#include "ofproto/ofproto-dpif-xlate.h"
+#include <errno.h>
+
#include "bfd.h"
#include "bitmap.h"
#include "bond.h"
#include "ofproto/ofproto-dpif-mirror.h"
#include "ofproto/ofproto-dpif-sflow.h"
#include "ofproto/ofproto-dpif.h"
+#include "ofproto/ofproto-provider.h"
#include "tunnel.h"
#include "vlog.h"
* flow translation. */
#define MAX_RESUBMIT_RECURSION 64
+struct ovs_rwlock xlate_rwlock = OVS_RWLOCK_INITIALIZER;
+
struct xbridge {
struct hmap_node hmap_node; /* Node in global 'xbridges' map. */
struct ofproto_dpif *ofproto; /* Key in global 'xbridges' map. */
struct hmap xports; /* Indexed by ofp_port. */
char *name; /* Name used in log messages. */
+ struct dpif *dpif; /* Datapath interface. */
struct mac_learning *ml; /* Mac learning handle. */
struct mbridge *mbridge; /* Mirroring. */
struct dpif_sflow *sflow; /* SFlow handle, or null. */
struct dpif_ipfix *ipfix; /* Ipfix handle, or null. */
struct stp *stp; /* STP or null if disabled. */
+ /* Special rules installed by ofproto-dpif. */
+ struct rule_dpif *miss_rule;
+ struct rule_dpif *no_packet_in_rule;
+
enum ofp_config_flags frag; /* Fragmentation handling. */
bool has_netflow; /* Bridge runs netflow? */
bool has_in_band; /* Bridge has in band control? */
struct xport *peer; /* Patch port peer or null. */
enum ofputil_port_config config; /* OpenFlow port configuration. */
- int stp_port_no; /* STP port number or 0 if not in use. */
+ int stp_port_no; /* STP port number or -1 if not in use. */
struct hmap skb_priorities; /* Map of 'skb_priority_to_dscp's. */
struct rule_dpif *rule;
int recurse; /* Recursion level, via xlate_table_action. */
- bool max_resubmit_trigger; /* Recursed too deeply during translation. */
uint32_t orig_skb_priority; /* Priority when packet arrived. */
uint8_t table_id; /* OpenFlow table ID where flow was found. */
uint32_t sflow_n_outputs; /* Number of output ports. */
uint16_t vlan);
static void compose_output_action(struct xlate_ctx *, ofp_port_t ofp_port);
-static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
-
static struct xbridge *xbridge_lookup(const struct ofproto_dpif *);
static struct xbundle *xbundle_lookup(const struct ofbundle *);
-static struct xport *xport_lookup(struct ofport_dpif *);
+static struct xport *xport_lookup(const struct ofport_dpif *);
static struct xport *get_ofp_port(const struct xbridge *, ofp_port_t ofp_port);
static struct skb_priority_to_dscp *get_skb_priority(const struct xport *,
uint32_t skb_priority);
void
xlate_ofproto_set(struct ofproto_dpif *ofproto, const char *name,
+ struct dpif *dpif, struct rule_dpif *miss_rule,
+ struct rule_dpif *no_packet_in_rule,
const struct mac_learning *ml, struct stp *stp,
const struct mbridge *mbridge,
const struct dpif_sflow *sflow,
free(xbridge->name);
xbridge->name = xstrdup(name);
+ xbridge->dpif = dpif;
xbridge->forward_bpdu = forward_bpdu;
xbridge->has_in_band = has_in_band;
xbridge->has_netflow = has_netflow;
xbridge->frag = frag;
+ xbridge->miss_rule = miss_rule;
+ xbridge->no_packet_in_rule = no_packet_in_rule;
}
void
}
hmap_remove(&xbridges, &xbridge->hmap_node);
+ mac_learning_unref(xbridge->ml);
+ mbridge_unref(xbridge->mbridge);
+ dpif_sflow_unref(xbridge->sflow);
+ dpif_ipfix_unref(xbridge->ipfix);
+ stp_unref(xbridge->stp);
+ hmap_destroy(&xbridge->xports);
free(xbridge->name);
free(xbridge);
}
if (xport->peer) {
xport->peer->peer = NULL;
}
- xport->peer = peer ? xport_lookup(peer) : NULL;
+ xport->peer = xport_lookup(peer);
if (xport->peer) {
xport->peer->peer = xport;
}
if (xport->xbundle) {
list_remove(&xport->bundle_node);
}
- xport->xbundle = ofbundle ? xbundle_lookup(ofbundle) : NULL;
+ xport->xbundle = xbundle_lookup(ofbundle);
if (xport->xbundle) {
list_insert(&xport->xbundle->xports, &xport->bundle_node);
}
struct skb_priority_to_dscp *pdscp;
uint32_t skb_priority;
- if (ofproto_dpif_queue_to_priority(xport->xbridge->ofproto,
- qdscp_list[i].queue,
- &skb_priority)) {
+ if (dpif_queue_to_priority(xport->xbridge->dpif, qdscp_list[i].queue,
+ &skb_priority)) {
continue;
}
free(xport);
}
+/* Given a datpath, packet, and flow metadata ('backer', 'packet', and 'key'
+ * respectively), populates 'flow' with the result of odp_flow_key_to_flow().
+ * Optionally, if nonnull, populates 'fitnessp' with the fitness of 'flow' as
+ * returned by odp_flow_key_to_flow(). Also, optionally populates 'ofproto'
+ * with the ofproto_dpif, and 'odp_in_port' with the datapath in_port, that
+ * 'packet' ingressed.
+ *
+ * If 'ofproto' is nonnull, requires 'flow''s in_port to exist. Otherwise sets
+ * 'flow''s in_port to OFPP_NONE.
+ *
+ * This function does post-processing on data returned from
+ * odp_flow_key_to_flow() to help make VLAN splinters transparent to the rest
+ * of the upcall processing logic. In particular, if the extracted in_port is
+ * a VLAN splinter port, it replaces flow->in_port by the "real" port, sets
+ * flow->vlan_tci correctly for the VLAN of the VLAN splinter port, and pushes
+ * a VLAN header onto 'packet' (if it is nonnull).
+ *
+ * Similarly, this function also includes some logic to help with tunnels. It
+ * may modify 'flow' as necessary to make the tunneling implementation
+ * transparent to the upcall processing logic.
+ *
+ * Returns 0 if successful, ENODEV if the parsed flow has no associated ofport,
+ * or some other positive errno if there are other problems. */
+int
+xlate_receive(const struct dpif_backer *backer, struct ofpbuf *packet,
+ const struct nlattr *key, size_t key_len,
+ struct flow *flow, enum odp_key_fitness *fitnessp,
+ struct ofproto_dpif **ofproto, odp_port_t *odp_in_port)
+{
+ enum odp_key_fitness fitness;
+ const struct xport *xport;
+ int error = ENODEV;
+
+ ovs_rwlock_rdlock(&xlate_rwlock);
+ fitness = odp_flow_key_to_flow(key, key_len, flow);
+ if (fitness == ODP_FIT_ERROR) {
+ error = EINVAL;
+ goto exit;
+ }
+
+ if (odp_in_port) {
+ *odp_in_port = flow->in_port.odp_port;
+ }
+
+ xport = xport_lookup(tnl_port_should_receive(flow)
+ ? tnl_port_receive(flow)
+ : odp_port_to_ofport(backer, flow->in_port.odp_port));
+
+ flow->in_port.ofp_port = xport ? xport->ofp_port : OFPP_NONE;
+ if (!xport) {
+ goto exit;
+ }
+
+ if (vsp_adjust_flow(xport->xbridge->ofproto, flow)) {
+ if (packet) {
+ /* Make the packet resemble the flow, so that it gets sent to
+ * an OpenFlow controller properly, so that it looks correct
+ * for sFlow, and so that flow_extract() will get the correct
+ * vlan_tci if it is called on 'packet'.
+ *
+ * The allocated space inside 'packet' probably also contains
+ * 'key', that is, both 'packet' and 'key' are probably part of
+ * a struct dpif_upcall (see the large comment on that
+ * structure definition), so pushing data on 'packet' is in
+ * general not a good idea since it could overwrite 'key' or
+ * free it as a side effect. However, it's OK in this special
+ * case because we know that 'packet' is inside a Netlink
+ * attribute: pushing 4 bytes will just overwrite the 4-byte
+ * "struct nlattr", which is fine since we don't need that
+ * header anymore. */
+ eth_push_vlan(packet, flow->vlan_tci);
+ }
+ /* We can't reproduce 'key' from 'flow'. */
+ fitness = fitness == ODP_FIT_PERFECT ? ODP_FIT_TOO_MUCH : fitness;
+ }
+ error = 0;
+
+ if (ofproto) {
+ *ofproto = xport->xbridge->ofproto;
+ }
+
+exit:
+ if (fitnessp) {
+ *fitnessp = fitness;
+ }
+ ovs_rwlock_unlock(&xlate_rwlock);
+ return error;
+}
+
static struct xbridge *
xbridge_lookup(const struct ofproto_dpif *ofproto)
{
struct xbridge *xbridge;
+ if (!ofproto) {
+ return NULL;
+ }
+
HMAP_FOR_EACH_IN_BUCKET (xbridge, hmap_node, hash_pointer(ofproto, 0),
&xbridges) {
if (xbridge->ofproto == ofproto) {
{
struct xbundle *xbundle;
+ if (!ofbundle) {
+ return NULL;
+ }
+
HMAP_FOR_EACH_IN_BUCKET (xbundle, hmap_node, hash_pointer(ofbundle, 0),
&xbundles) {
if (xbundle->ofbundle == ofbundle) {
}
static struct xport *
-xport_lookup(struct ofport_dpif *ofport)
+xport_lookup(const struct ofport_dpif *ofport)
{
struct xport *xport;
+ if (!ofport) {
+ return NULL;
+ }
+
HMAP_FOR_EACH_IN_BUCKET (xport, hmap_node, hash_pointer(ofport, 0),
&xports) {
if (xport->ofport == ofport) {
return NULL;
}
+static struct stp_port *
+xport_get_stp_port(const struct xport *xport)
+{
+ return xport->xbridge->stp && xport->stp_port_no != -1
+ ? stp_get_port(xport->xbridge->stp, xport->stp_port_no)
+ : NULL;
+}
static enum stp_state
xport_stp_learn_state(const struct xport *xport)
{
- enum stp_state stp_state = xport->xbridge->stp && xport->stp_port_no
- ? stp_port_get_state(stp_get_port(xport->xbridge->stp,
- xport->stp_port_no))
- : STP_DISABLED;
- return stp_learn_in_state(stp_state);
+ struct stp_port *sp = xport_get_stp_port(xport);
+ return stp_learn_in_state(sp ? stp_port_get_state(sp) : STP_DISABLED);
}
static bool
xport_stp_forward_state(const struct xport *xport)
{
- enum stp_state stp_state = xport->xbridge->stp && xport->stp_port_no
- ? stp_port_get_state(stp_get_port(xport->xbridge->stp,
- xport->stp_port_no))
- : STP_DISABLED;
- return stp_forward_in_state(stp_state);
+ struct stp_port *sp = xport_get_stp_port(xport);
+ return stp_forward_in_state(sp ? stp_port_get_state(sp) : STP_DISABLED);
}
/* Returns true if STP should process 'flow'. Sets fields in 'wc' that
static void
stp_process_packet(const struct xport *xport, const struct ofpbuf *packet)
{
+ struct stp_port *sp = xport_get_stp_port(xport);
struct ofpbuf payload = *packet;
struct eth_header *eth = payload.data;
- struct stp_port *sp = xport->xbridge->stp && xport->stp_port_no
- ? stp_get_port(xport->xbridge->stp, xport->stp_port_no)
- : NULL;
/* Sink packets on ports that have STP disabled when the bridge has
* STP enabled. */
ofport = bond_choose_output_slave(out_xbundle->bond, &ctx->xin->flow,
&ctx->xout->wc, vid);
- xport = ofport ? xport_lookup(ofport) : NULL;
+ xport = xport_lookup(ofport);
if (!xport) {
/* No slaves enabled, so drop packet. */
}
}
-static void
-update_learning_table(const struct xbridge *xbridge,
- const struct flow *flow, struct flow_wildcards *wc,
- int vlan, struct xbundle *in_xbundle)
+/* Checks whether a MAC learning update is necessary for MAC learning table
+ * 'ml' given that a packet matching 'flow' was received on 'in_xbundle' in
+ * 'vlan'.
+ *
+ * Most packets processed through the MAC learning table do not actually
+ * change it in any way. This function requires only a read lock on the MAC
+ * learning table, so it is much cheaper in this common case.
+ *
+ * Keep the code here synchronized with that in update_learning_table__()
+ * below. */
+static bool
+is_mac_learning_update_needed(const struct mac_learning *ml,
+ const struct flow *flow,
+ struct flow_wildcards *wc,
+ int vlan, struct xbundle *in_xbundle)
+ OVS_REQ_RDLOCK(ml->rwlock)
{
struct mac_entry *mac;
- /* Don't learn the OFPP_NONE port. */
- if (in_xbundle == &ofpp_none_bundle) {
- return;
+ if (!mac_learning_may_learn(ml, flow->dl_src, vlan)) {
+ return false;
+ }
+
+ mac = mac_learning_lookup(ml, flow->dl_src, vlan);
+ if (!mac || mac_entry_age(ml, mac)) {
+ return true;
+ }
+
+ if (is_gratuitous_arp(flow, wc)) {
+ /* We don't want to learn from gratuitous ARP packets that are
+ * reflected back over bond slaves so we lock the learning table. */
+ if (!in_xbundle->bond) {
+ return true;
+ } else if (mac_entry_is_grat_arp_locked(mac)) {
+ return false;
+ }
}
- ovs_rwlock_wrlock(&xbridge->ml->rwlock);
+ return mac->port.p != in_xbundle->ofbundle;
+}
+
+
+/* Updates MAC learning table 'ml' given that a packet matching 'flow' was
+ * received on 'in_xbundle' in 'vlan'.
+ *
+ * This code repeats all the checks in is_mac_learning_update_needed() because
+ * the lock was released between there and here and thus the MAC learning state
+ * could have changed.
+ *
+ * Keep the code here synchronized with that in is_mac_learning_update_needed()
+ * above. */
+static void
+update_learning_table__(const struct xbridge *xbridge,
+ const struct flow *flow, struct flow_wildcards *wc,
+ int vlan, struct xbundle *in_xbundle)
+ OVS_REQ_WRLOCK(xbridge->ml->rwlock)
+{
+ struct mac_entry *mac;
+
if (!mac_learning_may_learn(xbridge->ml, flow->dl_src, vlan)) {
- goto out;
+ return;
}
mac = mac_learning_insert(xbridge->ml, flow->dl_src, vlan);
if (!in_xbundle->bond) {
mac_entry_set_grat_arp_lock(mac);
} else if (mac_entry_is_grat_arp_locked(mac)) {
- goto out;
+ return;
}
}
/* The log messages here could actually be useful in debugging,
* so keep the rate limit relatively high. */
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, 300);
+
VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is "
"on port %s in VLAN %d",
xbridge->name, ETH_ADDR_ARGS(flow->dl_src),
mac->port.p = in_xbundle->ofbundle;
mac_learning_changed(xbridge->ml);
}
-out:
+}
+
+static void
+update_learning_table(const struct xbridge *xbridge,
+ const struct flow *flow, struct flow_wildcards *wc,
+ int vlan, struct xbundle *in_xbundle)
+{
+ bool need_update;
+
+ /* Don't learn the OFPP_NONE port. */
+ if (in_xbundle == &ofpp_none_bundle) {
+ return;
+ }
+
+ /* First try the common case: no change to MAC learning table. */
+ ovs_rwlock_rdlock(&xbridge->ml->rwlock);
+ need_update = is_mac_learning_update_needed(xbridge->ml, flow, wc, vlan,
+ in_xbundle);
ovs_rwlock_unlock(&xbridge->ml->rwlock);
+
+ if (need_update) {
+ /* Slow path: MAC learning table might need an update. */
+ ovs_rwlock_wrlock(&xbridge->ml->rwlock);
+ update_learning_table__(xbridge, flow, wc, vlan, in_xbundle);
+ ovs_rwlock_unlock(&xbridge->ml->rwlock);
+ }
}
/* Determines whether packets in 'flow' within 'xbridge' should be forwarded or
struct xbundle *in_xbundle;
struct xport *in_port;
struct mac_entry *mac;
+ void *mac_port;
uint16_t vlan;
uint16_t vid;
/* Determine output bundle. */
ovs_rwlock_rdlock(&ctx->xbridge->ml->rwlock);
mac = mac_learning_lookup(ctx->xbridge->ml, flow->dl_dst, vlan);
- if (mac) {
- struct xbundle *mac_xbundle = xbundle_lookup(mac->port.p);
+ mac_port = mac ? mac->port.p : NULL;
+ ovs_rwlock_unlock(&ctx->xbridge->ml->rwlock);
+
+ if (mac_port) {
+ struct xbundle *mac_xbundle = xbundle_lookup(mac_port);
if (mac_xbundle && mac_xbundle != in_xbundle) {
xlate_report(ctx, "forwarding to learned port");
output_normal(ctx, mac_xbundle, vlan);
}
ctx->xout->nf_output_iface = NF_OUT_FLOOD;
}
- ovs_rwlock_unlock(&ctx->xbridge->ml->rwlock);
}
/* Compose SAMPLE action for sFlow or IPFIX. The given probability is
const size_t cookie_size)
{
size_t sample_offset, actions_offset;
+ odp_port_t odp_port;
int cookie_offset;
+ uint32_t pid;
sample_offset = nl_msg_start_nested(odp_actions, OVS_ACTION_ATTR_SAMPLE);
nl_msg_put_u32(odp_actions, OVS_SAMPLE_ATTR_PROBABILITY, probability);
actions_offset = nl_msg_start_nested(odp_actions, OVS_SAMPLE_ATTR_ACTIONS);
- cookie_offset = put_userspace_action(xbridge->ofproto, odp_actions, flow,
- cookie, cookie_size);
+
+ odp_port = ofp_port_to_odp_port(xbridge, flow->in_port.ofp_port);
+ pid = dpif_port_get_pid(xbridge->dpif, odp_port);
+ cookie_offset = odp_put_userspace_action(pid, cookie, cookie_size, odp_actions);
nl_msg_end_nested(odp_actions, actions_offset);
nl_msg_end_nested(odp_actions, sample_offset);
struct flow_wildcards *wc = &ctx->xout->wc;
struct flow *flow = &ctx->xin->flow;
ovs_be16 flow_vlan_tci;
- uint32_t flow_skb_mark;
+ uint32_t flow_pkt_mark;
uint8_t flow_nw_tos;
odp_port_t out_port, odp_port;
uint8_t dscp;
}
ctx->xin->flow = old_flow;
- ctx->xbridge = xport->xbundle->xbridge;
+ ctx->xbridge = xport->xbridge;
if (ctx->xin->resubmit_stats) {
netdev_vport_inc_tx(xport->netdev, ctx->xin->resubmit_stats);
}
flow_vlan_tci = flow->vlan_tci;
- flow_skb_mark = flow->skb_mark;
+ flow_pkt_mark = flow->pkt_mark;
flow_nw_tos = flow->nw_tos;
if (dscp_from_skb_priority(xport, flow->skb_priority, &dscp)) {
out_port = ofp_port_to_odp_port(ctx->xbridge, vlandev_port);
flow->vlan_tci = htons(0);
}
- flow->skb_mark &= ~IPSEC_MARK;
}
if (out_port != ODPP_NONE) {
out:
/* Restore flow */
flow->vlan_tci = flow_vlan_tci;
- flow->skb_mark = flow_skb_mark;
+ flow->pkt_mark = flow_pkt_mark;
flow->nw_tos = flow_nw_tos;
}
compose_output_action__(ctx, ofp_port, true);
}
-/* Common rule processing in one place to avoid duplicating code. */
-static struct rule_dpif *
-ctx_rule_hooks(struct xlate_ctx *ctx, struct rule_dpif *rule,
- bool may_packet_in)
+static void
+xlate_recursively(struct xlate_ctx *ctx, struct rule_dpif *rule)
{
- if (ctx->xin->resubmit_hook) {
- ctx->xin->resubmit_hook(ctx->xin, rule, ctx->recurse);
- }
- if (rule == NULL && may_packet_in) {
- /* XXX
- * check if table configuration flags
- * OFPTC_TABLE_MISS_CONTROLLER, default.
- * OFPTC_TABLE_MISS_CONTINUE,
- * OFPTC_TABLE_MISS_DROP
- * When OF1.0, OFPTC_TABLE_MISS_CONTINUE is used. What to do?
- */
- rule = rule_dpif_miss_rule(ctx->xbridge->ofproto, &ctx->xin->flow);
- }
- if (rule && ctx->xin->resubmit_stats) {
- rule_credit_stats(rule, ctx->xin->resubmit_stats);
+ struct rule_dpif *old_rule = ctx->rule;
+ struct rule_actions *actions;
+
+ if (ctx->xin->resubmit_stats) {
+ rule_dpif_credit_stats(rule, ctx->xin->resubmit_stats);
}
- return rule;
+
+ ctx->recurse++;
+ ctx->rule = rule;
+ actions = rule_dpif_get_actions(rule);
+ do_xlate_actions(actions->ofpacts, actions->ofpacts_len, ctx);
+ rule_actions_unref(actions);
+ ctx->rule = old_rule;
+ ctx->recurse--;
}
static void
ctx->table_id = table_id;
- /* Look up a flow with 'in_port' as the input port. */
+ /* Look up a flow with 'in_port' as the input port. Then restore the
+ * original input port (otherwise OFPP_NORMAL and OFPP_IN_PORT will
+ * have surprising behavior). */
ctx->xin->flow.in_port.ofp_port = in_port;
- rule = rule_dpif_lookup_in_table(ctx->xbridge->ofproto,
- &ctx->xin->flow, &ctx->xout->wc,
- table_id);
-
- /* Restore the original input port. Otherwise OFPP_NORMAL and
- * OFPP_IN_PORT will have surprising behavior. */
+ rule_dpif_lookup_in_table(ctx->xbridge->ofproto,
+ &ctx->xin->flow, &ctx->xout->wc,
+ table_id, &rule);
ctx->xin->flow.in_port.ofp_port = old_in_port;
- rule = ctx_rule_hooks(ctx, rule, may_packet_in);
+ if (ctx->xin->resubmit_hook) {
+ ctx->xin->resubmit_hook(ctx->xin, rule, ctx->recurse);
+ }
- if (rule) {
- struct rule_dpif *old_rule = ctx->rule;
+ if (!rule && may_packet_in) {
+ struct xport *xport;
- ctx->recurse++;
- ctx->rule = rule;
- do_xlate_actions(rule->up.ofpacts, rule->up.ofpacts_len, ctx);
- ctx->rule = old_rule;
- ctx->recurse--;
+ /* XXX
+ * check if table configuration flags
+ * OFPTC_TABLE_MISS_CONTROLLER, default.
+ * OFPTC_TABLE_MISS_CONTINUE,
+ * OFPTC_TABLE_MISS_DROP
+ * When OF1.0, OFPTC_TABLE_MISS_CONTINUE is used. What to do? */
+ xport = get_ofp_port(ctx->xbridge, ctx->xin->flow.in_port.ofp_port);
+ choose_miss_rule(xport ? xport->config : 0,
+ ctx->xbridge->miss_rule,
+ ctx->xbridge->no_packet_in_rule, &rule);
+ }
+ if (rule) {
+ xlate_recursively(ctx, rule);
+ rule_dpif_unref(rule);
}
ctx->table_id = old_table_id;
VLOG_ERR_RL(&recurse_rl, "resubmit actions recursed over %d times",
MAX_RESUBMIT_RECURSION);
- ctx->max_resubmit_trigger = true;
}
}
enum ofp_packet_in_reason reason,
uint16_t controller_id)
{
- struct ofputil_packet_in pin;
+ struct ofputil_packet_in *pin;
struct ofpbuf *packet;
struct flow key;
packet = ofpbuf_clone(ctx->xin->packet);
key.skb_priority = 0;
- key.skb_mark = 0;
+ key.pkt_mark = 0;
memset(&key.tunnel, 0, sizeof key.tunnel);
commit_odp_actions(&ctx->xin->flow, &ctx->base_flow,
odp_execute_actions(NULL, packet, &key, ctx->xout->odp_actions.data,
ctx->xout->odp_actions.size, NULL, NULL);
- pin.packet = packet->data;
- pin.packet_len = packet->size;
- pin.reason = reason;
- pin.controller_id = controller_id;
- pin.table_id = ctx->table_id;
- pin.cookie = ctx->rule ? ctx->rule->up.flow_cookie : 0;
+ pin = xmalloc(sizeof *pin);
+ pin->packet_len = packet->size;
+ pin->packet = ofpbuf_steal_data(packet);
+ pin->reason = reason;
+ pin->controller_id = controller_id;
+ pin->table_id = ctx->table_id;
+ pin->cookie = ctx->rule ? rule_dpif_get_flow_cookie(ctx->rule) : 0;
- pin.send_len = len;
- flow_get_metadata(&ctx->xin->flow, &pin.fmd);
+ pin->send_len = len;
+ flow_get_metadata(&ctx->xin->flow, &pin->fmd);
- ofproto_dpif_send_packet_in(ctx->xbridge->ofproto, &pin);
+ ofproto_dpif_send_packet_in(ctx->xbridge->ofproto, pin);
ofpbuf_delete(packet);
}
return true;
}
+ ctx->xout->wc.masks.mpls_lse |= htonl(MPLS_TTL_MASK);
set_mpls_lse_ttl(&ctx->xin->flow.mpls_lse, ttl);
return false;
}
int error;
/* Translate queue to priority. */
- error = ofproto_dpif_queue_to_priority(ctx->xbridge->ofproto, queue_id,
- &priority);
+ error = dpif_queue_to_priority(ctx->xbridge->dpif, queue_id, &priority);
if (error) {
/* Fall back to ordinary output action. */
xlate_output_action(ctx, enqueue->port, 0, false);
{
uint32_t skb_priority;
- if (!ofproto_dpif_queue_to_priority(ctx->xbridge->ofproto, queue_id,
- &skb_priority)) {
+ if (!dpif_queue_to_priority(ctx->xbridge->dpif, queue_id, &skb_priority)) {
ctx->xin->flow.skb_priority = skb_priority;
} else {
/* Couldn't translate queue to a priority. Nothing to do. A warning
slave_enabled_cb,
CONST_CAST(struct xbridge *, ctx->xbridge));
if (bundle->dst.field) {
- nxm_reg_load(&bundle->dst, ofp_to_u16(port), &ctx->xin->flow);
+ nxm_reg_load(&bundle->dst, ofp_to_u16(port), &ctx->xin->flow,
+ &ctx->xout->wc);
} else {
xlate_output_action(ctx, port, 0, false);
}
xlate_learn_action(struct xlate_ctx *ctx,
const struct ofpact_learn *learn)
{
- struct ofputil_flow_mod *fm;
+ uint64_t ofpacts_stub[1024 / 8];
+ struct ofputil_flow_mod fm;
struct ofpbuf ofpacts;
ctx->xout->has_learn = true;
return;
}
- fm = xmalloc(sizeof *fm);
- ofpbuf_init(&ofpacts, 0);
- learn_execute(learn, &ctx->xin->flow, fm, &ofpacts);
-
- ofproto_dpif_flow_mod(ctx->xbridge->ofproto, fm);
-}
-
-/* Reduces '*timeout' to no more than 'max'. A value of zero in either case
- * means "infinite". */
-static void
-reduce_timeout(uint16_t max, uint16_t *timeout)
-{
- if (max && (!*timeout || *timeout > max)) {
- *timeout = max;
- }
+ ofpbuf_use_stub(&ofpacts, ofpacts_stub, sizeof ofpacts_stub);
+ learn_execute(learn, &ctx->xin->flow, &fm, &ofpacts);
+ ofproto_dpif_flow_mod(ctx->xbridge->ofproto, &fm);
+ ofpbuf_uninit(&ofpacts);
}
static void
const struct ofpact_fin_timeout *oft)
{
if (ctx->xin->tcp_flags & (TCP_FIN | TCP_RST) && ctx->rule) {
- struct rule_dpif *rule = ctx->rule;
-
- if (list_is_empty(&rule->up.expirable)) {
- list_insert(&rule->up.ofproto->expirable, &rule->up.expirable);
- }
-
- reduce_timeout(oft->fin_idle_timeout, &rule->up.idle_timeout);
- reduce_timeout(oft->fin_hard_timeout, &rule->up.hard_timeout);
+ rule_dpif_reduce_timeouts(ctx->rule, oft->fin_idle_timeout,
+ oft->fin_hard_timeout);
}
}
return true;
}
-static bool
-tunnel_ecn_ok(struct xlate_ctx *ctx)
-{
- if (is_ip_any(&ctx->base_flow)
- && (ctx->xin->flow.tunnel.ip_tos & IP_ECN_MASK) == IP_ECN_CE) {
- if ((ctx->base_flow.nw_tos & IP_ECN_MASK) == IP_ECN_NOT_ECT) {
- VLOG_WARN_RL(&rl, "dropping tunnel packet marked ECN CE"
- " but is not ECN capable");
- return false;
- } else {
- /* Set the ECN CE value in the tunneled packet. */
- ctx->xin->flow.nw_tos |= IP_ECN_CE;
- }
- }
-
- return true;
-}
-
static void
do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len,
struct xlate_ctx *ctx)
{
struct flow_wildcards *wc = &ctx->xout->wc;
struct flow *flow = &ctx->xin->flow;
- bool was_evictable = true;
const struct ofpact *a;
- if (ctx->rule) {
- /* Don't let the rule we're working on get evicted underneath us. */
- was_evictable = ctx->rule->up.evictable;
- ctx->rule->up.evictable = false;
- }
-
OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) {
struct ofpact_controller *controller;
const struct ofpact_metadata *metadata;
break;
case OFPACT_SET_VLAN_VID:
+ wc->masks.vlan_tci |= htons(VLAN_VID_MASK | VLAN_CFI);
flow->vlan_tci &= ~htons(VLAN_VID_MASK);
flow->vlan_tci |= (htons(ofpact_get_SET_VLAN_VID(a)->vlan_vid)
| htons(VLAN_CFI));
break;
case OFPACT_SET_VLAN_PCP:
+ wc->masks.vlan_tci |= htons(VLAN_PCP_MASK | VLAN_CFI);
flow->vlan_tci &= ~htons(VLAN_PCP_MASK);
flow->vlan_tci |=
htons((ofpact_get_SET_VLAN_PCP(a)->vlan_pcp << VLAN_PCP_SHIFT)
break;
case OFPACT_STRIP_VLAN:
+ memset(&wc->masks.vlan_tci, 0xff, sizeof wc->masks.vlan_tci);
flow->vlan_tci = htons(0);
break;
case OFPACT_PUSH_VLAN:
/* XXX 802.1AD(QinQ) */
+ memset(&wc->masks.vlan_tci, 0xff, sizeof wc->masks.vlan_tci);
flow->vlan_tci = htons(VLAN_CFI);
break;
case OFPACT_SET_ETH_SRC:
+ memset(&wc->masks.dl_src, 0xff, sizeof wc->masks.dl_src);
memcpy(flow->dl_src, ofpact_get_SET_ETH_SRC(a)->mac, ETH_ADDR_LEN);
break;
case OFPACT_SET_ETH_DST:
+ memset(&wc->masks.dl_dst, 0xff, sizeof wc->masks.dl_dst);
memcpy(flow->dl_dst, ofpact_get_SET_ETH_DST(a)->mac, ETH_ADDR_LEN);
break;
case OFPACT_SET_IPV4_SRC:
+ memset(&wc->masks.nw_src, 0xff, sizeof wc->masks.nw_src);
if (flow->dl_type == htons(ETH_TYPE_IP)) {
flow->nw_src = ofpact_get_SET_IPV4_SRC(a)->ipv4;
}
break;
case OFPACT_SET_IPV4_DST:
+ memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst);
if (flow->dl_type == htons(ETH_TYPE_IP)) {
flow->nw_dst = ofpact_get_SET_IPV4_DST(a)->ipv4;
}
break;
case OFPACT_SET_IPV4_DSCP:
+ wc->masks.nw_tos |= IP_DSCP_MASK;
/* OpenFlow 1.0 only supports IPv4. */
if (flow->dl_type == htons(ETH_TYPE_IP)) {
flow->nw_tos &= ~IP_DSCP_MASK;
case OFPACT_SET_L4_SRC_PORT:
memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
+ memset(&wc->masks.tp_src, 0xff, sizeof wc->masks.tp_src);
if (is_ip_any(flow)) {
flow->tp_src = htons(ofpact_get_SET_L4_SRC_PORT(a)->port);
}
case OFPACT_SET_L4_DST_PORT:
memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
+ memset(&wc->masks.tp_dst, 0xff, sizeof wc->masks.tp_dst);
if (is_ip_any(flow)) {
flow->tp_dst = htons(ofpact_get_SET_L4_DST_PORT(a)->port);
}
break;
case OFPACT_STACK_POP:
- nxm_execute_stack_pop(ofpact_get_STACK_POP(a), flow, &ctx->stack);
+ nxm_execute_stack_pop(ofpact_get_STACK_POP(a), flow, wc,
+ &ctx->stack);
break;
case OFPACT_PUSH_MPLS:
case OFPACT_SET_MPLS_TTL:
if (compose_set_mpls_ttl_action(ctx,
ofpact_get_SET_MPLS_TTL(a)->ttl)) {
- goto out;
+ return;
}
break;
case OFPACT_DEC_MPLS_TTL:
if (compose_dec_mpls_ttl_action(ctx)) {
- goto out;
+ return;
}
break;
case OFPACT_DEC_TTL:
+ wc->masks.nw_ttl = 0xff;
if (compose_dec_ttl(ctx, ofpact_get_DEC_TTL(a))) {
- goto out;
+ return;
}
break;
break;
}
}
-
-out:
- if (ctx->rule) {
- ctx->rule->up.evictable = was_evictable;
- }
}
void
}
/* Translates the 'ofpacts_len' bytes of "struct ofpacts" starting at 'ofpacts'
- * into datapath actions in 'odp_actions', using 'ctx'. */
+ * into datapath actions in 'odp_actions', using 'ctx'.
+ *
+ * The caller must take responsibility for eventually freeing 'xout', with
+ * xlate_out_uninit(). */
void
xlate_actions(struct xlate_in *xin, struct xlate_out *xout)
{
- /* Normally false. Set to true if we ever hit MAX_RESUBMIT_RECURSION, so
- * that in the future we always keep a copy of the original flow for
- * tracing purposes. */
- static bool hit_resubmit_limit;
-
struct flow_wildcards *wc = &xout->wc;
struct flow *flow = &xin->flow;
+ struct rule_actions *actions = NULL;
enum slow_path_reason special;
const struct ofpact *ofpacts;
struct xport *in_port;
struct flow orig_flow;
struct xlate_ctx ctx;
size_t ofpacts_len;
+ bool tnl_may_send;
COVERAGE_INC(xlate_actions);
+ ovs_rwlock_rdlock(&xlate_rwlock);
+
/* Flow initialization rules:
* - 'base_flow' must match the kernel's view of the packet at the
* time that action processing starts. 'flow' represents any
ctx.xbridge = xbridge_lookup(xin->ofproto);
if (!ctx.xbridge) {
- return;
+ goto out;
}
ctx.rule = xin->rule;
memset(&wc->masks.dl_type, 0xff, sizeof wc->masks.dl_type);
wc->masks.nw_frag |= FLOW_NW_FRAG_MASK;
- if (tnl_port_should_receive(&ctx.xin->flow)) {
- memset(&wc->masks.tunnel, 0xff, sizeof wc->masks.tunnel);
- /* skb_mark is currently used only by tunnels but that will likely
- * change in the future. */
- memset(&wc->masks.skb_mark, 0xff, sizeof wc->masks.skb_mark);
- }
+ tnl_may_send = tnl_xlate_init(&ctx.base_flow, flow, wc);
if (ctx.xbridge->has_netflow) {
netflow_mask_wc(flow, wc);
}
ctx.recurse = 0;
- ctx.max_resubmit_trigger = false;
ctx.orig_skb_priority = flow->skb_priority;
ctx.table_id = 0;
ctx.exit = false;
ofpacts = xin->ofpacts;
ofpacts_len = xin->ofpacts_len;
} else if (xin->rule) {
- ofpacts = xin->rule->up.ofpacts;
- ofpacts_len = xin->rule->up.ofpacts_len;
+ actions = rule_dpif_get_actions(xin->rule);
+ ofpacts = actions->ofpacts;
+ ofpacts_len = actions->ofpacts_len;
} else {
NOT_REACHED();
}
ofpbuf_use_stub(&ctx.stack, ctx.init_stack, sizeof ctx.init_stack);
- if (mbridge_has_mirrors(ctx.xbridge->mbridge) || hit_resubmit_limit) {
+ if (mbridge_has_mirrors(ctx.xbridge->mbridge)) {
/* Do this conditionally because the copy is expensive enough that it
* shows up in profiles. */
orig_flow = *flow;
break;
case OFPC_FRAG_DROP:
- return;
+ goto out;
case OFPC_FRAG_REASM:
NOT_REACHED();
if (special) {
ctx.xout->slow = special;
} else {
- static struct vlog_rate_limit trace_rl = VLOG_RATE_LIMIT_INIT(1, 1);
size_t sample_actions_len;
if (flow->in_port.ofp_port
add_ipfix_action(&ctx);
sample_actions_len = ctx.xout->odp_actions.size;
- if (tunnel_ecn_ok(&ctx) && (!in_port || may_receive(in_port, &ctx))) {
+ if (tnl_may_send && (!in_port || may_receive(in_port, &ctx))) {
do_xlate_actions(ofpacts, ofpacts_len, &ctx);
/* We've let OFPP_NORMAL and the learning action look at the
}
}
- if (ctx.max_resubmit_trigger && !ctx.xin->resubmit_hook) {
- if (!hit_resubmit_limit) {
- /* We didn't record the original flow. Make sure we do from
- * now on. */
- hit_resubmit_limit = true;
- } else if (!VLOG_DROP_ERR(&trace_rl)) {
- struct ds ds = DS_EMPTY_INITIALIZER;
-
- ofproto_trace(ctx.xbridge->ofproto, &orig_flow,
- ctx.xin->packet, &ds);
- VLOG_ERR("Trace triggered by excessive resubmit "
- "recursion:\n%s", ds_cstr(&ds));
- ds_destroy(&ds);
- }
- }
-
if (ctx.xbridge->has_in_band
&& in_band_must_output_to_local_port(flow)
&& !actions_output_to_local_port(&ctx)) {
* use non-header fields as part of the cache. */
memset(&wc->masks.metadata, 0, sizeof wc->masks.metadata);
memset(&wc->masks.regs, 0, sizeof wc->masks.regs);
+
+out:
+ ovs_rwlock_unlock(&xlate_rwlock);
+
+ rule_actions_unref(actions);
}
projects / cascardo / ovs.git / blobdiff