/* "tun_flags".
*
- * Combination of FLOW_TNL_F_* bitmapped flags that indicate properties of
- * a tunneled packet. Internal use only, not programmable from controller.
+ * Flags representing aspects of tunnel behavior.
+ *
+ * This field currently only has a single flag defined:
+ *
+ * - NX_TUN_FLAG_OAM: The tunnel protocol indicated that this is an
+ * OAM control packet.
+ *
+ * The switch may reject matches against values that it is not aware of.
+ *
+ * Note that it is possible for newer version of Open vSwitch to
+ * introduce additional flags with varying meaning. It is therefore not
+ * recommended to use an exact match on this field since the behavior of
+ * these new flags is unknown and should be ignored.
*
* For non-tunneled packets, the value is 0.
*
- * Type: be16.
- * Maskable: no.
+ * Type: be16 (low 1 bits).
+ * Maskable: bitwise.
* Formatting: tunnel flags.
* Prerequisites: none.
- * Access: read-only.
- * NXM: none.
+ * Access: read/write.
+ * NXM: NXM_NX_TUN_FLAGS(104) since v2.5.
* OXM: none.
*/
MFF_TUN_FLAGS,
*/
MFF_PKT_MARK,
+ /* "ct_state".
+ *
+ * Connection tracking state. The field is populated by the NXAST_CT
+ * action. The following bit values describe the state of the connection:
+ *
+ * - New (0x01): This is the beginning of a new connection.
+ * - Established (0x02): This is part of an already existing connection.
+ * - Related (0x04): This is a separate connection that is related to an
+ * existing connection.
+ * - Invalid (0x20): This flow could not be associated with a connection.
+ * This could be set for a variety of reasons,
+ * including (but not limited to):
+ * - L3/L4 protocol handler is not loaded/unavailable.
+ * - L3/L4 protocol handler determines that the packet
+ * is malformed or invalid for the current FSM stage.
+ * - Packets are unexpected length for protocol.
+ * - Reply (0x40): This flow is in the reply direction, ie it did not
+ * initiate the connection.
+ * - Tracked (0x80): Connection tracking has occurred.
+ *
+ * The "Tracked" bit corresponds to the packet_state as described in the
+ * description of NXAST_CT action. The remaining bits correspond to
+ * connection state. The "New" bit implies that the connection state
+ * is uncommitted, while "Established" implies that it has previously been
+ * committed.
+ *
+ * There are additional constraints on the ct_state bits, listed in order
+ * of precedence below:
+ *
+ * - If "Tracked" is unset, no other bits may be set.
+ * - If "Tracked" is set, one or more other bits may be set.
+ * - If "Invalid" is set, only the "Tracked" bit is also set.
+ * - The "New" and "Established" bits are mutually exclusive.
+ * - The "New" and "Reply" bits are mutually exclusive.
+ * - The "Related" bit may be set in conjunction with any other bits.
+ * Connections that are identified as "Related" are separate
+ * connections from the originating connection, so must be committed
+ * separately. All packets for a related connection will have the
+ * "Related" bit set (not just the initial packet).
+ *
+ * Type: be32.
+ * Maskable: bitwise.
+ * Formatting: ct state.
+ * Prerequisites: none.
+ * Access: read-only.
+ * NXM: NXM_NX_CT_STATE(105) since v2.5.
+ * OXM: none.
+ */
+ MFF_CT_STATE,
+
+ /* "ct_zone".
+ *
+ * Connection tracking zone. The field is populated by the
+ * NXAST_CT action.
+ *
+ * Type: be16.
+ * Maskable: no.
+ * Formatting: hexadecimal.
+ * Prerequisites: none.
+ * Access: read-only.
+ * NXM: NXM_NX_CT_ZONE(106) since v2.5.
+ * OXM: none.
+ */
+ MFF_CT_ZONE,
+
+ /* "ct_mark".
+ *
+ * Connection tracking mark. The mark is carried with the
+ * connection tracking state. On Linux this corresponds to the
+ * nf_conn's "mark" member but the exact implementation is
+ * platform-dependent.
+ *
+ * Writable only from nested actions within the NXAST_CT action.
+ *
+ * Type: be32.
+ * Maskable: bitwise.
+ * Formatting: hexadecimal.
+ * Prerequisites: none.
+ * Access: read/write.
+ * NXM: NXM_NX_CT_MARK(107) since v2.5.
+ * OXM: none.
+ */
+ MFF_CT_MARK,
+
#if FLOW_N_REGS == 8
/* "reg<N>".
*
*
* The source address in the IPv6 header.
*
- * Type: IPv6.
+ * Type: be128.
* Maskable: bitwise.
* Formatting: IPv6.
* Prerequisites: IPv6.
*
* The destination address in the IPv6 header.
*
- * Type: IPv6.
+ * Type: be128.
* Maskable: bitwise.
* Formatting: IPv6.
* Prerequisites: IPv6.
*
* Before Open vSwitch 1.8, only CIDR masks were supported.
*
- * Type: IPv6.
+ * Type: be128.
* Maskable: bitwise.
* Formatting: IPv6.
* Prerequisites: ND.
MFS_HEXADECIMAL,
/* Other formats. */
+ MFS_CT_STATE, /* Connection tracking state */
MFS_ETHERNET,
MFS_IPV4,
MFS_IPV6,
union mf_value {
uint8_t tun_metadata[128];
struct in6_addr ipv6;
- uint8_t mac[ETH_ADDR_LEN];
+ struct eth_addr mac;
+ ovs_be128 be128;
ovs_be64 be64;
ovs_be32 be32;
ovs_be16 be16;
BUILD_ASSERT_DECL(sizeof(union mf_value) == 128);
BUILD_ASSERT_DECL(sizeof(union mf_value) >= GENEVE_MAX_OPT_SIZE);
+/* A const mf_value with all bits initialized to ones. */
+extern const union mf_value exact_match_mask;
+
/* Part of a field. */
struct mf_subfield {
const struct mf_field *field;
};
struct {
uint8_t dummy_mac[122];
- uint8_t mac[6];
+ struct eth_addr mac;
};
struct {
ovs_be32 dummy_ipv4[31];
/* Prerequisites. */
bool mf_are_prereqs_ok(const struct mf_field *, const struct flow *);
-void mf_mask_field_and_prereqs(const struct mf_field *, struct flow *mask);
+void mf_mask_field_and_prereqs(const struct mf_field *,
+ struct flow_wildcards *);
void mf_bitmap_set_field_and_prereqs(const struct mf_field *mf, struct
mf_bitmap *bm);
void mf_get_value(const struct mf_field *, const struct flow *,
union mf_value *value);
void mf_set_value(const struct mf_field *, const union mf_value *value,
- struct match *);
+ struct match *, char **err_str);
void mf_set_flow_value(const struct mf_field *, const union mf_value *value,
struct flow *);
void mf_set_flow_value_masked(const struct mf_field *,
const union mf_value *value,
const union mf_value *mask,
struct flow *);
-bool mf_is_zero(const struct mf_field *, const struct flow *);
+bool mf_is_tun_metadata(const struct mf_field *);
+bool mf_is_set(const struct mf_field *, const struct flow *);
void mf_mask_field(const struct mf_field *, struct flow *);
int mf_field_len(const struct mf_field *, const union mf_value *value,
- const union mf_value *mask);
+ const union mf_value *mask, bool *is_masked);
void mf_get(const struct mf_field *, const struct match *,
union mf_value *value, union mf_value *mask);
/* Returns the set of usable protocols. */
-enum ofputil_protocol mf_set(const struct mf_field *,
- const union mf_value *value,
- const union mf_value *mask,
- struct match *);
+uint32_t mf_set(const struct mf_field *, const union mf_value *value,
+ const union mf_value *mask, struct match *, char **err_str);
-void mf_set_wild(const struct mf_field *, struct match *);
+void mf_set_wild(const struct mf_field *, struct match *, char **err_str);
/* Subfields. */
void mf_write_subfield_flow(const struct mf_subfield *,