012-11-06 13:14:55 -08:00
|
|
|
|
ovs_assert(ofpact->type == OFPACT_##ENUM); \
|
2013-07-22 15:47:19 -07:00
|
|
|
|
return ALIGNED_CAST(struct STRUCT *, ofpact); \
|
2012-07-03 22:17:14 -07:00
|
|
|
|
} \
|
|
|
|
|
|
\
|
2016-07-29 16:52:02 -07:00
|
|
|
|
static inline struct STRUCT * \
|
|
|
|
|
|
ofpact_get_##ENUM##_nullable(const struct ofpact *ofpact) \
|
|
|
|
|
|
{ \
|
|
|
|
|
|
ovs_assert(!ofpact || ofpact->type == OFPACT_##ENUM); \
|
|
|
|
|
|
return ALIGNED_CAST(struct STRUCT *, ofpact); \
|
|
|
|
|
|
} \
|
|
|
|
|
|
\
|
2012-07-03 22:17:14 -07:00
|
|
|
|
static inline struct STRUCT * \
|
|
|
|
|
|
ofpact_put_##ENUM(struct ofpbuf *ofpacts) \
|
|
|
|
|
|
{ \
|
|
|
|
|
|
return ofpact_put(ofpacts, OFPACT_##ENUM, \
|
2015-12-23 13:23:48 -08:00
|
|
|
|
OFPACT_##ENUM##_SIZE); \
|
2012-07-03 22:17:14 -07:00
|
|
|
|
} \
|
|
|
|
|
|
\
|
|
|
|
|
|
static inline void \
|
|
|
|
|
|
ofpact_init_##ENUM(struct STRUCT *ofpact) \
|
|
|
|
|
|
{ \
|
|
|
|
|
|
ofpact_init(&ofpact->ofpact, OFPACT_##ENUM, \
|
2015-12-23 13:23:48 -08:00
|
|
|
|
OFPACT_##ENUM##_SIZE); \
|
2016-04-12 22:00:25 -07:00
|
|
|
|
} \
|
|
|
|
|
|
\
|
|
|
|
|
|
static inline void \
|
|
|
|
|
|
ofpact_finish_##ENUM(struct ofpbuf *ofpbuf, struct STRUCT **ofpactp) \
|
|
|
|
|
|
{ \
|
|
|
|
|
|
struct ofpact *ofpact = &(*ofpactp)->ofpact; \
|
|
|
|
|
|
ovs_assert(ofpact->type == OFPACT_##ENUM); \
|
|
|
|
|
|
*ofpactp = ofpact_finish(ofpbuf, ofpact); \
|
2012-07-03 22:17:14 -07:00
|
|
|
|
}
|
|
|
|
|
|
OFPACTS
|
2014-08-11 10:57:03 -07:00
|
|
|
|
#undef OFPACT
|
2012-07-03 22:17:14 -07:00
|
|
|
|
|
2014-10-07 16:49:50 -07:00
|
|
|
|
/* Additional functions for composing ofpacts. */
|
2016-08-31 08:43:48 -07:00
|
|
|
|
struct ofpact_set_field *ofpact_put_set_field(struct ofpbuf *ofpacts,
|
|
|
|
|
|
const struct mf_field *,
|
|
|
|
|
|
const void *value,
|
|
|
|
|
|
const void *mask);
|
|
|
|
|
|
struct ofpact_set_field *ofpact_put_reg_load(struct ofpbuf *ofpacts,
|
|
|
|
|
|
const struct mf_field *,
|
|
|
|
|
|
const void *value,
|
|
|
|
|
|
const void *mask);
|
|
|
|
|
|
struct ofpact_set_field *ofpact_put_reg_load2(struct ofpbuf *ofpacts,
|
|
|
|
|
|
const struct mf_field *,
|
|
|
|
|
|
const void *value,
|
|
|
|
|
|
const void *mask);
|
2014-10-07 16:49:50 -07:00
|
|
|
|
|
2012-08-02 00:24:09 +09:00
|
|
|
|
/* OpenFlow 1.1 instructions.
|
|
|
|
|
|
* The order is sorted in execution order. Not in the value of OFPIT11_xxx.
|
|
|
|
|
|
* It is enforced on parser from text string.
|
|
|
|
|
|
*/
|
2012-08-02 00:24:08 +09:00
|
|
|
|
#define OVS_INSTRUCTIONS \
|
2013-06-20 17:26:18 +03:00
|
|
|
|
DEFINE_INST(OFPIT13_METER, \
|
|
|
|
|
|
ofp13_instruction_meter, false, \
|
|
|
|
|
|
"meter") \
|
|
|
|
|
|
\
|
2012-08-02 00:24:09 +09:00
|
|
|
|
DEFINE_INST(OFPIT11_APPLY_ACTIONS, \
|
|
|
|
|
|
ofp11_instruction_actions, true, \
|
|
|
|
|
|
"apply_actions") \
|
2012-08-02 00:24:08 +09:00
|
|
|
|
\
|
2012-08-02 00:24:09 +09:00
|
|
|
|
DEFINE_INST(OFPIT11_CLEAR_ACTIONS, \
|
|
|
|
|
|
ofp11_instruction, false, \
|
|
|
|
|
|
"clear_actions") \
|
2012-08-02 00:24:08 +09:00
|
|
|
|
\
|
|
|
|
|
|
DEFINE_INST(OFPIT11_WRITE_ACTIONS, \
|
|
|
|
|
|
ofp11_instruction_actions, true, \
|
|
|
|
|
|
"write_actions") \
|
|
|
|
|
|
\
|
2012-08-02 00:24:09 +09:00
|
|
|
|
DEFINE_INST(OFPIT11_WRITE_METADATA, \
|
|
|
|
|
|
ofp11_instruction_write_metadata, false, \
|
|
|
|
|
|
"write_metadata") \
|
2012-08-02 00:24:08 +09:00
|
|
|
|
\
|
2012-08-02 00:24:09 +09:00
|
|
|
|
DEFINE_INST(OFPIT11_GOTO_TABLE, \
|
|
|
|
|
|
ofp11_instruction_goto_table, false, \
|
|
|
|
|
|
"goto_table")
|
2012-08-02 00:24:08 +09:00
|
|
|
|
|
|
|
|
|
|
enum ovs_instruction_type {
|
|
|
|
|
|
#define DEFINE_INST(ENUM, STRUCT, EXTENSIBLE, NAME) OVSINST_##ENUM,
|
|
|
|
|
|
OVS_INSTRUCTIONS
|
|
|
|
|
|
#undef DEFINE_INST
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
enum {
|
|
|
|
|
|
#define DEFINE_INST(ENUM, STRUCT, EXTENSIBLE, NAME) + 1
|
|
|
|
|
|
N_OVS_INSTRUCTIONS = OVS_INSTRUCTIONS
|
|
|
|
|
|
#undef DEFINE_INST
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2013-06-27 11:04:50 -07:00
|
|
|
|
const char *ovs_instruction_name_from_type(enum ovs_instruction_type type);
|
|
|
|
|
|
int ovs_instruction_type_from_name(const char *name);
|
2013-06-27 11:01:18 -07:00
|
|
|
|
enum ovs_instruction_type ovs_instruction_type_from_ofpact_type(
|
|
|
|
|
|
enum ofpact_type);
|
2014-01-17 13:18:16 -08:00
|
|
|
|
enum ofperr ovs_instruction_type_from_inst_type(
|
|
|
|
|
|
enum ovs_instruction_type *instruction_type, const uint16_t inst_type);
|
|
|
|
|
|
|
2014-08-11 11:07:53 -07:00
|
|
|
|
ovs_be32 ovsinst_bitmap_to_openflow(uint32_t ovsinst_bitmap, enum ofp_version);
|
|
|
|
|
|
uint32_t ovsinst_bitmap_from_openflow(ovs_be32 ofpit_bitmap,
|
|
|
|
|
|
enum ofp_version);
|
|
|
|
|
|
|
2012-07-03 22:17:14 -07:00
|
|
|
|
#endif /* ofp-actions.h */
|
