1 /* Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 Nicira, Inc.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License. */
17 #include "ofproto/ofproto-dpif-xlate.h"
20 #include <arpa/inet.h>
22 #include <sys/socket.h>
23 #include <netinet/in.h>
29 #include "byte-order.h"
33 #include "dp-packet.h"
38 #include "mac-learning.h"
39 #include "mcast-snooping.h"
40 #include "multipath.h"
41 #include "netdev-vport.h"
44 #include "odp-execute.h"
45 #include "ofproto/ofproto-dpif-ipfix.h"
46 #include "ofproto/ofproto-dpif-mirror.h"
47 #include "ofproto/ofproto-dpif-monitor.h"
48 #include "ofproto/ofproto-dpif-sflow.h"
49 #include "ofproto/ofproto-dpif.h"
50 #include "ofproto/ofproto-provider.h"
51 #include "openvswitch/dynamic-string.h"
52 #include "openvswitch/meta-flow.h"
53 #include "openvswitch/list.h"
54 #include "openvswitch/ofp-actions.h"
55 #include "openvswitch/vlog.h"
57 #include "ovs-router.h"
59 #include "tnl-neigh-cache.h"
60 #include "tnl-ports.h"
63 COVERAGE_DEFINE(xlate_actions);
64 COVERAGE_DEFINE(xlate_actions_oversize);
65 COVERAGE_DEFINE(xlate_actions_too_many_output);
67 VLOG_DEFINE_THIS_MODULE(ofproto_dpif_xlate);
69 /* Maximum depth of flow table recursion (due to resubmit actions) in a
72 * The goal of limiting the depth of resubmits is to ensure that flow
73 * translation eventually terminates. Only resubmits to the same table or an
74 * earlier table count against the maximum depth. This is because resubmits to
75 * strictly monotonically increasing table IDs will eventually terminate, since
76 * any OpenFlow switch has a finite number of tables. OpenFlow tables are most
77 * commonly traversed in numerically increasing order, so this limit has little
78 * effect on conventionally designed OpenFlow pipelines.
80 * Outputs to patch ports and to groups also count against the depth limit. */
83 /* Maximum number of resubmit actions in a flow translation, whether they are
84 * recursive or not. */
85 #define MAX_RESUBMITS (MAX_DEPTH * MAX_DEPTH)
88 struct hmap_node hmap_node; /* Node in global 'xbridges' map. */
89 struct ofproto_dpif *ofproto; /* Key in global 'xbridges' map. */
91 struct ovs_list xbundles; /* Owned xbundles. */
92 struct hmap xports; /* Indexed by ofp_port. */
94 char *name; /* Name used in log messages. */
95 struct dpif *dpif; /* Datapath interface. */
96 struct mac_learning *ml; /* Mac learning handle. */
97 struct mcast_snooping *ms; /* Multicast Snooping handle. */
98 struct mbridge *mbridge; /* Mirroring. */
99 struct dpif_sflow *sflow; /* SFlow handle, or null. */
100 struct dpif_ipfix *ipfix; /* Ipfix handle, or null. */
101 struct netflow *netflow; /* Netflow handle, or null. */
102 struct stp *stp; /* STP or null if disabled. */
103 struct rstp *rstp; /* RSTP or null if disabled. */
105 bool has_in_band; /* Bridge has in band control? */
106 bool forward_bpdu; /* Bridge forwards STP BPDUs? */
108 /* Datapath feature support. */
109 struct dpif_backer_support support;
113 struct hmap_node hmap_node; /* In global 'xbundles' map. */
114 struct ofbundle *ofbundle; /* Key in global 'xbundles' map. */
116 struct ovs_list list_node; /* In parent 'xbridges' list. */
117 struct xbridge *xbridge; /* Parent xbridge. */
119 struct ovs_list xports; /* Contains "struct xport"s. */
121 char *name; /* Name used in log messages. */
122 struct bond *bond; /* Nonnull iff more than one port. */
123 struct lacp *lacp; /* LACP handle or null. */
125 enum port_vlan_mode vlan_mode; /* VLAN mode. */
126 int vlan; /* -1=trunk port, else a 12-bit VLAN ID. */
127 unsigned long *trunks; /* Bitmap of trunked VLANs, if 'vlan' == -1.
128 * NULL if all VLANs are trunked. */
129 bool use_priority_tags; /* Use 802.1p tag for frames in VLAN 0? */
130 bool floodable; /* No port has OFPUTIL_PC_NO_FLOOD set? */
134 struct hmap_node hmap_node; /* Node in global 'xports' map. */
135 struct ofport_dpif *ofport; /* Key in global 'xports map. */
137 struct hmap_node ofp_node; /* Node in parent xbridge 'xports' map. */
138 ofp_port_t ofp_port; /* Key in parent xbridge 'xports' map. */
140 odp_port_t odp_port; /* Datapath port number or ODPP_NONE. */
142 struct ovs_list bundle_node; /* In parent xbundle (if it exists). */
143 struct xbundle *xbundle; /* Parent xbundle or null. */
145 struct netdev *netdev; /* 'ofport''s netdev. */
147 struct xbridge *xbridge; /* Parent bridge. */
148 struct xport *peer; /* Patch port peer or null. */
150 enum ofputil_port_config config; /* OpenFlow port configuration. */
151 enum ofputil_port_state state; /* OpenFlow port state. */
152 int stp_port_no; /* STP port number or -1 if not in use. */
153 struct rstp_port *rstp_port; /* RSTP port or null. */
155 struct hmap skb_priorities; /* Map of 'skb_priority_to_dscp's. */
157 bool may_enable; /* May be enabled in bonds. */
158 bool is_tunnel; /* Is a tunnel port. */
160 struct cfm *cfm; /* CFM handle or null. */
161 struct bfd *bfd; /* BFD handle or null. */
162 struct lldp *lldp; /* LLDP handle or null. */
166 struct xlate_in *xin;
167 struct xlate_out *xout;
169 const struct xbridge *xbridge;
171 /* Flow tables version at the beginning of the translation. */
172 cls_version_t tables_version;
174 /* Flow at the last commit. */
175 struct flow base_flow;
177 /* Tunnel IP destination address as received. This is stored separately
178 * as the base_flow.tunnel is cleared on init to reflect the datapath
179 * behavior. Used to make sure not to send tunneled output to ourselves,
180 * which might lead to an infinite loop. This could happen easily
181 * if a tunnel is marked as 'ip_remote=flow', and the flow does not
182 * actually set the tun_dst field. */
183 struct in6_addr orig_tunnel_ipv6_dst;
185 /* Stack for the push and pop actions. Each stack element is of type
186 * "union mf_subvalue". */
189 /* The rule that we are currently translating, or NULL. */
190 struct rule_dpif *rule;
192 /* Flow translation populates this with wildcards relevant in translation.
193 * When 'xin->wc' is nonnull, this is the same pointer. When 'xin->wc' is
194 * null, this is a pointer to a temporary buffer. */
195 struct flow_wildcards *wc;
197 /* Output buffer for datapath actions. When 'xin->odp_actions' is nonnull,
198 * this is the same pointer. When 'xin->odp_actions' is null, this points
199 * to a scratch ofpbuf. This allows code to add actions to
200 * 'ctx->odp_actions' without worrying about whether the caller really
202 struct ofpbuf *odp_actions;
204 /* Statistics maintained by xlate_table_action().
206 * 'indentation' is the nesting level for resubmits. It is used to indent
207 * the output of resubmit_hook (e.g. for the "ofproto/trace" feature).
209 * The other statistics limit the amount of work that a single flow
210 * translation can perform. The goal of the first of these, 'depth', is
211 * primarily to prevent translation from performing an infinite amount of
212 * work. It counts the current depth of nested "resubmit"s (and a few
213 * other activities); when a resubmit returns, it decreases. Resubmits to
214 * tables in strictly monotonically increasing order don't contribute to
215 * 'depth' because they cannot cause a flow translation to take an infinite
216 * amount of time (because the number of tables is finite). Translation
217 * aborts when 'depth' exceeds MAX_DEPTH.
219 * 'resubmits', on the other hand, prevents flow translation from
220 * performing an extraordinarily large while still finite amount of work.
221 * It counts the total number of resubmits (and a few other activities)
222 * that have been executed. Returning from a resubmit does not affect this
223 * counter. Thus, this limits the amount of work that a particular
224 * translation can perform. Translation aborts when 'resubmits' exceeds
225 * MAX_RESUBMITS (which is much larger than MAX_DEPTH).
227 int indentation; /* Indentation level for resubmit_hook. */
228 int depth; /* Current resubmit nesting depth. */
229 int resubmits; /* Total number of resubmits. */
230 bool in_group; /* Currently translating ofgroup, if true. */
231 bool in_action_set; /* Currently translating action_set, if true. */
233 uint8_t table_id; /* OpenFlow table ID where flow was found. */
234 ovs_be64 rule_cookie; /* Cookie of the rule being translated. */
235 uint32_t orig_skb_priority; /* Priority when packet arrived. */
236 uint32_t sflow_n_outputs; /* Number of output ports. */
237 odp_port_t sflow_odp_port; /* Output port for composing sFlow action. */
238 ofp_port_t nf_output_iface; /* Output interface index for NetFlow. */
239 bool exit; /* No further actions should be processed. */
240 mirror_mask_t mirrors; /* Bitmap of associated mirrors. */
241 int mirror_snaplen; /* Max size of a mirror packet in byte. */
243 /* Freezing Translation
244 * ====================
246 * At some point during translation, the code may recognize the need to halt
247 * and checkpoint the translation in a way that it can be restarted again
248 * later. We call the checkpointing process "freezing" and the restarting
251 * The use cases for freezing are:
253 * - "Recirculation", where the translation process discovers that it
254 * doesn't have enough information to complete translation without
255 * actually executing the actions that have already been translated,
256 * which provides the additionally needed information. In these
257 * situations, translation freezes translation and assigns the frozen
258 * data a unique "recirculation ID", which it associates with the data
259 * in a table in userspace (see ofproto-dpif-rid.h). It also adds a
260 * OVS_ACTION_ATTR_RECIRC action specifying that ID to the datapath
261 * actions. When a packet hits that action, the datapath looks its
262 * flow up again using the ID. If there's a miss, it comes back to
263 * userspace, which find the recirculation table entry for the ID,
264 * thaws the associated frozen data, and continues translation from
265 * that point given the additional information that is now known.
267 * The archetypal example is MPLS. As MPLS is implemented in
268 * OpenFlow, the protocol that follows the last MPLS label becomes
269 * known only when that label is popped by an OpenFlow action. That
270 * means that Open vSwitch can't extract the headers beyond the MPLS
271 * labels until the pop action is executed. Thus, at that point
272 * translation uses the recirculation process to extract the headers
273 * beyond the MPLS labels.
275 * (OVS also uses OVS_ACTION_ATTR_RECIRC to implement hashing for
276 * output to bonds. OVS pre-populates all the datapath flows for bond
277 * output in the datapath, though, which means that the elaborate
278 * process of coming back to userspace for a second round of
279 * translation isn't needed, and so bonds don't follow the above
282 * - "Continuation". A continuation is a way for an OpenFlow controller
283 * to interpose on a packet's traversal of the OpenFlow tables. When
284 * the translation process encounters a "controller" action with the
285 * "pause" flag, it freezes translation, serializes the frozen data,
286 * and sends it to an OpenFlow controller. The controller then
287 * examines and possibly modifies the frozen data and eventually sends
288 * it back to the switch, which thaws it and continues translation.
290 * The main problem of freezing translation is preserving state, so that
291 * when the translation is thawed later it resumes from where it left off,
292 * without disruption. In particular, actions must be preserved as follows:
294 * - If we're freezing because an action needed more information, the
295 * action that prompted it.
297 * - Any actions remaining to be translated within the current flow.
299 * - If translation was frozen within a NXAST_RESUBMIT, then any actions
300 * following the resubmit action. Resubmit actions can be nested, so
301 * this has to go all the way up the control stack.
303 * - The OpenFlow 1.1+ action set.
305 * State that actions and flow table lookups can depend on, such as the
306 * following, must also be preserved:
308 * - Metadata fields (input port, registers, OF1.1+ metadata, ...).
310 * - The stack used by NXAST_STACK_PUSH and NXAST_STACK_POP actions.
312 * - The table ID and cookie of the flow being translated at each level
313 * of the control stack, because these can become visible through
314 * OFPAT_CONTROLLER actions (and other ways).
316 * Translation allows for the control of this state preservation via these
317 * members. When a need to freeze translation is identified, the
318 * translation process:
320 * 1. Sets 'freezing' to true.
322 * 2. Sets 'exit' to true to tell later steps that we're exiting from the
323 * translation process.
325 * 3. Adds an OFPACT_UNROLL_XLATE action to 'frozen_actions', and points
326 * frozen_actions.header to the action to make it easy to find it later.
327 * This action holds the current table ID and cookie so that they can be
328 * restored during a post-recirculation upcall translation.
330 * 4. Adds the action that prompted recirculation and any actions following
331 * it within the same flow to 'frozen_actions', so that they can be
332 * executed during a post-recirculation upcall translation.
336 * 6. The action that prompted recirculation might be nested in a stack of
337 * nested "resubmit"s that have actions remaining. Each of these notices
338 * that we're exiting and freezing and responds by adding more
339 * OFPACT_UNROLL_XLATE actions to 'frozen_actions', as necessary,
340 * followed by any actions that were yet unprocessed.
342 * If we're freezing because of recirculation, the caller generates a
343 * recirculation ID and associates all the state produced by this process
344 * with it. For post-recirculation upcall translation, the caller passes it
345 * back in for the new translation to execute. The process yielded a set of
346 * ofpacts that can be translated directly, so it is not much of a special
347 * case at that point.
350 struct ofpbuf frozen_actions;
351 const struct ofpact_controller *pause;
353 /* True if a packet was but is no longer MPLS (due to an MPLS pop action).
354 * This is a trigger for recirculation in cases where translating an action
355 * or looking up a flow requires access to the fields of the packet after
356 * the MPLS label stack that was originally present. */
359 /* True if conntrack has been performed on this packet during processing
360 * on the current bridge. This is used to determine whether conntrack
361 * state from the datapath should be honored after thawing. */
364 /* Pointer to an embedded NAT action in a conntrack action, or NULL. */
365 struct ofpact_nat *ct_nat_action;
367 /* OpenFlow 1.1+ action set.
369 * 'action_set' accumulates "struct ofpact"s added by OFPACT_WRITE_ACTIONS.
370 * When translation is otherwise complete, ofpacts_execute_action_set()
371 * converts it to a set of "struct ofpact"s that can be translated into
372 * datapath actions. */
373 bool action_set_has_group; /* Action set contains OFPACT_GROUP? */
374 struct ofpbuf action_set; /* Action set. */
376 enum xlate_error error; /* Translation failed. */
379 const char *xlate_strerror(enum xlate_error error)
384 case XLATE_BRIDGE_NOT_FOUND:
385 return "Bridge not found";
386 case XLATE_RECURSION_TOO_DEEP:
387 return "Recursion too deep";
388 case XLATE_TOO_MANY_RESUBMITS:
389 return "Too many resubmits";
390 case XLATE_STACK_TOO_DEEP:
391 return "Stack too deep";
392 case XLATE_NO_RECIRCULATION_CONTEXT:
393 return "No recirculation context";
394 case XLATE_RECIRCULATION_CONFLICT:
395 return "Recirculation conflict";
396 case XLATE_TOO_MANY_MPLS_LABELS:
397 return "Too many MPLS labels";
399 return "Unknown error";
402 static void xlate_action_set(struct xlate_ctx *ctx);
403 static void xlate_commit_actions(struct xlate_ctx *ctx);
406 ctx_trigger_freeze(struct xlate_ctx *ctx)
409 ctx->freezing = true;
413 ctx_first_frozen_action(const struct xlate_ctx *ctx)
415 return !ctx->frozen_actions.size;
419 ctx_cancel_freeze(struct xlate_ctx *ctx)
422 ctx->freezing = false;
423 ofpbuf_clear(&ctx->frozen_actions);
424 ctx->frozen_actions.header = NULL;
428 static void finish_freezing(struct xlate_ctx *ctx);
430 /* A controller may use OFPP_NONE as the ingress port to indicate that
431 * it did not arrive on a "real" port. 'ofpp_none_bundle' exists for
432 * when an input bundle is needed for validation (e.g., mirroring or
433 * OFPP_NORMAL processing). It is not connected to an 'ofproto' or have
434 * any 'port' structs, so care must be taken when dealing with it. */
435 static struct xbundle ofpp_none_bundle = {
437 .vlan_mode = PORT_VLAN_TRUNK
440 /* Node in 'xport''s 'skb_priorities' map. Used to maintain a map from
441 * 'priority' (the datapath's term for QoS queue) to the dscp bits which all
442 * traffic egressing the 'ofport' with that priority should be marked with. */
443 struct skb_priority_to_dscp {
444 struct hmap_node hmap_node; /* Node in 'ofport_dpif''s 'skb_priorities'. */
445 uint32_t skb_priority; /* Priority of this queue (see struct flow). */
447 uint8_t dscp; /* DSCP bits to mark outgoing traffic with. */
463 /* xlate_cache entries hold enough information to perform the side effects of
464 * xlate_actions() for a rule, without needing to perform rule translation
465 * from scratch. The primary usage of these is to submit statistics to objects
466 * that a flow relates to, although they may be used for other effects as well
467 * (for instance, refreshing hard timeouts for learned flows). */
471 struct rule_dpif *rule;
478 struct netflow *netflow;
483 struct mbridge *mbridge;
484 mirror_mask_t mirrors;
492 struct ofproto_dpif *ofproto;
493 struct ofputil_flow_mod *fm;
494 struct ofpbuf *ofpacts;
497 struct ofproto_dpif *ofproto;
502 struct rule_dpif *rule;
507 struct group_dpif *group;
508 struct ofputil_bucket *bucket;
511 char br_name[IFNAMSIZ];
512 struct in6_addr d_ipv6;
517 #define XC_ENTRY_FOR_EACH(ENTRY, ENTRIES, XCACHE) \
518 ENTRIES = XCACHE->entries; \
519 for (ENTRY = ofpbuf_try_pull(&ENTRIES, sizeof *ENTRY); \
521 ENTRY = ofpbuf_try_pull(&ENTRIES, sizeof *ENTRY))
524 struct ofpbuf entries;
527 /* Xlate config contains hash maps of all bridges, bundles and ports.
528 * Xcfgp contains the pointer to the current xlate configuration.
529 * When the main thread needs to change the configuration, it copies xcfgp to
530 * new_xcfg and edits new_xcfg. This enables the use of RCU locking which
531 * does not block handler and revalidator threads. */
533 struct hmap xbridges;
534 struct hmap xbundles;
537 static OVSRCU_TYPE(struct xlate_cfg *) xcfgp = OVSRCU_INITIALIZER(NULL);
538 static struct xlate_cfg *new_xcfg = NULL;
540 static bool may_receive(const struct xport *, struct xlate_ctx *);
541 static void do_xlate_actions(const struct ofpact *, size_t ofpacts_len,
543 static void xlate_normal(struct xlate_ctx *);
544 static inline void xlate_report(struct xlate_ctx *, const char *, ...)
545 OVS_PRINTF_FORMAT(2, 3);
546 static void xlate_table_action(struct xlate_ctx *, ofp_port_t in_port,
547 uint8_t table_id, bool may_packet_in,
548 bool honor_table_miss);
549 static bool input_vid_is_valid(uint16_t vid, struct xbundle *, bool warn);
550 static uint16_t input_vid_to_vlan(const struct xbundle *, uint16_t vid);
551 static void output_normal(struct xlate_ctx *, const struct xbundle *,
554 /* Optional bond recirculation parameter to compose_output_action(). */
555 struct xlate_bond_recirc {
556 uint32_t recirc_id; /* !0 Use recirculation instead of output. */
557 uint8_t hash_alg; /* !0 Compute hash for recirc before. */
558 uint32_t hash_basis; /* Compute hash for recirc before. */
561 static void compose_output_action(struct xlate_ctx *, ofp_port_t ofp_port,
562 const struct xlate_bond_recirc *xr);
564 static struct xbridge *xbridge_lookup(struct xlate_cfg *,
565 const struct ofproto_dpif *);
566 static struct xbridge *xbridge_lookup_by_uuid(struct xlate_cfg *,
567 const struct uuid *);
568 static struct xbundle *xbundle_lookup(struct xlate_cfg *,
569 const struct ofbundle *);
570 static struct xport *xport_lookup(struct xlate_cfg *,
571 const struct ofport_dpif *);
572 static struct xport *get_ofp_port(const struct xbridge *, ofp_port_t ofp_port);
573 static struct skb_priority_to_dscp *get_skb_priority(const struct xport *,
574 uint32_t skb_priority);
575 static void clear_skb_priorities(struct xport *);
576 static size_t count_skb_priorities(const struct xport *);
577 static bool dscp_from_skb_priority(const struct xport *, uint32_t skb_priority,
580 static struct xc_entry *xlate_cache_add_entry(struct xlate_cache *xc,
582 static void xlate_xbridge_init(struct xlate_cfg *, struct xbridge *);
583 static void xlate_xbundle_init(struct xlate_cfg *, struct xbundle *);
584 static void xlate_xport_init(struct xlate_cfg *, struct xport *);
585 static void xlate_xbridge_set(struct xbridge *, struct dpif *,
586 const struct mac_learning *, struct stp *,
587 struct rstp *, const struct mcast_snooping *,
588 const struct mbridge *,
589 const struct dpif_sflow *,
590 const struct dpif_ipfix *,
591 const struct netflow *,
592 bool forward_bpdu, bool has_in_band,
593 const struct dpif_backer_support *);
594 static void xlate_xbundle_set(struct xbundle *xbundle,
595 enum port_vlan_mode vlan_mode, int vlan,
596 unsigned long *trunks, bool use_priority_tags,
597 const struct bond *bond, const struct lacp *lacp,
599 static void xlate_xport_set(struct xport *xport, odp_port_t odp_port,
600 const struct netdev *netdev, const struct cfm *cfm,
601 const struct bfd *bfd, const struct lldp *lldp,
602 int stp_port_no, const struct rstp_port *rstp_port,
603 enum ofputil_port_config config,
604 enum ofputil_port_state state, bool is_tunnel,
606 static void xlate_xbridge_remove(struct xlate_cfg *, struct xbridge *);
607 static void xlate_xbundle_remove(struct xlate_cfg *, struct xbundle *);
608 static void xlate_xport_remove(struct xlate_cfg *, struct xport *);
609 static void xlate_xbridge_copy(struct xbridge *);
610 static void xlate_xbundle_copy(struct xbridge *, struct xbundle *);
611 static void xlate_xport_copy(struct xbridge *, struct xbundle *,
613 static void xlate_xcfg_free(struct xlate_cfg *);
616 xlate_report(struct xlate_ctx *ctx, const char *format, ...)
618 if (OVS_UNLIKELY(ctx->xin->report_hook)) {
621 va_start(args, format);
622 ctx->xin->report_hook(ctx->xin, ctx->indentation, format, args);
627 static struct vlog_rate_limit error_report_rl = VLOG_RATE_LIMIT_INIT(1, 5);
629 #define XLATE_REPORT_ERROR(CTX, ...) \
631 if (OVS_UNLIKELY((CTX)->xin->report_hook)) { \
632 xlate_report(CTX, __VA_ARGS__); \
634 VLOG_ERR_RL(&error_report_rl, __VA_ARGS__); \
639 xlate_report_actions(struct xlate_ctx *ctx, const char *title,
640 const struct ofpact *ofpacts, size_t ofpacts_len)
642 if (OVS_UNLIKELY(ctx->xin->report_hook)) {
643 struct ds s = DS_EMPTY_INITIALIZER;
644 ofpacts_format(ofpacts, ofpacts_len, &s);
645 xlate_report(ctx, "%s: %s", title, ds_cstr(&s));
651 xlate_xbridge_init(struct xlate_cfg *xcfg, struct xbridge *xbridge)
653 ovs_list_init(&xbridge->xbundles);
654 hmap_init(&xbridge->xports);
655 hmap_insert(&xcfg->xbridges, &xbridge->hmap_node,
656 hash_pointer(xbridge->ofproto, 0));
660 xlate_xbundle_init(struct xlate_cfg *xcfg, struct xbundle *xbundle)
662 ovs_list_init(&xbundle->xports);
663 ovs_list_insert(&xbundle->xbridge->xbundles, &xbundle->list_node);
664 hmap_insert(&xcfg->xbundles, &xbundle->hmap_node,
665 hash_pointer(xbundle->ofbundle, 0));
669 xlate_xport_init(struct xlate_cfg *xcfg, struct xport *xport)
671 hmap_init(&xport->skb_priorities);
672 hmap_insert(&xcfg->xports, &xport->hmap_node,
673 hash_pointer(xport->ofport, 0));
674 hmap_insert(&xport->xbridge->xports, &xport->ofp_node,
675 hash_ofp_port(xport->ofp_port));
679 xlate_xbridge_set(struct xbridge *xbridge,
681 const struct mac_learning *ml, struct stp *stp,
682 struct rstp *rstp, const struct mcast_snooping *ms,
683 const struct mbridge *mbridge,
684 const struct dpif_sflow *sflow,
685 const struct dpif_ipfix *ipfix,
686 const struct netflow *netflow,
687 bool forward_bpdu, bool has_in_band,
688 const struct dpif_backer_support *support)
690 if (xbridge->ml != ml) {
691 mac_learning_unref(xbridge->ml);
692 xbridge->ml = mac_learning_ref(ml);
695 if (xbridge->ms != ms) {
696 mcast_snooping_unref(xbridge->ms);
697 xbridge->ms = mcast_snooping_ref(ms);
700 if (xbridge->mbridge != mbridge) {
701 mbridge_unref(xbridge->mbridge);
702 xbridge->mbridge = mbridge_ref(mbridge);
705 if (xbridge->sflow != sflow) {
706 dpif_sflow_unref(xbridge->sflow);
707 xbridge->sflow = dpif_sflow_ref(sflow);
710 if (xbridge->ipfix != ipfix) {
711 dpif_ipfix_unref(xbridge->ipfix);
712 xbridge->ipfix = dpif_ipfix_ref(ipfix);
715 if (xbridge->stp != stp) {
716 stp_unref(xbridge->stp);
717 xbridge->stp = stp_ref(stp);
720 if (xbridge->rstp != rstp) {
721 rstp_unref(xbridge->rstp);
722 xbridge->rstp = rstp_ref(rstp);
725 if (xbridge->netflow != netflow) {
726 netflow_unref(xbridge->netflow);
727 xbridge->netflow = netflow_ref(netflow);
730 xbridge->dpif = dpif;
731 xbridge->forward_bpdu = forward_bpdu;
732 xbridge->has_in_band = has_in_band;
733 xbridge->support = *support;
737 xlate_xbundle_set(struct xbundle *xbundle,
738 enum port_vlan_mode vlan_mode, int vlan,
739 unsigned long *trunks, bool use_priority_tags,
740 const struct bond *bond, const struct lacp *lacp,
743 ovs_assert(xbundle->xbridge);
745 xbundle->vlan_mode = vlan_mode;
746 xbundle->vlan = vlan;
747 xbundle->trunks = trunks;
748 xbundle->use_priority_tags = use_priority_tags;
749 xbundle->floodable = floodable;
751 if (xbundle->bond != bond) {
752 bond_unref(xbundle->bond);
753 xbundle->bond = bond_ref(bond);
756 if (xbundle->lacp != lacp) {
757 lacp_unref(xbundle->lacp);
758 xbundle->lacp = lacp_ref(lacp);
763 xlate_xport_set(struct xport *xport, odp_port_t odp_port,
764 const struct netdev *netdev, const struct cfm *cfm,
765 const struct bfd *bfd, const struct lldp *lldp, int stp_port_no,
766 const struct rstp_port* rstp_port,
767 enum ofputil_port_config config, enum ofputil_port_state state,
768 bool is_tunnel, bool may_enable)
770 xport->config = config;
771 xport->state = state;
772 xport->stp_port_no = stp_port_no;
773 xport->is_tunnel = is_tunnel;
774 xport->may_enable = may_enable;
775 xport->odp_port = odp_port;
777 if (xport->rstp_port != rstp_port) {
778 rstp_port_unref(xport->rstp_port);
779 xport->rstp_port = rstp_port_ref(rstp_port);
782 if (xport->cfm != cfm) {
783 cfm_unref(xport->cfm);
784 xport->cfm = cfm_ref(cfm);
787 if (xport->bfd != bfd) {
788 bfd_unref(xport->bfd);
789 xport->bfd = bfd_ref(bfd);
792 if (xport->lldp != lldp) {
793 lldp_unref(xport->lldp);
794 xport->lldp = lldp_ref(lldp);
797 if (xport->netdev != netdev) {
798 netdev_close(xport->netdev);
799 xport->netdev = netdev_ref(netdev);
804 xlate_xbridge_copy(struct xbridge *xbridge)
806 struct xbundle *xbundle;
808 struct xbridge *new_xbridge = xzalloc(sizeof *xbridge);
809 new_xbridge->ofproto = xbridge->ofproto;
810 new_xbridge->name = xstrdup(xbridge->name);
811 xlate_xbridge_init(new_xcfg, new_xbridge);
813 xlate_xbridge_set(new_xbridge,
814 xbridge->dpif, xbridge->ml, xbridge->stp,
815 xbridge->rstp, xbridge->ms, xbridge->mbridge,
816 xbridge->sflow, xbridge->ipfix, xbridge->netflow,
817 xbridge->forward_bpdu, xbridge->has_in_band,
819 LIST_FOR_EACH (xbundle, list_node, &xbridge->xbundles) {
820 xlate_xbundle_copy(new_xbridge, xbundle);
823 /* Copy xports which are not part of a xbundle */
824 HMAP_FOR_EACH (xport, ofp_node, &xbridge->xports) {
825 if (!xport->xbundle) {
826 xlate_xport_copy(new_xbridge, NULL, xport);
832 xlate_xbundle_copy(struct xbridge *xbridge, struct xbundle *xbundle)
835 struct xbundle *new_xbundle = xzalloc(sizeof *xbundle);
836 new_xbundle->ofbundle = xbundle->ofbundle;
837 new_xbundle->xbridge = xbridge;
838 new_xbundle->name = xstrdup(xbundle->name);
839 xlate_xbundle_init(new_xcfg, new_xbundle);
841 xlate_xbundle_set(new_xbundle, xbundle->vlan_mode,
842 xbundle->vlan, xbundle->trunks,
843 xbundle->use_priority_tags, xbundle->bond, xbundle->lacp,
845 LIST_FOR_EACH (xport, bundle_node, &xbundle->xports) {
846 xlate_xport_copy(xbridge, new_xbundle, xport);
851 xlate_xport_copy(struct xbridge *xbridge, struct xbundle *xbundle,
854 struct skb_priority_to_dscp *pdscp, *new_pdscp;
855 struct xport *new_xport = xzalloc(sizeof *xport);
856 new_xport->ofport = xport->ofport;
857 new_xport->ofp_port = xport->ofp_port;
858 new_xport->xbridge = xbridge;
859 xlate_xport_init(new_xcfg, new_xport);
861 xlate_xport_set(new_xport, xport->odp_port, xport->netdev, xport->cfm,
862 xport->bfd, xport->lldp, xport->stp_port_no,
863 xport->rstp_port, xport->config, xport->state,
864 xport->is_tunnel, xport->may_enable);
867 struct xport *peer = xport_lookup(new_xcfg, xport->peer->ofport);
869 new_xport->peer = peer;
870 new_xport->peer->peer = new_xport;
875 new_xport->xbundle = xbundle;
876 ovs_list_insert(&new_xport->xbundle->xports, &new_xport->bundle_node);
879 HMAP_FOR_EACH (pdscp, hmap_node, &xport->skb_priorities) {
880 new_pdscp = xmalloc(sizeof *pdscp);
881 new_pdscp->skb_priority = pdscp->skb_priority;
882 new_pdscp->dscp = pdscp->dscp;
883 hmap_insert(&new_xport->skb_priorities, &new_pdscp->hmap_node,
884 hash_int(new_pdscp->skb_priority, 0));
888 /* Sets the current xlate configuration to new_xcfg and frees the old xlate
889 * configuration in xcfgp.
891 * This needs to be called after editing the xlate configuration.
893 * Functions that edit the new xlate configuration are
894 * xlate_<ofproto/bundle/ofport>_set and xlate_<ofproto/bundle/ofport>_remove.
900 * edit_xlate_configuration();
902 * xlate_txn_commit(); */
904 xlate_txn_commit(void)
906 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
908 ovsrcu_set(&xcfgp, new_xcfg);
909 ovsrcu_synchronize();
910 xlate_xcfg_free(xcfg);
914 /* Copies the current xlate configuration in xcfgp to new_xcfg.
916 * This needs to be called prior to editing the xlate configuration. */
918 xlate_txn_start(void)
920 struct xbridge *xbridge;
921 struct xlate_cfg *xcfg;
923 ovs_assert(!new_xcfg);
925 new_xcfg = xmalloc(sizeof *new_xcfg);
926 hmap_init(&new_xcfg->xbridges);
927 hmap_init(&new_xcfg->xbundles);
928 hmap_init(&new_xcfg->xports);
930 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
935 HMAP_FOR_EACH (xbridge, hmap_node, &xcfg->xbridges) {
936 xlate_xbridge_copy(xbridge);
942 xlate_xcfg_free(struct xlate_cfg *xcfg)
944 struct xbridge *xbridge, *next_xbridge;
950 HMAP_FOR_EACH_SAFE (xbridge, next_xbridge, hmap_node, &xcfg->xbridges) {
951 xlate_xbridge_remove(xcfg, xbridge);
954 hmap_destroy(&xcfg->xbridges);
955 hmap_destroy(&xcfg->xbundles);
956 hmap_destroy(&xcfg->xports);
961 xlate_ofproto_set(struct ofproto_dpif *ofproto, const char *name,
963 const struct mac_learning *ml, struct stp *stp,
964 struct rstp *rstp, const struct mcast_snooping *ms,
965 const struct mbridge *mbridge,
966 const struct dpif_sflow *sflow,
967 const struct dpif_ipfix *ipfix,
968 const struct netflow *netflow,
969 bool forward_bpdu, bool has_in_band,
970 const struct dpif_backer_support *support)
972 struct xbridge *xbridge;
974 ovs_assert(new_xcfg);
976 xbridge = xbridge_lookup(new_xcfg, ofproto);
978 xbridge = xzalloc(sizeof *xbridge);
979 xbridge->ofproto = ofproto;
981 xlate_xbridge_init(new_xcfg, xbridge);
985 xbridge->name = xstrdup(name);
987 xlate_xbridge_set(xbridge, dpif, ml, stp, rstp, ms, mbridge, sflow, ipfix,
988 netflow, forward_bpdu, has_in_band, support);
992 xlate_xbridge_remove(struct xlate_cfg *xcfg, struct xbridge *xbridge)
994 struct xbundle *xbundle, *next_xbundle;
995 struct xport *xport, *next_xport;
1001 HMAP_FOR_EACH_SAFE (xport, next_xport, ofp_node, &xbridge->xports) {
1002 xlate_xport_remove(xcfg, xport);
1005 LIST_FOR_EACH_SAFE (xbundle, next_xbundle, list_node, &xbridge->xbundles) {
1006 xlate_xbundle_remove(xcfg, xbundle);
1009 hmap_remove(&xcfg->xbridges, &xbridge->hmap_node);
1010 mac_learning_unref(xbridge->ml);
1011 mcast_snooping_unref(xbridge->ms);
1012 mbridge_unref(xbridge->mbridge);
1013 dpif_sflow_unref(xbridge->sflow);
1014 dpif_ipfix_unref(xbridge->ipfix);
1015 stp_unref(xbridge->stp);
1016 rstp_unref(xbridge->rstp);
1017 hmap_destroy(&xbridge->xports);
1018 free(xbridge->name);
1023 xlate_remove_ofproto(struct ofproto_dpif *ofproto)
1025 struct xbridge *xbridge;
1027 ovs_assert(new_xcfg);
1029 xbridge = xbridge_lookup(new_xcfg, ofproto);
1030 xlate_xbridge_remove(new_xcfg, xbridge);
1034 xlate_bundle_set(struct ofproto_dpif *ofproto, struct ofbundle *ofbundle,
1035 const char *name, enum port_vlan_mode vlan_mode, int vlan,
1036 unsigned long *trunks, bool use_priority_tags,
1037 const struct bond *bond, const struct lacp *lacp,
1040 struct xbundle *xbundle;
1042 ovs_assert(new_xcfg);
1044 xbundle = xbundle_lookup(new_xcfg, ofbundle);
1046 xbundle = xzalloc(sizeof *xbundle);
1047 xbundle->ofbundle = ofbundle;
1048 xbundle->xbridge = xbridge_lookup(new_xcfg, ofproto);
1050 xlate_xbundle_init(new_xcfg, xbundle);
1053 free(xbundle->name);
1054 xbundle->name = xstrdup(name);
1056 xlate_xbundle_set(xbundle, vlan_mode, vlan, trunks,
1057 use_priority_tags, bond, lacp, floodable);
1061 xlate_xbundle_remove(struct xlate_cfg *xcfg, struct xbundle *xbundle)
1063 struct xport *xport;
1069 LIST_FOR_EACH_POP (xport, bundle_node, &xbundle->xports) {
1070 xport->xbundle = NULL;
1073 hmap_remove(&xcfg->xbundles, &xbundle->hmap_node);
1074 ovs_list_remove(&xbundle->list_node);
1075 bond_unref(xbundle->bond);
1076 lacp_unref(xbundle->lacp);
1077 free(xbundle->name);
1082 xlate_bundle_remove(struct ofbundle *ofbundle)
1084 struct xbundle *xbundle;
1086 ovs_assert(new_xcfg);
1088 xbundle = xbundle_lookup(new_xcfg, ofbundle);
1089 xlate_xbundle_remove(new_xcfg, xbundle);
1093 xlate_ofport_set(struct ofproto_dpif *ofproto, struct ofbundle *ofbundle,
1094 struct ofport_dpif *ofport, ofp_port_t ofp_port,
1095 odp_port_t odp_port, const struct netdev *netdev,
1096 const struct cfm *cfm, const struct bfd *bfd,
1097 const struct lldp *lldp, struct ofport_dpif *peer,
1098 int stp_port_no, const struct rstp_port *rstp_port,
1099 const struct ofproto_port_queue *qdscp_list, size_t n_qdscp,
1100 enum ofputil_port_config config,
1101 enum ofputil_port_state state, bool is_tunnel,
1105 struct xport *xport;
1107 ovs_assert(new_xcfg);
1109 xport = xport_lookup(new_xcfg, ofport);
1111 xport = xzalloc(sizeof *xport);
1112 xport->ofport = ofport;
1113 xport->xbridge = xbridge_lookup(new_xcfg, ofproto);
1114 xport->ofp_port = ofp_port;
1116 xlate_xport_init(new_xcfg, xport);
1119 ovs_assert(xport->ofp_port == ofp_port);
1121 xlate_xport_set(xport, odp_port, netdev, cfm, bfd, lldp,
1122 stp_port_no, rstp_port, config, state, is_tunnel,
1126 xport->peer->peer = NULL;
1128 xport->peer = xport_lookup(new_xcfg, peer);
1130 xport->peer->peer = xport;
1133 if (xport->xbundle) {
1134 ovs_list_remove(&xport->bundle_node);
1136 xport->xbundle = xbundle_lookup(new_xcfg, ofbundle);
1137 if (xport->xbundle) {
1138 ovs_list_insert(&xport->xbundle->xports, &xport->bundle_node);
1141 clear_skb_priorities(xport);
1142 for (i = 0; i < n_qdscp; i++) {
1143 struct skb_priority_to_dscp *pdscp;
1144 uint32_t skb_priority;
1146 if (dpif_queue_to_priority(xport->xbridge->dpif, qdscp_list[i].queue,
1151 pdscp = xmalloc(sizeof *pdscp);
1152 pdscp->skb_priority = skb_priority;
1153 pdscp->dscp = (qdscp_list[i].dscp << 2) & IP_DSCP_MASK;
1154 hmap_insert(&xport->skb_priorities, &pdscp->hmap_node,
1155 hash_int(pdscp->skb_priority, 0));
1160 xlate_xport_remove(struct xlate_cfg *xcfg, struct xport *xport)
1167 xport->peer->peer = NULL;
1171 if (xport->xbundle) {
1172 ovs_list_remove(&xport->bundle_node);
1175 clear_skb_priorities(xport);
1176 hmap_destroy(&xport->skb_priorities);
1178 hmap_remove(&xcfg->xports, &xport->hmap_node);
1179 hmap_remove(&xport->xbridge->xports, &xport->ofp_node);
1181 netdev_close(xport->netdev);
1182 rstp_port_unref(xport->rstp_port);
1183 cfm_unref(xport->cfm);
1184 bfd_unref(xport->bfd);
1185 lldp_unref(xport->lldp);
1190 xlate_ofport_remove(struct ofport_dpif *ofport)
1192 struct xport *xport;
1194 ovs_assert(new_xcfg);
1196 xport = xport_lookup(new_xcfg, ofport);
1197 xlate_xport_remove(new_xcfg, xport);
1200 static struct ofproto_dpif *
1201 xlate_lookup_ofproto_(const struct dpif_backer *backer, const struct flow *flow,
1202 ofp_port_t *ofp_in_port, const struct xport **xportp)
1204 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
1205 const struct xport *xport;
1207 xport = xport_lookup(xcfg, tnl_port_should_receive(flow)
1208 ? tnl_port_receive(flow)
1209 : odp_port_to_ofport(backer, flow->in_port.odp_port));
1210 if (OVS_UNLIKELY(!xport)) {
1215 *ofp_in_port = xport->ofp_port;
1217 return xport->xbridge->ofproto;
1220 /* Given a datapath and flow metadata ('backer', and 'flow' respectively)
1221 * returns the corresponding struct ofproto_dpif and OpenFlow port number. */
1222 struct ofproto_dpif *
1223 xlate_lookup_ofproto(const struct dpif_backer *backer, const struct flow *flow,
1224 ofp_port_t *ofp_in_port)
1226 const struct xport *xport;
1228 return xlate_lookup_ofproto_(backer, flow, ofp_in_port, &xport);
1231 /* Given a datapath and flow metadata ('backer', and 'flow' respectively),
1232 * optionally populates 'ofproto' with the ofproto_dpif, 'ofp_in_port' with the
1233 * openflow in_port, and 'ipfix', 'sflow', and 'netflow' with the appropriate
1234 * handles for those protocols if they're enabled. Caller may use the returned
1235 * pointers until quiescing, for longer term use additional references must
1238 * Returns 0 if successful, ENODEV if the parsed flow has no associated ofproto.
1241 xlate_lookup(const struct dpif_backer *backer, const struct flow *flow,
1242 struct ofproto_dpif **ofprotop, struct dpif_ipfix **ipfix,
1243 struct dpif_sflow **sflow, struct netflow **netflow,
1244 ofp_port_t *ofp_in_port)
1246 struct ofproto_dpif *ofproto;
1247 const struct xport *xport;
1249 ofproto = xlate_lookup_ofproto_(backer, flow, ofp_in_port, &xport);
1256 *ofprotop = ofproto;
1260 *ipfix = xport ? xport->xbridge->ipfix : NULL;
1264 *sflow = xport ? xport->xbridge->sflow : NULL;
1268 *netflow = xport ? xport->xbridge->netflow : NULL;
1274 static struct xbridge *
1275 xbridge_lookup(struct xlate_cfg *xcfg, const struct ofproto_dpif *ofproto)
1277 struct hmap *xbridges;
1278 struct xbridge *xbridge;
1280 if (!ofproto || !xcfg) {
1284 xbridges = &xcfg->xbridges;
1286 HMAP_FOR_EACH_IN_BUCKET (xbridge, hmap_node, hash_pointer(ofproto, 0),
1288 if (xbridge->ofproto == ofproto) {
1295 static struct xbridge *
1296 xbridge_lookup_by_uuid(struct xlate_cfg *xcfg, const struct uuid *uuid)
1298 struct xbridge *xbridge;
1300 HMAP_FOR_EACH (xbridge, hmap_node, &xcfg->xbridges) {
1301 if (uuid_equals(ofproto_dpif_get_uuid(xbridge->ofproto), uuid)) {
1308 static struct xbundle *
1309 xbundle_lookup(struct xlate_cfg *xcfg, const struct ofbundle *ofbundle)
1311 struct hmap *xbundles;
1312 struct xbundle *xbundle;
1314 if (!ofbundle || !xcfg) {
1318 xbundles = &xcfg->xbundles;
1320 HMAP_FOR_EACH_IN_BUCKET (xbundle, hmap_node, hash_pointer(ofbundle, 0),
1322 if (xbundle->ofbundle == ofbundle) {
1329 static struct xport *
1330 xport_lookup(struct xlate_cfg *xcfg, const struct ofport_dpif *ofport)
1332 struct hmap *xports;
1333 struct xport *xport;
1335 if (!ofport || !xcfg) {
1339 xports = &xcfg->xports;
1341 HMAP_FOR_EACH_IN_BUCKET (xport, hmap_node, hash_pointer(ofport, 0),
1343 if (xport->ofport == ofport) {
1350 static struct stp_port *
1351 xport_get_stp_port(const struct xport *xport)
1353 return xport->xbridge->stp && xport->stp_port_no != -1
1354 ? stp_get_port(xport->xbridge->stp, xport->stp_port_no)
1359 xport_stp_learn_state(const struct xport *xport)
1361 struct stp_port *sp = xport_get_stp_port(xport);
1363 ? stp_learn_in_state(stp_port_get_state(sp))
1368 xport_stp_forward_state(const struct xport *xport)
1370 struct stp_port *sp = xport_get_stp_port(xport);
1372 ? stp_forward_in_state(stp_port_get_state(sp))
1377 xport_stp_should_forward_bpdu(const struct xport *xport)
1379 struct stp_port *sp = xport_get_stp_port(xport);
1380 return stp_should_forward_bpdu(sp ? stp_port_get_state(sp) : STP_DISABLED);
1383 /* Returns true if STP should process 'flow'. Sets fields in 'wc' that
1384 * were used to make the determination.*/
1386 stp_should_process_flow(const struct flow *flow, struct flow_wildcards *wc)
1388 /* is_stp() also checks dl_type, but dl_type is always set in 'wc'. */
1389 memset(&wc->masks.dl_dst, 0xff, sizeof wc->masks.dl_dst);
1390 return is_stp(flow);
1394 stp_process_packet(const struct xport *xport, const struct dp_packet *packet)
1396 struct stp_port *sp = xport_get_stp_port(xport);
1397 struct dp_packet payload = *packet;
1398 struct eth_header *eth = dp_packet_data(&payload);
1400 /* Sink packets on ports that have STP disabled when the bridge has
1402 if (!sp || stp_port_get_state(sp) == STP_DISABLED) {
1406 /* Trim off padding on payload. */
1407 if (dp_packet_size(&payload) > ntohs(eth->eth_type) + ETH_HEADER_LEN) {
1408 dp_packet_set_size(&payload, ntohs(eth->eth_type) + ETH_HEADER_LEN);
1411 if (dp_packet_try_pull(&payload, ETH_HEADER_LEN + LLC_HEADER_LEN)) {
1412 stp_received_bpdu(sp, dp_packet_data(&payload), dp_packet_size(&payload));
1416 static enum rstp_state
1417 xport_get_rstp_port_state(const struct xport *xport)
1419 return xport->rstp_port
1420 ? rstp_port_get_state(xport->rstp_port)
1425 xport_rstp_learn_state(const struct xport *xport)
1427 return xport->xbridge->rstp && xport->rstp_port
1428 ? rstp_learn_in_state(xport_get_rstp_port_state(xport))
1433 xport_rstp_forward_state(const struct xport *xport)
1435 return xport->xbridge->rstp && xport->rstp_port
1436 ? rstp_forward_in_state(xport_get_rstp_port_state(xport))
1441 xport_rstp_should_manage_bpdu(const struct xport *xport)
1443 return rstp_should_manage_bpdu(xport_get_rstp_port_state(xport));
1447 rstp_process_packet(const struct xport *xport, const struct dp_packet *packet)
1449 struct dp_packet payload = *packet;
1450 struct eth_header *eth = dp_packet_data(&payload);
1452 /* Sink packets on ports that have no RSTP. */
1453 if (!xport->rstp_port) {
1457 /* Trim off padding on payload. */
1458 if (dp_packet_size(&payload) > ntohs(eth->eth_type) + ETH_HEADER_LEN) {
1459 dp_packet_set_size(&payload, ntohs(eth->eth_type) + ETH_HEADER_LEN);
1462 if (dp_packet_try_pull(&payload, ETH_HEADER_LEN + LLC_HEADER_LEN)) {
1463 rstp_port_received_bpdu(xport->rstp_port, dp_packet_data(&payload),
1464 dp_packet_size(&payload));
1468 static struct xport *
1469 get_ofp_port(const struct xbridge *xbridge, ofp_port_t ofp_port)
1471 struct xport *xport;
1473 HMAP_FOR_EACH_IN_BUCKET (xport, ofp_node, hash_ofp_port(ofp_port),
1475 if (xport->ofp_port == ofp_port) {
1483 ofp_port_to_odp_port(const struct xbridge *xbridge, ofp_port_t ofp_port)
1485 const struct xport *xport = get_ofp_port(xbridge, ofp_port);
1486 return xport ? xport->odp_port : ODPP_NONE;
1490 odp_port_is_alive(const struct xlate_ctx *ctx, ofp_port_t ofp_port)
1492 struct xport *xport = get_ofp_port(ctx->xbridge, ofp_port);
1493 return xport && xport->may_enable;
1496 static struct ofputil_bucket *
1497 group_first_live_bucket(const struct xlate_ctx *, const struct group_dpif *,
1501 group_is_alive(const struct xlate_ctx *ctx, uint32_t group_id, int depth)
1503 struct group_dpif *group;
1505 if (group_dpif_lookup(ctx->xbridge->ofproto, group_id, &group)) {
1506 struct ofputil_bucket *bucket;
1508 bucket = group_first_live_bucket(ctx, group, depth);
1509 group_dpif_unref(group);
1510 return bucket != NULL;
1516 #define MAX_LIVENESS_RECURSION 128 /* Arbitrary limit */
1519 bucket_is_alive(const struct xlate_ctx *ctx,
1520 struct ofputil_bucket *bucket, int depth)
1522 if (depth >= MAX_LIVENESS_RECURSION) {
1523 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
1525 VLOG_WARN_RL(&rl, "bucket chaining exceeded %d links",
1526 MAX_LIVENESS_RECURSION);
1530 return (!ofputil_bucket_has_liveness(bucket)
1531 || (bucket->watch_port != OFPP_ANY
1532 && odp_port_is_alive(ctx, bucket->watch_port))
1533 || (bucket->watch_group != OFPG_ANY
1534 && group_is_alive(ctx, bucket->watch_group, depth + 1)));
1537 static struct ofputil_bucket *
1538 group_first_live_bucket(const struct xlate_ctx *ctx,
1539 const struct group_dpif *group, int depth)
1541 struct ofputil_bucket *bucket;
1542 const struct ovs_list *buckets;
1544 group_dpif_get_buckets(group, &buckets);
1545 LIST_FOR_EACH (bucket, list_node, buckets) {
1546 if (bucket_is_alive(ctx, bucket, depth)) {
1554 static struct ofputil_bucket *
1555 group_best_live_bucket(const struct xlate_ctx *ctx,
1556 const struct group_dpif *group,
1559 struct ofputil_bucket *best_bucket = NULL;
1560 uint32_t best_score = 0;
1562 struct ofputil_bucket *bucket;
1563 const struct ovs_list *buckets;
1565 group_dpif_get_buckets(group, &buckets);
1566 LIST_FOR_EACH (bucket, list_node, buckets) {
1567 if (bucket_is_alive(ctx, bucket, 0)) {
1569 (hash_int(bucket->bucket_id, basis) & 0xffff) * bucket->weight;
1570 if (score >= best_score) {
1571 best_bucket = bucket;
1581 xbundle_trunks_vlan(const struct xbundle *bundle, uint16_t vlan)
1583 return (bundle->vlan_mode != PORT_VLAN_ACCESS
1584 && (!bundle->trunks || bitmap_is_set(bundle->trunks, vlan)));
1588 xbundle_includes_vlan(const struct xbundle *xbundle, uint16_t vlan)
1590 return vlan == xbundle->vlan || xbundle_trunks_vlan(xbundle, vlan);
1593 static mirror_mask_t
1594 xbundle_mirror_out(const struct xbridge *xbridge, struct xbundle *xbundle)
1596 return xbundle != &ofpp_none_bundle
1597 ? mirror_bundle_out(xbridge->mbridge, xbundle->ofbundle)
1601 static mirror_mask_t
1602 xbundle_mirror_src(const struct xbridge *xbridge, struct xbundle *xbundle)
1604 return xbundle != &ofpp_none_bundle
1605 ? mirror_bundle_src(xbridge->mbridge, xbundle->ofbundle)
1609 static mirror_mask_t
1610 xbundle_mirror_dst(const struct xbridge *xbridge, struct xbundle *xbundle)
1612 return xbundle != &ofpp_none_bundle
1613 ? mirror_bundle_dst(xbridge->mbridge, xbundle->ofbundle)
1617 static struct xbundle *
1618 lookup_input_bundle(const struct xbridge *xbridge, ofp_port_t in_port,
1619 bool warn, struct xport **in_xportp)
1621 struct xport *xport;
1623 /* Find the port and bundle for the received packet. */
1624 xport = get_ofp_port(xbridge, in_port);
1628 if (xport && xport->xbundle) {
1629 return xport->xbundle;
1632 /* Special-case OFPP_NONE (OF1.0) and OFPP_CONTROLLER (OF1.1+),
1633 * which a controller may use as the ingress port for traffic that
1634 * it is sourcing. */
1635 if (in_port == OFPP_CONTROLLER || in_port == OFPP_NONE) {
1636 return &ofpp_none_bundle;
1639 /* Odd. A few possible reasons here:
1641 * - We deleted a port but there are still a few packets queued up
1644 * - Someone externally added a port (e.g. "ovs-dpctl add-if") that
1645 * we don't know about.
1647 * - The ofproto client didn't configure the port as part of a bundle.
1648 * This is particularly likely to happen if a packet was received on the
1649 * port after it was created, but before the client had a chance to
1650 * configure its bundle.
1653 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1655 VLOG_WARN_RL(&rl, "bridge %s: received packet on unknown "
1656 "port %"PRIu16, xbridge->name, in_port);
1661 /* Mirrors the packet represented by 'ctx' to appropriate mirror destinations,
1662 * given the packet is ingressing or egressing on 'xbundle', which has ingress
1663 * or egress (as appropriate) mirrors 'mirrors'. */
1665 mirror_packet(struct xlate_ctx *ctx, struct xbundle *xbundle,
1666 mirror_mask_t mirrors)
1668 /* Figure out what VLAN the packet is in (because mirrors can select
1669 * packets on basis of VLAN). */
1670 bool warn = ctx->xin->packet != NULL;
1671 uint16_t vid = vlan_tci_to_vid(ctx->xin->flow.vlan_tci);
1672 if (!input_vid_is_valid(vid, xbundle, warn)) {
1675 uint16_t vlan = input_vid_to_vlan(xbundle, vid);
1677 const struct xbridge *xbridge = ctx->xbridge;
1679 /* Don't mirror to destinations that we've already mirrored to. */
1680 mirrors &= ~ctx->mirrors;
1685 if (ctx->xin->resubmit_stats) {
1686 mirror_update_stats(xbridge->mbridge, mirrors,
1687 ctx->xin->resubmit_stats->n_packets,
1688 ctx->xin->resubmit_stats->n_bytes);
1690 if (ctx->xin->xcache) {
1691 struct xc_entry *entry;
1693 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_MIRROR);
1694 entry->u.mirror.mbridge = mbridge_ref(xbridge->mbridge);
1695 entry->u.mirror.mirrors = mirrors;
1698 /* 'mirrors' is a bit-mask of candidates for mirroring. Iterate as long as
1699 * some candidates remain. */
1701 const unsigned long *vlans;
1702 mirror_mask_t dup_mirrors;
1703 struct ofbundle *out;
1707 /* Get the details of the mirror represented by the rightmost 1-bit. */
1708 bool has_mirror = mirror_get(xbridge->mbridge, raw_ctz(mirrors),
1709 &vlans, &dup_mirrors,
1710 &out, &snaplen, &out_vlan);
1711 ovs_assert(has_mirror);
1714 /* If this mirror selects on the basis of VLAN, and it does not select
1715 * 'vlan', then discard this mirror and go on to the next one. */
1717 ctx->wc->masks.vlan_tci |= htons(VLAN_CFI | VLAN_VID_MASK);
1719 if (vlans && !bitmap_is_set(vlans, vlan)) {
1720 mirrors = zero_rightmost_1bit(mirrors);
1724 /* Record the mirror, and the mirrors that output to the same
1725 * destination, so that we don't mirror to them again. This must be
1726 * done now to ensure that output_normal(), below, doesn't recursively
1727 * output to the same mirrors. */
1728 ctx->mirrors |= dup_mirrors;
1729 ctx->mirror_snaplen = snaplen;
1731 /* Send the packet to the mirror. */
1733 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
1734 struct xbundle *out_xbundle = xbundle_lookup(xcfg, out);
1736 output_normal(ctx, out_xbundle, vlan);
1738 } else if (vlan != out_vlan
1739 && !eth_addr_is_reserved(ctx->xin->flow.dl_dst)) {
1740 struct xbundle *xbundle;
1742 LIST_FOR_EACH (xbundle, list_node, &xbridge->xbundles) {
1743 if (xbundle_includes_vlan(xbundle, out_vlan)
1744 && !xbundle_mirror_out(xbridge, xbundle)) {
1745 output_normal(ctx, xbundle, out_vlan);
1750 /* output_normal() could have recursively output (to different
1751 * mirrors), so make sure that we don't send duplicates. */
1752 mirrors &= ~ctx->mirrors;
1753 ctx->mirror_snaplen = 0;
1758 mirror_ingress_packet(struct xlate_ctx *ctx)
1760 if (mbridge_has_mirrors(ctx->xbridge->mbridge)) {
1761 bool warn = ctx->xin->packet != NULL;
1762 struct xbundle *xbundle = lookup_input_bundle(
1763 ctx->xbridge, ctx->xin->flow.in_port.ofp_port, warn, NULL);
1765 mirror_packet(ctx, xbundle,
1766 xbundle_mirror_src(ctx->xbridge, xbundle));
1771 /* Given 'vid', the VID obtained from the 802.1Q header that was received as
1772 * part of a packet (specify 0 if there was no 802.1Q header), and 'in_xbundle',
1773 * the bundle on which the packet was received, returns the VLAN to which the
1776 * Both 'vid' and the return value are in the range 0...4095. */
1778 input_vid_to_vlan(const struct xbundle *in_xbundle, uint16_t vid)
1780 switch (in_xbundle->vlan_mode) {
1781 case PORT_VLAN_ACCESS:
1782 return in_xbundle->vlan;
1785 case PORT_VLAN_TRUNK:
1788 case PORT_VLAN_NATIVE_UNTAGGED:
1789 case PORT_VLAN_NATIVE_TAGGED:
1790 return vid ? vid : in_xbundle->vlan;
1797 /* Checks whether a packet with the given 'vid' may ingress on 'in_xbundle'.
1798 * If so, returns true. Otherwise, returns false and, if 'warn' is true, logs
1801 * 'vid' should be the VID obtained from the 802.1Q header that was received as
1802 * part of a packet (specify 0 if there was no 802.1Q header), in the range
1805 input_vid_is_valid(uint16_t vid, struct xbundle *in_xbundle, bool warn)
1807 /* Allow any VID on the OFPP_NONE port. */
1808 if (in_xbundle == &ofpp_none_bundle) {
1812 switch (in_xbundle->vlan_mode) {
1813 case PORT_VLAN_ACCESS:
1816 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1817 VLOG_WARN_RL(&rl, "dropping VLAN %"PRIu16" tagged "
1818 "packet received on port %s configured as VLAN "
1819 "%"PRIu16" access port", vid, in_xbundle->name,
1826 case PORT_VLAN_NATIVE_UNTAGGED:
1827 case PORT_VLAN_NATIVE_TAGGED:
1829 /* Port must always carry its native VLAN. */
1833 case PORT_VLAN_TRUNK:
1834 if (!xbundle_includes_vlan(in_xbundle, vid)) {
1836 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1837 VLOG_WARN_RL(&rl, "dropping VLAN %"PRIu16" packet "
1838 "received on port %s not configured for trunking "
1839 "VLAN %"PRIu16, vid, in_xbundle->name, vid);
1851 /* Given 'vlan', the VLAN that a packet belongs to, and
1852 * 'out_xbundle', a bundle on which the packet is to be output, returns the VID
1853 * that should be included in the 802.1Q header. (If the return value is 0,
1854 * then the 802.1Q header should only be included in the packet if there is a
1857 * Both 'vlan' and the return value are in the range 0...4095. */
1859 output_vlan_to_vid(const struct xbundle *out_xbundle, uint16_t vlan)
1861 switch (out_xbundle->vlan_mode) {
1862 case PORT_VLAN_ACCESS:
1865 case PORT_VLAN_TRUNK:
1866 case PORT_VLAN_NATIVE_TAGGED:
1869 case PORT_VLAN_NATIVE_UNTAGGED:
1870 return vlan == out_xbundle->vlan ? 0 : vlan;
1878 output_normal(struct xlate_ctx *ctx, const struct xbundle *out_xbundle,
1881 ovs_be16 *flow_tci = &ctx->xin->flow.vlan_tci;
1883 ovs_be16 tci, old_tci;
1884 struct xport *xport;
1885 struct xlate_bond_recirc xr;
1886 bool use_recirc = false;
1888 vid = output_vlan_to_vid(out_xbundle, vlan);
1889 if (ovs_list_is_empty(&out_xbundle->xports)) {
1890 /* Partially configured bundle with no slaves. Drop the packet. */
1892 } else if (!out_xbundle->bond) {
1893 xport = CONTAINER_OF(ovs_list_front(&out_xbundle->xports), struct xport,
1896 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
1897 struct flow_wildcards *wc = ctx->wc;
1898 struct ofport_dpif *ofport;
1900 if (ctx->xbridge->support.odp.recirc) {
1901 use_recirc = bond_may_recirc(
1902 out_xbundle->bond, &xr.recirc_id, &xr.hash_basis);
1905 /* Only TCP mode uses recirculation. */
1906 xr.hash_alg = OVS_HASH_ALG_L4;
1907 bond_update_post_recirc_rules(out_xbundle->bond, false);
1909 /* Recirculation does not require unmasking hash fields. */
1914 ofport = bond_choose_output_slave(out_xbundle->bond,
1915 &ctx->xin->flow, wc, vid);
1916 xport = xport_lookup(xcfg, ofport);
1919 /* No slaves enabled, so drop packet. */
1923 /* If use_recirc is set, the main thread will handle stats
1924 * accounting for this bond. */
1926 if (ctx->xin->resubmit_stats) {
1927 bond_account(out_xbundle->bond, &ctx->xin->flow, vid,
1928 ctx->xin->resubmit_stats->n_bytes);
1930 if (ctx->xin->xcache) {
1931 struct xc_entry *entry;
1934 flow = &ctx->xin->flow;
1935 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_BOND);
1936 entry->u.bond.bond = bond_ref(out_xbundle->bond);
1937 entry->u.bond.flow = xmemdup(flow, sizeof *flow);
1938 entry->u.bond.vid = vid;
1943 old_tci = *flow_tci;
1945 if (tci || out_xbundle->use_priority_tags) {
1946 tci |= *flow_tci & htons(VLAN_PCP_MASK);
1948 tci |= htons(VLAN_CFI);
1953 compose_output_action(ctx, xport->ofp_port, use_recirc ? &xr : NULL);
1954 *flow_tci = old_tci;
1957 /* A VM broadcasts a gratuitous ARP to indicate that it has resumed after
1958 * migration. Older Citrix-patched Linux DomU used gratuitous ARP replies to
1959 * indicate this; newer upstream kernels use gratuitous ARP requests. */
1961 is_gratuitous_arp(const struct flow *flow, struct flow_wildcards *wc)
1963 if (flow->dl_type != htons(ETH_TYPE_ARP)) {
1967 memset(&wc->masks.dl_dst, 0xff, sizeof wc->masks.dl_dst);
1968 if (!eth_addr_is_broadcast(flow->dl_dst)) {
1972 memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
1973 if (flow->nw_proto == ARP_OP_REPLY) {
1975 } else if (flow->nw_proto == ARP_OP_REQUEST) {
1976 memset(&wc->masks.nw_src, 0xff, sizeof wc->masks.nw_src);
1977 memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst);
1979 return flow->nw_src == flow->nw_dst;
1985 /* Determines whether packets in 'flow' within 'xbridge' should be forwarded or
1986 * dropped. Returns true if they may be forwarded, false if they should be
1989 * 'in_port' must be the xport that corresponds to flow->in_port.
1990 * 'in_port' must be part of a bundle (e.g. in_port->bundle must be nonnull).
1992 * 'vlan' must be the VLAN that corresponds to flow->vlan_tci on 'in_port', as
1993 * returned by input_vid_to_vlan(). It must be a valid VLAN for 'in_port', as
1994 * checked by input_vid_is_valid().
1996 * May also add tags to '*tags', although the current implementation only does
1997 * so in one special case.
2000 is_admissible(struct xlate_ctx *ctx, struct xport *in_port,
2003 struct xbundle *in_xbundle = in_port->xbundle;
2004 const struct xbridge *xbridge = ctx->xbridge;
2005 struct flow *flow = &ctx->xin->flow;
2007 /* Drop frames for reserved multicast addresses
2008 * only if forward_bpdu option is absent. */
2009 if (!xbridge->forward_bpdu && eth_addr_is_reserved(flow->dl_dst)) {
2010 xlate_report(ctx, "packet has reserved destination MAC, dropping");
2014 if (in_xbundle->bond) {
2015 struct mac_entry *mac;
2017 switch (bond_check_admissibility(in_xbundle->bond, in_port->ofport,
2023 xlate_report(ctx, "bonding refused admissibility, dropping");
2026 case BV_DROP_IF_MOVED:
2027 ovs_rwlock_rdlock(&xbridge->ml->rwlock);
2028 mac = mac_learning_lookup(xbridge->ml, flow->dl_src, vlan);
2030 && mac_entry_get_port(xbridge->ml, mac) != in_xbundle->ofbundle
2031 && (!is_gratuitous_arp(flow, ctx->wc)
2032 || mac_entry_is_grat_arp_locked(mac))) {
2033 ovs_rwlock_unlock(&xbridge->ml->rwlock);
2034 xlate_report(ctx, "SLB bond thinks this packet looped back, "
2038 ovs_rwlock_unlock(&xbridge->ml->rwlock);
2046 /* Checks whether a MAC learning update is necessary for MAC learning table
2047 * 'ml' given that a packet matching 'flow' was received on 'in_xbundle' in
2050 * Most packets processed through the MAC learning table do not actually
2051 * change it in any way. This function requires only a read lock on the MAC
2052 * learning table, so it is much cheaper in this common case.
2054 * Keep the code here synchronized with that in update_learning_table__()
2057 is_mac_learning_update_needed(const struct mac_learning *ml,
2058 const struct flow *flow,
2059 struct flow_wildcards *wc,
2060 int vlan, struct xbundle *in_xbundle)
2061 OVS_REQ_RDLOCK(ml->rwlock)
2063 struct mac_entry *mac;
2065 if (!mac_learning_may_learn(ml, flow->dl_src, vlan)) {
2069 mac = mac_learning_lookup(ml, flow->dl_src, vlan);
2070 if (!mac || mac_entry_age(ml, mac)) {
2074 if (is_gratuitous_arp(flow, wc)) {
2075 /* We don't want to learn from gratuitous ARP packets that are
2076 * reflected back over bond slaves so we lock the learning table. */
2077 if (!in_xbundle->bond) {
2079 } else if (mac_entry_is_grat_arp_locked(mac)) {
2084 return mac_entry_get_port(ml, mac) != in_xbundle->ofbundle;
2088 /* Updates MAC learning table 'ml' given that a packet matching 'flow' was
2089 * received on 'in_xbundle' in 'vlan'.
2091 * This code repeats all the checks in is_mac_learning_update_needed() because
2092 * the lock was released between there and here and thus the MAC learning state
2093 * could have changed.
2095 * Keep the code here synchronized with that in is_mac_learning_update_needed()
2098 update_learning_table__(const struct xbridge *xbridge,
2099 const struct flow *flow, struct flow_wildcards *wc,
2100 int vlan, struct xbundle *in_xbundle)
2101 OVS_REQ_WRLOCK(xbridge->ml->rwlock)
2103 struct mac_entry *mac;
2105 if (!mac_learning_may_learn(xbridge->ml, flow->dl_src, vlan)) {
2109 mac = mac_learning_insert(xbridge->ml, flow->dl_src, vlan);
2110 if (is_gratuitous_arp(flow, wc)) {
2111 /* We don't want to learn from gratuitous ARP packets that are
2112 * reflected back over bond slaves so we lock the learning table. */
2113 if (!in_xbundle->bond) {
2114 mac_entry_set_grat_arp_lock(mac);
2115 } else if (mac_entry_is_grat_arp_locked(mac)) {
2120 if (mac_entry_get_port(xbridge->ml, mac) != in_xbundle->ofbundle) {
2121 /* The log messages here could actually be useful in debugging,
2122 * so keep the rate limit relatively high. */
2123 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, 300);
2125 VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is "
2126 "on port %s in VLAN %d",
2127 xbridge->name, ETH_ADDR_ARGS(flow->dl_src),
2128 in_xbundle->name, vlan);
2130 mac_entry_set_port(xbridge->ml, mac, in_xbundle->ofbundle);
2135 update_learning_table(const struct xbridge *xbridge,
2136 const struct flow *flow, struct flow_wildcards *wc,
2137 int vlan, struct xbundle *in_xbundle)
2141 /* Don't learn the OFPP_NONE port. */
2142 if (in_xbundle == &ofpp_none_bundle) {
2146 /* First try the common case: no change to MAC learning table. */
2147 ovs_rwlock_rdlock(&xbridge->ml->rwlock);
2148 need_update = is_mac_learning_update_needed(xbridge->ml, flow, wc, vlan,
2150 ovs_rwlock_unlock(&xbridge->ml->rwlock);
2153 /* Slow path: MAC learning table might need an update. */
2154 ovs_rwlock_wrlock(&xbridge->ml->rwlock);
2155 update_learning_table__(xbridge, flow, wc, vlan, in_xbundle);
2156 ovs_rwlock_unlock(&xbridge->ml->rwlock);
2160 /* Updates multicast snooping table 'ms' given that a packet matching 'flow'
2161 * was received on 'in_xbundle' in 'vlan' and is either Report or Query. */
2163 update_mcast_snooping_table4__(const struct xbridge *xbridge,
2164 const struct flow *flow,
2165 struct mcast_snooping *ms, int vlan,
2166 struct xbundle *in_xbundle,
2167 const struct dp_packet *packet)
2168 OVS_REQ_WRLOCK(ms->rwlock)
2170 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(60, 30);
2172 ovs_be32 ip4 = flow->igmp_group_ip4;
2174 switch (ntohs(flow->tp_src)) {
2175 case IGMP_HOST_MEMBERSHIP_REPORT:
2176 case IGMPV2_HOST_MEMBERSHIP_REPORT:
2177 if (mcast_snooping_add_group4(ms, ip4, vlan, in_xbundle->ofbundle)) {
2178 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping learned that "
2179 IP_FMT" is on port %s in VLAN %d",
2180 xbridge->name, IP_ARGS(ip4), in_xbundle->name, vlan);
2183 case IGMP_HOST_LEAVE_MESSAGE:
2184 if (mcast_snooping_leave_group4(ms, ip4, vlan, in_xbundle->ofbundle)) {
2185 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping leaving "
2186 IP_FMT" is on port %s in VLAN %d",
2187 xbridge->name, IP_ARGS(ip4), in_xbundle->name, vlan);
2190 case IGMP_HOST_MEMBERSHIP_QUERY:
2191 if (flow->nw_src && mcast_snooping_add_mrouter(ms, vlan,
2192 in_xbundle->ofbundle)) {
2193 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping query from "
2194 IP_FMT" is on port %s in VLAN %d",
2195 xbridge->name, IP_ARGS(flow->nw_src),
2196 in_xbundle->name, vlan);
2199 case IGMPV3_HOST_MEMBERSHIP_REPORT:
2200 if ((count = mcast_snooping_add_report(ms, packet, vlan,
2201 in_xbundle->ofbundle))) {
2202 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping processed %d "
2203 "addresses on port %s in VLAN %d",
2204 xbridge->name, count, in_xbundle->name, vlan);
2211 update_mcast_snooping_table6__(const struct xbridge *xbridge,
2212 const struct flow *flow,
2213 struct mcast_snooping *ms, int vlan,
2214 struct xbundle *in_xbundle,
2215 const struct dp_packet *packet)
2216 OVS_REQ_WRLOCK(ms->rwlock)
2218 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(60, 30);
2221 switch (ntohs(flow->tp_src)) {
2223 if (!ipv6_addr_equals(&flow->ipv6_src, &in6addr_any)
2224 && mcast_snooping_add_mrouter(ms, vlan, in_xbundle->ofbundle)) {
2225 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping query on port %s"
2227 xbridge->name, in_xbundle->name, vlan);
2233 count = mcast_snooping_add_mld(ms, packet, vlan, in_xbundle->ofbundle);
2235 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping processed %d "
2236 "addresses on port %s in VLAN %d",
2237 xbridge->name, count, in_xbundle->name, vlan);
2243 /* Updates multicast snooping table 'ms' given that a packet matching 'flow'
2244 * was received on 'in_xbundle' in 'vlan'. */
2246 update_mcast_snooping_table(const struct xbridge *xbridge,
2247 const struct flow *flow, int vlan,
2248 struct xbundle *in_xbundle,
2249 const struct dp_packet *packet)
2251 struct mcast_snooping *ms = xbridge->ms;
2252 struct xlate_cfg *xcfg;
2253 struct xbundle *mcast_xbundle;
2254 struct mcast_port_bundle *fport;
2256 /* Don't learn the OFPP_NONE port. */
2257 if (in_xbundle == &ofpp_none_bundle) {
2261 /* Don't learn from flood ports */
2262 mcast_xbundle = NULL;
2263 ovs_rwlock_wrlock(&ms->rwlock);
2264 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2265 LIST_FOR_EACH(fport, node, &ms->fport_list) {
2266 mcast_xbundle = xbundle_lookup(xcfg, fport->port);
2267 if (mcast_xbundle == in_xbundle) {
2272 if (!mcast_xbundle || mcast_xbundle != in_xbundle) {
2273 if (flow->dl_type == htons(ETH_TYPE_IP)) {
2274 update_mcast_snooping_table4__(xbridge, flow, ms, vlan,
2275 in_xbundle, packet);
2277 update_mcast_snooping_table6__(xbridge, flow, ms, vlan,
2278 in_xbundle, packet);
2281 ovs_rwlock_unlock(&ms->rwlock);
2284 /* send the packet to ports having the multicast group learned */
2286 xlate_normal_mcast_send_group(struct xlate_ctx *ctx,
2287 struct mcast_snooping *ms OVS_UNUSED,
2288 struct mcast_group *grp,
2289 struct xbundle *in_xbundle, uint16_t vlan)
2290 OVS_REQ_RDLOCK(ms->rwlock)
2292 struct xlate_cfg *xcfg;
2293 struct mcast_group_bundle *b;
2294 struct xbundle *mcast_xbundle;
2296 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2297 LIST_FOR_EACH(b, bundle_node, &grp->bundle_lru) {
2298 mcast_xbundle = xbundle_lookup(xcfg, b->port);
2299 if (mcast_xbundle && mcast_xbundle != in_xbundle) {
2300 xlate_report(ctx, "forwarding to mcast group port");
2301 output_normal(ctx, mcast_xbundle, vlan);
2302 } else if (!mcast_xbundle) {
2303 xlate_report(ctx, "mcast group port is unknown, dropping");
2305 xlate_report(ctx, "mcast group port is input port, dropping");
2310 /* send the packet to ports connected to multicast routers */
2312 xlate_normal_mcast_send_mrouters(struct xlate_ctx *ctx,
2313 struct mcast_snooping *ms,
2314 struct xbundle *in_xbundle, uint16_t vlan)
2315 OVS_REQ_RDLOCK(ms->rwlock)
2317 struct xlate_cfg *xcfg;
2318 struct mcast_mrouter_bundle *mrouter;
2319 struct xbundle *mcast_xbundle;
2321 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2322 LIST_FOR_EACH(mrouter, mrouter_node, &ms->mrouter_lru) {
2323 mcast_xbundle = xbundle_lookup(xcfg, mrouter->port);
2324 if (mcast_xbundle && mcast_xbundle != in_xbundle) {
2325 xlate_report(ctx, "forwarding to mcast router port");
2326 output_normal(ctx, mcast_xbundle, vlan);
2327 } else if (!mcast_xbundle) {
2328 xlate_report(ctx, "mcast router port is unknown, dropping");
2330 xlate_report(ctx, "mcast router port is input port, dropping");
2335 /* send the packet to ports flagged to be flooded */
2337 xlate_normal_mcast_send_fports(struct xlate_ctx *ctx,
2338 struct mcast_snooping *ms,
2339 struct xbundle *in_xbundle, uint16_t vlan)
2340 OVS_REQ_RDLOCK(ms->rwlock)
2342 struct xlate_cfg *xcfg;
2343 struct mcast_port_bundle *fport;
2344 struct xbundle *mcast_xbundle;
2346 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2347 LIST_FOR_EACH(fport, node, &ms->fport_list) {
2348 mcast_xbundle = xbundle_lookup(xcfg, fport->port);
2349 if (mcast_xbundle && mcast_xbundle != in_xbundle) {
2350 xlate_report(ctx, "forwarding to mcast flood port");
2351 output_normal(ctx, mcast_xbundle, vlan);
2352 } else if (!mcast_xbundle) {
2353 xlate_report(ctx, "mcast flood port is unknown, dropping");
2355 xlate_report(ctx, "mcast flood port is input port, dropping");
2360 /* forward the Reports to configured ports */
2362 xlate_normal_mcast_send_rports(struct xlate_ctx *ctx,
2363 struct mcast_snooping *ms,
2364 struct xbundle *in_xbundle, uint16_t vlan)
2365 OVS_REQ_RDLOCK(ms->rwlock)
2367 struct xlate_cfg *xcfg;
2368 struct mcast_port_bundle *rport;
2369 struct xbundle *mcast_xbundle;
2371 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2372 LIST_FOR_EACH(rport, node, &ms->rport_list) {
2373 mcast_xbundle = xbundle_lookup(xcfg, rport->port);
2374 if (mcast_xbundle && mcast_xbundle != in_xbundle) {
2375 xlate_report(ctx, "forwarding Report to mcast flagged port");
2376 output_normal(ctx, mcast_xbundle, vlan);
2377 } else if (!mcast_xbundle) {
2378 xlate_report(ctx, "mcast port is unknown, dropping the Report");
2380 xlate_report(ctx, "mcast port is input port, dropping the Report");
2386 xlate_normal_flood(struct xlate_ctx *ctx, struct xbundle *in_xbundle,
2389 struct xbundle *xbundle;
2391 LIST_FOR_EACH (xbundle, list_node, &ctx->xbridge->xbundles) {
2392 if (xbundle != in_xbundle
2393 && xbundle_includes_vlan(xbundle, vlan)
2394 && xbundle->floodable
2395 && !xbundle_mirror_out(ctx->xbridge, xbundle)) {
2396 output_normal(ctx, xbundle, vlan);
2399 ctx->nf_output_iface = NF_OUT_FLOOD;
2403 is_ip_local_multicast(const struct flow *flow, struct flow_wildcards *wc)
2405 if (flow->dl_type == htons(ETH_TYPE_IP)) {
2406 memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst);
2407 return ip_is_local_multicast(flow->nw_dst);
2408 } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
2409 memset(&wc->masks.ipv6_dst, 0xff, sizeof wc->masks.ipv6_dst);
2410 return ipv6_is_all_hosts(&flow->ipv6_dst);
2417 xlate_normal(struct xlate_ctx *ctx)
2419 struct flow_wildcards *wc = ctx->wc;
2420 struct flow *flow = &ctx->xin->flow;
2421 struct xbundle *in_xbundle;
2422 struct xport *in_port;
2423 struct mac_entry *mac;
2428 memset(&wc->masks.dl_src, 0xff, sizeof wc->masks.dl_src);
2429 memset(&wc->masks.dl_dst, 0xff, sizeof wc->masks.dl_dst);
2430 wc->masks.vlan_tci |= htons(VLAN_VID_MASK | VLAN_CFI);
2432 in_xbundle = lookup_input_bundle(ctx->xbridge, flow->in_port.ofp_port,
2433 ctx->xin->packet != NULL, &in_port);
2435 xlate_report(ctx, "no input bundle, dropping");
2439 /* Drop malformed frames. */
2440 if (flow->dl_type == htons(ETH_TYPE_VLAN) &&
2441 !(flow->vlan_tci & htons(VLAN_CFI))) {
2442 if (ctx->xin->packet != NULL) {
2443 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2444 VLOG_WARN_RL(&rl, "bridge %s: dropping packet with partial "
2445 "VLAN tag received on port %s",
2446 ctx->xbridge->name, in_xbundle->name);
2448 xlate_report(ctx, "partial VLAN tag, dropping");
2452 /* Drop frames on bundles reserved for mirroring. */
2453 if (xbundle_mirror_out(ctx->xbridge, in_xbundle)) {
2454 if (ctx->xin->packet != NULL) {
2455 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2456 VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port "
2457 "%s, which is reserved exclusively for mirroring",
2458 ctx->xbridge->name, in_xbundle->name);
2460 xlate_report(ctx, "input port is mirror output port, dropping");
2465 vid = vlan_tci_to_vid(flow->vlan_tci);
2466 if (!input_vid_is_valid(vid, in_xbundle, ctx->xin->packet != NULL)) {
2467 xlate_report(ctx, "disallowed VLAN VID for this input port, dropping");
2470 vlan = input_vid_to_vlan(in_xbundle, vid);
2472 /* Check other admissibility requirements. */
2473 if (in_port && !is_admissible(ctx, in_port, vlan)) {
2477 /* Learn source MAC. */
2478 if (ctx->xin->may_learn) {
2479 update_learning_table(ctx->xbridge, flow, wc, vlan, in_xbundle);
2481 if (ctx->xin->xcache) {
2482 struct xc_entry *entry;
2484 /* Save enough info to update mac learning table later. */
2485 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_NORMAL);
2486 entry->u.normal.ofproto = ctx->xbridge->ofproto;
2487 entry->u.normal.flow = xmemdup(flow, sizeof *flow);
2488 entry->u.normal.vlan = vlan;
2491 /* Determine output bundle. */
2492 if (mcast_snooping_enabled(ctx->xbridge->ms)
2493 && !eth_addr_is_broadcast(flow->dl_dst)
2494 && eth_addr_is_multicast(flow->dl_dst)
2495 && is_ip_any(flow)) {
2496 struct mcast_snooping *ms = ctx->xbridge->ms;
2497 struct mcast_group *grp = NULL;
2499 if (is_igmp(flow, wc)) {
2500 memset(&wc->masks.tp_src, 0xff, sizeof wc->masks.tp_src);
2501 if (mcast_snooping_is_membership(flow->tp_src) ||
2502 mcast_snooping_is_query(flow->tp_src)) {
2503 if (ctx->xin->may_learn && ctx->xin->packet) {
2504 update_mcast_snooping_table(ctx->xbridge, flow, vlan,
2505 in_xbundle, ctx->xin->packet);
2508 * IGMP packets need to take the slow path, in order to be
2509 * processed for mdb updates. That will prevent expires
2510 * firing off even after hosts have sent reports.
2512 ctx->xout->slow |= SLOW_ACTION;
2515 if (mcast_snooping_is_membership(flow->tp_src)) {
2516 ovs_rwlock_rdlock(&ms->rwlock);
2517 xlate_normal_mcast_send_mrouters(ctx, ms, in_xbundle, vlan);
2518 /* RFC4541: section 2.1.1, item 1: A snooping switch should
2519 * forward IGMP Membership Reports only to those ports where
2520 * multicast routers are attached. Alternatively stated: a
2521 * snooping switch should not forward IGMP Membership Reports
2522 * to ports on which only hosts are attached.
2523 * An administrative control may be provided to override this
2524 * restriction, allowing the report messages to be flooded to
2526 xlate_normal_mcast_send_rports(ctx, ms, in_xbundle, vlan);
2527 ovs_rwlock_unlock(&ms->rwlock);
2529 xlate_report(ctx, "multicast traffic, flooding");
2530 xlate_normal_flood(ctx, in_xbundle, vlan);
2533 } else if (is_mld(flow, wc)) {
2534 ctx->xout->slow |= SLOW_ACTION;
2535 if (ctx->xin->may_learn && ctx->xin->packet) {
2536 update_mcast_snooping_table(ctx->xbridge, flow, vlan,
2537 in_xbundle, ctx->xin->packet);
2539 if (is_mld_report(flow, wc)) {
2540 ovs_rwlock_rdlock(&ms->rwlock);
2541 xlate_normal_mcast_send_mrouters(ctx, ms, in_xbundle, vlan);
2542 xlate_normal_mcast_send_rports(ctx, ms, in_xbundle, vlan);
2543 ovs_rwlock_unlock(&ms->rwlock);
2545 xlate_report(ctx, "MLD query, flooding");
2546 xlate_normal_flood(ctx, in_xbundle, vlan);
2549 if (is_ip_local_multicast(flow, wc)) {
2550 /* RFC4541: section 2.1.2, item 2: Packets with a dst IP
2551 * address in the 224.0.0.x range which are not IGMP must
2552 * be forwarded on all ports */
2553 xlate_report(ctx, "RFC4541: section 2.1.2, item 2, flooding");
2554 xlate_normal_flood(ctx, in_xbundle, vlan);
2559 /* forwarding to group base ports */
2560 ovs_rwlock_rdlock(&ms->rwlock);
2561 if (flow->dl_type == htons(ETH_TYPE_IP)) {
2562 grp = mcast_snooping_lookup4(ms, flow->nw_dst, vlan);
2563 } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
2564 grp = mcast_snooping_lookup(ms, &flow->ipv6_dst, vlan);
2567 xlate_normal_mcast_send_group(ctx, ms, grp, in_xbundle, vlan);
2568 xlate_normal_mcast_send_fports(ctx, ms, in_xbundle, vlan);
2569 xlate_normal_mcast_send_mrouters(ctx, ms, in_xbundle, vlan);
2571 if (mcast_snooping_flood_unreg(ms)) {
2572 xlate_report(ctx, "unregistered multicast, flooding");
2573 xlate_normal_flood(ctx, in_xbundle, vlan);
2575 xlate_normal_mcast_send_mrouters(ctx, ms, in_xbundle, vlan);
2576 xlate_normal_mcast_send_fports(ctx, ms, in_xbundle, vlan);
2579 ovs_rwlock_unlock(&ms->rwlock);
2581 ovs_rwlock_rdlock(&ctx->xbridge->ml->rwlock);
2582 mac = mac_learning_lookup(ctx->xbridge->ml, flow->dl_dst, vlan);
2583 mac_port = mac ? mac_entry_get_port(ctx->xbridge->ml, mac) : NULL;
2584 ovs_rwlock_unlock(&ctx->xbridge->ml->rwlock);
2587 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2588 struct xbundle *mac_xbundle = xbundle_lookup(xcfg, mac_port);
2589 if (mac_xbundle && mac_xbundle != in_xbundle) {
2590 xlate_report(ctx, "forwarding to learned port");
2591 output_normal(ctx, mac_xbundle, vlan);
2592 } else if (!mac_xbundle) {
2593 xlate_report(ctx, "learned port is unknown, dropping");
2595 xlate_report(ctx, "learned port is input port, dropping");
2598 xlate_report(ctx, "no learned MAC for destination, flooding");
2599 xlate_normal_flood(ctx, in_xbundle, vlan);
2604 /* Appends a "sample" action for sFlow or IPFIX to 'ctx->odp_actions'. The
2605 * 'probability' is the number of packets out of UINT32_MAX to sample. The
2606 * 'cookie' (of length 'cookie_size' bytes) is passed back in the callback for
2607 * each sampled packet. 'tunnel_out_port', if not ODPP_NONE, is added as the
2608 * OVS_USERSPACE_ATTR_EGRESS_TUN_PORT attribute. If 'include_actions', an
2609 * OVS_USERSPACE_ATTR_ACTIONS attribute is added. If 'emit_set_tunnel',
2610 * sample(sampling_port=1) would translate into datapath sample action
2611 * set(tunnel(...)), sample(...) and it is used for sampling egress tunnel
2615 compose_sample_action(struct xlate_ctx *ctx,
2616 const uint32_t probability,
2617 const union user_action_cookie *cookie,
2618 const size_t cookie_size,
2619 const odp_port_t tunnel_out_port,
2620 bool include_actions)
2622 size_t sample_offset = nl_msg_start_nested(ctx->odp_actions,
2623 OVS_ACTION_ATTR_SAMPLE);
2625 nl_msg_put_u32(ctx->odp_actions, OVS_SAMPLE_ATTR_PROBABILITY, probability);
2627 size_t actions_offset = nl_msg_start_nested(ctx->odp_actions,
2628 OVS_SAMPLE_ATTR_ACTIONS);
2630 odp_port_t odp_port = ofp_port_to_odp_port(
2631 ctx->xbridge, ctx->xin->flow.in_port.ofp_port);
2632 uint32_t pid = dpif_port_get_pid(ctx->xbridge->dpif, odp_port,
2633 flow_hash_5tuple(&ctx->xin->flow, 0));
2634 int cookie_offset = odp_put_userspace_action(pid, cookie, cookie_size,
2639 nl_msg_end_nested(ctx->odp_actions, actions_offset);
2640 nl_msg_end_nested(ctx->odp_actions, sample_offset);
2642 return cookie_offset;
2645 /* If sFLow is not enabled, returns 0 without doing anything.
2647 * If sFlow is enabled, appends a template "sample" action to the ODP actions
2648 * in 'ctx'. This action is a template because some of the information needed
2649 * to fill it out is not available until flow translation is complete. In this
2650 * case, this functions returns an offset, which is always nonzero, to pass
2651 * later to fix_sflow_action() to fill in the rest of the template. */
2653 compose_sflow_action(struct xlate_ctx *ctx)
2655 struct dpif_sflow *sflow = ctx->xbridge->sflow;
2656 if (!sflow || ctx->xin->flow.in_port.ofp_port == OFPP_NONE) {
2660 union user_action_cookie cookie = { .type = USER_ACTION_COOKIE_SFLOW };
2661 return compose_sample_action(ctx, dpif_sflow_get_probability(sflow),
2662 &cookie, sizeof cookie.sflow, ODPP_NONE,
2666 /* If flow IPFIX is enabled, make sure IPFIX flow sample action
2667 * at egress point of tunnel port is just in front of corresponding
2668 * output action. If bridge IPFIX is enabled, this appends an IPFIX
2669 * sample action to 'ctx->odp_actions'. */
2671 compose_ipfix_action(struct xlate_ctx *ctx, odp_port_t output_odp_port)
2673 struct dpif_ipfix *ipfix = ctx->xbridge->ipfix;
2674 odp_port_t tunnel_out_port = ODPP_NONE;
2676 if (!ipfix || ctx->xin->flow.in_port.ofp_port == OFPP_NONE) {
2680 /* For input case, output_odp_port is ODPP_NONE, which is an invalid port
2682 if (output_odp_port == ODPP_NONE &&
2683 !dpif_ipfix_get_bridge_exporter_input_sampling(ipfix)) {
2687 /* For output case, output_odp_port is valid. */
2688 if (output_odp_port != ODPP_NONE) {
2689 if (!dpif_ipfix_get_bridge_exporter_output_sampling(ipfix)) {
2692 /* If tunnel sampling is enabled, put an additional option attribute:
2693 * OVS_USERSPACE_ATTR_TUNNEL_OUT_PORT
2695 if (dpif_ipfix_get_bridge_exporter_tunnel_sampling(ipfix) &&
2696 dpif_ipfix_get_tunnel_port(ipfix, output_odp_port) ) {
2697 tunnel_out_port = output_odp_port;
2701 union user_action_cookie cookie = {
2703 .type = USER_ACTION_COOKIE_IPFIX,
2704 .output_odp_port = output_odp_port,
2707 compose_sample_action(ctx,
2708 dpif_ipfix_get_bridge_exporter_probability(ipfix),
2709 &cookie, sizeof cookie.ipfix, tunnel_out_port,
2713 /* Fix "sample" action according to data collected while composing ODP actions,
2714 * as described in compose_sflow_action().
2716 * 'user_cookie_offset' must be the offset returned by add_sflow_action(). */
2718 fix_sflow_action(struct xlate_ctx *ctx, unsigned int user_cookie_offset)
2720 const struct flow *base = &ctx->base_flow;
2721 union user_action_cookie *cookie;
2723 cookie = ofpbuf_at(ctx->odp_actions, user_cookie_offset,
2724 sizeof cookie->sflow);
2725 ovs_assert(cookie->type == USER_ACTION_COOKIE_SFLOW);
2727 cookie->type = USER_ACTION_COOKIE_SFLOW;
2728 cookie->sflow.vlan_tci = base->vlan_tci;
2730 /* See http://www.sflow.org/sflow_version_5.txt (search for "Input/output
2731 * port information") for the interpretation of cookie->output. */
2732 switch (ctx->sflow_n_outputs) {
2734 /* 0x40000000 | 256 means "packet dropped for unknown reason". */
2735 cookie->sflow.output = 0x40000000 | 256;
2739 cookie->sflow.output = dpif_sflow_odp_port_to_ifindex(
2740 ctx->xbridge->sflow, ctx->sflow_odp_port);
2741 if (cookie->sflow.output) {
2746 /* 0x80000000 means "multiple output ports. */
2747 cookie->sflow.output = 0x80000000 | ctx->sflow_n_outputs;
2753 process_special(struct xlate_ctx *ctx, const struct xport *xport)
2755 const struct flow *flow = &ctx->xin->flow;
2756 struct flow_wildcards *wc = ctx->wc;
2757 const struct xbridge *xbridge = ctx->xbridge;
2758 const struct dp_packet *packet = ctx->xin->packet;
2759 enum slow_path_reason slow;
2763 } else if (xport->cfm && cfm_should_process_flow(xport->cfm, flow, wc)) {
2765 cfm_process_heartbeat(xport->cfm, packet);
2768 } else if (xport->bfd && bfd_should_process_flow(xport->bfd, flow, wc)) {
2770 bfd_process_packet(xport->bfd, flow, packet);
2771 /* If POLL received, immediately sends FINAL back. */
2772 if (bfd_should_send_packet(xport->bfd)) {
2773 ofproto_dpif_monitor_port_send_soon(xport->ofport);
2777 } else if (xport->xbundle && xport->xbundle->lacp
2778 && flow->dl_type == htons(ETH_TYPE_LACP)) {
2780 lacp_process_packet(xport->xbundle->lacp, xport->ofport, packet);
2783 } else if ((xbridge->stp || xbridge->rstp) &&
2784 stp_should_process_flow(flow, wc)) {
2787 ? stp_process_packet(xport, packet)
2788 : rstp_process_packet(xport, packet);
2791 } else if (xport->lldp && lldp_should_process_flow(xport->lldp, flow)) {
2793 lldp_process_packet(xport->lldp, packet);
2801 ctx->xout->slow |= slow;
2809 tnl_route_lookup_flow(const struct flow *oflow,
2810 struct in6_addr *ip, struct in6_addr *src,
2811 struct xport **out_port)
2813 char out_dev[IFNAMSIZ];
2814 struct xbridge *xbridge;
2815 struct xlate_cfg *xcfg;
2817 struct in6_addr dst;
2819 dst = flow_tnl_dst(&oflow->tunnel);
2820 if (!ovs_router_lookup(&dst, out_dev, src, &gw)) {
2824 if (ipv6_addr_is_set(&gw) &&
2825 (!IN6_IS_ADDR_V4MAPPED(&gw) || in6_addr_get_mapped_ipv4(&gw))) {
2831 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2834 HMAP_FOR_EACH (xbridge, hmap_node, &xcfg->xbridges) {
2835 if (!strncmp(xbridge->name, out_dev, IFNAMSIZ)) {
2838 HMAP_FOR_EACH (port, ofp_node, &xbridge->xports) {
2839 if (!strncmp(netdev_get_name(port->netdev), out_dev, IFNAMSIZ)) {
2850 compose_table_xlate(struct xlate_ctx *ctx, const struct xport *out_dev,
2851 struct dp_packet *packet)
2853 struct xbridge *xbridge = out_dev->xbridge;
2854 struct ofpact_output output;
2857 ofpact_init(&output.ofpact, OFPACT_OUTPUT, sizeof output);
2858 flow_extract(packet, &flow);
2859 flow.in_port.ofp_port = out_dev->ofp_port;
2860 output.port = OFPP_TABLE;
2863 return ofproto_dpif_execute_actions__(xbridge->ofproto, &flow, NULL,
2864 &output.ofpact, sizeof output,
2865 ctx->indentation, ctx->depth,
2866 ctx->resubmits, packet);
2870 tnl_send_nd_request(struct xlate_ctx *ctx, const struct xport *out_dev,
2871 const struct eth_addr eth_src,
2872 struct in6_addr * ipv6_src, struct in6_addr * ipv6_dst)
2874 struct dp_packet packet;
2876 dp_packet_init(&packet, 0);
2877 compose_nd(&packet, eth_src, ipv6_src, ipv6_dst);
2878 compose_table_xlate(ctx, out_dev, &packet);
2879 dp_packet_uninit(&packet);
2883 tnl_send_arp_request(struct xlate_ctx *ctx, const struct xport *out_dev,
2884 const struct eth_addr eth_src,
2885 ovs_be32 ip_src, ovs_be32 ip_dst)
2887 struct dp_packet packet;
2889 dp_packet_init(&packet, 0);
2890 compose_arp(&packet, ARP_OP_REQUEST,
2891 eth_src, eth_addr_zero, true, ip_src, ip_dst);
2893 compose_table_xlate(ctx, out_dev, &packet);
2894 dp_packet_uninit(&packet);
2898 build_tunnel_send(struct xlate_ctx *ctx, const struct xport *xport,
2899 const struct flow *flow, odp_port_t tunnel_odp_port)
2901 struct netdev_tnl_build_header_params tnl_params;
2902 struct ovs_action_push_tnl tnl_push_data;
2903 struct xport *out_dev = NULL;
2904 ovs_be32 s_ip = 0, d_ip = 0;
2905 struct in6_addr s_ip6 = in6addr_any;
2906 struct in6_addr d_ip6 = in6addr_any;
2907 struct eth_addr smac;
2908 struct eth_addr dmac;
2910 char buf_sip6[INET6_ADDRSTRLEN];
2911 char buf_dip6[INET6_ADDRSTRLEN];
2913 err = tnl_route_lookup_flow(flow, &d_ip6, &s_ip6, &out_dev);
2915 xlate_report(ctx, "native tunnel routing failed");
2919 xlate_report(ctx, "tunneling to %s via %s",
2920 ipv6_string_mapped(buf_dip6, &d_ip6),
2921 netdev_get_name(out_dev->netdev));
2923 /* Use mac addr of bridge port of the peer. */
2924 err = netdev_get_etheraddr(out_dev->netdev, &smac);
2926 xlate_report(ctx, "tunnel output device lacks Ethernet address");
2930 d_ip = in6_addr_get_mapped_ipv4(&d_ip6);
2932 s_ip = in6_addr_get_mapped_ipv4(&s_ip6);
2935 err = tnl_neigh_lookup(out_dev->xbridge->name, &d_ip6, &dmac);
2937 xlate_report(ctx, "neighbor cache miss for %s on bridge %s, "
2938 "sending %s request",
2939 buf_dip6, out_dev->xbridge->name, d_ip ? "ARP" : "ND");
2941 tnl_send_arp_request(ctx, out_dev, smac, s_ip, d_ip);
2943 tnl_send_nd_request(ctx, out_dev, smac, &s_ip6, &d_ip6);
2948 if (ctx->xin->xcache) {
2949 struct xc_entry *entry;
2951 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_TNL_NEIGH);
2952 ovs_strlcpy(entry->u.tnl_neigh_cache.br_name, out_dev->xbridge->name,
2953 sizeof entry->u.tnl_neigh_cache.br_name);
2954 entry->u.tnl_neigh_cache.d_ipv6 = d_ip6;
2957 xlate_report(ctx, "tunneling from "ETH_ADDR_FMT" %s"
2958 " to "ETH_ADDR_FMT" %s",
2959 ETH_ADDR_ARGS(smac), ipv6_string_mapped(buf_sip6, &s_ip6),
2960 ETH_ADDR_ARGS(dmac), buf_dip6);
2962 netdev_init_tnl_build_header_params(&tnl_params, flow, &s_ip6, dmac, smac);
2963 err = tnl_port_build_header(xport->ofport, &tnl_push_data, &tnl_params);
2967 tnl_push_data.tnl_port = odp_to_u32(tunnel_odp_port);
2968 tnl_push_data.out_port = odp_to_u32(out_dev->odp_port);
2969 odp_put_tnl_push_action(ctx->odp_actions, &tnl_push_data);
2974 xlate_commit_actions(struct xlate_ctx *ctx)
2976 bool use_masked = ctx->xbridge->support.masked_set_action;
2978 ctx->xout->slow |= commit_odp_actions(&ctx->xin->flow, &ctx->base_flow,
2979 ctx->odp_actions, ctx->wc,
2984 clear_conntrack(struct flow *flow)
2989 memset(&flow->ct_label, 0, sizeof flow->ct_label);
2993 compose_output_action__(struct xlate_ctx *ctx, ofp_port_t ofp_port,
2994 const struct xlate_bond_recirc *xr, bool check_stp)
2996 const struct xport *xport = get_ofp_port(ctx->xbridge, ofp_port);
2997 struct flow_wildcards *wc = ctx->wc;
2998 struct flow *flow = &ctx->xin->flow;
2999 struct flow_tnl flow_tnl;
3000 ovs_be16 flow_vlan_tci;
3001 uint32_t flow_pkt_mark;
3002 uint8_t flow_nw_tos;
3003 odp_port_t out_port, odp_port;
3004 bool tnl_push_pop_send = false;
3007 /* If 'struct flow' gets additional metadata, we'll need to zero it out
3008 * before traversing a patch port. */
3009 BUILD_ASSERT_DECL(FLOW_WC_SEQ == 36);
3010 memset(&flow_tnl, 0, sizeof flow_tnl);
3013 xlate_report(ctx, "Nonexistent output port");
3015 } else if (xport->config & OFPUTIL_PC_NO_FWD) {
3016 xlate_report(ctx, "OFPPC_NO_FWD set, skipping output");
3018 } else if (ctx->mirror_snaplen != 0 && xport->odp_port == ODPP_NONE) {
3019 xlate_report(ctx, "Mirror truncate to ODPP_NONE, skipping output");
3021 } else if (check_stp) {
3022 if (is_stp(&ctx->base_flow)) {
3023 if (!xport_stp_should_forward_bpdu(xport) &&
3024 !xport_rstp_should_manage_bpdu(xport)) {
3025 if (ctx->xbridge->stp != NULL) {
3026 xlate_report(ctx, "STP not in listening state, "
3027 "skipping bpdu output");
3028 } else if (ctx->xbridge->rstp != NULL) {
3029 xlate_report(ctx, "RSTP not managing BPDU in this state, "
3030 "skipping bpdu output");
3034 } else if (!xport_stp_forward_state(xport) ||
3035 !xport_rstp_forward_state(xport)) {
3036 if (ctx->xbridge->stp != NULL) {
3037 xlate_report(ctx, "STP not in forwarding state, "
3039 } else if (ctx->xbridge->rstp != NULL) {
3040 xlate_report(ctx, "RSTP not in forwarding state, "
3048 const struct xport *peer = xport->peer;
3049 struct flow old_flow = ctx->xin->flow;
3050 bool old_conntrack = ctx->conntracked;
3051 bool old_was_mpls = ctx->was_mpls;
3052 cls_version_t old_version = ctx->tables_version;
3053 struct ofpbuf old_stack = ctx->stack;
3054 union mf_subvalue new_stack[1024 / sizeof(union mf_subvalue)];
3055 struct ofpbuf old_action_set = ctx->action_set;
3056 uint64_t actset_stub[1024 / 8];
3058 ofpbuf_use_stub(&ctx->stack, new_stack, sizeof new_stack);
3059 ofpbuf_use_stub(&ctx->action_set, actset_stub, sizeof actset_stub);
3060 ctx->xbridge = peer->xbridge;
3061 flow->in_port.ofp_port = peer->ofp_port;
3062 flow->metadata = htonll(0);
3063 memset(&flow->tunnel, 0, sizeof flow->tunnel);
3064 memset(flow->regs, 0, sizeof flow->regs);
3065 flow->actset_output = OFPP_UNSET;
3066 ctx->conntracked = false;
3067 clear_conntrack(flow);
3069 /* The bridge is now known so obtain its table version. */
3071 = ofproto_dpif_get_tables_version(ctx->xbridge->ofproto);
3073 if (!process_special(ctx, peer) && may_receive(peer, ctx)) {
3074 if (xport_stp_forward_state(peer) && xport_rstp_forward_state(peer)) {
3075 xlate_table_action(ctx, flow->in_port.ofp_port, 0, true, true);
3076 if (!ctx->freezing) {
3077 xlate_action_set(ctx);
3079 if (ctx->freezing) {
3080 finish_freezing(ctx);
3083 /* Forwarding is disabled by STP and RSTP. Let OFPP_NORMAL and
3084 * the learning action look at the packet, then drop it. */
3085 struct flow old_base_flow = ctx->base_flow;
3086 size_t old_size = ctx->odp_actions->size;
3087 mirror_mask_t old_mirrors = ctx->mirrors;
3089 xlate_table_action(ctx, flow->in_port.ofp_port, 0, true, true);
3090 ctx->mirrors = old_mirrors;
3091 ctx->base_flow = old_base_flow;
3092 ctx->odp_actions->size = old_size;
3094 /* Undo changes that may have been done for freezing. */
3095 ctx_cancel_freeze(ctx);
3099 ctx->xin->flow = old_flow;
3100 ctx->xbridge = xport->xbridge;
3101 ofpbuf_uninit(&ctx->action_set);
3102 ctx->action_set = old_action_set;
3103 ofpbuf_uninit(&ctx->stack);
3104 ctx->stack = old_stack;
3106 /* Restore calling bridge's lookup version. */
3107 ctx->tables_version = old_version;
3109 /* The peer bridge popping MPLS should have no effect on the original
3111 ctx->was_mpls = old_was_mpls;
3113 /* The peer bridge's conntrack execution should have no effect on the
3114 * original bridge. */
3115 ctx->conntracked = old_conntrack;
3117 /* The fact that the peer bridge exits (for any reason) does not mean
3118 * that the original bridge should exit. Specifically, if the peer
3119 * bridge freezes translation, the original bridge must continue
3120 * processing with the original, not the frozen packet! */
3123 /* Peer bridge errors do not propagate back. */
3124 ctx->error = XLATE_OK;
3126 if (ctx->xin->resubmit_stats) {
3127 netdev_vport_inc_tx(xport->netdev, ctx->xin->resubmit_stats);
3128 netdev_vport_inc_rx(peer->netdev, ctx->xin->resubmit_stats);
3130 bfd_account_rx(peer->bfd, ctx->xin->resubmit_stats);
3133 if (ctx->xin->xcache) {
3134 struct xc_entry *entry;
3136 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_NETDEV);
3137 entry->u.dev.tx = netdev_ref(xport->netdev);
3138 entry->u.dev.rx = netdev_ref(peer->netdev);
3139 entry->u.dev.bfd = bfd_ref(peer->bfd);
3144 flow_vlan_tci = flow->vlan_tci;
3145 flow_pkt_mark = flow->pkt_mark;
3146 flow_nw_tos = flow->nw_tos;
3148 if (count_skb_priorities(xport)) {
3149 memset(&wc->masks.skb_priority, 0xff, sizeof wc->masks.skb_priority);
3150 if (dscp_from_skb_priority(xport, flow->skb_priority, &dscp)) {
3151 wc->masks.nw_tos |= IP_DSCP_MASK;
3152 flow->nw_tos &= ~IP_DSCP_MASK;
3153 flow->nw_tos |= dscp;
3157 if (xport->is_tunnel) {
3158 struct in6_addr dst;
3159 /* Save tunnel metadata so that changes made due to
3160 * the Logical (tunnel) Port are not visible for any further
3161 * matches, while explicit set actions on tunnel metadata are.
3163 flow_tnl = flow->tunnel;
3164 odp_port = tnl_port_send(xport->ofport, flow, ctx->wc);
3165 if (odp_port == ODPP_NONE) {
3166 xlate_report(ctx, "Tunneling decided against output");
3167 goto out; /* restore flow_nw_tos */
3169 dst = flow_tnl_dst(&flow->tunnel);
3170 if (ipv6_addr_equals(&dst, &ctx->orig_tunnel_ipv6_dst)) {
3171 xlate_report(ctx, "Not tunneling to our own address");
3172 goto out; /* restore flow_nw_tos */
3174 if (ctx->xin->resubmit_stats) {
3175 netdev_vport_inc_tx(xport->netdev, ctx->xin->resubmit_stats);
3177 if (ctx->xin->xcache) {
3178 struct xc_entry *entry;
3180 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_NETDEV);
3181 entry->u.dev.tx = netdev_ref(xport->netdev);
3183 out_port = odp_port;
3184 if (ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) {
3185 xlate_report(ctx, "output to native tunnel");
3186 tnl_push_pop_send = true;
3188 xlate_report(ctx, "output to kernel tunnel");
3189 commit_odp_tunnel_action(flow, &ctx->base_flow, ctx->odp_actions);
3190 flow->tunnel = flow_tnl; /* Restore tunnel metadata */
3193 odp_port = xport->odp_port;
3194 out_port = odp_port;
3197 if (out_port != ODPP_NONE) {
3198 xlate_commit_actions(ctx);
3201 struct ovs_action_hash *act_hash;
3204 act_hash = nl_msg_put_unspec_uninit(ctx->odp_actions,
3205 OVS_ACTION_ATTR_HASH,
3207 act_hash->hash_alg = xr->hash_alg;
3208 act_hash->hash_basis = xr->hash_basis;
3210 /* Recirc action. */
3211 nl_msg_put_u32(ctx->odp_actions, OVS_ACTION_ATTR_RECIRC,
3215 if (tnl_push_pop_send) {
3216 build_tunnel_send(ctx, xport, flow, odp_port);
3217 flow->tunnel = flow_tnl; /* Restore tunnel metadata */
3219 odp_port_t odp_tnl_port = ODPP_NONE;
3221 /* XXX: Write better Filter for tunnel port. We can use inport
3222 * int tunnel-port flow to avoid these checks completely. */
3223 if (ofp_port == OFPP_LOCAL &&
3224 ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) {
3226 odp_tnl_port = tnl_port_map_lookup(flow, wc);
3229 if (odp_tnl_port != ODPP_NONE) {
3230 nl_msg_put_odp_port(ctx->odp_actions,
3231 OVS_ACTION_ATTR_TUNNEL_POP,
3234 /* Tunnel push-pop action is not compatible with
3236 compose_ipfix_action(ctx, out_port);
3238 /* Handle truncation of the mirrored packet. */
3239 if (ctx->mirror_snaplen > 0 &&
3240 ctx->mirror_snaplen < UINT16_MAX) {
3241 struct ovs_action_trunc *trunc;
3243 trunc = nl_msg_put_unspec_uninit(ctx->odp_actions,
3244 OVS_ACTION_ATTR_TRUNC,
3246 trunc->max_len = ctx->mirror_snaplen;
3247 if (!ctx->xbridge->support.trunc) {
3248 ctx->xout->slow |= SLOW_ACTION;
3252 nl_msg_put_odp_port(ctx->odp_actions,
3253 OVS_ACTION_ATTR_OUTPUT,
3259 ctx->sflow_odp_port = odp_port;
3260 ctx->sflow_n_outputs++;
3261 ctx->nf_output_iface = ofp_port;
3264 if (mbridge_has_mirrors(ctx->xbridge->mbridge) && xport->xbundle) {
3265 mirror_packet(ctx, xport->xbundle,
3266 xbundle_mirror_dst(xport->xbundle->xbridge,
3272 flow->vlan_tci = flow_vlan_tci;
3273 flow->pkt_mark = flow_pkt_mark;
3274 flow->nw_tos = flow_nw_tos;
3278 compose_output_action(struct xlate_ctx *ctx, ofp_port_t ofp_port,
3279 const struct xlate_bond_recirc *xr)
3281 compose_output_action__(ctx, ofp_port, xr, true);
3285 xlate_recursively(struct xlate_ctx *ctx, struct rule_dpif *rule, bool deepens)
3287 struct rule_dpif *old_rule = ctx->rule;
3288 ovs_be64 old_cookie = ctx->rule_cookie;
3289 const struct rule_actions *actions;
3291 if (ctx->xin->resubmit_stats) {
3292 rule_dpif_credit_stats(rule, ctx->xin->resubmit_stats);
3298 ctx->depth += deepens;
3300 ctx->rule_cookie = rule_dpif_get_flow_cookie(rule);
3301 actions = rule_dpif_get_actions(rule);
3302 do_xlate_actions(actions->ofpacts, actions->ofpacts_len, ctx);
3303 ctx->rule_cookie = old_cookie;
3304 ctx->rule = old_rule;
3305 ctx->depth -= deepens;
3310 xlate_resubmit_resource_check(struct xlate_ctx *ctx)
3312 if (ctx->depth >= MAX_DEPTH) {
3313 XLATE_REPORT_ERROR(ctx, "over max translation depth %d", MAX_DEPTH);
3314 ctx->error = XLATE_RECURSION_TOO_DEEP;
3315 } else if (ctx->resubmits >= MAX_RESUBMITS) {
3316 XLATE_REPORT_ERROR(ctx, "over %d resubmit actions", MAX_RESUBMITS);
3317 ctx->error = XLATE_TOO_MANY_RESUBMITS;
3318 } else if (ctx->odp_actions->size > UINT16_MAX) {
3319 XLATE_REPORT_ERROR(ctx, "resubmits yielded over 64 kB of actions");
3320 /* NOT an error, as we'll be slow-pathing the flow in this case? */
3321 ctx->exit = true; /* XXX: translation still terminated! */
3322 } else if (ctx->stack.size >= 65536) {
3323 XLATE_REPORT_ERROR(ctx, "resubmits yielded over 64 kB of stack");
3324 ctx->error = XLATE_STACK_TOO_DEEP;
3333 xlate_table_action(struct xlate_ctx *ctx, ofp_port_t in_port, uint8_t table_id,
3334 bool may_packet_in, bool honor_table_miss)
3336 /* Check if we need to recirculate before matching in a table. */
3337 if (ctx->was_mpls) {
3338 ctx_trigger_freeze(ctx);
3341 if (xlate_resubmit_resource_check(ctx)) {
3342 uint8_t old_table_id = ctx->table_id;
3343 struct rule_dpif *rule;
3345 ctx->table_id = table_id;
3347 rule = rule_dpif_lookup_from_table(ctx->xbridge->ofproto,
3348 ctx->tables_version,
3349 &ctx->xin->flow, ctx->wc,
3350 ctx->xin->resubmit_stats,
3351 &ctx->table_id, in_port,
3352 may_packet_in, honor_table_miss);
3354 if (OVS_UNLIKELY(ctx->xin->resubmit_hook)) {
3355 ctx->xin->resubmit_hook(ctx->xin, rule, ctx->indentation + 1);
3359 /* Fill in the cache entry here instead of xlate_recursively
3360 * to make the reference counting more explicit. We take a
3361 * reference in the lookups above if we are going to cache the
3363 if (ctx->xin->xcache) {
3364 struct xc_entry *entry;
3366 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_RULE);
3367 entry->u.rule = rule;
3368 rule_dpif_ref(rule);
3370 xlate_recursively(ctx, rule, table_id <= old_table_id);
3373 ctx->table_id = old_table_id;
3379 xlate_group_stats(struct xlate_ctx *ctx, struct group_dpif *group,
3380 struct ofputil_bucket *bucket)
3382 if (ctx->xin->resubmit_stats) {
3383 group_dpif_credit_stats(group, bucket, ctx->xin->resubmit_stats);
3385 if (ctx->xin->xcache) {
3386 struct xc_entry *entry;
3388 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_GROUP);
3389 entry->u.group.group = group_dpif_ref(group);
3390 entry->u.group.bucket = bucket;
3395 xlate_group_bucket(struct xlate_ctx *ctx, struct ofputil_bucket *bucket)
3397 uint64_t action_list_stub[1024 / 8];
3398 struct ofpbuf action_list = OFPBUF_STUB_INITIALIZER(action_list_stub);
3399 struct ofpbuf action_set = ofpbuf_const_initializer(bucket->ofpacts,
3400 bucket->ofpacts_len);
3401 struct flow old_flow = ctx->xin->flow;
3402 bool old_was_mpls = ctx->was_mpls;
3404 ofpacts_execute_action_set(&action_list, &action_set);
3407 do_xlate_actions(action_list.data, action_list.size, ctx);
3411 ofpbuf_uninit(&action_list);
3413 /* Check if need to freeze. */
3414 if (ctx->freezing) {
3415 finish_freezing(ctx);
3418 /* Roll back flow to previous state.
3419 * This is equivalent to cloning the packet for each bucket.
3421 * As a side effect any subsequently applied actions will
3422 * also effectively be applied to a clone of the packet taken
3423 * just before applying the all or indirect group.
3425 * Note that group buckets are action sets, hence they cannot modify the
3426 * main action set. Also any stack actions are ignored when executing an
3427 * action set, so group buckets cannot change the stack either.
3428 * However, we do allow resubmit actions in group buckets, which could
3429 * break the above assumptions. It is up to the controller to not mess up
3430 * with the action_set and stack in the tables resubmitted to from
3432 ctx->xin->flow = old_flow;
3434 /* The group bucket popping MPLS should have no effect after bucket
3436 ctx->was_mpls = old_was_mpls;
3438 /* The fact that the group bucket exits (for any reason) does not mean that
3439 * the translation after the group action should exit. Specifically, if
3440 * the group bucket freezes translation, the actions after the group action
3441 * must continue processing with the original, not the frozen packet! */
3446 xlate_all_group(struct xlate_ctx *ctx, struct group_dpif *group)
3448 struct ofputil_bucket *bucket;
3449 const struct ovs_list *buckets;
3451 group_dpif_get_buckets(group, &buckets);
3453 LIST_FOR_EACH (bucket, list_node, buckets) {
3454 xlate_group_bucket(ctx, bucket);
3456 xlate_group_stats(ctx, group, NULL);
3460 xlate_ff_group(struct xlate_ctx *ctx, struct group_dpif *group)
3462 struct ofputil_bucket *bucket;
3464 bucket = group_first_live_bucket(ctx, group, 0);
3466 xlate_group_bucket(ctx, bucket);
3467 xlate_group_stats(ctx, group, bucket);
3472 xlate_default_select_group(struct xlate_ctx *ctx, struct group_dpif *group)
3474 struct flow_wildcards *wc = ctx->wc;
3475 struct ofputil_bucket *bucket;
3478 basis = flow_hash_symmetric_l4(&ctx->xin->flow, 0);
3479 flow_mask_hash_fields(&ctx->xin->flow, wc, NX_HASH_FIELDS_SYMMETRIC_L4);
3480 bucket = group_best_live_bucket(ctx, group, basis);
3482 xlate_group_bucket(ctx, bucket);
3483 xlate_group_stats(ctx, group, bucket);
3488 xlate_hash_fields_select_group(struct xlate_ctx *ctx, struct group_dpif *group)
3490 struct mf_bitmap hash_fields = MF_BITMAP_INITIALIZER;
3491 const struct field_array *fields;
3492 struct ofputil_bucket *bucket;
3496 fields = group_dpif_get_fields(group);
3497 basis = hash_uint64(group_dpif_get_selection_method_param(group));
3499 /* Determine which fields to hash */
3500 for (i = 0; i < MFF_N_IDS; i++) {
3501 if (bitmap_is_set(fields->used.bm, i)) {
3502 const struct mf_field *mf;
3504 /* If the field is already present in 'hash_fields' then
3505 * this loop has already checked that it and its pre-requisites
3506 * are present in the flow and its pre-requisites have
3507 * already been added to 'hash_fields'. There is nothing more
3508 * to do here and as an optimisation the loop can continue. */
3509 if (bitmap_is_set(hash_fields.bm, i)) {
3515 /* Only hash a field if it and its pre-requisites are present
3517 if (!mf_are_prereqs_ok(mf, &ctx->xin->flow)) {
3521 /* Hash both the field and its pre-requisites */
3522 mf_bitmap_set_field_and_prereqs(mf, &hash_fields);
3526 /* Hash the fields */
3527 for (i = 0; i < MFF_N_IDS; i++) {
3528 if (bitmap_is_set(hash_fields.bm, i)) {
3529 const struct mf_field *mf = mf_from_id(i);
3530 union mf_value value;
3533 mf_get_value(mf, &ctx->xin->flow, &value);
3534 /* This seems inefficient but so does apply_mask() */
3535 for (j = 0; j < mf->n_bytes; j++) {
3536 ((uint8_t *) &value)[j] &= ((uint8_t *) &fields->value[i])[j];
3538 basis = hash_bytes(&value, mf->n_bytes, basis);
3540 /* For tunnels, hash in whether the field is present. */
3541 if (mf_is_tun_metadata(mf)) {
3542 basis = hash_boolean(mf_is_set(mf, &ctx->xin->flow), basis);
3545 mf_mask_field(mf, &ctx->wc->masks);
3549 bucket = group_best_live_bucket(ctx, group, basis);
3551 xlate_group_bucket(ctx, bucket);
3552 xlate_group_stats(ctx, group, bucket);
3557 xlate_select_group(struct xlate_ctx *ctx, struct group_dpif *group)
3559 const char *selection_method = group_dpif_get_selection_method(group);
3561 /* Select groups may access flow keys beyond L2 in order to
3562 * select a bucket. Recirculate as appropriate to make this possible.
3564 if (ctx->was_mpls) {
3565 ctx_trigger_freeze(ctx);
3568 if (selection_method[0] == '\0') {
3569 xlate_default_select_group(ctx, group);
3570 } else if (!strcasecmp("hash", selection_method)) {
3571 xlate_hash_fields_select_group(ctx, group);
3573 /* Parsing of groups should ensure this never happens */
3579 xlate_group_action__(struct xlate_ctx *ctx, struct group_dpif *group)
3581 bool was_in_group = ctx->in_group;
3582 ctx->in_group = true;
3584 switch (group_dpif_get_type(group)) {
3586 case OFPGT11_INDIRECT:
3587 xlate_all_group(ctx, group);
3589 case OFPGT11_SELECT:
3590 xlate_select_group(ctx, group);
3593 xlate_ff_group(ctx, group);
3598 group_dpif_unref(group);
3600 ctx->in_group = was_in_group;
3604 xlate_group_action(struct xlate_ctx *ctx, uint32_t group_id)
3606 if (xlate_resubmit_resource_check(ctx)) {
3607 struct group_dpif *group;
3610 got_group = group_dpif_lookup(ctx->xbridge->ofproto, group_id, &group);
3612 xlate_group_action__(ctx, group);
3622 xlate_ofpact_resubmit(struct xlate_ctx *ctx,
3623 const struct ofpact_resubmit *resubmit)
3627 bool may_packet_in = false;
3628 bool honor_table_miss = false;
3630 if (ctx->rule && rule_dpif_is_internal(ctx->rule)) {
3631 /* Still allow missed packets to be sent to the controller
3632 * if resubmitting from an internal table. */
3633 may_packet_in = true;
3634 honor_table_miss = true;
3637 in_port = resubmit->in_port;
3638 if (in_port == OFPP_IN_PORT) {
3639 in_port = ctx->xin->flow.in_port.ofp_port;
3642 table_id = resubmit->table_id;
3643 if (table_id == 255) {
3644 table_id = ctx->table_id;
3647 xlate_table_action(ctx, in_port, table_id, may_packet_in,
3652 flood_packets(struct xlate_ctx *ctx, bool all)
3654 const struct xport *xport;
3656 HMAP_FOR_EACH (xport, ofp_node, &ctx->xbridge->xports) {
3657 if (xport->ofp_port == ctx->xin->flow.in_port.ofp_port) {
3662 compose_output_action__(ctx, xport->ofp_port, NULL, false);
3663 } else if (!(xport->config & OFPUTIL_PC_NO_FLOOD)) {
3664 compose_output_action(ctx, xport->ofp_port, NULL);
3668 ctx->nf_output_iface = NF_OUT_FLOOD;
3672 execute_controller_action(struct xlate_ctx *ctx, int len,
3673 enum ofp_packet_in_reason reason,
3674 uint16_t controller_id,
3675 const uint8_t *userdata, size_t userdata_len)
3677 struct dp_packet_batch batch;
3678 struct dp_packet *packet;
3680 ctx->xout->slow |= SLOW_CONTROLLER;
3681 xlate_commit_actions(ctx);
3682 if (!ctx->xin->packet) {
3686 packet = dp_packet_clone(ctx->xin->packet);
3687 packet_batch_init_packet(&batch, packet);
3688 odp_execute_actions(NULL, &batch, false,
3689 ctx->odp_actions->data, ctx->odp_actions->size, NULL);
3691 /* A packet sent by an action in a table-miss rule is considered an
3692 * explicit table miss. OpenFlow before 1.3 doesn't have that concept so
3693 * it will get translated back to OFPR_ACTION for those versions. */
3694 if (reason == OFPR_ACTION
3695 && ctx->rule && rule_dpif_is_table_miss(ctx->rule)) {
3696 reason = OFPR_EXPLICIT_MISS;
3699 size_t packet_len = dp_packet_size(packet);
3701 struct ofproto_async_msg *am = xmalloc(sizeof *am);
3702 *am = (struct ofproto_async_msg) {
3703 .controller_id = controller_id,
3704 .oam = OAM_PACKET_IN,
3708 .packet = dp_packet_steal_data(packet),
3709 .packet_len = packet_len,
3711 .table_id = ctx->table_id,
3712 .cookie = ctx->rule_cookie,
3713 .userdata = (userdata_len
3714 ? xmemdup(userdata, userdata_len)
3716 .userdata_len = userdata_len,
3722 flow_get_metadata(&ctx->xin->flow, &am->pin.up.public.flow_metadata);
3724 ofproto_dpif_send_async_msg(ctx->xbridge->ofproto, am);
3725 dp_packet_delete(packet);
3729 emit_continuation(struct xlate_ctx *ctx, const struct frozen_state *state)
3731 struct ofproto_async_msg *am = xmalloc(sizeof *am);
3732 *am = (struct ofproto_async_msg) {
3733 .controller_id = ctx->pause->controller_id,
3734 .oam = OAM_PACKET_IN,
3738 .userdata = xmemdup(ctx->pause->userdata,
3739 ctx->pause->userdata_len),
3740 .userdata_len = ctx->pause->userdata_len,
3741 .packet = xmemdup(dp_packet_data(ctx->xin->packet),
3742 dp_packet_size(ctx->xin->packet)),
3743 .packet_len = dp_packet_size(ctx->xin->packet),
3744 .reason = ctx->pause->reason,
3746 .bridge = *ofproto_dpif_get_uuid(ctx->xbridge->ofproto),
3747 .stack = xmemdup(state->stack,
3748 state->n_stack * sizeof *state->stack),
3749 .n_stack = state->n_stack,
3750 .mirrors = state->mirrors,
3751 .conntracked = state->conntracked,
3752 .actions = xmemdup(state->ofpacts, state->ofpacts_len),
3753 .actions_len = state->ofpacts_len,
3754 .action_set = xmemdup(state->action_set,
3755 state->action_set_len),
3756 .action_set_len = state->action_set_len,
3758 .max_len = UINT16_MAX,
3761 flow_get_metadata(&ctx->xin->flow, &am->pin.up.public.flow_metadata);
3762 ofproto_dpif_send_async_msg(ctx->xbridge->ofproto, am);
3766 finish_freezing__(struct xlate_ctx *ctx, uint8_t table)
3768 ovs_assert(ctx->freezing);
3770 struct frozen_state state = {
3772 .ofproto_uuid = *ofproto_dpif_get_uuid(ctx->xbridge->ofproto),
3773 .stack = ctx->stack.data,
3774 .n_stack = ctx->stack.size / sizeof(union mf_subvalue),
3775 .mirrors = ctx->mirrors,
3776 .conntracked = ctx->conntracked,
3777 .ofpacts = ctx->frozen_actions.data,
3778 .ofpacts_len = ctx->frozen_actions.size,
3779 .action_set = ctx->action_set.data,
3780 .action_set_len = ctx->action_set.size,
3782 frozen_metadata_from_flow(&state.metadata, &ctx->xin->flow);
3785 if (ctx->xin->packet) {
3786 emit_continuation(ctx, &state);
3789 /* Allocate a unique recirc id for the given metadata state in the
3790 * flow. An existing id, with a new reference to the corresponding
3791 * recirculation context, will be returned if possible.
3792 * The life-cycle of this recirc id is managed by associating it
3793 * with the udpif key ('ukey') created for each new datapath flow. */
3794 uint32_t id = recirc_alloc_id_ctx(&state);
3796 XLATE_REPORT_ERROR(ctx, "Failed to allocate recirculation id");
3797 ctx->error = XLATE_NO_RECIRCULATION_CONTEXT;
3800 recirc_refs_add(&ctx->xout->recircs, id);
3802 nl_msg_put_u32(ctx->odp_actions, OVS_ACTION_ATTR_RECIRC, id);
3805 /* Undo changes done by freezing. */
3806 ctx_cancel_freeze(ctx);
3809 /* Called only when we're freezing. */
3811 finish_freezing(struct xlate_ctx *ctx)
3813 xlate_commit_actions(ctx);
3814 finish_freezing__(ctx, 0);
3817 /* Fork the pipeline here. The current packet will continue processing the
3818 * current action list. A clone of the current packet will recirculate, skip
3819 * the remainder of the current action list and asynchronously resume pipeline
3820 * processing in 'table' with the current metadata and action set. */
3822 compose_recirculate_and_fork(struct xlate_ctx *ctx, uint8_t table)
3824 ctx->freezing = true;
3825 finish_freezing__(ctx, table);
3829 compose_mpls_push_action(struct xlate_ctx *ctx, struct ofpact_push_mpls *mpls)
3831 struct flow *flow = &ctx->xin->flow;
3834 ovs_assert(eth_type_mpls(mpls->ethertype));
3836 n = flow_count_mpls_labels(flow, ctx->wc);
3838 xlate_commit_actions(ctx);
3839 } else if (n >= FLOW_MAX_MPLS_LABELS) {
3840 if (ctx->xin->packet != NULL) {
3841 XLATE_REPORT_ERROR(ctx, "bridge %s: dropping packet on which an "
3842 "MPLS push action can't be performed as it would "
3843 "have more MPLS LSEs than the %d supported.",
3844 ctx->xbridge->name, FLOW_MAX_MPLS_LABELS);
3846 ctx->error = XLATE_TOO_MANY_MPLS_LABELS;
3850 flow_push_mpls(flow, n, mpls->ethertype, ctx->wc);
3854 compose_mpls_pop_action(struct xlate_ctx *ctx, ovs_be16 eth_type)
3856 struct flow *flow = &ctx->xin->flow;
3857 int n = flow_count_mpls_labels(flow, ctx->wc);
3859 if (flow_pop_mpls(flow, n, eth_type, ctx->wc)) {
3860 if (!eth_type_mpls(eth_type) && ctx->xbridge->support.odp.recirc) {
3861 ctx->was_mpls = true;
3863 } else if (n >= FLOW_MAX_MPLS_LABELS) {
3864 if (ctx->xin->packet != NULL) {
3865 XLATE_REPORT_ERROR(ctx, "bridge %s: dropping packet on which an "
3866 "MPLS pop action can't be performed as it has "
3867 "more MPLS LSEs than the %d supported.",
3868 ctx->xbridge->name, FLOW_MAX_MPLS_LABELS);
3870 ctx->error = XLATE_TOO_MANY_MPLS_LABELS;
3871 ofpbuf_clear(ctx->odp_actions);
3876 compose_dec_ttl(struct xlate_ctx *ctx, struct ofpact_cnt_ids *ids)
3878 struct flow *flow = &ctx->xin->flow;
3880 if (!is_ip_any(flow)) {
3884 ctx->wc->masks.nw_ttl = 0xff;
3885 if (flow->nw_ttl > 1) {
3891 for (i = 0; i < ids->n_controllers; i++) {
3892 execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL,
3893 ids->cnt_ids[i], NULL, 0);
3896 /* Stop processing for current table. */
3902 compose_set_mpls_label_action(struct xlate_ctx *ctx, ovs_be32 label)
3904 if (eth_type_mpls(ctx->xin->flow.dl_type)) {
3905 ctx->wc->masks.mpls_lse[0] |= htonl(MPLS_LABEL_MASK);
3906 set_mpls_lse_label(&ctx->xin->flow.mpls_lse[0], label);
3911 compose_set_mpls_tc_action(struct xlate_ctx *ctx, uint8_t tc)
3913 if (eth_type_mpls(ctx->xin->flow.dl_type)) {
3914 ctx->wc->masks.mpls_lse[0] |= htonl(MPLS_TC_MASK);
3915 set_mpls_lse_tc(&ctx->xin->flow.mpls_lse[0], tc);
3920 compose_set_mpls_ttl_action(struct xlate_ctx *ctx, uint8_t ttl)
3922 if (eth_type_mpls(ctx->xin->flow.dl_type)) {
3923 ctx->wc->masks.mpls_lse[0] |= htonl(MPLS_TTL_MASK);
3924 set_mpls_lse_ttl(&ctx->xin->flow.mpls_lse[0], ttl);
3929 compose_dec_mpls_ttl_action(struct xlate_ctx *ctx)
3931 struct flow *flow = &ctx->xin->flow;
3933 if (eth_type_mpls(flow->dl_type)) {
3934 uint8_t ttl = mpls_lse_to_ttl(flow->mpls_lse[0]);
3936 ctx->wc->masks.mpls_lse[0] |= htonl(MPLS_TTL_MASK);
3939 set_mpls_lse_ttl(&flow->mpls_lse[0], ttl);
3942 execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL, 0,
3947 /* Stop processing for current table. */
3952 xlate_output_action(struct xlate_ctx *ctx,
3953 ofp_port_t port, uint16_t max_len, bool may_packet_in)
3955 ofp_port_t prev_nf_output_iface = ctx->nf_output_iface;
3957 ctx->nf_output_iface = NF_OUT_DROP;
3961 compose_output_action(ctx, ctx->xin->flow.in_port.ofp_port, NULL);
3964 xlate_table_action(ctx, ctx->xin->flow.in_port.ofp_port,
3965 0, may_packet_in, true);
3971 flood_packets(ctx, false);
3974 flood_packets(ctx, true);
3976 case OFPP_CONTROLLER:
3977 execute_controller_action(ctx, max_len,
3978 (ctx->in_group ? OFPR_GROUP
3979 : ctx->in_action_set ? OFPR_ACTION_SET
3987 if (port != ctx->xin->flow.in_port.ofp_port) {
3988 compose_output_action(ctx, port, NULL);
3990 xlate_report(ctx, "skipping output to input port");
3995 if (prev_nf_output_iface == NF_OUT_FLOOD) {
3996 ctx->nf_output_iface = NF_OUT_FLOOD;
3997 } else if (ctx->nf_output_iface == NF_OUT_DROP) {
3998 ctx->nf_output_iface = prev_nf_output_iface;
3999 } else if (prev_nf_output_iface != NF_OUT_DROP &&
4000 ctx->nf_output_iface != NF_OUT_FLOOD) {
4001 ctx->nf_output_iface = NF_OUT_MULTI;
4006 xlate_output_reg_action(struct xlate_ctx *ctx,
4007 const struct ofpact_output_reg *or)
4009 uint64_t port = mf_get_subfield(&or->src, &ctx->xin->flow);
4010 if (port <= UINT16_MAX) {
4011 union mf_subvalue value;
4013 memset(&value, 0xff, sizeof value);
4014 mf_write_subfield_flow(&or->src, &value, &ctx->wc->masks);
4015 xlate_output_action(ctx, u16_to_ofp(port),
4016 or->max_len, false);
4021 xlate_output_trunc_action(struct xlate_ctx *ctx,
4022 ofp_port_t port, uint32_t max_len)
4024 bool support_trunc = ctx->xbridge->support.trunc;
4025 struct ovs_action_trunc *trunc;
4026 char name[OFP_MAX_PORT_NAME_LEN];
4033 case OFPP_CONTROLLER:
4035 ofputil_port_to_string(port, name, sizeof name);
4036 xlate_report(ctx, "output_trunc does not support port: %s", name);
4041 if (port != ctx->xin->flow.in_port.ofp_port) {
4042 const struct xport *xport = get_ofp_port(ctx->xbridge, port);
4044 if (xport == NULL || xport->odp_port == ODPP_NONE) {
4045 /* Since truncate happens at its following output action, if
4046 * the output port is a patch port, the behavior is somehow
4047 * unpredicable. For simpilicity, disallow this case. */
4048 ofputil_port_to_string(port, name, sizeof name);
4049 XLATE_REPORT_ERROR(ctx, "bridge %s: "
4050 "output_trunc does not support port: %s",
4051 ctx->xbridge->name, name);
4055 trunc = nl_msg_put_unspec_uninit(ctx->odp_actions,
4056 OVS_ACTION_ATTR_TRUNC,
4058 trunc->max_len = max_len;
4059 xlate_output_action(ctx, port, max_len, false);
4060 if (!support_trunc) {
4061 ctx->xout->slow |= SLOW_ACTION;
4064 xlate_report(ctx, "skipping output to input port");
4071 xlate_enqueue_action(struct xlate_ctx *ctx,
4072 const struct ofpact_enqueue *enqueue)
4074 ofp_port_t ofp_port = enqueue->port;
4075 uint32_t queue_id = enqueue->queue;
4076 uint32_t flow_priority, priority;
4079 /* Translate queue to priority. */
4080 error = dpif_queue_to_priority(ctx->xbridge->dpif, queue_id, &priority);
4082 /* Fall back to ordinary output action. */
4083 xlate_output_action(ctx, enqueue->port, 0, false);
4087 /* Check output port. */
4088 if (ofp_port == OFPP_IN_PORT) {
4089 ofp_port = ctx->xin->flow.in_port.ofp_port;
4090 } else if (ofp_port == ctx->xin->flow.in_port.ofp_port) {
4094 /* Add datapath actions. */
4095 flow_priority = ctx->xin->flow.skb_priority;
4096 ctx->xin->flow.skb_priority = priority;
4097 compose_output_action(ctx, ofp_port, NULL);
4098 ctx->xin->flow.skb_priority = flow_priority;
4100 /* Update NetFlow output port. */
4101 if (ctx->nf_output_iface == NF_OUT_DROP) {
4102 ctx->nf_output_iface = ofp_port;
4103 } else if (ctx->nf_output_iface != NF_OUT_FLOOD) {
4104 ctx->nf_output_iface = NF_OUT_MULTI;
4109 xlate_set_queue_action(struct xlate_ctx *ctx, uint32_t queue_id)
4111 uint32_t skb_priority;
4113 if (!dpif_queue_to_priority(ctx->xbridge->dpif, queue_id, &skb_priority)) {
4114 ctx->xin->flow.skb_priority = skb_priority;
4116 /* Couldn't translate queue to a priority. Nothing to do. A warning
4117 * has already been logged. */
4122 slave_enabled_cb(ofp_port_t ofp_port, void *xbridge_)
4124 const struct xbridge *xbridge = xbridge_;
4135 case OFPP_CONTROLLER: /* Not supported by the bundle action. */
4138 port = get_ofp_port(xbridge, ofp_port);
4139 return port ? port->may_enable : false;
4144 xlate_bundle_action(struct xlate_ctx *ctx,
4145 const struct ofpact_bundle *bundle)
4149 port = bundle_execute(bundle, &ctx->xin->flow, ctx->wc, slave_enabled_cb,
4150 CONST_CAST(struct xbridge *, ctx->xbridge));
4151 if (bundle->dst.field) {
4152 nxm_reg_load(&bundle->dst, ofp_to_u16(port), &ctx->xin->flow, ctx->wc);
4154 xlate_output_action(ctx, port, 0, false);
4159 xlate_learn_action__(struct xlate_ctx *ctx, const struct ofpact_learn *learn,
4160 struct ofputil_flow_mod *fm, struct ofpbuf *ofpacts)
4162 learn_execute(learn, &ctx->xin->flow, fm, ofpacts);
4163 if (ctx->xin->may_learn) {
4164 ofproto_dpif_flow_mod(ctx->xbridge->ofproto, fm);
4169 xlate_learn_action(struct xlate_ctx *ctx, const struct ofpact_learn *learn)
4171 learn_mask(learn, ctx->wc);
4173 if (ctx->xin->xcache) {
4174 struct xc_entry *entry;
4176 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_LEARN);
4177 entry->u.learn.ofproto = ctx->xbridge->ofproto;
4178 entry->u.learn.fm = xmalloc(sizeof *entry->u.learn.fm);
4179 entry->u.learn.ofpacts = ofpbuf_new(64);
4180 xlate_learn_action__(ctx, learn, entry->u.learn.fm,
4181 entry->u.learn.ofpacts);
4182 } else if (ctx->xin->may_learn) {
4183 uint64_t ofpacts_stub[1024 / 8];
4184 struct ofputil_flow_mod fm;
4185 struct ofpbuf ofpacts;
4187 ofpbuf_use_stub(&ofpacts, ofpacts_stub, sizeof ofpacts_stub);
4188 xlate_learn_action__(ctx, learn, &fm, &ofpacts);
4189 ofpbuf_uninit(&ofpacts);
4194 xlate_fin_timeout__(struct rule_dpif *rule, uint16_t tcp_flags,
4195 uint16_t idle_timeout, uint16_t hard_timeout)
4197 if (tcp_flags & (TCP_FIN | TCP_RST)) {
4198 rule_dpif_reduce_timeouts(rule, idle_timeout, hard_timeout);
4203 xlate_fin_timeout(struct xlate_ctx *ctx,
4204 const struct ofpact_fin_timeout *oft)
4207 xlate_fin_timeout__(ctx->rule, ctx->xin->tcp_flags,
4208 oft->fin_idle_timeout, oft->fin_hard_timeout);
4209 if (ctx->xin->xcache) {
4210 struct xc_entry *entry;
4212 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_FIN_TIMEOUT);
4213 /* XC_RULE already holds a reference on the rule, none is taken
4215 entry->u.fin.rule = ctx->rule;
4216 entry->u.fin.idle = oft->fin_idle_timeout;
4217 entry->u.fin.hard = oft->fin_hard_timeout;
4223 xlate_sample_action(struct xlate_ctx *ctx,
4224 const struct ofpact_sample *os)
4226 odp_port_t output_odp_port = ODPP_NONE;
4227 odp_port_t tunnel_out_port = ODPP_NONE;
4228 struct dpif_ipfix *ipfix = ctx->xbridge->ipfix;
4229 bool emit_set_tunnel = false;
4231 if (!ipfix || ctx->xin->flow.in_port.ofp_port == OFPP_NONE) {
4235 /* Scale the probability from 16-bit to 32-bit while representing
4236 * the same percentage. */
4237 uint32_t probability = (os->probability << 16) | os->probability;
4239 if (!ctx->xbridge->support.variable_length_userdata) {
4240 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
4242 VLOG_ERR_RL(&rl, "ignoring NXAST_SAMPLE action because datapath "
4243 "lacks support (needs Linux 3.10+ or kernel module from "
4248 /* If ofp_port in flow sample action is equel to ofp_port,
4249 * this sample action is a input port action. */
4250 if (os->sampling_port != OFPP_NONE &&
4251 os->sampling_port != ctx->xin->flow.in_port.ofp_port) {
4252 output_odp_port = ofp_port_to_odp_port(ctx->xbridge,
4254 if (output_odp_port == ODPP_NONE) {
4255 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
4256 VLOG_WARN_RL(&rl, "can't use unknown port %d in flow sample "
4257 "action", os->sampling_port);
4261 if (dpif_ipfix_get_flow_exporter_tunnel_sampling(ipfix,
4262 os->collector_set_id)
4263 && dpif_ipfix_get_tunnel_port(ipfix, output_odp_port)) {
4264 tunnel_out_port = output_odp_port;
4265 emit_set_tunnel = true;
4269 xlate_commit_actions(ctx);
4270 /* If 'emit_set_tunnel', sample(sampling_port=1) would translate
4271 * into datapath sample action set(tunnel(...)), sample(...) and
4272 * it is used for sampling egress tunnel information. */
4273 if (emit_set_tunnel) {
4274 const struct xport *xport = get_ofp_port(ctx->xbridge,
4277 if (xport && xport->is_tunnel) {
4278 struct flow *flow = &ctx->xin->flow;
4279 tnl_port_send(xport->ofport, flow, ctx->wc);
4280 if (!ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) {
4281 struct flow_tnl flow_tnl = flow->tunnel;
4283 commit_odp_tunnel_action(flow, &ctx->base_flow,
4285 flow->tunnel = flow_tnl;
4288 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
4289 VLOG_WARN_RL(&rl, "sampling_port:%d should be a tunnel port.",
4294 union user_action_cookie cookie = {
4296 .type = USER_ACTION_COOKIE_FLOW_SAMPLE,
4297 .probability = os->probability,
4298 .collector_set_id = os->collector_set_id,
4299 .obs_domain_id = os->obs_domain_id,
4300 .obs_point_id = os->obs_point_id,
4301 .output_odp_port = output_odp_port,
4304 compose_sample_action(ctx, probability, &cookie, sizeof cookie.flow_sample,
4305 tunnel_out_port, false);
4309 may_receive(const struct xport *xport, struct xlate_ctx *ctx)
4311 if (xport->config & (is_stp(&ctx->xin->flow)
4312 ? OFPUTIL_PC_NO_RECV_STP
4313 : OFPUTIL_PC_NO_RECV)) {
4317 /* Only drop packets here if both forwarding and learning are
4318 * disabled. If just learning is enabled, we need to have
4319 * OFPP_NORMAL and the learning action have a look at the packet
4320 * before we can drop it. */
4321 if ((!xport_stp_forward_state(xport) && !xport_stp_learn_state(xport)) ||
4322 (!xport_rstp_forward_state(xport) && !xport_rstp_learn_state(xport))) {
4330 xlate_write_actions__(struct xlate_ctx *ctx,
4331 const struct ofpact *ofpacts, size_t ofpacts_len)
4333 /* Maintain actset_output depending on the contents of the action set:
4335 * - OFPP_UNSET, if there is no "output" action.
4337 * - The output port, if there is an "output" action and no "group"
4340 * - OFPP_UNSET, if there is a "group" action.
4342 if (!ctx->action_set_has_group) {
4343 const struct ofpact *a;
4344 OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) {
4345 if (a->type == OFPACT_OUTPUT) {
4346 ctx->xin->flow.actset_output = ofpact_get_OUTPUT(a)->port;
4347 } else if (a->type == OFPACT_GROUP) {
4348 ctx->xin->flow.actset_output = OFPP_UNSET;
4349 ctx->action_set_has_group = true;
4355 ofpbuf_put(&ctx->action_set, ofpacts, ofpacts_len);
4359 xlate_write_actions(struct xlate_ctx *ctx, const struct ofpact_nest *a)
4361 xlate_write_actions__(ctx, a->actions, ofpact_nest_get_action_len(a));
4365 xlate_action_set(struct xlate_ctx *ctx)
4367 uint64_t action_list_stub[1024 / 64];
4368 struct ofpbuf action_list;
4370 ctx->in_action_set = true;
4371 ofpbuf_use_stub(&action_list, action_list_stub, sizeof action_list_stub);
4372 ofpacts_execute_action_set(&action_list, &ctx->action_set);
4373 /* Clear the action set, as it is not needed any more. */
4374 ofpbuf_clear(&ctx->action_set);
4375 do_xlate_actions(action_list.data, action_list.size, ctx);
4376 ctx->in_action_set = false;
4377 ofpbuf_uninit(&action_list);
4381 freeze_put_unroll_xlate(struct xlate_ctx *ctx)
4383 struct ofpact_unroll_xlate *unroll = ctx->frozen_actions.header;
4385 /* Restore the table_id and rule cookie for a potential PACKET
4388 (ctx->table_id != unroll->rule_table_id
4389 || ctx->rule_cookie != unroll->rule_cookie)) {
4390 unroll = ofpact_put_UNROLL_XLATE(&ctx->frozen_actions);
4391 unroll->rule_table_id = ctx->table_id;
4392 unroll->rule_cookie = ctx->rule_cookie;
4393 ctx->frozen_actions.header = unroll;
4398 /* Copy actions 'a' through 'end' to ctx->frozen_actions, which will be
4399 * executed after thawing. Inserts an UNROLL_XLATE action, if none is already
4400 * present, before any action that may depend on the current table ID or flow
4403 freeze_unroll_actions(const struct ofpact *a, const struct ofpact *end,
4404 struct xlate_ctx *ctx)
4406 for (; a < end; a = ofpact_next(a)) {
4408 case OFPACT_OUTPUT_REG:
4409 case OFPACT_OUTPUT_TRUNC:
4412 case OFPACT_CONTROLLER:
4413 case OFPACT_DEC_MPLS_TTL:
4414 case OFPACT_DEC_TTL:
4415 /* These actions may generate asynchronous messages, which include
4416 * table ID and flow cookie information. */
4417 freeze_put_unroll_xlate(ctx);
4420 case OFPACT_RESUBMIT:
4421 if (ofpact_get_RESUBMIT(a)->table_id == 0xff) {
4422 /* This resubmit action is relative to the current table, so we
4423 * need to track what table that is.*/
4424 freeze_put_unroll_xlate(ctx);
4428 case OFPACT_SET_TUNNEL:
4429 case OFPACT_REG_MOVE:
4430 case OFPACT_SET_FIELD:
4431 case OFPACT_STACK_PUSH:
4432 case OFPACT_STACK_POP:
4434 case OFPACT_WRITE_METADATA:
4435 case OFPACT_GOTO_TABLE:
4436 case OFPACT_ENQUEUE:
4437 case OFPACT_SET_VLAN_VID:
4438 case OFPACT_SET_VLAN_PCP:
4439 case OFPACT_STRIP_VLAN:
4440 case OFPACT_PUSH_VLAN:
4441 case OFPACT_SET_ETH_SRC:
4442 case OFPACT_SET_ETH_DST:
4443 case OFPACT_SET_IPV4_SRC:
4444 case OFPACT_SET_IPV4_DST:
4445 case OFPACT_SET_IP_DSCP:
4446 case OFPACT_SET_IP_ECN:
4447 case OFPACT_SET_IP_TTL:
4448 case OFPACT_SET_L4_SRC_PORT:
4449 case OFPACT_SET_L4_DST_PORT:
4450 case OFPACT_SET_QUEUE:
4451 case OFPACT_POP_QUEUE:
4452 case OFPACT_PUSH_MPLS:
4453 case OFPACT_POP_MPLS:
4454 case OFPACT_SET_MPLS_LABEL:
4455 case OFPACT_SET_MPLS_TC:
4456 case OFPACT_SET_MPLS_TTL:
4457 case OFPACT_MULTIPATH:
4460 case OFPACT_UNROLL_XLATE:
4461 case OFPACT_FIN_TIMEOUT:
4462 case OFPACT_CLEAR_ACTIONS:
4463 case OFPACT_WRITE_ACTIONS:
4466 case OFPACT_DEBUG_RECIRC:
4469 /* These may not generate PACKET INs. */
4473 case OFPACT_CONJUNCTION:
4474 /* These need not be copied for restoration. */
4477 /* Copy the action over. */
4478 ofpbuf_put(&ctx->frozen_actions, a, OFPACT_ALIGN(a->len));
4483 put_ct_mark(const struct flow *flow, struct ofpbuf *odp_actions,
4484 struct flow_wildcards *wc)
4486 if (wc->masks.ct_mark) {
4492 odp_ct_mark = nl_msg_put_unspec_uninit(odp_actions, OVS_CT_ATTR_MARK,
4493 sizeof(*odp_ct_mark));
4494 odp_ct_mark->key = flow->ct_mark & wc->masks.ct_mark;
4495 odp_ct_mark->mask = wc->masks.ct_mark;
4500 put_ct_label(const struct flow *flow, struct ofpbuf *odp_actions,
4501 struct flow_wildcards *wc)
4503 if (!ovs_u128_is_zero(wc->masks.ct_label)) {
4509 odp_ct_label = nl_msg_put_unspec_uninit(odp_actions,
4511 sizeof(*odp_ct_label));
4512 odp_ct_label->key = ovs_u128_and(flow->ct_label, wc->masks.ct_label);
4513 odp_ct_label->mask = wc->masks.ct_label;
4518 put_ct_helper(struct ofpbuf *odp_actions, struct ofpact_conntrack *ofc)
4521 if (ofc->alg == IPPORT_FTP) {
4522 nl_msg_put_string(odp_actions, OVS_CT_ATTR_HELPER, "ftp");
4524 VLOG_WARN("Cannot serialize ct_helper %d\n", ofc->alg);
4530 put_ct_nat(struct xlate_ctx *ctx)
4532 struct ofpact_nat *ofn = ctx->ct_nat_action;
4539 nat_offset = nl_msg_start_nested(ctx->odp_actions, OVS_CT_ATTR_NAT);
4540 if (ofn->flags & NX_NAT_F_SRC || ofn->flags & NX_NAT_F_DST) {
4541 nl_msg_put_flag(ctx->odp_actions, ofn->flags & NX_NAT_F_SRC
4542 ? OVS_NAT_ATTR_SRC : OVS_NAT_ATTR_DST);
4543 if (ofn->flags & NX_NAT_F_PERSISTENT) {
4544 nl_msg_put_flag(ctx->odp_actions, OVS_NAT_ATTR_PERSISTENT);
4546 if (ofn->flags & NX_NAT_F_PROTO_HASH) {
4547 nl_msg_put_flag(ctx->odp_actions, OVS_NAT_ATTR_PROTO_HASH);
4548 } else if (ofn->flags & NX_NAT_F_PROTO_RANDOM) {
4549 nl_msg_put_flag(ctx->odp_actions, OVS_NAT_ATTR_PROTO_RANDOM);
4551 if (ofn->range_af == AF_INET) {
4552 nl_msg_put_be32(ctx->odp_actions, OVS_NAT_ATTR_IP_MIN,
4553 ofn->range.addr.ipv4.min);
4554 if (ofn->range.addr.ipv4.max &&
4555 (ntohl(ofn->range.addr.ipv4.max)
4556 > ntohl(ofn->range.addr.ipv4.min))) {
4557 nl_msg_put_be32(ctx->odp_actions, OVS_NAT_ATTR_IP_MAX,
4558 ofn->range.addr.ipv4.max);
4560 } else if (ofn->range_af == AF_INET6) {
4561 nl_msg_put_unspec(ctx->odp_actions, OVS_NAT_ATTR_IP_MIN,
4562 &ofn->range.addr.ipv6.min,
4563 sizeof ofn->range.addr.ipv6.min);
4564 if (!ipv6_mask_is_any(&ofn->range.addr.ipv6.max) &&
4565 memcmp(&ofn->range.addr.ipv6.max, &ofn->range.addr.ipv6.min,
4566 sizeof ofn->range.addr.ipv6.max) > 0) {
4567 nl_msg_put_unspec(ctx->odp_actions, OVS_NAT_ATTR_IP_MAX,
4568 &ofn->range.addr.ipv6.max,
4569 sizeof ofn->range.addr.ipv6.max);
4572 if (ofn->range_af != AF_UNSPEC && ofn->range.proto.min) {
4573 nl_msg_put_u16(ctx->odp_actions, OVS_NAT_ATTR_PROTO_MIN,
4574 ofn->range.proto.min);
4575 if (ofn->range.proto.max &&
4576 ofn->range.proto.max > ofn->range.proto.min) {
4577 nl_msg_put_u16(ctx->odp_actions, OVS_NAT_ATTR_PROTO_MAX,
4578 ofn->range.proto.max);
4582 nl_msg_end_nested(ctx->odp_actions, nat_offset);
4586 compose_conntrack_action(struct xlate_ctx *ctx, struct ofpact_conntrack *ofc)
4588 ovs_u128 old_ct_label = ctx->base_flow.ct_label;
4589 ovs_u128 old_ct_label_mask = ctx->wc->masks.ct_label;
4590 uint32_t old_ct_mark = ctx->base_flow.ct_mark;
4591 uint32_t old_ct_mark_mask = ctx->wc->masks.ct_mark;
4595 /* Ensure that any prior actions are applied before composing the new
4596 * conntrack action. */
4597 xlate_commit_actions(ctx);
4599 /* Process nested actions first, to populate the key. */
4600 ctx->ct_nat_action = NULL;
4601 ctx->wc->masks.ct_mark = 0;
4602 ctx->wc->masks.ct_label.u64.hi = ctx->wc->masks.ct_label.u64.lo = 0;
4603 do_xlate_actions(ofc->actions, ofpact_ct_get_action_len(ofc), ctx);
4605 if (ofc->zone_src.field) {
4606 zone = mf_get_subfield(&ofc->zone_src, &ctx->xin->flow);
4608 zone = ofc->zone_imm;
4611 ct_offset = nl_msg_start_nested(ctx->odp_actions, OVS_ACTION_ATTR_CT);
4612 if (ofc->flags & NX_CT_F_COMMIT) {
4613 nl_msg_put_flag(ctx->odp_actions, OVS_CT_ATTR_COMMIT);
4615 nl_msg_put_u16(ctx->odp_actions, OVS_CT_ATTR_ZONE, zone);
4616 put_ct_mark(&ctx->xin->flow, ctx->odp_actions, ctx->wc);
4617 put_ct_label(&ctx->xin->flow, ctx->odp_actions, ctx->wc);
4618 put_ct_helper(ctx->odp_actions, ofc);
4620 ctx->ct_nat_action = NULL;
4621 nl_msg_end_nested(ctx->odp_actions, ct_offset);
4623 /* Restore the original ct fields in the key. These should only be exposed
4624 * after recirculation to another table. */
4625 ctx->base_flow.ct_mark = old_ct_mark;
4626 ctx->wc->masks.ct_mark = old_ct_mark_mask;
4627 ctx->base_flow.ct_label = old_ct_label;
4628 ctx->wc->masks.ct_label = old_ct_label_mask;
4630 if (ofc->recirc_table == NX_CT_RECIRC_NONE) {
4631 /* If we do not recirculate as part of this action, hide the results of
4632 * connection tracking from subsequent recirculations. */
4633 ctx->conntracked = false;
4635 /* Use ct_* fields from datapath during recirculation upcall. */
4636 ctx->conntracked = true;
4637 compose_recirculate_and_fork(ctx, ofc->recirc_table);
4642 recirc_for_mpls(const struct ofpact *a, struct xlate_ctx *ctx)
4644 /* No need to recirculate if already exiting. */
4649 /* Do not consider recirculating unless the packet was previously MPLS. */
4650 if (!ctx->was_mpls) {
4654 /* Special case these actions, only recirculating if necessary.
4655 * This avoids the overhead of recirculation in common use-cases.
4659 /* Output actions do not require recirculation. */
4661 case OFPACT_OUTPUT_TRUNC:
4662 case OFPACT_ENQUEUE:
4663 case OFPACT_OUTPUT_REG:
4664 /* Set actions that don't touch L3+ fields do not require recirculation. */
4665 case OFPACT_SET_VLAN_VID:
4666 case OFPACT_SET_VLAN_PCP:
4667 case OFPACT_SET_ETH_SRC:
4668 case OFPACT_SET_ETH_DST:
4669 case OFPACT_SET_TUNNEL:
4670 case OFPACT_SET_QUEUE:
4671 /* If actions of a group require recirculation that can be detected
4672 * when translating them. */
4676 /* Set field that don't touch L3+ fields don't require recirculation. */
4677 case OFPACT_SET_FIELD:
4678 if (mf_is_l3_or_higher(ofpact_get_SET_FIELD(a)->field)) {
4683 /* For simplicity, recirculate in all other cases. */
4684 case OFPACT_CONTROLLER:
4686 case OFPACT_STRIP_VLAN:
4687 case OFPACT_PUSH_VLAN:
4688 case OFPACT_SET_IPV4_SRC:
4689 case OFPACT_SET_IPV4_DST:
4690 case OFPACT_SET_IP_DSCP:
4691 case OFPACT_SET_IP_ECN:
4692 case OFPACT_SET_IP_TTL:
4693 case OFPACT_SET_L4_SRC_PORT:
4694 case OFPACT_SET_L4_DST_PORT:
4695 case OFPACT_REG_MOVE:
4696 case OFPACT_STACK_PUSH:
4697 case OFPACT_STACK_POP:
4698 case OFPACT_DEC_TTL:
4699 case OFPACT_SET_MPLS_LABEL:
4700 case OFPACT_SET_MPLS_TC:
4701 case OFPACT_SET_MPLS_TTL:
4702 case OFPACT_DEC_MPLS_TTL:
4703 case OFPACT_PUSH_MPLS:
4704 case OFPACT_POP_MPLS:
4705 case OFPACT_POP_QUEUE:
4706 case OFPACT_FIN_TIMEOUT:
4707 case OFPACT_RESUBMIT:
4709 case OFPACT_CONJUNCTION:
4710 case OFPACT_MULTIPATH:
4714 case OFPACT_UNROLL_XLATE:
4717 case OFPACT_DEBUG_RECIRC:
4719 case OFPACT_CLEAR_ACTIONS:
4720 case OFPACT_WRITE_ACTIONS:
4721 case OFPACT_WRITE_METADATA:
4722 case OFPACT_GOTO_TABLE:
4728 ctx_trigger_freeze(ctx);
4732 do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len,
4733 struct xlate_ctx *ctx)
4735 struct flow_wildcards *wc = ctx->wc;
4736 struct flow *flow = &ctx->xin->flow;
4737 const struct ofpact *a;
4739 if (ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) {
4740 tnl_neigh_snoop(flow, wc, ctx->xbridge->name);
4742 /* dl_type already in the mask, not set below. */
4744 OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) {
4745 struct ofpact_controller *controller;
4746 const struct ofpact_metadata *metadata;
4747 const struct ofpact_set_field *set_field;
4748 const struct mf_field *mf;
4754 recirc_for_mpls(a, ctx);
4757 /* Check if need to store the remaining actions for later
4759 if (ctx->freezing) {
4760 freeze_unroll_actions(a, ofpact_end(ofpacts, ofpacts_len),
4768 xlate_output_action(ctx, ofpact_get_OUTPUT(a)->port,
4769 ofpact_get_OUTPUT(a)->max_len, true);
4773 if (xlate_group_action(ctx, ofpact_get_GROUP(a)->group_id)) {
4774 /* Group could not be found. */
4779 case OFPACT_CONTROLLER:
4780 controller = ofpact_get_CONTROLLER(a);
4781 if (controller->pause) {
4782 ctx->pause = controller;
4783 ctx->xout->slow |= SLOW_CONTROLLER;
4784 ctx_trigger_freeze(ctx);
4787 execute_controller_action(ctx, controller->max_len,
4789 controller->controller_id,
4790 controller->userdata,
4791 controller->userdata_len);
4795 case OFPACT_ENQUEUE:
4796 memset(&wc->masks.skb_priority, 0xff,
4797 sizeof wc->masks.skb_priority);
4798 xlate_enqueue_action(ctx, ofpact_get_ENQUEUE(a));
4801 case OFPACT_SET_VLAN_VID:
4802 wc->masks.vlan_tci |= htons(VLAN_VID_MASK | VLAN_CFI);
4803 if (flow->vlan_tci & htons(VLAN_CFI) ||
4804 ofpact_get_SET_VLAN_VID(a)->push_vlan_if_needed) {
4805 flow->vlan_tci &= ~htons(VLAN_VID_MASK);
4806 flow->vlan_tci |= (htons(ofpact_get_SET_VLAN_VID(a)->vlan_vid)
4811 case OFPACT_SET_VLAN_PCP:
4812 wc->masks.vlan_tci |= htons(VLAN_PCP_MASK | VLAN_CFI);
4813 if (flow->vlan_tci & htons(VLAN_CFI) ||
4814 ofpact_get_SET_VLAN_PCP(a)->push_vlan_if_needed) {
4815 flow->vlan_tci &= ~htons(VLAN_PCP_MASK);
4816 flow->vlan_tci |= htons((ofpact_get_SET_VLAN_PCP(a)->vlan_pcp
4817 << VLAN_PCP_SHIFT) | VLAN_CFI);
4821 case OFPACT_STRIP_VLAN:
4822 memset(&wc->masks.vlan_tci, 0xff, sizeof wc->masks.vlan_tci);
4823 flow->vlan_tci = htons(0);
4826 case OFPACT_PUSH_VLAN:
4827 /* XXX 802.1AD(QinQ) */
4828 memset(&wc->masks.vlan_tci, 0xff, sizeof wc->masks.vlan_tci);
4829 flow->vlan_tci = htons(VLAN_CFI);
4832 case OFPACT_SET_ETH_SRC:
4833 WC_MASK_FIELD(wc, dl_src);
4834 flow->dl_src = ofpact_get_SET_ETH_SRC(a)->mac;
4837 case OFPACT_SET_ETH_DST:
4838 WC_MASK_FIELD(wc, dl_dst);
4839 flow->dl_dst = ofpact_get_SET_ETH_DST(a)->mac;
4842 case OFPACT_SET_IPV4_SRC:
4843 if (flow->dl_type == htons(ETH_TYPE_IP)) {
4844 memset(&wc->masks.nw_src, 0xff, sizeof wc->masks.nw_src);
4845 flow->nw_src = ofpact_get_SET_IPV4_SRC(a)->ipv4;
4849 case OFPACT_SET_IPV4_DST:
4850 if (flow->dl_type == htons(ETH_TYPE_IP)) {
4851 memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst);
4852 flow->nw_dst = ofpact_get_SET_IPV4_DST(a)->ipv4;
4856 case OFPACT_SET_IP_DSCP:
4857 if (is_ip_any(flow)) {
4858 wc->masks.nw_tos |= IP_DSCP_MASK;
4859 flow->nw_tos &= ~IP_DSCP_MASK;
4860 flow->nw_tos |= ofpact_get_SET_IP_DSCP(a)->dscp;
4864 case OFPACT_SET_IP_ECN:
4865 if (is_ip_any(flow)) {
4866 wc->masks.nw_tos |= IP_ECN_MASK;
4867 flow->nw_tos &= ~IP_ECN_MASK;
4868 flow->nw_tos |= ofpact_get_SET_IP_ECN(a)->ecn;
4872 case OFPACT_SET_IP_TTL:
4873 if (is_ip_any(flow)) {
4874 wc->masks.nw_ttl = 0xff;
4875 flow->nw_ttl = ofpact_get_SET_IP_TTL(a)->ttl;
4879 case OFPACT_SET_L4_SRC_PORT:
4880 if (is_ip_any(flow) && !(flow->nw_frag & FLOW_NW_FRAG_LATER)) {
4881 memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
4882 memset(&wc->masks.tp_src, 0xff, sizeof wc->masks.tp_src);
4883 flow->tp_src = htons(ofpact_get_SET_L4_SRC_PORT(a)->port);
4887 case OFPACT_SET_L4_DST_PORT:
4888 if (is_ip_any(flow) && !(flow->nw_frag & FLOW_NW_FRAG_LATER)) {
4889 memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
4890 memset(&wc->masks.tp_dst, 0xff, sizeof wc->masks.tp_dst);
4891 flow->tp_dst = htons(ofpact_get_SET_L4_DST_PORT(a)->port);
4895 case OFPACT_RESUBMIT:
4896 /* Freezing complicates resubmit. Some action in the flow
4897 * entry found by resubmit might trigger freezing. If that
4898 * happens, then we do not want to execute the resubmit again after
4899 * during thawing, so we want to skip back to the head of the loop
4900 * to avoid that, only adding any actions that follow the resubmit
4901 * to the frozen actions.
4903 xlate_ofpact_resubmit(ctx, ofpact_get_RESUBMIT(a));
4906 case OFPACT_SET_TUNNEL:
4907 flow->tunnel.tun_id = htonll(ofpact_get_SET_TUNNEL(a)->tun_id);
4910 case OFPACT_SET_QUEUE:
4911 memset(&wc->masks.skb_priority, 0xff,
4912 sizeof wc->masks.skb_priority);
4913 xlate_set_queue_action(ctx, ofpact_get_SET_QUEUE(a)->queue_id);
4916 case OFPACT_POP_QUEUE:
4917 memset(&wc->masks.skb_priority, 0xff,
4918 sizeof wc->masks.skb_priority);
4919 flow->skb_priority = ctx->orig_skb_priority;
4922 case OFPACT_REG_MOVE:
4923 nxm_execute_reg_move(ofpact_get_REG_MOVE(a), flow, wc);
4926 case OFPACT_SET_FIELD:
4927 set_field = ofpact_get_SET_FIELD(a);
4928 mf = set_field->field;
4930 /* Set field action only ever overwrites packet's outermost
4931 * applicable header fields. Do nothing if no header exists. */
4932 if (mf->id == MFF_VLAN_VID) {
4933 wc->masks.vlan_tci |= htons(VLAN_CFI);
4934 if (!(flow->vlan_tci & htons(VLAN_CFI))) {
4937 } else if ((mf->id == MFF_MPLS_LABEL || mf->id == MFF_MPLS_TC)
4938 /* 'dl_type' is already unwildcarded. */
4939 && !eth_type_mpls(flow->dl_type)) {
4942 /* A flow may wildcard nw_frag. Do nothing if setting a transport
4943 * header field on a packet that does not have them. */
4944 mf_mask_field_and_prereqs__(mf, &set_field->mask, wc);
4945 if (mf_are_prereqs_ok(mf, flow)) {
4946 mf_set_flow_value_masked(mf, &set_field->value,
4947 &set_field->mask, flow);
4951 case OFPACT_STACK_PUSH:
4952 nxm_execute_stack_push(ofpact_get_STACK_PUSH(a), flow, wc,
4956 case OFPACT_STACK_POP:
4957 nxm_execute_stack_pop(ofpact_get_STACK_POP(a), flow, wc,
4961 case OFPACT_PUSH_MPLS:
4962 compose_mpls_push_action(ctx, ofpact_get_PUSH_MPLS(a));
4965 case OFPACT_POP_MPLS:
4966 compose_mpls_pop_action(ctx, ofpact_get_POP_MPLS(a)->ethertype);
4969 case OFPACT_SET_MPLS_LABEL:
4970 compose_set_mpls_label_action(
4971 ctx, ofpact_get_SET_MPLS_LABEL(a)->label);
4974 case OFPACT_SET_MPLS_TC:
4975 compose_set_mpls_tc_action(ctx, ofpact_get_SET_MPLS_TC(a)->tc);
4978 case OFPACT_SET_MPLS_TTL:
4979 compose_set_mpls_ttl_action(ctx, ofpact_get_SET_MPLS_TTL(a)->ttl);
4982 case OFPACT_DEC_MPLS_TTL:
4983 if (compose_dec_mpls_ttl_action(ctx)) {
4988 case OFPACT_DEC_TTL:
4989 wc->masks.nw_ttl = 0xff;
4990 if (compose_dec_ttl(ctx, ofpact_get_DEC_TTL(a))) {
4996 /* Nothing to do. */
4999 case OFPACT_MULTIPATH:
5000 multipath_execute(ofpact_get_MULTIPATH(a), flow, wc);
5004 xlate_bundle_action(ctx, ofpact_get_BUNDLE(a));
5007 case OFPACT_OUTPUT_REG:
5008 xlate_output_reg_action(ctx, ofpact_get_OUTPUT_REG(a));
5011 case OFPACT_OUTPUT_TRUNC:
5012 xlate_output_trunc_action(ctx, ofpact_get_OUTPUT_TRUNC(a)->port,
5013 ofpact_get_OUTPUT_TRUNC(a)->max_len);
5017 xlate_learn_action(ctx, ofpact_get_LEARN(a));
5020 case OFPACT_CONJUNCTION: {
5021 /* A flow with a "conjunction" action represents part of a special
5022 * kind of "set membership match". Such a flow should not actually
5023 * get executed, but it could via, say, a "packet-out", even though
5024 * that wouldn't be useful. Log it to help debugging. */
5025 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
5026 VLOG_INFO_RL(&rl, "executing no-op conjunction action");
5034 case OFPACT_UNROLL_XLATE: {
5035 struct ofpact_unroll_xlate *unroll = ofpact_get_UNROLL_XLATE(a);
5037 /* Restore translation context data that was stored earlier. */
5038 ctx->table_id = unroll->rule_table_id;
5039 ctx->rule_cookie = unroll->rule_cookie;
5042 case OFPACT_FIN_TIMEOUT:
5043 memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
5044 xlate_fin_timeout(ctx, ofpact_get_FIN_TIMEOUT(a));
5047 case OFPACT_CLEAR_ACTIONS:
5048 ofpbuf_clear(&ctx->action_set);
5049 ctx->xin->flow.actset_output = OFPP_UNSET;
5050 ctx->action_set_has_group = false;
5053 case OFPACT_WRITE_ACTIONS:
5054 xlate_write_actions(ctx, ofpact_get_WRITE_ACTIONS(a));
5057 case OFPACT_WRITE_METADATA:
5058 metadata = ofpact_get_WRITE_METADATA(a);
5059 flow->metadata &= ~metadata->mask;
5060 flow->metadata |= metadata->metadata & metadata->mask;
5064 /* Not implemented yet. */
5067 case OFPACT_GOTO_TABLE: {
5068 struct ofpact_goto_table *ogt = ofpact_get_GOTO_TABLE(a);
5070 ovs_assert(ctx->table_id < ogt->table_id);
5072 xlate_table_action(ctx, ctx->xin->flow.in_port.ofp_port,
5073 ogt->table_id, true, true);
5078 xlate_sample_action(ctx, ofpact_get_SAMPLE(a));
5082 compose_conntrack_action(ctx, ofpact_get_CT(a));
5086 /* This will be processed by compose_conntrack_action(). */
5087 ctx->ct_nat_action = ofpact_get_NAT(a);
5090 case OFPACT_DEBUG_RECIRC:
5091 ctx_trigger_freeze(ctx);
5096 /* Check if need to store this and the remaining actions for later
5098 if (!ctx->error && ctx->exit && ctx_first_frozen_action(ctx)) {
5099 freeze_unroll_actions(a, ofpact_end(ofpacts, ofpacts_len), ctx);
5106 xlate_in_init(struct xlate_in *xin, struct ofproto_dpif *ofproto,
5107 const struct flow *flow, ofp_port_t in_port,
5108 struct rule_dpif *rule, uint16_t tcp_flags,
5109 const struct dp_packet *packet, struct flow_wildcards *wc,
5110 struct ofpbuf *odp_actions)
5112 xin->ofproto = ofproto;
5114 xin->flow.in_port.ofp_port = in_port;
5115 xin->flow.actset_output = OFPP_UNSET;
5116 xin->packet = packet;
5117 xin->may_learn = packet != NULL;
5120 xin->ofpacts = NULL;
5121 xin->ofpacts_len = 0;
5122 xin->tcp_flags = tcp_flags;
5123 xin->resubmit_hook = NULL;
5124 xin->report_hook = NULL;
5125 xin->resubmit_stats = NULL;
5126 xin->indentation = 0;
5130 xin->odp_actions = odp_actions;
5132 /* Do recirc lookup. */
5133 xin->frozen_state = NULL;
5134 if (flow->recirc_id) {
5135 const struct recirc_id_node *node
5136 = recirc_id_node_find(flow->recirc_id);
5138 xin->frozen_state = &node->state;
5144 xlate_out_uninit(struct xlate_out *xout)
5147 recirc_refs_unref(&xout->recircs);
5151 /* Translates the 'ofpacts_len' bytes of "struct ofpact"s starting at 'ofpacts'
5152 * into datapath actions, using 'ctx', and discards the datapath actions. */
5154 xlate_actions_for_side_effects(struct xlate_in *xin)
5156 struct xlate_out xout;
5157 enum xlate_error error;
5159 error = xlate_actions(xin, &xout);
5161 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
5163 VLOG_WARN_RL(&rl, "xlate_actions failed (%s)!", xlate_strerror(error));
5166 xlate_out_uninit(&xout);
5169 static struct skb_priority_to_dscp *
5170 get_skb_priority(const struct xport *xport, uint32_t skb_priority)
5172 struct skb_priority_to_dscp *pdscp;
5175 hash = hash_int(skb_priority, 0);
5176 HMAP_FOR_EACH_IN_BUCKET (pdscp, hmap_node, hash, &xport->skb_priorities) {
5177 if (pdscp->skb_priority == skb_priority) {
5185 dscp_from_skb_priority(const struct xport *xport, uint32_t skb_priority,
5188 struct skb_priority_to_dscp *pdscp = get_skb_priority(xport, skb_priority);
5189 *dscp = pdscp ? pdscp->dscp : 0;
5190 return pdscp != NULL;
5194 count_skb_priorities(const struct xport *xport)
5196 return hmap_count(&xport->skb_priorities);
5200 clear_skb_priorities(struct xport *xport)
5202 struct skb_priority_to_dscp *pdscp;
5204 HMAP_FOR_EACH_POP (pdscp, hmap_node, &xport->skb_priorities) {
5210 actions_output_to_local_port(const struct xlate_ctx *ctx)
5212 odp_port_t local_odp_port = ofp_port_to_odp_port(ctx->xbridge, OFPP_LOCAL);
5213 const struct nlattr *a;
5216 NL_ATTR_FOR_EACH_UNSAFE (a, left, ctx->odp_actions->data,
5217 ctx->odp_actions->size) {
5218 if (nl_attr_type(a) == OVS_ACTION_ATTR_OUTPUT
5219 && nl_attr_get_odp_port(a) == local_odp_port) {
5226 #if defined(__linux__)
5227 /* Returns the maximum number of packets that the Linux kernel is willing to
5228 * queue up internally to certain kinds of software-implemented ports, or the
5229 * default (and rarely modified) value if it cannot be determined. */
5231 netdev_max_backlog(void)
5233 static struct ovsthread_once once = OVSTHREAD_ONCE_INITIALIZER;
5234 static int max_backlog = 1000; /* The normal default value. */
5236 if (ovsthread_once_start(&once)) {
5237 static const char filename[] = "/proc/sys/net/core/netdev_max_backlog";
5241 stream = fopen(filename, "r");
5243 VLOG_INFO("%s: open failed (%s)", filename, ovs_strerror(errno));
5245 if (fscanf(stream, "%d", &n) != 1) {
5246 VLOG_WARN("%s: read error", filename);
5247 } else if (n <= 100) {
5248 VLOG_WARN("%s: unexpectedly small value %d", filename, n);
5254 ovsthread_once_done(&once);
5256 VLOG_DBG("%s: using %d max_backlog", filename, max_backlog);
5262 /* Counts and returns the number of OVS_ACTION_ATTR_OUTPUT actions in
5265 count_output_actions(const struct ofpbuf *odp_actions)
5267 const struct nlattr *a;
5271 NL_ATTR_FOR_EACH_UNSAFE (a, left, odp_actions->data, odp_actions->size) {
5272 if (a->nla_type == OVS_ACTION_ATTR_OUTPUT) {
5278 #endif /* defined(__linux__) */
5280 /* Returns true if 'odp_actions' contains more output actions than the datapath
5281 * can reliably handle in one go. On Linux, this is the value of the
5282 * net.core.netdev_max_backlog sysctl, which limits the maximum number of
5283 * packets that the kernel is willing to queue up for processing while the
5284 * datapath is processing a set of actions. */
5286 too_many_output_actions(const struct ofpbuf *odp_actions OVS_UNUSED)
5289 return (odp_actions->size / NL_A_U32_SIZE > netdev_max_backlog()
5290 && count_output_actions(odp_actions) > netdev_max_backlog());
5292 /* OSes other than Linux might have similar limits, but we don't know how
5293 * to determine them.*/
5299 xlate_wc_init(struct xlate_ctx *ctx)
5301 flow_wildcards_init_catchall(ctx->wc);
5303 /* Some fields we consider to always be examined. */
5304 WC_MASK_FIELD(ctx->wc, in_port);
5305 WC_MASK_FIELD(ctx->wc, dl_type);
5306 if (is_ip_any(&ctx->xin->flow)) {
5307 WC_MASK_FIELD_MASK(ctx->wc, nw_frag, FLOW_NW_FRAG_MASK);
5310 if (ctx->xbridge->support.odp.recirc) {
5311 /* Always exactly match recirc_id when datapath supports
5313 WC_MASK_FIELD(ctx->wc, recirc_id);
5316 if (ctx->xbridge->netflow) {
5317 netflow_mask_wc(&ctx->xin->flow, ctx->wc);
5320 tnl_wc_init(&ctx->xin->flow, ctx->wc);
5324 xlate_wc_finish(struct xlate_ctx *ctx)
5326 /* Clear the metadata and register wildcard masks, because we won't
5327 * use non-header fields as part of the cache. */
5328 flow_wildcards_clear_non_packet_fields(ctx->wc);
5330 /* ICMPv4 and ICMPv6 have 8-bit "type" and "code" fields. struct flow
5331 * uses the low 8 bits of the 16-bit tp_src and tp_dst members to
5332 * represent these fields. The datapath interface, on the other hand,
5333 * represents them with just 8 bits each. This means that if the high
5334 * 8 bits of the masks for these fields somehow become set, then they
5335 * will get chopped off by a round trip through the datapath, and
5336 * revalidation will spot that as an inconsistency and delete the flow.
5337 * Avoid the problem here by making sure that only the low 8 bits of
5338 * either field can be unwildcarded for ICMP.
5340 if (is_icmpv4(&ctx->xin->flow, NULL) || is_icmpv6(&ctx->xin->flow, NULL)) {
5341 ctx->wc->masks.tp_src &= htons(UINT8_MAX);
5342 ctx->wc->masks.tp_dst &= htons(UINT8_MAX);
5344 /* VLAN_TCI CFI bit must be matched if any of the TCI is matched. */
5345 if (ctx->wc->masks.vlan_tci) {
5346 ctx->wc->masks.vlan_tci |= htons(VLAN_CFI);
5350 /* Translates the flow, actions, or rule in 'xin' into datapath actions in
5352 * The caller must take responsibility for eventually freeing 'xout', with
5353 * xlate_out_uninit().
5354 * Returns 'XLATE_OK' if translation was successful. In case of an error an
5355 * empty set of actions will be returned in 'xin->odp_actions' (if non-NULL),
5356 * so that most callers may ignore the return value and transparently install a
5357 * drop flow when the translation fails. */
5359 xlate_actions(struct xlate_in *xin, struct xlate_out *xout)
5361 *xout = (struct xlate_out) {
5363 .recircs = RECIRC_REFS_EMPTY_INITIALIZER,
5366 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
5367 struct xbridge *xbridge = xbridge_lookup(xcfg, xin->ofproto);
5369 return XLATE_BRIDGE_NOT_FOUND;
5372 struct flow *flow = &xin->flow;
5374 union mf_subvalue stack_stub[1024 / sizeof(union mf_subvalue)];
5375 uint64_t action_set_stub[1024 / 8];
5376 uint64_t frozen_actions_stub[1024 / 8];
5377 uint64_t actions_stub[256 / 8];
5378 struct ofpbuf scratch_actions = OFPBUF_STUB_INITIALIZER(actions_stub);
5379 struct xlate_ctx ctx = {
5383 .orig_tunnel_ipv6_dst = flow_tnl_dst(&flow->tunnel),
5385 .stack = OFPBUF_STUB_INITIALIZER(stack_stub),
5389 : &(struct flow_wildcards) { .masks = { .dl_type = 0 } }),
5390 .odp_actions = xin->odp_actions ? xin->odp_actions : &scratch_actions,
5392 .indentation = xin->indentation,
5393 .depth = xin->depth,
5394 .resubmits = xin->resubmits,
5396 .in_action_set = false,
5399 .rule_cookie = OVS_BE64_MAX,
5400 .orig_skb_priority = flow->skb_priority,
5401 .sflow_n_outputs = 0,
5402 .sflow_odp_port = 0,
5403 .nf_output_iface = NF_OUT_DROP,
5409 .frozen_actions = OFPBUF_STUB_INITIALIZER(frozen_actions_stub),
5413 .conntracked = false,
5415 .ct_nat_action = NULL,
5417 .action_set_has_group = false,
5418 .action_set = OFPBUF_STUB_INITIALIZER(action_set_stub),
5421 /* 'base_flow' reflects the packet as it came in, but we need it to reflect
5422 * the packet as the datapath will treat it for output actions. Our
5423 * datapath doesn't retain tunneling information without us re-setting
5424 * it, so clear the tunnel data.
5427 memset(&ctx.base_flow.tunnel, 0, sizeof ctx.base_flow.tunnel);
5429 ofpbuf_reserve(ctx.odp_actions, NL_A_U32_SIZE);
5430 xlate_wc_init(&ctx);
5432 COVERAGE_INC(xlate_actions);
5434 if (xin->frozen_state) {
5435 const struct frozen_state *state = xin->frozen_state;
5437 xlate_report(&ctx, "Thawing frozen state:");
5439 if (xin->ofpacts_len > 0 || ctx.rule) {
5440 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
5441 const char *conflict = xin->ofpacts_len ? "actions" : "rule";
5443 VLOG_WARN_RL(&rl, "Recirculation conflict (%s)!", conflict);
5444 xlate_report(&ctx, "- Recirculation conflict (%s)!", conflict);
5445 ctx.error = XLATE_RECIRCULATION_CONFLICT;
5449 /* Set the bridge for post-recirculation processing if needed. */
5450 if (!uuid_equals(ofproto_dpif_get_uuid(ctx.xbridge->ofproto),
5451 &state->ofproto_uuid)) {
5452 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
5453 const struct xbridge *new_bridge
5454 = xbridge_lookup_by_uuid(xcfg, &state->ofproto_uuid);
5456 if (OVS_UNLIKELY(!new_bridge)) {
5457 /* Drop the packet if the bridge cannot be found. */
5458 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
5459 VLOG_WARN_RL(&rl, "Frozen bridge no longer exists.");
5460 xlate_report(&ctx, "- Frozen bridge no longer exists.");
5461 ctx.error = XLATE_BRIDGE_NOT_FOUND;
5464 ctx.xbridge = new_bridge;
5467 /* Set the thawed table id. Note: A table lookup is done only if there
5468 * are no frozen actions. */
5469 ctx.table_id = state->table_id;
5470 xlate_report(&ctx, "- Resuming from table %"PRIu8, ctx.table_id);
5472 if (!state->conntracked) {
5473 clear_conntrack(flow);
5476 /* Restore pipeline metadata. May change flow's in_port and other
5477 * metadata to the values that existed when freezing was triggered. */
5478 frozen_metadata_to_flow(&state->metadata, flow);
5480 /* Restore stack, if any. */
5482 ofpbuf_put(&ctx.stack, state->stack,
5483 state->n_stack * sizeof *state->stack);
5486 /* Restore mirror state. */
5487 ctx.mirrors = state->mirrors;
5489 /* Restore action set, if any. */
5490 if (state->action_set_len) {
5491 xlate_report_actions(&ctx, "- Restoring action set",
5492 state->action_set, state->action_set_len);
5494 flow->actset_output = OFPP_UNSET;
5495 xlate_write_actions__(&ctx, state->action_set,
5496 state->action_set_len);
5499 /* Restore frozen actions. If there are no actions, processing will
5500 * start with a lookup in the table set above. */
5501 xin->ofpacts = state->ofpacts;
5502 xin->ofpacts_len = state->ofpacts_len;
5503 if (state->ofpacts_len) {
5504 xlate_report_actions(&ctx, "- Restoring actions",
5505 xin->ofpacts, xin->ofpacts_len);
5507 } else if (OVS_UNLIKELY(flow->recirc_id)) {
5508 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
5510 VLOG_WARN_RL(&rl, "Recirculation context not found for ID %"PRIx32,
5512 ctx.error = XLATE_NO_RECIRCULATION_CONTEXT;
5515 /* The bridge is now known so obtain its table version. */
5516 ctx.tables_version = ofproto_dpif_get_tables_version(ctx.xbridge->ofproto);
5518 if (!xin->ofpacts && !ctx.rule) {
5519 ctx.rule = rule_dpif_lookup_from_table(
5520 ctx.xbridge->ofproto, ctx.tables_version, flow, ctx.wc,
5521 ctx.xin->resubmit_stats, &ctx.table_id,
5522 flow->in_port.ofp_port, true, true);
5523 if (ctx.xin->resubmit_stats) {
5524 rule_dpif_credit_stats(ctx.rule, ctx.xin->resubmit_stats);
5526 if (ctx.xin->xcache) {
5527 struct xc_entry *entry;
5529 entry = xlate_cache_add_entry(ctx.xin->xcache, XC_RULE);
5530 entry->u.rule = ctx.rule;
5531 rule_dpif_ref(ctx.rule);
5534 if (OVS_UNLIKELY(ctx.xin->resubmit_hook)) {
5535 ctx.xin->resubmit_hook(ctx.xin, ctx.rule, 0);
5539 /* Get the proximate input port of the packet. (If xin->frozen_state,
5540 * flow->in_port is the ultimate input port of the packet.) */
5541 struct xport *in_port = get_ofp_port(xbridge,
5542 ctx.base_flow.in_port.ofp_port);
5544 /* Tunnel stats only for not-thawed packets. */
5545 if (!xin->frozen_state && in_port && in_port->is_tunnel) {
5546 if (ctx.xin->resubmit_stats) {
5547 netdev_vport_inc_rx(in_port->netdev, ctx.xin->resubmit_stats);
5549 bfd_account_rx(in_port->bfd, ctx.xin->resubmit_stats);
5552 if (ctx.xin->xcache) {
5553 struct xc_entry *entry;
5555 entry = xlate_cache_add_entry(ctx.xin->xcache, XC_NETDEV);
5556 entry->u.dev.rx = netdev_ref(in_port->netdev);
5557 entry->u.dev.bfd = bfd_ref(in_port->bfd);
5561 if (!xin->frozen_state && process_special(&ctx, in_port)) {
5562 /* process_special() did all the processing for this packet.
5564 * We do not perform special processing on thawed packets, since that
5565 * was done before they were frozen and should not be redone. */
5566 } else if (in_port && in_port->xbundle
5567 && xbundle_mirror_out(xbridge, in_port->xbundle)) {
5568 if (ctx.xin->packet != NULL) {
5569 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
5570 VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port "
5571 "%s, which is reserved exclusively for mirroring",
5572 ctx.xbridge->name, in_port->xbundle->name);
5575 /* Sampling is done on initial reception; don't redo after thawing. */
5576 unsigned int user_cookie_offset = 0;
5577 if (!xin->frozen_state) {
5578 user_cookie_offset = compose_sflow_action(&ctx);
5579 compose_ipfix_action(&ctx, ODPP_NONE);
5581 size_t sample_actions_len = ctx.odp_actions->size;
5583 if (tnl_process_ecn(flow)
5584 && (!in_port || may_receive(in_port, &ctx))) {
5585 const struct ofpact *ofpacts;
5589 ofpacts = xin->ofpacts;
5590 ofpacts_len = xin->ofpacts_len;
5591 } else if (ctx.rule) {
5592 const struct rule_actions *actions
5593 = rule_dpif_get_actions(ctx.rule);
5594 ofpacts = actions->ofpacts;
5595 ofpacts_len = actions->ofpacts_len;
5596 ctx.rule_cookie = rule_dpif_get_flow_cookie(ctx.rule);
5601 mirror_ingress_packet(&ctx);
5602 do_xlate_actions(ofpacts, ofpacts_len, &ctx);
5607 /* We've let OFPP_NORMAL and the learning action look at the
5608 * packet, so cancel all actions and freezing if forwarding is
5610 if (in_port && (!xport_stp_forward_state(in_port) ||
5611 !xport_rstp_forward_state(in_port))) {
5612 ctx.odp_actions->size = sample_actions_len;
5613 ctx_cancel_freeze(&ctx);
5614 ofpbuf_clear(&ctx.action_set);
5617 if (!ctx.freezing) {
5618 xlate_action_set(&ctx);
5621 finish_freezing(&ctx);
5625 /* Output only fully processed packets. */
5627 && xbridge->has_in_band
5628 && in_band_must_output_to_local_port(flow)
5629 && !actions_output_to_local_port(&ctx)) {
5630 compose_output_action(&ctx, OFPP_LOCAL, NULL);
5633 if (user_cookie_offset) {
5634 fix_sflow_action(&ctx, user_cookie_offset);
5638 if (nl_attr_oversized(ctx.odp_actions->size)) {
5639 /* These datapath actions are too big for a Netlink attribute, so we
5640 * can't hand them to the kernel directly. dpif_execute() can execute
5641 * them one by one with help, so just mark the result as SLOW_ACTION to
5642 * prevent the flow from being installed. */
5643 COVERAGE_INC(xlate_actions_oversize);
5644 ctx.xout->slow |= SLOW_ACTION;
5645 } else if (too_many_output_actions(ctx.odp_actions)) {
5646 COVERAGE_INC(xlate_actions_too_many_output);
5647 ctx.xout->slow |= SLOW_ACTION;
5650 /* Do netflow only for packets on initial reception, that are not sent to
5651 * the controller. We consider packets sent to the controller to be part
5652 * of the control plane rather than the data plane. */
5653 if (!xin->frozen_state
5655 && !(xout->slow & SLOW_CONTROLLER)) {
5656 if (ctx.xin->resubmit_stats) {
5657 netflow_flow_update(xbridge->netflow, flow,
5658 ctx.nf_output_iface,
5659 ctx.xin->resubmit_stats);
5661 if (ctx.xin->xcache) {
5662 struct xc_entry *entry;
5664 entry = xlate_cache_add_entry(ctx.xin->xcache, XC_NETFLOW);
5665 entry->u.nf.netflow = netflow_ref(xbridge->netflow);
5666 entry->u.nf.flow = xmemdup(flow, sizeof *flow);
5667 entry->u.nf.iface = ctx.nf_output_iface;
5671 xlate_wc_finish(&ctx);
5674 ofpbuf_uninit(&ctx.stack);
5675 ofpbuf_uninit(&ctx.action_set);
5676 ofpbuf_uninit(&ctx.frozen_actions);
5677 ofpbuf_uninit(&scratch_actions);
5679 /* Make sure we return a "drop flow" in case of an error. */
5682 if (xin->odp_actions) {
5683 ofpbuf_clear(xin->odp_actions);
5690 xlate_resume(struct ofproto_dpif *ofproto,
5691 const struct ofputil_packet_in_private *pin,
5692 struct ofpbuf *odp_actions,
5693 enum slow_path_reason *slow)
5695 struct dp_packet packet;
5696 dp_packet_use_const(&packet, pin->public.packet,
5697 pin->public.packet_len);
5700 flow_extract(&packet, &flow);
5702 struct xlate_in xin;
5703 xlate_in_init(&xin, ofproto, &flow, 0, NULL, ntohs(flow.tcp_flags),
5704 &packet, NULL, odp_actions);
5706 struct ofpact_note noop;
5707 ofpact_init_NOTE(&noop);
5710 bool any_actions = pin->actions_len > 0;
5711 struct frozen_state state = {
5712 .table_id = 0, /* Not the table where NXAST_PAUSE was executed. */
5713 .ofproto_uuid = pin->bridge,
5714 .stack = pin->stack,
5715 .n_stack = pin->n_stack,
5716 .mirrors = pin->mirrors,
5717 .conntracked = pin->conntracked,
5719 /* When there are no actions, xlate_actions() will search the flow
5720 * table. We don't want it to do that (we want it to resume), so
5721 * supply a no-op action if there aren't any.
5723 * (We can't necessarily avoid translating actions entirely if there
5724 * aren't any actions, because there might be some finishing-up to do
5725 * at the end of the pipeline, and we don't check for those
5727 .ofpacts = any_actions ? pin->actions : &noop.ofpact,
5728 .ofpacts_len = any_actions ? pin->actions_len : sizeof noop,
5730 .action_set = pin->action_set,
5731 .action_set_len = pin->action_set_len,
5733 frozen_metadata_from_flow(&state.metadata,
5734 &pin->public.flow_metadata.flow);
5735 xin.frozen_state = &state;
5737 struct xlate_out xout;
5738 enum xlate_error error = xlate_actions(&xin, &xout);
5740 xlate_out_uninit(&xout);
5742 /* xlate_actions() can generate a number of errors, but only
5743 * XLATE_BRIDGE_NOT_FOUND really stands out to me as one that we should be
5744 * sure to report over OpenFlow. The others could come up in packet-outs
5745 * or regular flow translation and I don't think that it's going to be too
5746 * useful to report them to the controller. */
5747 return error == XLATE_BRIDGE_NOT_FOUND ? OFPERR_NXR_STALE : 0;
5750 /* Sends 'packet' out 'ofport'. If 'port' is a tunnel and that tunnel type
5751 * supports a notion of an OAM flag, sets it if 'oam' is true.
5752 * May modify 'packet'.
5753 * Returns 0 if successful, otherwise a positive errno value. */
5755 xlate_send_packet(const struct ofport_dpif *ofport, bool oam,
5756 struct dp_packet *packet)
5758 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
5759 struct xport *xport;
5760 uint64_t ofpacts_stub[1024 / 8];
5761 struct ofpbuf ofpacts;
5764 ofpbuf_use_stack(&ofpacts, ofpacts_stub, sizeof ofpacts_stub);
5765 /* Use OFPP_NONE as the in_port to avoid special packet processing. */
5766 flow_extract(packet, &flow);
5767 flow.in_port.ofp_port = OFPP_NONE;
5769 xport = xport_lookup(xcfg, ofport);
5775 struct ofpact_set_field *sf = ofpact_put_SET_FIELD(&ofpacts);
5777 sf->field = mf_from_id(MFF_TUN_FLAGS);
5778 sf->value.be16 = htons(NX_TUN_FLAG_OAM);
5779 sf->mask.be16 = htons(NX_TUN_FLAG_OAM);
5782 ofpact_put_OUTPUT(&ofpacts)->port = xport->ofp_port;
5784 return ofproto_dpif_execute_actions(xport->xbridge->ofproto, &flow, NULL,
5785 ofpacts.data, ofpacts.size, packet);
5788 struct xlate_cache *
5789 xlate_cache_new(void)
5791 struct xlate_cache *xcache = xmalloc(sizeof *xcache);
5793 ofpbuf_init(&xcache->entries, 512);
5797 static struct xc_entry *
5798 xlate_cache_add_entry(struct xlate_cache *xcache, enum xc_type type)
5800 struct xc_entry *entry;
5802 entry = ofpbuf_put_zeros(&xcache->entries, sizeof *entry);
5809 xlate_cache_netdev(struct xc_entry *entry, const struct dpif_flow_stats *stats)
5811 if (entry->u.dev.tx) {
5812 netdev_vport_inc_tx(entry->u.dev.tx, stats);
5814 if (entry->u.dev.rx) {
5815 netdev_vport_inc_rx(entry->u.dev.rx, stats);
5817 if (entry->u.dev.bfd) {
5818 bfd_account_rx(entry->u.dev.bfd, stats);
5823 xlate_cache_normal(struct ofproto_dpif *ofproto, struct flow *flow, int vlan)
5825 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
5826 struct xbridge *xbridge;
5827 struct xbundle *xbundle;
5828 struct flow_wildcards wc;
5830 xbridge = xbridge_lookup(xcfg, ofproto);
5835 xbundle = lookup_input_bundle(xbridge, flow->in_port.ofp_port, false,
5841 update_learning_table(xbridge, flow, &wc, vlan, xbundle);
5844 /* Push stats and perform side effects of flow translation. */
5846 xlate_push_stats(struct xlate_cache *xcache,
5847 const struct dpif_flow_stats *stats)
5849 struct xc_entry *entry;
5850 struct ofpbuf entries = xcache->entries;
5851 struct eth_addr dmac;
5853 if (!stats->n_packets) {
5857 XC_ENTRY_FOR_EACH (entry, entries, xcache) {
5858 switch (entry->type) {
5860 rule_dpif_credit_stats(entry->u.rule, stats);
5863 bond_account(entry->u.bond.bond, entry->u.bond.flow,
5864 entry->u.bond.vid, stats->n_bytes);
5867 xlate_cache_netdev(entry, stats);
5870 netflow_flow_update(entry->u.nf.netflow, entry->u.nf.flow,
5871 entry->u.nf.iface, stats);
5874 mirror_update_stats(entry->u.mirror.mbridge,
5875 entry->u.mirror.mirrors,
5876 stats->n_packets, stats->n_bytes);
5879 ofproto_dpif_flow_mod(entry->u.learn.ofproto, entry->u.learn.fm);
5882 xlate_cache_normal(entry->u.normal.ofproto, entry->u.normal.flow,
5883 entry->u.normal.vlan);
5885 case XC_FIN_TIMEOUT:
5886 xlate_fin_timeout__(entry->u.fin.rule, stats->tcp_flags,
5887 entry->u.fin.idle, entry->u.fin.hard);
5890 group_dpif_credit_stats(entry->u.group.group, entry->u.group.bucket,
5894 /* Lookup neighbor to avoid timeout. */
5895 tnl_neigh_lookup(entry->u.tnl_neigh_cache.br_name,
5896 &entry->u.tnl_neigh_cache.d_ipv6, &dmac);
5905 xlate_dev_unref(struct xc_entry *entry)
5907 if (entry->u.dev.tx) {
5908 netdev_close(entry->u.dev.tx);
5910 if (entry->u.dev.rx) {
5911 netdev_close(entry->u.dev.rx);
5913 if (entry->u.dev.bfd) {
5914 bfd_unref(entry->u.dev.bfd);
5919 xlate_cache_clear_netflow(struct netflow *netflow, struct flow *flow)
5921 netflow_flow_clear(netflow, flow);
5922 netflow_unref(netflow);
5927 xlate_cache_clear(struct xlate_cache *xcache)
5929 struct xc_entry *entry;
5930 struct ofpbuf entries;
5936 XC_ENTRY_FOR_EACH (entry, entries, xcache) {
5937 switch (entry->type) {
5939 rule_dpif_unref(entry->u.rule);
5942 free(entry->u.bond.flow);
5943 bond_unref(entry->u.bond.bond);
5946 xlate_dev_unref(entry);
5949 xlate_cache_clear_netflow(entry->u.nf.netflow, entry->u.nf.flow);
5952 mbridge_unref(entry->u.mirror.mbridge);
5955 free(entry->u.learn.fm);
5956 ofpbuf_delete(entry->u.learn.ofpacts);
5959 free(entry->u.normal.flow);
5961 case XC_FIN_TIMEOUT:
5962 /* 'u.fin.rule' is always already held as a XC_RULE, which
5963 * has already released it's reference above. */
5966 group_dpif_unref(entry->u.group.group);
5975 ofpbuf_clear(&xcache->entries);
5979 xlate_cache_delete(struct xlate_cache *xcache)
5981 xlate_cache_clear(xcache);
5982 ofpbuf_uninit(&xcache->entries);
projects / cascardo / ovs.git / blob