]> git.proxmox.com Git - ovs.git/blame - ofproto/ofproto-dpif-xlate.c
projects / ovs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sparse: Add guards to prevent FreeBSD-incompatible #include order.
[ovs.git] / ofproto / ofproto-dpif-xlate.c
CommitLineData
b827b231 1/* Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 Nicira, Inc.
9583bc14
EJ		 2 *
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License. */
14
15#include <config.h>
16
17#include "ofproto/ofproto-dpif-xlate.h"
18
8449c4d6 19#include <errno.h>
b2befd5b
BP		 20#include <sys/types.h>
21#include <netinet/in.h>
a36de779
PS		 22#include <arpa/inet.h>
23#include <net/if.h>
24#include <sys/socket.h>
8449c4d6 25
db7d4e46 26#include "bfd.h"
9583bc14
EJ		 27#include "bitmap.h"
28#include "bond.h"
29#include "bundle.h"
30#include "byte-order.h"
db7d4e46 31#include "cfm.h"
9583bc14
EJ		 32#include "connmgr.h"
33#include "coverage.h"
46445c63 34#include "csum.h"
e14deea0 35#include "dp-packet.h"
9583bc14 36#include "dpif.h"
f7f1ea29 37#include "in-band.h"
db7d4e46 38#include "lacp.h"
9583bc14
EJ		 39#include "learn.h"
40#include "mac-learning.h"
6d95c4e8 41#include "mcast-snooping.h"
9583bc14
EJ		 42#include "multipath.h"
43#include "netdev-vport.h"
44#include "netlink.h"
45#include "nx-match.h"
46#include "odp-execute.h"
9583bc14 47#include "ofproto/ofproto-dpif-ipfix.h"
ec7ceaed 48#include "ofproto/ofproto-dpif-mirror.h"
60d02c72 49#include "ofproto/ofproto-dpif-monitor.h"
9583bc14 50#include "ofproto/ofproto-dpif-sflow.h"
2d9b49dd 51#include "ofproto/ofproto-dpif-trace.h"
901a517e 52#include "ofproto/ofproto-dpif-xlate-cache.h"
9583bc14 53#include "ofproto/ofproto-dpif.h"
6f00e29b 54#include "ofproto/ofproto-provider.h"
b598f214
BW		 55#include "openvswitch/dynamic-string.h"
56#include "openvswitch/meta-flow.h"
57#include "openvswitch/list.h"
58#include "openvswitch/ofp-actions.h"
1fc11c59 59#include "openvswitch/ofp-ed-props.h"
b598f214
BW		 60#include "openvswitch/vlog.h"
61#include "ovs-lldp.h"
a36de779 62#include "ovs-router.h"
b598f214
BW		 63#include "packets.h"
64#include "tnl-neigh-cache.h"
a36de779 65#include "tnl-ports.h"
9583bc14 66#include "tunnel.h"
ee89ea7b 67#include "util.h"
9583bc14 68
46c88433 69COVERAGE_DEFINE(xlate_actions);
0f032e95 70COVERAGE_DEFINE(xlate_actions_oversize);
7d031d7e 71COVERAGE_DEFINE(xlate_actions_too_many_output);
9583bc14
EJ		 72
73VLOG_DEFINE_THIS_MODULE(ofproto_dpif_xlate);
74
8a553e9a 75/* Maximum depth of flow table recursion (due to resubmit actions) in a
790c5d26
BP		 76 * flow translation.
77 *
78 * The goal of limiting the depth of resubmits is to ensure that flow
79 * translation eventually terminates. Only resubmits to the same table or an
80 * earlier table count against the maximum depth. This is because resubmits to
81 * strictly monotonically increasing table IDs will eventually terminate, since
82 * any OpenFlow switch has a finite number of tables. OpenFlow tables are most
83 * commonly traversed in numerically increasing order, so this limit has little
84 * effect on conventionally designed OpenFlow pipelines.
85 *
86 * Outputs to patch ports and to groups also count against the depth limit. */
87#define MAX_DEPTH 64
8a553e9a 88
98b07853
BP		 89/* Maximum number of resubmit actions in a flow translation, whether they are
90 * recursive or not. */
790c5d26 91#define MAX_RESUBMITS (MAX_DEPTH * MAX_DEPTH)
98b07853 92
46c88433
EJ		 93struct xbridge {
94 struct hmap_node hmap_node; /* Node in global 'xbridges' map. */
95 struct ofproto_dpif *ofproto; /* Key in global 'xbridges' map. */
96
ca6ba700 97 struct ovs_list xbundles; /* Owned xbundles. */
46c88433
EJ		 98 struct hmap xports; /* Indexed by ofp_port. */
99
100 char *name; /* Name used in log messages. */
89a8a7f0 101 struct dpif *dpif; /* Datapath interface. */
46c88433 102 struct mac_learning *ml; /* Mac learning handle. */
6d95c4e8 103 struct mcast_snooping *ms; /* Multicast Snooping handle. */
46c88433
EJ		 104 struct mbridge *mbridge; /* Mirroring. */
105 struct dpif_sflow *sflow; /* SFlow handle, or null. */
106 struct dpif_ipfix *ipfix; /* Ipfix handle, or null. */
ce3955be 107 struct netflow *netflow; /* Netflow handle, or null. */
9d189a50 108 struct stp *stp; /* STP or null if disabled. */
9efd308e 109 struct rstp *rstp; /* RSTP or null if disabled. */
46c88433 110
46c88433
EJ		 111 bool has_in_band; /* Bridge has in band control? */
112 bool forward_bpdu; /* Bridge forwards STP BPDUs? */
4b97b70d 113
b440dd8c
JS		 114 /* Datapath feature support. */
115 struct dpif_backer_support support;
46c88433
EJ		 116};
117
118struct xbundle {
119 struct hmap_node hmap_node; /* In global 'xbundles' map. */
120 struct ofbundle *ofbundle; /* Key in global 'xbundles' map. */
121
ca6ba700 122 struct ovs_list list_node; /* In parent 'xbridges' list. */
46c88433
EJ		 123 struct xbridge *xbridge; /* Parent xbridge. */
124
ca6ba700 125 struct ovs_list xports; /* Contains "struct xport"s. */
46c88433
EJ		 126
127 char *name; /* Name used in log messages. */
128 struct bond *bond; /* Nonnull iff more than one port. */
129 struct lacp *lacp; /* LACP handle or null. */
130
131 enum port_vlan_mode vlan_mode; /* VLAN mode. */
fed8962a
EG		 132 uint16_t qinq_ethtype; /* Ethertype of dot1q-tunnel interface
133 * either 0x8100 or 0x88a8. */
46c88433
EJ		 134 int vlan; /* -1=trunk port, else a 12-bit VLAN ID. */
135 unsigned long *trunks; /* Bitmap of trunked VLANs, if 'vlan' == -1.
136 * NULL if all VLANs are trunked. */
fed8962a
EG		 137 unsigned long *cvlans; /* Bitmap of allowed customer vlans,
138 * NULL if all VLANs are allowed */
46c88433
EJ		 139 bool use_priority_tags; /* Use 802.1p tag for frames in VLAN 0? */
140 bool floodable; /* No port has OFPUTIL_PC_NO_FLOOD set? */
c005f976 141 bool protected; /* Protected port mode */
46c88433
EJ		 142};
143
144struct xport {
145 struct hmap_node hmap_node; /* Node in global 'xports' map. */
146 struct ofport_dpif *ofport; /* Key in global 'xports map. */
147
148 struct hmap_node ofp_node; /* Node in parent xbridge 'xports' map. */
149 ofp_port_t ofp_port; /* Key in parent xbridge 'xports' map. */
150
151 odp_port_t odp_port; /* Datapath port number or ODPP_NONE. */
152
ca6ba700 153 struct ovs_list bundle_node; /* In parent xbundle (if it exists). */
46c88433
EJ		 154 struct xbundle *xbundle; /* Parent xbundle or null. */
155
156 struct netdev *netdev; /* 'ofport''s netdev. */
157
158 struct xbridge *xbridge; /* Parent bridge. */
159 struct xport *peer; /* Patch port peer or null. */
160
161 enum ofputil_port_config config; /* OpenFlow port configuration. */
dd8cd4b4 162 enum ofputil_port_state state; /* OpenFlow port state. */
92cf817b 163 int stp_port_no; /* STP port number or -1 if not in use. */
f025bcb7 164 struct rstp_port *rstp_port; /* RSTP port or null. */
46c88433 165
55954f6e
EJ		 166 struct hmap skb_priorities; /* Map of 'skb_priority_to_dscp's. */
167
46c88433
EJ		 168 bool may_enable; /* May be enabled in bonds. */
169 bool is_tunnel; /* Is a tunnel port. */
875ab130 170 enum netdev_pt_mode pt_mode; /* packet_type handling. */
46c88433
EJ		 171
172 struct cfm *cfm; /* CFM handle or null. */
173 struct bfd *bfd; /* BFD handle or null. */
0477baa9 174 struct lldp *lldp; /* LLDP handle or null. */
46c88433
EJ		 175};
176
4d0acc70
EJ		 177struct xlate_ctx {
178 struct xlate_in *xin;
179 struct xlate_out *xout;
180
46c88433 181 const struct xbridge *xbridge;
4d0acc70
EJ		 182
183 /* Flow at the last commit. */
184 struct flow base_flow;
185
186 /* Tunnel IP destination address as received. This is stored separately
187 * as the base_flow.tunnel is cleared on init to reflect the datapath
188 * behavior. Used to make sure not to send tunneled output to ourselves,
189 * which might lead to an infinite loop. This could happen easily
190 * if a tunnel is marked as 'ip_remote=flow', and the flow does not
191 * actually set the tun_dst field. */
e4d3706c 192 struct in6_addr orig_tunnel_ipv6_dst;
4d0acc70 193
84cf3c1f
JR		 194 /* Stack for the push and pop actions. See comment above nx_stack_push()
195 * in nx-match.c for info on how the stack is stored. */
4d0acc70
EJ		 196 struct ofpbuf stack;
197
198 /* The rule that we are currently translating, or NULL. */
199 struct rule_dpif *rule;
200
49a73e0c
BP		 201 /* Flow translation populates this with wildcards relevant in translation.
202 * When 'xin->wc' is nonnull, this is the same pointer. When 'xin->wc' is
c0e638aa 203 * null, this is a pointer to a temporary buffer. */
49a73e0c
BP		 204 struct flow_wildcards *wc;
205
1520ef4f
BP		 206 /* Output buffer for datapath actions. When 'xin->odp_actions' is nonnull,
207 * this is the same pointer. When 'xin->odp_actions' is null, this points
208 * to a scratch ofpbuf. This allows code to add actions to
209 * 'ctx->odp_actions' without worrying about whether the caller really
210 * wants actions. */
211 struct ofpbuf *odp_actions;
212
790c5d26
BP		 213 /* Statistics maintained by xlate_table_action().
214 *
2d9b49dd 215 * These statistics limit the amount of work that a single flow
790c5d26
BP		 216 * translation can perform. The goal of the first of these, 'depth', is
217 * primarily to prevent translation from performing an infinite amount of
218 * work. It counts the current depth of nested "resubmit"s (and a few
219 * other activities); when a resubmit returns, it decreases. Resubmits to
220 * tables in strictly monotonically increasing order don't contribute to
221 * 'depth' because they cannot cause a flow translation to take an infinite
222 * amount of time (because the number of tables is finite). Translation
223 * aborts when 'depth' exceeds MAX_DEPTH.
224 *
225 * 'resubmits', on the other hand, prevents flow translation from
226 * performing an extraordinarily large while still finite amount of work.
227 * It counts the total number of resubmits (and a few other activities)
228 * that have been executed. Returning from a resubmit does not affect this
229 * counter. Thus, this limits the amount of work that a particular
230 * translation can perform. Translation aborts when 'resubmits' exceeds
231 * MAX_RESUBMITS (which is much larger than MAX_DEPTH).
232 */
790c5d26 233 int depth; /* Current resubmit nesting depth. */
98b07853 234 int resubmits; /* Total number of resubmits. */
5a070238 235 bool in_group; /* Currently translating ofgroup, if true. */
029ca940 236 bool in_action_set; /* Currently translating action_set, if true. */
331c07ac
YHW		 237 bool in_packet_out; /* Currently translating a packet_out msg, if
238 * true. */
1fc11c59
JS		 239 bool pending_encap; /* True when waiting to commit a pending
240 * encap action. */
241 struct ofpbuf *encap_data; /* May contain a pointer to an ofpbuf with
242 * context for the datapath encap action.*/
98b07853 243
4d0acc70 244 uint8_t table_id; /* OpenFlow table ID where flow was found. */
8b1e5560
JR		 245 ovs_be64 rule_cookie; /* Cookie of the rule being translated. */
246 uint32_t orig_skb_priority; /* Priority when packet arrived. */
4d0acc70 247 uint32_t sflow_n_outputs; /* Number of output ports. */
4e022ec0 248 odp_port_t sflow_odp_port; /* Output port for composing sFlow action. */
2031ef97 249 ofp_port_t nf_output_iface; /* Output interface index for NetFlow. */
4d0acc70 250 bool exit; /* No further actions should be processed. */
3d6151f3 251 mirror_mask_t mirrors; /* Bitmap of associated mirrors. */
1356dbd1 252 int mirror_snaplen; /* Max size of a mirror packet in byte. */
7fdb60a7 253
1d361a81
BP		 254 /* Freezing Translation
255 * ====================
e672ff9b 256 *
1d361a81
BP		 257 * At some point during translation, the code may recognize the need to halt
258 * and checkpoint the translation in a way that it can be restarted again
259 * later. We call the checkpointing process "freezing" and the restarting
260 * process "thawing".
e672ff9b 261 *
1d361a81 262 * The use cases for freezing are:
e672ff9b 263 *
1d361a81
BP		 264 * - "Recirculation", where the translation process discovers that it
265 * doesn't have enough information to complete translation without
266 * actually executing the actions that have already been translated,
267 * which provides the additionally needed information. In these
268 * situations, translation freezes translation and assigns the frozen
269 * data a unique "recirculation ID", which it associates with the data
270 * in a table in userspace (see ofproto-dpif-rid.h). It also adds a
271 * OVS_ACTION_ATTR_RECIRC action specifying that ID to the datapath
272 * actions. When a packet hits that action, the datapath looks its
273 * flow up again using the ID. If there's a miss, it comes back to
274 * userspace, which find the recirculation table entry for the ID,
275 * thaws the associated frozen data, and continues translation from
276 * that point given the additional information that is now known.
e672ff9b 277 *
1d361a81
BP		 278 * The archetypal example is MPLS. As MPLS is implemented in
279 * OpenFlow, the protocol that follows the last MPLS label becomes
280 * known only when that label is popped by an OpenFlow action. That
281 * means that Open vSwitch can't extract the headers beyond the MPLS
282 * labels until the pop action is executed. Thus, at that point
283 * translation uses the recirculation process to extract the headers
284 * beyond the MPLS labels.
e672ff9b 285 *
1d361a81
BP		 286 * (OVS also uses OVS_ACTION_ATTR_RECIRC to implement hashing for
287 * output to bonds. OVS pre-populates all the datapath flows for bond
288 * output in the datapath, though, which means that the elaborate
289 * process of coming back to userspace for a second round of
290 * translation isn't needed, and so bonds don't follow the above
291 * process.)
e672ff9b 292 *
77ab5fd2
BP		 293 * - "Continuation". A continuation is a way for an OpenFlow controller
294 * to interpose on a packet's traversal of the OpenFlow tables. When
295 * the translation process encounters a "controller" action with the
296 * "pause" flag, it freezes translation, serializes the frozen data,
297 * and sends it to an OpenFlow controller. The controller then
298 * examines and possibly modifies the frozen data and eventually sends
299 * it back to the switch, which thaws it and continues translation.
e672ff9b 300 *
1d361a81
BP		 301 * The main problem of freezing translation is preserving state, so that
302 * when the translation is thawed later it resumes from where it left off,
303 * without disruption. In particular, actions must be preserved as follows:
304 *
305 * - If we're freezing because an action needed more information, the
306 * action that prompted it.
307 *
308 * - Any actions remaining to be translated within the current flow.
309 *
310 * - If translation was frozen within a NXAST_RESUBMIT, then any actions
311 * following the resubmit action. Resubmit actions can be nested, so
312 * this has to go all the way up the control stack.
e672ff9b
JR		 313 *
314 * - The OpenFlow 1.1+ action set.
315 *
316 * State that actions and flow table lookups can depend on, such as the
317 * following, must also be preserved:
318 *
319 * - Metadata fields (input port, registers, OF1.1+ metadata, ...).
320 *
1d361a81 321 * - The stack used by NXAST_STACK_PUSH and NXAST_STACK_POP actions.
e672ff9b
JR		 322 *
323 * - The table ID and cookie of the flow being translated at each level
1d361a81
BP		 324 * of the control stack, because these can become visible through
325 * OFPAT_CONTROLLER actions (and other ways).
e672ff9b
JR		 326 *
327 * Translation allows for the control of this state preservation via these
1d361a81
BP		 328 * members. When a need to freeze translation is identified, the
329 * translation process:
e672ff9b 330 *
1d361a81 331 * 1. Sets 'freezing' to true.
e672ff9b
JR		 332 *
333 * 2. Sets 'exit' to true to tell later steps that we're exiting from the
334 * translation process.
335 *
1d361a81
BP		 336 * 3. Adds an OFPACT_UNROLL_XLATE action to 'frozen_actions', and points
337 * frozen_actions.header to the action to make it easy to find it later.
338 * This action holds the current table ID and cookie so that they can be
339 * restored during a post-recirculation upcall translation.
e672ff9b
JR		 340 *
341 * 4. Adds the action that prompted recirculation and any actions following
1d361a81 342 * it within the same flow to 'frozen_actions', so that they can be
8a5fb3b4 343 * executed during a post-recirculation upcall translation.
e672ff9b
JR		 344 *
345 * 5. Returns.
346 *
347 * 6. The action that prompted recirculation might be nested in a stack of
348 * nested "resubmit"s that have actions remaining. Each of these notices
1d361a81
BP		 349 * that we're exiting and freezing and responds by adding more
350 * OFPACT_UNROLL_XLATE actions to 'frozen_actions', as necessary,
351 * followed by any actions that were yet unprocessed.
e672ff9b 352 *
1d361a81
BP		 353 * If we're freezing because of recirculation, the caller generates a
354 * recirculation ID and associates all the state produced by this process
355 * with it. For post-recirculation upcall translation, the caller passes it
356 * back in for the new translation to execute. The process yielded a set of
357 * ofpacts that can be translated directly, so it is not much of a special
358 * case at that point.
e672ff9b 359 */
1d361a81 360 bool freezing;
53cc166a
JR		 361 bool recirc_update_dp_hash; /* Generated recirculation will be preceded
362 * by datapath HASH action to get an updated
363 * dp_hash after recirculation. */
364 uint32_t dp_hash_alg;
365 uint32_t dp_hash_basis;
1d361a81 366 struct ofpbuf frozen_actions;
77ab5fd2 367 const struct ofpact_controller *pause;
0d3239e8 368 struct flow *paused_flow;
e672ff9b 369
e12ec36b
SH		 370 /* True if a packet was but is no longer MPLS (due to an MPLS pop action).
371 * This is a trigger for recirculation in cases where translating an action
372 * or looking up a flow requires access to the fields of the packet after
373 * the MPLS label stack that was originally present. */
374 bool was_mpls;
375
07659514
JS		 376 /* True if conntrack has been performed on this packet during processing
377 * on the current bridge. This is used to determine whether conntrack
1d361a81 378 * state from the datapath should be honored after thawing. */
07659514
JS		 379 bool conntracked;
380
9ac0aada
JR		 381 /* Pointer to an embedded NAT action in a conntrack action, or NULL. */
382 struct ofpact_nat *ct_nat_action;
383
7fdb60a7
SH		 384 /* OpenFlow 1.1+ action set.
385 *
386 * 'action_set' accumulates "struct ofpact"s added by OFPACT_WRITE_ACTIONS.
387 * When translation is otherwise complete, ofpacts_execute_action_set()
388 * converts it to a set of "struct ofpact"s that can be translated into
ed9c9e3e 389 * datapath actions. */
c61f3870 390 bool action_set_has_group; /* Action set contains OFPACT_GROUP? */
7fdb60a7 391 struct ofpbuf action_set; /* Action set. */
fff1b9c0
JR		 392
393 enum xlate_error error; /* Translation failed. */
4d0acc70
EJ		 394};
395
f0fb825a
EG		 396/* Structure to track VLAN manipulation */
397struct xvlan_single {
398 uint16_t tpid;
399 uint16_t vid;
400 uint16_t pcp;
401};
402
403struct xvlan {
404 struct xvlan_single v[FLOW_MAX_VLAN_HEADERS];
405};
406
fff1b9c0
JR		 407const char *xlate_strerror(enum xlate_error error)
408{
409 switch (error) {
410 case XLATE_OK:
411 return "OK";
412 case XLATE_BRIDGE_NOT_FOUND:
413 return "Bridge not found";
414 case XLATE_RECURSION_TOO_DEEP:
415 return "Recursion too deep";
416 case XLATE_TOO_MANY_RESUBMITS:
417 return "Too many resubmits";
418 case XLATE_STACK_TOO_DEEP:
419 return "Stack too deep";
420 case XLATE_NO_RECIRCULATION_CONTEXT:
421 return "No recirculation context";
422 case XLATE_RECIRCULATION_CONFLICT:
423 return "Recirculation conflict";
424 case XLATE_TOO_MANY_MPLS_LABELS:
425 return "Too many MPLS labels";
8d8ab6c2
JG		 426 case XLATE_INVALID_TUNNEL_METADATA:
427 return "Invalid tunnel metadata";
7873e106
ZB		 428 case XLATE_UNSUPPORTED_PACKET_TYPE:
429 return "Unsupported packet type";
fff1b9c0
JR		 430 }
431 return "Unknown error";
432}
433
ed9c9e3e 434static void xlate_action_set(struct xlate_ctx *ctx);
704bb0bf 435static void xlate_commit_actions(struct xlate_ctx *ctx);
ed9c9e3e 436
8bdb2bdb 437static void
48f704f4
AZ		 438patch_port_output(struct xlate_ctx *ctx, const struct xport *in_dev,
439 struct xport *out_dev);
8bdb2bdb 440
1d741d6d 441static void
1d361a81 442ctx_trigger_freeze(struct xlate_ctx *ctx)
1d741d6d
JR		 443{
444 ctx->exit = true;
1d361a81 445 ctx->freezing = true;
1d741d6d
JR		 446}
447
53cc166a
JR		 448static void
449ctx_trigger_recirculate_with_hash(struct xlate_ctx *ctx, uint32_t type,
450 uint32_t basis)
451{
452 ctx->exit = true;
453 ctx->freezing = true;
454 ctx->recirc_update_dp_hash = true;
455 ctx->dp_hash_alg = type;
456 ctx->dp_hash_basis = basis;
457}
458
1d741d6d 459static bool
1d361a81 460ctx_first_frozen_action(const struct xlate_ctx *ctx)
1d741d6d 461{
1d361a81 462 return !ctx->frozen_actions.size;
e672ff9b
JR		 463}
464
3293cb85 465static void
1d361a81 466ctx_cancel_freeze(struct xlate_ctx *ctx)
3293cb85 467{
1d361a81
BP		 468 if (ctx->freezing) {
469 ctx->freezing = false;
53cc166a 470 ctx->recirc_update_dp_hash = false;
1d361a81
BP		 471 ofpbuf_clear(&ctx->frozen_actions);
472 ctx->frozen_actions.header = NULL;
3293cb85
BP		 473 }
474}
475
77ab5fd2 476static void finish_freezing(struct xlate_ctx *ctx);
e672ff9b 477
9583bc14
EJ		 478/* A controller may use OFPP_NONE as the ingress port to indicate that
479 * it did not arrive on a "real" port. 'ofpp_none_bundle' exists for
480 * when an input bundle is needed for validation (e.g., mirroring or
481 * OFPP_NORMAL processing). It is not connected to an 'ofproto' or have
3548d242
BP		 482 * any 'port' structs, so care must be taken when dealing with it. */
483static struct xbundle ofpp_none_bundle = {
484 .name = "OFPP_NONE",
485 .vlan_mode = PORT_VLAN_TRUNK
486};
9583bc14 487
55954f6e
EJ		 488/* Node in 'xport''s 'skb_priorities' map. Used to maintain a map from
489 * 'priority' (the datapath's term for QoS queue) to the dscp bits which all
490 * traffic egressing the 'ofport' with that priority should be marked with. */
491struct skb_priority_to_dscp {
492 struct hmap_node hmap_node; /* Node in 'ofport_dpif''s 'skb_priorities'. */
493 uint32_t skb_priority; /* Priority of this queue (see struct flow). */
494
495 uint8_t dscp; /* DSCP bits to mark outgoing traffic with. */
496};
497
84f0f298
RW		 498/* Xlate config contains hash maps of all bridges, bundles and ports.
499 * Xcfgp contains the pointer to the current xlate configuration.
500 * When the main thread needs to change the configuration, it copies xcfgp to
501 * new_xcfg and edits new_xcfg. This enables the use of RCU locking which
502 * does not block handler and revalidator threads. */
503struct xlate_cfg {
504 struct hmap xbridges;
505 struct hmap xbundles;
506 struct hmap xports;
507};
b1b72f2d 508static OVSRCU_TYPE(struct xlate_cfg *) xcfgp = OVSRCU_INITIALIZER(NULL);
f439f23b 509static struct xlate_cfg *new_xcfg = NULL;
46c88433 510
96c3a6e5
AZ		 511typedef void xlate_actions_handler(const struct ofpact *, size_t ofpacts_len,
512 struct xlate_ctx *, bool);
513
46c88433 514static bool may_receive(const struct xport *, struct xlate_ctx *);
9583bc14 515static void do_xlate_actions(const struct ofpact *, size_t ofpacts_len,
feee58b9 516 struct xlate_ctx *, bool);
96c3a6e5
AZ		 517static void clone_xlate_actions(const struct ofpact *, size_t ofpacts_len,
518 struct xlate_ctx *, bool);
adcf00ba 519static void xlate_normal(struct xlate_ctx *);
6d328fa2
SH		 520static void xlate_table_action(struct xlate_ctx *, ofp_port_t in_port,
521 uint8_t table_id, bool may_packet_in,
feee58b9 522 bool honor_table_miss, bool with_ct_orig,
96c3a6e5
AZ		 523 bool is_last_action, xlate_actions_handler *);
524
2d9b49dd
BP		 525static bool input_vid_is_valid(const struct xlate_ctx *,
526 uint16_t vid, struct xbundle *);
f0fb825a
EG		 527static void xvlan_copy(struct xvlan *dst, const struct xvlan *src);
528static void xvlan_pop(struct xvlan *src);
fed8962a 529static void xvlan_push_uninit(struct xvlan *src);
f0fb825a
EG		 530static void xvlan_extract(const struct flow *, struct xvlan *);
531static void xvlan_put(struct flow *, const struct xvlan *);
532static void xvlan_input_translate(const struct xbundle *,
533 const struct xvlan *in,
534 struct xvlan *xvlan);
535static void xvlan_output_translate(const struct xbundle *,
536 const struct xvlan *xvlan,
537 struct xvlan *out);
46c88433 538static void output_normal(struct xlate_ctx *, const struct xbundle *,
f0fb825a 539 const struct xvlan *);
e93ef1c7
JR		 540
541/* Optional bond recirculation parameter to compose_output_action(). */
542struct xlate_bond_recirc {
543 uint32_t recirc_id; /* !0 Use recirculation instead of output. */
544 uint8_t hash_alg; /* !0 Compute hash for recirc before. */
545 uint32_t hash_basis; /* Compute hash for recirc before. */
546};
547
548static void compose_output_action(struct xlate_ctx *, ofp_port_t ofp_port,
feee58b9 549 const struct xlate_bond_recirc *xr,
11938578 550 bool is_last_action, bool truncate);
9583bc14 551
84f0f298
RW		 552static struct xbridge *xbridge_lookup(struct xlate_cfg *,
553 const struct ofproto_dpif *);
290835f9
BP		 554static struct xbridge *xbridge_lookup_by_uuid(struct xlate_cfg *,
555 const struct uuid *);
84f0f298
RW		 556static struct xbundle *xbundle_lookup(struct xlate_cfg *,
557 const struct ofbundle *);
558static struct xport *xport_lookup(struct xlate_cfg *,
559 const struct ofport_dpif *);
46c88433 560static struct xport *get_ofp_port(const struct xbridge *, ofp_port_t ofp_port);
55954f6e
EJ		 561static struct skb_priority_to_dscp *get_skb_priority(const struct xport *,
562 uint32_t skb_priority);
563static void clear_skb_priorities(struct xport *);
16194afd 564static size_t count_skb_priorities(const struct xport *);
55954f6e
EJ		 565static bool dscp_from_skb_priority(const struct xport *, uint32_t skb_priority,
566 uint8_t *dscp);
46c88433 567
84f0f298
RW		 568static void xlate_xbridge_init(struct xlate_cfg *, struct xbridge *);
569static void xlate_xbundle_init(struct xlate_cfg *, struct xbundle *);
570static void xlate_xport_init(struct xlate_cfg *, struct xport *);
9efd308e 571static void xlate_xbridge_set(struct xbridge *, struct dpif *,
9efd308e
DV		 572 const struct mac_learning *, struct stp *,
573 struct rstp *, const struct mcast_snooping *,
574 const struct mbridge *,
575 const struct dpif_sflow *,
576 const struct dpif_ipfix *,
2f47cdf4 577 const struct netflow *,
84f0f298 578 bool forward_bpdu, bool has_in_band,
b440dd8c 579 const struct dpif_backer_support *);
84f0f298 580static void xlate_xbundle_set(struct xbundle *xbundle,
f0fb825a 581 enum port_vlan_mode vlan_mode,
fed8962a
EG		 582 uint16_t qinq_ethtype, int vlan,
583 unsigned long *trunks, unsigned long *cvlans,
f0fb825a 584 bool use_priority_tags,
84f0f298 585 const struct bond *bond, const struct lacp *lacp,
c005f976 586 bool floodable, bool protected);
84f0f298
RW		 587static void xlate_xport_set(struct xport *xport, odp_port_t odp_port,
588 const struct netdev *netdev, const struct cfm *cfm,
0477baa9
DF		 589 const struct bfd *bfd, const struct lldp *lldp,
590 int stp_port_no, const struct rstp_port *rstp_port,
84f0f298
RW		 591 enum ofputil_port_config config,
592 enum ofputil_port_state state, bool is_tunnel,
593 bool may_enable);
594static void xlate_xbridge_remove(struct xlate_cfg *, struct xbridge *);
595static void xlate_xbundle_remove(struct xlate_cfg *, struct xbundle *);
596static void xlate_xport_remove(struct xlate_cfg *, struct xport *);
597static void xlate_xbridge_copy(struct xbridge *);
598static void xlate_xbundle_copy(struct xbridge *, struct xbundle *);
599static void xlate_xport_copy(struct xbridge *, struct xbundle *,
600 struct xport *);
601static void xlate_xcfg_free(struct xlate_cfg *);
2d9b49dd
BP		 602\f
603/* Tracing helpers. */
604
605/* If tracing is enabled in 'ctx', creates a new trace node and appends it to
606 * the list of nodes maintained in ctx->xin. The new node has type 'type' and
607 * its text is created from 'format' by treating it as a printf format string.
608 * Returns the list of nodes embedded within the new trace node; ordinarily,
609 * the calleer can ignore this, but it is useful if the caller needs to nest
610 * more trace nodes within the new node.
611 *
612 * If tracing is not enabled, does nothing and returns NULL. */
613static struct ovs_list * OVS_PRINTF_FORMAT(3, 4)
614xlate_report(const struct xlate_ctx *ctx, enum oftrace_node_type type,
615 const char *format, ...)
34dd0d78 616{
2d9b49dd
BP		 617 struct ovs_list *subtrace = NULL;
618 if (OVS_UNLIKELY(ctx->xin->trace)) {
c1b3756c 619 va_list args;
c1b3756c 620 va_start(args, format);
2d9b49dd
BP		 621 char *text = xvasprintf(format, args);
622 subtrace = &oftrace_report(ctx->xin->trace, type, text)->subs;
c1b3756c 623 va_end(args);
2d9b49dd 624 free(text);
34dd0d78 625 }
2d9b49dd 626 return subtrace;
34dd0d78 627}
84f0f298 628
2d9b49dd
BP		 629/* This is like xlate_report() for errors that are serious enough that we
630 * should log them even if we are not tracing. */
631static void OVS_PRINTF_FORMAT(2, 3)
632xlate_report_error(const struct xlate_ctx *ctx, const char *format, ...)
633{
634 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
635 if (!OVS_UNLIKELY(ctx->xin->trace)
636 && (!ctx->xin->packet || VLOG_DROP_WARN(&rl))) {
637 return;
638 }
639
640 struct ds s = DS_EMPTY_INITIALIZER;
641 va_list args;
642 va_start(args, format);
643 ds_put_format_valist(&s, format, args);
644 va_end(args);
645
646 if (ctx->xin->trace) {
647 oftrace_report(ctx->xin->trace, OFT_ERROR, ds_cstr(&s));
648 } else {
649 ds_put_cstr(&s, " while processing ");
50f96b10 650 flow_format(&s, &ctx->base_flow, NULL);
2d9b49dd
BP		 651 ds_put_format(&s, " on bridge %s", ctx->xbridge->name);
652 VLOG_WARN("%s", ds_cstr(&s));
653 }
654 ds_destroy(&s);
655}
656
657/* This is like xlate_report() for messages that should be logged at debug
658 * level (even if we are not tracing) because they can be valuable for
659 * debugging. */
660static void OVS_PRINTF_FORMAT(3, 4)
661xlate_report_debug(const struct xlate_ctx *ctx, enum oftrace_node_type type,
662 const char *format, ...)
663{
664 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, 300);
665 if (!OVS_UNLIKELY(ctx->xin->trace)
666 && (!ctx->xin->packet || VLOG_DROP_DBG(&rl))) {
667 return;
668 }
669
670 struct ds s = DS_EMPTY_INITIALIZER;
671 va_list args;
672 va_start(args, format);
673 ds_put_format_valist(&s, format, args);
674 va_end(args);
fff1b9c0 675
2d9b49dd
BP		 676 if (ctx->xin->trace) {
677 oftrace_report(ctx->xin->trace, type, ds_cstr(&s));
678 } else {
679 VLOG_DBG("bridge %s: %s", ctx->xbridge->name, ds_cstr(&s));
680 }
681 ds_destroy(&s);
682}
fff1b9c0 683
2d9b49dd
BP		 684/* If tracing is enabled in 'ctx', appends a node of the given 'type' to the
685 * trace, whose text is 'title' followed by a formatted version of the
686 * 'ofpacts_len' OpenFlow actions in 'ofpacts'.
687 *
688 * If tracing is not enabled, does nothing. */
689static void
690xlate_report_actions(const struct xlate_ctx *ctx, enum oftrace_node_type type,
691 const char *title,
d6bef3cc
BP		 692 const struct ofpact *ofpacts, size_t ofpacts_len)
693{
2d9b49dd 694 if (OVS_UNLIKELY(ctx->xin->trace)) {
d6bef3cc 695 struct ds s = DS_EMPTY_INITIALIZER;
2d9b49dd 696 ds_put_format(&s, "%s: ", title);
50f96b10 697 ofpacts_format(ofpacts, ofpacts_len, NULL, &s);
2d9b49dd 698 oftrace_report(ctx->xin->trace, type, ds_cstr(&s));
d6bef3cc
BP		 699 ds_destroy(&s);
700 }
701}
702
2d9b49dd
BP		 703/* If tracing is enabled in 'ctx', appends a node of type OFT_DETAIL to the
704 * trace, whose the message is a formatted version of the OpenFlow action set.
705 * 'verb' should be "was" or "is", depending on whether the action set reported
706 * is the new action set or the old one.
707 *
708 * If tracing is not enabled, does nothing. */
709static void
710xlate_report_action_set(const struct xlate_ctx *ctx, const char *verb)
711{
712 if (OVS_UNLIKELY(ctx->xin->trace)) {
713 struct ofpbuf action_list;
714 ofpbuf_init(&action_list, 0);
715 ofpacts_execute_action_set(&action_list, &ctx->action_set);
716 if (action_list.size) {
717 struct ds s = DS_EMPTY_INITIALIZER;
50f96b10 718 ofpacts_format(action_list.data, action_list.size, NULL, &s);
2d9b49dd
BP		 719 xlate_report(ctx, OFT_DETAIL, "action set %s: %s",
720 verb, ds_cstr(&s));
721 ds_destroy(&s);
722 } else {
723 xlate_report(ctx, OFT_DETAIL, "action set %s empty", verb);
724 }
725 ofpbuf_uninit(&action_list);
726 }
727}
728
729
730/* If tracing is enabled in 'ctx', appends a node representing 'rule' (in
731 * OpenFlow table 'table_id') to the trace and makes this node the parent for
732 * future trace nodes. The caller should save ctx->xin->trace before calling
733 * this function, then after tracing all of the activities under the table,
734 * restore its previous value.
735 *
736 * If tracing is not enabled, does nothing. */
737static void
738xlate_report_table(const struct xlate_ctx *ctx, struct rule_dpif *rule,
739 uint8_t table_id)
740{
741 if (OVS_LIKELY(!ctx->xin->trace)) {
742 return;
743 }
744
745 struct ds s = DS_EMPTY_INITIALIZER;
746 ds_put_format(&s, "%2d. ", table_id);
747 if (rule == ctx->xin->ofproto->miss_rule) {
748 ds_put_cstr(&s, "No match, and a \"packet-in\" is called for.");
749 } else if (rule == ctx->xin->ofproto->no_packet_in_rule) {
750 ds_put_cstr(&s, "No match.");
751 } else if (rule == ctx->xin->ofproto->drop_frags_rule) {
752 ds_put_cstr(&s, "Packets are IP fragments and "
753 "the fragment handling mode is \"drop\".");
754 } else {
755 minimatch_format(&rule->up.cr.match,
756 ofproto_get_tun_tab(&ctx->xin->ofproto->up),
50f96b10 757 NULL, &s, OFP_DEFAULT_PRIORITY);
2d9b49dd
BP		 758 if (ds_last(&s) != ' ') {
759 ds_put_cstr(&s, ", ");
760 }
761 ds_put_format(&s, "priority %d", rule->up.cr.priority);
762 if (rule->up.flow_cookie) {
763 ds_put_format(&s, ", cookie %#"PRIx64,
764 ntohll(rule->up.flow_cookie));
765 }
766 }
767 ctx->xin->trace = &oftrace_report(ctx->xin->trace, OFT_TABLE,
768 ds_cstr(&s))->subs;
769 ds_destroy(&s);
770}
771
772/* If tracing is enabled in 'ctx', adds an OFT_DETAIL trace node to 'ctx'
773 * reporting the value of subfield 'sf'.
774 *
775 * If tracing is not enabled, does nothing. */
776static void
777xlate_report_subfield(const struct xlate_ctx *ctx,
778 const struct mf_subfield *sf)
779{
780 if (OVS_UNLIKELY(ctx->xin->trace)) {
781 struct ds s = DS_EMPTY_INITIALIZER;
782 mf_format_subfield(sf, &s);
783 ds_put_cstr(&s, " is now ");
784
785 if (sf->ofs == 0 && sf->n_bits >= sf->field->n_bits) {
786 union mf_value value;
787 mf_get_value(sf->field, &ctx->xin->flow, &value);
50f96b10 788 mf_format(sf->field, &value, NULL, NULL, &s);
2d9b49dd
BP		 789 } else {
790 union mf_subvalue cst;
791 mf_read_subfield(sf, &ctx->xin->flow, &cst);
792 ds_put_hex(&s, &cst, sizeof cst);
793 }
794
795 xlate_report(ctx, OFT_DETAIL, "%s", ds_cstr(&s));
796
797 ds_destroy(&s);
798 }
799}
800\f
84f0f298
RW		 801static void
802xlate_xbridge_init(struct xlate_cfg *xcfg, struct xbridge *xbridge)
803{
417e7e66 804 ovs_list_init(&xbridge->xbundles);
84f0f298
RW		 805 hmap_init(&xbridge->xports);
806 hmap_insert(&xcfg->xbridges, &xbridge->hmap_node,
807 hash_pointer(xbridge->ofproto, 0));
808}
809
810static void
811xlate_xbundle_init(struct xlate_cfg *xcfg, struct xbundle *xbundle)
812{
417e7e66
BW		 813 ovs_list_init(&xbundle->xports);
814 ovs_list_insert(&xbundle->xbridge->xbundles, &xbundle->list_node);
84f0f298
RW		 815 hmap_insert(&xcfg->xbundles, &xbundle->hmap_node,
816 hash_pointer(xbundle->ofbundle, 0));
817}
818
819static void
820xlate_xport_init(struct xlate_cfg *xcfg, struct xport *xport)
821{
822 hmap_init(&xport->skb_priorities);
823 hmap_insert(&xcfg->xports, &xport->hmap_node,
824 hash_pointer(xport->ofport, 0));
825 hmap_insert(&xport->xbridge->xports, &xport->ofp_node,
826 hash_ofp_port(xport->ofp_port));
827}
828
829static void
830xlate_xbridge_set(struct xbridge *xbridge,
831 struct dpif *dpif,
ec89fc6f 832 const struct mac_learning *ml, struct stp *stp,
9efd308e 833 struct rstp *rstp, const struct mcast_snooping *ms,
ec89fc6f 834 const struct mbridge *mbridge,
46c88433 835 const struct dpif_sflow *sflow,
ce3955be 836 const struct dpif_ipfix *ipfix,
2f47cdf4 837 const struct netflow *netflow,
4b97b70d 838 bool forward_bpdu, bool has_in_band,
b440dd8c 839 const struct dpif_backer_support *support)
46c88433 840{
46c88433
EJ		 841 if (xbridge->ml != ml) {
842 mac_learning_unref(xbridge->ml);
843 xbridge->ml = mac_learning_ref(ml);
844 }
845
6d95c4e8
FL		 846 if (xbridge->ms != ms) {
847 mcast_snooping_unref(xbridge->ms);
848 xbridge->ms = mcast_snooping_ref(ms);
849 }
850
46c88433
EJ		 851 if (xbridge->mbridge != mbridge) {
852 mbridge_unref(xbridge->mbridge);
853 xbridge->mbridge = mbridge_ref(mbridge);
854 }
855
856 if (xbridge->sflow != sflow) {
857 dpif_sflow_unref(xbridge->sflow);
858 xbridge->sflow = dpif_sflow_ref(sflow);
859 }
860
861 if (xbridge->ipfix != ipfix) {
862 dpif_ipfix_unref(xbridge->ipfix);
863 xbridge->ipfix = dpif_ipfix_ref(ipfix);
864 }
865
9d189a50
EJ		 866 if (xbridge->stp != stp) {
867 stp_unref(xbridge->stp);
868 xbridge->stp = stp_ref(stp);
869 }
870
9efd308e
DV		 871 if (xbridge->rstp != rstp) {
872 rstp_unref(xbridge->rstp);
873 xbridge->rstp = rstp_ref(rstp);
874 }
875
ce3955be
EJ		 876 if (xbridge->netflow != netflow) {
877 netflow_unref(xbridge->netflow);
878 xbridge->netflow = netflow_ref(netflow);
879 }
880
89a8a7f0 881 xbridge->dpif = dpif;
46c88433
EJ		 882 xbridge->forward_bpdu = forward_bpdu;
883 xbridge->has_in_band = has_in_band;
b440dd8c 884 xbridge->support = *support;
46c88433
EJ		 885}
886
84f0f298
RW		 887static void
888xlate_xbundle_set(struct xbundle *xbundle,
fed8962a
EG		 889 enum port_vlan_mode vlan_mode, uint16_t qinq_ethtype,
890 int vlan, unsigned long *trunks, unsigned long *cvlans,
f0fb825a 891 bool use_priority_tags,
84f0f298 892 const struct bond *bond, const struct lacp *lacp,
c005f976 893 bool floodable, bool protected)
84f0f298
RW		 894{
895 ovs_assert(xbundle->xbridge);
896
897 xbundle->vlan_mode = vlan_mode;
fed8962a 898 xbundle->qinq_ethtype = qinq_ethtype;
84f0f298
RW		 899 xbundle->vlan = vlan;
900 xbundle->trunks = trunks;
fed8962a 901 xbundle->cvlans = cvlans;
84f0f298
RW		 902 xbundle->use_priority_tags = use_priority_tags;
903 xbundle->floodable = floodable;
c005f976 904 xbundle->protected = protected;
84f0f298
RW		 905
906 if (xbundle->bond != bond) {
907 bond_unref(xbundle->bond);
908 xbundle->bond = bond_ref(bond);
909 }
910
911 if (xbundle->lacp != lacp) {
912 lacp_unref(xbundle->lacp);
913 xbundle->lacp = lacp_ref(lacp);
914 }
915}
916
917static void
918xlate_xport_set(struct xport *xport, odp_port_t odp_port,
919 const struct netdev *netdev, const struct cfm *cfm,
0477baa9 920 const struct bfd *bfd, const struct lldp *lldp, int stp_port_no,
f025bcb7 921 const struct rstp_port* rstp_port,
84f0f298
RW		 922 enum ofputil_port_config config, enum ofputil_port_state state,
923 bool is_tunnel, bool may_enable)
924{
925 xport->config = config;
926 xport->state = state;
927 xport->stp_port_no = stp_port_no;
928 xport->is_tunnel = is_tunnel;
875ab130 929 xport->pt_mode = netdev_get_pt_mode(netdev);
84f0f298
RW		 930 xport->may_enable = may_enable;
931 xport->odp_port = odp_port;
932
f025bcb7
JR		 933 if (xport->rstp_port != rstp_port) {
934 rstp_port_unref(xport->rstp_port);
935 xport->rstp_port = rstp_port_ref(rstp_port);
936 }
937
84f0f298
RW		 938 if (xport->cfm != cfm) {
939 cfm_unref(xport->cfm);
940 xport->cfm = cfm_ref(cfm);
941 }
942
943 if (xport->bfd != bfd) {
944 bfd_unref(xport->bfd);
945 xport->bfd = bfd_ref(bfd);
946 }
947
0477baa9
DF		 948 if (xport->lldp != lldp) {
949 lldp_unref(xport->lldp);
950 xport->lldp = lldp_ref(lldp);
951 }
952
84f0f298
RW		 953 if (xport->netdev != netdev) {
954 netdev_close(xport->netdev);
955 xport->netdev = netdev_ref(netdev);
956 }
957}
958
959static void
960xlate_xbridge_copy(struct xbridge *xbridge)
961{
962 struct xbundle *xbundle;
963 struct xport *xport;
964 struct xbridge *new_xbridge = xzalloc(sizeof *xbridge);
965 new_xbridge->ofproto = xbridge->ofproto;
966 new_xbridge->name = xstrdup(xbridge->name);
967 xlate_xbridge_init(new_xcfg, new_xbridge);
968
969 xlate_xbridge_set(new_xbridge,
34dd0d78 970 xbridge->dpif, xbridge->ml, xbridge->stp,
9efd308e
DV		 971 xbridge->rstp, xbridge->ms, xbridge->mbridge,
972 xbridge->sflow, xbridge->ipfix, xbridge->netflow,
b440dd8c
JS		 973 xbridge->forward_bpdu, xbridge->has_in_band,
974 &xbridge->support);
84f0f298
RW		 975 LIST_FOR_EACH (xbundle, list_node, &xbridge->xbundles) {
976 xlate_xbundle_copy(new_xbridge, xbundle);
977 }
978
979 /* Copy xports which are not part of a xbundle */
980 HMAP_FOR_EACH (xport, ofp_node, &xbridge->xports) {
981 if (!xport->xbundle) {
982 xlate_xport_copy(new_xbridge, NULL, xport);
983 }
984 }
985}
986
987static void
988xlate_xbundle_copy(struct xbridge *xbridge, struct xbundle *xbundle)
989{
990 struct xport *xport;
991 struct xbundle *new_xbundle = xzalloc(sizeof *xbundle);
992 new_xbundle->ofbundle = xbundle->ofbundle;
993 new_xbundle->xbridge = xbridge;
994 new_xbundle->name = xstrdup(xbundle->name);
995 xlate_xbundle_init(new_xcfg, new_xbundle);
996
fed8962a
EG		 997 xlate_xbundle_set(new_xbundle, xbundle->vlan_mode, xbundle->qinq_ethtype,
998 xbundle->vlan, xbundle->trunks, xbundle->cvlans,
84f0f298 999 xbundle->use_priority_tags, xbundle->bond, xbundle->lacp,
c005f976 1000 xbundle->floodable, xbundle->protected);
84f0f298
RW		 1001 LIST_FOR_EACH (xport, bundle_node, &xbundle->xports) {
1002 xlate_xport_copy(xbridge, new_xbundle, xport);
1003 }
1004}
1005
1006static void
1007xlate_xport_copy(struct xbridge *xbridge, struct xbundle *xbundle,
1008 struct xport *xport)
1009{
1010 struct skb_priority_to_dscp *pdscp, *new_pdscp;
1011 struct xport *new_xport = xzalloc(sizeof *xport);
1012 new_xport->ofport = xport->ofport;
1013 new_xport->ofp_port = xport->ofp_port;
1014 new_xport->xbridge = xbridge;
1015 xlate_xport_init(new_xcfg, new_xport);
1016
1017 xlate_xport_set(new_xport, xport->odp_port, xport->netdev, xport->cfm,
0477baa9
DF		 1018 xport->bfd, xport->lldp, xport->stp_port_no,
1019 xport->rstp_port, xport->config, xport->state,
1020 xport->is_tunnel, xport->may_enable);
84f0f298
RW		 1021
1022 if (xport->peer) {
1023 struct xport *peer = xport_lookup(new_xcfg, xport->peer->ofport);
1024 if (peer) {
1025 new_xport->peer = peer;
1026 new_xport->peer->peer = new_xport;
1027 }
1028 }
1029
1030 if (xbundle) {
1031 new_xport->xbundle = xbundle;
417e7e66 1032 ovs_list_insert(&new_xport->xbundle->xports, &new_xport->bundle_node);
84f0f298
RW		 1033 }
1034
1035 HMAP_FOR_EACH (pdscp, hmap_node, &xport->skb_priorities) {
1036 new_pdscp = xmalloc(sizeof *pdscp);
1037 new_pdscp->skb_priority = pdscp->skb_priority;
1038 new_pdscp->dscp = pdscp->dscp;
1039 hmap_insert(&new_xport->skb_priorities, &new_pdscp->hmap_node,
1040 hash_int(new_pdscp->skb_priority, 0));
1041 }
1042}
1043
1044/* Sets the current xlate configuration to new_xcfg and frees the old xlate
1045 * configuration in xcfgp.
1046 *
1047 * This needs to be called after editing the xlate configuration.
1048 *
1049 * Functions that edit the new xlate configuration are
6cd20a22 1050 * xlate_<ofproto/bundle/ofport>_set and xlate_<ofproto/bundle/ofport>_remove.
84f0f298
RW		 1051 *
1052 * A sample workflow:
1053 *
1054 * xlate_txn_start();
1055 * ...
1056 * edit_xlate_configuration();
1057 * ...
1058 * xlate_txn_commit(); */
46c88433 1059void
84f0f298
RW		 1060xlate_txn_commit(void)
1061{
1062 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
1063
1064 ovsrcu_set(&xcfgp, new_xcfg);
40a9c4c2
AW		 1065 ovsrcu_synchronize();
1066 xlate_xcfg_free(xcfg);
84f0f298
RW		 1067 new_xcfg = NULL;
1068}
1069
1070/* Copies the current xlate configuration in xcfgp to new_xcfg.
1071 *
1072 * This needs to be called prior to editing the xlate configuration. */
1073void
1074xlate_txn_start(void)
1075{
1076 struct xbridge *xbridge;
1077 struct xlate_cfg *xcfg;
1078
1079 ovs_assert(!new_xcfg);
1080
1081 new_xcfg = xmalloc(sizeof *new_xcfg);
1082 hmap_init(&new_xcfg->xbridges);
1083 hmap_init(&new_xcfg->xbundles);
1084 hmap_init(&new_xcfg->xports);
1085
1086 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
1087 if (!xcfg) {
1088 return;
1089 }
1090
1091 HMAP_FOR_EACH (xbridge, hmap_node, &xcfg->xbridges) {
1092 xlate_xbridge_copy(xbridge);
1093 }
1094}
1095
1096
1097static void
1098xlate_xcfg_free(struct xlate_cfg *xcfg)
1099{
1100 struct xbridge *xbridge, *next_xbridge;
1101
1102 if (!xcfg) {
1103 return;
1104 }
1105
1106 HMAP_FOR_EACH_SAFE (xbridge, next_xbridge, hmap_node, &xcfg->xbridges) {
1107 xlate_xbridge_remove(xcfg, xbridge);
1108 }
1109
1110 hmap_destroy(&xcfg->xbridges);
1111 hmap_destroy(&xcfg->xbundles);
1112 hmap_destroy(&xcfg->xports);
1113 free(xcfg);
1114}
1115
1116void
1117xlate_ofproto_set(struct ofproto_dpif *ofproto, const char *name,
34dd0d78 1118 struct dpif *dpif,
84f0f298 1119 const struct mac_learning *ml, struct stp *stp,
9efd308e 1120 struct rstp *rstp, const struct mcast_snooping *ms,
84f0f298
RW		 1121 const struct mbridge *mbridge,
1122 const struct dpif_sflow *sflow,
1123 const struct dpif_ipfix *ipfix,
2f47cdf4 1124 const struct netflow *netflow,
b440dd8c
JS		 1125 bool forward_bpdu, bool has_in_band,
1126 const struct dpif_backer_support *support)
84f0f298
RW		 1127{
1128 struct xbridge *xbridge;
1129
1130 ovs_assert(new_xcfg);
1131
1132 xbridge = xbridge_lookup(new_xcfg, ofproto);
1133 if (!xbridge) {
1134 xbridge = xzalloc(sizeof *xbridge);
1135 xbridge->ofproto = ofproto;
1136
1137 xlate_xbridge_init(new_xcfg, xbridge);
1138 }
1139
1140 free(xbridge->name);
1141 xbridge->name = xstrdup(name);
1142
34dd0d78 1143 xlate_xbridge_set(xbridge, dpif, ml, stp, rstp, ms, mbridge, sflow, ipfix,
b440dd8c 1144 netflow, forward_bpdu, has_in_band, support);
84f0f298
RW		 1145}
1146
1147static void
1148xlate_xbridge_remove(struct xlate_cfg *xcfg, struct xbridge *xbridge)
46c88433 1149{
46c88433
EJ		 1150 struct xbundle *xbundle, *next_xbundle;
1151 struct xport *xport, *next_xport;
1152
1153 if (!xbridge) {
1154 return;
1155 }
1156
1157 HMAP_FOR_EACH_SAFE (xport, next_xport, ofp_node, &xbridge->xports) {
84f0f298 1158 xlate_xport_remove(xcfg, xport);
46c88433
EJ		 1159 }
1160
1161 LIST_FOR_EACH_SAFE (xbundle, next_xbundle, list_node, &xbridge->xbundles) {
84f0f298 1162 xlate_xbundle_remove(xcfg, xbundle);
46c88433
EJ		 1163 }
1164
84f0f298 1165 hmap_remove(&xcfg->xbridges, &xbridge->hmap_node);
795cc5c1 1166 mac_learning_unref(xbridge->ml);
6d95c4e8 1167 mcast_snooping_unref(xbridge->ms);
795cc5c1
EJ		 1168 mbridge_unref(xbridge->mbridge);
1169 dpif_sflow_unref(xbridge->sflow);
1170 dpif_ipfix_unref(xbridge->ipfix);
3570f7e4 1171 netflow_unref(xbridge->netflow);
795cc5c1 1172 stp_unref(xbridge->stp);
9efd308e 1173 rstp_unref(xbridge->rstp);
795cc5c1 1174 hmap_destroy(&xbridge->xports);
46c88433
EJ		 1175 free(xbridge->name);
1176 free(xbridge);
1177}
1178
84f0f298
RW		 1179void
1180xlate_remove_ofproto(struct ofproto_dpif *ofproto)
1181{
1182 struct xbridge *xbridge;
1183
1184 ovs_assert(new_xcfg);
1185
1186 xbridge = xbridge_lookup(new_xcfg, ofproto);
1187 xlate_xbridge_remove(new_xcfg, xbridge);
1188}
1189
46c88433
EJ		 1190void
1191xlate_bundle_set(struct ofproto_dpif *ofproto, struct ofbundle *ofbundle,
f0fb825a 1192 const char *name, enum port_vlan_mode vlan_mode,
fed8962a
EG		 1193 uint16_t qinq_ethtype, int vlan,
1194 unsigned long *trunks, unsigned long *cvlans,
f0fb825a 1195 bool use_priority_tags,
46c88433 1196 const struct bond *bond, const struct lacp *lacp,
c005f976 1197 bool floodable, bool protected)
46c88433 1198{
84f0f298 1199 struct xbundle *xbundle;
46c88433 1200
84f0f298
RW		 1201 ovs_assert(new_xcfg);
1202
1203 xbundle = xbundle_lookup(new_xcfg, ofbundle);
46c88433
EJ		 1204 if (!xbundle) {
1205 xbundle = xzalloc(sizeof *xbundle);
1206 xbundle->ofbundle = ofbundle;
84f0f298 1207 xbundle->xbridge = xbridge_lookup(new_xcfg, ofproto);
46c88433 1208
84f0f298 1209 xlate_xbundle_init(new_xcfg, xbundle);
46c88433
EJ		 1210 }
1211
46c88433
EJ		 1212 free(xbundle->name);
1213 xbundle->name = xstrdup(name);
1214
fed8962a 1215 xlate_xbundle_set(xbundle, vlan_mode, qinq_ethtype, vlan, trunks, cvlans,
c005f976 1216 use_priority_tags, bond, lacp, floodable, protected);
46c88433
EJ		 1217}
1218
84f0f298
RW		 1219static void
1220xlate_xbundle_remove(struct xlate_cfg *xcfg, struct xbundle *xbundle)
46c88433 1221{
5f03c983 1222 struct xport *xport;
46c88433
EJ		 1223
1224 if (!xbundle) {
1225 return;
1226 }
1227
5f03c983 1228 LIST_FOR_EACH_POP (xport, bundle_node, &xbundle->xports) {
46c88433
EJ		 1229 xport->xbundle = NULL;
1230 }
1231
84f0f298 1232 hmap_remove(&xcfg->xbundles, &xbundle->hmap_node);
417e7e66 1233 ovs_list_remove(&xbundle->list_node);
46c88433
EJ		 1234 bond_unref(xbundle->bond);
1235 lacp_unref(xbundle->lacp);
1236 free(xbundle->name);
1237 free(xbundle);
1238}
1239
84f0f298
RW		 1240void
1241xlate_bundle_remove(struct ofbundle *ofbundle)
1242{
1243 struct xbundle *xbundle;
1244
1245 ovs_assert(new_xcfg);
1246
1247 xbundle = xbundle_lookup(new_xcfg, ofbundle);
1248 xlate_xbundle_remove(new_xcfg, xbundle);
1249}
1250
46c88433
EJ		 1251void
1252xlate_ofport_set(struct ofproto_dpif *ofproto, struct ofbundle *ofbundle,
1253 struct ofport_dpif *ofport, ofp_port_t ofp_port,
1254 odp_port_t odp_port, const struct netdev *netdev,
1255 const struct cfm *cfm, const struct bfd *bfd,
0477baa9
DF		 1256 const struct lldp *lldp, struct ofport_dpif *peer,
1257 int stp_port_no, const struct rstp_port *rstp_port,
55954f6e 1258 const struct ofproto_port_queue *qdscp_list, size_t n_qdscp,
dd8cd4b4
SH		 1259 enum ofputil_port_config config,
1260 enum ofputil_port_state state, bool is_tunnel,
9d189a50 1261 bool may_enable)
46c88433 1262{
55954f6e 1263 size_t i;
84f0f298
RW		 1264 struct xport *xport;
1265
1266 ovs_assert(new_xcfg);
46c88433 1267
84f0f298 1268 xport = xport_lookup(new_xcfg, ofport);
46c88433
EJ		 1269 if (!xport) {
1270 xport = xzalloc(sizeof *xport);
1271 xport->ofport = ofport;
84f0f298 1272 xport->xbridge = xbridge_lookup(new_xcfg, ofproto);
46c88433
EJ		 1273 xport->ofp_port = ofp_port;
1274
84f0f298 1275 xlate_xport_init(new_xcfg, xport);
46c88433
EJ		 1276 }
1277
1278 ovs_assert(xport->ofp_port == ofp_port);
1279
0477baa9
DF		 1280 xlate_xport_set(xport, odp_port, netdev, cfm, bfd, lldp,
1281 stp_port_no, rstp_port, config, state, is_tunnel,
1282 may_enable);
46c88433
EJ		 1283
1284 if (xport->peer) {
1285 xport->peer->peer = NULL;
1286 }
84f0f298 1287 xport->peer = xport_lookup(new_xcfg, peer);
46c88433
EJ		 1288 if (xport->peer) {
1289 xport->peer->peer = xport;
1290 }
1291
1292 if (xport->xbundle) {
417e7e66 1293 ovs_list_remove(&xport->bundle_node);
46c88433 1294 }
84f0f298 1295 xport->xbundle = xbundle_lookup(new_xcfg, ofbundle);
46c88433 1296 if (xport->xbundle) {
417e7e66 1297 ovs_list_insert(&xport->xbundle->xports, &xport->bundle_node);
46c88433 1298 }
55954f6e
EJ		 1299
1300 clear_skb_priorities(xport);
1301 for (i = 0; i < n_qdscp; i++) {
1302 struct skb_priority_to_dscp *pdscp;
1303 uint32_t skb_priority;
1304
89a8a7f0
EJ		 1305 if (dpif_queue_to_priority(xport->xbridge->dpif, qdscp_list[i].queue,
1306 &skb_priority)) {
55954f6e
EJ		 1307 continue;
1308 }
1309
1310 pdscp = xmalloc(sizeof *pdscp);
1311 pdscp->skb_priority = skb_priority;
1312 pdscp->dscp = (qdscp_list[i].dscp << 2) & IP_DSCP_MASK;
1313 hmap_insert(&xport->skb_priorities, &pdscp->hmap_node,
1314 hash_int(pdscp->skb_priority, 0));
1315 }
46c88433
EJ		 1316}
1317
84f0f298
RW		 1318static void
1319xlate_xport_remove(struct xlate_cfg *xcfg, struct xport *xport)
46c88433 1320{
46c88433
EJ		 1321 if (!xport) {
1322 return;
1323 }
1324
1325 if (xport->peer) {
1326 xport->peer->peer = NULL;
1327 xport->peer = NULL;
1328 }
1329
e621a12d 1330 if (xport->xbundle) {
417e7e66 1331 ovs_list_remove(&xport->bundle_node);
e621a12d
EJ		 1332 }
1333
55954f6e
EJ		 1334 clear_skb_priorities(xport);
1335 hmap_destroy(&xport->skb_priorities);
1336
84f0f298 1337 hmap_remove(&xcfg->xports, &xport->hmap_node);
46c88433
EJ		 1338 hmap_remove(&xport->xbridge->xports, &xport->ofp_node);
1339
1340 netdev_close(xport->netdev);
f025bcb7 1341 rstp_port_unref(xport->rstp_port);
46c88433
EJ		 1342 cfm_unref(xport->cfm);
1343 bfd_unref(xport->bfd);
0477baa9 1344 lldp_unref(xport->lldp);
46c88433
EJ		 1345 free(xport);
1346}
1347
84f0f298
RW		 1348void
1349xlate_ofport_remove(struct ofport_dpif *ofport)
1350{
1351 struct xport *xport;
1352
1353 ovs_assert(new_xcfg);
1354
1355 xport = xport_lookup(new_xcfg, ofport);
1356 xlate_xport_remove(new_xcfg, xport);
1357}
1358
ef377a58
JR		 1359static struct ofproto_dpif *
1360xlate_lookup_ofproto_(const struct dpif_backer *backer, const struct flow *flow,
1361 ofp_port_t *ofp_in_port, const struct xport **xportp)
1362{
e672ff9b 1363 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
ef377a58 1364 const struct xport *xport;
f9038ef6 1365
e672ff9b
JR		 1366 xport = xport_lookup(xcfg, tnl_port_should_receive(flow)
1367 ? tnl_port_receive(flow)
1368 : odp_port_to_ofport(backer, flow->in_port.odp_port));
1369 if (OVS_UNLIKELY(!xport)) {
1370 return NULL;
ef377a58 1371 }
e672ff9b 1372 *xportp = xport;
f9038ef6 1373 if (ofp_in_port) {
e672ff9b 1374 *ofp_in_port = xport->ofp_port;
f9038ef6 1375 }
e672ff9b 1376 return xport->xbridge->ofproto;
ef377a58
JR		 1377}
1378
1379/* Given a datapath and flow metadata ('backer', and 'flow' respectively)
1380 * returns the corresponding struct ofproto_dpif and OpenFlow port number. */
1381struct ofproto_dpif *
1382xlate_lookup_ofproto(const struct dpif_backer *backer, const struct flow *flow,
1383 ofp_port_t *ofp_in_port)
1384{
1385 const struct xport *xport;
1386
1387 return xlate_lookup_ofproto_(backer, flow, ofp_in_port, &xport);
1388}
1389
cc377352 1390/* Given a datapath and flow metadata ('backer', and 'flow' respectively),
bfc691bb 1391 * optionally populates 'ofprotop' with the ofproto_dpif, 'ofp_in_port' with the
cc377352 1392 * openflow in_port, and 'ipfix', 'sflow', and 'netflow' with the appropriate
dcc2c6cd
JR		 1393 * handles for those protocols if they're enabled. Caller may use the returned
1394 * pointers until quiescing, for longer term use additional references must
1395 * be taken.
8449c4d6 1396 *
f9038ef6 1397 * Returns 0 if successful, ENODEV if the parsed flow has no associated ofproto.
ef377a58 1398 */
8449c4d6 1399int
5c476ea3
JR		 1400xlate_lookup(const struct dpif_backer *backer, const struct flow *flow,
1401 struct ofproto_dpif **ofprotop, struct dpif_ipfix **ipfix,
1402 struct dpif_sflow **sflow, struct netflow **netflow,
1403 ofp_port_t *ofp_in_port)
8449c4d6 1404{
ef377a58 1405 struct ofproto_dpif *ofproto;
84f0f298 1406 const struct xport *xport;
8449c4d6 1407
ef377a58 1408 ofproto = xlate_lookup_ofproto_(backer, flow, ofp_in_port, &xport);
8449c4d6 1409
f9038ef6 1410 if (!ofproto) {
cc377352 1411 return ENODEV;
8449c4d6 1412 }
8449c4d6 1413
ef377a58
JR		 1414 if (ofprotop) {
1415 *ofprotop = ofproto;
8449c4d6
EJ		 1416 }
1417
1dfdb9b3 1418 if (ipfix) {
f9038ef6 1419 *ipfix = xport ? xport->xbridge->ipfix : NULL;
1dfdb9b3
EJ		 1420 }
1421
1422 if (sflow) {
f9038ef6 1423 *sflow = xport ? xport->xbridge->sflow : NULL;
1dfdb9b3
EJ		 1424 }
1425
1426 if (netflow) {
f9038ef6 1427 *netflow = xport ? xport->xbridge->netflow : NULL;
1dfdb9b3 1428 }
f9038ef6 1429
cc377352 1430 return 0;
8449c4d6
EJ		 1431}
1432
46c88433 1433static struct xbridge *
84f0f298 1434xbridge_lookup(struct xlate_cfg *xcfg, const struct ofproto_dpif *ofproto)
46c88433 1435{
84f0f298 1436 struct hmap *xbridges;
46c88433
EJ		 1437 struct xbridge *xbridge;
1438
84f0f298 1439 if (!ofproto || !xcfg) {
5e6af486
EJ		 1440 return NULL;
1441 }
1442
84f0f298
RW		 1443 xbridges = &xcfg->xbridges;
1444
46c88433 1445 HMAP_FOR_EACH_IN_BUCKET (xbridge, hmap_node, hash_pointer(ofproto, 0),
84f0f298 1446 xbridges) {
46c88433
EJ		 1447 if (xbridge->ofproto == ofproto) {
1448 return xbridge;
1449 }
1450 }
1451 return NULL;
1452}
1453
290835f9
BP		 1454static struct xbridge *
1455xbridge_lookup_by_uuid(struct xlate_cfg *xcfg, const struct uuid *uuid)
1456{
1457 struct xbridge *xbridge;
1458
1459 HMAP_FOR_EACH (xbridge, hmap_node, &xcfg->xbridges) {
07a3cd5c 1460 if (uuid_equals(&xbridge->ofproto->uuid, uuid)) {
290835f9
BP		 1461 return xbridge;
1462 }
1463 }
1464 return NULL;
1465}
1466
46c88433 1467static struct xbundle *
84f0f298 1468xbundle_lookup(struct xlate_cfg *xcfg, const struct ofbundle *ofbundle)
46c88433 1469{
84f0f298 1470 struct hmap *xbundles;
46c88433
EJ		 1471 struct xbundle *xbundle;
1472
84f0f298 1473 if (!ofbundle || !xcfg) {
5e6af486
EJ		 1474 return NULL;
1475 }
1476
84f0f298
RW		 1477 xbundles = &xcfg->xbundles;
1478
46c88433 1479 HMAP_FOR_EACH_IN_BUCKET (xbundle, hmap_node, hash_pointer(ofbundle, 0),
84f0f298 1480 xbundles) {
46c88433
EJ		 1481 if (xbundle->ofbundle == ofbundle) {
1482 return xbundle;
1483 }
1484 }
1485 return NULL;
1486}
1487
1488static struct xport *
84f0f298 1489xport_lookup(struct xlate_cfg *xcfg, const struct ofport_dpif *ofport)
46c88433 1490{
84f0f298 1491 struct hmap *xports;
46c88433
EJ		 1492 struct xport *xport;
1493
84f0f298 1494 if (!ofport || !xcfg) {
5e6af486
EJ		 1495 return NULL;
1496 }
1497
84f0f298
RW		 1498 xports = &xcfg->xports;
1499
46c88433 1500 HMAP_FOR_EACH_IN_BUCKET (xport, hmap_node, hash_pointer(ofport, 0),
84f0f298 1501 xports) {
46c88433
EJ		 1502 if (xport->ofport == ofport) {
1503 return xport;
1504 }
1505 }
1506 return NULL;
1507}
1508
40085e56
EJ		 1509static struct stp_port *
1510xport_get_stp_port(const struct xport *xport)
1511{
92cf817b 1512 return xport->xbridge->stp && xport->stp_port_no != -1
40085e56
EJ		 1513 ? stp_get_port(xport->xbridge->stp, xport->stp_port_no)
1514 : NULL;
1515}
9d189a50 1516
0d1cee12 1517static bool
9d189a50
EJ		 1518xport_stp_learn_state(const struct xport *xport)
1519{
40085e56 1520 struct stp_port *sp = xport_get_stp_port(xport);
4b5f1996
DV		 1521 return sp
1522 ? stp_learn_in_state(stp_port_get_state(sp))
1523 : true;
9d189a50
EJ		 1524}
1525
1526static bool
1527xport_stp_forward_state(const struct xport *xport)
1528{
40085e56 1529 struct stp_port *sp = xport_get_stp_port(xport);
4b5f1996
DV		 1530 return sp
1531 ? stp_forward_in_state(stp_port_get_state(sp))
1532 : true;
9d189a50
EJ		 1533}
1534
0d1cee12 1535static bool
bacdb85a 1536xport_stp_should_forward_bpdu(const struct xport *xport)
0d1cee12
K		 1537{
1538 struct stp_port *sp = xport_get_stp_port(xport);
bacdb85a 1539 return stp_should_forward_bpdu(sp ? stp_port_get_state(sp) : STP_DISABLED);
0d1cee12
K		 1540}
1541
9d189a50
EJ		 1542/* Returns true if STP should process 'flow'. Sets fields in 'wc' that
1543 * were used to make the determination.*/
1544static bool
1545stp_should_process_flow(const struct flow *flow, struct flow_wildcards *wc)
1546{
bbbca389 1547 /* is_stp() also checks dl_type, but dl_type is always set in 'wc'. */
9d189a50 1548 memset(&wc->masks.dl_dst, 0xff, sizeof wc->masks.dl_dst);
bbbca389 1549 return is_stp(flow);
9d189a50
EJ		 1550}
1551
1552static void
cf62fa4c 1553stp_process_packet(const struct xport *xport, const struct dp_packet *packet)
9d189a50 1554{
40085e56 1555 struct stp_port *sp = xport_get_stp_port(xport);
cf62fa4c
PS		 1556 struct dp_packet payload = *packet;
1557 struct eth_header *eth = dp_packet_data(&payload);
9d189a50
EJ		 1558
1559 /* Sink packets on ports that have STP disabled when the bridge has
1560 * STP enabled. */
1561 if (!sp || stp_port_get_state(sp) == STP_DISABLED) {
1562 return;
1563 }
1564
1565 /* Trim off padding on payload. */
cf62fa4c
PS		 1566 if (dp_packet_size(&payload) > ntohs(eth->eth_type) + ETH_HEADER_LEN) {
1567 dp_packet_set_size(&payload, ntohs(eth->eth_type) + ETH_HEADER_LEN);
9d189a50
EJ		 1568 }
1569
cf62fa4c
PS		 1570 if (dp_packet_try_pull(&payload, ETH_HEADER_LEN + LLC_HEADER_LEN)) {
1571 stp_received_bpdu(sp, dp_packet_data(&payload), dp_packet_size(&payload));
9d189a50
EJ		 1572 }
1573}
1574
f025bcb7
JR		 1575static enum rstp_state
1576xport_get_rstp_port_state(const struct xport *xport)
9efd308e 1577{
f025bcb7
JR		 1578 return xport->rstp_port
1579 ? rstp_port_get_state(xport->rstp_port)
1580 : RSTP_DISABLED;
9efd308e
DV		 1581}
1582
1583static bool
1584xport_rstp_learn_state(const struct xport *xport)
1585{
4b5f1996
DV		 1586 return xport->xbridge->rstp && xport->rstp_port
1587 ? rstp_learn_in_state(xport_get_rstp_port_state(xport))
1588 : true;
9efd308e
DV		 1589}
1590
1591static bool
1592xport_rstp_forward_state(const struct xport *xport)
1593{
4b5f1996
DV		 1594 return xport->xbridge->rstp && xport->rstp_port
1595 ? rstp_forward_in_state(xport_get_rstp_port_state(xport))
1596 : true;
9efd308e
DV		 1597}
1598
1599static bool
1600xport_rstp_should_manage_bpdu(const struct xport *xport)
1601{
f025bcb7 1602 return rstp_should_manage_bpdu(xport_get_rstp_port_state(xport));
9efd308e
DV		 1603}
1604
1605static void
cf62fa4c 1606rstp_process_packet(const struct xport *xport, const struct dp_packet *packet)
9efd308e 1607{
cf62fa4c
PS		 1608 struct dp_packet payload = *packet;
1609 struct eth_header *eth = dp_packet_data(&payload);
9efd308e 1610
f025bcb7
JR		 1611 /* Sink packets on ports that have no RSTP. */
1612 if (!xport->rstp_port) {
9efd308e
DV		 1613 return;
1614 }
1615
1616 /* Trim off padding on payload. */
cf62fa4c
PS		 1617 if (dp_packet_size(&payload) > ntohs(eth->eth_type) + ETH_HEADER_LEN) {
1618 dp_packet_set_size(&payload, ntohs(eth->eth_type) + ETH_HEADER_LEN);
9efd308e
DV		 1619 }
1620
cf62fa4c
PS		 1621 if (dp_packet_try_pull(&payload, ETH_HEADER_LEN + LLC_HEADER_LEN)) {
1622 rstp_port_received_bpdu(xport->rstp_port, dp_packet_data(&payload),
1623 dp_packet_size(&payload));
9efd308e
DV		 1624 }
1625}
1626
46c88433
EJ		 1627static struct xport *
1628get_ofp_port(const struct xbridge *xbridge, ofp_port_t ofp_port)
1629{
1630 struct xport *xport;
1631
1632 HMAP_FOR_EACH_IN_BUCKET (xport, ofp_node, hash_ofp_port(ofp_port),
1633 &xbridge->xports) {
1634 if (xport->ofp_port == ofp_port) {
1635 return xport;
1636 }
1637 }
1638 return NULL;
1639}
1640
1641static odp_port_t
1642ofp_port_to_odp_port(const struct xbridge *xbridge, ofp_port_t ofp_port)
1643{
1644 const struct xport *xport = get_ofp_port(xbridge, ofp_port);
1645 return xport ? xport->odp_port : ODPP_NONE;
1646}
1647
dd8cd4b4
SH		 1648static bool
1649odp_port_is_alive(const struct xlate_ctx *ctx, ofp_port_t ofp_port)
1650{
086fa873
BP		 1651 struct xport *xport = get_ofp_port(ctx->xbridge, ofp_port);
1652 return xport && xport->may_enable;
dd8cd4b4
SH		 1653}
1654
1e684d7d 1655static struct ofputil_bucket *
dd8cd4b4
SH		 1656group_first_live_bucket(const struct xlate_ctx *, const struct group_dpif *,
1657 int depth);
1658
1659static bool
1660group_is_alive(const struct xlate_ctx *ctx, uint32_t group_id, int depth)
1661{
1662 struct group_dpif *group;
dd8cd4b4 1663
5d08a275 1664 group = group_dpif_lookup(ctx->xbridge->ofproto, group_id,
1f4a8933 1665 ctx->xin->tables_version, false);
db88b35c 1666 if (group) {
76973237 1667 return group_first_live_bucket(ctx, group, depth) != NULL;
dc25893e 1668 }
dd8cd4b4 1669
dc25893e 1670 return false;
dd8cd4b4
SH		 1671}
1672
1673#define MAX_LIVENESS_RECURSION 128 /* Arbitrary limit */
1674
1675static bool
1676bucket_is_alive(const struct xlate_ctx *ctx,
1e684d7d 1677 struct ofputil_bucket *bucket, int depth)
dd8cd4b4
SH		 1678{
1679 if (depth >= MAX_LIVENESS_RECURSION) {
2d9b49dd
BP		 1680 xlate_report_error(ctx, "bucket chaining exceeded %d links",
1681 MAX_LIVENESS_RECURSION);
dd8cd4b4
SH		 1682 return false;
1683 }
1684
fdb1999b
AZ		 1685 return (!ofputil_bucket_has_liveness(bucket)
1686 || (bucket->watch_port != OFPP_ANY
1687 && odp_port_is_alive(ctx, bucket->watch_port))
1688 || (bucket->watch_group != OFPG_ANY
1689 && group_is_alive(ctx, bucket->watch_group, depth + 1)));
dd8cd4b4
SH		 1690}
1691
1e684d7d 1692static struct ofputil_bucket *
dd8cd4b4
SH		 1693group_first_live_bucket(const struct xlate_ctx *ctx,
1694 const struct group_dpif *group, int depth)
1695{
1696 struct ofputil_bucket *bucket;
07a3cd5c 1697 LIST_FOR_EACH (bucket, list_node, &group->up.buckets) {
dd8cd4b4
SH		 1698 if (bucket_is_alive(ctx, bucket, depth)) {
1699 return bucket;
1700 }
1701 }
1702
1703 return NULL;
1704}
1705
1e684d7d 1706static struct ofputil_bucket *
fe7e5749
SH		 1707group_best_live_bucket(const struct xlate_ctx *ctx,
1708 const struct group_dpif *group,
1709 uint32_t basis)
1710{
1e684d7d 1711 struct ofputil_bucket *best_bucket = NULL;
fe7e5749 1712 uint32_t best_score = 0;
fe7e5749 1713
1e684d7d 1714 struct ofputil_bucket *bucket;
07a3cd5c 1715 LIST_FOR_EACH (bucket, list_node, &group->up.buckets) {
fe7e5749 1716 if (bucket_is_alive(ctx, bucket, 0)) {
c09cb861
LS		 1717 uint32_t score =
1718 (hash_int(bucket->bucket_id, basis) & 0xffff) * bucket->weight;
fe7e5749
SH		 1719 if (score >= best_score) {
1720 best_bucket = bucket;
1721 best_score = score;
1722 }
1723 }
fe7e5749
SH		 1724 }
1725
1726 return best_bucket;
1727}
1728
9583bc14 1729static bool
46c88433 1730xbundle_trunks_vlan(const struct xbundle *bundle, uint16_t vlan)
9583bc14
EJ		 1731{
1732 return (bundle->vlan_mode != PORT_VLAN_ACCESS
1733 && (!bundle->trunks || bitmap_is_set(bundle->trunks, vlan)));
1734}
1735
fed8962a
EG		 1736static bool
1737xbundle_allows_cvlan(const struct xbundle *bundle, uint16_t vlan)
1738{
1739 return (!bundle->cvlans || bitmap_is_set(bundle->cvlans, vlan));
1740}
1741
9583bc14 1742static bool
f0fb825a 1743xbundle_includes_vlan(const struct xbundle *xbundle, const struct xvlan *xvlan)
46c88433 1744{
f0fb825a
EG		 1745 switch (xbundle->vlan_mode) {
1746 case PORT_VLAN_ACCESS:
1747 return xvlan->v[0].vid == xbundle->vlan && xvlan->v[1].vid == 0;
1748
1749 case PORT_VLAN_TRUNK:
1750 case PORT_VLAN_NATIVE_UNTAGGED:
1751 case PORT_VLAN_NATIVE_TAGGED:
1752 return xbundle_trunks_vlan(xbundle, xvlan->v[0].vid);
1753
fed8962a
EG		 1754 case PORT_VLAN_DOT1Q_TUNNEL:
1755 return xvlan->v[0].vid == xbundle->vlan &&
1756 xbundle_allows_cvlan(xbundle, xvlan->v[1].vid);
1757
f0fb825a
EG		 1758 default:
1759 OVS_NOT_REACHED();
1760 }
46c88433
EJ		 1761}
1762
1763static mirror_mask_t
1764xbundle_mirror_out(const struct xbridge *xbridge, struct xbundle *xbundle)
1765{
1766 return xbundle != &ofpp_none_bundle
1767 ? mirror_bundle_out(xbridge->mbridge, xbundle->ofbundle)
1768 : 0;
1769}
1770
1771static mirror_mask_t
1772xbundle_mirror_src(const struct xbridge *xbridge, struct xbundle *xbundle)
9583bc14 1773{
46c88433
EJ		 1774 return xbundle != &ofpp_none_bundle
1775 ? mirror_bundle_src(xbridge->mbridge, xbundle->ofbundle)
1776 : 0;
9583bc14
EJ		 1777}
1778
46c88433
EJ		 1779static mirror_mask_t
1780xbundle_mirror_dst(const struct xbridge *xbridge, struct xbundle *xbundle)
9583bc14 1781{
46c88433
EJ		 1782 return xbundle != &ofpp_none_bundle
1783 ? mirror_bundle_dst(xbridge->mbridge, xbundle->ofbundle)
1784 : 0;
1785}
1786
1787static struct xbundle *
2d9b49dd
BP		 1788lookup_input_bundle__(const struct xbridge *xbridge,
1789 ofp_port_t in_port, struct xport **in_xportp)
46c88433
EJ		 1790{
1791 struct xport *xport;
9583bc14
EJ		 1792
1793 /* Find the port and bundle for the received packet. */
46c88433
EJ		 1794 xport = get_ofp_port(xbridge, in_port);
1795 if (in_xportp) {
1796 *in_xportp = xport;
9583bc14 1797 }
46c88433
EJ		 1798 if (xport && xport->xbundle) {
1799 return xport->xbundle;
9583bc14
EJ		 1800 }
1801
6362203b
YT		 1802 /* Special-case OFPP_NONE (OF1.0) and OFPP_CONTROLLER (OF1.1+),
1803 * which a controller may use as the ingress port for traffic that
1804 * it is sourcing. */
1805 if (in_port == OFPP_CONTROLLER || in_port == OFPP_NONE) {
9583bc14
EJ		 1806 return &ofpp_none_bundle;
1807 }
2d9b49dd
BP		 1808 return NULL;
1809}
9583bc14 1810
2d9b49dd
BP		 1811static struct xbundle *
1812lookup_input_bundle(const struct xlate_ctx *ctx,
1813 ofp_port_t in_port, struct xport **in_xportp)
1814{
1815 struct xbundle *xbundle = lookup_input_bundle__(ctx->xbridge,
1816 in_port, in_xportp);
1817 if (!xbundle) {
1818 /* Odd. A few possible reasons here:
1819 *
1820 * - We deleted a port but there are still a few packets queued up
1821 * from it.
1822 *
1823 * - Someone externally added a port (e.g. "ovs-dpctl add-if") that
1824 * we don't know about.
1825 *
1826 * - The ofproto client didn't configure the port as part of a bundle.
1827 * This is particularly likely to happen if a packet was received on
1828 * the port after it was created, but before the client had a chance
1829 * to configure its bundle.
1830 */
94783c7c 1831 xlate_report_error(ctx, "received packet on unknown port %"PRIu32,
2d9b49dd 1832 in_port);
9583bc14 1833 }
2d9b49dd 1834 return xbundle;
9583bc14
EJ		 1835}
1836
faa624b4
BP		 1837/* Mirrors the packet represented by 'ctx' to appropriate mirror destinations,
1838 * given the packet is ingressing or egressing on 'xbundle', which has ingress
1839 * or egress (as appropriate) mirrors 'mirrors'. */
9583bc14 1840static void
7efbc3b7
BP		 1841mirror_packet(struct xlate_ctx *ctx, struct xbundle *xbundle,
1842 mirror_mask_t mirrors)
9583bc14 1843{
f0fb825a
EG		 1844 struct xvlan in_xvlan;
1845 struct xvlan xvlan;
1846
faa624b4
BP		 1847 /* Figure out what VLAN the packet is in (because mirrors can select
1848 * packets on basis of VLAN). */
f0fb825a
EG		 1849 xvlan_extract(&ctx->xin->flow, &in_xvlan);
1850 if (!input_vid_is_valid(ctx, in_xvlan.v[0].vid, xbundle)) {
9583bc14
EJ		 1851 return;
1852 }
f0fb825a 1853 xvlan_input_translate(xbundle, &in_xvlan, &xvlan);
9583bc14 1854
7efbc3b7 1855 const struct xbridge *xbridge = ctx->xbridge;
9583bc14 1856
7efbc3b7
BP		 1857 /* Don't mirror to destinations that we've already mirrored to. */
1858 mirrors &= ~ctx->mirrors;
9583bc14
EJ		 1859 if (!mirrors) {
1860 return;
1861 }
1862
7efbc3b7
BP		 1863 if (ctx->xin->resubmit_stats) {
1864 mirror_update_stats(xbridge->mbridge, mirrors,
1865 ctx->xin->resubmit_stats->n_packets,
1866 ctx->xin->resubmit_stats->n_bytes);
1867 }
1868 if (ctx->xin->xcache) {
1869 struct xc_entry *entry;
1870
1871 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_MIRROR);
901a517e
JR		 1872 entry->mirror.mbridge = mbridge_ref(xbridge->mbridge);
1873 entry->mirror.mirrors = mirrors;
7efbc3b7 1874 }
9583bc14 1875
faa624b4
BP		 1876 /* 'mirrors' is a bit-mask of candidates for mirroring. Iterate as long as
1877 * some candidates remain. */
9583bc14 1878 while (mirrors) {
7efbc3b7 1879 const unsigned long *vlans;
ec7ceaed
EJ		 1880 mirror_mask_t dup_mirrors;
1881 struct ofbundle *out;
ec7ceaed 1882 int out_vlan;
1356dbd1 1883 int snaplen;
ec7ceaed 1884
faa624b4 1885 /* Get the details of the mirror represented by the rightmost 1-bit. */
7efbc3b7 1886 bool has_mirror = mirror_get(xbridge->mbridge, raw_ctz(mirrors),
1356dbd1
WT		 1887 &vlans, &dup_mirrors,
1888 &out, &snaplen, &out_vlan);
ec7ceaed
EJ		 1889 ovs_assert(has_mirror);
1890
1356dbd1 1891
faa624b4
BP		 1892 /* If this mirror selects on the basis of VLAN, and it does not select
1893 * 'vlan', then discard this mirror and go on to the next one. */
ec7ceaed 1894 if (vlans) {
f0fb825a 1895 ctx->wc->masks.vlans[0].tci |= htons(VLAN_CFI | VLAN_VID_MASK);
9583bc14 1896 }
f0fb825a 1897 if (vlans && !bitmap_is_set(vlans, xvlan.v[0].vid)) {
9583bc14
EJ		 1898 mirrors = zero_rightmost_1bit(mirrors);
1899 continue;
1900 }
1901
faa624b4
BP		 1902 /* Record the mirror, and the mirrors that output to the same
1903 * destination, so that we don't mirror to them again. This must be
1904 * done now to ensure that output_normal(), below, doesn't recursively
1905 * output to the same mirrors. */
3d6151f3 1906 ctx->mirrors |= dup_mirrors;
1356dbd1 1907 ctx->mirror_snaplen = snaplen;
faa624b4
BP		 1908
1909 /* Send the packet to the mirror. */
ec7ceaed 1910 if (out) {
84f0f298
RW		 1911 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
1912 struct xbundle *out_xbundle = xbundle_lookup(xcfg, out);
46c88433 1913 if (out_xbundle) {
f0fb825a 1914 output_normal(ctx, out_xbundle, &xvlan);
46c88433 1915 }
f0fb825a 1916 } else if (xvlan.v[0].vid != out_vlan
7efbc3b7 1917 && !eth_addr_is_reserved(ctx->xin->flow.dl_dst)) {
71f21279 1918 struct xbundle *xb;
f0fb825a 1919 uint16_t old_vid = xvlan.v[0].vid;
9583bc14 1920
f0fb825a 1921 xvlan.v[0].vid = out_vlan;
71f21279
BP		 1922 LIST_FOR_EACH (xb, list_node, &xbridge->xbundles) {
1923 if (xbundle_includes_vlan(xb, &xvlan)
1924 && !xbundle_mirror_out(xbridge, xb)) {
1925 output_normal(ctx, xb, &xvlan);
9583bc14
EJ		 1926 }
1927 }
f0fb825a 1928 xvlan.v[0].vid = old_vid;
9583bc14 1929 }
faa624b4
BP		 1930
1931 /* output_normal() could have recursively output (to different
1932 * mirrors), so make sure that we don't send duplicates. */
1933 mirrors &= ~ctx->mirrors;
1356dbd1 1934 ctx->mirror_snaplen = 0;
9583bc14
EJ		 1935 }
1936}
1937
7efbc3b7
BP		 1938static void
1939mirror_ingress_packet(struct xlate_ctx *ctx)
1940{
1941 if (mbridge_has_mirrors(ctx->xbridge->mbridge)) {
7efbc3b7 1942 struct xbundle *xbundle = lookup_input_bundle(
2d9b49dd 1943 ctx, ctx->xin->flow.in_port.ofp_port, NULL);
7efbc3b7
BP		 1944 if (xbundle) {
1945 mirror_packet(ctx, xbundle,
1946 xbundle_mirror_src(ctx->xbridge, xbundle));
1947 }
1948 }
1949}
1950
46c88433 1951/* Checks whether a packet with the given 'vid' may ingress on 'in_xbundle'.
2d9b49dd 1952 * If so, returns true. Otherwise, returns false.
9583bc14
EJ		 1953 *
1954 * 'vid' should be the VID obtained from the 802.1Q header that was received as
1955 * part of a packet (specify 0 if there was no 802.1Q header), in the range
1956 * 0...4095. */
1957static bool
2d9b49dd
BP		 1958input_vid_is_valid(const struct xlate_ctx *ctx,
1959 uint16_t vid, struct xbundle *in_xbundle)
9583bc14
EJ		 1960{
1961 /* Allow any VID on the OFPP_NONE port. */
46c88433 1962 if (in_xbundle == &ofpp_none_bundle) {
9583bc14
EJ		 1963 return true;
1964 }
1965
46c88433 1966 switch (in_xbundle->vlan_mode) {
9583bc14
EJ		 1967 case PORT_VLAN_ACCESS:
1968 if (vid) {
2d9b49dd
BP		 1969 xlate_report_error(ctx, "dropping VLAN %"PRIu16" tagged "
1970 "packet received on port %s configured as VLAN "
fd13c6b5 1971 "%d access port", vid, in_xbundle->name,
2d9b49dd 1972 in_xbundle->vlan);
9583bc14
EJ		 1973 return false;
1974 }
1975 return true;
1976
1977 case PORT_VLAN_NATIVE_UNTAGGED:
1978 case PORT_VLAN_NATIVE_TAGGED:
1979 if (!vid) {
1980 /* Port must always carry its native VLAN. */
1981 return true;
1982 }
1983 /* Fall through. */
1984 case PORT_VLAN_TRUNK:
f0fb825a 1985 if (!xbundle_trunks_vlan(in_xbundle, vid)) {
2d9b49dd
BP		 1986 xlate_report_error(ctx, "dropping VLAN %"PRIu16" packet "
1987 "received on port %s not configured for "
1988 "trunking VLAN %"PRIu16,
1989 vid, in_xbundle->name, vid);
9583bc14
EJ		 1990 return false;
1991 }
1992 return true;
1993
fed8962a
EG		 1994 case PORT_VLAN_DOT1Q_TUNNEL:
1995 if (!xbundle_allows_cvlan(in_xbundle, vid)) {
1996 xlate_report_error(ctx, "dropping VLAN %"PRIu16" packet received "
1997 "on dot1q-tunnel port %s that excludes this "
1998 "VLAN", vid, in_xbundle->name);
1999 return false;
2000 }
2001 return true;
2002
9583bc14 2003 default:
428b2edd 2004 OVS_NOT_REACHED();
9583bc14
EJ		 2005 }
2006
2007}
2008
f0fb825a
EG		 2009static void
2010xvlan_copy(struct xvlan *dst, const struct xvlan *src)
2011{
2012 *dst = *src;
2013}
2014
2015static void
2016xvlan_pop(struct xvlan *src)
2017{
2018 memmove(&src->v[0], &src->v[1], sizeof(src->v) - sizeof(src->v[0]));
2019 memset(&src->v[FLOW_MAX_VLAN_HEADERS - 1], 0,
2020 sizeof(src->v[FLOW_MAX_VLAN_HEADERS - 1]));
2021}
2022
fed8962a
EG		 2023static void
2024xvlan_push_uninit(struct xvlan *src)
2025{
2026 memmove(&src->v[1], &src->v[0], sizeof(src->v) - sizeof(src->v[0]));
2027 memset(&src->v[0], 0, sizeof(src->v[0]));
2028}
2029
f0fb825a
EG		 2030/* Extract VLAN information (headers) from flow */
2031static void
2032xvlan_extract(const struct flow *flow, struct xvlan *xvlan)
2033{
2034 int i;
2035 memset(xvlan, 0, sizeof(*xvlan));
2036 for (i = 0; i < FLOW_MAX_VLAN_HEADERS; i++) {
2037 if (!eth_type_vlan(flow->vlans[i].tpid) ||
2038 !(flow->vlans[i].tci & htons(VLAN_CFI))) {
2039 break;
2040 }
2041 xvlan->v[i].tpid = ntohs(flow->vlans[i].tpid);
2042 xvlan->v[i].vid = vlan_tci_to_vid(flow->vlans[i].tci);
2043 xvlan->v[i].pcp = ntohs(flow->vlans[i].tci) & VLAN_PCP_MASK;
2044 }
2045}
2046
2047/* Put VLAN information (headers) to flow */
2048static void
2049xvlan_put(struct flow *flow, const struct xvlan *xvlan)
2050{
2051 ovs_be16 tci;
2052 int i;
2053 for (i = 0; i < FLOW_MAX_VLAN_HEADERS; i++) {
2054 tci = htons(xvlan->v[i].vid | (xvlan->v[i].pcp & VLAN_PCP_MASK));
2055 if (tci) {
2056 tci |= htons(VLAN_CFI);
2057 flow->vlans[i].tpid = xvlan->v[i].tpid ?
2058 htons(xvlan->v[i].tpid) :
2059 htons(ETH_TYPE_VLAN_8021Q);
2060 }
2061 flow->vlans[i].tci = tci;
2062 }
2063}
2064
2065/* Given 'in_xvlan', extracted from the input 802.1Q headers received as part
2066 * of a packet, and 'in_xbundle', the bundle on which the packet was received,
2067 * returns the VLANs of the packet during bridge internal processing. */
2068static void
2069xvlan_input_translate(const struct xbundle *in_xbundle,
2070 const struct xvlan *in_xvlan, struct xvlan *xvlan)
2071{
2072
2073 switch (in_xbundle->vlan_mode) {
2074 case PORT_VLAN_ACCESS:
2075 memset(xvlan, 0, sizeof(*xvlan));
2076 xvlan->v[0].tpid = in_xvlan->v[0].tpid ? in_xvlan->v[0].tpid :
2077 ETH_TYPE_VLAN_8021Q;
2078 xvlan->v[0].vid = in_xbundle->vlan;
2079 xvlan->v[0].pcp = in_xvlan->v[0].pcp;
2080 break;
2081
2082 case PORT_VLAN_TRUNK:
2083 xvlan_copy(xvlan, in_xvlan);
2084 break;
2085
2086 case PORT_VLAN_NATIVE_UNTAGGED:
2087 case PORT_VLAN_NATIVE_TAGGED:
2088 xvlan_copy(xvlan, in_xvlan);
2089 if (!in_xvlan->v[0].vid) {
2090 xvlan->v[0].tpid = in_xvlan->v[0].tpid ? in_xvlan->v[0].tpid :
2091 ETH_TYPE_VLAN_8021Q;
2092 xvlan->v[0].vid = in_xbundle->vlan;
2093 xvlan->v[0].pcp = in_xvlan->v[0].pcp;
2094 }
2095 break;
2096
fed8962a
EG		 2097 case PORT_VLAN_DOT1Q_TUNNEL:
2098 xvlan_copy(xvlan, in_xvlan);
2099 xvlan_push_uninit(xvlan);
2100 xvlan->v[0].tpid = in_xbundle->qinq_ethtype;
2101 xvlan->v[0].vid = in_xbundle->vlan;
2102 xvlan->v[0].pcp = 0;
2103 break;
2104
f0fb825a
EG		 2105 default:
2106 OVS_NOT_REACHED();
2107 }
2108}
2109
2110/* Given 'xvlan', the VLANs of a packet during internal processing, and
2111 * 'out_xbundle', a bundle on which the packet is to be output, returns the
2112 * VLANs that should be included in output packet. */
2113static void
2114xvlan_output_translate(const struct xbundle *out_xbundle,
2115 const struct xvlan *xvlan, struct xvlan *out_xvlan)
9583bc14 2116{
46c88433 2117 switch (out_xbundle->vlan_mode) {
9583bc14 2118 case PORT_VLAN_ACCESS:
f0fb825a
EG		 2119 memset(out_xvlan, 0, sizeof(*out_xvlan));
2120 break;
9583bc14
EJ		 2121
2122 case PORT_VLAN_TRUNK:
2123 case PORT_VLAN_NATIVE_TAGGED:
f0fb825a
EG		 2124 xvlan_copy(out_xvlan, xvlan);
2125 break;
9583bc14
EJ		 2126
2127 case PORT_VLAN_NATIVE_UNTAGGED:
f0fb825a
EG		 2128 xvlan_copy(out_xvlan, xvlan);
2129 if (xvlan->v[0].vid == out_xbundle->vlan) {
2130 xvlan_pop(out_xvlan);
2131 }
2132 break;
9583bc14 2133
fed8962a
EG		 2134 case PORT_VLAN_DOT1Q_TUNNEL:
2135 xvlan_copy(out_xvlan, xvlan);
2136 xvlan_pop(out_xvlan);
2137 break;
2138
9583bc14 2139 default:
428b2edd 2140 OVS_NOT_REACHED();
9583bc14
EJ		 2141 }
2142}
2143
fed8962a
EG		 2144/* If output xbundle is dot1q-tunnel, set mask bits of cvlan */
2145static void
2146check_and_set_cvlan_mask(struct flow_wildcards *wc,
2147 const struct xbundle *xbundle)
2148{
2149 if (xbundle->vlan_mode == PORT_VLAN_DOT1Q_TUNNEL && xbundle->cvlans) {
2150 wc->masks.vlans[1].tci = htons(0xffff);
2151 }
2152}
2153
9583bc14 2154static void
46c88433 2155output_normal(struct xlate_ctx *ctx, const struct xbundle *out_xbundle,
f0fb825a 2156 const struct xvlan *xvlan)
9583bc14 2157{
9583bc14 2158 uint16_t vid;
f0fb825a 2159 union flow_vlan_hdr old_vlans[FLOW_MAX_VLAN_HEADERS];
46c88433 2160 struct xport *xport;
e93ef1c7
JR		 2161 struct xlate_bond_recirc xr;
2162 bool use_recirc = false;
f0fb825a 2163 struct xvlan out_xvlan;
9583bc14 2164
fed8962a
EG		 2165 check_and_set_cvlan_mask(ctx->wc, out_xbundle);
2166
f0fb825a
EG		 2167 xvlan_output_translate(out_xbundle, xvlan, &out_xvlan);
2168 if (out_xbundle->use_priority_tags) {
2169 out_xvlan.v[0].pcp = ntohs(ctx->xin->flow.vlans[0].tci) &
2170 VLAN_PCP_MASK;
2171 }
2172 vid = out_xvlan.v[0].vid;
417e7e66 2173 if (ovs_list_is_empty(&out_xbundle->xports)) {
46c88433
EJ		 2174 /* Partially configured bundle with no slaves. Drop the packet. */
2175 return;
2176 } else if (!out_xbundle->bond) {
417e7e66 2177 xport = CONTAINER_OF(ovs_list_front(&out_xbundle->xports), struct xport,
46c88433 2178 bundle_node);
9583bc14 2179 } else {
84f0f298 2180 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
49a73e0c 2181 struct flow_wildcards *wc = ctx->wc;
84f0f298 2182 struct ofport_dpif *ofport;
adcf00ba 2183
a80aba3a
AZ		 2184 if (ctx->xbridge->support.odp.recirc) {
2185 /* In case recirculation is not actually in use, 'xr.recirc_id'
2186 * will be set to '0', since a valid 'recirc_id' can
82f9f1f5
AZ		 2187 * not be zero. */
2188 bond_update_post_recirc_rules(out_xbundle->bond,
2189 &xr.recirc_id,
2190 &xr.hash_basis);
2191 if (xr.recirc_id) {
2192 /* Use recirculation instead of output. */
2193 use_recirc = true;
e93ef1c7 2194 xr.hash_alg = OVS_HASH_ALG_L4;
54ecb5a2
AZ		 2195 /* Recirculation does not require unmasking hash fields. */
2196 wc = NULL;
adcf00ba
AZ		 2197 }
2198 }
46c88433 2199
54ecb5a2
AZ		 2200 ofport = bond_choose_output_slave(out_xbundle->bond,
2201 &ctx->xin->flow, wc, vid);
84f0f298 2202 xport = xport_lookup(xcfg, ofport);
46c88433
EJ		 2203
2204 if (!xport) {
9583bc14
EJ		 2205 /* No slaves enabled, so drop packet. */
2206 return;
2207 }
d6fc5f57 2208
e93ef1c7 2209 /* If use_recirc is set, the main thread will handle stats
b256dc52 2210 * accounting for this bond. */
e93ef1c7 2211 if (!use_recirc) {
b256dc52
JS		 2212 if (ctx->xin->resubmit_stats) {
2213 bond_account(out_xbundle->bond, &ctx->xin->flow, vid,
2214 ctx->xin->resubmit_stats->n_bytes);
2215 }
2216 if (ctx->xin->xcache) {
2217 struct xc_entry *entry;
2218 struct flow *flow;
2219
2220 flow = &ctx->xin->flow;
2221 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_BOND);
901a517e
JR		 2222 entry->bond.bond = bond_ref(out_xbundle->bond);
2223 entry->bond.flow = xmemdup(flow, sizeof *flow);
2224 entry->bond.vid = vid;
b256dc52 2225 }
d6fc5f57 2226 }
9583bc14
EJ		 2227 }
2228
f0fb825a
EG		 2229 memcpy(&old_vlans, &ctx->xin->flow.vlans, sizeof(old_vlans));
2230 xvlan_put(&ctx->xin->flow, &out_xvlan);
9583bc14 2231
feee58b9 2232 compose_output_action(ctx, xport->ofp_port, use_recirc ? &xr : NULL,
11938578 2233 false, false);
f0fb825a 2234 memcpy(&ctx->xin->flow.vlans, &old_vlans, sizeof(old_vlans));
9583bc14
EJ		 2235}
2236
2237/* A VM broadcasts a gratuitous ARP to indicate that it has resumed after
2238 * migration. Older Citrix-patched Linux DomU used gratuitous ARP replies to
2239 * indicate this; newer upstream kernels use gratuitous ARP requests. */
2240static bool
2241is_gratuitous_arp(const struct flow *flow, struct flow_wildcards *wc)
2242{
2243 if (flow->dl_type != htons(ETH_TYPE_ARP)) {
2244 return false;
2245 }
2246
2247 memset(&wc->masks.dl_dst, 0xff, sizeof wc->masks.dl_dst);
2248 if (!eth_addr_is_broadcast(flow->dl_dst)) {
2249 return false;
2250 }
2251
2252 memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
2253 if (flow->nw_proto == ARP_OP_REPLY) {
2254 return true;
2255 } else if (flow->nw_proto == ARP_OP_REQUEST) {
2256 memset(&wc->masks.nw_src, 0xff, sizeof wc->masks.nw_src);
2257 memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst);
2258
2259 return flow->nw_src == flow->nw_dst;
2260 } else {
2261 return false;
2262 }
2263}
2264
ff69c24a
FL		 2265/* Determines whether packets in 'flow' within 'xbridge' should be forwarded or
2266 * dropped. Returns true if they may be forwarded, false if they should be
2267 * dropped.
2268 *
2269 * 'in_port' must be the xport that corresponds to flow->in_port.
2270 * 'in_port' must be part of a bundle (e.g. in_port->bundle must be nonnull).
2271 *
2272 * 'vlan' must be the VLAN that corresponds to flow->vlan_tci on 'in_port', as
2273 * returned by input_vid_to_vlan(). It must be a valid VLAN for 'in_port', as
2274 * checked by input_vid_is_valid().
2275 *
2276 * May also add tags to '*tags', although the current implementation only does
2277 * so in one special case.
2278 */
2279static bool
2280is_admissible(struct xlate_ctx *ctx, struct xport *in_port,
2281 uint16_t vlan)
2282{
2283 struct xbundle *in_xbundle = in_port->xbundle;
2284 const struct xbridge *xbridge = ctx->xbridge;
2285 struct flow *flow = &ctx->xin->flow;
2286
2287 /* Drop frames for reserved multicast addresses
2288 * only if forward_bpdu option is absent. */
2289 if (!xbridge->forward_bpdu && eth_addr_is_reserved(flow->dl_dst)) {
2d9b49dd
BP		 2290 xlate_report(ctx, OFT_DETAIL,
2291 "packet has reserved destination MAC, dropping");
ff69c24a
FL		 2292 return false;
2293 }
2294
2295 if (in_xbundle->bond) {
2296 struct mac_entry *mac;
2297
2298 switch (bond_check_admissibility(in_xbundle->bond, in_port->ofport,
2299 flow->dl_dst)) {
2300 case BV_ACCEPT:
2301 break;
2302
2303 case BV_DROP:
2d9b49dd
BP		 2304 xlate_report(ctx, OFT_DETAIL,
2305 "bonding refused admissibility, dropping");
ff69c24a
FL		 2306 return false;
2307
2308 case BV_DROP_IF_MOVED:
2309 ovs_rwlock_rdlock(&xbridge->ml->rwlock);
2310 mac = mac_learning_lookup(xbridge->ml, flow->dl_src, vlan);
9d078ec2
BP		 2311 if (mac
2312 && mac_entry_get_port(xbridge->ml, mac) != in_xbundle->ofbundle
49a73e0c 2313 && (!is_gratuitous_arp(flow, ctx->wc)
9d078ec2 2314 || mac_entry_is_grat_arp_locked(mac))) {
ff69c24a 2315 ovs_rwlock_unlock(&xbridge->ml->rwlock);
2d9b49dd
BP		 2316 xlate_report(ctx, OFT_DETAIL,
2317 "SLB bond thinks this packet looped back, "
ff69c24a
FL		 2318 "dropping");
2319 return false;
2320 }
2321 ovs_rwlock_unlock(&xbridge->ml->rwlock);
2322 break;
2323 }
2324 }
2325
2326 return true;
2327}
2328
2d9b49dd
BP		 2329static bool
2330update_learning_table__(const struct xbridge *xbridge,
2331 struct xbundle *in_xbundle, struct eth_addr dl_src,
2332 int vlan, bool is_grat_arp)
2333{
2334 return (in_xbundle == &ofpp_none_bundle
2335 || !mac_learning_update(xbridge->ml, dl_src, vlan,
2336 is_grat_arp,
2337 in_xbundle->bond != NULL,
2338 in_xbundle->ofbundle));
2339}
2340
ee047520 2341static void
2d9b49dd 2342update_learning_table(const struct xlate_ctx *ctx,
064799a1
JR		 2343 struct xbundle *in_xbundle, struct eth_addr dl_src,
2344 int vlan, bool is_grat_arp)
ee047520 2345{
2d9b49dd
BP		 2346 if (!update_learning_table__(ctx->xbridge, in_xbundle, dl_src, vlan,
2347 is_grat_arp)) {
2348 xlate_report_debug(ctx, OFT_DETAIL, "learned that "ETH_ADDR_FMT" is "
2349 "on port %s in VLAN %d",
2350 ETH_ADDR_ARGS(dl_src), in_xbundle->name, vlan);
ee047520 2351 }
9583bc14
EJ		 2352}
2353
86e2dcdd
FL		 2354/* Updates multicast snooping table 'ms' given that a packet matching 'flow'
2355 * was received on 'in_xbundle' in 'vlan' and is either Report or Query. */
2356static void
2d9b49dd 2357update_mcast_snooping_table4__(const struct xlate_ctx *ctx,
06994f87
TLSC		 2358 const struct flow *flow,
2359 struct mcast_snooping *ms, int vlan,
2360 struct xbundle *in_xbundle,
2361 const struct dp_packet *packet)
86e2dcdd
FL		 2362 OVS_REQ_WRLOCK(ms->rwlock)
2363{
46445c63 2364 const struct igmp_header *igmp;
e3102e42 2365 int count;
46445c63 2366 size_t offset;
06994f87 2367 ovs_be32 ip4 = flow->igmp_group_ip4;
86e2dcdd 2368
46445c63
EC		 2369 offset = (char *) dp_packet_l4(packet) - (char *) dp_packet_data(packet);
2370 igmp = dp_packet_at(packet, offset, IGMP_HEADER_LEN);
2371 if (!igmp || csum(igmp, dp_packet_l4_size(packet)) != 0) {
2d9b49dd
BP		 2372 xlate_report_debug(ctx, OFT_DETAIL,
2373 "multicast snooping received bad IGMP "
2374 "checksum on port %s in VLAN %d",
2375 in_xbundle->name, vlan);
46445c63
EC		 2376 return;
2377 }
2378
86e2dcdd
FL		 2379 switch (ntohs(flow->tp_src)) {
2380 case IGMP_HOST_MEMBERSHIP_REPORT:
2381 case IGMPV2_HOST_MEMBERSHIP_REPORT:
964a4d5f 2382 if (mcast_snooping_add_group4(ms, ip4, vlan, in_xbundle->ofbundle)) {
2d9b49dd
BP		 2383 xlate_report_debug(ctx, OFT_DETAIL,
2384 "multicast snooping learned that "
2385 IP_FMT" is on port %s in VLAN %d",
2386 IP_ARGS(ip4), in_xbundle->name, vlan);
86e2dcdd
FL		 2387 }
2388 break;
2389 case IGMP_HOST_LEAVE_MESSAGE:
964a4d5f 2390 if (mcast_snooping_leave_group4(ms, ip4, vlan, in_xbundle->ofbundle)) {
2d9b49dd
BP		 2391 xlate_report_debug(ctx, OFT_DETAIL, "multicast snooping leaving "
2392 IP_FMT" is on port %s in VLAN %d",
2393 IP_ARGS(ip4), in_xbundle->name, vlan);
86e2dcdd
FL		 2394 }
2395 break;
2396 case IGMP_HOST_MEMBERSHIP_QUERY:
2397 if (flow->nw_src && mcast_snooping_add_mrouter(ms, vlan,
2d9b49dd
BP		 2398 in_xbundle->ofbundle)) {
2399 xlate_report_debug(ctx, OFT_DETAIL, "multicast snooping query "
2400 "from "IP_FMT" is on port %s in VLAN %d",
2401 IP_ARGS(flow->nw_src), in_xbundle->name, vlan);
86e2dcdd
FL		 2402 }
2403 break;
e3102e42 2404 case IGMPV3_HOST_MEMBERSHIP_REPORT:
2d9b49dd
BP		 2405 count = mcast_snooping_add_report(ms, packet, vlan,
2406 in_xbundle->ofbundle);
2407 if (count) {
2408 xlate_report_debug(ctx, OFT_DETAIL, "multicast snooping processed "
2409 "%d addresses on port %s in VLAN %d",
2410 count, in_xbundle->name, vlan);
e3102e42
TLSC		 2411 }
2412 break;
86e2dcdd
FL		 2413 }
2414}
2415
06994f87 2416static void
2d9b49dd 2417update_mcast_snooping_table6__(const struct xlate_ctx *ctx,
06994f87
TLSC		 2418 const struct flow *flow,
2419 struct mcast_snooping *ms, int vlan,
2420 struct xbundle *in_xbundle,
2421 const struct dp_packet *packet)
2422 OVS_REQ_WRLOCK(ms->rwlock)
2423{
46445c63 2424 const struct mld_header *mld;
06994f87 2425 int count;
46445c63
EC		 2426 size_t offset;
2427
2428 offset = (char *) dp_packet_l4(packet) - (char *) dp_packet_data(packet);
2429 mld = dp_packet_at(packet, offset, MLD_HEADER_LEN);
2430
2431 if (!mld ||
2432 packet_csum_upperlayer6(dp_packet_l3(packet),
2433 mld, IPPROTO_ICMPV6,
2434 dp_packet_l4_size(packet)) != 0) {
2d9b49dd
BP		 2435 xlate_report_debug(ctx, OFT_DETAIL, "multicast snooping received "
2436 "bad MLD checksum on port %s in VLAN %d",
2437 in_xbundle->name, vlan);
46445c63
EC		 2438 return;
2439 }
06994f87
TLSC		 2440
2441 switch (ntohs(flow->tp_src)) {
2442 case MLD_QUERY:
2443 if (!ipv6_addr_equals(&flow->ipv6_src, &in6addr_any)
2444 && mcast_snooping_add_mrouter(ms, vlan, in_xbundle->ofbundle)) {
2d9b49dd
BP		 2445 xlate_report_debug(ctx, OFT_DETAIL, "multicast snooping query on "
2446 "port %s in VLAN %d", in_xbundle->name, vlan);
06994f87
TLSC		 2447 }
2448 break;
2449 case MLD_REPORT:
2450 case MLD_DONE:
2451 case MLD2_REPORT:
2452 count = mcast_snooping_add_mld(ms, packet, vlan, in_xbundle->ofbundle);
2453 if (count) {
2d9b49dd
BP		 2454 xlate_report_debug(ctx, OFT_DETAIL, "multicast snooping processed "
2455 "%d addresses on port %s in VLAN %d",
2456 count, in_xbundle->name, vlan);
06994f87
TLSC		 2457 }
2458 break;
2459 }
2460}
2461
86e2dcdd
FL		 2462/* Updates multicast snooping table 'ms' given that a packet matching 'flow'
2463 * was received on 'in_xbundle' in 'vlan'. */
2464static void
2d9b49dd 2465update_mcast_snooping_table(const struct xlate_ctx *ctx,
86e2dcdd 2466 const struct flow *flow, int vlan,
e3102e42
TLSC		 2467 struct xbundle *in_xbundle,
2468 const struct dp_packet *packet)
86e2dcdd 2469{
2d9b49dd 2470 struct mcast_snooping *ms = ctx->xbridge->ms;
86e2dcdd
FL		 2471 struct xlate_cfg *xcfg;
2472 struct xbundle *mcast_xbundle;
f4ae6e23 2473 struct mcast_port_bundle *fport;
86e2dcdd
FL		 2474
2475 /* Don't learn the OFPP_NONE port. */
2476 if (in_xbundle == &ofpp_none_bundle) {
2477 return;
2478 }
2479
2480 /* Don't learn from flood ports */
2481 mcast_xbundle = NULL;
2482 ovs_rwlock_wrlock(&ms->rwlock);
2483 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
f4ae6e23 2484 LIST_FOR_EACH(fport, node, &ms->fport_list) {
86e2dcdd
FL		 2485 mcast_xbundle = xbundle_lookup(xcfg, fport->port);
2486 if (mcast_xbundle == in_xbundle) {
2487 break;
2488 }
2489 }
2490
2491 if (!mcast_xbundle || mcast_xbundle != in_xbundle) {
06994f87 2492 if (flow->dl_type == htons(ETH_TYPE_IP)) {
2d9b49dd 2493 update_mcast_snooping_table4__(ctx, flow, ms, vlan,
06994f87
TLSC		 2494 in_xbundle, packet);
2495 } else {
2d9b49dd 2496 update_mcast_snooping_table6__(ctx, flow, ms, vlan,
06994f87
TLSC		 2497 in_xbundle, packet);
2498 }
86e2dcdd
FL		 2499 }
2500 ovs_rwlock_unlock(&ms->rwlock);
2501}
2502
2503/* send the packet to ports having the multicast group learned */
2504static void
2505xlate_normal_mcast_send_group(struct xlate_ctx *ctx,
2506 struct mcast_snooping *ms OVS_UNUSED,
2507 struct mcast_group *grp,
f0fb825a
EG		 2508 struct xbundle *in_xbundle,
2509 const struct xvlan *xvlan)
86e2dcdd
FL		 2510 OVS_REQ_RDLOCK(ms->rwlock)
2511{
2512 struct xlate_cfg *xcfg;
2513 struct mcast_group_bundle *b;
2514 struct xbundle *mcast_xbundle;
2515
2516 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2517 LIST_FOR_EACH(b, bundle_node, &grp->bundle_lru) {
2518 mcast_xbundle = xbundle_lookup(xcfg, b->port);
2519 if (mcast_xbundle && mcast_xbundle != in_xbundle) {
2d9b49dd 2520 xlate_report(ctx, OFT_DETAIL, "forwarding to mcast group port");
f0fb825a 2521 output_normal(ctx, mcast_xbundle, xvlan);
86e2dcdd 2522 } else if (!mcast_xbundle) {
2d9b49dd
BP		 2523 xlate_report(ctx, OFT_WARN,
2524 "mcast group port is unknown, dropping");
86e2dcdd 2525 } else {
2d9b49dd
BP		 2526 xlate_report(ctx, OFT_DETAIL,
2527 "mcast group port is input port, dropping");
86e2dcdd
FL		 2528 }
2529 }
2530}
2531
2532/* send the packet to ports connected to multicast routers */
2533static void
2534xlate_normal_mcast_send_mrouters(struct xlate_ctx *ctx,
2535 struct mcast_snooping *ms,
f0fb825a
EG		 2536 struct xbundle *in_xbundle,
2537 const struct xvlan *xvlan)
86e2dcdd
FL		 2538 OVS_REQ_RDLOCK(ms->rwlock)
2539{
2540 struct xlate_cfg *xcfg;
2541 struct mcast_mrouter_bundle *mrouter;
2542 struct xbundle *mcast_xbundle;
2543
2544 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2545 LIST_FOR_EACH(mrouter, mrouter_node, &ms->mrouter_lru) {
2546 mcast_xbundle = xbundle_lookup(xcfg, mrouter->port);
94a881c1 2547 if (mcast_xbundle && mcast_xbundle != in_xbundle
f0fb825a 2548 && mrouter->vlan == xvlan->v[0].vid) {
2d9b49dd 2549 xlate_report(ctx, OFT_DETAIL, "forwarding to mcast router port");
f0fb825a 2550 output_normal(ctx, mcast_xbundle, xvlan);
86e2dcdd 2551 } else if (!mcast_xbundle) {
2d9b49dd
BP		 2552 xlate_report(ctx, OFT_WARN,
2553 "mcast router port is unknown, dropping");
f0fb825a 2554 } else if (mrouter->vlan != xvlan->v[0].vid) {
2d9b49dd
BP		 2555 xlate_report(ctx, OFT_DETAIL,
2556 "mcast router is on another vlan, dropping");
86e2dcdd 2557 } else {
2d9b49dd
BP		 2558 xlate_report(ctx, OFT_DETAIL,
2559 "mcast router port is input port, dropping");
86e2dcdd
FL		 2560 }
2561 }
2562}
2563
2564/* send the packet to ports flagged to be flooded */
2565static void
2566xlate_normal_mcast_send_fports(struct xlate_ctx *ctx,
2567 struct mcast_snooping *ms,
f0fb825a
EG		 2568 struct xbundle *in_xbundle,
2569 const struct xvlan *xvlan)
86e2dcdd
FL		 2570 OVS_REQ_RDLOCK(ms->rwlock)
2571{
2572 struct xlate_cfg *xcfg;
f4ae6e23 2573 struct mcast_port_bundle *fport;
86e2dcdd
FL		 2574 struct xbundle *mcast_xbundle;
2575
2576 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
f4ae6e23 2577 LIST_FOR_EACH(fport, node, &ms->fport_list) {
86e2dcdd
FL		 2578 mcast_xbundle = xbundle_lookup(xcfg, fport->port);
2579 if (mcast_xbundle && mcast_xbundle != in_xbundle) {
2d9b49dd 2580 xlate_report(ctx, OFT_DETAIL, "forwarding to mcast flood port");
f0fb825a 2581 output_normal(ctx, mcast_xbundle, xvlan);
86e2dcdd 2582 } else if (!mcast_xbundle) {
2d9b49dd
BP		 2583 xlate_report(ctx, OFT_WARN,
2584 "mcast flood port is unknown, dropping");
86e2dcdd 2585 } else {
2d9b49dd
BP		 2586 xlate_report(ctx, OFT_DETAIL,
2587 "mcast flood port is input port, dropping");
86e2dcdd
FL		 2588 }
2589 }
2590}
2591
8e04a33f
FL		 2592/* forward the Reports to configured ports */
2593static void
2594xlate_normal_mcast_send_rports(struct xlate_ctx *ctx,
2595 struct mcast_snooping *ms,
f0fb825a
EG		 2596 struct xbundle *in_xbundle,
2597 const struct xvlan *xvlan)
8e04a33f
FL		 2598 OVS_REQ_RDLOCK(ms->rwlock)
2599{
2600 struct xlate_cfg *xcfg;
2601 struct mcast_port_bundle *rport;
2602 struct xbundle *mcast_xbundle;
2603
2604 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2605 LIST_FOR_EACH(rport, node, &ms->rport_list) {
2606 mcast_xbundle = xbundle_lookup(xcfg, rport->port);
2607 if (mcast_xbundle && mcast_xbundle != in_xbundle) {
2d9b49dd
BP		 2608 xlate_report(ctx, OFT_DETAIL,
2609 "forwarding report to mcast flagged port");
f0fb825a 2610 output_normal(ctx, mcast_xbundle, xvlan);
8e04a33f 2611 } else if (!mcast_xbundle) {
2d9b49dd
BP		 2612 xlate_report(ctx, OFT_WARN,
2613 "mcast port is unknown, dropping the report");
8e04a33f 2614 } else {
2d9b49dd
BP		 2615 xlate_report(ctx, OFT_DETAIL,
2616 "mcast port is input port, dropping the Report");
8e04a33f
FL		 2617 }
2618 }
2619}
2620
682800a4
FL		 2621static void
2622xlate_normal_flood(struct xlate_ctx *ctx, struct xbundle *in_xbundle,
f0fb825a 2623 struct xvlan *xvlan)
682800a4
FL		 2624{
2625 struct xbundle *xbundle;
2626
2627 LIST_FOR_EACH (xbundle, list_node, &ctx->xbridge->xbundles) {
2628 if (xbundle != in_xbundle
f0fb825a 2629 && xbundle_includes_vlan(xbundle, xvlan)
682800a4
FL		 2630 && xbundle->floodable
2631 && !xbundle_mirror_out(ctx->xbridge, xbundle)) {
f0fb825a 2632 output_normal(ctx, xbundle, xvlan);
682800a4
FL		 2633 }
2634 }
2031ef97 2635 ctx->nf_output_iface = NF_OUT_FLOOD;
682800a4
FL		 2636}
2637
a75636c8
BP		 2638static bool
2639is_ip_local_multicast(const struct flow *flow, struct flow_wildcards *wc)
2640{
2641 if (flow->dl_type == htons(ETH_TYPE_IP)) {
2642 memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst);
2643 return ip_is_local_multicast(flow->nw_dst);
2644 } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
2645 memset(&wc->masks.ipv6_dst, 0xff, sizeof wc->masks.ipv6_dst);
2646 return ipv6_is_all_hosts(&flow->ipv6_dst);
2647 } else {
2648 return false;
2649 }
2650}
2651
9583bc14
EJ		 2652static void
2653xlate_normal(struct xlate_ctx *ctx)
2654{
49a73e0c 2655 struct flow_wildcards *wc = ctx->wc;
33bf9176 2656 struct flow *flow = &ctx->xin->flow;
46c88433
EJ		 2657 struct xbundle *in_xbundle;
2658 struct xport *in_port;
9583bc14 2659 struct mac_entry *mac;
d6d5bbc9 2660 void *mac_port;
f0fb825a
EG		 2661 struct xvlan in_xvlan;
2662 struct xvlan xvlan;
9583bc14 2663 uint16_t vlan;
9583bc14 2664
33bf9176
BP		 2665 memset(&wc->masks.dl_src, 0xff, sizeof wc->masks.dl_src);
2666 memset(&wc->masks.dl_dst, 0xff, sizeof wc->masks.dl_dst);
f0fb825a 2667 wc->masks.vlans[0].tci |= htons(VLAN_VID_MASK | VLAN_CFI);
9583bc14 2668
2d9b49dd 2669 in_xbundle = lookup_input_bundle(ctx, flow->in_port.ofp_port, &in_port);
46c88433 2670 if (!in_xbundle) {
2d9b49dd 2671 xlate_report(ctx, OFT_WARN, "no input bundle, dropping");
9583bc14
EJ		 2672 return;
2673 }
2674
2675 /* Drop malformed frames. */
f0fb825a
EG		 2676 if (eth_type_vlan(flow->dl_type) &&
2677 !(flow->vlans[0].tci & htons(VLAN_CFI))) {
9583bc14 2678 if (ctx->xin->packet != NULL) {
2d9b49dd
BP		 2679 xlate_report_error(ctx, "dropping packet with partial "
2680 "VLAN tag received on port %s",
2681 in_xbundle->name);
9583bc14 2682 }
2d9b49dd 2683 xlate_report(ctx, OFT_WARN, "partial VLAN tag, dropping");
9583bc14
EJ		 2684 return;
2685 }
2686
2687 /* Drop frames on bundles reserved for mirroring. */
46c88433 2688 if (xbundle_mirror_out(ctx->xbridge, in_xbundle)) {
9583bc14 2689 if (ctx->xin->packet != NULL) {
2d9b49dd
BP		 2690 xlate_report_error(ctx, "dropping packet received on port %s, "
2691 "which is reserved exclusively for mirroring",
2692 in_xbundle->name);
9583bc14 2693 }
2d9b49dd
BP		 2694 xlate_report(ctx, OFT_WARN,
2695 "input port is mirror output port, dropping");
9583bc14
EJ		 2696 return;
2697 }
2698
2699 /* Check VLAN. */
f0fb825a
EG		 2700 xvlan_extract(flow, &in_xvlan);
2701 if (!input_vid_is_valid(ctx, in_xvlan.v[0].vid, in_xbundle)) {
2d9b49dd
BP		 2702 xlate_report(ctx, OFT_WARN,
2703 "disallowed VLAN VID for this input port, dropping");
9583bc14
EJ		 2704 return;
2705 }
f0fb825a
EG		 2706 xvlan_input_translate(in_xbundle, &in_xvlan, &xvlan);
2707 vlan = xvlan.v[0].vid;
9583bc14
EJ		 2708
2709 /* Check other admissibility requirements. */
2710 if (in_port && !is_admissible(ctx, in_port, vlan)) {
2711 return;
2712 }
2713
2714 /* Learn source MAC. */
064799a1 2715 bool is_grat_arp = is_gratuitous_arp(flow, wc);
875ab130
BP		 2716 if (ctx->xin->allow_side_effects
2717 && flow->packet_type == htonl(PT_ETH)
2718 && in_port->pt_mode != NETDEV_PT_LEGACY_L3
2719 ) {
2d9b49dd 2720 update_learning_table(ctx, in_xbundle, flow->dl_src, vlan,
064799a1 2721 is_grat_arp);
9583bc14 2722 }
064799a1 2723 if (ctx->xin->xcache && in_xbundle != &ofpp_none_bundle) {
b256dc52
JS		 2724 struct xc_entry *entry;
2725
064799a1 2726 /* Save just enough info to update mac learning table later. */
b256dc52 2727 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_NORMAL);
901a517e
JR		 2728 entry->normal.ofproto = ctx->xbridge->ofproto;
2729 entry->normal.in_port = flow->in_port.ofp_port;
2730 entry->normal.dl_src = flow->dl_src;
2731 entry->normal.vlan = vlan;
2732 entry->normal.is_gratuitous_arp = is_grat_arp;
b256dc52 2733 }
9583bc14
EJ		 2734
2735 /* Determine output bundle. */
86e2dcdd
FL		 2736 if (mcast_snooping_enabled(ctx->xbridge->ms)
2737 && !eth_addr_is_broadcast(flow->dl_dst)
2738 && eth_addr_is_multicast(flow->dl_dst)
06994f87 2739 && is_ip_any(flow)) {
86e2dcdd 2740 struct mcast_snooping *ms = ctx->xbridge->ms;
06994f87 2741 struct mcast_group *grp = NULL;
86e2dcdd 2742
a75636c8 2743 if (is_igmp(flow, wc)) {
1bc24169
BP		 2744 /*
2745 * IGMP packets need to take the slow path, in order to be
2746 * processed for mdb updates. That will prevent expires
2747 * firing off even after hosts have sent reports.
2748 */
2749 ctx->xout->slow |= SLOW_ACTION;
2750
a75636c8 2751 memset(&wc->masks.tp_src, 0xff, sizeof wc->masks.tp_src);
d29f137b
TLSC		 2752 if (mcast_snooping_is_membership(flow->tp_src) ||
2753 mcast_snooping_is_query(flow->tp_src)) {
df70a773 2754 if (ctx->xin->allow_side_effects && ctx->xin->packet) {
2d9b49dd 2755 update_mcast_snooping_table(ctx, flow, vlan,
e3102e42 2756 in_xbundle, ctx->xin->packet);
d29f137b 2757 }
86e2dcdd 2758 }
d6d5bbc9 2759
86e2dcdd
FL		 2760 if (mcast_snooping_is_membership(flow->tp_src)) {
2761 ovs_rwlock_rdlock(&ms->rwlock);
f0fb825a 2762 xlate_normal_mcast_send_mrouters(ctx, ms, in_xbundle, &xvlan);
8e04a33f
FL		 2763 /* RFC4541: section 2.1.1, item 1: A snooping switch should
2764 * forward IGMP Membership Reports only to those ports where
2765 * multicast routers are attached. Alternatively stated: a
2766 * snooping switch should not forward IGMP Membership Reports
2767 * to ports on which only hosts are attached.
2768 * An administrative control may be provided to override this
2769 * restriction, allowing the report messages to be flooded to
2770 * other ports. */
f0fb825a 2771 xlate_normal_mcast_send_rports(ctx, ms, in_xbundle, &xvlan);
86e2dcdd
FL		 2772 ovs_rwlock_unlock(&ms->rwlock);
2773 } else {
2d9b49dd 2774 xlate_report(ctx, OFT_DETAIL, "multicast traffic, flooding");
f0fb825a 2775 xlate_normal_flood(ctx, in_xbundle, &xvlan);
86e2dcdd
FL		 2776 }
2777 return;
a75636c8 2778 } else if (is_mld(flow, wc)) {
06994f87 2779 ctx->xout->slow |= SLOW_ACTION;
df70a773 2780 if (ctx->xin->allow_side_effects && ctx->xin->packet) {
2d9b49dd 2781 update_mcast_snooping_table(ctx, flow, vlan,
06994f87
TLSC		 2782 in_xbundle, ctx->xin->packet);
2783 }
a75636c8 2784 if (is_mld_report(flow, wc)) {
06994f87 2785 ovs_rwlock_rdlock(&ms->rwlock);
f0fb825a
EG		 2786 xlate_normal_mcast_send_mrouters(ctx, ms, in_xbundle, &xvlan);
2787 xlate_normal_mcast_send_rports(ctx, ms, in_xbundle, &xvlan);
06994f87
TLSC		 2788 ovs_rwlock_unlock(&ms->rwlock);
2789 } else {
2d9b49dd 2790 xlate_report(ctx, OFT_DETAIL, "MLD query, flooding");
f0fb825a 2791 xlate_normal_flood(ctx, in_xbundle, &xvlan);
06994f87 2792 }
86e2dcdd 2793 } else {
a75636c8 2794 if (is_ip_local_multicast(flow, wc)) {
86e2dcdd
FL		 2795 /* RFC4541: section 2.1.2, item 2: Packets with a dst IP
2796 * address in the 224.0.0.x range which are not IGMP must
2797 * be forwarded on all ports */
2d9b49dd
BP		 2798 xlate_report(ctx, OFT_DETAIL,
2799 "RFC4541: section 2.1.2, item 2, flooding");
f0fb825a 2800 xlate_normal_flood(ctx, in_xbundle, &xvlan);
86e2dcdd
FL		 2801 return;
2802 }
2803 }
2804
2805 /* forwarding to group base ports */
2806 ovs_rwlock_rdlock(&ms->rwlock);
06994f87
TLSC		 2807 if (flow->dl_type == htons(ETH_TYPE_IP)) {
2808 grp = mcast_snooping_lookup4(ms, flow->nw_dst, vlan);
2809 } else if (flow->dl_type == htons(ETH_TYPE_IPV6)) {
2810 grp = mcast_snooping_lookup(ms, &flow->ipv6_dst, vlan);
2811 }
86e2dcdd 2812 if (grp) {
f0fb825a
EG		 2813 xlate_normal_mcast_send_group(ctx, ms, grp, in_xbundle, &xvlan);
2814 xlate_normal_mcast_send_fports(ctx, ms, in_xbundle, &xvlan);
2815 xlate_normal_mcast_send_mrouters(ctx, ms, in_xbundle, &xvlan);
9583bc14 2816 } else {
86e2dcdd 2817 if (mcast_snooping_flood_unreg(ms)) {
2d9b49dd
BP		 2818 xlate_report(ctx, OFT_DETAIL,
2819 "unregistered multicast, flooding");
f0fb825a 2820 xlate_normal_flood(ctx, in_xbundle, &xvlan);
86e2dcdd 2821 } else {
f0fb825a
EG		 2822 xlate_normal_mcast_send_mrouters(ctx, ms, in_xbundle, &xvlan);
2823 xlate_normal_mcast_send_fports(ctx, ms, in_xbundle, &xvlan);
86e2dcdd 2824 }
9583bc14 2825 }
86e2dcdd 2826 ovs_rwlock_unlock(&ms->rwlock);
9583bc14 2827 } else {
86e2dcdd
FL		 2828 ovs_rwlock_rdlock(&ctx->xbridge->ml->rwlock);
2829 mac = mac_learning_lookup(ctx->xbridge->ml, flow->dl_dst, vlan);
9d078ec2 2830 mac_port = mac ? mac_entry_get_port(ctx->xbridge->ml, mac) : NULL;
86e2dcdd
FL		 2831 ovs_rwlock_unlock(&ctx->xbridge->ml->rwlock);
2832
2833 if (mac_port) {
2834 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
2835 struct xbundle *mac_xbundle = xbundle_lookup(xcfg, mac_port);
2836 if (mac_xbundle && mac_xbundle != in_xbundle) {
2d9b49dd 2837 xlate_report(ctx, OFT_DETAIL, "forwarding to learned port");
f0fb825a 2838 output_normal(ctx, mac_xbundle, &xvlan);
86e2dcdd 2839 } else if (!mac_xbundle) {
2d9b49dd
BP		 2840 xlate_report(ctx, OFT_WARN,
2841 "learned port is unknown, dropping");
86e2dcdd 2842 } else {
2d9b49dd
BP		 2843 xlate_report(ctx, OFT_DETAIL,
2844 "learned port is input port, dropping");
86e2dcdd
FL		 2845 }
2846 } else {
2d9b49dd
BP		 2847 xlate_report(ctx, OFT_DETAIL,
2848 "no learned MAC for destination, flooding");
f0fb825a 2849 xlate_normal_flood(ctx, in_xbundle, &xvlan);
86e2dcdd 2850 }
9583bc14
EJ		 2851 }
2852}
2853
a6092018
BP		 2854/* Appends a "sample" action for sFlow or IPFIX to 'ctx->odp_actions'. The
2855 * 'probability' is the number of packets out of UINT32_MAX to sample. The
2856 * 'cookie' (of length 'cookie_size' bytes) is passed back in the callback for
2857 * each sampled packet. 'tunnel_out_port', if not ODPP_NONE, is added as the
2858 * OVS_USERSPACE_ATTR_EGRESS_TUN_PORT attribute. If 'include_actions', an
f69f713b
BY		 2859 * OVS_USERSPACE_ATTR_ACTIONS attribute is added. If 'emit_set_tunnel',
2860 * sample(sampling_port=1) would translate into datapath sample action
2861 * set(tunnel(...)), sample(...) and it is used for sampling egress tunnel
2862 * information.
9583bc14
EJ		 2863 */
2864static size_t
a6092018 2865compose_sample_action(struct xlate_ctx *ctx,
9583bc14
EJ		 2866 const uint32_t probability,
2867 const union user_action_cookie *cookie,
8b7ea2d4 2868 const size_t cookie_size,
7321bda3
NM		 2869 const odp_port_t tunnel_out_port,
2870 bool include_actions)
9583bc14 2871{
b97f2c3a
BY		 2872 if (probability == 0) {
2873 /* No need to generate sampling or the inner action. */
2874 return 0;
2875 }
2876
31b29c2e
AZ		 2877 /* If the slow path meter is configured by the controller,
2878 * insert a meter action before the user space action. */
2879 struct ofproto *ofproto = &ctx->xin->ofproto->up;
2880 uint32_t meter_id = ofproto->slowpath_meter_id;
2881
2882 /* When meter action is not required, avoid generate sample action
2883 * for 100% sampling rate. */
2884 bool is_sample = probability < UINT32_MAX || meter_id != UINT32_MAX;
72471622
BY		 2885 size_t sample_offset, actions_offset;
2886 if (is_sample) {
2887 sample_offset = nl_msg_start_nested(ctx->odp_actions,
2888 OVS_ACTION_ATTR_SAMPLE);
2889 nl_msg_put_u32(ctx->odp_actions, OVS_SAMPLE_ATTR_PROBABILITY,
2890 probability);
2891 actions_offset = nl_msg_start_nested(ctx->odp_actions,
2892 OVS_SAMPLE_ATTR_ACTIONS);
2893 }
9583bc14 2894
31b29c2e
AZ		 2895 if (meter_id != UINT32_MAX) {
2896 nl_msg_put_u32(ctx->odp_actions, OVS_ACTION_ATTR_METER, meter_id);
2897 }
2898
a6092018
BP		 2899 odp_port_t odp_port = ofp_port_to_odp_port(
2900 ctx->xbridge, ctx->xin->flow.in_port.ofp_port);
2901 uint32_t pid = dpif_port_get_pid(ctx->xbridge->dpif, odp_port,
2902 flow_hash_5tuple(&ctx->xin->flow, 0));
2903 int cookie_offset = odp_put_userspace_action(pid, cookie, cookie_size,
2904 tunnel_out_port,
2905 include_actions,
2906 ctx->odp_actions);
89a8a7f0 2907
72471622
BY		 2908 if (is_sample) {
2909 nl_msg_end_nested(ctx->odp_actions, actions_offset);
2910 nl_msg_end_nested(ctx->odp_actions, sample_offset);
2911 }
9583bc14 2912
9583bc14
EJ		 2913 return cookie_offset;
2914}
2915
a6092018
BP		 2916/* If sFLow is not enabled, returns 0 without doing anything.
2917 *
2918 * If sFlow is enabled, appends a template "sample" action to the ODP actions
2919 * in 'ctx'. This action is a template because some of the information needed
2920 * to fill it out is not available until flow translation is complete. In this
2921 * case, this functions returns an offset, which is always nonzero, to pass
2922 * later to fix_sflow_action() to fill in the rest of the template. */
9583bc14 2923static size_t
a6092018 2924compose_sflow_action(struct xlate_ctx *ctx)
9583bc14 2925{
a6092018
BP		 2926 struct dpif_sflow *sflow = ctx->xbridge->sflow;
2927 if (!sflow || ctx->xin->flow.in_port.ofp_port == OFPP_NONE) {
9583bc14
EJ		 2928 return 0;
2929 }
2930
a6092018
BP		 2931 union user_action_cookie cookie = { .type = USER_ACTION_COOKIE_SFLOW };
2932 return compose_sample_action(ctx, dpif_sflow_get_probability(sflow),
7321bda3
NM		 2933 &cookie, sizeof cookie.sflow, ODPP_NONE,
2934 true);
9583bc14
EJ		 2935}
2936
f69f713b
BY		 2937/* If flow IPFIX is enabled, make sure IPFIX flow sample action
2938 * at egress point of tunnel port is just in front of corresponding
2939 * output action. If bridge IPFIX is enabled, this appends an IPFIX
2940 * sample action to 'ctx->odp_actions'. */
9583bc14 2941static void
a6092018 2942compose_ipfix_action(struct xlate_ctx *ctx, odp_port_t output_odp_port)
9583bc14 2943{
a6092018 2944 struct dpif_ipfix *ipfix = ctx->xbridge->ipfix;
8b7ea2d4 2945 odp_port_t tunnel_out_port = ODPP_NONE;
9583bc14 2946
a6092018 2947 if (!ipfix || ctx->xin->flow.in_port.ofp_port == OFPP_NONE) {
9583bc14
EJ		 2948 return;
2949 }
2950
8b7ea2d4
WZ		 2951 /* For input case, output_odp_port is ODPP_NONE, which is an invalid port
2952 * number. */
2953 if (output_odp_port == ODPP_NONE &&
a6092018 2954 !dpif_ipfix_get_bridge_exporter_input_sampling(ipfix)) {
8b7ea2d4
WZ		 2955 return;
2956 }
2957
f69f713b 2958 /* For output case, output_odp_port is valid. */
8b7ea2d4 2959 if (output_odp_port != ODPP_NONE) {
a6092018 2960 if (!dpif_ipfix_get_bridge_exporter_output_sampling(ipfix)) {
8b7ea2d4
WZ		 2961 return;
2962 }
2963 /* If tunnel sampling is enabled, put an additional option attribute:
2964 * OVS_USERSPACE_ATTR_TUNNEL_OUT_PORT
2965 */
a6092018
BP		 2966 if (dpif_ipfix_get_bridge_exporter_tunnel_sampling(ipfix) &&
2967 dpif_ipfix_get_tunnel_port(ipfix, output_odp_port) ) {
8b7ea2d4
WZ		 2968 tunnel_out_port = output_odp_port;
2969 }
2970 }
2971
a6092018
BP		 2972 union user_action_cookie cookie = {
2973 .ipfix = {
2974 .type = USER_ACTION_COOKIE_IPFIX,
2975 .output_odp_port = output_odp_port,
2976 }
2977 };
2978 compose_sample_action(ctx,
2979 dpif_ipfix_get_bridge_exporter_probability(ipfix),
7321bda3
NM		 2980 &cookie, sizeof cookie.ipfix, tunnel_out_port,
2981 false);
9583bc14
EJ		 2982}
2983
a6092018
BP		 2984/* Fix "sample" action according to data collected while composing ODP actions,
2985 * as described in compose_sflow_action().
2986 *
2987 * 'user_cookie_offset' must be the offset returned by add_sflow_action(). */
9583bc14 2988static void
a6092018 2989fix_sflow_action(struct xlate_ctx *ctx, unsigned int user_cookie_offset)
9583bc14
EJ		 2990{
2991 const struct flow *base = &ctx->base_flow;
2992 union user_action_cookie *cookie;
2993
a6092018 2994 cookie = ofpbuf_at(ctx->odp_actions, user_cookie_offset,
9583bc14
EJ		 2995 sizeof cookie->sflow);
2996 ovs_assert(cookie->type == USER_ACTION_COOKIE_SFLOW);
2997
a6092018 2998 cookie->type = USER_ACTION_COOKIE_SFLOW;
f0fb825a 2999 cookie->sflow.vlan_tci = base->vlans[0].tci;
a6092018
BP		 3000
3001 /* See http://www.sflow.org/sflow_version_5.txt (search for "Input/output
3002 * port information") for the interpretation of cookie->output. */
3003 switch (ctx->sflow_n_outputs) {
3004 case 0:
3005 /* 0x40000000 | 256 means "packet dropped for unknown reason". */
3006 cookie->sflow.output = 0x40000000 | 256;
3007 break;
3008
3009 case 1:
3010 cookie->sflow.output = dpif_sflow_odp_port_to_ifindex(
3011 ctx->xbridge->sflow, ctx->sflow_odp_port);
3012 if (cookie->sflow.output) {
3013 break;
3014 }
3015 /* Fall through. */
3016 default:
3017 /* 0x80000000 means "multiple output ports. */
3018 cookie->sflow.output = 0x80000000 | ctx->sflow_n_outputs;
3019 break;
3020 }
9583bc14
EJ		 3021}
3022
515793d5
BP		 3023static bool
3024process_special(struct xlate_ctx *ctx, const struct xport *xport)
db7d4e46 3025{
515793d5 3026 const struct flow *flow = &ctx->xin->flow;
49a73e0c 3027 struct flow_wildcards *wc = ctx->wc;
46c88433 3028 const struct xbridge *xbridge = ctx->xbridge;
515793d5
BP		 3029 const struct dp_packet *packet = ctx->xin->packet;
3030 enum slow_path_reason slow;
642dc74d 3031
46c88433 3032 if (!xport) {
515793d5 3033 slow = 0;
46c88433 3034 } else if (xport->cfm && cfm_should_process_flow(xport->cfm, flow, wc)) {
db7d4e46 3035 if (packet) {
46c88433 3036 cfm_process_heartbeat(xport->cfm, packet);
db7d4e46 3037 }
515793d5 3038 slow = SLOW_CFM;
fab52e16 3039 } else if (xport->bfd && bfd_should_process_flow(xport->bfd, flow, wc)) {
db7d4e46 3040 if (packet) {
46c88433 3041 bfd_process_packet(xport->bfd, flow, packet);
60d02c72
AW		 3042 /* If POLL received, immediately sends FINAL back. */
3043 if (bfd_should_send_packet(xport->bfd)) {
6d308b28 3044 ofproto_dpif_monitor_port_send_soon(xport->ofport);
60d02c72 3045 }
db7d4e46 3046 }
515793d5 3047 slow = SLOW_BFD;
46c88433 3048 } else if (xport->xbundle && xport->xbundle->lacp
db7d4e46
JP		 3049 && flow->dl_type == htons(ETH_TYPE_LACP)) {
3050 if (packet) {
46c88433 3051 lacp_process_packet(xport->xbundle->lacp, xport->ofport, packet);
db7d4e46 3052 }
515793d5 3053 slow = SLOW_LACP;
9efd308e
DV		 3054 } else if ((xbridge->stp || xbridge->rstp) &&
3055 stp_should_process_flow(flow, wc)) {
db7d4e46 3056 if (packet) {
f025bcb7
JR		 3057 xbridge->stp
3058 ? stp_process_packet(xport, packet)
3059 : rstp_process_packet(xport, packet);
db7d4e46 3060 }
515793d5 3061 slow = SLOW_STP;
19aef6ef 3062 } else if (xport->lldp && lldp_should_process_flow(xport->lldp, flow)) {
0477baa9
DF		 3063 if (packet) {
3064 lldp_process_packet(xport->lldp, packet);
3065 }
515793d5 3066 slow = SLOW_LLDP;
db7d4e46 3067 } else {
515793d5
BP		 3068 slow = 0;
3069 }
3070
3071 if (slow) {
3072 ctx->xout->slow |= slow;
3073 return true;
3074 } else {
3075 return false;
db7d4e46
JP		 3076 }
3077}
3078
a36de779
PS		 3079static int
3080tnl_route_lookup_flow(const struct flow *oflow,
a8704b50
PS		 3081 struct in6_addr *ip, struct in6_addr *src,
3082 struct xport **out_port)
a36de779
PS		 3083{
3084 char out_dev[IFNAMSIZ];
3085 struct xbridge *xbridge;
3086 struct xlate_cfg *xcfg;
c2b878e0
TLSC		 3087 struct in6_addr gw;
3088 struct in6_addr dst;
a36de779 3089
c2b878e0 3090 dst = flow_tnl_dst(&oflow->tunnel);
ed52ca57 3091 if (!ovs_router_lookup(oflow->pkt_mark, &dst, out_dev, src, &gw)) {
a36de779
PS		 3092 return -ENOENT;
3093 }
3094
c2b878e0
TLSC		 3095 if (ipv6_addr_is_set(&gw) &&
3096 (!IN6_IS_ADDR_V4MAPPED(&gw) || in6_addr_get_mapped_ipv4(&gw))) {
a36de779
PS		 3097 *ip = gw;
3098 } else {
c2b878e0 3099 *ip = dst;
a36de779
PS		 3100 }
3101
3102 xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
3103 ovs_assert(xcfg);
3104
3105 HMAP_FOR_EACH (xbridge, hmap_node, &xcfg->xbridges) {
3106 if (!strncmp(xbridge->name, out_dev, IFNAMSIZ)) {
3107 struct xport *port;
3108
3109 HMAP_FOR_EACH (port, ofp_node, &xbridge->xports) {
3110 if (!strncmp(netdev_get_name(port->netdev), out_dev, IFNAMSIZ)) {
3111 *out_port = port;
3112 return 0;
3113 }
3114 }
3115 }
3116 }
3117 return -ENOENT;
3118}
3119
3120static int
cdd42eda
JG		 3121compose_table_xlate(struct xlate_ctx *ctx, const struct xport *out_dev,
3122 struct dp_packet *packet)
a36de779 3123{
cdd42eda 3124 struct xbridge *xbridge = out_dev->xbridge;
a36de779
PS		 3125 struct ofpact_output output;
3126 struct flow flow;
3127
3128 ofpact_init(&output.ofpact, OFPACT_OUTPUT, sizeof output);
cf62fa4c 3129 flow_extract(packet, &flow);
cdd42eda
JG		 3130 flow.in_port.ofp_port = out_dev->ofp_port;
3131 output.port = OFPP_TABLE;
a36de779
PS		 3132 output.max_len = 0;
3133
1f4a8933
JR		 3134 return ofproto_dpif_execute_actions__(xbridge->ofproto,
3135 ctx->xin->tables_version, &flow,
3136 NULL, &output.ofpact, sizeof output,
2d9b49dd 3137 ctx->depth, ctx->resubmits, packet);
a36de779
PS		 3138}
3139
c2b878e0
TLSC		 3140static void
3141tnl_send_nd_request(struct xlate_ctx *ctx, const struct xport *out_dev,
3142 const struct eth_addr eth_src,
3143 struct in6_addr * ipv6_src, struct in6_addr * ipv6_dst)
3144{
3145 struct dp_packet packet;
3146
3147 dp_packet_init(&packet, 0);
16187903 3148 compose_nd_ns(&packet, eth_src, ipv6_src, ipv6_dst);
c2b878e0
TLSC		 3149 compose_table_xlate(ctx, out_dev, &packet);
3150 dp_packet_uninit(&packet);
3151}
3152
a36de779 3153static void
cdd42eda 3154tnl_send_arp_request(struct xlate_ctx *ctx, const struct xport *out_dev,
74ff3298 3155 const struct eth_addr eth_src,
a36de779
PS		 3156 ovs_be32 ip_src, ovs_be32 ip_dst)
3157{
cf62fa4c 3158 struct dp_packet packet;
a36de779 3159
cf62fa4c 3160 dp_packet_init(&packet, 0);
eb0b295e
BP		 3161 compose_arp(&packet, ARP_OP_REQUEST,
3162 eth_src, eth_addr_zero, true, ip_src, ip_dst);
a36de779 3163
cdd42eda 3164 compose_table_xlate(ctx, out_dev, &packet);
cf62fa4c 3165 dp_packet_uninit(&packet);
a36de779
PS		 3166}
3167
7c12dfc5
SC		 3168static void
3169propagate_tunnel_data_to_flow__(struct flow *dst_flow,
3170 const struct flow *src_flow,
3171 struct eth_addr dmac, struct eth_addr smac,
3172 struct in6_addr s_ip6, ovs_be32 s_ip,
3173 bool is_tnl_ipv6, uint8_t nw_proto)
3174{
3175 dst_flow->dl_dst = dmac;
3176 dst_flow->dl_src = smac;
3177
3178 dst_flow->packet_type = htonl(PT_ETH);
3179 dst_flow->nw_dst = src_flow->tunnel.ip_dst;
3180 dst_flow->nw_src = src_flow->tunnel.ip_src;
3181 dst_flow->ipv6_dst = src_flow->tunnel.ipv6_dst;
3182 dst_flow->ipv6_src = src_flow->tunnel.ipv6_src;
3183
3184 dst_flow->nw_tos = src_flow->tunnel.ip_tos;
3185 dst_flow->nw_ttl = src_flow->tunnel.ip_ttl;
3186 dst_flow->tp_dst = src_flow->tunnel.tp_dst;
3187 dst_flow->tp_src = src_flow->tunnel.tp_src;
3188
3189 if (is_tnl_ipv6) {
3190 dst_flow->dl_type = htons(ETH_TYPE_IPV6);
3191 if (ipv6_mask_is_any(&dst_flow->ipv6_src)
3192 && !ipv6_mask_is_any(&s_ip6)) {
3193 dst_flow->ipv6_src = s_ip6;
3194 }
3195 } else {
3196 dst_flow->dl_type = htons(ETH_TYPE_IP);
3197 if (dst_flow->nw_src == 0 && s_ip) {
3198 dst_flow->nw_src = s_ip;
3199 }
3200 }
3201 dst_flow->nw_proto = nw_proto;
3202}
3203
3204/*
3205 * Populate the 'flow' and 'base_flow' L3 fields to do the post tunnel push
3206 * translations.
3207 */
3208static void
3209propagate_tunnel_data_to_flow(struct xlate_ctx *ctx, struct eth_addr dmac,
3210 struct eth_addr smac, struct in6_addr s_ip6,
3211 ovs_be32 s_ip, bool is_tnl_ipv6,
3212 enum ovs_vport_type tnl_type)
3213{
3214 struct flow *base_flow, *flow;
3215 flow = &ctx->xin->flow;
3216 base_flow = &ctx->base_flow;
3217 uint8_t nw_proto = 0;
3218
3219 switch (tnl_type) {
3220 case OVS_VPORT_TYPE_GRE:
3221 nw_proto = IPPROTO_GRE;
3222 break;
3223 case OVS_VPORT_TYPE_VXLAN:
3224 case OVS_VPORT_TYPE_GENEVE:
3225 nw_proto = IPPROTO_UDP;
3226 break;
3227 case OVS_VPORT_TYPE_LISP:
3228 case OVS_VPORT_TYPE_STT:
3229 case OVS_VPORT_TYPE_UNSPEC:
3230 case OVS_VPORT_TYPE_NETDEV:
3231 case OVS_VPORT_TYPE_INTERNAL:
3232 case __OVS_VPORT_TYPE_MAX:
3233 default:
3234 OVS_NOT_REACHED();
7c12dfc5
SC		 3235 }
3236 /*
3237 * Update base_flow first followed by flow as the dst_flow gets modified
3238 * in the function.
3239 */
3240 propagate_tunnel_data_to_flow__(base_flow, flow, dmac, smac, s_ip6, s_ip,
3241 is_tnl_ipv6, nw_proto);
3242 propagate_tunnel_data_to_flow__(flow, flow, dmac, smac, s_ip6, s_ip,
3243 is_tnl_ipv6, nw_proto);
3244}
3245
a36de779 3246static int
11938578
AZ		 3247native_tunnel_output(struct xlate_ctx *ctx, const struct xport *xport,
3248 const struct flow *flow, odp_port_t tunnel_odp_port,
3249 bool truncate)
a36de779 3250{
4975aa3e 3251 struct netdev_tnl_build_header_params tnl_params;
a36de779
PS		 3252 struct ovs_action_push_tnl tnl_push_data;
3253 struct xport *out_dev = NULL;
c2b878e0
TLSC		 3254 ovs_be32 s_ip = 0, d_ip = 0;
3255 struct in6_addr s_ip6 = in6addr_any;
3256 struct in6_addr d_ip6 = in6addr_any;
74ff3298
JR		 3257 struct eth_addr smac;
3258 struct eth_addr dmac;
a36de779 3259 int err;
c2b878e0
TLSC		 3260 char buf_sip6[INET6_ADDRSTRLEN];
3261 char buf_dip6[INET6_ADDRSTRLEN];
a36de779 3262
7c12dfc5
SC		 3263 /* Structures to backup Ethernet and IP of base_flow. */
3264 struct flow old_base_flow;
3265 struct flow old_flow;
3266
3267 /* Backup flow & base_flow data. */
3268 memcpy(&old_base_flow, &ctx->base_flow, sizeof old_base_flow);
3269 memcpy(&old_flow, &ctx->xin->flow, sizeof old_flow);
3270
a8704b50 3271 err = tnl_route_lookup_flow(flow, &d_ip6, &s_ip6, &out_dev);
a36de779 3272 if (err) {
2d9b49dd 3273 xlate_report(ctx, OFT_WARN, "native tunnel routing failed");
a36de779
PS		 3274 return err;
3275 }
c2b878e0 3276
2d9b49dd 3277 xlate_report(ctx, OFT_DETAIL, "tunneling to %s via %s",
c2b878e0
TLSC		 3278 ipv6_string_mapped(buf_dip6, &d_ip6),
3279 netdev_get_name(out_dev->netdev));
a36de779
PS		 3280
3281 /* Use mac addr of bridge port of the peer. */
74ff3298 3282 err = netdev_get_etheraddr(out_dev->netdev, &smac);
a36de779 3283 if (err) {
2d9b49dd
BP		 3284 xlate_report(ctx, OFT_WARN,
3285 "tunnel output device lacks Ethernet address");
a36de779
PS		 3286 return err;
3287 }
3288
c2b878e0
TLSC		 3289 d_ip = in6_addr_get_mapped_ipv4(&d_ip6);
3290 if (d_ip) {
a8704b50 3291 s_ip = in6_addr_get_mapped_ipv4(&s_ip6);
a36de779
PS		 3292 }
3293
c2b878e0 3294 err = tnl_neigh_lookup(out_dev->xbridge->name, &d_ip6, &dmac);
a36de779 3295 if (err) {
2d9b49dd
BP		 3296 xlate_report(ctx, OFT_DETAIL,
3297 "neighbor cache miss for %s on bridge %s, "
c2b878e0
TLSC		 3298 "sending %s request",
3299 buf_dip6, out_dev->xbridge->name, d_ip ? "ARP" : "ND");
3300 if (d_ip) {
3301 tnl_send_arp_request(ctx, out_dev, smac, s_ip, d_ip);
3302 } else {
3303 tnl_send_nd_request(ctx, out_dev, smac, &s_ip6, &d_ip6);
3304 }
a36de779
PS		 3305 return err;
3306 }
c2b878e0 3307
a36de779
PS		 3308 if (ctx->xin->xcache) {
3309 struct xc_entry *entry;
3310
53902038 3311 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_TNL_NEIGH);
901a517e
JR		 3312 ovs_strlcpy(entry->tnl_neigh_cache.br_name, out_dev->xbridge->name,
3313 sizeof entry->tnl_neigh_cache.br_name);
3314 entry->tnl_neigh_cache.d_ipv6 = d_ip6;
a36de779 3315 }
81de18ec 3316
2d9b49dd 3317 xlate_report(ctx, OFT_DETAIL, "tunneling from "ETH_ADDR_FMT" %s"
c2b878e0
TLSC		 3318 " to "ETH_ADDR_FMT" %s",
3319 ETH_ADDR_ARGS(smac), ipv6_string_mapped(buf_sip6, &s_ip6),
3320 ETH_ADDR_ARGS(dmac), buf_dip6);
3321
4975aa3e
PS		 3322 netdev_init_tnl_build_header_params(&tnl_params, flow, &s_ip6, dmac, smac);
3323 err = tnl_port_build_header(xport->ofport, &tnl_push_data, &tnl_params);
a36de779
PS		 3324 if (err) {
3325 return err;
3326 }
81765c00
BP		 3327 tnl_push_data.tnl_port = tunnel_odp_port;
3328 tnl_push_data.out_port = out_dev->odp_port;
beb75a40 3329
7c12dfc5
SC		 3330 /* After tunnel header has been added, MAC and IP data of flow and
3331 * base_flow need to be set properly, since there is not recirculation
3332 * any more when sending packet to tunnel. */
beb75a40 3333
11938578
AZ		 3334 propagate_tunnel_data_to_flow(ctx, dmac, smac, s_ip6,
3335 s_ip, tnl_params.is_ipv6,
3336 tnl_push_data.tnl_type);
7c12dfc5 3337
11938578
AZ		 3338 size_t clone_ofs = 0;
3339 size_t push_action_size;
7c12dfc5 3340
11938578
AZ		 3341 clone_ofs = nl_msg_start_nested(ctx->odp_actions, OVS_ACTION_ATTR_CLONE);
3342 odp_put_tnl_push_action(ctx->odp_actions, &tnl_push_data);
3343 push_action_size = ctx->odp_actions->size;
3344
3345 if (!truncate) {
3346 const struct dpif_flow_stats *backup_resubmit_stats;
3347 struct xlate_cache *backup_xcache;
3348 struct flow_wildcards *backup_wc, wc;
3349 bool backup_side_effects;
3350 const struct dp_packet *backup_packet;
3351
3352 memset(&wc, 0 , sizeof wc);
3353 backup_wc = ctx->wc;
3354 ctx->wc = &wc;
3355 ctx->xin->wc = NULL;
3356 backup_resubmit_stats = ctx->xin->resubmit_stats;
3357 backup_xcache = ctx->xin->xcache;
3358 backup_side_effects = ctx->xin->allow_side_effects;
3359 backup_packet = ctx->xin->packet;
3360
3361 ctx->xin->resubmit_stats = NULL;
3362 ctx->xin->xcache = xlate_cache_new(); /* Use new temporary cache. */
3363 ctx->xin->allow_side_effects = false;
3364 ctx->xin->packet = NULL;
3365
3366 /* Push the cache entry for the tunnel first. */
3367 struct xc_entry *entry;
3368 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_TUNNEL_HEADER);
3369 entry->tunnel_hdr.hdr_size = tnl_push_data.header_len;
3370 entry->tunnel_hdr.operation = ADD;
3371
3372 patch_port_output(ctx, xport, out_dev);
3373
3374 /* Similar to the stats update in revalidation, the x_cache entries
3375 * are populated by the previous translation are used to update the
3376 * stats correctly.
7c12dfc5 3377 */
11938578
AZ		 3378 if (backup_resubmit_stats) {
3379 struct dpif_flow_stats stats = *backup_resubmit_stats;
3380 xlate_push_stats(ctx->xin->xcache, &stats);
3381 }
3382 xlate_cache_steal_entries(backup_xcache, ctx->xin->xcache);
3383
3384 if (ctx->odp_actions->size > push_action_size) {
3385 nl_msg_end_non_empty_nested(ctx->odp_actions, clone_ofs);
3386 } else {
3387 nl_msg_cancel_nested(ctx->odp_actions, clone_ofs);
3388 /* XXX : There is no real use-case for a tunnel push without
3389 * any post actions. However keeping it now
3390 * as is to make the 'make check' happy. Should remove when all the
3391 * make check tunnel test case does something meaningful on a
3392 * tunnel encap packets.
3393 */
3394 odp_put_tnl_push_action(ctx->odp_actions, &tnl_push_data);
3395 }
3396
3397 /* Restore context status. */
3398 ctx->xin->resubmit_stats = backup_resubmit_stats;
3399 xlate_cache_delete(ctx->xin->xcache);
3400 ctx->xin->xcache = backup_xcache;
3401 ctx->xin->allow_side_effects = backup_side_effects;
3402 ctx->xin->packet = backup_packet;
3403 ctx->wc = backup_wc;
3404 } else {
3405 /* In order to maintain accurate stats, use recirc for
3406 * natvie tunneling. */
7c12dfc5
SC		 3407 nl_msg_put_u32(ctx->odp_actions, OVS_ACTION_ATTR_RECIRC, 0);
3408 nl_msg_end_nested(ctx->odp_actions, clone_ofs);
3409 }
11938578 3410
7c12dfc5
SC		 3411 /* Restore the flows after the translation. */
3412 memcpy(&ctx->xin->flow, &old_flow, sizeof ctx->xin->flow);
3413 memcpy(&ctx->base_flow, &old_base_flow, sizeof ctx->base_flow);
a36de779
PS		 3414 return 0;
3415}
3416
704bb0bf
JS		 3417static void
3418xlate_commit_actions(struct xlate_ctx *ctx)
3419{
3420 bool use_masked = ctx->xbridge->support.masked_set_action;
3421
3422 ctx->xout->slow |= commit_odp_actions(&ctx->xin->flow, &ctx->base_flow,
3423 ctx->odp_actions, ctx->wc,
1fc11c59
JS		 3424 use_masked, ctx->pending_encap,
3425 ctx->encap_data);
f839892a 3426 ctx->pending_encap = false;
1fc11c59
JS		 3427 ofpbuf_delete(ctx->encap_data);
3428 ctx->encap_data = NULL;
704bb0bf
JS		 3429}
3430
07659514 3431static void
72fe7578 3432clear_conntrack(struct xlate_ctx *ctx)
07659514 3433{
72fe7578 3434 ctx->conntracked = false;
6846e91e 3435 flow_clear_conntrack(&ctx->xin->flow);
07659514
JS		 3436}
3437
58d636ee
BK		 3438static bool
3439xlate_flow_is_protected(const struct xlate_ctx *ctx, const struct flow *flow, const struct xport *xport_out)
3440{
3441 const struct xport *xport_in;
3442
3443 if (!xport_out) {
3444 return false;
3445 }
3446
3447 xport_in = get_ofp_port(ctx->xbridge, flow->in_port.ofp_port);
3448
3449 return (xport_in && xport_in->xbundle && xport_out->xbundle &&
3450 xport_in->xbundle->protected && xport_out->xbundle->protected);
3451}
3452
48f704f4 3453/* Function handles when a packet is sent from one bridge to another bridge.
8bdb2bdb 3454 *
48f704f4
AZ		 3455 * The bridges are internally connected, either with patch ports or with
3456 * tunnel ports.
3457 *
3458 * The output action to another bridge causes translation to continue within
3459 * the next bridge. This process can be recursive; the next bridge can
3460 * output yet to another bridge.
3461 *
3462 * The translated actions from the second bridge onwards are enclosed within
3463 * the clone action, so that any modification to the packet will not be visible
3464 * to the remaining actions of the originating bridge.
8bdb2bdb
SC		 3465 */
3466static void
48f704f4
AZ		 3467patch_port_output(struct xlate_ctx *ctx, const struct xport *in_dev,
3468 struct xport *out_dev)
8bdb2bdb
SC		 3469{
3470 struct flow *flow = &ctx->xin->flow;
3471 struct flow old_flow = ctx->xin->flow;
3472 struct flow_tnl old_flow_tnl_wc = ctx->wc->masks.tunnel;
3473 bool old_conntrack = ctx->conntracked;
3474 bool old_was_mpls = ctx->was_mpls;
3475 ovs_version_t old_version = ctx->xin->tables_version;
3476 struct ofpbuf old_stack = ctx->stack;
3477 uint8_t new_stack[1024];
3478 struct ofpbuf old_action_set = ctx->action_set;
3479 struct ovs_list *old_trace = ctx->xin->trace;
3480 uint64_t actset_stub[1024 / 8];
3481
3482 ofpbuf_use_stub(&ctx->stack, new_stack, sizeof new_stack);
3483 ofpbuf_use_stub(&ctx->action_set, actset_stub, sizeof actset_stub);
3484 flow->in_port.ofp_port = out_dev->ofp_port;
3485 flow->metadata = htonll(0);
3486 memset(&flow->tunnel, 0, sizeof flow->tunnel);
86bfb29a 3487 memset(&ctx->wc->masks.tunnel, 0, sizeof ctx->wc->masks.tunnel);
8bdb2bdb
SC		 3488 flow->tunnel.metadata.tab =
3489 ofproto_get_tun_tab(&out_dev->xbridge->ofproto->up);
3490 ctx->wc->masks.tunnel.metadata.tab = flow->tunnel.metadata.tab;
3491 memset(flow->regs, 0, sizeof flow->regs);
3492 flow->actset_output = OFPP_UNSET;
3493 clear_conntrack(ctx);
3494 ctx->xin->trace = xlate_report(ctx, OFT_BRIDGE, "bridge(\"%s\")",
3495 out_dev->xbridge->name);
3496 mirror_mask_t old_mirrors = ctx->mirrors;
3497 bool independent_mirrors = out_dev->xbridge != ctx->xbridge;
3498 if (independent_mirrors) {
3499 ctx->mirrors = 0;
3500 }
3501 ctx->xbridge = out_dev->xbridge;
3502
3503 /* The bridge is now known so obtain its table version. */
3504 ctx->xin->tables_version
3505 = ofproto_dpif_get_tables_version(ctx->xbridge->ofproto);
3506
3507 if (!process_special(ctx, out_dev) && may_receive(out_dev, ctx)) {
3508 if (xport_stp_forward_state(out_dev) &&
3509 xport_rstp_forward_state(out_dev)) {
3510 xlate_table_action(ctx, flow->in_port.ofp_port, 0, true, true,
96c3a6e5 3511 false, true, clone_xlate_actions);
8bdb2bdb
SC		 3512 if (!ctx->freezing) {
3513 xlate_action_set(ctx);
3514 }
3515 if (ctx->freezing) {
3516 finish_freezing(ctx);
3517 }
3518 } else {
3519 /* Forwarding is disabled by STP and RSTP. Let OFPP_NORMAL and
3520 * the learning action look at the packet, then drop it. */
3521 struct flow old_base_flow = ctx->base_flow;
3522 size_t old_size = ctx->odp_actions->size;
3523 mirror_mask_t old_mirrors2 = ctx->mirrors;
3524
3525 xlate_table_action(ctx, flow->in_port.ofp_port, 0, true, true,
96c3a6e5 3526 false, true, clone_xlate_actions);
8bdb2bdb
SC		 3527 ctx->mirrors = old_mirrors2;
3528 ctx->base_flow = old_base_flow;
3529 ctx->odp_actions->size = old_size;
3530
3531 /* Undo changes that may have been done for freezing. */
3532 ctx_cancel_freeze(ctx);
3533 }
3534 }
3535
3536 ctx->xin->trace = old_trace;
3537 if (independent_mirrors) {
3538 ctx->mirrors = old_mirrors;
3539 }
3540 ctx->xin->flow = old_flow;
3541 ctx->xbridge = in_dev->xbridge;
3542 ofpbuf_uninit(&ctx->action_set);
3543 ctx->action_set = old_action_set;
3544 ofpbuf_uninit(&ctx->stack);
3545 ctx->stack = old_stack;
3546
3547 /* Restore calling bridge's lookup version. */
3548 ctx->xin->tables_version = old_version;
3549
3550 /* Restore to calling bridge tunneling information */
3551 ctx->wc->masks.tunnel = old_flow_tnl_wc;
3552
3553 /* The out bridge popping MPLS should have no effect on the original
3554 * bridge. */
3555 ctx->was_mpls = old_was_mpls;
3556
3557 /* The out bridge's conntrack execution should have no effect on the
3558 * original bridge. */
3559 ctx->conntracked = old_conntrack;
3560
3561 /* The fact that the out bridge exits (for any reason) does not mean
3562 * that the original bridge should exit. Specifically, if the out
3563 * bridge freezes translation, the original bridge must continue
3564 * processing with the original, not the frozen packet! */
3565 ctx->exit = false;
3566
3567 /* Out bridge errors do not propagate back. */
3568 ctx->error = XLATE_OK;
3569
3570 if (ctx->xin->resubmit_stats) {
3571 netdev_vport_inc_tx(in_dev->netdev, ctx->xin->resubmit_stats);
3572 netdev_vport_inc_rx(out_dev->netdev, ctx->xin->resubmit_stats);
3573 if (out_dev->bfd) {
3574 bfd_account_rx(out_dev->bfd, ctx->xin->resubmit_stats);
3575 }
3576 }
3577 if (ctx->xin->xcache) {
3578 struct xc_entry *entry;
3579
3580 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_NETDEV);
3581 entry->dev.tx = netdev_ref(in_dev->netdev);
3582 entry->dev.rx = netdev_ref(out_dev->netdev);
3583 entry->dev.bfd = bfd_ref(out_dev->bfd);
3584 }
3585}
3586
081617f0
JS		 3587static bool
3588check_output_prerequisites(struct xlate_ctx *ctx,
3589 const struct xport *xport,
3590 struct flow *flow,
3591 bool check_stp)
9583bc14 3592{
49a73e0c 3593 struct flow_wildcards *wc = ctx->wc;
9583bc14 3594
46c88433 3595 if (!xport) {
2d9b49dd 3596 xlate_report(ctx, OFT_WARN, "Nonexistent output port");
081617f0 3597 return false;
46c88433 3598 } else if (xport->config & OFPUTIL_PC_NO_FWD) {
2d9b49dd 3599 xlate_report(ctx, OFT_DETAIL, "OFPPC_NO_FWD set, skipping output");
081617f0 3600 return false;
1356dbd1 3601 } else if (ctx->mirror_snaplen != 0 && xport->odp_port == ODPP_NONE) {
2d9b49dd
BP		 3602 xlate_report(ctx, OFT_WARN,
3603 "Mirror truncate to ODPP_NONE, skipping output");
081617f0 3604 return false;
58d636ee 3605 } else if (xlate_flow_is_protected(ctx, flow, xport)) {
2d9b49dd
BP		 3606 xlate_report(ctx, OFT_WARN,
3607 "Flow is between protected ports, skipping output.");
081617f0 3608 return false;
0d1cee12 3609 } else if (check_stp) {
bbbca389 3610 if (is_stp(&ctx->base_flow)) {
9efd308e
DV		 3611 if (!xport_stp_should_forward_bpdu(xport) &&
3612 !xport_rstp_should_manage_bpdu(xport)) {
3613 if (ctx->xbridge->stp != NULL) {
2d9b49dd
BP		 3614 xlate_report(ctx, OFT_WARN,
3615 "STP not in listening state, "
3616 "skipping bpdu output");
9efd308e 3617 } else if (ctx->xbridge->rstp != NULL) {
2d9b49dd
BP		 3618 xlate_report(ctx, OFT_WARN,
3619 "RSTP not managing BPDU in this state, "
3620 "skipping bpdu output");
9efd308e 3621 }
081617f0 3622 return false;
0d1cee12 3623 }
67818616
MV		 3624 } else if ((xport->cfm && cfm_should_process_flow(xport->cfm, flow, wc))
3625 || (xport->bfd && bfd_should_process_flow(xport->bfd, flow,
3626 wc))) {
3627 /* Pass; STP should not block link health detection. */
9efd308e
DV		 3628 } else if (!xport_stp_forward_state(xport) ||
3629 !xport_rstp_forward_state(xport)) {
3630 if (ctx->xbridge->stp != NULL) {
2d9b49dd
BP		 3631 xlate_report(ctx, OFT_WARN,
3632 "STP not in forwarding state, skipping output");
9efd308e 3633 } else if (ctx->xbridge->rstp != NULL) {
2d9b49dd
BP		 3634 xlate_report(ctx, OFT_WARN,
3635 "RSTP not in forwarding state, skipping output");
9efd308e 3636 }
081617f0 3637 return false;
0d1cee12 3638 }
9583bc14 3639 }
5dbfe239
ZB		 3640
3641 if (xport->pt_mode == NETDEV_PT_LEGACY_L2 &&
3642 flow->packet_type != htonl(PT_ETH)) {
3643 xlate_report(ctx, OFT_WARN, "Trying to send non-Ethernet packet "
3644 "through legacy L2 port. Dropping packet.");
3645 return false;
3646 }
3647
081617f0
JS		 3648 return true;
3649}
3650
3651static bool
3652terminate_native_tunnel(struct xlate_ctx *ctx, ofp_port_t ofp_port,
3653 struct flow *flow, struct flow_wildcards *wc,
3654 odp_port_t *tnl_port)
3655{
3656 *tnl_port = ODPP_NONE;
3657
3658 /* XXX: Write better Filter for tunnel port. We can use in_port
3659 * in tunnel-port flow to avoid these checks completely. */
3660 if (ofp_port == OFPP_LOCAL &&
3661 ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) {
3662 *tnl_port = tnl_port_map_lookup(flow, wc);
3663 }
3664
3665 return *tnl_port != ODPP_NONE;
3666}
3667
3668static void
3669compose_output_action__(struct xlate_ctx *ctx, ofp_port_t ofp_port,
feee58b9 3670 const struct xlate_bond_recirc *xr, bool check_stp,
11938578 3671 bool is_last_action OVS_UNUSED, bool truncate)
081617f0
JS		 3672{
3673 const struct xport *xport = get_ofp_port(ctx->xbridge, ofp_port);
3674 struct flow_wildcards *wc = ctx->wc;
3675 struct flow *flow = &ctx->xin->flow;
3676 struct flow_tnl flow_tnl;
3677 union flow_vlan_hdr flow_vlans[FLOW_MAX_VLAN_HEADERS];
3678 uint8_t flow_nw_tos;
3679 odp_port_t out_port, odp_port, odp_tnl_port;
3680 bool is_native_tunnel = false;
3681 uint8_t dscp;
5dbfe239
ZB		 3682 struct eth_addr flow_dl_dst = flow->dl_dst;
3683 struct eth_addr flow_dl_src = flow->dl_src;
3684 ovs_be32 flow_packet_type = flow->packet_type;
3685 ovs_be16 flow_dl_type = flow->dl_type;
081617f0
JS		 3686
3687 /* If 'struct flow' gets additional metadata, we'll need to zero it out
3688 * before traversing a patch port. */
3d2fbd70 3689 BUILD_ASSERT_DECL(FLOW_WC_SEQ == 40);
081617f0
JS		 3690 memset(&flow_tnl, 0, sizeof flow_tnl);
3691
3692 if (!check_output_prerequisites(ctx, xport, flow, check_stp)) {
3693 return;
3694 }
9583bc14 3695
875ab130
BP		 3696 if (flow->packet_type == htonl(PT_ETH)) {
3697 /* Strip Ethernet header for legacy L3 port. */
3698 if (xport->pt_mode == NETDEV_PT_LEGACY_L3) {
3699 flow->packet_type = PACKET_TYPE_BE(OFPHTN_ETHERTYPE,
3700 ntohs(flow->dl_type));
3701 }
beb75a40
JS		 3702 }
3703
46c88433 3704 if (xport->peer) {
5cb92182
BP		 3705 if (truncate) {
3706 xlate_report_error(ctx, "Cannot truncate output to patch port");
3707 }
48f704f4 3708 patch_port_output(ctx, xport, xport->peer);
8bdb2bdb 3709 return;
9583bc14
EJ		 3710 }
3711
f0fb825a 3712 memcpy(flow_vlans, flow->vlans, sizeof flow_vlans);
33bf9176 3713 flow_nw_tos = flow->nw_tos;
9583bc14 3714
16194afd
DDP		 3715 if (count_skb_priorities(xport)) {
3716 memset(&wc->masks.skb_priority, 0xff, sizeof wc->masks.skb_priority);
3717 if (dscp_from_skb_priority(xport, flow->skb_priority, &dscp)) {
3718 wc->masks.nw_tos |= IP_DSCP_MASK;
3719 flow->nw_tos &= ~IP_DSCP_MASK;
3720 flow->nw_tos |= dscp;
3721 }
9583bc14
EJ		 3722 }
3723
46c88433 3724 if (xport->is_tunnel) {
c2b878e0 3725 struct in6_addr dst;
9583bc14
EJ		 3726 /* Save tunnel metadata so that changes made due to
3727 * the Logical (tunnel) Port are not visible for any further
3728 * matches, while explicit set actions on tunnel metadata are.
3729 */
a36de779 3730 flow_tnl = flow->tunnel;
49a73e0c 3731 odp_port = tnl_port_send(xport->ofport, flow, ctx->wc);
4e022ec0 3732 if (odp_port == ODPP_NONE) {
2d9b49dd 3733 xlate_report(ctx, OFT_WARN, "Tunneling decided against output");
9583bc14
EJ		 3734 goto out; /* restore flow_nw_tos */
3735 }
c2b878e0
TLSC		 3736 dst = flow_tnl_dst(&flow->tunnel);
3737 if (ipv6_addr_equals(&dst, &ctx->orig_tunnel_ipv6_dst)) {
2d9b49dd 3738 xlate_report(ctx, OFT_WARN, "Not tunneling to our own address");
9583bc14
EJ		 3739 goto out; /* restore flow_nw_tos */
3740 }
3741 if (ctx->xin->resubmit_stats) {
46c88433 3742 netdev_vport_inc_tx(xport->netdev, ctx->xin->resubmit_stats);
9583bc14 3743 }
b256dc52
JS		 3744 if (ctx->xin->xcache) {
3745 struct xc_entry *entry;
3746
3747 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_NETDEV);
901a517e 3748 entry->dev.tx = netdev_ref(xport->netdev);
b256dc52 3749 }
9583bc14 3750 out_port = odp_port;
a36de779 3751 if (ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) {
2d9b49dd 3752 xlate_report(ctx, OFT_DETAIL, "output to native tunnel");
081617f0 3753 is_native_tunnel = true;
a36de779 3754 } else {
2d9b49dd 3755 xlate_report(ctx, OFT_DETAIL, "output to kernel tunnel");
1520ef4f 3756 commit_odp_tunnel_action(flow, &ctx->base_flow, ctx->odp_actions);
a36de779
PS		 3757 flow->tunnel = flow_tnl; /* Restore tunnel metadata */
3758 }
9583bc14 3759 } else {
46c88433 3760 odp_port = xport->odp_port;
7614e5d0 3761 out_port = odp_port;
9583bc14 3762 }
9583bc14 3763
4e022ec0 3764 if (out_port != ODPP_NONE) {
081617f0 3765 /* Commit accumulated flow updates before output. */
704bb0bf 3766 xlate_commit_actions(ctx);
adcf00ba 3767
e93ef1c7 3768 if (xr) {
081617f0 3769 /* Recirculate the packet. */
347bf289 3770 struct ovs_action_hash *act_hash;
adcf00ba 3771
347bf289 3772 /* Hash action. */
1520ef4f 3773 act_hash = nl_msg_put_unspec_uninit(ctx->odp_actions,
347bf289
AZ		 3774 OVS_ACTION_ATTR_HASH,
3775 sizeof *act_hash);
3776 act_hash->hash_alg = xr->hash_alg;
62ac1f20 3777 act_hash->hash_basis = xr->hash_basis;
347bf289
AZ		 3778
3779 /* Recirc action. */
1520ef4f 3780 nl_msg_put_u32(ctx->odp_actions, OVS_ACTION_ATTR_RECIRC,
347bf289 3781 xr->recirc_id);
081617f0
JS		 3782 } else if (is_native_tunnel) {
3783 /* Output to native tunnel port. */
11938578 3784 native_tunnel_output(ctx, xport, flow, odp_port, truncate);
081617f0 3785 flow->tunnel = flow_tnl; /* Restore tunnel metadata */
a36de779 3786
081617f0
JS		 3787 } else if (terminate_native_tunnel(ctx, ofp_port, flow, wc,
3788 &odp_tnl_port)) {
3789 /* Intercept packet to be received on native tunnel port. */
3790 nl_msg_put_odp_port(ctx->odp_actions, OVS_ACTION_ATTR_TUNNEL_POP,
3791 odp_tnl_port);
a36de779 3792
081617f0
JS		 3793 } else {
3794 /* Tunnel push-pop action is not compatible with
3795 * IPFIX action. */
3796 compose_ipfix_action(ctx, out_port);
3797
3798 /* Handle truncation of the mirrored packet. */
3799 if (ctx->mirror_snaplen > 0 &&
3800 ctx->mirror_snaplen < UINT16_MAX) {
3801 struct ovs_action_trunc *trunc;
3802
3803 trunc = nl_msg_put_unspec_uninit(ctx->odp_actions,
3804 OVS_ACTION_ATTR_TRUNC,
3805 sizeof *trunc);
3806 trunc->max_len = ctx->mirror_snaplen;
3807 if (!ctx->xbridge->support.trunc) {
3808 ctx->xout->slow |= SLOW_ACTION;
1356dbd1
WT		 3809 }
3810 }
081617f0
JS		 3811
3812 nl_msg_put_odp_port(ctx->odp_actions,
3813 OVS_ACTION_ATTR_OUTPUT,
3814 out_port);
adcf00ba 3815 }
9583bc14 3816
6cbbf4fa
EJ		 3817 ctx->sflow_odp_port = odp_port;
3818 ctx->sflow_n_outputs++;
2031ef97 3819 ctx->nf_output_iface = ofp_port;
6cbbf4fa
EJ		 3820 }
3821
7efbc3b7
BP		 3822 if (mbridge_has_mirrors(ctx->xbridge->mbridge) && xport->xbundle) {
3823 mirror_packet(ctx, xport->xbundle,
3824 xbundle_mirror_dst(xport->xbundle->xbridge,
3825 xport->xbundle));
3826 }
3827
6cbbf4fa 3828 out:
9583bc14 3829 /* Restore flow */
f0fb825a 3830 memcpy(flow->vlans, flow_vlans, sizeof flow->vlans);
33bf9176 3831 flow->nw_tos = flow_nw_tos;
5dbfe239
ZB		 3832 flow->dl_dst = flow_dl_dst;
3833 flow->dl_src = flow_dl_src;
3834 flow->packet_type = flow_packet_type;
3835 flow->dl_type = flow_dl_type;
9583bc14
EJ		 3836}
3837
3838static void
e93ef1c7 3839compose_output_action(struct xlate_ctx *ctx, ofp_port_t ofp_port,
feee58b9 3840 const struct xlate_bond_recirc *xr,
11938578 3841 bool is_last_action, bool truncate)
9583bc14 3842{
11938578
AZ		 3843 compose_output_action__(ctx, ofp_port, xr, true,
3844 is_last_action, truncate);
9583bc14
EJ		 3845}
3846
bb61b33d 3847static void
feee58b9 3848xlate_recursively(struct xlate_ctx *ctx, struct rule_dpif *rule,
96c3a6e5
AZ		 3849 bool deepens, bool is_last_action,
3850 xlate_actions_handler *actions_xlator)
bb61b33d
BP		 3851{
3852 struct rule_dpif *old_rule = ctx->rule;
8b1e5560 3853 ovs_be64 old_cookie = ctx->rule_cookie;
dc723c44 3854 const struct rule_actions *actions;
bb61b33d
BP		 3855
3856 if (ctx->xin->resubmit_stats) {
70742c7f 3857 rule_dpif_credit_stats(rule, ctx->xin->resubmit_stats);
bb61b33d
BP		 3858 }
3859
98b07853 3860 ctx->resubmits++;
790c5d26 3861
790c5d26 3862 ctx->depth += deepens;
bb61b33d 3863 ctx->rule = rule;
07a3cd5c
BP		 3864 ctx->rule_cookie = rule->up.flow_cookie;
3865 actions = rule_get_actions(&rule->up);
96c3a6e5
AZ		 3866 actions_xlator(actions->ofpacts, actions->ofpacts_len, ctx,
3867 is_last_action);
8b1e5560 3868 ctx->rule_cookie = old_cookie;
bb61b33d 3869 ctx->rule = old_rule;
790c5d26 3870 ctx->depth -= deepens;
bb61b33d
BP		 3871}
3872
bd3240ba
SH		 3873static bool
3874xlate_resubmit_resource_check(struct xlate_ctx *ctx)
9583bc14 3875{
790c5d26 3876 if (ctx->depth >= MAX_DEPTH) {
2d9b49dd 3877 xlate_report_error(ctx, "over max translation depth %d", MAX_DEPTH);
fff1b9c0 3878 ctx->error = XLATE_RECURSION_TOO_DEEP;
790c5d26 3879 } else if (ctx->resubmits >= MAX_RESUBMITS) {
2d9b49dd 3880 xlate_report_error(ctx, "over %d resubmit actions", MAX_RESUBMITS);
fff1b9c0 3881 ctx->error = XLATE_TOO_MANY_RESUBMITS;
1520ef4f 3882 } else if (ctx->odp_actions->size > UINT16_MAX) {
2d9b49dd 3883 xlate_report_error(ctx, "resubmits yielded over 64 kB of actions");
fff1b9c0
JR		 3884 /* NOT an error, as we'll be slow-pathing the flow in this case? */
3885 ctx->exit = true; /* XXX: translation still terminated! */
6fd6ed71 3886 } else if (ctx->stack.size >= 65536) {
2d9b49dd 3887 xlate_report_error(ctx, "resubmits yielded over 64 kB of stack");
fff1b9c0 3888 ctx->error = XLATE_STACK_TOO_DEEP;
98b07853 3889 } else {
bd3240ba
SH		 3890 return true;
3891 }
3892
3893 return false;
3894}
3895
2cd20955
JR		 3896static void
3897tuple_swap_flow(struct flow *flow, bool ipv4)
3898{
3899 uint8_t nw_proto = flow->nw_proto;
3900 flow->nw_proto = flow->ct_nw_proto;
3901 flow->ct_nw_proto = nw_proto;
3902
3903 if (ipv4) {
3904 ovs_be32 nw_src = flow->nw_src;
3905 flow->nw_src = flow->ct_nw_src;
3906 flow->ct_nw_src = nw_src;
3907
3908 ovs_be32 nw_dst = flow->nw_dst;
3909 flow->nw_dst = flow->ct_nw_dst;
3910 flow->ct_nw_dst = nw_dst;
3911 } else {
3912 struct in6_addr ipv6_src = flow->ipv6_src;
3913 flow->ipv6_src = flow->ct_ipv6_src;
3914 flow->ct_ipv6_src = ipv6_src;
3915
3916 struct in6_addr ipv6_dst = flow->ipv6_dst;
3917 flow->ipv6_dst = flow->ct_ipv6_dst;
3918 flow->ct_ipv6_dst = ipv6_dst;
3919 }
3920
3921 ovs_be16 tp_src = flow->tp_src;
3922 flow->tp_src = flow->ct_tp_src;
3923 flow->ct_tp_src = tp_src;
3924
3925 ovs_be16 tp_dst = flow->tp_dst;
3926 flow->tp_dst = flow->ct_tp_dst;
3927 flow->ct_tp_dst = tp_dst;
3928}
3929
3930static void
3931tuple_swap(struct flow *flow, struct flow_wildcards *wc)
3932{
3933 bool ipv4 = (flow->dl_type == htons(ETH_TYPE_IP));
3934
3935 tuple_swap_flow(flow, ipv4);
3936 tuple_swap_flow(&wc->masks, ipv4);
3937}
3938
bd3240ba 3939static void
6d328fa2 3940xlate_table_action(struct xlate_ctx *ctx, ofp_port_t in_port, uint8_t table_id,
2cd20955 3941 bool may_packet_in, bool honor_table_miss,
96c3a6e5
AZ		 3942 bool with_ct_orig, bool is_last_action,
3943 xlate_actions_handler *xlator)
bd3240ba 3944{
e12ec36b
SH		 3945 /* Check if we need to recirculate before matching in a table. */
3946 if (ctx->was_mpls) {
3947 ctx_trigger_freeze(ctx);
3948 return;
3949 }
bd3240ba 3950 if (xlate_resubmit_resource_check(ctx)) {
9583bc14 3951 uint8_t old_table_id = ctx->table_id;
3f207910 3952 struct rule_dpif *rule;
9583bc14
EJ		 3953
3954 ctx->table_id = table_id;
3955
2cd20955
JR		 3956 /* Swap packet fields with CT 5-tuple if requested. */
3957 if (with_ct_orig) {
3958 /* Do not swap if there is no CT tuple, or if key is not IP. */
3959 if (ctx->xin->flow.ct_nw_proto == 0 ||
3960 !is_ip_any(&ctx->xin->flow)) {
3961 xlate_report_error(ctx,
3962 "resubmit(ct) with non-tracked or non-IP packet!");
3963 return;
3964 }
3965 tuple_swap(&ctx->xin->flow, ctx->wc);
3966 }
34dd0d78 3967 rule = rule_dpif_lookup_from_table(ctx->xbridge->ofproto,
1f4a8933 3968 ctx->xin->tables_version,
c0e638aa 3969 &ctx->xin->flow, ctx->wc,
34dd0d78
JR		 3970 ctx->xin->resubmit_stats,
3971 &ctx->table_id, in_port,
a027899e
JR		 3972 may_packet_in, honor_table_miss,
3973 ctx->xin->xcache);
2cd20955
JR		 3974 /* Swap back. */
3975 if (with_ct_orig) {
3976 tuple_swap(&ctx->xin->flow, ctx->wc);
3977 }
ad3efdcb 3978
a2143702 3979 if (rule) {
83709dfa
JR		 3980 /* Fill in the cache entry here instead of xlate_recursively
3981 * to make the reference counting more explicit. We take a
3982 * reference in the lookups above if we are going to cache the
3983 * rule. */
3984 if (ctx->xin->xcache) {
3985 struct xc_entry *entry;
3986
3987 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_RULE);
901a517e 3988 entry->rule = rule;
07a3cd5c 3989 ofproto_rule_ref(&rule->up);
83709dfa 3990 }
2d9b49dd
BP		 3991
3992 struct ovs_list *old_trace = ctx->xin->trace;
3993 xlate_report_table(ctx, rule, table_id);
feee58b9 3994 xlate_recursively(ctx, rule, table_id <= old_table_id,
96c3a6e5 3995 is_last_action, xlator);
2d9b49dd 3996 ctx->xin->trace = old_trace;
ad3efdcb
EJ		 3997 }
3998
9583bc14 3999 ctx->table_id = old_table_id;
98b07853 4000 return;
9583bc14
EJ		 4001 }
4002}
4003
76973237 4004/* Consumes the group reference, which is only taken if xcache exists. */
f4fb341b 4005static void
1e684d7d
RW		 4006xlate_group_stats(struct xlate_ctx *ctx, struct group_dpif *group,
4007 struct ofputil_bucket *bucket)
4008{
4009 if (ctx->xin->resubmit_stats) {
4010 group_dpif_credit_stats(group, bucket, ctx->xin->resubmit_stats);
4011 }
4012 if (ctx->xin->xcache) {
4013 struct xc_entry *entry;
4014
4015 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_GROUP);
901a517e
JR		 4016 entry->group.group = group;
4017 entry->group.bucket = bucket;
1e684d7d
RW		 4018 }
4019}
4020
4021static void
feee58b9
AZ		 4022xlate_group_bucket(struct xlate_ctx *ctx, struct ofputil_bucket *bucket,
4023 bool is_last_action)
f4fb341b
SH		 4024{
4025 uint64_t action_list_stub[1024 / 8];
0a2869d5
BP		 4026 struct ofpbuf action_list = OFPBUF_STUB_INITIALIZER(action_list_stub);
4027 struct ofpbuf action_set = ofpbuf_const_initializer(bucket->ofpacts,
4028 bucket->ofpacts_len);
5b09e569 4029 struct flow old_flow = ctx->xin->flow;
e12ec36b 4030 bool old_was_mpls = ctx->was_mpls;
f4fb341b 4031
f4fb341b 4032 ofpacts_execute_action_set(&action_list, &action_set);
790c5d26 4033 ctx->depth++;
feee58b9 4034 do_xlate_actions(action_list.data, action_list.size, ctx, is_last_action);
790c5d26 4035 ctx->depth--;
f4fb341b 4036
f4fb341b 4037 ofpbuf_uninit(&action_list);
5b09e569 4038
77ab5fd2 4039 /* Check if need to freeze. */
1d361a81 4040 if (ctx->freezing) {
77ab5fd2 4041 finish_freezing(ctx);
e672ff9b
JR		 4042 }
4043
5b09e569
JR		 4044 /* Roll back flow to previous state.
4045 * This is equivalent to cloning the packet for each bucket.
4046 *
4047 * As a side effect any subsequently applied actions will
4048 * also effectively be applied to a clone of the packet taken
4049 * just before applying the all or indirect group.
4050 *
4051 * Note that group buckets are action sets, hence they cannot modify the
4052 * main action set. Also any stack actions are ignored when executing an
4053 * action set, so group buckets cannot change the stack either.
4054 * However, we do allow resubmit actions in group buckets, which could
4055 * break the above assumptions. It is up to the controller to not mess up
4056 * with the action_set and stack in the tables resubmitted to from
4057 * group buckets. */
4058 ctx->xin->flow = old_flow;
4059
e12ec36b
SH		 4060 /* The group bucket popping MPLS should have no effect after bucket
4061 * execution. */
4062 ctx->was_mpls = old_was_mpls;
4063
5b09e569
JR		 4064 /* The fact that the group bucket exits (for any reason) does not mean that
4065 * the translation after the group action should exit. Specifically, if
1d361a81
BP		 4066 * the group bucket freezes translation, the actions after the group action
4067 * must continue processing with the original, not the frozen packet! */
5b09e569 4068 ctx->exit = false;
f4fb341b
SH		 4069}
4070
4071static void
feee58b9
AZ		 4072xlate_all_group(struct xlate_ctx *ctx, struct group_dpif *group,
4073 bool is_last_action)
f4fb341b 4074{
1e684d7d 4075 struct ofputil_bucket *bucket;
07a3cd5c 4076 LIST_FOR_EACH (bucket, list_node, &group->up.buckets) {
feee58b9
AZ		 4077 bool last = is_last_action && !bucket->list_node.next;
4078 xlate_group_bucket(ctx, bucket, last);
f4fb341b 4079 }
1e684d7d 4080 xlate_group_stats(ctx, group, NULL);
f4fb341b
SH		 4081}
4082
dd8cd4b4 4083static void
feee58b9
AZ		 4084xlate_ff_group(struct xlate_ctx *ctx, struct group_dpif *group,
4085 bool is_last_action)
dd8cd4b4 4086{
1e684d7d 4087 struct ofputil_bucket *bucket;
dd8cd4b4
SH		 4088
4089 bucket = group_first_live_bucket(ctx, group, 0);
4090 if (bucket) {
feee58b9 4091 xlate_group_bucket(ctx, bucket, is_last_action);
1e684d7d 4092 xlate_group_stats(ctx, group, bucket);
76973237 4093 } else if (ctx->xin->xcache) {
07a3cd5c 4094 ofproto_group_unref(&group->up);
dd8cd4b4
SH		 4095 }
4096}
4097
fe7e5749 4098static void
feee58b9
AZ		 4099xlate_default_select_group(struct xlate_ctx *ctx, struct group_dpif *group,
4100 bool is_last_action)
fe7e5749 4101{
49a73e0c 4102 struct flow_wildcards *wc = ctx->wc;
1e684d7d 4103 struct ofputil_bucket *bucket;
fe7e5749
SH		 4104 uint32_t basis;
4105
1d1aae0b 4106 basis = flow_hash_symmetric_l4(&ctx->xin->flow, 0);
80e3509d 4107 flow_mask_hash_fields(&ctx->xin->flow, wc, NX_HASH_FIELDS_SYMMETRIC_L4);
fe7e5749
SH		 4108 bucket = group_best_live_bucket(ctx, group, basis);
4109 if (bucket) {
feee58b9 4110 xlate_group_bucket(ctx, bucket, is_last_action);
1e684d7d 4111 xlate_group_stats(ctx, group, bucket);
76973237 4112 } else if (ctx->xin->xcache) {
07a3cd5c 4113 ofproto_group_unref(&group->up);
fe7e5749
SH		 4114 }
4115}
4116
0c4b9393 4117static void
feee58b9
AZ		 4118xlate_hash_fields_select_group(struct xlate_ctx *ctx, struct group_dpif *group,
4119 bool is_last_action)
0c4b9393 4120{
07a3cd5c
BP		 4121 const struct field_array *fields = &group->up.props.fields;
4122 const uint8_t *mask_values = fields->values;
4123 uint32_t basis = hash_uint64(group->up.props.selection_method_param);
0c4b9393 4124
07a3cd5c 4125 size_t i;
e8dba719
JR		 4126 BITMAP_FOR_EACH_1 (i, MFF_N_IDS, fields->used.bm) {
4127 const struct mf_field *mf = mf_from_id(i);
0c4b9393 4128
5bcd4754 4129 /* Skip fields for which prerequisites are not met. */
e8dba719
JR		 4130 if (!mf_are_prereqs_ok(mf, &ctx->xin->flow, ctx->wc)) {
4131 /* Skip the mask bytes for this field. */
4132 mask_values += mf->n_bytes;
4133 continue;
4134 }
0c4b9393 4135
e8dba719
JR		 4136 union mf_value value;
4137 union mf_value mask;
0c4b9393 4138
e8dba719
JR		 4139 mf_get_value(mf, &ctx->xin->flow, &value);
4140 /* Mask the value. */
4141 for (int j = 0; j < mf->n_bytes; j++) {
4142 mask.b[j] = *mask_values++;
4143 value.b[j] &= mask.b[j];
4144 }
4145 basis = hash_bytes(&value, mf->n_bytes, basis);
1cb20095 4146
e8dba719
JR		 4147 /* For tunnels, hash in whether the field is present. */
4148 if (mf_is_tun_metadata(mf)) {
4149 basis = hash_boolean(mf_is_set(mf, &ctx->xin->flow), basis);
0c4b9393 4150 }
e8dba719
JR		 4151
4152 mf_mask_field_masked(mf, &mask, ctx->wc);
0c4b9393
SH		 4153 }
4154
07a3cd5c 4155 struct ofputil_bucket *bucket = group_best_live_bucket(ctx, group, basis);
0c4b9393 4156 if (bucket) {
feee58b9 4157 xlate_group_bucket(ctx, bucket, is_last_action);
0c4b9393 4158 xlate_group_stats(ctx, group, bucket);
76973237 4159 } else if (ctx->xin->xcache) {
07a3cd5c 4160 ofproto_group_unref(&group->up);
0c4b9393
SH		 4161 }
4162}
4163
53cc166a 4164static void
feee58b9
AZ		 4165xlate_dp_hash_select_group(struct xlate_ctx *ctx, struct group_dpif *group,
4166 bool is_last_action)
53cc166a
JR		 4167{
4168 struct ofputil_bucket *bucket;
4169
4170 /* dp_hash value 0 is special since it means that the dp_hash has not been
4171 * computed, as all computed dp_hash values are non-zero. Therefore
4172 * compare to zero can be used to decide if the dp_hash value is valid
4173 * without masking the dp_hash field. */
4174 if (!ctx->xin->flow.dp_hash) {
07a3cd5c 4175 uint64_t param = group->up.props.selection_method_param;
53cc166a
JR		 4176
4177 ctx_trigger_recirculate_with_hash(ctx, param >> 32, (uint32_t)param);
4178 } else {
07a3cd5c 4179 uint32_t n_buckets = group->up.n_buckets;
53cc166a
JR		 4180 if (n_buckets) {
4181 /* Minimal mask to cover the number of buckets. */
4182 uint32_t mask = (1 << log_2_ceil(n_buckets)) - 1;
4183 /* Multiplier chosen to make the trivial 1 bit case to
4184 * actually distribute amongst two equal weight buckets. */
4185 uint32_t basis = 0xc2b73583 * (ctx->xin->flow.dp_hash & mask);
4186
4187 ctx->wc->masks.dp_hash |= mask;
4188 bucket = group_best_live_bucket(ctx, group, basis);
4189 if (bucket) {
feee58b9 4190 xlate_group_bucket(ctx, bucket, is_last_action);
53cc166a
JR		 4191 xlate_group_stats(ctx, group, bucket);
4192 }
4193 }
4194 }
4195}
4196
7565c3e4 4197static void
feee58b9
AZ		 4198xlate_select_group(struct xlate_ctx *ctx, struct group_dpif *group,
4199 bool is_last_action)
7565c3e4 4200{
07a3cd5c 4201 const char *selection_method = group->up.props.selection_method;
7565c3e4 4202
e12ec36b
SH		 4203 /* Select groups may access flow keys beyond L2 in order to
4204 * select a bucket. Recirculate as appropriate to make this possible.
4205 */
4206 if (ctx->was_mpls) {
4207 ctx_trigger_freeze(ctx);
4208 }
4209
7565c3e4 4210 if (selection_method[0] == '\0') {
feee58b9 4211 xlate_default_select_group(ctx, group, is_last_action);
0c4b9393 4212 } else if (!strcasecmp("hash", selection_method)) {
feee58b9 4213 xlate_hash_fields_select_group(ctx, group, is_last_action);
53cc166a 4214 } else if (!strcasecmp("dp_hash", selection_method)) {
feee58b9 4215 xlate_dp_hash_select_group(ctx, group, is_last_action);
7565c3e4
SH		 4216 } else {
4217 /* Parsing of groups should ensure this never happens */
4218 OVS_NOT_REACHED();
4219 }
4220}
4221
f4fb341b 4222static void
feee58b9
AZ		 4223xlate_group_action__(struct xlate_ctx *ctx, struct group_dpif *group,
4224 bool is_last_action)
f4fb341b 4225{
0eb48fe1 4226 bool was_in_group = ctx->in_group;
5a070238
BP		 4227 ctx->in_group = true;
4228
07a3cd5c 4229 switch (group->up.type) {
f4fb341b
SH		 4230 case OFPGT11_ALL:
4231 case OFPGT11_INDIRECT:
feee58b9 4232 xlate_all_group(ctx, group, is_last_action);
f4fb341b
SH		 4233 break;
4234 case OFPGT11_SELECT:
feee58b9 4235 xlate_select_group(ctx, group, is_last_action);
f4fb341b 4236 break;
dd8cd4b4 4237 case OFPGT11_FF:
feee58b9 4238 xlate_ff_group(ctx, group, is_last_action);
dd8cd4b4 4239 break;
f4fb341b 4240 default:
428b2edd 4241 OVS_NOT_REACHED();
f4fb341b 4242 }
5a070238 4243
0eb48fe1 4244 ctx->in_group = was_in_group;
f4fb341b
SH		 4245}
4246
4247static bool
feee58b9
AZ		 4248xlate_group_action(struct xlate_ctx *ctx, uint32_t group_id,
4249 bool is_last_action)
f4fb341b 4250{
0eb48fe1 4251 if (xlate_resubmit_resource_check(ctx)) {
f4fb341b 4252 struct group_dpif *group;
f4fb341b 4253
76973237
JR		 4254 /* Take ref only if xcache exists. */
4255 group = group_dpif_lookup(ctx->xbridge->ofproto, group_id,
1f4a8933 4256 ctx->xin->tables_version, ctx->xin->xcache);
db88b35c
JR		 4257 if (!group) {
4258 /* XXX: Should set ctx->error ? */
2d9b49dd
BP		 4259 xlate_report(ctx, OFT_WARN, "output to nonexistent group %"PRIu32,
4260 group_id);
f4fb341b
SH		 4261 return true;
4262 }
feee58b9 4263 xlate_group_action__(ctx, group, is_last_action);
f4fb341b
SH		 4264 }
4265
4266 return false;
4267}
4268
9583bc14
EJ		 4269static void
4270xlate_ofpact_resubmit(struct xlate_ctx *ctx,
feee58b9
AZ		 4271 const struct ofpact_resubmit *resubmit,
4272 bool is_last_action)
9583bc14 4273{
4e022ec0 4274 ofp_port_t in_port;
9583bc14 4275 uint8_t table_id;
adcf00ba
AZ		 4276 bool may_packet_in = false;
4277 bool honor_table_miss = false;
4278
4279 if (ctx->rule && rule_dpif_is_internal(ctx->rule)) {
4280 /* Still allow missed packets to be sent to the controller
4281 * if resubmitting from an internal table. */
4282 may_packet_in = true;
4283 honor_table_miss = true;
4284 }
9583bc14
EJ		 4285
4286 in_port = resubmit->in_port;
4287 if (in_port == OFPP_IN_PORT) {
4e022ec0 4288 in_port = ctx->xin->flow.in_port.ofp_port;
9583bc14
EJ		 4289 }
4290
4291 table_id = resubmit->table_id;
4292 if (table_id == 255) {
4293 table_id = ctx->table_id;
4294 }
4295
adcf00ba 4296 xlate_table_action(ctx, in_port, table_id, may_packet_in,
feee58b9 4297 honor_table_miss, resubmit->with_ct_orig,
96c3a6e5 4298 is_last_action, do_xlate_actions);
9583bc14
EJ		 4299}
4300
4301static void
feee58b9
AZ		 4302flood_packet_to_port(struct xlate_ctx *ctx, const struct xport *xport,
4303 bool all, bool is_last_action)
9583bc14 4304{
feee58b9
AZ		 4305 if (!xport) {
4306 return;
4307 }
4308
4309 if (all) {
4310 compose_output_action__(ctx, xport->ofp_port, NULL, false,
11938578 4311 is_last_action, false);
feee58b9 4312 } else {
11938578
AZ		 4313 compose_output_action(ctx, xport->ofp_port, NULL, is_last_action,
4314 false);
feee58b9
AZ		 4315 }
4316}
4317
4318static void
4319flood_packets(struct xlate_ctx *ctx, bool all, bool is_last_action)
4320{
4321 const struct xport *xport, *last = NULL;
9583bc14 4322
feee58b9 4323 /* Use 'last' the keep track of the last output port. */
46c88433
EJ		 4324 HMAP_FOR_EACH (xport, ofp_node, &ctx->xbridge->xports) {
4325 if (xport->ofp_port == ctx->xin->flow.in_port.ofp_port) {
9583bc14
EJ		 4326 continue;
4327 }
4328
feee58b9
AZ		 4329 if (all || !(xport->config & OFPUTIL_PC_NO_FLOOD)) {
4330 /* 'last' is not the last port, send a packet out, and
4331 * update 'last'. */
4332 flood_packet_to_port(ctx, last, all, false);
4333 last = xport;
9583bc14
EJ		 4334 }
4335 }
4336
feee58b9
AZ		 4337 /* Send the packet to the 'last' port. */
4338 flood_packet_to_port(ctx, last, all, is_last_action);
2031ef97 4339 ctx->nf_output_iface = NF_OUT_FLOOD;
9583bc14
EJ		 4340}
4341
27d931da
AZ		 4342/* Copy and reformat a partially xlated odp actions to a new
4343 * odp actions list in 'b', so that the new actions list
4344 * can be executed by odp_execute_actions.
4345 *
4346 * When xlate using nested odp actions, such as sample and clone,
4347 * the nested action created by nl_msg_start_nested() may not
4348 * have been properly closed yet, thus can not be executed
4349 * directly.
4350 *
4351 * Since unclosed nested action has to be last action, it can be
4352 * fixed by skipping the outer header, and treating the actions within
4353 * as if they are outside the nested attribute since the effect
4354 * of executing them on packet is the same.
4355 *
4356 * As an optimization, a fully closed 'sample' or 'clone' action
4357 * is skipped since their execution has no effect to the packet.
4358 *
4359 * Returns true if success. 'b' contains the new actions list.
4360 * The caller is responsible for disposing 'b'.
4361 *
4362 * Returns false if error, 'b' has been freed already. */
4363static bool
4364xlate_fixup_actions(struct ofpbuf *b, const struct nlattr *actions,
4365 size_t actions_len)
4366{
4367 const struct nlattr *a;
4368 unsigned int left;
4369
4370 NL_ATTR_FOR_EACH_UNSAFE (a, left, actions, actions_len) {
4371 int type = nl_attr_type(a);
4372
4373 switch ((enum ovs_action_attr) type) {
4374 case OVS_ACTION_ATTR_HASH:
4375 case OVS_ACTION_ATTR_PUSH_VLAN:
4376 case OVS_ACTION_ATTR_POP_VLAN:
4377 case OVS_ACTION_ATTR_PUSH_MPLS:
4378 case OVS_ACTION_ATTR_POP_MPLS:
4379 case OVS_ACTION_ATTR_SET:
4380 case OVS_ACTION_ATTR_SET_MASKED:
4381 case OVS_ACTION_ATTR_TRUNC:
4382 case OVS_ACTION_ATTR_OUTPUT:
4383 case OVS_ACTION_ATTR_TUNNEL_PUSH:
4384 case OVS_ACTION_ATTR_TUNNEL_POP:
4385 case OVS_ACTION_ATTR_USERSPACE:
4386 case OVS_ACTION_ATTR_RECIRC:
4387 case OVS_ACTION_ATTR_CT:
0d11fc52
JR		 4388 case OVS_ACTION_ATTR_PUSH_ETH:
4389 case OVS_ACTION_ATTR_POP_ETH:
1fc11c59
JS		 4390 case OVS_ACTION_ATTR_ENCAP_NSH:
4391 case OVS_ACTION_ATTR_DECAP_NSH:
5dddf960 4392 case OVS_ACTION_ATTR_METER:
27d931da
AZ		 4393 ofpbuf_put(b, a, nl_attr_len_pad(a, left));
4394 break;
4395
4396 case OVS_ACTION_ATTR_CLONE:
4397 /* If the clone action has been fully xlated, it can
4398 * be skipped, since any actions executed within clone
4399 * do not affect the current packet.
4400 *
4401 * When xlating actions within clone, the clone action,
4402 * because it is an nested netlink attribute, do not have
4403 * a valid 'nla_len'; it will be zero instead. Skip
4404 * the clone header to find the start of the actions
4405 * enclosed. Treat those actions as if they are written
4406 * outside of clone. */
4407 if (!a->nla_len) {
4408 bool ok;
4409 if (left < NLA_HDRLEN) {
4410 goto error;
4411 }
4412
4413 ok = xlate_fixup_actions(b, nl_attr_get_unspec(a, 0),
4414 left - NLA_HDRLEN);
4415 if (!ok) {
4416 goto error;
4417 }
4418 }
4419 break;
4420
4421 case OVS_ACTION_ATTR_SAMPLE:
4422 if (!a->nla_len) {
4423 bool ok;
4424 if (left < NLA_HDRLEN) {
4425 goto error;
4426 }
4427 const struct nlattr *attr = nl_attr_get_unspec(a, 0);
4428 left -= NLA_HDRLEN;
4429
4430 while (left > 0 &&
4431 nl_attr_type(attr) != OVS_SAMPLE_ATTR_ACTIONS) {
4432 /* Only OVS_SAMPLE_ATTR_ACTIONS can have unclosed
4433 * nested netlink attribute. */
4434 if (!attr->nla_len) {
4435 goto error;
4436 }
4437
4438 left -= NLA_ALIGN(attr->nla_len);
4439 attr = nl_attr_next(attr);
4440 }
4441
4442 if (left < NLA_HDRLEN) {
4443 goto error;
4444 }
4445
4446 ok = xlate_fixup_actions(b, nl_attr_get_unspec(attr, 0),
4447 left - NLA_HDRLEN);
4448 if (!ok) {
4449 goto error;
4450 }
4451 }
4452 break;
4453
4454 case OVS_ACTION_ATTR_UNSPEC:
4455 case __OVS_ACTION_ATTR_MAX:
4456 OVS_NOT_REACHED();
4457 }
4458 }
4459
4460 return true;
4461
4462error:
4463 ofpbuf_delete(b);
4464 return false;
4465}
4466
4467static bool
4468xlate_execute_odp_actions(struct dp_packet *packet,
4469 const struct nlattr *actions, int actions_len)
4470{
4471 struct dp_packet_batch batch;
4472 struct ofpbuf *b = ofpbuf_new(actions_len);
4473
4474 if (!xlate_fixup_actions(b, actions, actions_len)) {
4475 return false;
4476 }
4477
4478 dp_packet_batch_init_packet(&batch, packet);
4479 odp_execute_actions(NULL, &batch, false, b->data, b->size, NULL);
4480 ofpbuf_delete(b);
4481
4482 return true;
4483}
4484
9583bc14
EJ		 4485static void
4486execute_controller_action(struct xlate_ctx *ctx, int len,
4487 enum ofp_packet_in_reason reason,
bdcad671
BP		 4488 uint16_t controller_id,
4489 const uint8_t *userdata, size_t userdata_len)
9583bc14 4490{
e14deea0 4491 struct dp_packet *packet;
9583bc14 4492
04594cd5 4493 ctx->xout->slow |= SLOW_CONTROLLER;
b476e2f2 4494 xlate_commit_actions(ctx);
9583bc14
EJ		 4495 if (!ctx->xin->packet) {
4496 return;
4497 }
4498
df70a773
JR		 4499 if (!ctx->xin->allow_side_effects && !ctx->xin->xcache) {
4500 return;
4501 }
4502
cf62fa4c 4503 packet = dp_packet_clone(ctx->xin->packet);
27d931da
AZ		 4504 if (!xlate_execute_odp_actions(packet, ctx->odp_actions->data,
4505 ctx->odp_actions->size)) {
4506 xlate_report_error(ctx, "Failed to execute controller action");
4507 dp_packet_delete(packet);
4508 return;
4509 }
beb75a40 4510
9bfe9334
BP		 4511 /* A packet sent by an action in a table-miss rule is considered an
4512 * explicit table miss. OpenFlow before 1.3 doesn't have that concept so
4513 * it will get translated back to OFPR_ACTION for those versions. */
4514 if (reason == OFPR_ACTION
07a3cd5c 4515 && ctx->rule && rule_is_table_miss(&ctx->rule->up)) {
9bfe9334
BP		 4516 reason = OFPR_EXPLICIT_MISS;
4517 }
4518
4519 size_t packet_len = dp_packet_size(packet);
0fb7792a 4520
a2b53dec
BP		 4521 struct ofproto_async_msg *am = xmalloc(sizeof *am);
4522 *am = (struct ofproto_async_msg) {
9bfe9334 4523 .controller_id = controller_id,
a2b53dec
BP		 4524 .oam = OAM_PACKET_IN,
4525 .pin = {
4526 .up = {
4d617a87 4527 .base = {
77ab5fd2
BP		 4528 .packet = dp_packet_steal_data(packet),
4529 .packet_len = packet_len,
4530 .reason = reason,
4531 .table_id = ctx->table_id,
4532 .cookie = ctx->rule_cookie,
4533 .userdata = (userdata_len
4534 ? xmemdup(userdata, userdata_len)
4535 : NULL),
4536 .userdata_len = userdata_len,
4537 }
a2b53dec
BP		 4538 },
4539 .max_len = len,
9bfe9334 4540 },
9bfe9334 4541 };
4d617a87 4542 flow_get_metadata(&ctx->xin->flow, &am->pin.up.base.flow_metadata);
9583bc14 4543
df70a773
JR		 4544 /* Async messages are only sent once, so if we send one now, no
4545 * xlate cache entry is created. */
4546 if (ctx->xin->allow_side_effects) {
4547 ofproto_dpif_send_async_msg(ctx->xbridge->ofproto, am);
4548 } else /* xcache */ {
4549 struct xc_entry *entry;
4550
4551 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_CONTROLLER);
4552 entry->controller.ofproto = ctx->xbridge->ofproto;
4553 entry->controller.am = am;
4554 }
3b4fff43
RM		 4555
4556 dp_packet_delete(packet);
9583bc14
EJ		 4557}
4558
7bbdd84f 4559static void
77ab5fd2 4560emit_continuation(struct xlate_ctx *ctx, const struct frozen_state *state)
7bbdd84f 4561{
df70a773
JR		 4562 if (!ctx->xin->allow_side_effects && !ctx->xin->xcache) {
4563 return;
4564 }
4565
77ab5fd2
BP		 4566 struct ofproto_async_msg *am = xmalloc(sizeof *am);
4567 *am = (struct ofproto_async_msg) {
4568 .controller_id = ctx->pause->controller_id,
4569 .oam = OAM_PACKET_IN,
4570 .pin = {
4571 .up = {
4d617a87 4572 .base = {
77ab5fd2
BP		 4573 .userdata = xmemdup(ctx->pause->userdata,
4574 ctx->pause->userdata_len),
4575 .userdata_len = ctx->pause->userdata_len,
4576 .packet = xmemdup(dp_packet_data(ctx->xin->packet),
4577 dp_packet_size(ctx->xin->packet)),
4578 .packet_len = dp_packet_size(ctx->xin->packet),
0b024e49 4579 .reason = ctx->pause->reason,
77ab5fd2 4580 },
07a3cd5c 4581 .bridge = ctx->xbridge->ofproto->uuid,
84cf3c1f
JR		 4582 .stack = xmemdup(state->stack, state->stack_size),
4583 .stack_size = state->stack_size,
77ab5fd2
BP		 4584 .mirrors = state->mirrors,
4585 .conntracked = state->conntracked,
4586 .actions = xmemdup(state->ofpacts, state->ofpacts_len),
4587 .actions_len = state->ofpacts_len,
4588 .action_set = xmemdup(state->action_set,
4589 state->action_set_len),
4590 .action_set_len = state->action_set_len,
4591 },
4592 .max_len = UINT16_MAX,
4593 },
4594 };
4d617a87 4595 flow_get_metadata(ctx->paused_flow, &am->pin.up.base.flow_metadata);
df70a773
JR		 4596
4597 /* Async messages are only sent once, so if we send one now, no
4598 * xlate cache entry is created. */
4599 if (ctx->xin->allow_side_effects) {
4600 ofproto_dpif_send_async_msg(ctx->xbridge->ofproto, am);
4601 } else /* xcache */ {
4602 struct xc_entry *entry;
4603
4604 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_CONTROLLER);
4605 entry->controller.ofproto = ctx->xbridge->ofproto;
4606 entry->controller.am = am;
4607 }
77ab5fd2 4608}
7bbdd84f 4609
e6bc8e74
YHW		 4610/* Creates a frozen state, and allocates a unique recirc id for the given
4611 * state. Returns a non-zero recirc id if it is allocated successfully.
4612 * Returns 0 otherwise.
4613 **/
4614static uint32_t
77ab5fd2
BP		 4615finish_freezing__(struct xlate_ctx *ctx, uint8_t table)
4616{
e6bc8e74 4617 uint32_t id = 0;
1d361a81 4618 ovs_assert(ctx->freezing);
7bbdd84f 4619
1d361a81 4620 struct frozen_state state = {
07659514 4621 .table_id = table,
07a3cd5c 4622 .ofproto_uuid = ctx->xbridge->ofproto->uuid,
5c1b2314 4623 .stack = ctx->stack.data,
84cf3c1f 4624 .stack_size = ctx->stack.size,
29bae541 4625 .mirrors = ctx->mirrors,
07659514 4626 .conntracked = ctx->conntracked,
1d361a81
BP		 4627 .ofpacts = ctx->frozen_actions.data,
4628 .ofpacts_len = ctx->frozen_actions.size,
417509fa 4629 .action_set = ctx->action_set.data,
8a5fb3b4 4630 .action_set_len = ctx->action_set.size,
2082425c 4631 };
77ab5fd2 4632 frozen_metadata_from_flow(&state.metadata, &ctx->xin->flow);
2082425c 4633
77ab5fd2
BP		 4634 if (ctx->pause) {
4635 if (ctx->xin->packet) {
4636 emit_continuation(ctx, &state);
4637 }
4638 } else {
4639 /* Allocate a unique recirc id for the given metadata state in the
4640 * flow. An existing id, with a new reference to the corresponding
4641 * recirculation context, will be returned if possible.
4642 * The life-cycle of this recirc id is managed by associating it
4643 * with the udpif key ('ukey') created for each new datapath flow. */
e6bc8e74 4644 id = recirc_alloc_id_ctx(&state);
77ab5fd2 4645 if (!id) {
2d9b49dd 4646 xlate_report_error(ctx, "Failed to allocate recirculation id");
77ab5fd2 4647 ctx->error = XLATE_NO_RECIRCULATION_CONTEXT;
e6bc8e74 4648 return 0;
77ab5fd2
BP		 4649 }
4650 recirc_refs_add(&ctx->xout->recircs, id);
7bbdd84f 4651
53cc166a
JR		 4652 if (ctx->recirc_update_dp_hash) {
4653 struct ovs_action_hash *act_hash;
4654
4655 /* Hash action. */
4656 act_hash = nl_msg_put_unspec_uninit(ctx->odp_actions,
4657 OVS_ACTION_ATTR_HASH,
4658 sizeof *act_hash);
4659 act_hash->hash_alg = OVS_HASH_ALG_L4; /* Make configurable. */
4660 act_hash->hash_basis = 0; /* Make configurable. */
4661 }
77ab5fd2
BP		 4662 nl_msg_put_u32(ctx->odp_actions, OVS_ACTION_ATTR_RECIRC, id);
4663 }
e672ff9b 4664
1d361a81
BP		 4665 /* Undo changes done by freezing. */
4666 ctx_cancel_freeze(ctx);
e6bc8e74 4667 return id;
7bbdd84f
SH		 4668}
4669
1d361a81 4670/* Called only when we're freezing. */
07659514 4671static void
77ab5fd2 4672finish_freezing(struct xlate_ctx *ctx)
07659514
JS		 4673{
4674 xlate_commit_actions(ctx);
77ab5fd2 4675 finish_freezing__(ctx, 0);
07659514
JS		 4676}
4677
e37b8437
JS		 4678/* Fork the pipeline here. The current packet will continue processing the
4679 * current action list. A clone of the current packet will recirculate, skip
4680 * the remainder of the current action list and asynchronously resume pipeline
4681 * processing in 'table' with the current metadata and action set. */
4682static void
5fdd80cc
YHW		 4683compose_recirculate_and_fork(struct xlate_ctx *ctx, uint8_t table,
4684 const uint16_t zone)
e37b8437 4685{
e6bc8e74 4686 uint32_t recirc_id;
1d361a81 4687 ctx->freezing = true;
e6bc8e74
YHW		 4688 recirc_id = finish_freezing__(ctx, table);
4689
4690 if (OVS_UNLIKELY(ctx->xin->trace) && recirc_id) {
4691 if (oftrace_add_recirc_node(ctx->xin->recirc_queue,
4692 OFT_RECIRC_CONNTRACK, &ctx->xin->flow,
5fdd80cc 4693 ctx->xin->packet, recirc_id, zone)) {
e6bc8e74
YHW		 4694 xlate_report(ctx, OFT_DETAIL, "A clone of the packet is forked to "
4695 "recirculate. The forked pipeline will be resumed at "
4696 "table %u.", table);
4697 } else {
4698 xlate_report(ctx, OFT_DETAIL, "Failed to trace the conntrack "
4699 "forked pipeline with recirc_id = %d.", recirc_id);
4700 }
4701 }
e37b8437
JS		 4702}
4703
8bfd0fda
BP		 4704static void
4705compose_mpls_push_action(struct xlate_ctx *ctx, struct ofpact_push_mpls *mpls)
9583bc14 4706{
33bf9176 4707 struct flow *flow = &ctx->xin->flow;
8bfd0fda 4708 int n;
33bf9176 4709
8bfd0fda 4710 ovs_assert(eth_type_mpls(mpls->ethertype));
b0a17866 4711
49a73e0c 4712 n = flow_count_mpls_labels(flow, ctx->wc);
8bfd0fda 4713 if (!n) {
704bb0bf 4714 xlate_commit_actions(ctx);
8bfd0fda
BP		 4715 } else if (n >= FLOW_MAX_MPLS_LABELS) {
4716 if (ctx->xin->packet != NULL) {
2d9b49dd
BP		 4717 xlate_report_error(ctx, "dropping packet on which an MPLS push "
4718 "action can't be performed as it would have "
4719 "more MPLS LSEs than the %d supported.",
4720 FLOW_MAX_MPLS_LABELS);
9583bc14 4721 }
fff1b9c0 4722 ctx->error = XLATE_TOO_MANY_MPLS_LABELS;
8bfd0fda 4723 return;
9583bc14 4724 }
b0a17866 4725
742c0ac3
JR		 4726 /* Update flow's MPLS stack, and clear L3/4 fields to mark them invalid. */
4727 flow_push_mpls(flow, n, mpls->ethertype, ctx->wc, true);
9583bc14
EJ		 4728}
4729
8bfd0fda 4730static void
9cfef3d0 4731compose_mpls_pop_action(struct xlate_ctx *ctx, ovs_be16 eth_type)
9583bc14 4732{
8bfd0fda 4733 struct flow *flow = &ctx->xin->flow;
49a73e0c 4734 int n = flow_count_mpls_labels(flow, ctx->wc);
33bf9176 4735
49a73e0c 4736 if (flow_pop_mpls(flow, n, eth_type, ctx->wc)) {
8bf009bf 4737 if (!eth_type_mpls(eth_type) && ctx->xbridge->support.odp.recirc) {
e12ec36b 4738 ctx->was_mpls = true;
7bbdd84f
SH		 4739 }
4740 } else if (n >= FLOW_MAX_MPLS_LABELS) {
8bfd0fda 4741 if (ctx->xin->packet != NULL) {
2d9b49dd
BP		 4742 xlate_report_error(ctx, "dropping packet on which an "
4743 "MPLS pop action can't be performed as it has "
4744 "more MPLS LSEs than the %d supported.",
4745 FLOW_MAX_MPLS_LABELS);
8bfd0fda 4746 }
fff1b9c0 4747 ctx->error = XLATE_TOO_MANY_MPLS_LABELS;
1520ef4f 4748 ofpbuf_clear(ctx->odp_actions);
9583bc14
EJ		 4749 }
4750}
4751
4752static bool
4753compose_dec_ttl(struct xlate_ctx *ctx, struct ofpact_cnt_ids *ids)
4754{
33bf9176
BP		 4755 struct flow *flow = &ctx->xin->flow;
4756
4757 if (!is_ip_any(flow)) {
9583bc14
EJ		 4758 return false;
4759 }
4760
49a73e0c 4761 ctx->wc->masks.nw_ttl = 0xff;
33bf9176
BP		 4762 if (flow->nw_ttl > 1) {
4763 flow->nw_ttl--;
9583bc14
EJ		 4764 return false;
4765 } else {
4766 size_t i;
4767
4768 for (i = 0; i < ids->n_controllers; i++) {
4769 execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL,
bdcad671 4770 ids->cnt_ids[i], NULL, 0);
9583bc14
EJ		 4771 }
4772
4773 /* Stop processing for current table. */
2d9b49dd
BP		 4774 xlate_report(ctx, OFT_WARN, "IPv%d decrement TTL exception",
4775 flow->dl_type == htons(ETH_TYPE_IP) ? 4 : 6);
9583bc14
EJ		 4776 return true;
4777 }
4778}
4779
8bfd0fda 4780static void
097d4939
JR		 4781compose_set_mpls_label_action(struct xlate_ctx *ctx, ovs_be32 label)
4782{
8bfd0fda 4783 if (eth_type_mpls(ctx->xin->flow.dl_type)) {
49a73e0c 4784 ctx->wc->masks.mpls_lse[0] |= htonl(MPLS_LABEL_MASK);
8bfd0fda 4785 set_mpls_lse_label(&ctx->xin->flow.mpls_lse[0], label);
097d4939 4786 }
097d4939
JR		 4787}
4788
8bfd0fda 4789static void
097d4939
JR		 4790compose_set_mpls_tc_action(struct xlate_ctx *ctx, uint8_t tc)
4791{
8bfd0fda 4792 if (eth_type_mpls(ctx->xin->flow.dl_type)) {
49a73e0c 4793 ctx->wc->masks.mpls_lse[0] |= htonl(MPLS_TC_MASK);
8bfd0fda 4794 set_mpls_lse_tc(&ctx->xin->flow.mpls_lse[0], tc);
097d4939 4795 }
097d4939
JR		 4796}
4797
8bfd0fda 4798static void
9cfef3d0 4799compose_set_mpls_ttl_action(struct xlate_ctx *ctx, uint8_t ttl)
9583bc14 4800{
8bfd0fda 4801 if (eth_type_mpls(ctx->xin->flow.dl_type)) {
49a73e0c 4802 ctx->wc->masks.mpls_lse[0] |= htonl(MPLS_TTL_MASK);
8bfd0fda 4803 set_mpls_lse_ttl(&ctx->xin->flow.mpls_lse[0], ttl);
b0a17866 4804 }
9583bc14
EJ		 4805}
4806
4807static bool
9cfef3d0 4808compose_dec_mpls_ttl_action(struct xlate_ctx *ctx)
9583bc14 4809{
33bf9176 4810 struct flow *flow = &ctx->xin->flow;
1dd35f8a 4811
8bfd0fda 4812 if (eth_type_mpls(flow->dl_type)) {
22d38fca
JR		 4813 uint8_t ttl = mpls_lse_to_ttl(flow->mpls_lse[0]);
4814
49a73e0c 4815 ctx->wc->masks.mpls_lse[0] |= htonl(MPLS_TTL_MASK);
8bfd0fda
BP		 4816 if (ttl > 1) {
4817 ttl--;
4818 set_mpls_lse_ttl(&flow->mpls_lse[0], ttl);
4819 return false;
4820 } else {
bdcad671
BP		 4821 execute_controller_action(ctx, UINT16_MAX, OFPR_INVALID_TTL, 0,
4822 NULL, 0);
8bfd0fda 4823 }
9583bc14 4824 }
22d38fca
JR		 4825
4826 /* Stop processing for current table. */
2d9b49dd 4827 xlate_report(ctx, OFT_WARN, "MPLS decrement TTL exception");
22d38fca 4828 return true;
9583bc14
EJ		 4829}
4830
8b496c72
BP		 4831/* Emits an action that outputs to 'port', within 'ctx'.
4832 *
4833 * 'controller_len' affects only packets sent to an OpenFlow controller. It
4834 * is the maximum number of bytes of the packet to send. UINT16_MAX means to
4835 * send the whole packet (and 0 means to omit the packet entirely).
4836 *
4837 * 'may_packet_in' determines whether the packet may be sent to an OpenFlow
4838 * controller. If it is false, then the packet is never sent to the OpenFlow
4839 * controller.
4840 *
4841 * 'is_last_action' should be true if this output is the last OpenFlow action
4842 * to be processed, which enables certain optimizations.
4843 *
4844 * 'truncate' should be true if the packet to be output is being truncated,
4845 * which suppresses certain optimizations. */
9583bc14 4846static void
8b496c72
BP		 4847xlate_output_action(struct xlate_ctx *ctx, ofp_port_t port,
4848 uint16_t controller_len, bool may_packet_in,
4849 bool is_last_action, bool truncate)
9583bc14 4850{
2031ef97 4851 ofp_port_t prev_nf_output_iface = ctx->nf_output_iface;
9583bc14 4852
2031ef97 4853 ctx->nf_output_iface = NF_OUT_DROP;
9583bc14
EJ		 4854
4855 switch (port) {
4856 case OFPP_IN_PORT:
feee58b9 4857 compose_output_action(ctx, ctx->xin->flow.in_port.ofp_port, NULL,
8bbbda3c 4858 is_last_action, truncate);
9583bc14
EJ		 4859 break;
4860 case OFPP_TABLE:
4e022ec0 4861 xlate_table_action(ctx, ctx->xin->flow.in_port.ofp_port,
11938578 4862 0, may_packet_in, true, false, false,
96c3a6e5 4863 do_xlate_actions);
9583bc14
EJ		 4864 break;
4865 case OFPP_NORMAL:
4866 xlate_normal(ctx);
4867 break;
4868 case OFPP_FLOOD:
feee58b9 4869 flood_packets(ctx, false, is_last_action);
9583bc14
EJ		 4870 break;
4871 case OFPP_ALL:
feee58b9 4872 flood_packets(ctx, true, is_last_action);
9583bc14
EJ		 4873 break;
4874 case OFPP_CONTROLLER:
8b496c72 4875 execute_controller_action(ctx, controller_len,
331c07ac
YHW		 4876 (ctx->in_packet_out ? OFPR_PACKET_OUT
4877 : ctx->in_group ? OFPR_GROUP
029ca940
SS		 4878 : ctx->in_action_set ? OFPR_ACTION_SET
4879 : OFPR_ACTION),
bdcad671 4880 0, NULL, 0);
9583bc14
EJ		 4881 break;
4882 case OFPP_NONE:
4883 break;
4884 case OFPP_LOCAL:
4885 default:
4e022ec0 4886 if (port != ctx->xin->flow.in_port.ofp_port) {
8bbbda3c 4887 compose_output_action(ctx, port, NULL, is_last_action, truncate);
9583bc14 4888 } else {
2d9b49dd 4889 xlate_report(ctx, OFT_WARN, "skipping output to input port");
9583bc14
EJ		 4890 }
4891 break;
4892 }
4893
4894 if (prev_nf_output_iface == NF_OUT_FLOOD) {
2031ef97
BP		 4895 ctx->nf_output_iface = NF_OUT_FLOOD;
4896 } else if (ctx->nf_output_iface == NF_OUT_DROP) {
4897 ctx->nf_output_iface = prev_nf_output_iface;
9583bc14 4898 } else if (prev_nf_output_iface != NF_OUT_DROP &&
2031ef97
BP		 4899 ctx->nf_output_iface != NF_OUT_FLOOD) {
4900 ctx->nf_output_iface = NF_OUT_MULTI;
9583bc14
EJ		 4901 }
4902}
4903
4904static void
4905xlate_output_reg_action(struct xlate_ctx *ctx,
feee58b9
AZ		 4906 const struct ofpact_output_reg *or,
4907 bool is_last_action)
9583bc14
EJ		 4908{
4909 uint64_t port = mf_get_subfield(&or->src, &ctx->xin->flow);
4910 if (port <= UINT16_MAX) {
2d9b49dd
BP		 4911 xlate_report(ctx, OFT_DETAIL, "output port is %"PRIu64, port);
4912
9583bc14
EJ		 4913 union mf_subvalue value;
4914
4915 memset(&value, 0xff, sizeof value);
49a73e0c 4916 mf_write_subfield_flow(&or->src, &value, &ctx->wc->masks);
8b496c72
BP		 4917 xlate_output_action(ctx, u16_to_ofp(port), or->max_len,
4918 false, is_last_action, false);
2d9b49dd
BP		 4919 } else {
4920 xlate_report(ctx, OFT_WARN, "output port %"PRIu64" is out of range",
4921 port);
9583bc14
EJ		 4922 }
4923}
4924
aaca4fe0
WT		 4925static void
4926xlate_output_trunc_action(struct xlate_ctx *ctx,
feee58b9
AZ		 4927 ofp_port_t port, uint32_t max_len,
4928 bool is_last_action)
aaca4fe0
WT		 4929{
4930 bool support_trunc = ctx->xbridge->support.trunc;
4931 struct ovs_action_trunc *trunc;
2f2b904f 4932 char name[OFP10_MAX_PORT_NAME_LEN];
aaca4fe0
WT		 4933
4934 switch (port) {
4935 case OFPP_TABLE:
4936 case OFPP_NORMAL:
4937 case OFPP_FLOOD:
4938 case OFPP_ALL:
4939 case OFPP_CONTROLLER:
4940 case OFPP_NONE:
50f96b10 4941 ofputil_port_to_string(port, NULL, name, sizeof name);
2d9b49dd
BP		 4942 xlate_report(ctx, OFT_WARN,
4943 "output_trunc does not support port: %s", name);
aaca4fe0
WT		 4944 break;
4945 case OFPP_LOCAL:
4946 case OFPP_IN_PORT:
4947 default:
4948 if (port != ctx->xin->flow.in_port.ofp_port) {
4949 const struct xport *xport = get_ofp_port(ctx->xbridge, port);
4950
4951 if (xport == NULL || xport->odp_port == ODPP_NONE) {
4952 /* Since truncate happens at its following output action, if
4953 * the output port is a patch port, the behavior is somehow
49f17344 4954 * unpredictable. For simplicity, disallow this case. */
50f96b10 4955 ofputil_port_to_string(port, NULL, name, sizeof name);
2d9b49dd
BP		 4956 xlate_report_error(ctx, "output_trunc does not support "
4957 "patch port %s", name);
aaca4fe0
WT		 4958 break;
4959 }
4960
4961 trunc = nl_msg_put_unspec_uninit(ctx->odp_actions,
4962 OVS_ACTION_ATTR_TRUNC,
4963 sizeof *trunc);
4964 trunc->max_len = max_len;
8b496c72 4965 xlate_output_action(ctx, port, 0, false, is_last_action, true);
aaca4fe0
WT		 4966 if (!support_trunc) {
4967 ctx->xout->slow |= SLOW_ACTION;
4968 }
4969 } else {
2d9b49dd 4970 xlate_report(ctx, OFT_WARN, "skipping output to input port");
aaca4fe0
WT		 4971 }
4972 break;
4973 }
4974}
4975
9583bc14
EJ		 4976static void
4977xlate_enqueue_action(struct xlate_ctx *ctx,
feee58b9
AZ		 4978 const struct ofpact_enqueue *enqueue,
4979 bool is_last_action)
9583bc14 4980{
4e022ec0 4981 ofp_port_t ofp_port = enqueue->port;
9583bc14
EJ		 4982 uint32_t queue_id = enqueue->queue;
4983 uint32_t flow_priority, priority;
4984 int error;
4985
4986 /* Translate queue to priority. */
89a8a7f0 4987 error = dpif_queue_to_priority(ctx->xbridge->dpif, queue_id, &priority);
9583bc14
EJ		 4988 if (error) {
4989 /* Fall back to ordinary output action. */
8b496c72
BP		 4990 xlate_output_action(ctx, enqueue->port, 0, false,
4991 is_last_action, false);
9583bc14
EJ		 4992 return;
4993 }
4994
4995 /* Check output port. */
4996 if (ofp_port == OFPP_IN_PORT) {
4e022ec0
AW		 4997 ofp_port = ctx->xin->flow.in_port.ofp_port;
4998 } else if (ofp_port == ctx->xin->flow.in_port.ofp_port) {
9583bc14
EJ		 4999 return;
5000 }
5001
5002 /* Add datapath actions. */
5003 flow_priority = ctx->xin->flow.skb_priority;
5004 ctx->xin->flow.skb_priority = priority;
11938578 5005 compose_output_action(ctx, ofp_port, NULL, is_last_action, false);
9583bc14
EJ		 5006 ctx->xin->flow.skb_priority = flow_priority;
5007
5008 /* Update NetFlow output port. */
2031ef97
BP		 5009 if (ctx->nf_output_iface == NF_OUT_DROP) {
5010 ctx->nf_output_iface = ofp_port;
5011 } else if (ctx->nf_output_iface != NF_OUT_FLOOD) {
5012 ctx->nf_output_iface = NF_OUT_MULTI;
9583bc14
EJ		 5013 }
5014}
5015
5016static void
5017xlate_set_queue_action(struct xlate_ctx *ctx, uint32_t queue_id)
5018{
5019 uint32_t skb_priority;
5020
89a8a7f0 5021 if (!dpif_queue_to_priority(ctx->xbridge->dpif, queue_id, &skb_priority)) {
9583bc14
EJ		 5022 ctx->xin->flow.skb_priority = skb_priority;
5023 } else {
5024 /* Couldn't translate queue to a priority. Nothing to do. A warning
5025 * has already been logged. */
5026 }
5027}
5028
5029static bool
46c88433 5030slave_enabled_cb(ofp_port_t ofp_port, void *xbridge_)
9583bc14 5031{
46c88433
EJ		 5032 const struct xbridge *xbridge = xbridge_;
5033 struct xport *port;
9583bc14
EJ		 5034
5035 switch (ofp_port) {
5036 case OFPP_IN_PORT:
5037 case OFPP_TABLE:
5038 case OFPP_NORMAL:
5039 case OFPP_FLOOD:
5040 case OFPP_ALL:
5041 case OFPP_NONE:
5042 return true;
5043 case OFPP_CONTROLLER: /* Not supported by the bundle action. */
5044 return false;
5045 default:
46c88433 5046 port = get_ofp_port(xbridge, ofp_port);
9583bc14
EJ		 5047 return port ? port->may_enable : false;
5048 }
5049}
5050
5051static void
5052xlate_bundle_action(struct xlate_ctx *ctx,
feee58b9
AZ		 5053 const struct ofpact_bundle *bundle,
5054 bool is_last_action)
9583bc14 5055{
4e022ec0 5056 ofp_port_t port;
9583bc14 5057
49a73e0c 5058 port = bundle_execute(bundle, &ctx->xin->flow, ctx->wc, slave_enabled_cb,
46c88433 5059 CONST_CAST(struct xbridge *, ctx->xbridge));
9583bc14 5060 if (bundle->dst.field) {
49a73e0c 5061 nxm_reg_load(&bundle->dst, ofp_to_u16(port), &ctx->xin->flow, ctx->wc);
2d9b49dd 5062 xlate_report_subfield(ctx, &bundle->dst);
9583bc14 5063 } else {
8b496c72 5064 xlate_output_action(ctx, port, 0, false, is_last_action, false);
9583bc14
EJ		 5065 }
5066}
5067
4165b5e0
JS		 5068static void
5069xlate_learn_action(struct xlate_ctx *ctx, const struct ofpact_learn *learn)
5070{
49a73e0c 5071 learn_mask(learn, ctx->wc);
9583bc14 5072
df70a773 5073 if (ctx->xin->xcache || ctx->xin->allow_side_effects) {
4165b5e0
JS		 5074 uint64_t ofpacts_stub[1024 / 8];
5075 struct ofputil_flow_mod fm;
2c7ee524 5076 struct ofproto_flow_mod ofm__, *ofm;
4165b5e0 5077 struct ofpbuf ofpacts;
2c7ee524
JR		 5078 enum ofperr error;
5079
5080 if (ctx->xin->xcache) {
3f3b97b0 5081 ofm = xmalloc(sizeof *ofm);
2c7ee524
JR		 5082 } else {
5083 ofm = &ofm__;
5084 }
4165b5e0
JS		 5085
5086 ofpbuf_use_stub(&ofpacts, ofpacts_stub, sizeof ofpacts_stub);
2c7ee524 5087 learn_execute(learn, &ctx->xin->flow, &fm, &ofpacts);
2d9b49dd
BP		 5088 if (OVS_UNLIKELY(ctx->xin->trace)) {
5089 struct ds s = DS_EMPTY_INITIALIZER;
5090 ds_put_format(&s, "table=%"PRIu8" ", fm.table_id);
50f96b10 5091 match_format(&fm.match, NULL, &s, OFP_DEFAULT_PRIORITY);
2d9b49dd
BP		 5092 ds_chomp(&s, ' ');
5093 ds_put_format(&s, " priority=%d", fm.priority);
5094 if (fm.new_cookie) {
5095 ds_put_format(&s, " cookie=%#"PRIx64, ntohll(fm.new_cookie));
5096 }
5097 if (fm.idle_timeout != OFP_FLOW_PERMANENT) {
5098 ds_put_format(&s, " idle=%"PRIu16, fm.idle_timeout);
5099 }
5100 if (fm.hard_timeout != OFP_FLOW_PERMANENT) {
5101 ds_put_format(&s, " hard=%"PRIu16, fm.hard_timeout);
5102 }
5103 if (fm.flags & NX_LEARN_F_SEND_FLOW_REM) {
5104 ds_put_cstr(&s, " send_flow_rem");
5105 }
5106 ds_put_cstr(&s, " actions=");
50f96b10 5107 ofpacts_format(fm.ofpacts, fm.ofpacts_len, NULL, &s);
2d9b49dd
BP		 5108 xlate_report(ctx, OFT_DETAIL, "%s", ds_cstr(&s));
5109 ds_destroy(&s);
5110 }
2c7ee524
JR		 5111 error = ofproto_dpif_flow_mod_init_for_learn(ctx->xbridge->ofproto,
5112 &fm, ofm);
4165b5e0 5113 ofpbuf_uninit(&ofpacts);
2c7ee524 5114
3f3b97b0 5115 if (!error) {
4c71600d 5116 bool success = true;
3f3b97b0 5117 if (ctx->xin->allow_side_effects) {
4c71600d
DDP		 5118 error = ofproto_flow_mod_learn(ofm, ctx->xin->xcache != NULL,
5119 learn->limit, &success);
5120 } else if (learn->limit) {
5121 if (!ofm->temp_rule
5122 || ofm->temp_rule->state != RULE_INSERTED) {
5123 /* The learned rule expired and there are no packets, so
5124 * we cannot learn again. Since the translated actions
5125 * depend on the result of learning, we tell the caller
5126 * that there's no point in caching this result. */
5127 ctx->xout->avoid_caching = true;
5128 }
3f3b97b0
DDP		 5129 }
5130
4c71600d
DDP		 5131 if (learn->flags & NX_LEARN_F_WRITE_RESULT) {
5132 nxm_reg_load(&learn->result_dst, success ? 1 : 0,
5133 &ctx->xin->flow, ctx->wc);
5134 xlate_report_subfield(ctx, &learn->result_dst);
5135 }
5136
5137 if (success && ctx->xin->xcache) {
3f3b97b0
DDP		 5138 struct xc_entry *entry;
5139
5140 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_LEARN);
5141 entry->learn.ofm = ofm;
4c71600d 5142 entry->learn.limit = learn->limit;
3f3b97b0 5143 ofm = NULL;
1bddcb5d
YS		 5144 } else {
5145 ofproto_flow_mod_uninit(ofm);
3f3b97b0 5146 }
4c71600d
DDP		 5147
5148 if (OVS_UNLIKELY(ctx->xin->trace && !success)) {
5149 xlate_report(ctx, OFT_DETAIL, "Limit exceeded, learn failed");
5150 }
3f3b97b0
DDP		 5151 }
5152
3f76c123 5153 if (ofm != &ofm__) {
3f3b97b0 5154 free(ofm);
2c7ee524
JR		 5155 }
5156
5157 if (error) {
2d9b49dd
BP		 5158 xlate_report_error(ctx, "LEARN action execution failed (%s).",
5159 ofperr_to_string(error));
2c7ee524 5160 }
2d9b49dd
BP		 5161 } else {
5162 xlate_report(ctx, OFT_WARN,
5163 "suppressing side effects, so learn action ignored");
b256dc52
JS		 5164 }
5165}
5166
5167static void
5168xlate_fin_timeout__(struct rule_dpif *rule, uint16_t tcp_flags,
5169 uint16_t idle_timeout, uint16_t hard_timeout)
5170{
5171 if (tcp_flags & (TCP_FIN | TCP_RST)) {
07a3cd5c 5172 ofproto_rule_reduce_timeouts(&rule->up, idle_timeout, hard_timeout);
b256dc52 5173 }
9583bc14
EJ		 5174}
5175
9583bc14
EJ		 5176static void
5177xlate_fin_timeout(struct xlate_ctx *ctx,
5178 const struct ofpact_fin_timeout *oft)
5179{
b256dc52 5180 if (ctx->rule) {
df70a773
JR		 5181 if (ctx->xin->allow_side_effects) {
5182 xlate_fin_timeout__(ctx->rule, ctx->xin->tcp_flags,
5183 oft->fin_idle_timeout, oft->fin_hard_timeout);
5184 }
b256dc52
JS		 5185 if (ctx->xin->xcache) {
5186 struct xc_entry *entry;
5187
5188 entry = xlate_cache_add_entry(ctx->xin->xcache, XC_FIN_TIMEOUT);
83709dfa
JR		 5189 /* XC_RULE already holds a reference on the rule, none is taken
5190 * here. */
901a517e
JR		 5191 entry->fin.rule = ctx->rule;
5192 entry->fin.idle = oft->fin_idle_timeout;
5193 entry->fin.hard = oft->fin_hard_timeout;
b256dc52 5194 }
9583bc14
EJ		 5195 }
5196}
5197
5198static void
5199xlate_sample_action(struct xlate_ctx *ctx,
5200 const struct ofpact_sample *os)
5201{
f69f713b
BY		 5202 odp_port_t output_odp_port = ODPP_NONE;
5203 odp_port_t tunnel_out_port = ODPP_NONE;
5204 struct dpif_ipfix *ipfix = ctx->xbridge->ipfix;
5205 bool emit_set_tunnel = false;
5206
5207 if (!ipfix || ctx->xin->flow.in_port.ofp_port == OFPP_NONE) {
5208 return;
5209 }
5210
e824d78d
JR		 5211 /* Scale the probability from 16-bit to 32-bit while representing
5212 * the same percentage. */
5213 uint32_t probability = (os->probability << 16) | os->probability;
5214
b440dd8c 5215 if (!ctx->xbridge->support.variable_length_userdata) {
2d9b49dd
BP		 5216 xlate_report_error(ctx, "ignoring NXAST_SAMPLE action because "
5217 "datapath lacks support (needs Linux 3.10+ or "
5218 "kernel module from OVS 1.11+)");
e824d78d
JR		 5219 return;
5220 }
5221
f69f713b
BY		 5222 /* If ofp_port in flow sample action is equel to ofp_port,
5223 * this sample action is a input port action. */
5224 if (os->sampling_port != OFPP_NONE &&
5225 os->sampling_port != ctx->xin->flow.in_port.ofp_port) {
5226 output_odp_port = ofp_port_to_odp_port(ctx->xbridge,
5227 os->sampling_port);
5228 if (output_odp_port == ODPP_NONE) {
2d9b49dd
BP		 5229 xlate_report_error(ctx, "can't use unknown port %d in flow sample "
5230 "action", os->sampling_port);
f69f713b
BY		 5231 return;
5232 }
5233
5234 if (dpif_ipfix_get_flow_exporter_tunnel_sampling(ipfix,
5235 os->collector_set_id)
5236 && dpif_ipfix_get_tunnel_port(ipfix, output_odp_port)) {
5237 tunnel_out_port = output_odp_port;
5238 emit_set_tunnel = true;
5239 }
5240 }
5241
5242 xlate_commit_actions(ctx);
5243 /* If 'emit_set_tunnel', sample(sampling_port=1) would translate
5244 * into datapath sample action set(tunnel(...)), sample(...) and
5245 * it is used for sampling egress tunnel information. */
5246 if (emit_set_tunnel) {
5247 const struct xport *xport = get_ofp_port(ctx->xbridge,
5248 os->sampling_port);
5249
5250 if (xport && xport->is_tunnel) {
5251 struct flow *flow = &ctx->xin->flow;
5252 tnl_port_send(xport->ofport, flow, ctx->wc);
5253 if (!ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) {
5254 struct flow_tnl flow_tnl = flow->tunnel;
5255
5256 commit_odp_tunnel_action(flow, &ctx->base_flow,
5257 ctx->odp_actions);
5258 flow->tunnel = flow_tnl;
5259 }
5260 } else {
2d9b49dd
BP		 5261 xlate_report_error(ctx,
5262 "sampling_port:%d should be a tunnel port.",
5263 os->sampling_port);
f69f713b
BY		 5264 }
5265 }
e824d78d 5266
a6092018
BP		 5267 union user_action_cookie cookie = {
5268 .flow_sample = {
5269 .type = USER_ACTION_COOKIE_FLOW_SAMPLE,
5270 .probability = os->probability,
5271 .collector_set_id = os->collector_set_id,
5272 .obs_domain_id = os->obs_domain_id,
5273 .obs_point_id = os->obs_point_id,
f69f713b 5274 .output_odp_port = output_odp_port,
4930ea56 5275 .direction = os->direction,
a6092018
BP		 5276 }
5277 };
5278 compose_sample_action(ctx, probability, &cookie, sizeof cookie.flow_sample,
f69f713b 5279 tunnel_out_port, false);
9583bc14
EJ		 5280}
5281
eee69393
AZ		 5282/* Determine if an datapath action translated from the openflow action
5283 * can be reversed by another datapath action.
5284 *
5285 * Openflow actions that do not emit datapath actions are trivially
5286 * reversible. Reversiblity of other actions depends on nature of
5287 * action and their translation. */
5288static bool
5289reversible_actions(const struct ofpact *ofpacts, size_t ofpacts_len)
bef503e8 5290{
eee69393 5291 const struct ofpact *a;
bef503e8 5292
eee69393
AZ		 5293 OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) {
5294 switch (a->type) {
5295 case OFPACT_BUNDLE:
5296 case OFPACT_CLEAR_ACTIONS:
5297 case OFPACT_CLONE:
5298 case OFPACT_CONJUNCTION:
5299 case OFPACT_CONTROLLER:
5300 case OFPACT_CT_CLEAR:
5301 case OFPACT_DEBUG_RECIRC:
5302 case OFPACT_DEC_MPLS_TTL:
5303 case OFPACT_DEC_TTL:
5304 case OFPACT_ENQUEUE:
5305 case OFPACT_EXIT:
5306 case OFPACT_FIN_TIMEOUT:
5307 case OFPACT_GOTO_TABLE:
5308 case OFPACT_GROUP:
5309 case OFPACT_LEARN:
5310 case OFPACT_MULTIPATH:
5311 case OFPACT_NOTE:
5312 case OFPACT_OUTPUT:
5313 case OFPACT_OUTPUT_REG:
5314 case OFPACT_POP_MPLS:
5315 case OFPACT_POP_QUEUE:
5316 case OFPACT_PUSH_MPLS:
5317 case OFPACT_PUSH_VLAN:
5318 case OFPACT_REG_MOVE:
5319 case OFPACT_RESUBMIT:
5320 case OFPACT_SAMPLE:
5321 case OFPACT_SET_ETH_DST:
5322 case OFPACT_SET_ETH_SRC:
5323 case OFPACT_SET_FIELD:
5324 case OFPACT_SET_IP_DSCP:
5325 case OFPACT_SET_IP_ECN:
5326 case OFPACT_SET_IP_TTL:
5327 case OFPACT_SET_IPV4_DST:
5328 case OFPACT_SET_IPV4_SRC:
5329 case OFPACT_SET_L4_DST_PORT:
5330 case OFPACT_SET_L4_SRC_PORT:
5331 case OFPACT_SET_MPLS_LABEL:
5332 case OFPACT_SET_MPLS_TC:
5333 case OFPACT_SET_MPLS_TTL:
5334 case OFPACT_SET_QUEUE:
5335 case OFPACT_SET_TUNNEL:
5336 case OFPACT_SET_VLAN_PCP:
5337 case OFPACT_SET_VLAN_VID:
5338 case OFPACT_STACK_POP:
5339 case OFPACT_STACK_PUSH:
5340 case OFPACT_STRIP_VLAN:
5341 case OFPACT_UNROLL_XLATE:
5342 case OFPACT_WRITE_ACTIONS:
5343 case OFPACT_WRITE_METADATA:
5344 break;
5345
5346 case OFPACT_CT:
5347 case OFPACT_METER:
5348 case OFPACT_NAT:
5349 case OFPACT_OUTPUT_TRUNC:
2142be1f
BP		 5350 case OFPACT_ENCAP:
5351 case OFPACT_DECAP:
eee69393 5352 return false;
9c2a44dc 5353 }
456024cb 5354 }
eee69393 5355 return true;
bef503e8
AZ		 5356}
5357
5358static void
c9f0a445 5359clone_xlate_actions(const struct ofpact *actions, size_t actions_len,
feee58b9 5360 struct xlate_ctx *ctx, bool is_last_action)
7ae62a67 5361{
b827b231
BP		 5362 struct ofpbuf old_stack = ctx->stack;
5363 union mf_subvalue new_stack[1024 / sizeof(union mf_subvalue)];
5364 ofpbuf_use_stub(&ctx->stack, new_stack, sizeof new_stack);
5365 ofpbuf_put(&ctx->stack, old_stack.data, old_stack.size);
5366
5367 struct ofpbuf old_action_set = ctx->action_set;
5368 uint64_t actset_stub[1024 / 8];
5369 ofpbuf_use_stub(&ctx->action_set, actset_stub, sizeof actset_stub);
5370 ofpbuf_put(&ctx->action_set, old_action_set.data, old_action_set.size);
5371
eee69393 5372 size_t offset, ac_offset;
eee69393
AZ		 5373 struct flow old_flow = ctx->xin->flow;
5374
feee58b9 5375 if (reversible_actions(actions, actions_len) || is_last_action) {
eee69393 5376 old_flow = ctx->xin->flow;
feee58b9 5377 do_xlate_actions(actions, actions_len, ctx, is_last_action);
60eebf12
AZ		 5378 if (ctx->freezing) {
5379 finish_freezing(ctx);
5380 }
eee69393
AZ		 5381 goto xlate_done;
5382 }
5383
5384 /* Commit datapath actions before emitting the clone action to
5385 * avoid emitting those actions twice. Once inside
5386 * the clone, another time for the action after clone. */
5387 xlate_commit_actions(ctx);
9c2a44dc 5388 struct flow old_base = ctx->base_flow;
eee69393
AZ		 5389 bool old_was_mpls = ctx->was_mpls;
5390 bool old_conntracked = ctx->conntracked;
ba653d2a 5391
eee69393
AZ		 5392 /* The actions are not reversible, a datapath clone action is
5393 * required to encode the translation. Select the clone action
5394 * based on datapath capabilities. */
5395 if (ctx->xbridge->support.clone) { /* Use clone action */
5396 /* Use clone action as datapath clone. */
5397 offset = nl_msg_start_nested(ctx->odp_actions, OVS_ACTION_ATTR_CLONE);
feee58b9 5398 do_xlate_actions(actions, actions_len, ctx, true);
60eebf12
AZ		 5399 if (ctx->freezing) {
5400 finish_freezing(ctx);
5401 }
eee69393
AZ		 5402 nl_msg_end_non_empty_nested(ctx->odp_actions, offset);
5403 goto dp_clone_done;
5404 }
b827b231 5405
eee69393
AZ		 5406 if (ctx->xbridge->support.sample_nesting > 3) {
5407 /* Use sample action as datapath clone. */
5408 offset = nl_msg_start_nested(ctx->odp_actions, OVS_ACTION_ATTR_SAMPLE);
5409 ac_offset = nl_msg_start_nested(ctx->odp_actions,
5410 OVS_SAMPLE_ATTR_ACTIONS);
feee58b9 5411 do_xlate_actions(actions, actions_len, ctx, true);
60eebf12
AZ		 5412 if (ctx->freezing) {
5413 finish_freezing(ctx);
5414 }
eee69393
AZ		 5415 if (nl_msg_end_non_empty_nested(ctx->odp_actions, ac_offset)) {
5416 nl_msg_cancel_nested(ctx->odp_actions, offset);
5417 } else {
5418 nl_msg_put_u32(ctx->odp_actions, OVS_SAMPLE_ATTR_PROBABILITY,
5419 UINT32_MAX); /* 100% probability. */
5420 nl_msg_end_nested(ctx->odp_actions, offset);
5421 }
5422 goto dp_clone_done;
5423 }
5424
5425 /* Datapath does not support clone, skip xlate 'oc' and
5426 * report an error */
5427 xlate_report_error(ctx, "Failed to compose clone action");
ba653d2a 5428
eee69393 5429dp_clone_done:
ba653d2a
BP		 5430 /* The clone's conntrack execution should have no effect on the original
5431 * packet. */
5432 ctx->conntracked = old_conntracked;
bd3c2df3
BP		 5433
5434 /* Popping MPLS from the clone should have no effect on the original
5435 * packet. */
5436 ctx->was_mpls = old_was_mpls;
eee69393
AZ		 5437
5438 /* Restore the 'base_flow' for the next action. */
5439 ctx->base_flow = old_base;
5440
5441xlate_done:
5442 ofpbuf_uninit(&ctx->action_set);
5443 ctx->action_set = old_action_set;
5444 ofpbuf_uninit(&ctx->stack);
5445 ctx->stack = old_stack;
5446 ctx->xin->flow = old_flow;
7ae62a67
WT		 5447}
5448
c9f0a445 5449static void
feee58b9
AZ		 5450compose_clone(struct xlate_ctx *ctx, const struct ofpact_nest *oc,
5451 bool is_last_action)
c9f0a445
AZ		 5452{
5453 size_t oc_actions_len = ofpact_nest_get_action_len(oc);
5454
feee58b9 5455 clone_xlate_actions(oc->actions, oc_actions_len, ctx, is_last_action);
c9f0a445
AZ		 5456}
5457
076caa2f
JR		 5458static void
5459xlate_meter_action(struct xlate_ctx *ctx, const struct ofpact_meter *meter)
5460{
5461 if (meter->provider_meter_id != UINT32_MAX) {
5462 nl_msg_put_u32(ctx->odp_actions, OVS_ACTION_ATTR_METER,
5463 meter->provider_meter_id);
5464 }
5465}
5466
9583bc14 5467static bool
46c88433 5468may_receive(const struct xport *xport, struct xlate_ctx *ctx)
9583bc14 5469{
bbbca389 5470 if (xport->config & (is_stp(&ctx->xin->flow)
46c88433
EJ		 5471 ? OFPUTIL_PC_NO_RECV_STP
5472 : OFPUTIL_PC_NO_RECV)) {
9583bc14
EJ		 5473 return false;
5474 }
5475
5476 /* Only drop packets here if both forwarding and learning are
5477 * disabled. If just learning is enabled, we need to have
5478 * OFPP_NORMAL and the learning action have a look at the packet
5479 * before we can drop it. */
9efd308e
DV		 5480 if ((!xport_stp_forward_state(xport) && !xport_stp_learn_state(xport)) ||
5481 (!xport_rstp_forward_state(xport) && !xport_rstp_learn_state(xport))) {
9583bc14
EJ		 5482 return false;
5483 }
5484
5485 return true;
5486}
5487
7fdb60a7 5488static void
7e7e8dbb
BP		 5489xlate_write_actions__(struct xlate_ctx *ctx,
5490 const struct ofpact *ofpacts, size_t ofpacts_len)
7fdb60a7 5491{
c61f3870
BP		 5492 /* Maintain actset_output depending on the contents of the action set:
5493 *
5494 * - OFPP_UNSET, if there is no "output" action.
5495 *
5496 * - The output port, if there is an "output" action and no "group"
5497 * action.
5498 *
5499 * - OFPP_UNSET, if there is a "group" action.
5500 */
5501 if (!ctx->action_set_has_group) {
7e7e8dbb
BP		 5502 const struct ofpact *a;
5503 OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) {
5504 if (a->type == OFPACT_OUTPUT) {
5505 ctx->xin->flow.actset_output = ofpact_get_OUTPUT(a)->port;
5506 } else if (a->type == OFPACT_GROUP) {
c61f3870
BP		 5507 ctx->xin->flow.actset_output = OFPP_UNSET;
5508 ctx->action_set_has_group = true;
9055ca9a 5509 break;
c61f3870
BP		 5510 }
5511 }
5512 }
5513
7e7e8dbb
BP		 5514 ofpbuf_put(&ctx->action_set, ofpacts, ofpacts_len);
5515}
5516
5517static void
5518xlate_write_actions(struct xlate_ctx *ctx, const struct ofpact_nest *a)
5519{
5520 xlate_write_actions__(ctx, a->actions, ofpact_nest_get_action_len(a));
7fdb60a7
SH		 5521}
5522
5523static void
5524xlate_action_set(struct xlate_ctx *ctx)
5525{
2d9b49dd
BP		 5526 uint64_t action_list_stub[1024 / 8];
5527 struct ofpbuf action_list = OFPBUF_STUB_INITIALIZER(action_list_stub);
7fdb60a7 5528 ofpacts_execute_action_set(&action_list, &ctx->action_set);
ed9c9e3e
JR		 5529 /* Clear the action set, as it is not needed any more. */
5530 ofpbuf_clear(&ctx->action_set);
2d9b49dd
BP		 5531 if (action_list.size) {
5532 ctx->in_action_set = true;
5533
5534 struct ovs_list *old_trace = ctx->xin->trace;
5535 ctx->xin->trace = xlate_report(ctx, OFT_TABLE,
5536 "--. Executing action set:");
feee58b9 5537 do_xlate_actions(action_list.data, action_list.size, ctx, true);
2d9b49dd
BP		 5538 ctx->xin->trace = old_trace;
5539
5540 ctx->in_action_set = false;
5541 }
7fdb60a7
SH		 5542 ofpbuf_uninit(&action_list);
5543}
5544
e672ff9b 5545static void
1d361a81 5546freeze_put_unroll_xlate(struct xlate_ctx *ctx)
e672ff9b 5547{
1d361a81 5548 struct ofpact_unroll_xlate *unroll = ctx->frozen_actions.header;
e672ff9b
JR		 5549
5550 /* Restore the table_id and rule cookie for a potential PACKET
5551 * IN if needed. */
5552 if (!unroll ||
5553 (ctx->table_id != unroll->rule_table_id
5554 || ctx->rule_cookie != unroll->rule_cookie)) {
1d361a81 5555 unroll = ofpact_put_UNROLL_XLATE(&ctx->frozen_actions);
e672ff9b
JR		 5556 unroll->rule_table_id = ctx->table_id;
5557 unroll->rule_cookie = ctx->rule_cookie;
1d361a81 5558 ctx->frozen_actions.header = unroll;
e672ff9b
JR		 5559 }
5560}
5561
5562
1d361a81
BP		 5563/* Copy actions 'a' through 'end' to ctx->frozen_actions, which will be
5564 * executed after thawing. Inserts an UNROLL_XLATE action, if none is already
5565 * present, before any action that may depend on the current table ID or flow
5566 * cookie. */
e672ff9b 5567static void
1d361a81 5568freeze_unroll_actions(const struct ofpact *a, const struct ofpact *end,
e672ff9b
JR		 5569 struct xlate_ctx *ctx)
5570{
c2b283b7 5571 for (; a < end; a = ofpact_next(a)) {
e672ff9b 5572 switch (a->type) {
e672ff9b 5573 case OFPACT_OUTPUT_REG:
aaca4fe0 5574 case OFPACT_OUTPUT_TRUNC:
e672ff9b
JR		 5575 case OFPACT_GROUP:
5576 case OFPACT_OUTPUT:
5577 case OFPACT_CONTROLLER:
5578 case OFPACT_DEC_MPLS_TTL:
5579 case OFPACT_DEC_TTL:
83a31283
BP		 5580 /* These actions may generate asynchronous messages, which include
5581 * table ID and flow cookie information. */
1d361a81 5582 freeze_put_unroll_xlate(ctx);
e672ff9b
JR		 5583 break;
5584
83a31283
BP		 5585 case OFPACT_RESUBMIT:
5586 if (ofpact_get_RESUBMIT(a)->table_id == 0xff) {
5587 /* This resubmit action is relative to the current table, so we
5588 * need to track what table that is.*/
1d361a81 5589 freeze_put_unroll_xlate(ctx);
83a31283
BP		 5590 }
5591 break;
5592
e672ff9b
JR		 5593 case OFPACT_SET_TUNNEL:
5594 case OFPACT_REG_MOVE:
5595 case OFPACT_SET_FIELD:
5596 case OFPACT_STACK_PUSH:
5597 case OFPACT_STACK_POP:
5598 case OFPACT_LEARN:
5599 case OFPACT_WRITE_METADATA:
83a31283 5600 case OFPACT_GOTO_TABLE:
e672ff9b
JR		 5601 case OFPACT_ENQUEUE:
5602 case OFPACT_SET_VLAN_VID:
5603 case OFPACT_SET_VLAN_PCP:
5604 case OFPACT_STRIP_VLAN:
5605 case OFPACT_PUSH_VLAN:
5606 case OFPACT_SET_ETH_SRC:
5607 case OFPACT_SET_ETH_DST:
5608 case OFPACT_SET_IPV4_SRC:
5609 case OFPACT_SET_IPV4_DST:
5610 case OFPACT_SET_IP_DSCP:
5611 case OFPACT_SET_IP_ECN:
5612 case OFPACT_SET_IP_TTL:
5613 case OFPACT_SET_L4_SRC_PORT:
5614 case OFPACT_SET_L4_DST_PORT:
5615 case OFPACT_SET_QUEUE:
5616 case OFPACT_POP_QUEUE:
5617 case OFPACT_PUSH_MPLS:
5618 case OFPACT_POP_MPLS:
5619 case OFPACT_SET_MPLS_LABEL:
5620 case OFPACT_SET_MPLS_TC:
5621 case OFPACT_SET_MPLS_TTL:
5622 case OFPACT_MULTIPATH:
5623 case OFPACT_BUNDLE:
5624 case OFPACT_EXIT:
5625 case OFPACT_UNROLL_XLATE:
5626 case OFPACT_FIN_TIMEOUT:
5627 case OFPACT_CLEAR_ACTIONS:
5628 case OFPACT_WRITE_ACTIONS:
5629 case OFPACT_METER:
5630 case OFPACT_SAMPLE:
7ae62a67 5631 case OFPACT_CLONE:
f839892a
JS		 5632 case OFPACT_ENCAP:
5633 case OFPACT_DECAP:
d4abaff5 5634 case OFPACT_DEBUG_RECIRC:
07659514 5635 case OFPACT_CT:
72fe7578 5636 case OFPACT_CT_CLEAR:
9ac0aada 5637 case OFPACT_NAT:
83a31283 5638 /* These may not generate PACKET INs. */
e672ff9b
JR		 5639 break;
5640
e672ff9b
JR		 5641 case OFPACT_NOTE:
5642 case OFPACT_CONJUNCTION:
83a31283 5643 /* These need not be copied for restoration. */
e672ff9b
JR		 5644 continue;
5645 }
5646 /* Copy the action over. */
1d361a81 5647 ofpbuf_put(&ctx->frozen_actions, a, OFPACT_ALIGN(a->len));
e672ff9b
JR		 5648 }
5649}
5650
8e53fe8c 5651static void
f2d105b5
JS		 5652put_ct_mark(const struct flow *flow, struct ofpbuf *odp_actions,
5653 struct flow_wildcards *wc)
8e53fe8c 5654{
2a754f4a
JS		 5655 if (wc->masks.ct_mark) {
5656 struct {
5657 uint32_t key;
5658 uint32_t mask;
5659 } *odp_ct_mark;
5660
5661 odp_ct_mark = nl_msg_put_unspec_uninit(odp_actions, OVS_CT_ATTR_MARK,
5662 sizeof(*odp_ct_mark));
5663 odp_ct_mark->key = flow->ct_mark & wc->masks.ct_mark;
5664 odp_ct_mark->mask = wc->masks.ct_mark;
8e53fe8c
JS		 5665 }
5666}
5667
9daf2348 5668static void
f2d105b5
JS		 5669put_ct_label(const struct flow *flow, struct ofpbuf *odp_actions,
5670 struct flow_wildcards *wc)
9daf2348 5671{
2ff8484b 5672 if (!ovs_u128_is_zero(wc->masks.ct_label)) {
9daf2348
JS		 5673 struct {
5674 ovs_u128 key;
5675 ovs_u128 mask;
89cf41ec 5676 } odp_ct_label;
9daf2348 5677
89cf41ec
BP		 5678 odp_ct_label.key = ovs_u128_and(flow->ct_label, wc->masks.ct_label);
5679 odp_ct_label.mask = wc->masks.ct_label;
5680 nl_msg_put_unspec(odp_actions, OVS_CT_ATTR_LABELS,
5681 &odp_ct_label, sizeof odp_ct_label);
9daf2348
JS		 5682 }
5683}
5684
d787ad39 5685static void
2d9b49dd
BP		 5686put_ct_helper(struct xlate_ctx *ctx,
5687 struct ofpbuf *odp_actions, struct ofpact_conntrack *ofc)
d787ad39
JS		 5688{
5689 if (ofc->alg) {
40c7b2fc
JS		 5690 switch(ofc->alg) {
5691 case IPPORT_FTP:
d787ad39 5692 nl_msg_put_string(odp_actions, OVS_CT_ATTR_HELPER, "ftp");
40c7b2fc
JS		 5693 break;
5694 case IPPORT_TFTP:
5695 nl_msg_put_string(odp_actions, OVS_CT_ATTR_HELPER, "tftp");
5696 break;
5697 default:
2d9b49dd 5698 xlate_report_error(ctx, "cannot serialize ct_helper %d", ofc->alg);
40c7b2fc 5699 break;
d787ad39
JS		 5700 }
5701 }
5702}
5703
9ac0aada
JR		 5704static void
5705put_ct_nat(struct xlate_ctx *ctx)
5706{
5707 struct ofpact_nat *ofn = ctx->ct_nat_action;
5708 size_t nat_offset;
5709
5710 if (!ofn) {
5711 return;
5712 }
5713
5714 nat_offset = nl_msg_start_nested(ctx->odp_actions, OVS_CT_ATTR_NAT);
5715 if (ofn->flags & NX_NAT_F_SRC || ofn->flags & NX_NAT_F_DST) {
5716 nl_msg_put_flag(ctx->odp_actions, ofn->flags & NX_NAT_F_SRC
5717 ? OVS_NAT_ATTR_SRC : OVS_NAT_ATTR_DST);
5718 if (ofn->flags & NX_NAT_F_PERSISTENT) {
5719 nl_msg_put_flag(ctx->odp_actions, OVS_NAT_ATTR_PERSISTENT);
5720 }
5721 if (ofn->flags & NX_NAT_F_PROTO_HASH) {
5722 nl_msg_put_flag(ctx->odp_actions, OVS_NAT_ATTR_PROTO_HASH);
5723 } else if (ofn->flags & NX_NAT_F_PROTO_RANDOM) {
5724 nl_msg_put_flag(ctx->odp_actions, OVS_NAT_ATTR_PROTO_RANDOM);
5725 }
5726 if (ofn->range_af == AF_INET) {
73e8bc23 5727 nl_msg_put_be32(ctx->odp_actions, OVS_NAT_ATTR_IP_MIN,
9ac0aada
JR		 5728 ofn->range.addr.ipv4.min);
5729 if (ofn->range.addr.ipv4.max &&
73e8bc23
BP		 5730 (ntohl(ofn->range.addr.ipv4.max)
5731 > ntohl(ofn->range.addr.ipv4.min))) {
5732 nl_msg_put_be32(ctx->odp_actions, OVS_NAT_ATTR_IP_MAX,
5733 ofn->range.addr.ipv4.max);
9ac0aada
JR		 5734 }
5735 } else if (ofn->range_af == AF_INET6) {
5736 nl_msg_put_unspec(ctx->odp_actions, OVS_NAT_ATTR_IP_MIN,
5737 &ofn->range.addr.ipv6.min,
5738 sizeof ofn->range.addr.ipv6.min);
5739 if (!ipv6_mask_is_any(&ofn->range.addr.ipv6.max) &&
5740 memcmp(&ofn->range.addr.ipv6.max, &ofn->range.addr.ipv6.min,
5741 sizeof ofn->range.addr.ipv6.max) > 0) {
5742 nl_msg_put_unspec(ctx->odp_actions, OVS_NAT_ATTR_IP_MAX,
5743 &ofn->range.addr.ipv6.max,
5744 sizeof ofn->range.addr.ipv6.max);
5745 }
5746 }
5747 if (ofn->range_af != AF_UNSPEC && ofn->range.proto.min) {
5748 nl_msg_put_u16(ctx->odp_actions, OVS_NAT_ATTR_PROTO_MIN,
5749 ofn->range.proto.min);
5750 if (ofn->range.proto.max &&
5751 ofn->range.proto.max > ofn->range.proto.min) {
5752 nl_msg_put_u16(ctx->odp_actions, OVS_NAT_ATTR_PROTO_MAX,
5753 ofn->range.proto.max);
5754 }
5755 }
5756 }
5757 nl_msg_end_nested(ctx->odp_actions, nat_offset);
5758}
5759
07659514 5760static void
feee58b9
AZ		 5761compose_conntrack_action(struct xlate_ctx *ctx, struct ofpact_conntrack *ofc,
5762 bool is_last_action)
07659514 5763{
f2d105b5 5764 ovs_u128 old_ct_label_mask = ctx->wc->masks.ct_label;
f2d105b5 5765 uint32_t old_ct_mark_mask = ctx->wc->masks.ct_mark;
07659514
JS		 5766 size_t ct_offset;
5767 uint16_t zone;
5768
5769 /* Ensure that any prior actions are applied before composing the new
5770 * conntrack action. */
5771 xlate_commit_actions(ctx);
5772
8e53fe8c 5773 /* Process nested actions first, to populate the key. */
9ac0aada 5774 ctx->ct_nat_action = NULL;
f2d105b5 5775 ctx->wc->masks.ct_mark = 0;
f6fabcc6 5776 ctx->wc->masks.ct_label = OVS_U128_ZERO;
feee58b9
AZ		 5777 do_xlate_actions(ofc->actions, ofpact_ct_get_action_len(ofc), ctx,
5778 is_last_action);
8e53fe8c 5779
07659514
JS		 5780 if (ofc->zone_src.field) {
5781 zone = mf_get_subfield(&ofc->zone_src, &ctx->xin->flow);
5782 } else {
5783 zone = ofc->zone_imm;
5784 }
5785
5786 ct_offset = nl_msg_start_nested(ctx->odp_actions, OVS_ACTION_ATTR_CT);
5787 if (ofc->flags & NX_CT_F_COMMIT) {
a76a37ef
JR		 5788 nl_msg_put_flag(ctx->odp_actions, ofc->flags & NX_CT_F_FORCE ?
5789 OVS_CT_ATTR_FORCE_COMMIT : OVS_CT_ATTR_COMMIT);
adfe7a0b
JR		 5790 if (ctx->xbridge->support.ct_eventmask) {
5791 nl_msg_put_u32(ctx->odp_actions, OVS_CT_ATTR_EVENTMASK,
975954af 5792 OVS_CT_EVENTMASK_DEFAULT);
adfe7a0b 5793 }
07659514
JS		 5794 }
5795 nl_msg_put_u16(ctx->odp_actions, OVS_CT_ATTR_ZONE, zone);
f2d105b5
JS		 5796 put_ct_mark(&ctx->xin->flow, ctx->odp_actions, ctx->wc);
5797 put_ct_label(&ctx->xin->flow, ctx->odp_actions, ctx->wc);
2d9b49dd 5798 put_ct_helper(ctx, ctx->odp_actions, ofc);
9ac0aada
JR		 5799 put_ct_nat(ctx);
5800 ctx->ct_nat_action = NULL;
07659514
JS		 5801 nl_msg_end_nested(ctx->odp_actions, ct_offset);
5802
f2d105b5 5803 ctx->wc->masks.ct_mark = old_ct_mark_mask;
f2d105b5 5804 ctx->wc->masks.ct_label = old_ct_label_mask;
8e53fe8c 5805
f6fabcc6 5806 if (ofc->recirc_table != NX_CT_RECIRC_NONE) {
07659514 5807 ctx->conntracked = true;
5fdd80cc 5808 compose_recirculate_and_fork(ctx, ofc->recirc_table, zone);
07659514 5809 }
f6fabcc6
JP		 5810
5811 /* The ct_* fields are only available in the scope of the 'recirc_table'
5812 * call chain. */
5813 flow_clear_conntrack(&ctx->xin->flow);
5814 ctx->conntracked = false;
07659514
JS		 5815}
5816
f839892a
JS		 5817static void
5818rewrite_flow_encap_ethernet(struct xlate_ctx *ctx,
5819 struct flow *flow,
5820 struct flow_wildcards *wc)
5821{
5822 wc->masks.packet_type = OVS_BE32_MAX;
5823 if (pt_ns(flow->packet_type) == OFPHTN_ETHERTYPE) {
5824 /* Only adjust the packet_type and zero the dummy Ethernet addresses. */
5825 ovs_be16 ethertype = pt_ns_type_be(flow->packet_type);
5826 flow->packet_type = htonl(PT_ETH);
5827 flow->dl_src = eth_addr_zero;
5828 flow->dl_dst = eth_addr_zero;
5829 flow->dl_type = ethertype;
5830 } else {
1fc11c59 5831 /* Error handling: drop packet. */
f839892a 5832 xlate_report_debug(ctx, OFT_ACTION,
1fc11c59
JS		 5833 "Dropping packet as encap(ethernet) is not "
5834 "supported for packet type ethernet.");
7873e106 5835 ctx->error = XLATE_UNSUPPORTED_PACKET_TYPE;
f839892a
JS		 5836 }
5837}
5838
1fc11c59
JS		 5839/* For an MD2 NSH header returns a pointer to an ofpbuf with the encoded
5840 * MD2 TLVs provided as encap properties to the encap operation. This
5841 * will be stored as encap_data in the ctx and copied into the encap_nsh
5842 * action at the next commit. */
5843static struct ofpbuf *
5844rewrite_flow_encap_nsh(struct xlate_ctx *ctx,
5845 const struct ofpact_encap *encap,
5846 struct flow *flow,
5847 struct flow_wildcards *wc)
5848{
5849 ovs_be32 packet_type = flow->packet_type;
5850 const char *ptr = (char *) encap->props;
5851 struct ofpbuf *buf = ofpbuf_new(OVS_ENCAP_NSH_MAX_MD_LEN);
5852 uint8_t md_type = NSH_M_TYPE1;
5853 uint8_t np = 0;
5854 int i;
5855
5856 /* Scan the optional NSH encap TLV properties, if any. */
5857 for (i = 0; i < encap->n_props; i++) {
5858 struct ofpact_ed_prop *prop_ptr =
5859 ALIGNED_CAST(struct ofpact_ed_prop *, ptr);
5860 if (prop_ptr->prop_class == OFPPPC_NSH) {
5861 switch (prop_ptr->type) {
5862 case OFPPPT_PROP_NSH_MDTYPE: {
5863 struct ofpact_ed_prop_nsh_md_type *prop_md_type =
5864 ALIGNED_CAST(struct ofpact_ed_prop_nsh_md_type *,
5865 prop_ptr);
5866 md_type = prop_md_type->md_type;
5867 break;
5868 }
5869 case OFPPPT_PROP_NSH_TLV: {
5870 struct ofpact_ed_prop_nsh_tlv *tlv_prop =
5871 ALIGNED_CAST(struct ofpact_ed_prop_nsh_tlv *,
5872 prop_ptr);
5873 struct nsh_md2_tlv *md2_ctx =
5874 ofpbuf_put_uninit(buf, sizeof(*md2_ctx));
5875 md2_ctx->md_class = tlv_prop->tlv_class;
5876 md2_ctx->type = tlv_prop->tlv_type;
5877 md2_ctx->length = tlv_prop->tlv_len;
5878 size_t len = ROUND_UP(md2_ctx->length, 4);
5879 size_t padding = len - md2_ctx->length;
5880 ofpbuf_put(buf, tlv_prop->data, md2_ctx->length);
5881 ofpbuf_put_zeros(buf, padding);
5882 break;
5883 }
5884 default:
5885 /* No other NSH encap properties defined yet. */
5886 break;
5887 }
5888 }
5889 ptr += ROUND_UP(prop_ptr->len, 8);
5890 }
5891 if (buf->size == 0 || buf->size > OVS_ENCAP_NSH_MAX_MD_LEN) {
5892 ofpbuf_delete(buf);
5893 buf = NULL;
5894 }
5895
5896 /* Determine the Next Protocol field for NSH header. */
5897 switch (ntohl(packet_type)) {
5898 case PT_ETH:
5899 np = NSH_P_ETHERNET;
5900 break;
5901 case PT_IPV4:
5902 np = NSH_P_IPV4;
5903 break;
5904 case PT_IPV6:
5905 np = NSH_P_IPV6;
5906 break;
5907 case PT_NSH:
5908 np = NSH_P_NSH;
5909 break;
5910 default:
5911 /* Error handling: drop packet. */
5912 xlate_report_debug(ctx, OFT_ACTION,
5913 "Dropping packet as encap(nsh) is not "
5914 "supported for packet type (%d,0x%x)",
5915 pt_ns(packet_type), pt_ns_type(packet_type));
7873e106 5916 ctx->error = XLATE_UNSUPPORTED_PACKET_TYPE;
1fc11c59
JS		 5917 return buf;
5918 }
5919 /* Note that we have matched on packet_type! */
5920 wc->masks.packet_type = OVS_BE32_MAX;
5921
5922 /* Reset all current flow packet headers. */
5923 memset(&flow->dl_dst, 0,
5924 sizeof(struct flow) - offsetof(struct flow, dl_dst));
5925
5926 /* Populate the flow with the new NSH header. */
5927 flow->packet_type = htonl(PT_NSH);
5928 flow->dl_type = htons(ETH_TYPE_NSH);
5929 flow->nsh.flags = 0; /* */
5930 flow->nsh.np = np;
5931 flow->nsh.spi = 0;
5932 flow->nsh.si = 255;
5933
5934 if (md_type == NSH_M_TYPE1) {
5935 flow->nsh.mdtype = NSH_M_TYPE1;
5936 memset(flow->nsh.c, 0, sizeof flow->nsh.c);
5937 if (buf) {
5938 /* Drop any MD2 context TLVs. */
5939 ofpbuf_delete(buf);
5940 buf = NULL;
5941 }
5942 } else if (md_type == NSH_M_TYPE2) {
5943 flow->nsh.mdtype = NSH_M_TYPE2;
5944 }
5945
5946 return buf;
5947}
5948
f839892a
JS		 5949static void
5950xlate_generic_encap_action(struct xlate_ctx *ctx,
5951 const struct ofpact_encap *encap)
5952{
5953 struct flow *flow = &ctx->xin->flow;
5954 struct flow_wildcards *wc = ctx->wc;
1fc11c59 5955 struct ofpbuf *encap_data = NULL;
f839892a
JS		 5956
5957 /* Ensure that any pending actions on the inner packet are applied before
5958 * rewriting the flow */
5959 xlate_commit_actions(ctx);
5960
5961 /* Rewrite the flow to reflect the effect of pushing the new encap header. */
5962 switch (ntohl(encap->new_pkt_type)) {
5963 case PT_ETH:
5964 rewrite_flow_encap_ethernet(ctx, flow, wc);
5965 break;
1fc11c59
JS		 5966 case PT_NSH:
5967 encap_data = rewrite_flow_encap_nsh(ctx, encap, flow, wc);
5968 break;
f839892a 5969 default:
1fc11c59
JS		 5970 /* New packet type was checked during decoding. */
5971 OVS_NOT_REACHED();
f839892a
JS		 5972 }
5973
5974 if (!ctx->error) {
5975 /* The actual encap datapath action will be generated at next commit. */
5976 ctx->pending_encap = true;
1fc11c59 5977 ctx->encap_data = encap_data;
f839892a
JS		 5978 }
5979}
5980
5981/* Returns true if packet must be recirculated after decapsulation. */
5982static bool
5983xlate_generic_decap_action(struct xlate_ctx *ctx,
5984 const struct ofpact_decap *decap OVS_UNUSED)
5985{
5986 struct flow *flow = &ctx->xin->flow;
5987
5988 /* Ensure that any pending actions on the current packet are applied
5989 * before generating the decap action. */
5990 xlate_commit_actions(ctx);
5991
5992 /* We assume for now that the new_pkt_type is PT_USE_NEXT_PROTO. */
5993 switch (ntohl(flow->packet_type)) {
5994 case PT_ETH:
5995 if (flow->vlans[0].tci & htons(VLAN_CFI)) {
5996 /* Error handling: drop packet. */
5997 xlate_report_debug(ctx, OFT_ACTION, "Dropping packet, cannot "
5998 "decap Ethernet if VLAN is present.");
7873e106 5999 ctx->error = XLATE_UNSUPPORTED_PACKET_TYPE;
f839892a
JS		 6000 } else {
6001 /* Just change the packet_type.
6002 * Delay generating pop_eth to the next commit. */
6003 flow->packet_type = htonl(PACKET_TYPE(OFPHTN_ETHERTYPE,
6004 ntohs(flow->dl_type)));
6005 ctx->wc->masks.dl_type = OVS_BE16_MAX;
6006 }
6007 return false;
1fc11c59
JS		 6008 case PT_NSH:
6009 /* The decap_nsh action is generated at the commit executed as
6010 * part of freezing the ctx for recirculation. Here we just set
6011 * the new packet type based on the NSH next protocol field. */
6012 switch (flow->nsh.np) {
6013 case NSH_P_ETHERNET:
6014 flow->packet_type = htonl(PT_ETH);
6015 break;
6016 case NSH_P_IPV4:
6017 flow->packet_type = htonl(PT_IPV4);
6018 break;
6019 case NSH_P_IPV6:
6020 flow->packet_type = htonl(PT_IPV6);
6021 break;
6022 case NSH_P_NSH:
6023 flow->packet_type = htonl(PT_NSH);
6024 break;
6025 default:
6026 /* Error handling: drop packet. */
6027 xlate_report_debug(ctx, OFT_ACTION,
6028 "Dropping packet as NSH next protocol %d "
6029 "is not supported", flow->nsh.np);
7873e106 6030 ctx->error = XLATE_UNSUPPORTED_PACKET_TYPE;
1fc11c59
JS		 6031 return false;
6032 break;
6033 }
6034 ctx->wc->masks.nsh.np = UINT8_MAX;
6035 /* Trigger recirculation. */
6036 return true;
f839892a 6037 default:
1fc11c59
JS		 6038 /* Error handling: drop packet. */
6039 xlate_report_debug(
6040 ctx, OFT_ACTION,
6041 "Dropping packet as the decap() does not support "
6042 "packet type (%d,0x%x)",
6043 pt_ns(flow->packet_type), pt_ns_type(flow->packet_type));
7873e106 6044 ctx->error = XLATE_UNSUPPORTED_PACKET_TYPE;
f839892a
JS		 6045 return false;
6046 }
6047}
6048
e12ec36b
SH		 6049static void
6050recirc_for_mpls(const struct ofpact *a, struct xlate_ctx *ctx)
6051{
6052 /* No need to recirculate if already exiting. */
6053 if (ctx->exit) {
6054 return;
6055 }
6056
6057 /* Do not consider recirculating unless the packet was previously MPLS. */
6058 if (!ctx->was_mpls) {
6059 return;
6060 }
6061
6062 /* Special case these actions, only recirculating if necessary.
6063 * This avoids the overhead of recirculation in common use-cases.
6064 */
6065 switch (a->type) {
6066
6067 /* Output actions do not require recirculation. */
6068 case OFPACT_OUTPUT:
aaca4fe0 6069 case OFPACT_OUTPUT_TRUNC:
e12ec36b
SH		 6070 case OFPACT_ENQUEUE:
6071 case OFPACT_OUTPUT_REG:
6072 /* Set actions that don't touch L3+ fields do not require recirculation. */
6073 case OFPACT_SET_VLAN_VID:
6074 case OFPACT_SET_VLAN_PCP:
6075 case OFPACT_SET_ETH_SRC:
6076 case OFPACT_SET_ETH_DST:
6077 case OFPACT_SET_TUNNEL:
6078 case OFPACT_SET_QUEUE:
6079 /* If actions of a group require recirculation that can be detected
6080 * when translating them. */
6081 case OFPACT_GROUP:
6082 return;
6083
6084 /* Set field that don't touch L3+ fields don't require recirculation. */
6085 case OFPACT_SET_FIELD:
6086 if (mf_is_l3_or_higher(ofpact_get_SET_FIELD(a)->field)) {
6087 break;
6088 }
6089 return;
6090
6091 /* For simplicity, recirculate in all other cases. */
6092 case OFPACT_CONTROLLER:
6093 case OFPACT_BUNDLE:
6094 case OFPACT_STRIP_VLAN:
6095 case OFPACT_PUSH_VLAN:
6096 case OFPACT_SET_IPV4_SRC:
6097 case OFPACT_SET_IPV4_DST:
6098 case OFPACT_SET_IP_DSCP:
6099 case OFPACT_SET_IP_ECN:
6100 case OFPACT_SET_IP_TTL:
6101 case OFPACT_SET_L4_SRC_PORT:
6102 case OFPACT_SET_L4_DST_PORT:
6103 case OFPACT_REG_MOVE:
6104 case OFPACT_STACK_PUSH:
6105 case OFPACT_STACK_POP:
6106 case OFPACT_DEC_TTL:
6107 case OFPACT_SET_MPLS_LABEL:
6108 case OFPACT_SET_MPLS_TC:
6109 case OFPACT_SET_MPLS_TTL:
6110 case OFPACT_DEC_MPLS_TTL:
6111 case OFPACT_PUSH_MPLS:
6112 case OFPACT_POP_MPLS:
6113 case OFPACT_POP_QUEUE:
6114 case OFPACT_FIN_TIMEOUT:
6115 case OFPACT_RESUBMIT:
6116 case OFPACT_LEARN:
6117 case OFPACT_CONJUNCTION:
6118 case OFPACT_MULTIPATH:
6119 case OFPACT_NOTE:
6120 case OFPACT_EXIT:
6121 case OFPACT_SAMPLE:
7ae62a67 6122 case OFPACT_CLONE:
f839892a
JS		 6123 case OFPACT_ENCAP:
6124 case OFPACT_DECAP:
e12ec36b
SH		 6125 case OFPACT_UNROLL_XLATE:
6126 case OFPACT_CT:
72fe7578 6127 case OFPACT_CT_CLEAR:
e12ec36b
SH		 6128 case OFPACT_NAT:
6129 case OFPACT_DEBUG_RECIRC:
6130 case OFPACT_METER:
6131 case OFPACT_CLEAR_ACTIONS:
6132 case OFPACT_WRITE_ACTIONS:
6133 case OFPACT_WRITE_METADATA:
6134 case OFPACT_GOTO_TABLE:
6135 default:
6136 break;
6137 }
6138
6139 /* Recirculate */
6140 ctx_trigger_freeze(ctx);
6141}
6142
2d9b49dd
BP		 6143static void
6144xlate_ofpact_reg_move(struct xlate_ctx *ctx, const struct ofpact_reg_move *a)
6145{
6146 mf_subfield_copy(&a->src, &a->dst, &ctx->xin->flow, ctx->wc);
6147 xlate_report_subfield(ctx, &a->dst);
6148}
6149
6150static void
6151xlate_ofpact_stack_pop(struct xlate_ctx *ctx, const struct ofpact_stack *a)
6152{
6153 if (nxm_execute_stack_pop(a, &ctx->xin->flow, ctx->wc, &ctx->stack)) {
6154 xlate_report_subfield(ctx, &a->subfield);
6155 } else {
6156 xlate_report_error(ctx, "stack underflow");
6157 }
6158}
6159
6160/* Restore translation context data that was stored earlier. */
6161static void
6162xlate_ofpact_unroll_xlate(struct xlate_ctx *ctx,
6163 const struct ofpact_unroll_xlate *a)
6164{
6165 ctx->table_id = a->rule_table_id;
6166 ctx->rule_cookie = a->rule_cookie;
6167 xlate_report(ctx, OFT_THAW, "restored state: table=%"PRIu8", "
6168 "cookie=%#"PRIx64, a->rule_table_id, a->rule_cookie);
6169}
6170
9583bc14
EJ		 6171static void
6172do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len,
feee58b9 6173 struct xlate_ctx *ctx, bool is_last_action)
9583bc14 6174{
49a73e0c 6175 struct flow_wildcards *wc = ctx->wc;
33bf9176 6176 struct flow *flow = &ctx->xin->flow;
9583bc14
EJ		 6177 const struct ofpact *a;
6178
a36de779 6179 if (ovs_native_tunneling_is_on(ctx->xbridge->ofproto)) {
53902038 6180 tnl_neigh_snoop(flow, wc, ctx->xbridge->name);
a36de779 6181 }
f47ea021
JR		 6182 /* dl_type already in the mask, not set below. */
6183
2d9b49dd
BP		 6184 if (!ofpacts_len) {
6185 xlate_report(ctx, OFT_ACTION, "drop");
6186 return;
6187 }
6188
9583bc14
EJ		 6189 OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) {
6190 struct ofpact_controller *controller;
6191 const struct ofpact_metadata *metadata;
b2dd70be
JR		 6192 const struct ofpact_set_field *set_field;
6193 const struct mf_field *mf;
feee58b9
AZ		 6194 bool last = is_last_action && ofpact_last(a, ofpacts, ofpacts_len)
6195 && ctx->action_set.size;
9583bc14 6196
fff1b9c0
JR		 6197 if (ctx->error) {
6198 break;
6199 }
6200
e12ec36b
SH		 6201 recirc_for_mpls(a, ctx);
6202
e672ff9b
JR		 6203 if (ctx->exit) {
6204 /* Check if need to store the remaining actions for later
6205 * execution. */
1d361a81
BP		 6206 if (ctx->freezing) {
6207 freeze_unroll_actions(a, ofpact_end(ofpacts, ofpacts_len),
e672ff9b
JR		 6208 ctx);
6209 }
6210 break;
7bbdd84f
SH		 6211 }
6212
2d9b49dd
BP		 6213 if (OVS_UNLIKELY(ctx->xin->trace)) {
6214 struct ds s = DS_EMPTY_INITIALIZER;
50f96b10 6215 ofpacts_format(a, OFPACT_ALIGN(a->len), NULL, &s);
2d9b49dd
BP		 6216 xlate_report(ctx, OFT_ACTION, "%s", ds_cstr(&s));
6217 ds_destroy(&s);
6218 }
6219
9583bc14
EJ		 6220 switch (a->type) {
6221 case OFPACT_OUTPUT:
6222 xlate_output_action(ctx, ofpact_get_OUTPUT(a)->port,
8b496c72
BP		 6223 ofpact_get_OUTPUT(a)->max_len, true, last,
6224 false);
9583bc14
EJ		 6225 break;
6226
7395c052 6227 case OFPACT_GROUP:
feee58b9 6228 if (xlate_group_action(ctx, ofpact_get_GROUP(a)->group_id, last)) {
1d741d6d 6229 /* Group could not be found. */
db88b35c
JR		 6230
6231 /* XXX: Terminates action list translation, but does not
6232 * terminate the pipeline. */
f4fb341b
SH		 6233 return;
6234 }
7395c052
NZ		 6235 break;
6236
9583bc14
EJ		 6237 case OFPACT_CONTROLLER:
6238 controller = ofpact_get_CONTROLLER(a);
77ab5fd2
BP		 6239 if (controller->pause) {
6240 ctx->pause = controller;
6241 ctx->xout->slow |= SLOW_CONTROLLER;
0d3239e8 6242 *ctx->paused_flow = ctx->xin->flow;
77ab5fd2
BP		 6243 ctx_trigger_freeze(ctx);
6244 a = ofpact_next(a);
6245 } else {
6246 execute_controller_action(ctx, controller->max_len,
6247 controller->reason,
6248 controller->controller_id,
6249 controller->userdata,
6250 controller->userdata_len);
6251 }
9583bc14
EJ		 6252 break;
6253
6254 case OFPACT_ENQUEUE:
16194afd
DDP		 6255 memset(&wc->masks.skb_priority, 0xff,
6256 sizeof wc->masks.skb_priority);
feee58b9 6257 xlate_enqueue_action(ctx, ofpact_get_ENQUEUE(a), last);
9583bc14
EJ		 6258 break;
6259
6260 case OFPACT_SET_VLAN_VID:
f0fb825a
EG		 6261 wc->masks.vlans[0].tci |= htons(VLAN_VID_MASK | VLAN_CFI);
6262 if (flow->vlans[0].tci & htons(VLAN_CFI) ||
ca287d20 6263 ofpact_get_SET_VLAN_VID(a)->push_vlan_if_needed) {
f0fb825a
EG		 6264 if (!flow->vlans[0].tpid) {
6265 flow->vlans[0].tpid = htons(ETH_TYPE_VLAN);
6266 }
6267 flow->vlans[0].tci &= ~htons(VLAN_VID_MASK);
6268 flow->vlans[0].tci |=
6269 (htons(ofpact_get_SET_VLAN_VID(a)->vlan_vid) |
6270 htons(VLAN_CFI));
ca287d20 6271 }
9583bc14
EJ		 6272 break;
6273
6274 case OFPACT_SET_VLAN_PCP:
f0fb825a
EG		 6275 wc->masks.vlans[0].tci |= htons(VLAN_PCP_MASK | VLAN_CFI);
6276 if (flow->vlans[0].tci & htons(VLAN_CFI) ||
ca287d20 6277 ofpact_get_SET_VLAN_PCP(a)->push_vlan_if_needed) {
f0fb825a
EG		 6278 if (!flow->vlans[0].tpid) {
6279 flow->vlans[0].tpid = htons(ETH_TYPE_VLAN);
6280 }
6281 flow->vlans[0].tci &= ~htons(VLAN_PCP_MASK);
6282 flow->vlans[0].tci |=
6283 htons((ofpact_get_SET_VLAN_PCP(a)->vlan_pcp
6284 << VLAN_PCP_SHIFT) | VLAN_CFI);
ca287d20 6285 }
9583bc14
EJ		 6286 break;
6287
6288 case OFPACT_STRIP_VLAN:
f0fb825a 6289 flow_pop_vlan(flow, wc);
9583bc14
EJ		 6290 break;
6291
6292 case OFPACT_PUSH_VLAN:
f0fb825a
EG		 6293 flow_push_vlan_uninit(flow, wc);
6294 flow->vlans[0].tpid = ofpact_get_PUSH_VLAN(a)->ethertype;
6295 flow->vlans[0].tci = htons(VLAN_CFI);
9583bc14
EJ		 6296 break;
6297
6298 case OFPACT_SET_ETH_SRC:
74ff3298
JR		 6299 WC_MASK_FIELD(wc, dl_src);
6300 flow->dl_src = ofpact_get_SET_ETH_SRC(a)->mac;
9583bc14
EJ		 6301 break;
6302
6303 case OFPACT_SET_ETH_DST:
74ff3298
JR		 6304 WC_MASK_FIELD(wc, dl_dst);
6305 flow->dl_dst = ofpact_get_SET_ETH_DST(a)->mac;
9583bc14
EJ		 6306 break;
6307
6308 case OFPACT_SET_IPV4_SRC:
33bf9176 6309 if (flow->dl_type == htons(ETH_TYPE_IP)) {
f47ea021 6310 memset(&wc->masks.nw_src, 0xff, sizeof wc->masks.nw_src);
33bf9176 6311 flow->nw_src = ofpact_get_SET_IPV4_SRC(a)->ipv4;
9583bc14
EJ		 6312 }
6313 break;
6314
6315 case OFPACT_SET_IPV4_DST:
33bf9176 6316 if (flow->dl_type == htons(ETH_TYPE_IP)) {
f47ea021 6317 memset(&wc->masks.nw_dst, 0xff, sizeof wc->masks.nw_dst);
33bf9176 6318 flow->nw_dst = ofpact_get_SET_IPV4_DST(a)->ipv4;
9583bc14
EJ		 6319 }
6320 break;
6321
04f01c24
BP		 6322 case OFPACT_SET_IP_DSCP:
6323 if (is_ip_any(flow)) {
f47ea021 6324 wc->masks.nw_tos |= IP_DSCP_MASK;
33bf9176 6325 flow->nw_tos &= ~IP_DSCP_MASK;
04f01c24 6326 flow->nw_tos |= ofpact_get_SET_IP_DSCP(a)->dscp;
9583bc14
EJ		 6327 }
6328 break;
6329
ff14eb7a
JR		 6330 case OFPACT_SET_IP_ECN:
6331 if (is_ip_any(flow)) {
6332 wc->masks.nw_tos |= IP_ECN_MASK;
6333 flow->nw_tos &= ~IP_ECN_MASK;
6334 flow->nw_tos |= ofpact_get_SET_IP_ECN(a)->ecn;
6335 }
6336 break;
6337
0c20dbe4
JR		 6338 case OFPACT_SET_IP_TTL:
6339 if (is_ip_any(flow)) {
6340 wc->masks.nw_ttl = 0xff;
6341 flow->nw_ttl = ofpact_get_SET_IP_TTL(a)->ttl;
6342 }
6343 break;
6344
9583bc14 6345 case OFPACT_SET_L4_SRC_PORT:
b8778a0d 6346 if (is_ip_any(flow) && !(flow->nw_frag & FLOW_NW_FRAG_LATER)) {
f47ea021
JR		 6347 memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
6348 memset(&wc->masks.tp_src, 0xff, sizeof wc->masks.tp_src);
33bf9176 6349 flow->tp_src = htons(ofpact_get_SET_L4_SRC_PORT(a)->port);
9583bc14
EJ		 6350 }
6351 break;
6352
6353 case OFPACT_SET_L4_DST_PORT:
b8778a0d 6354 if (is_ip_any(flow) && !(flow->nw_frag & FLOW_NW_FRAG_LATER)) {
f47ea021
JR		 6355 memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
6356 memset(&wc->masks.tp_dst, 0xff, sizeof wc->masks.tp_dst);
33bf9176 6357 flow->tp_dst = htons(ofpact_get_SET_L4_DST_PORT(a)->port);
9583bc14
EJ		 6358 }
6359 break;
6360
6361 case OFPACT_RESUBMIT:
8bf009bf
JR		 6362 /* Freezing complicates resubmit. Some action in the flow
6363 * entry found by resubmit might trigger freezing. If that
6364 * happens, then we do not want to execute the resubmit again after
6365 * during thawing, so we want to skip back to the head of the loop
6366 * to avoid that, only adding any actions that follow the resubmit
6367 * to the frozen actions.
6b1c5734 6368 */
feee58b9 6369 xlate_ofpact_resubmit(ctx, ofpact_get_RESUBMIT(a), last);
6b1c5734 6370 continue;
9583bc14
EJ		 6371
6372 case OFPACT_SET_TUNNEL:
33bf9176 6373 flow->tunnel.tun_id = htonll(ofpact_get_SET_TUNNEL(a)->tun_id);
9583bc14
EJ		 6374 break;
6375
6376 case OFPACT_SET_QUEUE:
16194afd
DDP		 6377 memset(&wc->masks.skb_priority, 0xff,
6378 sizeof wc->masks.skb_priority);
9583bc14
EJ		 6379 xlate_set_queue_action(ctx, ofpact_get_SET_QUEUE(a)->queue_id);
6380 break;
6381
6382 case OFPACT_POP_QUEUE:
16194afd
DDP		 6383 memset(&wc->masks.skb_priority, 0xff,
6384 sizeof wc->masks.skb_priority);
2d9b49dd
BP		 6385 if (flow->skb_priority != ctx->orig_skb_priority) {
6386 flow->skb_priority = ctx->orig_skb_priority;
6387 xlate_report(ctx, OFT_DETAIL, "queue = %#"PRIx32,
6388 flow->skb_priority);
6389 }
9583bc14
EJ		 6390 break;
6391
6392 case OFPACT_REG_MOVE:
2d9b49dd 6393 xlate_ofpact_reg_move(ctx, ofpact_get_REG_MOVE(a));
9583bc14
EJ		 6394 break;
6395
b2dd70be
JR		 6396 case OFPACT_SET_FIELD:
6397 set_field = ofpact_get_SET_FIELD(a);
6398 mf = set_field->field;
b2dd70be 6399
aff49b8c
JR		 6400 /* Set the field only if the packet actually has it. */
6401 if (mf_are_prereqs_ok(mf, flow, wc)) {
128684a6
JR		 6402 mf_mask_field_masked(mf, ofpact_set_field_mask(set_field), wc);
6403 mf_set_flow_value_masked(mf, set_field->value,
6404 ofpact_set_field_mask(set_field),
6405 flow);
2d9b49dd
BP		 6406 } else {
6407 xlate_report(ctx, OFT_WARN,
6408 "unmet prerequisites for %s, set_field ignored",
6409 mf->name);
6410
b8778a0d 6411 }
b2dd70be
JR		 6412 break;
6413
9583bc14 6414 case OFPACT_STACK_PUSH:
33bf9176
BP		 6415 nxm_execute_stack_push(ofpact_get_STACK_PUSH(a), flow, wc,
6416 &ctx->stack);
9583bc14
EJ		 6417 break;
6418
6419 case OFPACT_STACK_POP:
2d9b49dd 6420 xlate_ofpact_stack_pop(ctx, ofpact_get_STACK_POP(a));
9583bc14
EJ		 6421 break;
6422
6423 case OFPACT_PUSH_MPLS:
8bfd0fda 6424 compose_mpls_push_action(ctx, ofpact_get_PUSH_MPLS(a));
9583bc14
EJ		 6425 break;
6426
6427 case OFPACT_POP_MPLS:
8bfd0fda 6428 compose_mpls_pop_action(ctx, ofpact_get_POP_MPLS(a)->ethertype);
9583bc14
EJ		 6429 break;
6430
097d4939 6431 case OFPACT_SET_MPLS_LABEL:
8bfd0fda
BP		 6432 compose_set_mpls_label_action(
6433 ctx, ofpact_get_SET_MPLS_LABEL(a)->label);
1d741d6d 6434 break;
097d4939
JR		 6435
6436 case OFPACT_SET_MPLS_TC:
8bfd0fda 6437 compose_set_mpls_tc_action(ctx, ofpact_get_SET_MPLS_TC(a)->tc);
097d4939
JR		 6438 break;
6439
9583bc14 6440 case OFPACT_SET_MPLS_TTL:
8bfd0fda 6441 compose_set_mpls_ttl_action(ctx, ofpact_get_SET_MPLS_TTL(a)->ttl);
9583bc14
EJ		 6442 break;
6443
6444 case OFPACT_DEC_MPLS_TTL:
9cfef3d0 6445 if (compose_dec_mpls_ttl_action(ctx)) {
ad3efdcb 6446 return;
9583bc14
EJ		 6447 }
6448 break;
6449
6450 case OFPACT_DEC_TTL:
f74e7df7 6451 wc->masks.nw_ttl = 0xff;
9583bc14 6452 if (compose_dec_ttl(ctx, ofpact_get_DEC_TTL(a))) {
ad3efdcb 6453 return;
9583bc14
EJ		 6454 }
6455 break;
6456
6457 case OFPACT_NOTE:
6458 /* Nothing to do. */
6459 break;
6460
6461 case OFPACT_MULTIPATH:
33bf9176 6462 multipath_execute(ofpact_get_MULTIPATH(a), flow, wc);
2d9b49dd 6463 xlate_report_subfield(ctx, &ofpact_get_MULTIPATH(a)->dst);
9583bc14
EJ		 6464 break;
6465
6466 case OFPACT_BUNDLE:
feee58b9 6467 xlate_bundle_action(ctx, ofpact_get_BUNDLE(a), last);
9583bc14
EJ		 6468 break;
6469
6470 case OFPACT_OUTPUT_REG:
feee58b9 6471 xlate_output_reg_action(ctx, ofpact_get_OUTPUT_REG(a), last);
9583bc14
EJ		 6472 break;
6473
aaca4fe0
WT		 6474 case OFPACT_OUTPUT_TRUNC:
6475 xlate_output_trunc_action(ctx, ofpact_get_OUTPUT_TRUNC(a)->port,
feee58b9 6476 ofpact_get_OUTPUT_TRUNC(a)->max_len, last);
aaca4fe0
WT		 6477 break;
6478
9583bc14
EJ		 6479 case OFPACT_LEARN:
6480 xlate_learn_action(ctx, ofpact_get_LEARN(a));
6481 break;
6482
2d9b49dd 6483 case OFPACT_CONJUNCTION:
afc3987b
BP		 6484 /* A flow with a "conjunction" action represents part of a special
6485 * kind of "set membership match". Such a flow should not actually
6486 * get executed, but it could via, say, a "packet-out", even though
6487 * that wouldn't be useful. Log it to help debugging. */
2d9b49dd 6488 xlate_report_error(ctx, "executing no-op conjunction action");
18080541
BP		 6489 break;
6490
9583bc14
EJ		 6491 case OFPACT_EXIT:
6492 ctx->exit = true;
6493 break;
6494
2d9b49dd
BP		 6495 case OFPACT_UNROLL_XLATE:
6496 xlate_ofpact_unroll_xlate(ctx, ofpact_get_UNROLL_XLATE(a));
e672ff9b 6497 break;
2d9b49dd 6498
9583bc14 6499 case OFPACT_FIN_TIMEOUT:
33bf9176 6500 memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
9583bc14
EJ		 6501 xlate_fin_timeout(ctx, ofpact_get_FIN_TIMEOUT(a));
6502 break;
6503
6504 case OFPACT_CLEAR_ACTIONS:
2d9b49dd 6505 xlate_report_action_set(ctx, "was");
7fdb60a7 6506 ofpbuf_clear(&ctx->action_set);
c61f3870
BP		 6507 ctx->xin->flow.actset_output = OFPP_UNSET;
6508 ctx->action_set_has_group = false;
7fdb60a7
SH		 6509 break;
6510
6511 case OFPACT_WRITE_ACTIONS:
7e7e8dbb 6512 xlate_write_actions(ctx, ofpact_get_WRITE_ACTIONS(a));
2d9b49dd 6513 xlate_report_action_set(ctx, "is");
9583bc14
EJ		 6514 break;
6515
6516 case OFPACT_WRITE_METADATA:
6517 metadata = ofpact_get_WRITE_METADATA(a);
33bf9176
BP		 6518 flow->metadata &= ~metadata->mask;
6519 flow->metadata |= metadata->metadata & metadata->mask;
9583bc14
EJ		 6520 break;
6521
638a19b0 6522 case OFPACT_METER:
076caa2f 6523 xlate_meter_action(ctx, ofpact_get_METER(a));
638a19b0
JR		 6524 break;
6525
9583bc14 6526 case OFPACT_GOTO_TABLE: {
9583bc14 6527 struct ofpact_goto_table *ogt = ofpact_get_GOTO_TABLE(a);
9583bc14 6528
9167fc1a
JR		 6529 ovs_assert(ctx->table_id < ogt->table_id);
6530
4468099e 6531 xlate_table_action(ctx, ctx->xin->flow.in_port.ofp_port,
96c3a6e5
AZ		 6532 ogt->table_id, true, true, false, last,
6533 do_xlate_actions);
9583bc14
EJ		 6534 break;
6535 }
6536
6537 case OFPACT_SAMPLE:
6538 xlate_sample_action(ctx, ofpact_get_SAMPLE(a));
6539 break;
d4abaff5 6540
7ae62a67 6541 case OFPACT_CLONE:
feee58b9 6542 compose_clone(ctx, ofpact_get_CLONE(a), last);
7ae62a67
WT		 6543 break;
6544
f839892a
JS		 6545 case OFPACT_ENCAP:
6546 xlate_generic_encap_action(ctx, ofpact_get_ENCAP(a));
6547 break;
6548
6549 case OFPACT_DECAP: {
6550 bool recirc_needed =
6551 xlate_generic_decap_action(ctx, ofpact_get_DECAP(a));
6552 if (!ctx->error && recirc_needed) {
6553 /* Recirculate for parsing of inner packet. */
6554 ctx_trigger_freeze(ctx);
6555 /* Then continue with next action. */
6556 a = ofpact_next(a);
6557 }
6558 break;
6559 }
6560
07659514 6561 case OFPACT_CT:
feee58b9 6562 compose_conntrack_action(ctx, ofpact_get_CT(a), last);
07659514
JS		 6563 break;
6564
72fe7578
BP		 6565 case OFPACT_CT_CLEAR:
6566 clear_conntrack(ctx);
6567 break;
6568
9ac0aada
JR		 6569 case OFPACT_NAT:
6570 /* This will be processed by compose_conntrack_action(). */
6571 ctx->ct_nat_action = ofpact_get_NAT(a);
6572 break;
6573
d4abaff5 6574 case OFPACT_DEBUG_RECIRC:
1d361a81 6575 ctx_trigger_freeze(ctx);
d4abaff5
BP		 6576 a = ofpact_next(a);
6577 break;
9583bc14 6578 }
1d741d6d
JR		 6579
6580 /* Check if need to store this and the remaining actions for later
6581 * execution. */
1d361a81
BP		 6582 if (!ctx->error && ctx->exit && ctx_first_frozen_action(ctx)) {
6583 freeze_unroll_actions(a, ofpact_end(ofpacts, ofpacts_len), ctx);
1d741d6d
JR		 6584 break;
6585 }
9583bc14 6586 }
9583bc14
EJ		 6587}
6588
6589void
6590xlate_in_init(struct xlate_in *xin, struct ofproto_dpif *ofproto,
1f4a8933
JR		 6591 ovs_version_t version, const struct flow *flow,
6592 ofp_port_t in_port, struct rule_dpif *rule, uint16_t tcp_flags,
1520ef4f
BP		 6593 const struct dp_packet *packet, struct flow_wildcards *wc,
6594 struct ofpbuf *odp_actions)
9583bc14
EJ		 6595{
6596 xin->ofproto = ofproto;
1f4a8933 6597 xin->tables_version = version;
9583bc14 6598 xin->flow = *flow;
8d8ab6c2 6599 xin->upcall_flow = flow;
cc377352 6600 xin->flow.in_port.ofp_port = in_port;
c61f3870 6601 xin->flow.actset_output = OFPP_UNSET;
9583bc14 6602 xin->packet = packet;
df70a773 6603 xin->allow_side_effects = packet != NULL;
9583bc14 6604 xin->rule = rule;
b256dc52 6605 xin->xcache = NULL;
9583bc14
EJ		 6606 xin->ofpacts = NULL;
6607 xin->ofpacts_len = 0;
6608 xin->tcp_flags = tcp_flags;
2d9b49dd 6609 xin->trace = NULL;
9583bc14 6610 xin->resubmit_stats = NULL;
790c5d26 6611 xin->depth = 0;
cdd42eda 6612 xin->resubmits = 0;
49a73e0c 6613 xin->wc = wc;
1520ef4f 6614 xin->odp_actions = odp_actions;
331c07ac 6615 xin->in_packet_out = false;
e6bc8e74 6616 xin->recirc_queue = NULL;
e672ff9b
JR		 6617
6618 /* Do recirc lookup. */
1d361a81 6619 xin->frozen_state = NULL;
29b1ea3f
BP		 6620 if (flow->recirc_id) {
6621 const struct recirc_id_node *node
6622 = recirc_id_node_find(flow->recirc_id);
6623 if (node) {
1d361a81 6624 xin->frozen_state = &node->state;
29b1ea3f
BP		 6625 }
6626 }
9583bc14
EJ		 6627}
6628
6629void
6630xlate_out_uninit(struct xlate_out *xout)
6631{
e672ff9b 6632 if (xout) {
fbf5d6ec 6633 recirc_refs_unref(&xout->recircs);
9583bc14
EJ		 6634 }
6635}
9583bc14 6636\f
55954f6e
EJ		 6637static struct skb_priority_to_dscp *
6638get_skb_priority(const struct xport *xport, uint32_t skb_priority)
6639{
6640 struct skb_priority_to_dscp *pdscp;
6641 uint32_t hash;
6642
6643 hash = hash_int(skb_priority, 0);
6644 HMAP_FOR_EACH_IN_BUCKET (pdscp, hmap_node, hash, &xport->skb_priorities) {
6645 if (pdscp->skb_priority == skb_priority) {
6646 return pdscp;
6647 }
6648 }
6649 return NULL;
6650}
6651
6652static bool
6653dscp_from_skb_priority(const struct xport *xport, uint32_t skb_priority,
6654 uint8_t *dscp)
6655{
6656 struct skb_priority_to_dscp *pdscp = get_skb_priority(xport, skb_priority);
6657 *dscp = pdscp ? pdscp->dscp : 0;
6658 return pdscp != NULL;
6659}
6660
16194afd
DDP		 6661static size_t
6662count_skb_priorities(const struct xport *xport)
6663{
6664 return hmap_count(&xport->skb_priorities);
6665}
6666
55954f6e
EJ		 6667static void
6668clear_skb_priorities(struct xport *xport)
6669{
4ec3d7c7 6670 struct skb_priority_to_dscp *pdscp;
55954f6e 6671
4ec3d7c7 6672 HMAP_FOR_EACH_POP (pdscp, hmap_node, &xport->skb_priorities) {
55954f6e
EJ		 6673 free(pdscp);
6674 }
6675}
6676
ce4a6b76
BP		 6677static bool
6678actions_output_to_local_port(const struct xlate_ctx *ctx)
6679{
46c88433 6680 odp_port_t local_odp_port = ofp_port_to_odp_port(ctx->xbridge, OFPP_LOCAL);
ce4a6b76
BP		 6681 const struct nlattr *a;
6682 unsigned int left;
6683
1520ef4f
BP		 6684 NL_ATTR_FOR_EACH_UNSAFE (a, left, ctx->odp_actions->data,
6685 ctx->odp_actions->size) {
ce4a6b76
BP		 6686 if (nl_attr_type(a) == OVS_ACTION_ATTR_OUTPUT
6687 && nl_attr_get_odp_port(a) == local_odp_port) {
6688 return true;
6689 }
6690 }
6691 return false;
6692}
9583bc14 6693
5e2a6702 6694#if defined(__linux__)
7d031d7e
BP		 6695/* Returns the maximum number of packets that the Linux kernel is willing to
6696 * queue up internally to certain kinds of software-implemented ports, or the
6697 * default (and rarely modified) value if it cannot be determined. */
6698static int
6699netdev_max_backlog(void)
6700{
6701 static struct ovsthread_once once = OVSTHREAD_ONCE_INITIALIZER;
6702 static int max_backlog = 1000; /* The normal default value. */
6703
6704 if (ovsthread_once_start(&once)) {
6705 static const char filename[] = "/proc/sys/net/core/netdev_max_backlog";
6706 FILE *stream;
6707 int n;
6708
6709 stream = fopen(filename, "r");
6710 if (!stream) {
120c348f 6711 VLOG_INFO("%s: open failed (%s)", filename, ovs_strerror(errno));
7d031d7e
BP		 6712 } else {
6713 if (fscanf(stream, "%d", &n) != 1) {
6714 VLOG_WARN("%s: read error", filename);
6715 } else if (n <= 100) {
6716 VLOG_WARN("%s: unexpectedly small value %d", filename, n);
6717 } else {
6718 max_backlog = n;
6719 }
6720 fclose(stream);
6721 }
6722 ovsthread_once_done(&once);
6723
6724 VLOG_DBG("%s: using %d max_backlog", filename, max_backlog);
6725 }
6726
6727 return max_backlog;
6728}
6729
6730/* Counts and returns the number of OVS_ACTION_ATTR_OUTPUT actions in
6731 * 'odp_actions'. */
6732static int
6733count_output_actions(const struct ofpbuf *odp_actions)
6734{
6735 const struct nlattr *a;
6736 size_t left;
6737 int n = 0;
6738
6fd6ed71 6739 NL_ATTR_FOR_EACH_UNSAFE (a, left, odp_actions->data, odp_actions->size) {
7d031d7e
BP		 6740 if (a->nla_type == OVS_ACTION_ATTR_OUTPUT) {
6741 n++;
6742 }
6743 }
6744 return n;
6745}
5e2a6702 6746#endif /* defined(__linux__) */
7d031d7e
BP		 6747
6748/* Returns true if 'odp_actions' contains more output actions than the datapath
6749 * can reliably handle in one go. On Linux, this is the value of the
6750 * net.core.netdev_max_backlog sysctl, which limits the maximum number of
6751 * packets that the kernel is willing to queue up for processing while the
6752 * datapath is processing a set of actions. */
6753static bool
5e2a6702 6754too_many_output_actions(const struct ofpbuf *odp_actions OVS_UNUSED)
7d031d7e
BP		 6755{
6756#ifdef __linux__
6fd6ed71 6757 return (odp_actions->size / NL_A_U32_SIZE > netdev_max_backlog()
7d031d7e
BP		 6758 && count_output_actions(odp_actions) > netdev_max_backlog());
6759#else
6760 /* OSes other than Linux might have similar limits, but we don't know how
6761 * to determine them.*/
6762 return false;
6763#endif
6764}
6765
234c3da9
BP		 6766static void
6767xlate_wc_init(struct xlate_ctx *ctx)
6768{
6769 flow_wildcards_init_catchall(ctx->wc);
6770
6771 /* Some fields we consider to always be examined. */
3d4b2e6e 6772 WC_MASK_FIELD(ctx->wc, packet_type);
5e2e998a 6773 WC_MASK_FIELD(ctx->wc, in_port);
3d4b2e6e
JS		 6774 if (is_ethernet(&ctx->xin->flow, NULL)) {
6775 WC_MASK_FIELD(ctx->wc, dl_type);
6776 }
234c3da9 6777 if (is_ip_any(&ctx->xin->flow)) {
5e2e998a 6778 WC_MASK_FIELD_MASK(ctx->wc, nw_frag, FLOW_NW_FRAG_MASK);
234c3da9
BP		 6779 }
6780
6781 if (ctx->xbridge->support.odp.recirc) {
6782 /* Always exactly match recirc_id when datapath supports
6783 * recirculation. */
5e2e998a 6784 WC_MASK_FIELD(ctx->wc, recirc_id);
234c3da9
BP		 6785 }
6786
6787 if (ctx->xbridge->netflow) {
6788 netflow_mask_wc(&ctx->xin->flow, ctx->wc);
6789 }
6790
6791 tnl_wc_init(&ctx->xin->flow, ctx->wc);
6792}
6793
6794static void
6795xlate_wc_finish(struct xlate_ctx *ctx)
6796{
f0fb825a
EG		 6797 int i;
6798
234c3da9
BP		 6799 /* Clear the metadata and register wildcard masks, because we won't
6800 * use non-header fields as part of the cache. */
6801 flow_wildcards_clear_non_packet_fields(ctx->wc);
6802
f839892a 6803 /* Wildcard ethernet fields if the original packet type was not
beb75a40
JS		 6804 * Ethernet. */
6805 if (ctx->xin->upcall_flow->packet_type != htonl(PT_ETH)) {
6806 ctx->wc->masks.dl_dst = eth_addr_zero;
6807 ctx->wc->masks.dl_src = eth_addr_zero;
3d4b2e6e 6808 ctx->wc->masks.dl_type = 0;
beb75a40
JS		 6809 }
6810
234c3da9
BP		 6811 /* ICMPv4 and ICMPv6 have 8-bit "type" and "code" fields. struct flow
6812 * uses the low 8 bits of the 16-bit tp_src and tp_dst members to
6813 * represent these fields. The datapath interface, on the other hand,
6814 * represents them with just 8 bits each. This means that if the high
6815 * 8 bits of the masks for these fields somehow become set, then they
6816 * will get chopped off by a round trip through the datapath, and
6817 * revalidation will spot that as an inconsistency and delete the flow.
6818 * Avoid the problem here by making sure that only the low 8 bits of
6819 * either field can be unwildcarded for ICMP.
6820 */
a75636c8 6821 if (is_icmpv4(&ctx->xin->flow, NULL) || is_icmpv6(&ctx->xin->flow, NULL)) {
234c3da9
BP		 6822 ctx->wc->masks.tp_src &= htons(UINT8_MAX);
6823 ctx->wc->masks.tp_dst &= htons(UINT8_MAX);
6824 }
6825 /* VLAN_TCI CFI bit must be matched if any of the TCI is matched. */
f0fb825a
EG		 6826 for (i = 0; i < FLOW_MAX_VLAN_HEADERS; i++) {
6827 if (ctx->wc->masks.vlans[i].tci) {
6828 ctx->wc->masks.vlans[i].tci |= htons(VLAN_CFI);
6829 }
234c3da9 6830 }
4a7ab326
DDP		 6831
6832 /* The classifier might return masks that match on tp_src and tp_dst even
6833 * for later fragments. This happens because there might be flows that
6834 * match on tp_src or tp_dst without matching on the frag bits, because
6835 * it is not a prerequisite for OpenFlow. Since it is a prerequisite for
6836 * datapath flows and since tp_src and tp_dst are always going to be 0,
6837 * wildcard the fields here. */
6838 if (ctx->xin->flow.nw_frag & FLOW_NW_FRAG_LATER) {
6839 ctx->wc->masks.tp_src = 0;
6840 ctx->wc->masks.tp_dst = 0;
6841 }
234c3da9
BP		 6842}
6843
e672ff9b
JR		 6844/* Translates the flow, actions, or rule in 'xin' into datapath actions in
6845 * 'xout'.
56450a41 6846 * The caller must take responsibility for eventually freeing 'xout', with
fff1b9c0
JR		 6847 * xlate_out_uninit().
6848 * Returns 'XLATE_OK' if translation was successful. In case of an error an
6849 * empty set of actions will be returned in 'xin->odp_actions' (if non-NULL),
6850 * so that most callers may ignore the return value and transparently install a
6851 * drop flow when the translation fails. */
6852enum xlate_error
84f0f298 6853xlate_actions(struct xlate_in *xin, struct xlate_out *xout)
9583bc14 6854{
e467ea42
BP		 6855 *xout = (struct xlate_out) {
6856 .slow = 0,
fbf5d6ec 6857 .recircs = RECIRC_REFS_EMPTY_INITIALIZER,
e467ea42
BP		 6858 };
6859
84f0f298 6860 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
bb00fdef
BP		 6861 struct xbridge *xbridge = xbridge_lookup(xcfg, xin->ofproto);
6862 if (!xbridge) {
fff1b9c0 6863 return XLATE_BRIDGE_NOT_FOUND;
bb00fdef
BP		 6864 }
6865
33bf9176
BP		 6866 struct flow *flow = &xin->flow;
6867
84cf3c1f 6868 uint8_t stack_stub[1024];
bb00fdef 6869 uint64_t action_set_stub[1024 / 8];
1d361a81 6870 uint64_t frozen_actions_stub[1024 / 8];
1520ef4f
BP		 6871 uint64_t actions_stub[256 / 8];
6872 struct ofpbuf scratch_actions = OFPBUF_STUB_INITIALIZER(actions_stub);
0d3239e8 6873 struct flow paused_flow;
bb00fdef
BP		 6874 struct xlate_ctx ctx = {
6875 .xin = xin,
6876 .xout = xout,
6877 .base_flow = *flow,
c2b878e0 6878 .orig_tunnel_ipv6_dst = flow_tnl_dst(&flow->tunnel),
bb00fdef
BP		 6879 .xbridge = xbridge,
6880 .stack = OFPBUF_STUB_INITIALIZER(stack_stub),
6881 .rule = xin->rule,
c0e638aa
BP		 6882 .wc = (xin->wc
6883 ? xin->wc
f36efd90 6884 : &(struct flow_wildcards) { .masks = { .dl_type = 0 } }),
1520ef4f 6885 .odp_actions = xin->odp_actions ? xin->odp_actions : &scratch_actions,
bb00fdef 6886
790c5d26 6887 .depth = xin->depth,
cdd42eda 6888 .resubmits = xin->resubmits,
bb00fdef
BP		 6889 .in_group = false,
6890 .in_action_set = false,
331c07ac 6891 .in_packet_out = xin->in_packet_out,
f839892a 6892 .pending_encap = false,
1fc11c59 6893 .encap_data = NULL,
bb00fdef
BP		 6894
6895 .table_id = 0,
6896 .rule_cookie = OVS_BE64_MAX,
6897 .orig_skb_priority = flow->skb_priority,
6898 .sflow_n_outputs = 0,
6899 .sflow_odp_port = 0,
2031ef97 6900 .nf_output_iface = NF_OUT_DROP,
bb00fdef 6901 .exit = false,
fff1b9c0 6902 .error = XLATE_OK,
3d6151f3 6903 .mirrors = 0,
bb00fdef 6904
1d361a81 6905 .freezing = false,
53cc166a 6906 .recirc_update_dp_hash = false,
1d361a81 6907 .frozen_actions = OFPBUF_STUB_INITIALIZER(frozen_actions_stub),
77ab5fd2 6908 .pause = NULL,
0d3239e8 6909 .paused_flow = &paused_flow,
bb00fdef 6910
e12ec36b 6911 .was_mpls = false,
07659514 6912 .conntracked = false,
bb00fdef 6913
9ac0aada
JR		 6914 .ct_nat_action = NULL,
6915
bb00fdef
BP		 6916 .action_set_has_group = false,
6917 .action_set = OFPBUF_STUB_INITIALIZER(action_set_stub),
6918 };
865ca6cf
BP		 6919
6920 /* 'base_flow' reflects the packet as it came in, but we need it to reflect
42deb67d
PS		 6921 * the packet as the datapath will treat it for output actions. Our
6922 * datapath doesn't retain tunneling information without us re-setting
6923 * it, so clear the tunnel data.
865ca6cf 6924 */
42deb67d 6925
bb00fdef 6926 memset(&ctx.base_flow.tunnel, 0, sizeof ctx.base_flow.tunnel);
865ca6cf 6927
1520ef4f 6928 ofpbuf_reserve(ctx.odp_actions, NL_A_U32_SIZE);
c0e638aa 6929 xlate_wc_init(&ctx);
bb00fdef 6930
46c88433 6931 COVERAGE_INC(xlate_actions);
9583bc14 6932
2d9b49dd
BP		 6933 xin->trace = xlate_report(&ctx, OFT_BRIDGE, "bridge(\"%s\")",
6934 xbridge->name);
1d361a81
BP		 6935 if (xin->frozen_state) {
6936 const struct frozen_state *state = xin->frozen_state;
e672ff9b 6937
2d9b49dd
BP		 6938 struct ovs_list *old_trace = xin->trace;
6939 xin->trace = xlate_report(&ctx, OFT_THAW, "thaw");
d6bef3cc 6940
e672ff9b 6941 if (xin->ofpacts_len > 0 || ctx.rule) {
2d9b49dd
BP		 6942 xlate_report_error(&ctx, "Recirculation conflict (%s)!",
6943 xin->ofpacts_len ? "actions" : "rule");
fff1b9c0 6944 ctx.error = XLATE_RECIRCULATION_CONFLICT;
1520ef4f 6945 goto exit;
e672ff9b
JR		 6946 }
6947
6948 /* Set the bridge for post-recirculation processing if needed. */
07a3cd5c 6949 if (!uuid_equals(&ctx.xbridge->ofproto->uuid, &state->ofproto_uuid)) {
2082425c 6950 const struct xbridge *new_bridge
290835f9 6951 = xbridge_lookup_by_uuid(xcfg, &state->ofproto_uuid);
e672ff9b
JR		 6952
6953 if (OVS_UNLIKELY(!new_bridge)) {
6954 /* Drop the packet if the bridge cannot be found. */
2d9b49dd 6955 xlate_report_error(&ctx, "Frozen bridge no longer exists.");
fff1b9c0 6956 ctx.error = XLATE_BRIDGE_NOT_FOUND;
2d9b49dd 6957 xin->trace = old_trace;
1520ef4f 6958 goto exit;
e672ff9b
JR		 6959 }
6960 ctx.xbridge = new_bridge;
1f4a8933
JR		 6961 /* The bridge is now known so obtain its table version. */
6962 ctx.xin->tables_version
6963 = ofproto_dpif_get_tables_version(ctx.xbridge->ofproto);
e672ff9b
JR		 6964 }
6965
1d361a81
BP		 6966 /* Set the thawed table id. Note: A table lookup is done only if there
6967 * are no frozen actions. */
2082425c 6968 ctx.table_id = state->table_id;
2d9b49dd
BP		 6969 xlate_report(&ctx, OFT_THAW,
6970 "Resuming from table %"PRIu8, ctx.table_id);
e672ff9b 6971
40b0fbd3 6972 ctx.conntracked = state->conntracked;
07659514 6973 if (!state->conntracked) {
72fe7578 6974 clear_conntrack(&ctx);
07659514
JS		 6975 }
6976
e672ff9b 6977 /* Restore pipeline metadata. May change flow's in_port and other
1d361a81
BP		 6978 * metadata to the values that existed when freezing was triggered. */
6979 frozen_metadata_to_flow(&state->metadata, flow);
e672ff9b
JR		 6980
6981 /* Restore stack, if any. */
2082425c 6982 if (state->stack) {
84cf3c1f 6983 ofpbuf_put(&ctx.stack, state->stack, state->stack_size);
e672ff9b
JR		 6984 }
6985
29bae541
BP		 6986 /* Restore mirror state. */
6987 ctx.mirrors = state->mirrors;
6988
e672ff9b 6989 /* Restore action set, if any. */
2082425c 6990 if (state->action_set_len) {
2d9b49dd 6991 xlate_report_actions(&ctx, OFT_THAW, "Restoring action set",
417509fa 6992 state->action_set, state->action_set_len);
d6bef3cc 6993
7e7e8dbb
BP		 6994 flow->actset_output = OFPP_UNSET;
6995 xlate_write_actions__(&ctx, state->action_set,
6996 state->action_set_len);
e672ff9b
JR		 6997 }
6998
1d361a81
BP		 6999 /* Restore frozen actions. If there are no actions, processing will
7000 * start with a lookup in the table set above. */
417509fa
BP		 7001 xin->ofpacts = state->ofpacts;
7002 xin->ofpacts_len = state->ofpacts_len;
7003 if (state->ofpacts_len) {
2d9b49dd 7004 xlate_report_actions(&ctx, OFT_THAW, "Restoring actions",
d6bef3cc 7005 xin->ofpacts, xin->ofpacts_len);
e672ff9b 7006 }
e672ff9b 7007
2d9b49dd
BP		 7008 xin->trace = old_trace;
7009 } else if (OVS_UNLIKELY(flow->recirc_id)) {
7010 xlate_report_error(&ctx,
7011 "Recirculation context not found for ID %"PRIx32,
7012 flow->recirc_id);
fff1b9c0 7013 ctx.error = XLATE_NO_RECIRCULATION_CONTEXT;
1520ef4f 7014 goto exit;
e672ff9b 7015 }
9583bc14 7016
8d8ab6c2
JG		 7017 /* Tunnel metadata in udpif format must be normalized before translation. */
7018 if (flow->tunnel.flags & FLOW_TNL_F_UDPIF) {
5b09d9f7
MS		 7019 const struct tun_table *tun_tab = ofproto_get_tun_tab(
7020 &ctx.xbridge->ofproto->up);
8d8ab6c2
JG		 7021 int err;
7022
7023 err = tun_metadata_from_geneve_udpif(tun_tab, &xin->upcall_flow->tunnel,
7024 &xin->upcall_flow->tunnel,
7025 &flow->tunnel);
7026 if (err) {
2d9b49dd 7027 xlate_report_error(&ctx, "Invalid Geneve tunnel metadata");
8d8ab6c2
JG		 7028 ctx.error = XLATE_INVALID_TUNNEL_METADATA;
7029 goto exit;
7030 }
7031 } else if (!flow->tunnel.metadata.tab) {
7032 /* If the original flow did not come in on a tunnel, then it won't have
7033 * FLOW_TNL_F_UDPIF set. However, we still need to have a metadata
7034 * table in case we generate tunnel actions. */
5b09d9f7
MS		 7035 flow->tunnel.metadata.tab = ofproto_get_tun_tab(
7036 &ctx.xbridge->ofproto->up);
8d8ab6c2
JG		 7037 }
7038 ctx.wc->masks.tunnel.metadata.tab = flow->tunnel.metadata.tab;
7039
beb75a40
JS		 7040 /* Get the proximate input port of the packet. (If xin->frozen_state,
7041 * flow->in_port is the ultimate input port of the packet.) */
7042 struct xport *in_port = get_ofp_port(xbridge,
7043 ctx.base_flow.in_port.ofp_port);
7044
875ab130
BP		 7045 if (flow->packet_type != htonl(PT_ETH) && in_port &&
7046 in_port->pt_mode == NETDEV_PT_LEGACY_L3 && ctx.table_id == 0) {
beb75a40
JS		 7047 /* Add dummy Ethernet header to non-L2 packet if it's coming from a
7048 * L3 port. So all packets will be L2 packets for lookup.
7049 * The dl_type has already been set from the packet_type. */
7050 flow->packet_type = htonl(PT_ETH);
7051 flow->dl_src = eth_addr_zero;
7052 flow->dl_dst = eth_addr_zero;
f839892a 7053 ctx.pending_encap = true;
beb75a40
JS		 7054 }
7055
10c44245 7056 if (!xin->ofpacts && !ctx.rule) {
b2e89cc9 7057 ctx.rule = rule_dpif_lookup_from_table(
1f4a8933 7058 ctx.xbridge->ofproto, ctx.xin->tables_version, flow, ctx.wc,
1e1e1d19 7059 ctx.xin->resubmit_stats, &ctx.table_id,
a027899e 7060 flow->in_port.ofp_port, true, true, ctx.xin->xcache);
10c44245 7061 if (ctx.xin->resubmit_stats) {
b2e89cc9 7062 rule_dpif_credit_stats(ctx.rule, ctx.xin->resubmit_stats);
10c44245 7063 }
b256dc52
JS		 7064 if (ctx.xin->xcache) {
7065 struct xc_entry *entry;
7066
7067 entry = xlate_cache_add_entry(ctx.xin->xcache, XC_RULE);
901a517e 7068 entry->rule = ctx.rule;
07a3cd5c 7069 ofproto_rule_ref(&ctx.rule->up);
b256dc52 7070 }
a8c31348 7071
2d9b49dd 7072 xlate_report_table(&ctx, ctx.rule, ctx.table_id);
10c44245 7073 }
10c44245 7074
1d361a81
BP		 7075 /* Tunnel stats only for not-thawed packets. */
7076 if (!xin->frozen_state && in_port && in_port->is_tunnel) {
b256dc52
JS		 7077 if (ctx.xin->resubmit_stats) {
7078 netdev_vport_inc_rx(in_port->netdev, ctx.xin->resubmit_stats);
7079 if (in_port->bfd) {
7080 bfd_account_rx(in_port->bfd, ctx.xin->resubmit_stats);
7081 }
7082 }
7083 if (ctx.xin->xcache) {
7084 struct xc_entry *entry;
7085
7086 entry = xlate_cache_add_entry(ctx.xin->xcache, XC_NETDEV);
901a517e
JR		 7087 entry->dev.rx = netdev_ref(in_port->netdev);
7088 entry->dev.bfd = bfd_ref(in_port->bfd);
d6fc5f57
EJ		 7089 }
7090 }
7091
1d361a81 7092 if (!xin->frozen_state && process_special(&ctx, in_port)) {
bef1403e
BP		 7093 /* process_special() did all the processing for this packet.
7094 *
1d361a81
BP		 7095 * We do not perform special processing on thawed packets, since that
7096 * was done before they were frozen and should not be redone. */
bef1403e
BP		 7097 } else if (in_port && in_port->xbundle
7098 && xbundle_mirror_out(xbridge, in_port->xbundle)) {
2d9b49dd
BP		 7099 xlate_report_error(&ctx, "dropping packet received on port "
7100 "%s, which is reserved exclusively for mirroring",
7101 in_port->xbundle->name);
bef1403e 7102 } else {
1d361a81 7103 /* Sampling is done on initial reception; don't redo after thawing. */
a6092018 7104 unsigned int user_cookie_offset = 0;
1d361a81 7105 if (!xin->frozen_state) {
a6092018
BP		 7106 user_cookie_offset = compose_sflow_action(&ctx);
7107 compose_ipfix_action(&ctx, ODPP_NONE);
e672ff9b 7108 }
0731abc5 7109 size_t sample_actions_len = ctx.odp_actions->size;
9583bc14 7110
234c3da9
BP		 7111 if (tnl_process_ecn(flow)
7112 && (!in_port || may_receive(in_port, &ctx))) {
1806291d
BP		 7113 const struct ofpact *ofpacts;
7114 size_t ofpacts_len;
7115
7116 if (xin->ofpacts) {
7117 ofpacts = xin->ofpacts;
7118 ofpacts_len = xin->ofpacts_len;
7119 } else if (ctx.rule) {
7120 const struct rule_actions *actions
07a3cd5c 7121 = rule_get_actions(&ctx.rule->up);
1806291d
BP		 7122 ofpacts = actions->ofpacts;
7123 ofpacts_len = actions->ofpacts_len;
07a3cd5c 7124 ctx.rule_cookie = ctx.rule->up.flow_cookie;
1806291d
BP		 7125 } else {
7126 OVS_NOT_REACHED();
7127 }
7128
7efbc3b7 7129 mirror_ingress_packet(&ctx);
feee58b9 7130 do_xlate_actions(ofpacts, ofpacts_len, &ctx, true);
fff1b9c0
JR		 7131 if (ctx.error) {
7132 goto exit;
7133 }
9583bc14
EJ		 7134
7135 /* We've let OFPP_NORMAL and the learning action look at the
1d361a81 7136 * packet, so cancel all actions and freezing if forwarding is
8a5fb3b4 7137 * disabled. */
9efd308e
DV		 7138 if (in_port && (!xport_stp_forward_state(in_port) ||
7139 !xport_rstp_forward_state(in_port))) {
1520ef4f 7140 ctx.odp_actions->size = sample_actions_len;
1d361a81 7141 ctx_cancel_freeze(&ctx);
8a5fb3b4
BP		 7142 ofpbuf_clear(&ctx.action_set);
7143 }
7144
1d361a81 7145 if (!ctx.freezing) {
8a5fb3b4 7146 xlate_action_set(&ctx);
e672ff9b 7147 }
1d361a81 7148 if (ctx.freezing) {
77ab5fd2 7149 finish_freezing(&ctx);
9583bc14
EJ		 7150 }
7151 }
7152
e672ff9b 7153 /* Output only fully processed packets. */
1d361a81 7154 if (!ctx.freezing
e672ff9b 7155 && xbridge->has_in_band
ce4a6b76
BP		 7156 && in_band_must_output_to_local_port(flow)
7157 && !actions_output_to_local_port(&ctx)) {
11938578 7158 compose_output_action(&ctx, OFPP_LOCAL, NULL, false, false);
9583bc14 7159 }
aaa0fbae 7160
a6092018
BP		 7161 if (user_cookie_offset) {
7162 fix_sflow_action(&ctx, user_cookie_offset);
e672ff9b 7163 }
9583bc14
EJ		 7164 }
7165
1520ef4f 7166 if (nl_attr_oversized(ctx.odp_actions->size)) {
542024c4 7167 /* These datapath actions are too big for a Netlink attribute, so we
0f032e95
BP		 7168 * can't hand them to the kernel directly. dpif_execute() can execute
7169 * them one by one with help, so just mark the result as SLOW_ACTION to
7170 * prevent the flow from being installed. */
7171 COVERAGE_INC(xlate_actions_oversize);
7172 ctx.xout->slow |= SLOW_ACTION;
1520ef4f 7173 } else if (too_many_output_actions(ctx.odp_actions)) {
7d031d7e
BP		 7174 COVERAGE_INC(xlate_actions_too_many_output);
7175 ctx.xout->slow |= SLOW_ACTION;
542024c4
BP		 7176 }
7177
64fb5f82
JP		 7178 /* Update NetFlow for non-frozen traffic. */
7179 if (xbridge->netflow && !xin->frozen_state) {
1806291d
BP		 7180 if (ctx.xin->resubmit_stats) {
7181 netflow_flow_update(xbridge->netflow, flow,
2031ef97 7182 ctx.nf_output_iface,
1806291d
BP		 7183 ctx.xin->resubmit_stats);
7184 }
7185 if (ctx.xin->xcache) {
7186 struct xc_entry *entry;
b256dc52 7187
1806291d 7188 entry = xlate_cache_add_entry(ctx.xin->xcache, XC_NETFLOW);
901a517e
JR		 7189 entry->nf.netflow = netflow_ref(xbridge->netflow);
7190 entry->nf.flow = xmemdup(flow, sizeof *flow);
7191 entry->nf.iface = ctx.nf_output_iface;
d6fc5f57
EJ		 7192 }
7193 }
7194
8d8ab6c2
JG		 7195 /* Translate tunnel metadata masks to udpif format if necessary. */
7196 if (xin->upcall_flow->tunnel.flags & FLOW_TNL_F_UDPIF) {
7197 if (ctx.wc->masks.tunnel.metadata.present.map) {
7198 const struct flow_tnl *upcall_tnl = &xin->upcall_flow->tunnel;
7199 struct geneve_opt opts[TLV_TOT_OPT_SIZE /
7200 sizeof(struct geneve_opt)];
7201
7202 tun_metadata_to_geneve_udpif_mask(&flow->tunnel,
7203 &ctx.wc->masks.tunnel,
7204 upcall_tnl->metadata.opts.gnv,
7205 upcall_tnl->metadata.present.len,
7206 opts);
7207 memset(&ctx.wc->masks.tunnel.metadata, 0,
7208 sizeof ctx.wc->masks.tunnel.metadata);
7209 memcpy(&ctx.wc->masks.tunnel.metadata.opts.gnv, opts,
7210 upcall_tnl->metadata.present.len);
7211 }
7212 ctx.wc->masks.tunnel.metadata.present.len = 0xff;
7213 ctx.wc->masks.tunnel.metadata.tab = NULL;
7214 ctx.wc->masks.tunnel.flags |= FLOW_TNL_F_UDPIF;
7215 } else if (!xin->upcall_flow->tunnel.metadata.tab) {
7216 /* If we didn't have options in UDPIF format and didn't have an existing
7217 * metadata table, then it means that there were no options at all when
7218 * we started processing and any wildcards we picked up were from
7219 * action generation. Without options on the incoming packet, wildcards
7220 * aren't meaningful. To avoid them possibly getting misinterpreted,
7221 * just clear everything. */
7222 if (ctx.wc->masks.tunnel.metadata.present.map) {
7223 memset(&ctx.wc->masks.tunnel.metadata, 0,
7224 sizeof ctx.wc->masks.tunnel.metadata);
7225 } else {
7226 ctx.wc->masks.tunnel.metadata.tab = NULL;
7227 }
7228 }
7229
c0e638aa 7230 xlate_wc_finish(&ctx);
1520ef4f
BP		 7231
7232exit:
8d8ab6c2
JG		 7233 /* Reset the table to what it was when we came in. If we only fetched
7234 * it locally, then it has no meaning outside of flow translation. */
7235 flow->tunnel.metadata.tab = xin->upcall_flow->tunnel.metadata.tab;
7236
1520ef4f
BP		 7237 ofpbuf_uninit(&ctx.stack);
7238 ofpbuf_uninit(&ctx.action_set);
1d361a81 7239 ofpbuf_uninit(&ctx.frozen_actions);
1520ef4f 7240 ofpbuf_uninit(&scratch_actions);
1fc11c59 7241 ofpbuf_delete(ctx.encap_data);
fff1b9c0
JR		 7242
7243 /* Make sure we return a "drop flow" in case of an error. */
7244 if (ctx.error) {
7245 xout->slow = 0;
7246 if (xin->odp_actions) {
7247 ofpbuf_clear(xin->odp_actions);
7248 }
7249 }
7250 return ctx.error;
91d6cd12
AW		 7251}
7252
77ab5fd2
BP		 7253enum ofperr
7254xlate_resume(struct ofproto_dpif *ofproto,
7255 const struct ofputil_packet_in_private *pin,
7256 struct ofpbuf *odp_actions,
7257 enum slow_path_reason *slow)
7258{
7259 struct dp_packet packet;
4d617a87
BP		 7260 dp_packet_use_const(&packet, pin->base.packet,
7261 pin->base.packet_len);
77ab5fd2
BP		 7262
7263 struct flow flow;
7264 flow_extract(&packet, &flow);
7265
7266 struct xlate_in xin;
1f4a8933
JR		 7267 xlate_in_init(&xin, ofproto, ofproto_dpif_get_tables_version(ofproto),
7268 &flow, 0, NULL, ntohs(flow.tcp_flags),
77ab5fd2
BP		 7269 &packet, NULL, odp_actions);
7270
7271 struct ofpact_note noop;
7272 ofpact_init_NOTE(&noop);
7273 noop.length = 0;
7274
7275 bool any_actions = pin->actions_len > 0;
7276 struct frozen_state state = {
7277 .table_id = 0, /* Not the table where NXAST_PAUSE was executed. */
7278 .ofproto_uuid = pin->bridge,
7279 .stack = pin->stack,
84cf3c1f 7280 .stack_size = pin->stack_size,
77ab5fd2
BP		 7281 .mirrors = pin->mirrors,
7282 .conntracked = pin->conntracked,
7283
7284 /* When there are no actions, xlate_actions() will search the flow
7285 * table. We don't want it to do that (we want it to resume), so
7286 * supply a no-op action if there aren't any.
7287 *
7288 * (We can't necessarily avoid translating actions entirely if there
7289 * aren't any actions, because there might be some finishing-up to do
7290 * at the end of the pipeline, and we don't check for those
7291 * conditions.) */
7292 .ofpacts = any_actions ? pin->actions : &noop.ofpact,
7293 .ofpacts_len = any_actions ? pin->actions_len : sizeof noop,
7294
7295 .action_set = pin->action_set,
7296 .action_set_len = pin->action_set_len,
7297 };
7298 frozen_metadata_from_flow(&state.metadata,
4d617a87 7299 &pin->base.flow_metadata.flow);
77ab5fd2
BP		 7300 xin.frozen_state = &state;
7301
7302 struct xlate_out xout;
7303 enum xlate_error error = xlate_actions(&xin, &xout);
7304 *slow = xout.slow;
7305 xlate_out_uninit(&xout);
7306
7307 /* xlate_actions() can generate a number of errors, but only
7308 * XLATE_BRIDGE_NOT_FOUND really stands out to me as one that we should be
7309 * sure to report over OpenFlow. The others could come up in packet-outs
7310 * or regular flow translation and I don't think that it's going to be too
7311 * useful to report them to the controller. */
7312 return error == XLATE_BRIDGE_NOT_FOUND ? OFPERR_NXR_STALE : 0;
7313}
7314
2eb79142
JG		 7315/* Sends 'packet' out 'ofport'. If 'port' is a tunnel and that tunnel type
7316 * supports a notion of an OAM flag, sets it if 'oam' is true.
91d6cd12
AW		 7317 * May modify 'packet'.
7318 * Returns 0 if successful, otherwise a positive errno value. */
7319int
2eb79142
JG		 7320xlate_send_packet(const struct ofport_dpif *ofport, bool oam,
7321 struct dp_packet *packet)
91d6cd12 7322{
84f0f298 7323 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
91d6cd12 7324 struct xport *xport;
2eb79142
JG		 7325 uint64_t ofpacts_stub[1024 / 8];
7326 struct ofpbuf ofpacts;
91d6cd12 7327 struct flow flow;
91d6cd12 7328
2eb79142 7329 ofpbuf_use_stack(&ofpacts, ofpacts_stub, sizeof ofpacts_stub);
91d6cd12 7330 /* Use OFPP_NONE as the in_port to avoid special packet processing. */
cf62fa4c 7331 flow_extract(packet, &flow);
b5e7e61a 7332 flow.in_port.ofp_port = OFPP_NONE;
91d6cd12 7333
84f0f298 7334 xport = xport_lookup(xcfg, ofport);
91d6cd12 7335 if (!xport) {
02ea2703 7336 return EINVAL;
91d6cd12 7337 }
2eb79142
JG		 7338
7339 if (oam) {
71f21279
BP		 7340 const ovs_be16 flag = htons(NX_TUN_FLAG_OAM);
7341 ofpact_put_set_field(&ofpacts, mf_from_id(MFF_TUN_FLAGS),
7342 &flag, &flag);
2eb79142
JG		 7343 }
7344
7345 ofpact_put_OUTPUT(&ofpacts)->port = xport->ofp_port;
e491a67a 7346
1f4a8933
JR		 7347 /* Actions here are not referring to anything versionable (flow tables or
7348 * groups) so we don't need to worry about the version here. */
7349 return ofproto_dpif_execute_actions(xport->xbridge->ofproto,
7350 OVS_VERSION_MAX, &flow, NULL,
2eb79142 7351 ofpacts.data, ofpacts.size, packet);
9583bc14 7352}
b256dc52 7353
901a517e 7354void
064799a1
JR		 7355xlate_mac_learning_update(const struct ofproto_dpif *ofproto,
7356 ofp_port_t in_port, struct eth_addr dl_src,
7357 int vlan, bool is_grat_arp)
b256dc52 7358{
84f0f298 7359 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
b256dc52
JS		 7360 struct xbridge *xbridge;
7361 struct xbundle *xbundle;
b256dc52 7362
84f0f298 7363 xbridge = xbridge_lookup(xcfg, ofproto);
b256dc52
JS		 7364 if (!xbridge) {
7365 return;
7366 }
7367
2d9b49dd 7368 xbundle = lookup_input_bundle__(xbridge, in_port, NULL);
b256dc52
JS		 7369 if (!xbundle) {
7370 return;
7371 }
7372
2d9b49dd 7373 update_learning_table__(xbridge, xbundle, dl_src, vlan, is_grat_arp);
b256dc52 7374}
bef503e8 7375
88186383
AZ		 7376void
7377xlate_set_support(const struct ofproto_dpif *ofproto,
7378 const struct dpif_backer_support *support)
7379{
7380 struct xlate_cfg *xcfg = ovsrcu_get(struct xlate_cfg *, &xcfgp);
7381 struct xbridge *xbridge = xbridge_lookup(xcfg, ofproto);
7382
7383 if (xbridge) {
7384 xbridge->support = *support;
7385 }
7386}
openvswitch packages for PVE