tcp_flags=flags/mask
Bitwise match on TCP flags. The flags and mask are 16-bit num‐
bers written in decimal or in hexadecimal prefixed by 0x. Each
1-bit in mask requires that the corresponding bit in port must
match. Each 0-bit in mask causes the corresponding bit to be
ignored.
TCP protocol currently defines 9 flag bits, and additional 3
bits are reserved (must be transmitted as zero), see RFCs 793,
3168, and 3540. The flag bits are, numbering from the least
significant bit:
0: FIN No more data from sender.
1: SYN Synchronize sequence numbers.
2: RST Reset the connection.
3: PSH Push function.
4: ACK Acknowledgement field significant.
5: URG Urgent pointer field significant.
6: ECE ECN Echo.
7: CWR Congestion Windows Reduced.
8: NS Nonce Sum.
9-11: Reserved.
12-15: Not matchable, must be zero.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
OpenFlow 1.3 uses all-1-bits in a packet_in to indicate that the packet_in
was not generated by a flow, but Open vSwitch incorrectly used 0. This
fixes the problem.
For consistency, this commit also changes NXT_PACKET_IN to use all-1-bits
for this case, event though NXT_PACKET_IN was previously defined to use
zero. This doesn't appear to make a difference for the NVP controller; if
it causes a problem for some other controller then I will revert that part
of the change.
Found by inspection.
Signed-off-by: Ben Pfaff <blp@nicira.com>
send_len is not directly part of the OpenFlow packet_in message, at least
given that it is partially redundant with packet_len. send_len is, rather,
a request to the connmgr that expresses how many bytes the action requested
be sent to the controller, but the connmgr cannot always honor it.
Signed-off-by: Ben Pfaff <blp@nicira.com>
In OpenFlow 1.1 and 1.2, the push_mpls action pushes the MPLS label after
any existing VLAN tag. In OpenFlow 1.3, it pushes the label before any
existing VLAN tag. Until now, the action parser didn't distinguish these
cases. This commit adds support. Nothing yet actually changes the
behavior of push_mpls.
enum ofpact_mpls_position contributed by Ben Pfaff.
Signed-off-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Rather than tracking the MPLS depth as a field in the
flow, which is an entirely poor place for it, just track
the delta to the MPLS depth during translation.
This logic was developed while implementing recirculation
and intended to be used to detect when recirculation should
occur. This variant of the patch uses the logic to determine
if processing of actions should stop due to an MPLS
action which cannot be translated (without recirculation).
A side-effect of this patch is that it resolves a bug
whereby ovs-vswitchd will abort due to to an assertion
on eth_type_mpls(ctx->xin->flow.dl_type) in compose_mpls_pop_action(()
if the actions of a flow include pop_mpls twice without
a push_mpls in between.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The translation into OpenFlow 1.2 didn't trim off the OpenFlow 1.3 specific
bits. This fixes the problem.
It would probably be wise to introduce an ofputil_table_stats structure.
Using ofp12_table_stats is somewhat confusing.
Reported-by: Torbjorn Tornkvist <kruskakli@gmail.com>
Tested-by: Torbjorn Tornkvist <kruskakli@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Added infrastructure to support Openflow OFPT_TABLE_MOD message. This patch
does not include the flexible table miss handling code that is necessary to
support the semantics specified in OFPT_TABLE_MOD messages.
Current flow miss behavior continues to conform to Openflow 1.0. Future
commits to add more flexible table miss support are needed to fully support
OPFT_TABLE_MOD for Openflow-1.1+.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
struct ofputil_group_stats has an arbitrary limit
of 16 buckets for which it can record statistics.
However the code does not appear to enforce this
limit and it seems to me that the code could overflow.
This patch aims to remove the arbitrary limit by
changing the 'bucket_stats' field of struct ofputil_group_stats
from a fixed length array to a pointer whose storage is allocated and freed
as necessary.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This doesn't include a dpif implementation of groups functionality. In its
current form, it is untested.
Signed-off-by: Neil Zhu <zhuj@centecnetworks.com>
Co-authored-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Co-authored-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Simon Horman <horms@verge.net.au>
Co-authored-by: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Keep track of usable protocols while parsing actions and matches,
rather than checking for them afterwards. This fixes silently discarded
meter and goto table instructions when not explicitly specifying the
protocol to use.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The OFPFF_* flags used in flow_mods are just confusing enough that it
seems worthwhile to try to abstract them out. In particular:
* OFPFF_EMERG was introduced in OF1.0, deleted in OF1.1, and then
its bit was reused for a different purpose in OF1.2.
* OFPFF_RESET_COUNTS was introduced in OF1.2 but the semantics that it
specifies are implied by "add" commands in earlier versions, so
proper translation requires the OpenFlow version number and flow_mod
command.
This commit does the abstraction.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
The Linux kernel datapath enables matching and setting the skb mark
but this functionality is currently used only internally by
ovs-vswitchd. This exposes it through NXM to enable external
controllers to interact with other kernel subsystems. Although this
is simply exporting the skb mark, the intention is that this is a
platform independent mechanism to access some system metadata and
therefore may have different implementations on various systems.
Bug #17855
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
The skb_mark field is currently only available with the Linux datapath
and is only used internally. However, it is desirable to expose this
through OpenFlow and when it is exposed ideally it would not be system-
specific. In preparation for this, skb_mark is rename to pkt_mark in
internal data structures for consistency.
This does not rename the Linux interfaces because doing so would break
the API. It would not necessarily be desirable to do anyways since in
Linux-specific code it is clearer to use the actual name rather than a
generic one. This can lead to confusion in some places, however, because
we do not always strictly separate generic and platform dependent code
(one example is actions). This seems inevitable though at this point if
the lower and upper layers have different names (as they must given the
above requirements).
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
OpenFlow 1.0, 1.1, and 1.2 all have the same struct size for port and
queue stats. OpenFlow 1.3 has larger structs, but the ofp-util code didn't
realize that. This fixes the problem.
It appears that the only consequence of this problem would have been
printing the wrong count in ofp-print output.
Signed-off-by: Ben Pfaff <blp@nicira.com>
This commit fixes the warning issued by 'clang' when pointer is casted
to one with greater alignment.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
There is no reason to mark this function as inline. Let the compiler do
its job.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
Usually the table id in flow mods is 255, which means that goto table
instruction cannot be checked before the table is picked (for flow add),
or the rules to be modified are found (flow mod).
Move goto table checking from decode (ofp-util) to actions checking
(ofp-actions), and postpone the action checking until the table in
which the actions are added is known.
This fixes OFPBRC_BAD_TABLE_ID errors for flow adds that specify the table
id as 255, and have a goto table instruction.
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
OpenFlow 1.0 can match on flows that have the IPv6 Ethertype, but
ofputil_usable_protocols() incorrectly reported that such a match required
NXM or OXM. This commit fixes the problem.
Also, add some related tests.
Reported-by: Nagi Reddy Jonnala <njonnala@Brocade.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Validate claimed message length for meter stats in ofp-util.c.
Clean up meters in ofp-util.h.
Fix the impossible duration values in ofp-print.at.
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This function is more convenient than ofputil_format_port() when a "struct
ds" is not already in use. This commit converts one caller for which this
was already true, and the following commit will add another.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Until now, datapath ports and openflow ports were both represented by
unsigned integers of various sizes. With implicit conversions, etc., it is
easy to mix them up and use one where the other is expected. This commit
creates two typedefs, ofp_port_t and odp_port_t. Both of these two types
are marked by "__attribute__((bitwise))" so that sparse can be used to
detect any misuse.
Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Returning a static data buffer makes code more brittle and definitely
not thread-safe, so this commit switches to using a caller-provided
buffer instead.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Found a bug that OVS allows goto_table_id to be smaller than (or equal to)
the current table id where the flow resides. It potentially creates an
infinite loop when composing actions for a packet. To fix it, we just let
OVS returns an error message to prevent such flow to be programmed.
Signed-off-by: Jing Ai <jinga@google.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This makes life easier for a few callers, and it agrees with my usual
preference that a function should fill in its output parameters whether it
succeeds or not.
CC: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Adds tun_src and tun_dst match and set capabilities via new NXM fields
NXM_NX_TUN_IPV4_SRC and NXM_NX_TUN_IPV4_DST. This allows management of
large number of tunnels via the flow tables, without requiring the tunnels
to be pre-configured.
Flow-based tunnels can be configured with options remote_ip=flow and
local_ip=flow. local_ip=flow requires remote_ip=flow. When set, the
tunnel remote IP address and/or local IP address is set from the flow,
instead of the tunnel configuration.
Example:
$ ovs-vsctl add-port br0 gre -- set Interface gre ofport_request=1 type=gre options:remote_ip=flow options:key=flow
$ ovs-ofctl add-flow br0 "in_port=LOCAL actions=set_tunnel:1,set_field:192.168.0.1->tun_dst,output:1"
$ ovs-ofctl add-flow br0 "in_port=1 tun_src=192.168.0.1 tun_id=1 actions=LOCAL"
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
We always use unsigned types for port numbers elsewhere, so use one here
too.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
where it can't be EOF, cast a value to unsigned char before passing it
to ctype functions to avoid unintended sign extension.
Signed-off-by: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>
There were plans to use this in conjunction with inner/outer flows,
however that plan has been changed in favour of using recirculation.
This leaves us with the current usage.
encal_dl_type is currently only used to allow decoding of packets used in
the test suite. However, this is a bit of a fudge and the packets may be
provided as hexadecimal instead.
Also remove comments from parse_l2_5_onward() relating to MPLS which are
not in keeping with the commenting throughout the rest of the function.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
OpenFlow extensibility working group issue EXT-272 clarifies the use of
the generation_id in role reply messages as used for the current generation
ID or all-1-bits if there is no current generation ID. This commit
implements EXT-272 in Open vSwitch.
Unfortunately the full text of EXT-272 is not available freely online.
(The "open" part of the Open Networking Foundation is the network, not
the foundation)
EXT-272.
CC: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
It makes more sense to use enum ofp12_controller_role here than
to use enum nx_role, because the former is a superset of the latter and
we can then get rid of a bool member too.
Signed-off-by: Ben Pfaff <blp@nicira.com>
The autopath action was attempting to achieve functionality similar
to the bundle action, but was significantly clunkier, more
difficult to understand, more difficult to use, and less reliable.
This patch removes it.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
This patch implements use-space datapath and non-datapath code
to match and use the datapath API set out in Leo Alterman's patch
"user-space datapath: Add basic MPLS support to kernel".
The resulting MPLS implementation supports:
* Pushing a single MPLS label
* Poping a single MPLS label
* Modifying an MPLS lable using set-field or load actions
that act on the label value, tc and bos bit.
* There is no support for manipulating the TTL
this is considered future work.
The single-level push pop limitation is implemented by processing
push, pop and set-field/load actions in order and discarding information
that would require multiple levels of push/pop to be supported.
e.g.
push,push -> the first push is discarded
pop,pop -> the first pop is discarded
This patch is based heavily on work by Ravi K.
Cc: Ravi K <rkerur@gmail.com>
Reviewed-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This function has a parameter 's' and a local variable 's', so rename the
local variable to reduce confusion.
Found by Coverity.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
This is a straight search-and-replace, except that I also removed #include
<assert.h> from each file where there were no assert calls left.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Also, use ovs_strlcpy() instead of strcpy() just to be a teensy bit safer.
Found by valgrind.
Bug #14357.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
[blp@nicira.com made ofp-print print any error, renamed a function,
added a comment]
Signed-off-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: SUGYO Kazushi <sugyo.org@gmail.com>
[blp@nicira.com moved the test from ofproto.c to ofp-util.c]
Signed-off-by: Ben Pfaff <blp@nicira.com>
This patch adds logging support for skb_mark and skb_priority.
Acked-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
