X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=lib%2Fofp-util.c;h=328d0df8d6c52d64058f28d9587a681123711a1f;hb=dfbf7f354416264a0b84b09bf882ac0932e78c8b;hp=309ff4318947fd8b4893acdf9c2e2179f46a3fda;hpb=76c93b227414f893f54c5ec52155471601713fe0;p=openvswitch diff --git a/lib/ofp-util.c b/lib/ofp-util.c index 309ff431..328d0df8 100644 --- a/lib/ofp-util.c +++ b/lib/ofp-util.c @@ -21,9 +21,11 @@ #include #include #include "autopath.h" +#include "bundle.h" #include "byte-order.h" #include "classifier.h" #include "dynamic-string.h" +#include "learn.h" #include "multipath.h" #include "nx-match.h" #include "ofp-errors.h" @@ -58,22 +60,12 @@ ofputil_wcbits_to_netmask(int wcbits) } /* Given the IP netmask 'netmask', returns the number of bits of the IP address - * that it wildcards. 'netmask' must be a CIDR netmask (see ip_is_cidr()). */ + * that it wildcards, that is, the number of 0-bits in 'netmask'. 'netmask' + * must be a CIDR netmask (see ip_is_cidr()). */ int ofputil_netmask_to_wcbits(ovs_be32 netmask) { - assert(ip_is_cidr(netmask)); -#if __GNUC__ >= 4 - return netmask == htonl(0) ? 32 : __builtin_ctz(ntohl(netmask)); -#else - int wcbits; - - for (wcbits = 32; netmask; wcbits--) { - netmask &= netmask - 1; - } - - return wcbits; -#endif + return 32 - ip_count_cidr_bits(netmask); } /* A list of the FWW_* and OFPFW_ bits that have the same value, meaning, and @@ -107,6 +99,8 @@ static const flow_wildcards_t WC_INVARIANTS = 0 void ofputil_wildcard_from_openflow(uint32_t ofpfw, struct flow_wildcards *wc) { + BUILD_ASSERT_DECL(FLOW_WC_SEQ == 3); + /* Initialize most of rule->wc. */ flow_wildcards_init_catchall(wc); wc->wildcards = (OVS_FORCE flow_wildcards_t) ofpfw & WC_INVARIANTS; @@ -114,9 +108,10 @@ ofputil_wildcard_from_openflow(uint32_t ofpfw, struct flow_wildcards *wc) /* Wildcard fields that aren't defined by ofp_match or tun_id. */ wc->wildcards |= (FWW_ARP_SHA | FWW_ARP_THA | FWW_ND_TARGET); - if (ofpfw & OFPFW_NW_TOS) { - wc->wildcards |= FWW_NW_TOS; + if (!(ofpfw & OFPFW_NW_TOS)) { + wc->tos_frag_mask |= IP_DSCP_MASK; } + wc->nw_src_mask = ofputil_wcbits_to_netmask(ofpfw >> OFPFW_NW_SRC_SHIFT); wc->nw_dst_mask = ofputil_wcbits_to_netmask(ofpfw >> OFPFW_NW_DST_SHIFT); @@ -157,7 +152,7 @@ ofputil_cls_rule_from_match(const struct ofp_match *match, rule->flow.tp_dst = match->tp_dst; memcpy(rule->flow.dl_src, match->dl_src, ETH_ADDR_LEN); memcpy(rule->flow.dl_dst, match->dl_dst, ETH_ADDR_LEN); - rule->flow.nw_tos = match->nw_tos; + rule->flow.tos_frag = match->nw_tos & IP_DSCP_MASK; rule->flow.nw_proto = match->nw_proto; /* Translate VLANs. */ @@ -196,7 +191,7 @@ ofputil_cls_rule_to_match(const struct cls_rule *rule, struct ofp_match *match) ofpfw = (OVS_FORCE uint32_t) (wc->wildcards & WC_INVARIANTS); ofpfw |= ofputil_netmask_to_wcbits(wc->nw_src_mask) << OFPFW_NW_SRC_SHIFT; ofpfw |= ofputil_netmask_to_wcbits(wc->nw_dst_mask) << OFPFW_NW_DST_SHIFT; - if (wc->wildcards & FWW_NW_TOS) { + if (!(wc->tos_frag_mask & IP_DSCP_MASK)) { ofpfw |= OFPFW_NW_TOS; } @@ -230,7 +225,7 @@ ofputil_cls_rule_to_match(const struct cls_rule *rule, struct ofp_match *match) match->dl_type = ofputil_dl_type_to_openflow(rule->flow.dl_type); match->nw_src = rule->flow.nw_src; match->nw_dst = rule->flow.nw_dst; - match->nw_tos = rule->flow.nw_tos; + match->nw_tos = rule->flow.tos_frag & IP_DSCP_MASK; match->nw_proto = rule->flow.nw_proto; match->tp_src = rule->flow.tp_src; match->tp_dst = rule->flow.tp_dst; @@ -350,9 +345,6 @@ static int ofputil_decode_vendor(const struct ofp_header *oh, const struct ofputil_msg_type **typep) { - BUILD_ASSERT_DECL(sizeof(struct nxt_set_flow_format) - != sizeof(struct nxt_flow_mod_table_id)); - static const struct ofputil_msg_type nxt_messages[] = { { OFPUTIL_NXT_ROLE_REQUEST, NXT_ROLE_REQUEST, "NXT_ROLE_REQUEST", @@ -725,8 +717,8 @@ ofputil_decode_msg_type(const struct ofp_header *oh, } if (error) { static const struct ofputil_msg_type ofputil_invalid_type = { - OFPUTIL_INVALID, - 0, "OFPUTIL_INVALID", + OFPUTIL_MSG_INVALID, + 0, "OFPUTIL_MSG_INVALID", 0, 0 }; @@ -799,6 +791,8 @@ ofputil_min_flow_format(const struct cls_rule *rule) { const struct flow_wildcards *wc = &rule->wc; + BUILD_ASSERT_DECL(FLOW_WC_SEQ == 3); + /* Only NXM supports separately wildcards the Ethernet multicast bit. */ if (!(wc->wildcards & FWW_DL_DST) != !(wc->wildcards & FWW_ETH_MCAST)) { return NXFF_NXM; @@ -825,6 +819,11 @@ ofputil_min_flow_format(const struct cls_rule *rule) return NXFF_NXM; } + /* Only NXM supports matching fragments. */ + if (wc->tos_frag_mask & FLOW_FRAG_MASK) { + return NXFF_NXM; + } + /* Other formats can express this rule. */ return NXFF_OPENFLOW10; } @@ -865,8 +864,8 @@ ofputil_make_flow_mod_table_id(bool flow_mod_table_id) * * Does not validate the flow_mod actions. */ int -ofputil_decode_flow_mod(struct flow_mod *fm, const struct ofp_header *oh, - bool flow_mod_table_id) +ofputil_decode_flow_mod(struct ofputil_flow_mod *fm, + const struct ofp_header *oh, bool flow_mod_table_id) { const struct ofputil_msg_type *type; uint16_t command; @@ -955,7 +954,7 @@ ofputil_decode_flow_mod(struct flow_mod *fm, const struct ofp_header *oh, * 'flow_mod_table_id' should be true if the NXT_FLOW_MOD_TABLE_ID extension is * enabled, false otherwise. */ struct ofpbuf * -ofputil_encode_flow_mod(const struct flow_mod *fm, +ofputil_encode_flow_mod(const struct ofputil_flow_mod *fm, enum nx_flow_format flow_format, bool flow_mod_table_id) { @@ -974,7 +973,7 @@ ofputil_encode_flow_mod(const struct flow_mod *fm, ofm = put_openflow(sizeof *ofm, OFPT_FLOW_MOD, msg); ofputil_cls_rule_to_match(&fm->cr, &ofm->match); ofm->cookie = fm->cookie; - ofm->command = htons(fm->command); + ofm->command = htons(command); ofm->idle_timeout = htons(fm->idle_timeout); ofm->hard_timeout = htons(fm->hard_timeout); ofm->priority = htons(fm->cr.priority); @@ -1009,7 +1008,7 @@ ofputil_encode_flow_mod(const struct flow_mod *fm, } static int -ofputil_decode_ofpst_flow_request(struct flow_stats_request *fsr, +ofputil_decode_ofpst_flow_request(struct ofputil_flow_stats_request *fsr, const struct ofp_header *oh, bool aggregate) { @@ -1025,7 +1024,7 @@ ofputil_decode_ofpst_flow_request(struct flow_stats_request *fsr, } static int -ofputil_decode_nxst_flow_request(struct flow_stats_request *fsr, +ofputil_decode_nxst_flow_request(struct ofputil_flow_stats_request *fsr, const struct ofp_header *oh, bool aggregate) { @@ -1055,7 +1054,7 @@ ofputil_decode_nxst_flow_request(struct flow_stats_request *fsr, * request 'oh', into an abstract flow_stats_request in 'fsr'. Returns 0 if * successful, otherwise an OpenFlow error code. */ int -ofputil_decode_flow_stats_request(struct flow_stats_request *fsr, +ofputil_decode_flow_stats_request(struct ofputil_flow_stats_request *fsr, const struct ofp_header *oh) { const struct ofputil_msg_type *type; @@ -1089,7 +1088,7 @@ ofputil_decode_flow_stats_request(struct flow_stats_request *fsr, * OFPST_AGGREGATE, NXST_FLOW, or NXST_AGGREGATE request 'oh' according to * 'flow_format', and returns the message. */ struct ofpbuf * -ofputil_encode_flow_stats_request(const struct flow_stats_request *fsr, +ofputil_encode_flow_stats_request(const struct ofputil_flow_stats_request *fsr, enum nx_flow_format flow_format) { struct ofpbuf *msg; @@ -1231,6 +1230,77 @@ ofputil_decode_flow_stats_reply(struct ofputil_flow_stats *fs, return 0; } +/* Returns 'count' unchanged except that UINT64_MAX becomes 0. + * + * We use this in situations where OVS internally uses UINT64_MAX to mean + * "value unknown" but OpenFlow 1.0 does not define any unknown value. */ +static uint64_t +unknown_to_zero(uint64_t count) +{ + return count != UINT64_MAX ? count : 0; +} + +/* Appends an OFPST_FLOW or NXST_FLOW reply that contains the data in 'fs' to + * those already present in the list of ofpbufs in 'replies'. 'replies' should + * have been initialized with ofputil_start_stats_reply(). */ +void +ofputil_append_flow_stats_reply(const struct ofputil_flow_stats *fs, + struct list *replies) +{ + size_t act_len = fs->n_actions * sizeof *fs->actions; + const struct ofp_stats_msg *osm; + + osm = ofpbuf_from_list(list_back(replies))->data; + if (osm->type == htons(OFPST_FLOW)) { + size_t len = offsetof(struct ofp_flow_stats, actions) + act_len; + struct ofp_flow_stats *ofs; + + ofs = ofputil_append_stats_reply(len, replies); + ofs->length = htons(len); + ofs->table_id = fs->table_id; + ofs->pad = 0; + ofputil_cls_rule_to_match(&fs->rule, &ofs->match); + ofs->duration_sec = htonl(fs->duration_sec); + ofs->duration_nsec = htonl(fs->duration_nsec); + ofs->priority = htons(fs->rule.priority); + ofs->idle_timeout = htons(fs->idle_timeout); + ofs->hard_timeout = htons(fs->hard_timeout); + memset(ofs->pad2, 0, sizeof ofs->pad2); + put_32aligned_be64(&ofs->cookie, fs->cookie); + put_32aligned_be64(&ofs->packet_count, + htonll(unknown_to_zero(fs->packet_count))); + put_32aligned_be64(&ofs->byte_count, + htonll(unknown_to_zero(fs->byte_count))); + memcpy(ofs->actions, fs->actions, act_len); + } else if (osm->type == htons(OFPST_VENDOR)) { + struct nx_flow_stats *nfs; + struct ofpbuf *msg; + size_t start_len; + + msg = ofputil_reserve_stats_reply( + sizeof *nfs + NXM_MAX_LEN + act_len, replies); + start_len = msg->size; + + nfs = ofpbuf_put_uninit(msg, sizeof *nfs); + nfs->table_id = fs->table_id; + nfs->pad = 0; + nfs->duration_sec = htonl(fs->duration_sec); + nfs->duration_nsec = htonl(fs->duration_nsec); + nfs->priority = htons(fs->rule.priority); + nfs->idle_timeout = htons(fs->idle_timeout); + nfs->hard_timeout = htons(fs->hard_timeout); + nfs->match_len = htons(nx_put_match(msg, &fs->rule)); + memset(nfs->pad2, 0, sizeof nfs->pad2); + nfs->cookie = fs->cookie; + nfs->packet_count = htonll(fs->packet_count); + nfs->byte_count = htonll(fs->byte_count); + ofpbuf_put(msg, fs->actions, act_len); + nfs->length = htons(msg->size - start_len); + } else { + NOT_REACHED(); + } +} + /* Converts abstract ofputil_aggregate_stats 'stats' into an OFPST_AGGREGATE or * NXST_AGGREGATE reply according to 'flow_format', and returns the message. */ struct ofpbuf * @@ -1244,8 +1314,10 @@ ofputil_encode_aggregate_stats_reply( struct ofp_aggregate_stats_reply *asr; asr = ofputil_make_stats_reply(sizeof *asr, request, &msg); - put_32aligned_be64(&asr->packet_count, htonll(stats->packet_count)); - put_32aligned_be64(&asr->byte_count, htonll(stats->byte_count)); + put_32aligned_be64(&asr->packet_count, + htonll(unknown_to_zero(stats->packet_count))); + put_32aligned_be64(&asr->byte_count, + htonll(unknown_to_zero(stats->byte_count))); asr->flow_count = htonl(stats->flow_count); } else if (request->type == htons(OFPST_VENDOR)) { struct nx_aggregate_stats_reply *nasr; @@ -1339,8 +1411,8 @@ ofputil_encode_flow_removed(const struct ofputil_flow_removed *fr, ofr->duration_sec = htonl(fr->duration_sec); ofr->duration_nsec = htonl(fr->duration_nsec); ofr->idle_timeout = htons(fr->idle_timeout); - ofr->packet_count = htonll(fr->packet_count); - ofr->byte_count = htonll(fr->byte_count); + ofr->packet_count = htonll(unknown_to_zero(fr->packet_count)); + ofr->byte_count = htonll(unknown_to_zero(fr->byte_count)); } else if (flow_format == NXFF_NXM) { struct nx_flow_removed *nfr; int match_len; @@ -1383,7 +1455,7 @@ ofputil_encode_packet_in(const struct ofputil_packet_in *pin, struct ofpbuf *rw_packet) { int total_len = pin->packet->size; - struct ofp_packet_in *opi; + struct ofp_packet_in opi; if (rw_packet) { if (pin->send_len < rw_packet->size) { @@ -1396,13 +1468,14 @@ ofputil_encode_packet_in(const struct ofputil_packet_in *pin, } /* Add OFPT_PACKET_IN. */ - opi = ofpbuf_push_zeros(rw_packet, offsetof(struct ofp_packet_in, data)); - opi->header.version = OFP_VERSION; - opi->header.type = OFPT_PACKET_IN; - opi->total_len = htons(total_len); - opi->in_port = htons(pin->in_port); - opi->reason = pin->reason; - opi->buffer_id = htonl(pin->buffer_id); + memset(&opi, 0, sizeof opi); + opi.header.version = OFP_VERSION; + opi.header.type = OFPT_PACKET_IN; + opi.total_len = htons(total_len); + opi.in_port = htons(pin->in_port); + opi.reason = pin->reason; + opi.buffer_id = htonl(pin->buffer_id); + ofpbuf_push(rw_packet, &opi, offsetof(struct ofp_packet_in, data)); update_openflow_length(rw_packet); return rw_packet; @@ -1757,10 +1830,7 @@ make_add_simple_flow(const struct cls_rule *rule, struct ofpbuf *buffer; buffer = make_add_flow(rule, buffer_id, idle_timeout, sizeof *oao); - oao = ofpbuf_put_zeros(buffer, sizeof *oao); - oao->type = htons(OFPAT_OUTPUT); - oao->len = htons(sizeof *oao); - oao->port = htons(out_port); + ofputil_put_OFPAT_OUTPUT(buffer)->port = htons(out_port); return buffer; } else { return make_add_flow(rule, buffer_id, idle_timeout, 0); @@ -1805,7 +1875,7 @@ make_packet_out(const struct ofpbuf *packet, uint32_t buffer_id, opo->header.length = htons(size); opo->header.xid = htonl(0); opo->buffer_id = htonl(buffer_id); - opo->in_port = htons(in_port == ODPP_LOCAL ? OFPP_LOCAL : in_port); + opo->in_port = htons(in_port); opo->actions_len = htons(actions_len); ofpbuf_put(out, actions, actions_len); if (packet) { @@ -1868,38 +1938,41 @@ make_echo_reply(const struct ofp_header *rq) return out; } -static int -check_action_exact_len(const union ofp_action *a, unsigned int len, - unsigned int required_len) +const char * +ofputil_frag_handling_to_string(enum ofp_config_flags flags) { - if (len != required_len) { - VLOG_WARN_RL(&bad_ofmsg_rl, "action %"PRIu16" has invalid length " - "%"PRIu16" (must be %u)\n", - ntohs(a->type), ntohs(a->header.len), required_len); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); + switch (flags & OFPC_FRAG_MASK) { + case OFPC_FRAG_NORMAL: return "normal"; + case OFPC_FRAG_DROP: return "drop"; + case OFPC_FRAG_REASM: return "reassemble"; + case OFPC_FRAG_NX_MATCH: return "nx-match"; } - return 0; + + NOT_REACHED(); } -static int -check_nx_action_exact_len(const struct nx_action_header *a, - unsigned int len, unsigned int required_len) -{ - if (len != required_len) { - VLOG_WARN_RL(&bad_ofmsg_rl, - "Nicira action %"PRIu16" has invalid length %"PRIu16" " - "(must be %u)\n", - ntohs(a->subtype), ntohs(a->len), required_len); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); +bool +ofputil_frag_handling_from_string(const char *s, enum ofp_config_flags *flags) +{ + if (!strcasecmp(s, "normal")) { + *flags = OFPC_FRAG_NORMAL; + } else if (!strcasecmp(s, "drop")) { + *flags = OFPC_FRAG_DROP; + } else if (!strcasecmp(s, "reassemble")) { + *flags = OFPC_FRAG_REASM; + } else if (!strcasecmp(s, "nx-match")) { + *flags = OFPC_FRAG_NX_MATCH; + } else { + return false; } - return 0; + return true; } /* Checks that 'port' is a valid output port for the OFPAT_OUTPUT action, given * that the switch will never have more than 'max_ports' ports. Returns 0 if * 'port' is valid, otherwise an ofp_mkerr() return code. */ -static int -check_output_port(uint16_t port, int max_ports) +int +ofputil_check_output_port(uint16_t port, int max_ports) { switch (port) { case OFPP_IN_PORT: @@ -1915,210 +1988,416 @@ check_output_port(uint16_t port, int max_ports) if (port < max_ports) { return 0; } - VLOG_WARN_RL(&bad_ofmsg_rl, "unknown output port %x", port); return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_OUT_PORT); } } -/* Checks that 'action' is a valid OFPAT_ENQUEUE action, given that the switch - * will never have more than 'max_ports' ports. Returns 0 if 'port' is valid, - * otherwise an ofp_mkerr() return code. */ -static int -check_enqueue_action(const union ofp_action *a, unsigned int len, - int max_ports) +#define OFPUTIL_NAMED_PORTS \ + OFPUTIL_NAMED_PORT(IN_PORT) \ + OFPUTIL_NAMED_PORT(TABLE) \ + OFPUTIL_NAMED_PORT(NORMAL) \ + OFPUTIL_NAMED_PORT(FLOOD) \ + OFPUTIL_NAMED_PORT(ALL) \ + OFPUTIL_NAMED_PORT(CONTROLLER) \ + OFPUTIL_NAMED_PORT(LOCAL) \ + OFPUTIL_NAMED_PORT(NONE) + +/* Checks whether 's' is the string representation of an OpenFlow port number, + * either as an integer or a string name (e.g. "LOCAL"). If it is, stores the + * number in '*port' and returns true. Otherwise, returns false. */ +bool +ofputil_port_from_string(const char *name, uint16_t *port) { - const struct ofp_action_enqueue *oae; - uint16_t port; - int error; + struct pair { + const char *name; + uint16_t value; + }; + static const struct pair pairs[] = { +#define OFPUTIL_NAMED_PORT(NAME) {#NAME, OFPP_##NAME}, + OFPUTIL_NAMED_PORTS +#undef OFPUTIL_NAMED_PORT + }; + static const int n_pairs = ARRAY_SIZE(pairs); + int i; - error = check_action_exact_len(a, len, 16); - if (error) { - return error; + if (str_to_int(name, 0, &i) && i >= 0 && i < UINT16_MAX) { + *port = i; + return true; } - oae = (const struct ofp_action_enqueue *) a; - port = ntohs(oae->port); - if (port < max_ports || port == OFPP_IN_PORT) { - return 0; + for (i = 0; i < n_pairs; i++) { + if (!strcasecmp(name, pairs[i].name)) { + *port = pairs[i].value; + return true; + } } - VLOG_WARN_RL(&bad_ofmsg_rl, "unknown enqueue port %x", port); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_OUT_PORT); + return false; } -static int -check_nicira_action(const union ofp_action *a, unsigned int len, - const struct flow *flow) +/* Appends to 's' a string representation of the OpenFlow port number 'port'. + * Most ports' string representation is just the port number, but for special + * ports, e.g. OFPP_LOCAL, it is the name, e.g. "LOCAL". */ +void +ofputil_format_port(uint16_t port, struct ds *s) { - const struct nx_action_header *nah; - int subtype; - int error; + const char *name; - if (len < 16) { - VLOG_WARN_RL(&bad_ofmsg_rl, - "Nicira vendor action only %u bytes", len); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); + switch (port) { +#define OFPUTIL_NAMED_PORT(NAME) case OFPP_##NAME: name = #NAME; break; + OFPUTIL_NAMED_PORTS +#undef OFPUTIL_NAMED_PORT + + default: + ds_put_format(s, "%"PRIu16, port); + return; } - nah = (const struct nx_action_header *) a; + ds_put_cstr(s, name); +} - subtype = ntohs(nah->subtype); - if (subtype > TYPE_MAXIMUM(enum nx_action_subtype)) { - /* This is necessary because enum nx_action_subtype may be an - * 8-bit type, so the cast below throws away the top 8 bits. */ - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_VENDOR_TYPE); +static int +check_resubmit_table(const struct nx_action_resubmit *nar) +{ + if (nar->pad[0] || nar->pad[1] || nar->pad[2]) { + return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT); } + return 0; +} - switch ((enum nx_action_subtype) subtype) { - case NXAST_RESUBMIT: - case NXAST_SET_TUNNEL: - case NXAST_SET_QUEUE: - case NXAST_POP_QUEUE: - return check_nx_action_exact_len(nah, len, 16); +static int +check_output_reg(const struct nx_action_output_reg *naor, + const struct flow *flow) +{ + size_t i; - case NXAST_REG_MOVE: - error = check_nx_action_exact_len(nah, len, - sizeof(struct nx_action_reg_move)); - if (error) { - return error; + for (i = 0; i < sizeof naor->zero; i++) { + if (naor->zero[i]) { + return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT); } - return nxm_check_reg_move((const struct nx_action_reg_move *) a, flow); + } + + return nxm_src_check(naor->src, nxm_decode_ofs(naor->ofs_nbits), + nxm_decode_n_bits(naor->ofs_nbits), flow); +} + +int +validate_actions(const union ofp_action *actions, size_t n_actions, + const struct flow *flow, int max_ports) +{ + const union ofp_action *a; + size_t left; + + OFPUTIL_ACTION_FOR_EACH (a, left, actions, n_actions) { + uint16_t port; + int error; + int code; + + code = ofputil_decode_action(a); + if (code < 0) { + char *msg; + + error = -code; + msg = ofputil_error_to_string(error); + VLOG_WARN_RL(&bad_ofmsg_rl, + "action decoding error at offset %td (%s)", + (a - actions) * sizeof *a, msg); + free(msg); - case NXAST_REG_LOAD: - error = check_nx_action_exact_len(nah, len, - sizeof(struct nx_action_reg_load)); - if (error) { return error; } - return nxm_check_reg_load((const struct nx_action_reg_load *) a, flow); - case NXAST_NOTE: - return 0; + error = 0; + switch ((enum ofputil_action_code) code) { + case OFPUTIL_OFPAT_OUTPUT: + error = ofputil_check_output_port(ntohs(a->output.port), + max_ports); + break; - case NXAST_SET_TUNNEL64: - return check_nx_action_exact_len( - nah, len, sizeof(struct nx_action_set_tunnel64)); + case OFPUTIL_OFPAT_SET_VLAN_VID: + if (a->vlan_vid.vlan_vid & ~htons(0xfff)) { + error = ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT); + } + break; - case NXAST_MULTIPATH: - error = check_nx_action_exact_len( - nah, len, sizeof(struct nx_action_multipath)); - if (error) { - return error; + case OFPUTIL_OFPAT_SET_VLAN_PCP: + if (a->vlan_pcp.vlan_pcp & ~7) { + error = ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT); + } + break; + + case OFPUTIL_OFPAT_ENQUEUE: + port = ntohs(((const struct ofp_action_enqueue *) a)->port); + if (port >= max_ports && port != OFPP_IN_PORT) { + error = ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_OUT_PORT); + } + break; + + case OFPUTIL_NXAST_REG_MOVE: + error = nxm_check_reg_move((const struct nx_action_reg_move *) a, + flow); + break; + + case OFPUTIL_NXAST_REG_LOAD: + error = nxm_check_reg_load((const struct nx_action_reg_load *) a, + flow); + break; + + case OFPUTIL_NXAST_MULTIPATH: + error = multipath_check((const struct nx_action_multipath *) a, + flow); + break; + + case OFPUTIL_NXAST_AUTOPATH: + error = autopath_check((const struct nx_action_autopath *) a, + flow); + break; + + case OFPUTIL_NXAST_BUNDLE: + case OFPUTIL_NXAST_BUNDLE_LOAD: + error = bundle_check((const struct nx_action_bundle *) a, + max_ports, flow); + break; + + case OFPUTIL_NXAST_OUTPUT_REG: + error = check_output_reg((const struct nx_action_output_reg *) a, + flow); + break; + + case OFPUTIL_NXAST_RESUBMIT_TABLE: + error = check_resubmit_table( + (const struct nx_action_resubmit *) a); + break; + + case OFPUTIL_NXAST_LEARN: + error = learn_check((const struct nx_action_learn *) a, flow); + break; + + case OFPUTIL_OFPAT_STRIP_VLAN: + case OFPUTIL_OFPAT_SET_NW_SRC: + case OFPUTIL_OFPAT_SET_NW_DST: + case OFPUTIL_OFPAT_SET_NW_TOS: + case OFPUTIL_OFPAT_SET_TP_SRC: + case OFPUTIL_OFPAT_SET_TP_DST: + case OFPUTIL_OFPAT_SET_DL_SRC: + case OFPUTIL_OFPAT_SET_DL_DST: + case OFPUTIL_NXAST_RESUBMIT: + case OFPUTIL_NXAST_SET_TUNNEL: + case OFPUTIL_NXAST_SET_QUEUE: + case OFPUTIL_NXAST_POP_QUEUE: + case OFPUTIL_NXAST_NOTE: + case OFPUTIL_NXAST_SET_TUNNEL64: + break; } - return multipath_check((const struct nx_action_multipath *) a); - case NXAST_AUTOPATH: - error = check_nx_action_exact_len( - nah, len, sizeof(struct nx_action_autopath)); if (error) { + char *msg = ofputil_error_to_string(error); + VLOG_WARN_RL(&bad_ofmsg_rl, "bad action at offset %td (%s)", + (a - actions) * sizeof *a, msg); + free(msg); return error; } - return autopath_check((const struct nx_action_autopath *) a); - - case NXAST_SNAT__OBSOLETE: - case NXAST_DROP_SPOOFED_ARP__OBSOLETE: - default: - VLOG_WARN_RL(&bad_ofmsg_rl, - "unknown Nicira vendor action subtype %d", subtype); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_VENDOR_TYPE); } + if (left) { + VLOG_WARN_RL(&bad_ofmsg_rl, "bad action format at offset %zu", + (n_actions - left) * sizeof *a); + return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); + } + return 0; } -static int -check_action(const union ofp_action *a, unsigned int len, - const struct flow *flow, int max_ports) +struct ofputil_action { + int code; + unsigned int min_len; + unsigned int max_len; +}; + +static const struct ofputil_action action_bad_type + = { -OFP_MKERR(OFPET_BAD_ACTION, OFPBAC_BAD_TYPE), 0, UINT_MAX }; +static const struct ofputil_action action_bad_len + = { -OFP_MKERR(OFPET_BAD_ACTION, OFPBAC_BAD_LEN), 0, UINT_MAX }; +static const struct ofputil_action action_bad_vendor + = { -OFP_MKERR(OFPET_BAD_ACTION, OFPBAC_BAD_VENDOR), 0, UINT_MAX }; + +static const struct ofputil_action * +ofputil_decode_ofpat_action(const union ofp_action *a) { enum ofp_action_type type = ntohs(a->type); - int error; switch (type) { - case OFPAT_OUTPUT: - error = check_action_exact_len(a, len, 8); - if (error) { - return error; +#define OFPAT_ACTION(ENUM, STRUCT, NAME) \ + case ENUM: { \ + static const struct ofputil_action action = { \ + OFPUTIL_##ENUM, \ + sizeof(struct STRUCT), \ + sizeof(struct STRUCT) \ + }; \ + return &action; \ } - return check_output_port(ntohs(a->output.port), max_ports); +#include "ofp-util.def" - case OFPAT_SET_VLAN_VID: - error = check_action_exact_len(a, len, 8); - if (error) { - return error; - } - if (a->vlan_vid.vlan_vid & ~htons(0xfff)) { - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT); - } - return 0; + case OFPAT_VENDOR: + default: + return &action_bad_type; + } +} - case OFPAT_SET_VLAN_PCP: - error = check_action_exact_len(a, len, 8); - if (error) { - return error; - } - if (a->vlan_pcp.vlan_pcp & ~7) { - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT); +static const struct ofputil_action * +ofputil_decode_nxast_action(const union ofp_action *a) +{ + const struct nx_action_header *nah = (const struct nx_action_header *) a; + enum nx_action_subtype subtype = ntohs(nah->subtype); + + switch (subtype) { +#define NXAST_ACTION(ENUM, STRUCT, EXTENSIBLE, NAME) \ + case ENUM: { \ + static const struct ofputil_action action = { \ + OFPUTIL_##ENUM, \ + sizeof(struct STRUCT), \ + EXTENSIBLE ? UINT_MAX : sizeof(struct STRUCT) \ + }; \ + return &action; \ } - return 0; +#include "ofp-util.def" - case OFPAT_STRIP_VLAN: - case OFPAT_SET_NW_SRC: - case OFPAT_SET_NW_DST: - case OFPAT_SET_NW_TOS: - case OFPAT_SET_TP_SRC: - case OFPAT_SET_TP_DST: - return check_action_exact_len(a, len, 8); + case NXAST_SNAT__OBSOLETE: + case NXAST_DROP_SPOOFED_ARP__OBSOLETE: + default: + return &action_bad_type; + } +} - case OFPAT_SET_DL_SRC: - case OFPAT_SET_DL_DST: - return check_action_exact_len(a, len, 16); +/* Parses 'a' to determine its type. Returns a nonnegative OFPUTIL_OFPAT_* or + * OFPUTIL_NXAST_* constant if successful, otherwise a negative OpenFlow error + * code (as returned by ofp_mkerr()). + * + * The caller must have already verified that 'a''s length is correct (that is, + * a->header.len is nonzero and a multiple of sizeof(union ofp_action) and no + * longer than the amount of space allocated to 'a'). + * + * This function verifies that 'a''s length is correct for the type of action + * that it represents. */ +int +ofputil_decode_action(const union ofp_action *a) +{ + const struct ofputil_action *action; + uint16_t len = ntohs(a->header.len); - case OFPAT_VENDOR: - return (a->vendor.vendor == htonl(NX_VENDOR_ID) - ? check_nicira_action(a, len, flow) - : ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_VENDOR)); + if (a->type != htons(OFPAT_VENDOR)) { + action = ofputil_decode_ofpat_action(a); + } else { + switch (ntohl(a->vendor.vendor)) { + case NX_VENDOR_ID: + if (len < sizeof(struct nx_action_header)) { + return -ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); + } + action = ofputil_decode_nxast_action(a); + break; + default: + action = &action_bad_vendor; + break; + } + } - case OFPAT_ENQUEUE: - return check_enqueue_action(a, len, max_ports); + return (len >= action->min_len && len <= action->max_len + ? action->code + : -ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN)); +} - default: - VLOG_WARN_RL(&bad_ofmsg_rl, "unknown action type %d", (int) type); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_TYPE); +/* Parses 'a' and returns its type as an OFPUTIL_OFPAT_* or OFPUTIL_NXAST_* + * constant. The caller must have already validated that 'a' is a valid action + * understood by Open vSwitch (e.g. by a previous successful call to + * ofputil_decode_action()). */ +enum ofputil_action_code +ofputil_decode_action_unsafe(const union ofp_action *a) +{ + const struct ofputil_action *action; + + if (a->type != htons(OFPAT_VENDOR)) { + action = ofputil_decode_ofpat_action(a); + } else { + action = ofputil_decode_nxast_action(a); } + + return action->code; } +/* Returns the 'enum ofputil_action_code' corresponding to 'name' (e.g. if + * 'name' is "output" then the return value is OFPUTIL_OFPAT_OUTPUT), or -1 if + * 'name' is not the name of any action. + * + * ofp-util.def lists the mapping from names to action. */ int -validate_actions(const union ofp_action *actions, size_t n_actions, - const struct flow *flow, int max_ports) +ofputil_action_code_from_name(const char *name) { - size_t i; + static const char *names[OFPUTIL_N_ACTIONS] = { +#define OFPAT_ACTION(ENUM, STRUCT, NAME) NAME, +#define NXAST_ACTION(ENUM, STRUCT, EXTENSIBLE, NAME) NAME, +#include "ofp-util.def" + }; - for (i = 0; i < n_actions; ) { - const union ofp_action *a = &actions[i]; - unsigned int len = ntohs(a->header.len); - unsigned int n_slots = len / OFP_ACTION_ALIGN; - unsigned int slots_left = &actions[n_actions] - a; - int error; + const char **p; - if (n_slots > slots_left) { - VLOG_WARN_RL(&bad_ofmsg_rl, - "action requires %u slots but only %u remain", - n_slots, slots_left); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); - } else if (!len) { - VLOG_WARN_RL(&bad_ofmsg_rl, "action has invalid length 0"); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); - } else if (len % OFP_ACTION_ALIGN) { - VLOG_WARN_RL(&bad_ofmsg_rl, "action length %u is not a multiple " - "of %d", len, OFP_ACTION_ALIGN); - return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); + for (p = names; p < &names[ARRAY_SIZE(names)]; p++) { + if (*p && !strcasecmp(name, *p)) { + return p - names; } - - error = check_action(a, len, flow, max_ports); - if (error) { - return error; - } - i += n_slots; } - return 0; + return -1; } +/* Appends an action of the type specified by 'code' to 'buf' and returns the + * action. Initializes the parts of 'action' that identify it as having type + * and length 'sizeof *action' and zeros the rest. For actions that + * have variable length, the length used and cleared is that of struct + * . */ +void * +ofputil_put_action(enum ofputil_action_code code, struct ofpbuf *buf) +{ + switch (code) { +#define OFPAT_ACTION(ENUM, STRUCT, NAME) \ + case OFPUTIL_##ENUM: return ofputil_put_##ENUM(buf); +#define NXAST_ACTION(ENUM, STRUCT, EXTENSIBLE, NAME) \ + case OFPUTIL_##ENUM: return ofputil_put_##ENUM(buf); +#include "ofp-util.def" + } + NOT_REACHED(); +} + +#define OFPAT_ACTION(ENUM, STRUCT, NAME) \ + void \ + ofputil_init_##ENUM(struct STRUCT *s) \ + { \ + memset(s, 0, sizeof *s); \ + s->type = htons(ENUM); \ + s->len = htons(sizeof *s); \ + } \ + \ + struct STRUCT * \ + ofputil_put_##ENUM(struct ofpbuf *buf) \ + { \ + struct STRUCT *s = ofpbuf_put_uninit(buf, sizeof *s); \ + ofputil_init_##ENUM(s); \ + return s; \ + } +#define NXAST_ACTION(ENUM, STRUCT, EXTENSIBLE, NAME) \ + void \ + ofputil_init_##ENUM(struct STRUCT *s) \ + { \ + memset(s, 0, sizeof *s); \ + s->type = htons(OFPAT_VENDOR); \ + s->len = htons(sizeof *s); \ + s->vendor = htonl(NX_VENDOR_ID); \ + s->subtype = htons(ENUM); \ + } \ + \ + struct STRUCT * \ + ofputil_put_##ENUM(struct ofpbuf *buf) \ + { \ + struct STRUCT *s = ofpbuf_put_uninit(buf, sizeof *s); \ + ofputil_init_##ENUM(s); \ + return s; \ + } +#include "ofp-util.def" + /* Returns true if 'action' outputs to 'port', false otherwise. */ bool action_outputs_to_port(const union ofp_action *action, ovs_be16 port) @@ -2133,30 +2412,6 @@ action_outputs_to_port(const union ofp_action *action, ovs_be16 port) } } -/* The set of actions must either come from a trusted source or have been - * previously validated with validate_actions(). */ -const union ofp_action * -actions_first(struct actions_iterator *iter, - const union ofp_action *oa, size_t n_actions) -{ - iter->pos = oa; - iter->end = oa + n_actions; - return actions_next(iter); -} - -const union ofp_action * -actions_next(struct actions_iterator *iter) -{ - if (iter->pos != iter->end) { - const union ofp_action *a = iter->pos; - unsigned int len = ntohs(a->header.len); - iter->pos += len / OFP_ACTION_ALIGN; - return a; - } else { - return NULL; - } -} - /* "Normalizes" the wildcards in 'rule'. That means: * * 1. If the type of level N is known, then only the valid fields for that @@ -2182,7 +2437,7 @@ ofputil_normalize_rule(struct cls_rule *rule, enum nx_flow_format flow_format) MAY_NW_ADDR = 1 << 0, /* nw_src, nw_dst */ MAY_TP_ADDR = 1 << 1, /* tp_src, tp_dst */ MAY_NW_PROTO = 1 << 2, /* nw_proto */ - MAY_NW_TOS = 1 << 3, /* nw_tos */ + MAY_TOS_FRAG = 1 << 3, /* tos_frag */ MAY_ARP_SHA = 1 << 4, /* arp_sha */ MAY_ARP_THA = 1 << 5, /* arp_tha */ MAY_IPV6_ADDR = 1 << 6, /* ipv6_src, ipv6_dst */ @@ -2193,7 +2448,7 @@ ofputil_normalize_rule(struct cls_rule *rule, enum nx_flow_format flow_format) /* Figure out what fields may be matched. */ if (rule->flow.dl_type == htons(ETH_TYPE_IP)) { - may_match = MAY_NW_PROTO | MAY_NW_TOS | MAY_NW_ADDR; + may_match = MAY_NW_PROTO | MAY_TOS_FRAG | MAY_NW_ADDR; if (rule->flow.nw_proto == IPPROTO_TCP || rule->flow.nw_proto == IPPROTO_UDP || rule->flow.nw_proto == IPPROTO_ICMP) { @@ -2201,7 +2456,7 @@ ofputil_normalize_rule(struct cls_rule *rule, enum nx_flow_format flow_format) } } else if (rule->flow.dl_type == htons(ETH_TYPE_IPV6) && flow_format == NXFF_NXM) { - may_match = MAY_NW_PROTO | MAY_NW_TOS | MAY_IPV6_ADDR; + may_match = MAY_NW_PROTO | MAY_TOS_FRAG | MAY_IPV6_ADDR; if (rule->flow.nw_proto == IPPROTO_TCP || rule->flow.nw_proto == IPPROTO_UDP) { may_match |= MAY_TP_ADDR; @@ -2233,8 +2488,8 @@ ofputil_normalize_rule(struct cls_rule *rule, enum nx_flow_format flow_format) if (!(may_match & MAY_NW_PROTO)) { wc.wildcards |= FWW_NW_PROTO; } - if (!(may_match & MAY_NW_TOS)) { - wc.wildcards |= FWW_NW_TOS; + if (!(may_match & MAY_TOS_FRAG)) { + wc.tos_frag_mask = 0; } if (!(may_match & MAY_ARP_SHA)) { wc.wildcards |= FWW_ARP_SHA; @@ -2506,3 +2761,85 @@ error: *n_actionsp = 0; return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN); } + +bool +ofputil_actions_equal(const union ofp_action *a, size_t n_a, + const union ofp_action *b, size_t n_b) +{ + return n_a == n_b && (!n_a || !memcmp(a, b, n_a * sizeof *a)); +} + +union ofp_action * +ofputil_actions_clone(const union ofp_action *actions, size_t n) +{ + return n ? xmemdup(actions, n * sizeof *actions) : NULL; +} + +/* Parses a key or a key-value pair from '*stringp'. + * + * On success: Stores the key into '*keyp'. Stores the value, if present, into + * '*valuep', otherwise an empty string. Advances '*stringp' past the end of + * the key-value pair, preparing it for another call. '*keyp' and '*valuep' + * are substrings of '*stringp' created by replacing some of its bytes by null + * terminators. Returns true. + * + * If '*stringp' is just white space or commas, sets '*keyp' and '*valuep' to + * NULL and returns false. */ +bool +ofputil_parse_key_value(char **stringp, char **keyp, char **valuep) +{ + char *pos, *key, *value; + size_t key_len; + + pos = *stringp; + pos += strspn(pos, ", \t\r\n"); + if (*pos == '\0') { + *keyp = *valuep = NULL; + return false; + } + + key = pos; + key_len = strcspn(pos, ":=(, \t\r\n"); + if (key[key_len] == ':' || key[key_len] == '=') { + /* The value can be separated by a colon. */ + size_t value_len; + + value = key + key_len + 1; + value_len = strcspn(value, ", \t\r\n"); + pos = value + value_len + (value[value_len] != '\0'); + value[value_len] = '\0'; + } else if (key[key_len] == '(') { + /* The value can be surrounded by balanced parentheses. The outermost + * set of parentheses is removed. */ + int level = 1; + size_t value_len; + + value = key + key_len + 1; + for (value_len = 0; level > 0; value_len++) { + switch (value[value_len]) { + case '\0': + ovs_fatal(0, "unbalanced parentheses in argument to %s", key); + + case '(': + level++; + break; + + case ')': + level--; + break; + } + } + value[value_len - 1] = '\0'; + pos = value + value_len; + } else { + /* There might be no value at all. */ + value = key + key_len; /* Will become the empty string below. */ + pos = key + key_len + (key[key_len] != '\0'); + } + key[key_len] = '\0'; + + *stringp = pos; + *keyp = key; + *valuep = value; + return true; +}