X-Git-Url: http://git.cascardo.eti.br/?a=blobdiff_plain;f=vswitchd%2Fbridge.c;h=df4169fe565fff7e3285142badd806814291a8f8;hb=58fda1dab104041fc693032475ec4662c1a52849;hp=516439f3d3c644cc38991cb98bc93d7a7fe2b214;hpb=c3bb4bd7f1d9c045a5e5d7062b09d4dac4e48195;p=cascardo%2Fovs.git diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c index 516439f3d..df4169fe5 100644 --- a/vswitchd/bridge.c +++ b/vswitchd/bridge.c @@ -43,12 +43,14 @@ #include "odp-util.h" #include "ofp-print.h" #include "ofpbuf.h" +#include "ofproto/netflow.h" #include "ofproto/ofproto.h" #include "packets.h" #include "poll-loop.h" #include "port-array.h" #include "proc-net-compat.h" #include "process.h" +#include "shash.h" #include "socket-util.h" #include "stp.h" #include "svec.h" @@ -148,7 +150,7 @@ struct port { struct bridge { struct list node; /* Node in global list of bridges. */ char *name; /* User-specified arbitrary name. */ - struct mac_learning *ml; /* MAC learning table, or null not to learn. */ + struct mac_learning *ml; /* MAC learning table. */ bool sent_config_request; /* Successfully sent config request? */ uint8_t default_ea[ETH_ADDR_LEN]; /* Default MAC. */ @@ -218,6 +220,7 @@ static void bond_run(struct bridge *); static void bond_wait(struct bridge *); static void bond_rebalance_port(struct port *); static void bond_send_learning_packets(struct port *); +static void bond_enable_slave(struct iface *iface, bool enable); static void port_create(struct bridge *, const char *name); static void port_reconfigure(struct port *); @@ -369,6 +372,70 @@ bridge_configure_ssl(void) } #endif +/* Attempt to create the network device 'iface_name' through the netdev + * library. */ +static int +set_up_iface(const char *iface_name, bool create) +{ + const char *type; + const char *arg; + struct svec arg_svec; + struct shash args; + int error; + size_t i; + + /* If a type is not explicitly declared, then assume it's an existing + * "system" device. */ + type = cfg_get_string(0, "iface.%s.type", iface_name); + if (!type || !strcmp(type, "system")) { + return 0; + } + + svec_init(&arg_svec); + cfg_get_subsections(&arg_svec, "iface.%s.args", iface_name); + + shash_init(&args); + SVEC_FOR_EACH (i, arg, &arg_svec) { + const char *value; + + value = cfg_get_string(0, "iface.%s.args.%s", iface_name, arg); + if (value) { + shash_add(&args, arg, xstrdup(value)); + } + } + + if (create) { + error = netdev_create(iface_name, type, &args); + } else { + /* xxx Check to make sure that the type hasn't changed. */ + error = netdev_reconfigure(iface_name, &args); + } + + svec_destroy(&arg_svec); + shash_destroy(&args); + + return error; +} + +static int +create_iface(const char *iface_name) +{ + return set_up_iface(iface_name, true); +} + +static int +reconfigure_iface(const char *iface_name) +{ + return set_up_iface(iface_name, false); +} + +static void +destroy_iface(const char *iface_name) +{ + netdev_destroy(iface_name); +} + + /* iterate_and_prune_ifaces() callback function that opens the network device * for 'iface', if it is not already open, and retrieves the interface's MAC * address and carrier status. */ @@ -524,6 +591,7 @@ bridge_reconfigure(void) p->devname, dpif_name(br->dpif), strerror(retval)); } + destroy_iface(p->devname); } } svec_destroy(&want_ifaces); @@ -544,11 +612,25 @@ bridge_reconfigure(void) bridge_get_all_ifaces(br, &want_ifaces); svec_diff(&want_ifaces, &cur_ifaces, &add_ifaces, NULL, NULL); + for (i = 0; i < cur_ifaces.n; i++) { + const char *if_name = cur_ifaces.names[i]; + reconfigure_iface(if_name); + } + for (i = 0; i < add_ifaces.n; i++) { const char *if_name = add_ifaces.names[i]; bool internal; int error; + /* Attempt to create the network interface in case it + * doesn't exist yet. */ + error = create_iface(if_name); + if (error) { + VLOG_WARN("could not create iface %s: %s\n", if_name, + strerror(error)); + continue; + } + /* Add to datapath. */ internal = iface_is_internal(br, if_name); error = dpif_port_add(br->dpif, if_name, @@ -571,9 +653,7 @@ bridge_reconfigure(void) uint64_t dpid; struct iface *local_iface; struct iface *hw_addr_iface; - uint8_t engine_type, engine_id; - bool add_id_to_iface = false; - struct svec nf_hosts; + struct netflow_options nf_options; bridge_fetch_dp_ifaces(br); iterate_and_prune_ifaces(br, init_iface_netdev, NULL); @@ -597,36 +677,46 @@ bridge_reconfigure(void) ofproto_set_datapath_id(br->ofproto, dpid); /* Set NetFlow configuration on this bridge. */ - dpif_get_netflow_ids(br->dpif, &engine_type, &engine_id); + memset(&nf_options, 0, sizeof nf_options); + dpif_get_netflow_ids(br->dpif, &nf_options.engine_type, + &nf_options.engine_id); + nf_options.active_timeout = -1; + if (cfg_has("netflow.%s.engine-type", br->name)) { - engine_type = cfg_get_int(0, "netflow.%s.engine-type", + nf_options.engine_type = cfg_get_int(0, "netflow.%s.engine-type", br->name); } if (cfg_has("netflow.%s.engine-id", br->name)) { - engine_id = cfg_get_int(0, "netflow.%s.engine-id", br->name); + nf_options.engine_id = cfg_get_int(0, "netflow.%s.engine-id", + br->name); + } + if (cfg_has("netflow.%s.active-timeout", br->name)) { + nf_options.active_timeout = cfg_get_int(0, + "netflow.%s.active-timeout", + br->name); } if (cfg_has("netflow.%s.add-id-to-iface", br->name)) { - add_id_to_iface = cfg_get_bool(0, "netflow.%s.add-id-to-iface", - br->name); + nf_options.add_id_to_iface = cfg_get_bool(0, + "netflow.%s.add-id-to-iface", + br->name); } - if (add_id_to_iface && engine_id > 0x7f) { + if (nf_options.add_id_to_iface && nf_options.engine_id > 0x7f) { VLOG_WARN("bridge %s: netflow port mangling may conflict with " "another vswitch, choose an engine id less than 128", br->name); } - if (add_id_to_iface && br->n_ports > 0x1ff) { + if (nf_options.add_id_to_iface && br->n_ports > 508) { VLOG_WARN("bridge %s: netflow port mangling will conflict with " - "another port when 512 or more ports are used", + "another port when more than 508 ports are used", br->name); } - svec_init(&nf_hosts); - cfg_get_all_keys(&nf_hosts, "netflow.%s.host", br->name); - if (ofproto_set_netflow(br->ofproto, &nf_hosts, engine_type, - engine_id, add_id_to_iface)) { + svec_init(&nf_options.collectors); + cfg_get_all_keys(&nf_options.collectors, "netflow.%s.host", br->name); + if (ofproto_set_netflow(br->ofproto, &nf_options)) { VLOG_ERR("bridge %s: problem setting netflow collectors", br->name); } - svec_destroy(&nf_hosts); + svec_destroy(&nf_options.collectors); /* Update the controller and related settings. It would be more * straightforward to call this from bridge_reconfigure_one(), but we @@ -886,9 +976,7 @@ bridge_wait(void) continue; } - if (br->ml) { - mac_learning_wait(br->ml); - } + mac_learning_wait(br->ml); bond_wait(br); brstp_wait(br); } @@ -901,9 +989,7 @@ bridge_flush(struct bridge *br) { COVERAGE_INC(bridge_flush); br->flush = true; - if (br->ml) { - mac_learning_flush(br->ml); - } + mac_learning_flush(br->ml); } /* Returns the 'br' interface for the ODPP_LOCAL port, or null if 'br' has no @@ -933,6 +1019,7 @@ bridge_unixctl_fdb_show(struct unixctl_conn *conn, { struct ds ds = DS_EMPTY_INITIALIZER; const struct bridge *br; + const struct mac_entry *e; br = bridge_lookup(args); if (!br) { @@ -941,16 +1028,13 @@ bridge_unixctl_fdb_show(struct unixctl_conn *conn, } ds_put_cstr(&ds, " port VLAN MAC Age\n"); - if (br->ml) { - const struct mac_entry *e; - LIST_FOR_EACH (e, struct mac_entry, lru_node, &br->ml->lrus) { - if (e->port < 0 || e->port >= br->n_ports) { - continue; - } - ds_put_format(&ds, "%5d %4d "ETH_ADDR_FMT" %3d\n", - br->ports[e->port]->ifaces[0]->dp_ifidx, - e->vlan, ETH_ADDR_ARGS(e->mac), mac_entry_age(e)); + LIST_FOR_EACH (e, struct mac_entry, lru_node, &br->ml->lrus) { + if (e->port < 0 || e->port >= br->n_ports) { + continue; } + ds_put_format(&ds, "%5d %4d "ETH_ADDR_FMT" %3d\n", + br->ports[e->port]->ifaces[0]->dp_ifidx, + e->vlan, ETH_ADDR_ARGS(e->mac), mac_entry_age(e)); } unixctl_command_reply(conn, 200, ds_cstr(&ds)); ds_destroy(&ds); @@ -967,21 +1051,12 @@ bridge_create(const char *name) assert(!bridge_lookup(name)); br = xzalloc(sizeof *br); - error = dpif_create(name, &br->dpif); - if (error == EEXIST || error == EBUSY) { - error = dpif_open(name, &br->dpif); - if (error) { - VLOG_ERR("datapath %s already exists but cannot be opened: %s", - name, strerror(error)); - free(br); - return NULL; - } - dpif_flow_flush(br->dpif); - } else if (error) { - VLOG_ERR("failed to create datapath %s: %s", name, strerror(error)); + error = dpif_create_and_open(name, &br->dpif); + if (error) { free(br); return NULL; } + dpif_flow_flush(br->dpif); error = ofproto_create(name, &bridge_ofhooks, br, &br->ofproto); if (error) { @@ -1093,9 +1168,7 @@ bridge_run_one(struct bridge *br) return error; } - if (br->ml) { - mac_learning_run(br->ml, ofproto_get_revalidate_set(br->ofproto)); - } + mac_learning_run(br->ml, ofproto_get_revalidate_set(br->ofproto)); bond_run(br); brstp_run(br); @@ -1479,13 +1552,31 @@ lookup_bond_entry(const struct port *port, const uint8_t mac[ETH_ADDR_LEN]) static int bond_choose_iface(const struct port *port) { - size_t i; + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20); + size_t i, best_down_slave = -1; + long long next_delay_expiration = LLONG_MAX; + for (i = 0; i < port->n_ifaces; i++) { - if (port->ifaces[i]->enabled) { + struct iface *iface = port->ifaces[i]; + + if (iface->enabled) { return i; + } else if (iface->delay_expires < next_delay_expiration) { + best_down_slave = i; + next_delay_expiration = iface->delay_expires; } } - return -1; + + if (best_down_slave != -1) { + struct iface *iface = port->ifaces[best_down_slave]; + + VLOG_INFO_RL(&rl, "interface %s: skipping remaining %lli ms updelay " + "since no other interface is up", iface->name, + iface->delay_expires - time_msec()); + bond_enable_slave(iface, true); + } + + return best_down_slave; } static bool @@ -1535,10 +1626,12 @@ bond_link_status_update(struct iface *iface, bool carrier) iface->delay_expires = LLONG_MAX; VLOG_INFO_RL(&rl, "interface %s: will not be %s", iface->name, carrier ? "disabled" : "enabled"); - } else if (carrier && port->updelay && port->active_iface < 0) { - iface->delay_expires = time_msec(); - VLOG_INFO_RL(&rl, "interface %s: skipping %d ms updelay since no " - "other interface is up", iface->name, port->updelay); + } else if (carrier && port->active_iface < 0) { + bond_enable_slave(iface, true); + if (port->updelay) { + VLOG_INFO_RL(&rl, "interface %s: skipping %d ms updelay since no " + "other interface is up", iface->name, port->updelay); + } } else { int delay = carrier ? port->updelay : port->downdelay; iface->delay_expires = time_msec() + delay; @@ -1575,6 +1668,12 @@ bond_enable_slave(struct iface *iface, bool enable) struct port *port = iface->port; struct bridge *br = port->bridge; + /* This acts as a recursion check. If the act of disabling a slave + * causes a different slave to be enabled, the flag will allow us to + * skip redundant work when we reenter this function. It must be + * cleared on exit to keep things safe with multiple bonds. */ + static bool moving_active_iface = false; + iface->delay_expires = LLONG_MAX; if (enable == iface->enabled) { return; @@ -1587,19 +1686,29 @@ bond_enable_slave(struct iface *iface, bool enable) if (iface->port_ifidx == port->active_iface) { ofproto_revalidate(br->ofproto, port->active_iface_tag); + + /* Disabling a slave can lead to another slave being immediately + * enabled if there will be no active slaves but one is waiting + * on an updelay. In this case we do not need to run most of the + * code for the newly enabled slave since there was no period + * without an active slave and it is redundant with the disabling + * path. */ + moving_active_iface = true; bond_choose_active_iface(port); } bond_send_learning_packets(port); } else { VLOG_WARN("interface %s: enabled", iface->name); - if (port->active_iface < 0) { + if (port->active_iface < 0 && !moving_active_iface) { ofproto_revalidate(br->ofproto, port->no_ifaces_tag); bond_choose_active_iface(port); bond_send_learning_packets(port); } iface->tag = tag_create_random(); } - port_update_bond_compat(port); + + moving_active_iface = false; + port->bond_compat_is_stale = true; } static void @@ -1610,20 +1719,19 @@ bond_run(struct bridge *br) for (i = 0; i < br->n_ports; i++) { struct port *port = br->ports[i]; + if (port->n_ifaces >= 2) { + for (j = 0; j < port->n_ifaces; j++) { + struct iface *iface = port->ifaces[j]; + if (time_msec() >= iface->delay_expires) { + bond_enable_slave(iface, !iface->enabled); + } + } + } + if (port->bond_compat_is_stale) { port->bond_compat_is_stale = false; port_update_bond_compat(port); } - - if (port->n_ifaces < 2) { - continue; - } - for (j = 0; j < port->n_ifaces; j++) { - struct iface *iface = port->ifaces[j]; - if (time_msec() >= iface->delay_expires) { - bond_enable_slave(iface, !iface->enabled); - } - } } } @@ -1749,7 +1857,7 @@ port_includes_vlan(const struct port *port, uint16_t vlan) static size_t compose_dsts(const struct bridge *br, const flow_t *flow, uint16_t vlan, const struct port *in_port, const struct port *out_port, - struct dst dsts[], tag_type *tags) + struct dst dsts[], tag_type *tags, uint16_t *nf_output_iface) { mirror_mask_t mirrors = in_port->src_mirrors; struct dst *dst = dsts; @@ -1768,7 +1876,9 @@ compose_dsts(const struct bridge *br, const flow_t *flow, uint16_t vlan, dst++; } } + *nf_output_iface = NF_OUT_FLOOD; } else if (out_port && set_dst(dst, flow, in_port, out_port, tags)) { + *nf_output_iface = dst->dp_ifidx; mirrors |= out_port->dst_mirrors; dst++; } @@ -1836,14 +1946,16 @@ print_dsts(const struct dst *dsts, size_t n) static void compose_actions(struct bridge *br, const flow_t *flow, uint16_t vlan, const struct port *in_port, const struct port *out_port, - tag_type *tags, struct odp_actions *actions) + tag_type *tags, struct odp_actions *actions, + uint16_t *nf_output_iface) { struct dst dsts[DP_MAX_PORTS * (MAX_MIRRORS + 1)]; size_t n_dsts; const struct dst *p; uint16_t cur_vlan; - n_dsts = compose_dsts(br, flow, vlan, in_port, out_port, dsts, tags); + n_dsts = compose_dsts(br, flow, vlan, in_port, out_port, dsts, tags, + nf_output_iface); cur_vlan = ntohs(flow->dl_vlan); for (p = dsts; p < &dsts[n_dsts]; p++) { @@ -1862,14 +1974,77 @@ compose_actions(struct bridge *br, const flow_t *flow, uint16_t vlan, } } +/* Returns the effective vlan of a packet, taking into account both the + * 802.1Q header and implicitly tagged ports. A value of 0 indicates that + * the packet is untagged and -1 indicates it has an invalid header and + * should be dropped. */ +static int flow_get_vlan(struct bridge *br, const flow_t *flow, + struct port *in_port, bool have_packet) +{ + /* Note that dl_vlan of 0 and of OFP_VLAN_NONE both mean that the packet + * belongs to VLAN 0, so we should treat both cases identically. (In the + * former case, the packet has an 802.1Q header that specifies VLAN 0, + * presumably to allow a priority to be specified. In the latter case, the + * packet does not have any 802.1Q header.) */ + int vlan = ntohs(flow->dl_vlan); + if (vlan == OFP_VLAN_NONE) { + vlan = 0; + } + if (in_port->vlan >= 0) { + if (vlan) { + /* XXX support double tagging? */ + if (have_packet) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); + VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %"PRIu16" tagged " + "packet received on port %s configured with " + "implicit VLAN %"PRIu16, + br->name, ntohs(flow->dl_vlan), + in_port->name, in_port->vlan); + } + return -1; + } + vlan = in_port->vlan; + } else { + if (!port_includes_vlan(in_port, vlan)) { + if (have_packet) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); + VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %d tagged " + "packet received on port %s not configured for " + "trunking VLAN %d", + br->name, vlan, in_port->name, vlan); + } + return -1; + } + } + + return vlan; +} + +static void +update_learning_table(struct bridge *br, const flow_t *flow, int vlan, + struct port *in_port) +{ + tag_type rev_tag = mac_learning_learn(br->ml, flow->dl_src, + vlan, in_port->port_idx); + if (rev_tag) { + /* The log messages here could actually be useful in debugging, + * so keep the rate limit relatively high. */ + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, + 300); + VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is " + "on port %s in VLAN %d", + br->name, ETH_ADDR_ARGS(flow->dl_src), + in_port->name, vlan); + ofproto_revalidate(br->ofproto, rev_tag); + } +} + static bool -is_bcast_arp_reply(const flow_t *flow, const struct ofpbuf *packet) +is_bcast_arp_reply(const flow_t *flow) { - struct arp_eth_header *arp = (struct arp_eth_header *) packet->data; return (flow->dl_type == htons(ETH_TYPE_ARP) - && eth_addr_is_broadcast(flow->dl_dst) - && packet->size >= sizeof(struct arp_eth_header) - && arp->ar_op == ARP_OP_REQUEST); + && flow->nw_proto == ARP_OP_REPLY + && eth_addr_is_broadcast(flow->dl_dst)); } /* If the composed actions may be applied to any packet in the given 'flow', @@ -1878,12 +2053,13 @@ is_bcast_arp_reply(const flow_t *flow, const struct ofpbuf *packet) static bool process_flow(struct bridge *br, const flow_t *flow, const struct ofpbuf *packet, struct odp_actions *actions, - tag_type *tags) + tag_type *tags, uint16_t *nf_output_iface) { struct iface *in_iface; struct port *in_port; struct port *out_port = NULL; /* By default, drop the packet/flow. */ int vlan; + int out_port_idx; /* Find the interface and port structure for the received packet. */ in_iface = iface_from_dp_ifidx(br, flow->in_port); @@ -1911,41 +2087,9 @@ process_flow(struct bridge *br, const flow_t *flow, return true; } in_port = in_iface->port; - - /* Figure out what VLAN this packet belongs to. - * - * Note that dl_vlan of 0 and of OFP_VLAN_NONE both mean that the packet - * belongs to VLAN 0, so we should treat both cases identically. (In the - * former case, the packet has an 802.1Q header that specifies VLAN 0, - * presumably to allow a priority to be specified. In the latter case, the - * packet does not have any 802.1Q header.) */ - vlan = ntohs(flow->dl_vlan); - if (vlan == OFP_VLAN_NONE) { - vlan = 0; - } - if (in_port->vlan >= 0) { - if (vlan) { - /* XXX support double tagging? */ - if (packet != NULL) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %"PRIu16" tagged " - "packet received on port %s configured with " - "implicit VLAN %"PRIu16, - br->name, ntohs(flow->dl_vlan), - in_port->name, in_port->vlan); - } - goto done; - } - vlan = in_port->vlan; - } else { - if (!port_includes_vlan(in_port, vlan)) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "bridge %s: dropping VLAN %d tagged " - "packet received on port %s not configured for " - "trunking VLAN %d", - br->name, vlan, in_port->name, vlan); - goto done; - } + vlan = flow_get_vlan(br, flow, in_port, !!packet); + if (vlan < 0) { + goto done; } /* Drop frames for ports that STP wants entirely killed (both for @@ -1987,44 +2131,30 @@ process_flow(struct bridge *br, const flow_t *flow, * to this rule: the host has moved to another switch. */ src_idx = mac_learning_lookup(br->ml, flow->dl_src, vlan); if (src_idx != -1 && src_idx != in_port->port_idx && - (!packet || !is_bcast_arp_reply(flow, packet))) { + !is_bcast_arp_reply(flow)) { goto done; } } /* MAC learning. */ out_port = FLOOD_PORT; - if (br->ml) { - int out_port_idx; - - /* Learn source MAC (but don't try to learn from revalidation). */ - if (packet) { - tag_type rev_tag = mac_learning_learn(br->ml, flow->dl_src, - vlan, in_port->port_idx); - if (rev_tag) { - /* The log messages here could actually be useful in debugging, - * so keep the rate limit relatively high. */ - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, - 300); - VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is " - "on port %s in VLAN %d", - br->name, ETH_ADDR_ARGS(flow->dl_src), - in_port->name, vlan); - ofproto_revalidate(br->ofproto, rev_tag); - } - } - - /* Determine output port. */ - out_port_idx = mac_learning_lookup_tag(br->ml, flow->dl_dst, vlan, - tags); - if (out_port_idx >= 0 && out_port_idx < br->n_ports) { - out_port = br->ports[out_port_idx]; - } else if (!packet) { - /* If we are revalidating but don't have a learning entry then - * eject the flow. Installing a flow that floods packets will - * prevent us from seeing future packets and learning properly. */ - return false; - } + /* Learn source MAC (but don't try to learn from revalidation). */ + if (packet) { + update_learning_table(br, flow, vlan, in_port); + } + + /* Determine output port. */ + out_port_idx = mac_learning_lookup_tag(br->ml, flow->dl_dst, vlan, + tags); + if (out_port_idx >= 0 && out_port_idx < br->n_ports) { + out_port = br->ports[out_port_idx]; + } else if (!packet && !eth_addr_is_multicast(flow->dl_dst)) { + /* If we are revalidating but don't have a learning entry then + * eject the flow. Installing a flow that floods packets opens + * up a window of time where we could learn from a packet reflected + * on a bond and blackhole packets before the learning table is + * updated to reflect the correct port. */ + return false; } /* Don't send packets out their input ports. Don't forward frames that STP @@ -2034,17 +2164,10 @@ process_flow(struct bridge *br, const flow_t *flow, } done: - compose_actions(br, flow, vlan, in_port, out_port, tags, actions); + compose_actions(br, flow, vlan, in_port, out_port, tags, actions, + nf_output_iface); - /* - * We send out only a single packet, instead of setting up a flow, if the - * packet is an ARP directed to broadcast that arrived on a bonded - * interface. In such a situation ARP requests and replies must be handled - * differently, but OpenFlow unfortunately can't distinguish them. - */ - return (in_port->n_ifaces < 2 - || flow->dl_type != htons(ETH_TYPE_ARP) - || !eth_addr_is_broadcast(flow->dl_dst)); + return true; } /* Careful: 'opp' is in host byte order and opp->port_no is an OFP port @@ -2086,7 +2209,8 @@ bridge_port_changed_ofhook_cb(enum ofp_port_reason reason, static bool bridge_normal_ofhook_cb(const flow_t *flow, const struct ofpbuf *packet, - struct odp_actions *actions, tag_type *tags, void *br_) + struct odp_actions *actions, tag_type *tags, + uint16_t *nf_output_iface, void *br_) { struct bridge *br = br_; @@ -2099,7 +2223,7 @@ bridge_normal_ofhook_cb(const flow_t *flow, const struct ofpbuf *packet, #endif COVERAGE_INC(bridge_process_flow); - return process_flow(br, flow, packet, actions, tags); + return process_flow(br, flow, packet, actions, tags, nf_output_iface); } static void @@ -2109,17 +2233,30 @@ bridge_account_flow_ofhook_cb(const flow_t *flow, void *br_) { struct bridge *br = br_; + struct port *in_port; const union odp_action *a; + /* Feed information from the active flows back into the learning table + * to ensure that table is always in sync with what is actually flowing + * through the datapath. */ + in_port = port_from_dp_ifidx(br, flow->in_port); + if (in_port) { + int vlan = flow_get_vlan(br, flow, in_port, false); + if (vlan >= 0) { + update_learning_table(br, flow, vlan, in_port); + } + } + if (!br->has_bonded_ports) { return; } for (a = actions; a < &actions[n_actions]; a++) { if (a->type == ODPAT_OUTPUT) { - struct port *port = port_from_dp_ifidx(br, a->output.port); - if (port && port->n_ifaces >= 2) { - struct bond_entry *e = lookup_bond_entry(port, flow->dl_src); + struct port *out_port = port_from_dp_ifidx(br, a->output.port); + if (out_port && out_port->n_ifaces >= 2) { + struct bond_entry *e = lookup_bond_entry(out_port, + flow->dl_src); e->tx_bytes += n_bytes; } } @@ -2465,7 +2602,7 @@ bond_send_learning_packets(struct port *port) struct ofpbuf packet; int error, n_packets, n_errors; - if (!port->n_ifaces || port->active_iface < 0 || !br->ml) { + if (!port->n_ifaces || port->active_iface < 0) { return; } @@ -2618,14 +2755,10 @@ bond_unixctl_show(struct unixctl_conn *conn, continue; } - ds_put_format(&ds, "\thash %d: %lld kB load\n", + ds_put_format(&ds, "\thash %d: %"PRIu64" kB load\n", hash, be->tx_bytes / 1024); /* MACs. */ - if (!port->bridge->ml) { - break; - } - LIST_FOR_EACH (me, struct mac_entry, lru_node, &port->bridge->ml->lrus) { uint16_t dp_ifidx; @@ -3328,7 +3461,8 @@ static void mirror_reconfigure(struct bridge *br) { struct svec old_mirrors, new_mirrors; - size_t i; + size_t i, n_rspan_vlans; + unsigned long *rspan_vlans; /* Collect old and new mirrors. */ svec_init(&old_mirrors); @@ -3377,6 +3511,29 @@ mirror_reconfigure(struct bridge *br) m->out_port->is_mirror_output_port = true; } } + + /* Update learning disabled vlans (for RSPAN). */ + rspan_vlans = NULL; + n_rspan_vlans = cfg_count("vlan.%s.disable-learning", br->name); + if (n_rspan_vlans) { + rspan_vlans = bitmap_allocate(4096); + + for (i = 0; i < n_rspan_vlans; i++) { + int vlan = cfg_get_vlan(i, "vlan.%s.disable-learning", br->name); + if (vlan >= 0) { + bitmap_set1(rspan_vlans, vlan); + VLOG_INFO("bridge %s: disabling learning on vlan %d\n", + br->name, vlan); + } else { + VLOG_ERR("bridge %s: invalid value '%s' for learning disabled " + "VLAN", br->name, + cfg_get_string(i, "vlan.%s.disable-learning", br->name)); + } + } + } + if (mac_learning_set_disabled_vlans(br->ml, rspan_vlans)) { + bridge_flush(br); + } } static void