2012-07-03 22:17:14 -07:00
|
|
|
AT_BANNER([OpenFlow actions])
|
|
|
|
|
|
|
|
|
|
AT_SETUP([OpenFlow 1.0 action translation])
|
2012-10-19 02:37:37 +09:00
|
|
|
AT_KEYWORDS([ofp-actions OF1.0])
|
2012-07-03 22:17:14 -07:00
|
|
|
AT_DATA([test-data], [dnl
|
|
|
|
|
# actions=LOCAL
|
|
|
|
|
0000 0008 fffe 04d2
|
|
|
|
|
|
|
|
|
|
# actions=CONTROLLER:1234
|
|
|
|
|
0000 0008 fffd 04d2
|
|
|
|
|
|
|
|
|
|
# actions=mod_vlan_vid:9
|
|
|
|
|
0001 0008 0009 0000
|
|
|
|
|
|
|
|
|
|
# actions=mod_vlan_pcp:6
|
|
|
|
|
0002 0008 06 000000
|
|
|
|
|
|
|
|
|
|
# actions=strip_vlan
|
|
|
|
|
0003 0008 00000000
|
|
|
|
|
|
|
|
|
|
# actions=mod_dl_src:00:11:22:33:44:55
|
|
|
|
|
0004 0010 001122334455 000000000000
|
|
|
|
|
|
|
|
|
|
# actions=mod_dl_dst:10:20:30:40:50:60
|
|
|
|
|
0005 0010 102030405060 000000000000
|
|
|
|
|
|
|
|
|
|
# actions=mod_nw_src:1.2.3.4
|
|
|
|
|
0006 0008 01020304
|
|
|
|
|
|
|
|
|
|
# actions=mod_nw_dst:192.168.0.1
|
|
|
|
|
0007 0008 c0a80001
|
|
|
|
|
|
|
|
|
|
# actions=mod_nw_tos:48
|
|
|
|
|
0008 0008 30 000000
|
|
|
|
|
|
|
|
|
|
# actions=mod_tp_src:80
|
|
|
|
|
0009 0008 0050 0000
|
|
|
|
|
|
|
|
|
|
# actions=mod_tp_dst:443
|
|
|
|
|
000a 0008 01bb 0000
|
|
|
|
|
|
2013-05-06 10:55:06 -07:00
|
|
|
# actions=enqueue:10:55
|
2012-07-03 22:17:14 -07:00
|
|
|
000b 0010 000a 000000000000 00000037
|
|
|
|
|
|
|
|
|
|
# actions=resubmit:5
|
|
|
|
|
ffff 0010 00002320 0001 0005 00000000
|
|
|
|
|
|
|
|
|
|
# actions=set_tunnel:0x12345678
|
|
|
|
|
ffff 0010 00002320 0002 0000 12345678
|
|
|
|
|
|
|
|
|
|
# actions=set_queue:2309737729
|
|
|
|
|
ffff 0010 00002320 0004 0000 89abcd01
|
|
|
|
|
|
|
|
|
|
# actions=pop_queue
|
|
|
|
|
ffff 0010 00002320 0005 000000000000
|
|
|
|
|
|
|
|
|
|
# actions=move:NXM_OF_IN_PORT[]->NXM_OF_VLAN_TCI[]
|
|
|
|
|
ffff 0018 00002320 0006 0010 0000 0000 00000002 00000802
|
|
|
|
|
|
|
|
|
|
# actions=load:0xf009->NXM_OF_VLAN_TCI[]
|
|
|
|
|
ffff 0018 00002320 0007 000f 00000802 000000000000f009
|
|
|
|
|
|
|
|
|
|
# actions=note:11.e9.9a.ad.67.f3
|
|
|
|
|
ffff 0010 00002320 0008 11e99aad67f3
|
|
|
|
|
|
|
|
|
|
# actions=set_tunnel64:0xc426384d49c53d60
|
|
|
|
|
ffff 0018 00002320 0009 000000000000 c426384d49c53d60
|
|
|
|
|
|
|
|
|
|
# actions=set_tunnel64:0x885f3298
|
|
|
|
|
ffff 0018 00002320 0009 000000000000 00000000885f3298
|
|
|
|
|
|
2014-08-07 16:03:42 -07:00
|
|
|
# bad OpenFlow10 actions: OFPBIC_UNSUP_INST
|
2014-08-07 16:09:07 -07:00
|
|
|
& ofp_actions|WARN|write_metadata instruction not allowed here
|
2012-10-19 02:37:37 +09:00
|
|
|
ffff 0020 00002320 0016 000000000000 fedcba9876543210 ffffffffffffffff
|
|
|
|
|
|
2014-08-07 16:03:42 -07:00
|
|
|
# bad OpenFlow10 actions: OFPBIC_UNSUP_INST
|
2014-08-07 16:09:07 -07:00
|
|
|
& ofp_actions|WARN|write_metadata instruction not allowed here
|
2012-10-19 02:37:37 +09:00
|
|
|
ffff 0020 00002320 0016 000000000000 fedcba9876543210 ffff0000ffff0000
|
|
|
|
|
|
2012-07-03 22:17:14 -07:00
|
|
|
# actions=multipath(eth_src,50,modulo_n,1,0,NXM_NX_REG0[])
|
|
|
|
|
ffff 0020 00002320 000a 0000 0032 0000 0000 0000 0000 0000 0000 001f 00010004
|
|
|
|
|
|
|
|
|
|
# actions=bundle(eth_src,0,hrw,ofport,slaves:4,8)
|
|
|
|
|
ffff 0028 00002320 000c 0001 0000 0000 00000002 0002 0000 00000000 00000000 dnl
|
|
|
|
|
0004 0008 00000000
|
|
|
|
|
|
|
|
|
|
# actions=bundle_load(eth_src,0,hrw,ofport,NXM_NX_REG0[],slaves:4,8)
|
|
|
|
|
ffff 0028 00002320 000d 0001 0000 0000 00000002 0002 001f 00010004 00000000 dnl
|
|
|
|
|
0004 0008 00000000
|
|
|
|
|
|
|
|
|
|
# actions=resubmit(10,5)
|
|
|
|
|
ffff 0010 00002320 000e 000a 05 000000
|
|
|
|
|
|
2017-03-08 17:18:23 -08:00
|
|
|
# actions=resubmit(10,5,ct)
|
|
|
|
|
ffff 0010 00002320 002c 000a 05 000000
|
|
|
|
|
|
2012-07-03 22:17:14 -07:00
|
|
|
# actions=output:NXM_NX_REG1[5..10]
|
|
|
|
|
ffff 0018 00002320 000f 0145 00010204 ffff 000000000000
|
|
|
|
|
|
|
|
|
|
# actions=learn(table=2,idle_timeout=10,hard_timeout=20,fin_idle_timeout=2,fin_hard_timeout=4,priority=80,cookie=0x123456789abcdef0,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],output:NXM_OF_IN_PORT[])
|
|
|
|
|
ffff 0048 00002320 0010 000a 0014 0050 123456789abcdef0 0000 02 00 0002 0004 dnl
|
|
|
|
|
000c 00000802 0000 00000802 0000 dnl
|
|
|
|
|
0030 00000406 0000 00000206 0000 dnl
|
|
|
|
|
1010 00000002 0000 dnl
|
|
|
|
|
00000000
|
|
|
|
|
|
|
|
|
|
# actions=exit
|
|
|
|
|
ffff 0010 00002320 0011 000000000000
|
|
|
|
|
|
|
|
|
|
# actions=dec_ttl
|
|
|
|
|
ffff 0010 00002320 0012 000000000000
|
|
|
|
|
|
|
|
|
|
# actions=fin_timeout(idle_timeout=10,hard_timeout=20)
|
|
|
|
|
ffff 0010 00002320 0013 000a 0014 0000
|
|
|
|
|
|
|
|
|
|
# actions=controller(reason=invalid_ttl,max_len=1234,id=5678)
|
|
|
|
|
ffff 0010 00002320 0014 04d2 162e 02 00
|
|
|
|
|
|
Implement serializing the state of packet traversal in "continuations".
One purpose of OpenFlow packet-in messages is to allow a controller to
interpose on the path of a packet through the flow tables. If, for
example, the controller needs to modify a packet in some way that the
switch doesn't directly support, the controller should be able to
program the switch to send it the packet, then modify the packet and
send it back to the switch to continue through the flow table.
That's the theory. In practice, this doesn't work with any but the
simplest flow tables. Packet-in messages simply don't include enough
context to allow the flow table traversal to continue. For example:
* Via "resubmit" actions, an Open vSwitch packet can have an
effective "call stack", but a packet-in can't describe it, and
so it would be lost.
* A packet-in can't preserve the stack used by NXAST_PUSH and
NXAST_POP actions.
* A packet-in can't preserve the OpenFlow 1.1+ action set.
* A packet-in can't preserve the state of Open vSwitch mirroring
or connection tracking.
This commit introduces a solution called "continuations". A continuation
is the state of a packet's traversal through OpenFlow flow tables. A
"controller" action with the "pause" flag, which is newly implemented in
this commit, generates a continuation and sends it to the OpenFlow
controller in a packet-in asynchronous message (only NXT_PACKET_IN2
supports continuations, so the controller must configure them with
NXT_SET_PACKET_IN_FORMAT). The controller processes the packet-in,
possibly modifying some of its data, and sends it back to the switch with
an NXT_RESUME request, which causes flow table traversal to continue. In
principle, a single packet can be paused and resumed multiple times.
Another way to look at it is:
- "pause" is an extension of the existing OFPAT_CONTROLLER
action. It sends the packet to the controller, with full
pipeline context (some of which is switch implementation
dependent, and may thus vary from switch to switch).
- A continuation is an extension of OFPT_PACKET_IN, allowing for
implementation dependent metadata.
- NXT_RESUME is an extension of OFPT_PACKET_OUT, with the
semantics that the pipeline processing is continued with the
original translation context from where it was left at the time
it was paused.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>
2016-02-19 16:10:06 -08:00
|
|
|
# actions=controller(reason=invalid_ttl,max_len=1234,id=5678,userdata=01.02.03.04.05,pause)
|
|
|
|
|
ffff 0040 00002320 0025 000000000000 dnl
|
2016-02-19 15:53:26 -08:00
|
|
|
0000 0008 04d2 0000 dnl
|
|
|
|
|
0001 0008 162e 0000 dnl
|
|
|
|
|
0002 0005 02 000000 dnl
|
Implement serializing the state of packet traversal in "continuations".
One purpose of OpenFlow packet-in messages is to allow a controller to
interpose on the path of a packet through the flow tables. If, for
example, the controller needs to modify a packet in some way that the
switch doesn't directly support, the controller should be able to
program the switch to send it the packet, then modify the packet and
send it back to the switch to continue through the flow table.
That's the theory. In practice, this doesn't work with any but the
simplest flow tables. Packet-in messages simply don't include enough
context to allow the flow table traversal to continue. For example:
* Via "resubmit" actions, an Open vSwitch packet can have an
effective "call stack", but a packet-in can't describe it, and
so it would be lost.
* A packet-in can't preserve the stack used by NXAST_PUSH and
NXAST_POP actions.
* A packet-in can't preserve the OpenFlow 1.1+ action set.
* A packet-in can't preserve the state of Open vSwitch mirroring
or connection tracking.
This commit introduces a solution called "continuations". A continuation
is the state of a packet's traversal through OpenFlow flow tables. A
"controller" action with the "pause" flag, which is newly implemented in
this commit, generates a continuation and sends it to the OpenFlow
controller in a packet-in asynchronous message (only NXT_PACKET_IN2
supports continuations, so the controller must configure them with
NXT_SET_PACKET_IN_FORMAT). The controller processes the packet-in,
possibly modifying some of its data, and sends it back to the switch with
an NXT_RESUME request, which causes flow table traversal to continue. In
principle, a single packet can be paused and resumed multiple times.
Another way to look at it is:
- "pause" is an extension of the existing OFPAT_CONTROLLER
action. It sends the packet to the controller, with full
pipeline context (some of which is switch implementation
dependent, and may thus vary from switch to switch).
- A continuation is an extension of OFPT_PACKET_IN, allowing for
implementation dependent metadata.
- NXT_RESUME is an extension of OFPT_PACKET_OUT, with the
semantics that the pipeline processing is continued with the
original translation context from where it was left at the time
it was paused.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>
2016-02-19 16:10:06 -08:00
|
|
|
0003 0009 0102030405 00000000000000 dnl
|
|
|
|
|
0004 0004 00000000
|
2016-02-19 15:53:26 -08:00
|
|
|
|
2012-08-16 14:25:07 -07:00
|
|
|
# actions=dec_ttl(32768,12345,90,765,1024)
|
|
|
|
|
ffff 0020 00002320 0015 000500000000 80003039005A02fd 0400000000000000
|
|
|
|
|
|
2013-04-22 10:01:14 -07:00
|
|
|
# actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678)
|
|
|
|
|
ffff 0018 00002320 001d 3039 00005BA0 00008707 0000B26E
|
|
|
|
|
|
ipfix: Support tunnel information for Flow IPFIX.
Add support to export tunnel information for flow-based IPFIX.
The original steps to configure flow level IPFIX:
1) Create a new record in Flow_Sample_Collector_Set table:
'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
2) Add IPFIX configuration which is referred by corresponding
row in Flow_Sample_Collector_Set table:
'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX
targets=\"IP:4739\" obs_domain_id=123 obs_point_id=456
cache_active_timeout=60 cache_max_flows=13'
3) Add sample action to the flows:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,
obs_domain_id=123,obs_point_id=456')',output:3'
NXAST_SAMPLE action was used in step 3. In order to support exporting tunnel
information, the NXAST_SAMPLE2 action was added and with NXAST_SAMPLE2 action
in this patch, the step 3 should be configured like below:
'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
'sampling_port' can be equal to ingress port or one of egress ports. If sampling
port is equal to output port and the output port is a tunnel port,
OVS_USERSPACE_ATTR_EGRESS_TUN_PORT will be set in the datapath flow sample action.
When flow sample action upcall happens, tunnel information will be retrieved from
the datapath and then IPFIX can export egress tunnel port information. If
samping_port=65535 (OFPP_NONE), flow-based IPFIX will keep the same behavior
as before.
This patch mainly do three tasks:
1) Add a new flow sample action NXAST_SAMPLE2 to support exporting
tunnel information. NXAST_SAMPLE2 action has a new added field
'sampling_port'.
2) Use 'other_configure: enable-tunnel-sampling' to enable or disable
exporting tunnel information.
3) If 'sampling_port' is equal to output port and output port is a tunnel
port, the translation of OpenFlow "sample" action should first emit
set(tunnel(...)), then the sample action itself. It makes sure the
egress tunnel information can be sampled.
4) Add a test of flow-based IPFIX for tunnel set.
How to test flow-based IPFIX:
1) Setup a test environment with two Linux host with Docker supported
2) Create a Docker container and a GRE tunnel port on each host
3) Use ovs-docker to add the container on the bridge
4) Listen on port 4739 on the collector machine and use wireshark to filter
'cflow' packets.
5) Configure flow-based IPFIX:
- 'ovs-vsctl -- create Flow_Sample_Collector_Set id=1 bridge="Bridge UUID"'
- 'ovs-vsctl -- set Flow_Sample_Collector_Set
"Flow_Sample_Collector_Set UUID" ipfix=@i -- --id=@i create IPFIX \
targets=\"IP:4739\" cache_active_timeout=60 cache_max_flows=13 \
other_config:enable-tunnel-sampling=true'
- 'ovs-ofctl add-flow mybridge in_port=1,
actions=sample'('probability=65535,collector_set_id=1,obs_domain_id=123,
obs_point_id=456,sampling_port=3')',output:3'
Note: The in-port is container port. The output port and sampling_port
are both open flow port and the output port is a GRE tunnel port.
6) Ping from the container whose host enabled flow-based IPFIX.
7) Get the IPFIX template pakcets and IPFIX information packets.
Signed-off-by: Benli Ye <daniely@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
2016-06-14 16:53:34 +08:00
|
|
|
# actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678,sampling_port=56789)
|
|
|
|
|
ffff 0020 00002320 0026 3039 00005BA0 00008707 0000B26E DDD50000 00000000
|
|
|
|
|
|
2016-11-23 23:15:19 -08:00
|
|
|
# actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678,sampling_port=56789,egress)
|
|
|
|
|
ffff 0020 00002320 0029 3039 00005BA0 00008707 0000B26E DDD50200 00000000
|
|
|
|
|
|
2014-10-23 14:34:04 -07:00
|
|
|
# bad OpenFlow10 actions: OFPBAC_BAD_LEN
|
|
|
|
|
& ofp_actions|WARN|OpenFlow action OFPAT_OUTPUT length 240 exceeds action buffer length 8
|
|
|
|
|
& ofp_actions|WARN|bad action at offset 0 (OFPBAC_BAD_LEN):
|
|
|
|
|
& 00000000 00 00 00 f0 00 00 00 00-
|
|
|
|
|
00 00 00 f0 00 00 00 00
|
|
|
|
|
|
|
|
|
|
# bad OpenFlow10 actions: OFPBAC_BAD_LEN
|
|
|
|
|
& ofp_actions|WARN|OpenFlow action OFPAT_OUTPUT length 16 not in valid range [[8,8]]
|
|
|
|
|
& ofp_actions|WARN|bad action at offset 0 (OFPBAC_BAD_LEN):
|
|
|
|
|
& 00000000 00 00 00 10 ff fe ff ff-00 00 00 00 00 00 00 00
|
|
|
|
|
00 00 00 10 ff fe ff ff 00 00 00 00 00 00 00 00
|
|
|
|
|
|
|
|
|
|
# bad OpenFlow10 actions: OFPBAC_BAD_LEN
|
|
|
|
|
& ofp_actions|WARN|OpenFlow action NXAST_DEC_TTL_CNT_IDS length 17 is not a multiple of 8
|
|
|
|
|
ffff 0011 00002320 0015 0001 00000000 0000000000000000
|
|
|
|
|
|
2015-07-29 08:36:07 -07:00
|
|
|
# bad OpenFlow10 actions: OFPBAC_BAD_OUT_PORT
|
|
|
|
|
0000 0008 ffff 0000
|
|
|
|
|
|
Add support for connection tracking.
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
|
|
|
# actions=ct()
|
|
|
|
|
ffff 0018 00002320 0023 0000 00000000 0000 FF 000000 0000
|
|
|
|
|
|
|
|
|
|
# actions=ct(commit)
|
|
|
|
|
ffff 0018 00002320 0023 0001 00000000 0000 FF 000000 0000
|
|
|
|
|
|
2017-03-08 17:18:23 -08:00
|
|
|
# actions=ct(commit,force)
|
|
|
|
|
ffff 0018 00002320 0023 0003 00000000 0000 FF 000000 0000
|
|
|
|
|
|
|
|
|
|
# bad OpenFlow10 actions: OFPBAC_BAD_ARGUMENT
|
|
|
|
|
ffff 0018 00002320 0023 0002 00000000 0000 FF 000000 0000
|
|
|
|
|
|
Add support for connection tracking.
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-08-11 10:56:09 -07:00
|
|
|
# actions=ct(table=10)
|
|
|
|
|
ffff 0018 00002320 0023 0000 00000000 0000 0A 000000 0000
|
|
|
|
|
|
|
|
|
|
# actions=ct(zone=10)
|
|
|
|
|
ffff 0018 00002320 0023 0000 00000000 000A FF 000000 0000
|
|
|
|
|
|
|
|
|
|
# actions=ct(zone=NXM_NX_REG0[0..15])
|
|
|
|
|
ffff 0018 00002320 0023 0000 00010004 000F FF 000000 0000
|
|
|
|
|
|
|
|
|
|
dnl Can't read 8 bits from register into 16-bit zone.
|
|
|
|
|
# bad OpenFlow10 actions: OFPBAC_BAD_SET_LEN
|
|
|
|
|
ffff 0018 00002320 0023 0000 00010004 0007 FF 000000 0000
|
|
|
|
|
|
|
|
|
|
dnl Can't read 32 bits from register into 16-bit zone.
|
|
|
|
|
# bad OpenFlow10 actions: OFPBAC_BAD_SET_LEN
|
|
|
|
|
ffff 0018 00002320 0023 0000 00010004 001F FF 000000 0000
|
|
|
|
|
|
Add connection tracking mark support.
This patch adds a new 32-bit metadata field to the connection tracking
interface. When a mark is specified as part of the ct action and the
connection is committed, the value is saved with the current connection.
Subsequent ct lookups with the table specified will expose this metadata
as the "ct_mark" field in the flow.
For example, to allow new TCP connections from port 1->2 and only allow
established connections from port 2->1, and to associate a mark with those
connections:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2
table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1)
table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
|
|
|
# actions=ct(commit,exec(load:0xf009->NXM_NX_CT_MARK[]))
|
|
|
|
|
ffff 0030 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
|
|
|
|
|
ffff 0018 00002320 0007 001f 0001d604 000000000000f009
|
|
|
|
|
|
2017-03-08 17:18:23 -08:00
|
|
|
# actions=ct(commit,force,exec(load:0xf009->NXM_NX_CT_MARK[]))
|
|
|
|
|
ffff 0030 00002320 0023 0003 00000000 0000 FF 000000 0000 dnl
|
|
|
|
|
ffff 0018 00002320 0007 001f 0001d604 000000000000f009
|
|
|
|
|
|
Add connection tracking mark support.
This patch adds a new 32-bit metadata field to the connection tracking
interface. When a mark is specified as part of the ct action and the
connection is committed, the value is saved with the current connection.
Subsequent ct lookups with the table specified will expose this metadata
as the "ct_mark" field in the flow.
For example, to allow new TCP connections from port 1->2 and only allow
established connections from port 2->1, and to associate a mark with those
connections:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(commit,exec(set_field:1->ct_mark)),2
table=0,in_port=2,ct_state=-trk,tcp,action=ct(table=1)
table=1,in_port=2,ct_state=+trk,ct_mark=1,tcp,action=1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-18 13:58:00 -07:00
|
|
|
# bad OpenFlow10 actions: OFPBAC_BAD_SET_ARGUMENT
|
|
|
|
|
& ofp_actions|WARN|cannot set CT fields outside of ct action
|
|
|
|
|
ffff 0018 00002320 0007 001f 0001d604 000000000000f009
|
|
|
|
|
|
|
|
|
|
# bad OpenFlow10 actions: OFPBAC_BAD_SET_ARGUMENT
|
|
|
|
|
& meta_flow|WARN|destination field ct_zone is not writable
|
|
|
|
|
ffff 0030 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
|
|
|
|
|
ffff 0018 00002320 0007 000f 0001d504 000000000000f009
|
|
|
|
|
|
|
|
|
|
# bad OpenFlow10 actions: OFPBAC_BAD_ARGUMENT
|
|
|
|
|
& ofp_actions|WARN|ct action doesn't support nested action ct
|
|
|
|
|
ffff 0030 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
|
|
|
|
|
ffff 0018 00002320 0023 0000 00000000 0000 FF 000000 0000
|
|
|
|
|
|
|
|
|
|
# bad OpenFlow10 actions: OFPBAC_BAD_ARGUMENT
|
|
|
|
|
& ofp_actions|WARN|ct action doesn't support nested modification of reg0
|
|
|
|
|
ffff 0030 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
|
|
|
|
|
ffff 0018 00002320 0007 001f 00010004 000000000000f009
|
|
|
|
|
|
Add support for connection tracking helper/ALGs.
This patch adds support for specifying a "helper" or ALG to assist
connection tracking for protocols that consist of multiple streams.
Initially, only support for FTP is included.
Below is an example set of flows to allow FTP control connections from
port 1->2 to establish active data connections in the reverse direction:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,action=ct(alg=ftp,commit),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(table=1)
table=1,in_port=2,tcp,ct_state=+trk+est,action=1
table=1,in_port=2,tcp,ct_state=+trk+rel,action=ct(commit),1
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
2015-09-15 14:29:16 -07:00
|
|
|
# actions=ct(alg=ftp)
|
|
|
|
|
ffff 0018 00002320 0023 0000 00000000 0000 FF 000000 0015
|
|
|
|
|
|
2016-12-22 10:58:25 -08:00
|
|
|
# actions=ct(alg=tftp)
|
|
|
|
|
ffff 0018 00002320 0023 0000 00000000 0000 FF 000000 0045
|
|
|
|
|
|
2015-11-24 15:47:56 -08:00
|
|
|
# actions=ct(commit,nat(src))
|
|
|
|
|
ffff 0028 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
|
|
|
|
|
ffff 0010 00002320 0024 00 00 0001 0000
|
|
|
|
|
|
|
|
|
|
# actions=ct(commit,nat(dst))
|
|
|
|
|
ffff 0028 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
|
|
|
|
|
ffff 0010 00002320 0024 00 00 0002 0000
|
|
|
|
|
|
|
|
|
|
# actions=ct(nat)
|
|
|
|
|
ffff 0028 00002320 0023 0000 00000000 0000 FF 000000 0000 dnl
|
|
|
|
|
ffff 0010 00002320 0024 00 00 0000 0000
|
|
|
|
|
|
|
|
|
|
# actions=ct(commit,nat(src=10.0.0.240,random))
|
|
|
|
|
ffff 0030 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
|
|
|
|
|
ffff 0018 00002320 0024 00 00 0011 0001 0a0000f0 00000000
|
|
|
|
|
|
|
|
|
|
# actions=ct(commit,nat(src=10.0.0.240:32768-65535,random))
|
|
|
|
|
ffff 0030 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
|
|
|
|
|
ffff 0018 00002320 0024 00 00 0011 0031 0a0000f0 8000ffff
|
|
|
|
|
|
|
|
|
|
# actions=ct(commit,nat(dst=10.0.0.128-10.0.0.254,hash))
|
|
|
|
|
ffff 0030 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
|
|
|
|
|
ffff 0018 00002320 0024 00 00 000a 0003 0a000080 0a0000fe
|
|
|
|
|
|
|
|
|
|
# actions=ct(commit,nat(src=10.0.0.240-10.0.0.254:32768-65535,persistent))
|
|
|
|
|
ffff 0038 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
|
|
|
|
|
ffff 0020 00002320 0024 00 00 0005 0033 0a0000f0 0a0000fe 8000ffff 00000000
|
|
|
|
|
|
|
|
|
|
# actions=ct(commit,nat(src=fe80::20c:29ff:fe88:a18b,random))
|
|
|
|
|
ffff 0038 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
|
|
|
|
|
ffff 0020 00002320 0024 00 00 0011 0004 fe800000 00000000 020c 29ff fe88 a18b
|
|
|
|
|
|
|
|
|
|
# actions=ct(commit,nat(src=fe80::20c:29ff:fe88:1-fe80::20c:29ff:fe88:a18b,random))
|
|
|
|
|
ffff 0048 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
|
|
|
|
|
ffff 0030 00002320 0024 00 00 0011 000c fe800000 00000000 020c 29ff fe88 0001 fe800000 00000000 020c 29ff fe88 a18b
|
|
|
|
|
|
|
|
|
|
# actions=ct(commit,nat(src=[fe80::20c:29ff:fe88:1]-[fe80::20c:29ff:fe88:a18b]:255-4096,random))
|
|
|
|
|
ffff 0050 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
|
|
|
|
|
ffff 0038 00002320 0024 00 00 0011 003c dnl
|
|
|
|
|
fe800000 00000000 020c 29ff fe88 0001 dnl
|
|
|
|
|
fe800000 00000000 020c 29ff fe88 a18b dnl
|
|
|
|
|
00ff1000 00000000
|
|
|
|
|
|
2017-01-06 08:19:53 -08:00
|
|
|
# actions=ct_clear
|
|
|
|
|
ffff 0010 00002320 002b 000000000000
|
|
|
|
|
|
ofp-actions: Add truncate action.
The patch adds a new action to support packet truncation. The new action
is formatted as 'output(port=n,max_len=m)', as output to port n, with
packet size being MIN(original_size, m).
One use case is to enable port mirroring to send smaller packets to the
destination port so that only useful packet information is mirrored/copied,
saving some performance overhead of copying entire packet payload. Example
use case is below as well as shown in the testcases:
- Output to port 1 with max_len 100 bytes.
- The output packet size on port 1 will be MIN(original_packet_size, 100).
# ovs-ofctl add-flow br0 'actions=output(port=1,max_len=100)'
- The scope of max_len is limited to output action itself. The following
packet size of output:1 and output:2 will be intact.
# ovs-ofctl add-flow br0 \
'actions=output(port=1,max_len=100),output:1,output:2'
- The Datapath actions shows:
# Datapath actions: trunc(100),1,1,2
Tested-at: https://travis-ci.org/williamtu/ovs-travis/builds/140037134
Signed-off-by: William Tu <u9012063@gmail.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
2016-06-24 07:42:30 -07:00
|
|
|
# actions=output(port=1,max_len=100)
|
|
|
|
|
ffff 0010 00002320 0027 0001 00000064
|
|
|
|
|
|
ofp-actions: Add clone action.
This patch adds OpenFlow clone action with syntax as below:
"clone([action][,action...])". The clone() action makes a copy of the
current packet and executes the list of actions against the packet,
without affecting the packet after the "clone(...)" action. In other
word, the packet before the clone() and after the clone() is the same,
no matter what actions executed inside the clone().
Use case 1:
Set different fields and output to different ports without unset
actions=
clone(mod_dl_src:<mac1>, output:1), clone(mod_dl_dst:<mac2>, output:2), output:3
Since each clone() has independent packet, output:1 has only dl_src modified,
output:2 has only dl_dst modified, output:3 has original packet.
Similar to case1
actions=
push_vlan(...), output:2, pop_vlan, push_vlan(...), output:3
can be changed to
actions=
clone(push_vlan(...), output:2),clone(push_vlan(...), output:3)
without having to add pop_vlan.
case 2: resubmit to another table without worrying packet being modified
actions=clone(resubmit(1,2)), ...
Signed-off-by: William Tu <u9012063@gmail.com>
[blp@ovn.org revised this to omit the "sample" action]
Signed-off-by: Ben Pfaff <blp@ovn.org>
2016-12-18 00:13:02 -08:00
|
|
|
# actions=clone(mod_vlan_vid:5,output:10)
|
|
|
|
|
ffff 0020 00002320 002a 000000000000 dnl
|
|
|
|
|
0001 0008 0005 0000 dnl
|
|
|
|
|
0000 0008 000a 0000
|
|
|
|
|
|
2017-03-10 15:44:40 -08:00
|
|
|
# actions=learn(table=2,idle_timeout=10,hard_timeout=20,fin_idle_timeout=2,fin_hard_timeout=4,priority=80,cookie=0x123456789abcdef0,limit=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],output:NXM_OF_IN_PORT[])
|
|
|
|
|
ffff 0050 00002320 002d 000a 0014 0050 123456789abcdef0 0000 02 00 0002 0004 00000001 0000 0000 dnl
|
|
|
|
|
000c 00000802 0000 00000802 0000 dnl
|
|
|
|
|
0030 00000406 0000 00000206 0000 dnl
|
|
|
|
|
1010 00000002 0000 dnl
|
|
|
|
|
00000000
|
|
|
|
|
|
|
|
|
|
# actions=learn(table=2,idle_timeout=10,hard_timeout=20,fin_idle_timeout=2,fin_hard_timeout=4,priority=80,cookie=0x123456789abcdef0,limit=1,result_dst=NXM_NX_REG0[8],NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],output:NXM_OF_IN_PORT[])
|
|
|
|
|
ffff 0050 00002320 002d 000a 0014 0050 123456789abcdef0 0004 02 00 0002 0004 00000001 0008 0000 dnl
|
|
|
|
|
00010004 dnl
|
|
|
|
|
000c 00000802 0000 00000802 0000 dnl
|
|
|
|
|
0030 00000406 0000 00000206 0000 dnl
|
|
|
|
|
1010 00000002 0000
|
|
|
|
|
|
2016-07-14 08:27:21 -07:00
|
|
|
# actions=group:5
|
|
|
|
|
ffff 0010 00002320 0028 0000 00000005
|
|
|
|
|
|
Implement serializing the state of packet traversal in "continuations".
One purpose of OpenFlow packet-in messages is to allow a controller to
interpose on the path of a packet through the flow tables. If, for
example, the controller needs to modify a packet in some way that the
switch doesn't directly support, the controller should be able to
program the switch to send it the packet, then modify the packet and
send it back to the switch to continue through the flow table.
That's the theory. In practice, this doesn't work with any but the
simplest flow tables. Packet-in messages simply don't include enough
context to allow the flow table traversal to continue. For example:
* Via "resubmit" actions, an Open vSwitch packet can have an
effective "call stack", but a packet-in can't describe it, and
so it would be lost.
* A packet-in can't preserve the stack used by NXAST_PUSH and
NXAST_POP actions.
* A packet-in can't preserve the OpenFlow 1.1+ action set.
* A packet-in can't preserve the state of Open vSwitch mirroring
or connection tracking.
This commit introduces a solution called "continuations". A continuation
is the state of a packet's traversal through OpenFlow flow tables. A
"controller" action with the "pause" flag, which is newly implemented in
this commit, generates a continuation and sends it to the OpenFlow
controller in a packet-in asynchronous message (only NXT_PACKET_IN2
supports continuations, so the controller must configure them with
NXT_SET_PACKET_IN_FORMAT). The controller processes the packet-in,
possibly modifying some of its data, and sends it back to the switch with
an NXT_RESUME request, which causes flow table traversal to continue. In
principle, a single packet can be paused and resumed multiple times.
Another way to look at it is:
- "pause" is an extension of the existing OFPAT_CONTROLLER
action. It sends the packet to the controller, with full
pipeline context (some of which is switch implementation
dependent, and may thus vary from switch to switch).
- A continuation is an extension of OFPT_PACKET_IN, allowing for
implementation dependent metadata.
- NXT_RESUME is an extension of OFPT_PACKET_OUT, with the
semantics that the pipeline processing is continued with the
original translation context from where it was left at the time
it was paused.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>
2016-02-19 16:10:06 -08:00
|
|
|
# bad OpenFlow10 actions: NXBRC_MUST_BE_ZERO
|
|
|
|
|
ffff 0018 00002320 0025 0000 0005 0000 1122334455 000005
|
|
|
|
|
|
|
|
|
|
# bad OpenFlow10 actions: NXBRC_MUST_BE_ZERO
|
|
|
|
|
ffff 0018 00002320 0025 0000 0005 5000 1122334455 000000
|
|
|
|
|
|
2015-11-24 15:47:56 -08:00
|
|
|
# bad OpenFlow10 actions: OFPBAC_BAD_ARGUMENT
|
|
|
|
|
ffff 0048 00002320 0023 0001 00000000 0000 FF 000000 0000 dnl
|
|
|
|
|
ffff 0030 00002320 0024 00 00 0011 000c fe800000 00000000 020c 29ff fe88 a18b fe800000 00000000 020c 29ff fe88 0001
|
|
|
|
|
|
2012-07-03 22:17:14 -07:00
|
|
|
])
|
|
|
|
|
sed '/^[[#&]]/d' < test-data > input.txt
|
|
|
|
|
sed -n 's/^# //p; /^$/p' < test-data > expout
|
|
|
|
|
sed -n 's/^& //p' < test-data > experr
|
|
|
|
|
AT_CAPTURE_FILE([input.txt])
|
|
|
|
|
AT_CAPTURE_FILE([expout])
|
|
|
|
|
AT_CAPTURE_FILE([experr])
|
|
|
|
|
AT_CHECK(
|
2014-08-07 16:03:42 -07:00
|
|
|
[ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-actions OpenFlow10 < input.txt],
|
2012-07-03 22:17:14 -07:00
|
|
|
[0], [expout], [experr])
|
|
|
|
|
AT_CLEANUP
|
2012-07-03 22:14:29 -07:00
|
|
|
|
2014-08-07 16:09:07 -07:00
|
|
|
AT_SETUP([OpenFlow 1.0 "instruction" translations])
|
|
|
|
|
AT_KEYWORDS([ofp-actions OF1.0 instruction])
|
|
|
|
|
AT_DATA([test-data], [dnl
|
|
|
|
|
dnl Try a couple of ordinary actions to make sure they're accepted,
|
|
|
|
|
dnl but there's no point in retrying all the actions from the previous test.
|
|
|
|
|
# actions=LOCAL
|
|
|
|
|
0000 0008 fffe 04d2
|
|
|
|
|
|
|
|
|
|
# actions=mod_dl_src:00:11:22:33:44:55
|
|
|
|
|
0004 0010 001122334455 000000000000
|
|
|
|
|
|
|
|
|
|
dnl Now check that write_metadata is accepted.
|
|
|
|
|
# actions=write_metadata:0xfedcba9876543210
|
|
|
|
|
ffff 0020 00002320 0016 000000000000 fedcba9876543210 ffffffffffffffff
|
|
|
|
|
|
|
|
|
|
# actions=write_metadata:0xfedcba9876543210/0xffff0000ffff0000
|
|
|
|
|
ffff 0020 00002320 0016 000000000000 fedcba9876543210 ffff0000ffff0000
|
|
|
|
|
|
|
|
|
|
])
|
|
|
|
|
sed '/^[[#&]]/d' < test-data > input.txt
|
|
|
|
|
sed -n 's/^# //p; /^$/p' < test-data > expout
|
|
|
|
|
sed -n 's/^& //p' < test-data > experr
|
|
|
|
|
AT_CAPTURE_FILE([input.txt])
|
|
|
|
|
AT_CAPTURE_FILE([expout])
|
|
|
|
|
AT_CAPTURE_FILE([experr])
|
|
|
|
|
AT_CHECK(
|
2014-08-07 16:03:42 -07:00
|
|
|
[ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-instructions OpenFlow10 < input.txt],
|
2014-08-07 16:09:07 -07:00
|
|
|
[0], [expout], [experr])
|
|
|
|
|
AT_CLEANUP
|
|
|
|
|
|
2012-07-03 22:14:29 -07:00
|
|
|
AT_SETUP([OpenFlow 1.1 action translation])
|
2012-10-19 02:37:37 +09:00
|
|
|
AT_KEYWORDS([ofp-actions OF1.1])
|
2012-07-03 22:14:29 -07:00
|
|
|
AT_DATA([test-data], [dnl
|
|
|
|
|
# actions=LOCAL
|
|
|
|
|
0000 0010 fffffffe 04d2 000000000000
|
|
|
|
|
|
|
|
|
|
# actions=CONTROLLER:1234
|
|
|
|
|
0000 0010 fffffffd 04d2 000000000000
|
|
|
|
|
|
2013-10-24 13:19:25 -07:00
|
|
|
# actions=set_vlan_vid:9
|
2012-07-03 22:14:29 -07:00
|
|
|
0001 0008 0009 0000
|
|
|
|
|
|
2013-10-24 13:19:25 -07:00
|
|
|
# actions=set_vlan_pcp:6
|
2012-07-03 22:14:29 -07:00
|
|
|
0002 0008 06 000000
|
|
|
|
|
|
|
|
|
|
# actions=mod_dl_src:00:11:22:33:44:55
|
|
|
|
|
0003 0010 001122334455 000000000000
|
|
|
|
|
|
|
|
|
|
# actions=mod_dl_dst:10:20:30:40:50:60
|
|
|
|
|
0004 0010 102030405060 000000000000
|
|
|
|
|
|
|
|
|
|
# actions=mod_nw_src:1.2.3.4
|
|
|
|
|
0005 0008 01020304
|
|
|
|
|
|
|
|
|
|
# actions=mod_nw_dst:192.168.0.1
|
|
|
|
|
0006 0008 c0a80001
|
|
|
|
|
|
|
|
|
|
# actions=mod_nw_tos:48
|
|
|
|
|
0007 0008 30 000000
|
|
|
|
|
|
2016-07-13 16:50:33 -07:00
|
|
|
# actions=mod_nw_ecn:2
|
|
|
|
|
0008 0008 02 000000
|
|
|
|
|
|
2012-07-03 22:14:29 -07:00
|
|
|
# actions=mod_tp_src:80
|
|
|
|
|
0009 0008 0050 0000
|
|
|
|
|
|
|
|
|
|
# actions=mod_tp_dst:443
|
|
|
|
|
000a 0008 01bb 0000
|
|
|
|
|
|
2013-10-24 13:19:26 -07:00
|
|
|
# actions=pop_vlan
|
2012-10-18 03:51:58 +09:00
|
|
|
0012 0008 00000000
|
|
|
|
|
|
2012-11-30 10:04:06 +09:00
|
|
|
# actions=set_queue:2309737729
|
|
|
|
|
0015 0008 89abcd01
|
|
|
|
|
|
2012-10-26 13:43:19 +09:00
|
|
|
dnl 802.1ad isn't supported at the moment
|
|
|
|
|
dnl # actions=push_vlan:0x88a8
|
|
|
|
|
dnl 0011 0008 88a8 0000
|
|
|
|
|
# actions=push_vlan:0x8100
|
|
|
|
|
0011 0008 8100 0000
|
|
|
|
|
|
2012-07-03 22:14:29 -07:00
|
|
|
# actions=resubmit:5
|
|
|
|
|
ffff 0010 00002320 0001 0005 00000000
|
|
|
|
|
|
|
|
|
|
# actions=set_tunnel:0x12345678
|
|
|
|
|
ffff 0010 00002320 0002 0000 12345678
|
|
|
|
|
|
|
|
|
|
# actions=pop_queue
|
|
|
|
|
ffff 0010 00002320 0005 000000000000
|
|
|
|
|
|
|
|
|
|
# actions=move:NXM_OF_IN_PORT[]->NXM_OF_VLAN_TCI[]
|
|
|
|
|
ffff 0018 00002320 0006 0010 0000 0000 00000002 00000802
|
|
|
|
|
|
|
|
|
|
# actions=load:0xf009->NXM_OF_VLAN_TCI[]
|
|
|
|
|
ffff 0018 00002320 0007 000f 00000802 000000000000f009
|
|
|
|
|
|
|
|
|
|
# actions=note:11.e9.9a.ad.67.f3
|
|
|
|
|
ffff 0010 00002320 0008 11e99aad67f3
|
|
|
|
|
|
|
|
|
|
# actions=set_tunnel64:0xc426384d49c53d60
|
|
|
|
|
ffff 0018 00002320 0009 000000000000 c426384d49c53d60
|
|
|
|
|
|
|
|
|
|
# actions=set_tunnel64:0x885f3298
|
|
|
|
|
ffff 0018 00002320 0009 000000000000 00000000885f3298
|
|
|
|
|
|
2014-08-07 16:09:07 -07:00
|
|
|
dnl Write-Metadata is only allowed in contexts that allow instructions.
|
|
|
|
|
& ofp_actions|WARN|write_metadata instruction not allowed here
|
2014-08-07 16:03:42 -07:00
|
|
|
# bad OpenFlow11 actions: OFPBIC_UNSUP_INST
|
2012-10-19 02:37:37 +09:00
|
|
|
ffff 0020 00002320 0016 000000000000 fedcba9876543210 ffffffffffffffff
|
|
|
|
|
|
2012-07-03 22:14:29 -07:00
|
|
|
# actions=multipath(eth_src,50,modulo_n,1,0,NXM_NX_REG0[])
|
|
|
|
|
ffff 0020 00002320 000a 0000 0032 0000 0000 0000 0000 0000 0000 001f 00010004
|
|
|
|
|
|
|
|
|
|
# actions=bundle(eth_src,0,hrw,ofport,slaves:4,8)
|
|
|
|
|
ffff 0028 00002320 000c 0001 0000 0000 00000002 0002 0000 00000000 00000000 dnl
|
|
|
|
|
0004 0008 00000000
|
|
|
|
|
|
|
|
|
|
# actions=bundle_load(eth_src,0,hrw,ofport,NXM_NX_REG0[],slaves:4,8)
|
|
|
|
|
ffff 0028 00002320 000d 0001 0000 0000 00000002 0002 001f 00010004 00000000 dnl
|
|
|
|
|
0004 0008 00000000
|
|
|
|
|
|
|
|
|
|
# actions=resubmit(10,5)
|
|
|
|
|
ffff 0010 00002320 000e 000a 05 000000
|
|
|
|
|
|
2017-03-08 17:18:23 -08:00
|
|
|
# actions=resubmit(10,5,ct)
|
|
|
|
|
ffff 0010 00002320 002c 000a 05 000000
|
|
|
|
|
|
2012-07-03 22:14:29 -07:00
|
|
|
# actions=output:NXM_NX_REG1[5..10]
|
|
|
|
|
ffff 0018 00002320 000f 0145 00010204 ffff 000000000000
|
|
|
|
|
|
|
|
|
|
# actions=learn(table=2,idle_timeout=10,hard_timeout=20,fin_idle_timeout=2,fin_hard_timeout=4,priority=80,cookie=0x123456789abcdef0,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],output:NXM_OF_IN_PORT[])
|
|
|
|
|
ffff 0048 00002320 0010 000a 0014 0050 123456789abcdef0 0000 02 00 0002 0004 dnl
|
|
|
|
|
000c 00000802 0000 00000802 0000 dnl
|
|
|
|
|
0030 00000406 0000 00000206 0000 dnl
|
|
|
|
|
1010 00000002 0000 dnl
|
|
|
|
|
00000000
|
|
|
|
|
|
|
|
|
|
# actions=exit
|
|
|
|
|
ffff 0010 00002320 0011 000000000000
|
|
|
|
|
|
2012-10-18 07:02:04 +09:00
|
|
|
dnl OpenFlow 1.1 OFPAT_DEC_TTL
|
|
|
|
|
# actions=dec_ttl
|
|
|
|
|
0018 0008 00000000
|
|
|
|
|
|
2012-07-03 22:14:29 -07:00
|
|
|
# actions=fin_timeout(idle_timeout=10,hard_timeout=20)
|
|
|
|
|
ffff 0010 00002320 0013 000a 0014 0000
|
|
|
|
|
|
|
|
|
|
# actions=controller(reason=invalid_ttl,max_len=1234,id=5678)
|
|
|
|
|
ffff 0010 00002320 0014 04d2 162e 02 00
|
|
|
|
|
|
2012-08-16 14:25:07 -07:00
|
|
|
# actions=dec_ttl(32768,12345,90,765,1024)
|
|
|
|
|
ffff 0020 00002320 0015 000500000000 80003039005A02fd 0400000000000000
|
|
|
|
|
|
2013-04-22 10:01:14 -07:00
|
|
|
# actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678)
|
|
|
|
|
ffff 0018 00002320 001d 3039 00005BA0 00008707 0000B26E
|
|
|
|
|
|
2015-07-29 08:36:07 -07:00
|
|
|
# bad OpenFlow11 actions: OFPBAC_BAD_OUT_PORT
|
|
|
|
|
& ofp_actions|WARN|bad action at offset 0 (OFPBAC_BAD_OUT_PORT):
|
|
|
|
|
& 00000000 00 00 00 10 ff ff ff ff-00 00 00 00 00 00 00 00
|
|
|
|
|
0000 0010 ffffffff 0000 000000000000
|
|
|
|
|
|
2012-07-03 22:14:29 -07:00
|
|
|
])
|
|
|
|
|
sed '/^[[#&]]/d' < test-data > input.txt
|
|
|
|
|
sed -n 's/^# //p; /^$/p' < test-data > expout
|
|
|
|
|
sed -n 's/^& //p' < test-data > experr
|
|
|
|
|
AT_CAPTURE_FILE([input.txt])
|
|
|
|
|
AT_CAPTURE_FILE([expout])
|
|
|
|
|
AT_CAPTURE_FILE([experr])
|
|
|
|
|
AT_CHECK(
|
2014-08-07 16:03:42 -07:00
|
|
|
[ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-actions OpenFlow11 < input.txt],
|
2012-07-03 22:14:29 -07:00
|
|
|
[0], [expout], [experr])
|
|
|
|
|
AT_CLEANUP
|
|
|
|
|
|
|
|
|
|
AT_SETUP([OpenFlow 1.1 instruction translation])
|
2012-10-19 02:37:37 +09:00
|
|
|
AT_KEYWORDS([OF1.1 instruction ofp-actions])
|
2012-07-03 22:14:29 -07:00
|
|
|
AT_DATA([test-data], [dnl
|
|
|
|
|
# actions=LOCAL
|
|
|
|
|
0004 0018 00000000 dnl
|
|
|
|
|
0000 0010 fffffffe 04d2 000000000000
|
|
|
|
|
|
2012-10-05 15:56:56 +09:00
|
|
|
dnl Apply-Actions non-zero padding
|
|
|
|
|
# actions=drop
|
|
|
|
|
# 0: 00 -> (none)
|
|
|
|
|
# 1: 04 -> (none)
|
|
|
|
|
# 2: 00 -> (none)
|
|
|
|
|
# 3: 08 -> (none)
|
|
|
|
|
# 4: 00 -> (none)
|
|
|
|
|
# 5: 00 -> (none)
|
|
|
|
|
# 6: 00 -> (none)
|
|
|
|
|
# 7: 01 -> (none)
|
|
|
|
|
0004 0008 00000001
|
|
|
|
|
|
2012-07-03 22:14:29 -07:00
|
|
|
dnl Check that an empty Apply-Actions instruction gets dropped.
|
|
|
|
|
# actions=drop
|
|
|
|
|
# 0: 00 -> (none)
|
|
|
|
|
# 1: 04 -> (none)
|
|
|
|
|
# 2: 00 -> (none)
|
|
|
|
|
# 3: 08 -> (none)
|
|
|
|
|
# 4: 00 -> (none)
|
|
|
|
|
# 5: 00 -> (none)
|
|
|
|
|
# 6: 00 -> (none)
|
|
|
|
|
# 7: 00 -> (none)
|
|
|
|
|
0004 0008 00000000
|
|
|
|
|
|
2012-09-04 15:51:59 +09:00
|
|
|
dnl Duplicate instruction type:
|
2014-08-07 16:03:42 -07:00
|
|
|
# bad OpenFlow11 instructions: OFPBIC_DUP_INST
|
2012-07-03 22:14:29 -07:00
|
|
|
0004 0008 00000000 0004 0008 00000000
|
|
|
|
|
|
|
|
|
|
dnl Instructions not multiple of 8 in length.
|
|
|
|
|
& ofp_actions|WARN|OpenFlow message instructions length 9 is not a multiple of 8
|
2014-08-07 16:03:42 -07:00
|
|
|
# bad OpenFlow11 instructions: OFPBIC_BAD_LEN
|
2012-07-03 22:14:29 -07:00
|
|
|
0004 0009 01 00000000
|
|
|
|
|
|
|
|
|
|
dnl Goto-Table instruction too long.
|
2014-08-07 16:03:42 -07:00
|
|
|
# bad OpenFlow11 instructions: OFPBIC_BAD_LEN
|
2012-07-03 22:14:29 -07:00
|
|
|
0001 0010 01 000000 0000000000000000
|
|
|
|
|
|
2012-10-05 15:56:56 +09:00
|
|
|
dnl Goto-Table 1 instruction non-zero padding
|
|
|
|
|
# actions=goto_table:1
|
|
|
|
|
# 7: 01 -> 00
|
|
|
|
|
0001 0008 01 000001
|
|
|
|
|
|
2013-06-05 13:18:09 -07:00
|
|
|
dnl Goto-Table 1 instruction go back to the previous table.
|
2014-09-24 09:53:13 -07:00
|
|
|
# bad OpenFlow11 instructions: OFPBIC_BAD_TABLE_ID
|
2013-06-05 13:18:09 -07:00
|
|
|
2,0001 0008 01 000000
|
|
|
|
|
|
2012-10-05 15:56:56 +09:00
|
|
|
dnl Goto-Table 1
|
|
|
|
|
# actions=goto_table:1
|
2012-07-03 22:14:29 -07:00
|
|
|
0001 0008 01 000000
|
|
|
|
|
|
2012-10-19 02:37:37 +09:00
|
|
|
dnl Write-Metadata.
|
|
|
|
|
# actions=write_metadata:0xfedcba9876543210
|
2012-07-03 22:14:29 -07:00
|
|
|
0002 0018 00000000 fedcba9876543210 ffffffffffffffff
|
|
|
|
|
|
2014-08-07 16:09:07 -07:00
|
|
|
dnl Write-Metadata as Nicira extension action is transformed into instruction.
|
|
|
|
|
# actions=write_metadata:0xfedcba9876543210
|
|
|
|
|
# 1: 04 -> 02
|
|
|
|
|
# 3: 28 -> 18
|
|
|
|
|
# 8: ff -> fe
|
|
|
|
|
# 9: ff -> dc
|
|
|
|
|
# 10: 00 -> ba
|
|
|
|
|
# 11: 20 -> 98
|
|
|
|
|
# 12: 00 -> 76
|
|
|
|
|
# 13: 00 -> 54
|
|
|
|
|
# 14: 23 -> 32
|
|
|
|
|
# 15: 20 -> 10
|
|
|
|
|
# 16: 00 -> ff
|
|
|
|
|
# 17: 16 -> ff
|
|
|
|
|
# 18: 00 -> ff
|
|
|
|
|
# 19: 00 -> ff
|
|
|
|
|
# 20: 00 -> ff
|
|
|
|
|
# 21: 00 -> ff
|
|
|
|
|
# 22: 00 -> ff
|
|
|
|
|
# 23: 00 -> ff
|
|
|
|
|
# 24: fe -> (none)
|
|
|
|
|
# 25: dc -> (none)
|
|
|
|
|
# 26: ba -> (none)
|
|
|
|
|
# 27: 98 -> (none)
|
|
|
|
|
# 28: 76 -> (none)
|
|
|
|
|
# 29: 54 -> (none)
|
|
|
|
|
# 30: 32 -> (none)
|
|
|
|
|
# 31: 10 -> (none)
|
|
|
|
|
# 32: ff -> (none)
|
|
|
|
|
# 33: ff -> (none)
|
|
|
|
|
# 34: ff -> (none)
|
|
|
|
|
# 35: ff -> (none)
|
|
|
|
|
# 36: ff -> (none)
|
|
|
|
|
# 37: ff -> (none)
|
|
|
|
|
# 38: ff -> (none)
|
|
|
|
|
# 39: ff -> (none)
|
|
|
|
|
0004 0028 00000000 ffff 0020 00002320 0016 000000000000 fedcba9876543210 ffffffffffffffff
|
|
|
|
|
|
2012-10-19 02:37:37 +09:00
|
|
|
dnl Write-Metadata with mask.
|
|
|
|
|
# actions=write_metadata:0xfedcba9876543210/0xff00ff00ff00ff00
|
|
|
|
|
0002 0018 00000000 fedcba9876543210 ff00ff00ff00ff00
|
|
|
|
|
|
2012-07-03 22:14:29 -07:00
|
|
|
dnl Write-Metadata too short.
|
2014-08-07 16:03:42 -07:00
|
|
|
# bad OpenFlow11 instructions: OFPBIC_BAD_LEN
|
2012-07-03 22:14:29 -07:00
|
|
|
0002 0010 00000000 fedcba9876543210
|
|
|
|
|
|
|
|
|
|
dnl Write-Metadata too long.
|
2014-08-07 16:03:42 -07:00
|
|
|
# bad OpenFlow11 instructions: OFPBIC_BAD_LEN
|
2012-07-03 22:14:29 -07:00
|
|
|
0002 0020 00000000 fedcba9876543210 ffffffffffffffff 0000000000000000
|
|
|
|
|
|
2012-10-19 02:37:37 +09:00
|
|
|
dnl Write-Metadata duplicated.
|
2014-08-07 16:03:42 -07:00
|
|
|
# bad OpenFlow11 instructions: OFPBIC_DUP_INST
|
2012-10-19 02:37:37 +09:00
|
|
|
0002 0018 00000000 fedcba9876543210 ff00ff00ff00ff00 0002 0018 00000000 fedcba9876543210 ff00ff00ff00ff00
|
|
|
|
|
|
2013-01-03 09:02:52 -08:00
|
|
|
dnl Write-Metadata in wrong position (OpenFlow 1.1+ disregards the order
|
|
|
|
|
dnl and OVS reorders it to the canonical order)
|
|
|
|
|
# actions=write_metadata:0xfedcba9876543210,goto_table:1
|
|
|
|
|
# 1: 01 -> 02
|
|
|
|
|
# 3: 08 -> 18
|
|
|
|
|
# 4: 01 -> 00
|
|
|
|
|
# 8: 00 -> fe
|
|
|
|
|
# 9: 02 -> dc
|
|
|
|
|
# 10: 00 -> ba
|
|
|
|
|
# 11: 18 -> 98
|
|
|
|
|
# 12: 00 -> 76
|
|
|
|
|
# 13: 00 -> 54
|
|
|
|
|
# 14: 00 -> 32
|
|
|
|
|
# 15: 00 -> 10
|
|
|
|
|
# 16: fe -> ff
|
|
|
|
|
# 17: dc -> ff
|
|
|
|
|
# 18: ba -> ff
|
|
|
|
|
# 19: 98 -> ff
|
|
|
|
|
# 20: 76 -> ff
|
|
|
|
|
# 21: 54 -> ff
|
|
|
|
|
# 22: 32 -> ff
|
|
|
|
|
# 23: 10 -> ff
|
|
|
|
|
# 24: ff -> 00
|
|
|
|
|
# 25: ff -> 01
|
|
|
|
|
# 26: ff -> 00
|
|
|
|
|
# 27: ff -> 08
|
|
|
|
|
# 28: ff -> 01
|
|
|
|
|
# 29: ff -> 00
|
|
|
|
|
# 30: ff -> 00
|
|
|
|
|
# 31: ff -> 00
|
2012-10-19 02:37:37 +09:00
|
|
|
0001 0008 01 000000 0002 0018 00000000 fedcba9876543210 ffffffffffffffff
|
|
|
|
|
|
2013-10-11 13:23:29 +09:00
|
|
|
dnl empty Write-Actions non-zero padding
|
|
|
|
|
# actions=write_actions(drop)
|
|
|
|
|
# 0: 00 -> (none)
|
|
|
|
|
# 1: 03 -> (none)
|
|
|
|
|
# 2: 00 -> (none)
|
|
|
|
|
# 3: 08 -> (none)
|
|
|
|
|
# 4: 00 -> (none)
|
|
|
|
|
# 5: 00 -> (none)
|
|
|
|
|
# 6: 00 -> (none)
|
|
|
|
|
# 7: 01 -> (none)
|
|
|
|
|
0003 0008 00000001
|
|
|
|
|
|
|
|
|
|
dnl Check that an empty Write-Actions instruction gets dropped.
|
|
|
|
|
# actions=write_actions(drop)
|
|
|
|
|
# 0: 00 -> (none)
|
|
|
|
|
# 1: 03 -> (none)
|
|
|
|
|
# 2: 00 -> (none)
|
|
|
|
|
# 3: 08 -> (none)
|
|
|
|
|
# 4: 00 -> (none)
|
|
|
|
|
# 5: 00 -> (none)
|
|
|
|
|
# 6: 00 -> (none)
|
|
|
|
|
# 7: 00 -> (none)
|
|
|
|
|
0003 0008 00000000
|
2012-07-03 22:14:29 -07:00
|
|
|
|
2012-10-05 15:56:57 +09:00
|
|
|
dnl Clear-Actions too-long
|
2014-08-07 16:03:42 -07:00
|
|
|
# bad OpenFlow11 instructions: OFPBIC_BAD_LEN
|
2012-10-05 15:56:57 +09:00
|
|
|
0005 0010 00000000 0000000000000000
|
|
|
|
|
|
|
|
|
|
dnl Clear-Actions non-zero padding
|
|
|
|
|
# actions=clear_actions
|
|
|
|
|
# 7: 01 -> 00
|
|
|
|
|
0005 0008 00000001
|
|
|
|
|
|
|
|
|
|
dnl Clear-Actions non-zero padding
|
|
|
|
|
# actions=clear_actions
|
|
|
|
|
# 4: 01 -> 00
|
2012-07-03 22:14:29 -07:00
|
|
|
0005 0008 01 000000
|
|
|
|
|
|
2012-10-05 15:56:57 +09:00
|
|
|
dnl Clear-Actions
|
|
|
|
|
# actions=clear_actions
|
|
|
|
|
0005 0008 00000000
|
|
|
|
|
|
2012-07-03 22:14:29 -07:00
|
|
|
dnl Experimenter actions not supported yet.
|
2014-08-07 16:03:42 -07:00
|
|
|
# bad OpenFlow11 instructions: OFPBIC_BAD_EXPERIMENTER
|
2012-07-03 22:14:29 -07:00
|
|
|
ffff 0008 01 000000
|
|
|
|
|
|
|
|
|
|
dnl Bad instruction number (0 not assigned).
|
2014-08-07 16:03:42 -07:00
|
|
|
# bad OpenFlow11 instructions: OFPBIC_UNKNOWN_INST
|
2012-07-03 22:14:29 -07:00
|
|
|
0000 0008 01 000000
|
|
|
|
|
|
|
|
|
|
])
|
|
|
|
|
sed '/^[[#&]]/d' < test-data > input.txt
|
|
|
|
|
sed -n 's/^# //p; /^$/p' < test-data > expout
|
|
|
|
|
sed -n 's/^& //p' < test-data > experr
|
|
|
|
|
AT_CAPTURE_FILE([input.txt])
|
|
|
|
|
AT_CAPTURE_FILE([expout])
|
|
|
|
|
AT_CAPTURE_FILE([experr])
|
|
|
|
|
AT_CHECK(
|
2014-08-07 16:03:42 -07:00
|
|
|
[ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-instructions OpenFlow11 < input.txt],
|
2012-07-03 22:14:29 -07:00
|
|
|
[0], [expout], [experr])
|
|
|
|
|
AT_CLEANUP
|
2013-11-15 18:10:18 +09:00
|
|
|
|
2014-09-16 22:13:44 -07:00
|
|
|
dnl Our primary goal here is to verify OpenFlow 1.2-specific changes,
|
|
|
|
|
dnl so the list of tests is short.
|
|
|
|
|
AT_SETUP([OpenFlow 1.2 action translation])
|
|
|
|
|
AT_KEYWORDS([ofp-actions OF1.2])
|
|
|
|
|
AT_DATA([test-data], [dnl
|
|
|
|
|
# actions=LOCAL
|
|
|
|
|
0000 0010 fffffffe 04d2 000000000000
|
|
|
|
|
|
|
|
|
|
# bad OpenFlow12 actions: OFPBAC_BAD_SET_MASK
|
|
|
|
|
& ofp_actions|WARN|bad action at offset 0 (OFPBAC_BAD_SET_MASK):
|
|
|
|
|
& 00000000 00 19 00 18 80 00 09 0c-00 00 00 00 12 34 00 00
|
|
|
|
|
& 00000010 00 00 ff ff 00 00 00 00-
|
|
|
|
|
0019 0018 8000090c 000000001234 00000000ffff 00000000
|
|
|
|
|
|
|
|
|
|
])
|
|
|
|
|
sed '/^[[#&]]/d' < test-data > input.txt
|
|
|
|
|
sed -n 's/^# //p; /^$/p' < test-data > expout
|
|
|
|
|
sed -n 's/^& //p' < test-data > experr
|
|
|
|
|
AT_CAPTURE_FILE([input.txt])
|
|
|
|
|
AT_CAPTURE_FILE([expout])
|
|
|
|
|
AT_CAPTURE_FILE([experr])
|
|
|
|
|
AT_CHECK(
|
|
|
|
|
[ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-actions OpenFlow12 < input.txt],
|
|
|
|
|
[0], [expout], [experr])
|
|
|
|
|
AT_CLEANUP
|
|
|
|
|
|
2014-11-24 14:29:06 -08:00
|
|
|
dnl Our primary goal here is to verify OpenFlow 1.3-specific changes,
|
|
|
|
|
dnl so the list of tests is short.
|
|
|
|
|
AT_SETUP([OpenFlow 1.3 action translation])
|
|
|
|
|
AT_KEYWORDS([ofp-actions OF1.3])
|
|
|
|
|
AT_DATA([test-data], [dnl
|
|
|
|
|
# actions=LOCAL
|
|
|
|
|
0000 0010 fffffffe 04d2 000000000000
|
|
|
|
|
|
|
|
|
|
dnl Check the Nicira extension form of "move".
|
|
|
|
|
# actions=move:NXM_OF_IN_PORT[]->NXM_OF_VLAN_TCI[]
|
|
|
|
|
ffff 0018 00002320 0006 0010 0000 0000 00000002 00000802
|
|
|
|
|
|
|
|
|
|
dnl Check the ONF extension form of "copy_field".
|
|
|
|
|
# actions=move:NXM_OF_IN_PORT[]->NXM_OF_VLAN_TCI[]
|
|
|
|
|
ffff 0020 4f4e4600 0c80 0000 0010 0000 0000 0000 00000002 00000802 00000000
|
|
|
|
|
|
|
|
|
|
])
|
|
|
|
|
sed '/^[[#&]]/d' < test-data > input.txt
|
|
|
|
|
sed -n 's/^# //p; /^$/p' < test-data > expout
|
|
|
|
|
sed -n 's/^& //p' < test-data > experr
|
|
|
|
|
AT_CAPTURE_FILE([input.txt])
|
|
|
|
|
AT_CAPTURE_FILE([expout])
|
|
|
|
|
AT_CAPTURE_FILE([experr])
|
|
|
|
|
AT_CHECK(
|
|
|
|
|
[ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-actions OpenFlow13 < input.txt],
|
|
|
|
|
[0], [expout], [experr])
|
|
|
|
|
AT_CLEANUP
|
|
|
|
|
|
2014-08-11 14:13:53 -07:00
|
|
|
dnl Our primary goal here is to verify that OpenFlow 1.5-specific changes,
|
|
|
|
|
dnl so the list of tests is short.
|
2014-08-07 16:18:51 -07:00
|
|
|
AT_SETUP([OpenFlow 1.5 action translation])
|
|
|
|
|
AT_KEYWORDS([ofp-actions OF1.5])
|
|
|
|
|
AT_DATA([test-data], [dnl
|
|
|
|
|
# actions=LOCAL
|
|
|
|
|
0000 0010 fffffffe 04d2 000000000000
|
|
|
|
|
|
|
|
|
|
# actions=move:NXM_OF_IN_PORT[]->NXM_OF_VLAN_TCI[]
|
2014-11-24 12:25:56 -08:00
|
|
|
001c 0018 0010 0000 0000 0000 00000002 00000802 00000000
|
2014-08-07 16:18:51 -07:00
|
|
|
|
2014-10-07 16:49:50 -07:00
|
|
|
# actions=set_field:00:00:00:00:12:34/00:00:00:00:ff:ff->eth_src
|
2014-09-16 22:13:44 -07:00
|
|
|
0019 0018 8000090c 000000001234 00000000ffff 00000000
|
2014-08-11 14:13:53 -07:00
|
|
|
|
2014-08-07 16:18:51 -07:00
|
|
|
])
|
|
|
|
|
sed '/^[[#&]]/d' < test-data > input.txt
|
|
|
|
|
sed -n 's/^# //p; /^$/p' < test-data > expout
|
|
|
|
|
sed -n 's/^& //p' < test-data > experr
|
|
|
|
|
AT_CAPTURE_FILE([input.txt])
|
|
|
|
|
AT_CAPTURE_FILE([expout])
|
|
|
|
|
AT_CAPTURE_FILE([experr])
|
|
|
|
|
AT_CHECK(
|
|
|
|
|
[ovs-ofctl '-vPATTERN:console:%c|%p|%m' parse-actions OpenFlow15 < input.txt],
|
|
|
|
|
[0], [expout], [experr])
|
|
|
|
|
AT_CLEANUP
|
|
|
|
|
|
2013-11-15 18:10:18 +09:00
|
|
|
AT_SETUP([ofp-actions - inconsistent MPLS actions])
|
|
|
|
|
OVS_VSWITCHD_START
|
|
|
|
|
dnl OK: Use fin_timeout action on TCP flow
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow11 -vwarn add-flow br0 'tcp actions=fin_timeout(idle_timeout=1)'])
|
|
|
|
|
dnl Bad: Use fin_timeout action on TCP flow that has been converted to MPLS
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow11 -vwarn add-flow br0 'tcp actions=push_mpls:0x8847,fin_timeout(idle_timeout=1)'],
|
|
|
|
|
[1], [], [dnl
|
2013-11-15 14:19:57 -08:00
|
|
|
ovs-ofctl: none of the usable flow formats (OpenFlow10,NXM) is among the allowed flow formats (OpenFlow11)
|
2013-11-15 18:10:18 +09:00
|
|
|
])
|
|
|
|
|
OVS_VSWITCHD_STOP
|
|
|
|
|
AT_CLEANUP
|
2014-12-04 14:31:56 -08:00
|
|
|
|
|
|
|
|
AT_SETUP([reg_load <-> set_field translation corner case])
|
|
|
|
|
AT_KEYWORDS([ofp-actions])
|
|
|
|
|
OVS_VSWITCHD_START
|
|
|
|
|
dnl In OpenFlow 1.3, set_field always sets all the bits in the field,
|
|
|
|
|
dnl but when we translate to NXAST_LOAD we need to only set the bits that
|
|
|
|
|
dnl actually exist (e.g. mpls_label only has 20 bits) otherwise OVS rejects
|
|
|
|
|
dnl the "load" action as invalid. Check that we do this correctly.
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow13 add-flow br0 mpls,actions=set_field:10-\>mpls_label])
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow10 dump-flows br0 | ofctl_strip], [0], [dnl
|
|
|
|
|
NXST_FLOW reply:
|
|
|
|
|
mpls actions=load:0xa->OXM_OF_MPLS_LABEL[[]]
|
|
|
|
|
])
|
|
|
|
|
OVS_VSWITCHD_STOP
|
|
|
|
|
AT_CLEANUP
|
2016-07-13 15:53:20 -07:00
|
|
|
|
|
|
|
|
AT_SETUP([enqueue action for OF1.1+])
|
|
|
|
|
AT_KEYWORDS([ofp-actions])
|
|
|
|
|
OVS_VSWITCHD_START
|
|
|
|
|
dnl OpenFlow 1.0 has an "enqueue" action. For OpenFlow 1.1+, we translate
|
|
|
|
|
dnl it to a series of actions that accomplish the same thing.
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow10 add-flow br0 'actions=enqueue(123,456)'])
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow10 dump-flows br0 | ofctl_strip], [0], [dnl
|
|
|
|
|
NXST_FLOW reply:
|
|
|
|
|
actions=enqueue:123:456
|
|
|
|
|
])
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow13 dump-flows br0 | ofctl_strip], [0], [dnl
|
|
|
|
|
OFPST_FLOW reply (OF1.3):
|
|
|
|
|
reset_counts actions=set_queue:456,output:123,pop_queue
|
|
|
|
|
])
|
|
|
|
|
OVS_VSWITCHD_STOP
|
|
|
|
|
AT_CLEANUP
|
2016-07-13 16:50:33 -07:00
|
|
|
|
2016-07-13 16:41:00 -07:00
|
|
|
AT_SETUP([mod_nw_ttl action for OF1.0])
|
|
|
|
|
AT_KEYWORDS([ofp-actions])
|
|
|
|
|
OVS_VSWITCHD_START
|
|
|
|
|
dnl OpenFlow 1.1+ have a mod_nw_ttl action. For OpenFlow 1.0, we translate
|
|
|
|
|
dnl it to an Open vSwitch extension.
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow11 add-flow br0 'ip,actions=mod_nw_ttl:123'])
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow10 dump-flows br0 | ofctl_strip], [0], [dnl
|
|
|
|
|
NXST_FLOW reply:
|
|
|
|
|
ip actions=load:0x7b->NXM_NX_IP_TTL[[]]
|
|
|
|
|
])
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow11 dump-flows br0 | ofctl_strip], [0], [dnl
|
|
|
|
|
OFPST_FLOW reply (OF1.1):
|
|
|
|
|
ip actions=mod_nw_ttl:123
|
|
|
|
|
])
|
|
|
|
|
OVS_VSWITCHD_STOP
|
|
|
|
|
AT_CLEANUP
|
|
|
|
|
|
2016-07-13 16:50:33 -07:00
|
|
|
AT_SETUP([mod_nw_ecn action translation])
|
|
|
|
|
AT_KEYWORDS([ofp-actions])
|
|
|
|
|
OVS_VSWITCHD_START
|
|
|
|
|
|
|
|
|
|
dnl OpenFlow 1.1, but no other version, has a "mod_nw_ecn" action.
|
|
|
|
|
dnl Check that we translate it properly for OF1.0 and OF1.2.
|
|
|
|
|
dnl (OF1.3+ should be the same as OF1.2.)
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow11 add-flow br0 'ip,actions=mod_nw_ecn:2'])
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow10 dump-flows br0 | ofctl_strip], [0], [dnl
|
|
|
|
|
NXST_FLOW reply:
|
|
|
|
|
ip actions=load:0x2->NXM_NX_IP_ECN[[]]
|
|
|
|
|
])
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow11 dump-flows br0 | ofctl_strip], [0], [dnl
|
|
|
|
|
OFPST_FLOW reply (OF1.1):
|
|
|
|
|
ip actions=mod_nw_ecn:2
|
|
|
|
|
])
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow12 dump-flows br0 | ofctl_strip], [0], [dnl
|
|
|
|
|
OFPST_FLOW reply (OF1.2):
|
|
|
|
|
ip actions=set_field:2->nw_ecn
|
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
dnl Check that OF1.2+ set_field to set ECN is translated into the OF1.1
|
|
|
|
|
dnl mod_nw_ecn action.
|
|
|
|
|
dnl
|
|
|
|
|
dnl We don't do anything equivalent for OF1.0 reg_load because we prefer
|
|
|
|
|
dnl that anything that comes in as reg_load gets translated back to reg_load
|
|
|
|
|
dnl on output. Perhaps this is somewhat inconsistent but it's what OVS
|
|
|
|
|
dnl has done for multiple versions.
|
|
|
|
|
AT_CHECK([ovs-ofctl del-flows br0])
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow12 add-flow br0 'ip,actions=set_field:2->ip_ecn'])
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow11 dump-flows br0 | ofctl_strip], [0], [dnl
|
|
|
|
|
OFPST_FLOW reply (OF1.1):
|
|
|
|
|
ip actions=mod_nw_ecn:2
|
|
|
|
|
])
|
2017-02-21 14:22:53 -05:00
|
|
|
|
|
|
|
|
dnl Check that OF1.2+ set_field to set ECN is translated for earlier OF
|
|
|
|
|
dnl versions.
|
|
|
|
|
AT_CHECK([ovs-ofctl del-flows br0])
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow10 add-flow br0 'ip,actions=set_field:2->ip_ecn'])
|
|
|
|
|
AT_CHECK([ovs-ofctl del-flows br0])
|
|
|
|
|
AT_CHECK([ovs-ofctl -O OpenFlow11 add-flow br0 'ip,actions=set_field:2->ip_ecn'])
|
|
|
|
|
|
2016-07-13 16:50:33 -07:00
|
|
|
OVS_VSWITCHD_STOP
|
|
|
|
|
AT_CLEANUP
|
2016-07-13 16:41:00 -07:00
|
|
|
|
