2012-07-03 22:17:14 -07:00
AT_BANNER([OpenFlow actions])
AT_SETUP([OpenFlow 1.0 action translation])
2012-10-19 02:37:37 +09:00
AT_KEYWORDS([ofp-actions OF1.0])
2012-07-03 22:17:14 -07:00
AT_DATA([test-data], [dnl
# actions=LOCAL
0000 0008 fffe 04d2
# actions=CONTROLLER:1234
0000 0008 fffd 04d2
# actions=mod_vlan_vid:9
0001 0008 0009 0000
# actions=mod_vlan_pcp:6
0002 0008 06 000000
# actions=strip_vlan
0003 0008 00000000
# actions=mod_dl_src:00:11:22:33:44:55
0004 0010 001122334455 000000000000
# actions=mod_dl_dst:10:20:30:40:50:60
0005 0010 102030405060 000000000000
# actions=mod_nw_src:1.2.3.4
0006 0008 01020304
# actions=mod_nw_dst:192.168.0.1
0007 0008 c0a80001
# actions=mod_nw_tos:48
0008 0008 30 000000
# actions=mod_tp_src:80
0009 0008 0050 0000
# actions=mod_tp_dst:443
000a 0008 01bb 0000
2013-05-06 10:55:06 -07:00
# actions=enqueue:10:55
2012-07-03 22:17:14 -07:00
000b 0010 000a 000000000000 00000037
# actions=resubmit:5
ffff 0010 00002320 0001 0005 00000000
# actions=set_tunnel:0x12345678
ffff 0010 00002320 0002 0000 12345678
# actions=set_queue:2309737729
ffff 0010 00002320 0004 0000 89abcd01
# actions=pop_queue
ffff 0010 00002320 0005 000000000000
# actions=move:NXM_OF_IN_PORT[]->NXM_OF_VLAN_TCI[]
ffff 0018 00002320 0006 0010 0000 0000 00000002 00000802
# actions=load:0xf009->NXM_OF_VLAN_TCI[]
ffff 0018 00002320 0007 000f 00000802 000000000000f009
# actions=note:11.e9.9a.ad.67.f3
ffff 0010 00002320 0008 11e99aad67f3
# actions=set_tunnel64:0xc426384d49c53d60
ffff 0018 00002320 0009 000000000000 c426384d49c53d60
# actions=set_tunnel64:0x885f3298
ffff 0018 00002320 0009 000000000000 00000000885f3298
2014-08-07 16:03:42 -07:00
# bad OpenFlow10 actions: OFPBIC_UNSUP_INST
2014-08-07 16:09:07 -07:00
& ofp_actions|WARN|write_metadata instruction not allowed here
2012-10-19 02:37:37 +09:00
ffff 0020 00002320 0016 000000000000 fedcba9876543210 ffffffffffffffff
2014-08-07 16:03:42 -07:00
# bad OpenFlow10 actions: OFPBIC_UNSUP_INST
2014-08-07 16:09:07 -07:00
& ofp_actions|WARN|write_metadata instruction not allowed here
2012-10-19 02:37:37 +09:00
ffff 0020 00002320 0016 000000000000 fedcba9876543210 ffff0000ffff0000
2012-07-03 22:17:14 -07:00
# actions=multipath(eth_src,50,modulo_n,1,0,NXM_NX_REG0[])
ffff 0020 00002320 000a 0000 0032 0000 0000 0000 0000 0000 0000 001f 00010004
2020-06-17 14:16:08 -07:00
# actions=bundle(eth_src,0,hrw,ofport,members:4,8)
2012-07-03 22:17:14 -07:00
ffff 0028 00002320 000c 0001 0000 0000 00000002 0002 0000 00000000 00000000 dnl
0004 0008 00000000
2020-06-17 14:16:08 -07:00
# actions=bundle_load(eth_src,0,hrw,ofport,NXM_NX_REG0[],members:4,8)
2012-07-03 22:17:14 -07:00
ffff 0028 00002320 000d 0001 0000 0000 00000002 0002 001f 00010004 00000000 dnl
0004 0008 00000000
# actions=resubmit(10,5)
ffff 0010 00002320 000e 000a 05 000000
2017-03-08 17:18:23 -08:00
# actions=resubmit(10,5,ct)
ffff 0010 00002320 002c 000a 05 000000
2012-07-03 22:17:14 -07:00
# actions=output:NXM_NX_REG1[5..10]
ffff 0018 00002320 000f 0145 00010204 ffff 000000000000
# actions=learn(table=2,idle_timeout=10,hard_timeout=20,fin_idle_timeout=2,fin_hard_timeout=4,priority=80,cookie=0x123456789abcdef0,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],output:NXM_OF_IN_PORT[])
ffff 0048 00002320 0010 000a 0014 0050 123456789abcdef0 0000 02 00 0002 0004 dnl
000c 00000802 0000 00000802 0000 dnl
0030 00000406 0000 00000206 0000 dnl
1010 00000002 0000 dnl
00000000
# actions=exit
ffff 0010 00002320 0011 000000000000
# actions=dec_ttl
ffff 0010 00002320 0012 000000000000
# actions=fin_timeout(idle_timeout=10,hard_timeout=20)
ffff 0010 00002320 0013 000a 0014 0000
# actions=controller(reason=invalid_ttl,max_len=1234,id=5678)
ffff 0010 00002320 0014 04d2 162e 02 00
Implement serializing the state of packet traversal in "continuations".
One purpose of OpenFlow packet-in messages is to allow a controller to
interpose on the path of a packet through the flow tables. If, for
example, the controller needs to modify a packet in some way that the
switch doesn't directly support, the controller should be able to
program the switch to send it the packet, then modify the packet and
send it back to the switch to continue through the flow table.
That's the theory. In practice, this doesn't work with any but the
simplest flow tables. Packet-in messages simply don't include enough
context to allow the flow table traversal to continue. For example:
* Via "resubmit" actions, an Open vSwitch packet can have an
effective "call stack", but a packet-in can't describe it, and
so it would be lost.
* A packet-in can't preserve the stack used by NXAST_PUSH and
NXAST_POP actions.
* A packet-in can't preserve the OpenFlow 1.1+ action set.
* A packet-in can't preserve the state of Open vSwitch mirroring
or connection tracking.
This commit introduces a solution called "continuations". A continuation
is the state of a packet's traversal through OpenFlow flow tables. A
"controller" action with the "pause" flag, which is newly implemented in
this commit, generates a continuation and sends it to the OpenFlow
controller in a packet-in asynchronous message (only NXT_PACKET_IN2
supports continuations, so the controller must configure them with
NXT_SET_PACKET_IN_FORMAT). The controller processes the packet-in,
possibly modifying some of its data, and sends it back to the switch with
an NXT_RESUME request, which causes flow table traversal to continue. In
principle, a single packet can be paused and resumed multiple times.
Another way to look at it is:
- "pause" is an extension of the existing OFPAT_CONTROLLER
action. It sends the packet to the controller, with full
pipeline context (some of which is switch implementation
dependent, and may thus vary from switch to switch).
- A continuation is an extension of OFPT_PACKET_IN, allowing for
implementation dependent metadata.
- NXT_RESUME is an extension of OFPT_PACKET_OUT, with the
semantics that the pipeline processing is continued with the
original translation context from where it was left at the time
it was paused.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>
2016-02-19 16:10:06 -08:00
# actions=controller(reason=invalid_ttl,max_len=1234,id=5678,userdata=01.02.03.04.05,pause)
ffff 0040 00002320 0025 000000000000 dnl
2016-02-19 15:53:26 -08:00
0000 0008 04d2 0000 dnl
0001 0008 162e 0000 dnl
0002 0005 02 000000 dnl
Implement serializing the state of packet traversal in "continuations".
One purpose of OpenFlow packet-in messages is to allow a controller to
interpose on the path of a packet through the flow tables. If, for
example, the controller needs to modify a packet in some way that the
switch doesn't directly support, the controller should be able to
program the switch to send it the packet, then modify the packet and
send it back to the switch to continue through the flow table.
That's the theory. In practice, this doesn't work with any but the
simplest flow tables. Packet-in messages simply don't include enough
context to allow the flow table traversal to continue. For example:
* Via "resubmit" actions, an Open vSwitch packet can have an
effective "call stack", but a packet-in can't describe it, and
so it would be lost.
* A packet-in can't preserve the stack used by NXAST_PUSH and
NXAST_POP actions.
* A packet-in can't preserve the OpenFlow 1.1+ action set.
* A packet-in can't preserve the state of Open vSwitch mirroring
or connection tracking.
This commit introduces a solution called "continuations". A continuation
is the state of a packet's traversal through OpenFlow flow tables. A
"controller" action with the "pause" flag, which is newly implemented in
this commit, generates a continuation and sends it to the OpenFlow
controller in a packet-in asynchronous message (only NXT_PACKET_IN2
supports continuations, so the controller must configure them with
NXT_SET_PACKET_IN_FORMAT). The controller processes the packet-in,
possibly modifying some of its data, and sends it back to the switch with
an NXT_RESUME request, which causes flow table traversal to continue. In
principle, a single packet can be paused and resumed multiple times.
Another way to look at it is:
- "pause" is an extension of the existing OFPAT_CONTROLLER
action. It sends the packet to the controller, with full
pipeline context (some of which is switch implementation
dependent, and may thus vary from switch to switch).
- A continuation is an extension of OFPT_PACKET_IN, allowing for
implementation dependent metadata.
- NXT_RESUME is an extension of OFPT_PACKET_OUT, with the
semantics that the pipeline processing is continued with the
original translation context from where it was left at the time
it was paused.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>
2016-02-19 16:10:06 -08:00
0003 0009 0102030405 00000000000000 dnl
0004 0004 00000000
2016-02-19 15:53:26 -08:00
2012-08-16 14:25:07 -07:00
# actions=dec_ttl(32768,12345,90,765,1024)
ffff 0020 00002320 0015 000500000000 80003039005A02fd 0400000000000000
2013-04-22 10:01:14 -07:00
# actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678)
ffff 0018 00002320 001d 3039 00005BA0 00008707 0000B26E
ipfix: Support tunnel information for Flow IPFIX.
Add support to export tunnel information for flow-based IPFIX.
The original steps to configure flow level IPFIX:
1) Create a new record in Flow_Sample_Collector_Set table:
'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
2) Add IPFIX configuration which is referred by corresponding
row in Flow_Sample_Collector_Set table:
'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX
targets=\"IP:4739\" obs_domain_id=123 obs_point_id=456
cache_active_timeout=60 cache_max_flows=13'
3) Add sample action to the flows:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,
obs_domain_id=123,obs_point_id=456')',output:3'
NXAST_SAMPLE action was used in step 3. In order to support exporting tunnel
information, the NXAST_SAMPLE2 action was added and with NXAST_SAMPLE2 action
in this patch, the step 3 should be configured like below:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
'sampling_port' can be equal to ingress port or one of egress ports. If sampling
port is equal to output port and the output port is a tunnel port,
OVS_USERSPACE_ATTR_EGRESS_TUN_PORT will be set in the datapath flow sample action.
When flow sample action upcall happens, tunnel information will be retrieved from
the datapath and then IPFIX can export egress tunnel port information. If
samping_port=65535 (OFPP_NONE), flow-based IPFIX will keep the same behavior
as before.
This patch mainly do three tasks:
1) Add a new flow sample action NXAST_SAMPLE2 to support exporting
tunnel information. NXAST_SAMPLE2 action has a new added field
'sampling_port'.
2) Use 'other_configure: enable-tunnel-sampling' to enable or disable
exporting tunnel information.
3) If 'sampling_port' is equal to output port and output port is a tunnel
port, the translation of OpenFlow "sample" action should first emit
set(tunnel(...)), then the sample action itself. It makes sure the
egress tunnel information can be sampled.
4) Add a test of flow-based IPFIX for tunnel set.
How to test flow-based IPFIX:
1) Setup a test environment with two Linux host with Docker supported
2) Create a Docker container and a GRE tunnel port on each host
3) Use ovs-docker to add the container on the bridge
4) Listen on port 4739 on the collector machine and use wireshark to filter
'cflow' packets.
5) Configure flow-based IPFIX:
- 'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
- 'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX \
targets=\"IP:4739\" cache_active_timeout=60 cache_max_flows=13 \
other_config:enable-tunnel-sampling=true'
- 'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
Note: The in-port is container port. The output port and sampling_port
are both open flow port and the output port is a GRE tunnel port.
6) Ping from the container whose host enabled flow-based IPFIX.
7) Get the IPFIX template pakcets and IPFIX information packets.
Signed-off-by: Benli Ye <daniely@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2016-06-14 16:53:34 +08:00
# actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678,sampling_port=56789)
ffff 0020 00002320 0026 3039 00005BA0 00008707 0000B26E DDD50000 00000000
2016-11-23 23:15:19 -08:00
# actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678,sampling_port=56789,egress)
ffff 0020 00002320 0029 3039 00005BA0 00008707 0000B26E DDD50200 00000000
2024-07-13 23:23:47 +02:00
# actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=NXM_OF_IN_PORT[],obs_point_id=NXM_NX_CT_LABEL[32..63],sampling_port=0)
ffff 0028 00002320 0033 3039 00005ba0 00000002 000f0000 0001d810 081f0000 0000 000000000000
2014-10-23 14:34:04 -07:00
# bad OpenFlow10 actions: OFPBAC_BAD_LEN
& ofp_actions|WARN|OpenFlow action OFPAT_OUTPUT length 240 exceeds action buffer length 8
& ofp_actions|WARN|bad action at offset 0 (OFPBAC_BAD_LEN):
& 00000000 00 00 00 f0 00 00 00 00-
00 00 00 f0 00 00 00 00
# bad OpenFlow10 actions: OFPBAC_BAD_LEN
& ofp_actions|WARN|OpenFlow action OFPAT_OUTPUT length 16 not in valid range [[8,8]]
& ofp_actions|WARN|bad action at offset 0 (OFPBAC_BAD_LEN):
& 00000000 00 00 00 10 ff fe ff ff-00 00 00 00 00 00 00 00
00 00 00 10 ff fe ff ff 00 00 00 00 00 00 00 00
# bad OpenFlow10 actions: OFPBAC_BAD_LEN
& ofp_actions|WARN|OpenFlow action NXAST_DEC_TTL_CNT_IDS length 17 is not a multiple of 8
ffff 0011 00002320 0015 0001 00000000 0000000000000000
2015-07-29 08:36:07 -07:00
# bad OpenFlow10 actions: OFPBAC_BAD_OUT_PORT
0000 0008 ffff 0000
Add support for connection tracking.
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
# actions=ct()
ffff 0018 00002320 0023 0000 00000000 0000 FF 000000 0000
# actions=ct(commit)
ffff 0018 00002320 0023 0001 00000000 0000 FF 000000 0000
2017-03-08 17:18:23 -08:00
# actions=ct(commit,force)
ffff 0018 00002320 0023 0003 00000000 0000 FF 000000 0000
# bad OpenFlow10 actions: OFPBAC_BAD_ARGUMENT
ffff 0018 00002320 0023 0002 00000000 0000 FF 000000 0000
Add support for connection tracking.
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
# actions=ct(table=10)
ffff 0018 00002320 0023 0000 00000000 0000 0A 000000 0000
# actions=ct(zone=10)
ffff 0018 00002320 0023 0000 00000000 000A FF 000000 0000
# actions=ct(zone=NXM_NX_REG0[0..15])
ffff 0018 00002320 0023 0000 00010004 000F FF 000000 0000
dnl Can't read 8 bits from register into 16-bit zone.
# bad OpenFlow10 actions: OFPBAC_BAD_SET_LEN
ffff 0018 00002320 0023 0000 00010004 0007 FF 000000 0000
dnl Can't read 32 bits from register into 16-bit zone.
# bad OpenFlow10 actions: OFPBAC_BAD_SET_LEN
ffff 0018 00002320 0023 0000 00010004 001F FF 000000 0000
Add connection tracking mark support.
This patch adds a new 32-bit metadata field to the connection tracking
interface. When a mark is specified as part of the ct action and the
connection is committed, the value is saved with the current connection.
Subsequent ct lookups with the table specified will expose this metadata
as the "ct_mark" field in the flow.
For example, to allow new TCP connections from port 1->2 and only allow
established connections from port 2->1, and to associate a mark with those
connections:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2
table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1)
table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
# actions=ct(commit,exec(load:0xf009->NXM_NX_CT_MARK[]))
ffff 0030 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
ffff 0018 00002320 0007 001f 0001d604 000000000000f009
2017-03-08 17:18:23 -08:00
# actions=ct(commit,force,exec(load:0xf009->NXM_NX_CT_MARK[]))
ffff 0030 00002320 0023 0003 00000000 0000 FF 000000 0000 dnl
ffff 0018 00002320 0007 001f 0001d604 000000000000f009
2017-04-12 14:11:59 -07:00
# actions=ct(commit,exec(load:0->NXM_NX_CT_LABEL[64..127],load:0x1d->NXM_NX_CT_LABEL[0..63]))
ffff 0048 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
ffff 0018 00002320 0007 103f 0001d810 0000 0000 0000 0000 dnl
ffff 0018 00002320 0007 003f 0001d810 0000 0000 0000 001d
Add connection tracking mark support.
This patch adds a new 32-bit metadata field to the connection tracking
interface. When a mark is specified as part of the ct action and the
connection is committed, the value is saved with the current connection.
Subsequent ct lookups with the table specified will expose this metadata
as the "ct_mark" field in the flow.
For example, to allow new TCP connections from port 1->2 and only allow
established connections from port 2->1, and to associate a mark with those
connections:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2
table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1)
table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
# bad OpenFlow10 actions: OFPBAC_BAD_SET_ARGUMENT
& ofp_actions|WARN|cannot set CT fields outside of ct action
ffff 0018 00002320 0007 001f 0001d604 000000000000f009
# bad OpenFlow10 actions: OFPBAC_BAD_SET_ARGUMENT
& meta_flow|WARN|destination field ct_zone is not writable
ffff 0030 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
ffff 0018 00002320 0007 000f 0001d504 000000000000f009
# bad OpenFlow10 actions: OFPBAC_BAD_ARGUMENT
& ofp_actions|WARN|ct action doesn't support nested action ct
ffff 0030 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
ffff 0018 00002320 0023 0000 00000000 0000 FF 000000 0000
# bad OpenFlow10 actions: OFPBAC_BAD_ARGUMENT
& ofp_actions|WARN|ct action doesn't support nested modification of reg0
ffff 0030 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
ffff 0018 00002320 0007 001f 00010004 000000000000f009
Add support for connection tracking helper/ALGs.
This patch adds support for specifying a "helper" or ALG to assist
connection tracking for protocols that consist of multiple streams.
Initially, only support for FTP is included.
Below is an example set of flows to allow FTP control connections from
port 1->2 to establish active data connections in the reverse direction:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1)
table=1,in_port=2,tcp,ct_state=+trk+est,action=1
table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-15 14:29:16 -07:00
# actions=ct(alg=ftp)
ffff 0018 00002320 0023 0000 00000000 0000 FF 000000 0015
2016-12-22 10:58:25 -08:00
# actions=ct(alg=tftp)
ffff 0018 00002320 0023 0000 00000000 0000 FF 000000 0045
2015-11-24 15:47:56 -08:00
# actions=ct(commit,nat(src))
ffff 0028 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
ffff 0010 00002320 0024 00 00 0001 0000
# actions=ct(commit,nat(dst))
ffff 0028 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
ffff 0010 00002320 0024 00 00 0002 0000
# actions=ct(nat)
ffff 0028 00002320 0023 0000 00000000 0000 FF 000000 0000 dnl
ffff 0010 00002320 0024 00 00 0000 0000
# actions=ct(commit,nat(src=10.0.0.240,random))
ffff 0030 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
ffff 0018 00002320 0024 00 00 0011 0001 0a0000f0 00000000
# actions=ct(commit,nat(src=10.0.0.240:32768-65535,random))
ffff 0030 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
ffff 0018 00002320 0024 00 00 0011 0031 0a0000f0 8000ffff
# actions=ct(commit,nat(dst=10.0.0.128-10.0.0.254,hash))
ffff 0030 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
ffff 0018 00002320 0024 00 00 000a 0003 0a000080 0a0000fe
# actions=ct(commit,nat(src=10.0.0.240-10.0.0.254:32768-65535,persistent))
ffff 0038 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
ffff 0020 00002320 0024 00 00 0005 0033 0a0000f0 0a0000fe 8000ffff 00000000
# actions=ct(commit,nat(src=fe80::20c:29ff:fe88:a18b,random))
ffff 0038 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
ffff 0020 00002320 0024 00 00 0011 0004 fe800000 00000000 020c 29ff fe88 a18b
# actions=ct(commit,nat(src=fe80::20c:29ff:fe88:1-fe80::20c:29ff:fe88:a18b,random))
ffff 0048 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
ffff 0030 00002320 0024 00 00 0011 000c fe800000 00000000 020c 29ff fe88 0001 fe800000 00000000 020c 29ff fe88 a18b
# actions=ct(commit,nat(src=[fe80::20c:29ff:fe88:1]-[fe80::20c:29ff:fe88:a18b]:255-4096,random))
ffff 0050 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
ffff 0038 00002320 0024 00 00 0011 003c dnl
fe800000 00000000 020c 29ff fe88 0001 dnl
fe800000 00000000 020c 29ff fe88 a18b dnl
00ff1000 00000000
2017-01-06 08:19:53 -08:00
# actions=ct_clear
ffff 0010 00002320 002b 000000000000
ofp-actions: Add truncate action.
The patch adds a new action to support packet truncation. The new action
is formatted as 'output(port=n,max_len=m)', as output to port n, with
packet size being MIN(original_size, m).
One use case is to enable port mirroring to send smaller packets to the
destination port so that only useful packet information is mirrored/copied,
saving some performance overhead of copying entire packet payload. Example
use case is below as well as shown in the testcases:
- Output to port 1 with max_len 100 bytes.
- The output packet size on port 1 will be MIN(original_packet_size, 100).
# ovs-ofctl add-flow br0 'actions=output(port=1,max_len=100)'
- The scope of max_len is limited to output action itself. The following
packet size of output:1 and output:2 will be intact.
# ovs-ofctl add-flow br0 \
'actions=output(port=1,max_len=100),output:1,output:2'
- The Datapath actions shows:
# Datapath actions: trunc(100),1,1,2
Tested-at: https://travis-ci.org/williamtu/ovs-travis/builds/140037134
Signed-off-by: William Tu <u9012063@gmail.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
2016-06-24 07:42:30 -07:00
# actions=output(port=1,max_len=100)
ffff 0010 00002320 0027 0001 00000064
ofp-actions: Add clone action.
This patch adds OpenFlow clone action with syntax as below:
"clone([action][,action...])". The clone() action makes a copy of the
current packet and executes the list of actions against the packet,
without affecting the packet after the "clone(...)" action. In other
word, the packet before the clone() and after the clone() is the same,
no matter what actions executed inside the clone().
Use case 1:
Set different fields and output to different ports without unset
actions=
clone(mod_dl_src:<mac1>, output:1), clone(mod_dl_dst:<mac2>, output:2), output:3
Since each clone() has independent packet, output:1 has only dl_src modified,
output:2 has only dl_dst modified, output:3 has original packet.
Similar to case1
actions=
push_vlan(...), output:2, pop_vlan, push_vlan(...), output:3
can be changed to
actions=
clone(push_vlan(...), output:2),clone(push_vlan(...), output:3)
without having to add pop_vlan.
case 2: resubmit to another table without worrying packet being modified
actions=clone(resubmit(1,2)), ...
Signed-off-by: William Tu <u9012063@gmail.com>
[blp@ovn.org revised this to omit the "sample" action]
Signed-off-by: Ben Pfaff <blp@ovn.org>
2016-12-18 00:13:02 -08:00
# actions=clone(mod_vlan_vid:5,output:10)
ffff 0020 00002320 002a 000000000000 dnl
0001 0008 0005 0000 dnl
0000 0008 000a 0000
2017-06-20 15:17:33 -07:00
# actions=learn(table=2,priority=0,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],output:NXM_OF_IN_PORT[])
ffff 0050 00002320 002d 0000 0000 0000 0000000000000000 0000 02 00 0000 0000 00000000 0000 0000 dnl
000c 00000802 0000 00000802 0000 dnl
0030 00000406 0000 00000206 0000 dnl
1010 00000002 0000 dnl
00000000
2017-03-10 15:44:40 -08:00
# actions=learn(table=2,idle_timeout=10,hard_timeout=20,fin_idle_timeout=2,fin_hard_timeout=4,priority=80,cookie=0x123456789abcdef0,limit=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],output:NXM_OF_IN_PORT[])
ffff 0050 00002320 002d 000a 0014 0050 123456789abcdef0 0000 02 00 0002 0004 00000001 0000 0000 dnl
000c 00000802 0000 00000802 0000 dnl
0030 00000406 0000 00000206 0000 dnl
1010 00000002 0000 dnl
00000000
# actions=learn(table=2,idle_timeout=10,hard_timeout=20,fin_idle_timeout=2,fin_hard_timeout=4,priority=80,cookie=0x123456789abcdef0,limit=1,result_dst=NXM_NX_REG0[8],NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],output:NXM_OF_IN_PORT[])
ffff 0050 00002320 002d 000a 0014 0050 123456789abcdef0 0004 02 00 0002 0004 00000001 0008 0000 dnl
00010004 dnl
000c 00000802 0000 00000802 0000 dnl
0030 00000406 0000 00000206 0000 dnl
1010 00000002 0000
2016-07-14 08:27:21 -07:00
# actions=group:5
ffff 0010 00002320 0028 0000 00000005
Implement serializing the state of packet traversal in "continuations".
One purpose of OpenFlow packet-in messages is to allow a controller to
interpose on the path of a packet through the flow tables. If, for
example, the controller needs to modify a packet in some way that the
switch doesn't directly support, the controller should be able to
program the switch to send it the packet, then modify the packet and
send it back to the switch to continue through the flow table.
That's the theory. In practice, this doesn't work with any but the
simplest flow tables. Packet-in messages simply don't include enough
context to allow the flow table traversal to continue. For example:
* Via "resubmit" actions, an Open vSwitch packet can have an
effective "call stack", but a packet-in can't describe it, and
so it would be lost.
* A packet-in can't preserve the stack used by NXAST_PUSH and
NXAST_POP actions.
* A packet-in can't preserve the OpenFlow 1.1+ action set.
* A packet-in can't preserve the state of Open vSwitch mirroring
or connection tracking.
This commit introduces a solution called "continuations". A continuation
is the state of a packet's traversal through OpenFlow flow tables. A
"controller" action with the "pause" flag, which is newly implemented in
this commit, generates a continuation and sends it to the OpenFlow
controller in a packet-in asynchronous message (only NXT_PACKET_IN2
supports continuations, so the controller must configure them with
NXT_SET_PACKET_IN_FORMAT). The controller processes the packet-in,
possibly modifying some of its data, and sends it back to the switch with
an NXT_RESUME request, which causes flow table traversal to continue. In
principle, a single packet can be paused and resumed multiple times.
Another way to look at it is:
- "pause" is an extension of the existing OFPAT_CONTROLLER
action. It sends the packet to the controller, with full
pipeline context (some of which is switch implementation
dependent, and may thus vary from switch to switch).
- A continuation is an extension of OFPT_PACKET_IN, allowing for
implementation dependent metadata.
- NXT_RESUME is an extension of OFPT_PACKET_OUT, with the
semantics that the pipeline processing is continued with the
original translation context from where it was left at the time
it was paused.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>
2016-02-19 16:10:06 -08:00
# bad OpenFlow10 actions: NXBRC_MUST_BE_ZERO
ffff 0018 00002320 0025 0000 0005 0000 1122334455 000005
# bad OpenFlow10 actions: NXBRC_MUST_BE_ZERO
ffff 0018 00002320 0025 0000 0005 5000 1122334455 000000
2015-11-24 15:47:56 -08:00
# bad OpenFlow10 actions: OFPBAC_BAD_ARGUMENT
ffff 0048 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
ffff 0030 00002320 0024 00 00 0011 000c fe800000 00000000 020c 29ff fe88 a18b fe800000 00000000 020c 29ff fe88 0001
Add a new OVS action check_pkt_larger
This patch adds a new action 'check_pkt_larger' which checks if the
packet is larger than the given size and stores the result in the
destination register.
Usage: check_pkt_larger(len)->REGISTER
Eg. match=...,actions=check_pkt_larger(1442)->NXM_NX_REG0[0],next;
This patch makes use of the new datapath action - 'check_pkt_len'
which was recently added in the commit [1].
At the start of ovs-vswitchd, datapath is probed for this action.
If the datapath action is present, then 'check_pkt_larger'
makes use of this datapath action.
Datapath action 'check_pkt_len' takes these nlattrs
* OVS_CHECK_PKT_LEN_ATTR_PKT_LEN - 'pkt_len' to check for
* OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER (optional) - Nested actions
to apply if the packet length is greater than the specified 'pkt_len'
* OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL (optional) - Nested
actions to apply if the packet length is lesser or equal to the
specified 'pkt_len'.
Let's say we have these flows added to an OVS bridge br-int
table=0, priority=100 in_port=1,ip,actions=check_pkt_larger:100->NXM_NX_REG0[0],resubmit(,1)
table=1, priority=200,in_port=1,ip,reg0=0x1/0x1 actions=output:3
table=1, priority=100,in_port=1,ip,actions=output:4
Then the action 'check_pkt_larger' will be translated as
- check_pkt_len(size=100,gt(3),le(4))
datapath will check the packet length and if the packet length is greater than 100,
it will output to port 3, else it will output to port 4.
In case, datapath doesn't support 'check_pkt_len' action, the OVS action
'check_pkt_larger' sets SLOW_ACTION so that datapath flow is not added.
This OVS action is intended to be used by OVN to check the packet length
and generate an ICMP packet with type 3, code 4 and next hop mtu
in the logical router pipeline if the MTU of the physical interface
is lesser than the packet length. More information can be found here [2]
[1] - https://kernel.googlesource.com/pub/scm/linux/kernel/git/davem/net-next/+/4d5ec89fc8d14dcdab7214a0c13a1c7321dc6ea9
[2] - https://mail.openvswitch.org/pipermail/ovs-discuss/2018-July/047039.html
Reported-at:
https://mail.openvswitch.org/pipermail/ovs-discuss/2018-July/047039.html
Suggested-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
CC: Ben Pfaff <blp@ovn.org>
CC: Gregory Rose <gvrose8192@gmail.com>
Acked-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2019-04-23 00:53:38 +05:30
# actions=check_pkt_larger(1500)->NXM_NX_REG0[0]
ffff 0018 00002320 0031 05dc 000000010004000000000000
# actions=check_pkt_larger(1000)->NXM_NX_XXREG1[4]
ffff 0018 00002320 0031 03e8 00040001e010000000000000
ofp-actions: Add delete field action
This patch adds a new OpenFlow action, delete field, to delete a
field in packets. Currently, only the tun_metadata fields are
supported.
One use case to add this action is to support multiple versions
of geneve tunnel metadatas to be exchanged among different versions
of networks. For example, we may introduce tun_metadata2 to
replace old tun_metadata1, but still want to provide backward
compatibility to the older release. In this case, in the new
OpenFlow pipeline, we would like to support the case to receive a
packet with tun_metadata1, do some processing. And if the packet
is going to a switch in the newer release, we would like to delete
the value in tun_metadata1 and set a value into tun_metadata2.
Currently, ovs does not provide an action to remove a value in
tun_metadata if the value is present. This patch fulfills the gap
by adding the delete_field action. For example, the OpenFlow
syntax to delete tun_metadata1 is:
actions=delete_field:tun_metadata1
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: William Tu <u9012063@gmail.com>
Acked-by: William Tu <u9012063@gmail.com>
2020-04-14 13:33:28 -07:00
# actions=delete_field:tun_metadata10
ffff 0018 00002320 0032 00 01 64 7c 00 00 00 00 000000000000
2012-07-03 22:17:14 -07:00
])
sed '/^[[#&]]/d' < test-data > input.txt
sed -n 's/^# //p; /^$/p' < test-data > expout
sed -n 's/^& //p' < test-data > experr
AT_CAPTURE_FILE([input.txt])
AT_CAPTURE_FILE([expout])
AT_CAPTURE_FILE([experr])
AT_CHECK(
2014-08-07 16:03:42 -07:00
[ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-actions OpenFlow10 < input.txt],
2012-07-03 22:17:14 -07:00
[0], [expout], [experr])
2022-12-19 17:13:50 +01:00
AT_CHECK([cat expout | grep 'actions=' | test-ofparse.py])
2012-07-03 22:17:14 -07:00
AT_CLEANUP
2012-07-03 22:14:29 -07:00
2014-08-07 16:09:07 -07:00
AT_SETUP([OpenFlow 1.0 "instruction" translations])
AT_KEYWORDS([ofp-actions OF1.0 instruction])
AT_DATA([test-data], [dnl
dnl Try a couple of ordinary actions to make sure they're accepted,
dnl but there's no point in retrying all the actions from the previous test.
# actions=LOCAL
0000 0008 fffe 04d2
# actions=mod_dl_src:00:11:22:33:44:55
0004 0010 001122334455 000000000000
dnl Now check that write_metadata is accepted.
# actions=write_metadata:0xfedcba9876543210
ffff 0020 00002320 0016 000000000000 fedcba9876543210 ffffffffffffffff
# actions=write_metadata:0xfedcba9876543210/0xffff0000ffff0000
ffff 0020 00002320 0016 000000000000 fedcba9876543210 ffff0000ffff0000
])
sed '/^[[#&]]/d' < test-data > input.txt
sed -n 's/^# //p; /^$/p' < test-data > expout
sed -n 's/^& //p' < test-data > experr
AT_CAPTURE_FILE([input.txt])
AT_CAPTURE_FILE([expout])
AT_CAPTURE_FILE([experr])
AT_CHECK(
2014-08-07 16:03:42 -07:00
[ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-instructions OpenFlow10 < input.txt],
2014-08-07 16:09:07 -07:00
[0], [expout], [experr])
2022-12-19 17:13:50 +01:00
AT_CHECK([cat expout | grep 'actions=' | test-ofparse.py])
2014-08-07 16:09:07 -07:00
AT_CLEANUP
2012-07-03 22:14:29 -07:00
AT_SETUP([OpenFlow 1.1 action translation])
2012-10-19 02:37:37 +09:00
AT_KEYWORDS([ofp-actions OF1.1])
2012-07-03 22:14:29 -07:00
AT_DATA([test-data], [dnl
# actions=LOCAL
0000 0010 fffffffe 04d2 000000000000
# actions=CONTROLLER:1234
0000 0010 fffffffd 04d2 000000000000
2013-10-24 13:19:25 -07:00
# actions=set_vlan_vid:9
2012-07-03 22:14:29 -07:00
0001 0008 0009 0000
2013-10-24 13:19:25 -07:00
# actions=set_vlan_pcp:6
2012-07-03 22:14:29 -07:00
0002 0008 06 000000
# actions=mod_dl_src:00:11:22:33:44:55
0003 0010 001122334455 000000000000
# actions=mod_dl_dst:10:20:30:40:50:60
0004 0010 102030405060 000000000000
# actions=mod_nw_src:1.2.3.4
0005 0008 01020304
# actions=mod_nw_dst:192.168.0.1
0006 0008 c0a80001
# actions=mod_nw_tos:48
0007 0008 30 000000
2016-07-13 16:50:33 -07:00
# actions=mod_nw_ecn:2
0008 0008 02 000000
2012-07-03 22:14:29 -07:00
# actions=mod_tp_src:80
0009 0008 0050 0000
# actions=mod_tp_dst:443
000a 0008 01bb 0000
2013-10-24 13:19:26 -07:00
# actions=pop_vlan
2012-10-18 03:51:58 +09:00
0012 0008 00000000
2012-11-30 10:04:06 +09:00
# actions=set_queue:2309737729
0015 0008 89abcd01
2012-10-26 13:43:19 +09:00
dnl 802.1ad isn't supported at the moment
dnl # actions=push_vlan:0x88a8
dnl 0011 0008 88a8 0000
# actions=push_vlan:0x8100
0011 0008 8100 0000
2012-07-03 22:14:29 -07:00
# actions=resubmit:5
ffff 0010 00002320 0001 0005 00000000
# actions=set_tunnel:0x12345678
ffff 0010 00002320 0002 0000 12345678
# actions=pop_queue
ffff 0010 00002320 0005 000000000000
# actions=move:NXM_OF_IN_PORT[]->NXM_OF_VLAN_TCI[]
ffff 0018 00002320 0006 0010 0000 0000 00000002 00000802
# actions=load:0xf009->NXM_OF_VLAN_TCI[]
ffff 0018 00002320 0007 000f 00000802 000000000000f009
# actions=note:11.e9.9a.ad.67.f3
ffff 0010 00002320 0008 11e99aad67f3
# actions=set_tunnel64:0xc426384d49c53d60
ffff 0018 00002320 0009 000000000000 c426384d49c53d60
# actions=set_tunnel64:0x885f3298
ffff 0018 00002320 0009 000000000000 00000000885f3298
2014-08-07 16:09:07 -07:00
dnl Write-Metadata is only allowed in contexts that allow instructions.
& ofp_actions|WARN|write_metadata instruction not allowed here
2014-08-07 16:03:42 -07:00
# bad OpenFlow11 actions: OFPBIC_UNSUP_INST
2012-10-19 02:37:37 +09:00
ffff 0020 00002320 0016 000000000000 fedcba9876543210 ffffffffffffffff
2012-07-03 22:14:29 -07:00
# actions=multipath(eth_src,50,modulo_n,1,0,NXM_NX_REG0[])
ffff 0020 00002320 000a 0000 0032 0000 0000 0000 0000 0000 0000 001f 00010004
2020-06-17 14:16:08 -07:00
# actions=bundle(eth_src,0,hrw,ofport,members:4,8)
2012-07-03 22:14:29 -07:00
ffff 0028 00002320 000c 0001 0000 0000 00000002 0002 0000 00000000 00000000 dnl
0004 0008 00000000
2020-06-17 14:16:08 -07:00
# actions=bundle_load(eth_src,0,hrw,ofport,NXM_NX_REG0[],members:4,8)
2012-07-03 22:14:29 -07:00
ffff 0028 00002320 000d 0001 0000 0000 00000002 0002 001f 00010004 00000000 dnl
0004 0008 00000000
# actions=resubmit(10,5)
ffff 0010 00002320 000e 000a 05 000000
2017-03-08 17:18:23 -08:00
# actions=resubmit(10,5,ct)
ffff 0010 00002320 002c 000a 05 000000
2012-07-03 22:14:29 -07:00
# actions=output:NXM_NX_REG1[5..10]
ffff 0018 00002320 000f 0145 00010204 ffff 000000000000
# actions=learn(table=2,idle_timeout=10,hard_timeout=20,fin_idle_timeout=2,fin_hard_timeout=4,priority=80,cookie=0x123456789abcdef0,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],output:NXM_OF_IN_PORT[])
ffff 0048 00002320 0010 000a 0014 0050 123456789abcdef0 0000 02 00 0002 0004 dnl
000c 00000802 0000 00000802 0000 dnl
0030 00000406 0000 00000206 0000 dnl
1010 00000002 0000 dnl
00000000
# actions=exit
ffff 0010 00002320 0011 000000000000
2012-10-18 07:02:04 +09:00
dnl OpenFlow 1.1 OFPAT_DEC_TTL
# actions=dec_ttl
0018 0008 00000000
2012-07-03 22:14:29 -07:00
# actions=fin_timeout(idle_timeout=10,hard_timeout=20)
ffff 0010 00002320 0013 000a 0014 0000
# actions=controller(reason=invalid_ttl,max_len=1234,id=5678)
ffff 0010 00002320 0014 04d2 162e 02 00
2012-08-16 14:25:07 -07:00
# actions=dec_ttl(32768,12345,90,765,1024)
ffff 0020 00002320 0015 000500000000 80003039005A02fd 0400000000000000
2013-04-22 10:01:14 -07:00
# actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678)
ffff 0018 00002320 001d 3039 00005BA0 00008707 0000B26E
2024-07-13 23:23:47 +02:00
# actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=NXM_OF_IN_PORT[],obs_point_id=NXM_NX_CT_LABEL[32..63],sampling_port=0)
ffff 0028 00002320 0033 3039 00005ba0 00000002 000f0000 0001d810 081f0000 0000 000000000000
2015-07-29 08:36:07 -07:00
# bad OpenFlow11 actions: OFPBAC_BAD_OUT_PORT
& ofp_actions|WARN|bad action at offset 0 (OFPBAC_BAD_OUT_PORT):
& 00000000 00 00 00 10 ff ff ff ff-00 00 00 00 00 00 00 00
0000 0010 ffffffff 0000 000000000000
2012-07-03 22:14:29 -07:00
])
sed '/^[[#&]]/d' < test-data > input.txt
sed -n 's/^# //p; /^$/p' < test-data > expout
sed -n 's/^& //p' < test-data > experr
AT_CAPTURE_FILE([input.txt])
AT_CAPTURE_FILE([expout])
AT_CAPTURE_FILE([experr])
AT_CHECK(
2014-08-07 16:03:42 -07:00
[ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-actions OpenFlow11 < input.txt],
2012-07-03 22:14:29 -07:00
[0], [expout], [experr])
2022-12-19 17:13:50 +01:00
AT_CHECK([cat expout | grep 'actions=' | test-ofparse.py])
2012-07-03 22:14:29 -07:00
AT_CLEANUP
AT_SETUP([OpenFlow 1.1 instruction translation])
2012-10-19 02:37:37 +09:00
AT_KEYWORDS([OF1.1 instruction ofp-actions])
2012-07-03 22:14:29 -07:00
AT_DATA([test-data], [dnl
# actions=LOCAL
0004 0018 00000000 dnl
0000 0010 fffffffe 04d2 000000000000
2012-10-05 15:56:56 +09:00
dnl Apply-Actions non-zero padding
# actions=drop
# 0: 00 -> (none)
# 1: 04 -> (none)
# 2: 00 -> (none)
# 3: 08 -> (none)
# 4: 00 -> (none)
# 5: 00 -> (none)
# 6: 00 -> (none)
# 7: 01 -> (none)
0004 0008 00000001
2012-07-03 22:14:29 -07:00
dnl Check that an empty Apply-Actions instruction gets dropped.
# actions=drop
# 0: 00 -> (none)
# 1: 04 -> (none)
# 2: 00 -> (none)
# 3: 08 -> (none)
# 4: 00 -> (none)
# 5: 00 -> (none)
# 6: 00 -> (none)
# 7: 00 -> (none)
0004 0008 00000000
2012-09-04 15:51:59 +09:00
dnl Duplicate instruction type:
2014-08-07 16:03:42 -07:00
# bad OpenFlow11 instructions: OFPBIC_DUP_INST
2012-07-03 22:14:29 -07:00
0004 0008 00000000 0004 0008 00000000
dnl Instructions not multiple of 8 in length.
& ofp_actions|WARN|OpenFlow message instructions length 9 is not a multiple of 8
2014-08-07 16:03:42 -07:00
# bad OpenFlow11 instructions: OFPBIC_BAD_LEN
2012-07-03 22:14:29 -07:00
0004 0009 01 00000000
dnl Goto-Table instruction too long.
2014-08-07 16:03:42 -07:00
# bad OpenFlow11 instructions: OFPBIC_BAD_LEN
2012-07-03 22:14:29 -07:00
0001 0010 01 000000 0000000000000000
2012-10-05 15:56:56 +09:00
dnl Goto-Table 1 instruction non-zero padding
# actions=goto_table:1
# 7: 01 -> 00
0001 0008 01 000001
2013-06-05 13:18:09 -07:00
dnl Goto-Table 1 instruction go back to the previous table.
2014-09-24 09:53:13 -07:00
# bad OpenFlow11 instructions: OFPBIC_BAD_TABLE_ID
2013-06-05 13:18:09 -07:00
2,0001 0008 01 000000
2012-10-05 15:56:56 +09:00
dnl Goto-Table 1
# actions=goto_table:1
2012-07-03 22:14:29 -07:00
0001 0008 01 000000
2012-10-19 02:37:37 +09:00
dnl Write-Metadata.
# actions=write_metadata:0xfedcba9876543210
2012-07-03 22:14:29 -07:00
0002 0018 00000000 fedcba9876543210 ffffffffffffffff
2014-08-07 16:09:07 -07:00
dnl Write-Metadata as Nicira extension action is transformed into instruction.
# actions=write_metadata:0xfedcba9876543210
# 1: 04 -> 02
# 3: 28 -> 18
# 8: ff -> fe
# 9: ff -> dc
# 10: 00 -> ba
# 11: 20 -> 98
# 12: 00 -> 76
# 13: 00 -> 54
# 14: 23 -> 32
# 15: 20 -> 10
# 16: 00 -> ff
# 17: 16 -> ff
# 18: 00 -> ff
# 19: 00 -> ff
# 20: 00 -> ff
# 21: 00 -> ff
# 22: 00 -> ff
# 23: 00 -> ff
# 24: fe -> (none)
# 25: dc -> (none)
# 26: ba -> (none)
# 27: 98 -> (none)
# 28: 76 -> (none)
# 29: 54 -> (none)
# 30: 32 -> (none)
# 31: 10 -> (none)
# 32: ff -> (none)
# 33: ff -> (none)
# 34: ff -> (none)
# 35: ff -> (none)
# 36: ff -> (none)
# 37: ff -> (none)
# 38: ff -> (none)
# 39: ff -> (none)
0004 0028 00000000 ffff 0020 00002320 0016 000000000000 fedcba9876543210 ffffffffffffffff
2012-10-19 02:37:37 +09:00
dnl Write-Metadata with mask.
# actions=write_metadata:0xfedcba9876543210/0xff00ff00ff00ff00
0002 0018 00000000 fedcba9876543210 ff00ff00ff00ff00
2012-07-03 22:14:29 -07:00
dnl Write-Metadata too short.
2014-08-07 16:03:42 -07:00
# bad OpenFlow11 instructions: OFPBIC_BAD_LEN
2012-07-03 22:14:29 -07:00
0002 0010 00000000 fedcba9876543210
dnl Write-Metadata too long.
2014-08-07 16:03:42 -07:00
# bad OpenFlow11 instructions: OFPBIC_BAD_LEN
2012-07-03 22:14:29 -07:00
0002 0020 00000000 fedcba9876543210 ffffffffffffffff 0000000000000000
2012-10-19 02:37:37 +09:00
dnl Write-Metadata duplicated.
2014-08-07 16:03:42 -07:00
# bad OpenFlow11 instructions: OFPBIC_DUP_INST
2012-10-19 02:37:37 +09:00
0002 0018 00000000 fedcba9876543210 ff00ff00ff00ff00 0002 0018 00000000 fedcba9876543210 ff00ff00ff00ff00
2013-01-03 09:02:52 -08:00
dnl Write-Metadata in wrong position (OpenFlow 1.1+ disregards the order
dnl and OVS reorders it to the canonical order)
# actions=write_metadata:0xfedcba9876543210,goto_table:1
# 1: 01 -> 02
# 3: 08 -> 18
# 4: 01 -> 00
# 8: 00 -> fe
# 9: 02 -> dc
# 10: 00 -> ba
# 11: 18 -> 98
# 12: 00 -> 76
# 13: 00 -> 54
# 14: 00 -> 32
# 15: 00 -> 10
# 16: fe -> ff
# 17: dc -> ff
# 18: ba -> ff
# 19: 98 -> ff
# 20: 76 -> ff
# 21: 54 -> ff
# 22: 32 -> ff
# 23: 10 -> ff
# 24: ff -> 00
# 25: ff -> 01
# 26: ff -> 00
# 27: ff -> 08
# 28: ff -> 01
# 29: ff -> 00
# 30: ff -> 00
# 31: ff -> 00
2012-10-19 02:37:37 +09:00
0001 0008 01 000000 0002 0018 00000000 fedcba9876543210 ffffffffffffffff
2013-10-11 13:23:29 +09:00
dnl empty Write-Actions non-zero padding
# actions=write_actions(drop)
# 0: 00 -> (none)
# 1: 03 -> (none)
# 2: 00 -> (none)
# 3: 08 -> (none)
# 4: 00 -> (none)
# 5: 00 -> (none)
# 6: 00 -> (none)
# 7: 01 -> (none)
0003 0008 00000001
dnl Check that an empty Write-Actions instruction gets dropped.
# actions=write_actions(drop)
# 0: 00 -> (none)
# 1: 03 -> (none)
# 2: 00 -> (none)
# 3: 08 -> (none)
# 4: 00 -> (none)
# 5: 00 -> (none)
# 6: 00 -> (none)
# 7: 00 -> (none)
0003 0008 00000000
2012-07-03 22:14:29 -07:00
2012-10-05 15:56:57 +09:00
dnl Clear-Actions too-long
2014-08-07 16:03:42 -07:00
# bad OpenFlow11 instructions: OFPBIC_BAD_LEN
2012-10-05 15:56:57 +09:00
0005 0010 00000000 0000000000000000
dnl Clear-Actions non-zero padding
# actions=clear_actions
# 7: 01 -> 00
0005 0008 00000001
dnl Clear-Actions non-zero padding
# actions=clear_actions
# 4: 01 -> 00
2012-07-03 22:14:29 -07:00
0005 0008 01 000000
2012-10-05 15:56:57 +09:00
dnl Clear-Actions
# actions=clear_actions
0005 0008 00000000
2012-07-03 22:14:29 -07:00
dnl Experimenter actions not supported yet.
2014-08-07 16:03:42 -07:00
# bad OpenFlow11 instructions: OFPBIC_BAD_EXPERIMENTER
2012-07-03 22:14:29 -07:00
ffff 0008 01 000000
dnl Bad instruction number (0 not assigned).
2014-08-07 16:03:42 -07:00
# bad OpenFlow11 instructions: OFPBIC_UNKNOWN_INST
2012-07-03 22:14:29 -07:00
0000 0008 01 000000
])
sed '/^[[#&]]/d' < test-data > input.txt
sed -n 's/^# //p; /^$/p' < test-data > expout
sed -n 's/^& //p' < test-data > experr
AT_CAPTURE_FILE([input.txt])
AT_CAPTURE_FILE([expout])
AT_CAPTURE_FILE([experr])
AT_CHECK(
2014-08-07 16:03:42 -07:00
[ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-instructions OpenFlow11 < input.txt],
2012-07-03 22:14:29 -07:00
[0], [expout], [experr])
AT_CLEANUP
2013-11-15 18:10:18 +09:00
2014-09-16 22:13:44 -07:00
dnl Our primary goal here is to verify OpenFlow 1.2-specific changes,
dnl so the list of tests is short.
AT_SETUP([OpenFlow 1.2 action translation])
AT_KEYWORDS([ofp-actions OF1.2])
AT_DATA([test-data], [dnl
# actions=LOCAL
0000 0010 fffffffe 04d2 000000000000
# bad OpenFlow12 actions: OFPBAC_BAD_SET_MASK
& ofp_actions|WARN|bad action at offset 0 (OFPBAC_BAD_SET_MASK):
& 00000000 00 19 00 18 80 00 09 0c-00 00 00 00 12 34 00 00
& 00000010 00 00 ff ff 00 00 00 00-
0019 0018 8000090c 000000001234 00000000ffff 00000000
])
sed '/^[[#&]]/d' < test-data > input.txt
sed -n 's/^# //p; /^$/p' < test-data > expout
sed -n 's/^& //p' < test-data > experr
AT_CAPTURE_FILE([input.txt])
AT_CAPTURE_FILE([expout])
AT_CAPTURE_FILE([experr])
AT_CHECK(
[ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-actions OpenFlow12 < input.txt],
[0], [expout], [experr])
2022-12-19 17:13:50 +01:00
AT_CHECK([cat expout | grep 'actions=' | test-ofparse.py])
2014-09-16 22:13:44 -07:00
AT_CLEANUP
2014-11-24 14:29:06 -08:00
dnl Our primary goal here is to verify OpenFlow 1.3-specific changes,
dnl so the list of tests is short.
AT_SETUP([OpenFlow 1.3 action translation])
AT_KEYWORDS([ofp-actions OF1.3])
AT_DATA([test-data], [dnl
# actions=LOCAL
0000 0010 fffffffe 04d2 000000000000
dnl Check the Nicira extension form of "move".
# actions=move:NXM_OF_IN_PORT[]->NXM_OF_VLAN_TCI[]
ffff 0018 00002320 0006 0010 0000 0000 00000002 00000802
dnl Check the ONF extension form of "copy_field".
# actions=move:NXM_OF_IN_PORT[]->NXM_OF_VLAN_TCI[]
ffff 0020 4f4e4600 0c80 0000 0010 0000 0000 0000 00000002 00000802 00000000
2019-01-16 16:53:52 -08:00
dnl Check OpenFlow v1.3.4 Conformance Test: 430.500.
# bad OpenFlow13 actions: OFPBAC_BAD_SET_TYPE
& ofp_actions|WARN|bad action at offset 0 (OFPBAC_BAD_SET_TYPE):
& 00000000 00 19 00 08 80 00 fe 00-00 00 00 10 00 00 00 01
& 00000010 00 00 00 00 00 00 00 00-
0019 0008 8000fe00 000000100000 000100000000 00000000
dnl Check OpenFlow v1.3.4 Conformance Test: 430.510.
# bad OpenFlow13 actions: OFPBAC_BAD_SET_LEN
& ofp_actions|WARN|bad action at offset 0 (OFPBAC_BAD_SET_LEN):
& 00000000 00 19 00 10 80 00 08 07-00 01 02 03 04 05 00 00
& 00000010 00 00 00 10 00 00 00 01-
0019 0010 80000807 000102030405 000000000010 00000001
2020-10-14 18:13:46 +02:00
dnl Check NSH encap (experimenter extension).
# actions=encap(nsh(md_type=1))
ffff 0018 00002320 002e 0000 0001894f 0004 01 05 01 000000
dnl NSH encap with non-zero padding.
# actions=encap(nsh(md_type=1))
# 21: 12 -> 00
# 22: 34 -> 00
# 23: 56 -> 00
ffff 0018 00002320 002e 0000 0001894f 0004 01 05 01 123456
2021-11-29 11:52:05 +05:30
dnl Check mpls encap
# actions=encap(mpls)
ffff 0010 00002320 002e 0000 00018847
dnl Check mpls encap
# actions=encap(mpls_mc)
ffff 0010 00002320 002e 0000 00018848
2014-11-24 14:29:06 -08:00
])
sed '/^[[#&]]/d' < test-data > input.txt
sed -n 's/^# //p; /^$/p' < test-data > expout
sed -n 's/^& //p' < test-data > experr
AT_CAPTURE_FILE([input.txt])
AT_CAPTURE_FILE([expout])
AT_CAPTURE_FILE([experr])
AT_CHECK(
[ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-actions OpenFlow13 < input.txt],
[0], [expout], [experr])
2022-12-19 17:13:50 +01:00
AT_CHECK([cat expout | grep 'actions=' | test-ofparse.py])
2014-11-24 14:29:06 -08:00
AT_CLEANUP
2014-08-11 14:13:53 -07:00
dnl Our primary goal here is to verify that OpenFlow 1.5-specific changes,
dnl so the list of tests is short.
2014-08-07 16:18:51 -07:00
AT_SETUP([OpenFlow 1.5 action translation])
AT_KEYWORDS([ofp-actions OF1.5])
AT_DATA([test-data], [dnl
# actions=LOCAL
0000 0010 fffffffe 04d2 000000000000
# actions=move:NXM_OF_IN_PORT[]->NXM_OF_VLAN_TCI[]
2014-11-24 12:25:56 -08:00
001c 0018 0010 0000 0000 0000 00000002 00000802 00000000
2014-08-07 16:18:51 -07:00
2014-10-07 16:49:50 -07:00
# actions=set_field:00:00:00:00:12:34/00:00:00:00:ff:ff->eth_src
2014-09-16 22:13:44 -07:00
0019 0018 8000090c 000000001234 00000000ffff 00000000
2014-08-11 14:13:53 -07:00
2019-04-30 09:19:27 -07:00
# actions=meter:5
001d 0008 00000005
2014-08-07 16:18:51 -07:00
])
sed '/^[[#&]]/d' < test-data > input.txt
sed -n 's/^# //p; /^$/p' < test-data > expout
sed -n 's/^& //p' < test-data > experr
AT_CAPTURE_FILE([input.txt])
AT_CAPTURE_FILE([expout])
AT_CAPTURE_FILE([experr])
AT_CHECK(
[ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-actions OpenFlow15 < input.txt],
[0], [expout], [experr])
2022-12-19 17:13:50 +01:00
AT_CHECK([cat expout | grep 'actions=' | test-ofparse.py])
2014-08-07 16:18:51 -07:00
AT_CLEANUP
2013-11-15 18:10:18 +09:00
AT_SETUP([ofp-actions - inconsistent MPLS actions])
OVS_VSWITCHD_START
dnl OK: Use fin_timeout action on TCP flow
AT_CHECK([ovs-ofctl -O OpenFlow11 -vwarn add-flow br0 'tcp actions=fin_timeout(idle_timeout=1)'])
2022-12-19 17:13:50 +01:00
AT_CHECK([echo 'tcp actions=fin_timeout(idle_timeout=1)' | test-ofparse.py])
2013-11-15 18:10:18 +09:00
dnl Bad: Use fin_timeout action on TCP flow that has been converted to MPLS
AT_CHECK([ovs-ofctl -O OpenFlow11 -vwarn add-flow br0 'tcp actions=push_mpls:0x8847,fin_timeout(idle_timeout=1)'],
[1], [], [dnl
2013-11-15 14:19:57 -08:00
ovs-ofctl: none of the usable flow formats (OpenFlow10,NXM) is among the allowed flow formats (OpenFlow11)
2013-11-15 18:10:18 +09:00
])
2022-12-19 17:13:50 +01:00
AT_CHECK([echo 'tcp actions=push_mpls:0x8847,fin_timeout(idle_timeout=1)' | test-ofparse.py])
2013-11-15 18:10:18 +09:00
OVS_VSWITCHD_STOP
AT_CLEANUP
2014-12-04 14:31:56 -08:00
AT_SETUP([reg_load <-> set_field translation corner case])
AT_KEYWORDS([ofp-actions])
OVS_VSWITCHD_START
dnl In OpenFlow 1.3, set_field always sets all the bits in the field,
dnl but when we translate to NXAST_LOAD we need to only set the bits that
dnl actually exist (e.g. mpls_label only has 20 bits) otherwise OVS rejects
dnl the "load" action as invalid. Check that we do this correctly.
AT_CHECK([ovs-ofctl -O OpenFlow13 add-flow br0 mpls,actions=set_field:10-\>mpls_label])
AT_CHECK([ovs-ofctl -O OpenFlow10 dump-flows br0 | ofctl_strip], [0], [dnl
NXST_FLOW reply:
mpls actions=load:0xa->OXM_OF_MPLS_LABEL[[]]
])
2022-12-19 17:13:50 +01:00
AT_CHECK([echo 'mpls actions=set_field:10->mpls_label' | test-ofparse.py])
AT_CHECK([echo 'mpls actions=load:0xa->OXM_OF_MPLS_LABEL[[]]'| test-ofparse.py])
2014-12-04 14:31:56 -08:00
OVS_VSWITCHD_STOP
AT_CLEANUP
2016-07-13 15:53:20 -07:00
AT_SETUP([enqueue action for OF1.1+])
AT_KEYWORDS([ofp-actions])
OVS_VSWITCHD_START
dnl OpenFlow 1.0 has an "enqueue" action. For OpenFlow 1.1+, we translate
dnl it to a series of actions that accomplish the same thing.
AT_CHECK([ovs-ofctl -O OpenFlow10 add-flow br0 'actions=enqueue(123,456)'])
2022-12-19 17:13:50 +01:00
AT_CHECK([echo 'actions=enqueue(123,456)' | test-ofparse.py])
2016-07-13 15:53:20 -07:00
AT_CHECK([ovs-ofctl -O OpenFlow10 dump-flows br0 | ofctl_strip], [0], [dnl
NXST_FLOW reply:
actions=enqueue:123:456
])
2022-12-19 17:13:50 +01:00
AT_CHECK([echo 'actions=enqueue:123:456' | test-ofparse.py])
2016-07-13 15:53:20 -07:00
AT_CHECK([ovs-ofctl -O OpenFlow13 dump-flows br0 | ofctl_strip], [0], [dnl
OFPST_FLOW reply (OF1.3):
reset_counts actions=set_queue:456,output:123,pop_queue
])
2022-12-19 17:13:50 +01:00
AT_CHECK([echo 'actions=set_queue:456,output:123,pop_queue' | test-ofparse.py])
2016-07-13 15:53:20 -07:00
OVS_VSWITCHD_STOP
AT_CLEANUP
2016-07-13 16:50:33 -07:00
2016-07-13 16:41:00 -07:00
AT_SETUP([mod_nw_ttl action for OF1.0])
AT_KEYWORDS([ofp-actions])
OVS_VSWITCHD_START
dnl OpenFlow 1.1+ have a mod_nw_ttl action. For OpenFlow 1.0, we translate
dnl it to an Open vSwitch extension.
AT_CHECK([ovs-ofctl -O OpenFlow11 add-flow br0 'ip,actions=mod_nw_ttl:123'])
AT_CHECK([ovs-ofctl -O OpenFlow10 dump-flows br0 | ofctl_strip], [0], [dnl
NXST_FLOW reply:
ip actions=load:0x7b->NXM_NX_IP_TTL[[]]
])
AT_CHECK([ovs-ofctl -O OpenFlow11 dump-flows br0 | ofctl_strip], [0], [dnl
OFPST_FLOW reply (OF1.1):
ip actions=mod_nw_ttl:123
])
2022-12-19 17:13:50 +01:00
AT_CHECK([echo 'ip,actions=mod_nw_ttl:123' | test-ofparse.py])
AT_CHECK([echo 'ip actions=load:0x7b->NXM_NX_IP_TTL[[]]' | test-ofparse.py])
2016-07-13 16:41:00 -07:00
OVS_VSWITCHD_STOP
AT_CLEANUP
2016-07-13 16:50:33 -07:00
AT_SETUP([mod_nw_ecn action translation])
AT_KEYWORDS([ofp-actions])
OVS_VSWITCHD_START
dnl OpenFlow 1.1, but no other version, has a "mod_nw_ecn" action.
dnl Check that we translate it properly for OF1.0 and OF1.2.
dnl (OF1.3+ should be the same as OF1.2.)
AT_CHECK([ovs-ofctl -O OpenFlow11 add-flow br0 'ip,actions=mod_nw_ecn:2'])
2022-12-19 17:13:50 +01:00
AT_CHECK([echo 'ip,actions=mod_nw_ecn:2' | test-ofparse.py])
2016-07-13 16:50:33 -07:00
AT_CHECK([ovs-ofctl -O OpenFlow10 dump-flows br0 | ofctl_strip], [0], [dnl
NXST_FLOW reply:
ip actions=load:0x2->NXM_NX_IP_ECN[[]]
])
2022-12-19 17:13:50 +01:00
AT_CHECK([echo 'ip actions=load:0x2->NXM_NX_IP_ECN[[]]' | test-ofparse.py])
2016-07-13 16:50:33 -07:00
AT_CHECK([ovs-ofctl -O OpenFlow11 dump-flows br0 | ofctl_strip], [0], [dnl
OFPST_FLOW reply (OF1.1):
ip actions=mod_nw_ecn:2
])
AT_CHECK([ovs-ofctl -O OpenFlow12 dump-flows br0 | ofctl_strip], [0], [dnl
OFPST_FLOW reply (OF1.2):
ip actions=set_field:2->nw_ecn
])
2022-12-19 17:13:50 +01:00
AT_CHECK([echo 'ip actions=set_field:2->nw_ecn' | test-ofparse.py])
2016-07-13 16:50:33 -07:00
dnl Check that OF1.2+ set_field to set ECN is translated into the OF1.1
dnl mod_nw_ecn action.
dnl
dnl We don't do anything equivalent for OF1.0 reg_load because we prefer
dnl that anything that comes in as reg_load gets translated back to reg_load
dnl on output. Perhaps this is somewhat inconsistent but it's what OVS
dnl has done for multiple versions.
AT_CHECK([ovs-ofctl del-flows br0])
AT_CHECK([ovs-ofctl -O OpenFlow12 add-flow br0 'ip,actions=set_field:2->ip_ecn'])
AT_CHECK([ovs-ofctl -O OpenFlow11 dump-flows br0 | ofctl_strip], [0], [dnl
OFPST_FLOW reply (OF1.1):
ip actions=mod_nw_ecn:2
])
2017-02-21 14:22:53 -05:00
dnl Check that OF1.2+ set_field to set ECN is translated for earlier OF
dnl versions.
AT_CHECK([ovs-ofctl del-flows br0])
AT_CHECK([ovs-ofctl -O OpenFlow10 add-flow br0 'ip,actions=set_field:2->ip_ecn'])
AT_CHECK([ovs-ofctl del-flows br0])
AT_CHECK([ovs-ofctl -O OpenFlow11 add-flow br0 'ip,actions=set_field:2->ip_ecn'])
2016-07-13 16:50:33 -07:00
OVS_VSWITCHD_STOP
AT_CLEANUP
2016-07-13 16:41:00 -07:00
2019-04-30 15:30:41 -07:00
AT_SETUP([action parsing errors])
bad_action () {
AT_CHECK_UNQUOTED([ovs-ofctl parse-flow "actions=$1"], [1], [],
[ovs-ofctl: $2
])
}
# output
bad_action 'output(port=xyzzy,max_len=5)' \
"output to unknown truncate port: xyzzy"
bad_action 'output(port=all,max_len=64)' \
"output to unsupported truncate port: all"
bad_action 'output(port=local,max_len=64,foo=bar)' \
"invalid key 'foo' in output_trunc argument"
bad_action 'output(port=local,max_len=5)' \
"max_len 5 is less than the minimum value 14"
# controller
bad_action 'controller(reason=asdf)' 'unknown reason "asdf"'
bad_action 'controller(foo=bar)' 'unknown key "foo" parsing controller action'
bad_action 'controller(userdata=123x456)' \
'bad hex digit in `controller'\'' action `userdata'\'
# enqueue
bad_action 'enqueue:123' \
'"enqueue" syntax is "enqueue:PORT:QUEUE" or "enqueue(PORT,QUEUE)"'
bad_action 'enqueue:asdf:123' 'asdf: enqueue to unknown port'
# bundle
bad_action 'bundle:123' '123: not enough arguments to bundle action'
bad_action 'bundle(symmetric_l4,60,hrw,ofport,ports:1,2,3,4,5)' \
2020-06-17 14:16:08 -07:00
"symmetric_l4,60,hrw,ofport,ports:1,2,3,4,5: missing member delimiter, expected \`members', got \`ports'"
bad_action 'bundle(symmetric_l4,60,hrw,ofport,members:xyzzy,2,3,4,5)' \
2019-04-30 15:30:41 -07:00
'xyzzy: bad port number'
2020-06-17 14:16:08 -07:00
bad_action 'bundle(asymmetric_l4,60,hrw,ofport,members:1,2,3,4,5)' \
"asymmetric_l4,60,hrw,ofport,members:1,2,3,4,5: unknown fields \`asymmetric_l4'"
bad_action 'bundle(symmetric_l4,60,hrt,ofport,members:1,2,3,4,5)' \
"symmetric_l4,60,hrt,ofport,members:1,2,3,4,5: unknown algorithm \`hrt'"
bad_action 'bundle(symmetric_l4,60,hrw,odpport,members:1,2,3,4,5)' \
"symmetric_l4,60,hrw,odpport,members:1,2,3,4,5: unknown member_type \`odpport'"
bad_action 'bundle_load(symmetric_l4,60,hrw,ofport,actset_output,members:1,2,3,4,5)' \
"symmetric_l4,60,hrw,ofport,actset_output,members:1,2,3,4,5: experimenter OXM field 'actset_output' not supported"
2019-04-30 15:30:41 -07:00
# mod_vlan_vid
bad_action 'mod_vlan_vid:6000' '6000: not a valid VLAN VID'
# mod_vlan_pcp
bad_action 'mod_vlan_pcp:8' '8: not a valid VLAN PCP'
# push_vlan
bad_action 'push_vlan(0x1234)' '0x1234: not a valid VLAN ethertype'
# mod_nw_tos
bad_action 'mod_nw_tos(1)' '1: not a valid TOS'
# mod_nw_ecn
bad_action 'mod_nw_ecn(5)' '5: not a valid ECN'
# set_field
bad_action 'set_field:1' "1: missing \`->'"
bad_action 'set_field:1->' "1->: missing field name following \`->'"
bad_action 'set_field:1->x' 'x is not a valid OXM field name'
bad_action 'set_field:1->eth_type' 'eth_type is read-only'
bad_action 'set_field:1->eth_src' '1: invalid Ethernet address'
bad_action 'set_field:0xffff->ip_dscp' '0xffff: value too large for 1-byte field ip_dscp'
bad_action 'set_field:0xff->ip_dscp' '0xff is not a valid value for field ip_dscp'
# reg_load
bad_action 'load:xyzzy->eth_src' 'xyzzy->eth_src: cannot parse integer value'
bad_action 'load:0xff->eth_src[[1..5]]' '0xff->eth_src[[1..5]]: value 00:00:00:00:00:ff does not fit into 5 bits'
# push/pop
bad_action 'push(eth_dst[[]]x)' 'x: trailing garbage following push or pop'
# dec_ttl
bad_action 'dec_ttl(,)' 'dec_ttl_cnt_ids: expected at least one controller id.'
# set_mpls_label
bad_action 'set_mpls_label' 'set_mpls_label: expected label.'
2021-05-18 09:50:27 +02:00
# set_mpls_label oversized
bad_action 'set_mpls_label(0x100000)' '0x100000: not a valid MPLS label'
2019-04-30 15:30:41 -07:00
# set_mpls_tc
bad_action 'set_mpls_tc' 'set_mpls_tc: expected tc.'
2021-05-18 09:50:27 +02:00
# set_mpls_tc oversized
bad_action 'set_mpls_tc(8)' '8: not a valid MPLS TC'
2019-04-30 15:30:41 -07:00
# set_mpls_ttl
bad_action 'set_mpls_ttl' 'set_mpls_ttl: expected ttl.'
2021-05-18 09:50:27 +02:00
# set_mpls_ttl oversized
bad_action 'set_mpls_ttl(256)' 'invalid MPLS TTL "256"'
2019-04-30 15:30:41 -07:00
# fin_timeout
bad_action 'fin_timeout(foo=bar)' "invalid key 'foo' in 'fin_timeout' argument"
# encap
bad_action 'encap(,)' 'Missing encap hdr: ,'
bad_action 'encap(x(y))' 'Encap hdr not supported: y'
bad_action 'encap(nsh(type=1))' 'Invalid property: type'
bad_action 'encap(nsh(md_type))' 'Value missing for encap property'
bad_action 'encap(nsh(md_type=3))' 'invalid md_type'
bad_action 'encap(nsh(tlv(,,)))' 'Invalid NSH TLV header: ,,'
# decap
bad_action 'decap(packet_type(x))' 'Missing packet_type attribute ns'
bad_action 'decap(packet_type(ns=99))' 'Unsupported ns value: 99'
bad_action 'decap(packet_type(ns=0))' 'Missing packet_type attribute type'
bad_action 'decap(foo=bar)' 'Invalid decap argument: foo'
# resubmit
bad_action 'resubmit(asdf)' 'asdf: resubmit to unknown port'
bad_action 'resubmit(,asdf)' 'asdf: resubmit to unknown table'
bad_action 'resubmit(1,2,xyzzy)' 'xyzzy: unknown parameter'
bad_action 'resubmit(in_port,255)' 'at least one "in_port" or "table" must be specified on resubmit'
# learn
bad_action 'learn(load:123->actset_output)' \
"123->actset_output: experimenter OXM field 'actset_output' not supported"
bad_action 'learn(load:1234->eth_dst[[0..5]])' \
'1234->eth_dst[[0..5]]: value does not fit into 6 bits'
bad_action 'learn(actset_output=0x1000)' \
"actset_output=0x1000: experimenter OXM field 'actset_output' not supported"
bad_action 'learn(eth_type[[5]]=xyzzy)' \
"eth_type[[5]]=xyzzy: eth_type[[5]] value xyzzy cannot be parsed as a subfield (xyzzy: unknown field \`xyzzy') or an immediate value (eth_type[[5]]=xyzzy: cannot parse integer value)"
bad_action 'learn(eth_type[[0]]=eth_type[[1..2]])' \
'eth_type[[0]]=eth_type[[1..2]]: bit widths of eth_type[[0]] (2) and eth_type[[1..2]] (1) differ'
bad_action 'learn(load:->)' "load: missing source before \`->' in \`->'"
bad_action 'learn(load:x)' "load: missing \`->' in \`x'"
bad_action 'learn(load:1x->foo)' "load: garbage before \`->' in \`1x->foo'"
bad_action 'learn(foo)' 'foo: unknown keyword foo'
bad_action 'learn(table=foo)' 'unknown table "foo"'
bad_action 'learn(table=255)' "table=255: table id 255 not valid for \`learn' action"
bad_action 'learn(result_dst=tcp_flags)' 'tcp_flags is read-only'
bad_action 'learn(result_dst=eth_dst)' "result_dst in 'learn' action must be a single bit"
# conjunction
bad_action 'conjunction(1, 1/1)' 'conjunction must have at least 2 clauses'
bad_action 'conjunction(1, 1/65)' 'conjunction must have at most 64 clauses'
bad_action 'conjunction(1, 0/2)' 'clause index must be positive'
bad_action 'conjunction(1, 3/2)' \
'clause index must be less than or equal to number of clauses'
# multipath
bad_action 'multipath(1,2,3,4)' \
'1,2,3,4: not enough arguments to multipath action'
bad_action 'multipath(xyzzy,50,modulo_n,1,0,NXM_NX_REG0[[]])' \
"xyzzy,50,modulo_n,1,0,NXM_NX_REG0[[]]: unknown fields \`xyzzy'"
bad_action 'multipath(eth_src,50,fubar,1,0,NXM_NX_REG0[[]])' \
"eth_src,50,fubar,1,0,NXM_NX_REG0[[]]: unknown algorithm \`fubar'"
bad_action 'multipath(eth_src,50,modulo_n,0,0,NXM_NX_REG0[[]])' \
"eth_src,50,modulo_n,0,0,NXM_NX_REG0[[]]: n_links 0 is not in valid range 1 to 65536"
bad_action 'multipath(eth_src,50,modulo_n,1024,0,actset_output)' \
"eth_src,50,modulo_n,1024,0,actset_output: experimenter OXM field 'actset_output' not supported"
bad_action 'multipath(eth_src,50,modulo_n,1024,0,NXM_NX_REG0[[0..7]])' \
"eth_src,50,modulo_n,1024,0,NXM_NX_REG0[[0..7]]: 8-bit destination field has 256 possible values, less than specified n_links 1024"
# note
bad_action 'note:x' "bad hex digit in \`note' argument"
# unroll_xlate
bad_action 'unroll_xlate' "UNROLL is an internal action that shouldn't be used via OpenFlow"
# sample
bad_action 'sample(probability=0)' 'invalid probability value "0"'
bad_action 'sample(sampling_port=asdf)' 'asdf: unknown port'
2024-07-16 12:48:06 +02:00
bad_action 'sample(probability=12345,obs_domain_id=NXM_NX_CT_LABEL[[5..40]])' \
'size of obs_domain_id field (36) exceeds maximum (32)'
2024-07-13 23:23:47 +02:00
bad_action 'sample(probability=12345,obs_point_id=NXM_NX_CT_LABEL[[0..32]])' \
'size of obs_point_id field (33) exceeds maximum (32)'
2019-04-30 15:30:41 -07:00
bad_action 'sample(foo=bar)' 'invalid key "foo" in "sample" argument'
bad_action 'sample' 'non-zero "probability" must be specified on sample'
# ct
bad_action 'ct(table=asdf)' 'unknown table asdf'
bad_action 'ct(table=255)' 'invalid table 0xff'
bad_action 'ct(foo=bar)' 'invalid argument to "ct" action: `foo'\'
bad_action 'ct(force)' '"force" flag requires "commit" flag.'
# nat
bad_action 'nat(src=1.2.3.4x)' 'garbage (x) after nat range "1.2.3.4x" (pos: 7)'
bad_action 'nat(src=1.2.3.4-0.1.2.3)' 'invalid nat range "1.2.3.4-0.1.2.3"'
bad_action 'nat(foo=bar)' 'invalid key "foo" in "nat" argument'
bad_action 'nat(src=1.2.3.4,dst=2.3.4.5)' 'May only specify one of "src" or "dst".'
bad_action 'nat(persistent)' 'Flags allowed only with "src" or "dst".'
bad_action 'nat(src=1.2.3.4,hash,random)' 'Both "hash" and "random" are not allowed.'
# check_pkt_larger
bad_action 'check_pkt_larger(1500)->reg0' \
'Only 1-bit destination field is allowed'
# goto_table
bad_action 'goto_table:asdf' 'unknown table "asdf"'
# nested actions
bad_action 'set_field:1234->ct_mark' \
"cannot set CT fields outside of ct action"
bad_action 'nat' 'Cannot have NAT action outside of "ct" action'
bad_action 'ct(commit,exec(push_vlan(0x8100)))' \
"ct action doesn't support nested action push_vlan"
bad_action 'ct(commit,exec(set_field:12:34:56:78:9a:bc->eth_dst))' \
"ct action doesn't support nested modification of eth_dst"
bad_action 'conjunction(1, 2/3),ct_clear' \
'"conjunction" actions may be used along with "note" but not any other kind of action (such as the "ct_clear" action used here)'
# instructions
bad_action 'goto_table:5,goto_table:5' \
'duplicate goto_table instruction not allowed, for OpenFlow 1.1+ compatibility'
bad_action 'goto_table:5,clone()' \
'invalid instruction ordering: apply_actions must appear before goto_table, for OpenFlow 1.1+ compatibility'
AT_CHECK([ovs-ofctl parse-group 'group_id=1,type=select,bucket=actions=clear_actions'], [1], [],
[ovs-ofctl: clear_actions instruction not allowed here
])
# ofpacts_parse__()
bad_action 'apply_actions' 'apply_actions is the default instruction'
bad_action 'xyzzy' 'unknown action xyzzy'
bad_action 'drop,3' '"drop" must not be accompanied by any other action or instruction'
2021-06-16 22:34:48 +02:00
# Too many actions
writes=$(printf 'write_actions(%.0s' $(seq 100))
bad_action "${writes}" 'Action nested too deeply'
outputs=$(printf '1,%.0s' $(seq 4096))
bad_action "${outputs}" 'input too big'
2019-04-30 15:30:41 -07:00
AT_CLEANUP
