Usually the table id in flow mods is 255, which means that goto table
instruction cannot be checked before the table is picked (for flow add),
or the rules to be modified are found (flow mod).
Move goto table checking from decode (ofp-util) to actions checking
(ofp-actions), and postpone the action checking until the table in
which the actions are added is known.
This fixes OFPBRC_BAD_TABLE_ID errors for flow adds that specify the table
id as 255, and have a goto table instruction.
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
OpenFlow 1.2 standardized experimenter error codes in a way different from
the Nicira extension. This commit implements the OpenFlow 1.2+ version.
This commit also makes it easy to add error codes for new experimenter IDs
by adding new *_VENDOR_ID definitions to openflow-common.h.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Until now, datapath ports and openflow ports were both represented by
unsigned integers of various sizes. With implicit conversions, etc., it is
easy to mix them up and use one where the other is expected. This commit
creates two typedefs, ofp_port_t and odp_port_t. Both of these two types
are marked by "__attribute__((bitwise))" so that sparse can be used to
detect any misuse.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Found a bug that OVS allows goto_table_id to be smaller than (or equal to)
the current table id where the flow resides. It potentially creates an
infinite loop when composing actions for a packet. To fix it, we just let
OVS returns an error message to prevent such flow to be programmed.
Signed-off-by: Jing Ai <jinga@google.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
strftime() returns 0 and leaves the contents of the output buffer
unspecified if the output buffer is not big enough. Thus, one should
check strftime()'s return value. Until now, OVS has had a few invocations
of strftime() that did not check the return value. This commit fixes
those. I believe that the buffers were always large enough in each case,
but it's better to be safe.
Reported-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Otherwise the command will time out after a while when there's no traffic,
which probably isn't what we want.
Reported-by: Henry Mai <hmai@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Reducing non-const static data makes code more obviously thread-safe.
Although option parsing does not normally need to be thread-safe, I
don't know of a drawback to making its data const.
Signed-off-by: Ben Pfaff <blp@nicira.com>
The IS_POW2 macro is meant for use in contexts where a function call is not
allowed.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
rconn_add_monitor() tries to check the version of the controller
connection being monitored, so that it can decide what OpenFlow version to
tell the monitor connection to negotiate. But at any given time an rconn
may not have a controller connection (e.g. during backoff), so rc->vconn
may be null and thus vconn_get_version(rc->vconn) dereferences a null
pointer.
Fixing the problem in a local way would require the rconn to remember the
previous version negotiated, and that fails if the rconn hasn't yet
connected or if the next connection negotiates a new version.
This commit instead adds the ability to a vconn to accept any OpenFlow
message version and modifies "ovs-ofctl snoop" to use that feature, thus
removing the need to negotiate the "correct" version on snoops.
Bug #14265.
Reported-by: Pratap Reddy <preddy@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
All of the paths in open_vconn__(), except the one path that calls
vconn_open() directly, just start the connection and do not block until
it completes. This changes the remaining path to work the same way.
This will be important in an upcoming commit when in some cases we need to
take an action between opening and connecting.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
This is a straight search-and-replace, except that I also removed #include
<assert.h> from each file where there were no assert calls left.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
The customary parameter order in Open vSwitch is to put input parameters
before output parameters, but vconn_open() and pvconn_open() had the 'dscp'
input parameter at the end, which bugged me a bit. Also,
vconn_open_block() didn't take a 'dscp' parameter at all even though it's
otherwise a wrapper around vconn_open(). This commit fixes all that up.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
When ofp-errors was introduced, each OFPERR_* was either an extension or
not. However, since then, some Nicira extension error code have been
given official error codes in later OpenFlow versions, so now whether an
OFPERR_* is an extension depends on the OpenFlow versions. This means
that certain errors were encoded incorrectly as extensions in later
OpenFlow versions. This commit fixes the problem.
This commit also adds a test that should prevent a regression.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Only set the default format for ovs-ofctl monitor if
OpenFlow 1.0 is the prevailing version. IMHO that is
the only case where it makes sense.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The -O and -F options interact, so that it's possible to select only
flow formats that are not supported on a given OpenFlow version. It seems
best to report these problems up front rather than failing in a more
mysterious way later.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Simon Horman <horms@verge.net.au>
--protocols allows configuration of the versions
that may be used when establishing an OpenFlow connection.
The default is 'OpenFlow10' which is consistent with
the behaviour prior to this patch.
The useful values at this time are:
'OpenFlow10', 'OpenFlow12', 'OpenFlow13',
Values may be combined in a comma delimited list.
e.g.: --protocols 'OpenFlow10,OpenFlow12,OpenFlow13'
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Add OFPP_ANY to include/openflow/openflow-1.1.h, and allow it as a port in
queue stats request. Make ovs_ofctl use OFPP_ANY instead of OFPP_ALL for queue
stats requests on OF 1.1+.
This patch changes "none" ports print out. "none" is still accepted on input
for backwards compatibility, but it prints out as "ANY". To make this less
confusing, I changed the test cases to use "controller" or "any" instead of
"none". The test case that tests for both "none" and "controller" still tests
for them.
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
ESX supports unix sockets, but they don't manifest themselves in
file system like they do on Linux. Instead of using stat to check
if a unix socket exist, this patch simply tries to open it instead.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Soon, it's not going to be possible to switch between every possible
protocol on an established OpenFlow connection, yet
ofputil_encode_set_protocol() didn't have a documented way to report such
a problem. This commit adds a means for reporting and makes its callers
able to handle the problem.
Also, initially make ofputil_encode_set_protocol() fail when the current
and requested protocols are for different OpenFlow versions.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Reviewed-by: Simon Horman <horms@verge.net.au>
This is in preparation for allowing the range of allowed OpenFlow versions
to be configured.
As part of this change pvconn_open() is now paramatised over the allowed
versions. this is to avoid avoids needing to provide version information
as a parameter to pvconn_accept(). This will in turn avoid the need to
pass version information to connmgr_run().
Signed-off-by: Simon Horman <horms@verge.net.au>
[blp@nicira.com simplified slightly and generalize log messages]
Signed-off-by: Ben Pfaff <blp@nicira.com>
When I wrote this function I didn't think that port 0 was important (it's
not a valid OpenFlow port number) so I used a return value of 0 to indicate
an error. However, my assumption turns out to be wrong, so this commit
changes the interface to use the return value only for error reporting
and store the parsed port number into a pointer passed in as a parameter.
This commit doesn't change the behavior of ofputil_port_from_string().
Signed-off-by: Ben Pfaff <blp@nicira.com>
This allows for encoding and decoding Open Flow 1.1 and 1.2 Queue Stats
Request and Reply messages.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This allows for encoding and decoding Open Flow 1.1 and 1.2 Port Stats
Request and Reply message
Signed-off-by: Simon Horman <horms@verge.net.au>
[blp@nicira.com added ofputil_count_port_stas(), simplified
interface of ofputil_decode_port_stats(), style changes]
Signed-off-by: Ben Pfaff <blp@nicira.com>
OpenFlow 1.0 has special reserved ports in the range 0xfff8 to 0xffff.
OpenFlow 1.1 and later has the same ports in the range 0xfffffff8 to
0xffffffff and allows the OF1.0 range to be used for ordinary ("physical")
switch ports. This means that, naively, the meaning of a port number in
the range 0xfff8 to 0xffff given on the ovs-ofctl command line depends on
the protocol in use. This commit implements something a little smarter:
- Accept keyword names (e.g. LOCAL) for special reserved ports
everywhere that such a port can plausibly be used (previously they
were only accepted in some places).
- Translate 0xfff8...0xffff to 0xfffffff8...0xffffffff for now, since
OF1.1+ isn't in widespread use and those particular ports aren't
likely to be in use in OF1.1+ anyway.
- Log warnings about those ports when they are specified by number, to
allow users to fix their invocations.
Also:
- Accept the OF1.1+ port numbers for these ports, without warning, for
compatibility with the upcoming OF1.1+ support.
- Stop accepting port number 0, which has never been a valid port
number in OpenFlow 1.0 and later. (This required fixing some tests
that inadvertently used this port number).
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Simon Horman <horms@verge.net.au>
A cls_rule is 324 bytes on i386 now. The cost of a flow table lookup is
currently proportional to this size, which is going to continue to grow.
However, the required cost of a flow table lookup, with the classifier that
we currently use, is only proportional to the number of bits that a rule
actually matches. This commit implements that optimization by replacing
the match inside "struct cls_rule" by a sparse representation.
This reduces struct cls_rule to 100 bytes on i386.
There is still some headroom for further optimization following this
commit:
- I suspect that adding an 'n' member to struct miniflow would make
miniflow operations faster, since popcount() has some cost.
- It's probably possible to replace the "struct minimatch" in cls_rule
by just a "struct miniflow", since the cls_rule's cls_table has a
copy of the minimask.
- Some of the miniflow operations aren't well-optimized.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Until now, "struct cls_rule" didn't own any data outside its own memory
block. An upcoming commit will make "struct cls_rule" sometimes own blocks
of memory, so it needs "destroy" and to a lesser extent "clone" functions.
This commit adds these in advance, even though they are mostly no-ops, to
make it possible to separately review the memory management.
Signed-off-by: Ben Pfaff <blp@nicira.com>
In order to form a stats message for the prevailing OpenFlow version
of a vconn the vconn needs to be open at the time the request is
encoded. Thus there is no longer a case where it makes sense to
use dump_stats_transaction() without a vconn already being open and
available to pass as a parameter.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Rob Sherwood reported a bug in OVS treatment of ofp10_match bytes that
should be ignored some time ago:
> In any case, the pktact.SingleWildcardMatch and
> pktact.AllExceptOneWildcardMatch tests were failing because it looks
> like OVS (v1.4 release) was not matching vlan tagged packets when the
> match wildcarded vlan but the dl_vlan value (which should be ignored,
> because it is wildcarded) was non-zero. We've worked around this in
> OFTest by making sure that the dl_vlan value is zero when vlan is
> wildcarded and now the test passes.
>
> In other words:
>
> if (ofp_match->wildcards&OFPFW_DL_VLAN) is true, then the match should
> match both tagged and untagged packets, independent of the value of
> ofp_match->dl_vlan. OVS (seemingly) only matches tagged packets if
> ofp_match->dl_vlan == 0.
I wasn't able to spot the problem at the time, and I still don't see a
problem (perhaps it has been fixed since then), but this commit should
prevent any regression for this specific problem and for anything like it.
It would be natural to modify the parse-ofp11-match test in the same way,
but this commit doesn't do it.
Rob's original bug report is at:
https://mailman.stanford.edu/pipermail/openflow-discuss/2012-March/003107.html
Reported-by: Rob Sherwood <rob.sherwood@bigswitch.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
In the case of Open Flow 1.2, which is currently the only
time that OXM is be used, there is a 4 byte header before
the match which needs to be taken into account when calculating
the pad length. This complicates nx_match pull and put somewhat.
This patch takes an approach suggested by Ben Pfaff to separate the
encoding of the match and the adding of padding and, in the case of OXM,
a header.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
OpenFlow headers are not as uniform as they could be, with size, alignment,
and numbering changes from one version to another and across varieties
(e.g. ordinary messages vs. "stats" messages). Until now the Open vSwitch
internal APIs haven't done a good job of abstracting those differences in
header formats. This commit changes that; from this commit forward very
little code actually needs to understand the header format or numbering.
Instead, it can just encode or decode, or pull or put, the header using
a more abstract API using the ofpraw_, ofptype_, and other APIs in the
new ofp-msgs module.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Tested-by: Simon Horman <horms@verge.net.au>
Reviewed-by: Simon Horman <horms@verge.net.au>
It is possible for "struct ofpact"s to differ bytewise even if they are
equivalent when converted to another representation, such as OpenFlow 1.0
action format or a string representation. This can cause "ovs-ofctl
diff-flows" to print surprising false "differences", e.g. as in the bug
report:
- actions=resubmit(,1)
+ actions=resubmit(,1)
This commit fixes the problem by comparing not just the ofpacts but also
the string representation and printing a difference only if both differ.
Bug #8899.
Reported-by: Luca Giraudo <lgiraudo@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This follows the form of the OF1.1 match decoding and encoding test that I
wrote a while back, which seems to be a good form to use.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Tested-by: Simon Horman <horms@verge.net.au>
Commit 4ce9c31573 (ovs-ofctl: Factor code out of read_flows_from_switch().)
introduced a use-after-free error, fixed by this change.
Also adds a unit test for "ovs-ofctl diff-flows" that would have found the
problem. (The bug report cited "diff-flows" but this bug was present in
dump-flows as well because they share common code.)
Bug #12461.
Reported-by: James Schmidt <jschmidt@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The implementation of "ofctl/block" used a nested poll loop, with an inner
call to unixctl_server_run(). This poll loop always ran inside an outer
call to unixctl_server_run(), since that's the context within which unixctl
command implementations run. That means that, if a unixctl connection got
closed within the inner poll loop, and the outer poll loop happened to be
processing the same unixctl connection, then the outer poll loop would
dereference data in the freed connection.
The simplest solution is to avoid a nested poll loop, so that's what this
commit does.
This didn't cause a failure in the unit tests on i386 (which is why I
didn't catch it before pushing) but it did, reliably, on x86-64, and it
showed up in valgrind everywhere.
Signed-off-by: Ben Pfaff <blp@nicira.com>
