X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=lib%2Fofp-util.c;h=d7bc0ee450d43b4465f40f480a354c917f547de1;hb=eb5f3e933b0922d369ad839b2afa1cd7ab764b6e;hp=d773a3fa9f0e8c5e73cf38f18948018ce89dde36;hpb=fa37b408eac875cbc0d7adbbb3f7a004371172da;p=openvswitch diff --git a/lib/ofp-util.c b/lib/ofp-util.c index d773a3fa..d7bc0ee4 100644 --- a/lib/ofp-util.c +++ b/lib/ofp-util.c @@ -18,14 +18,16 @@ #include "ofp-print.h" #include #include +#include "byte-order.h" +#include "nx-match.h" #include "ofp-util.h" #include "ofpbuf.h" #include "packets.h" #include "random.h" - -#define THIS_MODULE VLM_ofp_util #include "vlog.h" +VLOG_DEFINE_THIS_MODULE(ofp_util); + /* Rate limit for OpenFlow message parse errors. These always indicate a bug * in the peer and so there's not much point in showing a lot of them. */ static struct vlog_rate_limit bad_ofmsg_rl = VLOG_RATE_LIMIT_INIT(1, 5); @@ -58,6 +60,14 @@ make_openflow(size_t openflow_len, uint8_t type, struct ofpbuf **bufferp) return put_openflow_xid(openflow_len, type, alloc_xid(), *bufferp); } +/* Similar to make_openflow() but creates a Nicira vendor extension message + * with the specific 'subtype'. 'subtype' should be in host byte order. */ +void * +make_nxmsg(size_t openflow_len, uint32_t subtype, struct ofpbuf **bufferp) +{ + return make_nxmsg_xid(openflow_len, subtype, alloc_xid(), bufferp); +} + /* Allocates and stores in '*bufferp' a new ofpbuf with a size of * 'openflow_len', starting with an OpenFlow header with the given 'type' and * transaction id 'xid'. Allocated bytes beyond the header, if any, are @@ -79,6 +89,19 @@ make_openflow_xid(size_t openflow_len, uint8_t type, uint32_t xid, return put_openflow_xid(openflow_len, type, xid, *bufferp); } +/* Similar to make_openflow_xid() but creates a Nicira vendor extension message + * with the specific 'subtype'. 'subtype' should be in host byte order. */ +void * +make_nxmsg_xid(size_t openflow_len, uint32_t subtype, uint32_t xid, + struct ofpbuf **bufferp) +{ + struct nicira_header *nxh = make_openflow_xid(openflow_len, OFPT_VENDOR, + xid, bufferp); + nxh->vendor = htonl(NX_VENDOR_ID); + nxh->subtype = htonl(subtype); + return nxh; +} + /* Appends 'openflow_len' bytes to 'buffer', starting with an OpenFlow header * with the given 'type' and an arbitrary transaction id. Allocated bytes * beyond the header, if any, are zeroed. @@ -124,14 +147,14 @@ put_openflow_xid(size_t openflow_len, uint8_t type, uint32_t xid, /* Updates the 'length' field of the OpenFlow message in 'buffer' to * 'buffer->size'. */ void -update_openflow_length(struct ofpbuf *buffer) +update_openflow_length(struct ofpbuf *buffer) { struct ofp_header *oh = ofpbuf_at_assert(buffer, 0, sizeof *oh); - oh->length = htons(buffer->size); + oh->length = htons(buffer->size); } struct ofpbuf * -make_flow_mod(uint16_t command, const flow_t *flow, size_t actions_len) +make_flow_mod(uint16_t command, const struct flow *flow, size_t actions_len) { struct ofp_flow_mod *ofm; size_t size = sizeof *ofm + actions_len; @@ -160,7 +183,7 @@ make_flow_mod(uint16_t command, const flow_t *flow, size_t actions_len) } struct ofpbuf * -make_add_flow(const flow_t *flow, uint32_t buffer_id, +make_add_flow(const struct flow *flow, uint32_t buffer_id, uint16_t idle_timeout, size_t actions_len) { struct ofpbuf *out = make_flow_mod(OFPFC_ADD, flow, actions_len); @@ -172,7 +195,7 @@ make_add_flow(const flow_t *flow, uint32_t buffer_id, } struct ofpbuf * -make_del_flow(const flow_t *flow) +make_del_flow(const struct flow *flow) { struct ofpbuf *out = make_flow_mod(OFPFC_DELETE_STRICT, flow, 0); struct ofp_flow_mod *ofm = out->data; @@ -181,18 +204,23 @@ make_del_flow(const flow_t *flow) } struct ofpbuf * -make_add_simple_flow(const flow_t *flow, +make_add_simple_flow(const struct flow *flow, uint32_t buffer_id, uint16_t out_port, uint16_t idle_timeout) { - struct ofp_action_output *oao; - struct ofpbuf *buffer = make_add_flow(flow, buffer_id, idle_timeout, - sizeof *oao); - oao = ofpbuf_put_zeros(buffer, sizeof *oao); - oao->type = htons(OFPAT_OUTPUT); - oao->len = htons(sizeof *oao); - oao->port = htons(out_port); - return buffer; + if (out_port != OFPP_NONE) { + struct ofp_action_output *oao; + struct ofpbuf *buffer; + + buffer = make_add_flow(flow, buffer_id, idle_timeout, sizeof *oao); + oao = ofpbuf_put_zeros(buffer, sizeof *oao); + oao->type = htons(OFPAT_OUTPUT); + oao->len = htons(sizeof *oao); + oao->port = htons(out_port); + return buffer; + } else { + return make_add_flow(flow, buffer_id, idle_timeout, 0); + } } struct ofpbuf * @@ -258,12 +286,16 @@ struct ofpbuf * make_buffered_packet_out(uint32_t buffer_id, uint16_t in_port, uint16_t out_port) { - struct ofp_action_output action; - action.type = htons(OFPAT_OUTPUT); - action.len = htons(sizeof action); - action.port = htons(out_port); - return make_packet_out(NULL, buffer_id, in_port, - (struct ofp_action_header *) &action, 1); + if (out_port != OFPP_NONE) { + struct ofp_action_output action; + action.type = htons(OFPAT_OUTPUT); + action.len = htons(sizeof action); + action.port = htons(out_port); + return make_packet_out(NULL, buffer_id, in_port, + (struct ofp_action_header *) &action, 1); + } else { + return make_packet_out(NULL, buffer_id, in_port, NULL, 0); + } } /* Creates and returns an OFPT_ECHO_REQUEST message with an empty payload. */ @@ -293,7 +325,7 @@ make_echo_reply(const struct ofp_header *rq) } static int -check_message_type(uint8_t got_type, uint8_t want_type) +check_message_type(uint8_t got_type, uint8_t want_type) { if (got_type != want_type) { char *want_type_name = ofp_message_type_to_string(want_type); @@ -384,50 +416,6 @@ check_ofp_message_array(const struct ofp_header *msg, uint8_t type, return 0; } -int -check_ofp_packet_out(const struct ofp_header *oh, struct ofpbuf *data, - int *n_actionsp, int max_ports) -{ - const struct ofp_packet_out *opo; - unsigned int actions_len, n_actions; - size_t extra; - int error; - - *n_actionsp = 0; - error = check_ofp_message_array(oh, OFPT_PACKET_OUT, - sizeof *opo, 1, &extra); - if (error) { - return error; - } - opo = (const struct ofp_packet_out *) oh; - - actions_len = ntohs(opo->actions_len); - if (actions_len > extra) { - VLOG_WARN_RL(&bad_ofmsg_rl, "packet-out claims %u bytes of actions " - "but message has room for only %zu bytes", - actions_len, extra); - return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN); - } - if (actions_len % sizeof(union ofp_action)) { - VLOG_WARN_RL(&bad_ofmsg_rl, "packet-out claims %u bytes of actions, " - "which is not a multiple of %zu", - actions_len, sizeof(union ofp_action)); - return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN); - } - - n_actions = actions_len / sizeof(union ofp_action); - error = validate_actions((const union ofp_action *) opo->actions, - n_actions, max_ports); - if (error) { - return error; - } - - data->data = (void *) &opo->actions[n_actions]; - data->size = extra - actions_len; - *n_actionsp = n_actions; - return 0; -} - const struct ofp_flow_stats * flow_stats_first(struct flow_stats_iterator *iter, const struct ofp_stats_reply *osr) @@ -473,9 +461,6 @@ flow_stats_next(struct flow_stats_iterator *iter) return fs; } -/* Alignment of ofp_actions. */ -#define ACTION_ALIGNMENT 8 - static int check_action_exact_len(const union ofp_action *a, unsigned int len, unsigned int required_len) @@ -489,8 +474,11 @@ check_action_exact_len(const union ofp_action *a, unsigned int len, return 0; } +/* Checks that 'port' is a valid output port for the OFPAT_OUTPUT action, given + * that the switch will never have more than 'max_ports' ports. Returns 0 if + * 'port' is valid, otherwise an ofp_mkerr() return code. */ static int -check_action_port(int port, int max_ports) +check_output_port(uint16_t port, int max_ports) { switch (port) { case OFPP_IN_PORT: @@ -503,7 +491,7 @@ check_action_port(int port, int max_ports) return 0; default: - if (port >= 0 && port < max_ports) { + if (port < max_ports) { return 0; } VLOG_WARN_RL(&bad_ofmsg_rl, "unknown output port %x", port); @@ -511,10 +499,37 @@ check_action_port(int port, int max_ports) } } +/* Checks that 'action' is a valid OFPAT_ENQUEUE action, given that the switch + * will never have more than 'max_ports' ports. Returns 0 if 'port' is valid, + * otherwise an ofp_mkerr() return code. */ +static int +check_enqueue_action(const union ofp_action *a, unsigned int len, + int max_ports) +{ + const struct ofp_action_enqueue *oae; + uint16_t port; + int error; + + error = check_action_exact_len(a, len, 16); + if (error) { + return error; + } + + oae = (const struct ofp_action_enqueue *) a; + port = ntohs(oae->port); + if (port < max_ports || port == OFPP_IN_PORT) { + return 0; + } + VLOG_WARN_RL(&bad_ofmsg_rl, "unknown enqueue port %x", port); + return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_OUT_PORT); +} + static int -check_nicira_action(const union ofp_action *a, unsigned int len) +check_nicira_action(const union ofp_action *a, unsigned int len, + const struct flow *flow) { const struct nx_action_header *nah; + int error; if (len < 16) { VLOG_DBG_RL(&bad_ofmsg_rl, @@ -526,24 +541,69 @@ check_nicira_action(const union ofp_action *a, unsigned int len) switch (ntohs(nah->subtype)) { case NXAST_RESUBMIT: case NXAST_SET_TUNNEL: + case NXAST_DROP_SPOOFED_ARP: + case NXAST_SET_QUEUE: + case NXAST_POP_QUEUE: return check_action_exact_len(a, len, 16); + + case NXAST_REG_MOVE: + error = check_action_exact_len(a, len, + sizeof(struct nx_action_reg_move)); + if (error) { + return error; + } + return nxm_check_reg_move((const struct nx_action_reg_move *) a, flow); + + case NXAST_REG_LOAD: + error = check_action_exact_len(a, len, + sizeof(struct nx_action_reg_load)); + if (error) { + return error; + } + return nxm_check_reg_load((const struct nx_action_reg_load *) a, flow); + + case NXAST_NOTE: + return 0; + default: return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_VENDOR_TYPE); } } static int -check_action(const union ofp_action *a, unsigned int len, int max_ports) +check_action(const union ofp_action *a, unsigned int len, + const struct flow *flow, int max_ports) { int error; switch (ntohs(a->type)) { case OFPAT_OUTPUT: - error = check_action_port(ntohs(a->output.port), max_ports); - return error ? error : check_action_exact_len(a, len, 8); + error = check_action_exact_len(a, len, 8); + if (error) { + return error; + } + return check_output_port(ntohs(a->output.port), max_ports); case OFPAT_SET_VLAN_VID: + error = check_action_exact_len(a, len, 8); + if (error) { + return error; + } + if (a->vlan_vid.vlan_vid & ~htons(0xfff)) { + return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT); + } + return 0; + case OFPAT_SET_VLAN_PCP: + error = check_action_exact_len(a, len, 8); + if (error) { + return error; + } + if (a->vlan_vid.vlan_vid & ~7) { + return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_ARGUMENT); + } + return 0; + case OFPAT_STRIP_VLAN: case OFPAT_SET_NW_SRC: case OFPAT_SET_NW_DST: @@ -558,9 +618,12 @@ check_action(const union ofp_action *a, unsigned int len, int max_ports) case OFPAT_VENDOR: return (a->vendor.vendor == htonl(NX_VENDOR_ID) - ? check_nicira_action(a, len) + ? check_nicira_action(a, len, flow) : ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_VENDOR)); + case OFPAT_ENQUEUE: + return check_enqueue_action(a, len, max_ports); + default: VLOG_WARN_RL(&bad_ofmsg_rl, "unknown action type %"PRIu16, ntohs(a->type)); @@ -570,13 +633,14 @@ check_action(const union ofp_action *a, unsigned int len, int max_ports) int validate_actions(const union ofp_action *actions, size_t n_actions, - int max_ports) + const struct flow *flow, int max_ports) { - const union ofp_action *a; + size_t i; - for (a = actions; a < &actions[n_actions]; ) { + for (i = 0; i < n_actions; ) { + const union ofp_action *a = &actions[i]; unsigned int len = ntohs(a->header.len); - unsigned int n_slots = len / ACTION_ALIGNMENT; + unsigned int n_slots = len / OFP_ACTION_ALIGN; unsigned int slots_left = &actions[n_actions] - a; int error; @@ -588,21 +652,36 @@ validate_actions(const union ofp_action *actions, size_t n_actions, } else if (!len) { VLOG_DBG_RL(&bad_ofmsg_rl, "action has invalid length 0"); return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); - } else if (len % ACTION_ALIGNMENT) { + } else if (len % OFP_ACTION_ALIGN) { VLOG_DBG_RL(&bad_ofmsg_rl, "action length %u is not a multiple " - "of %d", len, ACTION_ALIGNMENT); + "of %d", len, OFP_ACTION_ALIGN); return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); } - error = check_action(a, len, max_ports); + error = check_action(a, len, flow, max_ports); if (error) { return error; } - a += n_slots; + i += n_slots; } return 0; } +/* Returns true if 'action' outputs to 'port' (which must be in network byte + * order), false otherwise. */ +bool +action_outputs_to_port(const union ofp_action *action, uint16_t port) +{ + switch (ntohs(action->type)) { + case OFPAT_OUTPUT: + return action->output.port == port; + case OFPAT_ENQUEUE: + return ((const struct ofp_action_enqueue *) action)->port == port; + default: + return false; + } +} + /* The set of actions must either come from a trusted source or have been * previously validated with validate_actions(). */ const union ofp_action * @@ -617,10 +696,10 @@ actions_first(struct actions_iterator *iter, const union ofp_action * actions_next(struct actions_iterator *iter) { - if (iter->pos < iter->end) { + if (iter->pos != iter->end) { const union ofp_action *a = iter->pos; unsigned int len = ntohs(a->header.len); - iter->pos += len / ACTION_ALIGNMENT; + iter->pos += len / OFP_ACTION_ALIGN; return a; } else { return NULL; @@ -630,7 +709,8 @@ actions_next(struct actions_iterator *iter) void normalize_match(struct ofp_match *m) { - enum { OFPFW_NW = OFPFW_NW_SRC_MASK | OFPFW_NW_DST_MASK | OFPFW_NW_PROTO }; + enum { OFPFW_NW = (OFPFW_NW_SRC_MASK | OFPFW_NW_DST_MASK | OFPFW_NW_PROTO + | OFPFW_NW_TOS) }; enum { OFPFW_TP = OFPFW_TP_SRC | OFPFW_TP_DST }; uint32_t wc; @@ -641,7 +721,7 @@ normalize_match(struct ofp_match *m) /* Can't sensibly match on network or transport headers if the * data link type is unknown. */ wc |= OFPFW_NW | OFPFW_TP; - m->nw_src = m->nw_dst = m->nw_proto = 0; + m->nw_src = m->nw_dst = m->nw_proto = m->nw_tos = 0; m->tp_src = m->tp_dst = 0; } else if (m->dl_type == htons(ETH_TYPE_IP)) { if (wc & OFPFW_NW_PROTO) { @@ -672,6 +752,11 @@ normalize_match(struct ofp_match *m) if (wc & OFPFW_NW_DST_MASK) { m->nw_dst &= flow_nw_bits_to_mask(wc, OFPFW_NW_DST_SHIFT); } + if (wc & OFPFW_NW_TOS) { + m->nw_tos = 0; + } else { + m->nw_tos &= IP_DSCP_MASK; + } } else if (m->dl_type == htons(ETH_TYPE_ARP)) { if (wc & OFPFW_NW_PROTO) { m->nw_proto = 0; @@ -682,12 +767,12 @@ normalize_match(struct ofp_match *m) if (wc & OFPFW_NW_DST_MASK) { m->nw_dst &= flow_nw_bits_to_mask(wc, OFPFW_NW_DST_SHIFT); } - m->tp_src = m->tp_dst = 0; + m->tp_src = m->tp_dst = m->nw_tos = 0; } else { /* Network and transport layer fields will always be extracted as * zeros, so we can do an exact-match on those values. */ wc &= ~(OFPFW_NW | OFPFW_TP); - m->nw_proto = m->nw_src = m->nw_dst = 0; + m->nw_proto = m->nw_src = m->nw_dst = m->nw_tos = 0; m->tp_src = m->tp_dst = 0; } if (wc & OFPFW_DL_SRC) { @@ -699,3 +784,170 @@ normalize_match(struct ofp_match *m) m->wildcards = htonl(wc); } +/* Returns a string that describes 'match' in a very literal way, without + * interpreting its contents except in a very basic fashion. The returned + * string is intended to be fixed-length, so that it is easy to see differences + * between two such strings if one is put above another. This is useful for + * describing changes made by normalize_match(). + * + * The caller must free the returned string (with free()). */ +char * +ofp_match_to_literal_string(const struct ofp_match *match) +{ + return xasprintf("wildcards=%#10"PRIx32" " + " in_port=%5"PRId16" " + " dl_src="ETH_ADDR_FMT" " + " dl_dst="ETH_ADDR_FMT" " + " dl_vlan=%5"PRId16" " + " dl_vlan_pcp=%3"PRId8" " + " dl_type=%#6"PRIx16" " + " nw_tos=%#4"PRIx8" " + " nw_proto=%#4"PRIx16" " + " nw_src=%#10"PRIx32" " + " nw_dst=%#10"PRIx32" " + " tp_src=%5"PRId16" " + " tp_dst=%5"PRId16, + ntohl(match->wildcards), + ntohs(match->in_port), + ETH_ADDR_ARGS(match->dl_src), + ETH_ADDR_ARGS(match->dl_dst), + ntohs(match->dl_vlan), + match->dl_vlan_pcp, + ntohs(match->dl_type), + match->nw_tos, + match->nw_proto, + ntohl(match->nw_src), + ntohl(match->nw_dst), + ntohs(match->tp_src), + ntohs(match->tp_dst)); +} + +static uint32_t +vendor_code_to_id(uint8_t code) +{ + switch (code) { +#define OFPUTIL_VENDOR(NAME, VENDOR_ID) case NAME: return VENDOR_ID; + OFPUTIL_VENDORS +#undef OFPUTIL_VENDOR + default: + return UINT32_MAX; + } +} + +/* Creates and returns an OpenFlow message of type OFPT_ERROR with the error + * information taken from 'error', whose encoding must be as described in the + * large comment in ofp-util.h. If 'oh' is nonnull, then the error will use + * oh->xid as its transaction ID, and it will include up to the first 64 bytes + * of 'oh'. + * + * Returns NULL if 'error' is not an OpenFlow error code. */ +struct ofpbuf * +make_ofp_error_msg(int error, const struct ofp_header *oh) +{ + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); + + struct ofpbuf *buf; + const void *data; + size_t len; + uint8_t vendor; + uint16_t type; + uint16_t code; + uint32_t xid; + + if (!is_ofp_error(error)) { + /* We format 'error' with strerror() here since it seems likely to be + * a system errno value. */ + VLOG_WARN_RL(&rl, "invalid OpenFlow error code %d (%s)", + error, strerror(error)); + return NULL; + } + + if (oh) { + xid = oh->xid; + data = oh; + len = ntohs(oh->length); + if (len > 64) { + len = 64; + } + } else { + xid = 0; + data = NULL; + len = 0; + } + + vendor = get_ofp_err_vendor(error); + type = get_ofp_err_type(error); + code = get_ofp_err_code(error); + if (vendor == OFPUTIL_VENDOR_OPENFLOW) { + struct ofp_error_msg *oem; + + oem = make_openflow_xid(len + sizeof *oem, OFPT_ERROR, xid, &buf); + oem->type = htons(type); + oem->code = htons(code); + } else { + struct ofp_error_msg *oem; + struct nx_vendor_error *nve; + uint32_t vendor_id; + + vendor_id = vendor_code_to_id(vendor); + if (vendor_id == UINT32_MAX) { + VLOG_WARN_RL(&rl, "error %x contains invalid vendor code %d", + error, vendor); + return NULL; + } + + oem = make_openflow_xid(len + sizeof *oem + sizeof *nve, + OFPT_ERROR, xid, &buf); + oem->type = htons(NXET_VENDOR); + oem->code = htons(NXVC_VENDOR_ERROR); + + nve = ofpbuf_put_uninit(buf, sizeof *nve); + nve->vendor = htonl(vendor_id); + nve->type = htons(type); + nve->code = htons(code); + } + + if (len) { + ofpbuf_put(buf, data, len); + } + + return buf; +} + +/* Attempts to pull 'actions_len' bytes from the front of 'b'. Returns 0 if + * successful, otherwise an OpenFlow error. + * + * If successful, the first action is stored in '*actionsp' and the number of + * "union ofp_action" size elements into '*n_actionsp'. Otherwise NULL and 0 + * are stored, respectively. + * + * This function does not check that the actions are valid (the caller should + * do so, with validate_actions()). The caller is also responsible for making + * sure that 'b->data' is initially aligned appropriately for "union + * ofp_action". */ +int +ofputil_pull_actions(struct ofpbuf *b, unsigned int actions_len, + union ofp_action **actionsp, size_t *n_actionsp) +{ + if (actions_len % OFP_ACTION_ALIGN != 0) { + VLOG_DBG_RL(&bad_ofmsg_rl, "OpenFlow message actions length %u " + "is not a multiple of %d", actions_len, OFP_ACTION_ALIGN); + goto error; + } + + *actionsp = ofpbuf_try_pull(b, actions_len); + if (*actionsp == NULL) { + VLOG_DBG_RL(&bad_ofmsg_rl, "OpenFlow message actions length %u " + "exceeds remaining message length (%zu)", + actions_len, b->size); + goto error; + } + + *n_actionsp = actions_len / OFP_ACTION_ALIGN; + return 0; + +error: + *actionsp = NULL; + *n_actionsp = 0; + return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN); +}