2 * Copyright (c) 2015, 2016 Nicira, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
22 #include "byte-order.h"
29 #include "logical-fields.h"
31 #include "openvswitch/dynamic-string.h"
32 #include "openvswitch/ofp-actions.h"
33 #include "openvswitch/ofpbuf.h"
38 /* Context maintained during actions_parse(). */
39 struct action_context {
40 const struct action_params *ap; /* Parameters. */
41 struct lexer *lexer; /* Lexer for pulling more tokens. */
42 char *error; /* Error, if any, otherwise NULL. */
43 struct ofpbuf *ofpacts; /* Actions. */
44 struct expr *prereqs; /* Prerequisites to apply to match. */
47 static bool parse_action(struct action_context *);
48 static void parse_put_dhcp_opts_action(struct action_context *,
49 const struct expr_field *dst);
52 action_error_handle_common(struct action_context *ctx)
55 /* Already have an error, suppress this one since the cascade seems
56 * unlikely to be useful. */
58 } else if (ctx->lexer->token.type == LEX_T_ERROR) {
59 /* The lexer signaled an error. Nothing at the action level
60 * accepts an error token, so we'll inevitably end up here with some
61 * meaningless parse error. Report the lexical error instead. */
62 ctx->error = xstrdup(ctx->lexer->token.s);
69 static void OVS_PRINTF_FORMAT(2, 3)
70 action_error(struct action_context *ctx, const char *message, ...)
72 if (action_error_handle_common(ctx)) {
77 va_start(args, message);
78 ctx->error = xvasprintf(message, args);
82 static void OVS_PRINTF_FORMAT(2, 3)
83 action_syntax_error(struct action_context *ctx, const char *message, ...)
85 if (action_error_handle_common(ctx)) {
92 ds_put_cstr(&s, "Syntax error");
93 if (ctx->lexer->token.type == LEX_T_END) {
94 ds_put_cstr(&s, " at end of input");
95 } else if (ctx->lexer->start) {
96 ds_put_format(&s, " at `%.*s'",
97 (int) (ctx->lexer->input - ctx->lexer->start),
102 ds_put_char(&s, ' ');
105 va_start(args, message);
106 ds_put_format_valist(&s, message, args);
109 ds_put_char(&s, '.');
111 ctx->error = ds_steal_cstr(&s);
114 /* Parses an assignment or exchange or put_dhcp_opts action. */
116 parse_set_action(struct action_context *ctx)
118 struct expr *prereqs = NULL;
119 struct expr_field dst;
122 error = expr_parse_field(ctx->lexer, ctx->ap->symtab, &dst);
124 if (lexer_match(ctx->lexer, LEX_T_EXCHANGE)) {
125 error = expr_parse_exchange(ctx->lexer, &dst, ctx->ap->symtab,
126 ctx->ap->lookup_port, ctx->ap->aux,
127 ctx->ofpacts, &prereqs);
128 } else if (lexer_match(ctx->lexer, LEX_T_EQUALS)) {
129 if (ctx->lexer->token.type == LEX_T_ID
130 && !strcmp(ctx->lexer->token.s, "put_dhcp_opts")
131 && lexer_lookahead(ctx->lexer) == LEX_T_LPAREN) {
132 lexer_get(ctx->lexer); /* Skip put_dhcp_opts. */
133 lexer_get(ctx->lexer); /* Skip '('. */
134 parse_put_dhcp_opts_action(ctx, &dst);
136 error = expr_parse_assignment(
137 ctx->lexer, &dst, ctx->ap->symtab, ctx->ap->lookup_port,
138 ctx->ap->aux, ctx->ofpacts, &prereqs);
141 action_syntax_error(ctx, "expecting `=' or `<->'");
144 ctx->prereqs = expr_combine(EXPR_T_AND, ctx->prereqs, prereqs);
149 expr_destroy(prereqs);
150 action_error(ctx, "%s", error);
156 emit_resubmit(struct action_context *ctx, uint8_t table_id)
158 struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(ctx->ofpacts);
159 resubmit->in_port = OFPP_IN_PORT;
160 resubmit->table_id = table_id;
164 action_get_int(struct action_context *ctx, int *value)
166 bool ok = lexer_get_int(ctx->lexer, value);
168 action_syntax_error(ctx, "expecting small integer");
174 parse_next_action(struct action_context *ctx)
176 if (!ctx->ap->n_tables) {
177 action_error(ctx, "\"next\" action not allowed here.");
178 } else if (lexer_match(ctx->lexer, LEX_T_LPAREN)) {
181 if (!action_get_int(ctx, <able)) {
184 if (!lexer_match(ctx->lexer, LEX_T_RPAREN)) {
185 action_syntax_error(ctx, "expecting `)'");
189 if (ltable >= ctx->ap->n_tables) {
190 action_error(ctx, "\"next\" argument must be in range 0 to %d.",
191 ctx->ap->n_tables - 1);
195 emit_resubmit(ctx, ctx->ap->first_ptable + ltable);
197 if (ctx->ap->cur_ltable < ctx->ap->n_tables) {
199 ctx->ap->first_ptable + ctx->ap->cur_ltable + 1);
201 action_error(ctx, "\"next\" action not allowed in last table.");
206 /* Parses 'prerequisite' as an expression in the context of 'ctx', then adds it
207 * as a conjunction with the existing 'ctx->prereqs'. */
209 add_prerequisite(struct action_context *ctx, const char *prerequisite)
214 expr = expr_parse_string(prerequisite, ctx->ap->symtab, NULL, &error);
216 ctx->prereqs = expr_combine(EXPR_T_AND, ctx->prereqs, expr);
220 start_controller_op(struct ofpbuf *ofpacts, enum action_opcode opcode,
223 size_t ofs = ofpacts->size;
225 struct ofpact_controller *oc = ofpact_put_CONTROLLER(ofpacts);
226 oc->max_len = UINT16_MAX;
227 oc->reason = OFPR_ACTION;
230 struct action_header ah = { .opcode = htonl(opcode) };
231 ofpbuf_put(ofpacts, &ah, sizeof ah);
237 finish_controller_op(struct ofpbuf *ofpacts, size_t ofs)
239 struct ofpact_controller *oc = ofpbuf_at_assert(ofpacts, ofs, sizeof *oc);
240 ofpacts->header = oc;
241 oc->userdata_len = ofpacts->size - (ofs + sizeof *oc);
242 ofpact_finish_CONTROLLER(ofpacts, &oc);
246 put_controller_op(struct ofpbuf *ofpacts, enum action_opcode opcode)
248 size_t ofs = start_controller_op(ofpacts, opcode, false);
249 finish_controller_op(ofpacts, ofs);
252 /* Implements the "arp" and "na" actions, which execute nested actions on a
253 * packet derived from the one being processed. */
255 parse_nested_action(struct action_context *ctx, enum action_opcode opcode,
258 if (!lexer_match(ctx->lexer, LEX_T_LCURLY)) {
259 action_syntax_error(ctx, "expecting `{'");
263 struct ofpbuf *outer_ofpacts = ctx->ofpacts;
264 uint64_t inner_ofpacts_stub[1024 / 8];
265 struct ofpbuf inner_ofpacts = OFPBUF_STUB_INITIALIZER(inner_ofpacts_stub);
266 ctx->ofpacts = &inner_ofpacts;
268 /* Save prerequisites. (XXX What is the right treatment for prereqs?) */
269 struct expr *outer_prereqs = ctx->prereqs;
272 /* Parse inner actions. */
273 while (!lexer_match(ctx->lexer, LEX_T_RCURLY)) {
274 if (!parse_action(ctx)) {
279 ctx->ofpacts = outer_ofpacts;
281 /* Add a "controller" action with the actions nested inside "{...}",
282 * converted to OpenFlow, as its userdata. ovn-controller will convert the
283 * packet to ARP or NA and then send the packet and actions back to the
284 * switch inside an OFPT_PACKET_OUT message. */
285 size_t oc_offset = start_controller_op(ctx->ofpacts, opcode, false);
286 ofpacts_put_openflow_actions(inner_ofpacts.data, inner_ofpacts.size,
287 ctx->ofpacts, OFP13_VERSION);
288 finish_controller_op(ctx->ofpacts, oc_offset);
290 /* Restore prerequisites. */
291 expr_destroy(ctx->prereqs);
292 ctx->prereqs = outer_prereqs;
293 add_prerequisite(ctx, prereq);
296 ofpbuf_uninit(&inner_ofpacts);
300 action_force_match(struct action_context *ctx, enum lex_type t)
302 if (lexer_match(ctx->lexer, t)) {
305 struct lex_token token = { .type = t };
306 struct ds s = DS_EMPTY_INITIALIZER;
307 lex_token_format(&token, &s);
309 action_syntax_error(ctx, "expecting `%s'", ds_cstr(&s));
318 action_parse_field(struct action_context *ctx,
319 int n_bits, struct mf_subfield *sf)
321 struct expr_field field;
324 error = expr_parse_field(ctx->lexer, ctx->ap->symtab, &field);
326 struct expr *prereqs;
327 error = expr_expand_field(ctx->lexer, ctx->ap->symtab,
328 &field, n_bits, false, sf, &prereqs);
330 ctx->prereqs = expr_combine(EXPR_T_AND, ctx->prereqs, prereqs);
335 action_error(ctx, "%s", error);
341 init_stack(struct ofpact_stack *stack, enum mf_field_id field)
343 stack->subfield.field = mf_from_id(field);
344 stack->subfield.ofs = 0;
345 stack->subfield.n_bits = stack->subfield.field->n_bits;
349 const struct mf_subfield *src;
350 enum mf_field_id dst;
354 setup_args(struct action_context *ctx,
355 const struct arg args[], size_t n_args)
357 /* 1. Save all of the destinations that will be modified. */
358 for (const struct arg *a = args; a < &args[n_args]; a++) {
359 ovs_assert(a->src->n_bits == mf_from_id(a->dst)->n_bits);
360 if (a->src->field->id != a->dst) {
361 init_stack(ofpact_put_STACK_PUSH(ctx->ofpacts), a->dst);
365 /* 2. Push the sources, in reverse order. */
366 for (size_t i = n_args - 1; i < n_args; i--) {
367 const struct arg *a = &args[i];
368 if (a->src->field->id != a->dst) {
369 ofpact_put_STACK_PUSH(ctx->ofpacts)->subfield = *a->src;
373 /* 3. Pop the sources into the destinations. */
374 for (const struct arg *a = args; a < &args[n_args]; a++) {
375 if (a->src->field->id != a->dst) {
376 init_stack(ofpact_put_STACK_POP(ctx->ofpacts), a->dst);
382 restore_args(struct action_context *ctx,
383 const struct arg args[], size_t n_args)
385 for (size_t i = n_args - 1; i < n_args; i--) {
386 const struct arg *a = &args[i];
387 if (a->src->field->id != a->dst) {
388 init_stack(ofpact_put_STACK_POP(ctx->ofpacts), a->dst);
394 put_load(uint64_t value, enum mf_field_id dst, int ofs, int n_bits,
395 struct ofpbuf *ofpacts)
397 struct ofpact_set_field *sf = ofpact_put_SET_FIELD(ofpacts);
398 sf->field = mf_from_id(dst);
399 sf->flow_has_vlan = false;
401 ovs_be64 n_value = htonll(value);
402 bitwise_copy(&n_value, 8, 0, &sf->value, sf->field->n_bytes, ofs, n_bits);
403 bitwise_one(&sf->mask, sf->field->n_bytes, ofs, n_bits);
407 parse_get_arp_action(struct action_context *ctx)
409 struct mf_subfield port, ip;
411 if (!action_force_match(ctx, LEX_T_LPAREN)
412 || !action_parse_field(ctx, 0, &port)
413 || !action_force_match(ctx, LEX_T_COMMA)
414 || !action_parse_field(ctx, 32, &ip)
415 || !action_force_match(ctx, LEX_T_RPAREN)) {
419 const struct arg args[] = {
420 { &port, MFF_LOG_OUTPORT },
423 setup_args(ctx, args, ARRAY_SIZE(args));
425 put_load(0, MFF_ETH_DST, 0, 48, ctx->ofpacts);
426 emit_resubmit(ctx, ctx->ap->arp_ptable);
428 restore_args(ctx, args, ARRAY_SIZE(args));
432 parse_put_arp_action(struct action_context *ctx)
434 struct mf_subfield port, ip, mac;
436 if (!action_force_match(ctx, LEX_T_LPAREN)
437 || !action_parse_field(ctx, 0, &port)
438 || !action_force_match(ctx, LEX_T_COMMA)
439 || !action_parse_field(ctx, 32, &ip)
440 || !action_force_match(ctx, LEX_T_COMMA)
441 || !action_parse_field(ctx, 48, &mac)
442 || !action_force_match(ctx, LEX_T_RPAREN)) {
446 const struct arg args[] = {
447 { &port, MFF_LOG_INPORT },
449 { &mac, MFF_ETH_SRC }
451 setup_args(ctx, args, ARRAY_SIZE(args));
452 put_controller_op(ctx->ofpacts, ACTION_OPCODE_PUT_ARP);
453 restore_args(ctx, args, ARRAY_SIZE(args));
457 parse_dhcp_opt(struct action_context *ctx, struct ofpbuf *ofpacts)
459 if (ctx->lexer->token.type != LEX_T_ID) {
460 action_syntax_error(ctx, NULL);
463 const struct dhcp_opts_map *dhcp_opt = dhcp_opts_find(
464 ctx->ap->dhcp_opts, ctx->lexer->token.s);
466 action_syntax_error(ctx, "expecting DHCP option name");
469 lexer_get(ctx->lexer);
471 if (!action_force_match(ctx, LEX_T_EQUALS)) {
475 struct expr_constant_set cs;
476 memset(&cs, 0, sizeof(struct expr_constant_set));
477 char *error = expr_parse_constant_set(ctx->lexer, NULL, &cs);
479 action_error(ctx, "%s", error);
484 if (!strcmp(dhcp_opt->type, "str")) {
485 if (cs.type != EXPR_C_STRING) {
486 action_error(ctx, "DHCP option %s requires string value.",
491 if (cs.type != EXPR_C_INTEGER) {
492 action_error(ctx, "DHCP option %s requires numeric value.",
498 if (!lexer_match(ctx->lexer, LEX_T_COMMA) && (
499 ctx->lexer->token.type != LEX_T_RPAREN)) {
500 action_syntax_error(ctx, NULL);
505 if (dhcp_opt->code == 0) {
507 ofpbuf_put(ofpacts, &cs.values[0].value.ipv4, sizeof(ovs_be32));
511 uint8_t *opt_header = ofpbuf_put_uninit(ofpacts, 2);
512 opt_header[0] = dhcp_opt->code;
514 if (!strcmp(dhcp_opt->type, "bool") || !strcmp(dhcp_opt->type, "uint8")) {
516 ofpbuf_put(ofpacts, &cs.values[0].value.u8_val, 1);
517 } else if (!strcmp(dhcp_opt->type, "uint16")) {
519 ofpbuf_put(ofpacts, &cs.values[0].value.be16_int, 2);
520 } else if (!strcmp(dhcp_opt->type, "uint32")) {
522 ofpbuf_put(ofpacts, &cs.values[0].value.be32_int, 4);
523 } else if (!strcmp(dhcp_opt->type, "ipv4")) {
524 opt_header[1] = cs.n_values * sizeof(ovs_be32);
525 for (size_t i = 0; i < cs.n_values; i++) {
526 ofpbuf_put(ofpacts, &cs.values[i].value.ipv4, sizeof(ovs_be32));
528 } else if (!strcmp(dhcp_opt->type, "static_routes")) {
529 size_t no_of_routes = cs.n_values;
530 if (no_of_routes % 2) {
535 /* Calculating the length of this option first because when
536 * we call ofpbuf_put, it might reallocate the buffer if the
537 * tail room is short making "opt_header" pointer invalid.
538 * So running the for loop twice.
540 for (size_t i = 0; i < no_of_routes; i += 2) {
542 if (cs.values[i].masked) {
543 plen = (uint8_t) ip_count_cidr_bits(cs.values[i].mask.ipv4);
545 opt_header[1] += (1 + (plen / 8) + sizeof(ovs_be32)) ;
548 /* Copied from RFC 3442. Please refer to this RFC for the format of
549 * the classless static route option.
551 * The following table contains some examples of how various subnet
552 * number/mask combinations can be encoded:
554 * Subnet number Subnet mask Destination descriptor
556 * 10.0.0.0 255.0.0.0 8.10
557 * 10.0.0.0 255.255.255.0 24.10.0.0
558 * 10.17.0.0 255.255.0.0 16.10.17
559 * 10.27.129.0 255.255.255.0 24.10.27.129
560 * 10.229.0.128 255.255.255.128 25.10.229.0.128
561 * 10.198.122.47 255.255.255.255 32.10.198.122.47
564 for (size_t i = 0; i < no_of_routes; i += 2) {
566 if (cs.values[i].masked) {
567 plen = ip_count_cidr_bits(cs.values[i].mask.ipv4);
569 ofpbuf_put(ofpacts, &plen, 1);
570 ofpbuf_put(ofpacts, &cs.values[i].value.ipv4, plen / 8);
571 ofpbuf_put(ofpacts, &cs.values[i + 1].value.ipv4,
574 } else if (!strcmp(dhcp_opt->type, "str")) {
575 opt_header[1] = strlen(cs.values[0].string);
576 ofpbuf_put(ofpacts, cs.values[0].string, opt_header[1]);
580 expr_constant_set_destroy(&cs);
583 /* Parses the "put_dhcp_opts" action. The result should be stored into 'dst'.
585 * The caller has already consumed "put_dhcp_opts(", so this just parses the
588 parse_put_dhcp_opts_action(struct action_context *ctx,
589 const struct expr_field *dst)
591 /* Validate that the destination is a 1-bit, modifiable field. */
592 struct mf_subfield sf;
593 struct expr *prereqs;
594 char *error = expr_expand_field(ctx->lexer, ctx->ap->symtab,
595 dst, 1, true, &sf, &prereqs);
597 action_error(ctx, "%s", error);
601 ctx->prereqs = expr_combine(EXPR_T_AND, ctx->prereqs, prereqs);
603 /* Make sure the first option is "offer_ip" */
604 if (ctx->lexer->token.type != LEX_T_ID) {
605 action_syntax_error(ctx, NULL);
608 const struct dhcp_opts_map *dhcp_opt = dhcp_opts_find(
609 ctx->ap->dhcp_opts, ctx->lexer->token.s);
610 if (!dhcp_opt || dhcp_opt->code != 0) {
611 action_syntax_error(ctx, "expecting offerip option");
616 size_t oc_offset = start_controller_op(ctx->ofpacts,
617 ACTION_OPCODE_PUT_DHCP_OPTS, true);
618 nx_put_header(ctx->ofpacts, sf.field->id, OFP13_VERSION, false);
619 ovs_be32 ofs = htonl(sf.ofs);
620 ofpbuf_put(ctx->ofpacts, &ofs, sizeof ofs);
621 while (!lexer_match(ctx->lexer, LEX_T_RPAREN)) {
622 parse_dhcp_opt(ctx, ctx->ofpacts);
627 finish_controller_op(ctx->ofpacts, oc_offset);
631 action_parse_port(struct action_context *ctx, uint16_t *port)
633 if (lexer_is_int(ctx->lexer)) {
634 int value = ntohll(ctx->lexer->token.value.integer);
635 if (value <= UINT16_MAX) {
637 lexer_get(ctx->lexer);
641 action_syntax_error(ctx, "expecting port number");
646 parse_ct_lb_action(struct action_context *ctx)
648 uint8_t recirc_table;
649 if (ctx->ap->cur_ltable < ctx->ap->n_tables) {
650 recirc_table = ctx->ap->first_ptable + ctx->ap->cur_ltable + 1;
652 action_error(ctx, "\"ct_lb\" action not allowed in last table.");
656 if (!lexer_match(ctx->lexer, LEX_T_LPAREN)) {
657 /* ct_lb without parentheses means that this is an established
658 * connection and we just need to do a NAT. */
659 const size_t ct_offset = ctx->ofpacts->size;
660 ofpbuf_pull(ctx->ofpacts, ct_offset);
662 struct ofpact_conntrack *ct = ofpact_put_CT(ctx->ofpacts);
663 struct ofpact_nat *nat;
665 ct->zone_src.field = mf_from_id(MFF_LOG_CT_ZONE);
666 ct->zone_src.ofs = 0;
667 ct->zone_src.n_bits = 16;
669 ct->recirc_table = recirc_table;
672 add_prerequisite(ctx, "ip");
674 nat_offset = ctx->ofpacts->size;
675 ofpbuf_pull(ctx->ofpacts, nat_offset);
677 nat = ofpact_put_NAT(ctx->ofpacts);
679 nat->range_af = AF_UNSPEC;
681 ctx->ofpacts->header = ofpbuf_push_uninit(ctx->ofpacts, nat_offset);
682 ct = ctx->ofpacts->header;
683 ofpact_finish(ctx->ofpacts, &ct->ofpact);
684 ofpbuf_push_uninit(ctx->ofpacts, ct_offset);
688 uint32_t group_id = 0, bucket_id = 0, hash;
689 struct group_info *group_info;
690 struct ofpact_group *og;
692 struct ds ds = DS_EMPTY_INITIALIZER;
693 ds_put_format(&ds, "type=select");
695 BUILD_ASSERT(MFF_LOG_CT_ZONE >= MFF_REG0);
696 BUILD_ASSERT(MFF_LOG_CT_ZONE < MFF_REG0 + FLOW_N_REGS);
698 if (ctx->lexer->token.type != LEX_T_INTEGER
699 || mf_subvalue_width(&ctx->lexer->token.value) > 32) {
700 action_syntax_error(ctx, "expecting IPv4 address");
704 ovs_be32 ip = ctx->lexer->token.value.ipv4;
705 lexer_get(ctx->lexer);
708 if (lexer_match(ctx->lexer, LEX_T_COLON)
709 && !action_parse_port(ctx, &port)) {
715 ds_put_format(&ds, ",bucket=bucket_id=%u,weight:100,actions="
716 "ct(nat(dst="IP_FMT, bucket_id, IP_ARGS(ip));
718 ds_put_format(&ds, ":%"PRIu16, port);
720 ds_put_format(&ds, "),commit,table=%d,zone=NXM_NX_REG%d[0..15])",
721 recirc_table, MFF_LOG_CT_ZONE - MFF_REG0);
723 lexer_match(ctx->lexer, LEX_T_COMMA);
724 } while (!lexer_match(ctx->lexer, LEX_T_RPAREN));
725 add_prerequisite(ctx, "ip");
727 hash = hash_string(ds_cstr(&ds), 0);
729 /* Check whether we have non installed but allocated group_id. */
730 HMAP_FOR_EACH_WITH_HASH (group_info, hmap_node, hash,
731 &ctx->ap->group_table->desired_groups) {
732 if (!strcmp(ds_cstr(&group_info->group), ds_cstr(&ds))) {
733 group_id = group_info->group_id;
739 /* Check whether we already have an installed entry for this
741 HMAP_FOR_EACH_WITH_HASH (group_info, hmap_node, hash,
742 &ctx->ap->group_table->existing_groups) {
743 if (!strcmp(ds_cstr(&group_info->group), ds_cstr(&ds))) {
744 group_id = group_info->group_id;
749 /* Reserve a new group_id. */
750 group_id = bitmap_scan(ctx->ap->group_table->group_ids, 0, 1,
754 if (group_id == MAX_OVN_GROUPS + 1) {
756 action_error(ctx, "out of group ids.");
759 bitmap_set1(ctx->ap->group_table->group_ids, group_id);
761 group_info = xmalloc(sizeof *group_info);
762 group_info->group = ds;
763 group_info->group_id = group_id;
764 group_info->hmap_node.hash = hash;
766 hmap_insert(&ctx->ap->group_table->desired_groups,
767 &group_info->hmap_node, group_info->hmap_node.hash);
772 /* Create an action to set the group. */
773 og = ofpact_put_GROUP(ctx->ofpacts);
774 og->group_id = group_id;
778 emit_ct(struct action_context *ctx, bool recirc_next, bool commit,
779 int *ct_mark, int *ct_mark_mask,
780 ovs_be128 *ct_label, ovs_be128 *ct_label_mask)
782 struct ofpact_conntrack *ct = ofpact_put_CT(ctx->ofpacts);
783 ct->flags |= commit ? NX_CT_F_COMMIT : 0;
785 /* If "recirc" is set, we automatically go to the next table. */
787 if (ctx->ap->cur_ltable < ctx->ap->n_tables) {
788 ct->recirc_table = ctx->ap->first_ptable + ctx->ap->cur_ltable + 1;
790 action_error(ctx, "\"ct_next\" action not allowed in last table.");
794 ct->recirc_table = NX_CT_RECIRC_NONE;
797 ct->zone_src.field = mf_from_id(MFF_LOG_CT_ZONE);
798 ct->zone_src.ofs = 0;
799 ct->zone_src.n_bits = 16;
801 /* We do not support ALGs yet. */
804 /* CT only works with IP, so set up a prerequisite. */
805 add_prerequisite(ctx, "ip");
807 size_t set_field_offset = ctx->ofpacts->size;
808 ofpbuf_pull(ctx->ofpacts, set_field_offset);
811 struct ofpact_set_field *sf = ofpact_put_SET_FIELD(ctx->ofpacts);
812 sf->field = mf_from_id(MFF_CT_MARK);
813 sf->value.be32 = htonl(*ct_mark);
814 sf->mask.be32 = ct_mark_mask ? htonl(*ct_mark_mask) : OVS_BE32_MAX;
818 struct ofpact_set_field *sf = ofpact_put_SET_FIELD(ctx->ofpacts);
819 sf->field = mf_from_id(MFF_CT_LABEL);
820 sf->value.be128 = *ct_label;
821 sf->mask.be128 = ct_label_mask ? *ct_label_mask : OVS_BE128_MAX;
824 ctx->ofpacts->header = ofpbuf_push_uninit(ctx->ofpacts, set_field_offset);
825 ct = ctx->ofpacts->header;
826 ofpact_finish(ctx->ofpacts, &ct->ofpact);
829 /* Parse an argument to the ct_commit(); action. Supported arguments include:
831 * ct_mark=<value>[/<mask>]
832 * ct_label=<value>[/<mask>]
834 * If a comma separates the current argument from the next argument, this
835 * function will consume it.
837 * set_mark - This will be set to true if a value for ct_mark was successfully
838 * parsed. Otherwise, it will be unchanged.
839 * mark_value - If set_mark was set to true, this will contain the value
840 * parsed for ct_mark.
841 * mark_mask - If set_mark was set to true, this will contain the mask
842 * for ct_mark if one was found. Otherwise, it will be
843 * unchanged, so the caller should initialize this to an
845 * set_label - This will be set to true if a value for ct_label was successfully
846 * parsed. Otherwise, it will be unchanged.
847 * label_value - If set_label was set to true, this will contain the value
848 * parsed for ct_label.
849 * label_mask - If set_label was set to true, this will contain the mask
850 * for ct_label if one was found. Otherwise, it will be
851 * unchanged, so the caller should initialize this to an
854 * Return true after successfully parsing an argument. false on failure. */
856 parse_ct_commit_arg(struct action_context *ctx,
857 bool *set_mark, int *mark_value, int *mark_mask,
858 bool *set_label, ovs_be128 *label_value,
859 ovs_be128 *label_mask)
861 if (lexer_match_id(ctx->lexer, "ct_mark")) {
862 if (!lexer_match(ctx->lexer, LEX_T_EQUALS)) {
863 action_error(ctx, "Expected '=' after argument to ct_commit");
866 if (ctx->lexer->token.type == LEX_T_INTEGER) {
867 *mark_value = ntohll(ctx->lexer->token.value.integer);
868 } else if (ctx->lexer->token.type == LEX_T_MASKED_INTEGER) {
869 *mark_value = ntohll(ctx->lexer->token.value.integer);
870 *mark_mask = ntohll(ctx->lexer->token.mask.integer);
872 action_error(ctx, "Expected integer after 'ct_mark='");
875 lexer_get(ctx->lexer);
877 } else if (lexer_match_id(ctx->lexer, "ct_label")) {
878 if (!lexer_match(ctx->lexer, LEX_T_EQUALS)) {
879 action_error(ctx, "Expected '=' after argument to ct_commit");
883 /* ct_label is a 128-bit field. The lexer supports 128-bit
884 * integers if its a hex string. The ct_label value should be specified
885 * in hex string if > 64-bits are to be used */
886 if (ctx->lexer->token.type == LEX_T_INTEGER) {
887 label_value->be64.lo = ctx->lexer->token.value.be128_int.be64.lo;
888 label_value->be64.hi = ctx->lexer->token.value.be128_int.be64.hi;
889 } else if (ctx->lexer->token.type == LEX_T_MASKED_INTEGER) {
890 label_value->be64.lo = ctx->lexer->token.value.be128_int.be64.lo;
891 label_value->be64.hi = ctx->lexer->token.value.be128_int.be64.hi;
892 label_mask->be64.lo = ctx->lexer->token.mask.be128_int.be64.lo;
893 label_mask->be64.hi = ctx->lexer->token.mask.be128_int.be64.hi;
895 action_error(ctx, "Expected integer after 'ct_label='");
898 lexer_get(ctx->lexer);
901 action_error(ctx, "Expected argument to ct_commit()");
905 if (lexer_match(ctx->lexer, LEX_T_COMMA)) {
906 /* A comma is valid after an argument, but only if another
907 * argument is present (not a closing paren) */
908 if (lexer_lookahead(ctx->lexer) == LEX_T_RPAREN) {
909 action_error(ctx, "Another argument to ct_commit() expected "
919 parse_ct_commit_action(struct action_context *ctx)
921 if (!lexer_match(ctx->lexer, LEX_T_LPAREN)) {
923 emit_ct(ctx, false, true, NULL, NULL, NULL, NULL);
928 * ct_commit(ct_mark=0);
929 * ct_commit(ct_label=0);
930 * ct_commit(ct_mark=0, ct_label=0); */
932 bool set_mark = false;
933 bool set_label = false;
936 ovs_be128 label_value = { .be32 = { 0, }, };
937 ovs_be128 label_mask = OVS_BE128_MAX;
939 while (!lexer_match(ctx->lexer, LEX_T_RPAREN)) {
940 if (!parse_ct_commit_arg(ctx, &set_mark, &mark_value, &mark_mask,
941 &set_label, &label_value, &label_mask)) {
946 emit_ct(ctx, false, true,
947 set_mark ? &mark_value : NULL,
948 set_mark ? &mark_mask : NULL,
949 set_label ? &label_value : NULL,
950 set_label ? &label_mask : NULL);
954 parse_ct_nat(struct action_context *ctx, bool snat)
956 const size_t ct_offset = ctx->ofpacts->size;
957 ofpbuf_pull(ctx->ofpacts, ct_offset);
959 struct ofpact_conntrack *ct = ofpact_put_CT(ctx->ofpacts);
961 if (ctx->ap->cur_ltable < ctx->ap->n_tables) {
962 ct->recirc_table = ctx->ap->first_ptable + ctx->ap->cur_ltable + 1;
965 "\"ct_[sd]nat\" action not allowed in last table.");
970 ct->zone_src.field = mf_from_id(MFF_LOG_SNAT_ZONE);
972 ct->zone_src.field = mf_from_id(MFF_LOG_DNAT_ZONE);
974 ct->zone_src.ofs = 0;
975 ct->zone_src.n_bits = 16;
979 add_prerequisite(ctx, "ip");
981 struct ofpact_nat *nat;
983 nat_offset = ctx->ofpacts->size;
984 ofpbuf_pull(ctx->ofpacts, nat_offset);
986 nat = ofpact_put_NAT(ctx->ofpacts);
988 nat->range_af = AF_UNSPEC;
991 if (lexer_match(ctx->lexer, LEX_T_LPAREN)) {
993 if (ctx->lexer->token.type == LEX_T_INTEGER
994 && ctx->lexer->token.format == LEX_F_IPV4) {
995 ip = ctx->lexer->token.value.ipv4;
997 action_syntax_error(ctx, "invalid ip");
1001 nat->range_af = AF_INET;
1002 nat->range.addr.ipv4.min = ip;
1004 nat->flags |= NX_NAT_F_SRC;
1006 nat->flags |= NX_NAT_F_DST;
1008 commit = NX_CT_F_COMMIT;
1009 lexer_get(ctx->lexer);
1010 if (!lexer_match(ctx->lexer, LEX_T_RPAREN)) {
1011 action_syntax_error(ctx, "expecting `)'");
1016 ctx->ofpacts->header = ofpbuf_push_uninit(ctx->ofpacts, nat_offset);
1017 ct = ctx->ofpacts->header;
1018 ct->flags |= commit;
1020 /* XXX: For performance reasons, we try to prevent additional
1021 * recirculations. So far, ct_snat which is used in a gateway router
1022 * does not need a recirculation. ct_snat(IP) does need a recirculation.
1023 * Should we consider a method to let the actions specify whether a action
1024 * needs recirculation if there more use cases?. */
1025 if (!commit && snat) {
1026 ct->recirc_table = NX_CT_RECIRC_NONE;
1028 ofpact_finish(ctx->ofpacts, &ct->ofpact);
1029 ofpbuf_push_uninit(ctx->ofpacts, ct_offset);
1033 parse_action(struct action_context *ctx)
1035 if (ctx->lexer->token.type != LEX_T_ID) {
1036 action_syntax_error(ctx, NULL);
1040 enum lex_type lookahead = lexer_lookahead(ctx->lexer);
1041 if (lookahead == LEX_T_EQUALS || lookahead == LEX_T_EXCHANGE
1042 || lookahead == LEX_T_LSQUARE) {
1043 parse_set_action(ctx);
1044 } else if (lexer_match_id(ctx->lexer, "next")) {
1045 parse_next_action(ctx);
1046 } else if (lexer_match_id(ctx->lexer, "output")) {
1047 emit_resubmit(ctx, ctx->ap->output_ptable);
1048 } else if (lexer_match_id(ctx->lexer, "ip.ttl")) {
1049 if (lexer_match(ctx->lexer, LEX_T_DECREMENT)) {
1050 add_prerequisite(ctx, "ip");
1051 ofpact_put_DEC_TTL(ctx->ofpacts);
1053 action_syntax_error(ctx, "expecting `--'");
1055 } else if (lexer_match_id(ctx->lexer, "ct_next")) {
1056 emit_ct(ctx, true, false, NULL, NULL, NULL, NULL);
1057 } else if (lexer_match_id(ctx->lexer, "ct_commit")) {
1058 parse_ct_commit_action(ctx);
1059 } else if (lexer_match_id(ctx->lexer, "ct_dnat")) {
1060 parse_ct_nat(ctx, false);
1061 } else if (lexer_match_id(ctx->lexer, "ct_snat")) {
1062 parse_ct_nat(ctx, true);
1063 } else if (lexer_match_id(ctx->lexer, "ct_lb")) {
1064 parse_ct_lb_action(ctx);
1065 } else if (lexer_match_id(ctx->lexer, "arp")) {
1066 parse_nested_action(ctx, ACTION_OPCODE_ARP, "ip4");
1067 } else if (lexer_match_id(ctx->lexer, "na")) {
1068 parse_nested_action(ctx, ACTION_OPCODE_NA, "nd");
1069 } else if (lexer_match_id(ctx->lexer, "get_arp")) {
1070 parse_get_arp_action(ctx);
1071 } else if (lexer_match_id(ctx->lexer, "put_arp")) {
1072 parse_put_arp_action(ctx);
1074 action_syntax_error(ctx, "expecting action");
1076 if (!lexer_match(ctx->lexer, LEX_T_SEMICOLON)) {
1077 action_syntax_error(ctx, "expecting ';'");
1083 parse_actions(struct action_context *ctx)
1085 /* "drop;" by itself is a valid (empty) set of actions, but it can't be
1086 * combined with other actions because that doesn't make sense. */
1087 if (ctx->lexer->token.type == LEX_T_ID
1088 && !strcmp(ctx->lexer->token.s, "drop")
1089 && lexer_lookahead(ctx->lexer) == LEX_T_SEMICOLON) {
1090 lexer_get(ctx->lexer); /* Skip "drop". */
1091 lexer_get(ctx->lexer); /* Skip ";". */
1092 if (ctx->lexer->token.type != LEX_T_END) {
1093 action_syntax_error(ctx, "expecting end of input");
1098 while (ctx->lexer->token.type != LEX_T_END) {
1099 if (!parse_action(ctx)) {
1105 /* Parses OVN actions, in the format described for the "actions" column in the
1106 * Logical_Flow table in ovn-sb(5), and appends the parsed versions of the
1107 * actions to 'ofpacts' as "struct ofpact"s.
1109 * 'ap' provides most of the parameters for translation.
1111 * Some actions add extra requirements (prerequisites) to the flow's match. If
1112 * so, this function sets '*prereqsp' to the actions' prerequisites; otherwise,
1113 * it sets '*prereqsp' to NULL. The caller owns '*prereqsp' and must
1114 * eventually free it.
1116 * Returns NULL on success, otherwise a malloc()'d error message that the
1117 * caller must free. On failure, 'ofpacts' has the same contents and
1118 * '*prereqsp' is set to NULL, but some tokens may have been consumed from
1121 char * OVS_WARN_UNUSED_RESULT
1122 actions_parse(struct lexer *lexer, const struct action_params *ap,
1123 struct ofpbuf *ofpacts, struct expr **prereqsp)
1125 size_t ofpacts_start = ofpacts->size;
1127 struct action_context ctx = {
1134 parse_actions(&ctx);
1137 *prereqsp = ctx.prereqs;
1140 ofpacts->size = ofpacts_start;
1141 expr_destroy(ctx.prereqs);
1147 /* Like actions_parse(), but the actions are taken from 's'. */
1148 char * OVS_WARN_UNUSED_RESULT
1149 actions_parse_string(const char *s, const struct action_params *ap,
1150 struct ofpbuf *ofpacts, struct expr **prereqsp)
1155 lexer_init(&lexer, s);
1157 error = actions_parse(&lexer, ap, ofpacts, prereqsp);
1158 lexer_destroy(&lexer);