This will be useful later when we add support for matching the ECN bits
within the TOS field.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Patch below fixes build on FreeBSD; tested on 10.0-CURRENT.
Signed-off-by: Edward Tomasz Napierala <trasz@FreeBSD.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The exit action causes the switch to immediately halt processing of
further actions. It's intended to be used in conjunction with
multi table support. It allows a table to force tables which call
it to discontinue processing a flow.
Until now, OVS has handled IP fragments more awkwardly than necessary. It
has not been possible to match on L4 headers, even in fragments with offset
0 where they are actually present. This means that there was no way to
implement ACLs that treat, say, different TCP ports differently, on
fragmented traffic; instead, all decisions for fragment forwarding had to
be made on the basis of L2 and L3 headers alone.
This commit improves the situation significantly. It is still not possible
to match on L4 headers in fragments with nonzero offset, because that
information is simply not present in such fragments, but this commit adds
the ability to match on L4 headers for fragments with zero offset. This
means that it becomes possible to implement ACLs that drop such "first
fragments" on the basis of L4 headers. In practice, that effectively
blocks even fragmented traffic on an L4 basis, because the receiving IP
stack cannot reassemble a full packet when the first fragment is missing.
This commit works by adding a new "fragment type" to the kernel flow match
and making it available through OpenFlow as a new NXM field named
NXM_NX_IP_FRAG. Because OpenFlow 1.0 explicitly says that the L4 fields
are always 0 for IP fragments, it adds a new OpenFlow fragment handling
mode that fills in the L4 fields for "first fragments". It also enhances
ovs-ofctl to allow users to configure this new fragment handling mode and
to parse the new field.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Bug #7557.
Commit d2c0fe (nicira-ext: Bump number of registers to five from four.)
broke the build on 64-bit systems. This commit fixes the problems it
introduced.
make_packet_out() operates solely at the OpenFlow layer, so it
should never receive OVSP_LOCAL as an in_port. This function is
used only by the learning switch, which will never generate
a packet with OVSP_LOCAL so this fixes not a bug but a violation
of semantics.
Commit d1e9b9bf3 "nicira-ext: Renumber NXT_FLOW_MOD_TABLE_ID" eliminated
the need for the NXT_SET_FLOW_FORMAT and NXT_FLOW_MOD_TABLE_ID commands to
have different sizes, so asserting that they are different isn't useful
anymore (although it is still correct and always will be).
There are a few loose ends here. First, learning actions cause too much
flow revalidation. Upcoming commits will fix that problem. The following
additional issues have not yet been addressed:
* Resource limits: nothing yet limits the maximum number of flows that
can be learned. It is possible to exhaust all system memory.
* Age reporting: there is no way to find out how soon a learned table
entry is due to be evicted.
To try this action out, here's a recipe for a very simple-minded MAC
learning switch. It uses a 10-second MAC expiration time to make it easier
to see what's going on:
ovs-vsctl del-controller br0
ovs-ofctl del-flows br0
ovs-ofctl add-flow br0 "table=0 actions=learn(table=1, hard_timeout=10, \
NXM_OF_VLAN_TCI[0..11], NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], \
output:NXM_OF_IN_PORT[]), resubmit(,1)"
ovs-ofctl add-flow br0 "table=1 priority=0 actions=flood"
You can then dump the MAC learning table with:
ovs-ofctl dump-flows br0 table=1
This commit primarily moves the OFPAT_ACTION and NXAST_ACTION invocations
into a new file ofp-util.def. This allows multiple places in the source to
use them.
This commit also adds a new function ofputil_action_code_from_name().
The following commit will add the first user.
We had these functions scattered around the source tree anyway. packets.h
is a good place to centralize them.
I do plan to introduce some additional callers.
The prefix "ODP_*" is not overly descriptive in the context of the
larger Linux tree. This commit changes the prefix to "OVS_*" for the
userpace to kernel interactions. The userspace libraries still use
"ODP_" in many of their interfaces since it is more descriptive in the
OVS oeuvre.
Feature #6904
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Changing "struct flow" or its wildcards requires minor adjustments
in many places in the code. This patch adds a new FLOW_WC_SEQ
sequence number which when incremented will cause build assertion
failures aiding the developer in finding code which needs to
change.
The previous implementation of ofputil_decode_action() had two weaknesses.
First, the action lengths in its tables were written as literal integers
instead of using "sizeof". Second, it used arrays for tables instead of
switch statements, which meant that GCC didn't warn when someone added a
new action type but forgot to add an entry to the tables.
This rewrite fixes both of those problems.
Suggested-by: Ethan Jackson <ethan@nicira.com>
This patch creates two new helper functions, nxm_reg_load() and
nxm_dst_check(). The new nxm_dst_check() function may be used to
check the validity of destination fields used by actions. The new
nxm_reg_load() function may be used by actions which need to write
to NXM fields.
This patch also allows multipath and autopath to write their result
to non-register NXM fields.
This patch creates a new action called "bundle". Bundles are a way
to implement a simple form of multipath in OpenFlow by grouping
several ports in a single output-like action.
This significantly simplifies code in ofp-print and ofproto-dpif and is
likely to simplify any new ofproto implementations whose support for
actions differs from ofproto-dpif.
The existing actions_first() and actions_next() iterator functions are not
much like the other iteration constructs found throughout the Open vSwitch
tree. Also, they only work with actions that have already been validated,
so there are cases where they cannot be used.
This commit adds new macros for iterating through OpenFlow actions, one
for actions that have been validated and one for actions that have not, and
adapts the existing users. The following commit will further refine action
parsing and add more users.
An upcoming commit will introduce new OPFUTIL_* constants for actions. It
seems best to be able to visually distinguish the contants. Most of the
existing constants start with a good prefix, but OFPUTIL_INVALID does not,
so rename it.
Some hardware supports reporting packet or byte counters but not both, so
OVS has to be prepared for that.
Suggested-by: Justin Pettit <jpettit@nicira.com>
These structures for OpenFlow stats requests and replies have identical
memebers, but until now they have been separate structures. Since in some
cases we actually want to treat both of them the same way, this has led
to various kinds of awkwardness. This commit merges them into a new
"struct ofp_stats_msg" and fixes up the users.
We don't know of anyone using this command in production yet, so it seems
reasonable to give it a new number instead of coping with it having a
conflicting number.
The NXAST_DROP_SPOOFED_ARP action has been deprecated in favor of
defining flows using the NXM_NX_ARP_SHA flow match for a while. This
commit removes it.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Based on a patch by Jean Tourrilhes <jt@hpl.hp.com>. According to Jean,
besides increasing flexibility, this reduces normalization warnings.
Tested-by: Jean Tourrilhes <jt@hpl.hp.com>
Feature #5029 requests that "ovs-ofctl add-flow" report an attempt to add
a flow that is not properly normalized, that is, a flow to which the switch
will add extra wildcards, ignoring some fields specified by the user. This
requires that ofp-util make flow normalization directly available (again).
Until now, flow normalization has only been applied to OpenFlow 1.0 flows,
but the concept applies equally to NXM, so this commit generalizes the
implementation to NXM also.
I know already that this breaks the statsfixes that were implemented by the
following commits:
827ab71c97f "ofproto: Datapath statistics accounted twice."
6f1435fc8f7 "ofproto: Resubmit statistics improperly account during..."
These were already broken in a previous merge. I will work on a fix.
The flow_wildcards_t type is defined as a distinct type from sparse's
perspective (with __attribute__((bitwise))) so that we don't accidentally
mix it with only-partially-compatible OFPFW_* flags. But we were weren't
using it quite right in a few plces. This fixes it up.
