/* Use the high 32 bits of the cookie field as the tunnel ID in the flow
* match. */
NXT_TUN_ID_FROM_COOKIE,
+
+ /* Controller role support. The request body is struct nx_role_request.
+ * The reply echos the request. */
+ NXT_ROLE_REQUEST,
+ NXT_ROLE_REPLY
};
struct nicira_header {
};
OFP_ASSERT(sizeof(struct nxt_tun_id_cookie) == 24);
+/* Configures the "role" of the sending controller. The default role is:
+ *
+ * - Other (NX_ROLE_OTHER), which allows the controller access to all
+ * OpenFlow features.
+ *
+ * The other possible roles are a related pair:
+ *
+ * - Master (NX_ROLE_MASTER) is equivalent to Other, except that there may
+ * be at most one Master controller at a time: when a controller
+ * configures itself as Master, any existing Master is demoted to the
+ * Slave role.
+ *
+ * - Slave (NX_ROLE_SLAVE) allows the controller read-only access to
+ * OpenFlow features. In particular attempts to modify the flow table
+ * will be rejected with an OFPBRC_EPERM error.
+ *
+ * Slave controllers also do not receive asynchronous messages
+ * (OFPT_PACKET_IN, OFPT_FLOW_REMOVED, OFPT_PORT_STATUS).
+ */
+struct nx_role_request {
+ struct nicira_header nxh;
+ uint32_t role; /* One of NX_ROLE_*. */
+};
+
+enum nx_role {
+ NX_ROLE_OTHER, /* Default role, full access. */
+ NX_ROLE_MASTER, /* Full access, at most one. */
+ NX_ROLE_SLAVE /* Read-only access. */
+};
+
enum nx_action_subtype {
NXAST_SNAT__OBSOLETE, /* No longer used. */
struct rconn_packet_counter *reply_counter;
/* type == OFCONN_CONTROLLER only. */
+ enum nx_role role; /* Role. */
struct hmap_node hmap_node; /* In struct ofproto's "controllers" map. */
struct discovery *discovery; /* Controller discovery object, if enabled. */
struct status_category *ss; /* Switch status category. */
struct ofp_port_status *ops;
struct ofpbuf *b;
+ if (ofconn->role == NX_ROLE_SLAVE) {
+ continue;
+ }
+
ops = make_openflow_xid(sizeof *ops, OFPT_PORT_STATUS, 0, &b);
ops->reason = reason;
ops->desc = ofport->opp;
list_push_back(&p->all_conns, &ofconn->node);
ofconn->rconn = rconn;
ofconn->type = type;
+ ofconn->role = NX_ROLE_OTHER;
ofconn->packet_in_counter = rconn_packet_counter_create ();
ofconn->pktbuf = NULL;
ofconn->miss_send_len = 0;
}
flags = ntohs(osc->flags);
- if (ofconn->type == OFCONN_CONTROLLER) {
+ if (ofconn->type == OFCONN_CONTROLLER && ofconn->role != NX_ROLE_SLAVE) {
switch (flags & OFPC_FRAG_MASK) {
case OFPC_FRAG_NORMAL:
dpif_set_drop_frags(p->dpif, false);
return 0;
}
+/* Checks whether 'ofconn' is a slave controller. If so, returns an OpenFlow
+ * error message code (composed with ofp_mkerr()) for the caller to propagate
+ * upward. Otherwise, returns 0.
+ *
+ * 'oh' is used to make log messages more informative. */
+static int
+reject_slave_controller(struct ofconn *ofconn, const struct ofp_header *oh)
+{
+ if (ofconn->type == OFCONN_CONTROLLER && ofconn->role == NX_ROLE_SLAVE) {
+ static struct vlog_rate_limit perm_rl = VLOG_RATE_LIMIT_INIT(1, 5);
+ char *type_name;
+
+ type_name = ofp_message_type_to_string(oh->type);
+ VLOG_WARN_RL(&perm_rl, "rejecting %s message from slave controller",
+ type_name);
+ free(type_name);
+
+ return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_EPERM);
+ } else {
+ return 0;
+ }
+}
+
static int
handle_packet_out(struct ofproto *p, struct ofconn *ofconn,
struct ofp_header *oh)
flow_t flow;
int error;
+ error = reject_slave_controller(ofconn, oh);
+ if (error) {
+ return error;
+ }
+
error = check_ofp_packet_out(oh, &payload, &n_actions, p->max_ports);
if (error) {
return error;
}
static int
-handle_port_mod(struct ofproto *p, struct ofp_header *oh)
+handle_port_mod(struct ofproto *p, struct ofconn *ofconn,
+ struct ofp_header *oh)
{
const struct ofp_port_mod *opm;
struct ofport *port;
int error;
+ error = reject_slave_controller(ofconn, oh);
+ if (error) {
+ return error;
+ }
error = check_ofp_message(oh, OFPT_PORT_MOD, sizeof *opm);
if (error) {
return error;
size_t n_actions;
int error;
+ error = reject_slave_controller(ofconn, &ofm->header);
+ if (error) {
+ return error;
+ }
error = check_ofp_message_array(&ofm->header, OFPT_FLOW_MOD, sizeof *ofm,
sizeof *ofm->actions, &n_actions);
if (error) {
return 0;
}
+static int
+handle_role_request(struct ofproto *ofproto,
+ struct ofconn *ofconn, struct nicira_header *msg)
+{
+ struct nx_role_request *nrr;
+ struct nx_role_request *reply;
+ struct ofpbuf *buf;
+ uint32_t role;
+
+ if (ntohs(msg->header.length) != sizeof *nrr) {
+ VLOG_WARN_RL(&rl, "received role request of length %zu (expected %zu)",
+ ntohs(msg->header.length), sizeof *nrr);
+ return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN);
+ }
+ nrr = (struct nx_role_request *) msg;
+
+ if (ofconn->type != OFCONN_CONTROLLER) {
+ VLOG_WARN_RL(&rl, "ignoring role request on non-controller "
+ "connection");
+ return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_EPERM);
+ }
+
+ role = ntohl(nrr->role);
+ if (role != NX_ROLE_OTHER && role != NX_ROLE_MASTER
+ && role != NX_ROLE_SLAVE) {
+ VLOG_WARN_RL(&rl, "received request for unknown role %"PRIu32, role);
+
+ /* There's no good error code for this. */
+ return ofp_mkerr(OFPET_BAD_REQUEST, -1);
+ }
+
+ if (role == NX_ROLE_MASTER) {
+ struct ofconn *other;
+
+ HMAP_FOR_EACH (other, struct ofconn, hmap_node,
+ &ofproto->controllers) {
+ if (other->role == NX_ROLE_MASTER) {
+ other->role = NX_ROLE_SLAVE;
+ }
+ }
+ }
+ ofconn->role = role;
+
+ reply = make_openflow_xid(sizeof *reply, OFPT_VENDOR, msg->header.xid,
+ &buf);
+ reply->nxh.vendor = htonl(NX_VENDOR_ID);
+ reply->nxh.subtype = htonl(NXT_ROLE_REPLY);
+ reply->role = htonl(role);
+ queue_tx(buf, ofconn, ofconn->reply_counter);
+
+ return 0;
+}
+
static int
handle_vendor(struct ofproto *p, struct ofconn *ofconn, void *msg)
{
case NXT_TUN_ID_FROM_COOKIE:
return handle_tun_id_from_cookie(p, msg);
+
+ case NXT_ROLE_REQUEST:
+ return handle_role_request(p, ofconn, msg);
}
return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_SUBTYPE);
break;
case OFPT_PORT_MOD:
- error = handle_port_mod(p, oh);
+ error = handle_port_mod(p, ofconn, oh);
break;
case OFPT_FLOW_MOD:
rule_uninstall(ofproto, rule);
}
}
+
static void
send_flow_removed(struct ofproto *p, struct rule *rule,
long long int now, uint8_t reason)
prev = NULL;
LIST_FOR_EACH (ofconn, struct ofconn, node, &p->all_conns) {
- if (rule->send_flow_removed && rconn_is_connected(ofconn->rconn)) {
+ if (rule->send_flow_removed && rconn_is_connected(ofconn->rconn)
+ && ofconn->role != NX_ROLE_SLAVE) {
if (prev) {
queue_tx(ofpbuf_clone(buf), prev, prev->reply_counter);
} else {
prev = NULL;
LIST_FOR_EACH (ofconn, struct ofconn, node, &ofproto->all_conns) {
- if (prev) {
- pinsched_send(prev->schedulers[msg->type], msg->port,
- ofpbuf_clone(packet), do_send_packet_in, prev);
+ if (ofconn->role != NX_ROLE_SLAVE) {
+ if (prev) {
+ pinsched_send(prev->schedulers[msg->type], msg->port,
+ ofpbuf_clone(packet), do_send_packet_in, prev);
+ }
+ prev = ofconn;
}
- prev = ofconn;
}
if (prev) {
pinsched_send(prev->schedulers[msg->type], msg->port,
projects / openvswitch / commitdiff