2 * Copyright (c) 2010, 2011 Nicira Networks.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
24 #include "dynamic-string.h"
30 #include "poll-loop.h"
35 VLOG_DEFINE_THIS_MODULE(cfm);
37 #define CCM_OPCODE 1 /* CFM message opcode meaning CCM. */
41 uint32_t seq; /* The sequence number of our last CCM. */
43 uint8_t ccm_interval; /* The CCM transmission interval. */
44 int ccm_interval_ms; /* 'ccm_interval' in milliseconds. */
46 struct timer tx_timer; /* Send CCM when expired. */
47 struct timer fault_timer; /* Check for faults when expired. */
50 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 20);
53 ccm_interval_to_ms(uint8_t interval)
56 case 0: NOT_REACHED(); /* Explicitly not supported by 802.1ag. */
57 case 1: return 3; /* Not recommended due to timer resolution. */
58 case 2: return 10; /* Not recommended due to timer resolution. */
63 case 7: return 600000;
64 default: NOT_REACHED(); /* Explicitly not supported by 802.1ag. */
71 cfm_fault_interval(struct cfm_internal *cfmi)
73 /* According to the 802.1ag specification we should assume every other MP
74 * with the same MAID has the same transmission interval that we have. If
75 * an MP has a different interval, cfm_process_heartbeat will register it
76 * as a fault (likely due to a configuration error). Thus we can check all
77 * MPs at once making this quite a bit simpler.
79 * According to the specification we should check when (ccm_interval_ms *
80 * 3.5)ms have passed. */
81 return (cfmi->ccm_interval_ms * 7) / 2;
85 ms_to_ccm_interval(int interval_ms)
89 for (i = 7; i > 0; i--) {
90 if (ccm_interval_to_ms(i) <= interval_ms) {
98 static struct cfm_internal *
99 cfm_to_internal(const struct cfm *cfm)
101 return CONTAINER_OF(cfm, struct cfm_internal, cfm);
105 hash_mpid(uint8_t mpid)
107 return hash_int(mpid, 0);
111 cfm_is_valid_mpid(uint32_t mpid)
113 /* 802.1ag specification requires MPIDs to be within the range [1, 8191] */
114 return mpid >= 1 && mpid <= 8191;
117 static struct remote_mp *
118 lookup_remote_mp(const struct hmap *hmap, uint16_t mpid)
120 struct remote_mp *rmp;
122 HMAP_FOR_EACH_IN_BUCKET (rmp, node, hash_mpid(mpid), hmap) {
123 if (rmp->mpid == mpid) {
131 /* Allocates a 'cfm' object. This object should have its 'mpid', 'maid',
132 * 'eth_src', and 'interval' filled out. cfm_configure() should be called
133 * whenever changes are made to 'cfm', and before cfm_run() is called for the
139 struct cfm_internal *cfmi;
141 cfmi = xzalloc(sizeof *cfmi);
144 hmap_init(&cfm->remote_mps);
149 cfm_destroy(struct cfm *cfm)
151 struct cfm_internal *cfmi = cfm_to_internal(cfm);
152 struct remote_mp *rmp, *rmp_next;
158 HMAP_FOR_EACH_SAFE (rmp, rmp_next, node, &cfm->remote_mps) {
159 hmap_remove(&cfm->remote_mps, &rmp->node);
163 hmap_destroy(&cfm->remote_mps);
167 /* Should be run periodically to update fault statistics messages. */
169 cfm_run(struct cfm *cfm)
171 struct cfm_internal *cfmi = cfm_to_internal(cfm);
173 if (timer_expired(&cfmi->fault_timer)) {
174 long long int interval = cfm_fault_interval(cfmi);
175 struct remote_mp *rmp;
178 HMAP_FOR_EACH (rmp, node, &cfm->remote_mps) {
179 rmp->fault = !rmp->recv;
184 VLOG_DBG("No CCM from RMP %"PRIu16" in the last %lldms",
185 rmp->mpid, interval);
190 VLOG_DBG("All RMPs received CCMs in the last %lldms", interval);
193 timer_set_duration(&cfmi->fault_timer, interval);
197 /* Should be run periodically to check if the CFM module has a CCM message it
200 cfm_should_send_ccm(struct cfm *cfm)
202 struct cfm_internal *cfmi = cfm_to_internal(cfm);
204 return timer_expired(&cfmi->tx_timer);
207 /* Composes a CCM message into 'ccm'. Messages generated with this function
208 * should be sent whenever cfm_should_send_ccm() indicates. */
210 cfm_compose_ccm(struct cfm *cfm, struct ccm *ccm)
212 struct cfm_internal *cfmi = cfm_to_internal(cfm);
214 timer_set_duration(&cfmi->tx_timer, cfmi->ccm_interval_ms);
216 ccm->mdlevel_version = 0;
217 ccm->opcode = CCM_OPCODE;
218 ccm->tlv_offset = 70;
219 ccm->seq = htonl(++cfmi->seq);
220 ccm->mpid = htons(cfmi->cfm.mpid);
221 ccm->flags = cfmi->ccm_interval;
222 memcpy(ccm->maid, cfmi->cfm.maid, sizeof ccm->maid);
226 cfm_wait(struct cfm *cfm)
228 struct cfm_internal *cfmi = cfm_to_internal(cfm);
230 timer_wait(&cfmi->tx_timer);
231 timer_wait(&cfmi->fault_timer);
234 /* Should be called whenever a client of the cfm library changes the internals
235 * of 'cfm'. Returns true if 'cfm' is valid. */
237 cfm_configure(struct cfm *cfm)
239 struct cfm_internal *cfmi = cfm_to_internal(cfm);
242 if (!cfm_is_valid_mpid(cfm->mpid) || !cfm->interval) {
246 interval = ms_to_ccm_interval(cfm->interval);
248 if (interval != cfmi->ccm_interval) {
249 cfmi->ccm_interval = interval;
250 cfmi->ccm_interval_ms = ccm_interval_to_ms(interval);
252 timer_set_expired(&cfmi->tx_timer);
253 timer_set_duration(&cfmi->fault_timer, cfm_fault_interval(cfmi));
259 /* Given an array of MPIDs, updates the 'remote_mps' map of 'cfm' to reflect
260 * it. Invalid MPIDs are skipped. */
262 cfm_update_remote_mps(struct cfm *cfm, const uint16_t *mpids, size_t n_mpids)
265 struct hmap new_rmps;
266 struct remote_mp *rmp, *rmp_next;
268 hmap_init(&new_rmps);
270 for (i = 0; i < n_mpids; i++) {
271 uint16_t mpid = mpids[i];
273 if (!cfm_is_valid_mpid(mpid)
274 || lookup_remote_mp(&new_rmps, mpid)) {
278 if ((rmp = lookup_remote_mp(&cfm->remote_mps, mpid))) {
279 hmap_remove(&cfm->remote_mps, &rmp->node);
281 rmp = xzalloc(sizeof *rmp);
285 hmap_insert(&new_rmps, &rmp->node, hash_mpid(mpid));
288 hmap_swap(&new_rmps, &cfm->remote_mps);
290 HMAP_FOR_EACH_SAFE (rmp, rmp_next, node, &new_rmps) {
291 hmap_remove(&new_rmps, &rmp->node);
295 hmap_destroy(&new_rmps);
298 /* Finds a 'remote_mp' with 'mpid' in 'cfm'. If no such 'remote_mp' exists
300 const struct remote_mp *
301 cfm_get_remote_mp(const struct cfm *cfm, uint16_t mpid)
303 return lookup_remote_mp(&cfm->remote_mps, mpid);
306 /* Generates 'maid' from 'md_name' and 'ma_name'. A NULL parameter indicates
307 * the default should be used. Returns false if unsuccessful. */
309 cfm_generate_maid(const char *md_name, const char *ma_name,
310 uint8_t maid[CCM_MAID_LEN])
313 size_t md_len, ma_len;
323 memset(maid, 0, CCM_MAID_LEN);
325 md_len = strlen(md_name);
326 ma_len = strlen(ma_name);
328 if (!md_len || !ma_len || md_len + ma_len + 4 > CCM_MAID_LEN) {
332 maid[0] = 4; /* MD name string format. */
333 maid[1] = md_len; /* MD name size. */
334 memcpy(&maid[2], md_name, md_len); /* MD name. */
336 ma_p = maid + 2 + md_len;
337 ma_p[0] = 2; /* MA name string format. */
338 ma_p[1] = ma_len; /* MA name size. */
339 memcpy(&ma_p[2], ma_name, ma_len); /* MA name. */
343 /* Returns true if the CFM library should process packets from 'flow'. */
345 cfm_should_process_flow(const struct flow *flow)
347 return (ntohs(flow->dl_type) == ETH_TYPE_CFM
348 && eth_addr_equals(flow->dl_dst, eth_addr_ccm));
351 /* Updates internal statistics relevant to packet 'p'. Should be called on
352 * every packet whose flow returned true when passed to
353 * cfm_should_process_flow. */
355 cfm_process_heartbeat(struct cfm *cfm, const struct ofpbuf *p)
359 uint8_t ccm_interval;
360 struct remote_mp *rmp;
361 struct eth_header *eth;
362 struct cfm_internal *cfmi = cfm_to_internal(cfm);
365 ccm = ofpbuf_at(p, (uint8_t *)p->l3 - (uint8_t *)p->data, CCM_LEN);
368 VLOG_INFO_RL(&rl, "Received an un-parseable 802.1ag CCM heartbeat.");
372 if (ccm->opcode != CCM_OPCODE) {
373 VLOG_INFO_RL(&rl, "Received an unsupported 802.1ag message. "
374 "(opcode %u)", ccm->opcode);
378 /* According to the 802.1ag specification, reception of a CCM with an
379 * incorrect ccm_interval, unexpected MAID, or unexpected MPID should
380 * trigger a fault. We ignore this requirement for several reasons.
382 * Faults can cause a controller or Open vSwitch to make potentially
383 * expensive changes to the network topology. It seems prudent to trigger
384 * them judiciously, especially when CFM is used to check slave status of
385 * bonds. Furthermore, faults can be maliciously triggered by crafting
387 if (memcmp(ccm->maid, cfm->maid, sizeof ccm->maid)) {
388 VLOG_WARN_RL(&rl, "Received unexpected remote MAID from MAC "
389 ETH_ADDR_FMT, ETH_ADDR_ARGS(eth->eth_src));
391 ccm_mpid = ntohs(ccm->mpid);
392 ccm_interval = ccm->flags & 0x7;
394 rmp = lookup_remote_mp(&cfm->remote_mps, ccm_mpid);
399 if (ccm_interval != cfmi->ccm_interval) {
400 VLOG_WARN_RL(&rl, "received a CCM with an invalid interval"
401 " (%"PRIu8") from RMP %"PRIu16, ccm_interval,
405 VLOG_WARN_RL(&rl, "Received unexpected remote MPID %d from MAC "
406 ETH_ADDR_FMT, ccm_mpid, ETH_ADDR_ARGS(eth->eth_src));
409 VLOG_DBG("Received CCM (mpid %"PRIu16") (interval %"PRIu8")", ccm_mpid,
415 cfm_dump_ds(const struct cfm *cfm, struct ds *ds)
417 const struct cfm_internal *cfmi = cfm_to_internal(cfm);
418 struct remote_mp *rmp;
420 ds_put_format(ds, "MPID %"PRIu16": %s\n", cfm->mpid,
421 cfm->fault ? "fault" : "");
423 ds_put_format(ds, "\tinterval: %dms\n", cfmi->ccm_interval_ms);
424 ds_put_format(ds, "\tnext CCM tx: %lldms\n",
425 timer_msecs_until_expired(&cfmi->tx_timer));
426 ds_put_format(ds, "\tnext fault check: %lldms\n",
427 timer_msecs_until_expired(&cfmi->fault_timer));
429 ds_put_cstr(ds, "\n");
430 HMAP_FOR_EACH (rmp, node, &cfm->remote_mps) {
431 ds_put_format(ds, "Remote MPID %"PRIu16": %s\n", rmp->mpid,
432 rmp->fault ? "fault" : "");
433 ds_put_format(ds, "\trecv since check: %s",
434 rmp->recv ? "true" : "false");