]>
Commit | Line | Data |
---|---|---|
064af421 | 1 | /* |
6409e008 | 2 | * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 Nicira, Inc. |
a14bc59f BP |
3 | * |
4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
5 | * you may not use this file except in compliance with the License. | |
6 | * You may obtain a copy of the License at: | |
7 | * | |
8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
9 | * | |
10 | * Unless required by applicable law or agreed to in writing, software | |
11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
13 | * See the License for the specific language governing permissions and | |
14 | * limitations under the License. | |
064af421 BP |
15 | */ |
16 | ||
17 | #ifndef OPENFLOW_NICIRA_EXT_H | |
18 | #define OPENFLOW_NICIRA_EXT_H 1 | |
19 | ||
1825f2ec TG |
20 | #include <openflow/openflow.h> |
21 | #include <openvswitch/types.h> | |
064af421 | 22 | |
e0edde6f | 23 | /* The following vendor extensions, proposed by Nicira, are not yet |
26c112c2 BP |
24 | * standardized, so they are not included in openflow.h. Some of them may be |
25 | * suitable for standardization; others we never expect to standardize. */ | |
064af421 | 26 | |
26c112c2 BP |
27 | \f |
28 | /* Nicira vendor-specific error messages extension. | |
29 | * | |
30 | * OpenFlow 1.0 has a set of predefined error types (OFPET_*) and codes (which | |
31 | * are specific to each type). It does not have any provision for | |
32 | * vendor-specific error codes, and it does not even provide "generic" error | |
33 | * codes that can apply to problems not anticipated by the OpenFlow | |
34 | * specification authors. | |
35 | * | |
36 | * This extension attempts to address the problem by adding a generic "error | |
37 | * vendor extension". The extension works as follows: use NXET_VENDOR as type | |
6eb59a8f | 38 | * and NXVC_VENDOR_ERROR as code, followed by struct nx_vendor_error with |
26c112c2 BP |
39 | * vendor-specific details, followed by at least 64 bytes of the failed |
40 | * request. | |
41 | * | |
a23aab1f | 42 | * It would be better to have a type-specific vendor extension, e.g. so that |
26c112c2 BP |
43 | * OFPET_BAD_ACTION could be used with vendor-specific code values. But |
44 | * OFPET_BAD_ACTION and most other standardized types already specify that | |
45 | * their 'data' values are (the start of) the OpenFlow message being replied | |
46 | * to, so there is no room to insert a vendor ID. | |
47 | * | |
48 | * Currently this extension is only implemented by Open vSwitch, but it seems | |
49 | * like a reasonable candidate for future standardization. | |
50 | */ | |
51 | ||
52 | /* This is a random number to avoid accidental collision with any other | |
53 | * vendor's extension. */ | |
54 | #define NXET_VENDOR 0xb0c2 | |
55 | ||
56 | /* ofp_error msg 'code' values for NXET_VENDOR. */ | |
57 | enum nx_vendor_code { | |
58 | NXVC_VENDOR_ERROR /* 'data' contains struct nx_vendor_error. */ | |
59 | }; | |
60 | ||
61 | /* 'data' for 'type' == NXET_VENDOR, 'code' == NXVC_VENDOR_ERROR. */ | |
62 | struct nx_vendor_error { | |
63 | ovs_be32 vendor; /* Vendor ID as in struct ofp_vendor_header. */ | |
64 | ovs_be16 type; /* Vendor-defined type. */ | |
65 | ovs_be16 code; /* Vendor-defined subtype. */ | |
66 | /* Followed by at least the first 64 bytes of the failed request. */ | |
67 | }; | |
68 | \f | |
69 | /* Nicira vendor requests and replies. */ | |
064af421 | 70 | |
520e9a2a EJ |
71 | /* Fields to use when hashing flows. */ |
72 | enum nx_hash_fields { | |
73 | /* Ethernet source address (NXM_OF_ETH_SRC) only. */ | |
74 | NX_HASH_FIELDS_ETH_SRC, | |
75 | ||
76 | /* L2 through L4, symmetric across src/dst. Specifically, each of the | |
77 | * following fields, if present, is hashed (slashes separate symmetric | |
78 | * pairs): | |
79 | * | |
80 | * - NXM_OF_ETH_DST / NXM_OF_ETH_SRC | |
81 | * - NXM_OF_ETH_TYPE | |
82 | * - The VID bits from NXM_OF_VLAN_TCI, ignoring PCP and CFI. | |
83 | * - NXM_OF_IP_PROTO | |
84 | * - NXM_OF_IP_SRC / NXM_OF_IP_DST | |
85 | * - NXM_OF_TCP_SRC / NXM_OF_TCP_DST | |
86 | */ | |
4249b547 JB |
87 | NX_HASH_FIELDS_SYMMETRIC_L4, |
88 | ||
89 | /* L3+L4 only, including the following fields: | |
90 | * | |
91 | * - NXM_OF_IP_PROTO | |
92 | * - NXM_OF_IP_SRC / NXM_OF_IP_DST | |
93 | * - NXM_OF_SCTP_SRC / NXM_OF_SCTP_DST | |
94 | * - NXM_OF_TCP_SRC / NXM_OF_TCP_DST | |
95 | */ | |
96 | NX_HASH_FIELDS_SYMMETRIC_L3L4, | |
97 | ||
98 | /* L3+L4 only with UDP ports, including the following fields: | |
99 | * | |
100 | * - NXM_OF_IP_PROTO | |
101 | * - NXM_OF_IP_SRC / NXM_OF_IP_DST | |
102 | * - NXM_OF_SCTP_SRC / NXM_OF_SCTP_DST | |
103 | * - NXM_OF_TCP_SRC / NXM_OF_TCP_DST | |
104 | * - NXM_OF_UDP_SRC / NXM_OF_UDP_DST | |
105 | */ | |
417cfdb6 | 106 | NX_HASH_FIELDS_SYMMETRIC_L3L4_UDP, |
4249b547 | 107 | |
417cfdb6 | 108 | /* Network source address (NXM_OF_IP_SRC) only. */ |
109 | NX_HASH_FIELDS_NW_SRC, | |
110 | ||
111 | /* Network destination address (NXM_OF_IP_DST) only. */ | |
112 | NX_HASH_FIELDS_NW_DST | |
4249b547 | 113 | |
520e9a2a EJ |
114 | }; |
115 | ||
54834960 EJ |
116 | /* NXT_PACKET_IN (analogous to OFPT_PACKET_IN). |
117 | * | |
42edbe39 BP |
118 | * NXT_PACKET_IN is similar to the OpenFlow 1.2 OFPT_PACKET_IN. The |
119 | * differences are: | |
120 | * | |
121 | * - NXT_PACKET_IN includes the cookie of the rule that triggered the | |
122 | * message. (OpenFlow 1.3 OFPT_PACKET_IN also includes the cookie.) | |
123 | * | |
124 | * - The metadata fields use NXM (instead of OXM) field numbers. | |
125 | * | |
126 | * Open vSwitch 1.9.0 and later omits metadata fields that are zero (as allowed | |
127 | * by OpenFlow 1.2). Earlier versions included all implemented metadata | |
128 | * fields. | |
129 | * | |
130 | * Open vSwitch does not include non-metadata in the nx_match, because by | |
131 | * definition that information can be found in the packet itself. The format | |
132 | * and the standards allow this, however, so controllers should be prepared to | |
133 | * tolerate future changes. | |
134 | * | |
135 | * The NXM format is convenient for reporting metadata values, but it is | |
136 | * important not to interpret the format as matching against a flow, because it | |
137 | * does not. Nothing is being matched; arbitrary metadata masks would not be | |
138 | * meaningful. | |
54834960 EJ |
139 | * |
140 | * Whereas in most cases a controller can expect to only get back NXM fields | |
141 | * that it set up itself (e.g. flow dumps will ordinarily report only NXM | |
142 | * fields from flows that the controller added), NXT_PACKET_IN messages might | |
143 | * contain fields that the controller does not understand, because the switch | |
144 | * might support fields (new registers, new protocols, etc.) that the | |
42edbe39 | 145 | * controller does not. The controller must prepared to tolerate these. |
54834960 | 146 | * |
d4fa4e79 BP |
147 | * The 'cookie' field has no meaning when 'reason' is OFPR_NO_MATCH. In this |
148 | * case it should be UINT64_MAX. */ | |
73dbf4ab | 149 | struct nx_packet_in { |
54834960 EJ |
150 | ovs_be32 buffer_id; /* ID assigned by datapath. */ |
151 | ovs_be16 total_len; /* Full length of frame. */ | |
152 | uint8_t reason; /* Reason packet is sent (one of OFPR_*). */ | |
153 | uint8_t table_id; /* ID of the table that was looked up. */ | |
154 | ovs_be64 cookie; /* Cookie of the rule that was looked up. */ | |
155 | ovs_be16 match_len; /* Size of nx_match. */ | |
156 | uint8_t pad[6]; /* Align to 64-bits. */ | |
157 | /* Followed by: | |
158 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
159 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
160 | * all-zero bytes, then | |
161 | * - Exactly 2 all-zero padding bytes, then | |
162 | * - An Ethernet frame whose length is inferred from nxh.header.length. | |
163 | * | |
164 | * The padding bytes preceding the Ethernet frame ensure that the IP | |
165 | * header (if any) following the Ethernet header is 32-bit aligned. */ | |
166 | ||
42edbe39 | 167 | /* uint8_t nxm_fields[...]; */ /* NXM headers. */ |
54834960 EJ |
168 | /* uint8_t pad[2]; */ /* Align to 64 bit + 16 bit. */ |
169 | /* uint8_t data[0]; */ /* Ethernet frame. */ | |
170 | }; | |
982697a4 | 171 | OFP_ASSERT(sizeof(struct nx_packet_in) == 24); |
54834960 | 172 | |
77ab5fd2 BP |
173 | /* NXT_PACKET_IN2 |
174 | * ============== | |
6409e008 BP |
175 | * |
176 | * NXT_PACKET_IN2 is conceptually similar to OFPT_PACKET_IN but it is expressed | |
177 | * as an extensible set of properties instead of using a fixed structure. | |
178 | * | |
77ab5fd2 BP |
179 | * Added in Open vSwitch 2.6 |
180 | * | |
181 | * | |
182 | * Continuations | |
183 | * ------------- | |
184 | * | |
185 | * When a "controller" action specifies the "pause" flag, the controller action | |
186 | * freezes the packet's trip through Open vSwitch flow tables and serializes | |
187 | * that state into the packet-in message as a "continuation". The controller | |
188 | * can later send the continuation back to the switch, which will restart the | |
189 | * packet's traversal from the point where it was interrupted. This permits an | |
190 | * OpenFlow controller to interpose on a packet midway through processing in | |
191 | * Open vSwitch. | |
192 | * | |
193 | * Continuations fit into packet processing this way: | |
194 | * | |
195 | * 1. A packet ingresses into Open vSwitch, which runs it through the OpenFlow | |
196 | * tables. | |
197 | * | |
198 | * 2. An OpenFlow flow executes a "controller" action that includes the "pause" | |
199 | * flag. Open vSwitch serializes the packet processing state and sends it, | |
200 | * as an NXT_PACKET_IN2 that includes an additional NXPINT_CONTINUATION | |
201 | * property (the continuation), to the OpenFlow controller. | |
202 | * | |
203 | * (The controller must use NXAST_CONTROLLER2 to generate the packet-in, | |
204 | * because only this form of the "controller" action has a "pause" flag. | |
205 | * Similarly, the controller must use NXT_SET_PACKET_IN_FORMAT to select | |
206 | * NXT_PACKET_IN2 as the packet-in format, because this is the only format | |
207 | * that supports continuation passing.) | |
208 | * | |
209 | * 3. The controller receives the NXT_PACKET_IN2 and processes it. The | |
210 | * controller can interpret and, if desired, modify some of the contents of | |
211 | * the packet-in, such as the packet and the metadata being processed. | |
212 | * | |
213 | * 4. The controller sends the continuation back to the switch, using an | |
214 | * NXT_RESUME message. Packet processing resumes where it left off. | |
215 | * | |
216 | * The controller might change the pipeline configuration concurrently with | |
217 | * steps 2 through 4. For example, it might add or remove OpenFlow flows. If | |
218 | * that happens, then the packet will experience a mix of processing from the | |
219 | * two configurations, that is, the initial processing (before | |
220 | * NXAST_CONTROLLER2) uses the initial flow table, and the later processing | |
221 | * (after NXT_RESUME) uses the later flow table. This means that the | |
222 | * controller needs to take care to avoid incompatible pipeline changes while | |
223 | * processing continuations. | |
224 | * | |
225 | * External side effects (e.g. "output") of OpenFlow actions processed before | |
226 | * NXAST_CONTROLLER2 is encountered might be executed during step 2 or step 4, | |
227 | * and the details may vary among Open vSwitch features and versions. Thus, a | |
228 | * controller that wants to make sure that side effects are executed must pass | |
229 | * the continuation back to the switch, that is, must not skip step 4. | |
230 | * | |
231 | * Architecturally, continuations may be "stateful" or "stateless", that is, | |
232 | * they may or may not refer to buffered state maintained in Open vSwitch. | |
233 | * This means that a controller should not attempt to resume a given | |
234 | * continuations more than once (because the switch might have discarded the | |
235 | * buffered state after the first use). For the same reason, continuations | |
236 | * might become "stale" if the controller takes too long to resume them | |
237 | * (because the switch might have discarded old buffered state). Taken | |
238 | * together with the previous note, this means that a controller should resume | |
239 | * each continuation exactly once (and promptly). | |
240 | * | |
241 | * Without the information in NXPINT_CONTINUATION, the controller can (with | |
242 | * careful design, and help from the flow cookie) determine where the packet is | |
243 | * in the pipeline, but in the general case it can't determine what nested | |
244 | * "resubmit"s that may be in progress, or what data is on the stack maintained | |
245 | * by NXAST_STACK_PUSH and NXAST_STACK_POP actions, what is in the OpenFlow | |
246 | * action set, etc. | |
247 | * | |
248 | * Continuations are expensive because they require a round trip between the | |
249 | * switch and the controller. Thus, they should not be used to implement | |
250 | * processing that needs to happen at "line rate". | |
251 | * | |
252 | * The contents of NXPINT_CONTINUATION are private to the switch, may change | |
253 | * unpredictably from one version of Open vSwitch to another, and are not | |
254 | * documented here. The contents are also tied to a given Open vSwitch process | |
255 | * and bridge, so that restarting Open vSwitch or deleting and recreating a | |
256 | * bridge will cause the corresponding NXT_RESUME to be rejected. | |
257 | * | |
258 | * In the current implementation, Open vSwitch forks the packet processing | |
259 | * pipeline across patch ports. Suppose, for example, that the pipeline for | |
260 | * br0 outputs to a patch port whose peer belongs to br1, and that the pipeline | |
261 | * for br1 executes a controller action with the "pause" flag. This only | |
262 | * pauses processing within br1, and processing in br0 continues and possibly | |
263 | * completes with visible side effects, such as outputting to ports, before | |
264 | * br1's controller receives or processes the continuation. This | |
265 | * implementation maintains the independence of separate bridges and, since | |
266 | * processing in br1 cannot affect the behavior of br0 anyway, should not cause | |
267 | * visible behavioral changes. | |
268 | * | |
269 | * A stateless implementation of continuations may ignore the "controller" | |
270 | * action max_len, always sending the whole packet, because the full packet is | |
271 | * required to continue traversal. | |
272 | */ | |
6409e008 BP |
273 | enum nx_packet_in2_prop_type { |
274 | /* Packet. */ | |
275 | NXPINT_PACKET, /* Raw packet data. */ | |
276 | NXPINT_FULL_LEN, /* ovs_be32: Full packet len, if truncated. */ | |
277 | NXPINT_BUFFER_ID, /* ovs_be32: Buffer ID, if buffered. */ | |
278 | ||
279 | /* Information about the flow that triggered the packet-in. */ | |
280 | NXPINT_TABLE_ID, /* uint8_t: Table ID. */ | |
281 | NXPINT_COOKIE, /* ovs_be64: Flow cookie. */ | |
282 | ||
283 | /* Other. */ | |
284 | NXPINT_REASON, /* uint8_t, one of OFPR_*. */ | |
285 | NXPINT_METADATA, /* NXM or OXM for metadata fields. */ | |
bdcad671 | 286 | NXPINT_USERDATA, /* From NXAST_CONTROLLER2 userdata. */ |
77ab5fd2 | 287 | NXPINT_CONTINUATION, /* Private data for continuing processing. */ |
6409e008 BP |
288 | }; |
289 | ||
9deba63b BP |
290 | /* Configures the "role" of the sending controller. The default role is: |
291 | * | |
292 | * - Other (NX_ROLE_OTHER), which allows the controller access to all | |
293 | * OpenFlow features. | |
294 | * | |
295 | * The other possible roles are a related pair: | |
296 | * | |
297 | * - Master (NX_ROLE_MASTER) is equivalent to Other, except that there may | |
298 | * be at most one Master controller at a time: when a controller | |
299 | * configures itself as Master, any existing Master is demoted to the | |
300 | * Slave role. | |
301 | * | |
302 | * - Slave (NX_ROLE_SLAVE) allows the controller read-only access to | |
303 | * OpenFlow features. In particular attempts to modify the flow table | |
304 | * will be rejected with an OFPBRC_EPERM error. | |
305 | * | |
197a992f BP |
306 | * Slave controllers do not receive OFPT_PACKET_IN or OFPT_FLOW_REMOVED |
307 | * messages, but they do receive OFPT_PORT_STATUS messages. | |
9deba63b BP |
308 | */ |
309 | struct nx_role_request { | |
459749fe | 310 | ovs_be32 role; /* One of NX_ROLE_*. */ |
9deba63b | 311 | }; |
982697a4 | 312 | OFP_ASSERT(sizeof(struct nx_role_request) == 4); |
9deba63b BP |
313 | |
314 | enum nx_role { | |
315 | NX_ROLE_OTHER, /* Default role, full access. */ | |
316 | NX_ROLE_MASTER, /* Full access, at most one. */ | |
317 | NX_ROLE_SLAVE /* Read-only access. */ | |
318 | }; | |
80d5aefd BP |
319 | |
320 | /* NXT_SET_ASYNC_CONFIG. | |
321 | * | |
322 | * Sent by a controller, this message configures the asynchronous messages that | |
323 | * the controller wants to receive. Element 0 in each array specifies messages | |
324 | * of interest when the controller has an "other" or "master" role; element 1, | |
325 | * when the controller has a "slave" role. | |
326 | * | |
327 | * Each array element is a bitmask in which a 0-bit disables receiving a | |
328 | * particular message and a 1-bit enables receiving it. Each bit controls the | |
329 | * message whose 'reason' corresponds to the bit index. For example, the bit | |
330 | * with value 1<<2 == 4 in port_status_mask[1] determines whether the | |
331 | * controller will receive OFPT_PORT_STATUS messages with reason OFPPR_MODIFY | |
332 | * (value 2) when the controller has a "slave" role. | |
4550b647 MM |
333 | * |
334 | * As a side effect, for service controllers, this message changes the | |
335 | * miss_send_len from default of zero to OFP_DEFAULT_MISS_SEND_LEN (128). | |
80d5aefd BP |
336 | */ |
337 | struct nx_async_config { | |
80d5aefd BP |
338 | ovs_be32 packet_in_mask[2]; /* Bitmasks of OFPR_* values. */ |
339 | ovs_be32 port_status_mask[2]; /* Bitmasks of OFPRR_* values. */ | |
340 | ovs_be32 flow_removed_mask[2]; /* Bitmasks of OFPPR_* values. */ | |
341 | }; | |
982697a4 | 342 | OFP_ASSERT(sizeof(struct nx_async_config) == 24); |
26c112c2 | 343 | \f |
09246b99 BP |
344 | /* Flexible flow specifications (aka NXM = Nicira Extended Match). |
345 | * | |
eec25dc1 | 346 | * OpenFlow 1.0 has "struct ofp10_match" for specifying flow matches. This |
09246b99 BP |
347 | * structure is fixed-length and hence difficult to extend. This section |
348 | * describes a more flexible, variable-length flow match, called "nx_match" for | |
349 | * short, that is also supported by Open vSwitch. This section also defines a | |
eec25dc1 | 350 | * replacement for each OpenFlow message that includes struct ofp10_match. |
09246b99 | 351 | * |
16c35c1d YT |
352 | * OpenFlow 1.2+ introduced OpenFlow Extensible Match (OXM), adapting |
353 | * the design of NXM. The format of NXM and OXM are compatible. | |
354 | * | |
09246b99 BP |
355 | * |
356 | * Format | |
357 | * ====== | |
358 | * | |
359 | * An nx_match is a sequence of zero or more "nxm_entry"s, which are | |
360 | * type-length-value (TLV) entries, each 5 to 259 (inclusive) bytes long. | |
361 | * "nxm_entry"s are not aligned on or padded to any multibyte boundary. The | |
362 | * first 4 bytes of an nxm_entry are its "header", followed by the entry's | |
363 | * "body". | |
364 | * | |
365 | * An nxm_entry's header is interpreted as a 32-bit word in network byte order: | |
366 | * | |
367 | * |<-------------------- nxm_type ------------------>| | |
368 | * | | | |
369 | * |31 16 15 9| 8 7 0 | |
370 | * +----------------------------------+---------------+--+------------------+ | |
371 | * | nxm_vendor | nxm_field |hm| nxm_length | | |
372 | * +----------------------------------+---------------+--+------------------+ | |
373 | * | |
374 | * The most-significant 23 bits of the header are collectively "nxm_type". | |
16c35c1d YT |
375 | * Bits 16...31 are "nxm_vendor", one of OFPXMC12_* values. In case of |
376 | * NXM, it's either OFPXMC12_NXM_0 or OFPXMC12_NXM_1. | |
377 | * Bits 9...15 are "nxm_field", which is a vendor-specific value. nxm_type | |
378 | * normally designates a protocol header, such as the Ethernet type, but it | |
379 | * can also refer to packet metadata, such as the switch port on which a packet | |
380 | * arrived. | |
09246b99 BP |
381 | * |
382 | * Bit 8 is "nxm_hasmask" (labeled "hm" above for space reasons). The meaning | |
383 | * of this bit is explained later. | |
384 | * | |
385 | * The least-significant 8 bits are "nxm_length", a positive integer. The | |
386 | * length of the nxm_entry, including the header, is exactly 4 + nxm_length | |
387 | * bytes. | |
388 | * | |
389 | * For a given nxm_vendor, nxm_field, and nxm_hasmask value, nxm_length is a | |
390 | * constant. It is included only to allow software to minimally parse | |
391 | * "nxm_entry"s of unknown types. (Similarly, for a given nxm_vendor, | |
392 | * nxm_field, and nxm_length, nxm_hasmask is a constant.) | |
393 | * | |
394 | * | |
395 | * Semantics | |
396 | * ========= | |
397 | * | |
398 | * A zero-length nx_match (one with no "nxm_entry"s) matches every packet. | |
399 | * | |
400 | * An nxm_entry places a constraint on the packets matched by the nx_match: | |
401 | * | |
402 | * - If nxm_hasmask is 0, the nxm_entry's body contains a value for the | |
403 | * field, called "nxm_value". The nx_match matches only packets in which | |
404 | * the field equals nxm_value. | |
405 | * | |
406 | * - If nxm_hasmask is 1, then the nxm_entry's body contains a value for the | |
407 | * field (nxm_value), followed by a bitmask of the same length as the | |
408 | * value, called "nxm_mask". For each 1-bit in position J in nxm_mask, the | |
409 | * nx_match matches only packets for which bit J in the given field's value | |
410 | * matches bit J in nxm_value. A 0-bit in nxm_mask causes the | |
e1cfc4e4 BP |
411 | * corresponding bit in nxm_value is ignored (it should be 0; Open vSwitch |
412 | * may enforce this someday), as is the corresponding bit in the field's | |
413 | * value. (The sense of the nxm_mask bits is the opposite of that used by | |
414 | * the "wildcards" member of struct ofp10_match.) | |
09246b99 BP |
415 | * |
416 | * When nxm_hasmask is 1, nxm_length is always even. | |
417 | * | |
418 | * An all-zero-bits nxm_mask is equivalent to omitting the nxm_entry | |
419 | * entirely. An all-one-bits nxm_mask is equivalent to specifying 0 for | |
420 | * nxm_hasmask. | |
421 | * | |
422 | * When there are multiple "nxm_entry"s, all of the constraints must be met. | |
423 | * | |
424 | * | |
425 | * Mask Restrictions | |
426 | * ================= | |
427 | * | |
428 | * Masks may be restricted: | |
429 | * | |
430 | * - Some nxm_types may not support masked wildcards, that is, nxm_hasmask | |
431 | * must always be 0 when these fields are specified. For example, the | |
432 | * field that identifies the port on which a packet was received may not be | |
433 | * masked. | |
434 | * | |
435 | * - Some nxm_types that do support masked wildcards may only support certain | |
436 | * nxm_mask patterns. For example, fields that have IPv4 address values | |
437 | * may be restricted to CIDR masks. | |
438 | * | |
439 | * These restrictions should be noted in specifications for individual fields. | |
440 | * A switch may accept an nxm_hasmask or nxm_mask value that the specification | |
441 | * disallows, if the switch correctly implements support for that nxm_hasmask | |
442 | * or nxm_mask value. A switch must reject an attempt to set up a flow that | |
443 | * contains a nxm_hasmask or nxm_mask value that it does not support. | |
444 | * | |
445 | * | |
446 | * Prerequisite Restrictions | |
447 | * ========================= | |
448 | * | |
449 | * The presence of an nxm_entry with a given nxm_type may be restricted based | |
450 | * on the presence of or values of other "nxm_entry"s. For example: | |
451 | * | |
452 | * - An nxm_entry for nxm_type=NXM_OF_IP_TOS is allowed only if it is | |
453 | * preceded by another entry with nxm_type=NXM_OF_ETH_TYPE, nxm_hasmask=0, | |
454 | * and nxm_value=0x0800. That is, matching on the IP source address is | |
455 | * allowed only if the Ethernet type is explicitly set to IP. | |
456 | * | |
e51df1a0 BP |
457 | * - An nxm_entry for nxm_type=NXM_OF_TCP_SRC is allowed only if it is |
458 | * preceded by an entry with nxm_type=NXM_OF_ETH_TYPE, nxm_hasmask=0, and | |
459 | * nxm_value either 0x0800 or 0x86dd, and another with | |
460 | * nxm_type=NXM_OF_IP_PROTO, nxm_hasmask=0, nxm_value=6, in that order. | |
461 | * That is, matching on the TCP source port is allowed only if the Ethernet | |
462 | * type is IP or IPv6 and the IP protocol is TCP. | |
09246b99 BP |
463 | * |
464 | * These restrictions should be noted in specifications for individual fields. | |
465 | * A switch may implement relaxed versions of these restrictions. A switch | |
466 | * must reject an attempt to set up a flow that violates its restrictions. | |
467 | * | |
468 | * | |
469 | * Ordering Restrictions | |
470 | * ===================== | |
471 | * | |
472 | * An nxm_entry that has prerequisite restrictions must appear after the | |
473 | * "nxm_entry"s for its prerequisites. Ordering of "nxm_entry"s within an | |
474 | * nx_match is not otherwise constrained. | |
475 | * | |
476 | * Any given nxm_type may appear in an nx_match at most once. | |
477 | * | |
478 | * | |
479 | * nxm_entry Examples | |
480 | * ================== | |
481 | * | |
482 | * These examples show the format of a single nxm_entry with particular | |
483 | * nxm_hasmask and nxm_length values. The diagrams are labeled with field | |
484 | * numbers and byte indexes. | |
485 | * | |
486 | * | |
be86ea7a | 487 | * 8-bit nxm_value, nxm_hasmask=1, nxm_length=2: |
09246b99 BP |
488 | * |
489 | * 0 3 4 5 | |
490 | * +------------+---+---+ | |
491 | * | header | v | m | | |
492 | * +------------+---+---+ | |
493 | * | |
494 | * | |
495 | * 16-bit nxm_value, nxm_hasmask=0, nxm_length=2: | |
496 | * | |
497 | * 0 3 4 5 | |
498 | * +------------+------+ | |
499 | * | header | value| | |
500 | * +------------+------+ | |
501 | * | |
502 | * | |
503 | * 32-bit nxm_value, nxm_hasmask=0, nxm_length=4: | |
504 | * | |
505 | * 0 3 4 7 | |
506 | * +------------+-------------+ | |
507 | * | header | nxm_value | | |
508 | * +------------+-------------+ | |
509 | * | |
510 | * | |
511 | * 48-bit nxm_value, nxm_hasmask=0, nxm_length=6: | |
512 | * | |
513 | * 0 3 4 9 | |
514 | * +------------+------------------+ | |
515 | * | header | nxm_value | | |
516 | * +------------+------------------+ | |
517 | * | |
518 | * | |
519 | * 48-bit nxm_value, nxm_hasmask=1, nxm_length=12: | |
520 | * | |
521 | * 0 3 4 9 10 15 | |
522 | * +------------+------------------+------------------+ | |
523 | * | header | nxm_value | nxm_mask | | |
524 | * +------------+------------------+------------------+ | |
525 | * | |
526 | * | |
527 | * Error Reporting | |
528 | * =============== | |
529 | * | |
530 | * A switch should report an error in an nx_match using error type | |
531 | * OFPET_BAD_REQUEST and one of the NXBRC_NXM_* codes. Ideally the switch | |
532 | * should report a specific error code, if one is assigned for the particular | |
533 | * problem, but NXBRC_NXM_INVALID is also available to report a generic | |
534 | * nx_match error. | |
535 | */ | |
536 | ||
a4ce8b25 | 537 | /* Number of registers allocated NXM field IDs. */ |
b6c9e612 | 538 | #define NXM_NX_MAX_REGS 16 |
7257b535 BP |
539 | |
540 | /* Bits in the value of NXM_NX_IP_FRAG. */ | |
541 | #define NX_IP_FRAG_ANY (1 << 0) /* Is this a fragment? */ | |
542 | #define NX_IP_FRAG_LATER (1 << 1) /* Is this a fragment with nonzero offset? */ | |
d31f1109 | 543 | |
b666962b JG |
544 | /* Bits in the value of NXM_NX_TUN_FLAGS. */ |
545 | #define NX_TUN_FLAG_OAM (1 << 0) /* Is this an OAM packet? */ | |
546 | ||
09246b99 BP |
547 | /* ## --------------------- ## */ |
548 | /* ## Requests and replies. ## */ | |
549 | /* ## --------------------- ## */ | |
550 | ||
e729e793 JP |
551 | /* NXT_FLOW_MOD (analogous to OFPT_FLOW_MOD). |
552 | * | |
553 | * It is possible to limit flow deletions and modifications to certain | |
623e1caf JP |
554 | * cookies by using the NXM_NX_COOKIE(_W) matches. The "cookie" field |
555 | * is used only to add or modify flow cookies. | |
e729e793 | 556 | */ |
09246b99 | 557 | struct nx_flow_mod { |
09246b99 | 558 | ovs_be64 cookie; /* Opaque controller-issued identifier. */ |
225c33ba BP |
559 | ovs_be16 command; /* OFPFC_*, and table ID if flow_mod_table_id |
560 | * is enabled. */ | |
09246b99 BP |
561 | ovs_be16 idle_timeout; /* Idle time before discarding (seconds). */ |
562 | ovs_be16 hard_timeout; /* Max time before discarding (seconds). */ | |
563 | ovs_be16 priority; /* Priority level of flow entry. */ | |
564 | ovs_be32 buffer_id; /* Buffered packet to apply to (or -1). | |
565 | Not meaningful for OFPFC_DELETE*. */ | |
566 | ovs_be16 out_port; /* For OFPFC_DELETE* commands, require | |
567 | matching entries to include this as an | |
568 | output port. A value of OFPP_NONE | |
569 | indicates no restriction. */ | |
570 | ovs_be16 flags; /* One of OFPFF_*. */ | |
571 | ovs_be16 match_len; /* Size of nx_match. */ | |
572 | uint8_t pad[6]; /* Align to 64-bits. */ | |
573 | /* Followed by: | |
574 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
575 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
576 | * all-zero bytes, then | |
577 | * - Actions to fill out the remainder of the message length (always a | |
578 | * multiple of 8). | |
579 | */ | |
580 | }; | |
982697a4 | 581 | OFP_ASSERT(sizeof(struct nx_flow_mod) == 32); |
09246b99 | 582 | |
745bfd5e BP |
583 | /* NXT_FLOW_REMOVED (analogous to OFPT_FLOW_REMOVED). |
584 | * | |
585 | * 'table_id' is present only in Open vSwitch 1.11 and later. In earlier | |
586 | * versions of Open vSwitch, this is a padding byte that is always zeroed. | |
587 | * Therefore, a 'table_id' value of 0 indicates that the table ID is not known, | |
588 | * and other values may be interpreted as one more than the flow's former table | |
589 | * ID. */ | |
09246b99 | 590 | struct nx_flow_removed { |
09246b99 BP |
591 | ovs_be64 cookie; /* Opaque controller-issued identifier. */ |
592 | ovs_be16 priority; /* Priority level of flow entry. */ | |
593 | uint8_t reason; /* One of OFPRR_*. */ | |
745bfd5e | 594 | uint8_t table_id; /* Flow's former table ID, plus one. */ |
09246b99 BP |
595 | ovs_be32 duration_sec; /* Time flow was alive in seconds. */ |
596 | ovs_be32 duration_nsec; /* Time flow was alive in nanoseconds beyond | |
597 | duration_sec. */ | |
598 | ovs_be16 idle_timeout; /* Idle timeout from original flow mod. */ | |
599 | ovs_be16 match_len; /* Size of nx_match. */ | |
600 | ovs_be64 packet_count; | |
601 | ovs_be64 byte_count; | |
602 | /* Followed by: | |
603 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
604 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
605 | * all-zero bytes. */ | |
606 | }; | |
982697a4 | 607 | OFP_ASSERT(sizeof(struct nx_flow_removed) == 40); |
09246b99 BP |
608 | |
609 | /* Nicira vendor stats request of type NXST_FLOW (analogous to OFPST_FLOW | |
e729e793 JP |
610 | * request). |
611 | * | |
612 | * It is possible to limit matches to certain cookies by using the | |
613 | * NXM_NX_COOKIE and NXM_NX_COOKIE_W matches. | |
614 | */ | |
09246b99 | 615 | struct nx_flow_stats_request { |
09246b99 BP |
616 | ovs_be16 out_port; /* Require matching entries to include this |
617 | as an output port. A value of OFPP_NONE | |
618 | indicates no restriction. */ | |
619 | ovs_be16 match_len; /* Length of nx_match. */ | |
620 | uint8_t table_id; /* ID of table to read (from ofp_table_stats) | |
621 | or 0xff for all tables. */ | |
622 | uint8_t pad[3]; /* Align to 64 bits. */ | |
623 | /* Followed by: | |
624 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
625 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
626 | * all-zero bytes, which must also exactly fill out the length of the | |
627 | * message. | |
628 | */ | |
629 | }; | |
982697a4 | 630 | OFP_ASSERT(sizeof(struct nx_flow_stats_request) == 8); |
09246b99 BP |
631 | |
632 | /* Body for Nicira vendor stats reply of type NXST_FLOW (analogous to | |
f27f2134 BP |
633 | * OFPST_FLOW reply). |
634 | * | |
635 | * The values of 'idle_age' and 'hard_age' are only meaningful when talking to | |
636 | * a switch that implements the NXT_FLOW_AGE extension. Zero means that the | |
637 | * true value is unknown, perhaps because hardware does not track the value. | |
638 | * (Zero is also the value that one should ordinarily expect to see talking to | |
639 | * a switch that does not implement NXT_FLOW_AGE, since those switches zero the | |
640 | * padding bytes that these fields replaced.) A nonzero value X represents X-1 | |
641 | * seconds. A value of 65535 represents 65534 or more seconds. | |
642 | * | |
643 | * 'idle_age' is the number of seconds that the flow has been idle, that is, | |
644 | * the number of seconds since a packet passed through the flow. 'hard_age' is | |
645 | * the number of seconds since the flow was last modified (e.g. OFPFC_MODIFY or | |
646 | * OFPFC_MODIFY_STRICT). (The 'duration_*' fields are the elapsed time since | |
647 | * the flow was added, regardless of subsequent modifications.) | |
648 | * | |
649 | * For a flow with an idle or hard timeout, 'idle_age' or 'hard_age', | |
650 | * respectively, will ordinarily be smaller than the timeout, but flow | |
651 | * expiration times are only approximate and so one must be prepared to | |
652 | * tolerate expirations that occur somewhat early or late. | |
653 | */ | |
09246b99 BP |
654 | struct nx_flow_stats { |
655 | ovs_be16 length; /* Length of this entry. */ | |
656 | uint8_t table_id; /* ID of table flow came from. */ | |
657 | uint8_t pad; | |
658 | ovs_be32 duration_sec; /* Time flow has been alive in seconds. */ | |
659 | ovs_be32 duration_nsec; /* Time flow has been alive in nanoseconds | |
660 | beyond duration_sec. */ | |
cc75d2c7 | 661 | ovs_be16 priority; /* Priority of the entry. */ |
09246b99 BP |
662 | ovs_be16 idle_timeout; /* Number of seconds idle before expiration. */ |
663 | ovs_be16 hard_timeout; /* Number of seconds before expiration. */ | |
664 | ovs_be16 match_len; /* Length of nx_match. */ | |
f27f2134 BP |
665 | ovs_be16 idle_age; /* Seconds since last packet, plus one. */ |
666 | ovs_be16 hard_age; /* Seconds since last modification, plus one. */ | |
09246b99 | 667 | ovs_be64 cookie; /* Opaque controller-issued identifier. */ |
5e9d0469 BP |
668 | ovs_be64 packet_count; /* Number of packets, UINT64_MAX if unknown. */ |
669 | ovs_be64 byte_count; /* Number of bytes, UINT64_MAX if unknown. */ | |
09246b99 BP |
670 | /* Followed by: |
671 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
672 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
673 | * all-zero bytes, then | |
674 | * - Actions to fill out the remainder 'length' bytes (always a multiple | |
675 | * of 8). | |
676 | */ | |
677 | }; | |
678 | OFP_ASSERT(sizeof(struct nx_flow_stats) == 48); | |
679 | ||
680 | /* Nicira vendor stats request of type NXST_AGGREGATE (analogous to | |
a814ba0f BP |
681 | * OFPST_AGGREGATE request). |
682 | * | |
683 | * The reply format is identical to the reply format for OFPST_AGGREGATE, | |
684 | * except for the header. */ | |
09246b99 | 685 | struct nx_aggregate_stats_request { |
09246b99 BP |
686 | ovs_be16 out_port; /* Require matching entries to include this |
687 | as an output port. A value of OFPP_NONE | |
688 | indicates no restriction. */ | |
689 | ovs_be16 match_len; /* Length of nx_match. */ | |
690 | uint8_t table_id; /* ID of table to read (from ofp_table_stats) | |
691 | or 0xff for all tables. */ | |
692 | uint8_t pad[3]; /* Align to 64 bits. */ | |
693 | /* Followed by: | |
694 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
695 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
696 | * all-zero bytes, which must also exactly fill out the length of the | |
697 | * message. | |
698 | */ | |
699 | }; | |
982697a4 | 700 | OFP_ASSERT(sizeof(struct nx_aggregate_stats_request) == 8); |
fb8f22c1 BY |
701 | |
702 | struct nx_ipfix_stats_reply { | |
703 | ovs_be64 total_flows; | |
704 | ovs_be64 current_flows; | |
705 | ovs_be64 pkts; | |
706 | ovs_be64 ipv4_pkts; | |
707 | ovs_be64 ipv6_pkts; | |
708 | ovs_be64 error_pkts; | |
709 | ovs_be64 ipv4_error_pkts; | |
710 | ovs_be64 ipv6_error_pkts; | |
711 | ovs_be64 tx_pkts; | |
712 | ovs_be64 tx_errors; | |
713 | ovs_be32 collector_set_id; /* Range 0 to 4,294,967,295. */ | |
714 | uint8_t pad[4]; /* Pad to a multiple of 8 bytes. */ | |
715 | }; | |
716 | OFP_ASSERT(sizeof(struct nx_ipfix_stats_reply) == 88); | |
717 | ||
a7349929 BP |
718 | \f |
719 | /* NXT_SET_CONTROLLER_ID. | |
720 | * | |
721 | * Each OpenFlow controller connection has a 16-bit identifier that is | |
722 | * initially 0. This message changes the connection's ID to 'id'. | |
723 | * | |
724 | * Controller connection IDs need not be unique. | |
725 | * | |
726 | * The NXAST_CONTROLLER action is the only current user of controller | |
727 | * connection IDs. */ | |
728 | struct nx_controller_id { | |
a7349929 BP |
729 | uint8_t zero[6]; /* Must be zero. */ |
730 | ovs_be16 controller_id; /* New controller connection ID. */ | |
731 | }; | |
982697a4 | 732 | OFP_ASSERT(sizeof(struct nx_controller_id) == 8); |
2b07c8b1 BP |
733 | \f |
734 | /* Flow Table Monitoring | |
735 | * ===================== | |
736 | * | |
737 | * NXST_FLOW_MONITOR allows a controller to keep track of changes to OpenFlow | |
738 | * flow table(s) or subsets of them, with the following workflow: | |
739 | * | |
740 | * 1. The controller sends an NXST_FLOW_MONITOR request to begin monitoring | |
741 | * flows. The 'id' in the request must be unique among all monitors that | |
742 | * the controller has started and not yet canceled on this OpenFlow | |
743 | * connection. | |
744 | * | |
745 | * 2. The switch responds with an NXST_FLOW_MONITOR reply. If the request's | |
746 | * 'flags' included NXFMF_INITIAL, the reply includes all the flows that | |
747 | * matched the request at the time of the request (with event NXFME_ADDED). | |
748 | * If 'flags' did not include NXFMF_INITIAL, the reply is empty. | |
749 | * | |
750 | * The reply uses the xid of the request (as do all replies to OpenFlow | |
751 | * requests). | |
752 | * | |
753 | * 3. Whenever a change to a flow table entry matches some outstanding monitor | |
754 | * request's criteria and flags, the switch sends a notification to the | |
755 | * controller as an additional NXST_FLOW_MONITOR reply with xid 0. | |
756 | * | |
757 | * When multiple outstanding monitors match a single change, only a single | |
758 | * notification is sent. This merged notification includes the information | |
759 | * requested in any of the individual monitors. That is, if any of the | |
760 | * matching monitors requests actions (NXFMF_ACTIONS), the notification | |
761 | * includes actions, and if any of the monitors request full changes for the | |
762 | * controller's own changes (NXFMF_OWN), the controller's own changes will | |
763 | * be included in full. | |
764 | * | |
765 | * 4. The controller may cancel a monitor with NXT_FLOW_MONITOR_CANCEL. No | |
766 | * further notifications will be sent on the basis of the canceled monitor | |
767 | * afterward. | |
768 | * | |
769 | * | |
770 | * Buffer Management | |
771 | * ================= | |
772 | * | |
773 | * OpenFlow messages for flow monitor notifications can overflow the buffer | |
774 | * space available to the switch, either temporarily (e.g. due to network | |
775 | * conditions slowing OpenFlow traffic) or more permanently (e.g. the sustained | |
776 | * rate of flow table change exceeds the network bandwidth between switch and | |
777 | * controller). | |
778 | * | |
779 | * When Open vSwitch's notification buffer space reaches a limiting threshold, | |
780 | * OVS reacts as follows: | |
781 | * | |
782 | * 1. OVS sends an NXT_FLOW_MONITOR_PAUSED message to the controller, following | |
783 | * all the already queued notifications. After it receives this message, | |
784 | * the controller knows that its view of the flow table, as represented by | |
785 | * flow monitor notifications, is incomplete. | |
786 | * | |
787 | * 2. As long as the notification buffer is not empty: | |
788 | * | |
789 | * - NXMFE_ADD and NXFME_MODIFIED notifications will not be sent. | |
790 | * | |
791 | * - NXFME_DELETED notifications will still be sent, but only for flows | |
792 | * that existed before OVS sent NXT_FLOW_MONITOR_PAUSED. | |
793 | * | |
794 | * - NXFME_ABBREV notifications will not be sent. They are treated as | |
795 | * the expanded version (and therefore only the NXFME_DELETED | |
796 | * components, if any, are sent). | |
797 | * | |
798 | * 3. When the notification buffer empties, OVS sends NXFME_ADD notifications | |
799 | * for flows added since the buffer reached its limit and NXFME_MODIFIED | |
800 | * notifications for flows that existed before the limit was reached and | |
801 | * changed after the limit was reached. | |
802 | * | |
803 | * 4. OVS sends an NXT_FLOW_MONITOR_RESUMED message to the controller. After | |
804 | * it receives this message, the controller knows that its view of the flow | |
805 | * table, as represented by flow monitor notifications, is again complete. | |
806 | * | |
807 | * This allows the maximum buffer space requirement for notifications to be | |
808 | * bounded by the limit plus the maximum number of supported flows. | |
809 | * | |
810 | * | |
811 | * "Flow Removed" messages | |
812 | * ======================= | |
813 | * | |
814 | * The flow monitor mechanism is independent of OFPT_FLOW_REMOVED and | |
815 | * NXT_FLOW_REMOVED. Flow monitor updates for deletion are sent if | |
816 | * NXFMF_DELETE is set on a monitor, regardless of whether the | |
817 | * OFPFF_SEND_FLOW_REM flag was set when the flow was added. */ | |
818 | ||
819 | /* NXST_FLOW_MONITOR request. | |
820 | * | |
821 | * The NXST_FLOW_MONITOR request's body consists of an array of zero or more | |
822 | * instances of this structure. The request arranges to monitor the flows | |
823 | * that match the specified criteria, which are interpreted in the same way as | |
824 | * for NXST_FLOW. | |
825 | * | |
826 | * 'id' identifies a particular monitor for the purpose of allowing it to be | |
827 | * canceled later with NXT_FLOW_MONITOR_CANCEL. 'id' must be unique among | |
828 | * existing monitors that have not already been canceled. | |
829 | * | |
830 | * The reply includes the initial flow matches for monitors that have the | |
831 | * NXFMF_INITIAL flag set. No single flow will be included in the reply more | |
832 | * than once, even if more than one requested monitor matches that flow. The | |
833 | * reply will be empty if none of the monitors has NXFMF_INITIAL set or if none | |
834 | * of the monitors initially matches any flows. | |
835 | * | |
836 | * For NXFMF_ADD, an event will be reported if 'out_port' matches against the | |
837 | * actions of the flow being added or, for a flow that is replacing an existing | |
838 | * flow, if 'out_port' matches against the actions of the flow being replaced. | |
839 | * For NXFMF_DELETE, 'out_port' matches against the actions of a flow being | |
840 | * deleted. For NXFMF_MODIFY, an event will be reported if 'out_port' matches | |
841 | * either the old or the new actions. */ | |
842 | struct nx_flow_monitor_request { | |
843 | ovs_be32 id; /* Controller-assigned ID for this monitor. */ | |
844 | ovs_be16 flags; /* NXFMF_*. */ | |
845 | ovs_be16 out_port; /* Required output port, if not OFPP_NONE. */ | |
846 | ovs_be16 match_len; /* Length of nx_match. */ | |
847 | uint8_t table_id; /* One table's ID or 0xff for all tables. */ | |
848 | uint8_t zeros[5]; /* Align to 64 bits (must be zero). */ | |
849 | /* Followed by: | |
850 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
851 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
852 | * all-zero bytes. */ | |
853 | }; | |
854 | OFP_ASSERT(sizeof(struct nx_flow_monitor_request) == 16); | |
855 | ||
856 | /* 'flags' bits in struct nx_flow_monitor_request. */ | |
857 | enum nx_flow_monitor_flags { | |
858 | /* When to send updates. */ | |
859 | NXFMF_INITIAL = 1 << 0, /* Initially matching flows. */ | |
860 | NXFMF_ADD = 1 << 1, /* New matching flows as they are added. */ | |
861 | NXFMF_DELETE = 1 << 2, /* Old matching flows as they are removed. */ | |
862 | NXFMF_MODIFY = 1 << 3, /* Matching flows as they are changed. */ | |
863 | ||
864 | /* What to include in updates. */ | |
865 | NXFMF_ACTIONS = 1 << 4, /* If set, actions are included. */ | |
866 | NXFMF_OWN = 1 << 5, /* If set, include own changes in full. */ | |
867 | }; | |
868 | ||
869 | /* NXST_FLOW_MONITOR reply header. | |
870 | * | |
871 | * The body of an NXST_FLOW_MONITOR reply is an array of variable-length | |
872 | * structures, each of which begins with this header. The 'length' member may | |
873 | * be used to traverse the array, and the 'event' member may be used to | |
874 | * determine the particular structure. | |
875 | * | |
876 | * Every instance is a multiple of 8 bytes long. */ | |
877 | struct nx_flow_update_header { | |
878 | ovs_be16 length; /* Length of this entry. */ | |
879 | ovs_be16 event; /* One of NXFME_*. */ | |
880 | /* ...other data depending on 'event'... */ | |
881 | }; | |
882 | OFP_ASSERT(sizeof(struct nx_flow_update_header) == 4); | |
883 | ||
884 | /* 'event' values in struct nx_flow_update_header. */ | |
885 | enum nx_flow_update_event { | |
886 | /* struct nx_flow_update_full. */ | |
887 | NXFME_ADDED = 0, /* Flow was added. */ | |
888 | NXFME_DELETED = 1, /* Flow was deleted. */ | |
889 | NXFME_MODIFIED = 2, /* Flow (generally its actions) was changed. */ | |
890 | ||
891 | /* struct nx_flow_update_abbrev. */ | |
892 | NXFME_ABBREV = 3, /* Abbreviated reply. */ | |
893 | }; | |
894 | ||
895 | /* NXST_FLOW_MONITOR reply for NXFME_ADDED, NXFME_DELETED, and | |
896 | * NXFME_MODIFIED. */ | |
897 | struct nx_flow_update_full { | |
898 | ovs_be16 length; /* Length is 24. */ | |
899 | ovs_be16 event; /* One of NXFME_*. */ | |
900 | ovs_be16 reason; /* OFPRR_* for NXFME_DELETED, else zero. */ | |
901 | ovs_be16 priority; /* Priority of the entry. */ | |
902 | ovs_be16 idle_timeout; /* Number of seconds idle before expiration. */ | |
903 | ovs_be16 hard_timeout; /* Number of seconds before expiration. */ | |
904 | ovs_be16 match_len; /* Length of nx_match. */ | |
905 | uint8_t table_id; /* ID of flow's table. */ | |
906 | uint8_t pad; /* Reserved, currently zeroed. */ | |
907 | ovs_be64 cookie; /* Opaque controller-issued identifier. */ | |
908 | /* Followed by: | |
909 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
910 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
911 | * all-zero bytes, then | |
912 | * - Actions to fill out the remainder 'length' bytes (always a multiple | |
913 | * of 8). If NXFMF_ACTIONS was not specified, or 'event' is | |
914 | * NXFME_DELETED, no actions are included. | |
915 | */ | |
916 | }; | |
917 | OFP_ASSERT(sizeof(struct nx_flow_update_full) == 24); | |
918 | ||
919 | /* NXST_FLOW_MONITOR reply for NXFME_ABBREV. | |
920 | * | |
921 | * When the controller does not specify NXFMF_OWN in a monitor request, any | |
922 | * flow tables changes due to the controller's own requests (on the same | |
923 | * OpenFlow channel) will be abbreviated, when possible, to this form, which | |
924 | * simply specifies the 'xid' of the OpenFlow request (e.g. an OFPT_FLOW_MOD or | |
925 | * NXT_FLOW_MOD) that caused the change. | |
926 | * | |
927 | * Some changes cannot be abbreviated and will be sent in full: | |
928 | * | |
929 | * - Changes that only partially succeed. This can happen if, for example, | |
930 | * a flow_mod with type OFPFC_MODIFY affects multiple flows, but only some | |
931 | * of those modifications succeed (e.g. due to hardware limitations). | |
932 | * | |
af822017 BP |
933 | * This cannot occur with the Open vSwitch software datapath. This also |
934 | * cannot occur in Open vSwitch 2.4 and later, because these versions only | |
935 | * execute any flow modifications if all of them will succeed. | |
2b07c8b1 BP |
936 | * |
937 | * - Changes that race with conflicting changes made by other controllers or | |
938 | * other flow_mods (not separated by barriers) by the same controller. | |
939 | * | |
940 | * This cannot occur with the current Open vSwitch implementation | |
941 | * (regardless of datapath) because Open vSwitch internally serializes | |
942 | * potentially conflicting changes. | |
943 | * | |
af822017 BP |
944 | * - Changes that occur when flow notification is paused (see "Buffer |
945 | * Management" above). | |
946 | * | |
2b07c8b1 BP |
947 | * A flow_mod that does not change the flow table will not trigger any |
948 | * notification, even an abbreviated one. For example, a "modify" or "delete" | |
949 | * flow_mod that does not match any flows will not trigger a notification. | |
950 | * Whether an "add" or "modify" that specifies all the same parameters that a | |
951 | * flow already has triggers a notification is unspecified and subject to | |
952 | * change in future versions of Open vSwitch. | |
953 | * | |
954 | * OVS will always send the notifications for a given flow table change before | |
b10a4760 BP |
955 | * the reply to a OFPT_BARRIER_REQUEST request that follows the flow table |
956 | * change. Thus, if the controller does not receive an abbreviated (or | |
957 | * unabbreviated) notification for a flow_mod before the next | |
958 | * OFPT_BARRIER_REPLY, it will never receive one. */ | |
2b07c8b1 BP |
959 | struct nx_flow_update_abbrev { |
960 | ovs_be16 length; /* Length is 8. */ | |
961 | ovs_be16 event; /* NXFME_ABBREV. */ | |
962 | ovs_be32 xid; /* Controller-specified xid from flow_mod. */ | |
963 | }; | |
964 | OFP_ASSERT(sizeof(struct nx_flow_update_abbrev) == 8); | |
965 | ||
982697a4 BP |
966 | /* NXT_FLOW_MONITOR_CANCEL. |
967 | * | |
968 | * Used by a controller to cancel an outstanding monitor. */ | |
2b07c8b1 | 969 | struct nx_flow_monitor_cancel { |
2b07c8b1 BP |
970 | ovs_be32 id; /* 'id' from nx_flow_monitor_request. */ |
971 | }; | |
982697a4 | 972 | OFP_ASSERT(sizeof(struct nx_flow_monitor_cancel) == 4); |
659586ef | 973 | |
4e548ad9 ML |
974 | /* Variable-length option TLV table maintenance commands. |
975 | * | |
976 | * The option in Type-Length-Value format is widely used in tunnel options, | |
977 | * e.g., the base Geneve header is followed by zero or more options in TLV | |
978 | * format. Each option consists of a four byte option header and a variable | |
979 | * amount of option data interpreted according to the type. The generic TLV | |
980 | * format in tunnel options is as following: | |
981 | * | |
982 | * 0 1 2 3 | |
983 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |
984 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
985 | * | Option Class | Type |R|R|R| Length | | |
986 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
987 | * | Variable Option Data | | |
988 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
989 | * | |
990 | * In order to work with this variable-length options in TLV format in | |
991 | * tunnel options, we need to maintain a mapping table between an option | |
992 | * TLV (defined by <class, type, length>) and an NXM field that can be | |
993 | * operated on for the purposes of matches, actions, etc. This mapping | |
994 | * must be explicitly specified by the user. | |
6159c531 JG |
995 | * |
996 | * There are two primary groups of OpenFlow messages that are introduced | |
997 | * as Nicira extensions: modification commands (add, delete, clear mappings) | |
998 | * and table status request/reply to dump the current table along with switch | |
999 | * information. | |
1000 | * | |
1001 | * Note that mappings should not be changed while they are in active use by | |
1002 | * a flow. The result of doing so is undefined. */ | |
1003 | ||
4e548ad9 ML |
1004 | /* TLV table commands */ |
1005 | enum nx_tlv_table_mod_command { | |
1006 | NXTTMC_ADD, /* New mappings (fails if an option is already | |
6159c531 | 1007 | mapped). */ |
4e548ad9 | 1008 | NXTTMC_DELETE, /* Delete mappings, identified by index |
6159c531 | 1009 | * (unmapped options are ignored). */ |
4e548ad9 | 1010 | NXTTMC_CLEAR, /* Clear all mappings. Additional information |
6159c531 JG |
1011 | in this command is ignored. */ |
1012 | }; | |
1013 | ||
4e548ad9 ML |
1014 | /* Map between an option TLV and an NXM field. */ |
1015 | struct nx_tlv_map { | |
1016 | ovs_be16 option_class; /* TLV class. */ | |
1017 | uint8_t option_type; /* TLV type. */ | |
1018 | uint8_t option_len; /* TLV length (multiple of 4). */ | |
6159c531 JG |
1019 | ovs_be16 index; /* NXM_NX_TUN_METADATA<n> index */ |
1020 | uint8_t pad[2]; | |
1021 | }; | |
4e548ad9 | 1022 | OFP_ASSERT(sizeof(struct nx_tlv_map) == 8); |
6159c531 | 1023 | |
4e548ad9 | 1024 | /* NXT_TLV_TABLE_MOD. |
6159c531 | 1025 | * |
4e548ad9 | 1026 | * Use to configure a mapping between option TLVs (class, type, length) |
6159c531 JG |
1027 | * and NXM fields (NXM_NX_TUN_METADATA<n> where 'index' is <n>). |
1028 | * | |
1029 | * This command is atomic: all operations on different options will | |
1030 | * either succeed or fail. */ | |
4e548ad9 ML |
1031 | struct nx_tlv_table_mod { |
1032 | ovs_be16 command; /* One of NTTTMC_* */ | |
6159c531 | 1033 | uint8_t pad[6]; |
4e548ad9 ML |
1034 | /* struct nx_tlv_map[0]; Array of maps between indicies and option |
1035 | TLVs. The number of elements is inferred | |
1036 | from the length field in the header. */ | |
6159c531 | 1037 | }; |
4e548ad9 | 1038 | OFP_ASSERT(sizeof(struct nx_tlv_table_mod) == 8); |
6159c531 | 1039 | |
4e548ad9 | 1040 | /* NXT_TLV_TABLE_REPLY. |
6159c531 | 1041 | * |
4e548ad9 ML |
1042 | * Issued in reponse to an NXT_TLV_TABLE_REQUEST to give information |
1043 | * about the current status of the TLV table in the switch. Provides | |
6159c531 | 1044 | * both static information about the switch's capabilities as well as |
4e548ad9 ML |
1045 | * the configured TLV table. */ |
1046 | struct nx_tlv_table_reply { | |
6159c531 JG |
1047 | ovs_be32 max_option_space; /* Maximum total of option sizes supported. */ |
1048 | ovs_be16 max_fields; /* Maximum number of match fields supported. */ | |
1278cf96 | 1049 | uint8_t reserved[10]; |
4e548ad9 ML |
1050 | /* struct nx_tlv_map[0]; Array of maps between indicies and option |
1051 | TLVs. The number of elements is inferred | |
1052 | from the length field in the header. */ | |
6159c531 | 1053 | }; |
4e548ad9 | 1054 | OFP_ASSERT(sizeof(struct nx_tlv_table_reply) == 16); |
2a7c4805 JP |
1055 | \f |
1056 | /* NXT_CT_FLUSH_ZONE. | |
1057 | * | |
1058 | * Flushes the connection tracking table. */ | |
1059 | struct nx_zone_id { | |
1060 | uint8_t zero[6]; /* Must be zero. */ | |
1061 | ovs_be16 zone_id; /* Connection tracking zone. */ | |
1062 | }; | |
1063 | OFP_ASSERT(sizeof(struct nx_zone_id) == 8); | |
6159c531 | 1064 | |
064af421 | 1065 | #endif /* openflow/nicira-ext.h */ |