]> git.proxmox.com Git - ovs.git/blame - ofproto/ofproto-dpif-xlate.c
projects / ovs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
netdev: Avoid leaking seq in netdev_open() error path.
[ovs.git] / ofproto / ofproto-dpif-xlate.c
CommitLineData
9bfe9334 1/* Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 Nicira, Inc.
9583bc14
EJ		 2 *
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License. */
14
15#include <config.h>
16
17#include "ofproto/ofproto-dpif-xlate.h"
18
8449c4d6 19#include <errno.h>
a36de779
PS		 20#include <arpa/inet.h>
21#include <net/if.h>
22#include <sys/socket.h>
23#include <netinet/in.h>
8449c4d6 24
db7d4e46 25#include "bfd.h"
9583bc14
EJ		 26#include "bitmap.h"
27#include "bond.h"
28#include "bundle.h"
29#include "byte-order.h"
db7d4e46 30#include "cfm.h"
9583bc14
EJ		 31#include "connmgr.h"
32#include "coverage.h"
e14deea0 33#include "dp-packet.h"
9583bc14 34#include "dpif.h"
f7f1ea29 35#include "in-band.h"
db7d4e46 36#include "lacp.h"
9583bc14
EJ		 37#include "learn.h"
38#include "mac-learning.h"
6d95c4e8 39#include "mcast-snooping.h"
9583bc14
EJ		 40#include "multipath.h"
41#include "netdev-vport.h"
42#include "netlink.h"
43#include "nx-match.h"
44#include "odp-execute.h"
9583bc14 45#include "ofproto/ofproto-dpif-ipfix.h"
ec7ceaed 46#include "ofproto/ofproto-dpif-mirror.h"
60d02c72 47#include "ofproto/ofproto-dpif-monitor.h"
9583bc14 48#include "ofproto/ofproto-dpif-sflow.h"
901a517e 49#include "ofproto/ofproto-dpif-xlate-cache.h"
9583bc14 50#include "ofproto/ofproto-dpif.h"
6f00e29b 51#include "ofproto/ofproto-provider.h"
b598f214
BW		 52#include "openvswitch/dynamic-string.h"
53#include "openvswitch/meta-flow.h"
54#include "openvswitch/list.h"
55#include "openvswitch/ofp-actions.h"
56#include "openvswitch/vlog.h"
57#include "ovs-lldp.h"
a36de779 58#include "ovs-router.h"
b598f214
BW		 59#include "packets.h"
60#include "tnl-neigh-cache.h"
a36de779 61#include "tnl-ports.h"
9583bc14 62#include "tunnel.h"
ee89ea7b 63#include "util.h"
9583bc14 64
46c88433 65COVERAGE_DEFINE(xlate_actions);
0f032e95 66COVERAGE_DEFINE(xlate_actions_oversize);
7d031d7e 67COVERAGE_DEFINE(xlate_actions_too_many_output);
9583bc14
EJ		 68
69VLOG_DEFINE_THIS_MODULE(ofproto_dpif_xlate);
70
8a553e9a 71/* Maximum depth of flow table recursion (due to resubmit actions) in a
790c5d26
BP		 72 * flow translation.
73 *
74 * The goal of limiting the depth of resubmits is to ensure that flow
75 * translation eventually terminates. Only resubmits to the same table or an
76 * earlier table count against the maximum depth. This is because resubmits to
77 * strictly monotonically increasing table IDs will eventually terminate, since
78 * any OpenFlow switch has a finite number of tables. OpenFlow tables are most
79 * commonly traversed in numerically increasing order, so this limit has little
80 * effect on conventionally designed OpenFlow pipelines.
81 *
82 * Outputs to patch ports and to groups also count against the depth limit. */
83#define MAX_DEPTH 64
8a553e9a 84
98b07853
BP		 85/* Maximum number of resubmit actions in a flow translation, whether they are
86 * recursive or not. */
790c5d26 87#define MAX_RESUBMITS (MAX_DEPTH * MAX_DEPTH)
98b07853 88
46c88433
EJ		 89struct xbridge {
90 struct hmap_node hmap_node; /* Node in global 'xbridges' map. */
91 struct ofproto_dpif *ofproto; /* Key in global 'xbridges' map. */
92
ca6ba700 93 struct ovs_list xbundles; /* Owned xbundles. */
46c88433
EJ		 94 struct hmap xports; /* Indexed by ofp_port. */
95
96 char *name; /* Name used in log messages. */
89a8a7f0 97 struct dpif *dpif; /* Datapath interface. */
46c88433 98 struct mac_learning *ml; /* Mac learning handle. */
6d95c4e8 99 struct mcast_snooping *ms; /* Multicast Snooping handle. */
46c88433
EJ		 100 struct mbridge *mbridge; /* Mirroring. */
101 struct dpif_sflow *sflow; /* SFlow handle, or null. */
102 struct dpif_ipfix *ipfix; /* Ipfix handle, or null. */
ce3955be 103 struct netflow *netflow; /* Netflow handle, or null. */
9d189a50 104 struct stp *stp; /* STP or null if disabled. */
9efd308e 105 struct rstp *rstp; /* RSTP or null if disabled. */
46c88433 106
46c88433
EJ		 107 bool has_in_band; /* Bridge has in band control? */
108 bool forward_bpdu; /* Bridge forwards STP BPDUs? */
4b97b70d 109
b440dd8c
JS		 110 /* Datapath feature support. */
111 struct dpif_backer_support support;
46c88433
EJ		 112};
113
114struct xbundle {
115 struct hmap_node hmap_node; /* In global 'xbundles' map. */
116 struct ofbundle *ofbundle; /* Key in global 'xbundles' map. */
117
ca6ba700 118 struct ovs_list list_node; /* In parent 'xbridges' list. */
46c88433
EJ		 119 struct xbridge *xbridge; /* Parent xbridge. */
120
ca6ba700 121 struct ovs_list xports; /* Contains "struct xport"s. */
46c88433
EJ		 122
123 char *name; /* Name used in log messages. */
124 struct bond *bond; /* Nonnull iff more than one port. */
125 struct lacp *lacp; /* LACP handle or null. */
126
127 enum port_vlan_mode vlan_mode; /* VLAN mode. */
128 int vlan; /* -1=trunk port, else a 12-bit VLAN ID. */
129 unsigned long *trunks; /* Bitmap of trunked VLANs, if 'vlan' == -1.
130 * NULL if all VLANs are trunked. */
131 bool use_priority_tags; /* Use 802.1p tag for frames in VLAN 0? */
132 bool floodable; /* No port has OFPUTIL_PC_NO_FLOOD set? */
133};
134
135struct xport {
136 struct hmap_node hmap_node; /* Node in global 'xports' map. */
137 struct ofport_dpif *ofport; /* Key in global 'xports map. */
138
139 struct hmap_node ofp_node; /* Node in parent xbridge 'xports' map. */
140 ofp_port_t ofp_port; /* Key in parent xbridge 'xports' map. */
141
142 odp_port_t odp_port; /* Datapath port number or ODPP_NONE. */
143
ca6ba700 144 struct ovs_list bundle_node; /* In parent xbundle (if it exists). */
46c88433
EJ		 145 struct xbundle *xbundle; /* Parent xbundle or null. */
146
147 struct netdev *netdev; /* 'ofport''s netdev. */
148
149 struct xbridge *xbridge; /* Parent bridge. */
150 struct xport *peer; /* Patch port peer or null. */
151
152 enum ofputil_port_config config; /* OpenFlow port configuration. */
dd8cd4b4 153 enum ofputil_port_state state; /* OpenFlow port state. */
92cf817b 154 int stp_port_no; /* STP port number or -1 if not in use. */
f025bcb7 155 struct rstp_port *rstp_port; /* RSTP port or null. */
46c88433 156
55954f6e
EJ		 157 struct hmap skb_priorities; /* Map of 'skb_priority_to_dscp's. */
158
46c88433
EJ		 159 bool may_enable; /* May be enabled in bonds. */
160 bool is_tunnel; /* Is a tunnel port. */
161
162 struct cfm *cfm; /* CFM handle or null. */
163 struct bfd *bfd; /* BFD handle or null. */
0477baa9 164 struct lldp *lldp; /* LLDP handle or null. */
46c88433
EJ		 165};
166
4d0acc70
EJ		 167struct xlate_ctx {
168 struct xlate_in *xin;
169 struct xlate_out *xout;
170
46c88433 171 const struct xbridge *xbridge;
4d0acc70
EJ		 172
173 /* Flow at the last commit. */
174 struct flow base_flow;
175
176 /* Tunnel IP destination address as received. This is stored separately
177 * as the base_flow.tunnel is cleared on init to reflect the datapath
178 * behavior. Used to make sure not to send tunneled output to ourselves,
179 * which might lead to an infinite loop. This could happen easily
180 * if a tunnel is marked as 'ip_remote=flow', and the flow does not
181 * actually set the tun_dst field. */
e4d3706c 182 struct in6_addr orig_tunnel_ipv6_dst;
4d0acc70
EJ		 183
184 /* Stack for the push and pop actions. Each stack element is of type
185 * "union mf_subvalue". */
4d0acc70
EJ		 186 struct ofpbuf stack;
187
188 /* The rule that we are currently translating, or NULL. */
189 struct rule_dpif *rule;
190
49a73e0c
BP		 191 /* Flow translation populates this with wildcards relevant in translation.
192 * When 'xin->wc' is nonnull, this is the same pointer. When 'xin->wc' is
c0e638aa 193 * null, this is a pointer to a temporary buffer. */
49a73e0c
BP		 194 struct flow_wildcards *wc;
195
1520ef4f
BP		 196 /* Output buffer for datapath actions. When 'xin->odp_actions' is nonnull,
197 * this is the same pointer. When 'xin->odp_actions' is null, this points
198 * to a scratch ofpbuf. This allows code to add actions to
199 * 'ctx->odp_actions' without worrying about whether the caller really
200 * wants actions. */
201 struct ofpbuf *odp_actions;
202
790c5d26
BP		 203 /* Statistics maintained by xlate_table_action().
204 *
205 * 'indentation' is the nesting level for resubmits. It is used to indent
206 * the output of resubmit_hook (e.g. for the "ofproto/trace" feature).
207 *
208 * The other statistics limit the amount of work that a single flow
209 * translation can perform. The goal of the first of these, 'depth', is
210 * primarily to prevent translation from performing an infinite amount of
211 * work. It counts the current depth of nested "resubmit"s (and a few
212 * other activities); when a resubmit returns, it decreases. Resubmits to
213 * tables in strictly monotonically increasing order don't contribute to
214 * 'depth' because they cannot cause a flow translation to take an infinite
215 * amount of time (because the number of tables is finite). Translation
216 * aborts when 'depth' exceeds MAX_DEPTH.
217 *
218 * 'resubmits', on the other hand, prevents flow translation from
219 * performing an extraordinarily large while still finite amount of work.
220 * It counts the total number of resubmits (and a few other activities)
221 * that have been executed. Returning from a resubmit does not affect this
222 * counter. Thus, this limits the amount of work that a particular
223 * translation can perform. Translation aborts when 'resubmits' exceeds
224 * MAX_RESUBMITS (which is much larger than MAX_DEPTH).
225 */
226 int indentation; /* Indentation level for resubmit_hook. */
227 int depth; /* Current resubmit nesting depth. */
98b07853 228 int resubmits; /* Total number of resubmits. */
5a070238 229 bool in_group; /* Currently translating ofgroup, if true. */
029ca940 230 bool in_action_set; /* Currently translating action_set, if true. */
98b07853 231
4d0acc70 232 uint8_t table_id; /* OpenFlow table ID where flow was found. */
8b1e5560
JR		 233 ovs_be64 rule_cookie; /* Cookie of the rule being translated. */
234 uint32_t orig_skb_priority; /* Priority when packet arrived. */
4d0acc70 235 uint32_t sflow_n_outputs; /* Number of output ports. */
4e022ec0 236 odp_port_t sflow_odp_port; /* Output port for composing sFlow action. */
2031ef97 237 ofp_port_t nf_output_iface; /* Output interface index for NetFlow. */
4d0acc70 238 bool exit; /* No further actions should be processed. */
3d6151f3 239 mirror_mask_t mirrors; /* Bitmap of associated mirrors. */
1356dbd1 240 int mirror_snaplen; /* Max size of a mirror packet in byte. */
7fdb60a7 241
1d361a81
BP		 242 /* Freezing Translation
243 * ====================
e672ff9b 244 *
1d361a81
BP		 245 * At some point during translation, the code may recognize the need to halt
246 * and checkpoint the translation in a way that it can be restarted again
247 * later. We call the checkpointing process "freezing" and the restarting
248 * process "thawing".
e672ff9b 249 *
1d361a81 250 * The use cases for freezing are:
e672ff9b 251 *
1d361a81
BP		 252 * - "Recirculation", where the translation process discovers that it
253 * doesn't have enough information to complete translation without
254 * actually executing the actions that have already been translated,
255 * which provides the additionally needed information. In these
256 * situations, translation freezes translation and assigns the frozen
257 * data a unique "recirculation ID", which it associates with the data
258 * in a table in userspace (see ofproto-dpif-rid.h). It also adds a
259 * OVS_ACTION_ATTR_RECIRC action specifying that ID to the datapath
260 * actions. When a packet hits that action, the datapath looks its
261 * flow up again using the ID. If there's a miss, it comes back to
262 * userspace, which find the recirculation table entry for the ID,
263 * thaws the associated frozen data, and continues translation from
264 * that point given the additional information that is now known.
e672ff9b 265 *
1d361a81
BP		 266 * The archetypal example is MPLS. As MPLS is implemented in
267 * OpenFlow, the protocol that follows the last MPLS label becomes
268 * known only when that label is popped by an OpenFlow action. That
269 * means that Open vSwitch can't extract the headers beyond the MPLS
270 * labels until the pop action is executed. Thus, at that point
271 * translation uses the recirculation process to extract the headers
272 * beyond the MPLS labels.
e672ff9b 273 *
1d361a81
BP		 274 * (OVS also uses OVS_ACTION_ATTR_RECIRC to implement hashing for
275 * output to bonds. OVS pre-populates all the datapath flows for bond
276 * output in the datapath, though, which means that the elaborate
277 * process of coming back to userspace for a second round of
278 * translation isn't needed, and so bonds don't follow the above
279 * process.)
e672ff9b 280 *
77ab5fd2
BP		 281 * - "Continuation". A continuation is a way for an OpenFlow controller
282 * to interpose on a packet's traversal of the OpenFlow tables. When
283 * the translation process encounters a "controller" action with the
284 * "pause" flag, it freezes translation, serializes the frozen data,
285 * and sends it to an OpenFlow controller. The controller then
286 * examines and possibly modifies the frozen data and eventually sends
287 * it back to the switch, which thaws it and continues translation.
e672ff9b 288 *
1d361a81
BP		 289 * The main problem of freezing translation is preserving state, so that
290 * when the translation is thawed later it resumes from where it left off,
291 * without disruption. In particular, actions must be preserved as follows:
292 *
293 * - If we're freezing because an action needed more information, the
294 * action that prompted it.
295 *
296 * - Any actions remaining to be translated within the current flow.
297 *
298 * - If translation was frozen within a NXAST_RESUBMIT, then any actions
299 * following the resubmit action. Resubmit actions can be nested, so
300 * this has to go all the way up the control stack.
e672ff9b
JR		 301 *
302 * - The OpenFlow 1.1+ action set.
303 *
304 * State that actions and flow table lookups can depend on, such as the
305 * following, must also be preserved:
306 *
307 * - Metadata fields (input port, registers, OF1.1+ metadata, ...).
308 *
1d361a81 309 * - The stack used by NXAST_STACK_PUSH and NXAST_STACK_POP actions.
e672ff9b
JR		 310 *
311 * - The table ID and cookie of the flow being translated at each level
1d361a81
BP		 312 * of the control stack, because these can become visible through
313 * OFPAT_CONTROLLER actions (and other ways).
e672ff9b
JR		 314 *
315 * Translation allows for the control of this state preservation via these
1d361a81
BP		 316 * members. When a need to freeze translation is identified, the
317 * translation process:
e672ff9b 318 *
1d361a81 319 * 1. Sets 'freezing' to true.
e672ff9b
JR		 320 *
321 * 2. Sets 'exit' to true to tell later steps that we're exiting from the
322 * translation process.
323 *
1d361a81
BP		 324 * 3. Adds an OFPACT_UNROLL_XLATE action to 'frozen_actions', and points
325 * frozen_actions.header to the action to make it easy to find it later.
326 * This action holds the current table ID and cookie so that they can be
327 * restored during a post-recirculation upcall translation.
e672ff9b
JR		 328 *
329 * 4. Adds the action that prompted recirculation and any actions following
1d361a81 330 * it within the same flow to 'frozen_actions', so that they can be
8a5fb3b4 331 * executed during a post-recirculation upcall translation.
e672ff9b
JR		 332 *
333 * 5. Returns.
334 *
335 * 6. The action that prompted recirculation might be nested in a stack of
336 * nested "resubmit"s that have actions remaining. Each of these notices
1d361a81
BP		 337 * that we're exiting and freezing and responds by adding more
338 * OFPACT_UNROLL_XLATE actions to 'frozen_actions', as necessary,
339 * followed by any actions that were yet unprocessed.
e672ff9b 340 *
1d361a81
BP		 341 * If we're freezing because of recirculation, the caller generates a
342 * recirculation ID and associates all the state produced by this process
343 * with it. For post-recirculation upcall translation, the caller passes it
344 * back in for the new translation to execute. The process yielded a set of
345 * ofpacts that can be translated directly, so it is not much of a special
346 * case at that point.
e672ff9b 347 */
1d361a81 348 bool freezing;
53cc166a
JR		 349 bool recirc_update_dp_hash; /* Generated recirculation will be preceded
350 * by datapath HASH action to get an updated
351 * dp_hash after recirculation. */
352 uint32_t dp_hash_alg;
353 uint32_t dp_hash_basis;
1d361a81 354 struct ofpbuf frozen_actions;
77ab5fd2 355 const struct ofpact_controller *pause;
e672ff9b 356
e12ec36b
SH		 357 /* True if a packet was but is no longer MPLS (due to an MPLS pop action).
358 * This is a trigger for recirculation in cases where translating an action
359 * or looking up a flow requires access to the fields of the packet after
360 * the MPLS label stack that was originally present. */
361 bool was_mpls;
362
07659514
JS		 363 /* True if conntrack has been performed on this packet during processing
364 * on the current bridge. This is used to determine whether conntrack
1d361a81 365 * state from the datapath should be honored after thawing. */
07659514
JS		 366 bool conntracked;
367
9ac0aada
JR		 368 /* Pointer to an embedded NAT action in a conntrack action, or NULL. */
369 struct ofpact_nat *ct_nat_action;
370
7fdb60a7
SH		 371 /* OpenFlow 1.1+ action set.
372 *
373 * 'action_set' accumulates "struct ofpact"s added by OFPACT_WRITE_ACTIONS.
374 * When translation is otherwise complete, ofpacts_execute_action_set()
375 * converts it to a set of "struct ofpact"s that can be translated into
ed9c9e3e 376 * datapath actions. */
c61f3870 377 bool action_set_has_group; /* Action set contains OFPACT_GROUP? */
7fdb60a7 378 struct ofpbuf action_set; /* Action set. */
fff1b9c0
JR		 379
380 enum xlate_error error; /* Translation failed. */
4d0acc70
EJ		 381};
382
fff1b9c0
JR		 383const char *xlate_strerror(enum xlate_error error)
384{
385 switch (error) {
386 case XLATE_OK:
387 return "OK";
388 case XLATE_BRIDGE_NOT_FOUND:
389 return "Bridge not found";
390 case XLATE_RECURSION_TOO_DEEP:
391 return "Recursion too deep";
392 case XLATE_TOO_MANY_RESUBMITS:
393 return "Too many resubmits";
394 case XLATE_STACK_TOO_DEEP:
395 return "Stack too deep";
396 case XLATE_NO_RECIRCULATION_CONTEXT:
397 return "No recirculation context";
398 case XLATE_RECIRCULATION_CONFLICT:
399 return "Recirculation conflict";
400 case XLATE_TOO_MANY_MPLS_LABELS:
401 return "Too many MPLS labels";
8d8ab6c2
JG		 402 case XLATE_INVALID_TUNNEL_METADATA:
403 return "Invalid tunnel metadata";
fff1b9c0
JR		 404 }
405 return "Unknown error";
406}
407
ed9c9e3e 408static void xlate_action_set(struct xlate_ctx *ctx);
704bb0bf 409static void xlate_commit_actions(struct xlate_ctx *ctx);
ed9c9e3e 410
1d741d6d 411static void
1d361a81 412ctx_trigger_freeze(struct xlate_ctx *ctx)
1d741d6d
JR		 413{
414 ctx->exit = true;
1d361a81 415 ctx->freezing = true;
1d741d6d
JR		 416}
417
53cc166a
JR		 418static void
419ctx_trigger_recirculate_with_hash(struct xlate_ctx *ctx, uint32_t type,
420 uint32_t basis)
421{
422 ctx->exit = true;
423 ctx->freezing = true;
424 ctx->recirc_update_dp_hash = true;
425 ctx->dp_hash_alg = type;
426 ctx->dp_hash_basis = basis;
427}
428
1d741d6d 429static bool
1d361a81 430ctx_first_frozen_action(const struct xlate_ctx *ctx)
1d741d6d 431{
1d361a81 432 return !ctx->frozen_actions.size;
e672ff9b
JR		 433}
434
3293cb85 435static void
1d361a81 436ctx_cancel_freeze(struct xlate_ctx *ctx)
3293cb85 437{
1d361a81
BP		 438 if (ctx->freezing) {
439 ctx->freezing = false;
53cc166a 440 ctx->recirc_update_dp_hash = false;
1d361a81
BP		 441 ofpbuf_clear(&ctx->frozen_actions);
442 ctx->frozen_actions.header = NULL;
3293cb85
BP		 443 }
444}
445
77ab5fd2 446static void finish_freezing(struct xlate_ctx *ctx);
e672ff9b 447
9583bc14
EJ		 448/* A controller may use OFPP_NONE as the ingress port to indicate that
449 * it did not arrive on a "real" port. 'ofpp_none_bundle' exists for
450 * when an input bundle is needed for validation (e.g., mirroring or
451 * OFPP_NORMAL processing). It is not connected to an 'ofproto' or have
3548d242
BP		 452 * any 'port' structs, so care must be taken when dealing with it. */
453static struct xbundle ofpp_none_bundle = {
454 .name = "OFPP_NONE",
455 .vlan_mode = PORT_VLAN_TRUNK
456};
9583bc14 457
55954f6e
EJ		 458/* Node in 'xport''s 'skb_priorities' map. Used to maintain a map from
459 * 'priority' (the datapath's term for QoS queue) to the dscp bits which all
460 * traffic egressing the 'ofport' with that priority should be marked with. */
461struct skb_priority_to_dscp {
462 struct hmap_node hmap_node; /* Node in 'ofport_dpif''s 'skb_priorities'. */
463 uint32_t skb_priority; /* Priority of this queue (see struct flow). */
464
465 uint8_t dscp; /* DSCP bits to mark outgoing traffic with. */
466};
467
84f0f298
RW		 468/* Xlate config contains hash maps of all bridges, bundles and ports.
469 * Xcfgp contains the pointer to the current xlate configuration.
470 * When the main thread needs to change the configuration, it copies xcfgp to
471 * new_xcfg and edits new_xcfg. This enables the use of RCU locking which
472 * does not block handler and revalidator threads. */
473struct xlate_cfg {
474 struct hmap xbridges;
475 struct hmap xbundles;
476 struct hmap xports;
477};
b1b72f2d 478static OVSRCU_TYPE(struct xlate_cfg *) xcfgp = OVSRCU_INITIALIZER(NULL);
f439f23b 479static struct xlate_cfg *new_xcfg = NULL;
46c88433
EJ		 480
481static bool may_receive(const struct xport *, struct xlate_ctx *);
9583bc14
EJ		 482static void do_xlate_actions(const struct ofpact *, size_t ofpacts_len,
483 struct xlate_ctx *);
adcf00ba 484static void xlate_normal(struct xlate_ctx *);
c1b3756c
BP		 485static inline void xlate_report(struct xlate_ctx *, const char *, ...)
486 OVS_PRINTF_FORMAT(2, 3);
6d328fa2
SH		 487static void xlate_table_action(struct xlate_ctx *, ofp_port_t in_port,
488 uint8_t table_id, bool may_packet_in,
489 bool honor_table_miss);
46c88433
EJ		 490static bool input_vid_is_valid(uint16_t vid, struct xbundle *, bool warn);
491static uint16_t input_vid_to_vlan(const struct xbundle *, uint16_t vid);
492static void output_normal(struct xlate_ctx *, const struct xbundle *,
9583bc14 493 uint16_t vlan);
e93ef1c7
JR		 494
495/* Optional bond recirculation parameter to compose_output_action(). */
496struct xlate_bond_recirc {
497 uint32_t recirc_id; /* !0 Use recirculation instead of output. */
498 uint8_t hash_alg; /* !0 Compute hash for recirc before. */
499 uint32_t hash_basis; /* Compute hash for recirc before. */
500};
501
502static void compose_output_action(struct xlate_ctx *, ofp_port_t ofp_port,
503 const struct xlate_bond_recirc *xr);
9583bc14 504
84f0f298
RW		 505static struct xbridge *xbridge_lookup(struct xlate_cfg *,
506 const struct ofproto_dpif *);
290835f9
BP		 507static struct xbridge *xbridge_lookup_by_uuid(struct xlate_cfg *,
508 const struct uuid *);
84f0f298
RW		 509static struct xbundle *xbundle_lookup(struct xlate_cfg *,
510 const struct ofbundle *);
511static struct xport *xport_lookup(struct xlate_cfg *,
512 const struct ofport_dpif *);
46c88433 513static struct xport *get_ofp_port(const struct xbridge *, ofp_port_t ofp_port);
55954f6e
EJ		 514static struct skb_priority_to_dscp *get_skb_priority(const struct xport *,
515 uint32_t skb_priority);
516static void clear_skb_priorities(struct xport *);
16194afd 517static size_t count_skb_priorities(const struct xport *);
55954f6e
EJ		 518static bool dscp_from_skb_priority(const struct xport *, uint32_t skb_priority,
519 uint8_t *dscp);
46c88433 520
84f0f298
RW		 521static void xlate_xbridge_init(struct xlate_cfg *, struct xbridge *);
522static void xlate_xbundle_init(struct xlate_cfg *, struct xbundle *);
523static void xlate_xport_init(struct xlate_cfg *, struct xport *);
9efd308e 524static void xlate_xbridge_set(struct xbridge *, struct dpif *,
9efd308e
DV		 525 const struct mac_learning *, struct stp *,
526 struct rstp *, const struct mcast_snooping *,
527 const struct mbridge *,
528 const struct dpif_sflow *,
529 const struct dpif_ipfix *,
2f47cdf4 530 const struct netflow *,
84f0f298 531 bool forward_bpdu, bool has_in_band,
b440dd8c 532 const struct dpif_backer_support *);
84f0f298
RW		 533static void xlate_xbundle_set(struct xbundle *xbundle,
534 enum port_vlan_mode vlan_mode, int vlan,
535 unsigned long *trunks, bool use_priority_tags,
536 const struct bond *bond, const struct lacp *lacp,
537 bool floodable);
538static void xlate_xport_set(struct xport *xport, odp_port_t odp_port,
539 const struct netdev *netdev, const struct cfm *cfm,
0477baa9
DF		 540 const struct bfd *bfd, const struct lldp *lldp,
541 int stp_port_no, const struct rstp_port *rstp_port,
84f0f298
RW		 542 enum ofputil_port_config config,
543 enum ofputil_port_state state, bool is_tunnel,
544 bool may_enable);
545static void xlate_xbridge_remove(struct xlate_cfg *, struct xbridge *);
546static void xlate_xbundle_remove(struct xlate_cfg *, struct xbundle *);
547static void xlate_xport_remove(struct xlate_cfg *, struct xport *);
548static void xlate_xbridge_copy(struct xbridge *);
549static void xlate_xbundle_copy(struct xbridge *, struct xbundle *);
550static void xlate_xport_copy(struct xbridge *, struct xbundle *,
551 struct xport *);
552static void xlate_xcfg_free(struct xlate_cfg *);
b256dc52 553
34dd0d78 554static inline void
c1b3756c 555xlate_report(struct xlate_ctx *ctx, const char *format, ...)
34dd0d78
JR		 556{
557 if (OVS_UNLIKELY(ctx->xin->report_hook)) {
c1b3756c
BP		 558 va_list args;
559
560 va_start(args, format);
9a9b001a 561 ctx->xin->report_hook(ctx->xin, ctx->indentation, format, args);
c1b3756c 562 va_end(args);
34dd0d78
JR		 563 }
564}
84f0f298 565
fff1b9c0
JR		 566static struct vlog_rate_limit error_report_rl = VLOG_RATE_LIMIT_INIT(1, 5);
567
a716ef9a
JS		 568#define XLATE_REPORT_ERROR(CTX, ...) \
569 do { \
570 if (OVS_UNLIKELY((CTX)->xin->report_hook)) { \
571 xlate_report(CTX, __VA_ARGS__); \
572 } else { \
573 struct ds ds = DS_EMPTY_INITIALIZER; \
574 \
575 ds_put_format(&ds, __VA_ARGS__); \
576 ds_put_cstr(&ds, ": "); \
e91e0e58 577 flow_format(&ds, &(CTX)->base_flow); \
26f858a9 578 VLOG_ERR_RL(&error_report_rl, "%s", ds_cstr(&ds)); \
a716ef9a
JS		 579 ds_destroy(&ds); \
580 } \
fff1b9c0
JR		 581 } while (0)
582
d6bef3cc
BP		 583static inline void
584xlate_report_actions(struct xlate_ctx *ctx, const char *title,
585 const struct ofpact *ofpacts, size_t ofpacts_len)
586{
587 if (OVS_UNLIKELY(ctx->xin->report_hook)) {
588 struct ds s = DS_EMPTY_INITIALIZER;
589 ofpacts_format(ofpacts, ofpacts_len, &s);
590 xlate_report(ctx, "%s: %s", title, ds_cstr(&s));
591 ds_destroy(&s);
592 }
593}
594
84f0f298
RW		 595static void
596xlate_xbridge_init(struct xlate_cfg *xcfg, struct xbridge *xbridge)
597{
417e7e66 598 ovs_list_init(&xbridge->xbundles);
84f0f298
RW		 599 hmap_init(&xbridge->xports);
600 hmap_insert(&xcfg->xbridges, &xbridge->hmap_node,
601 hash_pointer(xbridge->ofproto, 0));
602}
603
604static void
605xlate_xbundle_init(struct xlate_cfg *xcfg, struct xbundle *xbundle)
606{
417e7e66
BW		 607 ovs_list_init(&xbundle->xports);
608 ovs_list_insert(&xbundle->xbridge->xbundles, &xbundle->list_node);
84f0f298
RW		 609 hmap_insert(&xcfg->xbundles, &xbundle->hmap_node,
610 hash_pointer(xbundle->ofbundle, 0));
611}
612
613static void
614xlate_xport_init(struct xlate_cfg *xcfg, struct xport *xport)
615{
616 hmap_init(&xport->skb_priorities);
617 hmap_insert(&xcfg->xports, &xport->hmap_node,
618 hash_pointer(xport->ofport, 0));
619 hmap_insert(&xport->xbridge->xports, &xport->ofp_node,
620 hash_ofp_port(xport->ofp_port));
621}
622
623static void
624xlate_xbridge_set(struct xbridge *xbridge,
625 struct dpif *dpif,
ec89fc6f 626 const struct mac_learning *ml, struct stp *stp,
9efd308e 627 struct rstp *rstp, const struct mcast_snooping *ms,
ec89fc6f 628 const struct mbridge *mbridge,
46c88433 629 const struct dpif_sflow *sflow,
ce3955be 630 const struct dpif_ipfix *ipfix,
2f47cdf4 631 const struct netflow *netflow,
4b97b70d 632 bool forward_bpdu, bool has_in_band,
b440dd8c 633 const struct dpif_backer_support *support)
46c88433 634{
46c88433
EJ		 635 if (xbridge->ml != ml) {
636 mac_learning_unref(xbridge->ml);
637 xbridge->ml = mac_learning_ref(ml);
638 }
639
6d95c4e8
FL		 640 if (xbridge->ms != ms) {
641 mcast_snooping_unref(xbridge->ms);
642 xbridge->ms = mcast_snooping_ref(ms);
643 }
644
46c88433
EJ		 645 if (xbridge->mbridge != mbridge) {
646 mbridge_unref(xbridge->mbridge);
647 xbridge->mbridge = mbridge_ref(mbridge);
648 }
649
650 if (xbridge->sflow != sflow) {
651 dpif_sflow_unref(xbridge->sflow);
652 xbridge->sflow = dpif_sflow_ref(sflow);
653 }
654
655 if (xbridge->ipfix != ipfix) {
656 dpif_ipfix_unref(xbridge->ipfix);
657 xbridge->ipfix = dpif_ipfix_ref(ipfix);
658 }
659
9d189a50
EJ		 660 if (xbridge->stp != stp) {
661 stp_unref(xbridge->stp);
662 xbridge->stp = stp_ref(stp);
663 }
664
9efd308e
DV		 665 if (xbridge->rstp != rstp) {
666 rstp_unref(xbridge->rstp);
667 xbridge->rstp = rstp_ref(rstp);
668 }
669
ce3955be
EJ		 670 if (xbridge->netflow != netflow) {
671 netflow_unref(xbridge->netflow);
672 xbridge->netflow = netflow_ref(netflow);
673 }
674
89a8a7f0 675 xbridge->dpif = dpif;
46c88433
EJ		 676 xbridge->forward_bpdu = forward_bpdu;
677 xbridge->has_in_band = has_in_band;
b440dd8c 678 xbridge->support = *support;
46c88433
EJ		 679}
680
84f0f298
RW		 681static void
682xlate_xbundle_set(struct xbundle *xbundle,
683 enum port_vlan_mode vlan_mode, int vlan,
684 unsigned long *trunks, bool use_priority_tags,
685 const struct bond *bond, const struct lacp *lacp,
686 bool floodable)
687{
688 ovs_assert(xbundle->xbridge);
689
690 xbundle->vlan_mode = vlan_mode;
691 xbundle->vlan = vlan;
692 xbundle->trunks = trunks;
693 xbundle->use_priority_tags = use_priority_tags;
694 xbundle->floodable = floodable;
695
696 if (xbundle->bond != bond) {
697 bond_unref(xbundle->bond);
698 xbundle->bond = bond_ref(bond);
699 }
700
701 if (xbundle->lacp != lacp) {
702 lacp_unref(xbundle->lacp);
703 xbundle->lacp = lacp_ref(lacp);
704 }
705}
706
707static void
708xlate_xport_set(struct xport *xport, odp_port_t odp_port,
709 const struct netdev *netdev, const struct cfm *cfm,
0477baa9 710 const struct bfd *bfd, const struct lldp *lldp, int stp_port_no,
f025bcb7 711 const struct rstp_port* rstp_port,
84f0f298
RW		 712 enum ofputil_port_config config, enum ofputil_port_state state,
713 bool is_tunnel, bool may_enable)
714{
715 xport->config = config;
716 xport->state = state;
717 xport->stp_port_no = stp_port_no;
718 xport->is_tunnel = is_tunnel;
719 xport->may_enable = may_enable;
720 xport->odp_port = odp_port;
721
f025bcb7
JR		 722 if (xport->rstp_port != rstp_port) {
723 rstp_port_unref(xport->rstp_port);
724 xport->rstp_port = rstp_port_ref(rstp_port);
725 }
726
84f0f298
RW		 727 if (xport->cfm != cfm) {
728 cfm_unref(xport->cfm);
729 xport->cfm = cfm_ref(cfm);
730 }
731
732 if (xport->bfd != bfd) {
733 bfd_unref(xport->bfd);
734 xport->bfd = bfd_ref(bfd);
735 }
736
0477baa9
DF		 737 if (xport->lldp != lldp) {
738 lldp_unref(xport->lldp);
739 xport->lldp = lldp_ref(lldp);
740 }
741
84f0f298
RW		 742 if (xport->netdev != netdev) {
743 netdev_close(xport->netdev);
744 xport->netdev = netdev_ref(netdev);
745 }
746}
747
748static void
749xlate_xbridge_copy(struct xbridge *xbridge)
750{
751 struct xbundle *xbundle;
752 struct xport *xport;
753 struct xbridge *new_xbridge = xzalloc(sizeof *xbridge);
754 new_xbridge->ofproto = xbridge->ofproto;
755 new_xbridge->name = xstrdup(xbridge->name);
756 xlate_xbridge_init(new_xcfg, new_xbridge);
757
758 xlate_xbridge_set(new_xbridge,
34dd0d78 759 xbridge->dpif, xbridge->ml, xbridge->stp,
9efd308e
DV		 760 xbridge->rstp, xbridge->ms, xbridge->mbridge,
761 xbridge->sflow, xbridge->ipfix, xbridge->netflow,
b440dd8c
JS		 762 xbridge->forward_bpdu, xbridge->has_in_band,
763 &xbridge->support);
84f0f298
RW		 764 LIST_FOR_EACH (xbundle, list_node, &xbridge->xbundles) {
765 xlate_xbundle_copy(new_xbridge, xbundle);
766 }
767
768 /* Copy xports which are not part of a xbundle */
769 HMAP_FOR_EACH (xport, ofp_node, &xbridge->xports) {
770 if (!xport->xbundle) {
771 xlate_xport_copy(new_xbridge, NULL, xport);
772 }
773 }
774}
775
776static void
777xlate_xbundle_copy(struct xbridge *xbridge, struct xbundle *xbundle)
778{
779 struct xport *xport;
780 struct xbundle *new_xbundle = xzalloc(sizeof *xbundle);
781 new_xbundle->ofbundle = xbundle->ofbundle;
782 new_xbundle->xbridge = xbridge;
783 new_xbundle->name = xstrdup(xbundle->name);
784 xlate_xbundle_init(new_xcfg, new_xbundle);
785
786 xlate_xbundle_set(new_xbundle, xbundle->vlan_mode,
787 xbundle->vlan, xbundle->trunks,
788 xbundle->use_priority_tags, xbundle->bond, xbundle->lacp,
789 xbundle->floodable);
790 LIST_FOR_EACH (xport, bundle_node, &xbundle->xports) {
791 xlate_xport_copy(xbridge, new_xbundle, xport);
792 }
793}
794
795static void
796xlate_xport_copy(struct xbridge *xbridge, struct xbundle *xbundle,
797 struct xport *xport)
798{
799 struct skb_priority_to_dscp *pdscp, *new_pdscp;
800 struct xport *new_xport = xzalloc(sizeof *xport);
801 new_xport->ofport = xport->ofport;
802 new_xport->ofp_port = xport->ofp_port;
803 new_xport->xbridge = xbridge;
804 xlate_xport_init(new_xcfg, new_xport);
805
806 xlate_xport_set(new_xport, xport->odp_port, xport->netdev, xport->cfm,
0477baa9
DF		 807 xport->bfd, xport->lldp, xport->stp_port_no,
808 xport->rstp_port, xport->config, xport->state,
809 xport->is_tunnel, xport->may_enable);
84f0f298
RW		 810
811 if (xport->peer) {
812 struct xport *peer = xport_lookup(new_xcfg, xport->peer->ofport);
813 if (peer) {
814 new_xport->peer = peer;
815 new_xport->peer->peer = new_xport;
816 }
817 }
818
819 if (xbundle) {
820 new_xport->xbundle = xbundle;
417e7e66 821 ovs_list_insert(&new_xport->xbundle->xports, &new_xport->bundle_node);
84f0f298
RW		 822 }
823
824 HMAP_FOR_EACH (pdscp, hmap_node, &xport->skb_priorities) {
825 new_pdscp = xmalloc(sizeof *pdscp);
826 new_pdscp->skb_priority = pdscp->skb_priority;
827 new_pdscp->dscp = pdscp->dscp;
828 hmap_insert(&new_xport->skb_priorities, &new_pdscp->hmap_node,
829 hash_int(new_pdscp->skb_priority, 0));
830 }
831}
832
833/* Sets the current xlate configuration to new_xcfg and frees the old xlate
834 * configuration in xcfgp.
835 *
836 * This needs to be called after editing the xlate configuration.
837 *
838 * Functions that edit the new xlate configuration are
6cd20a22 839 * xlate_<ofproto/bundle/ofport>_set and xlate_<ofproto/bundle/ofport>_remove.
84f0f298
RW		 840 *
841 * A sample workflow:
842 *
843 * xlate_txn_start();
844 * ...
845 * edit_xlate_configuration();
846 * ...
847 * xlate_txn_commit(); */
46c88433 848void
84f0f298
RW		 849xlate_txn_commit(void)
850{
851 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
852
853 ovsrcu_set(&xcfgp, new_xcfg);
40a9c4c2
AW		 854 ovsrcu_synchronize();
855 xlate_xcfg_free(xcfg);
84f0f298
RW		 856 new_xcfg = NULL;
857}
858
859/* Copies the current xlate configuration in xcfgp to new_xcfg.
860 *
861 * This needs to be called prior to editing the xlate configuration. */
862void
863xlate_txn_start(void)
864{
865 struct xbridge *xbridge;
866 struct xlate_cfg *xcfg;
867
868 ovs_assert(!new_xcfg);
869
870 new_xcfg = xmalloc(sizeof *new_xcfg);
871 hmap_init(&new_xcfg->xbridges);
872 hmap_init(&new_xcfg->xbundles);
873 hmap_init(&new_xcfg->xports);
874
875 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
876 if (!xcfg) {
877 return;
878 }
879
880 HMAP_FOR_EACH (xbridge, hmap_node, &xcfg->xbridges) {
881 xlate_xbridge_copy(xbridge);
882 }
883}
884
885
886static void
887xlate_xcfg_free(struct xlate_cfg *xcfg)
888{
889 struct xbridge *xbridge, *next_xbridge;
890
891 if (!xcfg) {
892 return;
893 }
894
895 HMAP_FOR_EACH_SAFE (xbridge, next_xbridge, hmap_node, &xcfg->xbridges) {
896 xlate_xbridge_remove(xcfg, xbridge);
897 }
898
899 hmap_destroy(&xcfg->xbridges);
900 hmap_destroy(&xcfg->xbundles);
901 hmap_destroy(&xcfg->xports);
902 free(xcfg);
903}
904
905void
906xlate_ofproto_set(struct ofproto_dpif *ofproto, const char *name,
34dd0d78 907 struct dpif *dpif,
84f0f298 908 const struct mac_learning *ml, struct stp *stp,
9efd308e 909 struct rstp *rstp, const struct mcast_snooping *ms,
84f0f298
RW		 910 const struct mbridge *mbridge,
911 const struct dpif_sflow *sflow,
912 const struct dpif_ipfix *ipfix,
2f47cdf4 913 const struct netflow *netflow,
b440dd8c
JS		 914 bool forward_bpdu, bool has_in_band,
915 const struct dpif_backer_support *support)
84f0f298
RW		 916{
917 struct xbridge *xbridge;
918
919 ovs_assert(new_xcfg);
920
921 xbridge = xbridge_lookup(new_xcfg, ofproto);
922 if (!xbridge) {
923 xbridge = xzalloc(sizeof *xbridge);
924 xbridge->ofproto = ofproto;
925
926 xlate_xbridge_init(new_xcfg, xbridge);
927 }
928
929 free(xbridge->name);
930 xbridge->name = xstrdup(name);
931
34dd0d78 932 xlate_xbridge_set(xbridge, dpif, ml, stp, rstp, ms, mbridge, sflow, ipfix,
b440dd8c 933 netflow, forward_bpdu, has_in_band, support);
84f0f298
RW		 934}
935
936static void
937xlate_xbridge_remove(struct xlate_cfg *xcfg, struct xbridge *xbridge)
46c88433 938{
46c88433
EJ		 939 struct xbundle *xbundle, *next_xbundle;
940 struct xport *xport, *next_xport;
941
942 if (!xbridge) {
943 return;
944 }
945
946 HMAP_FOR_EACH_SAFE (xport, next_xport, ofp_node, &xbridge->xports) {
84f0f298 947 xlate_xport_remove(xcfg, xport);
46c88433
EJ		 948 }
949
950 LIST_FOR_EACH_SAFE (xbundle, next_xbundle, list_node, &xbridge->xbundles) {
84f0f298 951 xlate_xbundle_remove(xcfg, xbundle);
46c88433
EJ		 952 }
953
84f0f298 954 hmap_remove(&xcfg->xbridges, &xbridge->hmap_node);
795cc5c1 955 mac_learning_unref(xbridge->ml);
6d95c4e8 956 mcast_snooping_unref(xbridge->ms);
795cc5c1
EJ		 957 mbridge_unref(xbridge->mbridge);
958 dpif_sflow_unref(xbridge->sflow);
959 dpif_ipfix_unref(xbridge->ipfix);
960 stp_unref(xbridge->stp);
9efd308e 961 rstp_unref(xbridge->rstp);
795cc5c1 962 hmap_destroy(&xbridge->xports);
46c88433
EJ		 963 free(xbridge->name);
964 free(xbridge);
965}
966
84f0f298
RW		 967void
968xlate_remove_ofproto(struct ofproto_dpif *ofproto)
969{
970 struct xbridge *xbridge;
971
972 ovs_assert(new_xcfg);
973
974 xbridge = xbridge_lookup(new_xcfg, ofproto);
975 xlate_xbridge_remove(new_xcfg, xbridge);
976}
977
46c88433
EJ		 978void
979xlate_bundle_set(struct ofproto_dpif *ofproto, struct ofbundle *ofbundle,
980 const char *name, enum port_vlan_mode vlan_mode, int vlan,
981 unsigned long *trunks, bool use_priority_tags,
982 const struct bond *bond, const struct lacp *lacp,
983 bool floodable)
984{
84f0f298 985 struct xbundle *xbundle;
46c88433 986
84f0f298
RW		 987 ovs_assert(new_xcfg);
988
989 xbundle = xbundle_lookup(new_xcfg, ofbundle);
46c88433
EJ		 990 if (!xbundle) {
991 xbundle = xzalloc(sizeof *xbundle);
992 xbundle->ofbundle = ofbundle;
84f0f298 993 xbundle->xbridge = xbridge_lookup(new_xcfg, ofproto);
46c88433 994
84f0f298 995 xlate_xbundle_init(new_xcfg, xbundle);
46c88433
EJ		 996 }
997
46c88433
EJ		 998 free(xbundle->name);
999 xbundle->name = xstrdup(name);
1000
84f0f298
RW		 1001 xlate_xbundle_set(xbundle, vlan_mode, vlan, trunks,
1002 use_priority_tags, bond, lacp, floodable);
46c88433
EJ		 1003}
1004
84f0f298
RW		 1005static void
1006xlate_xbundle_remove(struct xlate_cfg *xcfg, struct xbundle *xbundle)
46c88433 1007{
5f03c983 1008 struct xport *xport;
46c88433
EJ		 1009
1010 if (!xbundle) {
1011 return;
1012 }
1013
5f03c983 1014 LIST_FOR_EACH_POP (xport, bundle_node, &xbundle->xports) {
46c88433
EJ		 1015 xport->xbundle = NULL;
1016 }
1017
84f0f298 1018 hmap_remove(&xcfg->xbundles, &xbundle->hmap_node);
417e7e66 1019 ovs_list_remove(&xbundle->list_node);
46c88433
EJ		 1020 bond_unref(xbundle->bond);
1021 lacp_unref(xbundle->lacp);
1022 free(xbundle->name);
1023 free(xbundle);
1024}
1025
84f0f298
RW		 1026void
1027xlate_bundle_remove(struct ofbundle *ofbundle)
1028{
1029 struct xbundle *xbundle;
1030
1031 ovs_assert(new_xcfg);
1032
1033 xbundle = xbundle_lookup(new_xcfg, ofbundle);
1034 xlate_xbundle_remove(new_xcfg, xbundle);
1035}
1036
46c88433
EJ		 1037void
1038xlate_ofport_set(struct ofproto_dpif *ofproto, struct ofbundle *ofbundle,
1039 struct ofport_dpif *ofport, ofp_port_t ofp_port,
1040 odp_port_t odp_port, const struct netdev *netdev,
1041 const struct cfm *cfm, const struct bfd *bfd,
0477baa9
DF		 1042 const struct lldp *lldp, struct ofport_dpif *peer,
1043 int stp_port_no, const struct rstp_port *rstp_port,
55954f6e 1044 const struct ofproto_port_queue *qdscp_list, size_t n_qdscp,
dd8cd4b4
SH		 1045 enum ofputil_port_config config,
1046 enum ofputil_port_state state, bool is_tunnel,
9d189a50 1047 bool may_enable)
46c88433 1048{
55954f6e 1049 size_t i;
84f0f298
RW		 1050 struct xport *xport;
1051
1052 ovs_assert(new_xcfg);
46c88433 1053
84f0f298 1054 xport = xport_lookup(new_xcfg, ofport);
46c88433
EJ		 1055 if (!xport) {
1056 xport = xzalloc(sizeof *xport);
1057 xport->ofport = ofport;
84f0f298 1058 xport->xbridge = xbridge_lookup(new_xcfg, ofproto);
46c88433
EJ		 1059 xport->ofp_port = ofp_port;
1060
84f0f298 1061 xlate_xport_init(new_xcfg, xport);
46c88433
EJ		 1062 }
1063
1064 ovs_assert(xport->ofp_port == ofp_port);
1065
0477baa9
DF		 1066 xlate_xport_set(xport, odp_port, netdev, cfm, bfd, lldp,
1067 stp_port_no, rstp_port, config, state, is_tunnel,
1068 may_enable);
46c88433
EJ		 1069
1070 if (xport->peer) {
1071 xport->peer->peer = NULL;
1072 }
84f0f298 1073 xport->peer = xport_lookup(new_xcfg, peer);
46c88433
EJ		 1074 if (xport->peer) {
1075 xport->peer->peer = xport;
1076 }
1077
1078 if (xport->xbundle) {
417e7e66 1079 ovs_list_remove(&xport->bundle_node);
46c88433 1080 }
84f0f298 1081 xport->xbundle = xbundle_lookup(new_xcfg, ofbundle);
46c88433 1082 if (xport->xbundle) {
417e7e66 1083 ovs_list_insert(&xport->xbundle->xports, &xport->bundle_node);
46c88433 1084 }
55954f6e
EJ		 1085
1086 clear_skb_priorities(xport);
1087 for (i = 0; i < n_qdscp; i++) {
1088 struct skb_priority_to_dscp *pdscp;
1089 uint32_t skb_priority;
1090
89a8a7f0
EJ		 1091 if (dpif_queue_to_priority(xport->xbridge->dpif, qdscp_list[i].queue,
1092 &skb_priority)) {
55954f6e
EJ		 1093 continue;
1094 }
1095
1096 pdscp = xmalloc(sizeof *pdscp);
1097 pdscp->skb_priority = skb_priority;
1098 pdscp->dscp = (qdscp_list[i].dscp << 2) & IP_DSCP_MASK;
1099 hmap_insert(&xport->skb_priorities, &pdscp->hmap_node,
1100 hash_int(pdscp->skb_priority, 0));
1101 }
46c88433
EJ		 1102}
1103
84f0f298
RW		 1104static void
1105xlate_xport_remove(struct xlate_cfg *xcfg, struct xport *xport)
46c88433 1106{
46c88433
EJ		 1107 if (!xport) {
1108 return;
1109 }
1110
1111 if (xport->peer) {
1112 xport->peer->peer = NULL;
1113 xport->peer = NULL;
1114 }
1115
e621a12d 1116 if (xport->xbundle) {
417e7e66 1117 ovs_list_remove(&xport->bundle_node);
e621a12d
EJ		 1118 }
1119
55954f6e
EJ		 1120 clear_skb_priorities(xport);
1121 hmap_destroy(&xport->skb_priorities);
1122
84f0f298 1123 hmap_remove(&xcfg->xports, &xport->hmap_node);
46c88433
EJ		 1124 hmap_remove(&xport->xbridge->xports, &xport->ofp_node);
1125
1126 netdev_close(xport->netdev);
f025bcb7 1127 rstp_port_unref(xport->rstp_port);
46c88433
EJ		 1128 cfm_unref(xport->cfm);
1129 bfd_unref(xport->bfd);
0477baa9 1130 lldp_unref(xport->lldp);
46c88433
EJ		 1131 free(xport);
1132}
1133
84f0f298
RW		 1134void
1135xlate_ofport_remove(struct ofport_dpif *ofport)
1136{
1137 struct xport *xport;
1138
1139 ovs_assert(new_xcfg);
1140
1141 xport = xport_lookup(new_xcfg, ofport);
1142 xlate_xport_remove(new_xcfg, xport);
1143}
1144
ef377a58
JR		 1145static struct ofproto_dpif *
1146xlate_lookup_ofproto_(const struct dpif_backer *backer, const struct flow *flow,
1147 ofp_port_t *ofp_in_port, const struct xport **xportp)
1148{
e672ff9b 1149 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
ef377a58 1150 const struct xport *xport;
f9038ef6 1151
e672ff9b
JR		 1152 xport = xport_lookup(xcfg, tnl_port_should_receive(flow)
1153 ? tnl_port_receive(flow)
1154 : odp_port_to_ofport(backer, flow->in_port.odp_port));
1155 if (OVS_UNLIKELY(!xport)) {
1156 return NULL;
ef377a58 1157 }
e672ff9b 1158 *xportp = xport;
f9038ef6 1159 if (ofp_in_port) {
e672ff9b 1160 *ofp_in_port = xport->ofp_port;
f9038ef6 1161 }
e672ff9b 1162 return xport->xbridge->ofproto;
ef377a58
JR		 1163}
1164
1165/* Given a datapath and flow metadata ('backer', and 'flow' respectively)
1166 * returns the corresponding struct ofproto_dpif and OpenFlow port number. */
1167struct ofproto_dpif *
1168xlate_lookup_ofproto(const struct dpif_backer *backer, const struct flow *flow,
1169 ofp_port_t *ofp_in_port)
1170{
1171 const struct xport *xport;
1172
1173 return xlate_lookup_ofproto_(backer, flow, ofp_in_port, &xport);
1174}
1175
cc377352 1176/* Given a datapath and flow metadata ('backer', and 'flow' respectively),
ef377a58 1177 * optionally populates 'ofproto' with the ofproto_dpif, 'ofp_in_port' with the
cc377352 1178 * openflow in_port, and 'ipfix', 'sflow', and 'netflow' with the appropriate
dcc2c6cd
JR		 1179 * handles for those protocols if they're enabled. Caller may use the returned
1180 * pointers until quiescing, for longer term use additional references must
1181 * be taken.
8449c4d6 1182 *
f9038ef6 1183 * Returns 0 if successful, ENODEV if the parsed flow has no associated ofproto.
ef377a58 1184 */
8449c4d6 1185int
5c476ea3
JR		 1186xlate_lookup(const struct dpif_backer *backer, const struct flow *flow,
1187 struct ofproto_dpif **ofprotop, struct dpif_ipfix **ipfix,
1188 struct dpif_sflow **sflow, struct netflow **netflow,
1189 ofp_port_t *ofp_in_port)
8449c4d6 1190{
ef377a58 1191 struct ofproto_dpif *ofproto;
84f0f298 1192 const struct xport *xport;
8449c4d6 1193
ef377a58 1194 ofproto = xlate_lookup_ofproto_(backer, flow, ofp_in_port, &xport);
8449c4d6 1195
f9038ef6 1196 if (!ofproto) {
cc377352 1197 return ENODEV;
8449c4d6 1198 }
8449c4d6 1199
ef377a58
JR		 1200 if (ofprotop) {
1201 *ofprotop = ofproto;
8449c4d6
EJ		 1202 }
1203
1dfdb9b3 1204 if (ipfix) {
f9038ef6 1205 *ipfix = xport ? xport->xbridge->ipfix : NULL;
1dfdb9b3
EJ		 1206 }
1207
1208 if (sflow) {
f9038ef6 1209 *sflow = xport ? xport->xbridge->sflow : NULL;
1dfdb9b3
EJ		 1210 }
1211
1212 if (netflow) {
f9038ef6 1213 *netflow = xport ? xport->xbridge->netflow : NULL;
1dfdb9b3 1214 }
f9038ef6 1215
cc377352 1216 return 0;
8449c4d6
EJ		 1217}
1218
46c88433 1219static struct xbridge *
84f0f298 1220xbridge_lookup(struct xlate_cfg *xcfg, const struct ofproto_dpif *ofproto)
46c88433 1221{
84f0f298 1222 struct hmap *xbridges;
46c88433
EJ		 1223 struct xbridge *xbridge;
1224
84f0f298 1225 if (!ofproto || !xcfg) {
5e6af486
EJ		 1226 return NULL;
1227 }
1228
84f0f298
RW		 1229 xbridges = &xcfg->xbridges;
1230
46c88433 1231 HMAP_FOR_EACH_IN_BUCKET (xbridge, hmap_node, hash_pointer(ofproto, 0),
84f0f298 1232 xbridges) {
46c88433
EJ		 1233 if (xbridge->ofproto == ofproto) {
1234 return xbridge;
1235 }
1236 }
1237 return NULL;
1238}
1239
290835f9
BP		 1240static struct xbridge *
1241xbridge_lookup_by_uuid(struct xlate_cfg *xcfg, const struct uuid *uuid)
1242{
1243 struct xbridge *xbridge;
1244
1245 HMAP_FOR_EACH (xbridge, hmap_node, &xcfg->xbridges) {
1246 if (uuid_equals(ofproto_dpif_get_uuid(xbridge->ofproto), uuid)) {
1247 return xbridge;
1248 }
1249 }
1250 return NULL;
1251}
1252
46c88433 1253static struct xbundle *
84f0f298 1254xbundle_lookup(struct xlate_cfg *xcfg, const struct ofbundle *ofbundle)
46c88433 1255{
84f0f298 1256 struct hmap *xbundles;
46c88433
EJ		 1257 struct xbundle *xbundle;
1258
84f0f298 1259 if (!ofbundle || !xcfg) {
5e6af486
EJ		 1260 return NULL;
1261 }
1262
84f0f298
RW		 1263 xbundles = &xcfg->xbundles;
1264
46c88433 1265 HMAP_FOR_EACH_IN_BUCKET (xbundle, hmap_node, hash_pointer(ofbundle, 0),
84f0f298 1266 xbundles) {
46c88433
EJ		 1267 if (xbundle->ofbundle == ofbundle) {
1268 return xbundle;
1269 }
1270 }
1271 return NULL;
1272}
1273
1274static struct xport *
84f0f298 1275xport_lookup(struct xlate_cfg *xcfg, const struct ofport_dpif *ofport)
46c88433 1276{
84f0f298 1277 struct hmap *xports;
46c88433
EJ		 1278 struct xport *xport;
1279
84f0f298 1280 if (!ofport || !xcfg) {
5e6af486
EJ		 1281 return NULL;
1282 }
1283
84f0f298
RW		 1284 xports = &xcfg->xports;
1285
46c88433 1286 HMAP_FOR_EACH_IN_BUCKET (xport, hmap_node, hash_pointer(ofport, 0),
84f0f298 1287 xports) {
46c88433
EJ		 1288 if (xport->ofport == ofport) {
1289 return xport;
1290 }
1291 }
1292 return NULL;
1293}
1294
40085e56
EJ		 1295static struct stp_port *
1296xport_get_stp_port(const struct xport *xport)
1297{
92cf817b 1298 return xport->xbridge->stp && xport->stp_port_no != -1
40085e56
EJ		 1299 ? stp_get_port(xport->xbridge->stp, xport->stp_port_no)
1300 : NULL;
1301}
9d189a50 1302
0d1cee12 1303static bool
9d189a50
EJ		 1304xport_stp_learn_state(const struct xport *xport)
1305{
40085e56 1306 struct stp_port *sp = xport_get_stp_port(xport);
4b5f1996
DV		 1307 return sp
1308 ? stp_learn_in_state(stp_port_get_state(sp))
1309 : true;
9d189a50
EJ		 1310}
1311
1312static bool
1313xport_stp_forward_state(const struct xport *xport)
1314{
40085e56 1315 struct stp_port *sp = xport_get_stp_port(xport);
4b5f1996
DV		 1316 return sp
1317 ? stp_forward_in_state(stp_port_get_state(sp))
1318 : true;
9d189a50
EJ		 1319}
1320
0d1cee12 1321static bool
bacdb85a 1322xport_stp_should_forward_bpdu(const struct xport *xport)
0d1cee12
K		 1323{
1324 struct stp_port *sp = xport_get_stp_port(xport);
bacdb85a 1325 return stp_should_forward_bpdu(sp ? stp_port_get_state(sp) : STP_DISABLED);
0d1cee12
K		 1326}
1327
9d189a50
EJ		 1328/* Returns true if STP should process 'flow'. Sets fields in 'wc' that
1329 * were used to make the determination.*/
1330static bool
1331stp_should_process_flow(const struct flow *flow, struct flow_wildcards *wc)
1332{
bbbca389 1333 /* is_stp() also checks dl_type, but dl_type is always set in 'wc'. */
9d189a50 1334 memset(&wc->masks.dl_dst, 0xff, sizeof wc->masks.dl_dst);
bbbca389 1335 return is_stp(flow);
9d189a50
EJ		 1336}
1337
1338static void
cf62fa4c 1339stp_process_packet(const struct xport *xport, const struct dp_packet *packet)
9d189a50 1340{
40085e56 1341 struct stp_port *sp = xport_get_stp_port(xport);
cf62fa4c
PS		 1342 struct dp_packet payload = *packet;
1343 struct eth_header *eth = dp_packet_data(&payload);
9d189a50
EJ		 1344
1345 /* Sink packets on ports that have STP disabled when the bridge has
1346 * STP enabled. */
1347 if (!sp || stp_port_get_state(sp) == STP_DISABLED) {
1348 return;
1349 }
1350
1351 /* Trim off padding on payload. */
cf62fa4c
PS		 1352 if (dp_packet_size(&payload) > ntohs(eth->eth_type) + ETH_HEADER_LEN) {
1353 dp_packet_set_size(&payload, ntohs(eth->eth_type) + ETH_HEADER_LEN);
9d189a50
EJ		 1354 }
1355
cf62fa4c
PS		 1356 if (dp_packet_try_pull(&payload, ETH_HEADER_LEN + LLC_HEADER_LEN)) {
1357 stp_received_bpdu(sp, dp_packet_data(&payload), dp_packet_size(&payload));
9d189a50
EJ		 1358 }
1359}
1360
f025bcb7
JR		 1361static enum rstp_state
1362xport_get_rstp_port_state(const struct xport *xport)
9efd308e 1363{
f025bcb7
JR		 1364 return xport->rstp_port
1365 ? rstp_port_get_state(xport->rstp_port)
1366 : RSTP_DISABLED;
9efd308e
DV		 1367}
1368
1369static bool
1370xport_rstp_learn_state(const struct xport *xport)
1371{
4b5f1996
DV		 1372 return xport->xbridge->rstp && xport->rstp_port
1373 ? rstp_learn_in_state(xport_get_rstp_port_state(xport))
1374 : true;
9efd308e
DV		 1375}
1376
1377static bool
1378xport_rstp_forward_state(const struct xport *xport)
1379{
4b5f1996
DV		 1380 return xport->xbridge->rstp && xport->rstp_port
1381 ? rstp_forward_in_state(xport_get_rstp_port_state(xport))
1382 : true;
9efd308e
DV		 1383}
1384
1385static bool
1386xport_rstp_should_manage_bpdu(const struct xport *xport)
1387{
f025bcb7 1388 return rstp_should_manage_bpdu(xport_get_rstp_port_state(xport));
9efd308e
DV		 1389}
1390
1391static void
cf62fa4c 1392rstp_process_packet(const struct xport *xport, const struct dp_packet *packet)
9efd308e 1393{
cf62fa4c
PS		 1394 struct dp_packet payload = *packet;
1395 struct eth_header *eth = dp_packet_data(&payload);
9efd308e 1396
f025bcb7
JR		 1397 /* Sink packets on ports that have no RSTP. */
1398 if (!xport->rstp_port) {
9efd308e
DV		 1399 return;
1400 }
1401
1402 /* Trim off padding on payload. */
cf62fa4c
PS		 1403 if (dp_packet_size(&payload) > ntohs(eth->eth_type) + ETH_HEADER_LEN) {
1404 dp_packet_set_size(&payload, ntohs(eth->eth_type) + ETH_HEADER_LEN);
9efd308e
DV		 1405 }
1406
cf62fa4c
PS		 1407 if (dp_packet_try_pull(&payload, ETH_HEADER_LEN + LLC_HEADER_LEN)) {
1408 rstp_port_received_bpdu(xport->rstp_port, dp_packet_data(&payload),
1409 dp_packet_size(&payload));
9efd308e
DV		 1410 }
1411}
1412
46c88433
EJ		 1413static struct xport *
1414get_ofp_port(const struct xbridge *xbridge, ofp_port_t ofp_port)
1415{
1416 struct xport *xport;
1417
1418 HMAP_FOR_EACH_IN_BUCKET (xport, ofp_node, hash_ofp_port(ofp_port),
1419 &xbridge->xports) {
1420 if (xport->ofp_port == ofp_port) {
1421 return xport;
1422 }
1423 }
1424 return NULL;
1425}
1426
1427static odp_port_t
1428ofp_port_to_odp_port(const struct xbridge *xbridge, ofp_port_t ofp_port)
1429{
1430 const struct xport *xport = get_ofp_port(xbridge, ofp_port);
1431 return xport ? xport->odp_port : ODPP_NONE;
1432}
1433
dd8cd4b4
SH		 1434static bool
1435odp_port_is_alive(const struct xlate_ctx *ctx, ofp_port_t ofp_port)
1436{
086fa873
BP		 1437 struct xport *xport = get_ofp_port(ctx->xbridge, ofp_port);
1438 return xport && xport->may_enable;
dd8cd4b4
SH		 1439}
1440
1e684d7d 1441static struct ofputil_bucket *
dd8cd4b4
SH		 1442group_first_live_bucket(const struct xlate_ctx *, const struct group_dpif *,
1443 int depth);
1444
1445static bool
1446group_is_alive(const struct xlate_ctx *ctx, uint32_t group_id, int depth)
1447{
1448 struct group_dpif *group;
dd8cd4b4 1449
5d08a275 1450 group = group_dpif_lookup(ctx->xbridge->ofproto, group_id,
1f4a8933 1451 ctx->xin->tables_version, false);
db88b35c 1452 if (group) {
76973237 1453 return group_first_live_bucket(ctx, group, depth) != NULL;
dc25893e 1454 }
dd8cd4b4 1455
dc25893e 1456 return false;
dd8cd4b4
SH		 1457}
1458
1459#define MAX_LIVENESS_RECURSION 128 /* Arbitrary limit */
1460
1461static bool
1462bucket_is_alive(const struct xlate_ctx *ctx,
1e684d7d 1463 struct ofputil_bucket *bucket, int depth)
dd8cd4b4
SH		 1464{
1465 if (depth >= MAX_LIVENESS_RECURSION) {
1466 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
1467
1468 VLOG_WARN_RL(&rl, "bucket chaining exceeded %d links",
1469 MAX_LIVENESS_RECURSION);
1470 return false;
1471 }
1472
fdb1999b
AZ		 1473 return (!ofputil_bucket_has_liveness(bucket)
1474 || (bucket->watch_port != OFPP_ANY
1475 && odp_port_is_alive(ctx, bucket->watch_port))
1476 || (bucket->watch_group != OFPG_ANY
1477 && group_is_alive(ctx, bucket->watch_group, depth + 1)));
dd8cd4b4
SH		 1478}
1479
1e684d7d 1480static struct ofputil_bucket *
dd8cd4b4
SH		 1481group_first_live_bucket(const struct xlate_ctx *ctx,
1482 const struct group_dpif *group, int depth)
1483{
1484 struct ofputil_bucket *bucket;
ca6ba700 1485 const struct ovs_list *buckets;
dd8cd4b4 1486
53cc166a 1487 buckets = group_dpif_get_buckets(group, NULL);
dd8cd4b4
SH		 1488 LIST_FOR_EACH (bucket, list_node, buckets) {
1489 if (bucket_is_alive(ctx, bucket, depth)) {
1490 return bucket;
1491 }
1492 }
1493
1494 return NULL;
1495}
1496
1e684d7d 1497static struct ofputil_bucket *
fe7e5749
SH		 1498group_best_live_bucket(const struct xlate_ctx *ctx,
1499 const struct group_dpif *group,
1500 uint32_t basis)
1501{
1e684d7d 1502 struct ofputil_bucket *best_bucket = NULL;
fe7e5749 1503 uint32_t best_score = 0;
fe7e5749 1504
1e684d7d 1505 struct ofputil_bucket *bucket;
ca6ba700 1506 const struct ovs_list *buckets;
fe7e5749 1507
53cc166a 1508 buckets = group_dpif_get_buckets(group, NULL);
fe7e5749
SH		 1509 LIST_FOR_EACH (bucket, list_node, buckets) {
1510 if (bucket_is_alive(ctx, bucket, 0)) {
c09cb861
LS		 1511 uint32_t score =
1512 (hash_int(bucket->bucket_id, basis) & 0xffff) * bucket->weight;
fe7e5749
SH		 1513 if (score >= best_score) {
1514 best_bucket = bucket;
1515 best_score = score;
1516 }
1517 }
fe7e5749
SH		 1518 }
1519
1520 return best_bucket;
1521}
1522
9583bc14 1523static bool
46c88433 1524xbundle_trunks_vlan(const struct xbundle *bundle, uint16_t vlan)
9583bc14
EJ		 1525{
1526 return (bundle->vlan_mode != PORT_VLAN_ACCESS
1527 && (!bundle->trunks || bitmap_is_set(bundle->trunks, vlan)));
1528}
1529
1530static bool
46c88433
EJ		 1531xbundle_includes_vlan(const struct xbundle *xbundle, uint16_t vlan)
1532{
1533 return vlan == xbundle->vlan || xbundle_trunks_vlan(xbundle, vlan);
1534}
1535
1536static mirror_mask_t
1537xbundle_mirror_out(const struct xbridge *xbridge, struct xbundle *xbundle)
1538{
1539 return xbundle != &ofpp_none_bundle
1540 ? mirror_bundle_out(xbridge->mbridge, xbundle->ofbundle)
1541 : 0;
1542}
1543
1544static mirror_mask_t
1545xbundle_mirror_src(const struct xbridge *xbridge, struct xbundle *xbundle)
9583bc14 1546{
46c88433
EJ		 1547 return xbundle != &ofpp_none_bundle
1548 ? mirror_bundle_src(xbridge->mbridge, xbundle->ofbundle)
1549 : 0;
9583bc14
EJ		 1550}
1551
46c88433
EJ		 1552static mirror_mask_t
1553xbundle_mirror_dst(const struct xbridge *xbridge, struct xbundle *xbundle)
9583bc14 1554{
46c88433
EJ		 1555 return xbundle != &ofpp_none_bundle
1556 ? mirror_bundle_dst(xbridge->mbridge, xbundle->ofbundle)
1557 : 0;
1558}
1559
1560static struct xbundle *
1561lookup_input_bundle(const struct xbridge *xbridge, ofp_port_t in_port,
1562 bool warn, struct xport **in_xportp)
1563{
1564 struct xport *xport;
9583bc14
EJ		 1565
1566 /* Find the port and bundle for the received packet. */
46c88433
EJ		 1567 xport = get_ofp_port(xbridge, in_port);
1568 if (in_xportp) {
1569 *in_xportp = xport;
9583bc14 1570 }
46c88433
EJ		 1571 if (xport && xport->xbundle) {
1572 return xport->xbundle;
9583bc14
EJ		 1573 }
1574
6362203b
YT		 1575 /* Special-case OFPP_NONE (OF1.0) and OFPP_CONTROLLER (OF1.1+),
1576 * which a controller may use as the ingress port for traffic that
1577 * it is sourcing. */
1578 if (in_port == OFPP_CONTROLLER || in_port == OFPP_NONE) {
9583bc14
EJ		 1579 return &ofpp_none_bundle;
1580 }
1581
1582 /* Odd. A few possible reasons here:
1583 *
1584 * - We deleted a port but there are still a few packets queued up
1585 * from it.
1586 *
1587 * - Someone externally added a port (e.g. "ovs-dpctl add-if") that
1588 * we don't know about.
1589 *
1590 * - The ofproto client didn't configure the port as part of a bundle.
1591 * This is particularly likely to happen if a packet was received on the
1592 * port after it was created, but before the client had a chance to
1593 * configure its bundle.
1594 */
1595 if (warn) {
1596 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1597
1598 VLOG_WARN_RL(&rl, "bridge %s: received packet on unknown "
46c88433 1599 "port %"PRIu16, xbridge->name, in_port);
9583bc14
EJ		 1600 }
1601 return NULL;
1602}
1603
faa624b4
BP		 1604/* Mirrors the packet represented by 'ctx' to appropriate mirror destinations,
1605 * given the packet is ingressing or egressing on 'xbundle', which has ingress
1606 * or egress (as appropriate) mirrors 'mirrors'. */
9583bc14 1607static void
7efbc3b7
BP		 1608mirror_packet(struct xlate_ctx *ctx, struct xbundle *xbundle,
1609 mirror_mask_t mirrors)
9583bc14 1610{
faa624b4
BP		 1611 /* Figure out what VLAN the packet is in (because mirrors can select
1612 * packets on basis of VLAN). */
7efbc3b7
BP		 1613 bool warn = ctx->xin->packet != NULL;
1614 uint16_t vid = vlan_tci_to_vid(ctx->xin->flow.vlan_tci);
1615 if (!input_vid_is_valid(vid, xbundle, warn)) {
9583bc14
EJ		 1616 return;
1617 }
7efbc3b7 1618 uint16_t vlan = input_vid_to_vlan(xbundle, vid);
9583bc14 1619
7efbc3b7 1620 const struct xbridge *xbridge = ctx->xbridge;
9583bc14 1621
7efbc3b7
BP		 1622 /* Don't mirror to destinations that we've already mirrored to. */
1623 mirrors &= ~ctx->mirrors;
9583bc14
EJ		 1624 if (!mirrors) {
1625 return;
1626 }
1627
7efbc3b7
BP		 1628 if (ctx->xin->resubmit_stats) {
1629 mirror_update_stats(xbridge->mbridge, mirrors,
1630 ctx->xin->resubmit_stats->n_packets,
1631 ctx->xin->resubmit_stats->n_bytes);
1632 }
1633 if (ctx->xin->xcache) {
1634 struct xc_entry *entry;
1635
1636 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_MIRROR);
901a517e
JR		 1637 entry->mirror.mbridge = mbridge_ref(xbridge->mbridge);
1638 entry->mirror.mirrors = mirrors;
7efbc3b7 1639 }
9583bc14 1640
faa624b4
BP		 1641 /* 'mirrors' is a bit-mask of candidates for mirroring. Iterate as long as
1642 * some candidates remain. */
9583bc14 1643 while (mirrors) {
7efbc3b7 1644 const unsigned long *vlans;
ec7ceaed
EJ		 1645 mirror_mask_t dup_mirrors;
1646 struct ofbundle *out;
ec7ceaed 1647 int out_vlan;
1356dbd1 1648 int snaplen;
ec7ceaed 1649
faa624b4 1650 /* Get the details of the mirror represented by the rightmost 1-bit. */
7efbc3b7 1651 bool has_mirror = mirror_get(xbridge->mbridge, raw_ctz(mirrors),
1356dbd1
WT		 1652 &vlans, &dup_mirrors,
1653 &out, &snaplen, &out_vlan);
ec7ceaed
EJ		 1654 ovs_assert(has_mirror);
1655
1356dbd1 1656
faa624b4
BP		 1657 /* If this mirror selects on the basis of VLAN, and it does not select
1658 * 'vlan', then discard this mirror and go on to the next one. */
ec7ceaed 1659 if (vlans) {
49a73e0c 1660 ctx->wc->masks.vlan_tci |= htons(VLAN_CFI | VLAN_VID_MASK);
9583bc14 1661 }
7efbc3b7 1662 if (vlans && !bitmap_is_set(vlans, vlan)) {
9583bc14
EJ		 1663 mirrors = zero_rightmost_1bit(mirrors);
1664 continue;
1665 }
1666
faa624b4
BP		 1667 /* Record the mirror, and the mirrors that output to the same
1668 * destination, so that we don't mirror to them again. This must be
1669 * done now to ensure that output_normal(), below, doesn't recursively
1670 * output to the same mirrors. */
3d6151f3 1671 ctx->mirrors |= dup_mirrors;
1356dbd1 1672 ctx->mirror_snaplen = snaplen;
faa624b4
BP		 1673
1674 /* Send the packet to the mirror. */
ec7ceaed 1675 if (out) {
84f0f298
RW		 1676 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
1677 struct xbundle *out_xbundle = xbundle_lookup(xcfg, out);
46c88433
EJ		 1678 if (out_xbundle) {
1679 output_normal(ctx, out_xbundle, vlan);
1680 }
ec7ceaed 1681 } else if (vlan != out_vlan
7efbc3b7 1682 && !eth_addr_is_reserved(ctx->xin->flow.dl_dst)) {
46c88433 1683 struct xbundle *xbundle;
9583bc14 1684
46c88433
EJ		 1685 LIST_FOR_EACH (xbundle, list_node, &xbridge->xbundles) {
1686 if (xbundle_includes_vlan(xbundle, out_vlan)
1687 && !xbundle_mirror_out(xbridge, xbundle)) {
1688 output_normal(ctx, xbundle, out_vlan);
9583bc14
EJ		 1689 }
1690 }
1691 }
faa624b4
BP		 1692
1693 /* output_normal() could have recursively output (to different
1694 * mirrors), so make sure that we don't send duplicates. */
1695 mirrors &= ~ctx->mirrors;
1356dbd1 1696 ctx->mirror_snaplen = 0;
9583bc14
EJ		 1697 }
1698}
1699
7efbc3b7
BP		 1700static void
1701mirror_ingress_packet(struct xlate_ctx *ctx)
1702{
1703 if (mbridge_has_mirrors(ctx->xbridge->mbridge)) {
1704 bool warn = ctx->xin->packet != NULL;
1705 struct xbundle *xbundle = lookup_input_bundle(
1706 ctx->xbridge, ctx->xin->flow.in_port.ofp_port, warn, NULL);
1707 if (xbundle) {
1708 mirror_packet(ctx, xbundle,
1709 xbundle_mirror_src(ctx->xbridge, xbundle));
1710 }
1711 }
1712}
1713
9583bc14 1714/* Given 'vid', the VID obtained from the 802.1Q header that was received as
46c88433 1715 * part of a packet (specify 0 if there was no 802.1Q header), and 'in_xbundle',
9583bc14
EJ		 1716 * the bundle on which the packet was received, returns the VLAN to which the
1717 * packet belongs.
1718 *
1719 * Both 'vid' and the return value are in the range 0...4095. */
1720static uint16_t
46c88433 1721input_vid_to_vlan(const struct xbundle *in_xbundle, uint16_t vid)
9583bc14 1722{
46c88433 1723 switch (in_xbundle->vlan_mode) {
9583bc14 1724 case PORT_VLAN_ACCESS:
46c88433 1725 return in_xbundle->vlan;
9583bc14
EJ		 1726 break;
1727
1728 case PORT_VLAN_TRUNK:
1729 return vid;
1730
1731 case PORT_VLAN_NATIVE_UNTAGGED:
1732 case PORT_VLAN_NATIVE_TAGGED:
46c88433 1733 return vid ? vid : in_xbundle->vlan;
9583bc14
EJ		 1734
1735 default:
428b2edd 1736 OVS_NOT_REACHED();
9583bc14
EJ		 1737 }
1738}
1739
46c88433 1740/* Checks whether a packet with the given 'vid' may ingress on 'in_xbundle'.
9583bc14
EJ		 1741 * If so, returns true. Otherwise, returns false and, if 'warn' is true, logs
1742 * a warning.
1743 *
1744 * 'vid' should be the VID obtained from the 802.1Q header that was received as
1745 * part of a packet (specify 0 if there was no 802.1Q header), in the range
1746 * 0...4095. */
1747static bool
46c88433 1748input_vid_is_valid(uint16_t vid, struct xbundle *in_xbundle, bool warn)
9583bc14
EJ		 1749{
1750 /* Allow any VID on the OFPP_NONE port. */
46c88433 1751 if (in_xbundle == &ofpp_none_bundle) {
9583bc14
EJ		 1752 return true;
1753 }
1754
46c88433 1755 switch (in_xbundle->vlan_mode) {
9583bc14
EJ		 1756 case PORT_VLAN_ACCESS:
1757 if (vid) {
1758 if (warn) {
1759 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
46c88433 1760 VLOG_WARN_RL(&rl, "dropping VLAN %"PRIu16" tagged "
9583bc14 1761 "packet received on port %s configured as VLAN "
46c88433
EJ		 1762 "%"PRIu16" access port", vid, in_xbundle->name,
1763 in_xbundle->vlan);
9583bc14
EJ		 1764 }
1765 return false;
1766 }
1767 return true;
1768
1769 case PORT_VLAN_NATIVE_UNTAGGED:
1770 case PORT_VLAN_NATIVE_TAGGED:
1771 if (!vid) {
1772 /* Port must always carry its native VLAN. */
1773 return true;
1774 }
1775 /* Fall through. */
1776 case PORT_VLAN_TRUNK:
46c88433 1777 if (!xbundle_includes_vlan(in_xbundle, vid)) {
9583bc14
EJ		 1778 if (warn) {
1779 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
46c88433 1780 VLOG_WARN_RL(&rl, "dropping VLAN %"PRIu16" packet "
9583bc14 1781 "received on port %s not configured for trunking "
46c88433 1782 "VLAN %"PRIu16, vid, in_xbundle->name, vid);
9583bc14
EJ		 1783 }
1784 return false;
1785 }
1786 return true;
1787
1788 default:
428b2edd 1789 OVS_NOT_REACHED();
9583bc14
EJ		 1790 }
1791
1792}
1793
1794/* Given 'vlan', the VLAN that a packet belongs to, and
46c88433 1795 * 'out_xbundle', a bundle on which the packet is to be output, returns the VID
9583bc14
EJ		 1796 * that should be included in the 802.1Q header. (If the return value is 0,
1797 * then the 802.1Q header should only be included in the packet if there is a
1798 * nonzero PCP.)
1799 *
1800 * Both 'vlan' and the return value are in the range 0...4095. */
1801static uint16_t
46c88433 1802output_vlan_to_vid(const struct xbundle *out_xbundle, uint16_t vlan)
9583bc14 1803{
46c88433 1804 switch (out_xbundle->vlan_mode) {
9583bc14
EJ		 1805 case PORT_VLAN_ACCESS:
1806 return 0;
1807
1808 case PORT_VLAN_TRUNK:
1809 case PORT_VLAN_NATIVE_TAGGED:
1810 return vlan;
1811
1812 case PORT_VLAN_NATIVE_UNTAGGED:
46c88433 1813 return vlan == out_xbundle->vlan ? 0 : vlan;
9583bc14
EJ		 1814
1815 default:
428b2edd 1816 OVS_NOT_REACHED();
9583bc14
EJ		 1817 }
1818}
1819
1820static void
46c88433 1821output_normal(struct xlate_ctx *ctx, const struct xbundle *out_xbundle,
9583bc14
EJ		 1822 uint16_t vlan)
1823{
33bf9176 1824 ovs_be16 *flow_tci = &ctx->xin->flow.vlan_tci;
9583bc14
EJ		 1825 uint16_t vid;
1826 ovs_be16 tci, old_tci;
46c88433 1827 struct xport *xport;
e93ef1c7
JR		 1828 struct xlate_bond_recirc xr;
1829 bool use_recirc = false;
9583bc14 1830
46c88433 1831 vid = output_vlan_to_vid(out_xbundle, vlan);
417e7e66 1832 if (ovs_list_is_empty(&out_xbundle->xports)) {
46c88433
EJ		 1833 /* Partially configured bundle with no slaves. Drop the packet. */
1834 return;
1835 } else if (!out_xbundle->bond) {
417e7e66 1836 xport = CONTAINER_OF(ovs_list_front(&out_xbundle->xports), struct xport,
46c88433 1837 bundle_node);
9583bc14 1838 } else {
84f0f298 1839 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
49a73e0c 1840 struct flow_wildcards *wc = ctx->wc;
84f0f298 1841 struct ofport_dpif *ofport;
adcf00ba 1842
2494ccd7 1843 if (ctx->xbridge->support.odp.recirc) {
e93ef1c7
JR		 1844 use_recirc = bond_may_recirc(
1845 out_xbundle->bond, &xr.recirc_id, &xr.hash_basis);
adcf00ba 1846
e93ef1c7 1847 if (use_recirc) {
adcf00ba 1848 /* Only TCP mode uses recirculation. */
e93ef1c7 1849 xr.hash_alg = OVS_HASH_ALG_L4;
adcf00ba 1850 bond_update_post_recirc_rules(out_xbundle->bond, false);
54ecb5a2
AZ		 1851
1852 /* Recirculation does not require unmasking hash fields. */
1853 wc = NULL;
adcf00ba
AZ		 1854 }
1855 }
46c88433 1856
54ecb5a2
AZ		 1857 ofport = bond_choose_output_slave(out_xbundle->bond,
1858 &ctx->xin->flow, wc, vid);
84f0f298 1859 xport = xport_lookup(xcfg, ofport);
46c88433
EJ		 1860
1861 if (!xport) {
9583bc14
EJ		 1862 /* No slaves enabled, so drop packet. */
1863 return;
1864 }
d6fc5f57 1865
e93ef1c7 1866 /* If use_recirc is set, the main thread will handle stats
b256dc52 1867 * accounting for this bond. */
e93ef1c7 1868 if (!use_recirc) {
b256dc52
JS		 1869 if (ctx->xin->resubmit_stats) {
1870 bond_account(out_xbundle->bond, &ctx->xin->flow, vid,
1871 ctx->xin->resubmit_stats->n_bytes);
1872 }
1873 if (ctx->xin->xcache) {
1874 struct xc_entry *entry;
1875 struct flow *flow;
1876
1877 flow = &ctx->xin->flow;
1878 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_BOND);
901a517e
JR		 1879 entry->bond.bond = bond_ref(out_xbundle->bond);
1880 entry->bond.flow = xmemdup(flow, sizeof *flow);
1881 entry->bond.vid = vid;
b256dc52 1882 }
d6fc5f57 1883 }
9583bc14
EJ		 1884 }
1885
33bf9176 1886 old_tci = *flow_tci;
9583bc14 1887 tci = htons(vid);
46c88433 1888 if (tci || out_xbundle->use_priority_tags) {
33bf9176 1889 tci |= *flow_tci & htons(VLAN_PCP_MASK);
9583bc14
EJ		 1890 if (tci) {
1891 tci |= htons(VLAN_CFI);
1892 }
1893 }
33bf9176 1894 *flow_tci = tci;
9583bc14 1895
e93ef1c7 1896 compose_output_action(ctx, xport->ofp_port, use_recirc ? &xr : NULL);
33bf9176 1897 *flow_tci = old_tci;
9583bc14
EJ		 1898}
1899
1900/* A VM broadcasts a gratuitous ARP to indicate that it has resumed after
1901 * migration. Older Citrix-patched Linux DomU used gratuitous ARP replies to
1902 * indicate this; newer upstream kernels use gratuitous ARP requests. */
1903static bool
1904is_gratuitous_arp(const struct flow *flow, struct flow_wildcards *wc)
1905{
1906 if (flow->dl_type != htons(ETH_TYPE_ARP)) {
1907 return false;
1908 }
1909
1910 memset(&wc->masks.dl_dst, 0xff, sizeof wc->masks.dl_dst);
1911 if (!eth_addr_is_broadcast(flow->dl_dst)) {
1912 return false;
1913 }
1914
1915 memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
1916 if (flow->nw_proto == ARP_OP_REPLY) {
1917 return true;
1918 } else if (flow->nw_proto == ARP_OP_REQUEST) {
1919 memset(&wc->masks.nw_src, 0xff, sizeof wc->masks.nw_src);
1920 memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst);
1921
1922 return flow->nw_src == flow->nw_dst;
1923 } else {
1924 return false;
1925 }
1926}
1927
ff69c24a
FL		 1928/* Determines whether packets in 'flow' within 'xbridge' should be forwarded or
1929 * dropped. Returns true if they may be forwarded, false if they should be
1930 * dropped.
1931 *
1932 * 'in_port' must be the xport that corresponds to flow->in_port.
1933 * 'in_port' must be part of a bundle (e.g. in_port->bundle must be nonnull).
1934 *
1935 * 'vlan' must be the VLAN that corresponds to flow->vlan_tci on 'in_port', as
1936 * returned by input_vid_to_vlan(). It must be a valid VLAN for 'in_port', as
1937 * checked by input_vid_is_valid().
1938 *
1939 * May also add tags to '*tags', although the current implementation only does
1940 * so in one special case.
1941 */
1942static bool
1943is_admissible(struct xlate_ctx *ctx, struct xport *in_port,
1944 uint16_t vlan)
1945{
1946 struct xbundle *in_xbundle = in_port->xbundle;
1947 const struct xbridge *xbridge = ctx->xbridge;
1948 struct flow *flow = &ctx->xin->flow;
1949
1950 /* Drop frames for reserved multicast addresses
1951 * only if forward_bpdu option is absent. */
1952 if (!xbridge->forward_bpdu && eth_addr_is_reserved(flow->dl_dst)) {
1953 xlate_report(ctx, "packet has reserved destination MAC, dropping");
1954 return false;
1955 }
1956
1957 if (in_xbundle->bond) {
1958 struct mac_entry *mac;
1959
1960 switch (bond_check_admissibility(in_xbundle->bond, in_port->ofport,
1961 flow->dl_dst)) {
1962 case BV_ACCEPT:
1963 break;
1964
1965 case BV_DROP:
1966 xlate_report(ctx, "bonding refused admissibility, dropping");
1967 return false;
1968
1969 case BV_DROP_IF_MOVED:
1970 ovs_rwlock_rdlock(&xbridge->ml->rwlock);
1971 mac = mac_learning_lookup(xbridge->ml, flow->dl_src, vlan);
9d078ec2
BP		 1972 if (mac
1973 && mac_entry_get_port(xbridge->ml, mac) != in_xbundle->ofbundle
49a73e0c 1974 && (!is_gratuitous_arp(flow, ctx->wc)
9d078ec2 1975 || mac_entry_is_grat_arp_locked(mac))) {
ff69c24a
FL		 1976 ovs_rwlock_unlock(&xbridge->ml->rwlock);
1977 xlate_report(ctx, "SLB bond thinks this packet looped back, "
1978 "dropping");
1979 return false;
1980 }
1981 ovs_rwlock_unlock(&xbridge->ml->rwlock);
1982 break;
1983 }
1984 }
1985
1986 return true;
1987}
1988
ee047520 1989static void
064799a1
JR		 1990update_learning_table(const struct xbridge *xbridge,
1991 struct xbundle *in_xbundle, struct eth_addr dl_src,
1992 int vlan, bool is_grat_arp)
ee047520 1993{
064799a1 1994 if (in_xbundle == &ofpp_none_bundle) {
ee047520 1995 return;
9583bc14
EJ		 1996 }
1997
064799a1
JR		 1998 if (mac_learning_update(xbridge->ml, dl_src, vlan, is_grat_arp,
1999 in_xbundle->bond != NULL, in_xbundle->ofbundle)) {
9583bc14
EJ		 2000 /* The log messages here could actually be useful in debugging,
2001 * so keep the rate limit relatively high. */
2002 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, 300);
ee047520 2003
9583bc14
EJ		 2004 VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is "
2005 "on port %s in VLAN %d",
064799a1
JR		 2006 xbridge->name, ETH_ADDR_ARGS(dl_src), in_xbundle->name,
2007 vlan);
ee047520 2008 }
9583bc14
EJ		 2009}
2010
86e2dcdd
FL		 2011/* Updates multicast snooping table 'ms' given that a packet matching 'flow'
2012 * was received on 'in_xbundle' in 'vlan' and is either Report or Query. */
2013static void
06994f87
TLSC		 2014update_mcast_snooping_table4__(const struct xbridge *xbridge,
2015 const struct flow *flow,
2016 struct mcast_snooping *ms, int vlan,
2017 struct xbundle *in_xbundle,
2018 const struct dp_packet *packet)
86e2dcdd
FL		 2019 OVS_REQ_WRLOCK(ms->rwlock)
2020{
2021 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(60, 30);
e3102e42 2022 int count;
06994f87 2023 ovs_be32 ip4 = flow->igmp_group_ip4;
86e2dcdd
FL		 2024
2025 switch (ntohs(flow->tp_src)) {
2026 case IGMP_HOST_MEMBERSHIP_REPORT:
2027 case IGMPV2_HOST_MEMBERSHIP_REPORT:
964a4d5f 2028 if (mcast_snooping_add_group4(ms, ip4, vlan, in_xbundle->ofbundle)) {
86e2dcdd
FL		 2029 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping learned that "
2030 IP_FMT" is on port %s in VLAN %d",
2031 xbridge->name, IP_ARGS(ip4), in_xbundle->name, vlan);
2032 }
2033 break;
2034 case IGMP_HOST_LEAVE_MESSAGE:
964a4d5f 2035 if (mcast_snooping_leave_group4(ms, ip4, vlan, in_xbundle->ofbundle)) {
86e2dcdd
FL		 2036 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping leaving "
2037 IP_FMT" is on port %s in VLAN %d",
2038 xbridge->name, IP_ARGS(ip4), in_xbundle->name, vlan);
2039 }
2040 break;
2041 case IGMP_HOST_MEMBERSHIP_QUERY:
2042 if (flow->nw_src && mcast_snooping_add_mrouter(ms, vlan,
2043 in_xbundle->ofbundle)) {
2044 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping query from "
2045 IP_FMT" is on port %s in VLAN %d",
2046 xbridge->name, IP_ARGS(flow->nw_src),
2047 in_xbundle->name, vlan);
2048 }
2049 break;
e3102e42
TLSC		 2050 case IGMPV3_HOST_MEMBERSHIP_REPORT:
2051 if ((count = mcast_snooping_add_report(ms, packet, vlan,
2052 in_xbundle->ofbundle))) {
2053 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping processed %d "
2054 "addresses on port %s in VLAN %d",
2055 xbridge->name, count, in_xbundle->name, vlan);
2056 }
2057 break;
86e2dcdd
FL		 2058 }
2059}
2060
06994f87
TLSC		 2061static void
2062update_mcast_snooping_table6__(const struct xbridge *xbridge,
2063 const struct flow *flow,
2064 struct mcast_snooping *ms, int vlan,
2065 struct xbundle *in_xbundle,
2066 const struct dp_packet *packet)
2067 OVS_REQ_WRLOCK(ms->rwlock)
2068{
2069 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(60, 30);
2070 int count;
2071
2072 switch (ntohs(flow->tp_src)) {
2073 case MLD_QUERY:
2074 if (!ipv6_addr_equals(&flow->ipv6_src, &in6addr_any)
2075 && mcast_snooping_add_mrouter(ms, vlan, in_xbundle->ofbundle)) {
2076 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping query on port %s"
2077 "in VLAN %d",
2078 xbridge->name, in_xbundle->name, vlan);
2079 }
2080 break;
2081 case MLD_REPORT:
2082 case MLD_DONE:
2083 case MLD2_REPORT:
2084 count = mcast_snooping_add_mld(ms, packet, vlan, in_xbundle->ofbundle);
2085 if (count) {
2086 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping processed %d "
2087 "addresses on port %s in VLAN %d",
2088 xbridge->name, count, in_xbundle->name, vlan);
2089 }
2090 break;
2091 }
2092}
2093
86e2dcdd
FL		 2094/* Updates multicast snooping table 'ms' given that a packet matching 'flow'
2095 * was received on 'in_xbundle' in 'vlan'. */
2096static void
2097update_mcast_snooping_table(const struct xbridge *xbridge,
2098 const struct flow *flow, int vlan,
e3102e42
TLSC		 2099 struct xbundle *in_xbundle,
2100 const struct dp_packet *packet)
86e2dcdd
FL		 2101{
2102 struct mcast_snooping *ms = xbridge->ms;
2103 struct xlate_cfg *xcfg;
2104 struct xbundle *mcast_xbundle;
f4ae6e23 2105 struct mcast_port_bundle *fport;
86e2dcdd
FL		 2106
2107 /* Don't learn the OFPP_NONE port. */
2108 if (in_xbundle == &ofpp_none_bundle) {
2109 return;
2110 }
2111
2112 /* Don't learn from flood ports */
2113 mcast_xbundle = NULL;
2114 ovs_rwlock_wrlock(&ms->rwlock);
2115 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
f4ae6e23 2116 LIST_FOR_EACH(fport, node, &ms->fport_list) {
86e2dcdd
FL		 2117 mcast_xbundle = xbundle_lookup(xcfg, fport->port);
2118 if (mcast_xbundle == in_xbundle) {
2119 break;
2120 }
2121 }
2122
2123 if (!mcast_xbundle || mcast_xbundle != in_xbundle) {
06994f87
TLSC		 2124 if (flow->dl_type == htons(ETH_TYPE_IP)) {
2125 update_mcast_snooping_table4__(xbridge, flow, ms, vlan,
2126 in_xbundle, packet);
2127 } else {
2128 update_mcast_snooping_table6__(xbridge, flow, ms, vlan,
2129 in_xbundle, packet);
2130 }
86e2dcdd
FL		 2131 }
2132 ovs_rwlock_unlock(&ms->rwlock);
2133}
2134
2135/* send the packet to ports having the multicast group learned */
2136static void
2137xlate_normal_mcast_send_group(struct xlate_ctx *ctx,
2138 struct mcast_snooping *ms OVS_UNUSED,
2139 struct mcast_group *grp,
2140 struct xbundle *in_xbundle, uint16_t vlan)
2141 OVS_REQ_RDLOCK(ms->rwlock)
2142{
2143 struct xlate_cfg *xcfg;
2144 struct mcast_group_bundle *b;
2145 struct xbundle *mcast_xbundle;
2146
2147 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2148 LIST_FOR_EACH(b, bundle_node, &grp->bundle_lru) {
2149 mcast_xbundle = xbundle_lookup(xcfg, b->port);
2150 if (mcast_xbundle && mcast_xbundle != in_xbundle) {
2151 xlate_report(ctx, "forwarding to mcast group port");
2152 output_normal(ctx, mcast_xbundle, vlan);
2153 } else if (!mcast_xbundle) {
2154 xlate_report(ctx, "mcast group port is unknown, dropping");
2155 } else {
2156 xlate_report(ctx, "mcast group port is input port, dropping");
2157 }
2158 }
2159}
2160
2161/* send the packet to ports connected to multicast routers */
2162static void
2163xlate_normal_mcast_send_mrouters(struct xlate_ctx *ctx,
2164 struct mcast_snooping *ms,
2165 struct xbundle *in_xbundle, uint16_t vlan)
2166 OVS_REQ_RDLOCK(ms->rwlock)
2167{
2168 struct xlate_cfg *xcfg;
2169 struct mcast_mrouter_bundle *mrouter;
2170 struct xbundle *mcast_xbundle;
2171
2172 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2173 LIST_FOR_EACH(mrouter, mrouter_node, &ms->mrouter_lru) {
2174 mcast_xbundle = xbundle_lookup(xcfg, mrouter->port);
2175 if (mcast_xbundle && mcast_xbundle != in_xbundle) {
2176 xlate_report(ctx, "forwarding to mcast router port");
2177 output_normal(ctx, mcast_xbundle, vlan);
2178 } else if (!mcast_xbundle) {
2179 xlate_report(ctx, "mcast router port is unknown, dropping");
2180 } else {
2181 xlate_report(ctx, "mcast router port is input port, dropping");
2182 }
2183 }
2184}
2185
2186/* send the packet to ports flagged to be flooded */
2187static void
2188xlate_normal_mcast_send_fports(struct xlate_ctx *ctx,
2189 struct mcast_snooping *ms,
2190 struct xbundle *in_xbundle, uint16_t vlan)
2191 OVS_REQ_RDLOCK(ms->rwlock)
2192{
2193 struct xlate_cfg *xcfg;
f4ae6e23 2194 struct mcast_port_bundle *fport;
86e2dcdd
FL		 2195 struct xbundle *mcast_xbundle;
2196
2197 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
f4ae6e23 2198 LIST_FOR_EACH(fport, node, &ms->fport_list) {
86e2dcdd
FL		 2199 mcast_xbundle = xbundle_lookup(xcfg, fport->port);
2200 if (mcast_xbundle && mcast_xbundle != in_xbundle) {
2201 xlate_report(ctx, "forwarding to mcast flood port");
2202 output_normal(ctx, mcast_xbundle, vlan);
2203 } else if (!mcast_xbundle) {
2204 xlate_report(ctx, "mcast flood port is unknown, dropping");
2205 } else {
2206 xlate_report(ctx, "mcast flood port is input port, dropping");
2207 }
2208 }
2209}
2210
8e04a33f
FL		 2211/* forward the Reports to configured ports */
2212static void
2213xlate_normal_mcast_send_rports(struct xlate_ctx *ctx,
2214 struct mcast_snooping *ms,
2215 struct xbundle *in_xbundle, uint16_t vlan)
2216 OVS_REQ_RDLOCK(ms->rwlock)
2217{
2218 struct xlate_cfg *xcfg;
2219 struct mcast_port_bundle *rport;
2220 struct xbundle *mcast_xbundle;
2221
2222 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2223 LIST_FOR_EACH(rport, node, &ms->rport_list) {
2224 mcast_xbundle = xbundle_lookup(xcfg, rport->port);
2225 if (mcast_xbundle && mcast_xbundle != in_xbundle) {
2226 xlate_report(ctx, "forwarding Report to mcast flagged port");
2227 output_normal(ctx, mcast_xbundle, vlan);
2228 } else if (!mcast_xbundle) {
2229 xlate_report(ctx, "mcast port is unknown, dropping the Report");
2230 } else {
2231 xlate_report(ctx, "mcast port is input port, dropping the Report");
2232 }
2233 }
2234}
2235
682800a4
FL		 2236static void
2237xlate_normal_flood(struct xlate_ctx *ctx, struct xbundle *in_xbundle,
2238 uint16_t vlan)
2239{
2240 struct xbundle *xbundle;
2241
2242 LIST_FOR_EACH (xbundle, list_node, &ctx->xbridge->xbundles) {
2243 if (xbundle != in_xbundle
2244 && xbundle_includes_vlan(xbundle, vlan)
2245 && xbundle->floodable
2246 && !xbundle_mirror_out(ctx->xbridge, xbundle)) {
2247 output_normal(ctx, xbundle, vlan);
2248 }
2249 }
2031ef97 2250 ctx->nf_output_iface = NF_OUT_FLOOD;
682800a4
FL		 2251}
2252
a75636c8
BP		 2253static bool
2254is_ip_local_multicast(const struct flow *flow, struct flow_wildcards *wc)
2255{
2256 if (flow->dl_type == htons(ETH_TYPE_IP)) {
2257 memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst);
2258 return ip_is_local_multicast(flow->nw_dst);
2259 } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
2260 memset(&wc->masks.ipv6_dst, 0xff, sizeof wc->masks.ipv6_dst);
2261 return ipv6_is_all_hosts(&flow->ipv6_dst);
2262 } else {
2263 return false;
2264 }
2265}
2266
9583bc14
EJ		 2267static void
2268xlate_normal(struct xlate_ctx *ctx)
2269{
49a73e0c 2270 struct flow_wildcards *wc = ctx->wc;
33bf9176 2271 struct flow *flow = &ctx->xin->flow;
46c88433
EJ		 2272 struct xbundle *in_xbundle;
2273 struct xport *in_port;
9583bc14 2274 struct mac_entry *mac;
d6d5bbc9 2275 void *mac_port;
9583bc14
EJ		 2276 uint16_t vlan;
2277 uint16_t vid;
2278
33bf9176
BP		 2279 memset(&wc->masks.dl_src, 0xff, sizeof wc->masks.dl_src);
2280 memset(&wc->masks.dl_dst, 0xff, sizeof wc->masks.dl_dst);
1dd35f8a 2281 wc->masks.vlan_tci |= htons(VLAN_VID_MASK | VLAN_CFI);
9583bc14 2282
46c88433
EJ		 2283 in_xbundle = lookup_input_bundle(ctx->xbridge, flow->in_port.ofp_port,
2284 ctx->xin->packet != NULL, &in_port);
2285 if (!in_xbundle) {
9583bc14
EJ		 2286 xlate_report(ctx, "no input bundle, dropping");
2287 return;
2288 }
2289
2290 /* Drop malformed frames. */
33bf9176
BP		 2291 if (flow->dl_type == htons(ETH_TYPE_VLAN) &&
2292 !(flow->vlan_tci & htons(VLAN_CFI))) {
9583bc14
EJ		 2293 if (ctx->xin->packet != NULL) {
2294 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2295 VLOG_WARN_RL(&rl, "bridge %s: dropping packet with partial "
2296 "VLAN tag received on port %s",
46c88433 2297 ctx->xbridge->name, in_xbundle->name);
9583bc14
EJ		 2298 }
2299 xlate_report(ctx, "partial VLAN tag, dropping");
2300 return;
2301 }
2302
2303 /* Drop frames on bundles reserved for mirroring. */
46c88433 2304 if (xbundle_mirror_out(ctx->xbridge, in_xbundle)) {
9583bc14
EJ		 2305 if (ctx->xin->packet != NULL) {
2306 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2307 VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port "
2308 "%s, which is reserved exclusively for mirroring",
46c88433 2309 ctx->xbridge->name, in_xbundle->name);
9583bc14
EJ		 2310 }
2311 xlate_report(ctx, "input port is mirror output port, dropping");
2312 return;
2313 }
2314
2315 /* Check VLAN. */
33bf9176 2316 vid = vlan_tci_to_vid(flow->vlan_tci);
46c88433 2317 if (!input_vid_is_valid(vid, in_xbundle, ctx->xin->packet != NULL)) {
9583bc14
EJ		 2318 xlate_report(ctx, "disallowed VLAN VID for this input port, dropping");
2319 return;
2320 }
46c88433 2321 vlan = input_vid_to_vlan(in_xbundle, vid);
9583bc14
EJ		 2322
2323 /* Check other admissibility requirements. */
2324 if (in_port && !is_admissible(ctx, in_port, vlan)) {
2325 return;
2326 }
2327
2328 /* Learn source MAC. */
064799a1 2329 bool is_grat_arp = is_gratuitous_arp(flow, wc);
df70a773 2330 if (ctx->xin->allow_side_effects) {
064799a1
JR		 2331 update_learning_table(ctx->xbridge, in_xbundle, flow->dl_src, vlan,
2332 is_grat_arp);
9583bc14 2333 }
064799a1 2334 if (ctx->xin->xcache && in_xbundle != &ofpp_none_bundle) {
b256dc52
JS		 2335 struct xc_entry *entry;
2336
064799a1 2337 /* Save just enough info to update mac learning table later. */
b256dc52 2338 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_NORMAL);
901a517e
JR		 2339 entry->normal.ofproto = ctx->xbridge->ofproto;
2340 entry->normal.in_port = flow->in_port.ofp_port;
2341 entry->normal.dl_src = flow->dl_src;
2342 entry->normal.vlan = vlan;
2343 entry->normal.is_gratuitous_arp = is_grat_arp;
b256dc52 2344 }
9583bc14
EJ		 2345
2346 /* Determine output bundle. */
86e2dcdd
FL		 2347 if (mcast_snooping_enabled(ctx->xbridge->ms)
2348 && !eth_addr_is_broadcast(flow->dl_dst)
2349 && eth_addr_is_multicast(flow->dl_dst)
06994f87 2350 && is_ip_any(flow)) {
86e2dcdd 2351 struct mcast_snooping *ms = ctx->xbridge->ms;
06994f87 2352 struct mcast_group *grp = NULL;
86e2dcdd 2353
a75636c8
BP		 2354 if (is_igmp(flow, wc)) {
2355 memset(&wc->masks.tp_src, 0xff, sizeof wc->masks.tp_src);
d29f137b
TLSC		 2356 if (mcast_snooping_is_membership(flow->tp_src) ||
2357 mcast_snooping_is_query(flow->tp_src)) {
df70a773 2358 if (ctx->xin->allow_side_effects && ctx->xin->packet) {
86e2dcdd 2359 update_mcast_snooping_table(ctx->xbridge, flow, vlan,
e3102e42 2360 in_xbundle, ctx->xin->packet);
d29f137b
TLSC		 2361 }
2362 /*
2363 * IGMP packets need to take the slow path, in order to be
2364 * processed for mdb updates. That will prevent expires
2365 * firing off even after hosts have sent reports.
2366 */
2367 ctx->xout->slow |= SLOW_ACTION;
86e2dcdd 2368 }
d6d5bbc9 2369
86e2dcdd
FL		 2370 if (mcast_snooping_is_membership(flow->tp_src)) {
2371 ovs_rwlock_rdlock(&ms->rwlock);
2372 xlate_normal_mcast_send_mrouters(ctx, ms, in_xbundle, vlan);
8e04a33f
FL		 2373 /* RFC4541: section 2.1.1, item 1: A snooping switch should
2374 * forward IGMP Membership Reports only to those ports where
2375 * multicast routers are attached. Alternatively stated: a
2376 * snooping switch should not forward IGMP Membership Reports
2377 * to ports on which only hosts are attached.
2378 * An administrative control may be provided to override this
2379 * restriction, allowing the report messages to be flooded to
2380 * other ports. */
2381 xlate_normal_mcast_send_rports(ctx, ms, in_xbundle, vlan);
86e2dcdd
FL		 2382 ovs_rwlock_unlock(&ms->rwlock);
2383 } else {
2384 xlate_report(ctx, "multicast traffic, flooding");
2385 xlate_normal_flood(ctx, in_xbundle, vlan);
2386 }
2387 return;
a75636c8 2388 } else if (is_mld(flow, wc)) {
06994f87 2389 ctx->xout->slow |= SLOW_ACTION;
df70a773 2390 if (ctx->xin->allow_side_effects && ctx->xin->packet) {
06994f87
TLSC		 2391 update_mcast_snooping_table(ctx->xbridge, flow, vlan,
2392 in_xbundle, ctx->xin->packet);
2393 }
a75636c8 2394 if (is_mld_report(flow, wc)) {
06994f87
TLSC		 2395 ovs_rwlock_rdlock(&ms->rwlock);
2396 xlate_normal_mcast_send_mrouters(ctx, ms, in_xbundle, vlan);
2397 xlate_normal_mcast_send_rports(ctx, ms, in_xbundle, vlan);
2398 ovs_rwlock_unlock(&ms->rwlock);
2399 } else {
2400 xlate_report(ctx, "MLD query, flooding");
2401 xlate_normal_flood(ctx, in_xbundle, vlan);
2402 }
86e2dcdd 2403 } else {
a75636c8 2404 if (is_ip_local_multicast(flow, wc)) {
86e2dcdd
FL		 2405 /* RFC4541: section 2.1.2, item 2: Packets with a dst IP
2406 * address in the 224.0.0.x range which are not IGMP must
2407 * be forwarded on all ports */
2408 xlate_report(ctx, "RFC4541: section 2.1.2, item 2, flooding");
2409 xlate_normal_flood(ctx, in_xbundle, vlan);
2410 return;
2411 }
2412 }
2413
2414 /* forwarding to group base ports */
2415 ovs_rwlock_rdlock(&ms->rwlock);
06994f87
TLSC		 2416 if (flow->dl_type == htons(ETH_TYPE_IP)) {
2417 grp = mcast_snooping_lookup4(ms, flow->nw_dst, vlan);
2418 } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
2419 grp = mcast_snooping_lookup(ms, &flow->ipv6_dst, vlan);
2420 }
86e2dcdd
FL		 2421 if (grp) {
2422 xlate_normal_mcast_send_group(ctx, ms, grp, in_xbundle, vlan);
2423 xlate_normal_mcast_send_fports(ctx, ms, in_xbundle, vlan);
2424 xlate_normal_mcast_send_mrouters(ctx, ms, in_xbundle, vlan);
9583bc14 2425 } else {
86e2dcdd
FL		 2426 if (mcast_snooping_flood_unreg(ms)) {
2427 xlate_report(ctx, "unregistered multicast, flooding");
2428 xlate_normal_flood(ctx, in_xbundle, vlan);
2429 } else {
2430 xlate_normal_mcast_send_mrouters(ctx, ms, in_xbundle, vlan);
2431 xlate_normal_mcast_send_fports(ctx, ms, in_xbundle, vlan);
2432 }
9583bc14 2433 }
86e2dcdd 2434 ovs_rwlock_unlock(&ms->rwlock);
9583bc14 2435 } else {
86e2dcdd
FL		 2436 ovs_rwlock_rdlock(&ctx->xbridge->ml->rwlock);
2437 mac = mac_learning_lookup(ctx->xbridge->ml, flow->dl_dst, vlan);
9d078ec2 2438 mac_port = mac ? mac_entry_get_port(ctx->xbridge->ml, mac) : NULL;
86e2dcdd
FL		 2439 ovs_rwlock_unlock(&ctx->xbridge->ml->rwlock);
2440
2441 if (mac_port) {
2442 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2443 struct xbundle *mac_xbundle = xbundle_lookup(xcfg, mac_port);
2444 if (mac_xbundle && mac_xbundle != in_xbundle) {
2445 xlate_report(ctx, "forwarding to learned port");
2446 output_normal(ctx, mac_xbundle, vlan);
2447 } else if (!mac_xbundle) {
2448 xlate_report(ctx, "learned port is unknown, dropping");
2449 } else {
2450 xlate_report(ctx, "learned port is input port, dropping");
2451 }
2452 } else {
2453 xlate_report(ctx, "no learned MAC for destination, flooding");
2454 xlate_normal_flood(ctx, in_xbundle, vlan);
2455 }
9583bc14
EJ		 2456 }
2457}
2458
a6092018
BP		 2459/* Appends a "sample" action for sFlow or IPFIX to 'ctx->odp_actions'. The
2460 * 'probability' is the number of packets out of UINT32_MAX to sample. The
2461 * 'cookie' (of length 'cookie_size' bytes) is passed back in the callback for
2462 * each sampled packet. 'tunnel_out_port', if not ODPP_NONE, is added as the
2463 * OVS_USERSPACE_ATTR_EGRESS_TUN_PORT attribute. If 'include_actions', an
f69f713b
BY		 2464 * OVS_USERSPACE_ATTR_ACTIONS attribute is added. If 'emit_set_tunnel',
2465 * sample(sampling_port=1) would translate into datapath sample action
2466 * set(tunnel(...)), sample(...) and it is used for sampling egress tunnel
2467 * information.
9583bc14
EJ		 2468 */
2469static size_t
a6092018 2470compose_sample_action(struct xlate_ctx *ctx,
9583bc14
EJ		 2471 const uint32_t probability,
2472 const union user_action_cookie *cookie,
8b7ea2d4 2473 const size_t cookie_size,
7321bda3
NM		 2474 const odp_port_t tunnel_out_port,
2475 bool include_actions)
9583bc14 2476{
a6092018
BP		 2477 size_t sample_offset = nl_msg_start_nested(ctx->odp_actions,
2478 OVS_ACTION_ATTR_SAMPLE);
9583bc14 2479
a6092018 2480 nl_msg_put_u32(ctx->odp_actions, OVS_SAMPLE_ATTR_PROBABILITY, probability);
9583bc14 2481
a6092018
BP		 2482 size_t actions_offset = nl_msg_start_nested(ctx->odp_actions,
2483 OVS_SAMPLE_ATTR_ACTIONS);
9583bc14 2484
a6092018
BP		 2485 odp_port_t odp_port = ofp_port_to_odp_port(
2486 ctx->xbridge, ctx->xin->flow.in_port.ofp_port);
2487 uint32_t pid = dpif_port_get_pid(ctx->xbridge->dpif, odp_port,
2488 flow_hash_5tuple(&ctx->xin->flow, 0));
2489 int cookie_offset = odp_put_userspace_action(pid, cookie, cookie_size,
2490 tunnel_out_port,
2491 include_actions,
2492 ctx->odp_actions);
89a8a7f0 2493
a6092018
BP		 2494 nl_msg_end_nested(ctx->odp_actions, actions_offset);
2495 nl_msg_end_nested(ctx->odp_actions, sample_offset);
9583bc14 2496
9583bc14
EJ		 2497 return cookie_offset;
2498}
2499
a6092018
BP		 2500/* If sFLow is not enabled, returns 0 without doing anything.
2501 *
2502 * If sFlow is enabled, appends a template "sample" action to the ODP actions
2503 * in 'ctx'. This action is a template because some of the information needed
2504 * to fill it out is not available until flow translation is complete. In this
2505 * case, this functions returns an offset, which is always nonzero, to pass
2506 * later to fix_sflow_action() to fill in the rest of the template. */
9583bc14 2507static size_t
a6092018 2508compose_sflow_action(struct xlate_ctx *ctx)
9583bc14 2509{
a6092018
BP		 2510 struct dpif_sflow *sflow = ctx->xbridge->sflow;
2511 if (!sflow || ctx->xin->flow.in_port.ofp_port == OFPP_NONE) {
9583bc14
EJ		 2512 return 0;
2513 }
2514
a6092018
BP		 2515 union user_action_cookie cookie = { .type = USER_ACTION_COOKIE_SFLOW };
2516 return compose_sample_action(ctx, dpif_sflow_get_probability(sflow),
7321bda3
NM		 2517 &cookie, sizeof cookie.sflow, ODPP_NONE,
2518 true);
9583bc14
EJ		 2519}
2520
f69f713b
BY		 2521/* If flow IPFIX is enabled, make sure IPFIX flow sample action
2522 * at egress point of tunnel port is just in front of corresponding
2523 * output action. If bridge IPFIX is enabled, this appends an IPFIX
2524 * sample action to 'ctx->odp_actions'. */
9583bc14 2525static void
a6092018 2526compose_ipfix_action(struct xlate_ctx *ctx, odp_port_t output_odp_port)
9583bc14 2527{
a6092018 2528 struct dpif_ipfix *ipfix = ctx->xbridge->ipfix;
8b7ea2d4 2529 odp_port_t tunnel_out_port = ODPP_NONE;
9583bc14 2530
a6092018 2531 if (!ipfix || ctx->xin->flow.in_port.ofp_port == OFPP_NONE) {
9583bc14
EJ		 2532 return;
2533 }
2534
8b7ea2d4
WZ		 2535 /* For input case, output_odp_port is ODPP_NONE, which is an invalid port
2536 * number. */
2537 if (output_odp_port == ODPP_NONE &&
a6092018 2538 !dpif_ipfix_get_bridge_exporter_input_sampling(ipfix)) {
8b7ea2d4
WZ		 2539 return;
2540 }
2541
f69f713b 2542 /* For output case, output_odp_port is valid. */
8b7ea2d4 2543 if (output_odp_port != ODPP_NONE) {
a6092018 2544 if (!dpif_ipfix_get_bridge_exporter_output_sampling(ipfix)) {
8b7ea2d4
WZ		 2545 return;
2546 }
2547 /* If tunnel sampling is enabled, put an additional option attribute:
2548 * OVS_USERSPACE_ATTR_TUNNEL_OUT_PORT
2549 */
a6092018
BP		 2550 if (dpif_ipfix_get_bridge_exporter_tunnel_sampling(ipfix) &&
2551 dpif_ipfix_get_tunnel_port(ipfix, output_odp_port) ) {
8b7ea2d4
WZ		 2552 tunnel_out_port = output_odp_port;
2553 }
2554 }
2555
a6092018
BP		 2556 union user_action_cookie cookie = {
2557 .ipfix = {
2558 .type = USER_ACTION_COOKIE_IPFIX,
2559 .output_odp_port = output_odp_port,
2560 }
2561 };
2562 compose_sample_action(ctx,
2563 dpif_ipfix_get_bridge_exporter_probability(ipfix),
7321bda3
NM		 2564 &cookie, sizeof cookie.ipfix, tunnel_out_port,
2565 false);
9583bc14
EJ		 2566}
2567
a6092018
BP		 2568/* Fix "sample" action according to data collected while composing ODP actions,
2569 * as described in compose_sflow_action().
2570 *
2571 * 'user_cookie_offset' must be the offset returned by add_sflow_action(). */
9583bc14 2572static void
a6092018 2573fix_sflow_action(struct xlate_ctx *ctx, unsigned int user_cookie_offset)
9583bc14
EJ		 2574{
2575 const struct flow *base = &ctx->base_flow;
2576 union user_action_cookie *cookie;
2577
a6092018 2578 cookie = ofpbuf_at(ctx->odp_actions, user_cookie_offset,
9583bc14
EJ		 2579 sizeof cookie->sflow);
2580 ovs_assert(cookie->type == USER_ACTION_COOKIE_SFLOW);
2581
a6092018
BP		 2582 cookie->type = USER_ACTION_COOKIE_SFLOW;
2583 cookie->sflow.vlan_tci = base->vlan_tci;
2584
2585 /* See http://www.sflow.org/sflow_version_5.txt (search for "Input/output
2586 * port information") for the interpretation of cookie->output. */
2587 switch (ctx->sflow_n_outputs) {
2588 case 0:
2589 /* 0x40000000 | 256 means "packet dropped for unknown reason". */
2590 cookie->sflow.output = 0x40000000 | 256;
2591 break;
2592
2593 case 1:
2594 cookie->sflow.output = dpif_sflow_odp_port_to_ifindex(
2595 ctx->xbridge->sflow, ctx->sflow_odp_port);
2596 if (cookie->sflow.output) {
2597 break;
2598 }
2599 /* Fall through. */
2600 default:
2601 /* 0x80000000 means "multiple output ports. */
2602 cookie->sflow.output = 0x80000000 | ctx->sflow_n_outputs;
2603 break;
2604 }
9583bc14
EJ		 2605}
2606
515793d5
BP		 2607static bool
2608process_special(struct xlate_ctx *ctx, const struct xport *xport)
db7d4e46 2609{
515793d5 2610 const struct flow *flow = &ctx->xin->flow;
49a73e0c 2611 struct flow_wildcards *wc = ctx->wc;
46c88433 2612 const struct xbridge *xbridge = ctx->xbridge;
515793d5
BP		 2613 const struct dp_packet *packet = ctx->xin->packet;
2614 enum slow_path_reason slow;
642dc74d 2615
46c88433 2616 if (!xport) {
515793d5 2617 slow = 0;
46c88433 2618 } else if (xport->cfm && cfm_should_process_flow(xport->cfm, flow, wc)) {
db7d4e46 2619 if (packet) {
46c88433 2620 cfm_process_heartbeat(xport->cfm, packet);
db7d4e46 2621 }
515793d5 2622 slow = SLOW_CFM;
fab52e16 2623 } else if (xport->bfd && bfd_should_process_flow(xport->bfd, flow, wc)) {
db7d4e46 2624 if (packet) {
46c88433 2625 bfd_process_packet(xport->bfd, flow, packet);
60d02c72
AW		 2626 /* If POLL received, immediately sends FINAL back. */
2627 if (bfd_should_send_packet(xport->bfd)) {
6d308b28 2628 ofproto_dpif_monitor_port_send_soon(xport->ofport);
60d02c72 2629 }
db7d4e46 2630 }
515793d5 2631 slow = SLOW_BFD;
46c88433 2632 } else if (xport->xbundle && xport->xbundle->lacp
db7d4e46
JP		 2633 && flow->dl_type == htons(ETH_TYPE_LACP)) {
2634 if (packet) {
46c88433 2635 lacp_process_packet(xport->xbundle->lacp, xport->ofport, packet);
db7d4e46 2636 }
515793d5 2637 slow = SLOW_LACP;
9efd308e
DV		 2638 } else if ((xbridge->stp || xbridge->rstp) &&
2639 stp_should_process_flow(flow, wc)) {
db7d4e46 2640 if (packet) {
f025bcb7
JR		 2641 xbridge->stp
2642 ? stp_process_packet(xport, packet)
2643 : rstp_process_packet(xport, packet);
db7d4e46 2644 }
515793d5 2645 slow = SLOW_STP;
19aef6ef 2646 } else if (xport->lldp && lldp_should_process_flow(xport->lldp, flow)) {
0477baa9
DF		 2647 if (packet) {
2648 lldp_process_packet(xport->lldp, packet);
2649 }
515793d5 2650 slow = SLOW_LLDP;
db7d4e46 2651 } else {
515793d5
BP		 2652 slow = 0;
2653 }
2654
2655 if (slow) {
2656 ctx->xout->slow |= slow;
2657 return true;
2658 } else {
2659 return false;
db7d4e46
JP		 2660 }
2661}
2662
a36de779
PS		 2663static int
2664tnl_route_lookup_flow(const struct flow *oflow,
a8704b50
PS		 2665 struct in6_addr *ip, struct in6_addr *src,
2666 struct xport **out_port)
a36de779
PS		 2667{
2668 char out_dev[IFNAMSIZ];
2669 struct xbridge *xbridge;
2670 struct xlate_cfg *xcfg;
c2b878e0
TLSC		 2671 struct in6_addr gw;
2672 struct in6_addr dst;
a36de779 2673
c2b878e0 2674 dst = flow_tnl_dst(&oflow->tunnel);
a8704b50 2675 if (!ovs_router_lookup(&dst, out_dev, src, &gw)) {
a36de779
PS		 2676 return -ENOENT;
2677 }
2678
c2b878e0
TLSC		 2679 if (ipv6_addr_is_set(&gw) &&
2680 (!IN6_IS_ADDR_V4MAPPED(&gw) || in6_addr_get_mapped_ipv4(&gw))) {
a36de779
PS		 2681 *ip = gw;
2682 } else {
c2b878e0 2683 *ip = dst;
a36de779
PS		 2684 }
2685
2686 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2687 ovs_assert(xcfg);
2688
2689 HMAP_FOR_EACH (xbridge, hmap_node, &xcfg->xbridges) {
2690 if (!strncmp(xbridge->name, out_dev, IFNAMSIZ)) {
2691 struct xport *port;
2692
2693 HMAP_FOR_EACH (port, ofp_node, &xbridge->xports) {
2694 if (!strncmp(netdev_get_name(port->netdev), out_dev, IFNAMSIZ)) {
2695 *out_port = port;
2696 return 0;
2697 }
2698 }
2699 }
2700 }
2701 return -ENOENT;
2702}
2703
2704static int
cdd42eda
JG		 2705compose_table_xlate(struct xlate_ctx *ctx, const struct xport *out_dev,
2706 struct dp_packet *packet)
a36de779 2707{
cdd42eda 2708 struct xbridge *xbridge = out_dev->xbridge;
a36de779
PS		 2709 struct ofpact_output output;
2710 struct flow flow;
2711
2712 ofpact_init(&output.ofpact, OFPACT_OUTPUT, sizeof output);
cf62fa4c 2713 flow_extract(packet, &flow);
cdd42eda
JG		 2714 flow.in_port.ofp_port = out_dev->ofp_port;
2715 output.port = OFPP_TABLE;
a36de779
PS		 2716 output.max_len = 0;
2717
1f4a8933
JR		 2718 return ofproto_dpif_execute_actions__(xbridge->ofproto,
2719 ctx->xin->tables_version, &flow,
2720 NULL, &output.ofpact, sizeof output,
790c5d26
BP		 2721 ctx->indentation, ctx->depth,
2722 ctx->resubmits, packet);
a36de779
PS		 2723}
2724
c2b878e0
TLSC		 2725static void
2726tnl_send_nd_request(struct xlate_ctx *ctx, const struct xport *out_dev,
2727 const struct eth_addr eth_src,
2728 struct in6_addr * ipv6_src, struct in6_addr * ipv6_dst)
2729{
2730 struct dp_packet packet;
2731
2732 dp_packet_init(&packet, 0);
16187903 2733 compose_nd_ns(&packet, eth_src, ipv6_src, ipv6_dst);
c2b878e0
TLSC		 2734 compose_table_xlate(ctx, out_dev, &packet);
2735 dp_packet_uninit(&packet);
2736}
2737
a36de779 2738static void
cdd42eda 2739tnl_send_arp_request(struct xlate_ctx *ctx, const struct xport *out_dev,
74ff3298 2740 const struct eth_addr eth_src,
a36de779
PS		 2741 ovs_be32 ip_src, ovs_be32 ip_dst)
2742{
cf62fa4c 2743 struct dp_packet packet;
a36de779 2744
cf62fa4c 2745 dp_packet_init(&packet, 0);
eb0b295e
BP		 2746 compose_arp(&packet, ARP_OP_REQUEST,
2747 eth_src, eth_addr_zero, true, ip_src, ip_dst);
a36de779 2748
cdd42eda 2749 compose_table_xlate(ctx, out_dev, &packet);
cf62fa4c 2750 dp_packet_uninit(&packet);
a36de779
PS		 2751}
2752
2753static int
81de18ec 2754build_tunnel_send(struct xlate_ctx *ctx, const struct xport *xport,
a36de779
PS		 2755 const struct flow *flow, odp_port_t tunnel_odp_port)
2756{
4975aa3e 2757 struct netdev_tnl_build_header_params tnl_params;
a36de779
PS		 2758 struct ovs_action_push_tnl tnl_push_data;
2759 struct xport *out_dev = NULL;
c2b878e0
TLSC		 2760 ovs_be32 s_ip = 0, d_ip = 0;
2761 struct in6_addr s_ip6 = in6addr_any;
2762 struct in6_addr d_ip6 = in6addr_any;
74ff3298
JR		 2763 struct eth_addr smac;
2764 struct eth_addr dmac;
a36de779 2765 int err;
c2b878e0
TLSC		 2766 char buf_sip6[INET6_ADDRSTRLEN];
2767 char buf_dip6[INET6_ADDRSTRLEN];
a36de779 2768
a8704b50 2769 err = tnl_route_lookup_flow(flow, &d_ip6, &s_ip6, &out_dev);
a36de779 2770 if (err) {
81de18ec 2771 xlate_report(ctx, "native tunnel routing failed");
a36de779
PS		 2772 return err;
2773 }
c2b878e0
TLSC		 2774
2775 xlate_report(ctx, "tunneling to %s via %s",
2776 ipv6_string_mapped(buf_dip6, &d_ip6),
2777 netdev_get_name(out_dev->netdev));
a36de779
PS		 2778
2779 /* Use mac addr of bridge port of the peer. */
74ff3298 2780 err = netdev_get_etheraddr(out_dev->netdev, &smac);
a36de779 2781 if (err) {
81de18ec 2782 xlate_report(ctx, "tunnel output device lacks Ethernet address");
a36de779
PS		 2783 return err;
2784 }
2785
c2b878e0
TLSC		 2786 d_ip = in6_addr_get_mapped_ipv4(&d_ip6);
2787 if (d_ip) {
a8704b50 2788 s_ip = in6_addr_get_mapped_ipv4(&s_ip6);
a36de779
PS		 2789 }
2790
c2b878e0 2791 err = tnl_neigh_lookup(out_dev->xbridge->name, &d_ip6, &dmac);
a36de779 2792 if (err) {
c2b878e0
TLSC		 2793 xlate_report(ctx, "neighbor cache miss for %s on bridge %s, "
2794 "sending %s request",
2795 buf_dip6, out_dev->xbridge->name, d_ip ? "ARP" : "ND");
2796 if (d_ip) {
2797 tnl_send_arp_request(ctx, out_dev, smac, s_ip, d_ip);
2798 } else {
2799 tnl_send_nd_request(ctx, out_dev, smac, &s_ip6, &d_ip6);
2800 }
a36de779
PS		 2801 return err;
2802 }
c2b878e0 2803
a36de779
PS		 2804 if (ctx->xin->xcache) {
2805 struct xc_entry *entry;
2806
53902038 2807 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_TNL_NEIGH);
901a517e
JR		 2808 ovs_strlcpy(entry->tnl_neigh_cache.br_name, out_dev->xbridge->name,
2809 sizeof entry->tnl_neigh_cache.br_name);
2810 entry->tnl_neigh_cache.d_ipv6 = d_ip6;
a36de779 2811 }
81de18ec 2812
c2b878e0
TLSC		 2813 xlate_report(ctx, "tunneling from "ETH_ADDR_FMT" %s"
2814 " to "ETH_ADDR_FMT" %s",
2815 ETH_ADDR_ARGS(smac), ipv6_string_mapped(buf_sip6, &s_ip6),
2816 ETH_ADDR_ARGS(dmac), buf_dip6);
2817
4975aa3e
PS		 2818 netdev_init_tnl_build_header_params(&tnl_params, flow, &s_ip6, dmac, smac);
2819 err = tnl_port_build_header(xport->ofport, &tnl_push_data, &tnl_params);
a36de779
PS		 2820 if (err) {
2821 return err;
2822 }
2823 tnl_push_data.tnl_port = odp_to_u32(tunnel_odp_port);
2824 tnl_push_data.out_port = odp_to_u32(out_dev->odp_port);
1520ef4f 2825 odp_put_tnl_push_action(ctx->odp_actions, &tnl_push_data);
a36de779
PS		 2826 return 0;
2827}
2828
704bb0bf
JS		 2829static void
2830xlate_commit_actions(struct xlate_ctx *ctx)
2831{
2832 bool use_masked = ctx->xbridge->support.masked_set_action;
2833
2834 ctx->xout->slow |= commit_odp_actions(&ctx->xin->flow, &ctx->base_flow,
2835 ctx->odp_actions, ctx->wc,
2836 use_masked);
2837}
2838
07659514
JS		 2839static void
2840clear_conntrack(struct flow *flow)
2841{
2842 flow->ct_state = 0;
2843 flow->ct_zone = 0;
8e53fe8c 2844 flow->ct_mark = 0;
9daf2348 2845 memset(&flow->ct_label, 0, sizeof flow->ct_label);
07659514
JS		 2846}
2847
9583bc14 2848static void
4e022ec0 2849compose_output_action__(struct xlate_ctx *ctx, ofp_port_t ofp_port,
e93ef1c7 2850 const struct xlate_bond_recirc *xr, bool check_stp)
9583bc14 2851{
46c88433 2852 const struct xport *xport = get_ofp_port(ctx->xbridge, ofp_port);
49a73e0c 2853 struct flow_wildcards *wc = ctx->wc;
33bf9176 2854 struct flow *flow = &ctx->xin->flow;
a36de779 2855 struct flow_tnl flow_tnl;
9583bc14 2856 ovs_be16 flow_vlan_tci;
1362e248 2857 uint32_t flow_pkt_mark;
9583bc14 2858 uint8_t flow_nw_tos;
4e022ec0 2859 odp_port_t out_port, odp_port;
a36de779 2860 bool tnl_push_pop_send = false;
ca077186 2861 uint8_t dscp;
9583bc14
EJ		 2862
2863 /* If 'struct flow' gets additional metadata, we'll need to zero it out
2864 * before traversing a patch port. */
847b8b02 2865 BUILD_ASSERT_DECL(FLOW_WC_SEQ == 36);
a36de779 2866 memset(&flow_tnl, 0, sizeof flow_tnl);
9583bc14 2867
46c88433 2868 if (!xport) {
9583bc14
EJ		 2869 xlate_report(ctx, "Nonexistent output port");
2870 return;
46c88433 2871 } else if (xport->config & OFPUTIL_PC_NO_FWD) {
9583bc14
EJ		 2872 xlate_report(ctx, "OFPPC_NO_FWD set, skipping output");
2873 return;
1356dbd1
WT		 2874 } else if (ctx->mirror_snaplen != 0 && xport->odp_port == ODPP_NONE) {
2875 xlate_report(ctx, "Mirror truncate to ODPP_NONE, skipping output");
2876 return;
0d1cee12 2877 } else if (check_stp) {
bbbca389 2878 if (is_stp(&ctx->base_flow)) {
9efd308e
DV		 2879 if (!xport_stp_should_forward_bpdu(xport) &&
2880 !xport_rstp_should_manage_bpdu(xport)) {
2881 if (ctx->xbridge->stp != NULL) {
2882 xlate_report(ctx, "STP not in listening state, "
2883 "skipping bpdu output");
2884 } else if (ctx->xbridge->rstp != NULL) {
2885 xlate_report(ctx, "RSTP not managing BPDU in this state, "
2886 "skipping bpdu output");
2887 }
0d1cee12
K		 2888 return;
2889 }
9efd308e
DV		 2890 } else if (!xport_stp_forward_state(xport) ||
2891 !xport_rstp_forward_state(xport)) {
2892 if (ctx->xbridge->stp != NULL) {
2893 xlate_report(ctx, "STP not in forwarding state, "
2894 "skipping output");
2895 } else if (ctx->xbridge->rstp != NULL) {
2896 xlate_report(ctx, "RSTP not in forwarding state, "
2897 "skipping output");
2898 }
0d1cee12
K		 2899 return;
2900 }
9583bc14
EJ		 2901 }
2902
46c88433
EJ		 2903 if (xport->peer) {
2904 const struct xport *peer = xport->peer;
9583bc14 2905 struct flow old_flow = ctx->xin->flow;
8d8ab6c2 2906 struct flow_tnl old_flow_tnl_wc = ctx->wc->masks.tunnel;
07659514 2907 bool old_conntrack = ctx->conntracked;
e12ec36b 2908 bool old_was_mpls = ctx->was_mpls;
1f4a8933 2909 ovs_version_t old_version = ctx->xin->tables_version;
1774d762
JR		 2910 struct ofpbuf old_stack = ctx->stack;
2911 union mf_subvalue new_stack[1024 / sizeof(union mf_subvalue)];
ed9c9e3e
JR		 2912 struct ofpbuf old_action_set = ctx->action_set;
2913 uint64_t actset_stub[1024 / 8];
9583bc14 2914
1774d762 2915 ofpbuf_use_stub(&ctx->stack, new_stack, sizeof new_stack);
ed9c9e3e 2916 ofpbuf_use_stub(&ctx->action_set, actset_stub, sizeof actset_stub);
46c88433 2917 flow->in_port.ofp_port = peer->ofp_port;
33bf9176
BP		 2918 flow->metadata = htonll(0);
2919 memset(&flow->tunnel, 0, sizeof flow->tunnel);
8d8ab6c2
JG		 2920 flow->tunnel.metadata.tab = ofproto_dpif_get_tun_tab(peer->xbridge->ofproto);
2921 ctx->wc->masks.tunnel.metadata.tab = flow->tunnel.metadata.tab;
33bf9176 2922 memset(flow->regs, 0, sizeof flow->regs);
c61f3870 2923 flow->actset_output = OFPP_UNSET;
07659514
JS		 2924 ctx->conntracked = false;
2925 clear_conntrack(flow);
9583bc14 2926
76f3c260
BP		 2927 /* When the patch port points to a different bridge, then the mirrors
2928 * for that bridge clearly apply independently to the packet, so we
2929 * reset the mirror bitmap to zero and then restore it after the packet
2930 * returns.
2931 *
2932 * When the patch port points to the same bridge, this is more of a
2933 * design decision: can mirrors be re-applied to the packet after it
2934 * re-enters the bridge, or should we treat that as doubly mirroring a
2935 * single packet? The former may be cleaner, since it respects the
2936 * model in which a patch port is like a physical cable plugged from
2937 * one switch port to another, but the latter may be less surprising to
2938 * users. We take the latter choice, for now at least. (To use the
2939 * former choice, hard-code 'independent_mirrors' to "true".) */
2940 mirror_mask_t old_mirrors = ctx->mirrors;
2941 bool independent_mirrors = peer->xbridge != ctx->xbridge;
2942 if (independent_mirrors) {
2943 ctx->mirrors = 0;
2944 }
2945 ctx->xbridge = peer->xbridge;
2946
621b8064 2947 /* The bridge is now known so obtain its table version. */
1f4a8933 2948 ctx->xin->tables_version
621b8064
JR		 2949 = ofproto_dpif_get_tables_version(ctx->xbridge->ofproto);
2950
515793d5 2951 if (!process_special(ctx, peer) && may_receive(peer, ctx)) {
9efd308e 2952 if (xport_stp_forward_state(peer) && xport_rstp_forward_state(peer)) {
e672ff9b 2953 xlate_table_action(ctx, flow->in_port.ofp_port, 0, true, true);
1d361a81 2954 if (!ctx->freezing) {
8a5fb3b4 2955 xlate_action_set(ctx);
e672ff9b 2956 }
1d361a81 2957 if (ctx->freezing) {
77ab5fd2 2958 finish_freezing(ctx);
ed9c9e3e 2959 }
9583bc14 2960 } else {
9efd308e
DV		 2961 /* Forwarding is disabled by STP and RSTP. Let OFPP_NORMAL and
2962 * the learning action look at the packet, then drop it. */
9583bc14 2963 struct flow old_base_flow = ctx->base_flow;
1520ef4f 2964 size_t old_size = ctx->odp_actions->size;
76f3c260 2965 mirror_mask_t old_mirrors2 = ctx->mirrors;
f3d5b473 2966
e672ff9b 2967 xlate_table_action(ctx, flow->in_port.ofp_port, 0, true, true);
76f3c260 2968 ctx->mirrors = old_mirrors2;
9583bc14 2969 ctx->base_flow = old_base_flow;
1520ef4f 2970 ctx->odp_actions->size = old_size;
e672ff9b 2971
1d361a81
BP		 2972 /* Undo changes that may have been done for freezing. */
2973 ctx_cancel_freeze(ctx);
9583bc14
EJ		 2974 }
2975 }
2976
76f3c260
BP		 2977 if (independent_mirrors) {
2978 ctx->mirrors = old_mirrors;
2979 }
9583bc14 2980 ctx->xin->flow = old_flow;
832554e3 2981 ctx->xbridge = xport->xbridge;
ed9c9e3e
JR		 2982 ofpbuf_uninit(&ctx->action_set);
2983 ctx->action_set = old_action_set;
1774d762
JR		 2984 ofpbuf_uninit(&ctx->stack);
2985 ctx->stack = old_stack;
9583bc14 2986
621b8064 2987 /* Restore calling bridge's lookup version. */
1f4a8933 2988 ctx->xin->tables_version = old_version;
621b8064 2989
8d8ab6c2
JG		 2990 /* Since this packet came in on a patch port (from the perspective of
2991 * the peer bridge), it cannot have useful tunnel information. As a
2992 * result, any wildcards generated on that tunnel also cannot be valid.
2993 * The tunnel wildcards must be restored to their original version since
2994 * the peer bridge uses a separate tunnel metadata table and therefore
2995 * any generated wildcards will be garbage in the context of our
2996 * metadata table. */
2997 ctx->wc->masks.tunnel = old_flow_tnl_wc;
2998
e12ec36b
SH		 2999 /* The peer bridge popping MPLS should have no effect on the original
3000 * bridge. */
3001 ctx->was_mpls = old_was_mpls;
3002
07659514
JS		 3003 /* The peer bridge's conntrack execution should have no effect on the
3004 * original bridge. */
3005 ctx->conntracked = old_conntrack;
3006
f3d5b473
JR		 3007 /* The fact that the peer bridge exits (for any reason) does not mean
3008 * that the original bridge should exit. Specifically, if the peer
1d361a81
BP		 3009 * bridge freezes translation, the original bridge must continue
3010 * processing with the original, not the frozen packet! */
f3d5b473
JR		 3011 ctx->exit = false;
3012
fff1b9c0
JR		 3013 /* Peer bridge errors do not propagate back. */
3014 ctx->error = XLATE_OK;
3015
9583bc14 3016 if (ctx->xin->resubmit_stats) {
46c88433
EJ		 3017 netdev_vport_inc_tx(xport->netdev, ctx->xin->resubmit_stats);
3018 netdev_vport_inc_rx(peer->netdev, ctx->xin->resubmit_stats);
a1aeea86
AW		 3019 if (peer->bfd) {
3020 bfd_account_rx(peer->bfd, ctx->xin->resubmit_stats);
3021 }
9583bc14 3022 }
b256dc52
JS		 3023 if (ctx->xin->xcache) {
3024 struct xc_entry *entry;
3025
3026 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_NETDEV);
901a517e
JR		 3027 entry->dev.tx = netdev_ref(xport->netdev);
3028 entry->dev.rx = netdev_ref(peer->netdev);
3029 entry->dev.bfd = bfd_ref(peer->bfd);
b256dc52 3030 }
9583bc14
EJ		 3031 return;
3032 }
3033
33bf9176 3034 flow_vlan_tci = flow->vlan_tci;
1362e248 3035 flow_pkt_mark = flow->pkt_mark;
33bf9176 3036 flow_nw_tos = flow->nw_tos;
9583bc14 3037
16194afd
DDP		 3038 if (count_skb_priorities(xport)) {
3039 memset(&wc->masks.skb_priority, 0xff, sizeof wc->masks.skb_priority);
3040 if (dscp_from_skb_priority(xport, flow->skb_priority, &dscp)) {
3041 wc->masks.nw_tos |= IP_DSCP_MASK;
3042 flow->nw_tos &= ~IP_DSCP_MASK;
3043 flow->nw_tos |= dscp;
3044 }
9583bc14
EJ		 3045 }
3046
46c88433 3047 if (xport->is_tunnel) {
c2b878e0 3048 struct in6_addr dst;
9583bc14
EJ		 3049 /* Save tunnel metadata so that changes made due to
3050 * the Logical (tunnel) Port are not visible for any further
3051 * matches, while explicit set actions on tunnel metadata are.
3052 */
a36de779 3053 flow_tnl = flow->tunnel;
49a73e0c 3054 odp_port = tnl_port_send(xport->ofport, flow, ctx->wc);
4e022ec0 3055 if (odp_port == ODPP_NONE) {
9583bc14
EJ		 3056 xlate_report(ctx, "Tunneling decided against output");
3057 goto out; /* restore flow_nw_tos */
3058 }
c2b878e0
TLSC		 3059 dst = flow_tnl_dst(&flow->tunnel);
3060 if (ipv6_addr_equals(&dst, &ctx->orig_tunnel_ipv6_dst)) {
9583bc14
EJ		 3061 xlate_report(ctx, "Not tunneling to our own address");
3062 goto out; /* restore flow_nw_tos */
3063 }
3064 if (ctx->xin->resubmit_stats) {
46c88433 3065 netdev_vport_inc_tx(xport->netdev, ctx->xin->resubmit_stats);
9583bc14 3066 }
b256dc52
JS		 3067 if (ctx->xin->xcache) {
3068 struct xc_entry *entry;
3069
3070 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_NETDEV);
901a517e 3071 entry->dev.tx = netdev_ref(xport->netdev);
b256dc52 3072 }
9583bc14 3073 out_port = odp_port;
a36de779 3074 if (ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) {
81de18ec 3075 xlate_report(ctx, "output to native tunnel");
a36de779
PS		 3076 tnl_push_pop_send = true;
3077 } else {
81de18ec 3078 xlate_report(ctx, "output to kernel tunnel");
1520ef4f 3079 commit_odp_tunnel_action(flow, &ctx->base_flow, ctx->odp_actions);
a36de779
PS		 3080 flow->tunnel = flow_tnl; /* Restore tunnel metadata */
3081 }
9583bc14 3082 } else {
46c88433 3083 odp_port = xport->odp_port;
7614e5d0 3084 out_port = odp_port;
9583bc14 3085 }
9583bc14 3086
4e022ec0 3087 if (out_port != ODPP_NONE) {
704bb0bf 3088 xlate_commit_actions(ctx);
adcf00ba 3089
e93ef1c7 3090 if (xr) {
347bf289 3091 struct ovs_action_hash *act_hash;
adcf00ba 3092
347bf289 3093 /* Hash action. */
1520ef4f 3094 act_hash = nl_msg_put_unspec_uninit(ctx->odp_actions,
347bf289
AZ		 3095 OVS_ACTION_ATTR_HASH,
3096 sizeof *act_hash);
3097 act_hash->hash_alg = xr->hash_alg;
62ac1f20 3098 act_hash->hash_basis = xr->hash_basis;
347bf289
AZ		 3099
3100 /* Recirc action. */
1520ef4f 3101 nl_msg_put_u32(ctx->odp_actions, OVS_ACTION_ATTR_RECIRC,
347bf289 3102 xr->recirc_id);
adcf00ba 3103 } else {
a36de779
PS		 3104
3105 if (tnl_push_pop_send) {
3106 build_tunnel_send(ctx, xport, flow, odp_port);
3107 flow->tunnel = flow_tnl; /* Restore tunnel metadata */
3108 } else {
3109 odp_port_t odp_tnl_port = ODPP_NONE;
3110
3111 /* XXX: Write better Filter for tunnel port. We can use inport
3112 * int tunnel-port flow to avoid these checks completely. */
3113 if (ofp_port == OFPP_LOCAL &&
3114 ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) {
3115
3116 odp_tnl_port = tnl_port_map_lookup(flow, wc);
3117 }
3118
3119 if (odp_tnl_port != ODPP_NONE) {
1520ef4f 3120 nl_msg_put_odp_port(ctx->odp_actions,
a36de779
PS		 3121 OVS_ACTION_ATTR_TUNNEL_POP,
3122 odp_tnl_port);
3123 } else {
3124 /* Tunnel push-pop action is not compatible with
3125 * IPFIX action. */
a6092018 3126 compose_ipfix_action(ctx, out_port);
1356dbd1
WT		 3127
3128 /* Handle truncation of the mirrored packet. */
3129 if (ctx->mirror_snaplen > 0 &&
3130 ctx->mirror_snaplen < UINT16_MAX) {
3131 struct ovs_action_trunc *trunc;
3132
3133 trunc = nl_msg_put_unspec_uninit(ctx->odp_actions,
3134 OVS_ACTION_ATTR_TRUNC,
3135 sizeof *trunc);
3136 trunc->max_len = ctx->mirror_snaplen;
3137 if (!ctx->xbridge->support.trunc) {
3138 ctx->xout->slow |= SLOW_ACTION;
3139 }
3140 }
3141
1520ef4f 3142 nl_msg_put_odp_port(ctx->odp_actions,
a36de779
PS		 3143 OVS_ACTION_ATTR_OUTPUT,
3144 out_port);
1356dbd1
WT		 3145 }
3146 }
adcf00ba 3147 }
9583bc14 3148
6cbbf4fa
EJ		 3149 ctx->sflow_odp_port = odp_port;
3150 ctx->sflow_n_outputs++;
2031ef97 3151 ctx->nf_output_iface = ofp_port;
6cbbf4fa
EJ		 3152 }
3153
7efbc3b7
BP		 3154 if (mbridge_has_mirrors(ctx->xbridge->mbridge) && xport->xbundle) {
3155 mirror_packet(ctx, xport->xbundle,
3156 xbundle_mirror_dst(xport->xbundle->xbridge,
3157 xport->xbundle));
3158 }
3159
6cbbf4fa 3160 out:
9583bc14 3161 /* Restore flow */
33bf9176 3162 flow->vlan_tci = flow_vlan_tci;
1362e248 3163 flow->pkt_mark = flow_pkt_mark;
33bf9176 3164 flow->nw_tos = flow_nw_tos;
9583bc14
EJ		 3165}
3166
3167static void
e93ef1c7
JR		 3168compose_output_action(struct xlate_ctx *ctx, ofp_port_t ofp_port,
3169 const struct xlate_bond_recirc *xr)
9583bc14 3170{
e93ef1c7 3171 compose_output_action__(ctx, ofp_port, xr, true);
9583bc14
EJ		 3172}
3173
bb61b33d 3174static void
790c5d26 3175xlate_recursively(struct xlate_ctx *ctx, struct rule_dpif *rule, bool deepens)
bb61b33d
BP		 3176{
3177 struct rule_dpif *old_rule = ctx->rule;
8b1e5560 3178 ovs_be64 old_cookie = ctx->rule_cookie;
dc723c44 3179 const struct rule_actions *actions;
bb61b33d
BP		 3180
3181 if (ctx->xin->resubmit_stats) {
70742c7f 3182 rule_dpif_credit_stats(rule, ctx->xin->resubmit_stats);
bb61b33d
BP		 3183 }
3184
98b07853 3185 ctx->resubmits++;
790c5d26 3186
9a9b001a 3187 ctx->indentation++;
790c5d26 3188 ctx->depth += deepens;
bb61b33d 3189 ctx->rule = rule;
8b1e5560 3190 ctx->rule_cookie = rule_dpif_get_flow_cookie(rule);
6f00e29b
BP		 3191 actions = rule_dpif_get_actions(rule);
3192 do_xlate_actions(actions->ofpacts, actions->ofpacts_len, ctx);
8b1e5560 3193 ctx->rule_cookie = old_cookie;
bb61b33d 3194 ctx->rule = old_rule;
790c5d26 3195 ctx->depth -= deepens;
9a9b001a 3196 ctx->indentation--;
bb61b33d
BP		 3197}
3198
bd3240ba
SH		 3199static bool
3200xlate_resubmit_resource_check(struct xlate_ctx *ctx)
9583bc14 3201{
790c5d26
BP		 3202 if (ctx->depth >= MAX_DEPTH) {
3203 XLATE_REPORT_ERROR(ctx, "over max translation depth %d", MAX_DEPTH);
fff1b9c0 3204 ctx->error = XLATE_RECURSION_TOO_DEEP;
790c5d26 3205 } else if (ctx->resubmits >= MAX_RESUBMITS) {
fff1b9c0
JR		 3206 XLATE_REPORT_ERROR(ctx, "over %d resubmit actions", MAX_RESUBMITS);
3207 ctx->error = XLATE_TOO_MANY_RESUBMITS;
1520ef4f 3208 } else if (ctx->odp_actions->size > UINT16_MAX) {
fff1b9c0
JR		 3209 XLATE_REPORT_ERROR(ctx, "resubmits yielded over 64 kB of actions");
3210 /* NOT an error, as we'll be slow-pathing the flow in this case? */
3211 ctx->exit = true; /* XXX: translation still terminated! */
6fd6ed71 3212 } else if (ctx->stack.size >= 65536) {
fff1b9c0
JR		 3213 XLATE_REPORT_ERROR(ctx, "resubmits yielded over 64 kB of stack");
3214 ctx->error = XLATE_STACK_TOO_DEEP;
98b07853 3215 } else {
bd3240ba
SH		 3216 return true;
3217 }
3218
3219 return false;
3220}
3221
3222static void
6d328fa2
SH		 3223xlate_table_action(struct xlate_ctx *ctx, ofp_port_t in_port, uint8_t table_id,
3224 bool may_packet_in, bool honor_table_miss)
bd3240ba 3225{
e12ec36b
SH		 3226 /* Check if we need to recirculate before matching in a table. */
3227 if (ctx->was_mpls) {
3228 ctx_trigger_freeze(ctx);
3229 return;
3230 }
bd3240ba 3231 if (xlate_resubmit_resource_check(ctx)) {
9583bc14 3232 uint8_t old_table_id = ctx->table_id;
3f207910 3233 struct rule_dpif *rule;
9583bc14
EJ		 3234
3235 ctx->table_id = table_id;
3236
34dd0d78 3237 rule = rule_dpif_lookup_from_table(ctx->xbridge->ofproto,
1f4a8933 3238 ctx->xin->tables_version,
c0e638aa 3239 &ctx->xin->flow, ctx->wc,
34dd0d78
JR		 3240 ctx->xin->resubmit_stats,
3241 &ctx->table_id, in_port,
a027899e
JR		 3242 may_packet_in, honor_table_miss,
3243 ctx->xin->xcache);
a8c31348 3244 if (OVS_UNLIKELY(ctx->xin->resubmit_hook)) {
9a9b001a 3245 ctx->xin->resubmit_hook(ctx->xin, rule, ctx->indentation + 1);
ad3efdcb
EJ		 3246 }
3247
a2143702 3248 if (rule) {
83709dfa
JR		 3249 /* Fill in the cache entry here instead of xlate_recursively
3250 * to make the reference counting more explicit. We take a
3251 * reference in the lookups above if we are going to cache the
3252 * rule. */
3253 if (ctx->xin->xcache) {
3254 struct xc_entry *entry;
3255
3256 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_RULE);
901a517e 3257 entry->rule = rule;
1e1e1d19 3258 rule_dpif_ref(rule);
83709dfa 3259 }
790c5d26 3260 xlate_recursively(ctx, rule, table_id <= old_table_id);
ad3efdcb
EJ		 3261 }
3262
9583bc14 3263 ctx->table_id = old_table_id;
98b07853 3264 return;
9583bc14
EJ		 3265 }
3266}
3267
76973237 3268/* Consumes the group reference, which is only taken if xcache exists. */
f4fb341b 3269static void
1e684d7d
RW		 3270xlate_group_stats(struct xlate_ctx *ctx, struct group_dpif *group,
3271 struct ofputil_bucket *bucket)
3272{
3273 if (ctx->xin->resubmit_stats) {
3274 group_dpif_credit_stats(group, bucket, ctx->xin->resubmit_stats);
3275 }
3276 if (ctx->xin->xcache) {
3277 struct xc_entry *entry;
3278
3279 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_GROUP);
901a517e
JR		 3280 entry->group.group = group;
3281 entry->group.bucket = bucket;
1e684d7d
RW		 3282 }
3283}
3284
3285static void
3286xlate_group_bucket(struct xlate_ctx *ctx, struct ofputil_bucket *bucket)
f4fb341b
SH		 3287{
3288 uint64_t action_list_stub[1024 / 8];
0a2869d5
BP		 3289 struct ofpbuf action_list = OFPBUF_STUB_INITIALIZER(action_list_stub);
3290 struct ofpbuf action_set = ofpbuf_const_initializer(bucket->ofpacts,
3291 bucket->ofpacts_len);
5b09e569 3292 struct flow old_flow = ctx->xin->flow;
e12ec36b 3293 bool old_was_mpls = ctx->was_mpls;
f4fb341b 3294
f4fb341b 3295 ofpacts_execute_action_set(&action_list, &action_set);
9a9b001a 3296 ctx->indentation++;
790c5d26 3297 ctx->depth++;
6fd6ed71 3298 do_xlate_actions(action_list.data, action_list.size, ctx);
790c5d26 3299 ctx->depth--;
9a9b001a 3300 ctx->indentation--;
f4fb341b 3301
f4fb341b 3302 ofpbuf_uninit(&action_list);
5b09e569 3303
77ab5fd2 3304 /* Check if need to freeze. */
1d361a81 3305 if (ctx->freezing) {
77ab5fd2 3306 finish_freezing(ctx);
e672ff9b
JR		 3307 }
3308
5b09e569
JR		 3309 /* Roll back flow to previous state.
3310 * This is equivalent to cloning the packet for each bucket.
3311 *
3312 * As a side effect any subsequently applied actions will
3313 * also effectively be applied to a clone of the packet taken
3314 * just before applying the all or indirect group.
3315 *
3316 * Note that group buckets are action sets, hence they cannot modify the
3317 * main action set. Also any stack actions are ignored when executing an
3318 * action set, so group buckets cannot change the stack either.
3319 * However, we do allow resubmit actions in group buckets, which could
3320 * break the above assumptions. It is up to the controller to not mess up
3321 * with the action_set and stack in the tables resubmitted to from
3322 * group buckets. */
3323 ctx->xin->flow = old_flow;
3324
e12ec36b
SH		 3325 /* The group bucket popping MPLS should have no effect after bucket
3326 * execution. */
3327 ctx->was_mpls = old_was_mpls;
3328
5b09e569
JR		 3329 /* The fact that the group bucket exits (for any reason) does not mean that
3330 * the translation after the group action should exit. Specifically, if
1d361a81
BP		 3331 * the group bucket freezes translation, the actions after the group action
3332 * must continue processing with the original, not the frozen packet! */
5b09e569 3333 ctx->exit = false;
f4fb341b
SH		 3334}
3335
3336static void
3337xlate_all_group(struct xlate_ctx *ctx, struct group_dpif *group)
3338{
1e684d7d 3339 struct ofputil_bucket *bucket;
ca6ba700 3340 const struct ovs_list *buckets;
f4fb341b 3341
53cc166a 3342 buckets = group_dpif_get_buckets(group, NULL);
f4fb341b
SH		 3343 LIST_FOR_EACH (bucket, list_node, buckets) {
3344 xlate_group_bucket(ctx, bucket);
f4fb341b 3345 }
1e684d7d 3346 xlate_group_stats(ctx, group, NULL);
f4fb341b
SH		 3347}
3348
dd8cd4b4
SH		 3349static void
3350xlate_ff_group(struct xlate_ctx *ctx, struct group_dpif *group)
3351{
1e684d7d 3352 struct ofputil_bucket *bucket;
dd8cd4b4
SH		 3353
3354 bucket = group_first_live_bucket(ctx, group, 0);
3355 if (bucket) {
3356 xlate_group_bucket(ctx, bucket);
1e684d7d 3357 xlate_group_stats(ctx, group, bucket);
76973237
JR		 3358 } else if (ctx->xin->xcache) {
3359 group_dpif_unref(group);
dd8cd4b4
SH		 3360 }
3361}
3362
fe7e5749 3363static void
7565c3e4 3364xlate_default_select_group(struct xlate_ctx *ctx, struct group_dpif *group)
fe7e5749 3365{
49a73e0c 3366 struct flow_wildcards *wc = ctx->wc;
1e684d7d 3367 struct ofputil_bucket *bucket;
fe7e5749
SH		 3368 uint32_t basis;
3369
1d1aae0b 3370 basis = flow_hash_symmetric_l4(&ctx->xin->flow, 0);
80e3509d 3371 flow_mask_hash_fields(&ctx->xin->flow, wc, NX_HASH_FIELDS_SYMMETRIC_L4);
fe7e5749
SH		 3372 bucket = group_best_live_bucket(ctx, group, basis);
3373 if (bucket) {
fe7e5749 3374 xlate_group_bucket(ctx, bucket);
1e684d7d 3375 xlate_group_stats(ctx, group, bucket);
76973237
JR		 3376 } else if (ctx->xin->xcache) {
3377 group_dpif_unref(group);
fe7e5749
SH		 3378 }
3379}
3380
0c4b9393
SH		 3381static void
3382xlate_hash_fields_select_group(struct xlate_ctx *ctx, struct group_dpif *group)
3383{
0c4b9393
SH		 3384 const struct field_array *fields;
3385 struct ofputil_bucket *bucket;
e8dba719 3386 const uint8_t *mask_values;
0c4b9393 3387 uint32_t basis;
e8dba719 3388 size_t i;
0c4b9393
SH		 3389
3390 fields = group_dpif_get_fields(group);
e8dba719 3391 mask_values = fields->values;
0c4b9393
SH		 3392 basis = hash_uint64(group_dpif_get_selection_method_param(group));
3393
e8dba719
JR		 3394 BITMAP_FOR_EACH_1 (i, MFF_N_IDS, fields->used.bm) {
3395 const struct mf_field *mf = mf_from_id(i);
0c4b9393 3396
e8dba719
JR		 3397 /* Skip fields for which prerequisities are not met. */
3398 if (!mf_are_prereqs_ok(mf, &ctx->xin->flow, ctx->wc)) {
3399 /* Skip the mask bytes for this field. */
3400 mask_values += mf->n_bytes;
3401 continue;
3402 }
0c4b9393 3403
e8dba719
JR		 3404 union mf_value value;
3405 union mf_value mask;
0c4b9393 3406
e8dba719
JR		 3407 mf_get_value(mf, &ctx->xin->flow, &value);
3408 /* Mask the value. */
3409 for (int j = 0; j < mf->n_bytes; j++) {
3410 mask.b[j] = *mask_values++;
3411 value.b[j] &= mask.b[j];
3412 }
3413 basis = hash_bytes(&value, mf->n_bytes, basis);
1cb20095 3414
e8dba719
JR		 3415 /* For tunnels, hash in whether the field is present. */
3416 if (mf_is_tun_metadata(mf)) {
3417 basis = hash_boolean(mf_is_set(mf, &ctx->xin->flow), basis);
0c4b9393 3418 }
e8dba719
JR		 3419
3420 mf_mask_field_masked(mf, &mask, ctx->wc);
0c4b9393
SH		 3421 }
3422
3423 bucket = group_best_live_bucket(ctx, group, basis);
3424 if (bucket) {
3425 xlate_group_bucket(ctx, bucket);
3426 xlate_group_stats(ctx, group, bucket);
76973237
JR		 3427 } else if (ctx->xin->xcache) {
3428 group_dpif_unref(group);
0c4b9393
SH		 3429 }
3430}
3431
53cc166a
JR		 3432static void
3433xlate_dp_hash_select_group(struct xlate_ctx *ctx, struct group_dpif *group)
3434{
3435 struct ofputil_bucket *bucket;
3436
3437 /* dp_hash value 0 is special since it means that the dp_hash has not been
3438 * computed, as all computed dp_hash values are non-zero. Therefore
3439 * compare to zero can be used to decide if the dp_hash value is valid
3440 * without masking the dp_hash field. */
3441 if (!ctx->xin->flow.dp_hash) {
3442 uint64_t param = group_dpif_get_selection_method_param(group);
3443
3444 ctx_trigger_recirculate_with_hash(ctx, param >> 32, (uint32_t)param);
3445 } else {
3446 uint32_t n_buckets;
3447
3448 group_dpif_get_buckets(group, &n_buckets);
3449 if (n_buckets) {
3450 /* Minimal mask to cover the number of buckets. */
3451 uint32_t mask = (1 << log_2_ceil(n_buckets)) - 1;
3452 /* Multiplier chosen to make the trivial 1 bit case to
3453 * actually distribute amongst two equal weight buckets. */
3454 uint32_t basis = 0xc2b73583 * (ctx->xin->flow.dp_hash & mask);
3455
3456 ctx->wc->masks.dp_hash |= mask;
3457 bucket = group_best_live_bucket(ctx, group, basis);
3458 if (bucket) {
3459 xlate_group_bucket(ctx, bucket);
3460 xlate_group_stats(ctx, group, bucket);
3461 }
3462 }
3463 }
3464}
3465
7565c3e4
SH		 3466static void
3467xlate_select_group(struct xlate_ctx *ctx, struct group_dpif *group)
3468{
3469 const char *selection_method = group_dpif_get_selection_method(group);
3470
e12ec36b
SH		 3471 /* Select groups may access flow keys beyond L2 in order to
3472 * select a bucket. Recirculate as appropriate to make this possible.
3473 */
3474 if (ctx->was_mpls) {
3475 ctx_trigger_freeze(ctx);
3476 }
3477
7565c3e4
SH		 3478 if (selection_method[0] == '\0') {
3479 xlate_default_select_group(ctx, group);
0c4b9393
SH		 3480 } else if (!strcasecmp("hash", selection_method)) {
3481 xlate_hash_fields_select_group(ctx, group);
53cc166a
JR		 3482 } else if (!strcasecmp("dp_hash", selection_method)) {
3483 xlate_dp_hash_select_group(ctx, group);
7565c3e4
SH		 3484 } else {
3485 /* Parsing of groups should ensure this never happens */
3486 OVS_NOT_REACHED();
3487 }
3488}
3489
f4fb341b
SH		 3490static void
3491xlate_group_action__(struct xlate_ctx *ctx, struct group_dpif *group)
3492{
0eb48fe1 3493 bool was_in_group = ctx->in_group;
5a070238
BP		 3494 ctx->in_group = true;
3495
f4fb341b
SH		 3496 switch (group_dpif_get_type(group)) {
3497 case OFPGT11_ALL:
3498 case OFPGT11_INDIRECT:
3499 xlate_all_group(ctx, group);
3500 break;
3501 case OFPGT11_SELECT:
fe7e5749 3502 xlate_select_group(ctx, group);
f4fb341b 3503 break;
dd8cd4b4
SH		 3504 case OFPGT11_FF:
3505 xlate_ff_group(ctx, group);
3506 break;
f4fb341b 3507 default:
428b2edd 3508 OVS_NOT_REACHED();
f4fb341b 3509 }
5a070238 3510
0eb48fe1 3511 ctx->in_group = was_in_group;
f4fb341b
SH		 3512}
3513
3514static bool
3515xlate_group_action(struct xlate_ctx *ctx, uint32_t group_id)
3516{
0eb48fe1 3517 if (xlate_resubmit_resource_check(ctx)) {
f4fb341b 3518 struct group_dpif *group;
f4fb341b 3519
76973237
JR		 3520 /* Take ref only if xcache exists. */
3521 group = group_dpif_lookup(ctx->xbridge->ofproto, group_id,
1f4a8933 3522 ctx->xin->tables_version, ctx->xin->xcache);
db88b35c
JR		 3523 if (!group) {
3524 /* XXX: Should set ctx->error ? */
f4fb341b
SH		 3525 return true;
3526 }
db88b35c 3527 xlate_group_action__(ctx, group);
f4fb341b
SH		 3528 }
3529
3530 return false;
3531}
3532
9583bc14
EJ		 3533static void
3534xlate_ofpact_resubmit(struct xlate_ctx *ctx,
3535 const struct ofpact_resubmit *resubmit)
3536{
4e022ec0 3537 ofp_port_t in_port;
9583bc14 3538 uint8_t table_id;
adcf00ba
AZ		 3539 bool may_packet_in = false;
3540 bool honor_table_miss = false;
3541
3542 if (ctx->rule && rule_dpif_is_internal(ctx->rule)) {
3543 /* Still allow missed packets to be sent to the controller
3544 * if resubmitting from an internal table. */
3545 may_packet_in = true;
3546 honor_table_miss = true;
3547 }
9583bc14
EJ		 3548
3549 in_port = resubmit->in_port;
3550 if (in_port == OFPP_IN_PORT) {
4e022ec0 3551 in_port = ctx->xin->flow.in_port.ofp_port;
9583bc14
EJ		 3552 }
3553
3554 table_id = resubmit->table_id;
3555 if (table_id == 255) {
3556 table_id = ctx->table_id;
3557 }
3558
adcf00ba
AZ		 3559 xlate_table_action(ctx, in_port, table_id, may_packet_in,
3560 honor_table_miss);
9583bc14
EJ		 3561}
3562
3563static void
3564flood_packets(struct xlate_ctx *ctx, bool all)
3565{
46c88433 3566 const struct xport *xport;
9583bc14 3567
46c88433
EJ		 3568 HMAP_FOR_EACH (xport, ofp_node, &ctx->xbridge->xports) {
3569 if (xport->ofp_port == ctx->xin->flow.in_port.ofp_port) {
9583bc14
EJ		 3570 continue;
3571 }
3572
3573 if (all) {
e93ef1c7 3574 compose_output_action__(ctx, xport->ofp_port, NULL, false);
46c88433 3575 } else if (!(xport->config & OFPUTIL_PC_NO_FLOOD)) {
e93ef1c7 3576 compose_output_action(ctx, xport->ofp_port, NULL);
9583bc14
EJ		 3577 }
3578 }
3579
2031ef97 3580 ctx->nf_output_iface = NF_OUT_FLOOD;
9583bc14
EJ		 3581}
3582
3583static void
3584execute_controller_action(struct xlate_ctx *ctx, int len,
3585 enum ofp_packet_in_reason reason,
bdcad671
BP		 3586 uint16_t controller_id,
3587 const uint8_t *userdata, size_t userdata_len)
9583bc14 3588{
1895cc8d 3589 struct dp_packet_batch batch;
e14deea0 3590 struct dp_packet *packet;
9583bc14 3591
04594cd5 3592 ctx->xout->slow |= SLOW_CONTROLLER;
b476e2f2 3593 xlate_commit_actions(ctx);
9583bc14
EJ		 3594 if (!ctx->xin->packet) {
3595 return;
3596 }
3597
df70a773
JR		 3598 if (!ctx->xin->allow_side_effects && !ctx->xin->xcache) {
3599 return;
3600 }
3601
cf62fa4c 3602 packet = dp_packet_clone(ctx->xin->packet);
1895cc8d
PS		 3603 packet_batch_init_packet(&batch, packet);
3604 odp_execute_actions(NULL, &batch, false,
1520ef4f 3605 ctx->odp_actions->data, ctx->odp_actions->size, NULL);
9583bc14 3606
9bfe9334
BP		 3607 /* A packet sent by an action in a table-miss rule is considered an
3608 * explicit table miss. OpenFlow before 1.3 doesn't have that concept so
3609 * it will get translated back to OFPR_ACTION for those versions. */
3610 if (reason == OFPR_ACTION
3611 && ctx->rule && rule_dpif_is_table_miss(ctx->rule)) {
3612 reason = OFPR_EXPLICIT_MISS;
3613 }
3614
3615 size_t packet_len = dp_packet_size(packet);
0fb7792a 3616
a2b53dec
BP		 3617 struct ofproto_async_msg *am = xmalloc(sizeof *am);
3618 *am = (struct ofproto_async_msg) {
9bfe9334 3619 .controller_id = controller_id,
a2b53dec
BP		 3620 .oam = OAM_PACKET_IN,
3621 .pin = {
3622 .up = {
77ab5fd2
BP		 3623 .public = {
3624 .packet = dp_packet_steal_data(packet),
3625 .packet_len = packet_len,
3626 .reason = reason,
3627 .table_id = ctx->table_id,
3628 .cookie = ctx->rule_cookie,
3629 .userdata = (userdata_len
3630 ? xmemdup(userdata, userdata_len)
3631 : NULL),
3632 .userdata_len = userdata_len,
3633 }
a2b53dec
BP		 3634 },
3635 .max_len = len,
9bfe9334 3636 },
9bfe9334 3637 };
77ab5fd2 3638 flow_get_metadata(&ctx->xin->flow, &am->pin.up.public.flow_metadata);
9583bc14 3639
df70a773
JR		 3640 /* Async messages are only sent once, so if we send one now, no
3641 * xlate cache entry is created. */
3642 if (ctx->xin->allow_side_effects) {
3643 ofproto_dpif_send_async_msg(ctx->xbridge->ofproto, am);
3644 } else /* xcache */ {
3645 struct xc_entry *entry;
3646
3647 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_CONTROLLER);
3648 entry->controller.ofproto = ctx->xbridge->ofproto;
3649 entry->controller.am = am;
3650 }
9583bc14
EJ		 3651}
3652
7bbdd84f 3653static void
77ab5fd2 3654emit_continuation(struct xlate_ctx *ctx, const struct frozen_state *state)
7bbdd84f 3655{
df70a773
JR		 3656 if (!ctx->xin->allow_side_effects && !ctx->xin->xcache) {
3657 return;
3658 }
3659
77ab5fd2
BP		 3660 struct ofproto_async_msg *am = xmalloc(sizeof *am);
3661 *am = (struct ofproto_async_msg) {
3662 .controller_id = ctx->pause->controller_id,
3663 .oam = OAM_PACKET_IN,
3664 .pin = {
3665 .up = {
3666 .public = {
3667 .userdata = xmemdup(ctx->pause->userdata,
3668 ctx->pause->userdata_len),
3669 .userdata_len = ctx->pause->userdata_len,
3670 .packet = xmemdup(dp_packet_data(ctx->xin->packet),
3671 dp_packet_size(ctx->xin->packet)),
3672 .packet_len = dp_packet_size(ctx->xin->packet),
0b024e49 3673 .reason = ctx->pause->reason,
77ab5fd2
BP		 3674 },
3675 .bridge = *ofproto_dpif_get_uuid(ctx->xbridge->ofproto),
3676 .stack = xmemdup(state->stack,
3677 state->n_stack * sizeof *state->stack),
3678 .n_stack = state->n_stack,
3679 .mirrors = state->mirrors,
3680 .conntracked = state->conntracked,
3681 .actions = xmemdup(state->ofpacts, state->ofpacts_len),
3682 .actions_len = state->ofpacts_len,
3683 .action_set = xmemdup(state->action_set,
3684 state->action_set_len),
3685 .action_set_len = state->action_set_len,
3686 },
3687 .max_len = UINT16_MAX,
3688 },
3689 };
3690 flow_get_metadata(&ctx->xin->flow, &am->pin.up.public.flow_metadata);
df70a773
JR		 3691
3692 /* Async messages are only sent once, so if we send one now, no
3693 * xlate cache entry is created. */
3694 if (ctx->xin->allow_side_effects) {
3695 ofproto_dpif_send_async_msg(ctx->xbridge->ofproto, am);
3696 } else /* xcache */ {
3697 struct xc_entry *entry;
3698
3699 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_CONTROLLER);
3700 entry->controller.ofproto = ctx->xbridge->ofproto;
3701 entry->controller.am = am;
3702 }
77ab5fd2 3703}
7bbdd84f 3704
77ab5fd2
BP		 3705static void
3706finish_freezing__(struct xlate_ctx *ctx, uint8_t table)
3707{
1d361a81 3708 ovs_assert(ctx->freezing);
7bbdd84f 3709
1d361a81 3710 struct frozen_state state = {
07659514 3711 .table_id = table,
290835f9 3712 .ofproto_uuid = *ofproto_dpif_get_uuid(ctx->xbridge->ofproto),
5c1b2314
BP		 3713 .stack = ctx->stack.data,
3714 .n_stack = ctx->stack.size / sizeof(union mf_subvalue),
29bae541 3715 .mirrors = ctx->mirrors,
07659514 3716 .conntracked = ctx->conntracked,
1d361a81
BP		 3717 .ofpacts = ctx->frozen_actions.data,
3718 .ofpacts_len = ctx->frozen_actions.size,
417509fa 3719 .action_set = ctx->action_set.data,
8a5fb3b4 3720 .action_set_len = ctx->action_set.size,
2082425c 3721 };
77ab5fd2 3722 frozen_metadata_from_flow(&state.metadata, &ctx->xin->flow);
2082425c 3723
77ab5fd2
BP		 3724 if (ctx->pause) {
3725 if (ctx->xin->packet) {
3726 emit_continuation(ctx, &state);
3727 }
3728 } else {
3729 /* Allocate a unique recirc id for the given metadata state in the
3730 * flow. An existing id, with a new reference to the corresponding
3731 * recirculation context, will be returned if possible.
3732 * The life-cycle of this recirc id is managed by associating it
3733 * with the udpif key ('ukey') created for each new datapath flow. */
3734 uint32_t id = recirc_alloc_id_ctx(&state);
3735 if (!id) {
3736 XLATE_REPORT_ERROR(ctx, "Failed to allocate recirculation id");
3737 ctx->error = XLATE_NO_RECIRCULATION_CONTEXT;
3738 return;
3739 }
3740 recirc_refs_add(&ctx->xout->recircs, id);
7bbdd84f 3741
53cc166a
JR		 3742 if (ctx->recirc_update_dp_hash) {
3743 struct ovs_action_hash *act_hash;
3744
3745 /* Hash action. */
3746 act_hash = nl_msg_put_unspec_uninit(ctx->odp_actions,
3747 OVS_ACTION_ATTR_HASH,
3748 sizeof *act_hash);
3749 act_hash->hash_alg = OVS_HASH_ALG_L4; /* Make configurable. */
3750 act_hash->hash_basis = 0; /* Make configurable. */
3751 }
77ab5fd2
BP		 3752 nl_msg_put_u32(ctx->odp_actions, OVS_ACTION_ATTR_RECIRC, id);
3753 }
e672ff9b 3754
1d361a81
BP		 3755 /* Undo changes done by freezing. */
3756 ctx_cancel_freeze(ctx);
7bbdd84f
SH		 3757}
3758
1d361a81 3759/* Called only when we're freezing. */
07659514 3760static void
77ab5fd2 3761finish_freezing(struct xlate_ctx *ctx)
07659514
JS		 3762{
3763 xlate_commit_actions(ctx);
77ab5fd2 3764 finish_freezing__(ctx, 0);
07659514
JS		 3765}
3766
e37b8437
JS		 3767/* Fork the pipeline here. The current packet will continue processing the
3768 * current action list. A clone of the current packet will recirculate, skip
3769 * the remainder of the current action list and asynchronously resume pipeline
3770 * processing in 'table' with the current metadata and action set. */
3771static void
3772compose_recirculate_and_fork(struct xlate_ctx *ctx, uint8_t table)
3773{
1d361a81 3774 ctx->freezing = true;
77ab5fd2 3775 finish_freezing__(ctx, table);
e37b8437
JS		 3776}
3777
8bfd0fda
BP		 3778static void
3779compose_mpls_push_action(struct xlate_ctx *ctx, struct ofpact_push_mpls *mpls)
9583bc14 3780{
33bf9176 3781 struct flow *flow = &ctx->xin->flow;
8bfd0fda 3782 int n;
33bf9176 3783
8bfd0fda 3784 ovs_assert(eth_type_mpls(mpls->ethertype));
b0a17866 3785
49a73e0c 3786 n = flow_count_mpls_labels(flow, ctx->wc);
8bfd0fda 3787 if (!n) {
704bb0bf 3788 xlate_commit_actions(ctx);
8bfd0fda
BP		 3789 } else if (n >= FLOW_MAX_MPLS_LABELS) {
3790 if (ctx->xin->packet != NULL) {
fff1b9c0 3791 XLATE_REPORT_ERROR(ctx, "bridge %s: dropping packet on which an "
8bfd0fda
BP		 3792 "MPLS push action can't be performed as it would "
3793 "have more MPLS LSEs than the %d supported.",
3794 ctx->xbridge->name, FLOW_MAX_MPLS_LABELS);
9583bc14 3795 }
fff1b9c0 3796 ctx->error = XLATE_TOO_MANY_MPLS_LABELS;
8bfd0fda 3797 return;
9583bc14 3798 }
b0a17866 3799
49a73e0c 3800 flow_push_mpls(flow, n, mpls->ethertype, ctx->wc);
9583bc14
EJ		 3801}
3802
8bfd0fda 3803static void
9cfef3d0 3804compose_mpls_pop_action(struct xlate_ctx *ctx, ovs_be16 eth_type)
9583bc14 3805{
8bfd0fda 3806 struct flow *flow = &ctx->xin->flow;
49a73e0c 3807 int n = flow_count_mpls_labels(flow, ctx->wc);
33bf9176 3808
49a73e0c 3809 if (flow_pop_mpls(flow, n, eth_type, ctx->wc)) {
8bf009bf 3810 if (!eth_type_mpls(eth_type) && ctx->xbridge->support.odp.recirc) {
e12ec36b 3811 ctx->was_mpls = true;
7bbdd84f
SH		 3812 }
3813 } else if (n >= FLOW_MAX_MPLS_LABELS) {
8bfd0fda 3814 if (ctx->xin->packet != NULL) {
fff1b9c0 3815 XLATE_REPORT_ERROR(ctx, "bridge %s: dropping packet on which an "
8bfd0fda
BP		 3816 "MPLS pop action can't be performed as it has "
3817 "more MPLS LSEs than the %d supported.",
3818 ctx->xbridge->name, FLOW_MAX_MPLS_LABELS);
3819 }
fff1b9c0 3820 ctx->error = XLATE_TOO_MANY_MPLS_LABELS;
1520ef4f 3821 ofpbuf_clear(ctx->odp_actions);
9583bc14
EJ		 3822 }
3823}
3824
3825static bool
3826compose_dec_ttl(struct xlate_ctx *ctx, struct ofpact_cnt_ids *ids)
3827{
33bf9176
BP		 3828 struct flow *flow = &ctx->xin->flow;
3829
3830 if (!is_ip_any(flow)) {
9583bc14
EJ		 3831 return false;
3832 }
3833
49a73e0c 3834 ctx->wc->masks.nw_ttl = 0xff;
33bf9176
BP		 3835 if (flow->nw_ttl > 1) {
3836 flow->nw_ttl--;
9583bc14
EJ		 3837 return false;
3838 } else {
3839 size_t i;
3840
3841 for (i = 0; i < ids->n_controllers; i++) {
3842 execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL,
bdcad671 3843 ids->cnt_ids[i], NULL, 0);
9583bc14
EJ		 3844 }
3845
3846 /* Stop processing for current table. */
3847 return true;
3848 }
3849}
3850
8bfd0fda 3851static void
097d4939
JR		 3852compose_set_mpls_label_action(struct xlate_ctx *ctx, ovs_be32 label)
3853{
8bfd0fda 3854 if (eth_type_mpls(ctx->xin->flow.dl_type)) {
49a73e0c 3855 ctx->wc->masks.mpls_lse[0] |= htonl(MPLS_LABEL_MASK);
8bfd0fda 3856 set_mpls_lse_label(&ctx->xin->flow.mpls_lse[0], label);
097d4939 3857 }
097d4939
JR		 3858}
3859
8bfd0fda 3860static void
097d4939
JR		 3861compose_set_mpls_tc_action(struct xlate_ctx *ctx, uint8_t tc)
3862{
8bfd0fda 3863 if (eth_type_mpls(ctx->xin->flow.dl_type)) {
49a73e0c 3864 ctx->wc->masks.mpls_lse[0] |= htonl(MPLS_TC_MASK);
8bfd0fda 3865 set_mpls_lse_tc(&ctx->xin->flow.mpls_lse[0], tc);
097d4939 3866 }
097d4939
JR		 3867}
3868
8bfd0fda 3869static void
9cfef3d0 3870compose_set_mpls_ttl_action(struct xlate_ctx *ctx, uint8_t ttl)
9583bc14 3871{
8bfd0fda 3872 if (eth_type_mpls(ctx->xin->flow.dl_type)) {
49a73e0c 3873 ctx->wc->masks.mpls_lse[0] |= htonl(MPLS_TTL_MASK);
8bfd0fda 3874 set_mpls_lse_ttl(&ctx->xin->flow.mpls_lse[0], ttl);
b0a17866 3875 }
9583bc14
EJ		 3876}
3877
3878static bool
9cfef3d0 3879compose_dec_mpls_ttl_action(struct xlate_ctx *ctx)
9583bc14 3880{
33bf9176 3881 struct flow *flow = &ctx->xin->flow;
1dd35f8a 3882
8bfd0fda 3883 if (eth_type_mpls(flow->dl_type)) {
22d38fca
JR		 3884 uint8_t ttl = mpls_lse_to_ttl(flow->mpls_lse[0]);
3885
49a73e0c 3886 ctx->wc->masks.mpls_lse[0] |= htonl(MPLS_TTL_MASK);
8bfd0fda
BP		 3887 if (ttl > 1) {
3888 ttl--;
3889 set_mpls_lse_ttl(&flow->mpls_lse[0], ttl);
3890 return false;
3891 } else {
bdcad671
BP		 3892 execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL, 0,
3893 NULL, 0);
8bfd0fda 3894 }
9583bc14 3895 }
22d38fca
JR		 3896
3897 /* Stop processing for current table. */
3898 return true;
9583bc14
EJ		 3899}
3900
3901static void
3902xlate_output_action(struct xlate_ctx *ctx,
4e022ec0 3903 ofp_port_t port, uint16_t max_len, bool may_packet_in)
9583bc14 3904{
2031ef97 3905 ofp_port_t prev_nf_output_iface = ctx->nf_output_iface;
9583bc14 3906
2031ef97 3907 ctx->nf_output_iface = NF_OUT_DROP;
9583bc14
EJ		 3908
3909 switch (port) {
3910 case OFPP_IN_PORT:
e93ef1c7 3911 compose_output_action(ctx, ctx->xin->flow.in_port.ofp_port, NULL);
9583bc14
EJ		 3912 break;
3913 case OFPP_TABLE:
4e022ec0 3914 xlate_table_action(ctx, ctx->xin->flow.in_port.ofp_port,
6d328fa2 3915 0, may_packet_in, true);
9583bc14
EJ		 3916 break;
3917 case OFPP_NORMAL:
3918 xlate_normal(ctx);
3919 break;
3920 case OFPP_FLOOD:
3921 flood_packets(ctx, false);
3922 break;
3923 case OFPP_ALL:
3924 flood_packets(ctx, true);
3925 break;
3926 case OFPP_CONTROLLER:
3a11fd5b 3927 execute_controller_action(ctx, max_len,
029ca940
SS		 3928 (ctx->in_group ? OFPR_GROUP
3929 : ctx->in_action_set ? OFPR_ACTION_SET
3930 : OFPR_ACTION),
bdcad671 3931 0, NULL, 0);
9583bc14
EJ		 3932 break;
3933 case OFPP_NONE:
3934 break;
3935 case OFPP_LOCAL:
3936 default:
4e022ec0 3937 if (port != ctx->xin->flow.in_port.ofp_port) {
e93ef1c7 3938 compose_output_action(ctx, port, NULL);
9583bc14
EJ		 3939 } else {
3940 xlate_report(ctx, "skipping output to input port");
3941 }
3942 break;
3943 }
3944
3945 if (prev_nf_output_iface == NF_OUT_FLOOD) {
2031ef97
BP		 3946 ctx->nf_output_iface = NF_OUT_FLOOD;
3947 } else if (ctx->nf_output_iface == NF_OUT_DROP) {
3948 ctx->nf_output_iface = prev_nf_output_iface;
9583bc14 3949 } else if (prev_nf_output_iface != NF_OUT_DROP &&
2031ef97
BP		 3950 ctx->nf_output_iface != NF_OUT_FLOOD) {
3951 ctx->nf_output_iface = NF_OUT_MULTI;
9583bc14
EJ		 3952 }
3953}
3954
3955static void
3956xlate_output_reg_action(struct xlate_ctx *ctx,
3957 const struct ofpact_output_reg *or)
3958{
3959 uint64_t port = mf_get_subfield(&or->src, &ctx->xin->flow);
3960 if (port <= UINT16_MAX) {
3961 union mf_subvalue value;
3962
3963 memset(&value, 0xff, sizeof value);
49a73e0c 3964 mf_write_subfield_flow(&or->src, &value, &ctx->wc->masks);
4e022ec0
AW		 3965 xlate_output_action(ctx, u16_to_ofp(port),
3966 or->max_len, false);
9583bc14
EJ		 3967 }
3968}
3969
aaca4fe0
WT		 3970static void
3971xlate_output_trunc_action(struct xlate_ctx *ctx,
3972 ofp_port_t port, uint32_t max_len)
3973{
3974 bool support_trunc = ctx->xbridge->support.trunc;
3975 struct ovs_action_trunc *trunc;
3976 char name[OFP_MAX_PORT_NAME_LEN];
3977
3978 switch (port) {
3979 case OFPP_TABLE:
3980 case OFPP_NORMAL:
3981 case OFPP_FLOOD:
3982 case OFPP_ALL:
3983 case OFPP_CONTROLLER:
3984 case OFPP_NONE:
3985 ofputil_port_to_string(port, name, sizeof name);
3986 xlate_report(ctx, "output_trunc does not support port: %s", name);
3987 break;
3988 case OFPP_LOCAL:
3989 case OFPP_IN_PORT:
3990 default:
3991 if (port != ctx->xin->flow.in_port.ofp_port) {
3992 const struct xport *xport = get_ofp_port(ctx->xbridge, port);
3993
3994 if (xport == NULL || xport->odp_port == ODPP_NONE) {
3995 /* Since truncate happens at its following output action, if
3996 * the output port is a patch port, the behavior is somehow
3997 * unpredicable. For simpilicity, disallow this case. */
3998 ofputil_port_to_string(port, name, sizeof name);
3999 XLATE_REPORT_ERROR(ctx, "bridge %s: "
4000 "output_trunc does not support port: %s",
4001 ctx->xbridge->name, name);
4002 break;
4003 }
4004
4005 trunc = nl_msg_put_unspec_uninit(ctx->odp_actions,
4006 OVS_ACTION_ATTR_TRUNC,
4007 sizeof *trunc);
4008 trunc->max_len = max_len;
4009 xlate_output_action(ctx, port, max_len, false);
4010 if (!support_trunc) {
4011 ctx->xout->slow |= SLOW_ACTION;
4012 }
4013 } else {
4014 xlate_report(ctx, "skipping output to input port");
4015 }
4016 break;
4017 }
4018}
4019
9583bc14
EJ		 4020static void
4021xlate_enqueue_action(struct xlate_ctx *ctx,
4022 const struct ofpact_enqueue *enqueue)
4023{
4e022ec0 4024 ofp_port_t ofp_port = enqueue->port;
9583bc14
EJ		 4025 uint32_t queue_id = enqueue->queue;
4026 uint32_t flow_priority, priority;
4027 int error;
4028
4029 /* Translate queue to priority. */
89a8a7f0 4030 error = dpif_queue_to_priority(ctx->xbridge->dpif, queue_id, &priority);
9583bc14
EJ		 4031 if (error) {
4032 /* Fall back to ordinary output action. */
4033 xlate_output_action(ctx, enqueue->port, 0, false);
4034 return;
4035 }
4036
4037 /* Check output port. */
4038 if (ofp_port == OFPP_IN_PORT) {
4e022ec0
AW		 4039 ofp_port = ctx->xin->flow.in_port.ofp_port;
4040 } else if (ofp_port == ctx->xin->flow.in_port.ofp_port) {
9583bc14
EJ		 4041 return;
4042 }
4043
4044 /* Add datapath actions. */
4045 flow_priority = ctx->xin->flow.skb_priority;
4046 ctx->xin->flow.skb_priority = priority;
e93ef1c7 4047 compose_output_action(ctx, ofp_port, NULL);
9583bc14
EJ		 4048 ctx->xin->flow.skb_priority = flow_priority;
4049
4050 /* Update NetFlow output port. */
2031ef97
BP		 4051 if (ctx->nf_output_iface == NF_OUT_DROP) {
4052 ctx->nf_output_iface = ofp_port;
4053 } else if (ctx->nf_output_iface != NF_OUT_FLOOD) {
4054 ctx->nf_output_iface = NF_OUT_MULTI;
9583bc14
EJ		 4055 }
4056}
4057
4058static void
4059xlate_set_queue_action(struct xlate_ctx *ctx, uint32_t queue_id)
4060{
4061 uint32_t skb_priority;
4062
89a8a7f0 4063 if (!dpif_queue_to_priority(ctx->xbridge->dpif, queue_id, &skb_priority)) {
9583bc14
EJ		 4064 ctx->xin->flow.skb_priority = skb_priority;
4065 } else {
4066 /* Couldn't translate queue to a priority. Nothing to do. A warning
4067 * has already been logged. */
4068 }
4069}
4070
4071static bool
46c88433 4072slave_enabled_cb(ofp_port_t ofp_port, void *xbridge_)
9583bc14 4073{
46c88433
EJ		 4074 const struct xbridge *xbridge = xbridge_;
4075 struct xport *port;
9583bc14
EJ		 4076
4077 switch (ofp_port) {
4078 case OFPP_IN_PORT:
4079 case OFPP_TABLE:
4080 case OFPP_NORMAL:
4081 case OFPP_FLOOD:
4082 case OFPP_ALL:
4083 case OFPP_NONE:
4084 return true;
4085 case OFPP_CONTROLLER: /* Not supported by the bundle action. */
4086 return false;
4087 default:
46c88433 4088 port = get_ofp_port(xbridge, ofp_port);
9583bc14
EJ		 4089 return port ? port->may_enable : false;
4090 }
4091}
4092
4093static void
4094xlate_bundle_action(struct xlate_ctx *ctx,
4095 const struct ofpact_bundle *bundle)
4096{
4e022ec0 4097 ofp_port_t port;
9583bc14 4098
49a73e0c 4099 port = bundle_execute(bundle, &ctx->xin->flow, ctx->wc, slave_enabled_cb,
46c88433 4100 CONST_CAST(struct xbridge *, ctx->xbridge));
9583bc14 4101 if (bundle->dst.field) {
49a73e0c 4102 nxm_reg_load(&bundle->dst, ofp_to_u16(port), &ctx->xin->flow, ctx->wc);
9583bc14
EJ		 4103 } else {
4104 xlate_output_action(ctx, port, 0, false);
4105 }
4106}
4107
4165b5e0
JS		 4108static void
4109xlate_learn_action(struct xlate_ctx *ctx, const struct ofpact_learn *learn)
4110{
49a73e0c 4111 learn_mask(learn, ctx->wc);
9583bc14 4112
df70a773 4113 if (ctx->xin->xcache || ctx->xin->allow_side_effects) {
4165b5e0
JS		 4114 uint64_t ofpacts_stub[1024 / 8];
4115 struct ofputil_flow_mod fm;
2c7ee524 4116 struct ofproto_flow_mod ofm__, *ofm;
4165b5e0 4117 struct ofpbuf ofpacts;
2c7ee524
JR		 4118 enum ofperr error;
4119
4120 if (ctx->xin->xcache) {
4121 struct xc_entry *entry;
4122
4123 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_LEARN);
4124 entry->learn.ofm = xmalloc(sizeof *entry->learn.ofm);
4125 ofm = entry->learn.ofm;
4126 } else {
4127 ofm = &ofm__;
4128 }
4165b5e0
JS		 4129
4130 ofpbuf_use_stub(&ofpacts, ofpacts_stub, sizeof ofpacts_stub);
2c7ee524
JR		 4131 learn_execute(learn, &ctx->xin->flow, &fm, &ofpacts);
4132 error = ofproto_dpif_flow_mod_init_for_learn(ctx->xbridge->ofproto,
4133 &fm, ofm);
4165b5e0 4134 ofpbuf_uninit(&ofpacts);
2c7ee524 4135
df70a773 4136 if (!error && ctx->xin->allow_side_effects) {
2c7ee524
JR		 4137 error = ofproto_flow_mod_learn(ofm, ctx->xin->xcache != NULL);
4138 }
4139
4140 if (error) {
4141 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
4142 VLOG_WARN_RL(&rl, "%s: LEARN action execution failed (%s).",
4143 ctx->xbridge->name, ofperr_to_string(error));
4144 }
b256dc52
JS		 4145 }
4146}
4147
4148static void
4149xlate_fin_timeout__(struct rule_dpif *rule, uint16_t tcp_flags,
4150 uint16_t idle_timeout, uint16_t hard_timeout)
4151{
4152 if (tcp_flags & (TCP_FIN | TCP_RST)) {
4153 rule_dpif_reduce_timeouts(rule, idle_timeout, hard_timeout);
4154 }
9583bc14
EJ		 4155}
4156
9583bc14
EJ		 4157static void
4158xlate_fin_timeout(struct xlate_ctx *ctx,
4159 const struct ofpact_fin_timeout *oft)
4160{
b256dc52 4161 if (ctx->rule) {
df70a773
JR		 4162 if (ctx->xin->allow_side_effects) {
4163 xlate_fin_timeout__(ctx->rule, ctx->xin->tcp_flags,
4164 oft->fin_idle_timeout, oft->fin_hard_timeout);
4165 }
b256dc52
JS		 4166 if (ctx->xin->xcache) {
4167 struct xc_entry *entry;
4168
4169 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_FIN_TIMEOUT);
83709dfa
JR		 4170 /* XC_RULE already holds a reference on the rule, none is taken
4171 * here. */
901a517e
JR		 4172 entry->fin.rule = ctx->rule;
4173 entry->fin.idle = oft->fin_idle_timeout;
4174 entry->fin.hard = oft->fin_hard_timeout;
b256dc52 4175 }
9583bc14
EJ		 4176 }
4177}
4178
4179static void
4180xlate_sample_action(struct xlate_ctx *ctx,
4181 const struct ofpact_sample *os)
4182{
f69f713b
BY		 4183 odp_port_t output_odp_port = ODPP_NONE;
4184 odp_port_t tunnel_out_port = ODPP_NONE;
4185 struct dpif_ipfix *ipfix = ctx->xbridge->ipfix;
4186 bool emit_set_tunnel = false;
4187
4188 if (!ipfix || ctx->xin->flow.in_port.ofp_port == OFPP_NONE) {
4189 return;
4190 }
4191
e824d78d
JR		 4192 /* Scale the probability from 16-bit to 32-bit while representing
4193 * the same percentage. */
4194 uint32_t probability = (os->probability << 16) | os->probability;
4195
b440dd8c 4196 if (!ctx->xbridge->support.variable_length_userdata) {
e824d78d
JR		 4197 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
4198
4199 VLOG_ERR_RL(&rl, "ignoring NXAST_SAMPLE action because datapath "
4200 "lacks support (needs Linux 3.10+ or kernel module from "
4201 "OVS 1.11+)");
4202 return;
4203 }
4204
f69f713b
BY		 4205 /* If ofp_port in flow sample action is equel to ofp_port,
4206 * this sample action is a input port action. */
4207 if (os->sampling_port != OFPP_NONE &&
4208 os->sampling_port != ctx->xin->flow.in_port.ofp_port) {
4209 output_odp_port = ofp_port_to_odp_port(ctx->xbridge,
4210 os->sampling_port);
4211 if (output_odp_port == ODPP_NONE) {
4212 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
4213 VLOG_WARN_RL(&rl, "can't use unknown port %d in flow sample "
4214 "action", os->sampling_port);
4215 return;
4216 }
4217
4218 if (dpif_ipfix_get_flow_exporter_tunnel_sampling(ipfix,
4219 os->collector_set_id)
4220 && dpif_ipfix_get_tunnel_port(ipfix, output_odp_port)) {
4221 tunnel_out_port = output_odp_port;
4222 emit_set_tunnel = true;
4223 }
4224 }
4225
4226 xlate_commit_actions(ctx);
4227 /* If 'emit_set_tunnel', sample(sampling_port=1) would translate
4228 * into datapath sample action set(tunnel(...)), sample(...) and
4229 * it is used for sampling egress tunnel information. */
4230 if (emit_set_tunnel) {
4231 const struct xport *xport = get_ofp_port(ctx->xbridge,
4232 os->sampling_port);
4233
4234 if (xport && xport->is_tunnel) {
4235 struct flow *flow = &ctx->xin->flow;
4236 tnl_port_send(xport->ofport, flow, ctx->wc);
4237 if (!ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) {
4238 struct flow_tnl flow_tnl = flow->tunnel;
4239
4240 commit_odp_tunnel_action(flow, &ctx->base_flow,
4241 ctx->odp_actions);
4242 flow->tunnel = flow_tnl;
4243 }
4244 } else {
4245 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
4246 VLOG_WARN_RL(&rl, "sampling_port:%d should be a tunnel port.",
4247 os->sampling_port);
4248 }
4249 }
e824d78d 4250
a6092018
BP		 4251 union user_action_cookie cookie = {
4252 .flow_sample = {
4253 .type = USER_ACTION_COOKIE_FLOW_SAMPLE,
4254 .probability = os->probability,
4255 .collector_set_id = os->collector_set_id,
4256 .obs_domain_id = os->obs_domain_id,
4257 .obs_point_id = os->obs_point_id,
f69f713b 4258 .output_odp_port = output_odp_port,
a6092018
BP		 4259 }
4260 };
4261 compose_sample_action(ctx, probability, &cookie, sizeof cookie.flow_sample,
f69f713b 4262 tunnel_out_port, false);
9583bc14
EJ		 4263}
4264
4265static bool
46c88433 4266may_receive(const struct xport *xport, struct xlate_ctx *ctx)
9583bc14 4267{
bbbca389 4268 if (xport->config & (is_stp(&ctx->xin->flow)
46c88433
EJ		 4269 ? OFPUTIL_PC_NO_RECV_STP
4270 : OFPUTIL_PC_NO_RECV)) {
9583bc14
EJ		 4271 return false;
4272 }
4273
4274 /* Only drop packets here if both forwarding and learning are
4275 * disabled. If just learning is enabled, we need to have
4276 * OFPP_NORMAL and the learning action have a look at the packet
4277 * before we can drop it. */
9efd308e
DV		 4278 if ((!xport_stp_forward_state(xport) && !xport_stp_learn_state(xport)) ||
4279 (!xport_rstp_forward_state(xport) && !xport_rstp_learn_state(xport))) {
9583bc14
EJ		 4280 return false;
4281 }
4282
4283 return true;
4284}
4285
7fdb60a7 4286static void
7e7e8dbb
BP		 4287xlate_write_actions__(struct xlate_ctx *ctx,
4288 const struct ofpact *ofpacts, size_t ofpacts_len)
7fdb60a7 4289{
c61f3870
BP		 4290 /* Maintain actset_output depending on the contents of the action set:
4291 *
4292 * - OFPP_UNSET, if there is no "output" action.
4293 *
4294 * - The output port, if there is an "output" action and no "group"
4295 * action.
4296 *
4297 * - OFPP_UNSET, if there is a "group" action.
4298 */
4299 if (!ctx->action_set_has_group) {
7e7e8dbb
BP		 4300 const struct ofpact *a;
4301 OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) {
4302 if (a->type == OFPACT_OUTPUT) {
4303 ctx->xin->flow.actset_output = ofpact_get_OUTPUT(a)->port;
4304 } else if (a->type == OFPACT_GROUP) {
c61f3870
BP		 4305 ctx->xin->flow.actset_output = OFPP_UNSET;
4306 ctx->action_set_has_group = true;
9055ca9a 4307 break;
c61f3870
BP		 4308 }
4309 }
4310 }
4311
7e7e8dbb
BP		 4312 ofpbuf_put(&ctx->action_set, ofpacts, ofpacts_len);
4313}
4314
4315static void
4316xlate_write_actions(struct xlate_ctx *ctx, const struct ofpact_nest *a)
4317{
4318 xlate_write_actions__(ctx, a->actions, ofpact_nest_get_action_len(a));
7fdb60a7
SH		 4319}
4320
4321static void
4322xlate_action_set(struct xlate_ctx *ctx)
4323{
4324 uint64_t action_list_stub[1024 / 64];
4325 struct ofpbuf action_list;
4326
029ca940 4327 ctx->in_action_set = true;
7fdb60a7
SH		 4328 ofpbuf_use_stub(&action_list, action_list_stub, sizeof action_list_stub);
4329 ofpacts_execute_action_set(&action_list, &ctx->action_set);
ed9c9e3e
JR		 4330 /* Clear the action set, as it is not needed any more. */
4331 ofpbuf_clear(&ctx->action_set);
6fd6ed71 4332 do_xlate_actions(action_list.data, action_list.size, ctx);
029ca940 4333 ctx->in_action_set = false;
7fdb60a7
SH		 4334 ofpbuf_uninit(&action_list);
4335}
4336
e672ff9b 4337static void
1d361a81 4338freeze_put_unroll_xlate(struct xlate_ctx *ctx)
e672ff9b 4339{
1d361a81 4340 struct ofpact_unroll_xlate *unroll = ctx->frozen_actions.header;
e672ff9b
JR		 4341
4342 /* Restore the table_id and rule cookie for a potential PACKET
4343 * IN if needed. */
4344 if (!unroll ||
4345 (ctx->table_id != unroll->rule_table_id
4346 || ctx->rule_cookie != unroll->rule_cookie)) {
1d361a81 4347 unroll = ofpact_put_UNROLL_XLATE(&ctx->frozen_actions);
e672ff9b
JR		 4348 unroll->rule_table_id = ctx->table_id;
4349 unroll->rule_cookie = ctx->rule_cookie;
1d361a81 4350 ctx->frozen_actions.header = unroll;
e672ff9b
JR		 4351 }
4352}
4353
4354
1d361a81
BP		 4355/* Copy actions 'a' through 'end' to ctx->frozen_actions, which will be
4356 * executed after thawing. Inserts an UNROLL_XLATE action, if none is already
4357 * present, before any action that may depend on the current table ID or flow
4358 * cookie. */
e672ff9b 4359static void
1d361a81 4360freeze_unroll_actions(const struct ofpact *a, const struct ofpact *end,
e672ff9b
JR		 4361 struct xlate_ctx *ctx)
4362{
c2b283b7 4363 for (; a < end; a = ofpact_next(a)) {
e672ff9b 4364 switch (a->type) {
e672ff9b 4365 case OFPACT_OUTPUT_REG:
aaca4fe0 4366 case OFPACT_OUTPUT_TRUNC:
e672ff9b
JR		 4367 case OFPACT_GROUP:
4368 case OFPACT_OUTPUT:
4369 case OFPACT_CONTROLLER:
4370 case OFPACT_DEC_MPLS_TTL:
4371 case OFPACT_DEC_TTL:
83a31283
BP		 4372 /* These actions may generate asynchronous messages, which include
4373 * table ID and flow cookie information. */
1d361a81 4374 freeze_put_unroll_xlate(ctx);
e672ff9b
JR		 4375 break;
4376
83a31283
BP		 4377 case OFPACT_RESUBMIT:
4378 if (ofpact_get_RESUBMIT(a)->table_id == 0xff) {
4379 /* This resubmit action is relative to the current table, so we
4380 * need to track what table that is.*/
1d361a81 4381 freeze_put_unroll_xlate(ctx);
83a31283
BP		 4382 }
4383 break;
4384
e672ff9b
JR		 4385 case OFPACT_SET_TUNNEL:
4386 case OFPACT_REG_MOVE:
4387 case OFPACT_SET_FIELD:
4388 case OFPACT_STACK_PUSH:
4389 case OFPACT_STACK_POP:
4390 case OFPACT_LEARN:
4391 case OFPACT_WRITE_METADATA:
83a31283 4392 case OFPACT_GOTO_TABLE:
e672ff9b
JR		 4393 case OFPACT_ENQUEUE:
4394 case OFPACT_SET_VLAN_VID:
4395 case OFPACT_SET_VLAN_PCP:
4396 case OFPACT_STRIP_VLAN:
4397 case OFPACT_PUSH_VLAN:
4398 case OFPACT_SET_ETH_SRC:
4399 case OFPACT_SET_ETH_DST:
4400 case OFPACT_SET_IPV4_SRC:
4401 case OFPACT_SET_IPV4_DST:
4402 case OFPACT_SET_IP_DSCP:
4403 case OFPACT_SET_IP_ECN:
4404 case OFPACT_SET_IP_TTL:
4405 case OFPACT_SET_L4_SRC_PORT:
4406 case OFPACT_SET_L4_DST_PORT:
4407 case OFPACT_SET_QUEUE:
4408 case OFPACT_POP_QUEUE:
4409 case OFPACT_PUSH_MPLS:
4410 case OFPACT_POP_MPLS:
4411 case OFPACT_SET_MPLS_LABEL:
4412 case OFPACT_SET_MPLS_TC:
4413 case OFPACT_SET_MPLS_TTL:
4414 case OFPACT_MULTIPATH:
4415 case OFPACT_BUNDLE:
4416 case OFPACT_EXIT:
4417 case OFPACT_UNROLL_XLATE:
4418 case OFPACT_FIN_TIMEOUT:
4419 case OFPACT_CLEAR_ACTIONS:
4420 case OFPACT_WRITE_ACTIONS:
4421 case OFPACT_METER:
4422 case OFPACT_SAMPLE:
d4abaff5 4423 case OFPACT_DEBUG_RECIRC:
07659514 4424 case OFPACT_CT:
9ac0aada 4425 case OFPACT_NAT:
83a31283 4426 /* These may not generate PACKET INs. */
e672ff9b
JR		 4427 break;
4428
e672ff9b
JR		 4429 case OFPACT_NOTE:
4430 case OFPACT_CONJUNCTION:
83a31283 4431 /* These need not be copied for restoration. */
e672ff9b
JR		 4432 continue;
4433 }
4434 /* Copy the action over. */
1d361a81 4435 ofpbuf_put(&ctx->frozen_actions, a, OFPACT_ALIGN(a->len));
e672ff9b
JR		 4436 }
4437}
4438
8e53fe8c 4439static void
f2d105b5
JS		 4440put_ct_mark(const struct flow *flow, struct ofpbuf *odp_actions,
4441 struct flow_wildcards *wc)
8e53fe8c 4442{
2a754f4a
JS		 4443 if (wc->masks.ct_mark) {
4444 struct {
4445 uint32_t key;
4446 uint32_t mask;
4447 } *odp_ct_mark;
4448
4449 odp_ct_mark = nl_msg_put_unspec_uninit(odp_actions, OVS_CT_ATTR_MARK,
4450 sizeof(*odp_ct_mark));
4451 odp_ct_mark->key = flow->ct_mark & wc->masks.ct_mark;
4452 odp_ct_mark->mask = wc->masks.ct_mark;
8e53fe8c
JS		 4453 }
4454}
4455
9daf2348 4456static void
f2d105b5
JS		 4457put_ct_label(const struct flow *flow, struct ofpbuf *odp_actions,
4458 struct flow_wildcards *wc)
9daf2348 4459{
2ff8484b 4460 if (!ovs_u128_is_zero(wc->masks.ct_label)) {
9daf2348
JS		 4461 struct {
4462 ovs_u128 key;
4463 ovs_u128 mask;
4464 } *odp_ct_label;
4465
4466 odp_ct_label = nl_msg_put_unspec_uninit(odp_actions,
4467 OVS_CT_ATTR_LABELS,
4468 sizeof(*odp_ct_label));
f2d105b5 4469 odp_ct_label->key = ovs_u128_and(flow->ct_label, wc->masks.ct_label);
9daf2348
JS		 4470 odp_ct_label->mask = wc->masks.ct_label;
4471 }
4472}
4473
d787ad39
JS		 4474static void
4475put_ct_helper(struct ofpbuf *odp_actions, struct ofpact_conntrack *ofc)
4476{
4477 if (ofc->alg) {
4478 if (ofc->alg == IPPORT_FTP) {
4479 nl_msg_put_string(odp_actions, OVS_CT_ATTR_HELPER, "ftp");
4480 } else {
4481 VLOG_WARN("Cannot serialize ct_helper %d\n", ofc->alg);
4482 }
4483 }
4484}
4485
9ac0aada
JR		 4486static void
4487put_ct_nat(struct xlate_ctx *ctx)
4488{
4489 struct ofpact_nat *ofn = ctx->ct_nat_action;
4490 size_t nat_offset;
4491
4492 if (!ofn) {
4493 return;
4494 }
4495
4496 nat_offset = nl_msg_start_nested(ctx->odp_actions, OVS_CT_ATTR_NAT);
4497 if (ofn->flags & NX_NAT_F_SRC || ofn->flags & NX_NAT_F_DST) {
4498 nl_msg_put_flag(ctx->odp_actions, ofn->flags & NX_NAT_F_SRC
4499 ? OVS_NAT_ATTR_SRC : OVS_NAT_ATTR_DST);
4500 if (ofn->flags & NX_NAT_F_PERSISTENT) {
4501 nl_msg_put_flag(ctx->odp_actions, OVS_NAT_ATTR_PERSISTENT);
4502 }
4503 if (ofn->flags & NX_NAT_F_PROTO_HASH) {
4504 nl_msg_put_flag(ctx->odp_actions, OVS_NAT_ATTR_PROTO_HASH);
4505 } else if (ofn->flags & NX_NAT_F_PROTO_RANDOM) {
4506 nl_msg_put_flag(ctx->odp_actions, OVS_NAT_ATTR_PROTO_RANDOM);
4507 }
4508 if (ofn->range_af == AF_INET) {
73e8bc23 4509 nl_msg_put_be32(ctx->odp_actions, OVS_NAT_ATTR_IP_MIN,
9ac0aada
JR		 4510 ofn->range.addr.ipv4.min);
4511 if (ofn->range.addr.ipv4.max &&
73e8bc23
BP		 4512 (ntohl(ofn->range.addr.ipv4.max)
4513 > ntohl(ofn->range.addr.ipv4.min))) {
4514 nl_msg_put_be32(ctx->odp_actions, OVS_NAT_ATTR_IP_MAX,
4515 ofn->range.addr.ipv4.max);
9ac0aada
JR		 4516 }
4517 } else if (ofn->range_af == AF_INET6) {
4518 nl_msg_put_unspec(ctx->odp_actions, OVS_NAT_ATTR_IP_MIN,
4519 &ofn->range.addr.ipv6.min,
4520 sizeof ofn->range.addr.ipv6.min);
4521 if (!ipv6_mask_is_any(&ofn->range.addr.ipv6.max) &&
4522 memcmp(&ofn->range.addr.ipv6.max, &ofn->range.addr.ipv6.min,
4523 sizeof ofn->range.addr.ipv6.max) > 0) {
4524 nl_msg_put_unspec(ctx->odp_actions, OVS_NAT_ATTR_IP_MAX,
4525 &ofn->range.addr.ipv6.max,
4526 sizeof ofn->range.addr.ipv6.max);
4527 }
4528 }
4529 if (ofn->range_af != AF_UNSPEC && ofn->range.proto.min) {
4530 nl_msg_put_u16(ctx->odp_actions, OVS_NAT_ATTR_PROTO_MIN,
4531 ofn->range.proto.min);
4532 if (ofn->range.proto.max &&
4533 ofn->range.proto.max > ofn->range.proto.min) {
4534 nl_msg_put_u16(ctx->odp_actions, OVS_NAT_ATTR_PROTO_MAX,
4535 ofn->range.proto.max);
4536 }
4537 }
4538 }
4539 nl_msg_end_nested(ctx->odp_actions, nat_offset);
4540}
4541
07659514
JS		 4542static void
4543compose_conntrack_action(struct xlate_ctx *ctx, struct ofpact_conntrack *ofc)
4544{
9daf2348 4545 ovs_u128 old_ct_label = ctx->base_flow.ct_label;
f2d105b5 4546 ovs_u128 old_ct_label_mask = ctx->wc->masks.ct_label;
8e53fe8c 4547 uint32_t old_ct_mark = ctx->base_flow.ct_mark;
f2d105b5 4548 uint32_t old_ct_mark_mask = ctx->wc->masks.ct_mark;
07659514
JS		 4549 size_t ct_offset;
4550 uint16_t zone;
4551
4552 /* Ensure that any prior actions are applied before composing the new
4553 * conntrack action. */
4554 xlate_commit_actions(ctx);
4555
8e53fe8c 4556 /* Process nested actions first, to populate the key. */
9ac0aada 4557 ctx->ct_nat_action = NULL;
f2d105b5
JS		 4558 ctx->wc->masks.ct_mark = 0;
4559 ctx->wc->masks.ct_label.u64.hi = ctx->wc->masks.ct_label.u64.lo = 0;
8e53fe8c
JS		 4560 do_xlate_actions(ofc->actions, ofpact_ct_get_action_len(ofc), ctx);
4561
07659514
JS		 4562 if (ofc->zone_src.field) {
4563 zone = mf_get_subfield(&ofc->zone_src, &ctx->xin->flow);
4564 } else {
4565 zone = ofc->zone_imm;
4566 }
4567
4568 ct_offset = nl_msg_start_nested(ctx->odp_actions, OVS_ACTION_ATTR_CT);
4569 if (ofc->flags & NX_CT_F_COMMIT) {
4570 nl_msg_put_flag(ctx->odp_actions, OVS_CT_ATTR_COMMIT);
4571 }
4572 nl_msg_put_u16(ctx->odp_actions, OVS_CT_ATTR_ZONE, zone);
f2d105b5
JS		 4573 put_ct_mark(&ctx->xin->flow, ctx->odp_actions, ctx->wc);
4574 put_ct_label(&ctx->xin->flow, ctx->odp_actions, ctx->wc);
d787ad39 4575 put_ct_helper(ctx->odp_actions, ofc);
9ac0aada
JR		 4576 put_ct_nat(ctx);
4577 ctx->ct_nat_action = NULL;
07659514
JS		 4578 nl_msg_end_nested(ctx->odp_actions, ct_offset);
4579
8e53fe8c
JS		 4580 /* Restore the original ct fields in the key. These should only be exposed
4581 * after recirculation to another table. */
4582 ctx->base_flow.ct_mark = old_ct_mark;
f2d105b5 4583 ctx->wc->masks.ct_mark = old_ct_mark_mask;
9daf2348 4584 ctx->base_flow.ct_label = old_ct_label;
f2d105b5 4585 ctx->wc->masks.ct_label = old_ct_label_mask;
8e53fe8c 4586
07659514
JS		 4587 if (ofc->recirc_table == NX_CT_RECIRC_NONE) {
4588 /* If we do not recirculate as part of this action, hide the results of
4589 * connection tracking from subsequent recirculations. */
4590 ctx->conntracked = false;
4591 } else {
4592 /* Use ct_* fields from datapath during recirculation upcall. */
4593 ctx->conntracked = true;
e37b8437 4594 compose_recirculate_and_fork(ctx, ofc->recirc_table);
07659514
JS		 4595 }
4596}
4597
e12ec36b
SH		 4598static void
4599recirc_for_mpls(const struct ofpact *a, struct xlate_ctx *ctx)
4600{
4601 /* No need to recirculate if already exiting. */
4602 if (ctx->exit) {
4603 return;
4604 }
4605
4606 /* Do not consider recirculating unless the packet was previously MPLS. */
4607 if (!ctx->was_mpls) {
4608 return;
4609 }
4610
4611 /* Special case these actions, only recirculating if necessary.
4612 * This avoids the overhead of recirculation in common use-cases.
4613 */
4614 switch (a->type) {
4615
4616 /* Output actions do not require recirculation. */
4617 case OFPACT_OUTPUT:
aaca4fe0 4618 case OFPACT_OUTPUT_TRUNC:
e12ec36b
SH		 4619 case OFPACT_ENQUEUE:
4620 case OFPACT_OUTPUT_REG:
4621 /* Set actions that don't touch L3+ fields do not require recirculation. */
4622 case OFPACT_SET_VLAN_VID:
4623 case OFPACT_SET_VLAN_PCP:
4624 case OFPACT_SET_ETH_SRC:
4625 case OFPACT_SET_ETH_DST:
4626 case OFPACT_SET_TUNNEL:
4627 case OFPACT_SET_QUEUE:
4628 /* If actions of a group require recirculation that can be detected
4629 * when translating them. */
4630 case OFPACT_GROUP:
4631 return;
4632
4633 /* Set field that don't touch L3+ fields don't require recirculation. */
4634 case OFPACT_SET_FIELD:
4635 if (mf_is_l3_or_higher(ofpact_get_SET_FIELD(a)->field)) {
4636 break;
4637 }
4638 return;
4639
4640 /* For simplicity, recirculate in all other cases. */
4641 case OFPACT_CONTROLLER:
4642 case OFPACT_BUNDLE:
4643 case OFPACT_STRIP_VLAN:
4644 case OFPACT_PUSH_VLAN:
4645 case OFPACT_SET_IPV4_SRC:
4646 case OFPACT_SET_IPV4_DST:
4647 case OFPACT_SET_IP_DSCP:
4648 case OFPACT_SET_IP_ECN:
4649 case OFPACT_SET_IP_TTL:
4650 case OFPACT_SET_L4_SRC_PORT:
4651 case OFPACT_SET_L4_DST_PORT:
4652 case OFPACT_REG_MOVE:
4653 case OFPACT_STACK_PUSH:
4654 case OFPACT_STACK_POP:
4655 case OFPACT_DEC_TTL:
4656 case OFPACT_SET_MPLS_LABEL:
4657 case OFPACT_SET_MPLS_TC:
4658 case OFPACT_SET_MPLS_TTL:
4659 case OFPACT_DEC_MPLS_TTL:
4660 case OFPACT_PUSH_MPLS:
4661 case OFPACT_POP_MPLS:
4662 case OFPACT_POP_QUEUE:
4663 case OFPACT_FIN_TIMEOUT:
4664 case OFPACT_RESUBMIT:
4665 case OFPACT_LEARN:
4666 case OFPACT_CONJUNCTION:
4667 case OFPACT_MULTIPATH:
4668 case OFPACT_NOTE:
4669 case OFPACT_EXIT:
4670 case OFPACT_SAMPLE:
4671 case OFPACT_UNROLL_XLATE:
4672 case OFPACT_CT:
4673 case OFPACT_NAT:
4674 case OFPACT_DEBUG_RECIRC:
4675 case OFPACT_METER:
4676 case OFPACT_CLEAR_ACTIONS:
4677 case OFPACT_WRITE_ACTIONS:
4678 case OFPACT_WRITE_METADATA:
4679 case OFPACT_GOTO_TABLE:
4680 default:
4681 break;
4682 }
4683
4684 /* Recirculate */
4685 ctx_trigger_freeze(ctx);
4686}
4687
9583bc14
EJ		 4688static void
4689do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len,
4690 struct xlate_ctx *ctx)
4691{
49a73e0c 4692 struct flow_wildcards *wc = ctx->wc;
33bf9176 4693 struct flow *flow = &ctx->xin->flow;
9583bc14
EJ		 4694 const struct ofpact *a;
4695
a36de779 4696 if (ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) {
53902038 4697 tnl_neigh_snoop(flow, wc, ctx->xbridge->name);
a36de779 4698 }
f47ea021
JR		 4699 /* dl_type already in the mask, not set below. */
4700
9583bc14
EJ		 4701 OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) {
4702 struct ofpact_controller *controller;
4703 const struct ofpact_metadata *metadata;
b2dd70be
JR		 4704 const struct ofpact_set_field *set_field;
4705 const struct mf_field *mf;
9583bc14 4706
fff1b9c0
JR		 4707 if (ctx->error) {
4708 break;
4709 }
4710
e12ec36b
SH		 4711 recirc_for_mpls(a, ctx);
4712
e672ff9b
JR		 4713 if (ctx->exit) {
4714 /* Check if need to store the remaining actions for later
4715 * execution. */
1d361a81
BP		 4716 if (ctx->freezing) {
4717 freeze_unroll_actions(a, ofpact_end(ofpacts, ofpacts_len),
e672ff9b
JR		 4718 ctx);
4719 }
4720 break;
7bbdd84f
SH		 4721 }
4722
9583bc14
EJ		 4723 switch (a->type) {
4724 case OFPACT_OUTPUT:
4725 xlate_output_action(ctx, ofpact_get_OUTPUT(a)->port,
4726 ofpact_get_OUTPUT(a)->max_len, true);
4727 break;
4728
7395c052 4729 case OFPACT_GROUP:
f4fb341b 4730 if (xlate_group_action(ctx, ofpact_get_GROUP(a)->group_id)) {
1d741d6d 4731 /* Group could not be found. */
db88b35c
JR		 4732
4733 /* XXX: Terminates action list translation, but does not
4734 * terminate the pipeline. */
f4fb341b
SH		 4735 return;
4736 }
7395c052
NZ		 4737 break;
4738
9583bc14
EJ		 4739 case OFPACT_CONTROLLER:
4740 controller = ofpact_get_CONTROLLER(a);
77ab5fd2
BP		 4741 if (controller->pause) {
4742 ctx->pause = controller;
4743 ctx->xout->slow |= SLOW_CONTROLLER;
4744 ctx_trigger_freeze(ctx);
4745 a = ofpact_next(a);
4746 } else {
4747 execute_controller_action(ctx, controller->max_len,
4748 controller->reason,
4749 controller->controller_id,
4750 controller->userdata,
4751 controller->userdata_len);
4752 }
9583bc14
EJ		 4753 break;
4754
4755 case OFPACT_ENQUEUE:
16194afd
DDP		 4756 memset(&wc->masks.skb_priority, 0xff,
4757 sizeof wc->masks.skb_priority);
9583bc14
EJ		 4758 xlate_enqueue_action(ctx, ofpact_get_ENQUEUE(a));
4759 break;
4760
4761 case OFPACT_SET_VLAN_VID:
f74e7df7 4762 wc->masks.vlan_tci |= htons(VLAN_VID_MASK | VLAN_CFI);
ca287d20
JR		 4763 if (flow->vlan_tci & htons(VLAN_CFI) ||
4764 ofpact_get_SET_VLAN_VID(a)->push_vlan_if_needed) {
4765 flow->vlan_tci &= ~htons(VLAN_VID_MASK);
4766 flow->vlan_tci |= (htons(ofpact_get_SET_VLAN_VID(a)->vlan_vid)
4767 | htons(VLAN_CFI));
4768 }
9583bc14
EJ		 4769 break;
4770
4771 case OFPACT_SET_VLAN_PCP:
f74e7df7 4772 wc->masks.vlan_tci |= htons(VLAN_PCP_MASK | VLAN_CFI);
ca287d20
JR		 4773 if (flow->vlan_tci & htons(VLAN_CFI) ||
4774 ofpact_get_SET_VLAN_PCP(a)->push_vlan_if_needed) {
4775 flow->vlan_tci &= ~htons(VLAN_PCP_MASK);
4776 flow->vlan_tci |= htons((ofpact_get_SET_VLAN_PCP(a)->vlan_pcp
4777 << VLAN_PCP_SHIFT) | VLAN_CFI);
4778 }
9583bc14
EJ		 4779 break;
4780
4781 case OFPACT_STRIP_VLAN:
f74e7df7 4782 memset(&wc->masks.vlan_tci, 0xff, sizeof wc->masks.vlan_tci);
33bf9176 4783 flow->vlan_tci = htons(0);
9583bc14
EJ		 4784 break;
4785
4786 case OFPACT_PUSH_VLAN:
4787 /* XXX 802.1AD(QinQ) */
f74e7df7 4788 memset(&wc->masks.vlan_tci, 0xff, sizeof wc->masks.vlan_tci);
33bf9176 4789 flow->vlan_tci = htons(VLAN_CFI);
9583bc14
EJ		 4790 break;
4791
4792 case OFPACT_SET_ETH_SRC:
74ff3298
JR		 4793 WC_MASK_FIELD(wc, dl_src);
4794 flow->dl_src = ofpact_get_SET_ETH_SRC(a)->mac;
9583bc14
EJ		 4795 break;
4796
4797 case OFPACT_SET_ETH_DST:
74ff3298
JR		 4798 WC_MASK_FIELD(wc, dl_dst);
4799 flow->dl_dst = ofpact_get_SET_ETH_DST(a)->mac;
9583bc14
EJ		 4800 break;
4801
4802 case OFPACT_SET_IPV4_SRC:
33bf9176 4803 if (flow->dl_type == htons(ETH_TYPE_IP)) {
f47ea021 4804 memset(&wc->masks.nw_src, 0xff, sizeof wc->masks.nw_src);
33bf9176 4805 flow->nw_src = ofpact_get_SET_IPV4_SRC(a)->ipv4;
9583bc14
EJ		 4806 }
4807 break;
4808
4809 case OFPACT_SET_IPV4_DST:
33bf9176 4810 if (flow->dl_type == htons(ETH_TYPE_IP)) {
f47ea021 4811 memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst);
33bf9176 4812 flow->nw_dst = ofpact_get_SET_IPV4_DST(a)->ipv4;
9583bc14
EJ		 4813 }
4814 break;
4815
04f01c24
BP		 4816 case OFPACT_SET_IP_DSCP:
4817 if (is_ip_any(flow)) {
f47ea021 4818 wc->masks.nw_tos |= IP_DSCP_MASK;
33bf9176 4819 flow->nw_tos &= ~IP_DSCP_MASK;
04f01c24 4820 flow->nw_tos |= ofpact_get_SET_IP_DSCP(a)->dscp;
9583bc14
EJ		 4821 }
4822 break;
4823
ff14eb7a
JR		 4824 case OFPACT_SET_IP_ECN:
4825 if (is_ip_any(flow)) {
4826 wc->masks.nw_tos |= IP_ECN_MASK;
4827 flow->nw_tos &= ~IP_ECN_MASK;
4828 flow->nw_tos |= ofpact_get_SET_IP_ECN(a)->ecn;
4829 }
4830 break;
4831
0c20dbe4
JR		 4832 case OFPACT_SET_IP_TTL:
4833 if (is_ip_any(flow)) {
4834 wc->masks.nw_ttl = 0xff;
4835 flow->nw_ttl = ofpact_get_SET_IP_TTL(a)->ttl;
4836 }
4837 break;
4838
9583bc14 4839 case OFPACT_SET_L4_SRC_PORT:
b8778a0d 4840 if (is_ip_any(flow) && !(flow->nw_frag & FLOW_NW_FRAG_LATER)) {
f47ea021
JR		 4841 memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
4842 memset(&wc->masks.tp_src, 0xff, sizeof wc->masks.tp_src);
33bf9176 4843 flow->tp_src = htons(ofpact_get_SET_L4_SRC_PORT(a)->port);
9583bc14
EJ		 4844 }
4845 break;
4846
4847 case OFPACT_SET_L4_DST_PORT:
b8778a0d 4848 if (is_ip_any(flow) && !(flow->nw_frag & FLOW_NW_FRAG_LATER)) {
f47ea021
JR		 4849 memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
4850 memset(&wc->masks.tp_dst, 0xff, sizeof wc->masks.tp_dst);
33bf9176 4851 flow->tp_dst = htons(ofpact_get_SET_L4_DST_PORT(a)->port);
9583bc14
EJ		 4852 }
4853 break;
4854
4855 case OFPACT_RESUBMIT:
8bf009bf
JR		 4856 /* Freezing complicates resubmit. Some action in the flow
4857 * entry found by resubmit might trigger freezing. If that
4858 * happens, then we do not want to execute the resubmit again after
4859 * during thawing, so we want to skip back to the head of the loop
4860 * to avoid that, only adding any actions that follow the resubmit
4861 * to the frozen actions.
6b1c5734 4862 */
9583bc14 4863 xlate_ofpact_resubmit(ctx, ofpact_get_RESUBMIT(a));
6b1c5734 4864 continue;
9583bc14
EJ		 4865
4866 case OFPACT_SET_TUNNEL:
33bf9176 4867 flow->tunnel.tun_id = htonll(ofpact_get_SET_TUNNEL(a)->tun_id);
9583bc14
EJ		 4868 break;
4869
4870 case OFPACT_SET_QUEUE:
16194afd
DDP		 4871 memset(&wc->masks.skb_priority, 0xff,
4872 sizeof wc->masks.skb_priority);
9583bc14
EJ		 4873 xlate_set_queue_action(ctx, ofpact_get_SET_QUEUE(a)->queue_id);
4874 break;
4875
4876 case OFPACT_POP_QUEUE:
16194afd
DDP		 4877 memset(&wc->masks.skb_priority, 0xff,
4878 sizeof wc->masks.skb_priority);
33bf9176 4879 flow->skb_priority = ctx->orig_skb_priority;
9583bc14
EJ		 4880 break;
4881
4882 case OFPACT_REG_MOVE:
67842eba
BP		 4883 mf_subfield_copy(&ofpact_get_REG_MOVE(a)->src,
4884 &ofpact_get_REG_MOVE(a)->dst, flow, wc);
9583bc14
EJ		 4885 break;
4886
b2dd70be
JR		 4887 case OFPACT_SET_FIELD:
4888 set_field = ofpact_get_SET_FIELD(a);
4889 mf = set_field->field;
b2dd70be 4890
aff49b8c
JR		 4891 /* Set the field only if the packet actually has it. */
4892 if (mf_are_prereqs_ok(mf, flow, wc)) {
128684a6
JR		 4893 mf_mask_field_masked(mf, ofpact_set_field_mask(set_field), wc);
4894 mf_set_flow_value_masked(mf, set_field->value,
4895 ofpact_set_field_mask(set_field),
4896 flow);
b8778a0d 4897 }
b2dd70be
JR		 4898 break;
4899
9583bc14 4900 case OFPACT_STACK_PUSH:
33bf9176
BP		 4901 nxm_execute_stack_push(ofpact_get_STACK_PUSH(a), flow, wc,
4902 &ctx->stack);
9583bc14
EJ		 4903 break;
4904
4905 case OFPACT_STACK_POP:
f74e7df7
JP		 4906 nxm_execute_stack_pop(ofpact_get_STACK_POP(a), flow, wc,
4907 &ctx->stack);
9583bc14
EJ		 4908 break;
4909
4910 case OFPACT_PUSH_MPLS:
8bfd0fda 4911 compose_mpls_push_action(ctx, ofpact_get_PUSH_MPLS(a));
9583bc14
EJ		 4912 break;
4913
4914 case OFPACT_POP_MPLS:
8bfd0fda 4915 compose_mpls_pop_action(ctx, ofpact_get_POP_MPLS(a)->ethertype);
9583bc14
EJ		 4916 break;
4917
097d4939 4918 case OFPACT_SET_MPLS_LABEL:
8bfd0fda
BP		 4919 compose_set_mpls_label_action(
4920 ctx, ofpact_get_SET_MPLS_LABEL(a)->label);
1d741d6d 4921 break;
097d4939
JR		 4922
4923 case OFPACT_SET_MPLS_TC:
8bfd0fda 4924 compose_set_mpls_tc_action(ctx, ofpact_get_SET_MPLS_TC(a)->tc);
097d4939
JR		 4925 break;
4926
9583bc14 4927 case OFPACT_SET_MPLS_TTL:
8bfd0fda 4928 compose_set_mpls_ttl_action(ctx, ofpact_get_SET_MPLS_TTL(a)->ttl);
9583bc14
EJ		 4929 break;
4930
4931 case OFPACT_DEC_MPLS_TTL:
9cfef3d0 4932 if (compose_dec_mpls_ttl_action(ctx)) {
ad3efdcb 4933 return;
9583bc14
EJ		 4934 }
4935 break;
4936
4937 case OFPACT_DEC_TTL:
f74e7df7 4938 wc->masks.nw_ttl = 0xff;
9583bc14 4939 if (compose_dec_ttl(ctx, ofpact_get_DEC_TTL(a))) {
ad3efdcb 4940 return;
9583bc14
EJ		 4941 }
4942 break;
4943
4944 case OFPACT_NOTE:
4945 /* Nothing to do. */
4946 break;
4947
4948 case OFPACT_MULTIPATH:
33bf9176 4949 multipath_execute(ofpact_get_MULTIPATH(a), flow, wc);
9583bc14
EJ		 4950 break;
4951
4952 case OFPACT_BUNDLE:
9583bc14
EJ		 4953 xlate_bundle_action(ctx, ofpact_get_BUNDLE(a));
4954 break;
4955
4956 case OFPACT_OUTPUT_REG:
4957 xlate_output_reg_action(ctx, ofpact_get_OUTPUT_REG(a));
4958 break;
4959
aaca4fe0
WT		 4960 case OFPACT_OUTPUT_TRUNC:
4961 xlate_output_trunc_action(ctx, ofpact_get_OUTPUT_TRUNC(a)->port,
4962 ofpact_get_OUTPUT_TRUNC(a)->max_len);
4963 break;
4964
9583bc14
EJ		 4965 case OFPACT_LEARN:
4966 xlate_learn_action(ctx, ofpact_get_LEARN(a));
4967 break;
4968
afc3987b
BP		 4969 case OFPACT_CONJUNCTION: {
4970 /* A flow with a "conjunction" action represents part of a special
4971 * kind of "set membership match". Such a flow should not actually
4972 * get executed, but it could via, say, a "packet-out", even though
4973 * that wouldn't be useful. Log it to help debugging. */
4974 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
4975 VLOG_INFO_RL(&rl, "executing no-op conjunction action");
18080541 4976 break;
afc3987b 4977 }
18080541 4978
9583bc14
EJ		 4979 case OFPACT_EXIT:
4980 ctx->exit = true;
4981 break;
4982
e672ff9b
JR		 4983 case OFPACT_UNROLL_XLATE: {
4984 struct ofpact_unroll_xlate *unroll = ofpact_get_UNROLL_XLATE(a);
4985
4986 /* Restore translation context data that was stored earlier. */
4987 ctx->table_id = unroll->rule_table_id;
4988 ctx->rule_cookie = unroll->rule_cookie;
4989 break;
4990 }
9583bc14 4991 case OFPACT_FIN_TIMEOUT:
33bf9176 4992 memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
9583bc14
EJ		 4993 xlate_fin_timeout(ctx, ofpact_get_FIN_TIMEOUT(a));
4994 break;
4995
4996 case OFPACT_CLEAR_ACTIONS:
7fdb60a7 4997 ofpbuf_clear(&ctx->action_set);
c61f3870
BP		 4998 ctx->xin->flow.actset_output = OFPP_UNSET;
4999 ctx->action_set_has_group = false;
7fdb60a7
SH		 5000 break;
5001
5002 case OFPACT_WRITE_ACTIONS:
7e7e8dbb 5003 xlate_write_actions(ctx, ofpact_get_WRITE_ACTIONS(a));
9583bc14
EJ		 5004 break;
5005
5006 case OFPACT_WRITE_METADATA:
5007 metadata = ofpact_get_WRITE_METADATA(a);
33bf9176
BP		 5008 flow->metadata &= ~metadata->mask;
5009 flow->metadata |= metadata->metadata & metadata->mask;
9583bc14
EJ		 5010 break;
5011
638a19b0
JR		 5012 case OFPACT_METER:
5013 /* Not implemented yet. */
5014 break;
5015
9583bc14 5016 case OFPACT_GOTO_TABLE: {
9583bc14 5017 struct ofpact_goto_table *ogt = ofpact_get_GOTO_TABLE(a);
9583bc14 5018
9167fc1a
JR		 5019 ovs_assert(ctx->table_id < ogt->table_id);
5020
4468099e 5021 xlate_table_action(ctx, ctx->xin->flow.in_port.ofp_port,
6d328fa2 5022 ogt->table_id, true, true);
9583bc14
EJ		 5023 break;
5024 }
5025
5026 case OFPACT_SAMPLE:
5027 xlate_sample_action(ctx, ofpact_get_SAMPLE(a));
5028 break;
d4abaff5 5029
07659514 5030 case OFPACT_CT:
07659514
JS		 5031 compose_conntrack_action(ctx, ofpact_get_CT(a));
5032 break;
5033
9ac0aada
JR		 5034 case OFPACT_NAT:
5035 /* This will be processed by compose_conntrack_action(). */
5036 ctx->ct_nat_action = ofpact_get_NAT(a);
5037 break;
5038
d4abaff5 5039 case OFPACT_DEBUG_RECIRC:
1d361a81 5040 ctx_trigger_freeze(ctx);
d4abaff5
BP		 5041 a = ofpact_next(a);
5042 break;
9583bc14 5043 }
1d741d6d
JR		 5044
5045 /* Check if need to store this and the remaining actions for later
5046 * execution. */
1d361a81
BP		 5047 if (!ctx->error && ctx->exit && ctx_first_frozen_action(ctx)) {
5048 freeze_unroll_actions(a, ofpact_end(ofpacts, ofpacts_len), ctx);
1d741d6d
JR		 5049 break;
5050 }
9583bc14 5051 }
9583bc14
EJ		 5052}
5053
5054void
5055xlate_in_init(struct xlate_in *xin, struct ofproto_dpif *ofproto,
1f4a8933
JR		 5056 ovs_version_t version, const struct flow *flow,
5057 ofp_port_t in_port, struct rule_dpif *rule, uint16_t tcp_flags,
1520ef4f
BP		 5058 const struct dp_packet *packet, struct flow_wildcards *wc,
5059 struct ofpbuf *odp_actions)
9583bc14
EJ		 5060{
5061 xin->ofproto = ofproto;
1f4a8933 5062 xin->tables_version = version;
9583bc14 5063 xin->flow = *flow;
8d8ab6c2 5064 xin->upcall_flow = flow;
cc377352 5065 xin->flow.in_port.ofp_port = in_port;
c61f3870 5066 xin->flow.actset_output = OFPP_UNSET;
9583bc14 5067 xin->packet = packet;
df70a773 5068 xin->allow_side_effects = packet != NULL;
9583bc14 5069 xin->rule = rule;
b256dc52 5070 xin->xcache = NULL;
9583bc14
EJ		 5071 xin->ofpacts = NULL;
5072 xin->ofpacts_len = 0;
5073 xin->tcp_flags = tcp_flags;
5074 xin->resubmit_hook = NULL;
5075 xin->report_hook = NULL;
5076 xin->resubmit_stats = NULL;
9a9b001a 5077 xin->indentation = 0;
790c5d26 5078 xin->depth = 0;
cdd42eda 5079 xin->resubmits = 0;
49a73e0c 5080 xin->wc = wc;
1520ef4f 5081 xin->odp_actions = odp_actions;
e672ff9b
JR		 5082
5083 /* Do recirc lookup. */
1d361a81 5084 xin->frozen_state = NULL;
29b1ea3f
BP		 5085 if (flow->recirc_id) {
5086 const struct recirc_id_node *node
5087 = recirc_id_node_find(flow->recirc_id);
5088 if (node) {
1d361a81 5089 xin->frozen_state = &node->state;
29b1ea3f
BP		 5090 }
5091 }
9583bc14
EJ		 5092}
5093
5094void
5095xlate_out_uninit(struct xlate_out *xout)
5096{
e672ff9b 5097 if (xout) {
fbf5d6ec 5098 recirc_refs_unref(&xout->recircs);
9583bc14
EJ		 5099 }
5100}
5101
5102/* Translates the 'ofpacts_len' bytes of "struct ofpact"s starting at 'ofpacts'
5103 * into datapath actions, using 'ctx', and discards the datapath actions. */
5104void
5105xlate_actions_for_side_effects(struct xlate_in *xin)
5106{
5107 struct xlate_out xout;
fff1b9c0
JR		 5108 enum xlate_error error;
5109
5110 error = xlate_actions(xin, &xout);
5111 if (error) {
5112 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
5113
5114 VLOG_WARN_RL(&rl, "xlate_actions failed (%s)!", xlate_strerror(error));
5115 }
9583bc14 5116
9583bc14
EJ		 5117 xlate_out_uninit(&xout);
5118}
9583bc14 5119\f
55954f6e
EJ		 5120static struct skb_priority_to_dscp *
5121get_skb_priority(const struct xport *xport, uint32_t skb_priority)
5122{
5123 struct skb_priority_to_dscp *pdscp;
5124 uint32_t hash;
5125
5126 hash = hash_int(skb_priority, 0);
5127 HMAP_FOR_EACH_IN_BUCKET (pdscp, hmap_node, hash, &xport->skb_priorities) {
5128 if (pdscp->skb_priority == skb_priority) {
5129 return pdscp;
5130 }
5131 }
5132 return NULL;
5133}
5134
5135static bool
5136dscp_from_skb_priority(const struct xport *xport, uint32_t skb_priority,
5137 uint8_t *dscp)
5138{
5139 struct skb_priority_to_dscp *pdscp = get_skb_priority(xport, skb_priority);
5140 *dscp = pdscp ? pdscp->dscp : 0;
5141 return pdscp != NULL;
5142}
5143
16194afd
DDP		 5144static size_t
5145count_skb_priorities(const struct xport *xport)
5146{
5147 return hmap_count(&xport->skb_priorities);
5148}
5149
55954f6e
EJ		 5150static void
5151clear_skb_priorities(struct xport *xport)
5152{
4ec3d7c7 5153 struct skb_priority_to_dscp *pdscp;
55954f6e 5154
4ec3d7c7 5155 HMAP_FOR_EACH_POP (pdscp, hmap_node, &xport->skb_priorities) {
55954f6e
EJ		 5156 free(pdscp);
5157 }
5158}
5159
ce4a6b76
BP		 5160static bool
5161actions_output_to_local_port(const struct xlate_ctx *ctx)
5162{
46c88433 5163 odp_port_t local_odp_port = ofp_port_to_odp_port(ctx->xbridge, OFPP_LOCAL);
ce4a6b76
BP		 5164 const struct nlattr *a;
5165 unsigned int left;
5166
1520ef4f
BP		 5167 NL_ATTR_FOR_EACH_UNSAFE (a, left, ctx->odp_actions->data,
5168 ctx->odp_actions->size) {
ce4a6b76
BP		 5169 if (nl_attr_type(a) == OVS_ACTION_ATTR_OUTPUT
5170 && nl_attr_get_odp_port(a) == local_odp_port) {
5171 return true;
5172 }
5173 }
5174 return false;
5175}
9583bc14 5176
5e2a6702 5177#if defined(__linux__)
7d031d7e
BP		 5178/* Returns the maximum number of packets that the Linux kernel is willing to
5179 * queue up internally to certain kinds of software-implemented ports, or the
5180 * default (and rarely modified) value if it cannot be determined. */
5181static int
5182netdev_max_backlog(void)
5183{
5184 static struct ovsthread_once once = OVSTHREAD_ONCE_INITIALIZER;
5185 static int max_backlog = 1000; /* The normal default value. */
5186
5187 if (ovsthread_once_start(&once)) {
5188 static const char filename[] = "/proc/sys/net/core/netdev_max_backlog";
5189 FILE *stream;
5190 int n;
5191
5192 stream = fopen(filename, "r");
5193 if (!stream) {
120c348f 5194 VLOG_INFO("%s: open failed (%s)", filename, ovs_strerror(errno));
7d031d7e
BP		 5195 } else {
5196 if (fscanf(stream, "%d", &n) != 1) {
5197 VLOG_WARN("%s: read error", filename);
5198 } else if (n <= 100) {
5199 VLOG_WARN("%s: unexpectedly small value %d", filename, n);
5200 } else {
5201 max_backlog = n;
5202 }
5203 fclose(stream);
5204 }
5205 ovsthread_once_done(&once);
5206
5207 VLOG_DBG("%s: using %d max_backlog", filename, max_backlog);
5208 }
5209
5210 return max_backlog;
5211}
5212
5213/* Counts and returns the number of OVS_ACTION_ATTR_OUTPUT actions in
5214 * 'odp_actions'. */
5215static int
5216count_output_actions(const struct ofpbuf *odp_actions)
5217{
5218 const struct nlattr *a;
5219 size_t left;
5220 int n = 0;
5221
6fd6ed71 5222 NL_ATTR_FOR_EACH_UNSAFE (a, left, odp_actions->data, odp_actions->size) {
7d031d7e
BP		 5223 if (a->nla_type == OVS_ACTION_ATTR_OUTPUT) {
5224 n++;
5225 }
5226 }
5227 return n;
5228}
5e2a6702 5229#endif /* defined(__linux__) */
7d031d7e
BP		 5230
5231/* Returns true if 'odp_actions' contains more output actions than the datapath
5232 * can reliably handle in one go. On Linux, this is the value of the
5233 * net.core.netdev_max_backlog sysctl, which limits the maximum number of
5234 * packets that the kernel is willing to queue up for processing while the
5235 * datapath is processing a set of actions. */
5236static bool
5e2a6702 5237too_many_output_actions(const struct ofpbuf *odp_actions OVS_UNUSED)
7d031d7e
BP		 5238{
5239#ifdef __linux__
6fd6ed71 5240 return (odp_actions->size / NL_A_U32_SIZE > netdev_max_backlog()
7d031d7e
BP		 5241 && count_output_actions(odp_actions) > netdev_max_backlog());
5242#else
5243 /* OSes other than Linux might have similar limits, but we don't know how
5244 * to determine them.*/
5245 return false;
5246#endif
5247}
5248
234c3da9
BP		 5249static void
5250xlate_wc_init(struct xlate_ctx *ctx)
5251{
5252 flow_wildcards_init_catchall(ctx->wc);
5253
5254 /* Some fields we consider to always be examined. */
5e2e998a
JR		 5255 WC_MASK_FIELD(ctx->wc, in_port);
5256 WC_MASK_FIELD(ctx->wc, dl_type);
234c3da9 5257 if (is_ip_any(&ctx->xin->flow)) {
5e2e998a 5258 WC_MASK_FIELD_MASK(ctx->wc, nw_frag, FLOW_NW_FRAG_MASK);
234c3da9
BP		 5259 }
5260
5261 if (ctx->xbridge->support.odp.recirc) {
5262 /* Always exactly match recirc_id when datapath supports
5263 * recirculation. */
5e2e998a 5264 WC_MASK_FIELD(ctx->wc, recirc_id);
234c3da9
BP		 5265 }
5266
5267 if (ctx->xbridge->netflow) {
5268 netflow_mask_wc(&ctx->xin->flow, ctx->wc);
5269 }
5270
5271 tnl_wc_init(&ctx->xin->flow, ctx->wc);
5272}
5273
5274static void
5275xlate_wc_finish(struct xlate_ctx *ctx)
5276{
5277 /* Clear the metadata and register wildcard masks, because we won't
5278 * use non-header fields as part of the cache. */
5279 flow_wildcards_clear_non_packet_fields(ctx->wc);
5280
5281 /* ICMPv4 and ICMPv6 have 8-bit "type" and "code" fields. struct flow
5282 * uses the low 8 bits of the 16-bit tp_src and tp_dst members to
5283 * represent these fields. The datapath interface, on the other hand,
5284 * represents them with just 8 bits each. This means that if the high
5285 * 8 bits of the masks for these fields somehow become set, then they
5286 * will get chopped off by a round trip through the datapath, and
5287 * revalidation will spot that as an inconsistency and delete the flow.
5288 * Avoid the problem here by making sure that only the low 8 bits of
5289 * either field can be unwildcarded for ICMP.
5290 */
a75636c8 5291 if (is_icmpv4(&ctx->xin->flow, NULL) || is_icmpv6(&ctx->xin->flow, NULL)) {
234c3da9
BP		 5292 ctx->wc->masks.tp_src &= htons(UINT8_MAX);
5293 ctx->wc->masks.tp_dst &= htons(UINT8_MAX);
5294 }
5295 /* VLAN_TCI CFI bit must be matched if any of the TCI is matched. */
5296 if (ctx->wc->masks.vlan_tci) {
5297 ctx->wc->masks.vlan_tci |= htons(VLAN_CFI);
5298 }
5299}
5300
e672ff9b
JR		 5301/* Translates the flow, actions, or rule in 'xin' into datapath actions in
5302 * 'xout'.
56450a41 5303 * The caller must take responsibility for eventually freeing 'xout', with
fff1b9c0
JR		 5304 * xlate_out_uninit().
5305 * Returns 'XLATE_OK' if translation was successful. In case of an error an
5306 * empty set of actions will be returned in 'xin->odp_actions' (if non-NULL),
5307 * so that most callers may ignore the return value and transparently install a
5308 * drop flow when the translation fails. */
5309enum xlate_error
84f0f298 5310xlate_actions(struct xlate_in *xin, struct xlate_out *xout)
9583bc14 5311{
e467ea42
BP		 5312 *xout = (struct xlate_out) {
5313 .slow = 0,
fbf5d6ec 5314 .recircs = RECIRC_REFS_EMPTY_INITIALIZER,
e467ea42
BP		 5315 };
5316
84f0f298 5317 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
bb00fdef
BP		 5318 struct xbridge *xbridge = xbridge_lookup(xcfg, xin->ofproto);
5319 if (!xbridge) {
fff1b9c0 5320 return XLATE_BRIDGE_NOT_FOUND;
bb00fdef
BP		 5321 }
5322
33bf9176
BP		 5323 struct flow *flow = &xin->flow;
5324
bb00fdef
BP		 5325 union mf_subvalue stack_stub[1024 / sizeof(union mf_subvalue)];
5326 uint64_t action_set_stub[1024 / 8];
1d361a81 5327 uint64_t frozen_actions_stub[1024 / 8];
1520ef4f
BP		 5328 uint64_t actions_stub[256 / 8];
5329 struct ofpbuf scratch_actions = OFPBUF_STUB_INITIALIZER(actions_stub);
bb00fdef
BP		 5330 struct xlate_ctx ctx = {
5331 .xin = xin,
5332 .xout = xout,
5333 .base_flow = *flow,
c2b878e0 5334 .orig_tunnel_ipv6_dst = flow_tnl_dst(&flow->tunnel),
bb00fdef
BP		 5335 .xbridge = xbridge,
5336 .stack = OFPBUF_STUB_INITIALIZER(stack_stub),
5337 .rule = xin->rule,
c0e638aa
BP		 5338 .wc = (xin->wc
5339 ? xin->wc
f36efd90 5340 : &(struct flow_wildcards) { .masks = { .dl_type = 0 } }),
1520ef4f 5341 .odp_actions = xin->odp_actions ? xin->odp_actions : &scratch_actions,
bb00fdef 5342
9a9b001a 5343 .indentation = xin->indentation,
790c5d26 5344 .depth = xin->depth,
cdd42eda 5345 .resubmits = xin->resubmits,
bb00fdef
BP		 5346 .in_group = false,
5347 .in_action_set = false,
5348
5349 .table_id = 0,
5350 .rule_cookie = OVS_BE64_MAX,
5351 .orig_skb_priority = flow->skb_priority,
5352 .sflow_n_outputs = 0,
5353 .sflow_odp_port = 0,
2031ef97 5354 .nf_output_iface = NF_OUT_DROP,
bb00fdef 5355 .exit = false,
fff1b9c0 5356 .error = XLATE_OK,
3d6151f3 5357 .mirrors = 0,
bb00fdef 5358
1d361a81 5359 .freezing = false,
53cc166a 5360 .recirc_update_dp_hash = false,
1d361a81 5361 .frozen_actions = OFPBUF_STUB_INITIALIZER(frozen_actions_stub),
77ab5fd2 5362 .pause = NULL,
bb00fdef 5363
e12ec36b 5364 .was_mpls = false,
07659514 5365 .conntracked = false,
bb00fdef 5366
9ac0aada
JR		 5367 .ct_nat_action = NULL,
5368
bb00fdef
BP		 5369 .action_set_has_group = false,
5370 .action_set = OFPBUF_STUB_INITIALIZER(action_set_stub),
5371 };
865ca6cf
BP		 5372
5373 /* 'base_flow' reflects the packet as it came in, but we need it to reflect
42deb67d
PS		 5374 * the packet as the datapath will treat it for output actions. Our
5375 * datapath doesn't retain tunneling information without us re-setting
5376 * it, so clear the tunnel data.
865ca6cf 5377 */
42deb67d 5378
bb00fdef 5379 memset(&ctx.base_flow.tunnel, 0, sizeof ctx.base_flow.tunnel);
865ca6cf 5380
1520ef4f 5381 ofpbuf_reserve(ctx.odp_actions, NL_A_U32_SIZE);
c0e638aa 5382 xlate_wc_init(&ctx);
bb00fdef 5383
46c88433 5384 COVERAGE_INC(xlate_actions);
9583bc14 5385
1d361a81
BP		 5386 if (xin->frozen_state) {
5387 const struct frozen_state *state = xin->frozen_state;
e672ff9b 5388
1d361a81 5389 xlate_report(&ctx, "Thawing frozen state:");
d6bef3cc 5390
e672ff9b
JR		 5391 if (xin->ofpacts_len > 0 || ctx.rule) {
5392 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
d6bef3cc 5393 const char *conflict = xin->ofpacts_len ? "actions" : "rule";
e672ff9b 5394
d6bef3cc
BP		 5395 VLOG_WARN_RL(&rl, "Recirculation conflict (%s)!", conflict);
5396 xlate_report(&ctx, "- Recirculation conflict (%s)!", conflict);
fff1b9c0 5397 ctx.error = XLATE_RECIRCULATION_CONFLICT;
1520ef4f 5398 goto exit;
e672ff9b
JR		 5399 }
5400
5401 /* Set the bridge for post-recirculation processing if needed. */
290835f9
BP		 5402 if (!uuid_equals(ofproto_dpif_get_uuid(ctx.xbridge->ofproto),
5403 &state->ofproto_uuid)) {
e672ff9b 5404 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2082425c 5405 const struct xbridge *new_bridge
290835f9 5406 = xbridge_lookup_by_uuid(xcfg, &state->ofproto_uuid);
e672ff9b
JR		 5407
5408 if (OVS_UNLIKELY(!new_bridge)) {
5409 /* Drop the packet if the bridge cannot be found. */
5410 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
1d361a81
BP		 5411 VLOG_WARN_RL(&rl, "Frozen bridge no longer exists.");
5412 xlate_report(&ctx, "- Frozen bridge no longer exists.");
fff1b9c0 5413 ctx.error = XLATE_BRIDGE_NOT_FOUND;
1520ef4f 5414 goto exit;
e672ff9b
JR		 5415 }
5416 ctx.xbridge = new_bridge;
1f4a8933
JR		 5417 /* The bridge is now known so obtain its table version. */
5418 ctx.xin->tables_version
5419 = ofproto_dpif_get_tables_version(ctx.xbridge->ofproto);
e672ff9b
JR		 5420 }
5421
1d361a81
BP		 5422 /* Set the thawed table id. Note: A table lookup is done only if there
5423 * are no frozen actions. */
2082425c 5424 ctx.table_id = state->table_id;
d6bef3cc 5425 xlate_report(&ctx, "- Resuming from table %"PRIu8, ctx.table_id);
e672ff9b 5426
07659514
JS		 5427 if (!state->conntracked) {
5428 clear_conntrack(flow);
5429 }
5430
e672ff9b 5431 /* Restore pipeline metadata. May change flow's in_port and other
1d361a81
BP		 5432 * metadata to the values that existed when freezing was triggered. */
5433 frozen_metadata_to_flow(&state->metadata, flow);
e672ff9b
JR		 5434
5435 /* Restore stack, if any. */
2082425c 5436 if (state->stack) {
5c1b2314
BP		 5437 ofpbuf_put(&ctx.stack, state->stack,
5438 state->n_stack * sizeof *state->stack);
e672ff9b
JR		 5439 }
5440
29bae541
BP		 5441 /* Restore mirror state. */
5442 ctx.mirrors = state->mirrors;
5443
e672ff9b 5444 /* Restore action set, if any. */
2082425c 5445 if (state->action_set_len) {
d6bef3cc 5446 xlate_report_actions(&ctx, "- Restoring action set",
417509fa 5447 state->action_set, state->action_set_len);
d6bef3cc 5448
7e7e8dbb
BP		 5449 flow->actset_output = OFPP_UNSET;
5450 xlate_write_actions__(&ctx, state->action_set,
5451 state->action_set_len);
e672ff9b
JR		 5452 }
5453
1d361a81
BP		 5454 /* Restore frozen actions. If there are no actions, processing will
5455 * start with a lookup in the table set above. */
417509fa
BP		 5456 xin->ofpacts = state->ofpacts;
5457 xin->ofpacts_len = state->ofpacts_len;
5458 if (state->ofpacts_len) {
d6bef3cc
BP		 5459 xlate_report_actions(&ctx, "- Restoring actions",
5460 xin->ofpacts, xin->ofpacts_len);
e672ff9b
JR		 5461 }
5462 } else if (OVS_UNLIKELY(flow->recirc_id)) {
5463 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
5464
5465 VLOG_WARN_RL(&rl, "Recirculation context not found for ID %"PRIx32,
5466 flow->recirc_id);
fff1b9c0 5467 ctx.error = XLATE_NO_RECIRCULATION_CONTEXT;
1520ef4f 5468 goto exit;
e672ff9b 5469 }
9583bc14 5470
8d8ab6c2
JG		 5471 /* Tunnel metadata in udpif format must be normalized before translation. */
5472 if (flow->tunnel.flags & FLOW_TNL_F_UDPIF) {
5473 const struct tun_table *tun_tab = ofproto_dpif_get_tun_tab(xin->ofproto);
5474 int err;
5475
5476 err = tun_metadata_from_geneve_udpif(tun_tab, &xin->upcall_flow->tunnel,
5477 &xin->upcall_flow->tunnel,
5478 &flow->tunnel);
5479 if (err) {
5480 XLATE_REPORT_ERROR(&ctx, "Invalid Geneve tunnel metadata");
5481 ctx.error = XLATE_INVALID_TUNNEL_METADATA;
5482 goto exit;
5483 }
5484 } else if (!flow->tunnel.metadata.tab) {
5485 /* If the original flow did not come in on a tunnel, then it won't have
5486 * FLOW_TNL_F_UDPIF set. However, we still need to have a metadata
5487 * table in case we generate tunnel actions. */
5488 flow->tunnel.metadata.tab = ofproto_dpif_get_tun_tab(xin->ofproto);
5489 }
5490 ctx.wc->masks.tunnel.metadata.tab = flow->tunnel.metadata.tab;
5491
10c44245 5492 if (!xin->ofpacts && !ctx.rule) {
b2e89cc9 5493 ctx.rule = rule_dpif_lookup_from_table(
1f4a8933 5494 ctx.xbridge->ofproto, ctx.xin->tables_version, flow, ctx.wc,
1e1e1d19 5495 ctx.xin->resubmit_stats, &ctx.table_id,
a027899e 5496 flow->in_port.ofp_port, true, true, ctx.xin->xcache);
10c44245 5497 if (ctx.xin->resubmit_stats) {
b2e89cc9 5498 rule_dpif_credit_stats(ctx.rule, ctx.xin->resubmit_stats);
10c44245 5499 }
b256dc52
JS		 5500 if (ctx.xin->xcache) {
5501 struct xc_entry *entry;
5502
5503 entry = xlate_cache_add_entry(ctx.xin->xcache, XC_RULE);
901a517e 5504 entry->rule = ctx.rule;
1e1e1d19 5505 rule_dpif_ref(ctx.rule);
b256dc52 5506 }
a8c31348
BP		 5507
5508 if (OVS_UNLIKELY(ctx.xin->resubmit_hook)) {
b2e89cc9 5509 ctx.xin->resubmit_hook(ctx.xin, ctx.rule, 0);
a8c31348 5510 }
10c44245 5511 }
10c44245 5512
1d361a81 5513 /* Get the proximate input port of the packet. (If xin->frozen_state,
14d2b8b2
BP		 5514 * flow->in_port is the ultimate input port of the packet.) */
5515 struct xport *in_port = get_ofp_port(xbridge,
5516 ctx.base_flow.in_port.ofp_port);
5517
1d361a81
BP		 5518 /* Tunnel stats only for not-thawed packets. */
5519 if (!xin->frozen_state && in_port && in_port->is_tunnel) {
b256dc52
JS		 5520 if (ctx.xin->resubmit_stats) {
5521 netdev_vport_inc_rx(in_port->netdev, ctx.xin->resubmit_stats);
5522 if (in_port->bfd) {
5523 bfd_account_rx(in_port->bfd, ctx.xin->resubmit_stats);
5524 }
5525 }
5526 if (ctx.xin->xcache) {
5527 struct xc_entry *entry;
5528
5529 entry = xlate_cache_add_entry(ctx.xin->xcache, XC_NETDEV);
901a517e
JR		 5530 entry->dev.rx = netdev_ref(in_port->netdev);
5531 entry->dev.bfd = bfd_ref(in_port->bfd);
d6fc5f57
EJ		 5532 }
5533 }
5534
1d361a81 5535 if (!xin->frozen_state && process_special(&ctx, in_port)) {
bef1403e
BP		 5536 /* process_special() did all the processing for this packet.
5537 *
1d361a81
BP		 5538 * We do not perform special processing on thawed packets, since that
5539 * was done before they were frozen and should not be redone. */
bef1403e
BP		 5540 } else if (in_port && in_port->xbundle
5541 && xbundle_mirror_out(xbridge, in_port->xbundle)) {
5542 if (ctx.xin->packet != NULL) {
5543 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
5544 VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port "
5545 "%s, which is reserved exclusively for mirroring",
5546 ctx.xbridge->name, in_port->xbundle->name);
5547 }
5548 } else {
1d361a81 5549 /* Sampling is done on initial reception; don't redo after thawing. */
a6092018 5550 unsigned int user_cookie_offset = 0;
1d361a81 5551 if (!xin->frozen_state) {
a6092018
BP		 5552 user_cookie_offset = compose_sflow_action(&ctx);
5553 compose_ipfix_action(&ctx, ODPP_NONE);
e672ff9b 5554 }
0731abc5 5555 size_t sample_actions_len = ctx.odp_actions->size;
9583bc14 5556
234c3da9
BP		 5557 if (tnl_process_ecn(flow)
5558 && (!in_port || may_receive(in_port, &ctx))) {
1806291d
BP		 5559 const struct ofpact *ofpacts;
5560 size_t ofpacts_len;
5561
5562 if (xin->ofpacts) {
5563 ofpacts = xin->ofpacts;
5564 ofpacts_len = xin->ofpacts_len;
5565 } else if (ctx.rule) {
5566 const struct rule_actions *actions
5567 = rule_dpif_get_actions(ctx.rule);
5568 ofpacts = actions->ofpacts;
5569 ofpacts_len = actions->ofpacts_len;
5570 ctx.rule_cookie = rule_dpif_get_flow_cookie(ctx.rule);
5571 } else {
5572 OVS_NOT_REACHED();
5573 }
5574
7efbc3b7 5575 mirror_ingress_packet(&ctx);
9583bc14 5576 do_xlate_actions(ofpacts, ofpacts_len, &ctx);
fff1b9c0
JR		 5577 if (ctx.error) {
5578 goto exit;
5579 }
9583bc14
EJ		 5580
5581 /* We've let OFPP_NORMAL and the learning action look at the
1d361a81 5582 * packet, so cancel all actions and freezing if forwarding is
8a5fb3b4 5583 * disabled. */
9efd308e
DV		 5584 if (in_port && (!xport_stp_forward_state(in_port) ||
5585 !xport_rstp_forward_state(in_port))) {
1520ef4f 5586 ctx.odp_actions->size = sample_actions_len;
1d361a81 5587 ctx_cancel_freeze(&ctx);
8a5fb3b4
BP		 5588 ofpbuf_clear(&ctx.action_set);
5589 }
5590
1d361a81 5591 if (!ctx.freezing) {
8a5fb3b4 5592 xlate_action_set(&ctx);
e672ff9b 5593 }
1d361a81 5594 if (ctx.freezing) {
77ab5fd2 5595 finish_freezing(&ctx);
9583bc14
EJ		 5596 }
5597 }
5598
e672ff9b 5599 /* Output only fully processed packets. */
1d361a81 5600 if (!ctx.freezing
e672ff9b 5601 && xbridge->has_in_band
ce4a6b76
BP		 5602 && in_band_must_output_to_local_port(flow)
5603 && !actions_output_to_local_port(&ctx)) {
e93ef1c7 5604 compose_output_action(&ctx, OFPP_LOCAL, NULL);
9583bc14 5605 }
aaa0fbae 5606
a6092018
BP		 5607 if (user_cookie_offset) {
5608 fix_sflow_action(&ctx, user_cookie_offset);
e672ff9b 5609 }
9583bc14
EJ		 5610 }
5611
1520ef4f 5612 if (nl_attr_oversized(ctx.odp_actions->size)) {
542024c4 5613 /* These datapath actions are too big for a Netlink attribute, so we
0f032e95
BP		 5614 * can't hand them to the kernel directly. dpif_execute() can execute
5615 * them one by one with help, so just mark the result as SLOW_ACTION to
5616 * prevent the flow from being installed. */
5617 COVERAGE_INC(xlate_actions_oversize);
5618 ctx.xout->slow |= SLOW_ACTION;
1520ef4f 5619 } else if (too_many_output_actions(ctx.odp_actions)) {
7d031d7e
BP		 5620 COVERAGE_INC(xlate_actions_too_many_output);
5621 ctx.xout->slow |= SLOW_ACTION;
542024c4
BP		 5622 }
5623
1d361a81
BP		 5624 /* Do netflow only for packets on initial reception, that are not sent to
5625 * the controller. We consider packets sent to the controller to be part
5626 * of the control plane rather than the data plane. */
5627 if (!xin->frozen_state
5628 && xbridge->netflow
5629 && !(xout->slow & SLOW_CONTROLLER)) {
1806291d
BP		 5630 if (ctx.xin->resubmit_stats) {
5631 netflow_flow_update(xbridge->netflow, flow,
2031ef97 5632 ctx.nf_output_iface,
1806291d
BP		 5633 ctx.xin->resubmit_stats);
5634 }
5635 if (ctx.xin->xcache) {
5636 struct xc_entry *entry;
b256dc52 5637
1806291d 5638 entry = xlate_cache_add_entry(ctx.xin->xcache, XC_NETFLOW);
901a517e
JR		 5639 entry->nf.netflow = netflow_ref(xbridge->netflow);
5640 entry->nf.flow = xmemdup(flow, sizeof *flow);
5641 entry->nf.iface = ctx.nf_output_iface;
d6fc5f57
EJ		 5642 }
5643 }
5644
8d8ab6c2
JG		 5645 /* Translate tunnel metadata masks to udpif format if necessary. */
5646 if (xin->upcall_flow->tunnel.flags & FLOW_TNL_F_UDPIF) {
5647 if (ctx.wc->masks.tunnel.metadata.present.map) {
5648 const struct flow_tnl *upcall_tnl = &xin->upcall_flow->tunnel;
5649 struct geneve_opt opts[TLV_TOT_OPT_SIZE /
5650 sizeof(struct geneve_opt)];
5651
5652 tun_metadata_to_geneve_udpif_mask(&flow->tunnel,
5653 &ctx.wc->masks.tunnel,
5654 upcall_tnl->metadata.opts.gnv,
5655 upcall_tnl->metadata.present.len,
5656 opts);
5657 memset(&ctx.wc->masks.tunnel.metadata, 0,
5658 sizeof ctx.wc->masks.tunnel.metadata);
5659 memcpy(&ctx.wc->masks.tunnel.metadata.opts.gnv, opts,
5660 upcall_tnl->metadata.present.len);
5661 }
5662 ctx.wc->masks.tunnel.metadata.present.len = 0xff;
5663 ctx.wc->masks.tunnel.metadata.tab = NULL;
5664 ctx.wc->masks.tunnel.flags |= FLOW_TNL_F_UDPIF;
5665 } else if (!xin->upcall_flow->tunnel.metadata.tab) {
5666 /* If we didn't have options in UDPIF format and didn't have an existing
5667 * metadata table, then it means that there were no options at all when
5668 * we started processing and any wildcards we picked up were from
5669 * action generation. Without options on the incoming packet, wildcards
5670 * aren't meaningful. To avoid them possibly getting misinterpreted,
5671 * just clear everything. */
5672 if (ctx.wc->masks.tunnel.metadata.present.map) {
5673 memset(&ctx.wc->masks.tunnel.metadata, 0,
5674 sizeof ctx.wc->masks.tunnel.metadata);
5675 } else {
5676 ctx.wc->masks.tunnel.metadata.tab = NULL;
5677 }
5678 }
5679
c0e638aa 5680 xlate_wc_finish(&ctx);
1520ef4f
BP		 5681
5682exit:
8d8ab6c2
JG		 5683 /* Reset the table to what it was when we came in. If we only fetched
5684 * it locally, then it has no meaning outside of flow translation. */
5685 flow->tunnel.metadata.tab = xin->upcall_flow->tunnel.metadata.tab;
5686
1520ef4f
BP		 5687 ofpbuf_uninit(&ctx.stack);
5688 ofpbuf_uninit(&ctx.action_set);
1d361a81 5689 ofpbuf_uninit(&ctx.frozen_actions);
1520ef4f 5690 ofpbuf_uninit(&scratch_actions);
fff1b9c0
JR		 5691
5692 /* Make sure we return a "drop flow" in case of an error. */
5693 if (ctx.error) {
5694 xout->slow = 0;
5695 if (xin->odp_actions) {
5696 ofpbuf_clear(xin->odp_actions);
5697 }
5698 }
5699 return ctx.error;
91d6cd12
AW		 5700}
5701
77ab5fd2
BP		 5702enum ofperr
5703xlate_resume(struct ofproto_dpif *ofproto,
5704 const struct ofputil_packet_in_private *pin,
5705 struct ofpbuf *odp_actions,
5706 enum slow_path_reason *slow)
5707{
5708 struct dp_packet packet;
5709 dp_packet_use_const(&packet, pin->public.packet,
5710 pin->public.packet_len);
5711
5712 struct flow flow;
5713 flow_extract(&packet, &flow);
5714
5715 struct xlate_in xin;
1f4a8933
JR		 5716 xlate_in_init(&xin, ofproto, ofproto_dpif_get_tables_version(ofproto),
5717 &flow, 0, NULL, ntohs(flow.tcp_flags),
77ab5fd2
BP		 5718 &packet, NULL, odp_actions);
5719
5720 struct ofpact_note noop;
5721 ofpact_init_NOTE(&noop);
5722 noop.length = 0;
5723
5724 bool any_actions = pin->actions_len > 0;
5725 struct frozen_state state = {
5726 .table_id = 0, /* Not the table where NXAST_PAUSE was executed. */
5727 .ofproto_uuid = pin->bridge,
5728 .stack = pin->stack,
5729 .n_stack = pin->n_stack,
5730 .mirrors = pin->mirrors,
5731 .conntracked = pin->conntracked,
5732
5733 /* When there are no actions, xlate_actions() will search the flow
5734 * table. We don't want it to do that (we want it to resume), so
5735 * supply a no-op action if there aren't any.
5736 *
5737 * (We can't necessarily avoid translating actions entirely if there
5738 * aren't any actions, because there might be some finishing-up to do
5739 * at the end of the pipeline, and we don't check for those
5740 * conditions.) */
5741 .ofpacts = any_actions ? pin->actions : &noop.ofpact,
5742 .ofpacts_len = any_actions ? pin->actions_len : sizeof noop,
5743
5744 .action_set = pin->action_set,
5745 .action_set_len = pin->action_set_len,
5746 };
5747 frozen_metadata_from_flow(&state.metadata,
5748 &pin->public.flow_metadata.flow);
5749 xin.frozen_state = &state;
5750
5751 struct xlate_out xout;
5752 enum xlate_error error = xlate_actions(&xin, &xout);
5753 *slow = xout.slow;
5754 xlate_out_uninit(&xout);
5755
5756 /* xlate_actions() can generate a number of errors, but only
5757 * XLATE_BRIDGE_NOT_FOUND really stands out to me as one that we should be
5758 * sure to report over OpenFlow. The others could come up in packet-outs
5759 * or regular flow translation and I don't think that it's going to be too
5760 * useful to report them to the controller. */
5761 return error == XLATE_BRIDGE_NOT_FOUND ? OFPERR_NXR_STALE : 0;
5762}
5763
2eb79142
JG		 5764/* Sends 'packet' out 'ofport'. If 'port' is a tunnel and that tunnel type
5765 * supports a notion of an OAM flag, sets it if 'oam' is true.
91d6cd12
AW		 5766 * May modify 'packet'.
5767 * Returns 0 if successful, otherwise a positive errno value. */
5768int
2eb79142
JG		 5769xlate_send_packet(const struct ofport_dpif *ofport, bool oam,
5770 struct dp_packet *packet)
91d6cd12 5771{
84f0f298 5772 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
91d6cd12 5773 struct xport *xport;
2eb79142
JG		 5774 uint64_t ofpacts_stub[1024 / 8];
5775 struct ofpbuf ofpacts;
91d6cd12 5776 struct flow flow;
91d6cd12 5777
2eb79142 5778 ofpbuf_use_stack(&ofpacts, ofpacts_stub, sizeof ofpacts_stub);
91d6cd12 5779 /* Use OFPP_NONE as the in_port to avoid special packet processing. */
cf62fa4c 5780 flow_extract(packet, &flow);
b5e7e61a 5781 flow.in_port.ofp_port = OFPP_NONE;
91d6cd12 5782
84f0f298 5783 xport = xport_lookup(xcfg, ofport);
91d6cd12 5784 if (!xport) {
02ea2703 5785 return EINVAL;
91d6cd12 5786 }
2eb79142
JG		 5787
5788 if (oam) {
128684a6
JR		 5789 const ovs_be16 oam = htons(NX_TUN_FLAG_OAM);
5790 ofpact_put_set_field(&ofpacts, mf_from_id(MFF_TUN_FLAGS), &oam, &oam);
2eb79142
JG		 5791 }
5792
5793 ofpact_put_OUTPUT(&ofpacts)->port = xport->ofp_port;
e491a67a 5794
1f4a8933
JR		 5795 /* Actions here are not referring to anything versionable (flow tables or
5796 * groups) so we don't need to worry about the version here. */
5797 return ofproto_dpif_execute_actions(xport->xbridge->ofproto,
5798 OVS_VERSION_MAX, &flow, NULL,
2eb79142 5799 ofpacts.data, ofpacts.size, packet);
9583bc14 5800}
b256dc52 5801
901a517e 5802void
064799a1
JR		 5803xlate_mac_learning_update(const struct ofproto_dpif *ofproto,
5804 ofp_port_t in_port, struct eth_addr dl_src,
5805 int vlan, bool is_grat_arp)
b256dc52 5806{
84f0f298 5807 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
b256dc52
JS		 5808 struct xbridge *xbridge;
5809 struct xbundle *xbundle;
b256dc52 5810
84f0f298 5811 xbridge = xbridge_lookup(xcfg, ofproto);
b256dc52
JS		 5812 if (!xbridge) {
5813 return;
5814 }
5815
064799a1 5816 xbundle = lookup_input_bundle(xbridge, in_port, false, NULL);
b256dc52
JS		 5817 if (!xbundle) {
5818 return;
5819 }
5820
064799a1 5821 update_learning_table(xbridge, xbundle, dl_src, vlan, is_grat_arp);
b256dc52 5822}
openvswitch packages for PVE