2014-01-27 01:18:30 -08:00
|
|
|
/*
|
2017-07-07 16:04:57 -07:00
|
|
|
* Copyright (c) 2014, 2015, 2016, 2017 Nicira, Inc.
|
2014-01-27 01:18:30 -08:00
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
* You may obtain a copy of the License at:
|
|
|
|
|
*
|
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
*
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
* limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
2016-03-25 14:10:24 -07:00
|
|
|
#include "openvswitch/ofpbuf.h"
|
2015-03-26 11:18:16 -07:00
|
|
|
#include "ofproto-dpif.h"
|
2014-01-27 01:18:30 -08:00
|
|
|
#include "ofproto-dpif-rid.h"
|
2015-03-26 11:18:16 -07:00
|
|
|
#include "ofproto-provider.h"
|
|
|
|
|
#include "openvswitch/vlog.h"
|
2014-01-27 01:18:30 -08:00
|
|
|
|
2015-03-26 11:18:16 -07:00
|
|
|
VLOG_DEFINE_THIS_MODULE(ofproto_dpif_rid);
|
2014-01-27 01:18:30 -08:00
|
|
|
|
2016-04-22 16:51:03 -07:00
|
|
|
static struct ovs_mutex mutex = OVS_MUTEX_INITIALIZER;
|
2014-01-27 01:18:30 -08:00
|
|
|
|
2016-04-22 16:51:03 -07:00
|
|
|
static struct cmap id_map = CMAP_INITIALIZER;
|
|
|
|
|
static struct cmap metadata_map = CMAP_INITIALIZER;
|
2015-03-26 11:18:16 -07:00
|
|
|
|
2016-04-22 16:51:03 -07:00
|
|
|
static struct ovs_list expiring OVS_GUARDED_BY(mutex)
|
|
|
|
|
= OVS_LIST_INITIALIZER(&expiring);
|
|
|
|
|
static struct ovs_list expired OVS_GUARDED_BY(mutex)
|
|
|
|
|
= OVS_LIST_INITIALIZER(&expired);
|
2015-03-26 11:18:16 -07:00
|
|
|
|
2016-04-22 16:51:03 -07:00
|
|
|
static uint32_t next_id OVS_GUARDED_BY(mutex) = 1; /* Possible next free id. */
|
2015-03-26 11:18:16 -07:00
|
|
|
|
|
|
|
|
#define RECIRC_POOL_STATIC_IDS 1024
|
|
|
|
|
|
2016-01-05 16:51:54 -08:00
|
|
|
static void recirc_id_node_free(struct recirc_id_node *);
|
|
|
|
|
|
2015-03-26 11:18:16 -07:00
|
|
|
/* This should be called by the revalidator once at each round (every 500ms or
|
|
|
|
|
* more). */
|
2014-01-27 01:18:30 -08:00
|
|
|
void
|
2015-03-26 11:18:16 -07:00
|
|
|
recirc_run(void)
|
|
|
|
|
{
|
|
|
|
|
static long long int last = 0;
|
|
|
|
|
long long int now = time_msec();
|
|
|
|
|
|
|
|
|
|
/* Do maintenance at most 4 times / sec. */
|
|
|
|
|
ovs_mutex_lock(&mutex);
|
|
|
|
|
if (now - last > 250) {
|
2015-04-06 14:02:28 -07:00
|
|
|
struct recirc_id_node *node;
|
2015-03-26 11:18:16 -07:00
|
|
|
|
|
|
|
|
last = now;
|
|
|
|
|
|
|
|
|
|
/* Nodes in 'expiring' and 'expired' lists have the refcount of zero,
|
|
|
|
|
* which means that while they can still be found (by id), no new
|
|
|
|
|
* references can be taken on them. We have removed the entry from the
|
|
|
|
|
* 'metadata_map', at the time when refcount reached zero, causing any
|
|
|
|
|
* new translations to allocate a new ID. This allows the expiring
|
|
|
|
|
* entry to be safely deleted while any sudden new use of the similar
|
|
|
|
|
* recirculation will safely start using a new recirculation ID. When
|
|
|
|
|
* the refcount gets to zero, the node is also added to the 'expiring'
|
|
|
|
|
* list. At any time after that the nodes in the 'expiring' list can
|
|
|
|
|
* be moved to the 'expired' list, from which they are deleted at least
|
|
|
|
|
* 250ms afterwards. */
|
|
|
|
|
|
|
|
|
|
/* Delete the expired. These have been lingering for at least 250 ms,
|
|
|
|
|
* which should be enough for any ongoing recirculations to be
|
|
|
|
|
* finished. */
|
2015-04-06 14:02:28 -07:00
|
|
|
LIST_FOR_EACH_POP (node, exp_node, &expired) {
|
2015-03-26 11:18:16 -07:00
|
|
|
cmap_remove(&id_map, &node->id_node, node->id);
|
2016-01-05 16:51:54 -08:00
|
|
|
ovsrcu_postpone(recirc_id_node_free, node);
|
2015-03-26 11:18:16 -07:00
|
|
|
}
|
|
|
|
|
|
2016-03-25 14:10:22 -07:00
|
|
|
if (!ovs_list_is_empty(&expiring)) {
|
2015-03-26 11:18:16 -07:00
|
|
|
/* 'expired' is now empty, move nodes in 'expiring' to it. */
|
2016-03-25 14:10:22 -07:00
|
|
|
ovs_list_splice(&expired, ovs_list_front(&expiring), &expiring);
|
2015-03-26 11:18:16 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
ovs_mutex_unlock(&mutex);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* We use the id as the hash value, which works due to cmap internal rehashing.
|
|
|
|
|
* We also only insert nodes with unique IDs, so all possible hash collisions
|
|
|
|
|
* remain internal to the cmap. */
|
|
|
|
|
static struct recirc_id_node *
|
|
|
|
|
recirc_find__(uint32_t id)
|
|
|
|
|
OVS_REQUIRES(mutex)
|
|
|
|
|
{
|
|
|
|
|
struct cmap_node *node = cmap_find_protected(&id_map, id);
|
|
|
|
|
|
|
|
|
|
return node ? CONTAINER_OF(node, struct recirc_id_node, id_node) : NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Lockless RCU protected lookup. If node is needed accross RCU quiescent
|
|
|
|
|
* state, caller should copy the contents. */
|
|
|
|
|
const struct recirc_id_node *
|
|
|
|
|
recirc_id_node_find(uint32_t id)
|
|
|
|
|
{
|
|
|
|
|
const struct cmap_node *node = cmap_find(&id_map, id);
|
|
|
|
|
|
|
|
|
|
return node
|
|
|
|
|
? CONTAINER_OF(node, const struct recirc_id_node, id_node)
|
|
|
|
|
: NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-27 11:11:33 -07:00
|
|
|
bool
|
|
|
|
|
recirc_id_node_find_and_ref(uint32_t id)
|
|
|
|
|
{
|
|
|
|
|
struct recirc_id_node *rid_node =
|
|
|
|
|
CONST_CAST(struct recirc_id_node *, recirc_id_node_find(id));
|
|
|
|
|
|
|
|
|
|
if (!rid_node) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ovs_refcount_try_ref_rcu(&rid_node->refcount);
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-26 11:18:16 -07:00
|
|
|
static uint32_t
|
2016-02-16 10:51:58 -08:00
|
|
|
frozen_state_hash(const struct frozen_state *state)
|
2015-03-26 11:18:16 -07:00
|
|
|
{
|
|
|
|
|
uint32_t hash;
|
|
|
|
|
|
2016-01-18 14:47:40 -08:00
|
|
|
hash = uuid_hash(&state->ofproto_uuid);
|
2015-07-29 20:32:12 -07:00
|
|
|
hash = hash_int(state->table_id, hash);
|
2017-07-07 16:26:10 -07:00
|
|
|
hash = hash_bytes64((const uint64_t *) &state->metadata,
|
|
|
|
|
sizeof state->metadata, hash);
|
Add support for connection tracking.
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
|
|
|
hash = hash_boolean(state->conntracked, hash);
|
ofproto-dpif: Fix for recirc issue with mpls traffic with dp_hash
Fix infinite recirculation loop for MPLS packets sent to dp_hash-based
select group
Issue:
When a MPLS encapsulated packet is received, the MPLS header is removed,
a recirculation id assigned and then recirculated into the pipeline.
If the flow rules require the packet to be then sent over DP-HASH based
select group buckets, the packet has to be recirculated again. However,
the same recirculation id was used and this resulted in the packet being
repeatedly recirculated until it got dropped because the maximum recirculation
limit was hit.
Fix:
Include the “was_mpls” boolean which indicates whether the packet was MPLS
encapsulated when computing the hash. After popping the MPLS header this will
result in a different hash value than before and new recirculation id will
get generated.
DPCTL flows with and without the fix are shown below
Without Fix:
recirc_id(0x1),dp_hash(0x5194bf18/0xf),in_port(2),packet_type(ns=0,id=0),
eth_type(0x0800),ipv4(frag=no), packets:20, bytes:1960,
used:0.329s, actions:1
recirc_id(0x1),in_port(2),packet_type(ns=0,id=0),eth_type(0x0800),
ipv4(frag=no), packets:20, bytes:1960, used:0.329s,
actions:hash(sym_l4(0)),recirc(0x1)
recirc_id(0),in_port(2),packet_type(ns=0,id=0),eth_type(0x8847),
mpls(label=22/0xfffff,tc=0/0,ttl=64/0x0,bos=1/1), packets:20, bytes:2040,
used:0.329s, actions:pop_mpls(eth_type=0x800),recirc(0x1)
With Fix:
recirc_id(0x2),dp_hash(0x5194bf18/0xf),in_port(3),packet_type(ns=0,id=0),
eth_type(0x0800),ipv4(frag=no), packets:12481, bytes:1223138,
used:0.588s, actions:1
recirc_id(0x1),in_port(3),packet_type(ns=0,id=0),eth_type(0x0800),
ipv4(frag=no), packets:74431, bytes:7294238, used:0.386s,
actions:hash(sym_l4(0)),recirc(0x2)
recirc_id(0x2),dp_hash(0xb952470d/0xf),in_port(3),packet_type(ns=0,id=0),
eth_type(0x0800),ipv4(frag=no), packets:12441, bytes:1219218,
used:0.482s, actions:1
recirc_id(0x2),dp_hash(0xeff6ad76/0xf),in_port(3),packet_type(ns=0,id=0),
eth_type(0x0800),ipv4(frag=no), packets:12385, bytes:1213730,
used:0.908s, actions:1
recirc_id(0),in_port(3),packet_type(ns=0,id=0),eth_type(0x8847),
mpls(label=22/0xfffff,tc=0/0,ttl=64/0x0,bos=1/1), packets:74431,
bytes:7591962, used:0.386s, actions:pop_mpls(eth_type=0x800),recirc(0x1)
recirc_id(0x2),dp_hash(0xb6233fbe/0xf),in_port(3),packet_type(ns=0,id=0),
eth_type(0x0800),ipv4(frag=no), packets:12369, bytes:1212162,
used:0.386s, actions:1
recirc_id(0x2),dp_hash(0xa3670459/0xf),in_port(3),packet_type(ns=0,id=0),
eth_type(0x0800),ipv4(frag=no), packets:24751, bytes:2425598,
used:0.483s, actions:1
Signed-off-by: Surya Rudra <rudrasurya.r@altencalsoftlabs.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2019-07-19 11:05:19 +05:30
|
|
|
hash = hash_boolean(state->was_mpls, hash);
|
2017-01-05 17:30:27 -08:00
|
|
|
if (state->stack && state->stack_size) {
|
|
|
|
|
hash = hash_bytes(state->stack, state->stack_size, hash);
|
2015-03-26 11:18:16 -07:00
|
|
|
}
|
2015-07-29 22:13:26 -07:00
|
|
|
hash = hash_int(state->mirrors, hash);
|
2016-01-18 14:43:01 -08:00
|
|
|
if (state->action_set_len) {
|
|
|
|
|
hash = hash_bytes64(ALIGNED_CAST(const uint64_t *, state->action_set),
|
|
|
|
|
state->action_set_len, hash);
|
|
|
|
|
}
|
2015-07-29 20:32:12 -07:00
|
|
|
if (state->ofpacts_len) {
|
2016-01-18 22:52:48 -08:00
|
|
|
hash = hash_bytes64(ALIGNED_CAST(const uint64_t *, state->ofpacts),
|
|
|
|
|
state->ofpacts_len, hash);
|
2015-03-26 11:18:16 -07:00
|
|
|
}
|
2017-07-05 15:17:52 -07:00
|
|
|
if (state->userdata && state->userdata_len) {
|
|
|
|
|
hash = hash_bytes(state->userdata, state->userdata_len, hash);
|
|
|
|
|
}
|
2015-03-26 11:18:16 -07:00
|
|
|
return hash;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static bool
|
2016-02-16 10:51:58 -08:00
|
|
|
frozen_state_equal(const struct frozen_state *a, const struct frozen_state *b)
|
2015-03-26 11:18:16 -07:00
|
|
|
{
|
2015-07-29 20:32:12 -07:00
|
|
|
return (a->table_id == b->table_id
|
2016-01-18 14:47:40 -08:00
|
|
|
&& uuid_equals(&a->ofproto_uuid, &b->ofproto_uuid)
|
2017-07-07 16:26:10 -07:00
|
|
|
&& !memcmp(&a->metadata, &b->metadata, sizeof a->metadata)
|
2017-01-05 17:30:27 -08:00
|
|
|
&& a->stack_size == b->stack_size
|
2022-01-24 15:17:28 +01:00
|
|
|
&& (!a->stack_size || !memcmp(a->stack, b->stack, a->stack_size))
|
2015-07-29 22:13:26 -07:00
|
|
|
&& a->mirrors == b->mirrors
|
Add support for connection tracking.
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
|
|
|
&& a->conntracked == b->conntracked
|
ofproto-dpif: Fix for recirc issue with mpls traffic with dp_hash
Fix infinite recirculation loop for MPLS packets sent to dp_hash-based
select group
Issue:
When a MPLS encapsulated packet is received, the MPLS header is removed,
a recirculation id assigned and then recirculated into the pipeline.
If the flow rules require the packet to be then sent over DP-HASH based
select group buckets, the packet has to be recirculated again. However,
the same recirculation id was used and this resulted in the packet being
repeatedly recirculated until it got dropped because the maximum recirculation
limit was hit.
Fix:
Include the “was_mpls” boolean which indicates whether the packet was MPLS
encapsulated when computing the hash. After popping the MPLS header this will
result in a different hash value than before and new recirculation id will
get generated.
DPCTL flows with and without the fix are shown below
Without Fix:
recirc_id(0x1),dp_hash(0x5194bf18/0xf),in_port(2),packet_type(ns=0,id=0),
eth_type(0x0800),ipv4(frag=no), packets:20, bytes:1960,
used:0.329s, actions:1
recirc_id(0x1),in_port(2),packet_type(ns=0,id=0),eth_type(0x0800),
ipv4(frag=no), packets:20, bytes:1960, used:0.329s,
actions:hash(sym_l4(0)),recirc(0x1)
recirc_id(0),in_port(2),packet_type(ns=0,id=0),eth_type(0x8847),
mpls(label=22/0xfffff,tc=0/0,ttl=64/0x0,bos=1/1), packets:20, bytes:2040,
used:0.329s, actions:pop_mpls(eth_type=0x800),recirc(0x1)
With Fix:
recirc_id(0x2),dp_hash(0x5194bf18/0xf),in_port(3),packet_type(ns=0,id=0),
eth_type(0x0800),ipv4(frag=no), packets:12481, bytes:1223138,
used:0.588s, actions:1
recirc_id(0x1),in_port(3),packet_type(ns=0,id=0),eth_type(0x0800),
ipv4(frag=no), packets:74431, bytes:7294238, used:0.386s,
actions:hash(sym_l4(0)),recirc(0x2)
recirc_id(0x2),dp_hash(0xb952470d/0xf),in_port(3),packet_type(ns=0,id=0),
eth_type(0x0800),ipv4(frag=no), packets:12441, bytes:1219218,
used:0.482s, actions:1
recirc_id(0x2),dp_hash(0xeff6ad76/0xf),in_port(3),packet_type(ns=0,id=0),
eth_type(0x0800),ipv4(frag=no), packets:12385, bytes:1213730,
used:0.908s, actions:1
recirc_id(0),in_port(3),packet_type(ns=0,id=0),eth_type(0x8847),
mpls(label=22/0xfffff,tc=0/0,ttl=64/0x0,bos=1/1), packets:74431,
bytes:7591962, used:0.386s, actions:pop_mpls(eth_type=0x800),recirc(0x1)
recirc_id(0x2),dp_hash(0xb6233fbe/0xf),in_port(3),packet_type(ns=0,id=0),
eth_type(0x0800),ipv4(frag=no), packets:12369, bytes:1212162,
used:0.386s, actions:1
recirc_id(0x2),dp_hash(0xa3670459/0xf),in_port(3),packet_type(ns=0,id=0),
eth_type(0x0800),ipv4(frag=no), packets:24751, bytes:2425598,
used:0.483s, actions:1
Signed-off-by: Surya Rudra <rudrasurya.r@altencalsoftlabs.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2019-07-19 11:05:19 +05:30
|
|
|
&& a->was_mpls == b->was_mpls
|
2015-07-29 20:32:12 -07:00
|
|
|
&& ofpacts_equal(a->ofpacts, a->ofpacts_len,
|
2016-01-18 14:43:01 -08:00
|
|
|
b->ofpacts, b->ofpacts_len)
|
|
|
|
|
&& ofpacts_equal(a->action_set, a->action_set_len,
|
2017-07-05 15:17:52 -07:00
|
|
|
b->action_set, b->action_set_len)
|
2022-01-24 15:17:28 +01:00
|
|
|
&& a->userdata_len == b->userdata_len
|
|
|
|
|
&& (!a->userdata_len
|
|
|
|
|
|| !memcmp(a->userdata, b->userdata, a->userdata_len))
|
2018-01-12 14:34:11 +01:00
|
|
|
&& uuid_equals(&a->xport_uuid, &b->xport_uuid));
|
2015-03-26 11:18:16 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Lockless RCU protected lookup. If node is needed accross RCU quiescent
|
|
|
|
|
* state, caller should take a reference. */
|
|
|
|
|
static struct recirc_id_node *
|
2016-02-16 10:51:58 -08:00
|
|
|
recirc_find_equal(const struct frozen_state *target, uint32_t hash)
|
2015-03-26 11:18:16 -07:00
|
|
|
{
|
|
|
|
|
struct recirc_id_node *node;
|
|
|
|
|
|
2015-07-29 20:32:12 -07:00
|
|
|
CMAP_FOR_EACH_WITH_HASH (node, metadata_node, hash, &metadata_map) {
|
2016-02-16 10:51:58 -08:00
|
|
|
if (frozen_state_equal(&node->state, target)) {
|
2015-03-26 11:18:16 -07:00
|
|
|
return node;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct recirc_id_node *
|
2016-02-16 10:51:58 -08:00
|
|
|
recirc_ref_equal(const struct frozen_state *target, uint32_t hash)
|
2015-03-26 11:18:16 -07:00
|
|
|
{
|
|
|
|
|
struct recirc_id_node *node;
|
|
|
|
|
|
|
|
|
|
do {
|
2015-07-29 20:32:12 -07:00
|
|
|
node = recirc_find_equal(target, hash);
|
2015-03-26 11:18:16 -07:00
|
|
|
|
|
|
|
|
/* Try again if the node was released before we get the reference. */
|
|
|
|
|
} while (node && !ovs_refcount_try_ref_rcu(&node->refcount));
|
|
|
|
|
|
|
|
|
|
return node;
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-29 20:32:12 -07:00
|
|
|
static void
|
2017-07-07 16:04:57 -07:00
|
|
|
frozen_state_clone(struct frozen_state *new, const struct frozen_state *old)
|
2015-07-29 20:32:12 -07:00
|
|
|
{
|
|
|
|
|
*new = *old;
|
2017-01-05 17:30:27 -08:00
|
|
|
new->stack = (new->stack_size
|
|
|
|
|
? xmemdup(new->stack, new->stack_size)
|
2016-01-20 16:47:14 -08:00
|
|
|
: NULL);
|
|
|
|
|
new->ofpacts = (new->ofpacts_len
|
|
|
|
|
? xmemdup(new->ofpacts, new->ofpacts_len)
|
|
|
|
|
: NULL);
|
2016-01-18 14:43:01 -08:00
|
|
|
new->action_set = (new->action_set_len
|
|
|
|
|
? xmemdup(new->action_set, new->action_set_len)
|
|
|
|
|
: NULL);
|
2017-07-05 15:17:52 -07:00
|
|
|
new->userdata = (new->userdata_len
|
|
|
|
|
? xmemdup(new->userdata, new->userdata_len)
|
|
|
|
|
: NULL);
|
2015-07-29 20:32:12 -07:00
|
|
|
}
|
|
|
|
|
|
2016-01-05 16:51:54 -08:00
|
|
|
static void
|
2016-02-16 10:51:58 -08:00
|
|
|
frozen_state_free(struct frozen_state *state)
|
2016-01-05 16:51:54 -08:00
|
|
|
{
|
2016-01-20 16:47:14 -08:00
|
|
|
free(state->stack);
|
2016-01-05 16:51:54 -08:00
|
|
|
free(state->ofpacts);
|
2016-01-18 14:43:01 -08:00
|
|
|
free(state->action_set);
|
2017-07-05 15:17:52 -07:00
|
|
|
free(state->userdata);
|
2016-01-05 16:51:54 -08:00
|
|
|
}
|
|
|
|
|
|
2015-03-26 11:18:16 -07:00
|
|
|
/* Allocate a unique recirculation id for the given set of flow metadata.
|
|
|
|
|
* The ID space is 2^^32, so there should never be a situation in which all
|
2017-03-22 15:40:21 -07:00
|
|
|
* the IDs are used up. We loop until we find a free one. */
|
2015-03-26 11:18:16 -07:00
|
|
|
static struct recirc_id_node *
|
2016-02-16 10:51:58 -08:00
|
|
|
recirc_alloc_id__(const struct frozen_state *state, uint32_t hash)
|
2015-03-26 11:18:16 -07:00
|
|
|
{
|
2015-07-29 20:32:12 -07:00
|
|
|
ovs_assert(state->action_set_len <= state->ofpacts_len);
|
|
|
|
|
|
|
|
|
|
struct recirc_id_node *node = xzalloc(sizeof *node);
|
2015-08-25 13:55:03 -07:00
|
|
|
|
2015-03-26 11:18:16 -07:00
|
|
|
node->hash = hash;
|
|
|
|
|
ovs_refcount_init(&node->refcount);
|
2017-07-07 16:04:57 -07:00
|
|
|
frozen_state_clone(CONST_CAST(struct frozen_state *, &node->state), state);
|
2015-03-26 11:18:16 -07:00
|
|
|
|
|
|
|
|
ovs_mutex_lock(&mutex);
|
|
|
|
|
for (;;) {
|
|
|
|
|
/* Claim the next ID. The ID space should be sparse enough for the
|
|
|
|
|
allocation to succeed at the first try. We do skip the first
|
|
|
|
|
RECIRC_POOL_STATIC_IDS IDs on the later rounds, though, as some of
|
|
|
|
|
the initial allocations may be for long term uses (like bonds). */
|
|
|
|
|
node->id = next_id++;
|
|
|
|
|
if (OVS_UNLIKELY(!node->id)) {
|
|
|
|
|
next_id = RECIRC_POOL_STATIC_IDS + 1;
|
|
|
|
|
node->id = next_id++;
|
|
|
|
|
}
|
|
|
|
|
/* Find if the id is free. */
|
|
|
|
|
if (OVS_LIKELY(!recirc_find__(node->id))) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
cmap_insert(&id_map, &node->id_node, node->id);
|
|
|
|
|
cmap_insert(&metadata_map, &node->metadata_node, node->hash);
|
|
|
|
|
ovs_mutex_unlock(&mutex);
|
|
|
|
|
return node;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Look up an existing ID for the given flow's metadata and optional actions.
|
|
|
|
|
*/
|
|
|
|
|
uint32_t
|
2016-02-16 10:51:58 -08:00
|
|
|
recirc_find_id(const struct frozen_state *target)
|
2015-03-26 11:18:16 -07:00
|
|
|
{
|
2016-02-16 10:51:58 -08:00
|
|
|
uint32_t hash = frozen_state_hash(target);
|
2015-07-29 20:32:12 -07:00
|
|
|
struct recirc_id_node *node = recirc_find_equal(target, hash);
|
2015-03-26 11:18:16 -07:00
|
|
|
return node ? node->id : 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Allocate a unique recirculation id for the given set of flow metadata and
|
|
|
|
|
optional actions. */
|
|
|
|
|
uint32_t
|
2016-02-16 10:51:58 -08:00
|
|
|
recirc_alloc_id_ctx(const struct frozen_state *state)
|
2014-01-27 01:18:30 -08:00
|
|
|
{
|
2016-02-16 10:51:58 -08:00
|
|
|
uint32_t hash = frozen_state_hash(state);
|
2015-07-29 20:32:12 -07:00
|
|
|
struct recirc_id_node *node = recirc_ref_equal(state, hash);
|
2015-03-26 11:18:16 -07:00
|
|
|
if (!node) {
|
2015-07-29 20:32:12 -07:00
|
|
|
node = recirc_alloc_id__(state, hash);
|
2015-03-26 11:18:16 -07:00
|
|
|
}
|
|
|
|
|
return node->id;
|
2014-01-27 01:18:30 -08:00
|
|
|
}
|
|
|
|
|
|
2015-03-26 11:18:16 -07:00
|
|
|
/* Allocate a unique recirculation id. */
|
2014-01-27 01:18:30 -08:00
|
|
|
uint32_t
|
2015-03-26 11:18:16 -07:00
|
|
|
recirc_alloc_id(struct ofproto_dpif *ofproto)
|
2014-01-27 01:18:30 -08:00
|
|
|
{
|
2016-02-16 10:51:58 -08:00
|
|
|
struct frozen_state state = {
|
2015-07-29 20:32:12 -07:00
|
|
|
.table_id = TBL_INTERNAL,
|
ofproto-dpif: Unhide structure contents.
Until now, ofproto-dpif.c has hidden the definitions of several structures,
such as struct ofproto_dpif and struct rule_dpif. This kind of information
hiding is often beneficial, because it forces code outside the file with
the definition to use the documented interfaces. However, in this case it
was starting to burden ofproto-dpif with an increasing number of trivial
helpers that were not improving or maintaining a useful abstraction and
that were making code harder to maintain and read.
Information hiding also made it hard to move blocks of code outside
ofproto-dpif.c itself, since any code moved out often needed new helpers if
it used anything that wasn't previously exposed. In the present instance,
upcoming patches will move code for tracing outside ofproto-dpif, and this
would require adding several helpers that would just obscure the function
of the code otherwise needlessly.
In balance, it seems that there is more harm than good in the information
hiding here, so this commit moves the definitions of several structures
from ofproto-dpif.c into ofproto-dpif.h. It also removes all of the
trivial helpers that had accumulated, instead changing their users to
directly access the members that they needed. It also reorganizes
ofproto-dpif.h, grouping structure definitions and function prototypes in a
sensible way.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Lance Richardson <lrichard@redhat.com>
Acked-by: Justin Pettit <jpettit@ovn.org>
2016-12-06 14:08:42 -08:00
|
|
|
.ofproto_uuid = ofproto->uuid,
|
2017-07-07 16:04:57 -07:00
|
|
|
.metadata = {
|
|
|
|
|
.tunnel = {
|
|
|
|
|
.ip_dst = htonl(0),
|
|
|
|
|
.ipv6_dst = in6addr_any,
|
|
|
|
|
},
|
|
|
|
|
.in_port = OFPP_NONE },
|
2015-07-29 20:32:12 -07:00
|
|
|
};
|
2018-01-12 14:34:11 +01:00
|
|
|
/* In order to make sparse happy, xport_uuid needs to be set separately. */
|
|
|
|
|
state.xport_uuid = UUID_ZERO;
|
2016-02-16 10:51:58 -08:00
|
|
|
return recirc_alloc_id__(&state, frozen_state_hash(&state))->id;
|
2015-03-26 11:18:16 -07:00
|
|
|
}
|
2014-01-27 01:18:30 -08:00
|
|
|
|
2016-01-05 16:51:54 -08:00
|
|
|
static void
|
|
|
|
|
recirc_id_node_free(struct recirc_id_node *node)
|
|
|
|
|
{
|
2016-02-16 10:51:58 -08:00
|
|
|
frozen_state_free(CONST_CAST(struct frozen_state *, &node->state));
|
2016-01-05 16:51:54 -08:00
|
|
|
free(node);
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-26 11:18:16 -07:00
|
|
|
void
|
|
|
|
|
recirc_id_node_unref(const struct recirc_id_node *node_)
|
|
|
|
|
OVS_EXCLUDED(mutex)
|
|
|
|
|
{
|
|
|
|
|
struct recirc_id_node *node = CONST_CAST(struct recirc_id_node *, node_);
|
|
|
|
|
|
|
|
|
|
if (node && ovs_refcount_unref(&node->refcount) == 1) {
|
|
|
|
|
ovs_mutex_lock(&mutex);
|
|
|
|
|
/* Prevent re-use of this node by removing the node from 'metadata_map'
|
|
|
|
|
*/
|
|
|
|
|
cmap_remove(&metadata_map, &node->metadata_node, node->hash);
|
|
|
|
|
/* We keep the node in the 'id_map' so that it can be found as long
|
|
|
|
|
* as it lingers, and add it to the 'expiring' list. */
|
2016-03-25 14:10:22 -07:00
|
|
|
ovs_list_insert(&expiring, &node->exp_node);
|
2015-03-26 11:18:16 -07:00
|
|
|
ovs_mutex_unlock(&mutex);
|
2014-11-10 13:47:49 +09:00
|
|
|
}
|
2015-03-26 11:18:16 -07:00
|
|
|
}
|
2014-11-10 13:47:49 +09:00
|
|
|
|
2015-03-26 11:18:16 -07:00
|
|
|
void
|
|
|
|
|
recirc_free_id(uint32_t id)
|
|
|
|
|
{
|
|
|
|
|
const struct recirc_id_node *node;
|
|
|
|
|
|
|
|
|
|
node = recirc_id_node_find(id);
|
|
|
|
|
if (node) {
|
|
|
|
|
recirc_id_node_unref(node);
|
|
|
|
|
} else {
|
|
|
|
|
VLOG_ERR("Freeing nonexistent recirculation ID: %"PRIu32, id);
|
|
|
|
|
}
|
2014-01-27 01:18:30 -08:00
|
|
|
}
|
|
|
|
|
|
2015-03-26 11:18:16 -07:00
|
|
|
/* Called when 'ofproto' is destructed. Checks for and clears any
|
|
|
|
|
* recirc_id leak.
|
|
|
|
|
* No other thread may have access to the 'ofproto' being destructed.
|
|
|
|
|
* All related datapath flows must be deleted before calling this. */
|
2014-01-27 01:18:30 -08:00
|
|
|
void
|
2015-03-26 11:18:16 -07:00
|
|
|
recirc_free_ofproto(struct ofproto_dpif *ofproto, const char *ofproto_name)
|
2014-01-27 01:18:30 -08:00
|
|
|
{
|
2015-03-26 11:18:16 -07:00
|
|
|
struct recirc_id_node *n;
|
|
|
|
|
|
|
|
|
|
CMAP_FOR_EACH (n, metadata_node, &metadata_map) {
|
ofproto-dpif: Unhide structure contents.
Until now, ofproto-dpif.c has hidden the definitions of several structures,
such as struct ofproto_dpif and struct rule_dpif. This kind of information
hiding is often beneficial, because it forces code outside the file with
the definition to use the documented interfaces. However, in this case it
was starting to burden ofproto-dpif with an increasing number of trivial
helpers that were not improving or maintaining a useful abstraction and
that were making code harder to maintain and read.
Information hiding also made it hard to move blocks of code outside
ofproto-dpif.c itself, since any code moved out often needed new helpers if
it used anything that wasn't previously exposed. In the present instance,
upcoming patches will move code for tracing outside ofproto-dpif, and this
would require adding several helpers that would just obscure the function
of the code otherwise needlessly.
In balance, it seems that there is more harm than good in the information
hiding here, so this commit moves the definitions of several structures
from ofproto-dpif.c into ofproto-dpif.h. It also removes all of the
trivial helpers that had accumulated, instead changing their users to
directly access the members that they needed. It also reorganizes
ofproto-dpif.h, grouping structure definitions and function prototypes in a
sensible way.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Lance Richardson <lrichard@redhat.com>
Acked-by: Justin Pettit <jpettit@ovn.org>
2016-12-06 14:08:42 -08:00
|
|
|
if (uuid_equals(&n->state.ofproto_uuid, &ofproto->uuid)) {
|
2015-03-26 11:18:16 -07:00
|
|
|
VLOG_ERR("recirc_id %"PRIu32
|
|
|
|
|
" left allocated when ofproto (%s)"
|
|
|
|
|
" is destructed", n->id, ofproto_name);
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-01-27 01:18:30 -08:00
|
|
|
}
|
