]> git.proxmox.com Git - mirror_ovs.git/blame - lib/ofp-match.c
projects / mirror_ovs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ovs-vswitchd: Better document that ovs-vswitchd manages its own datapaths.
[mirror_ovs.git] / lib / ofp-match.c
CommitLineData
0d71302e
BP		 1/*
2 * Copyright (c) 2008-2017 Nicira, Inc.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <config.h>
18#include "openvswitch/ofp-match.h"
19#include "byte-order.h"
20#include "flow.h"
21#include "nx-match.h"
22#include "openvswitch/match.h"
23#include "openvswitch/ofp-errors.h"
24#include "openvswitch/ofp-msgs.h"
25#include "openvswitch/ofp-port.h"
26#include "openvswitch/packets.h"
27#include "openvswitch/vlog.h"
28
29VLOG_DEFINE_THIS_MODULE(ofp_match);
30
31static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
32
33/* Given the wildcard bit count in the least-significant 6 of 'wcbits', returns
34 * an IP netmask with a 1 in each bit that must match and a 0 in each bit that
35 * is wildcarded.
36 *
37 * The bits in 'wcbits' are in the format used in enum ofp_flow_wildcards: 0
38 * is exact match, 1 ignores the LSB, 2 ignores the 2 least-significant bits,
39 * ..., 32 and higher wildcard the entire field. This is the *opposite* of the
40 * usual convention where e.g. /24 indicates that 8 bits (not 24 bits) are
41 * wildcarded. */
11b1e59f 42static ovs_be32
0d71302e
BP		 43ofputil_wcbits_to_netmask(int wcbits)
44{
45 wcbits &= 0x3f;
46 return wcbits < 32 ? htonl(~((1u << wcbits) - 1)) : 0;
47}
48
49/* Given the IP netmask 'netmask', returns the number of bits of the IP address
50 * that it wildcards, that is, the number of 0-bits in 'netmask', a number
51 * between 0 and 32 inclusive.
52 *
53 * If 'netmask' is not a CIDR netmask (see ip_is_cidr()), the return value will
54 * still be in the valid range but isn't otherwise meaningful. */
11b1e59f 55static int
0d71302e
BP		 56ofputil_netmask_to_wcbits(ovs_be32 netmask)
57{
58 return 32 - ip_count_cidr_bits(netmask);
59}
60
61/* Converts the OpenFlow 1.0 wildcards in 'ofpfw' (OFPFW10_*) into a
62 * flow_wildcards in 'wc' for use in struct match. It is the caller's
63 * responsibility to handle the special case where the flow match's dl_vlan is
64 * set to OFP_VLAN_NONE. */
65void
66ofputil_wildcard_from_ofpfw10(uint32_t ofpfw, struct flow_wildcards *wc)
67{
68 BUILD_ASSERT_DECL(FLOW_WC_SEQ == 40);
69
70 /* Initialize most of wc. */
71 flow_wildcards_init_catchall(wc);
72
73 if (!(ofpfw & OFPFW10_IN_PORT)) {
74 wc->masks.in_port.ofp_port = u16_to_ofp(UINT16_MAX);
75 }
76
77 if (!(ofpfw & OFPFW10_NW_TOS)) {
78 wc->masks.nw_tos |= IP_DSCP_MASK;
79 }
80
81 if (!(ofpfw & OFPFW10_NW_PROTO)) {
82 wc->masks.nw_proto = UINT8_MAX;
83 }
84 wc->masks.nw_src = ofputil_wcbits_to_netmask(ofpfw
85 >> OFPFW10_NW_SRC_SHIFT);
86 wc->masks.nw_dst = ofputil_wcbits_to_netmask(ofpfw
87 >> OFPFW10_NW_DST_SHIFT);
88
89 if (!(ofpfw & OFPFW10_TP_SRC)) {
90 wc->masks.tp_src = OVS_BE16_MAX;
91 }
92 if (!(ofpfw & OFPFW10_TP_DST)) {
93 wc->masks.tp_dst = OVS_BE16_MAX;
94 }
95
96 if (!(ofpfw & OFPFW10_DL_SRC)) {
97 WC_MASK_FIELD(wc, dl_src);
98 }
99 if (!(ofpfw & OFPFW10_DL_DST)) {
100 WC_MASK_FIELD(wc, dl_dst);
101 }
102 if (!(ofpfw & OFPFW10_DL_TYPE)) {
103 wc->masks.dl_type = OVS_BE16_MAX;
104 }
105
106 /* VLAN TCI mask. */
107 if (!(ofpfw & OFPFW10_DL_VLAN_PCP)) {
108 wc->masks.vlans[0].tci |= htons(VLAN_PCP_MASK | VLAN_CFI);
109 }
110 if (!(ofpfw & OFPFW10_DL_VLAN)) {
111 wc->masks.vlans[0].tci |= htons(VLAN_VID_MASK | VLAN_CFI);
112 }
113}
114
115/* Converts the ofp10_match in 'ofmatch' into a struct match in 'match'. */
116void
117ofputil_match_from_ofp10_match(const struct ofp10_match *ofmatch,
118 struct match *match)
119{
120 uint32_t ofpfw = ntohl(ofmatch->wildcards) & OFPFW10_ALL;
121
122 /* Initialize match->wc. */
123 memset(&match->flow, 0, sizeof match->flow);
124 ofputil_wildcard_from_ofpfw10(ofpfw, &match->wc);
125 memset(&match->tun_md, 0, sizeof match->tun_md);
126
127 /* If any fields, except in_port, are matched, then we also need to match
128 * on the Ethernet packet_type. */
129 const uint32_t ofpfw_data_bits = (OFPFW10_NW_TOS | OFPFW10_NW_PROTO
130 | OFPFW10_TP_SRC | OFPFW10_TP_DST
131 | OFPFW10_DL_SRC | OFPFW10_DL_DST
132 | OFPFW10_DL_TYPE
133 | OFPFW10_DL_VLAN | OFPFW10_DL_VLAN_PCP);
134 if ((ofpfw & ofpfw_data_bits) != ofpfw_data_bits
135 || ofputil_wcbits_to_netmask(ofpfw >> OFPFW10_NW_SRC_SHIFT)
136 || ofputil_wcbits_to_netmask(ofpfw >> OFPFW10_NW_DST_SHIFT)) {
137 match_set_default_packet_type(match);
138 }
139
140 /* Initialize most of match->flow. */
141 match->flow.nw_src = ofmatch->nw_src;
142 match->flow.nw_dst = ofmatch->nw_dst;
143 match->flow.in_port.ofp_port = u16_to_ofp(ntohs(ofmatch->in_port));
144 match->flow.dl_type = ofputil_dl_type_from_openflow(ofmatch->dl_type);
145 match->flow.tp_src = ofmatch->tp_src;
146 match->flow.tp_dst = ofmatch->tp_dst;
147 match->flow.dl_src = ofmatch->dl_src;
148 match->flow.dl_dst = ofmatch->dl_dst;
149 match->flow.nw_tos = ofmatch->nw_tos & IP_DSCP_MASK;
150 match->flow.nw_proto = ofmatch->nw_proto;
151
152 /* Translate VLANs. */
153 if (!(ofpfw & OFPFW10_DL_VLAN) &&
154 ofmatch->dl_vlan == htons(OFP10_VLAN_NONE)) {
155 /* Match only packets without 802.1Q header.
156 *
157 * When OFPFW10_DL_VLAN_PCP is wildcarded, this is obviously correct.
158 *
159 * If OFPFW10_DL_VLAN_PCP is matched, the flow match is contradictory,
160 * because we can't have a specific PCP without an 802.1Q header.
161 * However, older versions of OVS treated this as matching packets
162 * withut an 802.1Q header, so we do here too. */
163 match->flow.vlans[0].tci = htons(0);
164 match->wc.masks.vlans[0].tci = htons(0xffff);
165 } else {
166 ovs_be16 vid, pcp, tci;
167 uint16_t hpcp;
168
169 vid = ofmatch->dl_vlan & htons(VLAN_VID_MASK);
170 hpcp = (ofmatch->dl_vlan_pcp << VLAN_PCP_SHIFT) & VLAN_PCP_MASK;
171 pcp = htons(hpcp);
172 tci = vid | pcp | htons(VLAN_CFI);
173 match->flow.vlans[0].tci = tci & match->wc.masks.vlans[0].tci;
174 }
175
176 /* Clean up. */
177 match_zero_wildcarded_fields(match);
178}
179
180/* Convert 'match' into the OpenFlow 1.0 match structure 'ofmatch'. */
181void
182ofputil_match_to_ofp10_match(const struct match *match,
183 struct ofp10_match *ofmatch)
184{
185 const struct flow_wildcards *wc = &match->wc;
186 uint32_t ofpfw;
187
188 /* Figure out most OpenFlow wildcards. */
189 ofpfw = 0;
190 if (!wc->masks.in_port.ofp_port) {
191 ofpfw |= OFPFW10_IN_PORT;
192 }
193 if (!wc->masks.dl_type) {
194 ofpfw |= OFPFW10_DL_TYPE;
195 }
196 if (!wc->masks.nw_proto) {
197 ofpfw |= OFPFW10_NW_PROTO;
198 }
199 ofpfw |= (ofputil_netmask_to_wcbits(wc->masks.nw_src)
200 << OFPFW10_NW_SRC_SHIFT);
201 ofpfw |= (ofputil_netmask_to_wcbits(wc->masks.nw_dst)
202 << OFPFW10_NW_DST_SHIFT);
203 if (!(wc->masks.nw_tos & IP_DSCP_MASK)) {
204 ofpfw |= OFPFW10_NW_TOS;
205 }
206 if (!wc->masks.tp_src) {
207 ofpfw |= OFPFW10_TP_SRC;
208 }
209 if (!wc->masks.tp_dst) {
210 ofpfw |= OFPFW10_TP_DST;
211 }
212 if (eth_addr_is_zero(wc->masks.dl_src)) {
213 ofpfw |= OFPFW10_DL_SRC;
214 }
215 if (eth_addr_is_zero(wc->masks.dl_dst)) {
216 ofpfw |= OFPFW10_DL_DST;
217 }
218
219 /* Translate VLANs. */
220 ofmatch->dl_vlan = htons(0);
221 ofmatch->dl_vlan_pcp = 0;
222 if (match->wc.masks.vlans[0].tci == htons(0)) {
223 ofpfw |= OFPFW10_DL_VLAN | OFPFW10_DL_VLAN_PCP;
224 } else if (match->wc.masks.vlans[0].tci & htons(VLAN_CFI)
225 && !(match->flow.vlans[0].tci & htons(VLAN_CFI))) {
226 ofmatch->dl_vlan = htons(OFP10_VLAN_NONE);
227 } else {
228 if (!(match->wc.masks.vlans[0].tci & htons(VLAN_VID_MASK))) {
229 ofpfw |= OFPFW10_DL_VLAN;
230 } else {
231 ofmatch->dl_vlan =
232 htons(vlan_tci_to_vid(match->flow.vlans[0].tci));
233 }
234
235 if (!(match->wc.masks.vlans[0].tci & htons(VLAN_PCP_MASK))) {
236 ofpfw |= OFPFW10_DL_VLAN_PCP;
237 } else {
238 ofmatch->dl_vlan_pcp = vlan_tci_to_pcp(match->flow.vlans[0].tci);
239 }
240 }
241
242 /* Compose most of the match structure. */
243 ofmatch->wildcards = htonl(ofpfw);
244 ofmatch->in_port = htons(ofp_to_u16(match->flow.in_port.ofp_port));
245 ofmatch->dl_src = match->flow.dl_src;
246 ofmatch->dl_dst = match->flow.dl_dst;
247 ofmatch->dl_type = ofputil_dl_type_to_openflow(match->flow.dl_type);
248 ofmatch->nw_src = match->flow.nw_src;
249 ofmatch->nw_dst = match->flow.nw_dst;
250 ofmatch->nw_tos = match->flow.nw_tos & IP_DSCP_MASK;
251 ofmatch->nw_proto = match->flow.nw_proto;
252 ofmatch->tp_src = match->flow.tp_src;
253 ofmatch->tp_dst = match->flow.tp_dst;
254 memset(ofmatch->pad1, '\0', sizeof ofmatch->pad1);
255 memset(ofmatch->pad2, '\0', sizeof ofmatch->pad2);
256}
257
258enum ofperr
259ofputil_pull_ofp11_match(struct ofpbuf *buf, const struct tun_table *tun_table,
260 const struct vl_mff_map *vl_mff_map,
261 struct match *match, uint16_t *padded_match_len)
262{
263 struct ofp11_match_header *omh = buf->data;
264 uint16_t match_len;
265
266 if (buf->size < sizeof *omh) {
267 return OFPERR_OFPBMC_BAD_LEN;
268 }
269
270 match_len = ntohs(omh->length);
271
272 switch (ntohs(omh->type)) {
273 case OFPMT_STANDARD: {
274 struct ofp11_match *om;
275
276 if (match_len != sizeof *om || buf->size < sizeof *om) {
277 return OFPERR_OFPBMC_BAD_LEN;
278 }
279 om = ofpbuf_pull(buf, sizeof *om);
280 if (padded_match_len) {
281 *padded_match_len = match_len;
282 }
283 return ofputil_match_from_ofp11_match(om, match);
284 }
285
286 case OFPMT_OXM:
287 if (padded_match_len) {
288 *padded_match_len = ROUND_UP(match_len, 8);
289 }
290 return oxm_pull_match(buf, false, tun_table, vl_mff_map, match);
291
292 default:
293 return OFPERR_OFPBMC_BAD_TYPE;
294 }
295}
296
297/* Converts the ofp11_match in 'ofmatch' into a struct match in 'match'.
298 * Returns 0 if successful, otherwise an OFPERR_* value. */
299enum ofperr
300ofputil_match_from_ofp11_match(const struct ofp11_match *ofmatch,
301 struct match *match)
302{
303 uint16_t wc = ntohl(ofmatch->wildcards);
304 bool ipv4, arp, rarp;
305
306 match_init_catchall(match);
307 match->flow.tunnel.metadata.tab = NULL;
308
309 if (!(wc & OFPFW11_IN_PORT)) {
310 ofp_port_t ofp_port;
311 enum ofperr error;
312
313 error = ofputil_port_from_ofp11(ofmatch->in_port, &ofp_port);
314 if (error) {
315 return OFPERR_OFPBMC_BAD_VALUE;
316 }
317 match_set_in_port(match, ofp_port);
318 }
319
320 struct eth_addr dl_src_mask = eth_addr_invert(ofmatch->dl_src_mask);
321 struct eth_addr dl_dst_mask = eth_addr_invert(ofmatch->dl_dst_mask);
322 if (!eth_addr_is_zero(dl_src_mask) || !eth_addr_is_zero(dl_dst_mask)) {
323 match_set_dl_src_masked(match, ofmatch->dl_src, dl_src_mask);
324 match_set_dl_dst_masked(match, ofmatch->dl_dst, dl_dst_mask);
325 match_set_default_packet_type(match);
326 }
327
328 if (!(wc & OFPFW11_DL_VLAN)) {
329 if (ofmatch->dl_vlan == htons(OFPVID11_NONE)) {
330 /* Match only packets without a VLAN tag. */
331 match->flow.vlans[0].tci = htons(0);
332 match->wc.masks.vlans[0].tci = OVS_BE16_MAX;
333 } else {
334 if (ofmatch->dl_vlan == htons(OFPVID11_ANY)) {
335 /* Match any packet with a VLAN tag regardless of VID. */
336 match->flow.vlans[0].tci = htons(VLAN_CFI);
337 match->wc.masks.vlans[0].tci = htons(VLAN_CFI);
338 } else if (ntohs(ofmatch->dl_vlan) < 4096) {
339 /* Match only packets with the specified VLAN VID. */
340 match->flow.vlans[0].tci = htons(VLAN_CFI) | ofmatch->dl_vlan;
341 match->wc.masks.vlans[0].tci = htons(VLAN_CFI | VLAN_VID_MASK);
342 } else {
343 /* Invalid VID. */
344 return OFPERR_OFPBMC_BAD_VALUE;
345 }
346
347 if (!(wc & OFPFW11_DL_VLAN_PCP)) {
348 if (ofmatch->dl_vlan_pcp <= 7) {
349 match->flow.vlans[0].tci |= htons(ofmatch->dl_vlan_pcp
350 << VLAN_PCP_SHIFT);
351 match->wc.masks.vlans[0].tci |= htons(VLAN_PCP_MASK);
352 } else {
353 /* Invalid PCP. */
354 return OFPERR_OFPBMC_BAD_VALUE;
355 }
356 }
357 }
358 match_set_default_packet_type(match);
359 }
360
361 if (!(wc & OFPFW11_DL_TYPE)) {
362 match_set_dl_type(match,
363 ofputil_dl_type_from_openflow(ofmatch->dl_type));
364 match_set_default_packet_type(match);
365 }
366
367 ipv4 = match->flow.dl_type == htons(ETH_TYPE_IP);
368 arp = match->flow.dl_type == htons(ETH_TYPE_ARP);
369 rarp = match->flow.dl_type == htons(ETH_TYPE_RARP);
370
371 if (ipv4 && !(wc & OFPFW11_NW_TOS)) {
372 if (ofmatch->nw_tos & ~IP_DSCP_MASK) {
373 /* Invalid TOS. */
374 return OFPERR_OFPBMC_BAD_VALUE;
375 }
376
377 match_set_nw_dscp(match, ofmatch->nw_tos);
378 }
379
380 if (ipv4 || arp || rarp) {
381 if (!(wc & OFPFW11_NW_PROTO)) {
382 match_set_nw_proto(match, ofmatch->nw_proto);
383 }
384 match_set_nw_src_masked(match, ofmatch->nw_src, ~ofmatch->nw_src_mask);
385 match_set_nw_dst_masked(match, ofmatch->nw_dst, ~ofmatch->nw_dst_mask);
386 }
387
388#define OFPFW11_TP_ALL (OFPFW11_TP_SRC | OFPFW11_TP_DST)
389 if (ipv4 && (wc & OFPFW11_TP_ALL) != OFPFW11_TP_ALL) {
390 switch (match->flow.nw_proto) {
391 case IPPROTO_ICMP:
392 /* "A.2.3 Flow Match Structures" in OF1.1 says:
393 *
394 * The tp_src and tp_dst fields will be ignored unless the
395 * network protocol specified is as TCP, UDP or SCTP.
396 *
397 * but I'm pretty sure we should support ICMP too, otherwise
398 * that's a regression from OF1.0. */
399 if (!(wc & OFPFW11_TP_SRC)) {
400 uint16_t icmp_type = ntohs(ofmatch->tp_src);
401 if (icmp_type < 0x100) {
402 match_set_icmp_type(match, icmp_type);
403 } else {
404 return OFPERR_OFPBMC_BAD_FIELD;
405 }
406 }
407 if (!(wc & OFPFW11_TP_DST)) {
408 uint16_t icmp_code = ntohs(ofmatch->tp_dst);
409 if (icmp_code < 0x100) {
410 match_set_icmp_code(match, icmp_code);
411 } else {
412 return OFPERR_OFPBMC_BAD_FIELD;
413 }
414 }
415 break;
416
417 case IPPROTO_TCP:
418 case IPPROTO_UDP:
419 case IPPROTO_SCTP:
420 if (!(wc & (OFPFW11_TP_SRC))) {
421 match_set_tp_src(match, ofmatch->tp_src);
422 }
423 if (!(wc & (OFPFW11_TP_DST))) {
424 match_set_tp_dst(match, ofmatch->tp_dst);
425 }
426 break;
427
428 default:
429 /* OF1.1 says explicitly to ignore this. */
430 break;
431 }
432 }
433
434 if (eth_type_mpls(match->flow.dl_type)) {
435 if (!(wc & OFPFW11_MPLS_LABEL)) {
436 match_set_mpls_label(match, 0, ofmatch->mpls_label);
437 }
438 if (!(wc & OFPFW11_MPLS_TC)) {
439 match_set_mpls_tc(match, 0, ofmatch->mpls_tc);
440 }
441 }
442
443 match_set_metadata_masked(match, ofmatch->metadata,
444 ~ofmatch->metadata_mask);
445
446 return 0;
447}
448
449/* Convert 'match' into the OpenFlow 1.1 match structure 'ofmatch'. */
450void
451ofputil_match_to_ofp11_match(const struct match *match,
452 struct ofp11_match *ofmatch)
453{
454 uint32_t wc = 0;
455
456 memset(ofmatch, 0, sizeof *ofmatch);
457 ofmatch->omh.type = htons(OFPMT_STANDARD);
458 ofmatch->omh.length = htons(OFPMT11_STANDARD_LENGTH);
459
460 if (!match->wc.masks.in_port.ofp_port) {
461 wc |= OFPFW11_IN_PORT;
462 } else {
463 ofmatch->in_port = ofputil_port_to_ofp11(match->flow.in_port.ofp_port);
464 }
465
466 ofmatch->dl_src = match->flow.dl_src;
467 ofmatch->dl_src_mask = eth_addr_invert(match->wc.masks.dl_src);
468 ofmatch->dl_dst = match->flow.dl_dst;
469 ofmatch->dl_dst_mask = eth_addr_invert(match->wc.masks.dl_dst);
470
471 if (match->wc.masks.vlans[0].tci == htons(0)) {
472 wc |= OFPFW11_DL_VLAN | OFPFW11_DL_VLAN_PCP;
473 } else if (match->wc.masks.vlans[0].tci & htons(VLAN_CFI)
474 && !(match->flow.vlans[0].tci & htons(VLAN_CFI))) {
475 ofmatch->dl_vlan = htons(OFPVID11_NONE);
476 wc |= OFPFW11_DL_VLAN_PCP;
477 } else {
478 if (!(match->wc.masks.vlans[0].tci & htons(VLAN_VID_MASK))) {
479 ofmatch->dl_vlan = htons(OFPVID11_ANY);
480 } else {
481 ofmatch->dl_vlan =
482 htons(vlan_tci_to_vid(match->flow.vlans[0].tci));
483 }
484
485 if (!(match->wc.masks.vlans[0].tci & htons(VLAN_PCP_MASK))) {
486 wc |= OFPFW11_DL_VLAN_PCP;
487 } else {
488 ofmatch->dl_vlan_pcp = vlan_tci_to_pcp(match->flow.vlans[0].tci);
489 }
490 }
491
492 if (!match->wc.masks.dl_type) {
493 wc |= OFPFW11_DL_TYPE;
494 } else {
495 ofmatch->dl_type = ofputil_dl_type_to_openflow(match->flow.dl_type);
496 }
497
498 if (!(match->wc.masks.nw_tos & IP_DSCP_MASK)) {
499 wc |= OFPFW11_NW_TOS;
500 } else {
501 ofmatch->nw_tos = match->flow.nw_tos & IP_DSCP_MASK;
502 }
503
504 if (!match->wc.masks.nw_proto) {
505 wc |= OFPFW11_NW_PROTO;
506 } else {
507 ofmatch->nw_proto = match->flow.nw_proto;
508 }
509
510 ofmatch->nw_src = match->flow.nw_src;
511 ofmatch->nw_src_mask = ~match->wc.masks.nw_src;
512 ofmatch->nw_dst = match->flow.nw_dst;
513 ofmatch->nw_dst_mask = ~match->wc.masks.nw_dst;
514
515 if (!match->wc.masks.tp_src) {
516 wc |= OFPFW11_TP_SRC;
517 } else {
518 ofmatch->tp_src = match->flow.tp_src;
519 }
520
521 if (!match->wc.masks.tp_dst) {
522 wc |= OFPFW11_TP_DST;
523 } else {
524 ofmatch->tp_dst = match->flow.tp_dst;
525 }
526
527 if (!(match->wc.masks.mpls_lse[0] & htonl(MPLS_LABEL_MASK))) {
528 wc |= OFPFW11_MPLS_LABEL;
529 } else {
530 ofmatch->mpls_label = htonl(mpls_lse_to_label(
531 match->flow.mpls_lse[0]));
532 }
533
534 if (!(match->wc.masks.mpls_lse[0] & htonl(MPLS_TC_MASK))) {
535 wc |= OFPFW11_MPLS_TC;
536 } else {
537 ofmatch->mpls_tc = mpls_lse_to_tc(match->flow.mpls_lse[0]);
538 }
539
540 ofmatch->metadata = match->flow.metadata;
541 ofmatch->metadata_mask = ~match->wc.masks.metadata;
542
543 ofmatch->wildcards = htonl(wc);
544}
545
546/* Returns the "typical" length of a match for 'protocol', for use in
547 * estimating space to preallocate. */
548int
549ofputil_match_typical_len(enum ofputil_protocol protocol)
550{
551 switch (protocol) {
552 case OFPUTIL_P_OF10_STD:
553 case OFPUTIL_P_OF10_STD_TID:
554 return sizeof(struct ofp10_match);
555
556 case OFPUTIL_P_OF10_NXM:
557 case OFPUTIL_P_OF10_NXM_TID:
558 return NXM_TYPICAL_LEN;
559
560 case OFPUTIL_P_OF11_STD:
561 return sizeof(struct ofp11_match);
562
563 case OFPUTIL_P_OF12_OXM:
564 case OFPUTIL_P_OF13_OXM:
565 case OFPUTIL_P_OF14_OXM:
566 case OFPUTIL_P_OF15_OXM:
567 case OFPUTIL_P_OF16_OXM:
568 return NXM_TYPICAL_LEN;
569
570 default:
571 OVS_NOT_REACHED();
572 }
573}
574
575/* Appends to 'b' an struct ofp11_match_header followed by a match that
576 * expresses 'match' properly for 'protocol', plus enough zero bytes to pad the
577 * data appended out to a multiple of 8. 'protocol' must be one that is usable
578 * in OpenFlow 1.1 or later.
579 *
580 * This function can cause 'b''s data to be reallocated.
581 *
582 * Returns the number of bytes appended to 'b', excluding the padding. Never
583 * returns zero. */
584int
585ofputil_put_ofp11_match(struct ofpbuf *b, const struct match *match,
586 enum ofputil_protocol protocol)
587{
588 switch (protocol) {
589 case OFPUTIL_P_OF10_STD:
590 case OFPUTIL_P_OF10_STD_TID:
591 case OFPUTIL_P_OF10_NXM:
592 case OFPUTIL_P_OF10_NXM_TID:
593 OVS_NOT_REACHED();
594
595 case OFPUTIL_P_OF11_STD: {
596 struct ofp11_match *om;
597
598 /* Make sure that no padding is needed. */
599 BUILD_ASSERT_DECL(sizeof *om % 8 == 0);
600
601 om = ofpbuf_put_uninit(b, sizeof *om);
602 ofputil_match_to_ofp11_match(match, om);
603 return sizeof *om;
604 }
605
606 case OFPUTIL_P_OF12_OXM:
607 case OFPUTIL_P_OF13_OXM:
608 case OFPUTIL_P_OF14_OXM:
609 case OFPUTIL_P_OF15_OXM:
610 case OFPUTIL_P_OF16_OXM:
611 return oxm_put_match(b, match,
612 ofputil_protocol_to_ofp_version(protocol));
613 }
614
615 OVS_NOT_REACHED();
616}
617
618/* Given a 'dl_type' value in the format used in struct flow, returns the
619 * corresponding 'dl_type' value for use in an ofp10_match or ofp11_match
620 * structure. */
621ovs_be16
622ofputil_dl_type_to_openflow(ovs_be16 flow_dl_type)
623{
624 return (flow_dl_type == htons(FLOW_DL_TYPE_NONE)
625 ? htons(OFP_DL_TYPE_NOT_ETH_TYPE)
626 : flow_dl_type);
627}
628
629/* Given a 'dl_type' value in the format used in an ofp10_match or ofp11_match
630 * structure, returns the corresponding 'dl_type' value for use in struct
631 * flow. */
632ovs_be16
633ofputil_dl_type_from_openflow(ovs_be16 ofp_dl_type)
634{
635 return (ofp_dl_type == htons(OFP_DL_TYPE_NOT_ETH_TYPE)
636 ? htons(FLOW_DL_TYPE_NONE)
637 : ofp_dl_type);
638}
639\f
640static void
641encode_tlv_table_mappings(struct ofpbuf *b, struct ovs_list *mappings)
642{
643 struct ofputil_tlv_map *map;
644
645 LIST_FOR_EACH (map, list_node, mappings) {
646 struct nx_tlv_map *nx_map;
647
648 nx_map = ofpbuf_put_zeros(b, sizeof *nx_map);
649 nx_map->option_class = htons(map->option_class);
650 nx_map->option_type = map->option_type;
651 nx_map->option_len = map->option_len;
652 nx_map->index = htons(map->index);
653 }
654}
655
656struct ofpbuf *
657ofputil_encode_tlv_table_mod(enum ofp_version ofp_version,
658 struct ofputil_tlv_table_mod *ttm)
659{
660 struct ofpbuf *b;
661 struct nx_tlv_table_mod *nx_ttm;
662
663 b = ofpraw_alloc(OFPRAW_NXT_TLV_TABLE_MOD, ofp_version, 0);
664 nx_ttm = ofpbuf_put_zeros(b, sizeof *nx_ttm);
665 nx_ttm->command = htons(ttm->command);
666 encode_tlv_table_mappings(b, &ttm->mappings);
667
668 return b;
669}
670
671static enum ofperr
672decode_tlv_table_mappings(struct ofpbuf *msg, unsigned int max_fields,
673 struct ovs_list *mappings)
674{
675 ovs_list_init(mappings);
676
677 while (msg->size) {
678 struct nx_tlv_map *nx_map;
679 struct ofputil_tlv_map *map;
680
681 nx_map = ofpbuf_pull(msg, sizeof *nx_map);
682 map = xmalloc(sizeof *map);
683 ovs_list_push_back(mappings, &map->list_node);
684
685 map->option_class = ntohs(nx_map->option_class);
686 map->option_type = nx_map->option_type;
687
688 map->option_len = nx_map->option_len;
689 if (map->option_len % 4 || map->option_len > TLV_MAX_OPT_SIZE) {
690 VLOG_WARN_RL(&rl, "tlv table option length (%u) is not a "
691 "valid option size", map->option_len);
692 ofputil_uninit_tlv_table(mappings);
693 return OFPERR_NXTTMFC_BAD_OPT_LEN;
694 }
695
696 map->index = ntohs(nx_map->index);
697 if (map->index >= max_fields) {
698 VLOG_WARN_RL(&rl, "tlv table field index (%u) is too large "
699 "(max %u)", map->index, max_fields - 1);
700 ofputil_uninit_tlv_table(mappings);
701 return OFPERR_NXTTMFC_BAD_FIELD_IDX;
702 }
703 }
704
705 return 0;
706}
707
708enum ofperr
709ofputil_decode_tlv_table_mod(const struct ofp_header *oh,
710 struct ofputil_tlv_table_mod *ttm)
711{
712 struct ofpbuf msg = ofpbuf_const_initializer(oh, ntohs(oh->length));
713 ofpraw_pull_assert(&msg);
714
715 struct nx_tlv_table_mod *nx_ttm = ofpbuf_pull(&msg, sizeof *nx_ttm);
716 ttm->command = ntohs(nx_ttm->command);
717 if (ttm->command > NXTTMC_CLEAR) {
718 VLOG_WARN_RL(&rl, "tlv table mod command (%u) is out of range",
719 ttm->command);
720 return OFPERR_NXTTMFC_BAD_COMMAND;
721 }
722
723 return decode_tlv_table_mappings(&msg, TUN_METADATA_NUM_OPTS,
724 &ttm->mappings);
725}
726
727struct ofpbuf *
728ofputil_encode_tlv_table_reply(const struct ofp_header *oh,
729 struct ofputil_tlv_table_reply *ttr)
730{
731 struct ofpbuf *b;
732 struct nx_tlv_table_reply *nx_ttr;
733
734 b = ofpraw_alloc_reply(OFPRAW_NXT_TLV_TABLE_REPLY, oh, 0);
735 nx_ttr = ofpbuf_put_zeros(b, sizeof *nx_ttr);
736 nx_ttr->max_option_space = htonl(ttr->max_option_space);
737 nx_ttr->max_fields = htons(ttr->max_fields);
738
739 encode_tlv_table_mappings(b, &ttr->mappings);
740
741 return b;
742}
743
744/* Decodes the NXT_TLV_TABLE_REPLY message in 'oh' into '*ttr'. Returns 0
745 * if successful, otherwise an ofperr.
746 *
747 * The decoder verifies that the indexes in 'ttr->mappings' are less than
748 * 'ttr->max_fields', but the caller must ensure, if necessary, that they are
749 * less than TUN_METADATA_NUM_OPTS. */
750enum ofperr
751ofputil_decode_tlv_table_reply(const struct ofp_header *oh,
752 struct ofputil_tlv_table_reply *ttr)
753{
754 struct ofpbuf msg = ofpbuf_const_initializer(oh, ntohs(oh->length));
755 ofpraw_pull_assert(&msg);
756
757 struct nx_tlv_table_reply *nx_ttr = ofpbuf_pull(&msg, sizeof *nx_ttr);
758 ttr->max_option_space = ntohl(nx_ttr->max_option_space);
759 ttr->max_fields = ntohs(nx_ttr->max_fields);
760
761 return decode_tlv_table_mappings(&msg, ttr->max_fields, &ttr->mappings);
762}
763
764char * OVS_WARN_UNUSED_RESULT
765parse_ofp_tlv_table_mod_str(struct ofputil_tlv_table_mod *ttm,
766 uint16_t command, const char *s,
767 enum ofputil_protocol *usable_protocols)
768{
769 *usable_protocols = OFPUTIL_P_NXM_OXM_ANY;
770
771 ttm->command = command;
772 ovs_list_init(&ttm->mappings);
773
774 while (*s) {
775 struct ofputil_tlv_map *map = xmalloc(sizeof *map);
776 int n;
777
778 if (*s == ',') {
779 s++;
780 }
781
782 ovs_list_push_back(&ttm->mappings, &map->list_node);
783
784 if (!ovs_scan(s, "{class=%"SCNi16",type=%"SCNi8",len=%"SCNi8"}"
785 "->tun_metadata%"SCNi16"%n",
786 &map->option_class, &map->option_type, &map->option_len,
787 &map->index, &n)) {
788 ofputil_uninit_tlv_table(&ttm->mappings);
789 return xstrdup("invalid tlv mapping");
790 }
791
792 s += n;
793 }
794
795 return NULL;
796}
797
798void
799ofputil_uninit_tlv_table(struct ovs_list *mappings)
800{
801 struct ofputil_tlv_map *map;
802
803 LIST_FOR_EACH_POP (map, list_node, mappings) {
804 free(map);
805 }
806}
807\f
808static void
809ofputil_normalize_match__(struct match *match, bool may_log)
810{
811 enum {
812 MAY_NW_ADDR = 1 << 0, /* nw_src, nw_dst */
813 MAY_TP_ADDR = 1 << 1, /* tp_src, tp_dst */
814 MAY_NW_PROTO = 1 << 2, /* nw_proto */
815 MAY_IPVx = 1 << 3, /* tos, frag, ttl */
816 MAY_ARP_SHA = 1 << 4, /* arp_sha */
817 MAY_ARP_THA = 1 << 5, /* arp_tha */
818 MAY_IPV6 = 1 << 6, /* ipv6_src, ipv6_dst, ipv6_label */
819 MAY_ND_TARGET = 1 << 7, /* nd_target */
820 MAY_MPLS = 1 << 8, /* mpls label and tc */
821 MAY_ETHER = 1 << 9, /* dl_src, dl_dst */
822 } may_match;
823
824 struct flow_wildcards wc = match->wc;
825 ovs_be16 dl_type;
826
827 /* Figure out what fields may be matched. */
828 /* Check the packet_type first and extract dl_type. */
829 if (wc.masks.packet_type == 0 || match_has_default_packet_type(match)) {
830 may_match = MAY_ETHER;
831 dl_type = match->flow.dl_type;
832 } else if (wc.masks.packet_type == OVS_BE32_MAX &&
833 pt_ns(match->flow.packet_type) == OFPHTN_ETHERTYPE) {
834 may_match = 0;
835 dl_type = pt_ns_type_be(match->flow.packet_type);
836 } else {
837 may_match = 0;
838 dl_type = 0;
839 }
840 if (dl_type == htons(ETH_TYPE_IP)) {
841 may_match |= MAY_NW_PROTO | MAY_IPVx | MAY_NW_ADDR;
842 if (match->flow.nw_proto == IPPROTO_TCP ||
843 match->flow.nw_proto == IPPROTO_UDP ||
844 match->flow.nw_proto == IPPROTO_SCTP ||
845 match->flow.nw_proto == IPPROTO_ICMP) {
846 may_match |= MAY_TP_ADDR;
847 }
848 } else if (dl_type == htons(ETH_TYPE_IPV6)) {
849 may_match |= MAY_NW_PROTO | MAY_IPVx | MAY_IPV6;
850 if (match->flow.nw_proto == IPPROTO_TCP ||
851 match->flow.nw_proto == IPPROTO_UDP ||
852 match->flow.nw_proto == IPPROTO_SCTP) {
853 may_match |= MAY_TP_ADDR;
854 } else if (match->flow.nw_proto == IPPROTO_ICMPV6) {
855 may_match |= MAY_TP_ADDR;
856 if (match->flow.tp_src == htons(ND_NEIGHBOR_SOLICIT)) {
857 may_match |= MAY_ND_TARGET | MAY_ARP_SHA;
858 } else if (match->flow.tp_src == htons(ND_NEIGHBOR_ADVERT)) {
859 may_match |= MAY_ND_TARGET | MAY_ARP_THA;
860 }
861 }
862 } else if (dl_type == htons(ETH_TYPE_ARP) ||
863 dl_type == htons(ETH_TYPE_RARP)) {
864 may_match |= MAY_NW_PROTO | MAY_NW_ADDR | MAY_ARP_SHA | MAY_ARP_THA;
865 } else if (eth_type_mpls(dl_type)) {
866 may_match |= MAY_MPLS;
867 }
868
869 /* Clear the fields that may not be matched. */
870 if (!(may_match & MAY_ETHER)) {
871 wc.masks.dl_src = wc.masks.dl_dst = eth_addr_zero;
872 }
873 if (!(may_match & MAY_NW_ADDR)) {
874 wc.masks.nw_src = wc.masks.nw_dst = htonl(0);
875 }
876 if (!(may_match & MAY_TP_ADDR)) {
877 wc.masks.tp_src = wc.masks.tp_dst = htons(0);
878 }
879 if (!(may_match & MAY_NW_PROTO)) {
880 wc.masks.nw_proto = 0;
881 }
882 if (!(may_match & MAY_IPVx)) {
883 wc.masks.nw_tos = 0;
884 wc.masks.nw_ttl = 0;
885 }
886 if (!(may_match & MAY_ARP_SHA)) {
887 WC_UNMASK_FIELD(&wc, arp_sha);
888 }
889 if (!(may_match & MAY_ARP_THA)) {
890 WC_UNMASK_FIELD(&wc, arp_tha);
891 }
892 if (!(may_match & MAY_IPV6)) {
893 wc.masks.ipv6_src = wc.masks.ipv6_dst = in6addr_any;
894 wc.masks.ipv6_label = htonl(0);
895 }
896 if (!(may_match & MAY_ND_TARGET)) {
897 wc.masks.nd_target = in6addr_any;
898 }
899 if (!(may_match & MAY_MPLS)) {
900 memset(wc.masks.mpls_lse, 0, sizeof wc.masks.mpls_lse);
901 }
902
903 /* Log any changes. */
904 if (!flow_wildcards_equal(&wc, &match->wc)) {
905 bool log = may_log && !VLOG_DROP_INFO(&rl);
906 char *pre = (log
907 ? match_to_string(match, NULL, OFP_DEFAULT_PRIORITY)
908 : NULL);
909
910 match->wc = wc;
911 match_zero_wildcarded_fields(match);
912
913 if (log) {
914 char *post = match_to_string(match, NULL, OFP_DEFAULT_PRIORITY);
915 VLOG_INFO("normalization changed ofp_match, details:");
916 VLOG_INFO(" pre: %s", pre);
917 VLOG_INFO("post: %s", post);
918 free(pre);
919 free(post);
920 }
921 }
922}
923
924/* "Normalizes" the wildcards in 'match'. That means:
925 *
926 * 1. If the type of level N is known, then only the valid fields for that
927 * level may be specified. For example, ARP does not have a TOS field,
928 * so nw_tos must be wildcarded if 'match' specifies an ARP flow.
929 * Similarly, IPv4 does not have any IPv6 addresses, so ipv6_src and
930 * ipv6_dst (and other fields) must be wildcarded if 'match' specifies an
931 * IPv4 flow.
932 *
933 * 2. If the type of level N is not known (or not understood by Open
934 * vSwitch), then no fields at all for that level may be specified. For
935 * example, Open vSwitch does not understand SCTP, an L4 protocol, so the
936 * L4 fields tp_src and tp_dst must be wildcarded if 'match' specifies an
937 * SCTP flow.
938 *
939 * If this function changes 'match', it logs a rate-limited informational
940 * message. */
941void
942ofputil_normalize_match(struct match *match)
943{
944 ofputil_normalize_match__(match, true);
945}
946
947/* Same as ofputil_normalize_match() without the logging. Thus, this function
948 * is suitable for a program's internal use, whereas ofputil_normalize_match()
949 * sense for use on flows received from elsewhere (so that a bug in the program
950 * that sent them can be reported and corrected). */
951void
952ofputil_normalize_match_quiet(struct match *match)
953{
954 ofputil_normalize_match__(match, false);
955}
dfc77282
BP		 956\f
957static void OVS_PRINTF_FORMAT(5, 6)
958print_wild(struct ds *string, const char *leader, int is_wild,
959 int verbosity, const char *format, ...)
960{
961 if (is_wild && verbosity < 2) {
962 return;
963 }
964 ds_put_cstr(string, leader);
965 if (!is_wild) {
966 va_list args;
967
968 va_start(args, format);
969 ds_put_format_valist(string, format, args);
970 va_end(args);
971 } else {
972 ds_put_char(string, '*');
973 }
974 ds_put_char(string, ',');
975}
976
977static void
978print_wild_port(struct ds *string, const char *leader, int is_wild,
979 int verbosity, ofp_port_t port,
980 const struct ofputil_port_map *port_map)
981{
982 if (is_wild && verbosity < 2) {
983 return;
984 }
985 ds_put_cstr(string, leader);
986 if (!is_wild) {
987 ofputil_format_port(port, port_map, string);
988 } else {
989 ds_put_char(string, '*');
990 }
991 ds_put_char(string, ',');
992}
993
994static void
995print_ip_netmask(struct ds *string, const char *leader, ovs_be32 ip,
996 uint32_t wild_bits, int verbosity)
997{
998 if (wild_bits >= 32 && verbosity < 2) {
999 return;
1000 }
1001 ds_put_cstr(string, leader);
1002 if (wild_bits < 32) {
1003 ds_put_format(string, IP_FMT, IP_ARGS(ip));
1004 if (wild_bits) {
1005 ds_put_format(string, "/%d", 32 - wild_bits);
1006 }
1007 } else {
1008 ds_put_char(string, '*');
1009 }
1010 ds_put_char(string, ',');
1011}
1012
1013void
1014ofp10_match_print(struct ds *f, const struct ofp10_match *om,
1015 const struct ofputil_port_map *port_map, int verbosity)
1016{
1017 char *s = ofp10_match_to_string(om, port_map, verbosity);
1018 ds_put_cstr(f, s);
1019 free(s);
1020}
1021
1022char *
1023ofp10_match_to_string(const struct ofp10_match *om,
1024 const struct ofputil_port_map *port_map, int verbosity)
1025{
1026 struct ds f = DS_EMPTY_INITIALIZER;
1027 uint32_t w = ntohl(om->wildcards);
1028 bool skip_type = false;
1029 bool skip_proto = false;
1030
1031 if (!(w & OFPFW10_DL_TYPE)) {
1032 skip_type = true;
1033 if (om->dl_type == htons(ETH_TYPE_IP)) {
1034 if (!(w & OFPFW10_NW_PROTO)) {
1035 skip_proto = true;
1036 if (om->nw_proto == IPPROTO_ICMP) {
1037 ds_put_cstr(&f, "icmp,");
1038 } else if (om->nw_proto == IPPROTO_TCP) {
1039 ds_put_cstr(&f, "tcp,");
1040 } else if (om->nw_proto == IPPROTO_UDP) {
1041 ds_put_cstr(&f, "udp,");
1042 } else if (om->nw_proto == IPPROTO_SCTP) {
1043 ds_put_cstr(&f, "sctp,");
1044 } else {
1045 ds_put_cstr(&f, "ip,");
1046 skip_proto = false;
1047 }
1048 } else {
1049 ds_put_cstr(&f, "ip,");
1050 }
1051 } else if (om->dl_type == htons(ETH_TYPE_ARP)) {
1052 ds_put_cstr(&f, "arp,");
1053 } else if (om->dl_type == htons(ETH_TYPE_RARP)){
1054 ds_put_cstr(&f, "rarp,");
1055 } else if (om->dl_type == htons(ETH_TYPE_MPLS)) {
1056 ds_put_cstr(&f, "mpls,");
1057 } else if (om->dl_type == htons(ETH_TYPE_MPLS_MCAST)) {
1058 ds_put_cstr(&f, "mplsm,");
1059 } else {
1060 skip_type = false;
1061 }
1062 }
1063 print_wild_port(&f, "in_port=", w & OFPFW10_IN_PORT, verbosity,
1064 u16_to_ofp(ntohs(om->in_port)), port_map);
1065 print_wild(&f, "dl_vlan=", w & OFPFW10_DL_VLAN, verbosity,
1066 "%d", ntohs(om->dl_vlan));
1067 print_wild(&f, "dl_vlan_pcp=", w & OFPFW10_DL_VLAN_PCP, verbosity,
1068 "%d", om->dl_vlan_pcp);
1069 print_wild(&f, "dl_src=", w & OFPFW10_DL_SRC, verbosity,
1070 ETH_ADDR_FMT, ETH_ADDR_ARGS(om->dl_src));
1071 print_wild(&f, "dl_dst=", w & OFPFW10_DL_DST, verbosity,
1072 ETH_ADDR_FMT, ETH_ADDR_ARGS(om->dl_dst));
1073 if (!skip_type) {
1074 print_wild(&f, "dl_type=", w & OFPFW10_DL_TYPE, verbosity,
1075 "0x%04x", ntohs(om->dl_type));
1076 }
1077 print_ip_netmask(&f, "nw_src=", om->nw_src,
1078 (w & OFPFW10_NW_SRC_MASK) >> OFPFW10_NW_SRC_SHIFT,
1079 verbosity);
1080 print_ip_netmask(&f, "nw_dst=", om->nw_dst,
1081 (w & OFPFW10_NW_DST_MASK) >> OFPFW10_NW_DST_SHIFT,
1082 verbosity);
1083 if (!skip_proto) {
1084 if (om->dl_type == htons(ETH_TYPE_ARP) ||
1085 om->dl_type == htons(ETH_TYPE_RARP)) {
1086 print_wild(&f, "arp_op=", w & OFPFW10_NW_PROTO, verbosity,
1087 "%u", om->nw_proto);
1088 } else {
1089 print_wild(&f, "nw_proto=", w & OFPFW10_NW_PROTO, verbosity,
1090 "%u", om->nw_proto);
1091 }
1092 }
1093 print_wild(&f, "nw_tos=", w & OFPFW10_NW_TOS, verbosity,
1094 "%u", om->nw_tos);
1095 if (om->nw_proto == IPPROTO_ICMP) {
1096 print_wild(&f, "icmp_type=", w & OFPFW10_ICMP_TYPE, verbosity,
1097 "%d", ntohs(om->tp_src));
1098 print_wild(&f, "icmp_code=", w & OFPFW10_ICMP_CODE, verbosity,
1099 "%d", ntohs(om->tp_dst));
1100 } else {
1101 print_wild(&f, "tp_src=", w & OFPFW10_TP_SRC, verbosity,
1102 "%d", ntohs(om->tp_src));
1103 print_wild(&f, "tp_dst=", w & OFPFW10_TP_DST, verbosity,
1104 "%d", ntohs(om->tp_dst));
1105 }
1106 ds_chomp(&f, ',');
1107 return ds_cstr(&f);
1108}
1109
openvswitch mirror