Nicira's controllers are somewhat heterogeneous, so that particular
"packet-in" messages should be directed to particular controllers. This
new Nicira extension action allows designating a controller or controllers
to receive the "packet-in" using a 16-bit integer ID.
The new NXAST_CONTROLLER action also specifies the "reason" code to include
in the "packet-in" message. This is particularly useful for simulating a
"no-match" "packet-in" using a rule.
Feature #8946.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Upcoming commits add a user for ofputil_packet_in_reason_from_string()
and more users for ofputil_packet_in_reason_to_string().
Signed-off-by: Ben Pfaff <blp@nicira.com>
The "learn" action can create matching return flows. If those have a long
timeout then it's a good idea to have a way to notice when in fact the
flows have terminated. This new action and matching "learn" feature
provides that way.
Feature #8603.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Until now, the rules that cover the asynchronous messages that Open vSwitch
sends to a controller have been ad hoc. The new NXT_SET_ASYNC_CONFIG
message provides systematic, precise control.
Feature #7086.
Signed-off-by: Ben Pfaff <blp@nicira.com>
I intend to use OFPFF_SEND_FLOW_REM in upcoming unit tests. I threw in
OFPFF_CHECK_OVERLAP also because it didn't cost me anything. I omitted
parsing support for OFPFF_EMERG because we opposed its inclusion from the
start and it was removed from OpenFlow 1.2.
Signed-off-by: Ben Pfaff <blp@nicira.com>
This makes the ofp-util support for packet_out better match the support
that ofp-util has for other OpenFlow messages. It also prepares for an
upcoming patch that adds a new piece of code that generates packet_out
messages.
Signed-off-by: Ben Pfaff <blp@nicira.com>
The "learn" action is useful for MAC learning, but until now there has been
no way to find out through OpenFlow how much time remains before a MAC
learning entry (a learned flow) expires. This commit adds that ability.
Feature #7193.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Until now, parts of a field have been dealt with in a fairly ad-hoc way.
struct mf_subfield and the supporting functions added by this commit make
their use more systematic.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Following patch implements dec_ttl as vendor action with similar
semantics as OpenFlow 1.2. If TTL reaches zero while procession
actions in current table, the remaining actions in previous tables
are processed. A configuration parameter is added to make TTL
decrement to zero generate packet in.
Feature #8758
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
This commit switches from using the actual protocol values of error codes
internally in Open vSwitch, to using abstract values that are translated to
and from protocol values at message parsing and serialization time. I
believe that this makes the code easier to read and to write.
This is also one step along the way toward OpenFlow 1.1 support because
OpenFlow 1.1 renumbered a bunch of error codes.
Signed-off-by: Ben Pfaff <blp@nicira.com>
The new PACKET_IN format implemented in this patch includes flow
metadata such as the cookie, table_id, and registers.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Instead this patch uses flow_format() which gives very similar
output. This patch will improve the reliability of unit tests in
future patches which rely on the results of ofp_packet_to_string().
Signed-off-by: Ethan Jackson <ethan@nicira.com>
ofp_print_packet() and ofp_packet_to_string() don't use the
'total_len' argument which they require callers to supply.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Following patch adds skb-priority to flow key. So userspace will know
what was priority when packet arrived and we can remove the pop/reset
priority action. It's no longer necessary to have a special action for
pop that is based on the kernel remembering original skb->priority.
Userspace can just emit a set priority action with the original value.
Since the priority field is a match field with just a normal set action,
we can convert it into the new model for actions that are based on
matches.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Bug #7715
The exit action causes the switch to immediately halt processing of
further actions. It's intended to be used in conjunction with
multi table support. It allows a table to force tables which call
it to discontinue processing a flow.
This function was only pretty-printing "bad request" error payloads. I
don't know why. It makes sense to pretty-print all of them except for
"hello" messages, which already have their own special cases.
Suggestion #7369.
Suggested-by: Reid Price <reid@nicira.com>
Until now, OVS has handled IP fragments more awkwardly than necessary. It
has not been possible to match on L4 headers, even in fragments with offset
0 where they are actually present. This means that there was no way to
implement ACLs that treat, say, different TCP ports differently, on
fragmented traffic; instead, all decisions for fragment forwarding had to
be made on the basis of L2 and L3 headers alone.
This commit improves the situation significantly. It is still not possible
to match on L4 headers in fragments with nonzero offset, because that
information is simply not present in such fragments, but this commit adds
the ability to match on L4 headers for fragments with zero offset. This
means that it becomes possible to implement ACLs that drop such "first
fragments" on the basis of L4 headers. In practice, that effectively
blocks even fragmented traffic on an L4 basis, because the receiving IP
stack cannot reassemble a full packet when the first fragment is missing.
This commit works by adding a new "fragment type" to the kernel flow match
and making it available through OpenFlow as a new NXM field named
NXM_NX_IP_FRAG. Because OpenFlow 1.0 explicitly says that the L4 fields
are always 0 for IP fragments, it adds a new OpenFlow fragment handling
mode that fills in the L4 fields for "first fragments". It also enhances
ovs-ofctl to allow users to configure this new fragment handling mode and
to parse the new field.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Bug #7557.
These macros caused trouble if datapath-protocol.h was included before
openflow.h. Later references to the icmp_type and icmp_code members of
struct ovs_key_icmp caused compiler errors, because the macros caused them
to try to refer to nonexistent tp_src and tp_dst members in those
structures.
There are a few loose ends here. First, learning actions cause too much
flow revalidation. Upcoming commits will fix that problem. The following
additional issues have not yet been addressed:
* Resource limits: nothing yet limits the maximum number of flows that
can be learned. It is possible to exhaust all system memory.
* Age reporting: there is no way to find out how soon a learned table
entry is due to be evicted.
To try this action out, here's a recipe for a very simple-minded MAC
learning switch. It uses a 10-second MAC expiration time to make it easier
to see what's going on:
ovs-vsctl del-controller br0
ovs-ofctl del-flows br0
ovs-ofctl add-flow br0 "table=0 actions=learn(table=1, hard_timeout=10, \
NXM_OF_VLAN_TCI[0..11], NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], \
output:NXM_OF_IN_PORT[]), resubmit(,1)"
ovs-ofctl add-flow br0 "table=1 priority=0 actions=flood"
You can then dump the MAC learning table with:
ovs-ofctl dump-flows br0 table=1
This changes the output of "ovs-ofctl show" from printing ports like this:
1(eth1): addr:50:54:00:00:00:02, config: 0x11, state:0x1
to this:
1(eth1): addr:50:54:00:00:00:02
config: PORT_DOWN NO_FLOOD
state: LINK_DOWN
which seems much easier to read.
It also eliminates trailing white space from the output.
Reported-by: Ethan Jackson <ethan@nicira.com>
This patch creates a new action called "bundle". Bundles are a way
to implement a simple form of multipath in OpenFlow by grouping
several ports in a single output-like action.
This significantly simplifies code in ofp-print and ofproto-dpif and is
likely to simplify any new ofproto implementations whose support for
actions differs from ofproto-dpif.
The existing actions_first() and actions_next() iterator functions are not
much like the other iteration constructs found throughout the Open vSwitch
tree. Also, they only work with actions that have already been validated,
so there are cases where they cannot be used.
This commit adds new macros for iterating through OpenFlow actions, one
for actions that have been validated and one for actions that have not, and
adapts the existing users. The following commit will further refine action
parsing and add more users.
An upcoming commit will introduce new OPFUTIL_* constants for actions. It
seems best to be able to visually distinguish the contants. Most of the
existing constants start with a good prefix, but OFPUTIL_INVALID does not,
so rename it.
Flow dumps printed the OpenFlow table ID under the name "table_id", but
the flow parser only accepted "table". This makes them consistent by
changing the output. (Another alternative would be to change the accepted
input name.)
An upcoming patch will make stats messages much more like other messages,
in that their structures will include all of the headers. This means that
struct ofp_aggregate_stats_reply will no longer be appropriate as a
member of struct nx_aggregate_stats_reply, because it will then include
those additional header members.
Also, struct nx_aggregate_stats_reply doesn't need to use the special
ovs_32aligned_be64 type, since its 64-bit members are correctly aligned,
which is another reasonable reason to keep it separate.
These structures for OpenFlow stats requests and replies have identical
memebers, but until now they have been separate structures. Since in some
cases we actually want to treat both of them the same way, this has led
to various kinds of awkwardness. This commit merges them into a new
"struct ofp_stats_msg" and fixes up the users.
The NXAST_DROP_SPOOFED_ARP action has been deprecated in favor of
defining flows using the NXM_NX_ARP_SHA flow match for a while. This
commit removes it.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
I know already that this breaks the statsfixes that were implemented by the
following commits:
827ab71c97 "ofproto: Datapath statistics accounted twice."
6f1435fc8f "ofproto: Resubmit statistics improperly account during..."
These were already broken in a previous merge. I will work on a fix.
I looked at almost every uint<N>_t in the tree to determine whether it was
really in network byte order, and converted the ones that were.
The only remaining ones, modulo my mistakes, are in openflow.h. I'm not
sure whether we should convert those, because there might be some value
in remaining close to upstream for this header.
