These structures for OpenFlow stats requests and replies have identical
memebers, but until now they have been separate structures. Since in some
cases we actually want to treat both of them the same way, this has led
to various kinds of awkwardness. This commit merges them into a new
"struct ofp_stats_msg" and fixes up the users.
We don't know of anyone using this command in production yet, so it seems
reasonable to give it a new number instead of coping with it having a
conflicting number.
The NXAST_DROP_SPOOFED_ARP action has been deprecated in favor of
defining flows using the NXM_NX_ARP_SHA flow match for a while. This
commit removes it.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Based on a patch by Jean Tourrilhes <jt@hpl.hp.com>. According to Jean,
besides increasing flexibility, this reduces normalization warnings.
Tested-by: Jean Tourrilhes <jt@hpl.hp.com>
Feature #5029 requests that "ovs-ofctl add-flow" report an attempt to add
a flow that is not properly normalized, that is, a flow to which the switch
will add extra wildcards, ignoring some fields specified by the user. This
requires that ofp-util make flow normalization directly available (again).
Until now, flow normalization has only been applied to OpenFlow 1.0 flows,
but the concept applies equally to NXM, so this commit generalizes the
implementation to NXM also.
I know already that this breaks the statsfixes that were implemented by the
following commits:
827ab71c97f "ofproto: Datapath statistics accounted twice."
6f1435fc8f7 "ofproto: Resubmit statistics improperly account during..."
These were already broken in a previous merge. I will work on a fix.
The flow_wildcards_t type is defined as a distinct type from sparse's
perspective (with __attribute__((bitwise))) so that we don't accidentally
mix it with only-partially-compatible OFPFW_* flags. But we were weren't
using it quite right in a few plces. This fixes it up.
I looked at almost every uint<N>_t in the tree to determine whether it was
really in network byte order, and converted the ones that were.
The only remaining ones, modulo my mistakes, are in openflow.h. I'm not
sure whether we should convert those, because there might be some value
in remaining close to upstream for this header.
For a long time, Open vSwitch has "normalized" OpenFlow 1.0 flows in a
funny way: it tries to change fields that are wildcarded into fields
that are exact-match. For example, the normalize_match() function
knows that if dl_type is wildcarded, then all of the L3 and L4 fields
will always be extracted as 0, so it sets those fields to exact-match
and their values to 0.
The reason for this was originally that exact-match flows were much
cheaper for Open vSwitch to implement, because they could be implemented
with a hash table, whereas other kinds of flows had to be implemented
with an expensive linear search. But these days Open vSwitch has a
smarter classifier in which wildcarded flows have minimal cost. Also,
it is no longer possible for OpenFlow 1.0 to specify truly exact-match
flows, because Open vSwitch supports fields for which OpenFlow 1.0
cannot specify values and therefore will always be wildcarded.
Now, it no longer makes sense to do this transformation, so this commit
removes it. Presumably, this will be less surprising for users.
Reviewed-by: Simon Horman <horms@verge.net.au>
The normalize_match() function does more work than really needed. It goes
to some trouble to zero out fields that are wildcarded. This is not
necessary, because cls_rule_from_match() will take care of it later.
Also make normalize_match() private to ofp-util.c, since it has no other
users now and I don't expect more later.
Reviewed-by: Simon Horman <horms@verge.net.au>
OpenFlow 1.0 uses a 6-bit field to express the number of wildcarded bits
in the nw_src and nw_dst field. Any value 32 or greater in these fields
(binary 1xxxxx) means that all of the bits are wildcarded. That means
that there are 32 different ways to express a wildcarded nw_src or nw_dst.
At least two of those seem sensible (100000 and 111111) so we shouldn't
warn about one of them.
This fixes the problem by ORing with 100000 instead of 111111, so that any
already-correct wildcarded mask won't be affected.
This fix allows us to update some tests.
Reviewed-by: Simon Horman <horms@verge.net.au>
This implements basic multiple table support in ofproto and supporting
libraries and utilities. The design is the same as the one that has been
on the Open vSwitch "wdp" branch for a long time. There is no support for
multiple tables in the software switch implementation (ofproto-dpif), only
a set of hooks for other switch implementations to use.
To allow controllers to add flows in a particular table, Open vSwitch adds
an OpenFlow 1.0 extension called NXT_FLOW_MOD_TABLE_ID.
In addition to the changes to ofproto, this commit changes all of the
instances of "struct flow" in the tree so that the "in_port" member is an
OpenFlow port number. Previously, this member was an OpenFlow port number
in some cases and an ODP port number in other cases.
I looked at almost every uint<N>_t in the tree to determine whether it was
really in network byte order, and converted the ones that were.
The only remaining ones, modulo my mistakes, are in openflow.h. I'm not
sure whether we should convert those, because there might be some value
in remaining close to upstream for this header.
The "tun_id_from_cookie" OpenFlow extension predated NXM and supports only
a fraction of its features. Nothing (at Nicira, anyway) uses it any
longer. Support for it had been broken since January and it took until a
few days ago for anyone to complain, so it cannot be too important. This
commit removes it.
Just setting the tun_id field isn't enough--it's also necessary to set
the tun_id_mask. Otherwise the call to cls_rule_zero_wildcarded_fields()
at the end of ofputil_cls_rule_from_match() will zero out the tun_id again.
This was broken by commit 8368c090cab "Implement arbitrary bitwise masks
for tun_id field" back in January. (This makes me wonder whether we can
drop support for tun_id_from_cookie now.)
Reported-by: Dan Wendlandt <dan@nicira.com>
The range of "enum" types varies from one ABI to another. If the enums
being tested in these functions happen to be 16 bits wide, then GCC may
issue a warning because, in such a case, the comparison is always true.
Using an int instead of a uint16_t avoids that particular problem and
should suppress the warning.
Fixes the following reported warnings:
lib/ofp-print.c:240: warning: comparison is always true due to limited
range of data type
lib/ofp-util.c:1973: warning: comparison is always false due to limited
range of data type
Reported-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Back in 2008 or so, I introduced this extension as a way to provide
information about switch status to the new "switch UI" program. Since
then, the switch UI program has been removed and the important information
that was provided by the switch status extension is now available in the
database, so we might as well get rid of this extension, and that is what
this commit does.
This function will see more use later in this series. This commit just
starts using it to make ofp-print output entirely consistent for
OFPST_FLOW and NXST_FLOW replies.
Only NXM supports 64-bit cookies, but this code didn't properly check
for that. This commit fixes the problem and makes the code much more
explicit about what it is checking.
This will hide bug #4566, but the following commit actually fixes it.
IPv6 uses Neighbor Discovery messages in a similar manner to how IPv4
uses ARP. This commit adds support for matching deeper into the
payloads of Neighbor Solicitation (NS) and Neighbor Advertisement (NA)
messages. Currently, the matching fields include:
- NS and NA Target (nd_target)
- NS Source Link Layer Address (nd_sll)
- NA Target Link Layer Address (nd_tll)
When defining IPv6 Neighbor Discovery rules, the Nicira Extensible Match
(NXM) extension to OVS must be used.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Provides ability to match over IPv6 traffic in the same manner as IPv4.
Currently, the matching fields include:
- IPv6 source and destination addresses (ipv6_src and ipv6_dst)
- Traffic Class (nw_tos)
- Next Header (nw_proto)
- ICMPv6 Type and Code (icmp_type and icmp_code)
- TCP and UDP Ports over IPv6 (tp_src and tp_dst)
When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to
OVS must be used.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
OpenFlow 1.0 doesn't allow matching on the ARP source and target
hardware address. This has caused us to introduce hacks such as the
Drop Spoofed ARP action. Now that we have extensible match, we can
match on more fields within ARP:
- Source Hardware Address (arp_sha)
- Target Hardware Address (arp_tha)
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
One of the goals for Open vSwitch is to decouple kernel and userspace
software, so that either one can be upgraded or rolled back independent of
the other. To do this in full generality, it must be possible to change
the kernel's idea of the flow key separately from the userspace version.
In turn, that means that flow keys must become variable-length. This
commit makes that change using Netlink attribute sequences.
This commit does not actually make userspace flexible enough to handle
changes in the kernel flow key structure, because userspace doesn't yet
have enough information to do that intelligently. Upcoming commits will
fix that.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
check_action_exact_len() will always report that a Nicira extension action
has type 65535 (OFPAT_VENDOR), which isn't very helpful for debugging.
This introduces a new function that reports the subtype.
Also, log the subtype of unknown Nicira vendor actions.
First, this is an important message since it indicates a bug in the
controller, so log it at warning level instead of debug level--we want to
know about it.
Second, properly byteswap the action type.
Third, use the correct PRIu16 format specified for a uint16_t.
