2 * Copyright (c) 2011 Nicira Networks.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include "meta-flow.h"
24 #include <netinet/icmp6.h>
25 #include <netinet/ip6.h>
27 #include "classifier.h"
28 #include "dynamic-string.h"
33 #include "socket-util.h"
34 #include "unaligned.h"
36 #define MF_FIELD_SIZES(MEMBER) \
37 sizeof ((union mf_value *)0)->MEMBER, \
38 8 * sizeof ((union mf_value *)0)->MEMBER
40 static const struct mf_field mf_fields[MFF_N_IDS] = {
46 MFF_TUN_ID, "tun_id", NULL,
52 NXM_NX_TUN_ID, "NXM_NX_TUN_ID",
54 MFF_IN_PORT, "in_port", NULL,
56 MFM_NONE, FWW_IN_PORT,
60 NXM_OF_IN_PORT, "NXM_OF_IN_PORT",
63 #define REGISTER(IDX) \
65 MFF_REG##IDX, "reg" #IDX, NULL, \
66 MF_FIELD_SIZES(be32), \
98 MFF_ETH_SRC, "eth_src", "dl_src",
100 MFM_NONE, FWW_DL_SRC,
104 NXM_OF_ETH_SRC, "NXM_OF_ETH_SRC",
106 MFF_ETH_DST, "eth_dst", "dl_dst",
112 NXM_OF_ETH_DST, "NXM_OF_ETH_DST",
114 MFF_ETH_TYPE, "eth_type", "dl_type",
115 MF_FIELD_SIZES(be16),
116 MFM_NONE, FWW_DL_TYPE,
120 NXM_OF_ETH_TYPE, "NXM_OF_ETH_TYPE",
124 MFF_VLAN_TCI, "vlan_tci", NULL,
125 MF_FIELD_SIZES(be16),
130 NXM_OF_VLAN_TCI, "NXM_OF_VLAN_TCI",
132 MFF_VLAN_VID, "dl_vlan", NULL,
133 sizeof(ovs_be16), 12,
140 MFF_VLAN_PCP, "dl_vlan_pcp", NULL,
154 MFF_IPV4_SRC, "ip_src", "nw_src",
155 MF_FIELD_SIZES(be32),
160 NXM_OF_IP_SRC, "NXM_OF_IP_SRC",
162 MFF_IPV4_DST, "ip_dst", "nw_dst",
163 MF_FIELD_SIZES(be32),
168 NXM_OF_IP_DST, "NXM_OF_IP_DST",
172 MFF_IPV6_SRC, "ipv6_src", NULL,
173 MF_FIELD_SIZES(ipv6),
178 NXM_NX_IPV6_SRC, "NXM_NX_IPV6_SRC",
180 MFF_IPV6_DST, "ipv6_dst", NULL,
181 MF_FIELD_SIZES(ipv6),
186 NXM_NX_IPV6_DST, "NXM_NX_IPV6_DST",
189 MFF_IPV6_LABEL, "ipv6_label", NULL,
191 MFM_NONE, FWW_IPV6_LABEL,
195 NXM_NX_IPV6_LABEL, "NXM_NX_IPV6_LABEL",
199 MFF_IP_PROTO, "nw_proto", NULL,
201 MFM_NONE, FWW_NW_PROTO,
205 NXM_OF_IP_PROTO, "NXM_OF_IP_PROTO",
207 MFF_IP_DSCP, "nw_tos", NULL,
209 MFM_NONE, FWW_NW_DSCP,
213 NXM_OF_IP_TOS, "NXM_OF_IP_TOS"
215 MFF_IP_ECN, "nw_ecn", NULL,
217 MFM_NONE, FWW_NW_ECN,
221 NXM_NX_IP_ECN, "NXM_NX_IP_ECN",
223 MFF_IP_TTL, "nw_ttl", NULL,
225 MFM_NONE, FWW_NW_TTL,
229 NXM_NX_IP_TTL, "NXM_NX_IP_TTL"
231 MFF_IP_FRAG, "ip_frag", NULL,
237 NXM_NX_IP_FRAG, "NXM_NX_IP_FRAG"
241 MFF_ARP_OP, "arp_op", NULL,
242 MF_FIELD_SIZES(be16),
243 MFM_NONE, FWW_NW_PROTO,
247 NXM_OF_ARP_OP, "NXM_OF_ARP_OP",
249 MFF_ARP_SPA, "arp_spa", NULL,
250 MF_FIELD_SIZES(be32),
255 NXM_OF_ARP_SPA, "NXM_OF_ARP_SPA",
257 MFF_ARP_TPA, "arp_tpa", NULL,
258 MF_FIELD_SIZES(be32),
263 NXM_OF_ARP_TPA, "NXM_OF_ARP_TPA",
265 MFF_ARP_SHA, "arp_sha", NULL,
267 MFM_NONE, FWW_ARP_SHA,
271 NXM_NX_ARP_SHA, "NXM_NX_ARP_SHA",
273 MFF_ARP_THA, "arp_tha", NULL,
275 MFM_NONE, FWW_ARP_THA,
279 NXM_NX_ARP_THA, "NXM_NX_ARP_THA",
287 MFF_TCP_SRC, "tcp_src", "tp_src",
288 MF_FIELD_SIZES(be16),
289 MFM_NONE, FWW_TP_SRC,
293 NXM_OF_TCP_SRC, "NXM_OF_TCP_SRC",
295 MFF_TCP_DST, "tcp_dst", "tp_dst",
296 MF_FIELD_SIZES(be16),
297 MFM_NONE, FWW_TP_DST,
301 NXM_OF_TCP_DST, "NXM_OF_TCP_DST",
305 MFF_UDP_SRC, "udp_src", NULL,
306 MF_FIELD_SIZES(be16),
307 MFM_NONE, FWW_TP_SRC,
311 NXM_OF_UDP_SRC, "NXM_OF_UDP_SRC",
313 MFF_UDP_DST, "udp_dst", NULL,
314 MF_FIELD_SIZES(be16),
315 MFM_NONE, FWW_TP_DST,
319 NXM_OF_UDP_DST, "NXM_OF_UDP_DST",
323 MFF_ICMPV4_TYPE, "icmp_type", NULL,
325 MFM_NONE, FWW_TP_SRC,
329 NXM_OF_ICMP_TYPE, "NXM_OF_ICMP_TYPE",
331 MFF_ICMPV4_CODE, "icmp_code", NULL,
333 MFM_NONE, FWW_TP_DST,
337 NXM_OF_ICMP_CODE, "NXM_OF_ICMP_CODE",
341 MFF_ICMPV6_TYPE, "icmpv6_type", NULL,
343 MFM_NONE, FWW_TP_SRC,
347 NXM_NX_ICMPV6_TYPE, "NXM_NX_ICMPV6_TYPE",
349 MFF_ICMPV6_CODE, "icmpv6_code", NULL,
351 MFM_NONE, FWW_TP_DST,
355 NXM_NX_ICMPV6_CODE, "NXM_NX_ICMPV6_CODE",
363 MFF_ND_TARGET, "nd_target", NULL,
364 MF_FIELD_SIZES(ipv6),
365 MFM_NONE, FWW_ND_TARGET,
369 NXM_NX_ND_TARGET, "NXM_NX_ND_TARGET",
371 MFF_ND_SLL, "nd_sll", NULL,
373 MFM_NONE, FWW_ARP_SHA,
377 NXM_NX_ND_SLL, "NXM_NX_ND_SLL",
379 MFF_ND_TLL, "nd_tll", NULL,
381 MFM_NONE, FWW_ARP_THA,
385 NXM_NX_ND_TLL, "NXM_NX_ND_TLL",
390 struct hmap_node hmap_node;
392 const struct mf_field *mf;
395 static struct hmap all_nxm_fields = HMAP_INITIALIZER(&all_nxm_fields);
397 /* Returns the field with the given 'id'. */
398 const struct mf_field *
399 mf_from_id(enum mf_field_id id)
401 assert((unsigned int) id < MFF_N_IDS);
402 return &mf_fields[id];
405 /* Returns the field with the given 'name', or a null pointer if no field has
407 const struct mf_field *
408 mf_from_name(const char *name)
410 static struct shash mf_by_name = SHASH_INITIALIZER(&mf_by_name);
412 if (shash_is_empty(&mf_by_name)) {
413 const struct mf_field *mf;
415 for (mf = mf_fields; mf < &mf_fields[MFF_N_IDS]; mf++) {
416 shash_add_once(&mf_by_name, mf->name, mf);
417 if (mf->extra_name) {
418 shash_add_once(&mf_by_name, mf->extra_name, mf);
423 return shash_find_data(&mf_by_name, name);
427 add_nxm_field(uint32_t nxm_header, const struct mf_field *mf)
431 f = xmalloc(sizeof *f);
432 hmap_insert(&all_nxm_fields, &f->hmap_node, hash_int(nxm_header, 0));
433 f->nxm_header = nxm_header;
440 const struct mf_field *mf;
442 for (mf = mf_fields; mf < &mf_fields[MFF_N_IDS]; mf++) {
443 if (mf->nxm_header) {
444 add_nxm_field(mf->nxm_header, mf);
445 if (mf->maskable != MFM_NONE) {
446 add_nxm_field(NXM_MAKE_WILD_HEADER(mf->nxm_header), mf);
452 /* Verify that the header values are unique. */
453 for (mf = mf_fields; mf < &mf_fields[MFF_N_IDS]; mf++) {
454 if (mf->nxm_header) {
455 assert(mf_from_nxm_header(mf->nxm_header) == mf);
456 if (mf->maskable != MFM_NONE) {
457 assert(mf_from_nxm_header(NXM_MAKE_WILD_HEADER(mf->nxm_header))
465 const struct mf_field *
466 mf_from_nxm_header(uint32_t header)
468 const struct nxm_field *f;
470 if (hmap_is_empty(&all_nxm_fields)) {
474 HMAP_FOR_EACH_IN_BUCKET (f, hmap_node, hash_int(header, 0),
476 if (f->nxm_header == header) {
484 /* Returns true if 'wc' wildcards all the bits in field 'mf', false if 'wc'
485 * specifies at least one bit in the field.
487 * The caller is responsible for ensuring that 'wc' corresponds to a flow that
488 * meets 'mf''s prerequisites. */
490 mf_is_all_wild(const struct mf_field *mf, const struct flow_wildcards *wc)
508 case MFF_ICMPV4_TYPE:
509 case MFF_ICMPV4_CODE:
510 case MFF_ICMPV6_TYPE:
511 case MFF_ICMPV6_CODE:
515 assert(mf->fww_bit != 0);
516 return (wc->wildcards & mf->fww_bit) != 0;
519 return !wc->tun_id_mask;
539 return !wc->reg_masks[mf->id - MFF_REG0];
542 return ((wc->wildcards & (FWW_ETH_MCAST | FWW_DL_DST))
543 == (FWW_ETH_MCAST | FWW_DL_DST));
546 return !wc->vlan_tci_mask;
548 return !(wc->vlan_tci_mask & htons(VLAN_VID_MASK));
550 return !(wc->vlan_tci_mask & htons(VLAN_PCP_MASK));
553 return !wc->nw_src_mask;
555 return !wc->nw_dst_mask;
558 return ipv6_mask_is_any(&wc->ipv6_src_mask);
560 return ipv6_mask_is_any(&wc->ipv6_dst_mask);
563 return !(wc->nw_frag_mask & FLOW_NW_FRAG_MASK);
566 return !wc->nw_src_mask;
568 return !wc->nw_dst_mask;
576 /* Initializes 'mask' with the wildcard bit pattern for field 'mf' within 'wc'.
577 * Each bit in 'mask' will be set to 1 if the bit is significant for matching
578 * purposes, or to 0 if it is wildcarded.
580 * The caller is responsible for ensuring that 'wc' corresponds to a flow that
581 * meets 'mf''s prerequisites. */
583 mf_get_mask(const struct mf_field *mf, const struct flow_wildcards *wc,
584 union mf_value *mask)
602 case MFF_ICMPV4_TYPE:
603 case MFF_ICMPV4_CODE:
604 case MFF_ICMPV6_TYPE:
605 case MFF_ICMPV6_CODE:
609 assert(mf->fww_bit != 0);
610 memset(mask, wc->wildcards & mf->fww_bit ? 0x00 : 0xff, mf->n_bytes);
614 mask->be64 = wc->tun_id_mask;
635 mask->be32 = htonl(wc->reg_masks[mf->id - MFF_REG0]);
639 memcpy(mask->mac, flow_wildcards_to_dl_dst_mask(wc->wildcards),
644 mask->be16 = wc->vlan_tci_mask;
647 mask->be16 = wc->vlan_tci_mask & htons(VLAN_VID_MASK);
650 mask->u8 = vlan_tci_to_pcp(wc->vlan_tci_mask);
654 mask->be32 = wc->nw_src_mask;
657 mask->be32 = wc->nw_dst_mask;
661 mask->ipv6 = wc->ipv6_src_mask;
664 mask->ipv6 = wc->ipv6_dst_mask;
668 mask->u8 = wc->nw_frag_mask & FLOW_NW_FRAG_MASK;
672 mask->be32 = wc->nw_src_mask;
675 mask->be32 = wc->nw_dst_mask;
684 /* Tests whether 'mask' is a valid wildcard bit pattern for 'mf'. Returns true
685 * if the mask is valid, false otherwise. */
687 mf_is_mask_valid(const struct mf_field *mf, const union mf_value *mask)
689 switch (mf->maskable) {
691 return (is_all_zeros((const uint8_t *) mask, mf->n_bytes) ||
692 is_all_ones((const uint8_t *) mask, mf->n_bytes));
698 return (mf->n_bytes == 4
699 ? ip_is_cidr(mask->be32)
700 : ipv6_is_cidr(&mask->ipv6));
703 return flow_wildcards_is_dl_dst_mask_valid(mask->mac);
710 is_ip_any(const struct flow *flow)
712 return (flow->dl_type == htons(ETH_TYPE_IP) ||
713 flow->dl_type == htons(ETH_TYPE_IPV6));
717 is_icmpv4(const struct flow *flow)
719 return (flow->dl_type == htons(ETH_TYPE_IP)
720 && flow->nw_proto == IPPROTO_ICMP);
724 is_icmpv6(const struct flow *flow)
726 return (flow->dl_type == htons(ETH_TYPE_IPV6)
727 && flow->nw_proto == IPPROTO_ICMPV6);
730 /* Returns true if 'flow' meets the prerequisites for 'mf', false otherwise. */
732 mf_are_prereqs_ok(const struct mf_field *mf, const struct flow *flow)
734 switch (mf->prereqs) {
739 return flow->dl_type == htons(ETH_TYPE_ARP);
741 return flow->dl_type == htons(ETH_TYPE_IP);
743 return flow->dl_type == htons(ETH_TYPE_IPV6);
745 return is_ip_any(flow);
748 return is_ip_any(flow) && flow->nw_proto == IPPROTO_TCP;
750 return is_ip_any(flow) && flow->nw_proto == IPPROTO_UDP;
752 return is_icmpv4(flow);
754 return is_icmpv6(flow);
757 return (is_icmpv6(flow)
758 && flow->tp_dst == htons(0)
759 && (flow->tp_src == htons(ND_NEIGHBOR_SOLICIT) ||
760 flow->tp_src == htons(ND_NEIGHBOR_ADVERT)));
762 return (is_icmpv6(flow)
763 && flow->tp_dst == htons(0)
764 && (flow->tp_src == htons(ND_NEIGHBOR_SOLICIT)));
766 return (is_icmpv6(flow)
767 && flow->tp_dst == htons(0)
768 && (flow->tp_src == htons(ND_NEIGHBOR_ADVERT)));
774 /* Returns true if 'value' may be a valid value *as part of a masked match*,
777 * A value is not rejected just because it is not valid for the field in
778 * question, but only if it doesn't make sense to test the bits in question at
779 * all. For example, the MFF_VLAN_TCI field will never have a nonzero value
780 * without the VLAN_CFI bit being set, but we can't reject those values because
781 * it is still legitimate to test just for those bits (see the documentation
782 * for NXM_OF_VLAN_TCI in nicira-ext.h). On the other hand, there is never a
783 * reason to set the low bit of MFF_IP_DSCP to 1, so we reject that. */
785 mf_is_value_valid(const struct mf_field *mf, const union mf_value *value)
826 case MFF_ICMPV4_TYPE:
827 case MFF_ICMPV4_CODE:
828 case MFF_ICMPV6_TYPE:
829 case MFF_ICMPV6_CODE:
836 return !(value->u8 & ~IP_DSCP_MASK);
838 return !(value->u8 & ~IP_ECN_MASK);
840 return !(value->u8 & ~FLOW_NW_FRAG_MASK);
843 return !(value->be16 & htons(0xff00));
846 return !(value->be16 & htons(VLAN_CFI | VLAN_PCP_MASK));
849 return !(value->u8 & ~7);
852 return !(value->be32 & ~htonl(IPV6_LABEL_MASK));
860 /* Copies the value of field 'mf' from 'flow' into 'value'. The caller is
861 * responsible for ensuring that 'flow' meets 'mf''s prerequisites. */
863 mf_get_value(const struct mf_field *mf, const struct flow *flow,
864 union mf_value *value)
868 value->be64 = flow->tun_id;
872 value->be16 = htons(flow->in_port);
893 value->be32 = htonl(flow->regs[mf->id - MFF_REG0]);
897 memcpy(value->mac, flow->dl_src, ETH_ADDR_LEN);
901 memcpy(value->mac, flow->dl_dst, ETH_ADDR_LEN);
905 value->be16 = flow->dl_type;
909 value->be16 = flow->vlan_tci;
913 value->be16 = flow->vlan_tci & htons(VLAN_VID_MASK);
917 value->u8 = vlan_tci_to_pcp(flow->vlan_tci);
921 value->be32 = flow->nw_src;
925 value->be32 = flow->nw_dst;
929 value->ipv6 = flow->ipv6_src;
933 value->ipv6 = flow->ipv6_dst;
937 value->be32 = flow->ipv6_label;
941 value->u8 = flow->nw_proto;
945 value->u8 = flow->nw_tos & IP_DSCP_MASK;
949 value->u8 = flow->nw_tos & IP_ECN_MASK;
953 value->u8 = flow->nw_ttl;
957 value->u8 = flow->nw_frag;
961 value->be16 = htons(flow->nw_proto);
965 value->be32 = flow->nw_src;
969 value->be32 = flow->nw_dst;
974 memcpy(value->mac, flow->arp_sha, ETH_ADDR_LEN);
979 memcpy(value->mac, flow->arp_tha, ETH_ADDR_LEN);
983 value->be16 = flow->tp_src;
987 value->be16 = flow->tp_dst;
991 value->be16 = flow->tp_src;
995 value->be16 = flow->tp_dst;
998 case MFF_ICMPV4_TYPE:
999 case MFF_ICMPV6_TYPE:
1000 value->u8 = ntohs(flow->tp_src);
1003 case MFF_ICMPV4_CODE:
1004 case MFF_ICMPV6_CODE:
1005 value->u8 = ntohs(flow->tp_dst);
1009 value->ipv6 = flow->nd_target;
1018 /* Makes 'rule' match field 'mf' exactly, with the value matched taken from
1019 * 'value'. The caller is responsible for ensuring that 'rule' meets 'mf''s
1022 mf_set_value(const struct mf_field *mf,
1023 const union mf_value *value, struct cls_rule *rule)
1027 cls_rule_set_tun_id(rule, value->be64);
1031 cls_rule_set_in_port(rule, ntohs(value->be16));
1053 cls_rule_set_reg(rule, mf->id - MFF_REG0, ntohl(value->be32));
1058 cls_rule_set_dl_src(rule, value->mac);
1062 cls_rule_set_dl_dst(rule, value->mac);
1066 cls_rule_set_dl_type(rule, value->be16);
1070 cls_rule_set_dl_tci(rule, value->be16);
1074 cls_rule_set_dl_vlan(rule, value->be16);
1078 cls_rule_set_dl_vlan_pcp(rule, value->u8);
1082 cls_rule_set_nw_src(rule, value->be32);
1086 cls_rule_set_nw_dst(rule, value->be32);
1090 cls_rule_set_ipv6_src(rule, &value->ipv6);
1094 cls_rule_set_ipv6_dst(rule, &value->ipv6);
1097 case MFF_IPV6_LABEL:
1098 cls_rule_set_ipv6_label(rule, value->be32);
1102 cls_rule_set_nw_proto(rule, value->u8);
1106 cls_rule_set_nw_dscp(rule, value->u8);
1110 cls_rule_set_nw_ecn(rule, value->u8);
1114 cls_rule_set_nw_ttl(rule, value->u8);
1118 cls_rule_set_nw_frag(rule, value->u8);
1122 cls_rule_set_nw_proto(rule, ntohs(value->be16));
1126 cls_rule_set_nw_src(rule, value->be32);
1130 cls_rule_set_nw_dst(rule, value->be32);
1135 cls_rule_set_arp_sha(rule, value->mac);
1140 cls_rule_set_arp_tha(rule, value->mac);
1144 cls_rule_set_tp_src(rule, value->be16);
1148 cls_rule_set_tp_dst(rule, value->be16);
1152 cls_rule_set_tp_src(rule, value->be16);
1156 cls_rule_set_tp_dst(rule, value->be16);
1159 case MFF_ICMPV4_TYPE:
1160 case MFF_ICMPV6_TYPE:
1161 cls_rule_set_icmp_type(rule, value->u8);
1164 case MFF_ICMPV4_CODE:
1165 case MFF_ICMPV6_CODE:
1166 cls_rule_set_icmp_code(rule, value->u8);
1170 cls_rule_set_nd_target(rule, &value->ipv6);
1179 /* Makes 'rule' match field 'mf' exactly, with the value matched taken from
1180 * 'value'. The caller is responsible for ensuring that 'rule' meets 'mf''s
1183 mf_set_flow_value(const struct mf_field *mf,
1184 const union mf_value *value, struct flow *flow)
1188 flow->tun_id = value->be64;
1192 flow->in_port = ntohs(value->be16);
1214 flow->regs[mf->id - MFF_REG0] = ntohl(value->be32);
1219 memcpy(flow->dl_src, value->mac, ETH_ADDR_LEN);
1223 memcpy(flow->dl_src, value->mac, ETH_ADDR_LEN);
1227 flow->dl_type = value->be16;
1231 flow->vlan_tci = value->be16;
1235 flow_set_vlan_vid(flow, value->be16);
1239 flow_set_vlan_pcp(flow, value->u8);
1243 flow->nw_src = value->be32;
1247 flow->nw_dst = value->be32;
1251 flow->ipv6_src = value->ipv6;
1255 flow->ipv6_dst = value->ipv6;
1258 case MFF_IPV6_LABEL:
1259 flow->ipv6_label = value->be32 & ~htonl(IPV6_LABEL_MASK);
1263 flow->nw_proto = value->u8;
1267 flow->nw_tos &= ~IP_DSCP_MASK;
1268 flow->nw_tos |= value->u8 & IP_DSCP_MASK;
1272 flow->nw_tos &= ~IP_ECN_MASK;
1273 flow->nw_tos |= value->u8 & IP_ECN_MASK;
1277 flow->nw_ttl = value->u8;
1281 flow->nw_frag &= value->u8;
1285 flow->nw_proto = ntohs(value->be16);
1289 flow->nw_src = value->be32;
1293 flow->nw_dst = value->be32;
1298 memcpy(flow->arp_sha, value->mac, ETH_ADDR_LEN);
1303 memcpy(flow->arp_tha, value->mac, ETH_ADDR_LEN);
1308 flow->tp_src = value->be16;
1313 flow->tp_dst = value->be16;
1316 case MFF_ICMPV4_TYPE:
1317 case MFF_ICMPV6_TYPE:
1318 flow->tp_src = htons(value->u8);
1321 case MFF_ICMPV4_CODE:
1322 case MFF_ICMPV6_CODE:
1323 flow->tp_dst = htons(value->u8);
1327 flow->nd_target = value->ipv6;
1336 /* Makes 'rule' wildcard field 'mf'.
1338 * The caller is responsible for ensuring that 'rule' meets 'mf''s
1341 mf_set_wild(const struct mf_field *mf, struct cls_rule *rule)
1345 cls_rule_set_tun_id_masked(rule, htonll(0), htonll(0));
1349 rule->wc.wildcards |= FWW_IN_PORT;
1350 rule->flow.in_port = 0;
1355 cls_rule_set_reg_masked(rule, 0, 0, 0);
1360 cls_rule_set_reg_masked(rule, 1, 0, 0);
1365 cls_rule_set_reg_masked(rule, 2, 0, 0);
1370 cls_rule_set_reg_masked(rule, 3, 0, 0);
1375 cls_rule_set_reg_masked(rule, 4, 0, 0);
1383 rule->wc.wildcards |= FWW_DL_SRC;
1384 memset(rule->flow.dl_src, 0, sizeof rule->flow.dl_src);
1388 rule->wc.wildcards |= FWW_DL_DST | FWW_ETH_MCAST;
1389 memset(rule->flow.dl_dst, 0, sizeof rule->flow.dl_dst);
1393 rule->wc.wildcards |= FWW_DL_TYPE;
1394 rule->flow.dl_type = htons(0);
1398 cls_rule_set_dl_tci_masked(rule, htons(0), htons(0));
1402 cls_rule_set_any_vid(rule);
1406 cls_rule_set_any_pcp(rule);
1411 cls_rule_set_nw_src_masked(rule, htonl(0), htonl(0));
1416 cls_rule_set_nw_dst_masked(rule, htonl(0), htonl(0));
1420 memset(&rule->wc.ipv6_src_mask, 0, sizeof rule->wc.ipv6_src_mask);
1421 memset(&rule->flow.ipv6_src, 0, sizeof rule->flow.ipv6_src);
1425 memset(&rule->wc.ipv6_dst_mask, 0, sizeof rule->wc.ipv6_dst_mask);
1426 memset(&rule->flow.ipv6_dst, 0, sizeof rule->flow.ipv6_dst);
1429 case MFF_IPV6_LABEL:
1430 rule->wc.wildcards |= FWW_IPV6_LABEL;
1431 rule->flow.ipv6_label = 0;
1435 rule->wc.wildcards |= FWW_NW_PROTO;
1436 rule->flow.nw_proto = 0;
1440 rule->wc.wildcards |= FWW_NW_DSCP;
1441 rule->flow.nw_tos &= ~IP_DSCP_MASK;
1445 rule->wc.wildcards |= FWW_NW_ECN;
1446 rule->flow.nw_tos &= ~IP_ECN_MASK;
1450 rule->wc.wildcards |= FWW_NW_TTL;
1451 rule->flow.nw_ttl = 0;
1455 rule->wc.nw_frag_mask |= FLOW_NW_FRAG_MASK;
1456 rule->flow.nw_frag &= ~FLOW_NW_FRAG_MASK;
1460 rule->wc.wildcards |= FWW_NW_PROTO;
1461 rule->flow.nw_proto = 0;
1466 rule->wc.wildcards |= FWW_ARP_SHA;
1467 memset(rule->flow.arp_sha, 0, sizeof rule->flow.arp_sha);
1472 rule->wc.wildcards |= FWW_ARP_THA;
1473 memset(rule->flow.arp_tha, 0, sizeof rule->flow.arp_tha);
1478 case MFF_ICMPV4_TYPE:
1479 case MFF_ICMPV6_TYPE:
1480 rule->wc.wildcards |= FWW_TP_SRC;
1481 rule->flow.tp_src = htons(0);
1486 case MFF_ICMPV4_CODE:
1487 case MFF_ICMPV6_CODE:
1488 rule->wc.wildcards |= FWW_TP_DST;
1489 rule->flow.tp_dst = htons(0);
1493 rule->wc.wildcards |= FWW_ND_TARGET;
1494 memset(&rule->flow.nd_target, 0, sizeof rule->flow.nd_target);
1503 /* Makes 'rule' match field 'mf' with the specified 'value' and 'mask'.
1504 * 'value' specifies a value to match and 'mask' specifies a wildcard pattern,
1505 * with a 1-bit indicating that the corresponding value bit must match and a
1506 * 0-bit indicating a don't-care.
1508 * If 'mask' is NULL or points to all-1-bits, then this call is equivalent to
1509 * mf_set_value(mf, value, rule). If 'mask' points to all-0-bits, then this
1510 * call is equivalent to mf_set_wild(mf, rule).
1512 * 'mask' must be a valid mask for 'mf' (see mf_is_mask_valid()). The caller
1513 * is responsible for ensuring that 'rule' meets 'mf''s prerequisites. */
1515 mf_set(const struct mf_field *mf,
1516 const union mf_value *value, const union mf_value *mask,
1517 struct cls_rule *rule)
1519 if (!mask || is_all_ones((const uint8_t *) mask, mf->n_bytes)) {
1520 mf_set_value(mf, value, rule);
1522 } else if (is_all_zeros((const uint8_t *) mask, mf->n_bytes)) {
1523 mf_set_wild(mf, rule);
1533 case MFF_IPV6_LABEL:
1545 case MFF_ICMPV4_TYPE:
1546 case MFF_ICMPV4_CODE:
1547 case MFF_ICMPV6_TYPE:
1548 case MFF_ICMPV6_CODE:
1555 cls_rule_set_tun_id_masked(rule, value->be64, mask->be64);
1576 cls_rule_set_reg_masked(rule, mf->id - MFF_REG0,
1577 ntohl(value->be32), ntohl(mask->be32));
1581 if (flow_wildcards_is_dl_dst_mask_valid(mask->mac)) {
1582 cls_rule_set_dl_dst_masked(rule, value->mac, mask->mac);
1587 cls_rule_set_dl_tci_masked(rule, value->be16, mask->be16);
1591 cls_rule_set_nw_src_masked(rule, value->be32, mask->be32);
1595 cls_rule_set_nw_dst_masked(rule, value->be32, mask->be32);
1599 cls_rule_set_ipv6_src_masked(rule, &value->ipv6, &mask->ipv6);
1603 cls_rule_set_ipv6_dst_masked(rule, &value->ipv6, &mask->ipv6);
1607 cls_rule_set_nw_frag_masked(rule, value->u8, mask->u8);
1611 cls_rule_set_nw_src_masked(rule, value->be32, mask->be32);
1615 cls_rule_set_nw_dst_masked(rule, value->be32, mask->be32);
1624 /* Makes a subfield starting at bit offset 'ofs' and continuing for 'n_bits' in
1625 * 'rule''s field 'mf' exactly match the 'n_bits' least-significant bits of
1628 * Example: suppose that 'mf' is originally the following 2-byte field in
1631 * value == 0xe00a == 2#1110000000001010
1632 * mask == 0xfc3f == 2#1111110000111111
1634 * The call mf_set_subfield(mf, 0x55, 8, 7, rule) would have the following
1635 * effect (note that 0x55 is 2#1010101):
1637 * value == 0xd50a == 2#1101010100001010
1638 * mask == 0xff3f == 2#1111111100111111
1640 * The caller is responsible for ensuring that the result will be a valid
1641 * wildcard pattern for 'mf'. The caller is responsible for ensuring that
1642 * 'rule' meets 'mf''s prerequisites. */
1644 mf_set_subfield(const struct mf_field *mf, uint64_t x, unsigned int ofs,
1645 unsigned int n_bits, struct cls_rule *rule)
1647 if (ofs == 0 && mf->n_bytes * 8 == n_bits) {
1648 union mf_value value;
1651 for (i = mf->n_bytes - 1; i >= 0; i--) {
1652 ((uint8_t *) &value)[i] = x;
1655 mf_set_value(mf, &value, rule);
1657 union mf_value value, mask;
1659 unsigned int byte_ofs;
1661 mf_get(mf, rule, &value, &mask);
1663 byte_ofs = mf->n_bytes - ofs / 8;
1664 vp = &((uint8_t *) &value)[byte_ofs];
1665 mp = &((uint8_t *) &mask)[byte_ofs];
1667 unsigned int chunk = MIN(8 - ofs % 8, n_bits);
1668 uint8_t chunk_mask = ((1 << chunk) - 1) << (ofs % 8);
1670 *--vp &= ~chunk_mask;
1671 *vp |= chunk_mask & (x << (ofs % 8));
1672 *--mp |= chunk_mask;
1678 while (n_bits >= 8) {
1686 uint8_t chunk_mask = (1 << n_bits) - 1;
1688 *--vp &= ~chunk_mask;
1689 *vp |= chunk_mask & x;
1690 *--mp |= chunk_mask;
1693 mf_set(mf, &value, &mask, rule);
1697 /* Copies the value and wildcard bit pattern for 'mf' from 'rule' into the
1698 * 'value' and 'mask', respectively. */
1700 mf_get(const struct mf_field *mf, const struct cls_rule *rule,
1701 union mf_value *value, union mf_value *mask)
1703 mf_get_value(mf, &rule->flow, value);
1704 mf_get_mask(mf, &rule->wc, mask);
1707 /* Assigns a random value for field 'mf' to 'value'. */
1709 mf_random_value(const struct mf_field *mf, union mf_value *value)
1711 random_bytes(value, mf->n_bytes);
1752 case MFF_ICMPV4_TYPE:
1753 case MFF_ICMPV4_CODE:
1754 case MFF_ICMPV6_TYPE:
1755 case MFF_ICMPV6_CODE:
1761 case MFF_IPV6_LABEL:
1762 value->be32 &= ~htonl(IPV6_LABEL_MASK);
1766 value->u8 &= IP_DSCP_MASK;
1770 value->u8 &= IP_ECN_MASK;
1774 value->u8 &= FLOW_NW_FRAG_MASK;
1778 value->be16 &= htons(0xff);
1782 value->be16 &= htons(VLAN_VID_MASK);
1796 mf_from_integer_string(const struct mf_field *mf, const char *s,
1797 uint8_t *valuep, uint8_t *maskp)
1799 unsigned long long int integer, mask;
1804 integer = strtoull(s, &tail, 0);
1805 if (errno || (*tail != '\0' && *tail != '/')) {
1810 mask = strtoull(tail + 1, &tail, 0);
1811 if (errno || *tail != '\0') {
1818 for (i = mf->n_bytes - 1; i >= 0; i--) {
1819 valuep[i] = integer;
1825 return xasprintf("%s: value too large for %u-byte field %s",
1826 s, mf->n_bytes, mf->name);
1831 return xasprintf("%s: bad syntax for %s", s, mf->name);
1835 mf_from_ethernet_string(const struct mf_field *mf, const char *s,
1836 uint8_t mac[ETH_ADDR_LEN],
1837 uint8_t mask[ETH_ADDR_LEN])
1839 assert(mf->n_bytes == ETH_ADDR_LEN);
1841 switch (sscanf(s, ETH_ADDR_SCAN_FMT"/"ETH_ADDR_SCAN_FMT,
1842 ETH_ADDR_SCAN_ARGS(mac), ETH_ADDR_SCAN_ARGS(mask))){
1843 case ETH_ADDR_SCAN_COUNT * 2:
1846 case ETH_ADDR_SCAN_COUNT:
1847 memset(mask, 0xff, ETH_ADDR_LEN);
1851 return xasprintf("%s: invalid Ethernet address", s);
1856 mf_from_ipv4_string(const struct mf_field *mf, const char *s,
1857 ovs_be32 *ip, ovs_be32 *mask)
1861 assert(mf->n_bytes == sizeof *ip);
1863 if (sscanf(s, IP_SCAN_FMT"/"IP_SCAN_FMT,
1864 IP_SCAN_ARGS(ip), IP_SCAN_ARGS(mask)) == IP_SCAN_COUNT * 2) {
1866 } else if (sscanf(s, IP_SCAN_FMT"/%d",
1867 IP_SCAN_ARGS(ip), &prefix) == IP_SCAN_COUNT + 1) {
1868 if (prefix <= 0 || prefix > 32) {
1869 return xasprintf("%s: network prefix bits not between 1 and "
1871 } else if (prefix == 32) {
1872 *mask = htonl(UINT32_MAX);
1874 *mask = htonl(((1u << prefix) - 1) << (32 - prefix));
1876 } else if (sscanf(s, IP_SCAN_FMT, IP_SCAN_ARGS(ip)) == IP_SCAN_COUNT) {
1877 *mask = htonl(UINT32_MAX);
1879 return xasprintf("%s: invalid IP address", s);
1885 mf_from_ipv6_string(const struct mf_field *mf, const char *s,
1886 struct in6_addr *value, struct in6_addr *mask)
1888 char *str = xstrdup(s);
1889 char *save_ptr = NULL;
1890 const char *name, *netmask;
1893 assert(mf->n_bytes == sizeof *value);
1895 name = strtok_r(str, "/", &save_ptr);
1896 retval = name ? lookup_ipv6(name, value) : EINVAL;
1900 err = xasprintf("%s: could not convert to IPv6 address", str);
1906 netmask = strtok_r(NULL, "/", &save_ptr);
1908 int prefix = atoi(netmask);
1909 if (prefix <= 0 || prefix > 128) {
1911 return xasprintf("%s: prefix bits not between 1 and 128", s);
1913 *mask = ipv6_create_mask(prefix);
1916 *mask = in6addr_exact;
1924 mf_from_ofp_port_string(const struct mf_field *mf, const char *s,
1925 ovs_be16 *valuep, ovs_be16 *maskp)
1929 assert(mf->n_bytes == sizeof(ovs_be16));
1930 if (ofputil_port_from_string(s, &port)) {
1931 *valuep = htons(port);
1932 *maskp = htons(UINT16_MAX);
1935 return mf_from_integer_string(mf, s,
1936 (uint8_t *) valuep, (uint8_t *) maskp);
1940 struct frag_handling {
1946 static const struct frag_handling all_frags[] = {
1947 #define A FLOW_NW_FRAG_ANY
1948 #define L FLOW_NW_FRAG_LATER
1949 /* name mask value */
1952 { "first", A|L, A },
1953 { "later", A|L, A|L },
1958 { "not_later", L, 0 },
1965 mf_from_frag_string(const char *s, uint8_t *valuep, uint8_t *maskp)
1967 const struct frag_handling *h;
1969 for (h = all_frags; h < &all_frags[ARRAY_SIZE(all_frags)]; h++) {
1970 if (!strcasecmp(s, h->name)) {
1971 /* We force the upper bits of the mask on to make mf_parse_value()
1972 * happy (otherwise it will never think it's an exact match.) */
1973 *maskp = h->mask | ~FLOW_NW_FRAG_MASK;
1979 return xasprintf("%s: unknown fragment type (valid types are \"no\", "
1980 "\"yes\", \"first\", \"later\", \"not_first\"", s);
1983 /* Parses 's', a string value for field 'mf', into 'value' and 'mask'. Returns
1984 * NULL if successful, otherwise a malloc()'d string describing the error. */
1986 mf_parse(const struct mf_field *mf, const char *s,
1987 union mf_value *value, union mf_value *mask)
1989 if (!strcasecmp(s, "any") || !strcmp(s, "*")) {
1990 memset(value, 0, mf->n_bytes);
1991 memset(mask, 0, mf->n_bytes);
1995 switch (mf->string) {
1997 case MFS_HEXADECIMAL:
1998 return mf_from_integer_string(mf, s,
1999 (uint8_t *) value, (uint8_t *) mask);
2002 return mf_from_ethernet_string(mf, s, value->mac, mask->mac);
2005 return mf_from_ipv4_string(mf, s, &value->be32, &mask->be32);
2008 return mf_from_ipv6_string(mf, s, &value->ipv6, &mask->ipv6);
2011 return mf_from_ofp_port_string(mf, s, &value->be16, &mask->be16);
2014 return mf_from_frag_string(s, &value->u8, &mask->u8);
2019 /* Parses 's', a string value for field 'mf', into 'value'. Returns NULL if
2020 * successful, otherwise a malloc()'d string describing the error. */
2022 mf_parse_value(const struct mf_field *mf, const char *s, union mf_value *value)
2024 union mf_value mask;
2027 error = mf_parse(mf, s, value, &mask);
2032 if (!is_all_ones((const uint8_t *) &mask, mf->n_bytes)) {
2033 return xasprintf("%s: wildcards not allowed here", s);
2039 mf_format_integer_string(const struct mf_field *mf, const uint8_t *valuep,
2040 const uint8_t *maskp, struct ds *s)
2042 unsigned long long int integer;
2045 assert(mf->n_bytes <= 8);
2048 for (i = 0; i < mf->n_bytes; i++) {
2049 integer = (integer << 8) | valuep[i];
2051 if (mf->string == MFS_HEXADECIMAL) {
2052 ds_put_format(s, "%#llx", integer);
2054 ds_put_format(s, "%lld", integer);
2058 unsigned long long int mask;
2061 for (i = 0; i < mf->n_bytes; i++) {
2062 mask = (mask << 8) | maskp[i];
2065 /* I guess we could write the mask in decimal for MFS_DECIMAL but I'm
2066 * not sure that that a bit-mask written in decimal is ever easier to
2067 * understand than the same bit-mask written in hexadecimal. */
2068 ds_put_format(s, "/%#llx", mask);
2073 mf_format_frag_string(const uint8_t *valuep, const uint8_t *maskp,
2076 const struct frag_handling *h;
2077 uint8_t value = *valuep;
2078 uint8_t mask = *maskp;
2081 mask &= FLOW_NW_FRAG_MASK;
2083 for (h = all_frags; h < &all_frags[ARRAY_SIZE(all_frags)]; h++) {
2084 if (value == h->value && mask == h->mask) {
2085 ds_put_cstr(s, h->name);
2089 ds_put_cstr(s, "<error>");
2092 /* Appends to 's' a string representation of field 'mf' whose value is in
2093 * 'value' and 'mask'. 'mask' may be NULL to indicate an exact match. */
2095 mf_format(const struct mf_field *mf,
2096 const union mf_value *value, const union mf_value *mask,
2100 if (is_all_zeros((const uint8_t *) mask, mf->n_bytes)) {
2101 ds_put_cstr(s, "ANY");
2103 } else if (is_all_ones((const uint8_t *) mask, mf->n_bytes)) {
2108 switch (mf->string) {
2111 ofputil_format_port(ntohs(value->be16), s);
2116 case MFS_HEXADECIMAL:
2117 mf_format_integer_string(mf, (uint8_t *) value, (uint8_t *) mask, s);
2121 ds_put_format(s, ETH_ADDR_FMT, ETH_ADDR_ARGS(value->mac));
2123 ds_put_format(s, "/"ETH_ADDR_FMT, ETH_ADDR_ARGS(mask->mac));
2128 ip_format_masked(value->be32, mask ? mask->be32 : htonl(UINT32_MAX),
2133 print_ipv6_masked(s, &value->ipv6, mask ? &mask->ipv6 : NULL);
2137 mf_format_frag_string(&value->u8, &mask->u8, s);