#include "ofp-print.h"
#include <errno.h>
#include <inttypes.h>
+#include <sys/types.h>
+#include <netinet/in.h>
#include <netinet/icmp6.h>
#include <stdlib.h>
#include "autopath.h"
void
ofputil_wildcard_from_openflow(uint32_t ofpfw, struct flow_wildcards *wc)
{
- BUILD_ASSERT_DECL(FLOW_WC_SEQ == 2);
+ BUILD_ASSERT_DECL(FLOW_WC_SEQ == 7);
/* Initialize most of rule->wc. */
flow_wildcards_init_catchall(wc);
wc->wildcards = (OVS_FORCE flow_wildcards_t) ofpfw & WC_INVARIANTS;
/* Wildcard fields that aren't defined by ofp_match or tun_id. */
- wc->wildcards |= (FWW_ARP_SHA | FWW_ARP_THA | FWW_ND_TARGET);
+ wc->wildcards |= (FWW_ARP_SHA | FWW_ARP_THA | FWW_NW_ECN | FWW_NW_TTL
+ | FWW_ND_TARGET | FWW_IPV6_LABEL);
if (ofpfw & OFPFW_NW_TOS) {
- wc->wildcards |= FWW_NW_TOS;
+ /* OpenFlow 1.0 defines a TOS wildcard, but it's much later in
+ * the enum than we can use. */
+ wc->wildcards |= FWW_NW_DSCP;
}
+
wc->nw_src_mask = ofputil_wcbits_to_netmask(ofpfw >> OFPFW_NW_SRC_SHIFT);
wc->nw_dst_mask = ofputil_wcbits_to_netmask(ofpfw >> OFPFW_NW_DST_SHIFT);
rule->flow.tp_dst = match->tp_dst;
memcpy(rule->flow.dl_src, match->dl_src, ETH_ADDR_LEN);
memcpy(rule->flow.dl_dst, match->dl_dst, ETH_ADDR_LEN);
- rule->flow.nw_tos = match->nw_tos;
+ rule->flow.nw_tos = match->nw_tos & IP_DSCP_MASK;
rule->flow.nw_proto = match->nw_proto;
/* Translate VLANs. */
ofpfw = (OVS_FORCE uint32_t) (wc->wildcards & WC_INVARIANTS);
ofpfw |= ofputil_netmask_to_wcbits(wc->nw_src_mask) << OFPFW_NW_SRC_SHIFT;
ofpfw |= ofputil_netmask_to_wcbits(wc->nw_dst_mask) << OFPFW_NW_DST_SHIFT;
- if (wc->wildcards & FWW_NW_TOS) {
+ if (wc->wildcards & FWW_NW_DSCP) {
ofpfw |= OFPFW_NW_TOS;
}
match->dl_type = ofputil_dl_type_to_openflow(rule->flow.dl_type);
match->nw_src = rule->flow.nw_src;
match->nw_dst = rule->flow.nw_dst;
- match->nw_tos = rule->flow.nw_tos;
+ match->nw_tos = rule->flow.nw_tos & IP_DSCP_MASK;
match->nw_proto = rule->flow.nw_proto;
match->tp_src = rule->flow.tp_src;
match->tp_dst = rule->flow.tp_dst;
unsigned int extra_multiple;
};
+/* Represents a malformed OpenFlow message. */
+static const struct ofputil_msg_type ofputil_invalid_type = {
+ OFPUTIL_MSG_INVALID, 0, "OFPUTIL_MSG_INVALID", 0, 0
+};
+
struct ofputil_msg_category {
const char *name; /* e.g. "OpenFlow message" */
const struct ofputil_msg_type *types;
int missing_error; /* ofp_mkerr() value for missing type. */
};
-static bool
-ofputil_length_ok(const struct ofputil_msg_category *cat,
- const struct ofputil_msg_type *type,
- unsigned int size)
+static int
+ofputil_check_length(const struct ofputil_msg_type *type, unsigned int size)
{
switch (type->extra_multiple) {
case 0:
if (size != type->min_size) {
- VLOG_WARN_RL(&bad_ofmsg_rl, "received %s %s with incorrect "
+ VLOG_WARN_RL(&bad_ofmsg_rl, "received %s with incorrect "
"length %u (expected length %u)",
- cat->name, type->name, size, type->min_size);
- return false;
+ type->name, size, type->min_size);
+ return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN);
}
- return true;
+ return 0;
case 1:
if (size < type->min_size) {
- VLOG_WARN_RL(&bad_ofmsg_rl, "received %s %s with incorrect "
+ VLOG_WARN_RL(&bad_ofmsg_rl, "received %s with incorrect "
"length %u (expected length at least %u bytes)",
- cat->name, type->name, size, type->min_size);
- return false;
+ type->name, size, type->min_size);
+ return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN);
}
- return true;
+ return 0;
default:
if (size < type->min_size
|| (size - type->min_size) % type->extra_multiple) {
- VLOG_WARN_RL(&bad_ofmsg_rl, "received %s %s with incorrect "
+ VLOG_WARN_RL(&bad_ofmsg_rl, "received %s with incorrect "
"length %u (must be exactly %u bytes or longer "
"by an integer multiple of %u bytes)",
- cat->name, type->name, size,
+ type->name, size,
type->min_size, type->extra_multiple);
- return false;
+ return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN);
}
- return true;
+ return 0;
}
}
static int
ofputil_lookup_openflow_message(const struct ofputil_msg_category *cat,
- uint32_t value, unsigned int size,
+ uint32_t value,
const struct ofputil_msg_type **typep)
{
const struct ofputil_msg_type *type;
for (type = cat->types; type < &cat->types[cat->n_types]; type++) {
if (type->value == value) {
- if (!ofputil_length_ok(cat, type, size)) {
- return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN);
- }
*typep = type;
return 0;
}
}
static int
-ofputil_decode_vendor(const struct ofp_header *oh,
+ofputil_decode_vendor(const struct ofp_header *oh, size_t length,
const struct ofputil_msg_type **typep)
{
static const struct ofputil_msg_type nxt_messages[] = {
const struct ofp_vendor_header *ovh;
const struct nicira_header *nh;
+ if (length < sizeof(struct ofp_vendor_header)) {
+ if (length == ntohs(oh->length)) {
+ VLOG_WARN_RL(&bad_ofmsg_rl, "truncated vendor message");
+ }
+ return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN);
+ }
+
ovh = (const struct ofp_vendor_header *) oh;
if (ovh->vendor != htonl(NX_VENDOR_ID)) {
VLOG_WARN_RL(&bad_ofmsg_rl, "received vendor message for unknown "
return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_VENDOR);
}
- if (ntohs(ovh->header.length) < sizeof(struct nicira_header)) {
- VLOG_WARN_RL(&bad_ofmsg_rl, "received Nicira vendor message of "
- "length %u (expected at least %zu)",
- ntohs(ovh->header.length), sizeof(struct nicira_header));
+ if (length < sizeof(struct nicira_header)) {
+ if (length == ntohs(oh->length)) {
+ VLOG_WARN_RL(&bad_ofmsg_rl, "received Nicira vendor message of "
+ "length %u (expected at least %zu)",
+ ntohs(ovh->header.length),
+ sizeof(struct nicira_header));
+ }
return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN);
}
nh = (const struct nicira_header *) oh;
return ofputil_lookup_openflow_message(&nxt_category, ntohl(nh->subtype),
- ntohs(oh->length), typep);
+ typep);
}
static int
-check_nxstats_msg(const struct ofp_header *oh)
+check_nxstats_msg(const struct ofp_header *oh, size_t length)
{
const struct ofp_stats_msg *osm = (const struct ofp_stats_msg *) oh;
ovs_be32 vendor;
+ if (length < sizeof(struct ofp_vendor_stats_msg)) {
+ if (length == ntohs(oh->length)) {
+ VLOG_WARN_RL(&bad_ofmsg_rl, "truncated vendor stats message");
+ }
+ return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN);
+ }
+
memcpy(&vendor, osm + 1, sizeof vendor);
if (vendor != htonl(NX_VENDOR_ID)) {
VLOG_WARN_RL(&bad_ofmsg_rl, "received vendor stats message for "
return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_VENDOR);
}
- if (ntohs(osm->header.length) < sizeof(struct nicira_stats_msg)) {
- VLOG_WARN_RL(&bad_ofmsg_rl, "truncated Nicira stats message");
+ if (length < sizeof(struct nicira_stats_msg)) {
+ if (length == ntohs(osm->header.length)) {
+ VLOG_WARN_RL(&bad_ofmsg_rl, "truncated Nicira stats message");
+ }
return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN);
}
}
static int
-ofputil_decode_nxst_request(const struct ofp_header *oh,
+ofputil_decode_nxst_request(const struct ofp_header *oh, size_t length,
const struct ofputil_msg_type **typep)
{
static const struct ofputil_msg_type nxst_requests[] = {
const struct nicira_stats_msg *nsm;
int error;
- error = check_nxstats_msg(oh);
+ error = check_nxstats_msg(oh, length);
if (error) {
return error;
}
nsm = (struct nicira_stats_msg *) oh;
return ofputil_lookup_openflow_message(&nxst_request_category,
- ntohl(nsm->subtype),
- ntohs(oh->length), typep);
+ ntohl(nsm->subtype), typep);
}
static int
-ofputil_decode_nxst_reply(const struct ofp_header *oh,
+ofputil_decode_nxst_reply(const struct ofp_header *oh, size_t length,
const struct ofputil_msg_type **typep)
{
static const struct ofputil_msg_type nxst_replies[] = {
const struct nicira_stats_msg *nsm;
int error;
- error = check_nxstats_msg(oh);
+ error = check_nxstats_msg(oh, length);
if (error) {
return error;
}
nsm = (struct nicira_stats_msg *) oh;
return ofputil_lookup_openflow_message(&nxst_reply_category,
- ntohl(nsm->subtype),
- ntohs(oh->length), typep);
+ ntohl(nsm->subtype), typep);
}
static int
-ofputil_decode_ofpst_request(const struct ofp_header *oh,
+check_stats_msg(const struct ofp_header *oh, size_t length)
+{
+ if (length < sizeof(struct ofp_stats_msg)) {
+ if (length == ntohs(oh->length)) {
+ VLOG_WARN_RL(&bad_ofmsg_rl, "truncated stats message");
+ }
+ return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN);
+ }
+
+ return 0;
+}
+
+static int
+ofputil_decode_ofpst_request(const struct ofp_header *oh, size_t length,
const struct ofputil_msg_type **typep)
{
static const struct ofputil_msg_type ofpst_requests[] = {
const struct ofp_stats_msg *request = (const struct ofp_stats_msg *) oh;
int error;
+ error = check_stats_msg(oh, length);
+ if (error) {
+ return error;
+ }
+
error = ofputil_lookup_openflow_message(&ofpst_request_category,
- ntohs(request->type),
- ntohs(oh->length), typep);
+ ntohs(request->type), typep);
if (!error && request->type == htons(OFPST_VENDOR)) {
- error = ofputil_decode_nxst_request(oh, typep);
+ error = ofputil_decode_nxst_request(oh, length, typep);
}
return error;
}
static int
-ofputil_decode_ofpst_reply(const struct ofp_header *oh,
+ofputil_decode_ofpst_reply(const struct ofp_header *oh, size_t length,
const struct ofputil_msg_type **typep)
{
static const struct ofputil_msg_type ofpst_replies[] = {
const struct ofp_stats_msg *reply = (const struct ofp_stats_msg *) oh;
int error;
+ error = check_stats_msg(oh, length);
+ if (error) {
+ return error;
+ }
+
error = ofputil_lookup_openflow_message(&ofpst_reply_category,
- ntohs(reply->type),
- ntohs(oh->length), typep);
+ ntohs(reply->type), typep);
if (!error && reply->type == htons(OFPST_VENDOR)) {
- error = ofputil_decode_nxst_reply(oh, typep);
+ error = ofputil_decode_nxst_reply(oh, length, typep);
}
return error;
}
-/* Decodes the message type represented by 'oh'. Returns 0 if successful or
- * an OpenFlow error code constructed with ofp_mkerr() on failure. Either
- * way, stores in '*typep' a type structure that can be inspected with the
- * ofputil_msg_type_*() functions.
- *
- * oh->length must indicate the correct length of the message (and must be at
- * least sizeof(struct ofp_header)).
- *
- * Success indicates that 'oh' is at least as long as the minimum-length
- * message of its type. */
-int
-ofputil_decode_msg_type(const struct ofp_header *oh,
- const struct ofputil_msg_type **typep)
+static int
+ofputil_decode_msg_type__(const struct ofp_header *oh, size_t length,
+ const struct ofputil_msg_type **typep)
{
static const struct ofputil_msg_type ofpt_messages[] = {
{ OFPUTIL_OFPT_HELLO,
int error;
- error = ofputil_lookup_openflow_message(&ofpt_category, oh->type,
- ntohs(oh->length), typep);
+ error = ofputil_lookup_openflow_message(&ofpt_category, oh->type, typep);
if (!error) {
switch (oh->type) {
case OFPT_VENDOR:
- error = ofputil_decode_vendor(oh, typep);
+ error = ofputil_decode_vendor(oh, length, typep);
break;
case OFPT_STATS_REQUEST:
- error = ofputil_decode_ofpst_request(oh, typep);
+ error = ofputil_decode_ofpst_request(oh, length, typep);
break;
case OFPT_STATS_REPLY:
- error = ofputil_decode_ofpst_reply(oh, typep);
+ error = ofputil_decode_ofpst_reply(oh, length, typep);
default:
break;
}
}
+ return error;
+}
+
+/* Decodes the message type represented by 'oh'. Returns 0 if successful or
+ * an OpenFlow error code constructed with ofp_mkerr() on failure. Either
+ * way, stores in '*typep' a type structure that can be inspected with the
+ * ofputil_msg_type_*() functions.
+ *
+ * oh->length must indicate the correct length of the message (and must be at
+ * least sizeof(struct ofp_header)).
+ *
+ * Success indicates that 'oh' is at least as long as the minimum-length
+ * message of its type. */
+int
+ofputil_decode_msg_type(const struct ofp_header *oh,
+ const struct ofputil_msg_type **typep)
+{
+ size_t length = ntohs(oh->length);
+ int error;
+
+ error = ofputil_decode_msg_type__(oh, length, typep);
+ if (!error) {
+ error = ofputil_check_length(*typep, length);
+ }
if (error) {
- static const struct ofputil_msg_type ofputil_invalid_type = {
- OFPUTIL_MSG_INVALID,
- 0, "OFPUTIL_MSG_INVALID",
- 0, 0
- };
+ *typep = &ofputil_invalid_type;
+ }
+ return error;
+}
+
+/* Decodes the message type represented by 'oh', of which only the first
+ * 'length' bytes are available. Returns 0 if successful or an OpenFlow error
+ * code constructed with ofp_mkerr() on failure. Either way, stores in
+ * '*typep' a type structure that can be inspected with the
+ * ofputil_msg_type_*() functions. */
+int
+ofputil_decode_msg_type_partial(const struct ofp_header *oh, size_t length,
+ const struct ofputil_msg_type **typep)
+{
+ int error;
+ error = (length >= sizeof *oh
+ ? ofputil_decode_msg_type__(oh, length, typep)
+ : ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN));
+ if (error) {
*typep = &ofputil_invalid_type;
}
return error;
{
const struct flow_wildcards *wc = &rule->wc;
- BUILD_ASSERT_DECL(FLOW_WC_SEQ == 2);
+ BUILD_ASSERT_DECL(FLOW_WC_SEQ == 7);
/* Only NXM supports separately wildcards the Ethernet multicast bit. */
if (!(wc->wildcards & FWW_DL_DST) != !(wc->wildcards & FWW_ETH_MCAST)) {
return NXFF_NXM;
}
+ /* Only NXM supports matching fragments. */
+ if (wc->nw_frag_mask) {
+ return NXFF_NXM;
+ }
+
+ /* Only NXM supports matching IPv6 flow label. */
+ if (!(wc->wildcards & FWW_IPV6_LABEL)) {
+ return NXFF_NXM;
+ }
+
+ /* Only NXM supports matching IP ECN bits. */
+ if (!(wc->wildcards & FWW_NW_ECN)) {
+ return NXFF_NXM;
+ }
+
+ /* Only NXM supports matching IP TTL/hop limit. */
+ if (!(wc->wildcards & FWW_NW_TTL)) {
+ return NXFF_NXM;
+ }
+
/* Other formats can express this rule. */
return NXFF_OPENFLOW10;
}
return out;
}
+const char *
+ofputil_frag_handling_to_string(enum ofp_config_flags flags)
+{
+ switch (flags & OFPC_FRAG_MASK) {
+ case OFPC_FRAG_NORMAL: return "normal";
+ case OFPC_FRAG_DROP: return "drop";
+ case OFPC_FRAG_REASM: return "reassemble";
+ case OFPC_FRAG_NX_MATCH: return "nx-match";
+ }
+
+ NOT_REACHED();
+}
+
+bool
+ofputil_frag_handling_from_string(const char *s, enum ofp_config_flags *flags)
+{
+ if (!strcasecmp(s, "normal")) {
+ *flags = OFPC_FRAG_NORMAL;
+ } else if (!strcasecmp(s, "drop")) {
+ *flags = OFPC_FRAG_DROP;
+ } else if (!strcasecmp(s, "reassemble")) {
+ *flags = OFPC_FRAG_REASM;
+ } else if (!strcasecmp(s, "nx-match")) {
+ *flags = OFPC_FRAG_NX_MATCH;
+ } else {
+ return false;
+ }
+ return true;
+}
+
/* Checks that 'port' is a valid output port for the OFPAT_OUTPUT action, given
* that the switch will never have more than 'max_ports' ports. Returns 0 if
* 'port' is valid, otherwise an ofp_mkerr() return code. */
case OFPUTIL_OFPAT_ENQUEUE:
port = ntohs(((const struct ofp_action_enqueue *) a)->port);
- if (port >= max_ports && port != OFPP_IN_PORT) {
+ if (port >= max_ports && port != OFPP_IN_PORT
+ && port != OFPP_LOCAL) {
error = ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_OUT_PORT);
}
break;
case OFPUTIL_NXAST_POP_QUEUE:
case OFPUTIL_NXAST_NOTE:
case OFPUTIL_NXAST_SET_TUNNEL64:
+ case OFPUTIL_NXAST_EXIT:
break;
}
MAY_NW_ADDR = 1 << 0, /* nw_src, nw_dst */
MAY_TP_ADDR = 1 << 1, /* tp_src, tp_dst */
MAY_NW_PROTO = 1 << 2, /* nw_proto */
- MAY_NW_TOS = 1 << 3, /* nw_tos */
+ MAY_IPVx = 1 << 3, /* tos, frag, ttl */
MAY_ARP_SHA = 1 << 4, /* arp_sha */
MAY_ARP_THA = 1 << 5, /* arp_tha */
- MAY_IPV6_ADDR = 1 << 6, /* ipv6_src, ipv6_dst */
+ MAY_IPV6 = 1 << 6, /* ipv6_src, ipv6_dst, ipv6_label */
MAY_ND_TARGET = 1 << 7 /* nd_target */
} may_match;
/* Figure out what fields may be matched. */
if (rule->flow.dl_type == htons(ETH_TYPE_IP)) {
- may_match = MAY_NW_PROTO | MAY_NW_TOS | MAY_NW_ADDR;
+ may_match = MAY_NW_PROTO | MAY_IPVx | MAY_NW_ADDR;
if (rule->flow.nw_proto == IPPROTO_TCP ||
rule->flow.nw_proto == IPPROTO_UDP ||
rule->flow.nw_proto == IPPROTO_ICMP) {
}
} else if (rule->flow.dl_type == htons(ETH_TYPE_IPV6)
&& flow_format == NXFF_NXM) {
- may_match = MAY_NW_PROTO | MAY_NW_TOS | MAY_IPV6_ADDR;
+ may_match = MAY_NW_PROTO | MAY_IPVx | MAY_IPV6;
if (rule->flow.nw_proto == IPPROTO_TCP ||
rule->flow.nw_proto == IPPROTO_UDP) {
may_match |= MAY_TP_ADDR;
if (!(may_match & MAY_NW_PROTO)) {
wc.wildcards |= FWW_NW_PROTO;
}
- if (!(may_match & MAY_NW_TOS)) {
- wc.wildcards |= FWW_NW_TOS;
+ if (!(may_match & MAY_IPVx)) {
+ wc.wildcards |= FWW_NW_DSCP;
+ wc.wildcards |= FWW_NW_ECN;
+ wc.wildcards |= FWW_NW_TTL;
}
if (!(may_match & MAY_ARP_SHA)) {
wc.wildcards |= FWW_ARP_SHA;
if (!(may_match & MAY_ARP_THA)) {
wc.wildcards |= FWW_ARP_THA;
}
- if (!(may_match & MAY_IPV6_ADDR)) {
+ if (!(may_match & MAY_IPV6)) {
wc.ipv6_src_mask = wc.ipv6_dst_mask = in6addr_any;
+ wc.wildcards |= FWW_IPV6_LABEL;
}
if (!(may_match & MAY_ND_TARGET)) {
wc.wildcards |= FWW_ND_TARGET;