]>
Commit | Line | Data |
---|---|---|
fa37b408 BP |
1 | /* |
2 | * Copyright (c) 2008, 2009, 2010 Nicira Networks. | |
3 | * | |
4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
5 | * you may not use this file except in compliance with the License. | |
6 | * You may obtain a copy of the License at: | |
7 | * | |
8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
9 | * | |
10 | * Unless required by applicable law or agreed to in writing, software | |
11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
13 | * See the License for the specific language governing permissions and | |
14 | * limitations under the License. | |
15 | */ | |
16 | ||
17 | #include <config.h> | |
18 | #include "ofp-print.h" | |
19 | #include <inttypes.h> | |
20 | #include <stdlib.h> | |
21 | #include "ofp-util.h" | |
22 | #include "ofpbuf.h" | |
23 | #include "packets.h" | |
24 | #include "random.h" | |
25 | ||
26 | #define THIS_MODULE VLM_ofp_util | |
27 | #include "vlog.h" | |
28 | ||
29 | /* Rate limit for OpenFlow message parse errors. These always indicate a bug | |
30 | * in the peer and so there's not much point in showing a lot of them. */ | |
31 | static struct vlog_rate_limit bad_ofmsg_rl = VLOG_RATE_LIMIT_INIT(1, 5); | |
32 | ||
33 | /* XXX we should really use consecutive xids to avoid probabilistic | |
34 | * failures. */ | |
35 | static inline uint32_t | |
36 | alloc_xid(void) | |
37 | { | |
38 | return random_uint32(); | |
39 | } | |
40 | ||
41 | /* Allocates and stores in '*bufferp' a new ofpbuf with a size of | |
42 | * 'openflow_len', starting with an OpenFlow header with the given 'type' and | |
43 | * an arbitrary transaction id. Allocated bytes beyond the header, if any, are | |
44 | * zeroed. | |
45 | * | |
46 | * The caller is responsible for freeing '*bufferp' when it is no longer | |
47 | * needed. | |
48 | * | |
49 | * The OpenFlow header length is initially set to 'openflow_len'; if the | |
50 | * message is later extended, the length should be updated with | |
51 | * update_openflow_length() before sending. | |
52 | * | |
53 | * Returns the header. */ | |
54 | void * | |
55 | make_openflow(size_t openflow_len, uint8_t type, struct ofpbuf **bufferp) | |
56 | { | |
57 | *bufferp = ofpbuf_new(openflow_len); | |
58 | return put_openflow_xid(openflow_len, type, alloc_xid(), *bufferp); | |
59 | } | |
60 | ||
61 | /* Allocates and stores in '*bufferp' a new ofpbuf with a size of | |
62 | * 'openflow_len', starting with an OpenFlow header with the given 'type' and | |
63 | * transaction id 'xid'. Allocated bytes beyond the header, if any, are | |
64 | * zeroed. | |
65 | * | |
66 | * The caller is responsible for freeing '*bufferp' when it is no longer | |
67 | * needed. | |
68 | * | |
69 | * The OpenFlow header length is initially set to 'openflow_len'; if the | |
70 | * message is later extended, the length should be updated with | |
71 | * update_openflow_length() before sending. | |
72 | * | |
73 | * Returns the header. */ | |
74 | void * | |
75 | make_openflow_xid(size_t openflow_len, uint8_t type, uint32_t xid, | |
76 | struct ofpbuf **bufferp) | |
77 | { | |
78 | *bufferp = ofpbuf_new(openflow_len); | |
79 | return put_openflow_xid(openflow_len, type, xid, *bufferp); | |
80 | } | |
81 | ||
82 | /* Appends 'openflow_len' bytes to 'buffer', starting with an OpenFlow header | |
83 | * with the given 'type' and an arbitrary transaction id. Allocated bytes | |
84 | * beyond the header, if any, are zeroed. | |
85 | * | |
86 | * The OpenFlow header length is initially set to 'openflow_len'; if the | |
87 | * message is later extended, the length should be updated with | |
88 | * update_openflow_length() before sending. | |
89 | * | |
90 | * Returns the header. */ | |
91 | void * | |
92 | put_openflow(size_t openflow_len, uint8_t type, struct ofpbuf *buffer) | |
93 | { | |
94 | return put_openflow_xid(openflow_len, type, alloc_xid(), buffer); | |
95 | } | |
96 | ||
97 | /* Appends 'openflow_len' bytes to 'buffer', starting with an OpenFlow header | |
98 | * with the given 'type' and an transaction id 'xid'. Allocated bytes beyond | |
99 | * the header, if any, are zeroed. | |
100 | * | |
101 | * The OpenFlow header length is initially set to 'openflow_len'; if the | |
102 | * message is later extended, the length should be updated with | |
103 | * update_openflow_length() before sending. | |
104 | * | |
105 | * Returns the header. */ | |
106 | void * | |
107 | put_openflow_xid(size_t openflow_len, uint8_t type, uint32_t xid, | |
108 | struct ofpbuf *buffer) | |
109 | { | |
110 | struct ofp_header *oh; | |
111 | ||
112 | assert(openflow_len >= sizeof *oh); | |
113 | assert(openflow_len <= UINT16_MAX); | |
114 | ||
115 | oh = ofpbuf_put_uninit(buffer, openflow_len); | |
116 | oh->version = OFP_VERSION; | |
117 | oh->type = type; | |
118 | oh->length = htons(openflow_len); | |
119 | oh->xid = xid; | |
120 | memset(oh + 1, 0, openflow_len - sizeof *oh); | |
121 | return oh; | |
122 | } | |
123 | ||
124 | /* Updates the 'length' field of the OpenFlow message in 'buffer' to | |
125 | * 'buffer->size'. */ | |
126 | void | |
127 | update_openflow_length(struct ofpbuf *buffer) | |
128 | { | |
129 | struct ofp_header *oh = ofpbuf_at_assert(buffer, 0, sizeof *oh); | |
130 | oh->length = htons(buffer->size); | |
131 | } | |
132 | ||
133 | struct ofpbuf * | |
134 | make_flow_mod(uint16_t command, const flow_t *flow, size_t actions_len) | |
135 | { | |
136 | struct ofp_flow_mod *ofm; | |
137 | size_t size = sizeof *ofm + actions_len; | |
138 | struct ofpbuf *out = ofpbuf_new(size); | |
139 | ofm = ofpbuf_put_zeros(out, sizeof *ofm); | |
140 | ofm->header.version = OFP_VERSION; | |
141 | ofm->header.type = OFPT_FLOW_MOD; | |
142 | ofm->header.length = htons(size); | |
143 | ofm->cookie = 0; | |
144 | ofm->match.wildcards = htonl(0); | |
145 | ofm->match.in_port = htons(flow->in_port == ODPP_LOCAL ? OFPP_LOCAL | |
146 | : flow->in_port); | |
147 | memcpy(ofm->match.dl_src, flow->dl_src, sizeof ofm->match.dl_src); | |
148 | memcpy(ofm->match.dl_dst, flow->dl_dst, sizeof ofm->match.dl_dst); | |
149 | ofm->match.dl_vlan = flow->dl_vlan; | |
150 | ofm->match.dl_vlan_pcp = flow->dl_vlan_pcp; | |
151 | ofm->match.dl_type = flow->dl_type; | |
152 | ofm->match.nw_src = flow->nw_src; | |
153 | ofm->match.nw_dst = flow->nw_dst; | |
154 | ofm->match.nw_proto = flow->nw_proto; | |
155 | ofm->match.nw_tos = flow->nw_tos; | |
156 | ofm->match.tp_src = flow->tp_src; | |
157 | ofm->match.tp_dst = flow->tp_dst; | |
158 | ofm->command = htons(command); | |
159 | return out; | |
160 | } | |
161 | ||
162 | struct ofpbuf * | |
163 | make_add_flow(const flow_t *flow, uint32_t buffer_id, | |
164 | uint16_t idle_timeout, size_t actions_len) | |
165 | { | |
166 | struct ofpbuf *out = make_flow_mod(OFPFC_ADD, flow, actions_len); | |
167 | struct ofp_flow_mod *ofm = out->data; | |
168 | ofm->idle_timeout = htons(idle_timeout); | |
169 | ofm->hard_timeout = htons(OFP_FLOW_PERMANENT); | |
170 | ofm->buffer_id = htonl(buffer_id); | |
171 | return out; | |
172 | } | |
173 | ||
174 | struct ofpbuf * | |
175 | make_del_flow(const flow_t *flow) | |
176 | { | |
177 | struct ofpbuf *out = make_flow_mod(OFPFC_DELETE_STRICT, flow, 0); | |
178 | struct ofp_flow_mod *ofm = out->data; | |
179 | ofm->out_port = htons(OFPP_NONE); | |
180 | return out; | |
181 | } | |
182 | ||
183 | struct ofpbuf * | |
184 | make_add_simple_flow(const flow_t *flow, | |
185 | uint32_t buffer_id, uint16_t out_port, | |
186 | uint16_t idle_timeout) | |
187 | { | |
188 | struct ofp_action_output *oao; | |
189 | struct ofpbuf *buffer = make_add_flow(flow, buffer_id, idle_timeout, | |
190 | sizeof *oao); | |
191 | oao = ofpbuf_put_zeros(buffer, sizeof *oao); | |
192 | oao->type = htons(OFPAT_OUTPUT); | |
193 | oao->len = htons(sizeof *oao); | |
194 | oao->port = htons(out_port); | |
195 | return buffer; | |
196 | } | |
197 | ||
198 | struct ofpbuf * | |
199 | make_packet_in(uint32_t buffer_id, uint16_t in_port, uint8_t reason, | |
200 | const struct ofpbuf *payload, int max_send_len) | |
201 | { | |
202 | struct ofp_packet_in *opi; | |
203 | struct ofpbuf *buf; | |
204 | int send_len; | |
205 | ||
206 | send_len = MIN(max_send_len, payload->size); | |
207 | buf = ofpbuf_new(sizeof *opi + send_len); | |
208 | opi = put_openflow_xid(offsetof(struct ofp_packet_in, data), | |
209 | OFPT_PACKET_IN, 0, buf); | |
210 | opi->buffer_id = htonl(buffer_id); | |
211 | opi->total_len = htons(payload->size); | |
212 | opi->in_port = htons(in_port); | |
213 | opi->reason = reason; | |
214 | ofpbuf_put(buf, payload->data, send_len); | |
215 | update_openflow_length(buf); | |
216 | ||
217 | return buf; | |
218 | } | |
219 | ||
220 | struct ofpbuf * | |
221 | make_packet_out(const struct ofpbuf *packet, uint32_t buffer_id, | |
222 | uint16_t in_port, | |
223 | const struct ofp_action_header *actions, size_t n_actions) | |
224 | { | |
225 | size_t actions_len = n_actions * sizeof *actions; | |
226 | struct ofp_packet_out *opo; | |
227 | size_t size = sizeof *opo + actions_len + (packet ? packet->size : 0); | |
228 | struct ofpbuf *out = ofpbuf_new(size); | |
229 | ||
230 | opo = ofpbuf_put_uninit(out, sizeof *opo); | |
231 | opo->header.version = OFP_VERSION; | |
232 | opo->header.type = OFPT_PACKET_OUT; | |
233 | opo->header.length = htons(size); | |
234 | opo->header.xid = htonl(0); | |
235 | opo->buffer_id = htonl(buffer_id); | |
236 | opo->in_port = htons(in_port == ODPP_LOCAL ? OFPP_LOCAL : in_port); | |
237 | opo->actions_len = htons(actions_len); | |
238 | ofpbuf_put(out, actions, actions_len); | |
239 | if (packet) { | |
240 | ofpbuf_put(out, packet->data, packet->size); | |
241 | } | |
242 | return out; | |
243 | } | |
244 | ||
245 | struct ofpbuf * | |
246 | make_unbuffered_packet_out(const struct ofpbuf *packet, | |
247 | uint16_t in_port, uint16_t out_port) | |
248 | { | |
249 | struct ofp_action_output action; | |
250 | action.type = htons(OFPAT_OUTPUT); | |
251 | action.len = htons(sizeof action); | |
252 | action.port = htons(out_port); | |
253 | return make_packet_out(packet, UINT32_MAX, in_port, | |
254 | (struct ofp_action_header *) &action, 1); | |
255 | } | |
256 | ||
257 | struct ofpbuf * | |
258 | make_buffered_packet_out(uint32_t buffer_id, | |
259 | uint16_t in_port, uint16_t out_port) | |
260 | { | |
261 | struct ofp_action_output action; | |
262 | action.type = htons(OFPAT_OUTPUT); | |
263 | action.len = htons(sizeof action); | |
264 | action.port = htons(out_port); | |
265 | return make_packet_out(NULL, buffer_id, in_port, | |
266 | (struct ofp_action_header *) &action, 1); | |
267 | } | |
268 | ||
269 | /* Creates and returns an OFPT_ECHO_REQUEST message with an empty payload. */ | |
270 | struct ofpbuf * | |
271 | make_echo_request(void) | |
272 | { | |
273 | struct ofp_header *rq; | |
274 | struct ofpbuf *out = ofpbuf_new(sizeof *rq); | |
275 | rq = ofpbuf_put_uninit(out, sizeof *rq); | |
276 | rq->version = OFP_VERSION; | |
277 | rq->type = OFPT_ECHO_REQUEST; | |
278 | rq->length = htons(sizeof *rq); | |
279 | rq->xid = 0; | |
280 | return out; | |
281 | } | |
282 | ||
283 | /* Creates and returns an OFPT_ECHO_REPLY message matching the | |
284 | * OFPT_ECHO_REQUEST message in 'rq'. */ | |
285 | struct ofpbuf * | |
286 | make_echo_reply(const struct ofp_header *rq) | |
287 | { | |
288 | size_t size = ntohs(rq->length); | |
289 | struct ofpbuf *out = ofpbuf_new(size); | |
290 | struct ofp_header *reply = ofpbuf_put(out, rq, size); | |
291 | reply->type = OFPT_ECHO_REPLY; | |
292 | return out; | |
293 | } | |
294 | ||
295 | static int | |
296 | check_message_type(uint8_t got_type, uint8_t want_type) | |
297 | { | |
298 | if (got_type != want_type) { | |
299 | char *want_type_name = ofp_message_type_to_string(want_type); | |
300 | char *got_type_name = ofp_message_type_to_string(got_type); | |
301 | VLOG_WARN_RL(&bad_ofmsg_rl, | |
302 | "received bad message type %s (expected %s)", | |
303 | got_type_name, want_type_name); | |
304 | free(want_type_name); | |
305 | free(got_type_name); | |
306 | return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_TYPE); | |
307 | } | |
308 | return 0; | |
309 | } | |
310 | ||
311 | /* Checks that 'msg' has type 'type' and that it is exactly 'size' bytes long. | |
312 | * Returns 0 if the checks pass, otherwise an OpenFlow error code (produced | |
313 | * with ofp_mkerr()). */ | |
314 | int | |
315 | check_ofp_message(const struct ofp_header *msg, uint8_t type, size_t size) | |
316 | { | |
317 | size_t got_size; | |
318 | int error; | |
319 | ||
320 | error = check_message_type(msg->type, type); | |
321 | if (error) { | |
322 | return error; | |
323 | } | |
324 | ||
325 | got_size = ntohs(msg->length); | |
326 | if (got_size != size) { | |
327 | char *type_name = ofp_message_type_to_string(type); | |
328 | VLOG_WARN_RL(&bad_ofmsg_rl, | |
329 | "received %s message of length %zu (expected %zu)", | |
330 | type_name, got_size, size); | |
331 | free(type_name); | |
332 | return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN); | |
333 | } | |
334 | ||
335 | return 0; | |
336 | } | |
337 | ||
338 | /* Checks that 'msg' has type 'type' and that 'msg' is 'size' plus a | |
339 | * nonnegative integer multiple of 'array_elt_size' bytes long. Returns 0 if | |
340 | * the checks pass, otherwise an OpenFlow error code (produced with | |
341 | * ofp_mkerr()). | |
342 | * | |
343 | * If 'n_array_elts' is nonnull, then '*n_array_elts' is set to the number of | |
344 | * 'array_elt_size' blocks in 'msg' past the first 'min_size' bytes, when | |
345 | * successful. */ | |
346 | int | |
347 | check_ofp_message_array(const struct ofp_header *msg, uint8_t type, | |
348 | size_t min_size, size_t array_elt_size, | |
349 | size_t *n_array_elts) | |
350 | { | |
351 | size_t got_size; | |
352 | int error; | |
353 | ||
354 | assert(array_elt_size); | |
355 | ||
356 | error = check_message_type(msg->type, type); | |
357 | if (error) { | |
358 | return error; | |
359 | } | |
360 | ||
361 | got_size = ntohs(msg->length); | |
362 | if (got_size < min_size) { | |
363 | char *type_name = ofp_message_type_to_string(type); | |
364 | VLOG_WARN_RL(&bad_ofmsg_rl, "received %s message of length %zu " | |
365 | "(expected at least %zu)", | |
366 | type_name, got_size, min_size); | |
367 | free(type_name); | |
368 | return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN); | |
369 | } | |
370 | if ((got_size - min_size) % array_elt_size) { | |
371 | char *type_name = ofp_message_type_to_string(type); | |
372 | VLOG_WARN_RL(&bad_ofmsg_rl, | |
373 | "received %s message of bad length %zu: the " | |
374 | "excess over %zu (%zu) is not evenly divisible by %zu " | |
375 | "(remainder is %zu)", | |
376 | type_name, got_size, min_size, got_size - min_size, | |
377 | array_elt_size, (got_size - min_size) % array_elt_size); | |
378 | free(type_name); | |
379 | return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN); | |
380 | } | |
381 | if (n_array_elts) { | |
382 | *n_array_elts = (got_size - min_size) / array_elt_size; | |
383 | } | |
384 | return 0; | |
385 | } | |
386 | ||
387 | int | |
388 | check_ofp_packet_out(const struct ofp_header *oh, struct ofpbuf *data, | |
389 | int *n_actionsp, int max_ports) | |
390 | { | |
391 | const struct ofp_packet_out *opo; | |
392 | unsigned int actions_len, n_actions; | |
393 | size_t extra; | |
394 | int error; | |
395 | ||
396 | *n_actionsp = 0; | |
397 | error = check_ofp_message_array(oh, OFPT_PACKET_OUT, | |
398 | sizeof *opo, 1, &extra); | |
399 | if (error) { | |
400 | return error; | |
401 | } | |
402 | opo = (const struct ofp_packet_out *) oh; | |
403 | ||
404 | actions_len = ntohs(opo->actions_len); | |
405 | if (actions_len > extra) { | |
406 | VLOG_WARN_RL(&bad_ofmsg_rl, "packet-out claims %u bytes of actions " | |
407 | "but message has room for only %zu bytes", | |
408 | actions_len, extra); | |
409 | return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN); | |
410 | } | |
411 | if (actions_len % sizeof(union ofp_action)) { | |
412 | VLOG_WARN_RL(&bad_ofmsg_rl, "packet-out claims %u bytes of actions, " | |
413 | "which is not a multiple of %zu", | |
414 | actions_len, sizeof(union ofp_action)); | |
415 | return ofp_mkerr(OFPET_BAD_REQUEST, OFPBRC_BAD_LEN); | |
416 | } | |
417 | ||
418 | n_actions = actions_len / sizeof(union ofp_action); | |
419 | error = validate_actions((const union ofp_action *) opo->actions, | |
420 | n_actions, max_ports); | |
421 | if (error) { | |
422 | return error; | |
423 | } | |
424 | ||
425 | data->data = (void *) &opo->actions[n_actions]; | |
426 | data->size = extra - actions_len; | |
427 | *n_actionsp = n_actions; | |
428 | return 0; | |
429 | } | |
430 | ||
431 | const struct ofp_flow_stats * | |
432 | flow_stats_first(struct flow_stats_iterator *iter, | |
433 | const struct ofp_stats_reply *osr) | |
434 | { | |
435 | iter->pos = osr->body; | |
436 | iter->end = osr->body + (ntohs(osr->header.length) | |
437 | - offsetof(struct ofp_stats_reply, body)); | |
438 | return flow_stats_next(iter); | |
439 | } | |
440 | ||
441 | const struct ofp_flow_stats * | |
442 | flow_stats_next(struct flow_stats_iterator *iter) | |
443 | { | |
444 | ptrdiff_t bytes_left = iter->end - iter->pos; | |
445 | const struct ofp_flow_stats *fs; | |
446 | size_t length; | |
447 | ||
448 | if (bytes_left < sizeof *fs) { | |
449 | if (bytes_left != 0) { | |
450 | VLOG_WARN_RL(&bad_ofmsg_rl, | |
451 | "%td leftover bytes in flow stats reply", bytes_left); | |
452 | } | |
453 | return NULL; | |
454 | } | |
455 | ||
456 | fs = (const void *) iter->pos; | |
457 | length = ntohs(fs->length); | |
458 | if (length < sizeof *fs) { | |
459 | VLOG_WARN_RL(&bad_ofmsg_rl, "flow stats length %zu is shorter than " | |
460 | "min %zu", length, sizeof *fs); | |
461 | return NULL; | |
462 | } else if (length > bytes_left) { | |
463 | VLOG_WARN_RL(&bad_ofmsg_rl, "flow stats length %zu but only %td " | |
464 | "bytes left", length, bytes_left); | |
465 | return NULL; | |
466 | } else if ((length - sizeof *fs) % sizeof fs->actions[0]) { | |
467 | VLOG_WARN_RL(&bad_ofmsg_rl, "flow stats length %zu has %zu bytes " | |
468 | "left over in final action", length, | |
469 | (length - sizeof *fs) % sizeof fs->actions[0]); | |
470 | return NULL; | |
471 | } | |
472 | iter->pos += length; | |
473 | return fs; | |
474 | } | |
475 | ||
476 | /* Alignment of ofp_actions. */ | |
477 | #define ACTION_ALIGNMENT 8 | |
478 | ||
479 | static int | |
480 | check_action_exact_len(const union ofp_action *a, unsigned int len, | |
481 | unsigned int required_len) | |
482 | { | |
483 | if (len != required_len) { | |
484 | VLOG_DBG_RL(&bad_ofmsg_rl, | |
485 | "action %u has invalid length %"PRIu16" (must be %u)\n", | |
486 | a->type, ntohs(a->header.len), required_len); | |
487 | return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); | |
488 | } | |
489 | return 0; | |
490 | } | |
491 | ||
492 | static int | |
493 | check_action_port(int port, int max_ports) | |
494 | { | |
495 | switch (port) { | |
496 | case OFPP_IN_PORT: | |
497 | case OFPP_TABLE: | |
498 | case OFPP_NORMAL: | |
499 | case OFPP_FLOOD: | |
500 | case OFPP_ALL: | |
501 | case OFPP_CONTROLLER: | |
502 | case OFPP_LOCAL: | |
503 | return 0; | |
504 | ||
505 | default: | |
506 | if (port >= 0 && port < max_ports) { | |
507 | return 0; | |
508 | } | |
509 | VLOG_WARN_RL(&bad_ofmsg_rl, "unknown output port %x", port); | |
510 | return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_OUT_PORT); | |
511 | } | |
512 | } | |
513 | ||
514 | static int | |
515 | check_nicira_action(const union ofp_action *a, unsigned int len) | |
516 | { | |
517 | const struct nx_action_header *nah; | |
518 | ||
519 | if (len < 16) { | |
520 | VLOG_DBG_RL(&bad_ofmsg_rl, | |
521 | "Nicira vendor action only %u bytes", len); | |
522 | return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); | |
523 | } | |
524 | nah = (const struct nx_action_header *) a; | |
525 | ||
526 | switch (ntohs(nah->subtype)) { | |
527 | case NXAST_RESUBMIT: | |
528 | case NXAST_SET_TUNNEL: | |
529 | return check_action_exact_len(a, len, 16); | |
530 | default: | |
531 | return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_VENDOR_TYPE); | |
532 | } | |
533 | } | |
534 | ||
535 | static int | |
536 | check_action(const union ofp_action *a, unsigned int len, int max_ports) | |
537 | { | |
538 | int error; | |
539 | ||
540 | switch (ntohs(a->type)) { | |
541 | case OFPAT_OUTPUT: | |
542 | error = check_action_port(ntohs(a->output.port), max_ports); | |
543 | return error ? error : check_action_exact_len(a, len, 8); | |
544 | ||
545 | case OFPAT_SET_VLAN_VID: | |
546 | case OFPAT_SET_VLAN_PCP: | |
547 | case OFPAT_STRIP_VLAN: | |
548 | case OFPAT_SET_NW_SRC: | |
549 | case OFPAT_SET_NW_DST: | |
550 | case OFPAT_SET_NW_TOS: | |
551 | case OFPAT_SET_TP_SRC: | |
552 | case OFPAT_SET_TP_DST: | |
553 | return check_action_exact_len(a, len, 8); | |
554 | ||
555 | case OFPAT_SET_DL_SRC: | |
556 | case OFPAT_SET_DL_DST: | |
557 | return check_action_exact_len(a, len, 16); | |
558 | ||
559 | case OFPAT_VENDOR: | |
560 | return (a->vendor.vendor == htonl(NX_VENDOR_ID) | |
561 | ? check_nicira_action(a, len) | |
562 | : ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_VENDOR)); | |
563 | ||
564 | default: | |
565 | VLOG_WARN_RL(&bad_ofmsg_rl, "unknown action type %"PRIu16, | |
566 | ntohs(a->type)); | |
567 | return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_TYPE); | |
568 | } | |
569 | } | |
570 | ||
571 | int | |
572 | validate_actions(const union ofp_action *actions, size_t n_actions, | |
573 | int max_ports) | |
574 | { | |
575 | const union ofp_action *a; | |
576 | ||
577 | for (a = actions; a < &actions[n_actions]; ) { | |
578 | unsigned int len = ntohs(a->header.len); | |
579 | unsigned int n_slots = len / ACTION_ALIGNMENT; | |
580 | unsigned int slots_left = &actions[n_actions] - a; | |
581 | int error; | |
582 | ||
583 | if (n_slots > slots_left) { | |
584 | VLOG_DBG_RL(&bad_ofmsg_rl, | |
585 | "action requires %u slots but only %u remain", | |
586 | n_slots, slots_left); | |
587 | return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); | |
588 | } else if (!len) { | |
589 | VLOG_DBG_RL(&bad_ofmsg_rl, "action has invalid length 0"); | |
590 | return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); | |
591 | } else if (len % ACTION_ALIGNMENT) { | |
592 | VLOG_DBG_RL(&bad_ofmsg_rl, "action length %u is not a multiple " | |
593 | "of %d", len, ACTION_ALIGNMENT); | |
594 | return ofp_mkerr(OFPET_BAD_ACTION, OFPBAC_BAD_LEN); | |
595 | } | |
596 | ||
597 | error = check_action(a, len, max_ports); | |
598 | if (error) { | |
599 | return error; | |
600 | } | |
601 | a += n_slots; | |
602 | } | |
603 | return 0; | |
604 | } | |
605 | ||
606 | /* The set of actions must either come from a trusted source or have been | |
607 | * previously validated with validate_actions(). */ | |
608 | const union ofp_action * | |
609 | actions_first(struct actions_iterator *iter, | |
610 | const union ofp_action *oa, size_t n_actions) | |
611 | { | |
612 | iter->pos = oa; | |
613 | iter->end = oa + n_actions; | |
614 | return actions_next(iter); | |
615 | } | |
616 | ||
617 | const union ofp_action * | |
618 | actions_next(struct actions_iterator *iter) | |
619 | { | |
620 | if (iter->pos < iter->end) { | |
621 | const union ofp_action *a = iter->pos; | |
622 | unsigned int len = ntohs(a->header.len); | |
623 | iter->pos += len / ACTION_ALIGNMENT; | |
624 | return a; | |
625 | } else { | |
626 | return NULL; | |
627 | } | |
628 | } | |
629 | ||
630 | void | |
631 | normalize_match(struct ofp_match *m) | |
632 | { | |
633 | enum { OFPFW_NW = OFPFW_NW_SRC_MASK | OFPFW_NW_DST_MASK | OFPFW_NW_PROTO }; | |
634 | enum { OFPFW_TP = OFPFW_TP_SRC | OFPFW_TP_DST }; | |
635 | uint32_t wc; | |
636 | ||
637 | wc = ntohl(m->wildcards) & OVSFW_ALL; | |
638 | if (wc & OFPFW_DL_TYPE) { | |
639 | m->dl_type = 0; | |
640 | ||
641 | /* Can't sensibly match on network or transport headers if the | |
642 | * data link type is unknown. */ | |
643 | wc |= OFPFW_NW | OFPFW_TP; | |
644 | m->nw_src = m->nw_dst = m->nw_proto = 0; | |
645 | m->tp_src = m->tp_dst = 0; | |
646 | } else if (m->dl_type == htons(ETH_TYPE_IP)) { | |
647 | if (wc & OFPFW_NW_PROTO) { | |
648 | m->nw_proto = 0; | |
649 | ||
650 | /* Can't sensibly match on transport headers if the network | |
651 | * protocol is unknown. */ | |
652 | wc |= OFPFW_TP; | |
653 | m->tp_src = m->tp_dst = 0; | |
654 | } else if (m->nw_proto == IPPROTO_TCP || | |
655 | m->nw_proto == IPPROTO_UDP || | |
656 | m->nw_proto == IPPROTO_ICMP) { | |
657 | if (wc & OFPFW_TP_SRC) { | |
658 | m->tp_src = 0; | |
659 | } | |
660 | if (wc & OFPFW_TP_DST) { | |
661 | m->tp_dst = 0; | |
662 | } | |
663 | } else { | |
664 | /* Transport layer fields will always be extracted as zeros, so we | |
665 | * can do an exact-match on those values. */ | |
666 | wc &= ~OFPFW_TP; | |
667 | m->tp_src = m->tp_dst = 0; | |
668 | } | |
669 | if (wc & OFPFW_NW_SRC_MASK) { | |
670 | m->nw_src &= flow_nw_bits_to_mask(wc, OFPFW_NW_SRC_SHIFT); | |
671 | } | |
672 | if (wc & OFPFW_NW_DST_MASK) { | |
673 | m->nw_dst &= flow_nw_bits_to_mask(wc, OFPFW_NW_DST_SHIFT); | |
674 | } | |
675 | } else if (m->dl_type == htons(ETH_TYPE_ARP)) { | |
676 | if (wc & OFPFW_NW_PROTO) { | |
677 | m->nw_proto = 0; | |
678 | } | |
679 | if (wc & OFPFW_NW_SRC_MASK) { | |
680 | m->nw_src &= flow_nw_bits_to_mask(wc, OFPFW_NW_SRC_SHIFT); | |
681 | } | |
682 | if (wc & OFPFW_NW_DST_MASK) { | |
683 | m->nw_dst &= flow_nw_bits_to_mask(wc, OFPFW_NW_DST_SHIFT); | |
684 | } | |
685 | m->tp_src = m->tp_dst = 0; | |
686 | } else { | |
687 | /* Network and transport layer fields will always be extracted as | |
688 | * zeros, so we can do an exact-match on those values. */ | |
689 | wc &= ~(OFPFW_NW | OFPFW_TP); | |
690 | m->nw_proto = m->nw_src = m->nw_dst = 0; | |
691 | m->tp_src = m->tp_dst = 0; | |
692 | } | |
693 | if (wc & OFPFW_DL_SRC) { | |
694 | memset(m->dl_src, 0, sizeof m->dl_src); | |
695 | } | |
696 | if (wc & OFPFW_DL_DST) { | |
697 | memset(m->dl_dst, 0, sizeof m->dl_dst); | |
698 | } | |
699 | m->wildcards = htonl(wc); | |
700 | } | |
701 |