]> git.proxmox.com Git - ovs.git/blame - ofproto/ofproto-dpif-xlate.c
projects / ovs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ovsdb-idl: Enhance conditional monitoring API
[ovs.git] / ofproto / ofproto-dpif-xlate.c
CommitLineData
9bfe9334 1/* Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 Nicira, Inc.
9583bc14
EJ		 2 *
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License. */
14
15#include <config.h>
16
17#include "ofproto/ofproto-dpif-xlate.h"
18
8449c4d6 19#include <errno.h>
a36de779
PS		 20#include <arpa/inet.h>
21#include <net/if.h>
22#include <sys/socket.h>
23#include <netinet/in.h>
8449c4d6 24
db7d4e46 25#include "bfd.h"
9583bc14
EJ		 26#include "bitmap.h"
27#include "bond.h"
28#include "bundle.h"
29#include "byte-order.h"
db7d4e46 30#include "cfm.h"
9583bc14
EJ		 31#include "connmgr.h"
32#include "coverage.h"
46445c63 33#include "csum.h"
e14deea0 34#include "dp-packet.h"
9583bc14 35#include "dpif.h"
f7f1ea29 36#include "in-band.h"
db7d4e46 37#include "lacp.h"
9583bc14
EJ		 38#include "learn.h"
39#include "mac-learning.h"
6d95c4e8 40#include "mcast-snooping.h"
9583bc14
EJ		 41#include "multipath.h"
42#include "netdev-vport.h"
43#include "netlink.h"
44#include "nx-match.h"
45#include "odp-execute.h"
9583bc14 46#include "ofproto/ofproto-dpif-ipfix.h"
ec7ceaed 47#include "ofproto/ofproto-dpif-mirror.h"
60d02c72 48#include "ofproto/ofproto-dpif-monitor.h"
9583bc14 49#include "ofproto/ofproto-dpif-sflow.h"
901a517e 50#include "ofproto/ofproto-dpif-xlate-cache.h"
9583bc14 51#include "ofproto/ofproto-dpif.h"
6f00e29b 52#include "ofproto/ofproto-provider.h"
b598f214
BW		 53#include "openvswitch/dynamic-string.h"
54#include "openvswitch/meta-flow.h"
55#include "openvswitch/list.h"
56#include "openvswitch/ofp-actions.h"
57#include "openvswitch/vlog.h"
58#include "ovs-lldp.h"
a36de779 59#include "ovs-router.h"
b598f214
BW		 60#include "packets.h"
61#include "tnl-neigh-cache.h"
a36de779 62#include "tnl-ports.h"
9583bc14 63#include "tunnel.h"
ee89ea7b 64#include "util.h"
9583bc14 65
46c88433 66COVERAGE_DEFINE(xlate_actions);
0f032e95 67COVERAGE_DEFINE(xlate_actions_oversize);
7d031d7e 68COVERAGE_DEFINE(xlate_actions_too_many_output);
9583bc14
EJ		 69
70VLOG_DEFINE_THIS_MODULE(ofproto_dpif_xlate);
71
8a553e9a 72/* Maximum depth of flow table recursion (due to resubmit actions) in a
790c5d26
BP		 73 * flow translation.
74 *
75 * The goal of limiting the depth of resubmits is to ensure that flow
76 * translation eventually terminates. Only resubmits to the same table or an
77 * earlier table count against the maximum depth. This is because resubmits to
78 * strictly monotonically increasing table IDs will eventually terminate, since
79 * any OpenFlow switch has a finite number of tables. OpenFlow tables are most
80 * commonly traversed in numerically increasing order, so this limit has little
81 * effect on conventionally designed OpenFlow pipelines.
82 *
83 * Outputs to patch ports and to groups also count against the depth limit. */
84#define MAX_DEPTH 64
8a553e9a 85
98b07853
BP		 86/* Maximum number of resubmit actions in a flow translation, whether they are
87 * recursive or not. */
790c5d26 88#define MAX_RESUBMITS (MAX_DEPTH * MAX_DEPTH)
98b07853 89
46c88433
EJ		 90struct xbridge {
91 struct hmap_node hmap_node; /* Node in global 'xbridges' map. */
92 struct ofproto_dpif *ofproto; /* Key in global 'xbridges' map. */
93
ca6ba700 94 struct ovs_list xbundles; /* Owned xbundles. */
46c88433
EJ		 95 struct hmap xports; /* Indexed by ofp_port. */
96
97 char *name; /* Name used in log messages. */
89a8a7f0 98 struct dpif *dpif; /* Datapath interface. */
46c88433 99 struct mac_learning *ml; /* Mac learning handle. */
6d95c4e8 100 struct mcast_snooping *ms; /* Multicast Snooping handle. */
46c88433
EJ		 101 struct mbridge *mbridge; /* Mirroring. */
102 struct dpif_sflow *sflow; /* SFlow handle, or null. */
103 struct dpif_ipfix *ipfix; /* Ipfix handle, or null. */
ce3955be 104 struct netflow *netflow; /* Netflow handle, or null. */
9d189a50 105 struct stp *stp; /* STP or null if disabled. */
9efd308e 106 struct rstp *rstp; /* RSTP or null if disabled. */
46c88433 107
46c88433
EJ		 108 bool has_in_band; /* Bridge has in band control? */
109 bool forward_bpdu; /* Bridge forwards STP BPDUs? */
4b97b70d 110
b440dd8c
JS		 111 /* Datapath feature support. */
112 struct dpif_backer_support support;
46c88433
EJ		 113};
114
115struct xbundle {
116 struct hmap_node hmap_node; /* In global 'xbundles' map. */
117 struct ofbundle *ofbundle; /* Key in global 'xbundles' map. */
118
ca6ba700 119 struct ovs_list list_node; /* In parent 'xbridges' list. */
46c88433
EJ		 120 struct xbridge *xbridge; /* Parent xbridge. */
121
ca6ba700 122 struct ovs_list xports; /* Contains "struct xport"s. */
46c88433
EJ		 123
124 char *name; /* Name used in log messages. */
125 struct bond *bond; /* Nonnull iff more than one port. */
126 struct lacp *lacp; /* LACP handle or null. */
127
128 enum port_vlan_mode vlan_mode; /* VLAN mode. */
129 int vlan; /* -1=trunk port, else a 12-bit VLAN ID. */
130 unsigned long *trunks; /* Bitmap of trunked VLANs, if 'vlan' == -1.
131 * NULL if all VLANs are trunked. */
132 bool use_priority_tags; /* Use 802.1p tag for frames in VLAN 0? */
133 bool floodable; /* No port has OFPUTIL_PC_NO_FLOOD set? */
c005f976 134 bool protected; /* Protected port mode */
46c88433
EJ		 135};
136
137struct xport {
138 struct hmap_node hmap_node; /* Node in global 'xports' map. */
139 struct ofport_dpif *ofport; /* Key in global 'xports map. */
140
141 struct hmap_node ofp_node; /* Node in parent xbridge 'xports' map. */
142 ofp_port_t ofp_port; /* Key in parent xbridge 'xports' map. */
143
144 odp_port_t odp_port; /* Datapath port number or ODPP_NONE. */
145
ca6ba700 146 struct ovs_list bundle_node; /* In parent xbundle (if it exists). */
46c88433
EJ		 147 struct xbundle *xbundle; /* Parent xbundle or null. */
148
149 struct netdev *netdev; /* 'ofport''s netdev. */
150
151 struct xbridge *xbridge; /* Parent bridge. */
152 struct xport *peer; /* Patch port peer or null. */
153
154 enum ofputil_port_config config; /* OpenFlow port configuration. */
dd8cd4b4 155 enum ofputil_port_state state; /* OpenFlow port state. */
92cf817b 156 int stp_port_no; /* STP port number or -1 if not in use. */
f025bcb7 157 struct rstp_port *rstp_port; /* RSTP port or null. */
46c88433 158
55954f6e
EJ		 159 struct hmap skb_priorities; /* Map of 'skb_priority_to_dscp's. */
160
46c88433
EJ		 161 bool may_enable; /* May be enabled in bonds. */
162 bool is_tunnel; /* Is a tunnel port. */
163
164 struct cfm *cfm; /* CFM handle or null. */
165 struct bfd *bfd; /* BFD handle or null. */
0477baa9 166 struct lldp *lldp; /* LLDP handle or null. */
46c88433
EJ		 167};
168
4d0acc70
EJ		 169struct xlate_ctx {
170 struct xlate_in *xin;
171 struct xlate_out *xout;
172
46c88433 173 const struct xbridge *xbridge;
4d0acc70
EJ		 174
175 /* Flow at the last commit. */
176 struct flow base_flow;
177
178 /* Tunnel IP destination address as received. This is stored separately
179 * as the base_flow.tunnel is cleared on init to reflect the datapath
180 * behavior. Used to make sure not to send tunneled output to ourselves,
181 * which might lead to an infinite loop. This could happen easily
182 * if a tunnel is marked as 'ip_remote=flow', and the flow does not
183 * actually set the tun_dst field. */
e4d3706c 184 struct in6_addr orig_tunnel_ipv6_dst;
4d0acc70 185
84cf3c1f
JR		 186 /* Stack for the push and pop actions. See comment above nx_stack_push()
187 * in nx-match.c for info on how the stack is stored. */
4d0acc70
EJ		 188 struct ofpbuf stack;
189
190 /* The rule that we are currently translating, or NULL. */
191 struct rule_dpif *rule;
192
49a73e0c
BP		 193 /* Flow translation populates this with wildcards relevant in translation.
194 * When 'xin->wc' is nonnull, this is the same pointer. When 'xin->wc' is
c0e638aa 195 * null, this is a pointer to a temporary buffer. */
49a73e0c
BP		 196 struct flow_wildcards *wc;
197
1520ef4f
BP		 198 /* Output buffer for datapath actions. When 'xin->odp_actions' is nonnull,
199 * this is the same pointer. When 'xin->odp_actions' is null, this points
200 * to a scratch ofpbuf. This allows code to add actions to
201 * 'ctx->odp_actions' without worrying about whether the caller really
202 * wants actions. */
203 struct ofpbuf *odp_actions;
204
790c5d26
BP		 205 /* Statistics maintained by xlate_table_action().
206 *
207 * 'indentation' is the nesting level for resubmits. It is used to indent
208 * the output of resubmit_hook (e.g. for the "ofproto/trace" feature).
209 *
210 * The other statistics limit the amount of work that a single flow
211 * translation can perform. The goal of the first of these, 'depth', is
212 * primarily to prevent translation from performing an infinite amount of
213 * work. It counts the current depth of nested "resubmit"s (and a few
214 * other activities); when a resubmit returns, it decreases. Resubmits to
215 * tables in strictly monotonically increasing order don't contribute to
216 * 'depth' because they cannot cause a flow translation to take an infinite
217 * amount of time (because the number of tables is finite). Translation
218 * aborts when 'depth' exceeds MAX_DEPTH.
219 *
220 * 'resubmits', on the other hand, prevents flow translation from
221 * performing an extraordinarily large while still finite amount of work.
222 * It counts the total number of resubmits (and a few other activities)
223 * that have been executed. Returning from a resubmit does not affect this
224 * counter. Thus, this limits the amount of work that a particular
225 * translation can perform. Translation aborts when 'resubmits' exceeds
226 * MAX_RESUBMITS (which is much larger than MAX_DEPTH).
227 */
228 int indentation; /* Indentation level for resubmit_hook. */
229 int depth; /* Current resubmit nesting depth. */
98b07853 230 int resubmits; /* Total number of resubmits. */
5a070238 231 bool in_group; /* Currently translating ofgroup, if true. */
029ca940 232 bool in_action_set; /* Currently translating action_set, if true. */
98b07853 233
4d0acc70 234 uint8_t table_id; /* OpenFlow table ID where flow was found. */
8b1e5560
JR		 235 ovs_be64 rule_cookie; /* Cookie of the rule being translated. */
236 uint32_t orig_skb_priority; /* Priority when packet arrived. */
4d0acc70 237 uint32_t sflow_n_outputs; /* Number of output ports. */
4e022ec0 238 odp_port_t sflow_odp_port; /* Output port for composing sFlow action. */
2031ef97 239 ofp_port_t nf_output_iface; /* Output interface index for NetFlow. */
4d0acc70 240 bool exit; /* No further actions should be processed. */
3d6151f3 241 mirror_mask_t mirrors; /* Bitmap of associated mirrors. */
1356dbd1 242 int mirror_snaplen; /* Max size of a mirror packet in byte. */
7fdb60a7 243
1d361a81
BP		 244 /* Freezing Translation
245 * ====================
e672ff9b 246 *
1d361a81
BP		 247 * At some point during translation, the code may recognize the need to halt
248 * and checkpoint the translation in a way that it can be restarted again
249 * later. We call the checkpointing process "freezing" and the restarting
250 * process "thawing".
e672ff9b 251 *
1d361a81 252 * The use cases for freezing are:
e672ff9b 253 *
1d361a81
BP		 254 * - "Recirculation", where the translation process discovers that it
255 * doesn't have enough information to complete translation without
256 * actually executing the actions that have already been translated,
257 * which provides the additionally needed information. In these
258 * situations, translation freezes translation and assigns the frozen
259 * data a unique "recirculation ID", which it associates with the data
260 * in a table in userspace (see ofproto-dpif-rid.h). It also adds a
261 * OVS_ACTION_ATTR_RECIRC action specifying that ID to the datapath
262 * actions. When a packet hits that action, the datapath looks its
263 * flow up again using the ID. If there's a miss, it comes back to
264 * userspace, which find the recirculation table entry for the ID,
265 * thaws the associated frozen data, and continues translation from
266 * that point given the additional information that is now known.
e672ff9b 267 *
1d361a81
BP		 268 * The archetypal example is MPLS. As MPLS is implemented in
269 * OpenFlow, the protocol that follows the last MPLS label becomes
270 * known only when that label is popped by an OpenFlow action. That
271 * means that Open vSwitch can't extract the headers beyond the MPLS
272 * labels until the pop action is executed. Thus, at that point
273 * translation uses the recirculation process to extract the headers
274 * beyond the MPLS labels.
e672ff9b 275 *
1d361a81
BP		 276 * (OVS also uses OVS_ACTION_ATTR_RECIRC to implement hashing for
277 * output to bonds. OVS pre-populates all the datapath flows for bond
278 * output in the datapath, though, which means that the elaborate
279 * process of coming back to userspace for a second round of
280 * translation isn't needed, and so bonds don't follow the above
281 * process.)
e672ff9b 282 *
77ab5fd2
BP		 283 * - "Continuation". A continuation is a way for an OpenFlow controller
284 * to interpose on a packet's traversal of the OpenFlow tables. When
285 * the translation process encounters a "controller" action with the
286 * "pause" flag, it freezes translation, serializes the frozen data,
287 * and sends it to an OpenFlow controller. The controller then
288 * examines and possibly modifies the frozen data and eventually sends
289 * it back to the switch, which thaws it and continues translation.
e672ff9b 290 *
1d361a81
BP		 291 * The main problem of freezing translation is preserving state, so that
292 * when the translation is thawed later it resumes from where it left off,
293 * without disruption. In particular, actions must be preserved as follows:
294 *
295 * - If we're freezing because an action needed more information, the
296 * action that prompted it.
297 *
298 * - Any actions remaining to be translated within the current flow.
299 *
300 * - If translation was frozen within a NXAST_RESUBMIT, then any actions
301 * following the resubmit action. Resubmit actions can be nested, so
302 * this has to go all the way up the control stack.
e672ff9b
JR		 303 *
304 * - The OpenFlow 1.1+ action set.
305 *
306 * State that actions and flow table lookups can depend on, such as the
307 * following, must also be preserved:
308 *
309 * - Metadata fields (input port, registers, OF1.1+ metadata, ...).
310 *
1d361a81 311 * - The stack used by NXAST_STACK_PUSH and NXAST_STACK_POP actions.
e672ff9b
JR		 312 *
313 * - The table ID and cookie of the flow being translated at each level
1d361a81
BP		 314 * of the control stack, because these can become visible through
315 * OFPAT_CONTROLLER actions (and other ways).
e672ff9b
JR		 316 *
317 * Translation allows for the control of this state preservation via these
1d361a81
BP		 318 * members. When a need to freeze translation is identified, the
319 * translation process:
e672ff9b 320 *
1d361a81 321 * 1. Sets 'freezing' to true.
e672ff9b
JR		 322 *
323 * 2. Sets 'exit' to true to tell later steps that we're exiting from the
324 * translation process.
325 *
1d361a81
BP		 326 * 3. Adds an OFPACT_UNROLL_XLATE action to 'frozen_actions', and points
327 * frozen_actions.header to the action to make it easy to find it later.
328 * This action holds the current table ID and cookie so that they can be
329 * restored during a post-recirculation upcall translation.
e672ff9b
JR		 330 *
331 * 4. Adds the action that prompted recirculation and any actions following
1d361a81 332 * it within the same flow to 'frozen_actions', so that they can be
8a5fb3b4 333 * executed during a post-recirculation upcall translation.
e672ff9b
JR		 334 *
335 * 5. Returns.
336 *
337 * 6. The action that prompted recirculation might be nested in a stack of
338 * nested "resubmit"s that have actions remaining. Each of these notices
1d361a81
BP		 339 * that we're exiting and freezing and responds by adding more
340 * OFPACT_UNROLL_XLATE actions to 'frozen_actions', as necessary,
341 * followed by any actions that were yet unprocessed.
e672ff9b 342 *
1d361a81
BP		 343 * If we're freezing because of recirculation, the caller generates a
344 * recirculation ID and associates all the state produced by this process
345 * with it. For post-recirculation upcall translation, the caller passes it
346 * back in for the new translation to execute. The process yielded a set of
347 * ofpacts that can be translated directly, so it is not much of a special
348 * case at that point.
e672ff9b 349 */
1d361a81 350 bool freezing;
53cc166a
JR		 351 bool recirc_update_dp_hash; /* Generated recirculation will be preceded
352 * by datapath HASH action to get an updated
353 * dp_hash after recirculation. */
354 uint32_t dp_hash_alg;
355 uint32_t dp_hash_basis;
1d361a81 356 struct ofpbuf frozen_actions;
77ab5fd2 357 const struct ofpact_controller *pause;
e672ff9b 358
e12ec36b
SH		 359 /* True if a packet was but is no longer MPLS (due to an MPLS pop action).
360 * This is a trigger for recirculation in cases where translating an action
361 * or looking up a flow requires access to the fields of the packet after
362 * the MPLS label stack that was originally present. */
363 bool was_mpls;
364
07659514
JS		 365 /* True if conntrack has been performed on this packet during processing
366 * on the current bridge. This is used to determine whether conntrack
1d361a81 367 * state from the datapath should be honored after thawing. */
07659514
JS		 368 bool conntracked;
369
9ac0aada
JR		 370 /* Pointer to an embedded NAT action in a conntrack action, or NULL. */
371 struct ofpact_nat *ct_nat_action;
372
7fdb60a7
SH		 373 /* OpenFlow 1.1+ action set.
374 *
375 * 'action_set' accumulates "struct ofpact"s added by OFPACT_WRITE_ACTIONS.
376 * When translation is otherwise complete, ofpacts_execute_action_set()
377 * converts it to a set of "struct ofpact"s that can be translated into
ed9c9e3e 378 * datapath actions. */
c61f3870 379 bool action_set_has_group; /* Action set contains OFPACT_GROUP? */
7fdb60a7 380 struct ofpbuf action_set; /* Action set. */
fff1b9c0
JR		 381
382 enum xlate_error error; /* Translation failed. */
4d0acc70
EJ		 383};
384
fff1b9c0
JR		 385const char *xlate_strerror(enum xlate_error error)
386{
387 switch (error) {
388 case XLATE_OK:
389 return "OK";
390 case XLATE_BRIDGE_NOT_FOUND:
391 return "Bridge not found";
392 case XLATE_RECURSION_TOO_DEEP:
393 return "Recursion too deep";
394 case XLATE_TOO_MANY_RESUBMITS:
395 return "Too many resubmits";
396 case XLATE_STACK_TOO_DEEP:
397 return "Stack too deep";
398 case XLATE_NO_RECIRCULATION_CONTEXT:
399 return "No recirculation context";
400 case XLATE_RECIRCULATION_CONFLICT:
401 return "Recirculation conflict";
402 case XLATE_TOO_MANY_MPLS_LABELS:
403 return "Too many MPLS labels";
8d8ab6c2
JG		 404 case XLATE_INVALID_TUNNEL_METADATA:
405 return "Invalid tunnel metadata";
fff1b9c0
JR		 406 }
407 return "Unknown error";
408}
409
ed9c9e3e 410static void xlate_action_set(struct xlate_ctx *ctx);
704bb0bf 411static void xlate_commit_actions(struct xlate_ctx *ctx);
ed9c9e3e 412
1d741d6d 413static void
1d361a81 414ctx_trigger_freeze(struct xlate_ctx *ctx)
1d741d6d
JR		 415{
416 ctx->exit = true;
1d361a81 417 ctx->freezing = true;
1d741d6d
JR		 418}
419
53cc166a
JR		 420static void
421ctx_trigger_recirculate_with_hash(struct xlate_ctx *ctx, uint32_t type,
422 uint32_t basis)
423{
424 ctx->exit = true;
425 ctx->freezing = true;
426 ctx->recirc_update_dp_hash = true;
427 ctx->dp_hash_alg = type;
428 ctx->dp_hash_basis = basis;
429}
430
1d741d6d 431static bool
1d361a81 432ctx_first_frozen_action(const struct xlate_ctx *ctx)
1d741d6d 433{
1d361a81 434 return !ctx->frozen_actions.size;
e672ff9b
JR		 435}
436
3293cb85 437static void
1d361a81 438ctx_cancel_freeze(struct xlate_ctx *ctx)
3293cb85 439{
1d361a81
BP		 440 if (ctx->freezing) {
441 ctx->freezing = false;
53cc166a 442 ctx->recirc_update_dp_hash = false;
1d361a81
BP		 443 ofpbuf_clear(&ctx->frozen_actions);
444 ctx->frozen_actions.header = NULL;
3293cb85
BP		 445 }
446}
447
77ab5fd2 448static void finish_freezing(struct xlate_ctx *ctx);
e672ff9b 449
9583bc14
EJ		 450/* A controller may use OFPP_NONE as the ingress port to indicate that
451 * it did not arrive on a "real" port. 'ofpp_none_bundle' exists for
452 * when an input bundle is needed for validation (e.g., mirroring or
453 * OFPP_NORMAL processing). It is not connected to an 'ofproto' or have
3548d242
BP		 454 * any 'port' structs, so care must be taken when dealing with it. */
455static struct xbundle ofpp_none_bundle = {
456 .name = "OFPP_NONE",
457 .vlan_mode = PORT_VLAN_TRUNK
458};
9583bc14 459
55954f6e
EJ		 460/* Node in 'xport''s 'skb_priorities' map. Used to maintain a map from
461 * 'priority' (the datapath's term for QoS queue) to the dscp bits which all
462 * traffic egressing the 'ofport' with that priority should be marked with. */
463struct skb_priority_to_dscp {
464 struct hmap_node hmap_node; /* Node in 'ofport_dpif''s 'skb_priorities'. */
465 uint32_t skb_priority; /* Priority of this queue (see struct flow). */
466
467 uint8_t dscp; /* DSCP bits to mark outgoing traffic with. */
468};
469
84f0f298
RW		 470/* Xlate config contains hash maps of all bridges, bundles and ports.
471 * Xcfgp contains the pointer to the current xlate configuration.
472 * When the main thread needs to change the configuration, it copies xcfgp to
473 * new_xcfg and edits new_xcfg. This enables the use of RCU locking which
474 * does not block handler and revalidator threads. */
475struct xlate_cfg {
476 struct hmap xbridges;
477 struct hmap xbundles;
478 struct hmap xports;
479};
b1b72f2d 480static OVSRCU_TYPE(struct xlate_cfg *) xcfgp = OVSRCU_INITIALIZER(NULL);
f439f23b 481static struct xlate_cfg *new_xcfg = NULL;
46c88433
EJ		 482
483static bool may_receive(const struct xport *, struct xlate_ctx *);
9583bc14
EJ		 484static void do_xlate_actions(const struct ofpact *, size_t ofpacts_len,
485 struct xlate_ctx *);
adcf00ba 486static void xlate_normal(struct xlate_ctx *);
c1b3756c
BP		 487static inline void xlate_report(struct xlate_ctx *, const char *, ...)
488 OVS_PRINTF_FORMAT(2, 3);
6d328fa2
SH		 489static void xlate_table_action(struct xlate_ctx *, ofp_port_t in_port,
490 uint8_t table_id, bool may_packet_in,
491 bool honor_table_miss);
46c88433
EJ		 492static bool input_vid_is_valid(uint16_t vid, struct xbundle *, bool warn);
493static uint16_t input_vid_to_vlan(const struct xbundle *, uint16_t vid);
494static void output_normal(struct xlate_ctx *, const struct xbundle *,
9583bc14 495 uint16_t vlan);
e93ef1c7
JR		 496
497/* Optional bond recirculation parameter to compose_output_action(). */
498struct xlate_bond_recirc {
499 uint32_t recirc_id; /* !0 Use recirculation instead of output. */
500 uint8_t hash_alg; /* !0 Compute hash for recirc before. */
501 uint32_t hash_basis; /* Compute hash for recirc before. */
502};
503
504static void compose_output_action(struct xlate_ctx *, ofp_port_t ofp_port,
505 const struct xlate_bond_recirc *xr);
9583bc14 506
84f0f298
RW		 507static struct xbridge *xbridge_lookup(struct xlate_cfg *,
508 const struct ofproto_dpif *);
290835f9
BP		 509static struct xbridge *xbridge_lookup_by_uuid(struct xlate_cfg *,
510 const struct uuid *);
84f0f298
RW		 511static struct xbundle *xbundle_lookup(struct xlate_cfg *,
512 const struct ofbundle *);
513static struct xport *xport_lookup(struct xlate_cfg *,
514 const struct ofport_dpif *);
46c88433 515static struct xport *get_ofp_port(const struct xbridge *, ofp_port_t ofp_port);
55954f6e
EJ		 516static struct skb_priority_to_dscp *get_skb_priority(const struct xport *,
517 uint32_t skb_priority);
518static void clear_skb_priorities(struct xport *);
16194afd 519static size_t count_skb_priorities(const struct xport *);
55954f6e
EJ		 520static bool dscp_from_skb_priority(const struct xport *, uint32_t skb_priority,
521 uint8_t *dscp);
46c88433 522
84f0f298
RW		 523static void xlate_xbridge_init(struct xlate_cfg *, struct xbridge *);
524static void xlate_xbundle_init(struct xlate_cfg *, struct xbundle *);
525static void xlate_xport_init(struct xlate_cfg *, struct xport *);
9efd308e 526static void xlate_xbridge_set(struct xbridge *, struct dpif *,
9efd308e
DV		 527 const struct mac_learning *, struct stp *,
528 struct rstp *, const struct mcast_snooping *,
529 const struct mbridge *,
530 const struct dpif_sflow *,
531 const struct dpif_ipfix *,
2f47cdf4 532 const struct netflow *,
84f0f298 533 bool forward_bpdu, bool has_in_band,
b440dd8c 534 const struct dpif_backer_support *);
84f0f298
RW		 535static void xlate_xbundle_set(struct xbundle *xbundle,
536 enum port_vlan_mode vlan_mode, int vlan,
537 unsigned long *trunks, bool use_priority_tags,
538 const struct bond *bond, const struct lacp *lacp,
c005f976 539 bool floodable, bool protected);
84f0f298
RW		 540static void xlate_xport_set(struct xport *xport, odp_port_t odp_port,
541 const struct netdev *netdev, const struct cfm *cfm,
0477baa9
DF		 542 const struct bfd *bfd, const struct lldp *lldp,
543 int stp_port_no, const struct rstp_port *rstp_port,
84f0f298
RW		 544 enum ofputil_port_config config,
545 enum ofputil_port_state state, bool is_tunnel,
546 bool may_enable);
547static void xlate_xbridge_remove(struct xlate_cfg *, struct xbridge *);
548static void xlate_xbundle_remove(struct xlate_cfg *, struct xbundle *);
549static void xlate_xport_remove(struct xlate_cfg *, struct xport *);
550static void xlate_xbridge_copy(struct xbridge *);
551static void xlate_xbundle_copy(struct xbridge *, struct xbundle *);
552static void xlate_xport_copy(struct xbridge *, struct xbundle *,
553 struct xport *);
554static void xlate_xcfg_free(struct xlate_cfg *);
b256dc52 555
34dd0d78 556static inline void
c1b3756c 557xlate_report(struct xlate_ctx *ctx, const char *format, ...)
34dd0d78
JR		 558{
559 if (OVS_UNLIKELY(ctx->xin->report_hook)) {
c1b3756c
BP		 560 va_list args;
561
562 va_start(args, format);
9a9b001a 563 ctx->xin->report_hook(ctx->xin, ctx->indentation, format, args);
c1b3756c 564 va_end(args);
34dd0d78
JR		 565 }
566}
84f0f298 567
fff1b9c0
JR		 568static struct vlog_rate_limit error_report_rl = VLOG_RATE_LIMIT_INIT(1, 5);
569
a716ef9a
JS		 570#define XLATE_REPORT_ERROR(CTX, ...) \
571 do { \
572 if (OVS_UNLIKELY((CTX)->xin->report_hook)) { \
573 xlate_report(CTX, __VA_ARGS__); \
574 } else { \
575 struct ds ds = DS_EMPTY_INITIALIZER; \
576 \
577 ds_put_format(&ds, __VA_ARGS__); \
578 ds_put_cstr(&ds, ": "); \
e91e0e58 579 flow_format(&ds, &(CTX)->base_flow); \
26f858a9 580 VLOG_ERR_RL(&error_report_rl, "%s", ds_cstr(&ds)); \
a716ef9a
JS		 581 ds_destroy(&ds); \
582 } \
fff1b9c0
JR		 583 } while (0)
584
d6bef3cc
BP		 585static inline void
586xlate_report_actions(struct xlate_ctx *ctx, const char *title,
587 const struct ofpact *ofpacts, size_t ofpacts_len)
588{
589 if (OVS_UNLIKELY(ctx->xin->report_hook)) {
590 struct ds s = DS_EMPTY_INITIALIZER;
591 ofpacts_format(ofpacts, ofpacts_len, &s);
592 xlate_report(ctx, "%s: %s", title, ds_cstr(&s));
593 ds_destroy(&s);
594 }
595}
596
84f0f298
RW		 597static void
598xlate_xbridge_init(struct xlate_cfg *xcfg, struct xbridge *xbridge)
599{
417e7e66 600 ovs_list_init(&xbridge->xbundles);
84f0f298
RW		 601 hmap_init(&xbridge->xports);
602 hmap_insert(&xcfg->xbridges, &xbridge->hmap_node,
603 hash_pointer(xbridge->ofproto, 0));
604}
605
606static void
607xlate_xbundle_init(struct xlate_cfg *xcfg, struct xbundle *xbundle)
608{
417e7e66
BW		 609 ovs_list_init(&xbundle->xports);
610 ovs_list_insert(&xbundle->xbridge->xbundles, &xbundle->list_node);
84f0f298
RW		 611 hmap_insert(&xcfg->xbundles, &xbundle->hmap_node,
612 hash_pointer(xbundle->ofbundle, 0));
613}
614
615static void
616xlate_xport_init(struct xlate_cfg *xcfg, struct xport *xport)
617{
618 hmap_init(&xport->skb_priorities);
619 hmap_insert(&xcfg->xports, &xport->hmap_node,
620 hash_pointer(xport->ofport, 0));
621 hmap_insert(&xport->xbridge->xports, &xport->ofp_node,
622 hash_ofp_port(xport->ofp_port));
623}
624
625static void
626xlate_xbridge_set(struct xbridge *xbridge,
627 struct dpif *dpif,
ec89fc6f 628 const struct mac_learning *ml, struct stp *stp,
9efd308e 629 struct rstp *rstp, const struct mcast_snooping *ms,
ec89fc6f 630 const struct mbridge *mbridge,
46c88433 631 const struct dpif_sflow *sflow,
ce3955be 632 const struct dpif_ipfix *ipfix,
2f47cdf4 633 const struct netflow *netflow,
4b97b70d 634 bool forward_bpdu, bool has_in_band,
b440dd8c 635 const struct dpif_backer_support *support)
46c88433 636{
46c88433
EJ		 637 if (xbridge->ml != ml) {
638 mac_learning_unref(xbridge->ml);
639 xbridge->ml = mac_learning_ref(ml);
640 }
641
6d95c4e8
FL		 642 if (xbridge->ms != ms) {
643 mcast_snooping_unref(xbridge->ms);
644 xbridge->ms = mcast_snooping_ref(ms);
645 }
646
46c88433
EJ		 647 if (xbridge->mbridge != mbridge) {
648 mbridge_unref(xbridge->mbridge);
649 xbridge->mbridge = mbridge_ref(mbridge);
650 }
651
652 if (xbridge->sflow != sflow) {
653 dpif_sflow_unref(xbridge->sflow);
654 xbridge->sflow = dpif_sflow_ref(sflow);
655 }
656
657 if (xbridge->ipfix != ipfix) {
658 dpif_ipfix_unref(xbridge->ipfix);
659 xbridge->ipfix = dpif_ipfix_ref(ipfix);
660 }
661
9d189a50
EJ		 662 if (xbridge->stp != stp) {
663 stp_unref(xbridge->stp);
664 xbridge->stp = stp_ref(stp);
665 }
666
9efd308e
DV		 667 if (xbridge->rstp != rstp) {
668 rstp_unref(xbridge->rstp);
669 xbridge->rstp = rstp_ref(rstp);
670 }
671
ce3955be
EJ		 672 if (xbridge->netflow != netflow) {
673 netflow_unref(xbridge->netflow);
674 xbridge->netflow = netflow_ref(netflow);
675 }
676
89a8a7f0 677 xbridge->dpif = dpif;
46c88433
EJ		 678 xbridge->forward_bpdu = forward_bpdu;
679 xbridge->has_in_band = has_in_band;
b440dd8c 680 xbridge->support = *support;
46c88433
EJ		 681}
682
84f0f298
RW		 683static void
684xlate_xbundle_set(struct xbundle *xbundle,
685 enum port_vlan_mode vlan_mode, int vlan,
686 unsigned long *trunks, bool use_priority_tags,
687 const struct bond *bond, const struct lacp *lacp,
c005f976 688 bool floodable, bool protected)
84f0f298
RW		 689{
690 ovs_assert(xbundle->xbridge);
691
692 xbundle->vlan_mode = vlan_mode;
693 xbundle->vlan = vlan;
694 xbundle->trunks = trunks;
695 xbundle->use_priority_tags = use_priority_tags;
696 xbundle->floodable = floodable;
c005f976 697 xbundle->protected = protected;
84f0f298
RW		 698
699 if (xbundle->bond != bond) {
700 bond_unref(xbundle->bond);
701 xbundle->bond = bond_ref(bond);
702 }
703
704 if (xbundle->lacp != lacp) {
705 lacp_unref(xbundle->lacp);
706 xbundle->lacp = lacp_ref(lacp);
707 }
708}
709
710static void
711xlate_xport_set(struct xport *xport, odp_port_t odp_port,
712 const struct netdev *netdev, const struct cfm *cfm,
0477baa9 713 const struct bfd *bfd, const struct lldp *lldp, int stp_port_no,
f025bcb7 714 const struct rstp_port* rstp_port,
84f0f298
RW		 715 enum ofputil_port_config config, enum ofputil_port_state state,
716 bool is_tunnel, bool may_enable)
717{
718 xport->config = config;
719 xport->state = state;
720 xport->stp_port_no = stp_port_no;
721 xport->is_tunnel = is_tunnel;
722 xport->may_enable = may_enable;
723 xport->odp_port = odp_port;
724
f025bcb7
JR		 725 if (xport->rstp_port != rstp_port) {
726 rstp_port_unref(xport->rstp_port);
727 xport->rstp_port = rstp_port_ref(rstp_port);
728 }
729
84f0f298
RW		 730 if (xport->cfm != cfm) {
731 cfm_unref(xport->cfm);
732 xport->cfm = cfm_ref(cfm);
733 }
734
735 if (xport->bfd != bfd) {
736 bfd_unref(xport->bfd);
737 xport->bfd = bfd_ref(bfd);
738 }
739
0477baa9
DF		 740 if (xport->lldp != lldp) {
741 lldp_unref(xport->lldp);
742 xport->lldp = lldp_ref(lldp);
743 }
744
84f0f298
RW		 745 if (xport->netdev != netdev) {
746 netdev_close(xport->netdev);
747 xport->netdev = netdev_ref(netdev);
748 }
749}
750
751static void
752xlate_xbridge_copy(struct xbridge *xbridge)
753{
754 struct xbundle *xbundle;
755 struct xport *xport;
756 struct xbridge *new_xbridge = xzalloc(sizeof *xbridge);
757 new_xbridge->ofproto = xbridge->ofproto;
758 new_xbridge->name = xstrdup(xbridge->name);
759 xlate_xbridge_init(new_xcfg, new_xbridge);
760
761 xlate_xbridge_set(new_xbridge,
34dd0d78 762 xbridge->dpif, xbridge->ml, xbridge->stp,
9efd308e
DV		 763 xbridge->rstp, xbridge->ms, xbridge->mbridge,
764 xbridge->sflow, xbridge->ipfix, xbridge->netflow,
b440dd8c
JS		 765 xbridge->forward_bpdu, xbridge->has_in_band,
766 &xbridge->support);
84f0f298
RW		 767 LIST_FOR_EACH (xbundle, list_node, &xbridge->xbundles) {
768 xlate_xbundle_copy(new_xbridge, xbundle);
769 }
770
771 /* Copy xports which are not part of a xbundle */
772 HMAP_FOR_EACH (xport, ofp_node, &xbridge->xports) {
773 if (!xport->xbundle) {
774 xlate_xport_copy(new_xbridge, NULL, xport);
775 }
776 }
777}
778
779static void
780xlate_xbundle_copy(struct xbridge *xbridge, struct xbundle *xbundle)
781{
782 struct xport *xport;
783 struct xbundle *new_xbundle = xzalloc(sizeof *xbundle);
784 new_xbundle->ofbundle = xbundle->ofbundle;
785 new_xbundle->xbridge = xbridge;
786 new_xbundle->name = xstrdup(xbundle->name);
787 xlate_xbundle_init(new_xcfg, new_xbundle);
788
789 xlate_xbundle_set(new_xbundle, xbundle->vlan_mode,
790 xbundle->vlan, xbundle->trunks,
791 xbundle->use_priority_tags, xbundle->bond, xbundle->lacp,
c005f976 792 xbundle->floodable, xbundle->protected);
84f0f298
RW		 793 LIST_FOR_EACH (xport, bundle_node, &xbundle->xports) {
794 xlate_xport_copy(xbridge, new_xbundle, xport);
795 }
796}
797
798static void
799xlate_xport_copy(struct xbridge *xbridge, struct xbundle *xbundle,
800 struct xport *xport)
801{
802 struct skb_priority_to_dscp *pdscp, *new_pdscp;
803 struct xport *new_xport = xzalloc(sizeof *xport);
804 new_xport->ofport = xport->ofport;
805 new_xport->ofp_port = xport->ofp_port;
806 new_xport->xbridge = xbridge;
807 xlate_xport_init(new_xcfg, new_xport);
808
809 xlate_xport_set(new_xport, xport->odp_port, xport->netdev, xport->cfm,
0477baa9
DF		 810 xport->bfd, xport->lldp, xport->stp_port_no,
811 xport->rstp_port, xport->config, xport->state,
812 xport->is_tunnel, xport->may_enable);
84f0f298
RW		 813
814 if (xport->peer) {
815 struct xport *peer = xport_lookup(new_xcfg, xport->peer->ofport);
816 if (peer) {
817 new_xport->peer = peer;
818 new_xport->peer->peer = new_xport;
819 }
820 }
821
822 if (xbundle) {
823 new_xport->xbundle = xbundle;
417e7e66 824 ovs_list_insert(&new_xport->xbundle->xports, &new_xport->bundle_node);
84f0f298
RW		 825 }
826
827 HMAP_FOR_EACH (pdscp, hmap_node, &xport->skb_priorities) {
828 new_pdscp = xmalloc(sizeof *pdscp);
829 new_pdscp->skb_priority = pdscp->skb_priority;
830 new_pdscp->dscp = pdscp->dscp;
831 hmap_insert(&new_xport->skb_priorities, &new_pdscp->hmap_node,
832 hash_int(new_pdscp->skb_priority, 0));
833 }
834}
835
836/* Sets the current xlate configuration to new_xcfg and frees the old xlate
837 * configuration in xcfgp.
838 *
839 * This needs to be called after editing the xlate configuration.
840 *
841 * Functions that edit the new xlate configuration are
6cd20a22 842 * xlate_<ofproto/bundle/ofport>_set and xlate_<ofproto/bundle/ofport>_remove.
84f0f298
RW		 843 *
844 * A sample workflow:
845 *
846 * xlate_txn_start();
847 * ...
848 * edit_xlate_configuration();
849 * ...
850 * xlate_txn_commit(); */
46c88433 851void
84f0f298
RW		 852xlate_txn_commit(void)
853{
854 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
855
856 ovsrcu_set(&xcfgp, new_xcfg);
40a9c4c2
AW		 857 ovsrcu_synchronize();
858 xlate_xcfg_free(xcfg);
84f0f298
RW		 859 new_xcfg = NULL;
860}
861
862/* Copies the current xlate configuration in xcfgp to new_xcfg.
863 *
864 * This needs to be called prior to editing the xlate configuration. */
865void
866xlate_txn_start(void)
867{
868 struct xbridge *xbridge;
869 struct xlate_cfg *xcfg;
870
871 ovs_assert(!new_xcfg);
872
873 new_xcfg = xmalloc(sizeof *new_xcfg);
874 hmap_init(&new_xcfg->xbridges);
875 hmap_init(&new_xcfg->xbundles);
876 hmap_init(&new_xcfg->xports);
877
878 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
879 if (!xcfg) {
880 return;
881 }
882
883 HMAP_FOR_EACH (xbridge, hmap_node, &xcfg->xbridges) {
884 xlate_xbridge_copy(xbridge);
885 }
886}
887
888
889static void
890xlate_xcfg_free(struct xlate_cfg *xcfg)
891{
892 struct xbridge *xbridge, *next_xbridge;
893
894 if (!xcfg) {
895 return;
896 }
897
898 HMAP_FOR_EACH_SAFE (xbridge, next_xbridge, hmap_node, &xcfg->xbridges) {
899 xlate_xbridge_remove(xcfg, xbridge);
900 }
901
902 hmap_destroy(&xcfg->xbridges);
903 hmap_destroy(&xcfg->xbundles);
904 hmap_destroy(&xcfg->xports);
905 free(xcfg);
906}
907
908void
909xlate_ofproto_set(struct ofproto_dpif *ofproto, const char *name,
34dd0d78 910 struct dpif *dpif,
84f0f298 911 const struct mac_learning *ml, struct stp *stp,
9efd308e 912 struct rstp *rstp, const struct mcast_snooping *ms,
84f0f298
RW		 913 const struct mbridge *mbridge,
914 const struct dpif_sflow *sflow,
915 const struct dpif_ipfix *ipfix,
2f47cdf4 916 const struct netflow *netflow,
b440dd8c
JS		 917 bool forward_bpdu, bool has_in_band,
918 const struct dpif_backer_support *support)
84f0f298
RW		 919{
920 struct xbridge *xbridge;
921
922 ovs_assert(new_xcfg);
923
924 xbridge = xbridge_lookup(new_xcfg, ofproto);
925 if (!xbridge) {
926 xbridge = xzalloc(sizeof *xbridge);
927 xbridge->ofproto = ofproto;
928
929 xlate_xbridge_init(new_xcfg, xbridge);
930 }
931
932 free(xbridge->name);
933 xbridge->name = xstrdup(name);
934
34dd0d78 935 xlate_xbridge_set(xbridge, dpif, ml, stp, rstp, ms, mbridge, sflow, ipfix,
b440dd8c 936 netflow, forward_bpdu, has_in_band, support);
84f0f298
RW		 937}
938
939static void
940xlate_xbridge_remove(struct xlate_cfg *xcfg, struct xbridge *xbridge)
46c88433 941{
46c88433
EJ		 942 struct xbundle *xbundle, *next_xbundle;
943 struct xport *xport, *next_xport;
944
945 if (!xbridge) {
946 return;
947 }
948
949 HMAP_FOR_EACH_SAFE (xport, next_xport, ofp_node, &xbridge->xports) {
84f0f298 950 xlate_xport_remove(xcfg, xport);
46c88433
EJ		 951 }
952
953 LIST_FOR_EACH_SAFE (xbundle, next_xbundle, list_node, &xbridge->xbundles) {
84f0f298 954 xlate_xbundle_remove(xcfg, xbundle);
46c88433
EJ		 955 }
956
84f0f298 957 hmap_remove(&xcfg->xbridges, &xbridge->hmap_node);
795cc5c1 958 mac_learning_unref(xbridge->ml);
6d95c4e8 959 mcast_snooping_unref(xbridge->ms);
795cc5c1
EJ		 960 mbridge_unref(xbridge->mbridge);
961 dpif_sflow_unref(xbridge->sflow);
962 dpif_ipfix_unref(xbridge->ipfix);
963 stp_unref(xbridge->stp);
9efd308e 964 rstp_unref(xbridge->rstp);
795cc5c1 965 hmap_destroy(&xbridge->xports);
46c88433
EJ		 966 free(xbridge->name);
967 free(xbridge);
968}
969
84f0f298
RW		 970void
971xlate_remove_ofproto(struct ofproto_dpif *ofproto)
972{
973 struct xbridge *xbridge;
974
975 ovs_assert(new_xcfg);
976
977 xbridge = xbridge_lookup(new_xcfg, ofproto);
978 xlate_xbridge_remove(new_xcfg, xbridge);
979}
980
46c88433
EJ		 981void
982xlate_bundle_set(struct ofproto_dpif *ofproto, struct ofbundle *ofbundle,
983 const char *name, enum port_vlan_mode vlan_mode, int vlan,
984 unsigned long *trunks, bool use_priority_tags,
985 const struct bond *bond, const struct lacp *lacp,
c005f976 986 bool floodable, bool protected)
46c88433 987{
84f0f298 988 struct xbundle *xbundle;
46c88433 989
84f0f298
RW		 990 ovs_assert(new_xcfg);
991
992 xbundle = xbundle_lookup(new_xcfg, ofbundle);
46c88433
EJ		 993 if (!xbundle) {
994 xbundle = xzalloc(sizeof *xbundle);
995 xbundle->ofbundle = ofbundle;
84f0f298 996 xbundle->xbridge = xbridge_lookup(new_xcfg, ofproto);
46c88433 997
84f0f298 998 xlate_xbundle_init(new_xcfg, xbundle);
46c88433
EJ		 999 }
1000
46c88433
EJ		 1001 free(xbundle->name);
1002 xbundle->name = xstrdup(name);
1003
84f0f298 1004 xlate_xbundle_set(xbundle, vlan_mode, vlan, trunks,
c005f976 1005 use_priority_tags, bond, lacp, floodable, protected);
46c88433
EJ		 1006}
1007
84f0f298
RW		 1008static void
1009xlate_xbundle_remove(struct xlate_cfg *xcfg, struct xbundle *xbundle)
46c88433 1010{
5f03c983 1011 struct xport *xport;
46c88433
EJ		 1012
1013 if (!xbundle) {
1014 return;
1015 }
1016
5f03c983 1017 LIST_FOR_EACH_POP (xport, bundle_node, &xbundle->xports) {
46c88433
EJ		 1018 xport->xbundle = NULL;
1019 }
1020
84f0f298 1021 hmap_remove(&xcfg->xbundles, &xbundle->hmap_node);
417e7e66 1022 ovs_list_remove(&xbundle->list_node);
46c88433
EJ		 1023 bond_unref(xbundle->bond);
1024 lacp_unref(xbundle->lacp);
1025 free(xbundle->name);
1026 free(xbundle);
1027}
1028
84f0f298
RW		 1029void
1030xlate_bundle_remove(struct ofbundle *ofbundle)
1031{
1032 struct xbundle *xbundle;
1033
1034 ovs_assert(new_xcfg);
1035
1036 xbundle = xbundle_lookup(new_xcfg, ofbundle);
1037 xlate_xbundle_remove(new_xcfg, xbundle);
1038}
1039
46c88433
EJ		 1040void
1041xlate_ofport_set(struct ofproto_dpif *ofproto, struct ofbundle *ofbundle,
1042 struct ofport_dpif *ofport, ofp_port_t ofp_port,
1043 odp_port_t odp_port, const struct netdev *netdev,
1044 const struct cfm *cfm, const struct bfd *bfd,
0477baa9
DF		 1045 const struct lldp *lldp, struct ofport_dpif *peer,
1046 int stp_port_no, const struct rstp_port *rstp_port,
55954f6e 1047 const struct ofproto_port_queue *qdscp_list, size_t n_qdscp,
dd8cd4b4
SH		 1048 enum ofputil_port_config config,
1049 enum ofputil_port_state state, bool is_tunnel,
9d189a50 1050 bool may_enable)
46c88433 1051{
55954f6e 1052 size_t i;
84f0f298
RW		 1053 struct xport *xport;
1054
1055 ovs_assert(new_xcfg);
46c88433 1056
84f0f298 1057 xport = xport_lookup(new_xcfg, ofport);
46c88433
EJ		 1058 if (!xport) {
1059 xport = xzalloc(sizeof *xport);
1060 xport->ofport = ofport;
84f0f298 1061 xport->xbridge = xbridge_lookup(new_xcfg, ofproto);
46c88433
EJ		 1062 xport->ofp_port = ofp_port;
1063
84f0f298 1064 xlate_xport_init(new_xcfg, xport);
46c88433
EJ		 1065 }
1066
1067 ovs_assert(xport->ofp_port == ofp_port);
1068
0477baa9
DF		 1069 xlate_xport_set(xport, odp_port, netdev, cfm, bfd, lldp,
1070 stp_port_no, rstp_port, config, state, is_tunnel,
1071 may_enable);
46c88433
EJ		 1072
1073 if (xport->peer) {
1074 xport->peer->peer = NULL;
1075 }
84f0f298 1076 xport->peer = xport_lookup(new_xcfg, peer);
46c88433
EJ		 1077 if (xport->peer) {
1078 xport->peer->peer = xport;
1079 }
1080
1081 if (xport->xbundle) {
417e7e66 1082 ovs_list_remove(&xport->bundle_node);
46c88433 1083 }
84f0f298 1084 xport->xbundle = xbundle_lookup(new_xcfg, ofbundle);
46c88433 1085 if (xport->xbundle) {
417e7e66 1086 ovs_list_insert(&xport->xbundle->xports, &xport->bundle_node);
46c88433 1087 }
55954f6e
EJ		 1088
1089 clear_skb_priorities(xport);
1090 for (i = 0; i < n_qdscp; i++) {
1091 struct skb_priority_to_dscp *pdscp;
1092 uint32_t skb_priority;
1093
89a8a7f0
EJ		 1094 if (dpif_queue_to_priority(xport->xbridge->dpif, qdscp_list[i].queue,
1095 &skb_priority)) {
55954f6e
EJ		 1096 continue;
1097 }
1098
1099 pdscp = xmalloc(sizeof *pdscp);
1100 pdscp->skb_priority = skb_priority;
1101 pdscp->dscp = (qdscp_list[i].dscp << 2) & IP_DSCP_MASK;
1102 hmap_insert(&xport->skb_priorities, &pdscp->hmap_node,
1103 hash_int(pdscp->skb_priority, 0));
1104 }
46c88433
EJ		 1105}
1106
84f0f298
RW		 1107static void
1108xlate_xport_remove(struct xlate_cfg *xcfg, struct xport *xport)
46c88433 1109{
46c88433
EJ		 1110 if (!xport) {
1111 return;
1112 }
1113
1114 if (xport->peer) {
1115 xport->peer->peer = NULL;
1116 xport->peer = NULL;
1117 }
1118
e621a12d 1119 if (xport->xbundle) {
417e7e66 1120 ovs_list_remove(&xport->bundle_node);
e621a12d
EJ		 1121 }
1122
55954f6e
EJ		 1123 clear_skb_priorities(xport);
1124 hmap_destroy(&xport->skb_priorities);
1125
84f0f298 1126 hmap_remove(&xcfg->xports, &xport->hmap_node);
46c88433
EJ		 1127 hmap_remove(&xport->xbridge->xports, &xport->ofp_node);
1128
1129 netdev_close(xport->netdev);
f025bcb7 1130 rstp_port_unref(xport->rstp_port);
46c88433
EJ		 1131 cfm_unref(xport->cfm);
1132 bfd_unref(xport->bfd);
0477baa9 1133 lldp_unref(xport->lldp);
46c88433
EJ		 1134 free(xport);
1135}
1136
84f0f298
RW		 1137void
1138xlate_ofport_remove(struct ofport_dpif *ofport)
1139{
1140 struct xport *xport;
1141
1142 ovs_assert(new_xcfg);
1143
1144 xport = xport_lookup(new_xcfg, ofport);
1145 xlate_xport_remove(new_xcfg, xport);
1146}
1147
ef377a58
JR		 1148static struct ofproto_dpif *
1149xlate_lookup_ofproto_(const struct dpif_backer *backer, const struct flow *flow,
1150 ofp_port_t *ofp_in_port, const struct xport **xportp)
1151{
e672ff9b 1152 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
ef377a58 1153 const struct xport *xport;
f9038ef6 1154
e672ff9b
JR		 1155 xport = xport_lookup(xcfg, tnl_port_should_receive(flow)
1156 ? tnl_port_receive(flow)
1157 : odp_port_to_ofport(backer, flow->in_port.odp_port));
1158 if (OVS_UNLIKELY(!xport)) {
1159 return NULL;
ef377a58 1160 }
e672ff9b 1161 *xportp = xport;
f9038ef6 1162 if (ofp_in_port) {
e672ff9b 1163 *ofp_in_port = xport->ofp_port;
f9038ef6 1164 }
e672ff9b 1165 return xport->xbridge->ofproto;
ef377a58
JR		 1166}
1167
1168/* Given a datapath and flow metadata ('backer', and 'flow' respectively)
1169 * returns the corresponding struct ofproto_dpif and OpenFlow port number. */
1170struct ofproto_dpif *
1171xlate_lookup_ofproto(const struct dpif_backer *backer, const struct flow *flow,
1172 ofp_port_t *ofp_in_port)
1173{
1174 const struct xport *xport;
1175
1176 return xlate_lookup_ofproto_(backer, flow, ofp_in_port, &xport);
1177}
1178
cc377352 1179/* Given a datapath and flow metadata ('backer', and 'flow' respectively),
ef377a58 1180 * optionally populates 'ofproto' with the ofproto_dpif, 'ofp_in_port' with the
cc377352 1181 * openflow in_port, and 'ipfix', 'sflow', and 'netflow' with the appropriate
dcc2c6cd
JR		 1182 * handles for those protocols if they're enabled. Caller may use the returned
1183 * pointers until quiescing, for longer term use additional references must
1184 * be taken.
8449c4d6 1185 *
f9038ef6 1186 * Returns 0 if successful, ENODEV if the parsed flow has no associated ofproto.
ef377a58 1187 */
8449c4d6 1188int
5c476ea3
JR		 1189xlate_lookup(const struct dpif_backer *backer, const struct flow *flow,
1190 struct ofproto_dpif **ofprotop, struct dpif_ipfix **ipfix,
1191 struct dpif_sflow **sflow, struct netflow **netflow,
1192 ofp_port_t *ofp_in_port)
8449c4d6 1193{
ef377a58 1194 struct ofproto_dpif *ofproto;
84f0f298 1195 const struct xport *xport;
8449c4d6 1196
ef377a58 1197 ofproto = xlate_lookup_ofproto_(backer, flow, ofp_in_port, &xport);
8449c4d6 1198
f9038ef6 1199 if (!ofproto) {
cc377352 1200 return ENODEV;
8449c4d6 1201 }
8449c4d6 1202
ef377a58
JR		 1203 if (ofprotop) {
1204 *ofprotop = ofproto;
8449c4d6
EJ		 1205 }
1206
1dfdb9b3 1207 if (ipfix) {
f9038ef6 1208 *ipfix = xport ? xport->xbridge->ipfix : NULL;
1dfdb9b3
EJ		 1209 }
1210
1211 if (sflow) {
f9038ef6 1212 *sflow = xport ? xport->xbridge->sflow : NULL;
1dfdb9b3
EJ		 1213 }
1214
1215 if (netflow) {
f9038ef6 1216 *netflow = xport ? xport->xbridge->netflow : NULL;
1dfdb9b3 1217 }
f9038ef6 1218
cc377352 1219 return 0;
8449c4d6
EJ		 1220}
1221
46c88433 1222static struct xbridge *
84f0f298 1223xbridge_lookup(struct xlate_cfg *xcfg, const struct ofproto_dpif *ofproto)
46c88433 1224{
84f0f298 1225 struct hmap *xbridges;
46c88433
EJ		 1226 struct xbridge *xbridge;
1227
84f0f298 1228 if (!ofproto || !xcfg) {
5e6af486
EJ		 1229 return NULL;
1230 }
1231
84f0f298
RW		 1232 xbridges = &xcfg->xbridges;
1233
46c88433 1234 HMAP_FOR_EACH_IN_BUCKET (xbridge, hmap_node, hash_pointer(ofproto, 0),
84f0f298 1235 xbridges) {
46c88433
EJ		 1236 if (xbridge->ofproto == ofproto) {
1237 return xbridge;
1238 }
1239 }
1240 return NULL;
1241}
1242
290835f9
BP		 1243static struct xbridge *
1244xbridge_lookup_by_uuid(struct xlate_cfg *xcfg, const struct uuid *uuid)
1245{
1246 struct xbridge *xbridge;
1247
1248 HMAP_FOR_EACH (xbridge, hmap_node, &xcfg->xbridges) {
07a3cd5c 1249 if (uuid_equals(&xbridge->ofproto->uuid, uuid)) {
290835f9
BP		 1250 return xbridge;
1251 }
1252 }
1253 return NULL;
1254}
1255
46c88433 1256static struct xbundle *
84f0f298 1257xbundle_lookup(struct xlate_cfg *xcfg, const struct ofbundle *ofbundle)
46c88433 1258{
84f0f298 1259 struct hmap *xbundles;
46c88433
EJ		 1260 struct xbundle *xbundle;
1261
84f0f298 1262 if (!ofbundle || !xcfg) {
5e6af486
EJ		 1263 return NULL;
1264 }
1265
84f0f298
RW		 1266 xbundles = &xcfg->xbundles;
1267
46c88433 1268 HMAP_FOR_EACH_IN_BUCKET (xbundle, hmap_node, hash_pointer(ofbundle, 0),
84f0f298 1269 xbundles) {
46c88433
EJ		 1270 if (xbundle->ofbundle == ofbundle) {
1271 return xbundle;
1272 }
1273 }
1274 return NULL;
1275}
1276
1277static struct xport *
84f0f298 1278xport_lookup(struct xlate_cfg *xcfg, const struct ofport_dpif *ofport)
46c88433 1279{
84f0f298 1280 struct hmap *xports;
46c88433
EJ		 1281 struct xport *xport;
1282
84f0f298 1283 if (!ofport || !xcfg) {
5e6af486
EJ		 1284 return NULL;
1285 }
1286
84f0f298
RW		 1287 xports = &xcfg->xports;
1288
46c88433 1289 HMAP_FOR_EACH_IN_BUCKET (xport, hmap_node, hash_pointer(ofport, 0),
84f0f298 1290 xports) {
46c88433
EJ		 1291 if (xport->ofport == ofport) {
1292 return xport;
1293 }
1294 }
1295 return NULL;
1296}
1297
40085e56
EJ		 1298static struct stp_port *
1299xport_get_stp_port(const struct xport *xport)
1300{
92cf817b 1301 return xport->xbridge->stp && xport->stp_port_no != -1
40085e56
EJ		 1302 ? stp_get_port(xport->xbridge->stp, xport->stp_port_no)
1303 : NULL;
1304}
9d189a50 1305
0d1cee12 1306static bool
9d189a50
EJ		 1307xport_stp_learn_state(const struct xport *xport)
1308{
40085e56 1309 struct stp_port *sp = xport_get_stp_port(xport);
4b5f1996
DV		 1310 return sp
1311 ? stp_learn_in_state(stp_port_get_state(sp))
1312 : true;
9d189a50
EJ		 1313}
1314
1315static bool
1316xport_stp_forward_state(const struct xport *xport)
1317{
40085e56 1318 struct stp_port *sp = xport_get_stp_port(xport);
4b5f1996
DV		 1319 return sp
1320 ? stp_forward_in_state(stp_port_get_state(sp))
1321 : true;
9d189a50
EJ		 1322}
1323
0d1cee12 1324static bool
bacdb85a 1325xport_stp_should_forward_bpdu(const struct xport *xport)
0d1cee12
K		 1326{
1327 struct stp_port *sp = xport_get_stp_port(xport);
bacdb85a 1328 return stp_should_forward_bpdu(sp ? stp_port_get_state(sp) : STP_DISABLED);
0d1cee12
K		 1329}
1330
9d189a50
EJ		 1331/* Returns true if STP should process 'flow'. Sets fields in 'wc' that
1332 * were used to make the determination.*/
1333static bool
1334stp_should_process_flow(const struct flow *flow, struct flow_wildcards *wc)
1335{
bbbca389 1336 /* is_stp() also checks dl_type, but dl_type is always set in 'wc'. */
9d189a50 1337 memset(&wc->masks.dl_dst, 0xff, sizeof wc->masks.dl_dst);
bbbca389 1338 return is_stp(flow);
9d189a50
EJ		 1339}
1340
1341static void
cf62fa4c 1342stp_process_packet(const struct xport *xport, const struct dp_packet *packet)
9d189a50 1343{
40085e56 1344 struct stp_port *sp = xport_get_stp_port(xport);
cf62fa4c
PS		 1345 struct dp_packet payload = *packet;
1346 struct eth_header *eth = dp_packet_data(&payload);
9d189a50
EJ		 1347
1348 /* Sink packets on ports that have STP disabled when the bridge has
1349 * STP enabled. */
1350 if (!sp || stp_port_get_state(sp) == STP_DISABLED) {
1351 return;
1352 }
1353
1354 /* Trim off padding on payload. */
cf62fa4c
PS		 1355 if (dp_packet_size(&payload) > ntohs(eth->eth_type) + ETH_HEADER_LEN) {
1356 dp_packet_set_size(&payload, ntohs(eth->eth_type) + ETH_HEADER_LEN);
9d189a50
EJ		 1357 }
1358
cf62fa4c
PS		 1359 if (dp_packet_try_pull(&payload, ETH_HEADER_LEN + LLC_HEADER_LEN)) {
1360 stp_received_bpdu(sp, dp_packet_data(&payload), dp_packet_size(&payload));
9d189a50
EJ		 1361 }
1362}
1363
f025bcb7
JR		 1364static enum rstp_state
1365xport_get_rstp_port_state(const struct xport *xport)
9efd308e 1366{
f025bcb7
JR		 1367 return xport->rstp_port
1368 ? rstp_port_get_state(xport->rstp_port)
1369 : RSTP_DISABLED;
9efd308e
DV		 1370}
1371
1372static bool
1373xport_rstp_learn_state(const struct xport *xport)
1374{
4b5f1996
DV		 1375 return xport->xbridge->rstp && xport->rstp_port
1376 ? rstp_learn_in_state(xport_get_rstp_port_state(xport))
1377 : true;
9efd308e
DV		 1378}
1379
1380static bool
1381xport_rstp_forward_state(const struct xport *xport)
1382{
4b5f1996
DV		 1383 return xport->xbridge->rstp && xport->rstp_port
1384 ? rstp_forward_in_state(xport_get_rstp_port_state(xport))
1385 : true;
9efd308e
DV		 1386}
1387
1388static bool
1389xport_rstp_should_manage_bpdu(const struct xport *xport)
1390{
f025bcb7 1391 return rstp_should_manage_bpdu(xport_get_rstp_port_state(xport));
9efd308e
DV		 1392}
1393
1394static void
cf62fa4c 1395rstp_process_packet(const struct xport *xport, const struct dp_packet *packet)
9efd308e 1396{
cf62fa4c
PS		 1397 struct dp_packet payload = *packet;
1398 struct eth_header *eth = dp_packet_data(&payload);
9efd308e 1399
f025bcb7
JR		 1400 /* Sink packets on ports that have no RSTP. */
1401 if (!xport->rstp_port) {
9efd308e
DV		 1402 return;
1403 }
1404
1405 /* Trim off padding on payload. */
cf62fa4c
PS		 1406 if (dp_packet_size(&payload) > ntohs(eth->eth_type) + ETH_HEADER_LEN) {
1407 dp_packet_set_size(&payload, ntohs(eth->eth_type) + ETH_HEADER_LEN);
9efd308e
DV		 1408 }
1409
cf62fa4c
PS		 1410 if (dp_packet_try_pull(&payload, ETH_HEADER_LEN + LLC_HEADER_LEN)) {
1411 rstp_port_received_bpdu(xport->rstp_port, dp_packet_data(&payload),
1412 dp_packet_size(&payload));
9efd308e
DV		 1413 }
1414}
1415
46c88433
EJ		 1416static struct xport *
1417get_ofp_port(const struct xbridge *xbridge, ofp_port_t ofp_port)
1418{
1419 struct xport *xport;
1420
1421 HMAP_FOR_EACH_IN_BUCKET (xport, ofp_node, hash_ofp_port(ofp_port),
1422 &xbridge->xports) {
1423 if (xport->ofp_port == ofp_port) {
1424 return xport;
1425 }
1426 }
1427 return NULL;
1428}
1429
1430static odp_port_t
1431ofp_port_to_odp_port(const struct xbridge *xbridge, ofp_port_t ofp_port)
1432{
1433 const struct xport *xport = get_ofp_port(xbridge, ofp_port);
1434 return xport ? xport->odp_port : ODPP_NONE;
1435}
1436
dd8cd4b4
SH		 1437static bool
1438odp_port_is_alive(const struct xlate_ctx *ctx, ofp_port_t ofp_port)
1439{
086fa873
BP		 1440 struct xport *xport = get_ofp_port(ctx->xbridge, ofp_port);
1441 return xport && xport->may_enable;
dd8cd4b4
SH		 1442}
1443
1e684d7d 1444static struct ofputil_bucket *
dd8cd4b4
SH		 1445group_first_live_bucket(const struct xlate_ctx *, const struct group_dpif *,
1446 int depth);
1447
1448static bool
1449group_is_alive(const struct xlate_ctx *ctx, uint32_t group_id, int depth)
1450{
1451 struct group_dpif *group;
dd8cd4b4 1452
5d08a275 1453 group = group_dpif_lookup(ctx->xbridge->ofproto, group_id,
1f4a8933 1454 ctx->xin->tables_version, false);
db88b35c 1455 if (group) {
76973237 1456 return group_first_live_bucket(ctx, group, depth) != NULL;
dc25893e 1457 }
dd8cd4b4 1458
dc25893e 1459 return false;
dd8cd4b4
SH		 1460}
1461
1462#define MAX_LIVENESS_RECURSION 128 /* Arbitrary limit */
1463
1464static bool
1465bucket_is_alive(const struct xlate_ctx *ctx,
1e684d7d 1466 struct ofputil_bucket *bucket, int depth)
dd8cd4b4
SH		 1467{
1468 if (depth >= MAX_LIVENESS_RECURSION) {
1469 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
1470
1471 VLOG_WARN_RL(&rl, "bucket chaining exceeded %d links",
1472 MAX_LIVENESS_RECURSION);
1473 return false;
1474 }
1475
fdb1999b
AZ		 1476 return (!ofputil_bucket_has_liveness(bucket)
1477 || (bucket->watch_port != OFPP_ANY
1478 && odp_port_is_alive(ctx, bucket->watch_port))
1479 || (bucket->watch_group != OFPG_ANY
1480 && group_is_alive(ctx, bucket->watch_group, depth + 1)));
dd8cd4b4
SH		 1481}
1482
1e684d7d 1483static struct ofputil_bucket *
dd8cd4b4
SH		 1484group_first_live_bucket(const struct xlate_ctx *ctx,
1485 const struct group_dpif *group, int depth)
1486{
1487 struct ofputil_bucket *bucket;
07a3cd5c 1488 LIST_FOR_EACH (bucket, list_node, &group->up.buckets) {
dd8cd4b4
SH		 1489 if (bucket_is_alive(ctx, bucket, depth)) {
1490 return bucket;
1491 }
1492 }
1493
1494 return NULL;
1495}
1496
1e684d7d 1497static struct ofputil_bucket *
fe7e5749
SH		 1498group_best_live_bucket(const struct xlate_ctx *ctx,
1499 const struct group_dpif *group,
1500 uint32_t basis)
1501{
1e684d7d 1502 struct ofputil_bucket *best_bucket = NULL;
fe7e5749 1503 uint32_t best_score = 0;
fe7e5749 1504
1e684d7d 1505 struct ofputil_bucket *bucket;
07a3cd5c 1506 LIST_FOR_EACH (bucket, list_node, &group->up.buckets) {
fe7e5749 1507 if (bucket_is_alive(ctx, bucket, 0)) {
c09cb861
LS		 1508 uint32_t score =
1509 (hash_int(bucket->bucket_id, basis) & 0xffff) * bucket->weight;
fe7e5749
SH		 1510 if (score >= best_score) {
1511 best_bucket = bucket;
1512 best_score = score;
1513 }
1514 }
fe7e5749
SH		 1515 }
1516
1517 return best_bucket;
1518}
1519
9583bc14 1520static bool
46c88433 1521xbundle_trunks_vlan(const struct xbundle *bundle, uint16_t vlan)
9583bc14
EJ		 1522{
1523 return (bundle->vlan_mode != PORT_VLAN_ACCESS
1524 && (!bundle->trunks || bitmap_is_set(bundle->trunks, vlan)));
1525}
1526
1527static bool
46c88433
EJ		 1528xbundle_includes_vlan(const struct xbundle *xbundle, uint16_t vlan)
1529{
1530 return vlan == xbundle->vlan || xbundle_trunks_vlan(xbundle, vlan);
1531}
1532
1533static mirror_mask_t
1534xbundle_mirror_out(const struct xbridge *xbridge, struct xbundle *xbundle)
1535{
1536 return xbundle != &ofpp_none_bundle
1537 ? mirror_bundle_out(xbridge->mbridge, xbundle->ofbundle)
1538 : 0;
1539}
1540
1541static mirror_mask_t
1542xbundle_mirror_src(const struct xbridge *xbridge, struct xbundle *xbundle)
9583bc14 1543{
46c88433
EJ		 1544 return xbundle != &ofpp_none_bundle
1545 ? mirror_bundle_src(xbridge->mbridge, xbundle->ofbundle)
1546 : 0;
9583bc14
EJ		 1547}
1548
46c88433
EJ		 1549static mirror_mask_t
1550xbundle_mirror_dst(const struct xbridge *xbridge, struct xbundle *xbundle)
9583bc14 1551{
46c88433
EJ		 1552 return xbundle != &ofpp_none_bundle
1553 ? mirror_bundle_dst(xbridge->mbridge, xbundle->ofbundle)
1554 : 0;
1555}
1556
1557static struct xbundle *
1558lookup_input_bundle(const struct xbridge *xbridge, ofp_port_t in_port,
1559 bool warn, struct xport **in_xportp)
1560{
1561 struct xport *xport;
9583bc14
EJ		 1562
1563 /* Find the port and bundle for the received packet. */
46c88433
EJ		 1564 xport = get_ofp_port(xbridge, in_port);
1565 if (in_xportp) {
1566 *in_xportp = xport;
9583bc14 1567 }
46c88433
EJ		 1568 if (xport && xport->xbundle) {
1569 return xport->xbundle;
9583bc14
EJ		 1570 }
1571
6362203b
YT		 1572 /* Special-case OFPP_NONE (OF1.0) and OFPP_CONTROLLER (OF1.1+),
1573 * which a controller may use as the ingress port for traffic that
1574 * it is sourcing. */
1575 if (in_port == OFPP_CONTROLLER || in_port == OFPP_NONE) {
9583bc14
EJ		 1576 return &ofpp_none_bundle;
1577 }
1578
1579 /* Odd. A few possible reasons here:
1580 *
1581 * - We deleted a port but there are still a few packets queued up
1582 * from it.
1583 *
1584 * - Someone externally added a port (e.g. "ovs-dpctl add-if") that
1585 * we don't know about.
1586 *
1587 * - The ofproto client didn't configure the port as part of a bundle.
1588 * This is particularly likely to happen if a packet was received on the
1589 * port after it was created, but before the client had a chance to
1590 * configure its bundle.
1591 */
1592 if (warn) {
1593 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
1594
1595 VLOG_WARN_RL(&rl, "bridge %s: received packet on unknown "
46c88433 1596 "port %"PRIu16, xbridge->name, in_port);
9583bc14
EJ		 1597 }
1598 return NULL;
1599}
1600
faa624b4
BP		 1601/* Mirrors the packet represented by 'ctx' to appropriate mirror destinations,
1602 * given the packet is ingressing or egressing on 'xbundle', which has ingress
1603 * or egress (as appropriate) mirrors 'mirrors'. */
9583bc14 1604static void
7efbc3b7
BP		 1605mirror_packet(struct xlate_ctx *ctx, struct xbundle *xbundle,
1606 mirror_mask_t mirrors)
9583bc14 1607{
faa624b4
BP		 1608 /* Figure out what VLAN the packet is in (because mirrors can select
1609 * packets on basis of VLAN). */
7efbc3b7
BP		 1610 bool warn = ctx->xin->packet != NULL;
1611 uint16_t vid = vlan_tci_to_vid(ctx->xin->flow.vlan_tci);
1612 if (!input_vid_is_valid(vid, xbundle, warn)) {
9583bc14
EJ		 1613 return;
1614 }
7efbc3b7 1615 uint16_t vlan = input_vid_to_vlan(xbundle, vid);
9583bc14 1616
7efbc3b7 1617 const struct xbridge *xbridge = ctx->xbridge;
9583bc14 1618
7efbc3b7
BP		 1619 /* Don't mirror to destinations that we've already mirrored to. */
1620 mirrors &= ~ctx->mirrors;
9583bc14
EJ		 1621 if (!mirrors) {
1622 return;
1623 }
1624
7efbc3b7
BP		 1625 if (ctx->xin->resubmit_stats) {
1626 mirror_update_stats(xbridge->mbridge, mirrors,
1627 ctx->xin->resubmit_stats->n_packets,
1628 ctx->xin->resubmit_stats->n_bytes);
1629 }
1630 if (ctx->xin->xcache) {
1631 struct xc_entry *entry;
1632
1633 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_MIRROR);
901a517e
JR		 1634 entry->mirror.mbridge = mbridge_ref(xbridge->mbridge);
1635 entry->mirror.mirrors = mirrors;
7efbc3b7 1636 }
9583bc14 1637
faa624b4
BP		 1638 /* 'mirrors' is a bit-mask of candidates for mirroring. Iterate as long as
1639 * some candidates remain. */
9583bc14 1640 while (mirrors) {
7efbc3b7 1641 const unsigned long *vlans;
ec7ceaed
EJ		 1642 mirror_mask_t dup_mirrors;
1643 struct ofbundle *out;
ec7ceaed 1644 int out_vlan;
1356dbd1 1645 int snaplen;
ec7ceaed 1646
faa624b4 1647 /* Get the details of the mirror represented by the rightmost 1-bit. */
7efbc3b7 1648 bool has_mirror = mirror_get(xbridge->mbridge, raw_ctz(mirrors),
1356dbd1
WT		 1649 &vlans, &dup_mirrors,
1650 &out, &snaplen, &out_vlan);
ec7ceaed
EJ		 1651 ovs_assert(has_mirror);
1652
1356dbd1 1653
faa624b4
BP		 1654 /* If this mirror selects on the basis of VLAN, and it does not select
1655 * 'vlan', then discard this mirror and go on to the next one. */
ec7ceaed 1656 if (vlans) {
49a73e0c 1657 ctx->wc->masks.vlan_tci |= htons(VLAN_CFI | VLAN_VID_MASK);
9583bc14 1658 }
7efbc3b7 1659 if (vlans && !bitmap_is_set(vlans, vlan)) {
9583bc14
EJ		 1660 mirrors = zero_rightmost_1bit(mirrors);
1661 continue;
1662 }
1663
faa624b4
BP		 1664 /* Record the mirror, and the mirrors that output to the same
1665 * destination, so that we don't mirror to them again. This must be
1666 * done now to ensure that output_normal(), below, doesn't recursively
1667 * output to the same mirrors. */
3d6151f3 1668 ctx->mirrors |= dup_mirrors;
1356dbd1 1669 ctx->mirror_snaplen = snaplen;
faa624b4
BP		 1670
1671 /* Send the packet to the mirror. */
ec7ceaed 1672 if (out) {
84f0f298
RW		 1673 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
1674 struct xbundle *out_xbundle = xbundle_lookup(xcfg, out);
46c88433
EJ		 1675 if (out_xbundle) {
1676 output_normal(ctx, out_xbundle, vlan);
1677 }
ec7ceaed 1678 } else if (vlan != out_vlan
7efbc3b7 1679 && !eth_addr_is_reserved(ctx->xin->flow.dl_dst)) {
46c88433 1680 struct xbundle *xbundle;
9583bc14 1681
46c88433
EJ		 1682 LIST_FOR_EACH (xbundle, list_node, &xbridge->xbundles) {
1683 if (xbundle_includes_vlan(xbundle, out_vlan)
1684 && !xbundle_mirror_out(xbridge, xbundle)) {
1685 output_normal(ctx, xbundle, out_vlan);
9583bc14
EJ		 1686 }
1687 }
1688 }
faa624b4
BP		 1689
1690 /* output_normal() could have recursively output (to different
1691 * mirrors), so make sure that we don't send duplicates. */
1692 mirrors &= ~ctx->mirrors;
1356dbd1 1693 ctx->mirror_snaplen = 0;
9583bc14
EJ		 1694 }
1695}
1696
7efbc3b7
BP		 1697static void
1698mirror_ingress_packet(struct xlate_ctx *ctx)
1699{
1700 if (mbridge_has_mirrors(ctx->xbridge->mbridge)) {
1701 bool warn = ctx->xin->packet != NULL;
1702 struct xbundle *xbundle = lookup_input_bundle(
1703 ctx->xbridge, ctx->xin->flow.in_port.ofp_port, warn, NULL);
1704 if (xbundle) {
1705 mirror_packet(ctx, xbundle,
1706 xbundle_mirror_src(ctx->xbridge, xbundle));
1707 }
1708 }
1709}
1710
9583bc14 1711/* Given 'vid', the VID obtained from the 802.1Q header that was received as
46c88433 1712 * part of a packet (specify 0 if there was no 802.1Q header), and 'in_xbundle',
9583bc14
EJ		 1713 * the bundle on which the packet was received, returns the VLAN to which the
1714 * packet belongs.
1715 *
1716 * Both 'vid' and the return value are in the range 0...4095. */
1717static uint16_t
46c88433 1718input_vid_to_vlan(const struct xbundle *in_xbundle, uint16_t vid)
9583bc14 1719{
46c88433 1720 switch (in_xbundle->vlan_mode) {
9583bc14 1721 case PORT_VLAN_ACCESS:
46c88433 1722 return in_xbundle->vlan;
9583bc14
EJ		 1723 break;
1724
1725 case PORT_VLAN_TRUNK:
1726 return vid;
1727
1728 case PORT_VLAN_NATIVE_UNTAGGED:
1729 case PORT_VLAN_NATIVE_TAGGED:
46c88433 1730 return vid ? vid : in_xbundle->vlan;
9583bc14
EJ		 1731
1732 default:
428b2edd 1733 OVS_NOT_REACHED();
9583bc14
EJ		 1734 }
1735}
1736
46c88433 1737/* Checks whether a packet with the given 'vid' may ingress on 'in_xbundle'.
9583bc14
EJ		 1738 * If so, returns true. Otherwise, returns false and, if 'warn' is true, logs
1739 * a warning.
1740 *
1741 * 'vid' should be the VID obtained from the 802.1Q header that was received as
1742 * part of a packet (specify 0 if there was no 802.1Q header), in the range
1743 * 0...4095. */
1744static bool
46c88433 1745input_vid_is_valid(uint16_t vid, struct xbundle *in_xbundle, bool warn)
9583bc14
EJ		 1746{
1747 /* Allow any VID on the OFPP_NONE port. */
46c88433 1748 if (in_xbundle == &ofpp_none_bundle) {
9583bc14
EJ		 1749 return true;
1750 }
1751
46c88433 1752 switch (in_xbundle->vlan_mode) {
9583bc14
EJ		 1753 case PORT_VLAN_ACCESS:
1754 if (vid) {
1755 if (warn) {
1756 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
46c88433 1757 VLOG_WARN_RL(&rl, "dropping VLAN %"PRIu16" tagged "
9583bc14 1758 "packet received on port %s configured as VLAN "
46c88433
EJ		 1759 "%"PRIu16" access port", vid, in_xbundle->name,
1760 in_xbundle->vlan);
9583bc14
EJ		 1761 }
1762 return false;
1763 }
1764 return true;
1765
1766 case PORT_VLAN_NATIVE_UNTAGGED:
1767 case PORT_VLAN_NATIVE_TAGGED:
1768 if (!vid) {
1769 /* Port must always carry its native VLAN. */
1770 return true;
1771 }
1772 /* Fall through. */
1773 case PORT_VLAN_TRUNK:
46c88433 1774 if (!xbundle_includes_vlan(in_xbundle, vid)) {
9583bc14
EJ		 1775 if (warn) {
1776 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
46c88433 1777 VLOG_WARN_RL(&rl, "dropping VLAN %"PRIu16" packet "
9583bc14 1778 "received on port %s not configured for trunking "
46c88433 1779 "VLAN %"PRIu16, vid, in_xbundle->name, vid);
9583bc14
EJ		 1780 }
1781 return false;
1782 }
1783 return true;
1784
1785 default:
428b2edd 1786 OVS_NOT_REACHED();
9583bc14
EJ		 1787 }
1788
1789}
1790
1791/* Given 'vlan', the VLAN that a packet belongs to, and
46c88433 1792 * 'out_xbundle', a bundle on which the packet is to be output, returns the VID
9583bc14
EJ		 1793 * that should be included in the 802.1Q header. (If the return value is 0,
1794 * then the 802.1Q header should only be included in the packet if there is a
1795 * nonzero PCP.)
1796 *
1797 * Both 'vlan' and the return value are in the range 0...4095. */
1798static uint16_t
46c88433 1799output_vlan_to_vid(const struct xbundle *out_xbundle, uint16_t vlan)
9583bc14 1800{
46c88433 1801 switch (out_xbundle->vlan_mode) {
9583bc14
EJ		 1802 case PORT_VLAN_ACCESS:
1803 return 0;
1804
1805 case PORT_VLAN_TRUNK:
1806 case PORT_VLAN_NATIVE_TAGGED:
1807 return vlan;
1808
1809 case PORT_VLAN_NATIVE_UNTAGGED:
46c88433 1810 return vlan == out_xbundle->vlan ? 0 : vlan;
9583bc14
EJ		 1811
1812 default:
428b2edd 1813 OVS_NOT_REACHED();
9583bc14
EJ		 1814 }
1815}
1816
1817static void
46c88433 1818output_normal(struct xlate_ctx *ctx, const struct xbundle *out_xbundle,
9583bc14
EJ		 1819 uint16_t vlan)
1820{
33bf9176 1821 ovs_be16 *flow_tci = &ctx->xin->flow.vlan_tci;
9583bc14
EJ		 1822 uint16_t vid;
1823 ovs_be16 tci, old_tci;
46c88433 1824 struct xport *xport;
e93ef1c7
JR		 1825 struct xlate_bond_recirc xr;
1826 bool use_recirc = false;
9583bc14 1827
46c88433 1828 vid = output_vlan_to_vid(out_xbundle, vlan);
417e7e66 1829 if (ovs_list_is_empty(&out_xbundle->xports)) {
46c88433
EJ		 1830 /* Partially configured bundle with no slaves. Drop the packet. */
1831 return;
1832 } else if (!out_xbundle->bond) {
417e7e66 1833 xport = CONTAINER_OF(ovs_list_front(&out_xbundle->xports), struct xport,
46c88433 1834 bundle_node);
9583bc14 1835 } else {
84f0f298 1836 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
49a73e0c 1837 struct flow_wildcards *wc = ctx->wc;
84f0f298 1838 struct ofport_dpif *ofport;
adcf00ba 1839
2494ccd7 1840 if (ctx->xbridge->support.odp.recirc) {
e93ef1c7
JR		 1841 use_recirc = bond_may_recirc(
1842 out_xbundle->bond, &xr.recirc_id, &xr.hash_basis);
adcf00ba 1843
e93ef1c7 1844 if (use_recirc) {
adcf00ba 1845 /* Only TCP mode uses recirculation. */
e93ef1c7 1846 xr.hash_alg = OVS_HASH_ALG_L4;
adcf00ba 1847 bond_update_post_recirc_rules(out_xbundle->bond, false);
54ecb5a2
AZ		 1848
1849 /* Recirculation does not require unmasking hash fields. */
1850 wc = NULL;
adcf00ba
AZ		 1851 }
1852 }
46c88433 1853
54ecb5a2
AZ		 1854 ofport = bond_choose_output_slave(out_xbundle->bond,
1855 &ctx->xin->flow, wc, vid);
84f0f298 1856 xport = xport_lookup(xcfg, ofport);
46c88433
EJ		 1857
1858 if (!xport) {
9583bc14
EJ		 1859 /* No slaves enabled, so drop packet. */
1860 return;
1861 }
d6fc5f57 1862
e93ef1c7 1863 /* If use_recirc is set, the main thread will handle stats
b256dc52 1864 * accounting for this bond. */
e93ef1c7 1865 if (!use_recirc) {
b256dc52
JS		 1866 if (ctx->xin->resubmit_stats) {
1867 bond_account(out_xbundle->bond, &ctx->xin->flow, vid,
1868 ctx->xin->resubmit_stats->n_bytes);
1869 }
1870 if (ctx->xin->xcache) {
1871 struct xc_entry *entry;
1872 struct flow *flow;
1873
1874 flow = &ctx->xin->flow;
1875 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_BOND);
901a517e
JR		 1876 entry->bond.bond = bond_ref(out_xbundle->bond);
1877 entry->bond.flow = xmemdup(flow, sizeof *flow);
1878 entry->bond.vid = vid;
b256dc52 1879 }
d6fc5f57 1880 }
9583bc14
EJ		 1881 }
1882
33bf9176 1883 old_tci = *flow_tci;
9583bc14 1884 tci = htons(vid);
46c88433 1885 if (tci || out_xbundle->use_priority_tags) {
33bf9176 1886 tci |= *flow_tci & htons(VLAN_PCP_MASK);
9583bc14
EJ		 1887 if (tci) {
1888 tci |= htons(VLAN_CFI);
1889 }
1890 }
33bf9176 1891 *flow_tci = tci;
9583bc14 1892
e93ef1c7 1893 compose_output_action(ctx, xport->ofp_port, use_recirc ? &xr : NULL);
33bf9176 1894 *flow_tci = old_tci;
9583bc14
EJ		 1895}
1896
1897/* A VM broadcasts a gratuitous ARP to indicate that it has resumed after
1898 * migration. Older Citrix-patched Linux DomU used gratuitous ARP replies to
1899 * indicate this; newer upstream kernels use gratuitous ARP requests. */
1900static bool
1901is_gratuitous_arp(const struct flow *flow, struct flow_wildcards *wc)
1902{
1903 if (flow->dl_type != htons(ETH_TYPE_ARP)) {
1904 return false;
1905 }
1906
1907 memset(&wc->masks.dl_dst, 0xff, sizeof wc->masks.dl_dst);
1908 if (!eth_addr_is_broadcast(flow->dl_dst)) {
1909 return false;
1910 }
1911
1912 memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
1913 if (flow->nw_proto == ARP_OP_REPLY) {
1914 return true;
1915 } else if (flow->nw_proto == ARP_OP_REQUEST) {
1916 memset(&wc->masks.nw_src, 0xff, sizeof wc->masks.nw_src);
1917 memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst);
1918
1919 return flow->nw_src == flow->nw_dst;
1920 } else {
1921 return false;
1922 }
1923}
1924
ff69c24a
FL		 1925/* Determines whether packets in 'flow' within 'xbridge' should be forwarded or
1926 * dropped. Returns true if they may be forwarded, false if they should be
1927 * dropped.
1928 *
1929 * 'in_port' must be the xport that corresponds to flow->in_port.
1930 * 'in_port' must be part of a bundle (e.g. in_port->bundle must be nonnull).
1931 *
1932 * 'vlan' must be the VLAN that corresponds to flow->vlan_tci on 'in_port', as
1933 * returned by input_vid_to_vlan(). It must be a valid VLAN for 'in_port', as
1934 * checked by input_vid_is_valid().
1935 *
1936 * May also add tags to '*tags', although the current implementation only does
1937 * so in one special case.
1938 */
1939static bool
1940is_admissible(struct xlate_ctx *ctx, struct xport *in_port,
1941 uint16_t vlan)
1942{
1943 struct xbundle *in_xbundle = in_port->xbundle;
1944 const struct xbridge *xbridge = ctx->xbridge;
1945 struct flow *flow = &ctx->xin->flow;
1946
1947 /* Drop frames for reserved multicast addresses
1948 * only if forward_bpdu option is absent. */
1949 if (!xbridge->forward_bpdu && eth_addr_is_reserved(flow->dl_dst)) {
1950 xlate_report(ctx, "packet has reserved destination MAC, dropping");
1951 return false;
1952 }
1953
1954 if (in_xbundle->bond) {
1955 struct mac_entry *mac;
1956
1957 switch (bond_check_admissibility(in_xbundle->bond, in_port->ofport,
1958 flow->dl_dst)) {
1959 case BV_ACCEPT:
1960 break;
1961
1962 case BV_DROP:
1963 xlate_report(ctx, "bonding refused admissibility, dropping");
1964 return false;
1965
1966 case BV_DROP_IF_MOVED:
1967 ovs_rwlock_rdlock(&xbridge->ml->rwlock);
1968 mac = mac_learning_lookup(xbridge->ml, flow->dl_src, vlan);
9d078ec2
BP		 1969 if (mac
1970 && mac_entry_get_port(xbridge->ml, mac) != in_xbundle->ofbundle
49a73e0c 1971 && (!is_gratuitous_arp(flow, ctx->wc)
9d078ec2 1972 || mac_entry_is_grat_arp_locked(mac))) {
ff69c24a
FL		 1973 ovs_rwlock_unlock(&xbridge->ml->rwlock);
1974 xlate_report(ctx, "SLB bond thinks this packet looped back, "
1975 "dropping");
1976 return false;
1977 }
1978 ovs_rwlock_unlock(&xbridge->ml->rwlock);
1979 break;
1980 }
1981 }
1982
1983 return true;
1984}
1985
ee047520 1986static void
064799a1
JR		 1987update_learning_table(const struct xbridge *xbridge,
1988 struct xbundle *in_xbundle, struct eth_addr dl_src,
1989 int vlan, bool is_grat_arp)
ee047520 1990{
064799a1 1991 if (in_xbundle == &ofpp_none_bundle) {
ee047520 1992 return;
9583bc14
EJ		 1993 }
1994
064799a1
JR		 1995 if (mac_learning_update(xbridge->ml, dl_src, vlan, is_grat_arp,
1996 in_xbundle->bond != NULL, in_xbundle->ofbundle)) {
9583bc14
EJ		 1997 /* The log messages here could actually be useful in debugging,
1998 * so keep the rate limit relatively high. */
1999 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, 300);
ee047520 2000
9583bc14
EJ		 2001 VLOG_DBG_RL(&rl, "bridge %s: learned that "ETH_ADDR_FMT" is "
2002 "on port %s in VLAN %d",
064799a1
JR		 2003 xbridge->name, ETH_ADDR_ARGS(dl_src), in_xbundle->name,
2004 vlan);
ee047520 2005 }
9583bc14
EJ		 2006}
2007
86e2dcdd
FL		 2008/* Updates multicast snooping table 'ms' given that a packet matching 'flow'
2009 * was received on 'in_xbundle' in 'vlan' and is either Report or Query. */
2010static void
06994f87
TLSC		 2011update_mcast_snooping_table4__(const struct xbridge *xbridge,
2012 const struct flow *flow,
2013 struct mcast_snooping *ms, int vlan,
2014 struct xbundle *in_xbundle,
2015 const struct dp_packet *packet)
86e2dcdd
FL		 2016 OVS_REQ_WRLOCK(ms->rwlock)
2017{
2018 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(60, 30);
46445c63 2019 const struct igmp_header *igmp;
e3102e42 2020 int count;
46445c63 2021 size_t offset;
06994f87 2022 ovs_be32 ip4 = flow->igmp_group_ip4;
86e2dcdd 2023
46445c63
EC		 2024 offset = (char *) dp_packet_l4(packet) - (char *) dp_packet_data(packet);
2025 igmp = dp_packet_at(packet, offset, IGMP_HEADER_LEN);
2026 if (!igmp || csum(igmp, dp_packet_l4_size(packet)) != 0) {
2027 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping received bad IGMP "
2028 "checksum on port %s in VLAN %d",
2029 xbridge->name, in_xbundle->name, vlan);
2030 return;
2031 }
2032
86e2dcdd
FL		 2033 switch (ntohs(flow->tp_src)) {
2034 case IGMP_HOST_MEMBERSHIP_REPORT:
2035 case IGMPV2_HOST_MEMBERSHIP_REPORT:
964a4d5f 2036 if (mcast_snooping_add_group4(ms, ip4, vlan, in_xbundle->ofbundle)) {
86e2dcdd
FL		 2037 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping learned that "
2038 IP_FMT" is on port %s in VLAN %d",
2039 xbridge->name, IP_ARGS(ip4), in_xbundle->name, vlan);
2040 }
2041 break;
2042 case IGMP_HOST_LEAVE_MESSAGE:
964a4d5f 2043 if (mcast_snooping_leave_group4(ms, ip4, vlan, in_xbundle->ofbundle)) {
86e2dcdd
FL		 2044 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping leaving "
2045 IP_FMT" is on port %s in VLAN %d",
2046 xbridge->name, IP_ARGS(ip4), in_xbundle->name, vlan);
2047 }
2048 break;
2049 case IGMP_HOST_MEMBERSHIP_QUERY:
2050 if (flow->nw_src && mcast_snooping_add_mrouter(ms, vlan,
2051 in_xbundle->ofbundle)) {
2052 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping query from "
2053 IP_FMT" is on port %s in VLAN %d",
2054 xbridge->name, IP_ARGS(flow->nw_src),
2055 in_xbundle->name, vlan);
2056 }
2057 break;
e3102e42
TLSC		 2058 case IGMPV3_HOST_MEMBERSHIP_REPORT:
2059 if ((count = mcast_snooping_add_report(ms, packet, vlan,
2060 in_xbundle->ofbundle))) {
2061 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping processed %d "
2062 "addresses on port %s in VLAN %d",
2063 xbridge->name, count, in_xbundle->name, vlan);
2064 }
2065 break;
86e2dcdd
FL		 2066 }
2067}
2068
06994f87
TLSC		 2069static void
2070update_mcast_snooping_table6__(const struct xbridge *xbridge,
2071 const struct flow *flow,
2072 struct mcast_snooping *ms, int vlan,
2073 struct xbundle *in_xbundle,
2074 const struct dp_packet *packet)
2075 OVS_REQ_WRLOCK(ms->rwlock)
2076{
2077 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(60, 30);
46445c63 2078 const struct mld_header *mld;
06994f87 2079 int count;
46445c63
EC		 2080 size_t offset;
2081
2082 offset = (char *) dp_packet_l4(packet) - (char *) dp_packet_data(packet);
2083 mld = dp_packet_at(packet, offset, MLD_HEADER_LEN);
2084
2085 if (!mld ||
2086 packet_csum_upperlayer6(dp_packet_l3(packet),
2087 mld, IPPROTO_ICMPV6,
2088 dp_packet_l4_size(packet)) != 0) {
2089 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping received bad MLD "
2090 "checksum on port %s in VLAN %d",
2091 xbridge->name, in_xbundle->name, vlan);
2092 return;
2093 }
06994f87
TLSC		 2094
2095 switch (ntohs(flow->tp_src)) {
2096 case MLD_QUERY:
2097 if (!ipv6_addr_equals(&flow->ipv6_src, &in6addr_any)
2098 && mcast_snooping_add_mrouter(ms, vlan, in_xbundle->ofbundle)) {
2099 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping query on port %s"
2100 "in VLAN %d",
2101 xbridge->name, in_xbundle->name, vlan);
2102 }
2103 break;
2104 case MLD_REPORT:
2105 case MLD_DONE:
2106 case MLD2_REPORT:
2107 count = mcast_snooping_add_mld(ms, packet, vlan, in_xbundle->ofbundle);
2108 if (count) {
2109 VLOG_DBG_RL(&rl, "bridge %s: multicast snooping processed %d "
2110 "addresses on port %s in VLAN %d",
2111 xbridge->name, count, in_xbundle->name, vlan);
2112 }
2113 break;
2114 }
2115}
2116
86e2dcdd
FL		 2117/* Updates multicast snooping table 'ms' given that a packet matching 'flow'
2118 * was received on 'in_xbundle' in 'vlan'. */
2119static void
2120update_mcast_snooping_table(const struct xbridge *xbridge,
2121 const struct flow *flow, int vlan,
e3102e42
TLSC		 2122 struct xbundle *in_xbundle,
2123 const struct dp_packet *packet)
86e2dcdd
FL		 2124{
2125 struct mcast_snooping *ms = xbridge->ms;
2126 struct xlate_cfg *xcfg;
2127 struct xbundle *mcast_xbundle;
f4ae6e23 2128 struct mcast_port_bundle *fport;
86e2dcdd
FL		 2129
2130 /* Don't learn the OFPP_NONE port. */
2131 if (in_xbundle == &ofpp_none_bundle) {
2132 return;
2133 }
2134
2135 /* Don't learn from flood ports */
2136 mcast_xbundle = NULL;
2137 ovs_rwlock_wrlock(&ms->rwlock);
2138 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
f4ae6e23 2139 LIST_FOR_EACH(fport, node, &ms->fport_list) {
86e2dcdd
FL		 2140 mcast_xbundle = xbundle_lookup(xcfg, fport->port);
2141 if (mcast_xbundle == in_xbundle) {
2142 break;
2143 }
2144 }
2145
2146 if (!mcast_xbundle || mcast_xbundle != in_xbundle) {
06994f87
TLSC		 2147 if (flow->dl_type == htons(ETH_TYPE_IP)) {
2148 update_mcast_snooping_table4__(xbridge, flow, ms, vlan,
2149 in_xbundle, packet);
2150 } else {
2151 update_mcast_snooping_table6__(xbridge, flow, ms, vlan,
2152 in_xbundle, packet);
2153 }
86e2dcdd
FL		 2154 }
2155 ovs_rwlock_unlock(&ms->rwlock);
2156}
2157
2158/* send the packet to ports having the multicast group learned */
2159static void
2160xlate_normal_mcast_send_group(struct xlate_ctx *ctx,
2161 struct mcast_snooping *ms OVS_UNUSED,
2162 struct mcast_group *grp,
2163 struct xbundle *in_xbundle, uint16_t vlan)
2164 OVS_REQ_RDLOCK(ms->rwlock)
2165{
2166 struct xlate_cfg *xcfg;
2167 struct mcast_group_bundle *b;
2168 struct xbundle *mcast_xbundle;
2169
2170 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2171 LIST_FOR_EACH(b, bundle_node, &grp->bundle_lru) {
2172 mcast_xbundle = xbundle_lookup(xcfg, b->port);
2173 if (mcast_xbundle && mcast_xbundle != in_xbundle) {
2174 xlate_report(ctx, "forwarding to mcast group port");
2175 output_normal(ctx, mcast_xbundle, vlan);
2176 } else if (!mcast_xbundle) {
2177 xlate_report(ctx, "mcast group port is unknown, dropping");
2178 } else {
2179 xlate_report(ctx, "mcast group port is input port, dropping");
2180 }
2181 }
2182}
2183
2184/* send the packet to ports connected to multicast routers */
2185static void
2186xlate_normal_mcast_send_mrouters(struct xlate_ctx *ctx,
2187 struct mcast_snooping *ms,
2188 struct xbundle *in_xbundle, uint16_t vlan)
2189 OVS_REQ_RDLOCK(ms->rwlock)
2190{
2191 struct xlate_cfg *xcfg;
2192 struct mcast_mrouter_bundle *mrouter;
2193 struct xbundle *mcast_xbundle;
2194
2195 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2196 LIST_FOR_EACH(mrouter, mrouter_node, &ms->mrouter_lru) {
2197 mcast_xbundle = xbundle_lookup(xcfg, mrouter->port);
94a881c1
RD		 2198 if (mcast_xbundle && mcast_xbundle != in_xbundle
2199 && mrouter->vlan == vlan) {
86e2dcdd
FL		 2200 xlate_report(ctx, "forwarding to mcast router port");
2201 output_normal(ctx, mcast_xbundle, vlan);
2202 } else if (!mcast_xbundle) {
2203 xlate_report(ctx, "mcast router port is unknown, dropping");
94a881c1
RD		 2204 } else if (mrouter->vlan != vlan) {
2205 xlate_report(ctx, "mcast router is on another vlan, dropping");
86e2dcdd
FL		 2206 } else {
2207 xlate_report(ctx, "mcast router port is input port, dropping");
2208 }
2209 }
2210}
2211
2212/* send the packet to ports flagged to be flooded */
2213static void
2214xlate_normal_mcast_send_fports(struct xlate_ctx *ctx,
2215 struct mcast_snooping *ms,
2216 struct xbundle *in_xbundle, uint16_t vlan)
2217 OVS_REQ_RDLOCK(ms->rwlock)
2218{
2219 struct xlate_cfg *xcfg;
f4ae6e23 2220 struct mcast_port_bundle *fport;
86e2dcdd
FL		 2221 struct xbundle *mcast_xbundle;
2222
2223 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
f4ae6e23 2224 LIST_FOR_EACH(fport, node, &ms->fport_list) {
86e2dcdd
FL		 2225 mcast_xbundle = xbundle_lookup(xcfg, fport->port);
2226 if (mcast_xbundle && mcast_xbundle != in_xbundle) {
2227 xlate_report(ctx, "forwarding to mcast flood port");
2228 output_normal(ctx, mcast_xbundle, vlan);
2229 } else if (!mcast_xbundle) {
2230 xlate_report(ctx, "mcast flood port is unknown, dropping");
2231 } else {
2232 xlate_report(ctx, "mcast flood port is input port, dropping");
2233 }
2234 }
2235}
2236
8e04a33f
FL		 2237/* forward the Reports to configured ports */
2238static void
2239xlate_normal_mcast_send_rports(struct xlate_ctx *ctx,
2240 struct mcast_snooping *ms,
2241 struct xbundle *in_xbundle, uint16_t vlan)
2242 OVS_REQ_RDLOCK(ms->rwlock)
2243{
2244 struct xlate_cfg *xcfg;
2245 struct mcast_port_bundle *rport;
2246 struct xbundle *mcast_xbundle;
2247
2248 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2249 LIST_FOR_EACH(rport, node, &ms->rport_list) {
2250 mcast_xbundle = xbundle_lookup(xcfg, rport->port);
2251 if (mcast_xbundle && mcast_xbundle != in_xbundle) {
2252 xlate_report(ctx, "forwarding Report to mcast flagged port");
2253 output_normal(ctx, mcast_xbundle, vlan);
2254 } else if (!mcast_xbundle) {
2255 xlate_report(ctx, "mcast port is unknown, dropping the Report");
2256 } else {
2257 xlate_report(ctx, "mcast port is input port, dropping the Report");
2258 }
2259 }
2260}
2261
682800a4
FL		 2262static void
2263xlate_normal_flood(struct xlate_ctx *ctx, struct xbundle *in_xbundle,
2264 uint16_t vlan)
2265{
2266 struct xbundle *xbundle;
2267
2268 LIST_FOR_EACH (xbundle, list_node, &ctx->xbridge->xbundles) {
2269 if (xbundle != in_xbundle
2270 && xbundle_includes_vlan(xbundle, vlan)
2271 && xbundle->floodable
2272 && !xbundle_mirror_out(ctx->xbridge, xbundle)) {
2273 output_normal(ctx, xbundle, vlan);
2274 }
2275 }
2031ef97 2276 ctx->nf_output_iface = NF_OUT_FLOOD;
682800a4
FL		 2277}
2278
a75636c8
BP		 2279static bool
2280is_ip_local_multicast(const struct flow *flow, struct flow_wildcards *wc)
2281{
2282 if (flow->dl_type == htons(ETH_TYPE_IP)) {
2283 memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst);
2284 return ip_is_local_multicast(flow->nw_dst);
2285 } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
2286 memset(&wc->masks.ipv6_dst, 0xff, sizeof wc->masks.ipv6_dst);
2287 return ipv6_is_all_hosts(&flow->ipv6_dst);
2288 } else {
2289 return false;
2290 }
2291}
2292
9583bc14
EJ		 2293static void
2294xlate_normal(struct xlate_ctx *ctx)
2295{
49a73e0c 2296 struct flow_wildcards *wc = ctx->wc;
33bf9176 2297 struct flow *flow = &ctx->xin->flow;
46c88433
EJ		 2298 struct xbundle *in_xbundle;
2299 struct xport *in_port;
9583bc14 2300 struct mac_entry *mac;
d6d5bbc9 2301 void *mac_port;
9583bc14
EJ		 2302 uint16_t vlan;
2303 uint16_t vid;
2304
33bf9176
BP		 2305 memset(&wc->masks.dl_src, 0xff, sizeof wc->masks.dl_src);
2306 memset(&wc->masks.dl_dst, 0xff, sizeof wc->masks.dl_dst);
1dd35f8a 2307 wc->masks.vlan_tci |= htons(VLAN_VID_MASK | VLAN_CFI);
9583bc14 2308
46c88433
EJ		 2309 in_xbundle = lookup_input_bundle(ctx->xbridge, flow->in_port.ofp_port,
2310 ctx->xin->packet != NULL, &in_port);
2311 if (!in_xbundle) {
9583bc14
EJ		 2312 xlate_report(ctx, "no input bundle, dropping");
2313 return;
2314 }
2315
2316 /* Drop malformed frames. */
33bf9176
BP		 2317 if (flow->dl_type == htons(ETH_TYPE_VLAN) &&
2318 !(flow->vlan_tci & htons(VLAN_CFI))) {
9583bc14
EJ		 2319 if (ctx->xin->packet != NULL) {
2320 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2321 VLOG_WARN_RL(&rl, "bridge %s: dropping packet with partial "
2322 "VLAN tag received on port %s",
46c88433 2323 ctx->xbridge->name, in_xbundle->name);
9583bc14
EJ		 2324 }
2325 xlate_report(ctx, "partial VLAN tag, dropping");
2326 return;
2327 }
2328
2329 /* Drop frames on bundles reserved for mirroring. */
46c88433 2330 if (xbundle_mirror_out(ctx->xbridge, in_xbundle)) {
9583bc14
EJ		 2331 if (ctx->xin->packet != NULL) {
2332 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
2333 VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port "
2334 "%s, which is reserved exclusively for mirroring",
46c88433 2335 ctx->xbridge->name, in_xbundle->name);
9583bc14
EJ		 2336 }
2337 xlate_report(ctx, "input port is mirror output port, dropping");
2338 return;
2339 }
2340
2341 /* Check VLAN. */
33bf9176 2342 vid = vlan_tci_to_vid(flow->vlan_tci);
46c88433 2343 if (!input_vid_is_valid(vid, in_xbundle, ctx->xin->packet != NULL)) {
9583bc14
EJ		 2344 xlate_report(ctx, "disallowed VLAN VID for this input port, dropping");
2345 return;
2346 }
46c88433 2347 vlan = input_vid_to_vlan(in_xbundle, vid);
9583bc14
EJ		 2348
2349 /* Check other admissibility requirements. */
2350 if (in_port && !is_admissible(ctx, in_port, vlan)) {
2351 return;
2352 }
2353
2354 /* Learn source MAC. */
064799a1 2355 bool is_grat_arp = is_gratuitous_arp(flow, wc);
df70a773 2356 if (ctx->xin->allow_side_effects) {
064799a1
JR		 2357 update_learning_table(ctx->xbridge, in_xbundle, flow->dl_src, vlan,
2358 is_grat_arp);
9583bc14 2359 }
064799a1 2360 if (ctx->xin->xcache && in_xbundle != &ofpp_none_bundle) {
b256dc52
JS		 2361 struct xc_entry *entry;
2362
064799a1 2363 /* Save just enough info to update mac learning table later. */
b256dc52 2364 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_NORMAL);
901a517e
JR		 2365 entry->normal.ofproto = ctx->xbridge->ofproto;
2366 entry->normal.in_port = flow->in_port.ofp_port;
2367 entry->normal.dl_src = flow->dl_src;
2368 entry->normal.vlan = vlan;
2369 entry->normal.is_gratuitous_arp = is_grat_arp;
b256dc52 2370 }
9583bc14
EJ		 2371
2372 /* Determine output bundle. */
86e2dcdd
FL		 2373 if (mcast_snooping_enabled(ctx->xbridge->ms)
2374 && !eth_addr_is_broadcast(flow->dl_dst)
2375 && eth_addr_is_multicast(flow->dl_dst)
06994f87 2376 && is_ip_any(flow)) {
86e2dcdd 2377 struct mcast_snooping *ms = ctx->xbridge->ms;
06994f87 2378 struct mcast_group *grp = NULL;
86e2dcdd 2379
a75636c8
BP		 2380 if (is_igmp(flow, wc)) {
2381 memset(&wc->masks.tp_src, 0xff, sizeof wc->masks.tp_src);
d29f137b
TLSC		 2382 if (mcast_snooping_is_membership(flow->tp_src) ||
2383 mcast_snooping_is_query(flow->tp_src)) {
df70a773 2384 if (ctx->xin->allow_side_effects && ctx->xin->packet) {
86e2dcdd 2385 update_mcast_snooping_table(ctx->xbridge, flow, vlan,
e3102e42 2386 in_xbundle, ctx->xin->packet);
d29f137b
TLSC		 2387 }
2388 /*
2389 * IGMP packets need to take the slow path, in order to be
2390 * processed for mdb updates. That will prevent expires
2391 * firing off even after hosts have sent reports.
2392 */
2393 ctx->xout->slow |= SLOW_ACTION;
86e2dcdd 2394 }
d6d5bbc9 2395
86e2dcdd
FL		 2396 if (mcast_snooping_is_membership(flow->tp_src)) {
2397 ovs_rwlock_rdlock(&ms->rwlock);
2398 xlate_normal_mcast_send_mrouters(ctx, ms, in_xbundle, vlan);
8e04a33f
FL		 2399 /* RFC4541: section 2.1.1, item 1: A snooping switch should
2400 * forward IGMP Membership Reports only to those ports where
2401 * multicast routers are attached. Alternatively stated: a
2402 * snooping switch should not forward IGMP Membership Reports
2403 * to ports on which only hosts are attached.
2404 * An administrative control may be provided to override this
2405 * restriction, allowing the report messages to be flooded to
2406 * other ports. */
2407 xlate_normal_mcast_send_rports(ctx, ms, in_xbundle, vlan);
86e2dcdd
FL		 2408 ovs_rwlock_unlock(&ms->rwlock);
2409 } else {
2410 xlate_report(ctx, "multicast traffic, flooding");
2411 xlate_normal_flood(ctx, in_xbundle, vlan);
2412 }
2413 return;
a75636c8 2414 } else if (is_mld(flow, wc)) {
06994f87 2415 ctx->xout->slow |= SLOW_ACTION;
df70a773 2416 if (ctx->xin->allow_side_effects && ctx->xin->packet) {
06994f87
TLSC		 2417 update_mcast_snooping_table(ctx->xbridge, flow, vlan,
2418 in_xbundle, ctx->xin->packet);
2419 }
a75636c8 2420 if (is_mld_report(flow, wc)) {
06994f87
TLSC		 2421 ovs_rwlock_rdlock(&ms->rwlock);
2422 xlate_normal_mcast_send_mrouters(ctx, ms, in_xbundle, vlan);
2423 xlate_normal_mcast_send_rports(ctx, ms, in_xbundle, vlan);
2424 ovs_rwlock_unlock(&ms->rwlock);
2425 } else {
2426 xlate_report(ctx, "MLD query, flooding");
2427 xlate_normal_flood(ctx, in_xbundle, vlan);
2428 }
86e2dcdd 2429 } else {
a75636c8 2430 if (is_ip_local_multicast(flow, wc)) {
86e2dcdd
FL		 2431 /* RFC4541: section 2.1.2, item 2: Packets with a dst IP
2432 * address in the 224.0.0.x range which are not IGMP must
2433 * be forwarded on all ports */
2434 xlate_report(ctx, "RFC4541: section 2.1.2, item 2, flooding");
2435 xlate_normal_flood(ctx, in_xbundle, vlan);
2436 return;
2437 }
2438 }
2439
2440 /* forwarding to group base ports */
2441 ovs_rwlock_rdlock(&ms->rwlock);
06994f87
TLSC		 2442 if (flow->dl_type == htons(ETH_TYPE_IP)) {
2443 grp = mcast_snooping_lookup4(ms, flow->nw_dst, vlan);
2444 } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
2445 grp = mcast_snooping_lookup(ms, &flow->ipv6_dst, vlan);
2446 }
86e2dcdd
FL		 2447 if (grp) {
2448 xlate_normal_mcast_send_group(ctx, ms, grp, in_xbundle, vlan);
2449 xlate_normal_mcast_send_fports(ctx, ms, in_xbundle, vlan);
2450 xlate_normal_mcast_send_mrouters(ctx, ms, in_xbundle, vlan);
9583bc14 2451 } else {
86e2dcdd
FL		 2452 if (mcast_snooping_flood_unreg(ms)) {
2453 xlate_report(ctx, "unregistered multicast, flooding");
2454 xlate_normal_flood(ctx, in_xbundle, vlan);
2455 } else {
2456 xlate_normal_mcast_send_mrouters(ctx, ms, in_xbundle, vlan);
2457 xlate_normal_mcast_send_fports(ctx, ms, in_xbundle, vlan);
2458 }
9583bc14 2459 }
86e2dcdd 2460 ovs_rwlock_unlock(&ms->rwlock);
9583bc14 2461 } else {
86e2dcdd
FL		 2462 ovs_rwlock_rdlock(&ctx->xbridge->ml->rwlock);
2463 mac = mac_learning_lookup(ctx->xbridge->ml, flow->dl_dst, vlan);
9d078ec2 2464 mac_port = mac ? mac_entry_get_port(ctx->xbridge->ml, mac) : NULL;
86e2dcdd
FL		 2465 ovs_rwlock_unlock(&ctx->xbridge->ml->rwlock);
2466
2467 if (mac_port) {
2468 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2469 struct xbundle *mac_xbundle = xbundle_lookup(xcfg, mac_port);
2470 if (mac_xbundle && mac_xbundle != in_xbundle) {
2471 xlate_report(ctx, "forwarding to learned port");
2472 output_normal(ctx, mac_xbundle, vlan);
2473 } else if (!mac_xbundle) {
2474 xlate_report(ctx, "learned port is unknown, dropping");
2475 } else {
2476 xlate_report(ctx, "learned port is input port, dropping");
2477 }
2478 } else {
2479 xlate_report(ctx, "no learned MAC for destination, flooding");
2480 xlate_normal_flood(ctx, in_xbundle, vlan);
2481 }
9583bc14
EJ		 2482 }
2483}
2484
a6092018
BP		 2485/* Appends a "sample" action for sFlow or IPFIX to 'ctx->odp_actions'. The
2486 * 'probability' is the number of packets out of UINT32_MAX to sample. The
2487 * 'cookie' (of length 'cookie_size' bytes) is passed back in the callback for
2488 * each sampled packet. 'tunnel_out_port', if not ODPP_NONE, is added as the
2489 * OVS_USERSPACE_ATTR_EGRESS_TUN_PORT attribute. If 'include_actions', an
f69f713b
BY		 2490 * OVS_USERSPACE_ATTR_ACTIONS attribute is added. If 'emit_set_tunnel',
2491 * sample(sampling_port=1) would translate into datapath sample action
2492 * set(tunnel(...)), sample(...) and it is used for sampling egress tunnel
2493 * information.
9583bc14
EJ		 2494 */
2495static size_t
a6092018 2496compose_sample_action(struct xlate_ctx *ctx,
9583bc14
EJ		 2497 const uint32_t probability,
2498 const union user_action_cookie *cookie,
8b7ea2d4 2499 const size_t cookie_size,
7321bda3
NM		 2500 const odp_port_t tunnel_out_port,
2501 bool include_actions)
9583bc14 2502{
b97f2c3a
BY		 2503 if (probability == 0) {
2504 /* No need to generate sampling or the inner action. */
2505 return 0;
2506 }
2507
72471622
BY		 2508 /* No need to generate sample action for 100% sampling rate. */
2509 bool is_sample = probability < UINT32_MAX;
2510 size_t sample_offset, actions_offset;
2511 if (is_sample) {
2512 sample_offset = nl_msg_start_nested(ctx->odp_actions,
2513 OVS_ACTION_ATTR_SAMPLE);
2514 nl_msg_put_u32(ctx->odp_actions, OVS_SAMPLE_ATTR_PROBABILITY,
2515 probability);
2516 actions_offset = nl_msg_start_nested(ctx->odp_actions,
2517 OVS_SAMPLE_ATTR_ACTIONS);
2518 }
9583bc14 2519
a6092018
BP		 2520 odp_port_t odp_port = ofp_port_to_odp_port(
2521 ctx->xbridge, ctx->xin->flow.in_port.ofp_port);
2522 uint32_t pid = dpif_port_get_pid(ctx->xbridge->dpif, odp_port,
2523 flow_hash_5tuple(&ctx->xin->flow, 0));
2524 int cookie_offset = odp_put_userspace_action(pid, cookie, cookie_size,
2525 tunnel_out_port,
2526 include_actions,
2527 ctx->odp_actions);
89a8a7f0 2528
72471622
BY		 2529 if (is_sample) {
2530 nl_msg_end_nested(ctx->odp_actions, actions_offset);
2531 nl_msg_end_nested(ctx->odp_actions, sample_offset);
2532 }
9583bc14 2533
9583bc14
EJ		 2534 return cookie_offset;
2535}
2536
a6092018
BP		 2537/* If sFLow is not enabled, returns 0 without doing anything.
2538 *
2539 * If sFlow is enabled, appends a template "sample" action to the ODP actions
2540 * in 'ctx'. This action is a template because some of the information needed
2541 * to fill it out is not available until flow translation is complete. In this
2542 * case, this functions returns an offset, which is always nonzero, to pass
2543 * later to fix_sflow_action() to fill in the rest of the template. */
9583bc14 2544static size_t
a6092018 2545compose_sflow_action(struct xlate_ctx *ctx)
9583bc14 2546{
a6092018
BP		 2547 struct dpif_sflow *sflow = ctx->xbridge->sflow;
2548 if (!sflow || ctx->xin->flow.in_port.ofp_port == OFPP_NONE) {
9583bc14
EJ		 2549 return 0;
2550 }
2551
a6092018
BP		 2552 union user_action_cookie cookie = { .type = USER_ACTION_COOKIE_SFLOW };
2553 return compose_sample_action(ctx, dpif_sflow_get_probability(sflow),
7321bda3
NM		 2554 &cookie, sizeof cookie.sflow, ODPP_NONE,
2555 true);
9583bc14
EJ		 2556}
2557
f69f713b
BY		 2558/* If flow IPFIX is enabled, make sure IPFIX flow sample action
2559 * at egress point of tunnel port is just in front of corresponding
2560 * output action. If bridge IPFIX is enabled, this appends an IPFIX
2561 * sample action to 'ctx->odp_actions'. */
9583bc14 2562static void
a6092018 2563compose_ipfix_action(struct xlate_ctx *ctx, odp_port_t output_odp_port)
9583bc14 2564{
a6092018 2565 struct dpif_ipfix *ipfix = ctx->xbridge->ipfix;
8b7ea2d4 2566 odp_port_t tunnel_out_port = ODPP_NONE;
9583bc14 2567
a6092018 2568 if (!ipfix || ctx->xin->flow.in_port.ofp_port == OFPP_NONE) {
9583bc14
EJ		 2569 return;
2570 }
2571
8b7ea2d4
WZ		 2572 /* For input case, output_odp_port is ODPP_NONE, which is an invalid port
2573 * number. */
2574 if (output_odp_port == ODPP_NONE &&
a6092018 2575 !dpif_ipfix_get_bridge_exporter_input_sampling(ipfix)) {
8b7ea2d4
WZ		 2576 return;
2577 }
2578
f69f713b 2579 /* For output case, output_odp_port is valid. */
8b7ea2d4 2580 if (output_odp_port != ODPP_NONE) {
a6092018 2581 if (!dpif_ipfix_get_bridge_exporter_output_sampling(ipfix)) {
8b7ea2d4
WZ		 2582 return;
2583 }
2584 /* If tunnel sampling is enabled, put an additional option attribute:
2585 * OVS_USERSPACE_ATTR_TUNNEL_OUT_PORT
2586 */
a6092018
BP		 2587 if (dpif_ipfix_get_bridge_exporter_tunnel_sampling(ipfix) &&
2588 dpif_ipfix_get_tunnel_port(ipfix, output_odp_port) ) {
8b7ea2d4
WZ		 2589 tunnel_out_port = output_odp_port;
2590 }
2591 }
2592
a6092018
BP		 2593 union user_action_cookie cookie = {
2594 .ipfix = {
2595 .type = USER_ACTION_COOKIE_IPFIX,
2596 .output_odp_port = output_odp_port,
2597 }
2598 };
2599 compose_sample_action(ctx,
2600 dpif_ipfix_get_bridge_exporter_probability(ipfix),
7321bda3
NM		 2601 &cookie, sizeof cookie.ipfix, tunnel_out_port,
2602 false);
9583bc14
EJ		 2603}
2604
a6092018
BP		 2605/* Fix "sample" action according to data collected while composing ODP actions,
2606 * as described in compose_sflow_action().
2607 *
2608 * 'user_cookie_offset' must be the offset returned by add_sflow_action(). */
9583bc14 2609static void
a6092018 2610fix_sflow_action(struct xlate_ctx *ctx, unsigned int user_cookie_offset)
9583bc14
EJ		 2611{
2612 const struct flow *base = &ctx->base_flow;
2613 union user_action_cookie *cookie;
2614
a6092018 2615 cookie = ofpbuf_at(ctx->odp_actions, user_cookie_offset,
9583bc14
EJ		 2616 sizeof cookie->sflow);
2617 ovs_assert(cookie->type == USER_ACTION_COOKIE_SFLOW);
2618
a6092018
BP		 2619 cookie->type = USER_ACTION_COOKIE_SFLOW;
2620 cookie->sflow.vlan_tci = base->vlan_tci;
2621
2622 /* See http://www.sflow.org/sflow_version_5.txt (search for "Input/output
2623 * port information") for the interpretation of cookie->output. */
2624 switch (ctx->sflow_n_outputs) {
2625 case 0:
2626 /* 0x40000000 | 256 means "packet dropped for unknown reason". */
2627 cookie->sflow.output = 0x40000000 | 256;
2628 break;
2629
2630 case 1:
2631 cookie->sflow.output = dpif_sflow_odp_port_to_ifindex(
2632 ctx->xbridge->sflow, ctx->sflow_odp_port);
2633 if (cookie->sflow.output) {
2634 break;
2635 }
2636 /* Fall through. */
2637 default:
2638 /* 0x80000000 means "multiple output ports. */
2639 cookie->sflow.output = 0x80000000 | ctx->sflow_n_outputs;
2640 break;
2641 }
9583bc14
EJ		 2642}
2643
515793d5
BP		 2644static bool
2645process_special(struct xlate_ctx *ctx, const struct xport *xport)
db7d4e46 2646{
515793d5 2647 const struct flow *flow = &ctx->xin->flow;
49a73e0c 2648 struct flow_wildcards *wc = ctx->wc;
46c88433 2649 const struct xbridge *xbridge = ctx->xbridge;
515793d5
BP		 2650 const struct dp_packet *packet = ctx->xin->packet;
2651 enum slow_path_reason slow;
642dc74d 2652
46c88433 2653 if (!xport) {
515793d5 2654 slow = 0;
46c88433 2655 } else if (xport->cfm && cfm_should_process_flow(xport->cfm, flow, wc)) {
db7d4e46 2656 if (packet) {
46c88433 2657 cfm_process_heartbeat(xport->cfm, packet);
db7d4e46 2658 }
515793d5 2659 slow = SLOW_CFM;
fab52e16 2660 } else if (xport->bfd && bfd_should_process_flow(xport->bfd, flow, wc)) {
db7d4e46 2661 if (packet) {
46c88433 2662 bfd_process_packet(xport->bfd, flow, packet);
60d02c72
AW		 2663 /* If POLL received, immediately sends FINAL back. */
2664 if (bfd_should_send_packet(xport->bfd)) {
6d308b28 2665 ofproto_dpif_monitor_port_send_soon(xport->ofport);
60d02c72 2666 }
db7d4e46 2667 }
515793d5 2668 slow = SLOW_BFD;
46c88433 2669 } else if (xport->xbundle && xport->xbundle->lacp
db7d4e46
JP		 2670 && flow->dl_type == htons(ETH_TYPE_LACP)) {
2671 if (packet) {
46c88433 2672 lacp_process_packet(xport->xbundle->lacp, xport->ofport, packet);
db7d4e46 2673 }
515793d5 2674 slow = SLOW_LACP;
9efd308e
DV		 2675 } else if ((xbridge->stp || xbridge->rstp) &&
2676 stp_should_process_flow(flow, wc)) {
db7d4e46 2677 if (packet) {
f025bcb7
JR		 2678 xbridge->stp
2679 ? stp_process_packet(xport, packet)
2680 : rstp_process_packet(xport, packet);
db7d4e46 2681 }
515793d5 2682 slow = SLOW_STP;
19aef6ef 2683 } else if (xport->lldp && lldp_should_process_flow(xport->lldp, flow)) {
0477baa9
DF		 2684 if (packet) {
2685 lldp_process_packet(xport->lldp, packet);
2686 }
515793d5 2687 slow = SLOW_LLDP;
db7d4e46 2688 } else {
515793d5
BP		 2689 slow = 0;
2690 }
2691
2692 if (slow) {
2693 ctx->xout->slow |= slow;
2694 return true;
2695 } else {
2696 return false;
db7d4e46
JP		 2697 }
2698}
2699
a36de779
PS		 2700static int
2701tnl_route_lookup_flow(const struct flow *oflow,
a8704b50
PS		 2702 struct in6_addr *ip, struct in6_addr *src,
2703 struct xport **out_port)
a36de779
PS		 2704{
2705 char out_dev[IFNAMSIZ];
2706 struct xbridge *xbridge;
2707 struct xlate_cfg *xcfg;
c2b878e0
TLSC		 2708 struct in6_addr gw;
2709 struct in6_addr dst;
a36de779 2710
c2b878e0 2711 dst = flow_tnl_dst(&oflow->tunnel);
a8704b50 2712 if (!ovs_router_lookup(&dst, out_dev, src, &gw)) {
a36de779
PS		 2713 return -ENOENT;
2714 }
2715
c2b878e0
TLSC		 2716 if (ipv6_addr_is_set(&gw) &&
2717 (!IN6_IS_ADDR_V4MAPPED(&gw) || in6_addr_get_mapped_ipv4(&gw))) {
a36de779
PS		 2718 *ip = gw;
2719 } else {
c2b878e0 2720 *ip = dst;
a36de779
PS		 2721 }
2722
2723 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2724 ovs_assert(xcfg);
2725
2726 HMAP_FOR_EACH (xbridge, hmap_node, &xcfg->xbridges) {
2727 if (!strncmp(xbridge->name, out_dev, IFNAMSIZ)) {
2728 struct xport *port;
2729
2730 HMAP_FOR_EACH (port, ofp_node, &xbridge->xports) {
2731 if (!strncmp(netdev_get_name(port->netdev), out_dev, IFNAMSIZ)) {
2732 *out_port = port;
2733 return 0;
2734 }
2735 }
2736 }
2737 }
2738 return -ENOENT;
2739}
2740
2741static int
cdd42eda
JG		 2742compose_table_xlate(struct xlate_ctx *ctx, const struct xport *out_dev,
2743 struct dp_packet *packet)
a36de779 2744{
cdd42eda 2745 struct xbridge *xbridge = out_dev->xbridge;
a36de779
PS		 2746 struct ofpact_output output;
2747 struct flow flow;
2748
2749 ofpact_init(&output.ofpact, OFPACT_OUTPUT, sizeof output);
cf62fa4c 2750 flow_extract(packet, &flow);
cdd42eda
JG		 2751 flow.in_port.ofp_port = out_dev->ofp_port;
2752 output.port = OFPP_TABLE;
a36de779
PS		 2753 output.max_len = 0;
2754
1f4a8933
JR		 2755 return ofproto_dpif_execute_actions__(xbridge->ofproto,
2756 ctx->xin->tables_version, &flow,
2757 NULL, &output.ofpact, sizeof output,
790c5d26
BP		 2758 ctx->indentation, ctx->depth,
2759 ctx->resubmits, packet);
a36de779
PS		 2760}
2761
c2b878e0
TLSC		 2762static void
2763tnl_send_nd_request(struct xlate_ctx *ctx, const struct xport *out_dev,
2764 const struct eth_addr eth_src,
2765 struct in6_addr * ipv6_src, struct in6_addr * ipv6_dst)
2766{
2767 struct dp_packet packet;
2768
2769 dp_packet_init(&packet, 0);
16187903 2770 compose_nd_ns(&packet, eth_src, ipv6_src, ipv6_dst);
c2b878e0
TLSC		 2771 compose_table_xlate(ctx, out_dev, &packet);
2772 dp_packet_uninit(&packet);
2773}
2774
a36de779 2775static void
cdd42eda 2776tnl_send_arp_request(struct xlate_ctx *ctx, const struct xport *out_dev,
74ff3298 2777 const struct eth_addr eth_src,
a36de779
PS		 2778 ovs_be32 ip_src, ovs_be32 ip_dst)
2779{
cf62fa4c 2780 struct dp_packet packet;
a36de779 2781
cf62fa4c 2782 dp_packet_init(&packet, 0);
eb0b295e
BP		 2783 compose_arp(&packet, ARP_OP_REQUEST,
2784 eth_src, eth_addr_zero, true, ip_src, ip_dst);
a36de779 2785
cdd42eda 2786 compose_table_xlate(ctx, out_dev, &packet);
cf62fa4c 2787 dp_packet_uninit(&packet);
a36de779
PS		 2788}
2789
2790static int
81de18ec 2791build_tunnel_send(struct xlate_ctx *ctx, const struct xport *xport,
a36de779
PS		 2792 const struct flow *flow, odp_port_t tunnel_odp_port)
2793{
4975aa3e 2794 struct netdev_tnl_build_header_params tnl_params;
a36de779
PS		 2795 struct ovs_action_push_tnl tnl_push_data;
2796 struct xport *out_dev = NULL;
c2b878e0
TLSC		 2797 ovs_be32 s_ip = 0, d_ip = 0;
2798 struct in6_addr s_ip6 = in6addr_any;
2799 struct in6_addr d_ip6 = in6addr_any;
74ff3298
JR		 2800 struct eth_addr smac;
2801 struct eth_addr dmac;
a36de779 2802 int err;
c2b878e0
TLSC		 2803 char buf_sip6[INET6_ADDRSTRLEN];
2804 char buf_dip6[INET6_ADDRSTRLEN];
a36de779 2805
a8704b50 2806 err = tnl_route_lookup_flow(flow, &d_ip6, &s_ip6, &out_dev);
a36de779 2807 if (err) {
81de18ec 2808 xlate_report(ctx, "native tunnel routing failed");
a36de779
PS		 2809 return err;
2810 }
c2b878e0
TLSC		 2811
2812 xlate_report(ctx, "tunneling to %s via %s",
2813 ipv6_string_mapped(buf_dip6, &d_ip6),
2814 netdev_get_name(out_dev->netdev));
a36de779
PS		 2815
2816 /* Use mac addr of bridge port of the peer. */
74ff3298 2817 err = netdev_get_etheraddr(out_dev->netdev, &smac);
a36de779 2818 if (err) {
81de18ec 2819 xlate_report(ctx, "tunnel output device lacks Ethernet address");
a36de779
PS		 2820 return err;
2821 }
2822
c2b878e0
TLSC		 2823 d_ip = in6_addr_get_mapped_ipv4(&d_ip6);
2824 if (d_ip) {
a8704b50 2825 s_ip = in6_addr_get_mapped_ipv4(&s_ip6);
a36de779
PS		 2826 }
2827
c2b878e0 2828 err = tnl_neigh_lookup(out_dev->xbridge->name, &d_ip6, &dmac);
a36de779 2829 if (err) {
c2b878e0
TLSC		 2830 xlate_report(ctx, "neighbor cache miss for %s on bridge %s, "
2831 "sending %s request",
2832 buf_dip6, out_dev->xbridge->name, d_ip ? "ARP" : "ND");
2833 if (d_ip) {
2834 tnl_send_arp_request(ctx, out_dev, smac, s_ip, d_ip);
2835 } else {
2836 tnl_send_nd_request(ctx, out_dev, smac, &s_ip6, &d_ip6);
2837 }
a36de779
PS		 2838 return err;
2839 }
c2b878e0 2840
a36de779
PS		 2841 if (ctx->xin->xcache) {
2842 struct xc_entry *entry;
2843
53902038 2844 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_TNL_NEIGH);
901a517e
JR		 2845 ovs_strlcpy(entry->tnl_neigh_cache.br_name, out_dev->xbridge->name,
2846 sizeof entry->tnl_neigh_cache.br_name);
2847 entry->tnl_neigh_cache.d_ipv6 = d_ip6;
a36de779 2848 }
81de18ec 2849
c2b878e0
TLSC		 2850 xlate_report(ctx, "tunneling from "ETH_ADDR_FMT" %s"
2851 " to "ETH_ADDR_FMT" %s",
2852 ETH_ADDR_ARGS(smac), ipv6_string_mapped(buf_sip6, &s_ip6),
2853 ETH_ADDR_ARGS(dmac), buf_dip6);
2854
4975aa3e
PS		 2855 netdev_init_tnl_build_header_params(&tnl_params, flow, &s_ip6, dmac, smac);
2856 err = tnl_port_build_header(xport->ofport, &tnl_push_data, &tnl_params);
a36de779
PS		 2857 if (err) {
2858 return err;
2859 }
2860 tnl_push_data.tnl_port = odp_to_u32(tunnel_odp_port);
2861 tnl_push_data.out_port = odp_to_u32(out_dev->odp_port);
1520ef4f 2862 odp_put_tnl_push_action(ctx->odp_actions, &tnl_push_data);
a36de779
PS		 2863 return 0;
2864}
2865
704bb0bf
JS		 2866static void
2867xlate_commit_actions(struct xlate_ctx *ctx)
2868{
2869 bool use_masked = ctx->xbridge->support.masked_set_action;
2870
2871 ctx->xout->slow |= commit_odp_actions(&ctx->xin->flow, &ctx->base_flow,
2872 ctx->odp_actions, ctx->wc,
2873 use_masked);
2874}
2875
07659514
JS		 2876static void
2877clear_conntrack(struct flow *flow)
2878{
2879 flow->ct_state = 0;
2880 flow->ct_zone = 0;
8e53fe8c 2881 flow->ct_mark = 0;
9daf2348 2882 memset(&flow->ct_label, 0, sizeof flow->ct_label);
07659514
JS		 2883}
2884
58d636ee
BK		 2885static bool
2886xlate_flow_is_protected(const struct xlate_ctx *ctx, const struct flow *flow, const struct xport *xport_out)
2887{
2888 const struct xport *xport_in;
2889
2890 if (!xport_out) {
2891 return false;
2892 }
2893
2894 xport_in = get_ofp_port(ctx->xbridge, flow->in_port.ofp_port);
2895
2896 return (xport_in && xport_in->xbundle && xport_out->xbundle &&
2897 xport_in->xbundle->protected && xport_out->xbundle->protected);
2898}
2899
2900
9583bc14 2901static void
4e022ec0 2902compose_output_action__(struct xlate_ctx *ctx, ofp_port_t ofp_port,
e93ef1c7 2903 const struct xlate_bond_recirc *xr, bool check_stp)
9583bc14 2904{
46c88433 2905 const struct xport *xport = get_ofp_port(ctx->xbridge, ofp_port);
49a73e0c 2906 struct flow_wildcards *wc = ctx->wc;
33bf9176 2907 struct flow *flow = &ctx->xin->flow;
a36de779 2908 struct flow_tnl flow_tnl;
9583bc14 2909 ovs_be16 flow_vlan_tci;
1362e248 2910 uint32_t flow_pkt_mark;
9583bc14 2911 uint8_t flow_nw_tos;
4e022ec0 2912 odp_port_t out_port, odp_port;
a36de779 2913 bool tnl_push_pop_send = false;
ca077186 2914 uint8_t dscp;
9583bc14
EJ		 2915
2916 /* If 'struct flow' gets additional metadata, we'll need to zero it out
2917 * before traversing a patch port. */
847b8b02 2918 BUILD_ASSERT_DECL(FLOW_WC_SEQ == 36);
a36de779 2919 memset(&flow_tnl, 0, sizeof flow_tnl);
9583bc14 2920
46c88433 2921 if (!xport) {
9583bc14
EJ		 2922 xlate_report(ctx, "Nonexistent output port");
2923 return;
46c88433 2924 } else if (xport->config & OFPUTIL_PC_NO_FWD) {
9583bc14
EJ		 2925 xlate_report(ctx, "OFPPC_NO_FWD set, skipping output");
2926 return;
1356dbd1
WT		 2927 } else if (ctx->mirror_snaplen != 0 && xport->odp_port == ODPP_NONE) {
2928 xlate_report(ctx, "Mirror truncate to ODPP_NONE, skipping output");
2929 return;
58d636ee
BK		 2930 } else if (xlate_flow_is_protected(ctx, flow, xport)) {
2931 xlate_report(ctx, "Flow is between protected ports, skipping output.");
2932 return;
0d1cee12 2933 } else if (check_stp) {
bbbca389 2934 if (is_stp(&ctx->base_flow)) {
9efd308e
DV		 2935 if (!xport_stp_should_forward_bpdu(xport) &&
2936 !xport_rstp_should_manage_bpdu(xport)) {
2937 if (ctx->xbridge->stp != NULL) {
2938 xlate_report(ctx, "STP not in listening state, "
2939 "skipping bpdu output");
2940 } else if (ctx->xbridge->rstp != NULL) {
2941 xlate_report(ctx, "RSTP not managing BPDU in this state, "
2942 "skipping bpdu output");
2943 }
0d1cee12
K		 2944 return;
2945 }
9efd308e
DV		 2946 } else if (!xport_stp_forward_state(xport) ||
2947 !xport_rstp_forward_state(xport)) {
2948 if (ctx->xbridge->stp != NULL) {
2949 xlate_report(ctx, "STP not in forwarding state, "
2950 "skipping output");
2951 } else if (ctx->xbridge->rstp != NULL) {
2952 xlate_report(ctx, "RSTP not in forwarding state, "
2953 "skipping output");
2954 }
0d1cee12
K		 2955 return;
2956 }
9583bc14
EJ		 2957 }
2958
46c88433
EJ		 2959 if (xport->peer) {
2960 const struct xport *peer = xport->peer;
9583bc14 2961 struct flow old_flow = ctx->xin->flow;
8d8ab6c2 2962 struct flow_tnl old_flow_tnl_wc = ctx->wc->masks.tunnel;
07659514 2963 bool old_conntrack = ctx->conntracked;
e12ec36b 2964 bool old_was_mpls = ctx->was_mpls;
1f4a8933 2965 ovs_version_t old_version = ctx->xin->tables_version;
1774d762 2966 struct ofpbuf old_stack = ctx->stack;
84cf3c1f 2967 uint8_t new_stack[1024];
ed9c9e3e
JR		 2968 struct ofpbuf old_action_set = ctx->action_set;
2969 uint64_t actset_stub[1024 / 8];
9583bc14 2970
1774d762 2971 ofpbuf_use_stub(&ctx->stack, new_stack, sizeof new_stack);
ed9c9e3e 2972 ofpbuf_use_stub(&ctx->action_set, actset_stub, sizeof actset_stub);
46c88433 2973 flow->in_port.ofp_port = peer->ofp_port;
33bf9176
BP		 2974 flow->metadata = htonll(0);
2975 memset(&flow->tunnel, 0, sizeof flow->tunnel);
07a3cd5c
BP		 2976 flow->tunnel.metadata.tab = ofproto_get_tun_tab(
2977 &peer->xbridge->ofproto->up);
8d8ab6c2 2978 ctx->wc->masks.tunnel.metadata.tab = flow->tunnel.metadata.tab;
33bf9176 2979 memset(flow->regs, 0, sizeof flow->regs);
c61f3870 2980 flow->actset_output = OFPP_UNSET;
07659514
JS		 2981 ctx->conntracked = false;
2982 clear_conntrack(flow);
9583bc14 2983
76f3c260
BP		 2984 /* When the patch port points to a different bridge, then the mirrors
2985 * for that bridge clearly apply independently to the packet, so we
2986 * reset the mirror bitmap to zero and then restore it after the packet
2987 * returns.
2988 *
2989 * When the patch port points to the same bridge, this is more of a
2990 * design decision: can mirrors be re-applied to the packet after it
2991 * re-enters the bridge, or should we treat that as doubly mirroring a
2992 * single packet? The former may be cleaner, since it respects the
2993 * model in which a patch port is like a physical cable plugged from
2994 * one switch port to another, but the latter may be less surprising to
2995 * users. We take the latter choice, for now at least. (To use the
2996 * former choice, hard-code 'independent_mirrors' to "true".) */
2997 mirror_mask_t old_mirrors = ctx->mirrors;
2998 bool independent_mirrors = peer->xbridge != ctx->xbridge;
2999 if (independent_mirrors) {
3000 ctx->mirrors = 0;
3001 }
3002 ctx->xbridge = peer->xbridge;
3003
621b8064 3004 /* The bridge is now known so obtain its table version. */
1f4a8933 3005 ctx->xin->tables_version
621b8064
JR		 3006 = ofproto_dpif_get_tables_version(ctx->xbridge->ofproto);
3007
515793d5 3008 if (!process_special(ctx, peer) && may_receive(peer, ctx)) {
9efd308e 3009 if (xport_stp_forward_state(peer) && xport_rstp_forward_state(peer)) {
e672ff9b 3010 xlate_table_action(ctx, flow->in_port.ofp_port, 0, true, true);
1d361a81 3011 if (!ctx->freezing) {
8a5fb3b4 3012 xlate_action_set(ctx);
e672ff9b 3013 }
1d361a81 3014 if (ctx->freezing) {
77ab5fd2 3015 finish_freezing(ctx);
ed9c9e3e 3016 }
9583bc14 3017 } else {
9efd308e
DV		 3018 /* Forwarding is disabled by STP and RSTP. Let OFPP_NORMAL and
3019 * the learning action look at the packet, then drop it. */
9583bc14 3020 struct flow old_base_flow = ctx->base_flow;
1520ef4f 3021 size_t old_size = ctx->odp_actions->size;
76f3c260 3022 mirror_mask_t old_mirrors2 = ctx->mirrors;
f3d5b473 3023
e672ff9b 3024 xlate_table_action(ctx, flow->in_port.ofp_port, 0, true, true);
76f3c260 3025 ctx->mirrors = old_mirrors2;
9583bc14 3026 ctx->base_flow = old_base_flow;
1520ef4f 3027 ctx->odp_actions->size = old_size;
e672ff9b 3028
1d361a81
BP		 3029 /* Undo changes that may have been done for freezing. */
3030 ctx_cancel_freeze(ctx);
9583bc14
EJ		 3031 }
3032 }
3033
76f3c260
BP		 3034 if (independent_mirrors) {
3035 ctx->mirrors = old_mirrors;
3036 }
9583bc14 3037 ctx->xin->flow = old_flow;
832554e3 3038 ctx->xbridge = xport->xbridge;
ed9c9e3e
JR		 3039 ofpbuf_uninit(&ctx->action_set);
3040 ctx->action_set = old_action_set;
1774d762
JR		 3041 ofpbuf_uninit(&ctx->stack);
3042 ctx->stack = old_stack;
9583bc14 3043
621b8064 3044 /* Restore calling bridge's lookup version. */
1f4a8933 3045 ctx->xin->tables_version = old_version;
621b8064 3046
8d8ab6c2
JG		 3047 /* Since this packet came in on a patch port (from the perspective of
3048 * the peer bridge), it cannot have useful tunnel information. As a
3049 * result, any wildcards generated on that tunnel also cannot be valid.
3050 * The tunnel wildcards must be restored to their original version since
3051 * the peer bridge uses a separate tunnel metadata table and therefore
3052 * any generated wildcards will be garbage in the context of our
3053 * metadata table. */
3054 ctx->wc->masks.tunnel = old_flow_tnl_wc;
3055
e12ec36b
SH		 3056 /* The peer bridge popping MPLS should have no effect on the original
3057 * bridge. */
3058 ctx->was_mpls = old_was_mpls;
3059
07659514
JS		 3060 /* The peer bridge's conntrack execution should have no effect on the
3061 * original bridge. */
3062 ctx->conntracked = old_conntrack;
3063
f3d5b473
JR		 3064 /* The fact that the peer bridge exits (for any reason) does not mean
3065 * that the original bridge should exit. Specifically, if the peer
1d361a81
BP		 3066 * bridge freezes translation, the original bridge must continue
3067 * processing with the original, not the frozen packet! */
f3d5b473
JR		 3068 ctx->exit = false;
3069
fff1b9c0
JR		 3070 /* Peer bridge errors do not propagate back. */
3071 ctx->error = XLATE_OK;
3072
9583bc14 3073 if (ctx->xin->resubmit_stats) {
46c88433
EJ		 3074 netdev_vport_inc_tx(xport->netdev, ctx->xin->resubmit_stats);
3075 netdev_vport_inc_rx(peer->netdev, ctx->xin->resubmit_stats);
a1aeea86
AW		 3076 if (peer->bfd) {
3077 bfd_account_rx(peer->bfd, ctx->xin->resubmit_stats);
3078 }
9583bc14 3079 }
b256dc52
JS		 3080 if (ctx->xin->xcache) {
3081 struct xc_entry *entry;
3082
3083 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_NETDEV);
901a517e
JR		 3084 entry->dev.tx = netdev_ref(xport->netdev);
3085 entry->dev.rx = netdev_ref(peer->netdev);
3086 entry->dev.bfd = bfd_ref(peer->bfd);
b256dc52 3087 }
9583bc14
EJ		 3088 return;
3089 }
3090
33bf9176 3091 flow_vlan_tci = flow->vlan_tci;
1362e248 3092 flow_pkt_mark = flow->pkt_mark;
33bf9176 3093 flow_nw_tos = flow->nw_tos;
9583bc14 3094
16194afd
DDP		 3095 if (count_skb_priorities(xport)) {
3096 memset(&wc->masks.skb_priority, 0xff, sizeof wc->masks.skb_priority);
3097 if (dscp_from_skb_priority(xport, flow->skb_priority, &dscp)) {
3098 wc->masks.nw_tos |= IP_DSCP_MASK;
3099 flow->nw_tos &= ~IP_DSCP_MASK;
3100 flow->nw_tos |= dscp;
3101 }
9583bc14
EJ		 3102 }
3103
46c88433 3104 if (xport->is_tunnel) {
c2b878e0 3105 struct in6_addr dst;
9583bc14
EJ		 3106 /* Save tunnel metadata so that changes made due to
3107 * the Logical (tunnel) Port are not visible for any further
3108 * matches, while explicit set actions on tunnel metadata are.
3109 */
a36de779 3110 flow_tnl = flow->tunnel;
49a73e0c 3111 odp_port = tnl_port_send(xport->ofport, flow, ctx->wc);
4e022ec0 3112 if (odp_port == ODPP_NONE) {
9583bc14
EJ		 3113 xlate_report(ctx, "Tunneling decided against output");
3114 goto out; /* restore flow_nw_tos */
3115 }
c2b878e0
TLSC		 3116 dst = flow_tnl_dst(&flow->tunnel);
3117 if (ipv6_addr_equals(&dst, &ctx->orig_tunnel_ipv6_dst)) {
9583bc14
EJ		 3118 xlate_report(ctx, "Not tunneling to our own address");
3119 goto out; /* restore flow_nw_tos */
3120 }
3121 if (ctx->xin->resubmit_stats) {
46c88433 3122 netdev_vport_inc_tx(xport->netdev, ctx->xin->resubmit_stats);
9583bc14 3123 }
b256dc52
JS		 3124 if (ctx->xin->xcache) {
3125 struct xc_entry *entry;
3126
3127 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_NETDEV);
901a517e 3128 entry->dev.tx = netdev_ref(xport->netdev);
b256dc52 3129 }
9583bc14 3130 out_port = odp_port;
a36de779 3131 if (ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) {
81de18ec 3132 xlate_report(ctx, "output to native tunnel");
a36de779
PS		 3133 tnl_push_pop_send = true;
3134 } else {
81de18ec 3135 xlate_report(ctx, "output to kernel tunnel");
1520ef4f 3136 commit_odp_tunnel_action(flow, &ctx->base_flow, ctx->odp_actions);
a36de779
PS		 3137 flow->tunnel = flow_tnl; /* Restore tunnel metadata */
3138 }
9583bc14 3139 } else {
46c88433 3140 odp_port = xport->odp_port;
7614e5d0 3141 out_port = odp_port;
9583bc14 3142 }
9583bc14 3143
4e022ec0 3144 if (out_port != ODPP_NONE) {
704bb0bf 3145 xlate_commit_actions(ctx);
adcf00ba 3146
e93ef1c7 3147 if (xr) {
347bf289 3148 struct ovs_action_hash *act_hash;
adcf00ba 3149
347bf289 3150 /* Hash action. */
1520ef4f 3151 act_hash = nl_msg_put_unspec_uninit(ctx->odp_actions,
347bf289
AZ		 3152 OVS_ACTION_ATTR_HASH,
3153 sizeof *act_hash);
3154 act_hash->hash_alg = xr->hash_alg;
62ac1f20 3155 act_hash->hash_basis = xr->hash_basis;
347bf289
AZ		 3156
3157 /* Recirc action. */
1520ef4f 3158 nl_msg_put_u32(ctx->odp_actions, OVS_ACTION_ATTR_RECIRC,
347bf289 3159 xr->recirc_id);
adcf00ba 3160 } else {
a36de779
PS		 3161
3162 if (tnl_push_pop_send) {
3163 build_tunnel_send(ctx, xport, flow, odp_port);
3164 flow->tunnel = flow_tnl; /* Restore tunnel metadata */
3165 } else {
3166 odp_port_t odp_tnl_port = ODPP_NONE;
3167
3168 /* XXX: Write better Filter for tunnel port. We can use inport
3169 * int tunnel-port flow to avoid these checks completely. */
3170 if (ofp_port == OFPP_LOCAL &&
3171 ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) {
3172
3173 odp_tnl_port = tnl_port_map_lookup(flow, wc);
3174 }
3175
3176 if (odp_tnl_port != ODPP_NONE) {
1520ef4f 3177 nl_msg_put_odp_port(ctx->odp_actions,
a36de779
PS		 3178 OVS_ACTION_ATTR_TUNNEL_POP,
3179 odp_tnl_port);
3180 } else {
3181 /* Tunnel push-pop action is not compatible with
3182 * IPFIX action. */
a6092018 3183 compose_ipfix_action(ctx, out_port);
1356dbd1
WT		 3184
3185 /* Handle truncation of the mirrored packet. */
3186 if (ctx->mirror_snaplen > 0 &&
3187 ctx->mirror_snaplen < UINT16_MAX) {
3188 struct ovs_action_trunc *trunc;
3189
3190 trunc = nl_msg_put_unspec_uninit(ctx->odp_actions,
3191 OVS_ACTION_ATTR_TRUNC,
3192 sizeof *trunc);
3193 trunc->max_len = ctx->mirror_snaplen;
3194 if (!ctx->xbridge->support.trunc) {
3195 ctx->xout->slow |= SLOW_ACTION;
3196 }
3197 }
3198
1520ef4f 3199 nl_msg_put_odp_port(ctx->odp_actions,
a36de779
PS		 3200 OVS_ACTION_ATTR_OUTPUT,
3201 out_port);
1356dbd1
WT		 3202 }
3203 }
adcf00ba 3204 }
9583bc14 3205
6cbbf4fa
EJ		 3206 ctx->sflow_odp_port = odp_port;
3207 ctx->sflow_n_outputs++;
2031ef97 3208 ctx->nf_output_iface = ofp_port;
6cbbf4fa
EJ		 3209 }
3210
7efbc3b7
BP		 3211 if (mbridge_has_mirrors(ctx->xbridge->mbridge) && xport->xbundle) {
3212 mirror_packet(ctx, xport->xbundle,
3213 xbundle_mirror_dst(xport->xbundle->xbridge,
3214 xport->xbundle));
3215 }
3216
6cbbf4fa 3217 out:
9583bc14 3218 /* Restore flow */
33bf9176 3219 flow->vlan_tci = flow_vlan_tci;
1362e248 3220 flow->pkt_mark = flow_pkt_mark;
33bf9176 3221 flow->nw_tos = flow_nw_tos;
9583bc14
EJ		 3222}
3223
3224static void
e93ef1c7
JR		 3225compose_output_action(struct xlate_ctx *ctx, ofp_port_t ofp_port,
3226 const struct xlate_bond_recirc *xr)
9583bc14 3227{
e93ef1c7 3228 compose_output_action__(ctx, ofp_port, xr, true);
9583bc14
EJ		 3229}
3230
bb61b33d 3231static void
790c5d26 3232xlate_recursively(struct xlate_ctx *ctx, struct rule_dpif *rule, bool deepens)
bb61b33d
BP		 3233{
3234 struct rule_dpif *old_rule = ctx->rule;
8b1e5560 3235 ovs_be64 old_cookie = ctx->rule_cookie;
dc723c44 3236 const struct rule_actions *actions;
bb61b33d
BP		 3237
3238 if (ctx->xin->resubmit_stats) {
70742c7f 3239 rule_dpif_credit_stats(rule, ctx->xin->resubmit_stats);
bb61b33d
BP		 3240 }
3241
98b07853 3242 ctx->resubmits++;
790c5d26 3243
9a9b001a 3244 ctx->indentation++;
790c5d26 3245 ctx->depth += deepens;
bb61b33d 3246 ctx->rule = rule;
07a3cd5c
BP		 3247 ctx->rule_cookie = rule->up.flow_cookie;
3248 actions = rule_get_actions(&rule->up);
6f00e29b 3249 do_xlate_actions(actions->ofpacts, actions->ofpacts_len, ctx);
8b1e5560 3250 ctx->rule_cookie = old_cookie;
bb61b33d 3251 ctx->rule = old_rule;
790c5d26 3252 ctx->depth -= deepens;
9a9b001a 3253 ctx->indentation--;
bb61b33d
BP		 3254}
3255
bd3240ba
SH		 3256static bool
3257xlate_resubmit_resource_check(struct xlate_ctx *ctx)
9583bc14 3258{
790c5d26
BP		 3259 if (ctx->depth >= MAX_DEPTH) {
3260 XLATE_REPORT_ERROR(ctx, "over max translation depth %d", MAX_DEPTH);
fff1b9c0 3261 ctx->error = XLATE_RECURSION_TOO_DEEP;
790c5d26 3262 } else if (ctx->resubmits >= MAX_RESUBMITS) {
fff1b9c0
JR		 3263 XLATE_REPORT_ERROR(ctx, "over %d resubmit actions", MAX_RESUBMITS);
3264 ctx->error = XLATE_TOO_MANY_RESUBMITS;
1520ef4f 3265 } else if (ctx->odp_actions->size > UINT16_MAX) {
fff1b9c0
JR		 3266 XLATE_REPORT_ERROR(ctx, "resubmits yielded over 64 kB of actions");
3267 /* NOT an error, as we'll be slow-pathing the flow in this case? */
3268 ctx->exit = true; /* XXX: translation still terminated! */
6fd6ed71 3269 } else if (ctx->stack.size >= 65536) {
fff1b9c0
JR		 3270 XLATE_REPORT_ERROR(ctx, "resubmits yielded over 64 kB of stack");
3271 ctx->error = XLATE_STACK_TOO_DEEP;
98b07853 3272 } else {
bd3240ba
SH		 3273 return true;
3274 }
3275
3276 return false;
3277}
3278
3279static void
6d328fa2
SH		 3280xlate_table_action(struct xlate_ctx *ctx, ofp_port_t in_port, uint8_t table_id,
3281 bool may_packet_in, bool honor_table_miss)
bd3240ba 3282{
e12ec36b
SH		 3283 /* Check if we need to recirculate before matching in a table. */
3284 if (ctx->was_mpls) {
3285 ctx_trigger_freeze(ctx);
3286 return;
3287 }
bd3240ba 3288 if (xlate_resubmit_resource_check(ctx)) {
9583bc14 3289 uint8_t old_table_id = ctx->table_id;
3f207910 3290 struct rule_dpif *rule;
9583bc14
EJ		 3291
3292 ctx->table_id = table_id;
3293
34dd0d78 3294 rule = rule_dpif_lookup_from_table(ctx->xbridge->ofproto,
1f4a8933 3295 ctx->xin->tables_version,
c0e638aa 3296 &ctx->xin->flow, ctx->wc,
34dd0d78
JR		 3297 ctx->xin->resubmit_stats,
3298 &ctx->table_id, in_port,
a027899e
JR		 3299 may_packet_in, honor_table_miss,
3300 ctx->xin->xcache);
a8c31348 3301 if (OVS_UNLIKELY(ctx->xin->resubmit_hook)) {
9a9b001a 3302 ctx->xin->resubmit_hook(ctx->xin, rule, ctx->indentation + 1);
ad3efdcb
EJ		 3303 }
3304
a2143702 3305 if (rule) {
83709dfa
JR		 3306 /* Fill in the cache entry here instead of xlate_recursively
3307 * to make the reference counting more explicit. We take a
3308 * reference in the lookups above if we are going to cache the
3309 * rule. */
3310 if (ctx->xin->xcache) {
3311 struct xc_entry *entry;
3312
3313 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_RULE);
901a517e 3314 entry->rule = rule;
07a3cd5c 3315 ofproto_rule_ref(&rule->up);
83709dfa 3316 }
790c5d26 3317 xlate_recursively(ctx, rule, table_id <= old_table_id);
ad3efdcb
EJ		 3318 }
3319
9583bc14 3320 ctx->table_id = old_table_id;
98b07853 3321 return;
9583bc14
EJ		 3322 }
3323}
3324
76973237 3325/* Consumes the group reference, which is only taken if xcache exists. */
f4fb341b 3326static void
1e684d7d
RW		 3327xlate_group_stats(struct xlate_ctx *ctx, struct group_dpif *group,
3328 struct ofputil_bucket *bucket)
3329{
3330 if (ctx->xin->resubmit_stats) {
3331 group_dpif_credit_stats(group, bucket, ctx->xin->resubmit_stats);
3332 }
3333 if (ctx->xin->xcache) {
3334 struct xc_entry *entry;
3335
3336 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_GROUP);
901a517e
JR		 3337 entry->group.group = group;
3338 entry->group.bucket = bucket;
1e684d7d
RW		 3339 }
3340}
3341
3342static void
3343xlate_group_bucket(struct xlate_ctx *ctx, struct ofputil_bucket *bucket)
f4fb341b
SH		 3344{
3345 uint64_t action_list_stub[1024 / 8];
0a2869d5
BP		 3346 struct ofpbuf action_list = OFPBUF_STUB_INITIALIZER(action_list_stub);
3347 struct ofpbuf action_set = ofpbuf_const_initializer(bucket->ofpacts,
3348 bucket->ofpacts_len);
5b09e569 3349 struct flow old_flow = ctx->xin->flow;
e12ec36b 3350 bool old_was_mpls = ctx->was_mpls;
f4fb341b 3351
f4fb341b 3352 ofpacts_execute_action_set(&action_list, &action_set);
9a9b001a 3353 ctx->indentation++;
790c5d26 3354 ctx->depth++;
6fd6ed71 3355 do_xlate_actions(action_list.data, action_list.size, ctx);
790c5d26 3356 ctx->depth--;
9a9b001a 3357 ctx->indentation--;
f4fb341b 3358
f4fb341b 3359 ofpbuf_uninit(&action_list);
5b09e569 3360
77ab5fd2 3361 /* Check if need to freeze. */
1d361a81 3362 if (ctx->freezing) {
77ab5fd2 3363 finish_freezing(ctx);
e672ff9b
JR		 3364 }
3365
5b09e569
JR		 3366 /* Roll back flow to previous state.
3367 * This is equivalent to cloning the packet for each bucket.
3368 *
3369 * As a side effect any subsequently applied actions will
3370 * also effectively be applied to a clone of the packet taken
3371 * just before applying the all or indirect group.
3372 *
3373 * Note that group buckets are action sets, hence they cannot modify the
3374 * main action set. Also any stack actions are ignored when executing an
3375 * action set, so group buckets cannot change the stack either.
3376 * However, we do allow resubmit actions in group buckets, which could
3377 * break the above assumptions. It is up to the controller to not mess up
3378 * with the action_set and stack in the tables resubmitted to from
3379 * group buckets. */
3380 ctx->xin->flow = old_flow;
3381
e12ec36b
SH		 3382 /* The group bucket popping MPLS should have no effect after bucket
3383 * execution. */
3384 ctx->was_mpls = old_was_mpls;
3385
5b09e569
JR		 3386 /* The fact that the group bucket exits (for any reason) does not mean that
3387 * the translation after the group action should exit. Specifically, if
1d361a81
BP		 3388 * the group bucket freezes translation, the actions after the group action
3389 * must continue processing with the original, not the frozen packet! */
5b09e569 3390 ctx->exit = false;
f4fb341b
SH		 3391}
3392
3393static void
3394xlate_all_group(struct xlate_ctx *ctx, struct group_dpif *group)
3395{
1e684d7d 3396 struct ofputil_bucket *bucket;
07a3cd5c 3397 LIST_FOR_EACH (bucket, list_node, &group->up.buckets) {
f4fb341b 3398 xlate_group_bucket(ctx, bucket);
f4fb341b 3399 }
1e684d7d 3400 xlate_group_stats(ctx, group, NULL);
f4fb341b
SH		 3401}
3402
dd8cd4b4
SH		 3403static void
3404xlate_ff_group(struct xlate_ctx *ctx, struct group_dpif *group)
3405{
1e684d7d 3406 struct ofputil_bucket *bucket;
dd8cd4b4
SH		 3407
3408 bucket = group_first_live_bucket(ctx, group, 0);
3409 if (bucket) {
3410 xlate_group_bucket(ctx, bucket);
1e684d7d 3411 xlate_group_stats(ctx, group, bucket);
76973237 3412 } else if (ctx->xin->xcache) {
07a3cd5c 3413 ofproto_group_unref(&group->up);
dd8cd4b4
SH		 3414 }
3415}
3416
fe7e5749 3417static void
7565c3e4 3418xlate_default_select_group(struct xlate_ctx *ctx, struct group_dpif *group)
fe7e5749 3419{
49a73e0c 3420 struct flow_wildcards *wc = ctx->wc;
1e684d7d 3421 struct ofputil_bucket *bucket;
fe7e5749
SH		 3422 uint32_t basis;
3423
1d1aae0b 3424 basis = flow_hash_symmetric_l4(&ctx->xin->flow, 0);
80e3509d 3425 flow_mask_hash_fields(&ctx->xin->flow, wc, NX_HASH_FIELDS_SYMMETRIC_L4);
fe7e5749
SH		 3426 bucket = group_best_live_bucket(ctx, group, basis);
3427 if (bucket) {
fe7e5749 3428 xlate_group_bucket(ctx, bucket);
1e684d7d 3429 xlate_group_stats(ctx, group, bucket);
76973237 3430 } else if (ctx->xin->xcache) {
07a3cd5c 3431 ofproto_group_unref(&group->up);
fe7e5749
SH		 3432 }
3433}
3434
0c4b9393
SH		 3435static void
3436xlate_hash_fields_select_group(struct xlate_ctx *ctx, struct group_dpif *group)
3437{
07a3cd5c
BP		 3438 const struct field_array *fields = &group->up.props.fields;
3439 const uint8_t *mask_values = fields->values;
3440 uint32_t basis = hash_uint64(group->up.props.selection_method_param);
0c4b9393 3441
07a3cd5c 3442 size_t i;
e8dba719
JR		 3443 BITMAP_FOR_EACH_1 (i, MFF_N_IDS, fields->used.bm) {
3444 const struct mf_field *mf = mf_from_id(i);
0c4b9393 3445
e8dba719
JR		 3446 /* Skip fields for which prerequisities are not met. */
3447 if (!mf_are_prereqs_ok(mf, &ctx->xin->flow, ctx->wc)) {
3448 /* Skip the mask bytes for this field. */
3449 mask_values += mf->n_bytes;
3450 continue;
3451 }
0c4b9393 3452
e8dba719
JR		 3453 union mf_value value;
3454 union mf_value mask;
0c4b9393 3455
e8dba719
JR		 3456 mf_get_value(mf, &ctx->xin->flow, &value);
3457 /* Mask the value. */
3458 for (int j = 0; j < mf->n_bytes; j++) {
3459 mask.b[j] = *mask_values++;
3460 value.b[j] &= mask.b[j];
3461 }
3462 basis = hash_bytes(&value, mf->n_bytes, basis);
1cb20095 3463
e8dba719
JR		 3464 /* For tunnels, hash in whether the field is present. */
3465 if (mf_is_tun_metadata(mf)) {
3466 basis = hash_boolean(mf_is_set(mf, &ctx->xin->flow), basis);
0c4b9393 3467 }
e8dba719
JR		 3468
3469 mf_mask_field_masked(mf, &mask, ctx->wc);
0c4b9393
SH		 3470 }
3471
07a3cd5c 3472 struct ofputil_bucket *bucket = group_best_live_bucket(ctx, group, basis);
0c4b9393
SH		 3473 if (bucket) {
3474 xlate_group_bucket(ctx, bucket);
3475 xlate_group_stats(ctx, group, bucket);
76973237 3476 } else if (ctx->xin->xcache) {
07a3cd5c 3477 ofproto_group_unref(&group->up);
0c4b9393
SH		 3478 }
3479}
3480
53cc166a
JR		 3481static void
3482xlate_dp_hash_select_group(struct xlate_ctx *ctx, struct group_dpif *group)
3483{
3484 struct ofputil_bucket *bucket;
3485
3486 /* dp_hash value 0 is special since it means that the dp_hash has not been
3487 * computed, as all computed dp_hash values are non-zero. Therefore
3488 * compare to zero can be used to decide if the dp_hash value is valid
3489 * without masking the dp_hash field. */
3490 if (!ctx->xin->flow.dp_hash) {
07a3cd5c 3491 uint64_t param = group->up.props.selection_method_param;
53cc166a
JR		 3492
3493 ctx_trigger_recirculate_with_hash(ctx, param >> 32, (uint32_t)param);
3494 } else {
07a3cd5c 3495 uint32_t n_buckets = group->up.n_buckets;
53cc166a
JR		 3496 if (n_buckets) {
3497 /* Minimal mask to cover the number of buckets. */
3498 uint32_t mask = (1 << log_2_ceil(n_buckets)) - 1;
3499 /* Multiplier chosen to make the trivial 1 bit case to
3500 * actually distribute amongst two equal weight buckets. */
3501 uint32_t basis = 0xc2b73583 * (ctx->xin->flow.dp_hash & mask);
3502
3503 ctx->wc->masks.dp_hash |= mask;
3504 bucket = group_best_live_bucket(ctx, group, basis);
3505 if (bucket) {
3506 xlate_group_bucket(ctx, bucket);
3507 xlate_group_stats(ctx, group, bucket);
3508 }
3509 }
3510 }
3511}
3512
7565c3e4
SH		 3513static void
3514xlate_select_group(struct xlate_ctx *ctx, struct group_dpif *group)
3515{
07a3cd5c 3516 const char *selection_method = group->up.props.selection_method;
7565c3e4 3517
e12ec36b
SH		 3518 /* Select groups may access flow keys beyond L2 in order to
3519 * select a bucket. Recirculate as appropriate to make this possible.
3520 */
3521 if (ctx->was_mpls) {
3522 ctx_trigger_freeze(ctx);
3523 }
3524
7565c3e4
SH		 3525 if (selection_method[0] == '\0') {
3526 xlate_default_select_group(ctx, group);
0c4b9393
SH		 3527 } else if (!strcasecmp("hash", selection_method)) {
3528 xlate_hash_fields_select_group(ctx, group);
53cc166a
JR		 3529 } else if (!strcasecmp("dp_hash", selection_method)) {
3530 xlate_dp_hash_select_group(ctx, group);
7565c3e4
SH		 3531 } else {
3532 /* Parsing of groups should ensure this never happens */
3533 OVS_NOT_REACHED();
3534 }
3535}
3536
f4fb341b
SH		 3537static void
3538xlate_group_action__(struct xlate_ctx *ctx, struct group_dpif *group)
3539{
0eb48fe1 3540 bool was_in_group = ctx->in_group;
5a070238
BP		 3541 ctx->in_group = true;
3542
07a3cd5c 3543 switch (group->up.type) {
f4fb341b
SH		 3544 case OFPGT11_ALL:
3545 case OFPGT11_INDIRECT:
3546 xlate_all_group(ctx, group);
3547 break;
3548 case OFPGT11_SELECT:
fe7e5749 3549 xlate_select_group(ctx, group);
f4fb341b 3550 break;
dd8cd4b4
SH		 3551 case OFPGT11_FF:
3552 xlate_ff_group(ctx, group);
3553 break;
f4fb341b 3554 default:
428b2edd 3555 OVS_NOT_REACHED();
f4fb341b 3556 }
5a070238 3557
0eb48fe1 3558 ctx->in_group = was_in_group;
f4fb341b
SH		 3559}
3560
3561static bool
3562xlate_group_action(struct xlate_ctx *ctx, uint32_t group_id)
3563{
0eb48fe1 3564 if (xlate_resubmit_resource_check(ctx)) {
f4fb341b 3565 struct group_dpif *group;
f4fb341b 3566
76973237
JR		 3567 /* Take ref only if xcache exists. */
3568 group = group_dpif_lookup(ctx->xbridge->ofproto, group_id,
1f4a8933 3569 ctx->xin->tables_version, ctx->xin->xcache);
db88b35c
JR		 3570 if (!group) {
3571 /* XXX: Should set ctx->error ? */
f4fb341b
SH		 3572 return true;
3573 }
db88b35c 3574 xlate_group_action__(ctx, group);
f4fb341b
SH		 3575 }
3576
3577 return false;
3578}
3579
9583bc14
EJ		 3580static void
3581xlate_ofpact_resubmit(struct xlate_ctx *ctx,
3582 const struct ofpact_resubmit *resubmit)
3583{
4e022ec0 3584 ofp_port_t in_port;
9583bc14 3585 uint8_t table_id;
adcf00ba
AZ		 3586 bool may_packet_in = false;
3587 bool honor_table_miss = false;
3588
3589 if (ctx->rule && rule_dpif_is_internal(ctx->rule)) {
3590 /* Still allow missed packets to be sent to the controller
3591 * if resubmitting from an internal table. */
3592 may_packet_in = true;
3593 honor_table_miss = true;
3594 }
9583bc14
EJ		 3595
3596 in_port = resubmit->in_port;
3597 if (in_port == OFPP_IN_PORT) {
4e022ec0 3598 in_port = ctx->xin->flow.in_port.ofp_port;
9583bc14
EJ		 3599 }
3600
3601 table_id = resubmit->table_id;
3602 if (table_id == 255) {
3603 table_id = ctx->table_id;
3604 }
3605
adcf00ba
AZ		 3606 xlate_table_action(ctx, in_port, table_id, may_packet_in,
3607 honor_table_miss);
9583bc14
EJ		 3608}
3609
3610static void
3611flood_packets(struct xlate_ctx *ctx, bool all)
3612{
46c88433 3613 const struct xport *xport;
9583bc14 3614
46c88433
EJ		 3615 HMAP_FOR_EACH (xport, ofp_node, &ctx->xbridge->xports) {
3616 if (xport->ofp_port == ctx->xin->flow.in_port.ofp_port) {
9583bc14
EJ		 3617 continue;
3618 }
3619
3620 if (all) {
e93ef1c7 3621 compose_output_action__(ctx, xport->ofp_port, NULL, false);
46c88433 3622 } else if (!(xport->config & OFPUTIL_PC_NO_FLOOD)) {
e93ef1c7 3623 compose_output_action(ctx, xport->ofp_port, NULL);
9583bc14
EJ		 3624 }
3625 }
3626
2031ef97 3627 ctx->nf_output_iface = NF_OUT_FLOOD;
9583bc14
EJ		 3628}
3629
3630static void
3631execute_controller_action(struct xlate_ctx *ctx, int len,
3632 enum ofp_packet_in_reason reason,
bdcad671
BP		 3633 uint16_t controller_id,
3634 const uint8_t *userdata, size_t userdata_len)
9583bc14 3635{
1895cc8d 3636 struct dp_packet_batch batch;
e14deea0 3637 struct dp_packet *packet;
9583bc14 3638
04594cd5 3639 ctx->xout->slow |= SLOW_CONTROLLER;
b476e2f2 3640 xlate_commit_actions(ctx);
9583bc14
EJ		 3641 if (!ctx->xin->packet) {
3642 return;
3643 }
3644
df70a773
JR		 3645 if (!ctx->xin->allow_side_effects && !ctx->xin->xcache) {
3646 return;
3647 }
3648
cf62fa4c 3649 packet = dp_packet_clone(ctx->xin->packet);
1895cc8d
PS		 3650 packet_batch_init_packet(&batch, packet);
3651 odp_execute_actions(NULL, &batch, false,
1520ef4f 3652 ctx->odp_actions->data, ctx->odp_actions->size, NULL);
9583bc14 3653
9bfe9334
BP		 3654 /* A packet sent by an action in a table-miss rule is considered an
3655 * explicit table miss. OpenFlow before 1.3 doesn't have that concept so
3656 * it will get translated back to OFPR_ACTION for those versions. */
3657 if (reason == OFPR_ACTION
07a3cd5c 3658 && ctx->rule && rule_is_table_miss(&ctx->rule->up)) {
9bfe9334
BP		 3659 reason = OFPR_EXPLICIT_MISS;
3660 }
3661
3662 size_t packet_len = dp_packet_size(packet);
0fb7792a 3663
a2b53dec
BP		 3664 struct ofproto_async_msg *am = xmalloc(sizeof *am);
3665 *am = (struct ofproto_async_msg) {
9bfe9334 3666 .controller_id = controller_id,
a2b53dec
BP		 3667 .oam = OAM_PACKET_IN,
3668 .pin = {
3669 .up = {
77ab5fd2
BP		 3670 .public = {
3671 .packet = dp_packet_steal_data(packet),
3672 .packet_len = packet_len,
3673 .reason = reason,
3674 .table_id = ctx->table_id,
3675 .cookie = ctx->rule_cookie,
3676 .userdata = (userdata_len
3677 ? xmemdup(userdata, userdata_len)
3678 : NULL),
3679 .userdata_len = userdata_len,
3680 }
a2b53dec
BP		 3681 },
3682 .max_len = len,
9bfe9334 3683 },
9bfe9334 3684 };
77ab5fd2 3685 flow_get_metadata(&ctx->xin->flow, &am->pin.up.public.flow_metadata);
9583bc14 3686
df70a773
JR		 3687 /* Async messages are only sent once, so if we send one now, no
3688 * xlate cache entry is created. */
3689 if (ctx->xin->allow_side_effects) {
3690 ofproto_dpif_send_async_msg(ctx->xbridge->ofproto, am);
3691 } else /* xcache */ {
3692 struct xc_entry *entry;
3693
3694 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_CONTROLLER);
3695 entry->controller.ofproto = ctx->xbridge->ofproto;
3696 entry->controller.am = am;
3697 }
3b4fff43
RM		 3698
3699 dp_packet_delete(packet);
9583bc14
EJ		 3700}
3701
7bbdd84f 3702static void
77ab5fd2 3703emit_continuation(struct xlate_ctx *ctx, const struct frozen_state *state)
7bbdd84f 3704{
df70a773
JR		 3705 if (!ctx->xin->allow_side_effects && !ctx->xin->xcache) {
3706 return;
3707 }
3708
77ab5fd2
BP		 3709 struct ofproto_async_msg *am = xmalloc(sizeof *am);
3710 *am = (struct ofproto_async_msg) {
3711 .controller_id = ctx->pause->controller_id,
3712 .oam = OAM_PACKET_IN,
3713 .pin = {
3714 .up = {
3715 .public = {
3716 .userdata = xmemdup(ctx->pause->userdata,
3717 ctx->pause->userdata_len),
3718 .userdata_len = ctx->pause->userdata_len,
3719 .packet = xmemdup(dp_packet_data(ctx->xin->packet),
3720 dp_packet_size(ctx->xin->packet)),
3721 .packet_len = dp_packet_size(ctx->xin->packet),
0b024e49 3722 .reason = ctx->pause->reason,
77ab5fd2 3723 },
07a3cd5c 3724 .bridge = ctx->xbridge->ofproto->uuid,
84cf3c1f
JR		 3725 .stack = xmemdup(state->stack, state->stack_size),
3726 .stack_size = state->stack_size,
77ab5fd2
BP		 3727 .mirrors = state->mirrors,
3728 .conntracked = state->conntracked,
3729 .actions = xmemdup(state->ofpacts, state->ofpacts_len),
3730 .actions_len = state->ofpacts_len,
3731 .action_set = xmemdup(state->action_set,
3732 state->action_set_len),
3733 .action_set_len = state->action_set_len,
3734 },
3735 .max_len = UINT16_MAX,
3736 },
3737 };
3738 flow_get_metadata(&ctx->xin->flow, &am->pin.up.public.flow_metadata);
df70a773
JR		 3739
3740 /* Async messages are only sent once, so if we send one now, no
3741 * xlate cache entry is created. */
3742 if (ctx->xin->allow_side_effects) {
3743 ofproto_dpif_send_async_msg(ctx->xbridge->ofproto, am);
3744 } else /* xcache */ {
3745 struct xc_entry *entry;
3746
3747 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_CONTROLLER);
3748 entry->controller.ofproto = ctx->xbridge->ofproto;
3749 entry->controller.am = am;
3750 }
77ab5fd2 3751}
7bbdd84f 3752
77ab5fd2
BP		 3753static void
3754finish_freezing__(struct xlate_ctx *ctx, uint8_t table)
3755{
1d361a81 3756 ovs_assert(ctx->freezing);
7bbdd84f 3757
1d361a81 3758 struct frozen_state state = {
07659514 3759 .table_id = table,
07a3cd5c 3760 .ofproto_uuid = ctx->xbridge->ofproto->uuid,
5c1b2314 3761 .stack = ctx->stack.data,
84cf3c1f 3762 .stack_size = ctx->stack.size,
29bae541 3763 .mirrors = ctx->mirrors,
07659514 3764 .conntracked = ctx->conntracked,
1d361a81
BP		 3765 .ofpacts = ctx->frozen_actions.data,
3766 .ofpacts_len = ctx->frozen_actions.size,
417509fa 3767 .action_set = ctx->action_set.data,
8a5fb3b4 3768 .action_set_len = ctx->action_set.size,
2082425c 3769 };
77ab5fd2 3770 frozen_metadata_from_flow(&state.metadata, &ctx->xin->flow);
2082425c 3771
77ab5fd2
BP		 3772 if (ctx->pause) {
3773 if (ctx->xin->packet) {
3774 emit_continuation(ctx, &state);
3775 }
3776 } else {
3777 /* Allocate a unique recirc id for the given metadata state in the
3778 * flow. An existing id, with a new reference to the corresponding
3779 * recirculation context, will be returned if possible.
3780 * The life-cycle of this recirc id is managed by associating it
3781 * with the udpif key ('ukey') created for each new datapath flow. */
3782 uint32_t id = recirc_alloc_id_ctx(&state);
3783 if (!id) {
3784 XLATE_REPORT_ERROR(ctx, "Failed to allocate recirculation id");
3785 ctx->error = XLATE_NO_RECIRCULATION_CONTEXT;
3786 return;
3787 }
3788 recirc_refs_add(&ctx->xout->recircs, id);
7bbdd84f 3789
53cc166a
JR		 3790 if (ctx->recirc_update_dp_hash) {
3791 struct ovs_action_hash *act_hash;
3792
3793 /* Hash action. */
3794 act_hash = nl_msg_put_unspec_uninit(ctx->odp_actions,
3795 OVS_ACTION_ATTR_HASH,
3796 sizeof *act_hash);
3797 act_hash->hash_alg = OVS_HASH_ALG_L4; /* Make configurable. */
3798 act_hash->hash_basis = 0; /* Make configurable. */
3799 }
77ab5fd2
BP		 3800 nl_msg_put_u32(ctx->odp_actions, OVS_ACTION_ATTR_RECIRC, id);
3801 }
e672ff9b 3802
1d361a81
BP		 3803 /* Undo changes done by freezing. */
3804 ctx_cancel_freeze(ctx);
7bbdd84f
SH		 3805}
3806
1d361a81 3807/* Called only when we're freezing. */
07659514 3808static void
77ab5fd2 3809finish_freezing(struct xlate_ctx *ctx)
07659514
JS		 3810{
3811 xlate_commit_actions(ctx);
77ab5fd2 3812 finish_freezing__(ctx, 0);
07659514
JS		 3813}
3814
e37b8437
JS		 3815/* Fork the pipeline here. The current packet will continue processing the
3816 * current action list. A clone of the current packet will recirculate, skip
3817 * the remainder of the current action list and asynchronously resume pipeline
3818 * processing in 'table' with the current metadata and action set. */
3819static void
3820compose_recirculate_and_fork(struct xlate_ctx *ctx, uint8_t table)
3821{
1d361a81 3822 ctx->freezing = true;
77ab5fd2 3823 finish_freezing__(ctx, table);
e37b8437
JS		 3824}
3825
8bfd0fda
BP		 3826static void
3827compose_mpls_push_action(struct xlate_ctx *ctx, struct ofpact_push_mpls *mpls)
9583bc14 3828{
33bf9176 3829 struct flow *flow = &ctx->xin->flow;
8bfd0fda 3830 int n;
33bf9176 3831
8bfd0fda 3832 ovs_assert(eth_type_mpls(mpls->ethertype));
b0a17866 3833
49a73e0c 3834 n = flow_count_mpls_labels(flow, ctx->wc);
8bfd0fda 3835 if (!n) {
704bb0bf 3836 xlate_commit_actions(ctx);
8bfd0fda
BP		 3837 } else if (n >= FLOW_MAX_MPLS_LABELS) {
3838 if (ctx->xin->packet != NULL) {
fff1b9c0 3839 XLATE_REPORT_ERROR(ctx, "bridge %s: dropping packet on which an "
8bfd0fda
BP		 3840 "MPLS push action can't be performed as it would "
3841 "have more MPLS LSEs than the %d supported.",
3842 ctx->xbridge->name, FLOW_MAX_MPLS_LABELS);
9583bc14 3843 }
fff1b9c0 3844 ctx->error = XLATE_TOO_MANY_MPLS_LABELS;
8bfd0fda 3845 return;
9583bc14 3846 }
b0a17866 3847
742c0ac3
JR		 3848 /* Update flow's MPLS stack, and clear L3/4 fields to mark them invalid. */
3849 flow_push_mpls(flow, n, mpls->ethertype, ctx->wc, true);
9583bc14
EJ		 3850}
3851
8bfd0fda 3852static void
9cfef3d0 3853compose_mpls_pop_action(struct xlate_ctx *ctx, ovs_be16 eth_type)
9583bc14 3854{
8bfd0fda 3855 struct flow *flow = &ctx->xin->flow;
49a73e0c 3856 int n = flow_count_mpls_labels(flow, ctx->wc);
33bf9176 3857
49a73e0c 3858 if (flow_pop_mpls(flow, n, eth_type, ctx->wc)) {
8bf009bf 3859 if (!eth_type_mpls(eth_type) && ctx->xbridge->support.odp.recirc) {
e12ec36b 3860 ctx->was_mpls = true;
7bbdd84f
SH		 3861 }
3862 } else if (n >= FLOW_MAX_MPLS_LABELS) {
8bfd0fda 3863 if (ctx->xin->packet != NULL) {
fff1b9c0 3864 XLATE_REPORT_ERROR(ctx, "bridge %s: dropping packet on which an "
8bfd0fda
BP		 3865 "MPLS pop action can't be performed as it has "
3866 "more MPLS LSEs than the %d supported.",
3867 ctx->xbridge->name, FLOW_MAX_MPLS_LABELS);
3868 }
fff1b9c0 3869 ctx->error = XLATE_TOO_MANY_MPLS_LABELS;
1520ef4f 3870 ofpbuf_clear(ctx->odp_actions);
9583bc14
EJ		 3871 }
3872}
3873
3874static bool
3875compose_dec_ttl(struct xlate_ctx *ctx, struct ofpact_cnt_ids *ids)
3876{
33bf9176
BP		 3877 struct flow *flow = &ctx->xin->flow;
3878
3879 if (!is_ip_any(flow)) {
9583bc14
EJ		 3880 return false;
3881 }
3882
49a73e0c 3883 ctx->wc->masks.nw_ttl = 0xff;
33bf9176
BP		 3884 if (flow->nw_ttl > 1) {
3885 flow->nw_ttl--;
9583bc14
EJ		 3886 return false;
3887 } else {
3888 size_t i;
3889
3890 for (i = 0; i < ids->n_controllers; i++) {
3891 execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL,
bdcad671 3892 ids->cnt_ids[i], NULL, 0);
9583bc14
EJ		 3893 }
3894
3895 /* Stop processing for current table. */
3896 return true;
3897 }
3898}
3899
8bfd0fda 3900static void
097d4939
JR		 3901compose_set_mpls_label_action(struct xlate_ctx *ctx, ovs_be32 label)
3902{
8bfd0fda 3903 if (eth_type_mpls(ctx->xin->flow.dl_type)) {
49a73e0c 3904 ctx->wc->masks.mpls_lse[0] |= htonl(MPLS_LABEL_MASK);
8bfd0fda 3905 set_mpls_lse_label(&ctx->xin->flow.mpls_lse[0], label);
097d4939 3906 }
097d4939
JR		 3907}
3908
8bfd0fda 3909static void
097d4939
JR		 3910compose_set_mpls_tc_action(struct xlate_ctx *ctx, uint8_t tc)
3911{
8bfd0fda 3912 if (eth_type_mpls(ctx->xin->flow.dl_type)) {
49a73e0c 3913 ctx->wc->masks.mpls_lse[0] |= htonl(MPLS_TC_MASK);
8bfd0fda 3914 set_mpls_lse_tc(&ctx->xin->flow.mpls_lse[0], tc);
097d4939 3915 }
097d4939
JR		 3916}
3917
8bfd0fda 3918static void
9cfef3d0 3919compose_set_mpls_ttl_action(struct xlate_ctx *ctx, uint8_t ttl)
9583bc14 3920{
8bfd0fda 3921 if (eth_type_mpls(ctx->xin->flow.dl_type)) {
49a73e0c 3922 ctx->wc->masks.mpls_lse[0] |= htonl(MPLS_TTL_MASK);
8bfd0fda 3923 set_mpls_lse_ttl(&ctx->xin->flow.mpls_lse[0], ttl);
b0a17866 3924 }
9583bc14
EJ		 3925}
3926
3927static bool
9cfef3d0 3928compose_dec_mpls_ttl_action(struct xlate_ctx *ctx)
9583bc14 3929{
33bf9176 3930 struct flow *flow = &ctx->xin->flow;
1dd35f8a 3931
8bfd0fda 3932 if (eth_type_mpls(flow->dl_type)) {
22d38fca
JR		 3933 uint8_t ttl = mpls_lse_to_ttl(flow->mpls_lse[0]);
3934
49a73e0c 3935 ctx->wc->masks.mpls_lse[0] |= htonl(MPLS_TTL_MASK);
8bfd0fda
BP		 3936 if (ttl > 1) {
3937 ttl--;
3938 set_mpls_lse_ttl(&flow->mpls_lse[0], ttl);
3939 return false;
3940 } else {
bdcad671
BP		 3941 execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL, 0,
3942 NULL, 0);
8bfd0fda 3943 }
9583bc14 3944 }
22d38fca
JR		 3945
3946 /* Stop processing for current table. */
3947 return true;
9583bc14
EJ		 3948}
3949
3950static void
3951xlate_output_action(struct xlate_ctx *ctx,
4e022ec0 3952 ofp_port_t port, uint16_t max_len, bool may_packet_in)
9583bc14 3953{
2031ef97 3954 ofp_port_t prev_nf_output_iface = ctx->nf_output_iface;
9583bc14 3955
2031ef97 3956 ctx->nf_output_iface = NF_OUT_DROP;
9583bc14
EJ		 3957
3958 switch (port) {
3959 case OFPP_IN_PORT:
e93ef1c7 3960 compose_output_action(ctx, ctx->xin->flow.in_port.ofp_port, NULL);
9583bc14
EJ		 3961 break;
3962 case OFPP_TABLE:
4e022ec0 3963 xlate_table_action(ctx, ctx->xin->flow.in_port.ofp_port,
6d328fa2 3964 0, may_packet_in, true);
9583bc14
EJ		 3965 break;
3966 case OFPP_NORMAL:
3967 xlate_normal(ctx);
3968 break;
3969 case OFPP_FLOOD:
3970 flood_packets(ctx, false);
3971 break;
3972 case OFPP_ALL:
3973 flood_packets(ctx, true);
3974 break;
3975 case OFPP_CONTROLLER:
3a11fd5b 3976 execute_controller_action(ctx, max_len,
029ca940
SS		 3977 (ctx->in_group ? OFPR_GROUP
3978 : ctx->in_action_set ? OFPR_ACTION_SET
3979 : OFPR_ACTION),
bdcad671 3980 0, NULL, 0);
9583bc14
EJ		 3981 break;
3982 case OFPP_NONE:
3983 break;
3984 case OFPP_LOCAL:
3985 default:
4e022ec0 3986 if (port != ctx->xin->flow.in_port.ofp_port) {
e93ef1c7 3987 compose_output_action(ctx, port, NULL);
9583bc14
EJ		 3988 } else {
3989 xlate_report(ctx, "skipping output to input port");
3990 }
3991 break;
3992 }
3993
3994 if (prev_nf_output_iface == NF_OUT_FLOOD) {
2031ef97
BP		 3995 ctx->nf_output_iface = NF_OUT_FLOOD;
3996 } else if (ctx->nf_output_iface == NF_OUT_DROP) {
3997 ctx->nf_output_iface = prev_nf_output_iface;
9583bc14 3998 } else if (prev_nf_output_iface != NF_OUT_DROP &&
2031ef97
BP		 3999 ctx->nf_output_iface != NF_OUT_FLOOD) {
4000 ctx->nf_output_iface = NF_OUT_MULTI;
9583bc14
EJ		 4001 }
4002}
4003
4004static void
4005xlate_output_reg_action(struct xlate_ctx *ctx,
4006 const struct ofpact_output_reg *or)
4007{
4008 uint64_t port = mf_get_subfield(&or->src, &ctx->xin->flow);
4009 if (port <= UINT16_MAX) {
4010 union mf_subvalue value;
4011
4012 memset(&value, 0xff, sizeof value);
49a73e0c 4013 mf_write_subfield_flow(&or->src, &value, &ctx->wc->masks);
4e022ec0
AW		 4014 xlate_output_action(ctx, u16_to_ofp(port),
4015 or->max_len, false);
9583bc14
EJ		 4016 }
4017}
4018
aaca4fe0
WT		 4019static void
4020xlate_output_trunc_action(struct xlate_ctx *ctx,
4021 ofp_port_t port, uint32_t max_len)
4022{
4023 bool support_trunc = ctx->xbridge->support.trunc;
4024 struct ovs_action_trunc *trunc;
4025 char name[OFP_MAX_PORT_NAME_LEN];
4026
4027 switch (port) {
4028 case OFPP_TABLE:
4029 case OFPP_NORMAL:
4030 case OFPP_FLOOD:
4031 case OFPP_ALL:
4032 case OFPP_CONTROLLER:
4033 case OFPP_NONE:
4034 ofputil_port_to_string(port, name, sizeof name);
4035 xlate_report(ctx, "output_trunc does not support port: %s", name);
4036 break;
4037 case OFPP_LOCAL:
4038 case OFPP_IN_PORT:
4039 default:
4040 if (port != ctx->xin->flow.in_port.ofp_port) {
4041 const struct xport *xport = get_ofp_port(ctx->xbridge, port);
4042
4043 if (xport == NULL || xport->odp_port == ODPP_NONE) {
4044 /* Since truncate happens at its following output action, if
4045 * the output port is a patch port, the behavior is somehow
4046 * unpredicable. For simpilicity, disallow this case. */
4047 ofputil_port_to_string(port, name, sizeof name);
4048 XLATE_REPORT_ERROR(ctx, "bridge %s: "
4049 "output_trunc does not support port: %s",
4050 ctx->xbridge->name, name);
4051 break;
4052 }
4053
4054 trunc = nl_msg_put_unspec_uninit(ctx->odp_actions,
4055 OVS_ACTION_ATTR_TRUNC,
4056 sizeof *trunc);
4057 trunc->max_len = max_len;
4058 xlate_output_action(ctx, port, max_len, false);
4059 if (!support_trunc) {
4060 ctx->xout->slow |= SLOW_ACTION;
4061 }
4062 } else {
4063 xlate_report(ctx, "skipping output to input port");
4064 }
4065 break;
4066 }
4067}
4068
9583bc14
EJ		 4069static void
4070xlate_enqueue_action(struct xlate_ctx *ctx,
4071 const struct ofpact_enqueue *enqueue)
4072{
4e022ec0 4073 ofp_port_t ofp_port = enqueue->port;
9583bc14
EJ		 4074 uint32_t queue_id = enqueue->queue;
4075 uint32_t flow_priority, priority;
4076 int error;
4077
4078 /* Translate queue to priority. */
89a8a7f0 4079 error = dpif_queue_to_priority(ctx->xbridge->dpif, queue_id, &priority);
9583bc14
EJ		 4080 if (error) {
4081 /* Fall back to ordinary output action. */
4082 xlate_output_action(ctx, enqueue->port, 0, false);
4083 return;
4084 }
4085
4086 /* Check output port. */
4087 if (ofp_port == OFPP_IN_PORT) {
4e022ec0
AW		 4088 ofp_port = ctx->xin->flow.in_port.ofp_port;
4089 } else if (ofp_port == ctx->xin->flow.in_port.ofp_port) {
9583bc14
EJ		 4090 return;
4091 }
4092
4093 /* Add datapath actions. */
4094 flow_priority = ctx->xin->flow.skb_priority;
4095 ctx->xin->flow.skb_priority = priority;
e93ef1c7 4096 compose_output_action(ctx, ofp_port, NULL);
9583bc14
EJ		 4097 ctx->xin->flow.skb_priority = flow_priority;
4098
4099 /* Update NetFlow output port. */
2031ef97
BP		 4100 if (ctx->nf_output_iface == NF_OUT_DROP) {
4101 ctx->nf_output_iface = ofp_port;
4102 } else if (ctx->nf_output_iface != NF_OUT_FLOOD) {
4103 ctx->nf_output_iface = NF_OUT_MULTI;
9583bc14
EJ		 4104 }
4105}
4106
4107static void
4108xlate_set_queue_action(struct xlate_ctx *ctx, uint32_t queue_id)
4109{
4110 uint32_t skb_priority;
4111
89a8a7f0 4112 if (!dpif_queue_to_priority(ctx->xbridge->dpif, queue_id, &skb_priority)) {
9583bc14
EJ		 4113 ctx->xin->flow.skb_priority = skb_priority;
4114 } else {
4115 /* Couldn't translate queue to a priority. Nothing to do. A warning
4116 * has already been logged. */
4117 }
4118}
4119
4120static bool
46c88433 4121slave_enabled_cb(ofp_port_t ofp_port, void *xbridge_)
9583bc14 4122{
46c88433
EJ		 4123 const struct xbridge *xbridge = xbridge_;
4124 struct xport *port;
9583bc14
EJ		 4125
4126 switch (ofp_port) {
4127 case OFPP_IN_PORT:
4128 case OFPP_TABLE:
4129 case OFPP_NORMAL:
4130 case OFPP_FLOOD:
4131 case OFPP_ALL:
4132 case OFPP_NONE:
4133 return true;
4134 case OFPP_CONTROLLER: /* Not supported by the bundle action. */
4135 return false;
4136 default:
46c88433 4137 port = get_ofp_port(xbridge, ofp_port);
9583bc14
EJ		 4138 return port ? port->may_enable : false;
4139 }
4140}
4141
4142static void
4143xlate_bundle_action(struct xlate_ctx *ctx,
4144 const struct ofpact_bundle *bundle)
4145{
4e022ec0 4146 ofp_port_t port;
9583bc14 4147
49a73e0c 4148 port = bundle_execute(bundle, &ctx->xin->flow, ctx->wc, slave_enabled_cb,
46c88433 4149 CONST_CAST(struct xbridge *, ctx->xbridge));
9583bc14 4150 if (bundle->dst.field) {
49a73e0c 4151 nxm_reg_load(&bundle->dst, ofp_to_u16(port), &ctx->xin->flow, ctx->wc);
9583bc14
EJ		 4152 } else {
4153 xlate_output_action(ctx, port, 0, false);
4154 }
4155}
4156
4165b5e0
JS		 4157static void
4158xlate_learn_action(struct xlate_ctx *ctx, const struct ofpact_learn *learn)
4159{
49a73e0c 4160 learn_mask(learn, ctx->wc);
9583bc14 4161
df70a773 4162 if (ctx->xin->xcache || ctx->xin->allow_side_effects) {
4165b5e0
JS		 4163 uint64_t ofpacts_stub[1024 / 8];
4164 struct ofputil_flow_mod fm;
2c7ee524 4165 struct ofproto_flow_mod ofm__, *ofm;
4165b5e0 4166 struct ofpbuf ofpacts;
2c7ee524
JR		 4167 enum ofperr error;
4168
4169 if (ctx->xin->xcache) {
4170 struct xc_entry *entry;
4171
4172 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_LEARN);
4173 entry->learn.ofm = xmalloc(sizeof *entry->learn.ofm);
4174 ofm = entry->learn.ofm;
4175 } else {
4176 ofm = &ofm__;
4177 }
4165b5e0
JS		 4178
4179 ofpbuf_use_stub(&ofpacts, ofpacts_stub, sizeof ofpacts_stub);
2c7ee524
JR		 4180 learn_execute(learn, &ctx->xin->flow, &fm, &ofpacts);
4181 error = ofproto_dpif_flow_mod_init_for_learn(ctx->xbridge->ofproto,
4182 &fm, ofm);
4165b5e0 4183 ofpbuf_uninit(&ofpacts);
2c7ee524 4184
df70a773 4185 if (!error && ctx->xin->allow_side_effects) {
2c7ee524
JR		 4186 error = ofproto_flow_mod_learn(ofm, ctx->xin->xcache != NULL);
4187 }
4188
4189 if (error) {
4190 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
4191 VLOG_WARN_RL(&rl, "%s: LEARN action execution failed (%s).",
4192 ctx->xbridge->name, ofperr_to_string(error));
4193 }
b256dc52
JS		 4194 }
4195}
4196
4197static void
4198xlate_fin_timeout__(struct rule_dpif *rule, uint16_t tcp_flags,
4199 uint16_t idle_timeout, uint16_t hard_timeout)
4200{
4201 if (tcp_flags & (TCP_FIN | TCP_RST)) {
07a3cd5c 4202 ofproto_rule_reduce_timeouts(&rule->up, idle_timeout, hard_timeout);
b256dc52 4203 }
9583bc14
EJ		 4204}
4205
9583bc14
EJ		 4206static void
4207xlate_fin_timeout(struct xlate_ctx *ctx,
4208 const struct ofpact_fin_timeout *oft)
4209{
b256dc52 4210 if (ctx->rule) {
df70a773
JR		 4211 if (ctx->xin->allow_side_effects) {
4212 xlate_fin_timeout__(ctx->rule, ctx->xin->tcp_flags,
4213 oft->fin_idle_timeout, oft->fin_hard_timeout);
4214 }
b256dc52
JS		 4215 if (ctx->xin->xcache) {
4216 struct xc_entry *entry;
4217
4218 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_FIN_TIMEOUT);
83709dfa
JR		 4219 /* XC_RULE already holds a reference on the rule, none is taken
4220 * here. */
901a517e
JR		 4221 entry->fin.rule = ctx->rule;
4222 entry->fin.idle = oft->fin_idle_timeout;
4223 entry->fin.hard = oft->fin_hard_timeout;
b256dc52 4224 }
9583bc14
EJ		 4225 }
4226}
4227
4228static void
4229xlate_sample_action(struct xlate_ctx *ctx,
4230 const struct ofpact_sample *os)
4231{
f69f713b
BY		 4232 odp_port_t output_odp_port = ODPP_NONE;
4233 odp_port_t tunnel_out_port = ODPP_NONE;
4234 struct dpif_ipfix *ipfix = ctx->xbridge->ipfix;
4235 bool emit_set_tunnel = false;
4236
4237 if (!ipfix || ctx->xin->flow.in_port.ofp_port == OFPP_NONE) {
4238 return;
4239 }
4240
e824d78d
JR		 4241 /* Scale the probability from 16-bit to 32-bit while representing
4242 * the same percentage. */
4243 uint32_t probability = (os->probability << 16) | os->probability;
4244
b440dd8c 4245 if (!ctx->xbridge->support.variable_length_userdata) {
e824d78d
JR		 4246 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
4247
4248 VLOG_ERR_RL(&rl, "ignoring NXAST_SAMPLE action because datapath "
4249 "lacks support (needs Linux 3.10+ or kernel module from "
4250 "OVS 1.11+)");
4251 return;
4252 }
4253
f69f713b
BY		 4254 /* If ofp_port in flow sample action is equel to ofp_port,
4255 * this sample action is a input port action. */
4256 if (os->sampling_port != OFPP_NONE &&
4257 os->sampling_port != ctx->xin->flow.in_port.ofp_port) {
4258 output_odp_port = ofp_port_to_odp_port(ctx->xbridge,
4259 os->sampling_port);
4260 if (output_odp_port == ODPP_NONE) {
4261 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
4262 VLOG_WARN_RL(&rl, "can't use unknown port %d in flow sample "
4263 "action", os->sampling_port);
4264 return;
4265 }
4266
4267 if (dpif_ipfix_get_flow_exporter_tunnel_sampling(ipfix,
4268 os->collector_set_id)
4269 && dpif_ipfix_get_tunnel_port(ipfix, output_odp_port)) {
4270 tunnel_out_port = output_odp_port;
4271 emit_set_tunnel = true;
4272 }
4273 }
4274
4275 xlate_commit_actions(ctx);
4276 /* If 'emit_set_tunnel', sample(sampling_port=1) would translate
4277 * into datapath sample action set(tunnel(...)), sample(...) and
4278 * it is used for sampling egress tunnel information. */
4279 if (emit_set_tunnel) {
4280 const struct xport *xport = get_ofp_port(ctx->xbridge,
4281 os->sampling_port);
4282
4283 if (xport && xport->is_tunnel) {
4284 struct flow *flow = &ctx->xin->flow;
4285 tnl_port_send(xport->ofport, flow, ctx->wc);
4286 if (!ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) {
4287 struct flow_tnl flow_tnl = flow->tunnel;
4288
4289 commit_odp_tunnel_action(flow, &ctx->base_flow,
4290 ctx->odp_actions);
4291 flow->tunnel = flow_tnl;
4292 }
4293 } else {
4294 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
4295 VLOG_WARN_RL(&rl, "sampling_port:%d should be a tunnel port.",
4296 os->sampling_port);
4297 }
4298 }
e824d78d 4299
a6092018
BP		 4300 union user_action_cookie cookie = {
4301 .flow_sample = {
4302 .type = USER_ACTION_COOKIE_FLOW_SAMPLE,
4303 .probability = os->probability,
4304 .collector_set_id = os->collector_set_id,
4305 .obs_domain_id = os->obs_domain_id,
4306 .obs_point_id = os->obs_point_id,
f69f713b 4307 .output_odp_port = output_odp_port,
4930ea56 4308 .direction = os->direction,
a6092018
BP		 4309 }
4310 };
4311 compose_sample_action(ctx, probability, &cookie, sizeof cookie.flow_sample,
f69f713b 4312 tunnel_out_port, false);
9583bc14
EJ		 4313}
4314
7ae62a67
WT		 4315static void
4316compose_clone_action(struct xlate_ctx *ctx, const struct ofpact_nest *oc)
4317{
ba653d2a 4318 bool old_conntracked = ctx->conntracked;
7ae62a67 4319 struct flow old_flow = ctx->xin->flow;
ba653d2a 4320
7ae62a67 4321 do_xlate_actions(oc->actions, ofpact_nest_get_action_len(oc), ctx);
ba653d2a 4322
7ae62a67 4323 ctx->xin->flow = old_flow;
ba653d2a
BP		 4324
4325 /* The clone's conntrack execution should have no effect on the original
4326 * packet. */
4327 ctx->conntracked = old_conntracked;
7ae62a67
WT		 4328}
4329
9583bc14 4330static bool
46c88433 4331may_receive(const struct xport *xport, struct xlate_ctx *ctx)
9583bc14 4332{
bbbca389 4333 if (xport->config & (is_stp(&ctx->xin->flow)
46c88433
EJ		 4334 ? OFPUTIL_PC_NO_RECV_STP
4335 : OFPUTIL_PC_NO_RECV)) {
9583bc14
EJ		 4336 return false;
4337 }
4338
4339 /* Only drop packets here if both forwarding and learning are
4340 * disabled. If just learning is enabled, we need to have
4341 * OFPP_NORMAL and the learning action have a look at the packet
4342 * before we can drop it. */
9efd308e
DV		 4343 if ((!xport_stp_forward_state(xport) && !xport_stp_learn_state(xport)) ||
4344 (!xport_rstp_forward_state(xport) && !xport_rstp_learn_state(xport))) {
9583bc14
EJ		 4345 return false;
4346 }
4347
4348 return true;
4349}
4350
7fdb60a7 4351static void
7e7e8dbb
BP		 4352xlate_write_actions__(struct xlate_ctx *ctx,
4353 const struct ofpact *ofpacts, size_t ofpacts_len)
7fdb60a7 4354{
c61f3870
BP		 4355 /* Maintain actset_output depending on the contents of the action set:
4356 *
4357 * - OFPP_UNSET, if there is no "output" action.
4358 *
4359 * - The output port, if there is an "output" action and no "group"
4360 * action.
4361 *
4362 * - OFPP_UNSET, if there is a "group" action.
4363 */
4364 if (!ctx->action_set_has_group) {
7e7e8dbb
BP		 4365 const struct ofpact *a;
4366 OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) {
4367 if (a->type == OFPACT_OUTPUT) {
4368 ctx->xin->flow.actset_output = ofpact_get_OUTPUT(a)->port;
4369 } else if (a->type == OFPACT_GROUP) {
c61f3870
BP		 4370 ctx->xin->flow.actset_output = OFPP_UNSET;
4371 ctx->action_set_has_group = true;
9055ca9a 4372 break;
c61f3870
BP		 4373 }
4374 }
4375 }
4376
7e7e8dbb
BP		 4377 ofpbuf_put(&ctx->action_set, ofpacts, ofpacts_len);
4378}
4379
4380static void
4381xlate_write_actions(struct xlate_ctx *ctx, const struct ofpact_nest *a)
4382{
4383 xlate_write_actions__(ctx, a->actions, ofpact_nest_get_action_len(a));
7fdb60a7
SH		 4384}
4385
4386static void
4387xlate_action_set(struct xlate_ctx *ctx)
4388{
4389 uint64_t action_list_stub[1024 / 64];
4390 struct ofpbuf action_list;
4391
029ca940 4392 ctx->in_action_set = true;
7fdb60a7
SH		 4393 ofpbuf_use_stub(&action_list, action_list_stub, sizeof action_list_stub);
4394 ofpacts_execute_action_set(&action_list, &ctx->action_set);
ed9c9e3e
JR		 4395 /* Clear the action set, as it is not needed any more. */
4396 ofpbuf_clear(&ctx->action_set);
6fd6ed71 4397 do_xlate_actions(action_list.data, action_list.size, ctx);
029ca940 4398 ctx->in_action_set = false;
7fdb60a7
SH		 4399 ofpbuf_uninit(&action_list);
4400}
4401
e672ff9b 4402static void
1d361a81 4403freeze_put_unroll_xlate(struct xlate_ctx *ctx)
e672ff9b 4404{
1d361a81 4405 struct ofpact_unroll_xlate *unroll = ctx->frozen_actions.header;
e672ff9b
JR		 4406
4407 /* Restore the table_id and rule cookie for a potential PACKET
4408 * IN if needed. */
4409 if (!unroll ||
4410 (ctx->table_id != unroll->rule_table_id
4411 || ctx->rule_cookie != unroll->rule_cookie)) {
1d361a81 4412 unroll = ofpact_put_UNROLL_XLATE(&ctx->frozen_actions);
e672ff9b
JR		 4413 unroll->rule_table_id = ctx->table_id;
4414 unroll->rule_cookie = ctx->rule_cookie;
1d361a81 4415 ctx->frozen_actions.header = unroll;
e672ff9b
JR		 4416 }
4417}
4418
4419
1d361a81
BP		 4420/* Copy actions 'a' through 'end' to ctx->frozen_actions, which will be
4421 * executed after thawing. Inserts an UNROLL_XLATE action, if none is already
4422 * present, before any action that may depend on the current table ID or flow
4423 * cookie. */
e672ff9b 4424static void
1d361a81 4425freeze_unroll_actions(const struct ofpact *a, const struct ofpact *end,
e672ff9b
JR		 4426 struct xlate_ctx *ctx)
4427{
c2b283b7 4428 for (; a < end; a = ofpact_next(a)) {
e672ff9b 4429 switch (a->type) {
e672ff9b 4430 case OFPACT_OUTPUT_REG:
aaca4fe0 4431 case OFPACT_OUTPUT_TRUNC:
e672ff9b
JR		 4432 case OFPACT_GROUP:
4433 case OFPACT_OUTPUT:
4434 case OFPACT_CONTROLLER:
4435 case OFPACT_DEC_MPLS_TTL:
4436 case OFPACT_DEC_TTL:
83a31283
BP		 4437 /* These actions may generate asynchronous messages, which include
4438 * table ID and flow cookie information. */
1d361a81 4439 freeze_put_unroll_xlate(ctx);
e672ff9b
JR		 4440 break;
4441
83a31283
BP		 4442 case OFPACT_RESUBMIT:
4443 if (ofpact_get_RESUBMIT(a)->table_id == 0xff) {
4444 /* This resubmit action is relative to the current table, so we
4445 * need to track what table that is.*/
1d361a81 4446 freeze_put_unroll_xlate(ctx);
83a31283
BP		 4447 }
4448 break;
4449
e672ff9b
JR		 4450 case OFPACT_SET_TUNNEL:
4451 case OFPACT_REG_MOVE:
4452 case OFPACT_SET_FIELD:
4453 case OFPACT_STACK_PUSH:
4454 case OFPACT_STACK_POP:
4455 case OFPACT_LEARN:
4456 case OFPACT_WRITE_METADATA:
83a31283 4457 case OFPACT_GOTO_TABLE:
e672ff9b
JR		 4458 case OFPACT_ENQUEUE:
4459 case OFPACT_SET_VLAN_VID:
4460 case OFPACT_SET_VLAN_PCP:
4461 case OFPACT_STRIP_VLAN:
4462 case OFPACT_PUSH_VLAN:
4463 case OFPACT_SET_ETH_SRC:
4464 case OFPACT_SET_ETH_DST:
4465 case OFPACT_SET_IPV4_SRC:
4466 case OFPACT_SET_IPV4_DST:
4467 case OFPACT_SET_IP_DSCP:
4468 case OFPACT_SET_IP_ECN:
4469 case OFPACT_SET_IP_TTL:
4470 case OFPACT_SET_L4_SRC_PORT:
4471 case OFPACT_SET_L4_DST_PORT:
4472 case OFPACT_SET_QUEUE:
4473 case OFPACT_POP_QUEUE:
4474 case OFPACT_PUSH_MPLS:
4475 case OFPACT_POP_MPLS:
4476 case OFPACT_SET_MPLS_LABEL:
4477 case OFPACT_SET_MPLS_TC:
4478 case OFPACT_SET_MPLS_TTL:
4479 case OFPACT_MULTIPATH:
4480 case OFPACT_BUNDLE:
4481 case OFPACT_EXIT:
4482 case OFPACT_UNROLL_XLATE:
4483 case OFPACT_FIN_TIMEOUT:
4484 case OFPACT_CLEAR_ACTIONS:
4485 case OFPACT_WRITE_ACTIONS:
4486 case OFPACT_METER:
4487 case OFPACT_SAMPLE:
7ae62a67 4488 case OFPACT_CLONE:
d4abaff5 4489 case OFPACT_DEBUG_RECIRC:
07659514 4490 case OFPACT_CT:
9ac0aada 4491 case OFPACT_NAT:
83a31283 4492 /* These may not generate PACKET INs. */
e672ff9b
JR		 4493 break;
4494
e672ff9b
JR		 4495 case OFPACT_NOTE:
4496 case OFPACT_CONJUNCTION:
83a31283 4497 /* These need not be copied for restoration. */
e672ff9b
JR		 4498 continue;
4499 }
4500 /* Copy the action over. */
1d361a81 4501 ofpbuf_put(&ctx->frozen_actions, a, OFPACT_ALIGN(a->len));
e672ff9b
JR		 4502 }
4503}
4504
8e53fe8c 4505static void
f2d105b5
JS		 4506put_ct_mark(const struct flow *flow, struct ofpbuf *odp_actions,
4507 struct flow_wildcards *wc)
8e53fe8c 4508{
2a754f4a
JS		 4509 if (wc->masks.ct_mark) {
4510 struct {
4511 uint32_t key;
4512 uint32_t mask;
4513 } *odp_ct_mark;
4514
4515 odp_ct_mark = nl_msg_put_unspec_uninit(odp_actions, OVS_CT_ATTR_MARK,
4516 sizeof(*odp_ct_mark));
4517 odp_ct_mark->key = flow->ct_mark & wc->masks.ct_mark;
4518 odp_ct_mark->mask = wc->masks.ct_mark;
8e53fe8c
JS		 4519 }
4520}
4521
9daf2348 4522static void
f2d105b5
JS		 4523put_ct_label(const struct flow *flow, struct ofpbuf *odp_actions,
4524 struct flow_wildcards *wc)
9daf2348 4525{
2ff8484b 4526 if (!ovs_u128_is_zero(wc->masks.ct_label)) {
9daf2348
JS		 4527 struct {
4528 ovs_u128 key;
4529 ovs_u128 mask;
4530 } *odp_ct_label;
4531
4532 odp_ct_label = nl_msg_put_unspec_uninit(odp_actions,
4533 OVS_CT_ATTR_LABELS,
4534 sizeof(*odp_ct_label));
f2d105b5 4535 odp_ct_label->key = ovs_u128_and(flow->ct_label, wc->masks.ct_label);
9daf2348
JS		 4536 odp_ct_label->mask = wc->masks.ct_label;
4537 }
4538}
4539
d787ad39
JS		 4540static void
4541put_ct_helper(struct ofpbuf *odp_actions, struct ofpact_conntrack *ofc)
4542{
4543 if (ofc->alg) {
40c7b2fc
JS		 4544 switch(ofc->alg) {
4545 case IPPORT_FTP:
d787ad39 4546 nl_msg_put_string(odp_actions, OVS_CT_ATTR_HELPER, "ftp");
40c7b2fc
JS		 4547 break;
4548 case IPPORT_TFTP:
4549 nl_msg_put_string(odp_actions, OVS_CT_ATTR_HELPER, "tftp");
4550 break;
4551 default:
d787ad39 4552 VLOG_WARN("Cannot serialize ct_helper %d\n", ofc->alg);
40c7b2fc 4553 break;
d787ad39
JS		 4554 }
4555 }
4556}
4557
9ac0aada
JR		 4558static void
4559put_ct_nat(struct xlate_ctx *ctx)
4560{
4561 struct ofpact_nat *ofn = ctx->ct_nat_action;
4562 size_t nat_offset;
4563
4564 if (!ofn) {
4565 return;
4566 }
4567
4568 nat_offset = nl_msg_start_nested(ctx->odp_actions, OVS_CT_ATTR_NAT);
4569 if (ofn->flags & NX_NAT_F_SRC || ofn->flags & NX_NAT_F_DST) {
4570 nl_msg_put_flag(ctx->odp_actions, ofn->flags & NX_NAT_F_SRC
4571 ? OVS_NAT_ATTR_SRC : OVS_NAT_ATTR_DST);
4572 if (ofn->flags & NX_NAT_F_PERSISTENT) {
4573 nl_msg_put_flag(ctx->odp_actions, OVS_NAT_ATTR_PERSISTENT);
4574 }
4575 if (ofn->flags & NX_NAT_F_PROTO_HASH) {
4576 nl_msg_put_flag(ctx->odp_actions, OVS_NAT_ATTR_PROTO_HASH);
4577 } else if (ofn->flags & NX_NAT_F_PROTO_RANDOM) {
4578 nl_msg_put_flag(ctx->odp_actions, OVS_NAT_ATTR_PROTO_RANDOM);
4579 }
4580 if (ofn->range_af == AF_INET) {
73e8bc23 4581 nl_msg_put_be32(ctx->odp_actions, OVS_NAT_ATTR_IP_MIN,
9ac0aada
JR		 4582 ofn->range.addr.ipv4.min);
4583 if (ofn->range.addr.ipv4.max &&
73e8bc23
BP		 4584 (ntohl(ofn->range.addr.ipv4.max)
4585 > ntohl(ofn->range.addr.ipv4.min))) {
4586 nl_msg_put_be32(ctx->odp_actions, OVS_NAT_ATTR_IP_MAX,
4587 ofn->range.addr.ipv4.max);
9ac0aada
JR		 4588 }
4589 } else if (ofn->range_af == AF_INET6) {
4590 nl_msg_put_unspec(ctx->odp_actions, OVS_NAT_ATTR_IP_MIN,
4591 &ofn->range.addr.ipv6.min,
4592 sizeof ofn->range.addr.ipv6.min);
4593 if (!ipv6_mask_is_any(&ofn->range.addr.ipv6.max) &&
4594 memcmp(&ofn->range.addr.ipv6.max, &ofn->range.addr.ipv6.min,
4595 sizeof ofn->range.addr.ipv6.max) > 0) {
4596 nl_msg_put_unspec(ctx->odp_actions, OVS_NAT_ATTR_IP_MAX,
4597 &ofn->range.addr.ipv6.max,
4598 sizeof ofn->range.addr.ipv6.max);
4599 }
4600 }
4601 if (ofn->range_af != AF_UNSPEC && ofn->range.proto.min) {
4602 nl_msg_put_u16(ctx->odp_actions, OVS_NAT_ATTR_PROTO_MIN,
4603 ofn->range.proto.min);
4604 if (ofn->range.proto.max &&
4605 ofn->range.proto.max > ofn->range.proto.min) {
4606 nl_msg_put_u16(ctx->odp_actions, OVS_NAT_ATTR_PROTO_MAX,
4607 ofn->range.proto.max);
4608 }
4609 }
4610 }
4611 nl_msg_end_nested(ctx->odp_actions, nat_offset);
4612}
4613
07659514
JS		 4614static void
4615compose_conntrack_action(struct xlate_ctx *ctx, struct ofpact_conntrack *ofc)
4616{
9daf2348 4617 ovs_u128 old_ct_label = ctx->base_flow.ct_label;
f2d105b5 4618 ovs_u128 old_ct_label_mask = ctx->wc->masks.ct_label;
8e53fe8c 4619 uint32_t old_ct_mark = ctx->base_flow.ct_mark;
f2d105b5 4620 uint32_t old_ct_mark_mask = ctx->wc->masks.ct_mark;
07659514
JS		 4621 size_t ct_offset;
4622 uint16_t zone;
4623
4624 /* Ensure that any prior actions are applied before composing the new
4625 * conntrack action. */
4626 xlate_commit_actions(ctx);
4627
8e53fe8c 4628 /* Process nested actions first, to populate the key. */
9ac0aada 4629 ctx->ct_nat_action = NULL;
f2d105b5
JS		 4630 ctx->wc->masks.ct_mark = 0;
4631 ctx->wc->masks.ct_label.u64.hi = ctx->wc->masks.ct_label.u64.lo = 0;
8e53fe8c
JS		 4632 do_xlate_actions(ofc->actions, ofpact_ct_get_action_len(ofc), ctx);
4633
07659514
JS		 4634 if (ofc->zone_src.field) {
4635 zone = mf_get_subfield(&ofc->zone_src, &ctx->xin->flow);
4636 } else {
4637 zone = ofc->zone_imm;
4638 }
4639
4640 ct_offset = nl_msg_start_nested(ctx->odp_actions, OVS_ACTION_ATTR_CT);
4641 if (ofc->flags & NX_CT_F_COMMIT) {
4642 nl_msg_put_flag(ctx->odp_actions, OVS_CT_ATTR_COMMIT);
4643 }
4644 nl_msg_put_u16(ctx->odp_actions, OVS_CT_ATTR_ZONE, zone);
f2d105b5
JS		 4645 put_ct_mark(&ctx->xin->flow, ctx->odp_actions, ctx->wc);
4646 put_ct_label(&ctx->xin->flow, ctx->odp_actions, ctx->wc);
d787ad39 4647 put_ct_helper(ctx->odp_actions, ofc);
9ac0aada
JR		 4648 put_ct_nat(ctx);
4649 ctx->ct_nat_action = NULL;
07659514
JS		 4650 nl_msg_end_nested(ctx->odp_actions, ct_offset);
4651
8e53fe8c
JS		 4652 /* Restore the original ct fields in the key. These should only be exposed
4653 * after recirculation to another table. */
4654 ctx->base_flow.ct_mark = old_ct_mark;
f2d105b5 4655 ctx->wc->masks.ct_mark = old_ct_mark_mask;
9daf2348 4656 ctx->base_flow.ct_label = old_ct_label;
f2d105b5 4657 ctx->wc->masks.ct_label = old_ct_label_mask;
8e53fe8c 4658
07659514
JS		 4659 if (ofc->recirc_table == NX_CT_RECIRC_NONE) {
4660 /* If we do not recirculate as part of this action, hide the results of
4661 * connection tracking from subsequent recirculations. */
4662 ctx->conntracked = false;
4663 } else {
4664 /* Use ct_* fields from datapath during recirculation upcall. */
4665 ctx->conntracked = true;
e37b8437 4666 compose_recirculate_and_fork(ctx, ofc->recirc_table);
07659514
JS		 4667 }
4668}
4669
e12ec36b
SH		 4670static void
4671recirc_for_mpls(const struct ofpact *a, struct xlate_ctx *ctx)
4672{
4673 /* No need to recirculate if already exiting. */
4674 if (ctx->exit) {
4675 return;
4676 }
4677
4678 /* Do not consider recirculating unless the packet was previously MPLS. */
4679 if (!ctx->was_mpls) {
4680 return;
4681 }
4682
4683 /* Special case these actions, only recirculating if necessary.
4684 * This avoids the overhead of recirculation in common use-cases.
4685 */
4686 switch (a->type) {
4687
4688 /* Output actions do not require recirculation. */
4689 case OFPACT_OUTPUT:
aaca4fe0 4690 case OFPACT_OUTPUT_TRUNC:
e12ec36b
SH		 4691 case OFPACT_ENQUEUE:
4692 case OFPACT_OUTPUT_REG:
4693 /* Set actions that don't touch L3+ fields do not require recirculation. */
4694 case OFPACT_SET_VLAN_VID:
4695 case OFPACT_SET_VLAN_PCP:
4696 case OFPACT_SET_ETH_SRC:
4697 case OFPACT_SET_ETH_DST:
4698 case OFPACT_SET_TUNNEL:
4699 case OFPACT_SET_QUEUE:
4700 /* If actions of a group require recirculation that can be detected
4701 * when translating them. */
4702 case OFPACT_GROUP:
4703 return;
4704
4705 /* Set field that don't touch L3+ fields don't require recirculation. */
4706 case OFPACT_SET_FIELD:
4707 if (mf_is_l3_or_higher(ofpact_get_SET_FIELD(a)->field)) {
4708 break;
4709 }
4710 return;
4711
4712 /* For simplicity, recirculate in all other cases. */
4713 case OFPACT_CONTROLLER:
4714 case OFPACT_BUNDLE:
4715 case OFPACT_STRIP_VLAN:
4716 case OFPACT_PUSH_VLAN:
4717 case OFPACT_SET_IPV4_SRC:
4718 case OFPACT_SET_IPV4_DST:
4719 case OFPACT_SET_IP_DSCP:
4720 case OFPACT_SET_IP_ECN:
4721 case OFPACT_SET_IP_TTL:
4722 case OFPACT_SET_L4_SRC_PORT:
4723 case OFPACT_SET_L4_DST_PORT:
4724 case OFPACT_REG_MOVE:
4725 case OFPACT_STACK_PUSH:
4726 case OFPACT_STACK_POP:
4727 case OFPACT_DEC_TTL:
4728 case OFPACT_SET_MPLS_LABEL:
4729 case OFPACT_SET_MPLS_TC:
4730 case OFPACT_SET_MPLS_TTL:
4731 case OFPACT_DEC_MPLS_TTL:
4732 case OFPACT_PUSH_MPLS:
4733 case OFPACT_POP_MPLS:
4734 case OFPACT_POP_QUEUE:
4735 case OFPACT_FIN_TIMEOUT:
4736 case OFPACT_RESUBMIT:
4737 case OFPACT_LEARN:
4738 case OFPACT_CONJUNCTION:
4739 case OFPACT_MULTIPATH:
4740 case OFPACT_NOTE:
4741 case OFPACT_EXIT:
4742 case OFPACT_SAMPLE:
7ae62a67 4743 case OFPACT_CLONE:
e12ec36b
SH		 4744 case OFPACT_UNROLL_XLATE:
4745 case OFPACT_CT:
4746 case OFPACT_NAT:
4747 case OFPACT_DEBUG_RECIRC:
4748 case OFPACT_METER:
4749 case OFPACT_CLEAR_ACTIONS:
4750 case OFPACT_WRITE_ACTIONS:
4751 case OFPACT_WRITE_METADATA:
4752 case OFPACT_GOTO_TABLE:
4753 default:
4754 break;
4755 }
4756
4757 /* Recirculate */
4758 ctx_trigger_freeze(ctx);
4759}
4760
9583bc14
EJ		 4761static void
4762do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len,
4763 struct xlate_ctx *ctx)
4764{
49a73e0c 4765 struct flow_wildcards *wc = ctx->wc;
33bf9176 4766 struct flow *flow = &ctx->xin->flow;
9583bc14
EJ		 4767 const struct ofpact *a;
4768
a36de779 4769 if (ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) {
53902038 4770 tnl_neigh_snoop(flow, wc, ctx->xbridge->name);
a36de779 4771 }
f47ea021
JR		 4772 /* dl_type already in the mask, not set below. */
4773
9583bc14
EJ		 4774 OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) {
4775 struct ofpact_controller *controller;
4776 const struct ofpact_metadata *metadata;
b2dd70be
JR		 4777 const struct ofpact_set_field *set_field;
4778 const struct mf_field *mf;
9583bc14 4779
fff1b9c0
JR		 4780 if (ctx->error) {
4781 break;
4782 }
4783
e12ec36b
SH		 4784 recirc_for_mpls(a, ctx);
4785
e672ff9b
JR		 4786 if (ctx->exit) {
4787 /* Check if need to store the remaining actions for later
4788 * execution. */
1d361a81
BP		 4789 if (ctx->freezing) {
4790 freeze_unroll_actions(a, ofpact_end(ofpacts, ofpacts_len),
e672ff9b
JR		 4791 ctx);
4792 }
4793 break;
7bbdd84f
SH		 4794 }
4795
9583bc14
EJ		 4796 switch (a->type) {
4797 case OFPACT_OUTPUT:
4798 xlate_output_action(ctx, ofpact_get_OUTPUT(a)->port,
4799 ofpact_get_OUTPUT(a)->max_len, true);
4800 break;
4801
7395c052 4802 case OFPACT_GROUP:
f4fb341b 4803 if (xlate_group_action(ctx, ofpact_get_GROUP(a)->group_id)) {
1d741d6d 4804 /* Group could not be found. */
db88b35c
JR		 4805
4806 /* XXX: Terminates action list translation, but does not
4807 * terminate the pipeline. */
f4fb341b
SH		 4808 return;
4809 }
7395c052
NZ		 4810 break;
4811
9583bc14
EJ		 4812 case OFPACT_CONTROLLER:
4813 controller = ofpact_get_CONTROLLER(a);
77ab5fd2
BP		 4814 if (controller->pause) {
4815 ctx->pause = controller;
4816 ctx->xout->slow |= SLOW_CONTROLLER;
4817 ctx_trigger_freeze(ctx);
4818 a = ofpact_next(a);
4819 } else {
4820 execute_controller_action(ctx, controller->max_len,
4821 controller->reason,
4822 controller->controller_id,
4823 controller->userdata,
4824 controller->userdata_len);
4825 }
9583bc14
EJ		 4826 break;
4827
4828 case OFPACT_ENQUEUE:
16194afd
DDP		 4829 memset(&wc->masks.skb_priority, 0xff,
4830 sizeof wc->masks.skb_priority);
9583bc14
EJ		 4831 xlate_enqueue_action(ctx, ofpact_get_ENQUEUE(a));
4832 break;
4833
4834 case OFPACT_SET_VLAN_VID:
f74e7df7 4835 wc->masks.vlan_tci |= htons(VLAN_VID_MASK | VLAN_CFI);
ca287d20
JR		 4836 if (flow->vlan_tci & htons(VLAN_CFI) ||
4837 ofpact_get_SET_VLAN_VID(a)->push_vlan_if_needed) {
4838 flow->vlan_tci &= ~htons(VLAN_VID_MASK);
4839 flow->vlan_tci |= (htons(ofpact_get_SET_VLAN_VID(a)->vlan_vid)
4840 | htons(VLAN_CFI));
4841 }
9583bc14
EJ		 4842 break;
4843
4844 case OFPACT_SET_VLAN_PCP:
f74e7df7 4845 wc->masks.vlan_tci |= htons(VLAN_PCP_MASK | VLAN_CFI);
ca287d20
JR		 4846 if (flow->vlan_tci & htons(VLAN_CFI) ||
4847 ofpact_get_SET_VLAN_PCP(a)->push_vlan_if_needed) {
4848 flow->vlan_tci &= ~htons(VLAN_PCP_MASK);
4849 flow->vlan_tci |= htons((ofpact_get_SET_VLAN_PCP(a)->vlan_pcp
4850 << VLAN_PCP_SHIFT) | VLAN_CFI);
4851 }
9583bc14
EJ		 4852 break;
4853
4854 case OFPACT_STRIP_VLAN:
f74e7df7 4855 memset(&wc->masks.vlan_tci, 0xff, sizeof wc->masks.vlan_tci);
33bf9176 4856 flow->vlan_tci = htons(0);
9583bc14
EJ		 4857 break;
4858
4859 case OFPACT_PUSH_VLAN:
4860 /* XXX 802.1AD(QinQ) */
f74e7df7 4861 memset(&wc->masks.vlan_tci, 0xff, sizeof wc->masks.vlan_tci);
33bf9176 4862 flow->vlan_tci = htons(VLAN_CFI);
9583bc14
EJ		 4863 break;
4864
4865 case OFPACT_SET_ETH_SRC:
74ff3298
JR		 4866 WC_MASK_FIELD(wc, dl_src);
4867 flow->dl_src = ofpact_get_SET_ETH_SRC(a)->mac;
9583bc14
EJ		 4868 break;
4869
4870 case OFPACT_SET_ETH_DST:
74ff3298
JR		 4871 WC_MASK_FIELD(wc, dl_dst);
4872 flow->dl_dst = ofpact_get_SET_ETH_DST(a)->mac;
9583bc14
EJ		 4873 break;
4874
4875 case OFPACT_SET_IPV4_SRC:
33bf9176 4876 if (flow->dl_type == htons(ETH_TYPE_IP)) {
f47ea021 4877 memset(&wc->masks.nw_src, 0xff, sizeof wc->masks.nw_src);
33bf9176 4878 flow->nw_src = ofpact_get_SET_IPV4_SRC(a)->ipv4;
9583bc14
EJ		 4879 }
4880 break;
4881
4882 case OFPACT_SET_IPV4_DST:
33bf9176 4883 if (flow->dl_type == htons(ETH_TYPE_IP)) {
f47ea021 4884 memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst);
33bf9176 4885 flow->nw_dst = ofpact_get_SET_IPV4_DST(a)->ipv4;
9583bc14
EJ		 4886 }
4887 break;
4888
04f01c24
BP		 4889 case OFPACT_SET_IP_DSCP:
4890 if (is_ip_any(flow)) {
f47ea021 4891 wc->masks.nw_tos |= IP_DSCP_MASK;
33bf9176 4892 flow->nw_tos &= ~IP_DSCP_MASK;
04f01c24 4893 flow->nw_tos |= ofpact_get_SET_IP_DSCP(a)->dscp;
9583bc14
EJ		 4894 }
4895 break;
4896
ff14eb7a
JR		 4897 case OFPACT_SET_IP_ECN:
4898 if (is_ip_any(flow)) {
4899 wc->masks.nw_tos |= IP_ECN_MASK;
4900 flow->nw_tos &= ~IP_ECN_MASK;
4901 flow->nw_tos |= ofpact_get_SET_IP_ECN(a)->ecn;
4902 }
4903 break;
4904
0c20dbe4
JR		 4905 case OFPACT_SET_IP_TTL:
4906 if (is_ip_any(flow)) {
4907 wc->masks.nw_ttl = 0xff;
4908 flow->nw_ttl = ofpact_get_SET_IP_TTL(a)->ttl;
4909 }
4910 break;
4911
9583bc14 4912 case OFPACT_SET_L4_SRC_PORT:
b8778a0d 4913 if (is_ip_any(flow) && !(flow->nw_frag & FLOW_NW_FRAG_LATER)) {
f47ea021
JR		 4914 memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
4915 memset(&wc->masks.tp_src, 0xff, sizeof wc->masks.tp_src);
33bf9176 4916 flow->tp_src = htons(ofpact_get_SET_L4_SRC_PORT(a)->port);
9583bc14
EJ		 4917 }
4918 break;
4919
4920 case OFPACT_SET_L4_DST_PORT:
b8778a0d 4921 if (is_ip_any(flow) && !(flow->nw_frag & FLOW_NW_FRAG_LATER)) {
f47ea021
JR		 4922 memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
4923 memset(&wc->masks.tp_dst, 0xff, sizeof wc->masks.tp_dst);
33bf9176 4924 flow->tp_dst = htons(ofpact_get_SET_L4_DST_PORT(a)->port);
9583bc14
EJ		 4925 }
4926 break;
4927
4928 case OFPACT_RESUBMIT:
8bf009bf
JR		 4929 /* Freezing complicates resubmit. Some action in the flow
4930 * entry found by resubmit might trigger freezing. If that
4931 * happens, then we do not want to execute the resubmit again after
4932 * during thawing, so we want to skip back to the head of the loop
4933 * to avoid that, only adding any actions that follow the resubmit
4934 * to the frozen actions.
6b1c5734 4935 */
9583bc14 4936 xlate_ofpact_resubmit(ctx, ofpact_get_RESUBMIT(a));
6b1c5734 4937 continue;
9583bc14
EJ		 4938
4939 case OFPACT_SET_TUNNEL:
33bf9176 4940 flow->tunnel.tun_id = htonll(ofpact_get_SET_TUNNEL(a)->tun_id);
9583bc14
EJ		 4941 break;
4942
4943 case OFPACT_SET_QUEUE:
16194afd
DDP		 4944 memset(&wc->masks.skb_priority, 0xff,
4945 sizeof wc->masks.skb_priority);
9583bc14
EJ		 4946 xlate_set_queue_action(ctx, ofpact_get_SET_QUEUE(a)->queue_id);
4947 break;
4948
4949 case OFPACT_POP_QUEUE:
16194afd
DDP		 4950 memset(&wc->masks.skb_priority, 0xff,
4951 sizeof wc->masks.skb_priority);
33bf9176 4952 flow->skb_priority = ctx->orig_skb_priority;
9583bc14
EJ		 4953 break;
4954
4955 case OFPACT_REG_MOVE:
67842eba
BP		 4956 mf_subfield_copy(&ofpact_get_REG_MOVE(a)->src,
4957 &ofpact_get_REG_MOVE(a)->dst, flow, wc);
9583bc14
EJ		 4958 break;
4959
b2dd70be
JR		 4960 case OFPACT_SET_FIELD:
4961 set_field = ofpact_get_SET_FIELD(a);
4962 mf = set_field->field;
b2dd70be 4963
aff49b8c
JR		 4964 /* Set the field only if the packet actually has it. */
4965 if (mf_are_prereqs_ok(mf, flow, wc)) {
128684a6
JR		 4966 mf_mask_field_masked(mf, ofpact_set_field_mask(set_field), wc);
4967 mf_set_flow_value_masked(mf, set_field->value,
4968 ofpact_set_field_mask(set_field),
4969 flow);
b8778a0d 4970 }
b2dd70be
JR		 4971 break;
4972
9583bc14 4973 case OFPACT_STACK_PUSH:
33bf9176
BP		 4974 nxm_execute_stack_push(ofpact_get_STACK_PUSH(a), flow, wc,
4975 &ctx->stack);
9583bc14
EJ		 4976 break;
4977
4978 case OFPACT_STACK_POP:
f74e7df7
JP		 4979 nxm_execute_stack_pop(ofpact_get_STACK_POP(a), flow, wc,
4980 &ctx->stack);
9583bc14
EJ		 4981 break;
4982
4983 case OFPACT_PUSH_MPLS:
8bfd0fda 4984 compose_mpls_push_action(ctx, ofpact_get_PUSH_MPLS(a));
9583bc14
EJ		 4985 break;
4986
4987 case OFPACT_POP_MPLS:
8bfd0fda 4988 compose_mpls_pop_action(ctx, ofpact_get_POP_MPLS(a)->ethertype);
9583bc14
EJ		 4989 break;
4990
097d4939 4991 case OFPACT_SET_MPLS_LABEL:
8bfd0fda
BP		 4992 compose_set_mpls_label_action(
4993 ctx, ofpact_get_SET_MPLS_LABEL(a)->label);
1d741d6d 4994 break;
097d4939
JR		 4995
4996 case OFPACT_SET_MPLS_TC:
8bfd0fda 4997 compose_set_mpls_tc_action(ctx, ofpact_get_SET_MPLS_TC(a)->tc);
097d4939
JR		 4998 break;
4999
9583bc14 5000 case OFPACT_SET_MPLS_TTL:
8bfd0fda 5001 compose_set_mpls_ttl_action(ctx, ofpact_get_SET_MPLS_TTL(a)->ttl);
9583bc14
EJ		 5002 break;
5003
5004 case OFPACT_DEC_MPLS_TTL:
9cfef3d0 5005 if (compose_dec_mpls_ttl_action(ctx)) {
ad3efdcb 5006 return;
9583bc14
EJ		 5007 }
5008 break;
5009
5010 case OFPACT_DEC_TTL:
f74e7df7 5011 wc->masks.nw_ttl = 0xff;
9583bc14 5012 if (compose_dec_ttl(ctx, ofpact_get_DEC_TTL(a))) {
ad3efdcb 5013 return;
9583bc14
EJ		 5014 }
5015 break;
5016
5017 case OFPACT_NOTE:
5018 /* Nothing to do. */
5019 break;
5020
5021 case OFPACT_MULTIPATH:
33bf9176 5022 multipath_execute(ofpact_get_MULTIPATH(a), flow, wc);
9583bc14
EJ		 5023 break;
5024
5025 case OFPACT_BUNDLE:
9583bc14
EJ		 5026 xlate_bundle_action(ctx, ofpact_get_BUNDLE(a));
5027 break;
5028
5029 case OFPACT_OUTPUT_REG:
5030 xlate_output_reg_action(ctx, ofpact_get_OUTPUT_REG(a));
5031 break;
5032
aaca4fe0
WT		 5033 case OFPACT_OUTPUT_TRUNC:
5034 xlate_output_trunc_action(ctx, ofpact_get_OUTPUT_TRUNC(a)->port,
5035 ofpact_get_OUTPUT_TRUNC(a)->max_len);
5036 break;
5037
9583bc14
EJ		 5038 case OFPACT_LEARN:
5039 xlate_learn_action(ctx, ofpact_get_LEARN(a));
5040 break;
5041
afc3987b
BP		 5042 case OFPACT_CONJUNCTION: {
5043 /* A flow with a "conjunction" action represents part of a special
5044 * kind of "set membership match". Such a flow should not actually
5045 * get executed, but it could via, say, a "packet-out", even though
5046 * that wouldn't be useful. Log it to help debugging. */
5047 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
5048 VLOG_INFO_RL(&rl, "executing no-op conjunction action");
18080541 5049 break;
afc3987b 5050 }
18080541 5051
9583bc14
EJ		 5052 case OFPACT_EXIT:
5053 ctx->exit = true;
5054 break;
5055
e672ff9b
JR		 5056 case OFPACT_UNROLL_XLATE: {
5057 struct ofpact_unroll_xlate *unroll = ofpact_get_UNROLL_XLATE(a);
5058
5059 /* Restore translation context data that was stored earlier. */
5060 ctx->table_id = unroll->rule_table_id;
5061 ctx->rule_cookie = unroll->rule_cookie;
5062 break;
5063 }
9583bc14 5064 case OFPACT_FIN_TIMEOUT:
33bf9176 5065 memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
9583bc14
EJ		 5066 xlate_fin_timeout(ctx, ofpact_get_FIN_TIMEOUT(a));
5067 break;
5068
5069 case OFPACT_CLEAR_ACTIONS:
7fdb60a7 5070 ofpbuf_clear(&ctx->action_set);
c61f3870
BP		 5071 ctx->xin->flow.actset_output = OFPP_UNSET;
5072 ctx->action_set_has_group = false;
7fdb60a7
SH		 5073 break;
5074
5075 case OFPACT_WRITE_ACTIONS:
7e7e8dbb 5076 xlate_write_actions(ctx, ofpact_get_WRITE_ACTIONS(a));
9583bc14
EJ		 5077 break;
5078
5079 case OFPACT_WRITE_METADATA:
5080 metadata = ofpact_get_WRITE_METADATA(a);
33bf9176
BP		 5081 flow->metadata &= ~metadata->mask;
5082 flow->metadata |= metadata->metadata & metadata->mask;
9583bc14
EJ		 5083 break;
5084
638a19b0
JR		 5085 case OFPACT_METER:
5086 /* Not implemented yet. */
5087 break;
5088
9583bc14 5089 case OFPACT_GOTO_TABLE: {
9583bc14 5090 struct ofpact_goto_table *ogt = ofpact_get_GOTO_TABLE(a);
9583bc14 5091
9167fc1a
JR		 5092 ovs_assert(ctx->table_id < ogt->table_id);
5093
4468099e 5094 xlate_table_action(ctx, ctx->xin->flow.in_port.ofp_port,
6d328fa2 5095 ogt->table_id, true, true);
9583bc14
EJ		 5096 break;
5097 }
5098
5099 case OFPACT_SAMPLE:
5100 xlate_sample_action(ctx, ofpact_get_SAMPLE(a));
5101 break;
d4abaff5 5102
7ae62a67
WT		 5103 case OFPACT_CLONE:
5104 compose_clone_action(ctx, ofpact_get_CLONE(a));
5105 break;
5106
07659514 5107 case OFPACT_CT:
07659514
JS		 5108 compose_conntrack_action(ctx, ofpact_get_CT(a));
5109 break;
5110
9ac0aada
JR		 5111 case OFPACT_NAT:
5112 /* This will be processed by compose_conntrack_action(). */
5113 ctx->ct_nat_action = ofpact_get_NAT(a);
5114 break;
5115
d4abaff5 5116 case OFPACT_DEBUG_RECIRC:
1d361a81 5117 ctx_trigger_freeze(ctx);
d4abaff5
BP		 5118 a = ofpact_next(a);
5119 break;
9583bc14 5120 }
1d741d6d
JR		 5121
5122 /* Check if need to store this and the remaining actions for later
5123 * execution. */
1d361a81
BP		 5124 if (!ctx->error && ctx->exit && ctx_first_frozen_action(ctx)) {
5125 freeze_unroll_actions(a, ofpact_end(ofpacts, ofpacts_len), ctx);
1d741d6d
JR		 5126 break;
5127 }
9583bc14 5128 }
9583bc14
EJ		 5129}
5130
5131void
5132xlate_in_init(struct xlate_in *xin, struct ofproto_dpif *ofproto,
1f4a8933
JR		 5133 ovs_version_t version, const struct flow *flow,
5134 ofp_port_t in_port, struct rule_dpif *rule, uint16_t tcp_flags,
1520ef4f
BP		 5135 const struct dp_packet *packet, struct flow_wildcards *wc,
5136 struct ofpbuf *odp_actions)
9583bc14
EJ		 5137{
5138 xin->ofproto = ofproto;
1f4a8933 5139 xin->tables_version = version;
9583bc14 5140 xin->flow = *flow;
8d8ab6c2 5141 xin->upcall_flow = flow;
cc377352 5142 xin->flow.in_port.ofp_port = in_port;
c61f3870 5143 xin->flow.actset_output = OFPP_UNSET;
9583bc14 5144 xin->packet = packet;
df70a773 5145 xin->allow_side_effects = packet != NULL;
9583bc14 5146 xin->rule = rule;
b256dc52 5147 xin->xcache = NULL;
9583bc14
EJ		 5148 xin->ofpacts = NULL;
5149 xin->ofpacts_len = 0;
5150 xin->tcp_flags = tcp_flags;
5151 xin->resubmit_hook = NULL;
5152 xin->report_hook = NULL;
5153 xin->resubmit_stats = NULL;
9a9b001a 5154 xin->indentation = 0;
790c5d26 5155 xin->depth = 0;
cdd42eda 5156 xin->resubmits = 0;
49a73e0c 5157 xin->wc = wc;
1520ef4f 5158 xin->odp_actions = odp_actions;
e672ff9b
JR		 5159
5160 /* Do recirc lookup. */
1d361a81 5161 xin->frozen_state = NULL;
29b1ea3f
BP		 5162 if (flow->recirc_id) {
5163 const struct recirc_id_node *node
5164 = recirc_id_node_find(flow->recirc_id);
5165 if (node) {
1d361a81 5166 xin->frozen_state = &node->state;
29b1ea3f
BP		 5167 }
5168 }
9583bc14
EJ		 5169}
5170
5171void
5172xlate_out_uninit(struct xlate_out *xout)
5173{
e672ff9b 5174 if (xout) {
fbf5d6ec 5175 recirc_refs_unref(&xout->recircs);
9583bc14
EJ		 5176 }
5177}
9583bc14 5178\f
55954f6e
EJ		 5179static struct skb_priority_to_dscp *
5180get_skb_priority(const struct xport *xport, uint32_t skb_priority)
5181{
5182 struct skb_priority_to_dscp *pdscp;
5183 uint32_t hash;
5184
5185 hash = hash_int(skb_priority, 0);
5186 HMAP_FOR_EACH_IN_BUCKET (pdscp, hmap_node, hash, &xport->skb_priorities) {
5187 if (pdscp->skb_priority == skb_priority) {
5188 return pdscp;
5189 }
5190 }
5191 return NULL;
5192}
5193
5194static bool
5195dscp_from_skb_priority(const struct xport *xport, uint32_t skb_priority,
5196 uint8_t *dscp)
5197{
5198 struct skb_priority_to_dscp *pdscp = get_skb_priority(xport, skb_priority);
5199 *dscp = pdscp ? pdscp->dscp : 0;
5200 return pdscp != NULL;
5201}
5202
16194afd
DDP		 5203static size_t
5204count_skb_priorities(const struct xport *xport)
5205{
5206 return hmap_count(&xport->skb_priorities);
5207}
5208
55954f6e
EJ		 5209static void
5210clear_skb_priorities(struct xport *xport)
5211{
4ec3d7c7 5212 struct skb_priority_to_dscp *pdscp;
55954f6e 5213
4ec3d7c7 5214 HMAP_FOR_EACH_POP (pdscp, hmap_node, &xport->skb_priorities) {
55954f6e
EJ		 5215 free(pdscp);
5216 }
5217}
5218
ce4a6b76
BP		 5219static bool
5220actions_output_to_local_port(const struct xlate_ctx *ctx)
5221{
46c88433 5222 odp_port_t local_odp_port = ofp_port_to_odp_port(ctx->xbridge, OFPP_LOCAL);
ce4a6b76
BP		 5223 const struct nlattr *a;
5224 unsigned int left;
5225
1520ef4f
BP		 5226 NL_ATTR_FOR_EACH_UNSAFE (a, left, ctx->odp_actions->data,
5227 ctx->odp_actions->size) {
ce4a6b76
BP		 5228 if (nl_attr_type(a) == OVS_ACTION_ATTR_OUTPUT
5229 && nl_attr_get_odp_port(a) == local_odp_port) {
5230 return true;
5231 }
5232 }
5233 return false;
5234}
9583bc14 5235
5e2a6702 5236#if defined(__linux__)
7d031d7e
BP		 5237/* Returns the maximum number of packets that the Linux kernel is willing to
5238 * queue up internally to certain kinds of software-implemented ports, or the
5239 * default (and rarely modified) value if it cannot be determined. */
5240static int
5241netdev_max_backlog(void)
5242{
5243 static struct ovsthread_once once = OVSTHREAD_ONCE_INITIALIZER;
5244 static int max_backlog = 1000; /* The normal default value. */
5245
5246 if (ovsthread_once_start(&once)) {
5247 static const char filename[] = "/proc/sys/net/core/netdev_max_backlog";
5248 FILE *stream;
5249 int n;
5250
5251 stream = fopen(filename, "r");
5252 if (!stream) {
120c348f 5253 VLOG_INFO("%s: open failed (%s)", filename, ovs_strerror(errno));
7d031d7e
BP		 5254 } else {
5255 if (fscanf(stream, "%d", &n) != 1) {
5256 VLOG_WARN("%s: read error", filename);
5257 } else if (n <= 100) {
5258 VLOG_WARN("%s: unexpectedly small value %d", filename, n);
5259 } else {
5260 max_backlog = n;
5261 }
5262 fclose(stream);
5263 }
5264 ovsthread_once_done(&once);
5265
5266 VLOG_DBG("%s: using %d max_backlog", filename, max_backlog);
5267 }
5268
5269 return max_backlog;
5270}
5271
5272/* Counts and returns the number of OVS_ACTION_ATTR_OUTPUT actions in
5273 * 'odp_actions'. */
5274static int
5275count_output_actions(const struct ofpbuf *odp_actions)
5276{
5277 const struct nlattr *a;
5278 size_t left;
5279 int n = 0;
5280
6fd6ed71 5281 NL_ATTR_FOR_EACH_UNSAFE (a, left, odp_actions->data, odp_actions->size) {
7d031d7e
BP		 5282 if (a->nla_type == OVS_ACTION_ATTR_OUTPUT) {
5283 n++;
5284 }
5285 }
5286 return n;
5287}
5e2a6702 5288#endif /* defined(__linux__) */
7d031d7e
BP		 5289
5290/* Returns true if 'odp_actions' contains more output actions than the datapath
5291 * can reliably handle in one go. On Linux, this is the value of the
5292 * net.core.netdev_max_backlog sysctl, which limits the maximum number of
5293 * packets that the kernel is willing to queue up for processing while the
5294 * datapath is processing a set of actions. */
5295static bool
5e2a6702 5296too_many_output_actions(const struct ofpbuf *odp_actions OVS_UNUSED)
7d031d7e
BP		 5297{
5298#ifdef __linux__
6fd6ed71 5299 return (odp_actions->size / NL_A_U32_SIZE > netdev_max_backlog()
7d031d7e
BP		 5300 && count_output_actions(odp_actions) > netdev_max_backlog());
5301#else
5302 /* OSes other than Linux might have similar limits, but we don't know how
5303 * to determine them.*/
5304 return false;
5305#endif
5306}
5307
234c3da9
BP		 5308static void
5309xlate_wc_init(struct xlate_ctx *ctx)
5310{
5311 flow_wildcards_init_catchall(ctx->wc);
5312
5313 /* Some fields we consider to always be examined. */
5e2e998a
JR		 5314 WC_MASK_FIELD(ctx->wc, in_port);
5315 WC_MASK_FIELD(ctx->wc, dl_type);
234c3da9 5316 if (is_ip_any(&ctx->xin->flow)) {
5e2e998a 5317 WC_MASK_FIELD_MASK(ctx->wc, nw_frag, FLOW_NW_FRAG_MASK);
234c3da9
BP		 5318 }
5319
5320 if (ctx->xbridge->support.odp.recirc) {
5321 /* Always exactly match recirc_id when datapath supports
5322 * recirculation. */
5e2e998a 5323 WC_MASK_FIELD(ctx->wc, recirc_id);
234c3da9
BP		 5324 }
5325
5326 if (ctx->xbridge->netflow) {
5327 netflow_mask_wc(&ctx->xin->flow, ctx->wc);
5328 }
5329
5330 tnl_wc_init(&ctx->xin->flow, ctx->wc);
5331}
5332
5333static void
5334xlate_wc_finish(struct xlate_ctx *ctx)
5335{
5336 /* Clear the metadata and register wildcard masks, because we won't
5337 * use non-header fields as part of the cache. */
5338 flow_wildcards_clear_non_packet_fields(ctx->wc);
5339
5340 /* ICMPv4 and ICMPv6 have 8-bit "type" and "code" fields. struct flow
5341 * uses the low 8 bits of the 16-bit tp_src and tp_dst members to
5342 * represent these fields. The datapath interface, on the other hand,
5343 * represents them with just 8 bits each. This means that if the high
5344 * 8 bits of the masks for these fields somehow become set, then they
5345 * will get chopped off by a round trip through the datapath, and
5346 * revalidation will spot that as an inconsistency and delete the flow.
5347 * Avoid the problem here by making sure that only the low 8 bits of
5348 * either field can be unwildcarded for ICMP.
5349 */
a75636c8 5350 if (is_icmpv4(&ctx->xin->flow, NULL) || is_icmpv6(&ctx->xin->flow, NULL)) {
234c3da9
BP		 5351 ctx->wc->masks.tp_src &= htons(UINT8_MAX);
5352 ctx->wc->masks.tp_dst &= htons(UINT8_MAX);
5353 }
5354 /* VLAN_TCI CFI bit must be matched if any of the TCI is matched. */
5355 if (ctx->wc->masks.vlan_tci) {
5356 ctx->wc->masks.vlan_tci |= htons(VLAN_CFI);
5357 }
4a7ab326
DDP		 5358
5359 /* The classifier might return masks that match on tp_src and tp_dst even
5360 * for later fragments. This happens because there might be flows that
5361 * match on tp_src or tp_dst without matching on the frag bits, because
5362 * it is not a prerequisite for OpenFlow. Since it is a prerequisite for
5363 * datapath flows and since tp_src and tp_dst are always going to be 0,
5364 * wildcard the fields here. */
5365 if (ctx->xin->flow.nw_frag & FLOW_NW_FRAG_LATER) {
5366 ctx->wc->masks.tp_src = 0;
5367 ctx->wc->masks.tp_dst = 0;
5368 }
234c3da9
BP		 5369}
5370
e672ff9b
JR		 5371/* Translates the flow, actions, or rule in 'xin' into datapath actions in
5372 * 'xout'.
56450a41 5373 * The caller must take responsibility for eventually freeing 'xout', with
fff1b9c0
JR		 5374 * xlate_out_uninit().
5375 * Returns 'XLATE_OK' if translation was successful. In case of an error an
5376 * empty set of actions will be returned in 'xin->odp_actions' (if non-NULL),
5377 * so that most callers may ignore the return value and transparently install a
5378 * drop flow when the translation fails. */
5379enum xlate_error
84f0f298 5380xlate_actions(struct xlate_in *xin, struct xlate_out *xout)
9583bc14 5381{
e467ea42
BP		 5382 *xout = (struct xlate_out) {
5383 .slow = 0,
fbf5d6ec 5384 .recircs = RECIRC_REFS_EMPTY_INITIALIZER,
e467ea42
BP		 5385 };
5386
84f0f298 5387 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
bb00fdef
BP		 5388 struct xbridge *xbridge = xbridge_lookup(xcfg, xin->ofproto);
5389 if (!xbridge) {
fff1b9c0 5390 return XLATE_BRIDGE_NOT_FOUND;
bb00fdef
BP		 5391 }
5392
33bf9176
BP		 5393 struct flow *flow = &xin->flow;
5394
84cf3c1f 5395 uint8_t stack_stub[1024];
bb00fdef 5396 uint64_t action_set_stub[1024 / 8];
1d361a81 5397 uint64_t frozen_actions_stub[1024 / 8];
1520ef4f
BP		 5398 uint64_t actions_stub[256 / 8];
5399 struct ofpbuf scratch_actions = OFPBUF_STUB_INITIALIZER(actions_stub);
bb00fdef
BP		 5400 struct xlate_ctx ctx = {
5401 .xin = xin,
5402 .xout = xout,
5403 .base_flow = *flow,
c2b878e0 5404 .orig_tunnel_ipv6_dst = flow_tnl_dst(&flow->tunnel),
bb00fdef
BP		 5405 .xbridge = xbridge,
5406 .stack = OFPBUF_STUB_INITIALIZER(stack_stub),
5407 .rule = xin->rule,
c0e638aa
BP		 5408 .wc = (xin->wc
5409 ? xin->wc
f36efd90 5410 : &(struct flow_wildcards) { .masks = { .dl_type = 0 } }),
1520ef4f 5411 .odp_actions = xin->odp_actions ? xin->odp_actions : &scratch_actions,
bb00fdef 5412
9a9b001a 5413 .indentation = xin->indentation,
790c5d26 5414 .depth = xin->depth,
cdd42eda 5415 .resubmits = xin->resubmits,
bb00fdef
BP		 5416 .in_group = false,
5417 .in_action_set = false,
5418
5419 .table_id = 0,
5420 .rule_cookie = OVS_BE64_MAX,
5421 .orig_skb_priority = flow->skb_priority,
5422 .sflow_n_outputs = 0,
5423 .sflow_odp_port = 0,
2031ef97 5424 .nf_output_iface = NF_OUT_DROP,
bb00fdef 5425 .exit = false,
fff1b9c0 5426 .error = XLATE_OK,
3d6151f3 5427 .mirrors = 0,
bb00fdef 5428
1d361a81 5429 .freezing = false,
53cc166a 5430 .recirc_update_dp_hash = false,
1d361a81 5431 .frozen_actions = OFPBUF_STUB_INITIALIZER(frozen_actions_stub),
77ab5fd2 5432 .pause = NULL,
bb00fdef 5433
e12ec36b 5434 .was_mpls = false,
07659514 5435 .conntracked = false,
bb00fdef 5436
9ac0aada
JR		 5437 .ct_nat_action = NULL,
5438
bb00fdef
BP		 5439 .action_set_has_group = false,
5440 .action_set = OFPBUF_STUB_INITIALIZER(action_set_stub),
5441 };
865ca6cf
BP		 5442
5443 /* 'base_flow' reflects the packet as it came in, but we need it to reflect
42deb67d
PS		 5444 * the packet as the datapath will treat it for output actions. Our
5445 * datapath doesn't retain tunneling information without us re-setting
5446 * it, so clear the tunnel data.
865ca6cf 5447 */
42deb67d 5448
bb00fdef 5449 memset(&ctx.base_flow.tunnel, 0, sizeof ctx.base_flow.tunnel);
865ca6cf 5450
1520ef4f 5451 ofpbuf_reserve(ctx.odp_actions, NL_A_U32_SIZE);
c0e638aa 5452 xlate_wc_init(&ctx);
bb00fdef 5453
46c88433 5454 COVERAGE_INC(xlate_actions);
9583bc14 5455
1d361a81
BP		 5456 if (xin->frozen_state) {
5457 const struct frozen_state *state = xin->frozen_state;
e672ff9b 5458
1d361a81 5459 xlate_report(&ctx, "Thawing frozen state:");
d6bef3cc 5460
e672ff9b
JR		 5461 if (xin->ofpacts_len > 0 || ctx.rule) {
5462 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
d6bef3cc 5463 const char *conflict = xin->ofpacts_len ? "actions" : "rule";
e672ff9b 5464
d6bef3cc
BP		 5465 VLOG_WARN_RL(&rl, "Recirculation conflict (%s)!", conflict);
5466 xlate_report(&ctx, "- Recirculation conflict (%s)!", conflict);
fff1b9c0 5467 ctx.error = XLATE_RECIRCULATION_CONFLICT;
1520ef4f 5468 goto exit;
e672ff9b
JR		 5469 }
5470
5471 /* Set the bridge for post-recirculation processing if needed. */
07a3cd5c 5472 if (!uuid_equals(&ctx.xbridge->ofproto->uuid, &state->ofproto_uuid)) {
e672ff9b 5473 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2082425c 5474 const struct xbridge *new_bridge
290835f9 5475 = xbridge_lookup_by_uuid(xcfg, &state->ofproto_uuid);
e672ff9b
JR		 5476
5477 if (OVS_UNLIKELY(!new_bridge)) {
5478 /* Drop the packet if the bridge cannot be found. */
5479 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
1d361a81
BP		 5480 VLOG_WARN_RL(&rl, "Frozen bridge no longer exists.");
5481 xlate_report(&ctx, "- Frozen bridge no longer exists.");
fff1b9c0 5482 ctx.error = XLATE_BRIDGE_NOT_FOUND;
1520ef4f 5483 goto exit;
e672ff9b
JR		 5484 }
5485 ctx.xbridge = new_bridge;
1f4a8933
JR		 5486 /* The bridge is now known so obtain its table version. */
5487 ctx.xin->tables_version
5488 = ofproto_dpif_get_tables_version(ctx.xbridge->ofproto);
e672ff9b
JR		 5489 }
5490
1d361a81
BP		 5491 /* Set the thawed table id. Note: A table lookup is done only if there
5492 * are no frozen actions. */
2082425c 5493 ctx.table_id = state->table_id;
d6bef3cc 5494 xlate_report(&ctx, "- Resuming from table %"PRIu8, ctx.table_id);
e672ff9b 5495
07659514
JS		 5496 if (!state->conntracked) {
5497 clear_conntrack(flow);
5498 }
5499
e672ff9b 5500 /* Restore pipeline metadata. May change flow's in_port and other
1d361a81
BP		 5501 * metadata to the values that existed when freezing was triggered. */
5502 frozen_metadata_to_flow(&state->metadata, flow);
e672ff9b
JR		 5503
5504 /* Restore stack, if any. */
2082425c 5505 if (state->stack) {
84cf3c1f 5506 ofpbuf_put(&ctx.stack, state->stack, state->stack_size);
e672ff9b
JR		 5507 }
5508
29bae541
BP		 5509 /* Restore mirror state. */
5510 ctx.mirrors = state->mirrors;
5511
e672ff9b 5512 /* Restore action set, if any. */
2082425c 5513 if (state->action_set_len) {
d6bef3cc 5514 xlate_report_actions(&ctx, "- Restoring action set",
417509fa 5515 state->action_set, state->action_set_len);
d6bef3cc 5516
7e7e8dbb
BP		 5517 flow->actset_output = OFPP_UNSET;
5518 xlate_write_actions__(&ctx, state->action_set,
5519 state->action_set_len);
e672ff9b
JR		 5520 }
5521
1d361a81
BP		 5522 /* Restore frozen actions. If there are no actions, processing will
5523 * start with a lookup in the table set above. */
417509fa
BP		 5524 xin->ofpacts = state->ofpacts;
5525 xin->ofpacts_len = state->ofpacts_len;
5526 if (state->ofpacts_len) {
d6bef3cc
BP		 5527 xlate_report_actions(&ctx, "- Restoring actions",
5528 xin->ofpacts, xin->ofpacts_len);
e672ff9b
JR		 5529 }
5530 } else if (OVS_UNLIKELY(flow->recirc_id)) {
5531 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
5532
5533 VLOG_WARN_RL(&rl, "Recirculation context not found for ID %"PRIx32,
5534 flow->recirc_id);
fff1b9c0 5535 ctx.error = XLATE_NO_RECIRCULATION_CONTEXT;
1520ef4f 5536 goto exit;
e672ff9b 5537 }
9583bc14 5538
8d8ab6c2
JG		 5539 /* Tunnel metadata in udpif format must be normalized before translation. */
5540 if (flow->tunnel.flags & FLOW_TNL_F_UDPIF) {
5b09d9f7
MS		 5541 const struct tun_table *tun_tab = ofproto_get_tun_tab(
5542 &ctx.xbridge->ofproto->up);
8d8ab6c2
JG		 5543 int err;
5544
5545 err = tun_metadata_from_geneve_udpif(tun_tab, &xin->upcall_flow->tunnel,
5546 &xin->upcall_flow->tunnel,
5547 &flow->tunnel);
5548 if (err) {
5549 XLATE_REPORT_ERROR(&ctx, "Invalid Geneve tunnel metadata");
5550 ctx.error = XLATE_INVALID_TUNNEL_METADATA;
5551 goto exit;
5552 }
5553 } else if (!flow->tunnel.metadata.tab) {
5554 /* If the original flow did not come in on a tunnel, then it won't have
5555 * FLOW_TNL_F_UDPIF set. However, we still need to have a metadata
5556 * table in case we generate tunnel actions. */
5b09d9f7
MS		 5557 flow->tunnel.metadata.tab = ofproto_get_tun_tab(
5558 &ctx.xbridge->ofproto->up);
8d8ab6c2
JG		 5559 }
5560 ctx.wc->masks.tunnel.metadata.tab = flow->tunnel.metadata.tab;
5561
10c44245 5562 if (!xin->ofpacts && !ctx.rule) {
b2e89cc9 5563 ctx.rule = rule_dpif_lookup_from_table(
1f4a8933 5564 ctx.xbridge->ofproto, ctx.xin->tables_version, flow, ctx.wc,
1e1e1d19 5565 ctx.xin->resubmit_stats, &ctx.table_id,
a027899e 5566 flow->in_port.ofp_port, true, true, ctx.xin->xcache);
10c44245 5567 if (ctx.xin->resubmit_stats) {
b2e89cc9 5568 rule_dpif_credit_stats(ctx.rule, ctx.xin->resubmit_stats);
10c44245 5569 }
b256dc52
JS		 5570 if (ctx.xin->xcache) {
5571 struct xc_entry *entry;
5572
5573 entry = xlate_cache_add_entry(ctx.xin->xcache, XC_RULE);
901a517e 5574 entry->rule = ctx.rule;
07a3cd5c 5575 ofproto_rule_ref(&ctx.rule->up);
b256dc52 5576 }
a8c31348
BP		 5577
5578 if (OVS_UNLIKELY(ctx.xin->resubmit_hook)) {
b2e89cc9 5579 ctx.xin->resubmit_hook(ctx.xin, ctx.rule, 0);
a8c31348 5580 }
10c44245 5581 }
10c44245 5582
1d361a81 5583 /* Get the proximate input port of the packet. (If xin->frozen_state,
14d2b8b2
BP		 5584 * flow->in_port is the ultimate input port of the packet.) */
5585 struct xport *in_port = get_ofp_port(xbridge,
5586 ctx.base_flow.in_port.ofp_port);
5587
1d361a81
BP		 5588 /* Tunnel stats only for not-thawed packets. */
5589 if (!xin->frozen_state && in_port && in_port->is_tunnel) {
b256dc52
JS		 5590 if (ctx.xin->resubmit_stats) {
5591 netdev_vport_inc_rx(in_port->netdev, ctx.xin->resubmit_stats);
5592 if (in_port->bfd) {
5593 bfd_account_rx(in_port->bfd, ctx.xin->resubmit_stats);
5594 }
5595 }
5596 if (ctx.xin->xcache) {
5597 struct xc_entry *entry;
5598
5599 entry = xlate_cache_add_entry(ctx.xin->xcache, XC_NETDEV);
901a517e
JR		 5600 entry->dev.rx = netdev_ref(in_port->netdev);
5601 entry->dev.bfd = bfd_ref(in_port->bfd);
d6fc5f57
EJ		 5602 }
5603 }
5604
1d361a81 5605 if (!xin->frozen_state && process_special(&ctx, in_port)) {
bef1403e
BP		 5606 /* process_special() did all the processing for this packet.
5607 *
1d361a81
BP		 5608 * We do not perform special processing on thawed packets, since that
5609 * was done before they were frozen and should not be redone. */
bef1403e
BP		 5610 } else if (in_port && in_port->xbundle
5611 && xbundle_mirror_out(xbridge, in_port->xbundle)) {
5612 if (ctx.xin->packet != NULL) {
5613 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
5614 VLOG_WARN_RL(&rl, "bridge %s: dropping packet received on port "
5615 "%s, which is reserved exclusively for mirroring",
5616 ctx.xbridge->name, in_port->xbundle->name);
5617 }
5618 } else {
1d361a81 5619 /* Sampling is done on initial reception; don't redo after thawing. */
a6092018 5620 unsigned int user_cookie_offset = 0;
1d361a81 5621 if (!xin->frozen_state) {
a6092018
BP		 5622 user_cookie_offset = compose_sflow_action(&ctx);
5623 compose_ipfix_action(&ctx, ODPP_NONE);
e672ff9b 5624 }
0731abc5 5625 size_t sample_actions_len = ctx.odp_actions->size;
9583bc14 5626
234c3da9
BP		 5627 if (tnl_process_ecn(flow)
5628 && (!in_port || may_receive(in_port, &ctx))) {
1806291d
BP		 5629 const struct ofpact *ofpacts;
5630 size_t ofpacts_len;
5631
5632 if (xin->ofpacts) {
5633 ofpacts = xin->ofpacts;
5634 ofpacts_len = xin->ofpacts_len;
5635 } else if (ctx.rule) {
5636 const struct rule_actions *actions
07a3cd5c 5637 = rule_get_actions(&ctx.rule->up);
1806291d
BP		 5638 ofpacts = actions->ofpacts;
5639 ofpacts_len = actions->ofpacts_len;
07a3cd5c 5640 ctx.rule_cookie = ctx.rule->up.flow_cookie;
1806291d
BP		 5641 } else {
5642 OVS_NOT_REACHED();
5643 }
5644
7efbc3b7 5645 mirror_ingress_packet(&ctx);
9583bc14 5646 do_xlate_actions(ofpacts, ofpacts_len, &ctx);
fff1b9c0
JR		 5647 if (ctx.error) {
5648 goto exit;
5649 }
9583bc14
EJ		 5650
5651 /* We've let OFPP_NORMAL and the learning action look at the
1d361a81 5652 * packet, so cancel all actions and freezing if forwarding is
8a5fb3b4 5653 * disabled. */
9efd308e
DV		 5654 if (in_port && (!xport_stp_forward_state(in_port) ||
5655 !xport_rstp_forward_state(in_port))) {
1520ef4f 5656 ctx.odp_actions->size = sample_actions_len;
1d361a81 5657 ctx_cancel_freeze(&ctx);
8a5fb3b4
BP		 5658 ofpbuf_clear(&ctx.action_set);
5659 }
5660
1d361a81 5661 if (!ctx.freezing) {
8a5fb3b4 5662 xlate_action_set(&ctx);
e672ff9b 5663 }
1d361a81 5664 if (ctx.freezing) {
77ab5fd2 5665 finish_freezing(&ctx);
9583bc14
EJ		 5666 }
5667 }
5668
e672ff9b 5669 /* Output only fully processed packets. */
1d361a81 5670 if (!ctx.freezing
e672ff9b 5671 && xbridge->has_in_band
ce4a6b76
BP		 5672 && in_band_must_output_to_local_port(flow)
5673 && !actions_output_to_local_port(&ctx)) {
e93ef1c7 5674 compose_output_action(&ctx, OFPP_LOCAL, NULL);
9583bc14 5675 }
aaa0fbae 5676
a6092018
BP		 5677 if (user_cookie_offset) {
5678 fix_sflow_action(&ctx, user_cookie_offset);
e672ff9b 5679 }
9583bc14
EJ		 5680 }
5681
1520ef4f 5682 if (nl_attr_oversized(ctx.odp_actions->size)) {
542024c4 5683 /* These datapath actions are too big for a Netlink attribute, so we
0f032e95
BP		 5684 * can't hand them to the kernel directly. dpif_execute() can execute
5685 * them one by one with help, so just mark the result as SLOW_ACTION to
5686 * prevent the flow from being installed. */
5687 COVERAGE_INC(xlate_actions_oversize);
5688 ctx.xout->slow |= SLOW_ACTION;
1520ef4f 5689 } else if (too_many_output_actions(ctx.odp_actions)) {
7d031d7e
BP		 5690 COVERAGE_INC(xlate_actions_too_many_output);
5691 ctx.xout->slow |= SLOW_ACTION;
542024c4
BP		 5692 }
5693
1d361a81
BP		 5694 /* Do netflow only for packets on initial reception, that are not sent to
5695 * the controller. We consider packets sent to the controller to be part
5696 * of the control plane rather than the data plane. */
5697 if (!xin->frozen_state
5698 && xbridge->netflow
5699 && !(xout->slow & SLOW_CONTROLLER)) {
1806291d
BP		 5700 if (ctx.xin->resubmit_stats) {
5701 netflow_flow_update(xbridge->netflow, flow,
2031ef97 5702 ctx.nf_output_iface,
1806291d
BP		 5703 ctx.xin->resubmit_stats);
5704 }
5705 if (ctx.xin->xcache) {
5706 struct xc_entry *entry;
b256dc52 5707
1806291d 5708 entry = xlate_cache_add_entry(ctx.xin->xcache, XC_NETFLOW);
901a517e
JR		 5709 entry->nf.netflow = netflow_ref(xbridge->netflow);
5710 entry->nf.flow = xmemdup(flow, sizeof *flow);
5711 entry->nf.iface = ctx.nf_output_iface;
d6fc5f57
EJ		 5712 }
5713 }
5714
8d8ab6c2
JG		 5715 /* Translate tunnel metadata masks to udpif format if necessary. */
5716 if (xin->upcall_flow->tunnel.flags & FLOW_TNL_F_UDPIF) {
5717 if (ctx.wc->masks.tunnel.metadata.present.map) {
5718 const struct flow_tnl *upcall_tnl = &xin->upcall_flow->tunnel;
5719 struct geneve_opt opts[TLV_TOT_OPT_SIZE /
5720 sizeof(struct geneve_opt)];
5721
5722 tun_metadata_to_geneve_udpif_mask(&flow->tunnel,
5723 &ctx.wc->masks.tunnel,
5724 upcall_tnl->metadata.opts.gnv,
5725 upcall_tnl->metadata.present.len,
5726 opts);
5727 memset(&ctx.wc->masks.tunnel.metadata, 0,
5728 sizeof ctx.wc->masks.tunnel.metadata);
5729 memcpy(&ctx.wc->masks.tunnel.metadata.opts.gnv, opts,
5730 upcall_tnl->metadata.present.len);
5731 }
5732 ctx.wc->masks.tunnel.metadata.present.len = 0xff;
5733 ctx.wc->masks.tunnel.metadata.tab = NULL;
5734 ctx.wc->masks.tunnel.flags |= FLOW_TNL_F_UDPIF;
5735 } else if (!xin->upcall_flow->tunnel.metadata.tab) {
5736 /* If we didn't have options in UDPIF format and didn't have an existing
5737 * metadata table, then it means that there were no options at all when
5738 * we started processing and any wildcards we picked up were from
5739 * action generation. Without options on the incoming packet, wildcards
5740 * aren't meaningful. To avoid them possibly getting misinterpreted,
5741 * just clear everything. */
5742 if (ctx.wc->masks.tunnel.metadata.present.map) {
5743 memset(&ctx.wc->masks.tunnel.metadata, 0,
5744 sizeof ctx.wc->masks.tunnel.metadata);
5745 } else {
5746 ctx.wc->masks.tunnel.metadata.tab = NULL;
5747 }
5748 }
5749
c0e638aa 5750 xlate_wc_finish(&ctx);
1520ef4f
BP		 5751
5752exit:
8d8ab6c2
JG		 5753 /* Reset the table to what it was when we came in. If we only fetched
5754 * it locally, then it has no meaning outside of flow translation. */
5755 flow->tunnel.metadata.tab = xin->upcall_flow->tunnel.metadata.tab;
5756
1520ef4f
BP		 5757 ofpbuf_uninit(&ctx.stack);
5758 ofpbuf_uninit(&ctx.action_set);
1d361a81 5759 ofpbuf_uninit(&ctx.frozen_actions);
1520ef4f 5760 ofpbuf_uninit(&scratch_actions);
fff1b9c0
JR		 5761
5762 /* Make sure we return a "drop flow" in case of an error. */
5763 if (ctx.error) {
5764 xout->slow = 0;
5765 if (xin->odp_actions) {
5766 ofpbuf_clear(xin->odp_actions);
5767 }
5768 }
5769 return ctx.error;
91d6cd12
AW		 5770}
5771
77ab5fd2
BP		 5772enum ofperr
5773xlate_resume(struct ofproto_dpif *ofproto,
5774 const struct ofputil_packet_in_private *pin,
5775 struct ofpbuf *odp_actions,
5776 enum slow_path_reason *slow)
5777{
5778 struct dp_packet packet;
5779 dp_packet_use_const(&packet, pin->public.packet,
5780 pin->public.packet_len);
5781
5782 struct flow flow;
5783 flow_extract(&packet, &flow);
5784
5785 struct xlate_in xin;
1f4a8933
JR		 5786 xlate_in_init(&xin, ofproto, ofproto_dpif_get_tables_version(ofproto),
5787 &flow, 0, NULL, ntohs(flow.tcp_flags),
77ab5fd2
BP		 5788 &packet, NULL, odp_actions);
5789
5790 struct ofpact_note noop;
5791 ofpact_init_NOTE(&noop);
5792 noop.length = 0;
5793
5794 bool any_actions = pin->actions_len > 0;
5795 struct frozen_state state = {
5796 .table_id = 0, /* Not the table where NXAST_PAUSE was executed. */
5797 .ofproto_uuid = pin->bridge,
5798 .stack = pin->stack,
84cf3c1f 5799 .stack_size = pin->stack_size,
77ab5fd2
BP		 5800 .mirrors = pin->mirrors,
5801 .conntracked = pin->conntracked,
5802
5803 /* When there are no actions, xlate_actions() will search the flow
5804 * table. We don't want it to do that (we want it to resume), so
5805 * supply a no-op action if there aren't any.
5806 *
5807 * (We can't necessarily avoid translating actions entirely if there
5808 * aren't any actions, because there might be some finishing-up to do
5809 * at the end of the pipeline, and we don't check for those
5810 * conditions.) */
5811 .ofpacts = any_actions ? pin->actions : &noop.ofpact,
5812 .ofpacts_len = any_actions ? pin->actions_len : sizeof noop,
5813
5814 .action_set = pin->action_set,
5815 .action_set_len = pin->action_set_len,
5816 };
5817 frozen_metadata_from_flow(&state.metadata,
5818 &pin->public.flow_metadata.flow);
5819 xin.frozen_state = &state;
5820
5821 struct xlate_out xout;
5822 enum xlate_error error = xlate_actions(&xin, &xout);
5823 *slow = xout.slow;
5824 xlate_out_uninit(&xout);
5825
5826 /* xlate_actions() can generate a number of errors, but only
5827 * XLATE_BRIDGE_NOT_FOUND really stands out to me as one that we should be
5828 * sure to report over OpenFlow. The others could come up in packet-outs
5829 * or regular flow translation and I don't think that it's going to be too
5830 * useful to report them to the controller. */
5831 return error == XLATE_BRIDGE_NOT_FOUND ? OFPERR_NXR_STALE : 0;
5832}
5833
2eb79142
JG		 5834/* Sends 'packet' out 'ofport'. If 'port' is a tunnel and that tunnel type
5835 * supports a notion of an OAM flag, sets it if 'oam' is true.
91d6cd12
AW		 5836 * May modify 'packet'.
5837 * Returns 0 if successful, otherwise a positive errno value. */
5838int
2eb79142
JG		 5839xlate_send_packet(const struct ofport_dpif *ofport, bool oam,
5840 struct dp_packet *packet)
91d6cd12 5841{
84f0f298 5842 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
91d6cd12 5843 struct xport *xport;
2eb79142
JG		 5844 uint64_t ofpacts_stub[1024 / 8];
5845 struct ofpbuf ofpacts;
91d6cd12 5846 struct flow flow;
91d6cd12 5847
2eb79142 5848 ofpbuf_use_stack(&ofpacts, ofpacts_stub, sizeof ofpacts_stub);
91d6cd12 5849 /* Use OFPP_NONE as the in_port to avoid special packet processing. */
cf62fa4c 5850 flow_extract(packet, &flow);
b5e7e61a 5851 flow.in_port.ofp_port = OFPP_NONE;
91d6cd12 5852
84f0f298 5853 xport = xport_lookup(xcfg, ofport);
91d6cd12 5854 if (!xport) {
02ea2703 5855 return EINVAL;
91d6cd12 5856 }
2eb79142
JG		 5857
5858 if (oam) {
128684a6
JR		 5859 const ovs_be16 oam = htons(NX_TUN_FLAG_OAM);
5860 ofpact_put_set_field(&ofpacts, mf_from_id(MFF_TUN_FLAGS), &oam, &oam);
2eb79142
JG		 5861 }
5862
5863 ofpact_put_OUTPUT(&ofpacts)->port = xport->ofp_port;
e491a67a 5864
1f4a8933
JR		 5865 /* Actions here are not referring to anything versionable (flow tables or
5866 * groups) so we don't need to worry about the version here. */
5867 return ofproto_dpif_execute_actions(xport->xbridge->ofproto,
5868 OVS_VERSION_MAX, &flow, NULL,
2eb79142 5869 ofpacts.data, ofpacts.size, packet);
9583bc14 5870}
b256dc52 5871
901a517e 5872void
064799a1
JR		 5873xlate_mac_learning_update(const struct ofproto_dpif *ofproto,
5874 ofp_port_t in_port, struct eth_addr dl_src,
5875 int vlan, bool is_grat_arp)
b256dc52 5876{
84f0f298 5877 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
b256dc52
JS		 5878 struct xbridge *xbridge;
5879 struct xbundle *xbundle;
b256dc52 5880
84f0f298 5881 xbridge = xbridge_lookup(xcfg, ofproto);
b256dc52
JS		 5882 if (!xbridge) {
5883 return;
5884 }
5885
064799a1 5886 xbundle = lookup_input_bundle(xbridge, in_port, false, NULL);
b256dc52
JS		 5887 if (!xbundle) {
5888 return;
5889 }
5890
064799a1 5891 update_learning_table(xbridge, xbundle, dl_src, vlan, is_grat_arp);
b256dc52 5892}
openvswitch packages for PVE