]>
Commit | Line | Data |
---|---|---|
064af421 | 1 | /* |
b02475c5 | 2 | * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc. |
a14bc59f BP |
3 | * |
4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
5 | * you may not use this file except in compliance with the License. | |
6 | * You may obtain a copy of the License at: | |
7 | * | |
8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
9 | * | |
10 | * Unless required by applicable law or agreed to in writing, software | |
11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
13 | * See the License for the specific language governing permissions and | |
14 | * limitations under the License. | |
064af421 BP |
15 | */ |
16 | ||
17 | #ifndef OPENFLOW_NICIRA_EXT_H | |
18 | #define OPENFLOW_NICIRA_EXT_H 1 | |
19 | ||
20 | #include "openflow/openflow.h" | |
26c112c2 | 21 | #include "openvswitch/types.h" |
064af421 | 22 | |
e0edde6f | 23 | /* The following vendor extensions, proposed by Nicira, are not yet |
26c112c2 BP |
24 | * standardized, so they are not included in openflow.h. Some of them may be |
25 | * suitable for standardization; others we never expect to standardize. */ | |
064af421 BP |
26 | |
27 | #define NX_VENDOR_ID 0x00002320 | |
26c112c2 BP |
28 | \f |
29 | /* Nicira vendor-specific error messages extension. | |
30 | * | |
31 | * OpenFlow 1.0 has a set of predefined error types (OFPET_*) and codes (which | |
32 | * are specific to each type). It does not have any provision for | |
33 | * vendor-specific error codes, and it does not even provide "generic" error | |
34 | * codes that can apply to problems not anticipated by the OpenFlow | |
35 | * specification authors. | |
36 | * | |
37 | * This extension attempts to address the problem by adding a generic "error | |
38 | * vendor extension". The extension works as follows: use NXET_VENDOR as type | |
6eb59a8f | 39 | * and NXVC_VENDOR_ERROR as code, followed by struct nx_vendor_error with |
26c112c2 BP |
40 | * vendor-specific details, followed by at least 64 bytes of the failed |
41 | * request. | |
42 | * | |
a23aab1f | 43 | * It would be better to have a type-specific vendor extension, e.g. so that |
26c112c2 BP |
44 | * OFPET_BAD_ACTION could be used with vendor-specific code values. But |
45 | * OFPET_BAD_ACTION and most other standardized types already specify that | |
46 | * their 'data' values are (the start of) the OpenFlow message being replied | |
47 | * to, so there is no room to insert a vendor ID. | |
48 | * | |
49 | * Currently this extension is only implemented by Open vSwitch, but it seems | |
50 | * like a reasonable candidate for future standardization. | |
51 | */ | |
52 | ||
53 | /* This is a random number to avoid accidental collision with any other | |
54 | * vendor's extension. */ | |
55 | #define NXET_VENDOR 0xb0c2 | |
56 | ||
57 | /* ofp_error msg 'code' values for NXET_VENDOR. */ | |
58 | enum nx_vendor_code { | |
59 | NXVC_VENDOR_ERROR /* 'data' contains struct nx_vendor_error. */ | |
60 | }; | |
61 | ||
62 | /* 'data' for 'type' == NXET_VENDOR, 'code' == NXVC_VENDOR_ERROR. */ | |
63 | struct nx_vendor_error { | |
64 | ovs_be32 vendor; /* Vendor ID as in struct ofp_vendor_header. */ | |
65 | ovs_be16 type; /* Vendor-defined type. */ | |
66 | ovs_be16 code; /* Vendor-defined subtype. */ | |
67 | /* Followed by at least the first 64 bytes of the failed request. */ | |
68 | }; | |
69 | \f | |
70 | /* Nicira vendor requests and replies. */ | |
064af421 | 71 | |
09246b99 BP |
72 | /* Header for Nicira vendor requests and replies. */ |
73 | struct nicira_header { | |
74 | struct ofp_header header; | |
75 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
982697a4 | 76 | ovs_be32 subtype; /* See the NXT numbers in ofp-msgs.h. */ |
09246b99 BP |
77 | }; |
78 | OFP_ASSERT(sizeof(struct nicira_header) == 16); | |
79 | ||
982697a4 BP |
80 | /* Header for Nicira vendor stats request and reply messages in OpenFlow |
81 | * 1.0. */ | |
82 | struct nicira10_stats_msg { | |
83 | struct ofp10_vendor_stats_msg vsm; /* Vendor NX_VENDOR_ID. */ | |
09246b99 BP |
84 | ovs_be32 subtype; /* One of NXST_* below. */ |
85 | uint8_t pad[4]; /* Align to 64-bits. */ | |
064af421 | 86 | }; |
982697a4 | 87 | OFP_ASSERT(sizeof(struct nicira10_stats_msg) == 24); |
064af421 | 88 | |
982697a4 BP |
89 | /* Header for Nicira vendor stats request and reply messages in OpenFlow |
90 | * 1.1. */ | |
91 | struct nicira11_stats_msg { | |
92 | struct ofp11_vendor_stats_msg vsm; /* Vendor NX_VENDOR_ID. */ | |
93 | ovs_be32 subtype; /* One of NXST_* below. */ | |
f9bfea14 | 94 | }; |
982697a4 | 95 | OFP_ASSERT(sizeof(struct nicira11_stats_msg) == 24); |
f9bfea14 | 96 | |
520e9a2a EJ |
97 | /* Fields to use when hashing flows. */ |
98 | enum nx_hash_fields { | |
99 | /* Ethernet source address (NXM_OF_ETH_SRC) only. */ | |
100 | NX_HASH_FIELDS_ETH_SRC, | |
101 | ||
102 | /* L2 through L4, symmetric across src/dst. Specifically, each of the | |
103 | * following fields, if present, is hashed (slashes separate symmetric | |
104 | * pairs): | |
105 | * | |
106 | * - NXM_OF_ETH_DST / NXM_OF_ETH_SRC | |
107 | * - NXM_OF_ETH_TYPE | |
108 | * - The VID bits from NXM_OF_VLAN_TCI, ignoring PCP and CFI. | |
109 | * - NXM_OF_IP_PROTO | |
110 | * - NXM_OF_IP_SRC / NXM_OF_IP_DST | |
111 | * - NXM_OF_TCP_SRC / NXM_OF_TCP_DST | |
112 | */ | |
113 | NX_HASH_FIELDS_SYMMETRIC_L4 | |
114 | }; | |
115 | ||
6c1491fb BP |
116 | /* This command enables or disables an Open vSwitch extension that allows a |
117 | * controller to specify the OpenFlow table to which a flow should be added, | |
118 | * instead of having the switch decide which table is most appropriate as | |
63f7ef64 BP |
119 | * required by OpenFlow 1.0. Because NXM was designed as an extension to |
120 | * OpenFlow 1.0, the extension applies equally to ofp10_flow_mod and | |
121 | * nx_flow_mod. By default, the extension is disabled. | |
6c1491fb | 122 | * |
35805806 | 123 | * When this feature is enabled, Open vSwitch treats struct ofp10_flow_mod's |
63f7ef64 BP |
124 | * and struct nx_flow_mod's 16-bit 'command' member as two separate fields. |
125 | * The upper 8 bits are used as the table ID, the lower 8 bits specify the | |
126 | * command as usual. A table ID of 0xff is treated like a wildcarded table ID. | |
6c1491fb BP |
127 | * |
128 | * The specific treatment of the table ID depends on the type of flow mod: | |
129 | * | |
130 | * - OFPFC_ADD: Given a specific table ID, the flow is always placed in that | |
131 | * table. If an identical flow already exists in that table only, then it | |
132 | * is replaced. If the flow cannot be placed in the specified table, | |
133 | * either because the table is full or because the table cannot support | |
be2b69d1 BP |
134 | * flows of the given type, the switch replies with an OFPFMFC_TABLE_FULL |
135 | * error. (A controller can distinguish these cases by comparing the | |
136 | * current and maximum number of entries reported in ofp_table_stats.) | |
6c1491fb BP |
137 | * |
138 | * If the table ID is wildcarded, the switch picks an appropriate table | |
139 | * itself. If an identical flow already exist in the selected flow table, | |
140 | * then it is replaced. The choice of table might depend on the flows | |
141 | * that are already in the switch; for example, if one table fills up then | |
142 | * the switch might fall back to another one. | |
143 | * | |
144 | * - OFPFC_MODIFY, OFPFC_DELETE: Given a specific table ID, only flows | |
145 | * within that table are matched and modified or deleted. If the table ID | |
146 | * is wildcarded, flows within any table may be matched and modified or | |
147 | * deleted. | |
148 | * | |
149 | * - OFPFC_MODIFY_STRICT, OFPFC_DELETE_STRICT: Given a specific table ID, | |
150 | * only a flow within that table may be matched and modified or deleted. | |
151 | * If the table ID is wildcarded and exactly one flow within any table | |
152 | * matches, then it is modified or deleted; if flows in more than one | |
153 | * table match, then none is modified or deleted. | |
154 | */ | |
73dbf4ab | 155 | struct nx_flow_mod_table_id { |
6c1491fb BP |
156 | uint8_t set; /* Nonzero to enable, zero to disable. */ |
157 | uint8_t pad[7]; | |
158 | }; | |
982697a4 | 159 | OFP_ASSERT(sizeof(struct nx_flow_mod_table_id) == 8); |
6c1491fb | 160 | |
54834960 EJ |
161 | enum nx_packet_in_format { |
162 | NXPIF_OPENFLOW10 = 0, /* Standard OpenFlow 1.0 compatible. */ | |
163 | NXPIF_NXM = 1 /* Nicira Extended. */ | |
164 | }; | |
165 | ||
166 | /* NXT_SET_PACKET_IN_FORMAT request. */ | |
73dbf4ab | 167 | struct nx_set_packet_in_format { |
54834960 EJ |
168 | ovs_be32 format; /* One of NXPIF_*. */ |
169 | }; | |
982697a4 | 170 | OFP_ASSERT(sizeof(struct nx_set_packet_in_format) == 4); |
54834960 EJ |
171 | |
172 | /* NXT_PACKET_IN (analogous to OFPT_PACKET_IN). | |
173 | * | |
42edbe39 BP |
174 | * NXT_PACKET_IN is similar to the OpenFlow 1.2 OFPT_PACKET_IN. The |
175 | * differences are: | |
176 | * | |
177 | * - NXT_PACKET_IN includes the cookie of the rule that triggered the | |
178 | * message. (OpenFlow 1.3 OFPT_PACKET_IN also includes the cookie.) | |
179 | * | |
180 | * - The metadata fields use NXM (instead of OXM) field numbers. | |
181 | * | |
182 | * Open vSwitch 1.9.0 and later omits metadata fields that are zero (as allowed | |
183 | * by OpenFlow 1.2). Earlier versions included all implemented metadata | |
184 | * fields. | |
185 | * | |
186 | * Open vSwitch does not include non-metadata in the nx_match, because by | |
187 | * definition that information can be found in the packet itself. The format | |
188 | * and the standards allow this, however, so controllers should be prepared to | |
189 | * tolerate future changes. | |
190 | * | |
191 | * The NXM format is convenient for reporting metadata values, but it is | |
192 | * important not to interpret the format as matching against a flow, because it | |
193 | * does not. Nothing is being matched; arbitrary metadata masks would not be | |
194 | * meaningful. | |
54834960 EJ |
195 | * |
196 | * Whereas in most cases a controller can expect to only get back NXM fields | |
197 | * that it set up itself (e.g. flow dumps will ordinarily report only NXM | |
198 | * fields from flows that the controller added), NXT_PACKET_IN messages might | |
199 | * contain fields that the controller does not understand, because the switch | |
200 | * might support fields (new registers, new protocols, etc.) that the | |
42edbe39 | 201 | * controller does not. The controller must prepared to tolerate these. |
54834960 EJ |
202 | * |
203 | * The 'cookie' and 'table_id' fields have no meaning when 'reason' is | |
204 | * OFPR_NO_MATCH. In this case they should be set to 0. */ | |
73dbf4ab | 205 | struct nx_packet_in { |
54834960 EJ |
206 | ovs_be32 buffer_id; /* ID assigned by datapath. */ |
207 | ovs_be16 total_len; /* Full length of frame. */ | |
208 | uint8_t reason; /* Reason packet is sent (one of OFPR_*). */ | |
209 | uint8_t table_id; /* ID of the table that was looked up. */ | |
210 | ovs_be64 cookie; /* Cookie of the rule that was looked up. */ | |
211 | ovs_be16 match_len; /* Size of nx_match. */ | |
212 | uint8_t pad[6]; /* Align to 64-bits. */ | |
213 | /* Followed by: | |
214 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
215 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
216 | * all-zero bytes, then | |
217 | * - Exactly 2 all-zero padding bytes, then | |
218 | * - An Ethernet frame whose length is inferred from nxh.header.length. | |
219 | * | |
220 | * The padding bytes preceding the Ethernet frame ensure that the IP | |
221 | * header (if any) following the Ethernet header is 32-bit aligned. */ | |
222 | ||
42edbe39 | 223 | /* uint8_t nxm_fields[...]; */ /* NXM headers. */ |
54834960 EJ |
224 | /* uint8_t pad[2]; */ /* Align to 64 bit + 16 bit. */ |
225 | /* uint8_t data[0]; */ /* Ethernet frame. */ | |
226 | }; | |
982697a4 | 227 | OFP_ASSERT(sizeof(struct nx_packet_in) == 24); |
54834960 | 228 | |
9deba63b BP |
229 | /* Configures the "role" of the sending controller. The default role is: |
230 | * | |
231 | * - Other (NX_ROLE_OTHER), which allows the controller access to all | |
232 | * OpenFlow features. | |
233 | * | |
234 | * The other possible roles are a related pair: | |
235 | * | |
236 | * - Master (NX_ROLE_MASTER) is equivalent to Other, except that there may | |
237 | * be at most one Master controller at a time: when a controller | |
238 | * configures itself as Master, any existing Master is demoted to the | |
239 | * Slave role. | |
240 | * | |
241 | * - Slave (NX_ROLE_SLAVE) allows the controller read-only access to | |
242 | * OpenFlow features. In particular attempts to modify the flow table | |
243 | * will be rejected with an OFPBRC_EPERM error. | |
244 | * | |
197a992f BP |
245 | * Slave controllers do not receive OFPT_PACKET_IN or OFPT_FLOW_REMOVED |
246 | * messages, but they do receive OFPT_PORT_STATUS messages. | |
9deba63b BP |
247 | */ |
248 | struct nx_role_request { | |
459749fe | 249 | ovs_be32 role; /* One of NX_ROLE_*. */ |
9deba63b | 250 | }; |
982697a4 | 251 | OFP_ASSERT(sizeof(struct nx_role_request) == 4); |
9deba63b BP |
252 | |
253 | enum nx_role { | |
254 | NX_ROLE_OTHER, /* Default role, full access. */ | |
255 | NX_ROLE_MASTER, /* Full access, at most one. */ | |
256 | NX_ROLE_SLAVE /* Read-only access. */ | |
257 | }; | |
80d5aefd BP |
258 | |
259 | /* NXT_SET_ASYNC_CONFIG. | |
260 | * | |
261 | * Sent by a controller, this message configures the asynchronous messages that | |
262 | * the controller wants to receive. Element 0 in each array specifies messages | |
263 | * of interest when the controller has an "other" or "master" role; element 1, | |
264 | * when the controller has a "slave" role. | |
265 | * | |
266 | * Each array element is a bitmask in which a 0-bit disables receiving a | |
267 | * particular message and a 1-bit enables receiving it. Each bit controls the | |
268 | * message whose 'reason' corresponds to the bit index. For example, the bit | |
269 | * with value 1<<2 == 4 in port_status_mask[1] determines whether the | |
270 | * controller will receive OFPT_PORT_STATUS messages with reason OFPPR_MODIFY | |
271 | * (value 2) when the controller has a "slave" role. | |
4550b647 MM |
272 | * |
273 | * As a side effect, for service controllers, this message changes the | |
274 | * miss_send_len from default of zero to OFP_DEFAULT_MISS_SEND_LEN (128). | |
80d5aefd BP |
275 | */ |
276 | struct nx_async_config { | |
80d5aefd BP |
277 | ovs_be32 packet_in_mask[2]; /* Bitmasks of OFPR_* values. */ |
278 | ovs_be32 port_status_mask[2]; /* Bitmasks of OFPRR_* values. */ | |
279 | ovs_be32 flow_removed_mask[2]; /* Bitmasks of OFPPR_* values. */ | |
280 | }; | |
982697a4 | 281 | OFP_ASSERT(sizeof(struct nx_async_config) == 24); |
26c112c2 BP |
282 | \f |
283 | /* Nicira vendor flow actions. */ | |
9deba63b | 284 | |
064af421 | 285 | enum nx_action_subtype { |
39b72738 BP |
286 | NXAST_SNAT__OBSOLETE, /* No longer used. */ |
287 | NXAST_RESUBMIT, /* struct nx_action_resubmit */ | |
288 | NXAST_SET_TUNNEL, /* struct nx_action_set_tunnel */ | |
6c222e55 | 289 | NXAST_DROP_SPOOFED_ARP__OBSOLETE, |
39b72738 | 290 | NXAST_SET_QUEUE, /* struct nx_action_set_queue */ |
b6c9e612 BP |
291 | NXAST_POP_QUEUE, /* struct nx_action_pop_queue */ |
292 | NXAST_REG_MOVE, /* struct nx_action_reg_move */ | |
293 | NXAST_REG_LOAD, /* struct nx_action_reg_load */ | |
b9298d3f BP |
294 | NXAST_NOTE, /* struct nx_action_note */ |
295 | NXAST_SET_TUNNEL64, /* struct nx_action_set_tunnel64 */ | |
3b6a2571 | 296 | NXAST_MULTIPATH, /* struct nx_action_multipath */ |
1bda9b9e | 297 | NXAST_AUTOPATH__OBSOLETE, /* No longer used. */ |
a368bb53 | 298 | NXAST_BUNDLE, /* struct nx_action_bundle */ |
29901626 | 299 | NXAST_BUNDLE_LOAD, /* struct nx_action_bundle */ |
f694937d | 300 | NXAST_RESUBMIT_TABLE, /* struct nx_action_resubmit */ |
75a75043 | 301 | NXAST_OUTPUT_REG, /* struct nx_action_output_reg */ |
848e8809 | 302 | NXAST_LEARN, /* struct nx_action_learn */ |
f0fd1a17 PS |
303 | NXAST_EXIT, /* struct nx_action_header */ |
304 | NXAST_DEC_TTL, /* struct nx_action_header */ | |
0e553d9c | 305 | NXAST_FIN_TIMEOUT, /* struct nx_action_fin_timeout */ |
a7349929 | 306 | NXAST_CONTROLLER, /* struct nx_action_controller */ |
c2d967a5 | 307 | NXAST_DEC_TTL_CNT_IDS, /* struct nx_action_cnt_ids */ |
4cceacb9 | 308 | NXAST_WRITE_METADATA, /* struct nx_action_write_metadata */ |
b02475c5 SH |
309 | NXAST_PUSH_MPLS, /* struct nx_action_push_mpls */ |
310 | NXAST_POP_MPLS, /* struct nx_action_pop_mpls */ | |
0f3f3c3d | 311 | NXAST_SET_MPLS_TTL, /* struct nx_action_ttl */ |
b676167a | 312 | NXAST_DEC_MPLS_TTL, /* struct nx_action_header */ |
bd85dac1 AZ |
313 | NXAST_STACK_PUSH, /* struct nx_action_stack */ |
314 | NXAST_STACK_POP, /* struct nx_action_stack */ | |
29089a54 | 315 | NXAST_SAMPLE, /* struct nx_action_sample */ |
39b72738 | 316 | }; |
eedc0097 | 317 | |
39b72738 BP |
318 | /* Header for Nicira-defined actions. */ |
319 | struct nx_action_header { | |
459749fe BP |
320 | ovs_be16 type; /* OFPAT_VENDOR. */ |
321 | ovs_be16 len; /* Length is 16. */ | |
322 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
323 | ovs_be16 subtype; /* NXAST_*. */ | |
39b72738 | 324 | uint8_t pad[6]; |
064af421 | 325 | }; |
39b72738 | 326 | OFP_ASSERT(sizeof(struct nx_action_header) == 16); |
064af421 | 327 | |
29901626 | 328 | /* Action structures for NXAST_RESUBMIT and NXAST_RESUBMIT_TABLE. |
39b72738 | 329 | * |
29901626 | 330 | * These actions search one of the switch's flow tables: |
39b72738 | 331 | * |
29901626 BP |
332 | * - For NXAST_RESUBMIT_TABLE only, if the 'table' member is not 255, then |
333 | * it specifies the table to search. | |
39b72738 | 334 | * |
29901626 BP |
335 | * - Otherwise (for NXAST_RESUBMIT_TABLE with a 'table' of 255, or for |
336 | * NXAST_RESUBMIT regardless of 'table'), it searches the current flow | |
337 | * table, that is, the OpenFlow flow table that contains the flow from | |
338 | * which this action was obtained. If this action did not come from a | |
339 | * flow table (e.g. it came from an OFPT_PACKET_OUT message), then table 0 | |
340 | * is the current table. | |
341 | * | |
342 | * The flow table lookup uses a flow that may be slightly modified from the | |
343 | * original lookup: | |
344 | * | |
345 | * - For NXAST_RESUBMIT, the 'in_port' member of struct nx_action_resubmit | |
346 | * is used as the flow's in_port. | |
347 | * | |
348 | * - For NXAST_RESUBMIT_TABLE, if the 'in_port' member is not OFPP_IN_PORT, | |
349 | * then its value is used as the flow's in_port. Otherwise, the original | |
350 | * in_port is used. | |
351 | * | |
352 | * - If actions that modify the flow (e.g. OFPAT_SET_VLAN_VID) precede the | |
353 | * resubmit action, then the flow is updated with the new values. | |
39b72738 BP |
354 | * |
355 | * Following the lookup, the original in_port is restored. | |
356 | * | |
357 | * If the modified flow matched in the flow table, then the corresponding | |
29901626 | 358 | * actions are executed. Afterward, actions following the resubmit in the |
39b72738 BP |
359 | * original set of actions, if any, are executed; any changes made to the |
360 | * packet (e.g. changes to VLAN) by secondary actions persist when those | |
361 | * actions are executed, although the original in_port is restored. | |
362 | * | |
29901626 BP |
363 | * Resubmit actions may be used any number of times within a set of actions. |
364 | * | |
365 | * Resubmit actions may nest to an implementation-defined depth. Beyond this | |
366 | * implementation-defined depth, further resubmit actions are simply ignored. | |
367 | * | |
368 | * NXAST_RESUBMIT ignores 'table' and 'pad'. NXAST_RESUBMIT_TABLE requires | |
369 | * 'pad' to be all-bits-zero. | |
39b72738 | 370 | * |
29901626 BP |
371 | * Open vSwitch 1.0.1 and earlier did not support recursion. Open vSwitch |
372 | * before 1.2.90 did not support NXAST_RESUBMIT_TABLE. | |
39b72738 | 373 | */ |
064af421 | 374 | struct nx_action_resubmit { |
459749fe BP |
375 | ovs_be16 type; /* OFPAT_VENDOR. */ |
376 | ovs_be16 len; /* Length is 16. */ | |
377 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
378 | ovs_be16 subtype; /* NXAST_RESUBMIT. */ | |
379 | ovs_be16 in_port; /* New in_port for checking flow table. */ | |
29901626 BP |
380 | uint8_t table; /* NXAST_RESUBMIT_TABLE: table to use. */ |
381 | uint8_t pad[3]; | |
064af421 BP |
382 | }; |
383 | OFP_ASSERT(sizeof(struct nx_action_resubmit) == 16); | |
384 | ||
39b72738 BP |
385 | /* Action structure for NXAST_SET_TUNNEL. |
386 | * | |
b9298d3f BP |
387 | * Sets the encapsulating tunnel ID to a 32-bit value. The most-significant 32 |
388 | * bits of the tunnel ID are set to 0. */ | |
659586ef | 389 | struct nx_action_set_tunnel { |
459749fe BP |
390 | ovs_be16 type; /* OFPAT_VENDOR. */ |
391 | ovs_be16 len; /* Length is 16. */ | |
392 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
393 | ovs_be16 subtype; /* NXAST_SET_TUNNEL. */ | |
659586ef | 394 | uint8_t pad[2]; |
459749fe | 395 | ovs_be32 tun_id; /* Tunnel ID. */ |
659586ef JG |
396 | }; |
397 | OFP_ASSERT(sizeof(struct nx_action_set_tunnel) == 16); | |
398 | ||
b9298d3f BP |
399 | /* Action structure for NXAST_SET_TUNNEL64. |
400 | * | |
401 | * Sets the encapsulating tunnel ID to a 64-bit value. */ | |
402 | struct nx_action_set_tunnel64 { | |
403 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
9c59112b | 404 | ovs_be16 len; /* Length is 24. */ |
b9298d3f BP |
405 | ovs_be32 vendor; /* NX_VENDOR_ID. */ |
406 | ovs_be16 subtype; /* NXAST_SET_TUNNEL64. */ | |
407 | uint8_t pad[6]; | |
408 | ovs_be64 tun_id; /* Tunnel ID. */ | |
409 | }; | |
410 | OFP_ASSERT(sizeof(struct nx_action_set_tunnel64) == 24); | |
411 | ||
39b72738 BP |
412 | /* Action structure for NXAST_SET_QUEUE. |
413 | * | |
414 | * Set the queue that should be used when packets are output. This is similar | |
415 | * to the OpenFlow OFPAT_ENQUEUE action, but does not take the output port as | |
416 | * an argument. This allows the queue to be defined before the port is | |
417 | * known. */ | |
eedc0097 | 418 | struct nx_action_set_queue { |
459749fe BP |
419 | ovs_be16 type; /* OFPAT_VENDOR. */ |
420 | ovs_be16 len; /* Length is 16. */ | |
421 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
422 | ovs_be16 subtype; /* NXAST_SET_QUEUE. */ | |
eedc0097 | 423 | uint8_t pad[2]; |
459749fe | 424 | ovs_be32 queue_id; /* Where to enqueue packets. */ |
eedc0097 JP |
425 | }; |
426 | OFP_ASSERT(sizeof(struct nx_action_set_queue) == 16); | |
427 | ||
39b72738 BP |
428 | /* Action structure for NXAST_POP_QUEUE. |
429 | * | |
430 | * Restores the queue to the value it was before any NXAST_SET_QUEUE actions | |
431 | * were used. Only the original queue can be restored this way; no stack is | |
432 | * maintained. */ | |
433 | struct nx_action_pop_queue { | |
459749fe BP |
434 | ovs_be16 type; /* OFPAT_VENDOR. */ |
435 | ovs_be16 len; /* Length is 16. */ | |
436 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
437 | ovs_be16 subtype; /* NXAST_POP_QUEUE. */ | |
064af421 BP |
438 | uint8_t pad[6]; |
439 | }; | |
39b72738 | 440 | OFP_ASSERT(sizeof(struct nx_action_pop_queue) == 16); |
064af421 | 441 | |
b6c9e612 BP |
442 | /* Action structure for NXAST_REG_MOVE. |
443 | * | |
444 | * Copies src[src_ofs:src_ofs+n_bits] to dst[dst_ofs:dst_ofs+n_bits], where | |
445 | * a[b:c] denotes the bits within 'a' numbered 'b' through 'c' (not including | |
446 | * bit 'c'). Bit numbering starts at 0 for the least-significant bit, 1 for | |
447 | * the next most significant bit, and so on. | |
448 | * | |
60d5e0d8 BP |
449 | * 'src' and 'dst' are nxm_header values with nxm_hasmask=0. (It doesn't make |
450 | * sense to use nxm_hasmask=1 because the action does not do any kind of | |
451 | * matching; it uses the actual value of a field.) | |
452 | * | |
453 | * The following nxm_header values are potentially acceptable as 'src': | |
b6c9e612 BP |
454 | * |
455 | * - NXM_OF_IN_PORT | |
456 | * - NXM_OF_ETH_DST | |
457 | * - NXM_OF_ETH_SRC | |
458 | * - NXM_OF_ETH_TYPE | |
459 | * - NXM_OF_VLAN_TCI | |
460 | * - NXM_OF_IP_TOS | |
461 | * - NXM_OF_IP_PROTO | |
462 | * - NXM_OF_IP_SRC | |
463 | * - NXM_OF_IP_DST | |
464 | * - NXM_OF_TCP_SRC | |
465 | * - NXM_OF_TCP_DST | |
466 | * - NXM_OF_UDP_SRC | |
467 | * - NXM_OF_UDP_DST | |
468 | * - NXM_OF_ICMP_TYPE | |
469 | * - NXM_OF_ICMP_CODE | |
470 | * - NXM_OF_ARP_OP | |
471 | * - NXM_OF_ARP_SPA | |
472 | * - NXM_OF_ARP_TPA | |
473 | * - NXM_NX_TUN_ID | |
bad68a99 JP |
474 | * - NXM_NX_ARP_SHA |
475 | * - NXM_NX_ARP_THA | |
d31f1109 JP |
476 | * - NXM_NX_ICMPV6_TYPE |
477 | * - NXM_NX_ICMPV6_CODE | |
685a51a5 JP |
478 | * - NXM_NX_ND_SLL |
479 | * - NXM_NX_ND_TLL | |
b6c9e612 | 480 | * - NXM_NX_REG(idx) for idx in the switch's accepted range. |
0ad90c84 JR |
481 | * - NXM_NX_TUN_IPV4_SRC |
482 | * - NXM_NX_TUN_IPV4_DST | |
b6c9e612 BP |
483 | * |
484 | * The following nxm_header values are potentially acceptable as 'dst': | |
485 | * | |
54d54726 BP |
486 | * - NXM_OF_ETH_DST |
487 | * - NXM_OF_ETH_SRC | |
488 | * - NXM_OF_IP_TOS | |
489 | * - NXM_OF_IP_SRC | |
490 | * - NXM_OF_IP_DST | |
491 | * - NXM_OF_TCP_SRC | |
492 | * - NXM_OF_TCP_DST | |
493 | * - NXM_OF_UDP_SRC | |
494 | * - NXM_OF_UDP_DST | |
495 | * Modifying any of the above fields changes the corresponding packet | |
496 | * header. | |
497 | * | |
557323cd BP |
498 | * - NXM_OF_IN_PORT |
499 | * | |
b6c9e612 BP |
500 | * - NXM_NX_REG(idx) for idx in the switch's accepted range. |
501 | * | |
502 | * - NXM_OF_VLAN_TCI. Modifying this field's value has side effects on the | |
503 | * packet's 802.1Q header. Setting a value with CFI=0 removes the 802.1Q | |
504 | * header (if any), ignoring the other bits. Setting a value with CFI=1 | |
505 | * adds or modifies the 802.1Q header appropriately, setting the TCI field | |
506 | * to the field's new value (with the CFI bit masked out). | |
507 | * | |
0ad90c84 JR |
508 | * - NXM_NX_TUN_ID, NXM_NX_TUN_IPV4_SRC, NXM_NX_TUN_IPV4_DST. Modifying |
509 | * any of these values modifies the corresponding tunnel header field used | |
510 | * for the packet's next tunnel encapsulation, if allowed by the | |
511 | * configuration of the output tunnel port. | |
b6c9e612 BP |
512 | * |
513 | * A given nxm_header value may be used as 'src' or 'dst' only on a flow whose | |
514 | * nx_match satisfies its prerequisites. For example, NXM_OF_IP_TOS may be | |
515 | * used only if the flow's nx_match includes an nxm_entry that specifies | |
516 | * nxm_type=NXM_OF_ETH_TYPE, nxm_hasmask=0, and nxm_value=0x0800. | |
517 | * | |
518 | * The switch will reject actions for which src_ofs+n_bits is greater than the | |
519 | * width of 'src' or dst_ofs+n_bits is greater than the width of 'dst' with | |
520 | * error type OFPET_BAD_ACTION, code OFPBAC_BAD_ARGUMENT. | |
a478fee3 BP |
521 | * |
522 | * This action behaves properly when 'src' overlaps with 'dst', that is, it | |
523 | * behaves as if 'src' were copied out to a temporary buffer, then the | |
524 | * temporary buffer copied to 'dst'. | |
b6c9e612 BP |
525 | */ |
526 | struct nx_action_reg_move { | |
527 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
9c59112b | 528 | ovs_be16 len; /* Length is 24. */ |
b6c9e612 BP |
529 | ovs_be32 vendor; /* NX_VENDOR_ID. */ |
530 | ovs_be16 subtype; /* NXAST_REG_MOVE. */ | |
531 | ovs_be16 n_bits; /* Number of bits. */ | |
532 | ovs_be16 src_ofs; /* Starting bit offset in source. */ | |
533 | ovs_be16 dst_ofs; /* Starting bit offset in destination. */ | |
534 | ovs_be32 src; /* Source register. */ | |
535 | ovs_be32 dst; /* Destination register. */ | |
536 | }; | |
537 | OFP_ASSERT(sizeof(struct nx_action_reg_move) == 24); | |
538 | ||
539 | /* Action structure for NXAST_REG_LOAD. | |
540 | * | |
541 | * Copies value[0:n_bits] to dst[ofs:ofs+n_bits], where a[b:c] denotes the bits | |
542 | * within 'a' numbered 'b' through 'c' (not including bit 'c'). Bit numbering | |
543 | * starts at 0 for the least-significant bit, 1 for the next most significant | |
544 | * bit, and so on. | |
545 | * | |
7b064a79 BP |
546 | * 'dst' is an nxm_header with nxm_hasmask=0. See the documentation for |
547 | * NXAST_REG_MOVE, above, for the permitted fields and for the side effects of | |
548 | * loading them. | |
b6c9e612 BP |
549 | * |
550 | * The 'ofs' and 'n_bits' fields are combined into a single 'ofs_nbits' field | |
551 | * to avoid enlarging the structure by another 8 bytes. To allow 'n_bits' to | |
552 | * take a value between 1 and 64 (inclusive) while taking up only 6 bits, it is | |
553 | * also stored as one less than its true value: | |
554 | * | |
555 | * 15 6 5 0 | |
556 | * +------------------------------+------------------+ | |
557 | * | ofs | n_bits - 1 | | |
558 | * +------------------------------+------------------+ | |
559 | * | |
560 | * The switch will reject actions for which ofs+n_bits is greater than the | |
561 | * width of 'dst', or in which any bits in 'value' with value 2**n_bits or | |
562 | * greater are set to 1, with error type OFPET_BAD_ACTION, code | |
563 | * OFPBAC_BAD_ARGUMENT. | |
564 | */ | |
565 | struct nx_action_reg_load { | |
566 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
9c59112b | 567 | ovs_be16 len; /* Length is 24. */ |
b6c9e612 BP |
568 | ovs_be32 vendor; /* NX_VENDOR_ID. */ |
569 | ovs_be16 subtype; /* NXAST_REG_LOAD. */ | |
570 | ovs_be16 ofs_nbits; /* (ofs << 6) | (n_bits - 1). */ | |
571 | ovs_be32 dst; /* Destination register. */ | |
572 | ovs_be64 value; /* Immediate value. */ | |
573 | }; | |
574 | OFP_ASSERT(sizeof(struct nx_action_reg_load) == 24); | |
575 | ||
bd85dac1 AZ |
576 | /* Action structure for NXAST_STACK_PUSH and NXAST_STACK_POP. |
577 | * | |
578 | * Pushes (or pops) field[offset: offset + n_bits] to (or from) | |
579 | * top of the stack. | |
580 | */ | |
581 | struct nx_action_stack { | |
582 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
583 | ovs_be16 len; /* Length is 16. */ | |
584 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
1d9df6a1 | 585 | ovs_be16 subtype; /* NXAST_STACK_PUSH or NXAST_STACK_POP. */ |
bd85dac1 AZ |
586 | ovs_be16 offset; /* Bit offset into the field. */ |
587 | ovs_be32 field; /* The field used for push or pop. */ | |
588 | ovs_be16 n_bits; /* (n_bits + 1) bits of the field. */ | |
589 | uint8_t zero[6]; /* Reserved, must be zero. */ | |
590 | }; | |
591 | OFP_ASSERT(sizeof(struct nx_action_stack) == 24); | |
592 | ||
96fc46e8 BP |
593 | /* Action structure for NXAST_NOTE. |
594 | * | |
595 | * This action has no effect. It is variable length. The switch does not | |
596 | * attempt to interpret the user-defined 'note' data in any way. A controller | |
597 | * can use this action to attach arbitrary metadata to a flow. | |
598 | * | |
599 | * This action might go away in the future. | |
600 | */ | |
601 | struct nx_action_note { | |
459749fe BP |
602 | ovs_be16 type; /* OFPAT_VENDOR. */ |
603 | ovs_be16 len; /* A multiple of 8, but at least 16. */ | |
604 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
605 | ovs_be16 subtype; /* NXAST_NOTE. */ | |
96fc46e8 BP |
606 | uint8_t note[6]; /* Start of user-defined data. */ |
607 | /* Possibly followed by additional user-defined data. */ | |
608 | }; | |
609 | OFP_ASSERT(sizeof(struct nx_action_note) == 16); | |
610 | ||
53ddd40a BP |
611 | /* Action structure for NXAST_MULTIPATH. |
612 | * | |
613 | * This action performs the following steps in sequence: | |
614 | * | |
520e9a2a | 615 | * 1. Hashes the fields designated by 'fields', one of NX_HASH_FIELDS_*. |
53ddd40a BP |
616 | * Refer to the definition of "enum nx_mp_fields" for details. |
617 | * | |
618 | * The 'basis' value is used as a universal hash parameter, that is, | |
619 | * different values of 'basis' yield different hash functions. The | |
620 | * particular universal hash function used is implementation-defined. | |
621 | * | |
622 | * The hashed fields' values are drawn from the current state of the | |
623 | * flow, including all modifications that have been made by actions up to | |
624 | * this point. | |
625 | * | |
626 | * 2. Applies the multipath link choice algorithm specified by 'algorithm', | |
627 | * one of NX_MP_ALG_*. Refer to the definition of "enum nx_mp_algorithm" | |
628 | * for details. | |
629 | * | |
630 | * The output of the algorithm is 'link', an unsigned integer less than | |
631 | * or equal to 'max_link'. | |
632 | * | |
633 | * Some algorithms use 'arg' as an additional argument. | |
634 | * | |
635 | * 3. Stores 'link' in dst[ofs:ofs+n_bits]. The format and semantics of | |
338bd6a0 | 636 | * 'dst' and 'ofs_nbits' are similar to those for the NXAST_REG_LOAD |
43edca57 | 637 | * action. |
53ddd40a BP |
638 | * |
639 | * The switch will reject actions that have an unknown 'fields', or an unknown | |
640 | * 'algorithm', or in which ofs+n_bits is greater than the width of 'dst', or | |
641 | * in which 'max_link' is greater than or equal to 2**n_bits, with error type | |
642 | * OFPET_BAD_ACTION, code OFPBAC_BAD_ARGUMENT. | |
643 | */ | |
644 | struct nx_action_multipath { | |
645 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
646 | ovs_be16 len; /* Length is 32. */ | |
647 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
648 | ovs_be16 subtype; /* NXAST_MULTIPATH. */ | |
649 | ||
650 | /* What fields to hash and how. */ | |
520e9a2a | 651 | ovs_be16 fields; /* One of NX_HASH_FIELDS_*. */ |
53ddd40a BP |
652 | ovs_be16 basis; /* Universal hash parameter. */ |
653 | ovs_be16 pad0; | |
654 | ||
655 | /* Multipath link choice algorithm to apply to hash value. */ | |
656 | ovs_be16 algorithm; /* One of NX_MP_ALG_*. */ | |
657 | ovs_be16 max_link; /* Number of output links, minus 1. */ | |
658 | ovs_be32 arg; /* Algorithm-specific argument. */ | |
659 | ovs_be16 pad1; | |
660 | ||
661 | /* Where to store the result. */ | |
662 | ovs_be16 ofs_nbits; /* (ofs << 6) | (n_bits - 1). */ | |
43edca57 | 663 | ovs_be32 dst; /* Destination. */ |
53ddd40a BP |
664 | }; |
665 | OFP_ASSERT(sizeof(struct nx_action_multipath) == 32); | |
666 | ||
53ddd40a BP |
667 | /* NXAST_MULTIPATH: Multipath link choice algorithm to apply. |
668 | * | |
669 | * In the descriptions below, 'n_links' is max_link + 1. */ | |
670 | enum nx_mp_algorithm { | |
671 | /* link = hash(flow) % n_links. | |
672 | * | |
673 | * Redistributes all traffic when n_links changes. O(1) performance. See | |
674 | * RFC 2992. | |
675 | * | |
676 | * Use UINT16_MAX for max_link to get a raw hash value. */ | |
677 | NX_MP_ALG_MODULO_N, | |
678 | ||
679 | /* link = hash(flow) / (MAX_HASH / n_links). | |
680 | * | |
681 | * Redistributes between one-quarter and one-half of traffic when n_links | |
682 | * changes. O(1) performance. See RFC 2992. | |
683 | */ | |
684 | NX_MP_ALG_HASH_THRESHOLD, | |
685 | ||
686 | /* for i in [0,n_links): | |
687 | * weights[i] = hash(flow, i) | |
688 | * link = { i such that weights[i] >= weights[j] for all j != i } | |
689 | * | |
690 | * Redistributes 1/n_links of traffic when n_links changes. O(n_links) | |
691 | * performance. If n_links is greater than a threshold (currently 64, but | |
692 | * subject to change), Open vSwitch will substitute another algorithm | |
693 | * automatically. See RFC 2992. */ | |
694 | NX_MP_ALG_HRW, /* Highest Random Weight. */ | |
695 | ||
696 | /* i = 0 | |
697 | * repeat: | |
698 | * i = i + 1 | |
699 | * link = hash(flow, i) % arg | |
700 | * while link > max_link | |
701 | * | |
702 | * Redistributes 1/n_links of traffic when n_links changes. O(1) | |
703 | * performance when arg/max_link is bounded by a constant. | |
704 | * | |
705 | * Redistributes all traffic when arg changes. | |
706 | * | |
707 | * arg must be greater than max_link and for best performance should be no | |
708 | * more than approximately max_link * 2. If arg is outside the acceptable | |
709 | * range, Open vSwitch will automatically substitute the least power of 2 | |
710 | * greater than max_link. | |
711 | * | |
712 | * This algorithm is specific to Open vSwitch. | |
713 | */ | |
714 | NX_MP_ALG_ITER_HASH /* Iterative Hash. */ | |
715 | }; | |
09246b99 | 716 | \f |
75a75043 BP |
717 | /* Action structure for NXAST_LEARN. |
718 | * | |
719 | * This action adds or modifies a flow in an OpenFlow table, similar to | |
720 | * OFPT_FLOW_MOD with OFPFC_MODIFY_STRICT as 'command'. The new flow has the | |
721 | * specified idle timeout, hard timeout, priority, cookie, and flags. The new | |
722 | * flow's match criteria and actions are built by applying each of the series | |
723 | * of flow_mod_spec elements included as part of the action. | |
724 | * | |
725 | * A flow_mod_spec starts with a 16-bit header. A header that is all-bits-0 is | |
726 | * a no-op used for padding the action as a whole to a multiple of 8 bytes in | |
727 | * length. Otherwise, the flow_mod_spec can be thought of as copying 'n_bits' | |
728 | * bits from a source to a destination. In this case, the header contains | |
729 | * multiple fields: | |
730 | * | |
731 | * 15 14 13 12 11 10 0 | |
732 | * +------+---+------+---------------------------------+ | |
733 | * | 0 |src| dst | n_bits | | |
734 | * +------+---+------+---------------------------------+ | |
735 | * | |
736 | * The meaning and format of a flow_mod_spec depends on 'src' and 'dst'. The | |
737 | * following table summarizes the meaning of each possible combination. | |
738 | * Details follow the table: | |
739 | * | |
740 | * src dst meaning | |
741 | * --- --- ---------------------------------------------------------- | |
742 | * 0 0 Add match criteria based on value in a field. | |
743 | * 1 0 Add match criteria based on an immediate value. | |
744 | * 0 1 Add NXAST_REG_LOAD action to copy field into a different field. | |
745 | * 1 1 Add NXAST_REG_LOAD action to load immediate value into a field. | |
746 | * 0 2 Add OFPAT_OUTPUT action to output to port from specified field. | |
747 | * All other combinations are undefined and not allowed. | |
748 | * | |
749 | * The flow_mod_spec header is followed by a source specification and a | |
750 | * destination specification. The format and meaning of the source | |
751 | * specification depends on 'src': | |
752 | * | |
753 | * - If 'src' is 0, the source bits are taken from a field in the flow to | |
754 | * which this action is attached. (This should be a wildcarded field. If | |
755 | * its value is fully specified then the source bits being copied have | |
756 | * constant values.) | |
757 | * | |
758 | * The source specification is an ovs_be32 'field' and an ovs_be16 'ofs'. | |
759 | * 'field' is an nxm_header with nxm_hasmask=0, and 'ofs' the starting bit | |
760 | * offset within that field. The source bits are field[ofs:ofs+n_bits-1]. | |
761 | * 'field' and 'ofs' are subject to the same restrictions as the source | |
762 | * field in NXAST_REG_MOVE. | |
763 | * | |
764 | * - If 'src' is 1, the source bits are a constant value. The source | |
765 | * specification is (n_bits+15)/16*2 bytes long. Taking those bytes as a | |
766 | * number in network order, the source bits are the 'n_bits' | |
767 | * least-significant bits. The switch will report an error if other bits | |
768 | * in the constant are nonzero. | |
769 | * | |
770 | * The flow_mod_spec destination specification, for 'dst' of 0 or 1, is an | |
771 | * ovs_be32 'field' and an ovs_be16 'ofs'. 'field' is an nxm_header with | |
772 | * nxm_hasmask=0 and 'ofs' is a starting bit offset within that field. The | |
773 | * meaning of the flow_mod_spec depends on 'dst': | |
774 | * | |
775 | * - If 'dst' is 0, the flow_mod_spec specifies match criteria for the new | |
776 | * flow. The new flow matches only if bits field[ofs:ofs+n_bits-1] in a | |
777 | * packet equal the source bits. 'field' may be any nxm_header with | |
778 | * nxm_hasmask=0 that is allowed in NXT_FLOW_MOD. | |
779 | * | |
780 | * Order is significant. Earlier flow_mod_specs must satisfy any | |
781 | * prerequisites for matching fields specified later, by copying constant | |
782 | * values into prerequisite fields. | |
783 | * | |
784 | * The switch will reject flow_mod_specs that do not satisfy NXM masking | |
785 | * restrictions. | |
786 | * | |
787 | * - If 'dst' is 1, the flow_mod_spec specifies an NXAST_REG_LOAD action for | |
788 | * the new flow. The new flow copies the source bits into | |
789 | * field[ofs:ofs+n_bits-1]. Actions are executed in the same order as the | |
790 | * flow_mod_specs. | |
791 | * | |
337b9cec BP |
792 | * A single NXAST_REG_LOAD action writes no more than 64 bits, so n_bits |
793 | * greater than 64 yields multiple NXAST_REG_LOAD actions. | |
794 | * | |
75a75043 BP |
795 | * The flow_mod_spec destination spec for 'dst' of 2 (when 'src' is 0) is |
796 | * empty. It has the following meaning: | |
797 | * | |
798 | * - The flow_mod_spec specifies an OFPAT_OUTPUT action for the new flow. | |
799 | * The new flow outputs to the OpenFlow port specified by the source field. | |
800 | * Of the special output ports with value OFPP_MAX or larger, OFPP_IN_PORT, | |
801 | * OFPP_FLOOD, OFPP_LOCAL, and OFPP_ALL are supported. Other special ports | |
802 | * may not be used. | |
803 | * | |
804 | * Resource Management | |
805 | * ------------------- | |
806 | * | |
807 | * A switch has a finite amount of flow table space available for learning. | |
808 | * When this space is exhausted, no new learning table entries will be learned | |
809 | * until some existing flow table entries expire. The controller should be | |
810 | * prepared to handle this by flooding (which can be implemented as a | |
811 | * low-priority flow). | |
812 | * | |
0e553d9c BP |
813 | * If a learned flow matches a single TCP stream with a relatively long |
814 | * timeout, one may make the best of resource constraints by setting | |
815 | * 'fin_idle_timeout' or 'fin_hard_timeout' (both measured in seconds), or | |
816 | * both, to shorter timeouts. When either of these is specified as a nonzero | |
817 | * value, OVS adds a NXAST_FIN_TIMEOUT action, with the specified timeouts, to | |
818 | * the learned flow. | |
819 | * | |
75a75043 BP |
820 | * Examples |
821 | * -------- | |
822 | * | |
823 | * The following examples give a prose description of the flow_mod_specs along | |
824 | * with informal notation for how those would be represented and a hex dump of | |
825 | * the bytes that would be required. | |
826 | * | |
827 | * These examples could work with various nx_action_learn parameters. Typical | |
828 | * values would be idle_timeout=OFP_FLOW_PERMANENT, hard_timeout=60, | |
829 | * priority=OFP_DEFAULT_PRIORITY, flags=0, table_id=10. | |
830 | * | |
831 | * 1. Learn input port based on the source MAC, with lookup into | |
832 | * NXM_NX_REG1[16:31] by resubmit to in_port=99: | |
833 | * | |
834 | * Match on in_port=99: | |
835 | * ovs_be16(src=1, dst=0, n_bits=16), 20 10 | |
836 | * ovs_be16(99), 00 63 | |
837 | * ovs_be32(NXM_OF_IN_PORT), ovs_be16(0) 00 00 00 02 00 00 | |
838 | * | |
839 | * Match Ethernet destination on Ethernet source from packet: | |
840 | * ovs_be16(src=0, dst=0, n_bits=48), 00 30 | |
841 | * ovs_be32(NXM_OF_ETH_SRC), ovs_be16(0) 00 00 04 06 00 00 | |
842 | * ovs_be32(NXM_OF_ETH_DST), ovs_be16(0) 00 00 02 06 00 00 | |
843 | * | |
844 | * Set NXM_NX_REG1[16:31] to the packet's input port: | |
845 | * ovs_be16(src=0, dst=1, n_bits=16), 08 10 | |
846 | * ovs_be32(NXM_OF_IN_PORT), ovs_be16(0) 00 00 00 02 00 00 | |
847 | * ovs_be32(NXM_NX_REG1), ovs_be16(16) 00 01 02 04 00 10 | |
848 | * | |
849 | * Given a packet that arrived on port A with Ethernet source address B, | |
850 | * this would set up the flow "in_port=99, dl_dst=B, | |
851 | * actions=load:A->NXM_NX_REG1[16..31]". | |
852 | * | |
853 | * In syntax accepted by ovs-ofctl, this action is: learn(in_port=99, | |
eddfcba7 BP |
854 | * NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], |
855 | * load:NXM_OF_IN_PORT[]->NXM_NX_REG1[16..31]) | |
75a75043 BP |
856 | * |
857 | * 2. Output to input port based on the source MAC and VLAN VID, with lookup | |
858 | * into NXM_NX_REG1[16:31]: | |
859 | * | |
860 | * Match on same VLAN ID as packet: | |
861 | * ovs_be16(src=0, dst=0, n_bits=12), 00 0c | |
862 | * ovs_be32(NXM_OF_VLAN_TCI), ovs_be16(0) 00 00 08 02 00 00 | |
863 | * ovs_be32(NXM_OF_VLAN_TCI), ovs_be16(0) 00 00 08 02 00 00 | |
864 | * | |
865 | * Match Ethernet destination on Ethernet source from packet: | |
866 | * ovs_be16(src=0, dst=0, n_bits=48), 00 30 | |
867 | * ovs_be32(NXM_OF_ETH_SRC), ovs_be16(0) 00 00 04 06 00 00 | |
868 | * ovs_be32(NXM_OF_ETH_DST), ovs_be16(0) 00 00 02 06 00 00 | |
869 | * | |
870 | * Output to the packet's input port: | |
871 | * ovs_be16(src=0, dst=2, n_bits=16), 10 10 | |
872 | * ovs_be32(NXM_OF_IN_PORT), ovs_be16(0) 00 00 00 02 00 00 | |
873 | * | |
874 | * Given a packet that arrived on port A with Ethernet source address B in | |
875 | * VLAN C, this would set up the flow "dl_dst=B, vlan_vid=C, | |
876 | * actions=output:A". | |
877 | * | |
878 | * In syntax accepted by ovs-ofctl, this action is: | |
879 | * learn(NXM_OF_VLAN_TCI[0..11], NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], | |
880 | * output:NXM_OF_IN_PORT[]) | |
881 | * | |
882 | * 3. Here's a recipe for a very simple-minded MAC learning switch. It uses a | |
883 | * 10-second MAC expiration time to make it easier to see what's going on | |
884 | * | |
885 | * ovs-vsctl del-controller br0 | |
886 | * ovs-ofctl del-flows br0 | |
887 | * ovs-ofctl add-flow br0 "table=0 actions=learn(table=1, \ | |
888 | hard_timeout=10, NXM_OF_VLAN_TCI[0..11], \ | |
889 | NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], \ | |
890 | output:NXM_OF_IN_PORT[]), resubmit(,1)" | |
891 | * ovs-ofctl add-flow br0 "table=1 priority=0 actions=flood" | |
892 | * | |
893 | * You can then dump the MAC learning table with: | |
894 | * | |
895 | * ovs-ofctl dump-flows br0 table=1 | |
896 | * | |
897 | * Usage Advice | |
898 | * ------------ | |
899 | * | |
900 | * For best performance, segregate learned flows into a table that is not used | |
901 | * for any other flows except possibly for a lowest-priority "catch-all" flow | |
902 | * (a flow with no match criteria). If different learning actions specify | |
903 | * different match criteria, use different tables for the learned flows. | |
904 | * | |
905 | * The meaning of 'hard_timeout' and 'idle_timeout' can be counterintuitive. | |
906 | * These timeouts apply to the flow that is added, which means that a flow with | |
907 | * an idle timeout will expire when no traffic has been sent *to* the learned | |
908 | * address. This is not usually the intent in MAC learning; instead, we want | |
909 | * the MAC learn entry to expire when no traffic has been sent *from* the | |
910 | * learned address. Use a hard timeout for that. | |
911 | */ | |
912 | struct nx_action_learn { | |
913 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
914 | ovs_be16 len; /* At least 24. */ | |
915 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
916 | ovs_be16 subtype; /* NXAST_LEARN. */ | |
917 | ovs_be16 idle_timeout; /* Idle time before discarding (seconds). */ | |
918 | ovs_be16 hard_timeout; /* Max time before discarding (seconds). */ | |
919 | ovs_be16 priority; /* Priority level of flow entry. */ | |
920 | ovs_be64 cookie; /* Cookie for new flow. */ | |
921 | ovs_be16 flags; /* Either 0 or OFPFF_SEND_FLOW_REM. */ | |
922 | uint8_t table_id; /* Table to insert flow entry. */ | |
0e553d9c BP |
923 | uint8_t pad; /* Must be zero. */ |
924 | ovs_be16 fin_idle_timeout; /* Idle timeout after FIN, if nonzero. */ | |
925 | ovs_be16 fin_hard_timeout; /* Hard timeout after FIN, if nonzero. */ | |
75a75043 BP |
926 | /* Followed by a sequence of flow_mod_spec elements, as described above, |
927 | * until the end of the action is reached. */ | |
928 | }; | |
929 | OFP_ASSERT(sizeof(struct nx_action_learn) == 32); | |
930 | ||
931 | #define NX_LEARN_N_BITS_MASK 0x3ff | |
932 | ||
933 | #define NX_LEARN_SRC_FIELD (0 << 13) /* Copy from field. */ | |
934 | #define NX_LEARN_SRC_IMMEDIATE (1 << 13) /* Copy from immediate value. */ | |
935 | #define NX_LEARN_SRC_MASK (1 << 13) | |
936 | ||
937 | #define NX_LEARN_DST_MATCH (0 << 11) /* Add match criterion. */ | |
938 | #define NX_LEARN_DST_LOAD (1 << 11) /* Add NXAST_REG_LOAD action. */ | |
939 | #define NX_LEARN_DST_OUTPUT (2 << 11) /* Add OFPAT_OUTPUT action. */ | |
940 | #define NX_LEARN_DST_RESERVED (3 << 11) /* Not yet defined. */ | |
941 | #define NX_LEARN_DST_MASK (3 << 11) | |
0e553d9c BP |
942 | |
943 | /* Action structure for NXAST_FIN_TIMEOUT. | |
944 | * | |
945 | * This action changes the idle timeout or hard timeout, or both, of this | |
946 | * OpenFlow rule when the rule matches a TCP packet with the FIN or RST flag. | |
947 | * When such a packet is observed, the action reduces the rule's idle timeout | |
948 | * to 'fin_idle_timeout' and its hard timeout to 'fin_hard_timeout'. This | |
949 | * action has no effect on an existing timeout that is already shorter than the | |
950 | * one that the action specifies. A 'fin_idle_timeout' or 'fin_hard_timeout' | |
951 | * of zero has no effect on the respective timeout. | |
952 | * | |
953 | * 'fin_idle_timeout' and 'fin_hard_timeout' are measured in seconds. | |
954 | * 'fin_hard_timeout' specifies time since the flow's creation, not since the | |
955 | * receipt of the FIN or RST. | |
956 | * | |
957 | * This is useful for quickly discarding learned TCP flows that otherwise will | |
958 | * take a long time to expire. | |
959 | * | |
960 | * This action is intended for use with an OpenFlow rule that matches only a | |
961 | * single TCP flow. If the rule matches multiple TCP flows (e.g. it wildcards | |
962 | * all TCP traffic, or all TCP traffic to a particular port), then any FIN or | |
963 | * RST in any of those flows will cause the entire OpenFlow rule to expire | |
964 | * early, which is not normally desirable. | |
965 | */ | |
966 | struct nx_action_fin_timeout { | |
967 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
968 | ovs_be16 len; /* 16. */ | |
969 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
970 | ovs_be16 subtype; /* NXAST_FIN_TIMEOUT. */ | |
971 | ovs_be16 fin_idle_timeout; /* New idle timeout, if nonzero. */ | |
972 | ovs_be16 fin_hard_timeout; /* New hard timeout, if nonzero. */ | |
973 | ovs_be16 pad; /* Must be zero. */ | |
974 | }; | |
975 | OFP_ASSERT(sizeof(struct nx_action_fin_timeout) == 16); | |
75a75043 | 976 | \f |
a368bb53 | 977 | /* Action structure for NXAST_BUNDLE and NXAST_BUNDLE_LOAD. |
daff3353 | 978 | * |
a368bb53 EJ |
979 | * The bundle actions choose a slave from a supplied list of options. |
980 | * NXAST_BUNDLE outputs to its selection. NXAST_BUNDLE_LOAD writes its | |
981 | * selection to a register. | |
daff3353 EJ |
982 | * |
983 | * The list of possible slaves follows the nx_action_bundle structure. The size | |
984 | * of each slave is governed by its type as indicated by the 'slave_type' | |
985 | * parameter. The list of slaves should be padded at its end with zeros to make | |
986 | * the total length of the action a multiple of 8. | |
987 | * | |
988 | * Switches infer from the 'slave_type' parameter the size of each slave. All | |
989 | * implementations must support the NXM_OF_IN_PORT 'slave_type' which indicates | |
990 | * that the slaves are OpenFlow port numbers with NXM_LENGTH(NXM_OF_IN_PORT) == | |
991 | * 2 byte width. Switches should reject actions which indicate unknown or | |
992 | * unsupported slave types. | |
993 | * | |
994 | * Switches use a strategy dictated by the 'algorithm' parameter to choose a | |
995 | * slave. If the switch does not support the specified 'algorithm' parameter, | |
996 | * it should reject the action. | |
997 | * | |
439e4d8c EJ |
998 | * Several algorithms take into account liveness when selecting slaves. The |
999 | * liveness of a slave is implementation defined (with one exception), but will | |
1000 | * generally take into account things like its carrier status and the results | |
1001 | * of any link monitoring protocols which happen to be running on it. In order | |
1002 | * to give controllers a place-holder value, the OFPP_NONE port is always | |
1003 | * considered live. | |
1004 | * | |
daff3353 EJ |
1005 | * Some slave selection strategies require the use of a hash function, in which |
1006 | * case the 'fields' and 'basis' parameters should be populated. The 'fields' | |
1007 | * parameter (one of NX_HASH_FIELDS_*) designates which parts of the flow to | |
1008 | * hash. Refer to the definition of "enum nx_hash_fields" for details. The | |
1009 | * 'basis' parameter is used as a universal hash parameter. Different values | |
1010 | * of 'basis' yield different hash results. | |
1011 | * | |
1012 | * The 'zero' parameter at the end of the action structure is reserved for | |
1013 | * future use. Switches are required to reject actions which have nonzero | |
a368bb53 EJ |
1014 | * bytes in the 'zero' field. |
1015 | * | |
1016 | * NXAST_BUNDLE actions should have 'ofs_nbits' and 'dst' zeroed. Switches | |
1017 | * should reject actions which have nonzero bytes in either of these fields. | |
1018 | * | |
1019 | * NXAST_BUNDLE_LOAD stores the OpenFlow port number of the selected slave in | |
1020 | * dst[ofs:ofs+n_bits]. The format and semantics of 'dst' and 'ofs_nbits' are | |
1021 | * similar to those for the NXAST_REG_LOAD action. */ | |
daff3353 EJ |
1022 | struct nx_action_bundle { |
1023 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
1024 | ovs_be16 len; /* Length including slaves. */ | |
1025 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
799d2bfa | 1026 | ovs_be16 subtype; /* NXAST_BUNDLE or NXAST_BUNDLE_LOAD. */ |
daff3353 EJ |
1027 | |
1028 | /* Slave choice algorithm to apply to hash value. */ | |
1029 | ovs_be16 algorithm; /* One of NX_BD_ALG_*. */ | |
1030 | ||
1031 | /* What fields to hash and how. */ | |
735bc64a | 1032 | ovs_be16 fields; /* One of NX_HASH_FIELDS_*. */ |
daff3353 EJ |
1033 | ovs_be16 basis; /* Universal hash parameter. */ |
1034 | ||
1035 | ovs_be32 slave_type; /* NXM_OF_IN_PORT. */ | |
1036 | ovs_be16 n_slaves; /* Number of slaves. */ | |
1037 | ||
a368bb53 EJ |
1038 | ovs_be16 ofs_nbits; /* (ofs << 6) | (n_bits - 1). */ |
1039 | ovs_be32 dst; /* Destination. */ | |
1040 | ||
1041 | uint8_t zero[4]; /* Reserved. Must be zero. */ | |
daff3353 EJ |
1042 | }; |
1043 | OFP_ASSERT(sizeof(struct nx_action_bundle) == 32); | |
1044 | ||
1045 | /* NXAST_BUNDLE: Bundle slave choice algorithm to apply. | |
1046 | * | |
1047 | * In the descriptions below, 'slaves' is the list of possible slaves in the | |
1048 | * order they appear in the OpenFlow action. */ | |
1049 | enum nx_bd_algorithm { | |
1050 | /* Chooses the first live slave listed in the bundle. | |
1051 | * | |
1052 | * O(n_slaves) performance. */ | |
1053 | NX_BD_ALG_ACTIVE_BACKUP, | |
1054 | ||
1055 | /* for i in [0,n_slaves): | |
1056 | * weights[i] = hash(flow, i) | |
1057 | * slave = { slaves[i] such that weights[i] >= weights[j] for all j != i } | |
1058 | * | |
1059 | * Redistributes 1/n_slaves of traffic when a slave's liveness changes. | |
1060 | * O(n_slaves) performance. | |
1061 | * | |
1062 | * Uses the 'fields' and 'basis' parameters. */ | |
1063 | NX_BD_ALG_HRW /* Highest Random Weight. */ | |
1064 | }; | |
c2d967a5 MM |
1065 | |
1066 | \f | |
1067 | /* Action structure for NXAST_DEC_TTL_CNT_IDS. | |
1068 | * | |
1069 | * If the packet is not IPv4 or IPv6, does nothing. For IPv4 or IPv6, if the | |
1070 | * TTL or hop limit is at least 2, decrements it by 1. Otherwise, if TTL or | |
1071 | * hop limit is 0 or 1, sends a packet-in to the controllers with each of the | |
1072 | * 'n_controllers' controller IDs specified in 'cnt_ids'. | |
1073 | * | |
1074 | * (This differs from NXAST_DEC_TTL in that for NXAST_DEC_TTL the packet-in is | |
1075 | * sent only to controllers with id 0.) | |
1076 | */ | |
1077 | struct nx_action_cnt_ids { | |
1078 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
1079 | ovs_be16 len; /* Length including slaves. */ | |
1080 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
1081 | ovs_be16 subtype; /* NXAST_DEC_TTL_CNT_IDS. */ | |
1082 | ||
1083 | ovs_be16 n_controllers; /* Number of controllers. */ | |
1084 | uint8_t zeros[4]; /* Must be zero. */ | |
1085 | ||
1086 | /* Followed by 1 or more controller ids. | |
1087 | * | |
1088 | * uint16_t cnt_ids[]; // Controller ids. | |
1089 | * uint8_t pad[]; // Must be 0 to 8-byte align cnt_ids[]. | |
1090 | */ | |
1091 | }; | |
1092 | OFP_ASSERT(sizeof(struct nx_action_cnt_ids) == 16); | |
1093 | ||
daff3353 | 1094 | \f |
f694937d EJ |
1095 | /* Action structure for NXAST_OUTPUT_REG. |
1096 | * | |
1097 | * Outputs to the OpenFlow port number written to src[ofs:ofs+nbits]. | |
1098 | * | |
1099 | * The format and semantics of 'src' and 'ofs_nbits' are similar to those for | |
1100 | * the NXAST_REG_LOAD action. | |
1101 | * | |
1102 | * The acceptable nxm_header values for 'src' are the same as the acceptable | |
1103 | * nxm_header values for the 'src' field of NXAST_REG_MOVE. | |
1104 | * | |
1105 | * The 'max_len' field indicates the number of bytes to send when the chosen | |
1106 | * port is OFPP_CONTROLLER. Its semantics are equivalent to the 'max_len' | |
1107 | * field of OFPAT_OUTPUT. | |
1108 | * | |
1109 | * The 'zero' field is required to be zeroed for forward compatibility. */ | |
1110 | struct nx_action_output_reg { | |
1111 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
1112 | ovs_be16 len; /* 24. */ | |
1113 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
1114 | ovs_be16 subtype; /* NXAST_OUTPUT_REG. */ | |
1115 | ||
1116 | ovs_be16 ofs_nbits; /* (ofs << 6) | (n_bits - 1). */ | |
1117 | ovs_be32 src; /* Source. */ | |
1118 | ||
1119 | ovs_be16 max_len; /* Max length to send to controller. */ | |
1120 | ||
1121 | uint8_t zero[6]; /* Reserved, must be zero. */ | |
1122 | }; | |
1123 | OFP_ASSERT(sizeof(struct nx_action_output_reg) == 24); | |
1124 | \f | |
848e8809 EJ |
1125 | /* NXAST_EXIT |
1126 | * | |
1127 | * Discontinues action processing. | |
1128 | * | |
1129 | * The NXAST_EXIT action causes the switch to immediately halt processing | |
1130 | * actions for the flow. Any actions which have already been processed are | |
1131 | * executed by the switch. However, any further actions, including those which | |
1132 | * may be in different tables, or different levels of the NXAST_RESUBMIT | |
1133 | * hierarchy, will be ignored. | |
1134 | * | |
1135 | * Uses the nx_action_header structure. */ | |
1136 | \f | |
09246b99 BP |
1137 | /* Flexible flow specifications (aka NXM = Nicira Extended Match). |
1138 | * | |
eec25dc1 | 1139 | * OpenFlow 1.0 has "struct ofp10_match" for specifying flow matches. This |
09246b99 BP |
1140 | * structure is fixed-length and hence difficult to extend. This section |
1141 | * describes a more flexible, variable-length flow match, called "nx_match" for | |
1142 | * short, that is also supported by Open vSwitch. This section also defines a | |
eec25dc1 | 1143 | * replacement for each OpenFlow message that includes struct ofp10_match. |
09246b99 BP |
1144 | * |
1145 | * | |
1146 | * Format | |
1147 | * ====== | |
1148 | * | |
1149 | * An nx_match is a sequence of zero or more "nxm_entry"s, which are | |
1150 | * type-length-value (TLV) entries, each 5 to 259 (inclusive) bytes long. | |
1151 | * "nxm_entry"s are not aligned on or padded to any multibyte boundary. The | |
1152 | * first 4 bytes of an nxm_entry are its "header", followed by the entry's | |
1153 | * "body". | |
1154 | * | |
1155 | * An nxm_entry's header is interpreted as a 32-bit word in network byte order: | |
1156 | * | |
1157 | * |<-------------------- nxm_type ------------------>| | |
1158 | * | | | |
1159 | * |31 16 15 9| 8 7 0 | |
1160 | * +----------------------------------+---------------+--+------------------+ | |
1161 | * | nxm_vendor | nxm_field |hm| nxm_length | | |
1162 | * +----------------------------------+---------------+--+------------------+ | |
1163 | * | |
1164 | * The most-significant 23 bits of the header are collectively "nxm_type". | |
1165 | * Bits 16...31 are "nxm_vendor", one of the NXM_VENDOR_* values below. Bits | |
1166 | * 9...15 are "nxm_field", which is a vendor-specific value. nxm_type normally | |
1167 | * designates a protocol header, such as the Ethernet type, but it can also | |
1168 | * refer to packet metadata, such as the switch port on which a packet arrived. | |
1169 | * | |
1170 | * Bit 8 is "nxm_hasmask" (labeled "hm" above for space reasons). The meaning | |
1171 | * of this bit is explained later. | |
1172 | * | |
1173 | * The least-significant 8 bits are "nxm_length", a positive integer. The | |
1174 | * length of the nxm_entry, including the header, is exactly 4 + nxm_length | |
1175 | * bytes. | |
1176 | * | |
1177 | * For a given nxm_vendor, nxm_field, and nxm_hasmask value, nxm_length is a | |
1178 | * constant. It is included only to allow software to minimally parse | |
1179 | * "nxm_entry"s of unknown types. (Similarly, for a given nxm_vendor, | |
1180 | * nxm_field, and nxm_length, nxm_hasmask is a constant.) | |
1181 | * | |
1182 | * | |
1183 | * Semantics | |
1184 | * ========= | |
1185 | * | |
1186 | * A zero-length nx_match (one with no "nxm_entry"s) matches every packet. | |
1187 | * | |
1188 | * An nxm_entry places a constraint on the packets matched by the nx_match: | |
1189 | * | |
1190 | * - If nxm_hasmask is 0, the nxm_entry's body contains a value for the | |
1191 | * field, called "nxm_value". The nx_match matches only packets in which | |
1192 | * the field equals nxm_value. | |
1193 | * | |
1194 | * - If nxm_hasmask is 1, then the nxm_entry's body contains a value for the | |
1195 | * field (nxm_value), followed by a bitmask of the same length as the | |
1196 | * value, called "nxm_mask". For each 1-bit in position J in nxm_mask, the | |
1197 | * nx_match matches only packets for which bit J in the given field's value | |
1198 | * matches bit J in nxm_value. A 0-bit in nxm_mask causes the | |
e1cfc4e4 BP |
1199 | * corresponding bit in nxm_value is ignored (it should be 0; Open vSwitch |
1200 | * may enforce this someday), as is the corresponding bit in the field's | |
1201 | * value. (The sense of the nxm_mask bits is the opposite of that used by | |
1202 | * the "wildcards" member of struct ofp10_match.) | |
09246b99 BP |
1203 | * |
1204 | * When nxm_hasmask is 1, nxm_length is always even. | |
1205 | * | |
1206 | * An all-zero-bits nxm_mask is equivalent to omitting the nxm_entry | |
1207 | * entirely. An all-one-bits nxm_mask is equivalent to specifying 0 for | |
1208 | * nxm_hasmask. | |
1209 | * | |
1210 | * When there are multiple "nxm_entry"s, all of the constraints must be met. | |
1211 | * | |
1212 | * | |
1213 | * Mask Restrictions | |
1214 | * ================= | |
1215 | * | |
1216 | * Masks may be restricted: | |
1217 | * | |
1218 | * - Some nxm_types may not support masked wildcards, that is, nxm_hasmask | |
1219 | * must always be 0 when these fields are specified. For example, the | |
1220 | * field that identifies the port on which a packet was received may not be | |
1221 | * masked. | |
1222 | * | |
1223 | * - Some nxm_types that do support masked wildcards may only support certain | |
1224 | * nxm_mask patterns. For example, fields that have IPv4 address values | |
1225 | * may be restricted to CIDR masks. | |
1226 | * | |
1227 | * These restrictions should be noted in specifications for individual fields. | |
1228 | * A switch may accept an nxm_hasmask or nxm_mask value that the specification | |
1229 | * disallows, if the switch correctly implements support for that nxm_hasmask | |
1230 | * or nxm_mask value. A switch must reject an attempt to set up a flow that | |
1231 | * contains a nxm_hasmask or nxm_mask value that it does not support. | |
1232 | * | |
1233 | * | |
1234 | * Prerequisite Restrictions | |
1235 | * ========================= | |
1236 | * | |
1237 | * The presence of an nxm_entry with a given nxm_type may be restricted based | |
1238 | * on the presence of or values of other "nxm_entry"s. For example: | |
1239 | * | |
1240 | * - An nxm_entry for nxm_type=NXM_OF_IP_TOS is allowed only if it is | |
1241 | * preceded by another entry with nxm_type=NXM_OF_ETH_TYPE, nxm_hasmask=0, | |
1242 | * and nxm_value=0x0800. That is, matching on the IP source address is | |
1243 | * allowed only if the Ethernet type is explicitly set to IP. | |
1244 | * | |
e51df1a0 BP |
1245 | * - An nxm_entry for nxm_type=NXM_OF_TCP_SRC is allowed only if it is |
1246 | * preceded by an entry with nxm_type=NXM_OF_ETH_TYPE, nxm_hasmask=0, and | |
1247 | * nxm_value either 0x0800 or 0x86dd, and another with | |
1248 | * nxm_type=NXM_OF_IP_PROTO, nxm_hasmask=0, nxm_value=6, in that order. | |
1249 | * That is, matching on the TCP source port is allowed only if the Ethernet | |
1250 | * type is IP or IPv6 and the IP protocol is TCP. | |
09246b99 BP |
1251 | * |
1252 | * These restrictions should be noted in specifications for individual fields. | |
1253 | * A switch may implement relaxed versions of these restrictions. A switch | |
1254 | * must reject an attempt to set up a flow that violates its restrictions. | |
1255 | * | |
1256 | * | |
1257 | * Ordering Restrictions | |
1258 | * ===================== | |
1259 | * | |
1260 | * An nxm_entry that has prerequisite restrictions must appear after the | |
1261 | * "nxm_entry"s for its prerequisites. Ordering of "nxm_entry"s within an | |
1262 | * nx_match is not otherwise constrained. | |
1263 | * | |
1264 | * Any given nxm_type may appear in an nx_match at most once. | |
1265 | * | |
1266 | * | |
1267 | * nxm_entry Examples | |
1268 | * ================== | |
1269 | * | |
1270 | * These examples show the format of a single nxm_entry with particular | |
1271 | * nxm_hasmask and nxm_length values. The diagrams are labeled with field | |
1272 | * numbers and byte indexes. | |
1273 | * | |
1274 | * | |
be86ea7a | 1275 | * 8-bit nxm_value, nxm_hasmask=1, nxm_length=2: |
09246b99 BP |
1276 | * |
1277 | * 0 3 4 5 | |
1278 | * +------------+---+---+ | |
1279 | * | header | v | m | | |
1280 | * +------------+---+---+ | |
1281 | * | |
1282 | * | |
1283 | * 16-bit nxm_value, nxm_hasmask=0, nxm_length=2: | |
1284 | * | |
1285 | * 0 3 4 5 | |
1286 | * +------------+------+ | |
1287 | * | header | value| | |
1288 | * +------------+------+ | |
1289 | * | |
1290 | * | |
1291 | * 32-bit nxm_value, nxm_hasmask=0, nxm_length=4: | |
1292 | * | |
1293 | * 0 3 4 7 | |
1294 | * +------------+-------------+ | |
1295 | * | header | nxm_value | | |
1296 | * +------------+-------------+ | |
1297 | * | |
1298 | * | |
1299 | * 48-bit nxm_value, nxm_hasmask=0, nxm_length=6: | |
1300 | * | |
1301 | * 0 3 4 9 | |
1302 | * +------------+------------------+ | |
1303 | * | header | nxm_value | | |
1304 | * +------------+------------------+ | |
1305 | * | |
1306 | * | |
1307 | * 48-bit nxm_value, nxm_hasmask=1, nxm_length=12: | |
1308 | * | |
1309 | * 0 3 4 9 10 15 | |
1310 | * +------------+------------------+------------------+ | |
1311 | * | header | nxm_value | nxm_mask | | |
1312 | * +------------+------------------+------------------+ | |
1313 | * | |
1314 | * | |
1315 | * Error Reporting | |
1316 | * =============== | |
1317 | * | |
1318 | * A switch should report an error in an nx_match using error type | |
1319 | * OFPET_BAD_REQUEST and one of the NXBRC_NXM_* codes. Ideally the switch | |
1320 | * should report a specific error code, if one is assigned for the particular | |
1321 | * problem, but NXBRC_NXM_INVALID is also available to report a generic | |
1322 | * nx_match error. | |
1323 | */ | |
1324 | ||
1325 | #define NXM_HEADER__(VENDOR, FIELD, HASMASK, LENGTH) \ | |
1326 | (((VENDOR) << 16) | ((FIELD) << 9) | ((HASMASK) << 8) | (LENGTH)) | |
1327 | #define NXM_HEADER(VENDOR, FIELD, LENGTH) \ | |
1328 | NXM_HEADER__(VENDOR, FIELD, 0, LENGTH) | |
1329 | #define NXM_HEADER_W(VENDOR, FIELD, LENGTH) \ | |
1330 | NXM_HEADER__(VENDOR, FIELD, 1, (LENGTH) * 2) | |
1331 | #define NXM_VENDOR(HEADER) ((HEADER) >> 16) | |
1332 | #define NXM_FIELD(HEADER) (((HEADER) >> 9) & 0x7f) | |
1333 | #define NXM_TYPE(HEADER) (((HEADER) >> 9) & 0x7fffff) | |
1334 | #define NXM_HASMASK(HEADER) (((HEADER) >> 8) & 1) | |
1335 | #define NXM_LENGTH(HEADER) ((HEADER) & 0xff) | |
1336 | ||
1337 | #define NXM_MAKE_WILD_HEADER(HEADER) \ | |
1338 | NXM_HEADER_W(NXM_VENDOR(HEADER), NXM_FIELD(HEADER), NXM_LENGTH(HEADER)) | |
1339 | ||
1340 | /* ## ------------------------------- ## */ | |
1341 | /* ## OpenFlow 1.0-compatible fields. ## */ | |
1342 | /* ## ------------------------------- ## */ | |
1343 | ||
1344 | /* Physical or virtual port on which the packet was received. | |
1345 | * | |
1346 | * Prereqs: None. | |
1347 | * | |
1348 | * Format: 16-bit integer in network byte order. | |
1349 | * | |
1350 | * Masking: Not maskable. */ | |
1351 | #define NXM_OF_IN_PORT NXM_HEADER (0x0000, 0, 2) | |
1352 | ||
1353 | /* Source or destination address in Ethernet header. | |
1354 | * | |
1355 | * Prereqs: None. | |
1356 | * | |
1357 | * Format: 48-bit Ethernet MAC address. | |
1358 | * | |
73c0ce34 JS |
1359 | * Masking: Fully maskable, in versions 1.8 and later. Earlier versions only |
1360 | * supported the following masks for NXM_OF_ETH_DST_W: 00:00:00:00:00:00, | |
1361 | * fe:ff:ff:ff:ff:ff, 01:00:00:00:00:00, ff:ff:ff:ff:ff:ff. */ | |
09246b99 | 1362 | #define NXM_OF_ETH_DST NXM_HEADER (0x0000, 1, 6) |
1e37a2d7 | 1363 | #define NXM_OF_ETH_DST_W NXM_HEADER_W(0x0000, 1, 6) |
09246b99 | 1364 | #define NXM_OF_ETH_SRC NXM_HEADER (0x0000, 2, 6) |
73c0ce34 | 1365 | #define NXM_OF_ETH_SRC_W NXM_HEADER_W(0x0000, 2, 6) |
09246b99 BP |
1366 | |
1367 | /* Packet's Ethernet type. | |
1368 | * | |
1369 | * For an Ethernet II packet this is taken from the Ethernet header. For an | |
1370 | * 802.2 LLC+SNAP header with OUI 00-00-00 this is taken from the SNAP header. | |
1371 | * A packet that has neither format has value 0x05ff | |
1372 | * (OFP_DL_TYPE_NOT_ETH_TYPE). | |
1373 | * | |
1374 | * For a packet with an 802.1Q header, this is the type of the encapsulated | |
1375 | * frame. | |
1376 | * | |
1377 | * Prereqs: None. | |
1378 | * | |
1379 | * Format: 16-bit integer in network byte order. | |
1380 | * | |
1381 | * Masking: Not maskable. */ | |
1382 | #define NXM_OF_ETH_TYPE NXM_HEADER (0x0000, 3, 2) | |
1383 | ||
1384 | /* 802.1Q TCI. | |
1385 | * | |
1386 | * For a packet with an 802.1Q header, this is the Tag Control Information | |
1387 | * (TCI) field, with the CFI bit forced to 1. For a packet with no 802.1Q | |
1388 | * header, this has value 0. | |
1389 | * | |
1390 | * Prereqs: None. | |
1391 | * | |
1392 | * Format: 16-bit integer in network byte order. | |
1393 | * | |
1394 | * Masking: Arbitrary masks. | |
1395 | * | |
1396 | * This field can be used in various ways: | |
1397 | * | |
1398 | * - If it is not constrained at all, the nx_match matches packets without | |
1399 | * an 802.1Q header or with an 802.1Q header that has any TCI value. | |
1400 | * | |
1401 | * - Testing for an exact match with 0 matches only packets without an | |
1402 | * 802.1Q header. | |
1403 | * | |
1404 | * - Testing for an exact match with a TCI value with CFI=1 matches packets | |
1405 | * that have an 802.1Q header with a specified VID and PCP. | |
1406 | * | |
1407 | * - Testing for an exact match with a nonzero TCI value with CFI=0 does | |
1408 | * not make sense. The switch may reject this combination. | |
1409 | * | |
1410 | * - Testing with a specific VID and CFI=1, with nxm_mask=0x1fff, matches | |
1411 | * packets that have an 802.1Q header with that VID (and any PCP). | |
1412 | * | |
1413 | * - Testing with a specific PCP and CFI=1, with nxm_mask=0xf000, matches | |
1414 | * packets that have an 802.1Q header with that PCP (and any VID). | |
1415 | * | |
8ca67760 | 1416 | * - Testing with nxm_value=0, nxm_mask=0x0fff matches packets with no 802.1Q |
09246b99 | 1417 | * header or with an 802.1Q header with a VID of 0. |
8ca67760 BP |
1418 | * |
1419 | * - Testing with nxm_value=0, nxm_mask=0xe000 matches packets with no 802.1Q | |
1420 | * header or with an 802.1Q header with a PCP of 0. | |
1421 | * | |
1422 | * - Testing with nxm_value=0, nxm_mask=0xefff matches packets with no 802.1Q | |
1423 | * header or with an 802.1Q header with both VID and PCP of 0. | |
09246b99 BP |
1424 | */ |
1425 | #define NXM_OF_VLAN_TCI NXM_HEADER (0x0000, 4, 2) | |
1426 | #define NXM_OF_VLAN_TCI_W NXM_HEADER_W(0x0000, 4, 2) | |
1427 | ||
1428 | /* The "type of service" byte of the IP header, with the ECN bits forced to 0. | |
1429 | * | |
d31f1109 | 1430 | * Prereqs: NXM_OF_ETH_TYPE must be either 0x0800 or 0x86dd. |
09246b99 BP |
1431 | * |
1432 | * Format: 8-bit integer with 2 least-significant bits forced to 0. | |
1433 | * | |
1434 | * Masking: Not maskable. */ | |
1435 | #define NXM_OF_IP_TOS NXM_HEADER (0x0000, 5, 1) | |
1436 | ||
1437 | /* The "protocol" byte in the IP header. | |
1438 | * | |
d31f1109 | 1439 | * Prereqs: NXM_OF_ETH_TYPE must be either 0x0800 or 0x86dd. |
09246b99 BP |
1440 | * |
1441 | * Format: 8-bit integer. | |
1442 | * | |
1443 | * Masking: Not maskable. */ | |
1444 | #define NXM_OF_IP_PROTO NXM_HEADER (0x0000, 6, 1) | |
1445 | ||
1446 | /* The source or destination address in the IP header. | |
1447 | * | |
1448 | * Prereqs: NXM_OF_ETH_TYPE must match 0x0800 exactly. | |
1449 | * | |
1450 | * Format: 32-bit integer in network byte order. | |
1451 | * | |
c08201d6 BP |
1452 | * Masking: Fully maskable, in Open vSwitch 1.8 and later. In earlier |
1453 | * versions, only CIDR masks are allowed, that is, masks that consist of N | |
09246b99 BP |
1454 | * high-order bits set to 1 and the other 32-N bits set to 0. */ |
1455 | #define NXM_OF_IP_SRC NXM_HEADER (0x0000, 7, 4) | |
1456 | #define NXM_OF_IP_SRC_W NXM_HEADER_W(0x0000, 7, 4) | |
1457 | #define NXM_OF_IP_DST NXM_HEADER (0x0000, 8, 4) | |
1458 | #define NXM_OF_IP_DST_W NXM_HEADER_W(0x0000, 8, 4) | |
1459 | ||
1460 | /* The source or destination port in the TCP header. | |
1461 | * | |
1462 | * Prereqs: | |
d31f1109 | 1463 | * NXM_OF_ETH_TYPE must be either 0x0800 or 0x86dd. |
09246b99 BP |
1464 | * NXM_OF_IP_PROTO must match 6 exactly. |
1465 | * | |
1466 | * Format: 16-bit integer in network byte order. | |
1467 | * | |
73f33563 BP |
1468 | * Masking: Fully maskable, in Open vSwitch 1.6 and later. Not maskable, in |
1469 | * earlier versions. */ | |
09246b99 | 1470 | #define NXM_OF_TCP_SRC NXM_HEADER (0x0000, 9, 2) |
73f33563 | 1471 | #define NXM_OF_TCP_SRC_W NXM_HEADER_W(0x0000, 9, 2) |
09246b99 | 1472 | #define NXM_OF_TCP_DST NXM_HEADER (0x0000, 10, 2) |
73f33563 | 1473 | #define NXM_OF_TCP_DST_W NXM_HEADER_W(0x0000, 10, 2) |
09246b99 BP |
1474 | |
1475 | /* The source or destination port in the UDP header. | |
1476 | * | |
1477 | * Prereqs: | |
d31f1109 | 1478 | * NXM_OF_ETH_TYPE must match either 0x0800 or 0x86dd. |
09246b99 BP |
1479 | * NXM_OF_IP_PROTO must match 17 exactly. |
1480 | * | |
1481 | * Format: 16-bit integer in network byte order. | |
1482 | * | |
73f33563 BP |
1483 | * Masking: Fully maskable, in Open vSwitch 1.6 and later. Not maskable, in |
1484 | * earlier versions. */ | |
09246b99 | 1485 | #define NXM_OF_UDP_SRC NXM_HEADER (0x0000, 11, 2) |
73f33563 | 1486 | #define NXM_OF_UDP_SRC_W NXM_HEADER_W(0x0000, 11, 2) |
09246b99 | 1487 | #define NXM_OF_UDP_DST NXM_HEADER (0x0000, 12, 2) |
73f33563 | 1488 | #define NXM_OF_UDP_DST_W NXM_HEADER_W(0x0000, 12, 2) |
09246b99 BP |
1489 | |
1490 | /* The type or code in the ICMP header. | |
1491 | * | |
1492 | * Prereqs: | |
1493 | * NXM_OF_ETH_TYPE must match 0x0800 exactly. | |
1494 | * NXM_OF_IP_PROTO must match 1 exactly. | |
1495 | * | |
1496 | * Format: 8-bit integer. | |
1497 | * | |
1498 | * Masking: Not maskable. */ | |
1499 | #define NXM_OF_ICMP_TYPE NXM_HEADER (0x0000, 13, 1) | |
1500 | #define NXM_OF_ICMP_CODE NXM_HEADER (0x0000, 14, 1) | |
1501 | ||
1502 | /* ARP opcode. | |
1503 | * | |
1504 | * For an Ethernet+IP ARP packet, the opcode in the ARP header. Always 0 | |
1505 | * otherwise. Only ARP opcodes between 1 and 255 should be specified for | |
1506 | * matching. | |
1507 | * | |
8087f5ff | 1508 | * Prereqs: NXM_OF_ETH_TYPE must match either 0x0806 or 0x8035. |
09246b99 BP |
1509 | * |
1510 | * Format: 16-bit integer in network byte order. | |
1511 | * | |
1512 | * Masking: Not maskable. */ | |
1513 | #define NXM_OF_ARP_OP NXM_HEADER (0x0000, 15, 2) | |
1514 | ||
1515 | /* For an Ethernet+IP ARP packet, the source or target protocol address | |
1516 | * in the ARP header. Always 0 otherwise. | |
1517 | * | |
8087f5ff | 1518 | * Prereqs: NXM_OF_ETH_TYPE must match either 0x0806 or 0x8035. |
09246b99 BP |
1519 | * |
1520 | * Format: 32-bit integer in network byte order. | |
1521 | * | |
c08201d6 BP |
1522 | * Masking: Fully maskable, in Open vSwitch 1.8 and later. In earlier |
1523 | * versions, only CIDR masks are allowed, that is, masks that consist of N | |
09246b99 BP |
1524 | * high-order bits set to 1 and the other 32-N bits set to 0. */ |
1525 | #define NXM_OF_ARP_SPA NXM_HEADER (0x0000, 16, 4) | |
1526 | #define NXM_OF_ARP_SPA_W NXM_HEADER_W(0x0000, 16, 4) | |
1527 | #define NXM_OF_ARP_TPA NXM_HEADER (0x0000, 17, 4) | |
1528 | #define NXM_OF_ARP_TPA_W NXM_HEADER_W(0x0000, 17, 4) | |
1529 | ||
1530 | /* ## ------------------------ ## */ | |
1531 | /* ## Nicira match extensions. ## */ | |
1532 | /* ## ------------------------ ## */ | |
1533 | ||
b6c9e612 BP |
1534 | /* Metadata registers. |
1535 | * | |
1536 | * Registers initially have value 0. Actions allow register values to be | |
1537 | * manipulated. | |
1538 | * | |
1539 | * Prereqs: None. | |
1540 | * | |
1541 | * Format: Array of 32-bit integer registers. Space is reserved for up to | |
1542 | * NXM_NX_MAX_REGS registers, but switches may implement fewer. | |
1543 | * | |
1544 | * Masking: Arbitrary masks. */ | |
1545 | #define NXM_NX_MAX_REGS 16 | |
1546 | #define NXM_NX_REG(IDX) NXM_HEADER (0x0001, IDX, 4) | |
1547 | #define NXM_NX_REG_W(IDX) NXM_HEADER_W(0x0001, IDX, 4) | |
1548 | #define NXM_NX_REG_IDX(HEADER) NXM_FIELD(HEADER) | |
19e7439c BP |
1549 | #define NXM_IS_NX_REG(HEADER) (!((((HEADER) ^ NXM_NX_REG0)) & 0xffffe1ff)) |
1550 | #define NXM_IS_NX_REG_W(HEADER) (!((((HEADER) ^ NXM_NX_REG0_W)) & 0xffffe1ff)) | |
b6c9e612 BP |
1551 | #define NXM_NX_REG0 NXM_HEADER (0x0001, 0, 4) |
1552 | #define NXM_NX_REG0_W NXM_HEADER_W(0x0001, 0, 4) | |
1553 | #define NXM_NX_REG1 NXM_HEADER (0x0001, 1, 4) | |
1554 | #define NXM_NX_REG1_W NXM_HEADER_W(0x0001, 1, 4) | |
1555 | #define NXM_NX_REG2 NXM_HEADER (0x0001, 2, 4) | |
1556 | #define NXM_NX_REG2_W NXM_HEADER_W(0x0001, 2, 4) | |
1557 | #define NXM_NX_REG3 NXM_HEADER (0x0001, 3, 4) | |
1558 | #define NXM_NX_REG3_W NXM_HEADER_W(0x0001, 3, 4) | |
d2c0fed9 JP |
1559 | #define NXM_NX_REG4 NXM_HEADER (0x0001, 4, 4) |
1560 | #define NXM_NX_REG4_W NXM_HEADER_W(0x0001, 4, 4) | |
e9358af6 EJ |
1561 | #define NXM_NX_REG5 NXM_HEADER (0x0001, 5, 4) |
1562 | #define NXM_NX_REG5_W NXM_HEADER_W(0x0001, 5, 4) | |
1563 | #define NXM_NX_REG6 NXM_HEADER (0x0001, 6, 4) | |
1564 | #define NXM_NX_REG6_W NXM_HEADER_W(0x0001, 6, 4) | |
1565 | #define NXM_NX_REG7 NXM_HEADER (0x0001, 7, 4) | |
1566 | #define NXM_NX_REG7_W NXM_HEADER_W(0x0001, 7, 4) | |
b6c9e612 | 1567 | |
09246b99 BP |
1568 | /* Tunnel ID. |
1569 | * | |
a6ae068b LJ |
1570 | * For a packet received via a GRE, VXLAN or LISP tunnel including a (32-bit) |
1571 | * key, the key is stored in the low 32-bits and the high bits are zeroed. For | |
1572 | * other packets, the value is 0. | |
79f827fa KM |
1573 | * |
1574 | * All zero bits, for packets not received via a keyed tunnel. | |
09246b99 BP |
1575 | * |
1576 | * Prereqs: None. | |
1577 | * | |
1578 | * Format: 64-bit integer in network byte order. | |
1579 | * | |
1580 | * Masking: Arbitrary masks. */ | |
1581 | #define NXM_NX_TUN_ID NXM_HEADER (0x0001, 16, 8) | |
1582 | #define NXM_NX_TUN_ID_W NXM_HEADER_W(0x0001, 16, 8) | |
1583 | ||
bad68a99 JP |
1584 | /* For an Ethernet+IP ARP packet, the source or target hardware address |
1585 | * in the ARP header. Always 0 otherwise. | |
1586 | * | |
8087f5ff | 1587 | * Prereqs: NXM_OF_ETH_TYPE must match either 0x0806 or 0x8035. |
bad68a99 JP |
1588 | * |
1589 | * Format: 48-bit Ethernet MAC address. | |
1590 | * | |
1591 | * Masking: Not maskable. */ | |
1592 | #define NXM_NX_ARP_SHA NXM_HEADER (0x0001, 17, 6) | |
1593 | #define NXM_NX_ARP_THA NXM_HEADER (0x0001, 18, 6) | |
1594 | ||
d31f1109 JP |
1595 | /* The source or destination address in the IPv6 header. |
1596 | * | |
1597 | * Prereqs: NXM_OF_ETH_TYPE must match 0x86dd exactly. | |
1598 | * | |
1599 | * Format: 128-bit IPv6 address. | |
1600 | * | |
ff0b06ee BP |
1601 | * Masking: Fully maskable, in Open vSwitch 1.8 and later. In previous |
1602 | * versions, only CIDR masks are allowed, that is, masks that consist of N | |
d31f1109 JP |
1603 | * high-order bits set to 1 and the other 128-N bits set to 0. */ |
1604 | #define NXM_NX_IPV6_SRC NXM_HEADER (0x0001, 19, 16) | |
1605 | #define NXM_NX_IPV6_SRC_W NXM_HEADER_W(0x0001, 19, 16) | |
1606 | #define NXM_NX_IPV6_DST NXM_HEADER (0x0001, 20, 16) | |
1607 | #define NXM_NX_IPV6_DST_W NXM_HEADER_W(0x0001, 20, 16) | |
1608 | ||
1609 | /* The type or code in the ICMPv6 header. | |
1610 | * | |
1611 | * Prereqs: | |
1612 | * NXM_OF_ETH_TYPE must match 0x86dd exactly. | |
1613 | * NXM_OF_IP_PROTO must match 58 exactly. | |
1614 | * | |
1615 | * Format: 8-bit integer. | |
1616 | * | |
1617 | * Masking: Not maskable. */ | |
1618 | #define NXM_NX_ICMPV6_TYPE NXM_HEADER (0x0001, 21, 1) | |
1619 | #define NXM_NX_ICMPV6_CODE NXM_HEADER (0x0001, 22, 1) | |
1620 | ||
685a51a5 JP |
1621 | /* The target address in an IPv6 Neighbor Discovery message. |
1622 | * | |
1623 | * Prereqs: | |
1624 | * NXM_OF_ETH_TYPE must match 0x86dd exactly. | |
1625 | * NXM_OF_IP_PROTO must match 58 exactly. | |
1626 | * NXM_OF_ICMPV6_TYPE must be either 135 or 136. | |
1627 | * | |
1628 | * Format: 128-bit IPv6 address. | |
1629 | * | |
ff0b06ee BP |
1630 | * Masking: Fully maskable, in Open vSwitch 1.8 and later. In previous |
1631 | * versions, only CIDR masks are allowed, that is, masks that consist of N | |
47284b1f AA |
1632 | * high-order bits set to 1 and the other 128-N bits set to 0. */ |
1633 | #define NXM_NX_ND_TARGET NXM_HEADER (0x0001, 23, 16) | |
1634 | #define NXM_NX_ND_TARGET_W NXM_HEADER_W (0x0001, 23, 16) | |
685a51a5 JP |
1635 | |
1636 | /* The source link-layer address option in an IPv6 Neighbor Discovery | |
1637 | * message. | |
1638 | * | |
1639 | * Prereqs: | |
1640 | * NXM_OF_ETH_TYPE must match 0x86dd exactly. | |
1641 | * NXM_OF_IP_PROTO must match 58 exactly. | |
1642 | * NXM_OF_ICMPV6_TYPE must be exactly 135. | |
1643 | * | |
1644 | * Format: 48-bit Ethernet MAC address. | |
1645 | * | |
1646 | * Masking: Not maskable. */ | |
1647 | #define NXM_NX_ND_SLL NXM_HEADER (0x0001, 24, 6) | |
1648 | ||
1649 | /* The target link-layer address option in an IPv6 Neighbor Discovery | |
1650 | * message. | |
1651 | * | |
1652 | * Prereqs: | |
1653 | * NXM_OF_ETH_TYPE must match 0x86dd exactly. | |
1654 | * NXM_OF_IP_PROTO must match 58 exactly. | |
1655 | * NXM_OF_ICMPV6_TYPE must be exactly 136. | |
1656 | * | |
1657 | * Format: 48-bit Ethernet MAC address. | |
1658 | * | |
1659 | * Masking: Not maskable. */ | |
1660 | #define NXM_NX_ND_TLL NXM_HEADER (0x0001, 25, 6) | |
1661 | ||
7257b535 BP |
1662 | /* IP fragment information. |
1663 | * | |
1664 | * Prereqs: | |
1665 | * NXM_OF_ETH_TYPE must be either 0x0800 or 0x86dd. | |
1666 | * | |
1667 | * Format: 8-bit value with one of the values 0, 1, or 3, as described below. | |
1668 | * | |
1669 | * Masking: Fully maskable. | |
1670 | * | |
1671 | * This field has three possible values: | |
1672 | * | |
1673 | * - A packet that is not an IP fragment has value 0. | |
1674 | * | |
1675 | * - A packet that is an IP fragment with offset 0 (the first fragment) has | |
1676 | * bit 0 set and thus value 1. | |
1677 | * | |
1678 | * - A packet that is an IP fragment with nonzero offset has bits 0 and 1 set | |
1679 | * and thus value 3. | |
1680 | * | |
1681 | * NX_IP_FRAG_ANY and NX_IP_FRAG_LATER are declared to symbolically represent | |
1682 | * the meanings of bits 0 and 1. | |
1683 | * | |
1684 | * The switch may reject matches against values that can never appear. | |
1685 | * | |
1686 | * It is important to understand how this field interacts with the OpenFlow IP | |
1687 | * fragment handling mode: | |
1688 | * | |
1689 | * - In OFPC_FRAG_DROP mode, the OpenFlow switch drops all IP fragments | |
1690 | * before they reach the flow table, so every packet that is available for | |
1691 | * matching will have value 0 in this field. | |
1692 | * | |
1693 | * - Open vSwitch does not implement OFPC_FRAG_REASM mode, but if it did then | |
1694 | * IP fragments would be reassembled before they reached the flow table and | |
1695 | * again every packet available for matching would always have value 0. | |
1696 | * | |
1697 | * - In OFPC_FRAG_NORMAL mode, all three values are possible, but OpenFlow | |
1698 | * 1.0 says that fragments' transport ports are always 0, even for the | |
1699 | * first fragment, so this does not provide much extra information. | |
1700 | * | |
1701 | * - In OFPC_FRAG_NX_MATCH mode, all three values are possible. For | |
1702 | * fragments with offset 0, Open vSwitch makes L4 header information | |
1703 | * available. | |
1704 | */ | |
1705 | #define NXM_NX_IP_FRAG NXM_HEADER (0x0001, 26, 1) | |
1706 | #define NXM_NX_IP_FRAG_W NXM_HEADER_W(0x0001, 26, 1) | |
1707 | ||
1708 | /* Bits in the value of NXM_NX_IP_FRAG. */ | |
1709 | #define NX_IP_FRAG_ANY (1 << 0) /* Is this a fragment? */ | |
1710 | #define NX_IP_FRAG_LATER (1 << 1) /* Is this a fragment with nonzero offset? */ | |
d31f1109 | 1711 | |
fa8223b7 JP |
1712 | /* The flow label in the IPv6 header. |
1713 | * | |
1714 | * Prereqs: NXM_OF_ETH_TYPE must match 0x86dd exactly. | |
1715 | * | |
1716 | * Format: 20-bit IPv6 flow label in least-significant bits. | |
1717 | * | |
1718 | * Masking: Not maskable. */ | |
1719 | #define NXM_NX_IPV6_LABEL NXM_HEADER (0x0001, 27, 4) | |
1720 | ||
530180fd JP |
1721 | /* The ECN of the IP header. |
1722 | * | |
1723 | * Prereqs: NXM_OF_ETH_TYPE must be either 0x0800 or 0x86dd. | |
1724 | * | |
1725 | * Format: ECN in the low-order 2 bits. | |
1726 | * | |
1727 | * Masking: Not maskable. */ | |
1728 | #define NXM_NX_IP_ECN NXM_HEADER (0x0001, 28, 1) | |
1729 | ||
a61680c6 JP |
1730 | /* The time-to-live/hop limit of the IP header. |
1731 | * | |
1732 | * Prereqs: NXM_OF_ETH_TYPE must be either 0x0800 or 0x86dd. | |
1733 | * | |
1734 | * Format: 8-bit integer. | |
1735 | * | |
1736 | * Masking: Not maskable. */ | |
1737 | #define NXM_NX_IP_TTL NXM_HEADER (0x0001, 29, 1) | |
1738 | ||
e729e793 JP |
1739 | /* Flow cookie. |
1740 | * | |
1741 | * This may be used to gain the OpenFlow 1.1-like ability to restrict | |
1742 | * certain NXM-based Flow Mod and Flow Stats Request messages to flows | |
1743 | * with specific cookies. See the "nx_flow_mod" and "nx_flow_stats_request" | |
1744 | * structure definitions for more details. This match is otherwise not | |
1745 | * allowed. | |
1746 | * | |
1747 | * Prereqs: None. | |
1748 | * | |
1749 | * Format: 64-bit integer in network byte order. | |
1750 | * | |
1751 | * Masking: Arbitrary masks. */ | |
1752 | #define NXM_NX_COOKIE NXM_HEADER (0x0001, 30, 8) | |
1753 | #define NXM_NX_COOKIE_W NXM_HEADER_W(0x0001, 30, 8) | |
1754 | ||
0ad90c84 JR |
1755 | /* The source or destination address in the outer IP header of a tunneled |
1756 | * packet. | |
1757 | * | |
1758 | * For non-tunneled packets, the value is 0. | |
1759 | * | |
1760 | * Prereqs: None. | |
1761 | * | |
1762 | * Format: 32-bit integer in network byte order. | |
1763 | * | |
1764 | * Masking: Fully maskable. */ | |
1765 | #define NXM_NX_TUN_IPV4_SRC NXM_HEADER (0x0001, 31, 4) | |
1766 | #define NXM_NX_TUN_IPV4_SRC_W NXM_HEADER_W(0x0001, 31, 4) | |
1767 | #define NXM_NX_TUN_IPV4_DST NXM_HEADER (0x0001, 32, 4) | |
1768 | #define NXM_NX_TUN_IPV4_DST_W NXM_HEADER_W(0x0001, 32, 4) | |
1769 | ||
09246b99 BP |
1770 | /* ## --------------------- ## */ |
1771 | /* ## Requests and replies. ## */ | |
1772 | /* ## --------------------- ## */ | |
1773 | ||
492f7572 | 1774 | enum nx_flow_format { |
09246b99 | 1775 | NXFF_OPENFLOW10 = 0, /* Standard OpenFlow 1.0 compatible. */ |
310f3699 | 1776 | NXFF_NXM = 2 /* Nicira extended match. */ |
09246b99 BP |
1777 | }; |
1778 | ||
1779 | /* NXT_SET_FLOW_FORMAT request. */ | |
73dbf4ab | 1780 | struct nx_set_flow_format { |
09246b99 BP |
1781 | ovs_be32 format; /* One of NXFF_*. */ |
1782 | }; | |
982697a4 | 1783 | OFP_ASSERT(sizeof(struct nx_set_flow_format) == 4); |
09246b99 | 1784 | |
e729e793 JP |
1785 | /* NXT_FLOW_MOD (analogous to OFPT_FLOW_MOD). |
1786 | * | |
1787 | * It is possible to limit flow deletions and modifications to certain | |
623e1caf JP |
1788 | * cookies by using the NXM_NX_COOKIE(_W) matches. The "cookie" field |
1789 | * is used only to add or modify flow cookies. | |
e729e793 | 1790 | */ |
09246b99 | 1791 | struct nx_flow_mod { |
09246b99 | 1792 | ovs_be64 cookie; /* Opaque controller-issued identifier. */ |
63f7ef64 BP |
1793 | ovs_be16 command; /* OFPFC_* + possibly a table ID (see comment |
1794 | * on struct nx_flow_mod_table_id). */ | |
09246b99 BP |
1795 | ovs_be16 idle_timeout; /* Idle time before discarding (seconds). */ |
1796 | ovs_be16 hard_timeout; /* Max time before discarding (seconds). */ | |
1797 | ovs_be16 priority; /* Priority level of flow entry. */ | |
1798 | ovs_be32 buffer_id; /* Buffered packet to apply to (or -1). | |
1799 | Not meaningful for OFPFC_DELETE*. */ | |
1800 | ovs_be16 out_port; /* For OFPFC_DELETE* commands, require | |
1801 | matching entries to include this as an | |
1802 | output port. A value of OFPP_NONE | |
1803 | indicates no restriction. */ | |
1804 | ovs_be16 flags; /* One of OFPFF_*. */ | |
1805 | ovs_be16 match_len; /* Size of nx_match. */ | |
1806 | uint8_t pad[6]; /* Align to 64-bits. */ | |
1807 | /* Followed by: | |
1808 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
1809 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
1810 | * all-zero bytes, then | |
1811 | * - Actions to fill out the remainder of the message length (always a | |
1812 | * multiple of 8). | |
1813 | */ | |
1814 | }; | |
982697a4 | 1815 | OFP_ASSERT(sizeof(struct nx_flow_mod) == 32); |
09246b99 | 1816 | |
745bfd5e BP |
1817 | /* NXT_FLOW_REMOVED (analogous to OFPT_FLOW_REMOVED). |
1818 | * | |
1819 | * 'table_id' is present only in Open vSwitch 1.11 and later. In earlier | |
1820 | * versions of Open vSwitch, this is a padding byte that is always zeroed. | |
1821 | * Therefore, a 'table_id' value of 0 indicates that the table ID is not known, | |
1822 | * and other values may be interpreted as one more than the flow's former table | |
1823 | * ID. */ | |
09246b99 | 1824 | struct nx_flow_removed { |
09246b99 BP |
1825 | ovs_be64 cookie; /* Opaque controller-issued identifier. */ |
1826 | ovs_be16 priority; /* Priority level of flow entry. */ | |
1827 | uint8_t reason; /* One of OFPRR_*. */ | |
745bfd5e | 1828 | uint8_t table_id; /* Flow's former table ID, plus one. */ |
09246b99 BP |
1829 | ovs_be32 duration_sec; /* Time flow was alive in seconds. */ |
1830 | ovs_be32 duration_nsec; /* Time flow was alive in nanoseconds beyond | |
1831 | duration_sec. */ | |
1832 | ovs_be16 idle_timeout; /* Idle timeout from original flow mod. */ | |
1833 | ovs_be16 match_len; /* Size of nx_match. */ | |
1834 | ovs_be64 packet_count; | |
1835 | ovs_be64 byte_count; | |
1836 | /* Followed by: | |
1837 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
1838 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
1839 | * all-zero bytes. */ | |
1840 | }; | |
982697a4 | 1841 | OFP_ASSERT(sizeof(struct nx_flow_removed) == 40); |
09246b99 BP |
1842 | |
1843 | /* Nicira vendor stats request of type NXST_FLOW (analogous to OFPST_FLOW | |
e729e793 JP |
1844 | * request). |
1845 | * | |
1846 | * It is possible to limit matches to certain cookies by using the | |
1847 | * NXM_NX_COOKIE and NXM_NX_COOKIE_W matches. | |
1848 | */ | |
09246b99 | 1849 | struct nx_flow_stats_request { |
09246b99 BP |
1850 | ovs_be16 out_port; /* Require matching entries to include this |
1851 | as an output port. A value of OFPP_NONE | |
1852 | indicates no restriction. */ | |
1853 | ovs_be16 match_len; /* Length of nx_match. */ | |
1854 | uint8_t table_id; /* ID of table to read (from ofp_table_stats) | |
1855 | or 0xff for all tables. */ | |
1856 | uint8_t pad[3]; /* Align to 64 bits. */ | |
1857 | /* Followed by: | |
1858 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
1859 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
1860 | * all-zero bytes, which must also exactly fill out the length of the | |
1861 | * message. | |
1862 | */ | |
1863 | }; | |
982697a4 | 1864 | OFP_ASSERT(sizeof(struct nx_flow_stats_request) == 8); |
09246b99 BP |
1865 | |
1866 | /* Body for Nicira vendor stats reply of type NXST_FLOW (analogous to | |
f27f2134 BP |
1867 | * OFPST_FLOW reply). |
1868 | * | |
1869 | * The values of 'idle_age' and 'hard_age' are only meaningful when talking to | |
1870 | * a switch that implements the NXT_FLOW_AGE extension. Zero means that the | |
1871 | * true value is unknown, perhaps because hardware does not track the value. | |
1872 | * (Zero is also the value that one should ordinarily expect to see talking to | |
1873 | * a switch that does not implement NXT_FLOW_AGE, since those switches zero the | |
1874 | * padding bytes that these fields replaced.) A nonzero value X represents X-1 | |
1875 | * seconds. A value of 65535 represents 65534 or more seconds. | |
1876 | * | |
1877 | * 'idle_age' is the number of seconds that the flow has been idle, that is, | |
1878 | * the number of seconds since a packet passed through the flow. 'hard_age' is | |
1879 | * the number of seconds since the flow was last modified (e.g. OFPFC_MODIFY or | |
1880 | * OFPFC_MODIFY_STRICT). (The 'duration_*' fields are the elapsed time since | |
1881 | * the flow was added, regardless of subsequent modifications.) | |
1882 | * | |
1883 | * For a flow with an idle or hard timeout, 'idle_age' or 'hard_age', | |
1884 | * respectively, will ordinarily be smaller than the timeout, but flow | |
1885 | * expiration times are only approximate and so one must be prepared to | |
1886 | * tolerate expirations that occur somewhat early or late. | |
1887 | */ | |
09246b99 BP |
1888 | struct nx_flow_stats { |
1889 | ovs_be16 length; /* Length of this entry. */ | |
1890 | uint8_t table_id; /* ID of table flow came from. */ | |
1891 | uint8_t pad; | |
1892 | ovs_be32 duration_sec; /* Time flow has been alive in seconds. */ | |
1893 | ovs_be32 duration_nsec; /* Time flow has been alive in nanoseconds | |
1894 | beyond duration_sec. */ | |
cc75d2c7 | 1895 | ovs_be16 priority; /* Priority of the entry. */ |
09246b99 BP |
1896 | ovs_be16 idle_timeout; /* Number of seconds idle before expiration. */ |
1897 | ovs_be16 hard_timeout; /* Number of seconds before expiration. */ | |
1898 | ovs_be16 match_len; /* Length of nx_match. */ | |
f27f2134 BP |
1899 | ovs_be16 idle_age; /* Seconds since last packet, plus one. */ |
1900 | ovs_be16 hard_age; /* Seconds since last modification, plus one. */ | |
09246b99 | 1901 | ovs_be64 cookie; /* Opaque controller-issued identifier. */ |
5e9d0469 BP |
1902 | ovs_be64 packet_count; /* Number of packets, UINT64_MAX if unknown. */ |
1903 | ovs_be64 byte_count; /* Number of bytes, UINT64_MAX if unknown. */ | |
09246b99 BP |
1904 | /* Followed by: |
1905 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
1906 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
1907 | * all-zero bytes, then | |
1908 | * - Actions to fill out the remainder 'length' bytes (always a multiple | |
1909 | * of 8). | |
1910 | */ | |
1911 | }; | |
1912 | OFP_ASSERT(sizeof(struct nx_flow_stats) == 48); | |
1913 | ||
1914 | /* Nicira vendor stats request of type NXST_AGGREGATE (analogous to | |
a814ba0f BP |
1915 | * OFPST_AGGREGATE request). |
1916 | * | |
1917 | * The reply format is identical to the reply format for OFPST_AGGREGATE, | |
1918 | * except for the header. */ | |
09246b99 | 1919 | struct nx_aggregate_stats_request { |
09246b99 BP |
1920 | ovs_be16 out_port; /* Require matching entries to include this |
1921 | as an output port. A value of OFPP_NONE | |
1922 | indicates no restriction. */ | |
1923 | ovs_be16 match_len; /* Length of nx_match. */ | |
1924 | uint8_t table_id; /* ID of table to read (from ofp_table_stats) | |
1925 | or 0xff for all tables. */ | |
1926 | uint8_t pad[3]; /* Align to 64 bits. */ | |
1927 | /* Followed by: | |
1928 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
1929 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
1930 | * all-zero bytes, which must also exactly fill out the length of the | |
1931 | * message. | |
1932 | */ | |
1933 | }; | |
982697a4 | 1934 | OFP_ASSERT(sizeof(struct nx_aggregate_stats_request) == 8); |
a7349929 BP |
1935 | \f |
1936 | /* NXT_SET_CONTROLLER_ID. | |
1937 | * | |
1938 | * Each OpenFlow controller connection has a 16-bit identifier that is | |
1939 | * initially 0. This message changes the connection's ID to 'id'. | |
1940 | * | |
1941 | * Controller connection IDs need not be unique. | |
1942 | * | |
1943 | * The NXAST_CONTROLLER action is the only current user of controller | |
1944 | * connection IDs. */ | |
1945 | struct nx_controller_id { | |
a7349929 BP |
1946 | uint8_t zero[6]; /* Must be zero. */ |
1947 | ovs_be16 controller_id; /* New controller connection ID. */ | |
1948 | }; | |
982697a4 | 1949 | OFP_ASSERT(sizeof(struct nx_controller_id) == 8); |
a7349929 BP |
1950 | |
1951 | /* Action structure for NXAST_CONTROLLER. | |
1952 | * | |
1953 | * This generalizes using OFPAT_OUTPUT to send a packet to OFPP_CONTROLLER. In | |
1954 | * addition to the 'max_len' that OFPAT_OUTPUT supports, it also allows | |
1955 | * specifying: | |
1956 | * | |
1957 | * - 'reason': The reason code to use in the ofp_packet_in or nx_packet_in. | |
1958 | * | |
1959 | * - 'controller_id': The ID of the controller connection to which the | |
1960 | * ofp_packet_in should be sent. The ofp_packet_in or nx_packet_in is | |
1961 | * sent only to controllers that have the specified controller connection | |
1962 | * ID. See "struct nx_controller_id" for more information. */ | |
1963 | struct nx_action_controller { | |
1964 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
1965 | ovs_be16 len; /* Length is 16. */ | |
1966 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
1967 | ovs_be16 subtype; /* NXAST_CONTROLLER. */ | |
1968 | ovs_be16 max_len; /* Maximum length to send to controller. */ | |
1969 | ovs_be16 controller_id; /* Controller ID to send packet-in. */ | |
1970 | uint8_t reason; /* enum ofp_packet_in_reason (OFPR_*). */ | |
1971 | uint8_t zero; /* Must be zero. */ | |
1972 | }; | |
1973 | OFP_ASSERT(sizeof(struct nx_action_controller) == 16); | |
2b07c8b1 BP |
1974 | \f |
1975 | /* Flow Table Monitoring | |
1976 | * ===================== | |
1977 | * | |
1978 | * NXST_FLOW_MONITOR allows a controller to keep track of changes to OpenFlow | |
1979 | * flow table(s) or subsets of them, with the following workflow: | |
1980 | * | |
1981 | * 1. The controller sends an NXST_FLOW_MONITOR request to begin monitoring | |
1982 | * flows. The 'id' in the request must be unique among all monitors that | |
1983 | * the controller has started and not yet canceled on this OpenFlow | |
1984 | * connection. | |
1985 | * | |
1986 | * 2. The switch responds with an NXST_FLOW_MONITOR reply. If the request's | |
1987 | * 'flags' included NXFMF_INITIAL, the reply includes all the flows that | |
1988 | * matched the request at the time of the request (with event NXFME_ADDED). | |
1989 | * If 'flags' did not include NXFMF_INITIAL, the reply is empty. | |
1990 | * | |
1991 | * The reply uses the xid of the request (as do all replies to OpenFlow | |
1992 | * requests). | |
1993 | * | |
1994 | * 3. Whenever a change to a flow table entry matches some outstanding monitor | |
1995 | * request's criteria and flags, the switch sends a notification to the | |
1996 | * controller as an additional NXST_FLOW_MONITOR reply with xid 0. | |
1997 | * | |
1998 | * When multiple outstanding monitors match a single change, only a single | |
1999 | * notification is sent. This merged notification includes the information | |
2000 | * requested in any of the individual monitors. That is, if any of the | |
2001 | * matching monitors requests actions (NXFMF_ACTIONS), the notification | |
2002 | * includes actions, and if any of the monitors request full changes for the | |
2003 | * controller's own changes (NXFMF_OWN), the controller's own changes will | |
2004 | * be included in full. | |
2005 | * | |
2006 | * 4. The controller may cancel a monitor with NXT_FLOW_MONITOR_CANCEL. No | |
2007 | * further notifications will be sent on the basis of the canceled monitor | |
2008 | * afterward. | |
2009 | * | |
2010 | * | |
2011 | * Buffer Management | |
2012 | * ================= | |
2013 | * | |
2014 | * OpenFlow messages for flow monitor notifications can overflow the buffer | |
2015 | * space available to the switch, either temporarily (e.g. due to network | |
2016 | * conditions slowing OpenFlow traffic) or more permanently (e.g. the sustained | |
2017 | * rate of flow table change exceeds the network bandwidth between switch and | |
2018 | * controller). | |
2019 | * | |
2020 | * When Open vSwitch's notification buffer space reaches a limiting threshold, | |
2021 | * OVS reacts as follows: | |
2022 | * | |
2023 | * 1. OVS sends an NXT_FLOW_MONITOR_PAUSED message to the controller, following | |
2024 | * all the already queued notifications. After it receives this message, | |
2025 | * the controller knows that its view of the flow table, as represented by | |
2026 | * flow monitor notifications, is incomplete. | |
2027 | * | |
2028 | * 2. As long as the notification buffer is not empty: | |
2029 | * | |
2030 | * - NXMFE_ADD and NXFME_MODIFIED notifications will not be sent. | |
2031 | * | |
2032 | * - NXFME_DELETED notifications will still be sent, but only for flows | |
2033 | * that existed before OVS sent NXT_FLOW_MONITOR_PAUSED. | |
2034 | * | |
2035 | * - NXFME_ABBREV notifications will not be sent. They are treated as | |
2036 | * the expanded version (and therefore only the NXFME_DELETED | |
2037 | * components, if any, are sent). | |
2038 | * | |
2039 | * 3. When the notification buffer empties, OVS sends NXFME_ADD notifications | |
2040 | * for flows added since the buffer reached its limit and NXFME_MODIFIED | |
2041 | * notifications for flows that existed before the limit was reached and | |
2042 | * changed after the limit was reached. | |
2043 | * | |
2044 | * 4. OVS sends an NXT_FLOW_MONITOR_RESUMED message to the controller. After | |
2045 | * it receives this message, the controller knows that its view of the flow | |
2046 | * table, as represented by flow monitor notifications, is again complete. | |
2047 | * | |
2048 | * This allows the maximum buffer space requirement for notifications to be | |
2049 | * bounded by the limit plus the maximum number of supported flows. | |
2050 | * | |
2051 | * | |
2052 | * "Flow Removed" messages | |
2053 | * ======================= | |
2054 | * | |
2055 | * The flow monitor mechanism is independent of OFPT_FLOW_REMOVED and | |
2056 | * NXT_FLOW_REMOVED. Flow monitor updates for deletion are sent if | |
2057 | * NXFMF_DELETE is set on a monitor, regardless of whether the | |
2058 | * OFPFF_SEND_FLOW_REM flag was set when the flow was added. */ | |
2059 | ||
2060 | /* NXST_FLOW_MONITOR request. | |
2061 | * | |
2062 | * The NXST_FLOW_MONITOR request's body consists of an array of zero or more | |
2063 | * instances of this structure. The request arranges to monitor the flows | |
2064 | * that match the specified criteria, which are interpreted in the same way as | |
2065 | * for NXST_FLOW. | |
2066 | * | |
2067 | * 'id' identifies a particular monitor for the purpose of allowing it to be | |
2068 | * canceled later with NXT_FLOW_MONITOR_CANCEL. 'id' must be unique among | |
2069 | * existing monitors that have not already been canceled. | |
2070 | * | |
2071 | * The reply includes the initial flow matches for monitors that have the | |
2072 | * NXFMF_INITIAL flag set. No single flow will be included in the reply more | |
2073 | * than once, even if more than one requested monitor matches that flow. The | |
2074 | * reply will be empty if none of the monitors has NXFMF_INITIAL set or if none | |
2075 | * of the monitors initially matches any flows. | |
2076 | * | |
2077 | * For NXFMF_ADD, an event will be reported if 'out_port' matches against the | |
2078 | * actions of the flow being added or, for a flow that is replacing an existing | |
2079 | * flow, if 'out_port' matches against the actions of the flow being replaced. | |
2080 | * For NXFMF_DELETE, 'out_port' matches against the actions of a flow being | |
2081 | * deleted. For NXFMF_MODIFY, an event will be reported if 'out_port' matches | |
2082 | * either the old or the new actions. */ | |
2083 | struct nx_flow_monitor_request { | |
2084 | ovs_be32 id; /* Controller-assigned ID for this monitor. */ | |
2085 | ovs_be16 flags; /* NXFMF_*. */ | |
2086 | ovs_be16 out_port; /* Required output port, if not OFPP_NONE. */ | |
2087 | ovs_be16 match_len; /* Length of nx_match. */ | |
2088 | uint8_t table_id; /* One table's ID or 0xff for all tables. */ | |
2089 | uint8_t zeros[5]; /* Align to 64 bits (must be zero). */ | |
2090 | /* Followed by: | |
2091 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
2092 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
2093 | * all-zero bytes. */ | |
2094 | }; | |
2095 | OFP_ASSERT(sizeof(struct nx_flow_monitor_request) == 16); | |
2096 | ||
2097 | /* 'flags' bits in struct nx_flow_monitor_request. */ | |
2098 | enum nx_flow_monitor_flags { | |
2099 | /* When to send updates. */ | |
2100 | NXFMF_INITIAL = 1 << 0, /* Initially matching flows. */ | |
2101 | NXFMF_ADD = 1 << 1, /* New matching flows as they are added. */ | |
2102 | NXFMF_DELETE = 1 << 2, /* Old matching flows as they are removed. */ | |
2103 | NXFMF_MODIFY = 1 << 3, /* Matching flows as they are changed. */ | |
2104 | ||
2105 | /* What to include in updates. */ | |
2106 | NXFMF_ACTIONS = 1 << 4, /* If set, actions are included. */ | |
2107 | NXFMF_OWN = 1 << 5, /* If set, include own changes in full. */ | |
2108 | }; | |
2109 | ||
2110 | /* NXST_FLOW_MONITOR reply header. | |
2111 | * | |
2112 | * The body of an NXST_FLOW_MONITOR reply is an array of variable-length | |
2113 | * structures, each of which begins with this header. The 'length' member may | |
2114 | * be used to traverse the array, and the 'event' member may be used to | |
2115 | * determine the particular structure. | |
2116 | * | |
2117 | * Every instance is a multiple of 8 bytes long. */ | |
2118 | struct nx_flow_update_header { | |
2119 | ovs_be16 length; /* Length of this entry. */ | |
2120 | ovs_be16 event; /* One of NXFME_*. */ | |
2121 | /* ...other data depending on 'event'... */ | |
2122 | }; | |
2123 | OFP_ASSERT(sizeof(struct nx_flow_update_header) == 4); | |
2124 | ||
2125 | /* 'event' values in struct nx_flow_update_header. */ | |
2126 | enum nx_flow_update_event { | |
2127 | /* struct nx_flow_update_full. */ | |
2128 | NXFME_ADDED = 0, /* Flow was added. */ | |
2129 | NXFME_DELETED = 1, /* Flow was deleted. */ | |
2130 | NXFME_MODIFIED = 2, /* Flow (generally its actions) was changed. */ | |
2131 | ||
2132 | /* struct nx_flow_update_abbrev. */ | |
2133 | NXFME_ABBREV = 3, /* Abbreviated reply. */ | |
2134 | }; | |
2135 | ||
2136 | /* NXST_FLOW_MONITOR reply for NXFME_ADDED, NXFME_DELETED, and | |
2137 | * NXFME_MODIFIED. */ | |
2138 | struct nx_flow_update_full { | |
2139 | ovs_be16 length; /* Length is 24. */ | |
2140 | ovs_be16 event; /* One of NXFME_*. */ | |
2141 | ovs_be16 reason; /* OFPRR_* for NXFME_DELETED, else zero. */ | |
2142 | ovs_be16 priority; /* Priority of the entry. */ | |
2143 | ovs_be16 idle_timeout; /* Number of seconds idle before expiration. */ | |
2144 | ovs_be16 hard_timeout; /* Number of seconds before expiration. */ | |
2145 | ovs_be16 match_len; /* Length of nx_match. */ | |
2146 | uint8_t table_id; /* ID of flow's table. */ | |
2147 | uint8_t pad; /* Reserved, currently zeroed. */ | |
2148 | ovs_be64 cookie; /* Opaque controller-issued identifier. */ | |
2149 | /* Followed by: | |
2150 | * - Exactly match_len (possibly 0) bytes containing the nx_match, then | |
2151 | * - Exactly (match_len + 7)/8*8 - match_len (between 0 and 7) bytes of | |
2152 | * all-zero bytes, then | |
2153 | * - Actions to fill out the remainder 'length' bytes (always a multiple | |
2154 | * of 8). If NXFMF_ACTIONS was not specified, or 'event' is | |
2155 | * NXFME_DELETED, no actions are included. | |
2156 | */ | |
2157 | }; | |
2158 | OFP_ASSERT(sizeof(struct nx_flow_update_full) == 24); | |
2159 | ||
2160 | /* NXST_FLOW_MONITOR reply for NXFME_ABBREV. | |
2161 | * | |
2162 | * When the controller does not specify NXFMF_OWN in a monitor request, any | |
2163 | * flow tables changes due to the controller's own requests (on the same | |
2164 | * OpenFlow channel) will be abbreviated, when possible, to this form, which | |
2165 | * simply specifies the 'xid' of the OpenFlow request (e.g. an OFPT_FLOW_MOD or | |
2166 | * NXT_FLOW_MOD) that caused the change. | |
2167 | * | |
2168 | * Some changes cannot be abbreviated and will be sent in full: | |
2169 | * | |
2170 | * - Changes that only partially succeed. This can happen if, for example, | |
2171 | * a flow_mod with type OFPFC_MODIFY affects multiple flows, but only some | |
2172 | * of those modifications succeed (e.g. due to hardware limitations). | |
2173 | * | |
2174 | * This cannot occur with the current implementation of the Open vSwitch | |
2175 | * software datapath. It could happen with other datapath implementations. | |
2176 | * | |
2177 | * - Changes that race with conflicting changes made by other controllers or | |
2178 | * other flow_mods (not separated by barriers) by the same controller. | |
2179 | * | |
2180 | * This cannot occur with the current Open vSwitch implementation | |
2181 | * (regardless of datapath) because Open vSwitch internally serializes | |
2182 | * potentially conflicting changes. | |
2183 | * | |
2184 | * A flow_mod that does not change the flow table will not trigger any | |
2185 | * notification, even an abbreviated one. For example, a "modify" or "delete" | |
2186 | * flow_mod that does not match any flows will not trigger a notification. | |
2187 | * Whether an "add" or "modify" that specifies all the same parameters that a | |
2188 | * flow already has triggers a notification is unspecified and subject to | |
2189 | * change in future versions of Open vSwitch. | |
2190 | * | |
2191 | * OVS will always send the notifications for a given flow table change before | |
b10a4760 BP |
2192 | * the reply to a OFPT_BARRIER_REQUEST request that follows the flow table |
2193 | * change. Thus, if the controller does not receive an abbreviated (or | |
2194 | * unabbreviated) notification for a flow_mod before the next | |
2195 | * OFPT_BARRIER_REPLY, it will never receive one. */ | |
2b07c8b1 BP |
2196 | struct nx_flow_update_abbrev { |
2197 | ovs_be16 length; /* Length is 8. */ | |
2198 | ovs_be16 event; /* NXFME_ABBREV. */ | |
2199 | ovs_be32 xid; /* Controller-specified xid from flow_mod. */ | |
2200 | }; | |
2201 | OFP_ASSERT(sizeof(struct nx_flow_update_abbrev) == 8); | |
2202 | ||
982697a4 BP |
2203 | /* NXT_FLOW_MONITOR_CANCEL. |
2204 | * | |
2205 | * Used by a controller to cancel an outstanding monitor. */ | |
2b07c8b1 | 2206 | struct nx_flow_monitor_cancel { |
2b07c8b1 BP |
2207 | ovs_be32 id; /* 'id' from nx_flow_monitor_request. */ |
2208 | }; | |
982697a4 | 2209 | OFP_ASSERT(sizeof(struct nx_flow_monitor_cancel) == 4); |
659586ef | 2210 | |
4cceacb9 JS |
2211 | /* Action structure for NXAST_WRITE_METADATA. |
2212 | * | |
2213 | * Modifies the 'mask' bits of the metadata value. */ | |
2214 | struct nx_action_write_metadata { | |
2215 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
2216 | ovs_be16 len; /* Length is 32. */ | |
2217 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
2218 | ovs_be16 subtype; /* NXAST_WRITE_METADATA. */ | |
2219 | uint8_t zeros[6]; /* Must be zero. */ | |
2220 | ovs_be64 metadata; /* Metadata register. */ | |
2221 | ovs_be64 mask; /* Metadata mask. */ | |
2222 | }; | |
2223 | OFP_ASSERT(sizeof(struct nx_action_write_metadata) == 32); | |
2224 | ||
b02475c5 SH |
2225 | /* Action structure for NXAST_PUSH_MPLS. */ |
2226 | struct nx_action_push_mpls { | |
2227 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
2228 | ovs_be16 len; /* Length is 8. */ | |
2229 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
2230 | ovs_be16 subtype; /* NXAST_PUSH_MPLS. */ | |
2231 | ovs_be16 ethertype; /* Ethertype */ | |
2232 | uint8_t pad[4]; | |
2233 | }; | |
2234 | OFP_ASSERT(sizeof(struct nx_action_push_mpls) == 16); | |
2235 | ||
2236 | /* Action structure for NXAST_POP_MPLS. */ | |
2237 | struct nx_action_pop_mpls { | |
2238 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
2239 | ovs_be16 len; /* Length is 8. */ | |
2240 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
2241 | ovs_be16 subtype; /* NXAST_POP_MPLS. */ | |
2242 | ovs_be16 ethertype; /* Ethertype */ | |
2243 | uint8_t pad[4]; | |
2244 | }; | |
2245 | OFP_ASSERT(sizeof(struct nx_action_pop_mpls) == 16); | |
2246 | ||
0f3f3c3d SH |
2247 | /* Action structure for NXAST_SET_MPLS_TTL. */ |
2248 | struct nx_action_mpls_ttl { | |
2249 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
2250 | ovs_be16 len; /* Length is 8. */ | |
2251 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
2252 | ovs_be16 subtype; /* NXAST_SET_MPLS_TTL. */ | |
2253 | uint8_t ttl; /* TTL */ | |
2254 | uint8_t pad[5]; | |
2255 | }; | |
2256 | OFP_ASSERT(sizeof(struct nx_action_mpls_ttl) == 16); | |
2257 | ||
29089a54 RL |
2258 | /* Action structure for NXAST_SAMPLE. |
2259 | * | |
2260 | * Samples matching packets with the given probability and sends them | |
2261 | * each to the set of collectors identified with the given ID. The | |
2262 | * probability is expressed as a number of packets to be sampled out | |
2263 | * of USHRT_MAX packets, and must be >0. | |
2264 | * | |
2265 | * When sending packet samples to IPFIX collectors, the IPFIX flow | |
2266 | * record sent for each sampled packet is associated with the given | |
2267 | * observation domain ID and observation point ID. Each IPFIX flow | |
2268 | * record contain the sampled packet's headers when executing this | |
2269 | * rule. If a sampled packet's headers are modified by previous | |
2270 | * actions in the flow, those modified headers are sent. */ | |
2271 | struct nx_action_sample { | |
2272 | ovs_be16 type; /* OFPAT_VENDOR. */ | |
2273 | ovs_be16 len; /* Length is 24. */ | |
2274 | ovs_be32 vendor; /* NX_VENDOR_ID. */ | |
2275 | ovs_be16 subtype; /* NXAST_SAMPLE. */ | |
2276 | ovs_be16 probability; /* Fraction of packets to sample. */ | |
2277 | ovs_be32 collector_set_id; /* ID of collector set in OVSDB. */ | |
2278 | ovs_be32 obs_domain_id; /* ID of sampling observation domain. */ | |
2279 | ovs_be32 obs_point_id; /* ID of sampling observation point. */ | |
2280 | }; | |
2281 | OFP_ASSERT(sizeof(struct nx_action_sample) == 24); | |
2282 | ||
064af421 | 2283 | #endif /* openflow/nicira-ext.h */ |